fix: include purgatory announcements in state event authorization

When processing state events from purgatory, we need to check
authorization against announcements that may still be in purgatory
(not yet promoted to the database).

Previously, process_purgatory_state_events() used fetch_repository_data()
which only queries the database. This caused authorization failures when:
1. Git data arrives
2. Announcement is promoted from purgatory to database
3. State events are processed from purgatory
4. But db_repo_data was fetched BEFORE the announcement promotion

Now uses fetch_repository_data_with_purgatory() to include both
database and purgatory announcements, ensuring authorization works
correctly regardless of promotion timing.

1 files changed, 6 insertions, 2 deletions

diff --git a/src/git/sync.rs b/src/git/sync.rs
index 13f30b6..a0b7c47 100644
--- a/src/git/sync.rs
+++ b/src/git/sync.rs
@@ -37,7 +37,8 @@ use tracing::{debug, info, warn};
 use nostr_sdk::Event;
 
 use crate::git::authorization::{
-    collect_authorized_maintainers, fetch_repository_data, RepositoryData,
+    collect_authorized_maintainers, fetch_repository_data, fetch_repository_data_with_purgatory,
+    RepositoryData,
 };
 use crate::git::{self, oid_exists};
 use crate::nostr::builder::SharedDatabase;
@@ -923,7 +924,10 @@ async fn process_purgatory_state_events(
     );
 
     // Fetch repository data once for all state events
-    let mut db_repo_data = match fetch_repository_data(database, identifier).await {
+    // IMPORTANT: Use fetch_repository_data_with_purgatory to include announcements
+    // that may still be in purgatory (not yet promoted). This ensures authorization
+    // works correctly even if the announcement promotion happens in the same batch.
+    let mut db_repo_data = match fetch_repository_data_with_purgatory(database, purgatory, identifier).await {
         Ok(data) => data,
         Err(e) => {
             warn!(