- Replace raw fs.readFileSync with readFile() from utils in
check-console-log.js and post-edit-console-warn.js to eliminate
TOCTOU race conditions (file deleted between existsSync and read)
- Remove redundant existsSync in post-edit-format.js (exec already
handles missing files via its catch block)
- Resolve path upfront in post-edit-typecheck.js before tsconfig walk
- Add type guard in getGitModifiedFiles() to skip non-string and
empty patterns before regex compilation
Core library fixes:
- session-manager.js: wrap all statSync calls in try-catch to prevent
TOCTOU crashes when files are deleted between readdir and stat
- session-manager.js: use birthtime||ctime fallback for Linux compat
- session-manager.js: remove redundant existsSync before readFile
- utils.js: fix findFiles TOCTOU race on statSync inside readdir loop
Hook improvements:
- Add 1MB stdin buffer limits to all PostToolUse hooks to prevent
unbounded memory growth from large payloads
- suggest-compact.js: use fd-based atomic read+write for counter file
to reduce race window between concurrent invocations
- session-end.js: log when transcript file is missing, check
replaceInFile return value for failed timestamp updates
- start-observer.sh: log claude CLI failures instead of silently
swallowing them, check observations file exists before analysis
Test fixes:
- Fix blocking hook tests to send matching input (dev server command)
and expect correct exit code 2 instead of 1
Move three complex inline hooks from hooks.json into proper external
scripts in scripts/hooks/:
- post-edit-format.js: Prettier auto-formatting (was 1 minified line)
- post-edit-typecheck.js: TypeScript check (was 1 minified line with
unbounded directory traversal, now capped at 20 levels)
- post-edit-console-warn.js: console.log warnings (was 1 minified line)
Benefits:
- Readable, documented, and properly error-handled
- Testable independently via stdin
- Consistent with other hooks (all use external scripts now)
- Adds timeouts to Prettier (15s) and tsc (30s) to prevent hangs
