WEB-4871: forward Grep/Glob/LS reads from the claude-code hook#160
Closed
MohamedAklamaash wants to merge 4 commits into
Closed
WEB-4871: forward Grep/Glob/LS reads from the claude-code hook#160MohamedAklamaash wants to merge 4 commits into
MohamedAklamaash wants to merge 4 commits into
Conversation
Grep/Glob/LS are read-equivalent (they expose file contents or enumerate paths), so the hook now sends them with their target path, letting read / secret policies evaluate them like a native Read instead of bypassing. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
Grep's `pattern` is a regex, not a path; forwarding it as file_path made the gateway evaluate a regex as a filesystem path. Glob's `pattern` is path-like (`**/*.env`) so it keeps the fallback. Grep/LS now use `path` only. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Collaborator
|
Superseded by #161 — a clean re-base onto staging containing only the WEB-4871 hook change (this PR's base was web-4850, which dragged in the unrelated 'longest handoff calc' commit). Same two commits, cherry-picked unchanged. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
WEB-4871 — forward Grep/Glob/LS reads from the claude-code hook
Linear: https://linear.app/unboundsec/issue/WEB-4871/classifier-output-uses-inconsistent-field-names-for-the-same-concept
What
Grep/Glob/LSare read-equivalent (they expose file contents or enumerate paths), but the hook never sent them, so they bypassed policy. The hook now forwards them with their target path so read / secret policies evaluate them like a nativeRead.Notes
web-4850(well ahead ofmain) for a clean diff — retarget if preferred.🤖 Generated with Claude Code
Greptile Summary
Review completed and submitted via the mcp__greptile-review__submit_review tool.
Confidence Score: 4/5
Safe to merge with attention to the approval-retry path for Grep/Glob.
The new forwarding logic for Grep/Glob/LS is backward-compatible and the file_path derivation is correct for the common cases. The approval_key for Grep and Glob is built from the search pattern alone, not from the combination of pattern and path, enabling a scoped search approval to be reused by a broader search within the 4-hour timeout window.
claude-code/hooks/unbound.py — specifically extract_command_for_pretool and the approval_key construction for Grep and Glob.
Comments Outside Diff (1)
claude-code/hooks/unbound.py, line 497-515 (link)LSadded toNATIVE_FILE_TOOLSandREAD_EQUIVALENT_FILE_TOOLSbutextract_command_for_pretoolwas not updated for it. The function explicitly handlesGrep(returnspattern) andGlob(returnspattern), butLSfalls through toreturn tool_name— always yielding the literal string"LS". Downstream,approval_key = f"{tool_name}:{command}"becomes"LS:LS"for every single LS invocation, collapsing distinct path listings into one deduplication bucket and sending the gateway an uninformativecommandvalue.Reviews (2): Last reviewed commit: "WEB-4871: only fall back to pattern for ..." | Re-trigger Greptile