Skip to content

t1264: Daily repo sync — auto-pull latest for git repos in configured parent directories #1989

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
marcusquinn merged 1 commit into from
Feb 20, 2026
Merged

t1264: Daily repo sync — auto-pull latest for git repos in configured parent directories #1989

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
32 changes: 32 additions & 0 deletions .agents/aidevops/onboarding.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1082,6 +1082,38 @@ If you're not sure what to build, tell me:

I'll suggest a small project tailored to your needs that we can build together in the playground.

## Repo Sync Configuration

During onboarding, ask the user about their git parent directories for daily repo sync:

```text
Repo sync keeps your local git repos up to date by running git pull --ff-only
daily on repos that are clean and on their default branch.

Where do you keep your git repos? (default: ~/Git)
Enter one or more directories separated by commas, or press Enter for default:
```

If the user provides directories, configure them:

```bash
# Update repos.json with git_parent_dirs
jq --argjson dirs '["~/Git", "~/Projects"]' \
'. + {git_parent_dirs: $dirs}' \
~/.config/aidevops/repos.json > /tmp/repos.json && \
mv /tmp/repos.json ~/.config/aidevops/repos.json
Comment on lines +1101 to +1104
Copy link

@gemini-code-assist gemini-code-assist bot Feb 20, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

The example jq command for updating repos.json uses a hardcoded temporary file path (/tmp/repos.json). This is not a safe pattern as it can lead to race conditions or conflicts if multiple processes attempt this operation simultaneously. The scripts in this repository correctly use mktemp for creating temporary files, and the documentation should reflect this best practice for consistency and safety.

Suggested change
jq --argjson dirs '["~/Git", "~/Projects"]' \
'. + {git_parent_dirs: $dirs}' \
~/.config/aidevops/repos.json > /tmp/repos.json && \
mv /tmp/repos.json ~/.config/aidevops/repos.json
tmp_json=$(mktemp)
jq --argjson dirs '["~/Git", "~/Projects"]' \
'. + {git_parent_dirs: $dirs}' \
~/.config/aidevops/repos.json > "$tmp_json" && \
mv "$tmp_json" ~/.config/aidevops/repos.json

Comment on lines +1099 to +1104
Copy link
Contributor

@coderabbitai coderabbitai bot Feb 20, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor

Example uses /tmp/repos.json — insecure temp file in user-facing documentation.

Users will copy-paste this. Using a predictable path in /tmp/ is a classic symlink-attack vector (CWE-377). Use a user-scoped temp path or the redirect-to-same-file pattern with sponge/mktemp.

Safer example 
 # Update repos.json with git_parent_dirs
 jq --argjson dirs '["~/Git", "~/Projects"]' \
   '. + {git_parent_dirs: $dirs}' \
-  ~/.config/aidevops/repos.json > /tmp/repos.json && \
-  mv /tmp/repos.json ~/.config/aidevops/repos.json
+  ~/.config/aidevops/repos.json > ~/.config/aidevops/repos.json.tmp && \
+  mv ~/.config/aidevops/repos.json.tmp ~/.config/aidevops/repos.json
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In @.agents/aidevops/onboarding.md around lines 1099 - 1104, The example uses a
predictable /tmp/repos.json which is insecure; update the snippet that writes to
~/.config/aidevops/repos.json to use a safe temporary file (mktemp) or the
redirect-to-same-file pattern with sponge (or write into the target directory)
instead of /tmp/repos.json; specifically modify the jq + mv pipeline in the code
block so it creates a unique temp file via mktemp (or pipes to sponge) and then
atomically replaces ~/.config/aidevops/repos.json, ensuring the commands that
reference ~/.config/aidevops/repos.json and /tmp/repos.json are replaced with
the safer mktemp or sponge variants.


# Enable the daily scheduler
aidevops repo-sync enable
```

If the user skips, note they can configure later:

```bash
aidevops repo-sync config # Show configuration instructions
aidevops repo-sync enable # Enable after configuring
```

## Next Steps After Setup

Once services are configured:
Expand Down
Loading
Loading