CM-60929: Add report mode to ai-guardrails install#410
Open
CM-60929: Add report mode to ai-guardrails install#410
Conversation
…efault - Add InstallMode enum (report/block) and --mode/-m flag defaulting to report - Report mode: async non-blocking hooks + warn policy file - Block mode: sync blocking hooks + block policy file - Add sessionStart/SessionStart auth check hook for both Cursor and Claude Code - Policy file merges with existing on re-install, only updating mode - Improve hook deduplication to recognize both scan and auth commands - Add 14 tests covering async/sync configs, sessionStart, and policy file creation Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Ilanlido
requested review from
elsapet,
gotbadger and
mateusz-sterczewski
as code owners
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
gotbadger
requested changes
Mar 16, 2026
Collaborator
gotbadger
left a comment
gotbadger
left a comment
There was a problem hiding this comment.
please revisit the session start behaviour
|
|
||
| # Command used in hooks | ||
| CYCODE_SCAN_PROMPT_COMMAND = 'cycode ai-guardrails scan' | ||
| CYCODE_AUTH_CHECK_COMMAND = "if cycode status 2>&1 | grep -q 'Is authenticated: False'; then cycode auth 2>&1; fi" |
Collaborator
There was a problem hiding this comment.
I don't think this is a very good idea we should do any checks within the application. If we need to do this kind of check/auth we could for example add a flag to the status command. Alternatively you could add a command to check within ai-guardrails namespace like session_start this is probably the best option as it can be expanded for any other requirements
| hooks = {event: [{'command': CYCODE_SCAN_PROMPT_COMMAND}] for event in config.hook_events} | ||
| command = f'{CYCODE_SCAN_PROMPT_COMMAND} &' if async_mode else CYCODE_SCAN_PROMPT_COMMAND | ||
| hooks = {event: [{'command': command}] for event in config.hook_events} | ||
| hooks['sessionStart'] = [{'command': CYCODE_AUTH_CHECK_COMMAND}] |
Collaborator
There was a problem hiding this comment.
its not actually checking auth its causing the auth to happen if its not authed as written at the moment.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
--modeflag (report|block) toai-guardrails install, defaulting toreportwarnmodeblockmodesessionStart/SessionStartauth check hook for both Cursor and Claude Code (auto-authenticates on IDE start)modefieldTest plan
poetry run cycode ai-guardrails install --ide claude-code(report mode default)poetry run cycode ai-guardrails install --ide claude-code --mode block🤖 Generated with Claude Code