From 9a64e0d271b06d90e389b5d3af4f88f484b62bb5 Mon Sep 17 00:00:00 2001
From: seto <hirokazu.seto@gmail.com>
Date: Sun, 12 Apr 2026 18:18:16 +0900
Subject: [PATCH] fix: gate MultiEdit tool alongside Edit/Write

MultiEdit was bypassing the fact-forcing gate because only Edit and
Write were checked. Now MultiEdit triggers the same edit gate (list
importers, public API, data schemas) before allowing file modifications.

Updated both the hook logic and hooks.json matcher pattern.

Addresses coderabbit/greptile/cubic-dev: "MultiEdit bypasses gate"

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 hooks/hooks.json                      | 4 ++--
 scripts/hooks/gateguard-fact-force.js | 5 +++--
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/hooks/hooks.json b/hooks/hooks.json
index 13224dcb..0ce2f4b7 100644
--- a/hooks/hooks.json
+++ b/hooks/hooks.json
@@ -128,7 +128,7 @@
         "id": "pre:mcp-health-check"
       },
       {
-        "matcher": "Edit|Write",
+        "matcher": "Edit|Write|MultiEdit",
         "hooks": [
           {
             "type": "command",
@@ -136,7 +136,7 @@
             "timeout": 5
           }
         ],
-        "description": "Fact-forcing gate: block first Edit/Write per file and demand investigation (importers, data schemas, user instruction) before allowing",
+        "description": "Fact-forcing gate: block first Edit/Write/MultiEdit per file and demand investigation (importers, data schemas, user instruction) before allowing",
         "id": "pre:edit-write:gateguard-fact-force"
       },
       {
diff --git a/scripts/hooks/gateguard-fact-force.js b/scripts/hooks/gateguard-fact-force.js
index 79d219c4..76e1665e 100644
--- a/scripts/hooks/gateguard-fact-force.js
+++ b/scripts/hooks/gateguard-fact-force.js
@@ -165,7 +165,7 @@ function run(rawInput) {
   const toolName = data.tool_name || '';
   const toolInput = data.tool_input || {};
 
-  if (toolName === 'Edit' || toolName === 'Write') {
+  if (toolName === 'Edit' || toolName === 'MultiEdit' || toolName === 'Write') {
     const filePath = toolInput.file_path || '';
     if (!filePath) {
       return rawInput; // allow
@@ -173,7 +173,8 @@ function run(rawInput) {
 
     if (!isChecked(filePath)) {
       markChecked(filePath);
-      const msg = toolName === 'Edit' ? editGateMsg(filePath) : writeGateMsg(filePath);
+      const msg = (toolName === 'Edit' || toolName === 'MultiEdit')
+        ? editGateMsg(filePath) : writeGateMsg(filePath);
       return denyResult(msg);
     }