fix(pull-sdlc): validate worktree marker; keep self-update out of main#181
Merged
Conversation
Two distinct bugs surfaced together when running Pull-SDLC.ai.ps1 against a consumer repo whose .worktrees/sdlc-sync/ had been left behind by a different (or now-deleted) repo. 1. Stale worktree marker treated as reusable. Invoke-AutoWorktreeSync reused any directory that contained a .git FILE, but the file's `gitdir:` target could belong to a foreign repo. Every subsequent git call inside then failed with`fatal: not a git repository: (NULL)`. Now validate by running `git rev-parse --git-common-dir` inside the worktree and comparing against this repo's common-dir; if they don't match, the directory is discarded (`git worktree remove --force` + `prune` + filesystem rm) before creating a fresh worktree. 2. Self-update silently dirtied the consumer's protected branch. Invoke-SelfRefresh used Move-Item to overwrite the on-disk script with upstream content -- on `main`. The working tree then carried `Pull-SDLC.ai.ps1` as modified until the sync PR merged and the user pulled, and any local edits were silently destroyed. Now the function returns the temp-file path (string) instead of bool + in-place replace; Invoke-SelfRefreshGate forwards that temp path to Invoke-SelfReExec, which deletes the temp after the child exits. Upstream content reaches the on-disk script through the normal worktree-sync PR -- never through working-tree overwrites. Both fixes are covered by behavior-first tests; existing self-refresh and auto-worktree tests updated for the new bool->string contract. Closes #180 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Two distinct bugs surfaced together when running
Pull-SDLC.ai.ps1against a consumer repo whose.worktrees/sdlc-sync/had been left behind by a different (or now-deleted) repo. Both are fixed here with behavior-first tests.Bug 1 -- stale worktree marker treated as reusable
Invoke-AutoWorktreeSyncreused any directory that contained a.gitfile, but the file'sgitdir:target could belong to a foreign repo (or be deleted). Every subsequent git call inside the directory then failed withfatal: not a git repository: (NULL).Fix. Validate by running
git rev-parse --git-common-dirinside the worktree and compare against this repo's common-dir; if they don't match, the directory is discarded (git worktree remove --force+prune+ filesystemRemove-Item) before creating a fresh worktree.Bug 2 -- self-update silently dirtied the consumer's protected branch
Invoke-SelfRefreshusedMove-Itemto overwrite the on-disk script with upstream content -- onmain. The working tree then carriedPull-SDLC.ai.ps1as modified until the sync PR merged and the user pulled, and any local edits were silently destroyed.Fix. The function now returns the temp-file path (string) instead of bool + in-place replace.
Invoke-SelfRefreshGateforwards that temp path toInvoke-SelfReExec, which deletes the temp after the child exits. Upstream content reaches the on-disk script through the normal worktree-sync PR -- never through working-tree overwrites.Tests
Invoke-PullSDLC auto-worktree mode-> "recovers from a stale worktree marker pointing to a foreign / deleted gitdir (issue fix(pull-sdlc): stale worktree marker + self-update dirties consumer main #180)" -- reproduces the PSBitWarden symptom and asserts the worktree's--git-common-dirmatches this repo's after recovery.Invoke-SelfRefresh-> "returns a temp file path and does NOT overwrite the local file when remote hash differs (issue fix(pull-sdlc): stale worktree marker + self-update dirties consumer main #180)" -- proves the on-disk script is preserved.Invoke-SelfRefreshGate (issue #110)-> "passes the temp-file path (not the on-disk ScriptPath) to Invoke-SelfReExec (issue fix(pull-sdlc): stale worktree marker + self-update dirties consumer main #180)".[string]contract.Full suite: 189 passed, 0 failed.
Manual verification against PSBitWarden
Before the fix:
After the fix (same
.worktrees/sdlc-sync/.gitpointing to BitwardenCleaner's gitdir):(The run then surfaced a separate, legitimate policy violation about a local edit to
tasks/README.md.template-- unrelated to this fix.)Closes #180