feat(spawn): lock crewmate commit identity to the repo's configured git identity#3
feat(spawn): lock crewmate commit identity to the repo's configured git identity#3karotkriss wants to merge 1 commit into
Conversation
…it identity Crewmates commit inside project worktrees, where their commit identity must come from the firstmate repo's configured git identity, never from whatever the agent's session context reports - a session-context email can map to a different GitHub account and silently mis-attribute the captain's work. - Add bin/fm-git-identity-lib.sh: fm_git_identity_prefix <repo> derives a shell-quoted GIT_AUTHOR_*/GIT_COMMITTER_* env prefix from the repo's configured user.name/user.email (never hardcoded; empty when unset). - fm-spawn.sh exports that prefix into every launched agent's environment, so a plain git commit attributes correctly and outranks any inherited config. - fm-brief.sh's ship brief states the contract: commit as the configured identity; never -c/--author override user.email or use a session-context email. - Add tests/fm-git-identity.test.sh (prefix content, config-not-context derivation, shell-quote round-trip, empty-on-unconfigured, brief contract).
|
Warning Review limit reached
Next review available in: 17 minutes Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available. How can I continue?After more reviews become available, a review can be triggered using the To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews. How do review limits work?CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability. For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window. Please refer docs for additional details. Review details⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (4)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Intent
Lock every crewmate's commit identity to the firstmate repo's configured git identity, so a crewmate can never commit under an email taken from its session context.
A session-context email can map to a different GitHub account and silently mis-attribute the captain's work (exactly what produced the wrongly-attributed commits this PR prevents recurring).
This keeps the fix generic: the identity is read from
git config, never hardcoded, so it stays correct for any captain wherever this template is deployed.What Changed
bin/fm-git-identity-lib.sh(new).fm_git_identity_prefix <repo>derives a shell-quotedGIT_AUTHOR_*/GIT_COMMITTER_*env-assignment prefix from the repo's configureduser.name/user.email.It prints nothing when either is unset, so an unconfigured repo leaves the launch environment untouched rather than forcing a blank identity onto commits.
bin/fm-spawn.sh. Sources the lib and prepends that prefix to every launched agent's command, so the crewmate inherits the identity in its environment.A plain
git committhen attributes correctly, and the env vars outrank anyuser.name/user.emailconfig the agent might otherwise pick up (project, global, or session-derived).bin/fm-brief.sh. The ship brief now states the contract explicitly: commit with the repository's configured identity; never-c user.email=/-c user.name=/--author=override it, and never substitute a session-context email.tests/fm-git-identity.test.sh(new). Covers the prefix content, derivation from config (not the ambient environment), shell-quote correctness via anevalround-trip (space + apostrophe), the empty-on-unconfigured case, and the brief contract line.Testing
shellcheck bin/*.sh tests/*.sh- clean.tests/*.test.sh, 22 files) - all green, including the newfm-git-identity.test.sh(5 checks).fm_git_identity_prefixagainst this repo emits the configured identity and not any other address.Do not merge - opening for review only.