Code-quality review of Task B (Phase 4) flagged two minor fixes:
- Export CHAIN_OUTCOME_BUCKETS for external consumers (test + future cuts)
no longer hard-code bucket names.
- Replace fs.readFileSync via duplicate `import fs from 'fs'` with the
already-imported named `readFileSync` in helpers test.
+1 regression test on the export.
The verify-before-push hook now skips the regression gate when EVERY
staged/unpushed file is a .md document (memory, docs, specs, plans,
SKILL.md). Code-touching pushes remain fully gated as before; mixed
pushes (even one non-md file) keep the full gate.
Closes the recurring loop where Claude invokes the "ремонт инфраструктуры"
override on every docs-only push — regression adds no value when the
change set has no executable code.
New helpers (tools/enforce-hook-helpers.mjs):
- isDocsOnlyPath(p): true iff path ends with .md (case-insensitive)
- isDocsOnlyChange(paths): true iff non-empty AND every entry docs-only
- listChangedFiles(kind): git diff --cached (commit) / @{u}..HEAD (push)
Empty result = unknown -> caller MUST fall through to normal gate.
decide() in enforce-verify-before-push.mjs accepts a new changedPaths
arg and short-circuits {block: false} when isDocsOnlyChange === true.
Empty/undefined -> falls through (conservative).
TDD: 13 new tests across enforce-hook-helpers.test.mjs + enforce-verify-
before-push.test.mjs, all GREEN. Tools-only canonical regression 965/965.
Brain-retro #5 candidate C, hole 7: the 'ремонт инфраструктуры' phrase
suppressed ALL rule keys with no constraint. Now requires a 'ремонт: <what>'
line in the same prompt documenting the target.
enforce-override-vocab.json: added 'requires_justification: "ремонт:"' to
the entry.
enforce-hook-helpers.mjs findOverride(): honors requires_justification — when
set, the user prompt must contain '<prefix> <non-empty-text>' or the override
is rejected.
Previous segment-split approach still mis-detected because naive && split
also splits INSIDE quoted commit messages. A git commit with a body like
'... npx vitest run ...' produced a segment starting with vitest after split.
New approach: find FIRST real command (after skipping cd / env-prefix),
classify based on that. Anything after it is arguments / chained commands,
which don't change the kind. Hard guard rejects first-real ∈ {git, scp, ssh,
curl, cat, echo, grep, cp, mv, ...}.
Found live: my own commit message from the previous fix ('handles compound
commands like cd ... && npx vitest run') caused the verify-pass sentinel to
overwrite as fail. Test for this case in helpers.test.mjs.
Previous guard ("any \b(git|cat|echo)\s/ → null") was too aggressive: it
blocked legitimate compound test commands like `cd ... && npx vitest run`
or `npx vitest run && echo done`.
New approach: split on shell separators, examine each segment after stripping
env-prefix and `cd` prefix. A command is a test run iff some segment STARTS
with a recognised test-invocation token. Correctly handles both directions:
- false-positive guard (commit message containing 'vitest run' → null)
- false-negative fix (compound 'cd ... && vitest run' → vitest-full)
Live-caught by my own TDD-gate: prod-edit blocked, wrote tests first, RED
verified, then GREEN. 59/59 unit tests pass.
Дмитрий