Skip to content

[DRAFT][DO NOT MERGE] Remote hooks prototype#37

Closed
liukatkat wants to merge 36 commits into
mainfrom
katrina/remote-hooks-draft
Closed

[DRAFT][DO NOT MERGE] Remote hooks prototype#37
liukatkat wants to merge 36 commits into
mainfrom
katrina/remote-hooks-draft

Conversation

@liukatkat

@liukatkat liukatkat commented Apr 9, 2026

Copy link
Copy Markdown
Collaborator

No description provided.

liukatkat and others added 30 commits November 21, 2025 14:17
@liukatkat
first commit
1cd2a3a
@liukatkat
update readme
3e9a8ac
@liukatkat
plugin template
7ca39a6
@liukatkat
initial setup (#1)
c1e77e1 
* initial setup

update workflow

tests and mcp

* remove session start hook

* set version to 0
@liukatkat
rename
ea801dc
@liukatkat
move mcp config into plugin
05ff475
@liukatkat
update name and readme
202f985
@liukatkat
remove CLAUDE.md
305923b
@liukatkat
Update plugin version
f3328c9
@liukatkat
add context hook
490b4f4
@liukatkat
update command name
0df6a47
@liukatkat
update README.md
951b65f
@liukatkat
initial setup
f3bb90d 
update workflow

tests and mcp

add session start hook
@liukatkat
output errors to stderr
d02c643
@liukatkat
update version
b71d2e2
@liukatkat
initial setup
d155db1 
update workflow

tests and mcp

add session start hook
@liukatkat
update test.yml
3720674
@liukatkat
add test for secure default hook
5964619
@liukatkat
feat: session start hook (#2)
8c48ffa 
* initial setup

update workflow

tests and mcp

add session start hook

* output errors to stderr

* update version
@liukatkat
Merge branch 'katrina/ci'
6b069ae
@liukatkat
update version and changelog
83c5f7c
@liukatkat
fix: make semgrep-version accessible by plugin (#4)
c1ad204 
* fix semgrep-version not accessible by plugin

* fix workflow

* bump version
@liukatkat
Update README with troubleshooting steps for plugin
cdb1a09
@liukatkat
chore: add PR checklist to pull request template (#6)
b68c4c4 
This PR adds a PR checklist that includes tasks that will help us maintain consistent versioning and make sure that the plugin still works!
@tef-semgrep
fix: use semgrep login --force, to avoid issues with envvars
9edd561
@tef-semgrep
Merge pull request #5 from semgrep/tef/mcp_semgrep_login
a717ab0 
fix: use semgrep login --force, to avoid issues with envvars
@liukatkat
fix: change --login to --force
4331ffd
@liukatkat
Bump version to 0.4.1 in plugin.json
9fa3dd7
@liukatkat
fix: fix secure by default test and disable hooks tests (#9)
ffc4b1a 
* fix secure by default test and disable hooks tests

* add comma
@liukatkat
Update CHANGELOG for version 0.4.1 (#8)
15596f4
liukatkat and others added 5 commits February 25, 2026 17:36
@liukatkat @claude
chore: remove tests, CI workflow, and contributing docs (#17)
1e83f1b 
These are managed in the template repo going forward. Removes:
- .github/workflows/test.yml
- .github/scripts/check-plugin-version.sh
- .github/pull_request_template.md
- CONTRIBUTING.md
- tests/ (all test shell scripts)

Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
@liukatkat @github-actions
[Template Sync] chore: sync with template (#29)
4a4b29d 
* [create-pull-request] automated change

* chore: bump version to 0.5.0

---------

Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
@liukatkat @github-actions
[Template Sync] fix: update formatting in read-me.yaml for commands (#31
6f39623 
)

* [create-pull-request] automated change

* chore: bump version to 0.5.1

---------

Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
@liukatkat
chore: update plugin and marketplace description (#34)
bdd3196 
This PR updates the description to better describe the plugin.
@liukatkat
replace local hooks with remote hooks
7440470
@liukatkat Graphite App

liukatkat commented Apr 9, 2026
edited
Loading

Copy link
Copy Markdown
Collaborator Author

This stack of pull requests is managed by Graphite. Learn more about stacking.

@liukatkat liukatkat changed the title replace local hooks with remote hooks [DRAFT][DO NOT MERGE] Remote hooks Apr 9, 2026
@liukatkat liukatkat changed the title [DRAFT][DO NOT MERGE] Remote hooks [DRAFT][DO NOT MERGE] Remote hooks prototype Apr 9, 2026
semgrep-zcs-prod-semgrep[bot]
semgrep-zcs-prod-semgrep Bot reviewed Apr 9, 2026
View reviewed changes
Comment thread plugin/scripts/run-semgrep.py
Comment on lines +135 to +224
if __name__ == "__main__":
local_url = "http://127.0.0.1:8000/api/run"
# remote_url = f"https://mcp-dev.semgrep.ai/fragment"
env_url = os.environ.get("SEMGREP_FRAGMENT_URL", None)

url = env_url or local_url
scan_rule = None

config = {}
files = []
trace = None
args = list(sys.argv[1:])

subcommand = args.pop(0)
if subcommand != "scan":
print(f"error: use {sys.argv[0]} scan ...")
sys.exit(-1)

while args:
arg = args.pop(0)
if arg.startswith("--"):
arg = arg[2:]
if arg == "config":
arg = args.pop(0)
config["rule"] = Path(arg).read_text()
else:
config[arg] = True
else:
files.append(arg)

file_path = load_file_path_claude()
files.append(file_path)

if trace: # check env
trace = {
"level": "...",
"span_id": "...",
"trace_id": "....",
"endpoint": "....",
}

app_token = os.environ.get("SEMGREP_APP_TOKEN", "")
auth = None
# check env for app token, then check settings file
if not app_token:
app_token = get_app_token_from_settings()

# print(f"app_token: {app_token}")

if app_token:
config["app_token"] = app_token
auth = SemgrepAppToken(app_token)

scan_files = load_files(Path.cwd(), files)

scan_args = {
"name": "scan",
"files": scan_files,
"config": config,
"trace": trace,
}

run_args = {"command": scan_args}

response = request_scan(url, run_args, auth=auth).json()
result = response.pop("result", None)

if result and result["json"]:
findings = result["json"]["results"]
if findings and len(findings) > 0:
reason = str(
[
{
"line": r["start"]["line"],
"display_name": r["extra"]["metadata"].get("display-name"),
"message": r["extra"]["message"],
"severity": r["extra"]["severity"],
"cwe": r["extra"]["metadata"].get("cwe"),
}
for r in findings
]
)
response = PostToolHookResponse(decision="block", reason=reason)
print(response.model_dump_json())
else:
response = PostToolHookResponse(decision="allow", reason="No findings")
print(response.model_dump_json())
else:
response = PostToolHookResponse(decision="allow", reason="No results")
print(response.model_dump_json())

@semgrep-zcs-prod-semgrep semgrep-zcs-prod-semgrep Bot Apr 9, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Semgrep identified an issue in your code:
Please move all the code under if __name__ == "__main__": into a function and make the if block just call that function. This is because any imports, variable assignments, and function definitions under the if __name__ == "__main__": block will be seen by linters and editors as if they're always available module-wide. Our linters and type checkers will not be able to identify missing imports and undefined variables if they're defined in this block but are missing outside it.

To resolve this comment:

🔧 No guidance has been designated for this issue. Fix according to your organization's approved methods.

💬 Ignore this finding

Reply with Semgrep commands to ignore this finding.

  • /fp <comment> for false positive
  • /ar <comment> for acceptable risk
  • /other <comment> for all other reasons

Alternatively, triage in Semgrep AppSec Platform to ignore the finding created by if-name-main-blocks-should-not-define-anything.

You can view more details about this finding in the Semgrep AppSec Platform.

@liukatkat liukatkat mentioned this pull request Apr 10, 2026
Draft
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@semgrep-zcs-prod-semgrep semgrep-zcs-prod-semgrep[bot] semgrep-zcs-prod-semgrep[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@liukatkat @tef-semgrep