fix(entrypoint): clone into dev home for tilde TARGET_DIR (empty app folder)#414
Conversation
Adding .gitkeep for PR creation (default mode). This file will be removed when the task is complete. Issue: ProverCoderAI#413
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: ASSERTIVE Plan: Pro Plus Run ID: 📒 Files selected for processing (2)
💤 Files with no reviewable changes (2)
📜 Recent review details⏰ Context from checks skipped due to timeout of 900000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (12)
📝 WalkthroughSummary by CodeRabbitРелиз-ноты
WalkthroughВ шаблоне bash-entrypoint заменена логика tilde-расширения для ChangesИсправление tilde-расширения TARGET_DIR в entrypoint
Estimated code review effort🎯 1 (Trivial) | ⏱️ ~5 minutes Important Pre-merge checks failedPlease resolve all errors before merging. Addressing warnings is optional. ❌ Failed checks (1 error)
✅ Passed checks (6 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
…HOME The generated entrypoint runs as root (sshd), so $HOME is /root. A ~/... TARGET_DIR reaching the entrypoint was expanded against $HOME -> /root/app, which the unprivileged 'su - <sshUser>' clone cannot write, so git clone failed and the workspace 'app' folder stayed empty (issue ProverCoderAI#413). Expand against /home/<sshUser> so the clone always lands in the dev-owned workspace. Fixes ProverCoderAI#413
konard
changed the title
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 4
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@packages/app/CHANGELOG.md`:
- Around line 3-11: The CHANGELOG entry for version 1.3.5 uses an incorrect
commit type (chore instead of fix) and lacks proper traceability and detailed
description of the actual bug fix related to tilde expansion in the entrypoint
script. Update the entry to follow the Conventional Commits format used in
version 1.3.4 by changing the commit type to fix(shell), adding a PR reference
with link, including the commit SHA reference, adding the author attribution,
and replacing the generic message with a detailed explanation of what was fixed
regarding tilde expansion in TARGET_DIR and how it resolves issue `#413`. Ensure
the Updated dependencies section remains unchanged.
In `@packages/app/src/lib/core/templates-entrypoint/base.ts`:
- Around line 19-23: The function `renderEntrypointHeader` and its tilde path
expansion logic (handling "~" and "~/" prefixes) are duplicated identically in
both packages/lib and packages/app, creating maintenance and divergence risks.
Extract this common logic into a separate shared package (such as
`@prover-coder-ai/docker-git-templates`) that both packages can depend on,
ensuring a single source of truth. Alternatively, if architectural constraints
prevent a new shared package, implement a ts-morph synchronization script that
automatically copies the implementation from lib to app during build, and add CI
checks to verify the implementations remain identical. Additionally, expand the
existing test suite in `packages/lib/tests/core/templates.test.ts` to verify
that `renderEntrypointHeader` outputs are identical across both packages, not
just `renderPostPushPrEnsure`.
In `@packages/docker-git-session-sync/CHANGELOG.md`:
- Around line 3-7: The CHANGELOG.md entry for version 1.0.63 currently contains
only a generic "chore: automated version bump" message, but it should include a
meaningful description of the actual fix that was implemented. Replace the
generic message in the Patch Changes section with a user-facing description that
explains what issue was resolved, specifically that the fix addresses the tilde
path resolution problem in docker-git clone operations where the app folder
remained empty due to tilde being resolved relative to the wrong home directory.
The description should be specific enough that users updating the version
understand what has been fixed, following the format of previous changelog
entries like version 1.0.10.
In `@packages/lib/src/core/templates-entrypoint/base.ts`:
- Around line 19-23: The tilde expansion logic in the if/elif block for
TARGET_DIR is missing required documentation comments according to coding
guidelines. Add functional comment documentation above the TARGET_DIR assignment
block that includes all required markers: CHANGE (describing the replacement of
$HOME with explicit /home/${config.sshUser}), WHY (explaining that entrypoint
runs as root via sshd causing $HOME=/root and git clone failures), QUOTE
(referencing the requirement), REF (linking to issue `#413`), SOURCE, FORMAT
THEOREM (defining the expansion behavior), PURITY, INVARIANT (ensuring bash
expands ~ to dev-owned home, never root's), and COMPLEXITY. Follow the exact
format shown in the review comment with proper documentation structure.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: ASSERTIVE
Plan: Pro Plus
Run ID: cdfe463e-3c6b-431c-a5f9-7e0a2fa9a2cd
📒 Files selected for processing (9)
.changeset/entrypoint-tilde-clone-target.md.gitkeeppackages/app/CHANGELOG.mdpackages/app/package.jsonpackages/app/src/lib/core/templates-entrypoint/base.tspackages/docker-git-session-sync/CHANGELOG.mdpackages/docker-git-session-sync/package.jsonpackages/lib/src/core/templates-entrypoint/base.tspackages/lib/tests/core/templates.test.ts
📜 Review details
⏰ Context from checks skipped due to timeout of 900000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (10)
- GitHub Check: Lint
- GitHub Check: E2E (Clone auto-open SSH)
- GitHub Check: E2E (OpenCode)
- GitHub Check: E2E (Login context)
- GitHub Check: E2E (Browser command)
- GitHub Check: E2E (Runtime volumes + SSH)
- GitHub Check: E2E (Clone cache)
- GitHub Check: Types
- GitHub Check: Test
- GitHub Check: Final build (windows-latest)
🧰 Additional context used
📓 Path-based instructions (12)
**/{.git*,config*,*.sh,docker-compose*}
📄 CodeRabbit inference engine (README.md)
Use git credential helper to automatically select correct token by host for HTTPS clone/push operations
Files:
.gitkeep
**/{setup,install,config,*.sh,*.md}
📄 CodeRabbit inference engine (README.md)
Ensure default projects directory is ~/.docker-git
Files:
packages/docker-git-session-sync/CHANGELOG.mdpackages/app/CHANGELOG.md
**/*
⚙️ CodeRabbit configuration file
**/*: Ты строгий ревьюер SPEC DRIVEN DEVELOPMENT.Перед выводами изучи README.md, другие *.md файлы, linked issues,
PR description, PR comments/discussion и релевантную кодовую базу.Сверь изменения с исходным ТЗ/спекой и обсуждением. Флагай любой уход
от спеки, недокументированное изменение поведения, отсутствие тестов
для заявленного поведения и security-риск. Если спека не видна,
попроси автора добавить ее в issue или PR description.Проверь решение с точки зрения формальной верификации: какие инварианты,
предусловия и постусловия можно доказать математически, а где доказуемость
слабая. Оцени решение с точки зрения теории игр: устойчивы ли стимулы,
нет ли выгодного обхода правил, и какое решение было бы сильнее.
Files:
packages/docker-git-session-sync/CHANGELOG.mdpackages/app/package.jsonpackages/docker-git-session-sync/package.jsonpackages/lib/tests/core/templates.test.tspackages/app/CHANGELOG.mdpackages/lib/src/core/templates-entrypoint/base.tspackages/app/src/lib/core/templates-entrypoint/base.ts
**
⚙️ CodeRabbit configuration file
**: РОЛЬ: Математик-программист, специализирующийся на формально верифицируемой функциональной архитектуре.ЦЕЛЬ: Создавать математически доказуемые решения через функциональную парадигму с полным разделением чистых вычислений и контролируемых эффектов.
МОДЕЛЬ РАССУЖДЕНИЯ:
- Не выдавать “личные мнения”. Формировать вывод как результат симуляции профессионального обсуждения релевантных ролей
(архитектор Effect/FP, ревьюер типов, страж CORE↔SHELL, тест-инженер).- Если запрос сформулирован как “что думаешь”, отвечать в терминах аргументов ролей и выбирать решение
по критериям инвариантов, типовой безопасности и тестируемости (если пользователь явно просит выбор — выбрать и обосновать).ПРАВИЛО ПРОЦЕССА (НЕ ФОРМАТ ОТВЕТА):
В начале работы (внутренне) формулировать Deep Research вопрос:
"I am looking for code that does , is there existing code that can do this?"
Далее:
- если доступен проект/код — сперва искать и переиспользовать существующие паттерны (минимальный корректный diff),
- если проект недоступен — опираться на предоставленный контекст и явно фиксировать допущения,
- код писать только после формального понимания задачи (типы/инварианты → архитектура → код → тесты),
- источники указывать только если реально использован внешний материал; иначе
SOURCE: n/a.ИНСТРУМЕНТАЛЬНОЕ ПОВЕДЕНИЕ (ОБЯЗАТЕЛЬНО, НЕ ФОРМАТ ОТВЕТА):
- Агент всегда использует доступные инструменты среды (терминал, поиск по проекту, запуск тестов/скриптов, анализ сборки, web-ресёрч при необходимости)
для ресёрча, проверки гипотез и выполнения действий. Приоритет: проверяемость, воспроизводимость, минимальный риск.- Агент не предлагает “гайд” как замену действия. Если действие возможно выполнить инструментами — агент выполняет его сам,
затем сообщает, что было сделано и как повторить.- Любые инструкции (команды/процедуры) агент даёт только после собственной проверки на доступной среде.
Если проверить невозможно — явно фиксирует ограничение и перечисляе...
Files:
packages/docker-git-session-sync/CHANGELOG.mdpackages/app/package.jsonpackages/docker-git-session-sync/package.jsonpackages/lib/tests/core/templates.test.tspackages/app/CHANGELOG.mdpackages/lib/src/core/templates-entrypoint/base.tspackages/app/src/lib/core/templates-entrypoint/base.ts
**/*.{js,ts,jsx,tsx,py,java,go,rb,php,sh,bash,yml,yaml,json,env*,toml,cfg,config,dockerfile,dockerignore}
📄 CodeRabbit inference engine (Custom checks)
Fail if changed files expose credentials, tokens, private-keys, or PII in source, generated config, logs, or CI output
Files:
packages/app/package.jsonpackages/docker-git-session-sync/package.jsonpackages/lib/tests/core/templates.test.tspackages/lib/src/core/templates-entrypoint/base.tspackages/app/src/lib/core/templates-entrypoint/base.ts
**/{package*.json,requirements*.txt,setup.py,setup.cfg,Pipfile,Pipfile.lock,pyproject.toml,pom.xml,build.gradle,Gemfile,Gemfile.lock,go.mod,go.sum,composer.json,Cargo.toml,Cargo.lock}
📄 CodeRabbit inference engine (Custom checks)
Fail if dependency or package-manager changes materially increase supply-chain risk without justification
Files:
packages/app/package.jsonpackages/docker-git-session-sync/package.json
**/*.{sh,bash,py,js,ts,jsx,tsx,go,java,rb,php}
📄 CodeRabbit inference engine (Custom checks)
Fail if changed files introduce command injection or unsafe shell/process execution with user-controlled input
Files:
packages/lib/tests/core/templates.test.tspackages/lib/src/core/templates-entrypoint/base.tspackages/app/src/lib/core/templates-entrypoint/base.ts
**/*.{py,js,ts,jsx,tsx,go,java,rb,php,sh,bash,c,cpp}
📄 CodeRabbit inference engine (Custom checks)
Fail if changed files introduce path traversal or writes outside intended project/container state directories
Files:
packages/lib/tests/core/templates.test.tspackages/lib/src/core/templates-entrypoint/base.tspackages/app/src/lib/core/templates-entrypoint/base.ts
**/*.{ts,tsx}
📄 CodeRabbit inference engine (AGENTS.md)
**/*.{ts,tsx}: FUNCTIONAL CORE: Write only pure functions with immutable data and mathematical operations in core modules; no side effects, mutations, or external service calls
IMPERATIVE SHELL: Isolate all side effects (IO, network, database, environment/process) in a thin SHELL layer; CORE never calls SHELL, only SHELL → CORE
Never useanytype annotation in TypeScript; useunknownonly at SHELL boundaries for decoding, never exportunknownoutside boundary modules
Never useastype assertions in normal code; only permitasin a single 'axiomatic' module (brands, constructors, constants) after which types flow safely without casts
Always use exhaustive pattern matching for union types through.exhaustive()orMatch.exhaustive()from effect-ts; never use switch statements or unhandled type branches
Use Effect<Success, Error, Requirements> monad from effect-ts for all effects; compose through pipe() and Effect.flatMap(); never use async/await, raw Promise chains (then/catch), or Promise.all in product code
Interoperate with Promise/exceptions only in SHELL through Effect.try/Effect.tryPromise with typed error mapping; never leave raw exceptions or untyped errors in the domain
Use Effect.acquireRelease + Effect.scoped for resource management with guaranteed finalization; never manage resources with try/finally or manual cleanup
All external services (database, HTTP, environment) must be accessed through Effect-based interfaces and Layer-based dependency injection; never call external APIs directly
Provide comprehensive TSDoc comments with mathematical notation:@pure,@effect,@invariant,@precondition,@postcondition,@complexity,@throws, and CHANGE/WHY/REF/SOURCE/FORMAT THEOREM functional comment markers
No console.*, process direct calls, or untyped environment access in product code; all such operations must be abstracted through Layer-based services in SHELL
Boundary data from external sources (HTTP, database, environment) must be decoded/valida...
Files:
packages/lib/tests/core/templates.test.tspackages/lib/src/core/templates-entrypoint/base.tspackages/app/src/lib/core/templates-entrypoint/base.ts
**/*.test.{ts,tsx}
📄 CodeRabbit inference engine (AGENTS.md)
**/*.test.{ts,tsx}: Write property-based tests using fast-check (fc.property) to verify mathematical invariants; unit tests must use Effect test utilities without async/await
Every bug fix must be accompanied by a reproducing test case; the test must fail before the fix and pass after; document the Proof of Fix with root cause and solution
Files:
packages/lib/tests/core/templates.test.ts
**/{browser*,server*,app*,*.ts,*.js}
📄 CodeRabbit inference engine (README.md)
Web version must listen on 0.0.0.0 by default for accessibility across LAN devices
Files:
packages/lib/tests/core/templates.test.tspackages/lib/src/core/templates-entrypoint/base.tspackages/app/src/lib/core/templates-entrypoint/base.ts
**/{cli*,command*,auto*,*.ts,*.tsx}
📄 CodeRabbit inference engine (README.md)
Implement auto-mode agent selection logic to choose Claude, Codex, Gemini, or Grok randomly from available authorized providers, or allow forced selection with --auto=
Files:
packages/lib/tests/core/templates.test.tspackages/lib/src/core/templates-entrypoint/base.tspackages/app/src/lib/core/templates-entrypoint/base.ts
🪛 markdownlint-cli2 (0.22.1)
.changeset/entrypoint-tilde-clone-target.md
[warning] 5-5: First line in a file should be a top-level heading
(MD041, first-line-heading, first-line-h1)
🔇 Additional comments (6)
packages/lib/tests/core/templates.test.ts (1)
470-500: Отличное покрытие тестами с документированием математических инвариантов!Новые тесты демонстрируют образцовое следование coding guidelines:
- ✅ Документация: Включены все обязательные маркеры (CHANGE/WHY/QUOTE/REF/FORMAT THEOREM)
- ✅ Property-based testing: Использование
fast-checkдля проверки инварианта на произвольных входах- ✅ Математическая формализация:
FORMAT THEOREM: expand("~") = /home/<sshUser> ∧ expand("~/p") = /home/<sshUser>/p- ✅ Отрицательные проверки: Явно проверяется отсутствие старой логики с
$HOMEТесты гарантируют, что исправление работает корректно и не регрессирует в будущем.
Минорное улучшение (опционально):
Можно добавить тест для проверки идентичности вывода между
packages/libиpackages/app(по аналогии с тестом на строке 503-505 дляrenderPostPushPrEnsure):♻️ Предложение для гарантии синхронизации lib и app
it("keeps the lib and app tilde expansion logic in sync", () => { const libEntrypoint = renderEntrypoint(makeTemplateConfig({ sshUser: "testuser" })) const appEntrypoint = renderAppEntrypoint(makeTemplateConfig({ sshUser: "testuser" })) // Extract TARGET_DIR expansion logic from both const libTildeLogic = libEntrypoint.split('\n').filter(line => line.includes('TARGET_DIR="/home/') || line.includes('if [[ "$TARGET_DIR" == "~"') ).join('\n') const appTildeLogic = appEntrypoint.split('\n').filter(line => line.includes('TARGET_DIR="/home/') || line.includes('if [[ "$TARGET_DIR" == "~"') ).join('\n') expect(libTildeLogic).toBe(appTildeLogic) })Source: Coding guidelines
.gitkeep (1)
1-1: LGTM!.changeset/entrypoint-tilde-clone-target.md (1)
1-16: Changeset правильно описывает исправление для issue#413.Описание четко формулирует root cause ($HOME=/root при sshd) и решение (использование /home/ для tilde-расширения). Соответствует спеке и обоснованию в commit messages.
Markdownlint warning MD041 о first-line-heading — это false positive для стандартного changeset формата, который начинается с YAML front matter. Может быть проигнорирован.
packages/docker-git-session-sync/package.json (1)
3-3: LGTM!packages/app/package.json (2)
3-3: LGTM!
1-128: Все три слоя когорты исправления tilde-расширения верифицированы и соответствуют спецификации.Layer 1 (Реализация): ✅ Оба файла шаблонов entrypoint содержат правильные конструкции:
if [[ "$TARGET_DIR" == "~" ]]; then TARGET_DIR="/home/${config.sshUser}"elif [[ "$TARGET_DIR" == "~/"* ]]; then TARGET_DIR="/home/${config.sshUser}${TARGET_DIR:1}"Layer 2 (Тесты): ✅
packages/lib/tests/core/templates.test.tsсодержит two уровня coverage:
- Unit test: проверяет наличие условия и отсутствие использования
$HOME- Property-based test (fc.property): валидирует инвариант
expand("~") = /home/<sshUser>для всех генерируемых конфиговLayer 3 (Changeset/Version): ✅
packages/app/CHANGELOG.mdактуален, версия 1.3.5 с корректным dependency bump; PR#409в 1.3.4 содержит описание фикса TARGET_DIR.
| ## 1.3.5 | ||
|
|
||
| ### Patch Changes | ||
|
|
||
| - chore: automated version bump | ||
|
|
||
| - Updated dependencies []: | ||
| - @prover-coder-ai/docker-git-session-sync@1.0.63 | ||
|
|
There was a problem hiding this comment.
CHANGELOG не содержит информации о реальном исправлении и нарушает Conventional Commits.
Запись для версии 1.3.5 содержит только generic "chore: automated version bump", что затрудняет понимание истории изменений. Для сравнения, запись для версии 1.3.4 (строки 12-23) содержит подробное описание исправления с ссылкой на PR.
Проблемы:
- Неправильный тип коммита: Для исправления бага должен использоваться
fix(shell):а неchore: - Отсутствует трассируемость: Нет ссылки на issue
#413или PR - Нет описания изменения: Пользователи не поймут, что было исправлено
Согласно coding guidelines, commit messages должны следовать Conventional Commits с областями: feat(core), fix(shell), и т.д.
📝 Предложение для улучшения CHANGELOG
## 1.3.5
### Patch Changes
- [`#XXX`](https://github.com/ProverCoderAI/docker-git/pull/XXX) [`COMMIT_SHA`](https://github.com/ProverCoderAI/docker-git/commit/COMMIT_SHA) Thanks [`@author`](https://github.com/author)! - Fix tilde expansion in entrypoint TARGET_DIR to resolve against SSH user home instead of root's $HOME.
When the entrypoint script runs as root (via sshd), `$HOME` points to `/root`,
causing tilde (`~`) in `TARGET_DIR` to expand to `/root/app`. The unprivileged
SSH user lacks write permissions there, so `git clone` failed and the workspace
folder remained empty (issue `#413`). Now `~` explicitly expands to
`/home/<sshUser>`, ensuring proper ownership and permissions.
- Updated dependencies []:
- `@prover-coder-ai/docker-git-session-sync`@1.0.63🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@packages/app/CHANGELOG.md` around lines 3 - 11, The CHANGELOG entry for
version 1.3.5 uses an incorrect commit type (chore instead of fix) and lacks
proper traceability and detailed description of the actual bug fix related to
tilde expansion in the entrypoint script. Update the entry to follow the
Conventional Commits format used in version 1.3.4 by changing the commit type to
fix(shell), adding a PR reference with link, including the commit SHA reference,
adding the author attribution, and replacing the generic message with a detailed
explanation of what was fixed regarding tilde expansion in TARGET_DIR and how it
resolves issue `#413`. Ensure the Updated dependencies section remains unchanged.
Source: Coding guidelines
| if [[ "$TARGET_DIR" == "~" ]]; then | ||
| TARGET_DIR="$HOME" | ||
| TARGET_DIR="/home/${config.sshUser}" | ||
| elif [[ "$TARGET_DIR" == "~/"* ]]; then | ||
| TARGET_DIR="$HOME\${TARGET_DIR:1}" | ||
| TARGET_DIR="/home/${config.sshUser}\${TARGET_DIR:1}" | ||
| fi |
There was a problem hiding this comment.
🧹 Nitpick | 🔵 Trivial | ⚖️ Poor tradeoff
Дублирование логики между packages/lib и packages/app создает риск расхождения реализаций.
Функция renderEntrypointHeader и её логика раскрытия тильды идентично реализованы в обоих пакетах (packages/lib и packages/app). Хотя архитектурное ограничение "APP работает только с API, и не имеет доступа к LIB" объясняет необходимость дублирования, это создает следующие риски:
- Поддерживаемость: Будущие изменения потребуют синхронной правки в двух местах
- Расхождение: Высокий риск, что реализации разойдутся при неаккуратном изменении
- Нарушение DRY: Одна единица смысла должна иметь одно место определения
Рекомендация:
♻️ Стратегии для устранения дублирования
Вариант 1 (предпочтительный): Вынести общую логику генерации шаблонов в отдельный изолированный пакет @prover-coder-ai/docker-git-templates:
- Оба пакета (
libиapp) могут зависеть от него - Соблюдается архитектурное разделение
- Единый источник истины для логики шаблонов
Вариант 2: Автоматическая синхронизация через ts-morph скрипты:
- Скрипт копирует реализацию из lib в app при сборке
- CI проверяет идентичность реализаций
- Сохраняется текущая структура
Вариант 3: Тесты для гарантии идентичности:
- Добавить property-based тест, проверяющий, что оба пакета генерируют идентичный вывод для одинаковых входов
- Минимальное изменение, но не устраняет дублирование
Текущие тесты в packages/lib/tests/core/templates.test.ts (строка 503-505) проверяют синхронизацию между lib и app только для функции renderPostPushPrEnsure, но не для renderEntrypointHeader.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@packages/app/src/lib/core/templates-entrypoint/base.ts` around lines 19 - 23,
The function `renderEntrypointHeader` and its tilde path expansion logic
(handling "~" and "~/" prefixes) are duplicated identically in both packages/lib
and packages/app, creating maintenance and divergence risks. Extract this common
logic into a separate shared package (such as
`@prover-coder-ai/docker-git-templates`) that both packages can depend on,
ensuring a single source of truth. Alternatively, if architectural constraints
prevent a new shared package, implement a ts-morph synchronization script that
automatically copies the implementation from lib to app during build, and add CI
checks to verify the implementations remain identical. Additionally, expand the
existing test suite in `packages/lib/tests/core/templates.test.ts` to verify
that `renderEntrypointHeader` outputs are identical across both packages, not
just `renderPostPushPrEnsure`.
Source: Coding guidelines
| ## 1.0.63 | ||
|
|
||
| ### Patch Changes | ||
|
|
||
| - chore: automated version bump |
There was a problem hiding this comment.
Запись changelog должна содержать описание исправления, а не только "chore: automated version bump".
Текущая запись в CHANGELOG.md:
## 1.0.63
### Patch Changes
- chore: automated version bump
Однако changeset описывает конкретное исправление: фикс для issue #413 (app folder остаётся пустой при docker-git clone с tilde-путем, потому что tilde разрешается относительно $HOME=/root вместо /home/<sshUser>).
Запись changelog должна содержать пользовательское описание исправления (как, например, версия 1.0.10 с описанием "Add portable launch/build scripts..."), чтобы пользователи, обновляющие версию, поняли, что было исправлено.
📝 Предлагаемое исправление
## 1.0.63
### Patch Changes
- - chore: automated version bump
+ - Fixed `docker-git clone` leaving workspace `app` folder empty when `TARGET_DIR` is a tilde path; tilde expansion now resolves to unprivileged SSH user home `/home/<sshUser>` instead of root `$HOME`🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@packages/docker-git-session-sync/CHANGELOG.md` around lines 3 - 7, The
CHANGELOG.md entry for version 1.0.63 currently contains only a generic "chore:
automated version bump" message, but it should include a meaningful description
of the actual fix that was implemented. Replace the generic message in the Patch
Changes section with a user-facing description that explains what issue was
resolved, specifically that the fix addresses the tilde path resolution problem
in docker-git clone operations where the app folder remained empty due to tilde
being resolved relative to the wrong home directory. The description should be
specific enough that users updating the version understand what has been fixed,
following the format of previous changelog entries like version 1.0.10.
| if [[ "$TARGET_DIR" == "~" ]]; then | ||
| TARGET_DIR="$HOME" | ||
| TARGET_DIR="/home/${config.sshUser}" | ||
| elif [[ "$TARGET_DIR" == "~/"* ]]; then | ||
| TARGET_DIR="$HOME\${TARGET_DIR:1}" | ||
| TARGET_DIR="/home/${config.sshUser}\${TARGET_DIR:1}" | ||
| fi |
There was a problem hiding this comment.
Исправление корректно решает проблему раскрытия тильды, но отсутствует документация согласно coding guidelines.
Техническое изменение верно: когда entrypoint запускается от root (через sshd), переменная $HOME указывает на /root, что приводило к проблеме с правами доступа при git clone. Явное указание /home/${config.sshUser} гарантирует, что пути с тильдой раскрываются в домашнюю директорию SSH пользователя, где у него есть права на запись.
Однако согласно coding guidelines, код должен содержать функциональные комментарии для документирования изменения:
// CHANGE: replace $HOME with explicit /home/${config.sshUser} in tilde expansion
// WHY: entrypoint runs as root (via sshd), so $HOME=/root; expanding ~ against $HOME
// resolved TARGET_DIR to /root/app, which unprivileged SSH user cannot write to,
// causing git clone to fail and leaving workspace app folder empty (issue `#413`)
// QUOTE(ТЗ): "Почему-то при docker-git clone не делается git clone в папку app"
// REF: issue-413
// SOURCE: n/a
// FORMAT THEOREM: ∀sshUser: expand("~") = /home/sshUser ∧ expand("~/p") = /home/sshUser/p
// PURITY: CORE (pure string template generation)
// INVARIANT: generated bash expands ~ to dev-owned home, never root's $HOME
// COMPLEXITY: O(1)As per coding guidelines, all changes must include CHANGE/WHY/QUOTE/REF/SOURCE/FORMAT THEOREM markers for traceability and formal reasoning.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@packages/lib/src/core/templates-entrypoint/base.ts` around lines 19 - 23, The
tilde expansion logic in the if/elif block for TARGET_DIR is missing required
documentation comments according to coding guidelines. Add functional comment
documentation above the TARGET_DIR assignment block that includes all required
markers: CHANGE (describing the replacement of $HOME with explicit
/home/${config.sshUser}), WHY (explaining that entrypoint runs as root via sshd
causing $HOME=/root and git clone failures), QUOTE (referencing the
requirement), REF (linking to issue `#413`), SOURCE, FORMAT THEOREM (defining the
expansion behavior), PURITY, INVARIANT (ensuring bash expands ~ to dev-owned
home, never root's), and COMPLEXITY. Follow the exact format shown in the review
comment with proper documentation structure.
Source: Coding guidelines
Working session summaryThe fix is complete and pushed; 3 of 4 CI jobs (Snapshot, Checking Dependencies, Final Build) have passed and the "Check" job (lint + typecheck + tests) is still running. A background monitor ( SummaryIssue #413: Root causeThe generated per-project entrypoint ( This is distinct from PR #409, which fixed the wrong file — the standalone base-image FixExpand the tilde against the unprivileged user's home
Verification
Delivered
I'll confirm once the final CI "Check" job reports its result. This summary was automatically extracted from the AI working session output. |
🤖 Solution Draft LogThis log file contains the complete execution trace of the AI solution draft process. 💰 Cost estimation:
📊 Context and tokens usage:Claude Opus 4.8: (3 sub-sessions)
Total: (22.1K new + 274.3K cache writes + 8.5M cache reads) input tokens, 101.3K output tokens, $8.597816 cost 🤖 Models used:
📎 Log file uploaded as Gist (3965KB)Now working session is ended, feel free to review and add any feedback on the solution draft. |
✅ Ready to mergeThis pull request is now ready to be merged:
Monitored by hive-mind with --auto-restart-until-mergeable flag |
This reverts commit 5918c68.
…ntainer (ProverCoderAI#414) main (ProverCoderAI#412) extracted the entrypoint templates from packages/lib into the new @prover-coder-ai/docker-git-container package. Conflict resolution: - tilde $HOME -> /home/<sshUser> fix now lives in packages/container/src/core/templates-entrypoint/base.ts (git rename-detected) - its test moved to packages/container/tests/core/templates.test.ts - dropped the deleted dead copy packages/app/src/lib/.../base.ts - reverted stray version-bump artifacts (app/session-sync package.json + CHANGELOG); the changeset drives release versioning. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2 participants
Problem
Closes #413.
When running
docker-git clone, the repository was not cloned into the workspaceappfolder — the folder ended up empty. The reporter's terminal showed an empty~/~/app (main)>prompt and they had togit clonemanually.This is the same class of bug as #408/#409, but #409 fixed the wrong file (the standalone base-image
entrypoint.sh, which the panel/CLI clone flow does not use). The real clone flow uses the generated per-project entrypoint produced bytemplates-entrypoint/base.ts.Root cause
The generated entrypoint runs as root (sshd), so
$HOMEresolves to/root. When a tildeTARGET_DIR(~or~/...) reached the entrypoint — e.g. via theTARGET_DIRenv override — it was expanded against$HOME:The auto-clone then runs as
su - <sshUser>(the unprivilegeddevuser). Cloning into the root-owned/root/appfails with permission denied, so the repository never lands in the prepared home and the workspaceappfolder stays empty.Fix
Expand the tilde against the unprivileged user's home
/home/<sshUser>instead of root's$HOME, so the clone always lands in the dev-owned workspace:Applied to both copies of the template:
packages/lib/src/core/templates-entrypoint/base.tspackages/app/src/lib/core/templates-entrypoint/base.tsReproduction & verification
Reproduced end-to-end in Docker with the generated entrypoint logic:
$HOME):resolved TARGET_DIR=/root/app→fatal: could not create work tree dir '/root/app': Permission denied→/home/dev/appempty./home/$SSH_USER):resolved TARGET_DIR=/home/dev/app→Cloning into '/home/dev/app'...→ workspace contains.git+ cloned files.Tests
Added
renderEntrypoint tilde target dir expansiontopackages/lib/tests/core/templates.test.ts:~expands to/home/<sshUser>(not$HOME//root)~/...expands to/home/<sshUser>/...TARGET_DIR="$HOME"Verified the tests fail on the old
$HOMEcode and pass with the fix (55/55 in the suite).Release
Added changeset
entrypoint-tilde-clone-target.md(patch for@prover-coder-ai/docker-git).