PRD 0028: git-gate new-branch push scan scope #107

Merged

didericis-codex merged 3 commits from prd-0028-git-gate-new-branch-scan into main

2026-05-29 02:29:30 -04:00

Author	SHA1	Message	Date
didericis-codex	50baf63669	docs(prd): mark PRD 0028 active test / unit (pull_request) Successful in 35s Details test / integration (pull_request) Successful in 45s Details test / unit (push) Successful in 29s Details test / integration (push) Successful in 44s Details	2026-05-29 02:27:42 -04:00
didericis-claude	6c673bece6	fix(git-gate): scope new-branch scan to incoming commits test / unit (pull_request) Successful in 28s Details test / integration (pull_request) Successful in 40s Details A new ref made the pre-receive hook scan the full ancestry (`log_opts="$new"`), so historical test-fixture findings rejected every new-branch push (#106). Scope it to `$new --not --all` — only commits new to the gate, which (since the bare repo is populated solely by upstream mirror-fetch and gitleaks-gated pushes) loses no coverage on what a push actually brings to the upstream. Also add BatchMode=yes + ConnectTimeout=10 to both the forward and access-hook ssh so an unreachable upstream fails fast instead of hanging. Refs #106 Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-05-29 01:59:20 -04:00
didericis-claude	9dc0dfd5ee	docs(prd): PRD 0028 — git-gate new-branch push scan scope test / unit (pull_request) Successful in 29s Details test / integration (pull_request) Successful in 42s Details git-gate's pre-receive scans the full ancestry of a new branch, so the repo's historical test-fixture findings block every new-branch push (issue #106). Scope the new-ref scan to incoming commits (`$new --not --all`) with no loss of coverage, and harden the forward ssh against hangs. Refs #106 Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-05-29 01:52:07 -04:00

Author

SHA1

Message

Date

didericis-codex

50baf63669

docs(prd): mark PRD 0028 active

test / unit (pull_request) Successful in 35s

Details

test / integration (pull_request) Successful in 45s

Details

test / unit (push) Successful in 29s

Details

test / integration (push) Successful in 44s

Details

2026-05-29 02:27:42 -04:00

didericis-claude

6c673bece6

fix(git-gate): scope new-branch scan to incoming commits

test / unit (pull_request) Successful in 28s

Details

test / integration (pull_request) Successful in 40s

Details

A new ref made the pre-receive hook scan the full ancestry
(`log_opts="$new"`), so historical test-fixture findings rejected every
new-branch push (#106). Scope it to `$new --not --all` — only commits
new to the gate, which (since the bare repo is populated solely by
upstream mirror-fetch and gitleaks-gated pushes) loses no coverage on
what a push actually brings to the upstream. Also add BatchMode=yes +
ConnectTimeout=10 to both the forward and access-hook ssh so an
unreachable upstream fails fast instead of hanging.

Refs #106

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

2026-05-29 01:59:20 -04:00

didericis-claude

9dc0dfd5ee

docs(prd): PRD 0028 — git-gate new-branch push scan scope

test / unit (pull_request) Successful in 29s

Details

test / integration (pull_request) Successful in 42s

Details

git-gate's pre-receive scans the full ancestry of a new branch, so the
repo's historical test-fixture findings block every new-branch push
(issue #106). Scope the new-ref scan to incoming commits
(`$new --not --all`) with no loss of coverage, and harden the forward
ssh against hangs.

Refs #106

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

2026-05-29 01:52:07 -04:00

PRD 0028: git-gate new-branch push scan scope #107

3 Commits