Per QA round 1 (PR #36, finding #8): hooks/project/ctx-execute-enforcer.sh has an explicit path-integrity check (lines 48-53) that fails loudly when the hook is invoked from a different path than where it was installed. hooks/global/webfetch-nudge.sh has no equivalent check.
If the repo is moved or cloned to a different path after setup, webfetch-nudge's project-hash-based cache lookup would refer to the wrong /tmp/ctx-webfetch-avail-<hash> file. The hook's fail-open posture makes this mostly harmless (it falls through to "context-mode not detected" when cache is missing and .mcp.json/settings.json don't match), but the inconsistency with the adjacent enforcer hook is worth documenting or fixing.
Fix options:
- Add a path-integrity check similar to ctx-execute-enforcer.sh:48-53 that compares the hook's invocation path against an install-time-recorded path.
- Document the fail-open-on-uncertainty posture as intentional and different from the enforcer.
Context: #36 (comment)
Per QA round 1 (PR #36, finding #8):
hooks/project/ctx-execute-enforcer.shhas an explicit path-integrity check (lines 48-53) that fails loudly when the hook is invoked from a different path than where it was installed.hooks/global/webfetch-nudge.shhas no equivalent check.If the repo is moved or cloned to a different path after setup, webfetch-nudge's project-hash-based cache lookup would refer to the wrong
/tmp/ctx-webfetch-avail-<hash>file. The hook's fail-open posture makes this mostly harmless (it falls through to "context-mode not detected" when cache is missing and .mcp.json/settings.json don't match), but the inconsistency with the adjacent enforcer hook is worth documenting or fixing.Fix options:
Context: #36 (comment)