From b239a7b5257aa9f0c285dd9beecda9cc1c29d3de Mon Sep 17 00:00:00 2001 From: jdalton Date: Sun, 12 Apr 2026 12:25:04 -0400 Subject: [PATCH 1/2] fix: use win- platform prefix and github: repository prefix in hook config --- .../hooks/setup-security-tools/external-tools.json | 12 ++++++------ .claude/hooks/setup-security-tools/index.mts | 4 ++-- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/.claude/hooks/setup-security-tools/external-tools.json b/.claude/hooks/setup-security-tools/external-tools.json index c522483b8..744671856 100644 --- a/.claude/hooks/setup-security-tools/external-tools.json +++ b/.claude/hooks/setup-security-tools/external-tools.json @@ -4,13 +4,13 @@ "zizmor": { "description": "GitHub Actions security scanner", "version": "1.23.1", - "repository": "zizmorcore/zizmor", + "repository": "github:zizmorcore/zizmor", "assets": { "darwin-arm64": "zizmor-aarch64-apple-darwin.tar.gz", "darwin-x64": "zizmor-x86_64-apple-darwin.tar.gz", "linux-arm64": "zizmor-aarch64-unknown-linux-gnu.tar.gz", "linux-x64": "zizmor-x86_64-unknown-linux-gnu.tar.gz", - "win32-x64": "zizmor-x86_64-pc-windows-msvc.zip" + "win-x64": "zizmor-x86_64-pc-windows-msvc.zip" }, "checksums": { "zizmor-aarch64-apple-darwin.tar.gz": "2632561b974c69f952258c1ab4b7432d5c7f92e555704155c3ac28a2910bd717", @@ -23,13 +23,13 @@ "sfw-free": { "description": "Socket Firewall (free tier)", "version": "v1.6.1", - "repository": "SocketDev/sfw-free", + "repository": "github:SocketDev/sfw-free", "platforms": { "darwin-arm64": "macos-arm64", "darwin-x64": "macos-x86_64", "linux-arm64": "linux-arm64", "linux-x64": "linux-x86_64", - "win32-x64": "windows-x86_64" + "win-x64": "windows-x86_64" }, "checksums": { "linux-arm64": "df2eedb2daf2572eee047adb8bfd81c9069edcb200fc7d3710fca98ec3ca81a1", @@ -43,13 +43,13 @@ "sfw-enterprise": { "description": "Socket Firewall (enterprise tier)", "version": "v1.6.1", - "repository": "SocketDev/firewall-release", + "repository": "github:SocketDev/firewall-release", "platforms": { "darwin-arm64": "macos-arm64", "darwin-x64": "macos-x86_64", "linux-arm64": "linux-arm64", "linux-x64": "linux-x86_64", - "win32-x64": "windows-x86_64" + "win-x64": "windows-x86_64" }, "checksums": { "linux-arm64": "671270231617142404a1564e52672f79b806f9df3f232fcc7606329c0246da55", diff --git a/.claude/hooks/setup-security-tools/index.mts b/.claude/hooks/setup-security-tools/index.mts index b62d36522..aa4757384 100644 --- a/.claude/hooks/setup-security-tools/index.mts +++ b/.claude/hooks/setup-security-tools/index.mts @@ -121,7 +121,7 @@ async function setupZizmor(): Promise { } // Download archive via dlx (handles caching + checksum). - const platformKey = `${process.platform}-${process.arch}` + const platformKey = `${process.platform === 'win32' ? 'win' : process.platform}-${process.arch}` const asset = ZIZMOR.assets?.[platformKey] if (!asset) throw new Error(`Unsupported platform: ${platformKey}`) const expectedSha = ZIZMOR.checksums?.[asset] @@ -174,7 +174,7 @@ async function setupSfw(apiKey: string | undefined): Promise { logger.log(`=== Socket Firewall (${isEnterprise ? 'enterprise' : 'free'}) ===`) // Platform. - const platformKey = `${process.platform}-${process.arch}` + const platformKey = `${process.platform === 'win32' ? 'win' : process.platform}-${process.arch}` const sfwPlatform = sfwConfig.platforms?.[platformKey] if (!sfwPlatform) throw new Error(`Unsupported platform: ${platformKey}`) From 1bc54fb641acc26a3481d6019eb5dc8d1e0548a6 Mon Sep 17 00:00:00 2001 From: jdalton Date: Sun, 12 Apr 2026 12:34:17 -0400 Subject: [PATCH 2/2] fix: normalize hook checksums to platform-keyed { asset, sha256 } format --- .../setup-security-tools/external-tools.json | 99 ++++++++++++------- .claude/hooks/setup-security-tools/index.mts | 27 ++--- 2 files changed, 77 insertions(+), 49 deletions(-) diff --git a/.claude/hooks/setup-security-tools/external-tools.json b/.claude/hooks/setup-security-tools/external-tools.json index 744671856..f8f6d2a2f 100644 --- a/.claude/hooks/setup-security-tools/external-tools.json +++ b/.claude/hooks/setup-security-tools/external-tools.json @@ -5,38 +5,56 @@ "description": "GitHub Actions security scanner", "version": "1.23.1", "repository": "github:zizmorcore/zizmor", - "assets": { - "darwin-arm64": "zizmor-aarch64-apple-darwin.tar.gz", - "darwin-x64": "zizmor-x86_64-apple-darwin.tar.gz", - "linux-arm64": "zizmor-aarch64-unknown-linux-gnu.tar.gz", - "linux-x64": "zizmor-x86_64-unknown-linux-gnu.tar.gz", - "win-x64": "zizmor-x86_64-pc-windows-msvc.zip" - }, + "release": "asset", "checksums": { - "zizmor-aarch64-apple-darwin.tar.gz": "2632561b974c69f952258c1ab4b7432d5c7f92e555704155c3ac28a2910bd717", - "zizmor-aarch64-unknown-linux-gnu.tar.gz": "3725d7cd7102e4d70827186389f7d5930b6878232930d0a3eb058d7e5b47e658", - "zizmor-x86_64-apple-darwin.tar.gz": "89d5ed42081dd9d0433a10b7545fac42b35f1f030885c278b9712b32c66f2597", - "zizmor-x86_64-pc-windows-msvc.zip": "33c2293ff02834720dd7cd8b47348aafb2e95a19bdc993c0ecaca9c804ade92a", - "zizmor-x86_64-unknown-linux-gnu.tar.gz": "67a8df0a14352dd81882e14876653d097b99b0f4f6b6fe798edc0320cff27aff" + "darwin-arm64": { + "asset": "zizmor-aarch64-apple-darwin.tar.gz", + "sha256": "2632561b974c69f952258c1ab4b7432d5c7f92e555704155c3ac28a2910bd717" + }, + "darwin-x64": { + "asset": "zizmor-x86_64-apple-darwin.tar.gz", + "sha256": "89d5ed42081dd9d0433a10b7545fac42b35f1f030885c278b9712b32c66f2597" + }, + "linux-arm64": { + "asset": "zizmor-aarch64-unknown-linux-gnu.tar.gz", + "sha256": "3725d7cd7102e4d70827186389f7d5930b6878232930d0a3eb058d7e5b47e658" + }, + "linux-x64": { + "asset": "zizmor-x86_64-unknown-linux-gnu.tar.gz", + "sha256": "67a8df0a14352dd81882e14876653d097b99b0f4f6b6fe798edc0320cff27aff" + }, + "win-x64": { + "asset": "zizmor-x86_64-pc-windows-msvc.zip", + "sha256": "33c2293ff02834720dd7cd8b47348aafb2e95a19bdc993c0ecaca9c804ade92a" + } } }, "sfw-free": { "description": "Socket Firewall (free tier)", "version": "v1.6.1", "repository": "github:SocketDev/sfw-free", - "platforms": { - "darwin-arm64": "macos-arm64", - "darwin-x64": "macos-x86_64", - "linux-arm64": "linux-arm64", - "linux-x64": "linux-x86_64", - "win-x64": "windows-x86_64" - }, + "release": "asset", "checksums": { - "linux-arm64": "df2eedb2daf2572eee047adb8bfd81c9069edcb200fc7d3710fca98ec3ca81a1", - "linux-x86_64": "4a1e8b65e90fce7d5fd066cf0af6c93d512065fa4222a475c8d959a6bc14b9ff", - "macos-arm64": "bf1616fc44ac49f1cb2067fedfa127a3ae65d6ec6d634efbb3098cfa355e5555", - "macos-x86_64": "724ccea19d847b79db8cc8e38f5f18ce2dd32336007f42b11bed7d2e5f4a2566", - "windows-x86_64": "c953e62ad7928d4d8f2302f5737884ea1a757babc26bed6a42b9b6b68a5d54af" + "darwin-arm64": { + "asset": "sfw-free-macos-arm64", + "sha256": "bf1616fc44ac49f1cb2067fedfa127a3ae65d6ec6d634efbb3098cfa355e5555" + }, + "darwin-x64": { + "asset": "sfw-free-macos-x86_64", + "sha256": "724ccea19d847b79db8cc8e38f5f18ce2dd32336007f42b11bed7d2e5f4a2566" + }, + "linux-arm64": { + "asset": "sfw-free-linux-arm64", + "sha256": "df2eedb2daf2572eee047adb8bfd81c9069edcb200fc7d3710fca98ec3ca81a1" + }, + "linux-x64": { + "asset": "sfw-free-linux-x86_64", + "sha256": "4a1e8b65e90fce7d5fd066cf0af6c93d512065fa4222a475c8d959a6bc14b9ff" + }, + "win-x64": { + "asset": "sfw-free-windows-x86_64.exe", + "sha256": "c953e62ad7928d4d8f2302f5737884ea1a757babc26bed6a42b9b6b68a5d54af" + } }, "ecosystems": ["npm", "yarn", "pnpm", "pip", "uv", "cargo"] }, @@ -44,19 +62,28 @@ "description": "Socket Firewall (enterprise tier)", "version": "v1.6.1", "repository": "github:SocketDev/firewall-release", - "platforms": { - "darwin-arm64": "macos-arm64", - "darwin-x64": "macos-x86_64", - "linux-arm64": "linux-arm64", - "linux-x64": "linux-x86_64", - "win-x64": "windows-x86_64" - }, + "release": "asset", "checksums": { - "linux-arm64": "671270231617142404a1564e52672f79b806f9df3f232fcc7606329c0246da55", - "linux-x86_64": "9115b4ca8021eb173eb9e9c3627deb7f1066f8debd48c5c9d9f3caabb2a26a4b", - "macos-arm64": "acad0b517601bb7408e2e611c9226f47dcccbd83333d7fc5157f1d32ed2b953d", - "macos-x86_64": "01d64d40effda35c31f8d8ee1fed1388aac0a11aba40d47fba8a36024b77500c", - "windows-x86_64": "9a50e1ddaf038138c3f85418dc5df0113bbe6fc884f5abe158beaa9aea18d70a" + "darwin-arm64": { + "asset": "sfw-macos-arm64", + "sha256": "acad0b517601bb7408e2e611c9226f47dcccbd83333d7fc5157f1d32ed2b953d" + }, + "darwin-x64": { + "asset": "sfw-macos-x86_64", + "sha256": "01d64d40effda35c31f8d8ee1fed1388aac0a11aba40d47fba8a36024b77500c" + }, + "linux-arm64": { + "asset": "sfw-linux-arm64", + "sha256": "671270231617142404a1564e52672f79b806f9df3f232fcc7606329c0246da55" + }, + "linux-x64": { + "asset": "sfw-linux-x86_64", + "sha256": "9115b4ca8021eb173eb9e9c3627deb7f1066f8debd48c5c9d9f3caabb2a26a4b" + }, + "win-x64": { + "asset": "sfw-windows-x86_64.exe", + "sha256": "9a50e1ddaf038138c3f85418dc5df0113bbe6fc884f5abe158beaa9aea18d70a" + } }, "ecosystems": ["npm", "yarn", "pnpm", "pip", "uv", "cargo", "gem", "bundler", "nuget"] } diff --git a/.claude/hooks/setup-security-tools/index.mts b/.claude/hooks/setup-security-tools/index.mts index aa4757384..a75064636 100644 --- a/.claude/hooks/setup-security-tools/index.mts +++ b/.claude/hooks/setup-security-tools/index.mts @@ -122,11 +122,13 @@ async function setupZizmor(): Promise { // Download archive via dlx (handles caching + checksum). const platformKey = `${process.platform === 'win32' ? 'win' : process.platform}-${process.arch}` - const asset = ZIZMOR.assets?.[platformKey] - if (!asset) throw new Error(`Unsupported platform: ${platformKey}`) - const expectedSha = ZIZMOR.checksums?.[asset] - if (!expectedSha) throw new Error(`No checksum for: ${asset}`) - const url = `https://github.com/${ZIZMOR.repository}/releases/download/v${ZIZMOR.version}/${asset}` + const platformEntry = ZIZMOR.checksums?.[platformKey] + if (!platformEntry) { + throw new Error(`Unsupported platform: ${platformKey}`) + } + const { asset, sha256: expectedSha } = platformEntry + const repo = ZIZMOR.repository?.replace(/^github:/, '') ?? '' + const url = `https://github.com/${repo}/releases/download/v${ZIZMOR.version}/${asset}` logger.log(`Downloading zizmor v${ZIZMOR.version} (${asset})...`) const { binaryPath: archivePath, downloaded } = await downloadBinary({ @@ -175,16 +177,15 @@ async function setupSfw(apiKey: string | undefined): Promise { // Platform. const platformKey = `${process.platform === 'win32' ? 'win' : process.platform}-${process.arch}` - const sfwPlatform = sfwConfig.platforms?.[platformKey] - if (!sfwPlatform) throw new Error(`Unsupported platform: ${platformKey}`) + const platformEntry = sfwConfig.checksums?.[platformKey] + if (!platformEntry) { + throw new Error(`Unsupported platform: ${platformKey}`) + } // Checksum + asset. - const sha256 = sfwConfig.checksums?.[sfwPlatform] - if (!sha256) throw new Error(`No checksum for: ${sfwPlatform}`) - const prefix = isEnterprise ? 'sfw' : 'sfw-free' - const suffix = sfwPlatform.startsWith('windows') ? '.exe' : '' - const asset = `${prefix}-${sfwPlatform}${suffix}` - const url = `https://github.com/${sfwConfig.repository}/releases/download/${sfwConfig.version}/${asset}` + const { asset, sha256 } = platformEntry + const repo = sfwConfig.repository?.replace(/^github:/, '') ?? '' + const url = `https://github.com/${repo}/releases/download/${sfwConfig.version}/${asset}` const binaryName = isEnterprise ? 'sfw' : 'sfw-free' // Download (with cache + checksum).