@codyswann/lisa 2.163.3 → 2.163.5

package/dist/cli/apply.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"apply.d.ts","sourceRoot":"","sources":["../../src/cli/apply.ts"],"names":[],"mappings":"AAeA,OAAO,EAAE,KAAK,UAAU,EAAsB,MAAM,qBAAqB,CAAC;AAsD1E;;;;;;;;;;GAUG;AACH,wBAAsB,QAAQ,CAC5B,WAAW,EAAE,MAAM,GAAG,SAAS,EAC/B,OAAO,EAAE,UAAU,GAClB,OAAO,CAAC,IAAI,CAAC,CAkEf"}
+{"version":3,"file":"apply.d.ts","sourceRoot":"","sources":["../../src/cli/apply.ts"],"names":[],"mappings":"AAgBA,OAAO,EAAE,KAAK,UAAU,EAAsB,MAAM,qBAAqB,CAAC;AAgG1E;;;;;;;;;;GAUG;AACH,wBAAsB,QAAQ,CAC5B,WAAW,EAAE,MAAM,GAAG,SAAS,EAC/B,OAAO,EAAE,UAAU,GAClB,OAAO,CAAC,IAAI,CAAC,CAiEf"}

package/dist/cli/apply.js

@@ -1,5 +1,6 @@
 import * as path from "node:path";
 import { fileURLToPath } from "node:url";
+import { getBootstrapApplySkipNotice } from "../core/bootstrap-environment.js";
 import { ACCEPTED_HARNESS_INPUTS } from "../core/config.js";
 import { Lisa } from "../core/lisa.js";
 import { projectConfigExists, readProjectConfig, resolveHarness, shouldPersistProjectConfig, writeProjectConfig, } from "../core/project-config.js";
@@ -42,6 +43,28 @@ function printUsageAndExit() {
     console.log("  lisa --harness=all .                 # Emit for every agent (alias for fleet)");
     process.exit(1);
 }
+/**
+ * Resolve the required destination argument or print the legacy usage error.
+ * @param destination - Destination argument from the CLI
+ * @returns Absolute destination path
+ */
+function resolveDestinationOrExit(destination) {
+    if (!destination) {
+        printUsageAndExit();
+    }
+    return toAbsolutePath(destination);
+}
+/**
+ * Persist the resolved harness when a real apply needs to backfill or update
+ * `.lisa.config.json`.
+ * @param destDir - Destination project directory
+ * @param input - Existing config state and resolved harness values
+ */
+async function persistProjectConfigIfNeeded(destDir, input) {
+    if (!shouldPersistProjectConfig(input))
+        return;
+    await writeProjectConfig(destDir, { harness: input.resolvedHarness });
+}
 /**
  * Apply Lisa to the given destination with the given options.
  *
@@ -54,12 +77,16 @@ function printUsageAndExit() {
  * @returns Promise that completes when Lisa finishes
  */
 export async function runApply(destination, options) {
-    if (!destination) {
-        printUsageAndExit();
-    }
     const dryRun = options.dryRun ?? options.validate ?? false;
     const yesMode = options.yes ?? false;
-    const destDir = toAbsolutePath(destination);
+    const validateOnly = options.validate ?? false;
+    const destDir = resolveDestinationOrExit(destination);
+    const logger = new ConsoleLogger();
+    const skipNotice = getBootstrapApplySkipNotice({ validateOnly });
+    if (skipNotice !== undefined) {
+        console.log(skipNotice);
+        return;
+    }
     // Resolve harness with precedence: CLI flag > .lisa.config.json > default
     const projectConfig = await readProjectConfig(destDir);
     const configFileExists = await projectConfigExists(destDir);
@@ -69,11 +96,10 @@ export async function runApply(destination, options) {
         destDir,
         dryRun,
         yesMode,
-        validateOnly: options.validate ?? false,
+        validateOnly,
         skipGitCheck: options.skipGitCheck ?? false,
         harness,
     };
-    const logger = new ConsoleLogger();
     const deps = createDependencies(dryRun, yesMode, logger);
     const lisa = new Lisa(config, deps);
     try {
@@ -89,15 +115,13 @@ export async function runApply(destination, options) {
         // resolved harness (the default when no --harness was passed) so no
         // project is left config-less; an existing file is only rewritten when
         // --harness actually changes the persisted value, avoiding churn.
-        if (!options.validate &&
-            !dryRun &&
-            shouldPersistProjectConfig({
+        if (!options.validate && !dryRun) {
+            await persistProjectConfigIfNeeded(destDir, {
                 fileExists: configFileExists,
                 flagHarness: options.harness,
                 existingHarness: projectConfig.harness,
                 resolvedHarness: harness,
-            })) {
-            await writeProjectConfig(destDir, { harness });
+            });
         }
         // After a real apply, surface (read-only) whether any locally-authored
         // agent definitions need cross-pollinating to the project's other agents.

package/dist/cli/apply.js.map

@@ -1 +1 @@
-{"version":3,"file":"apply.js","sourceRoot":"","sources":["../../src/cli/apply.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAClC,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAEzC,OAAO,EAAE,uBAAuB,EAAE,MAAM,mBAAmB,CAAC;AAC5D,OAAO,EAAE,IAAI,EAAE,MAAM,iBAAiB,CAAC;AACvC,OAAO,EACL,mBAAmB,EACnB,iBAAiB,EACjB,cAAc,EACd,0BAA0B,EAC1B,kBAAkB,GACnB,MAAM,2BAA2B,CAAC;AACnC,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,cAAc,EAAE,MAAM,wBAAwB,CAAC;AACxD,OAAO,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AACjE,OAAO,EAAmB,kBAAkB,EAAE,MAAM,qBAAqB,CAAC;AAE1E,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;AAE/D;;;GAGG;AACH,SAAS,UAAU;IACjB,sCAAsC;IACtC,OAAO,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;AAC7C,CAAC;AAED;;GAEG;AACH,SAAS,iBAAiB;IACxB,OAAO,CAAC,KAAK,CAAC,qCAAqC,CAAC,CAAC;IACrD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAChB,OAAO,CAAC,GAAG,CAAC,0CAA0C,CAAC,CAAC;IACxD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAChB,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IACxB,OAAO,CAAC,GAAG,CACT,oEAAoE,CACrE,CAAC;IACF,OAAO,CAAC,GAAG,CACT,wFAAwF,CACzF,CAAC;IACF,OAAO,CAAC,GAAG,CACT,6EAA6E,CAC9E,CAAC;IACF,OAAO,CAAC,GAAG,CACT,kFAAkF,CACnF,CAAC;IACF,OAAO,CAAC,GAAG,CAAC,uDAAuD,CAAC,CAAC;IACrE,OAAO,CAAC,GAAG,CACT,6DAA6D,uBAAuB,CAAC,IAAI,CAAC,KAAK,CAAC,mCAAmC,CACpI,CAAC;IACF,OAAO,CAAC,GAAG,CAAC,4CAA4C,CAAC,CAAC;IAC1D,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAChB,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;IACzB,OAAO,CAAC,GAAG,CAAC,4BAA4B,CAAC,CAAC;IAC1C,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,CAAC;IAClC,OAAO,CAAC,GAAG,CAAC,+DAA+D,CAAC,CAAC;IAC7E,OAAO,CAAC,GAAG,CACT,mEAAmE,CACpE,CAAC;IACF,OAAO,CAAC,GAAG,CAAC,+DAA+D,CAAC,CAAC;IAC7E,OAAO,CAAC,GAAG,CACT,iFAAiF,CAClF,CAAC;IACF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC;AAED;;;;;;;;;;GAUG;AACH,MAAM,CAAC,KAAK,UAAU,QAAQ,CAC5B,WAA+B,EAC/B,OAAmB;IAEnB,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,iBAAiB,EAAE,CAAC;IACtB,CAAC;IAED,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,IAAI,OAAO,CAAC,QAAQ,IAAI,KAAK,CAAC;IAC3D,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,IAAI,KAAK,CAAC;IACrC,MAAM,OAAO,GAAG,cAAc,CAAC,WAAW,CAAC,CAAC;IAE5C,0EAA0E;IAC1E,MAAM,aAAa,GAAG,MAAM,iBAAiB,CAAC,OAAO,CAAC,CAAC;IACvD,MAAM,gBAAgB,GAAG,MAAM,mBAAmB,CAAC,OAAO,CAAC,CAAC;IAC5D,MAAM,OAAO,GAAG,cAAc,CAAC,OAAO,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;IAE/D,MAAM,MAAM,GAAe;QACzB,OAAO,EAAE,UAAU,EAAE;QACrB,OAAO;QACP,MAAM;QACN,OAAO;QACP,YAAY,EAAE,OAAO,CAAC,QAAQ,IAAI,KAAK;QACvC,YAAY,EAAE,OAAO,CAAC,YAAY,IAAI,KAAK;QAC3C,OAAO;KACR,CAAC;IAEF,MAAM,MAAM,GAAG,IAAI,aAAa,EAAE,CAAC;IACnC,MAAM,IAAI,GAAG,kBAAkB,CAAC,MAAM,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;IACzD,MAAM,IAAI,GAAG,IAAI,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;IAEpC,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,OAAO,CAAC,QAAQ;YAC7B,CAAC,CAAC,MAAM,IAAI,CAAC,QAAQ,EAAE;YACvB,CAAC,CAAC,MAAM,IAAI,CAAC,KAAK,EAAE,CAAC;QAEvB,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACpB,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC;YACpD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QAED,mEAAmE;QACnE,oEAAoE;QACpE,oEAAoE;QACpE,uEAAuE;QACvE,kEAAkE;QAClE,IACE,CAAC,OAAO,CAAC,QAAQ;YACjB,CAAC,MAAM;YACP,0BAA0B,CAAC;gBACzB,UAAU,EAAE,gBAAgB;gBAC5B,WAAW,EAAE,OAAO,CAAC,OAAO;gBAC5B,eAAe,EAAE,aAAa,CAAC,OAAO;gBACtC,eAAe,EAAE,OAAO;aACzB,CAAC,EACF,CAAC;YACD,MAAM,kBAAkB,CAAC,OAAO,EAAE,EAAE,OAAO,EAAE,CAAC,CAAC;QACjD,CAAC;QAED,uEAAuE;QACvE,0EAA0E;QAC1E,wEAAwE;QACxE,IAAI,CAAC,OAAO,CAAC,QAAQ,IAAI,CAAC,MAAM,EAAE,CAAC;YACjC,MAAM,mBAAmB,CAAC,OAAO,EAAE,UAAU,EAAE,EAAE,MAAM,CAAC,CAAC;QAC3D,CAAC;IACH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,CAAC,KAAK,CAAC,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;QACrE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC"}
+{"version":3,"file":"apply.js","sourceRoot":"","sources":["../../src/cli/apply.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAClC,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAEzC,OAAO,EAAE,2BAA2B,EAAE,MAAM,kCAAkC,CAAC;AAC/E,OAAO,EAAE,uBAAuB,EAAE,MAAM,mBAAmB,CAAC;AAC5D,OAAO,EAAE,IAAI,EAAE,MAAM,iBAAiB,CAAC;AACvC,OAAO,EACL,mBAAmB,EACnB,iBAAiB,EACjB,cAAc,EACd,0BAA0B,EAC1B,kBAAkB,GACnB,MAAM,2BAA2B,CAAC;AACnC,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,cAAc,EAAE,MAAM,wBAAwB,CAAC;AACxD,OAAO,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AACjE,OAAO,EAAmB,kBAAkB,EAAE,MAAM,qBAAqB,CAAC;AAE1E,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;AAkB/D;;;GAGG;AACH,SAAS,UAAU;IACjB,sCAAsC;IACtC,OAAO,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;AAC7C,CAAC;AAED;;GAEG;AACH,SAAS,iBAAiB;IACxB,OAAO,CAAC,KAAK,CAAC,qCAAqC,CAAC,CAAC;IACrD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAChB,OAAO,CAAC,GAAG,CAAC,0CAA0C,CAAC,CAAC;IACxD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAChB,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IACxB,OAAO,CAAC,GAAG,CACT,oEAAoE,CACrE,CAAC;IACF,OAAO,CAAC,GAAG,CACT,wFAAwF,CACzF,CAAC;IACF,OAAO,CAAC,GAAG,CACT,6EAA6E,CAC9E,CAAC;IACF,OAAO,CAAC,GAAG,CACT,kFAAkF,CACnF,CAAC;IACF,OAAO,CAAC,GAAG,CAAC,uDAAuD,CAAC,CAAC;IACrE,OAAO,CAAC,GAAG,CACT,6DAA6D,uBAAuB,CAAC,IAAI,CAAC,KAAK,CAAC,mCAAmC,CACpI,CAAC;IACF,OAAO,CAAC,GAAG,CAAC,4CAA4C,CAAC,CAAC;IAC1D,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAChB,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;IACzB,OAAO,CAAC,GAAG,CAAC,4BAA4B,CAAC,CAAC;IAC1C,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,CAAC;IAClC,OAAO,CAAC,GAAG,CAAC,+DAA+D,CAAC,CAAC;IAC7E,OAAO,CAAC,GAAG,CACT,mEAAmE,CACpE,CAAC;IACF,OAAO,CAAC,GAAG,CAAC,+DAA+D,CAAC,CAAC;IAC7E,OAAO,CAAC,GAAG,CACT,iFAAiF,CAClF,CAAC;IACF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC;AAED;;;;GAIG;AACH,SAAS,wBAAwB,CAAC,WAA+B;IAC/D,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,iBAAiB,EAAE,CAAC;IACtB,CAAC;IACD,OAAO,cAAc,CAAC,WAAW,CAAC,CAAC;AACrC,CAAC;AAED;;;;;GAKG;AACH,KAAK,UAAU,4BAA4B,CACzC,OAAe,EACf,KAAoC;IAEpC,IAAI,CAAC,0BAA0B,CAAC,KAAK,CAAC;QAAE,OAAO;IAC/C,MAAM,kBAAkB,CAAC,OAAO,EAAE,EAAE,OAAO,EAAE,KAAK,CAAC,eAAe,EAAE,CAAC,CAAC;AACxE,CAAC;AAED;;;;;;;;;;GAUG;AACH,MAAM,CAAC,KAAK,UAAU,QAAQ,CAC5B,WAA+B,EAC/B,OAAmB;IAEnB,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,IAAI,OAAO,CAAC,QAAQ,IAAI,KAAK,CAAC;IAC3D,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,IAAI,KAAK,CAAC;IACrC,MAAM,YAAY,GAAG,OAAO,CAAC,QAAQ,IAAI,KAAK,CAAC;IAC/C,MAAM,OAAO,GAAG,wBAAwB,CAAC,WAAW,CAAC,CAAC;IACtD,MAAM,MAAM,GAAG,IAAI,aAAa,EAAE,CAAC;IAEnC,MAAM,UAAU,GAAG,2BAA2B,CAAC,EAAE,YAAY,EAAE,CAAC,CAAC;IACjE,IAAI,UAAU,KAAK,SAAS,EAAE,CAAC;QAC7B,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QACxB,OAAO;IACT,CAAC;IAED,0EAA0E;IAC1E,MAAM,aAAa,GAAG,MAAM,iBAAiB,CAAC,OAAO,CAAC,CAAC;IACvD,MAAM,gBAAgB,GAAG,MAAM,mBAAmB,CAAC,OAAO,CAAC,CAAC;IAC5D,MAAM,OAAO,GAAG,cAAc,CAAC,OAAO,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;IAE/D,MAAM,MAAM,GAAe;QACzB,OAAO,EAAE,UAAU,EAAE;QACrB,OAAO;QACP,MAAM;QACN,OAAO;QACP,YAAY;QACZ,YAAY,EAAE,OAAO,CAAC,YAAY,IAAI,KAAK;QAC3C,OAAO;KACR,CAAC;IAEF,MAAM,IAAI,GAAG,kBAAkB,CAAC,MAAM,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;IACzD,MAAM,IAAI,GAAG,IAAI,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;IAEpC,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,OAAO,CAAC,QAAQ;YAC7B,CAAC,CAAC,MAAM,IAAI,CAAC,QAAQ,EAAE;YACvB,CAAC,CAAC,MAAM,IAAI,CAAC,KAAK,EAAE,CAAC;QAEvB,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACpB,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC;YACpD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QAED,mEAAmE;QACnE,oEAAoE;QACpE,oEAAoE;QACpE,uEAAuE;QACvE,kEAAkE;QAClE,IAAI,CAAC,OAAO,CAAC,QAAQ,IAAI,CAAC,MAAM,EAAE,CAAC;YACjC,MAAM,4BAA4B,CAAC,OAAO,EAAE;gBAC1C,UAAU,EAAE,gBAAgB;gBAC5B,WAAW,EAAE,OAAO,CAAC,OAAO;gBAC5B,eAAe,EAAE,aAAa,CAAC,OAAO;gBACtC,eAAe,EAAE,OAAO;aACzB,CAAC,CAAC;QACL,CAAC;QAED,uEAAuE;QACvE,0EAA0E;QAC1E,wEAAwE;QACxE,IAAI,CAAC,OAAO,CAAC,QAAQ,IAAI,CAAC,MAAM,EAAE,CAAC;YACjC,MAAM,mBAAmB,CAAC,OAAO,EAAE,UAAU,EAAE,EAAE,MAAM,CAAC,CAAC;QAC3D,CAAC;IACH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,CAAC,KAAK,CAAC,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;QACrE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC"}

package/dist/codex/scripts/block-no-verify.sh

@@ -2,10 +2,10 @@
 # Lisa-managed Codex hook script (PreToolUse Bash).
 # Blocks git commands that bypass verification hooks: the --no-verify long flag,
 # HUSKY=0 / HUSKY_SKIP_HOOKS= (disables husky hooks), and core.hooksPath pointed
-# at /dev/null or set empty (disables all git hooks). The short `-n` form is
-# intentionally NOT matched (parity with block-no-verify.sh / .agy.sh): grep
-# cannot distinguish it from -n in commit-message prose or an unrelated piped
-# command, and -n is far more common than --no-verify.
+# at /dev/null or set empty (disables all git hooks). Shell-token matching
+# avoids false positives from issue bodies, heredocs, and commit-message prose
+# while still catching quoted real argv values such as
+# `git -c "core.hooksPath=/dev/null"`.
 set -euo pipefail
 
 input="$(cat 2>/dev/null || true)"
@@ -18,11 +18,65 @@ tool_name="$(printf '%s' "$input" | jq -r '.tool_name // empty' 2>/dev/null || t
 command_str="$(printf '%s' "$input" | jq -r '.tool_input.command // empty' 2>/dev/null || true)"
 [ -n "$command_str" ] || exit 0
 
-if printf '%s' "$command_str" | grep -Eq '(^|[^[:alnum:]_-])--no-verify($|[^[:alnum:]_-])' \
-  || printf '%s' "$command_str" | grep -Eq '(^|[^[:alnum:]_-])HUSKY=0($|[^[:alnum:]])' \
-  || printf '%s' "$command_str" | grep -Eq '(^|[^[:alnum:]_-])HUSKY_SKIP_HOOKS=' \
-  || printf '%s' "$command_str" | grep -Eq 'core\.hooksPath([[:space:]]*=)?[[:space:]]*/dev/null' \
-  || printf '%s' "$command_str" | grep -Eq 'core\.hooksPath[[:space:]]*=[[:space:]]*($|[[:space:];&|"'\''])'; then
+command -v python3 >/dev/null 2>&1 || exit 0
+
+if ! BLOCK_NO_VERIFY_COMMAND="$command_str" python3 - <<'PY'
+import os
+import re
+import shlex
+import sys
+
+command = os.environ.get("BLOCK_NO_VERIFY_COMMAND", "")
+
+
+def strip_heredocs(text: str) -> str:
+    lines = text.splitlines()
+    output = []
+    pending = []
+    marker_pattern = re.compile(
+        r"<<-?\s*(?:'([^']+)'|\"([^\"]+)\"|([A-Za-z_][A-Za-z0-9_]*))"
+    )
+    index = 0
+    while index < len(lines):
+        line = lines[index]
+        output.append(line)
+        pending.extend(
+            next(group for group in match.groups() if group)
+            for match in marker_pattern.finditer(line)
+        )
+        index += 1
+        while pending and index < len(lines):
+            if lines[index].strip() == pending[0]:
+                output.append(lines[index])
+                pending.pop(0)
+                index += 1
+                break
+            index += 1
+    return "\n".join(output)
+
+
+try:
+    tokens = shlex.split(strip_heredocs(command), posix=True)
+except ValueError:
+    sys.exit(0)
+
+normalized_tokens = [token.strip("();|&") for token in tokens]
+
+for i, token in enumerate(normalized_tokens):
+    if token == "--no-verify":
+        sys.exit(1)
+    if token == "HUSKY=0" or token.startswith("HUSKY_SKIP_HOOKS="):
+        sys.exit(1)
+    if token.startswith("core.hooksPath="):
+        value = token.split("=", 1)[1]
+        if value in ("", "/dev/null"):
+            sys.exit(1)
+    if token == "core.hooksPath" and i + 1 < len(normalized_tokens) and normalized_tokens[i + 1] in ("", "/dev/null"):
+        sys.exit(1)
+
+sys.exit(0)
+PY
+then
   jq -n '{
     "hookSpecificOutput": {
       "hookEventName": "PreToolUse",

package/dist/core/bootstrap-environment.d.ts

@@ -0,0 +1,32 @@
+export declare const LISA_BOOTSTRAP_ENV = "LISA_BOOTSTRAP";
+export declare const BUILD_ENV_FINGERPRINTS: readonly string[];
+export declare const BOOTSTRAP_SKIP_NOTICE = "lisa: skipped (non-interactive environment; set LISA_BOOTSTRAP=1 to force)";
+/**
+ * Runtime state used by the bootstrap guard.
+ */
+export interface BootstrapEnvironment {
+    /** Environment variables visible to the current process. */
+    readonly env: NodeJS.ProcessEnv;
+    /** Whether stdin is attached to an interactive TTY. */
+    readonly stdinIsTTY: boolean;
+}
+/**
+ * Options for deciding whether the apply entry point should be skipped.
+ */
+export interface BootstrapGuardOptions {
+    /** Whether the caller requested validate-only mode. */
+    readonly validateOnly: boolean;
+    /** Injectable runtime state for tests. Defaults to the current process. */
+    readonly environment?: BootstrapEnvironment;
+}
+/**
+ * Decide whether the Lisa apply entry point should refuse to run.
+ *
+ * Validate mode is intentionally exempt because it never writes project files.
+ * Real apply must be explicitly opted in when running without a TTY or under a
+ * known build-system fingerprint.
+ * @param options - Guard options and injectable runtime state
+ * @returns The skip notice when apply should be skipped, otherwise undefined
+ */
+export declare function getBootstrapApplySkipNotice(options: BootstrapGuardOptions): string | undefined;
+//# sourceMappingURL=bootstrap-environment.d.ts.map

package/dist/core/bootstrap-environment.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"bootstrap-environment.d.ts","sourceRoot":"","sources":["../../src/core/bootstrap-environment.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,kBAAkB,mBAAmB,CAAC;AAEnD,eAAO,MAAM,sBAAsB,EAAE,SAAS,MAAM,EAUnD,CAAC;AAEF,eAAO,MAAM,qBAAqB,+EAC4C,CAAC;AAE/E;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACnC,4DAA4D;IAC5D,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC,UAAU,CAAC;IAChC,uDAAuD;IACvD,QAAQ,CAAC,UAAU,EAAE,OAAO,CAAC;CAC9B;AAED;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACpC,uDAAuD;IACvD,QAAQ,CAAC,YAAY,EAAE,OAAO,CAAC;IAC/B,2EAA2E;IAC3E,QAAQ,CAAC,WAAW,CAAC,EAAE,oBAAoB,CAAC;CAC7C;AAaD;;;;;;;;GAQG;AACH,wBAAgB,2BAA2B,CACzC,OAAO,EAAE,qBAAqB,GAC7B,MAAM,GAAG,SAAS,CAoBpB"}

package/dist/core/bootstrap-environment.js

@@ -0,0 +1,51 @@
+export const LISA_BOOTSTRAP_ENV = "LISA_BOOTSTRAP";
+export const BUILD_ENV_FINGERPRINTS = [
+    "CI",
+    "CODEBUILD_BUILD_ID",
+    "GITHUB_ACTIONS",
+    "EAS_BUILD",
+    "VERCEL",
+    "BUILDKITE",
+    "JENKINS_URL",
+    "AMPLIFY_APP_ID",
+    "AWS_BRANCH",
+];
+export const BOOTSTRAP_SKIP_NOTICE = "lisa: skipped (non-interactive environment; set LISA_BOOTSTRAP=1 to force)";
+/**
+ * Read process.env through one explicit, reviewable exception to the app-template
+ * config access ban. Lisa's CLI bootstrap guard must inspect externally supplied
+ * build-system fingerprints before any project config is available.
+ * @returns The current process environment
+ */
+function readProcessEnv() {
+    // eslint-disable-next-line no-restricted-syntax -- CLI bootstrap guard must read externally supplied build env vars once
+    return process.env;
+}
+/**
+ * Decide whether the Lisa apply entry point should refuse to run.
+ *
+ * Validate mode is intentionally exempt because it never writes project files.
+ * Real apply must be explicitly opted in when running without a TTY or under a
+ * known build-system fingerprint.
+ * @param options - Guard options and injectable runtime state
+ * @returns The skip notice when apply should be skipped, otherwise undefined
+ */
+export function getBootstrapApplySkipNotice(options) {
+    if (options.validateOnly)
+        return undefined;
+    const environment = options.environment ?? {
+        env: readProcessEnv(),
+        stdinIsTTY: process.stdin.isTTY === true,
+    };
+    if (environment.env[LISA_BOOTSTRAP_ENV] === "1")
+        return undefined;
+    const hasBuildEnvFingerprint = BUILD_ENV_FINGERPRINTS.some(name => {
+        const value = environment.env[name];
+        return value !== undefined && value !== "";
+    });
+    if (!environment.stdinIsTTY || hasBuildEnvFingerprint) {
+        return BOOTSTRAP_SKIP_NOTICE;
+    }
+    return undefined;
+}
+//# sourceMappingURL=bootstrap-environment.js.map

package/dist/core/bootstrap-environment.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"bootstrap-environment.js","sourceRoot":"","sources":["../../src/core/bootstrap-environment.ts"],"names":[],"mappings":"AAAA,MAAM,CAAC,MAAM,kBAAkB,GAAG,gBAAgB,CAAC;AAEnD,MAAM,CAAC,MAAM,sBAAsB,GAAsB;IACvD,IAAI;IACJ,oBAAoB;IACpB,gBAAgB;IAChB,WAAW;IACX,QAAQ;IACR,WAAW;IACX,aAAa;IACb,gBAAgB;IAChB,YAAY;CACb,CAAC;AAEF,MAAM,CAAC,MAAM,qBAAqB,GAChC,4EAA4E,CAAC;AAsB/E;;;;;GAKG;AACH,SAAS,cAAc;IACrB,yHAAyH;IACzH,OAAO,OAAO,CAAC,GAAG,CAAC;AACrB,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,2BAA2B,CACzC,OAA8B;IAE9B,IAAI,OAAO,CAAC,YAAY;QAAE,OAAO,SAAS,CAAC;IAE3C,MAAM,WAAW,GAAG,OAAO,CAAC,WAAW,IAAI;QACzC,GAAG,EAAE,cAAc,EAAE;QACrB,UAAU,EAAE,OAAO,CAAC,KAAK,CAAC,KAAK,KAAK,IAAI;KACzC,CAAC;IAEF,IAAI,WAAW,CAAC,GAAG,CAAC,kBAAkB,CAAC,KAAK,GAAG;QAAE,OAAO,SAAS,CAAC;IAElE,MAAM,sBAAsB,GAAG,sBAAsB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;QAChE,MAAM,KAAK,GAAG,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QACpC,OAAO,KAAK,KAAK,SAAS,IAAI,KAAK,KAAK,EAAE,CAAC;IAC7C,CAAC,CAAC,CAAC;IAEH,IAAI,CAAC,WAAW,CAAC,UAAU,IAAI,sBAAsB,EAAE,CAAC;QACtD,OAAO,qBAAqB,CAAC;IAC/B,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC"}

package/dist/core/index.d.ts

@@ -1,3 +1,4 @@
 export * from "./config.js";
+export * from "./bootstrap-environment.js";
 export { Lisa, type LisaDependencies } from "./lisa.js";
 //# sourceMappingURL=index.d.ts.map

package/dist/core/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/core/index.ts"],"names":[],"mappings":"AAAA,cAAc,aAAa,CAAC;AAC5B,OAAO,EAAE,IAAI,EAAE,KAAK,gBAAgB,EAAE,MAAM,WAAW,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/core/index.ts"],"names":[],"mappings":"AAAA,cAAc,aAAa,CAAC;AAC5B,cAAc,4BAA4B,CAAC;AAC3C,OAAO,EAAE,IAAI,EAAE,KAAK,gBAAgB,EAAE,MAAM,WAAW,CAAC"}

package/dist/core/index.js

@@ -1,3 +1,4 @@
 export * from "./config.js";
+export * from "./bootstrap-environment.js";
 export { Lisa } from "./lisa.js";
 //# sourceMappingURL=index.js.map

package/dist/core/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/core/index.ts"],"names":[],"mappings":"AAAA,cAAc,aAAa,CAAC;AAC5B,OAAO,EAAE,IAAI,EAAyB,MAAM,WAAW,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/core/index.ts"],"names":[],"mappings":"AAAA,cAAc,aAAa,CAAC;AAC5B,cAAc,4BAA4B,CAAC;AAC3C,OAAO,EAAE,IAAI,EAAyB,MAAM,WAAW,CAAC"}

package/package.json

@@ -85,7 +85,7 @@
     "lodash": ">=4.18.1"
   },
   "name": "@codyswann/lisa",
-  "version": "2.163.3",
+  "version": "2.163.5",
   "description": "Claude Code governance framework that applies guardrails, guidance, and automated enforcement to projects",
   "main": "dist/index.js",
   "exports": {

package/plugins/lisa/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa",
-  "version": "2.163.3",
+  "version": "2.163.5",
   "description": "Universal governance — agents, skills, commands, hooks, and rules for all projects",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa/.codex-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa",
-  "version": "2.163.3",
+  "version": "2.163.5",
   "description": "Universal governance: agents, skills, commands, hooks, and rules for all projects.",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa/hooks/block-no-verify.agy.sh

@@ -3,8 +3,9 @@
 # git quality gates (exact parity with the Claude block-no-verify.sh): the
 # `--no-verify` long flag, `HUSKY=0`/`HUSKY_SKIP_HOOKS=` (disables husky hooks),
 # and `core.hooksPath` pointed at /dev/null or set empty (disables all git
-# hooks). The short `-n` form is intentionally NOT matched, to avoid false
-# positives (see the matching block below).
+# hooks). Shell-token matching avoids false positives from issue bodies,
+# heredocs, and commit-message prose while still catching quoted real argv
+# values such as `git -c "core.hooksPath=/dev/null"`.
 #
 # agy protocol (distinct from the Claude block-no-verify.sh exit-code protocol):
 #   - stdin  = JSON: { "toolCall": { "name": "run_command",
@@ -34,17 +35,65 @@ input="$(cat 2>/dev/null || true)"
 command_str="$(printf '%s' "$input" | jq -r '.toolCall.args.CommandLine // empty' 2>/dev/null || true)"
 [ -z "$command_str" ] && allow
 
-# Each pattern is bounded so longer flags (--no-verify-ssl) and legit values
-# (core.hooksPath=.husky, HUSKY=1) don't match, while every syntactic position
-# is caught (incl. subshells). Exact parity with the Claude block-no-verify.sh.
-# The short `-n` form is intentionally NOT matched — `-n` appears in commit
-# message prose (`git commit -m "fix -n flag"`) and unrelated piped commands
-# (`sort -n x; git commit`), so guarding it false-positives on valid work.
-if printf '%s' "$command_str" | grep -Eq '(^|[^[:alnum:]_-])--no-verify($|[^[:alnum:]_-])' \
-  || printf '%s' "$command_str" | grep -Eq '(^|[^[:alnum:]_-])HUSKY=0($|[^[:alnum:]])' \
-  || printf '%s' "$command_str" | grep -Eq '(^|[^[:alnum:]_-])HUSKY_SKIP_HOOKS=' \
-  || printf '%s' "$command_str" | grep -Eq 'core\.hooksPath([[:space:]]*=)?[[:space:]]*/dev/null' \
-  || printf '%s' "$command_str" | grep -Eq 'core\.hooksPath[[:space:]]*=[[:space:]]*($|[[:space:];&|"'\''])'; then
+command -v python3 >/dev/null 2>&1 || allow
+
+if ! BLOCK_NO_VERIFY_COMMAND="$command_str" python3 - <<'PY'
+import os
+import re
+import shlex
+import sys
+
+command = os.environ.get("BLOCK_NO_VERIFY_COMMAND", "")
+
+
+def strip_heredocs(text: str) -> str:
+    lines = text.splitlines()
+    output = []
+    pending = []
+    marker_pattern = re.compile(
+        r"<<-?\s*(?:'([^']+)'|\"([^\"]+)\"|([A-Za-z_][A-Za-z0-9_]*))"
+    )
+    index = 0
+    while index < len(lines):
+        line = lines[index]
+        output.append(line)
+        pending.extend(
+            next(group for group in match.groups() if group)
+            for match in marker_pattern.finditer(line)
+        )
+        index += 1
+        while pending and index < len(lines):
+            if lines[index].strip() == pending[0]:
+                output.append(lines[index])
+                pending.pop(0)
+                index += 1
+                break
+            index += 1
+    return "\n".join(output)
+
+
+try:
+    tokens = shlex.split(strip_heredocs(command), posix=True)
+except ValueError:
+    sys.exit(0)
+
+normalized_tokens = [token.strip("();|&") for token in tokens]
+
+for i, token in enumerate(normalized_tokens):
+    if token == "--no-verify":
+        sys.exit(1)
+    if token == "HUSKY=0" or token.startswith("HUSKY_SKIP_HOOKS="):
+        sys.exit(1)
+    if token.startswith("core.hooksPath="):
+        value = token.split("=", 1)[1]
+        if value in ("", "/dev/null"):
+            sys.exit(1)
+    if token == "core.hooksPath" and i + 1 < len(normalized_tokens) and normalized_tokens[i + 1] in ("", "/dev/null"):
+        sys.exit(1)
+
+sys.exit(0)
+PY
+then
   deny
 fi
 

package/plugins/lisa/hooks/block-no-verify.sh

@@ -9,8 +9,9 @@
 #   2. HUSKY=0 / HUSKY_SKIP_HOOKS=... — disables husky-managed git hooks;
 #   3. core.hooksPath pointed at /dev/null or set empty — disables ALL git hooks.
 #
-# Word-boundary matching avoids false positives on longer flags (--no-verify-ssl,
-# --no-verify-host) and on a legit custom hooks path (core.hooksPath=.husky).
+# Shell-token matching avoids false positives from issue bodies, heredocs, and
+# commit-message prose while still catching quoted real argv values such as
+# `git -c "core.hooksPath=/dev/null"`.
 #
 # The short `-n` form is intentionally NOT matched (see block-no-verify.agy.sh):
 # grep cannot distinguish a real -n option from -n in commit-message prose or an
@@ -29,14 +30,65 @@ if [ -z "$command_str" ]; then
   exit 0
 fi
 
-# Each pattern is bounded by non-token characters so longer flags
-# (--no-verify-ssl) and legit values (core.hooksPath=.husky, HUSKY=1) don't match,
-# while every syntactic position is caught (incl. subshells, e.g. `(git commit --no-verify)`).
-if printf '%s' "$command_str" | grep -Eq '(^|[^[:alnum:]_-])--no-verify($|[^[:alnum:]_-])' \
-  || printf '%s' "$command_str" | grep -Eq '(^|[^[:alnum:]_-])HUSKY=0($|[^[:alnum:]])' \
-  || printf '%s' "$command_str" | grep -Eq '(^|[^[:alnum:]_-])HUSKY_SKIP_HOOKS=' \
-  || printf '%s' "$command_str" | grep -Eq 'core\.hooksPath([[:space:]]*=)?[[:space:]]*/dev/null' \
-  || printf '%s' "$command_str" | grep -Eq 'core\.hooksPath[[:space:]]*=[[:space:]]*($|[[:space:];&|"'\''])'; then
+command -v python3 >/dev/null 2>&1 || exit 0
+
+if ! BLOCK_NO_VERIFY_COMMAND="$command_str" python3 - <<'PY'
+import os
+import re
+import shlex
+import sys
+
+command = os.environ.get("BLOCK_NO_VERIFY_COMMAND", "")
+
+
+def strip_heredocs(text: str) -> str:
+    lines = text.splitlines()
+    output = []
+    pending = []
+    marker_pattern = re.compile(
+        r"<<-?\s*(?:'([^']+)'|\"([^\"]+)\"|([A-Za-z_][A-Za-z0-9_]*))"
+    )
+    index = 0
+    while index < len(lines):
+        line = lines[index]
+        output.append(line)
+        pending.extend(
+            next(group for group in match.groups() if group)
+            for match in marker_pattern.finditer(line)
+        )
+        index += 1
+        while pending and index < len(lines):
+            if lines[index].strip() == pending[0]:
+                output.append(lines[index])
+                pending.pop(0)
+                index += 1
+                break
+            index += 1
+    return "\n".join(output)
+
+
+try:
+    tokens = shlex.split(strip_heredocs(command), posix=True)
+except ValueError:
+    sys.exit(0)
+
+normalized_tokens = [token.strip("();|&") for token in tokens]
+
+for i, token in enumerate(normalized_tokens):
+    if token == "--no-verify":
+        sys.exit(1)
+    if token == "HUSKY=0" or token.startswith("HUSKY_SKIP_HOOKS="):
+        sys.exit(1)
+    if token.startswith("core.hooksPath="):
+        value = token.split("=", 1)[1]
+        if value in ("", "/dev/null"):
+            sys.exit(1)
+    if token == "core.hooksPath" and i + 1 < len(normalized_tokens) and normalized_tokens[i + 1] in ("", "/dev/null"):
+        sys.exit(1)
+
+sys.exit(0)
+PY
+then
   cat >&2 <<'EOF'
 Blocked: this command bypasses pre-commit/pre-push hooks (--no-verify, HUSKY=0,
 or core.hooksPath disabling). Fix the underlying issue (lint error, failing

package/plugins/lisa-agy/hooks/block-no-verify.agy.sh

@@ -3,8 +3,9 @@
 # git quality gates (exact parity with the Claude block-no-verify.sh): the
 # `--no-verify` long flag, `HUSKY=0`/`HUSKY_SKIP_HOOKS=` (disables husky hooks),
 # and `core.hooksPath` pointed at /dev/null or set empty (disables all git
-# hooks). The short `-n` form is intentionally NOT matched, to avoid false
-# positives (see the matching block below).
+# hooks). Shell-token matching avoids false positives from issue bodies,
+# heredocs, and commit-message prose while still catching quoted real argv
+# values such as `git -c "core.hooksPath=/dev/null"`.
 #
 # agy protocol (distinct from the Claude block-no-verify.sh exit-code protocol):
 #   - stdin  = JSON: { "toolCall": { "name": "run_command",
@@ -34,17 +35,65 @@ input="$(cat 2>/dev/null || true)"
 command_str="$(printf '%s' "$input" | jq -r '.toolCall.args.CommandLine // empty' 2>/dev/null || true)"
 [ -z "$command_str" ] && allow
 
-# Each pattern is bounded so longer flags (--no-verify-ssl) and legit values
-# (core.hooksPath=.husky, HUSKY=1) don't match, while every syntactic position
-# is caught (incl. subshells). Exact parity with the Claude block-no-verify.sh.
-# The short `-n` form is intentionally NOT matched — `-n` appears in commit
-# message prose (`git commit -m "fix -n flag"`) and unrelated piped commands
-# (`sort -n x; git commit`), so guarding it false-positives on valid work.
-if printf '%s' "$command_str" | grep -Eq '(^|[^[:alnum:]_-])--no-verify($|[^[:alnum:]_-])' \
-  || printf '%s' "$command_str" | grep -Eq '(^|[^[:alnum:]_-])HUSKY=0($|[^[:alnum:]])' \
-  || printf '%s' "$command_str" | grep -Eq '(^|[^[:alnum:]_-])HUSKY_SKIP_HOOKS=' \
-  || printf '%s' "$command_str" | grep -Eq 'core\.hooksPath([[:space:]]*=)?[[:space:]]*/dev/null' \
-  || printf '%s' "$command_str" | grep -Eq 'core\.hooksPath[[:space:]]*=[[:space:]]*($|[[:space:];&|"'\''])'; then
+command -v python3 >/dev/null 2>&1 || allow
+
+if ! BLOCK_NO_VERIFY_COMMAND="$command_str" python3 - <<'PY'
+import os
+import re
+import shlex
+import sys
+
+command = os.environ.get("BLOCK_NO_VERIFY_COMMAND", "")
+
+
+def strip_heredocs(text: str) -> str:
+    lines = text.splitlines()
+    output = []
+    pending = []
+    marker_pattern = re.compile(
+        r"<<-?\s*(?:'([^']+)'|\"([^\"]+)\"|([A-Za-z_][A-Za-z0-9_]*))"
+    )
+    index = 0
+    while index < len(lines):
+        line = lines[index]
+        output.append(line)
+        pending.extend(
+            next(group for group in match.groups() if group)
+            for match in marker_pattern.finditer(line)
+        )
+        index += 1
+        while pending and index < len(lines):
+            if lines[index].strip() == pending[0]:
+                output.append(lines[index])
+                pending.pop(0)
+                index += 1
+                break
+            index += 1
+    return "\n".join(output)
+
+
+try:
+    tokens = shlex.split(strip_heredocs(command), posix=True)
+except ValueError:
+    sys.exit(0)
+
+normalized_tokens = [token.strip("();|&") for token in tokens]
+
+for i, token in enumerate(normalized_tokens):
+    if token == "--no-verify":
+        sys.exit(1)
+    if token == "HUSKY=0" or token.startswith("HUSKY_SKIP_HOOKS="):
+        sys.exit(1)
+    if token.startswith("core.hooksPath="):
+        value = token.split("=", 1)[1]
+        if value in ("", "/dev/null"):
+            sys.exit(1)
+    if token == "core.hooksPath" and i + 1 < len(normalized_tokens) and normalized_tokens[i + 1] in ("", "/dev/null"):
+        sys.exit(1)
+
+sys.exit(0)
+PY
+then
   deny
 fi
 

package/plugins/lisa-agy/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa",
-  "version": "2.163.3",
+  "version": "2.163.5",
   "description": "Universal governance — agents, skills, commands, hooks, and rules for all projects",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-cdk/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-cdk",
-  "version": "2.163.3",
+  "version": "2.163.5",
   "description": "AWS CDK-specific plugin",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-cdk/.codex-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-cdk",
-  "version": "2.163.3",
+  "version": "2.163.5",
   "description": "AWS CDK-specific Lisa plugin.",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-cdk-agy/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-cdk",
-  "version": "2.163.3",
+  "version": "2.163.5",
   "description": "AWS CDK-specific plugin",
   "author": {
     "name": "Cody Swann"