fix: harden fork feature — security, data integrity, and coverage
Security: - Private forks are now filtered from all public listing endpoints: GET /repos/{id}/forks and GET /repos/{id}/fork-network exclude private forks GET /users/{username}/forks shows private forks only to the profile owner - ForkRepoRequest.visibility validated to 'public'|'private'; 422 on any other value
Data integrity: - Duplicate fork now detected with a pre-check SELECT before any DB write, so IntegrityError from slug collision can no longer be misreported as 'already forked' - Auto-slug-suffix (_unique_slug_for_owner) resolves slug collisions on fork by appending -2, -3, … (GitHub behaviour); avoids spurious 409 errors - duplicate_fork ValueError code propagates cleanly through route and MCP executor
MCP coverage: - musehub_fork_repo executor now maps duplicate_fork code → conflict error code - IntegrityError catch removed from MCP executor (superseded by pre-check)
Test coverage (30 fork tests + 43 MCP dispatcher tests): - test_private_fork_hidden_from_source_forks_list - test_private_fork_hidden_from_fork_network - test_private_fork_hidden_from_public_user_forks (genuinely anon — no auth override) - test_private_fork_visible_to_owner - test_invalid_visibility_returns_422 - test_slug_collision_auto_resolved - test_musehub_list_repo_forks_routes_to_executor - test_musehub_get_fork_network_routes_to_executor - test_musehub_get_user_forks_routes_to_executor - test_musehub_fork_repo_requires_auth - test_musehub_fork_repo_in_write_tool_names
0 comments
muse hub commit comment sha256:9ace58a6faebf7ad96771affa4eb18baa3bcea6f15728a4f3b46186fdcb1857a --body "your comment"
No comments yet. Be the first to start the discussion.