@paths.design/caws-cli 9.1.1 → 9.3.0

package/dist/templates/.claude/hooks/audit.sh

@@ -88,6 +88,31 @@ case "$EVENT_TYPE" in
     ;;
 esac
 
+# --- Log rotation ---
+# Keep main audit.log under 10MB; keep date-logs for 30 days
+rotate_logs() {
+  # Rotate main audit.log at 10MB
+  if [[ -f "$LOG_FILE" ]]; then
+    local size
+    size=$(wc -c < "$LOG_FILE" 2>/dev/null | tr -d ' ')
+    if [[ "$size" -gt 10485760 ]]; then
+      # Keep last rotated copy, discard older
+      [[ -f "${LOG_FILE}.1" ]] && rm -f "${LOG_FILE}.1"
+      mv "$LOG_FILE" "${LOG_FILE}.1"
+    fi
+  fi
+
+  # Prune date-based logs older than 30 days
+  if [[ -d "$LOG_DIR" ]]; then
+    find "$LOG_DIR" -name 'audit-*.log' -type f -mtime +30 -delete 2>/dev/null || true
+  fi
+}
+
+# Run rotation check ~1% of the time (avoid stat overhead on every tool call)
+if [[ $(( RANDOM % 100 )) -eq 0 ]]; then
+  rotate_logs
+fi
+
 # Append to log files
 echo "$LOG_ENTRY" >> "$LOG_FILE"
 echo "$LOG_ENTRY" >> "$DATE_LOG_FILE"

package/dist/templates/.claude/hooks/block-dangerous.sh

@@ -75,6 +75,8 @@ DANGEROUS_PATTERNS=(
   'git clean -f'
   'git checkout \.'
   'git restore \.'
+  '(^|&&|\|\||;|\|)\s*git rebase'
+  '(^|&&|\|\||;|\|)\s*git cherry-pick'
 
   # Virtual environment creation (prevents venv sprawl)
   'python -m venv'
@@ -91,6 +93,43 @@ for pattern in "${DANGEROUS_PATTERNS[@]}"; do
       continue
     fi
 
+    # Allow git rebase/cherry-pick only when no worktrees are active
+    if [[ "$pattern" == *"git rebase"* ]] || [[ "$pattern" == *"git cherry-pick"* ]]; then
+      PROJECT_DIR="${CLAUDE_PROJECT_DIR:-.}"
+      # Resolve to main repo root if we're in a worktree
+      if command -v git >/dev/null 2>&1; then
+        GIT_COMMON=$(cd "$PROJECT_DIR" && git rev-parse --git-common-dir 2>/dev/null || echo "")
+        if [[ -n "$GIT_COMMON" ]] && [[ "$GIT_COMMON" != ".git" ]]; then
+          CANDIDATE=$(cd "$PROJECT_DIR" && cd "$GIT_COMMON/.." 2>/dev/null && pwd || echo "")
+          if [[ -n "$CANDIDATE" ]] && [[ -d "$CANDIDATE/.caws" ]]; then
+            PROJECT_DIR="$CANDIDATE"
+          fi
+        fi
+      fi
+      WT_FILE="$PROJECT_DIR/.caws/worktrees.json"
+      if [[ -f "$WT_FILE" ]] && command -v node >/dev/null 2>&1; then
+        ACTIVE_COUNT=$(node -e "
+          try {
+            var r = JSON.parse(require('fs').readFileSync('$WT_FILE','utf8'));
+            var c = Object.values(r.worktrees||{}).filter(function(w){return w.status==='active';}).length;
+            console.log(c);
+          } catch(e) { console.log(0); }
+        " 2>/dev/null || echo "0")
+        if [[ "$ACTIVE_COUNT" -gt 0 ]]; then
+          # Extract the specific git subcommand for the message
+          GIT_SUBCMD="git operation"
+          [[ "$pattern" == *"git rebase"* ]] && GIT_SUBCMD="git rebase"
+          [[ "$pattern" == *"git cherry-pick"* ]] && GIT_SUBCMD="git cherry-pick"
+          echo "BLOCKED: $GIT_SUBCMD is forbidden while $ACTIVE_COUNT worktree(s) are active." >&2
+          echo "This can replay or rewrite commits across worktree boundaries." >&2
+          echo "Command was: $COMMAND" >&2
+          exit 2
+        fi
+      fi
+      # No active worktrees — allow
+      continue
+    fi
+
     # Allow venv commands if target matches designated venv path from scope.json
     if echo "$pattern" | grep -qE '(python.*venv|virtualenv|conda create)'; then
       PROJECT_DIR="${CLAUDE_PROJECT_DIR:-.}"

package/dist/templates/.claude/hooks/lite-sprawl-check.sh

@@ -49,9 +49,37 @@ if command -v node >/dev/null 2>&1; then
       const basename = '$BASENAME';
       const banned = scope.bannedPatterns || {};
 
+      function globToRegex(pattern) {
+        let i = 0, re = '';
+        while (i < pattern.length) {
+          const c = pattern[i];
+          if (c === '*' && pattern[i+1] === '*') {
+            re += '.*'; i += 2;
+            if (pattern[i] === '/') i++;
+          } else if (c === '*') {
+            re += '[^/]*'; i++;
+          } else if (c === '?') {
+            re += '[^/]'; i++;
+          } else if (c === '[') {
+            const end = pattern.indexOf(']', i);
+            if (end > i) { re += pattern.slice(i, end + 1); i = end + 1; }
+            else { re += '\\\\['; i++; }
+          } else if (c === '{') {
+            const end = pattern.indexOf('}', i);
+            if (end > i) {
+              const alts = pattern.slice(i + 1, end).split(',').map(a => a.trim());
+              re += '(?:' + alts.join('|') + ')'; i = end + 1;
+            } else { re += '\\\\{'; i++; }
+          } else if ('.+^$|()'.includes(c)) {
+            re += '\\\\' + c; i++;
+          } else {
+            re += c; i++;
+          }
+        }
+        return new RegExp('^' + re + '$');
+      }
       function matchGlob(str, pattern) {
-        const regex = new RegExp('^' + pattern.replace(/\\*/g, '.*').replace(/\\?/g, '.') + '$');
-        return regex.test(str);
+        return globToRegex(pattern).test(str);
       }
 
       // Check banned file patterns

package/dist/templates/.claude/hooks/naming-check.sh

@@ -51,9 +51,12 @@ BANNED_MODIFIERS=(
 # Convert filename to lowercase for checking
 FILENAME_LOWER=$(echo "$FILENAME" | tr '[:upper:]' '[:lower:]')
 
-# Check for banned modifiers
+# Check for banned modifiers (word-boundary aware)
 for modifier in "${BANNED_MODIFIERS[@]}"; do
-  if [[ "$FILENAME_LOWER" == *"$modifier"* ]]; then
+  # Match modifier preceded by start-of-string, hyphen, underscore, or dot
+  # and followed by end-of-string, hyphen, underscore, or dot
+  # Prevents false positives like "old" in "gold_oracle" or "new" in "renewable"
+  if [[ "$FILENAME_LOWER" =~ (^|[-_.])"$modifier"([-_.]|$) ]]; then
     # Special case: allow test files that follow conventions
     if [[ "$modifier" == "test-" ]] || [[ "$modifier" == "-test" ]] || [[ "$modifier" == "_test" ]]; then
       if [[ "$FILENAME_LOWER" =~ \.(test|spec)\.(js|ts|jsx|tsx|py|go|rs)$ ]]; then

package/dist/templates/.claude/hooks/scope-guard.sh

@@ -44,6 +44,37 @@ if [[ ! -f "$SPEC_FILE" ]] && [[ -f "$SCOPE_FILE" ]]; then
     LITE_CHECK=$(node -e "
       const fs = require('fs');
       const path = require('path');
+
+      function globToRegex(pattern) {
+        let i = 0, re = '';
+        while (i < pattern.length) {
+          const c = pattern[i];
+          if (c === '*' && pattern[i+1] === '*') {
+            re += '.*'; i += 2;
+            if (pattern[i] === '/') i++;
+          } else if (c === '*') {
+            re += '[^/]*'; i++;
+          } else if (c === '?') {
+            re += '[^/]'; i++;
+          } else if (c === '[') {
+            const end = pattern.indexOf(']', i);
+            if (end > i) { re += pattern.slice(i, end + 1); i = end + 1; }
+            else { re += '\\\\['; i++; }
+          } else if (c === '{') {
+            const end = pattern.indexOf('}', i);
+            if (end > i) {
+              const alts = pattern.slice(i + 1, end).split(',').map(a => a.trim());
+              re += '(?:' + alts.join('|') + ')'; i = end + 1;
+            } else { re += '\\\\{'; i++; }
+          } else if ('.+^$|()'.includes(c)) {
+            re += '\\\\' + c; i++;
+          } else {
+            re += c; i++;
+          }
+        }
+        return new RegExp(re);
+      }
+
       try {
         const scope = JSON.parse(fs.readFileSync('$SCOPE_FILE', 'utf8'));
         const filePath = '$REL_PATH';
@@ -54,7 +85,7 @@ if [[ ! -f "$SPEC_FILE" ]] && [[ -f "$SCOPE_FILE" ]]; then
         const basename = path.basename(filePath);
         const bannedFiles = banned.files || [];
         for (const pattern of bannedFiles) {
-          const regex = new RegExp(pattern.replace(/\\*/g, '.*').replace(/\\?/g, '.'));
+          const regex = globToRegex(pattern);
           if (regex.test(basename)) {
             console.log('banned:' + pattern);
             process.exit(0);
@@ -64,7 +95,7 @@ if [[ ! -f "$SPEC_FILE" ]] && [[ -f "$SCOPE_FILE" ]]; then
         // Check banned doc patterns
         const bannedDocs = banned.docs || [];
         for (const pattern of bannedDocs) {
-          const regex = new RegExp(pattern.replace(/\\*/g, '.*').replace(/\\?/g, '.'));
+          const regex = globToRegex(pattern);
           if (regex.test(basename)) {
             console.log('banned:' + pattern);
             process.exit(0);
@@ -129,6 +160,37 @@ if command -v node >/dev/null 2>&1; then
     const fs = require('fs');
     const path = require('path');
 
+    // Convert glob pattern to regex, handling **, *, ?, [abc], {a,b}
+    function globToRegex(pattern) {
+      let i = 0, re = '';
+      while (i < pattern.length) {
+        const c = pattern[i];
+        if (c === '*' && pattern[i+1] === '*') {
+          re += '.*'; i += 2;
+          if (pattern[i] === '/') i++; // skip trailing slash after **
+        } else if (c === '*') {
+          re += '[^/]*'; i++;
+        } else if (c === '?') {
+          re += '[^/]'; i++;
+        } else if (c === '[') {
+          const end = pattern.indexOf(']', i);
+          if (end > i) { re += pattern.slice(i, end + 1); i = end + 1; }
+          else { re += '\\\\['; i++; }
+        } else if (c === '{') {
+          const end = pattern.indexOf('}', i);
+          if (end > i) {
+            const alts = pattern.slice(i + 1, end).split(',').map(a => a.trim());
+            re += '(?:' + alts.join('|') + ')'; i = end + 1;
+          } else { re += '\\\\{'; i++; }
+        } else if ('.+^$|()'.includes(c)) {
+          re += '\\\\' + c; i++;
+        } else {
+          re += c; i++;
+        }
+      }
+      return new RegExp(re);
+    }
+
     try {
       const filePath = '$REL_PATH';
 
@@ -177,7 +239,7 @@ if command -v node >/dev/null 2>&1; then
       // Check scope.out across ALL active specs — any match blocks
       for (const { source, spec } of specs) {
         for (const pattern of (spec.scope?.out || [])) {
-          const regex = new RegExp(pattern.replace(/\\*/g, '.*').replace(/\\?/g, '.'));
+          const regex = globToRegex(pattern);
           if (regex.test(filePath)) {
             console.log('out_of_scope:' + source + ':' + pattern);
             process.exit(0);
@@ -190,7 +252,7 @@ if command -v node >/dev/null 2>&1; then
       if (allInScope.length > 0) {
         let found = false;
         for (const pattern of allInScope) {
-          const regex = new RegExp(pattern.replace(/\\*/g, '.*').replace(/\\?/g, '.'));
+          const regex = globToRegex(pattern);
           if (regex.test(filePath)) {
             found = true;
             break;

package/dist/templates/.claude/hooks/session-log.sh

@@ -157,6 +157,33 @@ def rel(path):
         return path[len(cwd) + 1:]
     return path or ""
 
+def decode_structured_text_payload(raw):
+    """Decode JSON-escaped text payloads (e.g., Agent/Task tool outputs)."""
+    if not isinstance(raw, str):
+        return raw
+    payload = raw.strip()
+    if not payload or payload[0] not in "[{":
+        return raw
+    try:
+        parsed = json.loads(payload)
+    except Exception:
+        return raw
+
+    text_blocks = []
+    if isinstance(parsed, dict):
+        parsed = [parsed]
+    if isinstance(parsed, list):
+        for item in parsed:
+            if not isinstance(item, dict):
+                continue
+            text = item.get("text")
+            if isinstance(text, str) and text.strip():
+                text_blocks.append(text)
+
+    if text_blocks:
+        return "\n\n".join(text_blocks)
+    return raw
+
 # ---- Accumulate turns as chronological event timelines ----
 turns = []
 # Each turn: {user, timeline: [{kind, ...}, ...], edits, reads, searches, commands}
@@ -242,18 +269,24 @@ for line in sys.stdin:
         tool_info = pending_tools.get(tid, {})
         name = tool_info.get("name", "unknown")
 
-        # Decide if this result is notable enough to show inline
-        # Task results are always notable (subagent did substantive work)
-        notable = is_error or name == "Task"
+        # Always capture tool results for Bash, Task, Agent.
+        # For Read/Write/Edit, only capture if notable (errors, test output, etc.)
+        # to avoid dumping entire file contents into turn logs.
+        always_capture = name in ("Bash", "Task", "Agent")
+        notable = is_error
         if not notable and content:
             content_lower = content.lower()
             notable = any(kw.lower() in content_lower for kw in NOTABLE_KW)
 
-        if notable and content:
+        if (always_capture or notable) and content:
             # Cap file-content tools (full file reads/writes blow out turn files)
             display = content
             if name in ("Read", "Write", "Edit") and len(content) > 2000:
                 display = content[:2000] + "\n...(file content truncated)"
+            elif name in ("Task", "Agent"):
+                display = decode_structured_text_payload(content)
+            elif name == "Bash" and len(content) > 5000:
+                display = content[:5000] + "\n...(output truncated at 5000 chars)"
             # Graft result onto the original tool_call entry (not a separate timeline item)
             if tool_info:
                 tool_info["output"] = display
@@ -281,7 +314,7 @@ for i, turn in enumerate(turns):
     md_lines = [f"# Turn {num}", ""]
 
     if turn["user"]:
-        md_lines.extend([f"> ---user---\n{turn['user']}\n---/user---", ""])
+        md_lines.extend([f"> ---user---\n{turn['user']}\n---\/user---", ""])
 
     for event in turn["timeline"]:
         kind = event["kind"]

package/dist/templates/.claude/hooks/worktree-write-guard.sh

@@ -65,13 +65,22 @@ if [[ "$WT_COUNT" -le 0 ]] 2>/dev/null; then
   exit 0
 fi
 
-# Allow edits to .claude/ configuration (hooks, settings, rules)
+# Allow edits to configuration and documentation (benign, no merge conflict risk)
 if [[ -n "$FILE_PATH" ]]; then
   case "$FILE_PATH" in
     */.claude/*|*/.caws/*) exit 0 ;;
+    */docs/*) exit 0 ;;
   esac
 fi
 
+# Allow edits during an active merge (conflict resolution).
+# The worktree-isolation rules explicitly permit merge commits on the base branch.
+# Conflict resolution requires Write/Edit on the conflicted files.
+MERGE_HEAD_PATH=$(cd "$AGENT_DIR" && git rev-parse --git-dir 2>/dev/null || echo ".git")
+if [[ -f "$MERGE_HEAD_PATH/MERGE_HEAD" ]]; then
+  exit 0
+fi
+
 # Block: we're on the base branch with active worktrees
 echo "BLOCKED: Cannot write/edit files on '$CURRENT_BRANCH' while $WT_COUNT worktree(s) are active: $WT_NAMES" >&2
 echo "" >&2
@@ -81,4 +90,7 @@ echo "  To create a new worktree:    caws worktree create <name>" >&2
 echo "" >&2
 echo "Do NOT make changes on main and create a worktree retroactively." >&2
 echo "The worktree must exist BEFORE you start making changes." >&2
+echo "" >&2
+echo "If you are merging a worktree branch, use: caws worktree merge <name>" >&2
+echo "Or start the merge first (git merge --no-ff <branch>), then resolve conflicts." >&2
 exit 2

package/dist/templates/.claude/rules/worktree-isolation.md

@@ -9,29 +9,62 @@ When multiple agents are working on this project, each agent MUST work in its ow
 
 ## Before starting work
 
-1. Check if worktrees exist: look for `.caws/worktrees.json` or `.caws/parallel.json`
+1. Check if worktrees exist: `caws worktree list` shows all active worktrees with last commit time and owner
 2. If worktrees are active and you are on the base branch, switch to your assigned worktree
 3. If no worktree exists for you, create one with `caws worktree create <name>` or `caws parallel setup <plan-file>`
+4. **Never touch a worktree you did not create.** Do not destroy, prune, stash, or "clean up" another agent's worktree — even if it looks stale. Another agent may be actively working in it. If you think a worktree is abandoned, leave it alone and let the user decide.
 
 ## Forbidden operations when worktrees are active
 
 - `git commit --amend` -- rewrites history that other agents depend on
+- `git rebase` -- rewrites branch history; the hook blocks this automatically while worktrees are active. If you need code from main, create a new worktree from current main instead
+- `git cherry-pick` -- replays commits across branches; blocked while worktrees are active to prevent cross-boundary contamination
 - `git stash` / `git stash pop` -- stash is shared across all worktrees; using it can destroy another agent's uncommitted work
 - `git reset --hard` -- discards work that other agents may depend on
 - `git push --force` -- rewrites remote history
 - Direct commits to the base branch -- only `merge(worktree):` and `wip(checkpoint):` formats are allowed
 - Copying files between your worktree and the main repo directory -- defeats isolation
+- Destroying another agent's worktree -- even with `--force`. If you did not create it, do not destroy it. Period.
 
 ## Merging worktree branches back to base
 
 Merge commits ARE allowed on the base branch while other worktrees are active. This lets you incrementally merge completed work without waiting for all agents to finish.
 
+### Recommended: use `caws worktree merge`
+
+The `merge` command handles the full sequence (conflict check, destroy, merge, cleanup):
+
+```bash
+# Preview conflicts before merging
+caws worktree merge <name> --dry-run
+
+# Merge (destroys worktree, merges branch, deletes branch)
+caws worktree merge <name>
+
+# Merge with custom commit message
+caws worktree merge <name> --message "merge(worktree): description of changes"
+```
+
+### Manual merge (if you need more control)
+
 1. Destroy the worktree first: `caws worktree destroy <name>`
 2. Switch to the base branch: `git checkout main`
 3. Merge with: `git merge --no-ff <worktree-branch>`
 4. The commit-msg hook enforces the `merge(worktree): <description>` format for non-FF merges
 5. For manual merge commits: `git commit -m "merge(worktree): integrate scenarios work"`
 
+### Conflict resolution during merge
+
+The write guard allows edits on the base branch while a merge is in progress (MERGE_HEAD exists). This lets you resolve merge conflicts without needing to abort and retry. After resolving, commit with the `merge(worktree):` format.
+
+## What the write guard allows on the base branch
+
+Even when worktrees are active, the following edits are allowed on the base branch:
+
+- `.claude/` and `.caws/` configuration files
+- `docs/` directory (documentation changes are benign)
+- Any file while a merge is in progress (conflict resolution)
+
 ## Virtual environment in worktrees
 
 Do NOT create a new virtual environment in your worktree. Use the main repo's venv:
@@ -46,6 +79,5 @@ If your project uses `.caws/scope.json`, the `designatedVenvPath` field specifie
 
 1. Commit all changes to your worktree branch
 2. Run tests in your worktree to verify
-3. Destroy your worktree with `caws worktree destroy <name>`
-4. Merge your branch to base: `git merge --no-ff <branch>` (uses `merge(worktree):` format)
-5. Delete the branch if no longer needed: `git branch -d <branch>`
+3. Merge: `caws worktree merge <name>` (handles destroy + merge + branch cleanup)
+4. Or manually: destroy worktree, then `git merge --no-ff <branch>`, then delete branch

package/dist/templates/.cursor/README.md

@@ -9,7 +9,6 @@ Cursor hooks enable seamless integration between CAWS and the Cursor IDE, provid
 - **Real-time quality validation** as you code
 - **Automatic spec validation** when editing working specs
 - **Scope enforcement** preventing out-of-scope file access
-- **Tool validation** for safe MCP execution
 - **Quality monitoring** after file edits
 
 ## Hook Configuration
@@ -19,7 +18,6 @@ The `hooks.json` file defines when each hook runs:
 ```json
 {
   "beforeShellExecution": ["block-dangerous.sh", "audit.sh"],
-  "beforeMCPExecution": ["audit.sh", "caws-tool-validation.sh"],
   "beforeReadFile": ["scan-secrets.sh", "caws-scope-guard.sh"],
   "afterFileEdit": ["format.sh", "naming-check.sh", "validate-spec.sh", "caws-quality-check.sh", "audit.sh"],
   "beforeSubmitPrompt": ["caws-scope-guard.sh", "audit.sh"],
@@ -43,12 +41,6 @@ The `hooks.json` file defines when each hook runs:
 - **Blocks**: Yes (for out-of-scope file access)
 - **Requires**: `.caws/working-spec.yaml`
 
-#### `caws-tool-validation.sh`
-- **Trigger**: `beforeMCPExecution`
-- **Purpose**: Validates CAWS MCP tool calls for security
-- **Blocks**: Yes (for dangerous operations or invalid waivers)
-- **Validates**: Waiver creation, tool permissions, command safety
-
 ### General Security Hooks
 
 #### `block-dangerous.sh`
@@ -242,7 +234,6 @@ Cursor Hooks ←→ CAWS CLI ←→ VS Code Extension
 
 - **Git Hooks**: `.git/hooks/` for commit/push validation
 - **VS Code Extension**: Rich UI for CAWS operations
-- **MCP Server**: Agent tool integration
 - **CAWS CLI**: Core functionality
 
 ### Data Flow

package/dist/templates/.cursor/hooks/audit.sh

@@ -2,7 +2,7 @@
 # Cursor Hook: Audit Trail
 # 
 # Purpose: Log all Cursor AI events for provenance tracking
-# Event: All (beforeShellExecution, beforeMCPExecution, beforeReadFile, 
+# Event: All (beforeShellExecution, beforeReadFile,
 #        afterFileEdit, beforeSubmitPrompt, stop)
 # 
 # @author @darianrosebrook

package/dist/templates/.cursor/hooks/block-dangerous.sh

@@ -29,6 +29,7 @@ HARD_BLOCKS=(
   "git commit --amend --no-edit" # Can rewrite commit history destructively
   "git reset --hard"            # Can lose uncommitted work and stashed changes
   "git push --force"             # Can overwrite remote repository history
+  "git rebase"                   # Rewrites branch history; blocked while worktrees are active
   "dd if="
   "mkfs"
   "format c:"

package/dist/templates/.cursor/hooks/scan-secrets.sh

@@ -28,14 +28,19 @@ if [[ "$FILE_PATH" =~ \.(pem|key|p12|pfx|cert|crt)$ ]]; then
 fi
 
 # Scan content for common secret patterns
-if echo "$CONTENT" | grep -qiE "(api[_-]?key|secret[_-]?key|password|private[_-]?key|access[_-]?token|bearer\s+[A-Za-z0-9_\-\.]+|AKIA[0-9A-Z]{16})"; then
+# bearer requires 20+ chars to avoid false positives on short tokens in docs
+# AKIA prefix is specific to AWS access keys
+if echo "$CONTENT" | grep -qiE "(api[_-]?key\s*[:=]\s*['\"]?[A-Za-z0-9_\-]{16,}|secret[_-]?key\s*[:=]\s*['\"]?[A-Za-z0-9_\-]{16,}|password\s*[:=]\s*['\"]?[^\s'\"]{8,}|private[_-]?key\s*[:=]|access[_-]?token\s*[:=]\s*['\"]?[A-Za-z0-9_\-]{16,}|[Bb]earer\s+[A-Za-z0-9_\-\.]{20,}|AKIA[0-9A-Z]{16})"; then
   # Don't block, but warn
   echo '{"permission":"allow","userMessage":"⚠️ Warning: Potential secrets detected in file. Ensure they are not committed.","agentMessage":"This file may contain secrets. Use placeholder values or environment variables."}' 2>/dev/null
   exit 0
 fi
 
-# Check for common PII patterns (SSN, credit card, etc.)
-if echo "$CONTENT" | grep -qE "([0-9]{3}-[0-9]{2}-[0-9]{4}|[0-9]{4}[- ]?[0-9]{4}[- ]?[0-9]{4}[- ]?[0-9]{4})"; then
+# Check for common PII patterns (SSN, credit card)
+# SSN: exactly 3-2-4 digit pattern (not inside longer numbers)
+# Credit card: require at least a Luhn-plausible 13-19 digit sequence with separators
+if echo "$CONTENT" | grep -qE "(^|[^0-9])[0-9]{3}-[0-9]{2}-[0-9]{4}($|[^0-9])" || \
+   echo "$CONTENT" | grep -qE "(^|[^0-9])[0-9]{4}[- ][0-9]{4}[- ][0-9]{4}[- ][0-9]{4}($|[^0-9])"; then
   echo '{"permission":"allow","userMessage":"⚠️ Warning: Potential PII detected. Ensure compliance with data protection policies.","agentMessage":"This file may contain PII (SSN, credit card). Use anonymized test data."}' 2>/dev/null
   exit 0
 fi

package/dist/templates/.cursor/hooks.json

@@ -9,14 +9,6 @@
         "command": "./.cursor/hooks/audit.sh"
       }
     ],
-    "beforeMCPExecution": [
-      {
-        "command": "./.cursor/hooks/audit.sh"
-      },
-      {
-        "command": "./.cursor/hooks/caws-tool-validation.sh"
-      }
-    ],
     "beforeReadFile": [
       {
         "command": "./.cursor/hooks/scan-secrets.sh"

package/dist/templates/.vscode/launch.json

@@ -1,18 +1,6 @@
 {
   "version": "0.2.0",
   "configurations": [
-    {
-      "name": "Debug MCP Server",
-      "type": "node",
-      "request": "launch",
-      "program": "${workspaceFolder}/packages/caws-mcp-server/index.js",
-      "args": [],
-      "env": {
-        "NODE_ENV": "development",
-        "CAWS_DEBUG": "true"
-      },
-      "console": "integratedTerminal"
-    },
     {
       "name": "Debug CAWS CLI",
       "type": "node",

package/dist/utils/detection.js

@@ -196,7 +196,44 @@ function detectCAWSSetup(cwd = process.cwd()) {
   };
 }
 
+/**
+ * Find the CAWS project root by walking up from startDir looking for .caws/
+ * Falls back to git root, then to process.cwd()
+ * @param {string} [startDir] - Directory to start searching from
+ * @returns {string} Project root directory path
+ */
+function findProjectRoot(startDir = process.cwd()) {
+  // Walk up looking for .caws/ directory
+  let dir = path.resolve(startDir);
+  const root = path.parse(dir).root;
+  while (dir !== root) {
+    if (fs.existsSync(path.join(dir, '.caws'))) {
+      return dir;
+    }
+    dir = path.dirname(dir);
+  }
+
+  // Fallback: try git root
+  try {
+    const { execFileSync } = require('child_process');
+    const gitRoot = execFileSync('git', ['rev-parse', '--show-toplevel'], {
+      encoding: 'utf8',
+      cwd: startDir,
+      stdio: ['pipe', 'pipe', 'pipe'],
+    }).trim();
+    if (gitRoot && fs.existsSync(path.join(gitRoot, '.caws'))) {
+      return gitRoot;
+    }
+  } catch {
+    // Not a git repo or git not available
+  }
+
+  // Final fallback: cwd
+  return process.cwd();
+}
+
 module.exports = {
   detectCAWSSetup,
   findPackageRoot,
+  findProjectRoot,
 };

package/dist/utils/project-analysis.js

@@ -347,7 +347,6 @@ function getTodoAnalyzerSuggestion(cwd = process.cwd()) {
     suggestions.push(
       '   - Install Node.js: https://nodejs.org/ (then use: npx --yes @paths.design/quality-gates)'
     );
-    suggestions.push('   - Use CAWS MCP server: caws quality-gates (via MCP)');
   }
 
   // Check for project-specific scripts (language-agnostic - if they exist, suggest them)