One of the extensions we've been using inside Facebook, and that Pulkit will be helping us upstream soon, is the directaccess extension. It allows a user to pass the hash of hidden commits to the Mercurial command line and those commits will be temporarily unhidden for the duration of the command (instead of printing a 'abort: hidden revision' error).

Since this differs from the current hidden commit behavior, I wanted to document why we've found it useful, and what the extension does to prevent dumb mistakes (like pushing a hidden commit by accidentally pasting the wrong hash).

Motivation
===

One of the core lessons we've learned from our users is that it's critical to instill confidence that they can recover from mistakes. In our experience, allowing the user to see any commit they have the hash for helps give them this confidence.

The current hidden experience makes this difficult. If a commit is hidden and a user types 'hg log -r HIDDEN_HASH', they are blocked from accessing that commit, despite them knowing the commit exists and explicitly telling us they want to see it. Even worse, the error message tells them to use --hidden, which gets them in the habit of using that flag whenever something goes wrong, which can cause even more horrible issues since most users don't understand what it actually does.

directaccess works by taking any explicit hash passed to the command and makes that hash visible in the computehidden result set. So the command proceeds as if the commit was not hidden. It only works for hashes, not rev numbers.

Preventing Mistakes
===

One of the reasons for preventing users from accessing hidden commits is to prevent them from doing bad things with them (like pushing them, or amending them and causing divergence). To address this, directaccess treats read commands, recoverable-write commands, and unrecoverable-write commands separately.

For read commands (a whitelist of commands in the code), it allows the user to access the commit like normal.

For recoverable-write commands, like commit/amend/rebase, it prints "Warning: accessing hidden changesets %s for write operation".

For unrecoverable-write commands (a whitelist), like push and serve, it blocks the command like normal, with the 'abort: hidden revision' error.

Questions?
===

We think this strikes a good balance between making it easy for users to access the commits they care about, while preventing the most painful mistakes.

Let me know if you have any concerns. I wanted to get any discussion out of the way now, before we start sending code out.


directaccess source code: https://bitbucket.org/facebook/hg-experimental/src/c29e61682661e4b1eb86570ba4c2a58aa75ff7a3/hgext3rd/directaccess.py
_______________________________________________
Mercurial-devel mailing list
Mercurial-devel@mercurial-scm.org
https://www.mercurial-scm.org/mailman/listinfo/mercurial-devel

Reply via email to