claude-dev-env 1.49.1 → 1.50.1

package/hooks/blocking/test_code_rules_enforcer_naming_pattern.py

@@ -26,7 +26,7 @@ TEST_FILE_PATH = "src/app/test_feature.py"
 CONFIG_FILE_PATH = "src/config/settings.py"
 WORKFLOW_FILE_PATH = "src/workflow/orders_tab.py"
 HOOK_FILE_PATH = "/home/user/.claude/hooks/blocking/my_hook.py"
-EXPECTED_PREFIX_GUIDANCE = "prefix with is_/has_/should_/can_"
+EXPECTED_PREFIX_GUIDANCE = "prefix with is_/has_/should_/can_/was_/did_"
 
 
 def _assert_flags_name(issues: list[str], name: str, line_number: int) -> None:
@@ -210,3 +210,139 @@ def test_should_allow_is_prefix_at_start_when_compound_word_follows() -> None:
     assert issues == [], (
         f"is_left_upper_snake has prefix at position 0, must pass, got: {issues}"
     )
+
+
+PARAMETER_PREFIX_GUIDANCE = "prefix with is_/has_/should_/can_/was_/did_"
+
+
+def _assert_flags_parameter(issues: list[str], name: str, line_number: int) -> None:
+    expected = f"Line {line_number}: Boolean parameter {name} - {PARAMETER_PREFIX_GUIDANCE}"
+    assert expected in issues, f"expected {expected!r} in {issues!r}"
+
+
+def test_should_flag_bool_annotated_parameter_without_prefix() -> None:
+    source = "def run(dry_run: bool) -> None:\n    print(dry_run)\n"
+    issues = check_boolean_naming(source, PRODUCTION_FILE_PATH)
+    _assert_flags_parameter(issues, "dry_run", 1)
+    assert len(issues) == 1
+
+
+def test_should_flag_bool_default_parameter_without_annotation() -> None:
+    source = "def run(apply_historical_weight=False) -> None:\n    print(apply_historical_weight)\n"
+    issues = check_boolean_naming(source, PRODUCTION_FILE_PATH)
+    _assert_flags_parameter(issues, "apply_historical_weight", 1)
+    assert len(issues) == 1
+
+
+def test_should_flag_keyword_only_bool_parameter_without_prefix() -> None:
+    source = "def run(*, click_succeeded: bool = True) -> None:\n    print(click_succeeded)\n"
+    issues = check_boolean_naming(source, PRODUCTION_FILE_PATH)
+    _assert_flags_parameter(issues, "click_succeeded", 1)
+    assert len(issues) == 1
+
+
+def test_should_allow_is_prefixed_bool_parameter() -> None:
+    source = "def run(is_dry_run: bool) -> None:\n    print(is_dry_run)\n"
+    issues = check_boolean_naming(source, PRODUCTION_FILE_PATH)
+    assert issues == []
+
+
+def test_should_allow_was_prefixed_bool_parameter() -> None:
+    source = "def run(was_clicked: bool = False) -> None:\n    print(was_clicked)\n"
+    issues = check_boolean_naming(source, PRODUCTION_FILE_PATH)
+    assert issues == []
+
+
+def test_should_allow_did_prefixed_bool_parameter() -> None:
+    source = "def run(did_succeed: bool) -> None:\n    print(did_succeed)\n"
+    issues = check_boolean_naming(source, PRODUCTION_FILE_PATH)
+    assert issues == []
+
+
+def test_should_allow_was_prefixed_bool_assignment() -> None:
+    source = "def f() -> None:\n    was_clicked = True\n"
+    issues = check_boolean_naming(source, PRODUCTION_FILE_PATH)
+    assert issues == []
+
+
+def test_should_allow_did_prefixed_bool_assignment() -> None:
+    source = "def f() -> None:\n    did_run = False\n"
+    issues = check_boolean_naming(source, PRODUCTION_FILE_PATH)
+    assert issues == []
+
+
+def test_should_skip_single_letter_bool_parameter() -> None:
+    source = "def run(x: bool) -> None:\n    print(x)\n"
+    issues = check_boolean_naming(source, PRODUCTION_FILE_PATH)
+    assert issues == []
+
+
+def test_should_skip_self_parameter_in_method() -> None:
+    source = (
+        "class Runner:\n"
+        "    def run(self, enabled: bool) -> None:\n"
+        "        print(self, enabled)\n"
+    )
+    issues = check_boolean_naming(source, PRODUCTION_FILE_PATH)
+    _assert_flags_parameter(issues, "enabled", 2)
+    assert len(issues) == 1
+
+
+def test_should_not_flag_non_bool_parameter() -> None:
+    source = "def run(retries: int) -> None:\n    print(retries)\n"
+    issues = check_boolean_naming(source, PRODUCTION_FILE_PATH)
+    assert issues == []
+
+
+def test_should_skip_bool_parameter_in_test_file() -> None:
+    source = "def run(dry_run: bool) -> None:\n    print(dry_run)\n"
+    issues = check_boolean_naming(source, TEST_FILE_PATH)
+    assert issues == []
+
+
+def test_should_pair_positional_defaults_right_aligned() -> None:
+    source = (
+        "def run(name: str, verbose: bool = False) -> None:\n"
+        "    print(name, verbose)\n"
+    )
+    issues = check_boolean_naming(source, PRODUCTION_FILE_PATH)
+    _assert_flags_parameter(issues, "verbose", 1)
+    assert len(issues) == 1
+
+
+FULL_MODULE_WITH_TWO_UNPREFIXED_BOOL_PARAMETERS = (
+    "def pre_existing(verbose: bool) -> None:\n"
+    "    print(verbose)\n"
+    "\n\n"
+    "def edited(detailed: bool) -> None:\n"
+    "    print(detailed)\n"
+)
+PRE_EXISTING_BOOL_PARAMETER_LINE_NUMBER = 1
+EDITED_BOOL_PARAMETER_LINE_NUMBER = 5
+
+
+def test_should_flag_bool_parameter_on_changed_line() -> None:
+    issues = check_boolean_naming(
+        FULL_MODULE_WITH_TWO_UNPREFIXED_BOOL_PARAMETERS,
+        PRODUCTION_FILE_PATH,
+        {EDITED_BOOL_PARAMETER_LINE_NUMBER},
+        False,
+    )
+    _assert_flags_parameter(issues, "detailed", EDITED_BOOL_PARAMETER_LINE_NUMBER)
+    assert len(issues) == 1, (
+        "Only the bool parameter on the changed line must be flagged, got: "
+        f"{issues!r}"
+    )
+
+
+def test_should_not_flag_pre_existing_bool_parameter_on_unchanged_line() -> None:
+    issues = check_boolean_naming(
+        FULL_MODULE_WITH_TWO_UNPREFIXED_BOOL_PARAMETERS,
+        PRODUCTION_FILE_PATH,
+        {EDITED_BOOL_PARAMETER_LINE_NUMBER},
+        False,
+    )
+    assert not any("verbose" in each_issue for each_issue in issues), (
+        "A pre-existing unprefixed bool parameter on an unedited line must not block "
+        f"the edit, got: {issues!r}"
+    )

package/hooks/blocking/test_md_to_html_blocker_exemptions.py

@@ -0,0 +1,368 @@
+"""Tests for md_to_html_blocker directory and filename exemptions.
+
+Covers which directory trees (`.claude/`, `.claude-plugin/`, source subtrees
+under `packages/claude-dev-env/`, `agents/`, `skills/`, `commands/`) and which
+root-level filenames (`README.md`, `CHANGELOG.md`, `CLAUDE.md`, `AGENTS.md`,
+`SKILL.md`) are exempt from the `.md` block, and the segment-anchored matching
+that prevents nested look-alike paths from bypassing the block.
+"""
+
+import json
+import os
+import sys
+
+_BLOCKING_DIRECTORY = os.path.dirname(__file__)
+
+if _BLOCKING_DIRECTORY not in sys.path:
+    sys.path.insert(0, _BLOCKING_DIRECTORY)
+
+from _md_to_html_blocker_test_support import (  # noqa: E402
+    _run_hook,
+)
+
+
+def test_blocks_nested_packages_claude_dev_env_path():
+    """`packages/claude-dev-env/` exemption is anchored to top-level use only;
+    a nested directory like `notes/packages/claude-dev-env/docs/...` is NOT a
+    Claude Code source path and must still be blocked. Substring matching let
+    this bypass through; segment-anchored matching prevents it."""
+    result = _run_hook(
+        "Write",
+        {"file_path": "notes/packages/claude-dev-env/docs/guide.md", "content": "# Hello"},
+    )
+    assert result.returncode == 0
+    output = json.loads(result.stdout)
+    assert output["hookSpecificOutput"]["permissionDecision"] == "deny", (
+        f"Nested fake claude-dev-env path must still be blocked; got {output!r}"
+    )
+
+
+def test_passes_claude_dir():
+    result = _run_hook(
+        "Write",
+        {"file_path": ".claude/rules/foo.md", "content": "# Rule"},
+    )
+    assert result.returncode == 0
+    assert result.stdout == ""
+
+
+def test_passes_nested_claude_dir():
+    result = _run_hook(
+        "Write",
+        {"file_path": "notes/.claude/plans/plan.md", "content": "# Plan"},
+    )
+    assert result.returncode == 0
+    assert result.stdout == ""
+
+
+def test_passes_readme_at_root():
+    result = _run_hook(
+        "Write",
+        {"file_path": "README.md", "content": "# README"},
+    )
+    assert result.returncode == 0
+    assert result.stdout == ""
+
+
+def test_passes_changelog_at_root():
+    result = _run_hook(
+        "Write",
+        {"file_path": "CHANGELOG.md", "content": "# Changelog"},
+    )
+    assert result.returncode == 0
+    assert result.stdout == ""
+
+
+def test_blocks_readme_not_at_root():
+    result = _run_hook(
+        "Write",
+        {"file_path": "docs/README.md", "content": "# README"},
+    )
+    assert result.returncode == 0
+    output = json.loads(result.stdout)
+    assert output["hookSpecificOutput"]["permissionDecision"] == "deny"
+
+
+def test_blocks_changelog_not_at_root():
+    result = _run_hook(
+        "Write",
+        {"file_path": "sub/CHANGELOG.md", "content": "# Log"},
+    )
+    assert result.returncode == 0
+    output = json.loads(result.stdout)
+    assert output["hookSpecificOutput"]["permissionDecision"] == "deny"
+
+
+def test_passes_claude_md_at_root():
+    result = _run_hook(
+        "Write",
+        {"file_path": "CLAUDE.md", "content": "# CLAUDE"},
+    )
+    assert result.returncode == 0
+    assert result.stdout == ""
+
+
+def test_passes_agents_md_at_root():
+    result = _run_hook(
+        "Write",
+        {"file_path": "AGENTS.md", "content": "# AGENTS"},
+    )
+    assert result.returncode == 0
+    assert result.stdout == ""
+
+
+def test_blocks_claude_md_not_at_root():
+    result = _run_hook(
+        "Write",
+        {"file_path": "docs/CLAUDE.md", "content": "# CLAUDE"},
+    )
+    assert result.returncode == 0
+    output = json.loads(result.stdout)
+    assert output["hookSpecificOutput"]["permissionDecision"] == "deny"
+
+
+def test_blocks_agents_md_not_at_root():
+    result = _run_hook(
+        "Write",
+        {"file_path": "sub/AGENTS.md", "content": "# AGENTS"},
+    )
+    assert result.returncode == 0
+    output = json.loads(result.stdout)
+    assert output["hookSpecificOutput"]["permissionDecision"] == "deny"
+
+
+def test_passes_claude_md_file():
+    result = _run_hook(
+        "Write",
+        {"file_path": ".claude/CLAUDE.md", "content": "# CLAUDE.md"},
+    )
+    assert result.returncode == 0
+    assert result.stdout == ""
+
+
+def test_passes_windows_path_claude_exempt():
+    result = _run_hook(
+        "Write",
+        {"file_path": "project\\.claude\\rules\\foo.md", "content": "# Rule"},
+    )
+    assert result.returncode == 0
+    assert result.stdout == ""
+
+
+def test_passes_claude_dir_case_insensitive():
+    result = _run_hook(
+        "Write",
+        {"file_path": ".Claude/rules/foo.md", "content": "# Rule"},
+    )
+    assert result.returncode == 0
+    assert result.stdout == ""
+
+
+def test_passes_readme_lowercase_at_root():
+    result = _run_hook(
+        "Write",
+        {"file_path": "readme.md", "content": "# readme"},
+    )
+    assert result.returncode == 0
+    assert result.stdout == ""
+
+
+def test_blocks_claude_path_traversal_bypass():
+    result = _run_hook(
+        "Write",
+        {"file_path": ".claude/../docs/guide.md", "content": "# Bypass"},
+    )
+    assert result.returncode == 0
+    output = json.loads(result.stdout)
+    assert output["hookSpecificOutput"]["permissionDecision"] == "deny"
+
+
+def test_passes_dot_claude_plugin_directory():
+    result = _run_hook(
+        "Write",
+        {"file_path": ".claude-plugin/manifest.md", "content": "# Manifest"},
+    )
+    assert result.returncode == 0
+    assert result.stdout == ""
+
+
+def test_passes_nested_dot_claude_plugin_directory():
+    result = _run_hook(
+        "Write",
+        {
+            "file_path": "Y:/repo/.claude-plugin/skills/foo/SKILL.md",
+            "content": "# Skill",
+        },
+    )
+    assert result.returncode == 0
+    assert result.stdout == ""
+
+
+def test_passes_skill_md_at_any_depth():
+    result = _run_hook(
+        "Write",
+        {
+            "file_path": "packages/dev-env/skills/pr-converge/SKILL.md",
+            "content": "# Skill",
+        },
+    )
+    assert result.returncode == 0
+    assert result.stdout == ""
+
+
+def test_passes_skill_md_uppercase():
+    result = _run_hook(
+        "Write",
+        {"file_path": "any/path/SKILL.MD", "content": "# Skill"},
+    )
+    assert result.returncode == 0
+    assert result.stdout == ""
+
+
+def test_passes_agents_directory_anywhere():
+    result = _run_hook(
+        "Write",
+        {
+            "file_path": "packages/dev-env/agents/pr-description-writer.md",
+            "content": "# Agent",
+        },
+    )
+    assert result.returncode == 0
+    assert result.stdout == ""
+
+
+def test_passes_skills_reference_directory():
+    result = _run_hook(
+        "Write",
+        {
+            "file_path": "packages/dev-env/skills/pr-converge/reference/per-tick.md",
+            "content": "# Reference",
+        },
+    )
+    assert result.returncode == 0
+    assert result.stdout == ""
+
+
+def test_passes_commands_directory_anywhere():
+    result = _run_hook(
+        "Write",
+        {"file_path": "commands/pyguide-health.md", "content": "# Command"},
+    )
+    assert result.returncode == 0
+    assert result.stdout == ""
+
+
+def test_passes_claude_dev_env_docs_dir():
+    """A .md file under ``packages/claude-dev-env/docs/`` is exempt. The
+    segment-anywhere rule does not list ``docs``; this exemption fires only
+    via the anchored helper."""
+    result = _run_hook(
+        "Write",
+        {
+            "file_path": "packages/claude-dev-env/docs/PR_DESCRIPTION_GUIDE.md",
+            "content": "# Guide",
+        },
+    )
+    assert result.returncode == 0
+    assert result.stdout == ""
+
+
+def test_passes_claude_dev_env_rules_dir():
+    """A .md file under ``packages/claude-dev-env/rules/`` is exempt. The
+    segment-anywhere rule does not list ``rules``; the anchored helper is
+    the only path to this exemption."""
+    result = _run_hook(
+        "Write",
+        {
+            "file_path": "packages/claude-dev-env/rules/my-rule.md",
+            "content": "# Rule",
+        },
+    )
+    assert result.returncode == 0
+    assert result.stdout == ""
+
+
+def test_passes_claude_dev_env_system_prompts_dir():
+    """A .md file under ``packages/claude-dev-env/system-prompts/`` is
+    exempt via the anchored helper."""
+    result = _run_hook(
+        "Write",
+        {
+            "file_path": "packages/claude-dev-env/system-prompts/new-prompt.md",
+            "content": "# Prompt",
+        },
+    )
+    assert result.returncode == 0
+    assert result.stdout == ""
+
+
+def test_passes_claude_dev_env_windows_backslash_path():
+    """A Windows-style backslash relative path under
+    ``packages\\claude-dev-env\\<dir>\\`` is exempt."""
+    result = _run_hook(
+        "Write",
+        {
+            "file_path": "packages\\claude-dev-env\\docs\\windows-style.md",
+            "content": "# Guide",
+        },
+    )
+    assert result.returncode == 0
+    assert result.stdout == ""
+
+
+def test_passes_claude_dev_env_absolute_drive_letter_path():
+    """A Windows absolute drive-letter path containing the anchored
+    ``packages\\claude-dev-env\\<dir>\\`` indicator at any depth is exempt."""
+    result = _run_hook(
+        "Write",
+        {
+            "file_path": "Y:\\repo\\packages\\claude-dev-env\\docs\\drive-letter.md",
+            "content": "# Guide",
+        },
+    )
+    assert result.returncode == 0
+    assert result.stdout == ""
+
+
+def test_blocks_md_under_packages_but_not_in_anchored_source_subdir():
+    """A .md file inside the package but under a non-source subtree (e.g.
+    ``packages/claude-dev-env/hooks/blocking/``) is blocked. The anchored
+    helper accepts only the named source subdirectories (agents, docs,
+    skills, rules, system-prompts, commands)."""
+    result = _run_hook(
+        "Write",
+        {
+            "file_path": "packages/claude-dev-env/hooks/blocking/notes.md",
+            "content": "# Notes",
+        },
+    )
+    assert result.returncode == 0
+    output = json.loads(result.stdout)
+    assert output["hookSpecificOutput"]["permissionDecision"] == "deny"
+
+
+def test_blocks_nested_claude_dev_env_substring_does_not_bypass():
+    """A path that contains the anchored prefix as a non-leading substring
+    (e.g. ``notes/packages/claude-dev-env/docs/foo.md``) is blocked. The
+    anchored helper matches only at the start of the path (relative) or at
+    the root of an absolute path."""
+    result = _run_hook(
+        "Write",
+        {
+            "file_path": "notes/packages/claude-dev-env/docs/foo.md",
+            "content": "# Notes",
+        },
+    )
+    assert result.returncode == 0
+    output = json.loads(result.stdout)
+    assert output["hookSpecificOutput"]["permissionDecision"] == "deny"
+
+
+def test_blocks_ordinary_docs_md_file():
+    result = _run_hook(
+        "Write",
+        {"file_path": "docs/intro.md", "content": "# Intro"},
+    )
+    assert result.returncode == 0
+    output = json.loads(result.stdout)
+    assert output["hookSpecificOutput"]["permissionDecision"] == "deny"

package/hooks/blocking/test_md_to_html_blocker_extensions.py

@@ -0,0 +1,157 @@
+"""Tests for md_to_html_blocker extension matching and malformed-input handling.
+
+Covers the core decision: which file extensions and tool names trigger a deny,
+which pass through, and how the hook degrades on malformed or non-dict stdin.
+"""
+
+import json
+import os
+import subprocess
+import sys
+
+_BLOCKING_DIRECTORY = os.path.dirname(__file__)
+
+if _BLOCKING_DIRECTORY not in sys.path:
+    sys.path.insert(0, _BLOCKING_DIRECTORY)
+
+from _md_to_html_blocker_test_support import (  # noqa: E402
+    HOOK_SCRIPT_PATH,
+    _run_hook,
+)
+
+
+def test_blocks_write_md_file():
+    result = _run_hook(
+        "Write",
+        {"file_path": "docs/guide.md", "content": "# Hello"},
+    )
+    assert result.returncode == 0
+    output = json.loads(result.stdout)
+    assert output["hookSpecificOutput"]["permissionDecision"] == "deny"
+
+
+def test_blocks_edit_md_file():
+    result = _run_hook(
+        "Edit",
+        {"file_path": "docs/guide.md", "old_string": "a", "new_string": "b"},
+    )
+    assert result.returncode == 0
+    output = json.loads(result.stdout)
+    assert output["hookSpecificOutput"]["permissionDecision"] == "deny"
+
+
+def test_blocks_uppercase_md_extension():
+    result = _run_hook(
+        "Write",
+        {"file_path": "DOCS/GUIDE.MD", "content": "# Hello"},
+    )
+    assert result.returncode == 0
+    output = json.loads(result.stdout)
+    assert output["hookSpecificOutput"]["permissionDecision"] == "deny"
+
+
+def test_passes_html_file():
+    result = _run_hook(
+        "Write",
+        {"file_path": "docs/guide.html", "content": "<h1>Hello</h1>"},
+    )
+    assert result.returncode == 0
+    assert result.stdout == ""
+
+
+def test_passes_non_markdown_extension():
+    result = _run_hook(
+        "Write",
+        {"file_path": "src/main.py", "content": "x = 1"},
+    )
+    assert result.returncode == 0
+    assert result.stdout == ""
+
+
+def test_unknown_tool_passes():
+    result = _run_hook(
+        "Grep",
+        {"pattern": "foo", "path": "."},
+    )
+    assert result.returncode == 0
+    assert result.stdout == ""
+
+
+def test_empty_file_path_passes():
+    result = _run_hook(
+        "Write",
+        {"file_path": "", "content": "# Hello"},
+    )
+    assert result.returncode == 0
+    assert result.stdout == ""
+
+
+def test_non_dict_stdin_passes():
+    payload = json.dumps(["not", "a", "dict"])
+    result = subprocess.run(
+        [sys.executable, HOOK_SCRIPT_PATH],
+        input=payload,
+        capture_output=True,
+        text=True,
+        check=False,
+    )
+    assert result.returncode == 0
+    assert result.stdout == ""
+
+
+def test_non_string_tool_name_passes():
+    payload = json.dumps({"tool_name": 123, "tool_input": {"file_path": "docs/guide.md"}})
+    result = subprocess.run(
+        [sys.executable, HOOK_SCRIPT_PATH],
+        input=payload,
+        capture_output=True,
+        text=True,
+        check=False,
+    )
+    assert result.returncode == 0
+    assert result.stdout == ""
+
+
+def test_non_dict_tool_input_passes():
+    payload = json.dumps({"tool_name": "Write", "tool_input": "not_a_dict"})
+    result = subprocess.run(
+        [sys.executable, HOOK_SCRIPT_PATH],
+        input=payload,
+        capture_output=True,
+        text=True,
+        check=False,
+    )
+    assert result.returncode == 0
+    assert result.stdout == ""
+
+
+def test_json_decode_error_passes():
+    result = subprocess.run(
+        [sys.executable, HOOK_SCRIPT_PATH],
+        input="not json",
+        capture_output=True,
+        text=True,
+        check=False,
+    )
+    assert result.returncode == 0
+    assert result.stdout == ""
+
+
+def test_blocks_md_with_curly_braces_in_path():
+    result = _run_hook(
+        "Write",
+        {"file_path": "docs/{template}.md", "content": "# Template"},
+    )
+    assert result.returncode == 0
+    output = json.loads(result.stdout)
+    assert output["hookSpecificOutput"]["permissionDecision"] == "deny"
+
+
+def test_blocks_windows_path_with_backslash():
+    result = _run_hook(
+        "Write",
+        {"file_path": "docs\\guide.md", "content": "# Hello"},
+    )
+    assert result.returncode == 0
+    output = json.loads(result.stdout)
+    assert output["hookSpecificOutput"]["permissionDecision"] == "deny"