@bookedsolid/rea 0.35.0 → 0.37.0

package/dist/cli/doctor.js

@@ -169,22 +169,19 @@ export const EXPECTED_HOOKS = [
     'blocked-paths-enforcer.sh',
     'changeset-security-gate.sh',
     'dangerous-bash-interceptor.sh',
-    // 0.31.0 — `delegation-advisory.sh` is INTENTIONALLY NOT in this list.
-    // It is the brand-new PostToolUse delegation-nudge hook this release
-    // ships; adding it to EXPECTED_HOOKS would make `checkHooksInstalled`
-    // hard-`fail` on every pre-0.31.0 consumer install (and on this repo's
-    // own dogfood) the instant they upgrade the rea binary but before they
-    // run `rea upgrade` to lay down the new hook file — a regression that
-    // turns a green doctor red purely from upgrade lag. This mirrors the
-    // staged rollout `delegation-capture.sh` itself used: the file-presence
-    // entry joins EXPECTED_HOOKS in the SAME future minor that promotes
-    // `checkDelegationAdvisoryHookRegistered` from `warn` to `fail`, once
-    // consumers have had upgrade-lag time. Until then, a missing
-    // `delegation-advisory.sh` surfaces only through that `warn`-tier
-    // registration check — proportionate, since the hook is advisory at
-    // runtime and never blocks a tool call. See `git blame` on the 0.29.0
-    // round-2 P2 comment on `checkDelegationHookRegistered` for the prior
-    // application of this exact discipline.
+    // 0.36.0 — `delegation-advisory.sh` PROMOTED to EXPECTED_HOOKS (charter
+    // follow-through from 0.31.0). Originally held out in 0.31.0 to give
+    // consumers an upgrade-lag window: adding a brand-new hook to
+    // EXPECTED_HOOKS would have hard-`fail`ed `checkHooksInstalled` on
+    // every pre-0.31.0 install the instant they bumped the rea binary, a
+    // regression that turns a green doctor red purely from upgrade lag.
+    // After 4 releases of propagation (0.32, 0.33, 0.34, 0.35), the lag
+    // window has closed — consumers running `rea upgrade` since 0.31.0
+    // have laid the hook down. Same ratchet `delegation-capture.sh` went
+    // through 0.29.0 → 0.30.0. Promotion happens in lockstep with
+    // `checkDelegationAdvisoryHookRegistered` flipping `warn` → `fail`
+    // (see that function for the matching commentary).
+    'delegation-advisory.sh',
     // 0.29.0 — delegation-telemetry MVP. The PreToolUse hook on
     // matcher `Agent|Skill` emits a `rea.delegation_signal` audit record
     // on every subagent / skill dispatch. Observational only — fails
@@ -1126,14 +1123,25 @@ export function checkDelegationHookRegistered(baseDir) {
  */
 export function checkDelegationAdvisoryHookRegistered(baseDir) {
     const label = 'delegation-advisory hook registered';
-    const ADVISORY = 'warn';
+    // 0.36.0 — promoted from `warn` (advisory in 0.31.0) to `fail` (hard)
+    // per the staged-rollout ratchet. After 4 releases of upgrade-lag
+    // propagation (0.32, 0.33, 0.34, 0.35), consumer installs that have
+    // run `rea upgrade` since 0.31.0 already carry the PostToolUse
+    // `Bash|Edit|Write|MultiEdit|NotebookEdit` group. Any install that
+    // still lacks it after that window is genuinely missing the nudge
+    // and `fail` is the proportionate signal. Companion change:
+    // `delegation-advisory.sh` joined `EXPECTED_HOOKS` in the same
+    // commit, so `checkHooksInstalled` also covers the file-presence +
+    // executability checks now (this function still does both directly
+    // as defense-in-depth, mirroring `checkDelegationHookRegistered`).
+    const REFUSE = 'fail';
     const MATCHER = 'Bash|Edit|Write|MultiEdit|NotebookEdit';
     const settingsPath = path.join(baseDir, '.claude', 'settings.json');
     if (!fs.existsSync(settingsPath)) {
         return {
             label,
-            status: ADVISORY,
-            detail: `missing: ${settingsPath} — run \`rea upgrade\` or \`rea init\` (advisory in 0.31.0)`,
+            status: REFUSE,
+            detail: `missing: ${settingsPath} — run \`rea upgrade\` or \`rea init\``,
         };
     }
     let parsed;
@@ -1143,7 +1151,7 @@ export function checkDelegationAdvisoryHookRegistered(baseDir) {
     catch (e) {
         return {
             label,
-            status: ADVISORY,
+            status: REFUSE,
             detail: e instanceof Error ? e.message : String(e),
         };
     }
@@ -1152,9 +1160,9 @@ export function checkDelegationAdvisoryHookRegistered(baseDir) {
     if (group === undefined) {
         return {
             label,
-            status: ADVISORY,
+            status: REFUSE,
             detail: `no PostToolUse group with matcher "${MATCHER}" found in .claude/settings.json — ` +
-                'run `rea upgrade` to install (advisory in 0.31.0; promoted to fail in a later minor). ' +
+                'run `rea upgrade` to install. ' +
                 'NOTE: the matcher INCLUDES Bash — the delegation nudge counts every write-class ' +
                 'tool call, not just file edits.',
         };
@@ -1163,16 +1171,16 @@ export function checkDelegationAdvisoryHookRegistered(baseDir) {
     if (!cmds.some((c) => c.includes('delegation-advisory.sh'))) {
         return {
             label,
-            status: ADVISORY,
+            status: REFUSE,
             detail: `${MATCHER} matcher exists but no delegation-advisory.sh command found in its hooks list`,
         };
     }
-    // Round-2/3 P2: the registration string is present — now confirm the
-    // hook file it points at actually exists AND is executable. Because
-    // `delegation-advisory.sh` is intentionally out of `EXPECTED_HOOKS`
-    // for 0.31.0, `checkHooksInstalled` does NOT cover it; this is the
-    // only signal, so it owns both the presence and the `0o111` checks
-    // that `checkHooksInstalled` does for every other shipped hook.
+    // 0.31.0 round-2/3 P2: the registration string is present — now
+    // confirm the hook file it points at actually exists AND is
+    // executable. Kept after the 0.36.0 EXPECTED_HOOKS promotion as
+    // defense-in-depth (the same `0o111` check `checkHooksInstalled`
+    // does, scoped to this hook so the failure message can name the
+    // exact remediation rather than a generic "missing X" enumeration).
     const hookFile = path.join(baseDir, '.claude', 'hooks', 'delegation-advisory.sh');
     let hookStat;
     try {
@@ -1181,19 +1189,19 @@ export function checkDelegationAdvisoryHookRegistered(baseDir) {
     catch {
         return {
             label,
-            status: ADVISORY,
+            status: REFUSE,
             detail: `${MATCHER} matcher references delegation-advisory.sh but the hook file is missing: ` +
-                `${hookFile} — run \`rea upgrade\` to lay it down (advisory in 0.31.0). ` +
+                `${hookFile} — run \`rea upgrade\` to lay it down. ` +
                 'Without the file every matching PostToolUse dispatch shells out to a nonexistent path.',
         };
     }
     if ((hookStat.mode & 0o111) === 0) {
         return {
             label,
-            status: ADVISORY,
+            status: REFUSE,
             detail: `${MATCHER} matcher references delegation-advisory.sh but the hook file is not executable ` +
                 `(mode=${(hookStat.mode & 0o777).toString(8)}): ${hookFile} — ` +
-                'run `rea upgrade` or `chmod +x` it (advisory in 0.31.0). ' +
+                'run `rea upgrade` or `chmod +x` it. ' +
                 'A non-executable hook cannot be launched by Claude Code from settings.json.',
         };
     }
@@ -1469,9 +1477,10 @@ export function collectChecks(baseDir, codexProbeState, prePushState, options =
         checkDelegationHookRegistered(baseDir),
         // 0.31.0 — delegation-telemetry completion. The PostToolUse
         // `Bash|Edit|Write|MultiEdit|NotebookEdit` matcher group drives
-        // the delegation-advisory nudge hook. Advisory (warn) for 0.31.0
-        // — same upgrade-lag ratchet checkDelegationHookRegistered went
-        // through in 0.29.0.
+        // the delegation-advisory nudge hook. 0.36.0 — promoted warn →
+        // fail (same upgrade-lag ratchet checkDelegationHookRegistered
+        // went through in 0.29.0 → 0.30.0, after 4 release cycles of
+        // propagation).
         checkDelegationAdvisoryHookRegistered(baseDir),
     ];
     // Non-git escape hatch: when `.git/` is absent, both git-hook checks are

package/dist/hooks/_lib/segments.js

@@ -467,6 +467,50 @@ function splitSegmentsRecursive(cmd, depth) {
     }
     return out;
 }
+/**
+ * Test whether a flag token is a `-c`-class introducer.
+ *
+ * Bash accepts `-c` combined with any other short single-char flags in
+ * a single short-flag bundle: `-c`, `-lc`, `-lic`, `-cli`, `-lci`,
+ * `-cil`, `-ilc`, etc. The bash cmd-segments.sh `WRAP` regex lists
+ * a non-exhaustive defensive subset (`c|lc|lic|ic|cl|cli|li|il`) but
+ * bash itself accepts ANY short-flag bundle that contains a `c`.
+ *
+ * The TS detector mirrors bash semantics: a SHORT-flag bundle
+ * (`-letters`, single leading `-`) whose letter set contains `c` is
+ * an introducer. The separated `--c` long-flag form is also
+ * recognized for parity with the bash WRAP regex's `--c` alternation.
+ *
+ * Long flags (`--rcfile`, `--noprofile`, `--login`, `--init-file`)
+ * are NOT introducers regardless of whether they contain the letter
+ * `c` — bash's long-options namespace is disjoint from the `-c`
+ * payload-execute semantics.
+ *
+ * 0.36.0 audit-trail:
+ *   - Charter item 4 / 0.34.0 codex round-7 P2 #1: pre-fix the test
+ *     was `/c/i.test(flag.replace(/^--?/, ''))` which over-matched on
+ *     every flag with a `c` in its name (`--rcfile`, `--noprofile`).
+ *   - 0.36.0 codex round-1 P1: the first fix attempt used an explicit
+ *     allowlist `Set` mirroring the bash WRAP regex's explicit
+ *     alternation, which was a NARROWING vs the pre-fix behavior —
+ *     valid combined-flag forms like `-lci`, `-cil`, `-ilc` were not
+ *     in the allowlist and stopped unwrapping, reopening a bypass
+ *     surface against env-file-protection / dependency-audit-gate /
+ *     dangerous-bash matchers. This function restores parity with
+ *     bash itself: any short-flag bundle containing `c` qualifies.
+ */
+function isCDashIntroducer(flag) {
+    // Separated long-flag form (rare but bash accepts it).
+    if (flag === '--c')
+        return true;
+    // Short-flag bundle: single leading `-`, then one-or-more letters.
+    // The bundle is a `-c` introducer iff it contains the letter `c`
+    // (any position, any other-letters mix).
+    const m = /^-([A-Za-z]+)$/.exec(flag);
+    if (m === null)
+        return false;
+    return /c/i.test(m[1] ?? '');
+}
 /**
  * Recognize a nested-shell wrapper segment and return the unquoted
  * payload string. Returns `null` when the segment is not a wrapper.
@@ -554,15 +598,29 @@ function extractNestedShellPayload(head) {
             return null;
         const flag = flagMatch[0] ?? '';
         cursor += flag.length;
-        // Recognized flag-token shapes:
-        //   `-c` `-l` `-i` `-e` `-lc` `-lic` `-ic` `-cl` `-cli` `-li` `-il`
-        //   `--c` `--noprofile` (etc.) — we don't enforce the full list,
-        //   just that it's `-<letters>` or `--<letters>`.
+        // Recognized flag-token shapes (parity with cmd-segments.sh WRAP):
+        //   - pre-flags (no `-c` yet): `-l`, `-i`, `-e`, `-li`, `-il`,
+        //     `--noprofile`, `--rcfile`, `--login` (etc.)
+        //   - `-c`-class introducer: exactly `-c`, `-lc`, `-lic`, `-cl`,
+        //     `-cli`, `-li`, `-il`, `-ic` (the bash WRAP regex's
+        //     `-(c|lc|lic|ic|cl|cli|li|il)` set), OR separated `--c`.
+        //
+        // 0.36.0 audit-trail (charter item 4 / 0.34.0 codex round-7 P2 #1):
+        // pre-fix the test `/c/i.test(flag.replace(/^--?/, ''))` treated
+        // ANY flag containing the letter `c` as a `-c` introducer. This
+        // false-positived on benign flags like `--rcfile`, `--noprofile`
+        // (with `c` in the name), causing the walker to "commit" to a -c
+        // unwrap, advance past the flag, and then either fail to find a
+        // quoted payload or unwrap something that was never a shell-payload
+        // body. Net effect: over-trigger of nested-shell unwrap, with
+        // downstream advisory matchers seeing payloads that weren't ever
+        // shell-payloads. Fix restricts the introducer set to the exact
+        // WRAP-regex shapes; any other flag shape continues the flag walk
+        // (still valid — pre-flags before `-c` are accepted) but does NOT
+        // mark `sawCFlag = true`.
         if (!/^--?[A-Za-z]+$/.test(flag))
             return null;
-        // Does this flag contain `c` (the -c introducer letter)?
-        // `--c` also counts (rare but bash accepts).
-        if (/c/i.test(flag.replace(/^--?/, ''))) {
+        if (isCDashIntroducer(flag)) {
             sawCFlag = true;
             // Continue the loop — the payload is the NEXT non-flag token.
             // (Bash's argv parser stops walking flags as soon as it sees -c,
@@ -570,6 +628,8 @@ function extractNestedShellPayload(head) {
             // safety; the bash WRAP regex similarly tolerates trailing
             // flag-like tokens before the quoted body.)
         }
+        // Else: a pre-flag (e.g. `-l`, `--rcfile`, `--noprofile`) — keep
+        // walking; if a later token IS in `CDASH_INTRODUCERS` we'll fire.
     }
     if (!sawCFlag)
         return null;

package/dist/hooks/secret-scanner/index.js

@@ -127,7 +127,22 @@ const SECRET_PATTERNS = [
     {
         severity: 'HIGH',
         label: 'Supabase service role key (JWT)',
-        regex: /SUPABASE_SERVICE_ROLE_KEY\s*=\s*["']?eyJ[A-Za-z0-9._-]{50,}/g,
+        // 0.36.0 audit-trail (charter item 5 / 0.34.0 codex round-7 P2 #2):
+        // restore byte-parity with the pre-0.34.0 bash body. The bash hook
+        // required a quote introducer (`["']`, no `?`); only quoted
+        // assignments matched HIGH. Pre-fix this TS regex made the quote
+        // OPTIONAL (`["']?`), which upgraded an unquoted `.env` line like
+        // `SUPABASE_SERVICE_ROLE_KEY=eyJ...` from MEDIUM advisory (matched
+        // by the lower-down `.env credential assignment` pattern) to HIGH
+        // blocking. That over-blocks legitimate `.env` files committed to
+        // public repos and breaks parity with consumers still on the bash
+        // body. Fix: drop the `?` so the quote is required, matching bash
+        // exactly. Unquoted assignments continue to fire MEDIUM via the
+        // `.env credential assignment` pattern below (line ~190); the only
+        // change is that they no longer ALSO fire HIGH here. The `[\"']`
+        // character class accepts both single and double quotes
+        // (mirroring the bash `["\'"'"']` literal).
+        regex: /SUPABASE_SERVICE_ROLE_KEY\s*=\s*["']eyJ[A-Za-z0-9._-]{50,}/g,
     },
     // ── MEDIUM severity (advisory) ───────────────────────────────────
     {
@@ -153,10 +168,57 @@ const SECRET_PATTERNS = [
         label: 'Hardcoded DB connection string with password',
         regex: /postgresql:\/\/[^:]+:[^@]{8,}@/g,
     },
+    {
+        severity: 'MEDIUM',
+        label: 'Supabase service role key (JWT, unquoted non-.env shape)',
+        // 0.36.0 codex round-2 P1 → round-3 P3 → round-4 P1 evolution.
+        //
+        // Background:
+        //   - Round 1: 0.34.0-introduced HIGH regex had `["']?` (quote
+        //     optional) which over-blocked unquoted .env lines vs the
+        //     pre-0.34.0 bash baseline. Charter item 5 dropped the `?`.
+        //   - Round 2 P1: dropping the `?` left a gap for unquoted forms
+        //     outside `^FOO=` shape (`export FOO=…` etc.) that ALSO
+        //     existed in the bash baseline. Added an unquoted-anywhere
+        //     MEDIUM rule to close it.
+        //   - Round 3 P3: unquoted-anywhere double-fired with the broader
+        //     `.env credential assignment` MEDIUM on plain `^FOO=` lines.
+        //     Narrowed to only fire on 5 specific shell-keyword prefixes
+        //     (`export`, `readonly`, `declare`, `local`, `typeset`).
+        //   - Round 4 P1: too narrow — left other unquoted shapes
+        //     (Dockerfile `ENV FOO=…`, k8s manifests, ad-hoc shell
+        //     `FOO=…; bar`) entirely unscanned.
+        //
+        // Round-4 resolution: fire on any unquoted assignment that is
+        // NOT at the start of a line (`^`). The `.env credential
+        // assignment` MEDIUM pattern owns `^FOO=…`; this rule owns
+        // everything else (`ENV FOO=…`, `export FOO=…`, `; FOO=…`,
+        // template-string `${FOO=…}`, etc.). Implemented via a
+        // multi-line regex with a look-behind for "anything except a
+        // line start". JS regex doesn't support a direct "not at line
+        // start" assertion, so we require at least one non-newline char
+        // before `SUPABASE_SERVICE_ROLE_KEY` on the same line.
+        //
+        // The `(?!["'])` look-ahead refuses when the value starts with
+        // a quote so the same secret isn't double-reported by the HIGH
+        // pattern above. Result: each secret produces exactly one
+        // MEDIUM finding regardless of shape, and the HIGH rule keeps
+        // exclusive ownership of quoted forms.
+        regex: /(?<=[^\n\r])\bSUPABASE_SERVICE_ROLE_KEY\s*=\s*(?!["'])eyJ[A-Za-z0-9._-]{50,}/gm,
+    },
     {
         severity: 'MEDIUM',
         label: 'Supabase anon key in non-client context',
-        regex: /SUPABASE_ANON_KEY\s*=\s*["']?eyJ[A-Za-z0-9._-]{50,}/g,
+        // 0.36.0 audit-trail (charter item 5 / 0.34.0 codex round-7 P2 #2,
+        // sibling fix): same parity restoration as the SUPABASE_SERVICE_ROLE_KEY
+        // pattern above — bash hook required a quote introducer, TS pattern
+        // had it optional via `?`. Removed for byte-parity. Unquoted .env
+        // forms continue to be advisory via the broader `.env credential
+        // assignment` MEDIUM pattern (where SUPABASE_ANON_KEY is NOT one of
+        // the named keys — anon-key prose in unquoted .env is acceptable
+        // since anon keys are public; only QUOTED-in-source matches stay
+        // an advisory MEDIUM here).
+        regex: /SUPABASE_ANON_KEY\s*=\s*["']eyJ[A-Za-z0-9._-]{50,}/g,
     },
 ];
 /**