Lab: Datastore auto-update in resolve_datastore.ts uses force:true, risking silent overwrite of local edits

Problem

src/cli/resolve_datastore.ts:132 calls installExtension with force: true inside the pullExtension callback of maybeAutoUpdateDatastoreExtension. When the registry has a newer version of a datastore extension than the user has on disk, auto-update fires and silently overwrites the pulled directory — including any local edits the user made — without a prompt or warning.

Same data-loss family as swamp-club#121 (auto-resolver force-pull), but a different trigger (version-behind rather than type-not-found) and a different fix shape: auto-update by definition wants to replace the prior install, so isInstalled skip-and-surface (the #121 fix) doesn't apply here. Need per-file change detection (e.g. a content hash of the extracted files at install time, compared on each auto-update attempt) to distinguish "clean install, safe to overwrite" from "user has local edits, refuse to clobber".

Scope of affected code

src/cli/resolve_datastore.ts:132 — force: true in pullExtension callback
src/libswamp/extensions/pull.ts — would need to record a per-file manifest anchor at install time (the existing SHA-256 is over the archive tarball, insufficient for detecting extracted-file modifications)

Suggested fix direction

At install time, compute and store a per-file content anchor in upstream_extensions.json alongside the existing archive checksum. On auto-update, before overwriting, recompute the anchor from current on-disk files; if it differs from the stored value, surface a "local edits detected" error with swamp extension pull <name> --force as the opt-in command, matching the pattern swamp-club#121 established for auto-resolve.

Context

Discovered during swamp-club#121 investigation. Explicitly out of scope of #121's fix so that data-loss fix could ship with tight scope. Tracking separately here.

Add swamp data delete command to remove a data artifact by model and name

add `swamp doctor extensions` subcommand for on-demand extension load diagnostics

AI agent skipped adversarial review step before smoke testing extension code

Better Auth rejects requests on hostnames not in hardcoded trustedOrigins (signup/signin broken on non-canonical hosts)

Local extension models in extensions/models are not discovered in fresh repo tutorial flow

ticket 1138 not clear - can we still use github?

Drag Windows into the Swamp

Add `swamp extension test` command to run built-in extension tests with coverage

swamp repo init --tool kiro does not create .kiro/settings/cli.json

Support multi-agent repo initialization (multiple --tool targets)

CLI dumps 300-line Cliffy Command object on unknown flags / subcommands

Docs: repository-configuration.md missing defaultDriver / defaultDriverConfig

Server-side parse query params on /lab/all so refresh preserves multi-filter URLs

fast-path sidecar TOCTOU: post-op HEAD can record generation from a concurrent writer's push, masking their data on next sync

Scorer should honour files/deno.json imports so bare specifiers resolve

@swamp/gcs-datastore: same minutes-slow zero-diff sync cliff as lab/164; mirror fingerprint fast path

cleanup for repoDriver

swamp datastore sync is minutes-slow at 4k-file scale even with zero-diff; outer 300s timeout fires

swamp-extension-publish skill: add quality rubric check before push

New @swamp extension: extension quality rubric checker for CI

swamp-extension-quality and swamp-extension-publish skills don't guide zod import map resolution for scorer

swamp repo upgrade deletes extension model source files

Add repo-level `defaultDriver` to `.swamp.yaml`

User report extensions registered lazily are silently skipped during method execution

swamp extension install: datastore push hangs ~8.5m then crashes with Deno TLS panic (tls_wrap.rs:1918 unwrap on None)

Add a preflight diagnostic for AI-tool audit integrations (so upstream CLI changes stop breaking us silently)

audit record --from-hook silently drops input from kiro-cli postToolUse hooks

codegen pipelines don't detect _lib/*.ts changes so manifest CalVer never bumps

Link to namespace extensions listing from profile pages

Trailing slash on /extensions/@<namespace>/ returns 404

No way to browse all extensions belonging to a collective by URL

DatastoreProvider.resolveCachePath declared optional but silently required at runtime

Accept-invite link returns HTML instead of JSON, breaking collective join

additionalFiles flatten to basenames on push and lack a runtime access API, creating a source-vs-pulled layout mismatch

Extension search returns inflated results for quoted phrase queries

Docs: document jsr:/https: imports and non-local pinning convention in user-facing manual

First-class jsr: specifier support in extension bundler

Cross-extension code sharing via manifest exports field

Extension models: document/resolve implicit-any in execute parameters when imported by test files

extension yank: allow unyank and version-specific yanks

extension source add does not discover brand new types — only overrides already-pulled types

Add light mode to swamp.club and swamp open UI

Add 'swamp open' command to open the swamp.club web UI

Add light mode to swamp.club website

Datastore sync surfaces opaque errors from extensions verbatim — no status code or body preview

@swamp/s3-datastore: first-attempt 403 masked as "UnknownError" from AWS SDK deserializer

Extension auto-resolve reports "already_installed" for truncated pulled-extension trees

Email delivery for mention notifications

Auto-update WARN is silent in --json mode (logger suppresses non-fatal)

open.ts web UI uses force:true pullExtension, same data-loss family as #126

Port bundle_freshness (content-fingerprint cache invalidation) to reports / drivers / datastores / vaults loaders

Mentions and notifications system for issues

Datastore auto-update in resolve_datastore.ts uses force:true, risking silent overwrite of local edits

Per-repo user-extension bundle cache doesn't invalidate on source changes

Adding methods to in-body `methods:{}` on `export const model` doesn't re-register

User extensions silently dropped when base type not yet registered at scan time

Footer floats when page content is shorter than viewport

workflow validate can silently overwrite local edits to pulled extensions via force-pull in auto-resolver

Extension pull should namespace files by extension to prevent filename collisions

Update CLAUDE.md co-author instructions to use swamp-club issue author lookup

Add swamp issue get CLI command to fetch issue details

swamp-club API: include issue author in GET /api/v1/lab/issues/{number} response

Install command curl-pipe-sh overflows the component on swamp.club homepage

'Assigned to me' overlaps 'Privacy policy' on short viewports

Collapsible left rail and repositionable right rail in Lab

Usernames aren't linked to their profile pages

Filter lab issues by author (opened by user)

Add skills extension type for bundling agent/human guidance documents

Remove traffic lights in column 2 of /lab

Multi-select combo filtering on /lab

data gc skips version-count GC when no lifetime-expired data exists

Content filter should identify the flagged word or phrase

Bog flow: text rendering and layout issues

Flow modal: text rendering issues

Normalize text sizing across issue list and detail views

Description 'Show more' button appears even when text fits

Inline editing: click-to-edit fields instead of pencil icons

Persist lab filter selection in localStorage

Update how-to guide with swamp-extension-publish skill

Fix incorrect favicon in Google search results