Fix duplicated createCommit and SSH agent connection leak

cursoragent · cursoragent · commit f25329b356a2 · 2026-04-15T13:50:21.000Z
- Replace strategy.createCommit body with delegation to checkpoint.CreateCommit,
  eliminating duplicated commit-creation logic and independent signing call
- Cache SSH agent connection with sync.Once in connectSSHAgent to prevent
  leaking a new socket connection on each invocation
diff --git a/cmd/entire/cli/strategy/common.go b/cmd/entire/cli/strategy/common.go
@@ -1439,40 +1439,9 @@ func ExtractSessionIDFromCommit(commit *object.Commit) string {
 //
 // See push_common.go and session_test.go for usage examples.
 
-// createCommit creates a commit object
+// createCommit creates a commit object by delegating to checkpoint.CreateCommit.
 func createCommit(ctx context.Context, repo *git.Repository, treeHash, parentHash plumbing.Hash, message, authorName, authorEmail string) (plumbing.Hash, error) { //nolint:unparam // already present in codebase
-	now := time.Now()
-	sig := object.Signature{
-		Name:  authorName,
-		Email: authorEmail,
-		When:  now,
-	}
-
-	commit := &object.Commit{
-		TreeHash:  treeHash,
-		Author:    sig,
-		Committer: sig,
-		Message:   message,
-	}
-
-	// Add parent if not a new branch
-	if parentHash != plumbing.ZeroHash {
-		commit.ParentHashes = []plumbing.Hash{parentHash}
-	}
-
-	checkpoint.SignCommitBestEffort(ctx, commit)
-
-	obj := repo.Storer.NewEncodedObject()
-	if err := commit.Encode(obj); err != nil {
-		return plumbing.ZeroHash, fmt.Errorf("failed to encode commit: %w", err)
-	}
-
-	hash, err := repo.Storer.SetEncodedObject(obj)
-	if err != nil {
-		return plumbing.ZeroHash, fmt.Errorf("failed to store commit: %w", err)
-	}
-
-	return hash, nil
+	return checkpoint.CreateCommit(ctx, repo, treeHash, parentHash, message, authorName, authorEmail)
 }
 
 // getSessionDescriptionFromTree reads the first line of prompt.txt from a git tree.
diff --git a/cmd/entire/main.go b/cmd/entire/main.go
@@ -9,6 +9,7 @@ import (
 	"os/signal"
 	"runtime"
 	"strings"
+	"sync"
 	"syscall"
 
 	"github.com/entireio/cli/cmd/entire/cli"
@@ -92,20 +93,30 @@ func registerObjectSigner() {
 	})
 }
 
+var (
+	sshAgentOnce   sync.Once
+	sshAgentClient agent.Agent
+)
+
 // connectSSHAgent connects to the SSH agent via SSH_AUTH_SOCK.
+// The connection is established at most once per process and reused.
 // Returns nil if the agent is unavailable.
 func connectSSHAgent() agent.Agent {
-	sock := os.Getenv("SSH_AUTH_SOCK")
-	if sock == "" {
-		return nil
-	}
+	sshAgentOnce.Do(func() {
+		sock := os.Getenv("SSH_AUTH_SOCK")
+		if sock == "" {
+			return
+		}
 
-	conn, err := net.Dial("unix", sock)
-	if err != nil {
-		return nil
-	}
+		conn, err := net.Dial("unix", sock)
+		if err != nil {
+			return
+		}
+
+		sshAgentClient = agent.NewClient(conn)
+	})
 
-	return agent.NewClient(conn)
+	return sshAgentClient
 }
 
 var scopeName = map[config.Scope]string{
