@cloudstreamsoftware/claude-tools 1.0.0 → 1.2.0

package/scripts/hooks/credential-check.js

@@ -0,0 +1,101 @@
+#!/usr/bin/env node
+/**
+ * Credential Check Hook - Scan for hardcoded credentials
+ *
+ * Cross-platform (Windows, macOS, Linux)
+ *
+ * Runs on PreToolUse for Edit|Write operations.
+ * Scans the content being written for hardcoded Zoho/GCP credentials.
+ */
+
+const { readStdinJson, log } = require('../lib/utils');
+
+// Patterns that indicate hardcoded credentials
+const CREDENTIAL_PATTERNS = [
+  // Zoho OAuth tokens
+  { pattern: /1000\.[a-f0-9]{32}\.[a-f0-9]{32}/i, name: 'Zoho OAuth Access Token' },
+  { pattern: /1000\.[a-f0-9]{32,}/i, name: 'Zoho OAuth Token (possible)' },
+  { pattern: /Zoho-oauthtoken\s+[^\s"'${}]+/i, name: 'Zoho OAuth Header with token' },
+
+  // Zoho Client IDs/Secrets (not env var references)
+  { pattern: /client_id["':\s]+1000\.\w+/i, name: 'Zoho Client ID' },
+  { pattern: /client_secret["':\s]+[a-f0-9]{32,}/i, name: 'Zoho Client Secret' },
+
+  // GCP Service Account Keys
+  { pattern: /"type":\s*"service_account"/i, name: 'GCP Service Account JSON' },
+  { pattern: /"private_key":\s*"-----BEGIN/i, name: 'GCP Private Key' },
+  { pattern: /"private_key_id":\s*"[a-f0-9]{40}"/i, name: 'GCP Private Key ID' },
+
+  // Generic API keys (long hex strings not in env var patterns)
+  {
+    pattern: /["']\b[A-Za-z0-9]{32,64}\b["'](?!\s*[,;]\s*\/\/\s*(test|example|placeholder))/i,
+    name: 'Possible API Key (long string)',
+  },
+
+  // AWS keys (in case of cross-cloud work)
+  { pattern: /AKIA[0-9A-Z]{16}/i, name: 'AWS Access Key ID' },
+
+  // Generic secrets
+  { pattern: /password["':\s]+=["'\s]+[^${\s][^\s"']{8,}/i, name: 'Hardcoded Password' },
+];
+
+// Patterns to EXCLUDE (these are safe - env var references, placeholders)
+const SAFE_PATTERNS = [
+  /\$\{[A-Z_]+\}/, // ${ENV_VAR}
+  /process\.env\./, // process.env.VAR
+  /YOUR_.*_HERE/, // Placeholder text
+  /example|placeholder|test/i, // Example values
+  /["']?\$[A-Z_]+["']?/, // $ENV_VAR references
+  /[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/i, // UUIDs
+  /\b[0-9a-f]{40}\b/, // Git SHA hashes (40 hex chars)
+];
+
+async function main() {
+  const input = await readStdinJson();
+
+  // Get the content being written/edited
+  const content = input.tool_input?.new_string || input.tool_input?.content || '';
+
+  if (!content) {
+    console.log(JSON.stringify(input));
+    process.exit(0);
+  }
+
+  const findings = [];
+  const lines = content.split('\n');
+
+  for (let i = 0; i < lines.length; i++) {
+    const line = lines[i];
+
+    // Skip if line matches safe patterns
+    const isSafe = SAFE_PATTERNS.some((p) => p.test(line));
+    if (isSafe) continue;
+
+    for (const { pattern, name } of CREDENTIAL_PATTERNS) {
+      if (pattern.test(line)) {
+        findings.push({ line: i + 1, type: name, content: line.trim().substring(0, 80) });
+      }
+    }
+  }
+
+  if (findings.length > 0) {
+    log('[CredentialCheck] BLOCKED: Potential hardcoded credentials detected!');
+    for (const f of findings.slice(0, 5)) {
+      log(`  Line ${f.line}: ${f.type}`);
+      log(`    ${f.content}...`);
+    }
+    log('[CredentialCheck] Use environment variables or Zoho Connections instead.');
+    log('[CredentialCheck] If this is a false positive, review and confirm the content is safe.');
+    process.exit(2); // Block the operation
+  }
+
+  // Pass through if clean
+  console.log(JSON.stringify(input));
+  process.exit(0);
+}
+
+main().catch((err) => {
+  console.error('[CredentialCheck] Error:', err.message);
+  // Don't block on hook errors
+  process.exit(0);
+});

package/scripts/hooks/evaluate-session.js

@@ -0,0 +1,81 @@
+#!/usr/bin/env node
+/**
+ * Continuous Learning - Session Evaluator
+ *
+ * Cross-platform (Windows, macOS, Linux)
+ *
+ * Runs on Stop hook to extract reusable patterns from Claude Code sessions
+ *
+ * Why Stop hook instead of UserPromptSubmit:
+ * - Stop runs once at session end (lightweight)
+ * - UserPromptSubmit runs every message (heavy, adds latency)
+ */
+
+const path = require('path');
+const fs = require('fs');
+const { getLearnedSkillsDir, ensureDir, readFile, countInFile, log } = require('../lib/utils');
+
+async function main() {
+  // Get script directory to find config
+  const scriptDir = __dirname;
+  const configFile = path.join(
+    scriptDir,
+    '..',
+    '..',
+    'skills',
+    'continuous-learning',
+    'config.json'
+  );
+
+  // Default configuration
+  let minSessionLength = 10;
+  let learnedSkillsPath = getLearnedSkillsDir();
+
+  // Load config if exists
+  const configContent = readFile(configFile);
+  if (configContent) {
+    try {
+      const config = JSON.parse(configContent);
+      minSessionLength = config.min_session_length || 10;
+
+      if (config.learned_skills_path) {
+        // Handle ~ in path
+        learnedSkillsPath = config.learned_skills_path.replace(/^~/, require('os').homedir());
+      }
+    } catch {
+      // Invalid config, use defaults
+    }
+  }
+
+  // Ensure learned skills directory exists
+  ensureDir(learnedSkillsPath);
+
+  // Get transcript path from environment (set by Claude Code)
+  const transcriptPath = process.env.CLAUDE_TRANSCRIPT_PATH;
+
+  if (!transcriptPath || !fs.existsSync(transcriptPath)) {
+    process.exit(0);
+  }
+
+  // Count user messages in session
+  const messageCount = countInFile(transcriptPath, /"type":"user"/g);
+
+  // Skip short sessions
+  if (messageCount < minSessionLength) {
+    log(`[ContinuousLearning] Session too short (${messageCount} messages), skipping`);
+    process.exit(0);
+  }
+
+  // Signal to Claude that session should be evaluated for extractable patterns
+  log(
+    `[ContinuousLearning] Session has ${messageCount} messages - evaluate for extractable patterns`
+  );
+  log(`[ContinuousLearning] Save learned skills to: ${learnedSkillsPath}`);
+
+  process.exit(0);
+}
+
+main().catch((err) => {
+  console.error('[ContinuousLearning] Error:', err.message);
+  process.exit(0);
+});

package/scripts/hooks/pre-compact.js

@@ -0,0 +1,66 @@
+#!/usr/bin/env node
+/**
+ * PreCompact Hook - Save state before context compaction
+ *
+ * Cross-platform (Windows, macOS, Linux)
+ *
+ * Runs before Claude compacts context, giving you a chance to
+ * preserve important state that might get lost in summarization.
+ */
+
+const path = require('path');
+const {
+  getSessionsDir,
+  getDateTimeString,
+  getTimeString,
+  findFiles,
+  ensureDir,
+  appendFile,
+  writeFile,
+  log,
+} = require('../lib/utils');
+
+async function main() {
+  const sessionsDir = getSessionsDir();
+  const compactionLog = path.join(sessionsDir, 'compaction-log.txt');
+
+  ensureDir(sessionsDir);
+
+  // Log compaction event with timestamp
+  const timestamp = getDateTimeString();
+  appendFile(compactionLog, `[${timestamp}] Context compaction triggered\n`);
+
+  // If there's an active session file, note the compaction
+  const sessions = findFiles(sessionsDir, '*.tmp');
+
+  if (sessions.length > 0) {
+    const activeSession = sessions[0].path;
+    const timeStr = getTimeString();
+    appendFile(
+      activeSession,
+      `\n---\n**[Compaction occurred at ${timeStr}]** - Context was summarized\n`
+    );
+  }
+
+  // Preserve compliance mode and client context
+  const clientContext = {
+    timestamp: timestamp,
+    complianceMode: process.env.CLOUDSTREAM_COMPLIANCE_MODE || 'standard',
+    activeClient: process.env.CLOUDSTREAM_CLIENT_ID || 'unknown',
+    zohoOrg: process.env.ZOHO_ORG_ID || 'not-set',
+  };
+
+  const contextFile = path.join(sessionsDir, 'pre-compact-context.json');
+  writeFile(contextFile, JSON.stringify(clientContext, null, 2));
+
+  log('[PreCompact] State saved before compaction');
+  log(
+    `[PreCompact] Client: ${clientContext.activeClient} | Compliance: ${clientContext.complianceMode}`
+  );
+  process.exit(0);
+}
+
+main().catch((err) => {
+  console.error('[PreCompact] Error:', err.message);
+  process.exit(0);
+});

package/scripts/hooks/prompt-analyzer.js

@@ -0,0 +1,276 @@
+#!/usr/bin/env node
+
+/**
+ * Prompt Analyzer Hook - Real-Time Correction Detection
+ *
+ * This hook runs on UserPromptSubmit to detect corrections in real-time.
+ * When a user says "no", "actually", "instead", etc., we capture the
+ * correction pattern immediately for same-session learning.
+ *
+ * Performance Target: <100ms (non-blocking, lightweight analysis)
+ *
+ * Hook Type: UserPromptSubmit
+ */
+
+const { readStdinJson, log, output } = require('../lib/utils');
+const {
+  recordCorrection,
+  incrementMessageCount,
+  updateContext,
+  hasCorrection,
+} = require('../lib/session-memory');
+
+// Correction detection patterns
+const CORRECTION_PATTERNS = {
+  // Direct negation
+  negation: [
+    /^no[,.]?\s/i,
+    /^that's (wrong|incorrect|not right)/i,
+    /^that (is|was) (wrong|incorrect|not right)/i,
+    /^not (what|how|that)/i,
+    /^wrong[,.]?\s/i,
+  ],
+
+  // Redirection
+  redirection: [
+    /^(actually|instead)[,.]?\s/i,
+    /^i (meant|want|need)/i,
+    /^what i (meant|want|need)/i,
+    /^let me clarify/i,
+    /^to clarify/i,
+  ],
+
+  // Explicit stop commands
+  stopCommands: [
+    /^(don't|do not|stop|never)\s/i,
+    /^please (don't|do not|stop)/i,
+    /^avoid\s/i,
+    /^(skip|ignore)\s/i,
+  ],
+
+  // Preference statements
+  preferences: [
+    /^(always|prefer|use)\s/i,
+    /^i (prefer|like|want)\s/i,
+    /^(from now on|going forward)/i,
+  ],
+};
+
+// Technology detection patterns
+const TECHNOLOGY_PATTERNS = {
+  zoho: /\b(zoho|creator|catalyst|deluge|crm|books|analytics)\b/i,
+  gcp: /\b(gcp|bigquery|dataflow|cloud (function|storage|run)|google cloud)\b/i,
+  react: /\b(react|tsx|jsx|component|hook|usestate|useeffect)\b/i,
+  typescript: /\b(typescript|ts|type|interface|enum)\b/i,
+  node: /\b(node|npm|pnpm|yarn|express|fastify)\b/i,
+  python: /\b(python|pip|django|flask|pandas)\b/i,
+};
+
+// Compliance mode detection
+const COMPLIANCE_PATTERNS = {
+  hipaa: /\b(hipaa|phi|ephi|healthcare|patient|medical)\b/i,
+  soc2: /\b(soc2|soc 2|audit log|access control)\b/i,
+  pci: /\b(pci|pci-dss|payment|card|checkout)\b/i,
+};
+
+/**
+ * Analyze user prompt for corrections and context
+ */
+function analyzePrompt(prompt) {
+  if (!prompt || typeof prompt !== 'string') {
+    return null;
+  }
+
+  const analysis = {
+    isCorrection: false,
+    correctionType: null,
+    correctionMatch: null,
+    technologies: [],
+    complianceMode: null,
+    suggestedCategory: 'general',
+  };
+
+  // Trim and normalize
+  const normalizedPrompt = prompt.trim();
+
+  // Check for corrections
+  for (const [type, patterns] of Object.entries(CORRECTION_PATTERNS)) {
+    for (const pattern of patterns) {
+      if (pattern.test(normalizedPrompt)) {
+        analysis.isCorrection = true;
+        analysis.correctionType = type;
+        analysis.correctionMatch = pattern.toString();
+        break;
+      }
+    }
+    if (analysis.isCorrection) break;
+  }
+
+  // Determine correction category based on content
+  if (analysis.isCorrection) {
+    if (
+      /\b(format|indent|space|tab|semicolon|quote|naming|variable|function name)\b/i.test(
+        normalizedPrompt
+      )
+    ) {
+      analysis.suggestedCategory = 'code_style';
+    } else if (
+      /\b(approach|algorithm|pattern|architecture|design|solution)\b/i.test(normalizedPrompt)
+    ) {
+      analysis.suggestedCategory = 'approach';
+    } else if (/\b(tool|command|use|run|execute)\b/i.test(normalizedPrompt)) {
+      analysis.suggestedCategory = 'tool_usage';
+    } else if (/\b(explain|describe|tell|say|word|phrase)\b/i.test(normalizedPrompt)) {
+      analysis.suggestedCategory = 'communication';
+    }
+  }
+
+  // Detect technologies
+  for (const [tech, pattern] of Object.entries(TECHNOLOGY_PATTERNS)) {
+    if (pattern.test(normalizedPrompt)) {
+      analysis.technologies.push(tech);
+    }
+  }
+
+  // Detect compliance mode
+  for (const [mode, pattern] of Object.entries(COMPLIANCE_PATTERNS)) {
+    if (pattern.test(normalizedPrompt)) {
+      analysis.complianceMode = mode;
+      break;
+    }
+  }
+
+  return analysis;
+}
+
+/**
+ * Extract what Claude did wrong from the correction message
+ */
+function extractOriginalBehavior(prompt) {
+  // Try to extract what was being corrected
+  const extractors = [
+    /don't\s+(.+?)(?:\.|$)/i,
+    /stop\s+(.+?)(?:\.|$)/i,
+    /never\s+(.+?)(?:\.|$)/i,
+    /avoid\s+(.+?)(?:\.|$)/i,
+    /instead of\s+(.+?),/i,
+    /not\s+(.+?),\s*(but|use|do)/i,
+  ];
+
+  for (const pattern of extractors) {
+    const match = prompt.match(pattern);
+    if (match && match[1]) {
+      return match[1].trim();
+    }
+  }
+
+  // Fallback: return first 50 chars as context
+  return prompt.substring(0, 50) + (prompt.length > 50 ? '...' : '');
+}
+
+/**
+ * Extract what the user wants instead
+ */
+function extractCorrectedBehavior(prompt) {
+  // Try to extract the correction
+  const extractors = [
+    /instead[,.]?\s+(.+?)(?:\.|$)/i,
+    /use\s+(.+?)(?:\s+instead|\.|$)/i,
+    /do\s+(.+?)(?:\s+instead|\.|$)/i,
+    /(?:prefer|want|like)\s+(.+?)(?:\.|$)/i,
+    /should\s+(.+?)(?:\.|$)/i,
+  ];
+
+  for (const pattern of extractors) {
+    const match = prompt.match(pattern);
+    if (match && match[1]) {
+      return match[1].trim();
+    }
+  }
+
+  // Fallback: return the prompt itself as the correction
+  return prompt.substring(0, 100) + (prompt.length > 100 ? '...' : '');
+}
+
+/**
+ * Main hook execution
+ */
+async function main() {
+  try {
+    // Read hook input from stdin
+    const input = await readStdinJson();
+
+    // Get the user's prompt
+    const userPrompt = input.user_prompt || input.prompt || '';
+
+    // Increment message count
+    incrementMessageCount();
+
+    // Analyze the prompt
+    const analysis = analyzePrompt(userPrompt);
+
+    if (!analysis) {
+      // Pass through unchanged
+      output(JSON.stringify(input));
+      return;
+    }
+
+    // Update context with detected technologies and compliance mode
+    if (analysis.technologies.length > 0 || analysis.complianceMode) {
+      updateContext({
+        technologies: analysis.technologies,
+        complianceMode: analysis.complianceMode,
+      });
+    }
+
+    // If this is a correction, record it
+    if (analysis.isCorrection) {
+      const original = extractOriginalBehavior(userPrompt);
+      const corrected = extractCorrectedBehavior(userPrompt);
+
+      // Check if we've seen this correction before
+      const previousCorrection = hasCorrection(analysis.suggestedCategory, original);
+
+      if (previousCorrection) {
+        // We've made this mistake before - this is serious
+        log(
+          `[Learning] REPEATED CORRECTION detected: "${original}" (seen ${previousCorrection.count + 1}x)`
+        );
+        log(`[Learning] Consider creating a rule to prevent this pattern`);
+      }
+
+      // Record the correction
+      const record = recordCorrection({
+        category: analysis.suggestedCategory,
+        original,
+        corrected,
+        context: {
+          type: analysis.correctionType,
+          technologies: analysis.technologies,
+          fullPrompt: userPrompt.substring(0, 200),
+        },
+      });
+
+      // Log for visibility
+      log(
+        `[Learning] Correction recorded: ${analysis.suggestedCategory} - "${original.substring(0, 40)}..."`
+      );
+
+      // If this is a stopCommand, make it very visible
+      if (analysis.correctionType === 'stopCommands') {
+        log(`[Learning] STOP COMMAND: Will avoid "${original}" in this session`);
+      }
+    }
+
+    // Pass through the input unchanged (we just recorded, didn't modify)
+    output(JSON.stringify(input));
+  } catch (err) {
+    // On error, log but don't block
+    log(`[PromptAnalyzer] Error: ${err.message}`);
+    // Pass through empty to avoid blocking
+    output('{}');
+  }
+}
+
+// Run
+main();