Persist Codex priority scan cursors across launches

[steipete]

Summary

• persist Codex priority-turn row cursor state across app and CLI launches
• invalidate persisted state for forced rescans and keep Linux/no-SQLite builds portable
• preserve monotonic in-process updates and parser-key stale-cache rejection
• add the unreleased changelog entry with contributor credit

Supersedes #1421 because its fork branch does not allow maintainer edits.

Proof

• swift test --filter CostUsage (200 tests)
• make check
• structured autoreview: clean, no accepted/actionable findings (0.86 confidence)

[clawsweeper]

Codex review: needs maintainer review before merge. Reviewed June 11, 2026, 11:55 AM ET / 15:55 UTC.

Summary
Review failed before ClawSweeper could summarize the requested change.

Reproducibility: unclear. The review failed before ClawSweeper could establish a reproduction path.

Review metrics: none identified.

Merge readiness
Overall: 🌊 off-meta tidepool
Proof: 🌊 off-meta tidepool
Patch quality: 🌊 off-meta tidepool
Result: rating does not apply to this item.

Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch.

Risk before merge

• [P1] No close action taken because the review did not complete.

Maintainer options:

1. Decide the mitigation before merge
   Retry the Codex review after fixing the execution failure.
2. Pause or close
   Do not merge this PR until maintainers decide whether the risk is worth taking.

Next step before merge

• Review did not complete, so no work-lane recommendation was made.

Review details

Best possible solution:

Retry the Codex review after fixing the execution failure.

Do we have a high-confidence way to reproduce the issue?

Unclear. The review failed before ClawSweeper could establish a reproduction path.

Is this the best way to solve the issue?

Unclear. Retry the review first so ClawSweeper can evaluate the actual issue and fix direction.

AGENTS.md: unclear because the file could not be read completely.

Codex review notes: model internal, reasoning high; reviewed against 88c43eeb8485.

Label changes

Label changes:

• remove P2: Current review triage priority is none.
• remove merge-risk: 🚨 compatibility: Current PR review selected no merge-risk labels.

Label justifications:

• rating: 🌊 off-meta tidepool: Overall readiness is 🌊 off-meta tidepool; proof is 🌊 off-meta tidepool and patch quality is 🌊 off-meta tidepool.

Evidence reviewed

What I checked:

• failure reason: retryable codex transport failure.
• codex failure detail: Codex review failed for this PR with exit 1.
• codex stderr: /signing stays in Scripts/sign-and-notarize.sh, and validation steps live in docs/RELEASING.md.

Likely related people:

• unknown: Codex failed before it could trace repository history. (role: review did not complete; confidence: low)

What the crustacean ranks mean

• 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
• 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
• 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
• 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
• 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
• 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
• 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

[steipete]

Rebased onto current main and revalidated exact head 407ab5233a5aa265db61f0c130096559e402ef01.

Proof:

• swift test --filter 'CostUsageScannerCodexPriorityTests|CostUsageScannerPriorityTests' — 37 tests passed
• make check — clean
• autoreview --mode branch --base origin/main — clean, no actionable findings

[steipete]

Updated the PR head to dd5878ea8a33c82ba1bfe8be08576f033ff664cd.

• rebased onto current main
• fixed the review blocker by scoping persisted-memo loading to each resolved cache artifact rather than one process-global loaded flag
• added a regression covering two distinct cache roots in one process
• refreshed the generated Codex parser hash
• swift test --filter 'CostUsageScannerCodexPriorityTests|CostUsageScannerPriorityTests': 38 passed
• make check: clean
• structured autoreview: clean, no actionable findings (0.84 confidence)

Fresh exact-head CI is now running.

[steipete]

Rebased on current main (88c43eeb) and pushed head 4e308bb4.

Proof:

• swift test --filter CostUsageScannerCodexPriorityTests: 23 tests passed
• swift test --filter CostUsageScannerPriorityTests: 15 tests passed
• make check: passed, parser hash current (03a19db2b09e9573), 0 lint violations
• autoreview: clean, confidence 0.86
• diff check: clean

Coverage includes simulated relaunch, incremental cursor resume, stale/corrupt artifact rejection, independent cache roots, and forced-rescan invalidation.

[steipete]

Closing this replacement as no longer justified after #1430 landed.

#1430 explicitly superseded the priority-cursor persistence stack with a smaller measured fix: 6.74s warm expired refresh versus 20.22s for the persisted stack, with no extra artifact or retained cursor state. Fresh review also found the replacement still serializes the process-global memo snapshot into the currently selected cache root, so multiple cache roots can copy unrelated database-path metadata into each other's artifacts.

The original contributor investigation and credit remain preserved in #1430 and commit dd8cf8b06ebb761cd850f194bd2d8e8aeffffc4d. No further persistence work is needed unless new profiling shows the SQLite priority scan is again a dominant cost.