@maestrofrontier/frontier 1.4.5 → 1.6.0

package/hooks/maestro-phase-scope.cjs

@@ -1,118 +1,118 @@
-#!/usr/bin/env node
-// Maestro PostToolUse phase-scope guard. Enforces AGENTS.md S7.1
-// structurally: max 5 files modified per phase. Counts distinct files
-// touched by Edit/Write/NotebookEdit -- plus Bash mutations whose
-// target path is statically extractable (redirects, sed -i, tee, mv,
-// cp, rm, mkdir, touch) -- since the last real user prompt (one turn
-// ~ one phase for interactive work) and warns once per turn when the
-// count exceeds MAESTRO_PHASE_FILE_CAP (default 5). Targets with
-// shell expansion ($, backticks, globs) are skipped: a missed count
-// is cheaper than a false warning. git commit / npm install mutate
-// but name no file; they are out of scope for a file counter.
-//
-// Wire with matcher "Edit|Write|NotebookEdit|Bash" so it only runs on
-// file-modifying tools. Soft warning via additionalContext -- never
-// blocks; the agent decides whether the scope is justified (e.g. a
-// user-approved bulk rename). Degrades silently on missing payload
-// fields. Payload fields verified against code.claude.com/docs/en/hooks
-// (PostToolUse input: tool_name, tool_input, transcript_path;
-// output: hookSpecificOutput.additionalContext), 2026-06-10.
-//
-// .cjs so Node treats it as CommonJS regardless of any "type": "module"
-// package.json in a parent directory of the install location.
-//
-// Install: see README "Claude Code: Phase-Scope Guard".
-
-const fs = require('fs');
-
-const MUTATORS = new Set(['Edit', 'Write', 'NotebookEdit']);
-const MARKER = 'Maestro phase-scope guard:';
-
-// Best-effort file targets of a Bash command's mutating constructs.
-function bashTargets(cmd) {
-  const files = [];
-  if (typeof cmd !== 'string') return files;
-  const strip = t => t.replace(/^["']+|["']+$/g, '');
-  const ok = t => t && !t.startsWith('-') && !/[$`*?{}()\[\]<>]/.test(t) && t !== '/dev/null' && !/^nul$/i.test(t);
-  let m;
-  const redir = /(?<![-=<>])>{1,2}\s*([^\s;&|<>]+)/g;
-  while ((m = redir.exec(cmd))) { const t = strip(m[1]); if (ok(t)) files.push(t); }
-  for (let seg of cmd.split(/(?:&&|\|\||[;|\n])/)) {
-    seg = seg.replace(/(?<![-=<>])>{1,2}\s*[^\s;&|<>]+/g, ' ');
-    const toks = seg.trim().split(/\s+/).filter(Boolean);
-    while (toks.length && (toks[0] === 'sudo' || /^[A-Za-z_][A-Za-z0-9_]*=/.test(toks[0]))) toks.shift();
-    const name = toks[0];
-    if (!name) continue;
-    const args = toks.slice(1).filter(a => !a.startsWith('-')).map(strip).filter(ok);
-    if ((name === 'mv' || name === 'cp') && args.length >= 2) files.push(args[args.length - 1]);
-    else if (name === 'rm' || name === 'mkdir' || name === 'touch' || name === 'tee') files.push(...args);
-    else if (name === 'sed' && /(^|\s)-i/.test(seg) && args.length) files.push(args[args.length - 1]);
-  }
-  return files;
-}
-
-let data = {};
-try { data = JSON.parse(fs.readFileSync(0, 'utf8')); } catch { process.exit(0); }
-
-let lines = [];
-if (data.transcript_path && fs.existsSync(data.transcript_path)) {
-  try {
-    const buf = fs.readFileSync(data.transcript_path, 'utf8');
-    lines = (buf.length > 4000000 ? buf.slice(-4000000) : buf).split(/\r?\n/);
-  } catch {}
-}
-
-// Locate the last genuine user prompt (typed text, not a tool_result
-// carrier). Everything after it is the current turn.
-let turnStart = 0;
-const parsed = lines.map(l => { try { return JSON.parse(l); } catch { return null; } });
-for (let i = 0; i < parsed.length; i++) {
-  const e = parsed[i];
-  if (!e || e.type !== 'user' || e.isMeta || !e.message) continue;
-  const c = e.message.content;
-  const genuine = typeof c === 'string'
-    ? true
-    : Array.isArray(c) && c.some(x => x && x.type === 'text') && !c.some(x => x && x.type === 'tool_result');
-  if (genuine) turnStart = i;
-}
-
-// Fire once per turn.
-for (let i = turnStart; i < lines.length; i++) {
-  if (lines[i].includes(MARKER)) process.exit(0);
-}
-
-const files = new Set();
-for (let i = turnStart; i < parsed.length; i++) {
-  const e = parsed[i];
-  if (!e || e.type !== 'assistant' || !e.message || !Array.isArray(e.message.content)) continue;
-  for (const item of e.message.content) {
-    if (!item || item.type !== 'tool_use' || !item.input) continue;
-    if (MUTATORS.has(item.name)) {
-      const p = item.input.file_path || item.input.notebook_path;
-      if (p) files.add(p);
-    } else if (item.name === 'Bash') {
-      for (const t of bashTargets(item.input.command)) files.add(t);
-    }
-  }
-}
-// The triggering call may not be in the transcript yet.
-if (data.tool_input) {
-  if (MUTATORS.has(data.tool_name)) {
-    const p = data.tool_input.file_path || data.tool_input.notebook_path;
-    if (p) files.add(p);
-  } else if (data.tool_name === 'Bash') {
-    for (const t of bashTargets(data.tool_input.command)) files.add(t);
-  }
-}
-
-const cap = parseInt(process.env.MAESTRO_PHASE_FILE_CAP, 10) || 5;
-if (files.size > cap) {
-  process.stdout.write(JSON.stringify({
-    hookSpecificOutput: {
-      hookEventName: 'PostToolUse',
-      additionalContext: `${MARKER} ${files.size} distinct files modified this turn exceeds the max-${cap}-files-per-phase rule (AGENTS.md S7.1). Complete and verify the current phase before expanding scope, or split the remaining work into a follow-up phase. If the user explicitly approved a wider batch (e.g. a bulk rename), proceed.`
-    }
-  }));
-}
-
-process.exit(0);
+#!/usr/bin/env node
+// Maestro PostToolUse phase-scope guard. Enforces AGENTS.md S7.1
+// structurally: max 5 files modified per phase. Counts distinct files
+// touched by Edit/Write/NotebookEdit -- plus Bash mutations whose
+// target path is statically extractable (redirects, sed -i, tee, mv,
+// cp, rm, mkdir, touch) -- since the last real user prompt (one turn
+// ~ one phase for interactive work) and warns once per turn when the
+// count exceeds MAESTRO_PHASE_FILE_CAP (default 5). Targets with
+// shell expansion ($, backticks, globs) are skipped: a missed count
+// is cheaper than a false warning. git commit / npm install mutate
+// but name no file; they are out of scope for a file counter.
+//
+// Wire with matcher "Edit|Write|NotebookEdit|Bash" so it only runs on
+// file-modifying tools. Soft warning via additionalContext -- never
+// blocks; the agent decides whether the scope is justified (e.g. a
+// user-approved bulk rename). Degrades silently on missing payload
+// fields. Payload fields verified against code.claude.com/docs/en/hooks
+// (PostToolUse input: tool_name, tool_input, transcript_path;
+// output: hookSpecificOutput.additionalContext), 2026-06-10.
+//
+// .cjs so Node treats it as CommonJS regardless of any "type": "module"
+// package.json in a parent directory of the install location.
+//
+// Install: see README "Claude Code: Phase-Scope Guard".
+
+const fs = require('fs');
+
+const MUTATORS = new Set(['Edit', 'Write', 'NotebookEdit']);
+const MARKER = 'Maestro phase-scope guard:';
+
+// Best-effort file targets of a Bash command's mutating constructs.
+function bashTargets(cmd) {
+  const files = [];
+  if (typeof cmd !== 'string') return files;
+  const strip = t => t.replace(/^["']+|["']+$/g, '');
+  const ok = t => t && !t.startsWith('-') && !/[$`*?{}()\[\]<>]/.test(t) && t !== '/dev/null' && !/^nul$/i.test(t);
+  let m;
+  const redir = /(?<![-=<>])>{1,2}\s*([^\s;&|<>]+)/g;
+  while ((m = redir.exec(cmd))) { const t = strip(m[1]); if (ok(t)) files.push(t); }
+  for (let seg of cmd.split(/(?:&&|\|\||[;|\n])/)) {
+    seg = seg.replace(/(?<![-=<>])>{1,2}\s*[^\s;&|<>]+/g, ' ');
+    const toks = seg.trim().split(/\s+/).filter(Boolean);
+    while (toks.length && (toks[0] === 'sudo' || /^[A-Za-z_][A-Za-z0-9_]*=/.test(toks[0]))) toks.shift();
+    const name = toks[0];
+    if (!name) continue;
+    const args = toks.slice(1).filter(a => !a.startsWith('-')).map(strip).filter(ok);
+    if ((name === 'mv' || name === 'cp') && args.length >= 2) files.push(args[args.length - 1]);
+    else if (name === 'rm' || name === 'mkdir' || name === 'touch' || name === 'tee') files.push(...args);
+    else if (name === 'sed' && /(^|\s)-i/.test(seg) && args.length) files.push(args[args.length - 1]);
+  }
+  return files;
+}
+
+let data = {};
+try { data = JSON.parse(fs.readFileSync(0, 'utf8')); } catch { process.exit(0); }
+
+let lines = [];
+if (data.transcript_path && fs.existsSync(data.transcript_path)) {
+  try {
+    const buf = fs.readFileSync(data.transcript_path, 'utf8');
+    lines = (buf.length > 4000000 ? buf.slice(-4000000) : buf).split(/\r?\n/);
+  } catch {}
+}
+
+// Locate the last genuine user prompt (typed text, not a tool_result
+// carrier). Everything after it is the current turn.
+let turnStart = 0;
+const parsed = lines.map(l => { try { return JSON.parse(l); } catch { return null; } });
+for (let i = 0; i < parsed.length; i++) {
+  const e = parsed[i];
+  if (!e || e.type !== 'user' || e.isMeta || !e.message) continue;
+  const c = e.message.content;
+  const genuine = typeof c === 'string'
+    ? true
+    : Array.isArray(c) && c.some(x => x && x.type === 'text') && !c.some(x => x && x.type === 'tool_result');
+  if (genuine) turnStart = i;
+}
+
+// Fire once per turn.
+for (let i = turnStart; i < lines.length; i++) {
+  if (lines[i].includes(MARKER)) process.exit(0);
+}
+
+const files = new Set();
+for (let i = turnStart; i < parsed.length; i++) {
+  const e = parsed[i];
+  if (!e || e.type !== 'assistant' || !e.message || !Array.isArray(e.message.content)) continue;
+  for (const item of e.message.content) {
+    if (!item || item.type !== 'tool_use' || !item.input) continue;
+    if (MUTATORS.has(item.name)) {
+      const p = item.input.file_path || item.input.notebook_path;
+      if (p) files.add(p);
+    } else if (item.name === 'Bash') {
+      for (const t of bashTargets(item.input.command)) files.add(t);
+    }
+  }
+}
+// The triggering call may not be in the transcript yet.
+if (data.tool_input) {
+  if (MUTATORS.has(data.tool_name)) {
+    const p = data.tool_input.file_path || data.tool_input.notebook_path;
+    if (p) files.add(p);
+  } else if (data.tool_name === 'Bash') {
+    for (const t of bashTargets(data.tool_input.command)) files.add(t);
+  }
+}
+
+const cap = parseInt(process.env.MAESTRO_PHASE_FILE_CAP, 10) || 5;
+if (files.size > cap) {
+  process.stdout.write(JSON.stringify({
+    hookSpecificOutput: {
+      hookEventName: 'PostToolUse',
+      additionalContext: `${MARKER} ${files.size} distinct files modified this turn exceeds the max-${cap}-files-per-phase rule (AGENTS.md S7.1). Complete and verify the current phase before expanding scope, or split the remaining work into a follow-up phase. If the user explicitly approved a wider batch (e.g. a bulk rename), proceed.`
+    }
+  }));
+}
+
+process.exit(0);

package/hooks/maestro-statusline-sync.cjs

@@ -1,152 +1,152 @@
-#!/usr/bin/env node
-// Maestro status-line sync hook (SessionStart).
-//
-// Problem it solves: the context-bar status line is a STANDALONE copy the
-// user installs once (curl into ~/.claude/statusline/, per docs/context-bar.md)
-// and wires into ~/.claude/settings.json. A Claude Code plugin cannot edit
-// settings.json or copy that file at install time, so when the plugin updates,
-// the wired copy goes stale -- the user keeps seeing the old render (e.g. the
-// "1.00M" token format) while the plugin already ships the fix. This hook
-// closes that gap: on every session start it refreshes the wired copy from the
-// plugin's shipped version.
-//
-// Refresh-if-present ONLY. It never creates the file: an absent context-bar.sh
-// means the user never opted into the status line, and the plugin must not
-// change anyone's status line uninvited (same opt-in rule as terse mode). It
-// only overwrites a file that already exists and whose content differs.
-//
-// Source of truth: ${CLAUDE_PLUGIN_ROOT}/statusline/ (the installed plugin),
-// falling back to this hook's own ../statusline when the env var is unset.
-//
-// Targets: the canonical ~/.claude/statusline/ (the documented install dir,
-// and what the vibe-ads-style ad wrappers chain to), plus the dir resolved
-// from settings.json statusLine.command when that resolves to a real
-// context-bar script. Deduped.
-//
-// Hardened I/O (symlink refusal, O_NOFOLLOW, atomic temp+rename, size cap)
-// mirrors hooks/maestro-terse-mode.cjs. The destination lives at a predictable
-// path under ~/.claude -- a symlink-attack target -- so never write through a
-// link. The source is trusted shipped plugin content.
-//
-// Always silent, never throws, exit 0: a maintenance hook must never break or
-// clutter a session. It writes at most twice (.sh, .ps1) and only right after
-// an update changed the shipped script.
-//
-// .cjs so Node treats it as CommonJS regardless of a parent package.json.
-
-'use strict';
-
-const fs = require('fs');
-const os = require('os');
-const path = require('path');
-
-const SCRIPTS = ['context-bar.sh', 'context-bar.ps1'];
-const MAX_SCRIPT_BYTES = 1 << 16; // 64 KB cap; the scripts are ~6 KB
-
-const claudeDir = process.env.CLAUDE_CONFIG_DIR || path.join(os.homedir(), '.claude');
-
-function sourceDir() {
-  const root = process.env.CLAUDE_PLUGIN_ROOT;
-  if (root) return path.join(root, 'statusline');
-  return path.join(__dirname, '..', 'statusline');
-}
-
-// Read a regular file, refusing symlinks and oversized files. Returns a Buffer
-// or null. Buffer (not utf8) so a byte-exact compare/copy survives any encoding.
-function safeReadFile(p) {
-  try {
-    let st;
-    try { st = fs.lstatSync(p); } catch { return null; }
-    if (st.isSymbolicLink() || !st.isFile()) return null;
-    if (st.size > MAX_SCRIPT_BYTES) return null;
-    const O_NOFOLLOW = typeof fs.constants.O_NOFOLLOW === 'number' ? fs.constants.O_NOFOLLOW : 0;
-    let fd;
-    try {
-      if (O_NOFOLLOW === 0) { try { if (fs.lstatSync(p).isSymbolicLink()) return null; } catch {} }
-      fd = fs.openSync(p, fs.constants.O_RDONLY | O_NOFOLLOW);
-      const buf = Buffer.alloc(st.size);
-      const n = fs.readSync(fd, buf, 0, st.size, 0);
-      return buf.slice(0, n);
-    } finally {
-      if (fd !== undefined) fs.closeSync(fd);
-    }
-  } catch {
-    return null;
-  }
-}
-
-// Atomic overwrite via temp+rename, refusing to write through a symlinked dir
-// or destination. mode sets the final permission bits.
-function safeWriteFile(dest, buf, mode) {
-  try {
-    const dir = path.dirname(dest);
-    try { if (fs.lstatSync(dir).isSymbolicLink()) return false; } catch { return false; }
-    try {
-      if (fs.lstatSync(dest).isSymbolicLink()) return false;
-    } catch (e) {
-      if (e.code !== 'ENOENT') return false;
-    }
-    const tempPath = path.join(dir, '.' + path.basename(dest) + '.' + process.pid + '.' + Date.now() + '.tmp');
-    const O_NOFOLLOW = typeof fs.constants.O_NOFOLLOW === 'number' ? fs.constants.O_NOFOLLOW : 0;
-    const flags = fs.constants.O_WRONLY | fs.constants.O_CREAT | fs.constants.O_EXCL | O_NOFOLLOW;
-    let fd;
-    try {
-      if (O_NOFOLLOW === 0) { try { if (fs.lstatSync(tempPath).isSymbolicLink()) return false; } catch {} }
-      fd = fs.openSync(tempPath, flags, mode);
-      fs.writeSync(fd, buf, 0, buf.length, 0);
-      try { fs.fchmodSync(fd, mode); } catch {}
-    } finally {
-      if (fd !== undefined) fs.closeSync(fd);
-    }
-    fs.renameSync(tempPath, dest);
-    return true;
-  } catch {
-    return false;
-  }
-}
-
-// The dir Claude Code is actually pointed at, when settings.json resolves to a
-// real context-bar script. Reused from settings/config.cjs so there is one
-// resolver. Best-effort: any failure just drops this candidate.
-function resolvedTargetDir() {
-  try {
-    const cfg = require('../settings/config.cjs');
-    const r = cfg.resolveStatuslineDir();
-    if (r && r.scriptOk && r.dir) return r.dir;
-  } catch {}
-  return null;
-}
-
-function syncDir(dir, srcDir) {
-  for (const name of SCRIPTS) {
-    const src = safeReadFile(path.join(srcDir, name));
-    if (!src) continue;
-    const destPath = path.join(dir, name);
-    // Refresh-if-present: skip if the user never installed this script here.
-    let dst;
-    try {
-      const st = fs.lstatSync(destPath);
-      if (st.isSymbolicLink() || !st.isFile()) continue;
-      dst = safeReadFile(destPath);
-    } catch {
-      continue; // ENOENT -> not installed here -> do not create
-    }
-    if (dst && dst.equals(src)) continue; // already current
-    const mode = name.endsWith('.sh') ? 0o755 : 0o644;
-    safeWriteFile(destPath, src, mode);
-  }
-}
-
-function run() {
-  const srcDir = sourceDir();
-  const dirs = new Set([path.join(claudeDir, 'statusline')]);
-  const resolved = resolvedTargetDir();
-  if (resolved) dirs.add(resolved);
-  for (const dir of dirs) syncDir(dir, srcDir);
-}
-
-// Drain stdin (the harness pipes the SessionStart payload) but ignore it; we
-// act unconditionally on session start. Garbage stdin must not throw.
-try { fs.readFileSync(0, 'utf8'); } catch {}
-try { run(); } catch {}
-process.exit(0);
+#!/usr/bin/env node
+// Maestro status-line sync hook (SessionStart).
+//
+// Problem it solves: the context-bar status line is a STANDALONE copy the
+// user installs once (curl into ~/.claude/statusline/, per docs/context-bar.md)
+// and wires into ~/.claude/settings.json. A Claude Code plugin cannot edit
+// settings.json or copy that file at install time, so when the plugin updates,
+// the wired copy goes stale -- the user keeps seeing the old render (e.g. the
+// "1.00M" token format) while the plugin already ships the fix. This hook
+// closes that gap: on every session start it refreshes the wired copy from the
+// plugin's shipped version.
+//
+// Refresh-if-present ONLY. It never creates the file: an absent context-bar.sh
+// means the user never opted into the status line, and the plugin must not
+// change anyone's status line uninvited (same opt-in rule as terse mode). It
+// only overwrites a file that already exists and whose content differs.
+//
+// Source of truth: ${CLAUDE_PLUGIN_ROOT}/statusline/ (the installed plugin),
+// falling back to this hook's own ../statusline when the env var is unset.
+//
+// Targets: the canonical ~/.claude/statusline/ (the documented install dir,
+// and what the vibe-ads-style ad wrappers chain to), plus the dir resolved
+// from settings.json statusLine.command when that resolves to a real
+// context-bar script. Deduped.
+//
+// Hardened I/O (symlink refusal, O_NOFOLLOW, atomic temp+rename, size cap)
+// mirrors hooks/maestro-terse-mode.cjs. The destination lives at a predictable
+// path under ~/.claude -- a symlink-attack target -- so never write through a
+// link. The source is trusted shipped plugin content.
+//
+// Always silent, never throws, exit 0: a maintenance hook must never break or
+// clutter a session. It writes at most twice (.sh, .ps1) and only right after
+// an update changed the shipped script.
+//
+// .cjs so Node treats it as CommonJS regardless of a parent package.json.
+
+'use strict';
+
+const fs = require('fs');
+const os = require('os');
+const path = require('path');
+
+const SCRIPTS = ['context-bar.sh', 'context-bar.ps1'];
+const MAX_SCRIPT_BYTES = 1 << 16; // 64 KB cap; the scripts are ~6 KB
+
+const claudeDir = process.env.CLAUDE_CONFIG_DIR || path.join(os.homedir(), '.claude');
+
+function sourceDir() {
+  const root = process.env.CLAUDE_PLUGIN_ROOT;
+  if (root) return path.join(root, 'statusline');
+  return path.join(__dirname, '..', 'statusline');
+}
+
+// Read a regular file, refusing symlinks and oversized files. Returns a Buffer
+// or null. Buffer (not utf8) so a byte-exact compare/copy survives any encoding.
+function safeReadFile(p) {
+  try {
+    let st;
+    try { st = fs.lstatSync(p); } catch { return null; }
+    if (st.isSymbolicLink() || !st.isFile()) return null;
+    if (st.size > MAX_SCRIPT_BYTES) return null;
+    const O_NOFOLLOW = typeof fs.constants.O_NOFOLLOW === 'number' ? fs.constants.O_NOFOLLOW : 0;
+    let fd;
+    try {
+      if (O_NOFOLLOW === 0) { try { if (fs.lstatSync(p).isSymbolicLink()) return null; } catch {} }
+      fd = fs.openSync(p, fs.constants.O_RDONLY | O_NOFOLLOW);
+      const buf = Buffer.alloc(st.size);
+      const n = fs.readSync(fd, buf, 0, st.size, 0);
+      return buf.slice(0, n);
+    } finally {
+      if (fd !== undefined) fs.closeSync(fd);
+    }
+  } catch {
+    return null;
+  }
+}
+
+// Atomic overwrite via temp+rename, refusing to write through a symlinked dir
+// or destination. mode sets the final permission bits.
+function safeWriteFile(dest, buf, mode) {
+  try {
+    const dir = path.dirname(dest);
+    try { if (fs.lstatSync(dir).isSymbolicLink()) return false; } catch { return false; }
+    try {
+      if (fs.lstatSync(dest).isSymbolicLink()) return false;
+    } catch (e) {
+      if (e.code !== 'ENOENT') return false;
+    }
+    const tempPath = path.join(dir, '.' + path.basename(dest) + '.' + process.pid + '.' + Date.now() + '.tmp');
+    const O_NOFOLLOW = typeof fs.constants.O_NOFOLLOW === 'number' ? fs.constants.O_NOFOLLOW : 0;
+    const flags = fs.constants.O_WRONLY | fs.constants.O_CREAT | fs.constants.O_EXCL | O_NOFOLLOW;
+    let fd;
+    try {
+      if (O_NOFOLLOW === 0) { try { if (fs.lstatSync(tempPath).isSymbolicLink()) return false; } catch {} }
+      fd = fs.openSync(tempPath, flags, mode);
+      fs.writeSync(fd, buf, 0, buf.length, 0);
+      try { fs.fchmodSync(fd, mode); } catch {}
+    } finally {
+      if (fd !== undefined) fs.closeSync(fd);
+    }
+    fs.renameSync(tempPath, dest);
+    return true;
+  } catch {
+    return false;
+  }
+}
+
+// The dir Claude Code is actually pointed at, when settings.json resolves to a
+// real context-bar script. Reused from settings/config.cjs so there is one
+// resolver. Best-effort: any failure just drops this candidate.
+function resolvedTargetDir() {
+  try {
+    const cfg = require('../settings/config.cjs');
+    const r = cfg.resolveStatuslineDir();
+    if (r && r.scriptOk && r.dir) return r.dir;
+  } catch {}
+  return null;
+}
+
+function syncDir(dir, srcDir) {
+  for (const name of SCRIPTS) {
+    const src = safeReadFile(path.join(srcDir, name));
+    if (!src) continue;
+    const destPath = path.join(dir, name);
+    // Refresh-if-present: skip if the user never installed this script here.
+    let dst;
+    try {
+      const st = fs.lstatSync(destPath);
+      if (st.isSymbolicLink() || !st.isFile()) continue;
+      dst = safeReadFile(destPath);
+    } catch {
+      continue; // ENOENT -> not installed here -> do not create
+    }
+    if (dst && dst.equals(src)) continue; // already current
+    const mode = name.endsWith('.sh') ? 0o755 : 0o644;
+    safeWriteFile(destPath, src, mode);
+  }
+}
+
+function run() {
+  const srcDir = sourceDir();
+  const dirs = new Set([path.join(claudeDir, 'statusline')]);
+  const resolved = resolvedTargetDir();
+  if (resolved) dirs.add(resolved);
+  for (const dir of dirs) syncDir(dir, srcDir);
+}
+
+// Drain stdin (the harness pipes the SessionStart payload) but ignore it; we
+// act unconditionally on session start. Garbage stdin must not throw.
+try { fs.readFileSync(0, 'utf8'); } catch {}
+try { run(); } catch {}
+process.exit(0);