anvil-dev-framework 0.1.7 → 0.1.9

package/project/hooks/pre_tool_use.py

@@ -0,0 +1,454 @@
+#!/usr/bin/env -S uv run --script
+# /// script
+# requires-python = ">=3.11"
+# dependencies = [
+#     "python-dotenv",
+# ]
+# ///
+
+"""
+PreToolUse Hook - Safety checks, warnings, and TTS announcements before tools run.
+
+Safety (blocks tool execution):
+- Blocks dangerous rm -rf commands
+- Blocks access to .env files
+
+Warnings (soft warnings, does not block):
+- Warns when editing gitignored files (suggests tracked alternative)
+- Reminds to commit WIP every 50 tool invocations
+
+TTS Events (with --announce flag):
+- AskUserQuestion -> "Question for you" (before user sees the question)
+"""
+
+import argparse
+import json
+import os
+import sys
+import re
+import shutil
+import subprocess
+import platform
+from datetime import datetime, timedelta
+from pathlib import Path
+
+try:
+    from dotenv import load_dotenv
+    load_dotenv()
+except ImportError:
+    pass
+
+
+def is_apple_silicon():
+    """Check if running on Apple Silicon Mac."""
+    return platform.system() == "Darwin" and platform.machine() == "arm64"
+
+
+def get_tts_script_path():
+    """
+    Determine which TTS script to use.
+    Priority: MLX Audio (Apple Silicon) > ElevenLabs > OpenAI > pyttsx3
+    """
+    script_dir = Path(__file__).parent
+    tts_dir = script_dir / "utils" / "tts"
+
+    # MLX Audio for Apple Silicon
+    if is_apple_silicon():
+        mlx_script = tts_dir / "mlx_audio_tts.py"
+        if mlx_script.exists():
+            return str(mlx_script)
+
+    # ElevenLabs if API key set
+    if os.getenv('ELEVENLABS_API_KEY'):
+        elevenlabs_script = tts_dir / "elevenlabs_tts.py"
+        if elevenlabs_script.exists():
+            return str(elevenlabs_script)
+
+    # OpenAI TTS if API key set
+    if os.getenv('OPENAI_API_KEY'):
+        openai_script = tts_dir / "openai_tts.py"
+        if openai_script.exists():
+            return str(openai_script)
+
+    # pyttsx3 as fallback
+    pyttsx3_script = tts_dir / "pyttsx3_tts.py"
+    if pyttsx3_script.exists():
+        return str(pyttsx3_script)
+
+    return None
+
+
+def speak(message: str):
+    """Speak a message using the best available TTS."""
+    try:
+        tts_script = get_tts_script_path()
+        if tts_script:
+            result = subprocess.run(
+                ["uv", "run", tts_script, message],
+                capture_output=True,
+                timeout=15
+            )
+            # If TTS script failed, fall back to macOS say
+            if result.returncode != 0 and platform.system() == "Darwin":
+                subprocess.run(['say', message], capture_output=True, timeout=10)
+        elif platform.system() == "Darwin":
+            subprocess.run(['say', message], capture_output=True, timeout=10)
+    except Exception:
+        # Last resort fallback
+        if platform.system() == "Darwin":
+            try:
+                subprocess.run(['say', message], capture_output=True, timeout=10)
+            except Exception:
+                pass
+
+
+def get_tts_message(tool_name: str, tool_input: dict) -> str | None:
+    """
+    Determine if this tool invocation should trigger TTS and return the message.
+    Returns None if no TTS should be triggered.
+    """
+    # AskUserQuestion - Question for the user (announce BEFORE tool runs)
+    if tool_name == "AskUserQuestion":
+        return "I have a question for you."
+
+    return None
+
+
+def is_dangerous_rm_command(command):
+    """
+    Comprehensive detection of dangerous rm commands.
+    Matches various forms of rm -rf and similar destructive patterns.
+    """
+    # Normalize command by removing extra spaces and converting to lowercase
+    normalized = ' '.join(command.lower().split())
+
+    # Pattern 1: Standard rm -rf variations
+    patterns = [
+        r'\brm\s+.*-[a-z]*r[a-z]*f',  # rm -rf, rm -fr, rm -Rf, etc.
+        r'\brm\s+.*-[a-z]*f[a-z]*r',  # rm -fr variations
+        r'\brm\s+--recursive\s+--force',  # rm --recursive --force
+        r'\brm\s+--force\s+--recursive',  # rm --force --recursive
+        r'\brm\s+-r\s+.*-f',  # rm -r ... -f
+        r'\brm\s+-f\s+.*-r',  # rm -f ... -r
+    ]
+
+    # Check for dangerous patterns
+    for pattern in patterns:
+        if re.search(pattern, normalized):
+            return True
+
+    # Pattern 2: Check for rm with recursive flag targeting dangerous paths
+    dangerous_paths = [
+        r'/',           # Root directory
+        r'/\*',         # Root with wildcard
+        r'~',           # Home directory
+        r'~/',          # Home directory path
+        r'\$HOME',      # Home environment variable
+        r'\.\.',        # Parent directory references
+        r'\*',          # Wildcards in general rm -rf context
+        r'\.',          # Current directory
+        r'\.\s*$',      # Current directory at end of command
+    ]
+
+    if re.search(r'\brm\s+.*-[a-z]*r', normalized):  # If rm has recursive flag
+        for path in dangerous_paths:
+            if re.search(path, normalized):
+                return True
+
+    return False
+
+
+def is_env_file_access(tool_name, tool_input):
+    """
+    Check if any tool is trying to access .env files containing sensitive data.
+    """
+    if tool_name in ['Read', 'Edit', 'MultiEdit', 'Write', 'Bash']:
+        # Check file paths for file-based tools
+        if tool_name in ['Read', 'Edit', 'MultiEdit', 'Write']:
+            file_path = tool_input.get('file_path', '')
+            if '.env' in file_path and not file_path.endswith('.env.sample'):
+                return True
+
+        # Check bash commands for .env file access
+        elif tool_name == 'Bash':
+            command = tool_input.get('command', '')
+            # Pattern to detect .env file access (but allow .env.sample)
+            env_patterns = [
+                r'\b\.env\b(?!\.sample)',  # .env but not .env.sample
+                r'cat\s+.*\.env\b(?!\.sample)',  # cat .env
+                r'echo\s+.*>\s*\.env\b(?!\.sample)',  # echo > .env
+                r'touch\s+.*\.env\b(?!\.sample)',  # touch .env
+                r'cp\s+.*\.env\b(?!\.sample)',  # cp .env
+                r'mv\s+.*\.env\b(?!\.sample)',  # mv .env
+            ]
+
+            for pattern in env_patterns:
+                if re.search(pattern, command):
+                    return True
+
+    return False
+
+
+# =============================================================================
+# Gitignore Verification (Soft Warnings)
+# =============================================================================
+
+def is_gitignored(file_path: str) -> bool:
+    """Check if a file path is gitignored using git check-ignore."""
+    try:
+        result = subprocess.run(
+            ['git', 'check-ignore', '-q', file_path],
+            capture_output=True,
+            timeout=5
+        )
+        return result.returncode == 0
+    except Exception:
+        return False
+
+
+def get_tracked_alternative(file_path: str) -> str | None:
+    """
+    For dual-location patterns, return the tracked alternative path.
+    Maps gitignored locations to their tracked counterparts.
+    """
+    dual_locations = {
+        ".claude/hooks/": "project/hooks/",
+        ".claude/commands/": "project/skills/",
+        ".claude/tests/": "project/tests/",
+    }
+
+    for gitignored_prefix, tracked_prefix in dual_locations.items():
+        if gitignored_prefix in file_path:
+            return file_path.replace(gitignored_prefix, tracked_prefix)
+
+    return None
+
+
+def check_gitignored_file(file_path: str) -> None:
+    """
+    Check if file is gitignored and print warning if so.
+    Suggests tracked alternative if available (dual-location pattern).
+    """
+    if not file_path or not is_gitignored(file_path):
+        return
+
+    # Get tracked alternative if this is a dual-location pattern
+    tracked_alt = get_tracked_alternative(file_path)
+
+    print(f"WARNING: Editing gitignored file: {file_path}", file=sys.stderr)
+    if tracked_alt:
+        print(f"  Consider editing the tracked version instead: {tracked_alt}", file=sys.stderr)
+    print("  Changes to gitignored files won't be preserved across sessions.", file=sys.stderr)
+
+
+# =============================================================================
+# WIP Commit Reminder (Soft Warnings)
+# =============================================================================
+
+def get_tool_count() -> int:
+    """Get current tool invocation count from the log file."""
+    try:
+        log_path = Path.cwd() / 'logs' / 'pre_tool_use.json'
+        if log_path.exists():
+            with open(log_path, 'r') as f:
+                log_data = json.load(f)
+                return len(log_data) if isinstance(log_data, list) else 0
+    except Exception:
+        pass
+    return 0
+
+
+def check_uncommitted_changes() -> tuple[bool, str]:
+    """
+    Check for uncommitted changes in the git repository.
+    Returns (has_changes, branch_name).
+    """
+    try:
+        # Get current branch
+        branch_result = subprocess.run(
+            ['git', 'rev-parse', '--abbrev-ref', 'HEAD'],
+            capture_output=True,
+            text=True,
+            timeout=5
+        )
+        branch_name = branch_result.stdout.strip() if branch_result.returncode == 0 else "unknown"
+
+        # Check for uncommitted changes
+        status_result = subprocess.run(
+            ['git', 'status', '--porcelain'],
+            capture_output=True,
+            text=True,
+            timeout=5
+        )
+        has_changes = bool(status_result.stdout.strip()) if status_result.returncode == 0 else False
+
+        return has_changes, branch_name
+    except Exception:
+        return False, "unknown"
+
+
+def maybe_remind_wip_commit(tool_count: int) -> None:
+    """
+    Remind user to commit WIP if there are uncommitted changes.
+    Triggers every 50 tool invocations.
+    """
+    # Only remind every 50 tools
+    if tool_count % 50 != 0 or tool_count == 0:
+        return
+
+    has_changes, branch_name = check_uncommitted_changes()
+    if not has_changes:
+        return
+
+    print(f"REMINDER: {tool_count} tool invocations - consider committing your work.", file=sys.stderr)
+    print(f"  Branch: {branch_name}", file=sys.stderr)
+    print("  Run: git add -A && git commit -m 'WIP: checkpoint'", file=sys.stderr)
+
+
+# =============================================================================
+# Log Rotation (ANV-231)
+# =============================================================================
+
+LOG_MAX_SIZE_BYTES = 500 * 1024  # 500KB
+LOG_RETENTION_DAYS = 7
+
+
+def rotate_log_if_needed(log_path: Path) -> bool:
+    """
+    Rotate log file if it exceeds 500KB.
+    Archives to logs/archive/YYYY-MM-DD-HH-MM-SS-{logname}.json
+    """
+    if not log_path.exists():
+        return False
+
+    try:
+        if log_path.stat().st_size < LOG_MAX_SIZE_BYTES:
+            return False
+    except OSError:
+        return False
+
+    archive_dir = log_path.parent / "archive"
+    archive_dir.mkdir(parents=True, exist_ok=True)
+
+    timestamp = datetime.now().strftime("%Y-%m-%d-%H-%M-%S")
+    archive_path = archive_dir / f"{timestamp}-{log_path.name}"
+
+    # Handle collision (same second rotation) with bounded counter
+    counter = 1
+    max_counter = 100
+    while archive_path.exists() and counter < max_counter:
+        archive_path = archive_dir / f"{timestamp}-{counter}-{log_path.name}"
+        counter += 1
+
+    if counter >= max_counter:
+        return False  # Give up if too many collisions
+
+    try:
+        shutil.move(str(log_path), str(archive_path))
+        return True
+    except OSError:
+        return False
+
+
+def cleanup_old_archives(archive_dir: Path) -> int:
+    """Remove archives older than retention period (7 days)."""
+    if not archive_dir.exists():
+        return 0
+
+    cutoff = datetime.now() - timedelta(days=LOG_RETENTION_DAYS)
+    deleted = 0
+
+    try:
+        for f in archive_dir.glob("*.json"):
+            try:
+                if datetime.fromtimestamp(f.stat().st_mtime) < cutoff:
+                    f.unlink()
+                    deleted += 1
+            except OSError:
+                continue
+    except OSError:
+        pass
+
+    return deleted
+
+
+def main():
+    try:
+        parser = argparse.ArgumentParser()
+        parser.add_argument('--announce', action='store_true',
+                          help='Enable TTS announcements for tool events')
+        args = parser.parse_args()
+
+        # Read JSON input from stdin
+        input_data = json.load(sys.stdin)
+
+        tool_name = input_data.get('tool_name', '')
+        tool_input = input_data.get('tool_input', {})
+
+        # TTS announcement (before safety checks so user hears it even if blocked)
+        if args.announce:
+            message = get_tts_message(tool_name, tool_input)
+            if message:
+                speak(message)
+
+        # Soft warning: Check for gitignored file edits (dual-location pattern)
+        if tool_name in ['Edit', 'Write', 'MultiEdit']:
+            file_path = tool_input.get('file_path', '')
+            check_gitignored_file(file_path)
+
+        # Check for .env file access (blocks access to sensitive environment files)
+        if is_env_file_access(tool_name, tool_input):
+            print("BLOCKED: Access to .env files containing sensitive data is prohibited", file=sys.stderr)
+            print("Use .env.sample for template files instead", file=sys.stderr)
+            sys.exit(2)  # Exit code 2 blocks tool call and shows error to Claude
+
+        # Check for dangerous rm -rf commands
+        if tool_name == 'Bash':
+            command = tool_input.get('command', '')
+
+            # Block rm -rf commands with comprehensive pattern matching
+            if is_dangerous_rm_command(command):
+                print("BLOCKED: Dangerous rm command detected and prevented", file=sys.stderr)
+                sys.exit(2)  # Exit code 2 blocks tool call and shows error to Claude
+
+        # Ensure log directory exists
+        log_dir = Path.cwd() / 'logs'
+        log_dir.mkdir(parents=True, exist_ok=True)
+        log_path = log_dir / 'pre_tool_use.json'
+
+        # Rotate log if needed and cleanup old archives (ANV-231)
+        rotate_log_if_needed(log_path)
+        cleanup_old_archives(log_dir / "archive")
+
+        # Read existing log data or initialize empty list
+        if log_path.exists():
+            with open(log_path, 'r') as f:
+                try:
+                    log_data = json.load(f)
+                except (json.JSONDecodeError, ValueError):
+                    log_data = []
+        else:
+            log_data = []
+
+        # Append new data
+        log_data.append(input_data)
+
+        # Write back to file with formatting
+        with open(log_path, 'w') as f:
+            json.dump(log_data, f, indent=2)
+
+        # Soft warning: Remind to commit WIP every 50 tool invocations
+        maybe_remind_wip_commit(len(log_data))
+
+        sys.exit(0)
+
+    except json.JSONDecodeError:
+        # Gracefully handle JSON decode errors
+        sys.exit(0)
+    except Exception:
+        # Handle any other errors gracefully
+        sys.exit(0)
+
+
+if __name__ == '__main__':
+    main()