* fix(hooks): make hook scripts compatible with Windows Git Bash and use stdin JSON protocol
- Replace `grep -P` (Perl regex) with `sed` for JSON field extraction,
as Windows Git Bash does not support `grep -P`
- Replace positional arg (`$1`) with stdin JSON parsing to match the
actual Claude Code hook protocol (hooks receive data via stdin, not args)
- Fix JSON double-quote escaping in grep patterns that silently fails
on Windows Git Bash
- Remove python3 dependency for JSON parsing, making scripts portable
- Add Windows Git Bash to compatibility notes in script headers
Affected scripts: security-scan.sh, validate-prompt.sh, log-bash.sh, format-code.sh
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(hooks): address review issues in Windows Git Bash compatibility scripts
- security-scan.sh: wrap output in hookSpecificOutput format required by
PostToolUse protocol; restore secret/token detection pattern that was
dropped; escape file path and issues for safe JSON construction
- validate-prompt.sh: extract "user_prompt" field first (Claude Code
UserPromptSubmit protocol), falling back to "prompt"
- log-bash.sh: document sed truncation limitation for commands with
double-quoted strings
- format-code.sh: fix misleading comment about updatedInput output
* fix(hooks): produce valid JSON from security-scan.sh
- Use \\n (JSON newline escape) when building ISSUES, not real newlines,
so the value passes safely through printf into the JSON string
- Remove the real-newline-to-\\n sed pass (no longer needed)
- Output is now verifiably valid JSON per python3 json.loads
* fix(hooks): fix grep -E POSIX compat and semgrep/trufflehog stdout mixing
- Replace \s with [[:space:]] in grep -E patterns (security-scan.sh lines
34,44): \s is a Perl extension, silently fails on macOS BSD grep and
BusyBox — password/secret detection was a no-op on macOS
- Suppress stdout of semgrep/trufflehog (>/dev/null) to prevent their
output mixing with hookSpecificOutput JSON, which would produce invalid
JSON and cause the additionalContext to fail parsing
- Fix format-code.sh hook comment: PreToolUse → PostToolUse (matches
README example and actual hook behavior)
---------
Co-authored-by: Bruce <binyuli1993@foxmail.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
- Replace `grep -P` (Perl regex) with `sed` for JSON field extraction,
as Windows Git Bash does not support `grep -P`
- Replace positional arg (`$1`) with stdin JSON parsing to match the
actual Claude Code hook protocol (hooks receive data via stdin, not args)
- Fix JSON double-quote escaping in grep patterns that silently fails
on Windows Git Bash
- Remove python3 dependency for JSON parsing, making scripts portable
- Add Windows Git Bash to compatibility notes in script headers
Affected scripts: security-scan.sh, validate-prompt.sh, log-bash.sh, format-code.sh
Co-authored-by: Bruce <binyuli1993@foxmail.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>