claude-dev-env 1.74.0 → 1.75.0

package/hooks/blocking/test_pre_tool_use_dispatcher.py

@@ -26,6 +26,7 @@ if _HOOKS_DIR not in sys.path:
 
 from hooks_constants.pre_tool_use_dispatcher_constants import (  # noqa: E402, I001
     ALL_HOSTED_HOOK_ENTRIES,
+    BLOCKING_CRASH_DENY_REASON,
     BLOCKING_CRASH_EXIT_CODE,
     DENY_DECISION,
     EDIT_TOOL_NAME,
@@ -485,6 +486,52 @@ def test_aggregate_exit_code_two_signals_deny() -> None:
     )
 
 
+def test_aggregate_blocking_hook_crash_surfaces_a_deny() -> None:
+    """A crash in a blocking hook surfaces a deny with the crash reason.
+
+    When a blocking hook raises a non-SystemExit exception before emitting any
+    output, the aggregator must still deny so a bad write does not silently
+    pass. The deny reason must be the BLOCKING_CRASH_DENY_REASON constant.
+    """
+    all_results = [
+        HostedHookResult(
+            exit_code=0,
+            captured_stdout="",
+            did_crash=True,
+            is_blocking=True,
+        )
+    ]
+    decision = aggregate_hosted_hook_results(all_results)
+    assert decision.should_deny, "a blocking hook crash must surface a deny"
+    assert decision.all_deny_reasons, (
+        "the deny reasons list must be non-empty after a blocking hook crash"
+    )
+    assert BLOCKING_CRASH_DENY_REASON in decision.all_deny_reasons, (
+        "the deny reason from a blocking hook crash must be BLOCKING_CRASH_DENY_REASON.\n"
+        f"Got: {decision.all_deny_reasons!r}"
+    )
+
+
+def test_aggregate_non_blocking_hook_crash_does_not_deny() -> None:
+    """A crash in a non-blocking hook does not change an allow to a deny.
+
+    A hosted hook carrying is_blocking=False must not surface a deny when it
+    crashes — the aggregated decision stays allow.
+    """
+    all_results = [
+        HostedHookResult(
+            exit_code=0,
+            captured_stdout="",
+            did_crash=True,
+            is_blocking=False,
+        )
+    ]
+    decision = aggregate_hosted_hook_results(all_results)
+    assert not decision.should_deny, (
+        "a non-blocking hook crash must not change an allow to a deny"
+    )
+
+
 def test_aggregate_exit_code_zero_with_no_output_allows() -> None:
     """A HostedHookResult with exit_code 0 and empty stdout signals allow.
 
@@ -585,16 +632,16 @@ def test_dispatcher_write_applies_both_groups() -> None:
     assert "blocking/plain_language_blocker.py" in all_write_script_paths, (
         "plain_language_blocker (Group B) must be in Write applicable set"
     )
-    assert len(all_write_entries) == 17, (
-        f"Write tool must apply to all 17 hosted hooks, got {len(all_write_entries)}"
+    assert len(all_write_entries) == 18, (
+        f"Write tool must apply to all 18 hosted hooks, got {len(all_write_entries)}"
     )
 
 
 def test_dispatcher_edit_applies_both_groups() -> None:
     """Edit tool triggers both Group A and Group B hooks through the dispatcher."""
     all_edit_entries = _applicable_entries_for_tool(EDIT_TOOL_NAME)
-    assert len(all_edit_entries) == 17, (
-        f"Edit tool must apply to all 17 hosted hooks, got {len(all_edit_entries)}"
+    assert len(all_edit_entries) == 18, (
+        f"Edit tool must apply to all 18 hosted hooks, got {len(all_edit_entries)}"
     )
 
 
@@ -613,7 +660,7 @@ def test_proceed_after_run_all_validators_removal_allows() -> None:
     it was never a PreToolUse hook and never hosted by the PreToolUse dispatcher.
     A Python Write payload that run_all_validators would have flagged (mypy errors, for
     instance) still produces ALLOW from the PreToolUse dispatcher because the PreToolUse
-    dispatcher covers only its 17 hosted blocking hooks — none of which includes the
+    dispatcher covers only its 18 hosted blocking hooks — none of which includes the
     validators runner.
     """
     python_content_with_type_error = (

package/hooks/blocking/test_question_to_user_enforcer.py

@@ -14,7 +14,9 @@ if _HOOKS_DIR not in sys.path:
     sys.path.insert(0, _HOOKS_DIR)
 if _HOOKS_ROOT not in sys.path:
     sys.path.insert(0, _HOOKS_ROOT)
+import question_to_user_enforcer
 from hooks_constants.messages import USER_FACING_ASKUSERQUESTION_NOTICE
+from hooks_constants.text_stripping import strip_code_and_quotes
 
 CLEAN_DECLARATIVE_MESSAGE = "I applied the rename across both files. The tests pass."
 TRAILING_QUESTION_MESSAGE = (
@@ -68,6 +70,10 @@ def run_hook_with_message(assistant_message: str) -> subprocess.CompletedProcess
     return run_hook_with_payload({"last_assistant_message": assistant_message})
 
 
+def test_blocker_uses_shared_strip_code_and_quotes() -> None:
+    assert question_to_user_enforcer.strip_code_and_quotes is strip_code_and_quotes
+
+
 def test_clean_declarative_message_passes_through():
     completed_process = run_hook_with_message(CLEAN_DECLARATIVE_MESSAGE)
     assert completed_process.returncode == 0

package/hooks/blocking/test_session_handoff_blocker.py

@@ -16,6 +16,12 @@ if _HOOKS_ROOT not in sys.path:
     sys.path.insert(0, _HOOKS_ROOT)
 import session_handoff_blocker
 from hooks_constants.messages import USER_FACING_CONTEXT_REASSURANCE_NOTICE
+from hooks_constants.text_stripping import strip_code_and_quotes
+
+
+def test_blocker_uses_shared_strip_code_and_quotes() -> None:
+    assert session_handoff_blocker.strip_code_and_quotes is strip_code_and_quotes
+
 
 NEW_SESSION_PROPOSAL_MESSAGE = (
     "I recommend we continue this in a fresh session to keep things manageable."

package/hooks/hooks_constants/CLAUDE.md

@@ -24,9 +24,11 @@ Shared constant modules imported by hooks throughout the `hooks/` tree. Each fil
 | `doc_gist_auto_publish_constants.py` | Sentinel marker and URL patterns for the doc-gist auto-publish hook |
 | `docstring_rule_gate_count_blocker_constants.py` | Target rule basename, spelled-out-number lookup, count-clause and `check_*` validator patterns, and block-message text for the docstring-rule gate-count staleness blocker |
 | `duplicate_function_body_constants.py` | Hashing and comparison config for the duplicate-body check |
+| `duplicate_rmtree_helper_blocker_constants.py` | Sanctioned Windows-safe rmtree helper names, the definition pattern, and the exempt-path set for the duplicate-rmtree-helper blocker |
 | `dynamic_stderr_handler.py` | `DynamicStderrHandler` — a logging handler that resolves `sys.stderr` at emit time (for testability) |
 | `gh_pr_author_swap_constants.py` | Constants for the PR-author swap enforcement hooks |
 | `hardcoded_user_path_constants.py` | Patterns for detecting hardcoded home-directory paths |
+| `hook_block_logger.py` | `log_hook_block()` — shared fail-safe logger every blocking hook calls to append a JSON record of each block decision to `~/.claude/logs/hook-blocks.log` |
 | `hook_log_extractor_constants.py` | Neon table name, offset state file path, timeouts, and outcome-type mapping for the hook-log extractor |
 | `hook_prose_detector_consistency_constants.py` | Trigger patterns and corrective messages for the hook-prose consistency checker |
 | `html_companion_constants.py` | Blocked URL schemes and other config for the `.md`-to-`.html` companion hook |
@@ -55,6 +57,7 @@ Shared constant modules imported by hooks throughout the `hooks/` tree. Each fil
 | `stuttering_import_binding_constants.py` | Import-binding patterns for the stuttering check |
 | `subprocess_budget_completeness_constants.py` | Required argument names for the subprocess-budget completeness check |
 | `sys_path_insert_constants.py` | Patterns for detecting unguarded `sys.path.insert` calls |
+| `text_stripping.py` | `strip_code_and_quotes()` — shared helper that removes fenced code blocks, inline code, and blockquotes from prose, imported by the Stop-hook prose blockers |
 | `unused_module_import_constants.py` | Patterns for detecting unused module-level imports |
 | `windows_rmtree_blocker_constants.py` | The unsafe `shutil.rmtree` pattern and the safe replacement pattern |
 | `workflow_substitution_slot_blocker_constants.py` | Per-iteration token patterns for the workflow-slot blocker |
@@ -64,4 +67,4 @@ Shared constant modules imported by hooks throughout the `hooks/` tree. Each fil
 - Every file in this package is a pure constants module — no side effects, no I/O.
 - Hooks import from this package with `from hooks_constants.<module> import <CONSTANT>`.
 - Tests for these modules live beside them as `test_<module>.py`. Run with `python -m pytest hooks_constants/test_<name>.py`.
-- `dynamic_stderr_handler.py` and `pre_tool_use_stdin.py` are utility modules (not pure constants) but live here because they are shared across many hooks.
+- `dynamic_stderr_handler.py`, `pre_tool_use_stdin.py`, `multi_edit_reconstruction.py`, and `text_stripping.py` are utility modules (not pure constants) but live here because they are shared across many hooks.

package/hooks/hooks_constants/code_verifier_spawn_preflight_gate_constants.py

@@ -2,7 +2,8 @@
 
 The gate denies an ``Agent`` spawn whose ``subagent_type`` is ``code-verifier``
 when the branch carries a merge conflict against its base ref or a CODE_RULES
-violation on a line added in the uncommitted working tree. It runs two
+violation on a line added in the working tree since the merge base (committed on
+the branch or uncommitted). It runs two
 pre-flight checks before the expensive verification spawn and addresses its
 deny reason to the spawning agent so that agent fixes the named issues and
 re-spawns. Every literal the hook body reads lives here; the hook imports

package/hooks/hooks_constants/duplicate_rmtree_helper_blocker_constants.py

@@ -0,0 +1,27 @@
+"""Configuration constants for the duplicate_rmtree_helper_blocker PreToolUse hook."""
+
+import re
+
+PYTHON_FILE_EXTENSION: str = ".py"
+
+HELPER_DEFINITION_PATTERN: re.Pattern[str] = re.compile(
+    r"^[ \t]*def[ \t]+(?:_strip_read_only_and_retry|_force_remove_tree|force_rmtree)[ \t]*\(",
+    re.MULTILINE,
+)
+
+TRIPLE_QUOTED_STRING_PATTERN: re.Pattern[str] = re.compile(
+    r'"""[\s\S]*?"""|\'\'\'[\s\S]*?\'\'\'',
+)
+
+ALL_EXEMPT_PATH_FRAGMENTS: tuple[str, ...] = (
+    "windows_rmtree_blocker.py",
+    "duplicate_rmtree_helper_blocker.py",
+    "windows_safe_rmtree.py",
+    "windows_filesystem.py",
+    "session_env_cleanup.py",
+    "_md_to_html_blocker_test_support.py",
+    "teardown_worktrees.py",
+)
+
+ALL_EXEMPT_TEST_FILE_PREFIXES: tuple[str, ...] = ("test_",)
+ALL_EXEMPT_TEST_FILE_SUFFIXES: tuple[str, ...] = ("_test.py",)

package/hooks/hooks_constants/post_tool_use_dispatcher_constants.py

@@ -15,6 +15,7 @@ __all__ = [
     "REASON_KEY",
     "HOOK_EVENT_NAME",
     "EMPTY_REASON_BLOCK_FALLBACK",
+    "BLOCKING_CRASH_DENY_REASON",
     "PLUGIN_ROOT_PLACEHOLDER",
     "PostHostedHookEntry",
     "ALL_POST_HOSTED_HOOK_ENTRIES",
@@ -25,6 +26,7 @@ DECISION_KEY = "decision"
 REASON_KEY = "reason"
 HOOK_EVENT_NAME = "PostToolUse"
 EMPTY_REASON_BLOCK_FALLBACK = "[dispatcher] hook blocked with no reason — write blocked"
+BLOCKING_CRASH_DENY_REASON = "[dispatcher] hook crash in blocking hook — write blocked for safety"
 
 PLUGIN_ROOT_PLACEHOLDER = "${CLAUDE_PLUGIN_ROOT}"
 

package/hooks/hooks_constants/pre_tool_use_dispatcher_constants.py

@@ -15,6 +15,7 @@ __all__ = [
     "HOOK_EVENT_NAME",
     "BLOCKING_CRASH_EXIT_CODE",
     "EXIT_CODE_TWO_DENY_REASON",
+    "BLOCKING_CRASH_DENY_REASON",
     "WRITE_TOOL_NAME",
     "EDIT_TOOL_NAME",
     "MULTI_EDIT_TOOL_NAME",
@@ -31,6 +32,7 @@ ALLOW_DECISION = "allow"
 HOOK_EVENT_NAME = "PreToolUse"
 BLOCKING_CRASH_EXIT_CODE = 2
 EXIT_CODE_TWO_DENY_REASON = "[dispatcher] hook denied via exit code 2 — write blocked"
+BLOCKING_CRASH_DENY_REASON = "[dispatcher] hook crash in blocking hook — write blocked for safety"
 
 WRITE_TOOL_NAME = "Write"
 EDIT_TOOL_NAME = "Edit"
@@ -59,8 +61,8 @@ class HostedHookEntry:
         native_module_name: The importable module name whose evaluate function
             the dispatcher calls in-process for this hook, or None when the hook
             runs via runpy under __main__. The named module exposes a function
-            named NATIVE_EVALUATE_FUNCTION_NAME taking the payload dict and
-            returning a deny-reason string or None.
+            named `evaluate` taking the payload dict and returning a deny-reason
+            string or None.
     """
 
     script_relative_path: str
@@ -94,6 +96,10 @@ ALL_HOSTED_HOOK_ENTRIES: tuple[HostedHookEntry, ...] = (
         script_relative_path="blocking/windows_rmtree_blocker.py",
         applicable_tool_names=ALL_WRITE_AND_EDIT_TOOL_NAMES,
     ),
+    HostedHookEntry(
+        script_relative_path="blocking/duplicate_rmtree_helper_blocker.py",
+        applicable_tool_names=ALL_WRITE_AND_EDIT_TOOL_NAMES,
+    ),
     HostedHookEntry(
         script_relative_path="blocking/state_description_blocker.py",
         applicable_tool_names=ALL_WRITE_AND_EDIT_TOOL_NAMES,

package/hooks/hooks_constants/test_post_tool_use_dispatcher_constants.py

@@ -0,0 +1,43 @@
+"""Tests for the PostToolUse dispatcher constants module."""
+
+import pathlib
+import sys
+
+_HOOKS_ROOT = pathlib.Path(__file__).resolve().parent.parent
+if str(_HOOKS_ROOT) not in sys.path:
+    sys.path.insert(0, str(_HOOKS_ROOT))
+
+_VALIDATION_DIR = _HOOKS_ROOT / "validation"
+if str(_VALIDATION_DIR) not in sys.path:
+    sys.path.insert(0, str(_VALIDATION_DIR))
+
+from post_tool_use_dispatcher import (
+    PostHostedHookResult,
+    aggregate_post_hosted_hook_results,
+)
+
+from hooks_constants.post_tool_use_dispatcher_constants import (
+    BLOCKING_CRASH_DENY_REASON,
+)
+
+
+def test_blocking_hook_crash_block_reason_surfaces_the_constant() -> None:
+    crash_result = PostHostedHookResult(
+        captured_stdout="",
+        did_crash=True,
+        is_blocking=True,
+    )
+    decision = aggregate_post_hosted_hook_results([crash_result])
+    assert decision.should_block
+    assert BLOCKING_CRASH_DENY_REASON in decision.all_block_reasons
+
+
+def test_non_blocking_hook_crash_does_not_surface_the_constant() -> None:
+    crash_result = PostHostedHookResult(
+        captured_stdout="",
+        did_crash=True,
+        is_blocking=False,
+    )
+    decision = aggregate_post_hosted_hook_results([crash_result])
+    assert not decision.should_block
+    assert BLOCKING_CRASH_DENY_REASON not in decision.all_block_reasons

package/hooks/hooks_constants/test_pre_tool_use_dispatcher_constants.py

@@ -0,0 +1,99 @@
+"""Tests for the PreToolUse dispatcher hosted-hook roster."""
+
+import importlib
+import pathlib
+import sys
+
+_HOOKS_ROOT = pathlib.Path(__file__).resolve().parent.parent
+if str(_HOOKS_ROOT) not in sys.path:
+    sys.path.insert(0, str(_HOOKS_ROOT))
+
+_BLOCKING_DIR = _HOOKS_ROOT / "blocking"
+if str(_BLOCKING_DIR) not in sys.path:
+    sys.path.insert(0, str(_BLOCKING_DIR))
+
+from hooks_constants.pre_tool_use_dispatcher_constants import (
+    ALL_HOSTED_HOOK_ENTRIES,
+    ALL_WRITE_AND_EDIT_TOOL_NAMES,
+    BLOCKING_CRASH_DENY_REASON,
+    EDIT_TOOL_NAME,
+    WRITE_TOOL_NAME,
+)
+from pre_tool_use_dispatcher import (
+    HostedHookResult,
+    aggregate_hosted_hook_results,
+)
+
+
+def _entry_for(script_relative_path: str):
+    matching_entries = [
+        each_entry
+        for each_entry in ALL_HOSTED_HOOK_ENTRIES
+        if each_entry.script_relative_path == script_relative_path
+    ]
+    return matching_entries[0] if matching_entries else None
+
+
+def test_roster_includes_duplicate_rmtree_helper_blocker_script_path() -> None:
+    all_registered_script_paths = [
+        each_entry.script_relative_path for each_entry in ALL_HOSTED_HOOK_ENTRIES
+    ]
+    assert "blocking/duplicate_rmtree_helper_blocker.py" in all_registered_script_paths, (
+        "duplicate_rmtree_helper_blocker must be hosted by the dispatcher so a local "
+        "re-definition of the Windows-safe rmtree helper trio is blocked at Write time"
+    )
+
+
+def test_duplicate_rmtree_helper_blocker_applies_to_write_and_edit() -> None:
+    entry = _entry_for("blocking/duplicate_rmtree_helper_blocker.py")
+    assert entry is not None
+    assert WRITE_TOOL_NAME in entry.applicable_tool_names
+    assert EDIT_TOOL_NAME in entry.applicable_tool_names
+
+
+def test_duplicate_rmtree_helper_blocker_is_blocking() -> None:
+    entry = _entry_for("blocking/duplicate_rmtree_helper_blocker.py")
+    assert entry is not None
+    assert entry.is_blocking is True
+
+
+def test_duplicate_rmtree_helper_blocker_runs_via_runpy() -> None:
+    entry = _entry_for("blocking/duplicate_rmtree_helper_blocker.py")
+    assert entry is not None
+    assert entry.native_module_name is None
+
+
+def test_windows_rmtree_blocker_still_registered() -> None:
+    entry = _entry_for("blocking/windows_rmtree_blocker.py")
+    assert entry is not None
+    assert entry.applicable_tool_names == ALL_WRITE_AND_EDIT_TOOL_NAMES
+
+
+def test_blocking_hook_crash_deny_reason_surfaces_the_constant() -> None:
+    crash_result = HostedHookResult(
+        exit_code=0,
+        captured_stdout="",
+        did_crash=True,
+        is_blocking=True,
+    )
+    decision = aggregate_hosted_hook_results([crash_result])
+    assert decision.should_deny
+    assert BLOCKING_CRASH_DENY_REASON in decision.all_deny_reasons
+
+
+def test_every_native_module_exposes_a_callable_evaluate() -> None:
+    nativized_entries = [
+        each_entry
+        for each_entry in ALL_HOSTED_HOOK_ENTRIES
+        if each_entry.native_module_name is not None
+    ]
+    assert nativized_entries, (
+        "the roster must carry at least one nativized hook for this test to lock the contract"
+    )
+    for each_entry in nativized_entries:
+        native_module = importlib.import_module(each_entry.native_module_name)
+        evaluate_function = getattr(native_module, "evaluate", None)
+        assert callable(evaluate_function), (
+            f"{each_entry.native_module_name} must expose a callable named evaluate, "
+            "matching the native_module_name docstring contract"
+        )

package/hooks/hooks_constants/test_text_stripping.py

@@ -0,0 +1,39 @@
+"""Tests for the shared strip_code_and_quotes helper."""
+
+import pathlib
+import sys
+
+_HOOKS_ROOT = pathlib.Path(__file__).resolve().parent.parent
+if str(_HOOKS_ROOT) not in sys.path:
+    sys.path.insert(0, str(_HOOKS_ROOT))
+
+from hooks_constants.text_stripping import strip_code_and_quotes
+
+
+def test_removes_fenced_code_block() -> None:
+    text = "before\n```python\nshould I run this?\n```\nafter"
+    stripped = strip_code_and_quotes(text)
+    assert "should I run this?" not in stripped
+    assert "before" in stripped
+    assert "after" in stripped
+
+
+def test_removes_inline_code_span() -> None:
+    text = "the function `would you like` is named oddly"
+    stripped = strip_code_and_quotes(text)
+    assert "would you like" not in stripped
+    assert "the function" in stripped
+    assert "is named oddly" in stripped
+
+
+def test_removes_leading_blockquote_lines() -> None:
+    text = "real line\n> should I proceed?\nfinal line"
+    stripped = strip_code_and_quotes(text)
+    assert "should I proceed?" not in stripped
+    assert "real line" in stripped
+    assert "final line" in stripped
+
+
+def test_leaves_plain_prose_unchanged() -> None:
+    text = "This sentence carries no code or quotes."
+    assert strip_code_and_quotes(text) == text

package/hooks/hooks_constants/text_stripping.py

@@ -0,0 +1,36 @@
+"""Shared text-stripping helper for the Stop-hook prose blockers.
+
+Several Stop hooks judge the prose of an assistant message and must ignore
+fenced code blocks, inline code spans, and leading blockquotes so a phrase that
+appears only inside code or a quote never trips the detector. The stripping
+logic is identical across those blockers, so it lives here once and is imported
+from each.
+"""
+
+from __future__ import annotations
+
+import re
+
+__all__ = [
+    "strip_code_and_quotes",
+]
+
+CODE_BLOCK_PATTERN = re.compile(r"```[\s\S]*?```", re.MULTILINE)
+INLINE_CODE_PATTERN = re.compile(r"`[^`]+`")
+QUOTED_BLOCK_PATTERN = re.compile(r"^>.*$", re.MULTILINE)
+
+
+def strip_code_and_quotes(text: str) -> str:
+    """Remove fenced code blocks, inline code, and blockquotes from prose.
+
+    Args:
+        text: The raw assistant message to clean of code and quoted lines.
+
+    Returns:
+        The text with every fenced code block, inline code span, and leading
+        blockquote line removed, so only the prose a reader sees remains.
+    """
+    text = CODE_BLOCK_PATTERN.sub("", text)
+    text = INLINE_CODE_PATTERN.sub("", text)
+    text = QUOTED_BLOCK_PATTERN.sub("", text)
+    return text

package/hooks/validation/CLAUDE.md

@@ -9,6 +9,7 @@ PostToolUse hooks that validate code quality after Claude writes or edits a file
 | `mypy_validator.py` | PostToolUse (Write/Edit on `.py` files) | Runs mypy on the written file and blocks (via PostToolUse block decision) when type errors are found — catches missing attributes, wrong signatures, type mismatches, and import errors |
 | `hook_format_validator.py` | PostToolUse | Validates that a hook script's output JSON matches the expected Claude Code hook-output schema |
 | `test_mypy_validator.py` | — | Tests for `mypy_validator.py` |
+| `test_hook_format_validator.py` | — | Tests for `hook_format_validator.py` |
 
 ## Conventions
 

package/hooks/validation/post_tool_use_dispatcher.py

@@ -33,6 +33,7 @@ if _hooks_directory not in sys.path:
 from hooks_constants.post_tool_use_dispatcher_constants import (  # noqa: E402
     ALL_POST_HOSTED_HOOK_ENTRIES,
     BLOCK_DECISION,
+    BLOCKING_CRASH_DENY_REASON,
     DECISION_KEY,
     EMPTY_REASON_BLOCK_FALLBACK,
     HOOK_EVENT_NAME,
@@ -197,7 +198,6 @@ def aggregate_post_hosted_hook_results(
         A PostDispatcherDecision with the aggregated allow-or-block signal,
         all block reasons, and all non-block stdout.
     """
-    blocking_crash_reason = "[dispatcher] hook crash in blocking hook — write blocked for safety"
     all_block_reasons: list[str] = []
     all_non_block_stdout: list[str] = []
 
@@ -206,7 +206,7 @@ def aggregate_post_hosted_hook_results(
         if is_block:
             all_block_reasons.append(block_reason if block_reason else EMPTY_REASON_BLOCK_FALLBACK)
         elif each_result.did_crash and each_result.is_blocking:
-            all_block_reasons.append(blocking_crash_reason)
+            all_block_reasons.append(BLOCKING_CRASH_DENY_REASON)
         else:
             non_block_text = each_result.captured_stdout.strip()
             if non_block_text:

package/hooks/validation/test_mypy_validator.py

@@ -94,7 +94,7 @@ def test_build_mypy_command_includes_config_file_when_present(tmp_path: Path) ->
     assert command[-1] == "package/module.py"
 
 
-def test_build_mypy_command_omits_config_file_when_absent(tmp_path: Path) -> None:
+def test_build_mypy_command_omits_config_file_when_absent() -> None:
     validator = _load_validator()
 
     command = validator.build_mypy_command("package/module.py", None)

package/hooks/validation/test_post_tool_use_dispatcher.py

@@ -39,6 +39,7 @@ from hooks_constants.doc_gist_auto_publish_constants import (  # noqa: E402, I00
 from hooks_constants.post_tool_use_dispatcher_constants import (  # noqa: E402, I001
     ALL_POST_HOSTED_HOOK_ENTRIES,
     BLOCK_DECISION,
+    BLOCKING_CRASH_DENY_REASON,
     EMPTY_REASON_BLOCK_FALLBACK,
     PLUGIN_ROOT_PLACEHOLDER,
     PostHostedHookEntry,
@@ -608,3 +609,8 @@ def test_blocking_hook_crash_surfaces_a_block() -> None:
         "The block reason from a blocking hook crash must reference the dispatcher.\n"
         f"Got: {aggregated_decision.all_block_reasons[0]!r}"
     )
+    assert BLOCKING_CRASH_DENY_REASON in aggregated_decision.all_block_reasons, (
+        "The block reason from a blocking hook crash must be the "
+        "BLOCKING_CRASH_DENY_REASON constant.\n"
+        f"Got: {aggregated_decision.all_block_reasons!r}"
+    )

package/hooks/workflow/auto_formatter.py

@@ -79,11 +79,14 @@ def has_prettier_config(file_path: str) -> bool:
 def budgeted_python_format_seconds() -> int:
     """Return the wall-clock budget for the two-subprocess happy path.
 
-    The Python branch breaks out of each loop the moment a command runs, so
-    the common case spends one fix subprocess plus one format subprocess. This
-    is a budget for that assumed path, not a guaranteed upper bound: when a
-    command is missing or times out the loops fall through to the next entry,
-    so a degraded run can spend more than this budget.
+    The fix loop breaks on the first command that runs — whether it returns zero
+    or non-zero — or on a timeout, and continues to the next command only when a
+    command is missing (FileNotFoundError). The format loop breaks only on a
+    returncode of zero or on a timeout, and continues on a non-zero return or a
+    missing command. The common case spends one fix subprocess plus one format
+    subprocess. This is a budget for that assumed path, not a guaranteed upper
+    bound: when commands are missing or time out the loops can spend more than
+    this budget.
     """
     fix_phase_seconds = PYTHON_FORMAT_TIMEOUT_SECONDS
     format_phase_seconds = PYTHON_FORMAT_TIMEOUT_SECONDS

package/hooks/workflow/test_auto_formatter.py

@@ -105,6 +105,39 @@ class TestRuffFixOnNewFiles:
         assert completed_hook.returncode == 0
         assert "import os" in edited_file.read_text(encoding="utf-8")
 
+    def should_leave_tracked_python_file_arriving_through_write_untouched(
+        self, git_repository: Path
+    ) -> None:
+        tracked_file = git_repository / "tracked.py"
+        tracked_file.write_text(UNUSED_IMPORT_SOURCE, encoding="utf-8")
+        subprocess.run(
+            ["git", "add", "tracked.py"],
+            cwd=git_repository,
+            capture_output=True,
+            check=True,
+        )
+
+        completed_hook = _run_hook("Write", tracked_file)
+
+        assert completed_hook.returncode == 0
+        assert "import os" in tracked_file.read_text(encoding="utf-8")
+
+
+def test_tracked_write_leaves_unused_import_in_place(git_repository: Path) -> None:
+    tracked_file = git_repository / "tracked_module.py"
+    tracked_file.write_text(UNUSED_IMPORT_SOURCE, encoding="utf-8")
+    subprocess.run(
+        ["git", "add", "tracked_module.py"],
+        cwd=git_repository,
+        capture_output=True,
+        check=True,
+    )
+
+    completed_hook = _run_hook("Write", tracked_file)
+
+    assert completed_hook.returncode == 0
+    assert "import os" in tracked_file.read_text(encoding="utf-8")
+
 
 def _load_auto_formatter_module() -> object:
     module_spec = importlib.util.spec_from_file_location("auto_formatter", HOOK_SCRIPT_PATH)

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "claude-dev-env",
-    "version": "1.74.0",
+    "version": "1.75.0",
     "description": "Claude Code development standards — rules, hooks, agents, commands, and skills",
     "type": "module",
     "bin": {

package/rules/windows-filesystem-safe.md

@@ -5,3 +5,5 @@ Never call `shutil.rmtree` with `ignore_errors=True` — Windows `ReadOnly` file
 In Node, call `mkdirSync(targetPath, { recursive: true })` on possibly-existing paths — `ReadOnly` directories break the non-recursive form. When the call must be non-recursive, strip the attribute first (`(Get-Item $path -Force).Attributes = "Directory"` / `os.chmod(path, stat.S_IWRITE)`).
 
 The `windows_rmtree_blocker.py` PreToolUse hook (Write/Edit/Bash) blocks the unsafe rmtree pattern and returns the full `force_rmtree` safe-pattern code.
+
+Define the safe handler trio (`_strip_read_only_and_retry`, `_force_remove_tree` / `force_rmtree`, and the `inspect.signature` onexc/onerror guard) once in a shared Windows-filesystem utility module, and import it from every call site. A second local copy drifts from the first — a fix lands in one and the other keeps the bug (CODE_RULES.md section 3, Reuse before create). The `duplicate_rmtree_helper_blocker.py` PreToolUse hook (Write/Edit) blocks a local re-definition of any trio member outside the shared home and points the writer at the import. This complements the same-directory `check_duplicate_function_body_across_files` gate, which a copy between two distant packages slips past.

package/skills/autoconverge/SKILL.md

@@ -266,9 +266,12 @@ describes the narrowest rm auto-allow path — a standalone Bash call whose targ
 resolves inside the ephemeral namespace (`/tmp`, `/temp`, the OS temp root, or the
 run worktree) — and a compound path that accepts an rm joined with benign
 reporting segments when every rm target is an absolute ephemeral path. Both of
-those paths fail closed on `$(...)` substitution, backtick subshells, and any `$`
-in the target — including `$CLAUDE_JOB_DIR` — so neither resolves an environment
-variable. A third, broad path matches only when the command itself declares an
+those paths fail closed on `$(...)` substitution and backtick subshells. The
+compound path also fails closed on any `$` in the target — including
+`$CLAUDE_JOB_DIR`. The standalone path declines a `$`-bearing target only when
+the literal path is not already under an ephemeral root, so it does not by
+itself stop a `$VAR` that expands inside an ephemeral root. A third, broad path
+matches only when the command itself declares an
 ephemeral working directory (it `cd`s into one, or runs under one): that
 cwd-scoped path resolves the target against the declared cwd, fails closed on
 `$(...)`, backticks, and unknown variables, and resolves the known temporary

package/skills/autoconverge/reference/stop-conditions.md

@@ -31,6 +31,13 @@ skill still runs teardown (revoke permissions, final report).
   cannot confirm the PR left draft state (`gh pr ready` errored, or the draft
   re-query still reports true). The workflow does not report `converged: true`;
   the run ends with a `blocker` naming the failed ready transition.
+- **Clean-audit post blocked** — every review lens is clean on HEAD, but the
+  CLEAN bugteam review cannot be posted (the `post_audit_thread.py` post is
+  denied, errors, or its agent dies). The convergence gate's bugteam-review
+  check can never pass without that CLEAN review, so the run stops rather than
+  re-converge to the iteration cap. The `blocker` names the post failure and the
+  HEAD. Unblock by allowing `post_audit_thread.py` with a Bash permission rule,
+  or post the CLEAN review by hand, then re-run.
 
 ## Not a blocker (the run continues)