feat: sparse checkout deny-all-by-default (modified cone pattern)#48
Draft
feat: sparse checkout deny-all-by-default (modified cone pattern)#48
Conversation
…ttern)
Automatically prepend `!/*` to every sparse-checkout file so that all
paths are excluded by default and only the user-listed include patterns
are checked out. This is the "modified cone pattern" approach referenced
in the issue and in git's own documentation.
Changes:
- Add `SPARSE_DENY_ALL` module-level constant ("!/*") to git_manager.rs
- Add `build_deny_all_sparse_patterns()` helper that strips blank entries
and prepends the deny-all pattern when not already present
- Update `configure_sparse_checkout()` to normalize patterns before writing
- Update `check_sparse_checkout_status()` to filter `!/*` from both sides
during comparison so only user-specified patterns are compared
- Update module-level doc to describe the new model
- Rewrite `sparse_paths` docs in sample_config/submod.toml
- Add two new integration tests: deny_all_prefix and deny_all_not_duplicated
Agent-Logs-Url: https://github.com/bashandbone/submod/sessions/235c0eba-a389-4ba4-83c3-307e5f52e651
Co-authored-by: bashandbone <89049923+bashandbone@users.noreply.github.com>
Copilot
AI
changed the title
[WIP] Enhance management of sparse paths for ease of use
feat: sparse checkout deny-all-by-default (modified cone pattern)
Apr 4, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Sparse checkout pattern management is notoriously error-prone because users must understand git's last-match-wins gitignore semantics. This implements the "modified cone pattern" model:
!/*is automatically prepended to every sparse-checkout file, so users only declare what they want — no manual negation or ordering knowledge required.Core changes
SPARSE_DENY_ALLconstant ("!/*") — single source of truth, module-level ingit_manager.rsbuild_deny_all_sparse_patterns()— normalizes patterns before writing:--sparse-paths "")!/*unless already present (no duplication)configure_sparse_checkout()— calls the normalizer; all sparse-checkout files now start with!/*check_sparse_checkout_status()— filters!/*from both sides before comparison so status reflects only user-specified patternsConfig / docs
sample_config/submod.tomlsparse_pathsdocs updated to show what git patterns are actually written:Tests
Two new integration tests:
test_sparse_checkout_deny_all_prefix— asserts!/*is the first line and only declared dirs exist in the working treetest_sparse_checkout_deny_all_not_duplicated— asserts!/*appears exactly once when the user already supplies itWarning
Firewall rules blocked me from connecting to one or more addresses (expand for details)
I tried to connect to the following addresses, but was blocked by firewall rules:
invalid-host/home/REDACTED/work/submod/submod/target/debug/submod /home/REDACTED/work/submod/submod/target/debug/submod add git@invalid-host:user/repo.git --name invalid-test --path lib/invalid(dns block)/usr/bin/ssh /usr/bin/ssh -o SendEnv=GIT_PROTOCOL git@invalid-host git-upload-pack 'user/repo.git' -b main /usr/bin/git /tmp/.tmpc6QsfH/git git de/node/bin/git git subm�� deinit --all tnet/tools/git -b main t gettext(dns block)/home/REDACTED/work/submod/submod/target/debug/submod /home/REDACTED/work/submod/submod/target/debug/submod add git@invalid-host:user/repo.git --name invalid-test --path lib/invalid mod README.md git nfig/composer/veuser.email mod add . it k/_temp/ghcca-node/node/bin/git lib/sparse-reinigit read-tree p/bin/git git(dns block)nonexistent.domain.invalid/home/REDACTED/work/submod/submod/target/debug/submod /home/REDACTED/work/submod/submod/target/debug/submod add REDACTED --name invalid-test --path lib/invalid mod /opt/pipx_bin/gigit(dns block)/usr/lib/git-core/git-remote-http /usr/lib/git-core/git-remote-http origin REDACTED git rev-�� rk git ck -b main nfig/composer/veadd git t user.email large_repo.git ndor/bin/git file:///tmp/.tmpgit --name k/_temp/ghcca-no--cached sed(dns block)/home/REDACTED/work/submod/submod/target/debug/submod /home/REDACTED/work/submod/submod/target/debug/submod add REDACTED --name invalid-test --path lib/invalid ndor/bin/git --pack_header=2,git -q e/git git conf�� user.email test@example.com k/_temp/ghcca-node/node/bin/git --bare tname) e/git sed(dns block)nonexistent.invalid.domain.test/home/REDACTED/work/submod/submod/target/debug/submod /home/REDACTED/work/submod/submod/target/debug/submod add REDACTED --name timeout-test --path lib/timeout ndor/bin/git /tmp/.tmpeOtKBD/git t p/bin/git git conf�� user.name(dns block)/usr/lib/git-core/git-remote-http /usr/lib/git-core/git-remote-http origin REDACTED git chec�� -b main e(dns block)/home/REDACTED/work/submod/submod/target/debug/submod /home/REDACTED/work/submod/submod/target/debug/submod add REDACTED --name timeout-test --path lib/timeout /home/REDACTED/.dotnet/tools/git t git t git clea�� large_repo_work /bin/sh it low git-receive-packcheckout de/node/bin/git git(dns block)If you need me to access, download, or install something from one of these locations, you can either: