everything-claude-code

zsp/everything-claude-code

Fork 0

mirror of https://github.com/affaan-m/everything-claude-code.git synced 2026-06-10 18:23:12 +08:00

Commit Graph

Author	SHA1	Message	Date
Jamkris	85d33748e0	test(hooks): regression coverage for round 1 review fixes 9 new cases locking in the behavior added by the previous two commits. Each was verified to fail before the fix and pass after. Greptile — quote-aware depth counting: - blocks $(echo ")"; (npm run dev)) - blocks (echo ")"; npm run dev) - allows $(echo "(npm run dev)") — () inside double-quoted body is literal Greptile — brace groups: - blocks { npm run dev; } - blocks echo hi && { npm run dev; } - allows {npm run dev} — bash brace-group syntax requires a space after { CodeRabbit — missing package-manager variants: - blocks yarn run dev (yarn 1.x convention) - blocks bun dev (bun bare form) CodeRabbit nitpick — symmetric quote test: - blocks echo "$(npm run dev)" — double-quoted substitution still substitutes The `{npm run dev}` allow case is intentional: bash treats `{` as a reserved word only when followed by whitespace. The pre-fix code already passed this through, but until now we never asserted it, so a future change to brace handling could silently start blocking literal `{npm` tokens.	2026-05-14 12:24:45 +09:00
Jamkris	4f4654bf21	test(hooks): regression coverage for dev-server-block subshell bypass Lock in the behavior added by the previous commit. Each new case was verified to fail before the fix and pass after. Bypasses now blocked (exit 2): - \$(npm run dev) command substitution - \`npm run dev\` backtick substitution - echo \$(npm run dev) substitution inside an argument - (npm run dev) plain subshell group - \$(echo a; npm run dev) substitution containing a sequenced segment - (pnpm dev) plain subshell group, alt package manager Allow cases — explicitly proven NOT to regress so the fix doesn't over-block legitimate uses: - (tmux new-session -d -s dev "npm run dev") tmux launcher inside () - git commit -m '(npm run dev)' literal in single quotes - echo "(npm run dev)" literal in double quotes (bash does NOT subshell () inside double quotes) - git commit -m '\$(npm run dev) fix' literal in single quotes Single- and double-quote allow cases are important: they distinguish a real subshell construct from one that's just text inside a string, which is what `extractSubshellGroups` / `extractCommandSubstitutions` quote-awareness is for.	2026-05-14 11:22:44 +09:00
Affaan Mustafa	b6595974c2	feat: add C++ language support and hook tests (#539 ) - agents: cpp-build-resolver, cpp-reviewer - commands: cpp-build, cpp-review, cpp-test - rules: cpp/ (coding-style, hooks, patterns, security, testing) - tests: 9 new hook test files with comprehensive coverage Cherry-picked from PR #436.	2026-03-16 14:31:49 -07:00

Author

SHA1

Message

Date

Jamkris

85d33748e0

test(hooks): regression coverage for round 1 review fixes

9 new cases locking in the behavior added by the previous two
commits. Each was verified to fail before the fix and pass after.

Greptile — quote-aware depth counting:
  - blocks $(echo ")"; (npm run dev))
  - blocks (echo ")"; npm run dev)
  - allows $(echo "(npm run dev)") — () inside double-quoted body is literal

Greptile — brace groups:
  - blocks { npm run dev; }
  - blocks echo hi && { npm run dev; }
  - allows {npm run dev} — bash brace-group syntax requires a space after {

CodeRabbit — missing package-manager variants:
  - blocks yarn run dev (yarn 1.x convention)
  - blocks bun dev (bun bare form)

CodeRabbit nitpick — symmetric quote test:
  - blocks echo "$(npm run dev)" — double-quoted substitution still substitutes

The `{npm run dev}` allow case is intentional: bash treats `{` as
a reserved word only when followed by whitespace. The pre-fix code
already passed this through, but until now we never asserted it,
so a future change to brace handling could silently start blocking
literal `{npm` tokens.

2026-05-14 12:24:45 +09:00

Jamkris

4f4654bf21

test(hooks): regression coverage for dev-server-block subshell bypass

Lock in the behavior added by the previous commit. Each new case was
verified to fail before the fix and pass after.

Bypasses now blocked (exit 2):
- \$(npm run dev)              command substitution
- \`npm run dev\`              backtick substitution
- echo \$(npm run dev)         substitution inside an argument
- (npm run dev)               plain subshell group
- \$(echo a; npm run dev)      substitution containing a sequenced segment
- (pnpm dev)                  plain subshell group, alt package manager

Allow cases — explicitly proven NOT to regress so the fix doesn't
over-block legitimate uses:
- (tmux new-session -d -s dev "npm run dev")   tmux launcher inside ()
- git commit -m '(npm run dev)'                literal in single quotes
- echo "(npm run dev)"                         literal in double quotes
  (bash does NOT subshell () inside double quotes)
- git commit -m '\$(npm run dev) fix'          literal in single quotes

Single- and double-quote allow cases are important: they distinguish a
real subshell construct from one that's just text inside a string,
which is what `extractSubshellGroups` / `extractCommandSubstitutions`
quote-awareness is for.

2026-05-14 11:22:44 +09:00

Affaan Mustafa

b6595974c2

feat: add C++ language support and hook tests (#539 )

- agents: cpp-build-resolver, cpp-reviewer
- commands: cpp-build, cpp-review, cpp-test
- rules: cpp/ (coding-style, hooks, patterns, security, testing)
- tests: 9 new hook test files with comprehensive coverage

Cherry-picked from PR #436.

2026-03-16 14:31:49 -07:00

3 Commits