Skip to content

fix(checkpoints): detect nested repos via .git/HEAD and .git pointer files #11341

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
0xMink wants to merge 1 commit into
base: main
Choose a base branch
from
Open

fix(checkpoints): detect nested repos via .git/HEAD and .git pointer files #11341

0xMink wants to merge 1 commit into from
+208 −44

Conversation

@0xMink
Copy link
Contributor

@0xMink 0xMink commented Feb 9, 2026
edited
Loading

Closes #11340

Summary

Fixes three correctness issues in ShadowCheckpointService.getNestedGitRepository():

  • False negatives: Only searched for **/.git/HEAD, missing submodule/worktree .git pointer files (which contain gitdir:).
  • False positives: --follow allowed ripgrep to traverse symlinks outside the workspace boundary.
  • Brittle matching: Replaces includes() / startsWith() heuristics with path.basename() / path.dirname() and path.resolve().

Test plan

  • Existing test: nested .git/HEAD directory detection still works
  • Existing test: no nested repos allows init
  • New: submodule-style .git file triggers detection
  • New: stray .git file without gitdir: prefix is ignored
  • New: root .git/HEAD is excluded
  • New: root .git match is excluded
  • New: --follow flag is not present in ripgrep args
  • New: unreadable .git file is skipped gracefully
  • All 37 tests passing

@0xMink
fix(checkpoints): detect nested repos via .git/HEAD and .git pointer …
ff04091 
…files

- Remove --follow flag to prevent symlink traversal outside workspace
- Add **/.git glob to detect submodule/worktree .git pointer files
- Validate .git files contain gitdir: prefix before treating as repo marker
- Use path.basename/path.dirname for classification instead of string matching
- Use path.resolve for root exclusion (handles absolute/relative paths)
- Add 6 new test cases covering submodule detection, stray .git files,
  root exclusion, --follow removal, and unreadable file handling

Closes RooCodeInc#11340
@dosubot dosubot bot added bug Something isn't working size:L This PR changes 100-499 lines, ignoring generated files. labels Feb 9, 2026
This was referenced Feb 9, 2026
Open
Draft
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mrubens mrubens Awaiting requested review from mrubens mrubens is a code owner

@cte cte Awaiting requested review from cte cte is a code owner

@jr jr Awaiting requested review from jr jr is a code owner

@hannesrudolph hannesrudolph Awaiting requested review from hannesrudolph hannesrudolph is a code owner

@daniel-lxs daniel-lxs Awaiting requested review from daniel-lxs daniel-lxs is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

bug Something isn't working size:L This PR changes 100-499 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[BUG] Checkpoints nested-repo detection misses submodule/worktree .git files and can false-positive via symlink follow

1 participant

@0xMink