mirror of
https://github.com/safishamsi/graphify.git
synced 2026-07-12 18:37:12 +00:00
f7911fd1b3
The hooks were inline POSIX bash (case/esac, [ -f ], single-quoted echo), which Windows cmd.exe/PowerShell cannot parse. On Windows the hook failed silently, so the "run `graphify query` before grepping/reading raw files" nudge was never injected and users fell back to manual /graphify. The detection logic (grep-command match; source/doc extension match; skip if the target is under the output dir; require graph.json to exist) moved into a shell-agnostic `graphify hook-guard <search|read>` subcommand, invoked via the absolute exe path resolved by _resolve_graphify_exe() — the exact pattern the codex hook already uses. A single console-script invocation has no shell syntax, so it parses identically under sh, cmd.exe and PowerShell. Behavior on macOS/Linux is unchanged: the nudge payload is byte-identical (compact JSON, same additionalContext text), matchers stay "Bash"/"Read|Glob" so install/uninstall still find and replace old hooks, and the command still contains "graphify". The graph-exists check now honors GRAPHIFY_OUT instead of the hardcoded graphify-out/ path. Codex stays a no-op there (hook-check) because Codex Desktop rejects additionalContext. Detection is fully unit-tested (ported test_read_hook.py + new test_search_hook.py, byte-identical output on POSIX); Windows execution itself is not testable in CI here, but the mechanism is now shell-independent by construction. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
112 lines
3.8 KiB
Python
112 lines
3.8 KiB
Python
"""The Bash PreToolUse guard nudges toward the graph before grep/find searches.
|
|
|
|
Since #522 it runs as the shell-agnostic `graphify hook-guard search` subcommand
|
|
(not inline bash), so it works on Windows too. These tests invoke the subcommand
|
|
with crafted stdin JSON and assert it nudges only for a search command when a
|
|
graph exists, and otherwise stays silent and fails open.
|
|
"""
|
|
import json
|
|
import os
|
|
import subprocess
|
|
import sys
|
|
|
|
from graphify.__main__ import _claude_pretooluse_hooks
|
|
|
|
|
|
def _search_matcher():
|
|
hooks = _claude_pretooluse_hooks()
|
|
return next(h for h in hooks if h["matcher"] == "Bash")
|
|
|
|
|
|
def _env():
|
|
e = dict(os.environ)
|
|
e.pop("GRAPHIFY_OUT", None)
|
|
return e
|
|
|
|
|
|
def _run(command, cwd, *, graph: bool):
|
|
if graph:
|
|
(cwd / "graphify-out").mkdir(parents=True, exist_ok=True)
|
|
(cwd / "graphify-out" / "graph.json").write_text("{}", encoding="utf-8")
|
|
stdin = json.dumps({"tool_input": {"command": command}})
|
|
return subprocess.run(
|
|
[sys.executable, "-m", "graphify", "hook-guard", "search"],
|
|
input=stdin, capture_output=True, text=True, cwd=cwd, env=_env(),
|
|
)
|
|
|
|
|
|
def test_matcher_targets_bash():
|
|
assert _search_matcher()["matcher"] == "Bash"
|
|
|
|
|
|
def test_command_has_no_shell_syntax():
|
|
# #522: no POSIX bash that Windows cmd.exe/PowerShell can't parse.
|
|
cmd = _search_matcher()["hooks"][0]["command"]
|
|
for token in ("$(", "case ", "[ -f", "&&", "||", ";;", "echo '"):
|
|
assert token not in cmd, f"shell syntax {token!r} leaked into the hook"
|
|
assert "graphify" in cmd and "hook-guard search" in cmd
|
|
|
|
|
|
def test_nudges_on_search_commands_with_graph(tmp_path):
|
|
for command in (
|
|
"grep -rn foo .",
|
|
"rg pattern src/",
|
|
"ripgrep thing",
|
|
"find . -name '*.py'",
|
|
"fd bar",
|
|
"ack needle",
|
|
"ag needle",
|
|
):
|
|
out = _run(command, tmp_path, graph=True).stdout
|
|
assert "graphify query" in out, f"{command!r} should nudge"
|
|
|
|
|
|
def test_silent_without_graph(tmp_path):
|
|
out = _run("grep -rn foo .", tmp_path, graph=False).stdout
|
|
assert out.strip() == ""
|
|
|
|
|
|
def test_silent_on_non_search_commands(tmp_path):
|
|
for command in ("ls -la", "git status", "cat README.md", "python app.py"):
|
|
out = _run(command, tmp_path, graph=True).stdout
|
|
assert out.strip() == "", f"{command!r} should not nudge"
|
|
|
|
|
|
def test_nudge_payload_is_valid_pretooluse_json(tmp_path):
|
|
out = _run("grep -rn foo .", tmp_path, graph=True).stdout
|
|
payload = json.loads(out)
|
|
assert payload["hookSpecificOutput"]["hookEventName"] == "PreToolUse"
|
|
assert "graphify query" in payload["hookSpecificOutput"]["additionalContext"]
|
|
|
|
|
|
def test_fails_open_on_malformed_stdin(tmp_path):
|
|
(tmp_path / "graphify-out").mkdir()
|
|
(tmp_path / "graphify-out" / "graph.json").write_text("{}", encoding="utf-8")
|
|
r = subprocess.run(
|
|
[sys.executable, "-m", "graphify", "hook-guard", "search"],
|
|
input="not json", capture_output=True, text=True, cwd=tmp_path, env=_env(),
|
|
)
|
|
assert r.returncode == 0
|
|
assert r.stdout.strip() == ""
|
|
|
|
|
|
def test_never_blocks(tmp_path):
|
|
r = _run("grep -rn foo .", tmp_path, graph=True)
|
|
assert r.returncode == 0
|
|
assert '"permissionDecision"' not in r.stdout
|
|
assert '"deny"' not in r.stdout
|
|
|
|
|
|
def test_honors_graphify_out_override(tmp_path):
|
|
"""The guard resolves the graph via GRAPHIFY_OUT, not a hardcoded path."""
|
|
custom = tmp_path / "custom-out"
|
|
custom.mkdir()
|
|
(custom / "graph.json").write_text("{}", encoding="utf-8")
|
|
env = dict(os.environ, GRAPHIFY_OUT=str(custom))
|
|
stdin = json.dumps({"tool_input": {"command": "grep -rn foo ."}})
|
|
r = subprocess.run(
|
|
[sys.executable, "-m", "graphify", "hook-guard", "search"],
|
|
input=stdin, capture_output=True, text=True, cwd=tmp_path, env=env,
|
|
)
|
|
assert "graphify query" in r.stdout
|