fix(git-sync): address PR #119 review (#1571)

Resolve the code-review findings from comment #1571 on PR #119.

Engine (packages/git-sync):
- Idempotent CREATE on retry: before createPage, look the page up in the
  live Docmost tree by (parentPageId, title) and ADOPT it instead of
  duplicating when a prior cycle created it but failed to persist the
  pageId back to disk. Only trust a COMPLETE tree for the lookup; fall
  back to createPage otherwise. Covered by new tests incl. a complete=false
  regression-lock.
- Route applyPullActions diagnostics through an injected logger instead of
  bare console (thread log from the cycle).
- Add a timeout to the git execFile chokepoint (runRaw) so a hung git
  subprocess cannot wedge a sync cycle.
- Translate remaining Russian code comments to English.
- Remove dead standalone-CLI code (parseArgs/PushParsedArgs,
  parseSettings/envSchema, loadSettingsOrExit + config-errors.ts) and the
  matching index exports/specs; keep the Settings type.
- Fix the dangling docs link in package.json.
- Add a schema-surface snapshot guard so any drift in the vendored
  document schema is a loud, must-review CI failure (+ provenance header).

Server (apps/server):
- Add a configurable watchdog timeout to the spawned git http-backend so a
  stalled push cannot hold the per-space lock forever
  (GIT_SYNC_BACKEND_TIMEOUT_MS).
- Close the in-process TOCTOU window in SpaceLockService.withSpaceLock by
  reserving the slot synchronously before acquire.
- Add tests: removePage git-sync provenance (both branches), ensureServable
  force-push-protection git configs, and the phase-B+ datasource methods.

Docs / build:
- AGENTS.md: list git-sync as the fifth workspace package and note the
  three schema mirrors; fix the dangling git-sync-plan.md backlog link.
- pnpm-lock.yaml: add the missing @docmost/git-sync workspace link so
  pnpm install --frozen-lockfile (CI default) succeeds.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
claude_code
2026-06-26 00:06:44 +03:00
committed by claude code agent 227
parent 52959de2f3
commit 28d2560dfd
31 changed files with 767 additions and 462 deletions
@@ -38,6 +38,8 @@ function fakeChild() {
end: jest.fn(),
write: jest.fn(),
});
// The watchdog kills the child on timeout; capture the signal.
child.kill = jest.fn();
return child;
}
@@ -80,8 +82,13 @@ const baseRequest: GitHttpBackendRequest = {
remoteUser: 'alice@example.com',
};
function buildService() {
const env = { getGitSyncDataDir: jest.fn(() => '/vaults') };
function buildService(backendTimeoutMs = 120000) {
const env = {
getGitSyncDataDir: jest.fn(() => '/vaults'),
// The watchdog timeout for the spawned git http-backend. Tests inject a tiny
// value (or use fake timers) to drive the timeout branch.
getGitSyncBackendTimeoutMs: jest.fn(() => backendTimeoutMs),
};
return new GitHttpBackendService(env as any);
}
@@ -182,6 +189,56 @@ describe('GitHttpBackendService.run', () => {
await p;
});
it('(d) timeout: a child that never closes is killed and a 500 is sent', async () => {
// The child never emits stdout/close (a stalled git-receive-pack). With a
// tiny injected watchdog timeout the run() promise must still resolve: the
// child is killed and a clean 500 is sent (no headers were sent yet).
const child = fakeChild();
spawnMock.mockReturnValue(child);
const service = buildService(5); // 5ms watchdog
const res = fakeRes();
const warnSpy = jest.spyOn(Logger.prototype, 'warn');
// run() resolves only via the watchdog firing (no close/error emitted).
await service.run(baseRequest, fakeReq(), res);
expect(child.kill).toHaveBeenCalledWith('SIGTERM');
expect(warnSpy).toHaveBeenCalled();
expect(res.statusCode).toBe(500);
expect(res.end).toHaveBeenCalledWith('Internal server error');
});
it('(d) timeout watchdog is cleared on a normal close (no kill, no 500)', async () => {
// A normal request that completes well within the watchdog window must NOT be
// killed and must NOT trip the timeout 500 — the timer is cleared on close.
jest.useFakeTimers();
try {
const child = fakeChild();
spawnMock.mockReturnValue(child);
const service = buildService(120000);
const res = fakeRes();
const p = service.run(baseRequest, fakeReq(), res);
// loadGitSync resolves on a real microtask; advance it under fake timers.
await Promise.resolve();
await Promise.resolve();
child.stdout.emit(
'data',
Buffer.from('Status: 200 OK\r\nContent-Type: text/plain\r\n\r\nOK', 'utf8'),
);
child.emit('close', 0);
await p;
// The watchdog never fired even if we advance past its window.
jest.advanceTimersByTime(200000);
expect(child.kill).not.toHaveBeenCalled();
expect(res.statusCode).toBe(200);
} finally {
jest.useRealTimers();
}
});
it('spawn throwing synchronously -> 500 (spawn-failed)', async () => {
spawnMock.mockImplementation(() => {
throw new Error('spawn EACCES');