CM-68330: fix hook payload handling on Cursor for Windows#491
Open
Ilanlido wants to merge 1 commit into
Open
Conversation
Two payload bugs found in Windows/Cursor MDM testing:
- Cursor sends the hook payload with a UTF-8 BOM; json.loads rejects it and
safe_json_parse returned {}, silently allowing without scanning. Read stdin
bytes and decode utf-8-sig at both hook entry points - strips the BOM and
pins the payload to UTF-8 regardless of the Windows ANSI code page (non-ASCII
prompts were mojibake under cp1252). The text-mode fallback path lstrips
U+FEFF as defense-in-depth.
- Cursor sends workspace_roots=[] when no folder is open; the .get() default
only applies when the key is missing, so workspace_roots[0] raised
IndexError. Fall back to '.' via `or`.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
There was a problem hiding this comment.
Claude Code Review
This repository is configured for manual code reviews. Comment @claude review for a one-time review, or @claude review always to subscribe this PR to a review on every future push.
Tip: disable this comment in your organization's Code Review settings.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Two payload bugs found in Windows/Cursor MDM testing:
Cursor sends the hook payload with a UTF-8 BOM; json.loads rejects it and safe_json_parse returned {}, silently allowing without scanning. Read stdin bytes and decode utf-8-sig at both hook entry points - strips the BOM and pins the payload to UTF-8 regardless of the Windows ANSI code page (non-ASCII prompts were mojibake under cp1252). The text-mode fallback path lstrips U+FEFF as defense-in-depth.
Cursor sends workspace_roots=[] when no folder is open; the .get() default only applies when the key is missing, so workspace_roots[0] raised IndexError. Fall back to '.' via
or.