Commit Graph

4 Commits

Author SHA1 Message Date
Дмитрий b0cd18d797 fix(router-gate): quote-aware redirect detector + drop dead override-phrase ads
Квирк 2: новый stripQuotedSpans делает детектор stdout/stderr-редиректа
кавычко-осознанным — `>` / `2>` ВНУТРИ кавыченного аргумента (текст коммита
с <email>, "2>1") больше не ложно-блокируется; настоящие редиректы (оператор
вне кавычек) блокируются как прежде. RED→GREEN, существующие redirect/cd-app
кейсы целы.

1A: убрана реклама мёртвых override-фраз (findOverride — заглушка v4, фразы
не работают): баннер enforce-prompt-injection (каждый UserPromptSubmit) +
block-сообщения enforce-verify-before-push / coverage-verify / memory-coverage
/ tdd-gate (×3). Каждый фикс залочен негативным тестом.

Сознательно НЕ делали: калибровку 6 судьи (читать чат-контекст) и ослабление
exact-match approve (квирк 3) — это рубежи защиты, их трогать нельзя.

Регрессия vitest tools-only: 1989 passed | 2 skipped (verify через
npx vitest run --root app --config vitest.config.tools.mjs).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-05-31 14:05:52 +03:00
Дмитрий 8266755c2e feat(enforce-verify-before-push): docs-only short-circuit
The verify-before-push hook now skips the regression gate when EVERY
staged/unpushed file is a .md document (memory, docs, specs, plans,
SKILL.md). Code-touching pushes remain fully gated as before; mixed
pushes (even one non-md file) keep the full gate.

Closes the recurring loop where Claude invokes the "ремонт инфраструктуры"
override on every docs-only push — regression adds no value when the
change set has no executable code.

New helpers (tools/enforce-hook-helpers.mjs):
  - isDocsOnlyPath(p): true iff path ends with .md (case-insensitive)
  - isDocsOnlyChange(paths): true iff non-empty AND every entry docs-only
  - listChangedFiles(kind): git diff --cached (commit) / @{u}..HEAD (push)
    Empty result = unknown -> caller MUST fall through to normal gate.

decide() in enforce-verify-before-push.mjs accepts a new changedPaths
arg and short-circuits {block: false} when isDocsOnlyChange === true.
Empty/undefined -> falls through (conservative).

TDD: 13 new tests across enforce-hook-helpers.test.mjs + enforce-verify-
before-push.test.mjs, all GREEN. Tools-only canonical regression 965/965.
2026-05-27 08:23:17 +03:00
Дмитрий 165f1ed993 fix(hooks): findOverrideAttempt + helpful diagnostic for silent-reject when justification missing. Resolves UX bug where enforce-verify-before-push silently rejected master overrides without justification line. Now emits explicit diagnostic. 132/132 hook tests green. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> 2026-05-26 15:53:04 +03:00
Дмитрий b6a0938ccd feat(enforce): T4 — Rule #4 verify-before-push + companion PostToolUse recorder 2026-05-25 18:17:56 +03:00