fix(hooks): identity-match team-name detect-and-align (v4.4.31)#993
Merged
michael-wojcik merged 6 commits intoJun 19, 2026
Merged
Conversation
…heal get_team_name() resolves the real platform team by matching config.json.leadSessionId == session_id, correcting a non-empty-but-wrong persisted SSOT (a computed session-<id8> name when the platform provisioned a full-UUID team dir, or a stale name after resume). An empty SSOT stays fail-closed (deliberate security gate — identity-match does not recover from an unknown team). The bootstrap marker hook writes the aligned name back to the context file and the exists-guarded CLAUDE.md Team line; session_init and heal_context_if_missing converge on the aligned name so all writers agree. The resolver is pure, FS-read-only, and never raises (bare except -> persisted/computed default).
…riter The identity-match write-back added resolve_project_claude_md_path (claude_md_manager) and update_session_info (session_resume) imports to bootstrap_marker_writer, pulling those plus transitive pin_caps and staleness into the live import closures of both bootstrap_marker_writer and bootstrap_gate (which imports it). Update the _SEAM_HOOK_HELPER_CLOSURE drift-detector literal to record the real closure. No live-probe re-certification needed: both hooks are fail-closed/fail-loud (L2-only), not in L3_LIVE_PROBE_HOOKS.
…n matrix 48 tests across a new test_team_name_detect_align.py plus one divergent end-to-end leg in the standing both-modes gate. Covers identity-match across full-UUID/session-<id8>/pact-<id8> dir names (no prefix shortcut); half-formed window; fail-safe totality (NUL/slash session_id, teams_dir=None, HOME-unresolvable, config-is-a-dir -> never raises); is_safe_path_component skip; empty-SSOT fail-closed both modes; resume-revert upgrade; cold-start; heal crash-recovery (absent-context -> aligned); both-modes resolver + dispatch-gate legs; _aligned_cache memoization + reset_for_tests isolation; full-UUID caller sweep; two-file context-first write-back. Non-vacuous via paired intact/neutered monkeypatch proofs.
Peer-review fold for PR Synaptic-Labs-AI#993. (1) Corrected _resolve_aligned_team_name docstring: session_id is only string-compared to leadSessionId, never composed into a path, so it cannot raise; the genuine bare-except raise sources are Path.home (RuntimeError), Path(teams_dir) (TypeError), and per-entry config.json read (OSError/JSONDecodeError). (2) Re-pointed the NUL/slash session_id tests to assert the real no-match-returns-default behavior (non-vacuous: seeded matchable dir + counter-proof). (3) Added a memoization test for the empty-SSOT short-circuit. (4-5) Clarifying comments: context-first write ordering, same-OS-user TOCTOU mitigation. (6) Expanded the no-match scan-cost PERF note.
Completes the docstring correction: the outer except-block comment still cited 'a path-unsafe raw session_id (ValueError)' as a totality source, contradicting the corrected docstring (session_id is string-compared, never path-composed). Cite the genuine raise sources (Path.home RuntimeError, Path(teams_dir) TypeError) instead. Comment-only; caught by the verify-only re-review.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Identity-match team-name detect-and-align.
get_team_name()resolves the REAL platform team by matchingconfig.json['leadSessionId'] == session_id, correcting a non-empty-but-wrong persisted SSOT — a computedsession-<id8>name when the platform provisioned a full-UUID team dir (Desktop 2.1.177 child / rename-skip), or a stale name after--resume. The bootstrap marker hook writes the aligned name back to the context file and the (exists-guarded)CLAUDE.mdTeam line;session_initandheal_context_if_missingconverge on the aligned name so all writers agree.Security — fail-closed preserved (Option B)
An empty SSOT stays fail-closed:
get_team_nameshort-circuits to""BEFORE identity-match, preserving the deliberatetest_empty_ssot_team_fails_closed_both_modesgate. Identity-match recovers only a non-empty-but-wrong SSOT (exactly what this targets). The resolver is pure, FS-read-only, never-raises (bareexcept Exception→ persisted/computed default), keys on the persisted (lead's) session_id — not the acting frame's, preserving the dual-mode SSOT contract — and path-safety-checks the matched dir name before returning it.Verification
/session_id,teams_dir=None, HOME-unresolvable, config-is-a-dir), crash-recovery via heal, full-UUID caller sweep, two-file context-first write-back.revise_minor→ proceed) + an auditor GREEN-VERIFIED pass againstgit diffground truth.bootstrap_gate/bootstrap_marker_writerclosures) caught by the live-probe drift-detector and fixed; no L3 live-probe re-cert needed (both hooks are fail-closed/L2-only).Closure
Implements the #989 get_team_name detect-and-align fix. Closure pending a post-install live-probe in a divergent-launch (Desktop full-UUID) session — verifying the fix auto-resolves the divergence end-to-end (this session has been hand-correcting the context repeatedly, which the fix is designed to eliminate). v4.4.29 → v4.4.31.