Skip to content

Harden filesystem safety and command contracts#1

Merged
snapsynapse merged 1 commit into
mainfrom
codex/review-mitigations
Jul 10, 2026
Merged

Harden filesystem safety and command contracts#1
snapsynapse merged 1 commit into
mainfrom
codex/review-mitigations

Conversation

@snapsynapse

Copy link
Copy Markdown
Owner

What changed

  • reject source/link path aliases before destructive synchronization
  • resolve parent-directory symlinks at the mutation boundary while preserving explicit hardlink force behavior
  • make backup naming collision-safe without overwriting existing backups
  • ensure installed Git hooks are executable
  • make scan return a failing exit status when any link operation fails
  • make empty detect generation a clearly messaged successful no-op
  • document backup behavior on filesystems without hard-link support
  • add focused unit and integration evals for each mitigation

Why

The review identified paths where force synchronization could replace the source, backup collisions could overwrite prior data, existing hooks could remain inert, and automation could receive misleading success or invalid generated configuration.

Impact

Filesystem mutations now fail safely around source aliases and unsupported backup filesystems. Bulk scan failures are visible to automation. Detection remains friendly when no additional links are required. Existing intentional hardlinks can still be replaced with explicit --force.

Validation

  • go test -race ./...
  • go vet ./...
  • go test -tags=integration -race .
  • staticcheck ./...
  • misspell -error .
  • git diff --check

@snapsynapse snapsynapse marked this pull request as ready for review July 10, 2026 22:55
@snapsynapse snapsynapse merged commit f46f5d2 into main Jul 10, 2026
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant