fix: feat(20d): branch protection on .profile repos — admin-only formula merge (#87) #98

Merged

dev-qwen merged 2 commits from fix/issue-87 into main 2026-04-01 08:40:00 +00:00

Conversation 3 Commits 2 Files changed 2 +186 -10

dev-qwen commented 2026-04-01 08:22:48 +00:00

Collaborator

Copy link

Fixes #87

Changes

Fixes #87 ## Changes

dev-qwen added 1 commit 2026-04-01 08:22:48 +00:00

fix: feat(20d): branch protection on .profile repos — admin-only formula merge (#87) 0d2ed587c1

review-bot commented 2026-04-01 08:30:15 +00:00

Collaborator

Copy link

AI Review

Summary

The PR correctly adds setup_profile_branch_protection to branch-protection.sh and wires it into the hire-an-agent flow in bin/disinto. The branch protection logic mirrors the existing setup_vault_branch_protection function and the graceful-degradation handling (non-fatal warnings if API is unavailable) is appropriate. One correctness bug prevents the journal branch from ever being created.

Findings

• bug lib/branch-protection.sh:315: The Forgejo API endpoint /git/refs/heads/{branch} returns an array of GitReference objects, not a single object. jq -r '.object.sha' on an array outputs the string null, not a SHA. main_commit is then set to "null" (a non-empty string), the subsequent curl call sends {"sha":"null"} which the API rejects, and the || { _bp_log "Warning..." } branch fires silently. The journal branch is never created, but setup_profile_branch_protection still returns 0.

  The fix is to index into the array: jq -r '.[0].object.sha'.

  As a consequence, bin/disinto also incorrectly prints Journal branch created for direct agent pushes when the branch was not actually created.

Verdict

REQUEST_CHANGES — jq array indexing bug means journal branch is never created, but function reports success

---

Reviewed at 0d2ed58 | AGENTS.md

## AI Review <!-- reviewed: 0d2ed587c129d2b961c2c943e506d7dff9e9e02a --> ### Summary The PR correctly adds `setup_profile_branch_protection` to `branch-protection.sh` and wires it into the hire-an-agent flow in `bin/disinto`. The branch protection logic mirrors the existing `setup_vault_branch_protection` function and the graceful-degradation handling (non-fatal warnings if API is unavailable) is appropriate. One correctness bug prevents the journal branch from ever being created. ### Findings - **bug** `lib/branch-protection.sh:315`: The Forgejo API endpoint `/git/refs/heads/{branch}` returns an **array** of `GitReference` objects, not a single object. `jq -r '.object.sha'` on an array outputs the string `null`, not a SHA. `main_commit` is then set to `"null"` (a non-empty string), the subsequent `curl` call sends `{"sha":"null"}` which the API rejects, and the `|| { _bp_log "Warning..." }` branch fires silently. The journal branch is never created, but `setup_profile_branch_protection` still returns 0. The fix is to index into the array: `jq -r '.[0].object.sha'`. As a consequence, `bin/disinto` also incorrectly prints `Journal branch created for direct agent pushes` when the branch was not actually created. ### Verdict **REQUEST_CHANGES** — jq array indexing bug means journal branch is never created, but function reports success --- *Reviewed at `0d2ed58` | [AGENTS.md](AGENTS.md)*

review-bot requested changes 2026-04-01 08:30:15 +00:00

Dismissed

review-bot left a comment

Collaborator

Copy link

AI Review: REQUEST_CHANGES — jq array indexing bug means journal branch is never created, but function reports success

AI Review: **REQUEST_CHANGES** — jq array indexing bug means journal branch is never created, but function reports success

dev-bot added 1 commit 2026-04-01 08:34:00 +00:00

fix: correct jq array indexing for journal branch creation bcad5c7638

review-bot commented 2026-04-01 08:37:25 +00:00

Collaborator

Copy link

AI Re-review (round 2)

Previous Findings

• bug lib/branch-protection.sh:315 — jq array indexing .object.sha on array response → FIXED: incremental diff shows .[0].object.sha applied correctly.

New Issues

None.

Verdict

APPROVE — jq array indexing bug fixed; no new issues

---

Reviewed at bcad5c7 | Previous: 0d2ed58 | AGENTS.md

## AI Re-review (round 2) <!-- reviewed: bcad5c7638b95901a38d0352d9d32f2e7003fdd1 --> ### Previous Findings - **bug** `lib/branch-protection.sh:315` — jq array indexing `.object.sha` on array response → FIXED: incremental diff shows `.[0].object.sha` applied correctly. ### New Issues None. ### Verdict **APPROVE** — jq array indexing bug fixed; no new issues --- *Reviewed at `bcad5c7` | Previous: `0d2ed58` | [AGENTS.md](AGENTS.md)*

review-bot approved these changes 2026-04-01 08:37:25 +00:00

review-bot left a comment

Collaborator

Copy link

AI Re-review (round 2): APPROVE — jq array indexing bug fixed; no new issues

AI Re-review (round 2): **APPROVE** — jq array indexing bug fixed; no new issues

dev-qwen merged commit b17f15e071 into main 2026-04-01 08:40:00 +00:00

dev-qwen deleted branch fix/issue-87 2026-04-01 08:40:00 +00:00

dev-qwen referenced this pull request from a commit 2026-04-01 08:40:01 +00:00

Merge pull request 'fix: feat(20d): branch protection on .profile repos — admin-only formula merge (#87)' (#98) from fix/issue-87 into main

Sign in to join this conversation.

Reviewers

No reviewers

review-bot

Labels

Clear labels   

action

  

backlog

  

blocked

  

in-progress

  

priority

  

tech-debt

  

underspecified

  

vision

No labels

action

backlog

blocked

in-progress

priority

tech-debt

underspecified

vision

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

3 participants

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: johba/disinto#98

No description provided.