From 365ee9e788080f525428ad217b9c9f88e10af1d7 Mon Sep 17 00:00:00 2001 From: wenshao Date: Fri, 10 Apr 2026 22:14:20 +0800 Subject: [PATCH 01/64] feat: add commit attribution with per-file AI contribution tracking via git notes Track character-level AI vs human contributions per file and store detailed attribution metadata as git notes (refs/notes/ai-attribution) after each successful git commit. This enables open-source AI disclosure and enterprise compliance audits without polluting commit messages. --- .../src/services/attributionTrailer.test.ts | 127 +++++++++ .../core/src/services/attributionTrailer.ts | 77 ++++++ .../src/services/commitAttribution.test.ts | 164 ++++++++++++ .../core/src/services/commitAttribution.ts | 249 ++++++++++++++++++ packages/core/src/tools/edit.ts | 10 + packages/core/src/tools/shell.test.ts | 4 + packages/core/src/tools/shell.ts | 101 +++++++ packages/core/src/tools/write-file.ts | 12 + 8 files changed, 744 insertions(+) create mode 100644 packages/core/src/services/attributionTrailer.test.ts create mode 100644 packages/core/src/services/attributionTrailer.ts create mode 100644 packages/core/src/services/commitAttribution.test.ts create mode 100644 packages/core/src/services/commitAttribution.ts diff --git a/packages/core/src/services/attributionTrailer.test.ts b/packages/core/src/services/attributionTrailer.test.ts new file mode 100644 index 00000000000..89b656abf7c --- /dev/null +++ b/packages/core/src/services/attributionTrailer.test.ts @@ -0,0 +1,127 @@ +/** + * @license + * Copyright 2025 Google LLC + * SPDX-License-Identifier: Apache-2.0 + */ + +import { describe, it, expect } from 'vitest'; +import { + buildGitNotesCommand, + formatAttributionSummary, + getAttributionNotesRef, +} from './attributionTrailer.js'; +import type { CommitAttributionNote } from './commitAttribution.js'; + +const sampleNote: CommitAttributionNote = { + version: 1, + generator: 'Qwen-Coder', + files: { + 'src/main.ts': { + aiCharsAdded: 150, + aiCharsRemoved: 30, + aiCreated: true, + aiContributionPercent: 100, + }, + 'src/utils.ts': { + aiCharsAdded: 45, + aiCharsRemoved: 20, + aiCreated: false, + aiContributionPercent: 100, + }, + }, + summary: { + totalAiCharsAdded: 195, + totalAiCharsRemoved: 50, + totalFilesTouched: 2, + overallAiPercent: 100, + }, +}; + +describe('attributionTrailer', () => { + describe('buildGitNotesCommand', () => { + it('should build a valid git notes command', () => { + const cmd = buildGitNotesCommand(sampleNote); + expect(cmd).not.toBeNull(); + expect(cmd).toContain( + 'git notes --ref=refs/notes/ai-attribution add -f -m', + ); + expect(cmd).toContain('HEAD'); + expect(cmd).toContain('"Qwen-Coder"'); + }); + + it('should not include cd prefix (cwd handled by executor)', () => { + const cmd = buildGitNotesCommand(sampleNote); + expect(cmd).not.toBeNull(); + expect(cmd!).not.toContain('cd '); + expect(cmd!.startsWith('git notes')).toBe(true); + }); + + it('should produce valid JSON in the note message', () => { + const cmd = buildGitNotesCommand(sampleNote)!; + // Extract the JSON from between the single quotes after -m + const match = cmd.match(/-m '(.+)' HEAD/); + expect(match).toBeTruthy(); + // The JSON may have escaped single quotes, unescape them + const jsonStr = match![1].replace(/'\\''/g, "'"); + const parsed = JSON.parse(jsonStr); + expect(parsed.version).toBe(1); + expect(parsed.generator).toBe('Qwen-Coder'); + }); + + it('should return null when note exceeds size limit', () => { + const hugeNote: CommitAttributionNote = { + ...sampleNote, + files: {}, + }; + // Create a note with enough files to exceed 128KB + for (let i = 0; i < 2000; i++) { + hugeNote.files[ + `src/very/long/path/to/some/deeply/nested/file_${i}.ts` + ] = { + aiCharsAdded: 999999, + aiCharsRemoved: 999999, + aiCreated: true, + aiContributionPercent: 100, + }; + } + const cmd = buildGitNotesCommand(hugeNote); + expect(cmd).toBeNull(); + }); + + it('should properly escape single quotes in JSON', () => { + const noteWithQuotes: CommitAttributionNote = { + ...sampleNote, + files: { + "it's-a-file.ts": { + aiCharsAdded: 10, + aiCharsRemoved: 5, + aiCreated: false, + aiContributionPercent: 100, + }, + }, + }; + const cmd = buildGitNotesCommand(noteWithQuotes); + expect(cmd).not.toBeNull(); + // Should not have unescaped single quotes that break the shell command + // The pattern '...'\''...' is the correct shell escaping for single quotes + expect(cmd).toContain("'\\''"); + }); + }); + + describe('formatAttributionSummary', () => { + it('should format a human-readable summary', () => { + const summary = formatAttributionSummary(sampleNote); + expect(summary).toContain('2 file(s) touched'); + expect(summary).toContain('Chars added: 195'); + expect(summary).toContain('removed: 50'); + expect(summary).toContain('src/main.ts'); + expect(summary).toContain('[created]'); + }); + }); + + describe('getAttributionNotesRef', () => { + it('should return the expected ref', () => { + expect(getAttributionNotesRef()).toBe('refs/notes/ai-attribution'); + }); + }); +}); diff --git a/packages/core/src/services/attributionTrailer.ts b/packages/core/src/services/attributionTrailer.ts new file mode 100644 index 00000000000..9d6b29231de --- /dev/null +++ b/packages/core/src/services/attributionTrailer.ts @@ -0,0 +1,77 @@ +/** + * @license + * Copyright 2025 Google LLC + * SPDX-License-Identifier: Apache-2.0 + */ + +/** + * Attribution Trailer Utility + * + * Generates git notes commands for storing per-file AI attribution metadata + * on commits. This keeps the commit message clean (only Co-Authored-By trailer) + * while storing detailed contribution data in git notes. + */ + +import type { CommitAttributionNote } from './commitAttribution.js'; + +const GIT_NOTES_REF = 'refs/notes/ai-attribution'; + +/** Maximum byte length for the -m argument to avoid shell ARG_MAX limits. */ +const MAX_NOTE_BYTES = 128 * 1024; // 128 KB – well within Linux's typical 2 MB + +/** + * Escape a string for safe use inside single quotes in a shell command. + * Replaces each ' with the sequence '\'' (end quote, escaped quote, start quote). + */ +function shellEscapeSingleQuote(s: string): string { + return s.replace(/'/g, "'\\''"); +} + +/** + * Generate the git notes add command to attach attribution metadata to the + * most recent commit. Does NOT include a cd prefix — the caller should pass + * the working directory to the shell executor directly. + * + * Returns null if the serialized note exceeds MAX_NOTE_BYTES. + */ +export function buildGitNotesCommand( + note: CommitAttributionNote, +): string | null { + const noteJson = JSON.stringify(note); + if (Buffer.byteLength(noteJson, 'utf-8') > MAX_NOTE_BYTES) { + return null; + } + const escaped = shellEscapeSingleQuote(noteJson); + return `git notes --ref=${GIT_NOTES_REF} add -f -m '${escaped}' HEAD`; +} + +/** + * Format a human-readable summary of the attribution for logging/display. + */ +export function formatAttributionSummary(note: CommitAttributionNote): string { + const lines: string[] = []; + lines.push( + `AI Attribution: ${note.summary.totalFilesTouched} file(s) touched`, + ); + lines.push( + ` Chars added: ${note.summary.totalAiCharsAdded}, removed: ${note.summary.totalAiCharsRemoved}`, + ); + + for (const [filePath, data] of Object.entries(note.files)) { + const shortPath = + filePath.length > 60 ? '...' + filePath.slice(-57) : filePath; + const created = data.aiCreated ? ' [created]' : ''; + lines.push( + ` ${shortPath}: +${data.aiCharsAdded}/-${data.aiCharsRemoved}${created}`, + ); + } + + return lines.join('\n'); +} + +/** + * Get the git notes ref used for AI attribution. + */ +export function getAttributionNotesRef(): string { + return GIT_NOTES_REF; +} diff --git a/packages/core/src/services/commitAttribution.test.ts b/packages/core/src/services/commitAttribution.test.ts new file mode 100644 index 00000000000..5291cfda990 --- /dev/null +++ b/packages/core/src/services/commitAttribution.test.ts @@ -0,0 +1,164 @@ +/** + * @license + * Copyright 2025 Google LLC + * SPDX-License-Identifier: Apache-2.0 + */ + +import { describe, it, expect, beforeEach } from 'vitest'; +import { CommitAttributionService } from './commitAttribution.js'; + +describe('CommitAttributionService', () => { + beforeEach(() => { + CommitAttributionService.resetInstance(); + }); + + it('should return the same singleton instance', () => { + const a = CommitAttributionService.getInstance(); + const b = CommitAttributionService.getInstance(); + expect(a).toBe(b); + }); + + it('should start with no attributions', () => { + const service = CommitAttributionService.getInstance(); + expect(service.hasAttributions()).toBe(false); + expect(service.getAttributions().size).toBe(0); + }); + + it('should track new file creation', () => { + const service = CommitAttributionService.getInstance(); + service.recordEdit('/path/to/file.ts', null, 'hello world'); + + expect(service.hasAttributions()).toBe(true); + const attr = service.getFileAttribution('/path/to/file.ts'); + expect(attr).toBeDefined(); + expect(attr!.aiCreated).toBe(true); + expect(attr!.aiCharsAdded).toBe(11); // 'hello world'.length + }); + + it('should NOT treat empty existing file as new file creation', () => { + const service = CommitAttributionService.getInstance(); + // oldContent = '' means the file existed but was empty + service.recordEdit('/path/to/empty.ts', '', 'new content'); + + const attr = service.getFileAttribution('/path/to/empty.ts'); + expect(attr).toBeDefined(); + expect(attr!.aiCreated).toBe(false); + expect(attr!.aiCharsAdded).toBeGreaterThan(0); + }); + + it('should track edits to existing files', () => { + const service = CommitAttributionService.getInstance(); + service.recordEdit('/path/to/file.ts', 'old line\n', 'new line\nextra\n'); + + const attr = service.getFileAttribution('/path/to/file.ts'); + expect(attr).toBeDefined(); + expect(attr!.aiCreated).toBe(false); + expect(attr!.aiCharsAdded).toBeGreaterThan(0); + expect(attr!.aiCharsRemoved).toBeGreaterThan(0); + }); + + it('should accumulate multiple edits to the same file', () => { + const service = CommitAttributionService.getInstance(); + service.recordEdit('/path/to/file.ts', 'aaa\n', 'bbb\n'); + service.recordEdit('/path/to/file.ts', 'bbb\n', 'ccc\nddd\n'); + + const attr = service.getFileAttribution('/path/to/file.ts'); + expect(attr).toBeDefined(); + expect(attr!.aiCharsAdded).toBeGreaterThan(0); + }); + + it('should track multiple files independently', () => { + const service = CommitAttributionService.getInstance(); + service.recordEdit('/a.ts', null, 'content a'); + service.recordEdit('/b.ts', 'old', 'new'); + + expect(service.getAttributions().size).toBe(2); + expect(service.getFileAttribution('/a.ts')!.aiCreated).toBe(true); + expect(service.getFileAttribution('/b.ts')!.aiCreated).toBe(false); + }); + + it('should clear attributions', () => { + const service = CommitAttributionService.getInstance(); + service.recordEdit('/file.ts', null, 'content'); + expect(service.hasAttributions()).toBe(true); + + service.clearAttributions(); + expect(service.hasAttributions()).toBe(false); + }); + + it('should return defensive copies from getFileAttribution', () => { + const service = CommitAttributionService.getInstance(); + service.recordEdit('/file.ts', null, 'content'); + + const copy = service.getFileAttribution('/file.ts')!; + copy.aiCharsAdded = 99999; + + // Internal state should be unaffected + const fresh = service.getFileAttribution('/file.ts')!; + expect(fresh.aiCharsAdded).not.toBe(99999); + }); + + describe('generateNotePayload', () => { + it('should generate valid note payload', () => { + const service = CommitAttributionService.getInstance(); + service.recordEdit('/src/main.ts', null, 'console.log("hello");\n'); + service.recordEdit('/src/util.ts', 'old code\n', 'new code\nmore\n'); + + const note = service.generateNotePayload('Qwen-Coder'); + expect(note.version).toBe(1); + expect(note.generator).toBe('Qwen-Coder'); + expect(Object.keys(note.files)).toHaveLength(2); + expect(note.summary.totalFilesTouched).toBe(2); + expect(note.summary.totalAiCharsAdded).toBeGreaterThan(0); + }); + + it('should convert absolute paths to relative paths when baseDir is provided', () => { + const service = CommitAttributionService.getInstance(); + service.recordEdit('/home/user/project/src/main.ts', null, 'code'); + + const note = service.generateNotePayload( + 'Qwen-Coder', + '/home/user/project', + ); + const filePaths = Object.keys(note.files); + expect(filePaths).toHaveLength(1); + expect(filePaths[0]).toBe('src/main.ts'); + }); + + it('should keep absolute paths when baseDir is not provided', () => { + const service = CommitAttributionService.getInstance(); + service.recordEdit('/home/user/project/src/main.ts', null, 'code'); + + const note = service.generateNotePayload('Qwen-Coder'); + const filePaths = Object.keys(note.files); + expect(filePaths[0]).toBe('/home/user/project/src/main.ts'); + }); + + it('should sanitize internal model codenames', () => { + const service = CommitAttributionService.getInstance(); + service.recordEdit('/file.ts', null, 'x'); + + expect(service.generateNotePayload('qwen-72b').generator).toBe( + 'Qwen-Coder', + ); + expect(service.generateNotePayload('qwen_coder_2.5').generator).toBe( + 'Qwen-Coder', + ); + expect(service.generateNotePayload('qwen-max').generator).toBe( + 'Qwen-Coder', + ); + expect(service.generateNotePayload('qwen-turbo').generator).toBe( + 'Qwen-Coder', + ); + }); + + it('should not sanitize non-internal names', () => { + const service = CommitAttributionService.getInstance(); + service.recordEdit('/file.ts', null, 'x'); + + expect(service.generateNotePayload('CustomAgent').generator).toBe( + 'CustomAgent', + ); + }); + }); +}); diff --git a/packages/core/src/services/commitAttribution.ts b/packages/core/src/services/commitAttribution.ts new file mode 100644 index 00000000000..96d324e69f9 --- /dev/null +++ b/packages/core/src/services/commitAttribution.ts @@ -0,0 +1,249 @@ +/** + * @license + * Copyright 2025 Google LLC + * SPDX-License-Identifier: Apache-2.0 + */ + +/** + * Commit Attribution Service + * + * Tracks character-level contribution ratios between AI and humans per file. + * When a git commit is made, this data is used to generate attribution metadata + * stored as git notes, keeping the commit history clean while enabling + * compliance audits and AI disclosure. + */ + +import * as path from 'node:path'; + +export interface FileAttribution { + /** Characters added by AI */ + aiCharsAdded: number; + /** Characters removed by AI */ + aiCharsRemoved: number; + /** Whether the file was created (not just edited) by AI */ + aiCreated: boolean; +} + +export interface CommitAttributionNote { + version: 1; + generator: string; + files: Record< + string, + { + aiCharsAdded: number; + aiCharsRemoved: number; + aiCreated: boolean; + aiContributionPercent: number; + } + >; + summary: { + totalAiCharsAdded: number; + totalAiCharsRemoved: number; + totalFilesTouched: number; + overallAiPercent: number; + }; +} + +// Internal model codenames that should be sanitized for external repos +const INTERNAL_MODEL_PATTERNS = [ + /qwen[-_]?\d+(\.\d+)?[-_]?b?/i, + /qwen[-_]?coder[-_]?\d*/i, + /qwen[-_]?max/i, + /qwen[-_]?plus/i, + /qwen[-_]?turbo/i, +]; + +const SANITIZED_GENERATOR_NAME = 'Qwen-Coder'; + +export class CommitAttributionService { + private static instance: CommitAttributionService | null = null; + + /** Per-file attribution tracking for the current session */ + private fileAttributions: Map = new Map(); + + private constructor() {} + + static getInstance(): CommitAttributionService { + if (!CommitAttributionService.instance) { + CommitAttributionService.instance = new CommitAttributionService(); + } + return CommitAttributionService.instance; + } + + /** + * Reset singleton for testing. + */ + static resetInstance(): void { + CommitAttributionService.instance = null; + } + + /** + * Record an AI edit to a file. + * Called after EditTool or WriteFileTool successfully modifies a file. + */ + recordEdit( + filePath: string, + oldContent: string | null, + newContent: string, + ): void { + const existing = this.fileAttributions.get(filePath) || { + aiCharsAdded: 0, + aiCharsRemoved: 0, + aiCreated: false, + }; + + // Only treat as new file when oldContent is strictly null (file did not exist). + // Empty string means the file existed but was empty. + const isNewFile = oldContent === null; + + if (isNewFile && !existing.aiCreated) { + existing.aiCreated = true; + existing.aiCharsAdded += newContent.length; + } else { + const { added, removed } = this.calculateCharDiff( + oldContent ?? '', + newContent, + ); + existing.aiCharsAdded += added; + existing.aiCharsRemoved += removed; + } + + this.fileAttributions.set(filePath, existing); + } + + /** + * Get attribution data for all tracked files (defensive copy). + */ + getAttributions(): Map { + const copy = new Map(); + for (const [k, v] of this.fileAttributions) { + copy.set(k, { ...v }); + } + return copy; + } + + /** + * Get attribution for a specific file (defensive copy). + */ + getFileAttribution(filePath: string): FileAttribution | undefined { + const attr = this.fileAttributions.get(filePath); + return attr ? { ...attr } : undefined; + } + + /** + * Check if there are any tracked attributions. + */ + hasAttributions(): boolean { + return this.fileAttributions.size > 0; + } + + /** + * Clear all tracked attributions (called after a commit is made). + */ + clearAttributions(): void { + this.fileAttributions.clear(); + } + + /** + * Generate a git notes JSON payload for the current attributions. + * File paths are converted to relative paths based on the given base directory + * to avoid leaking absolute directory structures. + * @param generatorName The model/tool name (will be sanitized) + * @param baseDir Base directory to compute relative file paths from + */ + generateNotePayload( + generatorName?: string, + baseDir?: string, + ): CommitAttributionNote { + const sanitizedGenerator = this.sanitizeModelName( + generatorName ?? SANITIZED_GENERATOR_NAME, + ); + + const files: CommitAttributionNote['files'] = {}; + let totalAiCharsAdded = 0; + let totalAiCharsRemoved = 0; + + for (const [filePath, attr] of this.fileAttributions) { + const relativePath = baseDir + ? path.relative(baseDir, filePath) + : filePath; + const totalChange = attr.aiCharsAdded + attr.aiCharsRemoved; + files[relativePath] = { + aiCharsAdded: attr.aiCharsAdded, + aiCharsRemoved: attr.aiCharsRemoved, + aiCreated: attr.aiCreated, + aiContributionPercent: totalChange > 0 ? 100 : 0, + }; + totalAiCharsAdded += attr.aiCharsAdded; + totalAiCharsRemoved += attr.aiCharsRemoved; + } + + const totalChange = totalAiCharsAdded + totalAiCharsRemoved; + + return { + version: 1, + generator: sanitizedGenerator, + files, + summary: { + totalAiCharsAdded, + totalAiCharsRemoved, + totalFilesTouched: this.fileAttributions.size, + overallAiPercent: totalChange > 0 ? 100 : 0, + }, + }; + } + + /** + * Calculate character-level additions and removals between two strings. + * Uses a line-based multiset diff: counts lines present in one version + * but not the other and sums their character lengths. + */ + private calculateCharDiff( + oldContent: string, + newContent: string, + ): { added: number; removed: number } { + const oldLines = oldContent.split('\n'); + const newLines = newContent.split('\n'); + + let added = 0; + let removed = 0; + + const oldCounts = new Map(); + for (const line of oldLines) { + oldCounts.set(line, (oldCounts.get(line) || 0) + 1); + } + + const newCounts = new Map(); + for (const line of newLines) { + newCounts.set(line, (newCounts.get(line) || 0) + 1); + } + + // Count removed lines (in old but fewer occurrences in new) + for (const [line, oldCount] of oldCounts) { + const newCount = newCounts.get(line) || 0; + const removedCount = Math.max(0, oldCount - newCount); + removed += removedCount * line.length; + } + + // Count added lines (in new but fewer occurrences in old) + for (const [line, newCount] of newCounts) { + const oldCount = oldCounts.get(line) || 0; + const addedCount = Math.max(0, newCount - oldCount); + added += addedCount * line.length; + } + + return { added, removed }; + } + + /** + * Sanitize internal model codenames to prevent leaking internal details. + */ + private sanitizeModelName(name: string): string { + for (const pattern of INTERNAL_MODEL_PATTERNS) { + if (pattern.test(name)) { + return SANITIZED_GENERATOR_NAME; + } + } + return name; + } +} diff --git a/packages/core/src/tools/edit.ts b/packages/core/src/tools/edit.ts index 62ee14044b1..c708a20c4b9 100644 --- a/packages/core/src/tools/edit.ts +++ b/packages/core/src/tools/edit.ts @@ -42,6 +42,7 @@ import type { ModifiableDeclarativeTool, ModifyContext, } from './modifiable-tool.js'; +import { CommitAttributionService } from '../services/commitAttribution.js'; import { safeLiteralReplace } from '../utils/textUtils.js'; import { countOccurrences, @@ -414,6 +415,15 @@ class EditToolInvocation implements ToolInvocation { }); } + // Track AI contribution for commit attribution + if (!this.params.modified_by_user) { + CommitAttributionService.getInstance().recordEdit( + this.params.file_path, + editData.currentContent, + editData.newContent, + ); + } + const fileName = path.basename(this.params.file_path); const originallyProposedContent = this.params.ai_proposed_content || editData.newContent; diff --git a/packages/core/src/tools/shell.test.ts b/packages/core/src/tools/shell.test.ts index a8748e37570..f4e29f33835 100644 --- a/packages/core/src/tools/shell.test.ts +++ b/packages/core/src/tools/shell.test.ts @@ -38,6 +38,7 @@ import { ToolErrorType } from './tool-error.js'; import { OUTPUT_UPDATE_INTERVAL_MS } from './shell.js'; import { createMockWorkspaceContext } from '../test-utils/mockWorkspaceContext.js'; import { PermissionManager } from '../permissions/permission-manager.js'; +import { CommitAttributionService } from '../services/commitAttribution.js'; describe('ShellTool', () => { let shellTool: ShellTool; @@ -92,6 +93,9 @@ describe('ShellTool', () => { }), }; }); + + // Ensure attribution singleton is clean between tests + CommitAttributionService.resetInstance(); }); describe('isCommandAllowed', () => { diff --git a/packages/core/src/tools/shell.ts b/packages/core/src/tools/shell.ts index 0300f7bec3c..50e485ea8a9 100644 --- a/packages/core/src/tools/shell.ts +++ b/packages/core/src/tools/shell.ts @@ -24,6 +24,8 @@ import type { PermissionDecision } from '../permissions/types.js'; import { BaseDeclarativeTool, BaseToolInvocation, Kind } from './tools.js'; import { getErrorMessage } from '../utils/errors.js'; import { truncateToolOutput } from '../utils/truncation.js'; +import { CommitAttributionService } from '../services/commitAttribution.js'; +import { buildGitNotesCommand } from '../services/attributionTrailer.js'; import type { ShellExecutionConfig, ShellOutputEvent, @@ -447,6 +449,9 @@ export class ShellToolInvocation extends BaseToolInvocation< } } + // After a successful git commit, attach AI attribution as git notes + await this.attachCommitAttribution(strippedCommand, result, cwd); + // Truncate large output and save full content to a temp file. if (typeof llmContent === 'string') { const truncatedResult = await truncateToolOutput( @@ -484,6 +489,102 @@ export class ShellToolInvocation extends BaseToolInvocation< } } + /** + * After a successful git commit, attach per-file AI attribution metadata + * as git notes. This keeps the commit message clean while enabling + * compliance audits and AI contribution tracking. + * + * Respects the gitCoAuthor setting: if the user disables co-author, + * attribution notes are also skipped. + */ + private async attachCommitAttribution( + command: string, + result: { exitCode: number | null; aborted?: boolean }, + cwd: string, + ): Promise { + // Only act on git commit commands + const gitCommitPattern = /\bgit\s+commit\b/; + if (!gitCommitPattern.test(command)) { + return; + } + + const attributionService = CommitAttributionService.getInstance(); + if (!attributionService.hasAttributions()) { + return; + } + + // If the commit failed or was aborted, clear stale attribution data + // so it doesn't leak into the next successful commit. + if (result.exitCode !== 0 || result.aborted) { + attributionService.clearAttributions(); + return; + } + + // Respect the gitCoAuthor toggle — if the user opted out of AI + // attribution in commit messages, skip notes as well. + const gitCoAuthorSettings = this.config.getGitCoAuthor(); + if (!gitCoAuthorSettings.enabled) { + attributionService.clearAttributions(); + return; + } + + try { + const generatorName = gitCoAuthorSettings.name ?? 'Qwen-Coder'; + const baseDir = this.config.getTargetDir(); + const note = attributionService.generateNotePayload( + generatorName, + baseDir, + ); + const notesCommand = buildGitNotesCommand(note); + + if (!notesCommand) { + debugLogger.warn( + 'AI attribution note too large, skipping git notes attachment', + ); + return; // finally block still runs for cleanup + } + + // Use a short timeout to avoid blocking the user if git notes stalls + const notesAbort = new AbortController(); + const notesTimeout = setTimeout(() => notesAbort.abort(), 5000); + let notesExitCode: number | null = null; + let notesOutput = ''; + try { + const handle = await ShellExecutionService.execute( + notesCommand, + cwd, + () => {}, + notesAbort.signal, + false, + {}, + ); + const notesResult = await handle.result; + notesExitCode = notesResult.exitCode; + notesOutput = notesResult.output; + } finally { + clearTimeout(notesTimeout); + } + + if (notesExitCode !== 0) { + debugLogger.warn( + `git notes exited with code ${notesExitCode}: ${notesOutput}`, + ); + } else { + debugLogger.debug( + `Attached AI attribution note: ${note.summary.totalFilesTouched} file(s), +${note.summary.totalAiCharsAdded}/-${note.summary.totalAiCharsRemoved} chars`, + ); + } + } catch (err) { + // Non-fatal: attribution failure should not block the commit + debugLogger.warn( + `Failed to attach AI attribution note: ${getErrorMessage(err)}`, + ); + } finally { + // Always clear attributions after a commit attempt + attributionService.clearAttributions(); + } + } + private addCoAuthorToGitCommit(command: string): string { // Check if co-author feature is enabled const gitCoAuthorSettings = this.config.getGitCoAuthor(); diff --git a/packages/core/src/tools/write-file.ts b/packages/core/src/tools/write-file.ts index ec978c85134..5c390784cd7 100644 --- a/packages/core/src/tools/write-file.ts +++ b/packages/core/src/tools/write-file.ts @@ -47,6 +47,7 @@ import { fileExists as isFilefileExists, } from '../utils/fileUtils.js'; import { getLanguageFromFilePath } from '../utils/language-detection.js'; +import { CommitAttributionService } from '../services/commitAttribution.js'; import { createDebugLogger } from '../utils/debugLogger.js'; const debugLogger = createDebugLogger('WRITE_FILE'); @@ -235,6 +236,17 @@ class WriteFileToolInvocation extends BaseToolInvocation< }, }); + // Track AI contribution for commit attribution. + // Pass null only when the file truly did not exist before this write; + // an empty string means the file existed but was empty. + if (!modified_by_user) { + CommitAttributionService.getInstance().recordEdit( + file_path, + fileExists ? originalContent : null, + content, + ); + } + // Generate diff for display result const fileName = path.basename(file_path); // If there was a readError, originalContent in correctedContentResult is '', From 7c62e60fd206bd7f7444131b0c10ef0c257f6fe3 Mon Sep 17 00:00:00 2001 From: wenshao Date: Fri, 10 Apr 2026 23:29:21 +0800 Subject: [PATCH 02/64] feat: enhance commit attribution with real AI/human ratios and generated file exclusion MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Replace line-based diff with a prefix/suffix character-level algorithm for precise contribution calculation (e.g. "Esc"→"esc" = 1 char, not whole line) - Compute real AI vs human contribution percentages at commit time by analyzing git diff --stat output: humanChars = max(0, diffSize - trackedAiChars) - Add generated file exclusion (lock files, dist/, .min.js, .d.ts, etc.) ported from an existing generatedFiles.ts - Add file deletion tracking via recordDeletion() - Update git notes payload format: {aiChars, humanChars, percent} per file with real percentages instead of hardcoded 100% --- .../src/services/attributionTrailer.test.ts | 68 ++-- .../core/src/services/attributionTrailer.ts | 16 +- .../src/services/commitAttribution.test.ts | 266 ++++++++++----- .../core/src/services/commitAttribution.ts | 316 +++++++++++------- .../core/src/services/generatedFiles.test.ts | 52 +++ packages/core/src/services/generatedFiles.ts | 127 +++++++ packages/core/src/tools/shell.ts | 103 +++++- 7 files changed, 674 insertions(+), 274 deletions(-) create mode 100644 packages/core/src/services/generatedFiles.test.ts create mode 100644 packages/core/src/services/generatedFiles.ts diff --git a/packages/core/src/services/attributionTrailer.test.ts b/packages/core/src/services/attributionTrailer.test.ts index 89b656abf7c..b0d03309e7e 100644 --- a/packages/core/src/services/attributionTrailer.test.ts +++ b/packages/core/src/services/attributionTrailer.test.ts @@ -16,25 +16,16 @@ const sampleNote: CommitAttributionNote = { version: 1, generator: 'Qwen-Coder', files: { - 'src/main.ts': { - aiCharsAdded: 150, - aiCharsRemoved: 30, - aiCreated: true, - aiContributionPercent: 100, - }, - 'src/utils.ts': { - aiCharsAdded: 45, - aiCharsRemoved: 20, - aiCreated: false, - aiContributionPercent: 100, - }, + 'src/main.ts': { aiChars: 150, humanChars: 50, percent: 75 }, + 'src/utils.ts': { aiChars: 0, humanChars: 200, percent: 0 }, }, summary: { - totalAiCharsAdded: 195, - totalAiCharsRemoved: 50, + aiPercent: 38, + aiChars: 150, + humanChars: 250, totalFilesTouched: 2, - overallAiPercent: 100, }, + excludedGenerated: ['package-lock.json'], }; describe('attributionTrailer', () => { @@ -49,61 +40,46 @@ describe('attributionTrailer', () => { expect(cmd).toContain('"Qwen-Coder"'); }); - it('should not include cd prefix (cwd handled by executor)', () => { - const cmd = buildGitNotesCommand(sampleNote); - expect(cmd).not.toBeNull(); - expect(cmd!).not.toContain('cd '); - expect(cmd!.startsWith('git notes')).toBe(true); + it('should not include cd prefix', () => { + const cmd = buildGitNotesCommand(sampleNote)!; + expect(cmd).not.toContain('cd '); + expect(cmd.startsWith('git notes')).toBe(true); }); - it('should produce valid JSON in the note message', () => { + it('should produce valid JSON in the note', () => { const cmd = buildGitNotesCommand(sampleNote)!; - // Extract the JSON from between the single quotes after -m const match = cmd.match(/-m '(.+)' HEAD/); expect(match).toBeTruthy(); - // The JSON may have escaped single quotes, unescape them const jsonStr = match![1].replace(/'\\''/g, "'"); const parsed = JSON.parse(jsonStr); expect(parsed.version).toBe(1); - expect(parsed.generator).toBe('Qwen-Coder'); + expect(parsed.summary.aiPercent).toBe(38); + expect(parsed.files['src/main.ts'].percent).toBe(75); }); it('should return null when note exceeds size limit', () => { const hugeNote: CommitAttributionNote = { ...sampleNote, files: {}, + excludedGenerated: [], }; - // Create a note with enough files to exceed 128KB for (let i = 0; i < 2000; i++) { hugeNote.files[ `src/very/long/path/to/some/deeply/nested/file_${i}.ts` - ] = { - aiCharsAdded: 999999, - aiCharsRemoved: 999999, - aiCreated: true, - aiContributionPercent: 100, - }; + ] = { aiChars: 999999, humanChars: 999999, percent: 50 }; } - const cmd = buildGitNotesCommand(hugeNote); - expect(cmd).toBeNull(); + expect(buildGitNotesCommand(hugeNote)).toBeNull(); }); it('should properly escape single quotes in JSON', () => { const noteWithQuotes: CommitAttributionNote = { ...sampleNote, files: { - "it's-a-file.ts": { - aiCharsAdded: 10, - aiCharsRemoved: 5, - aiCreated: false, - aiContributionPercent: 100, - }, + "it's-a-file.ts": { aiChars: 10, humanChars: 5, percent: 67 }, }, }; const cmd = buildGitNotesCommand(noteWithQuotes); expect(cmd).not.toBeNull(); - // Should not have unescaped single quotes that break the shell command - // The pattern '...'\''...' is the correct shell escaping for single quotes expect(cmd).toContain("'\\''"); }); }); @@ -111,11 +87,13 @@ describe('attributionTrailer', () => { describe('formatAttributionSummary', () => { it('should format a human-readable summary', () => { const summary = formatAttributionSummary(sampleNote); - expect(summary).toContain('2 file(s) touched'); - expect(summary).toContain('Chars added: 195'); - expect(summary).toContain('removed: 50'); + expect(summary).toContain('38% AI'); + expect(summary).toContain('2 file(s)'); + expect(summary).toContain('AI chars: 150'); + expect(summary).toContain('Human chars: 250'); expect(summary).toContain('src/main.ts'); - expect(summary).toContain('[created]'); + expect(summary).toContain('75% AI'); + expect(summary).toContain('Excluded generated: 1 file(s)'); }); }); diff --git a/packages/core/src/services/attributionTrailer.ts b/packages/core/src/services/attributionTrailer.ts index 9d6b29231de..fb08f6f67a4 100644 --- a/packages/core/src/services/attributionTrailer.ts +++ b/packages/core/src/services/attributionTrailer.ts @@ -17,11 +17,10 @@ import type { CommitAttributionNote } from './commitAttribution.js'; const GIT_NOTES_REF = 'refs/notes/ai-attribution'; /** Maximum byte length for the -m argument to avoid shell ARG_MAX limits. */ -const MAX_NOTE_BYTES = 128 * 1024; // 128 KB – well within Linux's typical 2 MB +const MAX_NOTE_BYTES = 128 * 1024; // 128 KB /** * Escape a string for safe use inside single quotes in a shell command. - * Replaces each ' with the sequence '\'' (end quote, escaped quote, start quote). */ function shellEscapeSingleQuote(s: string): string { return s.replace(/'/g, "'\\''"); @@ -51,18 +50,23 @@ export function buildGitNotesCommand( export function formatAttributionSummary(note: CommitAttributionNote): string { const lines: string[] = []; lines.push( - `AI Attribution: ${note.summary.totalFilesTouched} file(s) touched`, + `AI Attribution: ${note.summary.aiPercent}% AI, ${note.summary.totalFilesTouched} file(s)`, ); lines.push( - ` Chars added: ${note.summary.totalAiCharsAdded}, removed: ${note.summary.totalAiCharsRemoved}`, + ` AI chars: ${note.summary.aiChars}, Human chars: ${note.summary.humanChars}`, ); for (const [filePath, data] of Object.entries(note.files)) { const shortPath = filePath.length > 60 ? '...' + filePath.slice(-57) : filePath; - const created = data.aiCreated ? ' [created]' : ''; lines.push( - ` ${shortPath}: +${data.aiCharsAdded}/-${data.aiCharsRemoved}${created}`, + ` ${shortPath}: ${data.percent}% AI (+${data.aiChars}/${data.humanChars}h)`, + ); + } + + if (note.excludedGenerated.length > 0) { + lines.push( + ` Excluded generated: ${note.excludedGenerated.length} file(s)`, ); } diff --git a/packages/core/src/services/commitAttribution.test.ts b/packages/core/src/services/commitAttribution.test.ts index 5291cfda990..4e2b23d034b 100644 --- a/packages/core/src/services/commitAttribution.test.ts +++ b/packages/core/src/services/commitAttribution.test.ts @@ -5,7 +5,65 @@ */ import { describe, it, expect, beforeEach } from 'vitest'; -import { CommitAttributionService } from './commitAttribution.js'; +import { + CommitAttributionService, + computeCharContribution, + type StagedFileInfo, +} from './commitAttribution.js'; + +// Helper to build StagedFileInfo from tracked files +function makeStagedInfo( + files: string[], + diffSizes?: Record, + deleted?: string[], +): StagedFileInfo { + return { + files, + diffSizes: new Map(Object.entries(diffSizes ?? {})), + deletedFiles: new Set(deleted ?? []), + }; +} + +describe('computeCharContribution', () => { + it('should return new content length for file creation', () => { + expect(computeCharContribution('', 'hello world')).toBe(11); + }); + + it('should return old content length for file deletion', () => { + expect(computeCharContribution('hello world', '')).toBe(11); + }); + + it('should handle same-length replacement via prefix/suffix', () => { + // "Esc" → "esc" — only 1 char changed + expect(computeCharContribution('Esc', 'esc')).toBe(1); + }); + + it('should handle insertion in the middle', () => { + // "ab" → "aXb" — 1 char inserted + expect(computeCharContribution('ab', 'aXb')).toBe(1); + }); + + it('should handle deletion in the middle', () => { + // "aXb" → "ab" — 1 char deleted + expect(computeCharContribution('aXb', 'ab')).toBe(1); + }); + + it('should handle complete replacement', () => { + expect(computeCharContribution('abc', 'xyz')).toBe(3); + }); + + it('should return 0 for identical content', () => { + expect(computeCharContribution('same', 'same')).toBe(0); + }); + + it('should handle multi-line changes', () => { + const old = 'line1\nline2\nline3'; + const now = 'line1\nchanged\nline3'; + // common prefix = "line1\n" (6), common suffix = "\nline3" (6) + // old changed = 17-6-6 = 5 ("line2"), new changed = 19-6-6 = 7 ("changed") + expect(computeCharContribution(old, now)).toBe(7); + }); +}); describe('CommitAttributionService', () => { beforeEach(() => { @@ -21,144 +79,182 @@ describe('CommitAttributionService', () => { it('should start with no attributions', () => { const service = CommitAttributionService.getInstance(); expect(service.hasAttributions()).toBe(false); - expect(service.getAttributions().size).toBe(0); }); it('should track new file creation', () => { const service = CommitAttributionService.getInstance(); - service.recordEdit('/path/to/file.ts', null, 'hello world'); + service.recordEdit('/project/src/file.ts', null, 'hello world'); - expect(service.hasAttributions()).toBe(true); - const attr = service.getFileAttribution('/path/to/file.ts'); + const attr = service.getFileAttribution('/project/src/file.ts'); expect(attr).toBeDefined(); expect(attr!.aiCreated).toBe(true); - expect(attr!.aiCharsAdded).toBe(11); // 'hello world'.length + expect(attr!.aiContribution).toBe(11); }); it('should NOT treat empty existing file as new file creation', () => { const service = CommitAttributionService.getInstance(); - // oldContent = '' means the file existed but was empty - service.recordEdit('/path/to/empty.ts', '', 'new content'); + service.recordEdit('/project/empty.ts', '', 'new content'); - const attr = service.getFileAttribution('/path/to/empty.ts'); - expect(attr).toBeDefined(); + const attr = service.getFileAttribution('/project/empty.ts'); expect(attr!.aiCreated).toBe(false); - expect(attr!.aiCharsAdded).toBeGreaterThan(0); + expect(attr!.aiContribution).toBe(11); // 'new content'.length }); - it('should track edits to existing files', () => { + it('should track edits with prefix/suffix algorithm', () => { const service = CommitAttributionService.getInstance(); - service.recordEdit('/path/to/file.ts', 'old line\n', 'new line\nextra\n'); - - const attr = service.getFileAttribution('/path/to/file.ts'); - expect(attr).toBeDefined(); - expect(attr!.aiCreated).toBe(false); - expect(attr!.aiCharsAdded).toBeGreaterThan(0); - expect(attr!.aiCharsRemoved).toBeGreaterThan(0); + service.recordEdit('/project/f.ts', 'Hello World', 'Hello world'); + // Only 'W'→'w' changed: contribution = 1 + expect(service.getFileAttribution('/project/f.ts')!.aiContribution).toBe(1); }); - it('should accumulate multiple edits to the same file', () => { + it('should accumulate contributions across multiple edits', () => { const service = CommitAttributionService.getInstance(); - service.recordEdit('/path/to/file.ts', 'aaa\n', 'bbb\n'); - service.recordEdit('/path/to/file.ts', 'bbb\n', 'ccc\nddd\n'); + service.recordEdit('/project/f.ts', 'aaa', 'bbb'); // 3 + service.recordEdit('/project/f.ts', 'bbb', 'bbbccc'); // 3 + expect(service.getFileAttribution('/project/f.ts')!.aiContribution).toBe(6); + }); - const attr = service.getFileAttribution('/path/to/file.ts'); - expect(attr).toBeDefined(); - expect(attr!.aiCharsAdded).toBeGreaterThan(0); + it('should record deletions', () => { + const service = CommitAttributionService.getInstance(); + service.recordDeletion('/project/old.ts', 500); + expect(service.getFileAttribution('/project/old.ts')!.aiContribution).toBe( + 500, + ); }); - it('should track multiple files independently', () => { + it('should return defensive copies', () => { const service = CommitAttributionService.getInstance(); - service.recordEdit('/a.ts', null, 'content a'); - service.recordEdit('/b.ts', 'old', 'new'); + service.recordEdit('/project/f.ts', null, 'content'); + + const copy = service.getFileAttribution('/project/f.ts')!; + copy.aiContribution = 99999; - expect(service.getAttributions().size).toBe(2); - expect(service.getFileAttribution('/a.ts')!.aiCreated).toBe(true); - expect(service.getFileAttribution('/b.ts')!.aiCreated).toBe(false); + expect( + service.getFileAttribution('/project/f.ts')!.aiContribution, + ).not.toBe(99999); }); it('should clear attributions', () => { const service = CommitAttributionService.getInstance(); - service.recordEdit('/file.ts', null, 'content'); - expect(service.hasAttributions()).toBe(true); - + service.recordEdit('/project/f.ts', null, 'content'); service.clearAttributions(); expect(service.hasAttributions()).toBe(false); }); - it('should return defensive copies from getFileAttribution', () => { - const service = CommitAttributionService.getInstance(); - service.recordEdit('/file.ts', null, 'content'); + describe('generateNotePayload', () => { + it('should compute real AI/human percentages from staged info', () => { + const service = CommitAttributionService.getInstance(); + // AI edited this file, contributing 200 chars + service.recordEdit('/project/src/main.ts', '', 'x'.repeat(200)); - const copy = service.getFileAttribution('/file.ts')!; - copy.aiCharsAdded = 99999; + const staged = makeStagedInfo(['src/main.ts', 'src/human.ts'], { + 'src/main.ts': 400, + 'src/human.ts': 200, + }); - // Internal state should be unaffected - const fresh = service.getFileAttribution('/file.ts')!; - expect(fresh.aiCharsAdded).not.toBe(99999); - }); + const note = service.generateNotePayload( + staged, + '/project', + 'Qwen-Coder', + ); - describe('generateNotePayload', () => { - it('should generate valid note payload', () => { + // main.ts: AI=200, human=max(0,400-200)=200 → 50% + expect(note.files['src/main.ts']).toEqual({ + aiChars: 200, + humanChars: 200, + percent: 50, + }); + + // human.ts: not tracked → AI=0, human=200 → 0% + expect(note.files['src/human.ts']).toEqual({ + aiChars: 0, + humanChars: 200, + percent: 0, + }); + + // Overall: AI=200, human=400 → 33% + expect(note.summary.aiPercent).toBe(33); + expect(note.summary.aiChars).toBe(200); + expect(note.summary.humanChars).toBe(400); + }); + + it('should exclude generated files', () => { const service = CommitAttributionService.getInstance(); - service.recordEdit('/src/main.ts', null, 'console.log("hello");\n'); - service.recordEdit('/src/util.ts', 'old code\n', 'new code\nmore\n'); - - const note = service.generateNotePayload('Qwen-Coder'); - expect(note.version).toBe(1); - expect(note.generator).toBe('Qwen-Coder'); - expect(Object.keys(note.files)).toHaveLength(2); - expect(note.summary.totalFilesTouched).toBe(2); - expect(note.summary.totalAiCharsAdded).toBeGreaterThan(0); + service.recordEdit('/project/src/main.ts', null, 'code'); + + const staged = makeStagedInfo( + ['src/main.ts', 'package-lock.json', 'dist/bundle.js'], + { + 'src/main.ts': 100, + 'package-lock.json': 50000, + 'dist/bundle.js': 30000, + }, + ); + + const note = service.generateNotePayload(staged, '/project'); + + expect(Object.keys(note.files)).toHaveLength(1); + expect(note.files['src/main.ts']).toBeDefined(); + expect(note.excludedGenerated).toContain('package-lock.json'); + expect(note.excludedGenerated).toContain('dist/bundle.js'); }); - it('should convert absolute paths to relative paths when baseDir is provided', () => { + it('should handle deleted files (human deletion)', () => { const service = CommitAttributionService.getInstance(); - service.recordEdit('/home/user/project/src/main.ts', null, 'code'); + service.recordEdit('/project/src/keep.ts', null, 'code'); - const note = service.generateNotePayload( - 'Qwen-Coder', - '/home/user/project', + const staged = makeStagedInfo( + ['src/keep.ts', 'src/removed.ts'], + { 'src/keep.ts': 100, 'src/removed.ts': 200 }, + ['src/removed.ts'], ); - const filePaths = Object.keys(note.files); - expect(filePaths).toHaveLength(1); - expect(filePaths[0]).toBe('src/main.ts'); + + const note = service.generateNotePayload(staged, '/project'); + // removed.ts: untracked deletion → human=200 + expect(note.files['src/removed.ts']!.humanChars).toBe(200); + expect(note.files['src/removed.ts']!.aiChars).toBe(0); }); - it('should keep absolute paths when baseDir is not provided', () => { + it('should handle deleted files (AI deletion)', () => { const service = CommitAttributionService.getInstance(); - service.recordEdit('/home/user/project/src/main.ts', null, 'code'); + service.recordDeletion('/project/src/removed.ts', 300); + + const staged = makeStagedInfo( + ['src/removed.ts'], + { 'src/removed.ts': 400 }, + ['src/removed.ts'], + ); - const note = service.generateNotePayload('Qwen-Coder'); - const filePaths = Object.keys(note.files); - expect(filePaths[0]).toBe('/home/user/project/src/main.ts'); + const note = service.generateNotePayload(staged, '/project'); + expect(note.files['src/removed.ts']!.aiChars).toBe(300); }); it('should sanitize internal model codenames', () => { const service = CommitAttributionService.getInstance(); - service.recordEdit('/file.ts', null, 'x'); + service.recordEdit('/project/f.ts', null, 'x'); - expect(service.generateNotePayload('qwen-72b').generator).toBe( - 'Qwen-Coder', - ); - expect(service.generateNotePayload('qwen_coder_2.5').generator).toBe( - 'Qwen-Coder', - ); - expect(service.generateNotePayload('qwen-max').generator).toBe( - 'Qwen-Coder', - ); - expect(service.generateNotePayload('qwen-turbo').generator).toBe( - 'Qwen-Coder', - ); + const staged = makeStagedInfo(['f.ts'], { 'f.ts': 10 }); + + expect( + service.generateNotePayload(staged, '/project', 'qwen-72b').generator, + ).toBe('Qwen-Coder'); + expect( + service.generateNotePayload(staged, '/project', 'qwen-max').generator, + ).toBe('Qwen-Coder'); + expect( + service.generateNotePayload(staged, '/project', 'CustomAgent') + .generator, + ).toBe('CustomAgent'); }); - it('should not sanitize non-internal names', () => { + it('should convert absolute paths to relative', () => { const service = CommitAttributionService.getInstance(); - service.recordEdit('/file.ts', null, 'x'); + service.recordEdit('/home/user/project/src/main.ts', null, 'code'); - expect(service.generateNotePayload('CustomAgent').generator).toBe( - 'CustomAgent', - ); + const staged = makeStagedInfo(['src/main.ts'], { 'src/main.ts': 100 }); + const note = service.generateNotePayload(staged, '/home/user/project'); + + expect(Object.keys(note.files)).toContain('src/main.ts'); }); }); }); diff --git a/packages/core/src/services/commitAttribution.ts b/packages/core/src/services/commitAttribution.ts index 96d324e69f9..b25e29740d6 100644 --- a/packages/core/src/services/commitAttribution.ts +++ b/packages/core/src/services/commitAttribution.ts @@ -8,43 +8,59 @@ * Commit Attribution Service * * Tracks character-level contribution ratios between AI and humans per file. - * When a git commit is made, this data is used to generate attribution metadata - * stored as git notes, keeping the commit history clean while enabling - * compliance audits and AI disclosure. + * When a git commit is made, this data is combined with git diff analysis to + * calculate real AI vs human contribution percentages, stored as git notes. */ import * as path from 'node:path'; +import { isGeneratedFile } from './generatedFiles.js'; + +// --------------------------------------------------------------------------- +// Types +// --------------------------------------------------------------------------- export interface FileAttribution { - /** Characters added by AI */ - aiCharsAdded: number; - /** Characters removed by AI */ - aiCharsRemoved: number; - /** Whether the file was created (not just edited) by AI */ + /** Total characters contributed by AI (accumulated across edits) */ + aiContribution: number; + /** Whether the file was created by AI */ aiCreated: boolean; } +/** Per-file attribution detail in the git notes payload. */ +export interface FileAttributionDetail { + aiChars: number; + humanChars: number; + percent: number; +} + +/** Full attribution payload stored as git notes JSON. */ export interface CommitAttributionNote { version: 1; generator: string; - files: Record< - string, - { - aiCharsAdded: number; - aiCharsRemoved: number; - aiCreated: boolean; - aiContributionPercent: number; - } - >; + files: Record; summary: { - totalAiCharsAdded: number; - totalAiCharsRemoved: number; + aiPercent: number; + aiChars: number; + humanChars: number; totalFilesTouched: number; - overallAiPercent: number; }; + excludedGenerated: string[]; } -// Internal model codenames that should be sanitized for external repos +/** Result of running git commands to get staged file info. */ +export interface StagedFileInfo { + /** Relative file paths from git root */ + files: string[]; + /** Per-file diff size in estimated characters (from git diff --cached --stat) */ + diffSizes: Map; + /** Files that were deleted */ + deletedFiles: Set; +} + +// --------------------------------------------------------------------------- +// Model name sanitization +// --------------------------------------------------------------------------- + const INTERNAL_MODEL_PATTERNS = [ /qwen[-_]?\d+(\.\d+)?[-_]?b?/i, /qwen[-_]?coder[-_]?\d*/i, @@ -55,10 +71,23 @@ const INTERNAL_MODEL_PATTERNS = [ const SANITIZED_GENERATOR_NAME = 'Qwen-Coder'; +function sanitizeModelName(name: string): string { + for (const pattern of INTERNAL_MODEL_PATTERNS) { + if (pattern.test(name)) { + return SANITIZED_GENERATOR_NAME; + } + } + return name; +} + +// --------------------------------------------------------------------------- +// Service +// --------------------------------------------------------------------------- + export class CommitAttributionService { private static instance: CommitAttributionService | null = null; - /** Per-file attribution tracking for the current session */ + /** Per-file AI contribution tracking (keyed by absolute path) */ private fileAttributions: Map = new Map(); private constructor() {} @@ -70,16 +99,19 @@ export class CommitAttributionService { return CommitAttributionService.instance; } - /** - * Reset singleton for testing. - */ + /** Reset singleton for testing. */ static resetInstance(): void { CommitAttributionService.instance = null; } + // ----------------------------------------------------------------------- + // Recording + // ----------------------------------------------------------------------- + /** * Record an AI edit to a file. - * Called after EditTool or WriteFileTool successfully modifies a file. + * Uses Claude's prefix/suffix matching algorithm for precise character-level + * contribution calculation. */ recordEdit( filePath: string, @@ -87,33 +119,37 @@ export class CommitAttributionService { newContent: string, ): void { const existing = this.fileAttributions.get(filePath) || { - aiCharsAdded: 0, - aiCharsRemoved: 0, + aiContribution: 0, aiCreated: false, }; - // Only treat as new file when oldContent is strictly null (file did not exist). - // Empty string means the file existed but was empty. const isNewFile = oldContent === null; + const contribution = computeCharContribution(oldContent ?? '', newContent); + existing.aiContribution += contribution; if (isNewFile && !existing.aiCreated) { existing.aiCreated = true; - existing.aiCharsAdded += newContent.length; - } else { - const { added, removed } = this.calculateCharDiff( - oldContent ?? '', - newContent, - ); - existing.aiCharsAdded += added; - existing.aiCharsRemoved += removed; } this.fileAttributions.set(filePath, existing); } /** - * Get attribution data for all tracked files (defensive copy). + * Record an AI file deletion. */ + recordDeletion(filePath: string, deletedContentLength: number): void { + const existing = this.fileAttributions.get(filePath) || { + aiContribution: 0, + aiCreated: false, + }; + existing.aiContribution += deletedContentLength; + this.fileAttributions.set(filePath, existing); + } + + // ----------------------------------------------------------------------- + // Querying + // ----------------------------------------------------------------------- + getAttributions(): Map { const copy = new Map(); for (const [k, v] of this.fileAttributions) { @@ -122,128 +158,156 @@ export class CommitAttributionService { return copy; } - /** - * Get attribution for a specific file (defensive copy). - */ getFileAttribution(filePath: string): FileAttribution | undefined { const attr = this.fileAttributions.get(filePath); return attr ? { ...attr } : undefined; } - /** - * Check if there are any tracked attributions. - */ hasAttributions(): boolean { return this.fileAttributions.size > 0; } - /** - * Clear all tracked attributions (called after a commit is made). - */ clearAttributions(): void { this.fileAttributions.clear(); } + // ----------------------------------------------------------------------- + // Payload generation + // ----------------------------------------------------------------------- + /** - * Generate a git notes JSON payload for the current attributions. - * File paths are converted to relative paths based on the given base directory - * to avoid leaking absolute directory structures. - * @param generatorName The model/tool name (will be sanitized) - * @param baseDir Base directory to compute relative file paths from + * Generate the git notes JSON payload by combining tracked AI contributions + * with staged file information from git. + * + * For each staged file: + * - If AI tracked it: aiChars = tracked contribution; humanChars = max(0, diffSize - aiChars) + * - If AI did NOT track it: aiChars = 0; humanChars = diffSize (100% human) + * - Generated files (lock, dist, etc.) are excluded + * + * @param stagedInfo Result of git diff --cached analysis + * @param baseDir Project root for converting absolute paths to relative + * @param generatorName Model/tool name (will be sanitized) */ generateNotePayload( + stagedInfo: StagedFileInfo, + baseDir: string, generatorName?: string, - baseDir?: string, ): CommitAttributionNote { - const sanitizedGenerator = this.sanitizeModelName( + const generator = sanitizeModelName( generatorName ?? SANITIZED_GENERATOR_NAME, ); - const files: CommitAttributionNote['files'] = {}; - let totalAiCharsAdded = 0; - let totalAiCharsRemoved = 0; - - for (const [filePath, attr] of this.fileAttributions) { - const relativePath = baseDir - ? path.relative(baseDir, filePath) - : filePath; - const totalChange = attr.aiCharsAdded + attr.aiCharsRemoved; - files[relativePath] = { - aiCharsAdded: attr.aiCharsAdded, - aiCharsRemoved: attr.aiCharsRemoved, - aiCreated: attr.aiCreated, - aiContributionPercent: totalChange > 0 ? 100 : 0, - }; - totalAiCharsAdded += attr.aiCharsAdded; - totalAiCharsRemoved += attr.aiCharsRemoved; + const files: Record = {}; + const excludedGenerated: string[] = []; + let totalAiChars = 0; + let totalHumanChars = 0; + + // Build a lookup from relative path → tracked AI contribution + const aiLookup = new Map(); + for (const [absPath, attr] of this.fileAttributions) { + const rel = path.relative(baseDir, absPath); + aiLookup.set(rel, attr); + } + + for (const relFile of stagedInfo.files) { + // Skip generated files + if (isGeneratedFile(relFile)) { + excludedGenerated.push(relFile); + continue; + } + + const tracked = aiLookup.get(relFile); + const diffSize = stagedInfo.diffSizes.get(relFile) ?? 0; + const isDeleted = stagedInfo.deletedFiles.has(relFile); + + let aiChars: number; + let humanChars: number; + + if (tracked) { + aiChars = tracked.aiContribution; + // Human contribution = total diff size minus AI's tracked contribution + // (clamped to 0 — AI may have contributed more than the final diff + // if it rewrote the same region multiple times) + humanChars = Math.max(0, diffSize - aiChars); + } else if (isDeleted) { + // Untracked deletion = human did it + aiChars = 0; + humanChars = diffSize > 0 ? diffSize : 100; + } else { + // Untracked file = 100% human + aiChars = 0; + humanChars = diffSize; + } + + const total = aiChars + humanChars; + const percent = total > 0 ? Math.round((aiChars / total) * 100) : 0; + + files[relFile] = { aiChars, humanChars, percent }; + totalAiChars += aiChars; + totalHumanChars += humanChars; } - const totalChange = totalAiCharsAdded + totalAiCharsRemoved; + const totalChars = totalAiChars + totalHumanChars; + const aiPercent = + totalChars > 0 ? Math.round((totalAiChars / totalChars) * 100) : 0; return { version: 1, - generator: sanitizedGenerator, + generator, files, summary: { - totalAiCharsAdded, - totalAiCharsRemoved, - totalFilesTouched: this.fileAttributions.size, - overallAiPercent: totalChange > 0 ? 100 : 0, + aiPercent, + aiChars: totalAiChars, + humanChars: totalHumanChars, + totalFilesTouched: Object.keys(files).length, }, + excludedGenerated, }; } +} - /** - * Calculate character-level additions and removals between two strings. - * Uses a line-based multiset diff: counts lines present in one version - * but not the other and sums their character lengths. - */ - private calculateCharDiff( - oldContent: string, - newContent: string, - ): { added: number; removed: number } { - const oldLines = oldContent.split('\n'); - const newLines = newContent.split('\n'); - - let added = 0; - let removed = 0; - - const oldCounts = new Map(); - for (const line of oldLines) { - oldCounts.set(line, (oldCounts.get(line) || 0) + 1); - } - - const newCounts = new Map(); - for (const line of newLines) { - newCounts.set(line, (newCounts.get(line) || 0) + 1); - } - - // Count removed lines (in old but fewer occurrences in new) - for (const [line, oldCount] of oldCounts) { - const newCount = newCounts.get(line) || 0; - const removedCount = Math.max(0, oldCount - newCount); - removed += removedCount * line.length; - } +// --------------------------------------------------------------------------- +// Character contribution calculation (Claude's prefix/suffix algorithm) +// --------------------------------------------------------------------------- - // Count added lines (in new but fewer occurrences in old) - for (const [line, newCount] of newCounts) { - const oldCount = oldCounts.get(line) || 0; - const addedCount = Math.max(0, newCount - oldCount); - added += addedCount * line.length; - } +/** + * Compute the character contribution for a file modification. + * Uses common prefix/suffix matching to find the actual changed region, + * then returns the larger of the old/new changed lengths. + * + * This correctly handles same-length replacements (e.g., "Esc" → "esc") + * where a simple length difference would be 0. + */ +export function computeCharContribution( + oldContent: string, + newContent: string, +): number { + if (oldContent === '' || newContent === '') { + // New file creation or full deletion + return oldContent === '' ? newContent.length : oldContent.length; + } - return { added, removed }; + // Find common prefix + const minLen = Math.min(oldContent.length, newContent.length); + let prefixEnd = 0; + while ( + prefixEnd < minLen && + oldContent[prefixEnd] === newContent[prefixEnd] + ) { + prefixEnd++; } - /** - * Sanitize internal model codenames to prevent leaking internal details. - */ - private sanitizeModelName(name: string): string { - for (const pattern of INTERNAL_MODEL_PATTERNS) { - if (pattern.test(name)) { - return SANITIZED_GENERATOR_NAME; - } - } - return name; + // Find common suffix (not overlapping with prefix) + let suffixLen = 0; + while ( + suffixLen < minLen - prefixEnd && + oldContent[oldContent.length - 1 - suffixLen] === + newContent[newContent.length - 1 - suffixLen] + ) { + suffixLen++; } + + const oldChangedLen = oldContent.length - prefixEnd - suffixLen; + const newChangedLen = newContent.length - prefixEnd - suffixLen; + return Math.max(oldChangedLen, newChangedLen); } diff --git a/packages/core/src/services/generatedFiles.test.ts b/packages/core/src/services/generatedFiles.test.ts new file mode 100644 index 00000000000..d7692d39efb --- /dev/null +++ b/packages/core/src/services/generatedFiles.test.ts @@ -0,0 +1,52 @@ +/** + * @license + * Copyright 2025 Google LLC + * SPDX-License-Identifier: Apache-2.0 + */ + +import { describe, it, expect } from 'vitest'; +import { isGeneratedFile } from './generatedFiles.js'; + +describe('isGeneratedFile', () => { + it('should exclude lock files', () => { + expect(isGeneratedFile('package-lock.json')).toBe(true); + expect(isGeneratedFile('yarn.lock')).toBe(true); + expect(isGeneratedFile('pnpm-lock.yaml')).toBe(true); + expect(isGeneratedFile('Cargo.lock')).toBe(true); + }); + + it('should exclude minified files', () => { + expect(isGeneratedFile('app.min.js')).toBe(true); + expect(isGeneratedFile('styles.min.css')).toBe(true); + expect(isGeneratedFile('lib-min.js')).toBe(true); + }); + + it('should exclude files in dist/build directories', () => { + expect(isGeneratedFile('dist/bundle.js')).toBe(true); + expect(isGeneratedFile('build/output.js')).toBe(true); + expect(isGeneratedFile('src/.next/cache.js')).toBe(true); + }); + + it('should exclude TypeScript declaration files', () => { + expect(isGeneratedFile('types/index.d.ts')).toBe(true); + }); + + it('should exclude generated code files', () => { + expect(isGeneratedFile('api.generated.ts')).toBe(true); + expect(isGeneratedFile('schema.pb.go')).toBe(true); + expect(isGeneratedFile('service.grpc.ts')).toBe(true); + }); + + it('should exclude vendor directories', () => { + expect(isGeneratedFile('vendor/lib/utils.js')).toBe(true); + expect(isGeneratedFile('node_modules/pkg/index.js')).toBe(true); + }); + + it('should NOT exclude normal source files', () => { + expect(isGeneratedFile('src/main.ts')).toBe(false); + expect(isGeneratedFile('lib/utils.js')).toBe(false); + expect(isGeneratedFile('README.md')).toBe(false); + expect(isGeneratedFile('package.json')).toBe(false); + expect(isGeneratedFile('src/components/Button.tsx')).toBe(false); + }); +}); diff --git a/packages/core/src/services/generatedFiles.ts b/packages/core/src/services/generatedFiles.ts new file mode 100644 index 00000000000..1668595bbf2 --- /dev/null +++ b/packages/core/src/services/generatedFiles.ts @@ -0,0 +1,127 @@ +/** + * @license + * Copyright 2025 Google LLC + * SPDX-License-Identifier: Apache-2.0 + */ + +/** + * Generated / vendored file detection for attribution exclusion. + * Based on GitHub Linguist vendored patterns and common generated file patterns. + */ + +import { basename, extname, posix, sep } from 'node:path'; + +// Exact file name matches (case-insensitive) +const EXCLUDED_FILENAMES = new Set([ + 'package-lock.json', + 'yarn.lock', + 'pnpm-lock.yaml', + 'bun.lockb', + 'bun.lock', + 'composer.lock', + 'gemfile.lock', + 'cargo.lock', + 'poetry.lock', + 'pipfile.lock', + 'shrinkwrap.json', + 'npm-shrinkwrap.json', +]); + +// File extension patterns (case-insensitive) +const EXCLUDED_EXTENSIONS = new Set([ + '.lock', + '.min.js', + '.min.css', + '.min.html', + '.bundle.js', + '.bundle.css', + '.generated.ts', + '.generated.js', + '.d.ts', +]); + +// Directory patterns that indicate generated/vendored content +const EXCLUDED_DIRECTORIES = [ + '/dist/', + '/build/', + '/out/', + '/output/', + '/node_modules/', + '/vendor/', + '/vendored/', + '/third_party/', + '/third-party/', + '/external/', + '/.next/', + '/.nuxt/', + '/.svelte-kit/', + '/coverage/', + '/__pycache__/', + '/.tox/', + '/venv/', + '/.venv/', + '/target/release/', + '/target/debug/', +]; + +// Filename patterns using regex for more complex matching +const EXCLUDED_FILENAME_PATTERNS = [ + /^.*\.min\.[a-z]+$/i, + /^.*-min\.[a-z]+$/i, + /^.*\.bundle\.[a-z]+$/i, + /^.*\.generated\.[a-z]+$/i, + /^.*\.gen\.[a-z]+$/i, + /^.*\.auto\.[a-z]+$/i, + /^.*_generated\.[a-z]+$/i, + /^.*_gen\.[a-z]+$/i, + /^.*\.pb\.(go|js|ts|py|rb)$/i, + /^.*_pb2?\.py$/i, + /^.*\.pb\.h$/i, + /^.*\.grpc\.[a-z]+$/i, + /^.*\.swagger\.[a-z]+$/i, + /^.*\.openapi\.[a-z]+$/i, +]; + +/** + * Check if a file should be excluded from attribution based on Linguist-style rules. + * + * @param filePath - Relative file path from repository root + * @returns true if the file should be excluded from attribution + */ +export function isGeneratedFile(filePath: string): boolean { + const normalizedPath = + posix.sep + filePath.split(sep).join(posix.sep).replace(/^\/+/, ''); + const fileName = basename(filePath).toLowerCase(); + const ext = extname(filePath).toLowerCase(); + + if (EXCLUDED_FILENAMES.has(fileName)) { + return true; + } + + if (EXCLUDED_EXTENSIONS.has(ext)) { + return true; + } + + // Check for compound extensions like .min.js + const parts = fileName.split('.'); + if (parts.length > 2) { + const compoundExt = '.' + parts.slice(-2).join('.'); + if (EXCLUDED_EXTENSIONS.has(compoundExt)) { + return true; + } + } + + for (const dir of EXCLUDED_DIRECTORIES) { + if (normalizedPath.includes(dir)) { + return true; + } + } + + for (const pattern of EXCLUDED_FILENAME_PATTERNS) { + if (pattern.test(fileName)) { + return true; + } + } + + return false; +} diff --git a/packages/core/src/tools/shell.ts b/packages/core/src/tools/shell.ts index 50e485ea8a9..4def1f69105 100644 --- a/packages/core/src/tools/shell.ts +++ b/packages/core/src/tools/shell.ts @@ -24,7 +24,10 @@ import type { PermissionDecision } from '../permissions/types.js'; import { BaseDeclarativeTool, BaseToolInvocation, Kind } from './tools.js'; import { getErrorMessage } from '../utils/errors.js'; import { truncateToolOutput } from '../utils/truncation.js'; -import { CommitAttributionService } from '../services/commitAttribution.js'; +import { + CommitAttributionService, + type StagedFileInfo, +} from '../services/commitAttribution.js'; import { buildGitNotesCommand } from '../services/attributionTrailer.js'; import type { ShellExecutionConfig, @@ -491,8 +494,8 @@ export class ShellToolInvocation extends BaseToolInvocation< /** * After a successful git commit, attach per-file AI attribution metadata - * as git notes. This keeps the commit message clean while enabling - * compliance audits and AI contribution tracking. + * as git notes. Analyzes staged files via `git diff` to calculate real + * AI vs human contribution percentages. * * Respects the gitCoAuthor setting: if the user disables co-author, * attribution notes are also skipped. @@ -502,7 +505,6 @@ export class ShellToolInvocation extends BaseToolInvocation< result: { exitCode: number | null; aborted?: boolean }, cwd: string, ): Promise { - // Only act on git commit commands const gitCommitPattern = /\bgit\s+commit\b/; if (!gitCommitPattern.test(command)) { return; @@ -513,15 +515,11 @@ export class ShellToolInvocation extends BaseToolInvocation< return; } - // If the commit failed or was aborted, clear stale attribution data - // so it doesn't leak into the next successful commit. if (result.exitCode !== 0 || result.aborted) { attributionService.clearAttributions(); return; } - // Respect the gitCoAuthor toggle — if the user opted out of AI - // attribution in commit messages, skip notes as well. const gitCoAuthorSettings = this.config.getGitCoAuthor(); if (!gitCoAuthorSettings.enabled) { attributionService.clearAttributions(); @@ -529,11 +527,16 @@ export class ShellToolInvocation extends BaseToolInvocation< } try { + // Analyze the just-committed files by diffing HEAD against its parent. + // The commit already happened, so we diff HEAD~1..HEAD instead of --cached. + const stagedInfo = await this.getCommittedFileInfo(cwd); + const generatorName = gitCoAuthorSettings.name ?? 'Qwen-Coder'; const baseDir = this.config.getTargetDir(); const note = attributionService.generateNotePayload( - generatorName, + stagedInfo, baseDir, + generatorName, ); const notesCommand = buildGitNotesCommand(note); @@ -571,20 +574,96 @@ export class ShellToolInvocation extends BaseToolInvocation< ); } else { debugLogger.debug( - `Attached AI attribution note: ${note.summary.totalFilesTouched} file(s), +${note.summary.totalAiCharsAdded}/-${note.summary.totalAiCharsRemoved} chars`, + `Attached AI attribution note: ${note.summary.aiPercent}% AI, ${note.summary.totalFilesTouched} file(s)`, ); } } catch (err) { - // Non-fatal: attribution failure should not block the commit debugLogger.warn( `Failed to attach AI attribution note: ${getErrorMessage(err)}`, ); } finally { - // Always clear attributions after a commit attempt attributionService.clearAttributions(); } } + /** + * Get information about files in the most recent commit by diffing + * HEAD against its parent (HEAD~1). Falls back to empty info on error. + */ + private async getCommittedFileInfo(cwd: string): Promise { + const empty: StagedFileInfo = { + files: [], + diffSizes: new Map(), + deletedFiles: new Set(), + }; + + const runGit = async (args: string): Promise => { + const handle = await ShellExecutionService.execute( + `git ${args}`, + cwd, + () => {}, + AbortSignal.timeout(5000), + false, + {}, + ); + const r = await handle.result; + return r.exitCode === 0 ? r.output : ''; + }; + + try { + // Get changed file names + const nameOutput = await runGit('diff --name-only HEAD~1 HEAD'); + const files = nameOutput + .split('\n') + .map((f) => f.trim()) + .filter(Boolean); + if (files.length === 0) return empty; + + // Get deleted files + const statusOutput = await runGit('diff --name-status HEAD~1 HEAD'); + const deletedFiles = new Set(); + for (const line of statusOutput.split('\n')) { + if (line.startsWith('D\t')) { + deletedFiles.add(line.slice(2).trim()); + } + } + + // Get diff sizes from stat output + const statOutput = await runGit('diff --stat HEAD~1 HEAD'); + const diffSizes = this.parseDiffStat(statOutput); + + return { files, diffSizes, deletedFiles }; + } catch { + return empty; + } + } + + /** + * Parse `git diff --stat` output to extract per-file change sizes. + * Estimates character count as (insertions + deletions) * 40 chars/line. + */ + private parseDiffStat(statOutput: string): Map { + const sizes = new Map(); + const lines = statOutput.split('\n').filter(Boolean); + + for (const line of lines) { + // Skip summary line ("N files changed, X insertions(+), Y deletions(-)") + if (line.includes('file changed') || line.includes('files changed')) { + continue; + } + // Format: " path/to/file | 5 ++---" + const match = line.match(/^\s*(.+?)\s+\|\s+(\d+)/); + if (match) { + const filePath = match[1]!.trim(); + const changes = parseInt(match[2]!, 10); + // Approximate chars: lines changed * avg 40 chars/line + sizes.set(filePath, changes * 40); + } + } + + return sizes; + } + private addCoAuthorToGitCommit(command: string): string { // Check if co-author feature is enabled const gitCoAuthorSettings = this.config.getGitCoAuthor(); From 260f56b7445e18f61db578faa0d77b140fab16f2 Mon Sep 17 00:00:00 2001 From: wenshao Date: Fri, 10 Apr 2026 23:45:53 +0800 Subject: [PATCH 03/64] feat: add surface tracking, prompt counting, session persistence, and PR attribution MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Align with the full attribution feature set: - Surface tracking: read QWEN_CODE_ENTRYPOINT env var (cli/ide/api/sdk), include surfaceBreakdown in git notes payload - Prompt counting: incrementPromptCount() hooked into client.ts message loop, tracks promptCount/permissionPromptCount/escapeCount - Session persistence: toSnapshot()/restoreFromSnapshot() for serializing attribution state; ChatRecordingService.recordAttributionSnapshot() writes to session JSONL; client.ts restores on session resume - PR attribution: addAttributionToPR() in shell.ts detects `gh pr create` and appends "🤖 Generated with Qwen Code (N-shotted by Qwen-Coder)" - Session baseline: saves content hash on first AI edit of each file for precise human/AI contribution detection - generatePRAttribution() method for programmatic access --- packages/core/src/core/client.ts | 43 ++++ .../src/services/attributionTrailer.test.ts | 3 + .../core/src/services/chatRecordingService.ts | 34 ++- .../src/services/commitAttribution.test.ts | 174 +++++++------ .../core/src/services/commitAttribution.ts | 232 +++++++++++++++--- packages/core/src/tools/shell.ts | 50 +++- 6 files changed, 426 insertions(+), 110 deletions(-) diff --git a/packages/core/src/core/client.ts b/packages/core/src/core/client.ts index 13fc86aaa9d..82a6f51222c 100644 --- a/packages/core/src/core/client.ts +++ b/packages/core/src/core/client.ts @@ -44,6 +44,7 @@ import { COMPRESSION_TOKEN_THRESHOLD, } from '../services/chatCompressionService.js'; import { LoopDetectionService } from '../services/loopDetectionService.js'; +import { CommitAttributionService } from '../services/commitAttribution.js'; // Tools import { AgentTool } from '../tools/agent.js'; @@ -162,11 +163,44 @@ export class GeminiClient { resumedSessionData.conversation, ); await this.startChat(resumedHistory); + + // Restore attribution state from the last snapshot in the session + this.restoreAttributionFromSession(resumedSessionData.conversation); } else { await this.startChat(); } } + /** + * Restore attribution state from the last snapshot in a resumed session. + */ + private restoreAttributionFromSession(conversation: { + messages: Array<{ subtype?: string; systemPayload?: unknown }>; + }): void { + // Find the last attribution snapshot in the session + let lastSnapshot: unknown = null; + for (const msg of conversation.messages) { + if ( + msg.subtype === 'attribution_snapshot' && + msg.systemPayload && + typeof msg.systemPayload === 'object' && + 'snapshot' in msg.systemPayload + ) { + lastSnapshot = (msg.systemPayload as { snapshot: unknown }).snapshot; + } + } + if (lastSnapshot && typeof lastSnapshot === 'object') { + try { + CommitAttributionService.getInstance().restoreFromSnapshot( + lastSnapshot as import('../services/commitAttribution.js').AttributionSnapshot, + ); + debugLogger.debug('Restored attribution state from session snapshot'); + } catch { + debugLogger.warn('Failed to restore attribution snapshot'); + } + } + } + private getContentGeneratorOrFail(): ContentGenerator { if (!this.config.getContentGenerator()) { throw new Error('Content generator not initialized'); @@ -556,9 +590,18 @@ export class GeminiClient { this.loopDetector.reset(prompt_id); this.lastPromptId = prompt_id; + // Track prompt count for commit attribution and persist snapshot + const attributionService = CommitAttributionService.getInstance(); + attributionService.incrementPromptCount(); + // record user message for session management this.config.getChatRecordingService()?.recordUserMessage(request); + // Persist attribution state snapshot for session resume + this.config + .getChatRecordingService() + ?.recordAttributionSnapshot(attributionService.toSnapshot()); + // Thinking block cross-turn retention with idle cleanup: // - Active session (< threshold idle): keep thinking blocks for reasoning coherence // - Idle > threshold: clear old thinking, keep only last 1 turn to free context diff --git a/packages/core/src/services/attributionTrailer.test.ts b/packages/core/src/services/attributionTrailer.test.ts index b0d03309e7e..74da1eac4c9 100644 --- a/packages/core/src/services/attributionTrailer.test.ts +++ b/packages/core/src/services/attributionTrailer.test.ts @@ -24,8 +24,11 @@ const sampleNote: CommitAttributionNote = { aiChars: 150, humanChars: 250, totalFilesTouched: 2, + surfaces: ['cli'], }, + surfaceBreakdown: { cli: { aiChars: 150, percent: 38 } }, excludedGenerated: ['package-lock.json'], + promptCount: 3, }; describe('attributionTrailer', () => { diff --git a/packages/core/src/services/chatRecordingService.ts b/packages/core/src/services/chatRecordingService.ts index 0e021fa4c6c..c2a7f1a0b53 100644 --- a/packages/core/src/services/chatRecordingService.ts +++ b/packages/core/src/services/chatRecordingService.ts @@ -18,6 +18,7 @@ import { import * as jsonl from '../utils/jsonl-utils.js'; import { getGitBranch } from '../utils/gitUtils.js'; import { createDebugLogger } from '../utils/debugLogger.js'; +import type { AttributionSnapshot } from './commitAttribution.js'; const debugLogger = createDebugLogger('CHAT_RECORDING'); import type { @@ -57,7 +58,8 @@ export interface ChatRecord { | 'chat_compression' | 'slash_command' | 'ui_telemetry' - | 'at_command'; + | 'at_command' + | 'attribution_snapshot'; /** Working directory at time of message */ cwd: string; /** CLI version for compatibility tracking */ @@ -97,7 +99,8 @@ export interface ChatRecord { | ChatCompressionRecordPayload | SlashCommandRecordPayload | UiTelemetryRecordPayload - | AtCommandRecordPayload; + | AtCommandRecordPayload + | AttributionSnapshotPayload; } /** @@ -148,6 +151,14 @@ export interface UiTelemetryRecordPayload { uiEvent: UiEvent; } +/** + * Stored payload for attribution state snapshots. + * Enables session persistence of AI contribution tracking. + */ +export interface AttributionSnapshotPayload { + snapshot: AttributionSnapshot; +} + /** * Service for recording the current chat session to disk. * @@ -453,4 +464,23 @@ export class ChatRecordingService { debugLogger.error('Error saving @-command record:', error); } } + + /** + * Records an attribution state snapshot for session persistence. + * Called after each user prompt to persist AI contribution tracking. + */ + recordAttributionSnapshot(snapshot: AttributionSnapshot): void { + try { + const record: ChatRecord = { + ...this.createBaseRecord('system'), + type: 'system', + subtype: 'attribution_snapshot', + systemPayload: { snapshot }, + }; + + this.appendRecord(record); + } catch (error) { + debugLogger.error('Error saving attribution snapshot:', error); + } + } } diff --git a/packages/core/src/services/commitAttribution.test.ts b/packages/core/src/services/commitAttribution.test.ts index 4e2b23d034b..e3086e7d60f 100644 --- a/packages/core/src/services/commitAttribution.test.ts +++ b/packages/core/src/services/commitAttribution.test.ts @@ -11,7 +11,6 @@ import { type StagedFileInfo, } from './commitAttribution.js'; -// Helper to build StagedFileInfo from tracked files function makeStagedInfo( files: string[], diffSizes?: Record, @@ -34,17 +33,14 @@ describe('computeCharContribution', () => { }); it('should handle same-length replacement via prefix/suffix', () => { - // "Esc" → "esc" — only 1 char changed expect(computeCharContribution('Esc', 'esc')).toBe(1); }); it('should handle insertion in the middle', () => { - // "ab" → "aXb" — 1 char inserted expect(computeCharContribution('ab', 'aXb')).toBe(1); }); it('should handle deletion in the middle', () => { - // "aXb" → "ab" — 1 char deleted expect(computeCharContribution('aXb', 'ab')).toBe(1); }); @@ -59,9 +55,7 @@ describe('computeCharContribution', () => { it('should handle multi-line changes', () => { const old = 'line1\nline2\nline3'; const now = 'line1\nchanged\nline3'; - // common prefix = "line1\n" (6), common suffix = "\nline3" (6) - // old changed = 17-6-6 = 5 ("line2"), new changed = 19-6-6 = 7 ("changed") - expect(computeCharContribution(old, now)).toBe(7); + expect(computeCharContribution(old, now)).toBe(7); // "changed" > "line2" }); }); @@ -76,19 +70,14 @@ describe('CommitAttributionService', () => { expect(a).toBe(b); }); - it('should start with no attributions', () => { - const service = CommitAttributionService.getInstance(); - expect(service.hasAttributions()).toBe(false); - }); - it('should track new file creation', () => { const service = CommitAttributionService.getInstance(); service.recordEdit('/project/src/file.ts', null, 'hello world'); const attr = service.getFileAttribution('/project/src/file.ts'); - expect(attr).toBeDefined(); expect(attr!.aiCreated).toBe(true); expect(attr!.aiContribution).toBe(11); + expect(attr!.contentHash).toBeTruthy(); }); it('should NOT treat empty existing file as new file creation', () => { @@ -97,13 +86,12 @@ describe('CommitAttributionService', () => { const attr = service.getFileAttribution('/project/empty.ts'); expect(attr!.aiCreated).toBe(false); - expect(attr!.aiContribution).toBe(11); // 'new content'.length + expect(attr!.aiContribution).toBe(11); }); it('should track edits with prefix/suffix algorithm', () => { const service = CommitAttributionService.getInstance(); service.recordEdit('/project/f.ts', 'Hello World', 'Hello world'); - // Only 'W'→'w' changed: contribution = 1 expect(service.getFileAttribution('/project/f.ts')!.aiContribution).toBe(1); }); @@ -122,6 +110,16 @@ describe('CommitAttributionService', () => { ); }); + it('should save session baseline on first edit', () => { + const service = CommitAttributionService.getInstance(); + service.recordEdit('/project/f.ts', 'original content', 'new content'); + + // Baseline should have been saved from oldContent + // We can verify indirectly: after clear, baseline is gone + service.clearAttributions(); + expect(service.hasAttributions()).toBe(false); + }); + it('should return defensive copies', () => { const service = CommitAttributionService.getInstance(); service.recordEdit('/project/f.ts', null, 'content'); @@ -134,17 +132,67 @@ describe('CommitAttributionService', () => { ).not.toBe(99999); }); - it('should clear attributions', () => { - const service = CommitAttributionService.getInstance(); - service.recordEdit('/project/f.ts', null, 'content'); - service.clearAttributions(); - expect(service.hasAttributions()).toBe(false); + describe('prompt counting', () => { + it('should track prompt counts', () => { + const service = CommitAttributionService.getInstance(); + expect(service.getPromptCount()).toBe(0); + + service.incrementPromptCount(); + service.incrementPromptCount(); + service.incrementPromptCount(); + + expect(service.getPromptCount()).toBe(3); + expect(service.getPromptsSinceLastCommit()).toBe(3); + }); + + it('should reset prompts-since-commit counter on clearAttributions', () => { + const service = CommitAttributionService.getInstance(); + service.incrementPromptCount(); + service.incrementPromptCount(); + service.clearAttributions(); + + // Total still 2, but since-last-commit is 0 + expect(service.getPromptCount()).toBe(2); + expect(service.getPromptsSinceLastCommit()).toBe(0); + }); + }); + + describe('surface tracking', () => { + it('should default to cli surface', () => { + const service = CommitAttributionService.getInstance(); + expect(service.getSurface()).toBe('cli'); + }); + }); + + describe('snapshot / restore', () => { + it('should serialize and restore state', () => { + const service = CommitAttributionService.getInstance(); + service.recordEdit('/project/f.ts', null, 'hello'); + service.incrementPromptCount(); + service.incrementPromptCount(); + service.incrementPermissionPromptCount(); + + const snapshot = service.toSnapshot(); + expect(snapshot.type).toBe('attribution-snapshot'); + expect(snapshot.promptCount).toBe(2); + expect(snapshot.permissionPromptCount).toBe(1); + expect(Object.keys(snapshot.fileStates)).toHaveLength(1); + + // Restore into a fresh instance + CommitAttributionService.resetInstance(); + const restored = CommitAttributionService.getInstance(); + restored.restoreFromSnapshot(snapshot); + + expect(restored.getPromptCount()).toBe(2); + expect(restored.getFileAttribution('/project/f.ts')!.aiContribution).toBe( + 5, + ); + }); }); describe('generateNotePayload', () => { - it('should compute real AI/human percentages from staged info', () => { + it('should compute real AI/human percentages', () => { const service = CommitAttributionService.getInstance(); - // AI edited this file, contributing 200 chars service.recordEdit('/project/src/main.ts', '', 'x'.repeat(200)); const staged = makeStagedInfo(['src/main.ts', 'src/human.ts'], { @@ -158,24 +206,11 @@ describe('CommitAttributionService', () => { 'Qwen-Coder', ); - // main.ts: AI=200, human=max(0,400-200)=200 → 50% - expect(note.files['src/main.ts']).toEqual({ - aiChars: 200, - humanChars: 200, - percent: 50, - }); - - // human.ts: not tracked → AI=0, human=200 → 0% - expect(note.files['src/human.ts']).toEqual({ - aiChars: 0, - humanChars: 200, - percent: 0, - }); - - // Overall: AI=200, human=400 → 33% + expect(note.files['src/main.ts']!.percent).toBe(50); + expect(note.files['src/human.ts']!.percent).toBe(0); expect(note.summary.aiPercent).toBe(33); - expect(note.summary.aiChars).toBe(200); - expect(note.summary.humanChars).toBe(400); + expect(note.summary.surfaces).toContain('cli'); + expect(note.surfaceBreakdown['cli']).toBeDefined(); }); it('should exclude generated files', () => { @@ -192,69 +227,58 @@ describe('CommitAttributionService', () => { ); const note = service.generateNotePayload(staged, '/project'); - expect(Object.keys(note.files)).toHaveLength(1); - expect(note.files['src/main.ts']).toBeDefined(); expect(note.excludedGenerated).toContain('package-lock.json'); expect(note.excludedGenerated).toContain('dist/bundle.js'); }); - it('should handle deleted files (human deletion)', () => { - const service = CommitAttributionService.getInstance(); - service.recordEdit('/project/src/keep.ts', null, 'code'); - - const staged = makeStagedInfo( - ['src/keep.ts', 'src/removed.ts'], - { 'src/keep.ts': 100, 'src/removed.ts': 200 }, - ['src/removed.ts'], - ); - - const note = service.generateNotePayload(staged, '/project'); - // removed.ts: untracked deletion → human=200 - expect(note.files['src/removed.ts']!.humanChars).toBe(200); - expect(note.files['src/removed.ts']!.aiChars).toBe(0); - }); - - it('should handle deleted files (AI deletion)', () => { + it('should include promptCount', () => { const service = CommitAttributionService.getInstance(); - service.recordDeletion('/project/src/removed.ts', 300); - - const staged = makeStagedInfo( - ['src/removed.ts'], - { 'src/removed.ts': 400 }, - ['src/removed.ts'], - ); + service.recordEdit('/project/f.ts', null, 'code'); + service.incrementPromptCount(); + service.incrementPromptCount(); + const staged = makeStagedInfo(['f.ts'], { 'f.ts': 100 }); const note = service.generateNotePayload(staged, '/project'); - expect(note.files['src/removed.ts']!.aiChars).toBe(300); + expect(note.promptCount).toBe(2); }); it('should sanitize internal model codenames', () => { const service = CommitAttributionService.getInstance(); service.recordEdit('/project/f.ts', null, 'x'); - const staged = makeStagedInfo(['f.ts'], { 'f.ts': 10 }); expect( service.generateNotePayload(staged, '/project', 'qwen-72b').generator, ).toBe('Qwen-Coder'); - expect( - service.generateNotePayload(staged, '/project', 'qwen-max').generator, - ).toBe('Qwen-Coder'); expect( service.generateNotePayload(staged, '/project', 'CustomAgent') .generator, ).toBe('CustomAgent'); }); + }); - it('should convert absolute paths to relative', () => { + describe('generatePRAttribution', () => { + it('should generate enhanced PR attribution text', () => { const service = CommitAttributionService.getInstance(); - service.recordEdit('/home/user/project/src/main.ts', null, 'code'); + service.recordEdit('/project/src/main.ts', '', 'x'.repeat(200)); + service.incrementPromptCount(); + service.incrementPromptCount(); + service.incrementPromptCount(); - const staged = makeStagedInfo(['src/main.ts'], { 'src/main.ts': 100 }); - const note = service.generateNotePayload(staged, '/home/user/project'); + const staged = makeStagedInfo(['src/main.ts'], { 'src/main.ts': 200 }); + const text = service.generatePRAttribution(staged, '/project'); - expect(Object.keys(note.files)).toContain('src/main.ts'); + expect(text).toContain('🤖 Generated with Qwen Code'); + expect(text).toContain('3-shotted'); + expect(text).toContain('Qwen-Coder'); + }); + + it('should return default text when no data', () => { + const service = CommitAttributionService.getInstance(); + const staged = makeStagedInfo([], {}); + const text = service.generatePRAttribution(staged, '/project'); + expect(text).toBe('🤖 Generated with Qwen Code'); }); }); }); diff --git a/packages/core/src/services/commitAttribution.ts b/packages/core/src/services/commitAttribution.ts index b25e29740d6..e9024f4b566 100644 --- a/packages/core/src/services/commitAttribution.ts +++ b/packages/core/src/services/commitAttribution.ts @@ -10,8 +10,18 @@ * Tracks character-level contribution ratios between AI and humans per file. * When a git commit is made, this data is combined with git diff analysis to * calculate real AI vs human contribution percentages, stored as git notes. + * + * Features aligned with Claude Code's attribution system: + * - Character-level prefix/suffix diff algorithm + * - Real AI/human contribution ratio via git diff + * - Surface tracking (cli/ide/api/sdk) + * - Prompt & permission prompt counting + * - Session baseline (content hash) for precise human edit detection + * - Snapshot/restore for session persistence + * - Generated file exclusion */ +import { createHash } from 'node:crypto'; import * as path from 'node:path'; import { isGeneratedFile } from './generatedFiles.js'; @@ -24,6 +34,14 @@ export interface FileAttribution { aiContribution: number; /** Whether the file was created by AI */ aiCreated: boolean; + /** SHA-256 hash of the file content after AI's last edit */ + contentHash: string; +} + +/** Session baseline: snapshot of file state at session start or first AI touch */ +export interface FileBaseline { + contentHash: string; + mtime: number; } /** Per-file attribution detail in the git notes payload. */ @@ -31,6 +49,7 @@ export interface FileAttributionDetail { aiChars: number; humanChars: number; percent: number; + surface?: string; } /** Full attribution payload stored as git notes JSON. */ @@ -43,20 +62,34 @@ export interface CommitAttributionNote { aiChars: number; humanChars: number; totalFilesTouched: number; + surfaces: string[]; }; + surfaceBreakdown: Record; excludedGenerated: string[]; + promptCount: number; } /** Result of running git commands to get staged file info. */ export interface StagedFileInfo { - /** Relative file paths from git root */ files: string[]; - /** Per-file diff size in estimated characters (from git diff --cached --stat) */ diffSizes: Map; - /** Files that were deleted */ deletedFiles: Set; } +/** Serializable snapshot for session persistence. */ +export interface AttributionSnapshot { + type: 'attribution-snapshot'; + surface: string; + fileStates: Record; + baselines: Record; + promptCount: number; + promptCountAtLastCommit: number; + permissionPromptCount: number; + permissionPromptCountAtLastCommit: number; + escapeCount: number; + escapeCountAtLastCommit: number; +} + // --------------------------------------------------------------------------- // Model name sanitization // --------------------------------------------------------------------------- @@ -80,6 +113,18 @@ function sanitizeModelName(name: string): string { return name; } +// --------------------------------------------------------------------------- +// Utilities +// --------------------------------------------------------------------------- + +export function computeContentHash(content: string): string { + return createHash('sha256').update(content).digest('hex'); +} + +export function getClientSurface(): string { + return process.env['QWEN_CODE_ENTRYPOINT'] ?? 'cli'; +} + // --------------------------------------------------------------------------- // Service // --------------------------------------------------------------------------- @@ -89,6 +134,18 @@ export class CommitAttributionService { /** Per-file AI contribution tracking (keyed by absolute path) */ private fileAttributions: Map = new Map(); + /** Baselines recorded when AI first touches a file */ + private sessionBaselines: Map = new Map(); + /** Client surface (cli, ide, api, sdk, etc.) */ + private surface: string = getClientSurface(); + + // -- Prompt counting -- + private promptCount: number = 0; + private promptCountAtLastCommit: number = 0; + private permissionPromptCount: number = 0; + private permissionPromptCountAtLastCommit: number = 0; + private escapeCount: number = 0; + private escapeCountAtLastCommit: number = 0; private constructor() {} @@ -110,8 +167,8 @@ export class CommitAttributionService { /** * Record an AI edit to a file. - * Uses Claude's prefix/suffix matching algorithm for precise character-level - * contribution calculation. + * Uses prefix/suffix matching for precise character-level contribution. + * On first edit of a file, saves a session baseline of the old content. */ recordEdit( filePath: string, @@ -121,12 +178,22 @@ export class CommitAttributionService { const existing = this.fileAttributions.get(filePath) || { aiContribution: 0, aiCreated: false, + contentHash: '', }; + // Save baseline on first AI touch (before AI modifies it) + if (!this.sessionBaselines.has(filePath) && oldContent !== null) { + this.sessionBaselines.set(filePath, { + contentHash: computeContentHash(oldContent), + mtime: Date.now(), + }); + } + const isNewFile = oldContent === null; const contribution = computeCharContribution(oldContent ?? '', newContent); existing.aiContribution += contribution; + existing.contentHash = computeContentHash(newContent); if (isNewFile && !existing.aiCreated) { existing.aiCreated = true; } @@ -134,18 +201,42 @@ export class CommitAttributionService { this.fileAttributions.set(filePath, existing); } - /** - * Record an AI file deletion. - */ + /** Record an AI file deletion. */ recordDeletion(filePath: string, deletedContentLength: number): void { const existing = this.fileAttributions.get(filePath) || { aiContribution: 0, aiCreated: false, + contentHash: '', }; existing.aiContribution += deletedContentLength; this.fileAttributions.set(filePath, existing); } + // ----------------------------------------------------------------------- + // Prompt / permission counting + // ----------------------------------------------------------------------- + + incrementPromptCount(): void { + this.promptCount++; + } + + incrementPermissionPromptCount(): void { + this.permissionPromptCount++; + } + + incrementEscapeCount(): void { + this.escapeCount++; + } + + getPromptCount(): number { + return this.promptCount; + } + + /** Prompts since last commit (for "N-shotted" display). */ + getPromptsSinceLastCommit(): number { + return this.promptCount - this.promptCountAtLastCommit; + } + // ----------------------------------------------------------------------- // Querying // ----------------------------------------------------------------------- @@ -167,8 +258,65 @@ export class CommitAttributionService { return this.fileAttributions.size > 0; } + getSurface(): string { + return this.surface; + } + clearAttributions(): void { + this.promptCountAtLastCommit = this.promptCount; + this.permissionPromptCountAtLastCommit = this.permissionPromptCount; + this.escapeCountAtLastCommit = this.escapeCount; this.fileAttributions.clear(); + this.sessionBaselines.clear(); + } + + // ----------------------------------------------------------------------- + // Snapshot / restore (session persistence) + // ----------------------------------------------------------------------- + + /** Serialize current state for session persistence. */ + toSnapshot(): AttributionSnapshot { + const fileStates: Record = {}; + for (const [k, v] of this.fileAttributions) { + fileStates[k] = { ...v }; + } + const baselines: Record = {}; + for (const [k, v] of this.sessionBaselines) { + baselines[k] = { ...v }; + } + return { + type: 'attribution-snapshot', + surface: this.surface, + fileStates, + baselines, + promptCount: this.promptCount, + promptCountAtLastCommit: this.promptCountAtLastCommit, + permissionPromptCount: this.permissionPromptCount, + permissionPromptCountAtLastCommit: this.permissionPromptCountAtLastCommit, + escapeCount: this.escapeCount, + escapeCountAtLastCommit: this.escapeCountAtLastCommit, + }; + } + + /** Restore state from a persisted snapshot. */ + restoreFromSnapshot(snapshot: AttributionSnapshot): void { + this.surface = snapshot.surface; + this.promptCount = snapshot.promptCount ?? 0; + this.promptCountAtLastCommit = snapshot.promptCountAtLastCommit ?? 0; + this.permissionPromptCount = snapshot.permissionPromptCount ?? 0; + this.permissionPromptCountAtLastCommit = + snapshot.permissionPromptCountAtLastCommit ?? 0; + this.escapeCount = snapshot.escapeCount ?? 0; + this.escapeCountAtLastCommit = snapshot.escapeCountAtLastCommit ?? 0; + + this.fileAttributions.clear(); + for (const [k, v] of Object.entries(snapshot.fileStates ?? {})) { + this.fileAttributions.set(k, { ...v }); + } + this.sessionBaselines.clear(); + for (const [k, v] of Object.entries(snapshot.baselines ?? {})) { + this.sessionBaselines.set(k, { ...v }); + } } // ----------------------------------------------------------------------- @@ -178,15 +326,6 @@ export class CommitAttributionService { /** * Generate the git notes JSON payload by combining tracked AI contributions * with staged file information from git. - * - * For each staged file: - * - If AI tracked it: aiChars = tracked contribution; humanChars = max(0, diffSize - aiChars) - * - If AI did NOT track it: aiChars = 0; humanChars = diffSize (100% human) - * - Generated files (lock, dist, etc.) are excluded - * - * @param stagedInfo Result of git diff --cached analysis - * @param baseDir Project root for converting absolute paths to relative - * @param generatorName Model/tool name (will be sanitized) */ generateNotePayload( stagedInfo: StagedFileInfo, @@ -199,10 +338,11 @@ export class CommitAttributionService { const files: Record = {}; const excludedGenerated: string[] = []; + const surfaceCounts: Record = {}; let totalAiChars = 0; let totalHumanChars = 0; - // Build a lookup from relative path → tracked AI contribution + // Build lookup: relative path → tracked AI contribution const aiLookup = new Map(); for (const [absPath, attr] of this.fileAttributions) { const rel = path.relative(baseDir, absPath); @@ -210,7 +350,6 @@ export class CommitAttributionService { } for (const relFile of stagedInfo.files) { - // Skip generated files if (isGeneratedFile(relFile)) { excludedGenerated.push(relFile); continue; @@ -225,16 +364,11 @@ export class CommitAttributionService { if (tracked) { aiChars = tracked.aiContribution; - // Human contribution = total diff size minus AI's tracked contribution - // (clamped to 0 — AI may have contributed more than the final diff - // if it rewrote the same region multiple times) humanChars = Math.max(0, diffSize - aiChars); } else if (isDeleted) { - // Untracked deletion = human did it aiChars = 0; humanChars = diffSize > 0 ? diffSize : 100; } else { - // Untracked file = 100% human aiChars = 0; humanChars = diffSize; } @@ -242,15 +376,29 @@ export class CommitAttributionService { const total = aiChars + humanChars; const percent = total > 0 ? Math.round((aiChars / total) * 100) : 0; - files[relFile] = { aiChars, humanChars, percent }; + files[relFile] = { aiChars, humanChars, percent, surface: this.surface }; totalAiChars += aiChars; totalHumanChars += humanChars; + surfaceCounts[this.surface] = + (surfaceCounts[this.surface] ?? 0) + aiChars; } const totalChars = totalAiChars + totalHumanChars; const aiPercent = totalChars > 0 ? Math.round((totalAiChars / totalChars) * 100) : 0; + // Surface breakdown + const surfaceBreakdown: Record< + string, + { aiChars: number; percent: number } + > = {}; + for (const [surf, chars] of Object.entries(surfaceCounts)) { + surfaceBreakdown[surf] = { + aiChars: chars, + percent: totalChars > 0 ? Math.round((chars / totalChars) * 100) : 0, + }; + } + return { version: 1, generator, @@ -260,10 +408,38 @@ export class CommitAttributionService { aiChars: totalAiChars, humanChars: totalHumanChars, totalFilesTouched: Object.keys(files).length, + surfaces: [this.surface], }, + surfaceBreakdown, excludedGenerated, + promptCount: this.getPromptsSinceLastCommit(), }; } + + // ----------------------------------------------------------------------- + // PR attribution text + // ----------------------------------------------------------------------- + + /** + * Generate enhanced PR attribution text. + * Format: "🤖 Generated with Qwen Code (85% 3-shotted by Qwen-Coder)" + */ + generatePRAttribution( + stagedInfo: StagedFileInfo, + baseDir: string, + generatorName?: string, + ): string { + const note = this.generateNotePayload(stagedInfo, baseDir, generatorName); + const generator = note.generator; + const percent = note.summary.aiPercent; + const shots = this.getPromptsSinceLastCommit(); + + if (percent === 0 && shots === 0) { + return `🤖 Generated with Qwen Code`; + } + + return `🤖 Generated with Qwen Code (${percent}% ${shots}-shotted by ${generator})`; + } } // --------------------------------------------------------------------------- @@ -274,20 +450,15 @@ export class CommitAttributionService { * Compute the character contribution for a file modification. * Uses common prefix/suffix matching to find the actual changed region, * then returns the larger of the old/new changed lengths. - * - * This correctly handles same-length replacements (e.g., "Esc" → "esc") - * where a simple length difference would be 0. */ export function computeCharContribution( oldContent: string, newContent: string, ): number { if (oldContent === '' || newContent === '') { - // New file creation or full deletion return oldContent === '' ? newContent.length : oldContent.length; } - // Find common prefix const minLen = Math.min(oldContent.length, newContent.length); let prefixEnd = 0; while ( @@ -297,7 +468,6 @@ export function computeCharContribution( prefixEnd++; } - // Find common suffix (not overlapping with prefix) let suffixLen = 0; while ( suffixLen < minLen - prefixEnd && diff --git a/packages/core/src/tools/shell.ts b/packages/core/src/tools/shell.ts index 4def1f69105..6b2acafac18 100644 --- a/packages/core/src/tools/shell.ts +++ b/packages/core/src/tools/shell.ts @@ -231,8 +231,10 @@ export class ShellToolInvocation extends BaseToolInvocation< const tempFilePath = path.join(os.tmpdir(), tempFileName); try { - // Add co-author to git commit commands - const processedCommand = this.addCoAuthorToGitCommit(strippedCommand); + // Add co-author to git commit commands and PR attribution + const processedCommand = this.addAttributionToPR( + this.addCoAuthorToGitCommit(strippedCommand), + ); const shouldRunInBackground = this.params.is_background; let finalCommand = processedCommand; @@ -712,6 +714,50 @@ Co-authored-by: ${gitCoAuthorSettings.name} <${gitCoAuthorSettings.email}>`; // In this case, we can't easily modify it, so return as-is return command; } + + /** + * Detect `gh pr create` commands and append AI attribution text to the + * PR body. Format: "🤖 Generated with Qwen Code (X% N-shotted by Qwen-Coder)" + */ + private addAttributionToPR(command: string): string { + const ghPrPattern = /\bgh\s+pr\s+create\b/; + if (!ghPrPattern.test(command)) { + return command; + } + + const gitCoAuthorSettings = this.config.getGitCoAuthor(); + if (!gitCoAuthorSettings.enabled) { + return command; + } + + const attributionService = CommitAttributionService.getInstance(); + const shots = attributionService.getPromptsSinceLastCommit(); + const generator = gitCoAuthorSettings.name ?? 'Qwen-Coder'; + + const attribution = + shots > 0 + ? `\\n\\n🤖 Generated with Qwen Code (${shots}-shotted by ${generator})` + : `\\n\\n🤖 Generated with Qwen Code`; + + // Append to --body "..." or --body '...' + const bodyDoublePattern = /(--body\s+)"((?:[^"\\]|\\.)*)"/; + const bodySinglePattern = /(--body\s+)'((?:[^'\\]|\\.)*)'/; + const bodyDoubleMatch = command.match(bodyDoublePattern); + const bodySingleMatch = command.match(bodySinglePattern); + const bodyMatch = bodyDoubleMatch ?? bodySingleMatch; + const bodyQuote = bodyDoubleMatch ? '"' : "'"; + + if (bodyMatch) { + const [fullMatch, prefix, existingBody] = bodyMatch; + const newBody = existingBody + attribution; + return command.replace( + fullMatch, + prefix + bodyQuote + newBody + bodyQuote, + ); + } + + return command; + } } function getShellToolDescription(): string { From 32fe3672965b2b881536c4181726811141ecf536 Mon Sep 17 00:00:00 2001 From: wenshao Date: Sat, 11 Apr 2026 03:34:25 +0800 Subject: [PATCH 04/64] =?UTF-8?q?fix:=20audit=20fixes=20=E2=80=94=20initia?= =?UTF-8?q?l=20commit=20handling,=20cron=20prompt=20exclusion,=20failed=20?= =?UTF-8?q?commit=20counter=20preservation?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Handle initial commit (no HEAD~1) by detecting parent with rev-parse and falling back to --root for first commit in repo - Exclude Cron-triggered messages from promptCount (not user-initiated) - Add commitSucceeded parameter to clearAttributions() so failed/disabled commits don't reset the prompts-since-last-commit counter - Add test for clearAttributions(false) behavior --- packages/core/src/core/client.ts | 6 ++++-- .../src/services/commitAttribution.test.ts | 18 +++++++++++++++--- .../core/src/services/commitAttribution.ts | 15 +++++++++++---- packages/core/src/tools/shell.ts | 15 +++++++++------ 4 files changed, 39 insertions(+), 15 deletions(-) diff --git a/packages/core/src/core/client.ts b/packages/core/src/core/client.ts index 82a6f51222c..28100ee5c11 100644 --- a/packages/core/src/core/client.ts +++ b/packages/core/src/core/client.ts @@ -590,9 +590,11 @@ export class GeminiClient { this.loopDetector.reset(prompt_id); this.lastPromptId = prompt_id; - // Track prompt count for commit attribution and persist snapshot + // Track prompt count for commit attribution (skip cron — not user-initiated) const attributionService = CommitAttributionService.getInstance(); - attributionService.incrementPromptCount(); + if (messageType !== SendMessageType.Cron) { + attributionService.incrementPromptCount(); + } // record user message for session management this.config.getChatRecordingService()?.recordUserMessage(request); diff --git a/packages/core/src/services/commitAttribution.test.ts b/packages/core/src/services/commitAttribution.test.ts index e3086e7d60f..76865abb599 100644 --- a/packages/core/src/services/commitAttribution.test.ts +++ b/packages/core/src/services/commitAttribution.test.ts @@ -145,16 +145,28 @@ describe('CommitAttributionService', () => { expect(service.getPromptsSinceLastCommit()).toBe(3); }); - it('should reset prompts-since-commit counter on clearAttributions', () => { + it('should reset prompts-since-commit counter on successful clear', () => { const service = CommitAttributionService.getInstance(); service.incrementPromptCount(); service.incrementPromptCount(); - service.clearAttributions(); + service.clearAttributions(true); - // Total still 2, but since-last-commit is 0 expect(service.getPromptCount()).toBe(2); expect(service.getPromptsSinceLastCommit()).toBe(0); }); + + it('should NOT reset prompts-since-commit on failed clear', () => { + const service = CommitAttributionService.getInstance(); + service.incrementPromptCount(); + service.incrementPromptCount(); + service.recordEdit('/project/f.ts', null, 'x'); + service.clearAttributions(false); + + // File data cleared, but prompt counter preserved + expect(service.hasAttributions()).toBe(false); + expect(service.getPromptCount()).toBe(2); + expect(service.getPromptsSinceLastCommit()).toBe(2); + }); }); describe('surface tracking', () => { diff --git a/packages/core/src/services/commitAttribution.ts b/packages/core/src/services/commitAttribution.ts index e9024f4b566..18e33d92154 100644 --- a/packages/core/src/services/commitAttribution.ts +++ b/packages/core/src/services/commitAttribution.ts @@ -262,10 +262,17 @@ export class CommitAttributionService { return this.surface; } - clearAttributions(): void { - this.promptCountAtLastCommit = this.promptCount; - this.permissionPromptCountAtLastCommit = this.permissionPromptCount; - this.escapeCountAtLastCommit = this.escapeCount; + /** + * Clear file attribution data. Called after commit (success or failure). + * @param commitSucceeded If true, also updates the "at last commit" + * counters so getPromptsSinceLastCommit() resets to 0. + */ + clearAttributions(commitSucceeded: boolean = true): void { + if (commitSucceeded) { + this.promptCountAtLastCommit = this.promptCount; + this.permissionPromptCountAtLastCommit = this.permissionPromptCount; + this.escapeCountAtLastCommit = this.escapeCount; + } this.fileAttributions.clear(); this.sessionBaselines.clear(); } diff --git a/packages/core/src/tools/shell.ts b/packages/core/src/tools/shell.ts index 6b2acafac18..1e6f9652305 100644 --- a/packages/core/src/tools/shell.ts +++ b/packages/core/src/tools/shell.ts @@ -518,13 +518,13 @@ export class ShellToolInvocation extends BaseToolInvocation< } if (result.exitCode !== 0 || result.aborted) { - attributionService.clearAttributions(); + attributionService.clearAttributions(false); return; } const gitCoAuthorSettings = this.config.getGitCoAuthor(); if (!gitCoAuthorSettings.enabled) { - attributionService.clearAttributions(); + attributionService.clearAttributions(false); return; } @@ -613,8 +613,11 @@ export class ShellToolInvocation extends BaseToolInvocation< }; try { - // Get changed file names - const nameOutput = await runGit('diff --name-only HEAD~1 HEAD'); + // Get changed file names. + // For the initial commit (no parent), use --root to diff against empty tree. + const hasParent = (await runGit('rev-parse --verify HEAD~1')).length > 0; + const diffRef = hasParent ? 'HEAD~1 HEAD' : '--root HEAD'; + const nameOutput = await runGit(`diff --name-only ${diffRef}`); const files = nameOutput .split('\n') .map((f) => f.trim()) @@ -622,7 +625,7 @@ export class ShellToolInvocation extends BaseToolInvocation< if (files.length === 0) return empty; // Get deleted files - const statusOutput = await runGit('diff --name-status HEAD~1 HEAD'); + const statusOutput = await runGit(`diff --name-status ${diffRef}`); const deletedFiles = new Set(); for (const line of statusOutput.split('\n')) { if (line.startsWith('D\t')) { @@ -631,7 +634,7 @@ export class ShellToolInvocation extends BaseToolInvocation< } // Get diff sizes from stat output - const statOutput = await runGit('diff --stat HEAD~1 HEAD'); + const statOutput = await runGit(`diff --stat ${diffRef}`); const diffSizes = this.parseDiffStat(statOutput); return { files, diffSizes, deletedFiles }; From 57bd3b16c84eba0856e738e8505cecb947939fa2 Mon Sep 17 00:00:00 2001 From: wenshao Date: Sat, 11 Apr 2026 08:54:30 +0800 Subject: [PATCH 05/64] fix: cross-platform and correctness fixes from multi-round audit MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Normalize path.relative() to forward slashes for Windows compatibility - Use diff-tree --root for initial commits (git diff --root is invalid) - Replace String.replace() with indexOf+slice to avoid $& special patterns - Fix clearAttributions(false→true) when co-author disabled but commit succeeded - Use real newlines instead of literal \n in PR attribution text - Add surface fallback in restoreFromSnapshot for version compatibility - Fix single-quote regex to not assume bash supports \' escaping - Case-insensitive directory matching in generated file detection - Handle renamed file brace notation in parseDiffStat --- .../core/src/services/commitAttribution.ts | 5 +- packages/core/src/services/generatedFiles.ts | 3 +- packages/core/src/tools/shell.ts | 76 ++++++++++++++----- 3 files changed, 64 insertions(+), 20 deletions(-) diff --git a/packages/core/src/services/commitAttribution.ts b/packages/core/src/services/commitAttribution.ts index 18e33d92154..6f9c6315fd8 100644 --- a/packages/core/src/services/commitAttribution.ts +++ b/packages/core/src/services/commitAttribution.ts @@ -307,7 +307,7 @@ export class CommitAttributionService { /** Restore state from a persisted snapshot. */ restoreFromSnapshot(snapshot: AttributionSnapshot): void { - this.surface = snapshot.surface; + this.surface = snapshot.surface ?? getClientSurface(); this.promptCount = snapshot.promptCount ?? 0; this.promptCountAtLastCommit = snapshot.promptCountAtLastCommit ?? 0; this.permissionPromptCount = snapshot.permissionPromptCount ?? 0; @@ -350,9 +350,10 @@ export class CommitAttributionService { let totalHumanChars = 0; // Build lookup: relative path → tracked AI contribution + // Normalize to forward slashes so git-style paths match on Windows const aiLookup = new Map(); for (const [absPath, attr] of this.fileAttributions) { - const rel = path.relative(baseDir, absPath); + const rel = path.relative(baseDir, absPath).split(path.sep).join('/'); aiLookup.set(rel, attr); } diff --git a/packages/core/src/services/generatedFiles.ts b/packages/core/src/services/generatedFiles.ts index 1668595bbf2..c6fdb17cad0 100644 --- a/packages/core/src/services/generatedFiles.ts +++ b/packages/core/src/services/generatedFiles.ts @@ -111,8 +111,9 @@ export function isGeneratedFile(filePath: string): boolean { } } + const normalizedPathLower = normalizedPath.toLowerCase(); for (const dir of EXCLUDED_DIRECTORIES) { - if (normalizedPath.includes(dir)) { + if (normalizedPathLower.includes(dir)) { return true; } } diff --git a/packages/core/src/tools/shell.ts b/packages/core/src/tools/shell.ts index 1e6f9652305..73d9ac47730 100644 --- a/packages/core/src/tools/shell.ts +++ b/packages/core/src/tools/shell.ts @@ -524,7 +524,8 @@ export class ShellToolInvocation extends BaseToolInvocation< const gitCoAuthorSettings = this.config.getGitCoAuthor(); if (!gitCoAuthorSettings.enabled) { - attributionService.clearAttributions(false); + // Commit succeeded but attribution disabled — still reset prompt counters + attributionService.clearAttributions(true); return; } @@ -613,11 +614,33 @@ export class ShellToolInvocation extends BaseToolInvocation< }; try { - // Get changed file names. - // For the initial commit (no parent), use --root to diff against empty tree. + // Detect whether HEAD has a parent. Also fails for shallow clones + // where the parent was pruned, which is fine — diff-tree --root is + // a safe fallback that diffs against the empty tree. const hasParent = (await runGit('rev-parse --verify HEAD~1')).length > 0; - const diffRef = hasParent ? 'HEAD~1 HEAD' : '--root HEAD'; - const nameOutput = await runGit(`diff --name-only ${diffRef}`); + + // Get changed file names. + // For the initial commit (no parent), use diff-tree --root since + // `git diff --root` is not a valid option for porcelain diff. + let nameOutput: string; + let statusOutput: string; + let statOutput: string; + if (hasParent) { + nameOutput = await runGit('diff --name-only HEAD~1 HEAD'); + statusOutput = await runGit('diff --name-status HEAD~1 HEAD'); + statOutput = await runGit('diff --stat HEAD~1 HEAD'); + } else { + nameOutput = await runGit( + 'diff-tree --root --no-commit-id -r --name-only HEAD', + ); + statusOutput = await runGit( + 'diff-tree --root --no-commit-id -r --name-status HEAD', + ); + statOutput = await runGit( + 'diff-tree --root --no-commit-id -r --stat HEAD', + ); + } + const files = nameOutput .split('\n') .map((f) => f.trim()) @@ -625,7 +648,6 @@ export class ShellToolInvocation extends BaseToolInvocation< if (files.length === 0) return empty; // Get deleted files - const statusOutput = await runGit(`diff --name-status ${diffRef}`); const deletedFiles = new Set(); for (const line of statusOutput.split('\n')) { if (line.startsWith('D\t')) { @@ -634,7 +656,6 @@ export class ShellToolInvocation extends BaseToolInvocation< } // Get diff sizes from stat output - const statOutput = await runGit(`diff --stat ${diffRef}`); const diffSizes = this.parseDiffStat(statOutput); return { files, diffSizes, deletedFiles }; @@ -659,7 +680,10 @@ export class ShellToolInvocation extends BaseToolInvocation< // Format: " path/to/file | 5 ++---" const match = line.match(/^\s*(.+?)\s+\|\s+(\d+)/); if (match) { - const filePath = match[1]!.trim(); + let filePath = match[1]!.trim(); + // Handle rename brace notation: "{old => new}" or "dir/{old => new}" + // Extract the new name so the key matches --name-only output + filePath = filePath.replace(/\{[^}]*?=>\s*([^}]*)\}/g, '$1'); const changes = parseInt(match[2]!, 10); // Approximate chars: lines changed * avg 40 chars/line sizes.set(filePath, changes * 40); @@ -699,7 +723,8 @@ Co-authored-by: ${gitCoAuthorSettings.name} <${gitCoAuthorSettings.email}>`; // \\. matches escape sequences like \" or \\ // (?:...|...)* matches normal chars or escapes, repeated const doubleQuotePattern = /(-[a-zA-Z]*m\s+)"((?:[^"\\]|\\.)*)"/; - const singleQuotePattern = /(-[a-zA-Z]*m\s+)'((?:[^'\\]|\\.)*)'/; + // Single quotes in bash have no escape mechanism — match until next ' + const singleQuotePattern = /(-[a-zA-Z]*m\s+)'([^']*)'/; const doubleMatch = command.match(doubleQuotePattern); const singleMatch = command.match(singleQuotePattern); const match = doubleMatch ?? singleMatch; @@ -710,7 +735,16 @@ Co-authored-by: ${gitCoAuthorSettings.name} <${gitCoAuthorSettings.email}>`; const newMessage = existingMessage + coAuthor; const replacement = prefix + quote + newMessage + quote; - return command.replace(fullMatch, replacement); + // Use indexOf + slice instead of String.replace() to avoid + // special replacement patterns ($&, $1, etc.) in user content + const idx = command.indexOf(fullMatch); + if (idx >= 0) { + return ( + command.slice(0, idx) + + replacement + + command.slice(idx + fullMatch.length) + ); + } } // If no -m flag found, the command might open an editor @@ -739,12 +773,13 @@ Co-authored-by: ${gitCoAuthorSettings.name} <${gitCoAuthorSettings.email}>`; const attribution = shots > 0 - ? `\\n\\n🤖 Generated with Qwen Code (${shots}-shotted by ${generator})` - : `\\n\\n🤖 Generated with Qwen Code`; + ? `\n\n🤖 Generated with Qwen Code (${shots}-shotted by ${generator})` + : `\n\n🤖 Generated with Qwen Code`; // Append to --body "..." or --body '...' const bodyDoublePattern = /(--body\s+)"((?:[^"\\]|\\.)*)"/; - const bodySinglePattern = /(--body\s+)'((?:[^'\\]|\\.)*)'/; + // Single quotes in bash have no escape mechanism — match until next ' + const bodySinglePattern = /(--body\s+)'([^']*)'/; const bodyDoubleMatch = command.match(bodyDoublePattern); const bodySingleMatch = command.match(bodySinglePattern); const bodyMatch = bodyDoubleMatch ?? bodySingleMatch; @@ -753,10 +788,17 @@ Co-authored-by: ${gitCoAuthorSettings.name} <${gitCoAuthorSettings.email}>`; if (bodyMatch) { const [fullMatch, prefix, existingBody] = bodyMatch; const newBody = existingBody + attribution; - return command.replace( - fullMatch, - prefix + bodyQuote + newBody + bodyQuote, - ); + // Use indexOf + slice instead of String.replace() to avoid + // special replacement patterns ($&, $1, etc.) in user content + const idx = command.indexOf(fullMatch); + if (idx >= 0) { + const replacement = prefix + bodyQuote + newBody + bodyQuote; + return ( + command.slice(0, idx) + + replacement + + command.slice(idx + fullMatch.length) + ); + } } return command; From 66839533e95a6b771d30563b2f15380464c185d0 Mon Sep 17 00:00:00 2001 From: wenshao Date: Sun, 19 Apr 2026 09:09:10 +0800 Subject: [PATCH 06/64] fix(attribution): also snapshot on ToolResult turns so resume keeps tool edits MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Previously, recordAttributionSnapshot() only ran at the start of UserQuery and Cron turns — before the tools for that turn had executed. A session that wrote a file in turn 1 and committed in turn 2 (across process boundaries via --resume) lost the tracked edit: the last persisted snapshot was the turn-1-start snapshot (empty fileStates), so on resume the attribution service restored empty state and no git notes were attached to the commit. Move the snapshot call out of the UserQuery/Cron conditional and run it on every non-Retry turn. ToolResult turns are scheduled right after tools execute, so their start-of-turn snapshot now captures any edits those tools made. Retry turns are skipped since the state is unchanged from the prior turn. Added unit tests asserting the snapshot fires for ToolResult/UserQuery turns and skips Retry turns. Verified end-to-end in a scratch repo: write-file in turn 1 (no commit) → exit → --resume → commit in turn 2 → git notes now contain the recorded file with correct aiChars and promptCount: 2. --- packages/core/src/core/client.test.ts | 58 +++++++++++++++++++++++++++ packages/core/src/core/client.ts | 18 ++++++--- 2 files changed, 71 insertions(+), 5 deletions(-) diff --git a/packages/core/src/core/client.test.ts b/packages/core/src/core/client.test.ts index 6ca290c775b..97de1a1e8d4 100644 --- a/packages/core/src/core/client.test.ts +++ b/packages/core/src/core/client.test.ts @@ -2821,6 +2821,64 @@ Other open files: expect(mockMessageBus.request).toHaveBeenCalled(); }); }); + + describe('attribution snapshot persistence', () => { + let recordAttributionSnapshot: ReturnType; + + beforeEach(() => { + recordAttributionSnapshot = vi.fn(); + vi.mocked(mockConfig.getChatRecordingService).mockReturnValue({ + recordAttributionSnapshot, + recordUserMessage: vi.fn(), + recordCronPrompt: vi.fn(), + } as unknown as ReturnType); + + mockTurnRunFn.mockReturnValue( + (async function* () { + yield { type: 'content', value: 'ok' }; + })(), + ); + }); + + it('records a snapshot on ToolResult turns so post-tool state is captured', async () => { + const stream = client.sendMessageStream( + [{ text: 'tool-result' }], + new AbortController().signal, + 'prompt-tr', + { type: SendMessageType.ToolResult }, + ); + for await (const _ of stream) { + /* consume */ + } + expect(recordAttributionSnapshot).toHaveBeenCalled(); + }); + + it('records a snapshot on UserQuery turns', async () => { + const stream = client.sendMessageStream( + [{ text: 'user' }], + new AbortController().signal, + 'prompt-uq', + { type: SendMessageType.UserQuery }, + ); + for await (const _ of stream) { + /* consume */ + } + expect(recordAttributionSnapshot).toHaveBeenCalled(); + }); + + it('does not record a snapshot on Retry turns', async () => { + const stream = client.sendMessageStream( + [{ text: 'retry' }], + new AbortController().signal, + 'prompt-retry-snap', + { type: SendMessageType.Retry }, + ); + for await (const _ of stream) { + /* consume */ + } + expect(recordAttributionSnapshot).not.toHaveBeenCalled(); + }); + }); }); describe('generateContent', () => { diff --git a/packages/core/src/core/client.ts b/packages/core/src/core/client.ts index 45607511ab4..ad54c33a785 100644 --- a/packages/core/src/core/client.ts +++ b/packages/core/src/core/client.ts @@ -735,11 +735,6 @@ export class GeminiClient { this.config.getChatRecordingService()?.recordUserMessage(request); } - // Persist attribution state snapshot for session resume - this.config - .getChatRecordingService() - ?.recordAttributionSnapshot(attributionService.toSnapshot()); - // Idle cleanup: clear stale thinking blocks after idle period. // Latch: once triggered, never revert — prevents oscillation. const idleConfig = this.config.getClearContextOnIdle(); @@ -782,6 +777,19 @@ export class GeminiClient { ); } } + + // Persist attribution snapshot on every non-retry turn. ToolResult turns + // run right after tool execution, so their snapshot captures edits that a + // prior UserQuery turn scheduled. Without this, a resumed session only + // sees the UserQuery-time snapshot (empty) and loses tool-driven edits. + if (messageType !== SendMessageType.Retry) { + this.config + .getChatRecordingService() + ?.recordAttributionSnapshot( + CommitAttributionService.getInstance().toSnapshot(), + ); + } + if (messageType !== SendMessageType.Retry) { this.sessionTurnCount++; From ac836b6e9ce07c393cea5d44383139cd87af9aa6 Mon Sep 17 00:00:00 2001 From: wenshao Date: Sun, 19 Apr 2026 09:15:35 +0800 Subject: [PATCH 07/64] refactor(attribution): merge duplicate retry guard and update stale doc Collapse the two back-to-back messageType !== Retry blocks in sendMessageStream into one, and refresh chatRecordingService's recordAttributionSnapshot doc comment to reflect that snapshots fire on every non-retry turn (not just after user prompts). --- packages/core/src/core/client.ts | 10 ++++------ packages/core/src/services/chatRecordingService.ts | 3 ++- 2 files changed, 6 insertions(+), 7 deletions(-) diff --git a/packages/core/src/core/client.ts b/packages/core/src/core/client.ts index ad54c33a785..cbfe8af4394 100644 --- a/packages/core/src/core/client.ts +++ b/packages/core/src/core/client.ts @@ -778,19 +778,17 @@ export class GeminiClient { } } - // Persist attribution snapshot on every non-retry turn. ToolResult turns - // run right after tool execution, so their snapshot captures edits that a - // prior UserQuery turn scheduled. Without this, a resumed session only - // sees the UserQuery-time snapshot (empty) and loses tool-driven edits. if (messageType !== SendMessageType.Retry) { + // Snapshot on every non-retry turn. ToolResult turns run right after + // tool execution, so their snapshot captures edits that a prior + // UserQuery turn scheduled. Without this, a resumed session only sees + // the UserQuery-time snapshot (empty) and loses tool-driven edits. this.config .getChatRecordingService() ?.recordAttributionSnapshot( CommitAttributionService.getInstance().toSnapshot(), ); - } - if (messageType !== SendMessageType.Retry) { this.sessionTurnCount++; if ( diff --git a/packages/core/src/services/chatRecordingService.ts b/packages/core/src/services/chatRecordingService.ts index 770a5d52474..86a40f4d81b 100644 --- a/packages/core/src/services/chatRecordingService.ts +++ b/packages/core/src/services/chatRecordingService.ts @@ -512,7 +512,8 @@ export class ChatRecordingService { /** * Records an attribution state snapshot for session persistence. - * Called after each user prompt to persist AI contribution tracking. + * Called at the start of every non-retry turn so that a resumed session + * sees the most recent state including edits made during the prior turn. */ recordAttributionSnapshot(snapshot: AttributionSnapshot): void { try { From eca9a06457e7e86e808af6347593d50a272d4354 Mon Sep 17 00:00:00 2001 From: wenshao Date: Fri, 24 Apr 2026 16:42:17 +0800 Subject: [PATCH 08/64] feat(attribution): split gitCoAuthor into independent commit and pr toggles Matches the shape used upstream in Claude Code's `attribution.{commit,pr}` so users can disable the PR body line without losing the commit-message Co-authored-by trailer (or vice versa). The previous boolean forced both to move together, which conflated two different surfaces. - settingsSchema: gitCoAuthor becomes an object with nested commit/pr booleans, each `showInDialog: true` so both appear in /settings. - Config constructor accepts legacy boolean (coerced to { commit: v, pr: v }) so stored preferences from the pre-split schema carry over. - shell.ts: attachCommitAttribution and addCoAuthorToGitCommit read .commit; addAttributionToPR reads .pr. --- packages/cli/src/config/settingsSchema.ts | 32 +++++- packages/cli/src/utils/settingsUtils.ts | 3 +- packages/core/src/config/config.test.ts | 32 ++++++ packages/core/src/config/config.ts | 30 +++++- packages/core/src/tools/shell.test.ts | 115 +++++++++++++++++++++- packages/core/src/tools/shell.ts | 13 +-- 6 files changed, 206 insertions(+), 19 deletions(-) diff --git a/packages/cli/src/config/settingsSchema.ts b/packages/cli/src/config/settingsSchema.ts index 4ebb587ea90..97a301d84d1 100644 --- a/packages/cli/src/config/settingsSchema.ts +++ b/packages/cli/src/config/settingsSchema.ts @@ -349,14 +349,36 @@ const SETTINGS_SCHEMA = { showInDialog: true, }, gitCoAuthor: { - type: 'boolean', - label: 'Attribution: commit', + type: 'object', + label: 'Attribution', category: 'General', requiresRestart: false, - default: true, + default: {}, description: - 'Automatically add a Co-authored-by trailer to git commit messages when commits are made through Qwen Code.', - showInDialog: true, + 'Attribution added to git commits and pull requests created through Qwen Code.', + showInDialog: false, + properties: { + commit: { + type: 'boolean', + label: 'Attribution: commit', + category: 'General', + requiresRestart: false, + default: true, + description: + 'Automatically add a Co-authored-by trailer to git commit messages when commits are made through Qwen Code.', + showInDialog: true, + }, + pr: { + type: 'boolean', + label: 'Attribution: PR', + category: 'General', + requiresRestart: false, + default: true, + description: + 'Append a Qwen Code attribution line to PR descriptions when running `gh pr create`.', + showInDialog: true, + }, + }, }, checkpointing: { type: 'object', diff --git a/packages/cli/src/utils/settingsUtils.ts b/packages/cli/src/utils/settingsUtils.ts index 0effeb738c4..f36b26bb29d 100644 --- a/packages/cli/src/utils/settingsUtils.ts +++ b/packages/cli/src/utils/settingsUtils.ts @@ -295,7 +295,8 @@ const SETTINGS_DIALOG_ORDER: readonly string[] = [ 'ui.enableWelcomeBack', // Git Behavior - 'general.gitCoAuthor', + 'general.gitCoAuthor.commit', + 'general.gitCoAuthor.pr', // File Filtering 'context.fileFiltering.respectGitIgnore', diff --git a/packages/core/src/config/config.test.ts b/packages/core/src/config/config.test.ts index c3ce32493af..a88cbbc8fa9 100644 --- a/packages/core/src/config/config.test.ts +++ b/packages/core/src/config/config.test.ts @@ -888,6 +888,38 @@ describe('Server Config (config.ts)', () => { }); }); + describe('GitCoAuthor Settings', () => { + it('defaults both commit and pr to true when not specified', () => { + const config = new Config({ ...baseParams, gitCoAuthor: undefined }); + const settings = config.getGitCoAuthor(); + expect(settings.commit).toBe(true); + expect(settings.pr).toBe(true); + }); + + it('accepts an object with independent commit and pr toggles', () => { + const config = new Config({ + ...baseParams, + gitCoAuthor: { commit: true, pr: false }, + }); + const settings = config.getGitCoAuthor(); + expect(settings.commit).toBe(true); + expect(settings.pr).toBe(false); + }); + + // Legacy shape: before commit and PR attribution were split, this + // setting was a single boolean. Treat it as governing both toggles so + // existing users' preferences carry over. + it.each([true, false])( + 'coerces legacy boolean %s to { commit, pr } with the same value', + (value) => { + const config = new Config({ ...baseParams, gitCoAuthor: value }); + const settings = config.getGitCoAuthor(); + expect(settings.commit).toBe(value); + expect(settings.pr).toBe(value); + }, + ); + }); + describe('Telemetry Settings', () => { it('should return default telemetry target if not provided', () => { const params: ConfigParameters = { diff --git a/packages/core/src/config/config.ts b/packages/core/src/config/config.ts index 9faf3a39bd6..bdb251ad351 100644 --- a/packages/core/src/config/config.ts +++ b/packages/core/src/config/config.ts @@ -226,11 +226,35 @@ export interface OutputSettings { } export interface GitCoAuthorSettings { - enabled?: boolean; + commit: boolean; + pr: boolean; name?: string; email?: string; } +/** + * Shape accepted by the Config constructor for the `gitCoAuthor` param. + * + * A plain `boolean` is accepted for backward compatibility: older settings + * (shipped before commit and PR attribution were split) stored this field as + * a single boolean, and we treat that as applying to both sub-toggles so + * nobody's stored preference silently flips. + */ +export type GitCoAuthorParam = boolean | { commit?: boolean; pr?: boolean }; + +function normalizeGitCoAuthor(value: GitCoAuthorParam | undefined): { + commit: boolean; + pr: boolean; +} { + if (typeof value === 'boolean') { + return { commit: value, pr: value }; + } + return { + commit: value?.commit ?? true, + pr: value?.pr ?? true, + }; +} + export type ExtensionOriginSource = 'QwenCode' | 'Claude' | 'Gemini'; export interface ExtensionInstallMetadata { @@ -364,7 +388,7 @@ export interface ConfigParameters { contextFileName?: string | string[]; accessibility?: AccessibilitySettings; telemetry?: TelemetrySettings; - gitCoAuthor?: boolean; + gitCoAuthor?: GitCoAuthorParam; usageStatisticsEnabled?: boolean; fileFiltering?: { respectGitIgnore?: boolean; @@ -745,7 +769,7 @@ export class Config { useCollector: params.telemetry?.useCollector, }; this.gitCoAuthor = { - enabled: params.gitCoAuthor ?? true, + ...normalizeGitCoAuthor(params.gitCoAuthor), name: 'Qwen-Coder', email: 'qwen-coder@alibabacloud.com', }; diff --git a/packages/core/src/tools/shell.test.ts b/packages/core/src/tools/shell.test.ts index f4e29f33835..a40ce0759c8 100644 --- a/packages/core/src/tools/shell.test.ts +++ b/packages/core/src/tools/shell.test.ts @@ -68,7 +68,8 @@ describe('ShellTool', () => { getPermissionManager: vi.fn().mockReturnValue(undefined), getGeminiClient: vi.fn(), getGitCoAuthor: vi.fn().mockReturnValue({ - enabled: true, + commit: true, + pr: true, name: 'Qwen-Coder', email: 'qwen-coder@alibabacloud.com', }), @@ -767,10 +768,49 @@ describe('ShellTool', () => { ); }); + it('should not add co-author when only pr is enabled (commit off)', async () => { + // Commit attribution must be independent from PR attribution: + // disabling commit should skip the Co-authored-by trailer even if + // pr remains enabled. + (mockConfig.getGitCoAuthor as Mock).mockReturnValue({ + commit: false, + pr: true, + name: 'Qwen-Coder', + email: 'qwen-coder@alibabacloud.com', + }); + + const command = 'git commit -m "Initial commit"'; + const invocation = shellTool.build({ command, is_background: false }); + const promise = invocation.execute(mockAbortSignal); + + resolveExecutionPromise({ + rawOutput: Buffer.from(''), + output: '', + exitCode: 0, + signal: null, + error: null, + aborted: false, + pid: 12345, + executionMethod: 'child_process', + }); + + await promise; + + expect(mockShellExecutionService).toHaveBeenCalledWith( + expect.not.stringContaining('Co-authored-by:'), + expect.any(String), + expect.any(Function), + expect.any(AbortSignal), + false, + {}, + ); + }); + it('should not add co-author when disabled in config', async () => { - // Mock config with disabled co-author + // Mock config with commit co-author disabled (mockConfig.getGitCoAuthor as Mock).mockReturnValue({ - enabled: false, + commit: false, + pr: false, name: 'Qwen-Coder', email: 'qwen-coder@alibabacloud.com', }); @@ -805,7 +845,8 @@ describe('ShellTool', () => { it('should use custom name and email from config', async () => { // Mock config with custom co-author details (mockConfig.getGitCoAuthor as Mock).mockReturnValue({ - enabled: true, + commit: true, + pr: true, name: 'Custom Bot', email: 'custom@example.com', }); @@ -902,6 +943,72 @@ describe('ShellTool', () => { ); }); }); + + describe('addAttributionToPR', () => { + it('should append attribution to gh pr create --body when pr enabled', async () => { + const command = 'gh pr create --title "x" --body "Summary"'; + const invocation = shellTool.build({ command, is_background: false }); + const promise = invocation.execute(mockAbortSignal); + + resolveExecutionPromise({ + rawOutput: Buffer.from(''), + output: '', + exitCode: 0, + signal: null, + error: null, + aborted: false, + pid: 12345, + executionMethod: 'child_process', + }); + + await promise; + + expect(mockShellExecutionService).toHaveBeenCalledWith( + expect.stringContaining('Generated with Qwen Code'), + expect.any(String), + expect.any(Function), + expect.any(AbortSignal), + false, + {}, + ); + }); + + it('should skip PR attribution when pr is off even if commit is on', async () => { + // Commit and PR toggles must be independent. + (mockConfig.getGitCoAuthor as Mock).mockReturnValue({ + commit: true, + pr: false, + name: 'Qwen-Coder', + email: 'qwen-coder@alibabacloud.com', + }); + + const command = 'gh pr create --title "x" --body "Summary"'; + const invocation = shellTool.build({ command, is_background: false }); + const promise = invocation.execute(mockAbortSignal); + + resolveExecutionPromise({ + rawOutput: Buffer.from(''), + output: '', + exitCode: 0, + signal: null, + error: null, + aborted: false, + pid: 12345, + executionMethod: 'child_process', + }); + + await promise; + + expect(mockShellExecutionService).toHaveBeenCalledWith( + expect.not.stringContaining('Generated with Qwen Code'), + expect.any(String), + expect.any(Function), + expect.any(AbortSignal), + false, + {}, + ); + }); + }); }); describe('getDefaultPermission and getConfirmationDetails', () => { diff --git a/packages/core/src/tools/shell.ts b/packages/core/src/tools/shell.ts index dbfd243adad..dc8da48c95f 100644 --- a/packages/core/src/tools/shell.ts +++ b/packages/core/src/tools/shell.ts @@ -524,8 +524,9 @@ export class ShellToolInvocation extends BaseToolInvocation< * as git notes. Analyzes staged files via `git diff` to calculate real * AI vs human contribution percentages. * - * Respects the gitCoAuthor setting: if the user disables co-author, - * attribution notes are also skipped. + * Respects the gitCoAuthor.commit setting: if the user disables commit + * attribution, the per-file note is skipped too (same toggle governs + * the Co-authored-by trailer and the git-notes payload). */ private async attachCommitAttribution( command: string, @@ -548,7 +549,7 @@ export class ShellToolInvocation extends BaseToolInvocation< } const gitCoAuthorSettings = this.config.getGitCoAuthor(); - if (!gitCoAuthorSettings.enabled) { + if (!gitCoAuthorSettings.commit) { // Commit succeeded but attribution disabled — still reset prompt counters attributionService.clearAttributions(true); return; @@ -719,10 +720,10 @@ export class ShellToolInvocation extends BaseToolInvocation< } private addCoAuthorToGitCommit(command: string): string { - // Check if co-author feature is enabled + // Check if commit co-author feature is enabled const gitCoAuthorSettings = this.config.getGitCoAuthor(); - if (!gitCoAuthorSettings.enabled) { + if (!gitCoAuthorSettings.commit) { return command; } @@ -788,7 +789,7 @@ Co-authored-by: ${gitCoAuthorSettings.name} <${gitCoAuthorSettings.email}>`; } const gitCoAuthorSettings = this.config.getGitCoAuthor(); - if (!gitCoAuthorSettings.enabled) { + if (!gitCoAuthorSettings.pr) { return command; } From 2e4dbbc5066c92bb74a878440fef56527573f2be Mon Sep 17 00:00:00 2001 From: wenshao Date: Fri, 24 Apr 2026 17:46:07 +0800 Subject: [PATCH 09/64] =?UTF-8?q?feat(settings):=20add=20v3=E2=86=92v4=20m?= =?UTF-8?q?igration=20for=20gitCoAuthor=20shape=20change?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Legacy gitCoAuthor was a single boolean and shipped ~4 months ago; the previous commit split it into { commit, pr } sub-toggles. Without a migration, users who had set gitCoAuthor: false would see the settings dialog show the default (true) for both sub-toggles — misleading and likely to flip their preference on the next save because getNestedValue returns undefined when asked for .commit on a boolean. - New v3-to-v4 migration expands boolean → { commit: v, pr: v }, preserves already-object values, resets invalid values to {} with a warning. - SETTINGS_VERSION bumped 3 → 4; existing integration assertions use the constant so the next bump is a single-line change. - Regenerate vscode-ide-companion settings.schema.json to reflect the new nested shape. - Docs: split the single gitCoAuthor row into .commit and .pr. --- docs/users/configuration/settings.md | 3 +- .../cli/settings-migration.test.ts | 27 ++-- .../cli/src/config/migration/index.test.ts | 73 +++++----- packages/cli/src/config/migration/index.ts | 8 +- .../migration/versions/v3-to-v4.test.ts | 131 ++++++++++++++++++ .../src/config/migration/versions/v3-to-v4.ts | 83 +++++++++++ packages/cli/src/config/settings.ts | 2 +- .../schemas/settings.schema.json | 17 ++- 8 files changed, 287 insertions(+), 57 deletions(-) create mode 100644 packages/cli/src/config/migration/versions/v3-to-v4.test.ts create mode 100644 packages/cli/src/config/migration/versions/v3-to-v4.ts diff --git a/docs/users/configuration/settings.md b/docs/users/configuration/settings.md index a848388fa39..ec121e7cf6e 100644 --- a/docs/users/configuration/settings.md +++ b/docs/users/configuration/settings.md @@ -84,7 +84,8 @@ Settings are organized into categories. All settings should be placed within the | `general.enableAutoUpdate` | boolean | Enable automatic update checks and installations on startup. | `true` | | `general.showSessionRecap` | boolean | Auto-show a one-line "where you left off" recap when returning to the terminal after being away. Off by default. Use `/recap` to trigger manually regardless of this setting. | `false` | | `general.sessionRecapAwayThresholdMinutes` | number | Minutes the terminal must be blurred before an auto-recap fires on focus-in. Only used when `showSessionRecap` is enabled. | `5` | -| `general.gitCoAuthor` | boolean | Automatically add a Co-authored-by trailer to git commit messages when commits are made through Qwen Code. | `true` | +| `general.gitCoAuthor.commit` | boolean | Automatically add a Co-authored-by trailer to git commit messages when commits are made through Qwen Code. | `true` | +| `general.gitCoAuthor.pr` | boolean | Append a Qwen Code attribution line to pull request descriptions when running `gh pr create`. | `true` | | `general.checkpointing.enabled` | boolean | Enable session checkpointing for recovery. | `false` | | `general.defaultFileEncoding` | string | Default encoding for new files. Use `"utf-8"` (default) for UTF-8 without BOM, or `"utf-8-bom"` for UTF-8 with BOM. Only change this if your project specifically requires BOM. | `"utf-8"` | diff --git a/integration-tests/cli/settings-migration.test.ts b/integration-tests/cli/settings-migration.test.ts index 181dcb2ada7..a68a01ec158 100644 --- a/integration-tests/cli/settings-migration.test.ts +++ b/integration-tests/cli/settings-migration.test.ts @@ -95,7 +95,7 @@ describe('settings-migration', () => { const migratedSettings = readSettingsFile(rig); // Verify migration to V3 - expect(migratedSettings['$version']).toBe(3); + expect(migratedSettings['$version']).toBe(4); expect(migratedSettings['ui']).toEqual({ theme: 'dark', hideTips: false, @@ -137,7 +137,7 @@ describe('settings-migration', () => { const migratedSettings = readSettingsFile(rig); // Expected output based on stable test output - expect(migratedSettings['$version']).toBe(3); + expect(migratedSettings['$version']).toBe(4); expect(migratedSettings['tools']).toEqual({ autoAccept: false }); expect(migratedSettings['context']).toEqual({ includeDirectories: [] }); expect(migratedSettings['model']).toEqual({ name: ['gemini', 'claude'] }); @@ -162,7 +162,7 @@ describe('settings-migration', () => { const migratedSettings = readSettingsFile(rig); // Should be migrated to V3 - expect(migratedSettings['$version']).toBe(3); + expect(migratedSettings['$version']).toBe(4); // Legacy string values for ui/general should be preserved as-is (user data) expect(migratedSettings['ui']).toBe('legacy-ui-string'); expect(migratedSettings['general']).toBe('legacy-general-string'); @@ -189,7 +189,7 @@ describe('settings-migration', () => { const migratedSettings = readSettingsFile(rig); // Expected output based on stable test output - expect(migratedSettings['$version']).toBe(3); + expect(migratedSettings['$version']).toBe(4); expect(migratedSettings['model']).toEqual({ name: 'qwen-plus' }); expect(migratedSettings['ui']).toEqual({ hideWindowTitle: true, @@ -226,7 +226,7 @@ describe('settings-migration', () => { const migratedSettings = readSettingsFile(rig); // Verify migration to V3 - expect(migratedSettings['$version']).toBe(3); + expect(migratedSettings['$version']).toBe(4); // Verify disable* -> enable* conversion with inversion expect( @@ -303,7 +303,7 @@ describe('settings-migration', () => { const migratedSettings = readSettingsFile(rig); // Should be updated to V3 version - expect(migratedSettings['$version']).toBe(3); + expect(migratedSettings['$version']).toBe(4); // Other settings should remain unchanged expect(migratedSettings['ui']).toEqual({ theme: 'dark' }); expect(migratedSettings['model']).toEqual({ name: 'gemini' }); @@ -330,7 +330,7 @@ describe('settings-migration', () => { const migratedSettings = readSettingsFile(rig); // Version metadata should still be normalized to current version - expect(migratedSettings['$version']).toBe(3); + expect(migratedSettings['$version']).toBe(4); // Existing user content should be preserved expect(migratedSettings['customOnlyKey']).toBe('value'); }); @@ -372,7 +372,7 @@ describe('settings-migration', () => { const migratedSettings = readSettingsFile(rig); // Coercible strings are migrated; invalid disable* values are removed. - expect(migratedSettings['$version']).toBe(3); + expect(migratedSettings['$version']).toBe(4); expect(migratedSettings['general']).toEqual({ enableAutoUpdate: false, }); @@ -437,7 +437,7 @@ describe('settings-migration', () => { const migratedSettings = readSettingsFile(rig); // Expected output based on stable test output - expect(migratedSettings['$version']).toBe(3); + expect(migratedSettings['$version']).toBe(4); // Migration converts disable* to enable* by inverting the value // disableAutoUpdate: false -> enableAutoUpdate: true (inverted) // But disableUpdateNag: true may affect the consolidation @@ -501,11 +501,10 @@ describe('settings-migration', () => { // Read settings const finalSettings = readSettingsFile(rig); - // Should remain V3 - expect(finalSettings['$version']).toBe(3); - // Note: V3 settings with legacy disable* keys are left as-is - // Migration only runs when version < current version - // Since this is already V3, no migration logic is applied + // V3 → V4 migration bumps the version; V3→V4 only touches + // general.gitCoAuthor, so unrelated legacy disable* keys remain as-is + // (V2→V3 ran on original V3 load, not re-applied here). + expect(finalSettings['$version']).toBe(4); expect( (finalSettings['general'] as Record)?.[ 'disableAutoUpdate' diff --git a/packages/cli/src/config/migration/index.test.ts b/packages/cli/src/config/migration/index.test.ts index 52bae237efc..720370660ae 100644 --- a/packages/cli/src/config/migration/index.test.ts +++ b/packages/cli/src/config/migration/index.test.ts @@ -15,7 +15,7 @@ import { SETTINGS_VERSION } from '../settings.js'; describe('Migration Framework Integration', () => { describe('runMigrations', () => { - it('should migrate V1 settings to V3', () => { + it('should migrate V1 settings all the way to the current version', () => { const v1Settings = { theme: 'dark', model: 'gemini', @@ -25,8 +25,8 @@ describe('Migration Framework Integration', () => { const result = runMigrations(v1Settings, 'user'); - expect(result.finalVersion).toBe(3); - expect(result.executedMigrations).toHaveLength(2); + expect(result.finalVersion).toBe(SETTINGS_VERSION); + expect(result.executedMigrations).toHaveLength(SETTINGS_VERSION - 1); expect(result.executedMigrations[0]).toEqual({ fromVersion: 1, toVersion: 2, @@ -38,7 +38,7 @@ describe('Migration Framework Integration', () => { // Check V2 structure was created const settings = result.settings as Record; - expect(settings['$version']).toBe(3); + expect(settings['$version']).toBe(SETTINGS_VERSION); expect(settings['ui']).toEqual({ theme: 'dark', accessibility: { enableLoadingPhrases: true }, @@ -51,7 +51,7 @@ describe('Migration Framework Integration', () => { ).toBe(false); }); - it('should migrate V2 settings to V3', () => { + it('should migrate V2 settings forward through the chain', () => { const v2Settings = { $version: 2, ui: { theme: 'light' }, @@ -60,15 +60,15 @@ describe('Migration Framework Integration', () => { const result = runMigrations(v2Settings, 'user'); - expect(result.finalVersion).toBe(3); - expect(result.executedMigrations).toHaveLength(1); + expect(result.finalVersion).toBe(SETTINGS_VERSION); + expect(result.executedMigrations).toHaveLength(SETTINGS_VERSION - 2); expect(result.executedMigrations[0]).toEqual({ fromVersion: 2, toVersion: 3, }); const settings = result.settings as Record; - expect(settings['$version']).toBe(3); + expect(settings['$version']).toBe(SETTINGS_VERSION); expect( (settings['general'] as Record)['enableAutoUpdate'], ).toBe(true); @@ -77,18 +77,18 @@ describe('Migration Framework Integration', () => { ).toBeUndefined(); }); - it('should not modify V3 settings', () => { - const v3Settings = { - $version: 3, + it('should not modify settings already at the current version', () => { + const current = { + $version: SETTINGS_VERSION, ui: { theme: 'dark' }, general: { enableAutoUpdate: true }, }; - const result = runMigrations(v3Settings, 'user'); + const result = runMigrations(current, 'user'); - expect(result.finalVersion).toBe(3); + expect(result.finalVersion).toBe(SETTINGS_VERSION); expect(result.executedMigrations).toHaveLength(0); - expect(result.settings).toEqual(v3Settings); + expect(result.settings).toEqual(current); }); it('should be idempotent', () => { @@ -100,7 +100,7 @@ describe('Migration Framework Integration', () => { const result1 = runMigrations(v1Settings, 'user'); const result2 = runMigrations(result1.settings, 'user'); - expect(result1.executedMigrations).toHaveLength(2); + expect(result1.executedMigrations).toHaveLength(SETTINGS_VERSION - 1); expect(result2.executedMigrations).toHaveLength(0); expect(result1.finalVersion).toBe(result2.finalVersion); }); @@ -135,13 +135,13 @@ describe('Migration Framework Integration', () => { expect(needsMigration(cleanV2Settings)).toBe(true); }); - it('should return false for V3 settings', () => { - const v3Settings = { - $version: 3, + it('should return false for settings already at the current version', () => { + const current = { + $version: SETTINGS_VERSION, general: { enableAutoUpdate: true }, }; - expect(needsMigration(v3Settings)).toBe(false); + expect(needsMigration(current)).toBe(false); }); it('should return false for legacy numeric version when no migration can execute', () => { @@ -156,13 +156,12 @@ describe('Migration Framework Integration', () => { describe('ALL_MIGRATIONS', () => { it('should contain all migrations in order', () => { - expect(ALL_MIGRATIONS).toHaveLength(2); + expect(ALL_MIGRATIONS).toHaveLength(SETTINGS_VERSION - 1); - expect(ALL_MIGRATIONS[0].fromVersion).toBe(1); - expect(ALL_MIGRATIONS[0].toVersion).toBe(2); - - expect(ALL_MIGRATIONS[1].fromVersion).toBe(2); - expect(ALL_MIGRATIONS[1].toVersion).toBe(3); + for (let i = 0; i < ALL_MIGRATIONS.length; i++) { + expect(ALL_MIGRATIONS[i].fromVersion).toBe(i + 1); + expect(ALL_MIGRATIONS[i].toVersion).toBe(i + 2); + } }); }); @@ -178,10 +177,10 @@ describe('Migration Framework Integration', () => { const result = scheduler.migrate(v1Settings); - expect(result.executedMigrations).toHaveLength(2); + expect(result.executedMigrations).toHaveLength(SETTINGS_VERSION - 1); const settings = result.settings as Record; - expect(settings['$version']).toBe(3); + expect(settings['$version']).toBe(SETTINGS_VERSION); expect((settings['ui'] as Record)['theme']).toBe('dark'); expect( (settings['general'] as Record)['enableAutoUpdate'], @@ -212,16 +211,16 @@ describe('Migration Framework Integration', () => { }); it('needsMigration should return false when runMigrations would execute no migrations', () => { - const v3Settings = { - $version: 3, + const current = { + $version: SETTINGS_VERSION, general: { enableAutoUpdate: true }, }; // needsMigration should report that no migration is needed - expect(needsMigration(v3Settings)).toBe(false); + expect(needsMigration(current)).toBe(false); // runMigrations should execute no migrations - const result = runMigrations(v3Settings, 'user'); + const result = runMigrations(current, 'user'); expect(result.executedMigrations).toHaveLength(0); }); @@ -234,10 +233,10 @@ describe('Migration Framework Integration', () => { // needsMigration should report that migration is needed expect(needsMigration(cleanV2Settings)).toBe(true); - // runMigrations should execute the V2->V3 migration + // runMigrations should execute migrations forward to the current version const result = runMigrations(cleanV2Settings, 'user'); expect(result.executedMigrations.length).toBeGreaterThan(0); - expect(result.finalVersion).toBe(3); + expect(result.finalVersion).toBe(SETTINGS_VERSION); }); }); @@ -364,14 +363,14 @@ describe('Migration Framework Integration', () => { it('should avoid repeated no-op migration loops', () => { // Settings that might cause repeated migrations - const v3Settings = { - $version: 3, + const current = { + $version: SETTINGS_VERSION, general: { enableAutoUpdate: true }, }; // First check - expect(needsMigration(v3Settings)).toBe(false); - const result1 = runMigrations(v3Settings, 'user'); + expect(needsMigration(current)).toBe(false); + const result1 = runMigrations(current, 'user'); expect(result1.executedMigrations).toHaveLength(0); // Second check should be consistent diff --git a/packages/cli/src/config/migration/index.ts b/packages/cli/src/config/migration/index.ts index 40d176cbe9b..e37b06d8df7 100644 --- a/packages/cli/src/config/migration/index.ts +++ b/packages/cli/src/config/migration/index.ts @@ -13,6 +13,7 @@ export { MigrationScheduler } from './scheduler.js'; // Export migrations export { v1ToV2Migration, V1ToV2Migration } from './versions/v1-to-v2.js'; export { v2ToV3Migration, V2ToV3Migration } from './versions/v2-to-v3.js'; +export { v3ToV4Migration, V3ToV4Migration } from './versions/v3-to-v4.js'; // Import settings version from single source of truth import { SETTINGS_VERSION } from '../settings.js'; @@ -22,6 +23,7 @@ import { SETTINGS_VERSION } from '../settings.js'; // Order matters: migrations must be sorted by ascending version import { v1ToV2Migration } from './versions/v1-to-v2.js'; import { v2ToV3Migration } from './versions/v2-to-v3.js'; +import { v3ToV4Migration } from './versions/v3-to-v4.js'; import { MigrationScheduler } from './scheduler.js'; import type { MigrationResult } from './types.js'; @@ -35,7 +37,11 @@ import type { MigrationResult } from './types.js'; * const result = scheduler.migrate(settings); * ``` */ -export const ALL_MIGRATIONS = [v1ToV2Migration, v2ToV3Migration] as const; +export const ALL_MIGRATIONS = [ + v1ToV2Migration, + v2ToV3Migration, + v3ToV4Migration, +] as const; /** * Convenience function that runs all migrations on the given settings. diff --git a/packages/cli/src/config/migration/versions/v3-to-v4.test.ts b/packages/cli/src/config/migration/versions/v3-to-v4.test.ts new file mode 100644 index 00000000000..5f37cc59268 --- /dev/null +++ b/packages/cli/src/config/migration/versions/v3-to-v4.test.ts @@ -0,0 +1,131 @@ +/** + * @license + * Copyright 2025 Google LLC + * SPDX-License-Identifier: Apache-2.0 + */ + +import { describe, it, expect } from 'vitest'; +import { V3ToV4Migration } from './v3-to-v4.js'; + +describe('V3ToV4Migration', () => { + const migration = new V3ToV4Migration(); + + describe('shouldMigrate', () => { + it('returns true for V3 settings', () => { + expect( + migration.shouldMigrate({ + $version: 3, + general: { gitCoAuthor: false }, + }), + ).toBe(true); + }); + + it('returns true for V3 settings without gitCoAuthor', () => { + // Even without the relevant key, the version must still bump. + expect(migration.shouldMigrate({ $version: 3 })).toBe(true); + }); + + it('returns false for V4 settings', () => { + expect( + migration.shouldMigrate({ + $version: 4, + general: { gitCoAuthor: { commit: true, pr: true } }, + }), + ).toBe(false); + }); + + it('returns false for non-object input', () => { + expect(migration.shouldMigrate(null)).toBe(false); + expect(migration.shouldMigrate('x')).toBe(false); + expect(migration.shouldMigrate(42)).toBe(false); + }); + }); + + describe('migrate', () => { + it('expands legacy boolean true into { commit: true, pr: true }', () => { + const input = { $version: 3, general: { gitCoAuthor: true } }; + const { settings, warnings } = migration.migrate(input, 'user') as { + settings: Record; + warnings: string[]; + }; + + expect( + (settings['general'] as Record)['gitCoAuthor'], + ).toEqual({ commit: true, pr: true }); + expect(settings['$version']).toBe(4); + expect(warnings).toEqual([]); + }); + + it('expands legacy boolean false into { commit: false, pr: false }', () => { + const input = { $version: 3, general: { gitCoAuthor: false } }; + const { settings } = migration.migrate(input, 'user') as { + settings: Record; + warnings: string[]; + }; + + expect( + (settings['general'] as Record)['gitCoAuthor'], + ).toEqual({ commit: false, pr: false }); + }); + + it('leaves an already-object value untouched', () => { + const input = { + $version: 3, + general: { gitCoAuthor: { commit: false, pr: true } }, + }; + const { settings, warnings } = migration.migrate(input, 'user') as { + settings: Record; + warnings: string[]; + }; + + expect( + (settings['general'] as Record)['gitCoAuthor'], + ).toEqual({ commit: false, pr: true }); + expect(warnings).toEqual([]); + }); + + it('bumps version when gitCoAuthor is absent', () => { + const input = { $version: 3, general: {} }; + const { settings, warnings } = migration.migrate(input, 'user') as { + settings: Record; + warnings: string[]; + }; + + expect(settings['$version']).toBe(4); + expect( + (settings['general'] as Record)['gitCoAuthor'], + ).toBeUndefined(); + expect(warnings).toEqual([]); + }); + + it('drops invalid values and emits a warning', () => { + const input = { $version: 3, general: { gitCoAuthor: 'yes' } }; + const { settings, warnings } = migration.migrate(input, 'user') as { + settings: Record; + warnings: string[]; + }; + + expect( + (settings['general'] as Record)['gitCoAuthor'], + ).toEqual({}); + expect(warnings).toHaveLength(1); + expect(warnings[0]).toContain('gitCoAuthor'); + expect(warnings[0]).toContain('user'); + }); + + it('does not mutate the input settings object', () => { + const input = { $version: 3, general: { gitCoAuthor: false } }; + migration.migrate(input, 'user'); + + expect(input).toEqual({ + $version: 3, + general: { gitCoAuthor: false }, + }); + }); + + it('throws for non-object input', () => { + expect(() => migration.migrate(null, 'user')).toThrow(); + expect(() => migration.migrate('string', 'user')).toThrow(); + }); + }); +}); diff --git a/packages/cli/src/config/migration/versions/v3-to-v4.ts b/packages/cli/src/config/migration/versions/v3-to-v4.ts new file mode 100644 index 00000000000..34795303a04 --- /dev/null +++ b/packages/cli/src/config/migration/versions/v3-to-v4.ts @@ -0,0 +1,83 @@ +/** + * @license + * Copyright 2025 Google LLC + * SPDX-License-Identifier: Apache-2.0 + */ + +import type { SettingsMigration } from '../types.js'; +import { + getNestedProperty, + setNestedPropertySafe, +} from '../../../utils/settingsUtils.js'; + +const GIT_CO_AUTHOR_PATH = 'general.gitCoAuthor'; + +/** + * V3 -> V4 migration (gitCoAuthor boolean → object expansion). + * + * Before V4, `general.gitCoAuthor` was a single boolean that governed both + * commit message attribution and PR body attribution. V4 splits those into + * two independent sub-toggles so users can disable one without losing the + * other. This migration rewrites any stored boolean into `{ commit: v, + * pr: v }` so the user's prior choice carries over to both new toggles and + * the settings dialog reads the expected object shape. + * + * Compatibility strategy: + * - Boolean values are expanded in place. + * - Object values with `commit`/`pr` keys are left untouched (forward- + * compatible — a user who edited their settings.json by hand to the new + * shape is already on V4-equivalent data). + * - Any other present value (string, number, array, null) is dropped with + * a warning so the caller sees an actionable message. + */ +export class V3ToV4Migration implements SettingsMigration { + readonly fromVersion = 3; + readonly toVersion = 4; + + shouldMigrate(settings: unknown): boolean { + if (typeof settings !== 'object' || settings === null) { + return false; + } + const s = settings as Record; + return s['$version'] === 3; + } + + migrate( + settings: unknown, + scope: string, + ): { settings: unknown; warnings: string[] } { + if (typeof settings !== 'object' || settings === null) { + throw new Error('Settings must be an object'); + } + + const result = structuredClone(settings) as Record; + const warnings: string[] = []; + + const value = getNestedProperty(result, GIT_CO_AUTHOR_PATH); + + if (typeof value === 'boolean') { + // Legacy shape — rewrite as { commit, pr } preserving the prior choice. + setNestedPropertySafe(result, GIT_CO_AUTHOR_PATH, { + commit: value, + pr: value, + }); + } else if ( + value !== undefined && + (typeof value !== 'object' || value === null || Array.isArray(value)) + ) { + // Invalid: can't safely interpret. Drop so the schema default (both + // toggles on) applies on next load. + setNestedPropertySafe(result, GIT_CO_AUTHOR_PATH, {}); + warnings.push( + `Reset '${GIT_CO_AUTHOR_PATH}' in ${scope} settings because the stored value was not a boolean or object.`, + ); + } + // Object values (including the new shape) pass through unchanged. + + result['$version'] = 4; + + return { settings: result, warnings }; + } +} + +export const v3ToV4Migration = new V3ToV4Migration(); diff --git a/packages/cli/src/config/settings.ts b/packages/cli/src/config/settings.ts index 38e86bc9c15..b5a774a416c 100644 --- a/packages/cli/src/config/settings.ts +++ b/packages/cli/src/config/settings.ts @@ -65,7 +65,7 @@ export const USER_SETTINGS_DIR = path.dirname(USER_SETTINGS_PATH); export const DEFAULT_EXCLUDED_ENV_VARS = ['DEBUG', 'DEBUG_MODE']; // Settings version to track migration state -export const SETTINGS_VERSION = 3; +export const SETTINGS_VERSION = 4; export const SETTINGS_VERSION_KEY = '$version'; /** diff --git a/packages/vscode-ide-companion/schemas/settings.schema.json b/packages/vscode-ide-companion/schemas/settings.schema.json index d864a44c027..2c1e18f98af 100644 --- a/packages/vscode-ide-companion/schemas/settings.schema.json +++ b/packages/vscode-ide-companion/schemas/settings.schema.json @@ -62,9 +62,20 @@ "default": 5 }, "gitCoAuthor": { - "description": "Automatically add a Co-authored-by trailer to git commit messages when commits are made through Qwen Code.", - "type": "boolean", - "default": true + "description": "Attribution added to git commits and pull requests created through Qwen Code.", + "type": "object", + "properties": { + "commit": { + "description": "Automatically add a Co-authored-by trailer to git commit messages when commits are made through Qwen Code.", + "type": "boolean", + "default": true + }, + "pr": { + "description": "Append a Qwen Code attribution line to PR descriptions when running `gh pr create`.", + "type": "boolean", + "default": true + } + } }, "checkpointing": { "description": "Session checkpointing settings.", From 37142c267758592b6b024333ca44ed8a756e3e81 Mon Sep 17 00:00:00 2001 From: wenshao Date: Fri, 24 Apr 2026 17:53:01 +0800 Subject: [PATCH 10/64] test(migration): cover null/array/number and partial object for v3-to-v4 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The migration already treats any non-boolean, non-object value as invalid (reset to {} with warning), but the existing test only exercised the string "yes" branch. Add parameterized cases for null, array, and number so a future regression that accepts these in the valid bucket gets caught. Also cover partial objects — the migration must not paternalistically fill defaults; that responsibility lives in normalizeGitCoAuthor at the Config boundary. --- .../migration/versions/v3-to-v4.test.ts | 35 +++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/packages/cli/src/config/migration/versions/v3-to-v4.test.ts b/packages/cli/src/config/migration/versions/v3-to-v4.test.ts index 5f37cc59268..8b3b25c6028 100644 --- a/packages/cli/src/config/migration/versions/v3-to-v4.test.ts +++ b/packages/cli/src/config/migration/versions/v3-to-v4.test.ts @@ -113,6 +113,41 @@ describe('V3ToV4Migration', () => { expect(warnings[0]).toContain('user'); }); + it.each([ + ['null', null], + ['array', []], + ['number', 42], + ])('treats %s as invalid and resets with a warning', (_label, bad) => { + const input = { $version: 3, general: { gitCoAuthor: bad } }; + const { settings, warnings } = migration.migrate(input, 'user') as { + settings: Record; + warnings: string[]; + }; + + expect( + (settings['general'] as Record)['gitCoAuthor'], + ).toEqual({}); + expect(warnings).toHaveLength(1); + }); + + it('leaves a partially-specified object unchanged', () => { + // Downstream normalizeGitCoAuthor fills missing sub-keys with defaults; + // the migration only reshapes, it does not paternalistically fill defaults. + const input = { + $version: 3, + general: { gitCoAuthor: { commit: false } }, + }; + const { settings, warnings } = migration.migrate(input, 'user') as { + settings: Record; + warnings: string[]; + }; + + expect( + (settings['general'] as Record)['gitCoAuthor'], + ).toEqual({ commit: false }); + expect(warnings).toEqual([]); + }); + it('does not mutate the input settings object', () => { const input = { $version: 3, general: { gitCoAuthor: false } }; migration.migrate(input, 'user'); From 76ec0489118b7b147a48b0a7a65e1b15245b5d9d Mon Sep 17 00:00:00 2001 From: wenshao Date: Thu, 30 Apr 2026 17:41:33 +0800 Subject: [PATCH 11/64] fix(shell): address PR review for compound commits and PR body escaping Two critical issues called out in review: 1. attachCommitAttribution treated the final shell exit code as proof that `git commit` itself failed. For compound commands like `git commit -m "x" && npm test`, the commit can succeed and a later step can fail; the previous code then cleared attribution without writing the git note. Now we snapshot HEAD before the command (via `git rev-parse HEAD` through child_process.execFile, kept independent of the mockable ShellExecutionService) and detect commit creation by HEAD movement, so attribution lands whenever a new commit was created regardless of later steps. 2. addAttributionToPR spliced the configured generator name into the user-approved `gh pr create --body "..."` argument verbatim. A name containing `"`, `$`, a backtick, or `'` could break the command or be evaluated as command substitution. Now we shell-escape the appended text per the surrounding quote style before splicing. Tests cover the new escape paths for both double- and single-quoted bodies, including a generator name designed to break interpolation (`$(rm -rf /) "danger" \`eval\``) and one with an apostrophe. --- packages/core/src/tools/shell.test.ts | 75 ++++++++++++++++++++ packages/core/src/tools/shell.ts | 99 ++++++++++++++++++++++++--- 2 files changed, 166 insertions(+), 8 deletions(-) diff --git a/packages/core/src/tools/shell.test.ts b/packages/core/src/tools/shell.test.ts index 861040026f8..01ce1721a22 100644 --- a/packages/core/src/tools/shell.test.ts +++ b/packages/core/src/tools/shell.test.ts @@ -1126,6 +1126,81 @@ describe('ShellTool', () => { {}, ); }); + + // Without escaping, a generator name containing `"`, `$`, or a + // backtick would either break the user-approved `gh pr create` + // command or be evaluated as command substitution. The fix was to + // shell-escape the appended text for the surrounding quote style. + it('should escape generator names with shell metacharacters in double-quoted body', async () => { + (mockConfig.getGitCoAuthor as Mock).mockReturnValue({ + commit: true, + pr: true, + // A name designed to break double-quote interpolation if not escaped. + name: 'Bot $(rm -rf /) "danger" `eval`', + email: 'bot@example.com', + }); + // Generator name only ends up in the attribution when shots > 0. + const svc = CommitAttributionService.getInstance(); + svc.incrementPromptCount(); + + const command = 'gh pr create --title "x" --body "Summary"'; + const invocation = shellTool.build({ command, is_background: false }); + const promise = invocation.execute(mockAbortSignal); + + resolveExecutionPromise({ + rawOutput: Buffer.from(''), + output: '', + exitCode: 0, + signal: null, + error: null, + aborted: false, + pid: 12345, + executionMethod: 'child_process', + }); + + await promise; + + const observedCmd = mockShellExecutionService.mock.calls[0][0]; + // Each metacharacter must be escaped, not literal. + expect(observedCmd).toContain('\\$'); + expect(observedCmd).toContain('\\"'); + expect(observedCmd).toContain('\\`'); + // And the original `--body` quote must still close properly + // (`s` flag — body contains newlines from the attribution). + expect(observedCmd).toMatch(/--body\s+".+"/s); + }); + + it('should escape single-quoted body containing apostrophes in generator name', async () => { + (mockConfig.getGitCoAuthor as Mock).mockReturnValue({ + commit: true, + pr: true, + name: "O'Brien-Bot", + email: 'bot@example.com', + }); + const svc = CommitAttributionService.getInstance(); + svc.incrementPromptCount(); + + const command = "gh pr create --title 'x' --body 'Summary'"; + const invocation = shellTool.build({ command, is_background: false }); + const promise = invocation.execute(mockAbortSignal); + + resolveExecutionPromise({ + rawOutput: Buffer.from(''), + output: '', + exitCode: 0, + signal: null, + error: null, + aborted: false, + pid: 12345, + executionMethod: 'child_process', + }); + + await promise; + + const observedCmd = mockShellExecutionService.mock.calls[0][0]; + // The bash close-escape-reopen trick yields `'\''` in place of `'`. + expect(observedCmd).toContain("O'\\''Brien-Bot"); + }); }); }); diff --git a/packages/core/src/tools/shell.ts b/packages/core/src/tools/shell.ts index 02cefc76a92..f0ae3ec08a5 100644 --- a/packages/core/src/tools/shell.ts +++ b/packages/core/src/tools/shell.ts @@ -8,6 +8,7 @@ import fs from 'node:fs'; import path from 'node:path'; import os from 'node:os'; import crypto from 'node:crypto'; +import * as childProcess from 'node:child_process'; import type { Config } from '../config/config.js'; import { ToolNames, ToolDisplayNames } from './tool-names.js'; import { ToolErrorType } from './tool-error.js'; @@ -67,6 +68,24 @@ function stripTrailingBackgroundAmp(command: string): string { return trimmed.slice(0, -1).trimEnd(); } +/** + * Escape `s` so it is safe to interpolate inside a bash double-quoted + * string. Inside `"..."`, bash still interprets `$`, backtick, `\`, and + * `"`; escape those four. Newlines and other characters are literal. + */ +function escapeForBashDoubleQuote(s: string): string { + return s.replace(/[\\"$`]/g, '\\$&'); +} + +/** + * Escape `s` so it is safe to interpolate inside a bash single-quoted + * string. Bash single quotes have no escape mechanism — the standard + * trick is to close the quote, emit a backslash-escaped `'`, and reopen. + */ +function escapeForBashSingleQuote(s: string): string { + return s.replace(/'/g, "'\\''"); +} + export const OUTPUT_UPDATE_INTERVAL_MS = 1000; const DEFAULT_FOREGROUND_TIMEOUT_MS = 120000; @@ -252,6 +271,18 @@ export class ShellToolInvocation extends BaseToolInvocation< const commandToExecute = processedCommand; const cwd = this.params.directory || this.config.getTargetDir(); + // Snapshot HEAD before running so attachCommitAttribution can detect + // commit creation by HEAD movement instead of trusting the shell + // exit code (which is unreliable for compound commands). Kick the + // lookup off concurrently so we don't block ShellExecutionService. + // `git rev-parse HEAD` is a few fs reads (low ms) while a real + // `git commit` always takes longer, so the snapshot effectively + // resolves before the user's command can move HEAD. + const isGitCommitCommand = /\bgit\s+commit\b/.test(strippedCommand); + const preHeadPromise: Promise = isGitCommitCommand + ? this.getGitHead(cwd) + : Promise.resolve(null); + let cumulativeOutput: string | AnsiOutput = ''; let lastUpdateTime = Date.now(); let isBinaryStream = false; @@ -360,11 +391,12 @@ export class ShellToolInvocation extends BaseToolInvocation< : '(none)'; // After a git commit (whether or not it was the final command in a - // compound), attach AI attribution as a git note. The helper detects - // commit creation by HEAD movement, not exit code, so a `git commit - // && npm test` chain that fails on `npm test` still gets attribution - // for the successful commit. - await this.attachCommitAttribution(strippedCommand, result, cwd); + // compound), attach AI attribution as a git note. The helper + // detects commit creation by HEAD movement, not exit code, so a + // `git commit && npm test` chain that fails on `npm test` still + // gets attribution for the successful commit. + const preHead = await preHeadPromise; + await this.attachCommitAttribution(strippedCommand, cwd, preHead); llmContent = [ `Command: ${this.params.command}`, @@ -597,19 +629,58 @@ export class ShellToolInvocation extends BaseToolInvocation< }; } + /** + * Read the current HEAD SHA, or null if unavailable (no commits yet, + * not a git repo, or git failed). Used to detect whether a `git + * commit` actually created a new commit, independent of the shell's + * exit code. + * + * Goes through `child_process.execFile` rather than + * {@link ShellExecutionService} so the lookup is unaffected by test + * mocks of the shell service and stays well clear of any user-supplied + * shell wrapper. The 2s timeout means a wedged repo can't stall the + * post-command path. + */ + private async getGitHead(cwd: string): Promise { + return new Promise((resolve) => { + const child = childProcess.execFile( + 'git', + ['rev-parse', 'HEAD'], + { cwd, timeout: 2000 }, + (error, stdout) => { + if (error) { + resolve(null); + return; + } + const sha = String(stdout).trim(); + resolve(sha.length > 0 ? sha : null); + }, + ); + // Suppress unhandled-error events from the child stream (e.g. ENOENT + // when git is missing); the callback still receives the error. + child.on('error', () => {}); + }); + } + /** * After a successful git commit, attach per-file AI attribution metadata * as git notes. Analyzes staged files via `git diff` to calculate real * AI vs human contribution percentages. * + * Detects commit creation by HEAD movement, not by shell exit code: + * for compound commands like `git commit -m "x" && npm test`, the + * commit can succeed and a later step can fail. Gating on `exitCode + * !== 0` would skip attribution for the successful commit, so we + * compare pre- and post-command HEAD instead. + * * Respects the gitCoAuthor.commit setting: if the user disables commit * attribution, the per-file note is skipped too (same toggle governs * the Co-authored-by trailer and the git-notes payload). */ private async attachCommitAttribution( command: string, - result: { exitCode: number | null; aborted?: boolean }, cwd: string, + preHead: string | null, ): Promise { const gitCommitPattern = /\bgit\s+commit\b/; if (!gitCommitPattern.test(command)) { @@ -621,7 +692,12 @@ export class ShellToolInvocation extends BaseToolInvocation< return; } - if (result.exitCode !== 0 || result.aborted) { + const postHead = await this.getGitHead(cwd); + const commitCreated = postHead !== null && postHead !== preHead; + if (!commitCreated) { + // No new commit landed (nothing staged, hook rejected, or user + // reset right after). Reset prompt counters so the next attempt + // starts clean. attributionService.clearAttributions(false); return; } @@ -891,7 +967,14 @@ Co-authored-by: ${gitCoAuthorSettings.name} <${gitCoAuthorSettings.email}>`; if (bodyMatch) { const [fullMatch, prefix, existingBody] = bodyMatch; - const newBody = existingBody + attribution; + // Escape the appended text for the surrounding quote style. + // Without this, a configured generator name containing `"`, `$`, a + // backtick, or `'` would either break the user-approved `gh pr + // create` command or, worse, be interpreted as command substitution. + const escapedAttribution = bodyDoubleMatch + ? escapeForBashDoubleQuote(attribution) + : escapeForBashSingleQuote(attribution); + const newBody = existingBody + escapedAttribution; // Use indexOf + slice instead of String.replace() to avoid // special replacement patterns ($&, $1, etc.) in user content const idx = command.indexOf(fullMatch); From 98942178dc62d066c2a4feeb0d705fc80c8a831e Mon Sep 17 00:00:00 2001 From: wenshao Date: Fri, 1 May 2026 13:02:05 +0800 Subject: [PATCH 12/64] fix(attribution): address Copilot review on shell, schema, and totals MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Six items called out on PR #3115 by Copilot: - shell.ts: addAttributionToPR's bash quote escaping doesn't apply to cmd.exe / PowerShell, where `\$` and `'\''` aren't honored. Skip the PR body rewrite entirely on Windows — losing PR attribution there is preferable to corrupting the user-approved `gh pr create` command. - attributionTrailer.ts + shell.ts call site: buildGitNotesCommand used bash-style single-quote escaping on the JSON note, which is broken on Windows. Switched to argv form (`{ command, args }`) and routed the invocation through child_process.execFile so shell quoting is bypassed entirely. Tests updated to assert the argv shape. - commitAttribution.ts: when a tracked file's aiChars exceeded the diff --stat-derived diffSize (long-line edits where diffSize ≈ lines * 40), humanChars clamped to 0 but aiChars stayed inflated, leaving aiChars + humanChars > the committed change magnitude. Clamp aiChars to diffSize so the totals stay consistent. - shell.ts parseDiffStat: only normalized rename brace notation (`{old => new}`). Cross-directory renames emit `old/path => new/path` without braces, leaving diffSizes keyed by the full string. Added a second normalization step. - shell.ts: addAttributionToPR docstring claimed `(X% N-shotted)` but the implementation only emits `(N-shotted by Generator)`. Updated the docstring to match the actual behavior. - settingsSchema.ts + generator: gitCoAuthor went from boolean to object in the V4 migration. The exported JSON Schema now wraps the field in `anyOf: [boolean, object]` (via a new `legacyTypes` hint on SettingDefinition) so users with a stored boolean don't see a spurious IDE warning before their next launch runs the migration. --- packages/cli/src/config/settingsSchema.ts | 15 ++++ .../src/services/attributionTrailer.test.ts | 45 ++++++----- .../core/src/services/attributionTrailer.ts | 35 ++++++--- .../src/services/commitAttribution.test.ts | 21 +++++ .../core/src/services/commitAttribution.ts | 7 +- packages/core/src/tools/shell.ts | 78 ++++++++++++------- .../schemas/settings.schema.json | 29 ++++--- scripts/generate-settings-schema.ts | 14 ++++ 8 files changed, 178 insertions(+), 66 deletions(-) diff --git a/packages/cli/src/config/settingsSchema.ts b/packages/cli/src/config/settingsSchema.ts index 8ed8e97257a..0a72be24d1f 100644 --- a/packages/cli/src/config/settingsSchema.ts +++ b/packages/cli/src/config/settingsSchema.ts @@ -78,6 +78,14 @@ export interface SettingDefinition { options?: readonly SettingEnumOption[]; /** Schema for array items when type is 'array' */ items?: SettingItemDefinition; + /** + * Primitive shapes a field accepted before it was expanded to its current + * type. The exported JSON Schema wraps the field in `anyOf` so values from + * those older shapes don't trip the IDE validator while the runtime + * migration is still pending. Has no runtime effect — it's purely a + * compatibility hint for editors. + */ + legacyTypes?: readonly SettingsType[]; } /** @@ -368,6 +376,13 @@ const SETTINGS_SCHEMA = { description: 'Attribution added to git commits and pull requests created through Qwen Code.', showInDialog: false, + // Pre-V4 settings stored this as a single boolean. The V3→V4 + // migration rewrites those on first launch, but the IDE schema + // validator runs before that — accept the boolean shape so users + // editing settings.json in VS Code don't see a spurious warning + // until they run qwen once. Config.normalizeGitCoAuthor handles + // the boolean at runtime. + legacyTypes: ['boolean'], properties: { commit: { type: 'boolean', diff --git a/packages/core/src/services/attributionTrailer.test.ts b/packages/core/src/services/attributionTrailer.test.ts index 74da1eac4c9..83ac8362229 100644 --- a/packages/core/src/services/attributionTrailer.test.ts +++ b/packages/core/src/services/attributionTrailer.test.ts @@ -33,28 +33,31 @@ const sampleNote: CommitAttributionNote = { describe('attributionTrailer', () => { describe('buildGitNotesCommand', () => { - it('should build a valid git notes command', () => { + it('should build a valid git notes invocation', () => { const cmd = buildGitNotesCommand(sampleNote); expect(cmd).not.toBeNull(); - expect(cmd).toContain( - 'git notes --ref=refs/notes/ai-attribution add -f -m', - ); - expect(cmd).toContain('HEAD'); - expect(cmd).toContain('"Qwen-Coder"'); + expect(cmd!.command).toBe('git'); + expect(cmd!.args.slice(0, 6)).toEqual([ + 'notes', + '--ref=refs/notes/ai-attribution', + 'add', + '-f', + '-m', + // index 5 is the JSON note payload, asserted below + cmd!.args[5], + ]); + expect(cmd!.args.at(-1)).toBe('HEAD'); }); - it('should not include cd prefix', () => { + it('should pass the JSON note as a single argv entry (no shell quoting)', () => { + // The `-f` flag is at args[3]; the note JSON sits at args[5] between + // `-m` and `HEAD`. Returning argv (rather than a shell-quoted command + // string) keeps the payload off the shell parser entirely so quotes, + // command substitution, and platform-specific escaping cannot break + // it on cmd.exe / PowerShell. const cmd = buildGitNotesCommand(sampleNote)!; - expect(cmd).not.toContain('cd '); - expect(cmd.startsWith('git notes')).toBe(true); - }); - - it('should produce valid JSON in the note', () => { - const cmd = buildGitNotesCommand(sampleNote)!; - const match = cmd.match(/-m '(.+)' HEAD/); - expect(match).toBeTruthy(); - const jsonStr = match![1].replace(/'\\''/g, "'"); - const parsed = JSON.parse(jsonStr); + const noteArg = cmd.args[5]!; + const parsed = JSON.parse(noteArg); expect(parsed.version).toBe(1); expect(parsed.summary.aiPercent).toBe(38); expect(parsed.files['src/main.ts'].percent).toBe(75); @@ -74,7 +77,10 @@ describe('attributionTrailer', () => { expect(buildGitNotesCommand(hugeNote)).toBeNull(); }); - it('should properly escape single quotes in JSON', () => { + it('should leave single quotes literal in the argv payload', () => { + // The previous string-based command needed bash-style quote escaping. + // With argv, the apostrophe stays literal — the executor passes it + // through to git unmolested. const noteWithQuotes: CommitAttributionNote = { ...sampleNote, files: { @@ -83,7 +89,8 @@ describe('attributionTrailer', () => { }; const cmd = buildGitNotesCommand(noteWithQuotes); expect(cmd).not.toBeNull(); - expect(cmd).toContain("'\\''"); + const parsed = JSON.parse(cmd!.args[5]!); + expect(parsed.files["it's-a-file.ts"].percent).toBe(67); }); }); diff --git a/packages/core/src/services/attributionTrailer.ts b/packages/core/src/services/attributionTrailer.ts index fb08f6f67a4..2bce67d260b 100644 --- a/packages/core/src/services/attributionTrailer.ts +++ b/packages/core/src/services/attributionTrailer.ts @@ -20,28 +20,45 @@ const GIT_NOTES_REF = 'refs/notes/ai-attribution'; const MAX_NOTE_BYTES = 128 * 1024; // 128 KB /** - * Escape a string for safe use inside single quotes in a shell command. + * argv-form git notes invocation, designed for `child_process.execFile`. + * + * We return argv rather than a shell-quoted command string because the JSON + * note travels as a separate argv entry — no shell quoting is needed and no + * shell metacharacters can be re-evaluated. This matters most on Windows + * where bash-style single-quote escaping (`'\''`) is invalid and would + * corrupt the note (or, worse, allow interpolation under PowerShell/cmd). */ -function shellEscapeSingleQuote(s: string): string { - return s.replace(/'/g, "'\\''"); +export interface GitNotesCommand { + command: string; + args: string[]; } /** - * Generate the git notes add command to attach attribution metadata to the - * most recent commit. Does NOT include a cd prefix — the caller should pass - * the working directory to the shell executor directly. + * Build the git notes add invocation to attach attribution metadata to the + * most recent commit. Caller should pass the result to a process-spawning + * API (`child_process.execFile`) along with a `cwd` option. * * Returns null if the serialized note exceeds MAX_NOTE_BYTES. */ export function buildGitNotesCommand( note: CommitAttributionNote, -): string | null { +): GitNotesCommand | null { const noteJson = JSON.stringify(note); if (Buffer.byteLength(noteJson, 'utf-8') > MAX_NOTE_BYTES) { return null; } - const escaped = shellEscapeSingleQuote(noteJson); - return `git notes --ref=${GIT_NOTES_REF} add -f -m '${escaped}' HEAD`; + return { + command: 'git', + args: [ + 'notes', + `--ref=${GIT_NOTES_REF}`, + 'add', + '-f', + '-m', + noteJson, + 'HEAD', + ], + }; } /** diff --git a/packages/core/src/services/commitAttribution.test.ts b/packages/core/src/services/commitAttribution.test.ts index 76865abb599..435838f6560 100644 --- a/packages/core/src/services/commitAttribution.test.ts +++ b/packages/core/src/services/commitAttribution.test.ts @@ -268,6 +268,27 @@ describe('CommitAttributionService', () => { .generator, ).toBe('CustomAgent'); }); + + // Long-line edits inflate the tracked AI char count (we count actual + // characters), but diffSize comes from `git diff --stat` which + // approximates each changed line as ~40 chars. Without clamping, + // aiChars stays large while humanChars snaps to 0, leaving + // aiChars+humanChars > the committed change magnitude. + it('should clamp aiChars to diffSize so totals stay consistent', () => { + const service = CommitAttributionService.getInstance(); + // Big AI edit but small reported diff (one long-line change). + service.recordEdit('/project/src/big.ts', '', 'x'.repeat(1000)); + + const staged = makeStagedInfo(['src/big.ts'], { 'src/big.ts': 40 }); + const note = service.generateNotePayload(staged, '/project'); + + const detail = note.files['src/big.ts']!; + expect(detail.aiChars).toBe(40); + expect(detail.humanChars).toBe(0); + // aiChars + humanChars now equals the reported diff size. + expect(detail.aiChars + detail.humanChars).toBe(40); + expect(note.summary.aiChars).toBe(40); + }); }); describe('generatePRAttribution', () => { diff --git a/packages/core/src/services/commitAttribution.ts b/packages/core/src/services/commitAttribution.ts index 6f9c6315fd8..2420ed3727f 100644 --- a/packages/core/src/services/commitAttribution.ts +++ b/packages/core/src/services/commitAttribution.ts @@ -371,7 +371,12 @@ export class CommitAttributionService { let humanChars: number; if (tracked) { - aiChars = tracked.aiContribution; + // Clamp aiChars to diffSize so aiChars+humanChars stays consistent + // with the committed change magnitude. Without this, long-line edits + // (where diffSize is `lines * 40` from --stat output) can leave + // aiChars > diffSize: humanChars then snaps to 0 but aiChars stays + // large, inflating the per-file total beyond what was committed. + aiChars = Math.min(tracked.aiContribution, diffSize); humanChars = Math.max(0, diffSize - aiChars); } else if (isDeleted) { aiChars = 0; diff --git a/packages/core/src/tools/shell.ts b/packages/core/src/tools/shell.ts index c6b2ce956af..9360cb4ef97 100644 --- a/packages/core/src/tools/shell.ts +++ b/packages/core/src/tools/shell.ts @@ -937,31 +937,37 @@ export class ShellToolInvocation extends BaseToolInvocation< return; // finally block still runs for cleanup } - // Use a short timeout to avoid blocking the user if git notes stalls - const notesAbort = new AbortController(); - const notesTimeout = setTimeout(() => notesAbort.abort(), 5000); - let notesExitCode: number | null = null; - let notesOutput = ''; - try { - const handle = await ShellExecutionService.execute( - notesCommand, - cwd, - () => {}, - notesAbort.signal, - false, - {}, + // Use execFile with argv (rather than ShellExecutionService) so the + // JSON note isn't subjected to shell quoting at all — important on + // Windows where the bash-style escape used previously is invalid + // for cmd.exe / PowerShell. 5s timeout keeps a wedged repo from + // stalling the user-visible turn. + const { exitCode, output } = await new Promise<{ + exitCode: number | null; + output: string; + }>((resolve) => { + const child = childProcess.execFile( + notesCommand.command, + notesCommand.args, + { cwd, timeout: 5000 }, + (error, stdout, stderr) => { + const merged = (stdout || '') + (stderr || ''); + if (error) { + const code = + typeof (error as NodeJS.ErrnoException).code === 'number' + ? ((error as NodeJS.ErrnoException).code as unknown as number) + : null; + resolve({ exitCode: code ?? 1, output: merged }); + } else { + resolve({ exitCode: 0, output: merged }); + } + }, ); - const notesResult = await handle.result; - notesExitCode = notesResult.exitCode; - notesOutput = notesResult.output; - } finally { - clearTimeout(notesTimeout); - } + child.on('error', () => {}); + }); - if (notesExitCode !== 0) { - debugLogger.warn( - `git notes exited with code ${notesExitCode}: ${notesOutput}`, - ); + if (exitCode !== 0) { + debugLogger.warn(`git notes exited with code ${exitCode}: ${output}`); } else { debugLogger.debug( `Attached AI attribution note: ${note.summary.aiPercent}% AI, ${note.summary.totalFilesTouched} file(s)`, @@ -1068,9 +1074,17 @@ export class ShellToolInvocation extends BaseToolInvocation< const match = line.match(/^\s*(.+?)\s+\|\s+(\d+)/); if (match) { let filePath = match[1]!.trim(); - // Handle rename brace notation: "{old => new}" or "dir/{old => new}" - // Extract the new name so the key matches --name-only output + // Handle rename brace notation: "{old => new}" or "dir/{old => new}". + // Extract the new name so the key matches --name-only output. filePath = filePath.replace(/\{[^}]*?=>\s*([^}]*)\}/g, '$1'); + // Handle plain rename notation when the rename crosses directories: + // "old/path/file => new/path/file". Keep only the new path. + if (filePath.includes('=>')) { + const renameMatch = filePath.match(/^(.*?)\s=>\s(.*)$/); + if (renameMatch) { + filePath = renameMatch[2]!.trim(); + } + } const changes = parseInt(match[2]!, 10); // Approximate chars: lines changed * avg 40 chars/line sizes.set(filePath, changes * 40); @@ -1141,7 +1155,15 @@ Co-authored-by: ${gitCoAuthorSettings.name} <${gitCoAuthorSettings.email}>`; /** * Detect `gh pr create` commands and append AI attribution text to the - * PR body. Format: "🤖 Generated with Qwen Code (X% N-shotted by Qwen-Coder)" + * PR body. Format: "🤖 Generated with Qwen Code (N-shotted by Qwen-Coder)" + * when at least one user prompt has been recorded since the last commit; + * otherwise just "🤖 Generated with Qwen Code". + * + * Skipped on Windows: the appended text relies on bash quote-escape + * conventions (`\$`, `'\''`) that cmd.exe and PowerShell don't honor, + * so on those shells our injection could either break the user-approved + * `gh pr create` command or be evaluated as command substitution. + * Losing PR attribution on Windows is an acceptable trade for safety. */ private addAttributionToPR(command: string): string { const ghPrPattern = /\bgh\s+pr\s+create\b/; @@ -1149,6 +1171,10 @@ Co-authored-by: ${gitCoAuthorSettings.name} <${gitCoAuthorSettings.email}>`; return command; } + if (os.platform() === 'win32') { + return command; + } + const gitCoAuthorSettings = this.config.getGitCoAuthor(); if (!gitCoAuthorSettings.pr) { return command; diff --git a/packages/vscode-ide-companion/schemas/settings.schema.json b/packages/vscode-ide-companion/schemas/settings.schema.json index 623d1bdc162..690f9247866 100644 --- a/packages/vscode-ide-companion/schemas/settings.schema.json +++ b/packages/vscode-ide-companion/schemas/settings.schema.json @@ -67,19 +67,26 @@ }, "gitCoAuthor": { "description": "Attribution added to git commits and pull requests created through Qwen Code.", - "type": "object", - "properties": { - "commit": { - "description": "Automatically add a Co-authored-by trailer to git commit messages when commits are made through Qwen Code.", - "type": "boolean", - "default": true + "anyOf": [ + { + "type": "boolean" }, - "pr": { - "description": "Append a Qwen Code attribution line to PR descriptions when running `gh pr create`.", - "type": "boolean", - "default": true + { + "type": "object", + "properties": { + "commit": { + "description": "Automatically add a Co-authored-by trailer to git commit messages when commits are made through Qwen Code.", + "type": "boolean", + "default": true + }, + "pr": { + "description": "Append a Qwen Code attribution line to PR descriptions when running `gh pr create`.", + "type": "boolean", + "default": true + } + } } - } + ] }, "checkpointing": { "description": "Session checkpointing settings.", diff --git a/scripts/generate-settings-schema.ts b/scripts/generate-settings-schema.ts index a8b8f732bdd..3f22ade2054 100644 --- a/scripts/generate-settings-schema.ts +++ b/scripts/generate-settings-schema.ts @@ -39,6 +39,7 @@ interface JsonSchemaProperty { default?: unknown; additionalProperties?: boolean | JsonSchemaProperty; required?: string[]; + anyOf?: JsonSchemaProperty[]; } function convertItemDefinitionToJsonSchema( @@ -160,6 +161,19 @@ function convertSettingToJsonSchema( } } + // If the field accepts a legacy primitive shape (e.g. a boolean that was + // later expanded into an object), wrap with `anyOf` so existing values + // in users' settings.json don't trip the IDE schema validator while + // they wait for our migration to rewrite them on the next launch. + if (setting.legacyTypes && setting.legacyTypes.length > 0) { + const description = schema.description; + delete schema.description; + return { + ...(description ? { description } : {}), + anyOf: [...setting.legacyTypes.map((t) => ({ type: t })), schema], + }; + } + return schema; } From c83479e2b51c03dc480fb4735a4e2bbb3ccb6135 Mon Sep 17 00:00:00 2001 From: wenshao Date: Fri, 1 May 2026 13:31:03 +0800 Subject: [PATCH 13/64] fix(attribution): parse binary diffs, source generator from model, sync schema $version MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Three follow-up review items from Copilot: - parseDiffStat now handles git's binary-diff format (`path | Bin A -> B bytes`) using the byte delta with a floor of 1. Without this, binary edits arrived at the attribution payload as diffSize=0 and were silently dropped. Also extracted the parser to a top-level exported function so the binary path is unit-testable; added five targeted cases (text/binary/rename normalisation/summary skip). - attachCommitAttribution now passes `this.config.getModel()` into generateNotePayload instead of the user-configurable `gitCoAuthor.name`. The note's `generator` field reflects which model produced the changes — and CommitAttributionService's sanitizeModelName() actually has the codename to scrub now. - generate-settings-schema.ts imports SETTINGS_VERSION instead of hardcoding `default: 3`, so a future bump propagates to the emitted JSON schema in one place. Regenerated settings.schema.json bumps $version's default from 3 to 4 to match the V4 migration. --- packages/core/src/tools/shell.test.ts | 37 +++++- packages/core/src/tools/shell.ts | 121 +++++++++++++----- .../schemas/settings.schema.json | 2 +- scripts/generate-settings-schema.ts | 6 +- 4 files changed, 127 insertions(+), 39 deletions(-) diff --git a/packages/core/src/tools/shell.test.ts b/packages/core/src/tools/shell.test.ts index 6d6705b41a7..15677fb7340 100644 --- a/packages/core/src/tools/shell.test.ts +++ b/packages/core/src/tools/shell.test.ts @@ -33,7 +33,7 @@ import * as fs from 'node:fs'; import * as os from 'node:os'; import * as crypto from 'node:crypto'; import { ToolErrorType } from './tool-error.js'; -import { OUTPUT_UPDATE_INTERVAL_MS } from './shell.js'; +import { OUTPUT_UPDATE_INTERVAL_MS, parseDiffStat } from './shell.js'; import { createMockWorkspaceContext } from '../test-utils/mockWorkspaceContext.js'; import { PermissionManager } from '../permissions/permission-manager.js'; import { CommitAttributionService } from '../services/commitAttribution.js'; @@ -67,6 +67,7 @@ describe('ShellTool', () => { getTruncateToolOutputLines: vi.fn().mockReturnValue(0), getPermissionManager: vi.fn().mockReturnValue(undefined), getGeminiClient: vi.fn(), + getModel: vi.fn().mockReturnValue('qwen3-coder-plus'), getGitCoAuthor: vi.fn().mockReturnValue({ commit: true, pr: true, @@ -1600,3 +1601,37 @@ describe('ShellTool', () => { }); }); }); + +describe('parseDiffStat', () => { + it('parses text-diff lines as lines * 40', () => { + const out = ' src/main.ts | 5 ++---\n 1 file changed'; + expect(parseDiffStat(out).get('src/main.ts')).toBe(200); + }); + + it('parses binary-diff lines as |new - old| with a floor of 1', () => { + const out = + ' assets/logo.png | Bin 0 -> 1024 bytes\n' + + ' assets/icon.png | Bin 1024 -> 1024 bytes'; + const sizes = parseDiffStat(out); + expect(sizes.get('assets/logo.png')).toBe(1024); + // Same-size binary edit still lands in the map so attribution + // doesn't drop the file via diffSize=0. + expect(sizes.get('assets/icon.png')).toBe(1); + }); + + it('normalizes brace rename notation to the new path', () => { + const out = ' src/{old => new}/file.ts | 3 +++'; + expect([...parseDiffStat(out).keys()]).toEqual(['src/new/file.ts']); + }); + + it('normalizes bare cross-directory rename to the new path', () => { + const out = ' old/dir/file.ts => new/dir/file.ts | 2 +-'; + expect([...parseDiffStat(out).keys()]).toEqual(['new/dir/file.ts']); + }); + + it('skips the summary line', () => { + const out = + ' src/a.ts | 1 +\n 2 files changed, 1 insertion(+), 1 deletion(-)'; + expect(parseDiffStat(out).size).toBe(1); + }); +}); diff --git a/packages/core/src/tools/shell.ts b/packages/core/src/tools/shell.ts index 9360cb4ef97..c84713e4c79 100644 --- a/packages/core/src/tools/shell.ts +++ b/packages/core/src/tools/shell.ts @@ -86,6 +86,73 @@ function escapeForBashSingleQuote(s: string): string { return s.replace(/'/g, "'\\''"); } +/** + * Parse `git diff --stat` output into a `path → approximate change size` + * map for attribution accounting. Approximate size is what ends up + * clamping `aiChars` in the attribution payload, so missing entries + * silently zero out a file's contribution — meaning binary edits should + * land in the map too. + * + * Two line formats handled: + * - Text: ` path/to/file | 5 ++---` → `lines * 40` chars + * - Binary: ` path/to/file | Bin 0 -> 123 b` → `|new - old|` bytes (≥1) + * + * Rename notations (`{old => new}` and bare `old => new`) are normalized + * to the new path so lookups match `--name-only` output. + * + * Exported for unit testing — the function is otherwise an implementation + * detail of `attachCommitAttribution`. + */ +export function parseDiffStat(statOutput: string): Map { + const sizes = new Map(); + const lines = statOutput.split('\n').filter(Boolean); + + const normalizeFilePath = (filePath: string): string => { + let p = filePath.trim(); + // Brace rename: `{old => new}` or `dir/{old => new}/file` + p = p.replace(/\{[^}]*?=>\s*([^}]*)\}/g, '$1'); + // Bare rename across directories: `old/path/file => new/path/file` + if (p.includes('=>')) { + const m = p.match(/^(.*?)\s=>\s(.*)$/); + if (m) p = m[2]!.trim(); + } + return p; + }; + + for (const line of lines) { + // Skip summary line ("N files changed, X insertions(+), Y deletions(-)") + if (line.includes('file changed') || line.includes('files changed')) { + continue; + } + + // Text diff: " path/to/file | 5 ++---" + const textMatch = line.match(/^\s*(.+?)\s+\|\s+(\d+)/); + if (textMatch) { + const filePath = normalizeFilePath(textMatch[1]!); + const changes = parseInt(textMatch[2]!, 10); + // Approximate chars: lines changed * avg 40 chars/line + sizes.set(filePath, changes * 40); + continue; + } + + // Binary diff: " path/to/file | Bin 0 -> 123 bytes" + // Use the byte delta with a floor of 1 so binary-only changes still + // land in the map (otherwise they'd flow through as `diffSize=0` and + // silently drop out of attribution). + const binaryMatch = line.match( + /^\s*(.+?)\s+\|\s+Bin\s+(\d+)\s+->\s+(\d+)\s+bytes$/, + ); + if (binaryMatch) { + const filePath = normalizeFilePath(binaryMatch[1]!); + const oldBytes = parseInt(binaryMatch[2]!, 10); + const newBytes = parseInt(binaryMatch[3]!, 10); + sizes.set(filePath, Math.max(1, Math.abs(newBytes - oldBytes))); + } + } + + return sizes; +} + export const OUTPUT_UPDATE_INTERVAL_MS = 1000; const DEFAULT_FOREGROUND_TIMEOUT_MS = 120000; @@ -921,12 +988,15 @@ export class ShellToolInvocation extends BaseToolInvocation< // The commit already happened, so we diff HEAD~1..HEAD instead of --cached. const stagedInfo = await this.getCommittedFileInfo(cwd); - const generatorName = gitCoAuthorSettings.name ?? 'Qwen-Coder'; + // Pass the actual model name (e.g. `qwen3-coder-plus`) rather than the + // co-author display label so the note's `generator` field reflects + // which model produced the changes — and so generateNotePayload's + // sanitizeModelName() actually has the codename it's meant to scrub. const baseDir = this.config.getTargetDir(); const note = attributionService.generateNotePayload( stagedInfo, baseDir, - generatorName, + this.config.getModel(), ); const notesCommand = buildGitNotesCommand(note); @@ -1049,7 +1119,7 @@ export class ShellToolInvocation extends BaseToolInvocation< } // Get diff sizes from stat output - const diffSizes = this.parseDiffStat(statOutput); + const diffSizes = parseDiffStat(statOutput); return { files, diffSizes, deletedFiles }; } catch { @@ -1061,38 +1131,19 @@ export class ShellToolInvocation extends BaseToolInvocation< * Parse `git diff --stat` output to extract per-file change sizes. * Estimates character count as (insertions + deletions) * 40 chars/line. */ - private parseDiffStat(statOutput: string): Map { - const sizes = new Map(); - const lines = statOutput.split('\n').filter(Boolean); - - for (const line of lines) { - // Skip summary line ("N files changed, X insertions(+), Y deletions(-)") - if (line.includes('file changed') || line.includes('files changed')) { - continue; - } - // Format: " path/to/file | 5 ++---" - const match = line.match(/^\s*(.+?)\s+\|\s+(\d+)/); - if (match) { - let filePath = match[1]!.trim(); - // Handle rename brace notation: "{old => new}" or "dir/{old => new}". - // Extract the new name so the key matches --name-only output. - filePath = filePath.replace(/\{[^}]*?=>\s*([^}]*)\}/g, '$1'); - // Handle plain rename notation when the rename crosses directories: - // "old/path/file => new/path/file". Keep only the new path. - if (filePath.includes('=>')) { - const renameMatch = filePath.match(/^(.*?)\s=>\s(.*)$/); - if (renameMatch) { - filePath = renameMatch[2]!.trim(); - } - } - const changes = parseInt(match[2]!, 10); - // Approximate chars: lines changed * avg 40 chars/line - sizes.set(filePath, changes * 40); - } - } - - return sizes; - } + /** + * Parse `git diff --stat` output into a `path → approximate change size` + * map. Approximate size is what ends up clamping `aiChars` in the + * attribution payload, so missing entries silently zero out a file's + * contribution — meaning binary edits should land in the map too. + * + * Two line formats handled: + * - Text: ` path/to/file | 5 ++---` → `lines * 40` chars + * - Binary: ` path/to/file | Bin 0 -> 123 b` → `|new - old|` bytes (≥1) + * + * Rename notations (`{old => new}` and bare `old => new`) are normalized + * to the new path so lookups match `--name-only` output. + */ private addCoAuthorToGitCommit(command: string): string { // Check if commit co-author feature is enabled diff --git a/packages/vscode-ide-companion/schemas/settings.schema.json b/packages/vscode-ide-companion/schemas/settings.schema.json index 690f9247866..a9773db6b64 100644 --- a/packages/vscode-ide-companion/schemas/settings.schema.json +++ b/packages/vscode-ide-companion/schemas/settings.schema.json @@ -2048,7 +2048,7 @@ "$version": { "type": "number", "description": "Settings schema version for migration tracking.", - "default": 3 + "default": 4 } }, "additionalProperties": true diff --git a/scripts/generate-settings-schema.ts b/scripts/generate-settings-schema.ts index 3f22ade2054..3d21a065a75 100644 --- a/scripts/generate-settings-schema.ts +++ b/scripts/generate-settings-schema.ts @@ -25,6 +25,7 @@ import type { SettingsSchema, } from '../packages/cli/src/config/settingsSchema.js'; import { getSettingsSchema } from '../packages/cli/src/config/settingsSchema.js'; +import { SETTINGS_VERSION } from '../packages/cli/src/config/settings.js'; const __filename = fileURLToPath(import.meta.url); const __dirname = path.dirname(__filename); @@ -194,11 +195,12 @@ function generateJsonSchema( ); } - // Add $version property + // Add $version property — sourced from settings.ts so a SETTINGS_VERSION + // bump propagates here instead of needing a parallel manual edit. jsonSchema.properties!['$version'] = { type: 'number', description: 'Settings schema version for migration tracking.', - default: 3, + default: SETTINGS_VERSION, }; return jsonSchema; From ae68a4fe8a18c60e3af361bd5ad96b08701f700b Mon Sep 17 00:00:00 2001 From: wenshao Date: Fri, 1 May 2026 14:14:54 +0800 Subject: [PATCH 14/64] fix(attribution): repo-root baseDir, escape co-author trailer, switch to numstat Three Critical items called out by wenshao: - attachCommitAttribution was passing config.getTargetDir() as `baseDir` to generateNotePayload, but getCommittedFileInfo returns paths relative to `git rev-parse --show-toplevel`. When the working directory was a subdirectory of the repo, path.relative produced `../...` keys that never matched in the AI-attribution lookup, silently zeroing out attribution for every file outside getTargetDir. StagedFileInfo now carries an optional `repoRoot` (filled in by getCommittedFileInfo via `git rev-parse --show-toplevel`) and the caller prefers it over the target dir. - addCoAuthorToGitCommit interpolated `gitCoAuthorSettings.name` and `.email` into the rewritten command without escaping. A name containing `$()`, backticks, or `"` could be evaluated as command substitution under double quotes, or break the user-approved `git commit -m "..."` quoting. Now escapes per the surrounding quote style with the same helpers addAttributionToPR uses, gates on non-Windows for the same shell-quoting reason, and fixes the regex to accept `-m"msg"` shorthand (no space) so users who type the bash-shorthand form aren't silently denied a trailer. - parseDiffStat used `git diff --stat` output and approximated each line as ~40 chars by parsing a graphical text bar. Replaced with `git diff --numstat` which gives unambiguous integer additions+deletions per file; the heuristic remains but the parser is no longer fooled by the visual `++--` markers. Binary entries fall back to a fixed estimate so they still land in the map (rather than dropping out as diffSize=0). Suggestions also addressed: stale duplicate JSDoc on addCoAuthorToGitCommit removed, misleading `clearAttributions` comments rewritten to describe what the boolean argument actually does. Tests cover the new shorthand path, escape behavior, and numstat parsing (text/binary/rename/malformed). --- .../core/src/services/commitAttribution.ts | 10 + packages/core/src/tools/shell.test.ts | 120 +++++++++--- packages/core/src/tools/shell.ts | 178 ++++++++++-------- 3 files changed, 210 insertions(+), 98 deletions(-) diff --git a/packages/core/src/services/commitAttribution.ts b/packages/core/src/services/commitAttribution.ts index 2420ed3727f..97cdec21024 100644 --- a/packages/core/src/services/commitAttribution.ts +++ b/packages/core/src/services/commitAttribution.ts @@ -74,6 +74,16 @@ export interface StagedFileInfo { files: string[]; diffSizes: Map; deletedFiles: Set; + /** + * Absolute path of the repository root (`git rev-parse --show-toplevel`). + * Optional for backward compatibility with synthetic test inputs; + * production callers should set it so file paths in `files` (which are + * relative to the repo root) align with absolute paths tracked by the + * attribution service. When absent, callers may fall back to the + * configured target directory at the cost of zeroed-out attribution + * for files outside that directory. + */ + repoRoot?: string; } /** Serializable snapshot for session persistence. */ diff --git a/packages/core/src/tools/shell.test.ts b/packages/core/src/tools/shell.test.ts index 15677fb7340..f07f91cc04e 100644 --- a/packages/core/src/tools/shell.test.ts +++ b/packages/core/src/tools/shell.test.ts @@ -33,7 +33,7 @@ import * as fs from 'node:fs'; import * as os from 'node:os'; import * as crypto from 'node:crypto'; import { ToolErrorType } from './tool-error.js'; -import { OUTPUT_UPDATE_INTERVAL_MS, parseDiffStat } from './shell.js'; +import { OUTPUT_UPDATE_INTERVAL_MS, parseNumstat } from './shell.js'; import { createMockWorkspaceContext } from '../test-utils/mockWorkspaceContext.js'; import { PermissionManager } from '../permissions/permission-manager.js'; import { CommitAttributionService } from '../services/commitAttribution.js'; @@ -1131,6 +1131,77 @@ describe('ShellTool', () => { {}, ); }); + + // Bash accepts `-mfoo` as well as `-m foo`. The previous regex + // required at least one whitespace and silently no-op'd on the + // shorthand form, so users who used `git commit -m"msg"` got no + // co-author trailer. + it('should add co-author to git commit -m"msg" shorthand (no space)', async () => { + const command = 'git commit -m"Quick fix"'; + const invocation = shellTool.build({ command, is_background: false }); + const promise = invocation.execute(mockAbortSignal); + + resolveExecutionPromise({ + rawOutput: Buffer.from(''), + output: '', + exitCode: 0, + signal: null, + error: null, + aborted: false, + pid: 12345, + executionMethod: 'child_process', + }); + + await promise; + + expect(mockShellExecutionService).toHaveBeenCalledWith( + expect.stringContaining( + 'Co-authored-by: Qwen-Coder ', + ), + expect.any(String), + expect.any(Function), + expect.any(AbortSignal), + false, + {}, + ); + }); + + // Without escaping, a co-author name containing `$()`, backticks, + // or `"` would either break the user-approved `git commit` command + // or be evaluated as command substitution. + it('should escape shell metacharacters in name/email', async () => { + (mockConfig.getGitCoAuthor as Mock).mockReturnValue({ + commit: true, + pr: true, + name: 'Bot $(rm -rf /) `eval` "danger"', + email: 'bot@example.com', + }); + + const command = 'git commit -m "msg"'; + const invocation = shellTool.build({ command, is_background: false }); + const promise = invocation.execute(mockAbortSignal); + + resolveExecutionPromise({ + rawOutput: Buffer.from(''), + output: '', + exitCode: 0, + signal: null, + error: null, + aborted: false, + pid: 12345, + executionMethod: 'child_process', + }); + + await promise; + + const observedCmd = mockShellExecutionService.mock.calls[0][0]; + // Each metacharacter must be escaped, not literal. + expect(observedCmd).toContain('\\$'); + expect(observedCmd).toContain('\\`'); + expect(observedCmd).toContain('\\"'); + // The `-m "..."` quote pair must stay closed. + expect(observedCmd).toMatch(/-m\s+".+"/s); + }); }); describe('addAttributionToPR', () => { @@ -1602,36 +1673,41 @@ describe('ShellTool', () => { }); }); -describe('parseDiffStat', () => { - it('parses text-diff lines as lines * 40', () => { - const out = ' src/main.ts | 5 ++---\n 1 file changed'; - expect(parseDiffStat(out).get('src/main.ts')).toBe(200); +describe('parseNumstat', () => { + it('parses text-diff entries as (additions + deletions) * 40', () => { + // Format: "\t\t" + const out = '2\t3\tsrc/main.ts'; + expect(parseNumstat(out).get('src/main.ts')).toBe(200); }); - it('parses binary-diff lines as |new - old| with a floor of 1', () => { - const out = - ' assets/logo.png | Bin 0 -> 1024 bytes\n' + - ' assets/icon.png | Bin 1024 -> 1024 bytes'; - const sizes = parseDiffStat(out); - expect(sizes.get('assets/logo.png')).toBe(1024); - // Same-size binary edit still lands in the map so attribution - // doesn't drop the file via diffSize=0. - expect(sizes.get('assets/icon.png')).toBe(1); + it('uses a fixed fallback for binary entries (- - path)', () => { + const out = ['-\t-\tassets/logo.png', '5\t0\tsrc/main.ts'].join('\n'); + const sizes = parseNumstat(out); + // Binary file still lands in the map so attribution doesn't drop + // it via diffSize=0; exact size doesn't matter, the constant just + // needs to be > 0. + expect(sizes.get('assets/logo.png')).toBeGreaterThan(0); + expect(sizes.get('src/main.ts')).toBe(200); }); it('normalizes brace rename notation to the new path', () => { - const out = ' src/{old => new}/file.ts | 3 +++'; - expect([...parseDiffStat(out).keys()]).toEqual(['src/new/file.ts']); + const out = '3\t1\tsrc/{old => new}/file.ts'; + expect([...parseNumstat(out).keys()]).toEqual(['src/new/file.ts']); }); it('normalizes bare cross-directory rename to the new path', () => { - const out = ' old/dir/file.ts => new/dir/file.ts | 2 +-'; - expect([...parseDiffStat(out).keys()]).toEqual(['new/dir/file.ts']); + const out = '1\t1\told/dir/file.ts => new/dir/file.ts'; + expect([...parseNumstat(out).keys()]).toEqual(['new/dir/file.ts']); }); - it('skips the summary line', () => { - const out = - ' src/a.ts | 1 +\n 2 files changed, 1 insertion(+), 1 deletion(-)'; - expect(parseDiffStat(out).size).toBe(1); + it('ignores malformed lines instead of crashing', () => { + const out = [ + '', + 'garbage line', + '5\t2\tsrc/ok.ts', + 'a\tb\tsrc/bad.ts', + ].join('\n'); + const sizes = parseNumstat(out); + expect([...sizes.keys()]).toEqual(['src/ok.ts']); }); }); diff --git a/packages/core/src/tools/shell.ts b/packages/core/src/tools/shell.ts index c84713e4c79..1c0cb76fc5b 100644 --- a/packages/core/src/tools/shell.ts +++ b/packages/core/src/tools/shell.ts @@ -86,26 +86,40 @@ function escapeForBashSingleQuote(s: string): string { return s.replace(/'/g, "'\\''"); } +/** Approximate characters per text line for the diff-size estimate. */ +const APPROX_CHARS_PER_LINE = 40; +/** Fallback char estimate when --numstat reports `-` (binary file). */ +const BINARY_DIFF_SIZE_FALLBACK = 1024; + /** - * Parse `git diff --stat` output into a `path → approximate change size` - * map for attribution accounting. Approximate size is what ends up - * clamping `aiChars` in the attribution payload, so missing entries - * silently zero out a file's contribution — meaning binary edits should - * land in the map too. + * Parse `git diff --numstat` output into a `path → approximate change + * size` map for attribution accounting. The result feeds in as the + * denominator clamp for `aiChars`, so missing entries would silently + * drop a file from attribution — every changed file must land in the + * map. + * + * `--numstat` is preferred over `--stat` because the columns are exact + * integers (no graphical bars to parse). Each line is: + * `\t\t` + * For binary files, both counts are `-`; we fall back to a fixed + * estimate so binary-only changes still get a non-zero entry. * - * Two line formats handled: - * - Text: ` path/to/file | 5 ++---` → `lines * 40` chars - * - Binary: ` path/to/file | Bin 0 -> 123 b` → `|new - old|` bytes (≥1) + * The `(adds + dels) * 40` figure remains a heuristic — git diff has no + * cheap way to surface exact character counts. The clamp in + * `generateNotePayload` keeps the math consistent (aiChars never + * exceeds diffSize), so the heuristic drives the precision of the + * percentage but cannot make `aiChars + humanChars` diverge from + * `diffSize`. * - * Rename notations (`{old => new}` and bare `old => new`) are normalized - * to the new path so lookups match `--name-only` output. + * Rename notations (`{old => new}` and bare `old => new`) are + * normalized to the new path so lookups match `--name-only` output. * - * Exported for unit testing — the function is otherwise an implementation - * detail of `attachCommitAttribution`. + * Exported for unit testing — the function is otherwise an + * implementation detail of `attachCommitAttribution`. */ -export function parseDiffStat(statOutput: string): Map { +export function parseNumstat(numstatOutput: string): Map { const sizes = new Map(); - const lines = statOutput.split('\n').filter(Boolean); + const lines = numstatOutput.split('\n').filter(Boolean); const normalizeFilePath = (filePath: string): string => { let p = filePath.trim(); @@ -120,34 +134,22 @@ export function parseDiffStat(statOutput: string): Map { }; for (const line of lines) { - // Skip summary line ("N files changed, X insertions(+), Y deletions(-)") - if (line.includes('file changed') || line.includes('files changed')) { - continue; - } - - // Text diff: " path/to/file | 5 ++---" - const textMatch = line.match(/^\s*(.+?)\s+\|\s+(\d+)/); - if (textMatch) { - const filePath = normalizeFilePath(textMatch[1]!); - const changes = parseInt(textMatch[2]!, 10); - // Approximate chars: lines changed * avg 40 chars/line - sizes.set(filePath, changes * 40); + // Format: "\t\t" — a literal "-" stands + // in for both counts on binary entries. + const m = line.match(/^([\d-]+)\t([\d-]+)\t(.+)$/); + if (!m) continue; + const filePath = normalizeFilePath(m[3]!); + if (m[1] === '-' && m[2] === '-') { + // Binary file: numstat omits exact counts. Fall back to a fixed + // estimate so the entry isn't missing entirely (which would zero + // out attribution for the file). + sizes.set(filePath, BINARY_DIFF_SIZE_FALLBACK); continue; } - - // Binary diff: " path/to/file | Bin 0 -> 123 bytes" - // Use the byte delta with a floor of 1 so binary-only changes still - // land in the map (otherwise they'd flow through as `diffSize=0` and - // silently drop out of attribution). - const binaryMatch = line.match( - /^\s*(.+?)\s+\|\s+Bin\s+(\d+)\s+->\s+(\d+)\s+bytes$/, - ); - if (binaryMatch) { - const filePath = normalizeFilePath(binaryMatch[1]!); - const oldBytes = parseInt(binaryMatch[2]!, 10); - const newBytes = parseInt(binaryMatch[3]!, 10); - sizes.set(filePath, Math.max(1, Math.abs(newBytes - oldBytes))); - } + const adds = parseInt(m[1]!, 10); + const dels = parseInt(m[2]!, 10); + if (Number.isNaN(adds) || Number.isNaN(dels)) continue; + sizes.set(filePath, (adds + dels) * APPROX_CHARS_PER_LINE); } return sizes; @@ -970,15 +972,20 @@ export class ShellToolInvocation extends BaseToolInvocation< const commitCreated = postHead !== null && postHead !== preHead; if (!commitCreated) { // No new commit landed (nothing staged, hook rejected, or user - // reset right after). Reset prompt counters so the next attempt - // starts clean. + // reset right after). Drop the per-file attributions but keep the + // "since last commit" prompt counters intact — the user's next + // attempt should still credit prompts that happened during this + // failed try. attributionService.clearAttributions(false); return; } const gitCoAuthorSettings = this.config.getGitCoAuthor(); if (!gitCoAuthorSettings.commit) { - // Commit succeeded but attribution disabled — still reset prompt counters + // Commit succeeded but attribution is disabled. Still snapshot + // the prompt counters as "at last commit" so the next commit + // starts a fresh window — otherwise the user would carry stale + // counts forward forever. attributionService.clearAttributions(true); return; } @@ -992,7 +999,11 @@ export class ShellToolInvocation extends BaseToolInvocation< // co-author display label so the note's `generator` field reflects // which model produced the changes — and so generateNotePayload's // sanitizeModelName() actually has the codename it's meant to scrub. - const baseDir = this.config.getTargetDir(); + // The base directory must be the git repo root: getCommittedFileInfo + // returns paths relative to `git rev-parse --show-toplevel`, and any + // mismatch here would cause path.relative to produce `../...` keys + // that never match in the AI-attribution lookup. + const baseDir = stagedInfo.repoRoot ?? this.config.getTargetDir(); const note = attributionService.generateNotePayload( stagedInfo, baseDir, @@ -1082,16 +1093,23 @@ export class ShellToolInvocation extends BaseToolInvocation< // a safe fallback that diffs against the empty tree. const hasParent = (await runGit('rev-parse --verify HEAD~1')).length > 0; + // Capture the repo root so the attribution service can reconcile + // paths from `git diff` (relative to the toplevel) against absolute + // paths recorded by the edit/write tools. Using the configured + // target directory as base would zero out attribution for any file + // outside it. + const repoRoot = (await runGit('rev-parse --show-toplevel')).trim(); + // Get changed file names. // For the initial commit (no parent), use diff-tree --root since // `git diff --root` is not a valid option for porcelain diff. let nameOutput: string; let statusOutput: string; - let statOutput: string; + let numstatOutput: string; if (hasParent) { nameOutput = await runGit('diff --name-only HEAD~1 HEAD'); statusOutput = await runGit('diff --name-status HEAD~1 HEAD'); - statOutput = await runGit('diff --stat HEAD~1 HEAD'); + numstatOutput = await runGit('diff --numstat HEAD~1 HEAD'); } else { nameOutput = await runGit( 'diff-tree --root --no-commit-id -r --name-only HEAD', @@ -1099,8 +1117,8 @@ export class ShellToolInvocation extends BaseToolInvocation< statusOutput = await runGit( 'diff-tree --root --no-commit-id -r --name-status HEAD', ); - statOutput = await runGit( - 'diff-tree --root --no-commit-id -r --stat HEAD', + numstatOutput = await runGit( + 'diff-tree --root --no-commit-id -r --numstat HEAD', ); } @@ -1118,33 +1136,26 @@ export class ShellToolInvocation extends BaseToolInvocation< } } - // Get diff sizes from stat output - const diffSizes = parseDiffStat(statOutput); + // Get diff sizes from numstat output + const diffSizes = parseNumstat(numstatOutput); - return { files, diffSizes, deletedFiles }; + return { + files, + diffSizes, + deletedFiles, + repoRoot: repoRoot.length > 0 ? repoRoot : undefined, + }; } catch { return empty; } } /** - * Parse `git diff --stat` output to extract per-file change sizes. - * Estimates character count as (insertions + deletions) * 40 chars/line. + * Append a configured `Co-authored-by:` trailer to `git commit` + * commands when the commit co-author feature is enabled. No-op for + * commands that don't carry an inline `-m`/`-am` message (those open + * an editor, which we don't try to rewrite). */ - /** - * Parse `git diff --stat` output into a `path → approximate change size` - * map. Approximate size is what ends up clamping `aiChars` in the - * attribution payload, so missing entries silently zero out a file's - * contribution — meaning binary edits should land in the map too. - * - * Two line formats handled: - * - Text: ` path/to/file | 5 ++---` → `lines * 40` chars - * - Binary: ` path/to/file | Bin 0 -> 123 b` → `|new - old|` bytes (≥1) - * - * Rename notations (`{old => new}` and bare `old => new`) are normalized - * to the new path so lookups match `--name-only` output. - */ - private addCoAuthorToGitCommit(command: string): string { // Check if commit co-author feature is enabled const gitCoAuthorSettings = this.config.getGitCoAuthor(); @@ -1153,35 +1164,50 @@ export class ShellToolInvocation extends BaseToolInvocation< return command; } + // Same Windows guard as addAttributionToPR — bash escaping is wrong + // for cmd/PowerShell. The trailer goes inside `-m "..."` quotes too, + // so the same risk of `$()`/backtick interpolation applies. + if (os.platform() === 'win32') { + return command; + } + // Check if this is a git commit command (anywhere in the command, e.g., after "cd /path &&") const gitCommitPattern = /\bgit\s+commit\b/; if (!gitCommitPattern.test(command)) { return command; } - // Define the co-author line using configuration - const coAuthor = ` - -Co-authored-by: ${gitCoAuthorSettings.name} <${gitCoAuthorSettings.email}>`; - // Handle different git commit patterns: // Match -m "message" or -m 'message', including combined flags like -am - // Use separate patterns to avoid ReDoS (catastrophic backtracking) + // Use separate patterns to avoid ReDoS (catastrophic backtracking). + // The regex tolerates `-m"msg"` shorthand (no space) — bash accepts + // both `-m foo` and `-mfoo`, and we shouldn't silently skip the + // shorthand form. // // Pattern breakdown: // -[a-zA-Z]*m matches -m, -am, -nm, etc. (combined short flags) - // \s+ matches whitespace after the flag + // \s* matches optional whitespace after the flag // [^"\\] matches any char except double-quote and backslash // \\. matches escape sequences like \" or \\ // (?:...|...)* matches normal chars or escapes, repeated - const doubleQuotePattern = /(-[a-zA-Z]*m\s+)"((?:[^"\\]|\\.)*)"/; + const doubleQuotePattern = /(-[a-zA-Z]*m\s*)"((?:[^"\\]|\\.)*)"/; // Single quotes in bash have no escape mechanism — match until next ' - const singleQuotePattern = /(-[a-zA-Z]*m\s+)'([^']*)'/; + const singleQuotePattern = /(-[a-zA-Z]*m\s*)'([^']*)'/; const doubleMatch = command.match(doubleQuotePattern); const singleMatch = command.match(singleQuotePattern); const match = doubleMatch ?? singleMatch; const quote = doubleMatch ? '"' : "'"; + // Escape the configured name/email for the surrounding quote style. + // Without this, a name like `Bot $(rm -rf /)` would be evaluated as + // command substitution when the shell parses the rewritten command. + const escape = doubleMatch + ? escapeForBashDoubleQuote + : escapeForBashSingleQuote; + const escapedName = escape(gitCoAuthorSettings.name ?? ''); + const escapedEmail = escape(gitCoAuthorSettings.email ?? ''); + const coAuthor = `\n\nCo-authored-by: ${escapedName} <${escapedEmail}>`; + if (match) { const [fullMatch, prefix, existingMessage] = match; const newMessage = existingMessage + coAuthor; From 9def2b62cb65f5bcb3ae579fe3fcdcd6f5c24e11 Mon Sep 17 00:00:00 2001 From: wenshao Date: Fri, 1 May 2026 16:51:34 +0800 Subject: [PATCH 15/64] fix(shell): shell-aware git-commit detection and apostrophe-escape handling MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Two more Critical items called out by wenshao plus the matching Copilot quote-handling notes: - attachCommitAttribution and addCoAuthorToGitCommit now go through a shell-aware `looksLikeGitCommit` helper instead of a raw `\bgit\s+commit\b` regex. The helper splits the command on shell separators (`splitCommands`) and checks each segment, so `echo "git commit"` no longer triggers attribution clearing or trailer injection. The same helper bails on any segment that contains `cd` or `git -C `, since either could redirect the commit into a different repo than our cwd — writing notes or capturing HEAD there would corrupt unrelated state. - The post-command attribution call now runs regardless of whether the shell wrapper aborted. `git commit -m "x" && sleep 999` could move HEAD and then time out, leaving the new commit without its attribution note while the stale per-file attribution stayed around for a later unrelated commit. attachCommitAttribution still gates on HEAD movement, so it's a no-op when no commit was actually created. - The `-m '...'` and `--body '...'` regexes used to match only the first quote segment, so a command like `git commit -m 'don'\''t'` (bash's standard apostrophe-escape form) would have the trailer spliced mid-message and break the command's quoting. The single- quote patterns now use a negative lookahead / inner alternation to either skip those messages entirely (commit path) or match the whole escape-aware body (PR path). Tests cover the new behavior: quoted "git commit" is left alone, the `cd && git commit` and `git -C` patterns get no trailer, and the apostrophe-escape form passes through unchanged for both `-m` and `--body`. --- packages/core/src/tools/shell.test.ts | 129 +++++++++++++++++++++++++- packages/core/src/tools/shell.ts | 98 ++++++++++++++----- 2 files changed, 200 insertions(+), 27 deletions(-) diff --git a/packages/core/src/tools/shell.test.ts b/packages/core/src/tools/shell.test.ts index f07f91cc04e..9cbc644920f 100644 --- a/packages/core/src/tools/shell.test.ts +++ b/packages/core/src/tools/shell.test.ts @@ -1069,7 +1069,12 @@ describe('ShellTool', () => { ); }); - it('should add co-author when git commit is prefixed with cd command', async () => { + // `cd /elsewhere && git commit` could be redirecting the commit + // into a different repo than our cwd. We can't take a meaningful + // pre-HEAD snapshot or write notes to the right place without + // resolving the cd target, so we conservatively skip the + // co-author rewrite altogether. + it('should NOT add co-author when git commit is preceded by cd', async () => { const command = 'cd /tmp/test && git commit -m "Test commit"'; const invocation = shellTool.build({ command, is_background: false }); const promise = invocation.execute(mockAbortSignal); @@ -1088,9 +1093,7 @@ describe('ShellTool', () => { await promise; expect(mockShellExecutionService).toHaveBeenCalledWith( - expect.stringContaining( - 'Co-authored-by: Qwen-Coder ', - ), + expect.not.stringContaining('Co-authored-by:'), expect.any(String), expect.any(Function), expect.any(AbortSignal), @@ -1099,6 +1102,93 @@ describe('ShellTool', () => { ); }); + // `git -C commit` runs in , not our cwd — same risk + // as the cd case, so the rewrite should be skipped. + it('should NOT add co-author for git -C commit', async () => { + const command = 'git -C /tmp/other commit -m "Other repo"'; + const invocation = shellTool.build({ command, is_background: false }); + const promise = invocation.execute(mockAbortSignal); + + resolveExecutionPromise({ + rawOutput: Buffer.from(''), + output: '', + exitCode: 0, + signal: null, + error: null, + aborted: false, + pid: 12345, + executionMethod: 'child_process', + }); + + await promise; + + expect(mockShellExecutionService).toHaveBeenCalledWith( + expect.not.stringContaining('Co-authored-by:'), + expect.any(String), + expect.any(Function), + expect.any(AbortSignal), + false, + {}, + ); + }); + + // Quoted "git commit" should not look like an executed commit. + it('should NOT add co-author when git commit appears only inside quoted text', async () => { + const command = 'echo "git commit -m foo"'; + const invocation = shellTool.build({ command, is_background: false }); + const promise = invocation.execute(mockAbortSignal); + + resolveExecutionPromise({ + rawOutput: Buffer.from(''), + output: '', + exitCode: 0, + signal: null, + error: null, + aborted: false, + pid: 12345, + executionMethod: 'child_process', + }); + + await promise; + + expect(mockShellExecutionService).toHaveBeenCalledWith( + expect.not.stringContaining('Co-authored-by:'), + expect.any(String), + expect.any(Function), + expect.any(AbortSignal), + false, + {}, + ); + }); + + // Bash's apostrophe-via-`'\''` form needs to be left alone — a + // naive single-quote rewrite would mid-insert the trailer and + // break the command's quoting. + it("should leave -m 'don'\\''t' (apostrophe-escape form) unrewritten", async () => { + const command = "git commit -m 'don'\\''t'"; + const invocation = shellTool.build({ command, is_background: false }); + const promise = invocation.execute(mockAbortSignal); + + resolveExecutionPromise({ + rawOutput: Buffer.from(''), + output: '', + exitCode: 0, + signal: null, + error: null, + aborted: false, + pid: 12345, + executionMethod: 'child_process', + }); + + await promise; + + const observed = mockShellExecutionService.mock.calls[0][0]; + // The original command must be passed through unchanged. + expect(observed).toContain("'don'\\''t'"); + // No trailer was injected mid-quote. + expect(observed).not.toContain('Co-authored-by:'); + }); + it('should add co-author to git commit with multi-line message', async () => { const command = `git commit -m "Fix bug @@ -1343,6 +1433,37 @@ describe('ShellTool', () => { // The bash close-escape-reopen trick yields `'\''` in place of `'`. expect(observedCmd).toContain("O'\\''Brien-Bot"); }); + + // A body that already uses bash's `'\''` apostrophe-escape form + // should be matched as a single complete argument so the trailer + // appends after the full body, not after the first quote-segment. + it("should match the full body across '\\\\'' apostrophe escapes", async () => { + const command = "gh pr create --title 'x' --body 'don'\\''t break me'"; + const invocation = shellTool.build({ command, is_background: false }); + const promise = invocation.execute(mockAbortSignal); + + resolveExecutionPromise({ + rawOutput: Buffer.from(''), + output: '', + exitCode: 0, + signal: null, + error: null, + aborted: false, + pid: 12345, + executionMethod: 'child_process', + }); + + await promise; + + const observed = mockShellExecutionService.mock.calls[0][0]; + // The original body content is preserved end-to-end. + expect(observed).toContain("don'\\''t break me"); + // The attribution lands AFTER the original body, not in the + // middle of it. + expect(observed).toMatch( + /don'\\''t break me[\s\S]*Generated with Qwen Code/, + ); + }); }); }); diff --git a/packages/core/src/tools/shell.ts b/packages/core/src/tools/shell.ts index 1c0cb76fc5b..c0fe42c156e 100644 --- a/packages/core/src/tools/shell.ts +++ b/packages/core/src/tools/shell.ts @@ -86,6 +86,39 @@ function escapeForBashSingleQuote(s: string): string { return s.replace(/'/g, "'\\''"); } +/** + * Detect whether `command` actually executes `git commit` in the + * tool's initial cwd — e.g. `git commit -m "x"` or + * `git status && git commit -m "x"` — without being fooled by: + * + * - Quoted text such as `echo "git commit"` (uses `splitCommands` to + * tokenise on shell separators outside quotes). + * - A preceding `cd /elsewhere` or `git -C /elsewhere commit` that + * would point HEAD lookups at a different repo. Attribution + * metadata in that case would land in the wrong repo, so we + * conservatively report "no" and skip attribution. + */ +function looksLikeGitCommit(command: string): boolean { + let sawGitCommit = false; + for (const sub of splitCommands(command)) { + const trimmed = sub.trim(); + if (/^cd\b/.test(trimmed)) { + // A cd anywhere in the chain might redirect a later `git commit` + // into a different repo. Bailing is conservative but avoids + // writing a note to the wrong place. + return false; + } + if (/^git\s+-C\b/.test(trimmed)) { + // `git -C commit ...` runs in , not our cwd. + return false; + } + if (/^git\s+commit\b/.test(trimmed)) { + sawGitCommit = true; + } + } + return sawGitCommit; +} + /** Approximate characters per text line for the diff-size estimate. */ const APPROX_CHARS_PER_LINE = 40; /** Fallback char estimate when --numstat reports `-` (binary file). */ @@ -549,12 +582,16 @@ export class ShellToolInvocation extends BaseToolInvocation< // Snapshot HEAD before running so attachCommitAttribution can detect // commit creation by HEAD movement instead of trusting the shell - // exit code (which is unreliable for compound commands). Kick the - // lookup off concurrently so we don't block ShellExecutionService. - // `git rev-parse HEAD` is a few fs reads (low ms) while a real - // `git commit` always takes longer, so the snapshot effectively - // resolves before the user's command can move HEAD. - const isGitCommitCommand = /\bgit\s+commit\b/.test(strippedCommand); + // exit code (which is unreliable for compound commands). + // + // The lookup is started concurrently so we don't block + // ShellExecutionService — `git rev-parse HEAD` is a few fs reads + // (low ms) while a real `git commit` involves staging, hooks, and + // object writes (50ms+), so in practice the snapshot resolves + // well before the user's command can move HEAD. Using + // `looksLikeGitCommit` (shell-aware splitter) instead of a raw + // regex avoids triggering on quoted text like `echo "git commit"`. + const isGitCommitCommand = looksLikeGitCommit(strippedCommand); const preHeadPromise: Promise = isGitCommitCommand ? this.getGitHead(cwd) : Promise.resolve(null); @@ -666,14 +703,6 @@ export class ShellToolInvocation extends BaseToolInvocation< ? result.error.message.replace(commandToExecute, this.params.command) : '(none)'; - // After a git commit (whether or not it was the final command in a - // compound), attach AI attribution as a git note. The helper - // detects commit creation by HEAD movement, not exit code, so a - // `git commit && npm test` chain that fails on `npm test` still - // gets attribution for the successful commit. - const preHead = await preHeadPromise; - await this.attachCommitAttribution(strippedCommand, cwd, preHead); - llmContent = [ `Command: ${this.params.command}`, `Directory: ${this.params.directory || '(root)'}`, @@ -685,6 +714,17 @@ export class ShellToolInvocation extends BaseToolInvocation< ].join('\n'); } + // Run attribution outside the aborted/non-aborted branch: a + // `git commit -m "x" && sleep 999` chain can move HEAD and then + // time out, leaving the new commit without its attribution note + // while the stale per-file attribution stays around for a later + // unrelated commit. attachCommitAttribution already gates on HEAD + // movement, so it's a no-op when no commit was actually created. + if (isGitCommitCommand) { + const preHead = await preHeadPromise; + await this.attachCommitAttribution(strippedCommand, cwd, preHead); + } + let returnDisplayMessage = ''; if (this.config.getDebugMode()) { returnDisplayMessage = llmContent; @@ -958,8 +998,10 @@ export class ShellToolInvocation extends BaseToolInvocation< cwd: string, preHead: string | null, ): Promise { - const gitCommitPattern = /\bgit\s+commit\b/; - if (!gitCommitPattern.test(command)) { + // Shell-aware detection — a raw regex would falsely match quoted + // text such as `echo "git commit"` and clear pending attributions + // even though no commit ever ran. + if (!looksLikeGitCommit(command)) { return; } @@ -1171,9 +1213,10 @@ export class ShellToolInvocation extends BaseToolInvocation< return command; } - // Check if this is a git commit command (anywhere in the command, e.g., after "cd /path &&") - const gitCommitPattern = /\bgit\s+commit\b/; - if (!gitCommitPattern.test(command)) { + // Shell-aware detection — a raw regex would falsely match quoted + // text such as `echo "git commit"` and hand a corrupted command + // (with the trailer mid-string) back to the executor. + if (!looksLikeGitCommit(command)) { return command; } @@ -1191,8 +1234,13 @@ export class ShellToolInvocation extends BaseToolInvocation< // \\. matches escape sequences like \" or \\ // (?:...|...)* matches normal chars or escapes, repeated const doubleQuotePattern = /(-[a-zA-Z]*m\s*)"((?:[^"\\]|\\.)*)"/; - // Single quotes in bash have no escape mechanism — match until next ' - const singleQuotePattern = /(-[a-zA-Z]*m\s*)'([^']*)'/; + // Bash single quotes can't be escaped, so apostrophes inside a + // single-quoted message use the close-escape-reopen form `'\''` + // (e.g. `git commit -m 'don'\''t'`). The negative lookahead leaves + // those alone — rewriting them correctly needs a real shell parser + // and a wrong rewrite would mid-insert the trailer and break the + // command's quoting. + const singleQuotePattern = /(-[a-zA-Z]*m\s*)'([^']*)'(?!\\'')/; const doubleMatch = command.match(doubleQuotePattern); const singleMatch = command.match(singleQuotePattern); const match = doubleMatch ?? singleMatch; @@ -1268,8 +1316,12 @@ export class ShellToolInvocation extends BaseToolInvocation< // Append to --body "..." or --body '...' const bodyDoublePattern = /(--body\s+)"((?:[^"\\]|\\.)*)"/; - // Single quotes in bash have no escape mechanism — match until next ' - const bodySinglePattern = /(--body\s+)'([^']*)'/; + // Bash apostrophes inside a single-quoted body use the + // close-escape-reopen form `'\''`. The inner alternation matches + // either a non-apostrophe character or that escape sequence as a + // whole, so the trailer lands at the true end of the body rather + // than after only the first quoted segment. + const bodySinglePattern = /(--body\s+)'((?:[^']|'\\'')*)'/; const bodyDoubleMatch = command.match(bodyDoublePattern); const bodySingleMatch = command.match(bodySinglePattern); const bodyMatch = bodyDoubleMatch ?? bodySingleMatch; From 10676dcebfe177f81e8fdd87a9c0d0a02d2c6203 Mon Sep 17 00:00:00 2001 From: wenshao Date: Fri, 1 May 2026 16:52:43 +0800 Subject: [PATCH 16/64] fix(attribution): drop magic 100 fallback for empty deletions MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Deleted files with no AI tracking now use diffSize directly. With numstat as the input source, diffSize is an exact count, and an empty-file deletion legitimately reports zero — a magic fallback would only inflate totals. --- packages/core/src/services/commitAttribution.ts | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/packages/core/src/services/commitAttribution.ts b/packages/core/src/services/commitAttribution.ts index 97cdec21024..5f6a58110fa 100644 --- a/packages/core/src/services/commitAttribution.ts +++ b/packages/core/src/services/commitAttribution.ts @@ -389,8 +389,12 @@ export class CommitAttributionService { aiChars = Math.min(tracked.aiContribution, diffSize); humanChars = Math.max(0, diffSize - aiChars); } else if (isDeleted) { + // Deleted files with no AI tracking are attributed entirely to + // the human. diffSize comes from `git diff --numstat` so empty + // deletions legitimately have diffSize=0 — a magic fallback + // would only inflate totals. aiChars = 0; - humanChars = diffSize > 0 ? diffSize : 100; + humanChars = diffSize; } else { aiChars = 0; humanChars = diffSize; From 31bddbcc129916aaa3dc0d22450f0164eec84f32 Mon Sep 17 00:00:00 2001 From: wenshao Date: Fri, 1 May 2026 17:06:42 +0800 Subject: [PATCH 17/64] fix(shell): broaden git-commit detection, gate background, drop dead helpers MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Five Copilot follow-ups: - looksLikeGitCommit now strips leading env-var assignments (`GIT_COMMITTER_DATE=now git commit ...`) and a small allowlist of safe wrappers (`sudo`, `command`) before matching. The previous exact-prefix match silently skipped trailer injection on common real-world commit forms. - A new looksLikeGhPrCreate (same shell-aware shape) replaces the raw `\bgh\s+pr\s+create\b` regex in addAttributionToPR, so quoted text like `echo "gh pr create --body \"x\""` no longer triggers a command-string rewrite. - executeBackground refuses to run `git commit` and tells the user to re-run foreground. The BackgroundShellRegistry lifecycle has no hook for the post-command pre/post-HEAD comparison or git-notes write, so allowing the commit through would create the new commit without notes and leak stale per-file attribution into the next foreground commit. - recordDeletion was unused outside its own test — removed (and the test). When AI-driven deletions need tracking we'll add it with an actual integration point rather than carrying dead API surface. - generatePRAttribution was likewise unused; addAttributionToPR builds the trailer string inline. The two formats had already diverged. Removed the helper and its tests; reviving from git history is straightforward if a future caller needs it. Tests: env-var and sudo prefixes now produce trailers; quoted "gh pr create" leaves the command unchanged; existing 81 shell tests still pass alongside the trimmed 25 commitAttribution tests. --- .../src/services/commitAttribution.test.ts | 32 ------- .../core/src/services/commitAttribution.ts | 36 -------- packages/core/src/tools/shell.test.ts | 87 +++++++++++++++++++ packages/core/src/tools/shell.ts | 87 +++++++++++++++++-- 4 files changed, 166 insertions(+), 76 deletions(-) diff --git a/packages/core/src/services/commitAttribution.test.ts b/packages/core/src/services/commitAttribution.test.ts index 435838f6560..80807f6ed35 100644 --- a/packages/core/src/services/commitAttribution.test.ts +++ b/packages/core/src/services/commitAttribution.test.ts @@ -102,14 +102,6 @@ describe('CommitAttributionService', () => { expect(service.getFileAttribution('/project/f.ts')!.aiContribution).toBe(6); }); - it('should record deletions', () => { - const service = CommitAttributionService.getInstance(); - service.recordDeletion('/project/old.ts', 500); - expect(service.getFileAttribution('/project/old.ts')!.aiContribution).toBe( - 500, - ); - }); - it('should save session baseline on first edit', () => { const service = CommitAttributionService.getInstance(); service.recordEdit('/project/f.ts', 'original content', 'new content'); @@ -290,28 +282,4 @@ describe('CommitAttributionService', () => { expect(note.summary.aiChars).toBe(40); }); }); - - describe('generatePRAttribution', () => { - it('should generate enhanced PR attribution text', () => { - const service = CommitAttributionService.getInstance(); - service.recordEdit('/project/src/main.ts', '', 'x'.repeat(200)); - service.incrementPromptCount(); - service.incrementPromptCount(); - service.incrementPromptCount(); - - const staged = makeStagedInfo(['src/main.ts'], { 'src/main.ts': 200 }); - const text = service.generatePRAttribution(staged, '/project'); - - expect(text).toContain('🤖 Generated with Qwen Code'); - expect(text).toContain('3-shotted'); - expect(text).toContain('Qwen-Coder'); - }); - - it('should return default text when no data', () => { - const service = CommitAttributionService.getInstance(); - const staged = makeStagedInfo([], {}); - const text = service.generatePRAttribution(staged, '/project'); - expect(text).toBe('🤖 Generated with Qwen Code'); - }); - }); }); diff --git a/packages/core/src/services/commitAttribution.ts b/packages/core/src/services/commitAttribution.ts index 5f6a58110fa..fe5f556e0de 100644 --- a/packages/core/src/services/commitAttribution.ts +++ b/packages/core/src/services/commitAttribution.ts @@ -211,17 +211,6 @@ export class CommitAttributionService { this.fileAttributions.set(filePath, existing); } - /** Record an AI file deletion. */ - recordDeletion(filePath: string, deletedContentLength: number): void { - const existing = this.fileAttributions.get(filePath) || { - aiContribution: 0, - aiCreated: false, - contentHash: '', - }; - existing.aiContribution += deletedContentLength; - this.fileAttributions.set(filePath, existing); - } - // ----------------------------------------------------------------------- // Prompt / permission counting // ----------------------------------------------------------------------- @@ -442,31 +431,6 @@ export class CommitAttributionService { promptCount: this.getPromptsSinceLastCommit(), }; } - - // ----------------------------------------------------------------------- - // PR attribution text - // ----------------------------------------------------------------------- - - /** - * Generate enhanced PR attribution text. - * Format: "🤖 Generated with Qwen Code (85% 3-shotted by Qwen-Coder)" - */ - generatePRAttribution( - stagedInfo: StagedFileInfo, - baseDir: string, - generatorName?: string, - ): string { - const note = this.generateNotePayload(stagedInfo, baseDir, generatorName); - const generator = note.generator; - const percent = note.summary.aiPercent; - const shots = this.getPromptsSinceLastCommit(); - - if (percent === 0 && shots === 0) { - return `🤖 Generated with Qwen Code`; - } - - return `🤖 Generated with Qwen Code (${percent}% ${shots}-shotted by ${generator})`; - } } // --------------------------------------------------------------------------- diff --git a/packages/core/src/tools/shell.test.ts b/packages/core/src/tools/shell.test.ts index 9cbc644920f..f9c2af2cd56 100644 --- a/packages/core/src/tools/shell.test.ts +++ b/packages/core/src/tools/shell.test.ts @@ -1132,6 +1132,64 @@ describe('ShellTool', () => { ); }); + // Common real-world prefixes — env-var assignment and `sudo` — must + // still be detected so attribution doesn't silently skip the trailer. + it('should add co-author when git commit is prefixed with env vars', async () => { + const command = 'GIT_COMMITTER_DATE=now git commit -m "Test"'; + const invocation = shellTool.build({ command, is_background: false }); + const promise = invocation.execute(mockAbortSignal); + + resolveExecutionPromise({ + rawOutput: Buffer.from(''), + output: '', + exitCode: 0, + signal: null, + error: null, + aborted: false, + pid: 12345, + executionMethod: 'child_process', + }); + + await promise; + + expect(mockShellExecutionService).toHaveBeenCalledWith( + expect.stringContaining('Co-authored-by:'), + expect.any(String), + expect.any(Function), + expect.any(AbortSignal), + false, + {}, + ); + }); + + it('should add co-author when git commit is prefixed with sudo', async () => { + const command = 'sudo git commit -m "Test"'; + const invocation = shellTool.build({ command, is_background: false }); + const promise = invocation.execute(mockAbortSignal); + + resolveExecutionPromise({ + rawOutput: Buffer.from(''), + output: '', + exitCode: 0, + signal: null, + error: null, + aborted: false, + pid: 12345, + executionMethod: 'child_process', + }); + + await promise; + + expect(mockShellExecutionService).toHaveBeenCalledWith( + expect.stringContaining('Co-authored-by:'), + expect.any(String), + expect.any(Function), + expect.any(AbortSignal), + false, + {}, + ); + }); + // Quoted "git commit" should not look like an executed commit. it('should NOT add co-author when git commit appears only inside quoted text', async () => { const command = 'echo "git commit -m foo"'; @@ -1323,6 +1381,35 @@ describe('ShellTool', () => { ); }); + // Quoted "gh pr create" should not look like an executed PR command. + it('should NOT rewrite when gh pr create appears only inside quoted text', async () => { + const command = 'echo "gh pr create --title x --body \\"Summary\\""'; + const invocation = shellTool.build({ command, is_background: false }); + const promise = invocation.execute(mockAbortSignal); + + resolveExecutionPromise({ + rawOutput: Buffer.from(''), + output: '', + exitCode: 0, + signal: null, + error: null, + aborted: false, + pid: 12345, + executionMethod: 'child_process', + }); + + await promise; + + expect(mockShellExecutionService).toHaveBeenCalledWith( + expect.not.stringContaining('Generated with Qwen Code'), + expect.any(String), + expect.any(Function), + expect.any(AbortSignal), + false, + {}, + ); + }); + it('should skip PR attribution when pr is off even if commit is on', async () => { // Commit and PR toggles must be independent. (mockConfig.getGitCoAuthor as Mock).mockReturnValue({ diff --git a/packages/core/src/tools/shell.ts b/packages/core/src/tools/shell.ts index c0fe42c156e..ecd366b18ab 100644 --- a/packages/core/src/tools/shell.ts +++ b/packages/core/src/tools/shell.ts @@ -86,10 +86,46 @@ function escapeForBashSingleQuote(s: string): string { return s.replace(/'/g, "'\\''"); } +/** + * Strip leading env-var assignments and harmless command wrappers + * (`sudo`, `command`) from a single shell command segment so the + * caller can match against the real program name. Examples: + * `FOO=bar git commit` → `git commit` + * `sudo git commit` → `git commit` + * `command -p git ...` → `git ...` + * + * Conservative: only strips a small allowlist of wrappers that don't + * change cwd or shell semantics in ways we care about, so the caller + * can keep guarding against `cd` / `git -C` separately. + */ +function stripCommandPrefix(segment: string): string { + let s = segment.trim(); + // Strip any number of `KEY=value` env assignments. + while (/^[A-Za-z_][A-Za-z0-9_]*=\S*\s+/.test(s)) { + s = s.replace(/^[A-Za-z_][A-Za-z0-9_]*=\S*\s+/, ''); + } + // Strip a single safe wrapper. `sudo -E -u user` etc. would be + // followed by the real command after the flag block, so consume + // any leading flags and their args until we hit a non-flag token. + const wrapper = s.match(/^(sudo|command)\b/); + if (wrapper) { + s = s.slice(wrapper[0].length).trim(); + // Drop any leading flags and their values; stop at the first + // non-flag token (which is the actual program). + while (/^-/.test(s)) { + const m = s.match(/^(\S+)\s*(.*)$/); + if (!m) break; + s = m[2]; + } + } + return s; +} + /** * Detect whether `command` actually executes `git commit` in the - * tool's initial cwd — e.g. `git commit -m "x"` or - * `git status && git commit -m "x"` — without being fooled by: + * tool's initial cwd — e.g. `git commit -m "x"`, + * `git status && git commit -m "x"`, `sudo git commit ...`, or + * `FOO=bar git commit ...` — without being fooled by: * * - Quoted text such as `echo "git commit"` (uses `splitCommands` to * tokenise on shell separators outside quotes). @@ -101,24 +137,38 @@ function escapeForBashSingleQuote(s: string): string { function looksLikeGitCommit(command: string): boolean { let sawGitCommit = false; for (const sub of splitCommands(command)) { - const trimmed = sub.trim(); - if (/^cd\b/.test(trimmed)) { + const stripped = stripCommandPrefix(sub); + if (/^cd\b/.test(stripped)) { // A cd anywhere in the chain might redirect a later `git commit` // into a different repo. Bailing is conservative but avoids // writing a note to the wrong place. return false; } - if (/^git\s+-C\b/.test(trimmed)) { + if (/^git\s+-C\b/.test(stripped)) { // `git -C commit ...` runs in , not our cwd. return false; } - if (/^git\s+commit\b/.test(trimmed)) { + if (/^git\s+commit\b/.test(stripped)) { sawGitCommit = true; } } return sawGitCommit; } +/** + * Detect whether `command` actually invokes `gh pr create` at the + * top level. Same shell-aware shape as `looksLikeGitCommit` so + * quoted text like `echo "gh pr create --body ..."` doesn't trip + * the rewrite path. + */ +function looksLikeGhPrCreate(command: string): boolean { + for (const sub of splitCommands(command)) { + const stripped = stripCommandPrefix(sub); + if (/^gh\s+pr\s+create\b/.test(stripped)) return true; + } + return false; +} + /** Approximate characters per text line for the diff-size estimate. */ const APPROX_CHARS_PER_LINE = 40; /** Fallback char estimate when --numstat reports `-` (binary file). */ @@ -798,6 +848,25 @@ export class ShellToolInvocation extends BaseToolInvocation< shellExecutionConfig?: ShellExecutionConfig, ): Promise { const strippedCommand = stripShellWrapper(this.params.command); + + // The background lifecycle (BackgroundShellRegistry) doesn't run + // the post-command attribution path — there's no clean place to + // hook pre/post-HEAD comparison and `git notes` writes between + // the early `Background shell started` return and the eventual + // process exit. Allowing `git commit` to slip through would leave + // the new commit without notes and let stale per-file attribution + // leak into the next foreground commit. Refuse the request and + // tell the user to run it foreground. + if (looksLikeGitCommit(strippedCommand)) { + return { + llmContent: + 'Refusing to run `git commit` in background mode: AI-attribution notes ' + + 'are written by the foreground completion path. Re-run the commit ' + + 'with is_background=false (or split it out of the compound command).', + returnDisplay: + 'Refused: `git commit` is not supported in background shell mode.', + }; + } // Strip a single bare trailing `&` (the bash background operator) before // spawn: bash treats it as background-detach, exits the wrapper // immediately, and the real child outlives the wrapper — the registry @@ -1291,8 +1360,10 @@ export class ShellToolInvocation extends BaseToolInvocation< * Losing PR attribution on Windows is an acceptable trade for safety. */ private addAttributionToPR(command: string): string { - const ghPrPattern = /\bgh\s+pr\s+create\b/; - if (!ghPrPattern.test(command)) { + // Shell-aware detection — a raw regex would falsely match quoted + // text such as `echo "gh pr create --body \"x\""` and rewrite a + // command that wasn't actually creating a PR. + if (!looksLikeGhPrCreate(command)) { return command; } From 6e1028d9df2473918e34c6d1e5c94fcd0b7f01a6 Mon Sep 17 00:00:00 2001 From: wenshao Date: Fri, 1 May 2026 17:29:36 +0800 Subject: [PATCH 18/64] fix(shell): unified git-commit detection split by intent Six items called out across CodeQL, Copilot, and wenshao: - The earlier `looksLikeGitCommit`/`stripCommandPrefix` returned a single yes/no and rejected ANY `cd` in the chain. That fixed the wrong-repo case but also disabled attribution for `git commit -m "x" && cd ..` (commit already landed safely in our cwd; the cd came after). It also conflated three distinct decisions onto one predicate. New `gitCommitContext` returns both `hasCommit` and `attributableInCwd`, walking segments in order so that a `cd` AFTER the commit doesn't invalidate it. Callers now pick the right arm: - background-mode refusal uses `hasCommit` (refuses even `cd /elsewhere && git commit` since we can't attribute it afterward either way) - HEAD snapshot, addCoAuthorToGitCommit, and the attachCommitAttribution gate use `attributableInCwd` - Tokenisation switches from a regex while-loop to `shell-quote`'s `parse`. Quoted env values like `FOO="a b" git commit` now skip correctly (the old `\S*\s+` form would cut after the opening quote). Eliminates the CodeQL polynomial-regex alert at the same time since the `\S*\s+` pattern is gone. - attachCommitAttribution now snapshots prompt counters via `clearAttributions(true)` whenever a commit lands, even if no per-file attributions were tracked. Previously the early-return on `hasAttributions() === false` meant `promptCountAtLastCommit` never advanced, so a later `gh pr create` reported an inflated N-shotted count spanning multiple commits. Tests: env-var and sudo prefixes still produce trailers; quoted "git commit" / "gh pr create" leave commands unchanged; cd BEFORE commit suppresses the rewrite while cd AFTER commit does not; `git -C commit` is treated as a commit (refused in background) but not as attributable. --- packages/core/src/tools/shell.test.ts | 30 ++++ packages/core/src/tools/shell.ts | 208 +++++++++++++++++--------- 2 files changed, 165 insertions(+), 73 deletions(-) diff --git a/packages/core/src/tools/shell.test.ts b/packages/core/src/tools/shell.test.ts index f9c2af2cd56..3d6a31a4653 100644 --- a/packages/core/src/tools/shell.test.ts +++ b/packages/core/src/tools/shell.test.ts @@ -1102,6 +1102,36 @@ describe('ShellTool', () => { ); }); + // A cd that comes AFTER an in-cwd commit doesn't invalidate the + // commit's attribution — the commit already landed in our repo. + it('should add co-author when cd comes AFTER git commit', async () => { + const command = 'git commit -m "Test" && cd /tmp/test'; + const invocation = shellTool.build({ command, is_background: false }); + const promise = invocation.execute(mockAbortSignal); + + resolveExecutionPromise({ + rawOutput: Buffer.from(''), + output: '', + exitCode: 0, + signal: null, + error: null, + aborted: false, + pid: 12345, + executionMethod: 'child_process', + }); + + await promise; + + expect(mockShellExecutionService).toHaveBeenCalledWith( + expect.stringContaining('Co-authored-by:'), + expect.any(String), + expect.any(Function), + expect.any(AbortSignal), + false, + {}, + ); + }); + // `git -C commit` runs in , not our cwd — same risk // as the cd case, so the rewrite should be skipped. it('should NOT add co-author for git -C commit', async () => { diff --git a/packages/core/src/tools/shell.ts b/packages/core/src/tools/shell.ts index ecd366b18ab..636d140cab6 100644 --- a/packages/core/src/tools/shell.ts +++ b/packages/core/src/tools/shell.ts @@ -46,6 +46,7 @@ import { splitCommands, stripShellWrapper, } from '../utils/shell-utils.js'; +import { parse } from 'shell-quote'; import { createDebugLogger } from '../utils/debugLogger.js'; import { isShellCommandReadOnlyAST, @@ -87,84 +88,127 @@ function escapeForBashSingleQuote(s: string): string { } /** - * Strip leading env-var assignments and harmless command wrappers - * (`sudo`, `command`) from a single shell command segment so the - * caller can match against the real program name. Examples: - * `FOO=bar git commit` → `git commit` - * `sudo git commit` → `git commit` - * `command -p git ...` → `git ...` + * Tokenise a single shell-command segment and return the program name + * plus its first argument, after skipping leading env-var assignments + * (`KEY=value`, including quoted values) and a small allowlist of safe + * wrappers (`sudo`, `command`, with their flag block consumed). * - * Conservative: only strips a small allowlist of wrappers that don't - * change cwd or shell semantics in ways we care about, so the caller - * can keep guarding against `cd` / `git -C` separately. + * Uses `shell-quote`'s `parse` so quoted env values (`FOO="a b" cmd`) + * and other quoting forms are tokenised correctly — a regex-based + * scan would either miss those or risk catastrophic backtracking on + * adversarial input. + * + * Returns `{ program: undefined, ... }` if the segment doesn't parse + * to a recognisable program (operators, parse errors, empty input). */ -function stripCommandPrefix(segment: string): string { - let s = segment.trim(); - // Strip any number of `KEY=value` env assignments. - while (/^[A-Za-z_][A-Za-z0-9_]*=\S*\s+/.test(s)) { - s = s.replace(/^[A-Za-z_][A-Za-z0-9_]*=\S*\s+/, ''); +function tokeniseProgram(segment: string): { + program: string | undefined; + arg1: string | undefined; + arg2: string | undefined; + arg3: string | undefined; +} { + let tokens: string[]; + try { + tokens = parse(segment).filter((t): t is string => typeof t === 'string'); + } catch { + return { + program: undefined, + arg1: undefined, + arg2: undefined, + arg3: undefined, + }; + } + let i = 0; + // Skip env-var assignments (KEY=value). + while (i < tokens.length && /^[A-Za-z_][A-Za-z0-9_]*=/.test(tokens[i]!)) { + i++; } - // Strip a single safe wrapper. `sudo -E -u user` etc. would be - // followed by the real command after the flag block, so consume - // any leading flags and their args until we hit a non-flag token. - const wrapper = s.match(/^(sudo|command)\b/); - if (wrapper) { - s = s.slice(wrapper[0].length).trim(); - // Drop any leading flags and their values; stop at the first - // non-flag token (which is the actual program). - while (/^-/.test(s)) { - const m = s.match(/^(\S+)\s*(.*)$/); - if (!m) break; - s = m[2]; + // Strip a single safe wrapper, then any leading flag tokens it took. + if (tokens[i] === 'sudo' || tokens[i] === 'command') { + i++; + while (i < tokens.length && tokens[i]!.startsWith('-')) { + i++; } } - return s; + return { + program: tokens[i], + arg1: tokens[i + 1], + arg2: tokens[i + 2], + arg3: tokens[i + 3], + }; } /** - * Detect whether `command` actually executes `git commit` in the - * tool's initial cwd — e.g. `git commit -m "x"`, - * `git status && git commit -m "x"`, `sudo git commit ...`, or - * `FOO=bar git commit ...` — without being fooled by: + * Classify whether a command chain (potentially compound) contains a + * `git commit` invocation, and whether that invocation lands in the + * tool's initial cwd. * - * - Quoted text such as `echo "git commit"` (uses `splitCommands` to - * tokenise on shell separators outside quotes). - * - A preceding `cd /elsewhere` or `git -C /elsewhere commit` that - * would point HEAD lookups at a different repo. Attribution - * metadata in that case would land in the wrong repo, so we - * conservatively report "no" and skip attribution. + * Two flags are returned because the answers feed different decisions: + * - `hasCommit` is the broader "did the user try to commit anywhere + * in this chain?" — used to refuse background mode and to gate + * prompt-counter snapshotting. + * - `attributableInCwd` is the stricter "is it safe to capture HEAD + * in our cwd and write a note to that repo?" — used by the actual + * trailer rewrite and git-notes write. + * + * Walks segments in order so a `cd` AFTER an in-cwd commit doesn't + * invalidate that commit's attribution; only a `cd` (or `git -C` + * without commit) BEFORE the commit shifts safety. `git -C + * commit ...` always counts toward `hasCommit` but never toward + * `attributableInCwd`. */ -function looksLikeGitCommit(command: string): boolean { - let sawGitCommit = false; +function gitCommitContext(command: string): { + hasCommit: boolean; + attributableInCwd: boolean; +} { + let hasCommit = false; + let attributable = false; + let cwdShifted = false; + for (const sub of splitCommands(command)) { - const stripped = stripCommandPrefix(sub); - if (/^cd\b/.test(stripped)) { - // A cd anywhere in the chain might redirect a later `git commit` - // into a different repo. Bailing is conservative but avoids - // writing a note to the wrong place. - return false; + const { program, arg1, arg3 } = tokeniseProgram(sub); + if (!program) continue; + + if (program === 'cd') { + // A cd before any commit makes later in-chain commits unsafe to + // attribute (might land in a different repo). A cd after the + // commit doesn't matter for the commit we already saw. + if (!hasCommit) cwdShifted = true; + continue; } - if (/^git\s+-C\b/.test(stripped)) { - // `git -C commit ...` runs in , not our cwd. - return false; + + if (program === 'git' && arg1 === '-C') { + // `git -C commit ...` is a commit in another repo. + if (arg3 === 'commit') { + hasCommit = true; + // Not attributable in our cwd. + } else if (!hasCommit) { + // Other -C operations (status, log, etc.) signal cwd-elsewhere + // intent; subsequent in-cwd commits in this chain are unusual + // enough to be conservative about. + cwdShifted = true; + } + continue; } - if (/^git\s+commit\b/.test(stripped)) { - sawGitCommit = true; + + if (program === 'git' && arg1 === 'commit') { + hasCommit = true; + if (!cwdShifted) attributable = true; } } - return sawGitCommit; + + return { hasCommit, attributableInCwd: attributable }; } /** - * Detect whether `command` actually invokes `gh pr create` at the - * top level. Same shell-aware shape as `looksLikeGitCommit` so - * quoted text like `echo "gh pr create --body ..."` doesn't trip - * the rewrite path. + * Detect whether `command` invokes `gh pr create` at the top level — + * same shell-aware shape as `gitCommitContext` so quoted text like + * `echo "gh pr create --body ..."` doesn't trip the rewrite path. */ function looksLikeGhPrCreate(command: string): boolean { for (const sub of splitCommands(command)) { - const stripped = stripCommandPrefix(sub); - if (/^gh\s+pr\s+create\b/.test(stripped)) return true; + const { program, arg1, arg2 } = tokeniseProgram(sub); + if (program === 'gh' && arg1 === 'pr' && arg2 === 'create') return true; } return false; } @@ -638,11 +682,14 @@ export class ShellToolInvocation extends BaseToolInvocation< // ShellExecutionService — `git rev-parse HEAD` is a few fs reads // (low ms) while a real `git commit` involves staging, hooks, and // object writes (50ms+), so in practice the snapshot resolves - // well before the user's command can move HEAD. Using - // `looksLikeGitCommit` (shell-aware splitter) instead of a raw - // regex avoids triggering on quoted text like `echo "git commit"`. - const isGitCommitCommand = looksLikeGitCommit(strippedCommand); - const preHeadPromise: Promise = isGitCommitCommand + // well before the user's command can move HEAD. + // + // We act on `gitCommitContext` rather than a raw regex so quoted + // text like `echo "git commit"` doesn't trigger snapshot/notes, + // and so attribution still runs after a `git commit && cd ..` + // chain (which would have failed an "any cd anywhere" gate). + const commitCtx = gitCommitContext(strippedCommand); + const preHeadPromise: Promise = commitCtx.attributableInCwd ? this.getGitHead(cwd) : Promise.resolve(null); @@ -770,7 +817,7 @@ export class ShellToolInvocation extends BaseToolInvocation< // while the stale per-file attribution stays around for a later // unrelated commit. attachCommitAttribution already gates on HEAD // movement, so it's a no-op when no commit was actually created. - if (isGitCommitCommand) { + if (commitCtx.attributableInCwd) { const preHead = await preHeadPromise; await this.attachCommitAttribution(strippedCommand, cwd, preHead); } @@ -857,7 +904,11 @@ export class ShellToolInvocation extends BaseToolInvocation< // the new commit without notes and let stale per-file attribution // leak into the next foreground commit. Refuse the request and // tell the user to run it foreground. - if (looksLikeGitCommit(strippedCommand)) { + // + // Use the broader `hasCommit` flag rather than `attributableInCwd`: + // `cd /elsewhere && git commit` should still be refused even + // though we wouldn't attribute it. + if (gitCommitContext(strippedCommand).hasCommit) { return { llmContent: 'Refusing to run `git commit` in background mode: AI-attribution notes ' + @@ -1070,24 +1121,33 @@ export class ShellToolInvocation extends BaseToolInvocation< // Shell-aware detection — a raw regex would falsely match quoted // text such as `echo "git commit"` and clear pending attributions // even though no commit ever ran. - if (!looksLikeGitCommit(command)) { - return; - } - - const attributionService = CommitAttributionService.getInstance(); - if (!attributionService.hasAttributions()) { + if (!gitCommitContext(command).attributableInCwd) { return; } const postHead = await this.getGitHead(cwd); const commitCreated = postHead !== null && postHead !== preHead; + const attributionService = CommitAttributionService.getInstance(); + if (!commitCreated) { // No new commit landed (nothing staged, hook rejected, or user // reset right after). Drop the per-file attributions but keep the // "since last commit" prompt counters intact — the user's next // attempt should still credit prompts that happened during this // failed try. - attributionService.clearAttributions(false); + if (attributionService.hasAttributions()) { + attributionService.clearAttributions(false); + } + return; + } + + // A new commit landed. Even when no per-file attribution was + // tracked (rare but possible — e.g. user committed external + // changes), we still need to snapshot the prompt counters as + // "at last commit" so a later `gh pr create` doesn't report an + // inflated N-shotted count spanning multiple commits. + if (!attributionService.hasAttributions()) { + attributionService.clearAttributions(true); return; } @@ -1284,8 +1344,10 @@ export class ShellToolInvocation extends BaseToolInvocation< // Shell-aware detection — a raw regex would falsely match quoted // text such as `echo "git commit"` and hand a corrupted command - // (with the trailer mid-string) back to the executor. - if (!looksLikeGitCommit(command)) { + // (with the trailer mid-string) back to the executor. The stricter + // `attributableInCwd` is what we want here: only inject the + // trailer when we're confident the commit lands in our cwd. + if (!gitCommitContext(command).attributableInCwd) { return command; } From 2af4e1d2fb84045630aff8e942087549bc7f23a1 Mon Sep 17 00:00:00 2001 From: wenshao Date: Fri, 1 May 2026 19:34:51 +0800 Subject: [PATCH 19/64] fix(shell): position-independent git subcommand detection + bash-shell guard MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Six review items, two of them critical: - gitCommitContext was checking fixed-position tokens (`arg1`, `arg3`) and missed every git invocation that puts a global flag between `git` and the subcommand: `git -c user.email=x@y commit`, `git --no-pager commit`, `git -C /p -c k=v commit`, etc. In background mode these would slip past the refusal guard; in foreground they got no co-author trailer, no git note, and no prompt-counter snapshot. New `parseGitInvocation` walks past git's global flags (with their values) before reading the subcommand, and reports `changesCwd` for `-C` / `--git-dir` / `--work-tree`. - The Windows guard on addCoAuthorToGitCommit and addAttributionToPR used `os.platform() === 'win32'`, which incorrectly skipped Windows + Git Bash (`getShellConfiguration().shell === 'bash'`). Switched both to gate on `getShellConfiguration().shell !== 'bash'` so Git Bash users keep the feature. - attachCommitAttribution was re-parsing `gitCommitContext(command)` even though `execute()` already gates on `commitCtx.attributableInCwd`. Removed the redundant re-parse — drift between the two checks would silently diverge trailer injection from git-notes writes. - tokeniseSegment (formerly tokeniseProgram) now logs via debugLogger on parse failure instead of swallowing silently. Easier to debug if shell-quote ever throws on something unusual. - Added a comment on `cwdShifted` documenting that it's a one-way latch — `cd src && cd ..` will still skip attribution. The trade-off matches the wrong-repo guard's "better miss than corrupt unrelated repos" intent. - Stale `--stat` reference in the aiChars-clamp comment updated to `--numstat` to match the actual git command in ShellToolInvocation.getCommittedFileInfo. Tests: `git -c key=val commit` and `git --no-pager commit` now produce a trailer; existing 82 shell tests still pass. --- .../core/src/services/commitAttribution.ts | 12 +- packages/core/src/tools/shell.test.ts | 60 ++++++ packages/core/src/tools/shell.ts | 174 ++++++++++++------ 3 files changed, 180 insertions(+), 66 deletions(-) diff --git a/packages/core/src/services/commitAttribution.ts b/packages/core/src/services/commitAttribution.ts index fe5f556e0de..a47c96336d9 100644 --- a/packages/core/src/services/commitAttribution.ts +++ b/packages/core/src/services/commitAttribution.ts @@ -370,11 +370,13 @@ export class CommitAttributionService { let humanChars: number; if (tracked) { - // Clamp aiChars to diffSize so aiChars+humanChars stays consistent - // with the committed change magnitude. Without this, long-line edits - // (where diffSize is `lines * 40` from --stat output) can leave - // aiChars > diffSize: humanChars then snaps to 0 but aiChars stays - // large, inflating the per-file total beyond what was committed. + // Clamp aiChars to diffSize so aiChars+humanChars stays + // consistent with the committed change magnitude derived from + // `git diff --numstat`. Without this, cases where + // tracked.aiContribution exceeds the committed change size + // can leave aiChars > diffSize: humanChars then snaps to 0 + // but aiChars stays large, inflating the per-file total + // beyond what was committed. aiChars = Math.min(tracked.aiContribution, diffSize); humanChars = Math.max(0, diffSize - aiChars); } else if (isDeleted) { diff --git a/packages/core/src/tools/shell.test.ts b/packages/core/src/tools/shell.test.ts index 3d6a31a4653..afade64a855 100644 --- a/packages/core/src/tools/shell.test.ts +++ b/packages/core/src/tools/shell.test.ts @@ -1162,6 +1162,66 @@ describe('ShellTool', () => { ); }); + // git's global flags (`-c`, `--no-pager`, etc.) push the + // subcommand past index 1; a fixed-position check at arg1 used + // to silently skip these forms. Make sure we still inject the + // trailer for them. + it('should add co-author for git -c key=val commit', async () => { + const command = 'git -c user.email=x@y commit -m "Test"'; + const invocation = shellTool.build({ command, is_background: false }); + const promise = invocation.execute(mockAbortSignal); + + resolveExecutionPromise({ + rawOutput: Buffer.from(''), + output: '', + exitCode: 0, + signal: null, + error: null, + aborted: false, + pid: 12345, + executionMethod: 'child_process', + }); + + await promise; + + expect(mockShellExecutionService).toHaveBeenCalledWith( + expect.stringContaining('Co-authored-by:'), + expect.any(String), + expect.any(Function), + expect.any(AbortSignal), + false, + {}, + ); + }); + + it('should add co-author for git --no-pager commit', async () => { + const command = 'git --no-pager commit -m "Test"'; + const invocation = shellTool.build({ command, is_background: false }); + const promise = invocation.execute(mockAbortSignal); + + resolveExecutionPromise({ + rawOutput: Buffer.from(''), + output: '', + exitCode: 0, + signal: null, + error: null, + aborted: false, + pid: 12345, + executionMethod: 'child_process', + }); + + await promise; + + expect(mockShellExecutionService).toHaveBeenCalledWith( + expect.stringContaining('Co-authored-by:'), + expect.any(String), + expect.any(Function), + expect.any(AbortSignal), + false, + {}, + ); + }); + // Common real-world prefixes — env-var assignment and `sudo` — must // still be detected so attribution doesn't silently skip the trailer. it('should add co-author when git commit is prefixed with env vars', async () => { diff --git a/packages/core/src/tools/shell.ts b/packages/core/src/tools/shell.ts index 636d140cab6..d94d48cf49d 100644 --- a/packages/core/src/tools/shell.ts +++ b/packages/core/src/tools/shell.ts @@ -43,6 +43,7 @@ import { isSubpaths } from '../utils/paths.js'; import { getCommandRoot, getCommandRoots, + getShellConfiguration, splitCommands, stripShellWrapper, } from '../utils/shell-utils.js'; @@ -88,35 +89,28 @@ function escapeForBashSingleQuote(s: string): string { } /** - * Tokenise a single shell-command segment and return the program name - * plus its first argument, after skipping leading env-var assignments - * (`KEY=value`, including quoted values) and a small allowlist of safe - * wrappers (`sudo`, `command`, with their flag block consumed). + * Tokenise a single shell-command segment via `shell-quote`. Returns + * the parsed string tokens with leading env-var assignments and a + * small allowlist of safe wrappers (`sudo`, `command`, with their + * flag block consumed) stripped. Returns `null` if the segment + * doesn't parse — the caller should then skip the segment. * - * Uses `shell-quote`'s `parse` so quoted env values (`FOO="a b" cmd`) - * and other quoting forms are tokenised correctly — a regex-based - * scan would either miss those or risk catastrophic backtracking on - * adversarial input. - * - * Returns `{ program: undefined, ... }` if the segment doesn't parse - * to a recognisable program (operators, parse errors, empty input). + * Using `shell-quote.parse` (rather than a regex scan) is what makes + * quoted env values (`FOO="a b" cmd`) tokenise correctly and avoids + * the polynomial regex behaviour CodeQL flagged on the previous + * `\S*\s+`-based slicing loop. */ -function tokeniseProgram(segment: string): { - program: string | undefined; - arg1: string | undefined; - arg2: string | undefined; - arg3: string | undefined; -} { +function tokeniseSegment(segment: string): string[] | null { let tokens: string[]; try { tokens = parse(segment).filter((t): t is string => typeof t === 'string'); - } catch { - return { - program: undefined, - arg1: undefined, - arg2: undefined, - arg3: undefined, - }; + } catch (e) { + debugLogger.warn( + `tokeniseSegment: parse failed for "${segment.slice(0, 80)}": ${ + e instanceof Error ? e.message : String(e) + }`, + ); + return null; } let i = 0; // Skip env-var assignments (KEY=value). @@ -130,12 +124,63 @@ function tokeniseProgram(segment: string): { i++; } } - return { - program: tokens[i], - arg1: tokens[i + 1], - arg2: tokens[i + 2], - arg3: tokens[i + 3], - }; + return tokens.slice(i); +} + +/** + * Walk a `git ...` token sequence past git's global flags + * (`-c key=val`, `-C path`, `--no-pager`, `--git-dir`, `--work-tree`, + * `--namespace`, etc.) to find the actual subcommand. Without this, + * `git -c k=v commit -m x` and `git --no-pager commit -m x` would + * silently slip past a fixed-position check at index 1. + * + * `changesCwd` is true when any of the consumed flags would relocate + * the working directory (`-C`, `--git-dir`, `--work-tree`). + */ +function parseGitInvocation(tokens: string[]): { + subcommand: string | undefined; + changesCwd: boolean; +} { + // Two-token global flags whose second token is consumed as a value. + const TAKES_VALUE = new Set([ + '-c', + '-C', + '--git-dir', + '--work-tree', + '--namespace', + '--exec-path', + '--config-env', + '--super-prefix', + '--list-cmds', + ]); + // Flags whose presence shifts cwd interpretation. + const SHIFTS_CWD = new Set(['-C', '--git-dir', '--work-tree']); + + let i = 1; // skip 'git' + let changesCwd = false; + while (i < tokens.length) { + const t = tokens[i]!; + if (TAKES_VALUE.has(t)) { + if (SHIFTS_CWD.has(t)) changesCwd = true; + i += 2; + continue; + } + // Attached-value form: `--git-dir=path`, `--work-tree=path`, etc. + if (t.startsWith('--git-dir=') || t.startsWith('--work-tree=')) { + changesCwd = true; + i++; + continue; + } + // Other long/short flag (no separate arg, e.g. --no-pager, + // --version, --bare, -p). + if (t.startsWith('-')) { + i++; + continue; + } + // First non-flag is the subcommand. + return { subcommand: t, changesCwd }; + } + return { subcommand: undefined, changesCwd }; } /** @@ -152,10 +197,14 @@ function tokeniseProgram(segment: string): { * trailer rewrite and git-notes write. * * Walks segments in order so a `cd` AFTER an in-cwd commit doesn't - * invalidate that commit's attribution; only a `cd` (or `git -C` - * without commit) BEFORE the commit shifts safety. `git -C - * commit ...` always counts toward `hasCommit` but never toward - * `attributableInCwd`. + * invalidate that commit's attribution; only a `cd` (or `git -C` / + * `--git-dir` / `--work-tree`) BEFORE the commit shifts safety. + * + * `cwdShifted` is intentionally a one-way latch — it isn't reset on + * a subsequent `cd .` or `cd ..`, so harmless cd cycles like + * `cd src && cd .. && git commit -m x` will conservatively skip + * attribution. The trade-off matches the wrong-repo guard's intent + * (better miss than corrupt unrelated repos). */ function gitCommitContext(command: string): { hasCommit: boolean; @@ -166,8 +215,10 @@ function gitCommitContext(command: string): { let cwdShifted = false; for (const sub of splitCommands(command)) { - const { program, arg1, arg3 } = tokeniseProgram(sub); - if (!program) continue; + const tokens = tokeniseSegment(sub); + if (!tokens || tokens.length === 0) continue; + + const program = tokens[0]!; if (program === 'cd') { // A cd before any commit makes later in-chain commits unsafe to @@ -177,23 +228,19 @@ function gitCommitContext(command: string): { continue; } - if (program === 'git' && arg1 === '-C') { - // `git -C commit ...` is a commit in another repo. - if (arg3 === 'commit') { + if (program === 'git') { + const { subcommand, changesCwd } = parseGitInvocation(tokens); + if (subcommand === 'commit') { hasCommit = true; - // Not attributable in our cwd. - } else if (!hasCommit) { - // Other -C operations (status, log, etc.) signal cwd-elsewhere + // The commit lands in our cwd only if no preceding cd shifted + // us and this very invocation didn't redirect via -C/--git-dir. + if (!cwdShifted && !changesCwd) attributable = true; + } else if (changesCwd && !hasCommit) { + // `git -C /path status` and friends signal cwd-elsewhere // intent; subsequent in-cwd commits in this chain are unusual // enough to be conservative about. cwdShifted = true; } - continue; - } - - if (program === 'git' && arg1 === 'commit') { - hasCommit = true; - if (!cwdShifted) attributable = true; } } @@ -207,8 +254,11 @@ function gitCommitContext(command: string): { */ function looksLikeGhPrCreate(command: string): boolean { for (const sub of splitCommands(command)) { - const { program, arg1, arg2 } = tokeniseProgram(sub); - if (program === 'gh' && arg1 === 'pr' && arg2 === 'create') return true; + const tokens = tokeniseSegment(sub); + if (!tokens) continue; + if (tokens[0] === 'gh' && tokens[1] === 'pr' && tokens[2] === 'create') { + return true; + } } return false; } @@ -1118,12 +1168,10 @@ export class ShellToolInvocation extends BaseToolInvocation< cwd: string, preHead: string | null, ): Promise { - // Shell-aware detection — a raw regex would falsely match quoted - // text such as `echo "git commit"` and clear pending attributions - // even though no commit ever ran. - if (!gitCommitContext(command).attributableInCwd) { - return; - } + // Caller (`execute`) gates this with `commitCtx.attributableInCwd`, + // so we don't re-parse here. Re-parsing would be dead work and a + // maintenance trap — if the two checks ever drifted, trailer + // injection and git-notes writes could diverge silently. const postHead = await this.getGitHead(cwd); const commitCreated = postHead !== null && postHead !== preHead; @@ -1335,10 +1383,11 @@ export class ShellToolInvocation extends BaseToolInvocation< return command; } - // Same Windows guard as addAttributionToPR — bash escaping is wrong - // for cmd/PowerShell. The trailer goes inside `-m "..."` quotes too, - // so the same risk of `$()`/backtick interpolation applies. - if (os.platform() === 'win32') { + // Same shell-type guard as addAttributionToPR — bash escaping is + // wrong for cmd/PowerShell. Gating on the active shell rather than + // the OS platform keeps Windows + Git Bash users (where + // getShellConfiguration() reports shell:'bash') working. + if (getShellConfiguration().shell !== 'bash') { return command; } @@ -1429,7 +1478,10 @@ export class ShellToolInvocation extends BaseToolInvocation< return command; } - if (os.platform() === 'win32') { + // Gate on shell type rather than OS platform: bash escaping is + // invalid under cmd/PowerShell but works fine under Windows + + // Git Bash, which `getShellConfiguration()` reports as `'bash'`. + if (getShellConfiguration().shell !== 'bash') { return command; } From f97ba2010f9f3f8585559ab1cfe24922e41312b6 Mon Sep 17 00:00:00 2001 From: wenshao Date: Fri, 1 May 2026 22:44:08 +0800 Subject: [PATCH 20/64] fix(shell): refuse multi-commit attribution; misc review follow-ups Five follow-ups from the latest review pass: - attachCommitAttribution now refuses to write a single git note for shell commands that produce more than one commit (e.g. `git commit -m a && git commit -m b`). The singleton's per-file attribution map can't be partitioned across the individual commits, so attaching the combined note to HEAD would mis-attribute earlier commits' changes to the last one. Walks `preHead..HEAD` via `git rev-list --count`; on multi-commit detection it snapshots the prompt counters and bails with a debug warning instead of writing a misleading note. - parseGitInvocation now recognises the attached `-C/path` form (e.g. `git -C/path commit -m x`). shell-quote tokenises that as a single `-C/path` token which previously fell to the generic flag branch with `changesCwd = false`, leaving an out-of-cwd commit classified as attributable. - attachCommitAttribution dropped its unused `command` parameter (the caller already gates on `commitCtx.attributableInCwd`, so re-parsing was removed earlier; the parameter became dead). - Added wiring guards in edit.test.ts and write-file.test.ts: AI-originated edits/writes hit `CommitAttributionService.recordEdit`, `modified_by_user: true` skips, and write-file's distinction between a true new file and an overwritten empty file (`null` vs `''` old content) is now pinned by `aiCreated` assertions. --- packages/core/src/tools/edit.test.ts | 51 ++++++++++++++++ packages/core/src/tools/shell.ts | 66 ++++++++++++++++++-- packages/core/src/tools/write-file.test.ts | 71 ++++++++++++++++++++++ 3 files changed, 183 insertions(+), 5 deletions(-) diff --git a/packages/core/src/tools/edit.test.ts b/packages/core/src/tools/edit.test.ts index 2b78956d9ff..991bfecf5ea 100644 --- a/packages/core/src/tools/edit.test.ts +++ b/packages/core/src/tools/edit.test.ts @@ -30,6 +30,7 @@ import { ApprovalMode } from '../config/config.js'; import { createMockWorkspaceContext } from '../test-utils/mockWorkspaceContext.js'; import { FileReadCache } from '../services/fileReadCache.js'; import { StandardFileSystemService } from '../services/fileSystemService.js'; +import { CommitAttributionService } from '../services/commitAttribution.js'; describe('EditTool', () => { let tool: EditTool; @@ -426,6 +427,56 @@ describe('EditTool', () => { expect(display.fileName).toBe(testFile); }); + // The Edit tool feeds the commit-attribution singleton on success so + // commit notes can later report per-file AI/human ratios. Service- + // level tests for `recordEdit` already exist; these guard against + // the wiring at the tool boundary regressing (e.g. someone moves + // the call out of the success path). + describe('commit-attribution wiring', () => { + beforeEach(() => { + CommitAttributionService.resetInstance(); + }); + + it('records AI-originated edits in the attribution service', async () => { + const initial = 'old line'; + const updated = 'new line'; + fs.writeFileSync(filePath, initial, 'utf8'); + const invocation = tool.build({ + file_path: filePath, + old_string: 'old', + new_string: 'new', + }); + + await invocation.execute(new AbortController().signal); + + const attribution = + CommitAttributionService.getInstance().getFileAttribution(filePath); + expect(attribution).toBeDefined(); + // The actual char count is implementation detail of + // computeCharContribution; we only assert the entry exists + // with a positive contribution. + expect(attribution!.aiContribution).toBeGreaterThan(0); + // Length sanity: contribution is bounded by the new content. + expect(attribution!.aiContribution).toBeLessThanOrEqual(updated.length); + }); + + it('skips attribution when the edit is modified_by_user', async () => { + fs.writeFileSync(filePath, 'old line', 'utf8'); + const invocation = tool.build({ + file_path: filePath, + old_string: 'old', + new_string: 'new', + modified_by_user: true, + }); + + await invocation.execute(new AbortController().signal); + + expect( + CommitAttributionService.getInstance().getFileAttribution(filePath), + ).toBeUndefined(); + }); + }); + it('should create a new file if old_string is empty and file does not exist, and return created message', async () => { const newFileName = 'brand_new_file.txt'; const newFilePath = path.join(rootDir, newFileName); diff --git a/packages/core/src/tools/shell.ts b/packages/core/src/tools/shell.ts index d94d48cf49d..431d738f606 100644 --- a/packages/core/src/tools/shell.ts +++ b/packages/core/src/tools/shell.ts @@ -171,6 +171,15 @@ function parseGitInvocation(tokens: string[]): { i++; continue; } + // Attached-value form for `-C`: `git -C/path commit ...`. Git + // accepts both `-C path` (handled above by TAKES_VALUE) and the + // concatenated form. shell-quote tokenises the latter as a single + // `-Cpath` token. + if (t.length > 2 && t.startsWith('-C')) { + changesCwd = true; + i++; + continue; + } // Other long/short flag (no separate arg, e.g. --no-pager, // --version, --bare, -p). if (t.startsWith('-')) { @@ -869,7 +878,7 @@ export class ShellToolInvocation extends BaseToolInvocation< // movement, so it's a no-op when no commit was actually created. if (commitCtx.attributableInCwd) { const preHead = await preHeadPromise; - await this.attachCommitAttribution(strippedCommand, cwd, preHead); + await this.attachCommitAttribution(cwd, preHead); } let returnDisplayMessage = ''; @@ -1127,6 +1136,36 @@ export class ShellToolInvocation extends BaseToolInvocation< * shell wrapper. The 2s timeout means a wedged repo can't stall the * post-command path. */ + /** + * Count the commits between `preHead` (exclusive) and `HEAD` + * (inclusive). Returns 0 if either side is unreadable or `preHead` + * is null (the very first commit case is treated as a single-commit + * batch by the caller via the HEAD-movement check). Goes through + * `child_process.execFile` with argv to stay independent of the + * mockable `ShellExecutionService`. + */ + private async countCommitsAfter( + cwd: string, + preHead: string, + ): Promise { + return new Promise((resolve) => { + const child = childProcess.execFile( + 'git', + ['rev-list', '--count', `${preHead}..HEAD`], + { cwd, timeout: 2000 }, + (error, stdout) => { + if (error) { + resolve(0); + return; + } + const n = parseInt(String(stdout).trim(), 10); + resolve(Number.isFinite(n) && n > 0 ? n : 0); + }, + ); + child.on('error', () => {}); + }); + } + private async getGitHead(cwd: string): Promise { return new Promise((resolve) => { const child = childProcess.execFile( @@ -1164,14 +1203,13 @@ export class ShellToolInvocation extends BaseToolInvocation< * the Co-authored-by trailer and the git-notes payload). */ private async attachCommitAttribution( - command: string, cwd: string, preHead: string | null, ): Promise { // Caller (`execute`) gates this with `commitCtx.attributableInCwd`, - // so we don't re-parse here. Re-parsing would be dead work and a - // maintenance trap — if the two checks ever drifted, trailer - // injection and git-notes writes could diverge silently. + // so we don't re-parse the command here. Re-parsing would be dead + // work and a maintenance trap — if the two checks ever drifted, + // trailer injection and git-notes writes could diverge silently. const postHead = await this.getGitHead(cwd); const commitCreated = postHead !== null && postHead !== preHead; @@ -1189,6 +1227,24 @@ export class ShellToolInvocation extends BaseToolInvocation< return; } + // Refuse to attribute when a single shell command produced more + // than one commit (e.g. `git commit -m a && git commit -m b`). + // Our singleton has no way to partition the per-file AI + // contribution across the individual commits, so attaching the + // combined note to HEAD would mis-attribute earlier commits' + // changes to the last one. Snapshot prompt counters and bail. + if (preHead !== null) { + const commitCount = await this.countCommitsAfter(cwd, preHead); + if (commitCount > 1) { + debugLogger.warn( + `Refusing AI attribution for a multi-commit shell command (` + + `${commitCount} commits between ${preHead.slice(0, 12)} and HEAD).`, + ); + attributionService.clearAttributions(true); + return; + } + } + // A new commit landed. Even when no per-file attribution was // tracked (rare but possible — e.g. user committed external // changes), we still need to snapshot the prompt counters as diff --git a/packages/core/src/tools/write-file.test.ts b/packages/core/src/tools/write-file.test.ts index e5f972b0098..f7b897f6022 100644 --- a/packages/core/src/tools/write-file.test.ts +++ b/packages/core/src/tools/write-file.test.ts @@ -28,6 +28,7 @@ import { GeminiClient } from '../core/client.js'; import { createMockWorkspaceContext } from '../test-utils/mockWorkspaceContext.js'; import { FileReadCache } from '../services/fileReadCache.js'; import { StandardFileSystemService } from '../services/fileSystemService.js'; +import { CommitAttributionService } from '../services/commitAttribution.js'; const rootDir = path.resolve(os.tmpdir(), 'qwen-code-test-root'); @@ -750,4 +751,74 @@ describe('WriteFileTool', () => { } }); }); + + // Same as edit.test's wiring guard: the WriteFileTool feeds the + // commit-attribution singleton on success. The recordEdit call + // distinguishes a true file creation (`null` old content) from + // overwriting an existing empty file (`''` old content); these + // tests pin both shapes so the distinction can't drift silently. + describe('commit-attribution wiring', () => { + const abortSignal = new AbortController().signal; + + beforeEach(() => { + CommitAttributionService.resetInstance(); + }); + + it('records AI-originated writes in the attribution service', async () => { + const filePath = path.join(rootDir, 'attr_write.txt'); + const invocation = tool.build({ + file_path: filePath, + content: 'fresh content', + }); + await invocation.execute(abortSignal); + + const attribution = + CommitAttributionService.getInstance().getFileAttribution(filePath); + expect(attribution).toBeDefined(); + expect(attribution!.aiContribution).toBeGreaterThan(0); + // A truly new file should be flagged so deletions later in the + // session can be reconciled. + expect(attribution!.aiCreated).toBe(true); + + fs.unlinkSync(filePath); + }); + + it('skips attribution when modified_by_user', async () => { + const filePath = path.join(rootDir, 'attr_skip.txt'); + const invocation = tool.build({ + file_path: filePath, + content: 'human-edited', + modified_by_user: true, + }); + await invocation.execute(abortSignal); + + expect( + CommitAttributionService.getInstance().getFileAttribution(filePath), + ).toBeUndefined(); + + fs.unlinkSync(filePath); + }); + + it('marks aiCreated=false when overwriting an existing empty file', async () => { + const filePath = path.join(rootDir, 'attr_existing_empty.txt'); + // Create an empty file first — the distinction we're guarding + // is that overwriting an empty existing file should NOT be + // counted as a creation, even though both old contents are + // length-0. + fs.writeFileSync(filePath, '', 'utf8'); + + const invocation = tool.build({ + file_path: filePath, + content: 'overwrite content', + }); + await invocation.execute(abortSignal); + + const attribution = + CommitAttributionService.getInstance().getFileAttribution(filePath); + expect(attribution).toBeDefined(); + expect(attribution!.aiCreated).toBe(false); + + fs.unlinkSync(filePath); + }); + }); }); From be81c6f08d3e1d65a67dc21b098896d057e42571 Mon Sep 17 00:00:00 2001 From: wenshao Date: Sat, 2 May 2026 04:50:07 +0800 Subject: [PATCH 21/64] fix(attribution): partial-commit clear, symlink baseDir, gh/git flag handling MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Two Critical items, two Copilot, and five wenshao Suggestions: - attachCommitAttribution's `finally` block used to call `clearAttributions()` unconditionally, wiping per-file tracking for files the AI had edited but the user excluded from this commit. Added `clearAttributedFiles(committedAbsolutePaths)` to the service and the call site now passes only the paths that actually landed in this commit; entries for un-`add`ed files stay pending for a later commit. - generateNotePayload now runs both `baseDir` and each tracked absolute path through `fs.realpathSync` before `path.relative`. On macOS in particular `/var` symlinks to `/private/var`, so the toplevel from `git rev-parse --show-toplevel` and the absolute path captured by edit/write-file tools could diverge — producing `../../actual/path` keys in the lookup that never matched and silently zeroed all per-file AI attribution. - tokeniseSegment now consumes value-taking sudo flags (`-u`, `-g`, `-h`, `-D`, `-r`, `-t`, `-C`, plus the long forms). Without this, `sudo -u other git commit` left `other` standing in for the program name and skipped the trailer entirely. - A duplicate JSDoc block above `countCommitsAfter` (a leftover from the earlier extraction of `getGitHead`) was removed; both helpers now have one accurate comment each. - attachCommitAttribution's multi-commit guard now also runs when `preHead === null` (brand-new repo), via `git rev-list --count HEAD`. A compound `git init && git commit -m a && git commit -m b` no longer slips through and mis-attributes combined data to the last commit. - addCoAuthorToGitCommit's `-m` matching switched to `matchAll` and takes the LAST match. `git commit -m "title" -m "body"` puts the trailer at the end of the body so `git interpret-trailers` recognises it; the previous first-match behaviour stuffed the trailer in the title where git treats it as plain message text. - addAttributionToPR's `--body` regex accepts both space and `=` separators (`--body "..."` and `--body="..."`); the `=` form is common with gh. - New `parseGhInvocation` walks past gh's global flags (`--repo`, `-R`, `--hostname`) so `gh --repo owner/repo pr create ...` is detected. The earlier fixed-position check at tokens[1]/tokens[2] missed any command with a global flag. - getCommittedFileInfo now fans out the two `rev-parse` calls and the three diff calls with `Promise.all`. They're independent and serialising them was paying spawn latency 5× per commit. Tests: sudo with `-u user`, multi `-m`, `gh --repo owner/repo`, `--body="..."`, plus the existing 84 shell tests still pass. --- .../core/src/services/commitAttribution.ts | 54 +++- packages/core/src/tools/shell.test.ts | 125 +++++++++ packages/core/src/tools/shell.ts | 265 +++++++++++++----- 3 files changed, 367 insertions(+), 77 deletions(-) diff --git a/packages/core/src/services/commitAttribution.ts b/packages/core/src/services/commitAttribution.ts index a47c96336d9..def43a6d3c5 100644 --- a/packages/core/src/services/commitAttribution.ts +++ b/packages/core/src/services/commitAttribution.ts @@ -22,9 +22,27 @@ */ import { createHash } from 'node:crypto'; +import * as fs from 'node:fs'; import * as path from 'node:path'; import { isGeneratedFile } from './generatedFiles.js'; +/** + * Resolve symlinks on a path. On macOS in particular, `/var` is a + * symlink to `/private/var`, so an absolute path captured via + * `fs.realpathSync` (what edit.ts/write-file.ts records) and + * `path.relative` against `git rev-parse --show-toplevel` (which may + * report either form) won't line up unless we normalise both sides. + * Falls back to the input on any fs error so a missing path can't + * make the lookup fail outright. + */ +function realpathOrSelf(p: string): string { + try { + return fs.realpathSync(p); + } catch { + return p; + } +} + // --------------------------------------------------------------------------- // Types // --------------------------------------------------------------------------- @@ -276,6 +294,28 @@ export class CommitAttributionService { this.sessionBaselines.clear(); } + /** + * Clear attribution data for the specific files that just landed in + * a commit, leaving entries for files the user *didn't* include + * (partial commits, `git add A && git commit -m "..."`) intact so + * they're still credited on a later commit. Snapshots prompt + * counters since a commit did succeed. + * + * Keys must be the absolute paths used by `recordEdit` — callers + * are responsible for resolving repo-relative diff paths against + * the repo root (and following symlinks via fs.realpath where + * needed) before passing them in. + */ + clearAttributedFiles(committedAbsolutePaths: Set): void { + this.promptCountAtLastCommit = this.promptCount; + this.permissionPromptCountAtLastCommit = this.permissionPromptCount; + this.escapeCountAtLastCommit = this.escapeCount; + for (const p of committedAbsolutePaths) { + this.fileAttributions.delete(p); + this.sessionBaselines.delete(p); + } + } + // ----------------------------------------------------------------------- // Snapshot / restore (session persistence) // ----------------------------------------------------------------------- @@ -348,11 +388,19 @@ export class CommitAttributionService { let totalAiChars = 0; let totalHumanChars = 0; - // Build lookup: relative path → tracked AI contribution - // Normalize to forward slashes so git-style paths match on Windows + // Build lookup: relative path → tracked AI contribution. Both + // sides are run through realpath so symlinked /var ↔ /private/var + // (macOS) or other symlink mismatches don't make + // `path.relative` produce a `../...` key that never matches the + // diff output. Normalize separators to forward slashes so git + // paths line up on Windows. + const canonicalBase = realpathOrSelf(baseDir); const aiLookup = new Map(); for (const [absPath, attr] of this.fileAttributions) { - const rel = path.relative(baseDir, absPath).split(path.sep).join('/'); + const rel = path + .relative(canonicalBase, realpathOrSelf(absPath)) + .split(path.sep) + .join('/'); aiLookup.set(rel, attr); } diff --git a/packages/core/src/tools/shell.test.ts b/packages/core/src/tools/shell.test.ts index afade64a855..e321808c409 100644 --- a/packages/core/src/tools/shell.test.ts +++ b/packages/core/src/tools/shell.test.ts @@ -1252,6 +1252,69 @@ describe('ShellTool', () => { ); }); + // `sudo -u user git commit` puts the program at index [3], not + // [1]; a naive flag-only consumer would leave `user` standing + // in for the program name. + it('should add co-author for sudo with value-taking flag (-u user)', async () => { + const command = 'sudo -u other git commit -m "Test"'; + const invocation = shellTool.build({ command, is_background: false }); + const promise = invocation.execute(mockAbortSignal); + + resolveExecutionPromise({ + rawOutput: Buffer.from(''), + output: '', + exitCode: 0, + signal: null, + error: null, + aborted: false, + pid: 12345, + executionMethod: 'child_process', + }); + + await promise; + + expect(mockShellExecutionService).toHaveBeenCalledWith( + expect.stringContaining('Co-authored-by:'), + expect.any(String), + expect.any(Function), + expect.any(AbortSignal), + false, + {}, + ); + }); + + // git's `-m` can be passed multiple times — `git interpret-trailers` + // only recognises trailers that sit at the end of the *last* `-m` + // value, so the rewrite must target the last match. + it('should add Co-authored-by trailer to the LAST -m when multiple are present', async () => { + const command = 'git commit -m "Title" -m "Body line 1"'; + const invocation = shellTool.build({ command, is_background: false }); + const promise = invocation.execute(mockAbortSignal); + + resolveExecutionPromise({ + rawOutput: Buffer.from(''), + output: '', + exitCode: 0, + signal: null, + error: null, + aborted: false, + pid: 12345, + executionMethod: 'child_process', + }); + + await promise; + + const observed = mockShellExecutionService.mock.calls[0][0]; + // The trailer must land inside the second `-m` quote pair, not + // the first; a simple way to assert this is that `Body line 1` + // and the trailer share the same closing quote. + expect(observed).toMatch( + /-m\s+"Body line 1\s+Co-authored-by: Qwen-Coder "/s, + ); + // And the first -m's title is unchanged. + expect(observed).toMatch(/-m\s+"Title"\s/); + }); + it('should add co-author when git commit is prefixed with sudo', async () => { const command = 'sudo git commit -m "Test"'; const invocation = shellTool.build({ command, is_background: false }); @@ -1471,6 +1534,68 @@ describe('ShellTool', () => { ); }); + // `gh --repo owner/repo pr create` shifts pr/create past the + // fixed `tokens[1]/tokens[2]` slots; a literal-position check + // misses these forms. + it('should append attribution when gh has global flags before pr create', async () => { + const command = + 'gh --repo owner/repo pr create --title "x" --body "Summary"'; + const invocation = shellTool.build({ command, is_background: false }); + const promise = invocation.execute(mockAbortSignal); + + resolveExecutionPromise({ + rawOutput: Buffer.from(''), + output: '', + exitCode: 0, + signal: null, + error: null, + aborted: false, + pid: 12345, + executionMethod: 'child_process', + }); + + await promise; + + expect(mockShellExecutionService).toHaveBeenCalledWith( + expect.stringContaining('Generated with Qwen Code'), + expect.any(String), + expect.any(Function), + expect.any(AbortSignal), + false, + {}, + ); + }); + + // The `--body=value` (equals-sign) form is common with gh; the + // earlier `\s+` separator only matched `--body value`. + it('should append attribution to --body="..." equals-sign form', async () => { + const command = 'gh pr create --title "x" --body="Summary"'; + const invocation = shellTool.build({ command, is_background: false }); + const promise = invocation.execute(mockAbortSignal); + + resolveExecutionPromise({ + rawOutput: Buffer.from(''), + output: '', + exitCode: 0, + signal: null, + error: null, + aborted: false, + pid: 12345, + executionMethod: 'child_process', + }); + + await promise; + + expect(mockShellExecutionService).toHaveBeenCalledWith( + expect.stringContaining('Generated with Qwen Code'), + expect.any(String), + expect.any(Function), + expect.any(AbortSignal), + false, + {}, + ); + }); + // Quoted "gh pr create" should not look like an executed PR command. it('should NOT rewrite when gh pr create appears only inside quoted text', async () => { const command = 'echo "gh pr create --title x --body \\"Summary\\""'; diff --git a/packages/core/src/tools/shell.ts b/packages/core/src/tools/shell.ts index 431d738f606..4639a2ead42 100644 --- a/packages/core/src/tools/shell.ts +++ b/packages/core/src/tools/shell.ts @@ -117,11 +117,43 @@ function tokeniseSegment(segment: string): string[] | null { while (i < tokens.length && /^[A-Za-z_][A-Za-z0-9_]*=/.test(tokens[i]!)) { i++; } - // Strip a single safe wrapper, then any leading flag tokens it took. + // Strip a single safe wrapper, then any leading flag tokens it + // took. Sudo's value-taking flags (`-u user`, `-g group`, + // `-h host`, `-D path`, `-r role`, `-t type`) consume the next + // argv slot, so without explicitly knowing which take values we'd + // leave e.g. `user` standing in for the program in + // `sudo -u user git commit ...`. `command` doesn't take any flag + // values but its `-p`/`-v`/`-V` are flag-only. if (tokens[i] === 'sudo' || tokens[i] === 'command') { + const wrapper = tokens[i]; i++; + const sudoFlagsWithValue = new Set([ + '-u', + '-g', + '-h', + '-D', + '-r', + '-t', + '-C', + '--user', + '--group', + '--host', + '--chdir', + '--role', + '--type', + ]); while (i < tokens.length && tokens[i]!.startsWith('-')) { + const flag = tokens[i]!; i++; + // Only sudo has value-taking flags in this allowlist; for + // `command`'s flag-only options we leave i alone. + if ( + wrapper === 'sudo' && + sudoFlagsWithValue.has(flag) && + i < tokens.length + ) { + i++; + } } } return tokens.slice(i); @@ -256,6 +288,35 @@ function gitCommitContext(command: string): { return { hasCommit, attributableInCwd: attributable }; } +/** + * Walk a `gh ...` token sequence past gh's global flags + * (`--repo owner/repo`, `--hostname host`, `--help`, `--version`) and + * return the resulting subcommand chain. Same purpose as + * `parseGitInvocation`: a fixed-position check at index 1 misses + * `gh --repo owner/repo pr create ...`, which is a common form. + */ +function parseGhInvocation(tokens: string[]): string[] { + const TAKES_VALUE = new Set(['--repo', '-R', '--hostname']); + let i = 1; // skip 'gh' + while (i < tokens.length) { + const t = tokens[i]!; + if (TAKES_VALUE.has(t)) { + i += 2; + continue; + } + if (t.startsWith('--repo=') || t.startsWith('--hostname=')) { + i++; + continue; + } + if (t.startsWith('-')) { + i++; + continue; + } + return tokens.slice(i); + } + return []; +} + /** * Detect whether `command` invokes `gh pr create` at the top level — * same shell-aware shape as `gitCommitContext` so quoted text like @@ -264,10 +325,9 @@ function gitCommitContext(command: string): { function looksLikeGhPrCreate(command: string): boolean { for (const sub of splitCommands(command)) { const tokens = tokeniseSegment(sub); - if (!tokens) continue; - if (tokens[0] === 'gh' && tokens[1] === 'pr' && tokens[2] === 'create') { - return true; - } + if (!tokens || tokens[0] !== 'gh') continue; + const rest = parseGhInvocation(tokens); + if (rest[0] === 'pr' && rest[1] === 'create') return true; } return false; } @@ -1124,23 +1184,9 @@ export class ShellToolInvocation extends BaseToolInvocation< }; } - /** - * Read the current HEAD SHA, or null if unavailable (no commits yet, - * not a git repo, or git failed). Used to detect whether a `git - * commit` actually created a new commit, independent of the shell's - * exit code. - * - * Goes through `child_process.execFile` rather than - * {@link ShellExecutionService} so the lookup is unaffected by test - * mocks of the shell service and stays well clear of any user-supplied - * shell wrapper. The 2s timeout means a wedged repo can't stall the - * post-command path. - */ /** * Count the commits between `preHead` (exclusive) and `HEAD` - * (inclusive). Returns 0 if either side is unreadable or `preHead` - * is null (the very first commit case is treated as a single-commit - * batch by the caller via the HEAD-movement check). Goes through + * (inclusive). Returns 0 if either side is unreadable. Goes through * `child_process.execFile` with argv to stay independent of the * mockable `ShellExecutionService`. */ @@ -1148,10 +1194,26 @@ export class ShellToolInvocation extends BaseToolInvocation< cwd: string, preHead: string, ): Promise { + return this.runGitCount(cwd, ['rev-list', '--count', `${preHead}..HEAD`]); + } + + /** + * Count commits reachable from HEAD when the repo had no prior + * HEAD before the user's command — i.e. the very first commit (or + * compound `init && commit && commit ...`). Without this fallback + * the multi-commit guard would be skipped on a brand-new repo and + * mis-attribute combined data to the final commit. + */ + private async countCommitsFromRoot(cwd: string): Promise { + return this.runGitCount(cwd, ['rev-list', '--count', 'HEAD']); + } + + /** Shared helper for the two `rev-list --count` invocations. */ + private async runGitCount(cwd: string, args: string[]): Promise { return new Promise((resolve) => { const child = childProcess.execFile( 'git', - ['rev-list', '--count', `${preHead}..HEAD`], + args, { cwd, timeout: 2000 }, (error, stdout) => { if (error) { @@ -1166,6 +1228,15 @@ export class ShellToolInvocation extends BaseToolInvocation< }); } + /** + * Read the current HEAD SHA, or null if unavailable (no commits + * yet, not a git repo, or git failed). Used to detect whether a + * `git commit` actually created a new commit, independent of the + * shell's exit code. Goes through `child_process.execFile` rather + * than {@link ShellExecutionService} so the lookup is unaffected + * by test mocks of the shell service and stays well clear of any + * user-supplied shell wrapper. + */ private async getGitHead(cwd: string): Promise { return new Promise((resolve) => { const child = childProcess.execFile( @@ -1233,16 +1304,23 @@ export class ShellToolInvocation extends BaseToolInvocation< // contribution across the individual commits, so attaching the // combined note to HEAD would mis-attribute earlier commits' // changes to the last one. Snapshot prompt counters and bail. - if (preHead !== null) { - const commitCount = await this.countCommitsAfter(cwd, preHead); - if (commitCount > 1) { - debugLogger.warn( - `Refusing AI attribution for a multi-commit shell command (` + - `${commitCount} commits between ${preHead.slice(0, 12)} and HEAD).`, - ); - attributionService.clearAttributions(true); - return; - } + // + // For a brand-new repo (preHead === null), use `git rev-list + // --count HEAD` so the very first compound `init && commit a && + // commit b` chain still gets caught. + const commitCount = + preHead !== null + ? await this.countCommitsAfter(cwd, preHead) + : await this.countCommitsFromRoot(cwd); + if (commitCount > 1) { + debugLogger.warn( + `Refusing AI attribution for a multi-commit shell command ` + + `(${commitCount} commits since ${ + preHead ? preHead.slice(0, 12) : 'repo root' + }).`, + ); + attributionService.clearAttributions(true); + return; } // A new commit landed. Even when no per-file attribution was @@ -1265,6 +1343,7 @@ export class ShellToolInvocation extends BaseToolInvocation< return; } + let committedAbsolutePaths: Set | null = null; try { // Analyze the just-committed files by diffing HEAD against its parent. // The commit already happened, so we diff HEAD~1..HEAD instead of --cached. @@ -1279,6 +1358,16 @@ export class ShellToolInvocation extends BaseToolInvocation< // mismatch here would cause path.relative to produce `../...` keys // that never match in the AI-attribution lookup. const baseDir = stagedInfo.repoRoot ?? this.config.getTargetDir(); + + // Capture the absolute paths actually included in this commit so + // the finally block can do a partial clear: files the AI edited + // but the user didn't `git add` should still be tracked for a + // later commit. Resolved against `baseDir` because diff paths + // are repo-root-relative. + committedAbsolutePaths = new Set( + stagedInfo.files.map((rel) => path.resolve(baseDir, rel)), + ); + const note = attributionService.generateNotePayload( stagedInfo, baseDir, @@ -1334,7 +1423,17 @@ export class ShellToolInvocation extends BaseToolInvocation< `Failed to attach AI attribution note: ${getErrorMessage(err)}`, ); } finally { - attributionService.clearAttributions(); + // Partial clear: only drop tracking for the files that actually + // landed in this commit. Files the AI edited but the user + // omitted from `git add` stay pending for a later commit. + // If we never determined the committed set (early failure in + // getCommittedFileInfo), fall back to a full clear so we don't + // leak stale per-file state — counters still get snapshotted. + if (committedAbsolutePaths) { + attributionService.clearAttributedFiles(committedAbsolutePaths); + } else { + attributionService.clearAttributions(true); + } } } @@ -1363,39 +1462,42 @@ export class ShellToolInvocation extends BaseToolInvocation< }; try { - // Detect whether HEAD has a parent. Also fails for shallow clones - // where the parent was pruned, which is fine — diff-tree --root is - // a safe fallback that diffs against the empty tree. - const hasParent = (await runGit('rev-parse --verify HEAD~1')).length > 0; - - // Capture the repo root so the attribution service can reconcile - // paths from `git diff` (relative to the toplevel) against absolute - // paths recorded by the edit/write tools. Using the configured - // target directory as base would zero out attribution for any file - // outside it. - const repoRoot = (await runGit('rev-parse --show-toplevel')).trim(); - - // Get changed file names. - // For the initial commit (no parent), use diff-tree --root since - // `git diff --root` is not a valid option for porcelain diff. - let nameOutput: string; - let statusOutput: string; - let numstatOutput: string; - if (hasParent) { - nameOutput = await runGit('diff --name-only HEAD~1 HEAD'); - statusOutput = await runGit('diff --name-status HEAD~1 HEAD'); - numstatOutput = await runGit('diff --numstat HEAD~1 HEAD'); - } else { - nameOutput = await runGit( - 'diff-tree --root --no-commit-id -r --name-only HEAD', - ); - statusOutput = await runGit( - 'diff-tree --root --no-commit-id -r --name-status HEAD', - ); - numstatOutput = await runGit( - 'diff-tree --root --no-commit-id -r --numstat HEAD', - ); - } + // The two `rev-parse` calls are independent — fan out so we + // don't pay the spawn latency twice serially. Same for the + // three diff calls below once we know which form to use. + const [hasParentOutput, repoRootOutput] = await Promise.all([ + runGit('rev-parse --verify HEAD~1'), + runGit('rev-parse --show-toplevel'), + ]); + // hasParent fails for shallow clones where the parent was + // pruned, which is fine — diff-tree --root is a safe fallback + // that diffs against the empty tree. + const hasParent = hasParentOutput.length > 0; + // Capture the repo root so the attribution service can + // reconcile paths from `git diff` (relative to the toplevel) + // against absolute paths recorded by the edit/write tools. + // Using the configured target directory as base would zero out + // attribution for any file outside it. + const repoRoot = repoRootOutput.trim(); + + // For the initial commit (no parent), use diff-tree --root + // since `git diff --root` isn't valid for porcelain diff. + const diffArgs = hasParent + ? { + name: 'diff --name-only HEAD~1 HEAD', + status: 'diff --name-status HEAD~1 HEAD', + numstat: 'diff --numstat HEAD~1 HEAD', + } + : { + name: 'diff-tree --root --no-commit-id -r --name-only HEAD', + status: 'diff-tree --root --no-commit-id -r --name-status HEAD', + numstat: 'diff-tree --root --no-commit-id -r --numstat HEAD', + }; + const [nameOutput, statusOutput, numstatOutput] = await Promise.all([ + runGit(diffArgs.name), + runGit(diffArgs.status), + runGit(diffArgs.numstat), + ]); const files = nameOutput .split('\n') @@ -1469,16 +1571,27 @@ export class ShellToolInvocation extends BaseToolInvocation< // [^"\\] matches any char except double-quote and backslash // \\. matches escape sequences like \" or \\ // (?:...|...)* matches normal chars or escapes, repeated - const doubleQuotePattern = /(-[a-zA-Z]*m\s*)"((?:[^"\\]|\\.)*)"/; + const doubleQuotePattern = /(-[a-zA-Z]*m\s*)"((?:[^"\\]|\\.)*)"/g; // Bash single quotes can't be escaped, so apostrophes inside a // single-quoted message use the close-escape-reopen form `'\''` // (e.g. `git commit -m 'don'\''t'`). The negative lookahead leaves // those alone — rewriting them correctly needs a real shell parser // and a wrong rewrite would mid-insert the trailer and break the // command's quoting. - const singleQuotePattern = /(-[a-zA-Z]*m\s*)'([^']*)'(?!\\'')/; - const doubleMatch = command.match(doubleQuotePattern); - const singleMatch = command.match(singleQuotePattern); + const singleQuotePattern = /(-[a-zA-Z]*m\s*)'([^']*)'(?!\\'')/g; + // Git concatenates multiple `-m` values with a blank line, so the + // co-author trailer has to land in the *last* `-m` value to be + // recognised by `git interpret-trailers`. matchAll → take the + // last match. + const lastMatch = ( + matches: IterableIterator, + ): T | null => { + let result: T | null = null; + for (const m of matches) result = m; + return result; + }; + const doubleMatch = lastMatch(command.matchAll(doubleQuotePattern)); + const singleMatch = lastMatch(command.matchAll(singleQuotePattern)); const match = doubleMatch ?? singleMatch; const quote = doubleMatch ? '"' : "'"; @@ -1497,9 +1610,11 @@ export class ShellToolInvocation extends BaseToolInvocation< const newMessage = existingMessage + coAuthor; const replacement = prefix + quote + newMessage + quote; - // Use indexOf + slice instead of String.replace() to avoid - // special replacement patterns ($&, $1, etc.) in user content - const idx = command.indexOf(fullMatch); + // Use match.index + slice (rather than indexOf) so multiple + // `-m` flags don't collide — we want the position of the + // *last* match, not the first occurrence of a string that + // could appear earlier in the command. + const idx = match.index ?? command.indexOf(fullMatch); if (idx >= 0) { return ( command.slice(0, idx) + @@ -1556,13 +1671,15 @@ export class ShellToolInvocation extends BaseToolInvocation< : `\n\n🤖 Generated with Qwen Code`; // Append to --body "..." or --body '...' - const bodyDoublePattern = /(--body\s+)"((?:[^"\\]|\\.)*)"/; + // Accept both space and `=` between flag and value: `gh pr create + // --body "..."` and `gh pr create --body="..."` are both valid. + const bodyDoublePattern = /(--body[\s=]+)"((?:[^"\\]|\\.)*)"/; // Bash apostrophes inside a single-quoted body use the // close-escape-reopen form `'\''`. The inner alternation matches // either a non-apostrophe character or that escape sequence as a // whole, so the trailer lands at the true end of the body rather // than after only the first quoted segment. - const bodySinglePattern = /(--body\s+)'((?:[^']|'\\'')*)'/; + const bodySinglePattern = /(--body[\s=]+)'((?:[^']|'\\'')*)'/; const bodyDoubleMatch = command.match(bodyDoublePattern); const bodySingleMatch = command.match(bodySinglePattern); const bodyMatch = bodyDoubleMatch ?? bodySingleMatch; From 89ee3e38b070470bd1df5c5ac152d423d3c9163a Mon Sep 17 00:00:00 2001 From: wenshao Date: Sat, 2 May 2026 05:39:00 +0800 Subject: [PATCH 22/64] fix(attribution): canonicalize file paths centrally in CommitAttributionService MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Two related Copilot follow-ups: - recordEdit/getFileAttribution/clearAttributedFiles now run input paths through fs.realpathSync before storing/looking up, so a symlinked path (e.g. macOS /var ↔ /private/var) resolves to the same key regardless of which form the caller passes. Previously edit.ts/write-file.ts handed in non-realpath'd absolute paths while generateNotePayload tried to realpath only inside its lookup loop, leaving partial-clear and clear-on-finally paths unable to find entries when the forms diverged. - restoreFromSnapshot also canonicalises on the way in so a session resumed from a pre-fix snapshot (where keys may not have been canonical) ends up with the same shape as newly recorded entries — otherwise a single file could end up with two parallel records. - generateNotePayload's lookup loop dropped its per-entry realpath call (now redundant since keys are canonical at write time), keeping only the realpath of `baseDir` (which still comes from `git rev-parse --show-toplevel` and may be a symlink). - Updated `clearAttributedFiles` doc to describe the new semantics: callers can pass either the resolved repo-relative path or an already-canonical absolute path, and either will match. --- .../core/src/services/commitAttribution.ts | 59 ++++++++++++------- 1 file changed, 39 insertions(+), 20 deletions(-) diff --git a/packages/core/src/services/commitAttribution.ts b/packages/core/src/services/commitAttribution.ts index def43a6d3c5..09ef36c5fed 100644 --- a/packages/core/src/services/commitAttribution.ts +++ b/packages/core/src/services/commitAttribution.ts @@ -197,21 +197,28 @@ export class CommitAttributionService { * Record an AI edit to a file. * Uses prefix/suffix matching for precise character-level contribution. * On first edit of a file, saves a session baseline of the old content. + * + * `filePath` is canonicalised via `fs.realpathSync` before being used + * as a key, so symlinked paths (e.g. `/var/...` ↔ `/private/var/...` + * on macOS) collapse to the same entry instead of silently producing + * two parallel records. */ recordEdit( filePath: string, oldContent: string | null, newContent: string, ): void { - const existing = this.fileAttributions.get(filePath) || { + const key = realpathOrSelf(filePath); + + const existing = this.fileAttributions.get(key) || { aiContribution: 0, aiCreated: false, contentHash: '', }; // Save baseline on first AI touch (before AI modifies it) - if (!this.sessionBaselines.has(filePath) && oldContent !== null) { - this.sessionBaselines.set(filePath, { + if (!this.sessionBaselines.has(key) && oldContent !== null) { + this.sessionBaselines.set(key, { contentHash: computeContentHash(oldContent), mtime: Date.now(), }); @@ -226,7 +233,7 @@ export class CommitAttributionService { existing.aiCreated = true; } - this.fileAttributions.set(filePath, existing); + this.fileAttributions.set(key, existing); } // ----------------------------------------------------------------------- @@ -267,7 +274,9 @@ export class CommitAttributionService { } getFileAttribution(filePath: string): FileAttribution | undefined { - const attr = this.fileAttributions.get(filePath); + // Canonicalise so callers don't have to know about the realpath + // normalization happening inside `recordEdit`. + const attr = this.fileAttributions.get(realpathOrSelf(filePath)); return attr ? { ...attr } : undefined; } @@ -301,18 +310,20 @@ export class CommitAttributionService { * they're still credited on a later commit. Snapshots prompt * counters since a commit did succeed. * - * Keys must be the absolute paths used by `recordEdit` — callers - * are responsible for resolving repo-relative diff paths against - * the repo root (and following symlinks via fs.realpath where - * needed) before passing them in. + * Each input path is canonicalised via `fs.realpathSync` before the + * lookup, so callers can pass either the resolved repo-relative + * path (`path.resolve(repoRoot, rel)`) or an already-canonical + * absolute path — either form will match the entries written by + * `recordEdit`. */ clearAttributedFiles(committedAbsolutePaths: Set): void { this.promptCountAtLastCommit = this.promptCount; this.permissionPromptCountAtLastCommit = this.permissionPromptCount; this.escapeCountAtLastCommit = this.escapeCount; for (const p of committedAbsolutePaths) { - this.fileAttributions.delete(p); - this.sessionBaselines.delete(p); + const key = realpathOrSelf(p); + this.fileAttributions.delete(key); + this.sessionBaselines.delete(key); } } @@ -357,11 +368,17 @@ export class CommitAttributionService { this.fileAttributions.clear(); for (const [k, v] of Object.entries(snapshot.fileStates ?? {})) { - this.fileAttributions.set(k, { ...v }); + // Re-canonicalise on restore so old snapshots (written before + // recordEdit started running keys through realpath) end up + // with the same shape as newly-recorded entries — otherwise a + // session resumed from a pre-fix snapshot could have two + // parallel records for the same file under symlink/canonical + // forms. + this.fileAttributions.set(realpathOrSelf(k), { ...v }); } this.sessionBaselines.clear(); for (const [k, v] of Object.entries(snapshot.baselines ?? {})) { - this.sessionBaselines.set(k, { ...v }); + this.sessionBaselines.set(realpathOrSelf(k), { ...v }); } } @@ -388,17 +405,19 @@ export class CommitAttributionService { let totalAiChars = 0; let totalHumanChars = 0; - // Build lookup: relative path → tracked AI contribution. Both - // sides are run through realpath so symlinked /var ↔ /private/var - // (macOS) or other symlink mismatches don't make - // `path.relative` produce a `../...` key that never matches the - // diff output. Normalize separators to forward slashes so git - // paths line up on Windows. + // Build lookup: relative path → tracked AI contribution. Keys in + // `fileAttributions` are already canonical (recordEdit runs them + // through realpath); we only need to canonicalise `baseDir`, + // which comes from `git rev-parse --show-toplevel` and may be a + // symlink (e.g. macOS `/var` → `/private/var`). Without that + // canonicalisation `path.relative` would produce a `../...` key + // that never matches the diff output. Normalize separators to + // forward slashes so git paths line up on Windows. const canonicalBase = realpathOrSelf(baseDir); const aiLookup = new Map(); for (const [absPath, attr] of this.fileAttributions) { const rel = path - .relative(canonicalBase, realpathOrSelf(absPath)) + .relative(canonicalBase, absPath) .split(path.sep) .join('/'); aiLookup.set(rel, attr); From 2dd792c87e348430be8356e3a37d5e0d6648c674 Mon Sep 17 00:00:00 2001 From: wenshao Date: Sat, 2 May 2026 09:22:55 +0800 Subject: [PATCH 23/64] fix(attribution): canonicalize-from-root cleanup; fix mixed-quote -m / gh -R= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Five review items, one Critical: - attachCommitAttribution now canonicalises via the repo *root* (one realpath call) and resolves committed paths against that canonical root, rather than per-leaf realpath inside clearAttributedFiles. At cleanup time the leaf for a just-deleted file no longer exists, so per-leaf fs.realpathSync would fail and silently fall back to a non-canonical path that misses the stored canonical key — leaving stale attributions for deleted files. clearAttributedFiles drops its internal realpath and now documents the canonical-paths-required precondition explicitly. - addCoAuthorToGitCommit picks the LAST `-m` regardless of quote style. Previously `doubleMatch ?? singleMatch` always preferred the last double-quoted match, so `git commit -m "Title" -m 'Body'` injected the trailer into the title where git interpret-trailers would silently ignore it. Now compares match indices, and the escape helper follows the actually-selected match's quote style. - parseGhInvocation handles `-R=value` (the equals form of the short `--repo` alias). `--repo=...` and `--hostname=...` were already covered; `-R=...` previously fell through to the generic flag branch and skipped the value. - New tests for the symlink-aware canonicalisation: macOS-style `/var` ↔ `/private/var` mapping is mocked via vi.mock on node:fs, with cases for record-then-look-up under either form, generateNotePayload with a symlinked baseDir, partial clear via the canonical-root-derived path (deleted leaf), and snapshot restore canonicalisation. - Doc-only: integration-test header comments updated from "V1 -> V2 -> V3" / "migration to V3" to reflect the actual V4 end state (assertions already used the literal `4`). --- .../cli/settings-migration.test.ts | 26 +++-- .../src/services/commitAttribution.test.ts | 110 +++++++++++++++++- .../core/src/services/commitAttribution.ts | 16 +-- packages/core/src/tools/shell.ts | 55 ++++++--- 4 files changed, 174 insertions(+), 33 deletions(-) diff --git a/integration-tests/cli/settings-migration.test.ts b/integration-tests/cli/settings-migration.test.ts index a68a01ec158..470b55b2ba7 100644 --- a/integration-tests/cli/settings-migration.test.ts +++ b/integration-tests/cli/settings-migration.test.ts @@ -27,13 +27,17 @@ const { } = workspacesSettings; /** - * Integration tests for settings migration chain (V1 -> V2 -> V3) + * Integration tests for settings migration chain (V1 -> V2 -> V3 -> V4) * * These tests verify that: - * 1. V1 settings are automatically migrated to V3 on CLI startup - * 2. V2 settings are automatically migrated to V3 on CLI startup - * 3. V3 settings remain unchanged + * 1. V1 settings are automatically migrated to V4 on CLI startup + * 2. V2 settings are automatically migrated to V4 on CLI startup + * 3. V3 settings are automatically migrated to V4 on CLI startup * 4. Migration is idempotent (running multiple times produces same result) + * + * The numeric assertions use the literal `4` to match + * `SETTINGS_VERSION`; bump that constant and the literal together + * when adding a future migration. */ describe('settings-migration', () => { let rig: TestRig; @@ -77,7 +81,7 @@ describe('settings-migration', () => { }; describe('V1 settings migration', () => { - it('should migrate V1 settings to V3 on CLI startup', async () => { + it('should migrate V1 settings forward through the chain on CLI startup', async () => { rig.setup('v1-to-v3-migration'); // Write V1 settings directly (overwrites the one created by setup) @@ -94,7 +98,7 @@ describe('settings-migration', () => { // Read migrated settings const migratedSettings = readSettingsFile(rig); - // Verify migration to V3 + // Verify migration to V4 (current SETTINGS_VERSION) expect(migratedSettings['$version']).toBe(4); expect(migratedSettings['ui']).toEqual({ theme: 'dark', @@ -161,7 +165,7 @@ describe('settings-migration', () => { // Read migrated settings const migratedSettings = readSettingsFile(rig); - // Should be migrated to V3 + // Should be migrated to V4 expect(migratedSettings['$version']).toBe(4); // Legacy string values for ui/general should be preserved as-is (user data) expect(migratedSettings['ui']).toBe('legacy-ui-string'); @@ -209,7 +213,7 @@ describe('settings-migration', () => { }); describe('V2 settings migration', () => { - it('should migrate V2 settings to V3 on CLI startup', async () => { + it('should migrate V2 settings forward through the chain on CLI startup', async () => { rig.setup('v2-to-v3-migration'); // Write V2 settings directly (overwrites the one created by setup) @@ -225,7 +229,7 @@ describe('settings-migration', () => { // Read migrated settings const migratedSettings = readSettingsFile(rig); - // Verify migration to V3 + // Verify migration to V4 (current SETTINGS_VERSION) expect(migratedSettings['$version']).toBe(4); // Verify disable* -> enable* conversion with inversion @@ -302,7 +306,7 @@ describe('settings-migration', () => { // Read migrated settings const migratedSettings = readSettingsFile(rig); - // Should be updated to V3 version + // Should be updated to V4 version expect(migratedSettings['$version']).toBe(4); // Other settings should remain unchanged expect(migratedSettings['ui']).toEqual({ theme: 'dark' }); @@ -335,7 +339,7 @@ describe('settings-migration', () => { expect(migratedSettings['customOnlyKey']).toBe('value'); }); - it('should coerce valid string booleans and remove invalid deprecated keys while bumping V2 to V3', async () => { + it('should coerce valid string booleans and remove invalid deprecated keys while bumping V2 forward through the chain', async () => { rig.setup('v2-non-boolean-disable-values-migration'); // Cover both coercible string booleans and invalid non-boolean values: diff --git a/packages/core/src/services/commitAttribution.test.ts b/packages/core/src/services/commitAttribution.test.ts index 80807f6ed35..0a094863096 100644 --- a/packages/core/src/services/commitAttribution.test.ts +++ b/packages/core/src/services/commitAttribution.test.ts @@ -4,7 +4,18 @@ * SPDX-License-Identifier: Apache-2.0 */ -import { describe, it, expect, beforeEach } from 'vitest'; +import { describe, it, expect, beforeEach, vi, afterEach } from 'vitest'; + +// Stub `fs.realpathSync` so the symlink-aware tests below can simulate +// macOS-style `/var` ↔ `/private/var` mapping without needing a real +// symlink in the filesystem. Other tests don't touch realpath, so the +// pass-through default keeps them unaffected. +vi.mock('node:fs', async () => { + const actual = await vi.importActual('node:fs'); + return { ...actual, realpathSync: vi.fn(actual.realpathSync) }; +}); + +import * as fs from 'node:fs'; import { CommitAttributionService, computeCharContribution, @@ -282,4 +293,101 @@ describe('CommitAttributionService', () => { expect(note.summary.aiChars).toBe(40); }); }); + + // The service realpath's file paths at every entry/exit point so a + // symlinked vs canonical absolute path collapses to one entry. This + // matters most on macOS (`/var` → `/private/var`), where edit.ts + // can record a path under one form while git rev-parse reports the + // other — without canonicalisation, the lookup never matches and + // AI attribution silently zeroes out. + describe('symlink-aware path canonicalisation', () => { + beforeEach(() => { + // Map any /var/... input to /private/var/... (the macOS-ism). + // Anything else passes through unchanged. + vi.mocked(fs.realpathSync).mockImplementation(((input: unknown) => { + const s = String(input); + if (s.startsWith('/var/')) return s.replace('/var/', '/private/var/'); + if (s === '/var') return '/private/var'; + return s; + }) as unknown as typeof fs.realpathSync); + }); + afterEach(() => { + vi.mocked(fs.realpathSync).mockReset(); + }); + + it('records and looks up under the canonical path', () => { + const service = CommitAttributionService.getInstance(); + service.recordEdit('/var/repo/src/main.ts', '', 'x'.repeat(50)); + + // Lookup with EITHER form should work — the service canonicalises + // both write and read. + expect(service.getFileAttribution('/var/repo/src/main.ts')).toBeDefined(); + expect( + service.getFileAttribution('/private/var/repo/src/main.ts'), + ).toBeDefined(); + }); + + it('matches diff paths when baseDir is the symlinked form', () => { + const service = CommitAttributionService.getInstance(); + service.recordEdit('/var/repo/src/main.ts', '', 'x'.repeat(80)); + + // generateNotePayload receives the symlinked baseDir; the loop + // canonicalises it before computing path.relative against the + // (already-canonical) keys. + const staged = makeStagedInfo(['src/main.ts'], { 'src/main.ts': 80 }); + const note = service.generateNotePayload(staged, '/var/repo'); + + expect(note.files['src/main.ts']!.aiChars).toBe(80); + expect(note.files['src/main.ts']!.percent).toBe(100); + }); + + it('clearAttributedFiles deletes by canonical key without realpath-ing the leaf', () => { + const service = CommitAttributionService.getInstance(); + service.recordEdit('/var/repo/src/deleted.ts', '', 'will be removed'); + expect( + service.getFileAttribution('/var/repo/src/deleted.ts'), + ).toBeDefined(); + + // Caller composes paths against a canonical baseDir (mirrors + // attachCommitAttribution's pattern), so the leaf doesn't need + // to exist for the delete to find the right key. + service.clearAttributedFiles( + new Set(['/private/var/repo/src/deleted.ts']), + ); + expect( + service.getFileAttribution('/var/repo/src/deleted.ts'), + ).toBeUndefined(); + }); + + it('canonicalises keys on snapshot restore', () => { + const service = CommitAttributionService.getInstance(); + service.restoreFromSnapshot({ + type: 'attribution-snapshot', + surface: 'cli', + // Snapshot written before the canonicalisation fix could carry + // either form; restore should normalise to canonical. + fileStates: { + '/var/repo/src/legacy.ts': { + aiContribution: 99, + aiCreated: false, + contentHash: 'abc', + }, + }, + baselines: {}, + promptCount: 0, + promptCountAtLastCommit: 0, + permissionPromptCount: 0, + permissionPromptCountAtLastCommit: 0, + escapeCount: 0, + escapeCountAtLastCommit: 0, + }); + + // Lookup under the canonical form succeeds even though the + // snapshot wrote the symlink form. + expect( + service.getFileAttribution('/private/var/repo/src/legacy.ts')! + .aiContribution, + ).toBe(99); + }); + }); }); diff --git a/packages/core/src/services/commitAttribution.ts b/packages/core/src/services/commitAttribution.ts index 09ef36c5fed..f1eeb4c3feb 100644 --- a/packages/core/src/services/commitAttribution.ts +++ b/packages/core/src/services/commitAttribution.ts @@ -310,20 +310,20 @@ export class CommitAttributionService { * they're still credited on a later commit. Snapshots prompt * counters since a commit did succeed. * - * Each input path is canonicalised via `fs.realpathSync` before the - * lookup, so callers can pass either the resolved repo-relative - * path (`path.resolve(repoRoot, rel)`) or an already-canonical - * absolute path — either form will match the entries written by - * `recordEdit`. + * Inputs must already be canonical absolute paths. The caller + * should resolve repo-relative diff entries against a canonical + * (realpath'd) repo root rather than realpathing each leaf — at + * cleanup time the leaf for a just-deleted file no longer exists, + * so per-leaf `fs.realpathSync` would fail and fall back to a + * non-canonical path that misses the stored canonical key. */ clearAttributedFiles(committedAbsolutePaths: Set): void { this.promptCountAtLastCommit = this.promptCount; this.permissionPromptCountAtLastCommit = this.permissionPromptCount; this.escapeCountAtLastCommit = this.escapeCount; for (const p of committedAbsolutePaths) { - const key = realpathOrSelf(p); - this.fileAttributions.delete(key); - this.sessionBaselines.delete(key); + this.fileAttributions.delete(p); + this.sessionBaselines.delete(p); } } diff --git a/packages/core/src/tools/shell.ts b/packages/core/src/tools/shell.ts index 4639a2ead42..75c6a9b8688 100644 --- a/packages/core/src/tools/shell.ts +++ b/packages/core/src/tools/shell.ts @@ -304,7 +304,11 @@ function parseGhInvocation(tokens: string[]): string[] { i += 2; continue; } - if (t.startsWith('--repo=') || t.startsWith('--hostname=')) { + if ( + t.startsWith('--repo=') || + t.startsWith('--hostname=') || + t.startsWith('-R=') + ) { i++; continue; } @@ -1362,10 +1366,22 @@ export class ShellToolInvocation extends BaseToolInvocation< // Capture the absolute paths actually included in this commit so // the finally block can do a partial clear: files the AI edited // but the user didn't `git add` should still be tracked for a - // later commit. Resolved against `baseDir` because diff paths - // are repo-root-relative. + // later commit. + // + // Canonicalise via the repo root rather than each leaf: deleted + // files don't exist at this point so `fs.realpathSync` on the + // leaf would fail. Realpath the directory once (which still + // exists) and resolve repo-relative paths against the canonical + // root — the resulting absolute path matches the canonical key + // recordEdit stored even when the file has since been deleted. + let canonicalBase: string; + try { + canonicalBase = fs.realpathSync(baseDir); + } catch { + canonicalBase = baseDir; + } committedAbsolutePaths = new Set( - stagedInfo.files.map((rel) => path.resolve(baseDir, rel)), + stagedInfo.files.map((rel) => path.resolve(canonicalBase, rel)), ); const note = attributionService.generateNotePayload( @@ -1592,15 +1608,28 @@ export class ShellToolInvocation extends BaseToolInvocation< }; const doubleMatch = lastMatch(command.matchAll(doubleQuotePattern)); const singleMatch = lastMatch(command.matchAll(singleQuotePattern)); - const match = doubleMatch ?? singleMatch; - const quote = doubleMatch ? '"' : "'"; - - // Escape the configured name/email for the surrounding quote style. - // Without this, a name like `Bot $(rm -rf /)` would be evaluated as - // command substitution when the shell parses the rewritten command. - const escape = doubleMatch - ? escapeForBashDoubleQuote - : escapeForBashSingleQuote; + // Pick whichever match appears LAST in the command string, + // regardless of quote style. For `-m "Title" -m 'Body'`, a + // simple `doubleMatch ?? singleMatch` would target the title + // (last double match) and bury the trailer in the wrong field — + // git interpret-trailers only recognises a trailer at the end + // of the final `-m` value. + const match = + doubleMatch && singleMatch + ? (doubleMatch.index ?? 0) > (singleMatch.index ?? 0) + ? doubleMatch + : singleMatch + : (doubleMatch ?? singleMatch); + const quote = match === doubleMatch ? '"' : "'"; + + // Escape the configured name/email for the surrounding quote + // style — has to follow the actually-selected match, not just + // whether a double-quoted -m exists somewhere earlier (a later + // single-quoted -m wins on index comparison above). + const escape = + match === doubleMatch + ? escapeForBashDoubleQuote + : escapeForBashSingleQuote; const escapedName = escape(gitCoAuthorSettings.name ?? ''); const escapedEmail = escape(gitCoAuthorSettings.email ?? ''); const coAuthor = `\n\nCo-authored-by: ${escapedName} <${escapedEmail}>`; From 222b1884dcdd4bfa98fca945fdc329f15dee4f0f Mon Sep 17 00:00:00 2001 From: wenshao Date: Sat, 2 May 2026 11:04:31 +0800 Subject: [PATCH 24/64] fix(shell): scope -m rewrite to commit segment, reject nested matches MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Two Critical findings on addCoAuthorToGitCommit, plus a Copilot maintainability nit: - The `-m` regex used to scan the whole compound command, so `git commit -m "fix" && git tag -a v1 -m "release"` would target the LATER tag annotation (last -m wins) and splice the trailer there instead of the commit message. The rewrite now scopes to the actual `git commit` segment via a new findAttributableCommitSegment(): same shell-aware walk gitCommitContext does, but returning the segment's character range so the regex can be run on a slice and spliced back into the original command. - Within the segment, a literal `-m '...'` *inside* a quoted body was treated as a real later -m. For `git commit -m "docs mention -m 'flag' for completeness"`, the inner single-quoted -m sits at a higher index than the real outer -m, and the previous index comparison would have it win — splicing the trailer mid-message and corrupting the quoting. The new code checks whether the candidate is nested inside the other quote-style's range (start/end containment) and prefers the outer match when so. - Hoisted three constant Sets (sudo flag list, git global flags taking values, git global flags shifting cwd, gh global flags) out of the per-call scope to module constants. Functional no-op, but keeps the parsing helpers easier to read and avoids re-allocating the Sets on every command. Two regression tests added for the cases above: - inner `-m '...'` inside the outer message body is preserved literally and the trailer lands after the body - `git tag -a v1 -m "release notes"` after a real `git commit -m "fix"` is left untouched, with the trailer appended to "fix" only --- packages/core/src/tools/shell.test.ts | 69 ++++++++++ packages/core/src/tools/shell.ts | 187 +++++++++++++++++--------- 2 files changed, 195 insertions(+), 61 deletions(-) diff --git a/packages/core/src/tools/shell.test.ts b/packages/core/src/tools/shell.test.ts index e321808c409..8a2e8a2430f 100644 --- a/packages/core/src/tools/shell.test.ts +++ b/packages/core/src/tools/shell.test.ts @@ -1315,6 +1315,75 @@ describe('ShellTool', () => { expect(observed).toMatch(/-m\s+"Title"\s/); }); + // Concern: a literal `-m '...'` *inside* a quoted commit + // message body could be picked up by the regex as if it were a + // real later argument, splicing the trailer mid-message and + // breaking the command's quoting. + it('should not be fooled by a literal -m token inside the quoted message body', async () => { + const command = + 'git commit -m "docs mention -m \'flag\' for completeness"'; + const invocation = shellTool.build({ command, is_background: false }); + const promise = invocation.execute(mockAbortSignal); + + resolveExecutionPromise({ + rawOutput: Buffer.from(''), + output: '', + exitCode: 0, + signal: null, + error: null, + aborted: false, + pid: 12345, + executionMethod: 'child_process', + }); + + await promise; + + const observed = mockShellExecutionService.mock.calls[0][0]; + // The original message body must be preserved end-to-end — + // no trailer spliced before its closing quote. + expect(observed).toContain( + "-m \"docs mention -m 'flag' for completeness", + ); + // The trailer must land AFTER the original body, just before + // the message's outer closing quote. + expect(observed).toMatch( + /docs mention -m 'flag' for completeness\s+Co-authored-by:[^"]+"/s, + ); + }); + + // Concern: a later `git tag -m "..."` in the same compound + // command could be mistaken for the commit message because the + // regex was matching across the whole command string. + it('should target the commit message, not a later git tag -m in the same chain', async () => { + const command = + 'git commit -m "fix" && git tag -a v1 -m "release notes"'; + const invocation = shellTool.build({ command, is_background: false }); + const promise = invocation.execute(mockAbortSignal); + + resolveExecutionPromise({ + rawOutput: Buffer.from(''), + output: '', + exitCode: 0, + signal: null, + error: null, + aborted: false, + pid: 12345, + executionMethod: 'child_process', + }); + + await promise; + + const observed = mockShellExecutionService.mock.calls[0][0]; + // The trailer is appended to the commit message body... + expect(observed).toMatch(/git commit -m "fix\s+Co-authored-by:[^"]+"/s); + // ...and the later `git tag -m` is left exactly as the user + // wrote it. + expect(observed).toContain('git tag -a v1 -m "release notes"'); + // The tag annotation must not have a trailer spliced in. + const tagMatch = observed.match(/git tag .*-m "([^"]*)"/); + expect(tagMatch?.[1]).toBe('release notes'); + }); + it('should add co-author when git commit is prefixed with sudo', async () => { const command = 'sudo git commit -m "Test"'; const invocation = shellTool.build({ command, is_background: false }); diff --git a/packages/core/src/tools/shell.ts b/packages/core/src/tools/shell.ts index 75c6a9b8688..4c106cbce2c 100644 --- a/packages/core/src/tools/shell.ts +++ b/packages/core/src/tools/shell.ts @@ -127,21 +127,6 @@ function tokeniseSegment(segment: string): string[] | null { if (tokens[i] === 'sudo' || tokens[i] === 'command') { const wrapper = tokens[i]; i++; - const sudoFlagsWithValue = new Set([ - '-u', - '-g', - '-h', - '-D', - '-r', - '-t', - '-C', - '--user', - '--group', - '--host', - '--chdir', - '--role', - '--type', - ]); while (i < tokens.length && tokens[i]!.startsWith('-')) { const flag = tokens[i]!; i++; @@ -149,7 +134,7 @@ function tokeniseSegment(segment: string): string[] | null { // `command`'s flag-only options we leave i alone. if ( wrapper === 'sudo' && - sudoFlagsWithValue.has(flag) && + SUDO_FLAGS_WITH_VALUE.has(flag) && i < tokens.length ) { i++; @@ -159,6 +144,22 @@ function tokeniseSegment(segment: string): string[] | null { return tokens.slice(i); } +const SUDO_FLAGS_WITH_VALUE = new Set([ + '-u', + '-g', + '-h', + '-D', + '-r', + '-t', + '-C', + '--user', + '--group', + '--host', + '--chdir', + '--role', + '--type', +]); + /** * Walk a `git ...` token sequence past git's global flags * (`-c key=val`, `-C path`, `--no-pager`, `--git-dir`, `--work-tree`, @@ -169,31 +170,31 @@ function tokeniseSegment(segment: string): string[] | null { * `changesCwd` is true when any of the consumed flags would relocate * the working directory (`-C`, `--git-dir`, `--work-tree`). */ +// Two-token global flags whose second token is consumed as a value. +const GIT_GLOBAL_FLAGS_TAKES_VALUE = new Set([ + '-c', + '-C', + '--git-dir', + '--work-tree', + '--namespace', + '--exec-path', + '--config-env', + '--super-prefix', + '--list-cmds', +]); +// Flags whose presence shifts cwd interpretation. +const GIT_GLOBAL_FLAGS_SHIFTS_CWD = new Set(['-C', '--git-dir', '--work-tree']); + function parseGitInvocation(tokens: string[]): { subcommand: string | undefined; changesCwd: boolean; } { - // Two-token global flags whose second token is consumed as a value. - const TAKES_VALUE = new Set([ - '-c', - '-C', - '--git-dir', - '--work-tree', - '--namespace', - '--exec-path', - '--config-env', - '--super-prefix', - '--list-cmds', - ]); - // Flags whose presence shifts cwd interpretation. - const SHIFTS_CWD = new Set(['-C', '--git-dir', '--work-tree']); - let i = 1; // skip 'git' let changesCwd = false; while (i < tokens.length) { const t = tokens[i]!; - if (TAKES_VALUE.has(t)) { - if (SHIFTS_CWD.has(t)) changesCwd = true; + if (GIT_GLOBAL_FLAGS_TAKES_VALUE.has(t)) { + if (GIT_GLOBAL_FLAGS_SHIFTS_CWD.has(t)) changesCwd = true; i += 2; continue; } @@ -295,12 +296,13 @@ function gitCommitContext(command: string): { * `parseGitInvocation`: a fixed-position check at index 1 misses * `gh --repo owner/repo pr create ...`, which is a common form. */ +const GH_GLOBAL_FLAGS_TAKES_VALUE = new Set(['--repo', '-R', '--hostname']); + function parseGhInvocation(tokens: string[]): string[] { - const TAKES_VALUE = new Set(['--repo', '-R', '--hostname']); let i = 1; // skip 'gh' while (i < tokens.length) { const t = tokens[i]!; - if (TAKES_VALUE.has(t)) { + if (GH_GLOBAL_FLAGS_TAKES_VALUE.has(t)) { i += 2; continue; } @@ -321,6 +323,46 @@ function parseGhInvocation(tokens: string[]): string[] { return []; } +/** + * Locate the character range of the *first* attributable + * `git commit` invocation in the (potentially compound) command, or + * `null` if none is attributable in the current cwd. The range + * covers the segment as `splitCommands` tokenised it — i.e. just + * the `git commit ...` part, NOT later `&& git tag -m ...` or + * earlier `git status &&` segments. + * + * Used by `addCoAuthorToGitCommit` to scope the `-m` regex rewrite + * so a later `git tag -m "..."` (different sub-command in the same + * compound) can't be mistaken for the commit message. + */ +function findAttributableCommitSegment( + command: string, +): { start: number; end: number } | null { + let cursor = 0; + let cwdShifted = false; + for (const sub of splitCommands(command)) { + const start = command.indexOf(sub, cursor); + if (start < 0) continue; + const end = start + sub.length; + cursor = end; + const tokens = tokeniseSegment(sub); + if (!tokens || tokens.length === 0) continue; + const program = tokens[0]!; + if (program === 'cd') { + if (!cwdShifted) cwdShifted = true; + continue; + } + if (program === 'git') { + const { subcommand, changesCwd } = parseGitInvocation(tokens); + if (subcommand === 'commit' && !cwdShifted && !changesCwd) { + return { start, end }; + } + if (changesCwd && !cwdShifted) cwdShifted = true; + } + } + return null; +} + /** * Detect whether `command` invokes `gh pr create` at the top level — * same shell-aware shape as `gitCommitContext` so quoted text like @@ -1570,7 +1612,8 @@ export class ShellToolInvocation extends BaseToolInvocation< // (with the trailer mid-string) back to the executor. The stricter // `attributableInCwd` is what we want here: only inject the // trailer when we're confident the commit lands in our cwd. - if (!gitCommitContext(command).attributableInCwd) { + const segmentRange = findAttributableCommitSegment(command); + if (!segmentRange) { return command; } @@ -1581,6 +1624,10 @@ export class ShellToolInvocation extends BaseToolInvocation< // both `-m foo` and `-mfoo`, and we shouldn't silently skip the // shorthand form. // + // The regex is scoped to the actual `git commit` segment (not the + // whole compound command) so a later `git tag -a v1 -m "..."` in + // the same chain can't be mistaken for the commit message. + // // Pattern breakdown: // -[a-zA-Z]*m matches -m, -am, -nm, etc. (combined short flags) // \s* matches optional whitespace after the flag @@ -1595,6 +1642,7 @@ export class ShellToolInvocation extends BaseToolInvocation< // and a wrong rewrite would mid-insert the trailer and break the // command's quoting. const singleQuotePattern = /(-[a-zA-Z]*m\s*)'([^']*)'(?!\\'')/g; + const segment = command.slice(segmentRange.start, segmentRange.end); // Git concatenates multiple `-m` values with a blank line, so the // co-author trailer has to land in the *last* `-m` value to be // recognised by `git interpret-trailers`. matchAll → take the @@ -1606,26 +1654,44 @@ export class ShellToolInvocation extends BaseToolInvocation< for (const m of matches) result = m; return result; }; - const doubleMatch = lastMatch(command.matchAll(doubleQuotePattern)); - const singleMatch = lastMatch(command.matchAll(singleQuotePattern)); - // Pick whichever match appears LAST in the command string, - // regardless of quote style. For `-m "Title" -m 'Body'`, a - // simple `doubleMatch ?? singleMatch` would target the title - // (last double match) and bury the trailer in the wrong field — - // git interpret-trailers only recognises a trailer at the end - // of the final `-m` value. - const match = - doubleMatch && singleMatch - ? (doubleMatch.index ?? 0) > (singleMatch.index ?? 0) - ? doubleMatch - : singleMatch - : (doubleMatch ?? singleMatch); + const doubleMatch = lastMatch(segment.matchAll(doubleQuotePattern)); + const singleMatch = lastMatch(segment.matchAll(singleQuotePattern)); + + // Pick whichever match appears LAST in the segment, regardless of + // quote style — but reject any candidate that's nested inside the + // other's range. For `git commit -m "docs mention -m 'flag'"` the + // single-quoted `-m 'flag'` lives INSIDE the double-quoted real + // message; without a nesting check the later (inner) `-m` would + // win and the trailer would be spliced into the body text. + const matchRange = (m: RegExpMatchArray | null) => + m ? { start: m.index ?? 0, end: (m.index ?? 0) + m[0].length } : null; + const isInside = ( + inner: RegExpMatchArray | null, + outer: RegExpMatchArray | null, + ): boolean => { + const i = matchRange(inner); + const o = matchRange(outer); + return !!(i && o && i.start >= o.start && i.end <= o.end); + }; + let match: RegExpMatchArray | null; + if (doubleMatch && singleMatch) { + if (isInside(singleMatch, doubleMatch)) { + match = doubleMatch; + } else if (isInside(doubleMatch, singleMatch)) { + match = singleMatch; + } else { + match = + (doubleMatch.index ?? 0) > (singleMatch.index ?? 0) + ? doubleMatch + : singleMatch; + } + } else { + match = doubleMatch ?? singleMatch; + } const quote = match === doubleMatch ? '"' : "'"; // Escape the configured name/email for the surrounding quote - // style — has to follow the actually-selected match, not just - // whether a double-quoted -m exists somewhere earlier (a later - // single-quoted -m wins on index comparison above). + // style — has to follow the actually-selected match. const escape = match === doubleMatch ? escapeForBashDoubleQuote @@ -1639,16 +1705,15 @@ export class ShellToolInvocation extends BaseToolInvocation< const newMessage = existingMessage + coAuthor; const replacement = prefix + quote + newMessage + quote; - // Use match.index + slice (rather than indexOf) so multiple - // `-m` flags don't collide — we want the position of the - // *last* match, not the first occurrence of a string that - // could appear earlier in the command. - const idx = match.index ?? command.indexOf(fullMatch); - if (idx >= 0) { + // Splice the modified segment back into the original command, + // preserving everything outside the commit segment exactly as + // the caller had it. + const matchStart = (match.index ?? 0) + segmentRange.start; + if (matchStart >= segmentRange.start) { return ( - command.slice(0, idx) + + command.slice(0, matchStart) + replacement + - command.slice(idx + fullMatch.length) + command.slice(matchStart + fullMatch.length) ); } } From 84d764bc031724f7c9cce8a62374bdae002a11b8 Mon Sep 17 00:00:00 2001 From: wenshao Date: Sat, 2 May 2026 14:06:57 +0800 Subject: [PATCH 25/64] fix(attribution): cd-leak, numstat partial failure, $() bailout, gh pr new alias MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Five Critical/Suggestion items: - `cd subdir && git commit` (or any non-attributable commit chain whose HEAD movement still happens in our cwd, e.g. cd into a subdirectory of the same repo) used to skip attribution AND fail to clear pending per-file entries. Those entries then leaked into the next foreground commit, inflating its AI percentage. New `else if (commitCtx.hasCommit)` branch in execute() compares pre- and post-HEAD; if HEAD moved we drop the per-file state. preHead is now snapshotted whenever ANY commit was attempted, not only attributable ones. - getCommittedFileInfo's three diff calls run in `Promise.all`. If `--numstat` failed while `--name-only` succeeded, every file's diffSize would be 0 and generateNotePayload would clamp aiChars to 0 — emitting a structurally valid note with all-zero AI percentages. Detect the partial-failure shape (files non-empty, diffSizes empty) and return empty so no note is written. - addCoAuthorToGitCommit and addAttributionToPR now bail when the captured `-m`/`--body` value contains `$(`. The tool description recommends `git commit -m "$(cat <<'EOF' ... EOF)"` for multi-line messages, but the regex's `(?:[^"\\]|\\.)*` body group stops at the first interior `"` from a nested shell token — splicing the trailer there breaks the command before it reaches the executor. - looksLikeGhPrCreate now accepts `gh pr new` as well — it's a documented alias for `gh pr create` and was silently skipped. - Removed `incrementPermissionPromptCount` / `incrementEscapeCount` and their getters: they had no production callers, so the backing fields just round-tripped through snapshots as 0. The four snapshot fields are now optional so pre-fix snapshots that carry non-zero values still load cleanly and just get ignored. Three regression tests added: heredoc-style `-m "$(cat < { service.recordEdit('/project/f.ts', null, 'hello'); service.incrementPromptCount(); service.incrementPromptCount(); - service.incrementPermissionPromptCount(); const snapshot = service.toSnapshot(); expect(snapshot.type).toBe('attribution-snapshot'); expect(snapshot.promptCount).toBe(2); - expect(snapshot.permissionPromptCount).toBe(1); expect(Object.keys(snapshot.fileStates)).toHaveLength(1); // Restore into a fresh instance diff --git a/packages/core/src/services/commitAttribution.ts b/packages/core/src/services/commitAttribution.ts index f1eeb4c3feb..126d85164dc 100644 --- a/packages/core/src/services/commitAttribution.ts +++ b/packages/core/src/services/commitAttribution.ts @@ -112,10 +112,17 @@ export interface AttributionSnapshot { baselines: Record; promptCount: number; promptCountAtLastCommit: number; - permissionPromptCount: number; - permissionPromptCountAtLastCommit: number; - escapeCount: number; - escapeCountAtLastCommit: number; + /** + * Reserved fields for future permission-prompt and escape counters. + * Currently unused in production; pre-fix snapshots may carry them + * with non-zero values, so the restore path tolerates them but the + * service no longer exposes increment methods until a real counter + * use case lands. + */ + permissionPromptCount?: number; + permissionPromptCountAtLastCommit?: number; + escapeCount?: number; + escapeCountAtLastCommit?: number; } // --------------------------------------------------------------------------- @@ -237,21 +244,13 @@ export class CommitAttributionService { } // ----------------------------------------------------------------------- - // Prompt / permission counting + // Prompt counting // ----------------------------------------------------------------------- incrementPromptCount(): void { this.promptCount++; } - incrementPermissionPromptCount(): void { - this.permissionPromptCount++; - } - - incrementEscapeCount(): void { - this.escapeCount++; - } - getPromptCount(): number { return this.promptCount; } diff --git a/packages/core/src/tools/shell.test.ts b/packages/core/src/tools/shell.test.ts index 8a2e8a2430f..ebc9ea033a0 100644 --- a/packages/core/src/tools/shell.test.ts +++ b/packages/core/src/tools/shell.test.ts @@ -1384,6 +1384,36 @@ describe('ShellTool', () => { expect(tagMatch?.[1]).toBe('release notes'); }); + // The tool description recommends `git commit -m "$(cat <<'EOF' + // ... EOF)"` for multi-line messages. The body contains nested + // `"` from interior shell tokens — the regex would match only + // up to the first interior quote and splice the trailer + // mid-substitution, breaking the command. Bail explicitly. + it('should NOT rewrite -m bodies that contain $(...) command substitution', async () => { + const command = + 'git commit -m "$(cat <<\'EOF\'\nfix: title\n\ndetails\nEOF\n)"'; + const invocation = shellTool.build({ command, is_background: false }); + const promise = invocation.execute(mockAbortSignal); + + resolveExecutionPromise({ + rawOutput: Buffer.from(''), + output: '', + exitCode: 0, + signal: null, + error: null, + aborted: false, + pid: 12345, + executionMethod: 'child_process', + }); + + await promise; + + const observed = mockShellExecutionService.mock.calls[0][0]; + // The original command must reach the executor unchanged. + expect(observed).toBe(command); + expect(observed).not.toContain('Co-authored-by:'); + }); + it('should add co-author when git commit is prefixed with sudo', async () => { const command = 'sudo git commit -m "Test"'; const invocation = shellTool.build({ command, is_background: false }); @@ -1575,6 +1605,62 @@ describe('ShellTool', () => { }); describe('addAttributionToPR', () => { + // `gh pr new` is a documented alias for `gh pr create`. Without + // explicit alias handling the rewrite silently misses it. + it('should append attribution to `gh pr new --body "..."` (alias form)', async () => { + const command = 'gh pr new --title "x" --body "Summary"'; + const invocation = shellTool.build({ command, is_background: false }); + const promise = invocation.execute(mockAbortSignal); + + resolveExecutionPromise({ + rawOutput: Buffer.from(''), + output: '', + exitCode: 0, + signal: null, + error: null, + aborted: false, + pid: 12345, + executionMethod: 'child_process', + }); + + await promise; + + expect(mockShellExecutionService).toHaveBeenCalledWith( + expect.stringContaining('Generated with Qwen Code'), + expect.any(String), + expect.any(Function), + expect.any(AbortSignal), + false, + {}, + ); + }); + + // Same `$(...)` bailout as addCoAuthorToGitCommit: a heredoc + // body must not have the trailer spliced in mid-substitution. + it('should NOT rewrite --body that contains $(...) command substitution', async () => { + const command = + 'gh pr create --title "x" --body "$(cat <<\'EOF\'\nSummary\nEOF\n)"'; + const invocation = shellTool.build({ command, is_background: false }); + const promise = invocation.execute(mockAbortSignal); + + resolveExecutionPromise({ + rawOutput: Buffer.from(''), + output: '', + exitCode: 0, + signal: null, + error: null, + aborted: false, + pid: 12345, + executionMethod: 'child_process', + }); + + await promise; + + const observed = mockShellExecutionService.mock.calls[0][0]; + expect(observed).toBe(command); + expect(observed).not.toContain('Generated with Qwen Code'); + }); + it('should append attribution to gh pr create --body when pr enabled', async () => { const command = 'gh pr create --title "x" --body "Summary"'; const invocation = shellTool.build({ command, is_background: false }); diff --git a/packages/core/src/tools/shell.ts b/packages/core/src/tools/shell.ts index 4c106cbce2c..cfbfc51a1c0 100644 --- a/packages/core/src/tools/shell.ts +++ b/packages/core/src/tools/shell.ts @@ -373,7 +373,10 @@ function looksLikeGhPrCreate(command: string): boolean { const tokens = tokeniseSegment(sub); if (!tokens || tokens[0] !== 'gh') continue; const rest = parseGhInvocation(tokens); - if (rest[0] === 'pr' && rest[1] === 'create') return true; + // `gh pr new` is the documented alias for `gh pr create`. Detect + // both so attribution doesn't silently miss the alias form. + if (rest[0] === 'pr' && (rest[1] === 'create' || rest[1] === 'new')) + return true; } return false; } @@ -854,7 +857,13 @@ export class ShellToolInvocation extends BaseToolInvocation< // and so attribution still runs after a `git commit && cd ..` // chain (which would have failed an "any cd anywhere" gate). const commitCtx = gitCommitContext(strippedCommand); - const preHeadPromise: Promise = commitCtx.attributableInCwd + // Capture preHead whenever ANY git commit was attempted in the + // chain — even non-attributable ones — so the post-command branch + // can detect HEAD movement and clear stale singleton state. + // Without this, `cd subdir && git commit` (a real same-repo + // commit) would skip attribution AND fail to clear pending + // attributions, leaking them into the next foreground commit. + const preHeadPromise: Promise = commitCtx.hasCommit ? this.getGitHead(cwd) : Promise.resolve(null); @@ -985,6 +994,20 @@ export class ShellToolInvocation extends BaseToolInvocation< if (commitCtx.attributableInCwd) { const preHead = await preHeadPromise; await this.attachCommitAttribution(cwd, preHead); + } else if (commitCtx.hasCommit) { + // A `cd subdir && git commit` (or `git -C ... commit`) ran a + // commit we can't attribute, but our cwd's HEAD may still have + // moved (subdir is the same repo). If it did, the singleton's + // pending per-file attributions just got consumed by that + // commit — clear them so they don't leak into the next + // foreground commit. If HEAD didn't move (commit landed in a + // genuinely different repo), leave the entries alone. + const preHead = await preHeadPromise; + const postHead = await this.getGitHead(cwd); + if (postHead !== null && postHead !== preHead) { + const svc = CommitAttributionService.getInstance(); + if (svc.hasAttributions()) svc.clearAttributions(true); + } } let returnDisplayMessage = ''; @@ -1571,8 +1594,21 @@ export class ShellToolInvocation extends BaseToolInvocation< } } - // Get diff sizes from numstat output + // Get diff sizes from numstat output. Bail if `--numstat` + // returned nothing while `--name-only` succeeded — that's the + // partial-failure signal for `Promise.all`, and writing a note + // anyway would force every file's diffSize to 0, then + // generateNotePayload would clamp aiChars to 0 and emit a + // structurally valid but factually wrong all-zero attribution. const diffSizes = parseNumstat(numstatOutput); + if (diffSizes.size === 0) { + debugLogger.warn( + 'getCommittedFileInfo: --numstat returned empty while ' + + '--name-only listed files; skipping attribution note to ' + + 'avoid emitting all-zero AI percentages.', + ); + return empty; + } return { files, @@ -1702,6 +1738,21 @@ export class ShellToolInvocation extends BaseToolInvocation< if (match) { const [fullMatch, prefix, existingMessage] = match; + + // Bail on `$(...)` command substitution inside the captured + // body: our regex's `(?:[^"\\]|\\.)*` body group stops at the + // first interior `"`, so a heredoc-style + // `git commit -m "$(cat <<'HEREDOC' ... HEREDOC)"` (which the + // tool description recommends for multi-line messages) would + // be matched only up to the first inner `"`, then the trailer + // would be spliced into the middle of the command + // substitution and break the shell command. Recognising + // `$(` is enough — if it's there we can't safely rewrite + // without a real shell parser. + if (existingMessage.includes('$(')) { + return command; + } + const newMessage = existingMessage + coAuthor; const replacement = prefix + quote + newMessage + quote; @@ -1781,6 +1832,15 @@ export class ShellToolInvocation extends BaseToolInvocation< if (bodyMatch) { const [fullMatch, prefix, existingBody] = bodyMatch; + // Same `$(...)` bailout as addCoAuthorToGitCommit: a heredoc- + // style body (`gh pr create --body "$(cat <<'EOF' ... EOF)"`) + // contains nested `"` that our regex's `(?:[^"\\]|\\.)*` body + // group can't span — the match would terminate at the first + // interior quote and the splice would land mid-substitution, + // corrupting the user-approved command. + if (existingBody.includes('$(')) { + return command; + } // Escape the appended text for the surrounding quote style. // Without this, a configured generator name containing `"`, `$`, a // backtick, or `'` would either break the user-approved `gh pr From 66cef3bb5ffcbb2f40b19fdcbee0dff8de2c33a9 Mon Sep 17 00:00:00 2001 From: wenshao Date: Sat, 2 May 2026 15:07:18 +0800 Subject: [PATCH 26/64] fix(attribution): --amend, --message/-b aliases, .d.ts over-exclusion MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Four Copilot follow-ups, three of them user-visible coverage gaps: - `git commit --amend` was diffing `HEAD~1..HEAD` for attribution, which spans the entire amended commit (parent → amended) rather than the actual amend delta. A message-only amend would emit a note attributing every file in the original commit to this amend. New `isAmendCommit` helper detects the flag and getCommittedFileInfo switches to `HEAD@{1}..HEAD` (the pre-amend HEAD vs the amended HEAD); if the reflog is GC'd we bail with a warning rather than over-attribute. - `git commit --message "..."` and `--message="..."` were silently skipped because the regex only recognised the short `-m` form. The flag prefix now matches both alternatives via `(?:-[a-zA-Z]*m|--message)\s*=?\s*` (non-capturing inner group so the existing `[full, prefix, body]` destructure still works). - `gh pr create -b "..."` (the short alias for `--body`) was the same gap on the PR side; `(?:--body|-b)[\s=]+` now covers both forms. - `.d.ts` was an over-broad blanket exclusion in EXCLUDED_EXTENSIONS — declaration files are commonly authored (ambient declarations, asset shims like `*.d.ts` for `import './x.svg'`); the repo even contains `packages/vscode-ide-companion/src/assets.d.ts`. Removed `.d.ts` from the extensions Set and adjusted the test to assert the new behavior. Auto-generated `.d.ts` (e.g. `tsc --declaration` output) still gets caught by the build-directory rules. Tests added: `--amend` plumbing covered by the new branch in getCommittedFileInfo (no targeted unit test — the diff invocation goes through ShellExecutionService and is exercised by the existing post-command path); `--message`/`--message="..."`/-b/-b="..."` all have positive trailer-injection assertions; `.d.ts` test split into "hand-authored" (negative) and "in dist" (positive). --- .../core/src/services/generatedFiles.test.ts | 17 ++- packages/core/src/services/generatedFiles.ts | 10 +- packages/core/src/tools/shell.test.ts | 89 +++++++++++++ packages/core/src/tools/shell.ts | 125 ++++++++++++++---- 4 files changed, 214 insertions(+), 27 deletions(-) diff --git a/packages/core/src/services/generatedFiles.test.ts b/packages/core/src/services/generatedFiles.test.ts index d7692d39efb..f1d245039b4 100644 --- a/packages/core/src/services/generatedFiles.test.ts +++ b/packages/core/src/services/generatedFiles.test.ts @@ -27,8 +27,21 @@ describe('isGeneratedFile', () => { expect(isGeneratedFile('src/.next/cache.js')).toBe(true); }); - it('should exclude TypeScript declaration files', () => { - expect(isGeneratedFile('types/index.d.ts')).toBe(true); + // `.d.ts` files are commonly authored by hand (declaration files + // for projects without TS sources, ambient module declarations, + // asset shims like `*.d.ts` for `import './x.svg'`); the prior + // blanket exclusion silently dropped AI edits to those files. + // Auto-generated `.d.ts` (e.g. `tsc --declaration` output) tends + // to live under `/dist/` etc. and is still excluded by the + // directory rules. + it('should NOT exclude hand-authored TypeScript declaration files', () => { + expect(isGeneratedFile('types/index.d.ts')).toBe(false); + expect(isGeneratedFile('src/assets.d.ts')).toBe(false); + }); + + it('should still exclude .d.ts emitted into build directories', () => { + expect(isGeneratedFile('dist/index.d.ts')).toBe(true); + expect(isGeneratedFile('build/types.d.ts')).toBe(true); }); it('should exclude generated code files', () => { diff --git a/packages/core/src/services/generatedFiles.ts b/packages/core/src/services/generatedFiles.ts index c6fdb17cad0..dd20f36bfd7 100644 --- a/packages/core/src/services/generatedFiles.ts +++ b/packages/core/src/services/generatedFiles.ts @@ -27,7 +27,14 @@ const EXCLUDED_FILENAMES = new Set([ 'npm-shrinkwrap.json', ]); -// File extension patterns (case-insensitive) +// File extension patterns (case-insensitive). Note: `.d.ts` is NOT +// listed here — `.d.ts` files are commonly authored by hand +// (declaration files for projects without TS sources, ambient module +// declarations, asset shims like `*.d.ts` for `import './x.svg'`), +// and treating every one as generated would silently drop AI edits +// to those files. Auto-generated `.d.ts` (e.g. `tsc --declaration` +// output) tends to live under `/dist/`, `/build/`, or `/out/`, +// which are already covered by `EXCLUDED_DIRECTORIES`. const EXCLUDED_EXTENSIONS = new Set([ '.lock', '.min.js', @@ -37,7 +44,6 @@ const EXCLUDED_EXTENSIONS = new Set([ '.bundle.css', '.generated.ts', '.generated.js', - '.d.ts', ]); // Directory patterns that indicate generated/vendored content diff --git a/packages/core/src/tools/shell.test.ts b/packages/core/src/tools/shell.test.ts index ebc9ea033a0..47d67b5fa6b 100644 --- a/packages/core/src/tools/shell.test.ts +++ b/packages/core/src/tools/shell.test.ts @@ -1414,6 +1414,65 @@ describe('ShellTool', () => { expect(observed).not.toContain('Co-authored-by:'); }); + // `--message` is git's documented long alias for `-m`. Without + // explicit handling the trailer would be silently skipped on + // commits that use the long form. + it('should add co-author for git commit --message "..."', async () => { + const command = 'git commit --message "Test commit"'; + const invocation = shellTool.build({ command, is_background: false }); + const promise = invocation.execute(mockAbortSignal); + + resolveExecutionPromise({ + rawOutput: Buffer.from(''), + output: '', + exitCode: 0, + signal: null, + error: null, + aborted: false, + pid: 12345, + executionMethod: 'child_process', + }); + + await promise; + + expect(mockShellExecutionService).toHaveBeenCalledWith( + expect.stringContaining('Co-authored-by:'), + expect.any(String), + expect.any(Function), + expect.any(AbortSignal), + false, + {}, + ); + }); + + it('should add co-author for git commit --message="..."', async () => { + const command = 'git commit --message="Test commit"'; + const invocation = shellTool.build({ command, is_background: false }); + const promise = invocation.execute(mockAbortSignal); + + resolveExecutionPromise({ + rawOutput: Buffer.from(''), + output: '', + exitCode: 0, + signal: null, + error: null, + aborted: false, + pid: 12345, + executionMethod: 'child_process', + }); + + await promise; + + expect(mockShellExecutionService).toHaveBeenCalledWith( + expect.stringContaining('Co-authored-by:'), + expect.any(String), + expect.any(Function), + expect.any(AbortSignal), + false, + {}, + ); + }); + it('should add co-author when git commit is prefixed with sudo', async () => { const command = 'sudo git commit -m "Test"'; const invocation = shellTool.build({ command, is_background: false }); @@ -1661,6 +1720,36 @@ describe('ShellTool', () => { expect(observed).not.toContain('Generated with Qwen Code'); }); + // `-b` is gh's documented short alias for `--body`. Without + // explicit handling the rewrite would silently miss it. + it('should append attribution to gh pr create -b "..." (short form)', async () => { + const command = 'gh pr create --title "x" -b "Summary"'; + const invocation = shellTool.build({ command, is_background: false }); + const promise = invocation.execute(mockAbortSignal); + + resolveExecutionPromise({ + rawOutput: Buffer.from(''), + output: '', + exitCode: 0, + signal: null, + error: null, + aborted: false, + pid: 12345, + executionMethod: 'child_process', + }); + + await promise; + + expect(mockShellExecutionService).toHaveBeenCalledWith( + expect.stringContaining('Generated with Qwen Code'), + expect.any(String), + expect.any(Function), + expect.any(AbortSignal), + false, + {}, + ); + }); + it('should append attribution to gh pr create --body when pr enabled', async () => { const command = 'gh pr create --title "x" --body "Summary"'; const invocation = shellTool.build({ command, is_background: false }); diff --git a/packages/core/src/tools/shell.ts b/packages/core/src/tools/shell.ts index cfbfc51a1c0..1e7cd4792e3 100644 --- a/packages/core/src/tools/shell.ts +++ b/packages/core/src/tools/shell.ts @@ -323,6 +323,29 @@ function parseGhInvocation(tokens: string[]): string[] { return []; } +/** + * Detect whether the attributable `git commit` invocation in + * `command` carries the `--amend` flag. Used so attachCommitAttribution + * can switch the diff range from `HEAD~1..HEAD` (the amended commit + * vs its parent — too broad for amend) to `HEAD@{1}..HEAD` (the + * actual amend delta). + */ +function isAmendCommit(command: string): boolean { + for (const sub of splitCommands(command)) { + const tokens = tokeniseSegment(sub); + if (!tokens || tokens[0] !== 'git') continue; + const { subcommand } = parseGitInvocation(tokens); + if (subcommand !== 'commit') continue; + if ( + tokens.includes('--amend') || + tokens.some((t) => t.startsWith('--amend=')) + ) { + return true; + } + } + return false; +} + /** * Locate the character range of the *first* attributable * `git commit` invocation in the (potentially compound) command, or @@ -993,7 +1016,13 @@ export class ShellToolInvocation extends BaseToolInvocation< // movement, so it's a no-op when no commit was actually created. if (commitCtx.attributableInCwd) { const preHead = await preHeadPromise; - await this.attachCommitAttribution(cwd, preHead); + // `git commit --amend` rewrites HEAD in place, so the diff + // `HEAD~1..HEAD` would span the entire amended commit (parent → + // amended), not just what this amend changed. Detect the flag + // so getCommittedFileInfo can switch to `HEAD@{1}..HEAD` and + // attribute only the actual amend delta. + const isAmend = isAmendCommit(strippedCommand); + await this.attachCommitAttribution(cwd, preHead, isAmend); } else if (commitCtx.hasCommit) { // A `cd subdir && git commit` (or `git -C ... commit`) ran a // commit we can't attribute, but our cwd's HEAD may still have @@ -1345,6 +1374,7 @@ export class ShellToolInvocation extends BaseToolInvocation< private async attachCommitAttribution( cwd: string, preHead: string | null, + isAmend: boolean, ): Promise { // Caller (`execute`) gates this with `commitCtx.attributableInCwd`, // so we don't re-parse the command here. Re-parsing would be dead @@ -1416,7 +1446,7 @@ export class ShellToolInvocation extends BaseToolInvocation< try { // Analyze the just-committed files by diffing HEAD against its parent. // The commit already happened, so we diff HEAD~1..HEAD instead of --cached. - const stagedInfo = await this.getCommittedFileInfo(cwd); + const stagedInfo = await this.getCommittedFileInfo(cwd, isAmend); // Pass the actual model name (e.g. `qwen3-coder-plus`) rather than the // co-author display label so the note's `generator` field reflects @@ -1522,7 +1552,10 @@ export class ShellToolInvocation extends BaseToolInvocation< * Get information about files in the most recent commit by diffing * HEAD against its parent (HEAD~1). Falls back to empty info on error. */ - private async getCommittedFileInfo(cwd: string): Promise { + private async getCommittedFileInfo( + cwd: string, + isAmend: boolean, + ): Promise { const empty: StagedFileInfo = { files: [], diffSizes: new Map(), @@ -1561,19 +1594,46 @@ export class ShellToolInvocation extends BaseToolInvocation< // attribution for any file outside it. const repoRoot = repoRootOutput.trim(); - // For the initial commit (no parent), use diff-tree --root - // since `git diff --root` isn't valid for porcelain diff. - const diffArgs = hasParent - ? { - name: 'diff --name-only HEAD~1 HEAD', - status: 'diff --name-status HEAD~1 HEAD', - numstat: 'diff --numstat HEAD~1 HEAD', - } - : { - name: 'diff-tree --root --no-commit-id -r --name-only HEAD', - status: 'diff-tree --root --no-commit-id -r --name-status HEAD', - numstat: 'diff-tree --root --no-commit-id -r --numstat HEAD', - }; + // Choose the diff range: + // - amend: `HEAD@{1}..HEAD` — the actual amend delta. The + // pre-amend HEAD is in the reflog and points at the original + // commit; diffing against the *amended* HEAD captures only + // what changed in this amend operation, not the entire commit + // contents (which `HEAD~1..HEAD` would falsely include). + // - has parent: `HEAD~1..HEAD` — standard parent diff. + // - root commit: `diff-tree --root` against the empty tree. + let diffArgs: { name: string; status: string; numstat: string }; + if (isAmend) { + // Verify HEAD@{1} actually exists; reflogs can be GC'd. + const hasReflog = + (await runGit('rev-parse --verify HEAD@{1}')).length > 0; + if (!hasReflog) { + // Without a pre-amend snapshot we can't compute the amend + // delta; emitting `HEAD~1..HEAD` would over-attribute. + debugLogger.warn( + 'getCommittedFileInfo: --amend with empty reflog; skipping ' + + 'attribution note (cannot determine amend delta).', + ); + return empty; + } + diffArgs = { + name: 'diff --name-only HEAD@{1} HEAD', + status: 'diff --name-status HEAD@{1} HEAD', + numstat: 'diff --numstat HEAD@{1} HEAD', + }; + } else if (hasParent) { + diffArgs = { + name: 'diff --name-only HEAD~1 HEAD', + status: 'diff --name-status HEAD~1 HEAD', + numstat: 'diff --numstat HEAD~1 HEAD', + }; + } else { + diffArgs = { + name: 'diff-tree --root --no-commit-id -r --name-only HEAD', + status: 'diff-tree --root --no-commit-id -r --name-status HEAD', + numstat: 'diff-tree --root --no-commit-id -r --numstat HEAD', + }; + } const [nameOutput, statusOutput, numstatOutput] = await Promise.all([ runGit(diffArgs.name), runGit(diffArgs.status), @@ -1670,14 +1730,25 @@ export class ShellToolInvocation extends BaseToolInvocation< // [^"\\] matches any char except double-quote and backslash // \\. matches escape sequences like \" or \\ // (?:...|...)* matches normal chars or escapes, repeated - const doubleQuotePattern = /(-[a-zA-Z]*m\s*)"((?:[^"\\]|\\.)*)"/g; + // Match both the short form (`-m`, `-am`, combined short flags) + // and git's long alias `--message` (with optional `=` separator: + // `--message="..."`). Inner alternation is non-capturing so the + // existing `[full, prefix, body]` destructure still applies. + const FLAG_PREFIX = `(?:-[a-zA-Z]*m|--message)\\s*=?\\s*`; + const doubleQuotePattern = new RegExp( + `(${FLAG_PREFIX})"((?:[^"\\\\]|\\\\.)*)"`, + 'g', + ); // Bash single quotes can't be escaped, so apostrophes inside a // single-quoted message use the close-escape-reopen form `'\''` // (e.g. `git commit -m 'don'\''t'`). The negative lookahead leaves // those alone — rewriting them correctly needs a real shell parser // and a wrong rewrite would mid-insert the trailer and break the // command's quoting. - const singleQuotePattern = /(-[a-zA-Z]*m\s*)'([^']*)'(?!\\'')/g; + const singleQuotePattern = new RegExp( + `(${FLAG_PREFIX})'([^']*)'(?!\\\\'')`, + 'g', + ); const segment = command.slice(segmentRange.start, segmentRange.end); // Git concatenates multiple `-m` values with a blank line, so the // co-author trailer has to land in the *last* `-m` value to be @@ -1815,16 +1886,24 @@ export class ShellToolInvocation extends BaseToolInvocation< ? `\n\n🤖 Generated with Qwen Code (${shots}-shotted by ${generator})` : `\n\n🤖 Generated with Qwen Code`; - // Append to --body "..." or --body '...' - // Accept both space and `=` between flag and value: `gh pr create - // --body "..."` and `gh pr create --body="..."` are both valid. - const bodyDoublePattern = /(--body[\s=]+)"((?:[^"\\]|\\.)*)"/; + // Match both the long form `--body` and the short alias `-b` + // (documented in `gh pr create --help`), with either space or + // `=` separator: `--body "..."`, `--body="..."`, `-b "..."`, + // `-b="..."`. The `\b` after `-b` is intentional — without it + // we'd also match the start of `-body` (a typo) which the user + // didn't intend; a real `-b` flag is followed by whitespace or + // `=`. Inner alternation is non-capturing so the existing + // `[full, prefix, body]` destructure stays intact. + const BODY_FLAG = `(?:--body|-b)[\\s=]+`; + const bodyDoublePattern = new RegExp( + `(${BODY_FLAG})"((?:[^"\\\\]|\\\\.)*)"`, + ); // Bash apostrophes inside a single-quoted body use the // close-escape-reopen form `'\''`. The inner alternation matches // either a non-apostrophe character or that escape sequence as a // whole, so the trailer lands at the true end of the body rather // than after only the first quoted segment. - const bodySinglePattern = /(--body[\s=]+)'((?:[^']|'\\'')*)'/; + const bodySinglePattern = new RegExp(`(${BODY_FLAG})'((?:[^']|'\\\\'')*)'`); const bodyDoubleMatch = command.match(bodyDoublePattern); const bodySingleMatch = command.match(bodySinglePattern); const bodyMatch = bodyDoubleMatch ?? bodySingleMatch; From 80bed8f58ef75f57a782ec7beb0d13b4a0158296 Mon Sep 17 00:00:00 2001 From: wenshao Date: Sat, 2 May 2026 17:03:09 +0800 Subject: [PATCH 27/64] fix(attribution): cd-subdir, scope --body, multi-commit count guard, /clear reset MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Four bugs flagged this round: - gitCommitContext / findAttributableCommitSegment used a blanket "any cd shifts cwd" gate, breaking the very common `cd subdir && git commit -m "..."` flow even though the commit lands in the same repo. New `cdTargetMayChangeRepo` heuristic: treat relative paths that don't escape upward (no leading `..`, no absolute path, no `~`/`$VAR` expansion, no bare `cd`/`cd -`) as in-repo and let attribution proceed. Conservative on anything it can't statically verify. - addAttributionToPR was running the `--body`/`-b` regex against the FULL compound command string. In `curl -b "session=abc" && gh pr create --body "summary"` the regex would match curl's `-b` cookie flag and inject attribution into the cookie value, corrupting the curl call. Added `findGhPrCreateSegment` (analog of `findAttributableCommitSegment`) and scoped the body regex to that segment, splicing back into the original command via offsetting the in-segment match index. - The multi-commit guard treated `runGitCount === 0` as "single commit" and bypassed itself. After `commitCreated === true`, a count of 0 is impossible in normal operation — it means rev-list errored or timed out. Now we bail on `commitCount !== 1` with a tailored message: anything other than exactly 1 commit is suspicious and refuses the note. - The CommitAttributionService singleton survives across `Config.startNewSession()` (the `/clear` and resume paths). New `CommitAttributionService.resetInstance()` call alongside the existing chat-recording / file-cache resets in startNewSession prevents pending attributions from a prior session attaching to a commit in the new one. Three regression tests added: `cd src && git commit` produces a trailer (in-repo cd), `cd .. && git commit` does not (could escape repo root), and `curl -b "..." && gh pr create --body "..."` leaves curl's cookie value untouched while attribution lands in gh's body. --- packages/core/src/config/config.ts | 7 ++ packages/core/src/tools/shell.test.ts | 96 +++++++++++++++++++ packages/core/src/tools/shell.ts | 132 +++++++++++++++++++------- 3 files changed, 203 insertions(+), 32 deletions(-) diff --git a/packages/core/src/config/config.ts b/packages/core/src/config/config.ts index 1e5f5ffb3d0..a06eb144978 100644 --- a/packages/core/src/config/config.ts +++ b/packages/core/src/config/config.ts @@ -127,6 +127,7 @@ import { import { getAutoMemoryRoot } from '../memory/paths.js'; import { readAutoMemoryIndex } from '../memory/store.js'; import { MemoryManager } from '../memory/manager.js'; +import { CommitAttributionService } from '../services/commitAttribution.js'; import { ModelsConfig, @@ -1387,6 +1388,12 @@ export class Config { // constructed via Object.create — those should clear their own // cache, not the parent's. this.getFileReadCache().clear(); + // The commit-attribution singleton accumulates per-file AI edits + // and a session-scoped prompt counter — both stop being meaningful + // when the session resets. Without this, pending attributions + // from the previous session could attach to a commit in the new + // one, and the "N-shotted" PR label would span sessions. + CommitAttributionService.resetInstance(); if (this.initialized) { logStartSession(this, new StartSessionEvent(this)); } diff --git a/packages/core/src/tools/shell.test.ts b/packages/core/src/tools/shell.test.ts index 47d67b5fa6b..42034bc5ce2 100644 --- a/packages/core/src/tools/shell.test.ts +++ b/packages/core/src/tools/shell.test.ts @@ -1102,6 +1102,70 @@ describe('ShellTool', () => { ); }); + // `cd subdir && git commit` (relative cd that doesn't escape + // upward) is a very common workflow — entering a subdirectory + // before committing. The cd target stays inside the same repo, + // so attribution should still apply. The earlier blanket + // "any cd shifts cwd" gate broke this; the heuristic now only + // marks shifted on absolute paths, `..`-prefixed paths, env-var + // expansions, etc. + it('should add co-author for cd subdir && git commit (relative same-repo)', async () => { + const command = 'cd src && git commit -m "Test commit"'; + const invocation = shellTool.build({ command, is_background: false }); + const promise = invocation.execute(mockAbortSignal); + + resolveExecutionPromise({ + rawOutput: Buffer.from(''), + output: '', + exitCode: 0, + signal: null, + error: null, + aborted: false, + pid: 12345, + executionMethod: 'child_process', + }); + + await promise; + + expect(mockShellExecutionService).toHaveBeenCalledWith( + expect.stringContaining('Co-authored-by:'), + expect.any(String), + expect.any(Function), + expect.any(AbortSignal), + false, + {}, + ); + }); + + // `cd ..` could escape the repo root — conservative shift. + it('should NOT add co-author for cd .. && git commit (could escape repo)', async () => { + const command = 'cd .. && git commit -m "Test commit"'; + const invocation = shellTool.build({ command, is_background: false }); + const promise = invocation.execute(mockAbortSignal); + + resolveExecutionPromise({ + rawOutput: Buffer.from(''), + output: '', + exitCode: 0, + signal: null, + error: null, + aborted: false, + pid: 12345, + executionMethod: 'child_process', + }); + + await promise; + + expect(mockShellExecutionService).toHaveBeenCalledWith( + expect.not.stringContaining('Co-authored-by:'), + expect.any(String), + expect.any(Function), + expect.any(AbortSignal), + false, + {}, + ); + }); + // A cd that comes AFTER an in-cwd commit doesn't invalidate the // commit's attribution — the commit already landed in our repo. it('should add co-author when cd comes AFTER git commit', async () => { @@ -1722,6 +1786,38 @@ describe('ShellTool', () => { // `-b` is gh's documented short alias for `--body`. Without // explicit handling the rewrite would silently miss it. + // `curl -b "session=abc" && gh pr create --body "summary"` — + // without segment scoping the body regex would match curl's + // `-b` cookie flag (since it's the same `-b "..."` shape) and + // inject attribution into the cookie value, breaking curl. + it('should NOT match -b in earlier non-gh segments of a compound', async () => { + const command = + 'curl -b "session=abc" https://example.com && gh pr create --title "x" --body "summary"'; + const invocation = shellTool.build({ command, is_background: false }); + const promise = invocation.execute(mockAbortSignal); + + resolveExecutionPromise({ + rawOutput: Buffer.from(''), + output: '', + exitCode: 0, + signal: null, + error: null, + aborted: false, + pid: 12345, + executionMethod: 'child_process', + }); + + await promise; + + const observed = mockShellExecutionService.mock.calls[0][0]; + // curl's -b cookie value must be exactly preserved. + expect(observed).toContain('curl -b "session=abc"'); + // The trailer should land in gh's --body, not in curl's -b. + expect(observed).toMatch( + /gh pr create --title "x" --body "summary[\s\S]*Generated with Qwen Code"/, + ); + }); + it('should append attribution to gh pr create -b "..." (short form)', async () => { const command = 'gh pr create --title "x" -b "Summary"'; const invocation = shellTool.build({ command, is_background: false }); diff --git a/packages/core/src/tools/shell.ts b/packages/core/src/tools/shell.ts index 1e7cd4792e3..a21a234ea27 100644 --- a/packages/core/src/tools/shell.ts +++ b/packages/core/src/tools/shell.ts @@ -263,10 +263,21 @@ function gitCommitContext(command: string): { const program = tokens[0]!; if (program === 'cd') { - // A cd before any commit makes later in-chain commits unsafe to - // attribute (might land in a different repo). A cd after the - // commit doesn't matter for the commit we already saw. - if (!hasCommit) cwdShifted = true; + // A cd before any commit might redirect a later `git commit` into + // a different repo. A cd AFTER the commit doesn't matter for the + // commit we already saw. + // + // A heuristic relaxation: relative cd targets that don't escape + // upward (no `..`, no absolute path, no env-var/$home expansion) + // almost always stay within the same repo. The very common + // `cd subdir && git commit -m "..."` flow is the motivating case + // — same repo, same toplevel, attribution is still safe. Only + // mark as shifted when the target *could* land us in a different + // repo. We can't be 100% certain without running `git rev-parse + // --show-toplevel` after the cd, which would require a synchronous + // fs/exec call that the rest of this walk avoids — the heuristic + // covers the common case and stays conservative on the rest. + if (!hasCommit && cdTargetMayChangeRepo(tokens)) cwdShifted = true; continue; } @@ -323,6 +334,37 @@ function parseGhInvocation(tokens: string[]): string[] { return []; } +/** + * Heuristic: does this `cd` invocation potentially redirect us into + * a different repository? Used by `gitCommitContext` to decide + * whether a subsequent `git commit` in the same chain is still + * attributable in our cwd. + * + * Returns true (conservative — assume shift) when the target is + * absolute, escapes upward (`..`), goes to `$HOME` / `~`, contains an + * env-var (we can't resolve it statically), or is missing entirely + * (`cd` alone goes to `$HOME`). Plain relative paths like `cd src`, + * `cd ./packages/foo`, or `cd subdir/nested` are treated as in-repo. + */ +function cdTargetMayChangeRepo(tokens: string[]): boolean { + // tokens[0] is 'cd'. The next non-flag token is the target. + let i = 1; + while (i < tokens.length && tokens[i]!.startsWith('-')) i++; + const target = tokens[i]; + // `cd` with no argument goes to $HOME. + if (target === undefined) return true; + if (target.startsWith('/')) return true; + if (target.startsWith('~')) return true; + // Env-var reference (e.g. `$HOME`, `$REPO`) — can't resolve here. + if (target.includes('$')) return true; + // `..`, `../..`, `..\\foo` etc. could escape the repo root. + if (target === '..') return true; + if (target.startsWith('../') || target.startsWith('..\\')) return true; + // `-` is bash's "previous directory" — could be anywhere. + if (target === '-') return true; + return false; +} + /** * Detect whether the attributable `git commit` invocation in * `command` carries the `--amend` flag. Used so attachCommitAttribution @@ -372,7 +414,10 @@ function findAttributableCommitSegment( if (!tokens || tokens.length === 0) continue; const program = tokens[0]!; if (program === 'cd') { - if (!cwdShifted) cwdShifted = true; + // Mirror gitCommitContext's cd heuristic: relative paths that + // don't escape upward are treated as in-repo, so + // `cd subdir && git commit ...` still finds the segment. + if (!cwdShifted && cdTargetMayChangeRepo(tokens)) cwdShifted = true; continue; } if (program === 'git') { @@ -387,21 +432,31 @@ function findAttributableCommitSegment( } /** - * Detect whether `command` invokes `gh pr create` at the top level — - * same shell-aware shape as `gitCommitContext` so quoted text like - * `echo "gh pr create --body ..."` doesn't trip the rewrite path. + * Locate the character range of the `gh pr create` (or alias + * `gh pr new`) segment in a potentially compound command. Used by + * `addAttributionToPR` so the `--body`/`-b` rewrite is scoped to + * just that segment — without scoping, a command like + * `curl -b "session=abc" && gh pr create --body "summary"` would + * have the regex match `curl`'s `-b` cookie flag and inject + * attribution there. */ -function looksLikeGhPrCreate(command: string): boolean { +function findGhPrCreateSegment( + command: string, +): { start: number; end: number } | null { + let cursor = 0; for (const sub of splitCommands(command)) { + const start = command.indexOf(sub, cursor); + if (start < 0) continue; + const end = start + sub.length; + cursor = end; const tokens = tokeniseSegment(sub); if (!tokens || tokens[0] !== 'gh') continue; const rest = parseGhInvocation(tokens); - // `gh pr new` is the documented alias for `gh pr create`. Detect - // both so attribution doesn't silently miss the alias form. - if (rest[0] === 'pr' && (rest[1] === 'create' || rest[1] === 'new')) - return true; + if (rest[0] === 'pr' && (rest[1] === 'create' || rest[1] === 'new')) { + return { start, end }; + } } - return false; + return null; } /** Approximate characters per text line for the diff-size estimate. */ @@ -1411,13 +1466,21 @@ export class ShellToolInvocation extends BaseToolInvocation< preHead !== null ? await this.countCommitsAfter(cwd, preHead) : await this.countCommitsFromRoot(cwd); - if (commitCount > 1) { - debugLogger.warn( - `Refusing AI attribution for a multi-commit shell command ` + - `(${commitCount} commits since ${ - preHead ? preHead.slice(0, 12) : 'repo root' - }).`, - ); + // commitCreated has already established that HEAD moved, so we + // expect exactly 1 commit. Anything else is suspicious: + // - >1: actual multi-commit chain we can't partition + // - 0: rev-list errored / timed out — could not verify, so + // we'd otherwise silently attribute as a single commit even + // though the count is unknown + // Bail in either case. + if (commitCount !== 1) { + const reason = + commitCount === 0 + ? 'commit count unavailable (rev-list failed) ' + + 'after HEAD moved — refusing to assume single commit' + : `multi-commit shell command (${commitCount} commits since ` + + `${preHead ? preHead.slice(0, 12) : 'repo root'})`; + debugLogger.warn(`Refusing AI attribution: ${reason}.`); attributionService.clearAttributions(true); return; } @@ -1861,7 +1924,8 @@ export class ShellToolInvocation extends BaseToolInvocation< // Shell-aware detection — a raw regex would falsely match quoted // text such as `echo "gh pr create --body \"x\""` and rewrite a // command that wasn't actually creating a PR. - if (!looksLikeGhPrCreate(command)) { + const ghSegment = findGhPrCreateSegment(command); + if (!ghSegment) { return command; } @@ -1889,11 +1953,14 @@ export class ShellToolInvocation extends BaseToolInvocation< // Match both the long form `--body` and the short alias `-b` // (documented in `gh pr create --help`), with either space or // `=` separator: `--body "..."`, `--body="..."`, `-b "..."`, - // `-b="..."`. The `\b` after `-b` is intentional — without it - // we'd also match the start of `-body` (a typo) which the user - // didn't intend; a real `-b` flag is followed by whitespace or - // `=`. Inner alternation is non-capturing so the existing + // `-b="..."`. Inner alternation is non-capturing so the existing // `[full, prefix, body]` destructure stays intact. + // + // Run the regex against just the gh segment, NOT the full + // command. Otherwise a compound like + // `curl -b "session=abc" && gh pr create --body "summary"` would + // have the body regex match `curl`'s `-b` cookie flag and inject + // attribution into the cookie value, corrupting the curl call. const BODY_FLAG = `(?:--body|-b)[\\s=]+`; const bodyDoublePattern = new RegExp( `(${BODY_FLAG})"((?:[^"\\\\]|\\\\.)*)"`, @@ -1904,8 +1971,9 @@ export class ShellToolInvocation extends BaseToolInvocation< // whole, so the trailer lands at the true end of the body rather // than after only the first quoted segment. const bodySinglePattern = new RegExp(`(${BODY_FLAG})'((?:[^']|'\\\\'')*)'`); - const bodyDoubleMatch = command.match(bodyDoublePattern); - const bodySingleMatch = command.match(bodySinglePattern); + const segment = command.slice(ghSegment.start, ghSegment.end); + const bodyDoubleMatch = segment.match(bodyDoublePattern); + const bodySingleMatch = segment.match(bodySinglePattern); const bodyMatch = bodyDoubleMatch ?? bodySingleMatch; const bodyQuote = bodyDoubleMatch ? '"' : "'"; @@ -1928,10 +1996,10 @@ export class ShellToolInvocation extends BaseToolInvocation< ? escapeForBashDoubleQuote(attribution) : escapeForBashSingleQuote(attribution); const newBody = existingBody + escapedAttribution; - // Use indexOf + slice instead of String.replace() to avoid - // special replacement patterns ($&, $1, etc.) in user content - const idx = command.indexOf(fullMatch); - if (idx >= 0) { + // Splice the modified segment back into the original command, + // offsetting the in-segment match index by the segment start. + const idx = (bodyMatch.index ?? 0) + ghSegment.start; + if (idx >= ghSegment.start) { const replacement = prefix + bodyQuote + newBody + bodyQuote; return ( command.slice(0, idx) + From 1498133a73d4bed913171f232b70d8945b4292ca Mon Sep 17 00:00:00 2001 From: wenshao Date: Sat, 2 May 2026 20:59:10 +0800 Subject: [PATCH 28/64] fix(attribution): cd embedded .., env wrapper, Windows ARG_MAX, segment-locator warn MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Four review items, all small but real: - cdTargetMayChangeRepo missed embedded `..` traversal — `cd foo/../../escape` and similar would slip past the leading-`..` check and be treated as in-repo. Added an `includes('/..')` / `includes('\\..')` check (catches POSIX and Windows separators without false-positiving on `..` chars inside ordinary names, which only escape when followed by a separator). - tokeniseSegment now recognises `env` as a safe wrapper alongside `sudo`/`command`, so `env GIT_COMMITTER_DATE=now git commit ...` resolves to `git`. After the wrapper detection we also skip any `KEY=VALUE` argv entries (env's own argument syntax for setting vars before the program). - buildGitNotesCommand's MAX_NOTE_BYTES dropped from 128 KB to 30 KB. Windows' CreateProcess lpCommandLine is capped around 32,768 UTF-16 chars including the executable path and other argv entries; a 128 KB note would still fail to spawn even though the function returned a command instead of null. 30 KB leaves ~2 KB of headroom for the rest of the argv on Windows and is larger than any real commit's metadata in practice. - findAttributableCommitSegment / findGhPrCreateSegment now log a debugLogger.warn when `command.indexOf(sub, cursor)` returns -1 — splitCommands strips line continuations (`\`), so a multi-line command can have the trimmed segment text fail to match its source. Previously the segment was silently skipped with no signal; the warn makes the failure observable when QWEN_DEBUG_LOG_FILE is set. Two regression tests added: `cd foo/../../escape && git commit` gets no trailer (embedded-`..` heuristic catches it), and `env GIT_COMMITTER_DATE=now git commit` does (env wrapper skipped). --- .../core/src/services/attributionTrailer.ts | 14 +++- packages/core/src/tools/shell.test.ts | 66 +++++++++++++++++++ packages/core/src/tools/shell.ts | 47 +++++++++++-- 3 files changed, 120 insertions(+), 7 deletions(-) diff --git a/packages/core/src/services/attributionTrailer.ts b/packages/core/src/services/attributionTrailer.ts index 2bce67d260b..a242f4e3522 100644 --- a/packages/core/src/services/attributionTrailer.ts +++ b/packages/core/src/services/attributionTrailer.ts @@ -16,8 +16,18 @@ import type { CommitAttributionNote } from './commitAttribution.js'; const GIT_NOTES_REF = 'refs/notes/ai-attribution'; -/** Maximum byte length for the -m argument to avoid shell ARG_MAX limits. */ -const MAX_NOTE_BYTES = 128 * 1024; // 128 KB +/** + * Maximum byte length for the JSON note. Sized for the most + * restrictive ARG_MAX in the wild: Windows' `CreateProcess` + * lpCommandLine is capped around 32,768 UTF-16 chars including the + * git executable path, the other argv entries, and separators, so + * the note itself has to fit in that minus a safety margin (~2 KB) + * for everything else. Linux/macOS ARG_MAX is much larger; sizing + * for Windows just means we cap earlier on those platforms — the + * note is meant to be small metadata, not a payload, so the limit + * is rarely the binding constraint. + */ +const MAX_NOTE_BYTES = 30 * 1024; // 30 KB /** * argv-form git notes invocation, designed for `child_process.execFile`. diff --git a/packages/core/src/tools/shell.test.ts b/packages/core/src/tools/shell.test.ts index 42034bc5ce2..e4fc8bc0577 100644 --- a/packages/core/src/tools/shell.test.ts +++ b/packages/core/src/tools/shell.test.ts @@ -1138,6 +1138,72 @@ describe('ShellTool', () => { }); // `cd ..` could escape the repo root — conservative shift. + // Embedded `..` traversal — `cd foo/../../escape` — could + // escape the repo just as much as a leading `..`, so the + // heuristic must reject it. Without this the trailer would + // be appended to a commit landing in a different repo. + it('should NOT add co-author for cd with embedded .. (escapes via traversal)', async () => { + const command = 'cd foo/../../escape && git commit -m "Test"'; + const invocation = shellTool.build({ command, is_background: false }); + const promise = invocation.execute(mockAbortSignal); + + resolveExecutionPromise({ + rawOutput: Buffer.from(''), + output: '', + exitCode: 0, + signal: null, + error: null, + aborted: false, + pid: 12345, + executionMethod: 'child_process', + }); + + await promise; + + expect(mockShellExecutionService).toHaveBeenCalledWith( + expect.not.stringContaining('Co-authored-by:'), + expect.any(String), + expect.any(Function), + expect.any(AbortSignal), + false, + {}, + ); + }); + + // `env` is a shell wrapper like `sudo`/`command`, with the + // additional twist that it accepts `KEY=VALUE` argv entries + // before the program. Without explicit handling, the regex + // would see `KEY=VALUE` as the program name and skip + // attribution entirely. + it('should add co-author when git commit is wrapped in env KEY=VAL', async () => { + const command = + 'env GIT_COMMITTER_DATE=now git commit -m "Test commit"'; + const invocation = shellTool.build({ command, is_background: false }); + const promise = invocation.execute(mockAbortSignal); + + resolveExecutionPromise({ + rawOutput: Buffer.from(''), + output: '', + exitCode: 0, + signal: null, + error: null, + aborted: false, + pid: 12345, + executionMethod: 'child_process', + }); + + await promise; + + expect(mockShellExecutionService).toHaveBeenCalledWith( + expect.stringContaining('Co-authored-by:'), + expect.any(String), + expect.any(Function), + expect.any(AbortSignal), + false, + {}, + ); + }); + it('should NOT add co-author for cd .. && git commit (could escape repo)', async () => { const command = 'cd .. && git commit -m "Test commit"'; const invocation = shellTool.build({ command, is_background: false }); diff --git a/packages/core/src/tools/shell.ts b/packages/core/src/tools/shell.ts index a21a234ea27..2517def4da9 100644 --- a/packages/core/src/tools/shell.ts +++ b/packages/core/src/tools/shell.ts @@ -123,15 +123,20 @@ function tokeniseSegment(segment: string): string[] | null { // argv slot, so without explicitly knowing which take values we'd // leave e.g. `user` standing in for the program in // `sudo -u user git commit ...`. `command` doesn't take any flag - // values but its `-p`/`-v`/`-V` are flag-only. - if (tokens[i] === 'sudo' || tokens[i] === 'command') { + // values. `env` accepts both flags (`-i`, `-S`, `-u name`) AND + // `KEY=VALUE` argv entries before the program — both need + // skipping so `env GIT_COMMITTER_DATE=now git commit ...` resolves + // to `git`. + if (tokens[i] === 'sudo' || tokens[i] === 'command' || tokens[i] === 'env') { const wrapper = tokens[i]; i++; while (i < tokens.length && tokens[i]!.startsWith('-')) { const flag = tokens[i]!; i++; // Only sudo has value-taking flags in this allowlist; for - // `command`'s flag-only options we leave i alone. + // `command` and `env`'s flag-only options we leave i alone. + // (`env -u NAME` also takes a value, but skipping the + // following KEY=VALUE block below covers it implicitly.) if ( wrapper === 'sudo' && SUDO_FLAGS_WITH_VALUE.has(flag) && @@ -140,6 +145,15 @@ function tokeniseSegment(segment: string): string[] | null { i++; } } + // `env` puts KEY=VALUE pairs between its flags and the real + // program, so skip those too. Doing this only after the wrapper + // detection (rather than universally) avoids accidentally + // consuming what the user actually wrote. + if (wrapper === 'env') { + while (i < tokens.length && /^[A-Za-z_][A-Za-z0-9_]*=/.test(tokens[i]!)) { + i++; + } + } } return tokens.slice(i); } @@ -360,6 +374,12 @@ function cdTargetMayChangeRepo(tokens: string[]): boolean { // `..`, `../..`, `..\\foo` etc. could escape the repo root. if (target === '..') return true; if (target.startsWith('../') || target.startsWith('..\\')) return true; + // Embedded parent-dir traversal can also escape: `foo/../../escape`, + // `./..`, `nested/..`, etc. Catching `/..` and `\..` anywhere in + // the path covers both POSIX and Windows separators without + // false-positiving on legitimate names that happen to contain `..` + // (which only escape when followed by a separator). + if (target.includes('/..') || target.includes('\\..')) return true; // `-` is bash's "previous directory" — could be anywhere. if (target === '-') return true; return false; @@ -407,7 +427,18 @@ function findAttributableCommitSegment( let cwdShifted = false; for (const sub of splitCommands(command)) { const start = command.indexOf(sub, cursor); - if (start < 0) continue; + if (start < 0) { + // splitCommands strips line continuations (`\`) and + // some whitespace, so the trimmed segment text may not appear + // verbatim in the original command. Log so a multi-line + // command silently dropping its trailer is at least visible + // when QWEN_DEBUG_LOG_FILE is set. + debugLogger.warn( + `findAttributableCommitSegment: cannot map segment "${sub.slice(0, 60)}" ` + + `back to the original command (likely line-continuation / whitespace mismatch).`, + ); + continue; + } const end = start + sub.length; cursor = end; const tokens = tokeniseSegment(sub); @@ -446,7 +477,13 @@ function findGhPrCreateSegment( let cursor = 0; for (const sub of splitCommands(command)) { const start = command.indexOf(sub, cursor); - if (start < 0) continue; + if (start < 0) { + debugLogger.warn( + `findGhPrCreateSegment: cannot map segment "${sub.slice(0, 60)}" ` + + `back to the original command (likely line-continuation / whitespace mismatch).`, + ); + continue; + } const end = start + sub.length; cursor = end; const tokens = tokeniseSegment(sub); From f531924167e2c10a9e9d0f06fb819fb85f1e8449 Mon Sep 17 00:00:00 2001 From: wenshao Date: Sat, 2 May 2026 21:09:24 +0800 Subject: [PATCH 29/64] fix(attribution): scope isAmendCommit to attributable segment only `git -C ../other commit --amend && git commit -m x` would previously flag the second (fresh) commit as an amend, causing attachCommitAttribution to diff `HEAD@{1}..HEAD` against an unrelated reflog entry. Mirror findAttributableCommitSegment's cd/cwd tracking so only the first commit segment that runs in the original cwd determines amend status. --- packages/core/src/tools/shell.ts | 28 ++++++++++++++++++++-------- 1 file changed, 20 insertions(+), 8 deletions(-) diff --git a/packages/core/src/tools/shell.ts b/packages/core/src/tools/shell.ts index 2517def4da9..24f4e28b17f 100644 --- a/packages/core/src/tools/shell.ts +++ b/packages/core/src/tools/shell.ts @@ -391,19 +391,31 @@ function cdTargetMayChangeRepo(tokens: string[]): boolean { * can switch the diff range from `HEAD~1..HEAD` (the amended commit * vs its parent — too broad for amend) to `HEAD@{1}..HEAD` (the * actual amend delta). + * + * Only the *first* commit segment that runs in the same cwd as the + * shell tool counts. `git -C ../other commit --amend && git commit -m x` + * must not flip the diff range for the second (fresh) commit, since + * `HEAD@{1}` belongs to the inner repo there, not ours. */ function isAmendCommit(command: string): boolean { + let cwdShifted = false; for (const sub of splitCommands(command)) { const tokens = tokeniseSegment(sub); - if (!tokens || tokens[0] !== 'git') continue; - const { subcommand } = parseGitInvocation(tokens); - if (subcommand !== 'commit') continue; - if ( - tokens.includes('--amend') || - tokens.some((t) => t.startsWith('--amend=')) - ) { - return true; + if (!tokens || tokens.length === 0) continue; + const program = tokens[0]!; + if (program === 'cd') { + if (!cwdShifted && cdTargetMayChangeRepo(tokens)) cwdShifted = true; + continue; + } + if (program !== 'git') continue; + const { subcommand, changesCwd } = parseGitInvocation(tokens); + if (subcommand === 'commit' && !cwdShifted && !changesCwd) { + return ( + tokens.includes('--amend') || + tokens.some((t) => t.startsWith('--amend=')) + ); } + if (changesCwd && !cwdShifted) cwdShifted = true; } return false; } From 8891b83b85dbdea10934e6604487b49acf8ee553 Mon Sep 17 00:00:00 2001 From: wenshao Date: Mon, 4 May 2026 06:42:26 +0800 Subject: [PATCH 30/64] fix(attribution): last-match --body, symlink leaf canonicalisation, scoped prompt count MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - addAttributionToPR: use matchAll/last-match for `--body`/`-b` so the trailer lands in the gh-honoured (final) body when multiple flags are present. Mirrors addCoAuthorToGitCommit. Adds regression test. - attachCommitAttribution: also fs.realpathSync the per-file resolved path (not just the repo root) so files behind intermediate symlinks are matched against canonical keys recordEdit stored, instead of silently zeroing attribution and leaking entries past commit. - incrementPromptCount: scope to SendMessageType.UserQuery — ToolResult, Retry, Hook, Cron, Notification are model/background re-entries of the same logical turn. Tracking them all inflated the "N-shotted" trailer (one user message could become 10-shotted with 10 tool calls). - AttributionSnapshot: add `version: 1` field; restoreFromSnapshot now refuses incompatible versions and validates per-field types so a partially-written snapshot can't seed `Math.min(undefined, n) === NaN` into git-notes payloads. - Drop unused permission/escape counters (declared, persisted, never read or incremented) — fields, snapshot tolerance, and clear-method bookkeeping all removed; AttributionSnapshot interface simplifies. - isGeneratedFile: switch directory rule from substring `.includes('/dist/')` to segment-boundary check (split on `/`) so project dirs like `my-dist/` or `xbuild/` don't match. `.lock` removed from the blanket extension exclusion — well-known lockfiles already covered by EXCLUDED_FILENAMES; hand-authored `.lock` files (e.g. `.terraform.lock.hcl`) now stay attributable. - getClientSurface: document `QWEN_CODE_ENTRYPOINT` as the embedder override hook so the always-`'cli'` default is intentional. --- packages/core/src/core/client.ts | 10 +- .../src/services/commitAttribution.test.ts | 4 - .../core/src/services/commitAttribution.ts | 103 ++++++++++++------ .../core/src/services/generatedFiles.test.ts | 21 ++++ packages/core/src/services/generatedFiles.ts | 69 +++++++----- packages/core/src/tools/shell.test.ts | 32 ++++++ packages/core/src/tools/shell.ts | 57 ++++++++-- 7 files changed, 223 insertions(+), 73 deletions(-) diff --git a/packages/core/src/core/client.ts b/packages/core/src/core/client.ts index 717827bca97..d346d5d5f0e 100644 --- a/packages/core/src/core/client.ts +++ b/packages/core/src/core/client.ts @@ -708,9 +708,15 @@ export class GeminiClient { }); } - // Track prompt count for commit attribution (skip cron — not user-initiated) + // Track prompt count for commit attribution. Only the user typing a + // fresh prompt should bump the counter — `ToolResult` (tool-call + // continuation), `Retry`, `Hook`, `Cron`, and `Notification` are all + // model-driven or background-driven re-entries of the same logical + // turn. Counting them inflates the "N-shotted" label in the PR + // attribution trailer (one user message becomes "10-shotted" when it + // triggered ten tool calls). const attributionService = CommitAttributionService.getInstance(); - if (messageType !== SendMessageType.Cron) { + if (messageType === SendMessageType.UserQuery) { attributionService.incrementPromptCount(); } diff --git a/packages/core/src/services/commitAttribution.test.ts b/packages/core/src/services/commitAttribution.test.ts index 82d07e9e211..aadb559fe63 100644 --- a/packages/core/src/services/commitAttribution.test.ts +++ b/packages/core/src/services/commitAttribution.test.ts @@ -374,10 +374,6 @@ describe('CommitAttributionService', () => { baselines: {}, promptCount: 0, promptCountAtLastCommit: 0, - permissionPromptCount: 0, - permissionPromptCountAtLastCommit: 0, - escapeCount: 0, - escapeCountAtLastCommit: 0, }); // Lookup under the canonical form succeeds even though the diff --git a/packages/core/src/services/commitAttribution.ts b/packages/core/src/services/commitAttribution.ts index 126d85164dc..7af5ee7dc25 100644 --- a/packages/core/src/services/commitAttribution.ts +++ b/packages/core/src/services/commitAttribution.ts @@ -104,25 +104,24 @@ export interface StagedFileInfo { repoRoot?: string; } +/** + * On-disk schema version for AttributionSnapshot. Bump when the shape + * changes incompatibly so restoreFromSnapshot can refuse / migrate + * stale payloads instead of silently producing NaN counters or + * mismatched key shapes. + */ +export const ATTRIBUTION_SNAPSHOT_VERSION = 1; + /** Serializable snapshot for session persistence. */ export interface AttributionSnapshot { type: 'attribution-snapshot'; + /** Schema version; absent on pre-versioning snapshots, treated as 1. */ + version?: number; surface: string; fileStates: Record; baselines: Record; promptCount: number; promptCountAtLastCommit: number; - /** - * Reserved fields for future permission-prompt and escape counters. - * Currently unused in production; pre-fix snapshots may carry them - * with non-zero values, so the restore path tolerates them but the - * service no longer exposes increment methods until a real counter - * use case lands. - */ - permissionPromptCount?: number; - permissionPromptCountAtLastCommit?: number; - escapeCount?: number; - escapeCountAtLastCommit?: number; } // --------------------------------------------------------------------------- @@ -156,6 +155,40 @@ export function computeContentHash(content: string): string { return createHash('sha256').update(content).digest('hex'); } +/** + * Defensive coercions for restoring snapshot fields. A snapshot can + * arrive with `undefined` / wrong-type fields if the on-disk JSON was + * partially written or pre-dates the current schema; without coercion + * they would flow through `Math.min(undefined, n) === NaN` into the + * git-notes payload. + */ +function sanitiseCount(v: unknown): number { + return typeof v === 'number' && Number.isFinite(v) && v >= 0 ? v : 0; +} + +function sanitiseAttribution(v: unknown): FileAttribution { + const obj = (v ?? {}) as Partial; + return { + aiContribution: sanitiseCount(obj.aiContribution), + aiCreated: typeof obj.aiCreated === 'boolean' ? obj.aiCreated : false, + contentHash: typeof obj.contentHash === 'string' ? obj.contentHash : '', + }; +} + +function sanitiseBaseline(v: unknown): FileBaseline { + const obj = (v ?? {}) as Partial; + return { + contentHash: typeof obj.contentHash === 'string' ? obj.contentHash : '', + mtime: sanitiseCount(obj.mtime), + }; +} + +/** + * Surface label embedded in the git-notes payload. Defaults to `'cli'` + * for the qwen-code CLI; embedders (IDE extensions, SDK consumers) can + * override by setting `QWEN_CODE_ENTRYPOINT` before construction so the + * note records where the contribution was authored. + */ export function getClientSurface(): string { return process.env['QWEN_CODE_ENTRYPOINT'] ?? 'cli'; } @@ -177,10 +210,6 @@ export class CommitAttributionService { // -- Prompt counting -- private promptCount: number = 0; private promptCountAtLastCommit: number = 0; - private permissionPromptCount: number = 0; - private permissionPromptCountAtLastCommit: number = 0; - private escapeCount: number = 0; - private escapeCountAtLastCommit: number = 0; private constructor() {} @@ -295,8 +324,6 @@ export class CommitAttributionService { clearAttributions(commitSucceeded: boolean = true): void { if (commitSucceeded) { this.promptCountAtLastCommit = this.promptCount; - this.permissionPromptCountAtLastCommit = this.permissionPromptCount; - this.escapeCountAtLastCommit = this.escapeCount; } this.fileAttributions.clear(); this.sessionBaselines.clear(); @@ -318,8 +345,6 @@ export class CommitAttributionService { */ clearAttributedFiles(committedAbsolutePaths: Set): void { this.promptCountAtLastCommit = this.promptCount; - this.permissionPromptCountAtLastCommit = this.permissionPromptCount; - this.escapeCountAtLastCommit = this.escapeCount; for (const p of committedAbsolutePaths) { this.fileAttributions.delete(p); this.sessionBaselines.delete(p); @@ -342,28 +367,42 @@ export class CommitAttributionService { } return { type: 'attribution-snapshot', + version: ATTRIBUTION_SNAPSHOT_VERSION, surface: this.surface, fileStates, baselines, promptCount: this.promptCount, promptCountAtLastCommit: this.promptCountAtLastCommit, - permissionPromptCount: this.permissionPromptCount, - permissionPromptCountAtLastCommit: this.permissionPromptCountAtLastCommit, - escapeCount: this.escapeCount, - escapeCountAtLastCommit: this.escapeCountAtLastCommit, }; } /** Restore state from a persisted snapshot. */ restoreFromSnapshot(snapshot: AttributionSnapshot): void { + // Future schema bumps land here. Treat absent `version` as 1 + // (the schema in production at the time this field was added) so + // existing on-disk snapshots restore cleanly. + const snapshotVersion = snapshot.version ?? 1; + if (snapshotVersion !== ATTRIBUTION_SNAPSHOT_VERSION) { + // Don't trust a stale shape — its fields may have moved or + // changed semantics. Reset to a fresh state rather than + // splice incompatible data. + this.fileAttributions.clear(); + this.sessionBaselines.clear(); + this.surface = getClientSurface(); + this.promptCount = 0; + this.promptCountAtLastCommit = 0; + return; + } + this.surface = snapshot.surface ?? getClientSurface(); - this.promptCount = snapshot.promptCount ?? 0; - this.promptCountAtLastCommit = snapshot.promptCountAtLastCommit ?? 0; - this.permissionPromptCount = snapshot.permissionPromptCount ?? 0; - this.permissionPromptCountAtLastCommit = - snapshot.permissionPromptCountAtLastCommit ?? 0; - this.escapeCount = snapshot.escapeCount ?? 0; - this.escapeCountAtLastCommit = snapshot.escapeCountAtLastCommit ?? 0; + // A corrupted or partially-written snapshot can leave numeric + // counters as `undefined`; without coercion, downstream + // `Math.min(undefined, n)` produces NaN that flows into the + // git-notes payload. Coerce per-field with a typed default. + this.promptCount = sanitiseCount(snapshot.promptCount); + this.promptCountAtLastCommit = sanitiseCount( + snapshot.promptCountAtLastCommit, + ); this.fileAttributions.clear(); for (const [k, v] of Object.entries(snapshot.fileStates ?? {})) { @@ -373,11 +412,11 @@ export class CommitAttributionService { // session resumed from a pre-fix snapshot could have two // parallel records for the same file under symlink/canonical // forms. - this.fileAttributions.set(realpathOrSelf(k), { ...v }); + this.fileAttributions.set(realpathOrSelf(k), sanitiseAttribution(v)); } this.sessionBaselines.clear(); for (const [k, v] of Object.entries(snapshot.baselines ?? {})) { - this.sessionBaselines.set(realpathOrSelf(k), { ...v }); + this.sessionBaselines.set(realpathOrSelf(k), sanitiseBaseline(v)); } } diff --git a/packages/core/src/services/generatedFiles.test.ts b/packages/core/src/services/generatedFiles.test.ts index f1d245039b4..9805c61d1af 100644 --- a/packages/core/src/services/generatedFiles.test.ts +++ b/packages/core/src/services/generatedFiles.test.ts @@ -62,4 +62,25 @@ describe('isGeneratedFile', () => { expect(isGeneratedFile('package.json')).toBe(false); expect(isGeneratedFile('src/components/Button.tsx')).toBe(false); }); + + // Segment-boundary check: project dirs that *contain* a reserved + // word as a substring (e.g. `my-dist`, `xbuild`, `prebuild`) must + // not be caught by the directory rule. + it('should NOT exclude dirs that merely substring-match a reserved name', () => { + expect(isGeneratedFile('my-dist/file.ts')).toBe(false); + expect(isGeneratedFile('xbuild/core.ts')).toBe(false); + expect(isGeneratedFile('rebuild/notes.md')).toBe(false); + expect(isGeneratedFile('preout/x.ts')).toBe(false); + // The filename itself isn't subject to the directory rule. + expect(isGeneratedFile('src/dist.ts')).toBe(false); + }); + + // `.lock` is no longer a blanket exclusion — only the explicit + // EXCLUDED_FILENAMES (yarn.lock etc.) are dropped. + it('should NOT exclude unknown .lock files (only well-known ones)', () => { + expect(isGeneratedFile('config/feature.lock')).toBe(false); + expect(isGeneratedFile('terraform/.terraform.lock.hcl')).toBe(false); + // Sanity: known lockfiles still excluded. + expect(isGeneratedFile('yarn.lock')).toBe(true); + }); }); diff --git a/packages/core/src/services/generatedFiles.ts b/packages/core/src/services/generatedFiles.ts index dd20f36bfd7..d5ab6ad2358 100644 --- a/packages/core/src/services/generatedFiles.ts +++ b/packages/core/src/services/generatedFiles.ts @@ -36,7 +36,6 @@ const EXCLUDED_FILENAMES = new Set([ // output) tends to live under `/dist/`, `/build/`, or `/out/`, // which are already covered by `EXCLUDED_DIRECTORIES`. const EXCLUDED_EXTENSIONS = new Set([ - '.lock', '.min.js', '.min.css', '.min.html', @@ -46,29 +45,35 @@ const EXCLUDED_EXTENSIONS = new Set([ '.generated.js', ]); -// Directory patterns that indicate generated/vendored content -const EXCLUDED_DIRECTORIES = [ - '/dist/', - '/build/', - '/out/', - '/output/', - '/node_modules/', - '/vendor/', - '/vendored/', - '/third_party/', - '/third-party/', - '/external/', - '/.next/', - '/.nuxt/', - '/.svelte-kit/', - '/coverage/', - '/__pycache__/', - '/.tox/', - '/venv/', - '/.venv/', - '/target/release/', - '/target/debug/', -]; +// Directory segments that indicate generated/vendored content. Compared +// against path segments (split on `/`) rather than substrings, so a +// project dir named `my-dist` or `xbuild` doesn't get caught by a +// `/dist/` substring match and silently drop AI attribution. +const EXCLUDED_DIRECTORY_SEGMENTS = new Set([ + 'dist', + 'build', + 'out', + 'output', + 'node_modules', + 'vendor', + 'vendored', + 'third_party', + 'third-party', + 'external', + '.next', + '.nuxt', + '.svelte-kit', + 'coverage', + '__pycache__', + '.tox', + 'venv', + '.venv', +]); + +// Multi-segment directory patterns that need contiguous matches +// (e.g. `target/release` and `target/debug` for Rust — `target` alone +// is too noisy as it's a common app name too). +const EXCLUDED_DIRECTORY_PATH_SUFFIXES = ['target/release', 'target/debug']; // Filename patterns using regex for more complex matching const EXCLUDED_FILENAME_PATTERNS = [ @@ -118,8 +123,20 @@ export function isGeneratedFile(filePath: string): boolean { } const normalizedPathLower = normalizedPath.toLowerCase(); - for (const dir of EXCLUDED_DIRECTORIES) { - if (normalizedPathLower.includes(dir)) { + // Segment-boundary check: split on `/` and test each segment against + // EXCLUDED_DIRECTORY_SEGMENTS so `/repo/my-dist/file.ts` (a literal + // dir name) doesn't get caught by the `dist` rule the way a naïve + // `.includes('/dist/')` substring match could appear to suggest. + const segments = normalizedPathLower.split('/').filter(Boolean); + // The last segment is the filename — directory rules only apply to + // intermediate path components. + for (const seg of segments.slice(0, -1)) { + if (EXCLUDED_DIRECTORY_SEGMENTS.has(seg)) { + return true; + } + } + for (const suffix of EXCLUDED_DIRECTORY_PATH_SUFFIXES) { + if (normalizedPathLower.includes(`/${suffix}/`)) { return true; } } diff --git a/packages/core/src/tools/shell.test.ts b/packages/core/src/tools/shell.test.ts index e9d06930fc6..b6a64c4bfba 100644 --- a/packages/core/src/tools/shell.test.ts +++ b/packages/core/src/tools/shell.test.ts @@ -1983,6 +1983,38 @@ describe('ShellTool', () => { ); }); + // gh CLI uses the *last* `--body` flag when multiple are + // provided. Splicing into the first one would silently drop + // attribution. Mirrors the matchAll/last-match behaviour in + // addCoAuthorToGitCommit. + it('should target the LAST --body when gh pr create has multiple', async () => { + const command = + 'gh pr create --title "x" --body "ignored" --body "real summary"'; + const invocation = shellTool.build({ command, is_background: false }); + const promise = invocation.execute(mockAbortSignal); + resolveExecutionPromise({ + rawOutput: Buffer.from(''), + output: '', + exitCode: 0, + signal: null, + error: null, + aborted: false, + pid: 12345, + executionMethod: 'child_process', + }); + await promise; + + const calls = mockShellExecutionService.mock.calls; + const cmd = calls[calls.length - 1]?.[0] as string; + expect(cmd).toMatch( + /--body "ignored" --body "real summary[\s\S]*Generated with Qwen Code/, + ); + // The trailer must NOT be inside the first --body. + expect(cmd).not.toMatch( + /--body "ignored[\s\S]*Generated with Qwen Code[\s\S]*" --body/, + ); + }); + // `gh --repo owner/repo pr create` shifts pr/create past the // fixed `tokens[1]/tokens[2]` slots; a literal-position check // misses these forms. diff --git a/packages/core/src/tools/shell.ts b/packages/core/src/tools/shell.ts index 8a7e23cce15..b28a1edcdad 100644 --- a/packages/core/src/tools/shell.ts +++ b/packages/core/src/tools/shell.ts @@ -1709,7 +1709,22 @@ export class ShellToolInvocation extends BaseToolInvocation< canonicalBase = baseDir; } committedAbsolutePaths = new Set( - stagedInfo.files.map((rel) => path.resolve(canonicalBase, rel)), + stagedInfo.files.map((rel) => { + const resolved = path.resolve(canonicalBase, rel); + // recordEdit canonicalises *every* component via realpathSync, + // so a file that lives behind an intermediate symlink (e.g. + // `repo/symlinked-dir/file.ts` where `symlinked-dir` -> elsewhere) + // gets stored under the realpath of the leaf. canonicalising + // only the base wouldn't follow the inner symlink and the lookup + // miss would silently zero attribution + leak the entry past + // commit. Try realpath on the full resolved path and fall back + // to the unresolved form if the file no longer exists (deletion). + try { + return fs.realpathSync(resolved); + } catch { + return resolved; + } + }), ); const note = attributionService.generateNotePayload( @@ -2134,18 +2149,41 @@ export class ShellToolInvocation extends BaseToolInvocation< const BODY_FLAG = `(?:--body|-b)[\\s=]+`; const bodyDoublePattern = new RegExp( `(${BODY_FLAG})"((?:[^"\\\\]|\\\\.)*)"`, + 'g', ); // Bash apostrophes inside a single-quoted body use the // close-escape-reopen form `'\''`. The inner alternation matches // either a non-apostrophe character or that escape sequence as a // whole, so the trailer lands at the true end of the body rather // than after only the first quoted segment. - const bodySinglePattern = new RegExp(`(${BODY_FLAG})'((?:[^']|'\\\\'')*)'`); + const bodySinglePattern = new RegExp( + `(${BODY_FLAG})'((?:[^']|'\\\\'')*)'`, + 'g', + ); const segment = command.slice(ghSegment.start, ghSegment.end); - const bodyDoubleMatch = segment.match(bodyDoublePattern); - const bodySingleMatch = segment.match(bodySinglePattern); - const bodyMatch = bodyDoubleMatch ?? bodySingleMatch; - const bodyQuote = bodyDoubleMatch ? '"' : "'"; + // gh ignores all but the last `--body`/`-b` flag, so the trailer + // has to land in the final occurrence to actually appear in the PR. + // matchAll → take the last match for each quote style, then pick + // whichever sits later in the segment (mirrors addCoAuthorToGitCommit). + const lastMatch = ( + matches: IterableIterator, + ): T | null => { + let result: T | null = null; + for (const m of matches) result = m; + return result; + }; + const bodyDoubleMatch = lastMatch(segment.matchAll(bodyDoublePattern)); + const bodySingleMatch = lastMatch(segment.matchAll(bodySinglePattern)); + let bodyMatch: RegExpMatchArray | null; + if (bodyDoubleMatch && bodySingleMatch) { + bodyMatch = + (bodyDoubleMatch.index ?? 0) > (bodySingleMatch.index ?? 0) + ? bodyDoubleMatch + : bodySingleMatch; + } else { + bodyMatch = bodyDoubleMatch ?? bodySingleMatch; + } + const bodyQuote = bodyMatch === bodyDoubleMatch ? '"' : "'"; if (bodyMatch) { const [fullMatch, prefix, existingBody] = bodyMatch; @@ -2162,9 +2200,10 @@ export class ShellToolInvocation extends BaseToolInvocation< // Without this, a configured generator name containing `"`, `$`, a // backtick, or `'` would either break the user-approved `gh pr // create` command or, worse, be interpreted as command substitution. - const escapedAttribution = bodyDoubleMatch - ? escapeForBashDoubleQuote(attribution) - : escapeForBashSingleQuote(attribution); + const escapedAttribution = + bodyMatch === bodyDoubleMatch + ? escapeForBashDoubleQuote(attribution) + : escapeForBashSingleQuote(attribution); const newBody = existingBody + escapedAttribution; // Splice the modified segment back into the original command, // offsetting the in-segment match index by the segment start. From eecb0cfa161b6294670c9c810678d665e48a6e78 Mon Sep 17 00:00:00 2001 From: wenshao Date: Mon, 4 May 2026 06:45:40 +0800 Subject: [PATCH 31/64] fix(attribution): skip values for env -u NAME and -S string MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit `env`'s value-taking flags (`-u`/`--unset`, `-S`/`--split-string`) were not in the wrapper's flag-skip allowlist, so `env -u FOO git commit ...` left FOO as the next token and the parser treated it as the program — masking the real `git commit` from attribution detection. Add an ENV_FLAGS_WITH_VALUE table mirroring the sudo allowlist. Regression test added. --- packages/core/src/tools/shell.test.ts | 32 +++++++++++++++++++++++++++ packages/core/src/tools/shell.ts | 25 +++++++++++++-------- 2 files changed, 48 insertions(+), 9 deletions(-) diff --git a/packages/core/src/tools/shell.test.ts b/packages/core/src/tools/shell.test.ts index b6a64c4bfba..0a273be8ab4 100644 --- a/packages/core/src/tools/shell.test.ts +++ b/packages/core/src/tools/shell.test.ts @@ -1247,6 +1247,38 @@ describe('ShellTool', () => { ); }); + // `env -u NAME` unsets a variable. The flag takes a value, so + // tokeniseSegment has to skip it; otherwise NAME would be left + // as the next token and the parser would treat it as the + // program, masking the real `git commit`. + it('should add co-author when git commit is wrapped in env -u NAME', async () => { + const command = 'env -u GIT_AUTHOR_DATE git commit -m "Test commit"'; + const invocation = shellTool.build({ command, is_background: false }); + const promise = invocation.execute(mockAbortSignal); + + resolveExecutionPromise({ + rawOutput: Buffer.from(''), + output: '', + exitCode: 0, + signal: null, + error: null, + aborted: false, + pid: 12345, + executionMethod: 'child_process', + }); + + await promise; + + expect(mockShellExecutionService).toHaveBeenCalledWith( + expect.stringContaining('Co-authored-by:'), + expect.any(String), + expect.any(Function), + expect.any(AbortSignal), + false, + {}, + ); + }); + it('should NOT add co-author for cd .. && git commit (could escape repo)', async () => { const command = 'cd .. && git commit -m "Test commit"'; const invocation = shellTool.build({ command, is_background: false }); diff --git a/packages/core/src/tools/shell.ts b/packages/core/src/tools/shell.ts index b28a1edcdad..a00916c4f13 100644 --- a/packages/core/src/tools/shell.ts +++ b/packages/core/src/tools/shell.ts @@ -133,15 +133,16 @@ function tokeniseSegment(segment: string): string[] | null { while (i < tokens.length && tokens[i]!.startsWith('-')) { const flag = tokens[i]!; i++; - // Only sudo has value-taking flags in this allowlist; for - // `command` and `env`'s flag-only options we leave i alone. - // (`env -u NAME` also takes a value, but skipping the - // following KEY=VALUE block below covers it implicitly.) - if ( - wrapper === 'sudo' && - SUDO_FLAGS_WITH_VALUE.has(flag) && - i < tokens.length - ) { + // Value-taking flag tables, per wrapper: `sudo -u user`, + // `env -u NAME` (unset), `env -S string` (split-string args). + // `command` has no value-taking options in this allowlist. + // Without skipping the value, `env -u FOO git commit ...` + // would leave `FOO` as `tokens[0]` and the parser would treat + // it as the program — masking the real `git commit`. + const takesValue = + (wrapper === 'sudo' && SUDO_FLAGS_WITH_VALUE.has(flag)) || + (wrapper === 'env' && ENV_FLAGS_WITH_VALUE.has(flag)); + if (takesValue && i < tokens.length) { i++; } } @@ -174,6 +175,12 @@ const SUDO_FLAGS_WITH_VALUE = new Set([ '--type', ]); +// `env`'s value-taking flags. `-u NAME` unsets a variable; +// `-S "string"` splits a single string into args. Without skipping +// the value, `env -u FOO git commit ...` would leave `FOO` as the +// next token and the parser would treat it as the program. +const ENV_FLAGS_WITH_VALUE = new Set(['-u', '--unset', '-S', '--split-string']); + /** * Walk a `git ...` token sequence past git's global flags * (`-c key=val`, `-C path`, `--no-pager`, `--git-dir`, `--work-tree`, From 9e731698aee24b8024543de33dcda8ea8b70abeb Mon Sep 17 00:00:00 2001 From: wenshao Date: Tue, 5 May 2026 14:16:19 +0800 Subject: [PATCH 32/64] fix(attribution): submodule leak, PR body nesting, shallow-clone bail, schema default MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - attachCommitAttribution: when HEAD didn't move in our cwd, leave pending attributions alone instead of dropping them. The case can be a failed commit, `git reset HEAD~1`, OR `cd submodule && git commit` (inner repo's HEAD moves, ours doesn't). Dropping was overly aggressive and silently lost outer-repo edits in the submodule case. - addAttributionToPR: mirror addCoAuthorToGitCommit's nested-match rejection so `gh pr create --body "docs mention -b 'flag'"` picks the outer `--body`, not the inner literal `-b`. Splicing into the inner match would corrupt the body. Regression test added. - getCommittedFileInfo: when `rev-parse --verify HEAD~1` fails, also check `rev-list --count HEAD === 1` to confirm HEAD is the true root commit. In a shallow clone, HEAD~1 is unreadable but the commit has a parent recorded — falling back to `diff-tree --root` would diff against the empty tree and over-attribute the entire commit. Bail with a debug warning instead. - generate-settings-schema: lift `default` (and `description`) out of the inner `anyOf[N]` schema to the outer level when wrapping with `legacyTypes`. Most JSON-schema-driven editors only surface top-level defaults; burying the default under `anyOf` lost the "enabled by default" hint. Also extend the default filter to publish non-empty plain objects (so `gitCoAuthor`'s default can appear). gitCoAuthor's source default updated to the runtime shape `{commit: true, pr: true}` to match `normalizeGitCoAuthor`. --- packages/cli/src/config/settingsSchema.ts | 6 +- packages/core/src/tools/shell.test.ts | 33 +++++++ packages/core/src/tools/shell.ts | 90 ++++++++++++++----- .../schemas/settings.schema.json | 4 + scripts/generate-settings-schema.ts | 19 +++- 5 files changed, 128 insertions(+), 24 deletions(-) diff --git a/packages/cli/src/config/settingsSchema.ts b/packages/cli/src/config/settingsSchema.ts index 196bb0015fc..9cc08c88453 100644 --- a/packages/cli/src/config/settingsSchema.ts +++ b/packages/cli/src/config/settingsSchema.ts @@ -372,7 +372,11 @@ const SETTINGS_SCHEMA = { label: 'Attribution', category: 'General', requiresRestart: false, - default: {}, + // Match `normalizeGitCoAuthor`'s runtime defaults so the IDE + // schema publishes the same "enabled by default" hint users see + // at runtime. The empty-object form here would silently lose + // editor-surfaced defaults. + default: { commit: true, pr: true }, description: 'Attribution added to git commits and pull requests created through Qwen Code.', showInDialog: false, diff --git a/packages/core/src/tools/shell.test.ts b/packages/core/src/tools/shell.test.ts index 29685ffac46..10a426b2ea0 100644 --- a/packages/core/src/tools/shell.test.ts +++ b/packages/core/src/tools/shell.test.ts @@ -2452,6 +2452,39 @@ describe('ShellTool', () => { ); }); + // A `-b 'flag'` mention literally inside the outer `--body "..."` + // text must NOT be picked as the body argument: the trailer + // would land mid-body, corrupting the user-approved command. + // Mirrors addCoAuthorToGitCommit's nested-match check. + it('should pick the OUTER --body when an inner -b appears in body text', async () => { + const command = + 'gh pr create --title "x" --body "docs mention -b \'flag\' here"'; + const invocation = shellTool.build({ command, is_background: false }); + const promise = invocation.execute(mockAbortSignal); + resolveExecutionPromise({ + rawOutput: Buffer.from(''), + output: '', + exitCode: 0, + signal: null, + error: null, + aborted: false, + pid: 12345, + executionMethod: 'child_process', + }); + await promise; + + const calls = mockShellExecutionService.mock.calls; + const cmd = calls[calls.length - 1]?.[0] as string; + // The trailer must appear AFTER the closing `"` of the outer + // body, not between `flag` and `here`. + expect(cmd).toMatch( + /--body "docs mention -b 'flag' here[\s\S]*Generated with Qwen Code"/, + ); + expect(cmd).not.toMatch( + /-b 'flag[\s\S]*Generated with Qwen Code[\s\S]*' here"/, + ); + }); + it('should append attribution to gh pr create --body when pr enabled', async () => { const command = 'gh pr create --title "x" --body "Summary"'; const invocation = shellTool.build({ command, is_background: false }); diff --git a/packages/core/src/tools/shell.ts b/packages/core/src/tools/shell.ts index 571c963e3bf..346334d81a3 100644 --- a/packages/core/src/tools/shell.ts +++ b/packages/core/src/tools/shell.ts @@ -1802,14 +1802,17 @@ export class ShellToolInvocation extends BaseToolInvocation< const attributionService = CommitAttributionService.getInstance(); if (!commitCreated) { - // No new commit landed (nothing staged, hook rejected, or user - // reset right after). Drop the per-file attributions but keep the - // "since last commit" prompt counters intact — the user's next - // attempt should still credit prompts that happened during this - // failed try. - if (attributionService.hasAttributions()) { - attributionService.clearAttributions(false); - } + // HEAD didn't move in this cwd. Possible causes: + // 1. Commit failed (hook rejected, nothing staged, etc.) + // 2. User did `git commit && git reset HEAD~1` — HEAD reverted + // 3. Submodule case (`cd submodule && git commit`) — the inner + // repo's HEAD moved, ours didn't + // We can't tell these apart reliably from here. Dropping the + // per-file attributions on (1)/(2) is fine in isolation, but on + // (3) we'd silently lose the user's outer-repo edits even though + // none of them were committed. Leave attributions intact instead: + // a later successful commit will overwrite the counters and the + // accumulated aiContribution still represents real AI work. return; } @@ -2015,17 +2018,38 @@ export class ShellToolInvocation extends BaseToolInvocation< }; try { - // The two `rev-parse` calls are independent — fan out so we - // don't pay the spawn latency twice serially. Same for the - // three diff calls below once we know which form to use. - const [hasParentOutput, repoRootOutput] = await Promise.all([ - runGit('rev-parse --verify HEAD~1'), - runGit('rev-parse --show-toplevel'), - ]); - // hasParent fails for shallow clones where the parent was - // pruned, which is fine — diff-tree --root is a safe fallback - // that diffs against the empty tree. + // The four `rev-parse`-shaped calls are independent — fan out so + // we don't pay the spawn latency serially. Same for the three + // diff calls below once we know which form to use. + // - `rev-parse --verify HEAD~1`: probe whether the parent OBJECT + // is locally available (fails in shallow clones where the + // parent was pruned). + // - `rev-list --count HEAD`: total commits reachable. `=== 1` + // means HEAD truly is the root commit (no parent SHA recorded + // on HEAD), where `diff-tree --root` is correct. `> 1` means + // HEAD has a parent recorded — if --verify also failed, this + // is a shallow clone and we must NOT fall back to --root + // (which would diff against the empty tree and over-attribute). + const [hasParentOutput, commitCountOutput, repoRootOutput] = + await Promise.all([ + runGit('rev-parse --verify HEAD~1'), + runGit('rev-list --count HEAD'), + runGit('rev-parse --show-toplevel'), + ]); const hasParent = hasParentOutput.length > 0; + const totalCommits = parseInt(commitCountOutput.trim(), 10); + const isTrueRootCommit = + Number.isFinite(totalCommits) && totalCommits === 1; + // Shallow clone: HEAD has a parent but the object isn't local. + // Bail rather than over-attribute via --root. + if (!hasParent && !isTrueRootCommit) { + debugLogger.warn( + 'getCommittedFileInfo: HEAD~1 unreadable but commit is not the ' + + 'true root (shallow clone?); skipping attribution to avoid ' + + 'attributing the entire commit contents.', + ); + return empty; + } // Capture the repo root so the attribution service can // reconcile paths from `git diff` (relative to the toplevel) // against absolute paths recorded by the edit/write tools. @@ -2365,12 +2389,34 @@ export class ShellToolInvocation extends BaseToolInvocation< }; const bodyDoubleMatch = lastMatch(segment.matchAll(bodyDoublePattern)); const bodySingleMatch = lastMatch(segment.matchAll(bodySinglePattern)); + // Pick whichever match appears LAST in the segment, regardless of + // quote style — but reject any candidate that's nested inside the + // other's range. For `gh pr create --body "docs mention -b 'flag'"` + // the inner `-b 'flag'` is INSIDE the outer `--body "..."`; without + // a nesting check the inner (later) `-b` would win and the trailer + // would be spliced into the body text rather than appended after it. + const bodyMatchRange = (m: RegExpMatchArray | null) => + m ? { start: m.index ?? 0, end: (m.index ?? 0) + m[0].length } : null; + const bodyIsInside = ( + inner: RegExpMatchArray | null, + outer: RegExpMatchArray | null, + ): boolean => { + const i = bodyMatchRange(inner); + const o = bodyMatchRange(outer); + return !!(i && o && i.start >= o.start && i.end <= o.end); + }; let bodyMatch: RegExpMatchArray | null; if (bodyDoubleMatch && bodySingleMatch) { - bodyMatch = - (bodyDoubleMatch.index ?? 0) > (bodySingleMatch.index ?? 0) - ? bodyDoubleMatch - : bodySingleMatch; + if (bodyIsInside(bodySingleMatch, bodyDoubleMatch)) { + bodyMatch = bodyDoubleMatch; + } else if (bodyIsInside(bodyDoubleMatch, bodySingleMatch)) { + bodyMatch = bodySingleMatch; + } else { + bodyMatch = + (bodyDoubleMatch.index ?? 0) > (bodySingleMatch.index ?? 0) + ? bodyDoubleMatch + : bodySingleMatch; + } } else { bodyMatch = bodyDoubleMatch ?? bodySingleMatch; } diff --git a/packages/vscode-ide-companion/schemas/settings.schema.json b/packages/vscode-ide-companion/schemas/settings.schema.json index f3eac002bd0..56059da92ee 100644 --- a/packages/vscode-ide-companion/schemas/settings.schema.json +++ b/packages/vscode-ide-companion/schemas/settings.schema.json @@ -67,6 +67,10 @@ }, "gitCoAuthor": { "description": "Attribution added to git commits and pull requests created through Qwen Code.", + "default": { + "commit": true, + "pr": true + }, "anyOf": [ { "type": "boolean" diff --git a/scripts/generate-settings-schema.ts b/scripts/generate-settings-schema.ts index 3d21a065a75..6da2c8f5d7b 100644 --- a/scripts/generate-settings-schema.ts +++ b/scripts/generate-settings-schema.ts @@ -148,7 +148,7 @@ function convertSettingToJsonSchema( break; } - // Add default value for simple types only + // Add default value for simple and object types if (setting.default !== undefined && setting.default !== null) { const defaultVal = setting.default; if ( @@ -159,6 +159,14 @@ function convertSettingToJsonSchema( schema.default = defaultVal; } else if (Array.isArray(defaultVal) && defaultVal.length > 0) { schema.default = defaultVal; + } else if ( + typeof defaultVal === 'object' && + !Array.isArray(defaultVal) && + Object.keys(defaultVal).length > 0 + ) { + // Non-empty plain object — publish so IDE editors can surface the + // default value (e.g. `{commit: true, pr: true}` for gitCoAuthor). + schema.default = defaultVal; } } @@ -166,11 +174,20 @@ function convertSettingToJsonSchema( // later expanded into an object), wrap with `anyOf` so existing values // in users' settings.json don't trip the IDE schema validator while // they wait for our migration to rewrite them on the next launch. + // + // Lift `description` and `default` to the outer (anyOf) level so IDE + // editors that surface schema-driven defaults / descriptions still see + // them — burying these behind `anyOf[N]` makes most validators ignore + // the `default`, which loses the "enabled by default" hint for any + // setting using `legacyTypes`. if (setting.legacyTypes && setting.legacyTypes.length > 0) { const description = schema.description; + const defaultVal = schema.default; delete schema.description; + delete schema.default; return { ...(description ? { description } : {}), + ...(defaultVal !== undefined ? { default: defaultVal } : {}), anyOf: [...setting.legacyTypes.map((t) => ({ type: t })), schema], }; } From 090758c5b17d5ad72184663ee5bedff2aae89d8f Mon Sep 17 00:00:00 2001 From: wenshao Date: Tue, 5 May 2026 22:10:43 +0800 Subject: [PATCH 33/64] fix(attribution): drop unsafe full-clear, tag analysis-failure with null ju1p (Copilot): the `else if (commitCtx.hasCommit)` branch fully cleared the singleton on `cd /abs/same-repo/subdir && git commit` (or `git -C . commit`), losing pending AI edits the user hadn't staged. We can't tell which files were in the commit from this branch, and the next attributable commit's partial-clear handles cleanup correctly anyway. Drop the branch entirely. ju2D (Copilot): `getCommittedFileInfo` returned the same empty StagedFileInfo for both "could not analyze" (shallow clone, --amend without reflog, --numstat partial failure, exception) and "intentionally empty" (--allow-empty). The caller couldn't tell them apart, so the partial clear became a no-op on analysis failure and the just-committed AI edits leaked to the next commit. Switch the return type to `StagedFileInfo | null` and have the caller treat null as "fall back to full clear" while empty StagedFileInfo (--allow-empty) leaves attributions intact for the next real commit. --- packages/core/src/tools/shell.ts | 57 +++++++++++++++++++++----------- 1 file changed, 37 insertions(+), 20 deletions(-) diff --git a/packages/core/src/tools/shell.ts b/packages/core/src/tools/shell.ts index 346334d81a3..d7ce4f524d7 100644 --- a/packages/core/src/tools/shell.ts +++ b/packages/core/src/tools/shell.ts @@ -1322,21 +1322,17 @@ export class ShellToolInvocation extends BaseToolInvocation< // attribute only the actual amend delta. const isAmend = isAmendCommit(strippedCommand); await this.attachCommitAttribution(cwd, preHead, isAmend); - } else if (commitCtx.hasCommit) { - // A `cd subdir && git commit` (or `git -C ... commit`) ran a - // commit we can't attribute, but our cwd's HEAD may still have - // moved (subdir is the same repo). If it did, the singleton's - // pending per-file attributions just got consumed by that - // commit — clear them so they don't leak into the next - // foreground commit. If HEAD didn't move (commit landed in a - // genuinely different repo), leave the entries alone. - const preHead = await preHeadPromise; - const postHead = await this.getGitHead(cwd); - if (postHead !== null && postHead !== preHead) { - const svc = CommitAttributionService.getInstance(); - if (svc.hasAttributions()) svc.clearAttributions(true); - } } + // Intentionally NO `else if (commitCtx.hasCommit)` cleanup branch: + // commands that match `hasCommit` but not `attributableInCwd` + // (e.g. `cd /abs/path/to/this/repo && git commit`, `git -C . commit`) + // can land a commit in our cwd, but we don't know which files were + // staged — the user may have done a partial `git add A` and left + // unstaged AI edits to B and C pending. A wholesale + // `clearAttributions(true)` here would silently lose B and C even + // though they weren't committed. Leave the singleton alone; the + // next attributable commit's `attachCommitAttribution` will do a + // proper partial clear via `clearAttributedFiles`. // Decide whether to emit the long-run advisory. Conditions: // - Process completed under its own steam (no AbortSignal @@ -1875,6 +1871,16 @@ export class ShellToolInvocation extends BaseToolInvocation< // The commit already happened, so we diff HEAD~1..HEAD instead of --cached. const stagedInfo = await this.getCommittedFileInfo(cwd, isAmend); + // null = analysis failed (shallow clone, --amend without reflog, + // partial diff failure, etc.). Leave `committedAbsolutePaths` + // null so the finally block falls back to a full clear and we + // don't leak stale per-file attributions into the next commit. + // Skip the note write entirely — emitting a structurally valid + // but factually wrong all-zero note is worse than no note. + if (stagedInfo === null) { + return; // finally block still runs for cleanup + } + // Pass the actual model name (e.g. `qwen3-coder-plus`) rather than the // co-author display label so the note's `generator` field reflects // which model produced the changes — and so generateNotePayload's @@ -1992,12 +1998,23 @@ export class ShellToolInvocation extends BaseToolInvocation< /** * Get information about files in the most recent commit by diffing - * HEAD against its parent (HEAD~1). Falls back to empty info on error. + * HEAD against its parent (HEAD~1). + * + * Returns: + * - A populated `StagedFileInfo` when analysis succeeded. + * - An empty `StagedFileInfo` when the commit truly has no files + * (e.g. `--allow-empty`). The caller does a no-op partial clear so + * pending AI attributions stay tracked for the next real commit. + * - `null` when analysis itself failed (shallow clone with no parent + * object, --amend with no reflog, partial diff failure, exception). + * The caller treats this as "could not determine the committed + * set" and falls back to a full clear so stale per-file state + * doesn't leak into a subsequent commit. */ private async getCommittedFileInfo( cwd: string, isAmend: boolean, - ): Promise { + ): Promise { const empty: StagedFileInfo = { files: [], diffSizes: new Map(), @@ -2048,7 +2065,7 @@ export class ShellToolInvocation extends BaseToolInvocation< 'true root (shallow clone?); skipping attribution to avoid ' + 'attributing the entire commit contents.', ); - return empty; + return null; } // Capture the repo root so the attribution service can // reconcile paths from `git diff` (relative to the toplevel) @@ -2077,7 +2094,7 @@ export class ShellToolInvocation extends BaseToolInvocation< 'getCommittedFileInfo: --amend with empty reflog; skipping ' + 'attribution note (cannot determine amend delta).', ); - return empty; + return null; } diffArgs = { name: 'diff --name-only HEAD@{1} HEAD', @@ -2130,7 +2147,7 @@ export class ShellToolInvocation extends BaseToolInvocation< '--name-only listed files; skipping attribution note to ' + 'avoid emitting all-zero AI percentages.', ); - return empty; + return null; } return { @@ -2140,7 +2157,7 @@ export class ShellToolInvocation extends BaseToolInvocation< repoRoot: repoRoot.length > 0 ? repoRoot : undefined, }; } catch { - return empty; + return null; } } From 3c0e3293be1c8f3fc10b03507642912671d9d880 Mon Sep 17 00:00:00 2001 From: wenshao Date: Tue, 5 May 2026 22:52:32 +0800 Subject: [PATCH 34/64] fix(attribution): dedup snapshot writes, cap excludedGenerated, doc commit toggle scope MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit rsf- (Copilot): recordAttributionSnapshot wrote a full snapshot to the JSONL on every non-retry turn, even when the tracked state was unchanged. Long-running sessions accumulated thousands of identical snapshot copies, inflating session size and slowing /resume hydrate. Dedup by JSON-equality with the prior write — first write always goes through, identical successors are no-ops. rsgo (Copilot): excludedGenerated path list was unbounded. A commit churning thousands of generated artifacts (large dist/ rebuild) could push the JSON note past MAX_NOTE_BYTES (30KB) and lose attribution for the real source files in the same commit. Cap the serialized sample at MAX_EXCLUDED_GENERATED_SAMPLE (50) and add excludedGeneratedCount for the true total. rsg9 + rshM (Copilot): the gitCoAuthor.commit description claimed the toggle only controlled the Co-authored-by trailer, but attachCommitAttribution also gates the per-file git-notes payload on the same flag. Update both the schema description and the settings.md table to mention both effects so disabling the option isn't a silent surprise. --- docs/users/configuration/settings.md | 22 +++++------ packages/cli/src/config/settingsSchema.ts | 2 +- .../src/services/attributionTrailer.test.ts | 2 + .../core/src/services/attributionTrailer.ts | 6 +-- .../src/services/chatRecordingService.test.ts | 39 +++++++++++++++++++ .../core/src/services/chatRecordingService.ts | 21 ++++++++++ .../core/src/services/commitAttribution.ts | 26 ++++++++++++- 7 files changed, 101 insertions(+), 17 deletions(-) diff --git a/docs/users/configuration/settings.md b/docs/users/configuration/settings.md index 1d6ccc984d7..1cb700874db 100644 --- a/docs/users/configuration/settings.md +++ b/docs/users/configuration/settings.md @@ -83,17 +83,17 @@ Settings are organized into categories. Most settings should be placed within th #### general -| Setting | Type | Description | Default | -| ------------------------------------------ | ------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------- | -| `general.preferredEditor` | string | The preferred editor to open files in. | `undefined` | -| `general.vimMode` | boolean | Enable Vim keybindings. | `false` | -| `general.enableAutoUpdate` | boolean | Enable automatic update checks and installations on startup. | `true` | -| `general.showSessionRecap` | boolean | Auto-show a one-line "where you left off" recap when returning to the terminal after being away. Off by default. Use `/recap` to trigger manually regardless of this setting. | `false` | -| `general.sessionRecapAwayThresholdMinutes` | number | Minutes the terminal must be blurred before an auto-recap fires on focus-in. Only used when `showSessionRecap` is enabled. | `5` | -| `general.gitCoAuthor.commit` | boolean | Automatically add a Co-authored-by trailer to git commit messages when commits are made through Qwen Code. | `true` | -| `general.gitCoAuthor.pr` | boolean | Append a Qwen Code attribution line to pull request descriptions when running `gh pr create`. | `true` | -| `general.checkpointing.enabled` | boolean | Enable session checkpointing for recovery. | `false` | -| `general.defaultFileEncoding` | string | Default encoding for new files. Use `"utf-8"` (default) for UTF-8 without BOM, or `"utf-8-bom"` for UTF-8 with BOM. Only change this if your project specifically requires BOM. | `"utf-8"` | +| Setting | Type | Description | Default | +| ------------------------------------------ | ------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------- | +| `general.preferredEditor` | string | The preferred editor to open files in. | `undefined` | +| `general.vimMode` | boolean | Enable Vim keybindings. | `false` | +| `general.enableAutoUpdate` | boolean | Enable automatic update checks and installations on startup. | `true` | +| `general.showSessionRecap` | boolean | Auto-show a one-line "where you left off" recap when returning to the terminal after being away. Off by default. Use `/recap` to trigger manually regardless of this setting. | `false` | +| `general.sessionRecapAwayThresholdMinutes` | number | Minutes the terminal must be blurred before an auto-recap fires on focus-in. Only used when `showSessionRecap` is enabled. | `5` | +| `general.gitCoAuthor.commit` | boolean | Add a Co-authored-by trailer to git commit messages AND attach a per-file AI-attribution git note (`refs/notes/ai-attribution`) for commits made through Qwen Code. Disabling skips both. | `true` | +| `general.gitCoAuthor.pr` | boolean | Append a Qwen Code attribution line to pull request descriptions when running `gh pr create`. | `true` | +| `general.checkpointing.enabled` | boolean | Enable session checkpointing for recovery. | `false` | +| `general.defaultFileEncoding` | string | Default encoding for new files. Use `"utf-8"` (default) for UTF-8 without BOM, or `"utf-8-bom"` for UTF-8 with BOM. Only change this if your project specifically requires BOM. | `"utf-8"` | #### output diff --git a/packages/cli/src/config/settingsSchema.ts b/packages/cli/src/config/settingsSchema.ts index 9cc08c88453..f7c1cbe4006 100644 --- a/packages/cli/src/config/settingsSchema.ts +++ b/packages/cli/src/config/settingsSchema.ts @@ -395,7 +395,7 @@ const SETTINGS_SCHEMA = { requiresRestart: false, default: true, description: - 'Automatically add a Co-authored-by trailer to git commit messages when commits are made through Qwen Code.', + 'Add a Co-authored-by trailer to git commit messages AND attach a per-file AI-attribution git note (`refs/notes/ai-attribution`) for commits made through Qwen Code. Disabling skips both.', showInDialog: true, }, pr: { diff --git a/packages/core/src/services/attributionTrailer.test.ts b/packages/core/src/services/attributionTrailer.test.ts index 83ac8362229..64dfafb36cb 100644 --- a/packages/core/src/services/attributionTrailer.test.ts +++ b/packages/core/src/services/attributionTrailer.test.ts @@ -28,6 +28,7 @@ const sampleNote: CommitAttributionNote = { }, surfaceBreakdown: { cli: { aiChars: 150, percent: 38 } }, excludedGenerated: ['package-lock.json'], + excludedGeneratedCount: 1, promptCount: 3, }; @@ -68,6 +69,7 @@ describe('attributionTrailer', () => { ...sampleNote, files: {}, excludedGenerated: [], + excludedGeneratedCount: 0, }; for (let i = 0; i < 2000; i++) { hugeNote.files[ diff --git a/packages/core/src/services/attributionTrailer.ts b/packages/core/src/services/attributionTrailer.ts index a242f4e3522..a600c3a182e 100644 --- a/packages/core/src/services/attributionTrailer.ts +++ b/packages/core/src/services/attributionTrailer.ts @@ -91,10 +91,8 @@ export function formatAttributionSummary(note: CommitAttributionNote): string { ); } - if (note.excludedGenerated.length > 0) { - lines.push( - ` Excluded generated: ${note.excludedGenerated.length} file(s)`, - ); + if (note.excludedGeneratedCount > 0) { + lines.push(` Excluded generated: ${note.excludedGeneratedCount} file(s)`); } return lines.join('\n'); diff --git a/packages/core/src/services/chatRecordingService.test.ts b/packages/core/src/services/chatRecordingService.test.ts index 15173c32bc9..c48a0668a21 100644 --- a/packages/core/src/services/chatRecordingService.test.ts +++ b/packages/core/src/services/chatRecordingService.test.ts @@ -429,6 +429,45 @@ describe('ChatRecordingService', () => { }); }); + describe('recordAttributionSnapshot', () => { + const baseSnapshot = { + type: 'attribution-snapshot' as const, + version: 1, + surface: 'cli', + fileStates: {}, + baselines: {}, + promptCount: 0, + promptCountAtLastCommit: 0, + }; + + it('should write each distinct snapshot', async () => { + chatRecordingService.recordAttributionSnapshot(baseSnapshot); + chatRecordingService.recordAttributionSnapshot({ + ...baseSnapshot, + promptCount: 1, + }); + chatRecordingService.recordAttributionSnapshot({ + ...baseSnapshot, + promptCount: 2, + }); + await chatRecordingService.flush(); + expect(jsonl.writeLine).toHaveBeenCalledTimes(3); + }); + + // Sessions that touch many files emit a non-retry turn snapshot + // every prompt cycle. Without dedup, repeated identical snapshots + // (no edits, no prompt-counter change) would re-serialize the entire + // attribution state into the JSONL on every turn, inflating session + // size and slowing /resume. + it('should skip a snapshot identical to the previous write', async () => { + chatRecordingService.recordAttributionSnapshot(baseSnapshot); + chatRecordingService.recordAttributionSnapshot(baseSnapshot); + chatRecordingService.recordAttributionSnapshot(baseSnapshot); + await chatRecordingService.flush(); + expect(jsonl.writeLine).toHaveBeenCalledTimes(1); + }); + }); + // Note: Session management tests (listSessions, loadSession, deleteSession, etc.) // have been moved to sessionService.test.ts // Session resume integration tests should test via SessionService mock diff --git a/packages/core/src/services/chatRecordingService.ts b/packages/core/src/services/chatRecordingService.ts index 7e76e36aa86..04c136d8ce0 100644 --- a/packages/core/src/services/chatRecordingService.ts +++ b/packages/core/src/services/chatRecordingService.ts @@ -351,6 +351,16 @@ export class ChatRecordingService { */ private autoTitleController: AbortController | undefined; + /** + * JSON-serialized form of the most recent attribution snapshot we + * wrote, used to deduplicate identical writes on every non-retry + * turn. Without this, sessions that touch many files would write a + * full duplicate of the entire snapshot to the JSONL on every turn, + * inflating the on-disk session and making `/resume` slower to + * hydrate. + */ + private lastAttributionSnapshotJson: string | undefined; + constructor(config: Config) { this.config = config; this.lastRecordUuid = @@ -969,9 +979,19 @@ export class ChatRecordingService { * Records an attribution state snapshot for session persistence. * Called at the start of every non-retry turn so that a resumed session * sees the most recent state including edits made during the prior turn. + * + * Deduplicates identical successive writes: if the snapshot's JSON + * form is byte-identical to the last one we wrote, skip the append. + * Without this, sessions that touch many files would write a full + * duplicate of the entire snapshot to the JSONL on every turn, even + * when nothing changed — inflating session size and slowing /resume. */ recordAttributionSnapshot(snapshot: AttributionSnapshot): void { try { + const json = JSON.stringify(snapshot); + if (json === this.lastAttributionSnapshotJson) { + return; + } const record: ChatRecord = { ...this.createBaseRecord('system'), type: 'system', @@ -980,6 +1000,7 @@ export class ChatRecordingService { }; this.appendRecord(record); + this.lastAttributionSnapshotJson = json; } catch (error) { debugLogger.error('Error saving attribution snapshot:', error); } diff --git a/packages/core/src/services/commitAttribution.ts b/packages/core/src/services/commitAttribution.ts index 7af5ee7dc25..1a10702c15c 100644 --- a/packages/core/src/services/commitAttribution.ts +++ b/packages/core/src/services/commitAttribution.ts @@ -83,10 +83,27 @@ export interface CommitAttributionNote { surfaces: string[]; }; surfaceBreakdown: Record; + /** + * Sample of generated/vendored files that were excluded from + * attribution. Capped at `MAX_EXCLUDED_GENERATED_SAMPLE` paths so a + * commit churning thousands of `dist/` artifacts can't blow past the + * 30 KB note budget and silently drop attribution for the real + * source files in the same commit. Use `excludedGeneratedCount` for + * the true total. + */ excludedGenerated: string[]; + /** Total count of excluded files (≥ excludedGenerated.length). */ + excludedGeneratedCount: number; promptCount: number; } +/** + * Upper bound on the number of excluded-generated paths we serialize + * into the git note. Keeps the JSON payload bounded for commits with + * lots of generated artifacts. + */ +export const MAX_EXCLUDED_GENERATED_SAMPLE = 50; + /** Result of running git commands to get staged file info. */ export interface StagedFileInfo { files: string[]; @@ -439,6 +456,7 @@ export class CommitAttributionService { const files: Record = {}; const excludedGenerated: string[] = []; + let excludedGeneratedCount = 0; const surfaceCounts: Record = {}; let totalAiChars = 0; let totalHumanChars = 0; @@ -463,7 +481,12 @@ export class CommitAttributionService { for (const relFile of stagedInfo.files) { if (isGeneratedFile(relFile)) { - excludedGenerated.push(relFile); + excludedGeneratedCount++; + // Cap the sample so a commit churning thousands of `dist/` + // artifacts can't blow past the 30 KB note budget. + if (excludedGenerated.length < MAX_EXCLUDED_GENERATED_SAMPLE) { + excludedGenerated.push(relFile); + } continue; } @@ -535,6 +558,7 @@ export class CommitAttributionService { }, surfaceBreakdown, excludedGenerated, + excludedGeneratedCount, promptCount: this.getPromptsSinceLastCommit(), }; } From e4bb0181adbacb95dbd9479bc9370b9a0bf3d594 Mon Sep 17 00:00:00 2001 From: wenshao Date: Wed, 6 May 2026 01:04:57 +0800 Subject: [PATCH 35/64] fix(attribution): depth-1 shallow detection, snapshot dedup post-rewind/post-failure MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit sfGz (Copilot): rev-list --count HEAD === 1 cannot distinguish a true root commit from a depth-1 shallow clone — both report 1 because rev-list only walks locally available objects. Switch to git log -1 --pretty=%P HEAD which reads the parent SHA directly from commit metadata: empty means a real root, non-empty means a parent is recorded (whether or not its object is local). The shallow-clone bail is now reliable. sfIm (Copilot): the dedup key persisted across rewindRecording, so the previous snapshot living on the now-abandoned branch would match the next post-rewind snapshot and silently skip the write, leaving /resume on the rewound session with no attribution state. Reset lastAttributionSnapshotJson when rewindRecording fires. sfJE (Copilot): dedup key was committed before the async write settled. A transient write failure would update the key, then permanently suppress all future identical snapshots even though nothing was ever persisted. Switch to optimistic-set then rollback on appendRecord rejection — synchronous identical calls dedup cleanly, but a failed write clears the key so the next identical snapshot retries. appendRecord now returns the per-record write promise (writeChain still has its swallow-catch for chain liveness) so callers needing per-write success can react to it. Tests added in chatRecordingService.test.ts for both rewind-reset and rollback-on-failure paths. --- .../src/services/chatRecordingService.test.ts | 39 ++++++++++++++++++ .../core/src/services/chatRecordingService.ts | 40 +++++++++++++++---- packages/core/src/tools/shell.ts | 37 +++++++++-------- 3 files changed, 93 insertions(+), 23 deletions(-) diff --git a/packages/core/src/services/chatRecordingService.test.ts b/packages/core/src/services/chatRecordingService.test.ts index c48a0668a21..0d5bb7ef164 100644 --- a/packages/core/src/services/chatRecordingService.test.ts +++ b/packages/core/src/services/chatRecordingService.test.ts @@ -466,6 +466,45 @@ describe('ChatRecordingService', () => { await chatRecordingService.flush(); expect(jsonl.writeLine).toHaveBeenCalledTimes(1); }); + + // After rewindRecording, the previous attribution snapshot lives on + // the abandoned branch, so the dedup key has to clear — otherwise + // the post-rewind identical snapshot would be silently skipped and + // /resume on the rewound session would lose all attribution state. + it('should re-write an identical snapshot after rewindRecording', async () => { + chatRecordingService.recordUserMessage([{ text: 'turn 1' }]); + chatRecordingService.recordAttributionSnapshot(baseSnapshot); + await chatRecordingService.flush(); + const beforeRewind = vi.mocked(jsonl.writeLine).mock.calls.length; + + chatRecordingService.rewindRecording(0, { truncatedCount: 0 }); + // Same snapshot bytes — without the rewind reset this would dedup. + chatRecordingService.recordAttributionSnapshot(baseSnapshot); + await chatRecordingService.flush(); + // 1 rewind record + 1 fresh snapshot = 2 more writes after rewind. + expect(vi.mocked(jsonl.writeLine).mock.calls.length).toBe( + beforeRewind + 2, + ); + }); + + // A transient write failure must NOT permanently suppress future + // identical snapshots: if the dedup key were committed before the + // write, the next identical snapshot would dedup and the session + // would have no attribution snapshot at all. + it('should retry an identical snapshot after a write failure', async () => { + vi.mocked(jsonl.writeLine).mockRejectedValueOnce(new Error('disk full')); + chatRecordingService.recordAttributionSnapshot(baseSnapshot); + // Wait for the queued (failing) write to settle so the rollback runs. + await chatRecordingService.flush(); + const afterFailure = vi.mocked(jsonl.writeLine).mock.calls.length; + + chatRecordingService.recordAttributionSnapshot(baseSnapshot); + await chatRecordingService.flush(); + // Retry should fire, so we get a new write call. + expect(vi.mocked(jsonl.writeLine).mock.calls.length).toBe( + afterFailure + 1, + ); + }); }); // Note: Session management tests (listSessions, loadSession, deleteSession, etc.) diff --git a/packages/core/src/services/chatRecordingService.ts b/packages/core/src/services/chatRecordingService.ts index 04c136d8ce0..dd6718ed21c 100644 --- a/packages/core/src/services/chatRecordingService.ts +++ b/packages/core/src/services/chatRecordingService.ts @@ -507,7 +507,14 @@ export class ChatRecordingService { * local-disk writes failures are rare enough to accept the fire-and-forget * simplification. */ - private appendRecord(record: ChatRecord): void { + /** + * Returns a promise that resolves after the queued write succeeds and + * rejects (without logging) if it fails. The internal `writeChain` is + * advanced with a swallowing catch so the chain stays alive across + * failures; callers that need to react to per-record success can await + * the returned promise. + */ + private appendRecord(record: ChatRecord): Promise { let conversationFile: string; try { conversationFile = this.ensureConversationFile(); @@ -516,12 +523,13 @@ export class ChatRecordingService { throw error; } this.lastRecordUuid = record.uuid; - this.writeChain = this.writeChain + const writePromise = this.writeChain .catch(() => {}) - .then(() => jsonl.writeLine(conversationFile, record)) - .catch((err) => { - debugLogger.error('Error appending record (async):', err); - }); + .then(() => jsonl.writeLine(conversationFile, record)); + this.writeChain = writePromise.catch((err) => { + debugLogger.error('Error appending record (async):', err); + }); + return writePromise; } /** @@ -836,6 +844,12 @@ export class ChatRecordingService { this.lastRecordUuid = this.turnParentUuids[targetTurnIndex] ?? null; // Trim future boundaries — they no longer exist in the active branch. this.turnParentUuids = this.turnParentUuids.slice(0, targetTurnIndex); + // The previous attribution snapshot now sits on the abandoned + // branch — clear the dedup key so the next snapshot lands on the + // active branch and `/resume` can find it. Without this, a + // post-rewind identical snapshot would be skipped and the rewound + // session would lose all attribution state on restore. + this.lastAttributionSnapshotJson = undefined; const record: ChatRecord = { ...this.createBaseRecord('system'), @@ -985,6 +999,12 @@ export class ChatRecordingService { * Without this, sessions that touch many files would write a full * duplicate of the entire snapshot to the JSONL on every turn, even * when nothing changed — inflating session size and slowing /resume. + * + * Set the dedup key optimistically and roll it back if the write + * fails. Synchronous identical calls (common during a tool-driven + * turn) all dedup correctly, but a transient write failure clears + * the key so the next identical snapshot retries the write rather + * than being permanently suppressed. */ recordAttributionSnapshot(snapshot: AttributionSnapshot): void { try { @@ -999,8 +1019,14 @@ export class ChatRecordingService { systemPayload: { snapshot }, }; - this.appendRecord(record); this.lastAttributionSnapshotJson = json; + this.appendRecord(record).catch(() => { + // Write failed — only roll back if the key still belongs to + // our snapshot (a later distinct write may have overwritten it). + if (this.lastAttributionSnapshotJson === json) { + this.lastAttributionSnapshotJson = undefined; + } + }); } catch (error) { debugLogger.error('Error saving attribution snapshot:', error); } diff --git a/packages/core/src/tools/shell.ts b/packages/core/src/tools/shell.ts index d7ce4f524d7..6aa04e78298 100644 --- a/packages/core/src/tools/shell.ts +++ b/packages/core/src/tools/shell.ts @@ -2035,30 +2035,35 @@ export class ShellToolInvocation extends BaseToolInvocation< }; try { - // The four `rev-parse`-shaped calls are independent — fan out so - // we don't pay the spawn latency serially. Same for the three - // diff calls below once we know which form to use. + // The three calls are independent — fan out so we don't pay the + // spawn latency serially. Same for the three diff calls below + // once we know which form to use. // - `rev-parse --verify HEAD~1`: probe whether the parent OBJECT // is locally available (fails in shallow clones where the // parent was pruned). - // - `rev-list --count HEAD`: total commits reachable. `=== 1` - // means HEAD truly is the root commit (no parent SHA recorded - // on HEAD), where `diff-tree --root` is correct. `> 1` means - // HEAD has a parent recorded — if --verify also failed, this - // is a shallow clone and we must NOT fall back to --root - // (which would diff against the empty tree and over-attribute). - const [hasParentOutput, commitCountOutput, repoRootOutput] = + // - `log -1 --pretty=%P HEAD`: read the parent SHA from HEAD's + // commit metadata. Works regardless of shallow status because + // the parent SHA is recorded on the commit itself, not derived + // by walking. Empty output = HEAD is a true root commit. + // Non-empty output = HEAD has a parent (whether or not its + // object is locally available). + // - `rev-parse --show-toplevel`: capture the repo root. + // + // `rev-list --count HEAD` looks tempting as a "is this a root + // commit?" probe but it returns 1 in a depth-1 shallow clone + // (only the local object is reachable), aliasing the shallow + // and root cases. The parent-SHA approach disambiguates them + // correctly. + const [hasParentOutput, parentShaOutput, repoRootOutput] = await Promise.all([ runGit('rev-parse --verify HEAD~1'), - runGit('rev-list --count HEAD'), + runGit('log -1 --pretty=%P HEAD'), runGit('rev-parse --show-toplevel'), ]); const hasParent = hasParentOutput.length > 0; - const totalCommits = parseInt(commitCountOutput.trim(), 10); - const isTrueRootCommit = - Number.isFinite(totalCommits) && totalCommits === 1; - // Shallow clone: HEAD has a parent but the object isn't local. - // Bail rather than over-attribute via --root. + const isTrueRootCommit = parentShaOutput.trim().length === 0; + // Shallow clone: HEAD has a parent recorded but the object + // isn't local. Bail rather than over-attribute via --root. if (!hasParent && !isTrueRootCommit) { debugLogger.warn( 'getCommittedFileInfo: HEAD~1 unreadable but commit is not the ' + From 296fb55aeff3a3e15910c9d4152cbe468117edb2 Mon Sep 17 00:00:00 2001 From: wenshao Date: Wed, 6 May 2026 01:20:13 +0800 Subject: [PATCH 36/64] fix(attribution): preHead race, regex apostrophe-escape, surface failures, dead code MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit t2G0 (deepseek-v4-pro): addCoAuthorToGitCommit single-quote regex now matches the bash close-escape-reopen apostrophe form using ((?:[^']|'\\'')*) — the same pattern bodySinglePattern uses for gh pr create. Input like git commit -m 'don'\''t' was previously silently un-rewritten because the negative lookahead bailed; the trailer now lands at the FINAL closing quote. Test updated. tMBP (gpt-5.5): preHead capture switched from concurrent async getGitHead to a synchronous getGitHeadSync (execFileSync) BEFORE ShellExecutionService.execute spawns the user's command. A fast hot-cached git commit could move HEAD before the async rev-parse resolved, leaving preHead === postHead and silently skipping the attribution note. Trade ~10–50 ms event-loop block per commit-shaped command for correctness of the post-command HEAD comparison. t2Gv (deepseek-v4-pro): attribution write failures (note exec non-zero, payload too large, diff-analysis exception, shallow clone / amend-without-reflog) are now surfaced on the shell tool's returnDisplay AND llmContent so the user and agent both see when their commit succeeded but the per-file git note didn't land. attachCommitAttribution now returns string | null (warning text or null for intentional skips like no-tracked-edits). Co-authored-by trailer is unaffected — only the note is gated by these failures. t2Gy (deepseek-v4-pro): committedAbsolutePaths now matches against the canonical keys already stored in fileAttributions (matchCommittedFiles iterates by relative path against the canonical repo root) instead of re-resolving each diff path on the fly. realpathSync(resolved) failed for deleted files and didn't follow intermediate symlinks, leaving stale per-file attribution alive past commit and inflating AI percentages on subsequent commits. t2HI (deepseek-v4-pro): removed dead sessionBaselines / FileBaseline / contentHash / computeContentHash infrastructure (~40 lines). The fields were written, persisted, and restored but never read for any computation or decision. AttributionSnapshot schema stays at version 1 — restore tolerates pre-fix snapshots that carried the now-ignored baselines field. t2HM (deepseek-v4-pro): extracted the duplicated lastMatch helper in addCoAuthorToGitCommit and addAttributionToPR into a single module-level lastMatchOf so future fixes can't be applied to only one copy. --- .../src/services/commitAttribution.test.ts | 3 - .../core/src/services/commitAttribution.ts | 87 ++++---- packages/core/src/tools/shell.test.ts | 20 +- packages/core/src/tools/shell.ts | 198 ++++++++++++------ 4 files changed, 181 insertions(+), 127 deletions(-) diff --git a/packages/core/src/services/commitAttribution.test.ts b/packages/core/src/services/commitAttribution.test.ts index aadb559fe63..05db79c08f0 100644 --- a/packages/core/src/services/commitAttribution.test.ts +++ b/packages/core/src/services/commitAttribution.test.ts @@ -88,7 +88,6 @@ describe('CommitAttributionService', () => { const attr = service.getFileAttribution('/project/src/file.ts'); expect(attr!.aiCreated).toBe(true); expect(attr!.aiContribution).toBe(11); - expect(attr!.contentHash).toBeTruthy(); }); it('should NOT treat empty existing file as new file creation', () => { @@ -368,10 +367,8 @@ describe('CommitAttributionService', () => { '/var/repo/src/legacy.ts': { aiContribution: 99, aiCreated: false, - contentHash: 'abc', }, }, - baselines: {}, promptCount: 0, promptCountAtLastCommit: 0, }); diff --git a/packages/core/src/services/commitAttribution.ts b/packages/core/src/services/commitAttribution.ts index 1a10702c15c..7f98ab54d7d 100644 --- a/packages/core/src/services/commitAttribution.ts +++ b/packages/core/src/services/commitAttribution.ts @@ -11,17 +11,15 @@ * When a git commit is made, this data is combined with git diff analysis to * calculate real AI vs human contribution percentages, stored as git notes. * - * Features aligned with Claude Code's attribution system: + * Features: * - Character-level prefix/suffix diff algorithm * - Real AI/human contribution ratio via git diff * - Surface tracking (cli/ide/api/sdk) - * - Prompt & permission prompt counting - * - Session baseline (content hash) for precise human edit detection + * - Prompt counting (since-last-commit window) * - Snapshot/restore for session persistence * - Generated file exclusion */ -import { createHash } from 'node:crypto'; import * as fs from 'node:fs'; import * as path from 'node:path'; import { isGeneratedFile } from './generatedFiles.js'; @@ -52,14 +50,6 @@ export interface FileAttribution { aiContribution: number; /** Whether the file was created by AI */ aiCreated: boolean; - /** SHA-256 hash of the file content after AI's last edit */ - contentHash: string; -} - -/** Session baseline: snapshot of file state at session start or first AI touch */ -export interface FileBaseline { - contentHash: string; - mtime: number; } /** Per-file attribution detail in the git notes payload. */ @@ -136,7 +126,6 @@ export interface AttributionSnapshot { version?: number; surface: string; fileStates: Record; - baselines: Record; promptCount: number; promptCountAtLastCommit: number; } @@ -168,10 +157,6 @@ function sanitizeModelName(name: string): string { // Utilities // --------------------------------------------------------------------------- -export function computeContentHash(content: string): string { - return createHash('sha256').update(content).digest('hex'); -} - /** * Defensive coercions for restoring snapshot fields. A snapshot can * arrive with `undefined` / wrong-type fields if the on-disk JSON was @@ -188,15 +173,6 @@ function sanitiseAttribution(v: unknown): FileAttribution { return { aiContribution: sanitiseCount(obj.aiContribution), aiCreated: typeof obj.aiCreated === 'boolean' ? obj.aiCreated : false, - contentHash: typeof obj.contentHash === 'string' ? obj.contentHash : '', - }; -} - -function sanitiseBaseline(v: unknown): FileBaseline { - const obj = (v ?? {}) as Partial; - return { - contentHash: typeof obj.contentHash === 'string' ? obj.contentHash : '', - mtime: sanitiseCount(obj.mtime), }; } @@ -219,8 +195,6 @@ export class CommitAttributionService { /** Per-file AI contribution tracking (keyed by absolute path) */ private fileAttributions: Map = new Map(); - /** Baselines recorded when AI first touches a file */ - private sessionBaselines: Map = new Map(); /** Client surface (cli, ide, api, sdk, etc.) */ private surface: string = getClientSurface(); @@ -249,7 +223,6 @@ export class CommitAttributionService { /** * Record an AI edit to a file. * Uses prefix/suffix matching for precise character-level contribution. - * On first edit of a file, saves a session baseline of the old content. * * `filePath` is canonicalised via `fs.realpathSync` before being used * as a key, so symlinked paths (e.g. `/var/...` ↔ `/private/var/...` @@ -266,22 +239,12 @@ export class CommitAttributionService { const existing = this.fileAttributions.get(key) || { aiContribution: 0, aiCreated: false, - contentHash: '', }; - // Save baseline on first AI touch (before AI modifies it) - if (!this.sessionBaselines.has(key) && oldContent !== null) { - this.sessionBaselines.set(key, { - contentHash: computeContentHash(oldContent), - mtime: Date.now(), - }); - } - const isNewFile = oldContent === null; const contribution = computeCharContribution(oldContent ?? '', newContent); existing.aiContribution += contribution; - existing.contentHash = computeContentHash(newContent); if (isNewFile && !existing.aiCreated) { existing.aiCreated = true; } @@ -343,7 +306,6 @@ export class CommitAttributionService { this.promptCountAtLastCommit = this.promptCount; } this.fileAttributions.clear(); - this.sessionBaselines.clear(); } /** @@ -364,10 +326,43 @@ export class CommitAttributionService { this.promptCountAtLastCommit = this.promptCount; for (const p of committedAbsolutePaths) { this.fileAttributions.delete(p); - this.sessionBaselines.delete(p); } } + /** + * Resolve a set of repo-relative file paths to the canonical absolute + * keys actually stored in the attribution map. Used by cleanup to + * partial-clear only the files that just landed in a commit. + * + * Matching by walking `fileAttributions` (instead of resolving each + * relative path with `path.resolve` + `fs.realpathSync`) is the only + * approach that handles all of: deleted files (where realpathSync + * throws), intermediate-symlink directories (where path.resolve only + * canonicalises the base), and renamed files (where the diff-time + * relative path differs from the recordEdit-time absolute path — + * still no match here, that's a rename-tracking concern handled + * separately). Each tracked key is canonical (recordEdit ran it + * through `realpathOrSelf`), so its computed relative form against + * the canonical repo root is what generateNotePayload uses too. + */ + matchCommittedFiles( + relativeFiles: Iterable, + canonicalRepoRoot: string, + ): Set { + const wanted = new Set(relativeFiles); + const matched = new Set(); + for (const key of this.fileAttributions.keys()) { + const rel = path + .relative(canonicalRepoRoot, key) + .split(path.sep) + .join('/'); + if (wanted.has(rel)) { + matched.add(key); + } + } + return matched; + } + // ----------------------------------------------------------------------- // Snapshot / restore (session persistence) // ----------------------------------------------------------------------- @@ -378,16 +373,11 @@ export class CommitAttributionService { for (const [k, v] of this.fileAttributions) { fileStates[k] = { ...v }; } - const baselines: Record = {}; - for (const [k, v] of this.sessionBaselines) { - baselines[k] = { ...v }; - } return { type: 'attribution-snapshot', version: ATTRIBUTION_SNAPSHOT_VERSION, surface: this.surface, fileStates, - baselines, promptCount: this.promptCount, promptCountAtLastCommit: this.promptCountAtLastCommit, }; @@ -404,7 +394,6 @@ export class CommitAttributionService { // changed semantics. Reset to a fresh state rather than // splice incompatible data. this.fileAttributions.clear(); - this.sessionBaselines.clear(); this.surface = getClientSurface(); this.promptCount = 0; this.promptCountAtLastCommit = 0; @@ -431,10 +420,6 @@ export class CommitAttributionService { // forms. this.fileAttributions.set(realpathOrSelf(k), sanitiseAttribution(v)); } - this.sessionBaselines.clear(); - for (const [k, v] of Object.entries(snapshot.baselines ?? {})) { - this.sessionBaselines.set(realpathOrSelf(k), sanitiseBaseline(v)); - } } // ----------------------------------------------------------------------- diff --git a/packages/core/src/tools/shell.test.ts b/packages/core/src/tools/shell.test.ts index 10a426b2ea0..b64587dc221 100644 --- a/packages/core/src/tools/shell.test.ts +++ b/packages/core/src/tools/shell.test.ts @@ -2200,10 +2200,12 @@ describe('ShellTool', () => { ); }); - // Bash's apostrophe-via-`'\''` form needs to be left alone — a - // naive single-quote rewrite would mid-insert the trailer and - // break the command's quoting. - it("should leave -m 'don'\\''t' (apostrophe-escape form) unrewritten", async () => { + // Bash's apostrophe-via-`'\''` form (close-escape-reopen) is a + // single logical body. The trailer must land at the FINAL + // closing `'` — not in the middle of the escape — so the regex + // body group has to recognise the escape sequence as a whole. + // Mirrors the bodySinglePattern in addAttributionToPR. + it("should append trailer after the final ' in -m 'don'\\''t' apostrophe-escape", async () => { const command = "git commit -m 'don'\\''t'"; const invocation = shellTool.build({ command, is_background: false }); const promise = invocation.execute(mockAbortSignal); @@ -2222,10 +2224,12 @@ describe('ShellTool', () => { await promise; const observed = mockShellExecutionService.mock.calls[0][0]; - // The original command must be passed through unchanged. - expect(observed).toContain("'don'\\''t'"); - // No trailer was injected mid-quote. - expect(observed).not.toContain('Co-authored-by:'); + // The full apostrophe-escape body survives intact and the + // trailer lands AFTER it (before the closing `'`), not in the + // middle of `'\''`. + expect(observed).toMatch( + /git commit -m 'don'\\''t[\s\S]*Co-authored-by:[^']*'/, + ); }); it('should add co-author to git commit with multi-line message', async () => { diff --git a/packages/core/src/tools/shell.ts b/packages/core/src/tools/shell.ts index 6aa04e78298..53abfb3b647 100644 --- a/packages/core/src/tools/shell.ts +++ b/packages/core/src/tools/shell.ts @@ -88,6 +88,21 @@ function escapeForBashSingleQuote(s: string): string { return s.replace(/'/g, "'\\''"); } +/** + * Return the LAST match from a RegExp.matchAll iterator, or `null` if + * the iterator is empty. Used to find the final `-m` / `--body` flag + * in a command segment: git/gh both honour the LAST occurrence when + * multiple are passed, so the trailer has to land in that match to be + * picked up by the actual commit / PR body. + */ +function lastMatchOf( + matches: IterableIterator, +): T | null { + let result: T | null = null; + for (const m of matches) result = m; + return result; +} + /** * Tokenise a single shell-command segment via `shell-quote`. Returns * the parsed string tokens with leading env-var assignments and a @@ -1148,11 +1163,12 @@ export class ShellToolInvocation extends BaseToolInvocation< // commit creation by HEAD movement instead of trusting the shell // exit code (which is unreliable for compound commands). // - // The lookup is started concurrently so we don't block - // ShellExecutionService — `git rev-parse HEAD` is a few fs reads - // (low ms) while a real `git commit` involves staging, hooks, and - // object writes (50ms+), so in practice the snapshot resolves - // well before the user's command can move HEAD. + // Synchronous capture via `execFileSync`: a fire-and-forget async + // rev-parse can resolve AFTER a fast-cached `git commit` moves + // HEAD (real race seen on slow filesystems / heavy contention), + // leaving preHead === postHead and silently skipping the + // attribution note. ~10–50ms event-loop block per commit-shaped + // command, only when `commitCtx.hasCommit` is true. // // We act on `gitCommitContext` rather than a raw regex so quoted // text like `echo "git commit"` doesn't trigger snapshot/notes, @@ -1165,9 +1181,9 @@ export class ShellToolInvocation extends BaseToolInvocation< // Without this, `cd subdir && git commit` (a real same-repo // commit) would skip attribution AND fail to clear pending // attributions, leaking them into the next foreground commit. - const preHeadPromise: Promise = commitCtx.hasCommit - ? this.getGitHead(cwd) - : Promise.resolve(null); + const preHead: string | null = commitCtx.hasCommit + ? this.getGitHeadSync(cwd) + : null; let cumulativeOutput: string | AnsiOutput = ''; let lastUpdateTime = Date.now(); @@ -1313,15 +1329,19 @@ export class ShellToolInvocation extends BaseToolInvocation< // while the stale per-file attribution stays around for a later // unrelated commit. attachCommitAttribution already gates on HEAD // movement, so it's a no-op when no commit was actually created. + let attributionWarning: string | null = null; if (commitCtx.attributableInCwd) { - const preHead = await preHeadPromise; // `git commit --amend` rewrites HEAD in place, so the diff // `HEAD~1..HEAD` would span the entire amended commit (parent → // amended), not just what this amend changed. Detect the flag // so getCommittedFileInfo can switch to `HEAD@{1}..HEAD` and // attribute only the actual amend delta. const isAmend = isAmendCommit(strippedCommand); - await this.attachCommitAttribution(cwd, preHead, isAmend); + attributionWarning = await this.attachCommitAttribution( + cwd, + preHead, + isAmend, + ); } // Intentionally NO `else if (commitCtx.hasCommit)` cleanup branch: // commands that match `hasCommit` but not `attributableInCwd` @@ -1465,6 +1485,23 @@ export class ShellToolInvocation extends BaseToolInvocation< // someone adds a non-string return path. } + // Surface AI-attribution failures (note exec failure, payload too + // large, diff-analysis exception, shallow clone, etc.) on the tool + // result so the user knows their commit succeeded but the per-file + // git note didn't land. Without this, the only signal is a + // QWEN_DEBUG_LOG_FILE entry the user has likely never set up. + // Appended to BOTH llmContent (so the agent can react / report) and + // returnDisplayMessage (so the human sees it in the TUI). Skipped + // when null (intentional skips like a bare `git commit` with no + // tracked AI edits don't need user-visible feedback). + if (attributionWarning) { + if (typeof llmContent === 'string') { + llmContent += `\n\n${attributionWarning}`; + } + returnDisplayMessage += + (returnDisplayMessage ? '\n\n' : '') + attributionWarning; + } + // When `result.error` is set, `coreToolScheduler` builds the // model-facing functionResponse from `error.message`, NOT from // `llmContent` (see `convertToFunctionResponse` and the error @@ -1768,6 +1805,35 @@ export class ShellToolInvocation extends BaseToolInvocation< }); } + /** + * Synchronous companion to {@link getGitHead}. Captured BEFORE the + * user's shell command spawns so a fast `git commit` (hot-cached, + * no hooks) cannot move HEAD before our async rev-parse has a chance + * to read it — a real race seen on slow filesystems / heavy contention + * where preHead would otherwise resolve to the new SHA, postHead would + * match, and `attachCommitAttribution` would silently skip writing the + * attribution note even though the commit succeeded. + * + * Worst case is ~10–50 ms of event-loop block per commit-shaped shell + * command; acceptable trade for correctness of the post-command HEAD + * comparison. + */ + private getGitHeadSync(cwd: string): string | null { + try { + const stdout = childProcess.execFileSync('git', ['rev-parse', 'HEAD'], { + cwd, + timeout: 2000, + // Discard stderr noise (e.g. "fatal: not a git repository") — + // the catch-or-empty-output path already covers failure. + stdio: ['ignore', 'pipe', 'ignore'], + }); + const sha = String(stdout).trim(); + return sha.length > 0 ? sha : null; + } catch { + return null; + } + } + /** * After a successful git commit, attach per-file AI attribution metadata * as git notes. Analyzes staged files via `git diff` to calculate real @@ -1787,7 +1853,14 @@ export class ShellToolInvocation extends BaseToolInvocation< cwd: string, preHead: string | null, isAmend: boolean, - ): Promise { + ): Promise { + // Returns a one-line warning suitable for appending to the tool's + // returnDisplay when a write that the user could plausibly fix + // (note exec failure, payload too large, exception during diff + // analysis) drops the AI-attribution note. Returns null when the + // skip is intentional / inherent to the situation (no commit + // landed, multi-commit chain, attribution toggle off, no tracked + // edits) — those don't need user-visible feedback. // Caller (`execute`) gates this with `commitCtx.attributableInCwd`, // so we don't re-parse the command here. Re-parsing would be dead // work and a maintenance trap — if the two checks ever drifted, @@ -1809,7 +1882,7 @@ export class ShellToolInvocation extends BaseToolInvocation< // none of them were committed. Leave attributions intact instead: // a later successful commit will overwrite the counters and the // accumulated aiContribution still represents real AI work. - return; + return null; } // Refuse to attribute when a single shell command produced more @@ -1842,7 +1915,7 @@ export class ShellToolInvocation extends BaseToolInvocation< `${preHead ? preHead.slice(0, 12) : 'repo root'})`; debugLogger.warn(`Refusing AI attribution: ${reason}.`); attributionService.clearAttributions(true); - return; + return null; } // A new commit landed. Even when no per-file attribution was @@ -1852,7 +1925,7 @@ export class ShellToolInvocation extends BaseToolInvocation< // inflated N-shotted count spanning multiple commits. if (!attributionService.hasAttributions()) { attributionService.clearAttributions(true); - return; + return null; } const gitCoAuthorSettings = this.config.getGitCoAuthor(); @@ -1862,10 +1935,11 @@ export class ShellToolInvocation extends BaseToolInvocation< // starts a fresh window — otherwise the user would carry stale // counts forward forever. attributionService.clearAttributions(true); - return; + return null; } let committedAbsolutePaths: Set | null = null; + let warning: string | null = null; try { // Analyze the just-committed files by diffing HEAD against its parent. // The commit already happened, so we diff HEAD~1..HEAD instead of --cached. @@ -1878,7 +1952,11 @@ export class ShellToolInvocation extends BaseToolInvocation< // Skip the note write entirely — emitting a structurally valid // but factually wrong all-zero note is worse than no note. if (stagedInfo === null) { - return; // finally block still runs for cleanup + warning = + 'AI attribution note skipped: could not analyze the commit ' + + 'diff (shallow clone, missing reflog for --amend, or partial ' + + '`git diff` failure). Co-authored-by trailer is unaffected.'; + return warning; // finally still runs for cleanup } // Pass the actual model name (e.g. `qwen3-coder-plus`) rather than the @@ -1896,35 +1974,24 @@ export class ShellToolInvocation extends BaseToolInvocation< // but the user didn't `git add` should still be tracked for a // later commit. // - // Canonicalise via the repo root rather than each leaf: deleted - // files don't exist at this point so `fs.realpathSync` on the - // leaf would fail. Realpath the directory once (which still - // exists) and resolve repo-relative paths against the canonical - // root — the resulting absolute path matches the canonical key - // recordEdit stored even when the file has since been deleted. + // Match against the canonical keys already stored in + // `fileAttributions` (recordEdit canonicalises every component + // via realpathSync) rather than re-resolving each diff path on + // the fly. Re-resolving fails for deleted files (realpathSync + // throws on a missing leaf) and for files behind intermediate + // symlinked directories (path.resolve only canonicalises the + // base) — both cases produced cleanup keys that didn't match + // the stored canonical keys, leaking stale per-file attribution + // into subsequent commits. let canonicalBase: string; try { canonicalBase = fs.realpathSync(baseDir); } catch { canonicalBase = baseDir; } - committedAbsolutePaths = new Set( - stagedInfo.files.map((rel) => { - const resolved = path.resolve(canonicalBase, rel); - // recordEdit canonicalises *every* component via realpathSync, - // so a file that lives behind an intermediate symlink (e.g. - // `repo/symlinked-dir/file.ts` where `symlinked-dir` -> elsewhere) - // gets stored under the realpath of the leaf. canonicalising - // only the base wouldn't follow the inner symlink and the lookup - // miss would silently zero attribution + leak the entry past - // commit. Try realpath on the full resolved path and fall back - // to the unresolved form if the file no longer exists (deletion). - try { - return fs.realpathSync(resolved); - } catch { - return resolved; - } - }), + committedAbsolutePaths = attributionService.matchCommittedFiles( + stagedInfo.files, + canonicalBase, ); const note = attributionService.generateNotePayload( @@ -1938,7 +2005,11 @@ export class ShellToolInvocation extends BaseToolInvocation< debugLogger.warn( 'AI attribution note too large, skipping git notes attachment', ); - return; // finally block still runs for cleanup + warning = + 'AI attribution note skipped: payload exceeded the 30 KB ' + + 'size cap (large generated-file exclusion list?). ' + + 'Co-authored-by trailer is unaffected.'; + return warning; } // Use execFile with argv (rather than ShellExecutionService) so the @@ -1972,6 +2043,10 @@ export class ShellToolInvocation extends BaseToolInvocation< if (exitCode !== 0) { debugLogger.warn(`git notes exited with code ${exitCode}: ${output}`); + warning = + `AI attribution note skipped: \`git notes add\` exited ${exitCode}` + + (output ? ` (${output.trim().slice(0, 120)})` : '') + + '. Co-authored-by trailer is unaffected.'; } else { debugLogger.debug( `Attached AI attribution note: ${note.summary.aiPercent}% AI, ${note.summary.totalFilesTouched} file(s)`, @@ -1981,6 +2056,9 @@ export class ShellToolInvocation extends BaseToolInvocation< debugLogger.warn( `Failed to attach AI attribution note: ${getErrorMessage(err)}`, ); + warning = + `AI attribution note skipped: ${getErrorMessage(err)}. ` + + 'Co-authored-by trailer is unaffected.'; } finally { // Partial clear: only drop tracking for the files that actually // landed in this commit. Files the AI edited but the user @@ -1994,6 +2072,7 @@ export class ShellToolInvocation extends BaseToolInvocation< attributionService.clearAttributions(true); } } + return warning; } /** @@ -2226,28 +2305,23 @@ export class ShellToolInvocation extends BaseToolInvocation< ); // Bash single quotes can't be escaped, so apostrophes inside a // single-quoted message use the close-escape-reopen form `'\''` - // (e.g. `git commit -m 'don'\''t'`). The negative lookahead leaves - // those alone — rewriting them correctly needs a real shell parser - // and a wrong rewrite would mid-insert the trailer and break the - // command's quoting. + // (e.g. `git commit -m 'don'\''t'`). The inner alternation matches + // either a non-apostrophe character or that escape sequence as a + // whole, so the trailer lands at the true end of the body — at the + // FINAL closing `'` after the user's content — rather than after + // the first interior apostrophe. Mirrors `bodySinglePattern` in + // `addAttributionToPR`. const singleQuotePattern = new RegExp( - `(${FLAG_PREFIX})'([^']*)'(?!\\\\'')`, + `(${FLAG_PREFIX})'((?:[^']|'\\\\'')*)'`, 'g', ); const segment = command.slice(segmentRange.start, segmentRange.end); // Git concatenates multiple `-m` values with a blank line, so the // co-author trailer has to land in the *last* `-m` value to be // recognised by `git interpret-trailers`. matchAll → take the - // last match. - const lastMatch = ( - matches: IterableIterator, - ): T | null => { - let result: T | null = null; - for (const m of matches) result = m; - return result; - }; - const doubleMatch = lastMatch(segment.matchAll(doubleQuotePattern)); - const singleMatch = lastMatch(segment.matchAll(singleQuotePattern)); + // last match (`lastMatchOf` is the shared helper). + const doubleMatch = lastMatchOf(segment.matchAll(doubleQuotePattern)); + const singleMatch = lastMatchOf(segment.matchAll(singleQuotePattern)); // Pick whichever match appears LAST in the segment, regardless of // quote style — but reject any candidate that's nested inside the @@ -2401,16 +2475,10 @@ export class ShellToolInvocation extends BaseToolInvocation< // gh ignores all but the last `--body`/`-b` flag, so the trailer // has to land in the final occurrence to actually appear in the PR. // matchAll → take the last match for each quote style, then pick - // whichever sits later in the segment (mirrors addCoAuthorToGitCommit). - const lastMatch = ( - matches: IterableIterator, - ): T | null => { - let result: T | null = null; - for (const m of matches) result = m; - return result; - }; - const bodyDoubleMatch = lastMatch(segment.matchAll(bodyDoublePattern)); - const bodySingleMatch = lastMatch(segment.matchAll(bodySinglePattern)); + // whichever sits later in the segment (mirrors addCoAuthorToGitCommit; + // shares the `lastMatchOf` helper). + const bodyDoubleMatch = lastMatchOf(segment.matchAll(bodyDoublePattern)); + const bodySingleMatch = lastMatchOf(segment.matchAll(bodySinglePattern)); // Pick whichever match appears LAST in the segment, regardless of // quote style — but reject any candidate that's nested inside the // other's range. For `gh pr create --body "docs mention -b 'flag'"` From 325a12c3c12d21137803eed29899528f5c41b192 Mon Sep 17 00:00:00 2001 From: wenshao Date: Wed, 6 May 2026 07:19:38 +0800 Subject: [PATCH 37/64] chore(schema): regenerate settings.schema.json to match gitCoAuthor.commit description The settingsSchema.ts source for `gitCoAuthor.commit.description` was updated in 3c0e3293b but the JSON schema only picked up the OUTER description rewrite and missed this inner property's. The Lint check ("Check settings schema is up-to-date") fails on that drift; this commit re-runs `npm run generate:settings-schema` to sync them. --- packages/vscode-ide-companion/schemas/settings.schema.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/vscode-ide-companion/schemas/settings.schema.json b/packages/vscode-ide-companion/schemas/settings.schema.json index 56059da92ee..a70539b3e88 100644 --- a/packages/vscode-ide-companion/schemas/settings.schema.json +++ b/packages/vscode-ide-companion/schemas/settings.schema.json @@ -79,7 +79,7 @@ "type": "object", "properties": { "commit": { - "description": "Automatically add a Co-authored-by trailer to git commit messages when commits are made through Qwen Code.", + "description": "Add a Co-authored-by trailer to git commit messages AND attach a per-file AI-attribution git note (`refs/notes/ai-attribution`) for commits made through Qwen Code. Disabling skips both.", "type": "boolean", "default": true }, From 1ece87438f886dae5ab2df718f9951af7e596cd1 Mon Sep 17 00:00:00 2001 From: wenshao Date: Wed, 6 May 2026 07:23:47 +0800 Subject: [PATCH 38/64] fix(attribution): preserve unstaged AI edits across cleanup branches MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit uxU5 + uxVQ + uxUO (Copilot): every cleanup branch in attachCommitAttribution that called clearAttributions(true) was wholesale-erasing pending AI edits for files the user never staged in this commit. Reviewer scenarios: - multi-commit chain (`commit a && commit b`) bails out without writing a note, but unstaged edits to file Z (touched by neither commit) get cleared along with the chain's committed files. - attribution toggle off: same — toggling the flag wipes pending unstaged work. - analysis failure (shallow clone, --amend without reflog, partial diff failure): the finally-block fallback wholesale-cleared every pending file, consuming unrelated AI edits. - 0%-AI commit: when no file in the commit was AI-touched, generateNotePayload was emitting an "0% AI" note attached to a commit that legitimately had no AI involvement — actively misleading metadata. Add `noteCommitWithoutClearing()` to the service: snapshots the prompt counter as the new "at last commit" but leaves the per-file map alone. Use it in the multi-commit, no-tracked-edits, toggle-off, and analysis-failure paths. The committed-files partial-clear (clearAttributedFiles) still runs in the success path. The 0%-AI no-match case now skips the note write entirely. --- .../core/src/services/commitAttribution.ts | 14 ++++++ packages/core/src/tools/shell.ts | 44 ++++++++++++++----- 2 files changed, 47 insertions(+), 11 deletions(-) diff --git a/packages/core/src/services/commitAttribution.ts b/packages/core/src/services/commitAttribution.ts index 7f98ab54d7d..f49f1c518b5 100644 --- a/packages/core/src/services/commitAttribution.ts +++ b/packages/core/src/services/commitAttribution.ts @@ -329,6 +329,20 @@ export class CommitAttributionService { } } + /** + * Snapshot the prompt counter as the new "last commit" without + * clearing per-file attribution. Used when a commit landed but we + * can't reliably determine which files were in it (multi-commit + * chain we won't write a note for, attribution toggle off, diff + * analysis failed). Wholesale-clearing in those branches would + * silently wipe pending AI edits for *unrelated* files the user + * didn't stage — a worse failure mode than the small risk of + * stale per-file state for files that did just land. + */ + noteCommitWithoutClearing(): void { + this.promptCountAtLastCommit = this.promptCount; + } + /** * Resolve a set of repo-relative file paths to the canonical absolute * keys actually stored in the attribution map. Used by cleanup to diff --git a/packages/core/src/tools/shell.ts b/packages/core/src/tools/shell.ts index 53abfb3b647..50c0665851f 100644 --- a/packages/core/src/tools/shell.ts +++ b/packages/core/src/tools/shell.ts @@ -1914,7 +1914,13 @@ export class ShellToolInvocation extends BaseToolInvocation< : `multi-commit shell command (${commitCount} commits since ` + `${preHead ? preHead.slice(0, 12) : 'repo root'})`; debugLogger.warn(`Refusing AI attribution: ${reason}.`); - attributionService.clearAttributions(true); + // Snapshot the prompt counter but do NOT clear per-file + // attributions: in a `commit a && commit b` chain, the user + // may have unstaged AI edits to files that appeared in NEITHER + // commit. Wholesale-clearing here would erase those even + // though the rest of the flow is built to preserve unstaged + // entries across partial commits. + attributionService.noteCommitWithoutClearing(); return null; } @@ -1924,17 +1930,19 @@ export class ShellToolInvocation extends BaseToolInvocation< // "at last commit" so a later `gh pr create` doesn't report an // inflated N-shotted count spanning multiple commits. if (!attributionService.hasAttributions()) { - attributionService.clearAttributions(true); + attributionService.noteCommitWithoutClearing(); return null; } const gitCoAuthorSettings = this.config.getGitCoAuthor(); if (!gitCoAuthorSettings.commit) { - // Commit succeeded but attribution is disabled. Still snapshot - // the prompt counters as "at last commit" so the next commit - // starts a fresh window — otherwise the user would carry stale - // counts forward forever. - attributionService.clearAttributions(true); + // Commit succeeded but attribution is disabled. Snapshot the + // prompt counters as "at last commit" but leave per-file + // attributions alone — a wholesale clear here would lose the + // user's pending unstaged AI work just because they toggled + // attribution off, which is a much harsher contract than the + // toggle name suggests. + attributionService.noteCommitWithoutClearing(); return null; } @@ -1994,6 +2002,16 @@ export class ShellToolInvocation extends BaseToolInvocation< canonicalBase, ); + // No file in this commit was AI-touched in the current session. + // Writing a note anyway would emit an all-zero "0% AI" payload + // attached to a commit that legitimately had no AI involvement + // — actively misleading. Skip the note; the partial clear in + // the finally block is a no-op (empty set) so unrelated pending + // attributions stay tracked for a later commit. + if (committedAbsolutePaths.size === 0) { + return null; + } + const note = attributionService.generateNotePayload( stagedInfo, baseDir, @@ -2063,13 +2081,17 @@ export class ShellToolInvocation extends BaseToolInvocation< // Partial clear: only drop tracking for the files that actually // landed in this commit. Files the AI edited but the user // omitted from `git add` stay pending for a later commit. - // If we never determined the committed set (early failure in - // getCommittedFileInfo), fall back to a full clear so we don't - // leak stale per-file state — counters still get snapshotted. + // If we never determined the committed set (analysis failure: + // shallow clone, --amend without reflog, partial diff failure, + // exception), DO NOT wholesale-clear: that would erase pending + // AI edits for files the user never staged in this commit. The + // small risk is stale per-file state for the just-committed + // file (re-attributed if it appears in a future commit) — much + // less harmful than losing unrelated unstaged work. if (committedAbsolutePaths) { attributionService.clearAttributedFiles(committedAbsolutePaths); } else { - attributionService.clearAttributions(true); + attributionService.noteCommitWithoutClearing(); } } return warning; From dd45e1720138f489551dcef46eddda2f79d50ee3 Mon Sep 17 00:00:00 2001 From: wenshao Date: Wed, 6 May 2026 08:48:47 +0800 Subject: [PATCH 39/64] =?UTF-8?q?fix(attribution):=20runGit=20null-on-fail?= =?UTF-8?q?ure,=20versionless=20v3=E2=86=92v4=20migration?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit z54M (Copilot): runGit returned '' on both successful-empty-output and silent failure, so a `--name-only` that errored mid-way through the diff fan-out aliased to a real `--allow-empty` commit. The empty-commit branch then preserved pending attributions, leaving the just-committed file's tracked AI edit alive to re-attribute on the next commit. Switch runGit to `Promise`, distinguishing exit code 0 (any output, including '') from non-zero (null). The diff-stage fan-out and ancillary probes now treat null as analysis failure and bail with `return null` instead of falling into the empty-commit path. z539 (Copilot): the v3→v4 `shouldMigrate` only fired on `$version === 3`. A versionless settings file carrying the legacy `general.gitCoAuthor: false` boolean would skip every migration (gitCoAuthor isn't in V1_INDICATOR_KEYS — it post-dates V2), get its `$version` normalized to 4 by the loader, and leave the boolean in place. The settings dialog then reads the V4 `{commit, pr}` shape, sees missing keys, defaults both to true, and silently overwrites the user's opt-out on the next save. Also fire when `$version` is absent AND the value at `general.gitCoAuthor` is a boolean. Tests cover the new path and confirm the existing versioned/object-shape paths are untouched. --- .../migration/versions/v3-to-v4.test.ts | 29 +++++++++++ .../src/config/migration/versions/v3-to-v4.ts | 20 ++++++- packages/core/src/tools/shell.ts | 52 ++++++++++++++++--- 3 files changed, 93 insertions(+), 8 deletions(-) diff --git a/packages/cli/src/config/migration/versions/v3-to-v4.test.ts b/packages/cli/src/config/migration/versions/v3-to-v4.test.ts index 8b3b25c6028..65fa13fab64 100644 --- a/packages/cli/src/config/migration/versions/v3-to-v4.test.ts +++ b/packages/cli/src/config/migration/versions/v3-to-v4.test.ts @@ -39,6 +39,35 @@ describe('V3ToV4Migration', () => { expect(migration.shouldMigrate('x')).toBe(false); expect(migration.shouldMigrate(42)).toBe(false); }); + + // `gitCoAuthor` post-dates the V1 indicator-key list, so a settings + // file that has ONLY this legacy boolean shape (no `$version`, + // no other migration-triggering keys) wouldn't fire any earlier + // migration. The v3→v4 step must catch it directly so the dialog + // doesn't silently overwrite the user's stored opt-out with the + // schema defaults on next save. + it('returns true for versionless settings with legacy boolean gitCoAuthor', () => { + expect( + migration.shouldMigrate({ + general: { gitCoAuthor: false }, + }), + ).toBe(true); + }); + + it('returns false for versionless settings without gitCoAuthor', () => { + expect(migration.shouldMigrate({ general: {} })).toBe(false); + expect(migration.shouldMigrate({})).toBe(false); + }); + + it('returns false for versionless settings with already-object gitCoAuthor', () => { + // User who hand-edited to the v4 shape — let the loader's + // version normalization handle it without rewriting. + expect( + migration.shouldMigrate({ + general: { gitCoAuthor: { commit: false, pr: true } }, + }), + ).toBe(false); + }); }); describe('migrate', () => { diff --git a/packages/cli/src/config/migration/versions/v3-to-v4.ts b/packages/cli/src/config/migration/versions/v3-to-v4.ts index 34795303a04..7f8ca757839 100644 --- a/packages/cli/src/config/migration/versions/v3-to-v4.ts +++ b/packages/cli/src/config/migration/versions/v3-to-v4.ts @@ -39,7 +39,25 @@ export class V3ToV4Migration implements SettingsMigration { return false; } const s = settings as Record; - return s['$version'] === 3; + if (s['$version'] === 3) { + return true; + } + // Versionless settings file (no $version key) with the legacy + // boolean `gitCoAuthor` shape: the V1/V2 migrations don't list + // `gitCoAuthor` as an indicator key (it post-dates them), so a + // settings file that has ONLY this shape wouldn't trigger any + // earlier migration and would land here at the v3→v4 boundary + // without being rewritten. Handle the boolean directly so the + // settings dialog (which reads the v4 `{commit, pr}` shape) can + // surface the user's prior choice instead of silently overwriting + // their opt-out with the schema defaults on first save. + if (s['$version'] === undefined) { + const value = getNestedProperty(s, GIT_CO_AUTHOR_PATH); + if (typeof value === 'boolean') { + return true; + } + } + return false; } migrate( diff --git a/packages/core/src/tools/shell.ts b/packages/core/src/tools/shell.ts index 50c0665851f..883366a22c5 100644 --- a/packages/core/src/tools/shell.ts +++ b/packages/core/src/tools/shell.ts @@ -2122,7 +2122,15 @@ export class ShellToolInvocation extends BaseToolInvocation< deletedFiles: new Set(), }; - const runGit = async (args: string): Promise => { + // Distinguish a successful git command with no output (e.g. + // `--allow-empty` -> empty `--name-only` listing) from a failed + // git command (silenced by ShellExecutionService) so the caller + // can choose between the empty-commit sentinel and the analysis- + // failure sentinel. Returning the same `''` for both used to + // alias `--allow-empty` to a `--name-only` failure, which left + // pending attributions tracked across the just-committed file + // and re-attributed it on the next commit. + const runGit = async (args: string): Promise => { const handle = await ShellExecutionService.execute( `git ${args}`, cwd, @@ -2132,7 +2140,7 @@ export class ShellToolInvocation extends BaseToolInvocation< {}, ); const r = await handle.result; - return r.exitCode === 0 ? r.output : ''; + return r.exitCode === 0 ? r.output : null; }; try { @@ -2161,7 +2169,19 @@ export class ShellToolInvocation extends BaseToolInvocation< runGit('log -1 --pretty=%P HEAD'), runGit('rev-parse --show-toplevel'), ]); - const hasParent = hasParentOutput.length > 0; + // `rev-parse --verify HEAD~1` is allowed to fail (shallow + // clone, true root commit) — treat null and '' uniformly. + const hasParent = hasParentOutput !== null && hasParentOutput.length > 0; + // `log -1 --pretty=%P HEAD` MUST succeed; if git can't read the + // current HEAD's metadata we have no way to tell shallow apart + // from a real root commit. Bail. + if (parentShaOutput === null) { + debugLogger.warn( + 'getCommittedFileInfo: log -1 --pretty=%P HEAD failed; ' + + 'cannot distinguish shallow clone from true root commit.', + ); + return null; + } const isTrueRootCommit = parentShaOutput.trim().length === 0; // Shallow clone: HEAD has a parent recorded but the object // isn't local. Bail rather than over-attribute via --root. @@ -2177,8 +2197,9 @@ export class ShellToolInvocation extends BaseToolInvocation< // reconcile paths from `git diff` (relative to the toplevel) // against absolute paths recorded by the edit/write tools. // Using the configured target directory as base would zero out - // attribution for any file outside it. - const repoRoot = repoRootOutput.trim(); + // attribution for any file outside it. Tolerate failure (null + // -> empty string -> caller falls back to targetDir). + const repoRoot = (repoRootOutput ?? '').trim(); // Choose the diff range: // - amend: `HEAD@{1}..HEAD` — the actual amend delta. The @@ -2191,8 +2212,8 @@ export class ShellToolInvocation extends BaseToolInvocation< let diffArgs: { name: string; status: string; numstat: string }; if (isAmend) { // Verify HEAD@{1} actually exists; reflogs can be GC'd. - const hasReflog = - (await runGit('rev-parse --verify HEAD@{1}')).length > 0; + const reflogProbe = await runGit('rev-parse --verify HEAD@{1}'); + const hasReflog = reflogProbe !== null && reflogProbe.length > 0; if (!hasReflog) { // Without a pre-amend snapshot we can't compute the amend // delta; emitting `HEAD~1..HEAD` would over-attribute. @@ -2226,6 +2247,23 @@ export class ShellToolInvocation extends BaseToolInvocation< runGit(diffArgs.numstat), ]); + // ANY of the three diffs failing (null) is an analysis failure, + // NOT an empty commit. Without this check, a `--name-only` that + // failed silently used to alias to `--allow-empty`, leaving the + // just-committed file's tracked AI edit in the singleton and + // re-attributing it to the next commit. + if ( + nameOutput === null || + statusOutput === null || + numstatOutput === null + ) { + debugLogger.warn( + 'getCommittedFileInfo: one or more diff calls failed; ' + + 'cannot distinguish empty commit from analysis failure.', + ); + return null; + } + const files = nameOutput .split('\n') .map((f) => f.trim()) From d429d9033157d230e1a8ad86d0dd411b34f781b4 Mon Sep 17 00:00:00 2001 From: wenshao Date: Wed, 6 May 2026 10:01:26 +0800 Subject: [PATCH 40/64] fix(attribution): toggle-off partial clear, normalizeGitCoAuthor type-check, terraform lockfile MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 0oAK (Copilot): the gitCoAuthor.commit toggle-off branch returned before computing the committed file set, leaving the just-committed files' tracked AI work in the singleton. Re-enabling the toggle and committing the same file again would re-attribute earlier (already- committed) AI edits to the new commit. Move the toggle gate AFTER matchCommittedFiles so the finally block does a proper partial clear of the just-committed files even when the note write is skipped. 0oAg (Copilot): normalizeGitCoAuthor copied value?.commit / value?.pr without type-checking. settings.json is hand-editable; a stored `{ commit: "false" }` reached runtime as a truthy string and behaved as if attribution were enabled. Add a per-field bool coercion that falls back to the schema default (true) for any non-boolean, matching what the dialog and IDE schema already imply. Tests cover the string / number / null cases. 0oAo (Copilot): v3→v4 shouldMigrate only special-cased versionless legacy booleans — versionless files with invalid gitCoAuthor values (`"off"`, `[]`, etc.) skipped the migration and the loader stamped `$version: 4` over the bad value. Runtime normalization then silently re-enabled attribution. Extend shouldMigrate to fire on ANY versionless non-object value at general.gitCoAuthor; the existing migrate() body's drop-and-warn path resets it. Already-object shapes (hand-edited to v4) still skip cleanly. Tests added. 0oAt (Copilot): `.terraform.lock.hcl` got dropped from generated-file exclusion when `.lock` was removed from the blanket extension list in 3c0e3293b. It's a generated provider lockfile in the same class as `package-lock.json` and dominates Terraform-repo commits. Re-add to EXCLUDED_FILENAMES and add a regression test covering both repo-root and module-nested locations. --- .../migration/versions/v3-to-v4.test.ts | 21 ++++++++++++ .../src/config/migration/versions/v3-to-v4.ts | 33 ++++++++++++------- packages/core/src/config/config.test.ts | 26 +++++++++++++++ packages/core/src/config/config.ts | 12 +++++-- .../core/src/services/generatedFiles.test.ts | 11 ++++++- packages/core/src/services/generatedFiles.ts | 6 ++++ packages/core/src/tools/shell.ts | 24 +++++++------- 7 files changed, 107 insertions(+), 26 deletions(-) diff --git a/packages/cli/src/config/migration/versions/v3-to-v4.test.ts b/packages/cli/src/config/migration/versions/v3-to-v4.test.ts index 65fa13fab64..0d02d383d2a 100644 --- a/packages/cli/src/config/migration/versions/v3-to-v4.test.ts +++ b/packages/cli/src/config/migration/versions/v3-to-v4.test.ts @@ -68,6 +68,27 @@ describe('V3ToV4Migration', () => { }), ).toBe(false); }); + + // Without the migration firing on invalid versionless values, the + // loader would stamp $version: 4 with `"off"` / `[]` / etc. left + // on disk, and runtime normalization would silently re-enable + // attribution. The migrate() body's drop-and-warn handles these + // — shouldMigrate has to fire so it gets a chance to run. + it.each([ + ['"off"', 'off'], + ['empty array', []], + ['number', 42], + ['null', null], + ])( + 'returns true for versionless settings with invalid gitCoAuthor (%s)', + (_label, value) => { + expect( + migration.shouldMigrate({ + general: { gitCoAuthor: value }, + }), + ).toBe(true); + }, + ); }); describe('migrate', () => { diff --git a/packages/cli/src/config/migration/versions/v3-to-v4.ts b/packages/cli/src/config/migration/versions/v3-to-v4.ts index 7f8ca757839..8b828b06255 100644 --- a/packages/cli/src/config/migration/versions/v3-to-v4.ts +++ b/packages/cli/src/config/migration/versions/v3-to-v4.ts @@ -42,20 +42,31 @@ export class V3ToV4Migration implements SettingsMigration { if (s['$version'] === 3) { return true; } - // Versionless settings file (no $version key) with the legacy - // boolean `gitCoAuthor` shape: the V1/V2 migrations don't list - // `gitCoAuthor` as an indicator key (it post-dates them), so a - // settings file that has ONLY this shape wouldn't trigger any - // earlier migration and would land here at the v3→v4 boundary - // without being rewritten. Handle the boolean directly so the - // settings dialog (which reads the v4 `{commit, pr}` shape) can - // surface the user's prior choice instead of silently overwriting - // their opt-out with the schema defaults on first save. + // Versionless settings file (no $version key): the V1/V2 migrations + // don't list `gitCoAuthor` as an indicator key (it post-dates them), + // so a settings file with ONLY this shape wouldn't trigger any + // earlier migration. Catch it here so: + // - legacy boolean (`gitCoAuthor: false`) gets expanded to + // `{commit: false, pr: false}` instead of being silently + // overwritten by the dialog's schema defaults on first save; + // - invalid shapes (`gitCoAuthor: "off"`, `gitCoAuthor: []`, + // etc.) get reset by the migrate() body's drop-and-warn path + // so runtime normalization doesn't quietly re-enable + // attribution against the user's intent. if (s['$version'] === undefined) { const value = getNestedProperty(s, GIT_CO_AUTHOR_PATH); - if (typeof value === 'boolean') { - return true; + if (value === undefined) return false; + // Already in the v4 shape — leave the loader to stamp $version: 4. + if ( + typeof value === 'object' && + value !== null && + !Array.isArray(value) + ) { + return false; } + // Anything else (boolean, string, number, array, null) needs + // rewriting via migrate(). + return true; } return false; } diff --git a/packages/core/src/config/config.test.ts b/packages/core/src/config/config.test.ts index 3e42fc307d5..914a3c7acba 100644 --- a/packages/core/src/config/config.test.ts +++ b/packages/core/src/config/config.test.ts @@ -1060,6 +1060,32 @@ describe('Server Config (config.ts)', () => { expect(settings.pr).toBe(value); }, ); + + // settings.json is hand-editable; without per-field type checks + // a stored `{ commit: "false" }` would reach runtime as a truthy + // string and behave as if attribution were enabled. Coerce + // anything non-boolean to the schema default (true) so a + // misspelled setting can't quietly invert the user's intent. + it.each([ + ['string "false"', 'false', true], + ['string "true"', 'true', true], + ['number 0', 0, true], + ['null', null, true], + ])( + 'coerces non-boolean field (%s) to the schema default true', + (_label, badValue, expected) => { + const config = new Config({ + ...baseParams, + gitCoAuthor: { + commit: badValue as unknown as boolean, + pr: badValue as unknown as boolean, + }, + }); + const settings = config.getGitCoAuthor(); + expect(settings.commit).toBe(expected); + expect(settings.pr).toBe(expected); + }, + ); }); describe('Telemetry Settings', () => { diff --git a/packages/core/src/config/config.ts b/packages/core/src/config/config.ts index f60a451deff..be2c38acdfc 100644 --- a/packages/core/src/config/config.ts +++ b/packages/core/src/config/config.ts @@ -260,9 +260,17 @@ function normalizeGitCoAuthor(value: GitCoAuthorParam | undefined): { if (typeof value === 'boolean') { return { commit: value, pr: value }; } + // Defensive type-check on each sub-field. settings.json is + // user-editable (and the schema validator only runs in IDEs that + // load the bundled JSON schema) so a hand-edited + // `{ "commit": "false" }` would otherwise reach runtime as a + // truthy string and behave as if attribution were enabled. Coerce + // anything non-boolean to the schema default (true) so the user + // doesn't get surprise-on by a misspelled setting. + const pickBool = (v: unknown): boolean => (typeof v === 'boolean' ? v : true); return { - commit: value?.commit ?? true, - pr: value?.pr ?? true, + commit: pickBool(value?.commit), + pr: pickBool(value?.pr), }; } diff --git a/packages/core/src/services/generatedFiles.test.ts b/packages/core/src/services/generatedFiles.test.ts index 9805c61d1af..a37d7428946 100644 --- a/packages/core/src/services/generatedFiles.test.ts +++ b/packages/core/src/services/generatedFiles.test.ts @@ -79,8 +79,17 @@ describe('isGeneratedFile', () => { // EXCLUDED_FILENAMES (yarn.lock etc.) are dropped. it('should NOT exclude unknown .lock files (only well-known ones)', () => { expect(isGeneratedFile('config/feature.lock')).toBe(false); - expect(isGeneratedFile('terraform/.terraform.lock.hcl')).toBe(false); // Sanity: known lockfiles still excluded. expect(isGeneratedFile('yarn.lock')).toBe(true); }); + + // Terraform: `.terraform.lock.hcl` is generated by `terraform init` + // and dominates Terraform-repo commits. Listed as a known + // generated lockfile in EXCLUDED_FILENAMES. + it('should exclude Terraform provider lockfile', () => { + expect(isGeneratedFile('.terraform.lock.hcl')).toBe(true); + expect(isGeneratedFile('infra/modules/network/.terraform.lock.hcl')).toBe( + true, + ); + }); }); diff --git a/packages/core/src/services/generatedFiles.ts b/packages/core/src/services/generatedFiles.ts index d5ab6ad2358..beb58790b99 100644 --- a/packages/core/src/services/generatedFiles.ts +++ b/packages/core/src/services/generatedFiles.ts @@ -25,6 +25,12 @@ const EXCLUDED_FILENAMES = new Set([ 'pipfile.lock', 'shrinkwrap.json', 'npm-shrinkwrap.json', + // Terraform: provider lockfile generated by `terraform init`. In + // Terraform repos this file often dominates a commit's churn and + // would skew per-file AI ratios toward provider noise rather than + // the human-authored Terraform sources the note is meant to + // describe. + '.terraform.lock.hcl', ]); // File extension patterns (case-insensitive). Note: `.d.ts` is NOT diff --git a/packages/core/src/tools/shell.ts b/packages/core/src/tools/shell.ts index 883366a22c5..2afb2d8d7b4 100644 --- a/packages/core/src/tools/shell.ts +++ b/packages/core/src/tools/shell.ts @@ -1934,18 +1934,6 @@ export class ShellToolInvocation extends BaseToolInvocation< return null; } - const gitCoAuthorSettings = this.config.getGitCoAuthor(); - if (!gitCoAuthorSettings.commit) { - // Commit succeeded but attribution is disabled. Snapshot the - // prompt counters as "at last commit" but leave per-file - // attributions alone — a wholesale clear here would lose the - // user's pending unstaged AI work just because they toggled - // attribution off, which is a much harsher contract than the - // toggle name suggests. - attributionService.noteCommitWithoutClearing(); - return null; - } - let committedAbsolutePaths: Set | null = null; let warning: string | null = null; try { @@ -2012,6 +2000,18 @@ export class ShellToolInvocation extends BaseToolInvocation< return null; } + // Toggle gate AFTER computing committedAbsolutePaths so the + // finally block still does a proper partial clear of files + // that just landed. Without this, a user who turned off + // attribution would have those just-committed files' tracked + // AI work sit in the singleton; flipping the toggle back on + // and committing the same file again would re-attribute the + // earlier (already-committed) AI edits to the new commit. + const gitCoAuthorSettings = this.config.getGitCoAuthor(); + if (!gitCoAuthorSettings.commit) { + return null; // finally block does the partial clear + } + const note = attributionService.generateNotePayload( stagedInfo, baseDir, From a53c7508d2aacf00807dd8520c274aa18ffea565 Mon Sep 17 00:00:00 2001 From: wenshao Date: Wed, 6 May 2026 10:16:28 +0800 Subject: [PATCH 41/64] fix(attribution): harden restoreFromSnapshot against corrupt payloads 1KMY (Copilot): snapshot.surface was copied without type validation. A corrupted/partially-written snapshot with a non-string surface (e.g. {}, 42, null) would later be serialized into the git note as "[object Object]" and used as a Map key downstream, breaking the expected payload shape. Type-check and fall back to the current client surface for any non-string (or empty-string) value. 1KLq (Copilot): per-field sanitiseCount enforced `promptCount >= 0` and `promptCountAtLastCommit >= 0` independently, but never the cross-field invariant. A snapshot with promptCountAtLastCommit > promptCount would surface a negative getPromptsSinceLastCommit() and propagate as a "(-N)-shotted" trailer into PR text. Clamp atLastCommit to total on restore. 1KL_ (Copilot): when a snapshot carried both the symlinked and canonical paths for the same file (a session straddling the canonicalisation fix), `set(realpathOrSelf(k), ...)` overwrote the first entry with the second, silently dropping the AI contribution the first form had accumulated. Merge instead: sum aiContribution and OR aiCreated when collapsing duplicate keys. Tests cover all three branches: non-string surface fallback, promptCount clamp, and duplicate-key merge. --- .../src/services/commitAttribution.test.ts | 71 +++++++++++++++++++ .../core/src/services/commitAttribution.ts | 41 +++++++++-- 2 files changed, 106 insertions(+), 6 deletions(-) diff --git a/packages/core/src/services/commitAttribution.test.ts b/packages/core/src/services/commitAttribution.test.ts index 05db79c08f0..2bbd794db20 100644 --- a/packages/core/src/services/commitAttribution.test.ts +++ b/packages/core/src/services/commitAttribution.test.ts @@ -380,5 +380,76 @@ describe('CommitAttributionService', () => { .aiContribution, ).toBe(99); }); + + // A snapshot straddling the canonicalisation fix can carry both + // the symlinked and canonical paths for the same file. After + // realpathOrSelf normalises them, the second entry to land + // would overwrite the first if we just `set()` — losing the + // first form's accumulated aiContribution. Merge instead. + it('merges duplicate entries collapsed by canonicalisation', () => { + const service = CommitAttributionService.getInstance(); + service.restoreFromSnapshot({ + type: 'attribution-snapshot', + surface: 'cli', + fileStates: { + '/var/repo/src/dup.ts': { + aiContribution: 30, + aiCreated: false, + }, + '/private/var/repo/src/dup.ts': { + aiContribution: 70, + aiCreated: true, + }, + }, + promptCount: 0, + promptCountAtLastCommit: 0, + }); + + const restored = service.getFileAttribution( + '/private/var/repo/src/dup.ts', + )!; + expect(restored.aiContribution).toBe(100); + // aiCreated is OR'd: any form carrying true wins. + expect(restored.aiCreated).toBe(true); + }); + + // A corrupted snapshot with promptCountAtLastCommit > promptCount + // would surface a negative `getPromptsSinceLastCommit()` and + // propagate as a "(-3)-shotted" trailer into PR text. + it('clamps promptCountAtLastCommit to promptCount on restore', () => { + const service = CommitAttributionService.getInstance(); + service.restoreFromSnapshot({ + type: 'attribution-snapshot', + surface: 'cli', + fileStates: {}, + promptCount: 5, + promptCountAtLastCommit: 99, + }); + expect(service.getPromptsSinceLastCommit()).toBe(0); + }); + + // `surface` lands verbatim in the git-notes payload and is used + // as a Map key. Non-string values would coerce into + // `[object Object]` etc. Fall back to the current client surface. + it.each([ + ['object', { foo: 'bar' }], + ['number', 42], + ['null', null], + ['empty string', ''], + ])( + 'falls back to client surface when snapshot.surface is non-string (%s)', + (_label, badValue) => { + const service = CommitAttributionService.getInstance(); + service.restoreFromSnapshot({ + type: 'attribution-snapshot', + surface: badValue as unknown as string, + fileStates: {}, + promptCount: 0, + promptCountAtLastCommit: 0, + }); + // getClientSurface() returns 'cli' in tests (no env var set). + expect(service.getSurface()).toBe('cli'); + }, + ); }); }); diff --git a/packages/core/src/services/commitAttribution.ts b/packages/core/src/services/commitAttribution.ts index f49f1c518b5..3ba0bd290f0 100644 --- a/packages/core/src/services/commitAttribution.ts +++ b/packages/core/src/services/commitAttribution.ts @@ -414,7 +414,16 @@ export class CommitAttributionService { return; } - this.surface = snapshot.surface ?? getClientSurface(); + // `surface` is embedded verbatim in the git-notes payload and used + // as a Map/Record key downstream. A corrupted snapshot with a + // non-string value (e.g. `{}`, `42`, `null`) would coerce into + // strings like `[object Object]` and break the payload shape. + // Fall back to the current client surface when the stored value + // isn't a string. + this.surface = + typeof snapshot.surface === 'string' && snapshot.surface.length > 0 + ? snapshot.surface + : getClientSurface(); // A corrupted or partially-written snapshot can leave numeric // counters as `undefined`; without coercion, downstream // `Math.min(undefined, n)` produces NaN that flows into the @@ -423,16 +432,36 @@ export class CommitAttributionService { this.promptCountAtLastCommit = sanitiseCount( snapshot.promptCountAtLastCommit, ); + // Enforce the invariant `atLastCommit <= total`: a corrupted / + // partially-written snapshot with the inverse would surface a + // negative `getPromptsSinceLastCommit()` and propagate as a + // "(-3)-shotted" trailer into PR descriptions. + if (this.promptCountAtLastCommit > this.promptCount) { + this.promptCountAtLastCommit = this.promptCount; + } this.fileAttributions.clear(); for (const [k, v] of Object.entries(snapshot.fileStates ?? {})) { // Re-canonicalise on restore so old snapshots (written before // recordEdit started running keys through realpath) end up - // with the same shape as newly-recorded entries — otherwise a - // session resumed from a pre-fix snapshot could have two - // parallel records for the same file under symlink/canonical - // forms. - this.fileAttributions.set(realpathOrSelf(k), sanitiseAttribution(v)); + // with the same shape as newly-recorded entries. If both the + // symlinked and canonical forms were stored under separate + // keys (e.g. a session straddling the canonicalisation fix), + // collapsing them onto the same canonical key MUST merge their + // attribution rather than overwrite — otherwise the second + // entry to land wins and the AI's accumulated contribution from + // the first form is silently dropped. + const canonicalKey = realpathOrSelf(k); + const incoming = sanitiseAttribution(v); + const existing = this.fileAttributions.get(canonicalKey); + if (existing) { + this.fileAttributions.set(canonicalKey, { + aiContribution: existing.aiContribution + incoming.aiContribution, + aiCreated: existing.aiCreated || incoming.aiCreated, + }); + } else { + this.fileAttributions.set(canonicalKey, incoming); + } } } From 715c258fb2700334b3bf43fd14291c59e87c231f Mon Sep 17 00:00:00 2001 From: wenshao Date: Wed, 6 May 2026 10:53:43 +0800 Subject: [PATCH 42/64] fix(attribution): roll back snapshot dedup key on sync appendRecord failure MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 1UMh (Copilot): appendRecord can throw synchronously before returning a promise — e.g. when ensureConversationFile() rethrows a non-EEXIST writeFileSync error. The async .catch() handler attached to the promise never runs in that case, so the optimistic dedup-key set sticks on a write that never landed and permanently suppresses identical retries. Roll back lastAttributionSnapshotJson in the outer catch too. Regression test forces writeFileSync to throw EACCES on the first invocation, then asserts the second identical snapshot attempt fires a fresh write rather than getting deduped. --- .../src/services/chatRecordingService.test.ts | 31 +++++++++++++++++++ .../core/src/services/chatRecordingService.ts | 18 +++++++++-- 2 files changed, 46 insertions(+), 3 deletions(-) diff --git a/packages/core/src/services/chatRecordingService.test.ts b/packages/core/src/services/chatRecordingService.test.ts index 0d5bb7ef164..0459e93df0e 100644 --- a/packages/core/src/services/chatRecordingService.test.ts +++ b/packages/core/src/services/chatRecordingService.test.ts @@ -505,6 +505,37 @@ describe('ChatRecordingService', () => { afterFailure + 1, ); }); + + // appendRecord can throw SYNCHRONOUSLY before returning a promise + // (e.g. ensureConversationFile fails because the conversation + // file can't be created). Without rollback in the outer catch, + // the dedup key stays set on a write that never happened, so + // all future identical snapshots get suppressed. + it('should retry an identical snapshot after a synchronous failure', async () => { + // First call: force writeFileSync (used by ensureConversationFile + // to wx-create the JSONL file) to throw a non-EEXIST error. + // ensureConversationFile rethrows that, which propagates through + // appendRecord SYNCHRONOUSLY before any promise is returned. + const writeFileSpy = vi.spyOn(fs, 'writeFileSync'); + writeFileSpy.mockImplementationOnce(() => { + const e = new Error( + 'EACCES: permission denied', + ) as NodeJS.ErrnoException; + e.code = 'EACCES'; + throw e; + }); + + chatRecordingService.recordAttributionSnapshot(baseSnapshot); + await chatRecordingService.flush(); + // Sync failure: writeLine never reached. + expect(vi.mocked(jsonl.writeLine)).not.toHaveBeenCalled(); + + // Identical snapshot on retry: dedup key should have been + // rolled back so this fires a fresh write. + chatRecordingService.recordAttributionSnapshot(baseSnapshot); + await chatRecordingService.flush(); + expect(vi.mocked(jsonl.writeLine)).toHaveBeenCalledTimes(1); + }); }); // Note: Session management tests (listSessions, loadSession, deleteSession, etc.) diff --git a/packages/core/src/services/chatRecordingService.ts b/packages/core/src/services/chatRecordingService.ts index dd6718ed21c..2490b9bc69d 100644 --- a/packages/core/src/services/chatRecordingService.ts +++ b/packages/core/src/services/chatRecordingService.ts @@ -1007,8 +1007,9 @@ export class ChatRecordingService { * than being permanently suppressed. */ recordAttributionSnapshot(snapshot: AttributionSnapshot): void { + let json: string | undefined; try { - const json = JSON.stringify(snapshot); + json = JSON.stringify(snapshot); if (json === this.lastAttributionSnapshotJson) { return; } @@ -1021,13 +1022,24 @@ export class ChatRecordingService { this.lastAttributionSnapshotJson = json; this.appendRecord(record).catch(() => { - // Write failed — only roll back if the key still belongs to - // our snapshot (a later distinct write may have overwritten it). + // Async write failed — only roll back if the key still + // belongs to our snapshot (a later distinct write may have + // overwritten it). if (this.lastAttributionSnapshotJson === json) { this.lastAttributionSnapshotJson = undefined; } }); } catch (error) { + // appendRecord (and createBaseRecord/JSON.stringify) can throw + // synchronously — e.g. ensureConversationFile() fails because + // the project temp dir isn't writable. The .catch() handler + // attached to the promise never runs in that case, so we'd + // otherwise leave the dedup key set without a write ever + // having landed and permanently suppress identical retries. + // Roll back here too. + if (json !== undefined && this.lastAttributionSnapshotJson === json) { + this.lastAttributionSnapshotJson = undefined; + } debugLogger.error('Error saving attribution snapshot:', error); } } From ee460de97b0f9e50367eaae078df4d3c244d1f2e Mon Sep 17 00:00:00 2001 From: wenshao Date: Wed, 6 May 2026 15:40:36 +0800 Subject: [PATCH 43/64] docs(attribution): align cleanup-branch comments with noteCommitWithoutClearing MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Three doc/test-fixture stale-after-refactor cleanups (Copilot 4MDx / 4MEI / 4MEa): - shell.ts:1944 (around the stagedInfo === null branch): the comment still claimed the finally block "falls back to a full clear", but 1ece87438 switched analysis-failure cleanup to noteCommitWithoutClearing(). Update the comment so the reasoning matches what the code actually does (and so a future reader doesn't reintroduce the wholesale clear thinking it's already there). - shell.ts: getCommittedFileInfo docstring carried the same stale "full clear" claim for the `null` return value. Update to describe the noteCommitWithoutClearing() fallback and the smaller-evil trade-off for the just-committed file. - chatRecordingService.test.ts: baseSnapshot fixture for the recordAttributionSnapshot tests still carried `baselines: {}`, even though that field was removed from AttributionSnapshot in 296fb55ae's dead-code purge. Structural typing let it compile, but the fixture didn't reflect the production shape — drop it. --- .../src/services/chatRecordingService.test.ts | 1 - packages/core/src/tools/shell.ts | 16 ++++++++++++---- 2 files changed, 12 insertions(+), 5 deletions(-) diff --git a/packages/core/src/services/chatRecordingService.test.ts b/packages/core/src/services/chatRecordingService.test.ts index 0459e93df0e..b866252bfaa 100644 --- a/packages/core/src/services/chatRecordingService.test.ts +++ b/packages/core/src/services/chatRecordingService.test.ts @@ -435,7 +435,6 @@ describe('ChatRecordingService', () => { version: 1, surface: 'cli', fileStates: {}, - baselines: {}, promptCount: 0, promptCountAtLastCommit: 0, }; diff --git a/packages/core/src/tools/shell.ts b/packages/core/src/tools/shell.ts index 2afb2d8d7b4..fd87c6a36e2 100644 --- a/packages/core/src/tools/shell.ts +++ b/packages/core/src/tools/shell.ts @@ -1943,8 +1943,12 @@ export class ShellToolInvocation extends BaseToolInvocation< // null = analysis failed (shallow clone, --amend without reflog, // partial diff failure, etc.). Leave `committedAbsolutePaths` - // null so the finally block falls back to a full clear and we - // don't leak stale per-file attributions into the next commit. + // null so the finally block calls `noteCommitWithoutClearing()` + // — snapshotting the prompt counter while leaving per-file + // attributions intact. (Earlier revisions of this code did a + // wholesale clear here, but that erased pending unstaged AI + // edits for files outside the just-failed commit; the + // smaller-evil trade-off is documented in the finally block.) // Skip the note write entirely — emitting a structurally valid // but factually wrong all-zero note is worse than no note. if (stagedInfo === null) { @@ -2109,8 +2113,12 @@ export class ShellToolInvocation extends BaseToolInvocation< * - `null` when analysis itself failed (shallow clone with no parent * object, --amend with no reflog, partial diff failure, exception). * The caller treats this as "could not determine the committed - * set" and falls back to a full clear so stale per-file state - * doesn't leak into a subsequent commit. + * set" and falls back to `noteCommitWithoutClearing()` — snapshots + * the prompt counter but leaves per-file attribution intact, so + * pending AI edits for files NOT in the just-committed set don't + * get wiped along with the analysis failure. (The just-committed + * file's stale entry may re-attribute on a later commit; that's + * the smaller evil compared to wholesale loss.) */ private async getCommittedFileInfo( cwd: string, From c0ed9092b0ab475c8b222719d227da26f733cbf2 Mon Sep 17 00:00:00 2001 From: wenshao Date: Wed, 6 May 2026 19:17:08 +0800 Subject: [PATCH 44/64] fix(attribution): restore fire-and-forget appendRecord, route rollback via callback MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 6OcJ (Copilot): refactor in 715c258fb returned a Promise from appendRecord so the snapshot dedup-key path could chain rollback — but recordUserMessage / recordAssistantTurn / recordAtCommand / recordSlashCommand / rewindRecording all call appendRecord without await or .catch(). A transient jsonl.writeLine rejection on any of those would surface as an unhandled-promise-rejection (warning, or crash on --unhandled-rejections=throw). Restore the original fire-and-forget semantics: appendRecord again returns void and internally swallows async failures (logging via debugLogger). Per-record failure reactions are routed through an optional onError callback — recordAttributionSnapshot uses this to roll back lastAttributionSnapshotJson when the write that set it ends up rejecting. Tests: add a fire-and-forget regression that mocks writeLine to reject and asserts no unhandledRejection events fire while the existing snapshot rollback tests (sync + async) still pass via the new callback path. --- .../src/services/chatRecordingService.test.ts | 24 +++++++++++ .../core/src/services/chatRecordingService.ts | 43 +++++++++++++------ 2 files changed, 54 insertions(+), 13 deletions(-) diff --git a/packages/core/src/services/chatRecordingService.test.ts b/packages/core/src/services/chatRecordingService.test.ts index b866252bfaa..ef40ad43060 100644 --- a/packages/core/src/services/chatRecordingService.test.ts +++ b/packages/core/src/services/chatRecordingService.test.ts @@ -505,6 +505,30 @@ describe('ChatRecordingService', () => { ); }); + // appendRecord is fire-and-forget for non-snapshot callers + // (recordUserMessage / recordAssistantTurn / recordAtCommand / + // ...). When jsonl.writeLine rejects, the rejection MUST be + // swallowed inside the service — otherwise it surfaces as an + // unhandled-promise-rejection in production (and as a flaky + // failure under vitest's --reporter=default). + it('should swallow async writeLine rejection for fire-and-forget callers', async () => { + vi.mocked(jsonl.writeLine).mockRejectedValueOnce(new Error('disk full')); + // Track unhandled rejections during this test. + const unhandled: unknown[] = []; + const handler = (err: unknown) => unhandled.push(err); + process.on('unhandledRejection', handler); + try { + chatRecordingService.recordUserMessage([{ text: 'hi' }]); + await chatRecordingService.flush(); + // Microtask drain to give any unhandled rejections a chance + // to surface before we assert. + await new Promise((resolve) => setImmediate(resolve)); + expect(unhandled).toHaveLength(0); + } finally { + process.off('unhandledRejection', handler); + } + }); + // appendRecord can throw SYNCHRONOUSLY before returning a promise // (e.g. ensureConversationFile fails because the conversation // file can't be created). Without rollback in the outer catch, diff --git a/packages/core/src/services/chatRecordingService.ts b/packages/core/src/services/chatRecordingService.ts index 2490b9bc69d..6543fd489a1 100644 --- a/packages/core/src/services/chatRecordingService.ts +++ b/packages/core/src/services/chatRecordingService.ts @@ -508,13 +508,24 @@ export class ChatRecordingService { * simplification. */ /** - * Returns a promise that resolves after the queued write succeeds and - * rejects (without logging) if it fails. The internal `writeChain` is - * advanced with a swallowing catch so the chain stays alive across - * failures; callers that need to react to per-record success can await - * the returned promise. + * Fire-and-forget: queues a JSONL write on the internal writeChain + * and swallows async failures (logs them via debugLogger). All + * existing call sites — recordUserMessage, recordAssistantTurn, + * etc. — invoke this synchronously without awaiting, so the + * internal swallow keeps an unhandled-promise-rejection from + * surfacing on a single transient writeLine failure. + * + * Callers that need to react to per-record write FAILURE (e.g. the + * snapshot dedup-key rollback in `recordAttributionSnapshot`) pass + * an `onError` callback, which fires after the write rejects (and + * after the rejection has been logged + the chain re-armed). Sync + * throws still propagate so the caller's outer try/catch can roll + * back optimistic state — see the synchronous-failure test. */ - private appendRecord(record: ChatRecord): Promise { + private appendRecord( + record: ChatRecord, + onError?: (err: unknown) => void, + ): void { let conversationFile: string; try { conversationFile = this.ensureConversationFile(); @@ -523,13 +534,19 @@ export class ChatRecordingService { throw error; } this.lastRecordUuid = record.uuid; - const writePromise = this.writeChain + this.writeChain = this.writeChain .catch(() => {}) - .then(() => jsonl.writeLine(conversationFile, record)); - this.writeChain = writePromise.catch((err) => { - debugLogger.error('Error appending record (async):', err); - }); - return writePromise; + .then(() => jsonl.writeLine(conversationFile, record)) + .catch((err) => { + debugLogger.error('Error appending record (async):', err); + if (onError) { + try { + onError(err); + } catch (cbErr) { + debugLogger.error('appendRecord onError callback threw:', cbErr); + } + } + }); } /** @@ -1021,7 +1038,7 @@ export class ChatRecordingService { }; this.lastAttributionSnapshotJson = json; - this.appendRecord(record).catch(() => { + this.appendRecord(record, () => { // Async write failed — only roll back if the key still // belongs to our snapshot (a later distinct write may have // overwritten it). From a66a21d81d72d48e1e272378a1afb0d290e37f5b Mon Sep 17 00:00:00 2001 From: wenshao Date: Wed, 6 May 2026 20:34:41 +0800 Subject: [PATCH 45/64] fix(attribution): GIT_DIR repo-shift bail, snapshot envelope validation, narrow legacyTypes MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 80ME (gpt-5.5 /review, [Critical]): tokeniseSegment unconditionally stripped every leading KEY=value token. `GIT_DIR=elsewhere/.git git commit ...` was therefore treated as an in-cwd commit, picked up the Co-authored-by trailer, and produced a per-file note that landed against our cwd's HEAD even though the actual commit went to a different repo. Define a GIT_ENV_SHIFTS_REPO set (GIT_DIR, GIT_WORK_TREE, GIT_COMMON_DIR, GIT_INDEX_FILE, GIT_NAMESPACE) and have tokeniseSegment refuse to parse any segment whose leading env block (including the env-wrapper's KEY=VALUE block) carries one of these. Identity / date variables (GIT_AUTHOR_*, GIT_COMMITTER_*) are deliberately NOT in the set — they tweak metadata but don't relocate the repo. Tests cover plain prefix, env-wrapped prefix, and a GIT_COMMITTER_DATE positive control that should still get the trailer. 8EeQ (Copilot): restoreFromSnapshot received `snapshot as AttributionSnapshot` from a structural cast off `unknown` (the resume path), so its TS-typed shape was only a hint. A corrupted JSONL line (non-object / array / wrong type discriminator / missing type) would skip past the version check straight into Object.entries(snapshot.fileStates) — and a non-object fileStates (an array, say) seeded fileAttributions with numeric-string keys. Add envelope-level shape gates (isPlainObject + type discriminator) and a fileStates plain-object check before iterating; both bail to a clean reset rather than poisoning the singleton. Tests added. 8Eej (Copilot): SettingDefinition.legacyTypes was typed as SettingsType[] which includes 'enum' and 'object' — JSON Schema's `type` keyword doesn't accept those values. Adding `legacyTypes: ['enum']` would silently produce an invalid settings.schema.json. Narrow the field's type to ReadonlyArray<'boolean' | 'string' | 'number' | 'array'> (the JSON-Schema-primitive subset). Future complex-shape legacy support should land its own branch in convertSettingToJsonSchema. --- packages/cli/src/config/settingsSchema.ts | 11 +++- .../src/services/commitAttribution.test.ts | 62 +++++++++++++++++++ .../core/src/services/commitAttribution.ts | 34 +++++++++- packages/core/src/tools/shell.test.ts | 60 ++++++++++++++++++ packages/core/src/tools/shell.ts | 56 +++++++++++++++-- 5 files changed, 215 insertions(+), 8 deletions(-) diff --git a/packages/cli/src/config/settingsSchema.ts b/packages/cli/src/config/settingsSchema.ts index f7c1cbe4006..5ff16b39704 100644 --- a/packages/cli/src/config/settingsSchema.ts +++ b/packages/cli/src/config/settingsSchema.ts @@ -84,8 +84,17 @@ export interface SettingDefinition { * those older shapes don't trip the IDE validator while the runtime * migration is still pending. Has no runtime effect — it's purely a * compatibility hint for editors. + * + * Restricted to JSON-Schema primitive types: the schema generator emits + * `{ type: }` for each entry, and JSON Schema's `type` + * keyword does not accept `'enum'` or `'object'` as a literal value. + * Allowing the full SettingsType union here would let `legacyTypes: + * ['enum']` slip in and produce a syntactically invalid + * `settings.schema.json`. Future legacy shapes that need `enum` / + * complex object compatibility should land their own branch in + * `convertSettingToJsonSchema` instead of widening this set. */ - legacyTypes?: readonly SettingsType[]; + legacyTypes?: ReadonlyArray<'boolean' | 'string' | 'number' | 'array'>; } /** diff --git a/packages/core/src/services/commitAttribution.test.ts b/packages/core/src/services/commitAttribution.test.ts index 2bbd794db20..7b5e83b3902 100644 --- a/packages/core/src/services/commitAttribution.test.ts +++ b/packages/core/src/services/commitAttribution.test.ts @@ -451,5 +451,67 @@ describe('CommitAttributionService', () => { expect(service.getSurface()).toBe('cli'); }, ); + + // Envelope-level corruption: a payload whose `type` discriminator + // is wrong (or whose top-level shape is non-object) must reset to + // a clean state instead of polluting fileAttributions. The + // resume-time caller passes `snapshot as AttributionSnapshot` + // from a structural cast off `unknown`, so the runtime value + // could be anything. + it.each([ + ['null', null], + ['array', []], + ['string', 'snapshot'], + ['number', 42], + ['wrong type discriminator', { type: 'something-else' }], + ['missing type', { fileStates: {} }], + ])( + 'resets to fresh state when snapshot envelope is malformed (%s)', + (_label, badPayload) => { + const service = CommitAttributionService.getInstance(); + // Seed some pre-existing state to confirm the reset clears it. + service.recordEdit('/project/preexisting.ts', null, 'hello'); + expect( + service.getFileAttribution('/project/preexisting.ts'), + ).toBeDefined(); + + service.restoreFromSnapshot( + badPayload as unknown as Parameters< + typeof service.restoreFromSnapshot + >[0], + ); + expect( + service.getFileAttribution('/project/preexisting.ts'), + ).toBeUndefined(); + expect(service.getSurface()).toBe('cli'); + expect(service.getPromptsSinceLastCommit()).toBe(0); + }, + ); + + // `fileStates` must be a plain object; otherwise Object.entries + // would happily iterate an array's [index, value] pairs and seed + // fileAttributions with numeric-string keys. + it.each([ + ['array', []], + ['string', 'oops'], + ['number', 42], + ['null', null], + ])( + 'ignores non-object fileStates (%s) without polluting attribution map', + (_label, badFileStates) => { + const service = CommitAttributionService.getInstance(); + service.restoreFromSnapshot({ + type: 'attribution-snapshot', + surface: 'cli', + fileStates: badFileStates as unknown as Record< + string, + { aiContribution: number; aiCreated: boolean } + >, + promptCount: 0, + promptCountAtLastCommit: 0, + }); + expect(service.hasAttributions()).toBe(false); + }, + ); }); }); diff --git a/packages/core/src/services/commitAttribution.ts b/packages/core/src/services/commitAttribution.ts index 3ba0bd290f0..c89b45cbfc7 100644 --- a/packages/core/src/services/commitAttribution.ts +++ b/packages/core/src/services/commitAttribution.ts @@ -399,6 +399,31 @@ export class CommitAttributionService { /** Restore state from a persisted snapshot. */ restoreFromSnapshot(snapshot: AttributionSnapshot): void { + // The resume-time caller (client.ts) passes `snapshot` as a + // structural cast from `unknown`, so its TS-typed shape is only + // a hint — the actual runtime value can be anything (corrupted + // JSONL line, hand-edited session file, schema drift). Bail to + // a clean reset on any envelope-level shape mismatch: + // - non-object / null / array + // - wrong `type` discriminator + // - non-numeric `version` (after the `version ?? 1` default) + // - non-object `fileStates` + // Per-field coercion (sanitiseAttribution etc.) handles damage + // INSIDE a structurally valid snapshot; this gate stops a + // wholesale-wrong payload from polluting fileAttributions with + // garbage keys before per-field validation can run. + const isPlainObject = (v: unknown): v is Record => + typeof v === 'object' && v !== null && !Array.isArray(v); + const looksLikeSnapshot = + isPlainObject(snapshot) && + (snapshot as Record)['type'] === 'attribution-snapshot'; + if (!looksLikeSnapshot) { + this.fileAttributions.clear(); + this.surface = getClientSurface(); + this.promptCount = 0; + this.promptCountAtLastCommit = 0; + return; + } // Future schema bumps land here. Treat absent `version` as 1 // (the schema in production at the time this field was added) so // existing on-disk snapshots restore cleanly. @@ -441,7 +466,14 @@ export class CommitAttributionService { } this.fileAttributions.clear(); - for (const [k, v] of Object.entries(snapshot.fileStates ?? {})) { + // Reject a corrupted `fileStates` (e.g. an array, a string, or + // null) before iterating: `Object.entries()` would happily + // produce `[index, value]` pairs and seed fileAttributions with + // numeric-string keys. + const fileStates = isPlainObject(snapshot.fileStates) + ? snapshot.fileStates + : {}; + for (const [k, v] of Object.entries(fileStates)) { // Re-canonicalise on restore so old snapshots (written before // recordEdit started running keys through realpath) end up // with the same shape as newly-recorded entries. If both the diff --git a/packages/core/src/tools/shell.test.ts b/packages/core/src/tools/shell.test.ts index b64587dc221..bbfe1004b59 100644 --- a/packages/core/src/tools/shell.test.ts +++ b/packages/core/src/tools/shell.test.ts @@ -1744,6 +1744,66 @@ describe('ShellTool', () => { ); }); + // `GIT_DIR=...` and friends redirect git's repo selection; a + // commit prefixed with one of these lands in a different repo + // than our cwd. Stamping the trailer onto it would corrupt a + // commit in a repo the user didn't expect us to touch. + it.each([ + ['GIT_DIR', 'GIT_DIR=/tmp/other/.git git commit -m "msg"'], + ['GIT_WORK_TREE', 'GIT_WORK_TREE=/tmp/other git commit -m "msg"'], + ['GIT_COMMON_DIR', 'GIT_COMMON_DIR=/tmp/other git commit -m "msg"'], + [ + 'GIT_INDEX_FILE', + 'GIT_INDEX_FILE=/tmp/other/index git commit -m "msg"', + ], + [ + 'env-wrapped GIT_DIR', + 'env GIT_DIR=/tmp/other/.git git commit -m "msg"', + ], + ])( + 'should NOT add co-author for repo-redirecting %s assignment', + async (_label, command) => { + const invocation = shellTool.build({ command, is_background: false }); + const promise = invocation.execute(mockAbortSignal); + resolveExecutionPromise({ + rawOutput: Buffer.from(''), + output: '', + exitCode: 0, + signal: null, + error: null, + aborted: false, + pid: 12345, + executionMethod: 'child_process', + }); + await promise; + const observed = mockShellExecutionService.mock.calls[0][0]; + expect(observed).not.toContain('Co-authored-by:'); + }, + ); + + // GIT_AUTHOR_DATE / GIT_COMMITTER_DATE / etc. tweak commit + // metadata but don't relocate the repo — attribution still + // applies as normal. + it('should still add co-author with benign GIT_COMMITTER_DATE assignment', async () => { + const command = + 'GIT_COMMITTER_DATE="2026-01-01T00:00:00Z" git commit -m "Test commit"'; + const invocation = shellTool.build({ command, is_background: false }); + const promise = invocation.execute(mockAbortSignal); + resolveExecutionPromise({ + rawOutput: Buffer.from(''), + output: '', + exitCode: 0, + signal: null, + error: null, + aborted: false, + pid: 12345, + executionMethod: 'child_process', + }); + await promise; + const observed = mockShellExecutionService.mock.calls[0][0]; + expect(observed).toContain('Co-authored-by:'); + }); + it('should NOT add co-author for cd .. && git commit (could escape repo)', async () => { const command = 'cd .. && git commit -m "Test commit"'; const invocation = shellTool.build({ command, is_background: false }); diff --git a/packages/core/src/tools/shell.ts b/packages/core/src/tools/shell.ts index fd87c6a36e2..94a48f91433 100644 --- a/packages/core/src/tools/shell.ts +++ b/packages/core/src/tools/shell.ts @@ -128,8 +128,16 @@ function tokeniseSegment(segment: string): string[] | null { return null; } let i = 0; - // Skip env-var assignments (KEY=value). - while (i < tokens.length && /^[A-Za-z_][A-Za-z0-9_]*=/.test(tokens[i]!)) { + // Skip env-var assignments (KEY=value). If the key is one of the + // git-repo-redirecting variables, refuse to tokenise the segment at + // all: `GIT_DIR=elsewhere/.git git commit ...` runs against another + // repository, so treating it as an in-cwd commit and stamping our + // attribution onto it would be wrong (and a `Co-authored-by` trailer + // would land on a commit in a repo the user didn't expect us to touch). + while (i < tokens.length) { + const key = leadingEnvAssignmentKey(tokens[i]!); + if (key === null) break; + if (GIT_ENV_SHIFTS_REPO.has(key)) return null; i++; } // Strip a single safe wrapper, then any leading flag tokens it @@ -162,11 +170,14 @@ function tokeniseSegment(segment: string): string[] | null { } } // `env` puts KEY=VALUE pairs between its flags and the real - // program, so skip those too. Doing this only after the wrapper - // detection (rather than universally) avoids accidentally - // consuming what the user actually wrote. + // program, so skip those too. Same git-repo-redirect bail as + // above applies — a `env GIT_DIR=elsewhere git commit` segment + // is non-attributable. if (wrapper === 'env') { - while (i < tokens.length && /^[A-Za-z_][A-Za-z0-9_]*=/.test(tokens[i]!)) { + while (i < tokens.length) { + const key = leadingEnvAssignmentKey(tokens[i]!); + if (key === null) break; + if (GIT_ENV_SHIFTS_REPO.has(key)) return null; i++; } } @@ -196,6 +207,39 @@ const SUDO_FLAGS_WITH_VALUE = new Set([ // next token and the parser would treat it as the program. const ENV_FLAGS_WITH_VALUE = new Set(['-u', '--unset', '-S', '--split-string']); +/** + * Environment variables that redirect git's repository selection. A + * leading `GIT_DIR=...`, `GIT_WORK_TREE=...`, etc. on a command makes + * the inner `git commit` operate on a different repo than our cwd + * suggests; treating it as an in-cwd commit would attach our + * `Co-authored-by` trailer (and per-file note) to the wrong + * repository. tokeniseSegment refuses to parse such segments so the + * caller skips them. + * + * Identity / date variables (`GIT_AUTHOR_*`, `GIT_COMMITTER_*`) are + * deliberately NOT in this set — they tweak the commit's metadata + * but don't move it to another repo, so attribution is still + * meaningful. + */ +const GIT_ENV_SHIFTS_REPO = new Set([ + 'GIT_DIR', + 'GIT_WORK_TREE', + 'GIT_COMMON_DIR', + 'GIT_INDEX_FILE', + 'GIT_NAMESPACE', +]); + +/** + * Match the `KEY=` prefix of a `KEY=value` token and return KEY, + * or null if the token isn't a leading env-var assignment. Centralised + * so the leading-env-strip and the env-wrapper KEY=VALUE strip share + * the same parsing. + */ +function leadingEnvAssignmentKey(token: string): string | null { + const m = /^([A-Za-z_][A-Za-z0-9_]*)=/.exec(token); + return m ? m[1]! : null; +} + /** * Walk a `git ...` token sequence past git's global flags * (`-c key=val`, `-C path`, `--no-pager`, `--git-dir`, `--work-tree`, From cc916b528e2bbf07aa6cc256eb8582d4bcaeba5b Mon Sep 17 00:00:00 2001 From: wenshao Date: Wed, 6 May 2026 20:47:43 +0800 Subject: [PATCH 46/64] docs(attribution): correct legacyTypes / EXCLUDED_DIRECTORY_SEGMENTS comments MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 9Ta_ (Copilot): the JSDoc on legacyTypes claimed JSON Schema's `type` keyword does not accept `'object'` — that's wrong; `'object'` IS a valid JSON Schema type. Reword to reflect the actual rationale: `'enum'` is not a valid JSON Schema `type` value at all (enum constraints use the `enum` keyword), and a bare `{type: 'object'}` would accept any object regardless of what the field's pre-expansion shape actually allowed. The narrowed `boolean | string | number | array` set is exactly what the one-liner generator can faithfully emit; richer legacy shapes belong in their own branch of convertSettingToJsonSchema. 9Tbs (Copilot): the comment in generatedFiles.ts referenced `EXCLUDED_DIRECTORIES`, but the constant is `EXCLUDED_DIRECTORY_SEGMENTS` (renamed during the segment-boundary refactor). Update the reference so a future maintainer scanning for the rule doesn't chase a non-existent identifier. --- packages/cli/src/config/settingsSchema.ts | 20 ++++++++++++-------- packages/core/src/services/generatedFiles.ts | 2 +- 2 files changed, 13 insertions(+), 9 deletions(-) diff --git a/packages/cli/src/config/settingsSchema.ts b/packages/cli/src/config/settingsSchema.ts index 5ff16b39704..f878d81575d 100644 --- a/packages/cli/src/config/settingsSchema.ts +++ b/packages/cli/src/config/settingsSchema.ts @@ -85,14 +85,18 @@ export interface SettingDefinition { * migration is still pending. Has no runtime effect — it's purely a * compatibility hint for editors. * - * Restricted to JSON-Schema primitive types: the schema generator emits - * `{ type: }` for each entry, and JSON Schema's `type` - * keyword does not accept `'enum'` or `'object'` as a literal value. - * Allowing the full SettingsType union here would let `legacyTypes: - * ['enum']` slip in and produce a syntactically invalid - * `settings.schema.json`. Future legacy shapes that need `enum` / - * complex object compatibility should land their own branch in - * `convertSettingToJsonSchema` instead of widening this set. + * Narrowed to the subset our generator can faithfully emit as a + * one-liner `{ type: }` schema fragment. `'enum'` is + * not a valid JSON Schema `type` value at all (enum constraints + * use the `enum` keyword, not `type: 'enum'`), so allowing it here + * would silently produce an invalid `settings.schema.json`. + * `'object'` IS a valid JSON Schema type, but a bare + * `{ type: 'object' }` legacy entry would accept ANY object value + * — most likely not what the field's pre-expansion shape actually + * permitted. Future legacy shapes that need `enum` / structured- + * object compatibility should land their own branch in + * `convertSettingToJsonSchema` (with proper `enum:` / `properties:` + * companions) instead of widening this set. */ legacyTypes?: ReadonlyArray<'boolean' | 'string' | 'number' | 'array'>; } diff --git a/packages/core/src/services/generatedFiles.ts b/packages/core/src/services/generatedFiles.ts index beb58790b99..a8b4a77603e 100644 --- a/packages/core/src/services/generatedFiles.ts +++ b/packages/core/src/services/generatedFiles.ts @@ -40,7 +40,7 @@ const EXCLUDED_FILENAMES = new Set([ // and treating every one as generated would silently drop AI edits // to those files. Auto-generated `.d.ts` (e.g. `tsc --declaration` // output) tends to live under `/dist/`, `/build/`, or `/out/`, -// which are already covered by `EXCLUDED_DIRECTORIES`. +// which are already covered by `EXCLUDED_DIRECTORY_SEGMENTS`. const EXCLUDED_EXTENSIONS = new Set([ '.min.js', '.min.css', From 56ecaea3c835f10345f5afd9da9938487615a596 Mon Sep 17 00:00:00 2001 From: wenshao Date: Wed, 6 May 2026 21:58:13 +0800 Subject: [PATCH 47/64] fix(attribution): SHA-pin git notes, on-disk hash divergence detection, env -C cwd-shift MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit tanzhenxin review #1 — Note targets symbolic HEAD, not captured SHA: buildGitNotesCommand hard-coded 'HEAD' as the target; postHead was captured at commit-detection time but only used for the !== preHead diff. Between that capture and the execFile, three more awaited git calls run — anything that moves HEAD in the same cwd (post-commit hook, chained `commit && tag -m`, parallel process) silently lands the note on the wrong commit because of `-f`. Thread postHead through buildGitNotesCommand as a required `targetCommit` arg. Test asserts the targeted SHA, not the symbolic ref. tanzhenxin review #2 — Accumulator has no baseline: recordEdit was monotonic per-path with no reset for out-of-band mutations. Re-instate FileAttribution.contentHash and: - recordEdit hashes the input `oldContent` and resets the per-file accumulator if it doesn't match what AI's last write recorded (catches paste-replace via external editor, manual save, etc. WHEN AI subsequently edits the same file again). - New validateOnDiskHashes() rehashes every tracked file's CURRENT on-disk content and drops entries whose hash diverged. Called from attachCommitAttribution before matchCommittedFiles so a commit can never credit AI for a human-only diff. Deleted files (readFileSync throws) are left alone — the commit's deletion record is what the note should reflect. tanzhenxin review #4 — Failed-commit / staleness leak: The recordEdit divergence check above + commit-time validateOnDiskHashes together catch tanzhenxin's exact scenario (AI edits a.ts → hook rejects → user manually edits a.ts → user commits → no AI credit because validateOnDiskHashes drops the stale entry). The !commitCreated branch still preserves attributions to keep the submodule case working — the staleness problem is now solved at the next commit's validation step. Self-review item — env -C / --chdir treated as repo-shifting: Added ENV_FLAGS_SHIFT_CWD set covering -C / --chdir. tokeniseSegment returns null for `env -C DIR git commit ...` segments — same contract as a leading GIT_DIR=... assignment. Without this we'd either misidentify /elsewhere as the program (silently dropping attribution) or, worse if -C went into the value-skip set, trailer-inject onto a commit that lands in /elsewhere's repo. Tests added alongside the existing GIT_DIR repo-shift cases. 339 tests pass; typecheck clean. --- .../src/services/attributionTrailer.test.ts | 24 +++-- .../core/src/services/attributionTrailer.ts | 16 +++- .../src/services/commitAttribution.test.ts | 94 ++++++++++++++++++- .../core/src/services/commitAttribution.ts | 93 ++++++++++++++++-- packages/core/src/tools/shell.test.ts | 5 + packages/core/src/tools/shell.ts | 37 +++++++- 6 files changed, 244 insertions(+), 25 deletions(-) diff --git a/packages/core/src/services/attributionTrailer.test.ts b/packages/core/src/services/attributionTrailer.test.ts index 64dfafb36cb..9c404585c1c 100644 --- a/packages/core/src/services/attributionTrailer.test.ts +++ b/packages/core/src/services/attributionTrailer.test.ts @@ -34,8 +34,10 @@ const sampleNote: CommitAttributionNote = { describe('attributionTrailer', () => { describe('buildGitNotesCommand', () => { + const TARGET_SHA = 'abc1234567890abcdef1234567890abcdef12345'; + it('should build a valid git notes invocation', () => { - const cmd = buildGitNotesCommand(sampleNote); + const cmd = buildGitNotesCommand(sampleNote, TARGET_SHA); expect(cmd).not.toBeNull(); expect(cmd!.command).toBe('git'); expect(cmd!.args.slice(0, 6)).toEqual([ @@ -47,16 +49,20 @@ describe('attributionTrailer', () => { // index 5 is the JSON note payload, asserted below cmd!.args[5], ]); - expect(cmd!.args.at(-1)).toBe('HEAD'); + // Note must target the captured SHA, not the symbolic `HEAD` — + // otherwise a post-commit hook or chained command can move HEAD + // between capture and exec, and `-f` lands the note on the + // wrong commit. + expect(cmd!.args.at(-1)).toBe(TARGET_SHA); }); it('should pass the JSON note as a single argv entry (no shell quoting)', () => { // The `-f` flag is at args[3]; the note JSON sits at args[5] between - // `-m` and `HEAD`. Returning argv (rather than a shell-quoted command - // string) keeps the payload off the shell parser entirely so quotes, - // command substitution, and platform-specific escaping cannot break - // it on cmd.exe / PowerShell. - const cmd = buildGitNotesCommand(sampleNote)!; + // `-m` and the target commit. Returning argv (rather than a + // shell-quoted command string) keeps the payload off the shell + // parser entirely so quotes, command substitution, and + // platform-specific escaping cannot break it on cmd.exe / PowerShell. + const cmd = buildGitNotesCommand(sampleNote, TARGET_SHA)!; const noteArg = cmd.args[5]!; const parsed = JSON.parse(noteArg); expect(parsed.version).toBe(1); @@ -76,7 +82,7 @@ describe('attributionTrailer', () => { `src/very/long/path/to/some/deeply/nested/file_${i}.ts` ] = { aiChars: 999999, humanChars: 999999, percent: 50 }; } - expect(buildGitNotesCommand(hugeNote)).toBeNull(); + expect(buildGitNotesCommand(hugeNote, TARGET_SHA)).toBeNull(); }); it('should leave single quotes literal in the argv payload', () => { @@ -89,7 +95,7 @@ describe('attributionTrailer', () => { "it's-a-file.ts": { aiChars: 10, humanChars: 5, percent: 67 }, }, }; - const cmd = buildGitNotesCommand(noteWithQuotes); + const cmd = buildGitNotesCommand(noteWithQuotes, TARGET_SHA); expect(cmd).not.toBeNull(); const parsed = JSON.parse(cmd!.args[5]!); expect(parsed.files["it's-a-file.ts"].percent).toBe(67); diff --git a/packages/core/src/services/attributionTrailer.ts b/packages/core/src/services/attributionTrailer.ts index a600c3a182e..05686753935 100644 --- a/packages/core/src/services/attributionTrailer.ts +++ b/packages/core/src/services/attributionTrailer.ts @@ -44,14 +44,22 @@ export interface GitNotesCommand { } /** - * Build the git notes add invocation to attach attribution metadata to the - * most recent commit. Caller should pass the result to a process-spawning - * API (`child_process.execFile`) along with a `cwd` option. + * Build the git notes add invocation to attach attribution metadata to a + * specific commit. `targetCommit` MUST be the SHA the caller captured + * after detecting the commit's HEAD movement — passing the symbolic + * `'HEAD'` opens a TOCTOU window where a post-commit hook, a chained + * `git commit && git tag -m ...`, or a parallel process can advance + * HEAD between capture and exec, and `-f` would silently overwrite the + * note on the wrong commit. + * + * Caller should pass the result to a process-spawning API + * (`child_process.execFile`) along with a `cwd` option. * * Returns null if the serialized note exceeds MAX_NOTE_BYTES. */ export function buildGitNotesCommand( note: CommitAttributionNote, + targetCommit: string, ): GitNotesCommand | null { const noteJson = JSON.stringify(note); if (Buffer.byteLength(noteJson, 'utf-8') > MAX_NOTE_BYTES) { @@ -66,7 +74,7 @@ export function buildGitNotesCommand( '-f', '-m', noteJson, - 'HEAD', + targetCommit, ], }; } diff --git a/packages/core/src/services/commitAttribution.test.ts b/packages/core/src/services/commitAttribution.test.ts index 7b5e83b3902..38f37d8d374 100644 --- a/packages/core/src/services/commitAttribution.test.ts +++ b/packages/core/src/services/commitAttribution.test.ts @@ -16,6 +16,8 @@ vi.mock('node:fs', async () => { }); import * as fs from 'node:fs'; +import * as os from 'node:os'; +import * as path from 'node:path'; import { CommitAttributionService, computeCharContribution, @@ -112,6 +114,93 @@ describe('CommitAttributionService', () => { expect(service.getFileAttribution('/project/f.ts')!.aiContribution).toBe(6); }); + // Out-of-band mutation detection: if the input `oldContent` doesn't + // match the contentHash AI recorded after its previous edit, the + // file was changed externally between AI's two writes — drop the + // accumulator before counting the new edit so prior AI work the + // user has since overwritten doesn't get credited later. + it('should reset accumulator when oldContent diverges from AI last write', () => { + const service = CommitAttributionService.getInstance(); + // First AI edit: file goes from 'abc' to 'AI block of 100 chars padded' (28 chars). + const aiBlock = 'AI block of 100 chars padded'; + service.recordEdit('/project/f.ts', 'abc', aiBlock); + const after1 = service.getFileAttribution('/project/f.ts')!; + expect(after1.aiContribution).toBeGreaterThan(0); + + // Now a DIFFERENT oldContent shows up — the user paste-replaced + // the file via an external editor in between. AI's recordEdit + // should reset the counter before applying the new contribution. + service.recordEdit('/project/f.ts', 'user paste replacement', 'final'); + const after2 = service.getFileAttribution('/project/f.ts')!; + // aiContribution is now bounded by the divergent edit alone, NOT + // accumulated on top of after1.aiContribution. + expect(after2.aiContribution).toBeLessThan(after1.aiContribution); + }); + + it('should NOT reset accumulator when oldContent matches AI last write', () => { + const service = CommitAttributionService.getInstance(); + service.recordEdit('/project/f.ts', 'abc', 'AI step one'); + const after1 = service.getFileAttribution('/project/f.ts')!; + // Second AI edit picks up where the first left off — oldContent + // matches the post-first hash, so accumulation continues. + service.recordEdit('/project/f.ts', 'AI step one', 'AI step two final'); + const after2 = service.getFileAttribution('/project/f.ts')!; + expect(after2.aiContribution).toBeGreaterThan(after1.aiContribution); + }); + + // validateOnDiskHashes runs at commit time and drops entries whose + // current on-disk hash doesn't match what AI recorded — catches + // user edits that happened entirely outside the Edit/Write tools + // (no recordEdit was called, so the input-hash check above couldn't + // see the divergence). + describe('validateOnDiskHashes', () => { + let tmpDir: string; + beforeEach(() => { + // Real fs (not mocked) — we want validateOnDiskHashes to + // actually read the disk we wrote to. + tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), 'attr-validate-')); + }); + afterEach(() => { + fs.rmSync(tmpDir, { recursive: true, force: true }); + }); + + it('drops entries whose on-disk content has diverged', () => { + const service = CommitAttributionService.getInstance(); + const filePath = path.join(tmpDir, 'diverged.ts'); + fs.writeFileSync(filePath, 'AI wrote this', 'utf-8'); + service.recordEdit(filePath, null, 'AI wrote this'); + expect(service.getFileAttribution(filePath)).toBeDefined(); + + // User overwrites the file outside the Edit/Write tools. + fs.writeFileSync(filePath, 'human replaced this', 'utf-8'); + + service.validateOnDiskHashes(); + expect(service.getFileAttribution(filePath)).toBeUndefined(); + }); + + it('keeps entries whose on-disk content matches', () => { + const service = CommitAttributionService.getInstance(); + const filePath = path.join(tmpDir, 'unchanged.ts'); + fs.writeFileSync(filePath, 'AI wrote this', 'utf-8'); + service.recordEdit(filePath, null, 'AI wrote this'); + service.validateOnDiskHashes(); + expect(service.getFileAttribution(filePath)).toBeDefined(); + }); + + it('keeps entries for files that no longer exist on disk', () => { + const service = CommitAttributionService.getInstance(); + const filePath = path.join(tmpDir, 'deleted.ts'); + fs.writeFileSync(filePath, 'will be deleted', 'utf-8'); + service.recordEdit(filePath, null, 'will be deleted'); + fs.unlinkSync(filePath); + // Deleted file: leave the attribution alone — the commit's + // deletion record is what the note will reflect, and a missing + // file isn't a divergence signal. + service.validateOnDiskHashes(); + expect(service.getFileAttribution(filePath)).toBeDefined(); + }); + }); + it('should save session baseline on first edit', () => { const service = CommitAttributionService.getInstance(); service.recordEdit('/project/f.ts', 'original content', 'new content'); @@ -367,6 +456,7 @@ describe('CommitAttributionService', () => { '/var/repo/src/legacy.ts': { aiContribution: 99, aiCreated: false, + contentHash: '', }, }, promptCount: 0, @@ -395,10 +485,12 @@ describe('CommitAttributionService', () => { '/var/repo/src/dup.ts': { aiContribution: 30, aiCreated: false, + contentHash: 'old', }, '/private/var/repo/src/dup.ts': { aiContribution: 70, aiCreated: true, + contentHash: 'new', }, }, promptCount: 0, @@ -505,7 +597,7 @@ describe('CommitAttributionService', () => { surface: 'cli', fileStates: badFileStates as unknown as Record< string, - { aiContribution: number; aiCreated: boolean } + { aiContribution: number; aiCreated: boolean; contentHash: string } >, promptCount: 0, promptCountAtLastCommit: 0, diff --git a/packages/core/src/services/commitAttribution.ts b/packages/core/src/services/commitAttribution.ts index c89b45cbfc7..c53a9f85df2 100644 --- a/packages/core/src/services/commitAttribution.ts +++ b/packages/core/src/services/commitAttribution.ts @@ -20,10 +20,15 @@ * - Generated file exclusion */ +import { createHash } from 'node:crypto'; import * as fs from 'node:fs'; import * as path from 'node:path'; import { isGeneratedFile } from './generatedFiles.js'; +function computeContentHash(content: string): string { + return createHash('sha256').update(content).digest('hex'); +} + /** * Resolve symlinks on a path. On macOS in particular, `/var` is a * symlink to `/private/var`, so an absolute path captured via @@ -50,6 +55,17 @@ export interface FileAttribution { aiContribution: number; /** Whether the file was created by AI */ aiCreated: boolean; + /** + * SHA-256 of the file content immediately after AI's last write. Used + * to detect out-of-band mutation (paste-replace via external editor, + * `rm` + recreate, manual save) so AI's accumulated counter doesn't + * silently get credited to subsequent human edits. recordEdit checks + * this on every call (resets when the input `oldContent` doesn't + * match), and `validateOnDiskHashes` re-verifies before a commit + * note is generated to catch user edits that happened entirely + * outside the Edit/Write tools. + */ + contentHash: string; } /** Per-file attribution detail in the git notes payload. */ @@ -173,6 +189,7 @@ function sanitiseAttribution(v: unknown): FileAttribution { return { aiContribution: sanitiseCount(obj.aiContribution), aiCreated: typeof obj.aiCreated === 'boolean' ? obj.aiCreated : false, + contentHash: typeof obj.contentHash === 'string' ? obj.contentHash : '', }; } @@ -228,6 +245,14 @@ export class CommitAttributionService { * as a key, so symlinked paths (e.g. `/var/...` ↔ `/private/var/...` * on macOS) collapse to the same entry instead of silently producing * two parallel records. + * + * Divergence detection: if a tracked entry's recorded `contentHash` + * doesn't match the hash of the `oldContent` we received here, the + * file was changed out-of-band between AI's last write and this + * call (paste-replace via external editor, `git checkout`, manual + * save, ...). Reset `aiContribution` and `aiCreated` to 0/false + * before applying the new edit so prior AI work that the user + * since overwrote isn't credited to the next commit. */ recordEdit( filePath: string, @@ -236,20 +261,62 @@ export class CommitAttributionService { ): void { const key = realpathOrSelf(filePath); - const existing = this.fileAttributions.get(key) || { - aiContribution: 0, - aiCreated: false, - }; - + const existing = this.fileAttributions.get(key); const isNewFile = oldContent === null; - const contribution = computeCharContribution(oldContent ?? '', newContent); - existing.aiContribution += contribution; - if (isNewFile && !existing.aiCreated) { - existing.aiCreated = true; + let aiContribution = existing?.aiContribution ?? 0; + let aiCreated = existing?.aiCreated ?? false; + + // If we have a prior tracked state for this file AND the input + // `oldContent` we're being told about doesn't match the hash we + // recorded after AI's last write, the file diverged out-of-band. + // Drop the accumulated counters before applying the new edit. + if (existing && oldContent !== null) { + const oldHash = computeContentHash(oldContent); + if (existing.contentHash !== oldHash) { + aiContribution = 0; + aiCreated = false; + } } - this.fileAttributions.set(key, existing); + const contribution = computeCharContribution(oldContent ?? '', newContent); + aiContribution += contribution; + if (isNewFile) aiCreated = true; + + this.fileAttributions.set(key, { + aiContribution, + aiCreated, + contentHash: computeContentHash(newContent), + }); + } + + /** + * Re-hash each tracked file's CURRENT on-disk content and drop + * entries whose hash doesn't match what AI's last write recorded. + * Catches the cases recordEdit's input-hash check can't see — i.e. + * the user (or another tool) modified the file entirely outside + * the Edit/Write tools, then committed it. Without this, the AI's + * stale aiContribution would attach to the human-only diff at + * commit time and credit AI for human work. + * + * Called immediately before generateNotePayload in the + * commit-attribution path. Files that no longer exist on disk + * (deletion) are left alone — the commit's deletion record is + * what the note should reflect, and reading them would just throw. + */ + validateOnDiskHashes(): void { + for (const [key, attr] of this.fileAttributions) { + let current: string; + try { + current = fs.readFileSync(key, 'utf-8'); + } catch { + // File doesn't exist (deletion) or isn't readable — skip. + continue; + } + if (computeContentHash(current) !== attr.contentHash) { + this.fileAttributions.delete(key); + } + } } // ----------------------------------------------------------------------- @@ -487,9 +554,15 @@ export class CommitAttributionService { const incoming = sanitiseAttribution(v); const existing = this.fileAttributions.get(canonicalKey); if (existing) { + // Sum aiContribution and OR aiCreated. Pick the + // most-recently-recorded contentHash (incoming wins) so + // post-restore divergence checks compare against the freshest + // hash; an old form's stale hash would force unnecessary + // resets on the next recordEdit. this.fileAttributions.set(canonicalKey, { aiContribution: existing.aiContribution + incoming.aiContribution, aiCreated: existing.aiCreated || incoming.aiCreated, + contentHash: incoming.contentHash || existing.contentHash, }); } else { this.fileAttributions.set(canonicalKey, incoming); diff --git a/packages/core/src/tools/shell.test.ts b/packages/core/src/tools/shell.test.ts index bbfe1004b59..d51082e5e22 100644 --- a/packages/core/src/tools/shell.test.ts +++ b/packages/core/src/tools/shell.test.ts @@ -1760,6 +1760,11 @@ describe('ShellTool', () => { 'env-wrapped GIT_DIR', 'env GIT_DIR=/tmp/other/.git git commit -m "msg"', ], + // GNU coreutils 8.30+'s `env -C DIR` / `--chdir` relocates + // the working directory before exec — same repo-shifting + // contract as `cd /elsewhere && git commit`. + ['env -C', 'env -C /tmp/other git commit -m "msg"'], + ['env --chdir', 'env --chdir /tmp/other git commit -m "msg"'], ])( 'should NOT add co-author for repo-redirecting %s assignment', async (_label, command) => { diff --git a/packages/core/src/tools/shell.ts b/packages/core/src/tools/shell.ts index 94a48f91433..81f21809ddf 100644 --- a/packages/core/src/tools/shell.ts +++ b/packages/core/src/tools/shell.ts @@ -156,6 +156,14 @@ function tokeniseSegment(segment: string): string[] | null { while (i < tokens.length && tokens[i]!.startsWith('-')) { const flag = tokens[i]!; i++; + // `env -C DIR` / `env --chdir DIR` relocates the working + // directory before exec. Treat the segment as repo-shifting + // (same contract as a leading `GIT_DIR=...` assignment) so + // we don't stamp our trailer onto a commit that landed in a + // different repository. + if (wrapper === 'env' && ENV_FLAGS_SHIFT_CWD.has(flag)) { + return null; + } // Value-taking flag tables, per wrapper: `sudo -u user`, // `env -u NAME` (unset), `env -S string` (split-string args). // `command` has no value-taking options in this allowlist. @@ -207,6 +215,16 @@ const SUDO_FLAGS_WITH_VALUE = new Set([ // next token and the parser would treat it as the program. const ENV_FLAGS_WITH_VALUE = new Set(['-u', '--unset', '-S', '--split-string']); +// `env`'s flags that relocate the working directory (and therefore +// the implicit repository) before exec — GNU coreutils 8.30+'s +// `-C DIR` / `--chdir DIR`. A `git commit` inside such an env wrapper +// runs against whatever repo lives at DIR, NOT our cwd, so we must +// refuse the segment outright the same way `cd /elsewhere && git +// commit` is refused. Returning null from tokeniseSegment makes the +// segment non-attributable, which suppresses both trailer injection +// and the per-file note. +const ENV_FLAGS_SHIFT_CWD = new Set(['-C', '--chdir']); + /** * Environment variables that redirect git's repository selection. A * leading `GIT_DIR=...`, `GIT_WORK_TREE=...`, etc. on a command makes @@ -2033,6 +2051,17 @@ export class ShellToolInvocation extends BaseToolInvocation< } catch { canonicalBase = baseDir; } + + // Drop tracked entries whose on-disk content has diverged from + // what AI's last write recorded — catches the case where the + // user paste-replaced via an external editor, ran `git checkout`, + // or otherwise modified the file outside the Edit/Write tools. + // Without this, the AI's stale aiContribution would attach to + // the human-only diff at commit time and credit AI for the human + // work. Run this BEFORE matchCommittedFiles so the dropped + // entries are also out of the per-file payload. + attributionService.validateOnDiskHashes(); + committedAbsolutePaths = attributionService.matchCommittedFiles( stagedInfo.files, canonicalBase, @@ -2065,7 +2094,13 @@ export class ShellToolInvocation extends BaseToolInvocation< baseDir, this.config.getModel(), ); - const notesCommand = buildGitNotesCommand(note); + // Pin the note to the SHA we captured at commit-detection time + // (`postHead`) rather than the symbolic `HEAD`. A post-commit + // hook, chained `git commit && git tag -m ...`, or parallel + // process can advance HEAD between that capture and this + // execFile — without the SHA pin, `-f` would silently land the + // note on the wrong commit. + const notesCommand = buildGitNotesCommand(note, postHead); if (!notesCommand) { debugLogger.warn( From 6ae266f52fc41248de30b777f67264651ba687e7 Mon Sep 17 00:00:00 2001 From: wenshao Date: Wed, 6 May 2026 22:09:38 +0800 Subject: [PATCH 48/64] fix(attribution): pickBool intent-aware, shouldClear gate, ETIMEDOUT surface, drop dead exports MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit -wgA + -wg0 (deepseek): pickBool defaulted non-boolean to true, turning a hand-edited `{ commit: "false" }` into enabled attribution. Replace with intent-aware parsing: "true"/"yes"/"on"/ "1" → true, "false"/"no"/"off"/"0"/"" → false, anything else (unknown strings, non-1 numbers, objects, arrays, null) → false. Genuinely-absent sub-fields still default to true (schema default). Migration test scenarios covered. Tests now cover ~17 input cases across both string/number/null/object/unknown forms. -wgq (deepseek): when buildGitNotesCommand returned null (oversized payload) or git notes itself failed, the finally block called clearAttributedFiles(committedAbsolutePaths) — irreversibly deleting per-file attribution data the user might need to amend & retry. Introduce a separate `shouldClear` set that's only assigned on successful note write OR explicit toggle-off. Failure paths (oversized, exitCode != 0, exception, analysis failure) leave shouldClear null so the finally block calls noteCommitWithoutClearing instead — preserving per-file state for the user's recovery. 9p7W (Copilot): execFile callback coerced ETIMEDOUT / SIGTERM (timeout) into a generic exitCode=1 warning. Detect both `error.code === 'ETIMEDOUT'` and `error.killed === true && error.signal === 'SIGTERM'` so the user-visible warning correctly names "timed out after 5s" instead of "exited 1". -wg7 (deepseek): formatAttributionSummary and getAttributionNotesRef were exported but had zero production callers (only tests). Remove the dead exports + their tests (~40 LOC). If/when a logging surface needs them, they can be re-introduced. -wgb (deepseek): tokeniseSegment doesn't recursively unwrap `bash -c '...'` / `sh -c` / `zsh -c`, so addCoAuthorToGitCommit won't splice the trailer into a wrapped command. The background refusal AND the post-commit note path DO catch the wrapped commit because stripShellWrapper at the top of execute peels the wrapper before gitCommitContext / getGitHead run — so the worst-case ("background bash -c 'git commit' bypasses the guard") doesn't materialize. The remaining gap (no Co-authored-by trailer for bash -c-wrapped commits) requires recursively splicing into the inner script with proper bash single-quote re-quoting; significant enough that it's worth its own PR. Documented as a partial-coverage limitation. 339 → 325 tests pass after the dead-export removal; typecheck clean. --- packages/core/src/config/config.test.ts | 49 ++++++++-- packages/core/src/config/config.ts | 35 +++++-- .../src/services/attributionTrailer.test.ts | 25 +---- .../core/src/services/attributionTrailer.ts | 34 ------- packages/core/src/tools/shell.ts | 92 ++++++++++++++----- 5 files changed, 137 insertions(+), 98 deletions(-) diff --git a/packages/core/src/config/config.test.ts b/packages/core/src/config/config.test.ts index 914a3c7acba..203fe1274ea 100644 --- a/packages/core/src/config/config.test.ts +++ b/packages/core/src/config/config.test.ts @@ -1061,18 +1061,38 @@ describe('Server Config (config.ts)', () => { }, ); - // settings.json is hand-editable; without per-field type checks - // a stored `{ commit: "false" }` would reach runtime as a truthy - // string and behave as if attribution were enabled. Coerce - // anything non-boolean to the schema default (true) so a - // misspelled setting can't quietly invert the user's intent. + // settings.json is hand-editable; without intent-aware string + // parsing a hand-edited `{ commit: "false" }` would silently + // inflate to `commit: true` (the previous "default-to-true on + // mismatch" policy). Honor common string disable-intent forms + // and fall through to disabled on genuinely unrecognisable + // input — safer-by-default than turning attribution on against + // the user's clear opt-out. it.each([ - ['string "false"', 'false', true], + // Disable-intent strings. + ['string "false"', 'false', false], + ['string "FALSE"', 'FALSE', false], + ['string "no"', 'no', false], + ['string "off"', 'off', false], + ['string "0"', '0', false], + ['empty string', '', false], + // Enable-intent strings. ['string "true"', 'true', true], - ['number 0', 0, true], - ['null', null, true], + ['string "yes"', 'yes', true], + ['string "on"', 'on', true], + ['string "1"', '1', true], + // Numbers. + ['number 1', 1, true], + ['number 0', 0, false], + ['number 42', 42, false], + // Other types fall through to disabled. + ['null', null, false], + ['object', {}, false], + ['array', [], false], + // Unknown strings → disabled (don't quietly enable). + ['unknown string', 'maybe', false], ])( - 'coerces non-boolean field (%s) to the schema default true', + 'parses %s as %s for both commit and pr', (_label, badValue, expected) => { const config = new Config({ ...baseParams, @@ -1086,6 +1106,17 @@ describe('Server Config (config.ts)', () => { expect(settings.pr).toBe(expected); }, ); + + // A genuinely-absent sub-field still defaults to true (schema default). + it('defaults absent commit/pr to true', () => { + const config = new Config({ + ...baseParams, + gitCoAuthor: {} as { commit?: boolean; pr?: boolean }, + }); + const settings = config.getGitCoAuthor(); + expect(settings.commit).toBe(true); + expect(settings.pr).toBe(true); + }); }); describe('Telemetry Settings', () => { diff --git a/packages/core/src/config/config.ts b/packages/core/src/config/config.ts index be2c38acdfc..cecfc897b3a 100644 --- a/packages/core/src/config/config.ts +++ b/packages/core/src/config/config.ts @@ -260,14 +260,33 @@ function normalizeGitCoAuthor(value: GitCoAuthorParam | undefined): { if (typeof value === 'boolean') { return { commit: value, pr: value }; } - // Defensive type-check on each sub-field. settings.json is - // user-editable (and the schema validator only runs in IDEs that - // load the bundled JSON schema) so a hand-edited - // `{ "commit": "false" }` would otherwise reach runtime as a - // truthy string and behave as if attribution were enabled. Coerce - // anything non-boolean to the schema default (true) so the user - // doesn't get surprise-on by a misspelled setting. - const pickBool = (v: unknown): boolean => (typeof v === 'boolean' ? v : true); + // Default to `true` (the schema default) ONLY when the sub-field + // is genuinely absent. For PRESENT-but-non-boolean values, honor + // common string forms (`"true"`/`"yes"`/`"on"`/`"1"` → true, + // `"false"`/`"no"`/`"off"`/`"0"`/`""` → false) and treat anything + // else as opt-out. settings.json is user-editable, and the previous + // "default-to-true on mismatch" policy meant a hand-edited + // `{ "commit": "false" }` silently activated attribution against + // the user's clear intent. Safer-by-default: ambiguous values + // disable rather than enable. + const pickBool = (v: unknown): boolean => { + if (v === undefined) return true; + if (typeof v === 'boolean') return v; + if (typeof v === 'string') { + const lowered = v.trim().toLowerCase(); + if ( + lowered === 'true' || + lowered === 'yes' || + lowered === 'on' || + lowered === '1' + ) { + return true; + } + return false; + } + if (typeof v === 'number') return v === 1; + return false; + }; return { commit: pickBool(value?.commit), pr: pickBool(value?.pr), diff --git a/packages/core/src/services/attributionTrailer.test.ts b/packages/core/src/services/attributionTrailer.test.ts index 9c404585c1c..4e02af600bf 100644 --- a/packages/core/src/services/attributionTrailer.test.ts +++ b/packages/core/src/services/attributionTrailer.test.ts @@ -5,11 +5,7 @@ */ import { describe, it, expect } from 'vitest'; -import { - buildGitNotesCommand, - formatAttributionSummary, - getAttributionNotesRef, -} from './attributionTrailer.js'; +import { buildGitNotesCommand } from './attributionTrailer.js'; import type { CommitAttributionNote } from './commitAttribution.js'; const sampleNote: CommitAttributionNote = { @@ -101,23 +97,4 @@ describe('attributionTrailer', () => { expect(parsed.files["it's-a-file.ts"].percent).toBe(67); }); }); - - describe('formatAttributionSummary', () => { - it('should format a human-readable summary', () => { - const summary = formatAttributionSummary(sampleNote); - expect(summary).toContain('38% AI'); - expect(summary).toContain('2 file(s)'); - expect(summary).toContain('AI chars: 150'); - expect(summary).toContain('Human chars: 250'); - expect(summary).toContain('src/main.ts'); - expect(summary).toContain('75% AI'); - expect(summary).toContain('Excluded generated: 1 file(s)'); - }); - }); - - describe('getAttributionNotesRef', () => { - it('should return the expected ref', () => { - expect(getAttributionNotesRef()).toBe('refs/notes/ai-attribution'); - }); - }); }); diff --git a/packages/core/src/services/attributionTrailer.ts b/packages/core/src/services/attributionTrailer.ts index 05686753935..fe17330af4e 100644 --- a/packages/core/src/services/attributionTrailer.ts +++ b/packages/core/src/services/attributionTrailer.ts @@ -78,37 +78,3 @@ export function buildGitNotesCommand( ], }; } - -/** - * Format a human-readable summary of the attribution for logging/display. - */ -export function formatAttributionSummary(note: CommitAttributionNote): string { - const lines: string[] = []; - lines.push( - `AI Attribution: ${note.summary.aiPercent}% AI, ${note.summary.totalFilesTouched} file(s)`, - ); - lines.push( - ` AI chars: ${note.summary.aiChars}, Human chars: ${note.summary.humanChars}`, - ); - - for (const [filePath, data] of Object.entries(note.files)) { - const shortPath = - filePath.length > 60 ? '...' + filePath.slice(-57) : filePath; - lines.push( - ` ${shortPath}: ${data.percent}% AI (+${data.aiChars}/${data.humanChars}h)`, - ); - } - - if (note.excludedGeneratedCount > 0) { - lines.push(` Excluded generated: ${note.excludedGeneratedCount} file(s)`); - } - - return lines.join('\n'); -} - -/** - * Get the git notes ref used for AI attribution. - */ -export function getAttributionNotesRef(): string { - return GIT_NOTES_REF; -} diff --git a/packages/core/src/tools/shell.ts b/packages/core/src/tools/shell.ts index 81f21809ddf..671559ab658 100644 --- a/packages/core/src/tools/shell.ts +++ b/packages/core/src/tools/shell.ts @@ -1997,6 +1997,14 @@ export class ShellToolInvocation extends BaseToolInvocation< } let committedAbsolutePaths: Set | null = null; + // Separate from `committedAbsolutePaths` so a failed note write + // (oversized payload, `git notes` non-zero exit, exception) does + // NOT also delete the per-file attribution data the user might + // need to amend & retry. `shouldClear` flips to the partial-clear + // set only on (a) note-write success, or (b) attribution toggle + // OFF — both cases where the file is genuinely "done" from the + // attribution path's POV. + let shouldClear: Set | null = null; let warning: string | null = null; try { // Analyze the just-committed files by diffing HEAD against its parent. @@ -2086,7 +2094,11 @@ export class ShellToolInvocation extends BaseToolInvocation< // earlier (already-committed) AI edits to the new commit. const gitCoAuthorSettings = this.config.getGitCoAuthor(); if (!gitCoAuthorSettings.commit) { - return null; // finally block does the partial clear + // Toggle-off but the commit landed — partial-clear the files + // that just landed so re-enabling later doesn't re-attribute + // earlier (already-committed) AI edits to a future commit. + shouldClear = committedAbsolutePaths; + return null; } const note = attributionService.generateNotePayload( @@ -2110,6 +2122,9 @@ export class ShellToolInvocation extends BaseToolInvocation< 'AI attribution note skipped: payload exceeded the 30 KB ' + 'size cap (large generated-file exclusion list?). ' + 'Co-authored-by trailer is unaffected.'; + // Leave per-file state intact: the user might `git commit + // --amend` after pruning excluded paths, and partial-clearing + // here would erase the data they'd need to retry. return warning; } @@ -2118,9 +2133,10 @@ export class ShellToolInvocation extends BaseToolInvocation< // Windows where the bash-style escape used previously is invalid // for cmd.exe / PowerShell. 5s timeout keeps a wedged repo from // stalling the user-visible turn. - const { exitCode, output } = await new Promise<{ + const { exitCode, output, timedOut } = await new Promise<{ exitCode: number | null; output: string; + timedOut: boolean; }>((resolve) => { const child = childProcess.execFile( notesCommand.command, @@ -2129,13 +2145,29 @@ export class ShellToolInvocation extends BaseToolInvocation< (error, stdout, stderr) => { const merged = (stdout || '') + (stderr || ''); if (error) { + // execFile signals timeout via either `error.killed === true` + // + `error.signal === 'SIGTERM'` (default kill), or + // `error.code === 'ETIMEDOUT'` on some platforms. Detect + // both so the caller's warning can name the actual cause + // ("timed out") instead of mislabeling it as exit-code 1. + const errno = error as NodeJS.ErrnoException & { + killed?: boolean; + signal?: string | null; + }; + const isTimeout = + errno.code === 'ETIMEDOUT' || + (errno.killed === true && errno.signal === 'SIGTERM'); const code = - typeof (error as NodeJS.ErrnoException).code === 'number' - ? ((error as NodeJS.ErrnoException).code as unknown as number) + typeof errno.code === 'number' + ? (errno.code as unknown as number) : null; - resolve({ exitCode: code ?? 1, output: merged }); + resolve({ + exitCode: code ?? 1, + output: merged, + timedOut: isTimeout, + }); } else { - resolve({ exitCode: 0, output: merged }); + resolve({ exitCode: 0, output: merged, timedOut: false }); } }, ); @@ -2143,15 +2175,30 @@ export class ShellToolInvocation extends BaseToolInvocation< }); if (exitCode !== 0) { - debugLogger.warn(`git notes exited with code ${exitCode}: ${output}`); - warning = - `AI attribution note skipped: \`git notes add\` exited ${exitCode}` + - (output ? ` (${output.trim().slice(0, 120)})` : '') + - '. Co-authored-by trailer is unaffected.'; + if (timedOut) { + debugLogger.warn(`git notes timed out after 5s: ${output}`); + warning = + 'AI attribution note skipped: `git notes add` timed out ' + + 'after 5s' + + (output ? ` (${output.trim().slice(0, 120)})` : '') + + '. Co-authored-by trailer is unaffected.'; + } else { + debugLogger.warn(`git notes exited with code ${exitCode}: ${output}`); + warning = + `AI attribution note skipped: \`git notes add\` exited ${exitCode}` + + (output ? ` (${output.trim().slice(0, 120)})` : '') + + '. Co-authored-by trailer is unaffected.'; + } + // Note didn't land — leave per-file state intact so the user + // can amend the commit (or manually run `git notes add`) + // without losing attribution data they'd need to reproduce. } else { debugLogger.debug( `Attached AI attribution note: ${note.summary.aiPercent}% AI, ${note.summary.totalFilesTouched} file(s)`, ); + // Successful note write — partial-clear the just-committed + // files so a later commit doesn't re-attribute them. + shouldClear = committedAbsolutePaths; } } catch (err) { debugLogger.warn( @@ -2161,18 +2208,17 @@ export class ShellToolInvocation extends BaseToolInvocation< `AI attribution note skipped: ${getErrorMessage(err)}. ` + 'Co-authored-by trailer is unaffected.'; } finally { - // Partial clear: only drop tracking for the files that actually - // landed in this commit. Files the AI edited but the user - // omitted from `git add` stay pending for a later commit. - // If we never determined the committed set (analysis failure: - // shallow clone, --amend without reflog, partial diff failure, - // exception), DO NOT wholesale-clear: that would erase pending - // AI edits for files the user never staged in this commit. The - // small risk is stale per-file state for the just-committed - // file (re-attributed if it appears in a future commit) — much - // less harmful than losing unrelated unstaged work. - if (committedAbsolutePaths) { - attributionService.clearAttributedFiles(committedAbsolutePaths); + // Partial clear: only drop tracking for files that landed in + // this commit AND the note write actually succeeded (or the + // user disabled the toggle). `shouldClear` stays null when the + // note was skipped (oversized payload, non-zero exit, exception) + // so the user can amend & retry without their per-file + // attribution being silently destroyed first. When `shouldClear` + // is null, just snapshot the prompt counter — DON'T + // wholesale-clear, since that would erase pending AI edits for + // files the user never staged in this commit. + if (shouldClear) { + attributionService.clearAttributedFiles(shouldClear); } else { attributionService.noteCommitWithoutClearing(); } From b3a06a7c461aeec77e28fdb82063ed160594ea77 Mon Sep 17 00:00:00 2001 From: wenshao Date: Thu, 7 May 2026 00:03:00 +0800 Subject: [PATCH 49/64] fix(attribution): committed-blob validation, deleted-leaf canonicalisation, sudo/env shifts, dir-stack MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit gpt-5.5 review (issue 4389405179): 1. realpathOrSelf falls back to the non-canonical input when the leaf doesn't exist (deleted file). recordEdit stored the entry under the canonical path; lookup post-deletion misses on macOS where /var ↔ /private/var. Canonicalise the parent and rejoin the basename for missing leaves so deleted-file getFileAttribution still resolves the canonical key. Test updated to assert the lookup-after-unlink path explicitly. 2. validateOnDiskHashes read the LIVE working-tree, so a user who `git add`'d AI's content and then made additional unstaged edits would have the entry dropped on a commit whose blob still matched AI's hash. Replace with `validateAgainst(getContent)` that takes a caller-supplied reader; attachCommitAttribution now passes a reader that fetches the COMMITTED blob via `git show HEAD:`. Working-tree validation kept as `validateAgainstWorkingTree` for code paths without a committed ref. Returns null = no comparison signal (entry preserved). Tests cover all three readers (committed-blob via stub, working-tree, null-passthrough). deepseek-v4-pro review #1: sanitiseAttribution defaults missing contentHash to '' on legacy-snapshot restore. recordEdit's divergence check would then trip on every subsequent edit and silently reset all the AI work. Skip the divergence check when existing.contentHash is empty — we have no baseline to compare against, so don't drop. Test added covering legacy-snapshot preservation through validateAgainst. deepseek #4: validateAgainst now logs every entry drop via debugLogger.debug so a 3am operator can see WHICH entry got dropped and tied to which canonical key. deepseek #8: GIT_NAMESPACE removed from GIT_ENV_SHIFTS_REPO. It prefixes ref names within the same repo but doesn't redirect git to a different on-disk repository, so a commit underneath it still lands in our cwd's repo. Doc comment explains the distinction. deepseek #9: pushd/popd treated as cwd-shifting alongside cd in gitCommitContext / isAmendCommit / findAttributableCommitSegment. pushd reuses cdTargetMayChangeRepo (relative-no-escape stays in-repo); popd unconditionally flips cwdShifted because we don't track the bash dir-stack. deepseek #10: sudo's value-taking flag table now has a parallel SUDO_FLAGS_SHIFT_CWD set covering -D / --chdir (Linux sudo 1.9.2+). Any segment whose sudo wrapper sees one of those flags returns null from tokeniseSegment — same contract as env -C / --chdir and GIT_DIR=... 328 tests pass; typecheck clean both packages. --- .../src/services/commitAttribution.test.ts | 86 ++++++++++---- .../core/src/services/commitAttribution.ts | 94 ++++++++++++---- packages/core/src/tools/shell.ts | 105 ++++++++++++++---- 3 files changed, 218 insertions(+), 67 deletions(-) diff --git a/packages/core/src/services/commitAttribution.test.ts b/packages/core/src/services/commitAttribution.test.ts index 38f37d8d374..4a6be648ff6 100644 --- a/packages/core/src/services/commitAttribution.test.ts +++ b/packages/core/src/services/commitAttribution.test.ts @@ -148,55 +148,101 @@ describe('CommitAttributionService', () => { expect(after2.aiContribution).toBeGreaterThan(after1.aiContribution); }); - // validateOnDiskHashes runs at commit time and drops entries whose - // current on-disk hash doesn't match what AI recorded — catches - // user edits that happened entirely outside the Edit/Write tools - // (no recordEdit was called, so the input-hash check above couldn't - // see the divergence). - describe('validateOnDiskHashes', () => { + // validateAgainst runs at commit time and drops entries whose + // recorded post-write hash doesn't match the caller-supplied + // content — catches user edits that happened entirely outside the + // Edit/Write tools (no recordEdit was called, so the input-hash + // check above couldn't see the divergence). + describe('validateAgainst', () => { let tmpDir: string; beforeEach(() => { - // Real fs (not mocked) — we want validateOnDiskHashes to - // actually read the disk we wrote to. tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), 'attr-validate-')); }); afterEach(() => { fs.rmSync(tmpDir, { recursive: true, force: true }); }); - it('drops entries whose on-disk content has diverged', () => { + it('drops entries whose content has diverged', () => { const service = CommitAttributionService.getInstance(); const filePath = path.join(tmpDir, 'diverged.ts'); fs.writeFileSync(filePath, 'AI wrote this', 'utf-8'); service.recordEdit(filePath, null, 'AI wrote this'); expect(service.getFileAttribution(filePath)).toBeDefined(); - // User overwrites the file outside the Edit/Write tools. - fs.writeFileSync(filePath, 'human replaced this', 'utf-8'); - - service.validateOnDiskHashes(); + // Caller passes a reader that returns the diverged content. + service.validateAgainst(() => 'human replaced this'); expect(service.getFileAttribution(filePath)).toBeUndefined(); }); - it('keeps entries whose on-disk content matches', () => { + it('keeps entries whose content matches', () => { const service = CommitAttributionService.getInstance(); const filePath = path.join(tmpDir, 'unchanged.ts'); fs.writeFileSync(filePath, 'AI wrote this', 'utf-8'); service.recordEdit(filePath, null, 'AI wrote this'); - service.validateOnDiskHashes(); + service.validateAgainst(() => 'AI wrote this'); expect(service.getFileAttribution(filePath)).toBeDefined(); }); - it('keeps entries for files that no longer exist on disk', () => { + it('keeps entries when getContent returns null (no comparison signal)', () => { + const service = CommitAttributionService.getInstance(); + const filePath = path.join(tmpDir, 'no-comparison.ts'); + fs.writeFileSync(filePath, 'will be queried', 'utf-8'); + service.recordEdit(filePath, null, 'will be queried'); + // null = "no committed blob / unreadable / out-of-scope" — the + // entry should NOT be dropped. + service.validateAgainst(() => null); + expect(service.getFileAttribution(filePath)).toBeDefined(); + }); + + // Legacy snapshot from before contentHash existed: the entry has + // an empty contentHash. We can't tell stale from fresh, so leave + // it alone (don't reset). + it('skips entries with empty contentHash (legacy snapshot)', () => { + const service = CommitAttributionService.getInstance(); + service.restoreFromSnapshot({ + type: 'attribution-snapshot', + surface: 'cli', + fileStates: { + '/legacy.ts': { + aiContribution: 50, + aiCreated: false, + contentHash: '', + }, + }, + promptCount: 0, + promptCountAtLastCommit: 0, + }); + // Even if the reader claims a different hash, an empty recorded + // hash means we have no baseline — keep the entry. + service.validateAgainst(() => 'totally different'); + expect(service.getFileAttribution('/legacy.ts')).toBeDefined(); + }); + + // Working-tree variant for code paths without committed blobs. + it('validateAgainstWorkingTree drops entries whose on-disk content diverged', () => { + const service = CommitAttributionService.getInstance(); + const filePath = path.join(tmpDir, 'wt-diverged.ts'); + fs.writeFileSync(filePath, 'AI wrote this', 'utf-8'); + service.recordEdit(filePath, null, 'AI wrote this'); + fs.writeFileSync(filePath, 'human replaced', 'utf-8'); + service.validateAgainstWorkingTree(); + expect(service.getFileAttribution(filePath)).toBeUndefined(); + }); + + // Deleted-file lookup must remain stable: recordEdit canonicalises + // the path via realpathSync; getFileAttribution must still resolve + // the same canonical key after the leaf is unlinked. realpathOrSelf + // canonicalises the parent and rejoins the basename for missing + // leaves so macOS /var ↔ /private/var doesn't break the lookup + // post-deletion. + it('keeps deleted-file entries reachable via the original path', () => { const service = CommitAttributionService.getInstance(); const filePath = path.join(tmpDir, 'deleted.ts'); fs.writeFileSync(filePath, 'will be deleted', 'utf-8'); service.recordEdit(filePath, null, 'will be deleted'); fs.unlinkSync(filePath); - // Deleted file: leave the attribution alone — the commit's - // deletion record is what the note will reflect, and a missing - // file isn't a divergence signal. - service.validateOnDiskHashes(); + // Lookup must still find the entry by the original path even + // though realpath of the leaf now throws. expect(service.getFileAttribution(filePath)).toBeDefined(); }); }); diff --git a/packages/core/src/services/commitAttribution.ts b/packages/core/src/services/commitAttribution.ts index c53a9f85df2..07b47b75357 100644 --- a/packages/core/src/services/commitAttribution.ts +++ b/packages/core/src/services/commitAttribution.ts @@ -23,8 +23,11 @@ import { createHash } from 'node:crypto'; import * as fs from 'node:fs'; import * as path from 'node:path'; +import { createDebugLogger } from '../utils/debugLogger.js'; import { isGeneratedFile } from './generatedFiles.js'; +const debugLogger = createDebugLogger('COMMIT_ATTRIBUTION'); + function computeContentHash(content: string): string { return createHash('sha256').update(content).digest('hex'); } @@ -35,14 +38,26 @@ function computeContentHash(content: string): string { * `fs.realpathSync` (what edit.ts/write-file.ts records) and * `path.relative` against `git rev-parse --show-toplevel` (which may * report either form) won't line up unless we normalise both sides. - * Falls back to the input on any fs error so a missing path can't - * make the lookup fail outright. + * + * For DELETED leaves (file no longer exists on disk), realpathSync + * throws — but the parent directory is still resolvable. Canonicalise + * the parent and rejoin the missing basename so a deleted file's + * lookup still hits the canonical key recordEdit stored before the + * file was removed. Without this, a `getFileAttribution(deletedPath)` + * call after the file was deleted would fall back to the + * non-canonical input and miss the canonical entry on macOS. */ function realpathOrSelf(p: string): string { try { return fs.realpathSync(p); } catch { - return p; + try { + const parent = path.dirname(p); + const realParent = fs.realpathSync(parent); + return path.join(realParent, path.basename(p)); + } catch { + return p; + } } } @@ -271,7 +286,13 @@ export class CommitAttributionService { // `oldContent` we're being told about doesn't match the hash we // recorded after AI's last write, the file diverged out-of-band. // Drop the accumulated counters before applying the new edit. - if (existing && oldContent !== null) { + // + // Skip the check when `existing.contentHash` is empty: that's a + // legacy snapshot (pre-divergence-detection schema) where we + // never recorded the post-write hash. Comparing an empty hash to + // the actual file hash would always trip the reset and silently + // wipe AI work that's still on disk. + if (existing && existing.contentHash && oldContent !== null) { const oldHash = computeContentHash(oldContent); if (existing.contentHash !== oldHash) { aiContribution = 0; @@ -291,34 +312,61 @@ export class CommitAttributionService { } /** - * Re-hash each tracked file's CURRENT on-disk content and drop - * entries whose hash doesn't match what AI's last write recorded. - * Catches the cases recordEdit's input-hash check can't see — i.e. - * the user (or another tool) modified the file entirely outside - * the Edit/Write tools, then committed it. Without this, the AI's - * stale aiContribution would attach to the human-only diff at - * commit time and credit AI for human work. + * Re-hash each tracked file's content via a caller-supplied reader + * and drop entries whose hash doesn't match what AI's last write + * recorded. Catches the cases recordEdit's input-hash check can't + * see — i.e. the user (or another tool) modified the file entirely + * outside the Edit/Write tools, then committed it. Without this, + * the AI's stale aiContribution would attach to the human-only + * diff at commit time and credit AI for human work. + * + * `getContent(absPath)` returns the bytes the caller wants to + * compare against, or `null` if the entry shouldn't be checked + * (deletion, unreadable, no committed copy). Returning `null` + * leaves the entry alone rather than dropping it. * - * Called immediately before generateNotePayload in the - * commit-attribution path. Files that no longer exist on disk - * (deletion) are left alone — the commit's deletion record is - * what the note should reflect, and reading them would just throw. + * Two production callers: + * 1. `attachCommitAttribution` after a commit — should pass a + * reader that fetches the COMMITTED blob (`git show HEAD:`) + * so unstaged working-tree changes the user made AFTER `git add` + * don't trip the divergence check on a commit whose blob still + * matches AI's recorded hash. + * 2. The legacy live-disk reader (`fs.readFileSync`) is exposed + * via `validateAgainstWorkingTree` for the no-committed-blob + * cases (e.g. amend-without-reflog where we can't pin a + * ref). Less precise but better than nothing. */ - validateOnDiskHashes(): void { + validateAgainst(getContent: (absPath: string) => string | null): void { for (const [key, attr] of this.fileAttributions) { - let current: string; - try { - current = fs.readFileSync(key, 'utf-8'); - } catch { - // File doesn't exist (deletion) or isn't readable — skip. - continue; - } + // Skip legacy entries that have no recorded post-write hash — + // we can't tell stale from fresh, so leave them alone. + if (!attr.contentHash) continue; + const current = getContent(key); + if (current === null) continue; // not a divergence signal if (computeContentHash(current) !== attr.contentHash) { + debugLogger.debug( + `validateAgainst: dropping stale attribution for ${key} (hash diverged)`, + ); this.fileAttributions.delete(key); } } } + /** + * Convenience wrapper around {@link validateAgainst} that reads + * the live working-tree file. Used for code paths where we can't + * read the committed blob (no commit happened, no ref available). + */ + validateAgainstWorkingTree(): void { + this.validateAgainst((p) => { + try { + return fs.readFileSync(p, 'utf-8'); + } catch { + return null; + } + }); + } + // ----------------------------------------------------------------------- // Prompt counting // ----------------------------------------------------------------------- diff --git a/packages/core/src/tools/shell.ts b/packages/core/src/tools/shell.ts index 671559ab658..3b776df2e41 100644 --- a/packages/core/src/tools/shell.ts +++ b/packages/core/src/tools/shell.ts @@ -156,12 +156,16 @@ function tokeniseSegment(segment: string): string[] | null { while (i < tokens.length && tokens[i]!.startsWith('-')) { const flag = tokens[i]!; i++; - // `env -C DIR` / `env --chdir DIR` relocates the working - // directory before exec. Treat the segment as repo-shifting - // (same contract as a leading `GIT_DIR=...` assignment) so - // we don't stamp our trailer onto a commit that landed in a - // different repository. - if (wrapper === 'env' && ENV_FLAGS_SHIFT_CWD.has(flag)) { + // `env -C DIR` / `env --chdir DIR` (GNU coreutils 8.30+) and + // `sudo -D DIR` / `sudo --chdir DIR` (Linux sudo with --chdir) + // both relocate the working directory before exec. Treat the + // segment as repo-shifting (same contract as a leading + // `GIT_DIR=...` assignment) so we don't stamp our trailer onto + // a commit that landed in a different repository. + if ( + (wrapper === 'env' && ENV_FLAGS_SHIFT_CWD.has(flag)) || + (wrapper === 'sudo' && SUDO_FLAGS_SHIFT_CWD.has(flag)) + ) { return null; } // Value-taking flag tables, per wrapper: `sudo -u user`, @@ -225,6 +229,12 @@ const ENV_FLAGS_WITH_VALUE = new Set(['-u', '--unset', '-S', '--split-string']); // and the per-file note. const ENV_FLAGS_SHIFT_CWD = new Set(['-C', '--chdir']); +// `sudo`'s flags that relocate the working directory before exec. +// Linux sudo's `-D DIR` / `--chdir DIR` (1.9.2+) makes the inner +// command run in DIR, which means a `git commit` underneath it +// targets DIR's repo, not ours. Refuse the segment. +const SUDO_FLAGS_SHIFT_CWD = new Set(['-D', '--chdir']); + /** * Environment variables that redirect git's repository selection. A * leading `GIT_DIR=...`, `GIT_WORK_TREE=...`, etc. on a command makes @@ -239,12 +249,16 @@ const ENV_FLAGS_SHIFT_CWD = new Set(['-C', '--chdir']); * but don't move it to another repo, so attribution is still * meaningful. */ +// `GIT_NAMESPACE` is intentionally NOT here: it prefixes ref names +// within the same repository, but the working tree and object store +// are unchanged, so a `git commit` under it still lands in our cwd's +// repo. The set covers ONLY variables that change which on-disk +// repository git acts on. const GIT_ENV_SHIFTS_REPO = new Set([ 'GIT_DIR', 'GIT_WORK_TREE', 'GIT_COMMON_DIR', 'GIT_INDEX_FILE', - 'GIT_NAMESPACE', ]); /** @@ -360,10 +374,10 @@ function gitCommitContext(command: string): { const program = tokens[0]!; - if (program === 'cd') { - // A cd before any commit might redirect a later `git commit` into - // a different repo. A cd AFTER the commit doesn't matter for the - // commit we already saw. + if (program === 'cd' || program === 'pushd') { + // A cd / pushd before any commit might redirect a later + // `git commit` into a different repo. A cd AFTER the commit + // doesn't matter for the commit we already saw. // // A heuristic relaxation: relative cd targets that don't escape // upward (no `..`, no absolute path, no env-var/$home expansion) @@ -378,6 +392,14 @@ function gitCommitContext(command: string): { if (!hasCommit && cdTargetMayChangeRepo(tokens)) cwdShifted = true; continue; } + if (program === 'popd') { + // `popd` returns to a previous directory in the bash dir-stack. + // Without tracking the stack we can't know whether the resulting + // cwd is the same repo or a different one — treat conservatively + // as a shift before any commit. + if (!hasCommit) cwdShifted = true; + continue; + } if (program === 'git') { const { subcommand, changesCwd } = parseGitInvocation(tokens); @@ -487,10 +509,14 @@ function isAmendCommit(command: string): boolean { const tokens = tokeniseSegment(sub); if (!tokens || tokens.length === 0) continue; const program = tokens[0]!; - if (program === 'cd') { + if (program === 'cd' || program === 'pushd') { if (!cwdShifted && cdTargetMayChangeRepo(tokens)) cwdShifted = true; continue; } + if (program === 'popd') { + cwdShifted = true; + continue; + } if (program !== 'git') continue; const { subcommand, changesCwd } = parseGitInvocation(tokens); if (subcommand === 'commit' && !cwdShifted && !changesCwd) { @@ -540,13 +566,17 @@ function findAttributableCommitSegment( const tokens = tokeniseSegment(sub); if (!tokens || tokens.length === 0) continue; const program = tokens[0]!; - if (program === 'cd') { - // Mirror gitCommitContext's cd heuristic: relative paths that - // don't escape upward are treated as in-repo, so + if (program === 'cd' || program === 'pushd') { + // Mirror gitCommitContext's cd/pushd heuristic: relative paths + // that don't escape upward are treated as in-repo, so // `cd subdir && git commit ...` still finds the segment. if (!cwdShifted && cdTargetMayChangeRepo(tokens)) cwdShifted = true; continue; } + if (program === 'popd') { + cwdShifted = true; + continue; + } if (program === 'git') { const { subcommand, changesCwd } = parseGitInvocation(tokens); if (subcommand === 'commit' && !cwdShifted && !changesCwd) { @@ -2060,15 +2090,42 @@ export class ShellToolInvocation extends BaseToolInvocation< canonicalBase = baseDir; } - // Drop tracked entries whose on-disk content has diverged from - // what AI's last write recorded — catches the case where the - // user paste-replaced via an external editor, ran `git checkout`, - // or otherwise modified the file outside the Edit/Write tools. - // Without this, the AI's stale aiContribution would attach to - // the human-only diff at commit time and credit AI for the human - // work. Run this BEFORE matchCommittedFiles so the dropped - // entries are also out of the per-file payload. - attributionService.validateOnDiskHashes(); + // Drop tracked entries whose COMMITTED content has diverged + // from what AI's last write recorded — catches the case where + // the user paste-replaced via an external editor, ran + // `git checkout`, or otherwise modified the file outside the + // Edit/Write tools. Validate against the COMMITTED blob (via + // `git show HEAD:`) rather than the live working tree: + // the user can `git add` AI's content, then make additional + // unstaged edits, then `git commit` — the commit's blob still + // matches AI's recorded hash, but the working-tree file does + // not. A working-tree comparison would drop the entry on a + // commit that legitimately came from AI. Run BEFORE + // matchCommittedFiles so dropped entries are also out of the + // per-file payload. + attributionService.validateAgainst((absPath) => { + const rel = path + .relative(canonicalBase, absPath) + .split(path.sep) + .join('/'); + if (!rel || rel.startsWith('..')) return null; + try { + return childProcess + .execFileSync('git', ['show', `HEAD:${rel}`], { + cwd, + timeout: 2000, + stdio: ['ignore', 'pipe', 'ignore'], + maxBuffer: 16 * 1024 * 1024, + }) + .toString('utf-8'); + } catch { + // No committed content (deleted file, file not in commit, + // or git error) — leave the entry alone. Deletion handling + // is its own thread; what matters here is that we don't + // FALSE-positive on a missing-from-commit signal. + return null; + } + }); committedAbsolutePaths = attributionService.matchCommittedFiles( stagedInfo.files, From 3bb4cc7d7cab61212e9f7ae3d5237628cc04a040 Mon Sep 17 00:00:00 2001 From: wenshao Date: Thu, 7 May 2026 00:12:02 +0800 Subject: [PATCH 50/64] fix(attribution): scope validateAgainst to committed set, SHA-pin reader, intent-aware migration MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Round 1 of multi-pass audit on b3a06a7c4. Three correctness fixes: 1. validateAgainst was iterating ALL fileAttributions but the committed-blob reader (git show HEAD:) returns HEAD's pre-AI content for files NOT in the just-made commit. Result: pending unstaged AI work was silently wiped on every commit because the divergence check ran against the wrong baseline for unrelated files. Fix: build the committed scope first via matchCommittedFiles, scope the reader to that set (return null for everything else), validate, then RE-run matchCommittedFiles to pick up dropped entries. The validateAgainstWorkingTree wrapper had no production caller — removed it and its test. 2. The committed-blob reader used symbolic `HEAD` instead of the captured postHead SHA — same TOCTOU concern buildGitNotesCommand already addressed. A post-commit hook moving HEAD between capture and the reader's `git show` would silently compare against the wrong commit's content and trip the divergence check spuriously. Pin the reader to `git show :`. 3. v3→v4 migration's invalid-string fallback used to reset to {}. Combined with the runtime pickBool's "absent → schema default true" rule, that silently re-enabled attribution for users who hand-edited `"gitCoAuthor": "off"` to disable. Migration now recognises enable-intent strings (true/yes/on/1/enabled) and disable-intent strings (false/no/off/0/disabled/'') and maps them to {commit, pr} explicitly. Unrecognised strings fall to {commit: false, pr: false} with a warning — same safer-by-default contract as runtime pickBool. Test grid covers all 11 cases. Also tidied the FileAttribution.contentHash JSDoc to reference the renamed `validateAgainst` (was still pointing at the dropped `validateOnDiskHashes` name). 1085 tests pass; typecheck clean both packages. --- .../migration/versions/v3-to-v4.test.ts | 76 +++++++++++++------ .../src/config/migration/versions/v3-to-v4.ts | 42 +++++++++- .../src/services/commitAttribution.test.ts | 11 --- .../core/src/services/commitAttribution.ts | 43 ++++------- packages/core/src/tools/shell.ts | 50 ++++++++---- 5 files changed, 138 insertions(+), 84 deletions(-) diff --git a/packages/cli/src/config/migration/versions/v3-to-v4.test.ts b/packages/cli/src/config/migration/versions/v3-to-v4.test.ts index 0d02d383d2a..0aad1d31e46 100644 --- a/packages/cli/src/config/migration/versions/v3-to-v4.test.ts +++ b/packages/cli/src/config/migration/versions/v3-to-v4.test.ts @@ -148,37 +148,63 @@ describe('V3ToV4Migration', () => { expect(warnings).toEqual([]); }); - it('drops invalid values and emits a warning', () => { - const input = { $version: 3, general: { gitCoAuthor: 'yes' } }; - const { settings, warnings } = migration.migrate(input, 'user') as { - settings: Record; - warnings: string[]; - }; - - expect( - (settings['general'] as Record)['gitCoAuthor'], - ).toEqual({}); - expect(warnings).toHaveLength(1); - expect(warnings[0]).toContain('gitCoAuthor'); - expect(warnings[0]).toContain('user'); - }); + // String enable-intent forms map to {commit: true, pr: true}; + // disable-intent forms map to {commit: false, pr: false}; an + // unrecognised string also defaults to disabled (safer-by-default + // — same contract as the runtime `pickBool`) but emits a warning. + it.each([ + ['"true"', 'true', { commit: true, pr: true }, false], + ['"yes"', 'yes', { commit: true, pr: true }, false], + ['"on"', 'on', { commit: true, pr: true }, false], + ['"1"', '1', { commit: true, pr: true }, false], + ['"false"', 'false', { commit: false, pr: false }, false], + ['"no"', 'no', { commit: false, pr: false }, false], + ['"off"', 'off', { commit: false, pr: false }, false], + ['"0"', '0', { commit: false, pr: false }, false], + ['empty string', '', { commit: false, pr: false }, false], + ['"OFF" (case)', 'OFF', { commit: false, pr: false }, false], + ['unknown string', 'maybe', { commit: false, pr: false }, true], + ])( + 'maps string %s to %j (warn=%s)', + (_label, str, expected, expectWarn) => { + const input = { $version: 3, general: { gitCoAuthor: str } }; + const { settings, warnings } = migration.migrate(input, 'user') as { + settings: Record; + warnings: string[]; + }; + expect( + (settings['general'] as Record)['gitCoAuthor'], + ).toEqual(expected); + if (expectWarn) { + expect(warnings).toHaveLength(1); + expect(warnings[0]).toContain('gitCoAuthor'); + } else { + expect(warnings).toHaveLength(0); + } + }, + ); + // Non-string invalid values (null/array/number) get the + // safer-by-default disabled state with a warning. it.each([ ['null', null], ['array', []], ['number', 42], - ])('treats %s as invalid and resets with a warning', (_label, bad) => { - const input = { $version: 3, general: { gitCoAuthor: bad } }; - const { settings, warnings } = migration.migrate(input, 'user') as { - settings: Record; - warnings: string[]; - }; + ])( + 'treats %s as invalid and resets to disabled with a warning', + (_label, bad) => { + const input = { $version: 3, general: { gitCoAuthor: bad } }; + const { settings, warnings } = migration.migrate(input, 'user') as { + settings: Record; + warnings: string[]; + }; - expect( - (settings['general'] as Record)['gitCoAuthor'], - ).toEqual({}); - expect(warnings).toHaveLength(1); - }); + expect( + (settings['general'] as Record)['gitCoAuthor'], + ).toEqual({ commit: false, pr: false }); + expect(warnings).toHaveLength(1); + }, + ); it('leaves a partially-specified object unchanged', () => { // Downstream normalizeGitCoAuthor fills missing sub-keys with defaults; diff --git a/packages/cli/src/config/migration/versions/v3-to-v4.ts b/packages/cli/src/config/migration/versions/v3-to-v4.ts index 8b828b06255..786cb17396e 100644 --- a/packages/cli/src/config/migration/versions/v3-to-v4.ts +++ b/packages/cli/src/config/migration/versions/v3-to-v4.ts @@ -90,15 +90,49 @@ export class V3ToV4Migration implements SettingsMigration { commit: value, pr: value, }); + } else if (typeof value === 'string') { + // String forms: a user who hand-edited `"gitCoAuthor": "off"` (or + // similar) to disable the feature must NOT see attribution + // silently re-enable just because we couldn't parse the literal + // shape. Map disable-intent strings to `{commit: false, pr: false}`, + // enable-intent strings to `{commit: true, pr: true}`, and + // anything else to disabled with a warning (safer-by-default + // than enabling against an ambiguous opt-out). + const lowered = value.trim().toLowerCase(); + const disableIntent = ['false', 'no', 'off', '0', 'disabled', '']; + const enableIntent = ['true', 'yes', 'on', '1', 'enabled']; + if (enableIntent.includes(lowered)) { + setNestedPropertySafe(result, GIT_CO_AUTHOR_PATH, { + commit: true, + pr: true, + }); + } else if (disableIntent.includes(lowered)) { + setNestedPropertySafe(result, GIT_CO_AUTHOR_PATH, { + commit: false, + pr: false, + }); + } else { + setNestedPropertySafe(result, GIT_CO_AUTHOR_PATH, { + commit: false, + pr: false, + }); + warnings.push( + `Reset '${GIT_CO_AUTHOR_PATH}' in ${scope} settings to {commit: false, pr: false} because the stored string '${value}' was not a recognized boolean form.`, + ); + } } else if ( value !== undefined && (typeof value !== 'object' || value === null || Array.isArray(value)) ) { - // Invalid: can't safely interpret. Drop so the schema default (both - // toggles on) applies on next load. - setNestedPropertySafe(result, GIT_CO_AUTHOR_PATH, {}); + // Invalid non-string shape (number, array, null). Drop and + // disable rather than re-enable on ambiguity — same + // safer-by-default contract as `pickBool` at runtime. + setNestedPropertySafe(result, GIT_CO_AUTHOR_PATH, { + commit: false, + pr: false, + }); warnings.push( - `Reset '${GIT_CO_AUTHOR_PATH}' in ${scope} settings because the stored value was not a boolean or object.`, + `Reset '${GIT_CO_AUTHOR_PATH}' in ${scope} settings to {commit: false, pr: false} because the stored value was not a boolean or object.`, ); } // Object values (including the new shape) pass through unchanged. diff --git a/packages/core/src/services/commitAttribution.test.ts b/packages/core/src/services/commitAttribution.test.ts index 4a6be648ff6..03d64a4117a 100644 --- a/packages/core/src/services/commitAttribution.test.ts +++ b/packages/core/src/services/commitAttribution.test.ts @@ -218,17 +218,6 @@ describe('CommitAttributionService', () => { expect(service.getFileAttribution('/legacy.ts')).toBeDefined(); }); - // Working-tree variant for code paths without committed blobs. - it('validateAgainstWorkingTree drops entries whose on-disk content diverged', () => { - const service = CommitAttributionService.getInstance(); - const filePath = path.join(tmpDir, 'wt-diverged.ts'); - fs.writeFileSync(filePath, 'AI wrote this', 'utf-8'); - service.recordEdit(filePath, null, 'AI wrote this'); - fs.writeFileSync(filePath, 'human replaced', 'utf-8'); - service.validateAgainstWorkingTree(); - expect(service.getFileAttribution(filePath)).toBeUndefined(); - }); - // Deleted-file lookup must remain stable: recordEdit canonicalises // the path via realpathSync; getFileAttribution must still resolve // the same canonical key after the leaf is unlinked. realpathOrSelf diff --git a/packages/core/src/services/commitAttribution.ts b/packages/core/src/services/commitAttribution.ts index 07b47b75357..26c18262ba4 100644 --- a/packages/core/src/services/commitAttribution.ts +++ b/packages/core/src/services/commitAttribution.ts @@ -76,9 +76,9 @@ export interface FileAttribution { * `rm` + recreate, manual save) so AI's accumulated counter doesn't * silently get credited to subsequent human edits. recordEdit checks * this on every call (resets when the input `oldContent` doesn't - * match), and `validateOnDiskHashes` re-verifies before a commit - * note is generated to catch user edits that happened entirely - * outside the Edit/Write tools. + * match), and `validateAgainst` re-verifies before a commit note is + * generated to catch user edits that happened entirely outside the + * Edit/Write tools. */ contentHash: string; } @@ -322,19 +322,17 @@ export class CommitAttributionService { * * `getContent(absPath)` returns the bytes the caller wants to * compare against, or `null` if the entry shouldn't be checked - * (deletion, unreadable, no committed copy). Returning `null` - * leaves the entry alone rather than dropping it. + * (deletion, unreadable, file not in the relevant scope). Returning + * `null` leaves the entry alone rather than dropping it. * - * Two production callers: - * 1. `attachCommitAttribution` after a commit — should pass a - * reader that fetches the COMMITTED blob (`git show HEAD:`) - * so unstaged working-tree changes the user made AFTER `git add` - * don't trip the divergence check on a commit whose blob still - * matches AI's recorded hash. - * 2. The legacy live-disk reader (`fs.readFileSync`) is exposed - * via `validateAgainstWorkingTree` for the no-committed-blob - * cases (e.g. amend-without-reflog where we can't pin a - * ref). Less precise but better than nothing. + * Production caller (`attachCommitAttribution`) passes a reader + * that fetches the COMMITTED blob (`git show HEAD:`) for files + * actually in the just-made commit, returning null for everything + * else. The "committed blob" choice (rather than the live working + * tree) is what makes a `git add AI's edit && extra unstaged edits + * && git commit` flow correctly attribute the commit to AI even + * though the working-tree file no longer matches AI's recorded + * hash. */ validateAgainst(getContent: (absPath: string) => string | null): void { for (const [key, attr] of this.fileAttributions) { @@ -352,21 +350,6 @@ export class CommitAttributionService { } } - /** - * Convenience wrapper around {@link validateAgainst} that reads - * the live working-tree file. Used for code paths where we can't - * read the committed blob (no commit happened, no ref available). - */ - validateAgainstWorkingTree(): void { - this.validateAgainst((p) => { - try { - return fs.readFileSync(p, 'utf-8'); - } catch { - return null; - } - }); - } - // ----------------------------------------------------------------------- // Prompt counting // ----------------------------------------------------------------------- diff --git a/packages/core/src/tools/shell.ts b/packages/core/src/tools/shell.ts index 3b776df2e41..aeebac9512f 100644 --- a/packages/core/src/tools/shell.ts +++ b/packages/core/src/tools/shell.ts @@ -2090,20 +2090,41 @@ export class ShellToolInvocation extends BaseToolInvocation< canonicalBase = baseDir; } + // First-pass match: which tracked entries are part of THIS + // commit? Validation must run against this subset only — a + // tracked file the user didn't stage isn't in HEAD's new tree + // post-commit (HEAD still has the pre-AI-edit version), so + // `git show HEAD:` would return the OLD content and the + // hash divergence check would drop the AI's pending unstaged + // work. Scope the reader to the committed set only. + const committedScope = attributionService.matchCommittedFiles( + stagedInfo.files, + canonicalBase, + ); + // Drop tracked entries whose COMMITTED content has diverged // from what AI's last write recorded — catches the case where // the user paste-replaced via an external editor, ran // `git checkout`, or otherwise modified the file outside the - // Edit/Write tools. Validate against the COMMITTED blob (via - // `git show HEAD:`) rather than the live working tree: - // the user can `git add` AI's content, then make additional - // unstaged edits, then `git commit` — the commit's blob still - // matches AI's recorded hash, but the working-tree file does - // not. A working-tree comparison would drop the entry on a - // commit that legitimately came from AI. Run BEFORE - // matchCommittedFiles so dropped entries are also out of the - // per-file payload. + // Edit/Write tools. Validate against the COMMITTED blob rather + // than the live working tree: the user can `git add` AI's + // content, then make additional unstaged edits, then + // `git commit` — the commit's blob still matches AI's recorded + // hash, but the working-tree file does not. A working-tree + // comparison would drop the entry on a commit that legitimately + // came from AI. + // + // Pin the read to the captured `postHead` SHA, NOT the symbolic + // `HEAD`, for the same TOCTOU reason `buildGitNotesCommand` + // does: a post-commit hook or chained command can advance HEAD + // between our postHead capture and these reads, and a symbolic + // `git show HEAD:` would then compare against the WRONG + // commit's content and spuriously drop entries. attributionService.validateAgainst((absPath) => { + // ONLY check files that landed in this commit. Anything else + // (unstaged AI work, files in other directories) returns null + // so validateAgainst leaves them alone. + if (!committedScope.has(absPath)) return null; const rel = path .relative(canonicalBase, absPath) .split(path.sep) @@ -2111,7 +2132,7 @@ export class ShellToolInvocation extends BaseToolInvocation< if (!rel || rel.startsWith('..')) return null; try { return childProcess - .execFileSync('git', ['show', `HEAD:${rel}`], { + .execFileSync('git', ['show', `${postHead}:${rel}`], { cwd, timeout: 2000, stdio: ['ignore', 'pipe', 'ignore'], @@ -2119,14 +2140,15 @@ export class ShellToolInvocation extends BaseToolInvocation< }) .toString('utf-8'); } catch { - // No committed content (deleted file, file not in commit, - // or git error) — leave the entry alone. Deletion handling - // is its own thread; what matters here is that we don't - // FALSE-positive on a missing-from-commit signal. + // No committed content (deleted file, file not in the + // commit, or git error) — leave the entry alone. return null; } }); + // Recompute the committed set after validation: dropped entries + // shouldn't appear in the per-file payload OR in the partial + // clear set (they were already deleted from fileAttributions). committedAbsolutePaths = attributionService.matchCommittedFiles( stagedInfo.files, canonicalBase, From c557bd55c91d4d2e2945acd1ff4103d05088a653 Mon Sep 17 00:00:00 2001 From: wenshao Date: Thu, 7 May 2026 00:21:00 +0800 Subject: [PATCH 51/64] chore(attribution): extract pickOuterLastMatch, log unrecognised pickBool inputs MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Round 2 of multi-pass audit. Two cleanups, no behaviour changes: 1. addCoAuthorToGitCommit and addAttributionToPR each carried their own copy of the matchRange / isInside / "pick LAST non-nested match" logic (~25 LOC duplicated). Extracted to module-level helpers `matchSpan`, `isMatchInside`, and `pickOuterLastMatch` so a future bug fix can't apply to only one of the two rewriters. Behaviour identical — same algorithm, same edge cases. 2. normalizeGitCoAuthor's pickBool silently maps unrecognised strings to false (safer-by-default vs the old "default-to-true on mismatch" policy, but a user who hand-edited `{ commit: "maybe" }` had no signal that their setting was being ignored). Add a `gitCoAuthorLogger.warn` listing the accepted forms so a debug-mode user can see the actual coercion. Known disable-intent strings (false/no/off/0/empty) stay silent — they're explicit user intent. Also pass the field name so the warning identifies which sub-toggle (commit vs pr) was bad. 1101 tests pass; typecheck clean. --- packages/core/src/config/config.ts | 18 +++- packages/core/src/tools/shell.ts | 129 +++++++++++++++-------------- 2 files changed, 83 insertions(+), 64 deletions(-) diff --git a/packages/core/src/config/config.ts b/packages/core/src/config/config.ts index cecfc897b3a..1547df014a1 100644 --- a/packages/core/src/config/config.ts +++ b/packages/core/src/config/config.ts @@ -132,6 +132,8 @@ import { readAutoMemoryIndex } from '../memory/store.js'; import { MemoryManager } from '../memory/manager.js'; import { CommitAttributionService } from '../services/commitAttribution.js'; +const gitCoAuthorLogger = createDebugLogger('GIT_CO_AUTHOR'); + import { ModelsConfig, type ModelProvidersConfig, @@ -269,7 +271,7 @@ function normalizeGitCoAuthor(value: GitCoAuthorParam | undefined): { // `{ "commit": "false" }` silently activated attribution against // the user's clear intent. Safer-by-default: ambiguous values // disable rather than enable. - const pickBool = (v: unknown): boolean => { + const pickBool = (v: unknown, fieldName: string): boolean => { if (v === undefined) return true; if (typeof v === 'boolean') return v; if (typeof v === 'string') { @@ -282,14 +284,24 @@ function normalizeGitCoAuthor(value: GitCoAuthorParam | undefined): { ) { return true; } + // Known disable-intent forms — silent (matches user intent). + const knownDisable = ['false', 'no', 'off', '0', 'disabled', '']; + if (!knownDisable.includes(lowered)) { + // Unrecognised string — disable (safer-by-default) but log + // so a user wondering "why is my setting being ignored?" + // can see the actual coercion in QWEN_DEBUG_LOG_FILE. + gitCoAuthorLogger.warn( + `Unrecognized string value for general.gitCoAuthor.${fieldName}: ${JSON.stringify(v)}; treating as false. Accepted forms: true/yes/on/1, false/no/off/0/empty.`, + ); + } return false; } if (typeof v === 'number') return v === 1; return false; }; return { - commit: pickBool(value?.commit), - pr: pickBool(value?.pr), + commit: pickBool(value?.commit, 'commit'), + pr: pickBool(value?.pr, 'pr'), }; } diff --git a/packages/core/src/tools/shell.ts b/packages/core/src/tools/shell.ts index aeebac9512f..347f4abf0b2 100644 --- a/packages/core/src/tools/shell.ts +++ b/packages/core/src/tools/shell.ts @@ -103,6 +103,60 @@ function lastMatchOf( return result; } +/** + * Helpers for the nested-match-rejection logic shared between + * addCoAuthorToGitCommit and addAttributionToPR. Both functions pick + * the LAST `-m` / `--body` occurrence across two quote styles, but + * have to reject a candidate that's nested INSIDE the other's range + * — e.g. `git commit -m "docs mention -m 'flag'"` where the inner + * `-m 'flag'` lives entirely inside the outer `-m "..."`. Without + * the nesting check the inner (later) match would win and the + * trailer would land in the body text. + * + * Extracted to module scope so future bug fixes can't apply to only + * one of the two call sites. + */ +function matchSpan( + m: RegExpMatchArray | null, +): { start: number; end: number } | null { + return m ? { start: m.index ?? 0, end: (m.index ?? 0) + m[0].length } : null; +} + +function isMatchInside( + inner: RegExpMatchArray | null, + outer: RegExpMatchArray | null, +): boolean { + const i = matchSpan(inner); + const o = matchSpan(outer); + return !!(i && o && i.start >= o.start && i.end <= o.end); +} + +/** + * Pick the LAST non-nested match across two quote styles. Mirrors the + * algorithm both rewriters use: prefer whichever appears later in the + * segment, but if either match lives inside the other's range, take + * the OUTER one. Returns the chosen match plus a marker telling the + * caller which style won (so they can pick the right escape function). + */ +function pickOuterLastMatch( + doubleMatch: T, + singleMatch: T, +): { match: T; isDouble: boolean } { + if (doubleMatch && singleMatch) { + if (isMatchInside(singleMatch, doubleMatch)) { + return { match: doubleMatch, isDouble: true }; + } + if (isMatchInside(doubleMatch, singleMatch)) { + return { match: singleMatch, isDouble: false }; + } + return (doubleMatch.index ?? 0) > (singleMatch.index ?? 0) + ? { match: doubleMatch, isDouble: true } + : { match: singleMatch, isDouble: false }; + } + if (doubleMatch) return { match: doubleMatch, isDouble: true }; + return { match: singleMatch, isDouble: false }; +} + /** * Tokenise a single shell-command segment via `shell-quote`. Returns * the parsed string tokens with leading env-var assignments and a @@ -2599,41 +2653,17 @@ export class ShellToolInvocation extends BaseToolInvocation< // quote style — but reject any candidate that's nested inside the // other's range. For `git commit -m "docs mention -m 'flag'"` the // single-quoted `-m 'flag'` lives INSIDE the double-quoted real - // message; without a nesting check the later (inner) `-m` would + // message; without the nesting check the later (inner) `-m` would // win and the trailer would be spliced into the body text. - const matchRange = (m: RegExpMatchArray | null) => - m ? { start: m.index ?? 0, end: (m.index ?? 0) + m[0].length } : null; - const isInside = ( - inner: RegExpMatchArray | null, - outer: RegExpMatchArray | null, - ): boolean => { - const i = matchRange(inner); - const o = matchRange(outer); - return !!(i && o && i.start >= o.start && i.end <= o.end); - }; - let match: RegExpMatchArray | null; - if (doubleMatch && singleMatch) { - if (isInside(singleMatch, doubleMatch)) { - match = doubleMatch; - } else if (isInside(doubleMatch, singleMatch)) { - match = singleMatch; - } else { - match = - (doubleMatch.index ?? 0) > (singleMatch.index ?? 0) - ? doubleMatch - : singleMatch; - } - } else { - match = doubleMatch ?? singleMatch; - } - const quote = match === doubleMatch ? '"' : "'"; + const picked = pickOuterLastMatch(doubleMatch, singleMatch); + const match = picked.match; + const quote = picked.isDouble ? '"' : "'"; // Escape the configured name/email for the surrounding quote // style — has to follow the actually-selected match. - const escape = - match === doubleMatch - ? escapeForBashDoubleQuote - : escapeForBashSingleQuote; + const escape = picked.isDouble + ? escapeForBashDoubleQuote + : escapeForBashSingleQuote; const escapedName = escape(gitCoAuthorSettings.name ?? ''); const escapedEmail = escape(gitCoAuthorSettings.email ?? ''); const coAuthor = `\n\nCo-authored-by: ${escapedName} <${escapedEmail}>`; @@ -2757,32 +2787,10 @@ export class ShellToolInvocation extends BaseToolInvocation< // the inner `-b 'flag'` is INSIDE the outer `--body "..."`; without // a nesting check the inner (later) `-b` would win and the trailer // would be spliced into the body text rather than appended after it. - const bodyMatchRange = (m: RegExpMatchArray | null) => - m ? { start: m.index ?? 0, end: (m.index ?? 0) + m[0].length } : null; - const bodyIsInside = ( - inner: RegExpMatchArray | null, - outer: RegExpMatchArray | null, - ): boolean => { - const i = bodyMatchRange(inner); - const o = bodyMatchRange(outer); - return !!(i && o && i.start >= o.start && i.end <= o.end); - }; - let bodyMatch: RegExpMatchArray | null; - if (bodyDoubleMatch && bodySingleMatch) { - if (bodyIsInside(bodySingleMatch, bodyDoubleMatch)) { - bodyMatch = bodyDoubleMatch; - } else if (bodyIsInside(bodyDoubleMatch, bodySingleMatch)) { - bodyMatch = bodySingleMatch; - } else { - bodyMatch = - (bodyDoubleMatch.index ?? 0) > (bodySingleMatch.index ?? 0) - ? bodyDoubleMatch - : bodySingleMatch; - } - } else { - bodyMatch = bodyDoubleMatch ?? bodySingleMatch; - } - const bodyQuote = bodyMatch === bodyDoubleMatch ? '"' : "'"; + // Shared with addCoAuthorToGitCommit via `pickOuterLastMatch`. + const pickedBody = pickOuterLastMatch(bodyDoubleMatch, bodySingleMatch); + const bodyMatch = pickedBody.match; + const bodyQuote = pickedBody.isDouble ? '"' : "'"; if (bodyMatch) { const [fullMatch, prefix, existingBody] = bodyMatch; @@ -2799,10 +2807,9 @@ export class ShellToolInvocation extends BaseToolInvocation< // Without this, a configured generator name containing `"`, `$`, a // backtick, or `'` would either break the user-approved `gh pr // create` command or, worse, be interpreted as command substitution. - const escapedAttribution = - bodyMatch === bodyDoubleMatch - ? escapeForBashDoubleQuote(attribution) - : escapeForBashSingleQuote(attribution); + const escapedAttribution = pickedBody.isDouble + ? escapeForBashDoubleQuote(attribution) + : escapeForBashSingleQuote(attribution); const newBody = existingBody + escapedAttribution; // Splice the modified segment back into the original command, // offsetting the in-segment match index by the segment start. From ca21b6db68aefa11f58a5cc805ad019fca0e9f5c Mon Sep 17 00:00:00 2001 From: wenshao Date: Thu, 7 May 2026 00:39:13 +0800 Subject: [PATCH 52/64] fix(attribution): canonicalise BOM and CRLF before hashing MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Round 3 of multi-pass audit. One real correctness fix. Edit and WriteFile preserve the file's BOM and CRLF line-ending choice when writing back, so the on-disk bytes can include a leading U+FEFF and CRLFs even when AI's recordEdit input was given with LF and no BOM. The committed-blob reader's `git show :` returns those raw bytes verbatim, and computeContentHash hashed them as-is — so a UTF-8 BOM file or a CRLF-line-ending file would always have a mismatch between AI's recorded hash and the on-disk hash, and validateAgainst would drop the entry on every commit. Add `canonicaliseForHash`: strips a leading U+FEFF and normalises CRLF→LF before computing the SHA-256. Both sides (recordEdit when storing the post-write hash, and validateAgainst when comparing to the on-disk read) flow through computeContentHash, so the canonicalisation is symmetric. The hash is metadata used only for divergence detection — collapsing these visual differences is the right comparison semantics. Three regression tests added: BOM-only, CRLF-only, and BOM+CRLF combined. All exercise the typical case where AI's recordEdit input is LF + no BOM but the on-disk content (post-writeTextFile) has the file's preserved BOM/lineEnding choice. --- .../src/services/commitAttribution.test.ts | 48 +++++++++++++++++++ .../core/src/services/commitAttribution.ts | 34 ++++++++++++- 2 files changed, 81 insertions(+), 1 deletion(-) diff --git a/packages/core/src/services/commitAttribution.test.ts b/packages/core/src/services/commitAttribution.test.ts index 03d64a4117a..7fb2d1ca833 100644 --- a/packages/core/src/services/commitAttribution.test.ts +++ b/packages/core/src/services/commitAttribution.test.ts @@ -194,6 +194,54 @@ describe('CommitAttributionService', () => { expect(service.getFileAttribution(filePath)).toBeDefined(); }); + // BOM/CRLF normalisation: writeTextFile preserves the file's BOM + // and CRLF line-ending choice independently of whether AI's + // recordEdit input string contained the BOM char or used LF. The + // on-disk bytes returned by `git show` can therefore include a + // leading U+FEFF and CRLFs that AI never wrote — the hash MUST + // canonicalise both sides so a BOM/CRLF file isn't dropped on + // every commit. + it('keeps entries when on-disk content has BOM but AI input did not', () => { + const service = CommitAttributionService.getInstance(); + const filePath = path.join(tmpDir, 'bom.ts'); + // Simulate the on-disk file having a BOM (writeTextFile wrote + // it because the previous file version had one). + const aiContent = 'export const foo = 42;'; + const onDiskWithBom = '' + aiContent; + fs.writeFileSync(filePath, onDiskWithBom, 'utf-8'); + service.recordEdit(filePath, null, aiContent); + + // Reader returns the on-disk content (with BOM). After + // canonicalisation, both sides hash to the same value. + service.validateAgainst(() => onDiskWithBom); + expect(service.getFileAttribution(filePath)).toBeDefined(); + }); + + it('keeps entries when on-disk uses CRLF but AI input used LF', () => { + const service = CommitAttributionService.getInstance(); + const filePath = path.join(tmpDir, 'crlf.ts'); + const aiContent = 'line one\nline two\n'; + const onDiskCrlf = 'line one\r\nline two\r\n'; + fs.writeFileSync(filePath, onDiskCrlf, 'utf-8'); + service.recordEdit(filePath, null, aiContent); + service.validateAgainst(() => onDiskCrlf); + expect(service.getFileAttribution(filePath)).toBeDefined(); + }); + + // Combined: BOM + CRLF on disk, plain LF + no BOM in AI input. + // The most common case for a Windows-edited file the model + // returned in unix form. + it('keeps entries when on-disk has BOM AND CRLF, AI input had neither', () => { + const service = CommitAttributionService.getInstance(); + const filePath = path.join(tmpDir, 'bom-crlf.ts'); + const aiContent = 'foo\nbar\n'; + const onDisk = 'foo\r\nbar\r\n'; + fs.writeFileSync(filePath, onDisk, 'utf-8'); + service.recordEdit(filePath, null, aiContent); + service.validateAgainst(() => onDisk); + expect(service.getFileAttribution(filePath)).toBeDefined(); + }); + // Legacy snapshot from before contentHash existed: the entry has // an empty contentHash. We can't tell stale from fresh, so leave // it alone (don't reset). diff --git a/packages/core/src/services/commitAttribution.ts b/packages/core/src/services/commitAttribution.ts index 26c18262ba4..db8d9476306 100644 --- a/packages/core/src/services/commitAttribution.ts +++ b/packages/core/src/services/commitAttribution.ts @@ -28,8 +28,40 @@ import { isGeneratedFile } from './generatedFiles.js'; const debugLogger = createDebugLogger('COMMIT_ATTRIBUTION'); +/** + * Strip the per-platform / per-encoding noise (leading UTF-8 BOM, + * CRLF line endings) so two byte-different but semantically-identical + * versions of the same content hash to the same value. + * + * Edit and WriteFile preserve the user's BOM/lineEnding choice when + * writing back, so the on-disk bytes can include CRLF or a leading + * U+FEFF even when AI's `recordEdit` was given LF-normalised content + * with no BOM. Without this normalisation, a `git show :` + * read of a BOM/CRLF file would always mismatch AI's recorded hash + * and drop the entry on every commit. The hash is metadata (used for + * divergence detection only); collapsing these visual differences is + * the right comparison semantics. + */ +function canonicaliseForHash(content: string): string { + // Strip a single leading UTF-8 BOM (U+FEFF). writeTextFile's + // BOM mode prepends BOM bytes to the on-disk file independently of + // whether AI's input included the BOM character in its string. + let normalised = + content.length > 0 && content.charCodeAt(0) === 0xfeff + ? content.slice(1) + : content; + // Normalise CRLF → LF. writeTextFile writes CRLF when the file's + // detected line-ending is CRLF; AI's recordEdit input is typically + // LF-normalised (Edit's `currentContent.replace(/\r\n/g, '\n')` + // happens before recordEdit fires). + normalised = normalised.replace(/\r\n/g, '\n'); + return normalised; +} + function computeContentHash(content: string): string { - return createHash('sha256').update(content).digest('hex'); + return createHash('sha256') + .update(canonicaliseForHash(content)) + .digest('hex'); } /** From 9000b9aa8c05acbc38c2d7a9181d5cd0212640f7 Mon Sep 17 00:00:00 2001 From: wenshao Date: Thu, 7 May 2026 00:43:36 +0800 Subject: [PATCH 53/64] fix(attribution): reset accumulator when re-creating a deleted tracked file MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Round 4 of multi-pass audit + Copilot finding from review 4236842362 (I missed it in the previous refresh). recordEdit's existing prior-state check was symmetric on diverged oldContent but ASYMMETRIC on a fresh file lifetime: when AI creates `foo.ts` (oldContent=null), then user `rm foo.ts`, then AI re-creates `foo.ts` (oldContent=null again), the second recordEdit saw `existing` (from the first lifetime) and SKIPPED the divergence check (because oldContent === null bails out of that branch). The accumulator carried 100 chars from the deleted file plus 5 chars from the new content = 155, vs the actual 5 on disk. Subsequent generateNotePayload's clamp against `(adds+dels) * 40` couldn't catch this — the diff size for a 1-line addition is 40, far above the actual content size. Add a fresh-file-lifetime branch: when `existing` is set AND the caller reports `oldContent === null`, reset aiContribution and aiCreated before counting the new contribution. The new edit is treated as a brand-new file at the same path (which is what the caller's null oldContent means semantically). Test added covering the exact `AI create → delete → AI re-create` flow. Also verified `should treat new files as ai-created` and `should accumulate contributions across multiple edits` still pass. --- .../src/services/commitAttribution.test.ts | 27 ++++++++++++++++ .../core/src/services/commitAttribution.ts | 32 +++++++++++++------ 2 files changed, 50 insertions(+), 9 deletions(-) diff --git a/packages/core/src/services/commitAttribution.test.ts b/packages/core/src/services/commitAttribution.test.ts index 7fb2d1ca833..275ba65bd43 100644 --- a/packages/core/src/services/commitAttribution.test.ts +++ b/packages/core/src/services/commitAttribution.test.ts @@ -137,6 +137,33 @@ describe('CommitAttributionService', () => { expect(after2.aiContribution).toBeLessThan(after1.aiContribution); }); + // Fresh-file lifetime: when AI re-creates a file at a path that was + // previously tracked but has since been deleted (oldContent === null + // signals "no file existed on disk"), the previous tracked state is + // from a different file lifetime. Without this reset, AI's + // accumulated chars from the deleted file would carry over and + // double-count toward the new file's attribution. + it('should reset accumulator when re-creating a previously-tracked deleted file', () => { + const service = CommitAttributionService.getInstance(); + // First lifetime: AI creates 'foo.ts' with 100 chars of content. + const firstContent = 'A'.repeat(100); + service.recordEdit('/project/foo.ts', null, firstContent); + const after1 = service.getFileAttribution('/project/foo.ts')!; + expect(after1.aiContribution).toBe(100); + expect(after1.aiCreated).toBe(true); + + // Second lifetime: file was deleted (e.g. user `rm foo.ts`), then + // AI re-creates it with new (shorter) content. oldContent=null + // signals "didn't exist on disk before this write". + const secondContent = 'short'; + service.recordEdit('/project/foo.ts', null, secondContent); + const after2 = service.getFileAttribution('/project/foo.ts')!; + // aiContribution should reflect ONLY the second write's chars, not + // 100 + 5. aiCreated stays true (this lifetime is also a creation). + expect(after2.aiContribution).toBe(5); + expect(after2.aiCreated).toBe(true); + }); + it('should NOT reset accumulator when oldContent matches AI last write', () => { const service = CommitAttributionService.getInstance(); service.recordEdit('/project/f.ts', 'abc', 'AI step one'); diff --git a/packages/core/src/services/commitAttribution.ts b/packages/core/src/services/commitAttribution.ts index db8d9476306..8b882f080c4 100644 --- a/packages/core/src/services/commitAttribution.ts +++ b/packages/core/src/services/commitAttribution.ts @@ -314,16 +314,30 @@ export class CommitAttributionService { let aiContribution = existing?.aiContribution ?? 0; let aiCreated = existing?.aiCreated ?? false; - // If we have a prior tracked state for this file AND the input - // `oldContent` we're being told about doesn't match the hash we - // recorded after AI's last write, the file diverged out-of-band. - // Drop the accumulated counters before applying the new edit. + // Fresh-file lifetime: if we have a prior tracked state for this + // path BUT the caller is reporting `oldContent === null` (the file + // didn't exist on disk at edit time), the previous tracking was + // for a since-deleted file at the same path — accumulating across + // distinct file lifetimes would credit AI for chars from the old + // file that no longer exist. Reset before counting the new + // contribution. Common path: AI creates `foo.ts` → user / shell + // `rm foo.ts` → AI re-creates `foo.ts` from scratch. + if (existing && isNewFile) { + aiContribution = 0; + aiCreated = false; + } + + // Out-of-band mutation: if we have a prior tracked state AND the + // input `oldContent` doesn't match the hash we recorded after + // AI's last write, the file diverged out-of-band (paste-replace + // via external editor, `git checkout`, manual save). Reset the + // accumulator before applying the new edit. // - // Skip the check when `existing.contentHash` is empty: that's a - // legacy snapshot (pre-divergence-detection schema) where we - // never recorded the post-write hash. Comparing an empty hash to - // the actual file hash would always trip the reset and silently - // wipe AI work that's still on disk. + // Skip when `existing.contentHash` is empty: that's a legacy + // snapshot (pre-divergence-detection schema) where we never + // recorded the post-write hash. Comparing an empty hash to the + // actual file hash would always trip the reset and silently wipe + // AI work that's still on disk. if (existing && existing.contentHash && oldContent !== null) { const oldHash = computeContentHash(oldContent); if (existing.contentHash !== oldHash) { From 014b250b76b5ac5b05747b8c419f719093f5f60d Mon Sep 17 00:00:00 2001 From: wenshao Date: Thu, 7 May 2026 00:51:47 +0800 Subject: [PATCH 54/64] fix(attribution): treat git -C . as in-cwd, gate preHead on attributable MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Round 5 of multi-pass audit. Two related correctness/efficiency fixes around the cwd-shift parser and the preHead capture. 1. `git -C .` (and `-C ./`, `-C.`) is a no-op cwd shift but the "any -C → cwd-shifted" rule was treating it the same as `-C /tmp/other`, suppressing attribution for what's effectively `git commit` with an explicit current-dir marker. Add an `isNoopCwdTarget` helper used in both the spaced (`-C .`) and attached (`-C.`) branches of `parseGitInvocation`. `--git-dir` / `--work-tree` are left unconditional — those aren't cwd in the same sense. 2. preHead was being captured for ANY hasCommit, including the non-attributable cases (`cd /elsewhere && git commit`, `git -C /other commit`). The only consumer of preHead is the `attachCommitAttribution` call inside the `attributableInCwd` branch — there is intentionally NO cleanup branch for the non-attributable case (see the existing comment around the `else if (commitCtx.hasCommit)` non-branch). The execFileSync for `getGitHeadSync` is dead work in that path: ~10–50 ms blocking the event loop before the user's real command spawns. Gate the capture on `attributableInCwd` to match the consumer. Tests added for the three -C dot-form variants. Full suite green: 146 in shell.test.ts, 56 in commitAttribution.test.ts. --- packages/core/src/tools/shell.test.ts | 27 +++++++++++++++ packages/core/src/tools/shell.ts | 49 ++++++++++++++++++++------- 2 files changed, 63 insertions(+), 13 deletions(-) diff --git a/packages/core/src/tools/shell.test.ts b/packages/core/src/tools/shell.test.ts index d51082e5e22..50b07de5096 100644 --- a/packages/core/src/tools/shell.test.ts +++ b/packages/core/src/tools/shell.test.ts @@ -1897,6 +1897,33 @@ describe('ShellTool', () => { ); }); + // `git -C .` (or `-C ./` or `-C .` attached as `-C.`) is a + // semantic no-op — the cwd doesn't actually change. The + // previous "any -C → cwd-shifted" rule silently skipped + // attribution for what's basically `git commit` with an + // explicit cwd marker. Treat dot-form as in-cwd. + it.each([ + ['git -C . commit', 'git -C . commit -m "in cwd"'], + ['git -C ./ commit', 'git -C ./ commit -m "in cwd"'], + ['git -C. commit (attached)', 'git -C. commit -m "in cwd"'], + ])('should add co-author for %s', async (_label, command) => { + const invocation = shellTool.build({ command, is_background: false }); + const promise = invocation.execute(mockAbortSignal); + resolveExecutionPromise({ + rawOutput: Buffer.from(''), + output: '', + exitCode: 0, + signal: null, + error: null, + aborted: false, + pid: 12345, + executionMethod: 'child_process', + }); + await promise; + const observed = mockShellExecutionService.mock.calls[0][0]; + expect(observed).toContain('Co-authored-by:'); + }); + // git's global flags (`-c`, `--no-pager`, etc.) push the // subcommand past index 1; a fixed-position check at arg1 used // to silently skip these forms. Make sure we still inject the diff --git a/packages/core/src/tools/shell.ts b/packages/core/src/tools/shell.ts index 347f4abf0b2..953db72c839 100644 --- a/packages/core/src/tools/shell.ts +++ b/packages/core/src/tools/shell.ts @@ -351,6 +351,17 @@ const GIT_GLOBAL_FLAGS_TAKES_VALUE = new Set([ // Flags whose presence shifts cwd interpretation. const GIT_GLOBAL_FLAGS_SHIFTS_CWD = new Set(['-C', '--git-dir', '--work-tree']); +// `-C .` and `-C` to an empty string are no-op cwd shifts; treating +// them as cwd-changing would suppress attribution for `git -C . commit` +// (a common alias for "explicit current dir"). Same for the absolute +// path that resolves to cwd at runtime — but we only have the literal +// argv at parse time, so the cheap textual comparison is what we can +// reasonably check here. +function isNoopCwdTarget(target: string): boolean { + const t = target.trim(); + return t === '' || t === '.' || t === './'; +} + function parseGitInvocation(tokens: string[]): { subcommand: string | undefined; changesCwd: boolean; @@ -360,7 +371,16 @@ function parseGitInvocation(tokens: string[]): { while (i < tokens.length) { const t = tokens[i]!; if (GIT_GLOBAL_FLAGS_TAKES_VALUE.has(t)) { - if (GIT_GLOBAL_FLAGS_SHIFTS_CWD.has(t)) changesCwd = true; + const value = tokens[i + 1] ?? ''; + // For `-C` specifically, the value is the new cwd. `-C .` is + // a no-op so don't flip changesCwd. (`--git-dir`/`--work-tree` + // path arguments aren't cwd in the same sense — leave those + // unconditional.) + if (t === '-C') { + if (!isNoopCwdTarget(value)) changesCwd = true; + } else if (GIT_GLOBAL_FLAGS_SHIFTS_CWD.has(t)) { + changesCwd = true; + } i += 2; continue; } @@ -370,12 +390,13 @@ function parseGitInvocation(tokens: string[]): { i++; continue; } - // Attached-value form for `-C`: `git -C/path commit ...`. Git - // accepts both `-C path` (handled above by TAKES_VALUE) and the - // concatenated form. shell-quote tokenises the latter as a single - // `-Cpath` token. + // Attached-value form for `-C`: `git -C/path commit ...` and + // `git -C. commit ...`. Git accepts both `-C path` (handled + // above by TAKES_VALUE) and the concatenated form. shell-quote + // tokenises the latter as a single `-Cpath` token. if (t.length > 2 && t.startsWith('-C')) { - changesCwd = true; + const value = t.slice(2); + if (!isNoopCwdTarget(value)) changesCwd = true; i++; continue; } @@ -1321,13 +1342,15 @@ export class ShellToolInvocation extends BaseToolInvocation< // and so attribution still runs after a `git commit && cd ..` // chain (which would have failed an "any cd anywhere" gate). const commitCtx = gitCommitContext(strippedCommand); - // Capture preHead whenever ANY git commit was attempted in the - // chain — even non-attributable ones — so the post-command branch - // can detect HEAD movement and clear stale singleton state. - // Without this, `cd subdir && git commit` (a real same-repo - // commit) would skip attribution AND fail to clear pending - // attributions, leaking them into the next foreground commit. - const preHead: string | null = commitCtx.hasCommit + // Capture preHead only when the commit will actually be + // attributed in our cwd: that's the only consumer (the + // `attributableInCwd` branch below feeds preHead into + // `attachCommitAttribution`). For non-attributable + // hasCommit cases (`cd /elsewhere && git commit`, + // `git -C /other commit`), no consumer reads preHead and the + // ~10–50 ms execFileSync is dead work that just blocks the + // event loop before the user's real command spawns. + const preHead: string | null = commitCtx.attributableInCwd ? this.getGitHeadSync(cwd) : null; From 8eb37ce73ae1dd92b660b2043ad7da64e930d298 Mon Sep 17 00:00:00 2001 From: Shaojin Wen Date: Thu, 7 May 2026 07:42:04 +0800 Subject: [PATCH 55/64] fix(core): preserve attribution across renamed files --- .../src/services/commitAttribution.test.ts | 43 ++++++++++++++++ .../core/src/services/commitAttribution.ts | 51 +++++++++++++++++++ packages/core/src/tools/shell.ts | 34 +++++++++---- 3 files changed, 119 insertions(+), 9 deletions(-) diff --git a/packages/core/src/services/commitAttribution.test.ts b/packages/core/src/services/commitAttribution.test.ts index 275ba65bd43..81cca7c67dc 100644 --- a/packages/core/src/services/commitAttribution.test.ts +++ b/packages/core/src/services/commitAttribution.test.ts @@ -28,11 +28,13 @@ function makeStagedInfo( files: string[], diffSizes?: Record, deleted?: string[], + renamed?: Record, ): StagedFileInfo { return { files, diffSizes: new Map(Object.entries(diffSizes ?? {})), deletedFiles: new Set(deleted ?? []), + renamedFiles: new Map(Object.entries(renamed ?? {})), }; } @@ -555,6 +557,47 @@ describe('CommitAttributionService', () => { ).toBeUndefined(); }); + it('moves attribution across committed renames before payload generation', () => { + const service = CommitAttributionService.getInstance(); + service.recordEdit('/var/repo/src/old.ts', '', 'renamed content'); + + service.applyCommittedRenames( + new Map([['src/old.ts', 'src/new.ts']]), + '/private/var/repo', + ); + + expect( + service.getFileAttribution('/var/repo/src/old.ts'), + ).toBeUndefined(); + expect(service.getFileAttribution('/var/repo/src/new.ts')).toBeDefined(); + + const staged = makeStagedInfo(['src/new.ts'], { 'src/new.ts': 80 }, [], { + 'src/old.ts': 'src/new.ts', + }); + const note = service.generateNotePayload(staged, '/var/repo'); + expect(note.files['src/new.ts']!.aiChars).toBe(15); + expect(note.files['src/new.ts']!.percent).toBe(19); + }); + + it('merges old-path attribution into an existing destination entry', () => { + const service = CommitAttributionService.getInstance(); + service.recordEdit('/var/repo/src/old.ts', '', 'old ai text'); + service.recordEdit('/var/repo/src/new.ts', '', 'new ai text'); + + service.applyCommittedRenames( + new Map([['src/old.ts', 'src/new.ts']]), + '/private/var/repo', + ); + + const attr = service.getFileAttribution('/var/repo/src/new.ts')!; + expect(attr.aiContribution).toBe( + 'old ai text'.length + 'new ai text'.length, + ); + expect( + service.getFileAttribution('/var/repo/src/old.ts'), + ).toBeUndefined(); + }); + it('canonicalises keys on snapshot restore', () => { const service = CommitAttributionService.getInstance(); service.restoreFromSnapshot({ diff --git a/packages/core/src/services/commitAttribution.ts b/packages/core/src/services/commitAttribution.ts index 8b882f080c4..346676f5248 100644 --- a/packages/core/src/services/commitAttribution.ts +++ b/packages/core/src/services/commitAttribution.ts @@ -162,6 +162,13 @@ export interface StagedFileInfo { files: string[]; diffSizes: Map; deletedFiles: Set; + /** + * Git rename map from old repo-relative path to new repo-relative path. + * Populated from `git diff --name-status --find-renames`. Used to move + * pending attribution from the pre-rename absolute key to the post-rename + * key before payload generation and cleanup. + */ + renamedFiles: Map; /** * Absolute path of the repository root (`git rev-parse --show-toplevel`). * Optional for backward compatibility with synthetic test inputs; @@ -521,6 +528,50 @@ export class CommitAttributionService { return matched; } + /** + * Move pending attribution across git renames before matching committed files. + * + * `recordEdit` stores attribution by canonical absolute path at edit time. + * If the user later commits `git mv old.ts new.ts`, git reports the committed + * file as `new.ts` while our map is still keyed by `old.ts`. Without moving + * the key first, the note either misses the AI-authored rename entirely or + * treats the old path as a deletion depending on diff settings. + */ + applyCommittedRenames( + renamedFiles: ReadonlyMap, + canonicalRepoRoot: string, + ): void { + if (renamedFiles.size === 0) return; + + for (const [key, attr] of [...this.fileAttributions.entries()]) { + const rel = path + .relative(canonicalRepoRoot, key) + .split(path.sep) + .join('/'); + const renamedRel = renamedFiles.get(rel); + if (!renamedRel) continue; + + const renamedAbs = realpathOrSelf( + path.join(canonicalRepoRoot, ...renamedRel.split('/')), + ); + if (renamedAbs === key) continue; + + const existing = this.fileAttributions.get(renamedAbs); + if (existing) { + this.fileAttributions.set(renamedAbs, { + aiContribution: existing.aiContribution + attr.aiContribution, + aiCreated: existing.aiCreated || attr.aiCreated, + // Prefer the destination hash: if AI edited after the rename, + // that entry reflects the freshest post-write content. + contentHash: existing.contentHash || attr.contentHash, + }); + } else { + this.fileAttributions.set(renamedAbs, { ...attr }); + } + this.fileAttributions.delete(key); + } + } + // ----------------------------------------------------------------------- // Snapshot / restore (session persistence) // ----------------------------------------------------------------------- diff --git a/packages/core/src/tools/shell.ts b/packages/core/src/tools/shell.ts index 953db72c839..67ee79927df 100644 --- a/packages/core/src/tools/shell.ts +++ b/packages/core/src/tools/shell.ts @@ -2167,6 +2167,11 @@ export class ShellToolInvocation extends BaseToolInvocation< canonicalBase = baseDir; } + attributionService.applyCommittedRenames( + stagedInfo.renamedFiles, + canonicalBase, + ); + // First-pass match: which tracked entries are part of THIS // commit? Validation must run against this subset only — a // tracked file the user didn't stage isn't in HEAD's new tree @@ -2409,6 +2414,7 @@ export class ShellToolInvocation extends BaseToolInvocation< files: [], diffSizes: new Map(), deletedFiles: new Set(), + renamedFiles: new Map(), }; // Distinguish a successful git command with no output (e.g. @@ -2513,21 +2519,23 @@ export class ShellToolInvocation extends BaseToolInvocation< return null; } diffArgs = { - name: 'diff --name-only HEAD@{1} HEAD', - status: 'diff --name-status HEAD@{1} HEAD', - numstat: 'diff --numstat HEAD@{1} HEAD', + name: 'diff --find-renames --name-only HEAD@{1} HEAD', + status: 'diff --find-renames --name-status HEAD@{1} HEAD', + numstat: 'diff --find-renames --numstat HEAD@{1} HEAD', }; } else if (hasParent) { diffArgs = { - name: 'diff --name-only HEAD~1 HEAD', - status: 'diff --name-status HEAD~1 HEAD', - numstat: 'diff --numstat HEAD~1 HEAD', + name: 'diff --find-renames --name-only HEAD~1 HEAD', + status: 'diff --find-renames --name-status HEAD~1 HEAD', + numstat: 'diff --find-renames --numstat HEAD~1 HEAD', }; } else { diffArgs = { - name: 'diff-tree --root --no-commit-id -r --name-only HEAD', - status: 'diff-tree --root --no-commit-id -r --name-status HEAD', - numstat: 'diff-tree --root --no-commit-id -r --numstat HEAD', + name: 'diff-tree --root --find-renames --no-commit-id -r --name-only HEAD', + status: + 'diff-tree --root --find-renames --no-commit-id -r --name-status HEAD', + numstat: + 'diff-tree --root --find-renames --no-commit-id -r --numstat HEAD', }; } const [nameOutput, statusOutput, numstatOutput] = await Promise.all([ @@ -2561,9 +2569,16 @@ export class ShellToolInvocation extends BaseToolInvocation< // Get deleted files const deletedFiles = new Set(); + const renamedFiles = new Map(); for (const line of statusOutput.split('\n')) { if (line.startsWith('D\t')) { deletedFiles.add(line.slice(2).trim()); + continue; + } + const parts = line.split('\t'); + const status = parts[0] ?? ''; + if (status.startsWith('R') && parts.length >= 3) { + renamedFiles.set(parts[1]!.trim(), parts[2]!.trim()); } } @@ -2587,6 +2602,7 @@ export class ShellToolInvocation extends BaseToolInvocation< files, diffSizes, deletedFiles, + renamedFiles, repoRoot: repoRoot.length > 0 ? repoRoot : undefined, }; } catch { From 56b5a0638d9d8d247d54b8c8b3b58f238b461f6c Mon Sep 17 00:00:00 2001 From: wenshao Date: Thu, 7 May 2026 08:57:34 +0800 Subject: [PATCH 56/64] fix(attribution): preserve env-vars in tokens, exclude empty -C targets MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Round 7 of multi-pass audit. Two related fixes around how `shell-quote` handles env-var references and how the cwd-shift detector reads them. 1. `shell-quote.parse` collapses `$NAME` references it cannot resolve to the empty string. The downstream cwd-shift checks (`cdTargetMayChangeRepo`'s `target.includes('$')` repo-shift detector, and the new `isNoopCwdTarget` no-op detector) were designed to catch env-var targets but received `''` instead of `$NAME` from `tokeniseSegment` and silently failed. Concretely, `cd $HOME && git commit` and `git -C $HOME commit` would both pass through as in-cwd attributable, stamping our trailer onto commits that land in whatever repo `$HOME`/`$REPO_ROOT` resolves to at runtime. Pass an env getter `(key) => '$' + key` to `shell-quote.parse` inside `tokeniseSegment` so unresolved references stay literal in tokens (`['cd', '$HOME']` instead of `['cd', '']`). `target.includes('$')` now fires correctly, and the no-op detector sees `$HOME` (non-`.`) and rejects it. KEY=value leading-env detection is unaffected (shell-quote doesn't interpolate inside KEY=value tokens). 2. Even with env preservation, an `''` target can still slip through (literal `-C ""`, escaped quotes, edge cases in shell-quote). Round 5's `isNoopCwdTarget` accepted `''` as a no-op alongside `'.'` / `'./'`, which would re-introduce the attribution-on-wrong-repo problem if any path produced an empty token. Tighten to `'.'` and `'./'` only — the only missed cases are literal `-C ""` (malformed, won't actually commit) and the rare `-C $PWD` (now also caught conservatively, since `$PWD` becomes literal `$PWD` and isn't `.` or `./`). Tests added for `cd $HOME` / `cd $REPO_ROOT && git commit` and `git -C $HOME commit` / `git -C "" commit`. Full suite green (150 in shell.test.ts, 58 in commitAttribution.test.ts). --- packages/core/src/tools/shell.test.ts | 78 +++++++++++++++++++++++++++ packages/core/src/tools/shell.ts | 42 ++++++++++++--- 2 files changed, 113 insertions(+), 7 deletions(-) diff --git a/packages/core/src/tools/shell.test.ts b/packages/core/src/tools/shell.test.ts index 50b07de5096..773eb344dc6 100644 --- a/packages/core/src/tools/shell.test.ts +++ b/packages/core/src/tools/shell.test.ts @@ -1837,6 +1837,45 @@ describe('ShellTool', () => { ); }); + // `cd $HOME && git commit` would land in whatever repo `$HOME` + // points to — typically NOT our cwd. With the default + // `shell-quote` parse, `$HOME` collapses to `''` and the + // `target.includes('$')` repo-shift check silently fails. The + // env-preserving parse keeps `$NAME` literal in tokens so this + // case is correctly flagged. + it.each([ + ['$HOME', 'cd $HOME && git commit -m "elsewhere"'], + ['$REPO_ROOT', 'cd $REPO_ROOT && git commit -m "elsewhere"'], + ])( + 'should NOT add co-author for cd %s && git commit (env-var target)', + async (_label, command) => { + const invocation = shellTool.build({ + command, + is_background: false, + }); + const promise = invocation.execute(mockAbortSignal); + resolveExecutionPromise({ + rawOutput: Buffer.from(''), + output: '', + exitCode: 0, + signal: null, + error: null, + aborted: false, + pid: 12345, + executionMethod: 'child_process', + }); + await promise; + expect(mockShellExecutionService).toHaveBeenCalledWith( + expect.not.stringContaining('Co-authored-by:'), + expect.any(String), + expect.any(Function), + expect.any(AbortSignal), + false, + {}, + ); + }, + ); + // A cd that comes AFTER an in-cwd commit doesn't invalidate the // commit's attribution — the commit already landed in our repo. it('should add co-author when cd comes AFTER git commit', async () => { @@ -1924,6 +1963,45 @@ describe('ShellTool', () => { expect(observed).toContain('Co-authored-by:'); }); + // `shell-quote` parses an unresolved env-var (`$HOME`, `$REPO`) + // or unknown command-substitution as the empty string, which is + // indistinguishable from a literal `-C ""`. Treating that as + // no-op would let `git -C $HOME commit` silently land our trailer + // on a commit that goes to a different repo. Conservative skip is + // safer than the rare `-C $PWD` miss. + it.each([ + ['git -C $HOME commit', 'git -C $HOME commit -m "elsewhere"'], + ['git -C "" commit', 'git -C "" commit -m "literal empty"'], + ])( + 'should NOT add co-author for %s (env-var/empty target)', + async (_label, command) => { + const invocation = shellTool.build({ + command, + is_background: false, + }); + const promise = invocation.execute(mockAbortSignal); + resolveExecutionPromise({ + rawOutput: Buffer.from(''), + output: '', + exitCode: 0, + signal: null, + error: null, + aborted: false, + pid: 12345, + executionMethod: 'child_process', + }); + await promise; + expect(mockShellExecutionService).toHaveBeenCalledWith( + expect.not.stringContaining('Co-authored-by:'), + expect.any(String), + expect.any(Function), + expect.any(AbortSignal), + false, + {}, + ); + }, + ); + // git's global flags (`-c`, `--no-pager`, etc.) push the // subcommand past index 1; a fixed-position check at arg1 used // to silently skip these forms. Make sure we still inject the diff --git a/packages/core/src/tools/shell.ts b/packages/core/src/tools/shell.ts index 67ee79927df..c3647fec14d 100644 --- a/packages/core/src/tools/shell.ts +++ b/packages/core/src/tools/shell.ts @@ -172,7 +172,21 @@ function pickOuterLastMatch( function tokeniseSegment(segment: string): string[] | null { let tokens: string[]; try { - tokens = parse(segment).filter((t): t is string => typeof t === 'string'); + // Pass an env getter that preserves `$NAME` references in tokens + // rather than collapsing them to `''` (shell-quote's default). + // Without this, `cd $HOME` parses as `['cd', '']` and the downstream + // `target.includes('$')` repo-shift detection silently fails: an + // env-var that points to another repo would get treated as a + // same-repo no-op and our Co-authored-by trailer would land on a + // commit in whatever repo `$HOME`/`$REPO_ROOT` resolves to at + // runtime. Same problem in `parseGitInvocation` for `git -C $HOME`. + // Single-quoted forms (`cd '$HOME'`) end up looking like a variable + // reference too, but in practice nobody creates a directory named + // literally `$HOME`, so over-flagging is the conservative-correct + // choice. + tokens = parse(segment, (key) => '$' + key).filter( + (t): t is string => typeof t === 'string', + ); } catch (e) { debugLogger.warn( `tokeniseSegment: parse failed for "${segment.slice(0, 80)}": ${ @@ -351,15 +365,29 @@ const GIT_GLOBAL_FLAGS_TAKES_VALUE = new Set([ // Flags whose presence shifts cwd interpretation. const GIT_GLOBAL_FLAGS_SHIFTS_CWD = new Set(['-C', '--git-dir', '--work-tree']); -// `-C .` and `-C` to an empty string are no-op cwd shifts; treating +// `-C .` (and `./`, attached `-C.`) are no-op cwd shifts; treating // them as cwd-changing would suppress attribution for `git -C . commit` -// (a common alias for "explicit current dir"). Same for the absolute -// path that resolves to cwd at runtime — but we only have the literal -// argv at parse time, so the cheap textual comparison is what we can -// reasonably check here. +// (a common alias for "explicit current dir"). +// +// Empty string is intentionally NOT treated as no-op even though +// `-C "" commit` is technically a no-op — `shell-quote` returns '' +// for any env-var or command-substitution that it cannot resolve at +// parse time (e.g. `-C $HOME`, `-C $REPO_ROOT`, `-C $UNSET`), so +// the literal-empty and the unknown-env-var cases are +// indistinguishable from our static view. Treating them as no-op +// would silently stamp our Co-authored-by trailer onto a commit +// that lands in whatever repo `$HOME`/`$REPO_ROOT` resolves to at +// runtime. Conservative skip is the safer call; the only missed +// attribution is for `-C $PWD commit` (rare) and literal `-C "" +// commit` (malformed and won't actually commit). +// +// Same conservatism applies to literal absolute paths that happen +// to resolve to cwd at runtime — we only have the argv at parse +// time, so the cheap textual comparison is what we can reasonably +// check here. function isNoopCwdTarget(target: string): boolean { const t = target.trim(); - return t === '' || t === '.' || t === './'; + return t === '.' || t === './'; } function parseGitInvocation(tokens: string[]): { From 8c33120275c7f8945421cbb81f873a045cfaca20 Mon Sep 17 00:00:00 2001 From: wenshao Date: Thu, 7 May 2026 10:12:21 +0800 Subject: [PATCH 57/64] fix(attribution): SHA-pin diff/rev-list phase, document aiChars heuristic MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Addresses tanzhenxin's review (4240760004) — two residuals after the prior pinning round. 1. Diff phase still races against HEAD. The note write itself was already pinned to the captured `postHead` (`git notes add -f `), but the *content* of the note — `getCommittedFileInfo`'s probe + diff calls and the multi-commit guard's `rev-list --count` — were still going through symbolic `HEAD` / `HEAD~1` / `HEAD@{1}`. Several awaited subprocesses run between the postHead capture and these reads, so a husky / lefthook auto-amender, signed-commits hook, chained `git tag -m`, or parallel git process moving HEAD in that window would leave the note attached to commit A but describing commit B's contents. Same TOCTOU class as the prior critical, half-closed. Thread `postHead` (and `preHead` for amend) through `getCommittedFileInfo`. Probes become `rev-parse --verify ${postHead}~1` and `log -1 --pretty=%P ${postHead}`; diffs become `${postHead}~1..${postHead}` (parent case), `${preHead}..${postHead}` (amend — preHead is the pre-amend SHA captured before the user's command and is exactly what HEAD@{1} resolved to at parse time, with the added benefit that it can't be GC'd between capture and use), and `diff-tree --root ` (root commit). The amend branch keeps the existing reflog-vs- no-reflog warning, just driven off `preHead` instead of HEAD@{1}. Same pin applied to `countCommitsAfter` (now `${preHead}.. ${postHead}`) and `countCommitsFromRoot` (now `${postHead}`). Why parent case uses `${postHead}~1` and NOT `${preHead}`: in `git reset HEAD~3 && git commit` chains the captured preHead points well above postHead's parent, and `${preHead}..${postHead}` would describe the reset-away commits as deletions, drastically over-attributing. The actual parent of the just-landed commit is what we want, and `${postHead}~1` is the SHA-pinned form of that. 2. `aiChars` reads as a literal char count but isn't. The field is emitted as a plain integer named `aiChars`; the PR description's example shows values like 3200 / 1500 / 4700 that anyone parsing the note will read as literal character counts. Internally it's `(addedLines + deletedLines) × 40` for text and a flat 1024 for binary, with the per-file AI accumulator clamped against that ceiling. So 1000 one-character lines and 1000 thousand-character lines both report aiChars=40000, and a 5 MB image change and a 1-byte binary tweak both report 1024. Anyone aggregating raw aiChars for compliance reporting gets systematically wrong numbers. Add a comprehensive doc block on `FileAttributionDetail` (and `CommitAttributionNote`) calling out the heuristic explicitly, noting that `percent` / `summary.aiPercent` are the correct fields for aggregation since both numerator and denominator use the same proxy. Also expand the `APPROX_CHARS_PER_LINE` / `BINARY_DIFF_SIZE_FALLBACK` const docs to point at the same caveat. (Not renaming the fields — that'd break any downstream consumer already parsing the existing schema; the doc is the minimum-disruption call here.) 208 attribution tests pass; type-check clean. --- .../core/src/services/commitAttribution.ts | 46 ++++- packages/core/src/tools/shell.ts | 195 ++++++++++++------ 2 files changed, 177 insertions(+), 64 deletions(-) diff --git a/packages/core/src/services/commitAttribution.ts b/packages/core/src/services/commitAttribution.ts index 346676f5248..4007447879f 100644 --- a/packages/core/src/services/commitAttribution.ts +++ b/packages/core/src/services/commitAttribution.ts @@ -115,22 +115,64 @@ export interface FileAttribution { contentHash: string; } -/** Per-file attribution detail in the git notes payload. */ +/** + * Per-file attribution detail in the git notes payload. + * + * Field naming caveat: `aiChars` and `humanChars` look like literal + * UTF-16/UTF-8 character counts, but they are NOT. Both are + * heuristic diff-size proxies derived from `git diff --numstat`: + * for text files the value is `(addedLines + deletedLines) × 40` + * (the 40-char/line heuristic), and for binary files both sides + * are reported as a flat `1024`. The per-file AI accumulator from + * `recordEdit` is then clamped against this same line-based ceiling. + * + * Practical consequence: a commit adding 1000 one-character lines + * and one adding 1000 thousand-character lines both report + * `aiChars = 40000`; a 5 MB image change and a 1-byte binary tweak + * both report `1024`. `percent` (and `summary.aiPercent`) is + * largely insulated from this — both numerator and denominator use + * the same heuristic — but consumers aggregating raw + * `aiChars`/`humanChars` for compliance reporting will get + * systematically biased numbers and should treat these fields as + * "approximate change size in proxy-chars" rather than literal + * char counts. + */ export interface FileAttributionDetail { + /** Heuristic diff-size proxy (NOT a literal char count — see interface doc). */ aiChars: number; + /** Heuristic diff-size proxy (NOT a literal char count — see interface doc). */ humanChars: number; + /** + * AI share of the per-file diff, rounded to integer percent. + * Robust against the heuristic in `aiChars`/`humanChars` because + * both sides of the ratio use the same proxy; safe to aggregate. + */ percent: number; surface?: string; } -/** Full attribution payload stored as git notes JSON. */ +/** + * Full attribution payload stored as git notes JSON. + * + * Same `aiChars`/`humanChars` caveat as `FileAttributionDetail`: + * those summed totals are sums of heuristic diff-size proxies, not + * literal character counts. `aiPercent` (and per-file `percent`) + * use the same proxy on both sides of the ratio, so the percentage + * is the field consumers should rely on for cross-commit + * aggregation; the raw chars values are useful for ordering + * commits within the same payload but should not be summed across + * unrelated commits as if they were byte counts. + */ export interface CommitAttributionNote { version: 1; generator: string; files: Record; summary: { + /** AI share of the whole commit, rounded to integer percent. */ aiPercent: number; + /** Sum of per-file `aiChars` heuristic proxies (see FileAttributionDetail). */ aiChars: number; + /** Sum of per-file `humanChars` heuristic proxies (see FileAttributionDetail). */ humanChars: number; totalFilesTouched: number; surfaces: string[]; diff --git a/packages/core/src/tools/shell.ts b/packages/core/src/tools/shell.ts index c3647fec14d..90e68cdf334 100644 --- a/packages/core/src/tools/shell.ts +++ b/packages/core/src/tools/shell.ts @@ -725,9 +725,26 @@ function findGhPrCreateSegment( return null; } -/** Approximate characters per text line for the diff-size estimate. */ +/** + * Approximate characters per text line for the diff-size proxy. + * `numstat` reports added+deleted line counts; we multiply by this + * constant to get a coarse "change magnitude" the per-file AI + * accumulator can be clamped against. The downstream `aiChars` / + * `humanChars` fields in the git-notes payload are literally + * (lines × this constant) — they are NOT real character counts. + * See the `FileAttributionDetail` interface doc for the consequences + * for consumers that aggregate the raw values. + */ const APPROX_CHARS_PER_LINE = 40; -/** Fallback char estimate when --numstat reports `-` (binary file). */ +/** + * Fallback diff-size proxy for binary files. `numstat` reports `-` + * (instead of integer counts) for any non-text blob, so we can't + * compute a per-line estimate; this flat value lets the entry + * survive into the payload at a consistent (if coarse) size. + * Same heuristic-not-literal caveat as `APPROX_CHARS_PER_LINE` — + * a 5 MB image change and a 1-byte binary tweak both report this + * value. + */ const BINARY_DIFF_SIZE_FALLBACK = 1024; /** @@ -1929,27 +1946,39 @@ export class ShellToolInvocation extends BaseToolInvocation< } /** - * Count the commits between `preHead` (exclusive) and `HEAD` - * (inclusive). Returns 0 if either side is unreadable. Goes through - * `child_process.execFile` with argv to stay independent of the - * mockable `ShellExecutionService`. + * Count the commits between `preHead` (exclusive) and `postHead` + * (inclusive). SHA-pinned on both ends so a post-commit hook moving + * HEAD between this check and the note write can't change the + * answer (`HEAD~1..HEAD` here would race the same TOCTOU window + * the diff calls were just pinned against). Returns 0 if either + * side is unreadable. Goes through `child_process.execFile` with + * argv to stay independent of the mockable `ShellExecutionService`. */ private async countCommitsAfter( cwd: string, preHead: string, + postHead: string, ): Promise { - return this.runGitCount(cwd, ['rev-list', '--count', `${preHead}..HEAD`]); + return this.runGitCount(cwd, [ + 'rev-list', + '--count', + `${preHead}..${postHead}`, + ]); } /** - * Count commits reachable from HEAD when the repo had no prior + * Count commits reachable from `postHead` when the repo had no prior * HEAD before the user's command — i.e. the very first commit (or * compound `init && commit && commit ...`). Without this fallback * the multi-commit guard would be skipped on a brand-new repo and - * mis-attribute combined data to the final commit. + * mis-attribute combined data to the final commit. SHA-pinned for + * the same reason as `countCommitsAfter`. */ - private async countCommitsFromRoot(cwd: string): Promise { - return this.runGitCount(cwd, ['rev-list', '--count', 'HEAD']); + private async countCommitsFromRoot( + cwd: string, + postHead: string, + ): Promise { + return this.runGitCount(cwd, ['rev-list', '--count', postHead]); } /** Shared helper for the two `rev-list --count` invocations. */ @@ -2094,8 +2123,8 @@ export class ShellToolInvocation extends BaseToolInvocation< // commit b` chain still gets caught. const commitCount = preHead !== null - ? await this.countCommitsAfter(cwd, preHead) - : await this.countCommitsFromRoot(cwd); + ? await this.countCommitsAfter(cwd, preHead, postHead) + : await this.countCommitsFromRoot(cwd, postHead); // commitCreated has already established that HEAD moved, so we // expect exactly 1 commit. Anything else is suspicious: // - >1: actual multi-commit chain we can't partition @@ -2142,9 +2171,18 @@ export class ShellToolInvocation extends BaseToolInvocation< let shouldClear: Set | null = null; let warning: string | null = null; try { - // Analyze the just-committed files by diffing HEAD against its parent. - // The commit already happened, so we diff HEAD~1..HEAD instead of --cached. - const stagedInfo = await this.getCommittedFileInfo(cwd, isAmend); + // Analyze the just-committed files by diffing the captured + // `postHead` against its parent (or `preHead` for amend). All + // diff calls are SHA-pinned so a post-commit hook / chained + // `git tag` / parallel git process moving HEAD between the + // analysis phase and the note write can't leave the note + // attached to commit A but describing commit B. + const stagedInfo = await this.getCommittedFileInfo( + cwd, + isAmend, + postHead, + preHead, + ); // null = analysis failed (shallow clone, --amend without reflog, // partial diff failure, etc.). Leave `committedAbsolutePaths` @@ -2437,6 +2475,8 @@ export class ShellToolInvocation extends BaseToolInvocation< private async getCommittedFileInfo( cwd: string, isAmend: boolean, + postHead: string, + preHead: string | null, ): Promise { const empty: StagedFileInfo = { files: [], @@ -2467,51 +2507,65 @@ export class ShellToolInvocation extends BaseToolInvocation< }; try { + // SHA-pin every probe and diff to the captured `postHead` (and + // `preHead` for amend). Using symbolic `HEAD` here would re-open + // the same TOCTOU class that the `git notes` write was already + // pinned against: between this analysis phase and the note write, + // a post-commit hook (husky/lefthook auto-amend, sign-off, signed + // commits adjustment), a chained `git tag -m ...`, or a parallel + // git process can advance HEAD — and then `HEAD~1..HEAD` / + // `diff-tree HEAD` would describe whatever commit HEAD now + // points at, while the note still attaches to the original + // `postHead`. The result is a note on commit A whose contents + // describe commit B. Pinning to `postHead` keeps the analysis + // and the note consistent. + // // The three calls are independent — fan out so we don't pay the // spawn latency serially. Same for the three diff calls below // once we know which form to use. - // - `rev-parse --verify HEAD~1`: probe whether the parent OBJECT - // is locally available (fails in shallow clones where the - // parent was pruned). - // - `log -1 --pretty=%P HEAD`: read the parent SHA from HEAD's - // commit metadata. Works regardless of shallow status because - // the parent SHA is recorded on the commit itself, not derived - // by walking. Empty output = HEAD is a true root commit. - // Non-empty output = HEAD has a parent (whether or not its - // object is locally available). - // - `rev-parse --show-toplevel`: capture the repo root. + // - `rev-parse --verify ${postHead}~1`: probe whether the parent + // OBJECT is locally available (fails in shallow clones where + // the parent was pruned). + // - `log -1 --pretty=%P ${postHead}`: read the parent SHA from + // the commit metadata. Works regardless of shallow status + // because the parent SHA is recorded on the commit itself, not + // derived by walking. Empty output = postHead is a true root + // commit. Non-empty output = postHead has a parent (whether or + // not its object is locally available). + // - `rev-parse --show-toplevel`: capture the repo root (HEAD- + // independent). // - // `rev-list --count HEAD` looks tempting as a "is this a root + // `rev-list --count` looks tempting as a "is this a root // commit?" probe but it returns 1 in a depth-1 shallow clone // (only the local object is reachable), aliasing the shallow // and root cases. The parent-SHA approach disambiguates them // correctly. const [hasParentOutput, parentShaOutput, repoRootOutput] = await Promise.all([ - runGit('rev-parse --verify HEAD~1'), - runGit('log -1 --pretty=%P HEAD'), + runGit(`rev-parse --verify ${postHead}~1`), + runGit(`log -1 --pretty=%P ${postHead}`), runGit('rev-parse --show-toplevel'), ]); - // `rev-parse --verify HEAD~1` is allowed to fail (shallow + // `rev-parse --verify ~1` is allowed to fail (shallow // clone, true root commit) — treat null and '' uniformly. const hasParent = hasParentOutput !== null && hasParentOutput.length > 0; - // `log -1 --pretty=%P HEAD` MUST succeed; if git can't read the - // current HEAD's metadata we have no way to tell shallow apart - // from a real root commit. Bail. + // `log -1 --pretty=%P ` MUST succeed; if git can't read + // postHead's metadata we have no way to tell shallow apart from + // a real root commit. Bail. if (parentShaOutput === null) { debugLogger.warn( - 'getCommittedFileInfo: log -1 --pretty=%P HEAD failed; ' + + 'getCommittedFileInfo: log -1 --pretty=%P failed; ' + 'cannot distinguish shallow clone from true root commit.', ); return null; } const isTrueRootCommit = parentShaOutput.trim().length === 0; - // Shallow clone: HEAD has a parent recorded but the object + // Shallow clone: postHead has a parent recorded but the object // isn't local. Bail rather than over-attribute via --root. if (!hasParent && !isTrueRootCommit) { debugLogger.warn( - 'getCommittedFileInfo: HEAD~1 unreadable but commit is not the ' + - 'true root (shallow clone?); skipping attribution to avoid ' + + 'getCommittedFileInfo: ~1 unreadable but commit is not ' + + 'the true root (shallow clone?); skipping attribution to avoid ' + 'attributing the entire commit contents.', ); return null; @@ -2525,45 +2579,62 @@ export class ShellToolInvocation extends BaseToolInvocation< const repoRoot = (repoRootOutput ?? '').trim(); // Choose the diff range: - // - amend: `HEAD@{1}..HEAD` — the actual amend delta. The - // pre-amend HEAD is in the reflog and points at the original - // commit; diffing against the *amended* HEAD captures only - // what changed in this amend operation, not the entire commit - // contents (which `HEAD~1..HEAD` would falsely include). - // - has parent: `HEAD~1..HEAD` — standard parent diff. - // - root commit: `diff-tree --root` against the empty tree. + // - amend: `${preHead}..${postHead}` — the actual amend delta. + // `preHead` was captured BEFORE the user's command ran and so + // points at the original (pre-amend) commit. The amend rewrote + // that commit into postHead; diffing them captures only what + // changed in this amend, not the entire amended commit's + // contents (which `${postHead}~1..${postHead}` would falsely + // include — postHead's parent is the original's parent, so + // diffing against it spans both commits' worth of changes). + // - has parent: `${postHead}~1..${postHead}` — pin both ends. + // We do NOT use `${preHead}..${postHead}` here: in chains like + // `git reset HEAD~3 && git commit`, preHead points well above + // postHead's parent and the diff would include the reset-away + // commits as deletions, dramatically over-attributing. + // - root commit: `diff-tree --root ` against the empty + // tree. let diffArgs: { name: string; status: string; numstat: string }; if (isAmend) { - // Verify HEAD@{1} actually exists; reflogs can be GC'd. - const reflogProbe = await runGit('rev-parse --verify HEAD@{1}'); - const hasReflog = reflogProbe !== null && reflogProbe.length > 0; - if (!hasReflog) { - // Without a pre-amend snapshot we can't compute the amend - // delta; emitting `HEAD~1..HEAD` would over-attribute. + // For amend, the pre-amend SHA we need is `preHead`. It must + // be non-null (caller's `attributableInCwd` gate already + // captured it for any commit attempt); a missing preHead means + // a brand-new repo where amend isn't meaningful anyway. + if (preHead === null) { + debugLogger.warn( + 'getCommittedFileInfo: --amend with no preHead; skipping ' + + 'attribution note (cannot determine amend delta).', + ); + return null; + } + // Verify the pre-amend SHA still resolves. preHead is captured + // synchronously before spawn, but a concurrent `git gc` / + // `git prune` could in principle remove the object before we + // try to diff against it. + const preHeadProbe = await runGit(`rev-parse --verify ${preHead}`); + if (preHeadProbe === null || preHeadProbe.length === 0) { debugLogger.warn( - 'getCommittedFileInfo: --amend with empty reflog; skipping ' + + 'getCommittedFileInfo: --amend preHead unresolvable; skipping ' + 'attribution note (cannot determine amend delta).', ); return null; } diffArgs = { - name: 'diff --find-renames --name-only HEAD@{1} HEAD', - status: 'diff --find-renames --name-status HEAD@{1} HEAD', - numstat: 'diff --find-renames --numstat HEAD@{1} HEAD', + name: `diff --find-renames --name-only ${preHead} ${postHead}`, + status: `diff --find-renames --name-status ${preHead} ${postHead}`, + numstat: `diff --find-renames --numstat ${preHead} ${postHead}`, }; } else if (hasParent) { diffArgs = { - name: 'diff --find-renames --name-only HEAD~1 HEAD', - status: 'diff --find-renames --name-status HEAD~1 HEAD', - numstat: 'diff --find-renames --numstat HEAD~1 HEAD', + name: `diff --find-renames --name-only ${postHead}~1 ${postHead}`, + status: `diff --find-renames --name-status ${postHead}~1 ${postHead}`, + numstat: `diff --find-renames --numstat ${postHead}~1 ${postHead}`, }; } else { diffArgs = { - name: 'diff-tree --root --find-renames --no-commit-id -r --name-only HEAD', - status: - 'diff-tree --root --find-renames --no-commit-id -r --name-status HEAD', - numstat: - 'diff-tree --root --find-renames --no-commit-id -r --numstat HEAD', + name: `diff-tree --root --find-renames --no-commit-id -r --name-only ${postHead}`, + status: `diff-tree --root --find-renames --no-commit-id -r --name-status ${postHead}`, + numstat: `diff-tree --root --find-renames --no-commit-id -r --numstat ${postHead}`, }; } const [nameOutput, statusOutput, numstatOutput] = await Promise.all([ From af5a1d9d7cbb9031c065f25138f968396addf2b4 Mon Sep 17 00:00:00 2001 From: wenshao Date: Thu, 7 May 2026 10:58:24 +0800 Subject: [PATCH 58/64] fix(attribution): use posix join in applyCommittedRenames for Windows compat MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Windows CI failure on the two new rename tests (visible at PR #3115's `Test (windows-latest, *)` jobs): AssertionError: expected undefined to be defined ❯ src/services/commitAttribution.test.ts:572:66 (basic move) AssertionError: expected 11 to be 22 (merge into existing) Root cause: `path.join(canonicalRepoRoot, ...renamedRel.split('/'))` calls `path.win32.join` on Windows, which forces backslash separators regardless of input form. The test's `fs.realpathSync` mock returns forward-slash paths (matching the macOS `/var` ↔ `/private/var` fixture style), so `recordEdit` stores keys like `/private/var/repo/src/old.ts`. The rename's joined target then came out as `\\private\\var\\repo\\src\\new.ts`, the mock left it unchanged (no `/var/` prefix to translate), and the subsequent `fileAttributions.get(renamedAbs)` / `getFileAttribution(...)` lookups missed the just-set entry — the rename silently dropped attribution. The fix: build the joined path with `path.posix.join` against a forward-slash-normalised `posixRepoRoot`, then let `realpathOrSelf` canonicalise to the platform's storage form. This way: - On real Windows production: posix-joined `D:/repo/src/new.ts` is accepted by `fs.realpathSync` (Win32 API takes mixed slashes) and returned in backslash form, matching what `recordEdit` stored. - On real Linux/macOS production: forward-slash throughout, no-op. - In the symlink-aware test (any platform): forward-slash matches the mock-fixture storage form. `matchCommittedFiles` already does the inverse normalisation (`.split(path.sep).join('/')` for the relative-form check), so the in/out paths line up either way. Skipped adding a path.sep-mocked Linux-side regression because the ESM module namespace doesn't allow `vi.spyOn` on path's exports. The Windows CI job is the regression catcher; a focused-rerun should now go green. --- packages/core/src/services/commitAttribution.ts | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/packages/core/src/services/commitAttribution.ts b/packages/core/src/services/commitAttribution.ts index 4007447879f..0a1956bdd9d 100644 --- a/packages/core/src/services/commitAttribution.ts +++ b/packages/core/src/services/commitAttribution.ts @@ -585,6 +585,14 @@ export class CommitAttributionService { ): void { if (renamedFiles.size === 0) return; + // Build the new-key path using POSIX semantics so the joined + // string matches `git diff --name-only` output (which is always + // forward-slash) and isn't subject to `path.win32.join`'s + // backslash conversion. `realpathOrSelf` is what canonicalises + // back to the platform's actual storage form: on Windows it + // calls `fs.realpathSync` which accepts mixed slashes and returns + // backslash form, matching what `recordEdit` stored. + const posixRepoRoot = canonicalRepoRoot.split(path.sep).join('/'); for (const [key, attr] of [...this.fileAttributions.entries()]) { const rel = path .relative(canonicalRepoRoot, key) @@ -594,7 +602,7 @@ export class CommitAttributionService { if (!renamedRel) continue; const renamedAbs = realpathOrSelf( - path.join(canonicalRepoRoot, ...renamedRel.split('/')), + path.posix.join(posixRepoRoot, renamedRel), ); if (renamedAbs === key) continue; From 9493369ed260306126b040075f5379bf606c3e90 Mon Sep 17 00:00:00 2001 From: wenshao Date: Thu, 7 May 2026 11:58:27 +0800 Subject: [PATCH 59/64] docs(attribution): refresh stale HEAD~1/HEAD@{1} references in comments MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The SHA-pinning round (8c3312027) replaced symbolic `HEAD~1..HEAD` / `HEAD@{1}..HEAD` with `${postHead}~1..${postHead}` and `${preHead}..${postHead}` in `getCommittedFileInfo` and the rev-list helpers, but three docstrings / inline comments still described the old shapes: - `isAmendCommit` JSDoc said the amend switch goes from `HEAD~1..HEAD` to `HEAD@{1}..HEAD`. Updated to reference `${postHead}~1..${postHead}` and `${preHead}..${postHead}`, with the why (amended commit's parent is the original's parent so the standard parent diff lumps both commits' changes). - `attachCommitAttribution`'s amend branch comment had the same drift; updated to mention `${preHead}..${postHead}` directly. - `getCommittedFileInfo` JSDoc said it diffs "HEAD against its parent (HEAD~1)" and listed "--amend with no reflog" as an analysis-failure case. Updated to mention postHead-pinning and the preHead-driven amend bail (the reflog-GC dependency was dropped in the SHA-pin round). The remaining `HEAD~1..HEAD` references at countCommitsAfter:1959 and getCommittedFileInfo:2523 are intentional — they describe the old buggy shape as contrast for why we pin now. No code change; tests + tsc still clean. --- packages/core/src/tools/shell.ts | 36 +++++++++++++++++++++----------- 1 file changed, 24 insertions(+), 12 deletions(-) diff --git a/packages/core/src/tools/shell.ts b/packages/core/src/tools/shell.ts index 90e68cdf334..b2e887be40f 100644 --- a/packages/core/src/tools/shell.ts +++ b/packages/core/src/tools/shell.ts @@ -597,14 +597,17 @@ function cdTargetMayChangeRepo(tokens: string[]): boolean { /** * Detect whether the attributable `git commit` invocation in * `command` carries the `--amend` flag. Used so attachCommitAttribution - * can switch the diff range from `HEAD~1..HEAD` (the amended commit - * vs its parent — too broad for amend) to `HEAD@{1}..HEAD` (the - * actual amend delta). + * can switch the diff range from `${postHead}~1..${postHead}` (the + * amended commit vs its parent — too broad for amend, since the + * amended commit's parent is the original commit's parent, so this + * diff lumps both commits' worth of changes) to + * `${preHead}..${postHead}` (the actual amend delta — `preHead` was + * captured synchronously before spawn and is the pre-amend SHA). * * Only the *first* commit segment that runs in the same cwd as the * shell tool counts. `git -C ../other commit --amend && git commit -m x` * must not flip the diff range for the second (fresh) commit, since - * `HEAD@{1}` belongs to the inner repo there, not ours. + * `preHead` would be the inner repo's SHA there, not ours. */ function isAmendCommit(command: string): boolean { let cwdShifted = false; @@ -1545,11 +1548,15 @@ export class ShellToolInvocation extends BaseToolInvocation< // movement, so it's a no-op when no commit was actually created. let attributionWarning: string | null = null; if (commitCtx.attributableInCwd) { - // `git commit --amend` rewrites HEAD in place, so the diff - // `HEAD~1..HEAD` would span the entire amended commit (parent → - // amended), not just what this amend changed. Detect the flag - // so getCommittedFileInfo can switch to `HEAD@{1}..HEAD` and - // attribute only the actual amend delta. + // `git commit --amend` rewrites HEAD in place, so the standard + // parent-vs-postHead diff (`${postHead}~1..${postHead}`) would + // span the entire amended commit (the amended commit's parent + // is the original's parent, so diffing against it lumps both + // commits' worth of changes). Detect the flag so + // `getCommittedFileInfo` can switch to `${preHead}..${postHead}` + // — `preHead` was captured synchronously before spawn and is + // the pre-amend SHA, so this range captures only the amend + // delta. const isAmend = isAmendCommit(strippedCommand); attributionWarning = await this.attachCommitAttribution( cwd, @@ -2454,8 +2461,12 @@ export class ShellToolInvocation extends BaseToolInvocation< } /** - * Get information about files in the most recent commit by diffing - * HEAD against its parent (HEAD~1). + * Get information about files in the just-landed commit by diffing + * the captured `postHead` against its parent (`${postHead}~1`), or + * for amend against `preHead` (the captured pre-amend SHA). All + * probes/diffs are SHA-pinned so a post-commit hook moving HEAD + * between this call and the eventual `git notes` write can't make + * the note describe a different commit than it attaches to. * * Returns: * - A populated `StagedFileInfo` when analysis succeeded. @@ -2463,7 +2474,8 @@ export class ShellToolInvocation extends BaseToolInvocation< * (e.g. `--allow-empty`). The caller does a no-op partial clear so * pending AI attributions stay tracked for the next real commit. * - `null` when analysis itself failed (shallow clone with no parent - * object, --amend with no reflog, partial diff failure, exception). + * object, --amend with `preHead === null` or unresolvable `preHead`, + * partial diff failure, exception). * The caller treats this as "could not determine the committed * set" and falls back to `noteCommitWithoutClearing()` — snapshots * the prompt counter but leaves per-file attribution intact, so From b89b65533f005a1266ccb9f1acf7b33a41c4f73b Mon Sep 17 00:00:00 2001 From: wenshao Date: Thu, 7 May 2026 13:55:17 +0800 Subject: [PATCH 60/64] fix(attribution): catch attached-value forms of env/sudo cwd-shift flags MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Round 13 audit found a real bug: `sudo --chdir=/tmp git commit`, `env -C/tmp git commit`, `env --chdir=/tmp git commit`, and `sudo -D/tmp git commit` were all silently slipping through the cwd-shift detector and getting our `Co-authored-by` trailer stamped onto commits that landed in a different repo. Root cause: `shell-quote` tokenises both the long attached form (`--chdir=/tmp`) and the short attached form (`-C/tmp`) as a single argv entry. The previous SHIFT_CWD detector did set-membership only against the bare flag (`{'-C', '--chdir'}` for env; `{'-D', '--chdir'}` for sudo), so the attached-form tokens never matched and `tokeniseSegment` returned a normally-attributable `['git', 'commit', ...]` segment. Fix: introduce `isShiftCwdFlag(flag, set)` that catches: - bare set-membership (existing behavior), - long attached: `--name=...` when `--name` is in the set, - short attached: `-Xanything` when `-X` is in the set and the token is longer than the flag itself. The flag does NOT need to consume an extra value token in the attached-form case (the value is already embedded), so the existing TAKES_VALUE bookkeeping is unaffected — we just bail with `null` from `tokeniseSegment` before reaching the value-skip step. Tests added: `env --chdir=`, `env -C/...` (attached), `sudo --chdir=`, `sudo -D/...` (attached) — each is asserted NOT to add a co-author trailer. 154 shell tests pass; type-check + lint clean. --- packages/core/src/tools/shell.test.ts | 10 +++++++ packages/core/src/tools/shell.ts | 43 ++++++++++++++++++++++++--- 2 files changed, 49 insertions(+), 4 deletions(-) diff --git a/packages/core/src/tools/shell.test.ts b/packages/core/src/tools/shell.test.ts index 773eb344dc6..5e97236a178 100644 --- a/packages/core/src/tools/shell.test.ts +++ b/packages/core/src/tools/shell.test.ts @@ -1765,6 +1765,16 @@ describe('ShellTool', () => { // contract as `cd /elsewhere && git commit`. ['env -C', 'env -C /tmp/other git commit -m "msg"'], ['env --chdir', 'env --chdir /tmp/other git commit -m "msg"'], + // Attached-value forms: `shell-quote` tokenises `--chdir=/tmp` + // and `-C/tmp` as single argv entries, so the bare-flag set + // membership check would miss them. Without explicit + // attached-form handling, `sudo --chdir=/tmp git commit` and + // `env -C/tmp git commit` would silently land our trailer on + // a commit in the wrong repo. + ['env --chdir=', 'env --chdir=/tmp/other git commit -m "msg"'], + ['env -C attached', 'env -C/tmp/other git commit -m "msg"'], + ['sudo --chdir=', 'sudo --chdir=/tmp/other git commit -m "msg"'], + ['sudo -D attached', 'sudo -D/tmp/other git commit -m "msg"'], ])( 'should NOT add co-author for repo-redirecting %s assignment', async (_label, command) => { diff --git a/packages/core/src/tools/shell.ts b/packages/core/src/tools/shell.ts index b2e887be40f..933de97ca7c 100644 --- a/packages/core/src/tools/shell.ts +++ b/packages/core/src/tools/shell.ts @@ -230,10 +230,21 @@ function tokeniseSegment(segment: string): string[] | null { // segment as repo-shifting (same contract as a leading // `GIT_DIR=...` assignment) so we don't stamp our trailer onto // a commit that landed in a different repository. - if ( - (wrapper === 'env' && ENV_FLAGS_SHIFT_CWD.has(flag)) || - (wrapper === 'sudo' && SUDO_FLAGS_SHIFT_CWD.has(flag)) - ) { + // + // Also catch the attached-value forms `--chdir=DIR` and the + // short-form `-CDIR` / `-DDIR` that shell-quote tokenises as a + // single argv entry. Without this, `sudo --chdir=/tmp git + // commit` and `env -C/tmp git commit` would both pass through + // the bare-flag check (which is set-membership, not prefix- + // match) and silently land our trailer on a commit in the + // wrong repo. + const shiftSet = + wrapper === 'env' + ? ENV_FLAGS_SHIFT_CWD + : wrapper === 'sudo' + ? SUDO_FLAGS_SHIFT_CWD + : null; + if (shiftSet && isShiftCwdFlag(flag, shiftSet)) { return null; } // Value-taking flag tables, per wrapper: `sudo -u user`, @@ -303,6 +314,30 @@ const ENV_FLAGS_SHIFT_CWD = new Set(['-C', '--chdir']); // targets DIR's repo, not ours. Refuse the segment. const SUDO_FLAGS_SHIFT_CWD = new Set(['-D', '--chdir']); +/** + * Match a flag token against a SHIFT_CWD set, including attached-value + * forms. Bare `--chdir`/`-D`/`-C` are caught by direct set membership; + * the long attached form `--name=value` matches when `--name` is in the + * set, and the short attached form `-Xvalue` matches when `-X` is in + * the set AND the token is longer than the flag (so `-D` alone doesn't + * spuriously match `-D` against itself twice). + */ +function isShiftCwdFlag(flag: string, set: ReadonlySet): boolean { + if (set.has(flag)) return true; + for (const f of set) { + if (f.startsWith('--') && flag.startsWith(f + '=')) return true; + if ( + f.length === 2 && + f.startsWith('-') && + flag.startsWith(f) && + flag.length > 2 + ) { + return true; + } + } + return false; +} + /** * Environment variables that redirect git's repository selection. A * leading `GIT_DIR=...`, `GIT_WORK_TREE=...`, etc. on a command makes From 5e52481611b156ccf665f847c18f517170b93e44 Mon Sep 17 00:00:00 2001 From: wenshao Date: Thu, 7 May 2026 13:57:27 +0800 Subject: [PATCH 61/64] test(attribution): cover attached-form git -C/--git-dir/--work-tree MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Adds three regression cases to the existing "git -C " suppression test: the short attached form `-C/path` (single shell-quote token) and the long attached forms `--git-dir=/path` / `--work-tree=/path`. parseGitInvocation already had the prefix checks at lines 416/425, but no test exercised them — paired with the b89b65533 sudo/env attached- form fix this round closes the family of "shell-quote single-token flag with embedded value" cases that the bare set-membership checks would otherwise miss. 157 shell tests pass; type-check clean. --- packages/core/src/tools/shell.test.ts | 22 +++++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) diff --git a/packages/core/src/tools/shell.test.ts b/packages/core/src/tools/shell.test.ts index 5e97236a178..6383d2e7c09 100644 --- a/packages/core/src/tools/shell.test.ts +++ b/packages/core/src/tools/shell.test.ts @@ -1917,9 +1917,25 @@ describe('ShellTool', () => { }); // `git -C commit` runs in , not our cwd — same risk - // as the cd case, so the rewrite should be skipped. - it('should NOT add co-author for git -C commit', async () => { - const command = 'git -C /tmp/other commit -m "Other repo"'; + // as the cd case, so the rewrite should be skipped. Also covers + // the attached-value form `-C/path` (single token from + // shell-quote) and the long-flag attached forms + // `--git-dir=/path` / `--work-tree=/path`. + it.each([ + ['git -C /tmp/other commit', 'git -C /tmp/other commit -m "Other"'], + [ + 'git -C/tmp/other commit (attached)', + 'git -C/tmp/other commit -m "Other"', + ], + [ + 'git --git-dir=/tmp/other/.git commit', + 'git --git-dir=/tmp/other/.git commit -m "Other"', + ], + [ + 'git --work-tree=/tmp/other commit', + 'git --work-tree=/tmp/other commit -m "Other"', + ], + ])('should NOT add co-author for %s', async (_label, command) => { const invocation = shellTool.build({ command, is_background: false }); const promise = invocation.execute(mockAbortSignal); From dc28d678ab05057b017896ceb6fdd0c4dbbf0dda Mon Sep 17 00:00:00 2001 From: wenshao Date: Thu, 7 May 2026 14:01:28 +0800 Subject: [PATCH 62/64] docs(attribution): document why backtick body doesn't bail like $( MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The addCoAuthorToGitCommit body capture has a known truncation case when an inner unescaped `"` appears inside the captured body — handled for `$(...)` command substitution with an explicit bailout, but not for backtick command substitution. The trade-off was unspoken; spell it out so a future reviewer doesn't read the asymmetry as an oversight. Bare-backtick bodies (`\`func()\`` markdown-style) are common in commit messages, have no inner `"`, and the regex captures them correctly. Pathological backtick-with-inner-quote bodies (`\`cmd "with" quotes\``) are a near-zero-traffic case where bash itself already interprets the backticks as command substitution, so the user has likely already broken their own command before our rewrite runs. Bailing on any backtick would lose attribution for the common case to defend against the rare one. Also drops a stray blank line in commitAttribution.test.ts left over from an earlier regression-test attempt. --- packages/core/src/tools/shell.ts | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/packages/core/src/tools/shell.ts b/packages/core/src/tools/shell.ts index 933de97ca7c..a20049baf8c 100644 --- a/packages/core/src/tools/shell.ts +++ b/packages/core/src/tools/shell.ts @@ -2866,6 +2866,18 @@ export class ShellToolInvocation extends BaseToolInvocation< // substitution and break the shell command. Recognising // `$(` is enough — if it's there we can't safely rewrite // without a real shell parser. + // + // We do NOT bail on a bare backtick: while `\`cmd "with" quotes\`` + // suffers the same regex-truncation bug, the common markdown- + // style `\`func()\`` in a commit body has no inner `"` and works + // fine. Bailing on any backtick would lose attribution for the + // common case to defend against a near-zero-traffic pathological + // case where the user typed raw backticks INSIDE a double-quoted + // body and put inner double-quotes inside the backtick span. + // bash itself would interpret that as command substitution + // anyway — almost certainly a user error rather than a real + // commit message — so the rewrite is at most one of several + // things that go wrong. if (existingMessage.includes('$(')) { return command; } From 1852ef22e80cbb82974e71e59edf52894dd33253 Mon Sep 17 00:00:00 2001 From: wenshao Date: Thu, 7 May 2026 14:05:55 +0800 Subject: [PATCH 63/64] fix(attribution): scope trailer rewrite to before unquoted shell comment MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Round 13 follow-on. Both `addCoAuthorToGitCommit` and `addAttributionToPR` ran their `-m` / `--body` regex against the full segment string, including any trailing shell comment. For a command like `git commit -m "real" # -m "fake"` (a human-authored script might leave a comment-out flag in place), `lastMatchOf` would pick the comment's `-m "fake"`, splice the `Co-authored-by:` trailer in there, and bash would silently discard the entire segment as a comment — leaving the actual commit unattributed. Same shape for `gh pr create --body "real" # --body "fake"`. Fix: introduce `findUnquotedCommentStart(s)` — a bash-aware position scanner that tracks single/double-quote state and treats `#` as a comment marker only when it begins a word (start of input or preceded by whitespace), not when it appears inside a quoted region or mid-token like `foo#bar`. Both rewriters slice the segment to `[0, commentStart)` before running their regex, so the trailer can only land in the live (pre-comment) part. Tests added: - `git commit -m "real" # -m "fake"` — trailer lands in `"real"` body BEFORE the `#`, comment's `-m "fake"` is left untouched. - `git commit -m "fix #123 add feature"` — `#` inside the quoted body is correctly NOT treated as a comment; the `#123` stays inside the body and the trailer is appended. 159 shell tests pass; type-check clean. --- packages/core/src/tools/shell.test.ts | 63 +++++++++++++++++++++++++++ packages/core/src/tools/shell.ts | 61 +++++++++++++++++++++++++- 2 files changed, 122 insertions(+), 2 deletions(-) diff --git a/packages/core/src/tools/shell.test.ts b/packages/core/src/tools/shell.test.ts index 6383d2e7c09..13affb8cffb 100644 --- a/packages/core/src/tools/shell.test.ts +++ b/packages/core/src/tools/shell.test.ts @@ -2028,6 +2028,69 @@ describe('ShellTool', () => { }, ); + // Trailing shell comments must not confuse the `-m` rewrite: + // `git commit -m "real" # -m "fake"` would otherwise have + // `lastMatchOf` pick the comment's `-m "fake"` and splice the + // trailer into a `-m` flag bash discards, leaving the actual + // commit unattributed. The unquoted-`#` truncation in the + // segment slicing keeps the rewrite scoped to the live part. + it('should add co-author for git commit followed by # comment', async () => { + const command = 'git commit -m "real" # -m "fake"'; + const invocation = shellTool.build({ command, is_background: false }); + const promise = invocation.execute(mockAbortSignal); + + resolveExecutionPromise({ + rawOutput: Buffer.from(''), + output: '', + exitCode: 0, + signal: null, + error: null, + aborted: false, + pid: 12345, + executionMethod: 'child_process', + }); + + await promise; + + const observed = mockShellExecutionService.mock.calls[0][0] as string; + // Trailer must land in the live `-m "real"` body, BEFORE the `#`. + expect(observed).toContain('Co-authored-by:'); + const realIdx = observed.indexOf('-m "real'); + const hashIdx = observed.indexOf(' # '); + const coAuthorIdx = observed.indexOf('Co-authored-by:'); + expect(realIdx).toBeGreaterThanOrEqual(0); + expect(hashIdx).toBeGreaterThan(realIdx); + expect(coAuthorIdx).toBeGreaterThan(realIdx); + expect(coAuthorIdx).toBeLessThan(hashIdx); + }); + + // A `#` inside a quoted commit body is NOT a comment marker. + // `git commit -m "fix #123"` should still get the trailer + // appended inside the quoted body. + it('should add co-author for git commit -m with # inside body', async () => { + const command = 'git commit -m "fix #123 add feature"'; + const invocation = shellTool.build({ command, is_background: false }); + const promise = invocation.execute(mockAbortSignal); + + resolveExecutionPromise({ + rawOutput: Buffer.from(''), + output: '', + exitCode: 0, + signal: null, + error: null, + aborted: false, + pid: 12345, + executionMethod: 'child_process', + }); + + await promise; + const observed = mockShellExecutionService.mock.calls[0][0] as string; + expect(observed).toContain('Co-authored-by:'); + // The `#123` MUST still be inside the body (not pushed out by + // the comment-truncation logic mistaking it for a comment). + expect(observed).toContain('#123'); + }); + // git's global flags (`-c`, `--no-pager`, etc.) push the // subcommand past index 1; a fixed-position check at arg1 used // to silently skip these forms. Make sure we still inject the diff --git a/packages/core/src/tools/shell.ts b/packages/core/src/tools/shell.ts index a20049baf8c..dc70aa7be71 100644 --- a/packages/core/src/tools/shell.ts +++ b/packages/core/src/tools/shell.ts @@ -103,6 +103,47 @@ function lastMatchOf( return result; } +/** + * Return the position of the first unquoted `#` (start-of-comment) in + * `s`, or -1 if none. Bash treats `#` as a comment marker only when it + * begins a word — at start of input or preceded by whitespace — and + * not when it appears inside a single- or double-quoted region. This + * mirrors that semantics so the `-m` / `--body` rewriters can scope + * their regex to the pre-comment part of a segment and avoid splicing + * the trailer into a comment-out flag like + * `git commit -m "real" # -m "fake"`, where the actual commit gets + * "real" but `lastMatchOf` would otherwise pick the comment's `-m + * "fake"` and put the trailer there. + */ +function findUnquotedCommentStart(s: string): number { + let inSingle = false; + let inDouble = false; + let i = 0; + while (i < s.length) { + const c = s[i]!; + if (c === '\\' && !inSingle && i + 1 < s.length) { + i += 2; + continue; + } + if (c === "'" && !inDouble) { + inSingle = !inSingle; + i++; + continue; + } + if (c === '"' && !inSingle) { + inDouble = !inDouble; + i++; + continue; + } + if (c === '#' && !inSingle && !inDouble) { + const prev = i === 0 ? '' : s[i - 1]!; + if (prev === '' || /\s/.test(prev)) return i; + } + i++; + } + return -1; +} + /** * Helpers for the nested-match-rejection logic shared between * addCoAuthorToGitCommit and addAttributionToPR. Both functions pick @@ -2826,7 +2867,15 @@ export class ShellToolInvocation extends BaseToolInvocation< `(${FLAG_PREFIX})'((?:[^']|'\\\\'')*)'`, 'g', ); - const segment = command.slice(segmentRange.start, segmentRange.end); + // Trim a trailing shell comment from the segment so an inert + // `git commit -m "real" # -m "fake"` doesn't have `lastMatchOf` + // pick the comment's `-m "fake"` and splice the trailer into the + // comment (where bash discards it), leaving the actual commit + // unattributed. + const fullSegment = command.slice(segmentRange.start, segmentRange.end); + const commentStart = findUnquotedCommentStart(fullSegment); + const segment = + commentStart >= 0 ? fullSegment.slice(0, commentStart) : fullSegment; // Git concatenates multiple `-m` values with a blank line, so the // co-author trailer has to land in the *last* `-m` value to be // recognised by `git interpret-trailers`. matchAll → take the @@ -2970,7 +3019,15 @@ export class ShellToolInvocation extends BaseToolInvocation< `(${BODY_FLAG})'((?:[^']|'\\\\'')*)'`, 'g', ); - const segment = command.slice(ghSegment.start, ghSegment.end); + // Trim a trailing shell comment off the segment for the same + // reason as addCoAuthorToGitCommit — `gh pr create --body "real" + // # --body "fake"` would otherwise let `lastMatchOf` pick the + // comment's `--body "fake"` and inject attribution into a `--body` + // flag bash discards. + const fullSegment = command.slice(ghSegment.start, ghSegment.end); + const commentStart = findUnquotedCommentStart(fullSegment); + const segment = + commentStart >= 0 ? fullSegment.slice(0, commentStart) : fullSegment; // gh ignores all but the last `--body`/`-b` flag, so the trailer // has to land in the final occurrence to actually appear in the PR. // matchAll → take the last match for each quote style, then pick From 1e7c97fcdbe1d72e4deccc90018573e0002ececb Mon Sep 17 00:00:00 2001 From: wenshao Date: Thu, 7 May 2026 15:51:39 +0800 Subject: [PATCH 64/64] fix(attribution): warn on gh pr create flows that can't be rewritten + cover legacy gitCoAuthor migration end-to-end MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Two residuals from this morning's review pass. 1. ANm7O — `addAttributionToPR` silently skipped for `--body-file`, `--fill`, and bare `gh pr create` (editor) flows. The rewriter only knows how to splice into an inline `--body`/`-b` argv entry. For a `gh pr create` that uses `--body-file path`, `--fill` (uses commit messages), or no body flag at all (editor prompt), there's no inline body to splice into and the function returned the unmodified command. Users with `gitCoAuthor.pr` enabled would see PRs created without the attribution line and have no signal as to why. Add a debugLogger.warn at the no-match path naming the unsupported flows and pointing the user at the inline form. Don't try to handle `--body-file` automatically — that would mean mutating the user's file on disk, which is well outside what an unprompted command rewriter should do; `--fill` and editor flows have no body in argv at all and can't be rewritten without re-architecting. Tests added for `--body-file `, `--fill`, and bare `gh pr create` — each is asserted to leave the command unchanged (no `Generated with Qwen Code` line spliced in). 2. ANm7L — settings-migration integration suite didn't cover the exact V3 legacy shape this PR introduces. `v3-to-v4.test.ts` already pins the migration body, but the end- to-end CLI load → migrate → write path could regress without the integration suite noticing. The existing v3LegacyDisableSettings fixture has no `general.gitCoAuthor` field, so the V3→V4 step technically fires but doesn't exercise the new boolean-expansion logic. Add a `v3GitCoAuthorBooleanSettings` fixture and a paired test case that writes `general: { gitCoAuthor: false }` at $version 3, runs the same `mcp list` CLI invocation, and asserts the saved file has $version 4 plus `general.gitCoAuthor` exactly `{ commit: false, pr: false }` — with sibling general.* keys and unrelated top-level sections preserved. 162 shell tests pass; type-check + lint clean. --- .../cli/settings-migration.test.ts | 39 +++++++++++++++++++ .../settings-migration/workspaces.json | 10 +++++ packages/core/src/tools/shell.test.ts | 37 ++++++++++++++++++ packages/core/src/tools/shell.ts | 19 +++++++++ 4 files changed, 105 insertions(+) diff --git a/integration-tests/cli/settings-migration.test.ts b/integration-tests/cli/settings-migration.test.ts index 470b55b2ba7..e67a9004076 100644 --- a/integration-tests/cli/settings-migration.test.ts +++ b/integration-tests/cli/settings-migration.test.ts @@ -24,6 +24,7 @@ const { v2PreexistingEnableSettings, v3LegacyDisableSettings, v999FutureVersionSettings, + v3GitCoAuthorBooleanSettings, } = workspacesSettings; /** @@ -539,6 +540,44 @@ describe('settings-migration', () => { note: 'should remain unchanged in v3', }); }); + + // V3 used to allow `general.gitCoAuthor: `. The V3→V4 + // migration must expand that boolean into the new + // `{ commit, pr }` object shape so the user's stored opt-out + // doesn't get silently overwritten by the schema defaults + // (which default both sub-toggles to `true`) on the next save. + // The unit test in `v3-to-v4.test.ts` already pins the + // migration body, but without an end-to-end fixture the real + // CLI load → migrate → write path could regress without + // this suite noticing. + it('should expand legacy boolean general.gitCoAuthor: false through V3 → V4', async () => { + rig.setup('v3-gitcoauthor-boolean'); + + overwriteSettingsFile(rig, v3GitCoAuthorBooleanSettings); + + try { + await rig.runCommand(['mcp', 'list']); + } catch { + // Expected to potentially fail + } + + const finalSettings = readSettingsFile(rig); + + expect(finalSettings['$version']).toBe(4); + expect( + (finalSettings['general'] as Record)?.['gitCoAuthor'], + ).toEqual({ commit: false, pr: false }); + // Sibling general.* keys must survive the migration unchanged. + expect( + (finalSettings['general'] as Record)?.[ + 'disableAutoUpdate' + ], + ).toBe(true); + // And so must unrelated top-level sections. + expect(finalSettings['custom']).toEqual({ + note: 'preserve me through v3->v4', + }); + }); }); describe('Future version settings handling', () => { diff --git a/integration-tests/fixtures/settings-migration/workspaces.json b/integration-tests/fixtures/settings-migration/workspaces.json index bd979800929..331276a87be 100644 --- a/integration-tests/fixtures/settings-migration/workspaces.json +++ b/integration-tests/fixtures/settings-migration/workspaces.json @@ -184,5 +184,15 @@ "experimentalFlag": { "enabled": true } + }, + "v3GitCoAuthorBooleanSettings": { + "$version": 3, + "general": { + "gitCoAuthor": false, + "disableAutoUpdate": true + }, + "custom": { + "note": "preserve me through v3->v4" + } } } diff --git a/packages/core/src/tools/shell.test.ts b/packages/core/src/tools/shell.test.ts index 13affb8cffb..4e293cdaed6 100644 --- a/packages/core/src/tools/shell.test.ts +++ b/packages/core/src/tools/shell.test.ts @@ -2597,6 +2597,43 @@ describe('ShellTool', () => { }); describe('addAttributionToPR', () => { + // Non-inline-body flows: `--body-file ` reads the body + // from a file on disk, `--fill` populates it from commit + // messages, and bare `gh pr create` opens an editor. None of + // these have a body argv we can splice the attribution into. + // We can't safely modify them automatically (would either + // mutate the user's file on disk or break the editor flow), + // so we leave the command untouched and rely on the debug + // warning to surface the skip when QWEN_DEBUG_LOG_FILE is set. + it.each([ + ['--body-file', 'gh pr create --title "x" --body-file /tmp/body.md'], + ['--fill', 'gh pr create --title "x" --fill'], + ['no body flag (editor)', 'gh pr create --title "x"'], + ])( + 'should leave gh pr create %s unchanged (non-inline-body flow)', + async (_label, command) => { + const invocation = shellTool.build({ command, is_background: false }); + const promise = invocation.execute(mockAbortSignal); + + resolveExecutionPromise({ + rawOutput: Buffer.from(''), + output: '', + exitCode: 0, + signal: null, + error: null, + aborted: false, + pid: 12345, + executionMethod: 'child_process', + }); + + await promise; + + const observed = mockShellExecutionService.mock.calls[0][0] as string; + expect(observed).toBe(command); + expect(observed).not.toContain('Generated with Qwen Code'); + }, + ); + // `gh pr new` is a documented alias for `gh pr create`. Without // explicit alias handling the rewrite silently misses it. it('should append attribution to `gh pr new --body "..."` (alias form)', async () => { diff --git a/packages/core/src/tools/shell.ts b/packages/core/src/tools/shell.ts index dc70aa7be71..42e0f9fd80d 100644 --- a/packages/core/src/tools/shell.ts +++ b/packages/core/src/tools/shell.ts @@ -3078,6 +3078,25 @@ export class ShellToolInvocation extends BaseToolInvocation< } } + // Reached here means: `gh pr create`/`gh pr new` was detected, + // `gitCoAuthor.pr` is enabled, but the regex found no inline + // `--body`/`-b` to splice the attribution into. Common causes + // are `--body-file `, `--fill` (uses commit messages as + // body), or just bare `gh pr create` (opens an editor). The + // command runs as the user typed it; we just don't add the + // attribution line. Surface this as a debug warning so a user + // wondering "why isn't my PR getting the trailer?" can see the + // skip in `QWEN_DEBUG_LOG_FILE`. Inline-body rewriting is the + // only safe automatic path — `--body-file` would require us to + // mutate the user's file on disk; `--fill` and editor flows + // have no body in argv at all. + debugLogger.warn( + 'addAttributionToPR: gh pr create detected but no inline ' + + '`--body`/`-b` argument found to append attribution to ' + + '(--body-file / --fill / editor flows are unsupported); ' + + 'PR will be created without the AI attribution line. ' + + 'Pass `--body "..."` inline to enable automatic attribution.', + ); return command; } }