Add git commit hash to /version endpoint response

[tcsenpai]

Summary

Enhanced the /version endpoint to return structured JSON with both version and git commit information, improving deployment tracking and verification capabilities.

Key Changes

• API Response Format: Changed /version endpoint response from plain text string to JSON object containing version and commit fields
• Commit Hash Tracking: Added commitHash property to SharedState that captures the git commit hash of the running binary at boot time
• New Module: Introduced nodeVersion utility module to resolve git commit information from .git/HEAD or GIT_COMMIT environment variable
• Version Bump: Updated APP_VERSION from "0.9.8" to "0.9.9 RC"

Implementation Details

• The commit hash is resolved once at application startup and stored in SharedState.commitHash
• The commit value can be null if unresolvable (e.g., stripped Docker images without .git/ directory and no GIT_COMMIT build argument)
• The /version endpoint now returns a JSON object with the structure:

  {
    "version": "0.9.9 RC",
    "commit": "<git-hash-or-null>"
  }

• This enables deployment verification and tamper detection by confirming the exact running revision

https://claude.ai/code/session_015ZdtuWdzFZWLTj6URHsG9h

Summary by CodeRabbit

• New Features

  • Version endpoint now returns commit information alongside the version number.

• Chores

  • Updated application version to 0.9.9 RC.

[qodo-code-review]

Qodo reviews are paused for this user.

Troubleshooting steps vary by plan Learn more →

On a Teams plan?
Reviews resume once this user has a paid seat and their Git account is linked in Qodo.
Link Git account →

Using GitHub Enterprise Server, GitLab Self-Managed, or Bitbucket Data Center?
These require an Enterprise plan - Contact us
Contact us →

[coderabbitai]

Warning

Review limit reached

@tcsenpai, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 50 minutes and 17 seconds. Learn how PR review limits work.

Your organization has used up its prepaid credits, and credit purchases are no longer available. Enable the review add-on in the billing tab to keep reviews running — you're only billed for reviews past your plan's rate limits ($0.25/file).

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based credits.

🚦 How do rate limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan refill rate.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, the refill rate gradually slows as usage increases. The highest same-day bursts are limited more strictly.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: b8b6f289-078c-4e71-b787-218b7bcb4314

📥 Commits

Reviewing files that changed from the base of the PR and between c4e3420 and 5b970d2.

📒 Files selected for processing (1)

• src/libs/network/openapi-spec.json

Walkthrough

The /version HTTP endpoint response changes from a plain-text version string to a JSON object containing version and commit fields. SharedState gains a commitHash field sourced from NODE_VERSION.commit. The OpenAPI spec is updated to match the new response shape, and APP_VERSION is bumped to "0.9.9 RC".

Changes

Version Endpoint Commit Hash Exposure

Layer / File(s)	Summary
SharedState commitHash field src/utilities/sharedState.ts	Imports NODE_VERSION and adds the commitHash instance field initialized from NODE_VERSION.commit; documented as nullable when the commit cannot be resolved at boot.
/version route, OpenAPI spec, and version bump src/libs/network/server_rpc.ts, src/libs/network/openapi-spec.json, src/utilities/constants.ts	Route handler returns { version, commit } JSON object; OpenAPI GET /version 200 response updated from text/plain string to application/json object with version and nullable commit properties; APP_VERSION bumped to "0.9.9 RC".

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Poem

🐇 A version once whispered in plain text so bare,
Now carries a commit hash riding along in the air.
The rabbit hops forward to 0.9.9 RC,
With version and commit returned as JSON, you see!
Hop, hop — the spec and the state now agree. 🌿

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'Add git commit hash to /version endpoint response' directly and accurately describes the main change: enhancing the /version endpoint to include git commit hash in its response.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch claude/bold-hamilton-2l7v4f

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (1)

src/libs/network/openapi-spec.json (1)

128-139: ⚡ Quick win

Declare /version fields as required in the schema.

version and commit are always present at runtime (with commit possibly null), so marking them required improves generated client types and prevents optional-field drift.

Suggested diff

                                 "schema": {
                                     "type": "object",
                                     "properties": {
                                         "version": {
                                             "type": "string"
                                         },
                                         "commit": {
                                             "type": "string",
                                             "nullable": true,
                                             "description": "Git commit hash of the running binary, or null if unresolvable."
                                         }
-                                    }
+                                    },
+                                    "required": ["version", "commit"]
                                 }

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/libs/network/openapi-spec.json` around lines 128 - 139, The OpenAPI
schema for the `/version` endpoint response object does not explicitly mark the
version and commit properties as required. Add a "required" array to the object
schema (at the same level as the "properties" field) that includes both
"version" and "commit" to indicate these fields must always be present in the
response, even though commit may be null. This will ensure generated client
types properly reflect that these fields are always provided.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@src/libs/network/openapi-spec.json`:
- Around line 128-139: The OpenAPI schema for the `/version` endpoint response
object does not explicitly mark the version and commit properties as required.
Add a "required" array to the object schema (at the same level as the
"properties" field) that includes both "version" and "commit" to indicate these
fields must always be present in the response, even though commit may be null.
This will ensure generated client types properly reflect that these fields are
always provided.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 305e058f-1307-4596-8807-d79ae8a88e13

📥 Commits

Reviewing files that changed from the base of the PR and between de2fe40 and c4e3420.

📒 Files selected for processing (4)

• src/libs/network/openapi-spec.json
• src/libs/network/server_rpc.ts
• src/utilities/constants.ts
• src/utilities/sharedState.ts

[greptile-apps]

Greptile Summary

This PR enhances the /version endpoint to return a structured JSON object { version, commit } instead of a plain string, and introduces a new nodeVersion utility module that resolves git provenance (commit SHA, branch, dirty flag) once at startup from .git/HEAD with env-var fallbacks.

• New nodeVersion.ts module: Reads package.json and .git/HEAD at module evaluation time (frozen snapshot), with graceful null fallbacks and a GIT_COMMIT env-var override for stripped Docker images.
• SharedState.commitHash: Wired to NODE_VERSION.commit; exposed through the updated /version handler alongside the existing version string.
• OpenAPI spec + version bump: Response schema updated from text/plain to application/json with required: [\"version\"]; APP_VERSION bumped to \"0.9.9 RC\".

Confidence Score: 4/5

Safe to merge with one fix: findRepoRoot should start from import.meta.url rather than process.cwd() to match the reliability guarantee already built into the same file's package.json walker.

In production scenarios where the process CWD is not the repo root (the exact failure case the readPackageJson comment describes with dev.node2), findRepoRoot(process.cwd()) returns null immediately and every /version response reports commit: null. The rest of the change — endpoint shape, OpenAPI spec, SharedState wiring, version bump — is straightforward and correct.

src/utilities/nodeVersion.ts — specifically the findRepoRoot starting path.

Important Files Changed

Filename	Overview
src/utilities/nodeVersion.ts	New utility module that resolves build provenance at startup; findRepoRoot uses process.cwd() as its starting point while the co-located readPackageJson explicitly avoids CWD for reliability, leaving commit resolution silently broken in the same production scenarios the package-json path already handled.
src/utilities/sharedState.ts	Adds commitHash = NODE_VERSION.commit property; straightforward integration with clear comment explaining nullable semantics.
src/libs/network/server_rpc.ts	Changes /version handler from a plain-string response to a structured JSON object { version, commit }; clean and correct.
src/libs/network/openapi-spec.json	Updated /version response schema from text/plain string to application/json object with required: [version] and nullable commit; correctly reflects the new endpoint contract.
src/utilities/constants.ts	Version bump from 0.9.8 to 0.9.9 RC.

Sequence Diagram

%%{init: {'theme': 'neutral'}}%%
sequenceDiagram
    participant Boot as Module Evaluation (startup)
    participant NV as nodeVersion.ts
    participant FS as Filesystem (.git/HEAD)
    participant ENV as Environment (GIT_COMMIT)
    participant SS as SharedState
    participant Client as HTTP Client

    Boot->>NV: import NODE_VERSION
    NV->>ENV: check GIT_COMMIT env var
    alt GIT_COMMIT set and valid
        ENV-->>NV: commit SHA (validated hex)
    else no env var
        NV->>FS: findRepoRoot(process.cwd())
        FS-->>NV: repoRoot or null
        alt repoRoot found
            NV->>FS: read .git/HEAD
            FS-->>NV: ref or detached SHA
            NV->>FS: read ref file or packed-refs
            FS-->>NV: commit SHA
        else no repo
            NV-->>NV: "commit = null"
        end
    end
    NV-->>SS: NODE_VERSION.commit
    SS->>SS: "commitHash = NODE_VERSION.commit"
    Client->>+SS: GET /version
    SS-->>-Client: version and commit or null

Loading

%%{init: {'theme': 'base', 'themeVariables': {"darkMode": true, "background": "#0d1117", "primaryColor": "#21262d", "primaryTextColor": "#e6edf3", "primaryBorderColor": "#8b949e", "lineColor": "#8b949e", "textColor": "#e6edf3", "edgeLabelBackground": "#161b22", "actorBkg": "#21262d", "actorBorder": "#8b949e", "actorTextColor": "#e6edf3", "actorLineColor": "#8b949e", "signalColor": "#8b949e", "signalTextColor": "#e6edf3", "noteBkgColor": "#373320", "noteBorderColor": "#d4a72c", "noteTextColor": "#f0e6c0", "labelBoxBkgColor": "#21262d", "labelBoxBorderColor": "#8b949e", "labelTextColor": "#e6edf3", "loopTextColor": "#e6edf3", "activationBkgColor": "#30363d", "activationBorderColor": "#8b949e"}}}%%
sequenceDiagram
    participant Boot as Module Evaluation (startup)
    participant NV as nodeVersion.ts
    participant FS as Filesystem (.git/HEAD)
    participant ENV as Environment (GIT_COMMIT)
    participant SS as SharedState
    participant Client as HTTP Client

    Boot->>NV: import NODE_VERSION
    NV->>ENV: check GIT_COMMIT env var
    alt GIT_COMMIT set and valid
        ENV-->>NV: commit SHA (validated hex)
    else no env var
        NV->>FS: findRepoRoot(process.cwd())
        FS-->>NV: repoRoot or null
        alt repoRoot found
            NV->>FS: read .git/HEAD
            FS-->>NV: ref or detached SHA
            NV->>FS: read ref file or packed-refs
            FS-->>NV: commit SHA
        else no repo
            NV-->>NV: "commit = null"
        end
    end
    NV-->>SS: NODE_VERSION.commit
    SS->>SS: "commitHash = NODE_VERSION.commit"
    Client->>+SS: GET /version
    SS-->>-Client: version and commit or null

Loading

_{Reviews (2): Last reviewed commit: "Update src/libs/network/openapi-spec.jso..." | Re-trigger Greptile}