Centralize repository authority for Git helper launches#30896
Centralize repository authority for Git helper launches#30896bookholt-oai wants to merge 10 commits into
Conversation
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: e8e8178e3a
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| fn explicit_boolean(value: &[u8]) -> Option<bool> { | ||
| if value.eq_ignore_ascii_case(b"true") { | ||
| Some(true) | ||
| } else if value.eq_ignore_ascii_case(b"false") { | ||
| Some(false) | ||
| } else { | ||
| None |
There was a problem hiding this comment.
Parse all Git boolean spellings
When a common config uses Git's valid boolean spellings such as core.bare = yes or extensions.worktreeConfig = 0, this helper returns None because it only recognizes true/false ([Git config's bool type also accepts yes/on/numbers and no/off/0](https://git-scm.com/docs/git-config#Documentation/git-config.txt---typelt typegt)). In a linked worktree backed by a bare repository with core.bare = yes, inspect_plain_common_config_authority() returns Unproven, so GitRunner::for_cwd rejects otherwise valid operations with UnprovenPrimaryAuthority; please parse the full Git boolean grammar.
Useful? React with 👍 / 👎.
Why
Choosing a trusted Git executable is not enough if the repository or its Git metadata can change after the check. Rebuilding that trust separately for every child also made multi-step operations slow enough to time out on Windows.
Approach
Create one operation-scoped authority that records the worktree, Git metadata, linked-worktree registration, filesystem identity, and pinned native Git executable.
Build every Git child through that authority. Bind it to a canonical working directory, sanitize executable lookup, revalidate the active Git metadata immediately before launch, and reapply the local-only transport policy.
Reuse the same runner across multi-step operations such as merge-base resolution, while still rechecking metadata before every child. Never cache the runner across separate operations.
This PR is stacked on #30844. #30848 builds on it.
Testing
codex-git-utilstests passed.