fix(#1625): exclude agent working directories from git tracking#1627
fix(#1625): exclude agent working directories from git tracking#1627fullsend-ai-coder[bot] wants to merge 1 commit into
Conversation
The code agent was committing its own working artifacts (e.g. .agentready/) into target repositories, causing review churn and requiring multiple fix iterations to clean up. Two-layer defense: 1. Harness-level (internal/cli/run.go): Add known agent working directory patterns (.agentready/, .fullsend-workspace/) to .git/info/exclude before the agent starts execution. This makes git completely ignore these directories — git status and git add will not see them. 2. Post-script (scripts/post-code.sh): Defense-in-depth check that detects and warns if agent artifacts somehow appear in the commit's changed files, as a safety net if the exclude mechanism is bypassed. The agentWorkingDirExcludes variable is a centralized list that can be extended as new agent working directories are identified. Closes #1625
Site previewPreview: https://a47f2493-site.fullsend-ai.workers.dev Commit: |
ReviewFindingsHigh
Low
|
![fullsend-ai-review[bot]](https://avatars.githubusercontent.com/in/3478501?s=60&v=4){kind=small}
| echo "Changed files:" | ||
| echo "${CHANGED_FILES}" | sed 's/^/ /' | ||
|
|
||
| # --------------------------------------------------------------------------- |
There was a problem hiding this comment.
[high] correctness
Section 2b ("Strip agent working directories") detects agent artifacts and logs warnings, but never actually removes them from the commit. STRIPPED_FILES is set but never consumed — no git rm, git reset HEAD, or filtering of CHANGED_FILES follows. The defense-in-depth layer is inert.
Suggested fix: After the detection loop, use git rm --cached on each file in STRIPPED_FILES and amend the commit, or filter CHANGED_FILES to exclude them before the push step.
| } | ||
| if len(lines) == 0 { | ||
| return nil | ||
| } |
There was a problem hiding this comment.
[low] security
excludeAgentWorkingDirs constructs a shell command via fmt.Sprintf with payload and repoDir interpolated into a single-quoted string. Safe with current hardcoded values and consistent with existing patterns, but fragile if a future agentWorkingDirExcludes entry contains a single quote.
Suggested fix: Consider writing patterns to a temp file and appending via cat, or escaping the payload.
| assert.NoError(t, validateLinuxBinary(binPath), "downloaded binary should be a valid Linux/amd64 ELF") | ||
| } | ||
|
|
||
| func TestAgentWorkingDirExcludes_ContainsKnownPatterns(t *testing.T) { |
There was a problem hiding this comment.
[low] correctness
Go tests verify the agentWorkingDirExcludes slice contents but do not test the excludeAgentWorkingDirs function itself. Shell command generation, error handling, and sandbox interaction are untested.
Suggested fix: Add a unit test that exercises excludeAgentWorkingDirs with a mock sandbox, verifying the generated command and error paths.
The code agent was committing its own working artifacts (e.g. .agentready/) into target repositories, causing review churn and requiring multiple fix iterations to clean up.
Two-layer defense:
Harness-level (internal/cli/run.go): Add known agent working
directory patterns (.agentready/, .fullsend-workspace/) to
.git/info/exclude before the agent starts execution. This
makes git completely ignore these directories — git status
and git add will not see them.
Post-script (scripts/post-code.sh): Defense-in-depth check
that detects and warns if agent artifacts somehow appear in
the commit's changed files, as a safety net if the exclude
mechanism is bypassed.
The agentWorkingDirExcludes variable is a centralized list that can be extended as new agent working directories are identified.
Closes #1625
Post-script verification
agent/1625-exclude-agent-work-dirs)8480e16153a3f16c66b5484bfd4c76349a89933d..HEAD)