claude-dev-env 1.73.0 → 1.75.0

package/hooks/blocking/test_package_inventory_stale_blocker.py

@@ -0,0 +1,329 @@
+"""Tests for package_inventory_stale_blocker hook."""
+
+import json
+import os
+import subprocess
+import sys
+from pathlib import Path
+
+sys.path.insert(0, str(Path(__file__).resolve().parent.parent))
+
+from package_inventory_stale_blocker import (
+    find_stale_inventory,
+    inventory_named_basenames,
+    is_inventoried_production_file,
+)
+
+from hooks_constants.package_inventory_stale_blocker_constants import (
+    STALE_INVENTORY_SYSTEM_MESSAGE,
+)
+
+HOOK_SCRIPT_PATH = os.path.join(os.path.dirname(__file__), "package_inventory_stale_blocker.py")
+
+README_LISTING_TWO_FILES = (
+    "# Pipeline\n\n"
+    "| Path | Role |\n"
+    "|---|---|\n"
+    "| `pipeline/dialer_compose.py` | Composes a dialer strip. |\n"
+    "| `compose_dialer_cli.py` | CLI for the dialer strip. |\n"
+)
+
+CLAUDE_MD_BULLET_LIST = (
+    "# package\n\n"
+    "## Key files\n\n"
+    "- `compose_dialer_cli.py` — composes one dialer strip.\n"
+    "- `compose_aod_cli.py` — composes the AOD image.\n"
+)
+
+README_LISTING_ONE_FILE = "# package\n\nSome prose mentioning `single_module.py` once.\n"
+
+README_LISTING_ONLY_GLOB_TOKENS = (
+    "# package\n\n"
+    "This directory holds files matching `*.py` and `*.mjs`.\n"
+)
+
+README_LISTING_ONLY_FENCED_FILENAMES = (
+    "# package\n\n"
+    "Example inventory table:\n\n"
+    "```\n"
+    "| Path | Role |\n"
+    "|---|---|\n"
+    "| `example_alpha.py` | Sample row. |\n"
+    "| `example_beta.py` | Sample row. |\n"
+    "```\n"
+)
+
+README_LISTING_ONLY_COMMAND_EXAMPLES = (
+    "# package\n\n"
+    "Run `parent:node_modules package.json` to find the manifest, then "
+    "`python <file>.py` and `psql $DATABASE_URL -f <query>.sql`. Import via "
+    "`from git_hooks_constants import VALUE`.\n"
+)
+
+README_PROSE_NAMES_NON_SIBLING_FILES = (
+    "# package\n\n"
+    "This directory works alongside `install.mjs` and is documented in "
+    "`source-material-section-types.md`.\n"
+)
+
+
+class _RunHook:
+    """Helper to test the hook via subprocess, mirroring the sibling test style."""
+
+    def __call__(self, tool_name: str, tool_input: dict) -> subprocess.CompletedProcess:
+        payload = json.dumps({"tool_name": tool_name, "tool_input": tool_input})
+        return subprocess.run(
+            [sys.executable, HOOK_SCRIPT_PATH],
+            input=payload,
+            capture_output=True,
+            text=True,
+            check=False,
+        )
+
+
+_run_hook = _RunHook()
+
+
+def _package_directory_with_readme(tmp_path: Path, readme_content: str) -> Path:
+    """Return a fresh package directory holding a README.md with the given content."""
+    package_directory = tmp_path / "package_directory"
+    package_directory.mkdir()
+    (package_directory / "README.md").write_text(readme_content, encoding="utf-8")
+    return package_directory
+
+
+def _write_sibling_files(package_directory: Path, all_basenames: list[str]) -> None:
+    """Create each named file on disk inside *package_directory*."""
+    for each_basename in all_basenames:
+        (package_directory / each_basename).write_text("x = 1\n", encoding="utf-8")
+
+
+def test_inventory_named_basenames_strips_path_to_basename():
+    named_basenames = inventory_named_basenames(README_LISTING_TWO_FILES)
+    assert named_basenames == {"dialer_compose.py", "compose_dialer_cli.py"}
+
+
+def test_inventory_named_basenames_reads_bullet_list():
+    named_basenames = inventory_named_basenames(CLAUDE_MD_BULLET_LIST)
+    assert named_basenames == {"compose_dialer_cli.py", "compose_aod_cli.py"}
+
+
+def test_inventory_named_basenames_rejects_glob_tokens():
+    named_basenames = inventory_named_basenames(README_LISTING_ONLY_GLOB_TOKENS)
+    assert named_basenames == set()
+
+
+def test_inventory_named_basenames_skips_fenced_code_block():
+    named_basenames = inventory_named_basenames(README_LISTING_ONLY_FENCED_FILENAMES)
+    assert named_basenames == set()
+
+
+def test_inventory_named_basenames_rejects_command_example_spans():
+    named_basenames = inventory_named_basenames(README_LISTING_ONLY_COMMAND_EXAMPLES)
+    assert named_basenames == set()
+
+
+def test_blocks_new_production_file_absent_from_readme(tmp_path: Path):
+    package_directory = _package_directory_with_readme(tmp_path, README_LISTING_TWO_FILES)
+    _write_sibling_files(package_directory, ["dialer_compose.py", "compose_dialer_cli.py"])
+    new_file_path = package_directory / "check_dialer_seam_cli.py"
+    result = _run_hook(
+        "Write",
+        {"file_path": str(new_file_path), "content": "x = 1\n"},
+    )
+    assert result.returncode == 0
+    payload = json.loads(result.stdout)
+    assert payload["hookSpecificOutput"]["permissionDecision"] == "deny"
+    assert "check_dialer_seam_cli.py" in payload["hookSpecificOutput"]["permissionDecisionReason"]
+    assert payload["systemMessage"] == STALE_INVENTORY_SYSTEM_MESSAGE
+
+
+def test_blocks_new_file_absent_from_claude_md_bullet_list(tmp_path: Path):
+    package_directory = tmp_path / "package_directory"
+    package_directory.mkdir()
+    (package_directory / "CLAUDE.md").write_text(CLAUDE_MD_BULLET_LIST, encoding="utf-8")
+    _write_sibling_files(package_directory, ["compose_dialer_cli.py", "compose_aod_cli.py"])
+    new_file_path = package_directory / "build_dialer_aod_roster_cli.py"
+    result = _run_hook(
+        "Write",
+        {"file_path": str(new_file_path), "content": "x = 1\n"},
+    )
+    assert result.returncode == 0
+    payload = json.loads(result.stdout)
+    assert payload["hookSpecificOutput"]["permissionDecision"] == "deny"
+
+
+def test_allows_new_file_already_named_in_readme(tmp_path: Path):
+    package_directory = _package_directory_with_readme(tmp_path, README_LISTING_TWO_FILES)
+    new_file_path = package_directory / "compose_dialer_cli.py"
+    result = _run_hook(
+        "Write",
+        {"file_path": str(new_file_path), "content": "x = 1\n"},
+    )
+    assert result.returncode == 0
+    assert result.stdout.strip() == ""
+
+
+def test_allows_new_file_named_by_path_form_in_readme(tmp_path: Path):
+    package_directory = _package_directory_with_readme(tmp_path, README_LISTING_TWO_FILES)
+    pipeline_directory = package_directory / "pipeline"
+    pipeline_directory.mkdir()
+    new_file_path = package_directory / "dialer_compose.py"
+    result = _run_hook(
+        "Write",
+        {"file_path": str(new_file_path), "content": "x = 1\n"},
+    )
+    assert result.returncode == 0
+    assert result.stdout.strip() == ""
+
+
+def test_allows_directory_with_no_inventory(tmp_path: Path):
+    package_directory = tmp_path / "package_directory"
+    package_directory.mkdir()
+    new_file_path = package_directory / "lonely_module.py"
+    result = _run_hook(
+        "Write",
+        {"file_path": str(new_file_path), "content": "x = 1\n"},
+    )
+    assert result.returncode == 0
+    assert result.stdout.strip() == ""
+
+
+def test_allows_directory_whose_readme_names_too_few_files(tmp_path: Path):
+    package_directory = _package_directory_with_readme(tmp_path, README_LISTING_ONE_FILE)
+    new_file_path = package_directory / "another_module.py"
+    result = _run_hook(
+        "Write",
+        {"file_path": str(new_file_path), "content": "x = 1\n"},
+    )
+    assert result.returncode == 0
+    assert result.stdout.strip() == ""
+
+
+def test_allows_new_file_when_inventory_holds_only_glob_tokens(tmp_path: Path):
+    package_directory = _package_directory_with_readme(
+        tmp_path, README_LISTING_ONLY_GLOB_TOKENS
+    )
+    new_file_path = package_directory / "new_sibling_module.py"
+    result = _run_hook(
+        "Write",
+        {"file_path": str(new_file_path), "content": "x = 1\n"},
+    )
+    assert result.returncode == 0
+    assert result.stdout.strip() == ""
+
+
+def test_allows_new_file_when_inventory_filenames_live_in_code_fence(tmp_path: Path):
+    package_directory = _package_directory_with_readme(
+        tmp_path, README_LISTING_ONLY_FENCED_FILENAMES
+    )
+    new_file_path = package_directory / "new_sibling_module.py"
+    result = _run_hook(
+        "Write",
+        {"file_path": str(new_file_path), "content": "x = 1\n"},
+    )
+    assert result.returncode == 0
+    assert result.stdout.strip() == ""
+
+
+def test_allows_new_file_when_inventory_names_only_non_sibling_files(tmp_path: Path):
+    package_directory = _package_directory_with_readme(
+        tmp_path, README_PROSE_NAMES_NON_SIBLING_FILES
+    )
+    new_file_path = package_directory / "new_helper.py"
+    result = _run_hook(
+        "Write",
+        {"file_path": str(new_file_path), "content": "x = 1\n"},
+    )
+    assert result.returncode == 0
+    assert result.stdout.strip() == ""
+
+
+def test_blocks_new_file_when_inventory_names_sibling_files_on_disk(tmp_path: Path):
+    package_directory = _package_directory_with_readme(tmp_path, README_LISTING_TWO_FILES)
+    (package_directory / "dialer_compose.py").write_text("x = 1\n", encoding="utf-8")
+    (package_directory / "compose_dialer_cli.py").write_text("x = 1\n", encoding="utf-8")
+    new_file_path = package_directory / "check_dialer_seam_cli.py"
+    result = _run_hook(
+        "Write",
+        {"file_path": str(new_file_path), "content": "x = 1\n"},
+    )
+    assert result.returncode == 0
+    payload = json.loads(result.stdout)
+    assert payload["hookSpecificOutput"]["permissionDecision"] == "deny"
+    assert "check_dialer_seam_cli.py" in payload["hookSpecificOutput"]["permissionDecisionReason"]
+
+
+def test_allows_test_file_absent_from_inventory(tmp_path: Path):
+    package_directory = _package_directory_with_readme(tmp_path, README_LISTING_TWO_FILES)
+    new_file_path = package_directory / "test_check_dialer_seam_cli.py"
+    result = _run_hook(
+        "Write",
+        {"file_path": str(new_file_path), "content": "x = 1\n"},
+    )
+    assert result.returncode == 0
+    assert result.stdout.strip() == ""
+
+
+def test_allows_init_file_absent_from_inventory(tmp_path: Path):
+    package_directory = _package_directory_with_readme(tmp_path, README_LISTING_TWO_FILES)
+    new_file_path = package_directory / "__init__.py"
+    result = _run_hook(
+        "Write",
+        {"file_path": str(new_file_path), "content": "x = 1\n"},
+    )
+    assert result.returncode == 0
+    assert result.stdout.strip() == ""
+
+
+def test_allows_non_code_file_absent_from_inventory(tmp_path: Path):
+    package_directory = _package_directory_with_readme(tmp_path, README_LISTING_TWO_FILES)
+    new_file_path = package_directory / "notes.txt"
+    result = _run_hook(
+        "Write",
+        {"file_path": str(new_file_path), "content": "x = 1\n"},
+    )
+    assert result.returncode == 0
+    assert result.stdout.strip() == ""
+
+
+def test_allows_edit_of_existing_file(tmp_path: Path):
+    package_directory = _package_directory_with_readme(tmp_path, README_LISTING_TWO_FILES)
+    existing_file_path = package_directory / "seam_continuity.py"
+    existing_file_path.write_text("x = 1\n", encoding="utf-8")
+    result = _run_hook(
+        "Write",
+        {"file_path": str(existing_file_path), "content": "x = 2\n"},
+    )
+    assert result.returncode == 0
+    assert result.stdout.strip() == ""
+
+
+def test_is_inventoried_production_file_rejects_config_directory(tmp_path: Path):
+    config_directory = tmp_path / "config"
+    config_directory.mkdir()
+    config_file_path = config_directory / "constants.py"
+    assert is_inventoried_production_file(str(config_file_path)) is False
+
+
+def test_is_inventoried_production_file_accepts_production_file(tmp_path: Path):
+    production_file_path = tmp_path / "dialer_compose.py"
+    assert is_inventoried_production_file(str(production_file_path)) is True
+
+
+def test_find_stale_inventory_returns_survey_for_omission(tmp_path: Path):
+    package_directory = _package_directory_with_readme(tmp_path, README_LISTING_TWO_FILES)
+    _write_sibling_files(package_directory, ["dialer_compose.py", "compose_dialer_cli.py"])
+    new_file_path = package_directory / "seam_continuity.py"
+    survey = find_stale_inventory(str(new_file_path))
+    assert survey is not None
+    assert survey.present_inventory_names == ["README.md"]
+    assert survey.named_basenames == {"dialer_compose.py", "compose_dialer_cli.py"}
+
+
+def test_find_stale_inventory_skips_prose_only_directory():
+    audit_rubrics_directory = (
+        Path(__file__).resolve().parent.parent.parent / "audit-rubrics"
+    )
+    new_file_path = audit_rubrics_directory / "new_helper.py"
+    assert find_stale_inventory(str(new_file_path)) is None

package/hooks/blocking/test_plain_language_blocker.py

@@ -12,6 +12,7 @@ import os
 import subprocess
 import sys
 from pathlib import Path
+from unittest.mock import patch
 
 HOOK_SCRIPT_PATH = Path(__file__).parent / "plain_language_blocker.py"
 _HOOKS_DIR = str(Path(__file__).resolve().parent)
@@ -37,6 +38,8 @@ find_banned_terms = hook_module.find_banned_terms
 strip_non_prose_regions = hook_module.strip_non_prose_regions
 build_block_reason = hook_module.build_block_reason
 
+from pre_tool_use_dispatcher import NativeHook, run_native_hook  # noqa: E402
+
 
 def _run_hook_with_payload(payload: dict) -> subprocess.CompletedProcess[str]:
     return subprocess.run(
@@ -245,3 +248,36 @@ def test_prose_slash_token_is_not_stripped_as_path() -> None:
 
 def test_real_file_path_is_still_stripped() -> None:
     assert "initiate" not in strip_non_prose_regions("Edit src/initiate.py to wire it.")
+
+
+def test_native_dispatch_path_logs_the_block(tmp_path: Path) -> None:
+    """A deny routed through the dispatcher's native path logs one record.
+
+    On the Write|Edit|MultiEdit surface this hook runs only through
+    pre_tool_use_dispatcher's native path, which calls evaluate() and
+    build_deny_payload() — never _emit_deny() or main(). The block must still
+    land in the hook-blocks log, so the log call lives on build_deny_payload,
+    the function the native path executes.
+    """
+    deny_payload = {
+        "tool_name": "Edit",
+        "tool_input": {
+            "file_path": str(tmp_path / "notes.md"),
+            "new_string": "This guide explains how to utilize the new cache layer.",
+        },
+    }
+    native_hook = NativeHook(
+        evaluate=hook_module.evaluate,
+        build_deny_payload=hook_module.build_deny_payload,
+    )
+
+    with patch.object(Path, "home", return_value=tmp_path):
+        hosted_result = run_native_hook(native_hook, deny_payload, is_blocking=True)
+
+    assert hosted_result.captured_stdout
+    log_path = tmp_path / ".claude" / "logs" / "hook-blocks.log"
+    all_records = log_path.read_text(encoding="utf-8").strip().splitlines()
+    assert len(all_records) == 1
+    logged_record = json.loads(all_records[0])
+    assert logged_record["hook"] == "plain_language_blocker.py"
+    assert logged_record["event"] == "PreToolUse"

package/hooks/blocking/test_pre_tool_use_dispatcher.py

@@ -26,6 +26,7 @@ if _HOOKS_DIR not in sys.path:
 
 from hooks_constants.pre_tool_use_dispatcher_constants import (  # noqa: E402, I001
     ALL_HOSTED_HOOK_ENTRIES,
+    BLOCKING_CRASH_DENY_REASON,
     BLOCKING_CRASH_EXIT_CODE,
     DENY_DECISION,
     EDIT_TOOL_NAME,
@@ -485,6 +486,52 @@ def test_aggregate_exit_code_two_signals_deny() -> None:
     )
 
 
+def test_aggregate_blocking_hook_crash_surfaces_a_deny() -> None:
+    """A crash in a blocking hook surfaces a deny with the crash reason.
+
+    When a blocking hook raises a non-SystemExit exception before emitting any
+    output, the aggregator must still deny so a bad write does not silently
+    pass. The deny reason must be the BLOCKING_CRASH_DENY_REASON constant.
+    """
+    all_results = [
+        HostedHookResult(
+            exit_code=0,
+            captured_stdout="",
+            did_crash=True,
+            is_blocking=True,
+        )
+    ]
+    decision = aggregate_hosted_hook_results(all_results)
+    assert decision.should_deny, "a blocking hook crash must surface a deny"
+    assert decision.all_deny_reasons, (
+        "the deny reasons list must be non-empty after a blocking hook crash"
+    )
+    assert BLOCKING_CRASH_DENY_REASON in decision.all_deny_reasons, (
+        "the deny reason from a blocking hook crash must be BLOCKING_CRASH_DENY_REASON.\n"
+        f"Got: {decision.all_deny_reasons!r}"
+    )
+
+
+def test_aggregate_non_blocking_hook_crash_does_not_deny() -> None:
+    """A crash in a non-blocking hook does not change an allow to a deny.
+
+    A hosted hook carrying is_blocking=False must not surface a deny when it
+    crashes — the aggregated decision stays allow.
+    """
+    all_results = [
+        HostedHookResult(
+            exit_code=0,
+            captured_stdout="",
+            did_crash=True,
+            is_blocking=False,
+        )
+    ]
+    decision = aggregate_hosted_hook_results(all_results)
+    assert not decision.should_deny, (
+        "a non-blocking hook crash must not change an allow to a deny"
+    )
+
+
 def test_aggregate_exit_code_zero_with_no_output_allows() -> None:
     """A HostedHookResult with exit_code 0 and empty stdout signals allow.
 
@@ -585,24 +632,24 @@ def test_dispatcher_write_applies_both_groups() -> None:
     assert "blocking/plain_language_blocker.py" in all_write_script_paths, (
         "plain_language_blocker (Group B) must be in Write applicable set"
     )
-    assert len(all_write_entries) == 15, (
-        f"Write tool must apply to all 15 hosted hooks, got {len(all_write_entries)}"
+    assert len(all_write_entries) == 18, (
+        f"Write tool must apply to all 18 hosted hooks, got {len(all_write_entries)}"
     )
 
 
 def test_dispatcher_edit_applies_both_groups() -> None:
     """Edit tool triggers both Group A and Group B hooks through the dispatcher."""
     all_edit_entries = _applicable_entries_for_tool(EDIT_TOOL_NAME)
-    assert len(all_edit_entries) == 15, (
-        f"Edit tool must apply to all 15 hosted hooks, got {len(all_edit_entries)}"
+    assert len(all_edit_entries) == 18, (
+        f"Edit tool must apply to all 18 hosted hooks, got {len(all_edit_entries)}"
     )
 
 
 def test_dispatcher_multi_edit_applies_only_group_b() -> None:
-    """MultiEdit tool triggers only Group B (5 hooks), not Group A."""
+    """MultiEdit tool triggers only Group B (7 hooks), not Group A."""
     all_multi_edit_entries = _applicable_entries_for_tool(MULTI_EDIT_TOOL_NAME)
-    assert len(all_multi_edit_entries) == 5, (
-        f"MultiEdit tool must apply to exactly 5 Group-B hooks, got {len(all_multi_edit_entries)}"
+    assert len(all_multi_edit_entries) == 7, (
+        f"MultiEdit tool must apply to exactly 7 Group-B hooks, got {len(all_multi_edit_entries)}"
     )
 
 
@@ -613,7 +660,7 @@ def test_proceed_after_run_all_validators_removal_allows() -> None:
     it was never a PreToolUse hook and never hosted by the PreToolUse dispatcher.
     A Python Write payload that run_all_validators would have flagged (mypy errors, for
     instance) still produces ALLOW from the PreToolUse dispatcher because the PreToolUse
-    dispatcher covers only its 15 hosted blocking hooks — none of which includes the
+    dispatcher covers only its 18 hosted blocking hooks — none of which includes the
     validators runner.
     """
     python_content_with_type_error = (

package/hooks/blocking/test_question_to_user_enforcer.py

@@ -14,7 +14,9 @@ if _HOOKS_DIR not in sys.path:
     sys.path.insert(0, _HOOKS_DIR)
 if _HOOKS_ROOT not in sys.path:
     sys.path.insert(0, _HOOKS_ROOT)
+import question_to_user_enforcer
 from hooks_constants.messages import USER_FACING_ASKUSERQUESTION_NOTICE
+from hooks_constants.text_stripping import strip_code_and_quotes
 
 CLEAN_DECLARATIVE_MESSAGE = "I applied the rename across both files. The tests pass."
 TRAILING_QUESTION_MESSAGE = (
@@ -68,6 +70,10 @@ def run_hook_with_message(assistant_message: str) -> subprocess.CompletedProcess
     return run_hook_with_payload({"last_assistant_message": assistant_message})
 
 
+def test_blocker_uses_shared_strip_code_and_quotes() -> None:
+    assert question_to_user_enforcer.strip_code_and_quotes is strip_code_and_quotes
+
+
 def test_clean_declarative_message_passes_through():
     completed_process = run_hook_with_message(CLEAN_DECLARATIVE_MESSAGE)
     assert completed_process.returncode == 0

package/hooks/blocking/test_send_user_file_open_locally_blocker.py

@@ -0,0 +1,114 @@
+"""Unit tests for the send-user-file-open-locally PreToolUse hook."""
+
+import importlib.util
+import io
+import json
+import pathlib
+import sys
+from unittest import mock
+
+_HOOK_DIR = pathlib.Path(__file__).parent
+if str(_HOOK_DIR) not in sys.path:
+    sys.path.insert(0, str(_HOOK_DIR))
+
+hook_spec = importlib.util.spec_from_file_location(
+    "send_user_file_open_locally_blocker",
+    _HOOK_DIR / "send_user_file_open_locally_blocker.py",
+)
+assert hook_spec is not None
+assert hook_spec.loader is not None
+hook_module = importlib.util.module_from_spec(hook_spec)
+hook_spec.loader.exec_module(hook_module)
+
+_should_block = hook_module._should_block
+
+from hooks_constants.send_user_file_open_locally_blocker_constants import (
+    CORRECTIVE_MESSAGE,
+    PROACTIVE_STATUS,
+    TOOL_NAME,
+)
+
+
+def test_blocks_normal_status() -> None:
+    assert _should_block("normal") is True
+
+
+def test_blocks_empty_status() -> None:
+    assert _should_block("") is True
+
+
+def test_blocks_unknown_status() -> None:
+    assert _should_block("whatever") is True
+
+
+def test_allows_proactive_status() -> None:
+    assert _should_block(PROACTIVE_STATUS) is False
+
+
+def test_corrective_message_points_to_show_asset() -> None:
+    assert "Show-Asset.ps1" in CORRECTIVE_MESSAGE
+
+
+def test_corrective_message_names_proactive_escape_hatch() -> None:
+    assert PROACTIVE_STATUS in CORRECTIVE_MESSAGE
+
+
+def _run_main_with_io(input_text: str) -> str:
+    with mock.patch("sys.stdin", io.StringIO(input_text)):
+        with mock.patch("sys.stdout", new_callable=io.StringIO) as mock_stdout:
+            try:
+                hook_module.main()
+            except SystemExit:
+                pass
+            return mock_stdout.getvalue()
+
+
+def test_main_blocks_normal_attach() -> None:
+    hook_input = {
+        "tool_name": TOOL_NAME,
+        "tool_input": {"files": ["report.html"], "status": "normal"},
+    }
+    output_text = _run_main_with_io(json.dumps(hook_input))
+    output = json.loads(output_text)
+    assert output["hookSpecificOutput"]["permissionDecision"] == "deny"
+    assert "Show-Asset.ps1" in output["hookSpecificOutput"]["permissionDecisionReason"]
+
+
+def test_main_allows_proactive_attach() -> None:
+    hook_input = {
+        "tool_name": TOOL_NAME,
+        "tool_input": {"files": ["report.html"], "status": "proactive"},
+    }
+    assert _run_main_with_io(json.dumps(hook_input)) == ""
+
+
+def test_main_blocks_when_status_missing() -> None:
+    hook_input = {
+        "tool_name": TOOL_NAME,
+        "tool_input": {"files": ["report.html"]},
+    }
+    output_text = _run_main_with_io(json.dumps(hook_input))
+    output = json.loads(output_text)
+    assert output["hookSpecificOutput"]["permissionDecision"] == "deny"
+
+
+def test_main_blocks_when_tool_input_is_null() -> None:
+    hook_input = {
+        "tool_name": TOOL_NAME,
+        "tool_input": None,
+    }
+    output_text = _run_main_with_io(json.dumps(hook_input))
+    output = json.loads(output_text)
+    assert output["hookSpecificOutput"]["permissionDecision"] == "deny"
+
+
+def test_main_passes_wrong_tool_name() -> None:
+    hook_input = {
+        "tool_name": "Write",
+        "tool_input": {"files": ["report.html"], "status": "normal"},
+    }
+    assert _run_main_with_io(json.dumps(hook_input)) == ""
+
+
+def test_main_passes_malformed_json() -> None:
+    assert _run_main_with_io("not valid json {{{") == ""

package/hooks/blocking/test_session_handoff_blocker.py

@@ -16,6 +16,12 @@ if _HOOKS_ROOT not in sys.path:
     sys.path.insert(0, _HOOKS_ROOT)
 import session_handoff_blocker
 from hooks_constants.messages import USER_FACING_CONTEXT_REASSURANCE_NOTICE
+from hooks_constants.text_stripping import strip_code_and_quotes
+
+
+def test_blocker_uses_shared_strip_code_and_quotes() -> None:
+    assert session_handoff_blocker.strip_code_and_quotes is strip_code_and_quotes
+
 
 NEW_SESSION_PROPOSAL_MESSAGE = (
     "I recommend we continue this in a fresh session to keep things manageable."

package/hooks/blocking/test_shared_stdin_adoption.py

@@ -33,6 +33,7 @@ ALL_CONVERTED_HOOK_FILENAMES = (
     "claude_md_orphan_file_blocker.py",
     "pr_converge_bugteam_enforcer.py",
     "verdict_directory_write_blocker.py",
+    "package_inventory_stale_blocker.py",
 )
 
 EMPTY_STDIN_PAYLOAD = ""
@@ -142,6 +143,47 @@ def test_open_questions_blocker_still_allows_plan_without_open_questions(
     assert _decision_from_stdout(completed) is None
 
 
+def test_package_inventory_blocker_still_denies_uninventoried_new_file(
+    tmp_path: Path,
+) -> None:
+    inventory_body = "# package\n\n| File | Role |\n|---|---|\n| `alpha.py` | A |\n| `beta.py` | B |\n"
+    (tmp_path / "README.md").write_text(inventory_body, encoding="utf-8")
+    (tmp_path / "alpha.py").write_text("x = 1\n", encoding="utf-8")
+    (tmp_path / "beta.py").write_text("x = 1\n", encoding="utf-8")
+    new_file_path = tmp_path / "gamma.py"
+    payload = json.dumps(
+        {
+            "tool_name": "Write",
+            "tool_input": {"file_path": str(new_file_path), "content": "x = 1\n"},
+        }
+    )
+    completed = _run_hook_script("package_inventory_stale_blocker.py", payload)
+    assert completed.returncode == 0
+    assert _decision_from_stdout(completed) == "deny"
+
+
+def test_package_inventory_blocker_still_allows_inventoried_new_file(
+    tmp_path: Path,
+) -> None:
+    inventory_body = (
+        "# package\n\n| File | Role |\n|---|---|\n"
+        "| `alpha.py` | A |\n| `beta.py` | B |\n| `gamma.py` | G |\n"
+    )
+    (tmp_path / "README.md").write_text(inventory_body, encoding="utf-8")
+    (tmp_path / "alpha.py").write_text("x = 1\n", encoding="utf-8")
+    (tmp_path / "beta.py").write_text("x = 1\n", encoding="utf-8")
+    new_file_path = tmp_path / "gamma.py"
+    payload = json.dumps(
+        {
+            "tool_name": "Write",
+            "tool_input": {"file_path": str(new_file_path), "content": "x = 1\n"},
+        }
+    )
+    completed = _run_hook_script("package_inventory_stale_blocker.py", payload)
+    assert completed.returncode == 0
+    assert _decision_from_stdout(completed) is None
+
+
 def test_converted_hooks_allow_unrelated_tool_name() -> None:
     payload = json.dumps({"tool_name": "Bash", "tool_input": {"command": "ls"}})
     for each_hook_filename in ALL_CONVERTED_HOOK_FILENAMES: