fix(manifest): allow token + git on the same host (PRD 0010)
git-gate holds an SSH IdentityFile for push/fetch; cred-proxy holds a PAT for HTTPS REST API calls. The two brokers are orthogonal — the common dev setup names both on the same host (e.g. gitea.dideric.is SSH for push, gitea.dideric.is PAT for `tea pr create`). The original PRD 0010 wording called this a "configuration smell" and rejected it at parse time. That was wrong; this drops the overlap rejection from the validator and updates the PRD prose to match. Tests flip from "rejection" to "coexistence" assertions.
This commit is contained in:
@@ -315,12 +315,12 @@ Validation:
|
||||
documented upstream.
|
||||
- At most one entry per `Kind` except `gitea`, which may have
|
||||
multiple distinct `Url`s.
|
||||
- No silent overlap with `bottle.git` upstreams that already
|
||||
flow through git-gate; if a `tokens[].Kind: github|gitea`
|
||||
entry's `Url` collides with a `git[].Upstream`'s host, parse
|
||||
fails with a "git-gate already brokers this remote, drop one"
|
||||
hint. (Both paths broker credentials; doubling up is a
|
||||
configuration smell, not a feature.)
|
||||
- A `github` or `gitea` token MAY name the same host as a
|
||||
`bottle.git` entry. The two paths broker different protocols —
|
||||
git-gate holds an SSH `IdentityFile` for push/fetch and runs
|
||||
gitleaks; cred-proxy holds a PAT for HTTPS REST API calls (`tea`,
|
||||
`gh`, octokit). The common dev setup uses both on the same host
|
||||
and is not a configuration error.
|
||||
|
||||
### Routing table
|
||||
|
||||
|
||||
Reference in New Issue
Block a user