@bookedsolid/rea 0.36.0 → 0.38.0

package/hooks/pr-issue-link-gate.sh

@@ -1,134 +1,32 @@
 #!/bin/bash
 # PreToolUse hook: pr-issue-link-gate.sh
 # 0.32.0+ — Node-binary shim for `rea hook pr-issue-link-gate`.
+# 0.38.0+ — migrated to `_lib/shim-runtime.sh` (shared runtime).
 #
-# Pre-0.32.0 the gate's full body lived here as bash; the migration to
-# the parser-backed Node binary moves the matching + advisory logic
-# into `src/hooks/pr-issue-link-gate/index.ts`. This shim is the
-# Claude Code dispatcher's view of the hook — it forwards stdin to the
-# CLI and exits with whatever the CLI returns.
-#
-# Behavioral contract is preserved byte-for-byte: ALWAYS exit 0 except
-# under HALT (exit 2) or a malformed payload (exit 2, fail-closed).
+# Advisory-tier: nudges operators to link an issue when running
+# `gh pr create`. ALWAYS exit 0 except under HALT. The pre-port bash
+# body lived here; the matching + advisory logic is now in
+# `src/hooks/pr-issue-link-gate/index.ts`.
 #
 # # CLI-resolution trust boundary
 #
-# Codex round 1 P1 (2026-05-15): mirrors the realpath sandbox check
-# from `delegation-advisory.sh` §3 and `protected-paths-bash-gate.sh`
-# §6. The resolved CLI MUST live INSIDE realpath(CLAUDE_PROJECT_DIR)
-# AND have an ancestor `package.json` whose `name` is
-# `@bookedsolid/rea`. Pre-fix the shim executed
-# `node_modules/@bookedsolid/rea/dist/cli/index.js` directly without
-# realpathing the target, which would let an attacker who controlled
-# `node_modules/@bookedsolid/rea` (symlink-out, postinstall script,
-# tarball-replacement) ship forged review code that intercepts every
-# Bash dispatch.
-#
-# Sandboxed resolution order (PATH is INTENTIONALLY OMITTED):
-#   1. node_modules/@bookedsolid/rea/dist/cli/index.js (consumer-side)
-#   2. dist/cli/index.js under CLAUDE_PROJECT_DIR (dogfood)
-#
-# When NO rea CLI is reachable through the sandboxed order, this hook
-# falls through to allow (exit 0) — the advisory is a nudge, not a
-# security claim. The bash-tier path gates fail-closed because they
-# protect write surfaces; this gate only emits prose.
-#
-# # Version skew
-#
-# Codex round 1 P1 (2026-05-15): a fresh `rea init` against a stale
-# `node_modules/@bookedsolid/rea` would deliver this 0.32.0 shim while
-# the installed CLI lacks the `hook pr-issue-link-gate` subcommand —
-# every Bash dispatch would then fail with `unknown command` (exit 1).
-# Probe the subcommand's `--help` output before propagating the exit
-# code; on probe failure, advise the operator to `pnpm install` and
-# fall through silently so the workspace stays usable.
+# The shared runtime enforces the 2-tier sandboxed CLI resolution
+# (node_modules → dist/, PATH intentionally omitted) + the realpath
+# sandbox check. See `hooks/_lib/shim-runtime.sh` for the canonical
+# trust boundary documentation.
 
 set -uo pipefail
 
-# 1. HALT check. Even though the CLI re-checks for defense-in-depth,
-#    short-circuit here so we never spawn `node` while frozen.
 # shellcheck source=_lib/halt-check.sh
 source "$(dirname "$0")/_lib/halt-check.sh"
 check_halt
 REA_ROOT=$(rea_root)
 
-proj="${CLAUDE_PROJECT_DIR:-$REA_ROOT}"
-
-# 2. Resolve the rea CLI through the fixed 2-tier sandboxed order.
-REA_ARGV=()
-RESOLVED_CLI_PATH=""
-if [ -f "$proj/node_modules/@bookedsolid/rea/dist/cli/index.js" ]; then
-  REA_ARGV=(node "$proj/node_modules/@bookedsolid/rea/dist/cli/index.js")
-  RESOLVED_CLI_PATH="$proj/node_modules/@bookedsolid/rea/dist/cli/index.js"
-elif [ -f "$proj/dist/cli/index.js" ]; then
-  REA_ARGV=(node "$proj/dist/cli/index.js")
-  RESOLVED_CLI_PATH="$proj/dist/cli/index.js"
-fi
-
-if [ "${#REA_ARGV[@]}" -eq 0 ]; then
-  exit 0
-fi
-
-# 3. Realpath sandbox check — mirrors delegation-advisory.sh §3.
-if ! command -v node >/dev/null 2>&1; then
-  exit 0
-fi
-
-sandbox_check=$(node -e '
-  const fs = require("fs");
-  const path = require("path");
-  const cli = process.argv[1];
-  const projDir = process.argv[2];
-  let real, realProj;
-  try { real = fs.realpathSync(cli); } catch (e) {
-    process.stdout.write("bad:realpath"); process.exit(1);
-  }
-  try { realProj = fs.realpathSync(projDir); } catch (e) {
-    process.stdout.write("bad:realpath-proj"); process.exit(1);
-  }
-  const sep = path.sep;
-  const projWithSep = realProj.endsWith(sep) ? realProj : realProj + sep;
-  if (!(real === realProj || real.startsWith(projWithSep))) {
-    process.stdout.write("bad:cli-escapes-project"); process.exit(1);
-  }
-  let cur = path.dirname(path.dirname(path.dirname(real)));
-  let found = false;
-  for (let i = 0; i < 20 && cur && cur !== path.dirname(cur); i += 1) {
-    const pj = path.join(cur, "package.json");
-    if (fs.existsSync(pj)) {
-      try {
-        const data = JSON.parse(fs.readFileSync(pj, "utf8"));
-        if (data && data.name === "@bookedsolid/rea") { found = true; break; }
-      } catch (e) { /* keep walking */ }
-    }
-    cur = path.dirname(cur);
-  }
-  if (!found) { process.stdout.write("bad:no-rea-pkg-json"); process.exit(1); }
-  process.stdout.write("ok");
-' -- "$RESOLVED_CLI_PATH" "$proj" 2>/dev/null)
-
-if [ "$sandbox_check" != "ok" ]; then
-  printf 'rea: pr-issue-link-gate skipped (sandbox check: %s)\n' "$sandbox_check" >&2
-  exit 0
-fi
-
-# 4. Version-probe: confirm the resolved CLI implements the
-#    `hook pr-issue-link-gate` subcommand. A stale node_modules from
-#    a fresh `rea init` against an older installed version would
-#    otherwise turn every Bash dispatch into a hard failure.
-probe_out=$("${REA_ARGV[@]}" hook pr-issue-link-gate --help 2>&1)
-probe_status=$?
-if [ "$probe_status" -ne 0 ] || ! printf '%s' "$probe_out" | grep -q -e 'pr-issue-link-gate'; then
-  printf 'rea: this shim requires the `rea hook pr-issue-link-gate` subcommand (introduced in 0.32.0).\n' >&2
-  printf 'The resolved CLI at %s does not implement it.\n' "$RESOLVED_CLI_PATH" >&2
-  printf 'Run `pnpm install` (or `npm install`) to sync the CLI to the version this shim expects.\n' >&2
-  exit 0
-fi
+SHIM_NAME="pr-issue-link-gate"
+SHIM_INTRODUCED_IN="0.32.0"
+SHIM_FAIL_OPEN=1
+SHIM_REFUSAL_NOUN="the pr-issue-link advisory"
 
-# 5. Forward stdin to the CLI synchronously. The advisory text must
-#    reach the operator's stderr before this hook returns; the CLI's
-#    own exit code is the hook's exit code (0 normally, 2 under HALT
-#    or malformed payload).
-INPUT=$(cat)
-printf '%s' "$INPUT" | "${REA_ARGV[@]}" hook pr-issue-link-gate
-exit $?
+# shellcheck source=_lib/shim-runtime.sh
+source "$(dirname "$0")/_lib/shim-runtime.sh"
+shim_run

package/hooks/protected-paths-bash-gate.sh

@@ -1,186 +1,83 @@
 #!/bin/bash
 # PreToolUse hook: protected-paths-bash-gate.sh
 # 0.35.0+ — Node-binary shim for `rea hook protected-paths-bash-gate`.
+# 0.38.0+ — migrated to `_lib/shim-runtime.sh` (shared runtime).
 #
-# Pre-0.35.0 this was a thin bash shim over `rea hook scan-bash --mode
-# protected` (the parser-backed AST walker that replaces the 536-line
-# pre-0.23.0 regex pipeline). The full bash body is preserved at
+# Blocking-tier Bash gate. Full bash body preserved at
 # `__tests__/hooks/parity/baselines/protected-paths-bash-gate.sh.pre-0.35.0`.
+# Migration lives in `src/hooks/protected-paths-bash-gate/index.ts`.
 #
-# This shim now resolves the CLI through the same 2-tier sandboxed
-# resolver as the 0.32.0+ pilots and calls `rea hook protected-paths-
-# bash-gate` directly — eliminating the shim → CLI → scanner-module
-# subprocess hop entirely.
+# SHIM_ENFORCE_CLI_SHAPE=1: codex round-1 P1 from 0.35.0 — enforce that
+# the resolved CLI's realpath ends in dist/cli/index.js so an attacker
+# who repoints node_modules/@bookedsolid/rea at an arbitrary in-project
+# JS file cannot execute it as the trusted gate CLI.
 #
-# Behavioral contract is preserved byte-for-byte: exit 0 on allow,
-# exit 2 on HALT / verdict block / malformed payload / sandbox fail.
+# # Relevance pre-gate (CLI-missing only)
 #
-# # CLI-resolution trust boundary
-#
-# Mirrors the 0.32.0 final shim shape.
-#
-# # Fail-closed posture
-#
-# protected-paths-bash-gate is a Tier-1 security gate. The pre-0.35.0
-# bash body refused on uncertainty. Early-exit branches fail closed
-# AFTER the relevance pre-gate passes. Irrelevant Bash calls exit 0
-# regardless of CLI state.
-#
-# # Relevance pre-gate
-#
-# Substring scan over the extracted command for any of the protected-
-# path markers: .claude/, .husky/, .rea/policy.yaml, .rea/HALT, the
-# verdict cache paths. When the CLI is missing AND none of these
-# substrings appear, exit 0 (the pre-0.35.0 bash body would have
-# allowed). When the CLI is missing AND a marker DOES match, preserve
-# fail-closed.
+# Substring scan over the extracted command for protected-path markers
+# AND any policy.protected_writes entry. When the CLI is reachable, the
+# Node body does the precise evaluation; the shim's relevance scan is
+# only consulted on fresh/unbuilt installs to preserve the pre-port
+# bash body's allow-on-no-match posture.
 
 set -uo pipefail
 
-# 1. HALT check.
 # shellcheck source=_lib/halt-check.sh
 source "$(dirname "$0")/_lib/halt-check.sh"
 check_halt
 REA_ROOT=$(rea_root)
 
-proj="${CLAUDE_PROJECT_DIR:-$REA_ROOT}"
-
-# 2. Capture stdin once.
-INPUT=$(cat)
+SHIM_NAME="protected-paths-bash-gate"
+SHIM_INTRODUCED_IN="0.35.0"
+SHIM_FAIL_OPEN=0
+SHIM_ENFORCE_CLI_SHAPE=1
+SHIM_REFUSAL_NOUN="protected-path refusal"
 
-# 3. Resolve the rea CLI through the fixed 2-tier sandboxed order.
-REA_ARGV=()
-RESOLVED_CLI_PATH=""
-if [ -f "$proj/node_modules/@bookedsolid/rea/dist/cli/index.js" ]; then
-  REA_ARGV=(node "$proj/node_modules/@bookedsolid/rea/dist/cli/index.js")
-  RESOLVED_CLI_PATH="$proj/node_modules/@bookedsolid/rea/dist/cli/index.js"
-elif [ -f "$proj/dist/cli/index.js" ]; then
-  REA_ARGV=(node "$proj/dist/cli/index.js")
-  RESOLVED_CLI_PATH="$proj/dist/cli/index.js"
-fi
-
-# 3b. Relevance pre-gate. Only used when the CLI is missing.
-if [ "${#REA_ARGV[@]}" -eq 0 ]; then
-  CLI_MISSING_CMD=""
+shim_cli_missing_relevant() {
+  local cli_missing_cmd=""
   if command -v jq >/dev/null 2>&1; then
-    CLI_MISSING_CMD=$(printf '%s' "$INPUT" | jq -r '
+    cli_missing_cmd=$(printf '%s' "$INPUT" | jq -r '
       (.tool_input.command // "") | tostring
     ' 2>/dev/null || true)
   else
-    CLI_MISSING_CMD="$INPUT"
+    cli_missing_cmd="$INPUT"
   fi
-  if [ -z "$CLI_MISSING_CMD" ]; then
-    exit 0
+  if [ -z "$cli_missing_cmd" ]; then
+    return 1
   fi
-  CLI_MISSING_RELEVANT=0
-  case "$CLI_MISSING_CMD" in
-    *".claude/"*) CLI_MISSING_RELEVANT=1 ;;
-    *".husky/"*) CLI_MISSING_RELEVANT=1 ;;
-    *".rea/policy.yaml"*) CLI_MISSING_RELEVANT=1 ;;
-    *".rea/HALT"*) CLI_MISSING_RELEVANT=1 ;;
-    *".rea/last-review"*) CLI_MISSING_RELEVANT=1 ;;
-    *".claude\\"*|*".husky\\"*|*".rea\\"*) CLI_MISSING_RELEVANT=1 ;;
+  case "$cli_missing_cmd" in
+    *".claude/"*) return 0 ;;
+    *".husky/"*) return 0 ;;
+    *".rea/policy.yaml"*) return 0 ;;
+    *".rea/HALT"*) return 0 ;;
+    *".rea/last-review"*) return 0 ;;
+    *".claude\\"*|*".husky\\"*|*".rea\\"*) return 0 ;;
   esac
-  # Codex round-1 P2 fix: scan policy.protected_writes entries too so a
-  # consumer-defined protected path isn't silently allowed when the CLI
-  # is missing. Read the policy via the same awk parser the consumer-
-  # facing relevance pre-gates use for blocked_paths.
-  if [ "$CLI_MISSING_RELEVANT" -eq 0 ]; then
-    POLICY_FILE="${REA_ROOT}/.rea/policy.yaml"
-    if [ -f "$POLICY_FILE" ]; then
-      while IFS= read -r entry; do
-        [ -z "$entry" ] && continue
-        base="$entry"
-        case "$base" in
-          */) base="${base%/}" ;;
-        esac
-        [ -z "$base" ] && continue
-        case "$CLI_MISSING_CMD" in
-          *"$base"*) CLI_MISSING_RELEVANT=1; break ;;
-        esac
-      done < <(awk '
-        /^protected_writes:/ { in_block=1; next }
-        in_block && /^[[:space:]]*-/ {
-          sub(/^[[:space:]]*-[[:space:]]*/, "")
-          gsub(/^["'\'']/, "")
-          gsub(/["'\'']$/, "")
-          print
-          next
-        }
-        in_block && /^[^[:space:]-]/ { in_block=0 }
-      ' "$POLICY_FILE" 2>/dev/null)
-    fi
-  fi
-  if [ "$CLI_MISSING_RELEVANT" -eq 0 ]; then
-    exit 0
+  # 0.37.0: route protected_writes reads through the unified
+  # policy-reader (Tier 1 CLI → Tier 2 python3 → Tier 3 awk
+  # block-form). Pre-0.37.0 the inline awk parser missed flow-form
+  # arrays (`protected_writes: [path/a, path/b]`) on CLI-missing
+  # installs.
+  local policy_file="${REA_ROOT}/.rea/policy.yaml"
+  if [ -f "$policy_file" ]; then
+    # shellcheck source=_lib/policy-reader.sh
+    source "$(dirname "$0")/_lib/policy-reader.sh"
+    local entry base
+    while IFS= read -r entry; do
+      [ -z "$entry" ] && continue
+      base="$entry"
+      case "$base" in
+        */) base="${base%/}" ;;
+      esac
+      [ -z "$base" ] && continue
+      case "$cli_missing_cmd" in
+        *"$base"*) return 0 ;;
+      esac
+    done < <(policy_reader_get_list protected_writes 2>/dev/null)
   fi
-  printf 'rea: protected-paths-bash-gate cannot run — the rea CLI is not built.\n' >&2
-  printf 'Run `pnpm install && pnpm build` (or `npm install` for a consumer install) to restore protection.\n' >&2
-  printf 'This shim fails closed because the pre-0.35.0 bash body enforced protected-path refusal without a CLI.\n' >&2
-  exit 2
-fi
-
-# 4. Realpath sandbox check.
-if ! command -v node >/dev/null 2>&1; then
-  printf 'rea: protected-paths-bash-gate cannot run — `node` is not on PATH.\n' >&2
-  printf 'Install Node 22+ (engines.node) to restore protected-path refusal.\n' >&2
-  exit 2
-fi
-
-sandbox_check=$(node -e '
-  const fs = require("fs");
-  const path = require("path");
-  const cli = process.argv[1];
-  const projDir = process.argv[2];
-  let real, realProj;
-  try { real = fs.realpathSync(cli); } catch (e) {
-    process.stdout.write("bad:realpath"); process.exit(1);
-  }
-  try { realProj = fs.realpathSync(projDir); } catch (e) {
-    process.stdout.write("bad:realpath-proj"); process.exit(1);
-  }
-  const sep = path.sep;
-  const projWithSep = realProj.endsWith(sep) ? realProj : realProj + sep;
-  if (!(real === realProj || real.startsWith(projWithSep))) {
-    process.stdout.write("bad:cli-escapes-project"); process.exit(1);
-  }
-  // Codex round-1 P1 fix: enforce dist/cli/index.js shape (see
-  // settings-protection.sh).
-  const expectedEnd = path.join("dist", "cli", "index.js");
-  if (!real.endsWith(path.sep + expectedEnd) && real !== "/" + expectedEnd) {
-    process.stdout.write("bad:cli-shape"); process.exit(1);
-  }
-  let cur = path.dirname(path.dirname(path.dirname(real)));
-  let found = false;
-  for (let i = 0; i < 20 && cur && cur !== path.dirname(cur); i += 1) {
-    const pj = path.join(cur, "package.json");
-    if (fs.existsSync(pj)) {
-      try {
-        const data = JSON.parse(fs.readFileSync(pj, "utf8"));
-        if (data && data.name === "@bookedsolid/rea") { found = true; break; }
-      } catch (e) { /* keep walking */ }
-    }
-    cur = path.dirname(cur);
-  }
-  if (!found) { process.stdout.write("bad:no-rea-pkg-json"); process.exit(1); }
-  process.stdout.write("ok");
-' -- "$RESOLVED_CLI_PATH" "$proj" 2>/dev/null)
-
-if [ "$sandbox_check" != "ok" ]; then
-  printf 'rea: protected-paths-bash-gate FAILED sandbox check (%s) — refusing.\n' "$sandbox_check" >&2
-  exit 2
-fi
-
-# 5. Version-probe.
-probe_out=$("${REA_ARGV[@]}" hook protected-paths-bash-gate --help 2>&1)
-probe_status=$?
-if [ "$probe_status" -ne 0 ] || ! printf '%s' "$probe_out" | grep -q -e 'protected-paths-bash-gate'; then
-  printf 'rea: this shim requires the `rea hook protected-paths-bash-gate` subcommand (introduced in 0.35.0).\n' >&2
-  printf 'The resolved CLI at %s does not implement it.\n' "$RESOLVED_CLI_PATH" >&2
-  printf 'Run `pnpm install` (or `npm install`) to sync the CLI; refusing in the meantime to preserve enforcement.\n' >&2
-  exit 2
-fi
+  return 1
+}
 
-# 6. Forward stdin (already captured up-front).
-printf '%s' "$INPUT" | "${REA_ARGV[@]}" hook protected-paths-bash-gate
-exit $?
+# shellcheck source=_lib/shim-runtime.sh
+source "$(dirname "$0")/_lib/shim-runtime.sh"
+shim_run