npm - @andyqiu/codeforge - Versions diffs - 0.6.6 → 0.6.8 - Mend

@andyqiu/codeforge 0.6.6 → 0.6.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/dist/index.js +134 -13
package/package.json +1 -1

package/dist/index.js CHANGED Viewed

@@ -10677,7 +10677,9 @@ var ArgsSchema4 = z4.object({
   source: z4.enum(["reviewer", "codeforge-fallback"]).optional().describe("写入来源；默认 'reviewer'，codeforge 补写时传 'codeforge-fallback'"),
   reviewerAgent: z4.string().optional().describe("写入 agent name（默认 'reviewer'；fallback 时为 'codeforge'）"),
   sessionId: z4.string().optional().describe("reviewer 子 session id（boomerang 溯源用，可选）"),
-  model: z4.string().optional().describe("审批模型 id（审计用，可选）")
+  model: z4.string().optional().describe("审批模型 id（审计用，可选）"),
+  coveredSha: z4.string().optional().describe("approval 写入时 worktree HEAD sha；reviewer 调此工具时传入（git -C <worktreePath> rev-parse HEAD）。pre-check 强绑定核心字段，缺失则 pre-check 不命中。ADR:merge-approval-pre-check"),
+  reviewTarget: z4.string().optional().describe("本次审阅的 review_target 值（reviewer.md 词表：code / code:typescript / code:python / code:csharp-lua-c / plan_only / adr / docs / decision_only）。pre-check 仅放行 startsWith('code') 的值；缺失或其他值均不命中。ADR:merge-approval-pre-check")
 });
 var _approvalStore = null;
 function getApprovalStore() {
@@ -10711,6 +10713,8 @@ async function execute4(input) {
       decisionLine: args.decisionLine ?? args.verdict,
       notes: args.notes,
       createdAt: now,
+      ...args.coveredSha ? { coveredSha: args.coveredSha } : {},
+      ...args.reviewTarget ? { reviewTarget: args.reviewTarget } : {},
       escapeHatch: null
     };
     const file = await approvals.record(meta);
@@ -12375,7 +12379,11 @@ async function pruneOrphanWorktrees(mainRoot, opts = {}) {
 // lib/merge-gate.ts
 import { promises as fs11 } from "node:fs";
 import * as path14 from "node:path";
-var DEFAULT_MERGE_GATE_CONFIG = { enabled: true };
+var DEFAULT_MERGE_GATE_CONFIG = {
+  enabled: true,
+  approvalPreCheck: true,
+  preCheckTtlSeconds: 3600
+};
 var CONFIG_REL = ".codeforge/merge-gate.json";
 async function loadMergeGate(mainRoot) {
   const file = path14.join(mainRoot, CONFIG_REL);
@@ -12387,29 +12395,40 @@ async function loadMergeGate(mainRoot) {
     if (e.code === "ENOENT")
       return { ...DEFAULT_MERGE_GATE_CONFIG };
     console.warn(`[merge-gate] 读取 ${CONFIG_REL} 失败，fail-safe 退化为 enabled=false: ${e.message}`);
-    return { enabled: false };
+    return { enabled: false, approvalPreCheck: false };
   }
   let parsed;
   try {
     parsed = JSON.parse(raw);
   } catch (err) {
     console.warn(`[merge-gate] ${CONFIG_REL} JSON 解析失败，fail-safe 退化为 enabled=false: ${err instanceof Error ? err.message : String(err)}`);
-    return { enabled: false };
+    return { enabled: false, approvalPreCheck: false };
   }
   if (!parsed || typeof parsed !== "object") {
     console.warn(`[merge-gate] ${CONFIG_REL} 顶层非 object，fail-safe 退化为 enabled=false`);
-    return { enabled: false };
+    return { enabled: false, approvalPreCheck: false };
   }
   const obj = parsed;
   const enabled = typeof obj["enabled"] === "boolean" ? obj["enabled"] : DEFAULT_MERGE_GATE_CONFIG.enabled;
-  return { enabled };
+  const approvalPreCheck = typeof obj["approvalPreCheck"] === "boolean" ? obj["approvalPreCheck"] : DEFAULT_MERGE_GATE_CONFIG.approvalPreCheck ?? false;
+  let preCheckTtlSeconds = DEFAULT_MERGE_GATE_CONFIG.preCheckTtlSeconds ?? 3600;
+  const rawTtl = obj["preCheckTtlSeconds"];
+  if (typeof rawTtl === "number" && rawTtl > 0) {
+    if (rawTtl > 86400) {
+      console.warn(`[merge-gate] preCheckTtlSeconds=${rawTtl} 超过 24h 上界，截断为 86400`);
+      preCheckTtlSeconds = 86400;
+    } else {
+      preCheckTtlSeconds = rawTtl;
+    }
+  }
+  return { enabled, approvalPreCheck, preCheckTtlSeconds };
 }
 // lib/merge-loop.ts
 var DEFAULT_MERGE_LOOP_CONFIG = {
   maxReviewLoops: 3,
   autoCoder: true,
-  reviewTimeoutMs: 180000,
+  reviewTimeoutMs: 360000,
   coderTimeoutMs: 600000,
   abortDirtyStrategy: "checkpoint"
 };
@@ -12447,6 +12466,43 @@ async function runMergeLoop(opts) {
     });
     return { status: "force_merged", commitSha: sha, loops: 0 };
   }
+  if (mergeGate.enabled && mergeGate.approvalPreCheck) {
+    progress("approval_pre_check", "检查既有 approval 是否可跳过 reviewer");
+    const preStore = opts.__testHooks?.approvalStore ?? ApprovalStore.forProject(opts.mainRoot);
+    const hit = await tryApprovalPreCheck({ opts, entry, mergeGate, store: preStore });
+    if (hit.ok) {
+      await maybeAbort(opts, config, entry);
+      if (typeof preStore.recordEscape === "function") {
+        await preStore.recordEscape({
+          pendingId: `session:${opts.sessionId}`,
+          timestamp: new Date().toISOString(),
+          agent: "codeforge-pre-check",
+          sessionId: opts.sessionId,
+          reason: `approval-pre-check: skipped reviewer (coveredSha=${hit.coveredSha})`,
+          pendingMeta: {
+            target: "worktree",
+            sourceHash: hit.coveredSha,
+            newSize: 0
+          }
+        }).catch((err) => {
+          console.warn(`[merge-loop] pre-check recordEscape 失败 (session=${opts.sessionId}): ${err instanceof Error ? err.message : String(err)}`);
+        });
+      }
+      progress("approval_pre_check", `skip_review | reviewTarget=${hit.reviewTarget} | coveredSha=${hit.coveredSha.slice(0, 12)} | ttlOk`);
+      const { sha } = await mergeSessionBack({
+        sessionId: opts.sessionId,
+        mainRoot: opts.mainRoot
+      });
+      return {
+        status: "skipped_by_approval",
+        commitSha: sha,
+        loops: 0,
+        finalDecision: "APPROVE",
+        lastReviewSummary: `approval-pre-check 命中：coveredSha=${hit.coveredSha}, reviewTarget=${hit.reviewTarget}`
+      };
+    }
+    progress("approval_pre_check", `未命中(${hit.reason})，走 review-loop`);
+  }
   while (true) {
     await maybeAbort(opts, config, entry);
     loops += 1;
@@ -12667,6 +12723,44 @@ async function handleAbortDirty(opts, config, entry) {
     console.warn(`[merge-loop] abort-dirty 处理失败 (session=${opts.sessionId}): ${err instanceof Error ? err.message : String(err)}`);
   }
 }
+async function tryApprovalPreCheck(args) {
+  const { opts, entry, mergeGate, store } = args;
+  const isDirty = opts.__testHooks?.isWorktreeDirty ?? isWorktreeDirty;
+  const headOf = opts.__testHooks?.getCurrentWorktreeHead ?? getCurrentWorktreeHead;
+  let dirty;
+  try {
+    dirty = await isDirty(entry.worktreePath);
+  } catch {
+    return { ok: false, reason: "dirty-check-failed" };
+  }
+  if (dirty)
+    return { ok: false, reason: "dirty" };
+  let approval;
+  try {
+    approval = await store.getLatest(`session:${opts.sessionId}`);
+  } catch (err) {
+    console.warn(`[merge-loop] pre-check getLatest 失败 (session=${opts.sessionId}): ${err instanceof Error ? err.message : String(err)}`);
+    return { ok: false, reason: "no-approval" };
+  }
+  if (!approval)
+    return { ok: false, reason: "no-approval" };
+  if (approval.verdict !== "APPROVE" && approval.verdict !== "APPROVE_WITH_NOTES") {
+    return { ok: false, reason: "verdict" };
+  }
+  if (approval.reviewTarget?.startsWith("code") !== true) {
+    return { ok: false, reason: "target" };
+  }
+  if (!approval.coveredSha)
+    return { ok: false, reason: "no-covered-sha" };
+  const head = await headOf(entry.worktreePath);
+  if (approval.coveredSha !== head)
+    return { ok: false, reason: "sha-mismatch" };
+  const ttlSeconds = Math.min(mergeGate.preCheckTtlSeconds ?? 3600, 86400);
+  const age = Date.now() - Date.parse(approval.createdAt);
+  if (!(age <= ttlSeconds * 1000))
+    return { ok: false, reason: "ttl-expired" };
+  return { ok: true, coveredSha: approval.coveredSha, reviewTarget: approval.reviewTarget };
+}
 function isAbortError(err) {
   return err instanceof Error && err.name === "AbortError";
 }
@@ -14124,7 +14218,7 @@ class ProductionSpawner {
         prompt,
         title: `[merge-review] sess=${args.sessionId.slice(0, 8)} r=${args.round}/${args.maxRounds}`,
         ...args.signal ? { signal: args.signal } : {},
-        timeoutMs: this.opts.reviewerTimeoutMs ?? 180000
+        timeoutMs: this.opts.reviewerTimeoutMs ?? 360000
       }, args.sessionId);
     } catch (err) {
       throw err;
@@ -19889,7 +19983,7 @@ import * as zlib from "node:zlib";
 // lib/version-injected.ts
 function getInjectedVersion() {
   try {
-    const v = "0.6.6";
+    const v = "0.6.8";
     if (typeof v === "string" && /^\d+\.\d+\.\d+/.test(v)) {
       return v;
     }
@@ -21345,8 +21439,7 @@ function formatLazyBindDenyReason(input) {
 var CLASS_B_CALLER_WHITELIST = new Set([
   "codeforge",
   "reviewer",
-  "reviewer-lite",
-  "general"
+  "reviewer-lite"
 ]);
 var MERGE_CALLER_WHITELIST = new Set([
   "codeforge",
@@ -21558,10 +21651,38 @@ var sessionWorktreeGuardPlugin = async (ctx) => {
         try {
           entry = await getSessionWorktree(sessionId, mainRoot);
         } catch (err) {
-          log13.warn(`getSessionWorktree failed (跳过本次检查)`, {
+          const errMsg = err instanceof Error ? err.message : String(err);
+          if (isWriteOperation(toolName, argsObj, mainRoot)) {
+            log13.warn(`[registry-fail-closed] DENY (getSessionWorktree failed)`, {
+              sessionId,
+              mainRoot,
+              tool: toolName,
+              error: errMsg
+            });
+            safeWriteLog(PLUGIN_NAME22, {
+              hook: "tool.execute.before",
+              tool: toolName,
+              sessionID: input.sessionID,
+              action: "deny",
+              source: "registry-query-failed",
+              error: errMsg
+            });
+            denied = new DeniedError(`[session-worktree-guard] DENIED: session ${sessionId} 的 worktree 绑定信息查询失败` + `（${errMsg}），为防止写操作污染主工作区已拒绝执行。请重试；持续失败请检查 registry ` + `文件或设 CODEFORGE_DISABLE_WORKTREE_GUARD=1 显式放弃隔离`);
+            return;
+          }
+          log13.warn(`getSessionWorktree failed (只读放行)`, {
             sessionId,
             mainRoot,
-            error: err instanceof Error ? err.message : String(err)
+            tool: toolName,
+            error: errMsg
+          });
+          safeWriteLog(PLUGIN_NAME22, {
+            hook: "tool.execute.before",
+            tool: toolName,
+            sessionID: input.sessionID,
+            action: "skip",
+            source: "registry-query-failed-readonly",
+            is_write: false
           });
           return;
         }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@andyqiu/codeforge",
-  "version": "0.6.6",
+  "version": "0.6.8",
   "description": "CodeForge — opencode 的零侵入扩展包",
   "type": "module",
   "private": false,