@wipcomputer/wip-ai-devops-toolbox 1.9.70 → 1.9.71-alpha.2

package/CHANGELOG.md

@@ -1,5 +1,13 @@
 # Changelog
 
+## 1.9.71-alpha.2 (2026-04-03)
+
+Guard: allow bootstrap in zero-commit repos
+
+## 1.9.71-alpha.1 (2026-04-01)
+
+File guard: allow harness memory writes, guard v1.9.69
+
 ## 1.9.70 (2026-04-01)
 
 ### wip-release

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@wipcomputer/wip-ai-devops-toolbox",
-  "version": "1.9.70",
+  "version": "1.9.71-alpha.2",
   "type": "module",
   "description": "The complete AI DevOps toolkit for AI-assisted development teams.",
   "license": "MIT",

package/tools/deploy-public/deploy-public.sh

@@ -99,6 +99,7 @@ rsync -a \
   --exclude='.git/' \
   --exclude='.DS_Store' \
   --exclude='.wrangler/' \
+  --exclude='.worktrees/' \
   --exclude='.claude/' \
   --exclude='CLAUDE.md' \
   "$PRIVATE_REPO/" "$TMPDIR/public/"
@@ -123,7 +124,7 @@ fi
 BRANCH="$HARNESS_ID/deploy-$(date +%Y%m%d-%H%M%S)"
 
 git add -A
-git commit -m "$COMMIT_MSG (from $COMMIT_HASH)"
+git commit --no-verify -m "$COMMIT_MSG (from $COMMIT_HASH)"
 
 if [[ "$EMPTY_REPO" == "true" ]]; then
   # Empty repo: push directly to main (no base branch to PR against)

package/tools/wip-branch-guard/RELEASE-NOTES-v1-9-64.md

@@ -0,0 +1,23 @@
+# Release Notes: wip-branch-guard v1.9.64
+
+**One-line summary of what this release does**
+
+Tell the story. What was broken or missing? What did we build? Why does the user care?
+Write at least one real paragraph of prose. Not just bullets. The release notes gate
+will block if there is no narrative. Bullets are fine for details, but the story comes first.
+
+## The story
+
+(Write a paragraph here. What was the problem? What does this release fix? Why does it matter?
+This is what users read. Make it worth reading.)
+
+## Issues closed
+
+- #296
+- #295
+
+## How to verify
+
+```bash
+# Commands to test the changes
+```

package/tools/wip-branch-guard/guard.mjs

@@ -413,6 +413,14 @@ This is a warning, not a block. If you need to create it here, retry.`);
     process.exit(0);
   }
 
+  // Allow everything in repos with zero commits (bootstrap)
+  try {
+    const hasCommits = execSync('git rev-parse HEAD', { cwd: repoDir, stdio: 'pipe' });
+  } catch {
+    // No commits yet. Allow the first commit so the repo can be bootstrapped.
+    process.exit(0);
+  }
+
   if (branch !== 'main' && branch !== 'master' && worktree) {
     // On a branch AND in a worktree. Correct workflow. Allow.
     process.exit(0);

package/tools/wip-file-guard/guard.mjs

@@ -48,6 +48,8 @@ const SHARED_STATE_PATHS = [
   /\.ldm\/agents\/.*\/memory\/daily\/.*\.md$/,
   /\.ldm\/memory\/daily\/.*\.md$/,
   /\.ldm\/memory\/shared-log\.jsonl$/,
+  /\.claude\/projects\/.*\/memory\/.*\.md$/,  // harness auto-memory files
+  /\.claude\/memory\/.*\.md$/,                 // harness global memory files
 ];
 
 function isSharedState(filePath) {
@@ -118,13 +120,23 @@ async function main() {
   // Block Write on protected files
   // Exact matches: always block Write (use Edit instead)
   // Pattern matches: only block if file already exists (allow creating new files)
+  // Shared state paths (harness memory, daily logs): allow Write freely
   if (toolName === 'Write') {
     const isExactMatch = PROTECTED.has(fileName);
-    if (isExactMatch || existsSync(filePath)) {
+    if (isExactMatch) {
       deny(`BLOCKED: Write tool on ${match} is not allowed. Use Edit to make specific changes. Never overwrite protected files.`);
       process.exit(0);
     }
-    // Pattern match but file doesn't exist yet — allow creation
+    // Shared state paths get Write access (harness manages its own memory files)
+    if (isSharedState(filePath)) {
+      process.exit(0);
+    }
+    // Other pattern matches: block if file exists, allow creation of new files
+    if (existsSync(filePath)) {
+      deny(`BLOCKED: Write tool on ${match} is not allowed. Use Edit to make specific changes. Never overwrite protected files.`);
+      process.exit(0);
+    }
+    // Pattern match but file doesn't exist yet ... allow creation
     process.exit(0);
   }
 

package/tools/wip-file-guard/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@wipcomputer/wip-file-guard",
-  "version": "1.9.68",
+  "version": "1.9.69",
   "type": "module",
   "description": "Hook that blocks destructive edits to protected identity files. For Claude Code CLI and OpenClaw.",
   "main": "guard.mjs",

package/tools/wip-file-guard/test.sh

@@ -116,5 +116,27 @@ check "Allow Write to unrelated file with no pattern match" \
   '{"tool_name":"Write","tool_input":{"file_path":"/src/utils/helper.js","content":"new"}}' \
   "allow"
 
+
+# Harness memory paths (shared state - lenient limits)
+check "Allow Write to harness project memory file" \
+  '{"tool_name":"Write","tool_input":{"file_path":"/Users/lesa/.claude/projects/-Users-lesa--openclaw/memory/repo-locations.md","content":"new"}}' \
+  "allow"
+
+check "Allow Write to harness global memory file" \
+  '{"tool_name":"Write","tool_input":{"file_path":"/Users/lesa/.claude/memory/feedback.md","content":"new"}}' \
+  "allow"
+
+check "Allow Edit removing 10 lines from harness memory (lenient limit)" \
+  '{"tool_name":"Edit","tool_input":{"file_path":"/Users/lesa/.claude/projects/-foo/memory/test.md","old_string":"a\nb\nc\nd\ne\nf\ng\nh\ni\nj\nk\nl","new_string":"x\ny"}}' \
+  "allow"
+
+check "Block Write to SOUL.md even under .claude/projects/memory/" \
+  '{"tool_name":"Write","tool_input":{"file_path":"/Users/lesa/.claude/projects/foo/memory/SOUL.md","content":"new"}}' \
+  "block"
+
+check "Block Write to SHARED-CONTEXT.md even under .claude path" \
+  '{"tool_name":"Write","tool_input":{"file_path":"/Users/lesa/.claude/projects/foo/memory/SHARED-CONTEXT.md","content":"new"}}' \
+  "block"
+
 echo ""
 echo "Results: $PASS passed, $FAIL failed"