review: harden readonly git checks and lint verification
This commit is contained in:
@@ -169,6 +169,9 @@ describe('claude reviewer runtime guard', () => {
|
||||
const env = buildReviewerGitGuardEnv({ PATH: process.env.PATH }, true);
|
||||
expect(env.PATH).toContain('ejclaw-reviewer-git-');
|
||||
expect(env.EJCLAW_REAL_GIT).toBeTruthy();
|
||||
expect(env.GIT_CONFIG_GLOBAL).toContain('global.gitconfig');
|
||||
expect(env.GIT_CONFIG_NOSYSTEM).toBe('1');
|
||||
expect(fs.existsSync(env.GIT_CONFIG_GLOBAL!)).toBe(true);
|
||||
});
|
||||
|
||||
it('prefers an executable HOME-scoped wrapper dir before tmp', () => {
|
||||
@@ -245,6 +248,30 @@ describe('claude reviewer runtime guard', () => {
|
||||
}
|
||||
});
|
||||
|
||||
it('overrides problematic git config paths so read-only git queries still work', () => {
|
||||
const cwd = createTempRepo('ejclaw-reviewer-readonly-git-');
|
||||
const env = buildReviewerGitGuardEnv(
|
||||
{
|
||||
PATH: process.env.PATH,
|
||||
HOME: cwd,
|
||||
EJCLAW_WORK_DIR: cwd,
|
||||
GIT_CONFIG_GLOBAL: path.join(cwd, '.gitconfig'),
|
||||
},
|
||||
true,
|
||||
);
|
||||
|
||||
expect(env.GIT_CONFIG_GLOBAL).not.toBe(path.join(cwd, '.gitconfig'));
|
||||
expect(() =>
|
||||
execFileSync('git', ['log', '--oneline', '-1'], {
|
||||
cwd,
|
||||
env,
|
||||
encoding: 'utf-8',
|
||||
stdio: ['ignore', 'pipe', 'pipe'],
|
||||
}),
|
||||
).not.toThrow();
|
||||
expect(fs.existsSync(path.join(cwd, '.gitconfig'))).toBe(false);
|
||||
});
|
||||
|
||||
it('accepts a mounted local origin path that resolves as a git repo', () => {
|
||||
const originDir = createTempRepo('ejclaw-reviewer-origin-');
|
||||
const cwd = createTempRepo('ejclaw-reviewer-workspace-');
|
||||
|
||||
Reference in New Issue
Block a user