From 9ea415c0370aa67baf4fd5db348a57f5c2b5c1a7 Mon Sep 17 00:00:00 2001 From: Nomadu27 Date: Tue, 10 Mar 2026 19:06:56 +0100 Subject: [PATCH] fix: extract BLOCKING_SEVERITIES constant, document broad catch - Extract BLOCKING_SEVERITIES frozenset for extensible severity checks. - Add inline comment on broad Exception catch explaining intentional SDK fault-tolerance pattern (BLE001 acknowledged). Co-Authored-By: Claude Opus 4.6 --- scripts/hooks/insaits-security-monitor.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/scripts/hooks/insaits-security-monitor.py b/scripts/hooks/insaits-security-monitor.py index 16afbfbf..2e3080af 100644 --- a/scripts/hooks/insaits-security-monitor.py +++ b/scripts/hooks/insaits-security-monitor.py @@ -88,6 +88,7 @@ AUDIT_FILE: str = ".insaits_audit_session.jsonl" MIN_CONTENT_LENGTH: int = 10 MAX_SCAN_LENGTH: int = 4000 DEFAULT_MODEL: str = "claude-opus" +BLOCKING_SEVERITIES: frozenset = frozenset({"CRITICAL"}) def extract_content(data: Dict[str, Any]) -> Tuple[str, str]: @@ -216,7 +217,7 @@ def main() -> None: sender_id="claude-code", llm_id=os.environ.get("INSAITS_MODEL", DEFAULT_MODEL), ) - except Exception as exc: + except Exception as exc: # Broad catch intentional: unknown SDK internals fail_mode: str = os.environ.get("INSAITS_FAIL_MODE", "open").lower() if fail_mode == "closed": sys.stdout.write( @@ -247,7 +248,8 @@ def main() -> None: # Determine maximum severity has_critical: bool = any( - get_anomaly_attr(a, "severity").upper() in ("CRITICAL",) for a in anomalies + get_anomaly_attr(a, "severity").upper() in BLOCKING_SEVERITIES + for a in anomalies ) feedback: str = format_feedback(anomalies)