@soleri/cli 9.3.1 → 9.5.0

package/src/hook-packs/marketing-research/manifest.json

@@ -0,0 +1,24 @@
+{
+  "name": "marketing-research",
+  "version": "1.0.0",
+  "description": "Auto-research hook for marketing files — reminds to check brand guidelines, A/B testing data, and audience segmentation before editing marketing content",
+  "hooks": [],
+  "scripts": [
+    {
+      "name": "marketing-research",
+      "file": "marketing-research.sh",
+      "targetDir": "hooks"
+    }
+  ],
+  "lifecycleHooks": [
+    {
+      "event": "PreToolUse",
+      "matcher": "Write|Edit",
+      "type": "command",
+      "command": "sh ~/.claude/hooks/marketing-research.sh",
+      "timeout": 10,
+      "statusMessage": "Checking marketing context..."
+    }
+  ],
+  "actionLevel": "remind"
+}

package/src/hook-packs/marketing-research/scripts/marketing-research.sh

@@ -0,0 +1,70 @@
+#!/bin/sh
+# Marketing Research Hook for Claude Code (Soleri Hook Pack: marketing-research)
+# PreToolUse -> Write|Edit: reminds to check brand guidelines, A/B testing data,
+# and audience segmentation before editing marketing content.
+#
+# Matched file patterns:
+#   - **/marketing/**
+#   - **/*marketing*
+#   - **/campaign*/**
+#
+# Dependencies: jq (required)
+# POSIX sh compatible — no bash-specific features.
+
+set -eu
+
+INPUT=$(cat)
+
+# Extract tool name
+TOOL_NAME=$(printf '%s' "$INPUT" | jq -r '.tool_name // empty' 2>/dev/null)
+
+# Only act on Write or Edit
+case "$TOOL_NAME" in
+  Write|Edit) ;;
+  *) exit 0 ;;
+esac
+
+# Extract file_path from tool_input
+FILE_PATH=$(printf '%s' "$INPUT" | jq -r '.tool_input.file_path // empty' 2>/dev/null)
+
+# No file path — let it through
+if [ -z "$FILE_PATH" ]; then
+  exit 0
+fi
+
+# Check if file matches marketing patterns
+IS_MARKETING=false
+
+# Pattern: **/marketing/** — file is inside a marketing directory
+case "$FILE_PATH" in
+  */marketing/*) IS_MARKETING=true ;;
+esac
+
+# Pattern: **/*marketing* — filename or path component contains "marketing"
+if [ "$IS_MARKETING" = false ]; then
+  BASENAME=$(basename "$FILE_PATH")
+  case "$BASENAME" in
+    *marketing*) IS_MARKETING=true ;;
+  esac
+fi
+
+# Pattern: **/campaign*/** — file is inside a campaign* directory
+if [ "$IS_MARKETING" = false ]; then
+  # Check if any path component starts with "campaign"
+  if printf '%s' "$FILE_PATH" | grep -qE '/(campaign[^/]*)/'; then
+    IS_MARKETING=true
+  fi
+fi
+
+# Not a marketing file — let it through
+if [ "$IS_MARKETING" = false ]; then
+  exit 0
+fi
+
+# Output remind JSON
+jq -n \
+  --arg file "$FILE_PATH" \
+  '{
+    continue: true,
+    message: ("Marketing file detected: " + $file + "\n\nBefore editing, consider checking:\n- Brand guidelines — tone, voice, approved terminology\n- A/B testing data — what messaging has performed well\n- Audience segmentation — who is the target for this content\n- Campaign calendar — timing and coordination with other assets")
+  }'

package/src/hook-packs/registry.ts

@@ -30,6 +30,7 @@ export interface HookPackManifest {
   scripts?: HookPackScript[];
   lifecycleHooks?: HookPackLifecycleHook[];
   source?: 'built-in' | 'local';
+  actionLevel?: 'remind' | 'warn' | 'block';
 }
 
 const __filename = fileURLToPath(import.meta.url);
@@ -97,7 +98,9 @@ export function getPack(name: string): { manifest: HookPackManifest; dir: string
 export function getInstalledPacks(): string[] {
   const claudeDir = join(homedir(), '.claude');
   const packs = listPacks();
-  const installed: string[] = [];
+  const installed = new Set<string>();
+
+  // First pass: detect directly installed packs (hooks or scripts)
   for (const pack of packs) {
     if (pack.hooks.length === 0) {
       if (pack.scripts && pack.scripts.length > 0) {
@@ -105,7 +108,7 @@ export function getInstalledPacks(): string[] {
           existsSync(join(claudeDir, script.targetDir, script.file)),
         );
         if (allScripts) {
-          installed.push(pack.name);
+          installed.add(pack.name);
         }
       }
       continue;
@@ -114,8 +117,19 @@ export function getInstalledPacks(): string[] {
       existsSync(join(claudeDir, `hookify.${hook}.local.md`)),
     );
     if (allPresent) {
-      installed.push(pack.name);
+      installed.add(pack.name);
     }
   }
-  return installed;
+
+  // Second pass: composed packs are installed if all sub-packs are installed
+  for (const pack of packs) {
+    if (pack.composedFrom && pack.composedFrom.length > 0 && !installed.has(pack.name)) {
+      const allSubsInstalled = pack.composedFrom.every((sub) => installed.has(sub));
+      if (allSubsInstalled) {
+        installed.add(pack.name);
+      }
+    }
+  }
+
+  return Array.from(installed);
 }

package/src/hook-packs/safety/README.md

@@ -0,0 +1,50 @@
+# Safety Hook Pack
+
+Anti-deletion safety net for Claude Code. Intercepts destructive commands, stages files before deletion, and blocks dangerous operations.
+
+## Install
+
+```bash
+soleri hooks add-pack safety
+```
+
+## What It Intercepts
+
+| Command                    | Action                                       |
+| -------------------------- | -------------------------------------------- |
+| `rm` / `rmdir`             | Copies files to staging, then blocks         |
+| `git push --force`         | Blocks (use `--force-with-lease` instead)    |
+| `git reset --hard`         | Blocks (use `git stash` first)               |
+| `git clean`                | Blocks (use `git stash --include-untracked`) |
+| `git checkout -- .`        | Blocks                                       |
+| `git restore .`            | Blocks                                       |
+| `mv ~/projects/...`        | Blocks                                       |
+| `DROP TABLE`               | Blocks                                       |
+| `docker rm` / `docker rmi` | Blocks                                       |
+
+## Where Backups Go
+
+Staged files are saved to `~/.soleri/staging/<timestamp>/` with directory structure preserved.
+
+Backups use rsync (excludes `node_modules`, `dist`, `.git`) when available, falls back to `cp -R`.
+
+## Restore
+
+```bash
+soleri staging list       # see available backups
+soleri staging restore    # restore from a backup
+soleri staging clean      # manually clean old backups
+```
+
+## Auto-Cleanup
+
+Backups older than 7 days are automatically deleted on each hook invocation. No manual cleanup needed for normal usage.
+
+## Dependencies
+
+- `jq` (required for JSON parsing)
+- POSIX sh compatible — works on macOS and Linux
+
+## False Positive Prevention
+
+The hook strips here-documents and quoted strings before pattern matching. Commands like `gh issue comment --body "rm -rf explanation"` will not trigger a false positive.

package/src/hook-packs/safety/manifest.json

@@ -0,0 +1,23 @@
+{
+  "name": "safety",
+  "version": "1.0.0",
+  "description": "Anti-deletion safety net — intercepts destructive commands (rm, git push --force, git reset --hard, git clean, drop table, docker rm), stages files before deletion, blocks everything else",
+  "hooks": [],
+  "scripts": [
+    {
+      "name": "anti-deletion",
+      "file": "anti-deletion.sh",
+      "targetDir": "hooks"
+    }
+  ],
+  "lifecycleHooks": [
+    {
+      "event": "PreToolUse",
+      "matcher": "Bash",
+      "type": "command",
+      "command": "sh ~/.claude/hooks/anti-deletion.sh",
+      "timeout": 10,
+      "statusMessage": "Checking for destructive commands..."
+    }
+  ]
+}

package/src/hook-packs/safety/scripts/anti-deletion.sh

@@ -0,0 +1,280 @@
+#!/bin/sh
+# Anti-Deletion Staging Hook for Claude Code (Soleri Hook Pack: safety)
+# PreToolUse -> Bash: intercepts destructive commands, stages files, blocks execution.
+#
+# Intercepted patterns:
+#   - rm / rmdir          (files/dirs — stages first, then blocks)
+#   - git push --force    (blocks outright)
+#   - git reset --hard    (blocks outright)
+#   - git clean           (blocks outright)
+#   - git checkout -- .   (blocks outright)
+#   - git restore .       (blocks outright)
+#   - mv ~/projects/...   (blocks outright)
+#   - drop table          (SQL — blocks outright)
+#   - docker rm / rmi     (blocks outright)
+#
+# Catastrophic commands (rm -rf /, rm -rf ~) should stay in deny rules —
+# this hook handles targeted deletes only.
+#
+# Dependencies: jq (required)
+# POSIX sh compatible — no bash-specific features.
+
+set -eu
+
+STAGING_ROOT="$HOME/.soleri/staging"
+
+# --- Auto-cleanup: remove staging backups older than 7 days ---
+if [ -d "$STAGING_ROOT" ]; then
+  find "$STAGING_ROOT" -mindepth 1 -maxdepth 1 -type d -mtime +7 -exec rm -rf {} + 2>/dev/null || true
+fi
+
+INPUT=$(cat)
+
+# Extract the command from stdin JSON
+CMD=$(printf '%s' "$INPUT" | jq -r '.tool_input.command // empty' 2>/dev/null)
+
+# No command found — let it through
+if [ -z "$CMD" ]; then
+  exit 0
+fi
+
+# --- Strip heredocs and quoted strings to avoid false positives ---
+# Commands like: gh issue comment --body "$(cat <<'EOF' ... rmdir ... EOF)"
+# contain destructive keywords in text, not as actual commands.
+
+# Remove heredoc blocks (best-effort with sed)
+STRIPPED=$(printf '%s' "$CMD" | sed -e "s/<<'[A-Za-z_]*'.*//g" -e 's/<<[A-Za-z_]*.*//g' 2>/dev/null || printf '%s' "$CMD")
+# Remove double-quoted strings
+STRIPPED=$(printf '%s' "$STRIPPED" | sed 's/"[^"]*"//g' 2>/dev/null || printf '%s' "$STRIPPED")
+# Remove single-quoted strings
+STRIPPED=$(printf '%s' "$STRIPPED" | sed "s/'[^']*'//g" 2>/dev/null || printf '%s' "$STRIPPED")
+
+# --- Helper: check if pattern matches stripped command ---
+matches() {
+  printf '%s' "$STRIPPED" | grep -qE "$1"
+}
+
+# --- Detect destructive commands (on stripped command only) ---
+
+IS_RM=false
+IS_RMDIR=false
+IS_MV_PROJECT=false
+IS_GIT_CLEAN=false
+IS_RESET_HARD=false
+IS_GIT_CHECKOUT_DOT=false
+IS_GIT_RESTORE_DOT=false
+IS_GIT_PUSH_FORCE=false
+IS_DROP_TABLE=false
+IS_DOCKER_RM=false
+
+# rm (but not git rm which stages, doesn't destroy)
+if matches '(^|\s|;|&&|\|\|)rm\s'; then
+  if ! matches '(^|\s)git\s+rm\s'; then
+    IS_RM=true
+  fi
+fi
+
+# rmdir
+if matches '(^|\s|;|&&|\|\|)rmdir\s'; then
+  IS_RMDIR=true
+fi
+
+# mv of project directories or git repos
+if matches '(^|\s|;|&&|\|\|)mv\s'; then
+  MV_TAIL=$(printf '%s' "$STRIPPED" | sed 's/^.*\bmv //' | sed 's/-[finv] //g')
+  if printf '%s' "$MV_TAIL" | grep -qE '(~/projects|\.git)'; then
+    IS_MV_PROJECT=true
+  fi
+fi
+
+# git clean
+if matches '(^|\s|;|&&|\|\|)git\s+clean\b'; then
+  IS_GIT_CLEAN=true
+fi
+
+# git reset --hard
+if matches '(^|\s|;|&&|\|\|)git\s+reset\s+--hard'; then
+  IS_RESET_HARD=true
+fi
+
+# git checkout -- .
+if matches '(^|\s|;|&&|\|\|)git\s+checkout\s+--\s+\.'; then
+  IS_GIT_CHECKOUT_DOT=true
+fi
+
+# git restore .
+if matches '(^|\s|;|&&|\|\|)git\s+restore\s+\.'; then
+  IS_GIT_RESTORE_DOT=true
+fi
+
+# git push --force / -f (but not --force-with-lease which is safer)
+if matches '(^|\s|;|&&|\|\|)git\s+push\s'; then
+  if matches 'git\s+push\s.*--force([^-]|$)' || matches 'git\s+push\s+-f(\s|$)' || matches 'git\s+push\s.*\s-f(\s|$)'; then
+    IS_GIT_PUSH_FORCE=true
+  fi
+fi
+
+# SQL drop table (case-insensitive)
+if printf '%s' "$STRIPPED" | grep -qiE '(^|\s|;)drop\s+table'; then
+  IS_DROP_TABLE=true
+fi
+
+# docker rm / docker rmi
+if matches '(^|\s|;|&&|\|\|)docker\s+(rm|rmi)\b'; then
+  IS_DOCKER_RM=true
+fi
+
+# --- Not a destructive command — let it through ---
+
+if [ "$IS_RM" = false ] && [ "$IS_RMDIR" = false ] && [ "$IS_MV_PROJECT" = false ] && \
+   [ "$IS_GIT_CLEAN" = false ] && [ "$IS_RESET_HARD" = false ] && \
+   [ "$IS_GIT_CHECKOUT_DOT" = false ] && [ "$IS_GIT_RESTORE_DOT" = false ] && \
+   [ "$IS_GIT_PUSH_FORCE" = false ] && [ "$IS_DROP_TABLE" = false ] && \
+   [ "$IS_DOCKER_RM" = false ]; then
+  exit 0
+fi
+
+# --- Block: git clean ---
+if [ "$IS_GIT_CLEAN" = true ]; then
+  jq -n '{
+    continue: false,
+    stopReason: "BLOCKED: git clean would remove untracked files. Use git stash --include-untracked to save them first, or ask the user to run git clean manually."
+  }'
+  exit 0
+fi
+
+# --- Block: git reset --hard ---
+if [ "$IS_RESET_HARD" = true ]; then
+  jq -n '{
+    continue: false,
+    stopReason: "BLOCKED: git reset --hard would discard uncommitted changes. Use git stash to save them first, or ask the user to run this manually."
+  }'
+  exit 0
+fi
+
+# --- Block: git checkout -- . ---
+if [ "$IS_GIT_CHECKOUT_DOT" = true ]; then
+  jq -n '{
+    continue: false,
+    stopReason: "BLOCKED: git checkout -- . would discard all uncommitted changes. Use git stash to save them first, or ask the user to run this manually."
+  }'
+  exit 0
+fi
+
+# --- Block: git restore . ---
+if [ "$IS_GIT_RESTORE_DOT" = true ]; then
+  jq -n '{
+    continue: false,
+    stopReason: "BLOCKED: git restore . would discard all uncommitted changes. Use git stash to save them first, or ask the user to run this manually."
+  }'
+  exit 0
+fi
+
+# --- Block: git push --force ---
+if [ "$IS_GIT_PUSH_FORCE" = true ]; then
+  jq -n '{
+    continue: false,
+    stopReason: "BLOCKED: git push --force can overwrite remote history and cause data loss for collaborators. Use --force-with-lease instead, or ask the user to run this manually."
+  }'
+  exit 0
+fi
+
+# --- Block: mv of project directories ---
+if [ "$IS_MV_PROJECT" = true ]; then
+  jq -n '{
+    continue: false,
+    stopReason: "BLOCKED: mv of a project directory or git repo detected. Moving project directories can cause data loss if the operation fails midway. Ask the user to run this manually, or use cp + verify + rm instead."
+  }'
+  exit 0
+fi
+
+# --- Block: rmdir ---
+if [ "$IS_RMDIR" = true ]; then
+  jq -n '{
+    continue: false,
+    stopReason: "BLOCKED: rmdir detected. Removing directories can break project structure. Ask the user to confirm this operation manually."
+  }'
+  exit 0
+fi
+
+# --- Block: drop table ---
+if [ "$IS_DROP_TABLE" = true ]; then
+  jq -n '{
+    continue: false,
+    stopReason: "BLOCKED: DROP TABLE detected. This would permanently destroy database data. Ask the user to run this SQL statement manually after confirming intent."
+  }'
+  exit 0
+fi
+
+# --- Block: docker rm / rmi ---
+if [ "$IS_DOCKER_RM" = true ]; then
+  jq -n '{
+    continue: false,
+    stopReason: "BLOCKED: docker rm/rmi detected. Removing containers or images can cause data loss. Ask the user to run this manually."
+  }'
+  exit 0
+fi
+
+# --- Handle rm commands — copy to staging, then block ---
+
+# Create timestamped staging directory
+TIMESTAMP=$(date +%Y-%m-%d_%H%M%S)
+STAGE_DIR="$STAGING_ROOT/$TIMESTAMP"
+
+# Extract file paths from the rm command
+# Strip rm and its flags, keeping only the file arguments
+FILES=$(printf '%s' "$CMD" | sed 's/^.*\brm //' | sed 's/-[rRfivd]* //g' | tr ' ' '\n' | grep -v '^-' | grep -v '^$' || true)
+
+if [ -z "$FILES" ]; then
+  jq -n '{
+    continue: false,
+    stopReason: "BLOCKED: rm command detected but could not parse file targets. Please specify files explicitly."
+  }'
+  exit 0
+fi
+
+STAGED_COUNT=0
+STAGED_LIST=""
+MISSING_COUNT=0
+
+mkdir -p "$STAGE_DIR"
+
+printf '%s\n' "$FILES" | while IFS= read -r filepath; do
+  # Expand path (handle ~, relative paths)
+  expanded=$(eval printf '%s' "$filepath" 2>/dev/null || printf '%s' "$filepath")
+
+  if [ -e "$expanded" ]; then
+    # Preserve directory structure in staging
+    target_dir="$STAGE_DIR/$(dirname "$expanded")"
+    mkdir -p "$target_dir"
+    # COPY instead of MOVE — originals stay intact, staging is a backup
+    if [ -d "$expanded" ]; then
+      # Use rsync if available (excludes node_modules/dist/.git), fall back to cp
+      if command -v rsync >/dev/null 2>&1; then
+        rsync -a --exclude='node_modules' --exclude='dist' --exclude='.git' "$expanded/" "$target_dir/$(basename "$expanded")/" 2>/dev/null
+      else
+        cp -R "$expanded" "$target_dir/" 2>/dev/null
+      fi
+    else
+      cp "$expanded" "$target_dir/" 2>/dev/null
+    fi
+  fi
+done
+
+# Count what was staged (check if staging dir has content)
+if [ -d "$STAGE_DIR" ] && [ "$(ls -A "$STAGE_DIR" 2>/dev/null)" ]; then
+  STAGED_COUNT=$(find "$STAGE_DIR" -mindepth 1 -maxdepth 1 | wc -l | tr -d ' ')
+fi
+
+if [ "$STAGED_COUNT" -eq 0 ]; then
+  # All files were missing — let the rm fail naturally
+  rmdir "$STAGE_DIR" 2>/dev/null || true
+  exit 0
+fi
+
+jq -n \
+  --arg dir "$STAGE_DIR" \
+  '{
+    continue: false,
+    stopReason: ("BLOCKED & BACKED UP: Files copied to " + $dir + ". The originals are untouched. To proceed with deletion, ask the user to run the rm command manually.")
+  }'

package/src/hook-packs/validator.ts

@@ -0,0 +1,158 @@
+/**
+ * Hook pack validation framework.
+ * Generates test fixtures, runs dry-run tests, reports false positives/negatives.
+ */
+import { execSync } from 'node:child_process';
+import type { HookEvent } from './converter/template.js';
+
+export interface TestFixture {
+  name: string;
+  event: HookEvent;
+  payload: Record<string, unknown>;
+  shouldMatch: boolean;
+}
+
+export interface DryRunResult {
+  fixture: TestFixture;
+  exitCode: number;
+  stdout: string;
+  matched: boolean;
+}
+
+export interface ValidationReport {
+  total: number;
+  passed: number;
+  falsePositives: DryRunResult[];
+  falseNegatives: DryRunResult[];
+}
+
+/**
+ * Generate test fixtures for a hook event.
+ * Returns 5 matching + 10 non-matching payloads.
+ */
+export function generateFixtures(
+  event: HookEvent,
+  toolMatcher?: string,
+  filePatterns?: string[],
+): TestFixture[] {
+  const fixtures: TestFixture[] = [];
+
+  if (event === 'PreToolUse' || event === 'PostToolUse') {
+    const matchTools = toolMatcher ? toolMatcher.split('|').map((t) => t.trim()) : ['Write'];
+    const matchPath = filePatterns?.[0] ?? '**/src/**';
+    // Convert glob to a sample path
+    const samplePath = matchPath
+      .replace('**/', 'src/')
+      .replace('**', 'components')
+      .replace('*', 'file.tsx');
+
+    // 5 matching fixtures
+    for (let i = 0; i < 5; i++) {
+      const tool = matchTools[i % matchTools.length];
+      fixtures.push({
+        name: `match-${tool}-${i}`,
+        event,
+        payload: {
+          tool_name: tool,
+          tool_input: {
+            file_path: `${samplePath.replace('file.tsx', `file-${i}.tsx`)}`,
+            command: `echo test-${i}`,
+          },
+        },
+        shouldMatch: true,
+      });
+    }
+
+    // 10 non-matching fixtures
+    const nonMatchTools = [
+      'Bash',
+      'Read',
+      'Glob',
+      'Grep',
+      'Agent',
+      'WebSearch',
+      'WebFetch',
+      'TaskCreate',
+      'Skill',
+      'ToolSearch',
+    ];
+    for (let i = 0; i < 10; i++) {
+      fixtures.push({
+        name: `no-match-${nonMatchTools[i]}-${i}`,
+        event,
+        payload: {
+          tool_name: nonMatchTools[i],
+          tool_input: {
+            file_path: `/unrelated/path/other-${i}.js`,
+            command: `ls -la`,
+          },
+        },
+        shouldMatch: false,
+      });
+    }
+  } else {
+    // PreCompact, Notification, Stop — simpler payloads
+    // 5 matching (any invocation matches these events)
+    for (let i = 0; i < 5; i++) {
+      fixtures.push({
+        name: `match-event-${i}`,
+        event,
+        payload: { session_id: `test-session-${i}`, context: `test context ${i}` },
+        shouldMatch: true,
+      });
+    }
+    // 10 non-matching (empty/malformed payloads)
+    for (let i = 0; i < 10; i++) {
+      fixtures.push({
+        name: `no-match-empty-${i}`,
+        event,
+        payload: {},
+        shouldMatch: false,
+      });
+    }
+  }
+
+  return fixtures;
+}
+
+/**
+ * Run a hook script against a single fixture in dry-run mode.
+ */
+export function runSingleDryRun(scriptPath: string, fixture: TestFixture): DryRunResult {
+  const input = JSON.stringify(fixture.payload);
+  try {
+    const stdout = execSync(`printf '%s' '${input.replace(/'/g, "'\\''")}' | sh "${scriptPath}"`, {
+      encoding: 'utf-8',
+      timeout: 5000,
+      stdio: ['pipe', 'pipe', 'pipe'],
+    });
+    const matched = stdout.trim().length > 0 && stdout.includes('"continue"');
+    return { fixture, exitCode: 0, stdout: stdout.trim(), matched };
+  } catch (err: unknown) {
+    const error = err as { status?: number; stdout?: string };
+    return {
+      fixture,
+      exitCode: error.status ?? 1,
+      stdout: (error.stdout as string) ?? '',
+      matched: false,
+    };
+  }
+}
+
+/**
+ * Run all fixtures against a script and produce a validation report.
+ */
+export function validateHookScript(scriptPath: string, fixtures: TestFixture[]): ValidationReport {
+  const results = fixtures.map((f) => runSingleDryRun(scriptPath, f));
+
+  const falsePositives = results.filter((r) => !r.fixture.shouldMatch && r.matched);
+  const falseNegatives = results.filter((r) => r.fixture.shouldMatch && !r.matched);
+  const passed = results.length - falsePositives.length - falseNegatives.length;
+
+  return {
+    total: results.length,
+    passed,
+    falsePositives,
+    falseNegatives,
+  };
+}

package/src/hook-packs/yolo-safety/manifest.json

@@ -1,23 +1,7 @@
 {
   "name": "yolo-safety",
-  "version": "1.0.0",
-  "description": "Anti-deletion guardrail for YOLO mode — intercepts destructive commands, stages files for review",
+  "version": "1.1.0",
+  "description": "Safety guardrails for YOLO mode — composes the safety pack (anti-deletion, staging) with YOLO-specific defaults",
   "hooks": [],
-  "scripts": [
-    {
-      "name": "anti-deletion",
-      "file": "anti-deletion.sh",
-      "targetDir": "hooks"
-    }
-  ],
-  "lifecycleHooks": [
-    {
-      "event": "PreToolUse",
-      "matcher": "Bash",
-      "type": "command",
-      "command": "bash ~/.claude/hooks/anti-deletion.sh",
-      "timeout": 10,
-      "statusMessage": "Checking for destructive commands..."
-    }
-  ]
+  "composedFrom": ["safety"]
 }