chore(hooks): wedge-proof commands + drop project tool_guard#713
Conversation
…llow-up)
Two changes to .claude/settings.json:
1. Removed the project-local `tool_guard.py` PreToolUse hook — the user
confirmed they install soldr/uv guards globally, so the duplicate
fires twice without value. `forbidden_commands.py` (pyocd/esptool
policy) stays as the project-specific Bash gate.
2. Every hook command is now wedge-proof:
- Prefer `${CLAUDE_PROJECT_DIR}` (the harness anchor that survives
worktree shifts) and fall back to `git rev-parse --show-toplevel`.
- Wrap the actual `uv run` invocation in `[ -f <script> ] && ... || exit 0`
so a worktree without `ci/hooks/` (e.g. the `online-data` orphan
branch's worktree, or a freshly-orphaned branch mid-setup) cannot
fail the hook startup and freeze the shell.
This was the catch-22 that wedged the original `online-data` orphan
setup in PR #712: `git rm -rf .` removed `ci/hooks/` from the worktree;
the PreToolUse hook command then resolved `git rev-parse --show-toplevel`
to that worktree, tried `uv run ci/hooks/tool_guard.py`, and python
errored with "no such file" — blocking every subsequent Bash/Edit/Write
call. The guard above turns the "script not found" case into a no-op
instead of a block.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
|
Warning Review limit reached
More reviews will be available in 22 minutes and 45 seconds. Learn how PR review limits work. Your organization has used up its prepaid credits, and credit purchases are no longer available. Enable the review add-on in the billing tab to keep reviews running — you're only billed for reviews past your plan's rate limits ($0.25/file). ⌛ How to resolve this issue?After more reviews become available, a review can be triggered using the To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based credits. 🚦 How do rate limits work?CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan refill rate. For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, the refill rate gradually slows as usage increases. The highest same-day bursts are limited more strictly. Please see our Fair Usage Limits Policy for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (1)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
1 participant
Follow-up to #712.
Summary
tool_guard.pyPreToolUse hook (user runs it globally).\$CLAUDE_PROJECT_DIR(harness anchor that survives worktree shifts) → fall back togit rev-parse --show-toplevel.[ -f <script> ] && uv run ... || exit 0so a worktree withoutci/hooks/(orphan branch, fresh checkout-in-progress) cannot block the shell.Root cause
During the
online-dataorphan-branch setup in #712,git rm -rf .inside the worktree removedci/hooks/. The PreToolUse command then resolvedgit rev-parse --show-toplevelto that worktree, trieduv run ci/hooks/tool_guard.py, and python errored with "no such file" — blocking every subsequent Bash/Edit/Write call. The guard turns "script missing" into a no-op instead of a block.Test plan
🤖 Generated with Claude Code