coily exec repo_no_config from a cwd where coily lint reads .coily/coily.yaml fine #3

New issue

Open

opened 2026-05-23 20:53:56 +00:00 by coilysiren · 0 comments

coilysiren commented

2026-05-23 20:53:56 +00:00

Owner

Originally filed by @coilysiren on 2026-05-23T01:28:33Z - https://github.com/coilysiren/coily/issues/327

Symptom

On kai-server (coily v2.23.0), coily exec <verb> from a repo root that has .coily/coily.yaml returns repo_no_config, but coily lint from the same cwd reads the same file fine.

Reproducer (via coily ssh so the working-dir is the infrastructure repo root):

$ coily ssh kai-server -- coily lint
coily lint: 16 verbs OK

$ coily ssh kai-server -- coily exec setup-git-lfs
coily: no .coily/coily.yaml reachable from cwd (/home/kai/projects/coilysiren/infrastructure) via ancestor walk or direct-child scan

The file is present and tracked at HEAD (coily ssh kai-server -- coily git show HEAD:.coily/coily.yaml returns the contents). Adding --cwd=...infrastructure/scripts (so ancestor walk should hit infrastructure/.coily/coily.yaml) gives the same error. Adding --commit-scope=...infrastructure also gives the same error.

Hypothesis

coily lint and coily exec (the repo: exec verb) appear to use different config-discovery paths. lint finds <cwd>/.coily/coily.yaml directly; exec's "ancestor walk or direct-child scan" apparently doesn't include cwd itself, or walks differently. Whatever the difference, it makes coily exec unusable on this host even though coily lint is happy.

Why it matters

coily exec <verb> is the user-defined-authorized command path (the metacharacter policy hint specifically calls it out). When the auto-mode classifier denies a bare remote shell write, the documented escape hatch is to declare a verb in .coily/coily.yaml and invoke it via coily exec. If coily exec can't find the config from the same cwd that everything else uses, that escape hatch is broken on the kai-server host.

Surfaced while landing coilysiren/infrastructure#286 - tried to run setup-git-lfs via coily ssh kai-server -- coily exec setup-git-lfs and hit this. Ended up needing the operator (Kai) to approve coily systemctl start coilysiren-pull-all.service directly because no coily exec invocation reached the verb.

Repro steps

SSH into kai-server (coily ssh kai-server) into any repo root with a .coily/coily.yaml.
coily lint → reads the file, prints verb count.
coily exec <any-declared-verb> → repo_no_config.

Same on coily v2.23.0; local (newer?) coily not yet checked.

_Originally filed by @coilysiren on 2026-05-23T01:28:33Z - [https://github.com/coilysiren/coily/issues/327](https://github.com/coilysiren/coily/issues/327)_ **Symptom** On kai-server (`coily v2.23.0`), `coily exec <verb>` from a repo root that has `.coily/coily.yaml` returns `repo_no_config`, but `coily lint` from the same cwd reads the same file fine. Reproducer (via `coily ssh` so the working-dir is the infrastructure repo root): ``` $ coily ssh kai-server -- coily lint coily lint: 16 verbs OK $ coily ssh kai-server -- coily exec setup-git-lfs coily: no .coily/coily.yaml reachable from cwd (/home/kai/projects/coilysiren/infrastructure) via ancestor walk or direct-child scan ``` The file is present and tracked at HEAD (`coily ssh kai-server -- coily git show HEAD:.coily/coily.yaml` returns the contents). Adding `--cwd=...infrastructure/scripts` (so ancestor walk should hit `infrastructure/.coily/coily.yaml`) gives the same error. Adding `--commit-scope=...infrastructure` also gives the same error. **Hypothesis** `coily lint` and `coily exec` (the `repo: exec` verb) appear to use different config-discovery paths. `lint` finds `<cwd>/.coily/coily.yaml` directly; `exec`'s "ancestor walk or direct-child scan" apparently doesn't include cwd itself, or walks differently. Whatever the difference, it makes `coily exec` unusable on this host even though `coily lint` is happy. **Why it matters** `coily exec <verb>` is the user-defined-authorized command path (the metacharacter policy hint specifically calls it out). When the auto-mode classifier denies a bare remote shell write, the documented escape hatch is to declare a verb in `.coily/coily.yaml` and invoke it via `coily exec`. If `coily exec` can't find the config from the same cwd that everything else uses, that escape hatch is broken on the kai-server host. Surfaced while landing coilysiren/infrastructure#286 - tried to run `setup-git-lfs` via `coily ssh kai-server -- coily exec setup-git-lfs` and hit this. Ended up needing the operator (Kai) to approve `coily systemctl start coilysiren-pull-all.service` directly because no `coily exec` invocation reached the verb. **Repro steps** 1. SSH into kai-server (`coily ssh kai-server`) into any repo root with a `.coily/coily.yaml`. 2. `coily lint` → reads the file, prints verb count. 3. `coily exec <any-declared-verb>` → `repo_no_config`. Same on coily v2.23.0; local (newer?) coily not yet checked.

coilysiren added the

label

2026-05-31 01:52:54 +00:00

coilysiren added

and removed

labels

2026-05-31 06:59:56 +00:00

No labels

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

coilyco-bridge/coily#3

No description provided.

Rows
Columns