🤖 fix: harden remote base repo normalization#3496
Open
ethanndickson wants to merge 1 commit into
Open
Conversation
Keep SSH remote .mux-base.git repositories from leaking shared checkout config into linked worktrees. The runtime now strips core.bare/core.worktree, keeps the base HEAD on an internal sentinel ref, and creates new worktrees via detached checkout before attaching the workspace branch so the base repo never masquerades as trunk. --- _Generated with `mux` • Model: `openai:gpt-5.5` • Thinking: `xhigh` • Cost: `$27.40`_ <!-- mux-attribution: model=openai:gpt-5.5 thinking=xhigh costs=27.40 -->
Member
Author
|
@codex review |
|
Codex Review: Didn't find any major issues. Chef's kiss. ℹ️ About Codex in GitHubYour team has set up Codex to review pull requests in this repo. Reviews are triggered when you
If Codex has suggestions, it will comment; otherwise it will react with 👍. Codex can also answer questions or update the PR. Try commenting "@codex address that feedback". |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Harden SSH/Coder remote project base repositories so Mux treats .mux-base.git as an internal bare common git directory rather than a user checkout. The runtime now strips shared checkout config, keeps the base HEAD on an internal sentinel ref, and creates worktrees without relying on the base repo HEAD being trunk.
Background
A poisoned shared base repo config can make every newly-created linked worktree inherit core.worktree or core.bare from .mux-base.git, causing workspace repo verification to fail. Separately, leaving the bare base repo HEAD on trunk can make tools such as Graphite believe trunk is checked out at .mux-base.git.
Implementation
The SSH runtime now normalizes base repos by unsetting core.bare and core.worktree via --git-dir plumbing, then points HEAD at refs/mux-internal/base-head. The warm fast-path performs the same best-effort cleanup before reusing a snapshot. Worktree creation now uses a detached worktree add followed by checkout -B/-b inside the new worktree so the base repo HEAD can remain on the internal sentinel.
Validation
The focused SSH integration regression covers the incident shape: core.bare cleanup, core.worktree cleanup, sentinel HEAD, and warm fast-path repair of a poisoned base repo. Local static-check also passed before pushing.
Risks
Risk is concentrated in SSH/Coder remote workspace creation and fork paths. The detached-add flow intentionally preserves the existing branch semantics but changes the order from one worktree-add command to worktree-add plus checkout, so rollback would be to restore direct worktree add and only keep config cleanup.
Generated with
mux• Model:openai:gpt-5.5• Thinking:xhigh• Cost:$27.40