npm - adversarial-review-gate - Versions diffs - 2.1.0 → 2.1.1 - Mend

adversarial-review-gate 2.1.0 → 2.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "adversarial-review-gate",
-  "version": "2.1.0",
+  "version": "2.1.1",
   "description": "NodeJS multi-tool adversarial review gate for coding agents.",
   "type": "module",
   "bin": {

package/src/core/gate.js CHANGED Viewed

@@ -304,10 +304,15 @@ function baseNameOf(canonical) {
 // changed file. Returns null when coverage is acceptable, or an error reason.
 //
 // Both the verdict's `coverage.files_examined` citations and the reviewable
-// changed-file paths are CANONICALIZED before comparison (see canonicalizePath),
-// and a changed file is considered covered if EITHER its full canonical path OR
-// its basename appears in the examined set. This prevents a real PASS from
-// BLOCKing merely because the reviewer cited a different path FORM.
+// changed-file paths are CANONICALIZED before comparison (see canonicalizePath).
+// A changed file is considered covered if its full canonical path appears in the
+// examined set, OR its basename appears AND that basename is UNIQUE among the
+// reviewable changed files. A basename shared by multiple reviewable files is
+// AMBIGUOUS (e.g. src/a/index.js and test/b/index.js both basename "index.js"),
+// so a bare-basename citation cannot prove which file was examined — for those we
+// require the full-path match. This both tolerates differing path FORMS for an
+// unambiguous file and prevents one ambiguous basename from "covering" several
+// distinct files.
 function coverageFailure(verdict, reviewablePaths) {
   const coverage = verdict.coverage || {};
   const examined = Array.isArray(coverage.files_examined) ? coverage.files_examined : [];
@@ -321,6 +326,13 @@ function coverageFailure(verdict, reviewablePaths) {
   if (reviewablePaths.length > COVERAGE_FILE_CAP) {
     return null;
   }
+  // Count how often each basename occurs among the canonicalized reviewable
+  // changed files so we can tell unique basenames from ambiguous ones.
+  const baseCounts = new Map();
+  for (const path of reviewablePaths) {
+    const base = baseNameOf(canonicalizePath(path));
+    baseCounts.set(base, (baseCounts.get(base) || 0) + 1);
+  }
   // Build canonical full-path and basename lookup sets from the citations.
   const examinedFull = new Set();
   const examinedBase = new Set();
@@ -333,7 +345,11 @@ function coverageFailure(verdict, reviewablePaths) {
   for (const path of reviewablePaths) {
     const canon = canonicalizePath(path);
     const base = baseNameOf(canon);
-    if (examinedFull.has(canon) || examinedBase.has(base)) continue;
+    // Full-path citation always counts. A basename citation only counts when that
+    // basename is UNIQUE among the reviewable changed files; an ambiguous basename
+    // (occurs >1) requires the full-path match.
+    if (examinedFull.has(canon)) continue;
+    if (baseCounts.get(base) === 1 && examinedBase.has(base)) continue;
     return `missing_coverage:${canon}`;
   }
   return null;

package/src/core/load-config.js CHANGED Viewed

@@ -96,10 +96,92 @@ export async function loadEffectiveConfig(cwd, io = {}) {
   deepAssign(merged, sanitizeProjectConfig(userConfig));
   deepAssign(merged, sanitizeProjectConfig(projectConfig));
+  // Reviewer trust floor: a PROJECT layer can never grant a reviewer trust nor
+  // supply the command/args/type of a custom reviewer. Those must come from
+  // USER-level config only (the threat model treats the repo's project config as
+  // untrusted). Applied AFTER the merge so it strips anything a project injected.
+  applyReviewerTrustFloor(merged, userConfig);
   // Apply the user policy floor LAST so it can only tighten, never loosen.
   return applyPolicyFloor(merged, userPolicyFloor);
 }
+/**
+ * Enforce the reviewer trust floor on a fully-merged config using the RAW user
+ * config as the sole source of truth for trust and custom-reviewer definitions.
+ *
+ * Rules (all fail-closed; a project layer can only LOSE privileges here):
+ *  - For every reviewer id: if merged.reviewers[id].trusted === true but the user
+ *    config did NOT set trusted === true for that id, force trusted = false. A
+ *    project config can never grant trust.
+ *  - For any reviewer that is custom (merged type OR user-declared type is
+ *    "custom"): take `type`, `command`, and `args` ONLY from the user config for
+ *    that id, dropping any project-supplied values. If the user config did not
+ *    define this custom reviewer, the result has no command and is rejected at
+ *    runtime (fail closed).
+ *  - opencode's `readOnlyConfig` is intentionally NOT touched here: opencode
+ *    isolation is bound to the bundled read-only agent in enforced/strict, so a
+ *    project-set readOnlyConfig is safe.
+ *
+ * Tolerant of missing/non-object reviewer maps and entries.
+ *
+ * @param {object} merged      - fully-merged effective config (mutated in place)
+ * @param {object} userConfig  - raw user-level config (trusted source)
+ * @returns {object} merged
+ */
+function applyReviewerTrustFloor(merged, userConfig) {
+  const reviewers = merged.reviewers;
+  if (!reviewers || typeof reviewers !== "object" || Array.isArray(reviewers)) {
+    return merged;
+  }
+  const userReviewers =
+    userConfig && typeof userConfig.reviewers === "object" && !Array.isArray(userConfig.reviewers)
+      ? userConfig.reviewers
+      : {};
+  for (const id of Object.keys(reviewers)) {
+    const entry = reviewers[id];
+    if (!entry || typeof entry !== "object" || Array.isArray(entry)) continue;
+    const userEntry =
+      userReviewers[id] && typeof userReviewers[id] === "object" && !Array.isArray(userReviewers[id])
+        ? userReviewers[id]
+        : null;
+    // Trust floor: only the user config can grant trust.
+    if (entry.trusted === true && userEntry?.trusted !== true) {
+      entry.trusted = false;
+    }
+    // Custom-reviewer floor: command/args/type come from the user config only.
+    const isCustom = entry.type === "custom" || userEntry?.type === "custom";
+    if (isCustom) {
+      if (userEntry && userEntry.type === "custom") {
+        // Take the type/command/args from the trusted user config, dropping any
+        // project-supplied values.
+        entry.type = "custom";
+        if ("command" in userEntry) {
+          entry.command = userEntry.command;
+        } else {
+          delete entry.command;
+        }
+        if ("args" in userEntry) {
+          entry.args = structuredClone(userEntry.args);
+        } else {
+          delete entry.args;
+        }
+      } else {
+        // The user config did not define this custom reviewer. Strip any
+        // project-supplied command/args so it fails closed (no command -> rejected
+        // at runtime). Keep type so the custom adapter still recognizes the entry
+        // and refuses it via the missing-command / untrusted checks.
+        delete entry.command;
+        delete entry.args;
+      }
+    }
+  }
+  return merged;
+}
 /**
  * Resolve the user-level state directory.
  *

package/src/core/process.js CHANGED Viewed

@@ -3,6 +3,36 @@ import path from "node:path";
 import { constants } from "node:fs";
 import { spawn } from "node:child_process";
+/**
+ * Read an env value by a case-insensitive key name.
+ *
+ * `process.env` is case-insensitive on win32, but a PLAIN-OBJECT env copy
+ * (e.g. `{ ...process.env }`, or an env coming from a native Windows
+ * cmd/powershell shell) may carry the key in a different case — e.g. `Path`
+ * instead of `PATH`. Reading `env.PATH` directly would then miss it and
+ * resolveExecutable would wrongly return null. This helper returns the value for
+ * the first key matching `name` case-insensitively, preferring an EXACT-case
+ * match (so behavior is unchanged when the uppercase key exists).
+ *
+ * @param {object} env   - environment object
+ * @param {string} name  - canonical key name (e.g. "PATH", "PATHEXT")
+ * @returns {string|undefined}
+ */
+function getEnvCaseInsensitive(env, name) {
+  if (!env || typeof env !== "object") return undefined;
+  // Prefer the exact key first to keep existing behavior identical.
+  if (Object.prototype.hasOwnProperty.call(env, name) && env[name] != null) {
+    return env[name];
+  }
+  const lower = name.toLowerCase();
+  for (const key of Object.keys(env)) {
+    if (key.toLowerCase() === lower && env[key] != null) {
+      return env[key];
+    }
+  }
+  return undefined;
+}
 /**
  * Resolve a command name or path to an absolute executable path.
  * On Windows, walks PATHEXT extensions (e.g. .COM .EXE .BAT .CMD).
@@ -28,10 +58,14 @@ export async function resolveExecutable(command, env = process.env) {
     return path.resolve(command);
   }
-  const pathEntries = String(env.PATH || "").split(path.delimiter).filter(Boolean);
+  // Read PATH / PATHEXT case-insensitively: a plain-object env copy (or a native
+  // Windows shell env) may carry these keys as `Path`/`PathExt`, etc.
+  const pathValue = getEnvCaseInsensitive(env, "PATH");
+  const pathExtValue = getEnvCaseInsensitive(env, "PATHEXT");
+  const pathEntries = String(pathValue || "").split(path.delimiter).filter(Boolean);
   const extensions =
     process.platform === "win32"
-      ? String(env.PATHEXT || ".COM;.EXE;.BAT;.CMD").split(";")
+      ? String(pathExtValue || ".COM;.EXE;.BAT;.CMD").split(";")
       : [""];
   for (const dir of pathEntries) {

package/src/reviewers/_shared.js CHANGED Viewed

@@ -127,11 +127,26 @@ export async function runWithTimeout(child, { timeoutMs, captureStderr = false }
     : [collectOutput(child), waitForExit(child)];
   const processPromise = Promise.all(collectors);
-  const timeoutPromise = new Promise((resolve) =>
-    setTimeout(() => resolve(TIMEOUT_SENTINEL), timeoutMs)
-  );
+  // Capture the timer id so it can be cleared once the race settles. Without the
+  // clearTimeout below, a pending setTimeout keeps the Node event loop alive for
+  // up to timeoutMs after the process already completed, hanging the CLI/hook.
+  let timer;
+  const timeoutPromise = new Promise((resolve) => {
+    timer = setTimeout(() => resolve(TIMEOUT_SENTINEL), timeoutMs);
+    // unref() is a secondary measure so the timer alone never blocks exit; the
+    // clearTimeout below is the primary fix.
+    if (timer && typeof timer.unref === "function") timer.unref();
+  });
+  let raceResult;
+  try {
+    raceResult = await Promise.race([processPromise, timeoutPromise]);
+  } finally {
+    // Always clear the pending timeout timer — on BOTH the timeout branch and the
+    // normal completion branch — so the event loop is not held open.
+    clearTimeout(timer);
+  }
-  const raceResult = await Promise.race([processPromise, timeoutPromise]);
   if (raceResult === TIMEOUT_SENTINEL) {
     forceKill(child);
     return TIMEOUT_SENTINEL;