feat(#489): fire the MCP-search advisory on Read/Glob/Grep for workspace paths

[atlas-apex]

Summary

• Closes the Read/Glob/Grep bypass — the suggest-mcp-search advisory previously only fired on Bash tool calls. An agent could sidestep the nudge entirely by reaching for Read, Glob, or Grep against a workspace-clone path, which never triggered the banner. This PR extends the hook to cover all three tools when the target path is inside workspace/<project>/.
• Workspace-scoped, not blanket — the new Read/Glob/Grep branch only fires when the resolved path contains workspace/. Framework file reads (e.g. Read roles/engineering/tech-lead.md) are untouched and stay silent, preserving the original behaviour's intent that the nudge only applies to managed-project code lookups.
• Install-gate fully preserved for all tools — the load-bearing apexyard-search check in .mcp.json applies equally to the new Read/Glob/Grep branch. Free adopters who don't have the premium apexyard-search MCP configured will see nothing from this hook regardless of which tool they use. This was an explicit requirement and is verified by three dedicated test cases (one per tool in the no-MCP fixture).
• settings.json wired — a new Read|Glob|Grep PreToolUse matcher block invokes the same ops-root-resolving hook wrapper already used by the Bash entry.

Testing

# All 23 cases pass, 0 failures
bash .claude/hooks/tests/test_suggest_mcp_search.sh

# Hook count unchanged (edited existing file, did not add one)
bash .claude/hooks/tests/test_site_counts.sh

# shellcheck clean
shellcheck .claude/hooks/suggest-mcp-search.sh

Test coverage added (#489 cases):

• Read/Glob/Grep on workspace/<project>/... path WITH apexyard-search configured → advisory fires
• Read/Glob/Grep on workspace/<project>/... path WITHOUT apexyard-search (free adopter) → silent
• Read/Glob/Grep on paths OUTSIDE workspace/ (framework files, src/, etc.) → silent
• Write/Edit tools on workspace paths → silent (only Bash/Read/Glob/Grep are in scope)
• All original Bash cases unchanged and passing

Glossary

Term	Definition
advisory hook	A PreToolUse hook that emits guidance as hookSpecificOutput.additionalContext JSON on stdout and always exits 0 — never blocks the tool call
install-gate	The .mcp.json check that ensures the hook stays silent for free adopters who don't have the apexyard-search premium MCP configured
workspace clone	A local working copy of a registered managed project, living under workspace/<name>/ in the ops repo
MCP-first	The framework guideline to prefer apexyard-search semantic search over grep/Read for managed-project code lookups (~3–5× fewer tokens)

Closes #489

[atlas-apex]

Code Review: PR #490

Commit: 8255f5bf72ef63dac1c7ea6ab22e1adfa8488714

Note: submitted as a comment because GitHub blocks self-approval on this PR. The Rex verdict is APPROVED and the 490-rex.approved marker has been written with the matching HEAD SHA.

Summary

Extends the suggest-mcp-search advisory hook from Bash-only to also fire on Read/Glob/Grep when the target path is inside a managed-project workspace clone (workspace/<project>/), closing the bypass where an agent could sidestep the MCP-first nudge by using native read tools. Bash behaviour is unchanged; the install-gate (only nudge when apexyard-search is in .mcp.json) is preserved for all tools.

Checklist Results

• ✅ Architecture & Design: Pass — clean case/if branch dispatch, shared install-gate at the convergence point
• ✅ Code Quality: Pass — shellcheck -S warning clean, well-commented field-layout rationale
• ✅ Testing: Pass — 23/23 cases, incl. 3 load-bearing free-adopter no-banner cases
• ✅ Security: Pass — advisory-only, no secrets, no injection surface
• ✅ Performance: Pass — hot-path is a single jq + case match
• ✅ PR Description & Glossary: Pass — narrative Summary calls out the free-adopter gate; Glossary present; Closes #489
• ⚠ Summary Bullet Narrative: Pass — bullets answer what + why
• ✅ Technical Decisions (AgDR):N/A — extends an existing hook, no new dependency/pattern
• ✅ Adopter Handbooks: N/A — no handbooks triggered by this diff

Issues Found

None.

Verification performed (load-bearing checks)

1. Install-gate preserved (the explicit CEO requirement). Read the hook end-to-end: the Read/Glob/Grep branch (lines 104-125) only does path filtering, then falls through to the shared install-gate $mcp_has_search || exit 0 at line 145 — it is NOT bypassed. Confirmed adversarially:
   • Read on workspace/... with apexyard-search ABSENT from .mcp.json → SILENT (free adopter sees nothing). ✅
   • Read on workspace/... with apexyard-search PRESENT → banner fires. ✅
2. Path extraction. .tool_input.file_path // .tool_input.path // empty correctly covers Read (file_path) and Glob/Grep (path); absent path → exit 0 (verified, no banner). Workspace check (*workspace/*) mirrors the Bash branch intent.
3. Bash branch byte-identical in effect — grep -rn on a workspace path still fires; original framework/workspace pattern scanner untouched.
4. Advisory/non-blocking — exit 0 in every path; banner emitted as hookSpecificOutput.additionalContext JSON on STDOUT, matching the #469 channel.
5. settings.json — valid JSON; new Read|Glob|Grep matcher uses the identical ops-root-resolving bash -c wrapper; existing Bash/Edit-Write matchers undisturbed.
6. Tests + lint — test_suggest_mcp_search.sh 23 passed / 0 failed; test_site_counts.sh green (hooks count unchanged at 38 — edited existing file); shellcheck -S warning exit 0.

Suggestions

None blocking. Optional future thought: if Claude Code ever adds a tool that carries a path under a third field name, the file_path // path pattern would need extending — the inline comment already documents the schema, so this is covered for now.

Verdict

APPROVED

---

🤖 Reviewed by Rex (Code Reviewer Agent)
📌 Reviewed commit: 8255f5bf72ef63dac1c7ea6ab22e1adfa8488714