npm - @paths.design/caws-cli - Versions diffs - 8.0.0 → 8.1.0 - Mend

@paths.design/caws-cli 8.0.0 → 8.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (149) hide show

package/dist/budget-derivation.d.ts +74 -0
package/dist/budget-derivation.d.ts.map +1 -0
package/dist/cicd-optimizer.d.ts +142 -0
package/dist/cicd-optimizer.d.ts.map +1 -0
package/dist/commands/archive.d.ts +51 -0
package/dist/commands/archive.d.ts.map +1 -0
package/dist/commands/archive.js +114 -6
package/dist/commands/burnup.d.ts +6 -0
package/dist/commands/burnup.d.ts.map +1 -0
package/dist/commands/burnup.js +109 -10
package/dist/commands/diagnose.d.ts +52 -0
package/dist/commands/diagnose.d.ts.map +1 -0
package/dist/commands/diagnose.js +1 -1
package/dist/commands/evaluate.d.ts +8 -0
package/dist/commands/evaluate.d.ts.map +1 -0
package/dist/commands/init.d.ts +5 -0
package/dist/commands/init.d.ts.map +1 -0
package/dist/commands/iterate.d.ts +8 -0
package/dist/commands/iterate.d.ts.map +1 -0
package/dist/commands/mode.d.ts +24 -0
package/dist/commands/mode.d.ts.map +1 -0
package/dist/commands/mode.js +24 -14
package/dist/commands/plan.d.ts +49 -0
package/dist/commands/plan.d.ts.map +1 -0
package/dist/commands/provenance.d.ts +32 -0
package/dist/commands/provenance.d.ts.map +1 -0
package/dist/commands/provenance.js +216 -93
package/dist/commands/quality-gates.d.ts +6 -0
package/dist/commands/quality-gates.d.ts.map +1 -0
package/dist/commands/quality-gates.js +82 -3
package/dist/commands/quality-monitor.d.ts +17 -0
package/dist/commands/quality-monitor.d.ts.map +1 -0
package/dist/commands/specs.d.ts +71 -0
package/dist/commands/specs.d.ts.map +1 -0
package/dist/commands/specs.js +184 -6
package/dist/commands/status.d.ts +44 -0
package/dist/commands/status.d.ts.map +1 -0
package/dist/commands/status.js +134 -10
package/dist/commands/templates.d.ts +74 -0
package/dist/commands/templates.d.ts.map +1 -0
package/dist/commands/templates.js +2 -2
package/dist/commands/tool.d.ts +13 -0
package/dist/commands/tool.d.ts.map +1 -0
package/dist/commands/troubleshoot.d.ts +8 -0
package/dist/commands/troubleshoot.d.ts.map +1 -0
package/dist/commands/tutorial.d.ts +55 -0
package/dist/commands/tutorial.d.ts.map +1 -0
package/dist/commands/validate.d.ts +15 -0
package/dist/commands/validate.d.ts.map +1 -0
package/dist/commands/waivers.d.ts +8 -0
package/dist/commands/waivers.d.ts.map +1 -0
package/dist/commands/workflow.d.ts +85 -0
package/dist/commands/workflow.d.ts.map +1 -0
package/dist/config/index.d.ts +29 -0
package/dist/config/index.d.ts.map +1 -0
package/dist/config/modes.d.ts +225 -0
package/dist/config/modes.d.ts.map +1 -0
package/dist/constants/spec-types.d.ts +41 -0
package/dist/constants/spec-types.d.ts.map +1 -0
package/dist/error-handler.d.ts +164 -0
package/dist/error-handler.d.ts.map +1 -0
package/dist/error-handler.js +6 -98
package/dist/generators/jest-config-generator.js +242 -0
package/dist/generators/jest-config.d.ts +32 -0
package/dist/generators/jest-config.d.ts.map +1 -0
package/dist/generators/working-spec.d.ts +13 -0
package/dist/generators/working-spec.d.ts.map +1 -0
package/dist/index-new.d.ts +5 -0
package/dist/index-new.d.ts.map +1 -0
package/dist/index-new.js +317 -0
package/dist/index.d.ts +5 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +14 -7
package/dist/index.js.backup +4711 -0
package/dist/minimal-cli.d.ts +3 -0
package/dist/minimal-cli.d.ts.map +1 -0
package/dist/minimal-cli.js +3 -1
package/dist/policy/PolicyManager.d.ts +104 -0
package/dist/policy/PolicyManager.d.ts.map +1 -0
package/dist/scaffold/claude-hooks.js +316 -0
package/dist/scaffold/cursor-hooks.d.ts +7 -0
package/dist/scaffold/cursor-hooks.d.ts.map +1 -0
package/dist/scaffold/git-hooks.d.ts +38 -0
package/dist/scaffold/git-hooks.d.ts.map +1 -0
package/dist/scaffold/index.d.ts +15 -0
package/dist/scaffold/index.d.ts.map +1 -0
package/dist/scaffold/index.js +18 -0
package/dist/spec/SpecFileManager.d.ts +146 -0
package/dist/spec/SpecFileManager.d.ts.map +1 -0
package/dist/templates/.claude/README.md +190 -0
package/dist/templates/.claude/hooks/audit.sh +96 -0
package/dist/templates/.claude/hooks/block-dangerous.sh +90 -0
package/dist/templates/.claude/hooks/naming-check.sh +97 -0
package/dist/templates/.claude/hooks/quality-check.sh +68 -0
package/dist/templates/.claude/hooks/scan-secrets.sh +85 -0
package/dist/templates/.claude/hooks/scope-guard.sh +105 -0
package/dist/templates/.claude/hooks/validate-spec.sh +76 -0
package/dist/templates/.claude/settings.json +95 -0
package/dist/test-analysis.d.ts +182 -0
package/dist/test-analysis.d.ts.map +1 -0
package/dist/test-analysis.js +203 -10
package/dist/tool-interface.d.ts +236 -0
package/dist/tool-interface.d.ts.map +1 -0
package/dist/tool-loader.d.ts +77 -0
package/dist/tool-loader.d.ts.map +1 -0
package/dist/tool-validator.d.ts +72 -0
package/dist/tool-validator.d.ts.map +1 -0
package/dist/utils/async-utils.d.ts +73 -0
package/dist/utils/async-utils.d.ts.map +1 -0
package/dist/utils/command-wrapper.d.ts +66 -0
package/dist/utils/command-wrapper.d.ts.map +1 -0
package/dist/utils/detection.d.ts +14 -0
package/dist/utils/detection.d.ts.map +1 -0
package/dist/utils/error-categories.js +210 -0
package/dist/utils/finalization.d.ts +17 -0
package/dist/utils/finalization.d.ts.map +1 -0
package/dist/utils/git-lock.d.ts +13 -0
package/dist/utils/git-lock.d.ts.map +1 -0
package/dist/utils/gitignore-updater.d.ts +39 -0
package/dist/utils/gitignore-updater.d.ts.map +1 -0
package/dist/utils/project-analysis.d.ts +34 -0
package/dist/utils/project-analysis.d.ts.map +1 -0
package/dist/utils/promise-utils.d.ts +30 -0
package/dist/utils/promise-utils.d.ts.map +1 -0
package/dist/utils/quality-gates-utils.js +402 -0
package/dist/utils/quality-gates.d.ts +49 -0
package/dist/utils/quality-gates.d.ts.map +1 -0
package/dist/utils/spec-resolver.d.ts +80 -0
package/dist/utils/spec-resolver.d.ts.map +1 -0
package/dist/utils/typescript-detector.d.ts +63 -0
package/dist/utils/typescript-detector.d.ts.map +1 -0
package/dist/utils/typescript-detector.js +36 -90
package/dist/utils/yaml-validation.d.ts +32 -0
package/dist/utils/yaml-validation.d.ts.map +1 -0
package/dist/validation/spec-validation.d.ts +43 -0
package/dist/validation/spec-validation.d.ts.map +1 -0
package/dist/validation/spec-validation.js +59 -6
package/dist/waivers-manager.d.ts +167 -0
package/dist/waivers-manager.d.ts.map +1 -0
package/package.json +5 -3
package/templates/.claude/README.md +190 -0
package/templates/.claude/hooks/audit.sh +96 -0
package/templates/.claude/hooks/block-dangerous.sh +90 -0
package/templates/.claude/hooks/naming-check.sh +97 -0
package/templates/.claude/hooks/quality-check.sh +68 -0
package/templates/.claude/hooks/scan-secrets.sh +85 -0
package/templates/.claude/hooks/scope-guard.sh +105 -0
package/templates/.claude/hooks/validate-spec.sh +76 -0
package/templates/.claude/settings.json +95 -0

package/dist/spec/SpecFileManager.d.ts ADDED Viewed

@@ -0,0 +1,146 @@
+/**
+ * Spec File Manager - Handles WorkingSpec file operations and YAML conversion
+ *
+ * Features:
+ * - Bidirectional WorkingSpec ↔ YAML conversion
+ * - Temporary file support for validation workflows
+ * - Backup/restore capabilities
+ * - Automatic cleanup of old temporary files
+ */
+export class SpecFileManager {
+    constructor(config?: {});
+    projectRoot: any;
+    useTemporaryFiles: any;
+    tempDir: any;
+    /**
+     * Convert WorkingSpec object to YAML string
+     *
+     * @param {Object} spec - WorkingSpec to convert
+     * @returns {string} YAML string representation
+     */
+    specToYaml(spec: any): string;
+    /**
+     * Parse YAML string to WorkingSpec object
+     *
+     * @param {string} yamlContent - YAML string to parse
+     * @returns {Object} Parsed WorkingSpec object
+     * @throws {Error} If YAML is invalid or doesn't match WorkingSpec schema
+     */
+    yamlToSpec(yamlContent: string): any;
+    /**
+     * Get path to .caws/working-spec.yaml in project
+     *
+     * @returns {string} Absolute path to working spec file
+     */
+    getSpecFilePath(): string;
+    /**
+     * Check if working spec file exists
+     *
+     * @returns {Promise<boolean>} True if file exists
+     */
+    specFileExists(): Promise<boolean>;
+    /**
+     * Read working spec from .caws/working-spec.yaml
+     *
+     * @returns {Promise<Object>} Parsed WorkingSpec object
+     * @throws {Error} If file doesn't exist or is invalid
+     */
+    readSpecFile(): Promise<any>;
+    /**
+     * Write WorkingSpec to file
+     *
+     * Writes to .caws/working-spec.yaml or a temporary file based on configuration.
+     *
+     * @param {Object} spec - WorkingSpec to write
+     * @param {Object} options - Write options
+     * @param {boolean} options.useTemp - Override temp file usage
+     * @param {boolean} options.backup - Create backup before writing
+     * @returns {Promise<Object>} Write result with file path and cleanup function
+     */
+    writeSpecFile(spec: any, options?: {
+        useTemp: boolean;
+        backup: boolean;
+    }): Promise<any>;
+    /**
+     * Update existing working spec file
+     *
+     * Reads current spec, merges changes, and writes back.
+     *
+     * @param {Object} updates - Partial WorkingSpec with fields to update
+     * @returns {Promise<Object>} Updated WorkingSpec
+     */
+    updateSpecFile(updates: any): Promise<any>;
+    /**
+     * Create backup of working spec
+     *
+     * @returns {Promise<string>} Path to backup file
+     */
+    backupSpecFile(): Promise<string>;
+    /**
+     * Restore working spec from backup
+     *
+     * @param {string} backupPath - Path to backup file
+     * @returns {Promise<void>}
+     */
+    restoreSpecFile(backupPath: string): Promise<void>;
+    /**
+     * List all backup files
+     *
+     * @returns {Promise<string[]>} Array of backup file paths
+     */
+    listBackups(): Promise<string[]>;
+    /**
+     * Delete old backup files
+     *
+     * @param {Object} options - Cleanup options
+     * @param {number} options.maxAge - Maximum age in milliseconds (default: 7 days)
+     * @param {number} options.keep - Minimum number of backups to keep (default: 5)
+     * @returns {Promise<number>} Number of backups deleted
+     */
+    cleanupBackups(options?: {
+        maxAge: number;
+        keep: number;
+    }): Promise<number>;
+    /**
+     * Validate spec file exists and is parseable
+     *
+     * @returns {Promise<Object>} Validation result
+     */
+    validateSpecFile(): Promise<any>;
+    /**
+     * Clean up old temporary spec files
+     *
+     * Removes temp files older than specified age.
+     *
+     * @param {number} maxAge - Maximum age in milliseconds (default: 1 hour)
+     * @returns {Promise<number>} Number of files cleaned up
+     */
+    cleanupTempFiles(maxAge?: number): Promise<number>;
+    /**
+     * Get spec file stats (size, modified date, etc.)
+     *
+     * @returns {Promise<Object>} File stats
+     */
+    getSpecFileStats(): Promise<any>;
+    /**
+     * Create a new SpecFileManager instance with different configuration
+     *
+     * @param {Object} config - New configuration
+     * @returns {SpecFileManager} New instance
+     */
+    withConfig(config: any): SpecFileManager;
+}
+export const defaultSpecFileManager: SpecFileManager;
+/**
+ * Create a SpecFileManager instance with default configuration
+ *
+ * @param {string} projectRoot - Project root directory
+ * @param {Object} options - Additional options
+ * @returns {SpecFileManager} SpecFileManager instance
+ */
+export function createSpecFileManager(projectRoot: string, options?: any): SpecFileManager;
+export declare function specToYaml(spec: any): string;
+export declare function yamlToSpec(yaml: any): any;
+export declare function readSpecFile(projectRoot: any): Promise<any>;
+export declare function writeSpecFile(spec: any, projectRoot: any, options: any): Promise<any>;
+//# sourceMappingURL=SpecFileManager.d.ts.map

package/dist/spec/SpecFileManager.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"SpecFileManager.d.ts","sourceRoot":"","sources":["../../src/spec/SpecFileManager.js"],"names":[],"mappings":"AAaA;;;;;;;;GAQG;AACH;IACE,yBAIC;IAHC,iBAAsD;IACtD,uBAA0D;IAC1D,aAA4C;IAG9C;;;;;OAKG;IACH,uBAFa,MAAM,CASlB;IAED;;;;;;OAMG;IACH,wBAJW,MAAM,OAqBhB;IAED;;;;OAIG;IACH,mBAFa,MAAM,CAIlB;IAED;;;;OAIG;IACH,kBAFa,OAAO,CAAC,OAAO,CAAC,CAS5B;IAED;;;;;OAKG;IACH,gBAHa,OAAO,KAAQ,CAe3B;IAED;;;;;;;;;;OAUG;IACH,mCAJG;QAAyB,OAAO,EAAxB,OAAO;QACU,MAAM,EAAvB,OAAO;KACf,GAAU,OAAO,KAAQ,CA2C3B;IAED;;;;;;;OAOG;IACH,8BAFa,OAAO,KAAQ,CAa3B;IAED;;;;OAIG;IACH,kBAFa,OAAO,CAAC,MAAM,CAAC,CAS3B;IAED;;;;;OAKG;IACH,4BAHW,MAAM,GACJ,OAAO,CAAC,IAAI,CAAC,CAKzB;IAED;;;;OAIG;IACH,eAFa,OAAO,CAAC,MAAM,EAAE,CAAC,CAoB7B;IAED;;;;;;;OAOG;IACH,yBAJG;QAAwB,MAAM,EAAtB,MAAM;QACU,IAAI,EAApB,MAAM;KACd,GAAU,OAAO,CAAC,MAAM,CAAC,CA+B3B;IAED;;;;OAIG;IACH,oBAFa,OAAO,KAAQ,CAe3B;IAED;;;;;;;OAOG;IACH,0BAHW,MAAM,GACJ,OAAO,CAAC,MAAM,CAAC,CA6B3B;IAED;;;;OAIG;IACH,oBAFa,OAAO,KAAQ,CA0B3B;IAED;;;;;OAKG;IACH,yBAFa,eAAe,CAS3B;CACF;AAiBD,qDAAqD;AAfrD;;;;;;GAMG;AACH,mDAJW,MAAM,kBAEJ,eAAe,CAO3B;AAWa,sDAAiD;AACjD,mDAAiD;AAC/C,qEAKb;AACc,+FAKd"}

package/dist/templates/.claude/README.md ADDED Viewed

@@ -0,0 +1,190 @@
+# Claude Code Integration for CAWS
+This directory contains Claude Code hooks and configuration for CAWS (Coding Agent Working Standard) integration.
+## Overview
+CAWS hooks for Claude Code provide:
+- **Safety Gates**: Block dangerous commands and scan for secrets
+- **Quality Gates**: Run CAWS quality checks after file edits
+- **Scope Guards**: Validate edits against the working spec's scope
+- **Audit Logging**: Track agent actions for compliance
+## Directory Structure
+```
+.claude/
+├── settings.json      # Claude Code settings with hooks configuration
+├── hooks/             # Hook scripts
+│   ├── audit.sh           # Session and action logging
+│   ├── block-dangerous.sh # Block destructive commands
+│   ├── scan-secrets.sh    # Warn when reading sensitive files
+│   ├── quality-check.sh   # Run CAWS quality gates
+│   ├── validate-spec.sh   # Validate spec files
+│   ├── scope-guard.sh     # Check scope boundaries
+│   └── naming-check.sh    # Validate file naming conventions
+├── logs/              # Audit logs (gitignored)
+└── README.md          # This file
+```
+## Hook Events
+### PreToolUse Hooks
+Run before Claude executes a tool:
+| Hook | Matcher | Purpose |
+|------|---------|---------|
+| `block-dangerous.sh` | `Bash` | Block destructive shell commands |
+| `scan-secrets.sh` | `Read` | Warn when reading sensitive files |
+| `scope-guard.sh` | `Write\|Edit` | Check scope boundaries before edits |
+### PostToolUse Hooks
+Run after Claude executes a tool:
+| Hook | Matcher | Purpose |
+|------|---------|---------|
+| `quality-check.sh` | `Write\|Edit` | Run CAWS quality gates |
+| `validate-spec.sh` | `Write\|Edit` | Validate spec file changes |
+| `naming-check.sh` | `Write` | Check file naming conventions |
+| `audit.sh` | `Write\|Edit\|Bash` | Log tool usage |
+### Session Hooks
+| Hook | Event | Purpose |
+|------|-------|---------|
+| `audit.sh session-start` | `SessionStart` | Log session start |
+| `audit.sh stop` | `Stop` | Log session end |
+## Configuration
+### Enable/Disable Hooks
+Edit `settings.json` to enable or disable specific hooks. Remove entries from the `hooks` object to disable them.
+### Hook Levels
+The scaffold supports four hook levels:
+- **safety**: Block dangerous commands, scan for secrets
+- **quality**: Run quality gates on file edits
+- **scope**: Validate edits against spec scope
+- **audit**: Log all agent actions
+Run `caws init --hooks=safety,quality` to enable specific levels.
+## Audit Logs
+Audit logs are written to `.claude/logs/`:
+- `audit.log` - All-time log (appended)
+- `audit-YYYY-MM-DD.log` - Daily logs
+Logs are JSON-formatted for easy parsing:
+```json
+{
+  "timestamp": "2024-01-15T10:30:00Z",
+  "session_id": "abc123",
+  "event": "tool_use",
+  "tool": "Write",
+  "file": "src/index.ts",
+  "cwd": "/project"
+}
+```
+## Customization
+### Adding Custom Hooks
+1. Create a new script in `.claude/hooks/`
+2. Make it executable: `chmod +x .claude/hooks/my-hook.sh`
+3. Add it to `settings.json`:
+```json
+{
+  "hooks": {
+    "PostToolUse": [
+      {
+        "matcher": "Write|Edit",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "\"$CLAUDE_PROJECT_DIR\"/.claude/hooks/my-hook.sh",
+            "timeout": 10
+          }
+        ]
+      }
+    ]
+  }
+}
+```
+### Hook Input/Output
+Hooks receive JSON input via stdin:
+```json
+{
+  "session_id": "abc123",
+  "hook_event_name": "PostToolUse",
+  "tool_name": "Write",
+  "tool_input": {
+    "file_path": "/path/to/file.ts",
+    "content": "..."
+  },
+  "tool_response": { "success": true }
+}
+```
+Hooks can output JSON to control Claude's behavior:
+```json
+{
+  "decision": "block",
+  "reason": "Quality gate failed: ..."
+}
+```
+Or add context:
+```json
+{
+  "hookSpecificOutput": {
+    "hookEventName": "PostToolUse",
+    "additionalContext": "Remember to update the tests."
+  }
+}
+```
+## Troubleshooting
+### Hooks Not Running
+1. Check `settings.json` syntax: `cat .claude/settings.json | jq .`
+2. Verify scripts are executable: `ls -la .claude/hooks/`
+3. Test hooks manually: `echo '{}' | .claude/hooks/audit.sh`
+### Permission Errors
+Make all hook scripts executable:
+```bash
+chmod +x .claude/hooks/*.sh
+```
+### Debug Hooks
+Run Claude Code with `--debug` to see hook execution details:
+```bash
+claude --debug
+```
+## Further Reading
+- [Claude Code Hooks Documentation](https://code.claude.com/docs/en/hooks)
+- [CAWS Quality Gates](../../docs/quality-gates.md)
+- [CAWS Scope Management](../../docs/scope-management.md)

package/dist/templates/.claude/hooks/audit.sh ADDED Viewed

@@ -0,0 +1,96 @@
+#!/bin/bash
+# CAWS Audit Hook for Claude Code
+# Logs agent actions for compliance and debugging
+# @author @darianrosebrook
+set -euo pipefail
+# Get event type from argument or input
+EVENT_TYPE="${1:-tool-use}"
+# Read JSON input from stdin
+INPUT=$(cat)
+# Parse common fields from Claude Code hook input
+SESSION_ID=$(echo "$INPUT" | jq -r '.session_id // "unknown"')
+CWD=$(echo "$INPUT" | jq -r '.cwd // "."')
+HOOK_EVENT=$(echo "$INPUT" | jq -r '.hook_event_name // "unknown"')
+TOOL_NAME=$(echo "$INPUT" | jq -r '.tool_name // ""')
+PERMISSION_MODE=$(echo "$INPUT" | jq -r '.permission_mode // "default"')
+# Ensure log directory exists
+LOG_DIR="${CLAUDE_PROJECT_DIR:-.}/.claude/logs"
+mkdir -p "$LOG_DIR"
+# Log file path
+LOG_FILE="$LOG_DIR/audit.log"
+DATE_LOG_FILE="$LOG_DIR/audit-$(date +%Y-%m-%d).log"
+# Timestamp
+TIMESTAMP=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
+# Build log entry based on event type
+case "$EVENT_TYPE" in
+  session-start)
+    SOURCE=$(echo "$INPUT" | jq -r '.source // "unknown"')
+    MODEL=$(echo "$INPUT" | jq -r '.model // "unknown"')
+    LOG_ENTRY=$(jq -n \
+      --arg ts "$TIMESTAMP" \
+      --arg sid "$SESSION_ID" \
+      --arg event "session_start" \
+      --arg source "$SOURCE" \
+      --arg model "$MODEL" \
+      --arg cwd "$CWD" \
+      '{timestamp: $ts, session_id: $sid, event: $event, source: $source, model: $model, cwd: $cwd}')
+    ;;
+  stop)
+    STOP_HOOK_ACTIVE=$(echo "$INPUT" | jq -r '.stop_hook_active // false')
+    LOG_ENTRY=$(jq -n \
+      --arg ts "$TIMESTAMP" \
+      --arg sid "$SESSION_ID" \
+      --arg event "session_stop" \
+      --arg cwd "$CWD" \
+      --argjson hook_active "$STOP_HOOK_ACTIVE" \
+      '{timestamp: $ts, session_id: $sid, event: $event, cwd: $cwd, stop_hook_active: $hook_active}')
+    ;;
+  tool-use)
+    # Extract tool-specific info
+    TOOL_INPUT=$(echo "$INPUT" | jq -c '.tool_input // {}')
+    TOOL_RESPONSE=$(echo "$INPUT" | jq -c '.tool_response // {}')
+    TOOL_USE_ID=$(echo "$INPUT" | jq -r '.tool_use_id // ""')
+    # For file operations, extract the path
+    FILE_PATH=$(echo "$TOOL_INPUT" | jq -r '.file_path // ""')
+    COMMAND=$(echo "$TOOL_INPUT" | jq -r '.command // ""')
+    LOG_ENTRY=$(jq -n \
+      --arg ts "$TIMESTAMP" \
+      --arg sid "$SESSION_ID" \
+      --arg event "tool_use" \
+      --arg tool "$TOOL_NAME" \
+      --arg file "$FILE_PATH" \
+      --arg cmd "$COMMAND" \
+      --arg cwd "$CWD" \
+      --arg mode "$PERMISSION_MODE" \
+      '{timestamp: $ts, session_id: $sid, event: $event, tool: $tool, file: $file, command: $cmd, cwd: $cwd, permission_mode: $mode}')
+    ;;
+  *)
+    LOG_ENTRY=$(jq -n \
+      --arg ts "$TIMESTAMP" \
+      --arg sid "$SESSION_ID" \
+      --arg event "$EVENT_TYPE" \
+      --arg hook "$HOOK_EVENT" \
+      --arg cwd "$CWD" \
+      '{timestamp: $ts, session_id: $sid, event: $event, hook_event: $hook, cwd: $cwd}')
+    ;;
+esac
+# Append to log files
+echo "$LOG_ENTRY" >> "$LOG_FILE"
+echo "$LOG_ENTRY" >> "$DATE_LOG_FILE"
+# Success - allow operation to continue
+exit 0

package/dist/templates/.claude/hooks/block-dangerous.sh ADDED Viewed

@@ -0,0 +1,90 @@
+#!/bin/bash
+# CAWS Dangerous Command Blocker for Claude Code
+# Blocks potentially destructive shell commands
+# @author @darianrosebrook
+set -euo pipefail
+# Read JSON input from Claude Code
+INPUT=$(cat)
+# Extract tool info
+TOOL_NAME=$(echo "$INPUT" | jq -r '.tool_name // ""')
+COMMAND=$(echo "$INPUT" | jq -r '.tool_input.command // ""')
+# Only check Bash tool
+if [[ "$TOOL_NAME" != "Bash" ]] || [[ -z "$COMMAND" ]]; then
+  exit 0
+fi
+# Dangerous command patterns
+DANGEROUS_PATTERNS=(
+  # Destructive file operations
+  'rm -rf /'
+  'rm -rf ~'
+  'rm -rf \*'
+  'rm -rf \.'
+  'rm -rf /\*'
+  'dd if=/dev/zero'
+  'dd if=/dev/random'
+  'mkfs\.'
+  'fdisk'
+  '> /dev/sd'
+  # Fork bombs and resource exhaustion
+  ':\(\)\{:\|:\&\};:'
+  'while true.*fork'
+  # Credential/secret exposure
+  'cat.*\.env'
+  'cat.*/etc/passwd'
+  'cat.*/etc/shadow'
+  'cat.*id_rsa'
+  'cat.*\.ssh/'
+  'cat.*credentials'
+  'cat.*\.aws/'
+  # Network exfiltration
+  'curl.*\|.*sh'
+  'wget.*\|.*sh'
+  'curl.*\|.*bash'
+  'wget.*\|.*bash'
+  # Permission escalation
+  'chmod 777'
+  'chmod -R 777'
+  'chmod.*\+s'
+  # History manipulation
+  'history -c'
+  'rm.*\.bash_history'
+  'rm.*\.zsh_history'
+  # System modification
+  'shutdown'
+  'reboot'
+  'init 0'
+  'init 6'
+)
+# Check command against dangerous patterns
+for pattern in "${DANGEROUS_PATTERNS[@]}"; do
+  if echo "$COMMAND" | grep -qiE "$pattern"; then
+    # Output to stderr for Claude to see
+    echo "BLOCKED: Command matches dangerous pattern: $pattern" >&2
+    echo "Command was: $COMMAND" >&2
+    # Exit code 2 blocks the tool and shows stderr to Claude
+    exit 2
+  fi
+done
+# Check for sudo without specific allowed commands
+if echo "$COMMAND" | grep -qE '^sudo\s' && ! echo "$COMMAND" | grep -qE 'sudo (npm|yarn|pnpm|brew|apt-get|apt|dnf|yum)'; then
+  echo "BLOCKED: sudo commands require explicit approval" >&2
+  echo "If this command is safe, please run it manually in your terminal" >&2
+  exit 2
+fi
+# Allow the command
+exit 0

package/dist/templates/.claude/hooks/naming-check.sh ADDED Viewed

@@ -0,0 +1,97 @@
+#!/bin/bash
+# CAWS Naming Convention Check Hook for Claude Code
+# Validates file naming against CAWS conventions
+# @author @darianrosebrook
+set -euo pipefail
+# Read JSON input from Claude Code
+INPUT=$(cat)
+# Extract file path from PostToolUse input
+FILE_PATH=$(echo "$INPUT" | jq -r '.tool_input.file_path // ""')
+TOOL_NAME=$(echo "$INPUT" | jq -r '.tool_name // ""')
+# Only check Write tool (new files)
+if [[ "$TOOL_NAME" != "Write" ]]; then
+  exit 0
+fi
+if [[ -z "$FILE_PATH" ]]; then
+  exit 0
+fi
+# Get filename
+FILENAME=$(basename "$FILE_PATH")
+# Banned modifiers that indicate incomplete/temporary naming
+BANNED_MODIFIERS=(
+  "enhanced"
+  "unified"
+  "simplified"
+  "better"
+  "new"
+  "next"
+  "final"
+  "copy"
+  "revamp"
+  "improved"
+  "alt"
+  "tmp"
+  "scratch"
+  "wip"
+  "test-"
+  "-test"
+  "_test"
+  "temp"
+  "old"
+  "backup"
+)
+# Convert filename to lowercase for checking
+FILENAME_LOWER=$(echo "$FILENAME" | tr '[:upper:]' '[:lower:]')
+# Check for banned modifiers
+for modifier in "${BANNED_MODIFIERS[@]}"; do
+  if [[ "$FILENAME_LOWER" == *"$modifier"* ]]; then
+    # Special case: allow test files that follow conventions
+    if [[ "$modifier" == "test-" ]] || [[ "$modifier" == "-test" ]] || [[ "$modifier" == "_test" ]]; then
+      if [[ "$FILENAME_LOWER" =~ \.(test|spec)\.(js|ts|jsx|tsx|py|go|rs)$ ]]; then
+        continue
+      fi
+    fi
+    echo '{
+      "hookSpecificOutput": {
+        "hookEventName": "PostToolUse",
+        "additionalContext": "Warning: The filename '\'''"$FILENAME"''\'' contains the modifier '\'''"$modifier"''\'' which may indicate temporary or non-canonical naming. Consider using a more descriptive, permanent name. See CAWS naming conventions in .caws/canonical-map.yaml or run '\''caws naming check'\''."
+      }
+    }'
+    exit 0
+  fi
+done
+# Check for version suffixes (e.g., file-v2.js, file_v3.ts)
+if [[ "$FILENAME_LOWER" =~ [-_]v[0-9]+\. ]]; then
+  echo '{
+    "hookSpecificOutput": {
+      "hookEventName": "PostToolUse",
+      "additionalContext": "Warning: The filename '\'''"$FILENAME"''\'' contains a version suffix. Version control should be handled by git, not file names. Consider removing the version suffix."
+    }
+  }'
+  exit 0
+fi
+# Check for date stamps (e.g., file-2024-01-15.js)
+if [[ "$FILENAME_LOWER" =~ [0-9]{4}[-_][0-9]{2}[-_][0-9]{2} ]]; then
+  echo '{
+    "hookSpecificOutput": {
+      "hookEventName": "PostToolUse",
+      "additionalContext": "Warning: The filename '\'''"$FILENAME"''\'' contains a date stamp. Version control should be handled by git, not file names. Consider removing the date."
+    }
+  }'
+  exit 0
+fi
+# File naming is OK
+exit 0

package/dist/templates/.claude/hooks/quality-check.sh ADDED Viewed

@@ -0,0 +1,68 @@
+#!/bin/bash
+# CAWS Quality Check Hook for Claude Code
+# Runs CAWS quality validation after file edits
+# @author @darianrosebrook
+set -euo pipefail
+# Read JSON input from Claude Code
+INPUT=$(cat)
+# Extract file info from PostToolUse input
+FILE_PATH=$(echo "$INPUT" | jq -r '.tool_input.file_path // ""')
+TOOL_NAME=$(echo "$INPUT" | jq -r '.tool_name // ""')
+# Only run on Write/Edit of source files
+if [[ "$TOOL_NAME" != "Write" ]] && [[ "$TOOL_NAME" != "Edit" ]]; then
+  exit 0
+fi
+# Skip non-source files and node_modules/dist
+if [[ ! "$FILE_PATH" =~ \.(js|ts|jsx|tsx|py|go|rs|java|mjs|cjs)$ ]] || \
+   [[ "$FILE_PATH" =~ node_modules ]] || \
+   [[ "$FILE_PATH" =~ dist/ ]] || \
+   [[ "$FILE_PATH" =~ build/ ]]; then
+  exit 0
+fi
+# Determine project directory
+PROJECT_DIR="${CLAUDE_PROJECT_DIR:-.}"
+# Check if we're in a CAWS project
+if [[ ! -f "$PROJECT_DIR/.caws/working-spec.yaml" ]]; then
+  exit 0
+fi
+# Check if CAWS CLI is available
+if ! command -v caws &> /dev/null; then
+  # Suggest installing CAWS
+  echo '{
+    "hookSpecificOutput": {
+      "hookEventName": "PostToolUse",
+      "additionalContext": "CAWS CLI not available. Consider installing with: npm install -g @caws/cli"
+    }
+  }'
+  exit 0
+fi
+# Run CAWS quality gates in quiet mode for quick feedback
+if caws quality-gates --context=commit --quiet 2>/dev/null; then
+  # Quality check passed - provide positive feedback
+  echo '{
+    "hookSpecificOutput": {
+      "hookEventName": "PostToolUse",
+      "additionalContext": "Quality gates passed for this change."
+    }
+  }'
+else
+  # Quality check failed - provide feedback to Claude
+  # Run again to get violations summary
+  VIOLATIONS=$(caws quality-gates --context=commit --json 2>/dev/null | jq -r '.violations[:3] | .[] | "- \(.gate): \(.message)"' 2>/dev/null || echo "Run 'caws quality-gates' for details")
+  echo '{
+    "decision": "block",
+    "reason": "Quality gate violations detected. Please address the following issues before continuing:\n'"$VIOLATIONS"'\n\nRun '\''caws quality-gates'\'' for full details."
+  }'
+fi
+exit 0