refactor(bare): enhance security and performance optimizations

- Remove unnecessary sorting in advertise_refs for deterministic output
- Add path traversal detection and validation in bare_dir construction
- Implement symlink resolution checks to prevent security vulnerabilities
- Refactor cache system with CRC validation and improved metrics
- Integrate repo-specific cache invalidation using indexed keys
- Add comprehensive unit tests for commit operations and diff functionality
- Move configuration constants to centralized config module
- Optimize string operations in disk cache random value generation
- Enhance license detection algorithm with cleaner matching logic
- Streamline argument processing in various git operations
- Update dependencies including crc32fast and flate2 for performance
- Add signal handling capability to tokio runtime configuration

hooks/runner.rs

@@ -159,8 +159,29 @@ fn run_single_script(script_path: &Path, stdin_data: &[u8], timeout: Duration) -
                         timeout_secs = timeout.as_secs(),
                         "hook script timed out, killing"
                     );
-                    let _ = c.kill();
-                    let _ = c.wait();
+                    if let Err(e) = c.kill() {
+                        tracing::error!(
+                            script = %script_path.display(),
+                            error = %e,
+                            "failed to kill timed-out hook"
+                        );
+                    }
+                    match c.wait() {
+                        Ok(status) => {
+                            tracing::debug!(
+                                script = %script_path.display(),
+                                exit_code = ?status.code(),
+                                "killed hook process reaped"
+                            );
+                        }
+                        Err(e) => {
+                            tracing::error!(
+                                script = %script_path.display(),
+                                error = %e,
+                                "failed to reap killed hook"
+                            );
+                        }
+                    }
                     HookResult::rejected(format!(
                         "hook script timed out after {}s: {}",
                         timeout.as_secs(),
@@ -168,8 +189,23 @@ fn run_single_script(script_path: &Path, stdin_data: &[u8], timeout: Duration) -
                     ))
                 }
                 Err(e) => {
-                    let _ = c.kill();
-                    let _ = c.wait();
+                    tracing::error!(
+                        script = %script_path.display(),
+                        error = %e,
+                        "hook script wait error"
+                    );
+                    if let Err(kill_err) = c.kill() {
+                        tracing::error!(
+                            error = %kill_err,
+                            "failed to kill hook after wait error"
+                        );
+                    }
+                    if let Err(wait_err) = c.wait() {
+                        tracing::error!(
+                            error = %wait_err,
+                            "failed to reap hook after wait error"
+                        );
+                    }
                     HookResult::rejected(format!("hook script wait error: {e}"))
                 }
             }