feat(hooks): block inline DB mutations across any CLI tool (v1.20.0)

Rebased onto main (was branched off 378471f, pre-1.17.0 through 1.19.0).
Squashed the 10 original feature/fix commits onto current main, bumped
version label from 1.17.0 to 1.20.0 to avoid collision with the existing
[1.17.0] warn-greptile-review-extraction-by-created-at release.

What this PR ships (unchanged from original PR #25 plan):

  Six new `inline-db-mutation-*` rules extending the scripts-not-DB
  discipline beyond Moodle/SSH to every DB CLI:
    - inline-db-mutation-mysql
    - inline-db-mutation-psql
    - inline-db-mutation-sqlite
    - inline-db-mutation-mongo
    - inline-db-mutation-redis
    - inline-db-mutation-gcloud-sql

  Plus the `disable_if_repo_file` rule-schema field (per-repo opt-out
  via a sentinel file under repo root) and a shared `db-mutation-rule`
  bypass marker.

Greptile-PR-#25 fixes preserved:
  - mysql/psql short-option-no-space (-e"...", --execute="...")
  - mongo --eval with whitespace inside the quoted JS
  - gcloud --project=PROD sql ... (equals-bound global flags)
  - disable_if_repo_file walks up to repo root via .git marker

Greptile re-review fix (this rebase):
  - inline-db-mutation-gcloud-sql now also catches SPACE-separated global
    flags (`--project my-prod`, `--configuration prod`,
    `--impersonate-service-account svc@host`, `--account user@host`,
    `--region us-central1`, etc.). Pattern relaxed from a strict
    `(--?flag(=value)?[[:space:]])*` chain to a generic
    `([^[:space:]]+[[:space:]]+)*` token-then-space loop; false-positive
    risk bounded by the literal `sql[[:space:]]+(import|export)[[:space:]]+(sql|csv|bak)`
    tail. Added 8 new test cases (6 block, 2 allow).

Tests: 297 / 297 pass (test-hooks.sh), 5 / 5 pass (test-sentinel-walkup.sh).

Created by Claude Code on behalf of @lapc506

Author: lapc506

.claude-plugin/marketplace.json

@@ -1,7 +1,7 @@
 {
   "$schema": "https://anthropic.com/claude-code/marketplace.schema.json",
   "name": "make-no-mistakes",
-  "version": "1.19.0",
+  "version": "1.20.0",
   "description": "The disciplined dev lifecycle — implement issues, review PRs, sync releases, test E2E, manage sessions, and stash secrets via OS-native prompts. One plugin to make no mistakes.",
   "owner": {
     "name": "Luis Andres Pena Castillo",
@@ -11,7 +11,7 @@
     {
       "name": "make-no-mistakes",
       "description": "Dev lifecycle orchestrator: disciplined Linear issue execution with worktree isolation, PR review with Greptile gating, team release sync, E2E test generation and execution, test suite previewer, security pentesting, MoSCoW + RICE prioritization, cross-platform secret stash via OS-native GUI prompts (zenity / kdialog / osascript / Get-Credential), and session management. 18 commands, 6 auto-activating skills, 2 specialized agents.",
-      "version": "1.19.0",
+      "version": "1.20.0",
       "author": {
         "name": "Luis Andres Pena Castillo",
         "email": "lapc506@users.noreply.github.com"

.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "make-no-mistakes",
-  "version": "1.19.0",
+  "version": "1.20.0",
   "description": "The disciplined dev lifecycle — implement issues, review PRs, sync releases, test E2E, manage sessions, stash secrets, and enforce manifest-driven tool-call hooks. One plugin to make no mistakes.",
   "author": {
     "name": "Luis Andres Pena Castillo",

.github/workflows/test-hooks.yml

@@ -37,3 +37,9 @@ jobs:
 
       - name: Run hook smoke tests
         run: bash hooks/test-hooks.sh
+
+      - name: Run sentinel walk-up tests
+        # Exercises the `disable_if_repo_file` lookup from subdirectories
+        # (Greptile #25 P1 regression — sentinel at repo root must be honored
+        # even when the hook fires from any nested cwd within the repo).
+        run: bash hooks/test-sentinel-walkup.sh

CHANGELOG.md

@@ -18,6 +18,94 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [1.20.0] - 2026-05-29
+
+### Added
+- **Six new `inline-db-mutation-*` rules extending the scripts-not-DB
+  discipline (`feedback_scripts_not_db.md`) beyond Moodle/SSH to every DB
+  CLI.** The pre-existing `ssh-db-mutation` rule only caught
+  `gcloud compute ssh ... --command=` with Moodle-flavoured payloads
+  (`mdl_`, `scorm_`, `php -r`). This release blocks inline mutations
+  across the full surface a developer is likely to reach for:
+  - `inline-db-mutation-mysql` — `mysql -e "UPDATE/DELETE/..."`,
+    `mysql ... < file.sql`, `mysqldump ... | mysql ...`.
+  - `inline-db-mutation-psql` — `psql -c "UPDATE/INSERT/ALTER/CREATE/
+    GRANT/REVOKE/REPLACE/RENAME"` and `pg_restore`. Complements the
+    existing `destructive-db-ops` rule (which already covers DROP /
+    TRUNCATE / DELETE FROM via psql).
+  - `inline-db-mutation-sqlite` — `sqlite3 path "<mutation>"`.
+  - `inline-db-mutation-mongo` — `mongo|mongosh --eval "db.x.<mutating
+    method>(...)"` and `mongorestore`.
+  - `inline-db-mutation-redis` — `redis-cli SET / DEL / FLUSHDB /
+    FLUSHALL / HSET / HDEL / SADD / SREM / LPUSH / RPUSH / ZADD / ZREM /
+    EXPIRE / RENAME / MSET / SETEX / SETNX / INCR / DECR / COPY / MOVE /
+    UNLINK / RESTORE / EVAL`.
+  - `inline-db-mutation-gcloud-sql` — `gcloud sql import sql|csv|bak` and
+    `gcloud sql export sql|csv|bak` (export blocked because PII-bearing
+    prod exports also belong in versioned scripts).
+- **Shared bypass marker `db-mutation-rule`** across all six rules. A single
+  consistent escape token keeps the muscle memory cheap.
+- **Per-repo escape hatch via `disable_if_repo_file`.** New optional rule
+  schema field: when present, the rule no-ops if a sentinel file with
+  that exact name exists in the cwd. The inline-DB-mutation family ships
+  with `disable_if_repo_file: .no-make-no-mistakes-db-mutation`, so a
+  repo whose entire job is inline DB work can opt out with a one-liner
+  (`touch .no-make-no-mistakes-db-mutation`). Hardened path validation
+  (filename must match `^[a-zA-Z0-9._-]+$`, cannot be `.` / `..`) prevents
+  the runtime lookup from escaping the cwd.
+
+### Fixed
+- **Inline-DB-mutation regex bypasses** (Greptile PR #25, P1 + Security):
+  - `mysql -e"..."` / `mysql --execute="..."` short/long-option-no-space
+    shapes now block (spacing between `-e`/`--execute` and the SQL keyword
+    is `[[:space:]]*` instead of `[[:space:]]+`).
+  - `psql -c"..."` / `psql --command="..."` short/long-option-no-space
+    shapes now block.
+  - `mongo --eval "db.x.update(...)"` with whitespace inside the quoted JS
+    expression now blocks (regex no longer requires the mutation method to
+    live inside a single non-space token after `--eval`). `--eval=` shape
+    also covered.
+  - `gcloud --project=PROD sql export ...` and other variants with global
+    flags between `gcloud` and `sql` now block (regex tolerates
+    zero-or-more `--flag[=value]` tokens before the `sql` command group).
+    Extended in this release to also cover SPACE-separated global flags
+    (`--project my-prod`, `--configuration prod`,
+    `--impersonate-service-account svc@example.com`, `--account user@...`,
+    `--region us-central1`, etc.) — Greptile re-review on PR #25.
+- **`disable_if_repo_file` sentinel walks up to repo root** (Greptile PR
+  #25, P1). Previously the lookup only checked `./<sentinel>` in the
+  process cwd, so a sentinel placed at the documented location (repo
+  root) was ignored whenever the hook fired from any subdirectory. The
+  lookup now walks upward looking for a `.git` marker (file or
+  directory — worktrees use a file) and resolves the sentinel relative
+  to that root, with a cwd fallback for non-git deployments. Added
+  `hooks/test-sentinel-walkup.sh` to lock the behavior in CI.
+
+### Changed
+- `hooks/lib/eval-rule.sh` honours `disable_if_repo_file` between the
+  bypass-marker check and the match-condition loop.
+- `scripts/build-rules.mjs` validates the new field's shape at build time
+  (same kebab-validation defense-in-depth as `bypass_marker`).
+- `hooks/rules/README.md` documents the new field and the per-repo escape
+  hatch pattern. README.md "Hooks" section now lists the six rules and
+  the bypass marker.
+
+### Notes
+- 38 rules total (was 32). Tests pass (210 baseline + new inline-DB cases
+  + space-separated Cloud SQL flag cases).
+- SELECT-only reads (`SELECT`, `SHOW`, `DESCRIBE`, `EXPLAIN`, `KEYS`,
+  `GET`, `.find`, `.aggregate`, ...) remain allowed inline. The rules
+  only fire on the mutation keyword set per CLI tool.
+- Commands that START with `./scripts/`, `bash scripts/`, `./bin/`, or
+  `bash bin/` are exempted via `not_pattern` — the principle is
+  "versioned scripts: yes; inline one-shots: no". When a wrapper script
+  is the invocation surface, the sensitive payload lives in git history.
+- Memory ref: `feedback_scripts_not_db.md` (already existed for the
+  Moodle-flavoured `ssh-db-mutation` rule; this release simply expands
+  the enforcement surface).
+- **Parallel-version coordination:** originally claimed `1.17.0`; bumped
+  to `1.20.0` after rebasing onto main (which had absorbed 1.17.0–1.19.0).
+
 ## [1.19.0] - 2026-05-26
 
 ### Added

README.md

@@ -1,6 +1,6 @@
 # make-no-mistakes
 
-**Version: 1.19.0** · [CHANGELOG](./CHANGELOG.md) · [Marketplace](https://github.com/DojoCodingLabs/make-no-mistakes-toolkit)
+**Version: 1.20.0** · [CHANGELOG](./CHANGELOG.md) · [Marketplace](https://github.com/DojoCodingLabs/make-no-mistakes-toolkit)
 
 The disciplined dev lifecycle — implement issues, review PRs, sync releases, test E2E, and manage sessions. One plugin to make no mistakes.
 
@@ -245,7 +245,8 @@ the manifest-driven hooks in `hooks/rules/rules.yaml`. The Tier 1 ruleset
 ships 10 rules:
 
 **PreToolUse on `Bash` (block by default):**
-- `ssh-db-mutation` — blocks `gcloud compute ssh ... --command="...php -r/mysql/set_config..."` (forces use of versioned scripts)
+- `ssh-db-mutation` — blocks `gcloud compute ssh ... --command="...php -r/mysql/set_config..."` (Moodle-flavoured SSH payloads)
+- `inline-db-mutation-mysql` / `-psql` / `-sqlite` / `-mongo` / `-redis` / `-gcloud-sql` — blocks inline DB mutations across any CLI (`mysql -e "UPDATE..."`, `psql -c "INSERT..."`, `sqlite3 path "DROP..."`, `mongo --eval "db.x.update(...)"`, `redis-cli SET/DEL/FLUSHALL`, `gcloud sql import/export`). Forces use of a versioned script under `scripts/` or `bin/`. SELECT-only reads are never blocked. Per-rule bypass via `# hook-bypass: db-mutation-rule`; per-repo opt-out via `touch .no-make-no-mistakes-db-mutation` at the root (memory: `feedback_scripts_not_db.md`).
 - `prod-ops-no-approval` — blocks `--project=*-prod` operations without explicit acknowledgement
 - `destructive-db-ops` — blocks `supabase db reset|push|repair` and inline `DROP/TRUNCATE/DELETE FROM`
 - `manual-edge-fn-deploy` — blocks `supabase functions deploy` (forces CI-only deploys)
@@ -274,8 +275,18 @@ command or content to acknowledge the rule and proceed:
 # // hook-bypass: edge-fn-manual
 # // hook-bypass: minified-build
 # // hook-bypass: secret-leak
+
+# Bypass marker shipped in v1.17.0 inline-db-mutation family:
+# // hook-bypass: db-mutation-rule
 ```
 
+Some rules (e.g., the v1.17.0 inline-DB-mutation family) also support a
+per-repo escape hatch: drop a sentinel file at the repo root and the rule
+becomes a no-op in that repo. The current sentinel filenames are:
+
+- `.no-make-no-mistakes-db-mutation` — disables all six
+  `inline-db-mutation-*` rules in the repo
+
 Bypasses are explicit acknowledgements — they sit inside the command/content
 itself, not as silent flags.
 

hooks/lib/eval-rule.sh

@@ -84,6 +84,64 @@ if [ -n "$BYPASS_MARKER" ]; then
   esac
 fi
 
+# Per-repo escape hatch: if the rule declares `disable_if_repo_file: <name>`
+# and that file exists at the repo root, the rule is a no-op.
+# Use case: a repo explicitly opts out of a class of enforcement because its
+# workflow legitimately requires the otherwise-blocked operation (e.g., a
+# data-migration repo that runs inline DB mutations as part of its job).
+# The filename is validated to be a flat, safe name (no slashes / dots /
+# wildcards) so the lookup can't escape the cwd or pull in unintended files.
+#
+# Lookup strategy (Greptile #25 P1): walk upward from cwd looking for a
+# repo-root marker (`.git` file or dir — `.git` is a file in worktrees) and
+# check the sentinel at that root. If no repo root is found within a
+# bounded ascent, fall back to checking cwd itself (preserves the previous
+# behavior for repos without `.git`, e.g. tarball deploys).
+#
+# The ascent is bounded (32 levels) so an unrooted absolute path can't loop
+# forever — `/` has no parent, so the loop terminates naturally, but the
+# bound is defensive against pathological symlink trees.
+DISABLE_IF_REPO_FILE="$(printf '%s' "$RULE_JSON" | jq -r '.disable_if_repo_file // empty')"
+if [ -n "$DISABLE_IF_REPO_FILE" ]; then
+  # Validate filename: only [a-zA-Z0-9._-], and reject "." / ".." sentinels.
+  # The `/` character falls outside the allowed set so any path-traversal
+  # attempt (e.g. "../foo", "etc/passwd") is rejected by the first arm.
+  case "$DISABLE_IF_REPO_FILE" in
+    *[!a-zA-Z0-9._-]*|.|..)
+      echo "make-no-mistakes: rule ${RULE_ID} has invalid disable_if_repo_file (must be a flat filename of [a-zA-Z0-9._-]); ignoring escape hatch." >&2
+      ;;
+    *)
+      # Walk up looking for a `.git` marker (worktrees use a `.git` *file*,
+      # standard checkouts use a `.git` *directory* — both satisfy `-e`).
+      SENTINEL_DIR=""
+      SEARCH_DIR="$PWD"
+      DEPTH=0
+      while [ "$DEPTH" -lt 32 ]; do
+        if [ -e "${SEARCH_DIR}/.git" ]; then
+          SENTINEL_DIR="$SEARCH_DIR"
+          break
+        fi
+        PARENT="$(dirname "$SEARCH_DIR")"
+        # `dirname /` returns `/` — bail when we stop moving up.
+        if [ "$PARENT" = "$SEARCH_DIR" ]; then
+          break
+        fi
+        SEARCH_DIR="$PARENT"
+        DEPTH=$((DEPTH + 1))
+      done
+
+      # If we found a repo root, check the sentinel there. Otherwise fall
+      # back to cwd so non-git deployments still have an opt-out path.
+      if [ -n "$SENTINEL_DIR" ] && [ -f "${SENTINEL_DIR}/${DISABLE_IF_REPO_FILE}" ]; then
+        exit 0
+      fi
+      if [ -f "./${DISABLE_IF_REPO_FILE}" ]; then
+        exit 0
+      fi
+      ;;
+  esac
+fi
+
 # Iterate match conditions. ALL must hold for the rule to fire.
 N_CONDITIONS="$(printf '%s' "$RULE_JSON" | jq '.match | length')"
 i=0

hooks/rules/README.md

@@ -24,6 +24,7 @@ Every rule is one YAML row with these fields:
       flags: i                      # optional; only "i" (case-insensitive) supported
   action: block | warn              # required
   bypass_marker: <kebab-case> | null  # optional acknowledgement token
+  disable_if_repo_file: <flat-filename>  # optional per-repo escape hatch (see below)
   memory_ref: <filename>            # optional metadata only — NOT printed at runtime
   message: |                        # required, multi-line stderr output
     Block / warning text shown when this rule fires.
@@ -59,6 +60,25 @@ inside the command/content itself, not as silent flags.
 
 `bypass_marker: null` (or omitted) means the rule cannot be bypassed.
 
+### Per-repo escape hatch (`disable_if_repo_file`)
+
+For rules that are too aggressive in specific repos (e.g., a data-migration
+repo whose entire job is to run inline DB mutations), a rule can declare a
+sentinel filename. If that file exists in the current working directory when
+the hook fires, the rule is a no-op.
+
+```yaml
+- id: inline-db-mutation-mysql
+  # ...
+  disable_if_repo_file: .no-make-no-mistakes-db-mutation
+```
+
+Then in the consuming repo, opting out is `touch .no-make-no-mistakes-db-mutation`
+at the repo root. Validation: the filename must match `^[a-zA-Z0-9._-]+$` and
+cannot be `.` or `..`, so the runtime lookup `[ -f "./<name>" ]` cannot
+escape the cwd. Use this sparingly — the bypass marker is preferred when the
+escape is per-command rather than per-repo.
+
 ## Adding a rule
 
 1. Edit `rules.yaml` — append a new row following the schema.