@bookedsolid/rea 0.16.3 → 0.16.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -133,6 +133,36 @@ _rea_load_protected_patterns() {
|
|
|
133
133
|
_REA_PROTECTED_PATTERNS_LOADED=1
|
|
134
134
|
}
|
|
135
135
|
|
|
136
|
+
# Test whether a project-relative path is in the documented husky
|
|
137
|
+
# extension surface (`.husky/commit-msg.d/*`, `.husky/pre-push.d/*`).
|
|
138
|
+
# Returns 0 on match, 1 on no match. Case-insensitive.
|
|
139
|
+
#
|
|
140
|
+
# 0.16.4 helix-018 Option B: settings-protection.sh §5b has carved
|
|
141
|
+
# this surface out of write-tier protection since 0.13.2 — consumers
|
|
142
|
+
# write extension fragments here freely. Pre-0.16.4 the BASH-tier
|
|
143
|
+
# gates (`protected-paths-bash-gate.sh`, `blocked-paths-bash-gate.sh`)
|
|
144
|
+
# had no parity carve-out, so a `cat <<EOF > .husky/pre-push.d/X`
|
|
145
|
+
# redirect was refused by the bash-gate even though the equivalent
|
|
146
|
+
# Write-tool call would succeed. This helper bakes the carve-out
|
|
147
|
+
# into the shared lib so every caller inherits it uniformly.
|
|
148
|
+
rea_path_is_extension_surface() {
|
|
149
|
+
local p_lc
|
|
150
|
+
p_lc=$(printf '%s' "$1" | tr '[:upper:]' '[:lower:]')
|
|
151
|
+
case "$p_lc" in
|
|
152
|
+
.husky/commit-msg.d/*|.husky/pre-push.d/*|.husky/pre-commit.d/*)
|
|
153
|
+
# Refuse the bare directory itself — only fragments INSIDE
|
|
154
|
+
# the surface count. `.husky/pre-push.d/` (trailing slash, no
|
|
155
|
+
# fragment) and `.husky/pre-push.d` (the dir node) both fall
|
|
156
|
+
# through to the protection check via the parent prefix.
|
|
157
|
+
case "$p_lc" in
|
|
158
|
+
.husky/commit-msg.d/|.husky/pre-push.d/|.husky/pre-commit.d/) return 1 ;;
|
|
159
|
+
esac
|
|
160
|
+
return 0
|
|
161
|
+
;;
|
|
162
|
+
esac
|
|
163
|
+
return 1
|
|
164
|
+
}
|
|
165
|
+
|
|
136
166
|
# Test whether a project-relative path matches any protected pattern
|
|
137
167
|
# (after applying `protected_paths_relax`). Returns 0 on match, 1 on
|
|
138
168
|
# no match.
|
|
@@ -145,8 +175,18 @@ _rea_load_protected_patterns() {
|
|
|
145
175
|
# §6 has had a CI matcher since 0.10.x; this helper was missing it.
|
|
146
176
|
# We lowercase BOTH sides so the comparison is symmetric — callers can
|
|
147
177
|
# pass either case.
|
|
178
|
+
#
|
|
179
|
+
# 0.16.4 helix-018 Option B: paths inside the documented husky
|
|
180
|
+
# extension surface (`.husky/{commit-msg,pre-push,pre-commit}.d/*`)
|
|
181
|
+
# return 1 (not protected) BEFORE the prefix-pattern check so they
|
|
182
|
+
# don't get caught by `.husky/`'s prefix block. This mirrors the
|
|
183
|
+
# §5b allow-list that has been in settings-protection.sh since 0.13.2.
|
|
148
184
|
rea_path_is_protected() {
|
|
149
185
|
_rea_load_protected_patterns
|
|
186
|
+
# Extension-surface allow-list — short-circuit before pattern match.
|
|
187
|
+
if rea_path_is_extension_surface "$1"; then
|
|
188
|
+
return 1
|
|
189
|
+
fi
|
|
150
190
|
local p_lc
|
|
151
191
|
p_lc=$(printf '%s' "$1" | tr '[:upper:]' '[:lower:]')
|
|
152
192
|
local pattern pattern_lc
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@bookedsolid/rea",
|
|
3
|
-
"version": "0.16.
|
|
3
|
+
"version": "0.16.4",
|
|
4
4
|
"description": "Agentic governance layer for Claude Code — policy enforcement, hook-based safety gates, audit logging, and Codex-integrated adversarial review for AI-assisted projects",
|
|
5
5
|
"license": "MIT",
|
|
6
6
|
"author": "Booked Solid Technology <oss@bookedsolid.tech> (https://bookedsolid.tech)",
|