@bookedsolid/rea 0.10.2 → 0.11.0

package/.husky/pre-push

@@ -1,180 +1,35 @@
 #!/bin/sh
-# rea:husky-pre-push-gate v1
-# rea:gate-body-v1
-# .husky/pre-push — rea governance gate for terminal-initiated pushes.
+# rea:husky-pre-push-gate v2
+# rea:gate-body-v2
 #
-# Mirrors the logic of `.claude/hooks/push-review-gate.sh` but consumes the
-# git pre-push stdin contract directly (one line per refspec:
-#   <local_ref> <local_sha> <remote_ref> <remote_sha>).
+# Husky pre-push hook installed by `rea init` / `rea upgrade`. Do NOT
+# edit by hand — the file is refreshed on every rea upgrade.
 #
-# Minimum viable check — NOT a full replacement for the Claude Code gate:
-#   1. If `.rea/HALT` exists, block.
-#   2. If the push touches a protected path AND policy.review.codex_required
-#      is not explicitly false, require a `codex.review` audit entry for the
-#      HEAD SHA (or REA_SKIP_CODEX_REVIEW env var for a one-off bypass).
-#
-# Escape hatch: REA_SKIP_CODEX_REVIEW=<reason> bypasses the protected-path
-# check. The skip record is appended by `push-review-gate.sh` in the Claude
-# Code path; for terminal pushes, export the variable AND append a skip
-# record manually if you want it in the audit trail.
-#
-# Subshell-safety note: earlier versions piped `echo "$INPUT" | while read`,
-# which ran the loop in a subshell — `exit 1` inside the loop aborted the
-# subshell only, and the script then ran `exit 0` and allowed the push. We
-# now feed the loop with a here-doc so it runs in the main shell, and we
-# abort immediately (`exit 1`) on the first blocking refspec. The accumulator
-# pattern (`block_push=1; continue`) was dropped so the text-level detector
-# in `src/cli/install/pre-push.ts` can verify the miss-path is truly blocking
-# without modeling loop-carried flags and post-loop exit blocks.
+# Governance contract: HALT kill-switch check, then delegate to
+# `rea hook push-gate`. See src/hooks/push-gate/index.ts.
 
 set -eu
 
-# git passes the remote name as $1 to pre-push. Fall back to `origin` for
-# direct invocation (tests, manual runs). The shared core uses the same
-# argv_remote convention — parity required so a push to `upstream` probes
-# `upstream/main` rather than stale `origin/main`.
-REMOTE="${1:-origin}"
-
 REA_ROOT=$(git rev-parse --show-toplevel 2>/dev/null || pwd)
-
-# Well-known empty-tree SHA: `git hash-object -t tree /dev/null`. Every git
-# installation carries this object implicitly — using it as a merge-base
-# baseline for initial pushes lets `git diff $EMPTY_TREE $local_sha` emit
-# the complete change set against a truly-empty tree. The protected-path
-# check then sees every file in the initial push, so a first push of
-# protected-path changes to a fresh remote is still gated.
-EMPTY_TREE='4b825dc642cb6eb9a060e54bf8d69288fbee4904'
-
 if [ -f "${REA_ROOT}/.rea/HALT" ]; then
-  # POSIX `head` does not specify `-c`; use awk for the first line. HALT is
-  # a short reason string, so the first line is enough for display.
-  reason=$(awk 'NR==1 { print; exit }' "${REA_ROOT}/.rea/HALT" 2>/dev/null || printf 'unknown')
-  [ -z "${reason:-}" ] && reason='unknown'
-  printf 'REA HALT: %s\nAll push operations suspended. Run: rea unfreeze\n' "$reason" >&2
+  reason=$(awk "NR==1 { print; exit }" "${REA_ROOT}/.rea/HALT" 2>/dev/null || printf "unknown")
+  [ -z "${reason:-}" ] && reason="unknown"
+  printf "REA HALT: %s\nAll push operations suspended. Run: rea unfreeze\n" "$reason" >&2
   exit 1
 fi
 
-# Read refspec lines from stdin. Each line: <local_ref> <local_sha> <remote_ref> <remote_sha>
-INPUT=$(cat)
-[ -z "$INPUT" ] && exit 0
-
-# Anchor every alternative so a legitimate file like `docs/hooks-guide.md` or
-# `src/thirdparty/src/policy/loader.c` is not mistaken for a protected path.
-# `^\.claude/hooks/` is included so someone editing the consumer install
-# (which ships alongside rea itself) cannot sneak past the gate.
-PROTECTED_RE='^src/gateway/middleware/|^hooks/|^\.claude/hooks/|^src/policy/|^\.github/workflows/'
-AUDIT_LOG="${REA_ROOT}/.rea/audit.jsonl"
-
-# G11.4 — honor review.codex_required. When explicitly false, skip the
-# protected-path Codex audit requirement entirely (first-class no-Codex
-# mode). Mirrors the logic in `.claude/hooks/push-review-gate.sh`.
-#
-# Fail-closed: if the helper is missing or errors, treat as true. A missing
-# helper means rea is unbuilt — the operator can run `pnpm build` or set
-# REA_SKIP_CODEX_REVIEW for a one-off bypass.
-CODEX_REQUIRED=true
-READ_FIELD_JS="${REA_ROOT}/dist/scripts/read-policy-field.js"
-if [ -f "$READ_FIELD_JS" ]; then
-  field_value=$(REA_ROOT="$REA_ROOT" node "$READ_FIELD_JS" review.codex_required 2>/dev/null || printf '')
-  if [ "$field_value" = "false" ]; then
-    CODEX_REQUIRED=false
-  fi
+REA_BIN=""
+if [ -x "${REA_ROOT}/node_modules/.bin/rea" ]; then
+  REA_BIN="${REA_ROOT}/node_modules/.bin/rea"
+elif [ -f "${REA_ROOT}/dist/cli/index.js" ]; then
+  REA_BIN="node ${REA_ROOT}/dist/cli/index.js"
+elif command -v rea >/dev/null 2>&1; then
+  REA_BIN="rea"
+elif command -v npx >/dev/null 2>&1; then
+  REA_BIN="npx --no-install @bookedsolid/rea"
+else
+  printf "rea: cannot locate the rea CLI.\n" >&2
+  exit 2
 fi
 
-# Here-doc feeds the loop without creating a subshell, so an `exit 1`
-# inside the loop terminates the hook and blocks the push. A pipeline
-# would run the loop in a subshell and `exit 1` inside it would only
-# abort that subshell — NOT the push — which was a real governance
-# defect in the pre-review version of this file.
-while IFS=' ' read -r local_ref local_sha remote_ref remote_sha; do
-  [ -z "${local_sha:-}" ] && continue
-  # Branch deletion: local_sha is 40 zeros. Skip protected-path check.
-  case "$local_sha" in
-    0000000000000000000000000000000000000000) continue ;;
-  esac
-
-  # Determine merge base. If remote is new (remote_sha is zeros), diff against
-  # the default branch; else against remote_sha.
-  #
-  # Anchor on a REMOTE-TRACKING ref (refs/remotes/<remote>/<name>), NOT a bare
-  # branch name. A bare `main` resolves to refs/heads/main, which the pusher
-  # controls locally — a local main fast-forwarded to the feature tip would
-  # give merge-base main <local_sha> == local_sha and silently collapse the
-  # diff to empty. Remote-tracking refs are server-authoritative from the
-  # last fetch and cannot be tampered with locally.
-  #
-  # Fallback order when $REMOTE/HEAD is not set (common on shallow or mirror
-  # clones): probe $REMOTE/main then $REMOTE/master via rev-parse. If neither
-  # exists — initial push to a fresh remote with no tracking refs yet — use
-  # the well-known EMPTY_TREE as the baseline so the diff covers the FULL
-  # change set. This keeps the protected-path check honest on first push
-  # (prior versions of this patch `continue`d here, which was a fail-open
-  # flagged as HIGH by adversarial review).
-  if [ "$remote_sha" = "0000000000000000000000000000000000000000" ]; then
-    default_ref=$(git symbolic-ref "refs/remotes/${REMOTE}/HEAD" 2>/dev/null || printf '')
-    if [ -z "${default_ref:-}" ]; then
-      if git rev-parse --verify --quiet "refs/remotes/${REMOTE}/main" >/dev/null 2>&1; then
-        default_ref="refs/remotes/${REMOTE}/main"
-      elif git rev-parse --verify --quiet "refs/remotes/${REMOTE}/master" >/dev/null 2>&1; then
-        default_ref="refs/remotes/${REMOTE}/master"
-      else
-        default_ref=""
-      fi
-    fi
-    if [ -n "${default_ref:-}" ]; then
-      base=$(git merge-base "$default_ref" "$local_sha" 2>/dev/null || printf '')
-    else
-      # Bootstrap: no remote-tracking ref exists at all. Use the empty-tree
-      # baseline so the diff covers every file in the push. git diff accepts
-      # a tree SHA as the left-hand side.
-      base="$EMPTY_TREE"
-    fi
-  else
-    base=$(git merge-base "$remote_sha" "$local_sha" 2>/dev/null || printf '')
-  fi
-  # Fail CLOSED on empty merge-base when a remote ref DID resolve. The
-  # 0.4.0..0.6.2 behavior here was to `continue` — a silent bypass. A push
-  # whose history is unrelated to origin (or any transient git failure at
-  # merge-base resolution) would pass through without the protected-path
-  # check ever running. Refuse instead and force the operator to resolve it.
-  if [ -z "${base:-}" ]; then
-    printf 'PUSH BLOCKED: could not resolve merge-base between %s and %s (local_ref=%s remote_ref=%s).\n' \
-      "${remote_sha:-<new>}" "${local_sha:-<missing>}" "${local_ref:-<unknown>}" "${remote_ref:-<unknown>}" >&2
-    printf '  Run `git fetch %s` and retry. If the history is genuinely unrelated\n' "$REMOTE" >&2
-    printf '  to %s (e.g. grafted branch), resolve manually before pushing.\n' "$REMOTE" >&2
-    exit 1
-  fi
-
-  # Check if the diff touches protected paths.
-  if git diff --name-only "$base" "$local_sha" 2>/dev/null | grep -qE "$PROTECTED_RE"; then
-    if [ "$CODEX_REQUIRED" = "false" ]; then
-      # Policy opts out of the Codex gate. The downstream `.claude/hooks/`
-      # path already records telemetry; terminal pushes skip silently.
-      continue
-    fi
-    if [ -n "${REA_SKIP_CODEX_REVIEW:-}" ]; then
-      printf 'rea: REA_SKIP_CODEX_REVIEW set (%s) — skipping Codex review requirement for %s\n' \
-        "$REA_SKIP_CODEX_REVIEW" "$local_sha" >&2
-      continue
-    fi
-    if [ ! -f "$AUDIT_LOG" ]; then
-      printf 'PUSH BLOCKED: protected paths changed but no audit log found at %s\n' "$AUDIT_LOG" >&2
-      printf '  Run /codex-review on HEAD %s before pushing.\n' "$local_sha" >&2
-      exit 1
-    fi
-    # Require both (a) a `codex.review` tool_name and (b) the exact head_sha
-    # on the same JSONL line. The `codex.review` pattern ends with a closing
-    # quote, so `codex.review.skipped` never satisfies the gate. The first
-    # refspec that fails this check aborts the hook — no accumulator needed.
-    if ! grep -E '"tool_name":"codex\.review"' "$AUDIT_LOG" 2>/dev/null | \
-         grep -qF "\"head_sha\":\"$local_sha\""; then
-      printf 'PUSH BLOCKED: protected paths changed — /codex-review required for HEAD %s\n' "$local_sha" >&2
-      printf '  Run /codex-review, or set REA_SKIP_CODEX_REVIEW=<reason> to bypass.\n' >&2
-      exit 1
-    fi
-  fi
-done <<HOOK_INPUT_EOF
-$INPUT
-HOOK_INPUT_EOF
-
-exit 0
+exec $REA_BIN hook push-gate "$@"

package/agents/codex-adversarial.md

@@ -11,7 +11,9 @@ This is not a bolt-on. Adversarial review is a first-class, non-optional step in
 
 ## When You Are Invoked
 
-The `/codex-review` slash command calls you. The `rea-orchestrator` delegates to you after any non-trivial change. You also run automatically via the `push-review-gate` hook recipe when a recent Codex audit entry is missing on the branch being pushed.
+The `/codex-review` slash command calls you. The `rea-orchestrator` delegates to you after any non-trivial change.
+
+Note (0.11.0+): you are **not** invoked by the pre-push gate. The pre-push gate (`rea hook push-gate`) shells directly to `codex exec review --json` and parses the verdict itself — no agent wrapper, no audit-receipt consultation. When that gate blocks a push, the authoring Claude session reads the stderr banner and `.rea/last-review.json`, applies fixes, and pushes again — the auto-fix loop IS the retry mechanism. The agent wrapper (you) is kept for interactive review (`/codex-review`) where human-targeted structured output matters.
 
 ## Inputs
 
@@ -34,7 +36,7 @@ You may read additional files in the repo if needed for context, but do so read-
 5. **Parse the Codex output** — extract structured findings.
 6. **Classify findings** by category: security, correctness, edge cases, test gaps, API design, performance.
 7. **Assign verdict**: `pass` (no material findings), `concerns` (findings worth addressing but not blocking), `blocking` (findings that must be fixed before merge).
-8. **Emit audit entry** — after producing the verdict, append a structured record to `.rea/audit.jsonl` via the public `@bookedsolid/rea/audit` helper. This is what the `push-review-gate.sh` hook greps for on protected-path diffs, so the field names must match exactly:
+8. **Emit an audit entry** (optional in 0.11.0+) — the pre-push gate does not consult audit records to decide pass/fail, so you are no longer REQUIRED to emit a `codex.review` record on every interactive review. However, append one anyway via the public `@bookedsolid/rea/audit` helper when it helps forensic traceability (investigation of an intermittent verdict, review-history audit, etc.):
 
    ```ts
    import { appendAuditRecord, CODEX_REVIEW_TOOL_NAME, CODEX_REVIEW_SERVER_NAME, Tier, InvocationStatus } from '@bookedsolid/rea/audit';
@@ -54,7 +56,7 @@ You may read additional files in the repo if needed for context, but do so read-
    });
    ```
 
-   If the Codex plugin call itself flowed through rea middleware (the proxy case), the middleware also writes an envelope record — that is fine, the two are complementary: the agent-emitted record carries the semantic verdict, the middleware record carries the chain integrity proof for the underlying tool call.
+   If the Codex plugin call itself flowed through rea middleware (the proxy case), the middleware also writes an envelope record — that is fine, the two are complementary.
 
 ## Finding Shape
 

package/commands/codex-review.md

@@ -90,12 +90,10 @@ If the verdict is `blocking`, state plainly: "Do not merge until the blocking fi
 
 ## Pre-merge usage
 
-The recommended BST workflow runs `/codex-review` twice:
+This command is the **interactive** Codex adversarial review. The **pre-push** gate at `rea hook push-gate` runs Codex independently on every push — you do not need to run `/codex-review` to "prime" the push-gate. The two are complementary:
 
-1. After implementation, on the feature branch — catches issues early
-2. Immediately before merge, on the PR branch — records a fresh audit entry that the `push-review-gate` hook can check for freshness
-
-Both invocations are cheap. Run both.
+- `/codex-review` — rich, interactive review output in the chat. Use during implementation to catch issues early, at review checkpoints, or whenever you want Codex's read on a specific diff.
+- `rea hook push-gate` (wired to `.husky/pre-push`) — fresh Codex review on every push. If Codex surfaces blocking/concerns findings, the push exits 2; Claude reads `.rea/last-review.json`, fixes, and pushes again.
 
 ## Constraints
 

package/dist/audit/append.d.ts

@@ -65,45 +65,20 @@ export interface AppendAuditInput {
  * Append a structured audit record to `${baseDir}/.rea/audit.jsonl` with a
  * hash chained against the tail of the existing log.
  *
- * ## emission_source (defect P)
+ * ## emission_source
  *
- * Records written through this public helper are ALWAYS stamped with
- * `emission_source: "other"`. External consumers (Helix, ad-hoc scripts,
- * plugins) have no way to self-assert `"rea-cli"` or `"codex-cli"` through
- * this entry point — the parameter is not part of the public
- * {@link AppendAuditInput} shape. Records emitted by the rea CLI itself use
- * the dedicated {@link appendCodexReviewAuditRecord} helper, which is the
- * ONLY path that stamps `"rea-cli"`.
- *
- * The push-review cache gate rejects `codex.review` records whose
- * `emission_source` is `"other"` (or missing, for legacy records), so
- * forging a `codex.review` record through this helper produces a line that
- * is on the hash chain but does NOT satisfy the gate.
+ * Records written through this public helper are stamped with
+ * `emission_source: "other"`. The field is retained for forensic analysis
+ * (who wrote this line) but no gate consults it — the 0.11.0 stateless
+ * push-gate (see `src/hooks/push-gate/`) decides on Codex's live verdict,
+ * not on a receipt in the audit log. Pre-0.11.0 `emission_source`-gated
+ * predicates have been removed.
  *
  * @param baseDir - Repo/project root (the directory that contains `.rea/`).
  * @param input   - Event data. `tool_name` and `server_name` are required.
  * @returns The full written record, including the computed `hash`.
  */
 export declare function appendAuditRecord(baseDir: string, input: AppendAuditInput): Promise<AuditRecord>;
-/**
- * Append a `tool_name: "codex.review"` audit record certifying that a Codex
- * adversarial review ran on a specific commit SHA (defect P).
- *
- * This is the ONLY write path in `@bookedsolid/rea` that produces
- * `emission_source: "rea-cli"` for `codex.review` records. Consumers MUST
- * reach this helper through the `rea audit record codex-review` CLI (which
- * is classified as a Write-tier Bash invocation by `reaCommandTier`, defect
- * E). Any other code path calling the generic {@link appendAuditRecord}
- * with `tool_name: "codex.review"` lands with `emission_source: "other"`
- * and does NOT satisfy the push-review cache gate — closing the forgery
- * surface that `.reports/hook-patches/emit-audit-*.mjs` scripts exploited
- * before this patch.
- *
- * `tool_name` and `server_name` are fixed to the canonical values
- * (`"codex.review"` / `"codex"`) and are NOT accepted as caller inputs —
- * the type excludes them so the contract is self-documenting.
- */
-export declare function appendCodexReviewAuditRecord(baseDir: string, input: Omit<AppendAuditInput, 'tool_name' | 'server_name'>): Promise<AuditRecord>;
 export type { AuditRecord, EmissionSource } from '../gateway/middleware/audit-types.js';
 export { Tier, InvocationStatus } from '../policy/types.js';
 export { CODEX_REVIEW_TOOL_NAME, CODEX_REVIEW_SERVER_NAME, type CodexVerdict, type CodexReviewMetadata, } from './codex-event.js';

package/dist/audit/append.js

@@ -37,7 +37,6 @@ import path from 'node:path';
 import { Tier, InvocationStatus } from '../policy/types.js';
 import { GENESIS_HASH, computeHash, fsyncFile, readLastRecord, withAuditLock, } from './fs.js';
 import { maybeRotate } from '../gateway/audit/rotator.js';
-import { CODEX_REVIEW_SERVER_NAME, CODEX_REVIEW_TOOL_NAME } from './codex-event.js';
 const REA_DIR = '.rea';
 const AUDIT_FILE = 'audit.jsonl';
 /** Per-file write queue to preserve linear hash-chain order within a process. */
@@ -186,20 +185,14 @@ async function enqueueAppend(baseDir, input, emissionSource) {
  * Append a structured audit record to `${baseDir}/.rea/audit.jsonl` with a
  * hash chained against the tail of the existing log.
  *
- * ## emission_source (defect P)
+ * ## emission_source
  *
- * Records written through this public helper are ALWAYS stamped with
- * `emission_source: "other"`. External consumers (Helix, ad-hoc scripts,
- * plugins) have no way to self-assert `"rea-cli"` or `"codex-cli"` through
- * this entry point — the parameter is not part of the public
- * {@link AppendAuditInput} shape. Records emitted by the rea CLI itself use
- * the dedicated {@link appendCodexReviewAuditRecord} helper, which is the
- * ONLY path that stamps `"rea-cli"`.
- *
- * The push-review cache gate rejects `codex.review` records whose
- * `emission_source` is `"other"` (or missing, for legacy records), so
- * forging a `codex.review` record through this helper produces a line that
- * is on the hash chain but does NOT satisfy the gate.
+ * Records written through this public helper are stamped with
+ * `emission_source: "other"`. The field is retained for forensic analysis
+ * (who wrote this line) but no gate consults it — the 0.11.0 stateless
+ * push-gate (see `src/hooks/push-gate/`) decides on Codex's live verdict,
+ * not on a receipt in the audit log. Pre-0.11.0 `emission_source`-gated
+ * predicates have been removed.
  *
  * @param baseDir - Repo/project root (the directory that contains `.rea/`).
  * @param input   - Event data. `tool_name` and `server_name` are required.
@@ -208,26 +201,5 @@ async function enqueueAppend(baseDir, input, emissionSource) {
 export async function appendAuditRecord(baseDir, input) {
     return enqueueAppend(baseDir, input, 'other');
 }
-/**
- * Append a `tool_name: "codex.review"` audit record certifying that a Codex
- * adversarial review ran on a specific commit SHA (defect P).
- *
- * This is the ONLY write path in `@bookedsolid/rea` that produces
- * `emission_source: "rea-cli"` for `codex.review` records. Consumers MUST
- * reach this helper through the `rea audit record codex-review` CLI (which
- * is classified as a Write-tier Bash invocation by `reaCommandTier`, defect
- * E). Any other code path calling the generic {@link appendAuditRecord}
- * with `tool_name: "codex.review"` lands with `emission_source: "other"`
- * and does NOT satisfy the push-review cache gate — closing the forgery
- * surface that `.reports/hook-patches/emit-audit-*.mjs` scripts exploited
- * before this patch.
- *
- * `tool_name` and `server_name` are fixed to the canonical values
- * (`"codex.review"` / `"codex"`) and are NOT accepted as caller inputs —
- * the type excludes them so the contract is self-documenting.
- */
-export async function appendCodexReviewAuditRecord(baseDir, input) {
-    return enqueueAppend(baseDir, { ...input, tool_name: CODEX_REVIEW_TOOL_NAME, server_name: CODEX_REVIEW_SERVER_NAME }, 'rea-cli');
-}
 export { Tier, InvocationStatus } from '../policy/types.js';
 export { CODEX_REVIEW_TOOL_NAME, CODEX_REVIEW_SERVER_NAME, } from './codex-event.js';

package/dist/cli/audit.d.ts

@@ -10,7 +10,6 @@
  * explicit by definition, and verify operates on existing files regardless
  * of policy.
  */
-import { type CodexVerdict } from '../audit/append.js';
 /**
  * Reserved for future rotate knobs (e.g. `--retain N` to prune old rotated
  * files). Empty today — kept as a typed record so the call site's option
@@ -39,33 +38,3 @@ export declare function runAuditRotate(_options: AuditRotateOptions): Promise<vo
  * exit code is the primary signal.
  */
 export declare function runAuditVerify(options: AuditVerifyOptions): Promise<void>;
-export interface AuditRecordCodexReviewOptions {
-    headSha: string;
-    branch: string;
-    target: string;
-    verdict: CodexVerdict;
-    findingCount: number;
-    summary?: string | undefined;
-    sessionId?: string | undefined;
-    alsoSetCache?: boolean | undefined;
-}
-/**
- * `rea audit record codex-review` (Defect D / rea#77). Emits the single audit
- * event the push-review cache gate looks up by `tool_name == "codex.review"` +
- * `metadata.head_sha == <sha>` + `metadata.verdict in {pass, concerns}`. Prior
- * to this command, agents had to reverse-engineer the canonical `tool_name`
- * string, the hash-chain append path, and the `CodexReviewMetadata` shape —
- * the most common failure mode was emitting `tool_name: "codex-adversarial-review"`
- * (the agent's name) instead of `codex.review` (the event type), which the
- * gate's jq predicate silently missed.
- *
- * `--also-set-cache` performs the audit record AND the review-cache write
- * in one invocation — two sequential appends in a single process, not a
- * two-phase commit. A crash between them leaves the audit entry without
- * a cache row; the cache is recomputable from audit, the audit chain is
- * the source of truth. What this DOES eliminate is the two-step race where
- * `rea cache set` is denied by permission middleware (Defect E) after the
- * audit has already been emitted, leaving the gate stuck on "audit present
- * but cache cold" with no way forward.
- */
-export declare function runAuditRecordCodexReview(options: AuditRecordCodexReviewOptions): Promise<void>;

package/dist/cli/audit.js

@@ -13,12 +13,8 @@
 import fs from 'node:fs/promises';
 import path from 'node:path';
 import { forceRotate } from '../gateway/audit/rotator.js';
-import { appendCodexReviewAuditRecord, } from '../audit/append.js';
 import { computeHash, GENESIS_HASH } from '../audit/fs.js';
-import { appendEntry as appendCacheEntry } from '../cache/review-cache.js';
 import { AUDIT_FILE, REA_DIR, err, log, reaPath } from './utils.js';
-import { Tier, InvocationStatus } from '../policy/types.js';
-import { codexVerdictToCacheResult } from './cache.js';
 /**
  * `rea audit rotate`. Forces a rotation now regardless of thresholds.
  * Empty audit files are a no-op — rotating an empty chain would produce a
@@ -300,73 +296,8 @@ export async function runAuditVerify(options) {
     }
     log(`Audit chain verified: ${totalRecords} records across ${filesToVerify.length} file(s) — clean.`);
 }
-/**
- * `rea audit record codex-review` (Defect D / rea#77). Emits the single audit
- * event the push-review cache gate looks up by `tool_name == "codex.review"` +
- * `metadata.head_sha == <sha>` + `metadata.verdict in {pass, concerns}`. Prior
- * to this command, agents had to reverse-engineer the canonical `tool_name`
- * string, the hash-chain append path, and the `CodexReviewMetadata` shape —
- * the most common failure mode was emitting `tool_name: "codex-adversarial-review"`
- * (the agent's name) instead of `codex.review` (the event type), which the
- * gate's jq predicate silently missed.
- *
- * `--also-set-cache` performs the audit record AND the review-cache write
- * in one invocation — two sequential appends in a single process, not a
- * two-phase commit. A crash between them leaves the audit entry without
- * a cache row; the cache is recomputable from audit, the audit chain is
- * the source of truth. What this DOES eliminate is the two-step race where
- * `rea cache set` is denied by permission middleware (Defect E) after the
- * audit has already been emitted, leaving the gate stuck on "audit present
- * but cache cold" with no way forward.
- */
-export async function runAuditRecordCodexReview(options) {
-    if (options.headSha.length === 0) {
-        err('--head-sha must not be empty');
-        process.exit(1);
-    }
-    if (options.branch.length === 0) {
-        err('--branch must not be empty');
-        process.exit(1);
-    }
-    if (options.target.length === 0) {
-        err('--target must not be empty');
-        process.exit(1);
-    }
-    if (!Number.isFinite(options.findingCount) || options.findingCount < 0) {
-        err(`--finding-count must be a non-negative integer; got ${options.findingCount}`);
-        process.exit(1);
-    }
-    const baseDir = process.cwd();
-    const metadata = {
-        head_sha: options.headSha,
-        target: options.target,
-        finding_count: options.findingCount,
-        verdict: options.verdict,
-    };
-    if (options.summary !== undefined && options.summary.length > 0) {
-        metadata.summary = options.summary;
-    }
-    // Defect P: stamps emission_source: "rea-cli" so the record satisfies the
-    // push-review gate's new integrity predicate. Legacy records (without
-    // emission_source) and records written through the generic
-    // appendAuditRecord() helper (emission_source: "other") are rejected.
-    // tool_name/server_name are fixed inside the helper.
-    await appendCodexReviewAuditRecord(baseDir, {
-        tier: Tier.Read,
-        status: InvocationStatus.Allowed,
-        ...(options.sessionId !== undefined ? { session_id: options.sessionId } : {}),
-        metadata,
-    });
-    log(`Recorded codex.review (${options.verdict}, ${options.findingCount} finding${options.findingCount === 1 ? '' : 's'}) for ${options.headSha.slice(0, 12)}.`);
-    if (options.alsoSetCache === true) {
-        const effect = codexVerdictToCacheResult(options.verdict);
-        const cacheEntry = await appendCacheEntry(baseDir, {
-            sha: options.headSha,
-            branch: options.branch,
-            base: options.target,
-            result: effect.result,
-            ...(effect.reason !== undefined ? { reason: effect.reason } : {}),
-        });
-        log(`Cached ${cacheEntry.result} for ${cacheEntry.sha.slice(0, 12)} (${cacheEntry.branch} → ${cacheEntry.base}).`);
-    }
-}
+// `rea audit record codex-review` was removed in 0.11.0. The 0.11.0 push-gate
+// is stateless — every `git push` runs `codex exec review --json` afresh,
+// parses the verdict from the stream, and blocks or proceeds on the spot.
+// There is no audit-receipt the gate consults, so no command to emit one.
+// See `src/hooks/push-gate/index.ts` for the replacement gate.

package/dist/cli/doctor.js

@@ -147,12 +147,10 @@ const EXPECTED_HOOKS = [
     'attribution-advisory.sh',
     'blocked-paths-enforcer.sh',
     'changeset-security-gate.sh',
-    'commit-review-gate.sh',
     'dangerous-bash-interceptor.sh',
     'dependency-audit-gate.sh',
     'env-file-protection.sh',
     'pr-issue-link-gate.sh',
-    'push-review-gate.sh',
     'secret-scanner.sh',
     'security-disclosure-gate.sh',
     'settings-protection.sh',
@@ -366,7 +364,7 @@ function checkPrePushHook(state) {
         const kind = active?.reaManaged === true
             ? 'rea-managed'
             : active?.delegatesToGate === true
-                ? 'external (delegates to push-review-gate.sh)'
+                ? 'external (delegates to `rea hook push-gate`)'
                 : 'external';
         const detail = active !== undefined ? `${kind} at ${active.path}` : undefined;
         return detail !== undefined
@@ -374,23 +372,15 @@ function checkPrePushHook(state) {
             : { label: 'pre-push hook installed', status: 'pass' };
     }
     if (state.activeForeign) {
-        // Executable file exists at the active path but does not carry
-        // governance — the parser could not confirm the review gate is
-        // invoked unconditionally. Always a hard fail.
-        //
-        // R13 F3: previously, a substring match of the gate path in the hook
-        // downgraded this to WARN. That was unsafe — any comment, echo, or
-        // dead string mentioning the path would mask a silent-bypass hook.
-        // The classifier now fails closed: either the structural parser
-        // (`referencesReviewGate` in `pre-push.ts`) recognizes a real
-        // invocation, or doctor reports fail.
+        // Executable file exists at the active path but neither carries a rea
+        // marker nor invokes `rea hook push-gate` — the push-gate is silently
+        // bypassed. Always a hard fail.
         return {
             label: 'pre-push hook installed',
             status: 'fail',
             detail: `active pre-push at ${state.activePath} is present and executable but does NOT ` +
-                `reference \`.claude/hooks/push-review-gate.sh\` — the protected-path ` +
-                `Codex audit gate is silently bypassed. Either add ` +
-                '`exec .claude/hooks/push-review-gate.sh "$@"` to the existing hook, or ' +
+                'invoke `rea hook push-gate` — the 0.11.0 push-gate is silently bypassed. ' +
+                'Either add `exec rea hook push-gate "$@"` to the existing hook, or ' +
                 'remove it and re-run `rea init` to install the fallback.',
         };
     }

package/dist/cli/hook.d.ts

@@ -0,0 +1,48 @@
+/**
+ * `rea hook push-gate` — the CLI surface the husky `.husky/pre-push` stub
+ * calls. Stateless pre-push Codex review.
+ *
+ * Exit-code contract:
+ *
+ *   0 — push proceeds (pass verdict, empty diff, disabled by policy, or
+ *       REA_SKIP_PUSH_GATE waiver)
+ *   1 — HALT kill-switch active; block push
+ *   2 — blocked by verdict (blocking, or concerns when concerns_blocks=true
+ *       and REA_ALLOW_CONCERNS not set), or by codex error (timeout, not
+ *       installed, subprocess failure, protocol error)
+ *
+ * Invocation contract:
+ *
+ *   rea hook push-gate
+ *   rea hook push-gate --base origin/main
+ *   rea hook push-gate --base refs/remotes/upstream/main
+ *
+ * The husky stub does NOT parse the git pre-push stdin contract itself —
+ * the 0.10.x bash gate did, to diff refspec-by-refspec; the 0.11.0 gate
+ * diffs `HEAD` against the resolved base (upstream → origin/HEAD → …).
+ * That is strictly less granular than refspec parsing, but Codex reviews
+ * the whole diff anyway and pushing multiple branches simultaneously is
+ * vanishingly rare in practice.
+ *
+ * A missing `.rea/policy.yaml` is treated as "defaults apply" —
+ * `codex_required: true`, `concerns_blocks: true`. The gate still fires.
+ * This matches the protective default established in 0.10.x.
+ */
+import type { Command } from 'commander';
+export interface HookPushGateOptions {
+    base?: string;
+}
+/**
+ * Public runner, exposed so integration tests and the commander binding can
+ * share the same entry. Throws via `process.exit` rather than returning a
+ * code — the commander handler is async but the convention across `src/cli/`
+ * is to exit from the leaf (see `audit.ts`, `freeze.ts`). Keeping the
+ * behavior consistent prevents commander from inferring its own default.
+ */
+export declare function runHookPushGate(options: HookPushGateOptions): Promise<void>;
+/**
+ * Attach the `rea hook` subcommand tree to a commander Program. Single
+ * subcommand today (`push-gate`); new hooks should land here rather than as
+ * top-level commands so the CLI surface stays navigable.
+ */
+export declare function registerHookCommand(program: Command): void;