You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Rex's code review of PR #152 (which shipped #150 + #151) flagged 16+ Bash-write shapes the heuristic detector currently misses. Per AgDR-0011, the matcher's design is "false-negatives preferred over false-positives" so the misses are not bugs — but the matcher table is explicitly framed as a living list extended on observation. This ticket captures the observed-but-uncovered shapes from Rex's probe and the adjacent classes that would be obvious bypass routes for an agent researching the matcher.
Scope
Extend .claude/hooks/_lib-detect-bash-write.sh matcher patterns to cover:
File-moving builtins: cp, mv, rm, dd, install
Archive / network writes: tar -x / tar --extract, curl -o / --output, wget -O / --output-document
Other interpreters: perl -e, php -r, go run, deno, bun
Python helpers we missed: pathlib.Path().touch(), shutil.copy*, os.rename, shutil.move
Heredoc variants for ruby and node (currently only python heredoc is matched)
Each new pattern needs a corresponding test case in .claude/hooks/tests/test_detect_bash_write.sh (positive class) and ideally one read-only counterexample in the negative class to guard against false positives on the new pattern (e.g. tar -t listing should not trigger the tar -x matcher).
Acceptance Criteria
Each pattern in the Scope list has a regex match in _lib-detect-bash-write.sh and at least one positive-class test case
At least three negative-class counterexamples added (one per ambiguous pattern: e.g. cp is gated, git cp shouldn't trigger if/when git ever adds such a subcommand)
Total test count in test_detect_bash_write.sh rises from 32 to ≥48
All existing 32 cases still pass (no regression on first-version patterns)
Pattern table comment in _lib-detect-bash-write.sh is updated to reflect the new shapes
Risks / Dependencies
False-positive risk on cp / mv / rm — these are extremely common in legitimate read-adjacent commands (e.g. build scripts that move artefacts). The matcher must be scoped to bare invocations only, not subcommand-style usage. Mitigation: extensive negative-class test coverage.
No coupling. Builds on the design space already established in AgDR-0011; no new architectural decisions needed.
Driver
Rex's code review of PR #152 (which shipped #150 + #151) flagged 16+ Bash-write shapes the heuristic detector currently misses. Per AgDR-0011, the matcher's design is "false-negatives preferred over false-positives" so the misses are not bugs — but the matcher table is explicitly framed as a living list extended on observation. This ticket captures the observed-but-uncovered shapes from Rex's probe and the adjacent classes that would be obvious bypass routes for an agent researching the matcher.
Scope
Extend
.claude/hooks/_lib-detect-bash-write.shmatcher patterns to cover:cp,mv,rm,dd,installtar -x/tar --extract,curl -o/--output,wget -O/--output-documentperl -e,php -r,go run,deno,bunpathlib.Path().touch(),shutil.copy*,os.rename,shutil.moverubyandnode(currently only python heredoc is matched)Each new pattern needs a corresponding test case in
.claude/hooks/tests/test_detect_bash_write.sh(positive class) and ideally one read-only counterexample in the negative class to guard against false positives on the new pattern (e.g.tar -tlisting should not trigger thetar -xmatcher).Acceptance Criteria
_lib-detect-bash-write.shand at least one positive-class test casecpis gated,git cpshouldn't trigger if/when git ever adds such a subcommand)test_detect_bash_write.shrises from 32 to ≥48_lib-detect-bash-write.shis updated to reflect the new shapesRisks / Dependencies
cp/mv/rm— these are extremely common in legitimate read-adjacent commands (e.g. build scripts that move artefacts). The matcher must be scoped to bare invocations only, not subcommand-style usage. Mitigation: extensive negative-class test coverage.