npm - @codyswann/lisa - Versions diffs - 1.38.0 → 1.39.0 - Mend

@codyswann/lisa 1.38.0 → 1.39.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (57) hide show

package/typescript/copy-overwrite/.github/workflows/quality.yml CHANGED Viewed

@@ -1015,11 +1015,7 @@ jobs:
             # Parent packages pin ^4.4.1; fix requires major version 5.x (incompatible)
             # Risk: None - CLI build tool, not a production runtime dependency
-            # Excluding GHSA-43fc-jf86-j433: axios DoS via __proto__ key in mergeConfig
-            # Transitive dependency via aws-amplify > @aws-amplify/api-rest > axios
-            # bun overrides/resolutions cannot reach nested node_modules copies
-            # Risk: Low - only affects server-side mergeConfig with attacker-controlled input
-            if ! bun audit --audit-level=high --ignore GHSA-5j98-mcp5-4vw2 --ignore GHSA-8qq5-rm4j-mr97 --ignore GHSA-37qj-frw5-hhjh --ignore GHSA-43fc-jf86-j433; then
+            if ! bun audit --audit-level=high --ignore GHSA-5j98-mcp5-4vw2 --ignore GHSA-8qq5-rm4j-mr97 --ignore GHSA-37qj-frw5-hhjh; then
               echo "::warning::Found high or critical vulnerabilities"
               exit 1
             fi

package/all/copy-overwrite/.claude/REFERENCE.md DELETED Viewed

@@ -1,519 +0,0 @@
-# Claude Code Hooks & Settings Reference
-Complete expert reference for Claude Code hooks and `.claude/settings.json` configuration.
----
-## Hook Event Types (13 total)
-| Event | Trigger | Matcher Support |
-|-------|---------|-----------------|
-| `SessionStart` | Session begins/resumes | `startup`, `resume`, `clear`, `compact` |
-| `SessionEnd` | Session terminates | `clear`, `logout`, `prompt_input_exit`, `other` |
-| `Setup` | `--init`, `--init-only`, `--maintenance` flags | `init`, `maintenance` |
-| `PreToolUse` | Before tool call processes | Tool names (regex supported) |
-| `PostToolUse` | After tool succeeds | Tool names (regex supported) |
-| `PostToolUseFailure` | After tool fails | Tool names (regex supported) |
-| `PermissionRequest` | Permission dialog appears | Tool names |
-| `SubagentStart` | Subagent spawns | N/A |
-| `SubagentStop` | Subagent finishes | N/A |
-| `Stop` | Main agent finishes (not interrupted) | N/A |
-| `UserPromptSubmit` | User submits prompt | N/A |
-| `Notification` | Notifications sent | `permission_prompt`, `idle_prompt`, `auth_success`, `elicitation_dialog` |
-| `PreCompact` | Before context compaction | `manual`, `auto` |
----
-## Complete settings.json Schema
-```json
-{
-  "permissions": {
-    "allow": ["Bash(npm run:*)", "Read"],
-    "ask": ["Bash(git push:*)"],
-    "deny": ["Bash(rm -rf:*)", "Read(./.env.*)"],
-    "additionalDirectories": ["../docs/"],
-    "defaultMode": "default | acceptEdits | plan | bypassPermissions | dontAsk",
-    "disableBypassPermissionsMode": "disable | warn"
-  },
-  "hooks": {},
-  "disableAllHooks": false,
-  "allowManagedHooksOnly": false,
-  "env": {
-    "ANTHROPIC_API_KEY": "sk-...",
-    "BASH_DEFAULT_TIMEOUT_MS": "30000",
-    "BASH_MAX_TIMEOUT_MS": "7200000",
-    "CLAUDE_CODE_ENABLE_TELEMETRY": "1",
-    "CLAUDE_CODE_MAX_OUTPUT_TOKENS": "32000",
-    "MAX_THINKING_TOKENS": "31999",
-    "OTEL_METRICS_EXPORTER": "otlp",
-    "OTEL_EXPORTER_OTLP_ENDPOINT": "...",
-    "CUSTOM_VAR": "value"
-  },
-  "model": "string",
-  "alwaysThinkingEnabled": false,
-  "statusLine": { "type": "command", "command": "<HOME>/.claude/statusline.sh" },
-  "outputStyle": "string",
-  "language": "string",
-  "spinnerTipsEnabled": true,
-  "terminalProgressBarEnabled": true,
-  "showTurnDuration": true,
-  "attribution": {
-    "commit": "🤖 Generated with Claude Code\n\nCo-Authored-By: ...",
-    "pr": "🤖 Generated with Claude Code"
-  },
-  "includeCoAuthoredBy": false,
-  "forceLoginMethod": "claudeai | console",
-  "forceLoginOrgUUID": "string",
-  "apiKeyHelper": "string",
-  "awsAuthRefresh": "string",
-  "awsCredentialExport": "string",
-  "otelHeadersHelper": "string",
-  "enableAllProjectMcpServers": false,
-  "enabledMcpjsonServers": [],
-  "disabledMcpjsonServers": [],
-  "allowedMcpServers": [],
-  "deniedMcpServers": [],
-  "enabledPlugins": { "plugin-name@marketplace": true },
-  "extraKnownMarketplaces": {},
-  "strictKnownMarketplaces": [],
-  "respectGitignore": true,
-  "fileSuggestion": { "type": "command", "command": "..." },
-  "additionalDirectories": [],
-  "sandbox": {
-    "enabled": true,
-    "autoAllowBashIfSandboxed": true,
-    "excludedCommands": ["git", "docker"],
-    "allowUnsandboxedCommands": true,
-    "network": {
-      "allowUnixSockets": ["<HOME>/.ssh/agent-socket"],
-      "allowLocalBinding": true,
-      "httpProxyPort": 8080,
-      "socksProxyPort": 8081
-    },
-    "enableWeakerNestedSandbox": false
-  },
-  "cleanupPeriodDays": 30,
-  "autoUpdatesChannel": "stable | latest",
-  "plansDirectory": "string",
-  "companyAnnouncements": []
-}
-```
----
-## Hook Configuration Structure
-```json
-{
-  "hooks": {
-    "EventName": [
-      {
-        "matcher": "ToolPattern",
-        "hooks": [
-          {
-            "type": "command",
-            "command": "bash-cmd",
-            "timeout": 60
-          }
-        ]
-      }
-    ]
-  }
-}
-```
-### Hook Types
-| Type | Description |
-|------|-------------|
-| `command` | Executes bash command synchronously |
-| `prompt` | Sends JSON input to LLM (Haiku) for decision |
-**Prompt-based hooks** only support: `Stop`, `SubagentStop`, `UserPromptSubmit`, `PreToolUse`, `PermissionRequest`
-Prompt hooks must return JSON: `{"ok": true|false, "reason": "explanation"}`
----
-## Environment Variables Available to Hooks
-| Variable | Description | Availability |
-|----------|-------------|--------------|
-| `CLAUDE_PROJECT_DIR` | Absolute path to project root | Always |
-| `CLAUDE_CODE_REMOTE` | `"true"` if web environment | Always |
-| `CLAUDE_ENV_FILE` | File path to persist env vars | SessionStart/Setup only |
-| `CLAUDE_PLUGIN_ROOT` | Plugin directory path | Plugin hooks only |
----
-## Exit Code Behavior
-| Exit Code | Behavior |
-|-----------|----------|
-| **0** | Success - stdout processed for JSON or added as context |
-| **2** | Blocking error - prevents action, stderr shown to Claude |
-| **Other** | Non-blocking error - stderr shown in verbose mode |
----
-## Blocking vs Non-Blocking Hooks
-### Blocking Hooks (Exit Code 2)
-| Event | Effect |
-|-------|--------|
-| `PreToolUse` | Blocks tool call, shows stderr to Claude |
-| `PermissionRequest` | Denies permission, shows stderr to Claude |
-| `PostToolUse` | Shows stderr to Claude (tool already ran) |
-| `UserPromptSubmit` | Erases submitted prompt, shows stderr to user only |
-| `Stop`/`SubagentStop` | Blocks stoppage, shows stderr to Claude |
-| `Setup`/`SessionStart`/`SessionEnd`/`PreCompact`/`Notification` | Shows stderr to user only |
----
-## Matcher Patterns
-| Pattern | Matches |
-|---------|---------|
-| `Write` | Exact match only |
-| `Edit\|Write` | Either tool (regex OR) |
-| `npm run:*` | Prefix + word boundary (`npm run lint` yes, `npm runtest` no) |
-| `ls*` | Glob anywhere (`ls -la`, `lsof`) |
-| `Notebook.*` | Regex pattern (all Notebook tools) |
-| `mcp__server__.*` | All MCP server tools |
-| `""` or omit | All tools/events |
-### Common Tool Names for Matching
-**Core Tools:**
-`Bash`, `Write`, `Edit`, `Read`, `Glob`, `Grep`, `WebFetch`, `WebSearch`
-**Notebook Tools:**
-`Notebook`, `NotebookEdit`
-**Agent & Task Tools:**
-`Task`, `TaskCreate`, `TaskUpdate`, `TaskList`, `TaskGet`
-**Skill & Planning Tools:**
-`Skill`, `EnterPlanMode`, `ExitPlanMode`, `AskUserQuestion`
-**Advanced Tools:**
-`LSP`, `Computer`, `ToolSearch`, `TeammateTool`
-**MCP Tools Pattern:**
-`mcp__<server>__<tool>` (e.g., `mcp__memory__create_entities`)
----
-## Settings File Locations & Precedence
-| Scope | Location | Shared | Precedence |
-|-------|----------|--------|------------|
-| Managed | System-level `managed-settings.json` | Yes (IT deployed) | Highest (cannot override) |
-| User | `<HOME>/.claude/settings.json` | No | Normal |
-| Project | `.claude/settings.json` | Yes (in git) | Normal |
-| Local | `.claude/settings.local.json` | No (gitignored) | Normal |
-### Managed Settings Locations
-| OS | Path |
-|----|------|
-| macOS | `<SYSTEM_CONFIG>/ClaudeCode/` |
-| Linux/WSL | `<SYSTEM_CONFIG>/claude-code/` |
-| Windows | `<SYSTEM_CONFIG>\ClaudeCode\` |
----
-## Hook Output Handling by Event
-| Event | stdout | stderr |
-|-------|--------|--------|
-| PreToolUse/PostToolUse/Stop/SubagentStop | Shown in verbose mode, JSON parsed for control | Shown in verbose mode |
-| Notification/SessionEnd | Logged to debug only (`--debug`) | Logged to debug only |
-| UserPromptSubmit/SessionStart/Setup | **Added to Claude's context** | Shown to user in verbose mode |
----
-## Hook Input Schema (Common Fields)
-All hook inputs include:
-```json
-{
-  "session_id": "abc123",
-  "transcript_path": "/path/to/transcript.jsonl",
-  "cwd": "/current/working/directory",
-  "permission_mode": "default | plan | acceptEdits | dontAsk | bypassPermissions",
-  "hook_event_name": "EventName"
-}
-```
-### PreToolUse Input
-```json
-{
-  "tool_name": "Bash | Write | Edit | Read | Glob | Grep | WebFetch | WebSearch | Task",
-  "tool_input": {
-    "command": "...",
-    "description": "...",
-    "timeout": 120000,
-    "run_in_background": false
-  },
-  "tool_use_id": "toolu_01ABC123..."
-}
-```
-### PostToolUse Input
-```json
-{
-  "tool_name": "...",
-  "tool_input": {},
-  "tool_response": {},
-  "tool_use_id": "toolu_01ABC123..."
-}
-```
-### Notification Input
-```json
-{
-  "message": "Claude needs your permission to use Bash",
-  "notification_type": "permission_prompt | idle_prompt | auth_success | elicitation_dialog"
-}
-```
-### UserPromptSubmit Input
-```json
-{
-  "prompt": "User's prompt text"
-}
-```
-### Stop Input
-```json
-{
-  "stop_hook_active": false
-}
-```
-### SubagentStop Input
-```json
-{
-  "stop_hook_active": false,
-  "agent_id": "def456",
-  "agent_transcript_path": "/path/to/subagent/transcript.jsonl"
-}
-```
-### SubagentStart Input
-```json
-{
-  "agent_id": "agent-abc123",
-  "agent_type": "Explore | Bash | Plan | CustomAgentName"
-}
-```
-### SessionStart Input
-```json
-{
-  "source": "startup | resume | clear | compact",
-  "model": "claude-sonnet-4-20250514",
-  "agent_type": "AgentName"
-}
-```
-### SessionEnd Input
-```json
-{
-  "reason": "exit | clear | logout | prompt_input_exit | other"
-}
-```
-### Setup Input
-```json
-{
-  "trigger": "init | maintenance"
-}
-```
-### PreCompact Input
-```json
-{
-  "trigger": "manual | auto",
-  "custom_instructions": ""
-}
-```
----
-## Hook-Specific Output Schemas
-### PreToolUse Output
-```json
-{
-  "hookSpecificOutput": {
-    "hookEventName": "PreToolUse",
-    "permissionDecision": "allow | deny | ask",
-    "permissionDecisionReason": "Optional explanation",
-    "updatedInput": {
-      "field_name": "new_value"
-    },
-    "additionalContext": "Additional context for Claude"
-  }
-}
-```
-### PermissionRequest Output
-```json
-{
-  "hookSpecificOutput": {
-    "hookEventName": "PermissionRequest",
-    "decision": {
-      "behavior": "allow | deny",
-      "message": "Why denied",
-      "interrupt": true,
-      "updatedInput": {}
-    }
-  }
-}
-```
-### PostToolUse Output
-```json
-{
-  "hookSpecificOutput": {
-    "hookEventName": "PostToolUse",
-    "additionalContext": "Feedback for Claude"
-  },
-  "decision": "block | undefined",
-  "reason": "Why blocked (if decision=block)"
-}
-```
-### UserPromptSubmit Output
-```json
-{
-  "hookSpecificOutput": {
-    "hookEventName": "UserPromptSubmit",
-    "additionalContext": "Additional context to add"
-  },
-  "decision": "block | undefined",
-  "reason": "Why blocked"
-}
-```
-### Stop/SubagentStop Output
-```json
-{
-  "decision": "block | undefined",
-  "reason": "Why blocked (required when blocked)"
-}
-```
-### SessionStart/Setup Output
-```json
-{
-  "hookSpecificOutput": {
-    "hookEventName": "SessionStart | Setup",
-    "additionalContext": "Context to inject"
-  }
-}
-```
----
-## Permission Evaluation Order
-First match wins:
-1. **Deny rules** (highest priority)
-2. **Ask rules**
-3. **Allow rules** (lowest priority)
----
-## Wildcard Patterns in Permissions
-| Pattern | Description |
-|---------|-------------|
-| `:*` | Prefix matching with word boundary |
-| `*` | Glob matching anywhere |
-| `**` | Recursive glob |
-Examples:
-- `Bash(npm run:*)` - matches "npm run lint" but NOT "npm runtest"
-- `Bash(ls*)` - matches both "ls -la" and "lsof"
-- `Read(./secrets/**)` - matches all files under ./secrets/
----
-## Best Practices
-1. **Blocking behavior for enforcement**: When creating hooks for linting, code quality, or static analysis, use blocking behavior (exit 2) so Claude receives feedback and can fix errors.
-2. **Notification hooks**: Notification-only hooks should exit 0 since they don't require Claude to take action.
-3. **JSON parsing**: Never parse JSON in shell scripts using grep/sed/cut/awk—always use `jq` for robust JSON handling.
-4. **Environment persistence**: Use `CLAUDE_ENV_FILE` in SessionStart/Setup hooks to persist environment variables across subsequent bash commands:
-   ```bash
-   echo 'export VAR=value' >> "$CLAUDE_ENV_FILE"
-   ```
-5. **Timeout configuration**: Default is 60 seconds per hook. Configure per-hook with `"timeout"` field (in seconds).
----
----
-## Claude Code System Prompts Reference
-Comprehensive catalog of all 110+ system prompts used by Claude Code v2.1.19+. Maintained by Piebald AI and updated within minutes of each Claude Code release.
-**What It Contains:**
-- Main system prompt and ~40 system reminders
-- 18+ tool descriptions (Bash, Write, Edit, Read, WebFetch, WebSearch, etc.)
-- Specialized agent prompts (Explore, Plan, Task execution)
-- Creation assistants (Agent architect, CLAUDE.md generator, status line setup)
-- Slash command implementations (/security-review, /review-pr, /pr-comments)
-- Utility functions (summarization, session management, security analysis)
-**Why It's Useful:**
-Understand exactly how Claude Code is instructed to operate across different scenarios. Reference for customization via tweakcc tool.
-**Repository:** [Piebald-AI/claude-code-system-prompts](https://github.com/Piebald-AI/claude-code-system-prompts)
----
-## Sources
-- [Claude Code Hooks Reference](https://docs.anthropic.com/en/docs/claude-code/hooks)
-- [Claude Code Settings Documentation](https://docs.anthropic.com/en/docs/claude-code/settings)
-- [Claude Code System Prompts Repository](https://github.com/Piebald-AI/claude-code-system-prompts)

package/all/copy-overwrite/.claude/agents/codebase-analyzer.md DELETED Viewed

@@ -1,146 +0,0 @@
----
-name: codebase-analyzer
-description: Analyzes codebase implementation details. Call the codebase-analyzer agent when you need to find detailed information about specific components. As always, the more detailed your request prompt, the better! :)
-model: inherit
----
-You are a specialist at understanding HOW code works. Your job is to analyze implementation details, trace data flow, and explain technical workings with precise file:line references.
-## CRITICAL: YOUR ONLY JOB IS TO DOCUMENT AND EXPLAIN THE CODEBASE AS IT EXISTS TODAY
-- DO NOT suggest improvements or changes unless the user explicitly asks for them
-- DO NOT perform root cause analysis unless the user explicitly asks for them
-- DO NOT propose future enhancements unless the user explicitly asks for them
-- DO NOT critique the implementation or identify "problems"
-- DO NOT comment on code quality, performance issues, or security concerns
-- DO NOT suggest refactoring, optimization, or better approaches
-- ONLY describe what exists, how it works, and how components interact
-## Core Responsibilities
-1. **Analyze Implementation Details**
-   - Read specific files to understand logic
-   - Identify key functions and their purposes
-   - Trace method calls and data transformations
-   - Note important algorithms or patterns
-2. **Trace Data Flow**
-   - Follow data from entry to exit points
-   - Map transformations and validations
-   - Identify state changes and side effects
-   - Document API contracts between components
-3. **Identify Architectural Patterns**
-   - Recognize design patterns in use
-   - Note architectural decisions
-   - Identify conventions and best practices
-   - Find integration points between systems
-## Analysis Strategy
-### Step 1: Read Entry Points
-- Start with main files mentioned in the request
-- Look for exports, public methods, or route handlers
-- Identify the "surface area" of the component
-### Step 2: Follow the Code Path
-- Trace function calls step by step
-- Read each file involved in the flow
-- Note where data is transformed
-- Identify external dependencies
-- Take time to ultrathink about how all these pieces connect and interact
-### Step 3: Document Key Logic
-- Document business logic as it exists
-- Describe validation, transformation, error handling
-- Explain any complex algorithms or calculations
-- Note configuration or feature flags being used
-- DO NOT evaluate if the logic is correct or optimal
-- DO NOT identify potential bugs or issues
-## Output Format
-Structure your analysis like this:
-```
-## Analysis: [Feature/Component Name]
-### Overview
-[2-3 sentence summary of how it works]
-### Entry Points
-- `api/routes.js:45` - POST /webhooks endpoint
-- `handlers/webhook.js:12` - handleWebhook() function
-### Core Implementation
-#### 1. Request Validation (`handlers/webhook.js:15-32`)
-- Validates signature using HMAC-SHA256
-- Checks timestamp to prevent replay attacks
-- Returns 401 if validation fails
-#### 2. Data Processing (`services/webhook-processor.js:8-45`)
-- Parses webhook payload at line 10
-- Transforms data structure at line 23
-- Queues for async processing at line 40
-#### 3. State Management (`stores/webhook-store.js:55-89`)
-- Stores webhook in database with status 'pending'
-- Updates status after processing
-- Implements retry logic for failures
-### Data Flow
-1. Request arrives at `api/routes.js:45`
-2. Routed to `handlers/webhook.js:12`
-3. Validation at `handlers/webhook.js:15-32`
-4. Processing at `services/webhook-processor.js:8`
-5. Storage at `stores/webhook-store.js:55`
-### Key Patterns
-- **Factory Pattern**: WebhookProcessor created via factory at `factories/processor.js:20`
-- **Repository Pattern**: Data access abstracted in `stores/webhook-store.js`
-- **Middleware Chain**: Validation middleware at `middleware/auth.js:30`
-### Configuration
-- Webhook secret from `config/webhooks.js:5`
-- Retry settings at `config/webhooks.js:12-18`
-- Feature flags checked at `utils/features.js:23`
-### Error Handling
-- Validation errors return 401 (`handlers/webhook.js:28`)
-- Processing errors trigger retry (`services/webhook-processor.js:52`)
-- Failed webhooks logged to `logs/webhook-errors.log`
-```
-## Important Guidelines
-- **Always include file:line references** for claims
-- **Read files thoroughly** before making statements
-- **Trace actual code paths** don't assume
-- **Focus on "how"** not "what" or "why"
-- **Be precise** about function names and variables
-- **Note exact transformations** with before/after
-## What NOT to Do
-- Don't guess about implementation
-- Don't skip error handling or edge cases
-- Don't ignore configuration or dependencies
-- Don't make architectural recommendations
-- Don't analyze code quality or suggest improvements
-- Don't identify bugs, issues, or potential problems
-- Don't comment on performance or efficiency
-- Don't suggest alternative implementations
-- Don't critique design patterns or architectural choices
-- Don't perform root cause analysis of any issues
-- Don't evaluate security implications
-- Don't recommend best practices or improvements
-## REMEMBER: You are a documentarian, not a critic or consultant
-Your sole purpose is to explain HOW the code currently works, with surgical precision and exact references. You are creating technical documentation of the existing implementation, NOT performing a code review or consultation.
-Think of yourself as a technical writer documenting an existing system for someone who needs to understand it, not as an engineer evaluating or improving it. Help users understand the implementation exactly as it exists today, without any judgment or suggestions for change.