@bookedsolid/rea 0.26.0 → 0.27.0

package/dist/hooks/push-gate/codex-runner.js

@@ -262,7 +262,20 @@ export async function runCodexReview(options) {
             reject(new CodexTimeoutError(options.timeoutMs));
         }, options.timeoutMs);
         timer.unref?.();
-        child.stdout.on('data', (chunk) => stdoutChunks.push(chunk));
+        child.stdout.on('data', (chunk) => {
+            stdoutChunks.push(chunk);
+            // 0.27.0 raw-stdout tee for `rea hook codex-review`. Sink errors
+            // are swallowed — a bad sink must not make a passing review fail.
+            const sink = options.rawStdoutSink;
+            if (sink !== undefined) {
+                try {
+                    sink(chunk);
+                }
+                catch {
+                    /* sink failure is non-fatal */
+                }
+            }
+        });
         child.stderr.on('data', (chunk) => stderrChunks.push(chunk));
         child.on('error', (e) => {
             clearTimeout(timer);

package/hooks/_lib/cmd-segments.sh

@@ -138,8 +138,37 @@ _rea_unwrap_at_depth() {
   #   \x03 ETX — replaces in-quote `;`
   #   \x05 ENQ — replaces in-quote `&`
   #   \x06 ACK — replaces in-quote `|`
+  #
+  # 0.26.1 helix-028 P1 fix: feed the entire (possibly multiline) `$cmd`
+  # to awk as a SINGLE record using a multi-byte record separator
+  # (`\x1c\x1d` = FS+GS, control bytes that cannot appear in real shell
+  # input). Pre-fix, awk's default RS=`\n` made the masking awk process
+  # each line independently, which (a) dropped the newlines from the
+  # masked output and (b) reset the in-quote `mode` state per-line — so
+  # `bash -lc "printf x > .rea/HALT\ntrue"` had its closing `"` on line 2
+  # treated as an opening quote in plain mode, scrambling the mask. macOS
+  # BSD awk does NOT support NUL as RS (truncates after first record);
+  # `\x1c\x1d` is a portable multi-byte sentinel that awk's RS handles
+  # uniformly across BSD/GNU awk implementations.
+  #
+  # 0.26.1 ANSI-C sibling: also recognize `$'...'` (mode 3) as a quoted
+  # span. Pre-fix, the masker treated `$` as plain text in mode 0, so
+  # the closing `'` of `$'...'` was the only `'` the masker saw and it
+  # entered mode 2 there — flipping the mask state for the rest of the
+  # input. Mode 3 honors `\\`-escape semantics (so `\'` and `\\` inside
+  # the body do not prematurely terminate the span); on exit the closing
+  # `'` is masked to `\x02` (same as mode 2's exit) so the wrapper-scan
+  # can no longer treat in-quote `'` as a payload-opening quote.
+  local _unwrap_sep
+  _unwrap_sep=$'\x1c\x1d'
   local masked
-  masked=$(printf '%s' "$cmd" | awk '
+  # shellcheck disable=SC1078
+  # SC1078 fires inside the awk program because shellcheck's bash parser
+  # cannot model awk's nested-quote semantics (`'\''` here is the
+  # bash-to-awk single-apostrophe escape pattern, not an unclosed shell
+  # string). Verified false-positive — the awk program parses cleanly.
+  masked=$(printf '%s%s' "$cmd" "$_unwrap_sep" | awk '
+    BEGIN { RS = "\034\035" }
     {
       line = $0
       out = ""
@@ -149,12 +178,40 @@ _rea_unwrap_at_depth() {
       while (i <= n) {
         ch = substr(line, i, 1)
         if (mode == 0) {
+          # ANSI-C `$'\''...'\''` introducer: emit `$` and opening quote
+          # literally (so the wrapper-scan can detect the introducer)
+          # and enter mode 3.
+          if (ch == "$" && i < n && substr(line, i + 1, 1) == "'\''") {
+            mode = 3
+            out = out "$" "'\''"
+            i += 2
+            continue
+          }
           if (ch == "\"") { mode = 1; out = out ch; i++; continue }
           if (ch == "'\''") { mode = 2; out = out ch; i++; continue }
           out = out ch
           i++
           continue
         }
+        if (mode == 3) {
+          # ANSI-C: `\\X` is a literal escape pair (`\\\''`, `\\\\`, `\\n`,
+          # etc.). Preserve the pair so the closing `'\''` detector below
+          # does not exit on `\\\''`.
+          if (ch == "\\" && i < n) {
+            nxt = substr(line, i + 1, 1)
+            out = out ch nxt
+            i += 2
+            continue
+          }
+          if (ch == "'\''") { mode = 0; out = out "\002"; i++; continue }
+          if (ch == ";") { out = out "\003"; i++; continue }
+          if (ch == "&") { out = out "\005"; i++; continue }
+          if (ch == "|") { out = out "\006"; i++; continue }
+          if (ch == "\"") { out = out "\001"; i++; continue }
+          out = out ch
+          i++
+          continue
+        }
         if (mode == 2) {
           if (ch == "'\''") { mode = 0; out = out "\002"; i++; continue }
           if (ch == ";") { out = out "\003"; i++; continue }
@@ -183,15 +240,27 @@ _rea_unwrap_at_depth() {
       }
       printf "%s", out
     }')
-  # Pass both raw and masked into awk. Wrapper-regex matches against the
-  # masked form; payload extraction reads the raw form using the same
-  # offsets. Because the mask is byte-for-byte width-preserving, the
-  # same RSTART/RLENGTH applies to both.
+  # Pass both raw and masked into awk via stdin as NUL-region-separated
+  # records — `awk -v raw="$cmd" -v masked="$masked"` errors with
+  # `awk: newline in string` the moment either string contains a literal
+  # newline. RS=`\x1c\x1d` (FS+GS multi-byte sentinel) survives newlines
+  # in either record. (BSD awk does not support NUL-as-RS reliably.)
+  # Wrapper-regex matches against the masked form; payload extraction
+  # reads the raw form using the same offsets. Because the mask is
+  # byte-for-byte width-preserving, the same RSTART/RLENGTH applies to
+  # both.
   #
   # 0.21.2: capture payloads to a local var; iterate to recurse.
+  # 0.26.1 helix-028 P1: switch from `awk -v` to NUL-region stdin.
+  # 0.26.1 ANSI-C sibling: handle `$'\''...'\''` as a third quoted-body
+  # form alongside `'\''...'\''` and `"..."`. Decode common escape
+  # sequences (`\\n`, `\\t`, `\\r`, `\\\\`, `\\\''`, `\\"`) when emitting
+  # the payload so the downstream segment splitter sees real newlines
+  # and splits on them.
   local _unwrap_payloads
-  _unwrap_payloads=$(printf '' | awk -v raw="$cmd" -v masked="$masked" '
+  _unwrap_payloads=$(printf '%s%s%s%s' "$cmd" "$_unwrap_sep" "$masked" "$_unwrap_sep" | awk '
     BEGIN {
+      RS = "\034\035"
       # Wrapper-prefix regex: shell-name + optional flag tokens + -c-style flag.
       # Each flag token is `-` followed by 1+ letters and trailing space.
       # NOTE: matches only OUTSIDE outer quoted spans because in-quote
@@ -207,6 +276,10 @@ _rea_unwrap_at_depth() {
       # NOT covered here. Adding pwsh requires a separate code path
       # because EncodedCommand base64-decodes at runtime.
       WRAP = "(^|[[:space:]&|;])(bash|sh|zsh|dash|ksh|mksh|oksh|posh|yash|csh|tcsh|fish)([[:space:]]+-[a-zA-Z]+)*[[:space:]]+-(c|lc|lic|ic|cl|cli|li|il)[[:space:]]+"
+    }
+    NR == 1 { raw = $0; next }
+    NR == 2 {
+      masked = $0
       # Track the cursor in BOTH raw and masked. Because the mask is
       # byte-for-byte width-preserving, the same RSTART/RLENGTH applies
       # to both — but each iteration of the loop must SLICE both strings
@@ -225,8 +298,120 @@ _rea_unwrap_at_depth() {
         # verbatim only when it was an outer quote.
         first = substr(rtail, 1, 1)
         mfirst = substr(mtail, 1, 1)
+        # ANSI-C: `$'\''...'\''` introducer (raw and masked must both
+        # carry `$` followed by literal `'\''` — the masker preserves the
+        # opening pair when it transitions into mode 3).
+        if (first == "$" && substr(rtail, 2, 1) == "'\''" \
+            && mfirst == "$" && substr(mtail, 2, 1) == "'\''") {
+          body = substr(rtail, 3)
+          n = length(body)
+          j = 1
+          out = ""
+          closed = 0
+          while (j <= n) {
+            c = substr(body, j, 1)
+            if (c == "\\" && j < n) {
+              nxt = substr(body, j + 1, 1)
+              # Decode common ANSI-C escape sequences so the splitter
+              # downstream sees real bytes (e.g. `\n` → newline → segment
+              # boundary at protected/blocked-path detection time).
+              if (nxt == "n") { out = out "\n"; j += 2; continue }
+              if (nxt == "t") { out = out "\t"; j += 2; continue }
+              if (nxt == "r") { out = out "\r"; j += 2; continue }
+              if (nxt == "\\") { out = out "\\"; j += 2; continue }
+              if (nxt == "'\''") { out = out "'\''"; j += 2; continue }
+              if (nxt == "\"") { out = out "\""; j += 2; continue }
+              if (nxt == "a") { out = out "\007"; j += 2; continue }
+              if (nxt == "b") { out = out "\010"; j += 2; continue }
+              if (nxt == "e" || nxt == "E") { out = out "\033"; j += 2; continue }
+              if (nxt == "f") { out = out "\014"; j += 2; continue }
+              if (nxt == "v") { out = out "\013"; j += 2; continue }
+              if (nxt == "?") { out = out "?"; j += 2; continue }
+              # 0.26.1 helix-028 P1-2: `\xHH` (1–2 hex digits). Pre-fix
+              # `bash -lc $'\''echo > .rea/HALT\\x0Atrue'\''` had `\x0A`
+              # preserved as the literal pair `\x0A`, so the segment
+              # splitter never saw the real LF and the second statement
+              # (`true` / arbitrary attacker payload) was hidden in the
+              # same segment as the first. Decode here so the LF reaches
+              # the splitter.
+              if (nxt == "x") {
+                hex = ""
+                k = j + 2
+                while (k <= n && length(hex) < 2 \
+                       && index("0123456789abcdefABCDEF", substr(body, k, 1)) > 0) {
+                  hex = hex substr(body, k, 1)
+                  k++
+                }
+                if (length(hex) > 0) {
+                  # awk has no native hex parser. Walk the digits.
+                  hv = 0
+                  for (h = 1; h <= length(hex); h++) {
+                    hd = substr(hex, h, 1)
+                    di = index("0123456789abcdef", tolower(hd)) - 1
+                    hv = hv * 16 + di
+                  }
+                  out = out sprintf("%c", hv)
+                  j = k
+                  continue
+                }
+                # `\x` with no digits — preserve pair literally.
+                out = out c nxt
+                j += 2
+                continue
+              }
+              # 0.26.1 helix-028 P1-2: `\NNN` octal (1–3 digits). Pre-fix
+              # `\012` (= LF) was preserved as a literal pair, same bypass
+              # class as `\xHH`.
+              if (nxt >= "0" && nxt <= "7") {
+                oct = nxt
+                k = j + 2
+                while (k <= n && length(oct) < 3 \
+                       && substr(body, k, 1) >= "0" \
+                       && substr(body, k, 1) <= "7") {
+                  oct = oct substr(body, k, 1)
+                  k++
+                }
+                ov = 0
+                for (h = 1; h <= length(oct); h++) {
+                  ov = ov * 8 + (substr(oct, h, 1) + 0)
+                }
+                # Bash truncates to 8 bits.
+                ov = ov % 256
+                out = out sprintf("%c", ov)
+                j = k
+                continue
+              }
+              # Default: preserve pair (covers `\u…`, `\U…`, `\cX` — rarer
+              # shapes; the literal pair is still safer than silent decoding
+              # for unsupported escapes in this legacy-gate layer. The Node
+              # scanner — primary enforcement for protected/blocked paths
+              # since 0.23.0 — fails closed on these via decodeAnsiC).
+              out = out c nxt
+              j += 2
+              continue
+            }
+            if (c == "'\''") { closed = j; break }
+            out = out c
+            j++
+          }
+          if (closed == 0) {
+            mrest = substr(mtail, 3)
+            rrest = substr(rtail, 3)
+            continue
+          }
+          print out
+          # Skip past `$` (1) + opening `'\''` (1) + body (closed-1) +
+          # closing `'\''` (1) = 2 + closed bytes from mtail/rtail start.
+          mrest = substr(mtail, 2 + closed + 1)
+          rrest = substr(rtail, 2 + closed + 1)
+          continue
+        }
         if (first == "'\''" && mfirst == "'\''") {
           # Single-quoted body: no escape semantics; runs to next `'\''`.
+          # NOTE: index against the RAW body — the masker replaces the
+          # closing `'\''` of an outer single-quoted span with `\002`, so
+          # `index(mbody, "'\''")` would never find it. The raw body
+          # carries the literal closing `'\''` byte verbatim.
           body = substr(rtail, 2)
           mbody = substr(mtail, 2)
           end = index(body, "'\''")
@@ -278,10 +463,7 @@ _rea_unwrap_at_depth() {
         mrest = mtail
         rrest = rtail
       }
-    }
-    # Empty action with no input rules — explicitly drive the loop from
-    # END so awk does not require any input records.
-    END {}')
+    }')
   # Recurse on each extracted payload with depth+1.
   if [[ -n "$_unwrap_payloads" ]]; then
     while IFS= read -r _unwrap_p; do
@@ -350,6 +532,11 @@ _rea_split_segments() {
   # records; the existing pipeline then quote-masks and splits each
   # record independently. Inner payload anchors trigger words for the
   # `any_segment_*` checks downstream.
+  # shellcheck disable=SC1078
+  # SC1078 fires inside the awk program because shellcheck's bash parser
+  # cannot model awk's nested-quote semantics (`'\''` here is the
+  # bash-to-awk single-apostrophe escape pattern, not an unclosed shell
+  # string). Verified false-positive — the awk program parses cleanly.
   _rea_unwrap_nested_shells "$cmd" \
     | awk '
         BEGIN {
@@ -363,16 +550,38 @@ _rea_split_segments() {
           out = ""
           i = 1
           n = length(line)
-          mode = 0  # 0=plain, 1=double, 2=single
+          mode = 0  # 0=plain, 1=double, 2=single, 3=ANSI-C $'\''...'\''
           while (i <= n) {
             ch = substr(line, i, 1)
             if (mode == 0) {
+              # 0.26.1 helix-028 sibling: ANSI-C `$'\''...'\''` introducer.
+              # Pre-fix `echo $'\''a;b'\''` had its in-quote `;` un-masked and
+              # the splitter broke the segment at the `;`. Mode 3 honors
+              # backslash-escape pairs so `\\\''` and `\\\\` do not exit early.
+              if (ch == "$" && i < n && substr(line, i + 1, 1) == "'\''") {
+                mode = 3; out = out "$" "'\''"; i += 2; continue
+              }
               if (ch == "\"") { mode = 1; out = out ch; i++; continue }
               if (ch == "'\''") { mode = 2; out = out ch; i++; continue }
               out = out ch
               i++
               continue
             }
+            if (mode == 3) {
+              if (ch == "\\" && i < n) {
+                nxt = substr(line, i + 1, 1)
+                out = out ch nxt
+                i += 2
+                continue
+              }
+              if (ch == "'\''") { mode = 0; out = out ch; i++; continue }
+              if (ch == ";")    { out = out SC;   i++; continue }
+              if (ch == "&")    { out = out AMP;  i++; continue }
+              if (ch == "|")    { out = out PIPE; i++; continue }
+              out = out ch
+              i++
+              continue
+            }
             if (mode == 2) {
               # Single quotes: no escape semantics. Only `'\''` ends.
               if (ch == "'\''") { mode = 0; out = out ch; i++; continue }
@@ -423,9 +632,24 @@ _rea_split_segments() {
 # in-quote `|` characters.
 quote_masked_cmd() {
   local cmd="$1"
-  printf '%s' "$cmd" \
+  # 0.26.1 helix-028 sibling: feed the entire (possibly multiline) `$cmd`
+  # to awk as a SINGLE record using a multi-byte record separator
+  # (`\x1c\x1d` = FS+GS). Pre-fix, the default `RS=\n` split a multiline
+  # input across records and reset in-quote `mode` per-line, which both
+  # dropped the newlines AND scrambled the mask (the closing `"` on
+  # line 2 was treated as opening a new quoted span in plain mode).
+  # Also adds ANSI-C `$'\''...'\''` (mode 3) to mirror _rea_unwrap_at_depth's
+  # masker — same scope: in-quote `|`/`;`/`&` get masked, opening-pair
+  # `$'\''` is preserved for downstream detection, closing `'\''` is left
+  # literal here (this helper does not need a mode-exit-mask byte; the
+  # caller pattern-matches against literal `|`/`;`/`&` in the masked
+  # stream and benefits from preserving quote boundaries verbatim).
+  local _qm_sep
+  _qm_sep=$'\x1c\x1d'
+  printf '%s%s' "$cmd" "$_qm_sep" \
     | awk '
         BEGIN {
+          RS       = "\034\035"
           INQ_PIPE = "__REA_INQUOTE_PIPE_a8f2c1__"
           INQ_SC   = "__REA_INQUOTE_SC_a8f2c1__"
           INQ_AMP  = "__REA_INQUOTE_AMP_a8f2c1__"
@@ -439,12 +663,29 @@ quote_masked_cmd() {
           while (i <= n) {
             ch = substr(line, i, 1)
             if (mode == 0) {
+              if (ch == "$" && i < n && substr(line, i + 1, 1) == "'\''") {
+                mode = 3; out = out "$" "'\''"; i += 2; continue
+              }
               if (ch == "\"") { mode = 1; out = out ch; i++; continue }
               if (ch == "'\''") { mode = 2; out = out ch; i++; continue }
               out = out ch
               i++
               continue
             }
+            if (mode == 3) {
+              if (ch == "\\" && i < n) {
+                out = out ch substr(line, i + 1, 1)
+                i += 2
+                continue
+              }
+              if (ch == "'\''") { mode = 0; out = out ch; i++; continue }
+              if (ch == "|") { out = out INQ_PIPE; i++; continue }
+              if (ch == ";") { out = out INQ_SC;   i++; continue }
+              if (ch == "&") { out = out INQ_AMP;  i++; continue }
+              out = out ch
+              i++
+              continue
+            }
             if (mode == 2) {
               if (ch == "'\''") { mode = 0; out = out ch; i++; continue }
               if (ch == "|") { out = out INQ_PIPE; i++; continue }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@bookedsolid/rea",
-  "version": "0.26.0",
+  "version": "0.27.0",
   "description": "Agentic governance layer for Claude Code — policy enforcement, hook-based safety gates, audit logging, and Codex-integrated adversarial review for AI-assisted projects",
   "license": "MIT",
   "author": "Booked Solid Technology <oss@bookedsolid.tech> (https://bookedsolid.tech)",