fix: handle filenames with spaces safely in hook scripts

Fixed critical shell scripting issues in all helper scripts:

Security & Reliability Fixes:
- Use proper quoted variable expansion ("$@" instead of $files)
- Use bash arrays instead of string concatenation for file lists
- Protect against command injection with special characters
- Handle filenames with spaces, newlines, and special chars safely

Specific Changes:
- rubocop-lint: Use "$@" for file arguments, safer printf
- rspec-affected: Use array for spec_files, proper quoting
- check-trailing-newlines: Use array for failed_files

Output Fixes:
- Added missing spaces in error messages (lines 27-28)
- Use array expansion with spaces: ${files[*]}

All scripts now follow bash best practices for safe file handling.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <[email protected]>

Author: justin808

bin/lefthook/check-trailing-newlines

@@ -2,30 +2,28 @@
 # Check for trailing newlines on staged files
 set -euo pipefail
 
-files="$*"
-
-if [ -z "$files" ]; then
+if [ $# -eq 0 ]; then
   echo "✅ No files to check for trailing newlines"
   exit 0
 fi
 
 echo "🔍 Checking trailing newlines on staged files..."
 
-failed_files=""
-for file in $files; do
+failed_files=()
+for file in "$@"; do
   if [ -f "$file" ] && [ -s "$file" ]; then
     if ! tail -c 1 "$file" | grep -q '^$'; then
       echo "❌ Missing trailing newline: $file"
-      failed_files="$failed_files $file"
+      failed_files+=("$file")
     fi
   fi
 done
 
-if [ -n "$failed_files" ]; then
+if [ ${#failed_files[@]} -gt 0 ]; then
   echo ""
   echo "❌ Trailing newline check failed!"
-  echo "💡 Add trailing newlines to:$failed_files"
-  echo "🔧 Quick fix: for file in$failed_files; do echo >> \"\$file\"; done"
+  echo "💡 Add trailing newlines to: ${failed_files[*]}"
+  echo "🔧 Quick fix: for file in ${failed_files[*]}; do echo >> \"\$file\"; done"
   echo "🚫 Skip hook: git commit --no-verify"
   exit 1
 fi

bin/lefthook/rspec-affected

@@ -2,37 +2,35 @@
 # Run RSpec tests for affected files
 set -euo pipefail
 
-files="$*"
-
-if [ -z "$files" ]; then
+if [ $# -eq 0 ]; then
   echo "✅ No Ruby files changed"
   exit 0
 fi
 
 # Find corresponding spec files for changed lib files
-spec_files=""
-for file in $files; do
+spec_files=()
+for file in "$@"; do
   if [[ $file == lib/* ]]; then
     # Convert lib/package_json/foo.rb to spec/package_json/foo_spec.rb
     spec_file=$(echo "$file" | sed 's|^lib/|spec/|' | sed 's|\.rb$|_spec.rb|')
     if [ -f "$spec_file" ]; then
-      spec_files="$spec_files $spec_file"
+      spec_files+=("$spec_file")
     fi
   elif [[ $file == spec/* ]]; then
     # If it's already a spec file, include it
-    spec_files="$spec_files $file"
+    spec_files+=("$file")
   fi
 done
 
-if [ -z "$spec_files" ]; then
+if [ ${#spec_files[@]} -eq 0 ]; then
   echo "✅ No corresponding spec files found for changed files"
   exit 0
 fi
 
 echo "🧪 Running affected RSpec tests:"
-printf "  %s\n" $spec_files
+printf "  %s\n" "${spec_files[@]}"
 
-if ! bundle exec rspec $spec_files; then
+if ! bundle exec rspec "${spec_files[@]}"; then
   echo ""
   echo "❌ Tests failed!"
   echo "💡 Run full suite: bundle exec rspec"

bin/lefthook/rubocop-lint

@@ -2,20 +2,18 @@
 # Lint Ruby files with RuboCop
 set -euo pipefail
 
-files="$*"
-
-if [ -z "$files" ]; then
+if [ $# -eq 0 ]; then
   echo "✅ No Ruby files to lint"
   exit 0
 fi
 
 echo "🔍 RuboCop on staged Ruby files:"
-printf "  %s\n" $files
+printf "  %s\n" "$@"
 
-if ! bundle exec rubocop --force-exclusion --display-cop-names -- $files; then
+if ! bundle exec rubocop --force-exclusion --display-cop-names -- "$@"; then
   echo ""
   echo "❌ RuboCop check failed!"
-  echo "💡 Auto-fix: bundle exec rubocop -a --force-exclusion -- $files"
+  echo "💡 Auto-fix: bundle exec rubocop -a --force-exclusion -- <files>"
   echo "🚫 Skip hook: git commit --no-verify"
   exit 1
 fi