@zenuml/core 3.47.9 → 3.48.1

package/.claude/hooks/gemini-context-injector.sh

@@ -1,129 +0,0 @@
-#!/bin/bash
-# Gemini Context Injector Hook
-# Automatically adds project context files to new Gemini consultation sessions:
-# - docs/ai-context/project-structure.md
-# - MCP-ASSISTANT-RULES.md
-#
-# This hook enhances Gemini consultations by automatically including your project's
-# structure documentation and assistant rules, ensuring the AI has complete context.
-
-set -euo pipefail
-
-SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
-PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)"
-PROJECT_STRUCTURE_FILE="$PROJECT_ROOT/docs/ai-context/project-structure.md"
-MCP_RULES_FILE="$PROJECT_ROOT/MCP-ASSISTANT-RULES.md"
-LOG_FILE="$SCRIPT_DIR/../logs/context-injection.log"
-
-# Ensure log directory exists
-mkdir -p "$(dirname "$LOG_FILE")"
-
-# Read input from stdin
-INPUT_JSON=$(cat)
-
-# Function to log injection events
-log_injection_event() {
-    local event_type="$1"
-    local details="$2"
-    local timestamp=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
-    echo "{\"timestamp\": \"$timestamp\", \"event\": \"$event_type\", \"details\": \"$details\"}" >> "$LOG_FILE"
-}
-
-# Main logic
-main() {
-    # Extract tool information from stdin
-    local tool_name=$(echo "$INPUT_JSON" | jq -r '.tool_name // ""')
-    
-    # Only process Gemini consultation requests
-    if [[ "$tool_name" != "mcp__gemini__consult_gemini" ]]; then
-        echo '{"continue": true}'
-        exit 0
-    fi
-    
-    # Extract tool arguments
-    local tool_args=$(echo "$INPUT_JSON" | jq -r '.tool_input // "{}"')
-    
-    # Check if this is a new session (no session_id provided)
-    local session_id=$(echo "$tool_args" | jq -r '.session_id // ""' 2>/dev/null || echo "")
-    
-    if [[ -z "$session_id" || "$session_id" == "null" ]]; then
-        log_injection_event "new_session_detected" "preparing_context_injection"
-        
-        # Check if required files exist
-        local missing_files=""
-        if [[ ! -f "$PROJECT_STRUCTURE_FILE" ]]; then
-            missing_files="$missing_files project_structure.md"
-        fi
-        if [[ ! -f "$MCP_RULES_FILE" ]]; then
-            missing_files="$missing_files MCP-ASSISTANT-RULES.md"
-        fi
-        
-        # If either file is missing, log warning but continue
-        if [[ -n "$missing_files" ]]; then
-            log_injection_event "warning" "missing_files:$missing_files"
-        fi
-        
-        # If both files are missing, exit early
-        if [[ ! -f "$PROJECT_STRUCTURE_FILE" ]] && [[ ! -f "$MCP_RULES_FILE" ]]; then
-            echo '{"continue": true}'
-            exit 0
-        fi
-        
-        # Extract current attached_files if any
-        local current_files=$(echo "$tool_args" | jq -c '.attached_files // []' 2>/dev/null || echo "[]")
-        
-        # Check if files are already included
-        local has_project_structure=$(echo "$current_files" | jq -e ".[] | select(. == \"$PROJECT_STRUCTURE_FILE\")" > /dev/null 2>&1 && echo "true" || echo "false")
-        local has_mcp_rules=$(echo "$current_files" | jq -e ".[] | select(. == \"$MCP_RULES_FILE\")" > /dev/null 2>&1 && echo "true" || echo "false")
-        
-        # If both files exist and are already included, skip
-        if [[ -f "$PROJECT_STRUCTURE_FILE" ]] && [[ "$has_project_structure" == "true" ]] && \
-           [[ -f "$MCP_RULES_FILE" ]] && [[ "$has_mcp_rules" == "true" ]]; then
-            log_injection_event "skipped" "all_required_files_already_included"
-            echo '{"continue": true}'
-            exit 0
-        fi
-        
-        # Add missing files to attached_files
-        local modified_args="$tool_args"
-        local files_added=""
-        
-        if [[ -f "$PROJECT_STRUCTURE_FILE" ]] && [[ "$has_project_structure" == "false" ]]; then
-            modified_args=$(echo "$modified_args" | jq --arg file "$PROJECT_STRUCTURE_FILE" '
-                .attached_files = ((.attached_files // []) + [$file])
-            ' 2>/dev/null)
-            files_added="$files_added project_structure.md"
-        fi
-        
-        if [[ -f "$MCP_RULES_FILE" ]] && [[ "$has_mcp_rules" == "false" ]]; then
-            modified_args=$(echo "$modified_args" | jq --arg file "$MCP_RULES_FILE" '
-                .attached_files = ((.attached_files // []) + [$file])
-            ' 2>/dev/null)
-            files_added="$files_added MCP-ASSISTANT-RULES.md"
-        fi
-        
-        if [[ -n "$modified_args" ]] && [[ "$modified_args" != "$tool_args" ]]; then
-            log_injection_event "context_injected" "added_files:$files_added"
-            
-            # Update the input JSON with modified tool_input
-            local output_json=$(echo "$INPUT_JSON" | jq --argjson new_args "$modified_args" '.tool_input = $new_args')
-            
-            # Return the modified input to stdout
-            echo "$output_json"
-            exit 0
-        else
-            log_injection_event "error" "failed_to_modify_arguments"
-            # Continue without modification on error
-            echo '{"continue": true}'
-            exit 0
-        fi
-    else
-        log_injection_event "existing_session" "session_id:$session_id"
-        # For existing sessions, continue without modification
-        echo '{"continue": true}'
-        exit 0
-    fi
-}
-
-# Run main function
-main

package/.claude/hooks/mcp-security-scan.sh

@@ -1,147 +0,0 @@
-#!/bin/bash
-# MCP Security Scanner Hook
-# Scans MCP requests for sensitive data before sending to external services
-#
-# This hook protects against accidental exposure of secrets, API keys, and other
-# sensitive information when using MCP servers like Gemini or Context7.
-
-set -euo pipefail
-
-SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
-PATTERNS_FILE="$SCRIPT_DIR/config/sensitive-patterns.json"
-LOG_FILE="$SCRIPT_DIR/../logs/security-scan.log"
-
-# Ensure log directory exists
-mkdir -p "$(dirname "$LOG_FILE")"
-
-# Read input from stdin
-INPUT_JSON=$(cat)
-
-# Function to log security events
-log_security_event() {
-    local event_type="$1"
-    local details="$2"
-    local tool_name="${3:-unknown}"
-    local timestamp=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
-    echo "{\"timestamp\": \"$timestamp\", \"tool\": \"$tool_name\", \"event\": \"$event_type\", \"details\": \"$details\"}" >> "$LOG_FILE"
-}
-
-# Function to check if content matches sensitive patterns
-check_sensitive_content() {
-    local content="$1"
-    local pattern_type="$2"
-    
-    # Get patterns from JSON config
-    local patterns=$(jq -r ".patterns.$pattern_type[]" "$PATTERNS_FILE" 2>/dev/null || echo "")
-    
-    for pattern in $patterns; do
-        if echo "$content" | grep -qiE "$pattern"; then
-            # Check whitelist
-            local whitelisted=false
-            local whitelist_patterns=$(jq -r '.whitelist.allowed_mentions[]' "$PATTERNS_FILE" 2>/dev/null || echo "")
-            
-            for whitelist in $whitelist_patterns; do
-                if echo "$content" | grep -qF "$whitelist"; then
-                    whitelisted=true
-                    break
-                fi
-            done
-            
-            if [[ "$whitelisted" == "false" ]]; then
-                return 0  # Found sensitive data
-            fi
-        fi
-    done
-    
-    return 1  # No sensitive data found
-}
-
-# Function to scan file content
-scan_file_content() {
-    local file_path="$1"
-    
-    # Check if file name itself is sensitive
-    local filename=$(basename "$file_path")
-    if check_sensitive_content "$filename" "sensitive_files"; then
-        return 0  # Sensitive file
-    fi
-    
-    # Don't scan files that don't exist or are too large
-    if [[ ! -f "$file_path" ]] || [[ $(stat -f%z "$file_path" 2>/dev/null || stat -c%s "$file_path" 2>/dev/null || echo "999999999") -gt 1048576 ]]; then
-        return 1
-    fi
-    
-    # Read and scan file content
-    local content=$(cat "$file_path" 2>/dev/null || echo "")
-    
-    # Check all pattern types
-    for pattern_type in api_keys credentials regex_patterns; do
-        if check_sensitive_content "$content" "$pattern_type"; then
-            return 0  # Found sensitive data
-        fi
-    done
-    
-    return 1
-}
-
-# Main scanning logic
-main() {
-    # Extract tool information from stdin
-    local tool_name=$(echo "$INPUT_JSON" | jq -r '.tool_name // ""')
-    local tool_args=$(echo "$INPUT_JSON" | jq -r '.tool_input // "{}"')
-    
-    log_security_event "scan_started" "$tool_name" "$tool_name"
-    
-    # Check code_context for sensitive data
-    local code_context=$(echo "$tool_args" | jq -r '.code_context // ""' 2>/dev/null || echo "")
-    if [[ -n "$code_context" ]]; then
-        for pattern_type in api_keys credentials regex_patterns; do
-            if check_sensitive_content "$code_context" "$pattern_type"; then
-                log_security_event "blocked" "sensitive_data_in_code_context" "$tool_name"
-                echo '{"decision": "block", "reason": "Security Alert: Detected sensitive data in code_context. Found patterns matching actual credentials (API keys, passwords, or secrets with values). For discussions about security topics, use placeholders like YOUR_API_KEY, <password>, or example values instead of real credentials."}'
-                exit 2
-            fi
-        done
-    fi
-    
-    # Check problem_description for sensitive data
-    local problem_desc=$(echo "$tool_args" | jq -r '.problem_description // ""' 2>/dev/null || echo "")
-    if [[ -n "$problem_desc" ]]; then
-        for pattern_type in api_keys credentials regex_patterns; do
-            if check_sensitive_content "$problem_desc" "$pattern_type"; then
-                log_security_event "blocked" "sensitive_data_in_problem_description" "$tool_name"
-                echo '{"decision": "block", "reason": "Security Alert: Detected sensitive data in problem description. Found patterns matching actual credentials (API keys, passwords, connection strings, or tokens with values). For security discussions, use placeholders: YOUR_API_KEY, <password>, postgres://user:password@localhost, or example-token-here."}'
-                exit 2
-            fi
-        done
-    fi
-    
-    # Check attached files
-    local attached_files=$(echo "$tool_args" | jq -r '.attached_files[]?' 2>/dev/null || echo "")
-    for file in $attached_files; do
-        if scan_file_content "$file"; then
-            log_security_event "blocked" "sensitive_file_attached:$file" "$tool_name"
-            echo "{\"decision\": \"block\", \"reason\": \"Security Alert: Detected sensitive content in attached file $file. Found credentials, private keys, or environment files. Remove actual secrets and use placeholders like YOUR_SECRET_HERE or example values for demonstrations.\"}"
-            exit 2
-        fi
-    done
-    
-    # Check specific question for Context7
-    if [[ "$tool_name" == "mcp__context7__get-library-docs" ]]; then
-        local library_id=$(echo "$tool_args" | jq -r '.context7CompatibleLibraryID // ""' 2>/dev/null || echo "")
-        # Basic check to prevent injection attacks
-        if echo "$library_id" | grep -qE '(\$|`|;|&&|\|\||>|<)'; then
-            log_security_event "blocked" "suspicious_library_id" "$tool_name"
-            echo '{"decision": "block", "reason": "Security Alert: Detected suspicious characters in library ID that could indicate command injection. Please use only alphanumeric characters, hyphens, underscores, and forward slashes."}'
-            exit 2
-        fi
-    fi
-    
-    log_security_event "scan_completed" "no_sensitive_data_found" "$tool_name"
-    
-    # All checks passed, allow the tool to continue
-    # No output needed when allowing - just exit 0
-}
-
-# Run main function
-main

package/.claude/hooks/notify.sh

@@ -1,103 +0,0 @@
-#!/bin/bash
-# Claude Code notification hook script
-# Plays pleasant sounds when Claude needs input or completes tasks
-
-# Get the directory where this script is located
-SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
-SOUNDS_DIR="$SCRIPT_DIR/sounds"
-
-# Function to play a sound file with cross-platform support
-play_sound_file() {
-    local sound_file="$1"
-    
-    # Check if file exists
-    if [[ ! -f "$sound_file" ]]; then
-        echo "Warning: Sound file not found: $sound_file" >&2
-        return 1
-    fi
-    
-    # Detect OS and use appropriate command-line audio player
-    local os_type="$(uname -s)"
-    
-    case "$os_type" in
-        Darwin*)  # macOS
-            if command -v afplay &> /dev/null; then
-                afplay "$sound_file" 2>/dev/null &
-                return 0  # Exit immediately after starting playback
-            fi
-            ;;
-            
-        Linux*)   # Linux
-            # Try PulseAudio first (most common on modern desktop Linux)
-            if command -v paplay &> /dev/null; then
-                paplay "$sound_file" 2>/dev/null &
-                return 0  # Exit immediately after starting playback
-            fi
-            
-            # Try ALSA
-            if command -v aplay &> /dev/null; then
-                aplay -q "$sound_file" 2>/dev/null &
-                return 0  # Exit immediately after starting playback
-            fi
-            
-            # Try PipeWire (newer systems)
-            if command -v pw-play &> /dev/null; then
-                pw-play "$sound_file" 2>/dev/null &
-                return 0  # Exit immediately after starting playback
-            fi
-            
-            # Try sox play command
-            if command -v play &> /dev/null; then
-                play -q "$sound_file" 2>/dev/null &
-                return 0  # Exit immediately after starting playback
-            fi
-            ;;
-            
-        MINGW*|CYGWIN*|MSYS*)  # Windows (Git Bash, WSL, etc.)
-            # Try PowerShell
-            if command -v powershell.exe &> /dev/null; then
-                # Use Windows Media Player COM object for better compatibility
-                # Run in background and exit immediately
-                powershell.exe -NoProfile -Command "
-                    Start-Job -ScriptBlock {
-                        \$player = New-Object -ComObject WMPlayer.OCX
-                        \$player.URL = '$sound_file'
-                        \$player.controls.play()
-                        Start-Sleep -Milliseconds 1000
-                        \$player.close()
-                    }
-                " 2>/dev/null
-                return 0  # Exit immediately after starting playback
-            fi
-            ;;
-    esac
-    
-    # If we have ffplay (cross-platform)
-    if command -v ffplay &> /dev/null; then
-        ffplay -nodisp -autoexit -loglevel quiet "$sound_file" 2>/dev/null &
-        return 0  # Exit immediately after starting playback
-    fi
-    
-    # No audio player found - fail silently
-    return 1
-}
-
-# Main script logic
-case "$1" in
-    "input")
-        play_sound_file "$SOUNDS_DIR/input-needed.wav"
-        ;;
-        
-    "complete")
-        play_sound_file "$SOUNDS_DIR/complete.wav"
-        ;;
-        
-    *)
-        echo "Usage: $0 {input|complete}" >&2
-        echo "  input    - Play sound when Claude needs user input" >&2
-        echo "  complete - Play sound when Claude completes tasks" >&2
-        exit 1
-        ;;
-esac
-
-exit 0

package/.claude/hooks/setup/hook-setup.md

@@ -1,96 +0,0 @@
-## Description
-
-This command uses specialized agents to verify, configure, and test your Claude Code hooks installation. It ensures everything is properly set up and working correctly.
-
-## Process
-
-### Phase 1: Multi-Agent Setup Verification
-
-The command spawns specialized agents to handle different aspects:
-
-1. **Installation Agent**
-   - Verifies `.claude/hooks/` directory exists
-   - Checks all hook scripts are present
-   - Ensures executable permissions (`chmod +x`)
-   - Validates sound files and configuration files
-
-2. **Configuration Agent**
-   - Locates Claude Code settings.json for your OS
-   - Verifies hook configurations in settings
-   - Checks WORKSPACE environment variable
-   - Validates MCP server configurations
-
-3. **Documentation Agent**
-   - Ensures project structure documentation exists
-   - Verifies paths used by context injector
-   - Checks log directory setup
-
-### Phase 2: Comprehensive Testing
-
-After setup verification, the main agent runs comprehensive tests:
-
-1. **Security Scanner Tests**
-   - API key detection patterns
-   - Password and secret detection
-   - Whitelist functionality
-   - Command injection protection
-   - File scanning capabilities
-
-2. **Context Injector Tests**
-   - New session detection
-   - File attachment logic
-   - Path resolution
-   - Error handling scenarios
-
-3. **Notification Tests**
-   - Audio playback on current platform
-   - Fallback mechanism verification
-   - Both input and complete sounds
-
-## Expected Output
-
-```
-Starting multi-agent hook setup verification...
-
-[Installation Agent]
-✓ Hooks directory found: .claude/hooks/
-✓ All hook scripts present and executable
-✓ Configuration files valid
-✓ Sound files present
-
-[Configuration Agent]
-✓ Project settings found: .claude/settings.json
-✓ Hook configurations verified
-✓ WORKSPACE environment variable set correctly
-
-[Documentation Agent]
-✓ Project structure documentation found
-✓ Log directories configured
-
-Running comprehensive tests...
-
-[Security Scanner]
-✓ Detected: sk-1234567890abcdef (API key)
-✓ Detected: password=mysecret123
-✓ Allowed: YOUR_API_KEY (whitelisted)
-✓ Blocked: $(malicious) (injection attempt)
-
-[Context Injector]
-✓ New session handling correct
-✓ File attachment working
-✓ Error handling graceful
-
-[Notifications]
-✓ Audio playback successful
-✓ Platform: darwin (macOS)
-
-All hooks configured and tested successfully!
-```
-
-## Troubleshooting
-
-The command provides specific guidance for any issues found:
-- Missing files or permissions
-- Configuration problems
-- Test failures with debugging steps
-- Platform-specific audio issues

package/.claude/hooks/setup/settings.json.template

@@ -1,63 +0,0 @@
-{
-  "hooks": {
-    "PreToolUse": [
-      {
-        "matcher": "mcp__gemini__consult_gemini",
-        "hooks": [
-          {
-            "type": "command",
-            "command": "${WORKSPACE}/.claude/hooks/gemini-context-injector.sh",
-            "description": "Automatically adds project structure to new Gemini sessions"
-          }
-        ]
-      },
-      {
-        "matcher": "mcp__.*",
-        "hooks": [
-          {
-            "type": "command",
-            "command": "${WORKSPACE}/.claude/hooks/mcp-security-scan.sh",
-            "description": "Scans for sensitive data before sending to external services"
-          }
-        ]
-      },
-      {
-        "matcher": "Task",
-        "hooks": [
-          {
-            "type": "command",
-            "command": "${WORKSPACE}/.claude/hooks/subagent-context-injector.sh",
-            "description": "Automatically adds project context to sub-agent prompts"
-          }
-        ]
-      }
-    ],
-    "Notification": [
-      {
-        "matcher": ".*",
-        "hooks": [
-          {
-            "type": "command",
-            "command": "${WORKSPACE}/.claude/hooks/notify.sh input",
-            "description": "Plays sound when Claude needs user input"
-          }
-        ]
-      }
-    ],
-    "Stop": [
-      {
-        "matcher": ".*",
-        "hooks": [
-          {
-            "type": "command",
-            "command": "${WORKSPACE}/.claude/hooks/notify.sh complete",
-            "description": "Plays sound when Claude completes tasks"
-          }
-        ]
-      }
-    ]
-  },
-  "environment": {
-    "WORKSPACE": "/path/to/your/project"
-  }
-}

package/.claude/hooks/subagent-context-injector.sh

@@ -1,65 +0,0 @@
-#!/bin/bash
-# Sub-Agent Context Auto-Loader
-# Automatically enhances Task tool prompts with essential project context
-#
-# This hook ensures every sub-agent spawned via the Task tool automatically
-# receives core project documentation, eliminating the need to manually
-# include context in each Task prompt.
-#
-# IMPLEMENTATION OVERVIEW:
-# - Registered as a PreToolUse hook in .claude/settings.json
-# - Intercepts all Task tool calls before execution
-# - Injects references to CLAUDE.md, project-structure.md, and docs-overview.md
-# - Preserves original prompt by prepending context, not replacing
-# - Passes through non-Task tools unchanged with {"continue": true}
-
-
-set -euo pipefail
-
-SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
-PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)"
-
-# Read input from stdin
-INPUT_JSON=$(cat)
-
-# Extract tool information
-tool_name=$(echo "$INPUT_JSON" | jq -r '.tool_name // ""')
-
-# Only process Task tool calls - pass through all other tools unchanged
-if [[ "$tool_name" != "Task" ]]; then
-    echo '{"continue": true}'
-    exit 0
-fi
-
-# Extract current prompt from the Task tool input
-current_prompt=$(echo "$INPUT_JSON" | jq -r '.tool_input.prompt // ""')
-
-# Build context injection header with project documentation references
-# These files are automatically available to all sub-agents via @ references
-context_injection="## Auto-Loaded Project Context
-
-This sub-agent has automatic access to the following project documentation:
-- @$PROJECT_ROOT/docs/CLAUDE.md (Project overview, coding standards, and AI instructions)
-- @$PROJECT_ROOT/docs/ai-context/project-structure.md (Complete file tree and tech stack)
-- @$PROJECT_ROOT/docs/ai-context/docs-overview.md (Documentation architecture)
-
-These files provide essential context about the project structure, 
-conventions, and development patterns. Reference them as needed for your task.
-
----
-
-## Your Task
-
-"
-
-# Combine context injection with original prompt
-# The context is prepended to preserve the original task instructions
-modified_prompt="${context_injection}${current_prompt}"
-
-# Update the input JSON with the modified prompt
-# This maintains all other tool input fields unchanged
-output_json=$(echo "$INPUT_JSON" | jq --arg new_prompt "$modified_prompt" '.tool_input.prompt = $new_prompt')
-
-# Output the modified JSON for Claude Code to process
-# The Task tool will receive the enhanced prompt with context
-echo "$output_json"