@imdeadpool/guardex 6.1.0 → 7.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +63 -39
- package/bin/multiagent-safety.js +372 -300
- package/package.json +3 -5
- package/templates/AGENTS.multiagent-safety.md +9 -82
- package/templates/claude/commands/guardex.md +6 -12
- package/templates/codex/skills/guardex/SKILL.md +18 -64
- package/templates/githooks/post-merge +39 -3
- package/templates/githooks/pre-commit +27 -193
- package/templates/githooks/pre-push +0 -0
- package/templates/scripts/agent-branch-finish.sh +70 -702
- package/templates/scripts/agent-branch-start.sh +76 -877
- package/templates/scripts/agent-worktree-prune.sh +65 -353
- package/templates/scripts/codex-agent.sh +626 -238
- package/templates/scripts/install-agent-git-hooks.sh +4 -27
- package/templates/scripts/openspec/init-change-workspace.sh +4 -50
- package/templates/scripts/openspec/init-plan-workspace.sh +48 -495
- package/templates/scripts/review-bot-watch.sh +11 -11
- package/templates/githooks/post-checkout +0 -68
|
@@ -1,68 +0,0 @@
|
|
|
1
|
-
#!/usr/bin/env bash
|
|
2
|
-
set -euo pipefail
|
|
3
|
-
|
|
4
|
-
# post-checkout <prev_head> <new_head> <branch_checkout_flag>
|
|
5
|
-
branch_checkout="${3:-0}"
|
|
6
|
-
[[ "$branch_checkout" == "1" ]] || exit 0
|
|
7
|
-
|
|
8
|
-
if [[ "${GUARDEX_ALLOW_PRIMARY_BRANCH_SWITCH:-0}" == "1" ]]; then
|
|
9
|
-
exit 0
|
|
10
|
-
fi
|
|
11
|
-
|
|
12
|
-
# Skip in secondary worktrees — only the primary checkout is guarded.
|
|
13
|
-
git_dir_abs="$(cd "$(git rev-parse --git-dir)" && pwd -P)"
|
|
14
|
-
common_dir_abs="$(cd "$(git rev-parse --git-common-dir)" && pwd -P)"
|
|
15
|
-
if [[ "$git_dir_abs" != "$common_dir_abs" ]]; then
|
|
16
|
-
exit 0
|
|
17
|
-
fi
|
|
18
|
-
|
|
19
|
-
new_branch="$(git rev-parse --abbrev-ref HEAD 2>/dev/null || true)"
|
|
20
|
-
# Parse the latest reflog entry; post-checkout writes "checkout: moving from <prev> to <new>".
|
|
21
|
-
prev_branch="$(git reflog -1 HEAD 2>/dev/null | sed -n 's/.*checkout: moving from \([^ ]*\) to .*/\1/p' || true)"
|
|
22
|
-
|
|
23
|
-
[[ -n "$prev_branch" && -n "$new_branch" && "$prev_branch" != "$new_branch" ]] || exit 0
|
|
24
|
-
|
|
25
|
-
protected_raw="${GUARDEX_PROTECTED_BRANCHES:-$(git config --get multiagent.protectedBranches || true)}"
|
|
26
|
-
[[ -n "$protected_raw" ]] || protected_raw="dev main master"
|
|
27
|
-
protected_raw="${protected_raw//,/ }"
|
|
28
|
-
|
|
29
|
-
is_protected() {
|
|
30
|
-
local branch="$1"
|
|
31
|
-
for p in $protected_raw; do
|
|
32
|
-
[[ "$branch" == "$p" ]] && return 0
|
|
33
|
-
done
|
|
34
|
-
return 1
|
|
35
|
-
}
|
|
36
|
-
|
|
37
|
-
# Only guard when moving AWAY from a protected primary branch.
|
|
38
|
-
is_protected "$prev_branch" || exit 0
|
|
39
|
-
|
|
40
|
-
is_agent=0
|
|
41
|
-
if [[ -n "${CLAUDECODE:-}" \
|
|
42
|
-
|| -n "${CLAUDE_CODE_SESSION_ID:-}" \
|
|
43
|
-
|| -n "${CODEX_THREAD_ID:-}" \
|
|
44
|
-
|| -n "${OMX_SESSION_ID:-}" \
|
|
45
|
-
|| "${CODEX_CI:-0}" == "1" ]]; then
|
|
46
|
-
is_agent=1
|
|
47
|
-
fi
|
|
48
|
-
|
|
49
|
-
echo "" >&2
|
|
50
|
-
echo "[agent-primary-branch-guard] Primary checkout switched branches." >&2
|
|
51
|
-
echo "[agent-primary-branch-guard] from: $prev_branch (protected)" >&2
|
|
52
|
-
echo "[agent-primary-branch-guard] to: $new_branch" >&2
|
|
53
|
-
echo "[agent-primary-branch-guard] The primary working tree must stay on its base/protected branch." >&2
|
|
54
|
-
echo "[agent-primary-branch-guard] Use 'git worktree add' (or scripts/agent-branch-start.sh) for feature work." >&2
|
|
55
|
-
|
|
56
|
-
if [[ "$is_agent" == "1" ]]; then
|
|
57
|
-
echo "[agent-primary-branch-guard] Agent session detected — reverting to '$prev_branch'." >&2
|
|
58
|
-
echo "[agent-primary-branch-guard] Bypass with GUARDEX_ALLOW_PRIMARY_BRANCH_SWITCH=1 if truly intentional." >&2
|
|
59
|
-
if git diff --quiet && git diff --cached --quiet; then
|
|
60
|
-
GUARDEX_ALLOW_PRIMARY_BRANCH_SWITCH=1 git checkout "$prev_branch" >/dev/null 2>&1 || true
|
|
61
|
-
echo "[agent-primary-branch-guard] Reverted to '$prev_branch'." >&2
|
|
62
|
-
else
|
|
63
|
-
echo "[agent-primary-branch-guard] Working tree dirty — auto-revert skipped." >&2
|
|
64
|
-
echo "[agent-primary-branch-guard] Fix manually: git stash && git checkout $prev_branch" >&2
|
|
65
|
-
fi
|
|
66
|
-
else
|
|
67
|
-
echo "[agent-primary-branch-guard] Bypass with GUARDEX_ALLOW_PRIMARY_BRANCH_SWITCH=1 if intentional." >&2
|
|
68
|
-
fi
|