fix/git-validator-empty-branch · #1425

isProtectedBranch('') → false

Fixing 8 silently-broken git-validator tests on main since #1412

The bug — falsy fallback

Before

export function isProtectedBranch(branch?: string) {
  // '' is falsy → falls through to real git!
  const currentBranch = branch || getCurrentBranch();
  return getProtectedBranches().includes(currentBranch);
}

After

export function isProtectedBranch(branch?: string) {
  const currentBranch = branch === undefined
    ? getCurrentBranch() : branch;
  if (!currentBranch) return false;
  return getProtectedBranches().includes(currentBranch);
}

Why the test suite was silently green on feature branches

test: gitValidator(input) on feat/road-to-10 │ ▼ ctx.branch = '' (NOOP_CTX default) │ ▼ isProtectedBranch('') │ '' || getCurrentBranch() ← bug: '' is falsy │ ▼ getCurrentBranch() = 'feat/road-to-10' │ not in ['main','master'] │ ▼ returns false → test validates commit format ✓ test: gitValidator(input) on main ← CI post-merge │ ▼ ctx.branch = '' │ ▼ getCurrentBranch() = 'main' │ ▼ returns true → test hits branch protection ✗ (never reaches the thing it was testing)

Semantics after fix

isProtectedBranch(undefined)  → read current branch  // prod default, unchanged
isProtectedBranch('')         → false  // "unknown, don't protect" (tests + git failures)
isProtectedBranch('main')     → true   // protected
isProtectedBranch('dev')      → false  // not in default protected list
isProtectedBranch('feat/x')   → false  // unchanged

Test impact

Before fix (on main):
  src/__tests__/pretool/git-validator.test.ts       8 failed / 61 passed
  src/__tests__/security-critical-hooks.test.ts     226 passed

After fix:
  src/__tests__/pretool/git-validator.test.ts       69 passed
  src/__tests__/security-critical-hooks.test.ts     226 passed