One of the extensions we've been using inside Facebook, and that Pulkit
will be helping us upstream soon, is the directaccess extension. It
allows a user to pass the hash of hidden commits to the Mercurial
command line and those commits will be temporarily unhidden for the
duration of the command (instead of printing a 'abort: hidden revision'
error).
Since this differs from the current hidden commit behavior, I wanted to
document why we've found it useful, and what the extension does to
prevent dumb mistakes (like pushing a hidden commit by accidentally
pasting the wrong hash).
Motivation
===
One of the core lessons we've learned from our users is that it's
critical to instill confidence that they can recover from mistakes. In
our experience, allowing the user to see any commit they have the hash
for helps give them this confidence.
The current hidden experience makes this difficult. If a commit is
hidden and a user types 'hg log -r HIDDEN_HASH', they are blocked from
accessing that commit, despite them knowing the commit exists and
explicitly telling us they want to see it. Even worse, the error message
tells them to use --hidden, which gets them in the habit of using that
flag whenever something goes wrong, which can cause even more horrible
issues since most users don't understand what it actually does.
directaccess works by taking any explicit hash passed to the command and
makes that hash visible in the computehidden result set. So the command
proceeds as if the commit was not hidden. It only works for hashes, not
rev numbers.
Preventing Mistakes
===
One of the reasons for preventing users from accessing hidden commits is
to prevent them from doing bad things with them (like pushing them, or
amending them and causing divergence). To address this, directaccess
treats read commands, recoverable-write commands, and
unrecoverable-write commands separately.
For read commands (a whitelist of commands in the code), it allows the
user to access the commit like normal.
For recoverable-write commands, like commit/amend/rebase, it prints
"Warning: accessing hidden changesets %s for write operation".
For unrecoverable-write commands (a whitelist), like push and serve, it
blocks the command like normal, with the 'abort: hidden revision' error.
Questions?
===
We think this strikes a good balance between making it easy for users to
access the commits they care about, while preventing the most painful
mistakes.
Let me know if you have any concerns. I wanted to get any discussion out
of the way now, before we start sending code out.
directaccess source code:
https://bitbucket.org/facebook/hg-experimental/src/c29e61682661e4b1eb86570ba4c2a58aa75ff7a3/hgext3rd/directaccess.py
_______________________________________________
Mercurial-devel mailing list
Mercurial-devel@mercurial-scm.org
https://www.mercurial-scm.org/mailman/listinfo/mercurial-devel
