@jaguilar87/gaia-ops 5.0.0-beta.1 → 5.0.0-beta.3

package/.claude-plugin/marketplace.json

@@ -8,7 +8,7 @@
     {
       "name": "gaia-security",
       "description": "Keeps you in the loop only when it matters. Gaia Security analyzes every command and classifies it into risk tiers: read-only queries run freely, simulations and validations pass through, and state-changing operations (create, delete, apply, push) pause for your explicit approval before executing. Irreversible commands like dropping databases or deleting cloud infrastructure are permanently blocked.",
-      "version": "5.0.0-beta.1",
+      "version": "5.0.0-beta.3",
       "source": "./dist/gaia-security"
     }
   ]

package/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "gaia-ops",
-  "version": "5.0.0-beta.1",
+  "version": "5.0.0-beta.3",
   "description": "Security-first orchestrator with specialized agents, hooks, and governance for AI coding",
   "author": {
     "name": "jaguilar87"

package/bin/gaia-doctor.js

@@ -341,12 +341,18 @@ async function autoFix() {
     if (existsSync(packagePath)) {
       const relPath = relative(claudeDir, packagePath);
       const names = ['agents', 'tools', 'hooks', 'commands', 'templates', 'config', 'speckit', 'skills'];
+      // Use junctions on Windows (no admin required), regular symlinks elsewhere
+      const linkType = process.platform === 'win32' ? 'junction' : 'dir';
 
       for (const name of names) {
         const link = join(claudeDir, name);
         if (!existsSync(link)) {
           try {
-            await fs.symlink(join(relPath, name), link);
+            // Junctions on Windows require absolute targets; symlinks on Unix use relative
+            const target = process.platform === 'win32'
+              ? join(packagePath, name)
+              : join(relPath, name);
+            await fs.symlink(target, link, linkType);
             console.log(chalk.green(`    Fixed: .claude/${name} symlink`));
             fixed++;
           } catch {

package/bin/gaia-scan

@@ -1,14 +1,38 @@
-#!/usr/bin/env bash
-# Shell wrapper for gaia-scan CLI.
-# Invokes the Python scanner with all forwarded arguments.
-# Used as the npm bin entry point for `npx gaia-scan` / `npx gaia scan`.
+#!/usr/bin/env node
 
-set -euo pipefail
+/**
+ * Cross-platform wrapper for gaia-scan CLI.
+ * Invokes the Python scanner with all forwarded arguments.
+ * Used as the npm bin entry point for `npx gaia-scan`.
+ *
+ * Replaces the previous bash wrapper so that it works on Windows
+ * (where /usr/bin/env bash does not exist).
+ */
 
-SCRIPT_DIR="$(cd "$(dirname "$(readlink -f "$0" 2>/dev/null || realpath "$0" 2>/dev/null || echo "$0")")" && pwd)"
-PLUGIN_ROOT="$(cd "${SCRIPT_DIR}/.." && pwd)"
+import { execFileSync } from 'child_process';
+import { fileURLToPath } from 'url';
+import { dirname, join } from 'path';
 
-# Ensure PYTHONPATH includes the plugin root so `tools.scan` resolves
-export PYTHONPATH="${PLUGIN_ROOT}${PYTHONPATH:+:${PYTHONPATH}}"
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = dirname(__filename);
+const pluginRoot = join(__dirname, '..');
+const scanScript = join(__dirname, 'gaia-scan.py');
 
-exec python3 "${SCRIPT_DIR}/gaia-scan.py" "$@"
+// Forward all CLI arguments after the script name
+const args = process.argv.slice(2);
+
+// Set PYTHONPATH so `tools.scan` resolves inside the package
+const sep = process.platform === 'win32' ? ';' : ':';
+const pythonPath = process.env.PYTHONPATH
+  ? `${pluginRoot}${sep}${process.env.PYTHONPATH}`
+  : pluginRoot;
+
+try {
+  execFileSync('python3', [scanScript, ...args], {
+    stdio: 'inherit',
+    env: { ...process.env, PYTHONPATH: pythonPath },
+  });
+} catch (error) {
+  // execFileSync throws on non-zero exit; propagate the exit code
+  process.exit(error.status || 1);
+}

package/bin/gaia-update.js

@@ -44,6 +44,9 @@ const __dirname = dirname(__filename);
 const CWD = process.env.INIT_CWD || process.cwd();
 const VERBOSE = process.argv.includes('--verbose') || process.argv.includes('-v');
 
+// Use junctions on Windows (no admin required), regular symlinks elsewhere
+const LINK_TYPE = process.platform === 'win32' ? 'junction' : 'dir';
+
 // ============================================================================
 // Version Detection
 // ============================================================================
@@ -376,11 +379,14 @@ async function updateSymlinks() {
 
     for (const name of symlinks) {
       const link = join(claudeDir, name);
-      const target = join(relativePath, name);
+      // Junctions on Windows require absolute targets; symlinks on Unix use relative
+      const target = process.platform === 'win32'
+        ? join(packagePath, name)
+        : join(relativePath, name);
 
       if (!existsSync(link)) {
         try {
-          await fs.symlink(target, link);
+          await fs.symlink(target, link, LINK_TYPE);
           fixed++;
         } catch { /* skip */ }
       } else {
@@ -391,7 +397,7 @@ async function updateSymlinks() {
           // Broken symlink — remove and recreate
           try {
             await fs.unlink(link);
-            await fs.symlink(target, link);
+            await fs.symlink(target, link, LINK_TYPE);
             fixed++;
           } catch { /* skip */ }
         }
@@ -402,7 +408,12 @@ async function updateSymlinks() {
     const changelogLink = join(claudeDir, 'CHANGELOG.md');
     if (!existsSync(changelogLink)) {
       try {
-        await fs.symlink(join(relativePath, 'CHANGELOG.md'), changelogLink);
+        if (process.platform === 'win32') {
+          // Junctions only work for directories; copy the file on Windows
+          await fs.copyFile(join(packagePath, 'CHANGELOG.md'), changelogLink);
+        } else {
+          await fs.symlink(join(relativePath, 'CHANGELOG.md'), changelogLink);
+        }
         fixed++;
       } catch { /* skip */ }
     }

package/dist/gaia-ops/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "gaia-ops",
-  "version": "5.0.0-beta.1",
+  "version": "5.0.0-beta.3",
   "description": "Full DevOps orchestration for Claude Code. Six specialized agents handle the complete development lifecycle \u2014 analysis, planning, execution, and deployment. Gaia-Ops scans your codebase to understand it and injects the right context into each sub-agent. Every command is classified by risk: read-only runs freely, state changes pause for your approval, and irreversible operations are permanently blocked.",
   "author": {
     "name": "jaguilar87"

package/dist/gaia-ops/hooks/modules/security/mutative_verbs.py

@@ -86,7 +86,11 @@ MUTATIVE_VERBS: FrozenSet[str] = frozenset({
     "update", "patch", "set", "modify", "edit", "configure",
     "replace", "overwrite", "write",
     # Deployment / packaging
-    "deploy", "install", "upgrade", "downgrade", "publish", "release", "promote",
+    # NOTE: "release" removed -- it is a CLI subcommand group noun in `gh release`,
+    # `glab release`, etc. The actual mutative actions (create, delete, edit, upload)
+    # are already in MUTATIVE_VERBS. Keeping "release" here causes false positives on
+    # `gh release view` and any command with "release" as an argument string.
+    "deploy", "install", "upgrade", "downgrade", "publish", "promote",
     # Scaling
     "scale", "resize", "autoscale",
     # Lifecycle

package/dist/gaia-ops/tools/scan/setup.py

@@ -19,6 +19,7 @@ Functions:
 import json
 import logging
 import os
+import platform
 import shutil
 import subprocess
 from datetime import datetime, timezone
@@ -27,6 +28,23 @@ from typing import Any, Dict, List, Optional
 
 logger = logging.getLogger(__name__)
 
+# Windows detection: junctions don't require admin privileges
+_IS_WINDOWS = platform.system() == "Windows"
+
+
+def _create_dir_link(target: str, link: str) -> None:
+    """Create a directory link: junction on Windows, symlink on Unix.
+
+    Windows junctions don't require admin/developer-mode privileges,
+    unlike directory symlinks.  The target must be an absolute path
+    on Windows (junctions don't support relative targets).
+    """
+    if _IS_WINDOWS:
+        import _winapi  # stdlib on Windows, unavailable elsewhere
+        _winapi.CreateJunction(target, link)
+    else:
+        os.symlink(target, link)
+
 
 def _find_package_root() -> Path:
     """Find the gaia-ops plugin root directory.
@@ -191,23 +209,31 @@ def create_claude_directory(project_root: Path) -> List[str]:
 
     for name in symlink_names:
         link_path = claude_dir / name
-        target = os.path.join(rel_path, name)
+        # Junctions on Windows require absolute targets; symlinks on Unix use relative
+        if _IS_WINDOWS:
+            target = str(package_path / name)
+        else:
+            target = os.path.join(rel_path, name)
 
         if link_path.exists() or link_path.is_symlink():
             link_path.unlink()
 
         try:
-            os.symlink(target, str(link_path))
+            _create_dir_link(target, str(link_path))
             created.append(name)
         except OSError as exc:
             logger.warning("Failed to create symlink %s: %s", name, exc)
 
-    # CHANGELOG.md symlink
+    # CHANGELOG.md symlink (file, not directory — junctions only work for dirs)
     changelog_link = claude_dir / "CHANGELOG.md"
     if changelog_link.exists() or changelog_link.is_symlink():
         changelog_link.unlink()
     try:
-        os.symlink(os.path.join(rel_path, "CHANGELOG.md"), str(changelog_link))
+        if _IS_WINDOWS:
+            # File symlinks need admin on Windows; copy instead
+            shutil.copy2(str(package_path / "CHANGELOG.md"), str(changelog_link))
+        else:
+            os.symlink(os.path.join(rel_path, "CHANGELOG.md"), str(changelog_link))
         created.append("CHANGELOG.md")
     except OSError as exc:
         logger.warning("Failed to create CHANGELOG.md symlink: %s", exc)

package/dist/gaia-security/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "gaia-security",
-  "version": "5.0.0-beta.1",
+  "version": "5.0.0-beta.3",
   "description": "Keeps you in the loop only when it matters. Gaia Security analyzes every command and classifies it into risk tiers: read-only queries run freely, simulations and validations pass through, and state-changing operations (create, delete, apply, push) pause for your explicit approval before executing. Irreversible commands like dropping databases or deleting cloud infrastructure are permanently blocked.",
   "author": {
     "name": "jaguilar87"

package/dist/gaia-security/hooks/modules/security/mutative_verbs.py

@@ -86,7 +86,11 @@ MUTATIVE_VERBS: FrozenSet[str] = frozenset({
     "update", "patch", "set", "modify", "edit", "configure",
     "replace", "overwrite", "write",
     # Deployment / packaging
-    "deploy", "install", "upgrade", "downgrade", "publish", "release", "promote",
+    # NOTE: "release" removed -- it is a CLI subcommand group noun in `gh release`,
+    # `glab release`, etc. The actual mutative actions (create, delete, edit, upload)
+    # are already in MUTATIVE_VERBS. Keeping "release" here causes false positives on
+    # `gh release view` and any command with "release" as an argument string.
+    "deploy", "install", "upgrade", "downgrade", "publish", "promote",
     # Scaling
     "scale", "resize", "autoscale",
     # Lifecycle

package/hooks/modules/security/mutative_verbs.py

@@ -86,7 +86,11 @@ MUTATIVE_VERBS: FrozenSet[str] = frozenset({
     "update", "patch", "set", "modify", "edit", "configure",
     "replace", "overwrite", "write",
     # Deployment / packaging
-    "deploy", "install", "upgrade", "downgrade", "publish", "release", "promote",
+    # NOTE: "release" removed -- it is a CLI subcommand group noun in `gh release`,
+    # `glab release`, etc. The actual mutative actions (create, delete, edit, upload)
+    # are already in MUTATIVE_VERBS. Keeping "release" here causes false positives on
+    # `gh release view` and any command with "release" as an argument string.
+    "deploy", "install", "upgrade", "downgrade", "publish", "promote",
     # Scaling
     "scale", "resize", "autoscale",
     # Lifecycle

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@jaguilar87/gaia-ops",
-  "version": "5.0.0-beta.1",
+  "version": "5.0.0-beta.3",
   "description": "Multi-agent orchestration system for Claude Code - DevOps automation toolkit",
   "main": "index.js",
   "type": "module",

package/tools/scan/setup.py

@@ -19,6 +19,7 @@ Functions:
 import json
 import logging
 import os
+import platform
 import shutil
 import subprocess
 from datetime import datetime, timezone
@@ -27,6 +28,23 @@ from typing import Any, Dict, List, Optional
 
 logger = logging.getLogger(__name__)
 
+# Windows detection: junctions don't require admin privileges
+_IS_WINDOWS = platform.system() == "Windows"
+
+
+def _create_dir_link(target: str, link: str) -> None:
+    """Create a directory link: junction on Windows, symlink on Unix.
+
+    Windows junctions don't require admin/developer-mode privileges,
+    unlike directory symlinks.  The target must be an absolute path
+    on Windows (junctions don't support relative targets).
+    """
+    if _IS_WINDOWS:
+        import _winapi  # stdlib on Windows, unavailable elsewhere
+        _winapi.CreateJunction(target, link)
+    else:
+        os.symlink(target, link)
+
 
 def _find_package_root() -> Path:
     """Find the gaia-ops plugin root directory.
@@ -191,23 +209,31 @@ def create_claude_directory(project_root: Path) -> List[str]:
 
     for name in symlink_names:
         link_path = claude_dir / name
-        target = os.path.join(rel_path, name)
+        # Junctions on Windows require absolute targets; symlinks on Unix use relative
+        if _IS_WINDOWS:
+            target = str(package_path / name)
+        else:
+            target = os.path.join(rel_path, name)
 
         if link_path.exists() or link_path.is_symlink():
             link_path.unlink()
 
         try:
-            os.symlink(target, str(link_path))
+            _create_dir_link(target, str(link_path))
             created.append(name)
         except OSError as exc:
             logger.warning("Failed to create symlink %s: %s", name, exc)
 
-    # CHANGELOG.md symlink
+    # CHANGELOG.md symlink (file, not directory — junctions only work for dirs)
     changelog_link = claude_dir / "CHANGELOG.md"
     if changelog_link.exists() or changelog_link.is_symlink():
         changelog_link.unlink()
     try:
-        os.symlink(os.path.join(rel_path, "CHANGELOG.md"), str(changelog_link))
+        if _IS_WINDOWS:
+            # File symlinks need admin on Windows; copy instead
+            shutil.copy2(str(package_path / "CHANGELOG.md"), str(changelog_link))
+        else:
+            os.symlink(os.path.join(rel_path, "CHANGELOG.md"), str(changelog_link))
         created.append("CHANGELOG.md")
     except OSError as exc:
         logger.warning("Failed to create CHANGELOG.md symlink: %s", exc)