@imdeadpool/guardex 7.0.8 → 7.0.11

package/SECURITY.md

@@ -2,7 +2,7 @@
 
 ## Supported Versions
 
-Only the latest published `guardex` version is supported for security fixes.
+Only the latest published GitGuardex CLI build is supported for security fixes.
 
 ## Reporting a Vulnerability
 

package/bin/multiagent-safety.js

@@ -7,14 +7,17 @@ const cp = require('node:child_process');
 const packageJsonPath = path.resolve(__dirname, '..', 'package.json');
 const packageJson = JSON.parse(fs.readFileSync(packageJsonPath, 'utf8'));
 
-const TOOL_NAME = 'guardex';
+const TOOL_NAME = 'gitguardex';
 const SHORT_TOOL_NAME = 'gx';
 const LEGACY_NAMES = ['guardex', 'multiagent-safety'];
 const OPENSPEC_PACKAGE = '@fission-ai/openspec';
+const OMC_PACKAGE = 'oh-my-claude-sisyphus';
+const CAVEMEM_PACKAGE = 'cavemem';
 const GLOBAL_TOOLCHAIN_PACKAGES = [
   'oh-my-codex',
-  'oh-my-claude',
+  OMC_PACKAGE,
   OPENSPEC_PACKAGE,
+  CAVEMEM_PACKAGE,
   '@imdeadpool/codex-account-switcher',
 ];
 const GH_BIN = process.env.GUARDEX_GH_BIN || 'gh';
@@ -58,9 +61,9 @@ const TEMPLATE_FILES = [
   'githooks/pre-push',
   'githooks/post-merge',
   'githooks/post-checkout',
-  'codex/skills/guardex/SKILL.md',
+  'codex/skills/gitguardex/SKILL.md',
   'codex/skills/guardex-merge-skills-to-dev/SKILL.md',
-  'claude/commands/guardex.md',
+  'claude/commands/gitguardex.md',
   'github/pull.yml.example',
   'github/workflows/cr.yml',
 ];
@@ -143,9 +146,9 @@ const MANAGED_GITIGNORE_PATHS = [
   '.githooks/post-merge',
   '.githooks/post-checkout',
   'oh-my-codex/',
-  '.codex/skills/guardex/SKILL.md',
+  '.codex/skills/gitguardex/SKILL.md',
   '.codex/skills/guardex-merge-skills-to-dev/SKILL.md',
-  '.claude/commands/guardex.md',
+  '.claude/commands/gitguardex.md',
   LOCK_FILE_RELATIVE,
 ];
 const OMX_SCAFFOLD_DIRECTORIES = [
@@ -196,7 +199,7 @@ const SUGGESTIBLE_COMMANDS = [
   'release',
 ];
 const CLI_COMMAND_DESCRIPTIONS = [
-  ['status', 'Show GuardeX CLI + service health without modifying files'],
+  ['status', 'Show GitGuardex CLI + service health without modifying files'],
   ['setup', 'Install, repair, and verify guardrails (flags: --repair, --install-only, --target)'],
   ['doctor', 'Repair drift + verify (auto-sandboxes on protected main)'],
   ['protect', 'Manage protected branches (list/add/remove/set/reset)'],
@@ -223,24 +226,20 @@ const AGENT_BOT_DESCRIPTIONS = [
   ['agents', 'Start/stop review + cleanup bots for this repo'],
 ];
 
-const AI_SETUP_PROMPT = `GuardeX (gx) setup checklist for Codex/Claude in this repo.
-
-1) Install:         npm i -g @imdeadpool/guardex && gh --version
-2) Bootstrap:       gx setup         # installs hooks/templates + verifies; prompts Y/N for global OMX/OpenSpec/codex-auth
-3) If degraded:     gx doctor        # repair + re-verify
-4) Per task:        bash scripts/codex-agent.sh "<task>" "<agent>"
-                    # or manual:
-                    #   bash scripts/agent-branch-start.sh "<task>" "<agent>"
-                    #   python3 scripts/agent-file-locks.py claim --branch "$(git rev-parse --abbrev-ref HEAD)" <file...>
-                    #   bash scripts/agent-branch-finish.sh --branch "$(git rev-parse --abbrev-ref HEAD)" --via-pr --wait-for-merge
-5) Finalize all:    gx finish --all
-6) Cleanup:         gx cleanup
-7) OpenSpec:        /opsx:propose -> /opsx:apply -> /opsx:archive   (see docs/openspec-getting-started.md)
-8) Protect:         gx protect add release staging                  (optional)
-9) Sync:            gx sync --check && gx sync                      (optional; rebase onto base)
-10) Fork sync:      cp .github/pull.yml.example .github/pull.yml    (optional; install https://github.com/apps/pull)
-11) PR review bot:  install https://github.com/apps/cr-gpt + set OPENAI_API_KEY in Actions variables (uses .github/workflows/cr.yml)
-12) GitHub repo:    enable Settings -> PRs -> Automatically delete head branches
+const AI_SETUP_PROMPT = `GitGuardex (gx) setup checklist for Codex/Claude in this repo.
+
+1) Install:    npm i -g @imdeadpool/guardex && gh --version
+2) Bootstrap:  gx setup
+3) Repair:     gx doctor
+4) Task loop:  bash scripts/codex-agent.sh "<task>" "<agent>"
+               or branch-start -> claim -> branch-finish
+5) Finish:     gx finish --all
+6) Cleanup:    gx cleanup
+7) OpenSpec:   /opsx:propose -> /opsx:apply -> /opsx:archive
+8) Optional:   gx protect add release staging
+9) Optional:   gx sync --check && gx sync
+10) Review bot: install https://github.com/apps/cr-gpt + set OPENAI_API_KEY
+11) Fork sync:  cp .github/pull.yml.example .github/pull.yml
 `;
 
 const AI_SETUP_COMMANDS = `npm i -g @imdeadpool/guardex
@@ -251,7 +250,7 @@ bash scripts/codex-agent.sh "<task>" "<agent>"
 gx finish --all
 gx cleanup
 gx protect add release staging
-gx sync
+gx sync --check && gx sync
 `;
 
 const SCORECARD_RISK_BY_CHECK = {
@@ -808,7 +807,7 @@ function ensureAgentsSnippet(repoRoot, dryRun, options = {}) {
     if (!dryRun) {
       fs.writeFileSync(agentsPath, next, 'utf8');
     }
-    return { status: 'updated', file: 'AGENTS.md', note: 'refreshed guardex-managed block' };
+    return { status: 'updated', file: 'AGENTS.md', note: 'refreshed gitguardex-managed block' };
   }
 
   if (existing.includes(AGENTS_MARKER_START)) {
@@ -839,7 +838,7 @@ function ensureManagedGitignore(repoRoot, dryRun) {
     if (!dryRun) {
       fs.writeFileSync(gitignorePath, `${managedBlock}\n`, 'utf8');
     }
-    return { status: 'created', file: '.gitignore', note: 'added guardex-managed entries' };
+    return { status: 'created', file: '.gitignore', note: 'added gitguardex-managed entries' };
   }
 
   const existing = fs.readFileSync(gitignorePath, 'utf8');
@@ -851,14 +850,14 @@ function ensureManagedGitignore(repoRoot, dryRun) {
     if (!dryRun) {
       fs.writeFileSync(gitignorePath, next, 'utf8');
     }
-    return { status: 'updated', file: '.gitignore', note: 'refreshed guardex-managed entries' };
+    return { status: 'updated', file: '.gitignore', note: 'refreshed gitguardex-managed entries' };
   }
 
   const separator = existing.endsWith('\n') ? '\n' : '\n\n';
   if (!dryRun) {
     fs.writeFileSync(gitignorePath, `${existing}${separator}${managedBlock}\n`, 'utf8');
   }
-  return { status: 'updated', file: '.gitignore', note: 'appended guardex-managed entries' };
+  return { status: 'updated', file: '.gitignore', note: 'appended gitguardex-managed entries' };
 }
 
 function configureHooks(repoRoot, dryRun) {
@@ -4717,7 +4716,7 @@ function setup(rawArgs) {
       `[${TOOL_NAME}] ✅ Global tools installed (${(globalInstallStatus.packages || []).join(', ')}).`,
     );
   } else if (globalInstallStatus.status === 'already-installed') {
-    console.log(`[${TOOL_NAME}] ✅ OMX/OpenSpec/codex-auth npm global tools already installed. Skipping.`);
+    console.log(`[${TOOL_NAME}] ✅ Companion npm global tools already installed. Skipping.`);
   } else if (globalInstallStatus.status === 'failed') {
     console.log(
       `[${TOOL_NAME}] ⚠️ Global install failed: ${globalInstallStatus.reason}\n` +

package/package.json

@@ -1,10 +1,11 @@
 {
   "name": "@imdeadpool/guardex",
-  "version": "7.0.8",
-  "description": "GuardeX: the Guardian T-Rex for your repo, with hardened multi-agent git guardrails.",
+  "version": "7.0.11",
+  "description": "GitGuardex: hardened multi-agent git guardrails for parallel agent work.",
   "license": "MIT",
   "preferGlobal": true,
   "bin": {
+    "gitguardex": "bin/multiagent-safety.js",
     "guardex": "bin/multiagent-safety.js",
     "gx": "bin/multiagent-safety.js",
     "multiagent-safety": "bin/multiagent-safety.js"
@@ -43,6 +44,7 @@
     "CONTRIBUTING.md"
   ],
   "keywords": [
+    "gitguardex",
     "guardex",
     "multi-agent",
     "git-hooks",
@@ -53,10 +55,10 @@
   "author": "recodeecom",
   "repository": {
     "type": "git",
-    "url": "git+https://github.com/recodeee/guardex.git"
+    "url": "git+https://github.com/recodeee/gitguardex.git"
   },
   "bugs": {
-    "url": "https://github.com/recodeee/guardex/issues"
+    "url": "https://github.com/recodeee/gitguardex/issues"
   },
   "homepage": "https://guardextutorial.com",
   "funding": "https://github.com/sponsors/recodeecom",

package/templates/AGENTS.multiagent-safety.md

@@ -1,21 +1,21 @@
 <!-- multiagent-safety:START -->
 ## Multi-Agent Safety Contract
 
-**Repo toggle.** Guardex is enabled by default. If the repo root `.env` sets `GUARDEX_ON=0`, `false`, `no`, or `off`, treat this entire Guardex contract as disabled for the repo and do not require Guardex worktrees, lock claims, completion flow, or OpenSpec workflow until `GUARDEX_ON` is re-enabled.
+**Repo toggle.** `GUARDEX_ON=0|false|no|off` disables this contract. `GUARDEX_ON=1|true|yes|on` re-enables it.
 
-**Isolation.** Every task runs on a dedicated `agent/*` branch + worktree. Start with `scripts/agent-branch-start.sh "<task>" "<agent-name>"`. Treat the base branch (`main`/`dev`) as read-only while an agent branch is active. Never `git checkout <branch>` on a primary working tree (including nested repos); use `git worktree add` instead. The `.githooks/post-checkout` hook auto-reverts primary-branch switches during agent sessions — bypass only with `GUARDEX_ALLOW_PRIMARY_BRANCH_SWITCH=1`.
+**Isolation.** One task = one `agent/*` branch + worktree. Start `scripts/agent-branch-start.sh "<task>" "<agent>"`. Base branches stay read-only. No `git checkout` on primary worktrees; use `git worktree add`. `.githooks/post-checkout` auto-reverts primary-branch switches unless `GUARDEX_ALLOW_PRIMARY_BRANCH_SWITCH=1`.
 
-**Ownership.** Before editing, claim files: `scripts/agent-file-locks.py claim --branch "<agent-branch>" <file...>`. Before deleting, confirm the path is in your claim. Don't edit outside your scope unless reassigned.
+**Ownership.** Claim before edits: `scripts/agent-file-locks.py claim --branch "<agent-branch>" <file...>`. Delete only claimed paths.
 
-**Handoff gate.** Post a one-line handoff note (plan/change, owned scope, intended action) before editing. Re-read the latest handoffs before replacing others' code.
+**Handoff.** Post a one-line note before edits. Re-read latest handoffs before replacing nearby work.
 
-**Completion.** Finish with `scripts/agent-branch-finish.sh --branch "<agent-branch>" --via-pr --wait-for-merge --cleanup` (or `gx finish --all`). Task is only complete when: commit pushed, PR URL recorded, state = `MERGED`, sandbox worktree pruned. If anything blocks, append a `BLOCKED:` note and stop — don't half-finish.
+**Completion.** Finish with `scripts/agent-branch-finish.sh --branch "<agent-branch>" --via-pr --wait-for-merge --cleanup` or `gx finish --all`. Done = commit pushed, PR URL recorded, state=`MERGED`, sandbox pruned. If blocked, append `BLOCKED:` and stop.
 
-**Parallel safety.** Assume other agents edit nearby. Never revert unrelated changes. Report conflicts in the handoff.
+**Parallel safety.** Never revert unrelated edits. Report conflicts.
 
-**Reporting.** Every completion handoff includes: files changed, behavior touched, verification commands + results, risks/follow-ups.
+**Reporting.** Completion handoff includes files changed, behavior touched, verification commands/results, and risks/follow-ups.
 
-**OpenSpec (when change-driven).** Keep `openspec/changes/<slug>/tasks.md` checkboxes current during work, not batched at the end. Task scaffolds and manual task edits must include an explicit final completion/cleanup section that ends with PR merge + sandbox cleanup (`gx finish --via-pr --wait-for-merge --cleanup` or `scripts/agent-branch-finish.sh ... --cleanup`) and records PR URL + final `MERGED` evidence. Verify specs with `openspec validate --specs` before archive. Don't archive unverified.
+**OpenSpec.** Keep `openspec/changes/<slug>/tasks.md` current. End task scaffolds with PR merge + sandbox cleanup evidence. Run `openspec validate --specs` before archive.
 
 **Version bumps.** If a change bumps a published version, the same PR updates release notes/changelog.
 <!-- multiagent-safety:END -->

package/templates/claude/commands/gitguardex.md

@@ -0,0 +1,5 @@
+# /gitguardex
+
+Run repo repair flow: `gx status` -> `gx doctor` -> `gx status --strict`.
+
+Report `Repo is guarded` or `Repo is not guarded` with blockers.

package/templates/codex/skills/gitguardex/SKILL.md

@@ -0,0 +1,11 @@
+---
+name: gitguardex
+description: "Repo guardrail check and repair."
+---
+
+Use when repo safety may be broken.
+
+`gx status` -> `gx doctor` -> `gx status --strict`
+
+Bootstrap: `gx setup`
+Ops: `bash scripts/codex-agent.sh "<task>" "<agent>"`, `gx finish --all`, `gx cleanup`

package/templates/scripts/openspec/init-change-workspace.sh

@@ -89,5 +89,5 @@ The system SHALL enforce ${CAPABILITY_SLUG} behavior as defined by this change.
 SPECEOF
 fi
 
-echo "[guardex] OpenSpec change workspace ready: ${CHANGE_DIR}"
-echo "[guardex] OpenSpec change spec scaffold: ${SPEC_DIR}/spec.md"
+echo "[gitguardex] OpenSpec change workspace ready: ${CHANGE_DIR}"
+echo "[gitguardex] OpenSpec change spec scaffold: ${SPEC_DIR}/spec.md"

package/templates/scripts/openspec/init-plan-workspace.sh

@@ -114,5 +114,5 @@ Role workspace for \`${role}\`.
 "
 done
 
-echo "[guardex] OpenSpec plan workspace ready: ${PLAN_DIR}"
-echo "[guardex] Roles: ${ROLES[*]}"
+echo "[gitguardex] OpenSpec plan workspace ready: ${PLAN_DIR}"
+echo "[gitguardex] Roles: ${ROLES[*]}"

package/templates/claude/commands/guardex.md

@@ -1,12 +0,0 @@
-# /guardex
-
-Run a GuardeX check-and-repair for the current repo.
-
-## Steps
-
-1. `gx status` — if green, stop.
-2. If degraded, `gx doctor`.
-3. If still degraded, `gx status --strict` and summarize each finding with a fix.
-4. Report verdict: `Repo is guarded` or `Repo is not guarded` (list blockers).
-
-Keep output short, include the exact commands you ran.

package/templates/codex/skills/guardex/SKILL.md

@@ -1,43 +0,0 @@
----
-name: guardex
-description: "Check, repair, or bootstrap multi-agent safety guardrails in this repository."
----
-
-# GuardeX (Codex skill)
-
-Use when branch safety, lock ownership, or guardrail setup may be broken.
-
-## Fast path
-
-1. `gx status` — one-glance health check.
-2. If degraded, `gx doctor` — repair + verify in one pass.
-3. If issues remain, `gx status --strict` and address each finding.
-
-## Bootstrap (missing guardrails)
-
-```sh
-gx setup      # install + repair + verify
-gx status     # confirm green
-```
-
-In a monorepo with nested git repos (top-level `.git` plus `apps/*/.git`), `gx setup` auto-installs into every discovered repo. Submodules and guardex-managed worktrees are skipped. Pass `--no-recursive` to limit to the top-level only.
-
-## Notes
-
-- Isolation: `scripts/codex-agent.sh "<task>" "<agent>"` is the one-command sandbox start/finish loop.
-- Completion: auto-finish keeps the branch until explicit `gx cleanup`.
-- Never bypass protected-branch safeguards.
-
-## Bulk finish
-
-```sh
-gx finish --all                # commit + PR + merge all ready agent/* branches
-gx cleanup                     # prune merged/stale branches and worktrees
-```
-
-If a branch fails with stale rebase/worktree state:
-
-```sh
-git -C "<worktree>" rebase --abort || true
-gx finish --branch "<agent-branch>" --cleanup
-```