chore(claude): add RAG reviewer + reset skill, fix broken on-edit hooks

[hyhmrright]

What

Four .claude/ automations, scoped to fill real gaps in the existing setup (the hook wiring lives in the gitignored settings.local.json; these are the tracked, shareable pieces):

1. hooks/post-edit-check.py — fixes two broken on-edit checks

The old inline PostToolUse hooks had two latent bugs:

• The biome hook read a top-level file_path (always empty in this payload — same nesting bug already fixed for the migrations/.env guards), so it silently formatted zero files on every edit.
• The typecheck hook ran the root tsconfig, which excludes packages/client — so client type errors got no on-edit feedback and only surfaced at CI/build.

New hook reads tool_input.file_path, formats just the edited file, and routes client files to the client tsconfig, closing the type-check gap.

2. hooks/guard-bun-test.py — blocks bun test

Running Bun's built-in bun test skips the bunfig.toml preload (test env + per-test table truncation) and points tests at the shared dev stack — this once produced ~102 phantom failures. The guard blocks the bun test subcommand and nudges to bun run test; bun run test / bun run test:setup pass through.

3. agents/rag-pipeline-reviewer.md — RAG contract reviewer

A specialized reviewer for packages/gateway/src/lib/ changes: embedding provider priority (EMBEDDING_PROVIDER_PRIORITY), Qdrant UUID point ids (toUUID), container-name networking, encrypted-key handling, query-builder usage.

4. skills/reset-user-password/ — break-glass prod password reset

Codifies the verified manual procedure (Argon2id via the Bun temp-.cjs workaround + UPDATE on the confer role). User-invoked only.

Verification

All hooks tested by piping crafted payloads:

• ✅ client type error caught (was previously never checked on edit)
• ✅ clean edits stay silent, exit 0
• ✅ every bun test variant blocked (bun test, bun test <path>, FOO=1 bun test, bun --watch test)
• ✅ bun run test, bun run test:setup, piped variants, and quoted-text in commit messages all pass through

No packages/ code changed → no redeploy needed.

🤖 Generated with Claude Code

[hyhmrright]

Code review

Ran a 5-agent review (CLAUDE.md adherence, shallow bug scan, git history, prior-PR comments, comment-vs-implementation compliance). Two minor items found and fixed in b871ef1; the remaining flags were false positives.

1. post-edit-check.py hardcoded an absolute repo path (REPO = "/Users/hyh/code/Confer"), making the tracked hook non-portable and inconsistent with the existing guard-bash-file-view.py (which carries no machine-specific state). Now derived from __file__:

Confer/.claude/hooks/post-edit-check.py

Lines 21 to 23 in b871ef1

	# tracked hook stays portable across checkouts instead of hardcoding a path.
	REPO = os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))
	BIOME = "./node_modules/.bin/biome"

2. The reset-password runbook passed the plaintext via inline -e NEWPW='...', which keeps it out of the container argv but not the host shell history. Now read with read -rs and reused (login-verify body built via jq --arg for correct escaping):

Confer/.claude/skills/reset-user-password/SKILL.md

Lines 24 to 26 in b871ef1

	```bash
	read -rs NEWPW # 输入新密码后回车（终端不回显）
	docker compose -f docker-compose.prod.yml exec -e NEWPW="$NEWPW" gateway sh -c '

Excluded as false positives: MultiEdit payloads do carry a top-level file_path (single file, multiple edits), so the hook handles them; and the gitignored settings.local.json wiring is intentional machine-local config, not a tracked-onboarding gap.

🤖 Generated with Claude Code

_{- If this code review was useful, please react with 👍. Otherwise, react with 👎.}

[hyhmrright]

Pre-merge self-review (round 2)

Before merging I ran an independent 3-lens adversarial review of the current diff (hook correctness / shell-secret safety / factual+contract accuracy). It surfaced 5 real defects the first review missed — each reproduced empirically, then fixed in a0df73c:

1. post-edit-check.py — type-check feedback never reached the model. PostToolUse stdout on exit 0 only goes to the debug log (hooks docs), so the computed tsc errors were silently discarded and the gap the hook claims to close stayed open. Now emitted as hookSpecificOutput.additionalContext JSON. Verified: client- and root-routed type errors both surface as valid JSON; clean / non-TS edits stay silent.
2. guard-bun-test.py — false positives. is_bun_test() matched bun/test anywhere in a segment, so echo bun test, ls bun test, git commit -m "…bun test…" were blocked, violating the hook's own "blocks only the subcommand" contract. Now only the command-position token counts (after VAR=value prefixes). Verified against a 17-case block/allow matrix.
3. guard-bun-test.py — wrong rationale. The "~102 phantom failures" came from mock.module global pollution, not from bun test skipping the bunfig preload — two incidents conflated. Docstring + BLOCKED message corrected.
4. reset-user-password — DB-corruption bug (major). Step 3 pasted the $-laden Argon2id hash into a double-quoted psql -c; bash/sh expand $argon2id/$v/$m → a truncated hash is written (account lockout) while psql still returns UPDATE 1. Reproduced ('$argon2id$v=19…' → '=19…'). Now binds via single-quoted var + psql :'h' safe-quoting.
5. reset-user-password — argv plaintext leak (major). Step 2's -e NEWPW="$NEWPW" and step 4's jq --arg p / curl -d put the plaintext in process argv (ps//proc), contradicting the step-5 "never in argv" claim. Now via stdin pipe (printf builtin) + jq env.NEWPW + curl --data @-. Verified the jq env round-trip.

CI is green on the fix commit. Merging — scope is .claude/ developer automation only (no product/A2A/DID/crypto code).

🤖 Generated with Claude Code