# Implementation iteration history — Git diff panel Round-by-round record of the `plan-implementation` discussion for the git-diff-panel feature. The primary plan is [`../feature-implementation-plan.md`](../feature-implementation-plan.md); decisions are in [`implementation-decision-log.md`](implementation-decision-log.md). No `feature-technical-notes.md` exists (no T# notes), so the spec-maturity gate reduces to the spec-level threshold alone. Team size: **medium** (round cap 2). Converged in **1 round** — every open question resolved from evidence; the spec-maturity gate did not trip. --- ## R1 — Parallel specialist review **Specialists engaged:** software-architect, adversarial-security-analyst, on-call-engineer, test-engineer, junior-developer (all sonnet, parallel). project-manager synthesized (Step 8). **New input provided:** the feature spec + decision-log (D1–D18) + team-findings (F1–F21), the discovery notes (`.discovery-notes.md`), and domain-scoped briefs. Mid-round the orchestrator verified the Docker mount and project_bootstrap git-write precedent, which refuted the architect's service-split premise. ### Claim ledger | # | Claim | State | Spec-maturity | Supporting | |---|-------|-------|---------------|-----------| | C1 | Read + write both in apps/server; architect's write-in-coder premise refuted by `/opt` rw mount + `project_bootstrap.ts` git-write precedent | Evidenced | plan-level | junior (coupling flag) + evidence; security (safe runGit only in server) | | C2 | Read route + `git_diff.ts` pure helpers (parse, base-resolve, mode-select, classify, in-progress) — TDD-first | Evidenced | plan-level | architect, test-engineer | | C3 | Write ops via argv-safe `runGit`/`execFile` + `--` separators; never `hostExec(shell)` | Evidenced | plan-level | architect, security | | C4 | Path validation via `pathGuard` (reject `..`/abs/symlink-escape + repo-root discard) | Evidenced | plan-level | security | | C5 | Commit identity server-derived (`-c` from git config, bootstrap fallback); `.strict()` request, no author fields | Evidenced | plan-level | security, on-call | | C6 | Refresh = client `git_diff_refresh` sessionEvent + in-flight coalescence ref (no WS frame, no contracts rebuild) | Evidenced | plan-level | architect, on-call | | C7 | Read deadline 30s + `maxBuffer` 10MB (distinct from D5 display cap) | Evidenced | plan-level | on-call | | C8 | Index-lock → HTTP 409 "repository busy"; no server retry | Evidenced | plan-level | on-call | | C9 | In-progress detection via `.git` sentinel `stat`s folded into read response → disable writes | Evidenced | plan-level | on-call, test-engineer | | C10 | Write endpoints excluded from `ALL_TOOLS`; artifact sandbox `connect-src 'none'` blocks artifact→endpoint | Evidenced | plan-level | security | | C11 | RightRail Files/Git tab + `GitDiffView` (Shiki `lang:'diff'` lazy-on-expand) + dirty dot from `useProjectGit` | Evidenced | plan-level | architect, junior | | C12 | Two-phase build: read/display first, writes second (same deploy surface) | Evidenced | plan-level | architect, junior | | C13 | Test plan T1–T12: pure-helper units + temp-repo integration; skip Shiki/layout (no web harness) | Evidenced | plan-level | test-engineer | ### Open Questions and resolutions | OQ | Question | Resolution source | Outcome | |----|----------|-------------------|---------| | OQ-1 | Which service owns the git routes? (raised by all five) | evidence | Read + write both in apps/server (D-1) — `/opt` rw mount + project_bootstrap precedent + D8 logic refute the coder-split premise | | OQ-2 | Refresh-wiring mechanism across CoderPane↔RightRail subtrees | evidence | Client `git_diff_refresh` sessionEvent; no WS frame, no contracts rebuild (D-8) | | OQ-6 | Commit identity source | evidence | Server-derived `-c` from git config, project_bootstrap constants fallback; request has no author fields (D-5) | | OQ-7 | Committed-mode base resolution command | evidence | `@{upstream}` → `origin/HEAD` → null→Uncommitted fallback (D-6) | | OQ-3/8/9 | Header condensation / dirty-indicator placement / D14 notification | evidence | Tab strip replaces "Files" label; FilePlus on Files tab only; dirty dot from `useProjectGit`; D14 = inline non-blocking line, not a toast (D-15) | | OQ-4 | Is the write half gated/sequenced? | evidence | Two-phase build, read/display then writes (D-14) | | OQ-5 | Shiki lazy vs eager | evidence | Lazy highlight on expand, per-file loading state (D-15) | ### Spec-maturity gate **NOT tripped.** Zero spec-level findings — the spec committed every behavior (D1–D18); all Round-1 findings are plan-level HOW choices, each resolved from codebase evidence. No T#-contradictions (no T# notes exist). ### Next-step recommendation **Go to synthesis.** All open questions resolved by evidence; no handoffs requested; no plan-level question left unresolved. **Decisions produced:** D-1 through D-15. **Changed in plan:** Implementation Approach, Decomposition and Sequencing, Security Posture, On-Call Resilience Posture, Operational Readiness, Testing Strategy, Deferred (YAGNI), UX Notes.