#22711: fix: post-compaction audit skips non-existent required files

## Summary Fixes #22674 — Post-compaction audit hardcodes `WORKFLOW_AUTO.md`, causing perpetual missing-file warnings in workspaces that don't use this file. Also addresses the root cause of #22629 (false "prompt injection" reports) — the injected messages were legitimate post-compaction audit warnings for files that don't exist. ## Root Cause `auditPostCompactionReads()` in `post-compaction-audit.ts` hardcoded `WORKFLOW_AUTO.md` in `DEFAULT_REQUIRED_READS`. After every compaction, the audit checked if the agent had read this file, found it missing (because most workspaces don't have it), and enqueued a system event warning. This created a loop: compaction → warning → agent reads non-existent file → ENOENT → next compaction → warning again. ## Fix 1. **Remove `WORKFLOW_AUTO.md` from `DEFAULT_REQUIRED_READS`** — it's not a standard file and was never documented as required. 2. **Gate string-based required reads on file existence** — new `resolveEffectiveRequiredReads()` filters string entries through `fs.existsSync()` before enforcement. Files that don't exist in the workspace are silently skipped. 3. **RegExp entries unaffected** — the daily memory pattern (`memory/YYYY-MM-DD.md`) still applies as before, matching against what the agent read rather than what exists on disk. ## Testing - All 16 existing + new tests pass - New tests cover: - String entries missing from disk are skipped (not enforced) - `WORKFLOW_AUTO.md` no longer in defaults - All-missing string entries → audit passes (nothing to enforce) - Existing files are still enforced correctly <!-- greptile_comment --> <h3>Greptile Summary</h3> Removes hardcoded `WORKFLOW_AUTO.md` from default required reads and adds file-existence checks to prevent perpetual warnings for non-existent files after compaction. **Key changes:** - Removed `WORKFLOW_AUTO.md` from `DEFAULT_REQUIRED_READS` constant - Added `resolveEffectiveRequiredReads()` function that filters string entries by checking `fs.existsSync()` before enforcement - RegExp patterns (e.g., daily memory files) continue to work as before, matching against what the agent actually read - Comprehensive test coverage for the new behavior, including edge cases for missing files and mixed string/RegExp patterns This fix prevents the issue where workspaces without `WORKFLOW_AUTO.md` would receive perpetual audit warnings after every compaction, which was also causing false "prompt injection" reports (#22629). <h3>Confidence Score: 5/5</h3> - This PR is safe to merge with minimal risk - The fix is well-designed with a clear separation of concerns (new `resolveEffectiveRequiredReads` function), comprehensive test coverage (16 tests covering all edge cases including file existence checks, RegExp handling, and mixed scenarios), and directly addresses the root cause described in the linked issues. The change is backwards-compatible and only affects the enforcement logic, not the detection logic. - No files require special attention _{Last reviewed commit: d61dde8} <!-- greptile_other_comments_section --> <!-- /greptile_comment -->