fix(orchestrator): add worktree ownership manifest gate to sweep Refs #1731#877
Merged
Merged
Conversation
… #1731 Add WorktreeManifest sentinel written at worktree creation time. sweep_one and adf-cleanup.sh now require a valid manifest before deleting any directory, regardless of naming convention. - scope.rs: Add WorktreeManifest struct with read/write/validate. write_test_manifest helper for tests. sweep_one skips entries without valid manifest (counted as no_manifest_skipped). - adf-cleanup.sh: valid_manifest() gate before /bin/rm -rf. - test_adf_cleanup.sh: write manifests for test worktrees. - Updated all sweep unit tests to use write_test_manifest. - SweepReport gains no_manifest_skipped field.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds
WorktreeManifestsentinel written at worktree creation time. Bothsweep_stale(Rust) andadf-cleanup.sh(shell) now require a valid.adf-worktree-manifest.jsonbefore deleting any directory, regardless of naming convention.Problem
Layer 2 and Layer 3 ADF cleanup delete every direct child of
/tmp/adf-worktreeswithout a marker or ownership check. The rootExecStartPrescript can remove unrelated data.Changes
WorktreeManifeststruct withread/write/validate. Written bycreate_worktree.sweep_onerequires valid manifest before deletion.valid_manifest()POSIX function checks repo and path fields beforerm -rf.no_manifest_skippedfield for observability.Verification
cargo test -p terraphim_orchestrator --lib -- test_sweep: 7 passedbash scripts/adf-setup/tests/test_adf_cleanup.sh: PASScargo fmt,cargo clippy: cleanRefs terraphim/terraphim-ai#1731 (Gitea)