Driver
PR #357 Rex review flagged a doc/impl scope mismatch. AgDR-0050 § Axis 4 says block-agent-routing-drift.sh "sweeps before any push to a public-class remote", but the actual implementation in .claude/hooks/block-agent-routing-drift.sh fires on ANY push regardless of remote class. Either the spec or the implementation needs to move so they agree.
Scope
Pick one of two fix paths:
- Tighten the hook to inspect
@{push} (or the explicit remote argument from the pushed command) and resolve the remote URL against the configured leak_protection.public_framework_repos list. Only fire when the push target is public-class. More accurate to the original design intent; more code (remote-URL parsing + config lookup) and a new failure mode (resolve-remote-fails-silently).
- Update AgDR-0050 to say "any push" and accept the broader scope as the actual design. Simpler — the drift guard already fires on every push, which is correct for adopter-fork scenarios where the local fork itself is the leak vector regardless of whether they push to upstream this turn. Trade-off: false-positive trips on push-to-private-tracking-branch when the operator has staged a deliberate framework-default change but hasn't yet labelled it with the escape-hatch comment.
Recommended: option 2 (broader scope is actually the safer default — see #348 / #347 PR 5 work that wants drift-prevention even on push-to-origin-feature-branch).
Acceptance Criteria
Source: PR #357 Rex review (#357 (review))
Driver
PR #357 Rex review flagged a doc/impl scope mismatch. AgDR-0050 § Axis 4 says
block-agent-routing-drift.sh"sweeps before any push to a public-class remote", but the actual implementation in.claude/hooks/block-agent-routing-drift.shfires on ANY push regardless of remote class. Either the spec or the implementation needs to move so they agree.Scope
Pick one of two fix paths:
@{push}(or the explicit remote argument from the pushed command) and resolve the remote URL against the configuredleak_protection.public_framework_reposlist. Only fire when the push target is public-class. More accurate to the original design intent; more code (remote-URL parsing + config lookup) and a new failure mode (resolve-remote-fails-silently).Recommended: option 2 (broader scope is actually the safer default — see #348 / #347 PR 5 work that wants drift-prevention even on push-to-origin-feature-branch).
Acceptance Criteria
.claude/hooks/block-agent-routing-drift.shpush-trigger condition agreeSource: PR #357 Rex review (#357 (review))