@massu/core 0.1.1 → 0.4.0

package/dist/hooks/quality-event.js

@@ -3,12 +3,13 @@ import{createRequire as __cr}from"module";const require=__cr(import.meta.url);
 
 // src/memory-db.ts
 import Database from "better-sqlite3";
-import { dirname as dirname2 } from "path";
+import { dirname as dirname2, basename } from "path";
 import { existsSync as existsSync2, mkdirSync } from "fs";
 
 // src/config.ts
 import { resolve, dirname } from "path";
 import { existsSync, readFileSync } from "fs";
+import { homedir } from "os";
 import { parse as parseYaml } from "yaml";
 import { z } from "zod";
 var DomainConfigSchema = z.object({
@@ -140,6 +141,49 @@ var CloudConfigSchema = z.object({
     audit: z.boolean().default(true)
   }).default({ memory: true, analytics: true, audit: true })
 }).optional();
+var ConventionsConfigSchema = z.object({
+  claudeDirName: z.string().default(".claude").refine(
+    (s) => !s.includes("..") && !s.startsWith("/"),
+    { message: 'claudeDirName must not contain ".." or start with "/"' }
+  ),
+  sessionStatePath: z.string().default(".claude/session-state/CURRENT.md").refine(
+    (s) => !s.includes("..") && !s.startsWith("/"),
+    { message: 'sessionStatePath must not contain ".." or start with "/"' }
+  ),
+  sessionArchivePath: z.string().default(".claude/session-state/archive").refine(
+    (s) => !s.includes("..") && !s.startsWith("/"),
+    { message: 'sessionArchivePath must not contain ".." or start with "/"' }
+  ),
+  knowledgeCategories: z.array(z.string()).default([
+    "patterns",
+    "commands",
+    "incidents",
+    "reference",
+    "protocols",
+    "checklists",
+    "playbooks",
+    "critical",
+    "scripts",
+    "status",
+    "templates",
+    "loop-state",
+    "session-state",
+    "agents"
+  ]),
+  knowledgeSourceFiles: z.array(z.string()).default(["CLAUDE.md", "MEMORY.md", "corrections.md"]),
+  excludePatterns: z.array(z.string()).default(["/ARCHIVE/", "/SESSION-HISTORY/"])
+}).optional();
+var PythonDomainConfigSchema = z.object({
+  name: z.string(),
+  packages: z.array(z.string()),
+  allowed_imports_from: z.array(z.string()).default([])
+});
+var PythonConfigSchema = z.object({
+  root: z.string(),
+  alembic_dir: z.string().optional(),
+  domains: z.array(PythonDomainConfigSchema).default([]),
+  exclude_dirs: z.array(z.string()).default(["__pycache__", ".venv", "venv", ".mypy_cache", ".pytest_cache"])
+}).optional();
 var PathsConfigSchema = z.object({
   source: z.string().default("src"),
   aliases: z.record(z.string(), z.string()).default({ "@": "src" }),
@@ -174,7 +218,9 @@ var RawConfigSchema = z.object({
   security: SecurityConfigSchema,
   team: TeamConfigSchema,
   regression: RegressionConfigSchema,
-  cloud: CloudConfigSchema
+  cloud: CloudConfigSchema,
+  conventions: ConventionsConfigSchema,
+  python: PythonConfigSchema
 }).passthrough();
 var _config = null;
 var _projectRoot = null;
@@ -238,13 +284,24 @@ function getConfig() {
     security: parsed.security,
     team: parsed.team,
     regression: parsed.regression,
-    cloud: parsed.cloud
+    cloud: parsed.cloud,
+    conventions: parsed.conventions,
+    python: parsed.python
   };
+  if (!_config.cloud?.apiKey && process.env.MASSU_API_KEY) {
+    _config.cloud = {
+      enabled: true,
+      sync: { memory: true, analytics: true, audit: true },
+      ..._config.cloud,
+      apiKey: process.env.MASSU_API_KEY
+    };
+  }
   return _config;
 }
 function getResolvedPaths() {
   const config = getConfig();
   const root = getProjectRoot();
+  const claudeDirName = config.conventions?.claudeDirName ?? ".claude";
   return {
     codegraphDbPath: resolve(root, ".codegraph/codegraph.db"),
     dataDbPath: resolve(root, ".massu/data.db"),
@@ -260,22 +317,43 @@ function getResolvedPaths() {
     ),
     extensions: [".ts", ".tsx", ".js", ".jsx"],
     indexFiles: ["index.ts", "index.tsx", "index.js", "index.jsx"],
-    patternsDir: resolve(root, ".claude/patterns"),
-    claudeMdPath: resolve(root, ".claude/CLAUDE.md"),
+    patternsDir: resolve(root, claudeDirName, "patterns"),
+    claudeMdPath: resolve(root, claudeDirName, "CLAUDE.md"),
     docsMapPath: resolve(root, ".massu/docs-map.json"),
     helpSitePath: resolve(root, "../" + config.project.name + "-help"),
-    memoryDbPath: resolve(root, ".massu/memory.db")
+    memoryDbPath: resolve(root, ".massu/memory.db"),
+    knowledgeDbPath: resolve(root, ".massu/knowledge.db"),
+    plansDir: resolve(root, "docs/plans"),
+    docsDir: resolve(root, "docs"),
+    claudeDir: resolve(root, claudeDirName),
+    memoryDir: resolve(homedir(), claudeDirName, "projects", root.replace(/\//g, "-"), "memory"),
+    sessionStatePath: resolve(root, config.conventions?.sessionStatePath ?? `${claudeDirName}/session-state/CURRENT.md`),
+    sessionArchivePath: resolve(root, config.conventions?.sessionArchivePath ?? `${claudeDirName}/session-state/archive`),
+    mcpJsonPath: resolve(root, ".mcp.json"),
+    settingsLocalPath: resolve(root, claudeDirName, "settings.local.json")
   };
 }
 
-// src/memory-schema.ts
+// src/memory-db.ts
+function getMemoryDb() {
+  const dbPath = getResolvedPaths().memoryDbPath;
+  const dir = dirname2(dbPath);
+  if (!existsSync2(dir)) {
+    mkdirSync(dir, { recursive: true });
+  }
+  const db = new Database(dbPath);
+  db.pragma("journal_mode = WAL");
+  db.pragma("foreign_keys = ON");
+  initMemorySchema(db);
+  return db;
+}
 function initMemorySchema(db) {
   db.exec(`
     -- Sessions table (linked to Claude Code session IDs)
     CREATE TABLE IF NOT EXISTS sessions (
       id INTEGER PRIMARY KEY AUTOINCREMENT,
       session_id TEXT UNIQUE NOT NULL,
-      project TEXT NOT NULL DEFAULT 'unknown',
+      project TEXT NOT NULL DEFAULT 'my-project',
       git_branch TEXT,
       started_at TEXT NOT NULL,
       started_at_epoch INTEGER NOT NULL,
@@ -330,9 +408,7 @@ function initMemorySchema(db) {
         content_rowid='id'
       );
     `);
-  } catch (e) {
-    process.stderr.write(`FTS5 setup warning: ${e instanceof Error ? e.message : String(e)}
-`);
+  } catch (_e) {
   }
   db.exec(`
     CREATE TRIGGER IF NOT EXISTS observations_ai AFTER INSERT ON observations BEGIN
@@ -392,9 +468,7 @@ function initMemorySchema(db) {
         content_rowid='id'
       );
     `);
-  } catch (e) {
-    process.stderr.write(`FTS5 setup warning: ${e instanceof Error ? e.message : String(e)}
-`);
+  } catch (_e) {
   }
   db.exec(`
     CREATE TRIGGER IF NOT EXISTS prompts_ai AFTER INSERT ON user_prompts BEGIN
@@ -464,9 +538,7 @@ function initMemorySchema(db) {
         content_rowid=id
       );
     `);
-  } catch (e) {
-    process.stderr.write(`FTS5 setup warning: ${e instanceof Error ? e.message : String(e)}
-`);
+  } catch (_e) {
   }
   db.exec(`
     CREATE TRIGGER IF NOT EXISTS ct_fts_insert AFTER INSERT ON conversation_turns BEGIN
@@ -490,7 +562,7 @@ function initMemorySchema(db) {
     CREATE TABLE IF NOT EXISTS session_quality_scores (
       id INTEGER PRIMARY KEY AUTOINCREMENT,
       session_id TEXT NOT NULL UNIQUE,
-      project TEXT NOT NULL DEFAULT 'unknown',
+      project TEXT NOT NULL DEFAULT 'my-project',
       score INTEGER NOT NULL DEFAULT 100,
       security_score INTEGER NOT NULL DEFAULT 100,
       architecture_score INTEGER NOT NULL DEFAULT 100,
@@ -513,7 +585,7 @@ function initMemorySchema(db) {
     CREATE TABLE IF NOT EXISTS session_costs (
       id INTEGER PRIMARY KEY AUTOINCREMENT,
       session_id TEXT NOT NULL UNIQUE,
-      project TEXT NOT NULL DEFAULT 'unknown',
+      project TEXT NOT NULL DEFAULT 'my-project',
       input_tokens INTEGER NOT NULL DEFAULT 0,
       output_tokens INTEGER NOT NULL DEFAULT 0,
       cache_read_tokens INTEGER NOT NULL DEFAULT 0,
@@ -740,24 +812,15 @@ function initMemorySchema(db) {
     );
     CREATE INDEX IF NOT EXISTS idx_pending_sync_created ON pending_sync(created_at ASC);
   `);
-}
-
-// src/memory-db.ts
-var initializedPaths = /* @__PURE__ */ new Set();
-function getMemoryDb() {
-  const dbPath = getResolvedPaths().memoryDbPath;
-  const dir = dirname2(dbPath);
-  if (!existsSync2(dir)) {
-    mkdirSync(dir, { recursive: true });
-  }
-  const db = new Database(dbPath);
-  db.pragma("journal_mode = WAL");
-  db.pragma("foreign_keys = ON");
-  if (!initializedPaths.has(dbPath)) {
-    initMemorySchema(db);
-    initializedPaths.add(dbPath);
-  }
-  return db;
+  db.exec(`
+    CREATE TABLE IF NOT EXISTS license_cache (
+      api_key_hash TEXT PRIMARY KEY,
+      tier TEXT NOT NULL,
+      valid_until TEXT NOT NULL,
+      last_validated TEXT NOT NULL,
+      features TEXT DEFAULT '[]'
+    );
+  `);
 }
 
 // src/hooks/quality-event.ts
@@ -838,14 +901,14 @@ async function main() {
   process.exit(0);
 }
 function readStdin() {
-  return new Promise((resolve2) => {
+  return new Promise((resolve3) => {
     let data = "";
     process.stdin.setEncoding("utf-8");
     process.stdin.on("data", (chunk) => {
       data += chunk;
     });
-    process.stdin.on("end", () => resolve2(data));
-    setTimeout(() => resolve2(data), 3e3);
+    process.stdin.on("end", () => resolve3(data));
+    setTimeout(() => resolve3(data), 3e3);
   });
 }
 main();

package/dist/hooks/security-gate.js

@@ -52,6 +52,24 @@ function checkFilePath(filePath) {
   }
   return null;
 }
+var DANGEROUS_PYTHON_PATTERNS = [
+  { pattern: /\beval\s*\(/, label: "Python eval() \u2014 arbitrary code execution" },
+  { pattern: /\bexec\s*\(/, label: "Python exec() \u2014 arbitrary code execution" },
+  { pattern: /\b__import__\s*\(/, label: "Python __import__() \u2014 dynamic import (potential code injection)" },
+  { pattern: /subprocess\.call\([^)]*shell\s*=\s*True/, label: "subprocess.call(shell=True) \u2014 shell injection risk" },
+  { pattern: /subprocess\.Popen\([^)]*shell\s*=\s*True/, label: "subprocess.Popen(shell=True) \u2014 shell injection risk" },
+  { pattern: /os\.system\s*\(/, label: "os.system() \u2014 shell injection risk" },
+  { pattern: /\bf['"].*\{.*\}.*['"].*(?:execute|cursor|query)/, label: "f-string in SQL \u2014 SQL injection risk" },
+  { pattern: /['"].*%s.*['"].*%.*(?:execute|cursor|query)/, label: "String formatting in SQL \u2014 SQL injection risk" }
+];
+function checkPythonContent(content) {
+  for (const { pattern, label } of DANGEROUS_PYTHON_PATTERNS) {
+    if (pattern.test(content)) {
+      return label;
+    }
+  }
+  return null;
+}
 async function main() {
   try {
     const input = await readStdin();
@@ -77,6 +95,17 @@ Ensure this is intentional and no secrets will be exposed.`
         }));
       }
     }
+    const pyContent = tool_input.content || tool_input.new_string;
+    if ((tool_name === "Write" || tool_name === "Edit") && tool_input.file_path?.endsWith(".py") && pyContent) {
+      const pyViolation = checkPythonContent(pyContent);
+      if (pyViolation) {
+        process.stdout.write(JSON.stringify({
+          message: `SECURITY GATE: Dangerous Python pattern detected: ${pyViolation}
+File: ${tool_input.file_path}
+Review carefully before proceeding.`
+        }));
+      }
+    }
   } catch {
   }
   process.exit(0);