diff options
| -rw-r--r-- | todo.org | 19 |
1 files changed, 6 insertions, 13 deletions
@@ -828,8 +828,8 @@ Each item below is a one-line summary of a sub-TODO further down. Tick the box w **** Hooks - [X] [#A] =hooks/README.md=: include =destructive-bash-confirm.py= in install/settings snippets -- [ ] [#A] =hooks/git-commit-confirm.py= + =gh-pr-create-confirm.py=: inspect message/body files referenced by =-F= / =--body-file= -- [ ] [#B] =hooks/destructive-bash-confirm.py=: shell-aware command parsing (not regex) +- [X] [#A] =hooks/git-commit-confirm.py= + =gh-pr-create-confirm.py=: inspect message/body files referenced by =-F= / =--body-file= +- [X] [#B] =hooks/destructive-bash-confirm.py=: shell-aware command parsing (not regex) *** TODO [#A] =playwright-js=: replace raw CSS/page actions and =networkidle= defaults with locator/assertion-first guidance @@ -1058,20 +1058,13 @@ Added three sections: Batch-Mode Reproducibility (=emacs --batch= as source of t Brought the README's manual-install and settings-JSON snippets in line with the canonical =hooks/settings-snippet.json= (which already wires all three) and the Makefile's opt-in design: added the destructive-bash-confirm.py symlink as an opt-in step, added its settings entry, and reworded the note to say all three are no-op-safe but the destructive gate is opt-in (=make install-hooks= excludes it by default — link manually before relying on the snippet entry). -*** TODO [#A] =hooks/git-commit-confirm.py= and =hooks/gh-pr-create-confirm.py=: inspect message/body files +*** 2026-05-22 Fri @ 15:35:06 -0500 Hooks now scan file-backed commit/PR messages -=commits.md= uses =git commit -F /tmp/commit-*.md= and =gh pr create ---body-file ...=. The hooks currently treat file-backed messages as -unparseable or just display the file path, so attribution scanning may miss the -actual committed/posted text. Read safe local files referenced by =-F=, -=--file=, and =--body-file= before deciding whether the command is clean. +Added =read_referenced_file()= to =_common.py= (safe local read: missing/oversize/non-UTF-8 → None) and wired it in: =git-commit-confirm.py= =extract_commit_message= now handles =-F=/=--file=/=--file===<path>= (reads + scans the file, falls through to UNPARSEABLE → asks if unreadable), and =gh-pr-create-confirm.py= reads =--body-file= content instead of a placeholder. Attribution scanning now sees the real committed/posted text. Built a pytest harness (=hooks/tests/=, importlib-by-path loader for the hyphen-named hooks) and wired =hooks/tests= into =make test=. 54 hook tests pass; full suite green. -*** TODO [#A] =hooks/destructive-bash-confirm.py=: replace regex command parsing with shell-aware parsing where possible +*** 2026-05-22 Fri @ 15:35:06 -0500 Rewrote destructive-bash rm parsing on shlex -The hook's regexes can miss quoted paths, variables, aliases, =env= wrappers, -or compound commands, and can misidentify targets. Use =shlex= for simple -commands, document unsupported shell constructs, and fail toward asking when a -destructive pattern is ambiguous. +=detect_rm_rf= now tokenizes with =shlex.split= instead of a whitespace split, so quoted/spaced paths and combined/separate/reordered flags (=-rf=, =-r -f=, =-fr=, =--recursive=/=--force=) all parse. Fails toward asking — returns a sentinel that still fires the modal — on unbalanced quotes or when a forced recursive rm coexists with a compound/pipeline/substitution/redirect construct. Documented the supported/unsupported shell constructs in the docstrings, and extended the dangerous-path banner to =$HOME=-prefixed and wildcard targets. Covered by 25 new tests. (Pre-existing, out-of-scope: path-prefixed =rm= like =/bin/rm= still isn't matched.) ** TODO [#C] Build =/update-skills= skill for keeping forks in sync with upstream :PROPERTIES: |