Overview Issues Merge Requests

No XRPC endpoint to write the first commit on an empty repo over HTTPS

did:plc:r2whjvupgfw55mllpksnombn opened this 1d ago 0 comments
did:plc:r2whjvupgfw55mllpksnombn opened 1d ago

Summary

There's no XRPC endpoint for "make the first commit on an otherwise-empty repo." The current surface is:

repo.merge calls git.Open(repoPath, branch) which resolves the target ref before applying the patch — so it can't bootstrap a freshly-init'd repo. From a client's perspective this means: I can create an empty repo over HTTPS, I can import a whole repo from another URL over HTTPS, but I cannot add a single first commit to my own empty repo without falling back to SSH push.

Why this matters

Comes up immediately in any environment that lacks port-22 egress — sandboxes, CI runners with constrained networking, browser-based dev environments like Anthropic's CCotw, etc. Hit this while building a Tangled CLI integration for CCotw: the only way to populate a CCotw- created repo was --source (clone from GitHub). That worked, but it forces every "I want a fresh Tangled-native repo and push my first commit from here" workflow through an unnecessary intermediate host.

Suggested fix

Lowest-cost option: relax sh.tangled.repo.merge to accept an empty target — if the branch doesn't resolve, treat the patch as the root commit(s) for that branch (git am already handles --root-style patches into an empty state). One server-side line change roughly:

// in knotserver/xrpc/merge.go (sketch)
gr, err := git.Open(repoPath, branch)
if errors.Is(err, plumbing.ErrReferenceNotFound) {
    gr, err = git.OpenForRootCommit(repoPath, branch)
}

Higher-cost option: a fresh sh.tangled.repo.commit or sh.tangled.git.applyPatch endpoint with explicit "create branch from patch" semantics. Cleaner API but more surface area.

Either fix closes the asymmetry without touching the SSH-push policy.

Related

  • The clone-from-source path (sh.tangled.repo.create with source) already proves arbitrary git operations CAN safely happen server-side over HTTPS via service-auth tokens. Same trust model applies here.
  • Found while documenting the source-import flow in https://github.com/oaustegard/claude-tangled-spoke (Claude Code on the Web → Tangled integration).

No activity yet.

Back to issues
cospan · schematic version control on atproto built on AT Protocol