autoworkflow 3.1.4 → 3.5.0

package/.claude/hooks/pre-edit.sh

@@ -0,0 +1,129 @@
+#!/bin/bash
+# AutoWorkflow Pre-Edit Hook
+# Runs on: PreToolUse for Write/Edit tools
+# Purpose: Enforce plan approval before implementation
+#
+# This hook implements the plan_approval_gate enforcement
+# It BLOCKS Write/Edit operations if plan hasn't been approved
+
+# Colors
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+CYAN='\033[0;36m'
+BOLD='\033[1m'
+DIM='\033[2m'
+NC='\033[0m'
+
+# State directory
+STATE_DIR=".claude/.autoworkflow"
+
+# State files
+PHASE_FILE="$STATE_DIR/phase"
+TASK_TYPE_FILE="$STATE_DIR/task-type"
+PLAN_APPROVED_FILE="$STATE_DIR/plan-approved"
+
+# Get current phase
+get_phase() {
+    if [ -f "$PHASE_FILE" ]; then
+        cat "$PHASE_FILE"
+    else
+        echo "IDLE"
+    fi
+}
+
+# Get task type
+get_task_type() {
+    if [ -f "$TASK_TYPE_FILE" ]; then
+        cat "$TASK_TYPE_FILE"
+    else
+        echo "unknown"
+    fi
+}
+
+# Check if plan is approved
+is_plan_approved() {
+    if [ -f "$PLAN_APPROVED_FILE" ]; then
+        local status=$(cat "$PLAN_APPROVED_FILE")
+        [ "$status" = "true" ] && return 0
+    fi
+    return 1
+}
+
+# Check if task type requires approval
+requires_approval() {
+    local task_type="$1"
+    case "$task_type" in
+        # These task types require plan approval
+        feature|fix|refactor|perf|security|test)
+            return 0
+            ;;
+        # These can proceed without explicit approval
+        docs|style|config|query)
+            return 1
+            ;;
+        # Unknown defaults to requiring approval
+        *)
+            return 0
+            ;;
+    esac
+}
+
+# Main check
+main() {
+    local phase=$(get_phase)
+    local task_type=$(get_task_type)
+
+    # Skip check if no task is active
+    if [ "$phase" = "IDLE" ]; then
+        exit 0
+    fi
+
+    # Skip check for task types that don't require approval
+    if ! requires_approval "$task_type"; then
+        exit 0
+    fi
+
+    # Skip check if already in IMPLEMENT or later phases
+    case "$phase" in
+        IMPLEMENT|VERIFY|FIX|AUDIT|PRE_COMMIT|COMMIT|UPDATE)
+            # Already past approval, allow edits
+            exit 0
+            ;;
+    esac
+
+    # Check if we're in a pre-approval phase
+    if [ "$phase" = "ANALYZE" ] || [ "$phase" = "PLAN" ]; then
+        if ! is_plan_approved; then
+            echo ""
+            echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+            echo -e "${RED}${BOLD}⛔ AUTOWORKFLOW: PLAN APPROVAL REQUIRED${NC}"
+            echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+            echo ""
+            echo -e "${CYAN}Current Phase:${NC} $phase"
+            echo -e "${CYAN}Task Type:${NC}    $task_type"
+            echo -e "${CYAN}Plan Approved:${NC} NO"
+            echo ""
+            echo "Cannot edit files before plan approval."
+            echo ""
+            echo -e "${BOLD}Required workflow:${NC}"
+            echo "  1. Complete ANALYZE phase (read relevant files)"
+            echo "  2. Present PLAN with suggestions"
+            echo "  3. Wait for user approval"
+            echo "  4. THEN implement"
+            echo ""
+            echo -e "${DIM}To approve, user must say: yes, proceed, approved, go ahead${NC}"
+            echo ""
+            echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+            echo ""
+
+            # Exit with error to BLOCK the edit
+            exit 1
+        fi
+    fi
+
+    # All checks passed, allow edit
+    exit 0
+}
+
+main

package/.claude/hooks/session-check.sh

@@ -28,6 +28,78 @@ PHASE_FILE="$STATE_DIR/phase"
 TASK_TYPE_FILE="$STATE_DIR/task-type"
 BLUEPRINT_CHECK_FILE="$STATE_DIR/blueprint-checked"
 TASK_DESCRIPTION_FILE="$STATE_DIR/task-description"
+PLAN_APPROVED_FILE="$STATE_DIR/plan-approved"
+CHANGED_FILES_FILE="$STATE_DIR/changed-files"
+SESSION_RESUMED_FILE="$STATE_DIR/session-resumed"
+
+# Check for resumable session state
+check_session_resume() {
+    # Only show resume prompt once per session
+    if [ -f "$SESSION_RESUMED_FILE" ]; then
+        return 1
+    fi
+
+    # Check if there's a previous session with active state
+    if [ -f "$PHASE_FILE" ]; then
+        local phase=$(cat "$PHASE_FILE")
+
+        # Only prompt for non-idle, non-complete states
+        if [ "$phase" != "IDLE" ] && [ "$phase" != "" ] && [ "$phase" != "COMMIT" ]; then
+            local task_type=""
+            local verify_iter="0"
+            local plan_approved="false"
+            local changed_count="0"
+
+            [ -f "$TASK_TYPE_FILE" ] && task_type=$(cat "$TASK_TYPE_FILE")
+            [ -f "$STATE_DIR/verify-iteration" ] && verify_iter=$(cat "$STATE_DIR/verify-iteration")
+            [ -f "$PLAN_APPROVED_FILE" ] && plan_approved=$(cat "$PLAN_APPROVED_FILE")
+            [ -f "$CHANGED_FILES_FILE" ] && changed_count=$(wc -l < "$CHANGED_FILES_FILE" 2>/dev/null | tr -d ' ')
+
+            echo ""
+            echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+            echo -e "${CYAN}${BOLD}📍 AUTOWORKFLOW: SESSION RESUME${NC}"
+            echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+            echo ""
+            echo -e "${BOLD}Previous session state detected:${NC}"
+            echo ""
+            echo -e "  ${CYAN}Phase:${NC}           $phase"
+            [ -n "$task_type" ] && echo -e "  ${CYAN}Task type:${NC}       $task_type"
+            echo -e "  ${CYAN}Plan approved:${NC}   $plan_approved"
+            echo -e "  ${CYAN}Verify attempts:${NC} $verify_iter/10"
+            [ "$changed_count" -gt 0 ] 2>/dev/null && echo -e "  ${CYAN}Changed files:${NC}   $changed_count"
+            echo ""
+
+            # Show changed files if any
+            if [ -f "$CHANGED_FILES_FILE" ] && [ "$changed_count" -gt 0 ] 2>/dev/null; then
+                echo -e "${DIM}Pending changes:${NC}"
+                head -5 "$CHANGED_FILES_FILE" | while read file; do
+                    echo -e "  ${DIM}- $file${NC}"
+                done
+                [ "$changed_count" -gt 5 ] 2>/dev/null && echo -e "  ${DIM}... and $((changed_count - 5)) more${NC}"
+                echo ""
+            fi
+
+            # Show workflow position
+            local workflow=$(get_workflow "$task_type")
+            echo -e "${DIM}Workflow: $workflow${NC}"
+            echo -e "${DIM}          ↑ Current: $phase${NC}"
+            echo ""
+
+            echo "Continue from $phase phase, or start fresh?"
+            echo ""
+            echo -e "${DIM}(Say 'continue' to resume, or describe new task to start fresh)${NC}"
+            echo ""
+            echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+            echo ""
+
+            # Mark that we've shown the resume prompt
+            touch "$SESSION_RESUMED_FILE"
+            return 0
+        fi
+    fi
+
+    return 1
+}
 
 # Generate session ID if new session
 init_session() {
@@ -39,6 +111,8 @@ init_session() {
         rm -f "$STATE_DIR/changed-files" 2>/dev/null
         rm -f "$BLUEPRINT_CHECK_FILE" 2>/dev/null
         rm -f "$TASK_TYPE_FILE" 2>/dev/null
+        rm -f "$PLAN_APPROVED_FILE" 2>/dev/null
+        rm -f "$SESSION_RESUMED_FILE" 2>/dev/null
         return 0  # New session
     fi
     return 1  # Existing session
@@ -335,6 +409,11 @@ main() {
         exit 0
     fi
 
+    # Check for session resume (only on existing sessions)
+    if [ "$is_new_session" = false ]; then
+        check_session_resume
+    fi
+
     # Check for missing blueprint (triggers auto-audit)
     check_blueprint
 

package/.claude/settings.json

@@ -18,6 +18,30 @@
         ]
       }
     ],
+    "PreToolUse": [
+      {
+        "matcher": "Write|Edit",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "./.claude/hooks/pre-edit.sh",
+            "timeout": 5,
+            "statusMessage": "Checking plan approval..."
+          }
+        ]
+      },
+      {
+        "matcher": "Bash",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "./.claude/hooks/pre-tool-router.sh \"$TOOL_INPUT\"",
+            "timeout": 300,
+            "statusMessage": "Checking workflow gates..."
+          }
+        ]
+      }
+    ],
     "PostToolUse": [
       {
         "matcher": "Write|Edit",
@@ -29,17 +53,15 @@
             "statusMessage": "Running verification..."
           }
         ]
-      }
-    ],
-    "PreToolUse": [
+      },
       {
         "matcher": "Bash",
         "hooks": [
           {
             "type": "command",
-            "command": "./.claude/hooks/pre-tool-router.sh \"$TOOL_INPUT\"",
-            "timeout": 300,
-            "statusMessage": "Checking workflow gates..."
+            "command": "./.claude/hooks/post-bash-router.sh \"$TOOL_INPUT\"",
+            "timeout": 30,
+            "statusMessage": "Checking post-command actions..."
           }
         ]
       }
@@ -56,6 +78,18 @@
     "ANALYZE → PLAN → CONFIRM → IMPLEMENT → VERIFY → AUDIT → COMMIT → UPDATE",
     "```",
     "",
+    "### Skill Loading (CRITICAL)",
+    "When executing ANY command from .claude/commands/:",
+    "1. Read the command's YAML frontmatter",
+    "2. Check for `skills_required` array",
+    "3. For EACH skill listed, READ the file from `.claude/skills/` BEFORE executing",
+    "4. Apply the knowledge from skills during command execution",
+    "",
+    "Example: `/audit` has `skills_required: [security.md, code-review.md]`",
+    "→ Read `.claude/skills/security.md` first",
+    "→ Read `.claude/skills/code-review.md` second",
+    "→ THEN execute the audit with this knowledge loaded",
+    "",
     "### Auto-Triggers (Hooks enforce these)",
     "1. **SESSION START**: If instructions/BLUEPRINT.md missing → AUTO-RUN audit (no permission needed)",
     "2. **AFTER CODE CHANGES**: Run `npm run verify` automatically. Fix errors until passing (max 10 iterations)",

package/.claude/settings.local.json

@@ -11,7 +11,9 @@
       "Bash(npm run typecheck:*)",
       "Bash(git add:*)",
       "Bash(git commit -m \"$\\(cat <<''EOF''\nfeat\\(hooks\\): implement full auto-trigger system with blocking gates\n\n- Add 7 new hook scripts for workflow automation:\n  - session-check.sh: Init, blueprint check, task classification\n  - post-edit.sh: Auto-verify with loop tracking \\(max 10 iterations\\)\n  - pre-tool-router.sh: Route Bash commands to appropriate checks\n  - pre-commit-check.sh: All 7 gate checks with blocking \\(exit 1\\)\n  - phase-transition.sh: State management and gate enforcement\n  - audit-runner.sh: UI enforcement + circular dependency checks\n  - blueprint-generator.sh: Auto-scan project structure\n\n- Pre-commit gate now checks:\n  - TypeScript errors\n  - ESLint warnings\n  - TODO/FIXME comments\n  - console.log statements\n  - Orphan features \\(UI enforcement\\)\n  - Circular dependencies\n  - Conventional commit format\n\n- State tracking in .claude/.autoworkflow/:\n  - phase, task-type, verify-iteration, audit-iteration\n  - verify-status, audit-status, plan-approved\n\n- Updated CLAUDE.md files with:\n  - Slash commands table\n  - Hook files reference\n  - Hook integration section\n\nCo-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>\nEOF\n\\)\")",
-      "Bash(git commit:*)"
+      "Bash(git commit:*)",
+      "Bash(unzip:*)",
+      "Bash(node:*)"
     ]
   }
 }

package/.claude/skills/actix.md

@@ -0,0 +1,337 @@
+# Actix Web Skill
+
+## Application Setup
+\`\`\`rust
+use actix_web::{web, App, HttpServer, middleware};
+use actix_cors::Cors;
+
+#[actix_web::main]
+async fn main() -> std::io::Result<()> {
+    // Initialize logging
+    env_logger::init_from_env(env_logger::Env::default().default_filter_or("info"));
+
+    // Create shared state
+    let db_pool = create_pool().await.expect("Failed to create pool");
+    let app_state = web::Data::new(AppState { db: db_pool });
+
+    HttpServer::new(move || {
+        // Configure CORS
+        let cors = Cors::default()
+            .allow_any_origin()
+            .allowed_methods(vec!["GET", "POST", "PUT", "DELETE"])
+            .allowed_headers(vec!["Authorization", "Content-Type"])
+            .max_age(3600);
+
+        App::new()
+            .app_data(app_state.clone())
+            .wrap(middleware::Logger::default())
+            .wrap(middleware::Compress::default())
+            .wrap(cors)
+            .configure(configure_routes)
+    })
+    .bind("127.0.0.1:8080")?
+    .run()
+    .await
+}
+
+fn configure_routes(cfg: &mut web::ServiceConfig) {
+    cfg.service(
+        web::scope("/api/v1")
+            .service(
+                web::scope("/auth")
+                    .route("/login", web::post().to(login))
+                    .route("/register", web::post().to(register))
+            )
+            .service(
+                web::scope("/users")
+                    .wrap(AuthMiddleware)
+                    .route("", web::get().to(list_users))
+                    .route("", web::post().to(create_user))
+                    .route("/{id}", web::get().to(get_user))
+                    .route("/{id}", web::put().to(update_user))
+                    .route("/{id}", web::delete().to(delete_user))
+            )
+    );
+}
+\`\`\`
+
+## Shared State
+\`\`\`rust
+use sqlx::PgPool;
+
+pub struct AppState {
+    pub db: PgPool,
+    pub config: AppConfig,
+}
+
+// Access in handlers
+async fn get_user(
+    state: web::Data<AppState>,
+    path: web::Path<String>,
+) -> Result<HttpResponse, AppError> {
+    let id = path.into_inner();
+    let user = sqlx::query_as!(User, "SELECT * FROM users WHERE id = $1", id)
+        .fetch_optional(&state.db)
+        .await?
+        .ok_or(AppError::NotFound)?;
+
+    Ok(HttpResponse::Ok().json(user))
+}
+\`\`\`
+
+## Request Extractors
+\`\`\`rust
+use actix_web::{web, HttpResponse};
+use serde::Deserialize;
+use validator::Validate;
+
+// JSON body
+#[derive(Deserialize, Validate)]
+pub struct CreateUserRequest {
+    #[validate(email)]
+    pub email: String,
+    #[validate(length(min = 2, max = 100))]
+    pub name: String,
+    #[validate(length(min = 8))]
+    pub password: String,
+}
+
+async fn create_user(
+    state: web::Data<AppState>,
+    body: web::Json<CreateUserRequest>,
+) -> Result<HttpResponse, AppError> {
+    // Validate request
+    body.validate().map_err(|e| AppError::Validation(e.to_string()))?;
+
+    let user = User::new(body.email.clone(), body.name.clone(), &body.password)?;
+    // ... save user
+
+    Ok(HttpResponse::Created().json(user))
+}
+
+// Query parameters
+#[derive(Deserialize)]
+pub struct PaginationQuery {
+    #[serde(default = "default_page")]
+    pub page: u32,
+    #[serde(default = "default_per_page")]
+    pub per_page: u32,
+}
+
+fn default_page() -> u32 { 1 }
+fn default_per_page() -> u32 { 20 }
+
+async fn list_users(
+    state: web::Data<AppState>,
+    query: web::Query<PaginationQuery>,
+) -> Result<HttpResponse, AppError> {
+    let offset = (query.page - 1) * query.per_page;
+    let users = sqlx::query_as!(User,
+        "SELECT * FROM users LIMIT $1 OFFSET $2",
+        query.per_page as i64,
+        offset as i64
+    )
+    .fetch_all(&state.db)
+    .await?;
+
+    Ok(HttpResponse::Ok().json(users))
+}
+
+// Path parameters
+async fn get_user(path: web::Path<(String,)>) -> Result<HttpResponse, AppError> {
+    let (id,) = path.into_inner();
+    // ...
+}
+
+// Multiple path params
+async fn get_post_comment(
+    path: web::Path<(String, String)>,
+) -> Result<HttpResponse, AppError> {
+    let (post_id, comment_id) = path.into_inner();
+    // ...
+}
+\`\`\`
+
+## Custom Middleware
+\`\`\`rust
+use actix_web::{dev::{ServiceRequest, ServiceResponse, Transform, Service}, Error, HttpMessage};
+use futures::future::{ok, Ready, LocalBoxFuture};
+use std::rc::Rc;
+
+pub struct AuthMiddleware;
+
+impl<S, B> Transform<S, ServiceRequest> for AuthMiddleware
+where
+    S: Service<ServiceRequest, Response = ServiceResponse<B>, Error = Error> + 'static,
+    B: 'static,
+{
+    type Response = ServiceResponse<B>;
+    type Error = Error;
+    type Transform = AuthMiddlewareService<S>;
+    type InitError = ();
+    type Future = Ready<Result<Self::Transform, Self::InitError>>;
+
+    fn new_transform(&self, service: S) -> Self::Future {
+        ok(AuthMiddlewareService {
+            service: Rc::new(service),
+        })
+    }
+}
+
+pub struct AuthMiddlewareService<S> {
+    service: Rc<S>,
+}
+
+impl<S, B> Service<ServiceRequest> for AuthMiddlewareService<S>
+where
+    S: Service<ServiceRequest, Response = ServiceResponse<B>, Error = Error> + 'static,
+    B: 'static,
+{
+    type Response = ServiceResponse<B>;
+    type Error = Error;
+    type Future = LocalBoxFuture<'static, Result<Self::Response, Self::Error>>;
+
+    fn poll_ready(&self, ctx: &mut core::task::Context<'_>) -> std::task::Poll<Result<(), Self::Error>> {
+        self.service.poll_ready(ctx)
+    }
+
+    fn call(&self, req: ServiceRequest) -> Self::Future {
+        let service = Rc::clone(&self.service);
+
+        Box::pin(async move {
+            // Extract and validate token
+            let auth_header = req.headers()
+                .get("Authorization")
+                .and_then(|h| h.to_str().ok());
+
+            let token = match auth_header {
+                Some(h) if h.starts_with("Bearer ") => &h[7..],
+                _ => return Err(AppError::Unauthorized.into()),
+            };
+
+            let claims = validate_token(token)
+                .map_err(|_| AppError::Unauthorized)?;
+
+            // Store claims in request extensions
+            req.extensions_mut().insert(claims);
+
+            service.call(req).await
+        })
+    }
+}
+
+// Access auth data in handler
+async fn protected_handler(req: HttpRequest) -> Result<HttpResponse, AppError> {
+    let claims = req.extensions().get::<Claims>()
+        .ok_or(AppError::Unauthorized)?;
+
+    println!("User ID: {}", claims.user_id);
+    Ok(HttpResponse::Ok().finish())
+}
+\`\`\`
+
+## Error Handling
+\`\`\`rust
+use actix_web::{HttpResponse, ResponseError, http::StatusCode};
+use thiserror::Error;
+
+#[derive(Error, Debug)]
+pub enum AppError {
+    #[error("Resource not found")]
+    NotFound,
+
+    #[error("Unauthorized")]
+    Unauthorized,
+
+    #[error("Validation error: {0}")]
+    Validation(String),
+
+    #[error("Database error")]
+    Database(#[from] sqlx::Error),
+
+    #[error("Internal error")]
+    Internal(String),
+}
+
+impl ResponseError for AppError {
+    fn status_code(&self) -> StatusCode {
+        match self {
+            AppError::NotFound => StatusCode::NOT_FOUND,
+            AppError::Unauthorized => StatusCode::UNAUTHORIZED,
+            AppError::Validation(_) => StatusCode::BAD_REQUEST,
+            AppError::Database(_) | AppError::Internal(_) => StatusCode::INTERNAL_SERVER_ERROR,
+        }
+    }
+
+    fn error_response(&self) -> HttpResponse {
+        let status = self.status_code();
+        let message = match self {
+            AppError::Database(_) | AppError::Internal(_) => "Internal server error".to_string(),
+            _ => self.to_string(),
+        };
+
+        HttpResponse::build(status).json(serde_json::json!({
+            "error": message
+        }))
+    }
+}
+\`\`\`
+
+## Testing
+\`\`\`rust
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use actix_web::{test, App};
+
+    #[actix_web::test]
+    async fn test_create_user() {
+        let app = test::init_service(
+            App::new()
+                .app_data(web::Data::new(create_test_state().await))
+                .configure(configure_routes)
+        ).await;
+
+        let req = test::TestRequest::post()
+            .uri("/api/v1/users")
+            .set_json(serde_json::json!({
+                "email": "test@example.com",
+                "name": "Test User",
+                "password": "password123"
+            }))
+            .to_request();
+
+        let resp = test::call_service(&app, req).await;
+        assert_eq!(resp.status(), StatusCode::CREATED);
+    }
+
+    #[actix_web::test]
+    async fn test_get_user_not_found() {
+        let app = test::init_service(
+            App::new()
+                .app_data(web::Data::new(create_test_state().await))
+                .configure(configure_routes)
+        ).await;
+
+        let req = test::TestRequest::get()
+            .uri("/api/v1/users/nonexistent")
+            .to_request();
+
+        let resp = test::call_service(&app, req).await;
+        assert_eq!(resp.status(), StatusCode::NOT_FOUND);
+    }
+}
+\`\`\`
+
+## ✅ DO
+- Use \`web::Data<T>\` for shared application state
+- Implement \`ResponseError\` for custom error types
+- Use extractors (\`web::Json\`, \`web::Query\`, \`web::Path\`)
+- Configure routes in separate function with \`ServiceConfig\`
+- Use \`#[actix_web::test]\` for async tests
+
+## ❌ DON'T
+- Don't clone \`web::Data\` unnecessarily (it's already \`Arc\`)
+- Don't block the async runtime with sync operations
+- Don't expose internal error details to clients
+- Don't forget to handle all error cases in \`ResponseError\`