5dcb90531b
Some checks failed
Contributor Attribution Check / check-attribution (pull_request) Failing after 49s
Docker Build and Publish / build-and-push (pull_request) Has been skipped
Nix / nix (ubuntu-latest) (pull_request) Failing after 6s
Supply Chain Audit / Scan PR for supply chain risks (pull_request) Successful in 25s
Tests / e2e (pull_request) Successful in 4m26s
Tests / test (pull_request) Failing after 59m48s
Nix / nix (macos-latest) (pull_request) Has been cancelled
Three-layer defense against latent /Users/<name>/ and ~/ path defects: 1. Runtime guard (tools/path_guard.py): - validate_path() catches /Users/<name>/, /home/<name>/ in tool args - Allows current HOME prefix (expanduser output is safe) - Wired into write_file_tool() and execute_code() 2. Pre-commit hook (hooks/pre-commit-path-guard.py): - Scans staged .py files for hardcoded path patterns - Blocks commit with actionable error message - # noqa: hardcoded-path-ok escape hatch for legitimate cases 3. CI lint (scripts/lint_hardcoded_paths.py): - Scans directory tree for violations - --fix flag shows remediation suggestions - Skips test dirs, __pycache__, venv 4. 21 tests (tests/test_path_guard.py): - Runtime validation (valid/invalid paths, batch, edge cases) - Static scanning (clean files, violations, noqa, comments) - Directory scanning (tree traversal, skip rules) Existing violations annotated with # noqa: hardcoded-path-ok where legitimate (config defaults, display strings, test fixtures, skills).