@torka/claude-qol 0.4.0 → 0.4.1

package/README.md

@@ -174,6 +174,20 @@ Edit `.claude/scripts/auto_approve_safe.rules.json`:
 }
 ```
 
+#### Rules Lint (optional)
+
+Check for invalid, duplicate, or dead patterns in the hook rules:
+
+```bash
+python3 vt-claude-qol/hooks/auto_approve_safe_rules_check.py
+```
+
+By default this checks `vt-claude-qol/hooks/auto_approve_safe.rules.json`. To lint the installed copy, pass it explicitly:
+
+```bash
+python3 vt-claude-qol/hooks/auto_approve_safe_rules_check.py .claude/scripts/auto_approve_safe.rules.json
+```
+
 ### Context Monitor
 
 Status line script showing:

package/hooks/auto_approve_safe.py

@@ -85,7 +85,7 @@ def split_compound_shell_command(command: str) -> list[str]:
     if not command:
         return []
     # Common patterns produced by agents: `cd x && pnpm test`, `cmd1; cmd2`
-    return [p.strip() for p in re.split(r"\s*(?:&&|;)\s*", command) if p.strip()]
+    return [p.strip() for p in re.split(r"\s*(?:&&|;|\|)\s*", command) if p.strip()]
 
 
 def is_shell_file_read_command(command: str) -> bool:
@@ -212,6 +212,8 @@ def make_decision(tool_name: str, tool_input: dict, rules: dict) -> tuple[str, s
 
 def output_decision(decision: str, reason: str) -> None:
     """Output the hook decision in Claude Code's expected format."""
+    if decision == "ask":
+        return  # No output = defer to Claude Code's internal permission system
     output = {
         "hookSpecificOutput": {
             "hookEventName": "PreToolUse",

package/hooks/auto_approve_safe.rules.json

@@ -1,38 +1,31 @@
 {
+  "_doc_allow": "Groups: system info, file reading, version checks, git, node/npm/yarn/pnpm, python, rust/go, search/text tools, network (localhost only), filesystem, github CLI, process management, background tasks",
+  "_doc_deny": "Blocks: privilege escalation, destructive rm, system modification, fork bombs, pipe-to-shell, mass kill, xargs rm, netcat, crontab",
+  "_doc_sensitive": "Protects: env files, crypto keys, SSH, cloud credentials, package registry configs, secrets/tokens, Docker/K8s configs",
+
   "allow_patterns": [
-    "^pwd$",
-    "^whoami$",
-    "^date$",
+    "^(pwd|whoami|date)$",
     "^uname(\\s+-a)?$",
     "^which\\s+\\S+$",
-    "^echo\\s+",
+    "^echo\\s+[^|;&]+$",
 
+    "^(cat|head|tail|wc|less|file|stat|du|df)\\s+[^|;&]+$",
     "^ls(\\s+.*)?$",
-    "^cat\\s+",
-    "^head\\s+",
-    "^tail\\s+",
-    "^wc\\s+",
-    "^less\\s+",
-    "^file\\s+",
-    "^stat\\s+",
-    "^du\\s+",
-    "^df\\s+",
     "^tree(\\s+.*)?$",
 
-    "^python(3)?\\s+--version$",
-    "^node\\s+--version$",
-    "^npm\\s+--version$",
-    "^pnpm\\s+--version$",
-    "^yarn\\s+--version$",
-    "^uv\\s+--version$",
+    "^(python(3)?|node|npm|pnpm|yarn|uv)\\s+--version$",
 
-    "^git\\s+(status|diff|log|show|branch|remote|stash\\s+list)(\\s+.*)?$",
-    "^git\\s+-C\\s+[^|;&]+\\s+(status|diff|log|show|branch)(\\s+.*)?$",
-    "^git\\s+-C\\s+[^|;&]+\\s+(add|commit|checkout|fetch|pull|push)(\\s+.*)?$",
+    "^git\\s+-C\\s+[^|;&]+\\s+(status|diff|log|show|branch|add|commit|checkout|fetch|pull|push)(\\s+.*)?$",
+    "^git\\s+(status|diff|log|show|branch|remote|add|commit|checkout|fetch|pull|push|worktree|merge|rebase|tag|switch|restore|rev-parse|ls-files|check-ignore|update-index|stash\\s+(list|push|pop|drop|apply))(\\s+.*)?$",
     "^git\\s+rm\\s+[^|;&]+$",
+    "^git\\s+rev-list\\s+[^|;&]+$",
+    "^git\\s+ls-tree\\s+[^|;&]+\\s*\\|\\s*(grep|head|tail|wc)[^|;&]*$",
+    "^git\\s+commit\\s+-m\\s+\"\\$\\(cat\\s+<<'?EOF'?",
+    "^git\\s+stash(\\s+--include-untracked|\\s+--all|\\s+-u|\\s+-a)?(\\s+-m\\s+.*)?$",
 
     "^pnpm\\s+(test|run\\s+(test|lint|typecheck|type-check|check|build|dev|start)|install|i|add|remove)(\\s+.*)?$",
-    "^npm\\s+(test|run\\s+(test|lint|lint:fix|typecheck|type-check|check|check-types|build|dev|dev:next|start)|install|i|ci)(\\s+.*)?$",
+    "^npm\\s+(test|install|i|ci)(\\s+.*)?$",
+    "^npm\\s+run\\s+[\\w:-]+(\\s+[^|;&]*)?(\\s*2>&1)?(\\s*&)?$",
     "^npm\\s+whoami$",
     "^npm\\s+list(\\s+(-g|--global))?(\\s+[\\w@/-]+)?$",
     "^npm\\s+ls(\\s+[\\w@/-]+)*$",
@@ -40,8 +33,8 @@
     "^npm\\s+pack\\s+[\\w@/-]+\\s+--dry-run",
     "^yarn\\s+(test|lint|typecheck|type-check|check|build|dev|start|install|add|remove)(\\s+.*)?$",
     "^npx\\s+(tsc|eslint|prettier|vitest|jest)(\\s+.*)?$",
-    "^npx\\s+tsx\\s+[^|;&]+$",
-    "^npx\\s+shadcn@latest\\s+(add|init)(\\s+[\\w@/-]+)*(\\s+--yes)?$",
+    "^npx\\s+shadcn@latest\\s+(add|init)(\\s+[\\w@/-]+)*(\\s+--yes)?(\\s+2>&1)?$",
+    "^(PORT=\\d+\\s+)?npx\\s+playwright\\s+(test|install)\\b",
 
     "^pytest(\\s+.*)?$",
     "^python(3)?\\s+-m\\s+pytest(\\s+.*)?$",
@@ -56,60 +49,45 @@
     "^cargo\\s+(check|test|clippy|fmt\\s+--check|build)(\\s+.*)?$",
     "^go\\s+(test|vet|fmt|build)(\\s+.*)?$",
 
-    "^jq\\s+",
-    "^grep\\s+",
-    "^rg\\s+",
-    "^find\\s+",
-    "^fd\\s+",
-    "^ag\\s+",
-    "^awk\\s+",
-    "^sed\\s+-n\\s+",
-    "^sort(\\s+.*)?$",
-    "^uniq(\\s+.*)?$",
-    "^cut\\s+",
-    "^tr\\s+",
-    "^diff\\s+",
-    "^comm\\s+",
+    "^(jq|grep|rg|fd|ag|awk|cut|tr|diff|comm)\\s+[^|;&]+$",
+    "^find\\s+(?!.*-exec)[^|;&]+$",
+    "^sed\\s+-n\\s+[^|;&]+$",
+    "^(sort|uniq)(\\s+.*)?$",
 
     "^curl\\s+.*--head",
     "^curl\\s+-I\\s+",
     "^ping\\s+-c\\s+\\d+\\s+",
-    "^dig\\s+",
-    "^nslookup\\s+",
-    "^host\\s+",
+    "^(dig|nslookup|host)\\s+",
 
     "^mkdir(\\s+.*)?$",
-    "^touch\\s+",
-    "^cp\\s+",
-    "^mv\\s+",
+    "^touch\\s+[^|;&]+$",
+    "^(cp|mv)\\s+[^|;&]+$",
     "^rmdir\\s+[^|;&]+$",
 
-    "^git\\s+(add|commit|checkout|fetch|pull|push|worktree|merge|rebase|stash\\s+(push|pop|drop|apply)|tag|switch|restore)(\\s+.*)?$",
-
     "^gh\\s+(pr|issue|repo|release|workflow|run|api|auth)(\\s+.*)?$",
-
-    "^git\\s+add\\s+[^|;&]+\\s*&&\\s*git\\s+commit\\s+-m\\s+",
-    
-    "^git\\s+rev-parse(\\s+.*)?$",
-    "^git\\s+stash(\\s+--include-untracked|\\s+--all|\\s+-u|\\s+-a)?(\\s+-m\\s+.*)?$",
-    "^git\\s+rev-list\\s+[^|;&]+$",
-    "^git\\s+ls-files(\\s+.*)?$",
-    "^git\\s+check-ignore(\\s+.*)?$",
-    "^git\\s+update-index(\\s+.*)?$",
-
-    "^test\\s+(-[dfeL])\\s+[^|;&]+\\s+(&&|\\|\\|)\\s+echo\\s+",
     "^npm\\s+update\\s+[@\\w/-]+$",
 
-    "^sleep\\s+\\d+$",
+    "^sleep\\s+[0-9.]+$",
 
-    "^chmod\\s+[0-6][0-7][0-7]\\s+",
+    "^chmod\\s+[0-6][0-7][0-7]\\s+[^|;&]+$",
 
     "^lsof\\s+(-[a-zA-Z]+\\s+)*-?i\\s*[:\\d]+",
+    "^lsof\\s+-ti:\\d+(\\s+2>/dev/null)?$",
     "^npm\\s+run\\s+clean(\\s+.*)?$",
     "^npm\\s+(dedupe|cache\\s+clean)(\\s+.*)?$",
-    "^curl\\s+(-[sIo]+\\s+)*https?://localhost[:/][^|;&]*$",
-    "^curl\\s+[^|;&]*http://localhost[:/][^|;&]*$",
-    "^pgrep\\s+"
+
+    "^curl\\s+(-[a-zA-Z]+\\s+)*https?://localhost[:/][^|;&]*(\\s*2>&1)?(\\s*2>/dev/null)?$",
+    "^curl\\s+-X\\s+(POST|GET|PUT|DELETE)\\s+['\"]?https?://localhost[:/][^|;&]*$",
+    "^curl\\s+-s\\s+-o\\s+/dev/null\\s+-w\\s+[^|;&]*https?://localhost[^|;&]*$",
+
+    "^pgrep\\s+[^|;&]+$",
+    "^ps\\s+aux.*$",
+
+    "^npm\\s+run\\s+dev(\\s+--\\s+-p\\s+\\d+)?\\s*(>\\s*(/tmp/[^|;&]+|/dev/null)\\s+)?2>&1\\s*&$",
+
+    "^test\\s+-[dfeL]\\s+[^|;&]+$",
+
+    "^xxd\\s+[^|;&]+$"
   ],
 
   "deny_patterns": [
@@ -117,7 +95,8 @@
     "^doas\\b",
     "(?<!git\\s)\\brm\\s+.*(-r|-rf|-fr|--recursive)",
     "(?<!git\\s)\\brm\\s+-[^\\s]*r",
-    "^rm\\s+/",
+    "^rm\\s+/$",
+    "^rm\\s+/(etc|usr|var|bin|sbin|lib|boot|dev|proc|sys|root|home)\\b",
     "\\bmkfs\\.",
     "\\bdd\\b.*\\bof=",
     "\\bshutdown\\b",
@@ -134,12 +113,15 @@
     "\\bfork\\s*bomb",
     "\\bkill\\s+-9\\s+-1",
     "\\bpkill\\s+-9",
-    "\\bkillall\\b"
+    "\\bkillall\\b",
+    "\\bxargs\\b.*\\brm\\b",
+    "\\b(nc|ncat|netcat)\\b",
+    "\\bcrontab\\s+-[er]"
   ],
 
   "sensitive_paths": [
-    "\\.env$",
-    "\\.env\\.",
+    "\\.env(?!\\.example)$",
+    "\\.env\\.(?!example)",
     "\\.pem$",
     "\\.key$",
     "\\.crt$",
@@ -161,6 +143,8 @@
     "\\.netrc$",
     "\\bsecrets?\\b",
     "\\bpassw(?:ord)?s?\\.(txt|json|env|yaml|yml|ini|conf|cfg)$",
-    "\\btoken"
+    "\\btokens?\\b",
+    "\\.docker/config\\.json",
+    "\\.kube/config"
   ]
 }

package/hooks/auto_approve_safe_rules_check.py

@@ -0,0 +1,166 @@
+#!/usr/bin/env python3
+"""
+Lint auto_approve_safe rules for duplicates, invalid regex, and likely-dead patterns.
+
+Usage:
+  python3 vt-claude-qol/hooks/auto_approve_safe_rules_check.py [path ...]
+"""
+
+from __future__ import annotations
+
+import json
+import re
+import sys
+from pathlib import Path
+from typing import Iterable
+
+
+DEFAULT_RULES = [
+    Path(__file__).resolve().parent / "auto_approve_safe.rules.json",
+]
+
+
+def load_rules(path: Path) -> dict:
+    with path.open(encoding="utf-8") as f:
+        return json.load(f)
+
+
+def iter_patterns(rules: dict) -> Iterable[tuple[str, str]]:
+    for key in ("allow_patterns", "deny_patterns", "sensitive_paths"):
+        for pattern in rules.get(key, []):
+            yield key, pattern
+
+
+def compile_patterns(section: str, patterns: list[str]) -> list[str]:
+    errors: list[str] = []
+    flags = re.IGNORECASE if section in ("allow_patterns", "deny_patterns") else 0
+    for pattern in patterns:
+        try:
+            re.compile(pattern, flags)
+        except re.error as exc:
+            errors.append(f"{section}: {pattern} -> {exc}")
+    return errors
+
+
+def find_duplicates(patterns: list[str]) -> list[str]:
+    seen: dict[str, int] = {}
+    dups: list[str] = []
+    for pattern in patterns:
+        seen[pattern] = seen.get(pattern, 0) + 1
+    for pattern, count in sorted(seen.items()):
+        if count > 1:
+            dups.append(f"{pattern} (x{count})")
+    return dups
+
+
+def find_dead_by_split(patterns: list[str]) -> list[str]:
+    """Flag patterns containing literal && or ; outside character classes."""
+    dead: list[str] = []
+    for pattern in patterns:
+        # Strip character classes [...]  before checking for && / ;
+        stripped = re.sub(r"\[.*?\]", "", pattern)
+        if "&&" in stripped or re.search(r"(?<!\\);", stripped):
+            dead.append(pattern)
+    return dead
+
+
+def extract_command_heads(pattern: str) -> set[str]:
+    """
+    Heuristic extraction of leading command(s) for overlap checks.
+    Handles ^cmd and ^(cmd1|cmd2|...)\\s+ forms.
+    """
+    if not pattern.startswith("^"):
+        return set()
+
+    group_match = re.match(r"^\^\(([^)]+)\)\\s+", pattern)
+    if group_match:
+        heads = set()
+        for token in group_match.group(1).split("|"):
+            token = token.strip()
+            if re.fullmatch(r"[A-Za-z0-9_-]+", token):
+                heads.add(token)
+        return heads
+
+    word_match = re.match(r"^\^([A-Za-z0-9_-]+)\\b", pattern)
+    if word_match:
+        return {word_match.group(1)}
+
+    return set()
+
+
+def find_potential_overlaps(patterns: list[str]) -> list[str]:
+    """
+    Conservative, heuristic warnings: flags permissive patterns that may
+    subsume more specific ones for the same command head.
+    """
+    by_head: dict[str, list[str]] = {}
+    for pattern in patterns:
+        for head in extract_command_heads(pattern):
+            by_head.setdefault(head, []).append(pattern)
+
+    warnings: list[str] = []
+    permissive_markers = (".*", "(\\s+.*)?")
+    for head, group in sorted(by_head.items()):
+        permissive = [p for p in group if any(m in p for m in permissive_markers)]
+        if permissive and len(group) > 1:
+            warnings.append(
+                f"{head}: permissive patterns may overlap others -> "
+                + ", ".join(permissive)
+            )
+    return warnings
+
+
+def main() -> int:
+    paths = [Path(p) for p in sys.argv[1:]] or DEFAULT_RULES
+    any_fail = False
+
+    for path in paths:
+        if not path.exists():
+            print(f"[missing] {path}")
+            any_fail = True
+            continue
+
+        rules = load_rules(path)
+        print(f"\n== {path} ==")
+
+        for section in ("allow_patterns", "deny_patterns", "sensitive_paths"):
+            patterns = rules.get(section, [])
+            errors = compile_patterns(section, patterns)
+            if errors:
+                any_fail = True
+                print(f"[invalid regex] {section}")
+                for err in errors:
+                    print(f"  - {err}")
+
+            dups = find_duplicates(patterns)
+            if dups:
+                print(f"[duplicates] {section}")
+                for dup in dups:
+                    print(f"  - {dup}")
+
+        allow = rules.get("allow_patterns", [])
+        dead = find_dead_by_split(allow)
+        if dead:
+            print("[dead by split] allow_patterns")
+            for pattern in dead:
+                print(f"  - {pattern}")
+
+        overlaps = find_potential_overlaps(allow)
+        if overlaps:
+            print("[possible overlaps] allow_patterns")
+            for warning in overlaps:
+                print(f"  - {warning}")
+
+        allow_set = set(allow)
+        deny_set = set(rules.get("deny_patterns", []))
+        both = sorted(allow_set & deny_set)
+        if both:
+            print("[allow/deny conflict]")
+            for pattern in both:
+                print(f"  - {pattern}")
+
+    return 1 if any_fail else 0
+
+
+if __name__ == "__main__":
+    raise SystemExit(main())

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@torka/claude-qol",
-  "version": "0.4.0",
+  "version": "0.4.1",
   "description": "Claude Code quality-of-life improvements: auto-approve hooks, context monitoring, and status line enhancements",
   "keywords": [
     "claude-code",