safe-push 0.1.0

package/package.json

@@ -0,0 +1,24 @@
+{
+  "name": "safe-push",
+  "version": "0.1.0",
+  "description": "Git push safety checker - blocks pushes to forbidden areas",
+  "type": "module",
+  "bin": {
+    "safe-push": "./dist/index.js"
+  },
+  "scripts": {
+    "build": "bun build ./src/index.ts --outdir ./dist --target bun",
+    "typecheck": "tsc --noEmit",
+    "dev": "bun run ./src/index.ts"
+  },
+  "dependencies": {
+    "commander": "^12.1.0",
+    "jsonc-parser": "^3.3.1",
+    "zod": "^3.23.8"
+  },
+  "devDependencies": {
+    "@types/bun": "latest",
+    "@types/node": "^22.10.0",
+    "typescript": "^5.7.2"
+  }
+}

package/src/checker.ts

@@ -0,0 +1,112 @@
+import type { Config, CheckResult } from "./types";
+import {
+  getCurrentBranch,
+  isNewBranch,
+  getLastCommitAuthorEmail,
+  getLocalEmail,
+  getDiffFiles,
+} from "./git";
+
+/**
+ * ファイルパスが禁止パターンにマッチするか判定
+ */
+function matchesForbiddenPath(
+  filePath: string,
+  forbiddenPaths: string[]
+): boolean {
+  for (const pattern of forbiddenPaths) {
+    // 末尾にスラッシュがあるパターンはディレクトリ判定
+    if (pattern.endsWith("/")) {
+      const dirPattern = pattern.slice(0, -1);
+      if (filePath.startsWith(dirPattern + "/") || filePath === dirPattern) {
+        return true;
+      }
+    } else {
+      // Globパターンを簡易的に正規表現に変換
+      const regexPattern = pattern
+        .replace(/[.+^${}()|[\]\\]/g, "\\$&")
+        .replace(/\*/g, ".*")
+        .replace(/\?/g, ".");
+      const regex = new RegExp(`^${regexPattern}$`);
+      if (regex.test(filePath)) {
+        return true;
+      }
+    }
+  }
+  return false;
+}
+
+/**
+ * 禁止エリアに変更があるファイルを抽出
+ */
+function findForbiddenFiles(
+  changedFiles: string[],
+  forbiddenPaths: string[]
+): string[] {
+  return changedFiles.filter((file) =>
+    matchesForbiddenPath(file, forbiddenPaths)
+  );
+}
+
+/**
+ * Push可否をチェック
+ *
+ * Push許可条件:
+ * (禁止エリア変更なし) AND (新規ブランチ OR 最終コミットが自分)
+ */
+export async function checkPush(config: Config): Promise<CheckResult> {
+  const currentBranch = await getCurrentBranch();
+  const newBranch = await isNewBranch();
+  const authorEmail = await getLastCommitAuthorEmail();
+  const localEmail = await getLocalEmail();
+  const diffFiles = await getDiffFiles();
+
+  const forbiddenFiles = findForbiddenFiles(diffFiles, config.forbiddenPaths);
+  const hasForbiddenChanges = forbiddenFiles.length > 0;
+  const isOwnLastCommit =
+    authorEmail.toLowerCase() === localEmail.toLowerCase();
+
+  const details = {
+    isNewBranch: newBranch,
+    isOwnLastCommit,
+    hasForbiddenChanges,
+    forbiddenFiles,
+    currentBranch,
+    authorEmail,
+    localEmail,
+  };
+
+  // 禁止エリアに変更がある場合は常にブロック
+  if (hasForbiddenChanges) {
+    return {
+      allowed: false,
+      reason: `Forbidden files detected: ${forbiddenFiles.join(", ")}`,
+      details,
+    };
+  }
+
+  // 新規ブランチの場合は許可
+  if (newBranch) {
+    return {
+      allowed: true,
+      reason: "New branch - no restrictions",
+      details,
+    };
+  }
+
+  // 最終コミットが自分の場合は許可
+  if (isOwnLastCommit) {
+    return {
+      allowed: true,
+      reason: "Last commit is yours",
+      details,
+    };
+  }
+
+  // それ以外はブロック
+  return {
+    allowed: false,
+    reason: `Last commit is by someone else (${authorEmail})`,
+    details,
+  };
+}

package/src/commands/check.ts

@@ -0,0 +1,45 @@
+import { Command } from "commander";
+import { loadConfig } from "../config";
+import { checkPush } from "../checker";
+import { isGitRepository, hasCommits } from "../git";
+import { printError, printCheckResultJson, printCheckResultHuman } from "./utils";
+
+/**
+ * checkコマンドを作成
+ */
+export function createCheckCommand(): Command {
+  return new Command("check")
+    .description("Check if push is allowed")
+    .option("--json", "Output result as JSON")
+    .action(async (options: { json?: boolean }) => {
+      try {
+        // Gitリポジトリ内か確認
+        if (!(await isGitRepository())) {
+          printError("Not a git repository");
+          process.exit(1);
+        }
+
+        // コミットが存在するか確認
+        if (!(await hasCommits())) {
+          printError("No commits found");
+          process.exit(1);
+        }
+
+        const config = loadConfig();
+        const result = await checkPush(config);
+
+        if (options.json) {
+          printCheckResultJson(result);
+        } else {
+          printCheckResultHuman(result);
+        }
+
+        process.exit(result.allowed ? 0 : 1);
+      } catch (error) {
+        printError(
+          `Check failed: ${error instanceof Error ? error.message : String(error)}`
+        );
+        process.exit(1);
+      }
+    });
+}

package/src/commands/config.ts

@@ -0,0 +1,89 @@
+import { Command } from "commander";
+import {
+  getConfigPath,
+  loadConfig,
+  initConfig,
+  configExists,
+} from "../config";
+import { printSuccess, printError, printInfo } from "./utils";
+
+/**
+ * configサブコマンドを作成
+ */
+export function createConfigCommand(): Command {
+  const config = new Command("config").description("Manage configuration");
+
+  config
+    .command("init")
+    .description("Initialize configuration file")
+    .option("-f, --force", "Overwrite existing configuration")
+    .action((options: { force?: boolean }) => {
+      try {
+        const result = initConfig(undefined, options.force);
+
+        if (result.created) {
+          printSuccess(`Configuration file created at: ${result.path}`);
+        } else {
+          printInfo(`Configuration file already exists at: ${result.path}`);
+          printInfo("Use --force to overwrite");
+        }
+      } catch (error) {
+        printError(
+          `Failed to initialize config: ${error instanceof Error ? error.message : String(error)}`
+        );
+        process.exit(1);
+      }
+    });
+
+  config
+    .command("show")
+    .description("Show current configuration")
+    .option("--json", "Output as JSON")
+    .action((options: { json?: boolean }) => {
+      try {
+        const configPath = getConfigPath();
+        const exists = configExists();
+        const configData = loadConfig();
+
+        if (options.json) {
+          console.log(
+            JSON.stringify(
+              {
+                path: configPath,
+                exists,
+                config: configData,
+              },
+              null,
+              2
+            )
+          );
+        } else {
+          console.log("");
+          console.log("Configuration:");
+          console.log(`  Path: ${configPath}`);
+          console.log(`  Exists: ${exists ? "Yes" : "No (using defaults)"}`);
+          console.log("");
+          console.log("Settings:");
+          console.log(
+            `  forbiddenPaths: ${JSON.stringify(configData.forbiddenPaths)}`
+          );
+          console.log(`  onForbidden: ${configData.onForbidden}`);
+          console.log("");
+        }
+      } catch (error) {
+        printError(
+          `Failed to load config: ${error instanceof Error ? error.message : String(error)}`
+        );
+        process.exit(1);
+      }
+    });
+
+  config
+    .command("path")
+    .description("Show configuration file path")
+    .action(() => {
+      console.log(getConfigPath());
+    });
+
+  return config;
+}

package/src/commands/push.ts

@@ -0,0 +1,114 @@
+import { Command } from "commander";
+import { loadConfig } from "../config";
+import { checkPush } from "../checker";
+import { isGitRepository, hasCommits, execPush } from "../git";
+import {
+  printError,
+  printSuccess,
+  printWarning,
+  printCheckResultHuman,
+  promptConfirm,
+} from "./utils";
+
+/**
+ * pushコマンドを作成
+ */
+export function createPushCommand(): Command {
+  return new Command("push")
+    .description("Check and push if allowed")
+    .option("-f, --force", "Bypass safety checks")
+    .option("--dry-run", "Show what would be pushed without actually pushing")
+    .action(async (options: { force?: boolean; dryRun?: boolean }) => {
+      try {
+        // Gitリポジトリ内か確認
+        if (!(await isGitRepository())) {
+          printError("Not a git repository");
+          process.exit(1);
+        }
+
+        // コミットが存在するか確認
+        if (!(await hasCommits())) {
+          printError("No commits found");
+          process.exit(1);
+        }
+
+        const config = loadConfig();
+
+        // --forceオプションが指定されている場合はチェックをスキップ
+        if (options.force) {
+          printWarning("Safety checks bypassed with --force");
+
+          if (options.dryRun) {
+            printSuccess("Dry run: would push (checks bypassed)");
+            process.exit(0);
+          }
+
+          const result = await execPush();
+          if (result.success) {
+            printSuccess("Push successful");
+            process.exit(0);
+          } else {
+            printError(`Push failed: ${result.output}`);
+            process.exit(1);
+          }
+        }
+
+        // 通常のチェックを実行
+        const checkResult = await checkPush(config);
+        printCheckResultHuman(checkResult);
+
+        if (!checkResult.allowed) {
+          // onForbiddenの設定に応じて動作を変更
+          if (
+            config.onForbidden === "prompt" &&
+            checkResult.details.hasForbiddenChanges
+          ) {
+            const confirmed = await promptConfirm(
+              "Push is blocked due to forbidden changes. Push anyway?"
+            );
+
+            if (confirmed) {
+              if (options.dryRun) {
+                printSuccess("Dry run: would push (user confirmed)");
+                process.exit(0);
+              }
+
+              const result = await execPush();
+              if (result.success) {
+                printSuccess("Push successful");
+                process.exit(0);
+              } else {
+                printError(`Push failed: ${result.output}`);
+                process.exit(1);
+              }
+            } else {
+              printError("Push cancelled by user");
+              process.exit(1);
+            }
+          }
+
+          process.exit(1);
+        }
+
+        // チェック通過、pushを実行
+        if (options.dryRun) {
+          printSuccess("Dry run: would push");
+          process.exit(0);
+        }
+
+        const result = await execPush();
+        if (result.success) {
+          printSuccess("Push successful");
+          process.exit(0);
+        } else {
+          printError(`Push failed: ${result.output}`);
+          process.exit(1);
+        }
+      } catch (error) {
+        printError(
+          `Push failed: ${error instanceof Error ? error.message : String(error)}`
+        );
+        process.exit(1);
+      }
+    });
+}

package/src/commands/utils.ts

@@ -0,0 +1,86 @@
+import type { CheckResult } from "../types";
+
+/**
+ * 成功メッセージを表示
+ */
+export function printSuccess(message: string): void {
+  console.log(`✅ ${message}`);
+}
+
+/**
+ * エラーメッセージを表示
+ */
+export function printError(message: string): void {
+  console.error(`❌ ${message}`);
+}
+
+/**
+ * 警告メッセージを表示
+ */
+export function printWarning(message: string): void {
+  console.warn(`⚠️  ${message}`);
+}
+
+/**
+ * 情報メッセージを表示
+ */
+export function printInfo(message: string): void {
+  console.log(`ℹ️  ${message}`);
+}
+
+/**
+ * チェック結果をJSON形式で出力
+ */
+export function printCheckResultJson(result: CheckResult): void {
+  console.log(JSON.stringify(result, null, 2));
+}
+
+/**
+ * チェック結果を人間が読みやすい形式で出力
+ */
+export function printCheckResultHuman(result: CheckResult): void {
+  const { allowed, reason, details } = result;
+
+  console.log("");
+  console.log("═══════════════════════════════════════");
+  console.log(allowed ? "✅ Push ALLOWED" : "❌ Push BLOCKED");
+  console.log("═══════════════════════════════════════");
+  console.log("");
+  console.log(`Reason: ${reason}`);
+  console.log("");
+  console.log("Details:");
+  console.log(`  Branch:              ${details.currentBranch}`);
+  console.log(`  New branch:          ${details.isNewBranch ? "Yes" : "No"}`);
+  console.log(`  Last commit author:  ${details.authorEmail}`);
+  console.log(`  Local user email:    ${details.localEmail}`);
+  console.log(
+    `  Own last commit:     ${details.isOwnLastCommit ? "Yes" : "No"}`
+  );
+  console.log(
+    `  Forbidden changes:   ${details.hasForbiddenChanges ? "Yes" : "No"}`
+  );
+
+  if (details.forbiddenFiles.length > 0) {
+    console.log("");
+    console.log("Forbidden files changed:");
+    for (const file of details.forbiddenFiles) {
+      console.log(`  - ${file}`);
+    }
+  }
+  console.log("");
+}
+
+/**
+ * ユーザーに確認を求める（y/n）
+ */
+export async function promptConfirm(message: string): Promise<boolean> {
+  const prompt = `${message} [y/N]: `;
+  process.stdout.write(prompt);
+
+  for await (const line of console) {
+    const answer = line.trim().toLowerCase();
+    return answer === "y" || answer === "yes";
+  }
+
+  return false;
+}

package/src/config.ts

@@ -0,0 +1,117 @@
+import * as fs from "node:fs";
+import * as path from "node:path";
+import * as os from "node:os";
+import * as jsonc from "jsonc-parser";
+import { ConfigSchema, ConfigError, type Config } from "./types";
+
+/**
+ * 設定ファイルのデフォルトパス
+ */
+export function getConfigPath(): string {
+  return path.join(os.homedir(), ".config", "safe-push", "config.jsonc");
+}
+
+/**
+ * デフォルト設定
+ */
+export function getDefaultConfig(): Config {
+  return {
+    forbiddenPaths: [".github/"],
+    onForbidden: "error",
+  };
+}
+
+/**
+ * 設定ファイルが存在するか確認
+ */
+export function configExists(configPath?: string): boolean {
+  const filePath = configPath ?? getConfigPath();
+  return fs.existsSync(filePath);
+}
+
+/**
+ * 設定ファイルを読み込む
+ */
+export function loadConfig(configPath?: string): Config {
+  const filePath = configPath ?? getConfigPath();
+
+  if (!fs.existsSync(filePath)) {
+    // 設定ファイルがない場合はデフォルト設定を返す
+    return getDefaultConfig();
+  }
+
+  try {
+    const content = fs.readFileSync(filePath, "utf-8");
+    const errors: jsonc.ParseError[] = [];
+    const parsed = jsonc.parse(content, errors);
+
+    if (errors.length > 0) {
+      const errorMessages = errors
+        .map(
+          (e) => `${jsonc.printParseErrorCode(e.error)} at offset ${e.offset}`
+        )
+        .join(", ");
+      throw new ConfigError(
+        `Failed to parse config file: ${errorMessages}`,
+        filePath
+      );
+    }
+
+    const result = ConfigSchema.safeParse(parsed);
+    if (!result.success) {
+      const issues = result.error.issues
+        .map((i) => `${i.path.join(".")}: ${i.message}`)
+        .join(", ");
+      throw new ConfigError(`Invalid config: ${issues}`, filePath);
+    }
+
+    return result.data;
+  } catch (error) {
+    if (error instanceof ConfigError) {
+      throw error;
+    }
+    throw new ConfigError(
+      `Failed to read config file: ${error instanceof Error ? error.message : String(error)}`,
+      filePath
+    );
+  }
+}
+
+/**
+ * 設定ファイルを保存する
+ */
+export function saveConfig(config: Config, configPath?: string): void {
+  const filePath = configPath ?? getConfigPath();
+  const dir = path.dirname(filePath);
+
+  if (!fs.existsSync(dir)) {
+    fs.mkdirSync(dir, { recursive: true });
+  }
+
+  const content = `{
+  // 禁止エリア（Globパターン）
+  "forbiddenPaths": ${JSON.stringify(config.forbiddenPaths, null, 4).replace(/\n/g, "\n  ")},
+  // 禁止時の動作: "error" | "prompt"
+  "onForbidden": "${config.onForbidden}"
+}
+`;
+
+  fs.writeFileSync(filePath, content, "utf-8");
+}
+
+/**
+ * 設定ファイルを初期化（既存の場合は上書きしない）
+ */
+export function initConfig(
+  configPath?: string,
+  force = false
+): { created: boolean; path: string } {
+  const filePath = configPath ?? getConfigPath();
+
+  if (fs.existsSync(filePath) && !force) {
+    return { created: false, path: filePath };
+  }
+
+  saveConfig(getDefaultConfig(), filePath);
+  return { created: true, path: filePath };
+}