claude-dev-env 1.17.2 → 1.19.0

package/hooks/blocking/test_content_search_to_zoekt_redirector_integration.py

@@ -0,0 +1,54 @@
+"""Subprocess integration tests for content-search-to-zoekt-redirector PreToolUse hook."""
+
+import json
+import pathlib
+import subprocess
+import sys
+import unittest
+from typing import Any
+
+
+class ContentSearchHookIntegrationTests(unittest.TestCase):
+    def test_bash_grep_command_emits_stdout_json_deny(self) -> None:
+        hook_directory = pathlib.Path(__file__).resolve().parent
+        if str(hook_directory) not in sys.path:
+            sys.path.insert(0, str(hook_directory))
+        from content_search_zoekt_redirect_guidance import get_zoekt_redirect_guidance
+
+        hook_path = hook_directory / "content-search-to-zoekt-redirector.py"
+        destructive_gate_label_prefix = "[destructive-gate]"
+        destructive_gate_label_prefix_value = f"{destructive_gate_label_prefix} "
+        expected_decision = "deny"
+        hook_stdin_payload = json.dumps(
+            {"tool_name": "Bash", "tool_input": {"command": "grep foo bar"}},
+        )
+
+        completed = subprocess.run(
+            [sys.executable, str(hook_path)],
+            input=hook_stdin_payload,
+            capture_output=True,
+            text=True,
+            cwd=str(hook_directory),
+        )
+        self.assertEqual(completed.returncode, 0)
+        self.assertEqual(completed.stderr, "")
+        payload: dict[str, Any] = json.loads(completed.stdout)
+        self.assertTrue(
+            payload["systemMessage"].startswith(destructive_gate_label_prefix_value),
+        )
+        self.assertEqual(
+            payload["hookSpecificOutput"]["permissionDecisionReason"],
+            get_zoekt_redirect_guidance(),
+        )
+        self.assertEqual(
+            payload["hookSpecificOutput"]["permissionDecision"],
+            expected_decision,
+        )
+        self.assertEqual(
+            payload["hookSpecificOutput"]["hookEventName"],
+            "PreToolUse",
+        )
+
+
+if __name__ == "__main__":
+    unittest.main()

package/hooks/blocking/test_content_search_to_zoekt_redirector_unit.py

@@ -0,0 +1,51 @@
+"""Unit tests for Zoekt redirector PreToolUse deny payload (build_block_payload)."""
+
+import json
+import pathlib
+import sys
+import unittest
+from typing import Any
+
+HOOK_DIRECTORY = pathlib.Path(__file__).resolve().parent
+if str(HOOK_DIRECTORY) not in sys.path:
+    sys.path.insert(0, str(HOOK_DIRECTORY))
+
+from content_search_zoekt_block_payload import build_block_payload
+from content_search_zoekt_redirect_guidance import get_zoekt_redirect_guidance
+
+
+class BuildBlockPayloadTests(unittest.TestCase):
+    def test_payload_matches_pretooluse_contract(self) -> None:
+        destructive_gate_label_prefix = "[destructive-gate]"
+        payload: dict[str, Any] = build_block_payload("demo", "body")
+        prefix_with_space = f"{destructive_gate_label_prefix} "
+        self.assertTrue(payload["systemMessage"].startswith(prefix_with_space))
+        self.assertEqual(
+            payload["hookSpecificOutput"]["permissionDecisionReason"],
+            "body",
+        )
+        self.assertEqual(payload["hookSpecificOutput"]["permissionDecision"], "deny")
+        self.assertEqual(
+            payload["hookSpecificOutput"]["hookEventName"],
+            "PreToolUse",
+        )
+        self.assertEqual(payload["suppressOutput"], True)
+        self.assertNotIn("decision", payload)
+        self.assertNotIn("reason", payload)
+
+    def test_serialized_payload_under_documented_context_cap(self) -> None:
+        cap_characters = 10_000
+        payload = build_block_payload(
+            brief_label="blocked Bash(grep); use Zoekt MCP",
+            permission_decision_reason=get_zoekt_redirect_guidance(),
+        )
+        serialized = json.dumps(payload)
+        self.assertLessEqual(
+            len(serialized),
+            cap_characters,
+            msg="Hooks doc caps additionalContext/systemMessage/plain stdout injection at 10,000 characters",
+        )
+
+
+if __name__ == "__main__":
+    unittest.main()

package/hooks/blocking/test_content_search_zoekt_indexed_roots_config.py

@@ -0,0 +1,102 @@
+"""Tests for Zoekt indexed root resolution (env, file, empty built-in fallback, WSL variants)."""
+
+import json
+import os
+import pathlib
+import sys
+import tempfile
+import unittest
+from unittest.mock import patch
+
+HOOK_DIRECTORY = pathlib.Path(__file__).resolve().parent
+if str(HOOK_DIRECTORY) not in sys.path:
+    sys.path.insert(0, str(HOOK_DIRECTORY))
+
+from content_search_zoekt_indexed_paths import is_in_indexed_repo
+from content_search_zoekt_indexed_roots_config import (
+    clear_indexed_root_prefixes_cache,
+    indexed_root_prefixes,
+)
+
+
+class IndexedRootsConfigTests(unittest.TestCase):
+    def tearDown(self) -> None:
+        clear_indexed_root_prefixes_cache()
+
+    def test_environment_json_array_defines_prefixes(self) -> None:
+        roots_json = json.dumps(["Y:/OnlyOne/Indexed/"])
+        with patch.dict(os.environ, {"ZOEKT_REDIRECT_INDEXED_ROOTS": roots_json}, clear=False):
+            clear_indexed_root_prefixes_cache()
+            prefixes = indexed_root_prefixes()
+        self.assertIn("y:/onlyone/indexed/", prefixes)
+        self.assertIn("/mnt/y/onlyone/indexed/", prefixes)
+
+    def test_empty_environment_array_yields_no_prefixes(self) -> None:
+        with patch.dict(os.environ, {"ZOEKT_REDIRECT_INDEXED_ROOTS": "[]"}, clear=False):
+            clear_indexed_root_prefixes_cache()
+            prefixes = indexed_root_prefixes()
+        self.assertEqual(prefixes, ())
+
+    def test_json_file_used_when_env_missing(self) -> None:
+        with tempfile.TemporaryDirectory() as tmp_str:
+            home = pathlib.Path(tmp_str)
+            config_dir = home / ".claude"
+            config_dir.mkdir(parents=True)
+            roots_payload = {"roots": ["Y:/FromFile/Project/"]}
+            (config_dir / "zoekt-indexed-roots.json").write_text(
+                json.dumps(roots_payload),
+                encoding="utf-8",
+            )
+            with patch("pathlib.Path.home", return_value=home):
+                saved = os.environ.pop("ZOEKT_REDIRECT_INDEXED_ROOTS", None)
+                try:
+                    clear_indexed_root_prefixes_cache()
+                    prefixes = indexed_root_prefixes()
+                finally:
+                    if saved is not None:
+                        os.environ["ZOEKT_REDIRECT_INDEXED_ROOTS"] = saved
+        self.assertIn("y:/fromfile/project/", prefixes)
+
+    def test_environment_overrides_file(self) -> None:
+        with tempfile.TemporaryDirectory() as tmp_str:
+            home = pathlib.Path(tmp_str)
+            config_dir = home / ".claude"
+            config_dir.mkdir(parents=True)
+            (config_dir / "zoekt-indexed-roots.json").write_text(
+                json.dumps({"roots": ["Y:/FromFile/"]}),
+                encoding="utf-8",
+            )
+            with patch("pathlib.Path.home", return_value=home):
+                with patch.dict(
+                    os.environ,
+                    {"ZOEKT_REDIRECT_INDEXED_ROOTS": json.dumps(["Y:/FromEnv/"])},
+                    clear=False,
+                ):
+                    clear_indexed_root_prefixes_cache()
+                    prefixes = indexed_root_prefixes()
+        self.assertIn("y:/fromenv/", prefixes)
+        self.assertNotIn("y:/fromfile/", prefixes)
+
+    def test_longer_prefix_matches_before_shorter_parent(self) -> None:
+        roots_json = json.dumps(["Y:/parent/", "Y:/parent/child/"])
+        with patch.dict(os.environ, {"ZOEKT_REDIRECT_INDEXED_ROOTS": roots_json}, clear=False):
+            clear_indexed_root_prefixes_cache()
+            self.assertTrue(is_in_indexed_repo("Y:/parent/child/file.py"))
+
+    def test_invalid_environment_json_falls_through_to_empty_builtin(self) -> None:
+        with patch(
+            "content_search_zoekt_indexed_roots_config._roots_from_json_file",
+            return_value=None,
+        ):
+            with patch.dict(
+                os.environ,
+                {"ZOEKT_REDIRECT_INDEXED_ROOTS": "not-json"},
+                clear=False,
+            ):
+                clear_indexed_root_prefixes_cache()
+                prefixes = indexed_root_prefixes()
+        self.assertEqual(prefixes, ())
+
+
+if __name__ == "__main__":
+    unittest.main()

package/hooks/blocking/test_destructive_command_blocker.py

@@ -0,0 +1,108 @@
+"""Tests for destructive-command-blocker hook."""
+
+import json
+import subprocess
+import sys
+from pathlib import Path
+
+
+SCRIPT_PATH = Path(__file__).parent / "destructive-command-blocker.py"
+GH_GATE_USER_FACING_PREFIX = "[gh-gate]"
+
+
+def _run_hook(payload: dict) -> subprocess.CompletedProcess[str]:
+    return subprocess.run(
+        [sys.executable, str(SCRIPT_PATH)],
+        input=json.dumps(payload),
+        text=True,
+        capture_output=True,
+        check=False,
+    )
+
+
+def _make_bash_payload(command: str) -> dict:
+    return {
+        "tool_name": "Bash",
+        "tool_input": {"command": command},
+    }
+
+
+def test_denies_gh_issue_comment_as_redirect_duplicate_guard() -> None:
+    payload = _make_bash_payload(
+        'gh issue comment 83 --repo jl-cmd/claude-code-config --body "hello"'
+    )
+    result = _run_hook(payload)
+    response = json.loads(result.stdout)
+    assert response["hookSpecificOutput"]["permissionDecision"] == "deny"
+    assert (
+        "gh issue comment" in response["hookSpecificOutput"]["permissionDecisionReason"]
+    )
+    assert (
+        "duplicate execution"
+        in response["hookSpecificOutput"]["permissionDecisionReason"]
+    )
+
+
+def test_denies_gh_pr_comment_as_redirect_duplicate_guard() -> None:
+    payload = _make_bash_payload('gh pr comment 42 --body "ok"')
+    result = _run_hook(payload)
+    response = json.loads(result.stdout)
+    assert response["hookSpecificOutput"]["permissionDecision"] == "deny"
+    assert "gh pr comment" in response["hookSpecificOutput"]["permissionDecisionReason"]
+
+
+def test_denies_gh_pr_review_as_redirect_duplicate_guard() -> None:
+    payload = _make_bash_payload("gh pr review 42 --approve")
+    result = _run_hook(payload)
+    response = json.loads(result.stdout)
+    assert response["hookSpecificOutput"]["permissionDecision"] == "deny"
+    assert "gh pr review" in response["hookSpecificOutput"]["permissionDecisionReason"]
+
+
+def test_denies_gh_api_post_comment_as_redirect_duplicate_guard() -> None:
+    payload = _make_bash_payload(
+        "gh api /repos/owner/name/issues/1/comments -X POST -f body=hello"
+    )
+    result = _run_hook(payload)
+    response = json.loads(result.stdout)
+    assert response["hookSpecificOutput"]["permissionDecision"] == "deny"
+
+
+def test_suppresses_output_on_gh_redirect_deny() -> None:
+    payload = _make_bash_payload('gh issue comment 1 --body "x"')
+    result = _run_hook(payload)
+    response = json.loads(result.stdout)
+    assert response["suppressOutput"] is True
+    assert response["systemMessage"].startswith(GH_GATE_USER_FACING_PREFIX)
+
+
+def test_asks_on_rm_rf_still_works() -> None:
+    payload = _make_bash_payload("rm -rf /tmp/somewhere")
+    result = _run_hook(payload)
+    response = json.loads(result.stdout)
+    assert response["hookSpecificOutput"]["permissionDecision"] == "ask"
+    assert "rm -rf" in response["hookSpecificOutput"]["permissionDecisionReason"]
+
+
+def test_asks_on_git_push_force_still_works() -> None:
+    payload = _make_bash_payload("git push --force origin main")
+    result = _run_hook(payload)
+    response = json.loads(result.stdout)
+    assert response["hookSpecificOutput"]["permissionDecision"] == "ask"
+    assert (
+        "git push --force" in response["hookSpecificOutput"]["permissionDecisionReason"]
+    )
+
+
+def test_allows_plain_command_without_destructive_pattern() -> None:
+    payload = _make_bash_payload("ls -la")
+    result = _run_hook(payload)
+    assert result.stdout.strip() == ""
+    assert result.returncode == 0
+
+
+def test_ignores_non_bash_tool() -> None:
+    payload = {"tool_name": "Read", "tool_input": {"file_path": "/tmp/x"}}
+    result = _run_hook(payload)
+    assert result.stdout.strip() == ""
+    assert result.returncode == 0

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "claude-dev-env",
-    "version": "1.17.2",
+    "version": "1.19.0",
     "description": "Claude Code development standards — rules, hooks, agents, commands, and skills",
     "type": "module",
     "bin": {
@@ -22,6 +22,9 @@
         "tdd",
         "code-quality"
     ],
+    "dependencies": {
+        "@jl-cmd/prompt-generator": "^1.0.0"
+    },
     "license": "MIT",
     "repository": {
         "type": "git",

package/skills/rule-audit/SKILL.md

@@ -89,8 +89,8 @@ For EACH hook entry in settings.json (both layers):
   - hook_script_path (extract from the command string after the last quote)
   - Read the actual script file
   - purpose (what rule does this hook enforce?)
-  - enforcement_type: "blocking" (exit 2 / permissionDecision deny) | "advisory" (stdout message) | "validation" (post-check)
-  - method: "exit_code_2" (deprecated) | "permissionDecision" (current) | "stdout" | "other"
+  - enforcement_type: "blocking" (exit 2 stderr, or PreToolUse exit 0 + JSON deny) | "advisory" (stdout message) | "validation" (post-check)
+  - method: "exit_code_2_stderr" | "pretooluse_json_stdout" (hookSpecificOutput.permissionDecision; see https://code.claude.com/docs/en/hooks) | "stdout" | "other"
   - which_rule_file (which .Codex/rules/*.md or AGENTS.md rule does this correspond to?)
   - orphaned (hook exists on disk but NOT in settings.json?)
 ```

package/hooks/HOOK_SPECS_PROMPT_WORKFLOW.md

@@ -1,64 +0,0 @@
-# Prompt Workflow Hook Specs
-
-Deterministic runtime gates for prompt workflows.
-
-## PreToolUse Task/Agent (removed)
-
-The former `agent-execution-intent-gate.py` hook is **removed**. Native Agent/Task launches do not carry stable custom metadata; enforcing scope text on every spawn blocked legitimate `/agent-prompt` and refinement delegations. Scope and checklist rules remain enforced by the Stop guard when a prompt-workflow response is detected.
-
-## Gate: Leakage + Checklist + Scope (file-based validation loop)
-
-- Validator: `hooks/blocking/prompt_workflow_validate.py`
-- Invocation: CLI against `data/prompts/.draft-prompt.xml` (exit 0 allowed, exit 2 blocked)
-- Fail conditions:
-  - Raw internal refinement object appears in assistant output without explicit debug intent
-  - Prompt-workflow response detected but deterministic checklist container is missing
-  - Prompt-workflow response detected and required deterministic checklist rows are missing
-  - Prompt-workflow response detected and required scope anchors are missing
-  - Prompt-workflow response detected and runtime context-control signals are missing
-  - Scope-bound text uses banned ambiguous scope terms
-  - Banned negative keywords found inside fenced XML artifact
-  - Fenced XML artifact missing required sections
-- Enforcement: The drafting subagent writes the draft file, runs the validator, reads stderr violations (each prefixed with `[reason_code]`), edits the file, and re-runs until exit 0.
-
-## Required Scope Anchors
-
-- `target_local_roots`
-- `target_canonical_roots`
-- `target_file_globs`
-- `comparison_basis`
-- `completion_boundary`
-
-## Required Deterministic Checklist Rows
-
-- `structured_scoped_instructions`
-- `sequential_steps_present`
-- `positive_framing`
-- `acceptance_criteria_defined`
-- `safety_reversibility_language`
-- `reversible_action_and_safety_check_guidance`
-- `concrete_output_contract`
-- `scope_boundary_present`
-- `explicit_scope_anchors_present`
-- `all_instructions_artifact_bound`
-- `scope_terms_explicit_and_anchored`
-- `completion_boundary_measurable`
-- `citation_grounding_policy_present`
-- `source_priority_rules_present`
-
-## Runtime Context-Control Signals
-
-- `base_minimal_instruction_layer: true`
-- `on_demand_skill_loading: true`
-
-These two signals are checked by the validator CLI whenever a prompt-workflow response is detected.
-
-## Deterministic Boundary
-
-These hooks enforce only structural/runtime checks. Semantic quality remains in auditor layer.
-
-## Reviewing Flattened Transcript Exports
-
-- Live prompt-workflow responses still require an explicit `Audit:` line plus one outer `xml` fence. The Stop guard and clipboard path continue to evaluate that literal boundary.
-- Saved transcript exports can flatten blocked retry turns and omit the outer fence lines. Normalize those files with `prompt_workflow_gate_core.normalize_prompt_workflow_export(...)`, then evaluate the rebuilt message with `extract_fenced_xml_content(...)` or `extract_fenced_xml_content_from_export(...)`.
-- Fence-relative evals review the **last successful Audit + artifact pair** after normalization. Earlier blocked retries in the flattened transcript remain diagnostic evidence and do not count as extra delivered artifacts.

package/hooks/blocking/prompt_workflow_clipboard.py

@@ -1,63 +0,0 @@
-#!/usr/bin/env python3
-"""Cross-platform clipboard writes for prompt-workflow XML artifacts."""
-
-from __future__ import annotations
-
-import os
-
-
-def _clipboard_disabled_by_env() -> bool:
-    flag = os.environ.get("PROMPT_WORKFLOW_SKIP_CLIPBOARD", "").strip().lower()
-    return flag in {"1", "true", "yes", "on"}
-
-
-def copy_text_to_system_clipboard(text: str) -> bool:
-    """Write ``text`` to the OS clipboard using Python-only backends.
-
-    Tries :mod:`tkinter` (stdlib) first, then optional ``pyperclip`` if installed.
-    Returns ``True`` when a backend reports success, ``False`` otherwise
-    (missing dependency, headless display, empty payload, or env opt-out).
-    """
-    if not text.strip():
-        return False
-    if _clipboard_disabled_by_env():
-        return False
-    if _copy_via_tkinter(text):
-        return True
-    return _copy_via_pyperclip(text)
-
-
-def _copy_via_tkinter(text: str) -> bool:
-    try:
-        import tkinter as tk
-    except ImportError:
-        return False
-    root: tk.Tk | None = None
-    try:
-        root = tk.Tk()
-        root.withdraw()
-        root.clipboard_clear()
-        root.clipboard_append(text)
-        root.update_idletasks()
-        root.update()
-        return True
-    except Exception:
-        return False
-    finally:
-        if root is not None:
-            try:
-                root.destroy()
-            except Exception:
-                pass
-
-
-def _copy_via_pyperclip(text: str) -> bool:
-    try:
-        import pyperclip
-    except ImportError:
-        return False
-    try:
-        pyperclip.copy(text)
-        return True
-    except Exception:
-        return False

package/hooks/blocking/prompt_workflow_gate_config.py

@@ -1,113 +0,0 @@
-"""Static lists and compiled regexes for prompt-workflow gate checks.
-
-Edit this file to change scope anchors, checklist rows, markers, or keyword lists
-without touching gate logic in prompt_workflow_gate_core.py.
-"""
-
-from __future__ import annotations
-
-import re
-
-REQUIRED_SCOPE_ANCHORS: tuple[str, ...] = (
-    "target_local_roots",
-    "target_canonical_roots",
-    "target_file_globs",
-    "comparison_basis",
-    "completion_boundary",
-)
-
-REQUIRED_CHECKLIST_ROWS: tuple[str, ...] = (
-    "structured_scoped_instructions",
-    "sequential_steps_present",
-    "positive_framing",
-    "acceptance_criteria_defined",
-    "safety_reversibility_language",
-    "reversible_action_and_safety_check_guidance",
-    "concrete_output_contract",
-    "scope_boundary_present",
-    "explicit_scope_anchors_present",
-    "all_instructions_artifact_bound",
-    "scope_terms_explicit_and_anchored",
-    "completion_boundary_measurable",
-    "citation_grounding_policy_present",
-    "source_priority_rules_present",
-    "artifact_language_confidence",
-)
-
-AMBIGUOUS_SCOPE_TERMS: tuple[str, ...] = (
-    "this session",
-    "current files",
-    "here",
-    "above",
-    "as needed",
-)
-
-INTERNAL_OBJECT_MARKERS: tuple[str, ...] = (
-    '"pipeline_mode": "internal_section_refinement_with_final_audit"',
-    '"scope_block": {',
-    '"required_sections": [',
-    '"section_output_contract": {',
-    '"merge_output_contract": {',
-    '"audit_output_contract": {',
-)
-
-PROMPT_WORKFLOW_RESPONSE_MARKERS: tuple[str, ...] = (
-    "checklist_results",
-    "overall_status",
-    "scope anchors",
-    "target_local_roots",
-    "target_canonical_roots",
-    "target_file_globs",
-    "comparison_basis",
-    "completion_boundary",
-)
-
-DEBUG_INTENT_MARKERS: tuple[str, ...] = (
-    "debug",
-    "show internal",
-    "raw internal object",
-    "pipeline object",
-)
-
-NEGATIVE_KEYWORDS_IN_ARTIFACT: tuple[str, ...] = (
-    "no",
-    "not",
-    "don't",
-    "do not",
-    "never",
-    "avoid",
-    "without",
-    "refrain",
-    "stop",
-    "prevent",
-    "exclude",
-    "prohibit",
-    "forbid",
-    "reject",
-    "cannot",
-    "unless",
-)
-
-NEGATIVE_INDIRECT_PATTERNS_IN_ARTIFACT: tuple[str, ...] = (
-    r"instead of\s+\w+",
-    r"rather than\s+\w+",
-    r"as opposed to\s+\w+",
-)
-
-REQUIRED_XML_SECTIONS: tuple[str, ...] = (
-    "role",
-    "background",
-    "instructions",
-    "constraints",
-    "output_format",
-)
-
-COMPILED_NEGATIVE_KEYWORD_PATTERNS: tuple[re.Pattern[str], ...] = tuple(
-    re.compile(rf"\b{re.escape(keyword)}\b", re.IGNORECASE)
-    for keyword in NEGATIVE_KEYWORDS_IN_ARTIFACT
-)
-
-COMPILED_NEGATIVE_INDIRECT_PATTERNS: tuple[re.Pattern[str], ...] = tuple(
-    re.compile(pattern, re.IGNORECASE)
-    for pattern in NEGATIVE_INDIRECT_PATTERNS_IN_ARTIFACT
-)