npm - aios-core - Versions diffs - 4.2.14 → 4.3.0 - Mend

aios-core 4.2.14 → 4.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (288) hide show

package/.claude/hooks/sql-governance.py CHANGED Viewed

@@ -1,182 +1,182 @@
-#!/usr/bin/env python3
-"""
-Hook: SQL Governance
-REGRA: Comandos SQL que criam/alteram/deletam objetos de banco DEVEM ser aprovados.
-Este hook intercepta comandos Bash que contêm SQL perigoso e bloqueia
-operações não autorizadas em banco de dados.
-Exit Codes:
-- 0: Permitido
-- 2: Bloqueado (SQL perigoso detectado)
-"""
-import json
-import sys
-import os
-import re
-# =============================================================================
-# CONFIGURAÇÃO: Patterns SQL que requerem aprovação
-# =============================================================================
-DANGEROUS_PATTERNS = [
-    # DDL - Criação
-    (r"\bCREATE\s+TABLE\b", "CREATE TABLE"),
-    (r"\bCREATE\s+VIEW\b", "CREATE VIEW"),
-    (r"\bCREATE\s+MATERIALIZED\s+VIEW\b", "CREATE MATERIALIZED VIEW"),
-    (r"\bCREATE\s+FUNCTION\b", "CREATE FUNCTION"),
-    (r"\bCREATE\s+TRIGGER\b", "CREATE TRIGGER"),
-    (r"\bCREATE\s+INDEX\b", "CREATE INDEX"),
-    (r"\bCREATE\s+TYPE\b", "CREATE TYPE"),
-    (r"\bCREATE\s+SCHEMA\b", "CREATE SCHEMA"),
-    (r"\bCREATE\s+EXTENSION\b", "CREATE EXTENSION"),
-    (r"\bCREATE\s+POLICY\b", "CREATE POLICY"),
-    # DDL - Alteração
-    (r"\bALTER\s+TABLE\b", "ALTER TABLE"),
-    (r"\bALTER\s+VIEW\b", "ALTER VIEW"),
-    (r"\bALTER\s+FUNCTION\b", "ALTER FUNCTION"),
-    # DDL - Deleção
-    (r"\bDROP\s+TABLE\b", "DROP TABLE"),
-    (r"\bDROP\s+VIEW\b", "DROP VIEW"),
-    (r"\bDROP\s+FUNCTION\b", "DROP FUNCTION"),
-    (r"\bDROP\s+TRIGGER\b", "DROP TRIGGER"),
-    (r"\bDROP\s+INDEX\b", "DROP INDEX"),
-    (r"\bDROP\s+SCHEMA\b", "DROP SCHEMA"),
-    (r"\bDROP\s+POLICY\b", "DROP POLICY"),
-    # DML Perigoso
-    (r"\bTRUNCATE\b", "TRUNCATE"),
-    (r"\bDELETE\s+FROM\b(?!.*\bWHERE\b)", "DELETE without WHERE"),
-    # Backup proibido (criar tabela como cópia)
-    (r"\bCREATE\s+TABLE\b.*\bAS\s+SELECT\b", "CREATE TABLE AS SELECT (backup proibido)"),
-    # Storage
-    (r"\bINSERT\s+INTO\s+storage\.buckets\b", "INSERT INTO storage.buckets"),
-]
-# Patterns que indicam contexto seguro (não bloquear)
-SAFE_CONTEXTS = [
-    r"--.*$",                          # Comentário SQL
-    r"SELECT\s+.*\bFROM\b",            # Query de leitura
-    r"information_schema",             # Query de metadata
-    r"pg_catalog",                     # Query de sistema
-    r"\bEXPLAIN\b",                    # Explain plan
-]
-# Comandos que são sempre permitidos
-ALLOWED_COMMANDS = [
-    "supabase migration",              # CLI de migration
-    "supabase db push",                # Push de migrations
-    "supabase db pull",                # Pull de schema
-    "pg_dump",                         # Backup (exportar)
-    "psql.*-f.*migrations",            # Aplicar migration file
-]
-# =============================================================================
-# LÓGICA DO HOOK
-# =============================================================================
-def extract_sql_from_command(command: str) -> str:
-    """Extrai possível SQL de um comando bash."""
-    # Remover aspas externas se houver
-    sql = command
-    # Detectar SQL inline em psql -c
-    psql_match = re.search(r'psql.*-c\s+["\'](.+?)["\']', command, re.DOTALL)
-    if psql_match:
-        sql = psql_match.group(1)
-    # Detectar heredoc
-    heredoc_match = re.search(r'<<["\']?(\w+)["\']?\s*\n(.+?)\n\1', command, re.DOTALL)
-    if heredoc_match:
-        sql = heredoc_match.group(2)
-    return sql.upper()
-def is_safe_context(command: str) -> bool:
-    """Verifica se o comando está em contexto seguro."""
-    command_lower = command.lower()
-    for allowed in ALLOWED_COMMANDS:
-        if re.search(allowed, command_lower):
-            return True
-    return False
-def detect_dangerous_sql(command: str) -> list[tuple[str, str]]:
-    """Detecta patterns SQL perigosos no comando."""
-    sql = extract_sql_from_command(command)
-    detected = []
-    for pattern, description in DANGEROUS_PATTERNS:
-        if re.search(pattern, sql, re.IGNORECASE):
-            detected.append((pattern, description))
-    return detected
-def main():
-    # Ler input do stdin
-    try:
-        input_data = json.load(sys.stdin)
-    except json.JSONDecodeError:
-        # Se não conseguir parsear, permitir (fail-open)
-        sys.exit(0)
-    tool_name = input_data.get("tool_name", "")
-    tool_input = input_data.get("tool_input", {})
-    # Só processar Bash
-    if tool_name != "Bash":
-        sys.exit(0)
-    command = tool_input.get("command", "")
-    if not command:
-        sys.exit(0)
-    # Verificar se é contexto seguro
-    if is_safe_context(command):
-        sys.exit(0)
-    # Detectar SQL perigoso
-    dangerous = detect_dangerous_sql(command)
-    if not dangerous:
-        sys.exit(0)
-    # BLOQUEAR: SQL perigoso detectado
-    detected_list = "\n".join([f"║    • {desc:<64} ║" for _, desc in dangerous[:5]])
-    error_message = f"""
-╔══════════════════════════════════════════════════════════════════════════════╗
-║  🛑 SQL GOVERNANCE: Operação de banco requer aprovação                       ║
-╠══════════════════════════════════════════════════════════════════════════════╣
-║                                                                              ║
-║  Operações detectadas:                                                       ║
-{detected_list}
-║                                                                              ║
-║  REGRA: Comandos que criam/alteram/deletam objetos de banco DEVEM:           ║
-║                                                                              ║
-║    1. Ser propostos ao usuário ANTES de executar                             ║
-║    2. Incluir justificativa e análise de impacto                             ║
-║    3. Aguardar aprovação explícita                                           ║
-║                                                                              ║
-║  EXCEÇÕES PERMITIDAS:                                                        ║
-║    • supabase migration (CLI oficial)                                        ║
-║    • pg_dump (backup/export)                                                 ║
-║    • Aplicar migrations existentes em supabase/migrations/                   ║
-║                                                                              ║
-║  AÇÃO: Proponha as mudanças ao usuário e aguarde aprovação.                  ║
-║        Use o formato: Schema/SQL + Justificativa + Impacto                   ║
-║                                                                              ║
-╚══════════════════════════════════════════════════════════════════════════════╝
-"""
-    print(error_message, file=sys.stderr)
-    sys.exit(2)
-if __name__ == "__main__":
-    main()
+#!/usr/bin/env python3
+"""
+Hook: SQL Governance
+REGRA: Comandos SQL que criam/alteram/deletam objetos de banco DEVEM ser aprovados.
+Este hook intercepta comandos Bash que contêm SQL perigoso e bloqueia
+operações não autorizadas em banco de dados.
+Exit Codes:
+- 0: Permitido
+- 2: Bloqueado (SQL perigoso detectado)
+"""
+import json
+import sys
+import os
+import re
+# =============================================================================
+# CONFIGURAÇÃO: Patterns SQL que requerem aprovação
+# =============================================================================
+DANGEROUS_PATTERNS = [
+    # DDL - Criação
+    (r"\bCREATE\s+TABLE\b", "CREATE TABLE"),
+    (r"\bCREATE\s+VIEW\b", "CREATE VIEW"),
+    (r"\bCREATE\s+MATERIALIZED\s+VIEW\b", "CREATE MATERIALIZED VIEW"),
+    (r"\bCREATE\s+FUNCTION\b", "CREATE FUNCTION"),
+    (r"\bCREATE\s+TRIGGER\b", "CREATE TRIGGER"),
+    (r"\bCREATE\s+INDEX\b", "CREATE INDEX"),
+    (r"\bCREATE\s+TYPE\b", "CREATE TYPE"),
+    (r"\bCREATE\s+SCHEMA\b", "CREATE SCHEMA"),
+    (r"\bCREATE\s+EXTENSION\b", "CREATE EXTENSION"),
+    (r"\bCREATE\s+POLICY\b", "CREATE POLICY"),
+    # DDL - Alteração
+    (r"\bALTER\s+TABLE\b", "ALTER TABLE"),
+    (r"\bALTER\s+VIEW\b", "ALTER VIEW"),
+    (r"\bALTER\s+FUNCTION\b", "ALTER FUNCTION"),
+    # DDL - Deleção
+    (r"\bDROP\s+TABLE\b", "DROP TABLE"),
+    (r"\bDROP\s+VIEW\b", "DROP VIEW"),
+    (r"\bDROP\s+FUNCTION\b", "DROP FUNCTION"),
+    (r"\bDROP\s+TRIGGER\b", "DROP TRIGGER"),
+    (r"\bDROP\s+INDEX\b", "DROP INDEX"),
+    (r"\bDROP\s+SCHEMA\b", "DROP SCHEMA"),
+    (r"\bDROP\s+POLICY\b", "DROP POLICY"),
+    # DML Perigoso
+    (r"\bTRUNCATE\b", "TRUNCATE"),
+    (r"\bDELETE\s+FROM\b(?!.*\bWHERE\b)", "DELETE without WHERE"),
+    # Backup proibido (criar tabela como cópia)
+    (r"\bCREATE\s+TABLE\b.*\bAS\s+SELECT\b", "CREATE TABLE AS SELECT (backup proibido)"),
+    # Storage
+    (r"\bINSERT\s+INTO\s+storage\.buckets\b", "INSERT INTO storage.buckets"),
+]
+# Patterns que indicam contexto seguro (não bloquear)
+SAFE_CONTEXTS = [
+    r"--.*$",                          # Comentário SQL
+    r"SELECT\s+.*\bFROM\b",            # Query de leitura
+    r"information_schema",             # Query de metadata
+    r"pg_catalog",                     # Query de sistema
+    r"\bEXPLAIN\b",                    # Explain plan
+]
+# Comandos que são sempre permitidos
+ALLOWED_COMMANDS = [
+    "supabase migration",              # CLI de migration
+    "supabase db push",                # Push de migrations
+    "supabase db pull",                # Pull de schema
+    "pg_dump",                         # Backup (exportar)
+    "psql.*-f.*migrations",            # Aplicar migration file
+]
+# =============================================================================
+# LÓGICA DO HOOK
+# =============================================================================
+def extract_sql_from_command(command: str) -> str:
+    """Extrai possível SQL de um comando bash."""
+    # Remover aspas externas se houver
+    sql = command
+    # Detectar SQL inline em psql -c
+    psql_match = re.search(r'psql.*-c\s+["\'](.+?)["\']', command, re.DOTALL)
+    if psql_match:
+        sql = psql_match.group(1)
+    # Detectar heredoc
+    heredoc_match = re.search(r'<<["\']?(\w+)["\']?\s*\n(.+?)\n\1', command, re.DOTALL)
+    if heredoc_match:
+        sql = heredoc_match.group(2)
+    return sql.upper()
+def is_safe_context(command: str) -> bool:
+    """Verifica se o comando está em contexto seguro."""
+    command_lower = command.lower()
+    for allowed in ALLOWED_COMMANDS:
+        if re.search(allowed, command_lower):
+            return True
+    return False
+def detect_dangerous_sql(command: str) -> list[tuple[str, str]]:
+    """Detecta patterns SQL perigosos no comando."""
+    sql = extract_sql_from_command(command)
+    detected = []
+    for pattern, description in DANGEROUS_PATTERNS:
+        if re.search(pattern, sql, re.IGNORECASE):
+            detected.append((pattern, description))
+    return detected
+def main():
+    # Ler input do stdin
+    try:
+        input_data = json.load(sys.stdin)
+    except json.JSONDecodeError:
+        # Se não conseguir parsear, permitir (fail-open)
+        sys.exit(0)
+    tool_name = input_data.get("tool_name", "")
+    tool_input = input_data.get("tool_input", {})
+    # Só processar Bash
+    if tool_name != "Bash":
+        sys.exit(0)
+    command = tool_input.get("command", "")
+    if not command:
+        sys.exit(0)
+    # Verificar se é contexto seguro
+    if is_safe_context(command):
+        sys.exit(0)
+    # Detectar SQL perigoso
+    dangerous = detect_dangerous_sql(command)
+    if not dangerous:
+        sys.exit(0)
+    # BLOQUEAR: SQL perigoso detectado
+    detected_list = "\n".join([f"║    • {desc:<64} ║" for _, desc in dangerous[:5]])
+    error_message = f"""
+╔══════════════════════════════════════════════════════════════════════════════╗
+║  🛑 SQL GOVERNANCE: Operação de banco requer aprovação                       ║
+╠══════════════════════════════════════════════════════════════════════════════╣
+║                                                                              ║
+║  Operações detectadas:                                                       ║
+{detected_list}
+║                                                                              ║
+║  REGRA: Comandos que criam/alteram/deletam objetos de banco DEVEM:           ║
+║                                                                              ║
+║    1. Ser propostos ao usuário ANTES de executar                             ║
+║    2. Incluir justificativa e análise de impacto                             ║
+║    3. Aguardar aprovação explícita                                           ║
+║                                                                              ║
+║  EXCEÇÕES PERMITIDAS:                                                        ║
+║    • supabase migration (CLI oficial)                                        ║
+║    • pg_dump (backup/export)                                                 ║
+║    • Aplicar migrations existentes em supabase/migrations/                   ║
+║                                                                              ║
+║  AÇÃO: Proponha as mudanças ao usuário e aguarde aprovação.                  ║
+║        Use o formato: Schema/SQL + Justificativa + Impacto                   ║
+║                                                                              ║
+╚══════════════════════════════════════════════════════════════════════════════╝
+"""
+    print(error_message, file=sys.stderr)
+    sys.exit(2)
+if __name__ == "__main__":
+    main()

package/.claude/hooks/synapse-engine.cjs CHANGED Viewed

@@ -49,7 +49,28 @@ async function main() {
   if (!runtime) return;
   const result = await runtime.engine.process(input.prompt, runtime.session);
-  process.stdout.write(JSON.stringify(buildHookOutput(result.xml)));
+  // QW-1: Wire updateSession() — persist bracket transitions after each prompt
+  if (runtime.sessionId && runtime.sessionsDir) {
+    try {
+      const { updateSession } = require(
+        path.join(runtime.cwd, '.aios-core', 'core', 'synapse', 'session', 'session-manager.js'),
+      );
+      updateSession(runtime.sessionId, runtime.sessionsDir, {
+        context: { last_bracket: result.bracket || 'FRESH' },
+      });
+    } catch (_err) {
+      // Fire-and-forget — never block the prompt
+    }
+  }
+  const output = JSON.stringify(buildHookOutput(result.xml));
+  // Write and flush stdout (callback may not exist in mocked environments)
+  const flushed = process.stdout.write(output);
+  if (!flushed) {
+    await new Promise((resolve) => process.stdout.once('drain', resolve));
+  }
 }
 /**
@@ -65,10 +86,12 @@ function safeExit(code) {
 function run() {
   const timer = setTimeout(() => safeExit(0), HOOK_TIMEOUT_MS);
   timer.unref();
-  main().catch((err) => {
-    console.error(`[synapse-hook] ${err.message}`);
-    safeExit(0);
-  });
+  main()
+    .then(() => safeExit(0))
+    .catch((err) => {
+      console.error(`[synapse-hook] ${err.message}`);
+      safeExit(0);
+    });
 }
 if (require.main === module) run();