feat(worktree): safe worktree → PR → merge → remove lifecycle plugin#10
Merged
Conversation
New `worktree` tool plugin (default-bundle, kind=["tool"]). One tool with
subcmd ∈ {list, start, pr, merge, finish} wrapping the git-worktree + gh-PR
lifecycle so a change is built on an isolated branch checkout, PR'd,
merged, and the worktree cleaned up — never touching the main tree.
- start {slug} → worktree at /tmp/wilson-wt-<slug> on feat/<slug>;
refuses if the branch or path already exists
- pr {slug,title?,body?,base?} → push + `gh pr create`; refuses a dirty
worktree or one with no commits ahead of base
- merge {slug} → `gh pr merge feat/<slug> --merge --delete-branch`
- finish {slug,force?} → `git worktree remove` + verify; refuses a dirty
worktree unless force=true
- list → `git worktree list`
Safety (AGENTS.tape g6 — "worktrees have flaked"): every step is
rc-checked; destructive steps have explicit guards with distinct exit
codes. `slug` is validated to [a-z0-9-] — it is interpolated into shell
commands, so the allow-list is a hard injection gate; title/body/cwd are
shquote()-d. Worktree path is /tmp/wilson-wt-<slug> (ephemeral, off the
repo tree, tmp-cleaned — per directive). Mirrors the bridge-git tool
pattern (exec_with_status, structured ToolResult, graceful absence).
Registration: core/dispatch_table.hexa (use + arm + dispatch_static_ids +
bundled_manifests), plugins/_bundle, core/loader.hexa taxonomy (io/bridge).
Built itself via the very flow it automates: git worktree add → moved to
/tmp → build/verify → PR → merge → remove (dogfood).
Verified: wilson build OK; wilson test 23/23; test_worktree.hexa selftest
ok (slug allow-list incl. injection cases, sh-builder guards, dispatch
fail-loud); `wilson tool worktree --subcmd list` → real git worktree
list; `--slug 'a;rm-rf'` → injection slug rejected; plugin info worktree
registered.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
New
worktreetool plugin (default-bundle) that automates a safeisolated-branch workflow: build a change in a worktree, PR it, merge,
clean up — never touching the main working tree.
One
worktreetool,subcmd∈ {list, start, pr, merge, finish}:/tmp/wilson-wt-<slug>onfeat/<slug>;refuses if the branch/path exist
gh pr create; refuses adirty worktree or one with no commits ahead of base
gh pr merge feat/<slug> --merge --delete-branchgit worktree remove+ verify; refuses adirty worktree unless force=true
git worktree listSafety
AGENTS.tape g6 ("worktrees have flaked"): every step rc-checked;
destructive steps have explicit guards + distinct exit codes.
slugisvalidated to
[a-z0-9-]— a hard shell-injection gate since it isinterpolated into commands; title/body/cwd are
shquote()-d. Worktreepath is
/tmp/wilson-wt-<slug>(ephemeral, off the repo tree).Test
wilson buildOK;wilson test23/23;test_worktree.hexaselftest ok(slug allow-list incl. injection cases, sh-builder guards, dispatch
fail-loud);
wilson tool worktree --subcmd list→ realgit worktree list;--slug 'a;rm-rf'→ rejected.Built via the flow it automates (worktree add → /tmp → PR → merge →
remove) as dogfood.
🤖 Generated with Claude Code