coilysiren-pull-all skips every repo because .claude/ files chronically drift #4

New issue

Open

opened 2026-05-23 20:54:25 +00:00 by coilysiren · 0 comments

coilysiren commented

2026-05-23 20:54:25 +00:00

Owner

Originally filed by @coilysiren on 2026-05-23T01:28:28Z - https://github.com/coilysiren/infrastructure/issues/289

Symptom

A manual coily systemctl start coilysiren-pull-all.service on kai-server today logged pulled=0 skipped=34 failed=0. Every single coilysiren repo got skipped, each with [<name>] SKIP: working tree dirty. The daily timer has the same outcome - it sweeps 34 repos and pulls zero of them.

Cause

coily setup / coily lockdown regenerates two tracked files in every coilysiren checkout on kai-server:

 M .claude/lockdown-deny.sh
 M .claude/settings.json

The drift is the agent-guard hook → coily hook migration (exec coily hook pre-tool-use vs the committed exec agent-guard hook pre-tool-use) plus a one-line coily ops gcloud addition to the allow list. The committed versions never got bumped to match what current coily emits, so every repo is permanently dirty, and coilysiren-pull-all.sh correctly refuses to pull on a dirty tree.

Spot-check on eco-mods (verified via coily ssh kai-server -- coily --cwd=...eco-mods git diff --stat):

 .claude/lockdown-deny.sh | 10 ++++------
 .claude/settings.json    |  1 +

infrastructure shows the same two files dirty.

Impact

The whole point of coilysiren-pull-all.timer is that running services on kai-server (personal-dashboard, eco-mods rsync deploys, etc.) read fresh checkouts. They've been reading frozen ones.
coilysiren/infrastructure#286 wired git lfs install into coilysiren-pull-all.sh so the daily pull would handle eco-mods cleanly. The wiring works, but the verification ("manual pull-all run handles eco-mods cleanly") can't actually pass while every repo is skipped.

Fix candidates

Commit the current coily-generated .claude/lockdown-deny.sh + .claude/settings.json shape into every coilysiren repo (cross-repo sweep). One-time clean-up, but anything that bumps the generated shape again re-dirties everything.
Make coilysiren-pull-all.sh aware of the auto-generated .claude/* paths and treat them as "ignore for dirty-check" (e.g. git status --porcelain -- ':!.claude/lockdown-deny.sh' ':!.claude/settings.json'). Local-only fix, no cross-repo churn.
Stop tracking .claude/lockdown-deny.sh + .claude/settings.json in repos and rely on coily lockdown to regenerate them on demand. Most invasive but kills the drift class entirely.

Surfaced while landing coilysiren/infrastructure#286.

_Originally filed by @coilysiren on 2026-05-23T01:28:28Z - [https://github.com/coilysiren/infrastructure/issues/289](https://github.com/coilysiren/infrastructure/issues/289)_ **Symptom** A manual `coily systemctl start coilysiren-pull-all.service` on kai-server today logged `pulled=0 skipped=34 failed=0`. Every single coilysiren repo got skipped, each with `[<name>] SKIP: working tree dirty`. The daily timer has the same outcome - it sweeps 34 repos and pulls zero of them. **Cause** `coily setup` / `coily lockdown` regenerates two tracked files in every coilysiren checkout on kai-server: ``` M .claude/lockdown-deny.sh M .claude/settings.json ``` The drift is the `agent-guard hook` → `coily hook` migration (`exec coily hook pre-tool-use` vs the committed `exec agent-guard hook pre-tool-use`) plus a one-line `coily ops gcloud` addition to the allow list. The committed versions never got bumped to match what current coily emits, so every repo is permanently dirty, and `coilysiren-pull-all.sh` correctly refuses to pull on a dirty tree. Spot-check on `eco-mods` (verified via `coily ssh kai-server -- coily --cwd=...eco-mods git diff --stat`): ``` .claude/lockdown-deny.sh | 10 ++++------ .claude/settings.json | 1 + ``` `infrastructure` shows the same two files dirty. **Impact** * The whole point of `coilysiren-pull-all.timer` is that running services on kai-server (personal-dashboard, eco-mods rsync deploys, etc.) read fresh checkouts. They've been reading frozen ones. * coilysiren/infrastructure#286 wired `git lfs install` into `coilysiren-pull-all.sh` so the daily pull would handle eco-mods cleanly. The wiring works, but the verification ("manual pull-all run handles eco-mods cleanly") can't actually pass while every repo is skipped. **Fix candidates** 1. Commit the current coily-generated `.claude/lockdown-deny.sh` + `.claude/settings.json` shape into every coilysiren repo (cross-repo sweep). One-time clean-up, but anything that bumps the generated shape again re-dirties everything. 2. Make `coilysiren-pull-all.sh` aware of the auto-generated `.claude/*` paths and treat them as "ignore for dirty-check" (e.g. `git status --porcelain -- ':!.claude/lockdown-deny.sh' ':!.claude/settings.json'`). Local-only fix, no cross-repo churn. 3. Stop tracking `.claude/lockdown-deny.sh` + `.claude/settings.json` in repos and rely on `coily lockdown` to regenerate them on demand. Most invasive but kills the drift class entirely. Surfaced while landing coilysiren/infrastructure#286.

coilysiren referenced this issue

2026-05-23 20:54:36 +00:00

factorio: build Sirens-authored mod stack (mid/long-term) #68

coilysiren referenced this issue

2026-05-23 20:54:37 +00:00

factorio: install existing mod stack from mod portal (short-term) #69

coilysiren referenced this issue

2026-05-23 20:54:38 +00:00

factorio: pick T1 vs T2 mod stack for opening session, drop mods/ + mod-list.json on kai-server #77

coilysiren referenced this issue

2026-05-30 05:43:33 +00:00

coilysiren-pull-all skip-on-dirty is too aggressive #51