Description
Context: The reviewer experienced mixed identities committing from one account while authoring under another. Introduce an identity verification feature that ensures repository actions (commits, pushes, GitHub API actions) are performed under an allowed identity.
Specific requirements:
- Add a config block kodrdriv.allowedIdentities: array of identity descriptors. Each descriptor may include gitName, gitEmail, githubLogin, and an optional id (string).
- Provide CLI flags or interactive setup to 'lock' a repository to a single identity (e.g. --enforce-identity or repository config lockIdentity: true).
- Before taking actions that create commits or call GitHub APIs, perform checks:
- Local git author: run git config user.name and user.email (use existing secure runSecure helper in src/util/child.ts) and compare to allowedIdentities.
- When pushing to GitHub: compare authenticated token user (via src/util/github.ts getAuthenticatedUser()) to allowedIdentities.githubLogin when a GitHub token is used.
- Behaviour: Configurable failure modes: warn (log mismatch and require --sendit), prevent-commit (abort before commit), auto-correct (optionally set git config user.* locally when the allowed identity matches an available SSH/GitHub credential) — auto-correct requires explicit consent and should be opt-in.
- Implement checks in: src/commands/commit.ts, src/commands/publish.ts, src/commands/release.ts, and any command that may create commits or GitHub resources (review issue creation flow).
- Tests: Add unit tests mocking git config values and mocking getAuthenticatedUser to simulate identity mismatch and assert configured behaviours.
Implementation details:
- Files to modify/add: src/util/identity.ts (new) with functions: loadAllowedIdentities(config), getLocalGitIdentity(), verifyIdentityForAction(action, options). Update src/types.ts for config schema.
- Make verification synchronous before creating ephemeral artifacts; ensure checks run even in dry-run flows but do not block dry-run.
Expected behaviour:
- When enforcement is enabled and the active commit identity does not match allowedIdentities, the command aborts (or warns) before making commits or opening GitHub issues. Error messages must explain steps to correct (e.g., set git config user.email, switch tokens, or update kodrdriv config).
Technical considerations:
- Respect CI environments where git config may be absent; provide clear guidance for non-interactive runs (env var override flag) and document risk.
- Avoid leaking tokens or credentials in logs; only print identity names/emails, not secrets.
Success criteria:
- Commands detect mismatched identities and behave according to configured mode (warn, reject, auto-correct). Tests cover CI and local scenarios.
Details
- Priority: high
- Category: security
- Source: Review
Suggestions
- Implement src/util/identity.ts and add unit tests mocking git and GitHub responses
- Add CLI/config options to enable enforcement and document expected behaviours
This issue was automatically created from a review session.
Description
Context: The reviewer experienced mixed identities committing from one account while authoring under another. Introduce an identity verification feature that ensures repository actions (commits, pushes, GitHub API actions) are performed under an allowed identity.
Specific requirements:
Implementation details:
Expected behaviour:
Technical considerations:
Success criteria:
Details
Suggestions
This issue was automatically created from a review session.