@bookedsolid/rea 0.22.0 → 0.23.0

package/dist/cli/install/settings-merge.js

@@ -138,9 +138,7 @@ export function mergeSettings(existing, desired) {
                 type: wantHook.type,
                 command: wantHook.command,
                 ...(wantHook.timeout !== undefined ? { timeout: wantHook.timeout } : {}),
-                ...(wantHook.statusMessage !== undefined
-                    ? { statusMessage: wantHook.statusMessage }
-                    : {}),
+                ...(wantHook.statusMessage !== undefined ? { statusMessage: wantHook.statusMessage } : {}),
             });
             seen.add(k);
             addedCount += 1;
@@ -257,31 +255,96 @@ export function defaultDesiredHooks() {
             event: 'PreToolUse',
             matcher: 'Bash',
             hooks: [
-                { type: 'command', command: `${base}/dangerous-bash-interceptor.sh`, timeout: 10000, statusMessage: 'Checking command safety...' },
-                { type: 'command', command: `${base}/env-file-protection.sh`, timeout: 5000, statusMessage: 'Checking for .env file reads...' },
-                { type: 'command', command: `${base}/protected-paths-bash-gate.sh`, timeout: 5000, statusMessage: 'Checking for shell-redirect to protected paths...' },
-                { type: 'command', command: `${base}/blocked-paths-bash-gate.sh`, timeout: 5000, statusMessage: 'Checking for shell-redirect to policy-blocked paths...' },
-                { type: 'command', command: `${base}/dependency-audit-gate.sh`, timeout: 15000, statusMessage: 'Verifying package exists...' },
-                { type: 'command', command: `${base}/security-disclosure-gate.sh`, timeout: 5000, statusMessage: 'Checking disclosure policy...' },
-                { type: 'command', command: `${base}/pr-issue-link-gate.sh`, timeout: 5000, statusMessage: 'Checking PR for issue reference...' },
-                { type: 'command', command: `${base}/attribution-advisory.sh`, timeout: 5000, statusMessage: 'Checking for AI attribution...' },
+                {
+                    type: 'command',
+                    command: `${base}/dangerous-bash-interceptor.sh`,
+                    timeout: 10000,
+                    statusMessage: 'Checking command safety...',
+                },
+                {
+                    type: 'command',
+                    command: `${base}/env-file-protection.sh`,
+                    timeout: 5000,
+                    statusMessage: 'Checking for .env file reads...',
+                },
+                {
+                    type: 'command',
+                    command: `${base}/protected-paths-bash-gate.sh`,
+                    timeout: 5000,
+                    statusMessage: 'Checking for shell-redirect to protected paths...',
+                },
+                {
+                    type: 'command',
+                    command: `${base}/blocked-paths-bash-gate.sh`,
+                    timeout: 5000,
+                    statusMessage: 'Checking for shell-redirect to policy-blocked paths...',
+                },
+                {
+                    type: 'command',
+                    command: `${base}/dependency-audit-gate.sh`,
+                    timeout: 15000,
+                    statusMessage: 'Verifying package exists...',
+                },
+                {
+                    type: 'command',
+                    command: `${base}/security-disclosure-gate.sh`,
+                    timeout: 5000,
+                    statusMessage: 'Checking disclosure policy...',
+                },
+                {
+                    type: 'command',
+                    command: `${base}/pr-issue-link-gate.sh`,
+                    timeout: 5000,
+                    statusMessage: 'Checking PR for issue reference...',
+                },
+                {
+                    type: 'command',
+                    command: `${base}/attribution-advisory.sh`,
+                    timeout: 5000,
+                    statusMessage: 'Checking for AI attribution...',
+                },
             ],
         },
         {
             event: 'PreToolUse',
             matcher: 'Write|Edit|MultiEdit|NotebookEdit',
             hooks: [
-                { type: 'command', command: `${base}/secret-scanner.sh`, timeout: 15000, statusMessage: 'Scanning for credentials...' },
-                { type: 'command', command: `${base}/settings-protection.sh`, timeout: 5000, statusMessage: 'Checking settings protection...' },
-                { type: 'command', command: `${base}/blocked-paths-enforcer.sh`, timeout: 5000, statusMessage: 'Checking blocked paths...' },
-                { type: 'command', command: `${base}/changeset-security-gate.sh`, timeout: 5000, statusMessage: 'Checking changeset for security leaks...' },
+                {
+                    type: 'command',
+                    command: `${base}/secret-scanner.sh`,
+                    timeout: 15000,
+                    statusMessage: 'Scanning for credentials...',
+                },
+                {
+                    type: 'command',
+                    command: `${base}/settings-protection.sh`,
+                    timeout: 5000,
+                    statusMessage: 'Checking settings protection...',
+                },
+                {
+                    type: 'command',
+                    command: `${base}/blocked-paths-enforcer.sh`,
+                    timeout: 5000,
+                    statusMessage: 'Checking blocked paths...',
+                },
+                {
+                    type: 'command',
+                    command: `${base}/changeset-security-gate.sh`,
+                    timeout: 5000,
+                    statusMessage: 'Checking changeset for security leaks...',
+                },
             ],
         },
         {
             event: 'PostToolUse',
             matcher: 'Write|Edit|MultiEdit|NotebookEdit',
             hooks: [
-                { type: 'command', command: `${base}/architecture-review-gate.sh`, timeout: 10000, statusMessage: 'Checking architecture impact...' },
+                {
+                    type: 'command',
+                    command: `${base}/architecture-review-gate.sh`,
+                    timeout: 10000,
+                    statusMessage: 'Checking architecture impact...',
+                },
             ],
         },
     ];

package/dist/cli/upgrade.js

@@ -42,11 +42,11 @@ import path from 'node:path';
 import * as p from '@clack/prompts';
 import { loadPolicy } from '../policy/loader.js';
 import { CLAUDE_MD_MANIFEST_PATH, SETTINGS_MANIFEST_PATH, enumerateCanonicalFiles, } from './install/canonical.js';
-import { buildFragment, extractFragment, } from './install/claude-md.js';
+import { buildFragment, extractFragment } from './install/claude-md.js';
 import { atomicReplaceFile, safeDeleteFile, safeInstallFile, safeReadFile, } from './install/fs-safe.js';
 import { canonicalSettingsSubsetHash, defaultDesiredHooks, mergeSettings, pruneHookCommands, readSettings, writeSettingsAtomic, } from './install/settings-merge.js';
 import { ensureReaGitignore } from './install/gitignore.js';
-import { manifestExists, readManifest, writeManifestAtomic, } from './install/manifest-io.js';
+import { manifestExists, readManifest, writeManifestAtomic } from './install/manifest-io.js';
 import { sha256OfBuffer, sha256OfFile } from './install/sha.js';
 import { err, getPkgVersion, log, warn } from './utils.js';
 // ---------------------------------------------------------------------------
@@ -219,7 +219,11 @@ async function promptDriftDecision(resolvedRoot, canonical, opts) {
             initialValue: 'keep',
             options: [
                 { value: 'keep', label: 'keep', hint: 'leave your version untouched (default)' },
-                { value: 'overwrite', label: 'overwrite', hint: `replace with canonical (rea v${getPkgVersion()})` },
+                {
+                    value: 'overwrite',
+                    label: 'overwrite',
+                    hint: `replace with canonical (rea v${getPkgVersion()})`,
+                },
                 { value: 'diff', label: 'diff', hint: 'show diff, then re-prompt' },
             ],
         });
@@ -302,8 +306,7 @@ async function classifyFiles(resolvedRoot, canonicalFiles, manifest) {
     // Removed-upstream: in manifest but not in canonical set.
     if (manifest !== null) {
         for (const entry of manifest.files) {
-            if (entry.path === CLAUDE_MD_MANIFEST_PATH ||
-                entry.path === SETTINGS_MANIFEST_PATH) {
+            if (entry.path === CLAUDE_MD_MANIFEST_PATH || entry.path === SETTINGS_MANIFEST_PATH) {
                 continue; // synthetic entries handled separately
             }
             if (!canonicalByPath.has(entry.path)) {
@@ -555,9 +558,7 @@ export async function runUpgrade(options = {}) {
             }
         }
         else if (c.kind === 'removed-upstream') {
-            const decision = dryRun
-                ? 'skip'
-                : await promptRemovedDecision(c.entry.path, options);
+            const decision = dryRun ? 'skip' : await promptRemovedDecision(c.entry.path, options);
             if (decision === 'delete') {
                 console.log(`  - ${c.entry.path} (deleted)`);
                 if (!dryRun) {
@@ -626,9 +627,12 @@ export async function runUpgrade(options = {}) {
     if (dryRun) {
         console.log('');
         log('dry run — no changes written.');
-        const planned = counts.new_ + counts.drifted + counts.removedUpstream +
+        const planned = counts.new_ +
+            counts.drifted +
+            counts.removedUpstream +
             (classifications.some((c) => c.kind === 'unmodified' && c.canonicalSha !== c.localSha)
-                ? classifications.filter((c) => c.kind === 'unmodified' && c.canonicalSha !== c.localSha).length
+                ? classifications.filter((c) => c.kind === 'unmodified' && c.canonicalSha !== c.localSha)
+                    .length
                 : 0);
         console.log(`  ${planned} file action(s) planned.`);
         return;

package/dist/gateway/downstream.js

@@ -214,8 +214,7 @@ export class DownstreamConnection {
             // loud instead.
             throw new TypeError(`DownstreamConnection#lastErrorMessage: expected string | null, got ${typeof msg}`);
         }
-        this.#lastErrorBacking =
-            msg === null ? null : boundedDiagnosticString(msg);
+        this.#lastErrorBacking = msg === null ? null : boundedDiagnosticString(msg);
     }
     constructor(config, 
     /**

package/dist/gateway/live-state.js

@@ -374,7 +374,9 @@ export class LiveStatePublisher {
         if (parsed.session_id === this.opts.sessionId)
             return true;
         // Foreign session_id. Use owner_pid to decide whether to yield or steal.
-        if (typeof parsed.owner_pid !== 'number' || !Number.isFinite(parsed.owner_pid) || parsed.owner_pid <= 0) {
+        if (typeof parsed.owner_pid !== 'number' ||
+            !Number.isFinite(parsed.owner_pid) ||
+            parsed.owner_pid <= 0) {
             // Pre-0.9.0 file (no owner_pid recorded) or malformed value. We
             // cannot prove the writer is alive, and refusing to write forever
             // is the bigger hazard — claim the file. This is the same

package/dist/gateway/log.js

@@ -317,9 +317,7 @@ export function buildRegexRedactor(patterns) {
             // the SafeRegex worker in the redact middleware) can leave non-zero,
             // causing String.replace to start mid-string and silently skip leading
             // secrets. The `y` (sticky) flag carries the same hazard as `g`.
-            const re = (pattern.global || pattern.sticky)
-                ? new RegExp(pattern.source, pattern.flags)
-                : pattern;
+            const re = pattern.global || pattern.sticky ? new RegExp(pattern.source, pattern.flags) : pattern;
             out = out.replace(re, '[REDACTED]');
         }
         return out;

package/dist/gateway/middleware/audit.js

@@ -1,7 +1,7 @@
 import fs from 'node:fs/promises';
 import path from 'node:path';
 import { Tier, InvocationStatus } from '../../policy/types.js';
-import { computeHash, fsyncFile, readLastRecord, withAuditLock, } from '../../audit/fs.js';
+import { computeHash, fsyncFile, readLastRecord, withAuditLock } from '../../audit/fs.js';
 import { maybeRotate } from '../audit/rotator.js';
 /**
  * Post-execution middleware: appends a hash-chained JSONL audit record.

package/dist/gateway/middleware/injection.js

@@ -260,15 +260,11 @@ export function compileInjectionPatterns(timeoutMs, onTimeout) {
     return {
         base64Token: wrapRegex(INJECTION_BASE64_PATTERN, {
             timeoutMs,
-            ...(onTimeout
-                ? { onTimeout: (_p, i) => onTimeout('INJECTION_BASE64_PATTERN', i) }
-                : {}),
+            ...(onTimeout ? { onTimeout: (_p, i) => onTimeout('INJECTION_BASE64_PATTERN', i) } : {}),
         }),
         base64Shape: wrapRegex(INJECTION_BASE64_SHAPE, {
             timeoutMs,
-            ...(onTimeout
-                ? { onTimeout: (_p, i) => onTimeout('INJECTION_BASE64_SHAPE', i) }
-                : {}),
+            ...(onTimeout ? { onTimeout: (_p, i) => onTimeout('INJECTION_BASE64_SHAPE', i) } : {}),
         }),
     };
 }
@@ -364,9 +360,7 @@ export function classifyInjection(scan, tier) {
     // Dedupe: a phrase that appears both literally AND in a base64-decoded
     // payload in the same input counts once in `matched_patterns`. Union via
     // Set before sorting.
-    const matched = [
-        ...new Set([...scan.literalMatches, ...scan.base64DecodedMatches]),
-    ].sort();
+    const matched = [...new Set([...scan.literalMatches, ...scan.base64DecodedMatches])].sort();
     // Rule 2 — base64 always escalates, regardless of count or tier.
     if (base64Count > 0) {
         return {

package/dist/gateway/middleware/policy.js

@@ -12,7 +12,9 @@ function extractReaSubcommand(command) {
     if (first === undefined)
         return null;
     let idx = 0;
-    if (first === 'npx' && tokens.length >= 2 && (tokens[1] === 'rea' || tokens[1] === '@bookedsolid/rea')) {
+    if (first === 'npx' &&
+        tokens.length >= 2 &&
+        (tokens[1] === 'rea' || tokens[1] === '@bookedsolid/rea')) {
         idx = 2;
     }
     else if (first === 'rea' || first.endsWith('/rea')) {

package/dist/gateway/middleware/redact.js

@@ -1,4 +1,4 @@
-import { wrapRegex } from '../redact-safe/match-timeout.js';
+import { wrapRegex, } from '../redact-safe/match-timeout.js';
 /**
  * Patterns that match common secret formats.
  * Each pattern has a name (for audit logging) and a regex.

package/dist/gateway/observability/codex-telemetry.js

@@ -202,8 +202,7 @@ export async function summarizeTelemetry(baseDir, windowDays = 7) {
         if (!countsByKey.has(key))
             continue; // outside window
         countsByKey.set(key, (countsByKey.get(key) ?? 0) + 1);
-        totalTokens +=
-            (r.estimated_input_tokens ?? 0) + (r.estimated_output_tokens ?? 0);
+        totalTokens += (r.estimated_input_tokens ?? 0) + (r.estimated_output_tokens ?? 0);
         if (r.rate_limited)
             rateLimitedCount += 1;
         durationSum += r.duration_ms ?? 0;

package/dist/gateway/reviewers/claude-self.js

@@ -140,10 +140,12 @@ function toReviewFinding(input) {
         'performance',
     ];
     const validSeverities = ['high', 'medium', 'low'];
-    if (typeof o['category'] !== 'string' || !validCategories.includes(o['category'])) {
+    if (typeof o['category'] !== 'string' ||
+        !validCategories.includes(o['category'])) {
         return undefined;
     }
-    if (typeof o['severity'] !== 'string' || !validSeverities.includes(o['severity'])) {
+    if (typeof o['severity'] !== 'string' ||
+        !validSeverities.includes(o['severity'])) {
         return undefined;
     }
     if (typeof o['file'] !== 'string')
@@ -210,9 +212,7 @@ export class ClaudeSelfReviewer {
         }
         const diffBytes = Buffer.byteLength(req.diff, 'utf8');
         const truncated = diffBytes > DIFF_TRUNCATE_BYTES;
-        const effectiveDiff = truncated
-            ? req.diff.slice(0, DIFF_TRUNCATE_BYTES)
-            : req.diff;
+        const effectiveDiff = truncated ? req.diff.slice(0, DIFF_TRUNCATE_BYTES) : req.diff;
         const userMessage = buildUserMessage({ ...req, diff: effectiveDiff }, truncated);
         // G11.5 — measure the SDK call. The telemetry write is best-effort and
         // fire-and-forget; it MUST NOT block or fail the review. We call
@@ -237,7 +237,11 @@ export class ClaudeSelfReviewer {
             // Rate-limits, 5xx, network errors all land here. Surface the raw
             // message so operators can act on it; the caller decides whether
             // to retry or abort.
-            const message = err instanceof APIError ? `API ${err.status ?? '?'}: ${err.message}` : err instanceof Error ? err.message : String(err);
+            const message = err instanceof APIError
+                ? `API ${err.status ?? '?'}: ${err.message}`
+                : err instanceof Error
+                    ? err.message
+                    : String(err);
             this.emitTelemetry({
                 invocation_type: 'adversarial-review',
                 input_text: userMessage,

package/dist/hooks/bash-scanner/blocked-scan.d.ts

@@ -0,0 +1,26 @@
+/**
+ * Blocked-paths policy composition. Mirrors `blocked-paths-bash-gate.sh`
+ * + the `_match_blocked` helper byte-for-byte:
+ *
+ *   - directory entry (ends with `/`): prefix match OR exact match
+ *     against the bare-dir form (entry without trailing slash)
+ *   - glob entry (contains `*`): convert to ERE (escape `.`, `*` → `.*`),
+ *     anchored, case-insensitive
+ *   - exact (case-insensitive) otherwise
+ *
+ * Path normalization is identical to protected-scan.ts: URL-decode,
+ * backslash → slash, leading-./ strip, `..` walk-up + outside-root
+ * sentinel, optional symlink-resolved form.
+ *
+ * Out-of-scope-of-blocked: paths outside REA_ROOT. blocked_paths is a
+ * project-relative concept; an outside-root write can't match a
+ * blocked_paths entry. The PROTECTED-paths gate handles outside-root
+ * rejection on the protected list itself.
+ */
+import { type Verdict } from './verdict.js';
+import type { DetectedWrite } from './walker.js';
+export interface BlockedScanContext {
+    reaRoot: string;
+    blockedPaths: readonly string[];
+}
+export declare function scanForBlockedViolations(ctx: BlockedScanContext, detections: readonly DetectedWrite[]): Verdict;