@codyswann/lisa 2.143.2 → 2.144.0

package/package.json

@@ -84,7 +84,7 @@
     "lodash": ">=4.18.1"
   },
   "name": "@codyswann/lisa",
-  "version": "2.143.2",
+  "version": "2.144.0",
   "description": "Claude Code governance framework that applies guardrails, guidance, and automated enforcement to projects",
   "main": "dist/index.js",
   "exports": {

package/plugins/lisa/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa",
-  "version": "2.143.2",
+  "version": "2.144.0",
   "description": "Universal governance — agents, skills, commands, hooks, and rules for all projects",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa/.codex-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa",
-  "version": "2.143.2",
+  "version": "2.144.0",
   "description": "Universal governance: agents, skills, commands, hooks, and rules for all projects.",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-agy/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa",
-  "version": "2.143.2",
+  "version": "2.144.0",
   "description": "Universal governance — agents, skills, commands, hooks, and rules for all projects",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-cdk/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-cdk",
-  "version": "2.143.2",
+  "version": "2.144.0",
   "description": "AWS CDK-specific plugin",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-cdk/.codex-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-cdk",
-  "version": "2.143.2",
+  "version": "2.144.0",
   "description": "AWS CDK-specific Lisa plugin.",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-cdk-agy/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-cdk",
-  "version": "2.143.2",
+  "version": "2.144.0",
   "description": "AWS CDK-specific plugin",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-cdk-copilot/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-cdk",
-  "version": "2.143.2",
+  "version": "2.144.0",
   "description": "AWS CDK-specific plugin",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-cdk-cursor/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-cdk",
-  "version": "2.143.2",
+  "version": "2.144.0",
   "description": "AWS CDK-specific plugin",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-copilot/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa",
-  "version": "2.143.2",
+  "version": "2.144.0",
   "description": "Universal governance — agents, skills, commands, hooks, and rules for all projects",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-cursor/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa",
-  "version": "2.143.2",
+  "version": "2.144.0",
   "description": "Universal governance — agents, skills, commands, hooks, and rules for all projects",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-expo/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-expo",
-  "version": "2.143.2",
+  "version": "2.144.0",
   "description": "Expo/React Native-specific skills, agents, rules, and MCP servers",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-expo/.codex-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-expo",
-  "version": "2.143.2",
+  "version": "2.144.0",
   "description": "Expo and React Native-specific skills, agents, rules, and MCP servers.",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-expo-agy/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-expo",
-  "version": "2.143.2",
+  "version": "2.144.0",
   "description": "Expo/React Native-specific skills, agents, rules, and MCP servers",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-expo-copilot/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-expo",
-  "version": "2.143.2",
+  "version": "2.144.0",
   "description": "Expo/React Native-specific skills, agents, rules, and MCP servers",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-expo-cursor/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-expo",
-  "version": "2.143.2",
+  "version": "2.144.0",
   "description": "Expo/React Native-specific skills, agents, rules, and MCP servers",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-harper-fabric/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-harper-fabric",
-  "version": "2.143.2",
+  "version": "2.144.0",
   "description": "Harper/Fabric-specific rules for TypeScript component apps",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-harper-fabric/.codex-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-harper-fabric",
-  "version": "2.143.2",
+  "version": "2.144.0",
   "description": "Harper/Fabric-specific Lisa rules for TypeScript component apps.",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-harper-fabric-agy/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-harper-fabric",
-  "version": "2.143.2",
+  "version": "2.144.0",
   "description": "Harper/Fabric-specific rules for TypeScript component apps",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-harper-fabric-copilot/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-harper-fabric",
-  "version": "2.143.2",
+  "version": "2.144.0",
   "description": "Harper/Fabric-specific rules for TypeScript component apps",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-harper-fabric-cursor/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-harper-fabric",
-  "version": "2.143.2",
+  "version": "2.144.0",
   "description": "Harper/Fabric-specific rules for TypeScript component apps",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-nestjs/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-nestjs",
-  "version": "2.143.2",
+  "version": "2.144.0",
   "description": "NestJS-specific skills (GraphQL, TypeORM) and hooks (migration write-protection)",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-nestjs/.codex-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-nestjs",
-  "version": "2.143.2",
+  "version": "2.144.0",
   "description": "NestJS-specific skills and migration write-protection hooks.",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-nestjs-agy/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-nestjs",
-  "version": "2.143.2",
+  "version": "2.144.0",
   "description": "NestJS-specific skills (GraphQL, TypeORM) and hooks (migration write-protection)",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-nestjs-copilot/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-nestjs",
-  "version": "2.143.2",
+  "version": "2.144.0",
   "description": "NestJS-specific skills (GraphQL, TypeORM) and hooks (migration write-protection)",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-nestjs-cursor/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-nestjs",
-  "version": "2.143.2",
+  "version": "2.144.0",
   "description": "NestJS-specific skills (GraphQL, TypeORM) and hooks (migration write-protection)",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-openclaw/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-openclaw",
-  "version": "2.143.2",
+  "version": "2.144.0",
   "description": "Connect staff roles to Telegram or Slack via OpenClaw — facilitator/specialist hub-and-spoke routing and repo-coding topics, for Claude Code and Codex",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-openclaw/.codex-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-openclaw",
-  "version": "2.143.2",
+  "version": "2.144.0",
   "description": "Connect staff roles to Telegram or Slack via OpenClaw — facilitator/specialist hub-and-spoke routing and repo-coding topics, across Claude and Codex.",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-openclaw-agy/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-openclaw",
-  "version": "2.143.2",
+  "version": "2.144.0",
   "description": "Connect staff roles to Telegram or Slack via OpenClaw — facilitator/specialist hub-and-spoke routing and repo-coding topics, for Claude Code and Codex",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-openclaw-copilot/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-openclaw",
-  "version": "2.143.2",
+  "version": "2.144.0",
   "description": "Connect staff roles to Telegram or Slack via OpenClaw — facilitator/specialist hub-and-spoke routing and repo-coding topics, for Claude Code and Codex",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-openclaw-cursor/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-openclaw",
-  "version": "2.143.2",
+  "version": "2.144.0",
   "description": "Connect staff roles to Telegram or Slack via OpenClaw — facilitator/specialist hub-and-spoke routing and repo-coding topics, for Claude Code and Codex",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-rails/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-rails",
-  "version": "2.143.2",
+  "version": "2.144.0",
   "description": "Ruby on Rails-specific hooks — RuboCop linting/formatting and ast-grep scanning on edit",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-rails/.codex-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-rails",
-  "version": "2.143.2",
+  "version": "2.144.0",
   "description": "Ruby on Rails-specific skills and hooks for RuboCop and ast-grep scanning on edit.",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-rails-agy/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-rails",
-  "version": "2.143.2",
+  "version": "2.144.0",
   "description": "Ruby on Rails-specific hooks — RuboCop linting/formatting and ast-grep scanning on edit",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-rails-copilot/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-rails",
-  "version": "2.143.2",
+  "version": "2.144.0",
   "description": "Ruby on Rails-specific hooks — RuboCop linting/formatting and ast-grep scanning on edit",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-rails-cursor/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-rails",
-  "version": "2.143.2",
+  "version": "2.144.0",
   "description": "Ruby on Rails-specific hooks — RuboCop linting/formatting and ast-grep scanning on edit",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-typescript/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-typescript",
-  "version": "2.143.2",
+  "version": "2.144.0",
   "description": "TypeScript-specific hooks — Prettier formatting, ESLint linting, ast-grep scanning, and error-suppression blocking on edit",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-typescript/.codex-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-typescript",
-  "version": "2.143.2",
+  "version": "2.144.0",
   "description": "TypeScript-specific hooks for formatting, linting, and ast-grep scanning on edit.",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-typescript-agy/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-typescript",
-  "version": "2.143.2",
+  "version": "2.144.0",
   "description": "TypeScript-specific hooks — Prettier formatting, ESLint linting, ast-grep scanning, and error-suppression blocking on edit",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-typescript-copilot/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-typescript",
-  "version": "2.143.2",
+  "version": "2.144.0",
   "description": "TypeScript-specific hooks — Prettier formatting, ESLint linting, ast-grep scanning, and error-suppression blocking on edit",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-typescript-cursor/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-typescript",
-  "version": "2.143.2",
+  "version": "2.144.0",
   "description": "TypeScript-specific hooks — Prettier formatting, ESLint linting, ast-grep scanning, and error-suppression blocking on edit",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-wiki/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-wiki",
-  "version": "2.143.2",
+  "version": "2.144.0",
   "description": "LLM Wiki — a distributable, git-native markdown knowledge base for Claude Code and Codex",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-wiki/.codex-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-wiki",
-  "version": "2.143.2",
+  "version": "2.144.0",
   "description": "Distributable LLM Wiki kernel — ingest, query, lint, and maintain a git-native markdown knowledge base across Claude and Codex.",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-wiki/scripts/verify-wiki-safety.mjs

@@ -0,0 +1,116 @@
+#!/usr/bin/env node
+/**
+ * Pre-commit safety gate for generated wiki output.
+ *
+ * Scans only explicit wiki paths, or current git changes under the configured
+ * wiki root when no paths are passed. Reports safe metadata only.
+ */
+import { execFileSync } from "node:child_process";
+import fs from "node:fs";
+import path from "node:path";
+import { loadConfig } from "./_wiki-lib.mjs";
+import { scanWikiGeneratedFiles } from "./wiki-safety.mjs";
+
+const argv = process.argv.slice(2);
+const flag = name => argv.includes(name);
+const opt = name => {
+  const i = argv.indexOf(name);
+  return i !== -1 ? argv[i + 1] : undefined;
+};
+const repeated = name => {
+  const values = [];
+  for (let i = 0; i < argv.length; i += 1) {
+    if (argv[i] === name && argv[i + 1]) values.push(argv[i + 1]);
+  }
+  return values;
+};
+
+const { config } = loadConfig(opt("--config"));
+const wikiRoot = path.resolve(opt("--wiki") ?? config?.wikiRoot ?? "wiki");
+const asJson = flag("--json");
+const scanner = opt("--scanner") ?? "builtin";
+
+function commandExists(command) {
+  try {
+    execFileSync("sh", ["-c", `command -v ${command}`], {
+      stdio: "ignore",
+    });
+    return true;
+  } catch {
+    return false;
+  }
+}
+
+function gitChangedPaths() {
+  let out = "";
+  try {
+    out = execFileSync("git", ["status", "--porcelain=v1", "-z"], {
+      encoding: "utf8",
+    });
+  } catch {
+    return [];
+  }
+  const entries = out.split("\0").filter(Boolean);
+  const paths = [];
+  for (let i = 0; i < entries.length; i += 1) {
+    const entry = entries[i];
+    const status = entry.slice(0, 2);
+    const file = entry.slice(3);
+    if (!file || status.includes("D")) continue;
+    paths.push(file);
+    if (status[0] === "R" || status[0] === "C") i += 1;
+  }
+  return paths;
+}
+
+const explicitPaths = repeated("--path");
+const files = explicitPaths.length > 0 ? explicitPaths : gitChangedPaths();
+
+const externalScanner =
+  scanner === "gitleaks" || scanner === "trufflehog" ? scanner : undefined;
+const externalScannerMissing =
+  externalScanner !== undefined && !commandExists(externalScanner);
+
+const result = scanWikiGeneratedFiles(files, {
+  fsModule: fs,
+  pathModule: path,
+  wikiRoot,
+});
+
+const finalResult = {
+  ...result,
+  scanner: {
+    selected: scanner,
+    externalAvailable: externalScanner ? !externalScannerMissing : undefined,
+  },
+  ok: result.ok && !externalScannerMissing,
+  errors: [
+    ...result.errors,
+    ...(externalScannerMissing
+      ? [
+          {
+            file: path.relative(process.cwd(), wikiRoot) || ".",
+            message: `${externalScanner} scanner selected but unavailable`,
+          },
+        ]
+      : []),
+  ],
+};
+
+if (asJson) {
+  console.log(JSON.stringify(finalResult, null, 2));
+} else {
+  for (const finding of finalResult.findings) {
+    console.log(
+      `x [wiki-safety] possible ${finding.entityType} (${finding.confidence}) in ${finding.sourceId}; count=${finding.count}`
+    );
+  }
+  for (const error of finalResult.errors) {
+    console.log(`x [wiki-safety] ${error.message} (${error.file})`);
+  }
+  console.log(
+    `\n${finalResult.findings.length} finding${finalResult.findings.length === 1 ? "" : "s"}, ${finalResult.errors.length} error${finalResult.errors.length === 1 ? "" : "s"} across ${finalResult.scanned.length} wiki file${finalResult.scanned.length === 1 ? "" : "s"} — ${finalResult.ok ? "OK" : "BLOCKING"}`
+  );
+}
+
+process.exitCode = finalResult.ok ? 0 : 1;

package/plugins/lisa-wiki/scripts/wiki-safety.mjs

@@ -61,6 +61,19 @@ const PATTERNS = [
   },
 ];
 
+const TEXTISH_EXTS = new Set([
+  ".md",
+  ".mdx",
+  ".json",
+  ".jsonl",
+  ".txt",
+  ".yml",
+  ".yaml",
+  ".toml",
+  ".csv",
+  ".tsv",
+]);
+
 function luhnValid(candidate) {
   const digits = candidate.replace(/\D/g, "");
   if (digits.length < 13 || digits.length > 19) return false;
@@ -222,3 +235,68 @@ export function serializeWikiSafetyFindings(result) {
     2
   );
 }
+
+export function isWikiSafetyScanTarget(filePath, options = {}) {
+  const pathModule = options.pathModule;
+  if (!pathModule) {
+    throw new Error("isWikiSafetyScanTarget requires options.pathModule");
+  }
+  const wikiRoot = pathModule.resolve(options.wikiRoot ?? "wiki");
+  const resolved = pathModule.resolve(filePath);
+  const relative = pathModule.relative(wikiRoot, resolved);
+  if (
+    !relative ||
+    relative.startsWith("..") ||
+    pathModule.isAbsolute(relative)
+  ) {
+    return false;
+  }
+  const ext = pathModule.extname(resolved);
+  return TEXTISH_EXTS.has(ext);
+}
+
+export function scanWikiGeneratedFiles(files, options = {}) {
+  const fsModule = options.fsModule;
+  const pathModule = options.pathModule;
+  if (!fsModule || !pathModule) {
+    throw new Error("scanWikiGeneratedFiles requires fsModule and pathModule");
+  }
+
+  const wikiRoot = pathModule.resolve(options.wikiRoot ?? "wiki");
+  const candidates = [...new Set(files.map(file => pathModule.resolve(file)))]
+    .filter(file => isWikiSafetyScanTarget(file, { wikiRoot, pathModule }))
+    .sort();
+
+  const scanned = [];
+  const findings = [];
+  const errors = [];
+
+  for (const file of candidates) {
+    let text;
+    try {
+      if (!fsModule.existsSync(file) || !fsModule.statSync(file).isFile()) {
+        continue;
+      }
+      text = fsModule.readFileSync(file, "utf8");
+    } catch (error) {
+      errors.push({
+        file: pathModule.relative(process.cwd(), file),
+        message: error instanceof Error ? error.message : String(error),
+      });
+      continue;
+    }
+
+    const sourceId = pathModule.relative(wikiRoot, file);
+    scanned.push(sourceId);
+    const result = scanWikiSourceText(text, { sourceId });
+    findings.push(...result.findings);
+  }
+
+  return {
+    ok: findings.length === 0 && errors.length === 0,
+    wikiRoot: pathModule.relative(process.cwd(), wikiRoot) || ".",
+    scanned,
+    findings,
+    errors,
+  };
+}

package/plugins/lisa-wiki/skills/lisa-wiki-ingest/SKILL.md

@@ -64,6 +64,13 @@ writes nothing). The point is to ingest on top of fresh state, never stale state
 - Source-note-before-synthesis; state advanced **only** after verification.
 - Project-scoped only; memory ingestion never touches global/Codex-global stores.
 - Respect `sourceRetention` and `sensitivity`; do not invent facts.
+- Before advancing state or committing, run the generated-output safety gate
+  (`scripts/verify-wiki-safety.mjs`) against the wiki files/source notes produced by
+  the ingest. The default built-in scan blocks unredacted private keys, tokens, and
+  common financial/person identifiers without printing raw values. Projects may
+  select `--scanner gitleaks` for local parity with Gitleaks, and may use
+  `--scanner trufflehog` as a stricter optional verification pass when installed;
+  if a selected scanner is unavailable, keep the ingest blocked for review.
 - Connector execution and the connector contract are detailed in the connector skills (M2+); this
   router defines and enforces the ordering and side-effect rules above.
 

package/plugins/lisa-wiki-agy/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-wiki",
-  "version": "2.143.2",
+  "version": "2.144.0",
   "description": "LLM Wiki — a distributable, git-native markdown knowledge base for Claude Code and Codex",
   "author": {
     "name": "Cody Swann"