npm - @avesta-hq/prevention - Versions diffs - 0.1.0 → 0.2.0 - Mend

@avesta-hq/prevention 0.1.0 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

package/README.md CHANGED Viewed

@@ -8,7 +8,7 @@ Build the product right. Ship value fast. Learn continuously.
 ## What is Prevention?
-Prevention turns [Claude Code](https://claude.ai/claude-code) into a disciplined engineering partner. Instead of just generating code, it enforces **TDD, Clean Architecture, ATDD, and Continuous Delivery** — the practices that separate elite teams from the rest.
+Prevention turns [Claude Code](https://claude.com/product/claude-code) into a disciplined engineering partner. Instead of just generating code, it enforces **TDD, Clean Architecture, ATDD, and Continuous Delivery** — the practices that separate elite teams from the rest.
 One command to set up. Slash commands to drive the workflow. Gates to keep you honest.
@@ -37,9 +37,9 @@ Each phase has gates that ensure prerequisites are met before you move forward.
 ---
-## Commands
+## Agents
-27 slash commands organized by workflow phase:
+27 specialized agents organized by workflow phase:
 | Phase                | Command                           | Purpose                                              |
 | -------------------- | --------------------------------- | ---------------------------------------------------- |
@@ -77,13 +77,13 @@ Each phase has gates that ensure prerequisites are met before you move forward.
 | Feature              | Free                                               | Pro                  |
 | -------------------- | -------------------------------------------------- | -------------------- |
-| **Core TDD**         | `/avesta-red`, `/avesta-green`, `/avesta-refactor` | All 27 commands      |
-| **Setup**            | `/avesta-init`, `/avesta-scaffold`, `/avesta-help` | All 28 agents        |
+| **Core TDD**         | `/avesta-red`, `/avesta-green`, `/avesta-refactor` | All 27 agents        |
+| **Setup**            | `/avesta-init`, `/avesta-scaffold`, `/avesta-help` | All 27 agents        |
 | **Skills**           | -                                                  | 27 contextual skills |
 | **Gate enforcement** | -                                                  | Automated gates      |
 | **Projects**         | 1                                                  | Unlimited            |
-Free tier gives you the core TDD loop. Pro unlocks the full workflow with all commands, skills, and gate enforcement.
+Free tier gives you the core TDD loop. Pro unlocks the full workflow with all agents, skills, and gate enforcement.
 ---
@@ -109,5 +109,5 @@ Then restart Claude Code.
 ## Requirements
 - Node.js >= 18
-- [Claude Code](https://claude.ai/claude-code) CLI
+- [Claude Code](https://claude.com/product/claude-code) CLI

package/bin/cli.js CHANGED Viewed

@@ -1,492 +1,10 @@
 #!/usr/bin/env node
-const fs = require('fs');
-const path = require('path');
-const { execSync } = require('child_process');
 const args = process.argv.slice(2);
 const command = args[0];
-const COMMANDS_DIR = path.join(__dirname, '..', '.claude', 'commands');
-const AGENTS_DIR = path.join(__dirname, '..', '.claude', 'agents');
-const AVESTA_DIR = path.join(__dirname, '..', '.avesta');
-const CLAUDE_MD = path.join(__dirname, '..', 'CLAUDE.md');
 const GITHUB_RELEASES_REPO = 'avesta-hq/prevention-releases';
-const PREVENTION_SECTION_START = '<!-- prevention:start -->';
-const PREVENTION_SECTION_END = '<!-- prevention:end -->';
-const PREVENTION_CLAUDE_MD_SECTION = `${PREVENTION_SECTION_START}
-## Prevention — MCP Server Integration
-This project uses [Prevention](https://github.com/avesta-hq/prevention) as an MCP server for XP/CD workflow enforcement.
-**When starting work:**
-1. Run \`/avesta-help\` to see current status and next steps
-2. The workflow tracks your phase (vision → plan → atdd → tdd → review → ship)
-3. Gates enforce that prerequisites are met before advancing
-**Key commands:**
-- \`/avesta-plan <feature>\` — Break feature into TDD-ready tasks
-- \`/avesta-red <behavior>\` — Write ONE failing test
-- \`/avesta-green\` — Minimal code to make it pass
-- \`/avesta-refactor\` — Improve structure (tests must stay green)
-- \`/avesta-code-review\` — Domain-specific code review
-- \`/avesta-commit\` — Conventional commit
-- \`/avesta-ship\` — Merge to main
-Run \`/avesta-help\` for the full command list.
-${PREVENTION_SECTION_END}`;
-function ensureClaudeMdSection(targetDir) {
-  const claudeMdPath = path.join(targetDir, 'CLAUDE.md');
-  // Case 1: No CLAUDE.md — create with Prevention section
-  if (!fs.existsSync(claudeMdPath)) {
-    fs.writeFileSync(claudeMdPath, PREVENTION_CLAUDE_MD_SECTION + '\n', 'utf-8');
-    console.log('  ✓ Created CLAUDE.md with Prevention section');
-    return;
-  }
-  const content = fs.readFileSync(claudeMdPath, 'utf-8');
-  // Case 2: CLAUDE.md exists with Prevention section — replace it (update)
-  if (content.includes(PREVENTION_SECTION_START)) {
-    const regex = new RegExp(
-      escapeRegExp(PREVENTION_SECTION_START) + '[\\s\\S]*?' + escapeRegExp(PREVENTION_SECTION_END),
-      'm'
-    );
-    const updated = content.replace(regex, PREVENTION_CLAUDE_MD_SECTION);
-    fs.writeFileSync(claudeMdPath, updated, 'utf-8');
-    console.log('  ✓ Updated Prevention section in CLAUDE.md');
-    return;
-  }
-  // Case 3: CLAUDE.md exists without Prevention section — append
-  const separator = content.endsWith('\n') ? '\n' : '\n\n';
-  fs.writeFileSync(claudeMdPath, content + separator + PREVENTION_CLAUDE_MD_SECTION + '\n', 'utf-8');
-  console.log('  ✓ Added Prevention section to CLAUDE.md');
-}
-function escapeRegExp(str) {
-  return str.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
-}
-function copyDir(src, dest) {
-  if (!fs.existsSync(dest)) {
-    fs.mkdirSync(dest, { recursive: true });
-  }
-  const entries = fs.readdirSync(src, { withFileTypes: true });
-  for (const entry of entries) {
-    const srcPath = path.join(src, entry.name);
-    const destPath = path.join(dest, entry.name);
-    if (entry.isDirectory()) {
-      copyDir(srcPath, destPath);
-    } else {
-      fs.copyFileSync(srcPath, destPath);
-    }
-  }
-}
-function getPlatformBinaryName() {
-  const platform = process.platform;
-  const arch = process.arch;
-  if (platform === 'linux' && arch === 'x64') return 'prevention-linux-x64';
-  if (platform === 'darwin' && arch === 'arm64') return 'prevention-darwin-arm64';
-  if (platform === 'darwin' && arch === 'x64') return 'prevention-darwin-x64';
-  return null;
-}
-function getLatestVersion() {
-  try {
-    const result = execSync(
-      `curl -sI "https://github.com/${GITHUB_RELEASES_REPO}/releases/latest" | grep -i ^location:`,
-      { encoding: 'utf8', timeout: 10000 }
-    );
-    const match = result.match(/\/tag\/(v[^\s\r\n]+)/);
-    return match ? match[1] : null;
-  } catch {
-    return null;
-  }
-}
-function downloadBinary(targetDir) {
-  const binaryName = getPlatformBinaryName();
-  if (!binaryName) {
-    console.error(`  ⚠ Unsupported platform: ${process.platform}-${process.arch}`);
-    console.error(`    Supported: linux-x64, darwin-arm64, darwin-x64`);
-    return null;
-  }
-  const binDir = path.join(targetDir, '.avesta', 'bin');
-  const binaryPath = path.join(binDir, 'prevention');
-  const version = getLatestVersion();
-  if (!version) {
-    console.error('  ⚠ Could not determine latest release version');
-    return null;
-  }
-  const url = `https://github.com/${GITHUB_RELEASES_REPO}/releases/download/${version}/${binaryName}`;
-  if (!fs.existsSync(binDir)) {
-    fs.mkdirSync(binDir, { recursive: true });
-  }
-  try {
-    console.log(`  Downloading MCP server (${version}, ${process.platform}-${process.arch})...`);
-    execSync(`curl -sL "${url}" -o "${binaryPath}"`, { timeout: 60000 });
-    fs.chmodSync(binaryPath, 0o755);
-    return binaryPath;
-  } catch (e) {
-    console.error(`  ⚠ Failed to download binary from ${url}`);
-    return null;
-  }
-}
-function isInsideNodeModules() {
-  return __dirname.includes('node_modules');
-}
-function findSessionStartCommand() {
-  if (isInsideNodeModules()) {
-    return 'npx @avesta-hq/prevention session-start';
-  }
-  return `node ${path.resolve(__dirname, 'cli.js')} session-start`;
-}
-function configureSessionStartHook(targetDir) {
-  const claudeDir = path.join(targetDir, '.claude');
-  const settingsPath = path.join(claudeDir, 'settings.json');
-  if (!fs.existsSync(claudeDir)) {
-    fs.mkdirSync(claudeDir, { recursive: true });
-  }
-  let settings = {};
-  if (fs.existsSync(settingsPath)) {
-    try {
-      settings = JSON.parse(fs.readFileSync(settingsPath, 'utf8'));
-    } catch {
-      settings = {};
-    }
-  }
-  if (!settings.hooks) {
-    settings.hooks = {};
-  }
-  const command = findSessionStartCommand();
-  const existingHooks = settings.hooks.SessionStart || [];
-  const alreadyConfigured = existingHooks.some(entry =>
-    entry.hooks && entry.hooks.some(h => h.command && h.command.includes('prevention session-start'))
-  );
-  if (!alreadyConfigured) {
-    settings.hooks.SessionStart = [
-      ...existingHooks,
-      {
-        matcher: '',
-        hooks: [{ type: 'command', command }],
-      },
-    ];
-  }
-  fs.writeFileSync(settingsPath, JSON.stringify(settings, null, 2) + '\n');
-  return true;
-}
-function configureStatusLine(targetDir) {
-  const claudeDir = path.join(targetDir, '.claude');
-  const settingsPath = path.join(claudeDir, 'settings.json');
-  const statusLineSrc = path.join(targetDir, '.avesta', 'statusLine.js');
-  if (!fs.existsSync(statusLineSrc)) return;
-  let settings = {};
-  if (fs.existsSync(settingsPath)) {
-    try {
-      settings = JSON.parse(fs.readFileSync(settingsPath, 'utf8'));
-    } catch {
-      settings = {};
-    }
-  }
-  // Always set/update the status line to point to our script
-  settings.statusLine = {
-    type: 'command',
-    command: `node ${statusLineSrc}`,
-  };
-  fs.writeFileSync(settingsPath, JSON.stringify(settings, null, 2) + '\n');
-}
-function configureMcpServer(targetDir, binaryPath) {
-  const mcpJsonPath = path.join(targetDir, '.mcp.json');
-  let mcpConfig = {};
-  if (fs.existsSync(mcpJsonPath)) {
-    try {
-      mcpConfig = JSON.parse(fs.readFileSync(mcpJsonPath, 'utf8'));
-    } catch {
-      mcpConfig = {};
-    }
-  }
-  if (!mcpConfig.mcpServers) {
-    mcpConfig.mcpServers = {};
-  }
-  if (binaryPath) {
-    mcpConfig.mcpServers['prevention'] = { command: path.resolve(binaryPath) };
-  } else {
-    // Fallback: use npx serve (runs from source in dev)
-    mcpConfig.mcpServers['prevention'] = {
-      command: 'npx',
-      args: ['@avesta-hq/prevention', 'serve'],
-    };
-  }
-  fs.writeFileSync(mcpJsonPath, JSON.stringify(mcpConfig, null, 2) + '\n');
-  return true;
-}
-// ── Session Start Hook ──────────────────────────────────────────────
-// Outputs {"additionalContext": "<banner>"} for Claude Code SessionStart hook.
-// Fail-open: always exits 0, never blocks the session.
-function syncFiles() {
-  const cwd = process.cwd();
-  const claudeDir = path.join(cwd, '.claude');
-  if (!fs.existsSync(claudeDir)) return;
-  const mcpJsonPath = path.join(cwd, '.mcp.json');
-  if (!fs.existsSync(mcpJsonPath)) return;
-  try {
-    const cfg = JSON.parse(fs.readFileSync(mcpJsonPath, 'utf8'));
-    if (!cfg?.mcpServers?.['prevention']) return;
-  } catch { return; }
-  if (fs.existsSync(COMMANDS_DIR)) copyDir(COMMANDS_DIR, path.join(claudeDir, 'commands'));
-  if (fs.existsSync(AGENTS_DIR)) copyDir(AGENTS_DIR, path.join(claudeDir, 'agents'));
-}
-function sessionStart() {
-  try {
-    syncFiles();
-    const cwd = process.cwd();
-    const statePath = path.join(cwd, '.avesta', 'workflow-state.json');
-    if (!fs.existsSync(statePath)) {
-      const banner = generateWelcomeBanner();
-      process.stdout.write(JSON.stringify({ additionalContext: banner }));
-      process.exit(0);
-    }
-    const raw = fs.readFileSync(statePath, 'utf-8');
-    const state = JSON.parse(raw);
-    const banner = generateStatusBanner(state);
-    process.stdout.write(JSON.stringify({ additionalContext: banner }));
-    process.exit(0);
-  } catch {
-    process.exit(0);
-  }
-}
-function getVersion() {
-  try {
-    const pkg = JSON.parse(fs.readFileSync(path.join(__dirname, '..', 'package.json'), 'utf-8'));
-    return pkg.version || '0.0.0';
-  } catch {
-    return '0.0.0';
-  }
-}
-function getLicenseTier() {
-  try {
-    const homeDir = require('os').homedir();
-    const cachePath = path.join(homeDir, '.avesta', 'license-cache.json');
-    if (fs.existsSync(cachePath)) {
-      const cache = JSON.parse(fs.readFileSync(cachePath, 'utf-8'));
-      if (cache.tier && cache.tier !== 'free') return cache.tier;
-    }
-  } catch {}
-  return 'free';
-}
-const BOX_WIDTH = 57; // inner width between │ and │
-function boxLine(text) {
-  // Account for Unicode characters that take visual space but have different string lengths
-  // Common multi-byte: →(1 visual, 3 bytes), ◆(1 visual, 3 bytes), █░✓○(each 1 visual, 3 bytes)
-  const visualLen = [...text].reduce((len, ch) => {
-    const code = ch.codePointAt(0);
-    // Most Unicode symbols above basic ASCII are single-width visually
-    return len + 1;
-  }, 0);
-  const padding = Math.max(0, BOX_WIDTH - visualLen);
-  return `│ ${text}${' '.repeat(padding)} │`;
-}
-function boxTop() { return '┌' + '─'.repeat(BOX_WIDTH + 2) + '┐'; }
-function boxMid() { return '├' + '─'.repeat(BOX_WIDTH + 2) + '┤'; }
-function boxBot() { return '└' + '─'.repeat(BOX_WIDTH + 2) + '┘'; }
-function boxEmpty() { return boxLine(''); }
-function generateWelcomeBanner() {
-  const version = getVersion();
-  const tier = getLicenseTier();
-  return [
-    '',
-    boxTop(),
-    boxEmpty(),
-    boxLine('  ◆  A V E S T A H Q   P R E V E N T I O N'),
-    boxLine('     Continuous Delivery as a Learning System'),
-    boxEmpty(),
-    boxLine(`     v${version}  ·  ${tier.toUpperCase()} tier  ·  AvestaHQ`),
-    boxEmpty(),
-    boxMid(),
-    boxEmpty(),
-    boxLine('  Get started:'),
-    boxLine('    /avesta-init [backend|frontend]   Init workflow'),
-    boxLine('    /avesta-scaffold                  New project'),
-    boxLine('    /avesta-help                      All commands'),
-    boxEmpty(),
-    boxLine('  Workflow:'),
-    boxLine('    vision -> plan -> atdd -> tdd -> review -> ship'),
-    boxEmpty(),
-    boxBot(),
-    '',
-  ].join('\n');
-}
-function generateStatusBanner(state) {
-  const phase = state.current_phase || 'idle';
-  const feature = state.feature || '(none)';
-  const gates = state.gates || {};
-  const changeType = state.change_type || 'feature';
-  const tddState = state.tdd_state;
-  const mode = state.mode || 'normal';
-  const GATE_ORDER = [
-    'vision_approved',
-    'plan_approved',
-    'atdd_approved',
-    'characterization_complete',
-    'tdd_complete',
-    'driver_complete',
-    'review_approved',
-  ];
-  const GATE_LABELS = {
-    vision_approved: 'Vision',
-    plan_approved: 'Plan',
-    atdd_approved: 'ATDD',
-    characterization_complete: 'Characterization',
-    tdd_complete: 'TDD',
-    driver_complete: 'Driver',
-    review_approved: 'Review',
-  };
-  const CHANGE_TYPE_GATES = {
-    feature: GATE_ORDER,
-    bug_fix: ['plan_approved', 'tdd_complete', 'review_approved'],
-    enhancement: ['plan_approved', 'atdd_approved', 'tdd_complete', 'driver_complete', 'review_approved'],
-    tech_debt: ['plan_approved', 'characterization_complete', 'tdd_complete', 'review_approved'],
-  };
-  const requiredGates = CHANGE_TYPE_GATES[changeType] || GATE_ORDER;
-  let passedCount = 0;
-  const gateParts = [];
-  for (const g of requiredGates) {
-    const passed = gates[g] === true;
-    if (passed) passedCount++;
-    const icon = passed ? '✓' : '○';
-    gateParts.push(`${icon} ${GATE_LABELS[g] || g}`);
-  }
-  const totalGates = requiredGates.length;
-  const GATE_NEXT_ACTIONS = {
-    vision_approved: 'Define product vision -> /avesta-vision',
-    plan_approved: 'Create feature plan -> /avesta-plan',
-    atdd_approved: 'Write acceptance tests -> /avesta-acceptance-test',
-    tdd_complete: 'Complete TDD cycles -> /avesta-red, /avesta-green, /avesta-refactor or /avesta-layer (all-tests-first per layer)',
-    driver_complete: 'Implement protocol drivers -> /avesta-driver',
-    review_approved: 'Code review -> /avesta-code-review',
-  };
-  let nextAction = 'Ship the feature -> /avesta-ship';
-  for (const g of requiredGates) {
-    if (gates[g] !== true) {
-      nextAction = GATE_NEXT_ACTIONS[g] || `Complete ${g}`;
-      break;
-    }
-  }
-  const PHASE_COMMANDS = {
-    idle: '/avesta-vision /avesta-plan /avesta-bug-fix /avesta-enhance /avesta-tech-debt /avesta-help',
-    vision: '/avesta-vision /avesta-plan /avesta-help',
-    plan: '/avesta-plan /avesta-acceptance-test /avesta-help',
-    atdd: '/avesta-acceptance-test /avesta-dsl /avesta-driver /avesta-help',
-    tdd: '/avesta-red /avesta-green /avesta-refactor /avesta-cycle /avesta-layer /avesta-help',
-    driver: '/avesta-driver /avesta-help',
-    review: '/avesta-code-review /avesta-ship /avesta-help',
-    ship: '/avesta-ship /avesta-commit /avesta-help',
-  };
-  const commands = PHASE_COMMANDS[phase] || '/avesta-help';
-  const version = getVersion();
-  const tier = getLicenseTier();
-  // Progress bar
-  const progressPct = totalGates > 0 ? Math.round((passedCount / totalGates) * 100) : 0;
-  const barTotal = 20;
-  const barFilled = Math.round((passedCount / totalGates) * barTotal);
-  const progressBar = '#'.repeat(barFilled) + '-'.repeat(barTotal - barFilled);
-  // Phase indicator
-  const PHASES = ['vision', 'plan', 'atdd', 'tdd', 'driver', 'review', 'ship'];
-  const phaseDisplay = PHASES.map(p => p === phase ? `[${p.toUpperCase()}]` : p).join(' > ');
-  // Tags
-  const tags = [];
-  if (mode === 'spike') tags.push('SPIKE');
-  if (changeType && changeType !== 'feature') tags.push(changeType.toUpperCase().replace('_', ' '));
-  if (phase === 'tdd' && tddState) tags.push(`${tddState.cycle.toUpperCase()} (${tddState.test_count} tests)`);
-  const tagLine = tags.length > 0 ? `  ${tags.map(t => `[${t}]`).join(' ')}` : '';
-  // Gate icons
-  const gateIcons = requiredGates.map(g => gates[g] === true ? '[x]' : '[ ]').join(' ');
-  return [
-    '',
-    boxTop(),
-    boxLine('  ◆  A V E S T A H Q   P R E V E N T I O N'),
-    boxLine(`     v${version}  ·  ${tier.toUpperCase()} tier  ·  AvestaHQ`),
-    boxMid(),
-    boxLine(`  Feature:  ${feature.substring(0, 44)}`),
-    boxLine(`  Phase:    ${phase.toUpperCase()}${tagLine}`),
-    boxLine(`  Progress: [${progressBar}] ${progressPct}%`),
-    boxLine(`  Gates:    ${passedCount}/${totalGates} ${gateIcons}`),
-    boxMid(),
-    boxLine(`  ${phaseDisplay}`),
-    boxMid(),
-    boxLine(`  Next: ${nextAction.substring(0, 48)}`),
-    boxBot(),
-    '',
-  ].join('\n');
-}
 function printHelp() {
   console.log(`
 Avesta Prevention - XP/CD Development Commands for Claude Code
@@ -495,9 +13,11 @@ Usage:
   npx @avesta-hq/prevention <command>
 Commands:
-  init                   Full setup: commands, agents, MCP server, CLAUDE.md
+  init                   Full setup: commands, agents, MCP server, hooks, CLAUDE.md
   serve                  Start the MCP server (used by Claude Code)
   session-start          Output session context (used by SessionStart hook)
+  hook pre-tool-use      Workflow enforcement hook (blocks unauthorized edits)
+  hook prompt-submit     Context injection hook (injects workflow state)
   update                 Update MCP server binary to latest version
 Examples:
@@ -505,7 +25,7 @@ Examples:
   npx @avesta-hq/prevention init
 After initialization:
-  1. Start Claude Code in your project
+  1. Start Claude Code in this project
   2. Run /avesta-help to see status and available commands
   3. Run /avesta-init backend to initialize workflow tracking
   4. Run /avesta-scaffold to scaffold project structure (greenfield)
@@ -515,120 +35,31 @@ Documentation:
 `);
 }
-function init() {
-  const targetDir = process.cwd();
-  const claudeDir = path.join(targetDir, '.claude');
-  const commandsTarget = path.join(claudeDir, 'commands');
-  // Create .claude directory
-  if (!fs.existsSync(claudeDir)) {
-    fs.mkdirSync(claudeDir, { recursive: true });
-  }
-  // Copy commands
-  if (fs.existsSync(COMMANDS_DIR)) {
-    copyDir(COMMANDS_DIR, commandsTarget);
-  } else {
-    console.error('✗ Commands directory not found');
-    process.exit(1);
-  }
-  // Copy agents
-  if (fs.existsSync(AGENTS_DIR)) {
-    const agentsTarget = path.join(claudeDir, 'agents');
-    copyDir(AGENTS_DIR, agentsTarget);
-  }
-  // Copy .avesta directory (workflow state, schemas)
-  if (fs.existsSync(AVESTA_DIR)) {
-    const cdAgentTarget = path.join(targetDir, '.avesta');
-    copyDir(AVESTA_DIR, cdAgentTarget);
-  }
-  // Download MCP server binary and configure
-  const binaryPath = downloadBinary(targetDir);
-  configureMcpServer(targetDir, binaryPath);
-  configureSessionStartHook(targetDir);
-  configureStatusLine(targetDir);
-  // Manage CLAUDE.md Prevention section
-  ensureClaudeMdSection(targetDir);
-  const commandCount = fs.existsSync(COMMANDS_DIR) ? fs.readdirSync(COMMANDS_DIR).filter(f => f.endsWith('.md')).length : 0;
-  const agentCount = fs.existsSync(AGENTS_DIR) ? fs.readdirSync(AGENTS_DIR).filter(f => f.endsWith('.md')).length : 0;
-  const mcpStatus = binaryPath ? 'MCP server' : 'MCP server (download failed — run npx @avesta-hq/prevention update to retry)';
-  console.log(`
-  ✅ Avesta Prevention ready!
-  Installed: ${commandCount} commands · ${agentCount} agents · ${mcpStatus}
-  Next steps:
-    1. Open Claude Code in this project
-    2. Run /avesta-help to see available commands
-    3. Run /avesta-vision to define what you're building
-  Docs: https://github.com/${GITHUB_RELEASES_REPO}
-`);
-}
-function update() {
-  const targetDir = process.cwd();
-  const binaryPath = downloadBinary(targetDir);
-  if (binaryPath) {
-    configureMcpServer(targetDir, binaryPath);
-    console.log('\n  ✅ MCP server updated successfully!\n');
-  } else {
-    console.error('\n  ✗ Update failed. Check your internet connection and try again.\n');
-    process.exit(1);
-  }
-}
-function serve() {
-  const packageRoot = path.join(__dirname, '..');
-  // Try compiled binary first (local dev)
-  const binaryPath = path.join(packageRoot, 'dist', 'prevention');
-  if (fs.existsSync(binaryPath)) {
-    const { execFileSync } = require('child_process');
-    try {
-      execFileSync(binaryPath, { stdio: 'inherit' });
-    } catch (e) {
-      process.exit(e.status || 1);
-    }
-    return;
-  }
-  // Fall back to source via tsx (local dev)
-  const mcpServerPath = path.join(packageRoot, 'src', 'mcp-server.ts');
-  if (fs.existsSync(mcpServerPath)) {
-    const { execFileSync } = require('child_process');
-    try {
-      execFileSync('npx', ['tsx', mcpServerPath], { stdio: 'inherit' });
-    } catch (e) {
-      process.exit(e.status || 1);
-    }
-    return;
-  }
-  console.error('✗ No MCP server binary or source found');
-  console.error('  Run: npx @avesta-hq/prevention update');
-  process.exit(1);
-}
-// Main
 switch (command) {
   case 'init':
-    init();
+    require('./lib/init').init();
     break;
   case 'update':
-    update();
+    require('./lib/init').update();
     break;
   case 'serve':
-    serve();
+    require('./lib/init').serve();
     break;
   case 'session-start':
-    sessionStart();
+    require('./lib/session-start').sessionStart();
+    break;
+  case 'hook':
+    switch (args[1]) {
+      case 'pre-tool-use':
+        require('./lib/hooks').hookPreToolUse();
+        break;
+      case 'prompt-submit':
+        require('./lib/hooks').hookPromptSubmit();
+        break;
+      default:
+        console.error(`Unknown hook: ${args[1]}`);
+        process.exit(1);
+    }
     break;
   case 'help':
   case '--help':

package/bin/lib/banner.js ADDED Viewed

@@ -0,0 +1,132 @@
+const { getVersion, getLicenseTier } = require('./utils');
+const BOX_WIDTH = 57;
+function boxLine(text) {
+  const visualLen = [...text].length;
+  const padding = Math.max(0, BOX_WIDTH - visualLen);
+  return `│ ${text}${' '.repeat(padding)} │`;
+}
+function boxTop() { return '┌' + '─'.repeat(BOX_WIDTH + 2) + '┐'; }
+function boxMid() { return '├' + '─'.repeat(BOX_WIDTH + 2) + '┤'; }
+function boxBot() { return '└' + '─'.repeat(BOX_WIDTH + 2) + '┘'; }
+function boxEmpty() { return boxLine(''); }
+function generateWelcomeBanner() {
+  const version = getVersion();
+  const tier = getLicenseTier();
+  return [
+    '',
+    boxTop(),
+    boxEmpty(),
+    boxLine('  ◆  A V E S T A H Q   P R E V E N T I O N'),
+    boxLine('     Continuous Delivery as a Learning System'),
+    boxEmpty(),
+    boxLine(`     v${version}  ·  ${tier.toUpperCase()} tier  ·  AvestaHQ`),
+    boxEmpty(),
+    boxMid(),
+    boxEmpty(),
+    boxLine('  Get started:'),
+    boxLine('    /avesta-init [backend|frontend]   Init workflow'),
+    boxLine('    /avesta-scaffold                  New project'),
+    boxLine('    /avesta-help                      All commands'),
+    boxEmpty(),
+    boxLine('  Workflow:'),
+    boxLine('    vision -> plan -> atdd -> tdd -> review -> ship'),
+    boxEmpty(),
+    boxBot(),
+    '',
+  ].join('\n');
+}
+function generateStatusBanner(state) {
+  const phase = state.current_phase || 'idle';
+  const feature = state.feature || '(none)';
+  const gates = state.gates || {};
+  const changeType = state.change_type || 'feature';
+  const tddState = state.tdd_state;
+  const mode = state.mode || 'normal';
+  const GATE_ORDER = [
+    'vision_approved', 'plan_approved', 'atdd_approved',
+    'characterization_complete', 'tdd_complete', 'driver_complete', 'review_approved',
+  ];
+  const GATE_LABELS = {
+    vision_approved: 'Vision', plan_approved: 'Plan', atdd_approved: 'ATDD',
+    characterization_complete: 'Characterization', tdd_complete: 'TDD',
+    driver_complete: 'Driver', review_approved: 'Review',
+  };
+  const CHANGE_TYPE_GATES = {
+    feature: GATE_ORDER,
+    bug_fix: ['plan_approved', 'tdd_complete', 'review_approved'],
+    enhancement: ['plan_approved', 'atdd_approved', 'tdd_complete', 'driver_complete', 'review_approved'],
+    tech_debt: ['plan_approved', 'characterization_complete', 'tdd_complete', 'review_approved'],
+  };
+  const requiredGates = CHANGE_TYPE_GATES[changeType] || GATE_ORDER;
+  let passedCount = 0;
+  for (const g of requiredGates) {
+    if (gates[g] === true) passedCount++;
+  }
+  const totalGates = requiredGates.length;
+  const GATE_NEXT_ACTIONS = {
+    vision_approved: 'Define product vision -> /avesta-vision',
+    plan_approved: 'Create feature plan -> /avesta-plan',
+    atdd_approved: 'Write acceptance tests -> /avesta-acceptance-test',
+    tdd_complete: 'Complete TDD cycles -> /avesta-red, /avesta-green, /avesta-refactor or /avesta-layer (all-tests-first per layer)',
+    driver_complete: 'Implement protocol drivers -> /avesta-driver',
+    review_approved: 'Code review -> /avesta-code-review',
+  };
+  let nextAction = 'Ship the feature -> /avesta-ship';
+  for (const g of requiredGates) {
+    if (gates[g] !== true) {
+      nextAction = GATE_NEXT_ACTIONS[g] || `Complete ${g}`;
+      break;
+    }
+  }
+  const version = getVersion();
+  const tier = getLicenseTier();
+  const progressPct = totalGates > 0 ? Math.round((passedCount / totalGates) * 100) : 0;
+  const barTotal = 20;
+  const barFilled = Math.round((passedCount / totalGates) * barTotal);
+  const progressBar = '#'.repeat(barFilled) + '-'.repeat(barTotal - barFilled);
+  const PHASES = ['vision', 'plan', 'atdd', 'tdd', 'driver', 'review', 'ship'];
+  const phaseDisplay = PHASES.map(p => p === phase ? `[${p.toUpperCase()}]` : p).join(' > ');
+  const tags = [];
+  if (mode === 'spike') tags.push('SPIKE');
+  if (changeType && changeType !== 'feature') tags.push(changeType.toUpperCase().replace('_', ' '));
+  if (phase === 'tdd' && tddState) tags.push(`${tddState.cycle.toUpperCase()} (${tddState.test_count} tests)`);
+  const tagLine = tags.length > 0 ? `  ${tags.map(t => `[${t}]`).join(' ')}` : '';
+  const gateIcons = requiredGates.map(g => gates[g] === true ? '[x]' : '[ ]').join(' ');
+  return [
+    '',
+    boxTop(),
+    boxLine('  ◆  A V E S T A H Q   P R E V E N T I O N'),
+    boxLine(`     v${version}  ·  ${tier.toUpperCase()} tier  ·  AvestaHQ`),
+    boxMid(),
+    boxLine(`  Feature:  ${feature.substring(0, 44)}`),
+    boxLine(`  Phase:    ${phase.toUpperCase()}${tagLine}`),
+    boxLine(`  Progress: [${progressBar}] ${progressPct}%`),
+    boxLine(`  Gates:    ${passedCount}/${totalGates} ${gateIcons}`),
+    boxMid(),
+    boxLine(`  ${phaseDisplay}`),
+    boxMid(),
+    boxLine(`  Next: ${nextAction.substring(0, 48)}`),
+    boxBot(),
+    '',
+  ].join('\n');
+}
+module.exports = { generateWelcomeBanner, generateStatusBanner };

package/bin/lib/hooks.js ADDED Viewed

@@ -0,0 +1,104 @@
+/**
+ * Hook Handlers
+ *
+ * Dumb enforcers that read the policy file generated by the MCP server.
+ * All business logic (phase rules, gate checks) lives in the MCP server's
+ * PolicyGenerator — hooks just apply the pre-computed allow/deny decisions.
+ */
+const fs = require('fs');
+const path = require('path');
+function readPolicy(cwd) {
+  const policyPath = path.join(cwd, '.avesta', 'hook-policy.json');
+  if (!fs.existsSync(policyPath)) return null;
+  try {
+    return JSON.parse(fs.readFileSync(policyPath, 'utf-8'));
+  } catch {
+    return null;
+  }
+}
+function matchesPattern(filePath, pattern) {
+  // Convert glob-like pattern to regex
+  const regex = pattern
+    .replace(/\./g, '\\.')
+    .replace(/\*\*/g, '§§')    // placeholder for **
+    .replace(/\*/g, '[^/]*')    // * = anything except /
+    .replace(/§§/g, '.*');      // ** = anything including /
+  return new RegExp(regex).test(filePath);
+}
+// ── PreToolUse Hook ───────────────────────────────────────────────
+function hookPreToolUse() {
+  try {
+    const data = JSON.parse(fs.readFileSync(0, 'utf8'));
+    const { tool_name: toolName, tool_input: toolInput = {}, cwd = process.cwd() } = data;
+    const policy = readPolicy(cwd);
+    if (!policy) process.exit(0); // No policy = fail-open
+    // Edit / Write enforcement
+    if (toolName === 'Edit' || toolName === 'Write') {
+      const editPolicy = policy.edit_policy;
+      if (!editPolicy || editPolicy.allow_all) process.exit(0);
+      const filePath = toolInput.file_path || '';
+      const allowed = editPolicy.allow_patterns.some(p => matchesPattern(filePath, p));
+      if (!allowed) {
+        process.stderr.write(editPolicy.block_message || '⛔ Prevention: Edit blocked by policy.\n');
+        process.exit(2);
+      }
+      process.exit(0);
+    }
+    // Bash enforcement
+    if (toolName === 'Bash') {
+      const bashPolicy = policy.bash_policy;
+      if (!bashPolicy || !bashPolicy.blocked_commands) process.exit(0);
+      const command = toolInput.command || '';
+      for (const rule of bashPolicy.blocked_commands) {
+        if (new RegExp(rule.pattern).test(command)) {
+          process.stderr.write(rule.message || '⛔ Prevention: Command blocked by policy.\n');
+          process.exit(2);
+        }
+      }
+      process.exit(0);
+    }
+    process.exit(0);
+  } catch {
+    process.exit(0); // Fail-open
+  }
+}
+// ── UserPromptSubmit Hook ─────────────────────────────────────────
+function hookPromptSubmit() {
+  try {
+    const data = JSON.parse(fs.readFileSync(0, 'utf8'));
+    const cwd = data.cwd || process.cwd();
+    const policy = readPolicy(cwd);
+    if (!policy) {
+      process.stdout.write(JSON.stringify({
+        additionalContext:
+          '[Prevention] Workflow not initialized. ' +
+          'Run /avesta-init to enable TDD/CD enforcement, or proceed without it.',
+      }));
+      process.exit(0);
+    }
+    if (policy.prompt_context) {
+      process.stdout.write(JSON.stringify({ additionalContext: policy.prompt_context }));
+    }
+    process.exit(0);
+  } catch {
+    process.exit(0);
+  }
+}
+module.exports = { hookPreToolUse, hookPromptSubmit };

package/bin/lib/init.js ADDED Viewed

@@ -0,0 +1,88 @@
+const fs = require('fs');
+const path = require('path');
+const { COMMANDS_DIR, AGENTS_DIR, AVESTA_DIR, GITHUB_RELEASES_REPO, copyDir, downloadBinary } = require('./utils');
+const { configureMcpServer, configureSessionStartHook, configureEnforcementHooks, configureStatusLine, ensureClaudeMdSection } = require('./settings');
+function init() {
+  const targetDir = process.cwd();
+  const claudeDir = path.join(targetDir, '.claude');
+  if (!fs.existsSync(claudeDir)) {
+    fs.mkdirSync(claudeDir, { recursive: true });
+  }
+  if (fs.existsSync(COMMANDS_DIR)) {
+    copyDir(COMMANDS_DIR, path.join(claudeDir, 'commands'));
+  } else {
+    console.error('✗ Commands directory not found');
+    process.exit(1);
+  }
+  if (fs.existsSync(AGENTS_DIR)) {
+    copyDir(AGENTS_DIR, path.join(claudeDir, 'agents'));
+  }
+  if (fs.existsSync(AVESTA_DIR)) {
+    copyDir(AVESTA_DIR, path.join(targetDir, '.avesta'));
+  }
+  const binaryPath = downloadBinary(targetDir);
+  configureMcpServer(targetDir, binaryPath);
+  configureSessionStartHook(targetDir);
+  configureEnforcementHooks(targetDir);
+  configureStatusLine(targetDir);
+  ensureClaudeMdSection(targetDir);
+  const commandCount = fs.existsSync(COMMANDS_DIR) ? fs.readdirSync(COMMANDS_DIR).filter(f => f.endsWith('.md')).length : 0;
+  const agentCount = fs.existsSync(AGENTS_DIR) ? fs.readdirSync(AGENTS_DIR).filter(f => f.endsWith('.md')).length : 0;
+  const mcpStatus = binaryPath ? 'MCP server' : 'MCP server (download failed — run npx @avesta-hq/prevention update to retry)';
+  console.log(`
+  ✅ Avesta Prevention ready!
+  Installed: ${commandCount} commands · ${agentCount} agents · ${mcpStatus}
+  Next steps:
+    1. Open Claude Code in this project
+    2. Run /avesta-help to see available commands
+    3. Run /avesta-vision to define what you're building
+  Docs: https://github.com/${GITHUB_RELEASES_REPO}
+`);
+}
+function update() {
+  const targetDir = process.cwd();
+  const binaryPath = downloadBinary(targetDir);
+  if (binaryPath) {
+    configureMcpServer(targetDir, binaryPath);
+    console.log('\n  ✅ MCP server updated successfully!\n');
+  } else {
+    console.error('\n  ✗ Update failed. Check your internet connection and try again.\n');
+    process.exit(1);
+  }
+}
+function serve() {
+  const { PACKAGE_ROOT } = require('./utils');
+  const binaryPath = path.join(PACKAGE_ROOT, 'dist', 'prevention');
+  if (fs.existsSync(binaryPath)) {
+    const { execFileSync } = require('child_process');
+    try { execFileSync(binaryPath, { stdio: 'inherit' }); } catch (e) { process.exit(e.status || 1); }
+    return;
+  }
+  const mcpServerPath = path.join(PACKAGE_ROOT, 'src', 'mcp-server.ts');
+  if (fs.existsSync(mcpServerPath)) {
+    const { execFileSync } = require('child_process');
+    try { execFileSync('npx', ['tsx', mcpServerPath], { stdio: 'inherit' }); } catch (e) { process.exit(e.status || 1); }
+    return;
+  }
+  console.error('✗ No MCP server binary or source found');
+  console.error('  Run: npx @avesta-hq/prevention update');
+  process.exit(1);
+}
+module.exports = { init, update, serve };

package/bin/lib/session-start.js ADDED Viewed

@@ -0,0 +1,34 @@
+const fs = require('fs');
+const path = require('path');
+const { COMMANDS_DIR, AGENTS_DIR, copyDir, readWorkflowState } = require('./utils');
+const { generateWelcomeBanner, generateStatusBanner } = require('./banner');
+function syncFiles() {
+  const cwd = process.cwd();
+  const claudeDir = path.join(cwd, '.claude');
+  const mcpJsonPath = path.join(cwd, '.mcp.json');
+  if (!fs.existsSync(claudeDir) || !fs.existsSync(mcpJsonPath)) return;
+  try {
+    const cfg = JSON.parse(fs.readFileSync(mcpJsonPath, 'utf8'));
+    if (!cfg?.mcpServers?.['prevention']) return;
+  } catch { return; }
+  if (fs.existsSync(COMMANDS_DIR)) copyDir(COMMANDS_DIR, path.join(claudeDir, 'commands'));
+  if (fs.existsSync(AGENTS_DIR)) copyDir(AGENTS_DIR, path.join(claudeDir, 'agents'));
+}
+function sessionStart() {
+  try {
+    syncFiles();
+    const cwd = process.cwd();
+    const state = readWorkflowState(cwd);
+    const banner = state ? generateStatusBanner(state) : generateWelcomeBanner();
+    process.stdout.write(JSON.stringify({ additionalContext: banner }));
+    process.exit(0);
+  } catch {
+    process.exit(0);
+  }
+}
+module.exports = { sessionStart };

package/bin/lib/settings.js ADDED Viewed

@@ -0,0 +1,173 @@
+const fs = require('fs');
+const path = require('path');
+const { isInsideNodeModules, escapeRegExp } = require('./utils');
+const PREVENTION_SECTION_START = '<!-- prevention:start -->';
+const PREVENTION_SECTION_END = '<!-- prevention:end -->';
+const PREVENTION_CLAUDE_MD_SECTION = `${PREVENTION_SECTION_START}
+## Prevention — MCP Server Integration
+This project uses [Prevention](https://github.com/avesta-hq/prevention) as an MCP server for XP/CD workflow enforcement.
+**When starting work:**
+1. Run \`/avesta-help\` to see current status and next steps
+2. The workflow tracks your phase (vision → plan → atdd → tdd → review → ship)
+3. Gates enforce that prerequisites are met before advancing
+**Key commands:**
+- \`/avesta-plan <feature>\` — Break feature into TDD-ready tasks
+- \`/avesta-red <behavior>\` — Write ONE failing test
+- \`/avesta-green\` — Minimal code to make it pass
+- \`/avesta-refactor\` — Improve structure (tests must stay green)
+- \`/avesta-code-review\` — Domain-specific code review
+- \`/avesta-commit\` — Conventional commit
+- \`/avesta-ship\` — Merge to main
+Run \`/avesta-help\` for the full command list.
+${PREVENTION_SECTION_END}`;
+// ── Helpers ───────────────────────────────────────────────────────
+function readSettings(targetDir) {
+  const settingsPath = path.join(targetDir, '.claude', 'settings.json');
+  if (!fs.existsSync(settingsPath)) return {};
+  try {
+    return JSON.parse(fs.readFileSync(settingsPath, 'utf8'));
+  } catch {
+    return {};
+  }
+}
+function writeSettings(targetDir, settings) {
+  const claudeDir = path.join(targetDir, '.claude');
+  if (!fs.existsSync(claudeDir)) {
+    fs.mkdirSync(claudeDir, { recursive: true });
+  }
+  fs.writeFileSync(
+    path.join(claudeDir, 'settings.json'),
+    JSON.stringify(settings, null, 2) + '\n'
+  );
+}
+function findCliCommand(subcommand) {
+  if (isInsideNodeModules()) {
+    return `npx @avesta-hq/prevention ${subcommand}`;
+  }
+  return `node ${path.resolve(__dirname, '..', 'cli.js')} ${subcommand}`;
+}
+// ── Configurators ─────────────────────────────────────────────────
+function configureSessionStartHook(targetDir) {
+  const settings = readSettings(targetDir);
+  if (!settings.hooks) settings.hooks = {};
+  const command = findCliCommand('session-start');
+  const existing = settings.hooks.SessionStart || [];
+  const alreadyConfigured = existing.some(entry =>
+    entry.hooks && entry.hooks.some(h => h.command && h.command.includes('prevention session-start'))
+  );
+  if (!alreadyConfigured) {
+    settings.hooks.SessionStart = [
+      ...existing,
+      { matcher: '', hooks: [{ type: 'command', command }] },
+    ];
+  }
+  writeSettings(targetDir, settings);
+}
+function configureEnforcementHooks(targetDir) {
+  const settings = readSettings(targetDir);
+  if (!settings.hooks) settings.hooks = {};
+  const preToolUseCmd = findCliCommand('hook pre-tool-use');
+  const promptSubmitCmd = findCliCommand('hook prompt-submit');
+  // PreToolUse: remove old prevention hooks, add fresh ones
+  const existing = (settings.hooks.PreToolUse || []).filter(entry =>
+    !(entry.hooks && entry.hooks.some(h => h.command && h.command.includes('prevention hook')))
+  );
+  existing.push(
+    { matcher: 'Edit|Write', hooks: [{ type: 'command', command: preToolUseCmd }] },
+    { matcher: 'Bash', hooks: [{ type: 'command', command: preToolUseCmd }] },
+  );
+  settings.hooks.PreToolUse = existing;
+  // UserPromptSubmit
+  const promptHooks = settings.hooks.UserPromptSubmit || [];
+  const promptConfigured = promptHooks.some(entry =>
+    entry.hooks && entry.hooks.some(h => h.command && h.command.includes('prevention hook prompt-submit'))
+  );
+  if (!promptConfigured) {
+    promptHooks.push({ matcher: '', hooks: [{ type: 'command', command: promptSubmitCmd }] });
+    settings.hooks.UserPromptSubmit = promptHooks;
+  }
+  writeSettings(targetDir, settings);
+  console.log('  ✓ Configured workflow enforcement hooks (PreToolUse, UserPromptSubmit)');
+}
+function configureStatusLine(targetDir) {
+  const statusLineSrc = path.join(targetDir, '.avesta', 'statusLine.js');
+  if (!fs.existsSync(statusLineSrc)) return;
+  const settings = readSettings(targetDir);
+  settings.statusLine = { type: 'command', command: `node ${statusLineSrc}` };
+  writeSettings(targetDir, settings);
+}
+function configureMcpServer(targetDir, binaryPath) {
+  const mcpJsonPath = path.join(targetDir, '.mcp.json');
+  let mcpConfig = {};
+  if (fs.existsSync(mcpJsonPath)) {
+    try { mcpConfig = JSON.parse(fs.readFileSync(mcpJsonPath, 'utf8')); } catch { mcpConfig = {}; }
+  }
+  if (!mcpConfig.mcpServers) mcpConfig.mcpServers = {};
+  if (binaryPath) {
+    mcpConfig.mcpServers['prevention'] = { command: path.resolve(binaryPath) };
+  } else {
+    mcpConfig.mcpServers['prevention'] = { command: 'npx', args: ['@avesta-hq/prevention', 'serve'] };
+  }
+  fs.writeFileSync(mcpJsonPath, JSON.stringify(mcpConfig, null, 2) + '\n');
+}
+function ensureClaudeMdSection(targetDir) {
+  const claudeMdPath = path.join(targetDir, 'CLAUDE.md');
+  if (!fs.existsSync(claudeMdPath)) {
+    fs.writeFileSync(claudeMdPath, PREVENTION_CLAUDE_MD_SECTION + '\n', 'utf-8');
+    console.log('  ✓ Created CLAUDE.md with Prevention section');
+    return;
+  }
+  const content = fs.readFileSync(claudeMdPath, 'utf-8');
+  if (content.includes(PREVENTION_SECTION_START)) {
+    const regex = new RegExp(
+      escapeRegExp(PREVENTION_SECTION_START) + '[\\s\\S]*?' + escapeRegExp(PREVENTION_SECTION_END), 'm'
+    );
+    fs.writeFileSync(claudeMdPath, content.replace(regex, PREVENTION_CLAUDE_MD_SECTION), 'utf-8');
+    console.log('  ✓ Updated Prevention section in CLAUDE.md');
+    return;
+  }
+  const separator = content.endsWith('\n') ? '\n' : '\n\n';
+  fs.writeFileSync(claudeMdPath, content + separator + PREVENTION_CLAUDE_MD_SECTION + '\n', 'utf-8');
+  console.log('  ✓ Added Prevention section to CLAUDE.md');
+}
+module.exports = {
+  configureSessionStartHook,
+  configureEnforcementHooks,
+  configureStatusLine,
+  configureMcpServer,
+  ensureClaudeMdSection,
+};

package/bin/lib/utils.js ADDED Viewed

@@ -0,0 +1,131 @@
+const fs = require('fs');
+const path = require('path');
+const { execSync } = require('child_process');
+const PACKAGE_ROOT = path.join(__dirname, '..', '..');
+const COMMANDS_DIR = path.join(PACKAGE_ROOT, '.claude', 'commands');
+const AGENTS_DIR = path.join(PACKAGE_ROOT, '.claude', 'agents');
+const AVESTA_DIR = path.join(PACKAGE_ROOT, '.avesta');
+const GITHUB_RELEASES_REPO = 'avesta-hq/prevention-releases';
+function copyDir(src, dest) {
+  if (!fs.existsSync(dest)) {
+    fs.mkdirSync(dest, { recursive: true });
+  }
+  for (const entry of fs.readdirSync(src, { withFileTypes: true })) {
+    const srcPath = path.join(src, entry.name);
+    const destPath = path.join(dest, entry.name);
+    if (entry.isDirectory()) {
+      copyDir(srcPath, destPath);
+    } else {
+      fs.copyFileSync(srcPath, destPath);
+    }
+  }
+}
+function escapeRegExp(str) {
+  return str.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
+}
+function getVersion() {
+  try {
+    const pkg = JSON.parse(fs.readFileSync(path.join(PACKAGE_ROOT, 'package.json'), 'utf-8'));
+    return pkg.version || '0.0.0';
+  } catch {
+    return '0.0.0';
+  }
+}
+function getLicenseTier() {
+  try {
+    const cachePath = path.join(require('os').homedir(), '.avesta', 'license-cache.json');
+    if (fs.existsSync(cachePath)) {
+      const cache = JSON.parse(fs.readFileSync(cachePath, 'utf-8'));
+      if (cache.tier && cache.tier !== 'free') return cache.tier;
+    }
+  } catch {}
+  return 'free';
+}
+function isInsideNodeModules() {
+  return __dirname.includes('node_modules');
+}
+function readWorkflowState(cwd) {
+  const statePath = path.join(cwd, '.avesta', 'workflow-state.json');
+  if (!fs.existsSync(statePath)) return null;
+  try {
+    return JSON.parse(fs.readFileSync(statePath, 'utf-8'));
+  } catch {
+    return null;
+  }
+}
+function getPlatformBinaryName() {
+  const { platform, arch } = process;
+  if (platform === 'linux' && arch === 'x64') return 'prevention-linux-x64';
+  if (platform === 'darwin' && arch === 'arm64') return 'prevention-darwin-arm64';
+  if (platform === 'darwin' && arch === 'x64') return 'prevention-darwin-x64';
+  return null;
+}
+function getLatestVersion() {
+  try {
+    const result = execSync(
+      `curl -sI "https://github.com/${GITHUB_RELEASES_REPO}/releases/latest" | grep -i ^location:`,
+      { encoding: 'utf8', timeout: 10000 }
+    );
+    const match = result.match(/\/tag\/(v[^\s\r\n]+)/);
+    return match ? match[1] : null;
+  } catch {
+    return null;
+  }
+}
+function downloadBinary(targetDir) {
+  const binaryName = getPlatformBinaryName();
+  if (!binaryName) {
+    console.error(`  ⚠ Unsupported platform: ${process.platform}-${process.arch}`);
+    console.error(`    Supported: linux-x64, darwin-arm64, darwin-x64`);
+    return null;
+  }
+  const binDir = path.join(targetDir, '.avesta', 'bin');
+  const binaryPath = path.join(binDir, 'prevention');
+  const version = getLatestVersion();
+  if (!version) {
+    console.error('  ⚠ Could not determine latest release version');
+    return null;
+  }
+  const url = `https://github.com/${GITHUB_RELEASES_REPO}/releases/download/${version}/${binaryName}`;
+  if (!fs.existsSync(binDir)) {
+    fs.mkdirSync(binDir, { recursive: true });
+  }
+  try {
+    console.log(`  Downloading MCP server (${version}, ${process.platform}-${process.arch})...`);
+    execSync(`curl -sL "${url}" -o "${binaryPath}"`, { timeout: 60000 });
+    fs.chmodSync(binaryPath, 0o755);
+    return binaryPath;
+  } catch (e) {
+    console.error(`  ⚠ Failed to download binary from ${url}`);
+    return null;
+  }
+}
+module.exports = {
+  PACKAGE_ROOT,
+  COMMANDS_DIR,
+  AGENTS_DIR,
+  AVESTA_DIR,
+  GITHUB_RELEASES_REPO,
+  copyDir,
+  escapeRegExp,
+  getVersion,
+  getLicenseTier,
+  isInsideNodeModules,
+  readWorkflowState,
+  downloadBinary,
+};

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@avesta-hq/prevention",
-  "version": "0.1.0",
+  "version": "0.2.0",
   "description": "XP/CD development agent commands for Claude Code - achieve Elite DORA metrics through disciplined TDD and Continuous Delivery practices",
   "keywords": [
     "claude-code",
@@ -38,7 +38,7 @@
   "scripts": {
     "build": "tsc",
     "dev": "tsx src/mcp-server.ts",
-    "test": "echo 'No tests yet'",
+    "test": "jest",
     "test:evals": "cd src/_deprecated/evals && python -m pytest test_cases/orchestrator/ -v",
     "prebuild:assets": "tsx scripts/embed-assets.ts",
     "build:binary": "npm run prebuild:assets && bun build src/mcp-server.ts --compile --outfile dist/prevention",
@@ -52,7 +52,10 @@
     "zod": "^4.3.5"
   },
   "devDependencies": {
+    "@types/jest": "^30.0.0",
     "@types/node": "^25.0.5",
+    "jest": "^30.3.0",
+    "ts-jest": "^29.4.6",
     "tsx": "^4.21.0",
     "typescript": "^5.9.3"
   }