cclaw-cli 6.6.0 → 6.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (34) hide show
  1. package/dist/artifact-linter/findings-dedup.d.ts +56 -0
  2. package/dist/artifact-linter/findings-dedup.js +232 -0
  3. package/dist/artifact-linter/plan.js +3 -2
  4. package/dist/artifact-linter/shared.d.ts +49 -0
  5. package/dist/artifact-linter/shared.js +35 -0
  6. package/dist/artifact-linter.d.ts +1 -1
  7. package/dist/artifact-linter.js +45 -3
  8. package/dist/content/hooks.js +36 -1
  9. package/dist/content/node-hooks.js +43 -0
  10. package/dist/content/skills-elicitation.js +3 -6
  11. package/dist/content/skills.js +1 -1
  12. package/dist/content/stages/brainstorm.js +4 -4
  13. package/dist/content/stages/scope.js +2 -2
  14. package/dist/content/templates.js +3 -2
  15. package/dist/delegation.d.ts +9 -0
  16. package/dist/delegation.js +3 -0
  17. package/dist/internal/advance-stage/advance.js +23 -1
  18. package/dist/internal/advance-stage/parsers.d.ts +8 -0
  19. package/dist/internal/advance-stage/parsers.js +7 -0
  20. package/dist/internal/advance-stage/proactive-delegation-trace.d.ts +3 -0
  21. package/dist/internal/advance-stage/proactive-delegation-trace.js +8 -1
  22. package/dist/internal/advance-stage/rewind.js +2 -2
  23. package/dist/internal/advance-stage/start-flow.js +4 -1
  24. package/dist/internal/advance-stage.js +32 -2
  25. package/dist/internal/flow-state-repair.d.ts +13 -0
  26. package/dist/internal/flow-state-repair.js +65 -0
  27. package/dist/internal/waiver-grant.d.ts +62 -0
  28. package/dist/internal/waiver-grant.js +294 -0
  29. package/dist/run-persistence.d.ts +70 -0
  30. package/dist/run-persistence.js +215 -3
  31. package/dist/runs.d.ts +1 -1
  32. package/dist/runs.js +1 -1
  33. package/dist/runtime/run-hook.mjs +43 -0
  34. package/package.json +1 -1
package/dist/runtime/run-hook.mjs CHANGED
@@ -7573,12 +7573,14 @@ function nodeHookRuntimeScript(options = {}) {
7573
7573
  const defaultDisabledHooks = [];
7574
7574
  const cliRuntime = resolveCliRuntimeForGeneratedHook();
7575
7575
  return `#!/usr/bin/env node
7576
+ import { createHash } from "node:crypto";
7576
7577
  import fs from "node:fs/promises";
7577
7578
  import path from "node:path";
7578
7579
  import process from "node:process";
7579
7580
  import { spawn } from "node:child_process";
7580
7581
 
7581
7582
  const RUNTIME_ROOT = ${JSON.stringify(RUNTIME_ROOT)};
7583
+ const FLOW_STATE_GUARD_REL_PATH = RUNTIME_ROOT + "/.flow-state.guard.json";
7582
7584
  // Single strictness default, derived from config.strictness at install time.
7583
7585
  // \`CCLAW_STRICTNESS\` env var overrides for the current process. All guards
7584
7586
  // (prompt, workflow, TDD, iron-laws) route through \`resolveStrictness()\`.
@@ -8541,6 +8543,40 @@ function extractCodePathsFromText(value) {
8541
8543
  return out;
8542
8544
  }
8543
8545
 
8546
+ async function verifyFlowStateGuardInline(root, hookName) {
8547
+ const statePath = path.join(root, RUNTIME_ROOT, "state", "flow-state.json");
8548
+ const guardPath = path.join(root, FLOW_STATE_GUARD_REL_PATH);
8549
+ let raw;
8550
+ try {
8551
+ raw = await fs.readFile(statePath, "utf8");
8552
+ } catch {
8553
+ return true;
8554
+ }
8555
+ let guard;
8556
+ try {
8557
+ const guardRaw = await fs.readFile(guardPath, "utf8");
8558
+ guard = JSON.parse(guardRaw);
8559
+ } catch {
8560
+ return true;
8561
+ }
8562
+ if (!guard || typeof guard !== "object" || typeof guard.sha256 !== "string") {
8563
+ return true;
8564
+ }
8565
+ const actual = createHash("sha256").update(raw, "utf8").digest("hex");
8566
+ if (actual === guard.sha256) return true;
8567
+ const hookLabel = typeof hookName === "string" && hookName.length > 0 ? hookName : "hook";
8568
+ process.stderr.write(
8569
+ "[cclaw] " + hookLabel + ": flow-state guard mismatch: " + (guard.runId || "unknown-run") + "\\n" +
8570
+ "expected sha: " + guard.sha256 + "\\n" +
8571
+ "actual sha: " + actual + "\\n" +
8572
+ "last writer: " + (guard.writerSubsystem || "unknown") + "@" + (guard.writtenAt || "unknown") + "\\n" +
8573
+ "do not edit flow-state.json by hand. To recover, run:\\n" +
8574
+ " cclaw-cli internal flow-state-repair --reason \\"manual_edit_recovery\\"\\n"
8575
+ );
8576
+ await recordHookError(root, hookLabel, "flow-state guard mismatch actual=" + actual + " expected=" + guard.sha256).catch(() => undefined);
8577
+ return false;
8578
+ }
8579
+
8544
8580
  async function readFlowState(root) {
8545
8581
  const statePath = path.join(root, RUNTIME_ROOT, "state", "flow-state.json");
8546
8582
  // Loud-on-corrupt: if flow-state.json exists but fails JSON.parse, log
@@ -9634,6 +9670,13 @@ async function main() {
9634
9670
  };
9635
9671
 
9636
9672
  try {
9673
+ if (hookName === "session-start" || hookName === "stop-handoff") {
9674
+ const guardOk = await verifyFlowStateGuardInline(runtime.root, hookName);
9675
+ if (!guardOk) {
9676
+ process.exitCode = 2;
9677
+ return;
9678
+ }
9679
+ }
9637
9680
  if (hookName === "session-start") {
9638
9681
  process.exitCode = await handleSessionStart(runtime);
9639
9682
  return;
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "cclaw-cli",
3
- "version": "6.6.0",
3
+ "version": "6.7.0",
4
4
  "description": "Installer-first flow toolkit for coding agents",
5
5
  "type": "module",
6
6
  "bin": {