fix(hooks): add -e flag to echo for ANSI color support

jdalton · jdalton · commit 2176c4af576c · 2025-11-07T18:07:27.000-05:00
Git hooks were displaying raw ANSI escape codes instead of colors.
The `echo` command requires the `-e` flag to interpret backslash
escape sequences like `\033[0;32m`.

Changes:
- Add `-e` flag to all echo statements with color variables
- Affects both pre-commit and pre-push hooks
- Colors now display correctly: green for success, red for errors, yellow for warnings
diff --git a/.git-hooks/pre-commit b/.git-hooks/pre-commit
@@ -13,13 +13,13 @@ NC='\033[0m'
 # Allowed public API key (used in socket-lib).
 ALLOWED_PUBLIC_KEY="sktsec_t_--RAN5U4ivauy4w37-6aoKyYPDt5ZbaT5JBVMqiwKo_api"
 
-echo "${GREEN}Running Socket Security checks...${NC}"
+echo -e "${GREEN}Running Socket Security checks...${NC}"
 
 # Get list of staged files.
 STAGED_FILES=$(git diff --cached --name-only --diff-filter=ACM)
 
 if [ -z "$STAGED_FILES" ]; then
-  echo "${GREEN}✓ No files to check${NC}"
+  echo -e "${GREEN}✓ No files to check${NC}"
   exit 0
 fi
 
@@ -28,23 +28,23 @@ ERRORS=0
 # Check for .DS_Store files.
 echo "Checking for .DS_Store files..."
 if echo "$STAGED_FILES" | grep -q '\.DS_Store'; then
-  echo "${RED}✗ ERROR: .DS_Store file detected!${NC}"
+  echo -e "${RED}✗ ERROR: .DS_Store file detected!${NC}"
   echo "$STAGED_FILES" | grep '\.DS_Store'
   ERRORS=$((ERRORS + 1))
 fi
 
 # Check for log files.
 echo "Checking for log files..."
 if echo "$STAGED_FILES" | grep -E '\.log$' | grep -v 'test.*\.log'; then
-  echo "${RED}✗ ERROR: Log file detected!${NC}"
+  echo -e "${RED}✗ ERROR: Log file detected!${NC}"
   echo "$STAGED_FILES" | grep -E '\.log$' | grep -v 'test.*\.log'
   ERRORS=$((ERRORS + 1))
 fi
 
 # Check for .env files.
 echo "Checking for .env files..."
 if echo "$STAGED_FILES" | grep -E '^\.env(\.local)?$'; then
-  echo "${RED}✗ ERROR: .env or .env.local file detected!${NC}"
+  echo -e "${RED}✗ ERROR: .env or .env.local file detected!${NC}"
   echo "$STAGED_FILES" | grep -E '^\.env(\.local)?$'
   echo "These files should never be committed. Use .env.example instead."
   ERRORS=$((ERRORS + 1))
@@ -61,7 +61,7 @@ for file in $STAGED_FILES; do
 
     # Check for common user path patterns.
     if grep -E '(/Users/[^/\s]+/|/home/[^/\s]+/|C:\\Users\\[^\\]+\\)' "$file" 2>/dev/null | grep -q .; then
-      echo "${RED}✗ ERROR: Hardcoded personal path found in: $file${NC}"
+      echo -e "${RED}✗ ERROR: Hardcoded personal path found in: $file${NC}"
       grep -n -E '(/Users/[^/\s]+/|/home/[^/\s]+/|C:\\Users\\[^\\]+\\)' "$file" | head -3
       echo "Replace with relative paths or environment variables."
       ERRORS=$((ERRORS + 1))
@@ -74,7 +74,7 @@ echo "Checking for API keys..."
 for file in $STAGED_FILES; do
   if [ -f "$file" ]; then
     if grep -E 'sktsec_[a-zA-Z0-9_-]+' "$file" 2>/dev/null | grep -v "$ALLOWED_PUBLIC_KEY" | grep -v 'your_api_key_here' | grep -v 'SOCKET_SECURITY_API_KEY=' | grep -v 'fake-token' | grep -v 'test-token' | grep -q .; then
-      echo "${YELLOW}⚠ WARNING: Potential API key found in: $file${NC}"
+      echo -e "${YELLOW}⚠ WARNING: Potential API key found in: $file${NC}"
       grep -n 'sktsec_' "$file" | grep -v "$ALLOWED_PUBLIC_KEY" | grep -v 'your_api_key_here' | grep -v 'fake-token' | grep -v 'test-token' | head -3
       echo "If this is a real API key, DO NOT COMMIT IT."
     fi
@@ -92,32 +92,32 @@ for file in $STAGED_FILES; do
 
     # Check for AWS keys.
     if grep -iE '(aws_access_key|aws_secret|AKIA[0-9A-Z]{16})' "$file" 2>/dev/null | grep -q .; then
-      echo "${RED}✗ ERROR: Potential AWS credentials found in: $file${NC}"
+      echo -e "${RED}✗ ERROR: Potential AWS credentials found in: $file${NC}"
       grep -n -iE '(aws_access_key|aws_secret|AKIA[0-9A-Z]{16})' "$file" | head -3
       ERRORS=$((ERRORS + 1))
     fi
 
     # Check for GitHub tokens.
     if grep -E 'gh[ps]_[a-zA-Z0-9]{36}' "$file" 2>/dev/null | grep -q .; then
-      echo "${RED}✗ ERROR: Potential GitHub token found in: $file${NC}"
+      echo -e "${RED}✗ ERROR: Potential GitHub token found in: $file${NC}"
       grep -n -E 'gh[ps]_[a-zA-Z0-9]{36}' "$file" | head -3
       ERRORS=$((ERRORS + 1))
     fi
 
     # Check for private keys.
     if grep -E '-----BEGIN (RSA |EC |DSA )?PRIVATE KEY-----' "$file" 2>/dev/null | grep -q .; then
-      echo "${RED}✗ ERROR: Private key found in: $file${NC}"
+      echo -e "${RED}✗ ERROR: Private key found in: $file${NC}"
       ERRORS=$((ERRORS + 1))
     fi
   fi
 done
 
 if [ $ERRORS -gt 0 ]; then
   echo ""
-  echo "${RED}✗ Security check failed with $ERRORS error(s).${NC}"
+  echo -e "${RED}✗ Security check failed with $ERRORS error(s).${NC}"
   echo "Fix the issues above and try again."
   exit 1
 fi
 
-echo "${GREEN}✓ All security checks passed!${NC}"
+echo -e "${GREEN}✓ All security checks passed!${NC}"
 exit 0
diff --git a/.git-hooks/pre-push b/.git-hooks/pre-push
@@ -11,7 +11,7 @@ YELLOW='\033[1;33m'
 GREEN='\033[0;32m'
 NC='\033[0m'
 
-echo "${GREEN}Running mandatory pre-push validation...${NC}"
+echo -e "${GREEN}Running mandatory pre-push validation...${NC}"
 
 # Allowed public API key (used in socket-lib).
 ALLOWED_PUBLIC_KEY="sktsec_t_--RAN5U4ivauy4w37-6aoKyYPDt5ZbaT5JBVMqiwKo_api"
@@ -46,7 +46,7 @@ while read local_ref local_sha remote_ref remote_sha; do
 
     if echo "$full_msg" | grep -qiE "(Generated with|Co-Authored-By: Claude|Co-Authored-By: AI|🤖 Generated|AI generated|Claude Code|@anthropic|Assistant:|Generated by Claude|Machine generated)"; then
       if [ $ERRORS -eq 0 ]; then
-        echo "${RED}✗ BLOCKED: AI attribution found in commit messages!${NC}"
+        echo -e "${RED}✗ BLOCKED: AI attribution found in commit messages!${NC}"
         echo "Commits with AI attribution:"
       fi
       echo "  - $(git log -1 --oneline "$commit_sha")"
@@ -76,21 +76,21 @@ while read local_ref local_sha remote_ref remote_sha; do
   if [ -n "$CHANGED_FILES" ]; then
     # Check for sensitive files.
     if echo "$CHANGED_FILES" | grep -qE '^\.env(\.local)?$'; then
-      echo "${RED}✗ BLOCKED: Attempting to push .env file!${NC}"
+      echo -e "${RED}✗ BLOCKED: Attempting to push .env file!${NC}"
       echo "Files: $(echo "$CHANGED_FILES" | grep -E '^\.env(\.local)?$')"
       ERRORS=$((ERRORS + 1))
     fi
 
     # Check for .DS_Store.
     if echo "$CHANGED_FILES" | grep -q '\.DS_Store'; then
-      echo "${RED}✗ BLOCKED: .DS_Store file in push!${NC}"
+      echo -e "${RED}✗ BLOCKED: .DS_Store file in push!${NC}"
       echo "Files: $(echo "$CHANGED_FILES" | grep '\.DS_Store')"
       ERRORS=$((ERRORS + 1))
     fi
 
     # Check for log files.
     if echo "$CHANGED_FILES" | grep -E '\.log$' | grep -v 'test.*\.log' | grep -q .; then
-      echo "${RED}✗ BLOCKED: Log file in push!${NC}"
+      echo -e "${RED}✗ BLOCKED: Log file in push!${NC}"
       echo "Files: $(echo "$CHANGED_FILES" | grep -E '\.log$' | grep -v 'test.*\.log')"
       ERRORS=$((ERRORS + 1))
     fi
@@ -105,35 +105,35 @@ while read local_ref local_sha remote_ref remote_sha; do
 
         # Check for hardcoded user paths.
         if grep -E '(/Users/[^/\s]+/|/home/[^/\s]+/|C:\\Users\\[^\\]+\\)' "$file" 2>/dev/null | grep -q .; then
-          echo "${RED}✗ BLOCKED: Hardcoded personal path found in: $file${NC}"
+          echo -e "${RED}✗ BLOCKED: Hardcoded personal path found in: $file${NC}"
           grep -n -E '(/Users/[^/\s]+/|/home/[^/\s]+/|C:\\Users\\[^\\]+\\)' "$file" | head -3
           ERRORS=$((ERRORS + 1))
         fi
 
         # Check for Socket API keys.
         if grep -E 'sktsec_[a-zA-Z0-9_-]+' "$file" 2>/dev/null | grep -v "$ALLOWED_PUBLIC_KEY" | grep -v 'your_api_key_here' | grep -v 'SOCKET_SECURITY_API_KEY=' | grep -v 'fake-token' | grep -v 'test-token' | grep -q .; then
-          echo "${RED}✗ BLOCKED: Real API key detected in: $file${NC}"
+          echo -e "${RED}✗ BLOCKED: Real API key detected in: $file${NC}"
           grep -n 'sktsec_' "$file" | grep -v "$ALLOWED_PUBLIC_KEY" | grep -v 'your_api_key_here' | grep -v 'fake-token' | grep -v 'test-token' | head -3
           ERRORS=$((ERRORS + 1))
         fi
 
         # Check for AWS keys.
         if grep -iE '(aws_access_key|aws_secret|AKIA[0-9A-Z]{16})' "$file" 2>/dev/null | grep -q .; then
-          echo "${RED}✗ BLOCKED: Potential AWS credentials found in: $file${NC}"
+          echo -e "${RED}✗ BLOCKED: Potential AWS credentials found in: $file${NC}"
           grep -n -iE '(aws_access_key|aws_secret|AKIA[0-9A-Z]{16})' "$file" | head -3
           ERRORS=$((ERRORS + 1))
         fi
 
         # Check for GitHub tokens.
         if grep -E 'gh[ps]_[a-zA-Z0-9]{36}' "$file" 2>/dev/null | grep -q .; then
-          echo "${RED}✗ BLOCKED: Potential GitHub token found in: $file${NC}"
+          echo -e "${RED}✗ BLOCKED: Potential GitHub token found in: $file${NC}"
           grep -n -E 'gh[ps]_[a-zA-Z0-9]{36}' "$file" | head -3
           ERRORS=$((ERRORS + 1))
         fi
 
         # Check for private keys.
         if grep -E '-----BEGIN (RSA |EC |DSA )?PRIVATE KEY-----' "$file" 2>/dev/null | grep -q .; then
-          echo "${RED}✗ BLOCKED: Private key found in: $file${NC}"
+          echo -e "${RED}✗ BLOCKED: Private key found in: $file${NC}"
           ERRORS=$((ERRORS + 1))
         fi
       fi
@@ -145,10 +145,10 @@ done
 
 if [ $TOTAL_ERRORS -gt 0 ]; then
   echo ""
-  echo "${RED}✗ Push blocked by mandatory validation!${NC}"
+  echo -e "${RED}✗ Push blocked by mandatory validation!${NC}"
   echo "Fix the issues above before pushing."
   exit 1
 fi
 
-echo "${GREEN}✓ All mandatory validation passed!${NC}"
+echo -e "${GREEN}✓ All mandatory validation passed!${NC}"
 exit 0
