@kennethsolomon/shipkit 3.7.0 → 3.8.0

package/skills/sk:setup-claude/scripts/apply_setup_claude.py

@@ -7,12 +7,18 @@ import hashlib
 import json
 import os
 import re
+import shutil
+import stat
 import sys
 from dataclasses import asdict, dataclass
+from datetime import datetime, timezone
 from pathlib import Path
 from typing import Dict, Iterable, List, Optional, Tuple
 
 
+CACHE_MAX_AGE_DAYS = 7
+
+
 GENERATED_MARKER = "<!-- Generated by /setup-claude -->"
 TEMPLATE_HASH_MARKER = "<!-- Template Hash: "
 TEMPLATE_HASH_END = " -->"
@@ -59,6 +65,46 @@ def _any_dep_prefix(pkg: dict, prefix: str) -> bool:
     return any(k.startswith(prefix) for k in deps.keys())
 
 
+def _cache_path(repo_root: Path) -> Path:
+    return repo_root / ".shipkit" / "config.json"
+
+
+def _read_cached_detection(repo_root: Path) -> Optional[Detection]:
+    """Return cached Detection if cache exists and is less than CACHE_MAX_AGE_DAYS old."""
+    cache = _cache_path(repo_root)
+    data = _read_json(cache)
+    if data is None:
+        return None
+    detected_at = data.get("detected_at")
+    if not detected_at:
+        return None
+    try:
+        ts = datetime.fromisoformat(detected_at)
+        age = datetime.now(timezone.utc) - ts
+        if age.days >= CACHE_MAX_AGE_DAYS:
+            return None
+    except (ValueError, TypeError):
+        return None
+    det = data.get("detection")
+    if not det:
+        return None
+    try:
+        return Detection(**det)
+    except (TypeError, KeyError):
+        return None
+
+
+def _write_cached_detection(repo_root: Path, detection: Detection) -> None:
+    """Persist detection results to .shipkit/config.json with a detected_at timestamp."""
+    cache = _cache_path(repo_root)
+    cache.parent.mkdir(parents=True, exist_ok=True)
+    payload = {
+        "detected_at": datetime.now(timezone.utc).isoformat(),
+        "detection": asdict(detection),
+    }
+    cache.write_text(json.dumps(payload, indent=2, sort_keys=True), encoding="utf-8")
+
+
 def detect(repo_root: Path) -> Detection:
     package_json = _read_json(repo_root / "package.json") or {}
     scripts = (package_json.get("scripts") or {}) if isinstance(package_json, dict) else {}
@@ -272,6 +318,103 @@ def _plan_file_if_generated(dest: Path, content: str) -> str:
     return "skipped" if existing == content else "updated"
 
 
+def _collect_results(
+    results,
+    repo_root: Path,
+    created: List[str],
+    updated: List[str],
+    skipped: List[str],
+) -> None:
+    """Categorize deployment results into created/updated/skipped lists."""
+    for action, p in results:
+        rel = str(p.relative_to(repo_root))
+        if action == "created":
+            created.append(rel)
+        elif action == "updated":
+            updated.append(rel)
+        else:
+            skipped.append(rel)
+
+
+def _make_executable(path: Path) -> None:
+    """Add owner-execute permission to a file."""
+    st = path.stat()
+    path.chmod(st.st_mode | stat.S_IXUSR | stat.S_IXGRP | stat.S_IXOTH)
+
+
+def _deploy_directory(
+    src_dir: Path,
+    dest_dir: Path,
+    *,
+    dry_run: bool,
+    executable: bool = False,
+    filter_fn=None,
+) -> List[tuple]:
+    """Copy files from src_dir to dest_dir. Returns list of (action, relative_path)."""
+    results: List[tuple] = []
+    if not src_dir.exists():
+        return results
+    for src_file in sorted(src_dir.iterdir()):
+        if not src_file.is_file():
+            continue
+        if filter_fn and not filter_fn(src_file.name):
+            continue
+        dest_file = dest_dir / src_file.name
+        if dest_file.exists():
+            results.append(("skipped", dest_file))
+        elif dry_run:
+            results.append(("created", dest_file))
+        else:
+            dest_dir.mkdir(parents=True, exist_ok=True)
+            shutil.copy2(src_file, dest_file)
+            if executable:
+                _make_executable(dest_file)
+            results.append(("created", dest_file))
+    return results
+
+
+def _deploy_rendered_file(
+    template_path: Path,
+    dest: Path,
+    detection: Detection,
+    *,
+    dry_run: bool,
+    executable: bool = False,
+) -> tuple:
+    """Render a template and write to dest. Returns (action, path)."""
+    if not template_path.exists():
+        return ("skipped", dest)
+    template_text = template_path.read_text(encoding="utf-8")
+    rendered = render_template(template_text, detection)
+    if dest.exists():
+        return ("skipped", dest)
+    if dry_run:
+        return ("created", dest)
+    dest.parent.mkdir(parents=True, exist_ok=True)
+    dest.write_text(rendered, encoding="utf-8")
+    if executable:
+        _make_executable(dest)
+    return ("created", dest)
+
+
+def _rules_filter(detection: Detection):
+    """Return a filter function that selects rules relevant to the detected stack."""
+    always = {"tests.md.template", "frontend.md.template", "api.md.template"}
+
+    def _filter(filename: str) -> bool:
+        if filename in always:
+            return True
+        if filename == "laravel.md.template" and "Laravel" in detection.framework:
+            return True
+        if filename == "react.md.template" and (
+            "React" in detection.framework or detection.framework == "Next.js (App Router)"
+        ):
+            return True
+        return False
+
+    return _filter
+
+
 def apply(
     repo_root: Path,
     skill_root: Path,
@@ -370,12 +513,54 @@ def apply(
         else:
             action, p = ("skipped", dest_path)
 
-        if action == "created":
-            created.append(str(p.relative_to(repo_root)))
-        elif action == "updated":
-            updated.append(str(p.relative_to(repo_root)))
+        _collect_results([(action, p)], repo_root, created, updated, skipped)
+
+    # --- Deploy hooks ---
+    hooks_src = skill_root / "templates" / "hooks"
+    hooks_dest = repo_root / ".claude" / "hooks"
+    _collect_results(
+        _deploy_directory(hooks_src, hooks_dest, dry_run=dry_run, executable=True),
+        repo_root, created, updated, skipped,
+    )
+
+    # --- Deploy agents ---
+    agents_src = skill_root / "templates" / ".claude" / "agents"
+    agents_dest = repo_root / ".claude" / "agents"
+    _collect_results(
+        _deploy_directory(agents_src, agents_dest, dry_run=dry_run),
+        repo_root, created, updated, skipped,
+    )
+
+    # --- Deploy rules (stack-filtered) ---
+    rules_src = skill_root / "templates" / ".claude" / "rules"
+    rules_dest = repo_root / ".claude" / "rules"
+    _collect_results(
+        _deploy_directory(rules_src, rules_dest, dry_run=dry_run, filter_fn=_rules_filter(detection)),
+        repo_root, created, updated, skipped,
+    )
+
+    # --- Deploy settings.json ---
+    settings_template = skill_root / "templates" / ".claude" / "settings.json.template"
+    settings_dest = repo_root / ".claude" / "settings.json"
+    _collect_results(
+        [_deploy_rendered_file(settings_template, settings_dest, detection, dry_run=dry_run)],
+        repo_root, created, updated, skipped,
+    )
+
+    # --- Deploy statusline.sh ---
+    statusline_src = skill_root / "templates" / ".claude" / "statusline.sh"
+    statusline_dest = repo_root / ".claude" / "statusline.sh"
+    if statusline_src.exists():
+        if statusline_dest.exists():
+            action_sl = "skipped"
+        elif dry_run:
+            action_sl = "created"
         else:
-            skipped.append(str(p.relative_to(repo_root)))
+            statusline_dest.parent.mkdir(parents=True, exist_ok=True)
+            shutil.copy2(statusline_src, statusline_dest)
+            _make_executable(statusline_dest)
+            action_sl = "created"
+        _collect_results([(action_sl, statusline_dest)], repo_root, created, updated, skipped)
 
     if dry_run:
         print("setup-claude dry-run complete (no files written)")
@@ -415,6 +600,11 @@ def main(argv: List[str]) -> int:
         action="store_true",
         help="Print detected values as JSON and exit unless combined with --dry-run.",
     )
+    parser.add_argument(
+        "--force-detect",
+        action="store_true",
+        help="Bypass cached detection and re-run stack detection from scratch.",
+    )
     args = parser.parse_args(argv[1:])
 
     repo_root = Path(args.repo_root).resolve()
@@ -424,7 +614,17 @@ def main(argv: List[str]) -> int:
         print(f"Repo root not found: {repo_root}", file=sys.stderr)
         return 2
 
-    detection = detect(repo_root)
+    # Use cached detection unless --force-detect is set
+    detection = None
+    if not args.force_detect:
+        detection = _read_cached_detection(repo_root)
+        if detection:
+            print("Using cached detection (< 7 days old). Pass --force-detect to re-run.")
+    if detection is None:
+        detection = detect(repo_root)
+        if not args.dry_run:
+            _write_cached_detection(repo_root, detection)
+
     if args.print_detection:
         print(json.dumps(asdict(detection), indent=2, sort_keys=True))
         if not args.dry_run:

package/skills/sk:setup-claude/templates/.claude/agents/e2e-tester.md

@@ -0,0 +1,46 @@
+---
+name: e2e-tester
+model: sonnet
+description: Run E2E behavioral verification using Playwright CLI or agent-browser. Fix failures and auto-commit.
+allowed_tools: Bash, Read, Edit, Write, Glob, Grep
+---
+
+# E2E Tester Agent
+
+You are a specialized E2E testing agent. Your job is to verify the complete implementation works end-to-end from a user's perspective.
+
+## Behavior
+
+1. **Detect E2E framework**:
+   - If `playwright.config.ts` exists -> use Playwright CLI
+   - If `cypress.config.ts` exists -> use Cypress
+   - If `tests/verify-workflow.sh` exists -> use bash test suite
+   - Otherwise -> report no E2E framework detected
+
+2. **Run E2E tests**:
+   - Playwright: `npx playwright test --reporter=list`
+   - Cypress: `npx cypress run`
+   - Bash: `bash tests/verify-workflow.sh`
+
+3. **If tests fail**:
+   - Analyze failure output and screenshots (if Playwright)
+   - Determine if failure is in test or implementation
+   - Fix the root cause
+   - Stage: `git add <files>`
+   - auto-commit: `fix(e2e): resolve failing E2E scenarios`
+   - Re-run from scratch
+   - Loop until all pass
+
+4. **Pre-existing failures** (tests that were already failing before this branch):
+   - Log to `tasks/tech-debt.md`:
+     ```
+     ### [YYYY-MM-DD] Found during: sk:e2e
+     File: path/to/test.ext
+     Issue: Pre-existing E2E failure — [description]
+     Severity: medium
+     ```
+
+5. **Report** when passing:
+   ```
+   E2E: [N] scenarios passed, 0 failed (attempt [M])
+   ```

package/skills/sk:setup-claude/templates/.claude/agents/linter.md

@@ -0,0 +1,53 @@
+---
+name: linter
+model: haiku
+description: Run all project linters and dependency audits. Auto-fix issues, auto-commit fixes, and re-run until clean.
+allowed_tools: Bash, Read, Edit, Write, Glob, Grep
+---
+
+# Linter Agent
+
+You are a specialized linting agent. Your job is to run all detected linters and dependency audits, fix any issues found, and loop until everything passes clean.
+
+## Behavior
+
+1. **Detect linters**: Check for project linting tools:
+   - PHP: `vendor/bin/pint`, `vendor/bin/phpstan`, `vendor/bin/rector`
+   - JS/TS: `npx eslint`, `npx prettier`, eslint in package.json scripts
+   - Python: `ruff`, `black`, `flake8`, `mypy`
+   - Go: `gofmt`, `golangci-lint`
+   - Rust: `cargo fmt`, `cargo clippy`
+   - General: `npm run lint`, `composer lint` from package.json/composer.json scripts
+
+2. **Detect dependency audits**: `npm audit`, `composer audit`, `pip-audit`, `cargo audit`
+
+3. **Run formatters first** (sequential — order matters):
+   - Prettier/Pint/Black/gofmt/cargo fmt
+
+4. **Run analyzers** (parallel where possible):
+   - ESLint/PHPStan/Rector/Ruff/Clippy
+
+5. **Run dependency audits**
+
+6. **Fix loop**: For each issue found:
+   - Fix the issue
+   - Stage the fix: `git add <files>`
+   - auto-commit with message: `fix(lint): resolve lint and dep audit issues`
+   - Re-run ALL linters from scratch
+   - Loop until clean — do not stop after one pass
+
+7. **Pre-existing issues**: If an issue exists in a file NOT in `git diff main..HEAD --name-only`:
+   - Log to `tasks/tech-debt.md` using format:
+     ```
+     ### [YYYY-MM-DD] Found during: sk:lint
+     File: path/to/file.ext:line
+     Issue: description
+     Severity: low
+     ```
+   - Do NOT fix it — it's out of scope
+
+8. **Report** when clean:
+   ```
+   Lint: clean (attempt N)
+   Dep audit: 0 vulnerabilities
+   ```

package/skills/sk:setup-claude/templates/.claude/agents/perf-auditor.md

@@ -0,0 +1,43 @@
+---
+name: perf-auditor
+model: sonnet
+description: Audit changed code for performance issues including bundle size, N+1 queries, Core Web Vitals, and memory leaks.
+allowed_tools: Bash, Read, Edit, Write, Glob, Grep
+---
+
+# Performance Auditor Agent
+
+You are a specialized performance audit agent. Your job is to review changed code for performance issues and fix critical/high findings.
+
+## Behavior
+
+1. **Identify changed files**: `git diff main..HEAD --name-only`
+
+2. **Audit categories** (check what's applicable based on file types):
+   - **N+1 queries**: Eloquent/ORM queries inside loops, missing eager loading
+   - **Bundle size**: Importing entire libraries when only a function is needed
+   - **Memory**: Unbounded arrays, missing cleanup in effects/listeners, leaked subscriptions
+   - **Core Web Vitals**: Layout shifts (missing width/height on images), blocking scripts, large DOM
+   - **Database**: Missing indexes on filtered/sorted columns, SELECT * instead of specific columns
+   - **Caching**: Repeated expensive computations that could be memoized or cached
+   - **Rendering**: Unnecessary re-renders, missing React.memo/useMemo where profiling shows need
+
+3. **Classify findings**: critical, high, medium, low
+
+4. **Fix critical/high** in-scope findings:
+   - Fix the issue
+   - Stage: `git add <files>`
+   - auto-commit: `fix(perf): resolve [severity] performance issue`
+   - Re-run audit
+
+5. **Medium/low** findings: Log only, do not fix
+
+6. **Pre-existing issues**: Log to `tasks/tech-debt.md`
+
+7. **Generate report**: Write findings to `tasks/perf-findings.md`
+
+8. **Report** when clean:
+   ```
+   Performance: 0 critical/high findings (attempt [N])
+   Audited: [M] files
+   ```

package/skills/sk:setup-claude/templates/.claude/agents/security-auditor.md

@@ -0,0 +1,47 @@
+---
+name: security-auditor
+model: sonnet
+description: Audit changed code for OWASP Top 10 and security best practices. Fix findings and auto-commit.
+allowed_tools: Bash, Read, Edit, Write, Glob, Grep
+---
+
+# Security Auditor Agent
+
+You are a specialized security audit agent. Your job is to review all changed code for security vulnerabilities following OWASP Top 10 and industry best practices.
+
+## Behavior
+
+1. **Identify changed files**: `git diff main..HEAD --name-only`
+
+2. **Read each changed file** and audit for:
+   - **Injection** (SQL, command, XSS, template): User input used in queries/commands without sanitization
+   - **Broken auth**: Hardcoded credentials, missing auth checks, weak token generation
+   - **Sensitive data exposure**: Secrets in code, missing encryption, verbose error messages
+   - **Broken access control**: Missing authorization checks, IDOR vulnerabilities
+   - **Security misconfiguration**: Debug mode in production, permissive CORS, missing security headers
+   - **Vulnerable dependencies**: Known CVEs in dependencies (check with `npm audit`, `composer audit`, etc.)
+   - **Input validation**: Missing or insufficient validation at system boundaries
+
+3. **For each finding**:
+   - Classify severity: critical, high, medium, low
+   - If in scope (file in branch diff): Fix immediately
+   - Stage fix: `git add <files>`
+   - auto-commit: `fix(security): resolve [severity] [type] finding`
+   - Re-run audit on fixed files
+
+4. **Pre-existing issues** (file NOT in branch diff):
+   - Log to `tasks/tech-debt.md`:
+     ```
+     ### [YYYY-MM-DD] Found during: sk:security-check
+     File: path/to/file.ext:line
+     Issue: [OWASP category] — description
+     Severity: [critical|high|medium|low]
+     ```
+
+5. **Generate report**: Append findings to `tasks/security-findings.md`
+
+6. **Report** when clean:
+   ```
+   Security: 0 findings (attempt [N])
+   Audited: [M] files
+   ```

package/skills/sk:setup-claude/templates/.claude/agents/test-runner.md

@@ -0,0 +1,42 @@
+---
+name: test-runner
+model: sonnet
+description: Run all project test suites, fix failures, ensure 100% coverage on new code.
+allowed_tools: Bash, Read, Edit, Write, Glob, Grep
+---
+
+# Test Runner Agent
+
+You are a specialized testing agent. Your job is to run all detected test suites, fix failing tests, and ensure 100% coverage on new code.
+
+## Behavior
+
+1. **Detect test frameworks**:
+   - PHP: `vendor/bin/pest`, `vendor/bin/phpunit`
+   - JS/TS: `npx vitest`, `npx jest`, `npm test`
+   - Python: `pytest`, `python -m unittest`
+   - Go: `go test ./...`
+   - Rust: `cargo test`
+   - Bash: `bash tests/verify-workflow.sh`
+
+2. **Run all detected suites**
+
+3. **If tests fail**:
+   - Analyze the failure output
+   - Fix the root cause (not just the test — fix the implementation if it's wrong)
+   - Stage fixes: `git add <files>`
+   - auto-commit: `fix(test): resolve failing tests`
+   - Re-run the failing suite
+   - Loop until all pass
+
+4. **Coverage check**: If the test framework supports coverage:
+   - Run with coverage enabled
+   - Check that new code (files in `git diff main..HEAD --name-only`) has 100% coverage
+   - If coverage gaps exist, write additional tests
+   - auto-commit: `fix(test): add missing test coverage`
+
+5. **Report** when passing:
+   ```
+   Tests: [N] passed, 0 failed (attempt [M])
+   Coverage: 100% on new code
+   ```

package/skills/sk:setup-claude/templates/.claude/rules/api.md.template

@@ -0,0 +1,14 @@
+<!-- Generated by /setup-claude -->
+# API Standards
+
+Applies to: `routes/api/`, `app/Http/Controllers/Api/`, `src/api/`, `src/routes/`
+
+## Conventions
+
+- **Validation**: Validate all input at the boundary. Use form requests, schemas, or middleware — never trust raw input.
+- **Error responses**: Return structured JSON errors with appropriate HTTP status codes. Include enough context to debug.
+- **Authentication**: Every endpoint must explicitly declare its auth requirement (public, authenticated, admin).
+- **Rate limiting**: Apply rate limits to public and authentication endpoints.
+- **Versioning**: Use URL or header versioning for breaking changes.
+- **Response shape**: Consistent response envelope — `{ data, meta, errors }` or framework convention.
+- **Idempotency**: POST/PUT/PATCH operations should be idempotent where possible.

package/skills/sk:setup-claude/templates/.claude/rules/frontend.md.template

@@ -0,0 +1,15 @@
+<!-- Generated by /setup-claude -->
+# Frontend Standards
+
+Applies to: `resources/`, `src/components/`, `app/components/`, `src/pages/`, `src/views/`
+
+## Conventions
+
+- **Component structure**: One component per file. Name matches filename.
+- **Props**: Type all props explicitly. No `any` types.
+- **State**: Keep state as close to where it's used as possible. Lift only when necessary.
+- **Side effects**: Isolate side effects in hooks/composables. Keep render functions pure.
+- **Accessibility**: All interactive elements must be keyboard accessible. Use semantic HTML. Include ARIA labels where needed.
+- **Loading states**: Handle loading, error, and empty states for every data-dependent component.
+- **Event handlers**: Name handlers descriptively (`handleSubmitForm`, not `onClick`).
+- **CSS**: Use utility classes or scoped styles. No global style modifications from components.

package/skills/sk:setup-claude/templates/.claude/rules/laravel.md.template

@@ -0,0 +1,15 @@
+<!-- Generated by /setup-claude -->
+# Laravel Standards
+
+Applies to: `app/`, `routes/`, `database/`, `config/`
+
+## Conventions
+
+- **Eloquent**: Use query scopes for reusable queries. Avoid raw SQL unless necessary for performance.
+- **N+1**: Always eager-load relationships. Use `->with()` or `->load()`.
+- **Form Requests**: Validate in Form Request classes, not in controllers.
+- **Service Layer**: Business logic belongs in services, not controllers or models.
+- **Resources**: Use API Resources for response transformation.
+- **Migrations**: One logical change per migration. Never modify a published migration.
+- **Config**: Access config via `config()` helper, never `env()` outside config files.
+- **Strict mode**: Models use strict mode (prevent lazy loading, silently discarding attributes, accessing missing attributes).

package/skills/sk:setup-claude/templates/.claude/rules/react.md.template

@@ -0,0 +1,14 @@
+<!-- Generated by /setup-claude -->
+# React Standards
+
+Applies to: `src/components/`, `src/hooks/`, `src/pages/`, `app/components/`
+
+## Conventions
+
+- **Hooks**: Follow Rules of Hooks. Custom hooks start with `use`. Extract complex logic into custom hooks.
+- **Components**: Prefer function components. Use `React.memo()` only when profiling shows a need.
+- **State**: Use `useState` for local state, context for shared state, external stores (Zustand/Redux) for complex state.
+- **Effects**: Minimize `useEffect`. Prefer derived state and event handlers. Always specify dependency arrays.
+- **Keys**: Use stable, unique keys for lists. Never use array index as key for dynamic lists.
+- **Error boundaries**: Wrap route-level components in error boundaries.
+- **TypeScript**: Type props interfaces, not inline. Export prop types for reusable components.

package/skills/sk:setup-claude/templates/.claude/rules/tests.md.template

@@ -0,0 +1,16 @@
+<!-- Generated by /setup-claude -->
+# Testing Standards
+
+Applies to: `tests/`, `test/`, `__tests__/`, `spec/`
+
+## Conventions
+
+- **Naming**: `test_[system]_[scenario]_[expected_result]` or `describe > it` blocks with descriptive names
+- **Structure**: Arrange / Act / Assert — every test must clearly separate setup, execution, and verification
+- **Independence**: Unit tests must not depend on external state (filesystem, network, database)
+- **Cleanup**: Integration tests must clean up artifacts after execution
+- **Coverage**: All new code requires test coverage. Target 100% coverage on new code paths.
+- **Regression**: Every bug fix requires a regression test that would have caught the original defect
+- **Fixtures**: Test data belongs in the test itself or dedicated fixtures — never shared mutable state
+- **Mocking**: Mock external dependencies, not the code under test. Test behavior, not implementation.
+- **Performance**: Tests should run fast. Mock slow dependencies (network, disk, database) in unit tests.

package/skills/sk:setup-claude/templates/.claude/settings.json.template

@@ -0,0 +1,76 @@
+{
+  "$schema": "https://json.schemastore.org/claude-code-settings.json",
+  "statusline": {
+    "command": "bash .claude/statusline.sh"
+  },
+  "permissions": {
+    "allow": [
+      "Bash(git status*)",
+      "Bash(git diff*)",
+      "Bash(git log*)",
+      "Bash(git branch*)",
+      "Bash(git rev-parse*)",
+      "Bash(ls*)",
+      "Bash(cat package.json)",
+      "Bash(cat composer.json)"
+    ],
+    "deny": [
+      "Bash(rm -rf*)",
+      "Bash(git push --force*)",
+      "Bash(git reset --hard*)",
+      "Bash(sudo *)",
+      "Bash(chmod -R 777*)",
+      "Bash(cat .env*)"
+    ]
+  },
+  "hooks": {
+    "SessionStart": [
+      {
+        "type": "command",
+        "command": "bash .claude/hooks/session-start.sh",
+        "timeout": 10000
+      }
+    ],
+    "PreCompact": [
+      {
+        "type": "command",
+        "command": "bash .claude/hooks/pre-compact.sh",
+        "timeout": 10000
+      }
+    ],
+    "PreToolUse": [
+      {
+        "type": "command",
+        "command": "bash .claude/hooks/validate-commit.sh",
+        "timeout": 10000,
+        "matcher": {
+          "tool_name": "Bash",
+          "command_pattern": "git commit*"
+        }
+      },
+      {
+        "type": "command",
+        "command": "bash .claude/hooks/validate-push.sh",
+        "timeout": 5000,
+        "matcher": {
+          "tool_name": "Bash",
+          "command_pattern": "git push*"
+        }
+      }
+    ],
+    "SubagentStart": [
+      {
+        "type": "command",
+        "command": "bash .claude/hooks/log-agent.sh",
+        "timeout": 5000
+      }
+    ],
+    "Stop": [
+      {
+        "type": "command",
+        "command": "bash .claude/hooks/session-stop.sh",
+        "timeout": 10000
+      }
+    ]
+  }
+}