Merged
Conversation
…lback and tests - Introduce Manager with Track, Commit, and Rollback support. - Implement secure root-scoped path validation, backup handling, - LIFO deletion of created paths, and temp dir isolation. - Add copy utility and comprehensive unit tests with race/coverage compliance.
- Add `FindProjectRoot` to locate `scbake.toml` or `.git` upwards from CWD - Update `Load` to accept start path and return discovered root - Implement atomic `Save` using temp-write-and-rename strategy - Update `core` and `cmd` call sites to match new signatures - Add comprehensive tests for traversal, overrides, and file operations
- Update TaskContext to include *transaction.Manager - Add transaction tracking to CreateDirTask and CreateTemplateTask - Add PredictedCreated to ExecCommandTask for tracking output artifacts - Update task tests to verify transaction registration and rollback behavior
- Initialize transaction.Manager in RunApply to provide filesystem safety - Inject transaction instance into TaskContext for task-level tracking - Implement defer tx.Rollback() pattern to handle errors and panics automatically - Remove Git preflight checks, savepoints, and automatic commits - Add run_test.go to verify atomic rollback and success scenarios
- Add PrioVersionControl (2000) to internal/types to ensure VCS tasks run last - Implement git template handler with tasks for init, add, and commit - Register git template in pkg/templates/registry.go - Add integration tests verifying fresh initialization and idempotency
- removed NewHandler constructor to align with the project-wide template pattern - updated pkg/templates registry to use direct Handler initialization - refactored git_test.go to use the standardized Handler struct
…n manager - Remove internal/git as it is no longer used for core safety logic. - Refactor 'new' and 'apply' commands to use RunE for idiomatic error handling. - Remove direct 'os' import in apply.go; error reporting and exit codes are now delegated to Cobra's error handling via RunE, eliminating manual os.Exit calls. - Update 'new' command to bootstrap scbake.toml before template application, allowing core.RunApply to recognize the new directory as a valid project root. - Enhance Transaction Manager to prune .scbake and .scbake/tmp scaffolding. - Enhance Transaction Manager to reset internal tracks via resetState(). - Add comprehensive CLI tests for rollbacks, dry-runs, and idempotency. - Add deduplicateTemplates to ensure execution idempotency.
- Create names.go and perms.go to act as a single source of truth - Standardize use of ManifestFileName, InternalDir, and GitDir markers - Implement consistent secure permissions (0750/0600) across all packages - Update test suites to use centralized constants - Fix documentation to satisfy revive linter requirements
- Canonicalize paths in tasks using filepath.Abs and Clean to fix "outside target path" errors - Refactor checkFilePreconditions to ensure robust security jail validation - Update CreateDirTask and ExecCommandTask to use absolute paths for transaction tracking - Isolate integration tests by injecting Git identity via environment variables (GIT_AUTHOR_ID) - Prevent global Git config leakage and ensure hermetic test execution - Decompose TestNewCommand into subtests to verify modular language and template optionality - Reduce cyclomatic complexity in test suites by extracting state verification helpers
- Implement sort.Strings in ListLangs for deterministic CLI output - Add Register function to allow language handler injection - Rename parameters to avoid package name shadowing - Ensure structural parity between pkg/lang and pkg/templates
Emin-ACIKGOZ
added a commit
that referenced
this pull request
Feb 21, 2026
# Changes: - Native Transactions: Implemented a LIFO manager with automated backups for atomic "all-or-nothing" rollbacks. - Security Hardening: Enforced project boundaries by canonicalizing task paths with filepath.Abs to block traversal. - Modular VCS: Refactored Git into an optional template to support Git-free scaffolding. - Test Isolation: Hardened the integration suite via environment variables to prevent host Git config leakage. - Registry Parity: Unified language and template registries with deterministic sorting.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Pull Request: Architectural Pivot to Native Transaction Engine
Summary
This PR introduces a Breaking Architectural Change by replacing the Git-based atomicity model with a custom Native Filesystem Transaction Manager. This shift removes the requirement for a Git repository to be present during scaffolding and standardizes internal API signatures for discovery and task execution.
Type of Change
Details
Breaking Changes & Migration
Git is now Optional: Git is no longer automatically initialized or used for rollbacks. Users must now explicitly include
--with gitto initialize a repository.Signature Updates: The following functions have updated signatures and will break existing library integrations:
core.RunApply: Now requires aRunContextand handles its own transaction lifecycle.manifest.Load: Now accepts a starting path and returns the discovered root path.Package Migration:
internal/githas been removed. Global constants have moved frominternal/utiltointernal/util/fileutil.Technical Implementation
internal/filesystem/transactionto handle atomic rollbacks via a temporary backup system (.scbake/tmp).FindProjectRootto walk up the directory tree to locatescbake.toml, allowing the tool to run from subdirectories.filepath.Abs) to resolve the "Relativism Trap" where relative paths (like.) failed security prefix checks.Tests
go test ./...)Hardened Integration Suite:
GIT_AUTHOR_NAMEenvironment overrides to prevent global~/.gitconfigcontamination.API Impact
Justification: The previous Git-dependent architecture was a "leaky abstraction" that limited the tool's portability. Moving to a native transaction manager provides a stable foundation for future monorepo support and concurrent execution.
Checklist
golangci-lintpassesRelated Issues