claude-dev-env 1.38.1 → 1.40.0

package/hooks/blocking/test_md_to_html_blocker.py

@@ -0,0 +1,317 @@
+"""Tests for md_to_html_blocker hook."""
+
+import importlib
+import json
+import os
+import subprocess
+import sys
+
+
+HOOK_SCRIPT_PATH = os.path.join(os.path.dirname(__file__), "md_to_html_blocker.py")
+
+
+class _RunHook:
+    def __call__(self, tool_name: str, tool_input: dict) -> subprocess.CompletedProcess:
+        payload = json.dumps({"tool_name": tool_name, "tool_input": tool_input})
+        return subprocess.run(
+            [sys.executable, HOOK_SCRIPT_PATH],
+            input=payload,
+            capture_output=True,
+            text=True,
+            check=False,
+        )
+
+
+_run_hook = _RunHook()
+
+
+def test_exempt_root_filenames_are_module_constant():
+    """Exempt root filenames should be a module-level constant, not inline in the function body."""
+    hook_dir = os.path.dirname(HOOK_SCRIPT_PATH)
+    if hook_dir not in sys.path:
+        sys.path.insert(0, hook_dir)
+
+    blocker_module = importlib.import_module("md_to_html_blocker")
+    importlib.reload(blocker_module)
+
+    assert hasattr(blocker_module, "_exempt_root_filenames")
+    assert "readme.md" in blocker_module._exempt_root_filenames
+    assert "changelog.md" in blocker_module._exempt_root_filenames
+
+
+def test_blocks_write_md_file():
+    result = _run_hook(
+        "Write",
+        {"file_path": "docs/guide.md", "content": "# Hello"},
+    )
+    assert result.returncode == 0
+    output = json.loads(result.stdout)
+    assert output["hookSpecificOutput"]["permissionDecision"] == "deny"
+
+
+def test_blocks_edit_md_file():
+    result = _run_hook(
+        "Edit",
+        {"file_path": "docs/guide.md", "old_string": "a", "new_string": "b"},
+    )
+    assert result.returncode == 0
+    output = json.loads(result.stdout)
+    assert output["hookSpecificOutput"]["permissionDecision"] == "deny"
+
+
+def test_blocks_uppercase_md_extension():
+    result = _run_hook(
+        "Write",
+        {"file_path": "DOCS/GUIDE.MD", "content": "# Hello"},
+    )
+    assert result.returncode == 0
+    output = json.loads(result.stdout)
+    assert output["hookSpecificOutput"]["permissionDecision"] == "deny"
+
+
+def test_passes_html_file():
+    result = _run_hook(
+        "Write",
+        {"file_path": "docs/guide.html", "content": "<h1>Hello</h1>"},
+    )
+    assert result.returncode == 0
+    assert result.stdout == ""
+
+
+def test_passes_non_markdown_extension():
+    result = _run_hook(
+        "Write",
+        {"file_path": "src/main.py", "content": "x = 1"},
+    )
+    assert result.returncode == 0
+    assert result.stdout == ""
+
+
+def test_passes_claude_dir():
+    result = _run_hook(
+        "Write",
+        {"file_path": ".claude/rules/foo.md", "content": "# Rule"},
+    )
+    assert result.returncode == 0
+    assert result.stdout == ""
+
+
+def test_passes_nested_claude_dir():
+    result = _run_hook(
+        "Write",
+        {"file_path": "notes/.claude/plans/plan.md", "content": "# Plan"},
+    )
+    assert result.returncode == 0
+    assert result.stdout == ""
+
+
+def test_passes_readme_at_root():
+    result = _run_hook(
+        "Write",
+        {"file_path": "README.md", "content": "# README"},
+    )
+    assert result.returncode == 0
+    assert result.stdout == ""
+
+
+def test_passes_changelog_at_root():
+    result = _run_hook(
+        "Write",
+        {"file_path": "CHANGELOG.md", "content": "# Changelog"},
+    )
+    assert result.returncode == 0
+    assert result.stdout == ""
+
+
+def test_blocks_readme_not_at_root():
+    result = _run_hook(
+        "Write",
+        {"file_path": "docs/README.md", "content": "# README"},
+    )
+    assert result.returncode == 0
+    output = json.loads(result.stdout)
+    assert output["hookSpecificOutput"]["permissionDecision"] == "deny"
+
+
+def test_blocks_changelog_not_at_root():
+    result = _run_hook(
+        "Write",
+        {"file_path": "sub/CHANGELOG.md", "content": "# Log"},
+    )
+    assert result.returncode == 0
+    output = json.loads(result.stdout)
+    assert output["hookSpecificOutput"]["permissionDecision"] == "deny"
+
+
+def test_unknown_tool_passes():
+    result = _run_hook(
+        "Grep",
+        {"pattern": "foo", "path": "."},
+    )
+    assert result.returncode == 0
+    assert result.stdout == ""
+
+
+def test_empty_file_path_passes():
+    result = _run_hook(
+        "Write",
+        {"file_path": "", "content": "# Hello"},
+    )
+    assert result.returncode == 0
+    assert result.stdout == ""
+
+
+def test_non_dict_stdin_passes():
+    payload = json.dumps(["not", "a", "dict"])
+    result = subprocess.run(
+        [sys.executable, HOOK_SCRIPT_PATH],
+        input=payload,
+        capture_output=True,
+        text=True,
+        check=False,
+    )
+    assert result.returncode == 0
+    assert result.stdout == ""
+
+
+def test_non_string_tool_name_passes():
+    payload = json.dumps(
+        {"tool_name": 123, "tool_input": {"file_path": "docs/guide.md"}}
+    )
+    result = subprocess.run(
+        [sys.executable, HOOK_SCRIPT_PATH],
+        input=payload,
+        capture_output=True,
+        text=True,
+        check=False,
+    )
+    assert result.returncode == 0
+    assert result.stdout == ""
+
+
+def test_non_dict_tool_input_passes():
+    payload = json.dumps({"tool_name": "Write", "tool_input": "not_a_dict"})
+    result = subprocess.run(
+        [sys.executable, HOOK_SCRIPT_PATH],
+        input=payload,
+        capture_output=True,
+        text=True,
+        check=False,
+    )
+    assert result.returncode == 0
+    assert result.stdout == ""
+
+
+def test_denial_has_system_message():
+    result = _run_hook(
+        "Write",
+        {"file_path": "docs/guide.md", "content": "# Hello"},
+    )
+    assert result.returncode == 0
+    output = json.loads(result.stdout)
+    assert output["suppressOutput"] is True
+    assert isinstance(output["systemMessage"], str)
+    assert len(output["systemMessage"]) > 0
+
+
+def test_denial_has_additional_context():
+    result = _run_hook(
+        "Write",
+        {"file_path": "docs/guide.md", "content": "# Hello"},
+    )
+    assert result.returncode == 0
+    output = json.loads(result.stdout)
+    ctx = output["hookSpecificOutput"].get("additionalContext", "")
+    assert "HTML" in ctx
+    assert (
+        "thariqs.github.io" in output["hookSpecificOutput"]["permissionDecisionReason"]
+    )
+
+
+def test_denial_reason_mentions_html_redirect():
+    result = _run_hook(
+        "Write",
+        {"file_path": "docs/guide.md", "content": "# Hello"},
+    )
+    assert result.returncode == 0
+    output = json.loads(result.stdout)
+    reason = output["hookSpecificOutput"]["permissionDecisionReason"]
+    assert ".html" in reason.lower()
+
+
+def test_passes_claude_md_file():
+    result = _run_hook(
+        "Write",
+        {"file_path": ".claude/CLAUDE.md", "content": "# CLAUDE.md"},
+    )
+    assert result.returncode == 0
+    assert result.stdout == ""
+
+
+def test_blocks_windows_path_with_backslash():
+    result = _run_hook(
+        "Write",
+        {"file_path": "docs\\guide.md", "content": "# Hello"},
+    )
+    assert result.returncode == 0
+    output = json.loads(result.stdout)
+    assert output["hookSpecificOutput"]["permissionDecision"] == "deny"
+
+
+def test_passes_windows_path_claude_exempt():
+    result = _run_hook(
+        "Write",
+        {"file_path": "project\\.claude\\rules\\foo.md", "content": "# Rule"},
+    )
+    assert result.returncode == 0
+    assert result.stdout == ""
+
+
+def test_passes_claude_dir_case_insensitive():
+    result = _run_hook(
+        "Write",
+        {"file_path": ".Claude/rules/foo.md", "content": "# Rule"},
+    )
+    assert result.returncode == 0
+    assert result.stdout == ""
+
+
+def test_passes_readme_lowercase_at_root():
+    result = _run_hook(
+        "Write",
+        {"file_path": "readme.md", "content": "# readme"},
+    )
+    assert result.returncode == 0
+    assert result.stdout == ""
+
+
+def test_json_decode_error_passes():
+    result = subprocess.run(
+        [sys.executable, HOOK_SCRIPT_PATH],
+        input="not json",
+        capture_output=True,
+        text=True,
+        check=False,
+    )
+    assert result.returncode == 0
+    assert result.stdout == ""
+
+
+def test_blocks_claude_path_traversal_bypass():
+    result = _run_hook(
+        "Write",
+        {"file_path": ".claude/../docs/guide.md", "content": "# Bypass"},
+    )
+    assert result.returncode == 0
+    output = json.loads(result.stdout)
+    assert output["hookSpecificOutput"]["permissionDecision"] == "deny"
+
+
+def test_blocks_md_with_curly_braces_in_path():
+    result = _run_hook(
+        "Write",
+        {"file_path": "docs/{template}.md", "content": "# Template"},
+    )
+    assert result.returncode == 0
+    output = json.loads(result.stdout)
+    assert output["hookSpecificOutput"]["permissionDecision"] == "deny"

package/hooks/blocking/test_pr_description_enforcer.py

@@ -25,8 +25,21 @@ extract_body_from_command = hook_module.extract_body_from_command
 validate_pr_body = hook_module.validate_pr_body
 
 VALID_BODY = (
-    "## Description\n\nThis PR fixes a real bug.\n\n"
-    "## Why\n\nBecause it was broken in production.\n\n"
+    "Allow commas in branch names so PRs whose head branch was generated from "
+    "a title or external identifier no longer fail validation before any git "
+    "operation.\n\n"
+    "Fixes #1300.\n\n"
+    "## Changes\n\n"
+    "- `src/github/operations/branch.ts`: add `,` to the whitelist regex\n"
+    "- `test/branch.test.ts`: 3 new cases covering comma-bearing branch names\n\n"
+    "## Test plan\n\n"
+    "- `bun test test/branch.test.ts`\n"
+    "- `bun run typecheck`\n"
+)
+
+LEGACY_DESCRIPTION_WHY_HOW_BODY = (
+    "## Description\n\nThis PR fixes a real bug in the authentication module.\n\n"
+    "## Why\n\nBecause it was broken in production and customers reported failures.\n\n"
     "## How\n\nRefactored the auth module to handle edge cases correctly.\n"
 )
 
@@ -109,15 +122,63 @@ def test_extract_short_flag_shell_var_returns_empty() -> None:
     assert extract_body_from_command(command) == ""
 
 
-def test_validate_passes_complete_body() -> None:
+def test_validate_passes_anthropic_standard_body() -> None:
     assert validate_pr_body(VALID_BODY) == []
 
 
-def test_validate_blocks_missing_sections() -> None:
-    violations = validate_pr_body("Some body text without required sections.\n" * 5)
-    assert any(
-        "Missing required section" in each_violation for each_violation in violations
+def test_validate_passes_legacy_description_why_how_body() -> None:
+    """Existing Description/Why/How bodies must still pass -- the relaxed rule only widens what's accepted."""
+    assert validate_pr_body(LEGACY_DESCRIPTION_WHY_HOW_BODY) == []
+
+
+def test_validate_passes_sectionless_prose_body() -> None:
+    """Anthropic's trivial-PR shape is one sentence with no headers."""
+    body = (
+        "Pin third-party GitHub Actions references to immutable commit SHAs "
+        "so a tag move cannot redirect CI to attacker-controlled code."
+    )
+    assert validate_pr_body(body) == []
+
+
+def test_validate_blocks_skeleton_body_with_only_headers_and_bullets() -> None:
+    """Sections + bullets without any prose Why is rejected -- the substantive-prose check catches this."""
+    body = (
+        "## Summary\n\n"
+        "## Changes\n\n"
+        "- `a`\n"
+        "- `b`\n"
+        "- `c`\n"
+    )
+    violations = validate_pr_body(body)
+    assert any("substantive prose" in each_violation.lower() for each_violation in violations)
+
+
+def test_validate_blocks_blockquoted_headings_with_no_real_prose() -> None:
+    """Regression: blockquote markers must strip BEFORE heading stripping.
+
+    A line like `> ## Summary` starts with `>`, so `^#+[ \\t].*$` cannot match it
+    in heading position. If blockquote markers are stripped after, the bare
+    `## Summary` text survives into the prose stream and inflates the count.
+    Correct order strips `> ` first, then the line becomes a real heading and
+    drops out, leaving an effectively empty body below the 40-character minimum.
+    """
+    body = "> ## Summary\n> ## Why\n> ## How"
+    violations = validate_pr_body(body)
+    assert any("substantive prose" in each_violation.lower() for each_violation in violations)
+
+
+def test_validate_passes_prose_after_bare_hashes_with_no_space() -> None:
+    """Bug regression: `##\\n` followed by prose must not have its prose eaten by the heading regex.
+
+    The previous pattern `^#+\\s.*$` matched `\\s` against the newline, then `.*$` greedily
+    consumed the next line. The fix restricts the whitespace class to `[ \\t]` so only true
+    headings (`## text`) match, leaving prose-after-bare-hashes intact for substantive-prose counting.
+    """
+    body = (
+        "##\nThis is real prose that should not be eaten by the heading regex, "
+        "it should pass the 40-character minimum."
     )
+    assert validate_pr_body(body) == []
 
 
 def test_validate_blocks_vague_language() -> None:
@@ -128,7 +189,7 @@ def test_validate_blocks_vague_language() -> None:
 
 def test_validate_blocks_short_body() -> None:
     violations = validate_pr_body("Too short.")
-    assert any("too short" in each_violation.lower() for each_violation in violations)
+    assert any("substantive prose" in each_violation.lower() for each_violation in violations)
 
 
 def test_body_file_content_validated(tmp_path: pathlib.Path) -> None:

package/hooks/config/any_type_config.py

@@ -0,0 +1,7 @@
+"""Configuration constants for the Any/cast escape-hatch check."""
+
+ALL_ANY_ALLOWED_PATTERNS: tuple[str, ...] = (
+    "__init__.py",
+    "protocols.py",
+    "types.py",
+)

package/hooks/config/banned_identifiers_constants.py

@@ -9,10 +9,21 @@ ALL_BANNED_IDENTIFIERS: frozenset[str] = frozenset(
         "value",
         "item",
         "temp",
+        "tmp",
         "argv",
         "args",
         "kwargs",
         "argc",
+        "rc",
+        "cfg",
+        "ctx",
+        "cnt",
+        "btn",
+        "idx",
+        "tmp",
+        "msg",
+        "elem",
+        "val",
     }
 )
 MAX_BANNED_IDENTIFIER_ISSUES: int = 3

package/hooks/config/blocking_check_limits.py

@@ -0,0 +1,38 @@
+"""Caps and lookup sets for the new B-series blocking checks in code_rules_enforcer.py.
+
+Each constant is consumed by exactly one check function in the enforcer. They
+live here (not at module scope of the enforcer) so the enforcer file stays
+under the file-global-constants use-count rule (CODE_RULES §file-global-constants).
+"""
+
+from __future__ import annotations
+
+
+MAX_BANNED_PREFIX_ISSUES: int = 3
+MAX_STUB_IMPLEMENTATION_ISSUES: int = 3
+MAX_TYPED_DICT_PAIR_ISSUES: int = 3
+MAX_TEST_BRANCHING_ISSUES: int = 3
+MAX_BARE_EXCEPT_ISSUES: int = 3
+MAX_BOUNDARY_TYPE_ISSUES: int = 5
+ALL_BANNED_PREFIX_NAMES: tuple[str, ...] = ("handle_", "process_", "manage_", "do_")
+MAX_DOCSTRING_FORMAT_ISSUES: int = 5
+MAX_TYPE_ESCAPE_HATCH_ISSUES: int = 5
+MAX_THIN_WRAPPER_ISSUES: int = 1
+DOCSTRING_TRIVIAL_FUNCTION_BODY_LINE_LIMIT: int = 3
+
+ALL_BARE_EXCEPT_BANNED_HANDLER_NAMES: frozenset[str] = frozenset({"Exception", "BaseException"})
+ALL_BOUNDARY_TYPE_EXEMPT_FILENAMES: frozenset[str] = frozenset({"protocols.py", "types.py"})
+ALL_DOCSTRING_IMPLICIT_INSTANCE_PARAMETER_NAMES: frozenset[str] = frozenset({"self", "cls"})
+ALL_DOCSTRING_EXEMPT_DECORATOR_NAMES: frozenset[str] = frozenset(
+    {"property", "abstractmethod", "abstractproperty", "abc.abstractmethod", "overload"}
+)
+ALL_TEST_INDICATING_ENVIRONMENT_VARIABLE_NAMES: frozenset[str] = frozenset(
+    {
+        "TESTING",
+        "PYTEST_CURRENT_TEST",
+        "TEST_MODE",
+        "IS_TEST",
+        "IS_TESTING",
+        "UNIT_TEST",
+    }
+)

package/hooks/config/bot_mention_comment_blocker_constants.py

@@ -0,0 +1,20 @@
+"""Configuration constants for the bot_mention_comment_blocker PreToolUse hook."""
+
+TOOL_NAME: str = "mcp__plugin_github_github__add_issue_comment"
+
+CURSOR_MENTION_TOKEN: str = "@cursor"
+COPILOT_MENTION_TOKEN: str = "@copilot"
+
+CORRECTIVE_MESSAGE_CURSOR: str = (
+    "BLOCKED [bot-mention]: Invalid comment. "
+    "Post exactly ``bugbot run`` with no other text as your issue comment "
+    "to trigger Bugbot."
+)
+
+CORRECTIVE_MESSAGE_COPILOT: str = (
+    "BLOCKED [bot-mention]: Invalid comment. "
+    "To request a Copilot review, use the GitHub REST API:\n"
+    "  gh api --method POST repos/<owner>/<repo>/pulls/<number>/requested_reviewers \\\n"
+    "    -f 'reviewers[]=copilot-pull-request-reviewer[bot]'\n"
+    "See ~/.claude/skills/pr-converge/reference/convergence-gates.md."
+)

package/hooks/config/code_rules_enforcer_constants.py

@@ -0,0 +1,53 @@
+"""Constants for code_rules_enforcer.py.
+
+Extracted from code_rules_enforcer.py to satisfy the constants-location rule.
+"""
+
+import re
+
+ALL_PYTHON_EXTENSIONS = {".py"}
+ALL_JAVASCRIPT_EXTENSIONS = {".js", ".ts", ".tsx", ".jsx"}
+ALL_CODE_EXTENSIONS = ALL_PYTHON_EXTENSIONS | ALL_JAVASCRIPT_EXTENSIONS
+
+ALL_TEST_PATH_PATTERNS = {"test_", "_test.", ".test.", ".spec.", "/tests/", "\\tests\\", "/tests.py", "\\tests.py"}
+ALL_HOOK_INFRASTRUCTURE_PATTERNS = {"/.claude/hooks/", "\\.claude\\hooks\\", "\\.claude/hooks/", "/packages/claude-dev-env/hooks/", "\\packages\\claude-dev-env\\hooks\\"}
+ALL_WORKFLOW_REGISTRY_PATTERNS = {"/workflow/", "\\workflow\\", "_tab.py", "/states.py", "\\states.py", "/modules.py", "\\modules.py"}
+ALL_MIGRATION_PATH_PATTERNS = {"/migrations/", "\\migrations\\"}
+
+ADVISORY_LINE_THRESHOLD_SOFT = 400
+ADVISORY_LINE_THRESHOLD_HARD = 1000
+
+ALL_BOOLEAN_NAME_PREFIXES: tuple[str, ...] = ("is_", "has_", "should_", "can_")
+UPPER_SNAKE_CONSTANT_PATTERN = re.compile(r"^[A-Z][A-Z0-9_]*$")
+
+
+TYPE_CHECKING_BLOCK_PATTERN = re.compile(r"^(?P<indent>\s*)if\s+(typing\.)?TYPE_CHECKING\s*:\s*$")
+ALL_IMPORT_STATEMENT_PREFIXES: tuple[str, ...] = ("import ", "from ")
+NOT_INSIDE_TYPE_CHECKING_BLOCK = -1
+FILE_GLOBAL_UPPER_SNAKE_PATTERN = re.compile(r"^_?[A-Z][A-Z0-9_]*$")
+
+ALL_COLLECTION_TYPE_NAMES: frozenset[str] = frozenset({
+    "list", "tuple", "set", "frozenset",
+    "Iterable", "Sequence", "Mapping", "MutableMapping", "FrozenSet",
+})
+ALL_SUBSCRIPT_ONLY_COLLECTION_TYPE_NAMES: frozenset[str] = frozenset({"dict"})
+COLLECTION_BY_NAME_PATTERN: re.Pattern[str] = re.compile(r"^[a-z][a-z0-9]*_by_[a-z][a-z0-9_]*$")
+ALL_CLI_FILE_PATH_MARKERS: tuple[str, ...] = ("/scripts/", "\\scripts\\", "_cli.py", "/cli.py", "\\cli.py")
+
+LOGGING_FSTRING_PATTERN = re.compile(
+    r'\b(?:log_(?:debug|info|warning|error|critical|exception)'
+    r'|(?:logger|logging|log)\.(?:debug|info|warning|error|critical|exception))'
+    r'\s*\(\s*(?:[rR][fF]|[fF][rR]?)["\']'
+)
+ALL_BUILTIN_DICT_METHOD_NAMES: frozenset[str] = frozenset({
+    "get", "items", "keys", "values", "update", "pop",
+    "setdefault", "copy", "clear",
+})
+ALL_UNION_TYPING_NAMES: frozenset[str] = frozenset({"Optional", "Union"})
+ALL_SELF_AND_CLS_PARAMETER_NAMES: frozenset[str] = frozenset({"self", "cls"})
+ALL_LOOP_INDEX_LETTER_EXEMPTIONS: frozenset[str] = frozenset({"i", "j", "k", "_"})
+EACH_PREFIX = "each_"
+BARE_EACH_TOKEN = "each"
+INLINE_COLLECTION_MIN_LENGTH = 3
+ALL_CAPS_WITH_UNDERSCORE_PATTERN = re.compile(r"^[A-Z][A-Z0-9]*(?:_[A-Z0-9]+)+$")
+DOTTED_SEGMENT_PATTERN = re.compile(r"^\.[a-z][a-z0-9_]*$")

package/hooks/config/convergence_branch_constants.py

@@ -0,0 +1,9 @@
+"""Convergence branch naming policy constants.
+
+Shared by destructive_command_blocker convergence-branch exemptions
+and convergence_gate_blocker pre-flight checks.
+"""
+
+ALL_CONVERGENCE_BRANCH_PREFIXES: tuple[str, ...] = ("claude/", "worktree-")
+CONVERGENCE_BRANCH_SUFFIX_PATTERN: str = r"pr-.*-converge$"
+CONVERGENCE_FORCE_PUSH_DETECTION_PATTERN: str = r"\bgit\s+push\b\s+(.*(?:--force|-f)\b.*)"

package/hooks/config/doc_gist_auto_publish_constants.py

@@ -0,0 +1,18 @@
+"""Constants for the doc-gist auto-publish PostToolUse hook.
+
+PUBLISH_SENTINEL: HTML comment marker. Claude includes it in HTML it intends to share;
+absent in HTML that is part of code, tests, or fixtures. Hook is a no-op without it.
+
+HTML_FILE_EXTENSION: only files ending in this extension are candidates for the hook;
+Markdown, source files, etc. are skipped.
+
+ALL_TARGET_TOOL_NAMES: tool names the hook fires after. The hook is a PostToolUse
+listener; only Write and Edit produce a writable file path that the marker check
+can be applied to.
+"""
+
+PUBLISH_SENTINEL = "<!-- @publish-as-gist -->"
+HTML_FILE_EXTENSION = ".html"
+ALL_TARGET_TOOL_NAMES = ("Write", "Edit")
+HOOK_SUBPROCESS_TIMEOUT_SECONDS = 50
+UPLOAD_SCRIPT_RELATIVE_PATH = "skills/doc-gist/scripts/gist_upload.py"

package/hooks/config/html_companion_constants.py

@@ -0,0 +1,20 @@
+"""CSS theme constants and URL scheme denylist for md-to-html companion hook."""
+
+CSS_BG_COLOR = "13, 17, 23"
+CSS_FG_COLOR = "201, 209, 217"
+CSS_BORDER_COLOR = "48, 54, 61"
+CSS_ACCENT_COLOR = "88, 166, 255"
+CSS_MUTED_COLOR = "139, 148, 158"
+CSS_SURFACE_COLOR = "22, 27, 34"
+CSS_STRONG_COLOR = "240, 246, 252"
+CSS_LINE_HEIGHT = "1.6"
+CSS_BODY_PADDING = "2rem"
+CSS_MAX_WIDTH = "960px"
+CSS_H1_SIZE = "1.6rem"
+CSS_H2_SIZE = "1.25rem"
+CSS_H3_SIZE = "1.1rem"
+CSS_CODE_SIZE = "0.85rem"
+CSS_TABLE_WIDTH = "100%"
+CSS_TH_WEIGHT = "600"
+
+BLOCKED_URL_SCHEMES = frozenset({"javascript", "data"})

package/hooks/config/inline_tuple_string_magic_constants.py

@@ -0,0 +1,22 @@
+"""Constants for the inline-tuple snake_case-string-magic check in code_rules_enforcer.
+
+Mirrors the column-name/key heuristic previously held only in
+``_shared/pr-loop/scripts/code_rules_gate.py`` so the Write/Edit hook can
+catch the same pattern that the commit-time gate caught.
+"""
+
+EXPECTED_TUPLE_PAIR_LENGTH: int = 2
+
+MAX_INLINE_TUPLE_STRING_MAGIC_ISSUES: int = 3
+
+MINIMUM_SNAKE_CASE_LENGTH_AFTER_FIRST_CHAR: int = 2
+
+SNAKE_CASE_LITERAL_PATTERN: str = (
+    r"^[a-z][a-z0-9_]{" + str(MINIMUM_SNAKE_CASE_LENGTH_AFTER_FIRST_CHAR) + r",}$"
+)
+
+ALL_SNAKE_CASE_KEYWORD_EXEMPTIONS: frozenset[str] = frozenset(
+    {"true", "false", "none", "null"}
+)
+
+INLINE_TUPLE_STRING_MAGIC_MESSAGE_SUFFIX: str = "extract to config"

package/hooks/config/pr_description_enforcer_constants.py

@@ -0,0 +1,14 @@
+"""Configuration constants for the pr_description_enforcer PreToolUse hook."""
+
+import re
+
+MINIMUM_SUBSTANTIVE_PROSE_CHARS: int = 40
+
+FENCED_CODE_BLOCK_PATTERN: re.Pattern[str] = re.compile(r"```.*?```", re.DOTALL)
+INLINE_CODE_PATTERN: re.Pattern[str] = re.compile(r"`[^`]*`")
+HEADING_LINE_PATTERN: re.Pattern[str] = re.compile(r"^#+[ \t].*$", re.MULTILINE)
+BOLD_PAIR_PATTERN: re.Pattern[str] = re.compile(r"\*\*([^*]+?)\*\*")
+BULLET_MARKER_PATTERN: re.Pattern[str] = re.compile(r"^\s*[-*+]\s+", re.MULTILINE)
+BLOCKQUOTE_MARKER_PATTERN: re.Pattern[str] = re.compile(r"^\s*>\s+", re.MULTILINE)
+LINK_TEXT_PATTERN: re.Pattern[str] = re.compile(r"\[([^\]]+)\]\([^)]+\)")
+WHITESPACE_RUN_PATTERN: re.Pattern[str] = re.compile(r"\s+")

package/hooks/config/test_banned_identifiers_constants.py

@@ -34,6 +34,23 @@ def test_all_banned_identifiers_includes_canonical_offenders() -> None:
     assert canonical_offenders <= ALL_BANNED_IDENTIFIERS
 
 
+def test_all_banned_identifiers_includes_abbreviation_offenders() -> None:
+    abbreviation_offenders = {
+        "rc",
+        "cfg",
+        "ctx",
+        "cnt",
+        "btn",
+        "idx",
+        "cnt",
+        "tmp",
+        "msg",
+        "elem",
+        "val",
+    }
+    assert abbreviation_offenders <= ALL_BANNED_IDENTIFIERS
+
+
 def test_max_banned_identifier_issues_is_positive_cap() -> None:
     assert MAX_BANNED_IDENTIFIER_ISSUES > 0