@miller-tech/uap 1.26.2 → 1.26.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/package.json +1 -1
  2. package/templates/hooks/uap-policy-gate.sh +25 -4
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@miller-tech/uap",
3
- "version": "1.26.2",
3
+ "version": "1.26.3",
4
4
  "description": "Autonomous AI agent memory system with CLAUDE.md protocol enforcement",
5
5
  "type": "module",
6
6
  "main": "dist/index.js",
package/templates/hooks/uap-policy-gate.sh CHANGED
@@ -4,21 +4,42 @@
4
4
  set -euo pipefail
5
5
 
6
6
  PAYLOAD="$(cat)"
7
- REPO_ROOT="$(git rev-parse --show-toplevel 2>/dev/null || pwd)"
8
- cd "$REPO_ROOT"
7
+ HOOK_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
8
+
9
+ # Resolve two roots:
10
+ # CHECKOUT_ROOT — the current working tree (a worktree under .worktrees/, or the
11
+ # main checkout). git-based enforcers run their `git diff` here.
12
+ # MAIN_ROOT — the main checkout that holds RUNTIME data. policies.db and the
13
+ # .policy-tools/ enforcers live ONLY here (policies.db is gitignored
14
+ # and is never copied into worktrees).
15
+ # Previously the DB path was resolved against the checkout root, so when a tool ran
16
+ # from inside a worktree the gate found no policies.db and silently skipped ALL
17
+ # policy enforcement. Anchor DB + enforcer paths to MAIN_ROOT to fix that, while
18
+ # keeping the enforcer working directory on the actual working tree.
19
+ CHECKOUT_ROOT="$(git rev-parse --show-toplevel 2>/dev/null || true)"
20
+ [[ -z "$CHECKOUT_ROOT" ]] && CHECKOUT_ROOT="$(cd "$HOOK_DIR/../.." 2>/dev/null && pwd || pwd)"
21
+ MAIN_ROOT="${CHECKOUT_ROOT%%/.worktrees/*}"
22
+
23
+ # Anchor enforcers to MAIN_ROOT via _common.repo_root(). This is the project root
24
+ # that *contains* the worktrees, so path-relative enforcers reason correctly from
25
+ # any cwd — e.g. worktree-required sees an edit as ".worktrees/NNN/..." (allow)
26
+ # instead of, when run from inside a worktree, resolving repo_root to the worktree
27
+ # itself and mis-flagging a legitimate worktree edit as a root edit (false block).
28
+ export UAP_REPO_ROOT="$MAIN_ROOT"
29
+ cd "$MAIN_ROOT"
9
30
 
10
31
  TOOL="$(printf '%s' "$PAYLOAD" | python3 -c 'import json,sys; d=json.load(sys.stdin); print(d.get("tool_name") or d.get("tool") or "")' 2>/dev/null || true)"
11
32
  ARGS="$(printf '%s' "$PAYLOAD" | python3 -c 'import json,sys; d=json.load(sys.stdin); print(json.dumps(d.get("tool_input") or d.get("args") or {}))' 2>/dev/null || echo '{}')"
12
33
 
13
34
  [[ -z "$TOOL" ]] && exit 0
14
35
 
15
- DB="agents/data/memory/policies.db"
36
+ DB="$MAIN_ROOT/agents/data/memory/policies.db"
16
37
  [[ ! -f "$DB" ]] && exit 0
17
38
 
18
39
  # Iterate active policies with attached executable tools
19
40
  while IFS='|' read -r pid pname tool; do
20
41
  [[ -z "$pid" ]] && continue
21
- enforcer=".policy-tools/${pid}_${tool}.py"
42
+ enforcer="$MAIN_ROOT/.policy-tools/${pid}_${tool}.py"
22
43
  [[ ! -f "$enforcer" ]] && continue
23
44
  out="$(python3 "$enforcer" --operation "$TOOL" --args "$ARGS" 2>/dev/null || true)"
24
45
  allowed="$(printf '%s' "$out" | python3 -c 'import json,sys;