Review and trust
Remote dependencies change over time. ctxloom never silently adopts an upstream change from a remote you haven’t trusted — it stages the change for you to review first. Trusting a remote opts it out of review.
How changes arrive
ctxloom remote upgrade re-resolves your dependencies within their version
constraints (see Versioning, locking, and holds)
and moves the lockfile:
- From a trusted remote, the change is applied to the active lock immediately.
- From an untrusted remote, the new commit is staged in a pending lockfile for review — nothing is installed until you approve.
Passive ctxloom remote pull fetches exactly what the lock already pins and
stages nothing — review is only ever triggered by an upgrade.
Reviewing staged changes
ctxloom bundle review # List bundles with staged changesctxloom bundle show-pending <name> # Print a pending bundle's YAML + diff vs activectxloom bundle approve # Adopt the staged changes into the active lockctxloom bundle decline [name] # Discard the staged change (all, or one by name)approve merges the pending lockfile into the active one; your profile YAML is
never rewritten — only the lock moves. decline drops the pending change and
leaves the active lock untouched.
Holding an item
To stop a specific item from being proposed for upgrade at all, hold it:
ctxloom bundle hold <name> # freeze at the locked SHA (alias: pin)ctxloom bundle unhold <name> # release the hold (alias: unpin)A held item is skipped by upgrade and never surfaces in review.
Trusting a remote
Trust a remote to apply its upgrades without review:
ctxloom remote trust <name>This sets trust_bundles: true for the remote in .ctxloom/remotes.yaml. Trust is
per-remote — your own ctxloom-default or team remote can be trusted while a
third-party remote stays gated behind review.