@melihmucuk/leash 1.0.2 → 1.0.4

package/README.md

@@ -19,26 +19,27 @@ AI agents can hallucinate dangerous commands. Leash sandboxes them:
 ## Quick Start
 
 ```bash
+# Install leash globally
 npm install -g @melihmucuk/leash
+
+# Setup leash for your platform
 leash --setup <platform>
-```
 
-| Platform | Command |
-|----------|---------|
-| OpenCode | `leash --setup opencode` |
-| Pi Coding Agent | `leash --setup pi` |
-| Claude Code | `leash --setup claude-code` |
-| Factory Droid | `leash --setup factory` |
+# Remove leash from a platform
+leash --remove <platform>
 
-Restart your agent. Done!
+# Update leash anytime
+leash --update
+```
 
-```bash
-# Update anytime
-npm update -g @melihmucuk/leash
+| Platform        | Command                     |
+| --------------- | --------------------------- |
+| OpenCode        | `leash --setup opencode`    |
+| Pi Coding Agent | `leash --setup pi`          |
+| Claude Code     | `leash --setup claude-code` |
+| Factory Droid   | `leash --setup factory`     |
 
-# Remove from a platform
-leash --remove <platform>
-```
+Restart your agent. Done!
 
 <details>
 <summary><b>Manual Setup</b></summary>
@@ -72,6 +73,16 @@ Add to `~/.claude/settings.json`:
 ```json
 {
   "hooks": {
+    "SessionStart": [
+      {
+        "hooks": [
+          {
+            "type": "command",
+            "command": "node <path from leash --path claude-code>"
+          }
+        ]
+      }
+    ],
     "PreToolUse": [
       {
         "matcher": "Bash|Write|Edit",
@@ -94,6 +105,16 @@ Add to `~/.factory/settings.json`:
 ```json
 {
   "hooks": {
+    "SessionStart": [
+      {
+        "hooks": [
+          {
+            "type": "command",
+            "command": "node <path from leash --path factory>"
+          }
+        ]
+      }
+    ],
     "PreToolUse": [
       {
         "matcher": "Execute|Write|Edit",

package/bin/leash.js

@@ -4,7 +4,9 @@ import { existsSync } from "fs";
 import { dirname, join } from "path";
 import { homedir } from "os";
 import { fileURLToPath } from "url";
+import { execSync } from "child_process";
 import { PLATFORMS, setupPlatform, removePlatform } from "./lib.js";
+import { checkForUpdates } from "../packages/core/lib/version-checker.js";
 
 const __dirname = dirname(fileURLToPath(import.meta.url));
 
@@ -107,6 +109,28 @@ function showPath(platformKey) {
   console.log(leashPath);
 }
 
+async function update() {
+  console.log("Checking for updates...");
+
+  const result = await checkForUpdates();
+
+  if (!result.hasUpdate) {
+    console.log(`[ok] Already up to date (v${result.currentVersion})`);
+    return;
+  }
+
+  console.log(`[ok] Update available: v${result.currentVersion} → v${result.latestVersion}`);
+  console.log("[ok] Updating...");
+
+  try {
+    execSync("npm update -g @melihmucuk/leash", { stdio: "inherit" });
+    console.log("[ok] Update complete");
+  } catch {
+    console.error("[error] Update failed. Try manually: npm update -g @melihmucuk/leash");
+    process.exit(1);
+  }
+}
+
 function showHelp() {
   console.log(`
 leash - Security guardrails for AI coding agents
@@ -115,6 +139,7 @@ Usage:
   leash --setup <platform>    Install leash for a platform
   leash --remove <platform>   Remove leash from a platform
   leash --path <platform>     Show leash path for a platform
+  leash --update              Update leash to latest version
   leash --help                Show this help
 
 Platforms:
@@ -127,6 +152,7 @@ Examples:
   leash --setup opencode
   leash --remove claude-code
   leash --path pi
+  leash --update
 `);
 }
 
@@ -162,6 +188,10 @@ switch (command) {
     }
     showPath(platform);
     break;
+  case "--update":
+  case "-u":
+    await update();
+    break;
   case "--help":
   case "-h":
   case undefined:

package/bin/lib.js

@@ -49,26 +49,59 @@ export const PLATFORMS = {
     distPath: "claude-code/leash.js",
     setup: (config, leashPath) => {
       config.hooks = config.hooks || {};
-      config.hooks.PreToolUse = config.hooks.PreToolUse || [];
-      const exists = config.hooks.PreToolUse.some((entry) =>
+      const hookCommand = { type: "command", command: `node ${leashPath}` };
+
+      // Check if already installed in either hook
+      const inSessionStart = config.hooks.SessionStart?.some((entry) =>
+        entry.hooks?.some((h) => h.command?.includes("leash"))
+      );
+      const inPreToolUse = config.hooks.PreToolUse?.some((entry) =>
         entry.hooks?.some((h) => h.command?.includes("leash"))
       );
-      if (exists) {
+      if (inSessionStart && inPreToolUse) {
         return { skipped: true };
       }
-      config.hooks.PreToolUse.push({
-        matcher: "Bash|Write|Edit",
-        hooks: [{ type: "command", command: `node ${leashPath}` }],
-      });
+
+      // Add SessionStart hook
+      if (!inSessionStart) {
+        config.hooks.SessionStart = config.hooks.SessionStart || [];
+        config.hooks.SessionStart.push({
+          hooks: [hookCommand],
+        });
+      }
+
+      // Add PreToolUse hook
+      if (!inPreToolUse) {
+        config.hooks.PreToolUse = config.hooks.PreToolUse || [];
+        config.hooks.PreToolUse.push({
+          matcher: "Bash|Write|Edit",
+          hooks: [hookCommand],
+        });
+      }
+
       return { skipped: false };
     },
     remove: (config) => {
-      if (!config.hooks?.PreToolUse) return false;
-      const before = config.hooks.PreToolUse.length;
-      config.hooks.PreToolUse = config.hooks.PreToolUse.filter(
-        (entry) => !entry.hooks?.some((h) => h.command?.includes("leash"))
-      );
-      return config.hooks.PreToolUse.length < before;
+      if (!config.hooks) return false;
+      let removed = false;
+
+      if (config.hooks.SessionStart) {
+        const before = config.hooks.SessionStart.length;
+        config.hooks.SessionStart = config.hooks.SessionStart.filter(
+          (entry) => !entry.hooks?.some((h) => h.command?.includes("leash"))
+        );
+        if (config.hooks.SessionStart.length < before) removed = true;
+      }
+
+      if (config.hooks.PreToolUse) {
+        const before = config.hooks.PreToolUse.length;
+        config.hooks.PreToolUse = config.hooks.PreToolUse.filter(
+          (entry) => !entry.hooks?.some((h) => h.command?.includes("leash"))
+        );
+        if (config.hooks.PreToolUse.length < before) removed = true;
+      }
+
+      return removed;
     },
   },
   factory: {
@@ -77,26 +110,59 @@ export const PLATFORMS = {
     distPath: "factory/leash.js",
     setup: (config, leashPath) => {
       config.hooks = config.hooks || {};
-      config.hooks.PreToolUse = config.hooks.PreToolUse || [];
-      const exists = config.hooks.PreToolUse.some((entry) =>
+      const hookCommand = { type: "command", command: `node ${leashPath}` };
+
+      // Check if already installed in either hook
+      const inSessionStart = config.hooks.SessionStart?.some((entry) =>
+        entry.hooks?.some((h) => h.command?.includes("leash"))
+      );
+      const inPreToolUse = config.hooks.PreToolUse?.some((entry) =>
         entry.hooks?.some((h) => h.command?.includes("leash"))
       );
-      if (exists) {
+      if (inSessionStart && inPreToolUse) {
         return { skipped: true };
       }
-      config.hooks.PreToolUse.push({
-        matcher: "Execute|Write|Edit",
-        hooks: [{ type: "command", command: `node ${leashPath}` }],
-      });
+
+      // Add SessionStart hook
+      if (!inSessionStart) {
+        config.hooks.SessionStart = config.hooks.SessionStart || [];
+        config.hooks.SessionStart.push({
+          hooks: [hookCommand],
+        });
+      }
+
+      // Add PreToolUse hook
+      if (!inPreToolUse) {
+        config.hooks.PreToolUse = config.hooks.PreToolUse || [];
+        config.hooks.PreToolUse.push({
+          matcher: "Execute|Write|Edit",
+          hooks: [hookCommand],
+        });
+      }
+
       return { skipped: false };
     },
     remove: (config) => {
-      if (!config.hooks?.PreToolUse) return false;
-      const before = config.hooks.PreToolUse.length;
-      config.hooks.PreToolUse = config.hooks.PreToolUse.filter(
-        (entry) => !entry.hooks?.some((h) => h.command?.includes("leash"))
-      );
-      return config.hooks.PreToolUse.length < before;
+      if (!config.hooks) return false;
+      let removed = false;
+
+      if (config.hooks.SessionStart) {
+        const before = config.hooks.SessionStart.length;
+        config.hooks.SessionStart = config.hooks.SessionStart.filter(
+          (entry) => !entry.hooks?.some((h) => h.command?.includes("leash"))
+        );
+        if (config.hooks.SessionStart.length < before) removed = true;
+      }
+
+      if (config.hooks.PreToolUse) {
+        const before = config.hooks.PreToolUse.length;
+        config.hooks.PreToolUse = config.hooks.PreToolUse.filter(
+          (entry) => !entry.hooks?.some((h) => h.command?.includes("leash"))
+        );
+        if (config.hooks.PreToolUse.length < before) removed = true;
+      }
+
+      return removed;
     },
   },
 };

package/dist/claude-code/leash.js

@@ -466,6 +466,48 @@ var CommandAnalyzer = class {
   }
 };
 
+// packages/core/version-checker.ts
+import { readFileSync, existsSync } from "fs";
+import { dirname, join } from "path";
+import { fileURLToPath } from "url";
+function getVersion() {
+  const __dirname = dirname(fileURLToPath(import.meta.url));
+  const candidates = [
+    join(__dirname, "..", "..", "package.json"),
+    join(__dirname, "..", "..", "..", "package.json")
+  ];
+  for (const path of candidates) {
+    if (existsSync(path)) {
+      try {
+        const pkg = JSON.parse(readFileSync(path, "utf-8"));
+        if (pkg.name === "@melihmucuk/leash") {
+          return pkg.version;
+        }
+      } catch {
+      }
+    }
+  }
+  return "0.0.0";
+}
+var CURRENT_VERSION = getVersion();
+var NPM_REGISTRY_URL = "https://registry.npmjs.org/@melihmucuk/leash/latest";
+async function checkForUpdates() {
+  try {
+    const response = await fetch(NPM_REGISTRY_URL);
+    if (!response.ok) {
+      return { hasUpdate: false, currentVersion: CURRENT_VERSION };
+    }
+    const data = await response.json();
+    return {
+      hasUpdate: data.version !== CURRENT_VERSION,
+      latestVersion: data.version,
+      currentVersion: CURRENT_VERSION
+    };
+  } catch {
+    return { hasUpdate: false, currentVersion: CURRENT_VERSION };
+  }
+}
+
 // packages/claude-code/leash.ts
 async function readStdin() {
   const chunks = [];
@@ -483,10 +525,21 @@ async function main() {
     console.error("Failed to parse input JSON");
     process.exit(1);
   }
-  const { tool_name, tool_input, cwd } = input;
+  const { hook_event_name, tool_name, tool_input, cwd } = input;
+  if (hook_event_name === "SessionStart") {
+    const messages = ["\u{1F512} Leash active"];
+    const update = await checkForUpdates();
+    if (update.hasUpdate) {
+      messages.push(
+        `\u{1F504} Leash ${update.latestVersion} available. Run: leash --update`
+      );
+    }
+    console.log(JSON.stringify({ systemMessage: messages.join("\n") }));
+    process.exit(0);
+  }
   const analyzer = new CommandAnalyzer(cwd);
   if (tool_name === "Bash") {
-    const command = tool_input.command || "";
+    const command = tool_input?.command || "";
     const result = analyzer.analyze(command);
     if (result.blocked) {
       console.error(
@@ -499,7 +552,7 @@ Action: Guide the user to run the command manually.`
     }
   }
   if (tool_name === "Write" || tool_name === "Edit") {
-    const path = tool_input.file_path || "";
+    const path = tool_input?.file_path || "";
     const result = analyzer.validatePath(path);
     if (result.blocked) {
       console.error(

package/dist/factory/leash.js

@@ -466,6 +466,48 @@ var CommandAnalyzer = class {
   }
 };
 
+// packages/core/version-checker.ts
+import { readFileSync, existsSync } from "fs";
+import { dirname, join } from "path";
+import { fileURLToPath } from "url";
+function getVersion() {
+  const __dirname = dirname(fileURLToPath(import.meta.url));
+  const candidates = [
+    join(__dirname, "..", "..", "package.json"),
+    join(__dirname, "..", "..", "..", "package.json")
+  ];
+  for (const path of candidates) {
+    if (existsSync(path)) {
+      try {
+        const pkg = JSON.parse(readFileSync(path, "utf-8"));
+        if (pkg.name === "@melihmucuk/leash") {
+          return pkg.version;
+        }
+      } catch {
+      }
+    }
+  }
+  return "0.0.0";
+}
+var CURRENT_VERSION = getVersion();
+var NPM_REGISTRY_URL = "https://registry.npmjs.org/@melihmucuk/leash/latest";
+async function checkForUpdates() {
+  try {
+    const response = await fetch(NPM_REGISTRY_URL);
+    if (!response.ok) {
+      return { hasUpdate: false, currentVersion: CURRENT_VERSION };
+    }
+    const data = await response.json();
+    return {
+      hasUpdate: data.version !== CURRENT_VERSION,
+      latestVersion: data.version,
+      currentVersion: CURRENT_VERSION
+    };
+  } catch {
+    return { hasUpdate: false, currentVersion: CURRENT_VERSION };
+  }
+}
+
 // packages/factory/leash.ts
 async function readStdin() {
   const chunks = [];
@@ -483,11 +525,22 @@ async function main() {
     console.error("Failed to parse input JSON");
     process.exit(1);
   }
-  const { tool_name, tool_input } = input;
+  const { hook_event_name, tool_name, tool_input } = input;
   const cwd = process.env.FACTORY_PROJECT_DIR || input.cwd || process.cwd();
+  if (hook_event_name === "SessionStart") {
+    const messages = ["\u{1F512} Leash active"];
+    const update = await checkForUpdates();
+    if (update.hasUpdate) {
+      messages.push(
+        `\u{1F504} Leash ${update.latestVersion} available. Run: leash --update`
+      );
+    }
+    console.log(JSON.stringify({ systemMessage: messages.join("\n") }));
+    process.exit(0);
+  }
   const analyzer = new CommandAnalyzer(cwd);
   if (tool_name === "Execute") {
-    const command = tool_input.command || "";
+    const command = tool_input?.command || "";
     const result = analyzer.analyze(command);
     if (result.blocked) {
       console.error(
@@ -500,7 +553,7 @@ Action: Guide the user to run the command manually.`
     }
   }
   if (tool_name === "Write" || tool_name === "Edit") {
-    const path = tool_input.file_path || "";
+    const path = tool_input?.file_path || "";
     const result = analyzer.validatePath(path);
     if (result.blocked) {
       console.error(

package/dist/opencode/leash.js

@@ -464,6 +464,48 @@ var CommandAnalyzer = class {
   }
 };
 
+// packages/core/version-checker.ts
+import { readFileSync, existsSync } from "fs";
+import { dirname, join } from "path";
+import { fileURLToPath } from "url";
+function getVersion() {
+  const __dirname = dirname(fileURLToPath(import.meta.url));
+  const candidates = [
+    join(__dirname, "..", "..", "package.json"),
+    join(__dirname, "..", "..", "..", "package.json")
+  ];
+  for (const path of candidates) {
+    if (existsSync(path)) {
+      try {
+        const pkg = JSON.parse(readFileSync(path, "utf-8"));
+        if (pkg.name === "@melihmucuk/leash") {
+          return pkg.version;
+        }
+      } catch {
+      }
+    }
+  }
+  return "0.0.0";
+}
+var CURRENT_VERSION = getVersion();
+var NPM_REGISTRY_URL = "https://registry.npmjs.org/@melihmucuk/leash/latest";
+async function checkForUpdates() {
+  try {
+    const response = await fetch(NPM_REGISTRY_URL);
+    if (!response.ok) {
+      return { hasUpdate: false, currentVersion: CURRENT_VERSION };
+    }
+    const data = await response.json();
+    return {
+      hasUpdate: data.version !== CURRENT_VERSION,
+      latestVersion: data.version,
+      currentVersion: CURRENT_VERSION
+    };
+  } catch {
+    return { hasUpdate: false, currentVersion: CURRENT_VERSION };
+  }
+}
+
 // packages/opencode/leash.ts
 var Leash = async ({ directory, client }) => {
   const analyzer = new CommandAnalyzer(directory);
@@ -473,6 +515,16 @@ var Leash = async ({ directory, client }) => {
         await client.tui.showToast({
           body: { message: "\u{1F512} Leash active", variant: "info" }
         });
+        const update = await checkForUpdates();
+        if (update.hasUpdate) {
+          await client.tui.showToast({
+            body: {
+              message: `\u{1F504} Leash ${update.latestVersion} available.
+Run: leash --update (restart required)`,
+              variant: "warning"
+            }
+          });
+        }
       }
     },
     "tool.execute.before": async (input, output) => {

package/dist/pi/leash.js

@@ -464,6 +464,48 @@ var CommandAnalyzer = class {
   }
 };
 
+// packages/core/version-checker.ts
+import { readFileSync, existsSync } from "fs";
+import { dirname, join } from "path";
+import { fileURLToPath } from "url";
+function getVersion() {
+  const __dirname = dirname(fileURLToPath(import.meta.url));
+  const candidates = [
+    join(__dirname, "..", "..", "package.json"),
+    join(__dirname, "..", "..", "..", "package.json")
+  ];
+  for (const path of candidates) {
+    if (existsSync(path)) {
+      try {
+        const pkg = JSON.parse(readFileSync(path, "utf-8"));
+        if (pkg.name === "@melihmucuk/leash") {
+          return pkg.version;
+        }
+      } catch {
+      }
+    }
+  }
+  return "0.0.0";
+}
+var CURRENT_VERSION = getVersion();
+var NPM_REGISTRY_URL = "https://registry.npmjs.org/@melihmucuk/leash/latest";
+async function checkForUpdates() {
+  try {
+    const response = await fetch(NPM_REGISTRY_URL);
+    if (!response.ok) {
+      return { hasUpdate: false, currentVersion: CURRENT_VERSION };
+    }
+    const data = await response.json();
+    return {
+      hasUpdate: data.version !== CURRENT_VERSION,
+      latestVersion: data.version,
+      currentVersion: CURRENT_VERSION
+    };
+  } catch {
+    return { hasUpdate: false, currentVersion: CURRENT_VERSION };
+  }
+}
+
 // packages/pi/leash.ts
 function leash_default(pi) {
   let analyzer = null;
@@ -471,6 +513,13 @@ function leash_default(pi) {
     if (event.reason === "start") {
       analyzer = new CommandAnalyzer(ctx.cwd);
       ctx.ui.notify("\u{1F512} Leash active", "info");
+      const update = await checkForUpdates();
+      if (update.hasUpdate) {
+        ctx.ui.notify(
+          `\u{1F504} Leash ${update.latestVersion} available. Run: leash --update (restart required)`,
+          "warning"
+        );
+      }
     }
   });
   pi.on("tool_call", async (event, ctx) => {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@melihmucuk/leash",
-  "version": "1.0.2",
+  "version": "1.0.4",
   "type": "module",
   "description": "Security guardrails for AI coding agents",
   "bin": {