fix: remove lifecycle hook auto-sync#241
Merged
Merged
Conversation
|
🎉 This PR is included in version 3.18.1 🎉 The release is available on: Your semantic-release bot 📦🚀 |
Contributor
There was a problem hiding this comment.
Pull request overview
This PR removes the lifecycle-hook “auto-sync” behavior that performed an implicit git pull origin main, avoiding unapproved workspace mutation and reducing the security/integrity risk of remote-triggered changes during hook execution.
Changes:
- Removed the
git rev-parse/git log/git pullauto-sync blocks fromhooks/init.sh. - Removed the same auto-sync logic from
hooks/stop.sh. - Removed the same auto-sync logic from
hooks/verify-package.sh.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
| hooks/init.sh | Removes hook-time repo auto-sync so init runs without mutating the user workspace. |
| hooks/stop.sh | Removes hook-time repo auto-sync so stop flow avoids networked writes/merges. |
| hooks/verify-package.sh | Removes hook-time repo auto-sync so package verification stays deterministic/offline. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
4
to
6
|
|
||
| set -e | ||
|
|
Comment on lines
4
to
9
|
|
||
| set -e | ||
|
|
||
| # ── Auto-sync: pull latest plugin code before stop ── | ||
| if [ -z "${AUTORESEARCH_NO_SYNC:-}" ]; then | ||
| repo_root="$(git rev-parse --show-toplevel 2>/dev/null || true)" | ||
| if [ -n "$repo_root" ]; then | ||
| cd "$repo_root" || exit 1 | ||
| # Only sync if we have a valid git remote (skip temp/policy-test repos) | ||
| if git rev-parse --verify HEAD >/dev/null 2>&1 && git remote get-url origin >/dev/null 2>&1; then | ||
| sync_gap="$(git log --oneline HEAD..origin/main 2>/dev/null | wc -l | tr -d ' ' || true)" | ||
| if [ -n "$sync_gap" ] && [ "$sync_gap" -gt 0 ] 2>/dev/null; then | ||
| echo "[autoresearch-sync] $sync_gap commit(s) behind origin/main — pulling..." | ||
| git pull origin main >/dev/null 2>&1 || echo "[autoresearch-sync] WARN: git pull failed, continuing with local code" | ||
| fi | ||
| fi | ||
| fi | ||
| fi | ||
|
|
||
| STATUS_FILE="${AUTORESEARCH_STATE:-.autoresearch/state.json}" | ||
| WORKSPACE_ROOT="$(pwd -P)" | ||
|
|
|
|
||
| TMP_DIR="$(mktemp -d)" | ||
| trap 'rm -rf "$TMP_DIR"' EXIT | ||
|
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Motivation
git pull origin mainfrom the hook working directory which can mutate the user's workspace and violate the approval/authorship boundary.Description
git pull origin mainfromhooks/init.sh,hooks/stop.sh, andhooks/verify-package.sh.Testing
npm run typecheckandnpm run buildand both completed successfully.npm testwhich initially failed before building due to missingdistartifacts but passed afternpm run build, resulting in all tests passing.npm run verify:packwhich initially failed whendistfiles were absent and succeeded after building, and a repository-wide search confirms no remainingautoresearch-sync/git pullcode remains inhooksor.opencode-plugin.Codex Task