npm - claude-dev-env - Versions diffs - 1.59.0 → 1.61.0 - Mend

claude-dev-env 1.59.0 → 1.61.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (81) hide show

package/hooks/blocking/test_code_rules_enforcer_zero_payload_alias_hook_routing.py ADDED Viewed

@@ -0,0 +1,156 @@
+"""Entry-point tests proving the zero-payload-alias check guards hook-infrastructure files.
+A pass-through alias inside a hook module is the motivating case for the
+zero-payload-alias check, so the deny must fire on the same PreToolUse path a
+live Write into ``packages/claude-dev-env/hooks/blocking`` would take — not only
+through ``validate_content``, which hook files never reach at PreToolUse. These
+tests drive the real ``main()`` stdin entry point and the pre-check CLI with a
+hook-infrastructure target.
+Each test builds a temporary tree whose tail mirrors a production hook directory
+(``packages/claude-dev-env/hooks/blocking``) so ``is_hook_infrastructure`` matches
+the target path the same way it would for the real directory.
+"""
+from __future__ import annotations
+import contextlib
+import io
+import json
+import pathlib
+import shutil
+import subprocess
+import sys
+import tempfile
+from collections.abc import Iterator
+from types import SimpleNamespace
+import pytest
+_HOOK_DIRECTORY = pathlib.Path(__file__).resolve().parent
+_HOOKS_PARENT = _HOOK_DIRECTORY.parent
+if str(_HOOK_DIRECTORY) not in sys.path:
+    sys.path.insert(0, str(_HOOK_DIRECTORY))
+if str(_HOOKS_PARENT) not in sys.path:
+    sys.path.insert(0, str(_HOOKS_PARENT))
+from code_rules_enforcer import main  # noqa: E402
+code_rules_enforcer = SimpleNamespace(main=main, sys=sys)
+_ENFORCER_SCRIPT_PATH = _HOOK_DIRECTORY / "code_rules_enforcer.py"
+PASS_THROUGH_ALIAS_SOURCE = (
+    "def find_bare_path_segments(content: str) -> set[str]:\n"
+    "    return {part for part in content.split() if part}\n"
+    "\n"
+    "def find_bare_index_segments(content: str) -> set[str]:\n"
+    "    return find_bare_path_segments(content)\n"
+)
+_HOOK_INFRASTRUCTURE_TAIL = pathlib.Path("packages") / "claude-dev-env" / "hooks" / "blocking"
+@pytest.fixture
+def hook_blocking_dir() -> Iterator[pathlib.Path]:
+    base_directory = pathlib.Path(tempfile.mkdtemp())
+    blocking_directory = base_directory / _HOOK_INFRASTRUCTURE_TAIL
+    blocking_directory.mkdir(parents=True)
+    try:
+        yield blocking_directory
+    finally:
+        shutil.rmtree(base_directory, ignore_errors=False)
+def _run_main_with_write_payload(
+    file_path: str,
+    content: str,
+    monkeypatch: pytest.MonkeyPatch,
+    capsys: pytest.CaptureFixture[str],
+) -> str:
+    """Drive ``main()`` through its stdin entry point for a Write and return stdout.
+    Args:
+        file_path: The on-disk path the Write targets.
+        content: The whole-file body the Write would create.
+        monkeypatch: The fixture used to redirect ``sys.stdin``.
+        capsys: The fixture used to capture the deny payload on stdout.
+    Returns:
+        The captured stdout, which holds the deny payload when violations fire.
+    """
+    write_payload = json.dumps(
+        {
+            "tool_name": "Write",
+            "tool_input": {"file_path": file_path, "content": content},
+        }
+    )
+    monkeypatch.setattr(code_rules_enforcer.sys, "stdin", io.StringIO(write_payload))
+    with contextlib.suppress(SystemExit):
+        code_rules_enforcer.main([])
+    return capsys.readouterr().out
+def test_write_of_pass_through_alias_into_hook_directory_denies(
+    hook_blocking_dir: pathlib.Path,
+    monkeypatch: pytest.MonkeyPatch,
+    capsys: pytest.CaptureFixture[str],
+) -> None:
+    """A Write that introduces a pass-through alias into a hook file is denied.
+    The target lives under a hook-infrastructure path the full code-rules suite
+    exempts, so this proves the zero-payload-alias check still fires on the exact
+    directory its docstring names as the motivating case — at the PreToolUse Write
+    point, not only through ``validate_content``."""
+    new_file = hook_blocking_dir / "new_blocker.py"
+    stdout = _run_main_with_write_payload(
+        str(new_file), PASS_THROUGH_ALIAS_SOURCE, monkeypatch, capsys
+    )
+    assert stdout != "", (
+        "A pass-through alias written into a hook-infrastructure file must produce "
+        "a deny payload, got empty stdout"
+    )
+    deny_payload = json.loads(stdout)
+    decision = deny_payload["hookSpecificOutput"]["permissionDecision"]
+    reason = deny_payload["hookSpecificOutput"]["permissionDecisionReason"]
+    assert decision == "deny", f"expected deny, got: {decision!r}"
+    assert "find_bare_index_segments" in reason, (
+        f"the deny reason must name the pass-through alias, got: {reason!r}"
+    )
+def test_precheck_of_pass_through_alias_at_hook_target_exits_nonzero(
+    hook_blocking_dir: pathlib.Path,
+    tmp_path_factory: pytest.TempPathFactory,
+) -> None:
+    """The pre-check CLI flags a pass-through alias judged at a hook-infrastructure target.
+    Driving the real ``--check`` argv path proves the gate's pre-check mode also
+    routes a hook ``.py`` target through the zero-payload-alias check rather than
+    exiting clean on the blanket hook-infrastructure exemption."""
+    staging_directory = tmp_path_factory.mktemp("staging")
+    candidate_file = staging_directory / "candidate.py"
+    candidate_file.write_text(PASS_THROUGH_ALIAS_SOURCE, encoding="utf-8")
+    target_path = str(hook_blocking_dir / "new_blocker.py")
+    completed = subprocess.run(
+        [
+            sys.executable,
+            str(_ENFORCER_SCRIPT_PATH),
+            "--check",
+            str(candidate_file),
+            "--as",
+            target_path,
+        ],
+        input="",
+        capture_output=True,
+        text=True,
+        check=False,
+    )
+    assert completed.returncode == 1, (
+        "a pass-through alias at a hook target must exit nonzero, got: "
+        f"{completed.returncode}, stdout: {completed.stdout!r}, "
+        f"stderr: {completed.stderr!r}"
+    )
+    assert "find_bare_index_segments" in completed.stdout, (
+        f"the pre-check must name the pass-through alias, got: {completed.stdout!r}"
+    )

package/hooks/blocking/test_destructive_command_blocker.py CHANGED Viewed

@@ -247,6 +247,10 @@ def test_rm_rf_asks_when_any_target_is_non_ephemeral() -> None:
     assert response["hookSpecificOutput"]["permissionDecision"] == "ask"
+def test_rm_rf_asks_when_target_has_nested_temp_segment_not_at_root() -> None:
+    _assert_hook_asks("rm -rf /home/victim/temp/secret")
 def test_rm_rf_asks_when_double_dash_includes_hyphen_prefixed_non_ephemeral_target() -> None:
     payload = _make_bash_payload("rm -rf -- /tmp/scratch -non_ephemeral")
@@ -404,6 +408,26 @@ def test_rm_rf_asks_when_tool_input_cwd_is_ephemeral_but_rm_target_is_absolute_n
     assert response["hookSpecificOutput"]["permissionDecision"] == "ask"
+def test_rm_rf_asks_when_subshell_cd_changes_dir_before_relative_rm() -> None:
+    _assert_hook_asks('cd "/tmp/scratch" && (cd /; rm -rf etc)')
+def test_rm_rf_asks_when_second_top_level_cd_changes_dir_before_relative_rm() -> None:
+    _assert_hook_asks('cd "/tmp/scratch" && cd / && rm -rf etc')
+def test_rm_rf_asks_when_pushd_changes_dir_before_relative_rm() -> None:
+    _assert_hook_asks('cd "/tmp/scratch" && pushd / && rm -rf etc')
+def test_rm_rf_allowed_when_subshell_cd_present_but_rm_target_is_absolute_ephemeral() -> None:
+    _assert_hook_allows('cd "/tmp/scratch" && (cd /; rm -rf /tmp/scratch/keep)')
+def test_rm_rf_asks_when_cd_ephemeral_but_target_has_nested_tmp_segment_not_at_root() -> None:
+    _assert_hook_asks('cd "/tmp/scratch" && rm -rf /home/victim/tmp/secret')
 def test_git_push_force_asks_when_leading_cd_into_ephemeral_subdirectory() -> None:
     payload = _make_bash_payload('cd "/tmp/bugteam_scratch" && git push --force')
@@ -1038,6 +1062,14 @@ def test_compound_rm_allowed_when_two_absolute_ephemeral_targets_then_echo() ->
     _assert_hook_allows("rm -rf /tmp/pr136 /tmp/difftest && echo 'cleaned'")
+def test_compound_rm_allowed_when_subshell_paren_glued_rm_targets_absolute_ephemeral() -> None:
+    _assert_hook_allows("rm -rf /tmp/a && (rm -rf /tmp/b)")
+def test_compound_rm_asks_when_subshell_paren_glued_rm_targets_non_ephemeral() -> None:
+    _assert_hook_asks("rm -rf /tmp/a && (rm -rf /etc)")
 def test_compound_rm_allowed_when_followed_by_gh_pipeline_and_echo() -> None:
     _assert_hook_allows('rm -rf /tmp/reply && gh pr checks 19 2>&1 | head -5 && echo "x"')
@@ -1142,6 +1174,14 @@ def test_compound_rm_asks_when_second_rm_target_glues_redirect_to_non_ephemeral_
     _assert_hook_asks("rm -rf /tmp/a /tmp/b>/etc/hosts")
+def test_rm_rf_asks_when_cd_ephemeral_but_rm_segment_redirects_to_non_ephemeral_file() -> None:
+    _assert_hook_asks('cd "/tmp/scratch" && rm -rf /tmp/x>/etc/passwd')
+def test_rm_rf_asks_when_cd_ephemeral_but_relative_rm_target_redirects_to_non_ephemeral_file() -> None:
+    _assert_hook_asks('cd "/tmp/scratch" && rm -rf build>/etc/passwd')
 def test_compound_rm_asks_when_git_config_sets_value_after_ephemeral_rm() -> None:
     _assert_hook_asks("rm -rf /tmp/x && git config --global user.name evil")
@@ -1517,6 +1557,26 @@ def test_subshell_grouped_rm_asks_when_benign_command_precedes_grouped_rm() -> N
     _assert_hook_asks("echo hi; (rm -rf /etc)")
+def test_string_execution_asks_when_subshell_paren_glued_to_bash_dash_c() -> None:
+    _assert_hook_asks('cd "/tmp/scratch" && (bash -c \'rm -rf /etc\')')
+def test_string_execution_asks_when_subshell_paren_glued_to_timeout_wrapping_bash() -> None:
+    _assert_hook_asks('cd "/tmp/scratch" && (timeout 5 bash -c \'rm -rf /etc\')')
+def test_rm_rf_asks_when_cd_ephemeral_but_subshell_paren_glued_to_rm_targets_etc() -> None:
+    _assert_hook_asks('cd "/tmp/scratch" && (rm -rf /etc)')
+def test_rm_rf_asks_when_cd_ephemeral_but_brace_glued_to_rm_targets_etc() -> None:
+    _assert_hook_asks('cd "/tmp/scratch" && {rm -rf /etc;}')
+def test_rm_rf_allowed_when_cd_ephemeral_and_subshell_paren_wraps_relative_ephemeral_target() -> None:
+    _assert_hook_allows('cd "/tmp/scratch" && (rm -rf build)')
 # --- convergence branch exemption unit tests ---
 import importlib.util
@@ -1773,3 +1833,156 @@ def test_launcher_execution_allows_when_timeout_infinity_wraps_ephemeral_rm() ->
 def test_launcher_execution_allows_when_timeout_seconds_wraps_ephemeral_rm() -> None:
     _assert_hook_allows("timeout 5 rm -rf /tmp/scratch")
+def test_rm_rf_allowed_when_cd_worktree_then_temp_env_var_rm_then_mkdir_tar_compound() -> None:
+    _assert_hook_allows(
+        'cd "/Users/dev/proj/.git/worktrees/spindle" '
+        '&& rm -rf "$TEMP/pr621_check" '
+        '&& mkdir -p "$TEMP/pr621_check" '
+        "&& git archive HEAD packages | tar -x -C \"$TEMP/pr621_check\" "
+        '&& ls "$TEMP/pr621_check/packages" | head -40'
+    )
+def test_rm_rf_allowed_when_cd_worktree_then_find_exec_rm_then_pytest_compound() -> None:
+    _assert_hook_allows(
+        'cd "/Users/dev/proj/worktrees/os-update-system" '
+        '&& find shared_utils/samsung_utils -name "__pycache__" -type d '
+        "-exec rm -rf {} + 2>/dev/null"
+        '; PYTHONPATH="/Users/dev/proj/worktrees/os-update-system" '
+        'C:/Python313/python.exe -m pytest "tests/" -p no:cacheprovider -q 2>&1 | tail -15'
+    )
+def test_rm_rf_allowed_when_cd_ephemeral_and_sibling_mkdir_has_dash_p_flag() -> None:
+    _assert_hook_allows('cd "/tmp/scratch" && rm -rf build && mkdir -p out')
+def test_rm_rf_allowed_when_cd_ephemeral_and_rm_target_uses_temp_env_var() -> None:
+    _assert_hook_allows('cd "/tmp/scratch" && rm -rf "$TEMP/build"')
+def test_rm_rf_asks_when_cd_ephemeral_but_bash_dash_c_executes_rm_on_non_ephemeral() -> None:
+    _assert_hook_asks("cd \"/tmp/scratch\" && rm -rf build && bash -c 'rm -rf /etc'")
+def test_rm_rf_asks_when_cd_ephemeral_but_rm_target_uses_non_temp_env_var() -> None:
+    _assert_hook_asks('cd "/tmp/scratch" && rm -rf "$HOME/important"')
+def test_rm_rf_asks_when_cd_ephemeral_and_second_rm_segment_targets_non_ephemeral() -> None:
+    _assert_hook_asks('cd "/tmp/scratch" && rm -rf build && rm -rf /etc/passwd')
+def test_rm_rf_asks_when_cd_ephemeral_but_bin_rm_targets_non_ephemeral() -> None:
+    _assert_hook_asks('cd "/tmp/scratch" && /bin/rm -rf /etc')
+def test_rm_rf_asks_when_cd_ephemeral_but_target_is_command_substitution() -> None:
+    _assert_hook_asks('cd "/tmp/scratch" && rm -rf $(somecmd)')
+def test_rm_rf_asks_when_cd_ephemeral_but_target_is_brace_expansion_escaping_namespace() -> None:
+    _assert_hook_asks('cd "/tmp/scratch" && rm -rf {build,/etc}')
+def test_rm_rf_asks_when_cd_ephemeral_but_temp_var_splices_after_absolute_literal_prefix() -> None:
+    _assert_hook_asks('cd "/tmp/scratch" && rm -rf /data$TMP/x')
+def test_rm_rf_asks_when_cd_ephemeral_but_find_exec_rm_search_root_escapes_namespace() -> None:
+    _assert_hook_asks('cd "/tmp/scratch" && find /etc -name x -exec rm -rf {} +')
+def test_rm_rf_asks_when_cd_ephemeral_but_subshell_find_exec_rm_search_root_escapes() -> None:
+    _assert_hook_asks('cd "/tmp/scratch" && (find /etc -exec rm -rf {} +)')
+def test_rm_rf_asks_when_find_exec_rm_safe_but_sibling_standalone_rm_targets_non_ephemeral() -> None:
+    _assert_hook_asks(
+        'cd "/tmp/scratch" && find . -name x -exec rm -rf {} + ; rm -rf /etc/passwd'
+    )
+def test_rm_rf_asks_when_cd_ephemeral_but_find_exec_rm_redirects_to_non_ephemeral_file() -> None:
+    _assert_hook_asks('cd "/tmp/scratch" && find /tmp/scratch -exec rm -rf {} + >/etc/passwd')
+def test_rm_rf_allowed_when_cd_ephemeral_and_relative_build_target() -> None:
+    _assert_hook_allows('cd "/tmp/scratch" && rm -rf build')
+def test_rm_rf_allowed_when_cd_ephemeral_and_find_exec_rm_search_root_is_dot() -> None:
+    _assert_hook_allows('cd "/tmp/scratch" && find . -name x -exec rm -rf {} +')
+def test_rm_rf_asks_when_cd_ephemeral_but_find_exec_bash_dash_c_deletes_non_ephemeral() -> None:
+    _assert_hook_asks("cd \"/tmp/scratch\" && find . -exec bash -c 'rm -rf /etc' \\;")
+def test_rm_rf_asks_when_cd_ephemeral_but_find_exec_sh_dash_c_deletes_non_ephemeral() -> None:
+    _assert_hook_asks("cd \"/tmp/scratch\" && find . -exec sh -c 'rm -rf /etc' \\;")
+def test_rm_rf_asks_when_cd_ephemeral_but_find_execdir_bash_dash_c_deletes_non_ephemeral() -> None:
+    _assert_hook_asks("cd \"/tmp/scratch\" && find . -execdir bash -c 'rm -rf /etc' \\;")
+def test_rm_rf_asks_when_cd_ephemeral_but_find_exec_python_dash_c_deletes_non_ephemeral() -> None:
+    _assert_hook_asks(
+        "cd \"/tmp/scratch\" && find . -exec python -c 'import os; os.system(\"rm -rf /etc\")' \\;"
+    )
+# H1: find global option before the search root must not defeat the escape check
+def test_rm_rf_asks_when_find_dash_l_global_option_precedes_non_ephemeral_search_root() -> None:
+    _assert_hook_asks('cd "/tmp/scratch" && find -L /etc -name x -exec rm -rf {} +')
+def test_rm_rf_asks_when_find_dash_p_global_option_precedes_non_ephemeral_execdir_root() -> None:
+    _assert_hook_asks('cd "/tmp/scratch" && find -P /etc -execdir rm -rf {} +')
+def test_rm_rf_asks_when_find_optimization_level_option_precedes_non_ephemeral_search_root() -> None:
+    _assert_hook_asks('cd "/tmp/scratch" && find -O3 /etc -exec rm -rf {} +')
+def test_rm_rf_asks_when_standalone_find_optimization_option_precedes_non_ephemeral_search_root() -> None:
+    _assert_hook_asks('cd "/tmp/scratch" && find -O /etc -exec rm -rf {} +')
+def test_rm_rf_asks_when_find_debug_option_value_precedes_non_ephemeral_search_root() -> None:
+    _assert_hook_asks('cd "/tmp/scratch" && find -D tree /etc -exec rm -rf {} +')
+def test_rm_rf_allowed_when_find_global_option_precedes_ephemeral_dot_search_root() -> None:
+    _assert_hook_allows('cd "/tmp/scratch" && find -L . -name x -exec rm -rf {} +')
+# H2: multi -exec with a \\; terminator must not sever the destructive action from detection
+def test_rm_rf_asks_when_multi_exec_second_action_runs_bash_dash_c_deleting_non_ephemeral() -> None:
+    _assert_hook_asks(
+        "cd \"/tmp/scratch\" && find . -exec touch {} \\; -exec bash -c 'rm -rf /etc' \\;"
+    )
+def test_rm_rf_asks_when_multi_exec_second_action_runs_sh_dash_c_deleting_non_ephemeral() -> None:
+    _assert_hook_asks(
+        "cd \"/tmp/scratch\" && find . -exec echo {} \\; -exec sh -c 'rm -rf /etc' \\;"
+    )
+def test_rm_rf_allowed_when_multi_exec_both_actions_target_only_ephemeral_paths() -> None:
+    _assert_hook_allows("cd \"/tmp/scratch\" && find . -exec echo {} \\; -exec rm -rf {} \\;")
+# H3: parallel forwarding an interpreter that deletes a non-ephemeral path must ask
+def test_rm_rf_asks_when_parallel_forwards_bash_dash_c_deleting_non_ephemeral() -> None:
+    _assert_hook_asks("cd \"/tmp/scratch\" && parallel bash -c 'rm -rf /etc' ::: x")