Protect machine-managed memory blocks from agent edits.
The onboarding flow writes the user's preferred name into the user AGENTS.md
inside a marker-delimited block (see onboarding.ONBOARDING_NAME_MEMORY_START /
ONBOARDING_NAME_MEMORY_END). MemoryMiddleware strips HTML comments before
injecting memory, so the model never sees those markers and has no way to know
the region is off-limits. Since the same prompt tells the model to edit_file
that file to persist learnings, nothing stops it from rewriting the managed
block.
This middleware intercepts write_file/edit_file calls targeting the guarded
file(s). When a call would change or remove the managed block, the model's other
edits are kept (though surrounding whitespace may be normalized, and a fully
removed block is re-appended rather than restored in place) while the managed
block is restored, and an error is returned so the model learns the region is
machine-managed. When the block was altered but the restore could not be
completed, an error is still returned so the failure is never silent.
Return the managed onboarding name block (markers included) if present.
Remove every onboarding-name marker occurrence from text.
A partial edit can leave a lone start or end marker behind. Stripping all
marker strings before re-inserting the managed block keeps re-insertion from
producing orphaned markers that would confuse extract_onboarding_name_block.
