@aporthq/aport-agent-guardrails 1.0.25 → 1.0.27

package/README.md

@@ -55,6 +55,7 @@ npx @aporthq/aport-agent-guardrails
 - Choose your framework: `openclaw`, `cursor`, `claude-code`, `langchain`, `crewai`, `deerflow`, `n8n`
 - OpenClaw direct: `npx @aporthq/aport-agent-guardrails openclaw`
 - Hosted passport: `npx @aporthq/aport-agent-guardrails openclaw <agent_id>`
+- Reset a framework to a clean APort state: `npx @aporthq/aport-agent-guardrails reset claude-code --yes`
 
 ### Why Developers and teams trust APort
 
@@ -129,6 +130,22 @@ npx @aporthq/aport-agent-guardrails
 #   --mode=local
 ```
 
+**Reset / uninstall APort-owned wiring**
+
+Use the same dispatcher for cleanup:
+
+```bash
+npx @aporthq/aport-agent-guardrails reset claude-code --yes
+# or
+npx @aporthq/aport-agent-guardrails claude-code reset --yes
+```
+
+Supported reset targets match the CLI-supported frameworks:
+`openclaw`, `cursor`, `claude-code`, `langchain`, `crewai`, `deerflow`, `n8n`.
+
+Reset removes APort-owned config and integration wiring for the selected framework.
+When possible, unrelated user hooks are preserved.
+
 **Python (LangChain, CrewAI, or DeerFlow):** Use the Python CLI directly via `uvx` or an installed package:
 ```bash
 uvx --from aport-agent-guardrails aport setup --framework=langchain
@@ -183,7 +200,7 @@ Your framework doc (Cursor, OpenClaw, LangChain, CrewAI) describes where the con
 | **Bypass risk** | None | High |
 | **Recommended** | **Yes** | Only if plugin unavailable |
 
-**Plugin (recommended):** Platform runs the guardrail before every tool; the model cannot skip it. This repo implements the **plugin (before_tool_call)** integration—Option 2 in the [APort × OpenClaw integration proposal](https://github.com/aporthq/agent-passport/tree/main/_plan/execution/openclaw).  
+**Plugin (recommended):** Platform runs the guardrail before every tool; the model cannot skip it. This repo implements the public **plugin (before_tool_call)** integration for OpenClaw.
 **AGENTS.md:** Agent is *instructed* to call the guardrail; best-effort only.
 
 ---
@@ -405,6 +422,7 @@ See [Verification methods](docs/VERIFICATION_METHODS.md) for a detailed comparis
 | Command | Purpose |
 |--------|---------|
 | `agent-guardrails` | Main entry — prompt for framework or pass one: `agent-guardrails openclaw \| cursor \| claude-code \| langchain \| crewai \| deerflow \| n8n`. Args after the framework are passed through (e.g. `agent-guardrails openclaw <agent_id>`). |
+| `agent-guardrails reset <framework> [--yes]` | Remove APort-owned config and hook/plugin wiring for one framework. Positional form also works: `agent-guardrails <framework> reset --yes`. |
 | `aport` | OpenClaw one-command setup (passport + plugin + wrappers). Optional: `aport <agent_id>` for hosted passport. |
 | `aport-guardrail` | Run guardrail check from the CLI (e.g. `aport-guardrail system.command.execute '{"command":"ls"}'`). Uses passport from your framework config dir. |
 
@@ -517,7 +535,7 @@ Contributions welcome: policy packs, framework adapters, docs. See [CONTRIBUTING
 
 Apache 2.0 — see [LICENSE](LICENSE).
 
-**Open-core:** Local evaluation and CLI in this repo are open source (Apache 2.0). [api.aport.io](https://api.aport.io) is a separate product for cloud features (signed receipts, global kill switch, team sync). See [APort × OpenClaw proposal](https://github.com/aporthq/agent-passport/tree/main/_plan/execution/openclaw) for free vs. paid tiers.
+**Open-core:** Local evaluation and CLI in this repo are open source (Apache 2.0). [api.aport.io](https://api.aport.io) is a separate product for cloud features such as signed receipts, global kill switch, and team sync.
 
 ---
 
@@ -527,5 +545,3 @@ Apache 2.0 — see [LICENSE](LICENSE).
 - [GitHub Issues](https://github.com/aporthq/aport-agent-guardrails/issues) · [Discussions](https://github.com/aporthq/aport-agent-guardrails/discussions)
 
 ---
-
-<p align="center">Made with ❤️ by [Uchi](https://github.com/uchibeke/) </p>

package/bin/agent-guardrails

@@ -29,6 +29,7 @@ ROOT_DIR="$(cd "$SCRIPT_DIR/.." && pwd)"
 FRAMEWORKS_DIR="$SCRIPT_DIR/frameworks"
 LIB_DIR="$SCRIPT_DIR/lib"
 SUPPORTED_FRAMEWORKS=(openclaw langchain crewai cursor claude-code deerflow n8n)
+reset_requested=""
 
 framework_supported() {
   local candidate="${1:-}"
@@ -44,6 +45,7 @@ framework_supported() {
 # Parse --framework= and -f (skip detection when set)
 framework=""
 integration_mode=""
+noninteractive_requested=""
 REST=()
 while [[ $# -gt 0 ]]; do
   case "$1" in
@@ -73,6 +75,10 @@ while [[ $# -gt 0 ]]; do
         exit 1
       fi
       ;;
+    --non-interactive|--noninteractive)
+      noninteractive_requested="1"
+      shift
+      ;;
     *)
       REST+=("$1")
       shift
@@ -80,7 +86,23 @@ while [[ $# -gt 0 ]]; do
   esac
 done
 
+if [[ -n "$noninteractive_requested" ]]; then
+  export APORT_NONINTERACTIVE=1
+fi
+
 # If no framework from args, check if first REST argument is a framework name
+if [[ -z "$framework" ]] && [[ ${#REST[@]} -gt 0 ]]; then
+  first_arg="${REST[0]}"
+  if [[ "$first_arg" == "reset" ]] && [[ ${#REST[@]} -gt 1 ]]; then
+    second_arg="${REST[1]}"
+    if framework_supported "$second_arg"; then
+      framework="$second_arg"
+      reset_requested="1"
+      REST=("${REST[@]:2}")
+    fi
+  fi
+fi
+
 if [[ -z "$framework" ]] && [[ ${#REST[@]} -gt 0 ]]; then
   first_arg="${REST[0]}"
   # Check if first arg looks like a framework name (lowercase alphanumeric + hyphen)
@@ -93,6 +115,11 @@ if [[ -z "$framework" ]] && [[ ${#REST[@]} -gt 0 ]]; then
   fi
 fi
 
+if [[ -n "$framework" ]] && [[ ${#REST[@]} -gt 0 ]] && [[ "${REST[0]}" == "reset" ]]; then
+  reset_requested="1"
+  REST=("${REST[@]:1}")
+fi
+
 # If still no framework from args, try APORT_FRAMEWORK (non-interactive) or detection
 if [[ -z "$framework" ]]; then
   if [[ -n "${APORT_FRAMEWORK:-}" ]]; then
@@ -165,6 +192,15 @@ fi
 
 echo "[aport] Selected framework: $framework" >&2
 
+if [[ -n "$reset_requested" ]]; then
+  reset_script="$SCRIPT_DIR/aport-reset-framework.sh"
+  if [[ ! -x "$reset_script" ]]; then
+    echo "[aport] ERROR: Reset helper not found: $reset_script" >&2
+    exit 1
+  fi
+  exec "$reset_script" "$framework" ${REST+"${REST[@]}"}
+fi
+
 if [[ -n "$integration_mode" ]]; then
   case "$integration_mode" in
     compat|native) ;;

package/bin/aport-claude-code-hook.sh

@@ -1,5 +1,5 @@
 #!/usr/bin/env bash
-# APort Claude Code hook: reads tool_name + tool_input from JSON stdin,
+# APort Claude Code hook: reads tool_name + tool_input from JSON stdin (path-based Read uses guardrail).
 # maps to APort policy, calls guardrail, outputs hookSpecificOutput deny or exit 0.
 # Exit 0 = allow, exit 2 = block. Other exits = hook error (Claude Code may fail-open).
 # Output format: Claude Code official schema (hookSpecificOutput.permissionDecision), NOT Cursor format.
@@ -14,6 +14,8 @@ ROOT_DIR="$(cd "$SCRIPT_DIR/.." && pwd)"
 . "$ROOT_DIR/bin/aport-resolve-paths.sh"
 # shellcheck source=bin/lib/guardrail-mode.sh
 . "$ROOT_DIR/bin/lib/guardrail-mode.sh"
+# shellcheck source=bin/lib/hook-read-policy.sh
+. "$ROOT_DIR/bin/lib/hook-read-policy.sh"
 load_guardrail_mode_for_hooks "${OPENCLAW_CONFIG_DIR:-$HOME/.claude}"
 
 GUARDRAIL="$ROOT_DIR/bin/aport-guardrail-bash.sh"
@@ -49,7 +51,8 @@ set -e
 if [ "$JQ_EXIT" -ne 0 ] || [ -z "$TOOL_NAME" ]; then
     TOOL_NAME="unknown"
 fi
-TOOL_NAME_NORM="$(printf '%s' "$TOOL_NAME" | tr -d '[:space:]' | sed 's/^functions\.//' | tr '[:upper:]' '[:lower:]')"
+# Strip permission-rule specifiers (e.g. Agent(Explore) -> Agent) before normalization.
+TOOL_NAME_NORM="$(printf '%s' "$TOOL_NAME" | tr -d '[:space:]' | sed 's/^functions\.//' | sed 's/(.*$//' | tr '[:upper:]' '[:lower:]')"
 set +e
 TOOL_INPUT="$(echo "$INPUT" | jq -c '.tool_input // {}' 2> /dev/null)"
 JQ_EXIT=$?
@@ -81,40 +84,45 @@ GUARDRAIL_TOOL=""
 CONTEXT_JSON="{}"
 
 case "$TOOL_NAME_NORM" in
-    bash | shell)
+    bash | shell | powershell | monitor)
         GUARDRAIL_TOOL="bash"
-        CONTEXT_JSON="$(safe_jq "$TOOL_INPUT" '{command: (.command // "")}')"
+        CONTEXT_JSON="$(safe_jq "$TOOL_INPUT" '{command: (.command // .script // "")}')"
         ;;
-    read | glob | ls | grep | todoread | toolsearch | askuserquestion | readfile | semanticsearch)
-        # Read-family + user-interaction tools: allow without calling evaluator
+    read | readfile | semanticsearch)
+        if ! aport_hook_try_read_evaluation "$TOOL_NAME_NORM" "$TOOL_INPUT"; then
+            exit 0
+        fi
+        ;;
+    glob | ls | grep | lsp | todoread | toolsearch | askuserquestion | listmcpresourcestool | readmcpresourcetool | waitformcpservers)
+        # Search/list/read tools without a single file_path: allow without evaluator
         exit 0
         ;;
-    taskget | tasklist | taskoutput | cronlist)
-        # Read-only task/cron queries: allow without evaluator
+    taskget | tasklist | taskoutput | cronlist | schedulewakeup | pushnotification)
+        # Read-only task/cron queries and notifications: allow without evaluator
         exit 0
         ;;
     enterplanmode | exitplanmode)
         # Internal state transitions: allow without evaluator
         exit 0
         ;;
-    write | edit | multiedit | notebookedit | todowrite | delete | strreplace | editnotebook)
+    write | edit | multiedit | notebookedit | todowrite | delete | strreplace | editnotebook | shareonboardingguide)
         GUARDRAIL_TOOL="write"
         CONTEXT_JSON="$(safe_jq "$TOOL_INPUT" '{file_path: (.file_path // .path // "")}')"
         ;;
     websearch | webfetch)
-        GUARDRAIL_TOOL="webfetch"
-        CONTEXT_JSON="$(safe_jq "$TOOL_INPUT" '{url: (.url // .query // "")}')"
+        GUARDRAIL_TOOL="websearch"
+        CONTEXT_JSON="$(safe_jq "$TOOL_INPUT" '{url: (.url // ""), query: (.query // "")}')"
         ;;
     browser)
         GUARDRAIL_TOOL="browser"
         CONTEXT_JSON="$(safe_jq "$TOOL_INPUT" '{url: (.url // "")}')"
         ;;
-    task | taskcreate | taskupdate | taskstop | agent | skill | enterworktree | subagent | subagentstart)
+    agent | task | taskcreate | taskupdate | taskstop | skill | enterworktree | exitworktree | subagent | subagentstart | sendmessage | teamcreate | teamdelete | remotetrigger)
         GUARDRAIL_TOOL="session.create"
-        CONTEXT_JSON="$(safe_jq "$TOOL_INPUT" '{description: (.description // .prompt // "")}')"
+        CONTEXT_JSON="$(safe_jq "$TOOL_INPUT" '{description: (.description // .prompt // .task // .message // ""), subagent_type: (.subagent_type // .agent_type // "")}')"
         ;;
     croncreate | crondelete)
-        GUARDRAIL_TOOL="cron"
+        GUARDRAIL_TOOL="session.create"
         CONTEXT_JSON="$(safe_jq "$TOOL_INPUT" '{description: (.description // .schedule // "")}')"
         ;;
     mcp__* | mcp:* | callmcptool)
@@ -134,6 +142,14 @@ if [ -n "$HOOK_DECISION_FILE" ]; then
     export OPENCLAW_DECISION_FILE="$HOOK_DECISION_FILE"
 fi
 
+# Read tools: send only file_path to the evaluator (Claude may attach large file bodies in tool_input).
+if [ "$GUARDRAIL_TOOL" = "read" ]; then
+    CONTEXT_JSON="$(printf '%s' "$CONTEXT_JSON" | jq -c '{file_path: (.file_path // .path // "")}' 2> /dev/null || echo '{"file_path":""}')"
+    if [ -z "$(printf '%s' "$CONTEXT_JSON" | jq -r '.file_path // ""' 2> /dev/null)" ]; then
+        exit 0
+    fi
+fi
+
 # Call core evaluator (guardrail expects tool name, not policy ID)
 set +e
 "$GUARDRAIL" "$GUARDRAIL_TOOL" "$CONTEXT_JSON" 2> /dev/null

package/bin/aport-cursor-hook.sh

@@ -18,6 +18,8 @@ ROOT_DIR="$(cd "$SCRIPT_DIR/.." && pwd)"
 . "$ROOT_DIR/bin/aport-resolve-paths.sh"
 # shellcheck source=bin/lib/guardrail-mode.sh
 . "$ROOT_DIR/bin/lib/guardrail-mode.sh"
+# shellcheck source=bin/lib/hook-read-policy.sh
+. "$ROOT_DIR/bin/lib/hook-read-policy.sh"
 load_guardrail_mode_for_hooks "${OPENCLAW_CONFIG_DIR:-$HOME/.cursor}"
 
 GUARDRAIL="$ROOT_DIR/bin/aport-guardrail-bash.sh"
@@ -82,8 +84,10 @@ HOOK_EVENT="$(echo "$INPUT" | jq -r '.hook_event_name // ""' 2> /dev/null)"
 TOOL_NAME="$(echo "$INPUT" | jq -r '.tool_name // ""' 2> /dev/null)"
 
 if [ "$HOOK_EVENT" = "beforeReadFile" ] || { [ -z "$HOOK_EVENT" ] && [ -z "$TOOL_NAME" ] && echo "$INPUT" | jq -e '.file_path and .content' &> /dev/null; }; then
-    # beforeReadFile: file reads — allow without evaluator (same as Claude Code)
-    exit 0
+    FILE_PATH="$(echo "$INPUT" | jq -r '.file_path // ""' 2> /dev/null || true)"
+    if ! aport_hook_try_read_evaluation_from_file_path "$FILE_PATH"; then
+        exit 0
+    fi
 
 elif [ "$HOOK_EVENT" = "subagentStart" ] || { [ -z "$HOOK_EVENT" ] && echo "$INPUT" | jq -e '.subagent_id' &> /dev/null; }; then
     # subagentStart: sub-agent spawning
@@ -96,36 +100,48 @@ elif [ "$HOOK_EVENT" = "beforeMCPExecution" ] || { [ -n "$TOOL_NAME" ] && echo "
     CONTEXT_JSON="$(safe_jq "$INPUT" '{tool_name: (.tool_name // ""), tool_input: (.tool_input // {})}')"
 
 elif [ -n "$TOOL_NAME" ]; then
-    # preToolUse: Cursor tool names — Shell, Read, Write, Grep, Delete, Task, MCP:<name>
-    # Normalize: trim whitespace, lowercase (patterns must match TOOL_NORM)
-    TOOL_NORM="$(echo "$TOOL_NAME" | tr -d '[:space:]' | tr '[:upper:]' '[:lower:]')"
+    # preToolUse: Shell, Read, Write, Grep, Delete, Task, WebSearch, Agent, MCP:*, etc.
+    # See docs/FRAMEWORK_TOOL_MAPPING_AUDIT.md and https://cursor.com/docs/agent/hooks
+    TOOL_NORM="$(printf '%s' "$TOOL_NAME" | tr -d '[:space:]' | sed 's/^functions\.//' | sed 's/(.*$//' | tr '[:upper:]' '[:lower:]')"
     case "$TOOL_NORM" in
-        shell)
+        shell | bash)
             GUARDRAIL_TOOL="bash"
             CONTEXT_JSON="$(safe_jq "$INPUT" '{command: (.tool_input.command // "")}')"
             ;;
-        read | grep | glob | semanticsearch)
-            # Read-family: allow without calling evaluator (matches Claude Code behavior)
+        read | readfile | semanticsearch)
+            TOOL_INPUT="$(safe_jq "$INPUT" '.tool_input // {}')"
+            if ! aport_hook_try_read_evaluation "$TOOL_NORM" "$TOOL_INPUT"; then
+                exit 0
+            fi
+            ;;
+        grep | glob | ls | lsp | listmcpresourcestool | readmcpresourcetool | toolsearch | waitformcpservers | taskget | tasklist | taskoutput | cronlist)
             exit 0
             ;;
-        write | strreplace | editnotebook)
+        write | strreplace | edit | multiedit | editnotebook | applypatch | notebookedit | delete)
             GUARDRAIL_TOOL="write"
             CONTEXT_JSON="$(safe_jq "$INPUT" '{file_path: (.tool_input.file_path // .tool_input.path // "")}')"
             ;;
-        delete)
-            GUARDRAIL_TOOL="write"
-            CONTEXT_JSON="$(safe_jq "$INPUT" '{file_path: (.tool_input.file_path // .tool_input.path // "")}')"
+        websearch | webfetch)
+            GUARDRAIL_TOOL="websearch"
+            CONTEXT_JSON="$(safe_jq "$INPUT" '{url: (.tool_input.url // ""), query: (.tool_input.query // "")}')"
+            ;;
+        browser)
+            GUARDRAIL_TOOL="browser"
+            CONTEXT_JSON="$(safe_jq "$INPUT" '{url: (.tool_input.url // "")}')"
             ;;
-        task)
+        task | agent | taskcreate | taskupdate | taskstop | skill | subagent | subagentstart | sendmessage | teamcreate | teamdelete)
             GUARDRAIL_TOOL="session.create"
             CONTEXT_JSON="$(safe_jq "$INPUT" '{description: (.tool_input.description // .tool_input.prompt // "")}')"
             ;;
-        mcp:*)
+        croncreate | crondelete)
+            GUARDRAIL_TOOL="session.create"
+            CONTEXT_JSON="$(safe_jq "$INPUT" '{description: (.tool_input.description // .tool_input.schedule // "")}')"
+            ;;
+        mcp__* | mcp:* | callmcptool)
             GUARDRAIL_TOOL="mcp.tool"
             CONTEXT_JSON="$(safe_jq "$INPUT" '{tool_name: (.tool_name // ""), tool_input: (.tool_input // {})}')"
             ;;
         *)
-            # Unknown preToolUse tool: fail-closed
             deny "🛡️ APort: unknown tool '$TOOL_NAME' — fail-closed policy"
             ;;
     esac
@@ -154,6 +170,15 @@ if [ -n "$HOOK_DECISION_FILE" ]; then
     export OPENCLAW_DECISION_FILE="$HOOK_DECISION_FILE"
 fi
 
+# Read tools: send only file_path to the evaluator (Cursor may attach large file bodies in tool_input).
+if [ "$GUARDRAIL_TOOL" = "read" ]; then
+    CONTEXT_JSON="$(printf '%s' "$CONTEXT_JSON" | jq -c '{file_path: (.file_path // .path // "")}' 2> /dev/null || echo '{"file_path":""}')"
+    if [ -z "$(printf '%s' "$CONTEXT_JSON" | jq -r '.file_path // ""' 2> /dev/null)" ]; then
+        echo '{"permission":"allow","allowed":true}'
+        exit 0
+    fi
+fi
+
 # Call core evaluator
 set +e
 "$GUARDRAIL" "$GUARDRAIL_TOOL" "$CONTEXT_JSON" 2> /dev/null

package/bin/aport-guardrail-bash.sh

@@ -301,6 +301,17 @@ else
     LIMITS=$(echo "$PASSPORT" | jq ".limits.\"$POLICY_BASE\" // {}")
 fi
 
+is_default_sensitive_read_path() {
+    local path_lower
+    path_lower="$(printf '%s' "$1" | tr '[:upper:]' '[:lower:]')"
+    case "$path_lower" in
+        .env* | */.env* | .aws/* | */.aws/* | .ssh/* | */.ssh/* | *credentials* | *id_rsa* | *id_dsa* | *id_ecdsa* | *id_ed25519* | *.pem | *.key | *password* | .gnupg/* | */.gnupg/* | .kube/* | */.kube/*)
+            return 0
+            ;;
+    esac
+    return 1
+}
+
 # Evaluate policy-specific limits
 if [[ "$POLICY_ID" == "code.repository.merge"* ]]; then
     FILES_CHANGED=$(echo "$CONTEXT_JSON" | jq -r '.files_changed // .files // 0')
@@ -426,6 +437,10 @@ fi
 if [[ "$POLICY_ID" == "data.file.read.v1" ]]; then
     FILE_PATH=$(echo "$CONTEXT_JSON" | jq -r '.file_path // .path // ""')
     if [ -n "$FILE_PATH" ]; then
+        if is_default_sensitive_read_path "$FILE_PATH"; then
+            write_decision false "$POLICY_ID" "oap.blocked_pattern" "File path matches default sensitive read pattern"
+        fi
+
         # Check allowed paths
         PATH_ALLOWED=false
         while IFS= read -r allowed_path; do

package/bin/aport-reset-framework.sh

@@ -0,0 +1,263 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+LIB="$(cd "$(dirname "${BASH_SOURCE[0]:-.}")/lib" && pwd)"
+# shellcheck source=./lib/common.sh
+source "$LIB/common.sh"
+# shellcheck source=./lib/config.sh
+source "$LIB/config.sh"
+
+framework="${1:-}"
+shift || true
+
+if [[ -z "$framework" ]]; then
+    log_error "Usage: agent-guardrails reset <framework> [--yes]"
+    exit 1
+fi
+
+yes_mode="${APORT_NONINTERACTIVE:-${CI:-}}"
+while [[ $# -gt 0 ]]; do
+    case "$1" in
+        --yes | -y)
+            yes_mode=1
+            ;;
+        *)
+            log_error "Unknown reset option: $1"
+            exit 1
+            ;;
+    esac
+    shift
+done
+
+framework="$(echo "$framework" | tr '[:upper:]' '[:lower:]')"
+config_dir="$(get_config_dir "$framework")"
+config_dir="${config_dir/#\~/$HOME}"
+
+confirm_reset() {
+    if [[ -n "$yes_mode" ]]; then
+        return 0
+    fi
+
+    echo ""
+    echo "  Reset APort for $framework"
+    echo "  ──────────────────────────"
+    echo "  This removes APort-owned local config and hook/plugin wiring for this framework."
+    echo "  Other framework settings are preserved when possible."
+    echo ""
+
+    local answer
+    read -r -p "  Continue? [y/N]: " answer
+    case "$answer" in
+        y | Y | yes | YES) ;;
+        *)
+            echo "  Reset cancelled."
+            exit 0
+            ;;
+    esac
+}
+
+backup_file() {
+    local file="$1"
+    if [[ -f "$file" ]]; then
+        cp "$file" "${file}.bak"
+    fi
+}
+
+remove_dir_if_exists() {
+    local dir="$1"
+    if [[ -d "$dir" ]]; then
+        rm -rf "$dir"
+        echo "  ✅ Removed $dir"
+    fi
+}
+
+remove_file_if_exists() {
+    local file="$1"
+    if [[ -f "$file" ]]; then
+        rm -f "$file"
+        echo "  ✅ Removed $file"
+    fi
+}
+
+cleanup_claude_settings() {
+    local settings_file="$1"
+    if [[ ! -f "$settings_file" ]]; then
+        return 0
+    fi
+    if ! command -v jq &> /dev/null; then
+        log_warn "jq not found; leaving Claude settings intact at $settings_file"
+        return 0
+    fi
+
+    local tmpfile
+    tmpfile="$(mktemp "${settings_file}.XXXXXX")"
+    if jq '
+        if (.hooks.PreToolUse? // null) == null then
+            .
+        else
+            .hooks.PreToolUse = (
+                (.hooks.PreToolUse // [])
+                | map(
+                    if (.hooks? // null) == null then
+                        .
+                    else
+                        .hooks = (
+                            (.hooks // [])
+                            | map(select((((.command // "") | test("aport-(cursor-hook|claude-code-hook)\\.sh$")) | not)))
+                        )
+                    end
+                )
+                | map(select(((.hooks? // []) | length) > 0))
+            )
+            | if ((.hooks.PreToolUse // []) | length) == 0 then del(.hooks.PreToolUse) else . end
+            | if ((.hooks // {}) | keys | length) == 0 then del(.hooks) else . end
+        end
+    ' "$settings_file" > "$tmpfile"; then
+        backup_file "$settings_file"
+        mv "$tmpfile" "$settings_file"
+        echo "  ✅ Removed APort Claude Code hook entries from $settings_file"
+    else
+        rm -f "$tmpfile"
+        log_warn "Failed to clean Claude settings at $settings_file"
+    fi
+}
+
+cleanup_cursor_hooks() {
+    local hooks_file="$1"
+    if [[ ! -f "$hooks_file" ]]; then
+        return 0
+    fi
+    if ! command -v jq &> /dev/null; then
+        log_warn "jq not found; leaving Cursor hooks intact at $hooks_file"
+        return 0
+    fi
+
+    local tmpfile
+    tmpfile="$(mktemp "${hooks_file}.XXXXXX")"
+    if jq '
+        def strip_aport_hooks:
+            (. // []) | map(select((((.command // "") | test("aport-(cursor-hook|claude-code-hook)\\.sh$")) | not)));
+        .hooks.beforeShellExecution = ((.hooks.beforeShellExecution // []) | strip_aport_hooks) |
+        .hooks.preToolUse = ((.hooks.preToolUse // []) | strip_aport_hooks) |
+        .hooks.beforeMCPExecution = ((.hooks.beforeMCPExecution // []) | strip_aport_hooks) |
+        .hooks.subagentStart = ((.hooks.subagentStart // []) | strip_aport_hooks) |
+        if ((.hooks.beforeShellExecution // []) | length) == 0 then del(.hooks.beforeShellExecution) else . end |
+        if ((.hooks.preToolUse // []) | length) == 0 then del(.hooks.preToolUse) else . end |
+        if ((.hooks.beforeMCPExecution // []) | length) == 0 then del(.hooks.beforeMCPExecution) else . end |
+        if ((.hooks.subagentStart // []) | length) == 0 then del(.hooks.subagentStart) else . end |
+        if ((.hooks // {}) | keys | length) == 0 then del(.hooks) else . end
+    ' "$hooks_file" > "$tmpfile"; then
+        backup_file "$hooks_file"
+        mv "$tmpfile" "$hooks_file"
+        echo "  ✅ Removed APort Cursor hook entries from $hooks_file"
+    else
+        rm -f "$tmpfile"
+        log_warn "Failed to clean Cursor hooks at $hooks_file"
+    fi
+}
+
+cleanup_openclaw_json() {
+    local openclaw_json="$1"
+    if [[ ! -f "$openclaw_json" ]]; then
+        return 0
+    fi
+    if ! command -v jq &> /dev/null; then
+        log_warn "jq not found; leaving OpenClaw JSON config intact at $openclaw_json"
+        return 0
+    fi
+
+    local tmpfile
+    tmpfile="$(mktemp "${openclaw_json}.XXXXXX")"
+    if jq '
+        .plugins = (.plugins // {}) |
+        .plugins.entries = ((.plugins.entries // {}) | del(.["openclaw-aport"])) |
+        .plugins.installs = ((.plugins.installs // {}) | del(.["openclaw-aport"])) |
+        .plugins.load = (.plugins.load // {}) |
+        .plugins.load.paths = ((.plugins.load.paths // []) | map(select((type == "string" and contains("/openclaw-aport")) | not))) |
+        if ((.plugins.entries // {}) | keys | length) == 0 then del(.plugins.entries) else . end |
+        if ((.plugins.installs // {}) | keys | length) == 0 then del(.plugins.installs) else . end |
+        if ((.plugins.load.paths // []) | length) == 0 then del(.plugins.load.paths) else . end |
+        if ((.plugins.load // {}) | keys | length) == 0 then del(.plugins.load) else . end |
+        if ((.plugins // {}) | keys | length) == 0 then del(.plugins) else . end
+    ' "$openclaw_json" > "$tmpfile"; then
+        backup_file "$openclaw_json"
+        mv "$tmpfile" "$openclaw_json"
+        echo "  ✅ Removed APort OpenClaw entries from $openclaw_json"
+    else
+        rm -f "$tmpfile"
+        log_warn "Failed to clean OpenClaw JSON config at $openclaw_json"
+    fi
+}
+
+cleanup_python_framework() {
+    local config_dir="$1"
+    remove_dir_if_exists "$config_dir/aport"
+    remove_file_if_exists "$config_dir/config.yaml"
+}
+
+cleanup_n8n() {
+    local config_dir="$1"
+    remove_dir_if_exists "$config_dir/aport"
+}
+
+cleanup_claude() {
+    local settings_file="$config_dir/settings.json"
+    remove_dir_if_exists "$config_dir/aport"
+    cleanup_claude_settings "$settings_file"
+}
+
+cleanup_cursor() {
+    local hooks_file="$config_dir/hooks.json"
+    remove_dir_if_exists "$config_dir/aport"
+    cleanup_cursor_hooks "$hooks_file"
+}
+
+cleanup_openclaw() {
+    local openclaw_json="$config_dir/openclaw.json"
+    remove_dir_if_exists "$config_dir/aport"
+    remove_dir_if_exists "$config_dir/extensions/openclaw-aport"
+    remove_dir_if_exists "$config_dir/skills/aport-guardrail"
+    remove_file_if_exists "$config_dir/.aport-repo"
+    remove_file_if_exists "$config_dir/.skills/aport-guardrail.sh"
+    remove_file_if_exists "$config_dir/.skills/aport-guardrail-bash.sh"
+    remove_file_if_exists "$config_dir/.skills/aport-guardrail-api.sh"
+    remove_file_if_exists "$config_dir/.skills/aport-guardrail-v2.sh"
+    remove_file_if_exists "$config_dir/.skills/aport-create-passport.sh"
+    remove_file_if_exists "$config_dir/.skills/aport-status.sh"
+    cleanup_openclaw_json "$openclaw_json"
+    if [[ -f "$config_dir/config.yaml" ]]; then
+        log_warn "OpenClaw config.yaml may still contain APort plugin config. Review $config_dir/config.yaml if you need a completely pristine OpenClaw config."
+    fi
+}
+
+confirm_reset
+
+echo "[aport] Resetting framework: $framework" >&2
+
+case "$framework" in
+    claude-code)
+        cleanup_claude
+        ;;
+    cursor)
+        cleanup_cursor
+        ;;
+    openclaw)
+        cleanup_openclaw
+        ;;
+    langchain | crewai | deerflow)
+        cleanup_python_framework "$config_dir"
+        ;;
+    n8n)
+        cleanup_n8n "$config_dir"
+        ;;
+    *)
+        log_error "Unsupported framework reset: $framework"
+        exit 1
+        ;;
+esac
+
+echo ""
+echo "  Reset complete for $framework."
+echo "  Re-run the setup command when you want a fresh install."
+echo ""