Skip to content

WEB-5004: attach referenced file contents to tool telemetry#195

Draft
pugazhendhi-m wants to merge 1 commit into
stagingfrom
WEB-5004
Draft

WEB-5004: attach referenced file contents to tool telemetry#195
pugazhendhi-m wants to merge 1 commit into
stagingfrom
WEB-5004

Conversation

@pugazhendhi-m

Copy link
Copy Markdown
Contributor

What

Adds a uniform file_content field to the PreToolUse and PostToolUse/Stop telemetry payloads of all five coding-tool hooks (claude-code, cursor, codex, copilot, augment). For a file tool (Read/Write/Edit/MCP), the hook reads the referenced file and attaches:

file_content = [{ "path": ..., "content": ..., "truncated": <bool> }]

Uniform key + shape across every tool (single-file = 1-element list) so the gateway/backend can consume it identically.

How

  • Shared helpers (_cap_file_text, _resolve_and_read_file, _make_file_entry, _attach_file_content) are byte-identical across all 5 hooks (per-tool parity).
  • Write reuses the inline content (file may not exist on disk yet); Read/Edit read from disk, resolving relative paths against cwd (claude/cursor paths are already absolute).
  • 64KB per-file cap, truncate + per-entry truncated flag.
  • Wired at PRE (pre_tool_use_data.metadata) and POST (end-of-turn tool_use entries).

Safety / fail-open

  • Never raises or blocks the editor. Missing / binary (\x00) / non-UTF8 / permission-denied / directory / unresolvable-relative-path all silently skip.
  • os.path.isfile excludes fifos/devices/sockets (no hangs); read(cap+1) bounds huge files.
  • No new imports (only os) — no binary/unbound-hook.spec change needed.
  • Additive payload — backward compatible with the installed fleet.

Scope notes

  • Bash/shell excluded by design — only tools with a discrete file-path field.
  • No aggregate per-turn cap (per-file already bounded; the Stop exchange already carries content for Read/Write).

Follow-up (separate, gateway/backend — NOT this repo)

Gateway DLP must redact the new file_content field (not just prompt bodies), otherwise .env/keys read by the agent get stored server-side. Flagged by both /cso and /review as the one real governance item of always-on.

Testing

  • All 5 python3 -m py_compile clean.
  • Helper block md5-verified identical across all 5 files.
  • Behavioral tests pass for: abs/relative+cwd, truncation flag, binary/non-UTF8/missing/directory/permission-denied/None/empty/non-str path skips, write-inline, null-path guard, JSON-serializable output.

🤖 Generated with Claude Code

https://claude.ai/code/session_01GrSjwjtXsfxcBpANpkqQg4

Add a uniform `file_content` field to the PreToolUse and PostToolUse/Stop
payloads of all five coding-tool hooks (claude-code, cursor, codex, copilot,
augment). For a file tool (Read/Write/Edit/MCP) the hook reads the referenced
file and attaches `file_content = [{path, content, truncated}]`.

- Shared helpers (_cap_file_text, _resolve_and_read_file, _make_file_entry,
  _attach_file_content) are byte-identical across all five hooks.
- Write reuses the inline content (file may not exist on disk yet); Read/Edit
  read from disk, resolving relative paths against cwd.
- 64KB per-file cap with a per-entry `truncated` flag.
- Fail-open: missing/binary/non-UTF8/permission-denied/directory/unresolvable
  paths are silently skipped; no new imports; never raises or blocks the editor.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01GrSjwjtXsfxcBpANpkqQg4
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant