@bhargavvc/sdd-cc 1.30.0

package/hooks/dist/sdd-workflow-guard.js

@@ -0,0 +1,94 @@
+#!/usr/bin/env node
+// sdd-hook-version: {{SDD_VERSION}}
+// SDD Workflow Guard — PreToolUse hook
+// Detects when Claude attempts file edits outside a SDD workflow context
+// (no active /sdd: command or Task subagent) and injects an advisory warning.
+//
+// This is a SOFT guard — it advises, not blocks. The edit still proceeds.
+// The warning nudges Claude to use /sdd:quick or /sdd:fast instead of
+// making direct edits that bypass state tracking.
+//
+// Enable via config: hooks.workflow_guard: true (default: false)
+// Only triggers on Write/Edit tool calls to non-.planning/ files.
+
+const fs = require('fs');
+const path = require('path');
+
+let input = '';
+const stdinTimeout = setTimeout(() => process.exit(0), 3000);
+process.stdin.setEncoding('utf8');
+process.stdin.on('data', chunk => input += chunk);
+process.stdin.on('end', () => {
+  clearTimeout(stdinTimeout);
+  try {
+    const data = JSON.parse(input);
+    const toolName = data.tool_name;
+
+    // Only guard Write and Edit tool calls
+    if (toolName !== 'Write' && toolName !== 'Edit') {
+      process.exit(0);
+    }
+
+    // Check if we're inside a SDD workflow (Task subagent or /sdd: command)
+    // Subagents have a session_id that differs from the parent
+    // and typically have a description field set by the orchestrator
+    if (data.tool_input?.is_subagent || data.session_type === 'task') {
+      process.exit(0);
+    }
+
+    // Check the file being edited
+    const filePath = data.tool_input?.file_path || data.tool_input?.path || '';
+
+    // Allow edits to .planning/ files (SDD state management)
+    if (filePath.includes('.planning/') || filePath.includes('.planning\\')) {
+      process.exit(0);
+    }
+
+    // Allow edits to common config/docs files that don't need SDD tracking
+    const allowedPatterns = [
+      /\.gitignore$/,
+      /\.env/,
+      /CLAUDE\.md$/,
+      /AGENTS\.md$/,
+      /GEMINI\.md$/,
+      /settings\.json$/,
+    ];
+    if (allowedPatterns.some(p => p.test(filePath))) {
+      process.exit(0);
+    }
+
+    // Check if workflow guard is enabled
+    const cwd = data.cwd || process.cwd();
+    const configPath = path.join(cwd, '.planning', 'config.json');
+    if (fs.existsSync(configPath)) {
+      try {
+        const config = JSON.parse(fs.readFileSync(configPath, 'utf8'));
+        if (!config.hooks?.workflow_guard) {
+          process.exit(0); // Guard disabled (default)
+        }
+      } catch (e) {
+        process.exit(0);
+      }
+    } else {
+      process.exit(0); // No SDD project — don't guard
+    }
+
+    // If we get here: SDD project, guard enabled, file edit outside .planning/,
+    // not in a subagent context. Inject advisory warning.
+    const output = {
+      hookSpecificOutput: {
+        hookEventName: "PreToolUse",
+        additionalContext: `⚠️ WORKFLOW ADVISORY: You're editing ${path.basename(filePath)} directly without a SDD command. ` +
+          'This edit will not be tracked in STATE.md or produce a SUMMARY.md. ' +
+          'Consider using /sdd:fast for trivial fixes or /sdd:quick for larger changes ' +
+          'to maintain project state tracking. ' +
+          'If this is intentional (e.g., user explicitly asked for a direct edit), proceed normally.'
+      }
+    };
+
+    process.stdout.write(JSON.stringify(output));
+  } catch (e) {
+    // Silent fail — never block tool execution
+    process.exit(0);
+  }
+});

package/package.json

@@ -0,0 +1,55 @@
+{
+  "name": "@bhargavvc/sdd-cc",
+  "version": "1.30.0",
+  "description": "A meta-prompting, context engineering and spec-driven development system for Claude Code, OpenCode, Gemini and Codex by TÂCHES.",
+  "bin": {
+    "sdd-cc": "bin/install.js"
+  },
+  "files": [
+    "bin",
+    "commands",
+    "sdd",
+    "agents",
+    "hooks/dist",
+    "scripts"
+  ],
+  "keywords": [
+    "claude",
+    "claude-code",
+    "ai",
+    "meta-prompting",
+    "context-engineering",
+    "spec-driven-development",
+    "gemini",
+    "gemini-cli",
+    "codex",
+    "codex-cli"
+  ],
+  "author": "TÂCHES",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/bhargavvc/sdd-cc.git"
+  },
+  "homepage": "https://github.com/bhargavvc/sdd-cc",
+  "bugs": {
+    "url": "https://github.com/bhargavvc/sdd-cc/issues"
+  },
+  "engines": {
+    "node": ">=20.0.0"
+  },
+  "devDependencies": {
+    "c8": "^11.0.0",
+    "esbuild": "^0.24.0",
+    "vitest": "^4.1.2"
+  },
+  "scripts": {
+    "build:hooks": "node scripts/build-hooks.js",
+    "prepublishOnly": "npm run build:hooks",
+    "test": "node scripts/run-tests.cjs",
+    "test:coverage": "c8 --check-coverage --lines 70 --reporter text --include 'sdd/bin/lib/*.cjs' --exclude 'tests/**' --all node scripts/run-tests.cjs"
+  },
+  "publishConfig": {
+    "access": "public"
+  }
+}

package/scripts/base64-scan.sh

@@ -0,0 +1,262 @@
+#!/usr/bin/env bash
+# base64-scan.sh — Detect base64-obfuscated prompt injection in source files
+#
+# Extracts base64 blobs >= 40 chars, decodes them, and checks decoded content
+# against the same injection patterns used by prompt-injection-scan.sh.
+#
+# Usage:
+#   scripts/base64-scan.sh --diff origin/main   # CI mode: scan changed files
+#   scripts/base64-scan.sh --file path/to/file   # Scan a single file
+#   scripts/base64-scan.sh --dir agents/          # Scan all files in a directory
+#
+# Exit codes:
+#   0 = clean
+#   1 = findings detected
+#   2 = usage error
+set -euo pipefail
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+MIN_BLOB_LENGTH=40
+
+# ─── Injection Patterns (decoded content) ────────────────────────────────────
+# Subset of patterns — if someone base64-encoded something, check for the
+# most common injection indicators.
+DECODED_PATTERNS=(
+  'ignore[[:space:]]+(all[[:space:]]+)?previous[[:space:]]+instructions'
+  'you[[:space:]]+are[[:space:]]+now[[:space:]]+'
+  'system[[:space:]]+prompt'
+  '</?system>'
+  '</?assistant>'
+  '\[SYSTEM\]'
+  '\[INST\]'
+  '<<SYS>>'
+  'override[[:space:]]+(system|safety|security)'
+  'pretend[[:space:]]+(you|to)[[:space:]]'
+  'act[[:space:]]+as[[:space:]]+(a|an|if)'
+  'jailbreak'
+  'bypass[[:space:]]+(safety|content|security)'
+  'eval[[:space:]]*\('
+  'exec[[:space:]]*\('
+  'rm[[:space:]]+-rf'
+  'curl[[:space:]].*\|[[:space:]]*sh'
+  'wget[[:space:]].*\|[[:space:]]*sh'
+)
+
+# ─── Ignorelist ──────────────────────────────────────────────────────────────
+
+IGNOREFILE=".base64scanignore"
+IGNORED_PATTERNS=()
+
+load_ignorelist() {
+  if [[ -f "$IGNOREFILE" ]]; then
+    while IFS= read -r line; do
+      # Skip comments and empty lines
+      [[ "$line" =~ ^[[:space:]]*# ]] && continue
+      [[ -z "${line// }" ]] && continue
+      IGNORED_PATTERNS+=("$line")
+    done < "$IGNOREFILE"
+  fi
+}
+
+is_ignored() {
+  local blob="$1"
+  if [[ ${#IGNORED_PATTERNS[@]} -eq 0 ]]; then
+    return 1
+  fi
+  for pattern in "${IGNORED_PATTERNS[@]}"; do
+    if [[ "$blob" == "$pattern" ]]; then
+      return 0
+    fi
+  done
+  return 1
+}
+
+# ─── Skip Rules ──────────────────────────────────────────────────────────────
+
+should_skip_file() {
+  local file="$1"
+  # Skip binary files
+  case "$file" in
+    *.png|*.jpg|*.jpeg|*.gif|*.ico|*.woff|*.woff2|*.ttf|*.eot|*.otf) return 0 ;;
+    *.zip|*.tar|*.gz|*.bz2|*.xz|*.7z) return 0 ;;
+    *.pdf|*.doc|*.docx|*.xls|*.xlsx) return 0 ;;
+  esac
+  # Skip lockfiles and node_modules
+  case "$file" in
+    */node_modules/*) return 0 ;;
+    */package-lock.json) return 0 ;;
+    */yarn.lock) return 0 ;;
+    */pnpm-lock.yaml) return 0 ;;
+  esac
+  # Skip the scan scripts themselves and test files
+  case "$file" in
+    */base64-scan.sh) return 0 ;;
+    */security-scan.test.cjs) return 0 ;;
+  esac
+  return 1
+}
+
+is_data_uri() {
+  local context="$1"
+  # data:image/png;base64,... or data:application/font-woff;base64,...
+  echo "$context" | grep -qE 'data:[a-zA-Z]+/[a-zA-Z0-9.+-]+;base64,' 2>/dev/null
+}
+
+# ─── File Collection ─────────────────────────────────────────────────────────
+
+collect_files() {
+  local mode="$1"
+  shift
+
+  case "$mode" in
+    --diff)
+      local base="${1:-origin/main}"
+      git diff --name-only --diff-filter=ACMR "$base"...HEAD 2>/dev/null \
+        | grep -vE '\.(png|jpg|jpeg|gif|ico|woff|woff2|ttf|eot|otf|zip|tar|gz|pdf)$' || true
+      ;;
+    --file)
+      if [[ -f "$1" ]]; then
+        echo "$1"
+      else
+        echo "Error: file not found: $1" >&2
+        exit 2
+      fi
+      ;;
+    --dir)
+      local dir="$1"
+      if [[ ! -d "$dir" ]]; then
+        echo "Error: directory not found: $dir" >&2
+        exit 2
+      fi
+      find "$dir" -type f ! -path '*/node_modules/*' ! -path '*/.git/*' ! -path '*/dist/*' \
+        ! -name '*.png' ! -name '*.jpg' ! -name '*.gif' ! -name '*.woff*' 2>/dev/null || true
+      ;;
+    --stdin)
+      cat
+      ;;
+    *)
+      echo "Usage: $0 --diff [base] | --file <path> | --dir <path> | --stdin" >&2
+      exit 2
+      ;;
+  esac
+}
+
+# ─── Scanner ─────────────────────────────────────────────────────────────────
+
+extract_and_check_blobs() {
+  local file="$1"
+  local found=0
+  local line_num=0
+
+  while IFS= read -r line; do
+    line_num=$((line_num + 1))
+
+    # Skip data URIs — legitimate base64 usage
+    if is_data_uri "$line"; then
+      continue
+    fi
+
+    # Extract base64-like blobs (alphanumeric + / + = padding, >= MIN_BLOB_LENGTH)
+    local blobs
+    blobs=$(echo "$line" | grep -oE '[A-Za-z0-9+/]{'"$MIN_BLOB_LENGTH"',}={0,3}' 2>/dev/null || true)
+
+    if [[ -z "$blobs" ]]; then
+      continue
+    fi
+
+    while IFS= read -r blob; do
+      [[ -z "$blob" ]] && continue
+
+      # Check ignorelist
+      if [[ ${#IGNORED_PATTERNS[@]} -gt 0 ]] && is_ignored "$blob"; then
+        continue
+      fi
+
+      # Try to decode — if it fails, not valid base64
+      local decoded
+      decoded=$(echo "$blob" | base64 -d 2>/dev/null || echo "")
+
+      if [[ -z "$decoded" ]]; then
+        continue
+      fi
+
+      # Check if decoded content is mostly printable text (not random binary)
+      local printable_ratio
+      local total_chars=${#decoded}
+      if [[ $total_chars -eq 0 ]]; then
+        continue
+      fi
+
+      # Count printable ASCII characters
+      local printable_count
+      printable_count=$(echo -n "$decoded" | tr -cd '[:print:]' | wc -c | tr -d ' ')
+      # Skip if less than 70% printable (likely binary data, not obfuscated text)
+      if [[ $((printable_count * 100 / total_chars)) -lt 70 ]]; then
+        continue
+      fi
+
+      # Scan decoded content against injection patterns
+      for pattern in "${DECODED_PATTERNS[@]}"; do
+        if echo "$decoded" | grep -iqE "$pattern" 2>/dev/null; then
+          if [[ $found -eq 0 ]]; then
+            echo "FAIL: $file"
+            found=1
+          fi
+          echo "  line $line_num: base64 blob decodes to suspicious content"
+          echo "    blob: ${blob:0:60}..."
+          echo "    decoded: ${decoded:0:120}"
+          echo "    matched: $pattern"
+          break
+        fi
+      done
+    done <<< "$blobs"
+  done < "$file"
+
+  return $found
+}
+
+# ─── Main ────────────────────────────────────────────────────────────────────
+
+main() {
+  if [[ $# -eq 0 ]]; then
+    echo "Usage: $0 --diff [base] | --file <path> | --dir <path>" >&2
+    exit 2
+  fi
+
+  load_ignorelist
+
+  local mode="$1"
+  shift
+
+  local files
+  files=$(collect_files "$mode" "$@")
+
+  if [[ -z "$files" ]]; then
+    echo "base64-scan: no files to scan"
+    exit 0
+  fi
+
+  local total=0
+  local failed=0
+
+  while IFS= read -r file; do
+    [[ -z "$file" ]] && continue
+    if should_skip_file "$file"; then
+      continue
+    fi
+    total=$((total + 1))
+    if ! extract_and_check_blobs "$file"; then
+      failed=$((failed + 1))
+    fi
+  done <<< "$files"
+
+  echo ""
+  echo "base64-scan: scanned $total files, $failed with findings"
+
+  if [[ $failed -gt 0 ]]; then
+    exit 1
+  fi
+  exit 0
+}
+
+main "$@"

package/scripts/build-hooks.js

@@ -0,0 +1,82 @@
+#!/usr/bin/env node
+/**
+ * Copy SDD hooks to dist for installation.
+ * Validates JavaScript syntax before copying to prevent shipping broken hooks.
+ * See #1107, #1109, #1125, #1161 — a duplicate const declaration shipped
+ * in dist and caused PostToolUse hook errors for all users.
+ */
+
+const fs = require('fs');
+const path = require('path');
+const vm = require('vm');
+
+const HOOKS_DIR = path.join(__dirname, '..', 'hooks');
+const DIST_DIR = path.join(HOOKS_DIR, 'dist');
+
+// Hooks to copy (pure Node.js, no bundling needed)
+const HOOKS_TO_COPY = [
+  'sdd-check-update.js',
+  'sdd-context-monitor.js',
+  'sdd-prompt-guard.js',
+  'sdd-statusline.js',
+  'sdd-workflow-guard.js'
+];
+
+/**
+ * Validate JavaScript syntax without executing the file.
+ * Catches SyntaxError (duplicate const, missing brackets, etc.)
+ * before the hook gets shipped to users.
+ */
+function validateSyntax(filePath) {
+  const content = fs.readFileSync(filePath, 'utf8');
+  try {
+    // Use vm.compileFunction to check syntax without executing
+    new vm.Script(content, { filename: path.basename(filePath) });
+    return null; // No error
+  } catch (e) {
+    if (e instanceof SyntaxError) {
+      return e.message;
+    }
+    throw e;
+  }
+}
+
+function build() {
+  // Ensure dist directory exists
+  if (!fs.existsSync(DIST_DIR)) {
+    fs.mkdirSync(DIST_DIR, { recursive: true });
+  }
+
+  let hasErrors = false;
+
+  // Copy hooks to dist with syntax validation
+  for (const hook of HOOKS_TO_COPY) {
+    const src = path.join(HOOKS_DIR, hook);
+    const dest = path.join(DIST_DIR, hook);
+
+    if (!fs.existsSync(src)) {
+      console.warn(`Warning: ${hook} not found, skipping`);
+      continue;
+    }
+
+    // Validate syntax before copying
+    const syntaxError = validateSyntax(src);
+    if (syntaxError) {
+      console.error(`\x1b[31m✗ ${hook}: SyntaxError — ${syntaxError}\x1b[0m`);
+      hasErrors = true;
+      continue;
+    }
+
+    console.log(`\x1b[32m✓\x1b[0m Copying ${hook}...`);
+    fs.copyFileSync(src, dest);
+  }
+
+  if (hasErrors) {
+    console.error('\n\x1b[31mBuild failed: fix syntax errors above before publishing.\x1b[0m');
+    process.exit(1);
+  }
+
+  console.log('\nBuild complete.');
+}
+
+build();

package/scripts/prompt-injection-scan.sh

@@ -0,0 +1,198 @@
+#!/usr/bin/env bash
+# prompt-injection-scan.sh — Scan files for prompt injection patterns
+#
+# Usage:
+#   scripts/prompt-injection-scan.sh --diff origin/main   # CI mode: scan changed .md files
+#   scripts/prompt-injection-scan.sh --file path/to/file   # Scan a single file
+#   scripts/prompt-injection-scan.sh --dir agents/          # Scan all files in a directory
+#
+# Exit codes:
+#   0 = clean
+#   1 = findings detected
+#   2 = usage error
+set -euo pipefail
+
+# ─── Patterns ────────────────────────────────────────────────────────────────
+# Each pattern is a POSIX extended regex. Keep alphabetized by category.
+
+PATTERNS=(
+  # Instruction override
+  'ignore[[:space:]]+(all[[:space:]]+)?(previous|prior|above|earlier|preceding)[[:space:]]+(instructions|prompts|rules|directives|context)'
+  'disregard[[:space:]]+(all[[:space:]]+)?(previous|prior|above)[[:space:]]+(instructions|prompts|rules)'
+  'forget[[:space:]]+(all[[:space:]]+)?(previous|prior|above)[[:space:]]+(instructions|prompts|rules|context)'
+  'override[[:space:]]+(all[[:space:]]+)?(system|previous|safety)[[:space:]]+(instructions|prompts|rules|checks|filters|guards)'
+  'override[[:space:]]+(system|safety|security)[[:space:]]'
+
+  # Role manipulation
+  'you[[:space:]]+are[[:space:]]+now[[:space:]]+(a|an|my)[[:space:]]'
+  'from[[:space:]]+now[[:space:]]+on[[:space:]]+(you|pretend|act|behave)'
+  'pretend[[:space:]]+(you[[:space:]]+are|to[[:space:]]+be)[[:space:]]'
+  'act[[:space:]]+as[[:space:]]+(a|an|if|my)[[:space:]]'
+  'roleplay[[:space:]]+as[[:space:]]'
+  'assume[[:space:]]+the[[:space:]]+role[[:space:]]+of[[:space:]]'
+
+  # System prompt extraction
+  'output[[:space:]]+(your|the)[[:space:]]+(system[[:space:]]+)?(prompt|instructions)'
+  'reveal[[:space:]]+(your|the)[[:space:]]+(system[[:space:]]+)?(prompt|instructions)'
+  'show[[:space:]]+me[[:space:]]+(your|the)[[:space:]]+(system[[:space:]]+)?(prompt|instructions)'
+  'print[[:space:]]+(your|the)[[:space:]]+(system[[:space:]]+)?(prompt|instructions)'
+  'what[[:space:]]+(is|are)[[:space:]]+(your|the)[[:space:]]+(system[[:space:]]+)?(prompt|instructions)'
+  'repeat[[:space:]]+(your|the|all)[[:space:]]+(system[[:space:]]+)?(prompt|instructions|rules)'
+
+  # Fake message boundaries
+  '</?system>'
+  '</?assistant>'
+  '</?human>'
+  '\[SYSTEM\]'
+  '\[/SYSTEM\]'
+  '\[INST\]'
+  '\[/INST\]'
+  '<<SYS>>'
+  '<</SYS>>'
+
+  # Tool call injection / code execution in markdown
+  'eval[[:space:]]*\([[:space:]]*["\x27]'
+  'exec[[:space:]]*\([[:space:]]*["\x27]'
+  'Function[[:space:]]*\([[:space:]]*["\x27].*return'
+
+  # Jailbreak / DAN patterns
+  'do[[:space:]]+anything[[:space:]]+now'
+  'DAN[[:space:]]+mode'
+  'developer[[:space:]]+mode[[:space:]]+(enabled|output|activated)'
+  'jailbreak'
+  'bypass[[:space:]]+(safety|content|security)[[:space:]]+(filter|check|rule|guard)'
+)
+
+# ─── Allowlist ───────────────────────────────────────────────────────────────
+# Files that legitimately discuss injection patterns (security docs, tests, this script)
+ALLOWLIST=(
+  'scripts/prompt-injection-scan.sh'
+  'scripts/base64-scan.sh'
+  'scripts/secret-scan.sh'
+  'tests/security-scan.test.cjs'
+  'tests/security.test.cjs'
+  'tests/prompt-injection-scan.test.cjs'
+  'sdd/bin/lib/security.cjs'
+  'hooks/sdd-prompt-guard.js'
+  'SECURITY.md'
+)
+
+is_allowlisted() {
+  local file="$1"
+  for allowed in "${ALLOWLIST[@]}"; do
+    if [[ "$file" == *"$allowed" ]]; then
+      return 0
+    fi
+  done
+  return 1
+}
+
+# ─── File Collection ─────────────────────────────────────────────────────────
+
+collect_files() {
+  local mode="$1"
+  shift
+
+  case "$mode" in
+    --diff)
+      local base="${1:-origin/main}"
+      # Get changed files in the diff, filter to scannable extensions
+      git diff --name-only --diff-filter=ACMR "$base"...HEAD 2>/dev/null \
+        | grep -E '\.(md|cjs|js|json|yml|yaml|sh)$' || true
+      ;;
+    --file)
+      if [[ -f "$1" ]]; then
+        echo "$1"
+      else
+        echo "Error: file not found: $1" >&2
+        exit 2
+      fi
+      ;;
+    --dir)
+      local dir="$1"
+      if [[ ! -d "$dir" ]]; then
+        echo "Error: directory not found: $dir" >&2
+        exit 2
+      fi
+      find "$dir" -type f \( -name '*.md' -o -name '*.cjs' -o -name '*.js' -o -name '*.json' -o -name '*.yml' -o -name '*.yaml' -o -name '*.sh' \) \
+        ! -path '*/node_modules/*' ! -path '*/.git/*' ! -path '*/dist/*' 2>/dev/null || true
+      ;;
+    --stdin)
+      cat
+      ;;
+    *)
+      echo "Usage: $0 --diff [base] | --file <path> | --dir <path> | --stdin" >&2
+      exit 2
+      ;;
+  esac
+}
+
+# ─── Scanner ─────────────────────────────────────────────────────────────────
+
+scan_file() {
+  local file="$1"
+  local found=0
+
+  if is_allowlisted "$file"; then
+    return 0
+  fi
+
+  for pattern in "${PATTERNS[@]}"; do
+    # Use grep -iE for case-insensitive extended regex
+    # -n for line numbers, -c for count mode first to check
+    local matches
+    matches=$(grep -inE -e "$pattern" "$file" 2>/dev/null || true)
+    if [[ -n "$matches" ]]; then
+      if [[ $found -eq 0 ]]; then
+        echo "FAIL: $file"
+        found=1
+      fi
+      echo "$matches" | while IFS= read -r line; do
+        echo "  $line"
+      done
+    fi
+  done
+
+  return $found
+}
+
+# ─── Main ────────────────────────────────────────────────────────────────────
+
+main() {
+  if [[ $# -eq 0 ]]; then
+    echo "Usage: $0 --diff [base] | --file <path> | --dir <path>" >&2
+    exit 2
+  fi
+
+  local mode="$1"
+  shift
+
+  local files
+  files=$(collect_files "$mode" "$@")
+
+  if [[ -z "$files" ]]; then
+    echo "prompt-injection-scan: no files to scan"
+    exit 0
+  fi
+
+  local total=0
+  local failed=0
+
+  while IFS= read -r file; do
+    [[ -z "$file" ]] && continue
+    total=$((total + 1))
+    if ! scan_file "$file"; then
+      failed=$((failed + 1))
+    fi
+  done <<< "$files"
+
+  echo ""
+  echo "prompt-injection-scan: scanned $total files, $failed with findings"
+
+  if [[ $failed -gt 0 ]]; then
+    exit 1
+  fi
+  exit 0
+}
+
+main "$@"