curo/Business-Management
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
0d34867a69992c46a3d3d5292418a783566cb85f
Business-Management/.githooks/pre-commit
T
curo1305 0d34867a69 Add PDF document service with AI extraction and per-app settings 
- New `features/doc-service` FastAPI microservice: PDF upload, async
  text extraction (pdfplumber), AI classification via Anthropic/Ollama/
  LM Studio, per-user categories, file download
- Alembic migration isolated with `alembic_version_doc_service` table
- Main backend: httpx proxy routers for /api/documents/* and
  /api/documents/categories/*, admin settings API at /api/settings/*
- Runtime config in /config/doc_service_config.json (shared Docker
  volume); api_key masking on reads; atomic write with os.replace()
- Frontend: DocumentsPage, DocumentAdminSettingsPage, updated AppsPage
  launcher hub, simplified Nav (removed Settings link), new routes
- docker-compose: doc-service service, doc_data + app_config volumes,
  removed internal:true from backend-net for outbound AI API calls
- Fix pre-commit hook: probe Docker socket path so git subprocess picks
  up Docker Desktop on macOS
- Fix security_check.py: use sys.executable for bandit so venv python
  is used instead of system python

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-14 05:28:11 +02:00

44 lines
1.3 KiB
Bash
Executable File
Raw Blame History

#!/bin/sh
# Security pre-commit hook — runs checks inside Docker, no host installs required.
# Install: git config core.hooksPath .githooks
REPO_ROOT="$(git rev-parse --show-toplevel)"
# Resolve Docker socket — the git hook environment may not inherit the active
# Docker context, so we probe common socket paths explicitly.
if [ -S "/Users/$USER/.docker/run/docker.sock" ]; then
export DOCKER_HOST="unix:///Users/$USER/.docker/run/docker.sock"
elif [ -S "/var/run/docker.sock" ]; then
export DOCKER_HOST="unix:///var/run/docker.sock"
fi
# Collect staged files on the host and pass them into the container as arguments
STAGED=$(git diff --cached --name-only --diff-filter=ACM)
if [ -z "$STAGED" ]; then
echo "[pre-commit] no staged files — skipping security check."
exit 0
fi
echo "[pre-commit] running security checks..."
# Pass staged file list via environment variable
docker run --rm \
-v "$REPO_ROOT":/repo \
-w /repo \
-e STAGED_FILES="$STAGED" \
-u 1001:1001 \
-e PIP_DISABLE_PIP_VERSION_CHECK=1 \
-e PIP_NO_CACHE_DIR=1 \
python:3.12-slim \
sh -c "python -m venv /tmp/venv && /tmp/venv/bin/pip install --quiet bandit && /tmp/venv/bin/python scripts/security_check.py"
EXIT_CODE=$?
if [ $EXIT_CODE -ne 0 ]; then
echo "[pre-commit] commit blocked by security check."
exit 1
fi
exit 0
Reference in New Issue View Git Blame Copy Permalink