From 36262858461711bcb104896007a513691113fee8 Mon Sep 17 00:00:00 2001 From: Craig Jennings Date: Tue, 23 Jun 2026 21:13:26 -0400 Subject: feat(languages): add bash/shell bundle Shell-heavy projects had no bundle that fit. archangel and archsetup are bash repos, and installing elisp or python gave them the wrong language rules. I added languages/bash on the go bundle's shape. The bundle ships bash.md and bash-testing.md rules, a PostToolUse hook that runs shellcheck on edited shell files and blocks on a violation, a shellcheck pre-commit githook, settings.json wiring, gitignore-add.txt, and a "Bash/shell project" CLAUDE.md. The hook covers .sh, .bash, and extensionless files with a shell shebang, since the CLI tools that fill a shell repo carry no extension. shellcheck is the gate. shfmt stays out of the blocking path because shell has no canonical formatting style, and forcing tabs-vs-spaces would impose a contested choice. Both the hook and the githook are shellcheck-clean against their own rule. I extended the Makefile test target to discover languages/*/tests/*.bats, so the bundle's 8 hook tests run with the rest of the suite. The README bundle table was stale, listing elisp only. I corrected it to the five bundles now shipping. --- Makefile | 2 +- README.org | 15 ++++- languages/bash/CLAUDE.md | 71 ++++++++++++++++++++ languages/bash/claude/hooks/validate-bash.sh | 66 +++++++++++++++++++ languages/bash/claude/rules/bash-testing.md | 71 ++++++++++++++++++++ languages/bash/claude/rules/bash.md | 83 ++++++++++++++++++++++++ languages/bash/claude/settings.json | 68 ++++++++++++++++++++ languages/bash/githooks/pre-commit | 48 ++++++++++++++ languages/bash/gitignore-add.txt | 4 ++ languages/bash/tests/validate-bash.bats | 96 ++++++++++++++++++++++++++++ scripts/tests/install-lang.bats | 18 ++++++ todo.org | 5 +- 12 files changed, 542 insertions(+), 5 deletions(-) create mode 100644 languages/bash/CLAUDE.md create mode 100755 languages/bash/claude/hooks/validate-bash.sh create mode 100644 languages/bash/claude/rules/bash-testing.md create mode 100644 languages/bash/claude/rules/bash.md create mode 100644 languages/bash/claude/settings.json create mode 100755 languages/bash/githooks/pre-commit create mode 100644 languages/bash/gitignore-add.txt create mode 100644 languages/bash/tests/validate-bash.bats diff --git a/Makefile b/Makefile index 294e99c..ca73612 100644 --- a/Makefile +++ b/Makefile @@ -509,7 +509,7 @@ test: ## Run all test suites (pytest + ERT + bats) echo "ert: $$(basename "$$f")"; \ emacs --batch -q -l ert -l "$$f" -f ert-run-tests-batch-and-exit; \ done - @set -e; for f in scripts/tests/*.bats .ai/scripts/tests/*.bats; do \ + @set -e; for f in scripts/tests/*.bats .ai/scripts/tests/*.bats languages/*/tests/*.bats; do \ [ -e "$$f" ] || continue; \ echo "bats: $$(basename "$$f")"; \ bats "$$f"; \ diff --git a/README.org b/README.org index 067a2a1..f445c26 100644 --- a/README.org +++ b/README.org @@ -80,9 +80,18 @@ re-encrypt. See [[file:mcp/README.org][mcp/README.org]] for the full pipeline. * Available languages -| Language | Path | Notes | -|----------+------------------+----------------------------------------------| -| elisp | =languages/elisp/= | Emacs Lisp — ERT, check-parens, byte-compile | +| Language | Path | Notes | +|------------+-------------------------+-----------------------------------------------| +| bash | =languages/bash/= | Shell, shellcheck validate hook, bats tests | +|------------+-------------------------+-----------------------------------------------| +| elisp | =languages/elisp/= | Emacs Lisp, ERT, check-parens, byte-compile | +|------------+-------------------------+-----------------------------------------------| +| go | =languages/go/= | Go, gofmt + go vet hook, table-driven tests | +|------------+-------------------------+-----------------------------------------------| +| python | =languages/python/= | Python, pytest, coverage-summary | +|------------+-------------------------+-----------------------------------------------| +| typescript | =languages/typescript/= | TypeScript, coverage-summary | +|------------+-------------------------+-----------------------------------------------| Add more by creating =languages//= with the same structure. diff --git a/languages/bash/CLAUDE.md b/languages/bash/CLAUDE.md new file mode 100644 index 0000000..2511c47 --- /dev/null +++ b/languages/bash/CLAUDE.md @@ -0,0 +1,71 @@ +# CLAUDE.md + +## Project + +Bash/shell project. Customize this section with your own description, layout, +and conventions. + +**Typical layout:** +- `bin/` or top-level `*.sh` — entry-point scripts +- `lib/*.sh` — sourced function libraries (no `set -e`; the caller owns the shell) +- `tests/*.bats` — bats-core tests beside the scripts they exercise + +## Build & Test Commands + +If the project has a Makefile, document targets here. Common pattern: + +```bash +make test # run the bats suite +make test FILE=tests/x.bats # one file +make lint # shellcheck across the tree +make fmt # shfmt -w (if the project adopts shfmt) +``` + +Direct equivalents: `bats -r tests/`, `shellcheck script.sh`, +`shfmt -d script.sh` (diff), `shfmt -w script.sh` (write). + +## Language Rules + +See rule files in `.claude/rules/`: +- `bash.md` — code style and patterns (strict mode, quoting, `[[ ]]`, traps) +- `bash-testing.md` — bats conventions +- `verification.md` — verify-before-claim-done discipline + +## Git Workflow + +Commit conventions: see `.claude/rules/commits.md` (author identity, +no AI attribution, message format). + +Pre-commit hook in `githooks/` scans for secrets and runs `shellcheck` on staged +shell files. Activate on a fresh clone with `git config core.hooksPath githooks`. + +## Problem-Solving Approach + +Investigate before fixing. When diagnosing a bug: +1. Read the relevant script and trace what actually happens +2. Identify the root cause, not a surface symptom +3. Write a failing bats test that captures the correct behavior +4. Fix, then re-run tests + +## Testing Discipline + +TDD is the default: write a failing test before any implementation. If you can't +write the test, you don't yet understand the change. Details in +`.claude/rules/bash-testing.md`. + +## Editing Discipline + +A PostToolUse hook runs `shellcheck` on every shell file after Edit/Write/ +MultiEdit and blocks on a violation — read the SCxxxx code and fix it (each has a +wiki page). The hook covers `.sh`, `.bash`, and extensionless files with a shell +shebang. Formatting (`shfmt`) is recommended but not enforced by the hook, since +shell has no single canonical style; adopt one per project via `.editorconfig`. + +## What Not to Do + +- Don't add features beyond what was asked +- Don't refactor surrounding code when fixing a bug +- Don't leave expansions unquoted or use `[ ]` where `[[ ]]` fits +- Don't add comments to code you didn't change +- Don't commit `.env` files, credentials, or API keys — the pre-commit hook + catches common patterns but isn't a substitute for care diff --git a/languages/bash/claude/hooks/validate-bash.sh b/languages/bash/claude/hooks/validate-bash.sh new file mode 100755 index 0000000..4e75f40 --- /dev/null +++ b/languages/bash/claude/hooks/validate-bash.sh @@ -0,0 +1,66 @@ +#!/usr/bin/env bash +# Validate shell files after Edit/Write/MultiEdit. +# PostToolUse hook: receives tool-call JSON on stdin. +# +# On success: exit 0 silent. +# On failure: emit JSON with hookSpecificOutput.additionalContext so Claude +# sees a structured error in its context, THEN exit 2 to block the tool +# pipeline. stderr still echoes the error for terminal visibility. +# +# Gate: shellcheck. It catches the bugs that define shell — unquoted +# expansions, unset variables, masked exit codes — and is the high-value, +# universally-agreed check. Formatting (shfmt) is deliberately NOT enforced +# here: shell has no single canonical style (tabs vs spaces), so blocking on +# it would impose a contested choice. bash.md recommends shfmt; this hook +# enforces correctness. +# +# Scope: .sh and .bash files, plus extensionless files whose first line is a +# sh/bash shebang (the CLI tools that fill a shell-heavy repo carry no +# extension). + +set -u + +# Emit a JSON failure payload and exit 2. Arguments: +# $1 — short failure type (e.g. "SHELLCHECK FAILED") +# $2 — file path +# $3 — tool output (error body) +fail_json() { + local ctx + ctx="$(printf '%s: %s\n\n%s\n\nFix before proceeding.' "$1" "$2" "$3" \ + | jq -Rs .)" + cat <&2 + exit 2 +} + +f="$(jq -r '.tool_input.file_path // .tool_response.filePath // empty')" +[ -z "$f" ] && exit 0 +[ -f "$f" ] || exit 0 + +# Is this a shell file? By extension, or by shebang when it has no extension. +# Match on the basename, not the full path — a temp/parent dir can carry a dot +# (e.g. validate-bash-bats.XXXX/) and misfire the "*.*" extension test. +is_shell=0 +base="${f##*/}" +case "$base" in + *.sh | *.bash) is_shell=1 ;; + *.*) is_shell=0 ;; # some other extension — not ours + *) + # No extension: sniff the shebang. + if head -1 "$f" 2>/dev/null | grep -qE '^#!.*\b(bash|sh)\b'; then + is_shell=1 + fi + ;; +esac +[ "$is_shell" -eq 1 ] || exit 0 + +# No shellcheck on this machine — nothing to validate, don't block the edit. +command -v shellcheck >/dev/null 2>&1 || exit 0 + +if ! out="$(shellcheck "$f" 2>&1)"; then + fail_json "SHELLCHECK FAILED" "$f" "$out" +fi + +exit 0 diff --git a/languages/bash/claude/rules/bash-testing.md b/languages/bash/claude/rules/bash-testing.md new file mode 100644 index 0000000..c904927 --- /dev/null +++ b/languages/bash/claude/rules/bash-testing.md @@ -0,0 +1,71 @@ +# Bash Testing Rules + +Applies to: `**/*.bats` + +Implements the core principles from `testing.md`. All rules there apply here — +this file covers shell-specific patterns. + +## Framework: bats-core + +Use [bats-core](https://bats-core.readthedocs.io/) for shell tests. A test file +is `.bats`; each test is a `@test "description" { ... }` block; a non-zero +exit inside the block fails the test. Run a file with `bats path/to/file.bats`, +or a tree with `bats -r tests/`. + +Drive the script under test with `run`: it captures `$status` (exit code), +`$output` (combined stdout+stderr), and `$lines[]` (output split by line) +without the failure aborting the test. Assert on those. + +```bash +@test "greet: prints the name passed in" { + run bash "$SCRIPT" --name Ada + [ "$status" -eq 0 ] + [[ "$output" == *"Hello, Ada"* ]] +} +``` + +## Test the Real Script, Through Its Interface + +Run the actual script file — never copy its logic into the test. Invoke it the +way a caller does (`run bash "$SCRIPT" `, or `run "$SCRIPT"` when it's +executable) and assert on exit status and output. A test that re-implements the +script's logic passes even when the script breaks. + +For a script that sources a library of functions, source the library in `setup` +and call the functions directly — that's the unit level; the `run` invocation is +the integration level. + +## Normal, Boundary, Error — the Three Categories + +Cover all three from `testing.md` per script: + +- Normal: the expected arguments and inputs produce the expected output and a + zero exit. +- Boundary: empty argument, missing optional flag, single-item vs many, + whitespace and unicode in inputs, a path with a space. +- Error: missing required argument, nonexistent input file, a dependency + absent. Assert the exit code and that the error names the problem — not the + exact wording (`testing.md`'s error-behavior rule). + +## Isolation and Determinism + +- `setup()` makes a fresh `mktemp -d` per test; `teardown()` removes it. No test + leans on another's leftovers, and tests pass in any order. +- Mock an external command by putting a stub earlier on `PATH`: write a small + script named like the command into a temp dir, `chmod +x`, and prepend that + dir to `PATH` for the `run`. This is how you simulate a tool being absent, + returning an error, or emitting canned output — without touching the network + or the real tool. +- Never hardcode dates; generate them relative to `date` (see the + `task-review-staleness.bats` pattern in this repo for relative-date fixtures). +- Mock at the boundary (network, the external CLI, the clock). Don't mock the + script's own functions — those are the work. + +## What Not to Do + +- Don't assert exact error-message prose; assert the exit code plus a value the + message must contain. +- Don't share mutable state between tests through a fixed temp path. +- Don't test that `shellcheck` or `bats` themselves work — trust the tools. +- Don't skip the error cases because the happy path passes; the error paths are + where shell scripts actually break. diff --git a/languages/bash/claude/rules/bash.md b/languages/bash/claude/rules/bash.md new file mode 100644 index 0000000..042138a --- /dev/null +++ b/languages/bash/claude/rules/bash.md @@ -0,0 +1,83 @@ +# Bash Code Rules + +Applies to: `**/*.sh`, `**/*.bash`, and extensionless files with a `sh`/`bash` shebang + +Shell-specific style and structure. Pairs with `bash-testing.md` for tests and +the generic `verification.md` / `commits.md` rules. When in doubt, defer to +[ShellCheck](https://www.shellcheck.net/wiki/) (every SCxxxx code has a wiki +page explaining the fix) and Google's +[Shell Style Guide](https://google.github.io/styleguide/shellguide.html). + +## ShellCheck Is the Gate, Not a Suggestion + +The bundle's PostToolUse hook runs `shellcheck` on every edited shell file and +blocks on a violation; the pre-commit hook re-checks staged files. ShellCheck +catches the bugs that define shell: unquoted expansions that word-split, unset +variables, `[ ]` pitfalls, masked exit codes. Fix the finding rather than +silence it. When a warning is a genuine false positive, disable it narrowly with +a `# shellcheck disable=SCxxxx` directive on the line above and a comment saying +why, never a file-wide blanket disable. + +## The Header: Strict Mode + +Every script starts with `#!/usr/bin/env bash` and `set -euo pipefail`: + +- `-e` exits on an unhandled non-zero command. Handle the expected-failure cases + explicitly (`cmd || true`, an `if`, a `case`) so the exit is a real error. +- `-u` treats an unset variable as an error. Use `"${VAR:-default}"` for the + ones that are legitimately optional. +- `-o pipefail` makes a pipeline fail if any stage fails, not just the last. + +A script meant to be *sourced* (a library) skips `set -e` — it would change the +caller's shell. Libraries guard their own commands instead. + +## Quote Everything + +- Double-quote every expansion: `"$var"`, `"$@"`, `"${arr[@]}"`, + `"$(command)"`. Unquoted is the single largest source of shell bugs — a path + with a space becomes two arguments. +- `"$@"` (quoted) passes arguments through untouched; `$*` and unquoted `$@` + word-split. Use `"$@"` unless you specifically want the joined string. +- Loop over arrays and `find -print0 | while IFS= read -r -d ''`, never over + unquoted command substitution or `ls` output. + +## Test, Compare, Branch + +- Use `[[ ]]` for tests, not `[ ]` / `test`. `[[ ]]` doesn't word-split its + operands, supports `&&`/`||`/`=~`, and has fewer quoting traps. +- Arithmetic goes in `(( ))` or `$(( ))`, not `[ ]` with `-eq`. +- `$(command)`, never backticks — nests cleanly and reads better. +- Prefer `printf` over `echo` for anything but a fixed literal string; + `echo` mangles values that start with `-` or contain backslashes. + +## Functions and Scope + +- Declare function-local variables with `local`. A bare assignment in a + function writes a global and leaks across calls. +- `local var; var="$(cmd)"` on two lines when you need the command's exit + status: `local var="$(cmd)"` masks `cmd`'s exit code behind `local`'s. +- Keep functions focused. A function that fetches, parses, and writes is three + functions; the test difficulty in `bash-testing.md` is the tell. +- Put `main "$@"` at the bottom for a script with more than a couple of + functions, so definition order doesn't dictate execution order. + +## Robustness + +- `trap 'rm -rf "$tmpdir"' EXIT` right after creating a temp resource, so + cleanup runs on every exit path including errors. +- Make a temp file or dir with `mktemp` / `mktemp -d`, never a fixed + `/tmp/name` (race + collision). +- Check that a required command exists before the work: `command -v jq + >/dev/null || { echo "jq required" >&2; exit 1; }`. +- Never parse `ls` output and don't `cat` a file into a pipe you could read + directly. Glob, or use `find`, or read the file in place. + +## What Not to Do + +- Don't leave an expansion unquoted to "save a quote" — quote it. +- Don't use `[ ]` when `[[ ]]` is available, or backticks when `$()` is. +- Don't silence a ShellCheck warning file-wide to clear it; fix it or disable + the one code with a reason. +- Don't refactor surrounding code while fixing a bug — keep the diff scoped. +- Don't commit credentials or API keys — the pre-commit hook catches common + patterns but isn't a substitute for care. diff --git a/languages/bash/claude/settings.json b/languages/bash/claude/settings.json new file mode 100644 index 0000000..b725603 --- /dev/null +++ b/languages/bash/claude/settings.json @@ -0,0 +1,68 @@ +{ + "attribution": { + "commit": "", + "pr": "" + }, + "permissions": { + "allow": [ + "Bash(make)", + "Bash(make help)", + "Bash(make targets)", + "Bash(make test)", + "Bash(make test *)", + "Bash(make lint)", + "Bash(make fmt)", + "Bash(shellcheck *)", + "Bash(shfmt *)", + "Bash(bats)", + "Bash(bats *)", + "Bash(git status)", + "Bash(git status *)", + "Bash(git diff)", + "Bash(git diff *)", + "Bash(git log)", + "Bash(git log *)", + "Bash(git show)", + "Bash(git show *)", + "Bash(git blame *)", + "Bash(git branch)", + "Bash(git branch -v)", + "Bash(git branch -a)", + "Bash(git branch --list *)", + "Bash(git remote)", + "Bash(git remote -v)", + "Bash(git remote show *)", + "Bash(git ls-files *)", + "Bash(git rev-parse *)", + "Bash(git cat-file *)", + "Bash(git stash list)", + "Bash(git stash show *)", + "Bash(jq *)", + "Bash(date)", + "Bash(date *)", + "Bash(which *)", + "Bash(file *)", + "Bash(ls)", + "Bash(ls *)", + "Bash(wc *)", + "Bash(du *)", + "Bash(readlink *)", + "Bash(realpath *)", + "Bash(basename *)", + "Bash(dirname *)" + ] + }, + "hooks": { + "PostToolUse": [ + { + "matcher": "Edit|Write|MultiEdit", + "hooks": [ + { + "type": "command", + "command": "$CLAUDE_PROJECT_DIR/.claude/hooks/validate-bash.sh" + } + ] + } + ] + } +} diff --git a/languages/bash/githooks/pre-commit b/languages/bash/githooks/pre-commit new file mode 100755 index 0000000..e41c41c --- /dev/null +++ b/languages/bash/githooks/pre-commit @@ -0,0 +1,48 @@ +#!/usr/bin/env bash +# Pre-commit hook: secret scan + shellcheck on staged shell files. +# Use `git commit --no-verify` to bypass for confirmed false positives. + +set -u + +REPO_ROOT="$(git rev-parse --show-toplevel)" +cd "$REPO_ROOT" || exit 1 + +# --- 1. Secret scan --- +# Patterns for common credentials. Scans only added lines in the staged diff. +SECRET_PATTERNS='(AKIA[0-9A-Z]{16}|sk-[a-zA-Z0-9_-]{20,}|-----BEGIN (RSA|DSA|EC|OPENSSH|PGP)( PRIVATE)?( KEY| KEY BLOCK)?-----|(api[_-]?key|api[_-]?secret|auth[_-]?token|secret[_-]?key|bearer[_-]?token|access[_-]?token|password)[[:space:]]*[:=][[:space:]]*["'"'"'][^"'"'"']{16,}["'"'"'])' + +secret_hits="$(git diff --cached -U0 --diff-filter=AM \ + | grep '^+' | grep -v '^+++' \ + | grep -iEn "$SECRET_PATTERNS" || true)" + +if [ -n "$secret_hits" ]; then + echo "pre-commit: potential secret in staged changes:" >&2 + echo "$secret_hits" >&2 + echo "" >&2 + echo "Review the lines above. If this is a false positive (test fixture, documentation)," >&2 + echo "bypass with: git commit --no-verify" >&2 + exit 1 +fi + +# --- 2. shellcheck on staged .sh / .bash files --- +staged_sh="$(git diff --cached --name-only --diff-filter=AM \ + | grep -E '\.(sh|bash)$' || true)" + +if [ -n "$staged_sh" ] && command -v shellcheck >/dev/null 2>&1; then + failed="" + while IFS= read -r f; do + [ -z "$f" ] && continue + [ -f "$f" ] || continue + if ! shellcheck "$f" >/dev/null 2>&1; then + failed="${failed}${f}"$'\n' + fi + done <<< "$staged_sh" + + if [ -n "$failed" ]; then + printf 'pre-commit: shellcheck failed on staged files:\n\n%s\n' "$failed" >&2 + echo "Run: shellcheck and fix the findings, then re-stage." >&2 + exit 1 + fi +fi + +exit 0 diff --git a/languages/bash/gitignore-add.txt b/languages/bash/gitignore-add.txt new file mode 100644 index 0000000..899f5ba --- /dev/null +++ b/languages/bash/gitignore-add.txt @@ -0,0 +1,4 @@ +# Claude Code — local tooling, delivered by install/sync, not committed +.claude/ +CLAUDE.md +githooks/ diff --git a/languages/bash/tests/validate-bash.bats b/languages/bash/tests/validate-bash.bats new file mode 100644 index 0000000..9f268a1 --- /dev/null +++ b/languages/bash/tests/validate-bash.bats @@ -0,0 +1,96 @@ +#!/usr/bin/env bats +# +# Tests for languages/bash/claude/hooks/validate-bash.sh — the PostToolUse hook +# that runs shellcheck on edited shell files and blocks on a violation. +# +# The hook reads tool-call JSON on stdin and extracts the file path, so each +# test pipes a JSON payload naming a real file it wrote into a temp dir. The +# shellcheck dependency is real (integration): clean files pass, genuinely +# broken ones fail. Tests needing shellcheck skip when it's absent so the suite +# stays portable. + +HOOK="$(cd "$(dirname "$BATS_TEST_FILENAME")/.." && pwd)/claude/hooks/validate-bash.sh" + +setup() { + TEST_DIR="$(mktemp -d -t validate-bash-bats.XXXXXX)" +} + +teardown() { + rm -rf "$TEST_DIR" +} + +# Build a tool-call JSON payload naming a file_path. +payload() { + printf '{"tool_input": {"file_path": "%s"}}' "$1" +} + +# ---- Normal ---------------------------------------------------------- + +@test "validate-bash: a clean .sh file passes silently (exit 0)" { + command -v shellcheck >/dev/null 2>&1 || skip "shellcheck not installed" + printf '#!/usr/bin/env bash\nset -euo pipefail\necho "ok"\n' > "$TEST_DIR/clean.sh" + run bash "$HOOK" <<< "$(payload "$TEST_DIR/clean.sh")" + [ "$status" -eq 0 ] + [ -z "$output" ] +} + +# ---- Error ----------------------------------------------------------- + +@test "validate-bash: a shellcheck violation blocks (exit 2, names shellcheck)" { + command -v shellcheck >/dev/null 2>&1 || skip "shellcheck not installed" + # SC2086: unquoted expansion that word-splits — a real shellcheck warning. + printf '#!/usr/bin/env bash\nf=$1\nrm $f\n' > "$TEST_DIR/bad.sh" + run bash "$HOOK" <<< "$(payload "$TEST_DIR/bad.sh")" + [ "$status" -eq 2 ] + [[ "$output" == *"SHELLCHECK"* ]] +} + +# ---- Boundary -------------------------------------------------------- + +@test "validate-bash: a non-shell file is ignored (exit 0)" { + printf 'print("hello")\n' > "$TEST_DIR/script.py" + run bash "$HOOK" <<< "$(payload "$TEST_DIR/script.py")" + [ "$status" -eq 0 ] + [ -z "$output" ] +} + +@test "validate-bash: an extensionless file with a bash shebang is validated" { + command -v shellcheck >/dev/null 2>&1 || skip "shellcheck not installed" + printf '#!/usr/bin/env bash\nf=$1\nrm $f\n' > "$TEST_DIR/cli-tool" + run bash "$HOOK" <<< "$(payload "$TEST_DIR/cli-tool")" + [ "$status" -eq 2 ] + [[ "$output" == *"SHELLCHECK"* ]] +} + +@test "validate-bash: an extensionless non-shell file is ignored (exit 0)" { + printf 'just some text\nno shebang here\n' > "$TEST_DIR/notes" + run bash "$HOOK" <<< "$(payload "$TEST_DIR/notes")" + [ "$status" -eq 0 ] + [ -z "$output" ] +} + +@test "validate-bash: empty file_path is a no-op (exit 0)" { + run bash "$HOOK" <<< '{"tool_input": {}}' + [ "$status" -eq 0 ] + [ -z "$output" ] +} + +@test "validate-bash: a missing file is a no-op (exit 0)" { + run bash "$HOOK" <<< "$(payload "$TEST_DIR/does-not-exist.sh")" + [ "$status" -eq 0 ] + [ -z "$output" ] +} + +@test "validate-bash: shellcheck absent does not block the edit (exit 0)" { + # PATH with jq + coreutils symlinked but no shellcheck → hook can't validate, + # must not block. + STUB="$TEST_DIR/bin" + mkdir -p "$STUB" + for b in bash jq head cat printf grep sed; do + src="$(command -v "$b" 2>/dev/null)" && ln -sf "$src" "$STUB/$b" + done + printf '#!/usr/bin/env bash\nf=$1\nrm $f\n' > "$TEST_DIR/bad.sh" + run env PATH="$STUB" bash "$HOOK" <<< "$(payload "$TEST_DIR/bad.sh")" + [ "$status" -eq 0 ] + [ -z "$output" ] +} diff --git a/scripts/tests/install-lang.bats b/scripts/tests/install-lang.bats index f790fbf..8518852 100644 --- a/scripts/tests/install-lang.bats +++ b/scripts/tests/install-lang.bats @@ -108,6 +108,24 @@ teardown() { grep -qxF "MY OWN CLAUDE" "$PROJECT/CLAUDE.md" } +@test "install-lang bash: full bundle lands (rules, hook, settings, githook, CLAUDE.md)" { + run bash "$INSTALL_LANG" bash "$PROJECT" + + [ "$status" -eq 0 ] + # Language + testing rules — the bundle's sync fingerprint + [ -f "$PROJECT/.claude/rules/bash.md" ] + [ -f "$PROJECT/.claude/rules/bash-testing.md" ] + # PostToolUse validate hook, executable and wired into settings + [ -x "$PROJECT/.claude/hooks/validate-bash.sh" ] + grep -qF "validate-bash.sh" "$PROJECT/.claude/settings.json" + # Pre-commit githook + [ -x "$PROJECT/githooks/pre-commit" ] + # The bundle ships its own CLAUDE.md, so it wins over the neutral default + grep -qF "Bash/shell project" "$PROJECT/CLAUDE.md" + # Gitignore footprint + grep -qxF ".claude/" "$PROJECT/.gitignore" +} + @test "install-lang go: full bundle lands (rules, hook, settings, githook, CLAUDE.md, coverage)" { run bash "$INSTALL_LANG" go "$PROJECT" diff --git a/todo.org b/todo.org index c1b76b0..4418afa 100644 --- a/todo.org +++ b/todo.org @@ -34,10 +34,13 @@ Tags are assigned and refreshed by =task-audit=; =task-review= keeps them honest * Rulesets Open Work -** TODO [#C] Bash/shell language bundle :feature: +** DONE [#C] Bash/shell language bundle :feature: +CLOSED: [2026-06-23 Tue] :PROPERTIES: :CREATED: [2026-06-23 Tue] :END: +Built =languages/bash/= the same session it was filed: bash.md + bash-testing.md rules, a shellcheck PostToolUse validate hook (covers =.sh=, =.bash=, and extensionless shell scripts by shebang; 8 bats tests), a shellcheck pre-commit githook, settings.json wiring, gitignore-add.txt, and a "Bash/shell project" CLAUDE.md. shfmt left out of the blocking path on purpose (shell has no canonical style). Makefile test target now discovers =languages/*/tests/*.bats=. + No =languages/= bundle fits a shell-heavy project. archangel (437 =.sh= files) and archsetup are bash projects with nothing that matches; installing elisp/python gives them the wrong language rules. Build a =languages/bash/= bundle on the elisp/go pattern: =claude/rules/bash.md= (style — =set -euo pipefail=, quoting, =[[ ]]=, trap/cleanup) + =bash-testing.md= (bats conventions), a PostToolUse validate hook (=shellcheck= on edited =.sh=), a =githooks/pre-commit= running shellcheck on staged shell files, =settings.json= wiring, =gitignore-add.txt=, and its own =CLAUDE.md= headed "Bash/shell project." Urgency dropped 2026-06-23: install-lang now seeds the language-neutral default CLAUDE.md when a bundle ships none, so a bash project no longer gets a mislabeled "Elisp project" header — the bundle is now the accurate-rules win, not a mislabel fix. From archangel 2026-06-23 ([[file:docs/design/2026-06-23-install-lang-claude-md-gap.org][handoff]]). ** TODO [#B] Anki deck name from #+TITLE :bug: -- cgit v1.2.3