@wipcomputer/wip-repo-permissions-hook 1.0.0

package/LICENSE

@@ -0,0 +1,52 @@
+Dual License: MIT + AGPLv3
+
+Copyright (c) 2026 WIP Computer, Inc.
+
+
+1. MIT License (local and personal use)
+---------------------------------------
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+
+
+2. GNU Affero General Public License v3.0 (commercial and cloud use)
+--------------------------------------------------------------------
+
+If you run this software as part of a hosted service, cloud platform,
+marketplace listing, or any network-accessible offering for commercial
+purposes, the AGPLv3 terms apply. You must either:
+
+  a) Release your complete source code under AGPLv3, or
+  b) Obtain a commercial license.
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU Affero General Public License as published
+by the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU Affero General Public License for more details.
+
+You should have received a copy of the GNU Affero General Public License
+along with this program. If not, see <https://www.gnu.org/licenses/>.
+
+
+AGPLv3 for personal use is free. Commercial licenses available.

package/README.md

@@ -0,0 +1,86 @@
+###### WIP Computer
+
+[![npm](https://img.shields.io/npm/v/@wipcomputer/wip-repo-permissions-hook)](https://www.npmjs.com/package/@wipcomputer/wip-repo-permissions-hook) [![CLI / TUI](https://img.shields.io/badge/interface-CLI_/_TUI-black)](https://github.com/wipcomputer/wip-ai-devops-toolbox/blob/main/tools/wip-repo-permissions-hook/cli.js) [![MCP Server](https://img.shields.io/badge/interface-MCP_Server-black)](https://github.com/wipcomputer/wip-ai-devops-toolbox/blob/main/tools/wip-repo-permissions-hook/mcp-server.mjs) [![OpenClaw Plugin](https://img.shields.io/badge/interface-OpenClaw_Plugin-black)](https://github.com/wipcomputer/wip-ai-devops-toolbox/blob/main/tools/wip-repo-permissions-hook/openclaw.plugin.json) [![Claude Code Hook](https://img.shields.io/badge/interface-Claude_Code_Hook-black)](https://github.com/wipcomputer/wip-ai-devops-toolbox/blob/main/tools/wip-repo-permissions-hook/guard.mjs) [![Claude Code Skill](https://img.shields.io/badge/interface-Claude_Code_Skill-black)](https://github.com/wipcomputer/wip-ai-devops-toolbox/blob/main/tools/wip-repo-permissions-hook/SKILL.md) [![Universal Interface Spec](https://img.shields.io/badge/Universal_Interface_Spec-black?style=flat&color=black)](https://github.com/wipcomputer/wip-ai-devops-toolbox/blob/main/tools/wip-universal-installer/SPEC.md)
+
+# wip-repo-permissions-hook
+
+## Repo visibility guard. Blocks repos from going public without a -private counterpart.
+
+Every repo follows the public/private pattern. The private repo is the working repo with `ai/` folders (plans, todos, dev updates). The public repo is the same code without `ai/`. Making a repo public without the -private counterpart exposes internal development context.
+
+This tool blocks that.
+
+## How It Works
+
+Before any repo visibility change to public, the guard checks:
+
+1. Is this a fork of an external project? If yes, allow (exempt).
+2. Does `{repo-name}-private` exist on GitHub? If yes, allow.
+3. Otherwise, block with an error.
+
+## Surfaces
+
+- **CLI** ... `wip-repo-permissions check|audit|can-publish`
+- **Claude Code hook** ... PreToolUse:Bash, blocks `gh repo edit --visibility public`
+- **OpenClaw plugin** ... before_tool_use lifecycle hook
+- **Cron audit** ... periodic scan of all public repos via ldm-jobs
+
+## CLI Usage
+
+```bash
+# Check a single repo
+node cli.js check wipcomputer/memory-crystal
+# -> OK: memory-crystal-private exists
+
+# Check a repo without -private (blocked)
+node cli.js check wipcomputer/wip-bridge
+# -> BLOCKED: no -private counterpart
+
+# Audit all public repos in org
+node cli.js audit wipcomputer
+
+# Alias for check
+node cli.js can-publish wipcomputer/wip-ai-devops-toolbox
+```
+
+## Claude Code Setup
+
+Add to `~/.claude/settings.json`:
+
+```json
+{
+  "hooks": {
+    "PreToolUse": [
+      {
+        "matcher": "Bash",
+        "hooks": [{
+          "type": "command",
+          "command": "node /path/to/wip-repo-permissions-hook/guard.mjs",
+          "timeout": 10
+        }]
+      }
+    ]
+  }
+}
+```
+
+## OpenClaw Setup
+
+Symlink or copy to extensions:
+
+```bash
+cp -r tools/wip-repo-permissions-hook ~/.ldm/extensions/wip-repo-permissions-hook
+ln -sf ~/.ldm/extensions/wip-repo-permissions-hook ~/.openclaw/extensions/wip-repo-permissions-hook
+openclaw gateway restart
+```
+
+## License
+
+```
+CLI, MCP server, OpenClaw plugin, hooks        MIT    (use anywhere, no restrictions)
+Hosted or cloud service use                    AGPL   (network service distribution)
+```
+
+AGPL for personal use is free.
+
+Built by Parker Todd Brooks, Lēsa (OpenClaw, Claude Opus 4.6), Claude Code (Claude Opus 4.6).

package/SKILL.md

@@ -0,0 +1,73 @@
+---
+name: wip-repo-permissions-hook
+description: Repo visibility guard. Blocks repos from going public without a -private counterpart.
+license: MIT
+interface: [cli, module, mcp, hook, plugin]
+metadata:
+  display-name: "Repo Visibility Guard"
+  version: "1.0.0"
+  homepage: "https://github.com/wipcomputer/wip-ai-devops-toolbox"
+  author: "Parker Todd Brooks"
+  category: dev-tools
+  capabilities:
+    - visibility-check
+    - org-audit
+    - public-gate
+  requires:
+    bins: [node, gh]
+  openclaw:
+    requires:
+      bins: [node, gh]
+    install:
+      - id: node
+        kind: node
+        package: "@wipcomputer/wip-repo-permissions-hook"
+        bins: [wip-repo-permissions]
+        label: "Install via npm"
+    emoji: "🔒"
+compatibility: Requires node, gh (GitHub CLI). Node.js 18+.
+---
+
+# Repo Permissions Hook
+
+## What This Does
+
+Prevents repos from being made public unless a `-private` counterpart exists on GitHub. Protects internal plans, todos, and development context from accidental exposure.
+
+## The Rule
+
+Every repo that goes public must have a `{name}-private` repo. The private repo holds `ai/` folders with plans, todos, dev updates, and notes. The public repo has the same code without `ai/`.
+
+Forks of external projects are exempt.
+
+## How to Use
+
+### Check before changing visibility
+```bash
+node cli.js check <org>/<repo>
+```
+
+### Audit all public repos
+```bash
+node cli.js audit <org>
+```
+
+### Install as Claude Code hook
+Add to `~/.claude/settings.json` under `hooks.PreToolUse` with matcher `"Bash"`.
+
+### Install as OpenClaw plugin
+Copy to `~/.ldm/extensions/wip-repo-permissions-hook/` and restart gateway.
+
+### MCP
+
+Tools: `repo_permissions_check`, `repo_permissions_audit`
+
+Add to `.mcp.json`:
+```json
+{
+  "wip-repo-permissions": {
+    "command": "node",
+    "args": ["/path/to/tools/wip-repo-permissions-hook/mcp-server.mjs"]
+  }
+}
+```

package/cli.js

@@ -0,0 +1,83 @@
+#!/usr/bin/env node
+/**
+ * wip-repo-permissions-hook/cli.js
+ * CLI for repo visibility permissions.
+ *
+ * Usage:
+ *   wip-repo-permissions check <org/repo>      Check if repo can be public
+ *   wip-repo-permissions audit <org>            Audit all public repos
+ *   wip-repo-permissions can-publish <org/repo> Alias for check
+ */
+
+import { checkPrivateCounterpart, auditOrg } from './core.mjs';
+
+const args = process.argv.slice(2);
+const command = args[0];
+const target = args[1];
+
+function usage() {
+  console.log('wip-repo-permissions ... repo visibility guard\n');
+  console.log('Usage:');
+  console.log('  wip-repo-permissions check <org/repo>       Check if repo can be made public');
+  console.log('  wip-repo-permissions audit <org>             Audit all public repos in org');
+  console.log('  wip-repo-permissions can-publish <org/repo>  Alias for check');
+  console.log('\nExamples:');
+  console.log('  wip-repo-permissions check wipcomputer/wip-bridge');
+  console.log('  wip-repo-permissions audit wipcomputer');
+  process.exit(1);
+}
+
+if (!command || !target) usage();
+
+switch (command) {
+  case 'check':
+  case 'can-publish': {
+    const parts = target.split('/');
+    if (parts.length !== 2) {
+      console.error('Error: target must be org/repo (e.g. wipcomputer/memory-crystal)');
+      process.exit(1);
+    }
+    const [org, repo] = parts;
+    const result = checkPrivateCounterpart(org, repo);
+
+    if (result.allowed) {
+      console.log(`  OK: ${result.reason}`);
+      process.exit(0);
+    } else {
+      console.error(`  ${result.reason}`);
+      process.exit(1);
+    }
+    break;
+  }
+
+  case 'audit': {
+    const org = target;
+    console.log(`\nAuditing public repos in ${org}...\n`);
+
+    const { violations, ok } = auditOrg(org);
+
+    if (ok.length > 0) {
+      console.log(`  Compliant (${ok.length}):`);
+      for (const r of ok) {
+        console.log(`    OK  ${r.name}`);
+      }
+      console.log('');
+    }
+
+    if (violations.length > 0) {
+      console.log(`  VIOLATIONS (${violations.length}):`);
+      for (const v of violations) {
+        console.log(`    !!  ${v.name} ... no -private counterpart`);
+      }
+      console.log('');
+      console.error(`  ${violations.length} repo(s) are public without a -private counterpart.`);
+      process.exit(1);
+    } else {
+      console.log('  All public repos have -private counterparts (or are exempt forks).');
+      process.exit(0);
+    }
+  }
+
+  default:
+    usage();
+}

package/core.mjs

@@ -0,0 +1,122 @@
+/**
+ * wip-repo-permissions-hook/core.mjs
+ * Pure logic for repo visibility permissions.
+ * Blocks repos from going public without a -private counterpart.
+ * Zero dependencies. Uses gh CLI for GitHub API calls.
+ */
+
+import { execFileSync } from 'node:child_process';
+
+/**
+ * Check if a repo has a -private counterpart on GitHub.
+ * @param {string} org - GitHub org (e.g. "wipcomputer")
+ * @param {string} repoName - Repo name (e.g. "memory-crystal")
+ * @returns {{ allowed: boolean, reason: string }}
+ */
+export function checkPrivateCounterpart(org, repoName) {
+  // If the repo itself IS the private repo, allow
+  if (repoName.endsWith('-private')) {
+    return { allowed: true, reason: `${repoName} is already a private repo.` };
+  }
+
+  // Check if it's a fork (forks of external projects are exempt)
+  const forkStatus = isThirdPartyFork(org, repoName);
+  if (forkStatus.isFork) {
+    return { allowed: true, reason: `${repoName} is a fork of ${forkStatus.parent}. Forks are exempt.` };
+  }
+
+  // Check if -private counterpart exists
+  const privateName = `${repoName}-private`;
+  try {
+    execFileSync('gh', ['api', `repos/${org}/${privateName}`, '--jq', '.name'], {
+      encoding: 'utf8',
+      stdio: ['pipe', 'pipe', 'pipe'],
+      timeout: 10000,
+    });
+    return { allowed: true, reason: `${privateName} exists. ${repoName} can be public.` };
+  } catch {
+    return {
+      allowed: false,
+      reason: `BLOCKED: ${org}/${repoName} cannot be made public. No -private counterpart found (expected ${org}/${privateName}). Create the -private repo first, move all ai/ content there, then make this repo public.`,
+    };
+  }
+}
+
+/**
+ * Check if a repo is a fork of an external project.
+ * @param {string} org
+ * @param {string} repoName
+ * @returns {{ isFork: boolean, parent: string }}
+ */
+export function isThirdPartyFork(org, repoName) {
+  try {
+    const json = execFileSync('gh', ['api', `repos/${org}/${repoName}`, '--jq', '{fork: .fork, parent: .parent.full_name}'], {
+      encoding: 'utf8',
+      stdio: ['pipe', 'pipe', 'pipe'],
+      timeout: 10000,
+    });
+    const data = JSON.parse(json);
+    if (data.fork && data.parent && !data.parent.startsWith(`${org}/`)) {
+      return { isFork: true, parent: data.parent };
+    }
+    return { isFork: false, parent: '' };
+  } catch {
+    return { isFork: false, parent: '' };
+  }
+}
+
+/**
+ * Audit all public repos in an org for missing -private counterparts.
+ * @param {string} org
+ * @returns {{ violations: Array<{name: string, reason: string}>, ok: Array<{name: string, reason: string}> }}
+ */
+export function auditOrg(org) {
+  // Get all public repos
+  let repos;
+  try {
+    const json = execFileSync('gh', [
+      'repo', 'list', org,
+      '--visibility', 'public',
+      '--json', 'name',
+      '--limit', '200',
+    ], { encoding: 'utf8', stdio: ['pipe', 'pipe', 'pipe'], timeout: 30000 });
+    repos = JSON.parse(json);
+  } catch (e) {
+    throw new Error(`Failed to list repos for ${org}: ${e.message}`);
+  }
+
+  const violations = [];
+  const ok = [];
+
+  for (const repo of repos) {
+    const result = checkPrivateCounterpart(org, repo.name);
+    if (result.allowed) {
+      ok.push({ name: repo.name, reason: result.reason });
+    } else {
+      violations.push({ name: repo.name, reason: result.reason });
+    }
+  }
+
+  return { violations, ok };
+}
+
+/**
+ * Extract repo org/name from a gh command string.
+ * Looks for patterns like: gh repo edit wipcomputer/repo-name --visibility public
+ * @param {string} command
+ * @returns {{ org: string, repo: string, isVisibilityChange: boolean } | null}
+ */
+export function parseVisibilityCommand(command) {
+  // Match: gh repo edit <org/repo> ... --visibility public
+  const editMatch = command.match(/gh\s+repo\s+edit\s+([^\s]+)/);
+  if (!editMatch) return null;
+
+  const visibilityMatch = command.match(/--visibility\s+(public|private|internal)/);
+  if (!visibilityMatch || visibilityMatch[1] !== 'public') return null;
+
+  const slug = editMatch[1];
+  const parts = slug.split('/');
+  if (parts.length !== 2) return null;
+
+  return { org: parts[0], repo: parts[1], isVisibilityChange: true };
+}

package/guard.mjs

@@ -0,0 +1,64 @@
+#!/usr/bin/env node
+/**
+ * wip-repo-permissions-hook/guard.mjs
+ * PreToolUse:Bash hook for Claude Code.
+ * Blocks `gh repo edit --visibility public` unless -private counterpart exists.
+ * Same pattern as wip-file-guard/guard.mjs.
+ */
+
+import { parseVisibilityCommand, checkPrivateCounterpart } from './core.mjs';
+
+function deny(reason) {
+  const output = {
+    hookSpecificOutput: {
+      hookEventName: 'PreToolUse',
+      permissionDecision: 'deny',
+      permissionDecisionReason: reason,
+    },
+  };
+  process.stdout.write(JSON.stringify(output));
+}
+
+async function main() {
+  let raw = '';
+  for await (const chunk of process.stdin) {
+    raw += chunk;
+  }
+
+  let input;
+  try {
+    input = JSON.parse(raw);
+  } catch {
+    // Can't parse input, allow by default
+    process.exit(0);
+  }
+
+  const toolName = input.tool_name || '';
+  const toolInput = input.tool_input || {};
+
+  // Only check Bash commands
+  if (toolName !== 'Bash') {
+    process.exit(0);
+  }
+
+  const command = toolInput.command || '';
+
+  // Only check commands that look like visibility changes
+  const parsed = parseVisibilityCommand(command);
+  if (!parsed) {
+    process.exit(0);
+  }
+
+  // Check if the repo can be made public
+  const result = checkPrivateCounterpart(parsed.org, parsed.repo);
+
+  if (!result.allowed) {
+    deny(result.reason);
+    process.exit(0);
+  }
+
+  // Allowed
+  process.exit(0);
+}
+
+main().catch(() => process.exit(0));

package/mcp-server.mjs

@@ -0,0 +1,92 @@
+#!/usr/bin/env node
+// wip-repo-permissions-hook/mcp-server.mjs
+// MCP server exposing repo visibility guard as tools.
+// Wraps core.mjs. Registered via .mcp.json.
+
+import { Server } from '@modelcontextprotocol/sdk/server/index.js';
+import { StdioServerTransport } from '@modelcontextprotocol/sdk/server/stdio.js';
+import { CallToolRequestSchema, ListToolsRequestSchema } from '@modelcontextprotocol/sdk/types.js';
+import {
+  checkPrivateCounterpart, auditOrg,
+} from './core.mjs';
+
+const server = new Server(
+  { name: 'wip-repo-permissions', version: '1.0.0' },
+  { capabilities: { tools: {} } }
+);
+
+// ── Tool Definitions ──
+
+server.setRequestHandler(ListToolsRequestSchema, async () => ({
+  tools: [
+    {
+      name: 'repo_permissions_check',
+      description: 'Check if a repo has a -private counterpart on GitHub. Required before making any repo public.',
+      inputSchema: {
+        type: 'object',
+        properties: {
+          org: { type: 'string', description: 'GitHub org (e.g. wipcomputer)' },
+          repo: { type: 'string', description: 'Repo name (e.g. memory-crystal)' },
+        },
+        required: ['org', 'repo'],
+      },
+    },
+    {
+      name: 'repo_permissions_audit',
+      description: 'Audit all public repos in a GitHub org for missing -private counterparts. Returns violations and passing repos.',
+      inputSchema: {
+        type: 'object',
+        properties: {
+          org: { type: 'string', description: 'GitHub org (e.g. wipcomputer)' },
+        },
+        required: ['org'],
+      },
+    },
+  ],
+}));
+
+// ── Tool Handlers ──
+
+server.setRequestHandler(CallToolRequestSchema, async (req) => {
+  const { name, arguments: args } = req.params;
+
+  try {
+    if (name === 'repo_permissions_check') {
+      const result = checkPrivateCounterpart(args.org, args.repo);
+      return {
+        content: [{
+          type: 'text',
+          text: `${result.allowed ? 'ALLOWED' : 'BLOCKED'}: ${result.reason}`,
+        }],
+      };
+    }
+
+    if (name === 'repo_permissions_audit') {
+      const result = auditOrg(args.org);
+      const lines = [];
+      if (result.violations.length > 0) {
+        lines.push(`${result.violations.length} violation(s):`);
+        for (const v of result.violations) {
+          lines.push(`  BLOCKED: ${v.name} - ${v.reason}`);
+        }
+      }
+      lines.push(`${result.ok.length} repo(s) OK.`);
+      return {
+        content: [{ type: 'text', text: lines.join('\n') }],
+      };
+    }
+
+    return {
+      content: [{ type: 'text', text: `Unknown tool: ${name}` }],
+      isError: true,
+    };
+  } catch (err) {
+    return {
+      content: [{ type: 'text', text: `Error: ${err.message}` }],
+      isError: true,
+    };
+  }
+});
+
+const transport = new StdioServerTransport();
+await server.connect(transport);

package/openclaw.plugin.json

@@ -0,0 +1,8 @@
+{
+  "name": "wip-repo-permissions-hook",
+  "version": "1.0.0",
+  "description": "Blocks repos from going public without a -private counterpart. Protects internal plans, todos, and dev context from exposure.",
+  "lifecycle": {
+    "before_tool_use": "./guard.mjs"
+  }
+}

package/package.json

@@ -0,0 +1,31 @@
+{
+  "name": "@wipcomputer/wip-repo-permissions-hook",
+  "version": "1.0.0",
+  "type": "module",
+  "description": "Repo visibility guard. Blocks repos from going public without a -private counterpart.",
+  "main": "core.mjs",
+  "bin": {
+    "wip-repo-permissions": "./cli.js"
+  },
+  "scripts": {
+    "test": "bash test.sh"
+  },
+  "keywords": [
+    "claude-code",
+    "openclaw",
+    "hook",
+    "repo-guard",
+    "visibility",
+    "ai-safety",
+    "pretooluse"
+  ],
+  "author": "Parker Todd Brooks",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/wipcomputer/wip-ai-devops-toolbox.git"
+  },
+  "dependencies": {
+    "@modelcontextprotocol/sdk": "^1.0.0"
+  }
+}