Fix/notify resolution hardening#112
Open
josealekhine wants to merge 3 commits into
Open
Conversation
…verable webhooks Two real defects behind the "notify fails in worktrees" report (P0.8.5): - crypto.ResolveKeyPath auto-detected a project-local <contextDir>/.ctx.key and preferred it over the global key. That file is gitignored, so a fresh worktree resolved to a different key and decryption silently failed. Remove the tier: resolution is now key_path override > global, with project-local kept only as a degenerate fallback when no home dir exists (never auto-detected). Also a documented security antipattern (key next to ciphertext). - notify.Send swallowed every fire-path failure as a silent no-op. It now treats .notify.enc existence as the sole "configured" signal and warns (non-fatal) when a configured webhook cannot be delivered — bad/absent key, decrypt, marshal, or POST — while keeping legitimate silences (not configured, event not subscribed). LoadWebhook detects file absence via os.Stat + errors.Is, not os.IsNotExist, which does not unwrap the text-registry-wrapped error. Spec: specs/notify-resolution-hardening.md Signed-off-by: Jose Alekhinne <jose@ctx.ist>
`gitnexus analyze` injects a full "# GitNexus — Code Intelligence" block between <!-- gitnexus:start/end --> markers. It first landed in 6afb50d (a recall/core deletion commit) as an analyze side effect, not a deliberate choice, and has churned on every reindex since. The project already has a curated home for this: GITNEXUS.md, added deliberately in bf42b1f with a CLAUDE.md cross-reference. The injected blocks were pure duplication on top of it. Realign to the pre-injection canonical state: - AGENTS.md: back to the redirect-to-CLAUDE.md stub (its form since fda3c82) - CLAUDE.md: keep the Companion Tools pointer to GITNEXUS.md, drop the block Re-injection guard lives outside this repo: run analyze with --skip-agents-md so the global gitnexus hook stops rewriting these two files. Spec: specs/meta/chores.md Signed-off-by: Jose Alekhinne <jose@ctx.ist>
Follow-up to 8da165a: the marker-bounded removal of the GitNexus block from AGENTS.md/CLAUDE.md is mechanical, so capture a Phase CT task to automate it as `make strip-gitnexus`. Spec: specs/meta/chores.md Signed-off-by: Jose Alekhinne <jose@ctx.ist>
Deploying ctx with
|
| Latest commit: |
03a24cf
|
| Status: | ✅ Deploy successful! |
| Preview URL: | https://cd0397cb.ctx-bhl.pages.dev |
| Branch Preview URL: | https://fix-notify-resolution-harden.ctx-bhl.pages.dev |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.