feat: add v2 config schema validation

.github/PULL_REQUEST_TEMPLATE.md

@@ -26,6 +26,7 @@
 
 <!-- How did you verify this works? What edge cases did you consider? -->
 
+- [ ] `pnpm test` passes
 - [ ] `bash -n hook/pre-push` passes with no output
 - [ ] `bash -n install.sh` passes with no output
 - [ ] Manually tested the hook on a real repository
@@ -43,4 +44,4 @@
 
 ## Screenshots / output
 
-<!-- If your change affects terminal output, paste a before/after example here. -->
+<!-- If your change affects terminal output, paste a before/after example here. -->

.github/workflows/ci.yml

@@ -7,12 +7,28 @@ on:
 
 jobs:
   validate:
-    name: Validate shell scripts
+    name: Validate shell scripts and config
     runs-on: ubuntu-latest
 
     steps:
       - uses: actions/checkout@v4
 
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 20
+
+      - name: Enable Corepack
+        run: corepack enable
+
+      - name: Install Node dependencies
+        run: pnpm install --frozen-lockfile
+
+      - name: Build TypeScript config layer
+        run: pnpm build
+
+      - name: Test Node config layer
+        run: pnpm test
+
       - name: Check hook syntax
         run: bash -n hook/pre-push
 
@@ -65,7 +81,7 @@ jobs:
 
       - name: Verify templates contain required keys
         run: |
-          required_keys="agent review tools ignore_paths"
+          required_keys="version ai review tools ignore_paths"
           for f in templates/*.yml; do
             for key in $required_keys; do
               if ! grep -q "^${key}:" "$f"; then

.gitignore

@@ -0,0 +1,3 @@
+.DS_Store
+dist/
+node_modules/

.nvmrc

@@ -0,0 +1 @@
+24.16.0

CONTRIBUTING.md

@@ -1,4 +1,4 @@
-# Contributing to ai-git-hooks
+# Contributing to ai-pushgate
 
 Thank you for your interest in contributing! This document covers everything
 you need to know to get changes merged.
@@ -14,11 +14,16 @@ All changes — including from maintainers — must go through a pull request. D
 ## Development setup
 
 ```bash
-git clone git@github.com:rootstrap/ai-git-hooks.git
-cd ai-git-hooks
+git clone git@github.com:rootstrap/ai-pushgate.git
+cd ai-pushgate
+
+# Let Corepack use the pnpm version pinned in package.json
+corepack enable
+pnpm install
 ```
 
-No dependencies to install — the project is pure shell scripts and YAML.
+Pushgate uses pnpm for its Node config parser dependencies and scripts. The
+hook, installer, and templates remain shell and YAML.
 
 ---
 
@@ -84,9 +89,15 @@ commit as-is and customise from there.
 
 ## Testing your changes
 
-There is no automated test suite yet. To test manually:
+Run the Node config tests before manual hook or installer checks:
 
 ```bash
+# Install config parser dependencies
+pnpm install
+
+# Typecheck the v2 config loader, then validate schema fixtures and templates
+pnpm test
+
 # Validate shell syntax
 bash -n hook/pre-push
 bash -n install.sh
@@ -106,6 +117,7 @@ verify the configured tools run correctly against changed files.
 
 ## Pull request checklist
 
+- [ ] `pnpm test` passes
 - [ ] `bash -n hook/pre-push` passes with no output
 - [ ] `bash -n install.sh` passes with no output
 - [ ] Commit messages follow Conventional Commits
@@ -120,4 +132,4 @@ verify the configured tools run correctly against changed files.
 Releases are fully automated via `release-please`. When your PR is merged to
 `main`, release-please analyses the commit messages and opens a Release PR if
 there is anything releasable. Merging the Release PR creates the GitHub Release
-and git tag automatically — you don't need to do anything manually.
+and git tag automatically — you don't need to do anything manually.

README.md

@@ -92,46 +92,32 @@ The installer checks which runtimes your config requires and warns about any tha
 After install, edit `.pushgate.yml` in your project root:
 
 ```yaml
+version: 2
+
 ai:
   # Supported modes: blocking (default), advisory, off.
   mode: blocking
-
-  # Claude model used when the Claude Code CLI provider is configured.
-  model: claude-sonnet-4-20250514
+  provider: claude
+  providers:
+    claude:
+      # Provider-specific settings live below the selected provider block.
+      model: claude-sonnet-4-20250514
 
 review:
   target_branch: main       # diff base: git diff <target_branch>...HEAD
   context_lines: 10         # surrounding context lines included in the diff
   max_lines_for_full_file: 300  # below this threshold, full file contents are sent
                                 # instead of just the diff for richer context
 
-  # Topics the AI reviewer focuses on
-  focus:
-    - security
-    - logic_errors
-    - test_coverage
-    - performance
-    - naming_and_readability
-
-  # Findings in these categories block the push
-  blocking_categories:
-    - security
-    - logic_errors
-
-  # Findings in these categories are printed as warnings but never block
-  warning_categories:
-    - test_coverage
-    - performance
-    - naming_and_readability
-
 # Tools to run before AI review — first failure blocks the push immediately
 tools:
   - name: eslint
-    command: npx eslint {changed_files}   # {changed_files} is replaced at runtime
+    # Commands are argv arrays. {changed_files} is expanded by the runner.
+    command: ["npx", "eslint", "{changed_files}"]
     extensions: [".js", ".jsx", ".ts", ".tsx"]
 
   - name: brakeman
-    command: bundle exec brakeman --no-pager --quiet
+    command: ["bundle", "exec", "brakeman", "--no-pager", "--quiet"]
     # no {changed_files} → runs on the whole project
 
 # Files and patterns excluded from tool checks and AI review
@@ -141,6 +127,8 @@ ignore_paths:
   - "coverage/**"
 ```
 
+V2 configs must declare `version: 2`. Core config sections are strict, provider-specific config belongs below `ai.providers.<provider>`, and tool commands are argv arrays rather than shell strings. Reviewer focus and default finding-category instructions live with the built-in review prompt rather than the v2 config surface. See `docs/v2-config-schema.md` for the schema boundary and migration behavior for `.push-review.yml`.
+
 ## Available templates
 
 | `--template` | Stack | Tools pre-configured |