@usevalt/cli 0.1.0 → 0.2.0

package/dist/index.js

@@ -1,7 +1,13 @@
 #!/usr/bin/env node
+var __require = /* @__PURE__ */ ((x) => typeof require !== "undefined" ? require : typeof Proxy !== "undefined" ? new Proxy(x, {
+  get: (a, b) => (typeof require !== "undefined" ? require : a)[b]
+}) : x)(function(x) {
+  if (typeof require !== "undefined") return require.apply(this, arguments);
+  throw Error('Dynamic require of "' + x + '" is not supported');
+});
 
 // src/index.ts
-import { Command as Command13 } from "commander";
+import { Command as Command15 } from "commander";
 
 // src/commands/init.ts
 import { Command } from "commander";
@@ -9,6 +15,13 @@ import { Command } from "commander";
 // src/lib/config.ts
 import { readFileSync, writeFileSync, existsSync } from "fs";
 import { resolve } from "path";
+import { z } from "zod";
+var configSchema = z.object({
+  apiKey: z.string().optional(),
+  endpoint: z.string().url().optional(),
+  projectId: z.string().optional(),
+  projectSlug: z.string().optional()
+}).passthrough();
 var CONFIG_FILE = ".valtrc.json";
 function findConfigPath(startDir = process.cwd()) {
   let dir = startDir;
@@ -24,7 +37,13 @@ function readConfig(dir = process.cwd()) {
   const path = findConfigPath(dir);
   if (!path) return {};
   try {
-    return JSON.parse(readFileSync(path, "utf-8"));
+    const raw = JSON.parse(readFileSync(path, "utf-8"));
+    const parsed = configSchema.safeParse(raw);
+    if (!parsed.success) {
+      console.warn(`[valt] Invalid config in ${path}: ${parsed.error.message}`);
+      return {};
+    }
+    return parsed.data;
   } catch {
     return {};
   }
@@ -91,8 +110,115 @@ function table(rows) {
 
 // src/commands/init.ts
 import { API_KEY_PREFIX } from "@usevalt/shared";
+
+// src/schemas.ts
+import { z as z2 } from "zod";
+var ApiErrorResponseSchema = z2.object({
+  error: z2.string().optional(),
+  message: z2.string().optional()
+});
+var CertificateSchema = z2.object({
+  certificate_number: z2.string(),
+  status: z2.string(),
+  trust_score: z2.number(),
+  session_id: z2.string(),
+  git_commit: z2.string().nullable(),
+  issued_at: z2.string()
+});
+var CertificateGenerateResponseSchema = z2.object({
+  data: z2.object({
+    certificate_number: z2.string(),
+    trust_score: z2.number()
+  })
+});
+var CertificateListResponseSchema = z2.object({
+  data: z2.array(CertificateSchema)
+});
+var VerifyResponseSchema = z2.object({
+  verified: z2.boolean(),
+  certificate_number: z2.string().optional(),
+  trust_score: z2.number().optional(),
+  status: z2.string().optional(),
+  signature_valid: z2.boolean().optional(),
+  issued_at: z2.string().optional(),
+  reason: z2.string().optional()
+});
+var SessionDetailSchema = z2.object({
+  id: z2.string(),
+  tool: z2.string().nullable(),
+  model: z2.string().nullable(),
+  status: z2.string().nullable(),
+  trust_score: z2.number().nullable(),
+  total_cost_usd: z2.number().nullable(),
+  duration_ms: z2.number().nullable(),
+  git_branch: z2.string().nullable(),
+  started_at: z2.string().nullable(),
+  tags: z2.array(z2.string()).nullable()
+});
+var SessionDetailResponseSchema = z2.object({
+  data: SessionDetailSchema
+});
+var SessionSummarySchema = z2.object({
+  id: z2.string(),
+  tool: z2.string(),
+  status: z2.string(),
+  started_at: z2.string(),
+  duration_ms: z2.number().nullable(),
+  total_cost_usd: z2.number(),
+  trust_score: z2.number().nullable(),
+  prompt_summary: z2.string().nullable()
+});
+var SessionListResponseSchema = z2.object({
+  sessions: z2.array(SessionSummarySchema)
+});
+var SessionWithBreakdownSchema = z2.object({
+  trust_score: z2.number().nullable(),
+  trust_score_breakdown: z2.record(z2.string(), z2.number()).nullable()
+});
+var SessionWithBreakdownResponseSchema = z2.object({
+  data: SessionWithBreakdownSchema
+});
+var SessionSearchResponseSchema = z2.object({
+  sessions: z2.array(z2.object({ id: z2.string() }))
+});
+var CostByToolSchema = z2.object({
+  tool: z2.string(),
+  totalCost: z2.number(),
+  sessionCount: z2.number()
+});
+var CostsResponseSchema = z2.object({
+  data: z2.object({
+    total_cost_usd: z2.number(),
+    cost_by_tool: z2.array(CostByToolSchema),
+    daily_costs: z2.array(z2.object({
+      date: z2.string(),
+      cost: z2.number()
+    }))
+  })
+});
+var ConfigKeySchema = z2.enum(["apiKey", "endpoint", "projectId", "projectSlug"]);
+var InitArgsSchema = z2.object({
+  apiKey: z2.string().optional(),
+  endpoint: z2.string().url("Endpoint must be a valid URL").optional()
+});
+function validateResponse(schema, data, label) {
+  const result = schema.safeParse(data);
+  if (!result.success) {
+    const issues = result.error.issues.map((i) => `${i.path.join(".")}: ${i.message}`).join("; ");
+    throw new Error(`Invalid ${label} response: ${issues}`);
+  }
+  return result.data;
+}
+
+// src/commands/init.ts
 var initCommand = new Command("init").description("Initialize Valt in the current project").option("-k, --api-key <key>", "API key").option("-e, --endpoint <url>", "API endpoint").action(async (opts) => {
   try {
+    const argsResult = InitArgsSchema.safeParse(opts);
+    if (!argsResult.success) {
+      const issues = argsResult.error.issues.map((i) => `${i.path.join(".")}: ${i.message}`).join("; ");
+      error(`Invalid arguments: ${issues}`);
+      process.exit(1);
+    }
     const existing = readConfig();
     const config = { ...existing };
     if (opts.apiKey) {
@@ -121,19 +247,75 @@ var initCommand = new Command("init").description("Initialize Valt in the curren
 
 // src/commands/login.ts
 import { Command as Command2 } from "commander";
+import os from "os";
+var POLL_INTERVAL_MS = 2e3;
+var TIMEOUT_MS = 5 * 60 * 1e3;
+function getEndpoint2() {
+  return process.env.VALT_ENDPOINT ?? "https://usevalt.com";
+}
+function sleep(ms) {
+  return new Promise((resolve4) => setTimeout(resolve4, ms));
+}
+async function openBrowser(url) {
+  try {
+    const open = (await import("open")).default;
+    await open(url);
+  } catch {
+    warn(`Could not open browser automatically. Please visit the URL above.`);
+  }
+}
 var loginCommand = new Command2("login").description("Authenticate with Valt (opens browser)").action(async () => {
+  const endpoint = getEndpoint2();
+  info("Starting device authorization flow...");
+  let deviceData;
   try {
-    info("Opening browser for authentication...");
-    info("Login URL: https://usevalt.com/login");
-    info("");
-    info("To authenticate:");
-    info("  1. Go to https://usevalt.com/settings/api-keys");
-    info("  2. Create an API key");
-    info("  3. Run: valt init --api-key <your-key>");
+    const res = await fetch(`${endpoint}/api/auth/device`, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" }
+    });
+    if (!res.ok) {
+      throw new Error(`Server returned ${res.status}`);
+    }
+    deviceData = await res.json();
   } catch (err) {
-    error(`Login failed: ${err instanceof Error ? err.message : String(err)}`);
+    error(`Failed to initiate login: ${err instanceof Error ? err.message : String(err)}`);
     process.exit(1);
   }
+  const verificationUrl = `${endpoint}/auth/device?code=${deviceData.user_code}`;
+  info("");
+  info(`Your verification code: ${bold(deviceData.user_code)}`);
+  info("");
+  info(`Opening browser to: ${dim(verificationUrl)}`);
+  info("If the browser does not open, visit the URL above manually.");
+  info("");
+  await openBrowser(verificationUrl);
+  info("Waiting for approval...");
+  const startTime = Date.now();
+  while (Date.now() - startTime < TIMEOUT_MS) {
+    await sleep(POLL_INTERVAL_MS);
+    try {
+      const res = await fetch(
+        `${endpoint}/api/auth/device?code=${deviceData.device_code}`
+      );
+      if (!res.ok) continue;
+      const poll = await res.json();
+      if (poll.status === "approved" && poll.api_key) {
+        const keyPrefix = poll.api_key.slice(0, 8);
+        writeConfig({ apiKey: poll.api_key, endpoint }, os.homedir());
+        info("");
+        success(`Authenticated successfully. API key: ${dim(keyPrefix + "...")}`);
+        success(`Credentials saved to ~/.valtrc.json`);
+        return;
+      }
+      if (poll.status === "expired") {
+        error("Device code expired. Please try again.");
+        process.exit(1);
+      }
+    } catch {
+    }
+  }
+  error("Login timed out after 5 minutes. Please try again.");
+  process.exit(1);
 });
 
 // src/commands/status.ts
@@ -175,9 +357,10 @@ var statusCommand = new Command3("status").description("Show recent session acti
   const spinner = ora("Fetching sessions...").start();
   try {
     const limit = parseInt(opts.limit, 10) || 10;
-    const data = await apiRequest(
+    const raw = await apiRequest(
       `/v1/sessions?limit=${limit}`
     );
+    const data = validateResponse(SessionListResponseSchema, raw, "session list");
     spinner.stop();
     if (data.sessions.length === 0) {
       info("No sessions found. Start tracking with the SDK.");
@@ -217,9 +400,10 @@ import ora2 from "ora";
 var verifyCommand = new Command4("verify").description("Check Valt Verified status for a commit").argument("<commit>", "Git commit SHA to verify").action(async (commit) => {
   const spinner = ora2("Verifying commit...").start();
   try {
-    const data = await apiRequest(
+    const raw = await apiRequest(
       `/v1/certificates/verify?commit=${encodeURIComponent(commit)}`
     );
+    const data = validateResponse(VerifyResponseSchema, raw, "certificate verify");
     spinner.stop();
     if (data.verified) {
       success(`Valt Verified ${bold(data.certificate_number ?? "")}`);
@@ -288,6 +472,25 @@ var doctorCommand = new Command5("doctor").description("Check Valt configuration
       issues++;
     }
   }
+  const evalUrl = process.env["VALT_EVAL_URL"];
+  if (evalUrl) {
+    try {
+      const evalRes = await fetch(`${evalUrl}/eval/health`, {
+        signal: AbortSignal.timeout(5e3)
+      });
+      if (evalRes.ok) {
+        success(`Eval service: ${dim(evalUrl)} (Semgrep)`);
+      } else {
+        warn(`Eval service returned status ${evalRes.status}`);
+        issues++;
+      }
+    } catch {
+      warn("Eval service unreachable (security scores will use heuristic fallback)");
+      issues++;
+    }
+  } else {
+    info("Eval service: not configured (set VALT_EVAL_URL for Semgrep scans)");
+  }
   console.log("");
   if (issues === 0) {
     success("All checks passed!");
@@ -318,6 +521,10 @@ import { Command as Command7 } from "commander";
 var configCommand = new Command7("config").description("Manage Valt configuration");
 configCommand.command("set <key> <value>").description("Set a config value").action((key, value) => {
   try {
+    const keyResult = ConfigKeySchema.safeParse(key);
+    if (!keyResult.success) {
+      warn(`Unknown config key "${key}". Valid keys: ${ConfigKeySchema.options.join(", ")}`);
+    }
     const config = readConfig();
     config[key] = value;
     writeConfig(config);
@@ -359,12 +566,14 @@ configCommand.command("list").description("List all config values").action(() =>
 // src/commands/sessions.ts
 import { Command as Command8 } from "commander";
 import ora3 from "ora";
-var sessionsCommand = new Command8("sessions").description("View session details").argument("<id>", "Session ID").action(async (id) => {
+var sessionsCommand = new Command8("sessions").description("View and list sessions");
+sessionsCommand.command("show <id>").description("Show session details").action(async (id) => {
   const spinner = ora3("Fetching session...").start();
   try {
-    const session = await apiRequest(
+    const raw = await apiRequest(
       `/v1/sessions/${encodeURIComponent(id)}`
     );
+    const session = validateResponse(SessionDetailResponseSchema, raw, "session detail");
     spinner.stop();
     const s = session.data;
     console.log(bold(`Session: ${id}`));
@@ -393,6 +602,55 @@ var sessionsCommand = new Command8("sessions").description("View session details
     process.exit(1);
   }
 });
+sessionsCommand.command("list").description("List recent sessions").option("-n, --limit <count>", "Number of sessions to show", "10").option("-s, --status <status>", "Filter by status").action(async (opts) => {
+  const spinner = ora3("Fetching sessions...").start();
+  try {
+    const limit = parseInt(opts.limit, 10) || 10;
+    let url = `/v1/sessions?limit=${limit}`;
+    if (opts.status) {
+      url += `&status=${encodeURIComponent(opts.status)}`;
+    }
+    const raw = await apiRequest(url);
+    const data = validateResponse(SessionListResponseSchema, raw, "session list");
+    spinner.stop();
+    if (data.sessions.length === 0) {
+      info("No sessions found.");
+      return;
+    }
+    console.log(bold(`Sessions (${data.sessions.length})`));
+    console.log("");
+    const rows = [
+      ["ID", "TOOL", "STATUS", "SCORE", "COST", "DURATION", "STARTED"]
+    ];
+    for (const s of data.sessions) {
+      rows.push([
+        s.id.slice(0, 8),
+        s.tool,
+        s.status,
+        s.trust_score !== null ? String(s.trust_score) : "-",
+        formatCost(s.total_cost_usd),
+        s.duration_ms ? formatDuration(s.duration_ms) : "-",
+        formatDate(s.started_at)
+      ]);
+    }
+    table(rows);
+  } catch (err) {
+    spinner.stop();
+    if (err instanceof ApiError) {
+      error(err.message);
+    } else {
+      error(`Failed to list sessions: ${err instanceof Error ? err.message : String(err)}`);
+    }
+    process.exit(1);
+  }
+});
+sessionsCommand.argument("[id]", "Session ID to show").action(async (id) => {
+  if (id) {
+    await sessionsCommand.commands.find((c) => c.name() === "show").parseAsync(["node", "show", id]);
+  } else {
+    await sessionsCommand.commands.find((c) => c.name() === "list").parseAsync(["node", "list"]);
+  }
+});
 
 // src/commands/cert.ts
 import { Command as Command9 } from "commander";
@@ -401,13 +659,14 @@ var certCommand = new Command9("cert").description("Manage certificates");
 certCommand.command("generate").description("Generate a certificate for a session").requiredOption("--session <id>", "Session ID").option("--force", "Force regeneration if certificate exists").action(async (opts) => {
   const spinner = ora4("Generating certificate...").start();
   try {
-    const result = await apiRequest("/v1/certificates", {
+    const raw = await apiRequest("/v1/certificates", {
       method: "POST",
       body: JSON.stringify({
         session_id: opts.session,
         force: opts.force ?? false
       })
     });
+    const result = validateResponse(CertificateGenerateResponseSchema, raw, "certificate generate");
     spinner.stop();
     success(`Certificate generated: ${result.data.certificate_number} (score: ${result.data.trust_score})`);
   } catch (err) {
@@ -423,9 +682,10 @@ certCommand.command("generate").description("Generate a certificate for a sessio
 certCommand.command("show <number>").description("Show certificate details").action(async (certNumber) => {
   const spinner = ora4("Fetching certificate...").start();
   try {
-    const result = await apiRequest(
+    const raw = await apiRequest(
       `/v1/certificates?certificate_number=${encodeURIComponent(certNumber)}`
     );
+    const result = validateResponse(CertificateListResponseSchema, raw, "certificate list");
     spinner.stop();
     const certs = result.data;
     if (!certs || certs.length === 0) {
@@ -452,6 +712,77 @@ certCommand.command("show <number>").description("Show certificate details").act
     process.exit(1);
   }
 });
+certCommand.command("list").description("List certificates").option("-n, --limit <count>", "Number of certificates to show", "10").option("-s, --status <status>", "Filter by status (active, revoked)").action(async (opts) => {
+  const spinner = ora4("Fetching certificates...").start();
+  try {
+    const limit = parseInt(opts.limit, 10) || 10;
+    let url = `/v1/certificates?limit=${limit}`;
+    if (opts.status) {
+      url += `&status=${encodeURIComponent(opts.status)}`;
+    }
+    const raw = await apiRequest(url);
+    const result = validateResponse(CertificateListResponseSchema, raw, "certificate list");
+    spinner.stop();
+    const certs = result.data;
+    if (!certs || certs.length === 0) {
+      info("No certificates found.");
+      return;
+    }
+    console.log(bold(`Certificates (${certs.length})`));
+    console.log("");
+    const rows = [
+      ["NUMBER", "STATUS", "SCORE", "COMMIT", "ISSUED"]
+    ];
+    for (const cert of certs) {
+      rows.push([
+        cert.certificate_number,
+        cert.status,
+        String(cert.trust_score),
+        cert.git_commit?.slice(0, 8) ?? "-",
+        formatDate(cert.issued_at)
+      ]);
+    }
+    table(rows);
+  } catch (err) {
+    spinner.stop();
+    if (err instanceof ApiError) {
+      error(err.message);
+    } else {
+      error(`Failed to list certificates: ${err instanceof Error ? err.message : String(err)}`);
+    }
+    process.exit(1);
+  }
+});
+certCommand.command("verify <commit>").description("Verify a certificate for a commit").action(async (commit) => {
+  const spinner = ora4("Verifying...").start();
+  try {
+    const raw = await apiRequest(
+      `/v1/certificates/verify?commit=${encodeURIComponent(commit)}`
+    );
+    const data = validateResponse(VerifyResponseSchema, raw, "certificate verify");
+    spinner.stop();
+    if (data.verified) {
+      success(`Valt Verified ${bold(data.certificate_number ?? "")}`);
+      info(`  Trust Score: ${data.trust_score ?? "-"}`);
+      info(`  Status: ${data.status ?? "-"}`);
+      info(`  Signature Valid: ${data.signature_valid ? "Yes" : "No"}`);
+      if (data.issued_at) info(`  Issued: ${data.issued_at}`);
+    } else {
+      warn("Not Valt Verified");
+      if (data.reason) info(`  Reason: ${data.reason}`);
+    }
+  } catch (err) {
+    spinner.stop();
+    if (err instanceof ApiError && err.status === 404) {
+      warn("No certificate found for this commit.");
+    } else if (err instanceof ApiError) {
+      error(err.message);
+    } else {
+      error(`Failed to verify: ${err instanceof Error ? err.message : String(err)}`);
+    }
+    process.exit(1);
+  }
+});
 
 // src/commands/costs.ts
 import { Command as Command10 } from "commander";
@@ -460,9 +791,10 @@ var costsCommand = new Command10("costs").description("View cost breakdown").opt
   const spinner = ora5("Fetching costs...").start();
   try {
     const days = opts.period.replace("d", "");
-    const result = await apiRequest(
+    const raw = await apiRequest(
       `/v1/analytics/costs?days=${encodeURIComponent(days)}`
     );
+    const result = validateResponse(CostsResponseSchema, raw, "costs");
     spinner.stop();
     const data = result.data;
     console.log(bold(`Total Cost: ${formatCost(data.total_cost_usd)}`));
@@ -494,9 +826,10 @@ var analyzeCommand = new Command11("analyze").description("Analyze a session or
   try {
     let sessionId = opts.session;
     if (opts.commit && !sessionId) {
-      const sessions = await apiRequest(
+      const rawSessions = await apiRequest(
         `/v1/sessions?git_commit=${encodeURIComponent(opts.commit)}`
       );
+      const sessions = validateResponse(SessionSearchResponseSchema, rawSessions, "session search");
       if (!sessions.sessions || sessions.sessions.length === 0) {
         spinner.stop();
         error(`No session found for commit: ${opts.commit}`);
@@ -509,9 +842,10 @@ var analyzeCommand = new Command11("analyze").description("Analyze a session or
       error("Provide --session <id> or --commit <sha>");
       return;
     }
-    const result = await apiRequest(
+    const raw = await apiRequest(
       `/v1/sessions/${encodeURIComponent(sessionId)}`
     );
+    const result = validateResponse(SessionWithBreakdownResponseSchema, raw, "session breakdown");
     spinner.stop();
     const s = result.data;
     console.log(bold("Trust Score Analysis"));
@@ -659,9 +993,254 @@ proxyCommand.command("stop").description("Stop the MCP proxy").action(() => {
   }
 });
 
+// src/commands/hook.ts
+import { Command as Command13 } from "commander";
+import { readFileSync as readFileSync3, writeFileSync as writeFileSync3, unlinkSync as unlinkSync2, existsSync as existsSync3 } from "fs";
+import os2 from "os";
+var SESSION_FILE = `${os2.tmpdir()}/valt-session-${process.getuid?.() ?? "default"}.json`;
+function getEnvConfig() {
+  const apiKey = process.env["VALT_API_KEY"];
+  if (!apiKey) {
+    error("VALT_API_KEY environment variable is required");
+    process.exit(1);
+  }
+  const endpoint = process.env["VALT_ENDPOINT"] ?? "https://ingest.usevalt.com";
+  const apiEndpoint = process.env["VALT_API_ENDPOINT"] ?? "https://usevalt.com";
+  const projectId = process.env["VALT_PROJECT_ID"];
+  return { apiKey, endpoint, apiEndpoint, projectId };
+}
+function readSessionFile() {
+  try {
+    if (!existsSync3(SESSION_FILE)) return null;
+    const data = readFileSync3(SESSION_FILE, "utf-8");
+    return JSON.parse(data);
+  } catch {
+    return null;
+  }
+}
+async function sendEvents(endpoint, apiKey, events) {
+  try {
+    const res = await fetch(`${endpoint}/v1/events`, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        Authorization: `Bearer ${apiKey}`
+      },
+      body: JSON.stringify({ events }),
+      signal: AbortSignal.timeout(1e4)
+    });
+    return res.ok;
+  } catch {
+    return false;
+  }
+}
+var sessionStartCommand = new Command13("session-start").description("Hook: called when a Claude Code session starts").action(async () => {
+  try {
+    const { apiKey, endpoint, apiEndpoint, projectId } = getEnvConfig();
+    const sessionId = crypto.randomUUID();
+    const startedAt = (/* @__PURE__ */ new Date()).toISOString();
+    const state = { sessionId, startedAt, apiKey, endpoint, apiEndpoint, projectId };
+    writeFileSync3(SESSION_FILE, JSON.stringify(state, null, 2), { mode: 384 });
+    const sent = await sendEvents(endpoint, apiKey, [
+      {
+        event_id: crypto.randomUUID(),
+        session_id: sessionId,
+        event_type: "session.start",
+        timestamp: startedAt,
+        tool: "claude-code",
+        metadata: {
+          tool: "claude-code",
+          model: process.env["CLAUDE_MODEL"] ?? "unknown",
+          repository: process.env["CLAUDE_REPO"],
+          branch: process.env["CLAUDE_BRANCH"],
+          project_id: projectId
+        }
+      }
+    ]);
+    if (sent) {
+      success(`Valt session started: ${sessionId}`);
+    } else {
+      warn("Session started locally but failed to send to Valt. Events will be captured.");
+    }
+    if (projectId) {
+      try {
+        const convParams = new URLSearchParams({
+          project_id: projectId,
+          type: "convention",
+          limit: "20"
+        });
+        const convRes = await fetch(`${apiEndpoint}/api/v1/memories?${convParams.toString()}`, {
+          headers: {
+            "Content-Type": "application/json",
+            Authorization: `Bearer ${apiKey}`
+          },
+          signal: AbortSignal.timeout(5e3)
+        });
+        if (convRes.ok) {
+          const convBody = await convRes.json();
+          const conventions = convBody.data ?? [];
+          if (conventions.length > 0) {
+            console.log("\n## Project Conventions");
+            for (const c of conventions) {
+              console.log(`- **${c.title}**: ${c.content}`);
+            }
+            console.log("");
+          }
+        }
+      } catch {
+      }
+    }
+  } catch (err) {
+    error(`Failed to start session: ${err instanceof Error ? err.message : String(err)}`);
+  }
+});
+var toolCallCommand = new Command13("tool-call").description("Hook: called on each Claude Code tool call (reads JSON from stdin)").action(async () => {
+  try {
+    const session = readSessionFile();
+    if (!session) {
+      warn("No active Valt session. Run `valt hook session-start` first.");
+      return;
+    }
+    let stdinData = "";
+    if (!process.stdin.isTTY) {
+      stdinData = await new Promise((resolve4) => {
+        const chunks = [];
+        process.stdin.setEncoding("utf-8");
+        process.stdin.on("data", (chunk) => chunks.push(String(chunk)));
+        process.stdin.on("end", () => resolve4(chunks.join("")));
+        setTimeout(() => resolve4(chunks.join("")), 1e3);
+      });
+    }
+    let toolData = {};
+    if (stdinData.trim()) {
+      try {
+        toolData = JSON.parse(stdinData);
+      } catch {
+        toolData = { raw_input: stdinData.trim() };
+      }
+    }
+    const toolName = toolData["tool_name"] ?? toolData["name"] ?? "unknown";
+    await sendEvents(session.endpoint, session.apiKey, [
+      {
+        event_id: crypto.randomUUID(),
+        session_id: session.sessionId,
+        event_type: "tool.call",
+        timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+        tool: "claude-code",
+        tool_name: toolName,
+        metadata: toolData
+      }
+    ]);
+  } catch (err) {
+    warn(`Tool call tracking failed: ${err instanceof Error ? err.message : String(err)}`);
+  }
+});
+var sessionEndCommand = new Command13("session-end").description("Hook: called when a Claude Code session ends").action(async () => {
+  try {
+    const session = readSessionFile();
+    if (!session) {
+      warn("No active Valt session to end.");
+      return;
+    }
+    const now = /* @__PURE__ */ new Date();
+    const startedAt = new Date(session.startedAt);
+    const durationMs = now.getTime() - startedAt.getTime();
+    const sent = await sendEvents(session.endpoint, session.apiKey, [
+      {
+        event_id: crypto.randomUUID(),
+        session_id: session.sessionId,
+        event_type: "session.end",
+        timestamp: now.toISOString(),
+        duration_ms: durationMs,
+        tool: "claude-code",
+        metadata: {
+          started_at: session.startedAt,
+          ended_at: now.toISOString()
+        }
+      }
+    ]);
+    try {
+      unlinkSync2(SESSION_FILE);
+    } catch {
+    }
+    if (sent) {
+      success(`Valt session ended: ${session.sessionId} (${Math.round(durationMs / 1e3)}s)`);
+    } else {
+      warn("Session ended locally but failed to send to Valt.");
+    }
+  } catch (err) {
+    error(`Failed to end session: ${err instanceof Error ? err.message : String(err)}`);
+  }
+});
+var hookCommand = new Command13("hook").description("Claude Code hook handlers for Valt session tracking").addCommand(sessionStartCommand).addCommand(toolCallCommand).addCommand(sessionEndCommand);
+
+// src/commands/start.ts
+import { Command as Command14 } from "commander";
+import { readFileSync as readFileSync4, writeFileSync as writeFileSync4, existsSync as existsSync4 } from "fs";
+import { resolve as resolve3 } from "path";
+var HOOKS_PATH = ".claude/hooks.json";
+var VALT_HOOKS = {
+  SessionStart: [{
+    hooks: [{ type: "command", command: "npx @usevalt/cli hook session-start" }]
+  }],
+  PreToolCall: [{
+    matcher: ".*",
+    hooks: [{ type: "command", command: "echo '{}' | npx @usevalt/cli hook tool-call" }]
+  }],
+  Stop: [{
+    hooks: [{ type: "command", command: "npx @usevalt/cli hook session-end" }]
+  }]
+};
+var startCommand = new Command14("start").description("Configure Valt for Claude Code in the current project").action(() => {
+  try {
+    const apiKey = getApiKey();
+    if (!apiKey) {
+      error("No API key found. Set VALT_API_KEY or run `valt login` first.");
+      process.exit(1);
+    }
+    const claudeDir = resolve3(process.cwd(), ".claude");
+    if (!existsSync4(claudeDir)) {
+      warn("No .claude/ directory found. This command is designed for Claude Code projects.");
+      info("Creating .claude/ directory...");
+      const { mkdirSync: mkdirSync2 } = __require("fs");
+      mkdirSync2(claudeDir, { recursive: true });
+    }
+    const hooksFile = resolve3(process.cwd(), HOOKS_PATH);
+    let existingHooks = {};
+    if (existsSync4(hooksFile)) {
+      try {
+        existingHooks = JSON.parse(readFileSync4(hooksFile, "utf-8"));
+        info("Found existing hooks.json -- merging Valt hooks.");
+      } catch {
+        warn("Existing hooks.json is not valid JSON. Creating a new one.");
+        existingHooks = {};
+      }
+    }
+    const hooks = existingHooks.hooks ?? {};
+    for (const [event, valtEntries] of Object.entries(VALT_HOOKS)) {
+      const existing = hooks[event];
+      const hasValt = existing?.some(
+        (entry) => entry.hooks?.some((h) => h.command?.includes("@usevalt/cli"))
+      );
+      if (hasValt) {
+        continue;
+      }
+      hooks[event] = [...existing ?? [], ...valtEntries];
+    }
+    const merged = { ...existingHooks, hooks };
+    writeFileSync4(hooksFile, JSON.stringify(merged, null, 2) + "\n", "utf-8");
+    success("Valt is configured.");
+    info(`Hooks written to ${bold(HOOKS_PATH)}`);
+    info("Start a Claude Code session and your work will be tracked automatically.");
+  } catch (err) {
+    error(`Failed to configure: ${err instanceof Error ? err.message : String(err)}`);
+    process.exit(1);
+  }
+});
+
 // src/index.ts
-var program = new Command13();
-program.name("valt").description("Valt CLI \u2014 trust layer for AI-assisted development").version("0.1.0");
+var program = new Command15();
+program.name("valt").description("Valt CLI -- trust layer for AI-assisted development").version("0.2.0");
 program.addCommand(initCommand);
 program.addCommand(loginCommand);
 program.addCommand(statusCommand);
@@ -674,4 +1253,6 @@ program.addCommand(certCommand);
 program.addCommand(costsCommand);
 program.addCommand(analyzeCommand);
 program.addCommand(proxyCommand);
+program.addCommand(hookCommand);
+program.addCommand(startCommand);
 program.parse();

package/package.json

@@ -1,11 +1,11 @@
 {
   "name": "@usevalt/cli",
-  "version": "0.1.0",
+  "version": "0.2.0",
   "description": "Valt CLI — trust layer for AI-assisted development",
   "license": "MIT",
   "repository": {
     "type": "git",
-    "url": "https://github.com/valtdev/valt",
+    "url": "https://github.com/usevalt/valt",
     "directory": "packages/cli"
   },
   "keywords": [
@@ -25,21 +25,6 @@
   "files": [
     "dist"
   ],
-  "dependencies": {
-    "commander": "^13.0.0",
-    "chalk": "^5.4.0",
-    "ora": "^8.1.0",
-    "@usevalt/shared": "0.1.0"
-  },
-  "devDependencies": {
-    "tsup": "^8.4.0",
-    "typescript": "^5.7.0",
-    "vitest": "^3.2.0",
-    "@types/node": "^22.0.0",
-    "eslint": "^9.0.0",
-    "@usevalt/typescript-config": "0.0.0",
-    "@usevalt/eslint-config": "0.0.0"
-  },
   "scripts": {
     "build": "tsup",
     "dev": "tsup --watch",
@@ -47,5 +32,22 @@
     "lint": "eslint src/",
     "typecheck": "tsc --noEmit",
     "clean": "rm -rf dist"
+  },
+  "dependencies": {
+    "@usevalt/shared": "workspace:*",
+    "chalk": "^5.4.0",
+    "commander": "^13.0.0",
+    "open": "^11.0.0",
+    "ora": "^8.1.0",
+    "zod": "^3.25.76"
+  },
+  "devDependencies": {
+    "@types/node": "^22.0.0",
+    "@usevalt/eslint-config": "workspace:*",
+    "@usevalt/typescript-config": "workspace:*",
+    "eslint": "^9.0.0",
+    "tsup": "^8.4.0",
+    "typescript": "^5.7.0",
+    "vitest": "^3.2.0"
   }
-}
+}

package/LICENSE

@@ -1,21 +0,0 @@
-MIT License
-
-Copyright (c) 2026 Valt
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.