claude-dev-env 1.74.0 → 1.75.0

package/hooks/blocking/CLAUDE.md

@@ -63,6 +63,7 @@ The check modules it calls are the `code_rules_<concern>.py` files below.
 | `convergence_gate_blocker.py` | PreToolUse (Bash) | Convergence workflow actions on a conflicting PR |
 | `destructive_command_blocker.py` | PreToolUse (Bash/PowerShell) | Shell commands with destructive literals (`rm -rf`, `git reset --hard`, etc.) |
 | `docstring_rule_gate_count_blocker.py` | PreToolUse (Write/Edit/MultiEdit) | A stale spelled-out gate-validator count in `docstring-prose-matches-implementation.md` — the "N more gate validators" / "M gated slices" count drifting from the `check_docstring_*` validators the prose names |
+| `duplicate_rmtree_helper_blocker.py` | PreToolUse (Write/Edit) | A local re-definition of the Windows-safe rmtree helper trio (`_strip_read_only_and_retry`, `_force_remove_tree` / `force_rmtree`) in place of importing a shared helper |
 | `es_exe_path_rewriter.py` | PreToolUse | Rewrites paths referencing `.exe` under the Everything search path |
 | `gh_body_arg_blocker.py` | PreToolUse (Bash) | `gh` commands passing `--body`/`-b` directly (requires `--body-file` instead) |
 | `gh_pr_author_enforcer.py` | PreToolUse | Enforces PR author identity rules |

package/hooks/blocking/code_verifier_spawn_preflight_gate.py

@@ -5,7 +5,8 @@ The hook fires only on an ``Agent`` tool call whose ``subagent_type`` is
 ``code-verifier``. Before that verification spawn runs, the hook checks the
 branch for two committability problems against the resolved base ref: a real
 merge conflict (a non-mutating trial-merge of HEAD against the base ref) and a
-CODE_RULES violation on a line added in the uncommitted working tree. When
+CODE_RULES violation on a line added in the working tree since the merge base
+(committed on the branch or uncommitted). When
 either fires, the hook denies the spawn with a reason addressed to the spawning
 agent that names the conflicting files and the violating file:line, so that
 agent fixes them and re-spawns. Both checks fail OPEN on any infrastructure

package/hooks/blocking/duplicate_rmtree_helper_blocker.py

@@ -0,0 +1,155 @@
+#!/usr/bin/env python3
+"""PreToolUse hook: block a local re-definition of the Windows-safe rmtree helper trio.
+
+The Windows-safe deletion helper trio — `_strip_read_only_and_retry`,
+`_force_remove_tree`/`force_rmtree`, and the `inspect.signature` onexc/onerror guard —
+is the sanctioned pattern for removing a directory tree that may hold ReadOnly files.
+Because the windows_rmtree_blocker corrective message ships the trio as a paste-ready
+snippet, agents paste a fresh local copy into each module that needs cleanup. Three
+near-matching copies already span one codebase (a parser service, a categorizer, and a
+test isolation helper), so a fix to one copy never reaches the others — the exact
+"duplicated logic drifts" failure CODE_RULES.md section 3 (Reuse before create) names.
+
+This hook scans Write/Edit content to a Python file for a `def` of any sanctioned
+helper name and blocks it with a corrective message pointing to a single shared
+force_rmtree utility. The canonical shared-helper home, the rmtree-blocker hook
+sources (whose corrective strings embed the snippet), and test files are exempt.
+
+This complements the same-directory `check_duplicate_function_body_across_files`
+gate, which compares a written function only against `.py` siblings in its own
+directory. That scope leaves a copy of this trio between two distant packages
+unguarded, which is how the copies above spread. Keying on the sanctioned helper
+names blocks the cross-directory copy the structural same-directory check cannot
+reach.
+"""
+
+import json
+import sys
+from pathlib import Path
+
+_hooks_dir = str(Path(__file__).resolve().parent.parent)
+if _hooks_dir not in sys.path:
+    sys.path.insert(0, _hooks_dir)
+
+from hooks_constants.duplicate_rmtree_helper_blocker_constants import (  # noqa: E402
+    ALL_EXEMPT_PATH_FRAGMENTS,
+    ALL_EXEMPT_TEST_FILE_PREFIXES,
+    ALL_EXEMPT_TEST_FILE_SUFFIXES,
+    HELPER_DEFINITION_PATTERN,
+    PYTHON_FILE_EXTENSION,
+    TRIPLE_QUOTED_STRING_PATTERN,
+)
+from hooks_constants.pre_tool_use_stdin import read_hook_input_dictionary_from_stdin  # noqa: E402
+
+
+def payload_defines_sanctioned_helper(payload_text: str) -> bool:
+    """Return True when the text defines a sanctioned Windows-safe rmtree helper.
+
+    Args:
+        payload_text: The file content or new_string fragment under inspection.
+
+    Returns:
+        True when a line defines `_strip_read_only_and_retry`, `_force_remove_tree`,
+        or `force_rmtree`. Triple-quoted string bodies are masked before the
+        line-anchored pattern runs, so a `def` that begins its own line inside a
+        documentation snippet or multi-line string literal is left untouched. A
+        helper name inside a single-line quoted string carries a quote before `def`,
+        so the line-anchored pattern leaves it untouched as well.
+    """
+    if not payload_text:
+        return False
+    masked_text = TRIPLE_QUOTED_STRING_PATTERN.sub("", payload_text)
+    return bool(HELPER_DEFINITION_PATTERN.search(masked_text))
+
+
+def path_is_exempt(file_path: str) -> bool:
+    """Return True when a Python path may carry the helper definition.
+
+    Args:
+        file_path: The target path the Write/Edit writes to.
+
+    Returns:
+        True when the path's basename is the canonical shared-helper home, an
+        rmtree-blocker hook source, one of the existing in-repo definition sites
+        (session_env_cleanup.py, _md_to_html_blocker_test_support.py,
+        teardown_worktrees.py), or a test file. A definition there is intentional.
+        Basename equality (not substring containment) prevents a sibling whose name
+        merely contains an exempt fragment from bypassing the block.
+    """
+    normalized_path = file_path.replace("\\", "/")
+    file_name = normalized_path.rsplit("/", 1)[-1]
+    if any(file_name.startswith(each_prefix) for each_prefix in ALL_EXEMPT_TEST_FILE_PREFIXES):
+        return True
+    if any(file_name.endswith(each_suffix) for each_suffix in ALL_EXEMPT_TEST_FILE_SUFFIXES):
+        return True
+    return file_name in ALL_EXEMPT_PATH_FRAGMENTS
+
+
+def extract_payload_text(tool_name: str, tool_input: dict) -> tuple[str, str]:
+    """Return the (file_path, scanned_text) pair for a Write/Edit to a Python file.
+
+    Args:
+        tool_name: The PreToolUse tool name.
+        tool_input: The tool input dictionary.
+
+    Returns:
+        A pair of the target path and the text to scan. The text is empty for an
+        unrelated tool or a non-Python target, so the caller exits without blocking.
+    """
+    if tool_name not in {"Write", "Edit"}:
+        return "", ""
+    file_path = tool_input.get("file_path", "") or ""
+    if file_path and not file_path.endswith(PYTHON_FILE_EXTENSION):
+        return file_path, ""
+    scanned_text = tool_input.get("content", "") or tool_input.get("new_string", "") or ""
+    return file_path, scanned_text
+
+
+def main() -> None:
+    corrective_message = (
+        "BLOCKED [duplicate-rmtree-helper]: this Write/Edit defines a local copy of "
+        "the Windows-safe rmtree helper trio (_strip_read_only_and_retry, "
+        "_force_remove_tree / force_rmtree). The trio is already implemented once; a "
+        "second copy drifts from the original — a fix lands in one copy and the other "
+        "keeps the bug (CODE_RULES.md section 3, Reuse before create).\n\n"
+        "Import the shared force_rmtree helper rather than pasting the trio:\n\n"
+        "    from <shared_package>.windows_filesystem import force_rmtree\n"
+        "    force_rmtree(staging_directory)\n\n"
+        "When no shared helper module exists yet, create ONE — a windows-filesystem "
+        "utility module the consuming packages can import — define the trio there once, "
+        "and import it from every call site. Do not paste the trio from the "
+        "windows_rmtree_blocker corrective message into each module.\n\n"
+        "See ~/.claude/rules/windows-filesystem-safe.md for the sanctioned pattern."
+    )
+    hook_input = read_hook_input_dictionary_from_stdin()
+    if hook_input is None:
+        sys.exit(0)
+
+    raw_tool_name = hook_input.get("tool_name", "")
+    raw_tool_input = hook_input.get("tool_input", {})
+    tool_name = raw_tool_name if isinstance(raw_tool_name, str) else ""
+    tool_input = raw_tool_input if isinstance(raw_tool_input, dict) else {}
+
+    file_path, scanned_text = extract_payload_text(tool_name, tool_input)
+
+    if not scanned_text:
+        sys.exit(0)
+    if path_is_exempt(file_path):
+        sys.exit(0)
+    if not payload_defines_sanctioned_helper(scanned_text):
+        sys.exit(0)
+
+    deny_response = {
+        "hookSpecificOutput": {
+            "hookEventName": "PreToolUse",
+            "permissionDecision": "deny",
+            "permissionDecisionReason": corrective_message,
+        }
+    }
+    print(json.dumps(deny_response))
+    sys.stdout.flush()
+    sys.exit(0)
+
+
+if __name__ == "__main__":
+    main()

package/hooks/blocking/hedging_language_blocker.py

@@ -18,6 +18,7 @@ if _hooks_dir not in sys.path:
 
 from hooks_constants.hook_block_logger import log_hook_block  # noqa: E402
 from hooks_constants.messages import USER_FACING_NOTICE  # noqa: E402
+from hooks_constants.text_stripping import strip_code_and_quotes  # noqa: E402
 
 PLUGIN_ROOT = os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))
 
@@ -58,19 +59,6 @@ ALL_HEDGING_PATTERNS = [
     re.compile(pattern, re.IGNORECASE) for pattern in HEDGING_WORDS + HEDGING_PHRASES
 ]
 
-CODE_BLOCK_PATTERN = re.compile(r"```[\s\S]*?```", re.MULTILINE)
-INLINE_CODE_PATTERN = re.compile(r"`[^`]+`")
-QUOTED_BLOCK_PATTERN = re.compile(r"^>.*$", re.MULTILINE)
-
-
-def strip_code_and_quotes(text: str) -> str:
-    """Remove code blocks, inline code, and blockquotes to avoid false positives."""
-    text = CODE_BLOCK_PATTERN.sub("", text)
-    text = INLINE_CODE_PATTERN.sub("", text)
-    text = QUOTED_BLOCK_PATTERN.sub("", text)
-    return text
-
-
 def find_hedging_words(text: str) -> list[str]:
     """Return all hedging words/phrases found in the text."""
     prose_text = strip_code_and_quotes(text)

package/hooks/blocking/intent_only_ending_blocker.py

@@ -20,21 +20,7 @@ if _hooks_dir not in sys.path:
 
 from hooks_constants.hook_block_logger import log_hook_block  # noqa: E402
 from hooks_constants.messages import USER_FACING_INTENT_ENDING_NOTICE  # noqa: E402
-
-
-def strip_code_and_quotes(text: str) -> str:
-    """Remove code blocks, inline code, and blockquotes to avoid false positives.
-
-    Args:
-        text: The raw assistant message to clean.
-    """
-    code_block_pattern = re.compile(r"```[\s\S]*?```", re.MULTILINE)
-    inline_code_pattern = re.compile(r"`[^`]+`")
-    quoted_block_pattern = re.compile(r"^>.*$", re.MULTILINE)
-    text = code_block_pattern.sub("", text)
-    text = inline_code_pattern.sub("", text)
-    text = quoted_block_pattern.sub("", text)
-    return text
+from hooks_constants.text_stripping import strip_code_and_quotes  # noqa: E402
 
 
 def extract_final_paragraph(text: str) -> str:

package/hooks/blocking/pre_tool_use_dispatcher.py

@@ -8,8 +8,8 @@ decision when any hook denied (carrying every denying reason) or exits zero to
 allow.
 
 The per-hook coverage matrix:
-- Write  -> Group A (10 hooks) + Group B (7 hooks) = 17 hooks
-- Edit   -> Group A (10 hooks) + Group B (7 hooks) = 17 hooks
+- Write  -> Group A (11 hooks) + Group B (7 hooks) = 18 hooks
+- Edit   -> Group A (11 hooks) + Group B (7 hooks) = 18 hooks
 - MultiEdit -> Group B only (7 hooks)
 """
 
@@ -40,6 +40,7 @@ from state_description_blocker import evaluate as evaluate_state_description  #
 from hooks_constants.pre_tool_use_dispatcher_constants import (  # noqa: E402
     ALL_HOSTED_HOOK_ENTRIES,
     ALLOW_DECISION,
+    BLOCKING_CRASH_DENY_REASON,
     BLOCKING_CRASH_EXIT_CODE,
     DENY_DECISION,
     EXIT_CODE_TWO_DENY_REASON,
@@ -360,9 +361,7 @@ def aggregate_hosted_hook_results(
                 parsed_output.deny_reason if parsed_output.deny_reason else EXIT_CODE_TWO_DENY_REASON
             )
         elif each_result.did_crash and each_result.is_blocking:
-            all_deny_reasons.append(
-                "[dispatcher] hook crash in blocking hook — write blocked for safety"
-            )
+            all_deny_reasons.append(BLOCKING_CRASH_DENY_REASON)
         elif each_result.exit_code == BLOCKING_CRASH_EXIT_CODE and each_result.is_blocking:
             all_deny_reasons.append(EXIT_CODE_TWO_DENY_REASON)
         if parsed_output.is_allow:

package/hooks/blocking/question_to_user_enforcer.py

@@ -21,17 +21,7 @@ if _hooks_dir not in sys.path:
 
 from hooks_constants.hook_block_logger import log_hook_block  # noqa: E402
 from hooks_constants.messages import USER_FACING_ASKUSERQUESTION_NOTICE  # noqa: E402
-
-
-def strip_code_and_quotes(text: str) -> str:
-    """Remove code blocks, inline code, and blockquotes to avoid false positives."""
-    code_block_pattern = re.compile(r"```[\s\S]*?```", re.MULTILINE)
-    inline_code_pattern = re.compile(r"`[^`]+`")
-    quoted_block_pattern = re.compile(r"^>.*$", re.MULTILINE)
-    text = code_block_pattern.sub("", text)
-    text = inline_code_pattern.sub("", text)
-    text = quoted_block_pattern.sub("", text)
-    return text
+from hooks_constants.text_stripping import strip_code_and_quotes  # noqa: E402
 
 
 def extract_final_paragraph(text: str) -> str:

package/hooks/blocking/session_handoff_blocker.py

@@ -23,21 +23,7 @@ from hooks_constants.messages import USER_FACING_CONTEXT_REASSURANCE_NOTICE  # n
 from hooks_constants.session_handoff_blocker_constants import (  # noqa: E402
     FIRST_PERSON_SUBJECT_PATTERN,
 )
-
-
-def strip_code_and_quotes(text: str) -> str:
-    """Remove code blocks, inline code, and blockquotes to avoid false positives.
-
-    Args:
-        text: The raw assistant message to clean.
-    """
-    code_block_pattern = re.compile(r"```[\s\S]*?```", re.MULTILINE)
-    inline_code_pattern = re.compile(r"`[^`]+`")
-    quoted_block_pattern = re.compile(r"^>.*$", re.MULTILINE)
-    text = code_block_pattern.sub("", text)
-    text = inline_code_pattern.sub("", text)
-    text = quoted_block_pattern.sub("", text)
-    return text
+from hooks_constants.text_stripping import strip_code_and_quotes  # noqa: E402
 
 
 def split_into_sentences(text: str) -> list[str]:

package/hooks/blocking/test_code_verifier_spawn_preflight_gate.py

@@ -342,6 +342,22 @@ def test_real_code_rules_violation_on_added_line_denies(tmp_path: Path) -> None:
     assert "Line " in reason
 
 
+def test_committed_on_branch_violation_with_clean_working_tree_denies(tmp_path: Path) -> None:
+    repository_root = tmp_path / "repo"
+    repository_root.mkdir()
+    initialize_repository(repository_root)
+    run_git(repository_root, "checkout", "-b", "feature")
+    commit_file(repository_root, "committed.py", VIOLATING_MODULE_SOURCE, "commit violation")
+    status_output = run_git(repository_root, "status", "--porcelain")
+    assert status_output == "", "working tree must be clean so the deny comes from the committed line"
+    payload = write_agent_payload("code-verifier", "verify the change", repository_root)
+    result = run_hook(payload, repository_root)
+    assert not is_allow(result)
+    reason = deny_reason(result)
+    assert "committed.py" in reason
+    assert "Line " in reason
+
+
 def test_preexisting_violation_on_untouched_line_allows(tmp_path: Path) -> None:
     repository_root = tmp_path / "repo"
     repository_root.mkdir()

package/hooks/blocking/test_duplicate_rmtree_helper_blocker.py

@@ -0,0 +1,328 @@
+"""Unit tests for duplicate_rmtree_helper_blocker PreToolUse hook."""
+
+import importlib.util
+import io
+import json
+import pathlib
+import sys
+from contextlib import redirect_stderr, redirect_stdout
+
+_HOOK_DIR = pathlib.Path(__file__).parent
+if str(_HOOK_DIR) not in sys.path:
+    sys.path.insert(0, str(_HOOK_DIR))
+_HOOKS_ROOT = _HOOK_DIR.parent
+if str(_HOOKS_ROOT) not in sys.path:
+    sys.path.insert(0, str(_HOOKS_ROOT))
+
+hook_spec = importlib.util.spec_from_file_location(
+    "duplicate_rmtree_helper_blocker",
+    _HOOK_DIR / "duplicate_rmtree_helper_blocker.py",
+)
+assert hook_spec is not None
+assert hook_spec.loader is not None
+hook_module = importlib.util.module_from_spec(hook_spec)
+hook_spec.loader.exec_module(hook_module)
+
+payload_defines_sanctioned_helper = hook_module.payload_defines_sanctioned_helper
+path_is_exempt = hook_module.path_is_exempt
+extract_payload_text = hook_module.extract_payload_text
+
+COPIED_TRIO = (
+    "def _strip_read_only_and_retry(removal_function, target_path, *_exc_info):\n"
+    "    try:\n"
+    "        os.chmod(target_path, stat.S_IWRITE)\n"
+    "        removal_function(target_path)\n"
+    "    except OSError:\n"
+    "        pass\n\n\n"
+    "_rmtree_supports_onexc = 'onexc' in inspect.signature(shutil.rmtree).parameters\n\n\n"
+    "def _force_remove_tree(target_path):\n"
+    "    if _rmtree_supports_onexc:\n"
+    "        shutil.rmtree(target_path, onexc=_strip_read_only_and_retry)\n"
+)
+
+
+def test_detects_strip_read_only_definition() -> None:
+    assert payload_defines_sanctioned_helper(
+        "def _strip_read_only_and_retry(removal_function, target_path, *_exc_info):\n    pass"
+    )
+
+
+def test_detects_force_remove_tree_definition() -> None:
+    assert payload_defines_sanctioned_helper(
+        "def _force_remove_tree(target_path: Path) -> None:\n    pass"
+    )
+
+
+def test_detects_force_rmtree_definition() -> None:
+    assert payload_defines_sanctioned_helper(
+        "def force_rmtree(target_path: str) -> None:\n    pass"
+    )
+
+
+def test_detects_indented_method_definition() -> None:
+    assert payload_defines_sanctioned_helper(
+        "class FileTools:\n    def _strip_read_only_and_retry(self, fn, path):\n        pass"
+    )
+
+
+def test_detects_copied_trio_block() -> None:
+    assert payload_defines_sanctioned_helper(COPIED_TRIO)
+
+
+def test_allows_import_of_shared_helper() -> None:
+    assert not payload_defines_sanctioned_helper(
+        "from shared_utils.web_automation.utils.windows_filesystem import force_rmtree"
+    )
+
+
+def test_allows_call_site_without_definition() -> None:
+    assert not payload_defines_sanctioned_helper("force_rmtree(staging_directory)")
+
+
+def test_allows_helper_name_inside_string_literal() -> None:
+    corrective_message = (
+        '    "    def _strip_read_only_and_retry(removal_function, target_path):\\n"'
+    )
+    assert not payload_defines_sanctioned_helper(corrective_message)
+
+
+def test_allows_helper_definition_inside_triple_quoted_string() -> None:
+    documentation_snippet = (
+        'EXAMPLE = """\\\n'
+        'def _strip_read_only_and_retry(removal_function, target_path, *_exc_info):\n'
+        '    pass\n'
+        '"""\n'
+    )
+    assert not payload_defines_sanctioned_helper(documentation_snippet)
+
+
+def test_allows_force_rmtree_definition_inside_triple_quoted_string() -> None:
+    documentation_snippet = (
+        "snippet = '''\n"
+        "def force_rmtree(target_path: str) -> None:\n"
+        "    pass\n"
+        "'''\n"
+    )
+    assert not payload_defines_sanctioned_helper(documentation_snippet)
+
+
+def test_detects_real_definition_following_triple_quoted_docstring() -> None:
+    module_text = (
+        '"""Module docstring."""\n'
+        'def force_rmtree(target_path: str) -> None:\n'
+        '    pass\n'
+    )
+    assert payload_defines_sanctioned_helper(module_text)
+
+
+def test_detects_real_definition_between_two_triple_quoted_strings() -> None:
+    module_text = (
+        '"""Leading docstring."""\n'
+        'def _force_remove_tree(target_path: str) -> None:\n'
+        '    pass\n'
+        '"""Trailing docstring."""\n'
+    )
+    assert payload_defines_sanctioned_helper(module_text)
+
+
+def test_allows_unrelated_definition() -> None:
+    assert not payload_defines_sanctioned_helper("def categorize_and_move(theme_folder):\n    pass")
+
+
+def test_path_exempts_blocker_source() -> None:
+    assert path_is_exempt("packages/x/hooks/blocking/windows_rmtree_blocker.py")
+    assert path_is_exempt("packages/x/hooks/blocking/duplicate_rmtree_helper_blocker.py")
+
+
+def test_path_exempts_shared_helper_module() -> None:
+    assert path_is_exempt("shared_utils/web_automation/utils/windows_filesystem.py")
+
+
+def test_path_exempts_existing_session_env_cleanup_definition_site() -> None:
+    assert path_is_exempt("packages/claude-dev-env/hooks/session/session_env_cleanup.py")
+
+
+def test_path_exempts_existing_md_to_html_test_support_definition_site() -> None:
+    assert path_is_exempt(
+        "packages/claude-dev-env/hooks/blocking/_md_to_html_blocker_test_support.py"
+    )
+
+
+def test_path_exempts_existing_teardown_worktrees_definition_site() -> None:
+    assert path_is_exempt(
+        "packages/claude-dev-env/skills/_shared/pr-loop/scripts/teardown_worktrees.py"
+    )
+
+
+def test_main_allows_full_file_write_of_existing_definition_site() -> None:
+    stdout_text, exit_code = _run_hook(
+        {
+            "tool_name": "Write",
+            "tool_input": {
+                "file_path": "packages/claude-dev-env/hooks/session/session_env_cleanup.py",
+                "content": COPIED_TRIO,
+            },
+        }
+    )
+    assert exit_code == 0
+    assert stdout_text == ""
+
+
+def test_path_exempts_test_file_prefix() -> None:
+    assert path_is_exempt("hooks/blocking/test_duplicate_rmtree_helper_blocker.py")
+
+
+def test_path_exempts_test_file_suffix() -> None:
+    assert path_is_exempt("shared_utils/something_test.py")
+
+
+def test_path_does_not_exempt_production_module() -> None:
+    assert not path_is_exempt(
+        "shared_utils/samsung_utils/cert_failure_processor/failure_categorizer.py"
+    )
+
+
+def test_path_does_not_exempt_filename_containing_exempt_fragment() -> None:
+    assert not path_is_exempt("packages/x/not_windows_filesystem.py")
+    assert not path_is_exempt("packages/x/my_windows_filesystem.py")
+
+
+def test_path_does_not_exempt_backslash_path_with_containing_fragment() -> None:
+    assert not path_is_exempt("packages\\x\\not_windows_filesystem.py")
+
+
+def test_extract_payload_text_reads_write_content() -> None:
+    extracted = extract_payload_text("Write", {"file_path": "foo.py", "content": "abc"})
+    assert extracted == ("foo.py", "abc")
+
+
+def test_extract_payload_text_reads_edit_new_string() -> None:
+    extracted = extract_payload_text("Edit", {"file_path": "foo.py", "new_string": "abc"})
+    assert extracted == ("foo.py", "abc")
+
+
+def test_extract_payload_text_returns_empty_for_non_python_file() -> None:
+    extracted = extract_payload_text("Write", {"file_path": "notes.md", "content": COPIED_TRIO})
+    assert extracted == ("notes.md", "")
+
+
+def test_extract_payload_text_returns_empty_for_unknown_tool() -> None:
+    extracted = extract_payload_text("Read", {"file_path": "foo.py"})
+    assert extracted == ("", "")
+
+
+def _run_hook_with_stdin_text(stdin_text: str) -> tuple[str, str, int]:
+    captured_stdout = io.StringIO()
+    captured_stderr = io.StringIO()
+    exit_code = 0
+    sys.stdin = io.StringIO(stdin_text)
+    try:
+        with redirect_stdout(captured_stdout), redirect_stderr(captured_stderr):
+            try:
+                hook_module.main()
+            except SystemExit as exit_signal:
+                raw_exit_code = exit_signal.code
+                exit_code = raw_exit_code if isinstance(raw_exit_code, int) else 0
+    finally:
+        sys.stdin = sys.__stdin__
+    return captured_stdout.getvalue(), captured_stderr.getvalue(), exit_code
+
+
+def _run_hook(hook_input: dict) -> tuple[str, int]:
+    stdout_text, _stderr_text, exit_code = _run_hook_with_stdin_text(json.dumps(hook_input))
+    return stdout_text, exit_code
+
+
+def test_main_blocks_local_trio_copy_in_production_module() -> None:
+    stdout_text, exit_code = _run_hook(
+        {
+            "tool_name": "Write",
+            "tool_input": {
+                "file_path": (
+                    "shared_utils/samsung_utils/cert_failure_processor/failure_categorizer.py"
+                ),
+                "content": COPIED_TRIO,
+            },
+        }
+    )
+    assert exit_code == 0
+    response_payload = json.loads(stdout_text)
+    decision_block = response_payload["hookSpecificOutput"]
+    assert decision_block["permissionDecision"] == "deny"
+    assert "duplicate-rmtree-helper" in decision_block["permissionDecisionReason"]
+
+
+def test_main_allows_import_of_shared_helper() -> None:
+    stdout_text, exit_code = _run_hook(
+        {
+            "tool_name": "Write",
+            "tool_input": {
+                "file_path": "shared_utils/samsung_utils/cleanup.py",
+                "content": (
+                    "from shared_utils.web_automation.utils.windows_filesystem import "
+                    "force_rmtree\n\nforce_rmtree(path)\n"
+                ),
+            },
+        }
+    )
+    assert exit_code == 0
+    assert stdout_text == ""
+
+
+def test_main_allows_definition_in_shared_helper_module() -> None:
+    stdout_text, exit_code = _run_hook(
+        {
+            "tool_name": "Write",
+            "tool_input": {
+                "file_path": "shared_utils/web_automation/utils/windows_filesystem.py",
+                "content": COPIED_TRIO,
+            },
+        }
+    )
+    assert exit_code == 0
+    assert stdout_text == ""
+
+
+def test_main_allows_definition_in_test_file() -> None:
+    stdout_text, exit_code = _run_hook(
+        {
+            "tool_name": "Write",
+            "tool_input": {
+                "file_path": "shared_utils/test_windows_filesystem.py",
+                "content": COPIED_TRIO,
+            },
+        }
+    )
+    assert exit_code == 0
+    assert stdout_text == ""
+
+
+def test_main_passes_through_non_python_file() -> None:
+    stdout_text, exit_code = _run_hook(
+        {
+            "tool_name": "Write",
+            "tool_input": {"file_path": "docs/cleanup.md", "content": COPIED_TRIO},
+        }
+    )
+    assert exit_code == 0
+    assert stdout_text == ""
+
+
+def test_main_passes_through_unrelated_tool() -> None:
+    stdout_text, exit_code = _run_hook({"tool_name": "Read", "tool_input": {"file_path": "foo.py"}})
+    assert exit_code == 0
+    assert stdout_text == ""
+
+
+def test_main_with_empty_stdin_exits_silently() -> None:
+    stdout_text, stderr_text, exit_code = _run_hook_with_stdin_text("")
+    assert exit_code == 0
+    assert stdout_text == ""
+    assert stderr_text == ""
+
+
+def test_main_with_invalid_json_stdin_exits_silently() -> None:
+    stdout_text, stderr_text, exit_code = _run_hook_with_stdin_text("{broken")
+    assert exit_code == 0
+    assert stdout_text == ""
+    assert stderr_text == ""

package/hooks/blocking/test_hedging_language_blocker.py

@@ -17,6 +17,12 @@ if _HOOKS_ROOT not in sys.path:
     sys.path.insert(0, _HOOKS_ROOT)
 import hedging_language_blocker
 from hooks_constants.messages import USER_FACING_NOTICE
+from hooks_constants.text_stripping import strip_code_and_quotes
+
+
+def test_blocker_uses_shared_strip_code_and_quotes() -> None:
+    assert hedging_language_blocker.strip_code_and_quotes is strip_code_and_quotes
+
 
 RESEARCH_MODE_SKILL_BODY_MARKER = "Three anti-hallucination constraints are ALWAYS active."
 HEDGING_MESSAGE = "This is likely correct."

package/hooks/blocking/test_intent_only_ending_blocker.py

@@ -16,6 +16,11 @@ if _HOOKS_ROOT not in sys.path:
     sys.path.insert(0, _HOOKS_ROOT)
 import intent_only_ending_blocker
 from hooks_constants.messages import USER_FACING_INTENT_ENDING_NOTICE
+from hooks_constants.text_stripping import strip_code_and_quotes
+
+def test_blocker_uses_shared_strip_code_and_quotes() -> None:
+    assert intent_only_ending_blocker.strip_code_and_quotes is strip_code_and_quotes
+
 
 INTENT_ENDING_MESSAGE = "I'll now run the test suite and fix any failures that come up."
 NEXT_STEPS_MESSAGE = "Next steps:"