@hailer/mcp 0.0.6 → 0.1.1

package/.claude/hooks/app-edit-guard.cjs

@@ -0,0 +1,462 @@
+#!/usr/bin/env node
+/**
+ * Claude Code PreToolUse Hook - BULLETPROOF Hailer App Guard
+ *
+ * Blocks ALL direct edits to Hailer app directories.
+ * Detection is pattern-based - no registration required.
+ *
+ * A directory is considered a Hailer app if it contains:
+ * - public/manifest.json with "appId" field, OR
+ * - package.json with @hailer/app-sdk dependency
+ *
+ * Edits are ONLY allowed when:
+ * 1. Running inside a subagent (Task tool with CLAUDE_CODE_ENTRYPOINT=task)
+ * 2. The app directory has been explicitly released for manual editing
+ *
+ * To release an app for manual editing:
+ *   node app-edit-guard.cjs --release /path/to/app
+ */
+
+const fs = require('fs');
+const path = require('path');
+
+const RELEASE_TRACKER = '/tmp/.claude-released-apps.json';
+const BUILDER_MODE_DIR = '/tmp/.claude-builder-mode';
+const BUILDER_AGENT_ACTIVE = '/tmp/.claude-builder-agent-active';
+
+// Read hook input from stdin
+let input = '';
+process.stdin.setEncoding('utf8');
+process.stdin.on('data', chunk => input += chunk);
+process.stdin.on('end', () => {
+  try {
+    const data = JSON.parse(input);
+    processHook(data);
+  } catch (e) {
+    // Invalid JSON - fail safe by BLOCKING
+    outputBlock('Hook received invalid input - blocking for safety');
+  }
+});
+
+function outputAllow() {
+  console.log(JSON.stringify({ decision: 'allow' }));
+  process.exit(0);
+}
+
+function outputBlock(message) {
+  console.log(JSON.stringify({
+    decision: 'block',
+    reason: message
+  }));
+  process.exit(0);
+}
+
+/**
+ * Check if a directory is a Hailer app by examining its contents
+ */
+function isHailerAppDirectory(dirPath) {
+  try {
+    // Check 1: public/manifest.json with appId
+    const manifestPath = path.join(dirPath, 'public', 'manifest.json');
+    if (fs.existsSync(manifestPath)) {
+      try {
+        const manifest = JSON.parse(fs.readFileSync(manifestPath, 'utf8'));
+        if (manifest.appId || manifest.name) {
+          return { isApp: true, name: manifest.name || path.basename(dirPath), reason: 'manifest.json' };
+        }
+      } catch {
+        // Invalid JSON in manifest, still might be a Hailer app structure
+      }
+    }
+
+    // Check 2: package.json with @hailer/app-sdk
+    const packagePath = path.join(dirPath, 'package.json');
+    if (fs.existsSync(packagePath)) {
+      try {
+        const pkg = JSON.parse(fs.readFileSync(packagePath, 'utf8'));
+        const deps = { ...pkg.dependencies, ...pkg.devDependencies };
+        if (deps['@hailer/app-sdk']) {
+          return { isApp: true, name: pkg.name || path.basename(dirPath), reason: '@hailer/app-sdk dependency' };
+        }
+      } catch {
+        // Invalid package.json
+      }
+    }
+
+    // Check 3: vite.config with hailer in comments or specific CORS config
+    const viteConfigPath = path.join(dirPath, 'vite.config.ts');
+    if (fs.existsSync(viteConfigPath)) {
+      try {
+        const viteConfig = fs.readFileSync(viteConfigPath, 'utf8');
+        if (viteConfig.includes('hailer') || viteConfig.includes('app.hailer.com')) {
+          return { isApp: true, name: path.basename(dirPath), reason: 'vite.config.ts hailer reference' };
+        }
+      } catch {
+        // Can't read vite config
+      }
+    }
+
+    return { isApp: false };
+  } catch {
+    return { isApp: false };
+  }
+}
+
+/**
+ * Walk up the directory tree to find if file is inside a Hailer app
+ */
+function findHailerAppRoot(filePath) {
+  let currentDir = path.dirname(filePath);
+  const root = path.parse(currentDir).root;
+
+  // Walk up max 10 levels
+  for (let i = 0; i < 10 && currentDir !== root; i++) {
+    const result = isHailerAppDirectory(currentDir);
+    if (result.isApp) {
+      return { ...result, path: currentDir };
+    }
+    currentDir = path.dirname(currentDir);
+  }
+
+  return null;
+}
+
+/**
+ * Check if an app directory has been released for manual editing
+ */
+function isAppReleased(appPath) {
+  try {
+    if (!fs.existsSync(RELEASE_TRACKER)) {
+      return false;
+    }
+    const released = JSON.parse(fs.readFileSync(RELEASE_TRACKER, 'utf8'));
+    return released.includes(path.resolve(appPath));
+  } catch {
+    return false;
+  }
+}
+
+/**
+ * Check if a builder agent is currently active (global flag)
+ * Main Claude enables this before spawning builder agents
+ */
+function isBuilderAgentActive() {
+  return fs.existsSync(BUILDER_AGENT_ACTIVE);
+}
+
+/**
+ * Check if builder mode is active for an app directory
+ * Builder mode is enabled by creating a marker file in BUILDER_MODE_DIR
+ */
+function isBuilderModeActive(appPath) {
+  try {
+    if (!fs.existsSync(BUILDER_MODE_DIR)) {
+      return false;
+    }
+    // Hash the app path to create a unique marker filename
+    const normalizedPath = path.resolve(appPath);
+    const markerFile = path.join(BUILDER_MODE_DIR, Buffer.from(normalizedPath).toString('base64').replace(/[/+=]/g, '_'));
+    return fs.existsSync(markerFile);
+  } catch {
+    return false;
+  }
+}
+
+/**
+ * Enable builder mode for an app directory
+ */
+function enableBuilderMode(appPath) {
+  const normalizedPath = path.resolve(appPath);
+  if (!fs.existsSync(BUILDER_MODE_DIR)) {
+    fs.mkdirSync(BUILDER_MODE_DIR, { recursive: true });
+  }
+  const markerFile = path.join(BUILDER_MODE_DIR, Buffer.from(normalizedPath).toString('base64').replace(/[/+=]/g, '_'));
+  fs.writeFileSync(markerFile, JSON.stringify({ appPath: normalizedPath, enabledAt: new Date().toISOString() }));
+  return markerFile;
+}
+
+/**
+ * Disable builder mode for an app directory
+ */
+function disableBuilderMode(appPath) {
+  const normalizedPath = path.resolve(appPath);
+  const markerFile = path.join(BUILDER_MODE_DIR, Buffer.from(normalizedPath).toString('base64').replace(/[/+=]/g, '_'));
+  if (fs.existsSync(markerFile)) {
+    fs.unlinkSync(markerFile);
+    return true;
+  }
+  return false;
+}
+
+function processHook(data) {
+  const { tool_name, tool_input } = data;
+
+  // Only guard Write and Edit tools
+  if (tool_name !== 'Write' && tool_name !== 'Edit') {
+    outputAllow();
+    return;
+  }
+
+  const filePath = tool_input?.file_path;
+  if (!filePath) {
+    outputAllow();
+    return;
+  }
+
+  // Normalize path
+  const normalizedPath = path.resolve(filePath);
+
+  // Find if this file is inside a Hailer app
+  const appInfo = findHailerAppRoot(normalizedPath);
+
+  if (!appInfo) {
+    // Not in a Hailer app directory
+    outputAllow();
+    return;
+  }
+
+  // Check if a builder agent is globally active - ALLOW
+  // Main Claude enables this before spawning builder agents
+  if (isBuilderAgentActive()) {
+    outputAllow();
+    return;
+  }
+
+  // Check if builder mode is active for this app - ALLOW
+  // This is the primary mechanism for spawned builder agents
+  if (isBuilderModeActive(appInfo.path)) {
+    outputAllow();
+    return;
+  }
+
+  // Check if this app has been released for manual editing - ALLOW
+  if (isAppReleased(appInfo.path)) {
+    outputAllow();
+    return;
+  }
+
+  // BLOCK with helpful message
+  outputBlock(`
+🚫 BLOCKED: Direct edit to Hailer app "${appInfo.name}"
+
+Detected as Hailer app via: ${appInfo.reason}
+App directory: ${appInfo.path}
+
+━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+WHY: Hailer apps must be built by a specialized builder agent
+━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+
+The builder agent has:
+• Access to @hailer/app-sdk documentation
+• Live dev server feedback for iteration
+• Proper TypeScript patterns for Hailer apps
+
+━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+TO PROCEED: Spawn a builder agent
+━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+
+1. Load the spawn skill:
+   Skill("spawn-app-builder")
+
+2. Follow the skill instructions to spawn the agent
+
+━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+OR: Release for manual editing (if user explicitly requests)
+━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+
+Ask the user first! If they confirm manual editing, run:
+  Bash: node .claude/hooks/app-edit-guard.cjs --release "${appInfo.path}"
+
+Then retry your edit.
+`);
+}
+
+// CLI: Release an app for manual editing
+if (process.argv[2] === '--release' && process.argv[3]) {
+  const appPath = path.resolve(process.argv[3]);
+
+  // Verify it's actually a Hailer app
+  const appInfo = isHailerAppDirectory(appPath);
+  if (!appInfo.isApp) {
+    console.error(`Error: ${appPath} is not a Hailer app directory`);
+    process.exit(1);
+  }
+
+  // Load existing releases
+  let released = [];
+  try {
+    if (fs.existsSync(RELEASE_TRACKER)) {
+      released = JSON.parse(fs.readFileSync(RELEASE_TRACKER, 'utf8'));
+    }
+  } catch {
+    released = [];
+  }
+
+  // Add this app if not already released
+  if (!released.includes(appPath)) {
+    released.push(appPath);
+    fs.writeFileSync(RELEASE_TRACKER, JSON.stringify(released, null, 2));
+    console.log(`✅ Released "${appInfo.name}" for manual editing`);
+    console.log(`   Path: ${appPath}`);
+  } else {
+    console.log(`ℹ️  "${appInfo.name}" was already released`);
+  }
+  process.exit(0);
+}
+
+// CLI: List released apps
+if (process.argv[2] === '--list') {
+  try {
+    if (fs.existsSync(RELEASE_TRACKER)) {
+      const released = JSON.parse(fs.readFileSync(RELEASE_TRACKER, 'utf8'));
+      if (released.length === 0) {
+        console.log('No apps released for manual editing');
+      } else {
+        console.log('Released apps:');
+        released.forEach(p => console.log(`  - ${p}`));
+      }
+    } else {
+      console.log('No apps released for manual editing');
+    }
+  } catch {
+    console.log('No apps released for manual editing');
+  }
+  process.exit(0);
+}
+
+// CLI: Enable builder mode for an app
+if (process.argv[2] === '--builder-on' && process.argv[3]) {
+  const appPath = path.resolve(process.argv[3]);
+
+  // Verify it's actually a Hailer app
+  const appInfo = isHailerAppDirectory(appPath);
+  if (!appInfo.isApp) {
+    console.error(`Error: ${appPath} is not a Hailer app directory`);
+    process.exit(1);
+  }
+
+  enableBuilderMode(appPath);
+  console.log(`🔧 Builder mode ENABLED for "${appInfo.name}"`);
+  console.log(`   Path: ${appPath}`);
+  console.log(`   Spawned agents can now edit this app`);
+  process.exit(0);
+}
+
+// CLI: Disable builder mode for an app
+if (process.argv[2] === '--builder-off' && process.argv[3]) {
+  const appPath = path.resolve(process.argv[3]);
+
+  if (disableBuilderMode(appPath)) {
+    console.log(`🔒 Builder mode DISABLED for: ${appPath}`);
+  } else {
+    console.log(`ℹ️  Builder mode was not active for: ${appPath}`);
+  }
+  process.exit(0);
+}
+
+// CLI: Revoke release
+if (process.argv[2] === '--revoke' && process.argv[3]) {
+  const appPath = path.resolve(process.argv[3]);
+
+  try {
+    if (fs.existsSync(RELEASE_TRACKER)) {
+      let released = JSON.parse(fs.readFileSync(RELEASE_TRACKER, 'utf8'));
+      const before = released.length;
+      released = released.filter(p => p !== appPath);
+      if (released.length < before) {
+        fs.writeFileSync(RELEASE_TRACKER, JSON.stringify(released, null, 2));
+        console.log(`✅ Revoked manual editing for: ${appPath}`);
+      } else {
+        console.log(`ℹ️  App was not in released list: ${appPath}`);
+      }
+    }
+  } catch {
+    console.error('Error reading release tracker');
+  }
+  process.exit(0);
+}
+
+// CLI: Check if a path is a Hailer app
+if (process.argv[2] === '--check' && process.argv[3]) {
+  const checkPath = path.resolve(process.argv[3]);
+  const result = isHailerAppDirectory(checkPath);
+  if (result.isApp) {
+    console.log(`✅ Hailer app detected: ${result.name}`);
+    console.log(`   Detected via: ${result.reason}`);
+    console.log(`   Builder mode: ${isBuilderModeActive(checkPath) ? 'ACTIVE' : 'Off'}`);
+    console.log(`   Manual release: ${isAppReleased(checkPath) ? 'Yes' : 'No'}`);
+  } else {
+    console.log(`❌ Not a Hailer app: ${checkPath}`);
+  }
+  process.exit(0);
+}
+
+// CLI: Enable global builder agent mode
+if (process.argv[2] === '--agent-on') {
+  fs.writeFileSync(BUILDER_AGENT_ACTIVE, JSON.stringify({ enabledAt: new Date().toISOString() }));
+  console.log('🔧 Builder agent mode ENABLED globally');
+  console.log('   All Hailer app edits are now allowed');
+  console.log('   Run --agent-off when done');
+  process.exit(0);
+}
+
+// CLI: Disable global builder agent mode
+if (process.argv[2] === '--agent-off') {
+  if (fs.existsSync(BUILDER_AGENT_ACTIVE)) {
+    fs.unlinkSync(BUILDER_AGENT_ACTIVE);
+    console.log('🔒 Builder agent mode DISABLED');
+  } else {
+    console.log('ℹ️  Builder agent mode was not active');
+  }
+  process.exit(0);
+}
+
+// CLI: Check global builder agent status
+if (process.argv[2] === '--agent-status') {
+  if (fs.existsSync(BUILDER_AGENT_ACTIVE)) {
+    console.log('🔧 Builder agent mode is ACTIVE');
+  } else {
+    console.log('🔒 Builder agent mode is OFF');
+  }
+  process.exit(0);
+}
+
+// CLI: Help
+if (process.argv[2] === '--help' || process.argv[2] === '-h') {
+  console.log(`
+Hailer App Edit Guard - Bulletproof protection for Hailer apps
+
+UNIFIED SYSTEM: --agent-on/--agent-off controls BOTH this hook AND src-edit-guard.cjs.
+One command enables builder mode for Hailer apps AND src/ directory edits.
+
+Usage:
+  Global Builder Agent Mode (RECOMMENDED for spawning agents):
+    node app-edit-guard.cjs --agent-on            Enable global builder mode
+    node app-edit-guard.cjs --agent-off           Disable global builder mode
+    node app-edit-guard.cjs --agent-status        Check if builder mode is active
+
+  Per-App Builder Mode:
+    node app-edit-guard.cjs --builder-on <path>   Enable builder mode for an app
+    node app-edit-guard.cjs --builder-off <path>  Disable builder mode for an app
+
+  Manual Editing (for direct edits by main agent):
+    node app-edit-guard.cjs --release <path>      Release an app for manual editing
+    node app-edit-guard.cjs --revoke <path>       Revoke manual editing permission
+
+  Utilities:
+    node app-edit-guard.cjs --check <path>        Check if path is a Hailer app
+    node app-edit-guard.cjs --list                List all released apps
+    node app-edit-guard.cjs --help                Show this help
+
+Workflow for spawning builder agents (RECOMMENDED):
+  1. Main agent: node app-edit-guard.cjs --agent-on
+  2. Main agent spawns builder agent via Task tool
+  3. Builder agent can freely edit ANY Hailer app AND src/ files
+  4. Main agent: node app-edit-guard.cjs --agent-off
+
+As a hook:
+  Reads JSON from stdin with tool_name and tool_input
+  Outputs JSON with decision: "allow" or "block"
+`);
+  process.exit(0);
+}

package/.claude/hooks/interactive-mode.cjs

@@ -0,0 +1,59 @@
+#!/usr/bin/env node
+/**
+ * Claude Code UserPromptSubmit Hook - Interactive Question Mode
+ *
+ * Injects a reminder to ask clarifying questions before starting complex tasks.
+ * Triggers on every user prompt to encourage interactive behavior.
+ */
+
+// Read hook input from stdin
+let input = '';
+process.stdin.setEncoding('utf8');
+process.stdin.on('data', chunk => input += chunk);
+process.stdin.on('end', () => {
+  try {
+    const data = JSON.parse(input);
+    processHook(data);
+  } catch {
+    process.exit(0);
+  }
+});
+
+function processHook(data) {
+  const { prompt } = data;
+
+  if (!prompt) {
+    process.exit(0);
+  }
+
+  const lowerPrompt = prompt.toLowerCase();
+
+  // Detect task types that benefit from questions
+  const taskPatterns = [
+    { pattern: /build|create|make.*app/i, type: 'app', questions: ['What data to display?', 'What layout/components?', 'What user actions needed?'] },
+    { pattern: /create|add.*insight|report/i, type: 'insight', questions: ['What metrics/aggregations?', 'Which workflows to query?', 'Any filters needed?'] },
+    { pattern: /import|create.*activit|bulk/i, type: 'data', questions: ['Which workflow?', 'What field values?', 'How many records?'] },
+    { pattern: /add|create.*field|workflow|phase/i, type: 'schema', questions: ['Field type?', 'Required or optional?', 'Default values?'] },
+    { pattern: /update|change|modify/i, type: 'update', questions: ['Which records affected?', 'What new values?', 'Confirm before applying?'] },
+  ];
+
+  const matched = taskPatterns.find(p => p.pattern.test(prompt));
+
+  if (matched) {
+    const output = `
+<interactive-mode>
+BEFORE STARTING: Consider asking clarifying questions.
+
+Task type detected: ${matched.type}
+Suggested questions to ask user:
+${matched.questions.map(q => `- ${q}`).join('\n')}
+
+Use AskUserQuestion tool if requirements are unclear.
+Gather specifics before spawning agents or making changes.
+</interactive-mode>
+`;
+    console.log(output);
+  }
+
+  process.exit(0);
+}

package/.claude/hooks/mcp-server-guard.cjs

@@ -0,0 +1,92 @@
+#!/usr/bin/env node
+/**
+ * MCP Server Guard Hook
+ *
+ * PreToolUse hook that prevents Claude from starting the MCP server.
+ * When blocked, instructs Claude to provide manual instructions to the user.
+ *
+ * Blocked commands: npm run dev, npm start, tsx src/app.ts, etc.
+ */
+
+// Commands that would start the MCP server
+const SERVER_START_PATTERNS = [
+  /npm run dev\b/,
+  /npm run start\b/,
+  /npm start\b/,
+  /tsx\s+.*src\/app\.ts/,
+  /tsx\s+watch\s+.*src\/app\.ts/,
+  /node\s+.*src\/app\.ts/,
+  /node\s+.*dist\/app\.js/,
+  /npx\s+tsx\s+.*src\/app/,
+];
+
+// Read stdin
+async function readStdin() {
+  return new Promise((resolve) => {
+    let data = '';
+    process.stdin.setEncoding('utf8');
+    process.stdin.on('data', chunk => data += chunk);
+    process.stdin.on('end', () => resolve(data));
+    setTimeout(() => resolve(data), 100);
+  });
+}
+
+async function main() {
+  try {
+    const input = await readStdin();
+
+    if (!input.trim()) {
+      process.exit(0);
+    }
+
+    const hookData = JSON.parse(input);
+    const command = hookData.tool_input?.command || '';
+
+    // Check if this is a server start command
+    const isServerStart = SERVER_START_PATTERNS.some(pattern => pattern.test(command));
+
+    if (!isServerStart) {
+      process.exit(0);
+    }
+
+    // Output instructions to stderr (appears as system reminder)
+    const instructions = `============================================================
+🚫 MCP SERVER COMMAND BLOCKED
+============================================================
+
+You CANNOT start the MCP server. The user runs it manually.
+
+INSTEAD, tell the user to run this command in their terminal:
+
+  cd ${process.env.CLAUDE_PROJECT_DIR || '/home/brodolf/Desktop/hailer-mcp/hailer-mcp'}
+  npm run dev
+
+Or if they want to run it in the background:
+
+  npm run dev &
+
+The MCP server must be running BEFORE starting Claude Code with MCP.
+
+============================================================
+DO NOT attempt to run server commands. Give manual instructions only.
+============================================================`;
+
+    // Output to stderr so it appears as system reminder
+    console.error(instructions);
+
+    // Block the command
+    const response = {
+      permissionDecision: "deny",
+      permissionDecisionReason: "MCP server commands are blocked. Provide manual instructions to the user instead."
+    };
+
+    console.log(JSON.stringify(response));
+    process.exit(0);
+
+  } catch (error) {
+    console.error(`[mcp-server-guard] Error: ${error.message}`);
+    process.exit(0);
+  }
+}
+
+main();

package/.claude/hooks/post-scaffold-hook.cjs

@@ -4,9 +4,20 @@
  *
  * This hook triggers after scaffold_hailer_app completes successfully
  * and ASKS the user if they want to spawn the app builder agent.
+ *
+ * Also registers the app with app-edit-guard to block direct edits.
  */
 
 const path = require('path');
+const fs = require('fs');
+const { execSync } = require('child_process');
+
+const TRACKER_DIR = '/tmp/.claude-scaffolded-apps';
+
+// Ensure tracker directory exists
+if (!fs.existsSync(TRACKER_DIR)) {
+  fs.mkdirSync(TRACKER_DIR, { recursive: true });
+}
 
 // Read hook input from stdin
 let input = '';
@@ -45,6 +56,9 @@ function processHook(data) {
     ? path.join(tool_input.targetDirectory, projectName)
     : path.join(cwd, projectName);
 
+  // Register app with edit guard to block direct edits
+  registerScaffoldedApp(projectName, projectPath);
+
   // Build the AskUserQuestion instruction
   const output = `
 ============================================================
@@ -123,3 +137,20 @@ ASK THE USER NOW - Do not skip this question!
   console.error(output);
   process.exit(0);
 }
+
+/**
+ * Register scaffolded app in tracker so app-edit-guard can block direct edits
+ */
+function registerScaffoldedApp(name, appPath) {
+  try {
+    const trackerFile = path.join(TRACKER_DIR, `${name}.json`);
+    fs.writeFileSync(trackerFile, JSON.stringify({
+      name,
+      path: path.resolve(appPath),
+      scaffoldedAt: new Date().toISOString()
+    }));
+    console.error(`📝 Registered app "${name}" for edit protection`);
+  } catch (err) {
+    console.error(`Warning: Could not register app for edit protection: ${err.message}`);
+  }
+}

package/.claude/hooks/sdk-delete-guard.cjs

@@ -18,6 +18,8 @@ const DELETE_RISK_PATTERNS = [
   /npm run groups-push\b/,    // Push groups - can delete groups
   /npm run teams-push\b/,     // Push teams - can delete teams
   /npm run insights-push\b/,  // Push insights - can delete insights
+  /npm run templates-sync\b/, // Sync templates - can delete templates
+  /npm run templates-push\b/, // Push templates - can modify/delete templates
   /hailer-sdk ws-config push\b/,
   /hailer-sdk ws-config.*sync\b/,
 ];