audit-log trailer + pre-commit stash/restore: silent staged-file swap on conventional-commits retry #1

New issue

Open

opened 2026-05-23 20:53:56 +00:00 by coilysiren · 0 comments

coilysiren commented 2026-05-23 20:53:56 +00:00

Owner

Copy link

Originally filed by @coilysiren on 2026-05-23T06:18:38Z - https://github.com/coilysiren/coily/issues/333

Problem

In an agentic-os-kai session today, pre-commit's stash/restore-unstaged dance interacted badly with the coily audit-log trailer hook and silently swapped which file ended up committed.

Sequence:

1. Working tree had two changes: a staged file (.agents/skills/coding-otel-a2a-relay/SKILL.md, new) and an unstaged file (config/mcporter.json, modified).
2. coily git commit -F msg.txt ran. pre-commit stashed the unstaged config/mcporter.json, ran all hooks against the staged skill, all passed.
3. conventional-commits hook rejected the commit message subject ("skill:" not in the allowed type list).
4. pre-commit restored the stashed config/mcporter.json to the working tree.
5. Retry with a fixed message ("docs(skills):"). All hooks passed. Commit landed.
6. Final commit contained config/mcporter.json only. The skill was back to untracked.

End state: 9b7ccb1 closed #757 with the wrong file. The skill stayed uncommitted on disk. Required #759 as a re-do.

Hypothesis

The coily audit-log trailer hook runs in the second pass and may re-stage the working tree (to append its trailer to the commit). When it re-stages, it picks up whatever is in the working tree, not what was originally staged. After the restore, the working tree had the mcporter.json change unstaged plus the skill staged. Something in the second pass dropped the skill from staging and added mcporter.json instead.

Fix candidates

• The audit-log trailer should be a commit-msg hook (operates only on the message), not a pre-commit hook that touches the index.
• Or: the audit-log trailer must capture-and-restore the staged set explicitly, not re-derive from the working tree.
• Or: detect this exact failure mode (staged-set diverges from pre-stash staged-set) and abort with a loud error.

Reproducer sketch

cd ~/projects/coilysiren/agentic-os-kai
# Create one staged change and one unstaged change
echo "test1" > /tmp/staged.md && git add /tmp/staged.md  # roughly
echo "test2" >> existing-file.md  # unstaged

# Commit with a deliberately-bad subject line so conventional-commits rejects
coily git commit -m "skill: bad subject"

# Then retry with a valid subject
coily git commit -m "docs: valid subject"

# Inspect: which file landed?
git show --stat HEAD

Why this matters

Silent file-swap during commit is the worst class of pre-commit bug. The user sees "Passed" and "[main hash] ...", trusts it, pushes. Two pushes later they notice the wrong content is on the wire. In this session: skill missed Windows-side Claude entirely, requiring a follow-up issue and a second commit.

Out of scope

• The misleading commit message on 9b7ccb1 is already on the wire and not worth rewriting.
• The actual skill landed via #759 in ea679d9.

_Originally filed by @coilysiren on 2026-05-23T06:18:38Z - [https://github.com/coilysiren/coily/issues/333](https://github.com/coilysiren/coily/issues/333)_ **Problem** In an agentic-os-kai session today, pre-commit's stash/restore-unstaged dance interacted badly with the `coily audit-log trailer` hook and silently swapped which file ended up committed. Sequence: 1. Working tree had two changes: a staged file (`.agents/skills/coding-otel-a2a-relay/SKILL.md`, new) and an unstaged file (`config/mcporter.json`, modified). 2. `coily git commit -F msg.txt` ran. pre-commit stashed the unstaged `config/mcporter.json`, ran all hooks against the staged skill, all passed. 3. `conventional-commits` hook rejected the commit message subject ("skill:" not in the allowed type list). 4. pre-commit restored the stashed `config/mcporter.json` to the working tree. 5. Retry with a fixed message ("docs(skills):"). All hooks passed. Commit landed. 6. Final commit contained `config/mcporter.json` only. The skill was back to untracked. End state: 9b7ccb1 closed #757 with the wrong file. The skill stayed uncommitted on disk. Required #759 as a re-do. **Hypothesis** The `coily audit-log trailer` hook runs in the second pass and may re-stage the working tree (to append its trailer to the commit). When it re-stages, it picks up whatever is in the working tree, not what was originally staged. After the restore, the working tree had the mcporter.json change unstaged plus the skill staged. Something in the second pass dropped the skill from staging and added mcporter.json instead. **Fix candidates** - The audit-log trailer should be a `commit-msg` hook (operates only on the message), not a `pre-commit` hook that touches the index. - Or: the audit-log trailer must capture-and-restore the staged set explicitly, not re-derive from the working tree. - Or: detect this exact failure mode (staged-set diverges from pre-stash staged-set) and abort with a loud error. **Reproducer sketch** ```sh cd ~/projects/coilysiren/agentic-os-kai # Create one staged change and one unstaged change echo "test1" > /tmp/staged.md && git add /tmp/staged.md # roughly echo "test2" >> existing-file.md # unstaged # Commit with a deliberately-bad subject line so conventional-commits rejects coily git commit -m "skill: bad subject" # Then retry with a valid subject coily git commit -m "docs: valid subject" # Inspect: which file landed? git show --stat HEAD ``` **Why this matters** Silent file-swap during commit is the worst class of pre-commit bug. The user sees "Passed" and "[main hash] ...", trusts it, pushes. Two pushes later they notice the wrong content is on the wire. In this session: skill missed Windows-side Claude entirely, requiring a follow-up issue and a second commit. **Out of scope** - The misleading commit message on 9b7ccb1 is already on the wire and not worth rewriting. - The actual skill landed via #759 in ea679d9.

coilysiren referenced this issue 2026-05-23 20:54:05 +00:00

Force package managers through local proxies with default-deny egress #64

coilysiren added the

P0

label 2026-05-31 01:52:55 +00:00

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

dispatch/issue-306

args-file-mcporter

claude/coily-docker-image-FF2Rw

claude/busy-almeida-0168e4

v2.50.0

v2.49.1

v2.49.0

v2.48.0

v2.47.0

v2.46.0

v2.45.0

v2.44.1

v2.44.0

v2.43.2

v2.43.1

v2.43.0

v2.42.0

v2.41.0

v2.40.2

v2.40.1

v2.40.0

v2.39.0

v2.37.2

v2.38.0

v2.23.0

v2.37.1

v2.37.0

v2.36.0

v2.35.0

v2.34.0

v2.33.0

v2.32.0

v2.31.0

v2.30.0

v2.29.2

v2.29.1

v2.29.0

v2.28.0

v2.27.0

v2.26.0

v2.25.0

v2.24.0

v2.22.0

v2.21.0

v2.20.0

v2.19.0

v2.18.1

v2.18.0

v2.17.0

v2.16.0

v2.15.2

v2.15.1

v2.15.0

v2.14.0

v2.13.1

v2.13.0

v2.12.0

v2.11.2

v2.11.1

v2.11.0

v2.10.0

v2.9.0

v2.8.0

v2.7.1

v2.7.0

v2.6.0

v2.5.3

v2.5.2

v2.5.1

v2.5.0

v2.4.1

v2.4.0

v2.3.1

v2.3.0

v2.2.0

v2.1.0

v2.0.1

v2.0.0

v1.16.0

v1.15.2

v1.15.1

v1.15.0

v1.14.0

v1.13.0

v1.12.0

v1.11.0

v1.10.0

v1.9.6

v1.9.5

v1.9.4

v1.9.3

v1.9.2

v1.9.1

v1.9.0

v1.8.8

v1.8.7

v1.8.6

v1.8.5

v1.8.4

v1.8.3

v1.8.2

v1.8.1

v1.8.0

v1.7.8

v1.7.7

v1.7.6

v1.7.5

v1.7.4

v1.7.3

v1.7.2

v1.7.1

v1.7.0

v1.6.0

v1.5.123

v1.5.122

v1.5.121

v1.5.120

v1.5.119

v1.5.118

v1.5.117

v1.5.116

v1.5.115

v1.5.114

v1.5.113

v1.5.112

v1.5.111

v1.5.110

v1.5.109

v1.5.108

v1.5.107

v1.5.106

v1.5.105

v1.5.104

v1.5.103

v1.5.102

v1.5.101

v1.5.100

v1.5.99

v1.5.98

v1.5.97

v1.5.96

v1.5.95

v1.5.94

v1.5.93

v1.5.92

v1.5.91

v1.5.90

v1.5.89

v1.5.88

v1.5.87

v1.5.86

v1.5.85

v1.5.84

v1.5.83

v1.5.82

v1.5.81

v1.5.80

v1.5.79

v1.5.78

v1.5.77

v1.5.76

v1.5.75

v1.5.74

v1.5.73

v1.5.72

v1.5.71

v1.5.70

v1.5.69

v1.5.68

v1.5.67

v1.5.66

v1.5.65

v1.5.64

v1.5.63

v1.5.62

v1.5.61

v1.5.60

v1.5.59

v1.5.58

v1.5.57

v1.5.56

v1.5.55

v1.5.54

v1.5.53

v1.5.52

v1.5.51

v1.5.50

v1.5.49

v1.5.48

v1.5.47

v1.5.46

v1.5.45

v1.5.44

v1.5.43

v1.5.42

v1.5.41

v1.5.40

v1.5.39

v1.5.38

v1.5.37

v1.5.36

v1.5.35

v1.5.34

v1.5.33

v1.5.32

v1.5.31

v1.5.30

v1.5.29

v1.5.28

v1.5.27

v1.5.26

v1.5.25

v1.5.24

v1.5.23

v1.5.22

v1.5.21

v1.5.20

v1.5.19

v1.5.18

v1.5.17

v1.5.16

v1.5.15

v1.5.14

v1.5.13

v1.5.12

v1.5.11

v1.5.10

v1.5.9

v1.5.8

v1.5.7

v1.5.6

v1.5.5

v1.5.4

v1.5.3

v1.5.2

v1.5.1

v1.5.0

v1.4.1

v1.4.0

v1.3.0

v1.2.4

v1.2.3

v1.2.2

v1.2.1

v1.2.0

v1.1.3

v1.1.2

v1.1.1

v1.1.0

v1.0.1

v1.0.0

v0.5.3

v0.5.2

v0.5.1

v0.5.0

v0.4.0

v0.3.2

v0.3.1

v0.3.0

v0.2.0

v0.1.0

v0.0.38

v0.0.37

v0.0.36

v0.0.35

v0.0.34

v0.0.33

v0.0.32

v0.0.31

v0.0.30

v0.0.29

v0.0.28

v0.0.27

v0.0.26

v0.0.25

v0.0.24

v0.0.23

v0.0.22

v0.0.21

v0.0.20

v0.0.19

v0.0.18

v0.0.17

v0.0.16

v0.0.15

v0.0.14

v0.0.13

v0.0.12

v0.0.11

v0.0.10

v0.0.9

v0.0.8

v0.0.7

v0.0.6

v0.0.5

v0.0.4

v0.0.3

v0.0.2

v0.0.1

tools-latest

Labels

Clear labels

  

P0

now / blocking / urgent

  

P1

next / important

  

P2

backlog / will do

  

P3

someday / low

  

P4

icebox / frozen / reopen if it becomes real

No labels

P0

P1

P2

P3

P4

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

coilyco-bridge/coily#1

No description provided.