npm - claude-dev-env - Versions diffs - 1.60.0 → 1.62.0 - Mend

claude-dev-env 1.60.0 → 1.62.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (41) hide show

package/hooks/blocking/test_code_rules_enforcer_dispatch_wiring.py ADDED Viewed

@@ -0,0 +1,82 @@
+"""Meta-test asserting every check_* function is dispatched from validate_content.
+The per-check test modules each prove one ``check_*`` function flags the right
+violation, but none proves the enforcer actually calls that function. A refactor
+that drops a dispatch line from ``validate_content`` leaves every per-check test
+green while the check stops firing at Write/Edit time — the precise failure mode
+that would let a dead module-level constant (the ``MEDIUM_TEXT`` class) or an
+orphan CSS class slip past the gate again.
+This module reads ``validate_content``'s source and asserts every ``check_*``
+attribute on the enforcer module appears in it. A check that is intentionally
+not wired must be listed in ``KNOWN_UNDISPATCHED_CHECKS`` with a reason in this
+docstring; no such checks exist today. The companion ``test_code_rules_enforcer_
+cap_meta.py`` guards the payload-cap convention; this module guards the wiring.
+"""
+from __future__ import annotations
+import importlib.util
+import inspect
+import pathlib
+import sys
+_HOOK_DIRECTORY = pathlib.Path(__file__).parent
+if str(_HOOK_DIRECTORY) not in sys.path:
+    sys.path.insert(0, str(_HOOK_DIRECTORY))
+_hook_specification = importlib.util.spec_from_file_location(
+    "code_rules_enforcer",
+    _HOOK_DIRECTORY / "code_rules_enforcer.py",
+)
+assert _hook_specification is not None
+assert _hook_specification.loader is not None
+_hook_module = importlib.util.module_from_spec(_hook_specification)
+_hook_specification.loader.exec_module(_hook_module)
+KNOWN_UNDISPATCHED_CHECKS: frozenset[str] = frozenset()
+def _all_check_function_names() -> list[str]:
+    return [
+        each_attribute_name
+        for each_attribute_name in dir(_hook_module)
+        if each_attribute_name.startswith("check_")
+        and callable(getattr(_hook_module, each_attribute_name))
+    ]
+def _validate_content_source() -> str:
+    return inspect.getsource(_hook_module.validate_content)
+def test_every_check_function_is_called_in_validate_content() -> None:
+    all_check_names = set(_all_check_function_names())
+    validate_content_source = _validate_content_source()
+    undispatched_check_names = {
+        each_name for each_name in all_check_names if each_name not in validate_content_source
+    }
+    unexpected_undispatched = undispatched_check_names - KNOWN_UNDISPATCHED_CHECKS
+    assert unexpected_undispatched == set(), (
+        f"check_* functions are imported but never called in validate_content: "
+        f"{sorted(unexpected_undispatched)}. Wire each into validate_content so the "
+        f"check fires at Write/Edit time, or list it in KNOWN_UNDISPATCHED_CHECKS "
+        f"with a reason in the test header docstring."
+    )
+def test_dead_module_constant_check_stays_wired() -> None:
+    validate_content_source = _validate_content_source()
+    assert "check_dead_module_constants" in validate_content_source, (
+        "check_dead_module_constants must stay dispatched from validate_content so a "
+        "dead exported constant (the MEDIUM_TEXT class) is blocked at Write/Edit time."
+    )
+def test_known_undispatched_set_lists_only_existing_checks() -> None:
+    all_check_names = set(_all_check_function_names())
+    stale_names = KNOWN_UNDISPATCHED_CHECKS - all_check_names
+    assert stale_names == set(), (
+        f"KNOWN_UNDISPATCHED_CHECKS lists functions that no longer exist: "
+        f"{sorted(stale_names)}. Restore the function or remove it from the set."
+    )

package/hooks/blocking/test_code_rules_enforcer_orphan_css_class.py ADDED Viewed

@@ -0,0 +1,196 @@
+"""Unit tests for the orphan-CSS-class check in code_rules_enforcer hook."""
+import importlib.util
+import pathlib
+import sys
+import tempfile
+import textwrap
+from collections.abc import Iterator
+from pathlib import Path
+import pytest
+_HOOK_DIR = pathlib.Path(__file__).parent
+if str(_HOOK_DIR) not in sys.path:
+    sys.path.insert(0, str(_HOOK_DIR))
+hook_spec = importlib.util.spec_from_file_location(
+    "code_rules_orphan_css_class",
+    _HOOK_DIR / "code_rules_orphan_css_class.py",
+)
+assert hook_spec is not None
+assert hook_spec.loader is not None
+hook_module = importlib.util.module_from_spec(hook_spec)
+hook_spec.loader.exec_module(hook_module)
+check_orphan_css_classes = hook_module.check_orphan_css_classes
+PRODUCTION_FILE_PATH = "packages/app/render/report.py"
+TEST_FILE_PATH = "packages/app/render/test_report.py"
+MARKUP_WITH_ORPHAN = (
+    "def render() -> str:\n"
+    '    style = "<style>.card { color: red; }</style>"\n'
+    '    body = \'<div class="card">x</div><div class="ghost">y</div>\'\n'
+    "    return style + body\n"
+)
+MARKUP_ALL_DEFINED = (
+    "def render() -> str:\n"
+    '    style = "<style>.card { color: red; } .row { margin: 0; }</style>"\n'
+    '    body = \'<div class="card"><span class="row">x</span></div>\'\n'
+    "    return style + body\n"
+)
+def test_should_flag_class_with_no_matching_selector() -> None:
+    issues = check_orphan_css_classes(MARKUP_WITH_ORPHAN, PRODUCTION_FILE_PATH)
+    assert any("'ghost'" in each_issue for each_issue in issues), (
+        f"Expected 'ghost' flagged as orphan, got: {issues}"
+    )
+def test_should_not_flag_class_with_matching_selector() -> None:
+    issues = check_orphan_css_classes(MARKUP_WITH_ORPHAN, PRODUCTION_FILE_PATH)
+    assert not any("'card'" in each_issue for each_issue in issues), (
+        f"'card' has a .card selector and must not flag, got: {issues}"
+    )
+def test_should_not_flag_when_every_class_is_defined() -> None:
+    issues = check_orphan_css_classes(MARKUP_ALL_DEFINED, PRODUCTION_FILE_PATH)
+    assert issues == [], f"Every class is defined; expected no issues, got: {issues}"
+def test_should_flag_each_class_in_a_multi_class_attribute() -> None:
+    content = (
+        "def render() -> str:\n"
+        '    style = "<style>.pf { padding: 0; }</style>"\n'
+        "    body = '<div class=\"pf problem\">x</div>'\n"
+        "    return style + body\n"
+    )
+    issues = check_orphan_css_classes(content, PRODUCTION_FILE_PATH)
+    assert any("'problem'" in each_issue for each_issue in issues), (
+        f"Second class 'problem' in the attribute must flag, got: {issues}"
+    )
+    assert not any("'pf'" in each_issue for each_issue in issues), (
+        f"First class 'pf' has a selector and must not flag, got: {issues}"
+    )
+def test_should_not_flag_when_no_style_block_present() -> None:
+    content = "def render() -> str:\n    return '<div class=\"card\">x</div>'\n"
+    issues = check_orphan_css_classes(content, PRODUCTION_FILE_PATH)
+    assert issues == [], (
+        f"No <style> source nearby; the stylesheet lives outside the scan, got: {issues}"
+    )
+def test_should_not_flag_when_no_class_attribute_present() -> None:
+    content = (
+        'def render() -> str:\n    return "<style>.card { color: red; }</style><div>x</div>"\n'
+    )
+    issues = check_orphan_css_classes(content, PRODUCTION_FILE_PATH)
+    assert issues == [], f"No class attribute in markup; got: {issues}"
+def test_should_skip_test_files() -> None:
+    issues = check_orphan_css_classes(MARKUP_WITH_ORPHAN, TEST_FILE_PATH)
+    assert issues == [], f"Test files are exempt; got: {issues}"
+def test_should_include_line_number_and_class_name() -> None:
+    issues = check_orphan_css_classes(MARKUP_WITH_ORPHAN, PRODUCTION_FILE_PATH)
+    orphan_issue = next(each for each in issues if "'ghost'" in each)
+    assert "Line 3" in orphan_issue, (
+        f"Orphan 'ghost' sits on line 3 of the markup; got: {orphan_issue}"
+    )
+def test_should_report_each_orphan_class_once() -> None:
+    content = (
+        "def render() -> str:\n"
+        '    style = "<style>.card { color: red; }</style>"\n'
+        "    a = '<div class=\"ghost\">x</div>'\n"
+        "    b = '<div class=\"ghost\">y</div>'\n"
+        "    return style + a + b\n"
+    )
+    issues = check_orphan_css_classes(content, PRODUCTION_FILE_PATH)
+    ghost_issues = [each for each in issues if "'ghost'" in each]
+    assert len(ghost_issues) == 1, f"A repeated orphan class reports once; got: {ghost_issues}"
+def test_should_handle_syntax_error_gracefully() -> None:
+    content = "def broken(\n    this is not python\n"
+    issues = check_orphan_css_classes(content, PRODUCTION_FILE_PATH)
+    assert issues == [], f"A syntax error yields no issues; got: {issues}"
+_SIBLING_MARKUP_SOURCE = textwrap.dedent(
+    """\
+    from report_constants import HTML_STYLE_BLOCK
+    def render() -> str:
+        body = (
+            '<details class="appendix">'
+            '<div class="appendix-body">x</div></details>'
+        )
+        return HTML_STYLE_BLOCK + body
+    """
+)
+@pytest.fixture
+def production_render_package() -> Iterator[Path]:
+    """Yield a neutrally named package directory for the markup and constants modules.
+    pytest's ``tmp_path`` carries the test function name, so any path under it
+    holds a ``test_`` segment that the enforcer's ``is_test_file`` predicate
+    matches and exempts. A package created under the default ``tempfile`` prefix
+    keeps that segment out of the path, so the cross-module orphan-class check
+    runs against the markup module as production code.
+    Yields:
+        A freshly created package directory, removed when the test finishes.
+    """
+    with tempfile.TemporaryDirectory() as base_directory:
+        package_directory = Path(base_directory) / "render"
+        package_directory.mkdir()
+        yield package_directory
+def test_should_resolve_selectors_from_a_sibling_module(
+    production_render_package: Path,
+) -> None:
+    constants_module = production_render_package / "report_constants.py"
+    constants_module.write_text(
+        'HTML_STYLE_BLOCK = "<style>.appendix { margin: 0; }'
+        ' .appendix-body { padding: 0; }</style>"\n',
+        encoding="utf-8",
+    )
+    markup_module = production_render_package / "report.py"
+    markup_module.write_text(_SIBLING_MARKUP_SOURCE, encoding="utf-8")
+    issues = check_orphan_css_classes(_SIBLING_MARKUP_SOURCE, str(markup_module))
+    assert issues == [], (
+        f"A sibling module defines every selector; expected no issues, got: {issues}"
+    )
+def test_should_flag_orphan_even_when_a_sibling_defines_other_selectors(
+    production_render_package: Path,
+) -> None:
+    constants_module = production_render_package / "report_constants.py"
+    constants_module.write_text(
+        'HTML_STYLE_BLOCK = "<style>.appendix { margin: 0; }</style>"\n',
+        encoding="utf-8",
+    )
+    markup_module = production_render_package / "report.py"
+    markup_module.write_text(_SIBLING_MARKUP_SOURCE, encoding="utf-8")
+    issues = check_orphan_css_classes(_SIBLING_MARKUP_SOURCE, str(markup_module))
+    assert any("'appendix-body'" in each_issue for each_issue in issues), (
+        f"'appendix-body' has no selector in any sibling; must flag, got: {issues}"
+    )
+    assert not any(
+        "'appendix'" in each_issue and "appendix-body" not in each_issue
+        for each_issue in issues
+    ), f"'appendix' is defined in the sibling and must not flag, got: {issues}"

package/hooks/blocking/test_destructive_command_blocker.py CHANGED Viewed

@@ -247,6 +247,10 @@ def test_rm_rf_asks_when_any_target_is_non_ephemeral() -> None:
     assert response["hookSpecificOutput"]["permissionDecision"] == "ask"
+def test_rm_rf_asks_when_target_has_nested_temp_segment_not_at_root() -> None:
+    _assert_hook_asks("rm -rf /home/victim/temp/secret")
 def test_rm_rf_asks_when_double_dash_includes_hyphen_prefixed_non_ephemeral_target() -> None:
     payload = _make_bash_payload("rm -rf -- /tmp/scratch -non_ephemeral")
@@ -404,6 +408,26 @@ def test_rm_rf_asks_when_tool_input_cwd_is_ephemeral_but_rm_target_is_absolute_n
     assert response["hookSpecificOutput"]["permissionDecision"] == "ask"
+def test_rm_rf_asks_when_subshell_cd_changes_dir_before_relative_rm() -> None:
+    _assert_hook_asks('cd "/tmp/scratch" && (cd /; rm -rf etc)')
+def test_rm_rf_asks_when_second_top_level_cd_changes_dir_before_relative_rm() -> None:
+    _assert_hook_asks('cd "/tmp/scratch" && cd / && rm -rf etc')
+def test_rm_rf_asks_when_pushd_changes_dir_before_relative_rm() -> None:
+    _assert_hook_asks('cd "/tmp/scratch" && pushd / && rm -rf etc')
+def test_rm_rf_allowed_when_subshell_cd_present_but_rm_target_is_absolute_ephemeral() -> None:
+    _assert_hook_allows('cd "/tmp/scratch" && (cd /; rm -rf /tmp/scratch/keep)')
+def test_rm_rf_asks_when_cd_ephemeral_but_target_has_nested_tmp_segment_not_at_root() -> None:
+    _assert_hook_asks('cd "/tmp/scratch" && rm -rf /home/victim/tmp/secret')
 def test_git_push_force_asks_when_leading_cd_into_ephemeral_subdirectory() -> None:
     payload = _make_bash_payload('cd "/tmp/bugteam_scratch" && git push --force')
@@ -1038,6 +1062,14 @@ def test_compound_rm_allowed_when_two_absolute_ephemeral_targets_then_echo() ->
     _assert_hook_allows("rm -rf /tmp/pr136 /tmp/difftest && echo 'cleaned'")
+def test_compound_rm_allowed_when_subshell_paren_glued_rm_targets_absolute_ephemeral() -> None:
+    _assert_hook_allows("rm -rf /tmp/a && (rm -rf /tmp/b)")
+def test_compound_rm_asks_when_subshell_paren_glued_rm_targets_non_ephemeral() -> None:
+    _assert_hook_asks("rm -rf /tmp/a && (rm -rf /etc)")
 def test_compound_rm_allowed_when_followed_by_gh_pipeline_and_echo() -> None:
     _assert_hook_allows('rm -rf /tmp/reply && gh pr checks 19 2>&1 | head -5 && echo "x"')
@@ -1142,6 +1174,14 @@ def test_compound_rm_asks_when_second_rm_target_glues_redirect_to_non_ephemeral_
     _assert_hook_asks("rm -rf /tmp/a /tmp/b>/etc/hosts")
+def test_rm_rf_asks_when_cd_ephemeral_but_rm_segment_redirects_to_non_ephemeral_file() -> None:
+    _assert_hook_asks('cd "/tmp/scratch" && rm -rf /tmp/x>/etc/passwd')
+def test_rm_rf_asks_when_cd_ephemeral_but_relative_rm_target_redirects_to_non_ephemeral_file() -> None:
+    _assert_hook_asks('cd "/tmp/scratch" && rm -rf build>/etc/passwd')
 def test_compound_rm_asks_when_git_config_sets_value_after_ephemeral_rm() -> None:
     _assert_hook_asks("rm -rf /tmp/x && git config --global user.name evil")
@@ -1517,6 +1557,26 @@ def test_subshell_grouped_rm_asks_when_benign_command_precedes_grouped_rm() -> N
     _assert_hook_asks("echo hi; (rm -rf /etc)")
+def test_string_execution_asks_when_subshell_paren_glued_to_bash_dash_c() -> None:
+    _assert_hook_asks('cd "/tmp/scratch" && (bash -c \'rm -rf /etc\')')
+def test_string_execution_asks_when_subshell_paren_glued_to_timeout_wrapping_bash() -> None:
+    _assert_hook_asks('cd "/tmp/scratch" && (timeout 5 bash -c \'rm -rf /etc\')')
+def test_rm_rf_asks_when_cd_ephemeral_but_subshell_paren_glued_to_rm_targets_etc() -> None:
+    _assert_hook_asks('cd "/tmp/scratch" && (rm -rf /etc)')
+def test_rm_rf_asks_when_cd_ephemeral_but_brace_glued_to_rm_targets_etc() -> None:
+    _assert_hook_asks('cd "/tmp/scratch" && {rm -rf /etc;}')
+def test_rm_rf_allowed_when_cd_ephemeral_and_subshell_paren_wraps_relative_ephemeral_target() -> None:
+    _assert_hook_allows('cd "/tmp/scratch" && (rm -rf build)')
 # --- convergence branch exemption unit tests ---
 import importlib.util
@@ -1773,3 +1833,156 @@ def test_launcher_execution_allows_when_timeout_infinity_wraps_ephemeral_rm() ->
 def test_launcher_execution_allows_when_timeout_seconds_wraps_ephemeral_rm() -> None:
     _assert_hook_allows("timeout 5 rm -rf /tmp/scratch")
+def test_rm_rf_allowed_when_cd_worktree_then_temp_env_var_rm_then_mkdir_tar_compound() -> None:
+    _assert_hook_allows(
+        'cd "/Users/dev/proj/.git/worktrees/spindle" '
+        '&& rm -rf "$TEMP/pr621_check" '
+        '&& mkdir -p "$TEMP/pr621_check" '
+        "&& git archive HEAD packages | tar -x -C \"$TEMP/pr621_check\" "
+        '&& ls "$TEMP/pr621_check/packages" | head -40'
+    )
+def test_rm_rf_allowed_when_cd_worktree_then_find_exec_rm_then_pytest_compound() -> None:
+    _assert_hook_allows(
+        'cd "/Users/dev/proj/worktrees/os-update-system" '
+        '&& find shared_utils/samsung_utils -name "__pycache__" -type d '
+        "-exec rm -rf {} + 2>/dev/null"
+        '; PYTHONPATH="/Users/dev/proj/worktrees/os-update-system" '
+        'C:/Python313/python.exe -m pytest "tests/" -p no:cacheprovider -q 2>&1 | tail -15'
+    )
+def test_rm_rf_allowed_when_cd_ephemeral_and_sibling_mkdir_has_dash_p_flag() -> None:
+    _assert_hook_allows('cd "/tmp/scratch" && rm -rf build && mkdir -p out')
+def test_rm_rf_allowed_when_cd_ephemeral_and_rm_target_uses_temp_env_var() -> None:
+    _assert_hook_allows('cd "/tmp/scratch" && rm -rf "$TEMP/build"')
+def test_rm_rf_asks_when_cd_ephemeral_but_bash_dash_c_executes_rm_on_non_ephemeral() -> None:
+    _assert_hook_asks("cd \"/tmp/scratch\" && rm -rf build && bash -c 'rm -rf /etc'")
+def test_rm_rf_asks_when_cd_ephemeral_but_rm_target_uses_non_temp_env_var() -> None:
+    _assert_hook_asks('cd "/tmp/scratch" && rm -rf "$HOME/important"')
+def test_rm_rf_asks_when_cd_ephemeral_and_second_rm_segment_targets_non_ephemeral() -> None:
+    _assert_hook_asks('cd "/tmp/scratch" && rm -rf build && rm -rf /etc/passwd')
+def test_rm_rf_asks_when_cd_ephemeral_but_bin_rm_targets_non_ephemeral() -> None:
+    _assert_hook_asks('cd "/tmp/scratch" && /bin/rm -rf /etc')
+def test_rm_rf_asks_when_cd_ephemeral_but_target_is_command_substitution() -> None:
+    _assert_hook_asks('cd "/tmp/scratch" && rm -rf $(somecmd)')
+def test_rm_rf_asks_when_cd_ephemeral_but_target_is_brace_expansion_escaping_namespace() -> None:
+    _assert_hook_asks('cd "/tmp/scratch" && rm -rf {build,/etc}')
+def test_rm_rf_asks_when_cd_ephemeral_but_temp_var_splices_after_absolute_literal_prefix() -> None:
+    _assert_hook_asks('cd "/tmp/scratch" && rm -rf /data$TMP/x')
+def test_rm_rf_asks_when_cd_ephemeral_but_find_exec_rm_search_root_escapes_namespace() -> None:
+    _assert_hook_asks('cd "/tmp/scratch" && find /etc -name x -exec rm -rf {} +')
+def test_rm_rf_asks_when_cd_ephemeral_but_subshell_find_exec_rm_search_root_escapes() -> None:
+    _assert_hook_asks('cd "/tmp/scratch" && (find /etc -exec rm -rf {} +)')
+def test_rm_rf_asks_when_find_exec_rm_safe_but_sibling_standalone_rm_targets_non_ephemeral() -> None:
+    _assert_hook_asks(
+        'cd "/tmp/scratch" && find . -name x -exec rm -rf {} + ; rm -rf /etc/passwd'
+    )
+def test_rm_rf_asks_when_cd_ephemeral_but_find_exec_rm_redirects_to_non_ephemeral_file() -> None:
+    _assert_hook_asks('cd "/tmp/scratch" && find /tmp/scratch -exec rm -rf {} + >/etc/passwd')
+def test_rm_rf_allowed_when_cd_ephemeral_and_relative_build_target() -> None:
+    _assert_hook_allows('cd "/tmp/scratch" && rm -rf build')
+def test_rm_rf_allowed_when_cd_ephemeral_and_find_exec_rm_search_root_is_dot() -> None:
+    _assert_hook_allows('cd "/tmp/scratch" && find . -name x -exec rm -rf {} +')
+def test_rm_rf_asks_when_cd_ephemeral_but_find_exec_bash_dash_c_deletes_non_ephemeral() -> None:
+    _assert_hook_asks("cd \"/tmp/scratch\" && find . -exec bash -c 'rm -rf /etc' \\;")
+def test_rm_rf_asks_when_cd_ephemeral_but_find_exec_sh_dash_c_deletes_non_ephemeral() -> None:
+    _assert_hook_asks("cd \"/tmp/scratch\" && find . -exec sh -c 'rm -rf /etc' \\;")
+def test_rm_rf_asks_when_cd_ephemeral_but_find_execdir_bash_dash_c_deletes_non_ephemeral() -> None:
+    _assert_hook_asks("cd \"/tmp/scratch\" && find . -execdir bash -c 'rm -rf /etc' \\;")
+def test_rm_rf_asks_when_cd_ephemeral_but_find_exec_python_dash_c_deletes_non_ephemeral() -> None:
+    _assert_hook_asks(
+        "cd \"/tmp/scratch\" && find . -exec python -c 'import os; os.system(\"rm -rf /etc\")' \\;"
+    )
+# H1: find global option before the search root must not defeat the escape check
+def test_rm_rf_asks_when_find_dash_l_global_option_precedes_non_ephemeral_search_root() -> None:
+    _assert_hook_asks('cd "/tmp/scratch" && find -L /etc -name x -exec rm -rf {} +')
+def test_rm_rf_asks_when_find_dash_p_global_option_precedes_non_ephemeral_execdir_root() -> None:
+    _assert_hook_asks('cd "/tmp/scratch" && find -P /etc -execdir rm -rf {} +')
+def test_rm_rf_asks_when_find_optimization_level_option_precedes_non_ephemeral_search_root() -> None:
+    _assert_hook_asks('cd "/tmp/scratch" && find -O3 /etc -exec rm -rf {} +')
+def test_rm_rf_asks_when_standalone_find_optimization_option_precedes_non_ephemeral_search_root() -> None:
+    _assert_hook_asks('cd "/tmp/scratch" && find -O /etc -exec rm -rf {} +')
+def test_rm_rf_asks_when_find_debug_option_value_precedes_non_ephemeral_search_root() -> None:
+    _assert_hook_asks('cd "/tmp/scratch" && find -D tree /etc -exec rm -rf {} +')
+def test_rm_rf_allowed_when_find_global_option_precedes_ephemeral_dot_search_root() -> None:
+    _assert_hook_allows('cd "/tmp/scratch" && find -L . -name x -exec rm -rf {} +')
+# H2: multi -exec with a \\; terminator must not sever the destructive action from detection
+def test_rm_rf_asks_when_multi_exec_second_action_runs_bash_dash_c_deleting_non_ephemeral() -> None:
+    _assert_hook_asks(
+        "cd \"/tmp/scratch\" && find . -exec touch {} \\; -exec bash -c 'rm -rf /etc' \\;"
+    )
+def test_rm_rf_asks_when_multi_exec_second_action_runs_sh_dash_c_deleting_non_ephemeral() -> None:
+    _assert_hook_asks(
+        "cd \"/tmp/scratch\" && find . -exec echo {} \\; -exec sh -c 'rm -rf /etc' \\;"
+    )
+def test_rm_rf_allowed_when_multi_exec_both_actions_target_only_ephemeral_paths() -> None:
+    _assert_hook_allows("cd \"/tmp/scratch\" && find . -exec echo {} \\; -exec rm -rf {} \\;")
+# H3: parallel forwarding an interpreter that deletes a non-ephemeral path must ask
+def test_rm_rf_asks_when_parallel_forwards_bash_dash_c_deleting_non_ephemeral() -> None:
+    _assert_hook_asks("cd \"/tmp/scratch\" && parallel bash -c 'rm -rf /etc' ::: x")