Commit Graph

3 Commits

Author SHA1 Message Date
4c51be5a6d harness: fix guard detection failure on macOS bash 3.2
Replace mapfile (bash 4.0+) with bash 3.2-compatible while-read loop.
macOS ships bash 3.2.57 (last GPLv2 version); mapfile silently failed,
leaving STAGED array empty, so no security checks ran (conflict markers,
secrets, private keys all missed). Guard self-test now passes 12/12.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-06-20 06:17:02 -07:00
b25f0be539 feat(harness-guard): FATAL-promotion prerequisite — test matrix + pair-required conflict rule (VERSION 1.4.3)
Builds the false-positive/true-positive proof the plan requires before the guard can be
promoted to blocking, and fixes the one false-positive it surfaced.

- test-harness-guard.sh: 12-case matrix in a throwaway repo, runs the REAL guard, asserts
  WARN/clean for real conflicts/secrets/keys vs legit content (setext underlines, dividers,
  docs that mention a marker, encrypted sops, public keys, .example templates).
- harness-guard.sh: conflict rule now requires a real hunk (BOTH ^<<<<<<< AND ^>>>>>>>),
  dropping the lone =======$ trigger that false-positived on a 7-char setext underline /
  divider. Identical true-positive power (git writes all three markers); FP surface -> 0.
- /self-check: new harness.guard_selftest runs the matrix in an isolated temp repo (read-only
  vs the real tree) so guard correctness is continuously proven.

Verified 12/12 pass, true positives intact, real-tree FP surface = 0. FATAL flip (todo
f1c11d0d, on/after 2026-06-22) is now evidence-backed + one-step.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-08 08:41:58 -07:00
7bed4e49e6 sync: auto-sync from GURU-5070 at 2026-06-08 07:42:44
Author: Mike Swanson
Machine: GURU-5070
Timestamp: 2026-06-08 07:42:44
2026-06-08 07:42:48 -07:00