5dcb90531b
Some checks failed
Contributor Attribution Check / check-attribution (pull_request) Failing after 49s
Docker Build and Publish / build-and-push (pull_request) Has been skipped
Nix / nix (ubuntu-latest) (pull_request) Failing after 6s
Supply Chain Audit / Scan PR for supply chain risks (pull_request) Successful in 25s
Tests / e2e (pull_request) Successful in 4m26s
Tests / test (pull_request) Failing after 59m48s
Nix / nix (macos-latest) (pull_request) Has been cancelled
Three-layer defense against latent /Users/<name>/ and ~/ path defects: 1. Runtime guard (tools/path_guard.py): - validate_path() catches /Users/<name>/, /home/<name>/ in tool args - Allows current HOME prefix (expanduser output is safe) - Wired into write_file_tool() and execute_code() 2. Pre-commit hook (hooks/pre-commit-path-guard.py): - Scans staged .py files for hardcoded path patterns - Blocks commit with actionable error message - # noqa: hardcoded-path-ok escape hatch for legitimate cases 3. CI lint (scripts/lint_hardcoded_paths.py): - Scans directory tree for violations - --fix flag shows remediation suggestions - Skips test dirs, __pycache__, venv 4. 21 tests (tests/test_path_guard.py): - Runtime validation (valid/invalid paths, batch, edge cases) - Static scanning (clean files, violations, noqa, comments) - Directory scanning (tree traversal, skip rules) Existing violations annotated with # noqa: hardcoded-path-ok where legitimate (config defaults, display strings, test fixtures, skills).
51 lines
1.4 KiB
Python
51 lines
1.4 KiB
Python
#!/usr/bin/env python3
|
|
"""
|
|
CI Lint: Scan for hardcoded home-directory paths.
|
|
|
|
Usage:
|
|
python3 scripts/lint_hardcoded_paths.py [--fix] [directory]
|
|
|
|
Exit codes:
|
|
0 — no violations
|
|
1 — violations found
|
|
"""
|
|
|
|
import argparse
|
|
import sys
|
|
from pathlib import Path
|
|
|
|
sys.path.insert(0, str(Path(__file__).resolve().parent.parent))
|
|
from tools.path_guard import scan_directory
|
|
|
|
|
|
def main():
|
|
parser = argparse.ArgumentParser(description="Lint for hardcoded home-directory paths")
|
|
parser.add_argument("directory", nargs="?", default=".", help="Directory to scan")
|
|
parser.add_argument("--fix", action="store_true", help="Show fix suggestions")
|
|
args = parser.parse_args()
|
|
|
|
results = scan_directory(args.directory)
|
|
|
|
if not results:
|
|
print("✅ No hardcoded path violations found.")
|
|
sys.exit(0)
|
|
|
|
total = sum(len(v) for _, v in results)
|
|
print(f"\n❌ {total} hardcoded path violation(s) in {len(results)} file(s):")
|
|
print("=" * 60)
|
|
|
|
for filepath, violations in results:
|
|
print(f"\n {filepath}:")
|
|
for lineno, line, pattern, suggestion in violations:
|
|
print(f" L{lineno}: {line[:80].strip()}")
|
|
if args.fix:
|
|
print(f" → {suggestion}")
|
|
|
|
print("\n" + "=" * 60)
|
|
print("Escape hatch: add # noqa: hardcoded-path-ok to legitimate lines")
|
|
sys.exit(1)
|
|
|
|
|
|
if __name__ == "__main__":
|
|
main()
|