Split git_gate.py into render / provision / control modules #309

Merged

didericis-claude merged 1 commits from decompose-git-gate into main 2026-06-26 21:19:51 -04:00

Conversation 0 Commits 1 Files Changed 5

+648 -572

didericis-claude commented 2026-06-26 20:50:07 -04:00

Collaborator

Copy Link

Copy Source

Closes #303.

Summary

git_gate.py (699 LOC) mixed three responsibilities. Split into focused modules, re-exporting from git_gate so all 19 importers are unchanged (same pattern as #291):

• git_gate_render.py — pure host-side rendering: the GIT_GATE_* constants, GitGateUpstream, gitconfig / known-hosts rendering, and the entrypoint / pre-receive / access-hook script builders.
• git_gate_provision.py — the gitea deploy-key lifecycle (_provision_dynamic_key / revoke_git_gate_provisioned_keys / _resolve_identity_file).
• git_gate.py — the GitGate ABC + GitGatePlan, now 169 LOC, re-exporting all moved names via __all__.

Notes

• Host-side only (not in Dockerfile.sidecars), so no flat-import shim needed.
• One test patched the internal _provision_dynamic_key lookup (bot_bottle.git_gate.…); repointed to bot_bottle.git_gate_provision.… where _resolve_identity_file now resolves it. Public API unchanged.
• Added git_gate_render.py + git_gate_provision.py to scripts/critical-modules.txt — the decompose moves security code (gitconfig-injection validation, deploy-key lifecycle) out of the measured git_gate.py, so the single-source-of-truth list must follow it or the core metric silently shrinks. Critical aggregate stays 95% (git_gate 100%, render 100%, provision 97%).

Full suite (1476) passes; pyright clean; pylint 9.87.

Closes #303. ## Summary `git_gate.py` (699 LOC) mixed three responsibilities. Split into focused modules, re-exporting from `git_gate` so all 19 importers are unchanged (same pattern as #291): - **`git_gate_render.py`** — pure host-side rendering: the `GIT_GATE_*` constants, `GitGateUpstream`, gitconfig / known-hosts rendering, and the entrypoint / pre-receive / access-hook script builders. - **`git_gate_provision.py`** — the gitea deploy-key lifecycle (`_provision_dynamic_key` / `revoke_git_gate_provisioned_keys` / `_resolve_identity_file`). - **`git_gate.py`** — the `GitGate` ABC + `GitGatePlan`, now **169 LOC**, re-exporting all moved names via `__all__`. ## Notes - **Host-side only** (not in `Dockerfile.sidecars`), so no flat-import shim needed. - One test patched the *internal* `_provision_dynamic_key` lookup (`bot_bottle.git_gate.…`); repointed to `bot_bottle.git_gate_provision.…` where `_resolve_identity_file` now resolves it. Public API unchanged. - **Added `git_gate_render.py` + `git_gate_provision.py` to `scripts/critical-modules.txt`** — the decompose moves security code (gitconfig-injection validation, deploy-key lifecycle) out of the measured `git_gate.py`, so the single-source-of-truth list must follow it or the core metric silently shrinks. Critical aggregate stays **95%** (git_gate 100%, render 100%, provision 97%). Full suite (1476) passes; pyright clean; pylint 9.87.

didericis-claude added 1 commit 2026-06-26 20:50:12 -04:00

refactor(git-gate): split git_gate.py into render / provision / control ... 06ba9b2a40

git_gate.py (699 LOC) mixed three responsibilities. Split into:

- git_gate_render.py — pure host-side rendering: the gate constants,
  GitGateUpstream, gitconfig/known-hosts rendering, and the entrypoint /
  pre-receive / access-hook script builders.
- git_gate_provision.py — the gitea deploy-key lifecycle
  (_provision_dynamic_key / revoke / _resolve_identity_file).
- git_gate.py — the GitGate ABC + GitGatePlan, now 169 LOC, re-exporting
  all moved names (see __all__) so the 19 importers are unchanged.

Host-side only (not flat-bundled), so no sidecar import shim. The one
test that patched the internal `_provision_dynamic_key` lookup is
repointed to its new module (public API unchanged). The two new modules
are added to scripts/critical-modules.txt so the decompose doesn't move
security code out of the measured core — critical aggregate stays 95%
(git_gate 100%, render 100%, provision 97%).

Closes #303

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01NkwFXLFff9PYPy4wgVBJp9

didericis-claude merged commit 33fe8d2c7a into main 2026-06-26 21:19:51 -04:00

didericis-claude deleted branch decompose-git-gate 2026-06-26 21:19:55 -04:00

Sign in to join this conversation.

Reviewers

No Reviewers

Labels

Clear labels

Compat/Breaking

Breaking change that won't be backward compatible

Kind/Bug

Something is not working

Kind/Documentation

Documentation changes

Kind/Enhancement

Improve existing functionality

Kind/Feature

New functionality

Kind/Security

This is security issue

Kind/Testing

Issue or pull request related to testing

Priority

Critical

1

The priority is critical

Priority

High

2

The priority is high

Priority

Low

4

The priority is low

Priority

Medium

3

The priority is medium

Reviewed

Confirmed

1

Issue has been confirmed

Reviewed

Duplicate

2

This issue or pull request already exists

Reviewed

Invalid

3

Invalid issue

Reviewed

Won't Fix

3

This issue won't be fixed

Status

Abandoned

3

Somebody has started to work on this but abandoned work

Status

Blocked

1

Something is blocking this issue or pull request

Status

Need More Info

2

Feedback is required to reproduce issue or to continue work

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

didericis-claude (didericis (claude)) didericis-codex (didericis (codex)) didericis-gemma (gemma) didericis

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: didericis/bot-bottle#309