Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
48 changes: 37 additions & 11 deletions bin/pushgate.mjs

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

8 changes: 6 additions & 2 deletions docs/reference/configuration.md
Original file line number Diff line number Diff line change
Expand Up @@ -27,11 +27,13 @@ policies:
diff_size:
max_changed_lines: 500
mode: warning
fail_fast: false
forbidden_paths:
patterns:
- ".env"
- "secrets/**"
mode: blocking
fail_fast: true

plugins:
gitleaks:
Expand Down Expand Up @@ -84,7 +86,9 @@ extension point for provider-specific nested settings.
| `tools[].run` | `changed_files` |
| `tools[].fail_fast` | `true` |
| `policies.diff_size.mode` | `blocking` |
| `policies.diff_size.fail_fast` | `true` |
| `policies.forbidden_paths.mode` | `blocking` |
| `policies.forbidden_paths.fail_fast` | `true` |
| `plugins.gitleaks.enabled` | `true` |
| `plugins.gitleaks.command` | `gitleaks` |
| `plugins.gitleaks.timeout_seconds` | `60` |
Expand Down Expand Up @@ -132,8 +136,8 @@ commands. They run before plugins and configured tools.
| `diff_size` | Counts added plus deleted text lines in the normalized changed-file list. Binary diffs do not contribute. |
| `forbidden_paths` | Matches gitignore-like patterns against live changed paths after `ignore_paths` filtering. Deleted files are ignored. |

Policy `mode` uses the same `blocking` or `warning` behavior as configured
tools.
Policy `mode` and `fail_fast` use the same blocking, warning, and fail-fast
behavior as configured tools.

## Plugins

Expand Down
10 changes: 10 additions & 0 deletions schemas/pushgate-config-v2.schema.json
Original file line number Diff line number Diff line change
Expand Up @@ -145,6 +145,11 @@
},
"mode": {
"$ref": "#/definitions/policyMode"
},
"fail_fast": {
"description": "Whether a blocking diff-size violation stops later deterministic checks.",
"type": "boolean",
"default": true
}
}
},
Expand All @@ -164,6 +169,11 @@
},
"mode": {
"$ref": "#/definitions/policyMode"
},
"fail_fast": {
"description": "Whether a blocking forbidden-path violation stops later deterministic checks.",
"type": "boolean",
"default": true
}
}
},
Expand Down
2 changes: 2 additions & 0 deletions src/config/normalize.ts
Original file line number Diff line number Diff line change
Expand Up @@ -87,6 +87,7 @@ function normalizePolicies(
diff_size: {
max_changed_lines: policies.diff_size.max_changed_lines,
mode: policies.diff_size.mode ?? "blocking",
fail_fast: policies.diff_size.fail_fast ?? true,
},
}
: {}),
Expand All @@ -95,6 +96,7 @@ function normalizePolicies(
forbidden_paths: {
patterns: [...policies.forbidden_paths.patterns],
mode: policies.forbidden_paths.mode ?? "blocking",
fail_fast: policies.forbidden_paths.fail_fast ?? true,
},
}
: {}),
Expand Down
6 changes: 6 additions & 0 deletions src/config/types.ts
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,8 @@ export interface DiffSizePolicyConfig {
max_changed_lines: number;
/** Whether a policy violation blocks the push or only warns locally. */
mode: BuiltInPolicyMode;
/** Whether a blocking violation stops later deterministic checks. */
fail_fast: boolean;
}

/** Built-in forbidden-path policy configuration. */
Expand All @@ -52,6 +54,8 @@ export interface ForbiddenPathsPolicyConfig {
patterns: string[];
/** Whether a policy violation blocks the push or only warns locally. */
mode: BuiltInPolicyMode;
/** Whether a blocking violation stops later deterministic checks. */
fail_fast: boolean;
}

/** Optional built-in deterministic policies. */
Expand Down Expand Up @@ -157,12 +161,14 @@ export interface RawToolConfig {
export interface RawDiffSizePolicyConfig {
max_changed_lines: number;
mode?: BuiltInPolicyMode;
fail_fast?: boolean;
}

/** Raw built-in forbidden-path policy shape before defaults are normalized. */
export interface RawForbiddenPathsPolicyConfig {
patterns: string[];
mode?: BuiltInPolicyMode;
fail_fast?: boolean;
}

/** Raw built-in policy config before optional policy modes are normalized. */
Expand Down
Loading
Loading