docs: add git-diff-panel implementation planning artifacts

Implementation decision log, iteration history, synthesis input, the implementation plan, and discovery notes for the git-diff-panel feature. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-03 02:26:04 +00:00
parent 3e7115afad
commit ca028a4024
5 changed files with 658 additions and 0 deletions
--- a/docs/features/git-diff-panel/artifacts/implementation-iteration-history.md
+++ b/docs/features/git-diff-panel/artifacts/implementation-iteration-history.md
@@ -0,0 +1,64 @@
+# Implementation iteration history — Git diff panel
+
+Round-by-round record of the `plan-implementation` discussion for the git-diff-panel feature. The primary
+plan is [`../feature-implementation-plan.md`](../feature-implementation-plan.md); decisions are in
+[`implementation-decision-log.md`](implementation-decision-log.md). No `feature-technical-notes.md` exists
+(no T# notes), so the spec-maturity gate reduces to the spec-level threshold alone.
+
+Team size: **medium** (round cap 2). Converged in **1 round** — every open question resolved from evidence;
+the spec-maturity gate did not trip.
+
+---
+
+## R1 — Parallel specialist review
+
+**Specialists engaged:** software-architect, adversarial-security-analyst, on-call-engineer, test-engineer,
+junior-developer (all sonnet, parallel). project-manager synthesized (Step 8).
+
+**New input provided:** the feature spec + decision-log (D1–D18) + team-findings (F1–F21), the discovery
+notes (`.discovery-notes.md`), and domain-scoped briefs. Mid-round the orchestrator verified the Docker
+mount and project_bootstrap git-write precedent, which refuted the architect's service-split premise.
+
+### Claim ledger
+
+| # | Claim | State | Spec-maturity | Supporting |
+|---|-------|-------|---------------|-----------|
+| C1 | Read + write both in apps/server; architect's write-in-coder premise refuted by `/opt` rw mount + `project_bootstrap.ts` git-write precedent | Evidenced | plan-level | junior (coupling flag) + evidence; security (safe runGit only in server) |
+| C2 | Read route + `git_diff.ts` pure helpers (parse, base-resolve, mode-select, classify, in-progress) — TDD-first | Evidenced | plan-level | architect, test-engineer |
+| C3 | Write ops via argv-safe `runGit`/`execFile` + `--` separators; never `hostExec(shell)` | Evidenced | plan-level | architect, security |
+| C4 | Path validation via `pathGuard` (reject `..`/abs/symlink-escape + repo-root discard) | Evidenced | plan-level | security |
+| C5 | Commit identity server-derived (`-c` from git config, bootstrap fallback); `.strict()` request, no author fields | Evidenced | plan-level | security, on-call |
+| C6 | Refresh = client `git_diff_refresh` sessionEvent + in-flight coalescence ref (no WS frame, no contracts rebuild) | Evidenced | plan-level | architect, on-call |
+| C7 | Read deadline 30s + `maxBuffer` 10MB (distinct from D5 display cap) | Evidenced | plan-level | on-call |
+| C8 | Index-lock → HTTP 409 "repository busy"; no server retry | Evidenced | plan-level | on-call |
+| C9 | In-progress detection via `.git` sentinel `stat`s folded into read response → disable writes | Evidenced | plan-level | on-call, test-engineer |
+| C10 | Write endpoints excluded from `ALL_TOOLS`; artifact sandbox `connect-src 'none'` blocks artifact→endpoint | Evidenced | plan-level | security |
+| C11 | RightRail Files/Git tab + `GitDiffView` (Shiki `lang:'diff'` lazy-on-expand) + dirty dot from `useProjectGit` | Evidenced | plan-level | architect, junior |
+| C12 | Two-phase build: read/display first, writes second (same deploy surface) | Evidenced | plan-level | architect, junior |
+| C13 | Test plan T1–T12: pure-helper units + temp-repo integration; skip Shiki/layout (no web harness) | Evidenced | plan-level | test-engineer |
+
+### Open Questions and resolutions
+
+| OQ | Question | Resolution source | Outcome |
+|----|----------|-------------------|---------|
+| OQ-1 | Which service owns the git routes? (raised by all five) | evidence | Read + write both in apps/server (D-1) — `/opt` rw mount + project_bootstrap precedent + D8 logic refute the coder-split premise |
+| OQ-2 | Refresh-wiring mechanism across CoderPane↔RightRail subtrees | evidence | Client `git_diff_refresh` sessionEvent; no WS frame, no contracts rebuild (D-8) |
+| OQ-6 | Commit identity source | evidence | Server-derived `-c` from git config, project_bootstrap constants fallback; request has no author fields (D-5) |
+| OQ-7 | Committed-mode base resolution command | evidence | `@{upstream}` → `origin/HEAD` → null→Uncommitted fallback (D-6) |
+| OQ-3/8/9 | Header condensation / dirty-indicator placement / D14 notification | evidence | Tab strip replaces "Files" label; FilePlus on Files tab only; dirty dot from `useProjectGit`; D14 = inline non-blocking line, not a toast (D-15) |
+| OQ-4 | Is the write half gated/sequenced? | evidence | Two-phase build, read/display then writes (D-14) |
+| OQ-5 | Shiki lazy vs eager | evidence | Lazy highlight on expand, per-file loading state (D-15) |
+
+### Spec-maturity gate
+
+**NOT tripped.** Zero spec-level findings — the spec committed every behavior (D1–D18); all Round-1 findings
+are plan-level HOW choices, each resolved from codebase evidence. No T#-contradictions (no T# notes exist).
+
+### Next-step recommendation
+
+**Go to synthesis.** All open questions resolved by evidence; no handoffs requested; no plan-level question
+left unresolved.
+
+**Decisions produced:** D-1 through D-15.
+**Changed in plan:** Implementation Approach, Decomposition and Sequencing, Security Posture, On-Call
+Resilience Posture, Operational Readiness, Testing Strategy, Deferred (YAGNI), UX Notes.