comments

Author: Chhinna

src/utils/installPushProtectionHook.js

@@ -105,7 +105,12 @@ export function installPushProtectionHook(workspacePath) {
       chmodSync(hookPath, 0o755);
       return { installed: true, hookPath, message: 'Hook updated' };
     }
-    // There's a user-managed hook — append our block (no duplicate shebang)
+    // There's a user-managed hook — append only for shell hooks to avoid breaking non-shell scripts
+    const firstLine = existing.split('\n', 1)[0] || '';
+    const isShellHook = firstLine.startsWith('#!') ? /\/(ba|z|k)?sh(\s|$)/.test(firstLine) : true;
+    if (!isShellHook) {
+      return { installed: false, hookPath, message: 'Existing pre-push hook is non-shell; cannot append CodeAnt block safely' };
+    }
     const appended = existing.trimEnd() + '\n\n' + buildHookBlock() + '\n';
     writeFileSync(hookPath, appended, 'utf-8');
     chmodSync(hookPath, 0o755);

tests/secretsApiHelper.test.js

@@ -185,10 +185,7 @@ describe('Secrets detection e2e tests', () => {
 
       const result = await scanSecrets('staged-only');
 
-      const highConfidenceSecrets = result.secretsDetected.flatMap(f =>
-        f.secrets.filter(s => s.confidence_score?.toUpperCase() === 'HIGH')
-      );
-      expect(highConfidenceSecrets).toHaveLength(0);
+      expect(result.secretsDetected.flatMap(f => f.secrets)).toHaveLength(0);
     }, 30000);
 
     it('no secrets in placeholder/example values', async () => {
@@ -205,10 +202,7 @@ describe('Secrets detection e2e tests', () => {
 
       const result = await scanSecrets('staged-only');
 
-      const highConfidenceSecrets = result.secretsDetected.flatMap(f =>
-        f.secrets.filter(s => s.confidence_score?.toUpperCase() === 'HIGH')
-      );
-      expect(highConfidenceSecrets).toHaveLength(0);
+      expect(result.secretsDetected.flatMap(f => f.secrets)).toHaveLength(0);
     }, 30000);
   });
 
@@ -377,7 +371,6 @@ describe('Secrets detection e2e tests', () => {
       const secret = fileResult.secrets[0];
       expect(secret).toHaveProperty('type');
       expect(secret).toHaveProperty('line_number');
-      expect(secret).toHaveProperty('confidence_score');
     }, 30000);
 
     it('returns empty secretsDetected for no-files scan', async () => {