@paths.design/caws-cli 11.1.7 → 11.1.8

package/templates/hook-packs/claude-code/scan-secrets.sh

@@ -0,0 +1,98 @@
+#!/bin/bash
+# CAWS-MANAGED-HOOK
+# hook_pack: claude-code
+# hook_pack_version: 11
+# caws_min_major: 11
+# lineage_refs: 24
+# do_not_edit_directly: update via `caws init --agent-surface claude-code`
+#
+# CAWS Secret Scanner for Claude Code
+#
+# Advisory-only: emits a hookSpecificOutput warning when a tool call
+# touches files or directories that commonly contain secrets (.env*,
+# *.pem, *.key, SSH keys, cloud-provider config dirs, etc.).
+#
+# Does NOT block. The agent is responsible for redacting sensitive
+# values from its response. Promoted from Sterling per
+# CAWS-HOOK-PACK-PROMOTE-001.
+
+set -euo pipefail
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+# shellcheck source=lib/parse-input.sh
+source "$SCRIPT_DIR/lib/parse-input.sh"
+parse_hook_input
+
+FILE_PATH="$HOOK_FILE_PATH"
+
+if [[ -z "$FILE_PATH" ]]; then
+  exit 0
+fi
+
+# Get just the filename for pattern matching
+FILENAME=$(basename "$FILE_PATH")
+
+# Files that commonly contain secrets
+SECRET_FILE_PATTERNS=(
+  '.env'
+  '.env.local'
+  '.env.production'
+  '.env.development'
+  '.env.*'
+  'credentials.json'
+  'service-account.json'
+  'secrets.yaml'
+  'secrets.yml'
+  'secrets.json'
+  '.netrc'
+  '.npmrc'
+  '.pypirc'
+  'id_rsa'
+  'id_ed25519'
+  'id_ecdsa'
+  '*.pem'
+  '*.key'
+  '*.p12'
+  '*.pfx'
+  'htpasswd'
+  'shadow'
+)
+
+# Directories that commonly contain secrets
+SECRET_DIRS=(
+  '.ssh'
+  '.aws'
+  '.azure'
+  '.gcloud'
+  '.kube'
+  '.gnupg'
+)
+
+# Check if file matches secret patterns
+for pattern in "${SECRET_FILE_PATTERNS[@]}"; do
+  if [[ "$FILENAME" == $pattern ]]; then
+    echo '{
+      "hookSpecificOutput": {
+        "hookEventName": "PreToolUse",
+        "additionalContext": "WARNING: This file may contain secrets. Do not include sensitive values in your response. If you need to reference credentials, use placeholders like <API_KEY> instead of actual values."
+      }
+    }'
+    exit 0
+  fi
+done
+
+# Check if file is in a sensitive directory
+for dir in "${SECRET_DIRS[@]}"; do
+  if [[ "$FILE_PATH" == *"/$dir/"* ]] || [[ "$FILE_PATH" == *"/$dir" ]]; then
+    echo '{
+      "hookSpecificOutput": {
+        "hookEventName": "PreToolUse",
+        "additionalContext": "WARNING: This file is in a sensitive directory that may contain secrets. Do not include any sensitive values in your response."
+      }
+    }'
+    exit 0
+  fi
+done
+
+# Allow the read
+exit 0

package/templates/hook-packs/claude-code/scope-guard.sh

@@ -1,7 +1,7 @@
 #!/bin/bash
 # CAWS-MANAGED-HOOK
 # hook_pack: claude-code
-# hook_pack_version: 5
+# hook_pack_version: 11
 # caws_min_major: 11
 # lineage_refs: 8,11,12,16
 # do_not_edit_directly: update via `caws init --agent-surface claude-code`
@@ -130,15 +130,20 @@ if [[ "$WORK_DIR" =~ \/\.caws\/worktrees\/([^/]+)$ ]]; then
   WORKTREE_NAME="${BASH_REMATCH[1]}"
 fi
 
+# CAWS-LITE-MODE-RETIREMENT-001: lite mode (scope.json without specs/)
+# was removed in pack v8. v11 projects only have .caws/specs/; lite-mode
+# .caws/scope.json is a v10 artifact. Consumers with a legacy
+# .caws/scope.json get a doctor finding (not a hook branch).
 if [[ -d "$WORK_DIR/.caws/specs" ]]; then
-  SCOPE_FILE="$WORK_DIR/.caws/scope.json"
   SPECS_BASE="$WORK_DIR"
 else
-  SCOPE_FILE="$PROJECT_DIR/.caws/scope.json"
   SPECS_BASE="$PROJECT_DIR"
 fi
 
-if [[ ! -f "$SCOPE_FILE" ]] && [[ ! -d "$SPECS_BASE/.caws/specs" ]]; then
+# No specs directory means no v11 governance to enforce. Pre-v8 this
+# branch would fall through to the lite-mode scope.json path; v8+ it
+# is a clean no-op.
+if [[ ! -d "$SPECS_BASE/.caws/specs" ]]; then
   exit 0
 fi
 
@@ -159,73 +164,50 @@ for prefix in "${ALLOW_PREFIXES[@]}"; do
   fi
 done
 
-# Lite mode: scope.json (no .caws/specs/)
-if [[ ! -d "$SPECS_BASE/.caws/specs" ]] && [[ -f "$SCOPE_FILE" ]]; then
-  if command -v node >/dev/null 2>&1; then
-    LITE_CHECK=$(node -e "
-      var fs = require('fs');
-      var path = require('path');
-      try {
-        var scope = JSON.parse(fs.readFileSync('$SCOPE_FILE', 'utf8'));
-        var filePath = '$REL_PATH';
-        var dirs = scope.allowedDirectories || [];
-        var banned = scope.bannedPatterns || {};
-
-        var basename = path.basename(filePath);
-        var bannedFiles = banned.files || [];
-        for (var i = 0; i < bannedFiles.length; i++) {
-          var regex = new RegExp(bannedFiles[i].replace(/\\*/g, '.*').replace(/\\?/g, '.'));
-          if (regex.test(basename)) {
-            console.log('banned:' + bannedFiles[i]);
-            process.exit(0);
-          }
-        }
-
-        var bannedDocs = banned.docs || [];
-        for (var i = 0; i < bannedDocs.length; i++) {
-          var regex = new RegExp(bannedDocs[i].replace(/\\*/g, '.*').replace(/\\?/g, '.'));
-          if (regex.test(basename)) {
-            console.log('banned:' + bannedDocs[i]);
-            process.exit(0);
-          }
-        }
+# CAWS-LITE-MODE-RETIREMENT-001: the v10 "Lite mode" branch
+# (`.caws/scope.json` without `.caws/specs/`) was removed in pack v8.
+# A consumer upgrading from v10 with a legacy `.caws/scope.json` on
+# disk now gets a doctor finding instead — the hook no longer has a
+# silent fallback behavior that disagrees with `caws doctor`.
 
-        if (dirs.length > 0) {
-          var normalized = filePath.replace(/\\\\\\\\/g, '/');
-          var found = false;
-          for (var i = 0; i < dirs.length; i++) {
-            var d = dirs[i].replace(/\\/$/, '');
-            if (normalized.startsWith(d + '/') || normalized === d) { found = true; break; }
-          }
-          if (!found) {
-            console.log('not_allowed');
-            process.exit(0);
-          }
-        }
-        console.log('allowed');
-      } catch (error) {
-        console.log('error:' + error.message);
-      }
-    " 2>&1)
-
-    if [[ "$LITE_CHECK" == banned:* ]]; then
-      PATTERN="${LITE_CHECK#banned:}"
-      emit_scope_progression "This file matches banned pattern '$PATTERN' in .caws/scope.json."
-      exit 0
-    fi
-
-    if [[ "$LITE_CHECK" == "not_allowed" ]]; then
-      emit_scope_progression "This file is outside the allowed directories in .caws/scope.json."
-      exit 0
-    fi
+# Full mode: per-feature specs under .caws/specs/ (v11-shape aware)
+SPECS_DIR="$SPECS_BASE/.caws/specs"
 
+# CAWS-SCOPE-STRIKE-SOURCE-UNIFY-001: delegate to `caws scope check`
+# (the kernel-backed authority) before falling back to the inline node
+# block below. This guarantees the hook's ADMIT/REFUSE decision matches
+# what `caws scope show <path>` would report — the spec's invariant 1.
+#
+# Why it matters: when the kernel says ADMIT for a path, this hook exits
+# 0 immediately without invoking `emit_scope_progression`. That means
+# strikes do NOT increment, even if the path was previously rejected by
+# an earlier scope decision (e.g., before a `scope.in` amendment landed).
+# This auto-invalidates stale strike state by treating the current
+# kernel decision as the only authority — the spec's invariant 2 and A1.
+#
+# Fall-through to the inline node block happens when:
+#   (a) `caws` is not on PATH (e.g. a non-global install during early
+#       bootstrap), OR
+#   (b) `caws scope check` exits non-zero AND we need the inline node
+#       logic to compute the structured diagnostic (out_of_scope vs
+#       not_in_scope, the union/authoritative mode label, the
+#       offending pattern) for emit_scope_progression's user-facing
+#       message. The inline node block is the SAME logic the kernel
+#       runs, evaluated on the same YAML — so they must agree on
+#       REFUSE shape too.
+if command -v caws >/dev/null 2>&1; then
+  if caws scope check "$REL_PATH" >/dev/null 2>&1; then
+    # Kernel-authoritative ADMIT. Skip strike counter entirely.
     exit 0
   fi
+  # Kernel-authoritative REFUSE. The exact diagnostic still comes from
+  # the inline node block below (it parses scope.out vs scope.in miss
+  # vs union vs authoritative, all data the kernel knows but doesn't
+  # expose via `caws scope check`'s exit code). Future work: have
+  # `caws scope check --explain` emit the structured detail so the
+  # fallback inline node block can be deleted entirely.
 fi
 
-# Full mode: per-feature specs under .caws/specs/ (v11-shape aware)
-SPECS_DIR="$SPECS_BASE/.caws/specs"
-
 if command -v node >/dev/null 2>&1; then
   SCOPE_CHECK=$(node -e "
     var yaml = require('js-yaml');

package/templates/hook-packs/claude-code/session-caws-status.sh

@@ -1,7 +1,7 @@
 #!/bin/bash
 # CAWS-MANAGED-HOOK
 # hook_pack: claude-code
-# hook_pack_version: 5
+# hook_pack_version: 11
 # caws_min_major: 11
 # lineage_refs: 4,11
 # do_not_edit_directly: update via `caws init --agent-surface claude-code`

package/templates/hook-packs/claude-code/session-log.sh

@@ -1,7 +1,7 @@
 #!/bin/bash
 # CAWS-MANAGED-HOOK
 # hook_pack: claude-code
-# hook_pack_version: 5
+# hook_pack_version: 11
 # caws_min_major: 11
 # lineage_refs: 10
 # do_not_edit_directly: update via `caws init --agent-surface claude-code`