MCPcopy Create free account

hub / github.com/anthropics/claude-code / functions

Functions167 in github.com/anthropics/claude-code

↓ 27 callersFunctiondebug_log
Append debug message to log file with timestamp.
plugins/security-guidance/hooks/_base.py:29
↓ 15 callersFunctionwith_locked_state
Execute callback with exclusive access to the state file. The callback receives the state dict and can modify it in place. State is saved
plugins/security-guidance/hooks/session_state.py:118
↓ 5 callersFunction_format_vulns_guidance
Render a vuln list into the user-facing guidance block. Shared by analyze_code_security, agentic_review, and the late-dedup paths in the Stop
plugins/security-guidance/hooks/llm.py:600
↓ 5 callersFunction_git_toplevel
Absolute repo root for `cwd`, or None if not in a work tree.
plugins/security-guidance/hooks/gitutil.py:144
↓ 5 callersFunctionemit_metrics
Write a SyncHookJSONOutput line to stdout for Claude Code to pick up. For asyncRewake (Stop) hooks, CC scans stdout for the first {-prefixed
plugins/security-guidance/hooks/security_reminder_hook.py:193
↓ 5 callersMethodevaluate_rules
Evaluate all rules and return combined results. Checks all rules and accumulates matches. Blocking rules take priority over warning r
plugins/hookify/core/rule_engine.py:35
↓ 4 callersFunction_finding_keys
(findings: List[Dict[str, Any]])
plugins/security-guidance/hooks/llm.py:680
↓ 4 callersFunctionanalyze_code_security
Use Haiku to perform a security review of code. files: list of (file_path, content_or_diff) tuples is_diff: if True, the content is a uni
plugins/security-guidance/hooks/llm.py:710
↓ 4 callersFunctionload_rules
Load all hookify rules from .claude directory. Args: event: Optional event filter ("bash", "file", "stop", etc.) Returns: Li
plugins/hookify/core/config_loader.py:198
↓ 3 callersFunction_cap_files_for_prompt
Cap per-file and total content bytes before they're packed into the review prompt. Returns the capped (path, content) list. Sets module-level
plugins/security-guidance/hooks/llm.py:158
↓ 3 callersFunction_dedup_against_state
Drop vulns that a CONCURRENT asyncRewake hook wrote to previous_findings while this hook's LLM was running. `prompted` is the (filePath, cate
plugins/security-guidance/hooks/llm.py:685
↓ 3 callersFunction_format_vulns_summary
One-liner for the user-facing task-notification summary. The full guidance goes to the model via stderr; this is the line the user actually s
plugins/security-guidance/hooks/llm.py:639
↓ 3 callersFunction_prioritize_diff_files
When `diff_files` exceeds `cap`, return the top-`cap` by security relevance plus the count dropped. Otherwise return (diff_files, 0). Score =
plugins/security-guidance/hooks/gitutil.py:512
↓ 3 callersFunctionparse_diff_into_files
Parse unified diff output into a list of (file_path, diff_content) tuples. Only includes files with source code extensions.
plugins/security-guidance/hooks/gitutil.py:615
↓ 2 callersFunction_agentic_commit_review_enabled
Agentic commit review gate. Enabled by default. SG_AGENTIC_COMMIT_REVIEW (=1/on or =0/off) remains as an explicit per-user override for opt-o
plugins/security-guidance/hooks/llm.py:982
↓ 2 callersFunction_agentic_review_with_race
Race the agentic reviewer against a delayed single-shot fallback. Agentic starts at t=0. After SG_AGENTIC_RACE_DELAY_S (default 180s), the si
plugins/security-guidance/hooks/security_reminder_hook.py:832
↓ 2 callersFunction_anthropic_base_url
Resolve the Anthropic-protocol endpoint base URL. Honors ANTHROPIC_BASE_URL (the convention the Anthropic SDK and CC itself use) so customers
plugins/security-guidance/hooks/llm.py:90
↓ 2 callersFunction_append_reviewed_shas
Record that `shas` were reviewed. Best-effort; never raises. Uses fcntl.flock for the read-gc-write; appends are O_APPEND-atomic but GC needs
plugins/security-guidance/hooks/diffstate.py:267
↓ 2 callersFunction_arun
()
plugins/security-guidance/hooks/llm.py:328
↓ 2 callersFunction_call_claude
Call the configured LLM model with extended thinking and structured outputs. Model defaults to Sonnet 4.6 but can be overridden via SECURITY_
plugins/security-guidance/hooks/llm.py:386
↓ 2 callersFunction_call_claude_dual_or
Run prompt through the model 2× in parallel and OR-merge the results. The second look samples the model again on the same prompt — independent
plugins/security-guidance/hooks/llm.py:521
↓ 2 callersFunction_config_paths
Existing config file paths, lowest precedence first (so concat reads in precedence order user → project → project-local). Truncation is done on
plugins/security-guidance/hooks/extensibility.py:92
↓ 2 callersFunction_git_dir
Absolute shared `.git` directory for repo_root. Uses `rev-parse --git-common-dir` so linked worktrees resolve to the SHARED gitdir, not the p
plugins/security-guidance/hooks/gitutil.py:156
↓ 2 callersFunction_git_rev_parse_head
Return the current HEAD SHA, or None if not a git repo / no commits.
plugins/security-guidance/hooks/gitutil.py:32
↓ 2 callersFunction_is_reviewable_source
(file_path)
plugins/security-guidance/hooks/gitutil.py:550
↓ 2 callersFunction_load_reviewed_shas
Set of full 40-hex shas previously reviewed in this clone.
plugins/security-guidance/hooks/diffstate.py:250
↓ 2 callersFunction_norm
(s: str)
plugins/security-guidance/hooks/llm.py:1396
↓ 2 callersFunction_norm
(s: str)
plugins/security-guidance/hooks/review_api.py:317
↓ 2 callersFunction_push_section
Return the slice of `bash_output` that contains the push's range lines. `_PUSH_RANGE_RE` is not push-specific — `git fetch` and `git pull` print
plugins/security-guidance/hooks/security_reminder_hook.py:739
↓ 2 callersFunction_record_usage
Accumulate one API response's token usage. `usage` is the Anthropic `usage` dict (HTTP) or the SDK ResultMessage.usage dict — both use the sam
plugins/security-guidance/hooks/_base.py:109
↓ 2 callersFunction_reviewed_shas_path
(repo_root)
plugins/security-guidance/hooks/diffstate.py:245
↓ 2 callersFunction_state_key
(session_id)
plugins/security-guidance/hooks/session_state.py:25
↓ 2 callersFunction_temp_index
Yield an env dict pointing GIT_INDEX_FILE at a throwaway copy of the repo's index with `git add --intent-to-add` applied, so untracked files s
plugins/security-guidance/hooks/gitutil.py:92
↓ 2 callersFunctionagentic_review
Two-stage Agent-SDK review: investigate (Read/Grep/Glob over the repo) then a self-refute filter pass. Returns (guidance_or_None, vulns, metri
plugins/security-guidance/hooks/llm.py:1059
↓ 2 callersFunctionatomic_check_rate_limit
Rolling-window rate limit: allow at most `max_per_window` calls per `window_s` seconds, per (session_id, key). Returns (allowed: bool, count_
plugins/security-guidance/hooks/security_reminder_hook.py:271
↓ 2 callersFunctioncheck_patterns
Check if file path or content matches any security patterns. Returns ALL matches.
plugins/security-guidance/hooks/security_reminder_hook.py:386
↓ 2 callersFunctionensure_anthropic_reachable
Run once. Under a remote/proxied environment, probe api.anthropic.com; if blackholed, scrub NO_PROXY and re-probe. Returns True if reachable (
plugins/security-guidance/hooks/llm.py:122
↓ 2 callersFunctionextract_frontmatter
Extract YAML frontmatter and message body from markdown. Returns (frontmatter_dict, message_body). Supports multi-line dictionary items in l
plugins/hookify/core/config_loader.py:87
↓ 2 callersMethodfrom_dict
Create Rule from frontmatter dict and message body.
plugins/hookify/core/config_loader.py:45
↓ 2 callersFunctionget_state_file
Get session-specific state file path.
plugins/security-guidance/hooks/session_state.py:37
↓ 2 callersFunctiongithubRequest
( endpoint: string, method = "GET", body?: unknown )
scripts/sweep.ts:15
↓ 2 callersFunctiongithubRequest
(endpoint: string, token: string, method: string = 'GET', body?: any)
scripts/backfill-duplicate-comments.ts:26
↓ 2 callersFunctiongithubRequest
(endpoint: string, token: string, method: string = 'GET', body?: any)
scripts/auto-close-duplicates.ts:28
↓ 2 callersFunctionrestore_unreviewed_stop_state
Put consumed touched_paths back so the next Stop reviews them. consume_stop_state cleared touched_paths on disk; if Stop then exits early for
plugins/security-guidance/hooks/diffstate.py:116
↓ 2 callersFunctionrule_names_to_mask
Pack a set of rule names into a bitmask. Bit N set means RuleId(N) matched. User-defined patterns (rule_name starting with "user:") have no static
plugins/security-guidance/hooks/patterns.py:337
↓ 1 callersFunctionCLOSE_MESSAGE
(reason: string)
scripts/sweep.ts:10
↓ 1 callersFunction_agentic_spawn_env
opts.env for the SDK-spawned inner `claude` CLI. Always neutralizes the fd-passing vars (a stale/closed fd makes the inner CLI runaway-alloca
plugins/security-guidance/hooks/llm.py:1012
↓ 1 callersFunction_build_auth_headers
(use_token)
plugins/security-guidance/hooks/llm.py:191
↓ 1 callersFunction_call_claude_via_sdk
Single-turn SDK call as a substitute for the HTTP _call_claude path on 3P providers. Uses the same `output_format` JSON-schema contract so the
plugins/security-guidance/hooks/llm.py:274
↓ 1 callersMethod_check_condition
Check if a single condition matches. Args: condition: Condition to check tool_name: Tool being used tool_
plugins/hookify/core/rule_engine.py:144
↓ 1 callersFunction_claim_bash_hook_once
De-dupe across hooks.json `if` matchers firing for the same Bash call. `git commit -m x && git push` matches both `Bash(git commit:*)` and `B
plugins/security-guidance/hooks/security_reminder_hook.py:646
↓ 1 callersFunction_compute_push_sweep_base
Advance the diff base past the contiguous reviewed prefix. Spec: review `git diff B..HEAD` where `B` is the newest commit such that `prev_ups
plugins/security-guidance/hooks/security_reminder_hook.py:717
↓ 1 callersFunction_detect_main_branch
(repo_root)
plugins/security-guidance/hooks/gitutil.py:213
↓ 1 callersFunction_detect_prev_upstream
Where the remote was BEFORE this push. Preference order: 1. Parse `abc..def` from push stdout — authoritative, exact. 2. `<branch>@{u
plugins/security-guidance/hooks/security_reminder_hook.py:776
↓ 1 callersFunction_diff_pathspec
Convert absolute touched-paths to repo-relative pathspec args for git diff. Paths outside cwd (e.g. ~/.claude/…) are dropped. Returns the list
plugins/security-guidance/hooks/gitutil.py:70
↓ 1 callersFunction_dual_or_enabled
Gate for the two-call dual_or review path. Default OFF — the second call roughly doubles API spend for the review. For users paying their own
plugins/security-guidance/hooks/llm.py:510
↓ 1 callersMethod_extract_field
Extract field value from tool input or hook input data. Args: field: Field name like "command", "new_text", "file_path", "reason"
plugins/hookify/core/rule_engine.py:182
↓ 1 callersFunction_find_git_index
Find the real index file for a git repo. Handles worktrees where .git is a file pointing to the main repo's gitdir. Returns the absolute
plugins/security-guidance/hooks/gitutil.py:48
↓ 1 callersFunction_git_diff_range
`git diff -p base head` as text on success, None on error. Distinguishing failure from success-with-empty-diff matters: the push-sweep caller
plugins/security-guidance/hooks/gitutil.py:193
↓ 1 callersFunction_git_name_only
Return the set of repo-root-relative paths that differ from `base`, or None if git failed (unresolvable ref, not a repo, timeout). Callers mus
plugins/security-guidance/hooks/gitutil.py:303
↓ 1 callersFunction_git_reflog_recent_commits
Return (fresh_commit_shas, stale_count) from the HEAD reflog. Scans the last `max_n` reflog entries and returns the SHAs whose action is `com
plugins/security-guidance/hooks/gitutil.py:227
↓ 1 callersFunction_git_rev_list_range
Shas in `base..head`, oldest→newest. Empty list on error.
plugins/security-guidance/hooks/gitutil.py:179
↓ 1 callersFunction_git_status_porcelain
One `git status --porcelain=v1 -z` → (tracked_dirty, untracked) sets of repo-root-relative paths, or (None, None) on error. Replaces the `_tem
plugins/security-guidance/hooks/gitutil.py:330
↓ 1 callersFunction_glob_match
Match a path against include/exclude globs. ``**`` matches any depth.
plugins/security-guidance/hooks/extensibility.py:247
↓ 1 callersFunction_has_redos_structure
Heuristic catastrophic-backtracking check. Not a proof. Catches: - nested quantifiers ((a+)*, (a*b)+) - wildcard groups under repetition (
plugins/security-guidance/hooks/extensibility.py:272
↓ 1 callersFunction_hit
(globs: Tuple[str, ...])
plugins/security-guidance/hooks/extensibility.py:251
↓ 1 callersFunction_intersects
(cand: dict[str, Any])
plugins/security-guidance/hooks/review_api.py:323
↓ 1 callersFunction_intersects_diff
(cand: Dict[str, Any])
plugins/security-guidance/hooks/llm.py:1402
↓ 1 callersFunction_is_3p_provider
True iff a 3P provider env var is set to a truthy value. Mirrors how the CC harness itself decides 1P vs 3P at startup. Cheap to call — no ne
plugins/security-guidance/hooks/llm.py:261
↓ 1 callersFunction_is_ancestor
True if `maybe_ancestor` is reachable from `descendant` (i.e. HEAD moved forward via commit/merge, not sideways via checkout).
plugins/security-guidance/hooks/gitutil.py:377
↓ 1 callersFunction_item
(v)
plugins/security-guidance/hooks/llm.py:654
↓ 1 callersFunction_list_untracked
Repo-root-relative untracked (and not-ignored) path → mtime_ns, or {} on error. Used at UPS to snapshot the pre-turn untracked set so the Stop
plugins/security-guidance/hooks/diffstate.py:319
↓ 1 callersFunction_load_guidance
(cwd: Optional[str])
plugins/security-guidance/hooks/extensibility.py:105
↓ 1 callersFunction_load_user_patterns
(cwd: Optional[str])
plugins/security-guidance/hooks/extensibility.py:147
↓ 1 callersMethod_matches_tool
Check if tool_name matches the matcher pattern. Args: matcher: Pattern like "Bash", "Edit|Write", "*" tool_name: Actu
plugins/hookify/core/rule_engine.py:127
↓ 1 callersFunction_maybe_bootstrap_agent_sdk_async
Fire-and-forget SDK bootstrap, for remote-pod environments. Under CLAUDE_CODE_SYNC_PLUGIN_INSTALL=true (CCR-style remote pods), plugins are s
plugins/security-guidance/hooks/security_reminder_hook.py:1979
↓ 1 callersFunction_model_supports_adaptive_thinking
True for models that reject the budget_tokens thinking form (4.6+).
plugins/security-guidance/hooks/llm.py:226
↓ 1 callersFunction_once
()
plugins/security-guidance/hooks/llm.py:347
↓ 1 callersFunction_plugin_version_int
()
plugins/security-guidance/hooks/ensure_agent_sdk.py:45
↓ 1 callersFunction_probe_anthropic
(timeout: float = 5.0)
plugins/security-guidance/hooks/llm.py:102
↓ 1 callersFunction_read_config
Read a YAML or JSON config file. Returns None on missing/malformed.
plugins/security-guidance/hooks/extensibility.py:171
↓ 1 callersFunction_read_plugin_version_int
Encode plugin.json version "M.m.p" as M*10000 + m*100 + p so it fits the bool|number metrics constraint. Returns 0 if unreadable.
plugins/security-guidance/hooks/_base.py:70
↓ 1 callersMethod_regex_match
Check if pattern matches text using regex. Args: pattern: Regex pattern text: Text to match against Returns:
plugins/hookify/core/rule_engine.py:256
↓ 1 callersFunction_render
(items)
plugins/security-guidance/hooks/llm.py:661
↓ 1 callersFunction_resolve_amend_pre_sha
For a `git commit --amend` we just ran, return the pre-amend SHA via reflog, or None if it can't be safely determined. expected_post_sha: the
plugins/security-guidance/hooks/security_reminder_hook.py:517
↓ 1 callersMethod_rule_matches
Check if rule matches input data. Args: rule: Rule to evaluate input_data: Hook input data Returns:
plugins/hookify/core/rule_engine.py:96
↓ 1 callersFunction_run
(system: str, prompt: str, *, schema: Dict[str, Any] )
plugins/security-guidance/hooks/llm.py:1291
↓ 1 callersFunction_run
(env)
plugins/security-guidance/hooks/gitutil.py:309
↓ 1 callersFunction_scrub
(s: object)
plugins/security-guidance/hooks/llm.py:1339
↓ 1 callersFunction_sdk_on_syspath
()
plugins/security-guidance/hooks/ensure_agent_sdk.py:35
↓ 1 callersFunction_skip
(reason, restore=False, **extra)
plugins/security-guidance/hooks/security_reminder_hook.py:1750
↓ 1 callersFunction_strip_anthropic_from_no_proxy
()
plugins/security-guidance/hooks/llm.py:113
↓ 1 callersFunction_unchanged_since_baseline
(p)
plugins/security-guidance/hooks/diffstate.py:390
↓ 1 callersFunction_usage_metrics
Snapshot the accumulator as metric keys. Returns {} when no API calls were made so skip-path emits don't burn key budget. cost_usd rounded to
plugins/security-guidance/hooks/_base.py:142
↓ 1 callersFunction_validate_command
(command: str)
examples/hooks/bash_command_validator_example.py:48
↓ 1 callersFunction_validate_pattern
Validate one user pattern entry. Returns a rule dict in the same shape as the built-in SECURITY_PATTERNS, or None if invalid (logged).
plugins/security-guidance/hooks/extensibility.py:199
↓ 1 callersFunction_wrap_guidance
(guidance: str)
plugins/security-guidance/hooks/extensibility.py:128
↓ 1 callersFunctionatomic_check_and_mark_warning
Atomically check if a warning has been shown and mark it as shown if not. Returns True if this is the first time seeing this warning (should
plugins/security-guidance/hooks/security_reminder_hook.py:237
↓ 1 callersFunctionautoCloseDuplicates
()
scripts/auto-close-duplicates.ts:99
↓ 1 callersFunctionbackfillDuplicateComments
()
scripts/backfill-duplicate-comments.ts:72
next →1–100 of 167, ranked by callers