npub1tkq8unhsd5jqx6ueex5lcpsgknrpquxuk44ftpjlpm3ulaake7xs76txrw/ngit-grasp-mirror/src/http/mod.rs, branch master

fix: reject identifiers with whitespace and URL-decode path components

2026-04-09T15:24:17+00:00

Two bugs allowed a repository announcement with a space-containing identifier ('kuboslopp by Shakespeare') to enter purgatory and create a bare repo on disk, but then fail to serve git data over HTTP. Bug 1 (serving): parse_git_url and parse_repo_url did not percent-decode the URL path before resolving the filesystem path. A client requesting /npub.../kuboslopp%20by%20Shakespeare.git/info/refs had the identifier extracted as 'kuboslopp%20by%20Shakespeare' (literal %20), which did not match the on-disk directory 'kuboslopp by Shakespeare.git'. Fix: add percent_decode() in src/git/mod.rs and apply it to the repo component in both parse_git_url and parse_repo_url. Bug 2 (validation): validate_announcement did not check that the identifier is safe as a filesystem path component and URL segment. Identifiers containing whitespace, path separators, null bytes, or reserved names (. / ..) should be rejected at acceptance time. Fix: add validate_identifier() in src/nostr/events.rs and call it from validate_announcement before any other policy checks.

chore: apply cargo fmt and fix clippy warnings

2026-02-26T15:42:09+00:00

Fix pre-existing clippy lints: - &PathBuf -> &Path in audit_cleanup.rs - too_many_arguments on process_newly_available_git_data, process_purgatory_announcements, and HttpService::new - clone_on_copy for PublicKey (Copy type) in purgatory cleanup loop

Merge master into 3ca0-announcements-purgatory

2026-02-23T15:20:59+00:00

fix: re-process hot-cache maintainer announcements after git push promotion

2026-02-23T12:05:29+00:00

When an owner announcement is promoted from purgatory via a git push, any maintainer announcements sitting in the rejected_events_index hot cache were never re-processed. The invalidate_and_get call only existed in SyncManager::process_event_static (the nostr sync path); the git push promotion path (http -> handlers -> git::sync) had no access to the rejected_events_index at all. Thread rejected_events_index and write_policy through the git push path: - process_purgatory_announcements: after saving the promoted announcement, parse its maintainers tag and call invalidate_and_get() for each, then re-process any returned hot-cache events via admit_event + save - process_newly_available_git_data: accept optional write_policy and rejected_events_index, pass them through to process_purgatory_announcements - handle_receive_pack: accept Arc and Arc, pass them to process_newly_available_git_data - HttpService / run_server: carry the two new fields, clone into each handle_receive_pack call - main.rs: obtain rejected_events_index from sync_manager before moving it into its task; wrap write_policy in Arc for the HTTP server - RealSyncContext::process_newly_available_git_data: pass None for both new params (purgatory sync path already handles this via SyncManager::process_event_static) Also rewrite the maintainer_reprocessing integration tests to correctly exercise the hot-cache path now that announcements require git data before being released from purgatory: - Start relay_b with relay_a as bootstrap so its SyncManager syncs maintainer announcements via negentropy before the owner git push - Use push_unique_git_data_to_relay (new helper) to give each maintainer a distinct commit hash, preventing git from skipping pack transfer - Make wait_for_event_on_relay poll in a retry loop so transient timing gaps between DB write and query do not cause false negatives

Add error logging to all git handler IO operations

2026-02-03T22:00:31+00:00

Previously, some IO errors in git handlers were logged while others were not, leading to inconsistent observability. Additionally, the HTTP layer logged all git errors redundantly, adding no useful context beyond what was already logged at the source. Changes: - Add error logging to all previously unlogged IO operations in handle_upload_pack and handle_receive_pack (stdin writes, stdout/stderr reads, process waits) - Remove redundant error logging at HTTP layer since all errors are now logged at their source with full context - Ensures consistent error-level logging for all git subprocess failures This provides complete observability of git operations while eliminating duplicate log entries that don't add value.

fix(http): decompress gzip-encoded git request bodies

2026-01-21T15:55:08+00:00

Modern git clients send Content-Encoding: gzip on POST requests to /git-upload-pack for efficiency. Without decompression, the compressed binary data was passed directly to git upload-pack, which expected pkt-line format, causing: fatal: protocol error: bad line length character: ?? error: RPC failed; HTTP 500 This was discovered in production when git clone requests consistently failed with HTTP 500 errors. The fix extracts the Content-Encoding header and uses flate2::GzDecoder to decompress gzip bodies before passing them to the git subprocess.

Add Git protocol v2 support to fix modern git client compatibility

2026-01-07T21:35:56+00:00

Modern git clients (2.51.0+) default to protocol v2 and send the Git-Protocol header. The server must pass this to git processes via the GIT_PROTOCOL environment variable for proper negotiation. Changes: - Extract Git-Protocol header in HTTP layer (src/http/mod.rs) - Pass git_protocol parameter through all handler functions - Set GIT_PROTOCOL env var when spawning git subprocesses - Update all tests to pass None for backward compatibility This fixes hangs/timeouts when modern git clients connect to the server. Fixes issue discovered in work/2025-01-07-pr-clone-tag-sync-investigation.md

sync all repos when authorised state data push received

2026-01-05T14:54:29+00:00

purgatory: improve git authorization integetration

2025-12-30T13:25:30+00:00

feat(purgatory): add broken purgatory implementation

2025-12-24T11:54:18+00:00