@bookedsolid/rea 0.10.2 → 0.11.0

package/dist/cli/hook.js

@@ -0,0 +1,127 @@
+/**
+ * `rea hook push-gate` — the CLI surface the husky `.husky/pre-push` stub
+ * calls. Stateless pre-push Codex review.
+ *
+ * Exit-code contract:
+ *
+ *   0 — push proceeds (pass verdict, empty diff, disabled by policy, or
+ *       REA_SKIP_PUSH_GATE waiver)
+ *   1 — HALT kill-switch active; block push
+ *   2 — blocked by verdict (blocking, or concerns when concerns_blocks=true
+ *       and REA_ALLOW_CONCERNS not set), or by codex error (timeout, not
+ *       installed, subprocess failure, protocol error)
+ *
+ * Invocation contract:
+ *
+ *   rea hook push-gate
+ *   rea hook push-gate --base origin/main
+ *   rea hook push-gate --base refs/remotes/upstream/main
+ *
+ * The husky stub does NOT parse the git pre-push stdin contract itself —
+ * the 0.10.x bash gate did, to diff refspec-by-refspec; the 0.11.0 gate
+ * diffs `HEAD` against the resolved base (upstream → origin/HEAD → …).
+ * That is strictly less granular than refspec parsing, but Codex reviews
+ * the whole diff anyway and pushing multiple branches simultaneously is
+ * vanishingly rare in practice.
+ *
+ * A missing `.rea/policy.yaml` is treated as "defaults apply" —
+ * `codex_required: true`, `concerns_blocks: true`. The gate still fires.
+ * This matches the protective default established in 0.10.x.
+ */
+import { parsePrePushStdin, runPushGate } from '../hooks/push-gate/index.js';
+import { err } from './utils.js';
+/**
+ * Public runner, exposed so integration tests and the commander binding can
+ * share the same entry. Throws via `process.exit` rather than returning a
+ * code — the commander handler is async but the convention across `src/cli/`
+ * is to exit from the leaf (see `audit.ts`, `freeze.ts`). Keeping the
+ * behavior consistent prevents commander from inferring its own default.
+ */
+export async function runHookPushGate(options) {
+    const baseDir = process.cwd();
+    const stderr = (line) => {
+        process.stderr.write(line);
+    };
+    // Git's pre-push contract sends one refspec per line on stdin. Read it
+    // all upfront with a timeout guard so a misconfigured invocation
+    // (stdin pipe never closed) doesn't hang the gate indefinitely. TTY
+    // stdin short-circuits to empty — `rea hook push-gate` invoked from
+    // a terminal has no refspec data.
+    const refspecs = process.stdin.isTTY ? [] : parsePrePushStdin(await readStdinWithTimeout(5_000));
+    try {
+        const result = await runPushGate({
+            baseDir,
+            env: process.env,
+            stderr,
+            refspecs,
+            ...(options.base !== undefined && options.base.length > 0 ? { explicitBase: options.base } : {}),
+        });
+        process.exit(result.exitCode);
+    }
+    catch (e) {
+        // runPushGate() is written to catch and classify every expected error.
+        // Reaching this handler means an unclassified throw — we fail closed
+        // with exit 2 so a genuine bug never masquerades as a passing review.
+        err(`push-gate internal error: ${e instanceof Error ? e.message : String(e)}`);
+        process.exit(2);
+    }
+}
+/**
+ * Read stdin to end with a timeout. Returns '' on timeout — the caller
+ * then falls through to the upstream-resolver path instead of blocking
+ * the gate on a pipe that may never close.
+ *
+ * Git ALWAYS closes stdin after sending refspecs, so the timeout is a
+ * safety net for weird invocations (running the CLI from a script that
+ * piped in nothing, a test that forgot to close the write end, etc.).
+ */
+async function readStdinWithTimeout(timeoutMs) {
+    return new Promise((resolve) => {
+        const chunks = [];
+        let resolved = false;
+        const finish = () => {
+            if (resolved)
+                return;
+            resolved = true;
+            resolve(Buffer.concat(chunks).toString('utf8'));
+        };
+        const timer = setTimeout(finish, timeoutMs);
+        timer.unref?.();
+        process.stdin.on('data', (chunk) => {
+            chunks.push(typeof chunk === 'string' ? Buffer.from(chunk, 'utf8') : chunk);
+        });
+        process.stdin.on('end', () => {
+            clearTimeout(timer);
+            finish();
+        });
+        process.stdin.on('error', () => {
+            clearTimeout(timer);
+            finish();
+        });
+    });
+}
+/**
+ * Attach the `rea hook` subcommand tree to a commander Program. Single
+ * subcommand today (`push-gate`); new hooks should land here rather than as
+ * top-level commands so the CLI surface stays navigable.
+ */
+export function registerHookCommand(program) {
+    const hook = program
+        .command('hook')
+        .description('Pre-hook entry points for git (pre-push) and Claude Code. Called by `.husky/pre-push` and the optional `.git/hooks/pre-push` fallback.');
+    hook
+        .command('push-gate')
+        // Accept (and silently ignore) positional args. Git passes the
+        // pre-push hook `<remote-name> <remote-url>` as $@; the husky stub
+        // forwards them with `"$@"`. Those values aren't used by the gate
+        // directly (base ref + refspecs come from stdin + git tree probes),
+        // but commander without this option would reject the invocation.
+        // Declared as a variadic positional so an arbitrary number of
+        // trailing tokens are accepted.
+        .argument('[gitArgs...]', 'positional args forwarded by git (remote name, URL); ignored')
+        .description('Run `codex exec review` against the current diff and block on blocking findings. Exits 0/1/2: pass/HALT/blocked. No cache — every push runs Codex afresh.')
+        .option('--base <ref>', 'explicit base ref to diff against (e.g. origin/main). Defaults to @{upstream} → origin/HEAD → main/master → empty-tree.')
+        .action(async (_gitArgs, opts) => {
+        await runHookPushGate({ ...(opts.base !== undefined ? { base: opts.base } : {}) });
+    });
+}

package/dist/cli/index.js

@@ -1,8 +1,8 @@
 #!/usr/bin/env node
 import { Command } from 'commander';
-import { runAuditRecordCodexReview, runAuditRotate, runAuditVerify } from './audit.js';
-import { parseCacheResult, runCacheCheck, runCacheClear, runCacheList, runCacheSet, } from './cache.js';
+import { runAuditRotate, runAuditVerify } from './audit.js';
 import { runCheck } from './check.js';
+import { registerHookCommand } from './hook.js';
 import { runDoctor } from './doctor.js';
 import { runFreeze, runUnfreeze } from './freeze.js';
 import { runInit } from './init.js';
@@ -103,84 +103,9 @@ async function main() {
         .action(async (opts) => {
         await runAuditVerify({ ...(opts.since !== undefined ? { since: opts.since } : {}) });
     });
-    const auditRecord = audit
-        .command('record')
-        .description('Emit a structured audit record (D).');
-    auditRecord
-        .command('codex-review')
-        .description('Append a codex.review audit entry the push-review cache gate recognizes. With --also-set-cache, writes the review cache in the same invocation (two sequential appends in one process — not a two-phase commit).')
-        .requiredOption('--head-sha <sha>', 'git HEAD SHA the review covers')
-        .requiredOption('--branch <branch>', 'feature branch under review')
-        .requiredOption('--target <target>', 'base ref or SHA diffed against (e.g. main)')
-        .requiredOption('--verdict <verdict>', 'one of: pass | concerns | blocking | error')
-        .requiredOption('--finding-count <N>', 'non-negative integer finding count', (raw) => {
-        const n = Number.parseInt(raw, 10);
-        if (!Number.isFinite(n) || n < 0) {
-            throw new Error(`--finding-count must be a non-negative integer; got ${JSON.stringify(raw)}`);
-        }
-        return n;
-    })
-        .option('--summary <text>', 'one-sentence review summary (optional)')
-        .option('--session-id <id>', 'session id to attribute (defaults to "external")')
-        .option('--also-set-cache', 'also update .rea/review-cache.jsonl to reflect this verdict, in the same invocation (recommended for post-review push flow)')
-        .action(async (opts) => {
-        if (opts.verdict !== 'pass' &&
-            opts.verdict !== 'concerns' &&
-            opts.verdict !== 'blocking' &&
-            opts.verdict !== 'error') {
-            throw new Error(`--verdict must be one of pass|concerns|blocking|error; got ${JSON.stringify(opts.verdict)}`);
-        }
-        await runAuditRecordCodexReview({
-            headSha: opts.headSha,
-            branch: opts.branch,
-            target: opts.target,
-            verdict: opts.verdict,
-            findingCount: opts.findingCount,
-            ...(opts.summary !== undefined ? { summary: opts.summary } : {}),
-            ...(opts.sessionId !== undefined ? { sessionId: opts.sessionId } : {}),
-            ...(opts.alsoSetCache === true ? { alsoSetCache: true } : {}),
-        });
-    });
-    const cache = program
-        .command('cache')
-        .description('Review-cache operations — check/set/clear/list .rea/review-cache.jsonl (BUG-009). Used by hooks/push-review-gate.sh to skip re-review on a previously-approved diff.');
-    cache
-        .command('check <sha>')
-        .description('Look up a cache entry. Emits JSON to stdout ONLY — hook contract. On hit: {hit,true,result,branch,base,recorded_at[,reason]}. On miss: {hit:false}. Never exits non-zero for normal miss.')
-        .requiredOption('--branch <branch>', 'feature branch being pushed')
-        .requiredOption('--base <base>', 'base branch the feature targets')
-        .action(async (sha, opts) => {
-        await runCacheCheck({ sha, branch: opts.branch, base: opts.base });
-    });
-    cache
-        .command('set <sha> <result>')
-        .description('Record a review outcome. <result> accepts pass|fail (historical) or pass|concerns|blocking|error (Codex verdicts). concerns→pass, blocking|error→fail. Idempotent line-per-invocation; last write wins on (sha, branch, base).')
-        .requiredOption('--branch <branch>', 'feature branch being pushed')
-        .requiredOption('--base <base>', 'base branch the feature targets')
-        .option('--reason <text>', 'free-text context for this entry (recommended on fail)')
-        .action(async (sha, rawResult, opts) => {
-        const result = parseCacheResult(rawResult);
-        await runCacheSet({
-            sha,
-            result,
-            branch: opts.branch,
-            base: opts.base,
-            ...(opts.reason !== undefined ? { reason: opts.reason } : {}),
-        });
-    });
-    cache
-        .command('clear <sha>')
-        .description('Remove every cache entry matching <sha>. Dev convenience — prints the removed count.')
-        .action(async (sha) => {
-        await runCacheClear({ sha });
-    });
-    cache
-        .command('list')
-        .description('Print cache entries in file order. Filter with --branch.')
-        .option('--branch <branch>', 'only list entries for this branch')
-        .action(async (opts) => {
-        await runCacheList({ ...(opts.branch !== undefined ? { branch: opts.branch } : {}) });
-    });
+    // Register `rea hook push-gate` — the stateless pre-push Codex gate
+    // called by `.husky/pre-push` and `.git/hooks/pre-push`.
+    registerHookCommand(program);
     const tofu = program
         .command('tofu')
         .description('TOFU fingerprint operations (G7) — inspect and rebase `.rea/fingerprints.json` when a legitimate registry edit has triggered drift fail-close. Emits audit records.');

package/dist/cli/init.js

@@ -455,7 +455,7 @@ export async function runInit(options) {
     const mergeResult = mergeSettings(settings, desired);
     await writeSettingsAtomic(settingsPath, mergeResult.merged);
     const commitMsgResult = await installCommitMsgHook(targetDir);
-    const prePushResult = await installPrePushFallback(targetDir);
+    const prePushResult = await installPrePushFallback({ targetDir });
     const fragmentInput = {
         policyPath: `.${path.sep}rea${path.sep}policy.yaml`.replace(/\\/g, '/'),
         profile: config.profile,

package/dist/cli/install/gitignore.d.ts

@@ -18,9 +18,9 @@
  *   - `.rea/serve.pid`                — G5 `rea serve` pidfile
  *   - `.rea/serve.state.json`         — G5 `rea serve` state snapshot
  *   - `.rea/fingerprints.json`        — G7 downstream catalog fingerprints (BUG-010)
- *   - `.rea/review-cache.jsonl`       — BUG-009 review cache (rea cache set/check)
+ *   - `.rea/last-review.json`         — 0.11.0 push-gate last-review dump
  *   - `.rea/*.tmp`                    — serve temp-file-then-rename pattern
- *   - `.rea/*.tmp.*`                  — review-cache pid-salted temp pattern
+ *   - `.rea/*.tmp.*`                  — push-gate pid-salted temp pattern
  *   - `.rea/install-manifest.json.bak` / `.tmp` — fs-safe atomic-replace sidecars
  *   - `.gitignore.rea-tmp-*`          — this module's own temp files on crash
  *                                       (root-level — writeAtomic stages next

package/dist/cli/install/gitignore.js

@@ -18,9 +18,9 @@
  *   - `.rea/serve.pid`                — G5 `rea serve` pidfile
  *   - `.rea/serve.state.json`         — G5 `rea serve` state snapshot
  *   - `.rea/fingerprints.json`        — G7 downstream catalog fingerprints (BUG-010)
- *   - `.rea/review-cache.jsonl`       — BUG-009 review cache (rea cache set/check)
+ *   - `.rea/last-review.json`         — 0.11.0 push-gate last-review dump
  *   - `.rea/*.tmp`                    — serve temp-file-then-rename pattern
- *   - `.rea/*.tmp.*`                  — review-cache pid-salted temp pattern
+ *   - `.rea/*.tmp.*`                  — push-gate pid-salted temp pattern
  *   - `.rea/install-manifest.json.bak` / `.tmp` — fs-safe atomic-replace sidecars
  *   - `.gitignore.rea-tmp-*`          — this module's own temp files on crash
  *                                       (root-level — writeAtomic stages next
@@ -104,7 +104,7 @@ export const REA_GITIGNORE_ENTRIES = [
     '.rea/serve.pid',
     '.rea/serve.state.json',
     '.rea/fingerprints.json',
-    '.rea/review-cache.jsonl',
+    '.rea/last-review.json',
     '.rea/*.tmp',
     '.rea/*.tmp.*',
     '.rea/install-manifest.json.bak',