feat(miner-governor): freeze/snapshot mechanism for historical replay targets (#3010)#5113
Conversation
Deploying with
|
| Status | Name | Latest Commit | Preview URL | Updated (UTC) |
|---|---|---|---|---|
| ✅ Deployment successful! View logs |
gittensory-ui | fd6aac9 | Commit Preview URL Branch Preview URL |
Jul 11 2026, 04:45 PM |
|
Superagent didn't find any vulnerabilities or security issues in this PR. |
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #5113 +/- ##
=======================================
Coverage 94.32% 94.32%
=======================================
Files 471 471
Lines 39821 39821
Branches 14533 14533
=======================================
Hits 37560 37560
Misses 1583 1583
Partials 678 678
Flags with carried forward coverage won't be shown. Click here to find out more. 🚀 New features to boost your workflow:
|
|
Tip 🟩🟩🟩🟩🟩🟩🟩🟩🟩🟩🟩🟩 ✅ Gittensory review result - approve/merge recommendedReview updated: 2026-07-11 16:46:14 UTC
✅ Suggested Action - Approve/Merge
Review summary Blockers
Nits — 6 non-blocking
Review context
Contributor next steps
Signal definitions
[BETA] Chat with GittensoryAsk Gittensory a question about this PR directly in a comment — grounded only in the same cached, public-safe facts shown above, never a new claim.
Full command reference: https://gittensory.aethereal.dev/docs/gittensory-commands 🟩 Safe / merged · 🟦 Advisory · 🟨 Held for review · 🟥 Blocked / closed 💰 Earn for open-source contributions like this. Gittensor lets GitHub contributors earn for the work they already do — register to start earning →. Checked by Gittensory, a quiet PR intelligence layer for OSS maintainers.
|
|
An AI reviewer flagged a likely defect, but its confidence was below this repository's configured close-confidence floor, so this is held for a maintainer to confirm instead of closing automatically. Resolve the flagged defect (see the review notes), or ask a maintainer to override. |
e97dcdd to
6178578
Compare
… targets (#3010) Adds exportReplaySnapshot: given a repo and commit T, produces a detached git-worktree checkout at T (never mutates the caller's own checkout/branch) plus a context bundle (commit history up to and including T by ancestry, tags reachable from T, and the README as it existed at T, matched case-insensitively via git ls-tree rather than a guessed filename list). Fail-fast validation: every exported commit's and tag's date is checked against T's own commit date, since ancestry-walking excludes unreachable commits by construction but does not guarantee dates are monotonic (a tag can be created long after the commit it points to; committer dates aren't strictly increasing along the DAG in general). Persistence is commit-keyed (UNIQUE on repo_full_name, commit_sha) in the local store -- re-exporting the same (repo, T) pair returns the cached row rather than re-running git, which is both how "byte- reproducible" holds trivially and avoids redundant work. Reuse: this issue's own text points at "existing discovery/analyze git-history utilities" as the starting point. Grepped both packages before writing this and found no such utility (opportunity-fanout.js reads GitHub API issue updated_at, not git commit/tag history at all). The genuinely reusable piece -- worktree-allocator.ts's injected-exec convention and its removeWorktree -- is reused directly via @jsonbored/gittensory-engine rather than inventing a third "inject the git subprocess" abstraction. Note on this issue's history: previously closed by #3782, an unrelated PR (Rust protobuf stub classification) that cited this issue number to satisfy the linked-issue gate without implementing the actual feature. Reopened and implemented for real here. Closes #3010.
…nverifiable lightweight tags Two real defects found by AI review on the original PR: - exportReplaySnapshot created the worktree, then ran 4 more git reads plus the freshness validation with no cleanup on failure. A thrown error after the worktree existed left it on disk at the deterministic planReplaySnapshotPath location with no store row saved, so a retry for the same (repo, commit) pair hit git worktree add's own "path already exists" refusal instead of the real underlying error, permanently masking it. Wrapped the post-add steps in try/catch: clean up (best-effort) before rethrowing the ORIGINAL error, never a cleanup error. - readReachableTags used %(creatordate) from git tag --merged, but a lightweight tag has no tag object of its own, so %(creatordate) for one silently falls back to the POINTED-TO commit's date -- git has no record of when a lightweight tag was actually created at all. That meant a lightweight tag added long after T, but pointing at an ancestor of T, could never trigger validateSnapshotFreshness's check (its reported date is always <= T's by construction of --merged). Since this can't be verified, lightweight tags are now excluded from the export entirely -- %(objecttype) is "tag" only for an annotated tag's own tag object, "commit" for a lightweight tag's direct target.
6178578 to
fd6aac9
Compare
Summary
Closes #3010.
Adds
exportReplaySnapshot(packages/gittensory-miner/lib/replay-snapshot.js): given a repo and commit T, produces a detachedgit worktreecheckout at T (never mutates the caller's own checkout/branch) plus a context bundle: commit history up to and including T by ancestry, tags reachable from T, and the README as it existed at T.Note on this PR's history: this issue was previously closed by #3782, an unrelated PR (Rust protobuf stub classification) that cited this issue number to satisfy the linked-issue gate requirement without implementing the actual feature. Reopened and implemented for real here.
Design notes
git log Twalks the DAG, which is tamper-resistant since a commit's committer date is user-controlled and can't be trusted alone.git ls-treelists the root, matched case-insensitively againstreadme(\.\w+)?, thengit show T:<name>— handlesREADME,Readme.md,README.rst, etc. without a fixed spelling list.validateSnapshotFreshnesschecks every commit and tag date against T's own commit date and throws, listing every violation, if any postdate T.UNIQUE (repo_full_name, commit_sha)in the local store — re-exporting the same(repo, T)pair returns the cached row without touching git again, which is both how "byte-reproducible" holds trivially and avoids redundant work on repeat replay runs.packages/gittensory-engineandpackages/gittensory-minerfor git-log/tag-reading logic before writing anything and found none —opportunity-fanout.jsreads the GitHub API's issueupdated_at, not git commit/tag history at all. The one piece that is genuinely reusable —worktree-allocator.ts's injected-exec convention (WorktreeExecFn) and itsremoveWorktree— is imported directly from@jsonbored/gittensory-enginerather than inventing a third "inject the git subprocess" abstraction alongsidecli-subprocess-driver.ts's andworktree-allocator.ts's own. Documented inline at the call site per the issue's own requirement.Scope
.d.ts+ package.json build-script entry + 1 test file.CONTRIBUTING.md.Validation
npm run typecheck— clean.node --checkon the new file + fullpackages/gittensory-minerbuild script (57 files) — all pass.npx vitest run test/unit/miner-replay-snapshot.test.ts— 31/31 passing, covering every deliverable: a repo with tags (single and multiple), a repo with no tags, a commit at the very first commit of history, README present/absent/differently-cased, the freshness-violation fail-fast path, cache-hit short-circuit (verified via a secondexecwith zero scripts — any call would throw), every git-subcommand failure path, and fail-closed validation on malformed input.npx vitest run test/unit/miner-replay-snapshot.test.ts --coverage --coverage.include="packages/gittensory-miner/lib/replay-snapshot.js"→ 100% stmts/branches/funcs/lines (104/104, 60/60, 27/27, 91/91).npm audit --audit-level=moderate— no dependency changes.Safety