Skip to content

feat(spawn): lock crewmate commit identity to the repo's configured git identity#3

Open
karotkriss wants to merge 1 commit into
mainfrom
fm/crew-identity-lock
Open

feat(spawn): lock crewmate commit identity to the repo's configured git identity#3
karotkriss wants to merge 1 commit into
mainfrom
fm/crew-identity-lock

Conversation

@karotkriss

Copy link
Copy Markdown
Owner

Intent

Lock every crewmate's commit identity to the firstmate repo's configured git identity, so a crewmate can never commit under an email taken from its session context.
A session-context email can map to a different GitHub account and silently mis-attribute the captain's work (exactly what produced the wrongly-attributed commits this PR prevents recurring).

This keeps the fix generic: the identity is read from git config, never hardcoded, so it stays correct for any captain wherever this template is deployed.

What Changed

  • bin/fm-git-identity-lib.sh (new). fm_git_identity_prefix <repo> derives a shell-quoted GIT_AUTHOR_*/GIT_COMMITTER_* env-assignment prefix from the repo's configured user.name/user.email.
    It prints nothing when either is unset, so an unconfigured repo leaves the launch environment untouched rather than forcing a blank identity onto commits.
  • bin/fm-spawn.sh. Sources the lib and prepends that prefix to every launched agent's command, so the crewmate inherits the identity in its environment.
    A plain git commit then attributes correctly, and the env vars outrank any user.name/user.email config the agent might otherwise pick up (project, global, or session-derived).
  • bin/fm-brief.sh. The ship brief now states the contract explicitly: commit with the repository's configured identity; never -c user.email=/-c user.name=/--author= override it, and never substitute a session-context email.
  • tests/fm-git-identity.test.sh (new). Covers the prefix content, derivation from config (not the ambient environment), shell-quote correctness via an eval round-trip (space + apostrophe), the empty-on-unconfigured case, and the brief contract line.

Testing

  • shellcheck bin/*.sh tests/*.sh - clean.
  • Full behavior suite (tests/*.test.sh, 22 files) - all green, including the new fm-git-identity.test.sh (5 checks).
  • Verified end to end that fm_git_identity_prefix against this repo emits the configured identity and not any other address.

Do not merge - opening for review only.

…it identity

Crewmates commit inside project worktrees, where their commit identity must
come from the firstmate repo's configured git identity, never from whatever the
agent's session context reports - a session-context email can map to a different
GitHub account and silently mis-attribute the captain's work.

- Add bin/fm-git-identity-lib.sh: fm_git_identity_prefix <repo> derives a
  shell-quoted GIT_AUTHOR_*/GIT_COMMITTER_* env prefix from the repo's configured
  user.name/user.email (never hardcoded; empty when unset).
- fm-spawn.sh exports that prefix into every launched agent's environment, so a
  plain git commit attributes correctly and outranks any inherited config.
- fm-brief.sh's ship brief states the contract: commit as the configured
  identity; never -c/--author override user.email or use a session-context email.
- Add tests/fm-git-identity.test.sh (prefix content, config-not-context
  derivation, shell-quote round-trip, empty-on-unconfigured, brief contract).
@coderabbitai

coderabbitai Bot commented Jun 29, 2026

Copy link
Copy Markdown

Warning

Review limit reached

@karotkriss, you've reached your PR review limit, so we couldn't start this review.

Next review available in: 17 minutes

Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available.
You're only billed for reviews past your plan's rate limits ($0.25/file).

How can I continue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews.

How do review limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window.

Please refer docs for additional details.

Review details
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 56b2310c-1a0e-4378-88ed-8f350bcc6071

📥 Commits

Reviewing files that changed from the base of the PR and between 81c94db and 8b81776.

📒 Files selected for processing (4)
  • bin/fm-brief.sh
  • bin/fm-git-identity-lib.sh
  • bin/fm-spawn.sh
  • tests/fm-git-identity.test.sh
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch fm/crew-identity-lock

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant