fix(git-sync): address PR #119 review (#1571)

Resolve the code-review findings from comment #1571 on PR #119.

Engine (packages/git-sync):
- Idempotent CREATE on retry: before createPage, look the page up in the
  live Docmost tree by (parentPageId, title) and ADOPT it instead of
  duplicating when a prior cycle created it but failed to persist the
  pageId back to disk. Only trust a COMPLETE tree for the lookup; fall
  back to createPage otherwise. Covered by new tests incl. a complete=false
  regression-lock.
- Route applyPullActions diagnostics through an injected logger instead of
  bare console (thread log from the cycle).
- Add a timeout to the git execFile chokepoint (runRaw) so a hung git
  subprocess cannot wedge a sync cycle.
- Translate remaining Russian code comments to English.
- Remove dead standalone-CLI code (parseArgs/PushParsedArgs,
  parseSettings/envSchema, loadSettingsOrExit + config-errors.ts) and the
  matching index exports/specs; keep the Settings type.
- Fix the dangling docs link in package.json.
- Add a schema-surface snapshot guard so any drift in the vendored
  document schema is a loud, must-review CI failure (+ provenance header).

Server (apps/server):
- Add a configurable watchdog timeout to the spawned git http-backend so a
  stalled push cannot hold the per-space lock forever
  (GIT_SYNC_BACKEND_TIMEOUT_MS).
- Close the in-process TOCTOU window in SpaceLockService.withSpaceLock by
  reserving the slot synchronously before acquire.
- Add tests: removePage git-sync provenance (both branches), ensureServable
  force-push-protection git configs, and the phase-B+ datasource methods.

Docs / build:
- AGENTS.md: list git-sync as the fifth workspace package and note the
  three schema mirrors; fix the dangling git-sync-plan.md backlog link.
- pnpm-lock.yaml: add the missing @docmost/git-sync workspace link so
  pnpm install --frozen-lockfile (CI default) succeeds.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
claude_code
2026-06-26 00:06:44 +03:00
committed by claude code agent 227
parent 52959de2f3
commit 28d2560dfd
31 changed files with 767 additions and 462 deletions
@@ -7,18 +7,33 @@
// `loadGitSync()` bridge (the ESM `@docmost/git-sync` package cannot be
// `require()`d under jest), so we mock that loader rather than the package.
import { mkdir } from 'node:fs/promises';
import { execFile } from 'node:child_process';
import { loadGitSync } from '../git-sync.loader';
jest.mock('node:fs/promises', () => ({
mkdir: jest.fn(async () => undefined),
}));
// ensureServable shells out via `promisify(execFile)`; mock execFile with a
// callback-style fn so promisify resolves. Each `git config <key> <value>` call
// is recorded so the four config writes (incl. the security-critical
// receive.denyNonFastForwards=true) can be asserted.
jest.mock('node:child_process', () => ({
execFile: jest.fn((_cmd: string, _args: string[], _opts: any, cb: any) =>
cb(null, { stdout: '', stderr: '' }),
),
}));
// Cheap VaultGit stub: records the path it was constructed with; no shell-out.
// Declared with a `mock`-prefixed name so jest allows referencing it inside the
// hoisted `jest.mock` factory below.
// `ensureRepo` is a resolved jest.fn so ensureServable can call it. Declared with
// a `mock`-prefixed name so jest allows referencing it inside the hoisted
// `jest.mock` factory below.
const mockVaultGit = jest
.fn()
.mockImplementation((path: string) => ({ path }));
.mockImplementation((path: string) => ({
path,
ensureRepo: jest.fn().mockResolvedValue(undefined),
}));
jest.mock('../git-sync.loader', () => ({
loadGitSync: jest.fn(async () => ({
@@ -32,6 +47,7 @@ import { VaultRegistryService } from './vault-registry.service';
type AnyMock = jest.Mock;
const mkdirMock = mkdir as unknown as AnyMock;
const execFileMock = execFile as unknown as AnyMock;
const VaultGitMock = mockVaultGit;
void loadGitSync;
@@ -78,4 +94,52 @@ describe('VaultRegistryService', () => {
});
});
});
describe('ensureServable', () => {
it('ensures the repo then writes the four force-push-protection git configs', async () => {
const { service } = build('/vaults');
const path = await service.ensureServable('space-1');
expect(path).toBe('/vaults/space-1');
// ensureRepo ran first on the cached vault.
const vault = await service.getVault('space-1');
expect((vault as any).ensureRepo).toHaveBeenCalledTimes(1);
// Collect every `git config <key> <value>` write.
const configWrites = execFileMock.mock.calls
.filter(([cmd, args]) => cmd === 'git' && args[0] === 'config')
.map(([, args]) => [args[1], args[2]]);
expect(configWrites).toEqual([
['receive.denyCurrentBranch', 'updateInstead'],
// Security-critical: blocks force-push / history rewrites on main.
['receive.denyNonFastForwards', 'true'],
['http.receivepack', 'true'],
['http.uploadpack', 'true'],
]);
// Every config write targets THIS vault's cwd.
for (const [cmd, args, opts] of execFileMock.mock.calls) {
if (cmd === 'git' && args[0] === 'config') {
expect(opts.cwd).toBe('/vaults/space-1');
}
}
});
it('rejects (and writes no git config) when ensureRepo rejects', async () => {
const { service } = build('/vaults');
const vault = await service.getVault('space-1');
(vault as any).ensureRepo.mockRejectedValueOnce(new Error('init failed'));
await expect(service.ensureServable('space-1')).rejects.toThrow(
'init failed',
);
const configWrites = execFileMock.mock.calls.filter(
([cmd, args]) => cmd === 'git' && args[0] === 'config',
);
expect(configWrites).toHaveLength(0);
});
});
});