elias/everything-claude-code
1
0
Fork 0
mirror of https://github.com/affaan-m/everything-claude-code.git synced 2026-04-30 16:45:48 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix: fail open on insaits monitor errors

Browse Source
This commit is contained in:
Affaan Mustafa 2026-04-29 18:03:33 -04:00
parent b40de37ccb
commit 1c2d5dd389
2 changed files with 37 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
scripts/hooks/insaits-security-wrapper.js
View File

@ -98,6 +98,16 @@ process.stdin.on('end', () => {
process.exit(0); process.exit(0);
} }
// The monitor only uses 0 (pass) and 2 (block). Other statuses usually
// mean Python launcher/dependency/runtime failure, so keep the hook fail-open.
if (result.status !== 0 && result.status !== 2) {
const detail = (result.stderr || result.stdout || '').trim();
const suffix = detail ? `: ${detail}` : '';
process.stderr.write(`[InsAIts] Security monitor exited with status ${result.status}${suffix}\n`);
process.stdout.write(raw);
process.exit(0);
}
if (result.stdout) { if (result.stdout) {
process.stdout.write(result.stdout); process.stdout.write(result.stdout);
} else if (result.status === 0) { } else if (result.status === 0) {

28
tests/hooks/insaits-security-wrapper.test.js
View File

@ -166,6 +166,29 @@ function runTests() {
} }
})) passed++; else failed++; })) passed++; else failed++;
if (test('enabled monitor unexpected failure fails open with warning and raw stdin', () => {
const tempDir = createTempDir();
try {
writeFakePython(path.join(tempDir, 'bin'));
const result = run({
input: 'raw-input',
env: {
ECC_ENABLE_INSAITS: '1',
FAKE_INSAITS_MODE: 'error',
PATH: path.join(tempDir, 'bin'),
},
});
assert.strictEqual(result.status, 0);
assert.strictEqual(result.stdout, 'raw-input');
assert.ok(result.stderr.includes('Security monitor exited with status 1'));
assert.ok(result.stderr.includes('spawned but failed'));
} finally {
cleanup(tempDir);
}
})) passed++; else failed++;
if (test('missing Python fails open with warning and raw stdin', () => { if (test('missing Python fails open with warning and raw stdin', () => {
const result = run({ const result = run({
input: 'raw-input', input: 'raw-input',
@ -177,7 +200,10 @@ function runTests() {
assert.strictEqual(result.status, 0); assert.strictEqual(result.status, 0);
assert.strictEqual(result.stdout, 'raw-input'); assert.strictEqual(result.stdout, 'raw-input');
assert.ok(result.stderr.includes('python3/python not found')); assert.ok(
result.stderr.includes('python3/python not found')
|| result.stderr.includes('Security monitor exited with status')
);
})) passed++; else failed++; })) passed++; else failed++;
console.log(`\nResults: Passed: ${passed}, Failed: ${failed}`); console.log(`\nResults: Passed: ${passed}, Failed: ${failed}`);