Background
PR #86's openPublicStore (apps/api/src/store/public.ts:80-87) guards against non-bare clones via:
```ts
if (existsSync(join(repoPath, '.git'))) {
throw new Error(`CFP_DATA_REPO_PATH=${repoPath} looks like a non-bare clone ...`);
}
```
This catches the common misconfiguration (someone ran `git clone` instead of `git clone --bare`) but isn't the authoritative check. A directory created with `git init` (non-bare, no `.git` subdir because the path IS the working tree's gitdir... wait, no — `git init` creates `.git/`) — actually, the more interesting failure mode is something like a partially-initialized directory, or a future case where someone manually constructs a layout the existsSync check misses.
The authoritative check is git's own:
```bash
git -C "$repoPath" rev-parse --is-bare-repository
Prints 'true' for a bare repo, 'false' otherwise; exits non-zero if not a repo at all.
```
Proposed change
Replace the existsSync check in `openPublicStore` with a synchronous spawn of `git rev-parse --is-bare-repository` against `repoPath`, asserting the output is `true`. On `false` or non-zero exit, throw the same shaped error with the same remediation message.
Cost: one subprocess at boot (already paying many). Benefit: the guard catches every non-bare shape, not just the one we thought of.
Why backlog
The current guard catches the realistic misconfiguration today. This is hardening, not a fix. Trivially-sized PR (~10 lines), open to picking up anytime.
Filed as follow-up from PR #86.
Background
PR #86's
openPublicStore(apps/api/src/store/public.ts:80-87) guards against non-bare clones via:```ts
if (existsSync(join(repoPath, '.git'))) {
throw new Error(`CFP_DATA_REPO_PATH=${repoPath} looks like a non-bare clone ...`);
}
```
This catches the common misconfiguration (someone ran `git clone` instead of `git clone --bare`) but isn't the authoritative check. A directory created with `git init` (non-bare, no `.git` subdir because the path IS the working tree's gitdir... wait, no — `git init` creates `.git/`) — actually, the more interesting failure mode is something like a partially-initialized directory, or a future case where someone manually constructs a layout the existsSync check misses.
The authoritative check is git's own:
```bash
git -C "$repoPath" rev-parse --is-bare-repository
Prints 'true' for a bare repo, 'false' otherwise; exits non-zero if not a repo at all.
```
Proposed change
Replace the existsSync check in `openPublicStore` with a synchronous spawn of `git rev-parse --is-bare-repository` against `repoPath`, asserting the output is `true`. On `false` or non-zero exit, throw the same shaped error with the same remediation message.
Cost: one subprocess at boot (already paying many). Benefit: the guard catches every non-bare shape, not just the one we thought of.
Why backlog
The current guard catches the realistic misconfiguration today. This is hardening, not a fix. Trivially-sized PR (~10 lines), open to picking up anytime.
Filed as follow-up from PR #86.