fix(gateguard): gate force/path git checkout as destructive (#2158)

* fix(gateguard): gate force/path git checkout as destructive The destructive-command gate's `checkout` handler only flagged `git checkout -- <path>`. It missed `git checkout --force` / `-f <branch>` and `git checkout .`, all of which discard uncommitted working-tree changes, so they bypassed the gate (once the once-per-session routine-Bash gate is satisfied, they ran with no challenge). The sibling `switch` handler already covers these force forms; mirror it for `checkout`. * test(gateguard): document Test 7b force-checkout case --------- Co-authored-by: bymle <229636660+bymle@users.noreply.github.com>
2026-06-11 10:43:10 +08:00 · 2026-06-07 13:26:08 +08:00
parent 680cc7153b
commit 0cb8907e14
2 changed files with 27 additions and 1 deletions
--- a/scripts/hooks/gateguard-fact-force.js
+++ b/scripts/hooks/gateguard-fact-force.js
@@ -318,7 +318,14 @@ function isDestructiveGit(tokens) {
  }

  if (command === 'checkout') {
-    return rest.includes('--');
+    // `git checkout -- <path>`, `git checkout .`, and the force forms
+    // (`--force` / `-f`) all discard uncommitted working-tree changes,
+    // mirroring the `switch` handler below.
+    return rest.some(t => {
+      if (t === '--' || t === '.' || t === '--force') return true;
+      if (!t.startsWith('-') || t.startsWith('--')) return false;
+      return t.slice(1).includes('f');
+    });
  }

  if (command === 'clean') {