Context
Sub 2 of Epic #11731 (Server-side tenant-repo ingestion for cloud Agent OS deployments), graduated from Discussion #11782. This sub implements the Credentialed Repo-Access Contract — Discussion #11782's OQ6, the graduation blocker that GPT cleared ([GRADUATION_APPROVED]).
The Problem
Server-side tenant-repo cloning requires git credentials. The load-bearing constraint: the deployment must never store secret material, and must never leak it into a URL-at-rest, process args, logs, persisted state, manifests, parsed-chunk-v1 metadata, or graph-visible config.
The Architectural Reality
The full Contract Ledger Matrix is in Epic #11731's body. This sub owns the config-entry surface + validation + the redaction backstop. Transient credential injection itself belongs to sub 3's GitMirror primitive; the diff/ingest path is sub 4.
The Fix
- Tenant-repo config schema + loader: each entry holds
cloneUrl (the clean URL — no userinfo@), credentialRef (an env-var name / deploy-key file path / credential-helper name — a reference, never the token bytes), and repoSlug (explicit, or strict-normalized from cloneUrl as {host}/{org}/{repo}).
- Config validation: a
cloneUrl matching a userinfo@ credential pattern is rejected at load with a clear error.
- A runtime secret-redaction helper applied to captured git stdout/stderr, error messages, telemetry, and the health/readiness surface.
- File placement validated via
structural-pre-flight at implementation (candidate: the cloud-deployment config layer alongside the existing tenant-ingestion config).
Acceptance Criteria
Out of Scope
- The
GitMirror primitive and the actual clone/fetch (sub 3 / #11731).
- The diff-to-ingest envelope builder (sub 4 / #11731).
Related
- Parent epic: #11731 — the full Credentialed Repo-Access Contract Ledger Matrix is in its body.
- Origin Discussion: #11782 (OQ6).
Origin Session ID
39185c66-a107-46ea-b0bf-eb4fa1137257
Context
Sub 2 of Epic #11731 (Server-side tenant-repo ingestion for cloud Agent OS deployments), graduated from Discussion #11782. This sub implements the Credentialed Repo-Access Contract — Discussion #11782's OQ6, the graduation blocker that GPT cleared (
[GRADUATION_APPROVED]).The Problem
Server-side tenant-repo cloning requires git credentials. The load-bearing constraint: the deployment must never store secret material, and must never leak it into a URL-at-rest, process args, logs, persisted state, manifests,
parsed-chunk-v1metadata, or graph-visible config.The Architectural Reality
The full Contract Ledger Matrix is in Epic #11731's body. This sub owns the config-entry surface + validation + the redaction backstop. Transient credential injection itself belongs to sub 3's
GitMirrorprimitive; the diff/ingest path is sub 4.The Fix
cloneUrl(the clean URL — nouserinfo@),credentialRef(an env-var name / deploy-key file path / credential-helper name — a reference, never the token bytes), andrepoSlug(explicit, or strict-normalized fromcloneUrlas{host}/{org}/{repo}).cloneUrlmatching auserinfo@credential pattern is rejected at load with a clear error.structural-pre-flightat implementation (candidate: the cloud-deployment config layer alongside the existing tenant-ingestion config).Acceptance Criteria
cloneUrl/credentialRef/repoSlug.userinfo@)cloneUrlvalues with a clear error.repoSlug+ mirror-path derivation produce no credential material.Out of Scope
GitMirrorprimitive and the actual clone/fetch (sub 3 / #11731).Related
Origin Session ID
39185c66-a107-46ea-b0bf-eb4fa1137257