cc4pm 1.8.0

package/scripts/hooks/insaits-security-monitor.py

@@ -0,0 +1,269 @@
+#!/usr/bin/env python3
+"""
+InsAIts Security Monitor -- PreToolUse Hook for Claude Code
+============================================================
+
+Real-time security monitoring for Claude Code tool inputs.
+Detects credential exposure, prompt injection, behavioral anomalies,
+hallucination chains, and 20+ other anomaly types -- runs 100% locally.
+
+Writes audit events to .insaits_audit_session.jsonl for forensic tracing.
+
+Setup:
+  pip install insa-its
+  export ECC_ENABLE_INSAITS=1
+
+  Add to .claude/settings.json:
+  {
+    "hooks": {
+      "PreToolUse": [
+        {
+          "matcher": "Bash|Write|Edit|MultiEdit",
+          "hooks": [
+            {
+              "type": "command",
+              "command": "node scripts/hooks/insaits-security-wrapper.js"
+            }
+          ]
+        }
+      ]
+    }
+  }
+
+How it works:
+  Claude Code passes tool input as JSON on stdin.
+  This script runs InsAIts anomaly detection on the content.
+  Exit code 0 = clean (pass through).
+  Exit code 2 = critical issue found (blocks tool execution).
+  Stderr output = non-blocking warning shown to Claude.
+
+Environment variables:
+  INSAITS_DEV_MODE   Set to "true" to enable dev mode (no API key needed).
+                     Defaults to "false" (strict mode).
+  INSAITS_MODEL      LLM model identifier for fingerprinting. Default: claude-opus.
+  INSAITS_FAIL_MODE  "open" (default) = continue on SDK errors.
+                     "closed" = block tool execution on SDK errors.
+  INSAITS_VERBOSE    Set to any value to enable debug logging.
+
+Detections include:
+  - Credential exposure (API keys, tokens, passwords)
+  - Prompt injection patterns
+  - Hallucination indicators (phantom citations, fact contradictions)
+  - Behavioral anomalies (context loss, semantic drift)
+  - Tool description divergence
+  - Shorthand emergence / jargon drift
+
+All processing is local -- no data leaves your machine.
+
+Author: Cristi Bogdan -- YuyAI (https://github.com/Nomadu27/InsAIts)
+License: Apache 2.0
+"""
+
+from __future__ import annotations
+
+import hashlib
+import json
+import logging
+import os
+import sys
+import time
+from typing import Any, Dict, List, Tuple
+
+# Configure logging to stderr so it does not interfere with stdout protocol
+logging.basicConfig(
+    stream=sys.stderr,
+    format="[InsAIts] %(message)s",
+    level=logging.DEBUG if os.environ.get("INSAITS_VERBOSE") else logging.WARNING,
+)
+log = logging.getLogger("insaits-hook")
+
+# Try importing InsAIts SDK
+try:
+    from insa_its import insAItsMonitor
+    INSAITS_AVAILABLE: bool = True
+except ImportError:
+    INSAITS_AVAILABLE = False
+
+# --- Constants ---
+AUDIT_FILE: str = ".insaits_audit_session.jsonl"
+MIN_CONTENT_LENGTH: int = 10
+MAX_SCAN_LENGTH: int = 4000
+DEFAULT_MODEL: str = "claude-opus"
+BLOCKING_SEVERITIES: frozenset = frozenset({"CRITICAL"})
+
+
+def extract_content(data: Dict[str, Any]) -> Tuple[str, str]:
+    """Extract inspectable text from a Claude Code tool input payload.
+
+    Returns:
+        A (text, context) tuple where *text* is the content to scan and
+        *context* is a short label for the audit log.
+    """
+    tool_name: str = data.get("tool_name", "")
+    tool_input: Dict[str, Any] = data.get("tool_input", {})
+
+    text: str = ""
+    context: str = ""
+
+    if tool_name in ("Write", "Edit", "MultiEdit"):
+        text = tool_input.get("content", "") or tool_input.get("new_string", "")
+        context = "file:" + str(tool_input.get("file_path", ""))[:80]
+    elif tool_name == "Bash":
+        # PreToolUse: the tool hasn't executed yet, inspect the command
+        command: str = str(tool_input.get("command", ""))
+        text = command
+        context = "bash:" + command[:80]
+    elif "content" in data:
+        content: Any = data["content"]
+        if isinstance(content, list):
+            text = "\n".join(
+                b.get("text", "") for b in content if b.get("type") == "text"
+            )
+        elif isinstance(content, str):
+            text = content
+        context = str(data.get("task", ""))
+
+    return text, context
+
+
+def write_audit(event: Dict[str, Any]) -> None:
+    """Append an audit event to the JSONL audit log.
+
+    Creates a new dict to avoid mutating the caller's *event*.
+    """
+    try:
+        enriched: Dict[str, Any] = {
+            **event,
+            "timestamp": time.strftime("%Y-%m-%dT%H:%M:%SZ", time.gmtime()),
+        }
+        enriched["hash"] = hashlib.sha256(
+            json.dumps(enriched, sort_keys=True).encode()
+        ).hexdigest()[:16]
+        with open(AUDIT_FILE, "a", encoding="utf-8") as f:
+            f.write(json.dumps(enriched) + "\n")
+    except OSError as exc:
+        log.warning("Failed to write audit log %s: %s", AUDIT_FILE, exc)
+
+
+def get_anomaly_attr(anomaly: Any, key: str, default: str = "") -> str:
+    """Get a field from an anomaly that may be a dict or an object.
+
+    The SDK's ``send_message()`` returns anomalies as dicts, while
+    other code paths may return dataclass/object instances.  This
+    helper handles both transparently.
+    """
+    if isinstance(anomaly, dict):
+        return str(anomaly.get(key, default))
+    return str(getattr(anomaly, key, default))
+
+
+def format_feedback(anomalies: List[Any]) -> str:
+    """Format detected anomalies as feedback for Claude Code.
+
+    Returns:
+        A human-readable multi-line string describing each finding.
+    """
+    lines: List[str] = [
+        "== InsAIts Security Monitor -- Issues Detected ==",
+        "",
+    ]
+    for i, a in enumerate(anomalies, 1):
+        sev: str = get_anomaly_attr(a, "severity", "MEDIUM")
+        atype: str = get_anomaly_attr(a, "type", "UNKNOWN")
+        detail: str = get_anomaly_attr(a, "details", "")
+        lines.extend([
+            f"{i}. [{sev}] {atype}",
+            f"   {detail[:120]}",
+            "",
+        ])
+    lines.extend([
+        "-" * 56,
+        "Fix the issues above before continuing.",
+        "Audit log: " + AUDIT_FILE,
+    ])
+    return "\n".join(lines)
+
+
+def main() -> None:
+    """Entry point for the Claude Code PreToolUse hook."""
+    raw: str = sys.stdin.read().strip()
+    if not raw:
+        sys.exit(0)
+
+    try:
+        data: Dict[str, Any] = json.loads(raw)
+    except json.JSONDecodeError:
+        data = {"content": raw}
+
+    text, context = extract_content(data)
+
+    # Skip very short content (e.g. "OK", empty bash results)
+    if len(text.strip()) < MIN_CONTENT_LENGTH:
+        sys.exit(0)
+
+    if not INSAITS_AVAILABLE:
+        log.warning("Not installed. Run: pip install insa-its")
+        sys.exit(0)
+
+    # Wrap SDK calls so an internal error does not crash the hook
+    try:
+        monitor: insAItsMonitor = insAItsMonitor(
+            session_name="claude-code-hook",
+            dev_mode=os.environ.get(
+                "INSAITS_DEV_MODE", "false"
+            ).lower() in ("1", "true", "yes"),
+        )
+        result: Dict[str, Any] = monitor.send_message(
+            text=text[:MAX_SCAN_LENGTH],
+            sender_id="claude-code",
+            llm_id=os.environ.get("INSAITS_MODEL", DEFAULT_MODEL),
+        )
+    except Exception as exc:  # Broad catch intentional: unknown SDK internals
+        fail_mode: str = os.environ.get("INSAITS_FAIL_MODE", "open").lower()
+        if fail_mode == "closed":
+            sys.stdout.write(
+                f"InsAIts SDK error ({type(exc).__name__}); "
+                "blocking execution to avoid unscanned input.\n"
+            )
+            sys.exit(2)
+        log.warning(
+            "SDK error (%s), skipping security scan: %s",
+            type(exc).__name__, exc,
+        )
+        sys.exit(0)
+
+    anomalies: List[Any] = result.get("anomalies", [])
+
+    # Write audit event regardless of findings
+    write_audit({
+        "tool": data.get("tool_name", "unknown"),
+        "context": context,
+        "anomaly_count": len(anomalies),
+        "anomaly_types": [get_anomaly_attr(a, "type") for a in anomalies],
+        "text_length": len(text),
+    })
+
+    if not anomalies:
+        log.debug("Clean -- no anomalies detected.")
+        sys.exit(0)
+
+    # Determine maximum severity
+    has_critical: bool = any(
+        get_anomaly_attr(a, "severity").upper() in BLOCKING_SEVERITIES
+        for a in anomalies
+    )
+
+    feedback: str = format_feedback(anomalies)
+
+    if has_critical:
+        # stdout feedback -> Claude Code shows to the model
+        sys.stdout.write(feedback + "\n")
+        sys.exit(2)  # PreToolUse exit 2 = block tool execution
+    else:
+        # Non-critical: warn via stderr (non-blocking)
+        log.warning("\n%s", feedback)
+        sys.exit(0)
+
+
+if __name__ == "__main__":
+    main()

package/scripts/hooks/insaits-security-wrapper.js

@@ -0,0 +1,88 @@
+#!/usr/bin/env node
+/**
+ * InsAIts Security Monitor — wrapper for run-with-flags compatibility.
+ *
+ * This thin wrapper receives stdin from the hooks infrastructure and
+ * delegates to the Python-based insaits-security-monitor.py script.
+ *
+ * The wrapper exists because run-with-flags.js spawns child scripts
+ * via `node`, so a JS entry point is needed to bridge to Python.
+ */
+
+'use strict';
+
+const path = require('path');
+const { spawnSync } = require('child_process');
+
+const MAX_STDIN = 1024 * 1024;
+
+function isEnabled(value) {
+  return ['1', 'true', 'yes', 'on'].includes(String(value || '').toLowerCase());
+}
+
+let raw = '';
+process.stdin.setEncoding('utf8');
+process.stdin.on('data', chunk => {
+  if (raw.length < MAX_STDIN) {
+    raw += chunk.substring(0, MAX_STDIN - raw.length);
+  }
+});
+
+process.stdin.on('end', () => {
+  if (!isEnabled(process.env.ECC_ENABLE_INSAITS)) {
+    process.stdout.write(raw);
+    process.exit(0);
+  }
+
+  const scriptDir = __dirname;
+  const pyScript = path.join(scriptDir, 'insaits-security-monitor.py');
+
+  // Try python3 first (macOS/Linux), fall back to python (Windows)
+  const pythonCandidates = ['python3', 'python'];
+  let result;
+
+  for (const pythonBin of pythonCandidates) {
+    result = spawnSync(pythonBin, [pyScript], {
+      input: raw,
+      encoding: 'utf8',
+      env: process.env,
+      cwd: process.cwd(),
+      timeout: 14000,
+    });
+
+    // ENOENT means binary not found — try next candidate
+    if (result.error && result.error.code === 'ENOENT') {
+      continue;
+    }
+    break;
+  }
+
+  if (!result || (result.error && result.error.code === 'ENOENT')) {
+    process.stderr.write('[InsAIts] python3/python not found. Install Python 3.9+ and: pip install insa-its\n');
+    process.stdout.write(raw);
+    process.exit(0);
+  }
+
+  // Log non-ENOENT spawn errors (timeout, signal kill, etc.) so users
+  // know the security monitor did not run — fail-open with a warning.
+  if (result.error) {
+    process.stderr.write(`[InsAIts] Security monitor failed to run: ${result.error.message}\n`);
+    process.stdout.write(raw);
+    process.exit(0);
+  }
+
+  // result.status is null when the process was killed by a signal or
+  // timed out.  Check BEFORE writing stdout to avoid leaking partial
+  // or corrupt monitor output.  Pass through original raw input instead.
+  if (!Number.isInteger(result.status)) {
+    const signal = result.signal || 'unknown';
+    process.stderr.write(`[InsAIts] Security monitor killed (signal: ${signal}). Tool execution continues.\n`);
+    process.stdout.write(raw);
+    process.exit(0);
+  }
+
+  if (result.stdout) process.stdout.write(result.stdout);
+  if (result.stderr) process.stderr.write(result.stderr);
+
+  process.exit(result.status);
+});

package/scripts/hooks/post-bash-build-complete.js

@@ -0,0 +1,27 @@
+#!/usr/bin/env node
+'use strict';
+
+const MAX_STDIN = 1024 * 1024;
+let raw = '';
+
+process.stdin.setEncoding('utf8');
+process.stdin.on('data', chunk => {
+  if (raw.length < MAX_STDIN) {
+    const remaining = MAX_STDIN - raw.length;
+    raw += chunk.substring(0, remaining);
+  }
+});
+
+process.stdin.on('end', () => {
+  try {
+    const input = JSON.parse(raw);
+    const cmd = String(input.tool_input?.command || '');
+    if (/(npm run build|pnpm build|yarn build)/.test(cmd)) {
+      console.error('[Hook] Build completed - async analysis running in background');
+    }
+  } catch {
+    // ignore parse errors and pass through
+  }
+
+  process.stdout.write(raw);
+});

package/scripts/hooks/post-bash-pr-created.js

@@ -0,0 +1,36 @@
+#!/usr/bin/env node
+'use strict';
+
+const MAX_STDIN = 1024 * 1024;
+let raw = '';
+
+process.stdin.setEncoding('utf8');
+process.stdin.on('data', chunk => {
+  if (raw.length < MAX_STDIN) {
+    const remaining = MAX_STDIN - raw.length;
+    raw += chunk.substring(0, remaining);
+  }
+});
+
+process.stdin.on('end', () => {
+  try {
+    const input = JSON.parse(raw);
+    const cmd = String(input.tool_input?.command || '');
+
+    if (/\bgh\s+pr\s+create\b/.test(cmd)) {
+      const out = String(input.tool_output?.output || '');
+      const match = out.match(/https:\/\/github\.com\/[^/]+\/[^/]+\/pull\/\d+/);
+      if (match) {
+        const prUrl = match[0];
+        const repo = prUrl.replace(/https:\/\/github\.com\/([^/]+\/[^/]+)\/pull\/\d+/, '$1');
+        const prNum = prUrl.replace(/.+\/pull\/(\d+)/, '$1');
+        console.error(`[Hook] PR created: ${prUrl}`);
+        console.error(`[Hook] To review: gh pr review ${prNum} --repo ${repo}`);
+      }
+    }
+  } catch {
+    // ignore parse errors and pass through
+  }
+
+  process.stdout.write(raw);
+});

package/scripts/hooks/post-edit-console-warn.js

@@ -0,0 +1,54 @@
+#!/usr/bin/env node
+/**
+ * PostToolUse Hook: Warn about console.log statements after edits
+ *
+ * Cross-platform (Windows, macOS, Linux)
+ *
+ * Runs after Edit tool use. If the edited JS/TS file contains console.log
+ * statements, warns with line numbers to help remove debug statements
+ * before committing.
+ */
+
+const { readFile } = require('../lib/utils');
+
+const MAX_STDIN = 1024 * 1024; // 1MB limit
+let data = '';
+process.stdin.setEncoding('utf8');
+
+process.stdin.on('data', chunk => {
+  if (data.length < MAX_STDIN) {
+    const remaining = MAX_STDIN - data.length;
+    data += chunk.substring(0, remaining);
+  }
+});
+
+process.stdin.on('end', () => {
+  try {
+    const input = JSON.parse(data);
+    const filePath = input.tool_input?.file_path;
+
+    if (filePath && /\.(ts|tsx|js|jsx)$/.test(filePath)) {
+      const content = readFile(filePath);
+      if (!content) { process.stdout.write(data); process.exit(0); }
+      const lines = content.split('\n');
+      const matches = [];
+
+      lines.forEach((line, idx) => {
+        if (/console\.log/.test(line)) {
+          matches.push((idx + 1) + ': ' + line.trim());
+        }
+      });
+
+      if (matches.length > 0) {
+        console.error('[Hook] WARNING: console.log found in ' + filePath);
+        matches.slice(0, 5).forEach(m => console.error(m));
+        console.error('[Hook] Remove console.log before committing');
+      }
+    }
+  } catch {
+    // Invalid input — pass through
+  }
+
+  process.stdout.write(data);
+  process.exit(0);
+});

package/scripts/hooks/post-edit-format.js

@@ -0,0 +1,109 @@
+#!/usr/bin/env node
+/**
+ * PostToolUse Hook: Auto-format JS/TS files after edits
+ *
+ * Cross-platform (Windows, macOS, Linux)
+ *
+ * Runs after Edit tool use. If the edited file is a JS/TS file,
+ * auto-detects the project formatter (Biome or Prettier) by looking
+ * for config files, then formats accordingly.
+ *
+ * For Biome, uses `check --write` (format + lint in one pass) to
+ * avoid a redundant second invocation from quality-gate.js.
+ *
+ * Prefers the local node_modules/.bin binary over npx to skip
+ * package-resolution overhead (~200-500ms savings per invocation).
+ *
+ * Fails silently if no formatter is found or installed.
+ */
+
+const { execFileSync, spawnSync } = require('child_process');
+const path = require('path');
+
+// Shell metacharacters that cmd.exe interprets as command separators/operators
+const UNSAFE_PATH_CHARS = /[&|<>^%!]/;
+
+const { findProjectRoot, detectFormatter, resolveFormatterBin } = require('../lib/resolve-formatter');
+
+const MAX_STDIN = 1024 * 1024; // 1MB limit
+
+/**
+ * Core logic — exported so run-with-flags.js can call directly
+ * without spawning a child process.
+ *
+ * @param {string} rawInput - Raw JSON string from stdin
+ * @returns {string} The original input (pass-through)
+ */
+function run(rawInput) {
+  try {
+    const input = JSON.parse(rawInput);
+    const filePath = input.tool_input?.file_path;
+
+    if (filePath && /\.(ts|tsx|js|jsx)$/.test(filePath)) {
+      try {
+        const resolvedFilePath = path.resolve(filePath);
+        const projectRoot = findProjectRoot(path.dirname(resolvedFilePath));
+        const formatter = detectFormatter(projectRoot);
+        if (!formatter) return rawInput;
+
+        const resolved = resolveFormatterBin(projectRoot, formatter);
+        if (!resolved) return rawInput;
+
+        // Biome: `check --write` = format + lint in one pass
+        // Prettier: `--write` = format only
+        const args = formatter === 'biome' ? [...resolved.prefix, 'check', '--write', resolvedFilePath] : [...resolved.prefix, '--write', resolvedFilePath];
+
+        if (process.platform === 'win32' && resolved.bin.endsWith('.cmd')) {
+          // Windows: .cmd files require shell to execute. Guard against
+          // command injection by rejecting paths with shell metacharacters.
+          if (UNSAFE_PATH_CHARS.test(resolvedFilePath)) {
+            throw new Error('File path contains unsafe shell characters');
+          }
+          const result = spawnSync(resolved.bin, args, {
+            cwd: projectRoot,
+            shell: true,
+            stdio: 'pipe',
+            timeout: 15000
+          });
+          if (result.error) throw result.error;
+          if (typeof result.status === 'number' && result.status !== 0) {
+            throw new Error(result.stderr?.toString() || `Formatter exited with status ${result.status}`);
+          }
+        } else {
+          execFileSync(resolved.bin, args, {
+            cwd: projectRoot,
+            stdio: ['pipe', 'pipe', 'pipe'],
+            timeout: 15000
+          });
+        }
+      } catch {
+        // Formatter not installed, file missing, or failed — non-blocking
+      }
+    }
+  } catch {
+    // Invalid input — pass through
+  }
+
+  return rawInput;
+}
+
+// ── stdin entry point (backwards-compatible) ────────────────────
+if (require.main === module) {
+  let data = '';
+  process.stdin.setEncoding('utf8');
+
+  process.stdin.on('data', chunk => {
+    if (data.length < MAX_STDIN) {
+      const remaining = MAX_STDIN - data.length;
+      data += chunk.substring(0, remaining);
+    }
+  });
+
+  process.stdin.on('end', () => {
+    data = run(data);
+    process.stdout.write(data);
+    process.exit(0);
+  });
+}
+
+module.exports = { run };

package/scripts/hooks/post-edit-typecheck.js

@@ -0,0 +1,96 @@
+#!/usr/bin/env node
+/**
+ * PostToolUse Hook: TypeScript check after editing .ts/.tsx files
+ *
+ * Cross-platform (Windows, macOS, Linux)
+ *
+ * Runs after Edit tool use on TypeScript files. Walks up from the file's
+ * directory to find the nearest tsconfig.json, then runs tsc --noEmit
+ * and reports only errors related to the edited file.
+ */
+
+const { execFileSync } = require("child_process");
+const fs = require("fs");
+const path = require("path");
+
+const MAX_STDIN = 1024 * 1024; // 1MB limit
+let data = "";
+process.stdin.setEncoding("utf8");
+
+process.stdin.on("data", (chunk) => {
+  if (data.length < MAX_STDIN) {
+    const remaining = MAX_STDIN - data.length;
+    data += chunk.substring(0, remaining);
+  }
+});
+
+process.stdin.on("end", () => {
+  try {
+    const input = JSON.parse(data);
+    const filePath = input.tool_input?.file_path;
+
+    if (filePath && /\.(ts|tsx)$/.test(filePath)) {
+      const resolvedPath = path.resolve(filePath);
+      if (!fs.existsSync(resolvedPath)) {
+        process.stdout.write(data);
+        process.exit(0);
+      }
+      // Find nearest tsconfig.json by walking up (max 20 levels to prevent infinite loop)
+      let dir = path.dirname(resolvedPath);
+      const root = path.parse(dir).root;
+      let depth = 0;
+
+      while (dir !== root && depth < 20) {
+        if (fs.existsSync(path.join(dir, "tsconfig.json"))) {
+          break;
+        }
+        dir = path.dirname(dir);
+        depth++;
+      }
+
+      if (fs.existsSync(path.join(dir, "tsconfig.json"))) {
+        try {
+          // Use npx.cmd on Windows to avoid shell: true which enables command injection
+          const npxBin = process.platform === "win32" ? "npx.cmd" : "npx";
+          execFileSync(npxBin, ["tsc", "--noEmit", "--pretty", "false"], {
+            cwd: dir,
+            encoding: "utf8",
+            stdio: ["pipe", "pipe", "pipe"],
+            timeout: 30000,
+          });
+        } catch (err) {
+          // tsc exits non-zero when there are errors — filter to edited file
+          const output = (err.stdout || "") + (err.stderr || "");
+          // Compute paths that uniquely identify the edited file.
+          // tsc output uses paths relative to its cwd (the tsconfig dir),
+          // so check for the relative path, absolute path, and original path.
+          // Avoid bare basename matching — it causes false positives when
+          // multiple files share the same name (e.g., src/utils.ts vs tests/utils.ts).
+          const relPath = path.relative(dir, resolvedPath);
+          const candidates = new Set([filePath, resolvedPath, relPath]);
+          const relevantLines = output
+            .split("\n")
+            .filter((line) => {
+              for (const candidate of candidates) {
+                if (line.includes(candidate)) return true;
+              }
+              return false;
+            })
+            .slice(0, 10);
+
+          if (relevantLines.length > 0) {
+            console.error(
+              "[Hook] TypeScript errors in " + path.basename(filePath) + ":",
+            );
+            relevantLines.forEach((line) => console.error(line));
+          }
+        }
+      }
+    }
+  } catch {
+    // Invalid input — pass through
+  }
+
+  process.stdout.write(data);
+  process.exit(0);
+});