@themoltnet/legreffier 0.32.1 → 0.32.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.js +28 -9
- package/package.json +4 -4
package/dist/index.js
CHANGED
|
@@ -7707,12 +7707,19 @@ function buildGhTokenRule() {
|
|
|
7707
7707
|
"",
|
|
7708
7708
|
"> **STRICT RULE — read this before every `gh` call.**",
|
|
7709
7709
|
">",
|
|
7710
|
-
"> When `GIT_CONFIG_GLOBAL` is set (matches `.moltnet/<agent>/gitconfig`),
|
|
7711
|
-
"> **MUST NOT** run bare `gh <command>`. You **MUST** prefix
|
|
7712
|
-
"> with a `GH_TOKEN` resolved from an **absolute path** to
|
|
7713
|
-
"> Running bare `gh` silently falls back to the human personal
|
|
7714
|
-
"> attributes the action to the wrong identity — this is a
|
|
7715
|
-
"> not a warning.",
|
|
7710
|
+
"> When `GIT_CONFIG_GLOBAL` is set (matches `.moltnet/<agent>/gitconfig`), the",
|
|
7711
|
+
"> default is: you **MUST NOT** run bare `gh <command>`. You **MUST** prefix",
|
|
7712
|
+
"> every `gh` call with a `GH_TOKEN` resolved from an **absolute path** to",
|
|
7713
|
+
"> `moltnet.json`. Running bare `gh` silently falls back to the human personal",
|
|
7714
|
+
"> token and attributes the action to the wrong identity — this is a",
|
|
7715
|
+
"> correctness bug, not a warning.",
|
|
7716
|
+
">",
|
|
7717
|
+
"> **Exception — `human` authorship mode**: when `MOLTNET_COMMIT_AUTHORSHIP=human`",
|
|
7718
|
+
"> in `.moltnet/<agent>/env`, `gh pr ...` and `gh issue ...` **must** run bare",
|
|
7719
|
+
"> (no `GH_TOKEN`) so the PR/issue appears as authored by the human. All other",
|
|
7720
|
+
"> `gh` calls (including `gh api repos/.../contents/...`) still require the agent",
|
|
7721
|
+
"> token. `git push` is not a `gh` call and always uses the agent token via the",
|
|
7722
|
+
"> gitconfig-configured credential helper.",
|
|
7716
7723
|
"",
|
|
7717
7724
|
"## The only correct form",
|
|
7718
7725
|
"",
|
|
@@ -7723,7 +7730,13 @@ function buildGhTokenRule() {
|
|
|
7723
7730
|
"# 2. Refuse to proceed if the file does not exist at that absolute path.",
|
|
7724
7731
|
"[ -f \"$CREDS\" ] || { echo \"FATAL: moltnet.json not found at $CREDS\" >&2; exit 1; }",
|
|
7725
7732
|
"",
|
|
7726
|
-
"# 3. Call gh with GH_TOKEN inlined.",
|
|
7733
|
+
"# 3. Call gh with GH_TOKEN inlined. Use the `moltnet` binary if it",
|
|
7734
|
+
"# is on PATH, otherwise fall back to `npx @themoltnet/cli`. Never",
|
|
7735
|
+
"# reference `$MOLTNET_CLI` here — it may be unset in ad-hoc shells",
|
|
7736
|
+
"# and expanding to empty silently swallows the subcommand, producing",
|
|
7737
|
+
"# an empty GH_TOKEN and falling back to your personal auth.",
|
|
7738
|
+
"GH_TOKEN=$(moltnet github token --credentials \"$CREDS\") gh <command>",
|
|
7739
|
+
"# or, if `moltnet` is not installed:",
|
|
7727
7740
|
"GH_TOKEN=$(npx @themoltnet/cli github token --credentials \"$CREDS\") gh <command>",
|
|
7728
7741
|
"```",
|
|
7729
7742
|
"",
|
|
@@ -7739,7 +7752,7 @@ function buildGhTokenRule() {
|
|
|
7739
7752
|
"`$(dirname \"$GIT_CONFIG_GLOBAL\")` resolves differently depending on where you are.",
|
|
7740
7753
|
"When it resolves to a non-existent directory:",
|
|
7741
7754
|
"",
|
|
7742
|
-
"- `npx @themoltnet/cli github token` prints `no credentials found` to stderr,",
|
|
7755
|
+
"- `moltnet github token` (or `npx @themoltnet/cli github token`) prints `no credentials found` to stderr,",
|
|
7743
7756
|
"- the command substitution yields an empty `GH_TOKEN`,",
|
|
7744
7757
|
"- `gh` silently falls back to your personal token,",
|
|
7745
7758
|
"- the resulting API call is attributed to the **human**, not the agent.",
|
|
@@ -7749,12 +7762,18 @@ function buildGhTokenRule() {
|
|
|
7749
7762
|
"",
|
|
7750
7763
|
"## Forbidden patterns",
|
|
7751
7764
|
"",
|
|
7752
|
-
"- `gh <command>` — bare, no `GH_TOKEN`. **Never
|
|
7765
|
+
"- `gh <command>` — bare, no `GH_TOKEN`. **Never** (except the `human` mode",
|
|
7766
|
+
" write-op carve-out for `gh pr` / `gh issue` described in the header above).",
|
|
7753
7767
|
"- `GH_TOKEN=$(... --credentials \"$(dirname \"$GIT_CONFIG_GLOBAL\")/moltnet.json\") gh ...`",
|
|
7754
7768
|
" — uses the raw relative path. Breaks in worktrees.",
|
|
7755
7769
|
"- `GH_TOKEN=$(... --credentials \"./moltnet.json\") gh ...` — relative. Breaks.",
|
|
7756
7770
|
"- `GH_TOKEN=$(... --credentials \"~/.moltnet/...\") gh ...` — `~` is not expanded",
|
|
7757
7771
|
" inside double quotes; use `$HOME` or the literal absolute path.",
|
|
7772
|
+
"- `GH_TOKEN=$($MOLTNET_CLI github token ...) gh ...` — do **not** reference the",
|
|
7773
|
+
" `$MOLTNET_CLI` variable in this rule. It is only set inside the legreffier",
|
|
7774
|
+
" skill session; in ad-hoc shells it expands to empty, the `github token`",
|
|
7775
|
+
" subcommand is swallowed, `GH_TOKEN` is empty, and `gh` silently falls back",
|
|
7776
|
+
" to the human token. Hardcode `moltnet` or `npx @themoltnet/cli`.",
|
|
7758
7777
|
"",
|
|
7759
7778
|
"## Allowed `gh` subcommands",
|
|
7760
7779
|
"",
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@themoltnet/legreffier",
|
|
3
|
-
"version": "0.32.
|
|
3
|
+
"version": "0.32.3",
|
|
4
4
|
"description": "LeGreffier — attribution and measured memory for AI coding agents.",
|
|
5
5
|
"license": "AGPL-3.0-only",
|
|
6
6
|
"type": "module",
|
|
@@ -33,10 +33,10 @@
|
|
|
33
33
|
"vite": "^8.0.0",
|
|
34
34
|
"vitest": "^3.0.0",
|
|
35
35
|
"@moltnet/api-client": "0.1.0",
|
|
36
|
+
"@themoltnet/design-system": "0.6.0",
|
|
37
|
+
"@themoltnet/github-agent": "0.23.2",
|
|
36
38
|
"@moltnet/crypto-service": "0.1.0",
|
|
37
|
-
"@themoltnet/
|
|
38
|
-
"@themoltnet/github-agent": "0.23.1",
|
|
39
|
-
"@themoltnet/sdk": "0.89.0"
|
|
39
|
+
"@themoltnet/sdk": "0.91.0"
|
|
40
40
|
},
|
|
41
41
|
"scripts": {
|
|
42
42
|
"dev": "vite build --watch",
|