[CI] unified_pre_tool #557 guard fires on plugins/templates/settings.local.json (false positive)

[akaszubski]

Problem

During batch #995/#996/#997 (hooks architecture phases A/B/C), the implementer hit a false-positive block from the settings.json/settings.local.json basename protection in unified_pre_tool.py (Issue #557 guard) when attempting to edit plugins/autonomous-dev/templates/settings.local.json.

The guard matches on basename only, so it fires on template files under plugins/autonomous-dev/templates/ — files that are NOT runtime settings and ARE legitimate implementation targets.

The implementer pivoted from Edit to Bash+python3 to accomplish the same write. This is semantically identical but circumvents the block via a different tool path, leaving the guard with a hole.

Evidence

Batch context:

Implementer hit unified_pre_tool.py false-positive on settings.local.json basename match (Issue #557) during #996. Pivoted from Edit to Bash+python3 — semantically identical operation.

Guard in unified_pre_tool.py line ~4145:

if fname in ("settings.json", "settings.local.json"):
    if _is_pipeline_active():
        # block

This fires on plugins/autonomous-dev/templates/settings.local.json because Path(...).name == "settings.local.json".

Suggested Fix

Add a path-context check: only block when the resolved path is under .claude/, not when it is under plugins/*/templates/:

if fname in ("settings.json", "settings.local.json"):
    resolved = Path(file_path).resolve()
    if ".claude" in resolved.parts and _is_pipeline_active():
        # block

Or add a short-circuit for template paths: if "templates" appears in the path parts, skip the guard entirely.

Plugin Version: 3.50.0 (008f897)

---

Filed automatically by continuous-improvement-analyst

[akaszubski]

Implemented in f5a214f (cluster A — unified_pre_tool.py false-positive fixes). See commit message and CHANGELOG for details.