Skip to content

fix(manifest): preserve shipped config digest#86

Merged
stacknil merged 1 commit into
mainfrom
fix/v1.2-config-digest-reproduction
Jul 15, 2026
Merged

fix(manifest): preserve shipped config digest#86
stacknil merged 1 commit into
mainfrom
fix/v1.2-config-digest-reproduction

Conversation

@stacknil

Copy link
Copy Markdown
Owner

Summary

  • preserve the exact shipped YAML bytes when regenerating telemetry window artifacts
  • add a regression test that compares the regenerated manifest digest with the public CLI digest
  • refresh the two affected checked-in manifest digests

Why

The v1.2.0 external clean-clone release gate exposed a reproducibility bug. scripts/regenerate_artifacts.py parsed and re-serialized the shipped YAML before running the pipeline, while the public CLI hashes the original file bytes. Both paths used equivalent configuration values but produced different config_digest identities.

Verification

  • red/green regression: the new test failed before the fix with the two distinct digests and passes after the fix
  • .venv\\Scripts\\python.exe -m pytest -q — 190 passed
  • .venv\\Scripts\\python.exe scripts/regenerate_artifacts.py --check — 29 strict artifacts matched; 6 visual snapshots regenerated without byte comparison
  • .venv\\Scripts\\python.exe -m build — built the 1.2.0 wheel and source distribution
  • tracked diff and privacy/secret pattern review — clean outside the four intended files

Release decision record

  • Design decision: copy the shipped config bytes into the isolated regeneration workspace instead of normalizing YAML through a parse/dump cycle.
  • Main risk: callers that depended on regeneration silently normalizing YAML formatting will now retain the source formatting; no such contract is documented or tested.
  • Compatibility impact: configuration values and CLI behavior are unchanged. Manifest identity now matches the public CLI and the shipped file.
  • Rollback path: revert this PR and the two manifest digest updates; doing so would reintroduce the clean-clone reproduction failure.

Release gate

This PR does not create a tag or release. After merge, the candidate must pass a fresh external clean-clone reproduction, and the new exact commit requires explicit release approval because the existing authorization names 44d755f.

@stacknil

Copy link
Copy Markdown
Owner Author

Post-CI diff review completed.

  • Design decision: preserve and hash the exact shipped YAML bytes in the isolated regeneration workspace.
  • Main risk: regeneration no longer normalizes YAML formatting; this is intentional because manifest identity is file-byte based.
  • Compatibility impact: no configuration or CLI behavior changes; regenerated manifest identity now agrees with the public CLI.
  • Rollback path: revert this PR and both manifest digest updates, acknowledging that the v1.2 external clean-clone release gate would fail again.

Reviewed the complete four-file remote diff after both test and Repo Sentinel runs passed. No bot comments, unexpected files, or unrelated changes were present.

@stacknil stacknil merged commit 586e589 into main Jul 15, 2026
4 checks passed
@stacknil stacknil deleted the fix/v1.2-config-digest-reproduction branch July 15, 2026 18:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant