@soleri/cli 9.4.0 → 9.6.0

package/src/hook-packs/converter/template.ts

@@ -0,0 +1,163 @@
+/**
+ * Conversion template for skill-to-hook conversion.
+ * Generates POSIX shell scripts and pack manifests for converted hooks.
+ */
+
+import type { HookPackManifest, HookPackLifecycleHook, HookPackScript } from '../registry.js';
+
+/** Supported Claude Code hook events */
+export type HookEvent = 'PreToolUse' | 'PostToolUse' | 'PreCompact' | 'Notification' | 'Stop';
+
+/** Action levels for graduated enforcement */
+export type ActionLevel = 'remind' | 'warn' | 'block';
+
+/** Configuration for generating a converted hook */
+export interface HookConversionConfig {
+  /** Hook pack name (kebab-case) */
+  name: string;
+  /** Claude Code hook event to trigger on */
+  event: HookEvent;
+  /** Tool name matcher (e.g., 'Write|Edit', 'Bash') — only for PreToolUse/PostToolUse */
+  toolMatcher?: string;
+  // File glob patterns to match (e.g., ['**/marketing/**', '**/*.tsx'])
+  filePatterns?: string[];
+  /** Action level: remind (default), warn, or block */
+  action: ActionLevel;
+  /** Context message to inject when the hook fires */
+  message: string;
+  /** Optional description for the pack */
+  description?: string;
+}
+
+export const HOOK_EVENTS: HookEvent[] = [
+  'PreToolUse',
+  'PostToolUse',
+  'PreCompact',
+  'Notification',
+  'Stop',
+];
+export const ACTION_LEVELS: ActionLevel[] = ['remind', 'warn', 'block'];
+
+/**
+ * Generate a POSIX shell script for a converted hook.
+ * Reads JSON from stdin, matches tool/file patterns, outputs action JSON.
+ */
+export function generateHookScript(config: HookConversionConfig): string {
+  const lines: string[] = [
+    '#!/bin/sh',
+    `# Converted hook: ${config.name} (Soleri Hook Pack)`,
+    `# Event: ${config.event} | Action: ${config.action}`,
+    '#',
+    `# ${config.message}`,
+    '#',
+    '# Dependencies: jq (required)',
+    '# POSIX sh compatible.',
+    '',
+    'set -eu',
+    '',
+    'INPUT=$(cat)',
+    '',
+  ];
+
+  if (config.event === 'PreToolUse' || config.event === 'PostToolUse') {
+    // Tool-based hooks read tool_name and tool_input from stdin
+    lines.push('# Extract tool name and input from stdin JSON');
+    lines.push("TOOL_NAME=$(printf '%s' \"$INPUT\" | jq -r '.tool_name // empty' 2>/dev/null)");
+    lines.push('');
+
+    // Tool matcher
+    if (config.toolMatcher) {
+      lines.push('# Check tool name matcher');
+      lines.push(`case "$TOOL_NAME" in`);
+      // Split on | for case pattern matching
+      const tools = config.toolMatcher.split('|').map((t) => t.trim());
+      lines.push(`  ${tools.join('|')}) ;; # matched`);
+      lines.push('  *) exit 0 ;; # not a matching tool');
+      lines.push('esac');
+      lines.push('');
+    }
+
+    // File pattern matching
+    if (config.filePatterns && config.filePatterns.length > 0) {
+      lines.push('# Extract file path from tool input');
+      lines.push(
+        "FILE_PATH=$(printf '%s' \"$INPUT\" | jq -r '.tool_input.file_path // .tool_input.command // empty' 2>/dev/null)",
+      );
+      lines.push('');
+      lines.push('# Check file patterns');
+      lines.push('MATCHED=false');
+      for (const pattern of config.filePatterns) {
+        // Convert glob to grep-compatible regex
+        const regex = pattern.replace(/\*\*/g, '.*').replace(/\*/g, '[^/]*');
+        lines.push(`printf '%s' "$FILE_PATH" | grep -qE '${regex}' && MATCHED=true`);
+      }
+      lines.push('');
+      lines.push('if [ "$MATCHED" = false ]; then');
+      lines.push('  exit 0');
+      lines.push('fi');
+      lines.push('');
+    }
+  }
+
+  // Output the action
+  const escapedMessage = config.message.replace(/'/g, "'\\''");
+
+  if (config.action === 'block') {
+    lines.push('# Block the operation');
+    lines.push('jq -n \\');
+    lines.push(`  --arg msg '${escapedMessage}' \\`);
+    lines.push("  '{");
+    lines.push('    continue: false,');
+    lines.push('    stopReason: ("BLOCKED: " + $msg)');
+    lines.push("  }'");
+  } else if (config.action === 'warn') {
+    lines.push('# Warn — allow but inject context');
+    lines.push('jq -n \\');
+    lines.push(`  --arg msg '${escapedMessage}' \\`);
+    lines.push("  '{");
+    lines.push('    continue: true,');
+    lines.push('    message: ("WARNING: " + $msg)');
+    lines.push("  }'");
+  } else {
+    // remind (default)
+    lines.push('# Remind — inject context without blocking');
+    lines.push('jq -n \\');
+    lines.push(`  --arg msg '${escapedMessage}' \\`);
+    lines.push("  '{");
+    lines.push('    continue: true,');
+    lines.push('    message: ("REMINDER: " + $msg)');
+    lines.push("  }'");
+  }
+
+  return lines.join('\n') + '\n';
+}
+
+/**
+ * Generate a HookPackManifest for a converted hook.
+ */
+export function generateManifest(config: HookConversionConfig): HookPackManifest {
+  const script: HookPackScript = {
+    name: config.name,
+    file: `${config.name}.sh`,
+    targetDir: 'hooks',
+  };
+
+  const lifecycleHook: HookPackLifecycleHook = {
+    event: config.event,
+    matcher: config.toolMatcher ?? '',
+    type: 'command',
+    command: `sh ~/.claude/hooks/${config.name}.sh`,
+    timeout: 10,
+    statusMessage: config.message,
+  };
+
+  return {
+    name: config.name,
+    version: '1.0.0',
+    description: config.description ?? config.message,
+    hooks: [],
+    scripts: [script],
+    lifecycleHooks: [lifecycleHook],
+    actionLevel: config.action,
+  };
+}

package/src/hook-packs/flock-guard/README.md

@@ -0,0 +1,65 @@
+# flock-guard
+
+Parallel agent lock guard for Soleri. Prevents lockfile corruption when multiple agents run concurrently in worktrees of the same repository.
+
+## What it protects
+
+Intercepts commands that modify package manager lockfiles:
+
+| Package Manager | Commands                      |
+| --------------- | ----------------------------- |
+| npm             | `npm install`, `npm ci`       |
+| yarn            | `yarn`, `yarn install`        |
+| pnpm            | `pnpm install`                |
+| cargo           | `cargo build`, `cargo update` |
+| pip             | `pip install`, `pip3 install` |
+
+## How locking works
+
+1. **PreToolUse** hook fires before any Bash command
+2. If the command matches a lockfile-modifying pattern, the hook acquires a lock via `mkdir` (atomic on POSIX)
+3. Lock state is written to a JSON file inside the lock directory: agent ID, timestamp, command
+4. If another agent already holds the lock, the command is **blocked** with a descriptive error
+5. **PostToolUse** hook fires after the command completes and releases the lock
+
+### Lock path
+
+```
+/tmp/soleri-guard-<project-hash>.lock/lock.json
+```
+
+The project hash is derived from the git repository root path, so all worktrees of the same repository share the same lock. This is intentional — lockfile writes in any worktree can conflict at the npm/yarn cache level.
+
+### Reentrant locking
+
+If the same agent (identified by `CLAUDE_SESSION_ID` or PID) already holds the lock, the hook refreshes the timestamp and allows the command through. This prevents self-deadlock when chaining multiple install commands.
+
+### Stale lock detection
+
+Locks older than **30 seconds** are considered stale and automatically cleaned up. This handles the case where an agent crashes mid-install without releasing the lock.
+
+## Installation
+
+```bash
+soleri hooks add-pack flock-guard
+```
+
+## Troubleshooting
+
+### Stuck lock
+
+If a lock is stuck (agent crashed, machine rebooted mid-install), clear it manually:
+
+```bash
+rm -rf /tmp/soleri-guard-*.lock
+```
+
+### Checking lock status
+
+```bash
+cat /tmp/soleri-guard-*.lock/lock.json 2>/dev/null || echo "No active locks"
+```
+
+### Dependencies
+
+Requires `jq` to be installed and available on PATH.

package/src/hook-packs/flock-guard/manifest.json

@@ -0,0 +1,36 @@
+{
+  "name": "flock-guard",
+  "version": "1.0.0",
+  "description": "Parallel agent lock guard — prevents lockfile corruption when multiple agents run in worktrees by using atomic mkdir-based locking across PreToolUse/PostToolUse",
+  "hooks": [],
+  "scripts": [
+    {
+      "name": "flock-guard-pre",
+      "file": "flock-guard-pre.sh",
+      "targetDir": "hooks"
+    },
+    {
+      "name": "flock-guard-post",
+      "file": "flock-guard-post.sh",
+      "targetDir": "hooks"
+    }
+  ],
+  "lifecycleHooks": [
+    {
+      "event": "PreToolUse",
+      "matcher": "Bash",
+      "type": "command",
+      "command": "sh ~/.claude/hooks/flock-guard-pre.sh",
+      "timeout": 10,
+      "statusMessage": "Checking lockfile guard..."
+    },
+    {
+      "event": "PostToolUse",
+      "matcher": "Bash",
+      "type": "command",
+      "command": "sh ~/.claude/hooks/flock-guard-post.sh",
+      "timeout": 10,
+      "statusMessage": "Releasing lockfile guard..."
+    }
+  ]
+}

package/src/hook-packs/flock-guard/scripts/flock-guard-post.sh

@@ -0,0 +1,48 @@
+#!/bin/sh
+# Flock Guard — PostToolUse lock release (Soleri Hook Pack: flock-guard)
+# Releases the lock after a lockfile-modifying command completes.
+# Dependencies: jq
+# POSIX sh compatible.
+
+set -eu
+
+INPUT=$(cat)
+
+CMD=$(printf '%s' "$INPUT" | jq -r '.tool_input.command // empty' 2>/dev/null)
+if [ -z "$CMD" ]; then
+  exit 0
+fi
+
+# Strip quoted strings (same logic as pre script)
+STRIPPED=$(printf '%s' "$CMD" | sed -e "s/<<'[A-Za-z_]*'.*//g" -e 's/<<[A-Za-z_]*.*//g' 2>/dev/null || printf '%s' "$CMD")
+STRIPPED=$(printf '%s' "$STRIPPED" | sed 's/"[^"]*"//g' 2>/dev/null || printf '%s' "$STRIPPED")
+STRIPPED=$(printf '%s' "$STRIPPED" | sed "s/'[^']*'//g" 2>/dev/null || printf '%s' "$STRIPPED")
+
+# Check if command modifies lockfiles (same patterns as pre)
+IS_LOCKFILE_CMD=false
+printf '%s' "$STRIPPED" | grep -qE '(^|\s|;|&&|\|\|)npm\s+(install|ci)(\s|$|;)' && IS_LOCKFILE_CMD=true
+printf '%s' "$STRIPPED" | grep -qE '(^|\s|;|&&|\|\|)yarn(\s+install)?(\s|$|;)' && IS_LOCKFILE_CMD=true
+printf '%s' "$STRIPPED" | grep -qE '(^|\s|;|&&|\|\|)pnpm\s+install(\s|$|;)' && IS_LOCKFILE_CMD=true
+printf '%s' "$STRIPPED" | grep -qE '(^|\s|;|&&|\|\|)cargo\s+(build|update)(\s|$|;)' && IS_LOCKFILE_CMD=true
+printf '%s' "$STRIPPED" | grep -qE '(^|\s|;|&&|\|\|)pip[3]?\s+install(\s|$|;)' && IS_LOCKFILE_CMD=true
+
+if [ "$IS_LOCKFILE_CMD" = false ]; then
+  exit 0
+fi
+
+# Release lock
+PROJECT_ROOT=$(git rev-parse --show-toplevel 2>/dev/null || pwd)
+PROJECT_HASH=$(printf '%s' "$PROJECT_ROOT" | shasum | cut -c1-8)
+LOCK_DIR="${TMPDIR:-${TEMP:-/tmp}}/soleri-guard-${PROJECT_HASH}.lock"
+
+# Only release if we own it
+SESSION_ID="${CLAUDE_SESSION_ID:-$$}"
+if [ -f "$LOCK_DIR/lock.json" ]; then
+  LOCK_AGENT=$(jq -r '.agentId // ""' "$LOCK_DIR/lock.json" 2>/dev/null || echo "")
+  if [ "$LOCK_AGENT" = "$SESSION_ID" ]; then
+    rm -rf "$LOCK_DIR"
+  fi
+fi
+
+# PostToolUse never blocks
+exit 0

package/src/hook-packs/flock-guard/scripts/flock-guard-pre.sh

@@ -0,0 +1,85 @@
+#!/bin/sh
+# Flock Guard — PreToolUse lock acquisition (Soleri Hook Pack: flock-guard)
+# Acquires atomic mkdir-based lock before lockfile-modifying commands.
+# Dependencies: jq
+# POSIX sh compatible.
+
+set -eu
+
+INPUT=$(cat)
+
+# Extract command from stdin JSON
+CMD=$(printf '%s' "$INPUT" | jq -r '.tool_input.command // empty' 2>/dev/null)
+if [ -z "$CMD" ]; then
+  exit 0
+fi
+
+# Strip quoted strings to avoid false positives (same as anti-deletion.sh)
+STRIPPED=$(printf '%s' "$CMD" | sed -e "s/<<'[A-Za-z_]*'.*//g" -e 's/<<[A-Za-z_]*.*//g' 2>/dev/null || printf '%s' "$CMD")
+STRIPPED=$(printf '%s' "$STRIPPED" | sed 's/"[^"]*"//g' 2>/dev/null || printf '%s' "$STRIPPED")
+STRIPPED=$(printf '%s' "$STRIPPED" | sed "s/'[^']*'//g" 2>/dev/null || printf '%s' "$STRIPPED")
+
+# Check if command modifies lockfiles
+IS_LOCKFILE_CMD=false
+# npm install (but not npm run, npm test, etc.)
+printf '%s' "$STRIPPED" | grep -qE '(^|\s|;|&&|\|\|)npm\s+install(\s|$|;)' && IS_LOCKFILE_CMD=true
+printf '%s' "$STRIPPED" | grep -qE '(^|\s|;|&&|\|\|)npm\s+ci(\s|$|;)' && IS_LOCKFILE_CMD=true
+# yarn (bare yarn or yarn install)
+printf '%s' "$STRIPPED" | grep -qE '(^|\s|;|&&|\|\|)yarn(\s+install)?(\s|$|;)' && IS_LOCKFILE_CMD=true
+# pnpm install
+printf '%s' "$STRIPPED" | grep -qE '(^|\s|;|&&|\|\|)pnpm\s+install(\s|$|;)' && IS_LOCKFILE_CMD=true
+# cargo build / cargo update
+printf '%s' "$STRIPPED" | grep -qE '(^|\s|;|&&|\|\|)cargo\s+(build|update)(\s|$|;)' && IS_LOCKFILE_CMD=true
+# pip install
+printf '%s' "$STRIPPED" | grep -qE '(^|\s|;|&&|\|\|)pip[3]?\s+install(\s|$|;)' && IS_LOCKFILE_CMD=true
+
+if [ "$IS_LOCKFILE_CMD" = false ]; then
+  exit 0
+fi
+
+# Compute project-specific lock path
+PROJECT_ROOT=$(git rev-parse --show-toplevel 2>/dev/null || pwd)
+PROJECT_HASH=$(printf '%s' "$PROJECT_ROOT" | shasum | cut -c1-8)
+LOCK_DIR="${TMPDIR:-${TEMP:-/tmp}}/soleri-guard-${PROJECT_HASH}.lock"
+LOCK_JSON="$LOCK_DIR/lock.json"
+STALE_TIMEOUT=30
+SESSION_ID="${CLAUDE_SESSION_ID:-$$}"
+
+# Try to acquire lock (mkdir is atomic on POSIX)
+if mkdir "$LOCK_DIR" 2>/dev/null; then
+  # Lock acquired — write state
+  printf '{"agentId":"%s","timestamp":%d,"command":"%s"}' "$SESSION_ID" "$(date +%s)" "$CMD" > "$LOCK_JSON"
+  exit 0
+fi
+
+# Lock held — check staleness
+if [ -f "$LOCK_JSON" ]; then
+  LOCK_TIME=$(jq -r '.timestamp // 0' "$LOCK_JSON" 2>/dev/null || echo 0)
+  NOW=$(date +%s)
+  AGE=$((NOW - LOCK_TIME))
+
+  LOCK_AGENT=$(jq -r '.agentId // "unknown"' "$LOCK_JSON" 2>/dev/null || echo "unknown")
+
+  # Same agent — allow reentry
+  if [ "$LOCK_AGENT" = "$SESSION_ID" ]; then
+    # Refresh timestamp
+    printf '{"agentId":"%s","timestamp":%d,"command":"%s"}' "$SESSION_ID" "$NOW" "$CMD" > "$LOCK_JSON"
+    exit 0
+  fi
+
+  # Stale lock — clean and retry
+  if [ "$AGE" -gt "$STALE_TIMEOUT" ]; then
+    rm -rf "$LOCK_DIR"
+    if mkdir "$LOCK_DIR" 2>/dev/null; then
+      printf '{"agentId":"%s","timestamp":%d,"command":"%s"}' "$SESSION_ID" "$NOW" "$CMD" > "$LOCK_JSON"
+      exit 0
+    fi
+  fi
+fi
+
+# Lock held by another active agent — block
+LOCK_AGENT=$(jq -r '.agentId // "another agent"' "$LOCK_JSON" 2>/dev/null || echo "another agent")
+jq -n --arg agent "$LOCK_AGENT" '{
+  continue: false,
+  stopReason: ("BLOCKED: Another agent (" + $agent + ") is modifying lockfiles. Wait for it to finish, then retry. Lock auto-expires after 30s if the agent crashes.")
+}'

package/src/hook-packs/full/manifest.json

@@ -12,5 +12,12 @@
     "ux-touch-targets",
     "no-ai-attribution"
   ],
-  "composedFrom": ["typescript-safety", "a11y", "css-discipline", "clean-commits", "yolo-safety"]
+  "composedFrom": [
+    "typescript-safety",
+    "a11y",
+    "css-discipline",
+    "clean-commits",
+    "safety",
+    "yolo-safety"
+  ]
 }

package/src/hook-packs/graduation.ts

@@ -0,0 +1,65 @@
+/**
+ * Hook pack graduation — promote/demote action levels.
+ * remind → warn → block (promote)
+ * block → warn → remind (demote)
+ */
+import { writeFileSync } from 'node:fs';
+import { join } from 'node:path';
+import { getPack } from './registry.js';
+import type { HookPackManifest } from './registry.js';
+
+const LEVELS = ['remind', 'warn', 'block'] as const;
+type ActionLevel = (typeof LEVELS)[number];
+
+export interface GraduationResult {
+  packName: string;
+  previousLevel: ActionLevel;
+  newLevel: ActionLevel;
+  manifestPath: string;
+}
+
+function getCurrentLevel(manifest: HookPackManifest): ActionLevel {
+  const level = manifest.actionLevel;
+  if (level && (LEVELS as readonly string[]).includes(level)) return level as ActionLevel;
+  return 'remind'; // default
+}
+
+export function promotePack(packName: string): GraduationResult {
+  const pack = getPack(packName);
+  if (!pack) throw new Error(`Unknown hook pack: "${packName}"`);
+
+  const manifestPath = join(pack.dir, 'manifest.json');
+  const manifest = pack.manifest;
+  const current = getCurrentLevel(manifest);
+  const currentIndex = LEVELS.indexOf(current);
+
+  if (currentIndex >= LEVELS.length - 1) {
+    throw new Error(`Pack "${packName}" is already at maximum level: ${current}`);
+  }
+
+  const newLevel = LEVELS[currentIndex + 1];
+  manifest.actionLevel = newLevel;
+  writeFileSync(manifestPath, JSON.stringify(manifest, null, 2) + '\n', 'utf-8');
+
+  return { packName, previousLevel: current, newLevel, manifestPath };
+}
+
+export function demotePack(packName: string): GraduationResult {
+  const pack = getPack(packName);
+  if (!pack) throw new Error(`Unknown hook pack: "${packName}"`);
+
+  const manifestPath = join(pack.dir, 'manifest.json');
+  const manifest = pack.manifest;
+  const current = getCurrentLevel(manifest);
+  const currentIndex = LEVELS.indexOf(current);
+
+  if (currentIndex <= 0) {
+    throw new Error(`Pack "${packName}" is already at minimum level: ${current}`);
+  }
+
+  const newLevel = LEVELS[currentIndex - 1];
+  manifest.actionLevel = newLevel;
+  writeFileSync(manifestPath, JSON.stringify(manifest, null, 2) + '\n', 'utf-8');
+
+  return { packName, previousLevel: current, newLevel, manifestPath };
+}

package/src/hook-packs/installer.ts

@@ -195,7 +195,9 @@ export function installPack(
     mkdirSync(destDir, { recursive: true });
     const destPath = join(destDir, file);
     copyFileSync(sourcePath, destPath);
-    chmodSync(destPath, 0o755);
+    if (process.platform !== 'win32') {
+      chmodSync(destPath, 0o755);
+    }
     installedScripts.push(`${targetDir}/${file}`);
   }
   const lcHooks = resolveLifecycleHooks(packName);

package/src/hook-packs/marketing-research/README.md

@@ -0,0 +1,37 @@
+# Marketing Research Hook Pack
+
+Example hook demonstrating the skill-to-hook conversion workflow. Automatically reminds you to check brand guidelines and A/B testing data when editing marketing files.
+
+## Conversion Score
+
+| Dimension         | Score | Rationale                                                   |
+| ----------------- | ----- | ----------------------------------------------------------- |
+| Frequency         | HIGH  | 4+ manual checks per session when editing marketing content |
+| Event Correlation | HIGH  | Always triggers on Write/Edit to marketing files            |
+| Determinism       | HIGH  | Lookups and context injection, not creative guidance        |
+| Autonomy          | HIGH  | No interactive decisions needed                             |
+
+**Score: 4/4 — Strong candidate**
+
+## Install
+
+```bash
+soleri hooks add-pack marketing-research
+```
+
+## What It Does
+
+Fires on `Write` and `Edit` tool calls when the target file matches marketing patterns:
+
+- `**/marketing/**`
+- `**/*marketing*`
+- `**/campaign*/**`
+
+Injects a reminder with brand guidelines context. Does not block — action level is `remind`.
+
+## Graduation
+
+```bash
+soleri hooks promote marketing-research   # remind → warn
+soleri hooks promote marketing-research   # warn → block
+```

package/src/hook-packs/marketing-research/manifest.json

@@ -0,0 +1,24 @@
+{
+  "name": "marketing-research",
+  "version": "1.0.0",
+  "description": "Auto-research hook for marketing files — reminds to check brand guidelines, A/B testing data, and audience segmentation before editing marketing content",
+  "hooks": [],
+  "scripts": [
+    {
+      "name": "marketing-research",
+      "file": "marketing-research.sh",
+      "targetDir": "hooks"
+    }
+  ],
+  "lifecycleHooks": [
+    {
+      "event": "PreToolUse",
+      "matcher": "Write|Edit",
+      "type": "command",
+      "command": "sh ~/.claude/hooks/marketing-research.sh",
+      "timeout": 10,
+      "statusMessage": "Checking marketing context..."
+    }
+  ],
+  "actionLevel": "remind"
+}

package/src/hook-packs/marketing-research/scripts/marketing-research.sh

@@ -0,0 +1,70 @@
+#!/bin/sh
+# Marketing Research Hook for Claude Code (Soleri Hook Pack: marketing-research)
+# PreToolUse -> Write|Edit: reminds to check brand guidelines, A/B testing data,
+# and audience segmentation before editing marketing content.
+#
+# Matched file patterns:
+#   - **/marketing/**
+#   - **/*marketing*
+#   - **/campaign*/**
+#
+# Dependencies: jq (required)
+# POSIX sh compatible — no bash-specific features.
+
+set -eu
+
+INPUT=$(cat)
+
+# Extract tool name
+TOOL_NAME=$(printf '%s' "$INPUT" | jq -r '.tool_name // empty' 2>/dev/null)
+
+# Only act on Write or Edit
+case "$TOOL_NAME" in
+  Write|Edit) ;;
+  *) exit 0 ;;
+esac
+
+# Extract file_path from tool_input
+FILE_PATH=$(printf '%s' "$INPUT" | jq -r '.tool_input.file_path // empty' 2>/dev/null)
+
+# No file path — let it through
+if [ -z "$FILE_PATH" ]; then
+  exit 0
+fi
+
+# Check if file matches marketing patterns
+IS_MARKETING=false
+
+# Pattern: **/marketing/** — file is inside a marketing directory
+case "$FILE_PATH" in
+  */marketing/*) IS_MARKETING=true ;;
+esac
+
+# Pattern: **/*marketing* — filename or path component contains "marketing"
+if [ "$IS_MARKETING" = false ]; then
+  BASENAME=$(basename "$FILE_PATH")
+  case "$BASENAME" in
+    *marketing*) IS_MARKETING=true ;;
+  esac
+fi
+
+# Pattern: **/campaign*/** — file is inside a campaign* directory
+if [ "$IS_MARKETING" = false ]; then
+  # Check if any path component starts with "campaign"
+  if printf '%s' "$FILE_PATH" | grep -qE '/(campaign[^/]*)/'; then
+    IS_MARKETING=true
+  fi
+fi
+
+# Not a marketing file — let it through
+if [ "$IS_MARKETING" = false ]; then
+  exit 0
+fi
+
+# Output remind JSON
+jq -n \
+  --arg file "$FILE_PATH" \
+  '{
+    continue: true,
+    message: ("Marketing file detected: " + $file + "\n\nBefore editing, consider checking:\n- Brand guidelines — tone, voice, approved terminology\n- A/B testing data — what messaging has performed well\n- Audience segmentation — who is the target for this content\n- Campaign calendar — timing and coordination with other assets")
+  }'

package/src/hook-packs/registry.ts

@@ -30,6 +30,7 @@ export interface HookPackManifest {
   scripts?: HookPackScript[];
   lifecycleHooks?: HookPackLifecycleHook[];
   source?: 'built-in' | 'local';
+  actionLevel?: 'remind' | 'warn' | 'block';
 }
 
 const __filename = fileURLToPath(import.meta.url);
@@ -97,7 +98,9 @@ export function getPack(name: string): { manifest: HookPackManifest; dir: string
 export function getInstalledPacks(): string[] {
   const claudeDir = join(homedir(), '.claude');
   const packs = listPacks();
-  const installed: string[] = [];
+  const installed = new Set<string>();
+
+  // First pass: detect directly installed packs (hooks or scripts)
   for (const pack of packs) {
     if (pack.hooks.length === 0) {
       if (pack.scripts && pack.scripts.length > 0) {
@@ -105,7 +108,7 @@ export function getInstalledPacks(): string[] {
           existsSync(join(claudeDir, script.targetDir, script.file)),
         );
         if (allScripts) {
-          installed.push(pack.name);
+          installed.add(pack.name);
         }
       }
       continue;
@@ -114,8 +117,19 @@ export function getInstalledPacks(): string[] {
       existsSync(join(claudeDir, `hookify.${hook}.local.md`)),
     );
     if (allPresent) {
-      installed.push(pack.name);
+      installed.add(pack.name);
     }
   }
-  return installed;
+
+  // Second pass: composed packs are installed if all sub-packs are installed
+  for (const pack of packs) {
+    if (pack.composedFrom && pack.composedFrom.length > 0 && !installed.has(pack.name)) {
+      const allSubsInstalled = pack.composedFrom.every((sub) => installed.has(sub));
+      if (allSubsInstalled) {
+        installed.add(pack.name);
+      }
+    }
+  }
+
+  return Array.from(installed);
 }