zsp/everything-claude-code
1
0
Fork 0
mirror of https://github.com/affaan-m/everything-claude-code.git synced 2026-04-30 22:13:28 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix: fail open on insaits monitor errors

Browse Source
This commit is contained in:
Affaan Mustafa
2026-04-29 18:03:33 -04:00
parent b40de37ccb
commit 1c2d5dd389
2 changed files with 37 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
scripts/hooks/insaits-security-wrapper.js
View File

@@ -98,6 +98,16 @@ process.stdin.on('end', () => {
process.exit(0);
}
// The monitor only uses 0 (pass) and 2 (block). Other statuses usually
// mean Python launcher/dependency/runtime failure, so keep the hook fail-open.
if (result.status !== 0 && result.status !== 2) {
const detail = (result.stderr || result.stdout || '').trim();
const suffix = detail ? `: ${detail}` : '';
process.stderr.write(`[InsAIts] Security monitor exited with status ${result.status}${suffix}\n`);
process.stdout.write(raw);
process.exit(0);
}
if (result.stdout) {
process.stdout.write(result.stdout);
} else if (result.status === 0) {

28
tests/hooks/insaits-security-wrapper.test.js
View File

@@ -166,6 +166,29 @@ function runTests() {
}
})) passed++; else failed++;
if (test('enabled monitor unexpected failure fails open with warning and raw stdin', () => {
const tempDir = createTempDir();
try {
writeFakePython(path.join(tempDir, 'bin'));
const result = run({
input: 'raw-input',
env: {
ECC_ENABLE_INSAITS: '1',
FAKE_INSAITS_MODE: 'error',
PATH: path.join(tempDir, 'bin'),
},
});
assert.strictEqual(result.status, 0);
assert.strictEqual(result.stdout, 'raw-input');
assert.ok(result.stderr.includes('Security monitor exited with status 1'));
assert.ok(result.stderr.includes('spawned but failed'));
} finally {
cleanup(tempDir);
}
})) passed++; else failed++;
if (test('missing Python fails open with warning and raw stdin', () => {
const result = run({
input: 'raw-input',
@@ -177,7 +200,10 @@ function runTests() {
assert.strictEqual(result.status, 0);
assert.strictEqual(result.stdout, 'raw-input');
assert.ok(result.stderr.includes('python3/python not found'));
assert.ok(
result.stderr.includes('python3/python not found')
|| result.stderr.includes('Security monitor exited with status')
);
})) passed++; else failed++;
console.log(`\nResults: Passed: ${passed}, Failed: ${failed}`);