feat(lint): 個人パス検出 lint rule (no-personal-paths) を追加#76
Merged
Conversation
PR #75 の post-merge-feedback で得られた Tier 1 提案を実装。 custom-lint-rules.toml に新規 rule を追加: - pattern: 'C:\Users\[A-Za-z][A-Za-z0-9_-]+\|/home/[a-z][a-z0-9_-]+/' - extensions: md / txt - severity: error - placeholder (<USER_NAME>, %USERPROFILE%, ~/, $HOME) は character class ([A-Za-z] / [a-z]) で開始位置を縛り自動除外 由来: PR #75 で同種 PII 指摘が 3 箇所同時発生 (ADR-030 line 143、 todo.md line 35/48)。PR #74 でも前例あり、CodeRabbit Major 指摘の 頻出パターンとして Plankton Tier 1 (決定論的防止) で固定化する。 カスタムリンタは std::fs::read_to_string で runtime ロードのため exe rebuild 不要。既存 45 件のリンターテスト全 PASS で regex 妥当性確認済。
📝 Walkthroughウォークスルー
変更
推定コード審査工数🎯 2 (Simple) | ⏱️ ~10 分 関連の可能性のあるPR
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Owner
Author
|
@coderabbitai review |
✅ Actions performedReview triggered.
|
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
🧹 Nitpick comments (1)
.claude/custom-lint-rules.toml (1)
56-62: 末尾セパレータ非依存のケースを検出できない点を考慮ください(任意)
patternは末尾の\\//を必須としているため、文末や句読点の直前に現れるケースが見逃されます。
- 検出されない例:
ログは C:\Users\alice にあります。- 検出されない例:
~/work と /home/alice を比較- 検出されない例: 1 文字ユーザー名
C:\Users\a\...(+のため username 最低 2 文字)
whyで「PII 流出防止」を目的としている以上、末尾セパレータの有無で取りこぼすのはルール意図とずれる可能性があります。lookahead が使えない制約下でも、末尾を任意化することで検出範囲を広げられます。♻️ パターン拡張案(末尾セパレータを任意化+1 文字ユーザー名対応)
-pattern = 'C:\\Users\\[A-Za-z][A-Za-z0-9_-]+\\|/home/[a-z][a-z0-9_-]+/' +pattern = 'C:\\Users\\[A-Za-z][A-Za-z0-9_-]*[\\/ \t.,;:)"`]|/home/[a-z][a-z0-9_-]*[/ \t.,;:)"`]'ポイント:
+→*で 1 文字ユーザー名も許容- 末尾を
[\\/ ...]のいずれかにすることで、句読点・スペース・引用符終端も検出- プレースホルダ除外戦略(先頭
[A-Za-z]/[a-z])はそのまま維持なお、コメント(Lines 50-54)にこの新たなトレードオフ(句読点パターンを末尾文字クラスに固定する設計)の説明を追記しておくと、将来のメンテナにとって意図が明確になります。
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.claude/custom-lint-rules.toml around lines 56 - 62, The "no-personal-paths" rule's pattern currently requires a trailing separator and a username of at least two chars, so paths like "C:\Users\a" or "~/alice" at sentence end are missed; update the rule id "no-personal-paths" to make the username quantifier permissive (use * instead of + to allow 1-char names) and make the trailing separator optional (so matches whether the path ends with a slash/backslash or terminates before punctuation/whitespace); also update the adjacent comment explaining this tradeoff (previous comment lines describing the pattern) to document why the trailing-separator class was chosen and the implications for false positives.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Nitpick comments:
In @.claude/custom-lint-rules.toml:
- Around line 56-62: The "no-personal-paths" rule's pattern currently requires a
trailing separator and a username of at least two chars, so paths like
"C:\Users\a" or "~/alice" at sentence end are missed; update the rule id
"no-personal-paths" to make the username quantifier permissive (use * instead of
+ to allow 1-char names) and make the trailing separator optional (so matches
whether the path ends with a slash/backslash or terminates before
punctuation/whitespace); also update the adjacent comment explaining this
tradeoff (previous comment lines describing the pattern) to document why the
trailing-separator class was chosen and the implications for false positives.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: 716efc28-1c46-422f-960e-e4d46ba00fe1
📒 Files selected for processing (1)
.claude/custom-lint-rules.toml
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
.claude/custom-lint-rules.tomlにno-personal-pathsルールを追加C:\Users\<実名>\) / Unix (/home/<実名>/) の絶対パスを検出<USER_NAME>,%USERPROFILE%,~,$HOME) は character class で自動除外alice) を採用Context
PR #75 (ADR-030 起案) の post-merge-feedback (ADR-014/030 dogfood) で得られた Tier 1 提案 を実装。
PR #75 では同種 PII 指摘が CodeRabbit Major で 3 箇所同時発生 (ADR-030 line 143、todo.md line 35/48)、PR #74 でも前例あり。頻出パターンとして Plankton Tier 1 (決定論的防止) で固定化する。
実装戦略: Rust regex 1.10 は lookahead 非対応のため、character class の開始位置 (
[A-Za-z]/[a-z]) で placeholder を自動除外する。残る false positive はC:\Users\Public\等のシステム名のみで md docs では稀のため許容。Validation
cargo test -p hooks-post-tool-linter: 45 件全 PASS (regex compile 妥当性確認)pnpm pushquality gate: lint / test / build / rust-test 全 PASSall("approved")、5m16s)std::fs::read_to_stringatsrc/hooks-post-tool-linter/src/main.rs:316) のため exe rebuild 不要References
feedback_review_list_with_assessment.md— 本 PR 由来、未対応レビュー列挙時の評価添付運用Summary by CodeRabbit
リリースノート