claude-dev-env 1.34.1 → 1.36.0

package/hooks/blocking/test_code_rules_enforcer_naming_pattern.py

@@ -148,19 +148,6 @@ def test_should_skip_workflow_registry_files() -> None:
     assert issues == []
 
 
-def test_should_cap_issues_at_three() -> None:
-    source = (
-        "def f() -> None:\n"
-        "    one = True\n"
-        "    two = False\n"
-        "    three = True\n"
-        "    four = False\n"
-        "    five = True\n"
-    )
-    issues = check_boolean_naming(source, PRODUCTION_FILE_PATH)
-    assert len(issues) == 3
-
-
 def test_should_not_flag_syntax_error_as_issue() -> None:
     source = "def f(:\n    valid = True\n"
     issues = check_boolean_naming(source, PRODUCTION_FILE_PATH)
@@ -174,3 +161,52 @@ def test_validate_content_invokes_boolean_naming_check() -> None:
     assert matching_issues, (
         f"expected validate_content to surface the boolean-naming issue, got {issues!r}"
     )
+
+
+def test_should_flag_substring_is_when_not_at_prefix_position() -> None:
+    source = "def f() -> None:\n    left_is_upper_snake = True\n"
+    issues = check_boolean_naming(source, PRODUCTION_FILE_PATH)
+    _assert_flags_name(issues, "left_is_upper_snake", 2)
+    assert len(issues) == 1, (
+        f"'is_' in middle position must not satisfy the prefix rule, got: {issues}"
+    )
+
+
+def test_should_flag_substring_has_when_not_at_prefix_position() -> None:
+    source = "def f() -> None:\n    user_has_permission = True\n"
+    issues = check_boolean_naming(source, PRODUCTION_FILE_PATH)
+    _assert_flags_name(issues, "user_has_permission", 2)
+    assert len(issues) == 1, (
+        f"'has_' in middle position must not satisfy the prefix rule, got: {issues}"
+    )
+
+
+def test_should_flag_substring_should_when_not_at_prefix_position() -> None:
+    source = "def f() -> None:\n    user_should_retry = True\n"
+    issues = check_boolean_naming(source, PRODUCTION_FILE_PATH)
+    _assert_flags_name(issues, "user_should_retry", 2)
+    assert len(issues) == 1
+
+
+def test_should_flag_substring_can_when_not_at_prefix_position() -> None:
+    source = "def f() -> None:\n    user_can_edit = True\n"
+    issues = check_boolean_naming(source, PRODUCTION_FILE_PATH)
+    _assert_flags_name(issues, "user_can_edit", 2)
+    assert len(issues) == 1
+
+
+def test_should_flag_right_is_literal_substring_match() -> None:
+    source = "def f() -> None:\n    right_is_literal = False\n"
+    issues = check_boolean_naming(source, PRODUCTION_FILE_PATH)
+    _assert_flags_name(issues, "right_is_literal", 2)
+    assert len(issues) == 1, (
+        f"PR #232 finding: substring 'is_' in 'right_is_literal' must be flagged, got: {issues}"
+    )
+
+
+def test_should_allow_is_prefix_at_start_when_compound_word_follows() -> None:
+    source = "def f() -> None:\n    is_left_upper_snake = True\n"
+    issues = check_boolean_naming(source, PRODUCTION_FILE_PATH)
+    assert issues == [], (
+        f"is_left_upper_snake has prefix at position 0, must pass, got: {issues}"
+    )

package/hooks/blocking/test_code_rules_enforcer_skip_decorators.py

@@ -122,29 +122,3 @@ def test_should_flag_decorator_with_skip_in_name() -> None:
     )
 
 
-def test_stops_at_max_issues_per_check() -> None:
-    source = (
-        "import pytest\n"
-        "\n"
-        "@pytest.mark.skip(reason='a')\n"
-        "def test_one() -> None:\n"
-        "    pass\n"
-        "\n"
-        "@pytest.mark.skip(reason='b')\n"
-        "def test_two() -> None:\n"
-        "    pass\n"
-        "\n"
-        "@pytest.mark.skip(reason='c')\n"
-        "def test_three() -> None:\n"
-        "    pass\n"
-        "\n"
-        "@pytest.mark.skip(reason='d')\n"
-        "def test_four() -> None:\n"
-        "    pass\n"
-        "\n"
-        "@pytest.mark.skip(reason='e')\n"
-        "def test_five() -> None:\n"
-        "    pass\n"
-    )
-    issues = code_rules_enforcer.check_skip_decorators_in_tests(source, TEST_FILE_PATH)
-    assert len(issues) == code_rules_enforcer.MAX_ISSUES_PER_CHECK

package/hooks/blocking/test_code_rules_enforcer_string_magic.py

@@ -0,0 +1,234 @@
+from __future__ import annotations
+
+from pathlib import Path
+import importlib.util
+
+ENFORCER_PATH = Path(__file__).resolve().parent / "code_rules_enforcer.py"
+specification = importlib.util.spec_from_file_location(
+    "code_rules_enforcer", ENFORCER_PATH
+)
+code_rules_enforcer = importlib.util.module_from_spec(specification)
+specification.loader.exec_module(code_rules_enforcer)
+
+PRODUCTION_FILE_PATH = "packages/app/services/foo.py"
+TEST_FILE_PATH = "packages/app/tests/test_foo.py"
+CONFIG_FILE_PATH = "packages/app/config/constants.py"
+
+
+def test_should_flag_env_var_name_string_in_function_body() -> None:
+    source = (
+        "import os\n"
+        "\n"
+        "def fetch_secret() -> str:\n"
+        "    return os.environ['STRIPE_SECRET']\n"
+    )
+    issues = code_rules_enforcer.check_string_literal_magic(
+        source, PRODUCTION_FILE_PATH
+    )
+    assert any("STRIPE_SECRET" in each_issue for each_issue in issues), (
+        f"Expected env-var name flagged, got: {issues}"
+    )
+
+
+def test_should_flag_settings_key_all_caps_with_underscore() -> None:
+    source = "def lookup(settings: dict) -> str:\n    return settings['HOOKS_PATH']\n"
+    issues = code_rules_enforcer.check_string_literal_magic(
+        source, PRODUCTION_FILE_PATH
+    )
+    assert any("HOOKS_PATH" in each_issue for each_issue in issues), (
+        f"Expected settings key flagged, got: {issues}"
+    )
+
+
+def test_should_flag_dotted_segment_string() -> None:
+    source = "def is_git_dir(path: str) -> bool:\n    return path.endswith('.git')\n"
+    issues = code_rules_enforcer.check_string_literal_magic(
+        source, PRODUCTION_FILE_PATH
+    )
+    assert any(".git" in each_issue for each_issue in issues), (
+        f"Expected '.git' flagged, got: {issues}"
+    )
+
+
+def test_should_not_flag_single_letter_uppercase() -> None:
+    source = "def is_added(line: str) -> bool:\n    return line.startswith('A')\n"
+    issues = code_rules_enforcer.check_string_literal_magic(
+        source, PRODUCTION_FILE_PATH
+    )
+    assert issues == [], f"Single capital letter must not be flagged, got: {issues}"
+
+
+def test_should_not_flag_short_uppercase_acronym() -> None:
+    source = "def is_get(method: str) -> bool:\n    return method == 'GET'\n"
+    issues = code_rules_enforcer.check_string_literal_magic(
+        source, PRODUCTION_FILE_PATH
+    )
+    assert issues == [], f"Short acronym 'GET' must not be flagged, got: {issues}"
+
+
+def test_should_not_flag_human_readable_message() -> None:
+    source = (
+        "def fail() -> None:\n    raise RuntimeError('Could not connect to host')\n"
+    )
+    issues = code_rules_enforcer.check_string_literal_magic(
+        source, PRODUCTION_FILE_PATH
+    )
+    assert issues == [], f"Human-readable message must not be flagged, got: {issues}"
+
+
+def test_should_not_flag_lowercase_string() -> None:
+    source = "def get_label() -> str:\n    return 'hello'\n"
+    issues = code_rules_enforcer.check_string_literal_magic(
+        source, PRODUCTION_FILE_PATH
+    )
+    assert issues == [], f"Lowercase string must not be flagged, got: {issues}"
+
+
+def test_should_not_flag_module_level_string() -> None:
+    source = "DEFAULT_KEY = 'STRIPE_SECRET'\n"
+    issues = code_rules_enforcer.check_string_literal_magic(
+        source, PRODUCTION_FILE_PATH
+    )
+    assert issues == [], (
+        f"Module-level string must not be flagged (it IS the constant), got: {issues}"
+    )
+
+
+def test_should_not_flag_docstring() -> None:
+    source = (
+        "def consume() -> None:\n"
+        '    """STRIPE_SECRET is documented here for reference."""\n'
+        "    return None\n"
+    )
+    issues = code_rules_enforcer.check_string_literal_magic(
+        source, PRODUCTION_FILE_PATH
+    )
+    assert issues == [], f"Docstring must not be flagged, got: {issues}"
+
+
+def test_should_skip_in_test_files() -> None:
+    source = (
+        "import os\n"
+        "\n"
+        "def test_env() -> None:\n"
+        "    assert os.environ['STRIPE_SECRET'] == 'x'\n"
+    )
+    issues = code_rules_enforcer.check_string_literal_magic(source, TEST_FILE_PATH)
+    assert issues == [], f"Test files exempt, got: {issues}"
+
+
+def test_should_skip_in_config_files() -> None:
+    source = "def env_keys() -> list[str]:\n    return ['STRIPE_SECRET', 'DB_HOST']\n"
+    issues = code_rules_enforcer.check_string_literal_magic(source, CONFIG_FILE_PATH)
+    assert issues == [], f"Config files exempt, got: {issues}"
+
+
+def test_should_not_flag_default_argument_string_literal() -> None:
+    source = (
+        "def consume(key: str = 'STRIPE_SECRET') -> str:\n"
+        "    return key\n"
+    )
+    issues = code_rules_enforcer.check_string_literal_magic(
+        source, PRODUCTION_FILE_PATH
+    )
+    assert issues == [], (
+        f"Default argument value (signature, not body) must not be flagged, got: {issues}"
+    )
+
+
+def test_should_not_flag_decorator_string_literal() -> None:
+    source = (
+        "from functools import lru_cache\n"
+        "\n"
+        "def cache_with_tag(tag: str):\n"
+        "    return lru_cache\n"
+        "\n"
+        "@cache_with_tag('STRIPE_SECRET')\n"
+        "def consume() -> str:\n"
+        "    return 'hello'\n"
+    )
+    issues = code_rules_enforcer.check_string_literal_magic(
+        source, PRODUCTION_FILE_PATH
+    )
+    assert issues == [], (
+        f"Decorator argument (not body) must not be flagged, got: {issues}"
+    )
+
+
+def test_should_not_flag_annotation_literal_type_argument() -> None:
+    source = (
+        "from typing import Literal\n"
+        "\n"
+        "def consume(method: Literal['STRIPE_SECRET']) -> str:\n"
+        "    return method\n"
+    )
+    issues = code_rules_enforcer.check_string_literal_magic(
+        source, PRODUCTION_FILE_PATH
+    )
+    assert issues == [], (
+        f"Literal type annotation (signature, not body) must not be flagged, got: {issues}"
+    )
+
+
+def test_should_not_flag_default_arg_of_nested_function_when_scanning_outer() -> None:
+    source = (
+        "def outer() -> None:\n"
+        "    def inner(key: str = 'STRIPE_SECRET') -> str:\n"
+        "        return key\n"
+        "    return None\n"
+    )
+    issues = code_rules_enforcer.check_string_literal_magic(
+        source, PRODUCTION_FILE_PATH
+    )
+    assert issues == [], (
+        f"Nested function's default arg (signature) must not be flagged from outer scan, got: {issues}"
+    )
+
+
+def test_should_flag_class_attribute_in_nested_class_body() -> None:
+    source = (
+        "def outer() -> str:\n"
+        "    class Inner:\n"
+        "        attribute: str = 'STRIPE_SECRET'\n"
+        "    return 'no_magic_here'\n"
+    )
+    issues = code_rules_enforcer.check_string_literal_magic(
+        source, PRODUCTION_FILE_PATH
+    )
+    assert any("STRIPE_SECRET" in each_issue for each_issue in issues), (
+        f"Nested ClassDef body executes when outer() runs; class attribute must be flagged, got: {issues}"
+    )
+
+
+def test_should_flag_class_attribute_in_nested_class_inside_function() -> None:
+    source = (
+        "def outer() -> None:\n"
+        "    class Inner:\n"
+        "        KEY: str = 'STRIPE_SECRET'\n"
+        "    return None\n"
+    )
+    issues = code_rules_enforcer.check_string_literal_magic(
+        source, PRODUCTION_FILE_PATH
+    )
+    assert any("STRIPE_SECRET" in each_issue for each_issue in issues), (
+        f"Class-level attribute inside a nested ClassDef inside outer fn body must be flagged "
+        f"(it executes when outer() runs), got: {issues}"
+    )
+
+
+def test_should_still_flag_literal_in_nested_function_body() -> None:
+    source = (
+        "def outer() -> str:\n"
+        "    def inner() -> str:\n"
+        "        return 'STRIPE_SECRET'\n"
+        "    return inner()\n"
+    )
+    issues = code_rules_enforcer.check_string_literal_magic(
+        source, PRODUCTION_FILE_PATH
+    )
+    assert any("STRIPE_SECRET" in each_issue for each_issue in issues), (
+        f"Inner function's body magic literal must still be flagged via inner scan, got: {issues}"
+    )
+    assert len(issues) == 1, (
+        f"Inner literal must be flagged exactly once (no duplicate from outer walk), got: {issues}"
+    )

package/hooks/blocking/test_code_rules_enforcer_sys_path_insert.py

@@ -0,0 +1,157 @@
+"""Tests for sys.path.insert dedup-guard rule.
+
+Bot reviewers on PR #289 flagged grant_project_claude_permissions.py:13
+and revoke_project_claude_permissions.py for unconditionally calling
+sys.path.insert(0, X) without checking whether X was already present.
+The convention in the rest of the repo is to guard the call with
+`if str(X) not in sys.path:` (or equivalent) to avoid pushing the
+same path repeatedly when modules get reloaded.
+"""
+
+from __future__ import annotations
+
+import importlib.util
+import pathlib
+import sys
+
+
+_HOOK_DIRECTORY = pathlib.Path(__file__).parent
+if str(_HOOK_DIRECTORY) not in sys.path:
+    sys.path.insert(0, str(_HOOK_DIRECTORY))
+
+_hook_spec = importlib.util.spec_from_file_location(
+    "code_rules_enforcer",
+    _HOOK_DIRECTORY / "code_rules_enforcer.py",
+)
+assert _hook_spec is not None
+assert _hook_spec.loader is not None
+_hook_module = importlib.util.module_from_spec(_hook_spec)
+_hook_spec.loader.exec_module(_hook_module)
+check_sys_path_insert_deduplication_guard = _hook_module.check_sys_path_insert_deduplication_guard
+
+
+PRODUCTION_FILE_PATH = "packages/app/services/loader.py"
+TEST_FILE_PATH = "packages/app/tests/test_loader.py"
+
+
+def test_should_flag_unguarded_module_level_insert() -> None:
+    source = (
+        "import sys\n"
+        "from pathlib import Path\n"
+        "REPOSITORY_ROOT = Path(__file__).resolve().parent\n"
+        "sys.path.insert(0, str(REPOSITORY_ROOT))\n"
+    )
+    issues = check_sys_path_insert_deduplication_guard(source, PRODUCTION_FILE_PATH)
+    assert any("sys.path.insert" in each_issue for each_issue in issues), (
+        f"Expected unguarded sys.path.insert flagged, got: {issues}"
+    )
+
+
+def test_should_not_flag_when_preceded_by_membership_guard() -> None:
+    source = (
+        "import sys\n"
+        "from pathlib import Path\n"
+        "REPOSITORY_ROOT = str(Path(__file__).resolve().parent)\n"
+        "if REPOSITORY_ROOT not in sys.path:\n"
+        "    sys.path.insert(0, REPOSITORY_ROOT)\n"
+    )
+    issues = check_sys_path_insert_deduplication_guard(source, PRODUCTION_FILE_PATH)
+    assert issues == [], (
+        f"Guarded insert (if X not in sys.path) must not be flagged, got: {issues}"
+    )
+
+
+def test_should_flag_unguarded_function_local_insert() -> None:
+    source = (
+        "import sys\ndef configure() -> None:\n    sys.path.insert(0, '/some/path')\n"
+    )
+    issues = check_sys_path_insert_deduplication_guard(source, PRODUCTION_FILE_PATH)
+    assert any("sys.path.insert" in each_issue for each_issue in issues), (
+        f"Function-local unguarded insert must be flagged, got: {issues}"
+    )
+
+
+def test_should_not_flag_function_local_when_guarded() -> None:
+    source = (
+        "import sys\n"
+        "def configure() -> None:\n"
+        "    target = '/some/path'\n"
+        "    if target not in sys.path:\n"
+        "        sys.path.insert(0, target)\n"
+    )
+    issues = check_sys_path_insert_deduplication_guard(source, PRODUCTION_FILE_PATH)
+    assert issues == [], f"Guarded function-local insert must pass, got: {issues}"
+
+
+def test_should_not_flag_sys_path_append_or_extend() -> None:
+    source = (
+        "import sys\nsys.path.append('/some/path')\nsys.path.extend(['/a', '/b'])\n"
+    )
+    issues = check_sys_path_insert_deduplication_guard(source, PRODUCTION_FILE_PATH)
+    assert issues == [], (
+        f"This rule targets sys.path.insert specifically, append/extend exempt, got: {issues}"
+    )
+
+
+def test_should_skip_test_files() -> None:
+    source = "import sys\nsys.path.insert(0, '/some/path')\n"
+    issues = check_sys_path_insert_deduplication_guard(source, TEST_FILE_PATH)
+    assert issues == [], (
+        f"Test files exempt — fixtures often manipulate sys.path, got: {issues}"
+    )
+
+
+def test_should_handle_syntax_error_gracefully() -> None:
+    source = "import sys\nsys.path.insert(\n    not python\n"
+    issues = check_sys_path_insert_deduplication_guard(source, PRODUCTION_FILE_PATH)
+    assert issues == [], f"Parse failure must return empty, got: {issues}"
+
+
+def test_should_recognize_str_call_around_path_in_guard() -> None:
+    source = (
+        "import sys\n"
+        "from pathlib import Path\n"
+        "ROOT = Path('/x')\n"
+        "if str(ROOT) not in sys.path:\n"
+        "    sys.path.insert(0, str(ROOT))\n"
+    )
+    issues = check_sys_path_insert_deduplication_guard(source, PRODUCTION_FILE_PATH)
+    assert issues == [], (
+        f"str(ROOT) wrapped in both guard and insert must not flag, got: {issues}"
+    )
+
+
+def test_should_include_line_number_in_issue() -> None:
+    source = "import sys\n\n\nsys.path.insert(0, '/x')\n"
+    issues = check_sys_path_insert_deduplication_guard(source, PRODUCTION_FILE_PATH)
+    assert any("Line 4" in each_issue for each_issue in issues), (
+        f"Expected line 4 reference, got: {issues}"
+    )
+
+
+def test_should_flag_inverted_membership_guard_inserting_in_then_branch() -> None:
+    source = (
+        "import sys\n"
+        "TARGET = '/some/path'\n"
+        "if TARGET in sys.path:\n"
+        "    sys.path.insert(0, TARGET)\n"
+    )
+    issues = check_sys_path_insert_deduplication_guard(source, PRODUCTION_FILE_PATH)
+    assert any("sys.path.insert" in each_issue for each_issue in issues), (
+        "`if X in sys.path: sys.path.insert(0, X)` inserts a duplicate when X "
+        f"is already present; only `not in` guards then-branch inserts. Got: {issues}"
+    )
+
+
+def test_should_flag_inverted_membership_guard_with_str_wrapper() -> None:
+    source = (
+        "import sys\n"
+        "from pathlib import Path\n"
+        "ROOT = Path('/x')\n"
+        "if str(ROOT) in sys.path:\n"
+        "    sys.path.insert(0, str(ROOT))\n"
+    )
+    issues = check_sys_path_insert_deduplication_guard(source, PRODUCTION_FILE_PATH)
+    assert any("sys.path.insert" in each_issue for each_issue in issues), (
+        f"Inverted membership guard with str() wrapper must still flag, got: {issues}"
+    )