fix: request_apply_commit resolves sha locally + rejects non-sha refs
This commit is contained in:
damocles
parent
5d27ae3048
commit
f8795dc029
6 changed files with 130 additions and 17 deletions
|
|
@ -12,9 +12,16 @@ happens after a decision lands.
|
|||
path, but `agent.nix` is the contract entry point) and commits
|
||||
with its own git identity.
|
||||
2. Manager submits the commit sha via `request_apply_commit(agent,
|
||||
commit_ref)`.
|
||||
commit_ref)`. `commit_ref` must be a commit **sha** (7-40 hex
|
||||
chars, short or full) — a branch or tag name is rejected so the
|
||||
approval pins an immutable commit.
|
||||
3. **hive-c0re immediately fetches that commit from the proposed
|
||||
repo into the applied repo and tags it `proposal/<id>`.** The
|
||||
repo into the applied repo and tags it `proposal/<id>`.** It
|
||||
resolves the sha locally against the proposed repo, fetches all
|
||||
of proposed's heads into applied's object db, then tags the
|
||||
resolved commit — `git fetch <remote> <sha>:<dst>` can't fetch
|
||||
by a bare sha (the left side of a refspec is a remote *ref
|
||||
name*), so the resolution happens on hive-c0re's side. The
|
||||
approval row stores both the manager-supplied sha and the
|
||||
canonical hive-c0re-vouched sha. From here on the proposed
|
||||
repo is irrelevant for this approval — the manager can amend,
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue