Skip to content

fix: pre-commit stages only originally-staged files; add .npmrc#538

Merged
ochafik merged 1 commit intomainfrom
worktree-agent-a0fee22e
Mar 6, 2026
Merged

fix: pre-commit stages only originally-staged files; add .npmrc#538
ochafik merged 1 commit intomainfrom
worktree-agent-a0fee22e

Conversation

@ochafik
Copy link
Contributor

@ochafik ochafik commented Mar 6, 2026

Bug 1: Pre-commit hook stages unrelated WIP

.husky/pre-commit line 21 ran:

git diff --name-only --diff-filter=M | xargs -r git add

This stages every modified tracked file in the worktree, not just files that prettier:fix or build:all touched. If a contributor has unstaged WIP in other files, it gets silently swept into the commit.

Fix: Capture git diff --name-only --cached before running build/prettier, then only re-add that set. src/generated/ is staged explicitly since build:all regenerates it from spec.types.ts.

Manual test

=== BEFORE hook logic ===
--- staged ---
README.md
--- unstaged (WIP) ---
src/app.ts

=== After simulated prettier touches both files ===
staged:   README.md
unstaged: README.md, src/app.ts

=== AFTER new hook logic ===
--- staged ---
README.md              <- re-staged with prettier changes
--- unstaged ---
src/app.ts             <- WIP preserved

VERDICT: PASS

The OLD line 21 would have staged src/app.ts too (confirmed: it appears in git diff --name-only --diff-filter=M output).

Bug 2: No committed .npmrc

The maintainer's global npm config points to an internal registry, so a naive npm install writes non-public URLs into package-lock.json. The pre-commit hook detects this (line 11) but doesn't prevent it — hence the Docker regen dance in CLAUDE.md.

Fix: Commit a repo-root .npmrc with registry=https://registry.npmjs.org/. This overrides user-global config, so a plain npm i is now safe regardless of global settings.

The Docker regen remains useful for locking linux-amd64 optionalDependencies (sharp, rollup, bun) for CI, but is no longer required for registry purity. AGENTS.md updated to note this (CLAUDE.md is a symlink to AGENTS.md).

Files changed

  • .husky/pre-commit — capture staged set before build, re-stage only that + src/generated/
  • .npmrc — new, pins registry to npmjs.org
  • AGENTS.md — note that .npmrc makes Docker regen optional

@ochafik
fix: pre-commit stages only originally-staged files; add .npmrc
ed1fb3e 
Bug 1: .husky/pre-commit line 21 ran:
  git diff --name-only --diff-filter=M | xargs -r git add
which stages EVERY modified tracked file in the worktree. If a
contributor has unstaged WIP elsewhere, it gets silently swept
into the commit.

Fix: capture `git diff --name-only --cached` before running
build/prettier, then only re-add that set. src/generated/ is
staged explicitly since build:all regenerates it from
spec.types.ts.

Bug 2: no repo-local .npmrc meant the maintainer's global
artifactory registry leaked into package-lock.json, requiring
the Docker regen dance. Committing .npmrc with
registry=https://registry.npmjs.org/ overrides user-global
config. Docker regen is now optional (still useful for
linux-amd64 optionalDeps).
@pkg-pr-new
Copy link

pkg-pr-new bot commented Mar 6, 2026

Open in StackBlitz

@modelcontextprotocol/ext-apps

npm i https://pkg.pr.new/@modelcontextprotocol/ext-apps@538

@modelcontextprotocol/server-basic-preact

npm i https://pkg.pr.new/@modelcontextprotocol/server-basic-preact@538

@modelcontextprotocol/server-basic-react

npm i https://pkg.pr.new/@modelcontextprotocol/server-basic-react@538

@modelcontextprotocol/server-basic-solid

npm i https://pkg.pr.new/@modelcontextprotocol/server-basic-solid@538

@modelcontextprotocol/server-basic-svelte

npm i https://pkg.pr.new/@modelcontextprotocol/server-basic-svelte@538

@modelcontextprotocol/server-basic-vanillajs

npm i https://pkg.pr.new/@modelcontextprotocol/server-basic-vanillajs@538

@modelcontextprotocol/server-basic-vue

npm i https://pkg.pr.new/@modelcontextprotocol/server-basic-vue@538

@modelcontextprotocol/server-budget-allocator

npm i https://pkg.pr.new/@modelcontextprotocol/server-budget-allocator@538

@modelcontextprotocol/server-cohort-heatmap

npm i https://pkg.pr.new/@modelcontextprotocol/server-cohort-heatmap@538

@modelcontextprotocol/server-customer-segmentation

npm i https://pkg.pr.new/@modelcontextprotocol/server-customer-segmentation@538

@modelcontextprotocol/server-debug

npm i https://pkg.pr.new/@modelcontextprotocol/server-debug@538

@modelcontextprotocol/server-map

npm i https://pkg.pr.new/@modelcontextprotocol/server-map@538

@modelcontextprotocol/server-pdf

npm i https://pkg.pr.new/@modelcontextprotocol/server-pdf@538

@modelcontextprotocol/server-scenario-modeler

npm i https://pkg.pr.new/@modelcontextprotocol/server-scenario-modeler@538

@modelcontextprotocol/server-shadertoy

npm i https://pkg.pr.new/@modelcontextprotocol/server-shadertoy@538

@modelcontextprotocol/server-sheet-music

npm i https://pkg.pr.new/@modelcontextprotocol/server-sheet-music@538

@modelcontextprotocol/server-system-monitor

npm i https://pkg.pr.new/@modelcontextprotocol/server-system-monitor@538

@modelcontextprotocol/server-threejs

npm i https://pkg.pr.new/@modelcontextprotocol/server-threejs@538

@modelcontextprotocol/server-transcript

npm i https://pkg.pr.new/@modelcontextprotocol/server-transcript@538

@modelcontextprotocol/server-video-resource

npm i https://pkg.pr.new/@modelcontextprotocol/server-video-resource@538

@modelcontextprotocol/server-wiki-explorer

npm i https://pkg.pr.new/@modelcontextprotocol/server-wiki-explorer@538

commit: e11e067

@ochafik ochafik marked this pull request as ready for review March 6, 2026 16:29
@ochafik ochafik requested a review from jonathanhefner March 6, 2026 16:29
jonathanhefner
jonathanhefner approved these changes Mar 6, 2026
View reviewed changes
Copy link
Member

@jonathanhefner jonathanhefner left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

.husky/pre-commit doesn't account for partially staged files (i.e., staged chunks), but that's no worse than before.

(Personally, I find .husky/pre-commit to be too invasive, so I disable it on my machine.)

@ochafik ochafik merged commit 7eb72c7 into main Mar 6, 2026
20 checks passed
@ochafik ochafik deleted the worktree-agent-a0fee22e branch March 6, 2026 17:22
ochafik added a commit that referenced this pull request Mar 10, 2026
@ochafik
chore: bump ext-apps to 1.2.1
e13732a 
Changes since 1.2.0:
- fix: bundle SDK+zod in react-with-deps (was byte-identical to ./react) (#539)
- fix(build): copy schema.json to dist and externalize zod (#534)
- fix: skip debug log for high-frequency tool-input-partial notifications (#546)
- fix(deps): drop @hono/node-server override to patch GHSA-wc8c-qw6v-h7f6 (#535)
- fix(readme): use picture element for theme-aware logo (#545)
- fix(ci): require maintainer association for /update-snapshots trigger (#532)
- fix: pre-commit stages only originally-staged files; add .npmrc (#538)
- ci: use npm ci with caching, validate typedoc links, align Node versions (#533)
- test: exclude screenshot-gen from default E2E run; wire pdf-server tests (#537)
@ochafik ochafik mentioned this pull request Mar 10, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jonathanhefner jonathanhefner jonathanhefner approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ochafik @jonathanhefner