fix(git-sync): don't run a Docmost cycle on receive-pack info/refs (fixes deterministic push 503)

A git push is a two-request exchange: GET info/refs?service=git-receive-pack
(ref advertisement) then POST git-receive-pack (the pack). The git-HTTP host
classified BOTH as serviceKind 'write' and routed both through
ingestExternalPush, which takes the per-space lock and runs a FULL Docmost
reconcile cycle. So the read-only info/refs advertisement held the lock while a
cycle ran, and the client's immediately-following POST git-receive-pack collided
with that still-running cycle and got 503 — deterministically, every push (and
Obsidian Git's "scan" failed for the same reason, since it probes push
capability via the same receive-pack info/refs).

Fix: only the actual pack-receiving write (POST git-receive-pack) runs under the
lock + cycle. Everything else streams the http-backend directly with no lock and
no cycle — a fetch/clone (read) AND the write-AUTHORIZED but read-only
info/refs?service=git-receive-pack advertisement. Authz is unchanged (the gate
still requires write permission for receive-pack refs); only the side effect of
running a cycle on a read-only request is removed.

Verified end-to-end on a live stand: clone, then `git push` of a new file lands
the page in Docmost (was 503 on every push before). Regression test added.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
claude code agent 227
2026-06-26 03:21:19 +03:00
parent 4ce3346cee
commit 2f811a0aa8
2 changed files with 37 additions and 2 deletions

View File

@@ -251,8 +251,17 @@ export class GitHttpService {
// response directly to the socket (mirrors the MCP transport pattern).
reply.hijack();
if (serviceKind === 'read') {
// Fetch/clone: stream http-backend directly, no lock (read-only).
// Only the ACTUAL pack-receiving write (POST git-receive-pack) runs under the
// space lock + a Docmost cycle. Everything else streams the http-backend
// directly with NO lock and NO cycle: a fetch/clone (read), AND the
// write-AUTHORIZED but READ-ONLY ref advertisement
// (GET info/refs?service=git-receive-pack). Running a cycle on info/refs is
// both wasteful and HARMFUL — it holds the per-space lock, so the push's
// immediately-following POST git-receive-pack collides with it and 503s
// (a deterministic push failure). Authz already happened above via the gate.
const isReceivePack =
req.method === 'POST' && parsedPath.subpath === 'git-receive-pack';
if (serviceKind === 'read' || !isReceivePack) {
await this.backend.run(backendRequest, rawReq, rawRes);
return;
}