fix(miner): normalize deny-hook paths and block short force-push flag#2886
Conversation
Deploying with
|
| Status | Name | Latest Commit | Preview URL | Updated (UTC) |
|---|---|---|---|---|
| ✅ Deployment successful! View logs |
gittensory-ui | 00ea109 | Commit Preview URL Branch Preview URL |
Jul 04 2026, 07:34 AM |
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #2886 +/- ##
=======================================
Coverage 96.06% 96.06%
=======================================
Files 259 259
Lines 28655 28655
Branches 10428 10428
=======================================
Hits 27528 27528
Misses 490 490
Partials 637 637 🚀 New features to boost your workflow:
|
|
Tip 🟩🟩🟩🟩🟩🟩🟩🟩🟩🟩🟩🟩 ✅ Gittensory review result - approve/merge recommendedReview updated: 2026-07-04 07:38:31 UTC
✅ Suggested Action - Approve/Merge
Review summary Nits — 4 non-blocking
Review context
Contributor next steps
Signal definitions
🟩 Safe / merged · 🟦 Advisory · 🟨 Held for review · 🟥 Blocked / closed 💰 Earn for open-source contributions like this. Gittensor lets GitHub contributors earn for the work they already do — register to start earning →. Checked by Gittensory, a quiet PR intelligence layer for OSS maintainers.
|
Substring matching on "-f" false-positively blocked git push --follow-tags (the flag contains "-f" as a substring). Add inputTokenPattern, a rule constraint that matches a whole whitespace-separated token instead of a substring, and use it for the short-flag force-push guard.
e2b3cc0 to
00ea109
Compare
Motivation
gittensory-miner hooks checkCLI exposed deny-hook verdicts as an exit-code gate but path candidates were not normalized, allowing./.github/workflows/ci.ymlto bypass the.github/workflows/**rule.--force, so short-form flags like-fcould be allowed and circumvent the intent to block force-pushes.Description
normalizePathCandidate()and including normalized tokens inpathCandidates()so dot-prefixed and backslash variants match the built-inpathPatternrules inpackages/gittensory-miner/lib/deny-hooks.js.push+-fto complement the existingpush+--forcerule inDEFAULT_DENY_RULES.git push -fcases intest/unit/miner-deny-hooks.test.tsand extend the CLI testtest/unit/miner-cli-deny-check.test.tsto assertrunDenyCheckreturns a blocking exit code for./.github/workflows/ci.yml.Testing
npx vitest run test/unit/miner-deny-hooks.test.ts test/unit/miner-cli-deny-check.test.tsand all tests passed.npm run build:minerand it succeeded (node --checkvalidations passed for the modified files).npm run test:cibutactionlintsetup failed due to transient network/host-label warnings during GitHub downloads, andnpm audit --audit-level=moderatereturned403 Forbiddenfrom the registry, so those two automated checks could not be completed locally.Codex Task