npm - safe-push - Versions diffs - 0.2.0 → 0.3.0 - Mend

safe-push 0.2.0 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

package/dist/index.js CHANGED Viewed

@@ -6704,9 +6704,11 @@ var coerce = {
 var NEVER = INVALID;
 // src/types.ts
 var OnForbiddenSchema = exports_external.enum(["error", "prompt"]);
+var RepoVisibilitySchema = exports_external.enum(["public", "private", "internal"]);
 var ConfigSchema = exports_external.object({
   forbiddenPaths: exports_external.array(exports_external.string()).default([".github/"]),
-  onForbidden: OnForbiddenSchema.default("error")
+  onForbidden: OnForbiddenSchema.default("error"),
+  allowedVisibility: exports_external.array(RepoVisibilitySchema).optional()
 });
 class GitError extends Error {
@@ -6775,12 +6777,15 @@ function saveConfig(config, configPath) {
   if (!fs.existsSync(dir)) {
     fs.mkdirSync(dir, { recursive: true });
   }
+  const allowedVisibilitySection = config.allowedVisibility ? `,
+  // \u8A31\u53EF\u3059\u308B\u30EA\u30DD\u30B8\u30C8\u30EA visibility: "public" | "private" | "internal"
+  "allowedVisibility": ${JSON.stringify(config.allowedVisibility)}` : "";
   const content = `{
   // \u7981\u6B62\u30A8\u30EA\u30A2\uFF08Glob\u30D1\u30BF\u30FC\u30F3\uFF09
   "forbiddenPaths": ${JSON.stringify(config.forbiddenPaths, null, 4).replace(/\n/g, `
   `)},
   // \u7981\u6B62\u6642\u306E\u52D5\u4F5C: "error" | "prompt"
-  "onForbidden": "${config.onForbidden}"
+  "onForbidden": "${config.onForbidden}"${allowedVisibilitySection}
 }
 `;
   fs.writeFileSync(filePath, content, "utf-8");
@@ -6859,15 +6864,21 @@ async function getDiffFiles(remote = "origin") {
 `).filter(Boolean);
 }
 async function execPush(args = [], remote = "origin") {
-  const branch = await getCurrentBranch();
-  const isNew = await isNewBranch(remote);
-  const pushArgs = ["push"];
-  if (isNew) {
-    pushArgs.push("-u");
-  }
-  pushArgs.push(remote, branch);
-  if (args.length > 0) {
-    pushArgs.push(...args);
+  let pushArgs;
+  const hasUserRefspec = args.some((arg) => !arg.startsWith("-"));
+  if (hasUserRefspec) {
+    pushArgs = ["push", ...args];
+  } else {
+    const branch = await getCurrentBranch();
+    const isNew = await isNewBranch(remote);
+    pushArgs = ["push"];
+    const hasSetUpstream = args.some((a) => a === "-u" || a === "--set-upstream");
+    if (isNew || hasSetUpstream) {
+      pushArgs.push("-u");
+    }
+    pushArgs.push(remote, branch);
+    const remainingFlags = args.filter((a) => a !== "-u" && a !== "--set-upstream");
+    pushArgs.push(...remainingFlags);
   }
   try {
     const output = await execGit(pushArgs);
@@ -6882,6 +6893,20 @@ async function execPush(args = [], remote = "origin") {
     };
   }
 }
+async function getRepoVisibility() {
+  const command = "gh repo view --json visibility --jq '.visibility'";
+  try {
+    const result = await $`gh repo view --json visibility --jq .visibility`.quiet();
+    return result.stdout.toString().trim().toLowerCase();
+  } catch (error) {
+    if (error && typeof error === "object" && "exitCode" in error) {
+      const exitCode = error.exitCode;
+      const stderr = "stderr" in error ? String(error.stderr) : "";
+      throw new GitError(`Failed to get repository visibility: ${stderr || command}`, command, exitCode);
+    }
+    throw new GitError(`Failed to get repository visibility: ${command}`, command, null);
+  }
+}
 async function isGitRepository() {
   try {
     await execGit(["rev-parse", "--git-dir"]);
@@ -6900,6 +6925,18 @@ async function hasCommits() {
 }
 // src/checker.ts
+async function checkVisibility(allowedVisibility) {
+  if (!allowedVisibility || allowedVisibility.length === 0) {
+    return null;
+  }
+  const visibility = await getRepoVisibility();
+  const allowed = allowedVisibility.includes(visibility);
+  return {
+    allowed,
+    reason: allowed ? `Repository visibility "${visibility}" is allowed` : `Repository visibility "${visibility}" is not in allowed list: [${allowedVisibility.join(", ")}]`,
+    visibility
+  };
+}
 function matchesForbiddenPath(filePath, forbiddenPaths) {
   for (const pattern of forbiddenPaths) {
     if (pattern.endsWith("/")) {
@@ -6998,6 +7035,10 @@ function printCheckResultHuman(result) {
   console.log(`  Local user email:    ${details.localEmail}`);
   console.log(`  Own last commit:     ${details.isOwnLastCommit ? "Yes" : "No"}`);
   console.log(`  Forbidden changes:   ${details.hasForbiddenChanges ? "Yes" : "No"}`);
+  if (details.repoVisibility !== undefined) {
+    console.log(`  Repo visibility:     ${details.repoVisibility}`);
+    console.log(`  Visibility allowed:  ${details.visibilityAllowed ? "Yes" : "No"}`);
+  }
   if (details.forbiddenFiles.length > 0) {
     console.log("");
     console.log("Forbidden files changed:");
@@ -7031,6 +7072,24 @@ function createCheckCommand() {
       }
       const config = loadConfig();
       const result = await checkPush(config);
+      if (config.allowedVisibility && config.allowedVisibility.length > 0) {
+        try {
+          const visibilityResult = await checkVisibility(config.allowedVisibility);
+          if (visibilityResult) {
+            result.details.repoVisibility = visibilityResult.visibility;
+            result.details.visibilityAllowed = visibilityResult.allowed;
+            if (!visibilityResult.allowed) {
+              result.allowed = false;
+              result.reason = visibilityResult.reason;
+            }
+          }
+        } catch (error) {
+          result.details.repoVisibility = "unknown";
+          result.details.visibilityAllowed = false;
+          result.allowed = false;
+          result.reason = `Failed to check repository visibility. Ensure 'gh' CLI is installed and authenticated.`;
+        }
+      }
       if (options.json) {
         printCheckResultJson(result);
       } else {
@@ -7058,6 +7117,19 @@ function createPushCommand() {
         process.exit(1);
       }
       const config = loadConfig();
+      if (config.allowedVisibility && config.allowedVisibility.length > 0) {
+        try {
+          const visibilityResult = await checkVisibility(config.allowedVisibility);
+          if (visibilityResult && !visibilityResult.allowed) {
+            printError(visibilityResult.reason);
+            process.exit(1);
+          }
+        } catch (error) {
+          printError(`Failed to check repository visibility. Ensure 'gh' CLI is installed and authenticated.
+  ${error instanceof Error ? error.message : String(error)}`);
+          process.exit(1);
+        }
+      }
       if (options.force) {
         printWarning("Safety checks bypassed with --force");
         if (options.dryRun) {
@@ -7154,6 +7226,7 @@ function createConfigCommand() {
         console.log("Settings:");
         console.log(`  forbiddenPaths: ${JSON.stringify(configData.forbiddenPaths)}`);
         console.log(`  onForbidden: ${configData.onForbidden}`);
+        console.log(`  allowedVisibility: ${configData.allowedVisibility ? JSON.stringify(configData.allowedVisibility) : "(not set - all visibilities allowed)"}`);
         console.log("");
       }
     } catch (error) {

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "safe-push",
-  "version": "0.2.0",
+  "version": "0.3.0",
   "description": "Git push safety checker - blocks pushes to forbidden areas",
   "type": "module",
   "bin": {

package/src/checker.ts CHANGED Viewed

@@ -1,12 +1,45 @@
-import type { Config, CheckResult } from "./types";
+import type { Config, CheckResult, RepoVisibility } from "./types";
 import {
   getCurrentBranch,
   isNewBranch,
   getLastCommitAuthorEmail,
   getLocalEmail,
   getDiffFiles,
+  getRepoVisibility,
 } from "./git";
+/**
+ * Visibility チェック結果
+ */
+export interface VisibilityCheckResult {
+  allowed: boolean;
+  reason: string;
+  visibility: string;
+}
+/**
+ * リポジトリの visibility が許可リストに含まれるかチェック
+ * allowedVisibility が未設定または空配列の場合は null を返す（チェック不要）
+ */
+export async function checkVisibility(
+  allowedVisibility?: RepoVisibility[]
+): Promise<VisibilityCheckResult | null> {
+  if (!allowedVisibility || allowedVisibility.length === 0) {
+    return null;
+  }
+  const visibility = await getRepoVisibility();
+  const allowed = allowedVisibility.includes(visibility as RepoVisibility);
+  return {
+    allowed,
+    reason: allowed
+      ? `Repository visibility "${visibility}" is allowed`
+      : `Repository visibility "${visibility}" is not in allowed list: [${allowedVisibility.join(", ")}]`,
+    visibility,
+  };
+}
 /**
  * ファイルパスが禁止パターンにマッチするか判定
  */

package/src/commands/check.ts CHANGED Viewed

@@ -1,6 +1,6 @@
 import { Command } from "commander";
 import { loadConfig } from "../config";
-import { checkPush } from "../checker";
+import { checkPush, checkVisibility } from "../checker";
 import { isGitRepository, hasCommits } from "../git";
 import { printError, printCheckResultJson, printCheckResultHuman } from "./utils";
@@ -28,6 +28,26 @@ export function createCheckCommand(): Command {
         const config = loadConfig();
         const result = await checkPush(config);
+        // visibility チェック
+        if (config.allowedVisibility && config.allowedVisibility.length > 0) {
+          try {
+            const visibilityResult = await checkVisibility(config.allowedVisibility);
+            if (visibilityResult) {
+              result.details.repoVisibility = visibilityResult.visibility;
+              result.details.visibilityAllowed = visibilityResult.allowed;
+              if (!visibilityResult.allowed) {
+                result.allowed = false;
+                result.reason = visibilityResult.reason;
+              }
+            }
+          } catch (error) {
+            result.details.repoVisibility = "unknown";
+            result.details.visibilityAllowed = false;
+            result.allowed = false;
+            result.reason = `Failed to check repository visibility. Ensure 'gh' CLI is installed and authenticated.`;
+          }
+        }
         if (options.json) {
           printCheckResultJson(result);
         } else {

package/src/commands/config.ts CHANGED Viewed

@@ -68,6 +68,9 @@ export function createConfigCommand(): Command {
             `  forbiddenPaths: ${JSON.stringify(configData.forbiddenPaths)}`
           );
           console.log(`  onForbidden: ${configData.onForbidden}`);
+          console.log(
+            `  allowedVisibility: ${configData.allowedVisibility ? JSON.stringify(configData.allowedVisibility) : "(not set - all visibilities allowed)"}`
+          );
           console.log("");
         }
       } catch (error) {

package/src/commands/push.ts CHANGED Viewed

@@ -1,6 +1,6 @@
 import { Command } from "commander";
 import { loadConfig } from "../config";
-import { checkPush } from "../checker";
+import { checkPush, checkVisibility } from "../checker";
 import { isGitRepository, hasCommits, execPush } from "../git";
 import {
   printError,
@@ -36,6 +36,22 @@ export function createPushCommand(): Command {
         const config = loadConfig();
+        // visibility チェック（--force でもバイパスできない）
+        if (config.allowedVisibility && config.allowedVisibility.length > 0) {
+          try {
+            const visibilityResult = await checkVisibility(config.allowedVisibility);
+            if (visibilityResult && !visibilityResult.allowed) {
+              printError(visibilityResult.reason);
+              process.exit(1);
+            }
+          } catch (error) {
+            printError(
+              `Failed to check repository visibility. Ensure 'gh' CLI is installed and authenticated.\n  ${error instanceof Error ? error.message : String(error)}`
+            );
+            process.exit(1);
+          }
+        }
         // --forceオプションが指定されている場合はチェックをスキップ
         if (options.force) {
           printWarning("Safety checks bypassed with --force");

package/src/commands/utils.ts CHANGED Viewed

@@ -60,6 +60,13 @@ export function printCheckResultHuman(result: CheckResult): void {
     `  Forbidden changes:   ${details.hasForbiddenChanges ? "Yes" : "No"}`
   );
+  if (details.repoVisibility !== undefined) {
+    console.log(`  Repo visibility:     ${details.repoVisibility}`);
+    console.log(
+      `  Visibility allowed:  ${details.visibilityAllowed ? "Yes" : "No"}`
+    );
+  }
   if (details.forbiddenFiles.length > 0) {
     console.log("");
     console.log("Forbidden files changed:");

package/src/config.ts CHANGED Viewed

@@ -88,11 +88,15 @@ export function saveConfig(config: Config, configPath?: string): void {
     fs.mkdirSync(dir, { recursive: true });
   }
+  const allowedVisibilitySection = config.allowedVisibility
+    ? `,\n  // 許可するリポジトリ visibility: "public" | "private" | "internal"\n  "allowedVisibility": ${JSON.stringify(config.allowedVisibility)}`
+    : "";
   const content = `{
   // 禁止エリア（Globパターン）
   "forbiddenPaths": ${JSON.stringify(config.forbiddenPaths, null, 4).replace(/\n/g, "\n  ")},
   // 禁止時の動作: "error" | "prompt"
-  "onForbidden": "${config.onForbidden}"
+  "onForbidden": "${config.onForbidden}"${allowedVisibilitySection}
 }
 `;

package/src/git.ts CHANGED Viewed

@@ -106,21 +106,36 @@ export async function execPush(
   args: string[] = [],
   remote = "origin"
 ): Promise<{ success: boolean; output: string }> {
-  const branch = await getCurrentBranch();
-  const isNew = await isNewBranch(remote);
+  let pushArgs: string[];
-  const pushArgs = ["push"];
+  // ユーザーがremote/refspecを明示的に指定したか判定
+  const hasUserRefspec = args.some((arg) => !arg.startsWith("-"));
-  // 新規ブランチの場合は-uオプションを追加
-  if (isNew) {
-    pushArgs.push("-u");
-  }
+  if (hasUserRefspec) {
+    // ユーザー指定のremote/refspecをそのまま使用
+    pushArgs = ["push", ...args];
+  } else {
+    // 自動でremote/branchを決定
+    const branch = await getCurrentBranch();
+    const isNew = await isNewBranch(remote);
+    pushArgs = ["push"];
+    // 新規ブランチ、またはユーザーが-uを指定した場合に追加
+    const hasSetUpstream = args.some(
+      (a) => a === "-u" || a === "--set-upstream"
+    );
+    if (isNew || hasSetUpstream) {
+      pushArgs.push("-u");
+    }
-  pushArgs.push(remote, branch);
+    pushArgs.push(remote, branch);
-  // 追加の引数がある場合
-  if (args.length > 0) {
-    pushArgs.push(...args);
+    // -u/--set-upstream以外のフラグを追加
+    const remainingFlags = args.filter(
+      (a) => a !== "-u" && a !== "--set-upstream"
+    );
+    pushArgs.push(...remainingFlags);
   }
   try {
@@ -137,6 +152,29 @@ export async function execPush(
   }
 }
+/**
+ * リポジトリの visibility を取得（gh CLI を使用）
+ */
+export async function getRepoVisibility(): Promise<string> {
+  const command = "gh repo view --json visibility --jq '.visibility'";
+  try {
+    const result = await $`gh repo view --json visibility --jq .visibility`.quiet();
+    return result.stdout.toString().trim().toLowerCase();
+  } catch (error) {
+    if (error && typeof error === "object" && "exitCode" in error) {
+      const exitCode = (error as { exitCode: number }).exitCode;
+      const stderr =
+        "stderr" in error ? String((error as { stderr: unknown }).stderr) : "";
+      throw new GitError(
+        `Failed to get repository visibility: ${stderr || command}`,
+        command,
+        exitCode
+      );
+    }
+    throw new GitError(`Failed to get repository visibility: ${command}`, command, null);
+  }
+}
 /**
  * Gitリポジトリ内かどうかを確認
  */

package/src/types.ts CHANGED Viewed

@@ -6,12 +6,19 @@ import { z } from "zod";
 export const OnForbiddenSchema = z.enum(["error", "prompt"]);
 export type OnForbidden = z.infer<typeof OnForbiddenSchema>;
+/**
+ * リポジトリの visibility
+ */
+export const RepoVisibilitySchema = z.enum(["public", "private", "internal"]);
+export type RepoVisibility = z.infer<typeof RepoVisibilitySchema>;
 /**
  * 設定ファイルのスキーマ
  */
 export const ConfigSchema = z.object({
   forbiddenPaths: z.array(z.string()).default([".github/"]),
   onForbidden: OnForbiddenSchema.default("error"),
+  allowedVisibility: z.array(RepoVisibilitySchema).optional(),
 });
 export type Config = z.infer<typeof ConfigSchema>;
@@ -29,6 +36,8 @@ export interface CheckResult {
     currentBranch: string;
     authorEmail: string;
     localEmail: string;
+    repoVisibility?: string;
+    visibilityAllowed?: boolean;
   };
 }