gabriel / muse public
feat hardening main #52 / 100
Diff

feat(hardening): final sweep — security, performance, API consistency, docs

Security fixes -------------- - update_ref: add validate_branch_name() before constructing the ref path — prevents path traversal via crafted branch names (e.g. ../../etc/cron.d) - gc + config_cmd: sanitize_display() on the --format error path so ANSI escape sequences in bad --format values cannot reach the terminal - ls_files + commit_tree: validate_object_id() before passing user-supplied commit/snapshot IDs to read_commit()/read_snapshot() — closes path-traversal vector through the store's filename construction - verify_pack: fix unclosed file handle (open() without with statement)

Performance fixes ----------------- - show --json: read snapshot directly via commit.snapshot_id instead of re-reading the commit file we already have in memory; saves one disk read per JSON show invocation - commit_graph --ancestry-path: cap _ancestors_of() BFS at 100 000 commits (was completely unbounded); prevents O(N) pre-scan from stalling on large repositories

API consistency --------------- - ls_remote: replace --json bool flag with --format json|text, matching all 20+ peer plumbing commands; update test to use new flag - read_commit, read_snapshot, commit_tree, update_ref, unpack_objects: add --format text option so these always-JSON commands have a shell-pipeline- friendly human-readable output path; text modes print compact one-liners or are silent on success (update_ref) - commit_tree + ls_files: fix tests that used invalid hex IDs ('s'*64, 'snap2') so validate_object_id passes

Documentation fixes ------------------- - diff.py: BREAKING — docstring claimed JSON payload contains "ops" field; actual field is "total_changes". Agents consuming "ops" received nothing. - commit.py: add missing "author" and "sem_ver_bump" to JSON payload doc - log.py: add missing "sem_ver_bump" to JSON array element doc - reflog.py: add missing "index" and "author" to JSON entry doc - checkout.py: add missing "already_on" action value to JSON payload doc - rebase.py: document both JSON payload shapes (squash vs normal) - show.py: document all JSON fields including files_added/removed/modified - whoami.py: document full JSON payload fields - config_cmd show: document JSON payload top-level keys

G Gabriel Cardona <gabriel@tellurstori.com> · 2d ago Mar 21, 2026 · e8c4265e · parent faec8c4d
21
files changed
426
files in snapshot
Files Changed 426 in snapshot
~21
~ muse/cli/commands/checkout.py .py
~ muse/cli/commands/commit.py .py
~ muse/cli/commands/config_cmd.py .py
~ muse/cli/commands/diff.py .py
~ muse/cli/commands/gc.py .py
~ muse/cli/commands/log.py .py
~ muse/cli/commands/plumbing/commit_graph.py .py
~ muse/cli/commands/plumbing/commit_tree.py .py
~ muse/cli/commands/plumbing/ls_files.py .py
~ muse/cli/commands/plumbing/ls_remote.py .py
~ muse/cli/commands/plumbing/read_commit.py .py
~ muse/cli/commands/plumbing/read_snapshot.py .py
~ muse/cli/commands/plumbing/unpack_objects.py .py
~ muse/cli/commands/plumbing/update_ref.py .py
~ muse/cli/commands/plumbing/verify_pack.py .py
~ muse/cli/commands/rebase.py .py
~ muse/cli/commands/reflog.py .py
~ muse/cli/commands/show.py .py
~ muse/cli/commands/whoami.py .py
~ tests/test_cli_fetch_push.py .py
~ tests/test_cli_plumbing.py .py
Older feat(hardening): add config/bisect CLI tests and fix bisect conv… faec8c4d All commits Newer docs: comprehensive plumbing and porcelain reference update 51e65168

0 comments

No comments yet. Be the first to start the discussion.