@imdeadpool/guardex 5.0.11 → 5.0.13
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +60 -13
- package/bin/multiagent-safety.js +485 -60
- package/package.json +4 -4
- package/templates/AGENTS.multiagent-safety.md +19 -7
- package/templates/codex/skills/guardex/SKILL.md +48 -0
- package/templates/codex/skills/guardex-merge-skills-to-dev/SKILL.md +58 -0
- package/templates/githooks/post-merge +43 -0
- package/templates/githooks/pre-commit +24 -15
- package/templates/githooks/pre-push +3 -3
- package/templates/github/pull.yml.example +6 -0
- package/templates/github/workflows/cr.yml +21 -0
- package/templates/scripts/agent-branch-finish.sh +0 -22
- package/templates/scripts/agent-branch-start.sh +66 -1
- package/templates/scripts/codex-agent.sh +82 -27
- package/templates/scripts/openspec/init-change-workspace.sh +87 -0
package/README.md
CHANGED
|
@@ -1,8 +1,8 @@
|
|
|
1
1
|
# GuardeX — Guardian T-Rex for your repo
|
|
2
2
|
|
|
3
3
|
[](https://www.npmjs.com/package/@imdeadpool/guardex)
|
|
4
|
-
[](https://github.com/recodeee/guardex/actions/workflows/ci.yml)
|
|
5
|
+
[](https://securityscorecards.dev/viewer/?uri=github.com/recodeee/guardex)
|
|
6
6
|
|
|
7
7
|
GuardeX is a safety layer for parallel Codex/agent work in git repos.
|
|
8
8
|
|
|
@@ -17,7 +17,7 @@ Progress became **de-progressive**: more activity, less real forward movement.
|
|
|
17
17
|
|
|
18
18
|
GuardeX exists to stop that loop.
|
|
19
19
|
|
|
20
|
-
|
|
21
21
|
|
|
22
22
|
```mermaid
|
|
23
23
|
flowchart LR
|
|
@@ -62,14 +62,14 @@ python3 scripts/agent-file-locks.py claim --branch "$(git rev-parse --abbrev-ref
|
|
|
62
62
|
npm test
|
|
63
63
|
|
|
64
64
|
# 4) Finish (commit/push/PR/merge flow)
|
|
65
|
-
bash scripts/agent-branch-finish.sh --branch "$(git rev-parse --abbrev-ref HEAD)"
|
|
65
|
+
bash scripts/agent-branch-finish.sh --branch "$(git rev-parse --abbrev-ref HEAD)" --base dev --via-pr --wait-for-merge
|
|
66
66
|
|
|
67
67
|
# 5) Optional cleanup after merge
|
|
68
68
|
gx cleanup --branch "$(git rev-parse --abbrev-ref HEAD)"
|
|
69
69
|
```
|
|
70
70
|
|
|
71
71
|
If you use `scripts/codex-agent.sh`, the finish flow is auto-run after the Codex session exits.
|
|
72
|
-
It auto-commits sandbox changes, retries once after syncing if the branch moved behind base during the run, then pushes/opens PR merge flow against
|
|
72
|
+
It auto-commits sandbox changes, retries once after syncing if the branch moved behind base during the run, then pushes/opens PR merge flow against `dev`.
|
|
73
73
|
|
|
74
74
|
If you run Codex in multiple existing agent worktrees directly (for example from VS Code Source Control), finalize all completed branches with:
|
|
75
75
|
|
|
@@ -81,23 +81,23 @@ gx finish --all
|
|
|
81
81
|
|
|
82
82
|
### Setup status
|
|
83
83
|
|
|
84
|
-
|
|
85
85
|
|
|
86
86
|
### Service logs/status
|
|
87
87
|
|
|
88
|
-
|
|
89
89
|
|
|
90
90
|
### Branch/worktree start protocol
|
|
91
91
|
|
|
92
|
-
|
|
93
93
|
|
|
94
94
|
### Lock + delete guard protocol
|
|
95
95
|
|
|
96
|
-
|
|
97
97
|
|
|
98
98
|
### Real VS Code Source Control layout (exact screenshot)
|
|
99
99
|
|
|
100
|
-
|
|
101
101
|
|
|
102
102
|
## Copy-paste: common commands
|
|
103
103
|
|
|
@@ -141,7 +141,7 @@ gx cleanup --watch --interval 60
|
|
|
141
141
|
|
|
142
142
|
# scan/report
|
|
143
143
|
gx scan
|
|
144
|
-
gx report scorecard --repo github.com/
|
|
144
|
+
gx report scorecard --repo github.com/recodeee/guardex
|
|
145
145
|
```
|
|
146
146
|
|
|
147
147
|
### Continuous Codex PR monitor (local codex-auth session)
|
|
@@ -241,6 +241,40 @@ gh --version
|
|
|
241
241
|
gh auth status
|
|
242
242
|
```
|
|
243
243
|
|
|
244
|
+
## Optional GitHub Apps: fork sync + PR review
|
|
245
|
+
|
|
246
|
+
### Pull app (Probot fork sync)
|
|
247
|
+
|
|
248
|
+
GuardeX setup now installs a starter file at `.github/pull.yml.example`.
|
|
249
|
+
|
|
250
|
+
To enable fork auto-sync:
|
|
251
|
+
|
|
252
|
+
```sh
|
|
253
|
+
cp .github/pull.yml.example .github/pull.yml
|
|
254
|
+
```
|
|
255
|
+
|
|
256
|
+
Then edit `.github/pull.yml`:
|
|
257
|
+
|
|
258
|
+
- set `rules[].base` to your fork branch (`main`, `master`, or `dev`)
|
|
259
|
+
- set `rules[].upstream` to `<upstream-owner>:<branch>`
|
|
260
|
+
|
|
261
|
+
Install the app: <https://github.com/apps/pull>
|
|
262
|
+
Validate config: `https://pull.git.ci/check/<owner>/<repo>`
|
|
263
|
+
|
|
264
|
+
### CR-GPT code review app
|
|
265
|
+
|
|
266
|
+
Install app: <https://github.com/apps/cr-gpt>
|
|
267
|
+
|
|
268
|
+
`gx setup` also installs `.github/workflows/cr.yml` (GitHub Actions review workflow).
|
|
269
|
+
|
|
270
|
+
Then in your repo:
|
|
271
|
+
|
|
272
|
+
1. `Settings -> Secrets and variables -> Actions`
|
|
273
|
+
2. open `Variables`
|
|
274
|
+
3. add `OPENAI_API_KEY`
|
|
275
|
+
|
|
276
|
+
After that, the app reviews new and updated pull requests automatically.
|
|
277
|
+
|
|
244
278
|
## Companion dependency: `codex-auth` account switcher
|
|
245
279
|
|
|
246
280
|
For multi-identity Codex workflows, GuardeX pairs with
|
|
@@ -276,6 +310,8 @@ scripts/openspec/init-plan-workspace.sh
|
|
|
276
310
|
.githooks/pre-push
|
|
277
311
|
.codex/skills/guardex/SKILL.md
|
|
278
312
|
.claude/commands/guardex.md
|
|
313
|
+
.github/pull.yml.example
|
|
314
|
+
.github/workflows/cr.yml
|
|
279
315
|
.omx/state/agent-file-locks.json
|
|
280
316
|
```
|
|
281
317
|
|
|
@@ -306,10 +342,12 @@ openspec update
|
|
|
306
342
|
|
|
307
343
|
### OpenSpec in agent sub-branches
|
|
308
344
|
|
|
309
|
-
- `scripts/codex-agent.sh` enforces
|
|
310
|
-
- `scripts/agent-branch-start.sh` can
|
|
345
|
+
- `scripts/codex-agent.sh` enforces OpenSpec workspaces before it launches Codex in each sandbox branch/worktree.
|
|
346
|
+
- `scripts/agent-branch-start.sh` can scaffold both `openspec/changes/<agent-branch-slug>/` and `openspec/plan/<agent-branch-slug>/` when you set `MUSAFETY_OPENSPEC_AUTO_INIT=true`.
|
|
311
347
|
- Set `MUSAFETY_OPENSPEC_AUTO_INIT=false` (default for `agent-branch-start`) to skip branch-start auto-bootstrap.
|
|
312
348
|
- Set `MUSAFETY_OPENSPEC_PLAN_SLUG=<kebab-case-slug>` to force a specific plan workspace name.
|
|
349
|
+
- Set `MUSAFETY_OPENSPEC_CHANGE_SLUG=<kebab-case-slug>` to force a specific change workspace name.
|
|
350
|
+
- Set `MUSAFETY_OPENSPEC_CAPABILITY_SLUG=<kebab-case-slug>` to override the default capability folder used for `spec.md` scaffolding.
|
|
313
351
|
|
|
314
352
|
## Security and maintenance posture
|
|
315
353
|
|
|
@@ -328,6 +366,15 @@ npm pack --dry-run
|
|
|
328
366
|
|
|
329
367
|
## Release notes
|
|
330
368
|
|
|
369
|
+
### v5.0.13
|
|
370
|
+
|
|
371
|
+
- Bumped package version from `5.0.12` to `5.0.13` for the next npm publish.
|
|
372
|
+
|
|
373
|
+
### v5.0.12
|
|
374
|
+
|
|
375
|
+
- Bumped package version from `5.0.11` to `5.0.12` for the next npm publish.
|
|
376
|
+
- Updated repository metadata and README links to the renamed GitHub repository (`recodeee/guardex`).
|
|
377
|
+
|
|
331
378
|
### v5.0.11
|
|
332
379
|
|
|
333
380
|
- Updated the managed AGENTS contract wording to use `GX` naming and added an explicit OMX completion policy requiring commit + push + PR creation/update at task completion.
|