agileflow 2.79.0 → 2.81.0

package/scripts/damage-control-write.js

@@ -12,40 +12,13 @@
  * Usage: Configured as PreToolUse hook in .claude/settings.json
  */
 
-const fs = require('fs');
-const path = require('path');
-const os = require('os');
-
-// Color codes for output
-const c = {
-  red: '\x1b[38;5;203m',
-  reset: '\x1b[0m',
-  dim: '\x1b[2m'
-};
-
-/**
- * Find project root by looking for .agileflow directory
- */
-function findProjectRoot() {
-  let dir = process.cwd();
-  while (dir !== '/') {
-    if (fs.existsSync(path.join(dir, '.agileflow'))) {
-      return dir;
-    }
-    dir = path.dirname(dir);
-  }
-  return process.cwd();
-}
-
-/**
- * Expand ~ to home directory
- */
-function expandPath(p) {
-  if (p.startsWith('~/')) {
-    return path.join(os.homedir(), p.slice(2));
-  }
-  return p;
-}
+const {
+  findProjectRoot,
+  loadPatterns,
+  pathMatches,
+  outputBlocked,
+  runDamageControlHook,
+} = require('./lib/damage-control-utils');
 
 /**
  * Parse simplified YAML for path patterns
@@ -54,7 +27,7 @@ function parseSimpleYAML(content) {
   const config = {
     zeroAccessPaths: [],
     readOnlyPaths: [],
-    noDeletePaths: []
+    noDeletePaths: [],
   };
 
   let currentSection = null;
@@ -85,79 +58,6 @@ function parseSimpleYAML(content) {
   return config;
 }
 
-/**
- * Load patterns configuration from YAML file
- */
-function loadPatterns(projectRoot) {
-  const configPaths = [
-    path.join(projectRoot, '.agileflow/config/damage-control-patterns.yaml'),
-    path.join(projectRoot, '.agileflow/config/damage-control-patterns.yml'),
-    path.join(projectRoot, '.agileflow/templates/damage-control-patterns.yaml')
-  ];
-
-  for (const configPath of configPaths) {
-    if (fs.existsSync(configPath)) {
-      try {
-        const content = fs.readFileSync(configPath, 'utf8');
-        return parseSimpleYAML(content);
-      } catch (e) {
-        // Continue to next path
-      }
-    }
-  }
-
-  // Return empty config if no file found (fail-open)
-  return { zeroAccessPaths: [], readOnlyPaths: [], noDeletePaths: [] };
-}
-
-/**
- * Check if a file path matches any of the protected patterns
- */
-function pathMatches(filePath, patterns) {
-  if (!filePath) return null;
-
-  const normalizedPath = path.resolve(filePath);
-  const relativePath = path.relative(process.cwd(), normalizedPath);
-
-  for (const pattern of patterns) {
-    const expandedPattern = expandPath(pattern);
-
-    // Check if pattern is a directory prefix
-    if (pattern.endsWith('/')) {
-      const patternDir = expandedPattern.slice(0, -1);
-      if (normalizedPath.startsWith(patternDir)) {
-        return pattern;
-      }
-    }
-
-    // Check exact match
-    if (normalizedPath === expandedPattern) {
-      return pattern;
-    }
-
-    // Check if normalized path ends with pattern (for filenames like "id_rsa")
-    if (normalizedPath.endsWith(pattern) || relativePath.endsWith(pattern)) {
-      return pattern;
-    }
-
-    // Check if pattern appears in path (for patterns like "*.pem")
-    if (pattern.startsWith('*')) {
-      const ext = pattern.slice(1);
-      if (normalizedPath.endsWith(ext) || relativePath.endsWith(ext)) {
-        return pattern;
-      }
-    }
-
-    // Check if path contains pattern (for things like ".env.production")
-    const patternBase = path.basename(pattern);
-    if (path.basename(normalizedPath) === patternBase) {
-      return pattern;
-    }
-  }
-
-  return null;
-}
-
 /**
  * Validate file path for write operation
  */
@@ -168,7 +68,7 @@ function validatePath(filePath, config) {
     return {
       action: 'block',
       reason: `Zero-access path: ${zeroMatch}`,
-      detail: 'This file is protected and cannot be accessed'
+      detail: 'This file is protected and cannot be accessed',
     };
   }
 
@@ -178,7 +78,7 @@ function validatePath(filePath, config) {
     return {
       action: 'block',
       reason: `Read-only path: ${readOnlyMatch}`,
-      detail: 'This file is read-only and cannot be written to'
+      detail: 'This file is read-only and cannot be written to',
     };
   }
 
@@ -186,58 +86,15 @@ function validatePath(filePath, config) {
   return { action: 'allow' };
 }
 
-/**
- * Main function - read input and validate
- */
-function main() {
-  const projectRoot = findProjectRoot();
-  let inputData = '';
-
-  process.stdin.setEncoding('utf8');
-
-  process.stdin.on('data', chunk => {
-    inputData += chunk;
-  });
-
-  process.stdin.on('end', () => {
-    try {
-      // Parse tool input from Claude Code
-      const input = JSON.parse(inputData);
-      const filePath = input.file_path || input.tool_input?.file_path || '';
-
-      if (!filePath) {
-        // No path to validate - allow
-        process.exit(0);
-      }
-
-      // Load patterns and validate
-      const config = loadPatterns(projectRoot);
-      const result = validatePath(filePath, config);
-
-      if (result.action === 'block') {
-        console.error(`${c.red}[BLOCKED]${c.reset} ${result.reason}`);
-        console.error(`${c.dim}${result.detail}${c.reset}`);
-        console.error(`${c.dim}File: ${filePath}${c.reset}`);
-        process.exit(2);
-      }
-
-      // Allow
-      process.exit(0);
-    } catch (e) {
-      // Parse error or other issue - fail open
-      process.exit(0);
-    }
-  });
-
-  // Handle no stdin
-  process.stdin.on('error', () => {
-    process.exit(0);
-  });
-
-  // Set timeout to prevent hanging
-  setTimeout(() => {
-    process.exit(0);
-  }, 4000);
-}
-
-main();
+// Run the hook
+const projectRoot = findProjectRoot();
+const defaultConfig = { zeroAccessPaths: [], readOnlyPaths: [], noDeletePaths: [] };
+
+runDamageControlHook({
+  getInputValue: input => input.file_path || input.tool_input?.file_path,
+  loadConfig: () => loadPatterns(projectRoot, parseSimpleYAML, defaultConfig),
+  validate: validatePath,
+  onBlock: (result, filePath) => {
+    outputBlocked(result.reason, result.detail, `File: ${filePath}`);
+  },
+});

package/scripts/get-env.js

@@ -156,12 +156,12 @@ function formatOutput(info, asJson = false, compact = false) {
     brand: '\x1b[38;2;232;104;58m', // #e8683a - AgileFlow brand orange
 
     // Vibrant 256-color palette (modern, sleek look)
-    mintGreen: '\x1b[38;5;158m',    // Healthy/success states
-    peach: '\x1b[38;5;215m',        // Warning states
-    coral: '\x1b[38;5;203m',        // Critical/error states
-    lightGreen: '\x1b[38;5;194m',   // Session healthy
-    skyBlue: '\x1b[38;5;117m',      // Directories/paths
-    lavender: '\x1b[38;5;147m',     // Model info
+    mintGreen: '\x1b[38;5;158m', // Healthy/success states
+    peach: '\x1b[38;5;215m', // Warning states
+    coral: '\x1b[38;5;203m', // Critical/error states
+    lightGreen: '\x1b[38;5;194m', // Session healthy
+    skyBlue: '\x1b[38;5;117m', // Directories/paths
+    lavender: '\x1b[38;5;147m', // Model info
   };
 
   // Beautiful compact colorful format (using vibrant 256-color palette)

package/scripts/lib/damage-control-utils.js

@@ -0,0 +1,251 @@
+/**
+ * damage-control-utils.js - Shared utilities for damage-control hooks
+ *
+ * IMPORTANT: These scripts must FAIL OPEN (exit 0 on error)
+ * to avoid blocking users when config is broken.
+ *
+ * This module is copied to .agileflow/scripts/lib/ at install time
+ * and used by damage-control-bash.js, damage-control-edit.js, damage-control-write.js
+ */
+
+const fs = require('fs');
+const path = require('path');
+const os = require('os');
+
+// Inline colors (no external dependency - keeps scripts standalone)
+const c = {
+  coral: '\x1b[38;5;203m',
+  dim: '\x1b[2m',
+  reset: '\x1b[0m',
+};
+
+// Shared constants
+const CONFIG_PATHS = [
+  '.agileflow/config/damage-control-patterns.yaml',
+  '.agileflow/config/damage-control-patterns.yml',
+  '.agileflow/templates/damage-control-patterns.yaml',
+];
+
+const STDIN_TIMEOUT_MS = 4000;
+
+/**
+ * Find project root by looking for .agileflow directory
+ * @returns {string} Project root path or current working directory
+ */
+function findProjectRoot() {
+  let dir = process.cwd();
+  while (dir !== '/') {
+    if (fs.existsSync(path.join(dir, '.agileflow'))) {
+      return dir;
+    }
+    dir = path.dirname(dir);
+  }
+  return process.cwd();
+}
+
+/**
+ * Expand ~ to home directory
+ * @param {string} p - Path that may start with ~/
+ * @returns {string} Expanded path
+ */
+function expandPath(p) {
+  if (p.startsWith('~/')) {
+    return path.join(os.homedir(), p.slice(2));
+  }
+  return p;
+}
+
+/**
+ * Load patterns configuration from YAML file
+ * Returns empty config if not found (fail-open)
+ *
+ * @param {string} projectRoot - Project root directory
+ * @param {function} parseYAML - Function to parse YAML content
+ * @param {object} defaultConfig - Default config if no file found
+ * @returns {object} Parsed configuration
+ */
+function loadPatterns(projectRoot, parseYAML, defaultConfig = {}) {
+  for (const configPath of CONFIG_PATHS) {
+    const fullPath = path.join(projectRoot, configPath);
+    if (fs.existsSync(fullPath)) {
+      try {
+        const content = fs.readFileSync(fullPath, 'utf8');
+        return parseYAML(content);
+      } catch (e) {
+        // Continue to next path
+      }
+    }
+  }
+
+  // Return empty config if no file found (fail-open)
+  return defaultConfig;
+}
+
+/**
+ * Check if a file path matches any of the protected patterns
+ *
+ * @param {string} filePath - File path to check
+ * @param {string[]} patterns - Array of patterns to match against
+ * @returns {string|null} Matched pattern or null
+ */
+function pathMatches(filePath, patterns) {
+  if (!filePath) return null;
+
+  const normalizedPath = path.resolve(filePath);
+  const relativePath = path.relative(process.cwd(), normalizedPath);
+
+  for (const pattern of patterns) {
+    const expandedPattern = expandPath(pattern);
+
+    // Check if pattern is a directory prefix
+    if (pattern.endsWith('/')) {
+      const patternDir = expandedPattern.slice(0, -1);
+      if (normalizedPath.startsWith(patternDir)) {
+        return pattern;
+      }
+    }
+
+    // Check exact match
+    if (normalizedPath === expandedPattern) {
+      return pattern;
+    }
+
+    // Check if normalized path ends with pattern (for filenames like "id_rsa")
+    if (normalizedPath.endsWith(pattern) || relativePath.endsWith(pattern)) {
+      return pattern;
+    }
+
+    // Check if pattern appears in path (for patterns like "*.pem")
+    if (pattern.startsWith('*')) {
+      const ext = pattern.slice(1);
+      if (normalizedPath.endsWith(ext) || relativePath.endsWith(ext)) {
+        return pattern;
+      }
+    }
+
+    // Check if path contains pattern (for things like ".env.production")
+    const patternBase = path.basename(pattern);
+    if (path.basename(normalizedPath) === patternBase) {
+      return pattern;
+    }
+  }
+
+  return null;
+}
+
+/**
+ * Output blocked message to stderr
+ *
+ * @param {string} reason - Main reason for blocking
+ * @param {string} [detail] - Additional detail
+ * @param {string} [context] - Context info (file path or command)
+ */
+function outputBlocked(reason, detail, context) {
+  console.error(`${c.coral}[BLOCKED]${c.reset} ${reason}`);
+  if (detail) {
+    console.error(`${c.dim}${detail}${c.reset}`);
+  }
+  if (context) {
+    console.error(`${c.dim}${context}${c.reset}`);
+  }
+  // Help message for AI and user
+  console.error('');
+  console.error(
+    `${c.dim}This is intentional - AgileFlow Damage Control blocked a potentially dangerous operation.${c.reset}`
+  );
+  console.error(
+    `${c.dim}DO NOT retry this command. Ask the user if they want to proceed manually.${c.reset}`
+  );
+  console.error(`${c.dim}To disable: run /configure → Infrastructure → Damage Control${c.reset}`);
+}
+
+/**
+ * Run damage control hook with stdin parsing
+ * Handles common error cases and timeout
+ *
+ * @param {object} options - Hook options
+ * @param {function} options.getInputValue - Extract value from parsed input (input) => value
+ * @param {function} options.loadConfig - Load configuration () => config
+ * @param {function} options.validate - Validate input (value, config) => { action, reason, detail? }
+ * @param {function} options.onBlock - Handle blocked result (result, value) => void
+ * @param {function} [options.onAsk] - Handle ask result (result, value) => void (optional)
+ */
+function runDamageControlHook(options) {
+  const { getInputValue, loadConfig, validate, onBlock, onAsk } = options;
+
+  let inputData = '';
+
+  process.stdin.setEncoding('utf8');
+
+  process.stdin.on('data', chunk => {
+    inputData += chunk;
+  });
+
+  process.stdin.on('end', () => {
+    try {
+      // Parse tool input from Claude Code
+      const input = JSON.parse(inputData);
+      const value = getInputValue(input);
+
+      if (!value) {
+        // No value to validate - allow
+        process.exit(0);
+      }
+
+      // Load patterns and validate
+      const config = loadConfig();
+      const result = validate(value, config);
+
+      switch (result.action) {
+        case 'block':
+          onBlock(result, value);
+          process.exit(2);
+          break;
+
+        case 'ask':
+          if (onAsk) {
+            onAsk(result, value);
+          } else {
+            // Default ask behavior - output JSON
+            console.log(
+              JSON.stringify({
+                result: 'ask',
+                message: result.reason,
+              })
+            );
+          }
+          process.exit(0);
+          break;
+
+        case 'allow':
+        default:
+          process.exit(0);
+      }
+    } catch (e) {
+      // Parse error or other issue - fail open
+      process.exit(0);
+    }
+  });
+
+  // Handle no stdin (direct invocation)
+  process.stdin.on('error', () => {
+    process.exit(0);
+  });
+
+  // Set timeout to prevent hanging
+  setTimeout(() => {
+    process.exit(0);
+  }, STDIN_TIMEOUT_MS);
+}
+
+module.exports = {
+  c,
+  findProjectRoot,
+  expandPath,
+  loadPatterns,
+  pathMatches,
+  outputBlocked,
+  runDamageControlHook,
+  CONFIG_PATHS,
+  STDIN_TIMEOUT_MS,
+};