Harden Cascade and Codex hook handling#16
Conversation
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: dcedfe002b
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| if needsFallback { | ||
| return nil, true |
There was a problem hiding this comment.
Preserve parsed writes when falling back
When a command contains both a successfully parsed write and any later fallback-triggering write, this drops all accumulated files and the unified bridge emits a single raw fallback with an empty FilePath. For example, cat <<'EOF' > .env ... EOF; cat <<'EOF' > $HOME/out ... EOF first records .env, then the non-literal $HOME/out sets needsFallback, so FilePath-only policies never see the literal .env write. Please dispatch the parsed files as well as the fallback, or otherwise avoid replacing known write targets with an empty-path event.
Useful? React with 👍 / 👎.
| paths, status := teeTargetPaths(teeCall) | ||
| if status != writeFound { | ||
| return nil, status | ||
| } | ||
| return patchFilesForPaths(paths, body), writeFound |
There was a problem hiding this comment.
Include tee stdout redirects in pipeline writes
The new pipeline path only extracts tee's argv targets, but tee also copies stdin to stdout (confirmed via tee --help), and Bash can redirect that stdout to another file. With cat <<'EOF' | tee allowed.txt > ../../.ssh/authorized_keys, this reports only allowed.txt while the redirected stdout writes the same heredoc to authorized_keys, so FilePath-based deny policies miss the sensitive sink. Please include stdout redirects on the tee statement or fall back to the raw command when one is present.
Useful? React with 👍 / 👎.
Summary
Tests
I kept the PR description implementation-focused because this touches hook policy enforcement behavior.