claude-nomad 0.29.1 → 0.31.0

package/.gitleaks.toml

@@ -38,3 +38,23 @@ paths = [
     '''^shared/projects/[^/]+/.*\.jsonl$''',
 ]
 condition = "AND"
+
+# Path-scoped: SonarCloud issue-listing tool output (`gh`/sonar API dumps of
+# the form `key: <20-char id>` immediately followed by `rule: <lang>:S<n>`)
+# lands in session transcripts during PR reviews. The issue key is an opaque
+# 20-char base64url identifier, not a credential, but it is shaped like a
+# generic API key and does not carry the `AY` prefix the noise allowlist
+# above keys on. Anchoring on the surrounding `key:`/`rule:` structure (via
+# regexTarget = "line") keeps this from whitelisting a bare token: a real API
+# key is never followed by `\n  rule: <lang>:S####`. `condition = "AND"` plus
+# the session-jsonl path scope double-locks it to synced transcripts.
+[[allowlists]]
+description = "claude-nomad: SonarCloud issue-listing output (key: <id> / rule: <lang>:S<n>) in synced session transcripts"
+regexTarget = "line"
+regexes = [
+    '''key:\s*[A-Za-z0-9_-]{19,24}\\n\s*rule:\s*\w+:S\d+''',
+]
+paths = [
+    '''^shared/projects/[^/]+/.*\.jsonl$''',
+]
+condition = "AND"

package/CHANGELOG.md

@@ -1,5 +1,30 @@
 # Changelog
 
+## [0.31.0](https://github.com/funkadelic/claude-nomad/compare/v0.30.0...v0.31.0) (2026-05-29)
+
+
+### Added
+
+* **push:** interactive secret recovery on push and nomad redact ([#181](https://github.com/funkadelic/claude-nomad/issues/181)) ([4931e27](https://github.com/funkadelic/claude-nomad/commit/4931e27ba30998a02b123c71edc1315069c9181a))
+
+
+### Changed
+
+* **gitleaks:** allowlist SonarCloud issue-key tool-output noise in synced transcripts ([#179](https://github.com/funkadelic/claude-nomad/issues/179)) ([0f7d816](https://github.com/funkadelic/claude-nomad/commit/0f7d8161d4de3379cd6a4db00482f560c8b3f280))
+* **settings-drift:** author PRs via app token and make regen idempotent ([#182](https://github.com/funkadelic/claude-nomad/issues/182)) ([062397c](https://github.com/funkadelic/claude-nomad/commit/062397c565926471eccc8e75f72d1ccf2e5cc8c0))
+
+## [0.30.0](https://github.com/funkadelic/claude-nomad/compare/v0.29.1...v0.30.0) (2026-05-29)
+
+
+### Added
+
+* **doctor:** report gh and curl presence in Version Checks ([#175](https://github.com/funkadelic/claude-nomad/issues/175)) ([5163833](https://github.com/funkadelic/claude-nomad/commit/516383301dbd9c64cfc8f1c7a654655b61c29280))
+
+
+### Changed
+
+* widen npm-publish smoke-test propagation window ([#176](https://github.com/funkadelic/claude-nomad/issues/176)) ([f8b1eef](https://github.com/funkadelic/claude-nomad/commit/f8b1eef18dcee91fb894d2036c42356f82c76f79))
+
 ## [0.29.1](https://github.com/funkadelic/claude-nomad/compare/v0.29.0...v0.29.1) (2026-05-29)
 
 

package/README.md

@@ -60,7 +60,9 @@ box, a personal rig and a work machine. [Get started in three steps.](#quickstar
   - [Commands](#commands)
   - [Recovery flows](#recovery-flows)
     - [`nomad drop-session <id>`](#nomad-drop-session-id)
+    - [`nomad redact <session-id>`](#nomad-redact-session-id)
     - [Recovery flow: gitleaks FATAL on a session JSONL](#recovery-flow-gitleaks-fatal-on-a-session-jsonl)
+    - [Recovery flow: push-time interactive menu](#recovery-flow-push-time-interactive-menu)
     - [`.gitleaks.toml` allowlist policy](#gitleakstoml-allowlist-policy)
   - [Cross-OS resume](#cross-os-resume)
   - [Run tests](#run-tests)
@@ -380,10 +382,11 @@ Read these before adopting so you opt in with eyes open.
 
 - `gh` ([GitHub CLI](https://cli.github.com/)), used only by `nomad init` to auto-disable Actions on
   the private repo; if it is missing or unauthenticated, init prints a manual fallback tip and
-  continues
+  continues. `nomad doctor` reports its presence in the Version Checks section.
 - [curl](https://curl.se/), used by the version/update check (the `nomad doctor` latest-release line
   and the post-`nomad update` check) and by `nomad doctor --check-schema`; it degrades silently when
-  curl is absent or offline, so the rest of the CLI works without it
+  curl is absent or offline, so the rest of the CLI works without it. `nomad doctor` reports its
+  presence in the Version Checks section.
 
 ## Setup
 
@@ -609,7 +612,11 @@ point under your npm prefix's `bin/`), then delete the alias line from your shel
 | `nomad diff`                     | Offline, lockless twin of `pull --dry-run`. No network, no lock. Works against the current local repo state.                                                                                                                                                                                                                                                                                                                                                                 |
 | `nomad push`                     | Export local sessions and opted-in per-project extras to logical names, commit (`chore: sync from <NOMAD_HOST>`), push.                                                                                                                                                                                                                                                                                                                                                      |
 | `nomad push --dry-run`           | Run pre-push safety checks (gitleaks probe, rebase, remap preview, gitlink scan, allow-list) and a read-only gitleaks leak preview over a throwaway temp copy of the sessions and extras this host would stage; skip stage, commit, and push. Exits 1 if a leak is found in the preview. Nothing is written to the sync repo.                                                                                                                                                |
+| `nomad push --redact-all`        | Redact all findings non-interactively (backup written first) without a TTY. Does not auto-Allow findings. After redaction re-stages and re-scans; aborts with the session-aware FATAL if any finding survives. Use this in scripts or when you are confident every finding is a real secret that should be scrubbed. See [Recovery flow: push-time interactive menu](#recovery-flow-push-time-interactive-menu).                                                             |
 | `nomad drop-session <id>`        | Surgically unstage every `shared/projects/*/<id>.jsonl` and the sibling `shared/projects/*/<id>/` subagent directory from the staged tree of `~/claude-nomad/`. Idempotent; the local `~/.claude/projects/<encoded>/<id>.jsonl` and `<id>/` tree are preserved. See [Recovery flows](#recovery-flows).                                                                                                                                                                       |
+| `nomad redact <session-id>`      | Rewrite the secret span in the local source transcript for a session, backed up to `~/.cache/claude-nomad/backup/`. Refuses to touch a session that was modified recently (potential active session). Safe to re-run. See [`nomad redact <session-id>`](#nomad-redact-session-id).                                                                                                                                                                                           |
+| `nomad redact --rule <id>`       | Limit redaction to findings of one gitleaks rule id only.                                                                                                                                                                                                                                                                                                                                                                                                                    |
+| `nomad redact --dry-run`         | Show what `nomad redact` would change without writing anything.                                                                                                                                                                                                                                                                                                                                                                                                              |
 | `nomad update`                   | Topology-aware upgrade to the latest upstream. Flags: `--dry-run`, `--force`, `--push-origin`. See [Upgrading the tool](#upgrading-the-tool).                                                                                                                                                                                                                                                                                                                                |
 | `nomad doctor`                   | Read-only health check. Each line carries a status glyph (`✓` pass, `✗` fail, `⚠︎` warn); any `✗` sets `process.exitCode = 1` (`⚠︎` does not). Includes an offline-tolerant release-version staleness check, a Hook targets check that fails (`✗`, exit 1) when `settings.json` references a hook command whose script under `~/.claude/` is missing on this host, plus two `⚠︎`-only drift checks: gitleaks version drift and, on a private GitHub mirror, re-enabled Actions. |
 | `nomad doctor --resume-cmd <id>` | Print a host-local `cd ... && claude --resume <id>` line for a session (see [Cross-OS resume](#cross-os-resume)).                                                                                                                                                                                                                                                                                                                                                            |
@@ -761,6 +768,38 @@ scrubbing (the exact path when `path-map.json` maps the project to the current h
 `~/.claude/projects/` source, not the staged tree, so it keeps flagging the secret until the local
 transcript is scrubbed.
 
+### `nomad redact <session-id>`
+
+Rewrites the secret span in the local source transcript at
+`~/.claude/projects/<encoded>/<session-id>.jsonl` in place, replacing each flagged span with
+`[REDACTED:<rule>]`. Before rewriting, the original transcript is backed up to
+`~/.cache/claude-nomad/backup/<timestamp>/`.
+
+```bash
+$ nomad redact <session-id>
+$ nomad redact <session-id> --rule github-pat   # one rule only
+$ nomad redact <session-id> --dry-run           # preview without writing
+```
+
+What it does: rewrites the LOCAL source transcript (not just the staged copy). This is the durable
+fix for a gitleaks finding: `nomad drop-session` only removes the staged copy, but `remapPush`
+re-copies from local on the next push, so the secret resurfaces. Redacting the local source means
+future pushes carry clean content.
+
+What it does NOT do: rotate credentials. Always rotate the secret at its provider first.
+
+Safety checks:
+
+- A session whose transcript was modified within the last 5 minutes is treated as potentially active
+  (Claude Code may still be writing to it). `nomad redact` refuses to touch it and suggests
+  `nomad drop-session` or waiting for the session to end.
+- Before every rewrite, a backup is written to `~/.cache/claude-nomad/backup/<timestamp>/`, so the
+  original content is recoverable.
+- `--dry-run` prints the planned redactions and writes nothing.
+
+This command is safe to re-run: if the span was already redacted (the replacement token is already
+present), the content is unchanged.
+
 ### Recovery flow: gitleaks FATAL on a session JSONL
 
 `nomad push` runs `gitleaks protect --staged` before commit. To catch the same findings before you
@@ -791,10 +830,12 @@ Two branches from here:
    contaminated copy from the current staged tree, but that alone is NOT durable: `remapPush` (in
    `src/remap.ts`) does a full rm-and-copy mirror of your LOCAL transcripts into `shared/projects/`
    on every push, so the next `nomad push` re-copies the un-scrubbed local file forward and
-   re-stages the same secret. The durable fix is to rotate AND scrub or remove the local transcript
-   at `~/.claude/projects/<encoded>/<sid-aaaa>.jsonl` (plus the sibling `<sid-aaaa>/` subagent
-   directory under that encoded dir, if present) so the next `remapPush` carries clean content
-   forward. Do not leave the local file un-scrubbed and expect the staged-tree drop to hold.
+   re-stages the same secret. The durable fix is to rotate AND scrub the local transcript. The
+   easiest way: `nomad redact <sid-aaaa>` (see [`nomad redact`](#nomad-redact-session-id)), which
+   rewrites the secret span in place with a backup. Alternatively, remove the local transcript at
+   `~/.claude/projects/<encoded>/<sid-aaaa>.jsonl` (plus the sibling `<sid-aaaa>/` subagent
+   directory, if present). Do not leave the local file un-scrubbed and expect the staged-tree drop
+   to hold.
 
 2. **False positive.** Add an allowlist regex to `.gitleaks.toml` at the repo root that matches the
    noise pattern but not real-secret formats, commit it, then re-run `nomad push`. The new allowlist
@@ -803,6 +844,49 @@ Two branches from here:
 `nomad drop-session` only acts on the staged tree of `~/claude-nomad/`. Active Claude Code sessions
 writing to the local file are not disturbed.
 
+### Recovery flow: push-time interactive menu
+
+When `nomad push` detects a secret and the process is running on an interactive TTY, it presents a
+per-finding menu instead of aborting immediately. Each finding is shown with its rule id, file, and
+line number (the secret value is never printed: the scan uses `--redact`).
+
+```text
+Finding: github-pat in shared/projects/my-proj/abc123.jsonl line 42 (session: abc123)
+  [R]edact  [A]llow  [D]rop session  [S]kip (default)
+>
+```
+
+What the actions do:
+
+- **Redact** rewrites the secret span in the LOCAL source transcript in place (same flow as
+  `nomad redact`), backs up first, then re-copies the file to the staged tree. Refuses if the
+  session was modified in the last 5 minutes (potential active session): choose Drop or Skip instead
+  and wait for the session to end.
+- **Allow** appends the finding's fingerprint to `.gitleaksignore` at the repo root. Use this for
+  confirmed false positives. The fingerprint format (`file:rule:line`) is tied to the current line,
+  so if the content moves gitleaks re-prompts rather than silently suppressing a new hit.
+- **Drop session** excludes this session from the current push by unstaging it from the repo's git
+  index (same as `nomad drop-session <id>`). The local `~/.claude/projects/.../` transcript is kept
+  intact and any running Claude session is not stopped. Not durable: the next push re-copies from
+  local unless you also redact or remove the local transcript.
+- **Skip** (default on bare Enter) leaves the finding unresolved for now.
+
+After you respond to every finding, the menu applies your choices. If any finding was Skipped, the
+push aborts with the session-aware FATAL (same exit as a non-interactive push with findings). If all
+findings were resolved, the staged tree is updated and re-scanned. A clean re-scan proceeds to
+commit and push. If new findings appear after the first round of actions, the menu loops on the new
+set.
+
+On a non-TTY (CI, piped input, or scripted `nomad push`), the menu never appears and the push aborts
+with the existing session-aware FATAL unchanged.
+
+**Batch redact without a TTY:** `nomad push --redact-all` redacts every finding non-interactively
+(backup written first) without prompting and without requiring a TTY. It does not auto-Allow. After
+redaction the staged tree is re-scanned; any surviving finding aborts with the FATAL. Use this in
+scripts or when every finding is a real secret that should be scrubbed. For a single session,
+`nomad redact <session-id>` (see [`nomad redact`](#nomad-redact-session-id)) gives you per-session
+control with `--rule` and `--dry-run` options.
+
 ### `.gitleaks.toml` allowlist policy
 
 `gitleaks protect` runs against the staged tree on every `nomad push` and can flag

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "claude-nomad",
-  "version": "0.29.1",
+  "version": "0.31.0",
   "type": "module",
   "description": "Sync Claude Code config (~/.claude/) across machines via a private Git repo, with path remapping and per-host settings overrides.",
   "keywords": [

package/src/commands.doctor.checks.deps.ts

@@ -0,0 +1,97 @@
+import { execFileSync } from 'node:child_process';
+
+import { green, okGlyph, warnGlyph, yellow } from './color.ts';
+import { addItem, type DoctorSection } from './commands.doctor.format.ts';
+import type { SpawnSyncFn } from './gh-actions.ts';
+
+/**
+ * Optional-dependency presence reporter for `nomad doctor`. Probes for `gh`
+ * and `curl` (both optional CLIs used by nomad features) and emits one row
+ * per binary in the Version Checks section:
+ *   - present with parsed version: `okGlyph gh: X.Y.Z`
+ *   - present but version unparseable: `okGlyph gh: present`
+ *   - not installed (ENOENT): `warnGlyph gh: not installed (optional; ...)`
+ *
+ * This reporter MUST NOT set `process.exitCode`: absent optional deps are
+ * informational only (D-02). Both probes always run unconditionally.
+ */
+
+/**
+ * Regex to extract the first X.Y.Z version token from a string. Each segment
+ * is bounded (`{1,9}`) rather than `+` so the pattern is provably linear: a
+ * `--version` line never has a segment longer than a few digits, and bounding
+ * the repetition removes the super-linear backtracking an unbounded
+ * `\d+\.\d+\.\d+` carries on a degenerate all-digit input.
+ */
+const VERSION_TOKEN = /(\d{1,9}\.\d{1,9}\.\d{1,9})/;
+
+/**
+ * Extract the first X.Y.Z-shaped version token from a string.
+ *
+ * @param line - A single line of --version output (already trimmed).
+ * @returns The first version token, or `null` if none found.
+ */
+function parseFirstVersion(line: string): string | null {
+  const m = VERSION_TOKEN.exec(line);
+  return m ? m[1] : null;
+}
+
+/** Discriminated union for binary probe results. */
+type DepProbeResult = { status: 'present'; version: string | null } | { status: 'not-installed' };
+
+/**
+ * Probe a binary by running `bin --version` and parsing the first output line.
+ * Returns a DepProbeResult: present (with optional version token) or
+ * not-installed (ENOENT). Non-ENOENT errors are treated as present with no
+ * version (D-03: "never FAIL on unexpected --version output").
+ *
+ * @param bin - The binary name to probe (e.g. `gh` or `curl`).
+ * @param run - Injectable subprocess runner; defaults to `execFileSync`.
+ */
+function probeOptionalDep(bin: string, run: SpawnSyncFn): DepProbeResult {
+  try {
+    const firstLine = run(bin, ['--version'], { stdio: ['ignore', 'pipe', 'pipe'] })
+      .toString()
+      .split('\n')[0]
+      .trim();
+    const version = parseFirstVersion(firstLine);
+    return { status: 'present', version };
+  } catch (err) {
+    if ((err as NodeJS.ErrnoException).code === 'ENOENT') {
+      return { status: 'not-installed' };
+    }
+    // Non-ENOENT: binary may exist but --version misbehaved; report as present.
+    return { status: 'present', version: null };
+  }
+}
+
+/**
+ * Emit presence rows for the optional `gh` and `curl` CLIs into the given
+ * doctor section. Each row shows the binary's install status and version (if
+ * parseable). Absent binaries emit a WARN naming the features they enable.
+ * Never sets `process.exitCode` (D-02): both deps are optional.
+ *
+ * @param section - The Version Checks section to append rows to.
+ * @param run - Injectable subprocess runner; defaults to `execFileSync`.
+ */
+export function reportOptionalDeps(section: DoctorSection, run: SpawnSyncFn = execFileSync): void {
+  const gh = probeOptionalDep('gh', run);
+  if (gh.status === 'present') {
+    addItem(section, `${green(okGlyph)} gh: ${gh.version ?? 'present'}`);
+  } else {
+    addItem(
+      section,
+      `${yellow(warnGlyph)} gh: not installed (optional; needed for nomad init Actions auto-disable + mirror-Actions drift check)`,
+    );
+  }
+
+  const curl = probeOptionalDep('curl', run);
+  if (curl.status === 'present') {
+    addItem(section, `${green(okGlyph)} curl: ${curl.version ?? 'present'}`);
+  } else {
+    addItem(
+      section,
+      `${yellow(warnGlyph)} curl: not installed (optional; needed for release-version staleness check + nomad doctor --check-schema)`,
+    );
+  }
+}

package/src/commands.doctor.ts

@@ -25,6 +25,7 @@ import { REPO_HOME, type PathMap } from './config.ts';
 import { reportNodeEngineCheck } from './commands.doctor.engine.ts';
 import { readJsonSafe, renderDoctor, section } from './commands.doctor.format.ts';
 import { reportGitleaksVersionCheck } from './commands.doctor.gitleaks-version.ts';
+import { reportOptionalDeps } from './commands.doctor.checks.deps.ts';
 import { reportMirrorActions } from './commands.doctor.mirror-actions.ts';
 import { reportVersionCheck } from './commands.doctor.version.ts';
 
@@ -85,6 +86,7 @@ export function cmdDoctor(opts: { checkShared?: boolean; checkSchema?: boolean }
   reportVersionCheck(version);
   reportNodeEngineCheck(version);
   reportGitleaksVersionCheck(version);
+  reportOptionalDeps(version);
 
   const sharedScan = section('Shared scan');
   // Reuse the Repository-section readiness probe so reportCheckShared does not

package/src/commands.drop-session.scrub-hint.ts

@@ -13,12 +13,12 @@ const SHARED_PROJECT_LOGICAL = /^shared\/projects\/([^/]+)\//;
 
 /**
  * After a successful drop, remind the operator that the unstage is per-push
- * only: the leaked secret still lives in the local transcript, so the next
- * `nomad push` re-copies it (via `remapPush`) and `nomad doctor --check-shared`
- * keeps reporting it (it scans the live `~/.claude/projects/` source, not the
- * repo index). Points at the exact live transcript when it resolves for this
- * host, or a generic `~/.claude/projects/<encoded>/<id>.jsonl` template
- * otherwise. Advisory output only; never mutates state.
+ * only: the local source still contains the secret, so the next `nomad push`
+ * re-copies it (via `remapPush`) and `nomad doctor --check-shared` keeps
+ * reporting it (it scans the live `~/.claude/projects/` source, not the repo
+ * index). Full remediation requires rotating the credential, then running
+ * `nomad redact <id>` (or scrubbing the local transcript manually). Advisory
+ * output only; never mutates state.
  *
  * @param id Already-validated session id.
  * @param matches Repo-relative paths collected by `collectMatches`.
@@ -27,10 +27,12 @@ export function reportScrubHint(id: string, matches: string[]): void {
   const live = resolveLiveTranscript(id, matches);
   const target = live ?? `~/.claude/projects/<encoded>/${id}.jsonl`;
   log(
-    'note: this only un-stages the session from the next push. The leaked secret\n' +
-      '  is still in your local transcript, so nomad push re-stages it and nomad\n' +
-      '  doctor --check-shared keeps reporting it. To remediate, rotate the\n' +
-      `  credential, then scrub ${target}`,
+    'note: this only un-stages the session from the next push.\n' +
+      '  The local source still contains the secret, so nomad push re-stages it\n' +
+      '  on the next run and nomad doctor --check-shared keeps reporting it.\n' +
+      '  To fully remediate: rotate the credential, then run:\n' +
+      `    nomad redact ${id}\n` +
+      `  (or scrub ${target} manually)`,
   );
 }
 

package/src/commands.push.recovery.actions.ts

@@ -0,0 +1,165 @@
+/**
+ * I/O action dispatchers for the push-time recovery menu: `applyAllow`,
+ * `applyRedact`, `collectActions`, `dispatchActions`, `redactAllFindings`.
+ * Pure seams live in `commands.push.recovery.seams.ts`; lock-free drop
+ * helper in `commands.push.recovery.drop.ts`.
+ */
+
+import type { PathMap } from './config.ts';
+import { appendGitleaksIgnore } from './commands.redact.ts';
+import { applyRedact } from './commands.push.recovery.redact.ts';
+import { dropSessionFromStaged } from './commands.push.recovery.drop.ts';
+import type { Finding } from './push-gitleaks.scan.ts';
+import { scanFile } from './push-gitleaks.scan.ts';
+import { log } from './utils.ts';
+import {
+  type FindingAction,
+  type PromptFn,
+  findingKey,
+  parseAction,
+  sessionIdFromFinding,
+} from './commands.push.recovery.seams.ts';
+
+export type { FindingAction, PromptFn };
+export { dropSessionFromStaged, findingKey, parseAction, sessionIdFromFinding };
+
+/** Apply the Allow action: append the finding's fingerprint to .gitleaksignore. */
+export function applyAllow(f: Finding): void {
+  appendGitleaksIgnore(f.Fingerprint);
+}
+
+/**
+ * Walk all findings and prompt the user for one action each. Returns a map
+ * from `findingKey` to the chosen action, defaulting to `'skip'` on empty
+ * input.
+ *
+ * @param findings The findings to present.
+ * @param prompt An injectable prompt function (one question per call).
+ * @returns Populated actions map.
+ */
+export async function collectActions(
+  findings: Finding[],
+  prompt: PromptFn,
+): Promise<Map<string, FindingAction>> {
+  const actions = new Map<string, FindingAction>();
+  for (const f of findings) {
+    const sid = sessionIdFromFinding(f);
+    const header =
+      `\nFinding: ${f.RuleID} in ${f.File} line ${f.StartLine}` +
+      (sid !== null ? ` (session: ${sid})` : '') +
+      '\n  [R]edact  [A]llow  [D]rop session  [S]kip (default)\n';
+    actions.set(findingKey(f), parseAction(await prompt(header + '> ')));
+  }
+  return actions;
+}
+
+/**
+ * Apply one finding's triaged action against local state. Extracted from
+ * `dispatchActions` so each function stays under the cognitive-complexity gate.
+ * `redactedSids` and `droppedSids` are mutated in place so per-session
+ * de-duplication is maintained across the caller's loop. Drop wins: once a
+ * session id appears in `droppedSids`, subsequent redact or allow actions for
+ * findings in that session are skipped.
+ *
+ * @param f The finding to act on.
+ * @param findings Full findings list (passed to `applyRedact` for per-session redaction).
+ * @param actions The action map returned by `collectActions`.
+ * @param ts Backup timestamp.
+ * @param map Parsed path-map.
+ * @param nowMs Injectable clock.
+ * @param scan Injectable scan function for `applyRedact`.
+ * @param drop Injectable staged-copy remover for the Drop action.
+ * @param redactedSids Set of already-redacted session ids (mutated in place).
+ * @param droppedSids Set of already-dropped session ids (mutated in place).
+ */
+function dispatchOne(
+  f: Finding,
+  findings: Finding[],
+  actions: Map<string, FindingAction>,
+  ts: string,
+  map: PathMap,
+  nowMs: () => number,
+  scan: (p: string) => Finding[] | null,
+  drop: (sid: string, map: PathMap) => boolean,
+  redactedSids: Set<string>,
+  droppedSids: Set<string>,
+): void {
+  const action = actions.get(findingKey(f)) ?? 'skip';
+  if (action === 'skip') return;
+  if (action === 'allow') {
+    applyAllow(f);
+    return;
+  }
+  const sid = sessionIdFromFinding(f);
+  if (sid === null) return;
+  if (droppedSids.has(sid)) return;
+  if (action === 'drop') {
+    droppedSids.add(sid);
+    if (drop(sid, map)) {
+      log(
+        `dropped session ${sid} from this push (local transcript kept; the secret remains in your local copy)`,
+      );
+    }
+    return;
+  }
+  if (action === 'redact' && !redactedSids.has(sid)) {
+    if (applyRedact(f, findings, ts, map, nowMs, scan)) redactedSids.add(sid);
+  }
+}
+
+/**
+ * Dispatch all non-skip actions from the triage map against local state.
+ * Redacted sessions are de-duplicated: the first finding for a given session
+ * triggers the in-place rewrite; subsequent findings for the same session are
+ * skipped (the rewrite already covered all findings in one pass).
+ *
+ * @param findings Full findings list from the current verdict.
+ * @param actions The action map returned by `collectActions`.
+ * @param ts Backup timestamp.
+ * @param map Parsed path-map.
+ * @param nowMs Injectable clock.
+ * @param scan Injectable scan function for `applyRedact` (default: `scanFile`).
+ * @param drop Injectable staged-copy remover for the Drop action (default: `dropSessionFromStaged`).
+ */
+export function dispatchActions(
+  findings: Finding[],
+  actions: Map<string, FindingAction>,
+  ts: string,
+  map: PathMap,
+  nowMs: () => number,
+  scan: (p: string) => Finding[] | null = scanFile,
+  drop: (sid: string, map: PathMap) => boolean = dropSessionFromStaged,
+): void {
+  const redactedSids = new Set<string>();
+  const droppedSids = new Set<string>();
+  for (const f of findings) {
+    dispatchOne(f, findings, actions, ts, map, nowMs, scan, drop, redactedSids, droppedSids);
+  }
+}
+
+/**
+ * Batch-redact all findings non-interactively (the `--redact-all` path).
+ * Does not require a TTY. Findings with no resolvable session id are skipped.
+ * Sessions are de-duplicated: the first finding per session triggers the
+ * rewrite.
+ *
+ * @param findings All findings from the current verdict.
+ * @param ts Backup timestamp.
+ * @param map Parsed path-map.
+ * @param nowMs Injectable clock.
+ * @param scan Injectable scan function for `applyRedact` (default: `scanFile`).
+ */
+export function redactAllFindings(
+  findings: Finding[],
+  ts: string,
+  map: PathMap,
+  nowMs: () => number,
+  scan: (p: string) => Finding[] | null = scanFile,
+): void {
+  const redactedSids = new Set<string>();
+  for (const f of findings) {
+    const sid = sessionIdFromFinding(f);
+    if (sid === null || redactedSids.has(sid)) continue;
+    if (applyRedact(f, findings, ts, map, nowMs, scan)) redactedSids.add(sid);
+  }
+}

package/src/commands.push.recovery.drop.ts

@@ -0,0 +1,47 @@
+/**
+ * Lock-free session drop helper for the push-time recovery menu.
+ * `dropSessionFromStaged` removes a session's generated copies from the
+ * `REPO_HOME/shared/projects/` tree so the recovery loop's subsequent
+ * `git add -A` stages the deletion rather than re-staging the file.
+ *
+ * Kept separate from `commands.push.recovery.actions.ts` to respect the
+ * ~220-line module cap.
+ */
+
+import { rmSync } from 'node:fs';
+import { join } from 'node:path';
+
+import type { PathMap } from './config.ts';
+import { REPO_HOME } from './config.ts';
+
+/**
+ * Remove the session's generated copies from the staged tree under
+ * `REPO_HOME/shared/projects/<logical>/` so the subsequent `git add -A` in
+ * the recovery loop stages the deletion rather than re-staging the file.
+ *
+ * Removes both the flat `<sid>.jsonl` transcript and the sibling subagent
+ * directory `<sid>/` (if present) for every logical project in `map`. These
+ * are generated copies produced by `remapPush`; the originals under
+ * `~/.claude/projects/` are never touched.
+ *
+ * Lock-free by design: the caller (`dispatchActions`) runs inside a `push`
+ * that already holds the global nomad lock. Calling `cmdDropSession` here
+ * would deadlock on the lock it already owns.
+ *
+ * @param sid Session id to drop from the staged tree.
+ * @param map Parsed path-map; provides the logical project names.
+ * @returns True when `map.projects` has at least one logical entry (the
+ *   session copies were targeted for removal), false when the map is empty
+ *   and no paths were evaluated.
+ */
+export function dropSessionFromStaged(sid: string, map: PathMap): boolean {
+  const logicals = Object.keys(map.projects);
+  if (logicals.length === 0) return false;
+  for (const logical of logicals) {
+    const jsonl = join(REPO_HOME, 'shared', 'projects', logical, `${sid}.jsonl`);
+    const dir = join(REPO_HOME, 'shared', 'projects', logical, sid);
+    rmSync(jsonl, { force: true });
+    rmSync(dir, { recursive: true, force: true });
+  }
+  return true;
+}