feat: dev pipeline — multi-project git tools, git_commit, git_push

git_status/log/diff gain a `project` param (same aliases as aider_run: cortex/aether_api/aether_frontend/aether_container). Default is Cortex for backward compat. New git_commit and git_push tools complete the review→commit→push loop: aider_run(auto_commit=False) → git_diff → git_commit → git_push. Both admin-only, confirm-required, high risk. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-17 21:47:10 -04:00
parent 67f5db70a3
commit 66978734b4
3 changed files with 212 additions and 54 deletions
--- a/cortex/tools/init.py
+++ b/cortex/tools/init.py
@@ -83,9 +83,11 @@ from tools.agent_notes import (
    agent_notes_clear  as _agent_notes_clear,
 )
 from tools.git import (
-    git_status as _git_status,
-    git_log    as _git_log,
-    git_diff   as _git_diff,
+    git_status  as _git_status,
+    git_log     as _git_log,
+    git_diff    as _git_diff,
+    git_commit  as _git_commit,
+    git_push    as _git_push,
 )
 from tools.agents import (
    spawn_agent    as _spawn_agent,
@@ -129,7 +131,7 @@ import tools.ae_database  as _mod_ae_database
 TOOL_CATEGORIES: dict[str, list[str]] = {
    "Web":              ["web_search", "http_fetch", "web_read", "http_post"],
    "Project Files":    ["project_file_read", "project_file_list", "file_stat", "file_grep", "file_diff", "file_syntax_check"],
-    "Git":              ["git_status", "git_log", "git_diff"],
+    "Git":              ["git_status", "git_log", "git_diff", "git_commit", "git_push"],
    "System Files":     ["file_read", "file_list", "file_write", "session_read", "session_search"],
    "Shell":            ["shell_exec", "claude_allow_dir"],
    "System":           ["cortex_restart", "cortex_logs", "cortex_status", "cortex_update"],
@@ -213,6 +215,8 @@ _CALLABLES: dict[str, callable] = {
    "git_status":                _git_status,
    "git_log":                   _git_log,
    "git_diff":                  _git_diff,
+    "git_commit":                _git_commit,
+    "git_push":                  _git_push,
    "spawn_agent":               _spawn_agent,
    "agent_status":              _agent_status,
    "agent_list":                _agent_list,
@@ -245,6 +249,8 @@ TOOL_ROLES: dict[str, str] = {
    "agent_list":       "user",
    "agent_cancel":     "admin",
    "aider_run":        "admin",
+    "git_commit":       "admin",
+    "git_push":         "admin",
    "email_send":       "admin",
    "nc_talk_send":     "admin",
    "http_post":        "admin",
@@ -268,6 +274,8 @@ CONFIRM_REQUIRED: set[str] = {
    "ae_journal_entry_disable",   # disables a journal entry — not easily reversed
    "agent_cancel",               # kills a running background task
    "aider_run",                  # edits files and commits — irreversible without git revert
+    "git_commit",                 # creates a commit — irreversible without git revert
+    "git_push",                   # pushes to remote — cannot be un-pushed easily
 }

 # Security risk ratings — informational for now; will drive auto-allow tiers later.
@@ -360,10 +368,12 @@ TOOL_RISK: dict[str, str] = {
    "agent_notes_append":        "low",
    "agent_notes_clear":         "low",

-    # Git — all read-only inspections
+    # Git — reads are low; commit/push affect repo history
    "git_status":                "low",
    "git_log":                   "low",
    "git_diff":                  "low",
+    "git_commit":                "high",
+    "git_push":                  "high",

    # Agents — spawning is high; lifecycle reads are low; cancel is medium (kills a task)
    "spawn_agent":               "high",
@@ -586,7 +596,7 @@ CATEGORY_TOOL_MAP: dict[str, list[str]] = {
    "web_post":     ["http_post"],
    "file":         ["project_file_read", "project_file_list", "file_stat", "file_grep",
                     "file_diff", "file_syntax_check", "file_read", "file_list", "file_write"],
-    "git":          ["git_status", "git_log", "git_diff"],
+    "git":          ["git_status", "git_log", "git_diff", "git_commit", "git_push"],
    "system":       ["cortex_restart", "cortex_logs", "cortex_status", "cortex_update", "shell_exec"],
    "tasks":        ["task_list", "task_create", "task_update", "task_complete"],
    "cron":         ["cron_list", "cron_add", "cron_remove", "cron_toggle"],
@@ -612,7 +622,8 @@ _KEYWORD_CATEGORY_MAP: dict[str, list[str]] = {
    "web_post":     ["post to", "send to", "webhook", "trigger webhook"],
    "file":         ["read file", "show file", "list file", "directory", "grep",
                     "search in", "find in", "diff", "compare", "syntax check", "open file"],
-    "git":          ["git", "commit", "branch", "pulled", "merged", "repository", "repo"],
+    "git":          ["git", "commit", "branch", "pulled", "merged", "repository", "repo",
+                     "push", "push to", "push the changes", "stage", "stash"],
    "system":       ["restart", "update", "status", "logs", "log", "deploy", "run command",
                     "shell", "is it running", "health"],
    "tasks":        ["task", "todo", "to-do", "to do", "add task", "create task",