@soleri/cli 9.3.1 → 9.5.0

package/dist/hook-packs/yolo-safety/scripts/anti-deletion.sh

@@ -1,21 +1,31 @@
-#!/usr/bin/env bash
+#!/bin/sh
 # Anti-Deletion Staging Hook for Claude Code (Soleri Hook Pack: yolo-safety)
-# PreToolUse -> Bash: intercepts rm, rmdir, mv (of project dirs), git clean, reset --hard
-# Copies target files to ~/.soleri/staging/<timestamp>/ then blocks the command.
+# PreToolUse -> Bash: intercepts destructive commands, stages files, blocks execution.
+#
+# Intercepted patterns:
+#   - rm / rmdir          (files/dirs — stages first, then blocks)
+#   - git push --force    (blocks outright)
+#   - git reset --hard    (blocks outright)
+#   - git clean           (blocks outright)
+#   - git checkout -- .   (blocks outright)
+#   - git restore .       (blocks outright)
+#   - mv ~/projects/...   (blocks outright)
+#   - drop table          (SQL — blocks outright)
+#   - docker rm / rmi     (blocks outright)
 #
 # Catastrophic commands (rm -rf /, rm -rf ~) should stay in deny rules —
 # this hook handles targeted deletes only.
 #
-# Dependencies: jq (required), perl (optional, for heredoc stripping)
+# Dependencies: jq (required)
+# POSIX sh compatible — no bash-specific features.
 
-set -euo pipefail
+set -eu
 
 STAGING_ROOT="$HOME/.soleri/staging"
-PROJECTS_DIR="$HOME/projects"
 INPUT=$(cat)
 
 # Extract the command from stdin JSON
-CMD=$(echo "$INPUT" | jq -r '.tool_input.command // empty' 2>/dev/null)
+CMD=$(printf '%s' "$INPUT" | jq -r '.tool_input.command // empty' 2>/dev/null)
 
 # No command found — let it through
 if [ -z "$CMD" ]; then
@@ -26,12 +36,17 @@ fi
 # Commands like: gh issue comment --body "$(cat <<'EOF' ... rmdir ... EOF)"
 # contain destructive keywords in text, not as actual commands.
 
-# Remove heredoc blocks: <<'EOF'...EOF and <<EOF...EOF (multiline)
-STRIPPED=$(echo "$CMD" | perl -0777 -pe "s/<<'?\\w+'?.*?^\\w+$//gms" 2>/dev/null || echo "$CMD")
-# Remove double-quoted strings (greedy but good enough for this check)
-STRIPPED=$(echo "$STRIPPED" | sed -E 's/"[^"]*"//g' 2>/dev/null || echo "$STRIPPED")
+# Remove heredoc blocks (best-effort with sed)
+STRIPPED=$(printf '%s' "$CMD" | sed -e "s/<<'[A-Za-z_]*'.*//g" -e 's/<<[A-Za-z_]*.*//g' 2>/dev/null || printf '%s' "$CMD")
+# Remove double-quoted strings
+STRIPPED=$(printf '%s' "$STRIPPED" | sed 's/"[^"]*"//g' 2>/dev/null || printf '%s' "$STRIPPED")
 # Remove single-quoted strings
-STRIPPED=$(echo "$STRIPPED" | sed -E "s/'[^']*'//g" 2>/dev/null || echo "$STRIPPED")
+STRIPPED=$(printf '%s' "$STRIPPED" | sed "s/'[^']*'//g" 2>/dev/null || printf '%s' "$STRIPPED")
+
+# --- Helper: check if pattern matches stripped command ---
+matches() {
+  printf '%s' "$STRIPPED" | grep -qE "$1"
+}
 
 # --- Detect destructive commands (on stripped command only) ---
 
@@ -42,56 +57,78 @@ IS_GIT_CLEAN=false
 IS_RESET_HARD=false
 IS_GIT_CHECKOUT_DOT=false
 IS_GIT_RESTORE_DOT=false
+IS_GIT_PUSH_FORCE=false
+IS_DROP_TABLE=false
+IS_DOCKER_RM=false
 
-# Check for rm commands (but not git rm which is safe — it stages, doesn't destroy)
-if echo "$STRIPPED" | grep -qE '(^|\s|;|&&|\|\|)rm\s'; then
-  if ! echo "$STRIPPED" | grep -qE '(^|\s)git\s+rm\s'; then
+# rm (but not git rm which stages, doesn't destroy)
+if matches '(^|\s|;|&&|\|\|)rm\s'; then
+  if ! matches '(^|\s)git\s+rm\s'; then
     IS_RM=true
   fi
 fi
 
-# Check for rmdir commands
-if echo "$STRIPPED" | grep -qE '(^|\s|;|&&|\|\|)rmdir\s'; then
+# rmdir
+if matches '(^|\s|;|&&|\|\|)rmdir\s'; then
   IS_RMDIR=true
 fi
 
-# Check for mv commands that move project directories or git repos
-if echo "$STRIPPED" | grep -qE '(^|\s|;|&&|\|\|)mv\s'; then
-  MV_SOURCES=$(echo "$STRIPPED" | sed -E 's/^.*\bmv\s+//' | sed -E 's/-(f|i|n|v)\s+//g')
-  if echo "$MV_SOURCES" | grep -qE "(~/projects|$HOME/projects|\\\$HOME/projects|\\.git)"; then
+# mv of project directories or git repos
+if matches '(^|\s|;|&&|\|\|)mv\s'; then
+  MV_TAIL=$(printf '%s' "$STRIPPED" | sed 's/^.*\bmv //' | sed 's/-[finv] //g')
+  if printf '%s' "$MV_TAIL" | grep -qE '(~/projects|\.git)'; then
     IS_MV_PROJECT=true
   fi
 fi
 
-# Check for git clean
-if echo "$STRIPPED" | grep -qE '(^|\s|;|&&|\|\|)git\s+clean\b'; then
+# git clean
+if matches '(^|\s|;|&&|\|\|)git\s+clean\b'; then
   IS_GIT_CLEAN=true
 fi
 
-# Check for git reset --hard
-if echo "$STRIPPED" | grep -qE '(^|\s|;|&&|\|\|)git\s+reset\s+--hard'; then
+# git reset --hard
+if matches '(^|\s|;|&&|\|\|)git\s+reset\s+--hard'; then
   IS_RESET_HARD=true
 fi
 
-# Check for git checkout -- . (restores all files, discards changes)
-if echo "$STRIPPED" | grep -qE '(^|\s|;|&&|\|\|)git\s+checkout\s+--\s+\.'; then
+# git checkout -- .
+if matches '(^|\s|;|&&|\|\|)git\s+checkout\s+--\s+\.'; then
   IS_GIT_CHECKOUT_DOT=true
 fi
 
-# Check for git restore . (restores all files, discards changes)
-if echo "$STRIPPED" | grep -qE '(^|\s|;|&&|\|\|)git\s+restore\s+\.'; then
+# git restore .
+if matches '(^|\s|;|&&|\|\|)git\s+restore\s+\.'; then
   IS_GIT_RESTORE_DOT=true
 fi
 
-# Not a destructive command — let it through
+# git push --force / -f (but not --force-with-lease which is safer)
+if matches '(^|\s|;|&&|\|\|)git\s+push\s'; then
+  if matches 'git\s+push\s.*--force([^-]|$)' || matches 'git\s+push\s+-f(\s|$)' || matches 'git\s+push\s.*\s-f(\s|$)'; then
+    IS_GIT_PUSH_FORCE=true
+  fi
+fi
+
+# SQL drop table (case-insensitive)
+if printf '%s' "$STRIPPED" | grep -qiE '(^|\s|;)drop\s+table'; then
+  IS_DROP_TABLE=true
+fi
+
+# docker rm / docker rmi
+if matches '(^|\s|;|&&|\|\|)docker\s+(rm|rmi)\b'; then
+  IS_DOCKER_RM=true
+fi
+
+# --- Not a destructive command — let it through ---
+
 if [ "$IS_RM" = false ] && [ "$IS_RMDIR" = false ] && [ "$IS_MV_PROJECT" = false ] && \
    [ "$IS_GIT_CLEAN" = false ] && [ "$IS_RESET_HARD" = false ] && \
-   [ "$IS_GIT_CHECKOUT_DOT" = false ] && [ "$IS_GIT_RESTORE_DOT" = false ]; then
+   [ "$IS_GIT_CHECKOUT_DOT" = false ] && [ "$IS_GIT_RESTORE_DOT" = false ] && \
+   [ "$IS_GIT_PUSH_FORCE" = false ] && [ "$IS_DROP_TABLE" = false ] && \
+   [ "$IS_DOCKER_RM" = false ]; then
   exit 0
 fi
 
-# --- Handle git clean (block outright) ---
-
+# --- Block: git clean ---
 if [ "$IS_GIT_CLEAN" = true ]; then
   jq -n '{
     continue: false,
@@ -100,8 +137,7 @@ if [ "$IS_GIT_CLEAN" = true ]; then
   exit 0
 fi
 
-# --- Handle git reset --hard (block outright) ---
-
+# --- Block: git reset --hard ---
 if [ "$IS_RESET_HARD" = true ]; then
   jq -n '{
     continue: false,
@@ -110,8 +146,7 @@ if [ "$IS_RESET_HARD" = true ]; then
   exit 0
 fi
 
-# --- Handle git checkout -- . (block outright) ---
-
+# --- Block: git checkout -- . ---
 if [ "$IS_GIT_CHECKOUT_DOT" = true ]; then
   jq -n '{
     continue: false,
@@ -120,8 +155,7 @@ if [ "$IS_GIT_CHECKOUT_DOT" = true ]; then
   exit 0
 fi
 
-# --- Handle git restore . (block outright) ---
-
+# --- Block: git restore . ---
 if [ "$IS_GIT_RESTORE_DOT" = true ]; then
   jq -n '{
     continue: false,
@@ -130,8 +164,16 @@ if [ "$IS_GIT_RESTORE_DOT" = true ]; then
   exit 0
 fi
 
-# --- Handle mv of project directories (block outright) ---
+# --- Block: git push --force ---
+if [ "$IS_GIT_PUSH_FORCE" = true ]; then
+  jq -n '{
+    continue: false,
+    stopReason: "BLOCKED: git push --force can overwrite remote history and cause data loss for collaborators. Use --force-with-lease instead, or ask the user to run this manually."
+  }'
+  exit 0
+fi
 
+# --- Block: mv of project directories ---
 if [ "$IS_MV_PROJECT" = true ]; then
   jq -n '{
     continue: false,
@@ -140,8 +182,7 @@ if [ "$IS_MV_PROJECT" = true ]; then
   exit 0
 fi
 
-# --- Handle rmdir (block outright) ---
-
+# --- Block: rmdir ---
 if [ "$IS_RMDIR" = true ]; then
   jq -n '{
     continue: false,
@@ -150,6 +191,24 @@ if [ "$IS_RMDIR" = true ]; then
   exit 0
 fi
 
+# --- Block: drop table ---
+if [ "$IS_DROP_TABLE" = true ]; then
+  jq -n '{
+    continue: false,
+    stopReason: "BLOCKED: DROP TABLE detected. This would permanently destroy database data. Ask the user to run this SQL statement manually after confirming intent."
+  }'
+  exit 0
+fi
+
+# --- Block: docker rm / rmi ---
+if [ "$IS_DOCKER_RM" = true ]; then
+  jq -n '{
+    continue: false,
+    stopReason: "BLOCKED: docker rm/rmi detected. Removing containers or images can cause data loss. Ask the user to run this manually."
+  }'
+  exit 0
+fi
+
 # --- Handle rm commands — copy to staging, then block ---
 
 # Create timestamped staging directory
@@ -158,7 +217,7 @@ STAGE_DIR="$STAGING_ROOT/$TIMESTAMP"
 
 # Extract file paths from the rm command
 # Strip rm and its flags, keeping only the file arguments
-FILES=$(echo "$CMD" | sed -E 's/^.*\brm\s+//' | sed -E 's/-(r|f|rf|fr|v|i|rv|fv|rfv|frv)\s+//g' | tr ' ' '\n' | grep -v '^-' | grep -v '^$')
+FILES=$(printf '%s' "$CMD" | sed 's/^.*\brm //' | sed 's/-[rRfivd]* //g' | tr ' ' '\n' | grep -v '^-' | grep -v '^$' || true)
 
 if [ -z "$FILES" ]; then
   jq -n '{
@@ -168,14 +227,15 @@ if [ -z "$FILES" ]; then
   exit 0
 fi
 
-STAGED=()
-MISSING=()
+STAGED_COUNT=0
+STAGED_LIST=""
+MISSING_COUNT=0
 
 mkdir -p "$STAGE_DIR"
 
-while IFS= read -r filepath; do
+printf '%s\n' "$FILES" | while IFS= read -r filepath; do
   # Expand path (handle ~, relative paths)
-  expanded=$(eval echo "$filepath" 2>/dev/null || echo "$filepath")
+  expanded=$(eval printf '%s' "$filepath" 2>/dev/null || printf '%s' "$filepath")
 
   if [ -e "$expanded" ]; then
     # Preserve directory structure in staging
@@ -183,32 +243,32 @@ while IFS= read -r filepath; do
     mkdir -p "$target_dir"
     # COPY instead of MOVE — originals stay intact, staging is a backup
     if [ -d "$expanded" ]; then
-      cp -R "$expanded" "$target_dir/" 2>/dev/null && STAGED+=("$expanded") || MISSING+=("$expanded")
+      # Use rsync if available (excludes node_modules/dist/.git), fall back to cp
+      if command -v rsync >/dev/null 2>&1; then
+        rsync -a --exclude='node_modules' --exclude='dist' --exclude='.git' "$expanded/" "$target_dir/$(basename "$expanded")/" 2>/dev/null
+      else
+        cp -R "$expanded" "$target_dir/" 2>/dev/null
+      fi
     else
-      cp "$expanded" "$target_dir/" 2>/dev/null && STAGED+=("$expanded") || MISSING+=("$expanded")
+      cp "$expanded" "$target_dir/" 2>/dev/null
     fi
-  else
-    MISSING+=("$expanded")
   fi
-done <<< "$FILES"
+done
 
-# Build response
-STAGED_COUNT=${#STAGED[@]}
-MISSING_COUNT=${#MISSING[@]}
+# Count what was staged (check if staging dir has content)
+if [ -d "$STAGE_DIR" ] && [ "$(ls -A "$STAGE_DIR" 2>/dev/null)" ]; then
+  STAGED_COUNT=$(find "$STAGE_DIR" -mindepth 1 -maxdepth 1 | wc -l | tr -d ' ')
+fi
 
-if [ "$STAGED_COUNT" -eq 0 ] && [ "$MISSING_COUNT" -gt 0 ]; then
+if [ "$STAGED_COUNT" -eq 0 ]; then
   # All files were missing — let the rm fail naturally
   rmdir "$STAGE_DIR" 2>/dev/null || true
   exit 0
 fi
 
-STAGED_LIST=$(printf '%s, ' "${STAGED[@]}" | sed 's/, $//')
-
 jq -n \
-  --arg staged "$STAGED_LIST" \
   --arg dir "$STAGE_DIR" \
-  --argjson count "$STAGED_COUNT" \
   '{
     continue: false,
-    stopReason: ("BLOCKED & BACKED UP: " + ($count | tostring) + " item(s) copied to " + $dir + " — files: " + $staged + ". The originals are untouched. To proceed with deletion, ask the user to run the rm command manually.")
+    stopReason: ("BLOCKED & BACKED UP: Files copied to " + $dir + ". The originals are untouched. To proceed with deletion, ask the user to run the rm command manually.")
   }'

package/dist/main.js

@@ -20,6 +20,7 @@ import { registerSkills } from './commands/skills.js';
 import { registerAgent } from './commands/agent.js';
 import { registerTelegram } from './commands/telegram.js';
 import { registerStaging } from './commands/staging.js';
+import { registerYolo } from './commands/yolo.js';
 const require = createRequire(import.meta.url);
 const { version } = require('../package.json');
 const RESET = '\x1b[0m';
@@ -75,5 +76,6 @@ registerSkills(program);
 registerAgent(program);
 registerTelegram(program);
 registerStaging(program);
+registerYolo(program);
 program.parse();
 //# sourceMappingURL=main.js.map

package/dist/main.js.map

@@ -1 +1 @@
-{"version":3,"file":"main.js","sourceRoot":"","sources":["../src/main.ts"],"names":[],"mappings":";AAEA,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAC5C,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,iBAAiB,EAAE,MAAM,0BAA0B,CAAC;AAC7D,OAAO,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AACzD,OAAO,EAAE,wBAAwB,EAAE,MAAM,iCAAiC,CAAC;AAC3E,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,kBAAkB,EAAE,MAAM,0BAA0B,CAAC;AAC9D,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAC5D,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AAExD,MAAM,OAAO,GAAG,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC/C,MAAM,EAAE,OAAO,EAAE,GAAG,OAAO,CAAC,iBAAiB,CAAC,CAAC;AAE/C,MAAM,KAAK,GAAG,SAAS,CAAC;AACxB,MAAM,IAAI,GAAG,SAAS,CAAC;AACvB,MAAM,GAAG,GAAG,SAAS,CAAC;AACtB,MAAM,IAAI,GAAG,UAAU,CAAC;AACxB,MAAM,KAAK,GAAG,UAAU,CAAC;AACzB,MAAM,MAAM,GAAG,UAAU,CAAC;AAE1B,SAAS,WAAW;IAClB,OAAO,CAAC,GAAG,EAAE,CAAC;IACd,OAAO,CAAC,GAAG,CAAC,KAAK,IAAI,GAAG,IAAI,SAAS,KAAK,IAAI,GAAG,IAAI,OAAO,GAAG,KAAK,EAAE,CAAC,CAAC;IACxE,OAAO,CAAC,GAAG,CAAC,KAAK,GAAG,kBAAkB,KAAK,EAAE,CAAC,CAAC;IAC/C,OAAO,CAAC,GAAG,EAAE,CAAC;IACd,OAAO,CAAC,GAAG,CAAC,KAAK,KAAK,cAAc,KAAK,EAAE,CAAC,CAAC;IAC7C,OAAO,CAAC,GAAG,CAAC,OAAO,IAAI,gBAAgB,KAAK,8BAA8B,CAAC,CAAC;IAC5E,OAAO,CAAC,GAAG,CAAC,OAAO,IAAI,gBAAgB,KAAK,6BAA6B,CAAC,CAAC;IAC3E,OAAO,CAAC,GAAG,EAAE,CAAC;IACd,OAAO,CAAC,GAAG,CAAC,KAAK,MAAM,sBAAsB,KAAK,EAAE,CAAC,CAAC;IACtD,OAAO,CAAC,GAAG,CAAC,OAAO,IAAI,aAAa,KAAK,oCAAoC,CAAC,CAAC;IAC/E,OAAO,CAAC,GAAG,CAAC,OAAO,IAAI,cAAc,KAAK,2BAA2B,CAAC,CAAC;IACvE,OAAO,CAAC,GAAG,CAAC,OAAO,IAAI,oBAAoB,KAAK,4BAA4B,CAAC,CAAC;IAC9E,OAAO,CAAC,GAAG,CAAC,OAAO,IAAI,eAAe,KAAK,8BAA8B,CAAC,CAAC;IAC3E,OAAO,CAAC,GAAG,CAAC,OAAO,IAAI,iBAAiB,KAAK,qCAAqC,CAAC,CAAC;IACpF,OAAO,CAAC,GAAG,CAAC,OAAO,IAAI,mBAAmB,KAAK,oCAAoC,CAAC,CAAC;IACrF,OAAO,CAAC,GAAG,EAAE,CAAC;IACd,OAAO,CAAC,GAAG,CAAC,KAAK,GAAG,OAAO,IAAI,gBAAgB,KAAK,GAAG,GAAG,oBAAoB,KAAK,EAAE,CAAC,CAAC;IACvF,OAAO,CAAC,GAAG,EAAE,CAAC;AAChB,CAAC;AAED,MAAM,OAAO,GAAG,IAAI,OAAO,EAAE,CAAC;AAE9B,OAAO;KACJ,IAAI,CAAC,QAAQ,CAAC;KACd,WAAW,CAAC,0DAA0D,CAAC;KACvE,OAAO,CAAC,OAAO,CAAC;KAChB,MAAM,CAAC,GAAG,EAAE;IACX,WAAW,EAAE,CAAC;AAChB,CAAC,CAAC,CAAC;AAEL,cAAc,CAAC,OAAO,CAAC,CAAC;AACxB,YAAY,CAAC,OAAO,CAAC,CAAC;AACtB,iBAAiB,CAAC,OAAO,CAAC,CAAC;AAC3B,eAAe,CAAC,OAAO,CAAC,CAAC;AACzB,wBAAwB,CAAC,OAAO,CAAC,CAAC;AAClC,WAAW,CAAC,OAAO,CAAC,CAAC;AACrB,cAAc,CAAC,OAAO,CAAC,CAAC;AACxB,aAAa,CAAC,OAAO,CAAC,CAAC;AACvB,kBAAkB,CAAC,OAAO,CAAC,CAAC;AAC5B,YAAY,CAAC,OAAO,CAAC,CAAC;AACtB,eAAe,CAAC,OAAO,CAAC,CAAC;AACzB,cAAc,CAAC,OAAO,CAAC,CAAC;AACxB,eAAe,CAAC,OAAO,CAAC,CAAC;AACzB,iBAAiB,CAAC,OAAO,CAAC,CAAC;AAC3B,YAAY,CAAC,OAAO,CAAC,CAAC;AACtB,cAAc,CAAC,OAAO,CAAC,CAAC;AACxB,aAAa,CAAC,OAAO,CAAC,CAAC;AACvB,gBAAgB,CAAC,OAAO,CAAC,CAAC;AAC1B,eAAe,CAAC,OAAO,CAAC,CAAC;AACzB,OAAO,CAAC,KAAK,EAAE,CAAC"}
+{"version":3,"file":"main.js","sourceRoot":"","sources":["../src/main.ts"],"names":[],"mappings":";AAEA,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAC5C,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,iBAAiB,EAAE,MAAM,0BAA0B,CAAC;AAC7D,OAAO,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AACzD,OAAO,EAAE,wBAAwB,EAAE,MAAM,iCAAiC,CAAC;AAC3E,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,kBAAkB,EAAE,MAAM,0BAA0B,CAAC;AAC9D,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAC5D,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAElD,MAAM,OAAO,GAAG,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC/C,MAAM,EAAE,OAAO,EAAE,GAAG,OAAO,CAAC,iBAAiB,CAAC,CAAC;AAE/C,MAAM,KAAK,GAAG,SAAS,CAAC;AACxB,MAAM,IAAI,GAAG,SAAS,CAAC;AACvB,MAAM,GAAG,GAAG,SAAS,CAAC;AACtB,MAAM,IAAI,GAAG,UAAU,CAAC;AACxB,MAAM,KAAK,GAAG,UAAU,CAAC;AACzB,MAAM,MAAM,GAAG,UAAU,CAAC;AAE1B,SAAS,WAAW;IAClB,OAAO,CAAC,GAAG,EAAE,CAAC;IACd,OAAO,CAAC,GAAG,CAAC,KAAK,IAAI,GAAG,IAAI,SAAS,KAAK,IAAI,GAAG,IAAI,OAAO,GAAG,KAAK,EAAE,CAAC,CAAC;IACxE,OAAO,CAAC,GAAG,CAAC,KAAK,GAAG,kBAAkB,KAAK,EAAE,CAAC,CAAC;IAC/C,OAAO,CAAC,GAAG,EAAE,CAAC;IACd,OAAO,CAAC,GAAG,CAAC,KAAK,KAAK,cAAc,KAAK,EAAE,CAAC,CAAC;IAC7C,OAAO,CAAC,GAAG,CAAC,OAAO,IAAI,gBAAgB,KAAK,8BAA8B,CAAC,CAAC;IAC5E,OAAO,CAAC,GAAG,CAAC,OAAO,IAAI,gBAAgB,KAAK,6BAA6B,CAAC,CAAC;IAC3E,OAAO,CAAC,GAAG,EAAE,CAAC;IACd,OAAO,CAAC,GAAG,CAAC,KAAK,MAAM,sBAAsB,KAAK,EAAE,CAAC,CAAC;IACtD,OAAO,CAAC,GAAG,CAAC,OAAO,IAAI,aAAa,KAAK,oCAAoC,CAAC,CAAC;IAC/E,OAAO,CAAC,GAAG,CAAC,OAAO,IAAI,cAAc,KAAK,2BAA2B,CAAC,CAAC;IACvE,OAAO,CAAC,GAAG,CAAC,OAAO,IAAI,oBAAoB,KAAK,4BAA4B,CAAC,CAAC;IAC9E,OAAO,CAAC,GAAG,CAAC,OAAO,IAAI,eAAe,KAAK,8BAA8B,CAAC,CAAC;IAC3E,OAAO,CAAC,GAAG,CAAC,OAAO,IAAI,iBAAiB,KAAK,qCAAqC,CAAC,CAAC;IACpF,OAAO,CAAC,GAAG,CAAC,OAAO,IAAI,mBAAmB,KAAK,oCAAoC,CAAC,CAAC;IACrF,OAAO,CAAC,GAAG,EAAE,CAAC;IACd,OAAO,CAAC,GAAG,CAAC,KAAK,GAAG,OAAO,IAAI,gBAAgB,KAAK,GAAG,GAAG,oBAAoB,KAAK,EAAE,CAAC,CAAC;IACvF,OAAO,CAAC,GAAG,EAAE,CAAC;AAChB,CAAC;AAED,MAAM,OAAO,GAAG,IAAI,OAAO,EAAE,CAAC;AAE9B,OAAO;KACJ,IAAI,CAAC,QAAQ,CAAC;KACd,WAAW,CAAC,0DAA0D,CAAC;KACvE,OAAO,CAAC,OAAO,CAAC;KAChB,MAAM,CAAC,GAAG,EAAE;IACX,WAAW,EAAE,CAAC;AAChB,CAAC,CAAC,CAAC;AAEL,cAAc,CAAC,OAAO,CAAC,CAAC;AACxB,YAAY,CAAC,OAAO,CAAC,CAAC;AACtB,iBAAiB,CAAC,OAAO,CAAC,CAAC;AAC3B,eAAe,CAAC,OAAO,CAAC,CAAC;AACzB,wBAAwB,CAAC,OAAO,CAAC,CAAC;AAClC,WAAW,CAAC,OAAO,CAAC,CAAC;AACrB,cAAc,CAAC,OAAO,CAAC,CAAC;AACxB,aAAa,CAAC,OAAO,CAAC,CAAC;AACvB,kBAAkB,CAAC,OAAO,CAAC,CAAC;AAC5B,YAAY,CAAC,OAAO,CAAC,CAAC;AACtB,eAAe,CAAC,OAAO,CAAC,CAAC;AACzB,cAAc,CAAC,OAAO,CAAC,CAAC;AACxB,eAAe,CAAC,OAAO,CAAC,CAAC;AACzB,iBAAiB,CAAC,OAAO,CAAC,CAAC;AAC3B,YAAY,CAAC,OAAO,CAAC,CAAC;AACtB,cAAc,CAAC,OAAO,CAAC,CAAC;AACxB,aAAa,CAAC,OAAO,CAAC,CAAC;AACvB,gBAAgB,CAAC,OAAO,CAAC,CAAC;AAC1B,eAAe,CAAC,OAAO,CAAC,CAAC;AACzB,YAAY,CAAC,OAAO,CAAC,CAAC;AACtB,OAAO,CAAC,KAAK,EAAE,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@soleri/cli",
-  "version": "9.3.1",
+  "version": "9.5.0",
   "description": "Developer CLI for creating and managing Soleri AI agents.",
   "keywords": [
     "agent",

package/src/__tests__/flock-guard.test.ts

@@ -0,0 +1,225 @@
+import { describe, it, expect, afterEach } from 'vitest';
+import { execSync } from 'node:child_process';
+import { mkdirSync, rmSync, existsSync, readFileSync, writeFileSync } from 'node:fs';
+import { join } from 'node:path';
+import { createHash } from 'node:crypto';
+import { tmpdir } from 'node:os';
+
+const SCRIPTS_DIR = join(__dirname, '..', 'hook-packs', 'flock-guard', 'scripts');
+const PRE_SCRIPT = join(SCRIPTS_DIR, 'flock-guard-pre.sh');
+const POST_SCRIPT = join(SCRIPTS_DIR, 'flock-guard-post.sh');
+
+// The scripts use `git rev-parse --show-toplevel` which resolves to the repo root.
+// Compute the same hash the scripts will produce.
+const PROJECT_ROOT = execSync('git rev-parse --show-toplevel', {
+  cwd: join(__dirname, '..'),
+  encoding: 'utf-8',
+}).trim();
+const PROJECT_HASH = execSync(`printf '%s' '${PROJECT_ROOT}' | shasum | cut -c1-8`, {
+  encoding: 'utf-8',
+}).trim();
+// Scripts use ${TMPDIR:-${TEMP:-/tmp}} — match that resolution for the test environment
+const LOCK_DIR = `${process.env.TMPDIR || process.env.TEMP || tmpdir()}/soleri-guard-${PROJECT_HASH}.lock`;
+
+function makePayload(command: string): string {
+  return JSON.stringify({ tool_name: 'Bash', tool_input: { command } });
+}
+
+function runPre(
+  command: string,
+  env?: Record<string, string>,
+): { stdout: string; exitCode: number } {
+  try {
+    const stdout = execSync(
+      `printf '%s' '${escapeShell(makePayload(command))}' | sh '${PRE_SCRIPT}'`,
+      {
+        encoding: 'utf-8',
+        stdio: 'pipe',
+        cwd: PROJECT_ROOT,
+        env: { ...process.env, ...env },
+      },
+    );
+    return { stdout, exitCode: 0 };
+  } catch (err: any) {
+    return { stdout: err.stdout ?? '', exitCode: err.status ?? 1 };
+  }
+}
+
+function runPost(
+  command: string,
+  env?: Record<string, string>,
+): { stdout: string; exitCode: number } {
+  try {
+    const stdout = execSync(
+      `printf '%s' '${escapeShell(makePayload(command))}' | sh '${POST_SCRIPT}'`,
+      {
+        encoding: 'utf-8',
+        stdio: 'pipe',
+        cwd: PROJECT_ROOT,
+        env: { ...process.env, ...env },
+      },
+    );
+    return { stdout, exitCode: 0 };
+  } catch (err: any) {
+    return { stdout: err.stdout ?? '', exitCode: err.status ?? 1 };
+  }
+}
+
+function escapeShell(s: string): string {
+  // Escape single quotes for use inside single-quoted shell string
+  return s.replace(/'/g, "'\\''");
+}
+
+function cleanLock(): void {
+  if (existsSync(LOCK_DIR)) {
+    rmSync(LOCK_DIR, { recursive: true, force: true });
+  }
+}
+
+describe('flock-guard hook pack', () => {
+  afterEach(() => {
+    cleanLock();
+  });
+
+  // 1. Pre: allows non-lockfile commands
+  it('pre: allows non-lockfile commands (exit 0, no output)', () => {
+    const { stdout, exitCode } = runPre('echo hello');
+    expect(exitCode).toBe(0);
+    expect(stdout.trim()).toBe('');
+    expect(existsSync(LOCK_DIR)).toBe(false);
+  });
+
+  // 2. Pre: acquires lock on npm install
+  it('pre: acquires lock on npm install', () => {
+    const sessionId = `test-acquire-${Date.now()}`;
+    const { exitCode } = runPre('npm install', { CLAUDE_SESSION_ID: sessionId });
+    expect(exitCode).toBe(0);
+    expect(existsSync(LOCK_DIR)).toBe(true);
+  });
+
+  // 3. Pre: lock dir contains valid JSON with agentId and timestamp
+  it('pre: lock dir contains valid JSON with agentId and timestamp', () => {
+    const sessionId = `test-json-${Date.now()}`;
+    runPre('npm install', { CLAUDE_SESSION_ID: sessionId });
+
+    const lockJson = JSON.parse(readFileSync(join(LOCK_DIR, 'lock.json'), 'utf-8'));
+    expect(lockJson).toHaveProperty('agentId', sessionId);
+    expect(lockJson).toHaveProperty('timestamp');
+    expect(typeof lockJson.timestamp).toBe('number');
+    expect(lockJson.timestamp).toBeGreaterThan(0);
+  });
+
+  // 4. Post: releases lock after npm install
+  it('post: releases lock after npm install', () => {
+    const sessionId = `test-release-${Date.now()}`;
+    runPre('npm install', { CLAUDE_SESSION_ID: sessionId });
+    expect(existsSync(LOCK_DIR)).toBe(true);
+
+    const { exitCode } = runPost('npm install', { CLAUDE_SESSION_ID: sessionId });
+    expect(exitCode).toBe(0);
+    expect(existsSync(LOCK_DIR)).toBe(false);
+  });
+
+  // 5. Pre: blocks when lock held by another agent
+  it('pre: blocks when lock held by another agent', () => {
+    // Manually create lock with a different agentId
+    mkdirSync(LOCK_DIR, { recursive: true });
+    const now = Math.floor(Date.now() / 1000);
+    writeFileSync(
+      join(LOCK_DIR, 'lock.json'),
+      JSON.stringify({ agentId: 'other-agent-999', timestamp: now, command: 'npm install' }),
+    );
+
+    const mySession = `test-blocked-${Date.now()}`;
+    const { stdout, exitCode } = runPre('npm install', { CLAUDE_SESSION_ID: mySession });
+
+    // Script exits 0 but outputs JSON with continue: false
+    expect(exitCode).toBe(0);
+    const output = JSON.parse(stdout.trim());
+    expect(output.continue).toBe(false);
+    expect(output.stopReason).toContain('BLOCKED');
+    expect(output.stopReason).toContain('other-agent-999');
+  });
+
+  // 6. Pre: cleans stale lock (timestamp older than 30s)
+  it('pre: cleans stale lock and acquires', () => {
+    mkdirSync(LOCK_DIR, { recursive: true });
+    const staleTime = Math.floor(Date.now() / 1000) - 60; // 60s ago
+    writeFileSync(
+      join(LOCK_DIR, 'lock.json'),
+      JSON.stringify({ agentId: 'stale-agent', timestamp: staleTime, command: 'npm install' }),
+    );
+
+    const mySession = `test-stale-${Date.now()}`;
+    const { stdout, exitCode } = runPre('npm install', { CLAUDE_SESSION_ID: mySession });
+    expect(exitCode).toBe(0);
+    // Should not contain "continue: false" — lock was stale and cleaned
+    if (stdout.trim()) {
+      const output = JSON.parse(stdout.trim());
+      expect(output.continue).not.toBe(false);
+    }
+    // Lock should now be held by our session
+    expect(existsSync(LOCK_DIR)).toBe(true);
+    const lockJson = JSON.parse(readFileSync(join(LOCK_DIR, 'lock.json'), 'utf-8'));
+    expect(lockJson.agentId).toBe(mySession);
+  });
+
+  // 7. Pre: allows same agent reentry
+  it('pre: allows same agent reentry', () => {
+    const sessionId = `test-reentry-${Date.now()}`;
+    const env = { CLAUDE_SESSION_ID: sessionId };
+
+    // First acquisition
+    const first = runPre('npm install', env);
+    expect(first.exitCode).toBe(0);
+    expect(existsSync(LOCK_DIR)).toBe(true);
+
+    // Second acquisition with same session — should succeed (reentry)
+    const second = runPre('npm install', env);
+    expect(second.exitCode).toBe(0);
+    // No "continue: false" in output
+    if (second.stdout.trim()) {
+      const output = JSON.parse(second.stdout.trim());
+      expect(output.continue).not.toBe(false);
+    }
+  });
+
+  // 8. Post: only releases own lock (does not release lock held by other agent)
+  it('post: only releases own lock — does not remove lock held by another agent', () => {
+    // Create lock with a different agent
+    mkdirSync(LOCK_DIR, { recursive: true });
+    const now = Math.floor(Date.now() / 1000);
+    writeFileSync(
+      join(LOCK_DIR, 'lock.json'),
+      JSON.stringify({ agentId: 'other-agent-777', timestamp: now, command: 'npm install' }),
+    );
+
+    const mySession = `test-norelease-${Date.now()}`;
+    const { exitCode } = runPost('npm install', { CLAUDE_SESSION_ID: mySession });
+    expect(exitCode).toBe(0);
+    // Lock dir should still exist — we don't own it
+    expect(existsSync(LOCK_DIR)).toBe(true);
+    const lockJson = JSON.parse(readFileSync(join(LOCK_DIR, 'lock.json'), 'utf-8'));
+    expect(lockJson.agentId).toBe('other-agent-777');
+  });
+
+  // 9. Pre: detects other lockfile commands (yarn, pnpm, cargo, pip)
+  it('pre: detects yarn, pnpm install, cargo build, pip install', () => {
+    const commands = ['yarn', 'yarn install', 'pnpm install', 'cargo build', 'pip install'];
+    for (const cmd of commands) {
+      cleanLock();
+      const sessionId = `test-detect-${Date.now()}`;
+      const { exitCode } = runPre(cmd, { CLAUDE_SESSION_ID: sessionId });
+      expect(exitCode).toBe(0);
+      expect(existsSync(LOCK_DIR)).toBe(true);
+      cleanLock();
+    }
+  });
+
+  // 10. Post: ignores non-lockfile commands
+  it('post: ignores non-lockfile commands (no crash, no lock interaction)', () => {
+    const { exitCode, stdout } = runPost('echo hello');
+    expect(exitCode).toBe(0);
+    expect(stdout.trim()).toBe('');
+  });
+});