You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A pending (currently uncommitted) change rolls the tracked tree back to 3e90b26 — a byte-exact revert of everything in 3e90b26..dc47ff5 (v1.0.0-beta.49): the artifact-cache prune fix ef6c572 (the fix for #181), the NuGet publishing changes (1d3e68b, 4678f2e, dc47ff5), and the merged dependabot bumps #177/#178/#179.
A max-effort review of that diff surfaced the findings below. Filing them so each regression is a deliberate decision rather than a side effect of the rollback.
Base is stale: the rollback was computed from beta.49, but main is now 6 commits ahead (dabf4b4), including d3e2ee9 (tagged v1.0.0-beta.50) and PRs #187–#191. Landing it as-is would require a force-push (dropping a released commit from main) or an unreviewed merge.
Findings
1. Releases would have no working NuGet destination (critical)
The rollback restores dotnet nuget push --source nuget.org --api-key ${{ secrets.PETERSUNDE_NUGET_ORG_API_KEY }} — the exact configuration that failed the v1.0.0-beta.48 release with 403 (The specified API key is invalid, has expired, or does not have permission) (run 28244679072). The secret has not been rotated since that failure.
It simultaneously removes the GitHub Packages push added by dc47ff5 — the only destination that actually worked (beta.49/beta.50 exist only there; nuget.org stops at beta.46).
publish-nuget has no token-presence/validation guard (unlike publish-cargo-crates-io), so any credential problem only surfaces at release time.
Decision needed: intended destination(s) for Surge.NET (rotate the nuget.org key? keep GitHub Packages alongside?), plus a token guard in the job.
surge-installer-uiprune_artifact_cache_for_package discards the prune Result (let _ =), so GUI and headless installs report neither prune failures nor counts; setup.rs and finalize.rs still log. This reintroduces the silent stale-cache accumulation Prune stale local artifact cache after successful installs and updates #181 was filed about.
Deletes test_download_and_apply_latest_full_artifact_retention_prunes_old_fulls_and_deltas — the only end-to-end coverage that latest_full retention prunes old fulls and deltas. AGENTS.md requires: "For update/diff changes, include regression coverage for full + delta flows." The behavior it guards still exists in finalize.rs.
Re-duplicates the retained-artifacts derivation verbatim across surge-cli and surge-installer-ui (the deleted shared helper retained_artifacts_for_resolved_install_cache made both call sites one-liners); the two copies already differ in error handling.
The surge setup prune log line drops the "retained policy key count" field (the update path in finalize.rs kept it).
Decision needed: if reverting ef6c572 is intentional, reopen #181 with the rationale; otherwise keep the fix (or re-land the revert without these four regressions).
All 15 actions/checkout pins go v7→v6, reverting merged chore(deps): bump actions/checkout from 6 to 7 #177, with no ignore rule in .github/dependabot.yml and no recorded reason — the identical bump PR will reopen on the next weekly run.
Decision needed: if v6 / the older crates are genuinely required, add dependabot ignore entries and a comment saying why; otherwise drop these downgrades from the rollback.
Verified non-issues
cargo check --workspace --all-targets passes on the rolled-back tree.
The removed surge-core pub APIs (*_with_stats, InstallArtifactCachePruneResult, retained_artifacts_for_resolved_install_cache) shipped only in -beta prereleases — acceptable churn.
--source nuget.org resolves via dotnet/nuget.config; the packages: write permission removal has no other consumer; the checkout pins are at least internally consistent at v6.
Suggested path
git fetch and rebase the work onto current main (dabf4b4)
Express the intended undo as explicit git revert commits with rationale, not a tree rollback
Decide the NuGet publish destination(s); rotate/validate the key; add a token-presence guard
Add dependabot ignore rules if the checkout/cc/sysinfo downgrades are intentional
Found by max-effort multi-agent code review (10 finder angles, per-finding adversarial verification, gap sweep); evidence includes release run logs and commit archaeology.
Context
A pending (currently uncommitted) change rolls the tracked tree back to 3e90b26 — a byte-exact revert of everything in
3e90b26..dc47ff5(v1.0.0-beta.49): the artifact-cache prune fix ef6c572 (the fix for #181), the NuGet publishing changes (1d3e68b, 4678f2e, dc47ff5), and the merged dependabot bumps #177/#178/#179.A max-effort review of that diff surfaced the findings below. Filing them so each regression is a deliberate decision rather than a side effect of the rollback.
Base is stale: the rollback was computed from beta.49, but
mainis now 6 commits ahead (dabf4b4), including d3e2ee9 (tagged v1.0.0-beta.50) and PRs #187–#191. Landing it as-is would require a force-push (dropping a released commit frommain) or an unreviewed merge.Findings
1. Releases would have no working NuGet destination (critical)
dotnet nuget push --source nuget.org --api-key ${{ secrets.PETERSUNDE_NUGET_ORG_API_KEY }}— the exact configuration that failed the v1.0.0-beta.48 release with403 (The specified API key is invalid, has expired, or does not have permission)(run 28244679072). The secret has not been rotated since that failure.publish-nugethas no token-presence/validation guard (unlikepublish-cargo-crates-io), so any credential problem only surfaces at release time.Decision needed: intended destination(s) for Surge.NET (rotate the nuget.org key? keep GitHub Packages alongside?), plus a token guard in the job.
2. Reverts the #181 fix: silent prune failures + deleted regression coverage
surge-installer-uiprune_artifact_cache_for_packagediscards the pruneResult(let _ =), so GUI and headless installs report neither prune failures nor counts;setup.rsandfinalize.rsstill log. This reintroduces the silent stale-cache accumulation Prune stale local artifact cache after successful installs and updates #181 was filed about.test_download_and_apply_latest_full_artifact_retention_prunes_old_fulls_and_deltas— the only end-to-end coverage thatlatest_fullretention prunes old fulls and deltas. AGENTS.md requires: "For update/diff changes, include regression coverage for full + delta flows." The behavior it guards still exists infinalize.rs.surge-cliandsurge-installer-ui(the deleted shared helperretained_artifacts_for_resolved_install_cachemade both call sites one-liners); the two copies already differ in error handling.surge setupprune log line drops the "retained policy key count" field (the update path infinalize.rskept it).Decision needed: if reverting ef6c572 is intentional, reopen #181 with the rationale; otherwise keep the fix (or re-land the revert without these four regressions).
3. Dependency/action downgrades guarantee weekly dependabot churn
actions/checkoutpins go v7→v6, reverting merged chore(deps): bump actions/checkout from 6 to 7 #177, with noignorerule in.github/dependabot.ymland no recorded reason — the identical bump PR will reopen on the next weekly run.Cargo.lockreverts cc 1.2.65→1.2.64 and sysinfo 0.39.4→0.39.3 (merged chore(deps): bump sysinfo from 0.39.3 to 0.39.4 #178/chore(deps): bump cc from 1.2.64 to 1.2.65 #179);mainis already on sysinfo 0.39.5 (chore(deps): bump sysinfo from 0.39.4 to 0.39.5 #189), so the lock would land two patch releases behind.Decision needed: if v6 / the older crates are genuinely required, add dependabot
ignoreentries and a comment saying why; otherwise drop these downgrades from the rollback.Verified non-issues
cargo check --workspace --all-targetspasses on the rolled-back tree.surge-corepub APIs (*_with_stats,InstallArtifactCachePruneResult,retained_artifacts_for_resolved_install_cache) shipped only in-betaprereleases — acceptable churn.--source nuget.orgresolves viadotnet/nuget.config; thepackages: writepermission removal has no other consumer; the checkout pins are at least internally consistent at v6.Suggested path
git fetchand rebase the work onto currentmain(dabf4b4)git revertcommits with rationale, not a tree rollbackignorerules if the checkout/cc/sysinfo downgrades are intentionalFound by max-effort multi-agent code review (10 finder angles, per-finding adversarial verification, gap sweep); evidence includes release run logs and commit archaeology.