De-fork the hook: migrate cli-guard dep to forgejo module and adopt the shared engine #36

Closed
opened 2026-06-03 22:12:44 +00:00 by coilysiren · 0 comments
Owner

Context

ward pinned the old github.com/coilysiren/cli-guard module path (a stale pseudo-version) and forked the hook engine — its own copies of splitSegments, stripEnvPrefix, leadingToken, checkBinaryPath, and the route tables — instead of consuming cli-guard's hook package. That drift means new framework primitives (e.g. the basename-aware protected-binary deny from cli-guard #55) don't reach ward.

This blocks the protected-binary half of #4.

Change

De-fork, behavior-preserving:

  1. Migrate the cli-guard dependency from github.com/coilysiren/cli-guard to the canonical forgejo.coilysiren.me/coilyco-flight-deck/cli-guard module. Set GOPRIVATE.
  2. Adopt cli-guard's hook package for the Bash decision path: pass ward's route tables as []hook.Route (gh-GraphQL suffix via Route.Extra), the guard-binary integrity as []hook.IntegrityRule, and delegate to hook.PreToolUse. Delete ward's duplicated primitives.
  3. Keep ward-specific orchestration that isn't in the engine: the file-write sidequest-registry conflict check (non-Bash tools) and guard detection (coily vs ward route table).

Existing cmd/ward hook tests must keep passing unchanged. The protected-binary wiring (security config → hook.Protected) and doctor security land on top, under #4.

Acceptance

  • ward builds and tests green against the forgejo cli-guard module.
  • No github.com/coilysiren/cli-guard references remain.
  • ward's hook decision for Bash routes/integrity is produced by cli-guard/hook, not a fork.
  • File-write registry conflict behavior unchanged.
## Context ward pinned the old `github.com/coilysiren/cli-guard` module path (a stale pseudo-version) and **forked the hook engine** — its own copies of `splitSegments`, `stripEnvPrefix`, `leadingToken`, `checkBinaryPath`, and the route tables — instead of consuming cli-guard's `hook` package. That drift means new framework primitives (e.g. the basename-aware protected-binary deny from cli-guard #55) don't reach ward. This blocks the protected-binary half of #4. ## Change De-fork, behavior-preserving: 1. Migrate the cli-guard dependency from `github.com/coilysiren/cli-guard` to the canonical `forgejo.coilysiren.me/coilyco-flight-deck/cli-guard` module. Set `GOPRIVATE`. 2. Adopt cli-guard's `hook` package for the Bash decision path: pass ward's route tables as `[]hook.Route` (gh-GraphQL suffix via `Route.Extra`), the guard-binary integrity as `[]hook.IntegrityRule`, and delegate to `hook.PreToolUse`. Delete ward's duplicated primitives. 3. Keep ward-specific orchestration that isn't in the engine: the file-write sidequest-registry conflict check (non-Bash tools) and guard detection (coily vs ward route table). Existing `cmd/ward` hook tests must keep passing unchanged. The protected-binary wiring (security config → `hook.Protected`) and `doctor security` land on top, under #4. ## Acceptance - ward builds and tests green against the forgejo cli-guard module. - No `github.com/coilysiren/cli-guard` references remain. - ward's hook decision for Bash routes/integrity is produced by `cli-guard/hook`, not a fork. - File-write registry conflict behavior unchanged.
Sign in to join this conversation.
No milestone
No project
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
coilyco-flight-deck/ward#36
No description provided.