Skip to content

v4.0.0: enforcement layers#9

Merged
Kodaxadev merged 6 commits into
mainfrom
feat/enforcement-layers
Jun 11, 2026
Merged

v4.0.0: enforcement layers#9
Kodaxadev merged 6 commits into
mainfrom
feat/enforcement-layers

Conversation

@Kodaxadev

Copy link
Copy Markdown
Owner

Summary

Turns Code-Warden's prose rules into machine-enforced gates across four layers: prompt -> runtime hooks -> git backstop -> CI.

  • Hardening (8715eb8): Anthropic/Google/GitLab/npm/Hugging Face/JWT secret patterns; all matches reported per file; hooks discover the governed project's codewarden.json (CI/hook parity); Claude coverage extended to NotebookEdit + Bash/PowerShell command secrets; pre_flight_trigger_lines wired as an ask gate.
  • Git backstop + baseline (8763bc1): code-warden hooks git installs a marker-managed pre-commit scanning staged content (covers every agent and human); report --write-baseline / --baseline ratchet mode fails only new or worsened violations so brownfield repos can adopt the Action.
  • Scope Lock + Command Risk Gate (2a8f434): code-warden scope CLI manages .code-warden/scope.json; out-of-scope writes denied in both runtimes with an auditable expansion trail; 16 default command rules (force-push, reset --hard, curl-pipe-sh deny; dependency installs, publish, push ask), configurable via risk_policy.command_rules.
  • Audit ledger + lifecycle + corroborated receipts (aff3c71): hash-chained PostToolUse ledger with secret redaction; .code-warden/ unconditionally write-protected from agents; SessionStart context injection; opt-in Stop verification; receipt --from-audit prefills receipts from ledger, scope, and git evidence — broken chains fail validation.
  • Release (91cddd6): version 4.0.0 sync, CHANGELOG, release notes, 8 decision-log entries, both READMEs rewritten around the real enforcement stack with an honest bypass column.

Why 4.0.0

  • scopeGate in the governance report is now an object when a scope lock exists (was always a string).
  • .code-warden/ paths are unconditionally write-protected from agents.
  • Hook registrations expand across PreToolUse/PostToolUse/SessionStart/Stop.

Upgrade note

Existing users must re-run code-warden hooks claude (and hooks codex) — old PreToolUse-only registrations keep working but get none of the new gates.

Verification

  • 133 tests across 15 suites, 0 failures
  • warden-lint.js: all 64 tool files <= 400 lines
  • governance-report.js .: PASS (lint/secrets/tests/health/risk) — the repo passes its own gate

Honest limits (documented in-release)

Codex has no ask/PostToolUse equivalent (risk gate is deny-only, no ledger there); git commit --no-verify bypasses the backstop; an agent running the scope CLI itself is visible in-session and recorded in expansions[].

🤖 Generated with Claude Code

Kodaxadev and others added 6 commits June 9, 2026 14:50
- detect Anthropic, Google, GitLab, npm, Hugging Face, JWT credentials
- report all secret matches per file, not first-only
- hooks discover project codewarden.json (exclude_paths/allowlist parity with CI)
- cover NotebookEdit and Bash/PowerShell command secrets in Claude hooks
- wire pre_flight_trigger_lines as an ask gate; document prompt-only keys

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
- code-warden hooks git installs a marker-managed pre-commit running staged lint+secrets
- staged content scanned via git show with exclude/allowlist parity
- report --write-baseline / --baseline fail only new or worsened violations
- baseline secrets fingerprinted by content hash, never raw values
- action.yml and CI template accept a baseline input

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
- code-warden scope set/add/remove/clear/status manages .code-warden/scope.json
- write hooks deny out-of-scope edits with auditable expansion trail (Claude + Codex)
- scope file self-protected from agent edits
- command risk gate classifies Bash/PowerShell commands against risk_policy tiers
- blocked tier denies, high tier asks (Claude); configurable command_rules with id overrides

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
- PostToolUse audit ledger with sha256 hash chain, secret redaction, scope-gated enablement
- .code-warden/ governance artifacts unconditionally write-protected from agents
- SessionStart hook injects architecture context and scope status
- opt-in Stop hook blocks completion on fresh lint/secret violations (loop-guarded, baseline-aware)
- receipt --from-audit prefills receipts from ledger, scope, and git evidence; broken chains fail validation
- hook management generalized across PreToolUse/PostToolUse/SessionStart/Stop

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
- version sync to 4.0.0 across package, skill, and docs
- changelog, release notes, and decision log for phases 1-4
- README/CONFIGURE refresh: four enforcement layers, scope lock, risk gate,
  baseline ratchet, git backstop, audit ledger, corroborated receipts
- upgrade note: re-run code-warden hooks claude/codex to register new gates

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Scope locks and audit ledgers are session evidence; receipts are the
durable artifact. Keeps dev sessions from committing them accidentally.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
@Kodaxadev
Kodaxadev merged commit 9ec0ba7 into main Jun 11, 2026
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant