v4.0.0: enforcement layers#9
Merged
Merged
Conversation
- detect Anthropic, Google, GitLab, npm, Hugging Face, JWT credentials - report all secret matches per file, not first-only - hooks discover project codewarden.json (exclude_paths/allowlist parity with CI) - cover NotebookEdit and Bash/PowerShell command secrets in Claude hooks - wire pre_flight_trigger_lines as an ask gate; document prompt-only keys Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
- code-warden hooks git installs a marker-managed pre-commit running staged lint+secrets - staged content scanned via git show with exclude/allowlist parity - report --write-baseline / --baseline fail only new or worsened violations - baseline secrets fingerprinted by content hash, never raw values - action.yml and CI template accept a baseline input Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
- code-warden scope set/add/remove/clear/status manages .code-warden/scope.json - write hooks deny out-of-scope edits with auditable expansion trail (Claude + Codex) - scope file self-protected from agent edits - command risk gate classifies Bash/PowerShell commands against risk_policy tiers - blocked tier denies, high tier asks (Claude); configurable command_rules with id overrides Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
- PostToolUse audit ledger with sha256 hash chain, secret redaction, scope-gated enablement - .code-warden/ governance artifacts unconditionally write-protected from agents - SessionStart hook injects architecture context and scope status - opt-in Stop hook blocks completion on fresh lint/secret violations (loop-guarded, baseline-aware) - receipt --from-audit prefills receipts from ledger, scope, and git evidence; broken chains fail validation - hook management generalized across PreToolUse/PostToolUse/SessionStart/Stop Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
- version sync to 4.0.0 across package, skill, and docs - changelog, release notes, and decision log for phases 1-4 - README/CONFIGURE refresh: four enforcement layers, scope lock, risk gate, baseline ratchet, git backstop, audit ledger, corroborated receipts - upgrade note: re-run code-warden hooks claude/codex to register new gates Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Scope locks and audit ledgers are session evidence; receipts are the durable artifact. Keeps dev sessions from committing them accidentally. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Turns Code-Warden's prose rules into machine-enforced gates across four layers: prompt -> runtime hooks -> git backstop -> CI.
code-warden hooks gitinstalls a marker-managed pre-commit scanning staged content (covers every agent and human);report --write-baseline/--baselineratchet mode fails only new or worsened violations so brownfield repos can adopt the Action.code-warden scopeCLI manages.code-warden/scope.json; out-of-scope writes denied in both runtimes with an auditable expansion trail; 16 default command rules (force-push, reset --hard, curl-pipe-sh deny; dependency installs, publish, push ask), configurable viarisk_policy.command_rules..code-warden/unconditionally write-protected from agents; SessionStart context injection; opt-in Stop verification;receipt --from-auditprefills receipts from ledger, scope, and git evidence — broken chains fail validation.Why 4.0.0
scopeGatein the governance report is now an object when a scope lock exists (was always a string)..code-warden/paths are unconditionally write-protected from agents.Upgrade note
Existing users must re-run
code-warden hooks claude(andhooks codex) — old PreToolUse-only registrations keep working but get none of the new gates.Verification
warden-lint.js: all 64 tool files <= 400 linesgovernance-report.js .: PASS (lint/secrets/tests/health/risk) — the repo passes its own gateHonest limits (documented in-release)
Codex has no ask/PostToolUse equivalent (risk gate is deny-only, no ledger there);
git commit --no-verifybypasses the backstop; an agent running the scope CLI itself is visible in-session and recorded inexpansions[].🤖 Generated with Claude Code