Adopt cli-guard gittree: real dirty-tree gating + --audit-override-dirty #57

Closed
opened 2026-06-06 04:05:46 +00:00 by coilysiren · 0 comments
Owner

Summary

Adopt cli-guard's gittree (plus its ttlcache backing) so ward's "refuses repo-shaped verbs on a dirty tree" guarantee is backed by the same inspector coily uses, and add the --audit-override-dirty escape valve ward currently lacks.

Motivation

Ward's README and FEATURES claim it "refuses repo-shaped verbs on a dirty tree," but ward does not import cli-guard/gittree. It open-codes a bare git rev-parse --show-toplevel in cmd/ward/install_hooks.go and otherwise relies on whatever the verb layer provides. coily imports gittree + ttlcache and wires the full clean/synced/ahead gating plus a documented --audit-override-dirty bypass that tags the audit row (audit_override=true) and captures working-tree status.

This is the highest-value Tier 1 pull from the coily->ward inventory: it makes ward's headline safety claim real rather than aspirational.

Scope

  • Import cli-guard/gittree and cli-guard/ttlcache in ward.
  • Route the dirty-tree refusal on ward exec repo verbs through gittree's clean+synced check.
  • Add a --audit-override-dirty root/exec flag mirroring coily's: bypasses the gate, tags the audit row, captures status. Emergencies only.
  • Replace the open-coded gitToplevel helper with the shared path where it makes sense.
  • Update docs/exec-verb.md and docs/FEATURES.md.

Out of scope

No profile evaluator / lockdown-profile adoption (ward intentionally injects nil).

Boundary check

Contributor-safe: this is dev-verb gating, not an ops verb.

## Summary Adopt cli-guard's `gittree` (plus its `ttlcache` backing) so ward's "refuses repo-shaped verbs on a dirty tree" guarantee is backed by the same inspector coily uses, and add the `--audit-override-dirty` escape valve ward currently lacks. ## Motivation Ward's README and FEATURES claim it "refuses repo-shaped verbs on a dirty tree," but ward does not import `cli-guard/gittree`. It open-codes a bare `git rev-parse --show-toplevel` in `cmd/ward/install_hooks.go` and otherwise relies on whatever the verb layer provides. coily imports `gittree` + `ttlcache` and wires the full clean/synced/ahead gating plus a documented `--audit-override-dirty` bypass that tags the audit row (`audit_override=true`) and captures working-tree status. This is the highest-value Tier 1 pull from the coily->ward inventory: it makes ward's headline safety claim real rather than aspirational. ## Scope - Import `cli-guard/gittree` and `cli-guard/ttlcache` in ward. - Route the dirty-tree refusal on `ward exec` repo verbs through `gittree`'s clean+synced check. - Add a `--audit-override-dirty` root/exec flag mirroring coily's: bypasses the gate, tags the audit row, captures status. Emergencies only. - Replace the open-coded `gitToplevel` helper with the shared path where it makes sense. - Update `docs/exec-verb.md` and `docs/FEATURES.md`. ## Out of scope No profile evaluator / lockdown-profile adoption (ward intentionally injects nil). ## Boundary check Contributor-safe: this is dev-verb gating, not an ops verb.
Sign in to join this conversation.
No milestone
No project
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
coilyco-flight-deck/ward#57
No description provided.