claude-nomad 0.50.2 → 0.51.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.gitleaks.toml +13 -1
- package/CHANGELOG.md +42 -0
- package/README.md +16 -3
- package/dist/nomad.mjs +1147 -862
- package/package.json +1 -1
package/.gitleaks.toml
CHANGED
|
@@ -6,14 +6,26 @@
|
|
|
6
6
|
[extend]
|
|
7
7
|
useDefault = true
|
|
8
8
|
|
|
9
|
+
# Path-scoped: this tool-output noise (gitleaks fingerprints, coverage
|
|
10
|
+
# line-keys, npm audit JSON id hashes, Sonar issue keys) accumulates in Claude
|
|
11
|
+
# Code session transcripts when a conversation runs those tools. Two of these
|
|
12
|
+
# regexes are structurally generic enough that, left global, they could suppress
|
|
13
|
+
# a real credential that happened to sit in a `path:word:digit` or hex-`id`
|
|
14
|
+
# context anywhere in the repo. Scoping to `shared/projects/<logical>/.../*.jsonl`
|
|
15
|
+
# with `condition = "AND"` (matching every other block below) confines the
|
|
16
|
+
# suppression to synced transcripts: a real secret in a source file still fires.
|
|
9
17
|
[[allowlists]]
|
|
10
|
-
description = "claude-nomad: structurally-distinguishable tool-output noise"
|
|
18
|
+
description = "claude-nomad: structurally-distinguishable tool-output noise in synced session transcripts"
|
|
11
19
|
regexes = [
|
|
12
20
|
'''AY[A-Za-z0-9_-]{20,}''',
|
|
13
21
|
'''[\w./-]+\.[A-Za-z0-9]+:[\w-]+:\d+''',
|
|
14
22
|
'''"id"\s*:\s*"[a-f0-9]{40,64}"''',
|
|
15
23
|
'''key=[a-f0-9]{8,} [\w./-]+\.\w+:\d+''',
|
|
16
24
|
]
|
|
25
|
+
paths = [
|
|
26
|
+
'''^shared/projects/[^/]+/.*\.jsonl$''',
|
|
27
|
+
]
|
|
28
|
+
condition = "AND"
|
|
17
29
|
|
|
18
30
|
# Path-scoped: the documented test-fixture github-pat literal AND the three
|
|
19
31
|
# entropy-variant placeholders (zero-suffix, alphabet, repeat-A) accumulate
|
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,47 @@
|
|
|
1
1
|
# Changelog
|
|
2
2
|
|
|
3
|
+
## [0.51.0](https://github.com/funkadelic/claude-nomad/compare/v0.50.3...v0.51.0) (2026-06-18)
|
|
4
|
+
|
|
5
|
+
|
|
6
|
+
### Added
|
|
7
|
+
|
|
8
|
+
* **capture-settings:** direction-aware settings drift detection and capture command ([#314](https://github.com/funkadelic/claude-nomad/issues/314)) ([512c1a2](https://github.com/funkadelic/claude-nomad/commit/512c1a27a3a573b3c2684bae21e577a50a58a098))
|
|
9
|
+
|
|
10
|
+
|
|
11
|
+
### Changed
|
|
12
|
+
|
|
13
|
+
* **deps:** regenerate package-lock.json ([#312](https://github.com/funkadelic/claude-nomad/issues/312)) ([a80a974](https://github.com/funkadelic/claude-nomad/commit/a80a9740be72a1cad6e7865697548274ff0fbe51))
|
|
14
|
+
|
|
15
|
+
## [0.50.3](https://github.com/funkadelic/claude-nomad/compare/v0.50.2...v0.50.3) (2026-06-17)
|
|
16
|
+
|
|
17
|
+
|
|
18
|
+
### Fixed
|
|
19
|
+
|
|
20
|
+
* **gitleaks:** scope tool-output noise allowlist to session transcripts ([#305](https://github.com/funkadelic/claude-nomad/issues/305)) ([ca76680](https://github.com/funkadelic/claude-nomad/commit/ca766803a425d21747f959606d6436989ce249e6))
|
|
21
|
+
* **push:** make --redact-all all-or-nothing ([#302](https://github.com/funkadelic/claude-nomad/issues/302)) ([f2cffeb](https://github.com/funkadelic/claude-nomad/commit/f2cffeb9204b68fb046ee55c9768e065272fb431))
|
|
22
|
+
* **push:** warn when drop-session/redact target is already in pushed history ([#304](https://github.com/funkadelic/claude-nomad/issues/304)) ([739676f](https://github.com/funkadelic/claude-nomad/commit/739676ffbf1345fc7ff124ac7eafb9802ba09be4))
|
|
23
|
+
* **redact:** warn when a finding match is not located in the file ([#310](https://github.com/funkadelic/claude-nomad/issues/310)) ([db1442b](https://github.com/funkadelic/claude-nomad/commit/db1442b311db04944b655ece91a56ef23a39abe1))
|
|
24
|
+
* **remap:** make session-transcript mirror copy atomic ([4fc518f](https://github.com/funkadelic/claude-nomad/commit/4fc518fd80ce7fffb56ba2a6d135e6f6b795bc91))
|
|
25
|
+
* **utils:** guard deepMerge against prototype pollution ([#299](https://github.com/funkadelic/claude-nomad/issues/299)) ([8e57539](https://github.com/funkadelic/claude-nomad/commit/8e575393a320386dd7329aab8071fd84557ec4e9))
|
|
26
|
+
|
|
27
|
+
|
|
28
|
+
### Changed
|
|
29
|
+
|
|
30
|
+
* **config:** centralize path-map.json shape validation ([#306](https://github.com/funkadelic/claude-nomad/issues/306)) ([88edda3](https://github.com/funkadelic/claude-nomad/commit/88edda3f45954d4dc89d65e2ec55a7d9d5b6b3f8))
|
|
31
|
+
* **dispatch:** share argv token-parser primitives ([#307](https://github.com/funkadelic/claude-nomad/issues/307)) ([9f62b51](https://github.com/funkadelic/claude-nomad/commit/9f62b5156bbc3b7e03f8a81fe0f844cbeb1da3fa))
|
|
32
|
+
* **doctor:** rename repository check module to git-state ([#309](https://github.com/funkadelic/claude-nomad/issues/309)) ([b6a0d5c](https://github.com/funkadelic/claude-nomad/commit/b6a0d5c8461c2f63af7d77464db9558271d46f46))
|
|
33
|
+
* **utils:** dedup backup helpers and document lock/exit conventions ([#308](https://github.com/funkadelic/claude-nomad/issues/308)) ([4c2d59d](https://github.com/funkadelic/claude-nomad/commit/4c2d59d97c875851733175e4b4346e5714c48a32))
|
|
34
|
+
|
|
35
|
+
|
|
36
|
+
### Documentation
|
|
37
|
+
|
|
38
|
+
* **recovery:** reflect session-scoped allowlist and redact no-match warning ([#311](https://github.com/funkadelic/claude-nomad/issues/311)) ([7faf564](https://github.com/funkadelic/claude-nomad/commit/7faf5647d7dfd30822950d687fd8be15b5c49910))
|
|
39
|
+
|
|
40
|
+
|
|
41
|
+
### Testing
|
|
42
|
+
|
|
43
|
+
* **push:** add full-pipeline cmdPush E2E against real git and gitleaks ([#303](https://github.com/funkadelic/claude-nomad/issues/303)) ([3c01262](https://github.com/funkadelic/claude-nomad/commit/3c012629e7b99dcf4c5e679d93acb353ee6c3409))
|
|
44
|
+
|
|
3
45
|
## [0.50.2](https://github.com/funkadelic/claude-nomad/compare/v0.50.1...v0.50.2) (2026-06-15)
|
|
4
46
|
|
|
5
47
|
|
package/README.md
CHANGED
|
@@ -40,9 +40,11 @@ survives different file paths and your secrets never ride along.
|
|
|
40
40
|
`--dry-run` on pull and push prints the plan without writing anything.
|
|
41
41
|
- **One command tells you what is wrong.** `nomad doctor` is a read-only health check: wedged sync
|
|
42
42
|
repo, broken hook references, hooks that would crash on session start because of a missing
|
|
43
|
-
`--preserve-symlinks-main` flag, version drift, oversized backup cache, and settings drift
|
|
44
|
-
|
|
45
|
-
|
|
43
|
+
`--preserve-symlinks-main` flag, version drift, oversized backup cache, and settings drift in both
|
|
44
|
+
directions: keys present in the repo merge but absent from your live `settings.json` (behind; the
|
|
45
|
+
next `nomad pull` will restore them, fix: `nomad pull`) and keys present locally but not yet in
|
|
46
|
+
the repo (ahead; local-only additions, fix: `nomad capture-settings`). Each issue includes a fix
|
|
47
|
+
hint.
|
|
46
48
|
- **Self-healing sync.** Every overwrite is backed up first, and `nomad pull --force-remote`
|
|
47
49
|
recovers two kinds of stuck sync repo: a repo stuck mid-rebase or mid-merge (aborts the operation,
|
|
48
50
|
parks stranded work on a branch, refuses if shared config is at risk), and a repo where the rebase
|
|
@@ -100,6 +102,8 @@ When `nomad push` detects a potential secret, it drops into an interactive menu
|
|
|
100
102
|
a recovery hint (non-TTY/CI). Three non-interactive recovery paths are available without the menu:
|
|
101
103
|
|
|
102
104
|
- `nomad push --redact-all` -- scrub every finding from the local transcript in place, then push.
|
|
105
|
+
All-or-nothing: if any finding cannot be redacted (an active session, or one that does not map to
|
|
106
|
+
a synced transcript), nothing is changed and the push stops so you can handle those sessions.
|
|
103
107
|
- `nomad push --allow <rule>` -- record findings matching one gitleaks rule id as false positives
|
|
104
108
|
(appends their fingerprints to `.gitleaksignore`), then re-scan and push.
|
|
105
109
|
- `nomad push --allow-all` -- record every current finding as a false positive, then re-scan and
|
|
@@ -121,6 +125,15 @@ surfaces any orphaned autostash entry, then re-pulls). Run `nomad doctor` first
|
|
|
121
125
|
which state you are in; the Repository section names the specific problem and points at the right
|
|
122
126
|
fix.
|
|
123
127
|
|
|
128
|
+
If an external tool (such as Claude Code or GSD) wrote new keys into your `~/.claude/settings.json`
|
|
129
|
+
that are not yet in your shared repo, run `nomad capture-settings` to promote them before the next
|
|
130
|
+
`nomad pull` overwrites them. With `--host`, the keys land in `hosts/<NOMAD_HOST>.json` instead of
|
|
131
|
+
`shared/settings.base.json` (useful for machine-specific values such as absolute paths). `--dry-run`
|
|
132
|
+
shows what would be written without touching anything. Before it writes, `capture-settings` shows
|
|
133
|
+
the destination and the keys and asks you to confirm; pass `--yes` (or `-y`) to skip the prompt,
|
|
134
|
+
which is required when running without an interactive terminal. `nomad push` also warns when it
|
|
135
|
+
detects ahead-drift so you have a prompt to act before the push completes.
|
|
136
|
+
|
|
124
137
|
## Claude Code plugin
|
|
125
138
|
|
|
126
139
|
An optional companion plugin puts nomad one slash away inside Claude Code and warns you at session
|