You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
madder's FDR-0008 (config digest pins) lets an id carry a name@<markl-id>
suffix that is AssertEqual'd at resolve time against the target config's
self-check digest — disambiguating same-named stores cryptographically and
position-independently, and detecting tampering.
dodder should adopt the same for -repo_id resolution, as a complement to
the positional dot-depth (..name) multi-dot resolution (#281) — keep both;
digest-pinning is the cryptographic disambiguator on top of the positional one.
This directly helps the nested same-named repo case (cf. #281, #283): notes@<digest>
pins the exact intended notes repo regardless of nesting/position.
dodder's repo_id package drops the digest entirely: EffectiveName, EffectiveId, and CheckSupported never read it. So dodder show -repo_id notes@<digest> parses but the digest is ignored.
Scope (to design)
Pin source. Decide what per-repo digest the suffix verifies against —
candidates: the content-addressed immutable-config digest (get_konfig_sha)
or the repo public-key in config-immutable. Possibly adopt FDR-0008
Phase-1-style self-check on the dodder repo config-seed first.
Resolution. Thread the digest through repo_id resolution: locate
candidate repos (the existing scope/ancestor walk), then AssertEqual the
pinned digest against each candidate's digest; error (with expected-vs-actual)
on mismatch / no match.
Surface.-repo_id name@<digest> on the CLI + MCP; optionally emit the
digest-bearing canonical form in info-repo repos / persisted references.
Context
madder's FDR-0008 (config digest pins) lets an id carry a
name@<markl-id>suffix that is
AssertEqual'd at resolve time against the target config'sself-check digest — disambiguating same-named stores cryptographically and
position-independently, and detecting tampering.
dodder should adopt the same for
-repo_idresolution, as a complement tothe positional dot-depth (
..name) multi-dot resolution (#281) — keep both;digest-pinning is the cryptographic disambiguator on top of the positional one.
This directly helps the nested same-named repo case (cf. #281, #283):
notes@<digest>pins the exact intended
notesrepo regardless of nesting/position.Current state
scoped_id.Setalready parsesname@<digest>(madder, FDR-0008 Phase 2)and exposes
GetDigest()/HasDigest()/WithDigest().repo_idpackage drops the digest entirely:EffectiveName,EffectiveId, andCheckSupportednever read it. Sododder show -repo_id notes@<digest>parses but the digest is ignored.Scope (to design)
candidates: the content-addressed immutable-config digest (
get_konfig_sha)or the repo
public-keyinconfig-immutable. Possibly adopt FDR-0008Phase-1-style self-check on the dodder repo config-seed first.
repo_idresolution: locatecandidate repos (the existing scope/ancestor walk), then
AssertEqualthepinned digest against each candidate's digest; error (with expected-vs-actual)
on mismatch / no match.
-repo_id name@<digest>on the CLI + MCP; optionally emit thedigest-bearing canonical form in
info-repo repos/ persisted references.!mdtype blob not found in its own store #283. Complement dot-depth; consider whetherdigest-pinned resolution also sidesteps the nested-commit store ambiguity in
Nested same-named cwd repo can't commit: genesis
!mdtype blob not found in its own store #283.Deferred to the end of the current FDR-0019 task sequence; filed for tracking.
Environment: dodder smart-pine branch; madder pin
go v0.3.43-…-d3de5838721b(FDR-0008 Phase 2 present in
scoped_id).