npm - @bookedsolid/rea - Versions diffs - 0.13.0 → 0.13.1 - Mend

@bookedsolid/rea 0.13.0 → 0.13.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/cli/install/pre-push.d.ts +36 -1
package/dist/cli/install/pre-push.js +78 -1
package/package.json +1 -1

package/dist/cli/install/pre-push.d.ts CHANGED Viewed

@@ -147,6 +147,39 @@ export declare function isLegacyReaManagedHuskyGate(content: string): boolean;
  * — we don't overwrite consumer-authored hooks that respect the gate.
  */
 export declare function referencesReviewGate(content: string): boolean;
+/**
+ * True when `content` is a husky 9 auto-generated stub that delegates to
+ * the canonical hook body via `.husky/_/h`.
+ *
+ * Husky 9 layout when `core.hooksPath=.husky/_`:
+ *   .husky/<hookname>      — user/rea-authored body (committed, source of truth)
+ *   .husky/_/<hookname>    — auto-generated stub git actually fires
+ *   .husky/_/h             — runner that exec's `.husky/<hookname>`
+ *
+ * The stub body is a single non-comment line, e.g.
+ *   . "${0%/*}/h"
+ *   . "$(dirname -- "$0")/h"
+ *
+ * Without this detection `rea doctor` would classify `.husky/_/pre-push`
+ * as foreign (no rea marker, no `rea hook push-gate` reference) even
+ * though the hook git fires sources the canonical body that DOES carry
+ * governance. The stub is the husky 9 indirection contract — treating it
+ * as the active hook and following the source chain to the parent hook
+ * resolves the false positive.
+ *
+ * Detection is conservative: any non-comment, non-blank, non-source line
+ * disqualifies. We anchor on `$0` in the dirname expansion to confirm the
+ * stub references self, and on the trailing `/h` segment to confirm it
+ * sources the husky 9 runner. A user-authored shell script that happens
+ * to dot-source a file does NOT match.
+ */
+export declare function isHusky9Stub(content: string): boolean;
+/**
+ * Resolve a husky 9 stub at `<dir>/<hookname>` to the canonical hook
+ * body at `<parent-of-dir>/<hookname>`. Returns null when the stub
+ * lives at the filesystem root (no parent to walk to).
+ */
+export declare function resolveHusky9StubTarget(stubPath: string): string | null;
 export declare function resolveHooksDir(targetDir: string): Promise<{
     dir: string | null;
     configured: boolean;
@@ -167,7 +200,9 @@ export type ClassifyExistingHook = {
     kind: 'foreign';
     reason: string;
 };
-export declare function classifyExistingHook(hookPath: string): Promise<ClassifyExistingHook>;
+export declare function classifyExistingHook(hookPath: string, options?: {
+    followHusky9Stub?: boolean;
+}): Promise<ClassifyExistingHook>;
 export type InstallDecision = {
     action: 'skip';
     reason: 'active-pre-push-present';

package/dist/cli/install/pre-push.js CHANGED Viewed

@@ -349,6 +349,71 @@ export function referencesReviewGate(content) {
     }
     return false;
 }
+/**
+ * True when `content` is a husky 9 auto-generated stub that delegates to
+ * the canonical hook body via `.husky/_/h`.
+ *
+ * Husky 9 layout when `core.hooksPath=.husky/_`:
+ *   .husky/<hookname>      — user/rea-authored body (committed, source of truth)
+ *   .husky/_/<hookname>    — auto-generated stub git actually fires
+ *   .husky/_/h             — runner that exec's `.husky/<hookname>`
+ *
+ * The stub body is a single non-comment line, e.g.
+ *   . "${0%/*}/h"
+ *   . "$(dirname -- "$0")/h"
+ *
+ * Without this detection `rea doctor` would classify `.husky/_/pre-push`
+ * as foreign (no rea marker, no `rea hook push-gate` reference) even
+ * though the hook git fires sources the canonical body that DOES carry
+ * governance. The stub is the husky 9 indirection contract — treating it
+ * as the active hook and following the source chain to the parent hook
+ * resolves the false positive.
+ *
+ * Detection is conservative: any non-comment, non-blank, non-source line
+ * disqualifies. We anchor on `$0` in the dirname expansion to confirm the
+ * stub references self, and on the trailing `/h` segment to confirm it
+ * sources the husky 9 runner. A user-authored shell script that happens
+ * to dot-source a file does NOT match.
+ */
+export function isHusky9Stub(content) {
+    const lines = content.split(/\r?\n/);
+    // Match a `.` (source) command whose argument is the husky 9 runner `h`
+    // resolved relative to the stub's own location. The two shapes husky 9
+    // generates:
+    //   . "${0%/*}/h"                  — POSIX param expansion (current default)
+    //   . "$(dirname -- "$0")/h"       — older variant still in the wild
+    // We do NOT accept arbitrary `. <path>/h` because that would false-match
+    // a user-authored hook that happens to source a file named `h`.
+    const sourceLine = /^\.\s+(?:"\$\{0%\/\*\}\/h"|"\$\(dirname[^)]*\$0[^)]*\)\/h")\s*$/;
+    let sawSource = false;
+    for (const rawLine of lines) {
+        const line = rawLine.trim();
+        if (line === '')
+            continue;
+        if (line.startsWith('#'))
+            continue; // shebang, comment
+        if (sawSource)
+            return false; // any line after the source line disqualifies
+        if (sourceLine.test(line)) {
+            sawSource = true;
+            continue;
+        }
+        return false;
+    }
+    return sawSource;
+}
+/**
+ * Resolve a husky 9 stub at `<dir>/<hookname>` to the canonical hook
+ * body at `<parent-of-dir>/<hookname>`. Returns null when the stub
+ * lives at the filesystem root (no parent to walk to).
+ */
+export function resolveHusky9StubTarget(stubPath) {
+    const dir = path.dirname(stubPath);
+    const parent = path.dirname(dir);
+    if (parent === dir)
+        return null;
+    return path.join(parent, path.basename(stubPath));
+}
 // ---------------------------------------------------------------------------
 // Hook resolution
 // ---------------------------------------------------------------------------
@@ -408,7 +473,8 @@ async function resolveTargetHookPath(targetDir) {
         hooksPathConfigured: false,
     };
 }
-export async function classifyExistingHook(hookPath) {
+export async function classifyExistingHook(hookPath, options = {}) {
+    const followStub = options.followHusky9Stub ?? true;
     let stat;
     try {
         stat = await fsPromises.lstat(hookPath);
@@ -442,6 +508,17 @@ export async function classifyExistingHook(hookPath) {
         return { kind: 'rea-managed-legacy-v1' };
     if (referencesReviewGate(content))
         return { kind: 'gate-delegating' };
+    // Husky 9 indirection: when git fires `.husky/_/<hookname>` (auto-generated
+    // stub) the body just sources `.husky/_/h` which exec's the canonical
+    // `.husky/<hookname>`. Without this branch, doctor false-positives the stub
+    // as foreign even though governance is intact via the source chain.
+    // One level of follow only — never recurse stubs-of-stubs.
+    if (followStub && isHusky9Stub(content)) {
+        const target = resolveHusky9StubTarget(hookPath);
+        if (target !== null) {
+            return classifyExistingHook(target, { followHusky9Stub: false });
+        }
+    }
     return { kind: 'foreign', reason: 'no-marker' };
 }
 export async function classifyPrePushInstall(targetDir) {

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@bookedsolid/rea",
-  "version": "0.13.0",
+  "version": "0.13.1",
   "description": "Agentic governance layer for Claude Code — policy enforcement, hook-based safety gates, audit logging, and Codex-integrated adversarial review for AI-assisted projects",
   "license": "MIT",
   "author": "Booked Solid Technology <oss@bookedsolid.tech> (https://bookedsolid.tech)",