Skip to content

refactor: remove passive shell hook implementation#109

Open
AyushSrivastava1818 wants to merge 3 commits into
adithya-naik:developfrom
AyushSrivastava1818:remove-shell-hook-99
Open

refactor: remove passive shell hook implementation#109
AyushSrivastava1818 wants to merge 3 commits into
adithya-naik:developfrom
AyushSrivastava1818:remove-shell-hook-99

Conversation

@AyushSrivastava1818

@AyushSrivastava1818 AyushSrivastava1818 commented Jul 1, 2026

Copy link
Copy Markdown

Summary

This PR removes the passive shell hook implementation as part of the security refactor described in #99.

Changes made

  • Removed the tracker hook and tracker unhook CLI commands.
  • Deleted src/utils/hook.js, which contained the shell hook installation/removal logic.
  • Deleted src/commands/hook.js, since it became unused after removing the hook feature.
  • Removed CLI references and outdated comments related to shell hooks.
  • Updated the CI workflow by removing validation checks for the deleted hook files.
  • Verified the CLI continues to load successfully and passes linting.

Validation

  • npm install
  • npm run lint
  • npm test
  • ✅ Verified tracker --help and tracker --version

Scope

I intentionally did not modify package.json (such as the package description or keywords) because this issue is focused on removing the passive shell hook implementation. Those metadata changes are broader project-level updates and can be handled separately if desired, keeping this PR focused on the requested refactor.

Summary by CodeRabbit

  • Breaking Changes
    • Removed the hook and unhook commands from the CLI, along with automatic shell-hook setup.
  • Documentation
    • Updated README and GitHub Release “Quick Start” to emphasize manual, project-based command saving and listing (including revised Fish guidance).
    • Shortened CLI tracker save help text and removed auto-capture wording.
  • Chores
    • Removed hook-related implementation files and related CLI wiring.
  • Tests
    • Updated CI project-structure checks to no longer require hook-related files.

@coderabbitai

coderabbitai Bot commented Jul 1, 2026

Copy link
Copy Markdown

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 524c5cc5-cb04-4271-911c-04edf9a99385

📥 Commits

Reviewing files that changed from the base of the PR and between 0bb4caa and faa3367.

📒 Files selected for processing (2)
  • README.md
  • bin/tracker.js
✅ Files skipped from review due to trivial changes (1)
  • README.md
🚧 Files skipped from review as they are similar to previous changes (1)
  • bin/tracker.js

📝 Walkthrough

Walkthrough

This PR removes shell-hook support, deletes the hook command modules, unwires the CLI entries, and updates CI, release notes, and README content to describe manual command saving instead.

Changes

Shell hook feature removal

Layer / File(s) Summary
Delete hook command and utility modules
src/commands/hook.js, src/utils/hook.js
Removes hookCommand/unhookCommand exports and shell detection/install/remove logic.
Unwire hook/unhook CLI commands and update help text
bin/tracker.js
Removes the hook module import and hook/unhook command registrations; rewrites comments and the save command description to drop shell-hook wording.
Rewrite onboarding and shell support guidance
README.md, .github/workflows/publish.yml
Updates README product, quick start, and shell-support text to focus on tracker save/tracker list, and removes hook/setup lines from the release body.
Remove CI file existence checks for hook files
.github/workflows/ci.yml
Removes required-file assertions for src/utils/hook.js and src/commands/hook.js in the project structure validation step.

Estimated code review effort: 2 (Simple) | ~10 minutes

Possibly related PRs

  • adithya-naik/cmd-tracker#86: Introduces Fish tracker hook setup guidance that this PR removes and replaces with manual save-only instructions.
  • adithya-naik/cmd-tracker#96: Also touches src/utils/hook.js and src/commands/hook.js, overlapping with the files deleted here.

Suggested reviewers: adithya-naik

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title accurately summarizes the main change: removing the passive shell hook implementation.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)
bin/tracker.js (1)

51-52: 🎯 Functional Correctness | 🟠 Major | ⚡ Quick win

Stale docs still reference removed hook/unhook commands.

The CLI cleanly removes the hook/unhook registrations and their import here, but downstream release/onboarding docs still instruct users to run the now-deleted command. .github/workflows/publish.yml release notes include npx tracker hook in its Quick Start, and README.md still documents tracker hook/tracker unhook as available commands. Once this PR merges, following those docs will fail with an unknown-command error.

Suggest updating .github/workflows/publish.yml and README.md in this PR (or a fast-follow) to drop the hook/unhook references, matching the CLI removal.

Also applies to: 214-214

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@bin/tracker.js` around lines 51 - 52, The CLI no longer registers
hook/unhook, so update the remaining docs to match the current command set. In
README and the publish workflow release notes, remove any `tracker hook` and
`tracker unhook` references and replace them with the supported commands shown
by `exportCommand` and `favoriteCommand`/`favoritesCommand` from
`bin/tracker.js`. Keep the onboarding/release examples aligned with the removed
import and command registration so users don’t copy an invalid command.
🧹 Nitpick comments (1)
bin/tracker.js (1)

214-214: 📐 Maintainability & Code Quality | 🔵 Trivial | 💤 Low value

Stale shell-hook wording left in other command modules.

src/commands/list.js still tells users to "run commands normally if shell hook is set up," and src/commands/save.js comments still say "save runs automatically via shell hook." Now that the hook feature is fully removed, these references are misleading.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@bin/tracker.js` at line 214, Remove the leftover shell-hook references from
the command modules that still mention the removed feature. Update the
user-facing text and comments in src/commands/list.js and src/commands/save.js
so they no longer say to “run commands normally if shell hook is set up” or that
“save runs automatically via shell hook,” and replace them with the current
manual behavior using the relevant command handlers in those modules.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Outside diff comments:
In `@bin/tracker.js`:
- Around line 51-52: The CLI no longer registers hook/unhook, so update the
remaining docs to match the current command set. In README and the publish
workflow release notes, remove any `tracker hook` and `tracker unhook`
references and replace them with the supported commands shown by `exportCommand`
and `favoriteCommand`/`favoritesCommand` from `bin/tracker.js`. Keep the
onboarding/release examples aligned with the removed import and command
registration so users don’t copy an invalid command.

---

Nitpick comments:
In `@bin/tracker.js`:
- Line 214: Remove the leftover shell-hook references from the command modules
that still mention the removed feature. Update the user-facing text and comments
in src/commands/list.js and src/commands/save.js so they no longer say to “run
commands normally if shell hook is set up” or that “save runs automatically via
shell hook,” and replace them with the current manual behavior using the
relevant command handlers in those modules.

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 5d342f39-75a0-41c7-98aa-6774a738b7ef

📥 Commits

Reviewing files that changed from the base of the PR and between 24645af and e30dd99.

📒 Files selected for processing (4)
  • .github/workflows/ci.yml
  • bin/tracker.js
  • src/commands/hook.js
  • src/utils/hook.js
💤 Files with no reviewable changes (3)
  • src/commands/hook.js
  • src/utils/hook.js
  • .github/workflows/ci.yml

@AyushSrivastava1818

Copy link
Copy Markdown
Author

Hi @adithya-naik! 👋

I've addressed the CodeRabbit feedback and pushed an update to this PR.

Changes made

  • Removed the remaining references to tracker hook and tracker unhook from the documentation.
  • Updated the README Quick Start and command documentation to match the current CLI behavior.
  • Updated the GitHub release workflow (publish.yml) by removing the outdated shell hook instructions.
  • Aligned the documentation with the passive shell hook removal introduced in this PR.

Thanks again for the review and guidance! Please let me know if there's anything else you'd like me to improve. I'm happy to make any additional changes if needed. 🚀

Repository owner deleted a comment from coderabbitai Bot Jul 1, 2026

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 3

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@README.md`:
- Line 5: The README heading hierarchy is skipping a level: the subtitle under
the document title is using h3 instead of h2. Update the markdown in README.md
so the line with “A developer tool that categorizes and saves terminal commands
per project for easy revision” uses the proper heading level to follow the
top-level title and satisfy MD001.
- Line 5: The CLI help text is out of sync with the README because
program.description() in the bin/tracker.js entrypoint still says
“auto-captures.” Update that description string to match the current README
wording (“A developer tool that categorizes and saves terminal commands per
project for easy revision”) so the documented behavior and help output stay
consistent.
- Line 168: Update the platform support table entry for Fish in README.md
because the current “Full support” label no longer matches the manual-save
behavior. Adjust the Fish row in the support table to reflect that users must
run tracker save explicitly, and keep the wording consistent with how
PowerShell/CMD are described; use the support-table row for Fish as the unique
location to update.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 5422c64a-fa38-4ff4-b162-a903d36ca0a6

📥 Commits

Reviewing files that changed from the base of the PR and between e30dd99 and 0bb4caa.

📒 Files selected for processing (2)
  • .github/workflows/publish.yml
  • README.md
💤 Files with no reviewable changes (1)
  • .github/workflows/publish.yml

Comment thread README.md Outdated
# 📟 cmd-tracker

### A developer tool that auto-captures, categorizes and saves terminal commands per project for easy revision
### A developer tool that categorizes and saves terminal commands per project for easy revision

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

📐 Maintainability & Code Quality | 🟡 Minor | ⚡ Quick win

Fix heading level increment.

Line 5 uses h3 (###) but follows the document title (h1), violating markdownlint rule MD001. Change to h2 (##) to maintain proper heading hierarchy.

-### A developer tool that categorizes and saves terminal commands per project for easy revision
+## A developer tool that categorizes and saves terminal commands per project for easy revision
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
### A developer tool that categorizes and saves terminal commands per project for easy revision
## A developer tool that categorizes and saves terminal commands per project for easy revision
🧰 Tools
🪛 markdownlint-cli2 (0.22.1)

[warning] 5-5: Heading levels should only increment by one level at a time
Expected: h2; Actual: h3

(MD001, heading-increment)

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@README.md` at line 5, The README heading hierarchy is skipping a level: the
subtitle under the document title is using h3 instead of h2. Update the markdown
in README.md so the line with “A developer tool that categorizes and saves
terminal commands per project for easy revision” uses the proper heading level
to follow the top-level title and satisfy MD001.

Source: Linters/SAST tools


🎯 Functional Correctness | 🟡 Minor | ⚡ Quick win

CLI help text still claims "auto-captures".

The program.description() in bin/tracker.js still reads "📟 A developer tool that auto-captures, categorizes and saves terminal commands per project for easy revision" (lines 10–63 in the CLI entrypoint). Since the README removed the auto-capture narrative, the CLI help string is now inconsistent with the documented behavior. Align the CLI description with the README wording.

 // In bin/tracker.js
-program.description('📟 A developer tool that auto-captures, categorizes and saves terminal commands per project for easy revision');
+program.description('📟 A developer tool that categorizes and saves terminal commands per project for easy revision');
🧰 Tools
🪛 markdownlint-cli2 (0.22.1)

[warning] 5-5: Heading levels should only increment by one level at a time
Expected: h2; Actual: h3

(MD001, heading-increment)

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@README.md` at line 5, The CLI help text is out of sync with the README
because program.description() in the bin/tracker.js entrypoint still says
“auto-captures.” Update that description string to match the current README
wording (“A developer tool that categorizes and saves terminal commands per
project for easy revision”) so the documented behavior and help output stay
consistent.

Comment thread README.md Outdated
@coderabbitai

coderabbitai Bot commented Jul 1, 2026

Copy link
Copy Markdown

Caution

Failed to replace (edit) comment. This is likely due to insufficient permissions or the comment being deleted.

Error details
{"name":"HttpError","status":404,"request":{"method":"PATCH","url":"https://api.github.com/repos/adithya-naik/cmd-tracker/issues/comments/4852607894","headers":{"accept":"application/vnd.github.v3+json","user-agent":"octokit.js/0.0.0-development octokit-core.js/7.0.6 Node.js/24","content-type":"application/json; charset=utf-8"},"body":{"body":"<!-- This is an auto-generated reply by CodeRabbit -->\n<!-- CodeRabbit review command invocation: 0f479a30-2211-41f5-9313-c68349d58c08 -->\n<details>\n<summary>✅ Action performed</summary>\n\nReview finished.\n\n> Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.\n\n</details>"},"request":{"retryCount":1,"signal":{}}},"response":{"url":"https://api.github.com/repos/adithya-naik/cmd-tracker/issues/comments/4852607894","status":404,"headers":{"access-control-allow-origin":"*","access-control-expose-headers":"ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, X-GitHub-Request-Id, Deprecation, Sunset, Warning","content-encoding":"gzip","content-security-policy":"default-src 'none'","content-type":"application/json; charset=utf-8","date":"Wed, 01 Jul 2026 09:22:18 GMT","referrer-policy":"origin-when-cross-origin, strict-origin-when-cross-origin","server":"github.com","strict-transport-security":"max-age=31536000; includeSubdomains; preload","transfer-encoding":"chunked","vary":"Accept-Encoding, Accept, X-Requested-With","x-accepted-github-permissions":"issues=write; pull_requests=write","x-content-type-options":"nosniff","x-frame-options":"deny","x-github-api-version-selected":"2022-11-28","x-github-media-type":"github.v3; format=json","x-github-request-id":"40AF:1EB051:1D516F9:6A5A2BE:6A44DC49","x-ratelimit-limit":"5000","x-ratelimit-remaining":"4964","x-ratelimit-reset":"1782899936","x-ratelimit-resource":"core","x-ratelimit-used":"36","x-xss-protection":"0"},"data":{"message":"Not Found","documentation_url":"https://docs.github.com/rest/issues/comments#update-an-issue-comment","status":"404"}}}

@sonarqubecloud

sonarqubecloud Bot commented Jul 1, 2026

Copy link
Copy Markdown

@adithya-naik

Copy link
Copy Markdown
Owner

@AyushSrivastava1818 ,

Can u suggest me any option for auto saving the commands instead of a manual saving, as I feel that auto capturing should not be disabled

@AyushSrivastava1818

Copy link
Copy Markdown
Author

Thanks for the suggestion! I agree that automatic saving provides a better user experience. Since the passive shell hook was removed due to the concerns raised in this issue, perhaps we could explore an opt-in approach instead. For example, users could explicitly enable auto-save during setup or via a config flag, without modifying shell configuration automatically. That would preserve the manual-first default while still giving users the option to enable automatic command saving if they prefer.

@adithya-naik

Copy link
Copy Markdown
Owner

Thanks for the suggestion! I agree that automatic saving provides a better user experience. Since the passive shell hook was removed due to the concerns raised in this issue, perhaps we could explore an opt-in approach instead. For example, users could explicitly enable auto-save during setup or via a config flag, without modifying shell configuration automatically. That would preserve the manual-first default while still giving users the option to enable automatic command saving if they prefer.

Will you be able to achieve this?

@AyushSrivastava1818

Copy link
Copy Markdown
Author

Yes, I'd be happy to work on this. I'll explore an opt-in auto-save approach that doesn't rely on modifying shell configuration and keeps the current manual workflow as the default. I'll share a proposal or draft implementation once I have a working approach.

@adithya-naik

Copy link
Copy Markdown
Owner

Yes, I'd be happy to work on this. I'll explore an opt-in auto-save approach that doesn't rely on modifying shell configuration and keeps the current manual workflow as the default. I'll share a proposal or draft implementation once I have a working approach.

Great !! ❤️

@AyushSrivastava1818

AyushSrivastava1818 commented Jul 2, 2026

Copy link
Copy Markdown
Author

I explored the current implementation. Since auto-save previously relied on a shell hook, I'm considering an opt-in approach where users explicitly enable it (for example, via a tracker enable-autosave command that provides the required shell snippet instead of modifying shell configuration automatically). This would preserve the manual-first default while still allowing automatic command capture. Does this align with what you had in mind, or were you thinking of a different mechanism (such as a background watcher)?

@adithya-naik

Copy link
Copy Markdown
Owner

I explored the current implementation. Since auto-save previously relied on a shell hook, I'm considering an opt-in approach where users explicitly enable it (for example, via a tracker enable-autosave command that provides the required shell snippet instead of modifying shell configuration automatically). This would preserve the manual-first default while still allowing automatic command capture. Does this align with what you had in mind, or were you thinking of a different mechanism (such as a background watcher)?

Yes that works!

@AyushSrivastava1818

Copy link
Copy Markdown
Author

I have one doubt....
Since this PR is focused on removing the passive shell hook, would it be okay to merge this one first and then I'll start working on the opt-in auto-save in a separate PR? I think that would keep the changes focused and make the review process simpler.
I'm happy to start on it as soon as this PR is merged!!!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants