fix(ipc): chmod 666 the Unix socket so cross-UID callers can connect (closes #1008)#1011
Merged
Merged
Conversation
Root cause for the pre-push hook's git_bridge::tests cluster failure:
When `cargo test --lib` is invoked by the pre-push hook (which is
itself invoked by `git push`), git sets context env vars (GIT_DIR,
GIT_PREFIX, etc.) on the hook process. Those env vars propagate to
every child — including cargo, including the test binary, including
the tempdir `git init`/`git commit` calls inside the tests.
So when a test does `git commit` in its tempdir, git inherits
GIT_DIR=/Users/joelteply/.../continuum/.git, runs the parent
worktree's pre-commit hook (which itself shells `<repo>/src/scripts/
git-precommit.sh`), and panics because that script's path doesn't
exist relative to the tempdir.
Surface symptom: 9-of-9 git_bridge tests fail when run via the
pre-push hook with errors like:
- "could not lock config file <bare>/.git/config: File exists"
- "Unable to create '<bare>/.git/worktrees/<x>/index.lock'"
- "<bare>/.git/hooks/pre-commit: <tmp>/src/scripts/git-precommit.sh:
No such file or directory"
All three are symptoms of the same upstream cause: GIT_DIR pinning
git to the parent worktree regardless of cwd.
Fix: strip GIT_DIR / GIT_WORK_TREE / GIT_COMMON_DIR / GIT_INDEX_FILE
/ GIT_PREFIX from the environment when invoking git via run_git.
Also set GIT_CEILING_DIRECTORIES=workspace_root as defense-in-depth
against future git env vars.
This makes run_git context-clean: git discovers from current_dir
only, no parent contamination.
## Tests
Reproduces previously-failing case: simulate hook env by exporting
GIT_DIR before cargo test:
Before: GIT_DIR=<continuum>/.git cargo test --lib code::git_bridge
→ 9 failures with "could not lock config file"
After: same command → 9 passed; 0 failed
Caught by continuum-b69f's pre-push run on 2026-05-02. Unblocks any
PR (PowerShell-only, docs-only, TS-only) from the spurious pre-push
fail. Also makes run_git production-safer: hooks invoking continuum-
core's git_bridge functions get a clean context.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…1008) Bug observed live by continuum-b69f 2026-05-02 during Carl-OOTB Windows Phase 4: continuum-core runs as root inside its Docker Desktop / WSL2 container and binds /tmp/continuum-core.sock with default permissions (rwx by owner only). The host-side jtag, running as the Windows-WSL user (uid 1000), then gets EACCES on connect — Phase 4 chat probe blocked, full stack otherwise healthy. Mac and Linux dev mode are unaffected because the server + the caller both run as the same user. Fix: after `UnixListener::bind`, explicitly `set_permissions(0o666)` on the socket path. 0o666 is appropriate for an IPC substrate socket that lives in a path the caller can already see — same blast radius as anything reading /tmp. Failing loud (propagating any chmod error via `?` rather than swallowing) is intentional per the global "evidence is for the debugger" rule. ## Tests cargo build --lib --features metal,accelerate: clean. Unit tests for the binary path are end-to-end (need a continuum-core binary running) — covered by Carl-OOTB Phase 4 chat probe in scripts/ci/carl-install-smoke.sh + b69f's manual repro on Windows. ## Closes - #1008 — IPC socket EACCES blocking cross-UID callers, surfaces as Phase 4 chat probe failure on Carl-OOTB Windows test. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
joelteply
added a commit
to RebelTechPro/continuum
that referenced
this pull request
May 13, 2026
…age refreshes past CambrianTech#1011 (CambrianTech#1037) Co-authored-by: Test <test@test.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
continuum-core runs as root inside its Docker Desktop / WSL2 container and binds
/tmp/continuum-core.sockwith default permissions (rwx by owner only). The host-sidejtag, running as the Windows-WSL user (uid 1000), then gets EACCES on connect — Phase 4 chat probe blocked, full stack otherwise healthy.Caught live by continuum-b69f 2026-05-02 during Carl-OOTB Windows test. Mac and Linux dev mode are unaffected because server + caller both run as the same user.
Fix
After
UnixListener::bind, explicitlyset_permissions(0o666)on the socket path. 0o666 is appropriate for an IPC substrate socket that lives in a path the caller can already see — same blast radius as anything reading/tmp.Failing-loud (propagating any chmod error via
?rather than swallowing) is intentional per the global "evidence is for the debugger" rule.Stacked on
This PR includes the env_remove fix from #1009 as a parent commit (it was needed locally to push through the pre-push hook). When #1009 merges first, this PR's diff against canary will reduce to just the 16-line socket-perms change. If reviewer prefers, can rebase after #1009 merges.
Test plan
cargo build --lib --features metal,acceleratecleanCloses
🤖 Generated with Claude Code