coilyco-flight-deck/infrastructure
1
0
Fork 0
Code Issues 101 Pull requests Projects Releases Packages Wiki Activity Actions 1

Uncommitted coily-regenerated lockdown drift on kai-server checkout #19

New issue
Closed
opened 2026-05-23 20:54:28 +00:00 by coilysiren · 1 comment
coilysiren commented 2026-05-23 20:54:28 +00:00
Owner
Copy link

Originally filed by @coilysiren on 2026-05-22T09:33:50Z - https://github.com/coilysiren/infrastructure/issues/253

While pulling the repo on kai-server, its checkout showed uncommitted changes to .claude/lockdown-deny.sh and .claude/settings.json, both coily-regenerated:

  • lockdown-deny.sh: exec agent-guard hook pre-tool-use -> exec coily hook pre-tool-use (the coily#248 hook migration).
  • settings.json: + "Bash(coily ops gcloud:*)" in the allow list.

These are auto-generated by coily setup / coily lockdown --apply. The working tree on kai-server matches current coily output; the committed copies are stale. Likely the same drift exists in every catalog repo with a committed .claude/lockdown-deny.sh.

Decide and apply repo-wide: either commit the regenerated lockdown across repos, or stop committing the generated files (gitignore + regenerate via coily setup). Right now they drift silently on every coily lockdown-output change.

_Originally filed by @coilysiren on 2026-05-22T09:33:50Z - [https://github.com/coilysiren/infrastructure/issues/253](https://github.com/coilysiren/infrastructure/issues/253)_ While pulling the repo on kai-server, its checkout showed uncommitted changes to `.claude/lockdown-deny.sh` and `.claude/settings.json`, both coily-regenerated: - `lockdown-deny.sh`: `exec agent-guard hook pre-tool-use` -> `exec coily hook pre-tool-use` (the coily#248 hook migration). - `settings.json`: `+ "Bash(coily ops gcloud:*)"` in the allow list. These are auto-generated by `coily setup` / `coily lockdown --apply`. The working tree on kai-server matches current coily output; the committed copies are stale. Likely the same drift exists in every catalog repo with a committed `.claude/lockdown-deny.sh`. Decide and apply repo-wide: either commit the regenerated lockdown across repos, or stop committing the generated files (gitignore + regenerate via `coily setup`). Right now they drift silently on every coily lockdown-output change.
coilysiren commented 2026-05-30 05:43:34 +00:00
Author
Owner
Copy link

Merged into #164 in the 2026-05-29 backlog burn-down. lockdown drift instance, same as sync task #164 Reopen if it should stand alone.

Merged into #164 in the 2026-05-29 backlog burn-down. lockdown drift instance, same as sync task #164 Reopen if it should stand alone.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
dispatch/issue-294
tangled-knot
dispatch/issue-216
No results found.
Labels
Clear labels
  
P0
now / blocking / urgent

  
P1
next / important

  
P2
backlog / will do

  
P3
someday / low

  
P4
icebox / frozen / reopen if it becomes real

No labels
P0
P1
P2
P3
P4
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
coilyco-flight-deck/infrastructure#19
No description provided.