@hasna/hooks 0.0.1

package/hooks/hook-agentmessages/src/session-start.ts

@@ -0,0 +1,255 @@
+#!/usr/bin/env bun
+/**
+ * SessionStart hook for service-message
+ *
+ * Does NOT auto-generate agents. Agent must be registered via:
+ *   service-message init
+ *
+ * Auto-registers project and session if agent exists.
+ */
+
+import { homedir } from 'os';
+import { join, basename } from 'path';
+import { mkdir, appendFile } from 'fs/promises';
+
+interface HookInput {
+  session_id?: string;
+  cwd?: string;
+  model?: string;
+}
+
+interface Agent {
+  id: string;
+  name: string;
+  createdAt: number;
+  lastSeen?: number;
+}
+
+interface Project {
+  id: string;
+  name: string;
+  path?: string;
+  createdAt: number;
+}
+
+interface Session {
+  id: string;
+  agentId: string;
+  projectId: string;
+  startedAt: number;
+}
+
+interface Config {
+  agentId?: string;
+}
+
+const SERVICE_DIR = join(homedir(), '.service', 'service-message');
+
+async function ensureDir(dir: string): Promise<void> {
+  try {
+    await mkdir(dir, { recursive: true });
+  } catch {}
+}
+
+async function readJson<T>(path: string): Promise<T | null> {
+  try {
+    const file = Bun.file(path);
+    if (await file.exists()) {
+      return await file.json();
+    }
+  } catch {}
+  return null;
+}
+
+async function writeJson(path: string, data: unknown): Promise<void> {
+  await Bun.write(path, JSON.stringify(data, null, 2));
+}
+
+async function readStdinWithTimeout(timeoutMs: number): Promise<string> {
+  return new Promise((resolve) => {
+    const timeout = setTimeout(() => resolve('{}'), timeoutMs);
+
+    let data = '';
+    process.stdin.setEncoding('utf8');
+    process.stdin.on('data', (chunk) => {
+      data += chunk;
+    });
+    process.stdin.on('end', () => {
+      clearTimeout(timeout);
+      resolve(data || '{}');
+    });
+    process.stdin.on('error', () => {
+      clearTimeout(timeout);
+      resolve('{}');
+    });
+
+    if (process.stdin.isTTY) {
+      clearTimeout(timeout);
+      resolve('{}');
+    }
+  });
+}
+
+/**
+ * Sanitize ID to prevent path traversal attacks
+ */
+function sanitizeId(id: string): string | null {
+  if (!id || typeof id !== 'string') return null;
+  // Only allow alphanumeric, dash, underscore
+  if (!/^[a-zA-Z0-9_-]+$/.test(id)) return null;
+  // Reject path traversal attempts
+  if (id.includes('..') || id.includes('/') || id.includes('\\')) return null;
+  return id;
+}
+
+/**
+ * Get existing agent - does NOT create one
+ */
+async function getAgent(): Promise<Agent | null> {
+  const configPath = join(SERVICE_DIR, 'config.json');
+  const config = await readJson<Config>(configPath);
+
+  if (!config?.agentId) {
+    return null;
+  }
+
+  // Sanitize agentId to prevent path traversal
+  const safeAgentId = sanitizeId(config.agentId);
+  if (!safeAgentId) {
+    return null;
+  }
+
+  const agentsDir = join(SERVICE_DIR, 'agents');
+  const agent = await readJson<Agent>(join(agentsDir, `${safeAgentId}.json`));
+
+  if (agent) {
+    // Verify agent.id matches safeAgentId to prevent tampering
+    if (agent.id !== safeAgentId) {
+      return null;
+    }
+    // Update lastSeen
+    agent.lastSeen = Date.now();
+    await writeJson(join(agentsDir, `${safeAgentId}.json`), agent);
+  }
+
+  return agent;
+}
+
+function getProjectNameFromPath(projectDir: string): string {
+  if (projectDir === '/' || projectDir === homedir()) {
+    return 'root';
+  }
+
+  const folderName = basename(projectDir);
+  if (!folderName || folderName === '.' || folderName === '..') {
+    return 'root';
+  }
+
+  return folderName;
+}
+
+function normalizeId(name: string): string {
+  return name.toLowerCase().replace(/[^a-z0-9-]/g, '-').replace(/-+/g, '-').replace(/^-|-$/g, '') || 'default';
+}
+
+async function getOrCreateProject(projectDir: string): Promise<Project> {
+  const projectsDir = join(SERVICE_DIR, 'projects');
+  await ensureDir(projectsDir);
+
+  const projectName = getProjectNameFromPath(projectDir);
+  const projectId = normalizeId(projectName);
+
+  const existingProject = await readJson<Project>(join(projectsDir, `${projectId}.json`));
+  if (existingProject) {
+    if (existingProject.path !== projectDir) {
+      existingProject.path = projectDir;
+      await writeJson(join(projectsDir, `${projectId}.json`), existingProject);
+    }
+    return existingProject;
+  }
+
+  const project: Project = {
+    id: projectId,
+    name: projectName,
+    path: projectDir,
+    createdAt: Date.now(),
+  };
+
+  await writeJson(join(projectsDir, `${projectId}.json`), project);
+  return project;
+}
+
+async function startSession(agentId: string, projectId: string, claudeSessionId: string): Promise<Session> {
+  const sessionsDir = join(SERVICE_DIR, 'sessions');
+  await ensureDir(sessionsDir);
+
+  const rawSessionId = claudeSessionId || `local-${Date.now()}`;
+  // Sanitize session ID - only keep alphanumeric chars
+  const safeSessionId = rawSessionId.replace(/[^a-zA-Z0-9]/g, '').slice(0, 12) || 'default';
+  const sessionId = `cs-${safeSessionId}`;
+
+  const existingSession = await readJson<Session>(join(sessionsDir, `${sessionId}.json`));
+  if (existingSession) {
+    return existingSession;
+  }
+
+  const session: Session = {
+    id: sessionId,
+    agentId,
+    projectId,
+    startedAt: Date.now(),
+  };
+
+  await writeJson(join(sessionsDir, `${sessionId}.json`), session);
+  return session;
+}
+
+async function main() {
+  const stdinData = await readStdinWithTimeout(2000);
+
+  let input: HookInput = {};
+  try {
+    input = JSON.parse(stdinData);
+  } catch {}
+
+  const sessionId = input.session_id || `local-${Date.now()}`;
+  const cwd = input.cwd || process.cwd();
+  const projectDir = process.env.CLAUDE_PROJECT_DIR || cwd;
+  const envFile = process.env.CLAUDE_ENV_FILE;
+
+  await ensureDir(SERVICE_DIR);
+
+  // Get existing agent - do NOT create one
+  const agent = await getAgent();
+
+  if (!agent) {
+    // No agent configured - silently continue without setting env vars
+    // User needs to run: service-message init
+    console.log(JSON.stringify({ continue: true }));
+    return;
+  }
+
+  // Auto-register project and session
+  const project = await getOrCreateProject(projectDir);
+  const session = await startSession(agent.id, project.id, sessionId);
+
+  if (envFile) {
+    try {
+      // Escape values to prevent shell injection
+      const escapeShellValue = (val: string) => val.replace(/[`$"\\]/g, '\\$&');
+      const envContent = [
+        `export SMSG_AGENT_ID="${escapeShellValue(agent.id)}"`,
+        `export SMSG_SESSION_ID="${escapeShellValue(session.id)}"`,
+        `export SMSG_PROJECT_ID="${escapeShellValue(project.id)}"`,
+      ].join('\n') + '\n';
+      await appendFile(envFile, envContent);
+    } catch {}
+  }
+
+  console.log(JSON.stringify({ continue: true }));
+}
+
+main().catch(() => {
+  console.log(JSON.stringify({ continue: true }));
+  process.exit(0);
+});

package/hooks/hook-agentmessages/src/uninstall.ts

@@ -0,0 +1,89 @@
+#!/usr/bin/env bun
+/**
+ * Uninstall hook-agentmessages from Claude Code settings
+ */
+
+import { homedir } from 'os';
+import { join } from 'path';
+
+const CLAUDE_SETTINGS_FILE = join(homedir(), '.claude', 'settings.json');
+
+interface HookConfig {
+  type: 'command';
+  command: string;
+}
+
+interface HookMatcher {
+  matcher?: string;
+  hooks: HookConfig[];
+}
+
+interface Settings {
+  hooks?: {
+    [key: string]: HookMatcher[] | undefined;
+  };
+  [key: string]: unknown;
+}
+
+async function readSettings(): Promise<Settings> {
+  try {
+    const file = Bun.file(CLAUDE_SETTINGS_FILE);
+    if (await file.exists()) {
+      return await file.json();
+    }
+  } catch {}
+  return {};
+}
+
+async function writeSettings(settings: Settings): Promise<void> {
+  await Bun.write(CLAUDE_SETTINGS_FILE, JSON.stringify(settings, null, 2));
+}
+
+function removeHookMessageHooks(hooks: HookMatcher[]): HookMatcher[] {
+  return hooks.filter(h =>
+    !h.hooks.some(hook => hook.command.includes('hook-agentmessages'))
+  );
+}
+
+async function main() {
+  console.log('Uninstalling hook-agentmessages from Claude Code...\n');
+
+  const settings = await readSettings();
+
+  if (!settings.hooks) {
+    console.log('No hooks found. Nothing to uninstall.');
+    return;
+  }
+
+  let removed = 0;
+
+  // Remove from all hook events
+  for (const eventName of Object.keys(settings.hooks)) {
+    const hooks = settings.hooks[eventName];
+    if (hooks && Array.isArray(hooks)) {
+      const before = hooks.length;
+      settings.hooks[eventName] = removeHookMessageHooks(hooks);
+      removed += before - settings.hooks[eventName]!.length;
+
+      // Remove empty arrays
+      if (settings.hooks[eventName]!.length === 0) {
+        delete settings.hooks[eventName];
+      }
+    }
+  }
+
+  // Remove empty hooks object
+  if (Object.keys(settings.hooks).length === 0) {
+    delete settings.hooks;
+  }
+
+  await writeSettings(settings);
+
+  console.log(`Removed ${removed} hook(s).`);
+  console.log('\nRestart Claude Code for changes to take effect.');
+}
+
+main().catch((err) => {
+  console.error('Uninstall failed:', err.message);
+  process.exit(1);
+});

package/hooks/hook-branchprotect/CLAUDE.md

@@ -0,0 +1,23 @@
+# CLAUDE.md
+
+## hook-branchprotect
+
+A PreToolUse hook that prevents file modifications on protected branches (main/master).
+
+### Key Files
+
+| File | Purpose |
+|------|---------|
+| `src/hook.ts` | Main hook logic — checks current branch, blocks on main/master |
+| `src/cli.ts` | CLI — install/uninstall/status |
+
+### Hook Events
+
+- **PreToolUse** (matcher: `Write|Edit|NotebookEdit`)
+
+### Behavior
+
+- Checks current git branch before allowing file modifications
+- Blocks Write/Edit/NotebookEdit on main/master branches
+- Suggests creating a feature branch in the block message
+- Approves everything on non-protected branches or non-git directories

package/hooks/hook-branchprotect/README.md

@@ -0,0 +1,25 @@
+# hook-branchprotect
+
+Claude Code hook that prevents editing files on main/master branch.
+
+## Overview
+
+Forces a feature branch workflow by blocking all Write/Edit/NotebookEdit operations when the current git branch is `main` or `master`.
+
+## Installation
+
+```bash
+bun install -g @hasnaxyz/hook-branchprotect
+hook-branchprotect install
+```
+
+## How It Works
+
+1. Intercepts Write/Edit/NotebookEdit tool calls (PreToolUse)
+2. Checks the current git branch via `git rev-parse --abbrev-ref HEAD`
+3. Blocks if on `main` or `master`, suggests creating a feature branch
+4. Approves all operations on any other branch
+
+## License
+
+MIT

package/hooks/hook-branchprotect/package.json

@@ -0,0 +1,42 @@
+{
+  "name": "@hasnaxyz/hook-branchprotect",
+  "version": "0.1.0",
+  "description": "Claude Code hook that prevents editing files on main/master branch",
+  "type": "module",
+  "bin": {
+    "hook-branchprotect": "./dist/cli.js"
+  },
+  "main": "./dist/hook.js",
+  "exports": {
+    ".": {
+      "import": "./dist/hook.js",
+      "types": "./dist/hook.d.ts"
+    },
+    "./cli": {
+      "import": "./dist/cli.js"
+    }
+  },
+  "files": ["dist", "README.md"],
+  "scripts": {
+    "build": "bun build ./src/cli.ts ./src/hook.ts --outdir ./dist --target node",
+    "prepublishOnly": "bun run build",
+    "typecheck": "tsc --noEmit"
+  },
+  "keywords": ["claude-code", "claude", "hook", "branch", "protection", "git", "cli"],
+  "author": "Hasna",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/hasnaxyz/hook-branchprotect.git"
+  },
+  "publishConfig": {
+    "access": "restricted",
+    "registry": "https://registry.npmjs.org/"
+  },
+  "engines": { "node": ">=18", "bun": ">=1.0" },
+  "devDependencies": {
+    "@types/bun": "^1.3.8",
+    "@types/node": "^20",
+    "typescript": "^5.0.0"
+  }
+}

package/hooks/hook-branchprotect/src/cli.ts

@@ -0,0 +1,126 @@
+#!/usr/bin/env bun
+
+/**
+ * CLI for hook-branchprotect
+ */
+
+import { readFileSync, writeFileSync, existsSync, mkdirSync } from "fs";
+import { join } from "path";
+import { homedir } from "os";
+
+const HOOK_NAME = "hook-branchprotect";
+const SETTINGS_PATH = join(homedir(), ".claude", "settings.json");
+
+interface ClaudeSettings {
+  hooks?: {
+    PreToolUse?: Array<{
+      matcher: string;
+      hooks: Array<{ type: "command"; command: string }>;
+    }>;
+  };
+  [key: string]: unknown;
+}
+
+function readSettings(): ClaudeSettings {
+  try {
+    if (existsSync(SETTINGS_PATH)) {
+      return JSON.parse(readFileSync(SETTINGS_PATH, "utf-8"));
+    }
+  } catch {}
+  return {};
+}
+
+function writeSettings(settings: ClaudeSettings): void {
+  const dir = join(homedir(), ".claude");
+  if (!existsSync(dir)) mkdirSync(dir, { recursive: true });
+  writeFileSync(SETTINGS_PATH, JSON.stringify(settings, null, 2));
+}
+
+function install(): void {
+  const settings = readSettings();
+  if (!settings.hooks) settings.hooks = {};
+  if (!settings.hooks.PreToolUse) settings.hooks.PreToolUse = [];
+
+  const existing = settings.hooks.PreToolUse.find((h) =>
+    h.hooks.some((hook) => hook.command.includes(HOOK_NAME))
+  );
+
+  if (existing) {
+    console.log(`${HOOK_NAME} is already installed`);
+    return;
+  }
+
+  settings.hooks.PreToolUse.push({
+    matcher: "Write|Edit|NotebookEdit",
+    hooks: [{ type: "command", command: `bunx @hasnaxyz/${HOOK_NAME}` }],
+  });
+
+  writeSettings(settings);
+  console.log(`${HOOK_NAME} installed successfully`);
+  console.log("Hook will prevent file modifications on main/master branch");
+}
+
+function uninstall(): void {
+  const settings = readSettings();
+  if (!settings.hooks?.PreToolUse) {
+    console.log(`${HOOK_NAME} is not installed`);
+    return;
+  }
+
+  const before = settings.hooks.PreToolUse.length;
+  settings.hooks.PreToolUse = settings.hooks.PreToolUse.filter(
+    (h) => !h.hooks.some((hook) => hook.command.includes(HOOK_NAME))
+  );
+
+  if (before === settings.hooks.PreToolUse.length) {
+    console.log(`${HOOK_NAME} is not installed`);
+    return;
+  }
+
+  writeSettings(settings);
+  console.log(`${HOOK_NAME} uninstalled successfully`);
+}
+
+function status(): void {
+  const settings = readSettings();
+  const installed = settings.hooks?.PreToolUse?.some((h) =>
+    h.hooks.some((hook) => hook.command.includes(HOOK_NAME))
+  );
+  console.log(`${HOOK_NAME} is ${installed ? "installed" : "not installed"}`);
+}
+
+function help(): void {
+  console.log(`
+${HOOK_NAME} - Prevent file modifications on protected branches
+
+Usage: ${HOOK_NAME} <command>
+
+Commands:
+  install     Install hook to Claude Code settings
+  uninstall   Remove hook from Claude Code settings
+  status      Check if hook is installed
+  help        Show this help message
+
+Protected branches: main, master
+Blocked tools: Write, Edit, NotebookEdit
+`);
+}
+
+const command = process.argv[2];
+
+switch (command) {
+  case "install": install(); break;
+  case "uninstall": uninstall(); break;
+  case "status": status(); break;
+  case "help":
+  case "--help":
+  case "-h": help(); break;
+  default:
+    if (!command) {
+      import("./hook.ts").then((m) => m.run());
+    } else {
+      console.error(`Unknown command: ${command}`);
+      help();
+      process.exit(1);
+    }
+}

package/hooks/hook-branchprotect/src/hook.ts

@@ -0,0 +1,88 @@
+#!/usr/bin/env bun
+
+/**
+ * Claude Code Hook: branchprotect
+ *
+ * PreToolUse hook that prevents file modifications (Write/Edit) when
+ * the current git branch is main or master. Forces feature branch workflow.
+ */
+
+import { readFileSync } from "fs";
+import { execSync } from "child_process";
+
+interface HookInput {
+  session_id: string;
+  cwd: string;
+  tool_name: string;
+  tool_input: Record<string, unknown>;
+}
+
+interface HookOutput {
+  decision?: "approve" | "block";
+  reason?: string;
+}
+
+const PROTECTED_BRANCHES = ["main", "master"];
+const FILE_MODIFYING_TOOLS = ["Write", "Edit", "NotebookEdit"];
+
+function readStdinJson(): HookInput | null {
+  try {
+    const input = readFileSync(0, "utf-8").trim();
+    if (!input) return null;
+    return JSON.parse(input);
+  } catch {
+    return null;
+  }
+}
+
+function getCurrentBranch(cwd: string): string | null {
+  try {
+    return execSync("git rev-parse --abbrev-ref HEAD", {
+      cwd,
+      encoding: "utf-8",
+      stdio: ["pipe", "pipe", "pipe"],
+    }).trim();
+  } catch {
+    return null;
+  }
+}
+
+function respond(output: HookOutput): void {
+  console.log(JSON.stringify(output));
+}
+
+export function run(): void {
+  const input = readStdinJson();
+
+  if (!input) {
+    respond({ decision: "approve" });
+    return;
+  }
+
+  // Only check file-modifying tools
+  if (!FILE_MODIFYING_TOOLS.includes(input.tool_name)) {
+    respond({ decision: "approve" });
+    return;
+  }
+
+  const branch = getCurrentBranch(input.cwd);
+
+  if (!branch) {
+    // Not a git repo — allow
+    respond({ decision: "approve" });
+    return;
+  }
+
+  if (PROTECTED_BRANCHES.includes(branch)) {
+    const reason = `Blocked: cannot modify files on '${branch}' branch. Create a feature branch first (git checkout -b feat/your-change).`;
+    console.error(`[hook-branchprotect] ${reason}`);
+    respond({ decision: "block", reason });
+    return;
+  }
+
+  respond({ decision: "approve" });
+}
+
+if (import.meta.main) {
+  run();
+}

package/hooks/hook-branchprotect/tsconfig.json

@@ -0,0 +1,25 @@
+{
+  "compilerOptions": {
+    "target": "ESNext",
+    "module": "ESNext",
+    "lib": ["ESNext"],
+    "moduleResolution": "bundler",
+    "allowImportingTsExtensions": true,
+    "strict": true,
+    "esModuleInterop": true,
+    "skipLibCheck": true,
+    "forceConsistentCasingInFileNames": true,
+    "resolveJsonModule": true,
+    "isolatedModules": true,
+    "noEmit": true,
+    "noUnusedLocals": true,
+    "noUnusedParameters": true,
+    "declaration": true,
+    "declarationMap": true,
+    "outDir": "./dist",
+    "rootDir": "./src",
+    "types": ["bun-types"]
+  },
+  "include": ["src/**/*"],
+  "exclude": ["node_modules", "dist"]
+}

package/hooks/hook-checkbugs/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 Hasna
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.