@bookedsolid/rea 0.9.3 → 0.10.0

package/dist/gateway/middleware/blocked-paths.js

@@ -376,6 +376,44 @@ function matchesBlockedPattern(value, pattern) {
         }
         return false;
     }
+    // Defect H (rea#79): dot-anchored patterns. A pattern whose base starts with
+    // `.` (e.g. `.rea/`, `.env`, `.husky/`) is meant to block ONLY leading-dot
+    // filesystem entries — never any path segment that happens to be spelled
+    // similarly without the dot. The previous suffix-based match let pattern
+    // `.rea/` trip on `Projects/rea/Bug Reports` (any project folder named
+    // `rea`) because `suffix.startsWith(base)` was false but the final
+    // `segs.includes(base)` fallback conflated `.rea` with `rea` through
+    // normalization downstream in some code paths. By explicitly requiring
+    // leading-dot segment equality, dot-prefixed patterns cannot bleed across
+    // the dot/no-dot boundary regardless of normalization rule drift.
+    const dotAnchored = base.startsWith('.');
+    if (dotAnchored) {
+        // Dot-anchored: segment must equal base exactly. Dir patterns also match
+        // "<base>/..." via the trailing slash marker. Never scans non-dot
+        // segments, so `Projects/rea/...` can never match `.rea/`.
+        for (let i = 0; i < segs.length; i++) {
+            const seg = segs[i];
+            if (seg === base) {
+                // Exact segment match — for a non-dir pattern this matches a FILE
+                // named exactly `.env`; for a dir pattern it matches the directory
+                // entry itself (the trailing-slash below covers its contents).
+                if (!dirPattern && i !== segs.length - 1)
+                    continue;
+                return true;
+            }
+            if (dirPattern && seg === base)
+                return true;
+        }
+        if (dirPattern) {
+            // Dir pattern: any suffix that starts with `<base>/` matches.
+            for (let i = 0; i < segs.length; i++) {
+                const suffix = segs.slice(i).join('/');
+                if (suffix === base || suffix.startsWith(`${base}/`))
+                    return true;
+            }
+        }
+        return false;
+    }
     for (let i = 0; i < segs.length; i++) {
         const suffix = segs.slice(i).join('/');
         if (suffix === base)

package/dist/gateway/middleware/policy.js

@@ -1,6 +1,48 @@
 import { AutonomyLevel, InvocationStatus, Tier } from '../../policy/types.js';
-import { classifyTool, isToolBlocked } from '../../config/tier-map.js';
+import { classifyTool, isToolBlocked, reaCommandTier } from '../../config/tier-map.js';
 import { loadPolicyAsync } from '../../policy/loader.js';
+const BASH_DISPLAY_MAX_LEN = 80;
+/** Extract the `rea <subcommand>` head from a Bash command string for display
+ * in deny messages. Returns `null` when the command is not a rea invocation. */
+function extractReaSubcommand(command) {
+    const tokens = command.trim().split(/\s+/);
+    if (tokens.length === 0)
+        return null;
+    const first = tokens[0];
+    if (first === undefined)
+        return null;
+    let idx = 0;
+    if (first === 'npx' && tokens.length >= 2 && (tokens[1] === 'rea' || tokens[1] === '@bookedsolid/rea')) {
+        idx = 2;
+    }
+    else if (first === 'rea' || first.endsWith('/rea')) {
+        idx = 1;
+    }
+    else {
+        return null;
+    }
+    const sub = tokens[idx];
+    if (sub === undefined)
+        return 'rea';
+    const sub2 = tokens[idx + 1];
+    if (sub2 !== undefined && /^[a-z][a-z-]*$/.test(sub2)) {
+        return `rea ${sub} ${sub2}`;
+    }
+    return `rea ${sub}`;
+}
+/** Build a readable `Bash: <head>` display string for deny messages. Caller
+ * is responsible for only invoking this for tool_name === 'Bash'. Uses
+ * JSON.stringify to escape hostile characters (newlines, control chars). */
+function formatBashDisplay(command, reaDisplay) {
+    if (reaDisplay !== null) {
+        return `Bash (${reaDisplay})`;
+    }
+    const trimmed = command.trim();
+    const truncated = trimmed.length > BASH_DISPLAY_MAX_LEN
+        ? `${trimmed.slice(0, BASH_DISPLAY_MAX_LEN - 1)}…`
+        : trimmed;
+    return `Bash (${JSON.stringify(truncated)})`;
+}
 /**
  * Autonomy level tier permissions:
  * - L0: Read only
@@ -48,7 +90,23 @@ export function createPolicyMiddleware(initialPolicy, gatewayConfig, baseDir) {
         }
         // SECURITY: Re-derive tier from tool_name — do NOT trust ctx.tier from prior middleware.
         // This prevents a rogue middleware from downgrading a destructive tool to read-tier.
-        const tier = classifyTool(ctx.tool_name, ctx.server_name, gatewayConfig);
+        let tier = classifyTool(ctx.tool_name, ctx.server_name, gatewayConfig);
+        // Defect E (rea#78): when the invocation is a `Bash` call whose command
+        // parses as `rea <subcommand>`, classify by subcommand instead of the
+        // generic `Write` Bash default. REA's own CLI must not be denied by REA's
+        // own middleware at the autonomy level the gate's remediation text
+        // targets. Returns null on non-rea commands so the generic tier stands.
+        let reaSubcommandDisplay = null;
+        if (ctx.tool_name === 'Bash') {
+            const command = ctx.arguments['command'];
+            if (typeof command === 'string') {
+                const subTier = reaCommandTier(command);
+                if (subTier !== null) {
+                    tier = subTier;
+                    reaSubcommandDisplay = extractReaSubcommand(command);
+                }
+            }
+        }
         ctx.tier = tier; // Overwrite with authoritative classification
         // Validate autonomy level is known
         const allowed = TIER_ALLOWED[policy.autonomy_level];
@@ -60,7 +118,14 @@ export function createPolicyMiddleware(initialPolicy, gatewayConfig, baseDir) {
         // Check autonomy level vs tier (fail-closed: deny if tier unknown)
         if (!allowed.has(tier)) {
             ctx.status = InvocationStatus.Denied;
-            ctx.error = `Autonomy level ${policy.autonomy_level} does not allow ${tier}-tier tools. Tool: ${ctx.tool_name}`;
+            // Defect E composition: when the denial is a Bash invocation, include
+            // the command head so the deny-reason is actionable. `Bash` alone tells
+            // the operator nothing about WHICH shell command tripped the gate.
+            const toolDisplay = ctx.tool_name === 'Bash' && typeof ctx.arguments['command'] === 'string'
+                ? formatBashDisplay(ctx.arguments['command'], reaSubcommandDisplay)
+                : ctx.tool_name;
+            ctx.error = `Autonomy level ${policy.autonomy_level} does not allow ${tier}-tier tools. Tool: ${toolDisplay}`;
+            ctx.metadata['reason_code'] = 'tier_exceeds_autonomy';
             return;
         }
         // Store current autonomy level in metadata for audit middleware

package/hooks/_lib/common.sh

@@ -87,7 +87,12 @@ triage_score() {
   local diff_input
   diff_input=$(cat)
   local line_count
-  line_count=$(printf '%s' "$diff_input" | grep -cE '^\+[^+]|^-[^-]' 2>/dev/null || echo "0")
+  # Defect K (rea#62) sibling: see `hooks/commit-review-gate.sh` for the
+  # full bug rationale. `|| echo "0"` captures "0\n0" on no-match, which
+  # breaks arithmetic comparisons downstream. `|| true` + bash default keeps
+  # the branch arithmetic-safe.
+  line_count=$(printf '%s' "$diff_input" | grep -cE '^\+[^+]|^-[^-]' 2>/dev/null || true)
+  line_count="${line_count:-0}"
 
   # Check for sensitive paths
   local sensitive=0

package/hooks/_lib/push-review-core.sh

@@ -435,8 +435,8 @@ pr_core_run() {
       --arg os_uid "$SKIP_OS_UID" \
       --arg os_whoami "$SKIP_OS_WHOAMI" \
       --arg os_hostname "$SKIP_OS_HOST" \
-      --arg os_pid "$SKIP_OS_PID" \
-      --arg os_ppid "$SKIP_OS_PPID" \
+      --argjson os_pid "$SKIP_OS_PID" \
+      --argjson os_ppid "$SKIP_OS_PPID" \
       --arg os_ppid_cmd "$SKIP_OS_PPID_CMD" \
       --arg os_tty "$SKIP_OS_TTY" \
       --arg os_ci "$SKIP_OS_CI" \
@@ -924,17 +924,26 @@ pr_core_run() {
     fi
   done
 
+  # Defect J (rea#61): branch-deletion guard MUST fail closed regardless of
+  # whether another refspec in the same push resolved a SOURCE_SHA. A mixed
+  # push like `git push origin safe:safe :main` iterates both refspecs; the
+  # safe refspec sets SOURCE_SHA from its local_sha, and the deletion refspec
+  # sets only HAS_DELETE=1 via its `continue` branch. If we check HAS_DELETE
+  # INSIDE the `-z SOURCE_SHA` fallback, the delete slips through unchecked.
+  # Hoist the check above the fallback so any deletion anywhere in the push
+  # blocks the entire push.
+  if [[ "$HAS_DELETE" -eq 1 ]]; then
+    {
+      printf 'PUSH BLOCKED: refspec is a branch deletion.\n'
+      printf '\n'
+      printf '  Branch deletions are sensitive operations and require explicit\n'
+      printf '  human action outside the agent. Perform the deletion manually.\n'
+      printf '\n'
+    } >&2
+    exit 2
+  fi
+
   if [[ -z "$SOURCE_SHA" || -z "$MERGE_BASE" ]]; then
-    if [[ "$HAS_DELETE" -eq 1 ]]; then
-      {
-        printf 'PUSH BLOCKED: refspec is a branch deletion.\n'
-        printf '\n'
-        printf '  Branch deletions are sensitive operations and require explicit\n'
-        printf '  human action outside the agent. Perform the deletion manually.\n'
-        printf '\n'
-      } >&2
-      exit 2
-    fi
     {
       printf 'PUSH BLOCKED: could not resolve a merge-base for any push refspec.\n'
       printf '\n'
@@ -969,8 +978,13 @@ pr_core_run() {
     exit 0
   fi
 
+  # Defect K (rea#62): `grep -c ... || echo "0"` captures `0\n0` when grep
+  # exits non-zero on no-match — grep still prints its own `0` to stdout before
+  # exiting, and the `|| echo "0"` branch appends another. `|| true` swallows
+  # the non-zero exit, and `${LINE_COUNT:-0}` defaults an empty result to 0.
   local LINE_COUNT
-  LINE_COUNT=$(printf '%s' "$DIFF_FULL" | grep -cE '^\+[^+]|^-[^-]' 2>/dev/null || echo "0")
+  LINE_COUNT=$(printf '%s' "$DIFF_FULL" | grep -cE '^\+[^+]|^-[^-]' 2>/dev/null || true)
+  LINE_COUNT="${LINE_COUNT:-0}"
 
   # ── 7a. Protected-path Codex adversarial review gate ──────────────────────
   # The per-refspec check runs inside the main loop (section 7, above) so
@@ -981,8 +995,36 @@ pr_core_run() {
   # refspec was either clean or had an acceptable audit.
 
   # ── 8. Check review cache ─────────────────────────────────────────────────
-  local PUSH_SHA
-  PUSH_SHA=$(printf '%s' "$DIFF_FULL" | shasum -a 256 | cut -d' ' -f1 2>/dev/null || echo "")
+  # Defect L (rea#63): `shasum` is not installed on Alpine, distroless, or
+  # most minimal Linux CI images — only `sha256sum` is. The prior `shasum -a
+  # 256 ... || echo ""` chain silently produced an empty PUSH_SHA, which the
+  # rest of the gate treats as "no cache entry" rather than "hasher missing".
+  # Combined with the silent-cache-miss fallback (Defect F), every push from
+  # such a runner burned a full fresh codex review invisibly.
+  #
+  # Portable chain: sha256sum → shasum → openssl. The openssl branch uses
+  # `awk '{print $NF}'` WITHOUT `-r` — `-r` was added in OpenSSL 3.0 /
+  # LibreSSL 3.3+; on OpenSSL 1.1.1 (Debian 11, Ubuntu 20.04, RHEL 8,
+  # Amazon Linux 2, Alpine 3.13–3.14) `-r` is rejected and stdout is empty.
+  # `$NF` handles BOTH default output shapes: `(stdin)= <hex>` (1.1.x) and
+  # `<hex> *stdin` (3.x/LibreSSL coreutils-style).
+  #
+  # Hex-64 validation catches broken pipes, partial reads, or unexpected
+  # hasher output that would otherwise be silently cached as garbage.
+  local PUSH_SHA=""
+  if command -v sha256sum >/dev/null 2>&1; then
+    PUSH_SHA=$(printf '%s' "$DIFF_FULL" | sha256sum 2>/dev/null | awk '{print $1}')
+  elif command -v shasum >/dev/null 2>&1; then
+    PUSH_SHA=$(printf '%s' "$DIFF_FULL" | shasum -a 256 2>/dev/null | awk '{print $1}')
+  elif command -v openssl >/dev/null 2>&1; then
+    PUSH_SHA=$(printf '%s' "$DIFF_FULL" | openssl dgst -sha256 2>/dev/null | awk '{print $NF}')
+  else
+    printf 'rea push-review: WARN no sha256 hasher found (sha256sum/shasum/openssl); cache disabled\n' >&2
+  fi
+  if [[ -n "$PUSH_SHA" && ! "$PUSH_SHA" =~ ^[0-9a-f]{64}$ ]]; then
+    printf 'rea push-review: WARN hasher returned invalid output; cache disabled\n' >&2
+    PUSH_SHA=""
+  fi
 
   local -a REA_CLI_ARGS
   REA_CLI_ARGS=()
@@ -1017,8 +1059,45 @@ pr_core_run() {
   fi
 
   if [[ -n "$PUSH_SHA" ]] && [[ ${#REA_CLI_ARGS[@]} -gt 0 ]]; then
+    # Defect F (rea#75): distinguish cache-miss from cache-error. Prior version
+    # swallowed all non-zero exits and stderr into a silent `{hit:false}`, which
+    # masked Defect A (0.9.2 `node <shim>` SyntaxError) for weeks. Now we
+    # capture stderr + exit code separately and emit a visible WARN with an
+    # actionable filename when the CLI failed.
     local CACHE_RESULT
-    CACHE_RESULT=$("${REA_CLI_ARGS[@]}" cache check "$PUSH_SHA" --branch "$SOURCE_BRANCH" --base "$TARGET_BRANCH" 2>/dev/null || echo '{"hit":false}')
+    local CACHE_STDOUT=""
+    local CACHE_STDERR_FILE
+    # SECURITY (Codex LOW 4): require mktemp. A predictable /tmp path like
+    # /tmp/rea-cache-err.$PID is a TOCTOU attack surface on shared hosts —
+    # another user can pre-create a symlink from that name to a file they
+    # want us to clobber. If mktemp is unavailable, fail loudly rather than
+    # silently falling back to a predictable path.
+    if ! CACHE_STDERR_FILE=$(mktemp -t rea-cache-err.XXXXXX 2>/dev/null); then
+      printf 'rea push-review: mktemp unavailable; cannot capture cache-check stderr. Aborting.\n' >&2
+      return 2
+    fi
+    local CACHE_EXIT=0
+    CACHE_STDOUT=$("${REA_CLI_ARGS[@]}" cache check "$PUSH_SHA" --branch "$SOURCE_BRANCH" --base "$TARGET_BRANCH" 2>"$CACHE_STDERR_FILE") || CACHE_EXIT=$?
+    local CACHE_STDERR=""
+    CACHE_STDERR=$(cat "$CACHE_STDERR_FILE" 2>/dev/null || true)
+    rm -f "$CACHE_STDERR_FILE"
+    if [[ "$CACHE_EXIT" -ne 0 ]]; then
+      # SECURITY (Codex LOW 5): strip C0/C1 control characters from CLI
+      # stderr before echoing to the terminal. A tampered dist/ or hostile
+      # CLI could otherwise emit OSC/CSI sequences that rewrite lines above
+      # the deny message and mislead the operator. We strip both C0 + DEL
+      # AND C1 (0x80-0x9F) — some terminal emulators still honor bare C1
+      # bytes as CSI introducers (0x9B) or OSC (0x9D).
+      local CACHE_STDERR_SAFE
+      CACHE_STDERR_SAFE=$(printf '%s' "$CACHE_STDERR" | LC_ALL=C tr -d '\000-\037\177\200-\237')
+      printf 'rea push-review: CACHE CHECK FAILED (exit=%d): %s\n' "$CACHE_EXIT" "$CACHE_STDERR_SAFE" >&2
+      printf 'rea push-review: treating as miss; file bookedsolidtech/rea issue if unexpected.\n' >&2
+      CACHE_RESULT='{"hit":false,"reason":"query_error"}'
+    elif [[ -z "$CACHE_STDOUT" ]]; then
+      CACHE_RESULT='{"hit":false,"reason":"cold"}'
+    else
+      CACHE_RESULT="$CACHE_STDOUT"
+    fi
     # Require BOTH hit == true AND result == "pass". A cached `fail` verdict
     # (Codex 0.8.0 pass-2 finding #1) must NOT satisfy the gate — cache.ts
     # serializes `result` verbatim, so a negative verdict would otherwise
@@ -1037,8 +1116,10 @@ pr_core_run() {
   fi
 
   # ── 9. Block and request review ───────────────────────────────────────────
+  # Defect K (rea#62): same `0\n0` bug as LINE_COUNT above.
   local FILE_COUNT
-  FILE_COUNT=$(printf '%s' "$DIFF_FULL" | grep -c '^\+\+\+ ' 2>/dev/null || echo "0")
+  FILE_COUNT=$(printf '%s' "$DIFF_FULL" | grep -c '^\+\+\+ ' 2>/dev/null || true)
+  FILE_COUNT="${FILE_COUNT:-0}"
 
   {
     printf 'PUSH REVIEW GATE: Review required before pushing\n'
@@ -1050,8 +1131,23 @@ pr_core_run() {
     printf '  Action required:\n'
     printf '  1. Spawn a code-reviewer agent to review: git diff %s..%s\n' "$MERGE_BASE" "$SOURCE_SHA"
     printf '  2. Spawn a security-engineer agent for security review\n'
-    printf '  3. After both pass, cache the result:\n'
-    printf '     rea cache set %s pass --branch %s --base %s\n' "$PUSH_SHA" "$SOURCE_BRANCH" "$TARGET_BRANCH"
+    # Defect L (rea#63) follow-up: when no sha256 hasher is available the
+    # cache is disabled and PUSH_SHA is empty. Emitting `rea cache set <blank>
+    # pass ...` would be a dead-end — the CLI rejects the empty positional.
+    # Print an alternate completion path in that case. The Codex-adversarial
+    # review concerns list flagged this UX cliff in the 0.9.4 pass.
+    if [[ -n "$PUSH_SHA" ]]; then
+      printf '  3. After both pass, cache the result:\n'
+      printf '     rea cache set %s pass --branch %s --base %s\n' "$PUSH_SHA" "$SOURCE_BRANCH" "$TARGET_BRANCH"
+    else
+      printf '  3. Cache is DISABLED on this host (no sha256 hasher found).\n'
+      printf '     After both reviews pass, bypass the push-review gate with:\n'
+      printf '       REA_SKIP_PUSH_REVIEW="<reason>" git push ...\n'
+      printf '     The bypass is audited as push.review.skipped — this is the\n'
+      printf '     documented escape hatch when cache is unavailable.\n'
+      printf '     To restore the cache path, install one of: sha256sum,\n'
+      printf '     shasum (Perl Digest::SHA), or openssl.\n'
+    fi
     printf '\n'
   } >&2
   exit 2

package/hooks/commit-review-gate.sh

@@ -114,7 +114,16 @@ if [[ -z "$DIFF_OUTPUT" ]]; then
 fi
 
 # Count changed lines (additions + deletions)
-LINE_COUNT=$(printf '%s' "$DIFF_FULL" | grep -cE '^\+[^+]|^-[^-]' 2>/dev/null || echo "0")
+# Defect K (rea#62) sibling: `|| echo "0"` captures "0\n0" into LINE_COUNT
+# when grep exits non-zero on a no-match — grep still prints its own `0` and
+# `echo "0"` appends another. At this site the concatenated `"0\n0"` is then
+# evaluated as arithmetic (`-gt $SIGNIFICANT_THRESHOLD`, `-ge $TRIVIAL_THRESHOLD`
+# below) and bash emits a "syntax error in expression" at runtime on any
+# rename-only / mode-only / empty-file-add diff. `|| true` + bash-default
+# expansion fixes both the banner cosmetic and the arithmetic-unsafe control
+# flow in one shot.
+LINE_COUNT=$(printf '%s' "$DIFF_FULL" | grep -cE '^\+[^+]|^-[^-]' 2>/dev/null || true)
+LINE_COUNT="${LINE_COUNT:-0}"
 
 # Check for sensitive paths
 SENSITIVE=0
@@ -162,17 +171,103 @@ fi
 
 # ── 10. Check review cache for all non-trivial commits ────────────────────────
 # Compute SHA and branch here so both standard and significant tiers share them.
-STAGED_SHA=$(cd "$REA_ROOT" && git diff --cached | shasum -a 256 | cut -d' ' -f1 2>/dev/null || echo "")
+#
+# Defect L (rea#63) sibling: `shasum` is not installed on Alpine, distroless,
+# or most minimal Linux CI images — only `sha256sum` is. The prior chain
+# silently produced an empty STAGED_SHA, which the cache block then skipped
+# AND the banner at §11 rendered as `rea cache set  pass` — a dead-end the
+# agent cannot execute. Portable chain mirrors push-review-core.sh §8:
+# sha256sum → shasum → openssl. The openssl branch uses `awk '{print $NF}'`
+# WITHOUT `-r` to stay compatible with OpenSSL 1.1.x (Debian 11, Ubuntu
+# 20.04, RHEL 8, Amazon Linux 2, Alpine 3.13–3.14).
+STAGED_SHA=""
+if command -v sha256sum >/dev/null 2>&1; then
+  STAGED_SHA=$(printf '%s' "$DIFF_FULL" | sha256sum 2>/dev/null | awk '{print $1}')
+elif command -v shasum >/dev/null 2>&1; then
+  STAGED_SHA=$(printf '%s' "$DIFF_FULL" | shasum -a 256 2>/dev/null | awk '{print $1}')
+elif command -v openssl >/dev/null 2>&1; then
+  STAGED_SHA=$(printf '%s' "$DIFF_FULL" | openssl dgst -sha256 2>/dev/null | awk '{print $NF}')
+else
+  printf 'rea commit-review: WARN no sha256 hasher found (sha256sum/shasum/openssl); cache disabled\n' >&2
+fi
+if [[ -n "$STAGED_SHA" && ! "$STAGED_SHA" =~ ^[0-9a-f]{64}$ ]]; then
+  printf 'rea commit-review: WARN hasher returned invalid output; cache disabled\n' >&2
+  STAGED_SHA=""
+fi
 BRANCH=$(cd "$REA_ROOT" && git branch --show-current 2>/dev/null || echo "")
 CACHE_FILE="${REA_ROOT}/.rea/review-cache.json"
 
+# Codex pass-3 finding #1: `rea cache check` and `rea cache set` both declare
+# `--base` as a `requiredOption` in src/cli/index.ts. Prior versions of this
+# gate omitted `--base`, so (a) the CLI path exited non-zero and the
+# `|| echo '{"hit":false}'` fallback quietly masked the contract error, and
+# (b) the section-11 banner instructed the agent to run `rea cache set <sha>
+# pass` — also missing `--base`, rejected by the CLI on every retry. A
+# successful cache flow was unreachable.
+#
+# Resolve BASE_BRANCH by the same preference order the push-gate uses in
+# push-review-core.sh §7 (lines 778-794): origin/HEAD → origin/main →
+# origin/master → empty. If nothing resolves, disable the cache (the
+# alternative is emitting a cache command the CLI rejects on every call).
+BASE_BRANCH=""
+_origin_head=$(cd "$REA_ROOT" && git symbolic-ref refs/remotes/origin/HEAD 2>/dev/null || true)
+if [[ -n "$_origin_head" ]]; then
+  BASE_BRANCH="${_origin_head#refs/remotes/origin/}"
+fi
+if [[ -z "$BASE_BRANCH" ]]; then
+  # Use `git -C` so the current-shell cwd is never mutated — matches the
+  # cross-repo guard at §1a and keeps the file's dominant idiom. Raw
+  # `cd "$REA_ROOT" && git …` would leave the hook process sitting in
+  # $REA_ROOT, which is safe today but breaks silently if a future edit
+  # adds a relative-path command downstream.
+  if git -C "$REA_ROOT" rev-parse --verify --quiet refs/remotes/origin/main >/dev/null 2>&1; then
+    BASE_BRANCH="main"
+  elif git -C "$REA_ROOT" rev-parse --verify --quiet refs/remotes/origin/master >/dev/null 2>&1; then
+    BASE_BRANCH="master"
+  fi
+fi
+if [[ -z "$BASE_BRANCH" && -n "$STAGED_SHA" ]]; then
+  printf 'rea commit-review: WARN could not resolve base branch (no origin/HEAD, no origin/main, no origin/master); cache disabled\n' >&2
+  STAGED_SHA=""
+fi
+unset _origin_head
+
 if [[ -n "$STAGED_SHA" ]]; then
   CACHE_HIT=false
 
-  # Primary: use CLI when available — handles TTL, expiry, and branch-scoped keys
+  # Primary: use CLI when available — handles TTL, expiry, and branch-scoped keys.
+  # Cache predicate must require BOTH `.hit == true` AND `.result == "pass"` —
+  # a cached `fail` verdict would otherwise satisfy `.hit == true` and let the
+  # commit proceed despite a recorded negative review. Mirrors the push-gate
+  # predicate at push-review-core.sh §8; the §218-226 direct-cache fallback
+  # already enforces `result == "pass"`, so the two paths must agree.
   if [[ ${#REA_CLI_ARGS[@]} -gt 0 ]]; then
-    CACHE_RESULT=$("${REA_CLI_ARGS[@]}" cache check "$STAGED_SHA" --branch "$BRANCH" 2>/dev/null || echo '{"hit":false}')
-    if printf '%s' "$CACHE_RESULT" | jq -e '.hit == true' >/dev/null 2>&1; then
+    # Defect F (rea#75): surface cache-query errors instead of treating them as
+    # legitimate misses. See hooks/_lib/push-review-core.sh for the rationale.
+    # SECURITY (Codex LOW 4): require mktemp. Predictable /tmp paths are a
+    # TOCTOU surface on shared hosts; fall-loud instead of fall-back.
+    if ! CACHE_STDERR_FILE=$(mktemp -t rea-commit-cache-err.XXXXXX 2>/dev/null); then
+      printf 'rea commit-review: mktemp unavailable; cannot capture cache-check stderr. Aborting.\n' >&2
+      exit 2
+    fi
+    CACHE_EXIT=0
+    CACHE_STDOUT=$("${REA_CLI_ARGS[@]}" cache check "$STAGED_SHA" --branch "$BRANCH" --base "$BASE_BRANCH" 2>"$CACHE_STDERR_FILE") || CACHE_EXIT=$?
+    CACHE_STDERR=$(cat "$CACHE_STDERR_FILE" 2>/dev/null || true)
+    rm -f "$CACHE_STDERR_FILE"
+    if [[ "$CACHE_EXIT" -ne 0 ]]; then
+      # SECURITY (Codex LOW 5): strip C0/C1 control chars before echoing CLI
+      # stderr. Includes 0x80-0x9F because some terminals interpret bare C1
+      # bytes (CSI 0x9B, OSC 0x9D) as escape introducers.
+      CACHE_STDERR_SAFE=$(printf '%s' "$CACHE_STDERR" | LC_ALL=C tr -d '\000-\037\177\200-\237')
+      printf 'rea commit-review: CACHE CHECK FAILED (exit=%d): %s\n' "$CACHE_EXIT" "$CACHE_STDERR_SAFE" >&2
+      printf 'rea commit-review: treating as miss; file bookedsolidtech/rea issue if unexpected.\n' >&2
+      CACHE_RESULT='{"hit":false,"reason":"query_error"}'
+    elif [[ -z "$CACHE_STDOUT" ]]; then
+      CACHE_RESULT='{"hit":false,"reason":"cold"}'
+    else
+      CACHE_RESULT="$CACHE_STDOUT"
+    fi
+    if printf '%s' "$CACHE_RESULT" | jq -e '.hit == true and .result == "pass"' >/dev/null 2>&1; then
       CACHE_HIT=true
     fi
   fi
@@ -210,8 +305,25 @@ fi
   printf '  1. Inspect:  git diff --cached\n'
   printf '  2. Decide:   Is this safe to commit? (initial commits, refactors, and\n'
   printf '               feature work are normal — use judgement, not ceremony)\n'
-  printf '  3. Approve:  rea cache set %s pass\n' "$STAGED_SHA"
-  printf '  4. Retry the git commit command\n'
+  # Defect L follow-up: when no sha256 hasher is available STAGED_SHA is empty
+  # and `rea cache set  pass` is a dead-end the CLI rejects. Branch the banner
+  # to surface an actionable path instead. Unlike push-review-core.sh there is
+  # no `REA_SKIP_COMMIT_REVIEW` env escape hatch (the commit gate only fires
+  # under Claude Code's Bash `PreToolUse` matcher, so a human direct-shell
+  # commit bypasses it entirely). The only remediation is to install a sha256
+  # hasher or ask the user to commit directly.
+  if [[ -n "$STAGED_SHA" ]]; then
+    printf '  3. Approve:  rea cache set %s pass --branch %s --base %s\n' \
+      "$STAGED_SHA" "$BRANCH" "$BASE_BRANCH"
+    printf '  4. Retry the git commit command\n'
+  else
+    printf '  3. Cache is DISABLED on this host (no sha256 hasher or no base\n'
+    printf '     branch resolvable). Install one of: sha256sum (Linux coreutils),\n'
+    printf '     shasum (perl-core), or openssl; or ensure origin/HEAD is set so\n'
+    printf '     the gate can identify the merge target. Without these the cache\n'
+    printf '     path cannot complete — escalate to the user if neither can be\n'
+    printf '     provided.\n'
+  fi
   printf '\n'
   printf '  Only escalate to the user if you find a genuine problem in the diff.\n'
 } >&2