llm-security/tests/hooks
Kjell Tore Guttormsen 32199965f2 fix(llm-security): post-mcp-verify reads live PostToolUse tool_response field
The PostToolUse hook read input.tool_output, but live Claude Code delivers the tool result as tool_response — so the indirect-injection scan on MCP tool output silently never fired outside the test harness (which sent tool_output). The hook now reads tool_response with a tool_output fallback for older harnesses/fixtures. +3 tests covering string and object tool_response and the precedence. Found via a live-session check during the v7.8.3 sweep; not one of the 52 MEDIUM-tier findings. Suite 2016/0.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

Claude-Session: https://claude.ai/code/session_01TcQyMTQfyrsAapaCMPxTtQ
2026-07-18 11:00:34 +02:00
..
hook-helper.mjs feat(ultraplan-local): v1.6.0 — /ultraresearch-local deep research command 2026-04-08 08:58:35 +02:00
post-mcp-verify.test.mjs fix(llm-security): post-mcp-verify reads live PostToolUse tool_response field 2026-07-18 11:00:34 +02:00
post-session-guard.test.mjs fix(llm-security): hook coverage — pathguard on Edit, trifecta window, pipe-to-shell, provider keys (#9,#10,#12,#13,#11-doc) 2026-07-18 10:36:39 +02:00
pre-bash-destructive.test.mjs fix(llm-security): hook coverage — pathguard on Edit, trifecta window, pipe-to-shell, provider keys (#9,#10,#12,#13,#11-doc) 2026-07-18 10:36:39 +02:00
pre-compact-scan.test.mjs chore(llm-security): v7.3.1 — stabilization patch for forkers and downstream users 2026-05-01 06:14:03 +02:00
pre-edit-secrets.test.mjs fix(llm-security): hook coverage — pathguard on Edit, trifecta window, pipe-to-shell, provider keys (#9,#10,#12,#13,#11-doc) 2026-07-18 10:36:39 +02:00
pre-install-supply-chain.test.mjs fix(llm-security): supply-chain gate bypasses — npm/yarn blocklist + pip-audit (#14-#19,#48) 2026-07-18 10:14:51 +02:00
pre-prompt-inject-scan.test.mjs feat(ultraplan-local): v1.6.0 — /ultraresearch-local deep research command 2026-04-08 08:58:35 +02:00
pre-write-pathguard.test.mjs fix(llm-security): hook coverage — pathguard on Edit, trifecta window, pipe-to-shell, provider keys (#9,#10,#12,#13,#11-doc) 2026-07-18 10:36:39 +02:00
probe-secrets.mjs feat(ultraplan-local): v1.6.0 — /ultraresearch-local deep research command 2026-04-08 08:58:35 +02:00
supply-chain-injection.test.mjs fix(llm-security): F-2/F-3 — contain path traversal + kill npm-view shell injection 2026-06-20 11:09:13 +02:00
update-check.test.mjs feat(ultraplan-local): v1.6.0 — /ultraresearch-local deep research command 2026-04-08 08:58:35 +02:00