[hooks] stop block-read-outside-cwd false-deny on globs and mounts#230
Merged
Conversation
extractAbsolutePaths used a negative lookbehind that only excluded identifier-ish chars, so a slash after a glob meta or a compound-token separator was treated as the start of a fresh absolute path. Two common shapes were misread, e.g. an unquoted shell-glob argument and a docker -v style host-to-container mount: in both cases the regex extracted a fake absolute path that resolved outside cwd and got denied even though the user was reading inside the project (or not reading the host path at all, in the mount case). Add the chars star, question, colon, equals to the lookbehind exclusion class so a slash that immediately follows a glob meta or a separator does not start a match. Quoted paths, whitespace-separated absolute paths, and the home-claude whitelist all keep their existing behaviour. Five regression tests cover the new shapes plus a still-denies case where a real outside read sits next to a glob. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
|
Warning Rate limit exceeded
To keep reviews running without waiting, you can enable usage-based add-on for your organization. This allows additional reviews beyond the hourly cap. Account admins can enable it under billing. ⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (3)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Review rate limit: 0/1 reviews remaining, refill in 24 minutes and 10 seconds.Comment |
…hs-fix # Conflicts: # CHANGELOG.md
6 tasks
NiveditJain
added a commit
that referenced
this pull request
Apr 29, 2026
* [hooks] decouple hook chain from clsx/tailwind
The hook handler (`src/hooks/handler.ts`) was transitively pulling in
`lib/utils.ts` via:
handler.ts
-> resolve-permission-mode.ts
-> lib/codex-sessions.ts
-> lib/log-entries.ts
-> lib/utils.ts (imports clsx + tailwind-merge)
`lib/utils.ts` is the dashboard's shadcn `cn()` helper — it has no business
on the runtime path of a CLI hook. The only thing the hook chain actually
needed from it was `formatDate`, an `Intl.DateTimeFormat` wrapper with no
third-party deps.
When a Claude Code session opened a clone of this repo whose
`$CLAUDE_PROJECT_DIR` resolved into an ancestor that shadowed bun's global
install cache (e.g. `/home/nivedit/prs/failproofai-231/`, with `node_modules`
missing locally but `/home/nivedit/node_modules` present and clsx-less),
every hook event crashed with:
ResolveMessage: Cannot find package 'clsx' from .../lib/utils.ts
Move `formatDate` into a dedicated `lib/format-date.ts` and update the four
server-side and three dashboard callers. `lib/utils.ts` now only exports
`cn` so the hook handler no longer transitively requires `clsx`.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* [changelog] condense unreleased entries to one-liners
Per CodeRabbit feedback on #231: each CHANGELOG entry should be a single
line ending in its PR number. Tag mintlify-de and block-read-outside-cwd
fixes with their actual merged PRs (#229, #230) instead of #231.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
3 tasks
NiveditJain
added a commit
that referenced
this pull request
Apr 29, 2026
Bumps package.json from 0.0.9 to 0.0.9-beta.2 and rolls the ## Unreleased changelog section into ## 0.0.9 — 2026-04-28. Adds since v0.0.9-beta.1: Features: - Show OpenAI Codex projects on the /projects page alongside Claude Code projects, with CLI badges per row and per session; /project/[name] is Codex-aware and the session viewer renders the CLI badge beside the Session Log header (#232) Fixes: - mintlify validate parse error in docs/de/dashboard.mdx (#229) - block-read-outside-cwd false-deny on globs and -v host:/path (#230) - decouple hook chain from clsx/tailwind via lib/format-date.ts (#231) Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
2 tasks
NiveditJain
added a commit
that referenced
this pull request
Apr 29, 2026
Promotes the version from 0.0.9-beta.3 to 0.0.9 stable. The ## 0.0.9 — 2026-04-28 changelog section is already up to date with the contents below; no CHANGELOG churn required. 0.0.9 contents: Features: - OpenAI Codex hook integration via `failproofai policies --install --cli codex` (or --cli claude codex for both); supports all six Codex hook events, PermissionRequest wired through policy-evaluator, per-CLI telemetry tagging, interactive arrow-key CLI selector when both agents detected (#220, #222, #223) - Activity dashboard CLI filter alongside event-type, policy, and session-id filters; Codex sessions in the activity feed are now clickable, with the existing log viewer rendering Codex transcripts via lib/codex-sessions.ts (#226) - Surface Slack community link in CLI banner and Reach Us menu (#225) - Show OpenAI Codex projects on the /projects page alongside Claude Code projects, with CLI badges per row and per session; /project/[name] is Codex-aware and the session viewer renders the CLI badge beside the Session Log header (#232) Fixes: - Trailing blank line after enabled-policies summary in install output (#224) - Resolve hook bin via $CLAUDE_PROJECT_DIR (was relative path) (#219) - Mintlify validation of Arabic built-in-policies docs - Mintlify parse error in docs/de/dashboard.mdx (#229) - block-read-outside-cwd false-deny on globs and -v host:/path (#230) - Decouple hook chain from clsx/tailwind via lib/format-date.ts (#231) Docs: - Bump built-in policy count from 32 to 39 in README and translations (#207) Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
extractAbsolutePaths(src/hooks/builtin-policies.ts) used a negative lookbehind that only excluded identifier-ish chars, so a/after a glob meta or a compound-token separator was treated as the start of a fresh absolute path. Two common shapes were misread:grep -rn 'Tab title=' docs/*/dashboard.mdx | head -30→ extracted/dashboard.mdx, then resolved outside cwd → deny.docker run -v /home/user/project/docs:/docs node:20 ls /docs→ extracted/docs(the container path) → deny.*?:=to the lookbehind exclusion class so a/that immediately follows a glob meta or a separator does not start a match. Quoted paths, whitespace-separated absolute paths, and the~/.claude/whitelist all keep their existing behaviour.__tests__/hooks/block-read-outside-cwd.test.tscover unquoted*and?globs, the volume-mount shape, env-var-prefixed paths, and a still-denies case where a real outside read sits next to a glob. All 1083 unit tests pass; lint is clean.Test plan
bun run test:run __tests__/hooks/block-read-outside-cwd.test.ts— 54 passedbun run test:run— 1083 passedbun run lint— clean (only an unrelated<img>warning)grep -rn 'Tab title=' docs/*/dashboard.mdx | head -30in a session with this policy enabled — expect allow🤖 Generated with Claude Code