Fix remote restore sandbox defaults

[flyingrobots]

Summary

• keep the sandbox helpers defaulting to local repos and avoid case pattern fallthrough when replaying remotes
• strengthen snapshot/restore tests for metacharacter names and full state cleanup
• ensure duplicate URLs are caught and read-only errors share the same helper

[coderabbitai]

Warning

Rate limit exceeded

@flyingrobots has exceeded the limit for the number of commits or files that can be reviewed per hour. Please wait 0 minutes and 51 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

📥 Commits

Reviewing files that changed from the base of the PR and between 33d72bd and e8adf37.

📒 Files selected for processing (1)

• test/helpers/common.bash (2 hunks)

Summary by CodeRabbit

Release Notes

• Tests
  • Enhanced remote restoration test suite with comprehensive state validation and cleanup verification
  • Improved error handling with abort detection during restore operations
  • Added validation for remote configurations with special characters and complex setups

Summary by CodeRabbit

• Tests
  • Enhanced test coverage and validation for remote configuration restoration scenarios, including edge cases with special characters
  • Improved test reliability with more rigorous verification checks and explicit state cleanup

Walkthrough

Rewrote remote-restore tests to use grep-based URL checks, added stricter teardown emptiness verification, replaced remote -v with remote calls, expanded post-restore assertions, and refactored restore logic in test helpers by adding shiplog_restore_exec_step() and explicit if/elif handling with abort propagation.

Changes

Cohort / File(s)	Summary
Test suite: remote restore test/26_remote_restore.bats	Replaced glob/string-match checks with grep -qF for validating remote.*.url; added teardown verification that SHIPLOG_ORIG_REMOTES_CONFIG is empty; replaced shiplog_git_caller remote -v with shiplog_git_caller remote; added post-restore assertions (git config --get-all checks) for remote.*.url, pushurl, fetch, mirror, multi-URL entries and custom keys; extended coverage for special-character remote names and mixed/empty snapshot states.
Test helpers: restore flow test/helpers/common.bash	Added shiplog_restore_exec_step() wrapper to handle restore return codes and set an abort flag for partial failures; refactored shiplog_restore_caller_remotes to use explicit if/elif/else branches for remote.*.url, remote.*.pushurl, remote.*.fetch and default keys; introduced seen_remote_urls to skip duplicate remote.url entries and ensured shiplog_reset_remote_snapshot_state clears remote snapshot tracking.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  actor TestRunner
  participant Helper as test/helpers/common.bash
  participant Git as shiplog_git_caller

  Note over TestRunner,Helper: Iterate snapshot keys
  TestRunner->>Helper: shiplog_restore_exec_step(key, value)
  alt key matches remote.*.url
    Helper->>Git: restore remote.<n>.url <value>
  else key matches remote.*.pushurl
    Helper->>Git: restore remote.<n>.pushurl <value>
  else key matches remote.*.fetch
    Helper->>Git: restore remote.<n>.fetch <value>
  else
    Helper->>Git: restore <key> <value>
  end
  Git-->>Helper: rc 0 / 1 / 2
  alt rc == 2 (partial)
    Helper->>Helper: set ABORT=1 (mark partial, continue loop)
  else rc == 1 (fatal)
    Helper-->>TestRunner: return failure (early exit)
  else rc == 0
    Helper-->>TestRunner: continue
  end
  Note over TestRunner,Helper: After loop -> verify SHIPLOG_ORIG_REMOTES_CONFIG empty or report leftovers

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• feature/readonly restore regression #53: Edits the same test files and helper logic around remote snapshot/restore and SHIPLOG_ORIG_REMOTES_CONFIG handling — likely directly related.

Poem

Grep now sniffs where globs once trod,
A step function steadies the fragile squad,
Teardown checks the snapshot's bones,
Special names and multi-URLs kept their thrones,
Tests tightened, helpers march — progress, not fraud.

Pre-merge checks and finishing touches

❌ Failed checks (2 warnings)

Check name	Status	Explanation	Resolution
Description Check	⚠️ Warning	This PR description is incomplete and falls short of the repository template. It provides a Summary section with three bullet points that describe the changes, but it's entirely missing the Tests section with its verification checkboxes, the Deployment/Docs section addressing documentation updates, and the Approval section requiring the owner label. Only one of the four required template sections is present, which constitutes a largely incomplete submission that doesn't follow the established process.
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Title Check	✅ Passed	The title "Fix remote restore sandbox defaults" refers to a real aspect of the changeset—specifically, keeping sandbox helpers defaulting to local repositories and avoiding case pattern fallthrough. However, the PR encompasses significantly more: it substantially strengthens snapshot/restore tests for metacharacter handling and state cleanup, introduces a new helper function (shiplog_restore_exec_step), and consolidates error handling for duplicate URLs. The title captures only one dimension of these changes and doesn't reflect the full scope of work, making it partially rather than fully representative of the main objectives.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

📜 Review details

Configuration used: CodeRabbit UI

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 6ac68be and b6daede.

📒 Files selected for processing (2)

• test/26_remote_restore.bats (6 hunks)
• test/helpers/common.bash (1 hunks)

🧰 Additional context used

📓 Path-based instructions (1)

test/**/*.bats

📄 CodeRabbit inference engine (AGENTS.md)

Tests that manipulate Git refs must self-clean (e.g., git update-ref -d) and generate unique identifiers per test to avoid cross-run collisions

Files:

• test/26_remote_restore.bats

🧬 Code graph analysis (1)

test/26_remote_restore.bats (1)

test/helpers/common.bash (1)

• shiplog_git_caller (12-14)

🔇 Additional comments (5)

test/26_remote_restore.bats (5)

139-139: LGTM - Proper fixed-string matching.

Using grep -qF instead of shell pattern matching is the right call for handling remotes with special characters (dots, brackets, metacharacters). The -F ensures no regex interpretation, and the trailing space in the pattern correctly matches the config format.

---

783-785: Good - Direct config verification strengthens the test.

Adding the config --get-all "remote.${remote}.url" assertion provides direct verification of the config state, not just the remote get-url wrapper. For a test dealing with metacharacters in remote names, this extra paranoia is justified.

---

176-176: Consistent application - LGTM.

Same grep -qF pattern as line 139. Correctly handles special characters in remote names throughout all related tests.

---

556-556: Consistent application - LGTM.

Same grep -qF pattern. Properly tests remotes with dots in the name.

---

567-567: Consistent application - LGTM.

Same grep -qF pattern. Properly tests remotes with brackets in the name.

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

test/helpers/common.bash (1)

184-225: Now I need to examine the full function context and check if there's deduplication logic elsewhere:

Now let me search the actual codebase for context:

Based on my verification, the script confirmed that Git accepts duplicate URLs for remotes, and your code does NOT implement duplicate detection, prevention, or deduplication logic.

YOUR PR OBJECTIVES CLAIM "ENSURE DUPLICATE URLs ARE DETECTED" — WHERE IS THAT CODE?

You've made real progress centralizing error handling into shiplog_restore_exec_step(). That's legitimately better than the previous mess. But you've left the meat of the problem on the table.

Your code at lines 196-207 skips ONLY the first occurrence of first_url. Any duplicate URLs in the snapshot beyond that WILL be added via remote set-url --add. You're not preventing, detecting, or logging duplicates — you're just letting Git silently accept them.

If your PR objective is actually to detect duplicates, you need to:

• Maintain a seen set and skip/warn on duplicates, OR
• Validate the snapshot upstream before restoration, OR
• Clearly document that duplicates are intentional

Right now, there's zero duplicate detection logic here. Fix it or clarify what you actually meant by "detect."

📜 Review details

Configuration used: CodeRabbit UI

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between b6daede and e86a58b.

📒 Files selected for processing (2)

• test/26_remote_restore.bats (6 hunks)
• test/helpers/common.bash (3 hunks)

🧰 Additional context used

📓 Path-based instructions (1)

test/**/*.bats

📄 CodeRabbit inference engine (AGENTS.md)

Tests that manipulate Git refs must self-clean (e.g., git update-ref -d) and generate unique identifiers per test to avoid cross-run collisions

Files:

• test/26_remote_restore.bats

🧬 Code graph analysis (1)

test/26_remote_restore.bats (1)

test/helpers/common.bash (1)

• shiplog_git_caller (12-14)

🔇 Additional comments (3)

test/26_remote_restore.bats (3)

139-139: GREP-BASED CHECKS ARE THE RIGHT MOVE.

Using grep -qF with here-strings is significantly more robust than bash pattern matching. Fixed-string matching eliminates any risk of glob expansion or unintended regex interpretation, especially with remote names containing special characters.

This is a solid improvement.

Also applies to: 176-176, 556-556, 567-567

---

716-722: PARANOID GUARD NOW HAS PROPER JUSTIFICATION.

Good—you added a clear comment explaining this is defensive programming against potential Bash 5.x associative array bugs where length checks pass but keys remain. This addresses the previous review feedback that correctly pointed out the redundancy but allowed it as defensive programming.

The comment makes your paranoia explicit and justifies the "insurance for your insurance" approach. Future maintainers won't be confused.

---

777-787: THOROUGH VERIFICATION FOR METACHARACTER NAMES.

You're validating the restored remote from multiple angles:

1. Check it appears in git remote output (line 777-779)
2. Verify URL via git remote get-url (lines 781-783)
3. Confirm via git config --get-all (lines 785-787)

This triple-check is appropriate for testing edge cases like regex metacharacters in remote names. If the implementation has any escaping bugs, this should catch them.

Solid testing discipline.

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between e86a58b and 33d72bd.

📒 Files selected for processing (1)

• test/helpers/common.bash (2 hunks)

🔇 Additional comments (2)

test/helpers/common.bash (2)

53-75: Good structural improvement—error handling is now centralized.

The shiplog_restore_exec_step() helper properly encapsulates abort-flag initialization and error classification, eliminating the previous duplication of case statements. The three-way return code split (0=success, 1=abort, 2+=fatal) is clear.

---

184-190: Redundant initialization issue is resolved.

The caller-side initialization of restore_abort=0 has been correctly removed. The variable is now declared without assignment and properly initialized by shiplog_restore_exec_step().