claude-dev-env 1.58.0 → 1.60.0

package/hooks/blocking/test_verified_commit_message_accuracy_blocker.py

@@ -0,0 +1,131 @@
+"""Unit tests for the verified-commit-message-accuracy PreToolUse hook."""
+
+import importlib.util
+import pathlib
+import sys
+
+_HOOK_DIR = pathlib.Path(__file__).parent
+if str(_HOOK_DIR) not in sys.path:
+    sys.path.insert(0, str(_HOOK_DIR))
+
+hook_spec = importlib.util.spec_from_file_location(
+    "verified_commit_message_accuracy_blocker",
+    _HOOK_DIR / "verified_commit_message_accuracy_blocker.py",
+)
+assert hook_spec is not None
+assert hook_spec.loader is not None
+hook_module = importlib.util.module_from_spec(hook_spec)
+hook_spec.loader.exec_module(hook_module)
+is_guarded_file = hook_module.is_guarded_file
+claims_blanket_comment_exemption = hook_module.claims_blanket_comment_exemption
+extract_written_text = hook_module.extract_written_text
+build_corrective_message = hook_module.build_corrective_message
+
+OFFENDING_MESSAGE = (
+    "CORRECTIVE_MESSAGE = (\n"
+    '    "BLOCKED: [VERIFIED_COMMIT_GATE] This branch surface has no passing "\n'
+    '    "verification verdict. Spawn the code-verifier agent (Agent tool, "\n'
+    "    \"subagent_type 'code-verifier') with the task texts, the diff scope, \"\n"
+    '    "and recorded baselines; when it finishes with a clean verdict the "\n'
+    '    "SubagentStop hook mints the verdict and this command will pass. Any "\n'
+    '    "file change after verification invalidates the verdict, so verify "\n'
+    '    "last. Docs-, docstring-, comment-, and test-only surfaces are exempt "\n'
+    '    "automatically."\n'
+    ")\n"
+)
+ACCURATE_DOCS_EXEMPTION_MENTIONING_COMMENTS = (
+    "Comments inside Python files are stripped; docs are exempt "
+    "automatically by extension."
+)
+ACCURATE_MESSAGE = (
+    "CORRECTIVE_MESSAGE = (\n"
+    '    "BLOCKED: [VERIFIED_COMMIT_GATE] ... Docs and images are exempt by "\n'
+    '    "extension, and Python files whose docstring- and comment-stripped AST "\n'
+    '    "is unchanged."\n'
+    ")\n"
+)
+
+
+def test_constants_file_is_guarded() -> None:
+    assert is_guarded_file(
+        "/repo/.claude/hooks/blocking/config/verified_commit_constants.py"
+    )
+
+
+def test_unrelated_file_is_not_guarded() -> None:
+    assert not is_guarded_file("/repo/.claude/hooks/blocking/gh_body_arg_blocker.py")
+
+
+def test_blanket_comment_exemption_claim_is_detected() -> None:
+    assert claims_blanket_comment_exemption(OFFENDING_MESSAGE)
+
+
+def test_blanket_claim_detected_regardless_of_leading_words() -> None:
+    assert claims_blanket_comment_exemption(
+        "Comment-only surfaces are exempt automatically."
+    )
+
+
+def test_accurate_exemption_wording_passes() -> None:
+    assert not claims_blanket_comment_exemption(ACCURATE_MESSAGE)
+
+
+def test_accurate_docs_exemption_mentioning_comments_passes() -> None:
+    assert not claims_blanket_comment_exemption(
+        ACCURATE_DOCS_EXEMPTION_MENTIONING_COMMENTS
+    )
+
+
+def test_comma_joined_docs_exemption_mentioning_comments_passes() -> None:
+    assert not claims_blanket_comment_exemption(
+        "Comments are handled, and docs are exempt automatically."
+    )
+
+
+def test_python_ast_clause_mentioning_comments_passes() -> None:
+    assert not claims_blanket_comment_exemption(
+        "Python comment-stripped AST changes and docs are exempt automatically "
+        "by extension"
+    )
+
+
+def test_single_clause_python_ast_exemption_passes() -> None:
+    assert not claims_blanket_comment_exemption(
+        "Python files whose comment-stripped AST is unchanged are exempt "
+        "automatically."
+    )
+
+
+def test_commentary_word_stem_passes() -> None:
+    assert not claims_blanket_comment_exemption(
+        "Our commentary on the approach is exempt automatically from blame."
+    )
+
+
+def test_corrective_message_names_only_the_two_real_exemptions() -> None:
+    corrective_message = build_corrective_message()
+    assert "exempt by extension" in corrective_message
+    assert "docstring- and comment-stripped AST" in corrective_message
+    assert "test file" not in corrective_message
+    assert "by name convention" not in corrective_message
+
+
+def test_message_without_exemption_claim_passes() -> None:
+    assert not claims_blanket_comment_exemption(
+        'CORRECTIVE_MESSAGE = "Spawn the code-verifier agent to earn a verdict."'
+    )
+
+
+def test_write_content_is_extracted() -> None:
+    written_text = extract_written_text({"content": OFFENDING_MESSAGE})
+    assert claims_blanket_comment_exemption(written_text)
+
+
+def test_edit_new_string_is_extracted() -> None:
+    written_text = extract_written_text({"new_string": OFFENDING_MESSAGE})
+    assert claims_blanket_comment_exemption(written_text)
+
+
+def test_edit_new_string_with_accurate_wording_is_clean() -> None:
+    written_text = extract_written_text({"new_string": ACCURATE_MESSAGE})
+    assert not claims_blanket_comment_exemption(written_text)

package/hooks/blocking/test_verifier_verdict_minter.py

@@ -0,0 +1,214 @@
+"""Tests for the agent-type gate in verifier_verdict_minter.
+
+The minter mints a verdict only for a code-verifier stop event. The live
+SubagentStop payload names the stopping subagent by ``agent_id`` and carries
+no flat agent-type key, so the minter recovers the spawning agent type from
+the parent transcript: it walks the parent transcript for the completion
+record whose ``agentId`` matches the payload and reads that record's sibling
+``agentType``. These tests build a faithful parent transcript and assert the
+minter gates on the resolved type and on the shared MINTING_AGENT_TYPE
+constant, so a rename in config propagates to the minter without a second
+edit. One test proves that only a structured ``agentType`` key resolves: a
+text block that merely quotes the identity keys mints nothing. A further test
+holds the shipped settings.json to the minter docstring's anti-forgery claim:
+the main session is denied writes to the verdict directory, so only this hook
+can mint a passing verdict.
+"""
+
+import importlib.util
+import json
+import pathlib
+import subprocess
+import sys
+
+import pytest
+
+_HOOK_DIR = pathlib.Path(__file__).parent
+if str(_HOOK_DIR) not in sys.path:
+    sys.path.insert(0, str(_HOOK_DIR))
+
+_SETTINGS_PATH = _HOOK_DIR.parent.parent / "settings.json"
+
+minter_spec = importlib.util.spec_from_file_location(
+    "verifier_verdict_minter",
+    _HOOK_DIR / "verifier_verdict_minter.py",
+)
+assert minter_spec is not None
+assert minter_spec.loader is not None
+minter_module = importlib.util.module_from_spec(minter_spec)
+minter_spec.loader.exec_module(minter_module)
+mint_for_payload = minter_module.mint_for_payload
+resolved_subagent_type = minter_module.resolved_subagent_type
+
+constants_spec = importlib.util.spec_from_file_location(
+    "verified_commit_constants",
+    _HOOK_DIR / "config" / "verified_commit_constants.py",
+)
+assert constants_spec is not None
+assert constants_spec.loader is not None
+constants_module = importlib.util.module_from_spec(constants_spec)
+constants_spec.loader.exec_module(constants_module)
+MINTING_AGENT_TYPE = constants_module.MINTING_AGENT_TYPE
+
+
+def _write_parent_transcript(transcript_file: pathlib.Path, agent_id: str, agent_type: str) -> None:
+    spawn_record = {
+        "type": "assistant",
+        "message": {
+            "content": [
+                {
+                    "type": "tool_use",
+                    "name": "Task",
+                    "input": {"subagent_type": agent_type, "description": "Verify"},
+                    "agentId": agent_id,
+                    "agentType": agent_type,
+                    "content": [{"type": "text", "text": "verification complete"}],
+                }
+            ]
+        },
+    }
+    transcript_file.write_text(json.dumps(spawn_record) + "\n", encoding="utf-8")
+
+
+def test_resolves_subagent_type_from_parent_transcript(tmp_path: pathlib.Path) -> None:
+    transcript_file = tmp_path / "parent.jsonl"
+    _write_parent_transcript(transcript_file, "agent-7", MINTING_AGENT_TYPE)
+    payload = {"agent_id": "agent-7", "transcript_path": str(transcript_file)}
+    assert resolved_subagent_type(payload) == MINTING_AGENT_TYPE
+
+
+def test_resolves_none_when_agent_id_absent_from_transcript(
+    tmp_path: pathlib.Path,
+) -> None:
+    transcript_file = tmp_path / "parent.jsonl"
+    _write_parent_transcript(transcript_file, "agent-7", MINTING_AGENT_TYPE)
+    payload = {"agent_id": "different-agent", "transcript_path": str(transcript_file)}
+    assert resolved_subagent_type(payload) is None
+
+
+def test_resolves_type_when_record_arrives_after_first_read(
+    tmp_path: pathlib.Path, monkeypatch: pytest.MonkeyPatch
+) -> None:
+    transcript_file = tmp_path / "parent.jsonl"
+    transcript_file.write_text("", encoding="utf-8")
+
+    def write_record_on_first_sleep(_seconds: float) -> None:
+        if transcript_file.read_text(encoding="utf-8"):
+            return
+        _write_parent_transcript(transcript_file, "agent-7", MINTING_AGENT_TYPE)
+
+    monkeypatch.setattr(minter_module.time, "sleep", write_record_on_first_sleep)
+    payload = {"agent_id": "agent-7", "transcript_path": str(transcript_file)}
+    assert resolved_subagent_type(payload) == MINTING_AGENT_TYPE
+
+
+def test_quoted_agent_type_in_text_block_does_not_resolve(
+    tmp_path: pathlib.Path,
+) -> None:
+    transcript_file = tmp_path / "parent.jsonl"
+    forged_entry = {
+        "type": "assistant",
+        "message": {
+            "content": [
+                {
+                    "type": "text",
+                    "text": json.dumps({"agentId": "agent-7", "agentType": MINTING_AGENT_TYPE}),
+                }
+            ]
+        },
+    }
+    transcript_file.write_text(json.dumps(forged_entry) + "\n", encoding="utf-8")
+    payload = {"agent_id": "agent-7", "transcript_path": str(transcript_file)}
+    assert resolved_subagent_type(payload) is None
+
+
+def test_non_verifier_agent_type_mints_nothing(tmp_path: pathlib.Path) -> None:
+    transcript_file = tmp_path / "parent.jsonl"
+    _write_parent_transcript(transcript_file, "agent-7", "general-purpose")
+    payload = {
+        "agent_id": "agent-7",
+        "transcript_path": str(transcript_file),
+        "agent_transcript_path": "",
+        "cwd": ".",
+    }
+    assert mint_for_payload(payload) is None
+
+
+def test_minting_agent_type_passes_the_agent_type_gate(
+    tmp_path: pathlib.Path,
+) -> None:
+    transcript_file = tmp_path / "parent.jsonl"
+    _write_parent_transcript(transcript_file, "agent-7", MINTING_AGENT_TYPE)
+    payload = {
+        "agent_id": "agent-7",
+        "transcript_path": str(transcript_file),
+        "agent_transcript_path": "",
+        "cwd": ".",
+    }
+    assert mint_for_payload(payload) is None
+
+
+def _init_repo_with_upstream_and_edit(repo_root: pathlib.Path) -> None:
+    subprocess.run(["git", "-C", str(repo_root), "init", "-q"], check=True)
+    subprocess.run(
+        ["git", "-C", str(repo_root), "config", "user.email", "verifier@test"], check=True
+    )
+    subprocess.run(["git", "-C", str(repo_root), "config", "user.name", "verifier"], check=True)
+    (repo_root / "module.py").write_text("answer = 1\n", encoding="utf-8")
+    subprocess.run(["git", "-C", str(repo_root), "add", "-A"], check=True)
+    subprocess.run(["git", "-C", str(repo_root), "commit", "-qm", "init"], check=True)
+    subprocess.run(["git", "-C", str(repo_root), "branch", "-f", "origin/main", "HEAD"], check=True)
+    (repo_root / "module.py").write_text("answer = 2\n", encoding="utf-8")
+
+
+def test_clean_verifier_verdict_mints_a_verdict_file(tmp_path: pathlib.Path) -> None:
+    repo_root = tmp_path / "repo"
+    repo_root.mkdir()
+    _init_repo_with_upstream_and_edit(repo_root)
+    transcript_file = tmp_path / "parent.jsonl"
+    _write_parent_transcript(transcript_file, "agent-7", MINTING_AGENT_TYPE)
+    agent_transcript = tmp_path / "agent.jsonl"
+    agent_transcript.write_text(
+        json.dumps(
+            {
+                "type": "assistant",
+                "message": {
+                    "content": [
+                        {
+                            "type": "text",
+                            "text": 'ok\n```verdict\n{"all_pass": true, "findings": []}\n```\n',
+                        }
+                    ]
+                },
+            }
+        )
+        + "\n",
+        encoding="utf-8",
+    )
+    payload = {
+        "agent_id": "agent-7",
+        "transcript_path": str(transcript_file),
+        "agent_transcript_path": str(agent_transcript),
+        "cwd": str(repo_root),
+    }
+    verdict_path = mint_for_payload(payload)
+    try:
+        assert verdict_path is not None
+        verdict_record = json.loads(verdict_path.read_text(encoding="utf-8"))
+        assert verdict_record["all_pass"] is True
+    finally:
+        if verdict_path is not None and verdict_path.exists():
+            verdict_path.unlink()
+
+
+def _deny_rules() -> list[str]:
+    settings_record = json.loads(_SETTINGS_PATH.read_text(encoding="utf-8"))
+    return settings_record["permissions"]["deny"]
+
+
+def test_settings_deny_verdict_directory_write() -> None:
+    assert "Write($HOME/.claude/verification/**)" in _deny_rules()
+
+
+def test_settings_deny_verdict_directory_edit() -> None:
+    assert "Edit($HOME/.claude/verification/**)" in _deny_rules()

package/hooks/blocking/test_workflow_substitution_slot_blocker.py

@@ -0,0 +1,242 @@
+"""Unit tests for workflow_substitution_slot_blocker PreToolUse hook."""
+
+import importlib.util
+import io
+import json
+import pathlib
+import sys
+from unittest import mock
+
+_HOOK_DIR = pathlib.Path(__file__).parent
+_HOOKS_ROOT = _HOOK_DIR.parent
+for _each_root in (str(_HOOK_DIR), str(_HOOKS_ROOT)):
+    if _each_root not in sys.path:
+        sys.path.insert(0, _each_root)
+
+hook_spec = importlib.util.spec_from_file_location(
+    "workflow_substitution_slot_blocker",
+    _HOOK_DIR / "workflow_substitution_slot_blocker.py",
+)
+assert hook_spec is not None
+assert hook_spec.loader is not None
+hook_module = importlib.util.module_from_spec(hook_spec)
+hook_spec.loader.exec_module(hook_module)
+
+content_has_violation = hook_module.content_has_violation
+find_bare_index_segments = hook_module.find_bare_index_segments
+find_bare_path_segments = hook_module.find_bare_path_segments
+has_iteration_loop = hook_module.has_iteration_loop
+written_content = hook_module.written_content
+
+
+_VIOLATING_TEMPLATE = (
+    "For EACH candidate i, build a bible dir cand_i per the contract.\n"
+    "   & ${PY} -c \"...Path(r'${args.work_dir}\\\\cand_i\\\\plate.svg')...\"\n"
+    "   & ${PY} compose.py --out ${args.work_dir}\\\\cand_i\\\\sample.png "
+    "--glow <candidate glow_hex>\n"
+    'Return: {key: "cand_i", name, sample_png}\n'
+)
+
+_FIXED_TEMPLATE = (
+    "For EACH candidate i, build a bible dir cand_<i> per the contract.\n"
+    "   & ${PY} -c \"...Path(r'${args.work_dir}\\\\cand_<i>\\\\plate.svg')...\"\n"
+    "   & ${PY} compose.py --out ${args.work_dir}\\\\cand_<i>\\\\sample.png "
+    "--glow <candidate glow_hex>\n"
+    'Return: {key: "cand_<i>", name, sample_png}\n'
+)
+
+
+def test_detects_bare_index_in_path_segment() -> None:
+    assert find_bare_index_segments(
+        "render Path(r'${args.work_dir}\\\\cand_i\\\\plate.svg')"
+    ) == {"cand_i"}
+
+
+def test_detects_quoted_key_when_token_also_appears_as_path_segment() -> None:
+    looped_path_and_key = "write ${work}\\\\cand_i\\\\plate.svg\n{key: \"cand_i\", name}"
+    assert "cand_i" in find_bare_index_segments(looped_path_and_key)
+
+
+def test_quoted_key_alone_without_path_segment_is_not_detected() -> None:
+    assert find_bare_index_segments('{key: "metric_i", name}') == set()
+
+
+def test_index_segments_equal_path_segments_for_looped_path_and_key() -> None:
+    looped_path_and_key = "write ${work}\\\\cand_i\\\\plate.svg\n{key: \"cand_i\", name}"
+    assert find_bare_index_segments(looped_path_and_key) == find_bare_path_segments(
+        looped_path_and_key
+    )
+
+
+def test_index_segments_equal_path_segments_for_quoted_only_key() -> None:
+    quoted_only_key = '{key: "metric_i", name}'
+    assert find_bare_index_segments(quoted_only_key) == find_bare_path_segments(
+        quoted_only_key
+    )
+
+
+def test_marked_substitution_slot_is_not_a_bare_segment() -> None:
+    assert (
+        find_bare_index_segments(
+            "render Path(r'${args.work_dir}\\\\cand_<i>\\\\plate.svg')"
+        )
+        == set()
+    )
+
+
+def test_violating_template_is_flagged() -> None:
+    assert content_has_violation(_VIOLATING_TEMPLATE) is True
+
+
+def test_fixed_template_passes() -> None:
+    assert content_has_violation(_FIXED_TEMPLATE) is False
+
+
+def test_template_without_angle_convention_is_not_flagged() -> None:
+    no_convention = (
+        "For EACH candidate i, write to ${work}\\\\cand_i\\\\plate.svg and return.\n"
+    )
+    assert content_has_violation(no_convention) is False
+
+
+def test_template_without_loop_is_not_flagged() -> None:
+    no_loop = "Write the plate to ${work}\\\\cand_i\\\\plate.svg using <glow_hex>.\n"
+    assert content_has_violation(no_loop) is False
+
+
+def test_each_inside_an_ordinary_word_is_not_a_loop() -> None:
+    for each_word in ("reach", "teach", "breach", "bleach", "preach", "impeach"):
+        assert has_iteration_loop(each_word + " the end") is False
+
+
+def test_standalone_lowercase_each_in_prose_is_not_a_loop() -> None:
+    assert has_iteration_loop("use each color once") is False
+
+
+def test_standalone_each_keyword_is_a_loop() -> None:
+    assert has_iteration_loop("For EACH candidate i") is True
+
+
+def test_lowercase_for_each_phrase_is_still_a_loop() -> None:
+    assert has_iteration_loop("for each candidate") is True
+
+
+def test_benign_prose_each_with_fixed_literal_is_not_flagged() -> None:
+    benign_template = (
+        "Render each layer to <layer.svg>.\n"
+        "The protocol field is named 'tier_i' as a permanent identifier.\n"
+    )
+    assert content_has_violation(benign_template) is False
+
+
+def test_quoted_permanent_identifier_key_is_not_flagged() -> None:
+    permanent_identifier_template = (
+        'For EACH candidate, render <plate.svg>.\nReturn {key: "metric_i", value}'
+    )
+    assert content_has_violation(permanent_identifier_template) is False
+
+
+def test_quoted_key_flagged_only_when_token_also_appears_as_path_segment() -> None:
+    looping_path_and_key = (
+        "For EACH candidate, write <plate.svg> to ${work}\\\\cand_i\\\\plate.svg.\n"
+        'Return {key: "cand_i", name}\n'
+    )
+    assert content_has_violation(looping_path_and_key) is True
+
+
+def test_written_content_reads_multiedit_new_strings() -> None:
+    multi_edit_input = {
+        "edits": [
+            {"old_string": "x", "new_string": "first ${work}\\\\cand_i\\\\plate.svg"},
+            {"old_string": "y", "new_string": "second <glow_hex>"},
+        ]
+    }
+    combined = written_content("MultiEdit", multi_edit_input)
+    assert "cand_i" in combined
+    assert "<glow_hex>" in combined
+
+
+def _run_main_with_io(input_text: str) -> str:
+    with mock.patch("sys.stdin", io.StringIO(input_text)):
+        with mock.patch("sys.stdout", new_callable=io.StringIO) as mock_stdout:
+            try:
+                hook_module.main()
+            except SystemExit:
+                pass
+            return mock_stdout.getvalue()
+
+
+def test_main_blocks_violating_workflow_write() -> None:
+    hook_input = {
+        "tool_name": "Write",
+        "tool_input": {
+            "file_path": "/repo/scripts/shared_palette_gate.workflow.js",
+            "content": _VIOLATING_TEMPLATE,
+        },
+    }
+    output_text = _run_main_with_io(json.dumps(hook_input))
+    payload = json.loads(output_text)
+    assert payload["hookSpecificOutput"]["permissionDecision"] == "deny"
+
+
+def test_main_blocks_violating_workflow_edit() -> None:
+    hook_input = {
+        "tool_name": "Edit",
+        "tool_input": {
+            "file_path": "/repo/scripts/shared_palette_gate.workflow.js",
+            "new_string": _VIOLATING_TEMPLATE,
+        },
+    }
+    output_text = _run_main_with_io(json.dumps(hook_input))
+    payload = json.loads(output_text)
+    assert payload["hookSpecificOutput"]["permissionDecision"] == "deny"
+
+
+def test_main_blocks_violating_workflow_multiedit() -> None:
+    hook_input = {
+        "tool_name": "MultiEdit",
+        "tool_input": {
+            "file_path": "/repo/scripts/shared_palette_gate.workflow.js",
+            "edits": [{"old_string": "placeholder", "new_string": _VIOLATING_TEMPLATE}],
+        },
+    }
+    output_text = _run_main_with_io(json.dumps(hook_input))
+    payload = json.loads(output_text)
+    assert payload["hookSpecificOutput"]["permissionDecision"] == "deny"
+
+
+def test_main_passes_fixed_workflow_write() -> None:
+    hook_input = {
+        "tool_name": "Write",
+        "tool_input": {
+            "file_path": "/repo/scripts/shared_palette_gate.workflow.js",
+            "content": _FIXED_TEMPLATE,
+        },
+    }
+    assert _run_main_with_io(json.dumps(hook_input)) == ""
+
+
+def test_main_passes_non_workflow_path() -> None:
+    hook_input = {
+        "tool_name": "Write",
+        "tool_input": {
+            "file_path": "/repo/scripts/helper.js",
+            "content": _VIOLATING_TEMPLATE,
+        },
+    }
+    assert _run_main_with_io(json.dumps(hook_input)) == ""
+
+
+def test_main_passes_wrong_tool_name() -> None:
+    hook_input = {
+        "tool_name": "Bash",
+        "tool_input": {
+            "file_path": "/repo/scripts/x.workflow.js",
+            "command": "echo cand_i",
+        },
+    }
+    assert _run_main_with_io(json.dumps(hook_input)) == ""
+
+
+def test_main_passes_malformed_json() -> None:
+    assert _run_main_with_io("not valid json {{{") == ""