@paths.design/caws-cli 8.0.1 → 8.1.0

package/templates/.claude/hooks/scope-guard.sh

@@ -0,0 +1,105 @@
+#!/bin/bash
+# CAWS Scope Guard Hook for Claude Code
+# Validates file edits against the working spec's scope boundaries
+# @author @darianrosebrook
+
+set -euo pipefail
+
+# Read JSON input from Claude Code
+INPUT=$(cat)
+
+# Extract file path from PreToolUse input
+FILE_PATH=$(echo "$INPUT" | jq -r '.tool_input.file_path // ""')
+TOOL_NAME=$(echo "$INPUT" | jq -r '.tool_name // ""')
+
+# Only check Write/Edit operations
+if [[ "$TOOL_NAME" != "Write" ]] && [[ "$TOOL_NAME" != "Edit" ]]; then
+  exit 0
+fi
+
+if [[ -z "$FILE_PATH" ]]; then
+  exit 0
+fi
+
+PROJECT_DIR="${CLAUDE_PROJECT_DIR:-.}"
+SPEC_FILE="$PROJECT_DIR/.caws/working-spec.yaml"
+
+# Check if spec file exists
+if [[ ! -f "$SPEC_FILE" ]]; then
+  exit 0
+fi
+
+# Get relative path from project root
+REL_PATH=$(realpath --relative-to="$PROJECT_DIR" "$FILE_PATH" 2>/dev/null || echo "$FILE_PATH")
+
+# Use Node.js to parse YAML and check scope
+if command -v node >/dev/null 2>&1; then
+  SCOPE_CHECK=$(node -e "
+    const yaml = require('js-yaml');
+    const fs = require('fs');
+    const path = require('path');
+
+    try {
+      const spec = yaml.load(fs.readFileSync('$SPEC_FILE', 'utf8'));
+      const filePath = '$REL_PATH';
+
+      // Check if file is explicitly out of scope
+      const outOfScope = spec.scope?.out_of_scope || [];
+      for (const pattern of outOfScope) {
+        // Simple glob-like matching
+        const regex = new RegExp(pattern.replace(/\*/g, '.*').replace(/\?/g, '.'));
+        if (regex.test(filePath)) {
+          console.log('out_of_scope:' + pattern);
+          process.exit(0);
+        }
+      }
+
+      // Check if file is in scope (if scope is explicitly defined)
+      const inScope = spec.scope?.files || spec.scope?.directories || [];
+      if (inScope.length > 0) {
+        let found = false;
+        for (const pattern of inScope) {
+          const regex = new RegExp(pattern.replace(/\*/g, '.*').replace(/\?/g, '.'));
+          if (regex.test(filePath)) {
+            found = true;
+            break;
+          }
+        }
+        if (!found) {
+          console.log('not_in_scope');
+          process.exit(0);
+        }
+      }
+
+      console.log('in_scope');
+    } catch (error) {
+      console.log('error:' + error.message);
+    }
+  " 2>&1)
+
+  if [[ "$SCOPE_CHECK" == out_of_scope:* ]]; then
+    PATTERN="${SCOPE_CHECK#out_of_scope:}"
+    echo '{
+      "hookSpecificOutput": {
+        "hookEventName": "PreToolUse",
+        "permissionDecision": "ask",
+        "permissionDecisionReason": "This file ('"$REL_PATH"') is marked as out-of-scope in the working spec (pattern: '"$PATTERN"'). Editing it may cause scope creep. Please confirm this edit is intentional."
+      }
+    }'
+    exit 0
+  fi
+
+  if [[ "$SCOPE_CHECK" == "not_in_scope" ]]; then
+    echo '{
+      "hookSpecificOutput": {
+        "hookEventName": "PreToolUse",
+        "permissionDecision": "ask",
+        "permissionDecisionReason": "This file ('"$REL_PATH"') is not in the defined scope of the working spec. Editing it may cause scope creep. Please confirm this edit is intentional."
+      }
+    }'
+    exit 0
+  fi
+fi
+
+# File is in scope or scope couldn't be checked - allow
+exit 0

package/templates/.claude/hooks/validate-spec.sh

@@ -0,0 +1,76 @@
+#!/bin/bash
+# CAWS Spec Validation Hook for Claude Code
+# Validates working-spec.yaml when it's edited
+# @author @darianrosebrook
+
+set -euo pipefail
+
+# Read JSON input from Claude Code
+INPUT=$(cat)
+
+# Extract file path from PostToolUse input
+FILE_PATH=$(echo "$INPUT" | jq -r '.tool_input.file_path // ""')
+
+# Only validate CAWS YAML files
+if [[ "$FILE_PATH" != *".caws/"* ]] || ([[ "$FILE_PATH" != *.yaml ]] && [[ "$FILE_PATH" != *.yml ]]); then
+  exit 0
+fi
+
+PROJECT_DIR="${CLAUDE_PROJECT_DIR:-.}"
+
+# First, validate YAML syntax using Node.js if available
+if command -v node >/dev/null 2>&1; then
+  YAML_CHECK=$(node -e "
+    try {
+      const yaml = require('js-yaml');
+      const fs = require('fs');
+      const content = fs.readFileSync('$FILE_PATH', 'utf8');
+      yaml.load(content);
+      console.log('valid');
+    } catch (error) {
+      console.error(error.message);
+      if (error.mark) {
+        console.error('Line: ' + (error.mark.line + 1) + ', Column: ' + (error.mark.column + 1));
+      }
+      process.exit(1);
+    }
+  " 2>&1)
+
+  if [ $? -ne 0 ]; then
+    echo '{
+      "decision": "block",
+      "reason": "YAML syntax error in spec file:\n'"$YAML_CHECK"'\n\nPlease fix the syntax before continuing. Common issues:\n- Check indentation (YAML uses 2 spaces)\n- Ensure arrays use consistent format\n- Remove duplicate keys"
+    }'
+    exit 0
+  fi
+fi
+
+# Run CAWS CLI validation if available
+if command -v caws &> /dev/null; then
+  if VALIDATION=$(caws validate "$FILE_PATH" --quiet 2>&1); then
+    echo '{
+      "hookSpecificOutput": {
+        "hookEventName": "PostToolUse",
+        "additionalContext": "Spec validation passed. The specification is valid and complete."
+      }
+    }'
+  else
+    # Get suggestions
+    SUGGESTIONS=$(caws validate "$FILE_PATH" --suggestions 2>/dev/null | head -5 | tr '\n' ' ' || echo "Run 'caws validate --suggestions' for details")
+
+    echo '{
+      "decision": "block",
+      "reason": "Spec validation failed:\n'"$VALIDATION"'\n\nSuggestions:\n'"$SUGGESTIONS"'"
+    }'
+  fi
+else
+  # Basic validation without CAWS CLI
+  echo '{
+    "hookSpecificOutput": {
+      "hookEventName": "PostToolUse",
+      "additionalContext": "CAWS CLI not available for full spec validation. Install with: npm install -g @caws/cli"
+    }
+  }'
+fi
+
+exit 0

package/templates/.claude/settings.json

@@ -0,0 +1,95 @@
+{
+  "hooks": {
+    "PreToolUse": [
+      {
+        "matcher": "Bash",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "\"$CLAUDE_PROJECT_DIR\"/.claude/hooks/block-dangerous.sh",
+            "timeout": 10
+          }
+        ]
+      },
+      {
+        "matcher": "Read",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "\"$CLAUDE_PROJECT_DIR\"/.claude/hooks/scan-secrets.sh",
+            "timeout": 10
+          }
+        ]
+      },
+      {
+        "matcher": "Write|Edit",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "\"$CLAUDE_PROJECT_DIR\"/.claude/hooks/scope-guard.sh",
+            "timeout": 10
+          }
+        ]
+      }
+    ],
+    "PostToolUse": [
+      {
+        "matcher": "Write|Edit",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "\"$CLAUDE_PROJECT_DIR\"/.claude/hooks/quality-check.sh",
+            "timeout": 30
+          },
+          {
+            "type": "command",
+            "command": "\"$CLAUDE_PROJECT_DIR\"/.claude/hooks/validate-spec.sh",
+            "timeout": 15
+          },
+          {
+            "type": "command",
+            "command": "\"$CLAUDE_PROJECT_DIR\"/.claude/hooks/naming-check.sh",
+            "timeout": 10
+          },
+          {
+            "type": "command",
+            "command": "\"$CLAUDE_PROJECT_DIR\"/.claude/hooks/audit.sh tool-use",
+            "timeout": 5
+          }
+        ]
+      },
+      {
+        "matcher": "Bash",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "\"$CLAUDE_PROJECT_DIR\"/.claude/hooks/audit.sh tool-use",
+            "timeout": 5
+          }
+        ]
+      }
+    ],
+    "SessionStart": [
+      {
+        "hooks": [
+          {
+            "type": "command",
+            "command": "\"$CLAUDE_PROJECT_DIR\"/.claude/hooks/audit.sh session-start",
+            "timeout": 5
+          }
+        ]
+      }
+    ],
+    "Stop": [
+      {
+        "hooks": [
+          {
+            "type": "command",
+            "command": "\"$CLAUDE_PROJECT_DIR\"/.claude/hooks/audit.sh stop",
+            "timeout": 5
+          }
+        ]
+      }
+    ]
+  }
+}