hyperpolymath · hyperpolymath · Apr 16, 2026 · Apr 16, 2026
diff --git a/config/owners.config b/config/owners.config
@@ -0,0 +1,27 @@
+# Git Scripts — Owner Allowlist
+#
+# These scripts must NEVER touch repositories owned by anyone outside this
+# list. The guard refuses to operate (and exits non-zero) if a target repo's
+# GitHub owner is not present here.
+#
+# Add to this list:
+#   - your own GitHub username
+#   - any family members you maintain repos for (e.g. your son)
+#   - any organisations you control
+#
+# The owner check is case-insensitive. One owner per line in the array.
+#
+# Override at runtime without editing this file by exporting:
+#   GIT_SCRIPTS_ALLOWED_OWNERS="ownerA ownerB ownerC"
+# (space- or comma-separated).
+
+ALLOWED_OWNERS=(
+  "hyperpolymath"
+)
+
+if [[ -n "${GIT_SCRIPTS_ALLOWED_OWNERS:-}" ]]; then
+    # Replace the array entirely from the env var
+    IFS=', ' read -r -a ALLOWED_OWNERS <<< "${GIT_SCRIPTS_ALLOWED_OWNERS}"
+fi
+
+export ALLOWED_OWNERS
diff --git a/lib/script_manager/dependency_fixer.ex b/lib/script_manager/dependency_fixer.ex
@@ -11,71 +11,115 @@ defmodule ScriptManager.DependencyFixer do
   def run do
     IO.puts("\n🔧 DEPENDENCY FIXER (Hardened Mode)")
     IO.puts("===================================")
-    
+
     fix_lithoglyph()
     fix_rgtv()
-    
+
     IO.puts("\n✅ Dependency fixing complete!")
     :ok
   end
 
+  # Walk up to the enclosing git working tree and check the owner allowlist.
+  # Returns true if the directory has no enclosing repo (we can't tell, so allow
+  # the explicit per-path edits to proceed inside our own filesystem layout).
+  @spec safe_to_edit?(String.t()) :: boolean()
+  defp safe_to_edit?(path) do
+    case System.cmd("git", ["-C", path, "rev-parse", "--show-toplevel"], stderr_to_stdout: true) do
+      {toplevel, 0} ->
+        ScriptManager.OwnershipGuard.repo_allowed?(String.trim(toplevel))
+
+      _ ->
+        # Not inside a git repo: nothing remote to push to, no owner to violate.
+        true
+    end
+  end
+
   @spec fix_lithoglyph() :: :ok
   defp fix_lithoglyph do
     path = "/var/mnt/eclipse/repos/nextgen-databases/lithoglyph/core-zig"
     IO.puts("Fixing Lithoglyph in #{path}...")
-    
+
     try do
-      if File.dir?(path) do
-        build_zig = Path.join(path, "build.zig")
-        if File.exists?(build_zig) do
-          content = File.read!(build_zig)
-          new_content = String.replace(content, "const crypto_tests = b.addTest(.{", "const _crypto_tests = b.addTest(.{")
-          File.write!(build_zig, new_content)
-          IO.puts("  ✓ build.zig patched")
-
-          IO.puts("  Running tests...")
-          System.cmd("zig", ["build", "test"], cd: path, into: IO.stream(:stdio, :line))
-        end
-      else
-        IO.puts("  ⚠ Lithoglyph directory not found")
+      cond do
+        not File.dir?(path) ->
+          IO.puts("  ⚠ Lithoglyph directory not found")
+
+        not safe_to_edit?(path) ->
+          IO.puts("  🛡  Skipping: enclosing repo is outside the owner allowlist.")
+
+        true ->
+          do_fix_lithoglyph(path)
       end
     rescue
       e -> IO.puts("  ❌ Failed to fix Lithoglyph: #{inspect(e)}")
     end
+
+    :ok
+  end
+
+  @spec do_fix_lithoglyph(String.t()) :: :ok
+  defp do_fix_lithoglyph(path) do
+    build_zig = Path.join(path, "build.zig")
+
+    if File.exists?(build_zig) do
+      content = File.read!(build_zig)
+      new_content = String.replace(content, "const crypto_tests = b.addTest(.{", "const _crypto_tests = b.addTest(.{")
+      File.write!(build_zig, new_content)
+      IO.puts("  ✓ build.zig patched")
+
+      IO.puts("  Running tests...")
+      System.cmd("zig", ["build", "test"], cd: path, into: IO.stream(:stdio, :line))
+    end
+
     :ok
   end
 
   @spec fix_rgtv() :: :ok
   defp fix_rgtv do
     path = "/var/mnt/eclipse/repos/reasonably-good-token-vault/vault-core"
     IO.puts("Fixing RGTV in #{path}...")
-    
+
     try do
-      if File.dir?(path) do
-        primes_rs = Path.join([path, "src", "primes.rs"])
-        if File.exists?(primes_rs) do
-          content = File.read!(primes_rs)
-          new_content = String.replace(content, "use num_bigint::{BigUint, RandBigInt, ToBigUint};", "use num_bigint::{BigUint, ToBigUint};")
-          File.write!(primes_rs, new_content)
-          IO.puts("  ✓ src/primes.rs patched")
-        end
-
-        crypto_rs = Path.join([path, "src", "crypto.rs"])
-        if File.exists?(crypto_rs) do
-          content = File.read!(crypto_rs)
-          new_content = String.replace(content, "use ed448_goldilocks::EdwardsPoint::generator()", "use ed448_goldilocks::edwards::EdwardsPoint::generator()")
-          File.write!(crypto_rs, new_content)
-          IO.puts("  ✓ src/crypto.rs patched")
-        end
-
-        IO.puts("  Running tests...")
-        System.cmd("cargo", ["test", "--lib"], cd: path, into: IO.stream(:stdio, :line))
-      else
-        IO.puts("  ⚠ RGTV directory not found")
+      cond do
+        not File.dir?(path) ->
+          IO.puts("  ⚠ RGTV directory not found")
+
+        not safe_to_edit?(path) ->
+          IO.puts("  🛡  Skipping: enclosing repo is outside the owner allowlist.")
+
+        true ->
+          do_fix_rgtv(path)
       end
     rescue
       e -> IO.puts("  ❌ Failed to fix RGTV: #{inspect(e)}")
     end
+
+    :ok
+  end
+
+  @spec do_fix_rgtv(String.t()) :: :ok
+  defp do_fix_rgtv(path) do
+    primes_rs = Path.join([path, "src", "primes.rs"])
+
+    if File.exists?(primes_rs) do
+      content = File.read!(primes_rs)
+      new_content = String.replace(content, "use num_bigint::{BigUint, RandBigInt, ToBigUint};", "use num_bigint::{BigUint, ToBigUint};")
+      File.write!(primes_rs, new_content)
+      IO.puts("  ✓ src/primes.rs patched")
+    end
+
+    crypto_rs = Path.join([path, "src", "crypto.rs"])
+
+    if File.exists?(crypto_rs) do
+      content = File.read!(crypto_rs)
+      new_content = String.replace(content, "use ed448_goldilocks::EdwardsPoint::generator()", "use ed448_goldilocks::edwards::EdwardsPoint::generator()")
+      File.write!(crypto_rs, new_content)
+      IO.puts("  ✓ src/crypto.rs patched")
+    end
+
+    IO.puts("  Running tests...")
+    System.cmd("cargo", ["test", "--lib"], cd: path, into: IO.stream(:stdio, :line))
+
     :ok
   end
 end
diff --git a/lib/script_manager/estate_deployer.ex b/lib/script_manager/estate_deployer.ex
@@ -2,6 +2,7 @@ defmodule ScriptManager.EstateDeployer do
   @moduledoc "Estate deployment logic generalized for all repositories"
 
   alias ScriptManager.RepoHelper
+  alias ScriptManager.OwnershipGuard
 
   @contractile_types ["must", "trust", "dust", "lust", "adjust", "intend"]
   @standards_dir "/var/mnt/eclipse/repos/standards"
@@ -65,9 +66,12 @@ defmodule ScriptManager.EstateDeployer do
   end
 
   defp deploy_by_paths(repo_paths, phases) do
+    # Ownership guard: refuse to deploy into repos outside the allowlist.
+    repo_paths = OwnershipGuard.filter_allowed_verbose(repo_paths)
+
     total = length(repo_paths)
     IO.puts("Processing #{total} repositories...")
-    
+
     repo_paths
     |> Enum.with_index(1)
     |> Enum.each(fn {path, index} ->

diff --git a/lib/script_manager/git_syncer.ex b/lib/script_manager/git_syncer.ex
@@ -5,6 +5,7 @@ defmodule ScriptManager.GitSyncer do
   """
 
   alias ScriptManager.RepoHelper
+  alias ScriptManager.OwnershipGuard
 
   @type sync_status :: String.t()
   @type merge_status :: String.t()
@@ -16,9 +17,12 @@ defmodule ScriptManager.GitSyncer do
   def run do
     IO.puts("\n🌐 GLOBAL GIT SYNC (Concurrent Strict Mode)")
     IO.puts("============================================")
-
-    all_repos = RepoHelper.find_all_repos()
-
+
+    # Ownership guard: never push to repos outside the allowlist.
+    all_repos =
+      RepoHelper.find_all_repos()
+      |> OwnershipGuard.filter_allowed_verbose()
+
     header = "| Repository | Sync Status | Merge Status | Push Status |"
     separator = "| :--- | :--- | :--- | :--- |"