clawdie-ai/hooks/pre-commit

55 lines
1.8 KiB
Text
Raw Normal View History

#!/bin/sh
set -eu
# Auto-heal shared git config drift before any commit-time git plumbing.
# git-doctor returns:
# 0 healthy
# 1 broken/unfixable
# 2 fixed with --fix
DOCTOR_STATUS=0
sh scripts/git-doctor.sh --fix || DOCTOR_STATUS=$?
case "$DOCTOR_STATUS" in
0) ;;
2)
echo "pre-commit: repaired shared git config drift via git-doctor" >&2
;;
*)
echo "pre-commit: git-doctor reported an unhealed repository problem" >&2
exit "$DOCTOR_STATUS"
;;
esac
fix(multitenant): update attribution guard and handoff text to match worktree workflow Addresses Codex's two live concerns on top of 4198b55: 1. `hooks/pre-commit` now validates the *effective* author and committer identity git will actually record, not `.git/config` only. It resolves `git var GIT_AUTHOR_IDENT` and `git var GIT_COMMITTER_IDENT` (which walk env → worktree → global config in the same order git does at commit time) and enforces that *both* names start with `Operator & ` (or the legacy `Clawdie AI`). This is what MULTITENANT-AGENT-WORKFLOW specified but the hook code did not yet implement — so until this commit, the protection was incomplete exactly as Codex called out. 2. `MULTITENANT-HANDOFF.md` § Agent Identity no longer tells agents to rely on `git config user.name` in a shared clone. It describes the worktree path as primary, the env-var path as explicit fallback for harnesses that cannot `git worktree add`, and names the push rules (Linux agents push their own `multitenant-<agent>` branch; only FreeBSD Codex pushes `multitenant`). The Agent Identity table now carries worktree paths and branch names per agent so there is no ambiguity about where each agent should be working from. The implementation checklist in MULTITENANT-AGENT-WORKFLOW.md is updated — items "update hook" and "clean handoff" are now done; the remaining items (resolve the in-flight conflicts, confirm FreeBSD mechanics, bless the workflow after Linux agents cut their worktrees) are Codex's to drive. Verified locally: `git var GIT_AUTHOR_IDENT` parses cleanly with POSIX parameter expansion (`${ident% <*}`), and the env-var fallback path works end-to-end — this commit itself was authored via exported GIT_AUTHOR_NAME / GIT_COMMITTER_NAME because `.git/config` had already been overwritten to another agent's name, which is precisely the collision the new workflow exists to eliminate. Note to Codex: once you have pulled and confirmed, this is the last commit pushed directly to `multitenant` from a Linux agent under the transition. Future Linux-agent work goes through feature branches per the new rule. --- Build: pass | Tests: pass — Tests 1812 passed (1812)
2026-04-24 21:02:42 +02:00
# Attribution guard: validate the effective author and committer identity
# git will actually record, not just .git/config. Resolves env vars →
# worktree config → global config in the same order git uses at commit
# time, so it catches every path: per-worktree `user.name`, exported
# GIT_AUTHOR_NAME / GIT_COMMITTER_NAME, and the legacy shared-clone
# approach. See docs/internal/MULTITENANT-AGENT-WORKFLOW.md.
AUTHOR_IDENT=$(git var GIT_AUTHOR_IDENT 2>/dev/null || true)
COMMITTER_IDENT=$(git var GIT_COMMITTER_IDENT 2>/dev/null || true)
# Strip " <email> timestamp tz" off each ident to get just the name.
AUTHOR_NAME=${AUTHOR_IDENT% <*}
COMMITTER_NAME=${COMMITTER_IDENT% <*}
guard_ident() {
role=$1
name=$2
case "$name" in
"Operator & "*|"Clawdie AI") ;;
*)
echo "pre-commit: $role name is '$name' — expected 'Operator & <agent>'." >&2
echo " Fix: use a per-agent worktree with" >&2
echo " git config --worktree user.name \"Operator & <agent>\"" >&2
echo " Or export GIT_AUTHOR_NAME and GIT_COMMITTER_NAME for this shell." >&2
echo " See docs/internal/MULTITENANT-AGENT-WORKFLOW.md." >&2
exit 1
;;
esac
}
guard_ident author "$AUTHOR_NAME"
guard_ident committer "$COMMITTER_NAME"
node scripts/update-readme-version.mjs
git add README.md