feat(session-guard): write-coordination lock + git hooks; green CI install/gitleaks; drop vestigial NEON_SECRET#217
Open
HeadyMe wants to merge 6 commits into
Open
feat(session-guard): write-coordination lock + git hooks; green CI install/gitleaks; drop vestigial NEON_SECRET#217HeadyMe wants to merge 6 commits into
HeadyMe wants to merge 6 commits into
Conversation
…ll/gitleaks; drop vestigial NEON_SECRET
SESSION-GUARD (new @heady/session-guard): a machine-wide advisory lock (~/.heady/session.lock, heartbeat+TTL) so the multiple autonomous writers on this box (cron auto-commit-push every 5min, the in-folder watcher, the Antigravity IDE agent) never race active edits. Enforced at the git layer via tooling/hooks/{pre-commit,pre-push} (core.hooksPath). CLI: acquire/heartbeat/release/status/check/pause/resume. Stale locks auto-expire (no deadlock); corrupt lock fails open. Legacy scripts/auto-commit-push.sh patched to honor the lock + ~/.heady/autonomy.paused. 8 tests. Runbook + writer inventory in tooling/session-guard/README.md.
CI: gitleaks license gate now uses job-level env mapping + 'if: env.GITLEAKS_LICENSE != ""' (secrets context isn't readable in a step-level if). pnpm-lock.yaml synced to include midi-bus/session-guard/heady-derive/report-templates importers (frozen-lockfile was broken by an unsynced midi-bus add → CI install step now passes).
SECRETS: removed NEON_SECRET — 0 code references, a duplicate of the real NEON_API_KEY (used by src/services/neon-db.js); sharpened NEON_API_KEY description. Removed from registry + .env.example; regenerated HEADY_VARIABLE_REGISTRY.md. coherence exit 0, secrets+session-guard tests pass, turbo 68/68.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
… UDP-MIDI transport - Engaged CSL dual-gate for active negative pattern blocking - Built steganography-packer.mjs for variable bit/nibble slicing via Fibonacci key - Bridged system.consequence.enforce NATS events to UDP RTP-MIDI (CC 104) - Added ADR-0028 and ADR-0029 documenting these shifts - Introduced heady-adr-postmortem agent skill for automated post-build reports - Updated facts.yaml concepts index
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Why
Multiple autonomous writers on the dev box (cron
auto-commit-push.shevery 5min, the in-folder watcher, the Antigravity IDE agent) commit as the same git identity and race active edits — interleaved commits, mid-session reverts. You couldn't tell what to pause. This makes the problem structurally impossible to repeat.What
@heady/session-guard— machine-wide advisory lock (~/.heady/session.lock, heartbeat + TTL) every local writer consults. CLI:acquire/heartbeat/release/status/check/pause/resume. Stale locks auto-expire (no deadlock); corrupt lock fails open. 8 tests.tooling/hooks/{pre-commit,pre-push}viacore.hooksPath) — block a commit/push when a different session holds a fresh lock.--no-verifyis the emergency valve.auto-commit-push.shpatched to honor the lock + a one-switch pause flag (~/.heady/autonomy.paused).tooling/session-guard/README.md.CI / cleanup riders
env+if: env.GITLEAKS_LICENSE != ''(thesecretscontext isn't readable in a step-levelif:).pnpm-lock.yamlsynced (midi-bus/session-guard/heady-derive/report-templates importers) —frozen-lockfilewas broken by an unsyncedmidi-busadd; CI install step now passes.NEON_SECRET— 0 code refs, duplicate of the realNEON_API_KEY; regeneratedHEADY_VARIABLE_REGISTRY.md.Verified locally: coherence exit 0 · secrets + session-guard tests pass · turbo 68/68 · frozen-lockfile OK.
🤖 Generated with Claude Code