naiad-cli 0.2.36 → 0.2.37

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/extensions/naiad-extension.ts +27 -21
  2. package/package.json +1 -1
package/extensions/naiad-extension.ts CHANGED
@@ -882,7 +882,7 @@ When you're done, provide a clear, actionable summary the caller can act on.`;
882
882
 
883
883
  // Set git identity and commit
884
884
  execFileSync("git", ["config", "user.name", "naiad-bot"]);
885
- execFileSync("git", ["config", "user.email", "bot@naiad.dev"]);
885
+ execFileSync("git", ["config", "user.email", "266131081+naiad-bot@users.noreply.github.com"]);
886
886
  execFileSync("git", ["commit", "-m", params.message]);
887
887
 
888
888
  const headSha = execFileSync("git", ["rev-parse", "HEAD"]).toString().trim();
@@ -935,27 +935,33 @@ When you're done, provide a clear, actionable summary the caller can act on.`;
935
935
 
936
936
  const basicAuth = Buffer.from(`x-access-token:${pushToken}`).toString("base64");
937
937
 
938
- // Clean-room push
939
- execFileSync(
940
- "git",
941
- [
942
- "-c", "core.hooksPath=/dev/null",
943
- "-c", "credential.helper=",
944
- "-c", "include.path=",
945
- `-c`, `http.extraheader=Authorization: Basic ${basicAuth}`,
946
- "push", pushUrl, `HEAD:refs/heads/${branch}`, "--no-force",
947
- ],
948
- {
949
- env: {
950
- PATH: process.env.PATH,
951
- HOME: process.env.HOME,
952
- GIT_CONFIG_NOSYSTEM: "1",
953
- GIT_CONFIG_GLOBAL: "/dev/null",
954
- GIT_CONFIG: "/dev/null",
955
- GIT_TERMINAL_PROMPT: "0",
938
+ // Clean-room push — env vars (GIT_CONFIG_NOSYSTEM, GIT_CONFIG_GLOBAL,
939
+ // GIT_CONFIG) already neutralize system/global/local config includes.
940
+ try {
941
+ execFileSync(
942
+ "git",
943
+ [
944
+ "-c", "core.hooksPath=/dev/null",
945
+ "-c", "credential.helper=",
946
+ `-c`, `http.extraheader=Authorization: Basic ${basicAuth}`,
947
+ "push", pushUrl, `HEAD:refs/heads/${branch}`, "--no-force",
948
+ ],
949
+ {
950
+ env: {
951
+ PATH: process.env.PATH,
952
+ HOME: process.env.HOME,
953
+ GIT_CONFIG_NOSYSTEM: "1",
954
+ GIT_CONFIG_GLOBAL: "/dev/null",
955
+ GIT_CONFIG: "/dev/null",
956
+ GIT_TERMINAL_PROMPT: "0",
957
+ },
956
958
  },
957
- },
958
- );
959
+ );
960
+ } catch (pushErr: any) {
961
+ // Sanitize error — execFileSync includes the full command with credentials
962
+ const stderr = pushErr.stderr?.toString() || "";
963
+ throw new Error(`git push failed: ${stderr.replace(/Authorization:[^\s]*/g, "Authorization: [REDACTED]")}`);
964
+ }
959
965
 
960
966
  // Post-push verification (defense-in-depth: server checks for merge commits)
961
967
  const verifyResult = await callToolEndpoint("POST", "post-push-verify", {
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "naiad-cli",
3
- "version": "0.2.36",
3
+ "version": "0.2.37",
4
4
  "type": "module",
5
5
  "bin": {
6
6
  "naiad": "./dist/index.js"