cc4pm 1.8.0

package/scripts/hooks/pre-bash-dev-server-block.js

@@ -0,0 +1,187 @@
+#!/usr/bin/env node
+'use strict';
+
+const MAX_STDIN = 1024 * 1024;
+const path = require('path');
+const { splitShellSegments } = require('../lib/shell-split');
+
+const DEV_COMMAND_WORDS = new Set([
+  'npm',
+  'pnpm',
+  'yarn',
+  'bun',
+  'npx',
+  'tmux'
+]);
+const SKIPPABLE_PREFIX_WORDS = new Set(['env', 'command', 'builtin', 'exec', 'noglob', 'sudo', 'nohup']);
+const PREFIX_OPTION_VALUE_WORDS = {
+  env: new Set(['-u', '-C', '-S', '--unset', '--chdir', '--split-string']),
+  sudo: new Set([
+    '-u',
+    '-g',
+    '-h',
+    '-p',
+    '-r',
+    '-t',
+    '-C',
+    '--user',
+    '--group',
+    '--host',
+    '--prompt',
+    '--role',
+    '--type',
+    '--close-from'
+  ])
+};
+
+function readToken(input, startIndex) {
+  let index = startIndex;
+  while (index < input.length && /\s/.test(input[index])) index += 1;
+  if (index >= input.length) return null;
+
+  let token = '';
+  let quote = null;
+
+  while (index < input.length) {
+    const ch = input[index];
+
+    if (quote) {
+      if (ch === quote) {
+        quote = null;
+        index += 1;
+        continue;
+      }
+
+      if (ch === '\\' && quote === '"' && index + 1 < input.length) {
+        token += input[index + 1];
+        index += 2;
+        continue;
+      }
+
+      token += ch;
+      index += 1;
+      continue;
+    }
+
+    if (ch === '"' || ch === "'") {
+      quote = ch;
+      index += 1;
+      continue;
+    }
+
+    if (/\s/.test(ch)) break;
+
+    if (ch === '\\' && index + 1 < input.length) {
+      token += input[index + 1];
+      index += 2;
+      continue;
+    }
+
+    token += ch;
+    index += 1;
+  }
+
+  return { token, end: index };
+}
+
+function shouldSkipOptionValue(wrapper, optionToken) {
+  if (!wrapper || !optionToken || optionToken.includes('=')) return false;
+  const optionSet = PREFIX_OPTION_VALUE_WORDS[wrapper];
+  return Boolean(optionSet && optionSet.has(optionToken));
+}
+
+function isOptionToken(token) {
+  return token.startsWith('-') && token.length > 1;
+}
+
+function normalizeCommandWord(token) {
+  if (!token) return '';
+  const base = path.basename(token).toLowerCase();
+  return base.replace(/\.(cmd|exe|bat)$/i, '');
+}
+
+function getLeadingCommandWord(segment) {
+  let index = 0;
+  let activeWrapper = null;
+  let skipNextValue = false;
+
+  while (index < segment.length) {
+    const parsed = readToken(segment, index);
+    if (!parsed) return null;
+    index = parsed.end;
+
+    const token = parsed.token;
+    if (!token) continue;
+
+    if (skipNextValue) {
+      skipNextValue = false;
+      continue;
+    }
+
+    if (token === '--') {
+      activeWrapper = null;
+      continue;
+    }
+
+    if (/^[A-Za-z_][A-Za-z0-9_]*=.*/.test(token)) continue;
+
+    const normalizedToken = normalizeCommandWord(token);
+
+    if (SKIPPABLE_PREFIX_WORDS.has(normalizedToken)) {
+      activeWrapper = normalizedToken;
+      continue;
+    }
+
+    if (activeWrapper && isOptionToken(token)) {
+      if (shouldSkipOptionValue(activeWrapper, token)) {
+        skipNextValue = true;
+      }
+      continue;
+    }
+
+    return normalizedToken;
+  }
+
+  return null;
+}
+
+let raw = '';
+process.stdin.setEncoding('utf8');
+process.stdin.on('data', chunk => {
+  if (raw.length < MAX_STDIN) {
+    const remaining = MAX_STDIN - raw.length;
+    raw += chunk.substring(0, remaining);
+  }
+});
+
+process.stdin.on('end', () => {
+  try {
+    const input = JSON.parse(raw);
+    const cmd = String(input.tool_input?.command || '');
+
+    if (process.platform !== 'win32') {
+      const segments = splitShellSegments(cmd);
+      const tmuxLauncher = /^\s*tmux\s+(new|new-session|new-window|split-window)\b/;
+      const devPattern = /\b(npm\s+run\s+dev|pnpm(?:\s+run)?\s+dev|yarn\s+dev|bun\s+run\s+dev)\b/;
+
+      const hasBlockedDev = segments.some(segment => {
+        const commandWord = getLeadingCommandWord(segment);
+        if (!commandWord || !DEV_COMMAND_WORDS.has(commandWord)) {
+          return false;
+        }
+        return devPattern.test(segment) && !tmuxLauncher.test(segment);
+      });
+
+      if (hasBlockedDev) {
+        console.error('[Hook] BLOCKED: Dev server must run in tmux for log access');
+        console.error('[Hook] Use: tmux new-session -d -s dev "npm run dev"');
+        console.error('[Hook] Then: tmux attach -t dev');
+        process.exit(2);
+      }
+    }
+  } catch {
+    // ignore parse errors and pass through
+  }
+
+  process.stdout.write(raw);
+});

package/scripts/hooks/pre-bash-git-push-reminder.js

@@ -0,0 +1,28 @@
+#!/usr/bin/env node
+'use strict';
+
+const MAX_STDIN = 1024 * 1024;
+let raw = '';
+
+process.stdin.setEncoding('utf8');
+process.stdin.on('data', chunk => {
+  if (raw.length < MAX_STDIN) {
+    const remaining = MAX_STDIN - raw.length;
+    raw += chunk.substring(0, remaining);
+  }
+});
+
+process.stdin.on('end', () => {
+  try {
+    const input = JSON.parse(raw);
+    const cmd = String(input.tool_input?.command || '');
+    if (/\bgit\s+push\b/.test(cmd)) {
+      console.error('[Hook] Review changes before push...');
+      console.error('[Hook] Continuing with push (remove this hook to add interactive review)');
+    }
+  } catch {
+    // ignore parse errors and pass through
+  }
+
+  process.stdout.write(raw);
+});

package/scripts/hooks/pre-bash-tmux-reminder.js

@@ -0,0 +1,33 @@
+#!/usr/bin/env node
+'use strict';
+
+const MAX_STDIN = 1024 * 1024;
+let raw = '';
+
+process.stdin.setEncoding('utf8');
+process.stdin.on('data', chunk => {
+  if (raw.length < MAX_STDIN) {
+    const remaining = MAX_STDIN - raw.length;
+    raw += chunk.substring(0, remaining);
+  }
+});
+
+process.stdin.on('end', () => {
+  try {
+    const input = JSON.parse(raw);
+    const cmd = String(input.tool_input?.command || '');
+
+    if (
+      process.platform !== 'win32' &&
+      !process.env.TMUX &&
+      /(npm (install|test)|pnpm (install|test)|yarn (install|test)?|bun (install|test)|cargo build|make\b|docker\b|pytest|vitest|playwright)/.test(cmd)
+    ) {
+      console.error('[Hook] Consider running in tmux for session persistence');
+      console.error('[Hook] tmux new -s dev  |  tmux attach -t dev');
+    }
+  } catch {
+    // ignore parse errors and pass through
+  }
+
+  process.stdout.write(raw);
+});

package/scripts/hooks/pre-compact.js

@@ -0,0 +1,48 @@
+#!/usr/bin/env node
+/**
+ * PreCompact Hook - Save state before context compaction
+ *
+ * Cross-platform (Windows, macOS, Linux)
+ *
+ * Runs before Claude compacts context, giving you a chance to
+ * preserve important state that might get lost in summarization.
+ */
+
+const path = require('path');
+const {
+  getSessionsDir,
+  getDateTimeString,
+  getTimeString,
+  findFiles,
+  ensureDir,
+  appendFile,
+  log
+} = require('../lib/utils');
+
+async function main() {
+  const sessionsDir = getSessionsDir();
+  const compactionLog = path.join(sessionsDir, 'compaction-log.txt');
+
+  ensureDir(sessionsDir);
+
+  // Log compaction event with timestamp
+  const timestamp = getDateTimeString();
+  appendFile(compactionLog, `[${timestamp}] Context compaction triggered\n`);
+
+  // If there's an active session file, note the compaction
+  const sessions = findFiles(sessionsDir, '*-session.tmp');
+
+  if (sessions.length > 0) {
+    const activeSession = sessions[0].path;
+    const timeStr = getTimeString();
+    appendFile(activeSession, `\n---\n**[Compaction occurred at ${timeStr}]** - Context was summarized\n`);
+  }
+
+  log('[PreCompact] State saved before compaction');
+  process.exit(0);
+}
+
+main().catch(err => {
+  console.error('[PreCompact] Error:', err.message);
+  process.exit(0);
+});

package/scripts/hooks/pre-write-doc-warn.js

@@ -0,0 +1,9 @@
+#!/usr/bin/env node
+/**
+ * Backward-compatible doc warning hook entrypoint.
+ * Kept for consumers that still reference pre-write-doc-warn.js directly.
+ */
+
+'use strict';
+
+require('./doc-file-warning.js');

package/scripts/hooks/quality-gate.js

@@ -0,0 +1,168 @@
+#!/usr/bin/env node
+/**
+ * Quality Gate Hook
+ *
+ * Runs lightweight quality checks after file edits.
+ * - Targets one file when file_path is provided
+ * - Falls back to no-op when language/tooling is unavailable
+ *
+ * For JS/TS files with Biome, this hook is skipped because
+ * post-edit-format.js already runs `biome check --write`.
+ * This hook still handles .json/.md files for Biome, and all
+ * Prettier / Go / Python checks.
+ */
+
+'use strict';
+
+const fs = require('fs');
+const path = require('path');
+const { spawnSync } = require('child_process');
+
+const { findProjectRoot, detectFormatter, resolveFormatterBin } = require('../lib/resolve-formatter');
+
+const MAX_STDIN = 1024 * 1024;
+
+/**
+ * Execute a command synchronously, returning the spawnSync result.
+ *
+ * @param {string} command - Executable path or name
+ * @param {string[]} args - Arguments to pass
+ * @param {string} [cwd] - Working directory (defaults to process.cwd())
+ * @returns {import('child_process').SpawnSyncReturns<string>}
+ */
+function exec(command, args, cwd = process.cwd()) {
+  return spawnSync(command, args, {
+    cwd,
+    encoding: 'utf8',
+    env: process.env,
+    timeout: 15000
+  });
+}
+
+/**
+ * Write a message to stderr for logging.
+ *
+ * @param {string} msg - Message to log
+ */
+function log(msg) {
+  process.stderr.write(`${msg}\n`);
+}
+
+/**
+ * Run quality-gate checks for a single file based on its extension.
+ * Skips JS/TS files when Biome is configured (handled by post-edit-format).
+ *
+ * @param {string} filePath - Path to the edited file
+ */
+function maybeRunQualityGate(filePath) {
+  if (!filePath || !fs.existsSync(filePath)) {
+    return;
+  }
+
+  // Resolve to absolute path so projectRoot-relative comparisons work
+  filePath = path.resolve(filePath);
+
+  const ext = path.extname(filePath).toLowerCase();
+  const fix = String(process.env.ECC_QUALITY_GATE_FIX || '').toLowerCase() === 'true';
+  const strict = String(process.env.ECC_QUALITY_GATE_STRICT || '').toLowerCase() === 'true';
+
+  if (['.ts', '.tsx', '.js', '.jsx', '.json', '.md'].includes(ext)) {
+    const projectRoot = findProjectRoot(path.dirname(filePath));
+    const formatter = detectFormatter(projectRoot);
+
+    if (formatter === 'biome') {
+      // JS/TS already handled by post-edit-format via `biome check --write`
+      if (['.ts', '.tsx', '.js', '.jsx'].includes(ext)) {
+        return;
+      }
+
+      // .json / .md — still need quality gate
+      const resolved = resolveFormatterBin(projectRoot, 'biome');
+      if (!resolved) return;
+      const args = [...resolved.prefix, 'check', filePath];
+      if (fix) args.push('--write');
+      const result = exec(resolved.bin, args, projectRoot);
+      if (result.status !== 0 && strict) {
+        log(`[QualityGate] Biome check failed for ${filePath}`);
+      }
+      return;
+    }
+
+    if (formatter === 'prettier') {
+      const resolved = resolveFormatterBin(projectRoot, 'prettier');
+      if (!resolved) return;
+      const args = [...resolved.prefix, fix ? '--write' : '--check', filePath];
+      const result = exec(resolved.bin, args, projectRoot);
+      if (result.status !== 0 && strict) {
+        log(`[QualityGate] Prettier check failed for ${filePath}`);
+      }
+      return;
+    }
+
+    // No formatter configured — skip
+    return;
+  }
+
+  if (ext === '.go') {
+    if (fix) {
+      const r = exec('gofmt', ['-w', filePath]);
+      if (r.status !== 0 && strict) {
+        log(`[QualityGate] gofmt failed for ${filePath}`);
+      }
+    } else if (strict) {
+      const r = exec('gofmt', ['-l', filePath]);
+      if (r.status !== 0) {
+        log(`[QualityGate] gofmt failed for ${filePath}`);
+      } else if (r.stdout && r.stdout.trim()) {
+        log(`[QualityGate] gofmt check failed for ${filePath}`);
+      }
+    }
+    return;
+  }
+
+  if (ext === '.py') {
+    const args = ['format'];
+    if (!fix) args.push('--check');
+    args.push(filePath);
+    const r = exec('ruff', args);
+    if (r.status !== 0 && strict) {
+      log(`[QualityGate] Ruff check failed for ${filePath}`);
+    }
+  }
+}
+
+/**
+ * Core logic — exported so run-with-flags.js can call directly.
+ *
+ * @param {string} rawInput - Raw JSON string from stdin
+ * @returns {string} The original input (pass-through)
+ */
+function run(rawInput) {
+  try {
+    const input = JSON.parse(rawInput);
+    const filePath = String(input.tool_input?.file_path || '');
+    maybeRunQualityGate(filePath);
+  } catch {
+    // Ignore parse errors.
+  }
+  return rawInput;
+}
+
+// ── stdin entry point (backwards-compatible) ────────────────────
+if (require.main === module) {
+  let raw = '';
+  process.stdin.setEncoding('utf8');
+  process.stdin.on('data', chunk => {
+    if (raw.length < MAX_STDIN) {
+      const remaining = MAX_STDIN - raw.length;
+      raw += chunk.substring(0, remaining);
+    }
+  });
+
+  process.stdin.on('end', () => {
+    const result = run(raw);
+    process.stdout.write(result);
+  });
+}
+
+module.exports = { run };

package/scripts/hooks/run-with-flags-shell.sh

@@ -0,0 +1,32 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+HOOK_ID="${1:-}"
+REL_SCRIPT_PATH="${2:-}"
+PROFILES_CSV="${3:-standard,strict}"
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+PLUGIN_ROOT="${CLAUDE_PLUGIN_ROOT:-$(cd "${SCRIPT_DIR}/../.." && pwd)}"
+
+# Preserve stdin for passthrough or script execution
+INPUT="$(cat)"
+
+if [[ -z "$HOOK_ID" || -z "$REL_SCRIPT_PATH" ]]; then
+  printf '%s' "$INPUT"
+  exit 0
+fi
+
+# Ask Node helper if this hook is enabled
+ENABLED="$(node "${PLUGIN_ROOT}/scripts/hooks/check-hook-enabled.js" "$HOOK_ID" "$PROFILES_CSV" 2>/dev/null || echo yes)"
+if [[ "$ENABLED" != "yes" ]]; then
+  printf '%s' "$INPUT"
+  exit 0
+fi
+
+SCRIPT_PATH="${PLUGIN_ROOT}/${REL_SCRIPT_PATH}"
+if [[ ! -f "$SCRIPT_PATH" ]]; then
+  echo "[Hook] Script not found for ${HOOK_ID}: ${SCRIPT_PATH}" >&2
+  printf '%s' "$INPUT"
+  exit 0
+fi
+
+printf '%s' "$INPUT" | "$SCRIPT_PATH"

package/scripts/hooks/run-with-flags.js

@@ -0,0 +1,120 @@
+#!/usr/bin/env node
+/**
+ * Executes a hook script only when enabled by cc4pm hook profile flags.
+ *
+ * Usage:
+ *   node run-with-flags.js <hookId> <scriptRelativePath> [profilesCsv]
+ */
+
+'use strict';
+
+const fs = require('fs');
+const path = require('path');
+const { spawnSync } = require('child_process');
+const { isHookEnabled } = require('../lib/hook-flags');
+
+const MAX_STDIN = 1024 * 1024;
+
+function readStdinRaw() {
+  return new Promise(resolve => {
+    let raw = '';
+    process.stdin.setEncoding('utf8');
+    process.stdin.on('data', chunk => {
+      if (raw.length < MAX_STDIN) {
+        const remaining = MAX_STDIN - raw.length;
+        raw += chunk.substring(0, remaining);
+      }
+    });
+    process.stdin.on('end', () => resolve(raw));
+    process.stdin.on('error', () => resolve(raw));
+  });
+}
+
+function getPluginRoot() {
+  if (process.env.CLAUDE_PLUGIN_ROOT && process.env.CLAUDE_PLUGIN_ROOT.trim()) {
+    return process.env.CLAUDE_PLUGIN_ROOT;
+  }
+  return path.resolve(__dirname, '..', '..');
+}
+
+async function main() {
+  const [, , hookId, relScriptPath, profilesCsv] = process.argv;
+  const raw = await readStdinRaw();
+
+  if (!hookId || !relScriptPath) {
+    process.stdout.write(raw);
+    process.exit(0);
+  }
+
+  if (!isHookEnabled(hookId, { profiles: profilesCsv })) {
+    process.stdout.write(raw);
+    process.exit(0);
+  }
+
+  const pluginRoot = getPluginRoot();
+  const resolvedRoot = path.resolve(pluginRoot);
+  const scriptPath = path.resolve(pluginRoot, relScriptPath);
+
+  // Prevent path traversal outside the plugin root
+  if (!scriptPath.startsWith(resolvedRoot + path.sep)) {
+    process.stderr.write(`[Hook] Path traversal rejected for ${hookId}: ${scriptPath}\n`);
+    process.stdout.write(raw);
+    process.exit(0);
+  }
+
+  if (!fs.existsSync(scriptPath)) {
+    process.stderr.write(`[Hook] Script not found for ${hookId}: ${scriptPath}\n`);
+    process.stdout.write(raw);
+    process.exit(0);
+  }
+
+  // Prefer direct require() when the hook exports a run(rawInput) function.
+  // This eliminates one Node.js process spawn (~50-100ms savings per hook).
+  //
+  // SAFETY: Only require() hooks that export run(). Legacy hooks execute
+  // side effects at module scope (stdin listeners, process.exit, main() calls)
+  // which would interfere with the parent process or cause double execution.
+  let hookModule;
+  const src = fs.readFileSync(scriptPath, 'utf8');
+  const hasRunExport = /\bmodule\.exports\b/.test(src) && /\brun\b/.test(src);
+
+  if (hasRunExport) {
+    try {
+      hookModule = require(scriptPath);
+    } catch (requireErr) {
+      process.stderr.write(`[Hook] require() failed for ${hookId}: ${requireErr.message}\n`);
+      // Fall through to legacy spawnSync path
+    }
+  }
+
+  if (hookModule && typeof hookModule.run === 'function') {
+    try {
+      const output = hookModule.run(raw);
+      if (output !== null && output !== undefined) process.stdout.write(output);
+    } catch (runErr) {
+      process.stderr.write(`[Hook] run() error for ${hookId}: ${runErr.message}\n`);
+      process.stdout.write(raw);
+    }
+    process.exit(0);
+  }
+
+  // Legacy path: spawn a child Node process for hooks without run() export
+  const result = spawnSync('node', [scriptPath], {
+    input: raw,
+    encoding: 'utf8',
+    env: process.env,
+    cwd: process.cwd(),
+    timeout: 30000
+  });
+
+  if (result.stdout) process.stdout.write(result.stdout);
+  if (result.stderr) process.stderr.write(result.stderr);
+
+  const code = Number.isInteger(result.status) ? result.status : 0;
+  process.exit(code);
+}
+
+main().catch(err => {
+  process.stderr.write(`[Hook] run-with-flags error: ${err.message}\n`);
+  process.exit(0);
+});

package/scripts/hooks/session-end-marker.js

@@ -0,0 +1,15 @@
+#!/usr/bin/env node
+'use strict';
+
+const MAX_STDIN = 1024 * 1024;
+let raw = '';
+process.stdin.setEncoding('utf8');
+process.stdin.on('data', chunk => {
+  if (raw.length < MAX_STDIN) {
+    const remaining = MAX_STDIN - raw.length;
+    raw += chunk.substring(0, remaining);
+  }
+});
+process.stdin.on('end', () => {
+  process.stdout.write(raw);
+});