fix(offload): prevent branch/config bleeding and restore missing rsync logic

.gemini/skills/offload/scripts/orchestrator.ts

@@ -46,16 +46,36 @@ export async function runOrchestrator(args: string[], env: NodeJS.ProcessEnv = p
   const remotePolicyPath = `~/.gemini/policies/offload-policy.toml`;
   const persistentScripts = `~/.offload/scripts`;
   const sessionName = `offload-${prNumber}-${action}`;
-  const remoteWorktreeDir = `~/dev/worktrees/offload-${prNumber}-${action}`;
+  const remoteWorktreeDir = `~/dev/worktrees/${sessionName}`;
 
   // 3. Remote Context Setup (Parallel Worktree)
-  console.log(`🚀 Provisioning persistent worktree for ${action} on PR #${prNumber}...`);
-  const setupCmd = `
-    mkdir -p ~/dev/worktrees && \
-    cd ${remoteWorkDir} && \
-    git fetch upstream pull/${prNumber}/head && \
-    git worktree add -f ${remoteWorktreeDir} FETCH_HEAD
-  `;
+  console.log(`🚀 Provisioning persistent worktree for ${action} on #${prNumber}...`);
+  
+  let setupCmd = '';
+  if (action === 'implement') {
+      // FIX: Always use explicit base (upstream/main) to prevent Branch Bleeding
+      const branchName = `impl-${prNumber}`;
+      setupCmd = `
+        mkdir -p ~/dev/worktrees && \
+        cd ${remoteWorkDir} && \
+        git fetch upstream main && \
+        git worktree add -f -b ${branchName} ${remoteWorktreeDir} upstream/main
+      `;
+  } else {
+      // For PR-based actions, we fetch the PR head
+      setupCmd = `
+        mkdir -p ~/dev/worktrees && \
+        cd ${remoteWorkDir} && \
+        git fetch upstream pull/${prNumber}/head && \
+        git worktree add -f ${remoteWorktreeDir} FETCH_HEAD
+      `;
+  }
+
+  // Wrap in docker exec if needed
+  if (useContainer) {
+    setupCmd = `docker exec maintainer-worker sh -c ${q(setupCmd)}`;
+  }
+
   spawnSync(`ssh ${remoteHost} ${q(setupCmd)}`, { shell: true, stdio: 'inherit' });
 
   // 4. Execution Logic (Persistent Workstation Mode)

.gemini/skills/offload/scripts/setup.ts

@@ -115,11 +115,31 @@ Host ${sshAlias}
       userFork = `${user}/gemini-cli`;
   }
   
-  console.log(`   👉 Target fork: ${userFork}`);
+  console.log(`   ✅ Target fork: ${userFork}`);
 
-  // ... (Resolve Paths unchanged)
+  // Resolve Paths (Simplified with Tilde)
+  const remoteHost = sshAlias;
+  const remoteWorkDir = `~/dev/main`;
+  const persistentScripts = `~/.offload/scripts`;
 
-  // 4. Scoped Token Onboarding
+  console.log(`\n📦 Performing One-Time Synchronization...`);
+  spawnSync(`ssh ${remoteHost} "mkdir -p ${remoteWorkDir} ~/.gemini/policies ${persistentScripts}"`, { shell: true });
+
+  const rsyncBase = `rsync -avz -e "ssh" --exclude=".gemini/settings.json"`;
+
+  // 2. Sync Scripts & Policies
+  console.log('   - Pushing offload logic to persistent worker directory...');
+  spawnSync(`${rsyncBase} --delete .gemini/skills/offload/scripts/ ${remoteHost}:${persistentScripts}/`, { shell: true });
+  spawnSync(`${rsyncBase} .gemini/skills/offload/policy.toml ${remoteHost}:~/.gemini/policies/offload-policy.toml`, { shell: true });
+
+  // 3. Sync Auth (Gemini)
+  if (await confirm('Sync Gemini accounts credentials?')) {
+    const homeDir = env.HOME || '';
+    const lp = path.join(homeDir, '.gemini/google_accounts.json');
+    if (fs.existsSync(lp)) {
+      spawnSync(`${rsyncBase} ${lp} ${remoteHost}:~/.gemini/google_accounts.json`, { shell: true });
+    }
+  }
   if (await confirm('Generate a scoped, secure token for the autonomous agent? (Recommended)')) {
     const magicLink = `https://github.com/settings/tokens/beta/new?description=Offload-${env.USER}&repositories[]=${encodeURIComponent(upstreamRepo)}&repositories[]=${encodeURIComponent(userFork)}&permissions[contents]=write&permissions[pull_requests]=write&permissions[metadata]=read`;