@spardutti/claude-skills 1.27.2 → 1.27.3

package/lib/setup-hook.mjs

@@ -2,21 +2,24 @@ import { mkdir, writeFile, readFile, chmod } from "node:fs/promises";
 import { join, resolve } from "node:path";
 
 // PreToolUse gate on Write|Edit|MultiEdit. Blocks the tool call unless
-// the assistant has emitted the literal sentinel [skills-checked] since
-// the most recent user prompt. Resets every user turn, runs once per
-// turn (subsequent edits in the same turn pass through).
+// a per-prompt marker file exists at $PROJECT_DIR/.claude/.skill-gate-<UUID>,
+// where <UUID> is the uuid of the most recent typed user prompt. The
+// assistant creates the marker via Bash; Bash output is flushed
+// synchronously, so the marker is race-free against the message-buffering
+// behavior that broke the earlier text-sentinel approach (Claude Code
+// writes assistant content blocks to JSONL only after the turn completes,
+// so [skills-checked] text emitted in the same message as a tool_use is
+// invisible to PreToolUse).
+//
+// LAST_PROMPT_UUID is detected by matching user-role lines whose content
+// is a JSON string ("role":"user","content":"..."), which excludes
+// tool_results, skill loads, task notifications, and slash-command
+// payloads (all of which use array content).
 //
 // Pass-through cases:
 //   - project has no .claude/skills/*/SKILL.md files
 //   - transcript_path missing or unreadable
-//   - no user prompt found in transcript
-//
-// LAST_PROMPT is detected by matching user-role lines whose content is
-// a JSON string ("role":"user","content":"..."), which excludes
-// tool_results, skill loads, task notifications, and slash-command
-// payloads (all of which use array content). The sentinel scan also
-// excludes tool_result lines so the gate's own deny message — which
-// embeds the literal sentinel — cannot self-satisfy.
+//   - no typed user prompt found in transcript
 const GATE_SCRIPT = `#!/bin/bash
 # PreToolUse gate: forces skill evaluation before file-writing tools run.
 
@@ -34,17 +37,21 @@ if [ -z "$TRANSCRIPT" ] || [ ! -f "$TRANSCRIPT" ]; then
   exit 0
 fi
 
-LAST_PROMPT=$(grep -nE '"role":"user","content":"' "$TRANSCRIPT" 2>/dev/null | tail -1 | cut -d: -f1)
-if [ -z "$LAST_PROMPT" ]; then
+LAST_LINE=$(grep -E '"role":"user","content":"' "$TRANSCRIPT" 2>/dev/null | tail -1)
+LAST_PROMPT_UUID=$(printf '%s' "$LAST_LINE" | grep -o '"uuid":"[^"]*"' | head -1 | sed 's/"uuid":"//;s/"$//')
+if [ -z "$LAST_PROMPT_UUID" ]; then
   exit 0
 fi
 
-if tail -n +"$LAST_PROMPT" "$TRANSCRIPT" | grep -v '"type":"tool_result"' | grep -qF '[skills-checked]'; then
+MARKER_DIR="$PROJECT_DIR/.claude"
+MARKER="$MARKER_DIR/.skill-gate-$LAST_PROMPT_UUID"
+if [ -f "$MARKER" ]; then
+  find "$MARKER_DIR" -maxdepth 1 -name '.skill-gate-*' ! -name ".skill-gate-$LAST_PROMPT_UUID" -delete 2>/dev/null
   exit 0
 fi
 
-cat <<'EOF'
-{"hookSpecificOutput":{"hookEventName":"PreToolUse","permissionDecision":"deny","permissionDecisionReason":"Skill evaluation required before writing or editing code. List each available skill as ACTIVATE or SKIP with a one-line reason, call Skill() for any ACTIVATE entries, then emit the literal token [skills-checked] (square brackets included) on its own line. Then retry the tool call."}}
+cat <<EOF
+{"hookSpecificOutput":{"hookEventName":"PreToolUse","permissionDecision":"deny","permissionDecisionReason":"Skill evaluation required before file edits. (1) List each available skill as ACTIVATE or SKIP with a one-line reason. (2) Call Skill() for any ACTIVATE entries. (3) Run this exact Bash command to record approval: mkdir -p .claude && touch .claude/.skill-gate-$LAST_PROMPT_UUID  (4) Then retry the file edit. The marker is unique to this user prompt and is auto-cleaned on the next prompt."}}
 EOF
 exit 0
 `;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@spardutti/claude-skills",
-  "version": "1.27.2",
+  "version": "1.27.3",
   "description": "CLI to install Claude Code skills from the claude-skills collection",
   "type": "module",
   "bin": {