Severity: Critical (correctness under failure)
Source: PR #16 review (C7)
rune/review/applier.py:62 does path.write_text(...) per file in sequence. If the process dies after file #1 is written but before file #2, the repo is in a half-applied state with no rollback marker.
Fix
- Phase 1: write all target temp files (
path.with_suffix(path.suffix + ".rune-tmp")), fsync each.
- Phase 2:
os.replace(tmp, path) for all files in order.
- On failure during Phase 1 → clean up tmp files, no changes visible.
- On failure during Phase 2 → record the rename position so
--restore can complete the rollback automatically.
Spec at ~/ToolSet/rune/spec-2026-06-11.md claims "no half-applied state" — current implementation does not satisfy this under hard-crash scenarios.
Severity: Critical (correctness under failure)
Source: PR #16 review (C7)
rune/review/applier.py:62doespath.write_text(...)per file in sequence. If the process dies after file #1 is written but before file #2, the repo is in a half-applied state with no rollback marker.Fix
path.with_suffix(path.suffix + ".rune-tmp")), fsync each.os.replace(tmp, path)for all files in order.--restorecan complete the rollback automatically.Spec at
~/ToolSet/rune/spec-2026-06-11.mdclaims "no half-applied state" — current implementation does not satisfy this under hard-crash scenarios.