claude-rpc 0.16.2 → 0.17.1

package/src/daemon.js

@@ -1,8 +1,9 @@
 #!/usr/bin/env node
-import { writeFileSync, existsSync, unlinkSync, watch, appendFileSync, mkdirSync, statSync, renameSync } from 'node:fs';
+import { writeFileSync, readFileSync, existsSync, unlinkSync, watch, appendFileSync, mkdirSync, statSync, renameSync } from 'node:fs';
 import { basename, dirname } from 'node:path';
 import { Client } from './discord-ipc.js';
-import { readState } from './state.js';
+import { readState, sweepStaleStateTmp } from './state.js';
+import { makeRotationCursor, pickFrames, selectFrame, resolveLargeImageKey, shouldShowGithubButton } from './presence.js';
 import { buildVars, fillTemplate, framePasses, applyIdle, applyShipped, applyTrigger } from './format.js';
 import { scan, readAggregate, findLiveSessions, readSessionTokens } from './scanner.js';
 import { detectGithubUrl } from './git.js';
@@ -10,7 +11,7 @@ import { applyPrivacy } from './privacy.js';
 import { pauseUntil } from './pause.js';
 import { loadConfig } from './config.js';
 import { migrateConfig } from './install.js';
-import { desktopNotify, postWebhook, shouldWebhook, shouldNotify } from './notify.js';
+import { desktopNotify, postWebhook, shouldWebhook, shouldNotify, sanitizeLabel } from './notify.js';
 import { humanProject } from './format.js';
 import { CONFIG_PATH, STATE_PATH, PID_PATH, LOG_PATH, STATE_DIR, AGGREGATE_PATH, PAUSE_PATH } from './paths.js';
 import { readUsageCache, pollUsage } from './usage.js';
@@ -90,54 +91,42 @@ let reconnectTimer = null;
 const RECONNECT_BASE_MS = 5_000;
 const RECONNECT_CAP_MS  = 300_000;
 let reconnectDelayMs    = RECONNECT_BASE_MS;
-let rotationIndex = 0;
-let lastRotationAt = 0;
+// Rotation cursor (index + lastAt + status). selectFrame in presence.js resets
+// it on a status transition — otherwise the cursor carries over from idle's
+// 12-frame rotation into a single-frame working state and back, producing a
+// jarring "blank tick" until modulo aligns.
+const rotationCursor = makeRotationCursor();
 // Stabilizes Discord's elapsed timer: applyIdle can synthesize a sessionStart
 // from a moving transcript mtime, and missing-hook scenarios leave it null —
 // either case would make startTimestamp jump on every rotation.
 let effectiveSessionStart = null;
-// Track which status the rotation cursor belongs to so we can reset it cleanly
-// on a status transition — otherwise the cursor carries over from idle's
-// 7-frame rotation into a single-frame working state and back, producing a
-// jarring "blank tick" until modulo aligns.
-let rotationStatus = null;
 
+// Single-instance guard. The CLI checks before spawning, but off-path launches
+// (a login-startup entry racing a manual start; a packaged exe beside a dev
+// run) could start a second daemon that fights over setActivity every ~4s and
+// double-counts the additive community total. If a live daemon already owns the
+// PID file, step aside; a stale PID (owner gone) means take over.
+try {
+  if (existsSync(PID_PATH)) {
+    const existing = parseInt(readFileSync(PID_PATH, 'utf8'), 10);
+    if (existing && existing !== process.pid) {
+      let alive = false;
+      try { process.kill(existing, 0); alive = true; } catch { /* stale PID — take over */ }
+      if (alive) {
+        log(`Another daemon (pid ${existing}) is already running — exiting.`);
+        process.exit(0);
+      }
+    }
+  }
+} catch { /* unreadable PID file — fall through and claim it */ }
 writeFileSync(PID_PATH, String(process.pid));
 
-function maybeAdvanceRotation(rotation, intervalMs) {
-  if (!Array.isArray(rotation) || rotation.length === 0) return undefined;
-  if (rotation.length === 1) return rotation[0];
-  const now = Date.now();
-  if (now - lastRotationAt >= intervalMs) {
-    rotationIndex = (rotationIndex + 1) % rotation.length;
-    lastRotationAt = now;
-  }
-  return rotation[rotationIndex % rotation.length];
-}
+// Reclaim any per-pid state tmp files orphaned by a hard-killed writer.
+sweepStaleStateTmp();
 
-// Choose frames + a status-level largeImageText override based on the new
-// `presence.byStatus` block when present. Falls back to legacy `p.rotation`
-// (which still works for any existing user config that doesn't use byStatus).
-//
-// Returns { frames, largeImageTextTpl }. A byStatus entry can be:
-//   { details, state, largeImageText, rotation? }
-// If `rotation` is present, the base { details, state } is rendered first
-// and the rotation array cycles after it. Otherwise the entry is a single
-// fixed frame.
-function pickFrames(p, status) {
-  const sb = p.byStatus?.[status];
-  if (sb) {
-    const base = { details: sb.details, state: sb.state, largeImageText: sb.largeImageText };
-    const frames = Array.isArray(sb.rotation) && sb.rotation.length
-      ? [base, ...sb.rotation]
-      : [base];
-    return { frames, largeImageTextTpl: sb.largeImageText || null };
-  }
-  if (Array.isArray(p.rotation) && p.rotation.length) {
-    return { frames: p.rotation, largeImageTextTpl: null };
-  }
-  return { frames: [{ details: p.details, state: p.state }], largeImageTextTpl: null };
-}
+// pickFrames / selectFrame / resolveLargeImageKey now live in presence.js (pure
+// + unit-tested). The rotation cursor (rotationCursor) is owned here and passed
+// into selectFrame.
 
 // Resolve the raw state file into the final presence state: idle/stale, shipped
 // and trigger overlays, live-session token enrichment, and the privacy verdict.
@@ -202,18 +191,10 @@ function buildActivity(opts = {}) {
   } else {
     ({ frames: rawFrames, largeImageTextTpl: statusLIT } = pickFrames(p, state.status));
   }
-  if (state.status !== rotationStatus) {
-    rotationIndex = 0;
-    lastRotationAt = 0;
-    rotationStatus = state.status;
-  }
-
-  // Drop frames whose `requires` vars are empty/zero. Keeps presence tight.
-  const frames = rawFrames.filter((f) => framePasses(f, vars));
-  const safeFrames = frames.length ? frames : rawFrames.slice(0, 1);
-
+  // Select the frame for this tick: filter by `requires`, reset the cursor on a
+  // status change (starting on the base frame), advance once per intervalMs.
   const intervalMs = Math.max(5000, config.rotationIntervalMs || 12000);
-  const frame = maybeAdvanceRotation(safeFrames, intervalMs) || {};
+  const frame = selectFrame(rawFrames, vars, state.status, rotationCursor, intervalMs, framePasses, Date.now());
 
   const activity = {};
   // Forcing `name` overrides whatever Discord has cached for the app's
@@ -223,28 +204,10 @@ function buildActivity(opts = {}) {
   if (frame.details) activity.details = fillTemplate(frame.details, vars).slice(0, 128);
   if (frame.state) activity.state = fillTemplate(frame.state, vars).slice(0, 128);
 
-  // ── Large-image precedence (single source of truth) ────────────────
-  //   1. statusAssets[status]      "working" gif when working, etc.
-  //   2. modelAssets[opus|sonnet|haiku|default]
-  //                                  per-model art (Opus/Sonnet/Haiku),
-  //                                  only consulted when statusAssets
-  //                                  doesn't match AND state isn't stale.
-  //   3. presence.largeImageKey    global fallback.
-  // smallImageKey separately resolves to the `{statusIcon}` template var
-  // (set via config.statusIcons) and is dropped entirely when empty.
-  let largeKeyTpl = p.largeImageKey;
-  if (config.statusAssets && config.statusAssets[state.status]) {
-    largeKeyTpl = config.statusAssets[state.status];
-  } else if (config.modelAssets && state.model && state.status !== 'stale') {
-    const m = String(state.model).toLowerCase();
-    let pick = null;
-    if (m.includes('fable'))       pick = config.modelAssets.fable;
-    else if (m.includes('opus'))   pick = config.modelAssets.opus;
-    else if (m.includes('sonnet')) pick = config.modelAssets.sonnet;
-    else if (m.includes('haiku'))  pick = config.modelAssets.haiku;
-    if (!pick) pick = config.modelAssets.default;
-    if (pick) largeKeyTpl = pick;
-  }
+  // Large-image precedence (statusAssets[status] > modelAssets[tier] > global)
+  // lives in presence.js/resolveLargeImageKey. smallImageKey separately resolves
+  // to the `{statusIcon}` template var (config.statusIcons), dropped when empty.
+  const largeKeyTpl = resolveLargeImageKey(config, p, state.status, state.model);
   if (largeKeyTpl) activity.largeImageKey = fillTemplate(largeKeyTpl, vars);
   // largeImageText precedence: per-frame override > byStatus entry > global default.
   const largeTextTpl = frame.largeImageText || statusLIT || p.largeImageText;
@@ -275,12 +238,12 @@ function buildActivity(opts = {}) {
   if (typeof config.activityType === 'number') activity.type = config.activityType;
 
   // Buttons: static configured set, optionally augmented with a per-project
-  // GitHub button when the current cwd has a github origin. Privacy mode
-  // suppresses the GitHub button entirely (else clicking it leaks the
-  // project name we're trying to hide).
-  const isPrivacyConstrained = state._privacy && state._privacy.visibility !== 'public';
+  // GitHub button when the current cwd has a github origin. Suppressed under any
+  // non-public privacy verdict (else the link leaks the project we're hiding),
+  // while stale, and when presence.githubButton is set to false (the explicit
+  // off switch — works even without the gh CLI that private-repo detection needs).
   const buttons = Array.isArray(p.buttons) ? p.buttons.slice() : [];
-  const gh = (!isPrivacyConstrained && state.status !== 'stale') ? detectGithubUrl(state.cwd) : null;
+  const gh = shouldShowGithubButton(p, state) ? detectGithubUrl(state.cwd) : null;
   if (gh && !buttons.some((b) => /github\.com/i.test(b.url || ''))) {
     buttons.unshift({ label: 'View on GitHub →', url: gh });
   }
@@ -304,13 +267,20 @@ function buildActivity(opts = {}) {
 }
 
 // Fire desktop-notification + webhook on a status transition (once per change).
-function fireStatusSideEffects(resolved) {
+// When `suppressed` (paused / privacy=hidden), we still advance the transition
+// cursor — so resume doesn't replay a stale notification — but stay silent, or
+// the webhook/toast would leak the project name and defeat the snooze.
+function fireStatusSideEffects(resolved, suppressed = false) {
   const status = resolved.status;
   if (status === lastNotifiedStatus) return;
   const prev = lastNotifiedStatus;
   lastNotifiedStatus = status;
+  if (suppressed) return;
   try {
-    const project = humanProject(resolved.cwd) || 'Claude Code';
+    // Sanitize the cwd-derived project name before it reaches a notifier or
+    // webhook — see sanitizeLabel (closes a win32 PowerShell injection via a
+    // maliciously-named directory).
+    const project = sanitizeLabel(humanProject(resolved.cwd)) || 'Claude Code';
     if (shouldNotify(config.notify, prev, status)) {
       desktopNotify('Claude Code needs you', `Waiting on you in ${project}`);
       log(`desktop notification raised (status=${status})`);
@@ -338,17 +308,21 @@ async function pushPresence() {
     // for the decision and the frame to disagree.
     const resolved = resolvePresence();
 
-    // Outbound side-effects on a status TRANSITION (fire once per change):
-    // a desktop notification when Claude needs you, and an opt-in webhook POST.
-    fireStatusSideEffects(resolved);
-
     const hideWhenStale = config.hideWhenStale !== false;
     const privacyHidden = resolved._privacy?.visibility === 'hidden';
     // Global snooze (`claude-rpc pause`) — clears the card while the deadline
     // is in the future. Re-checked every tick, so expiry resumes presence
     // automatically (the 'cleared' stamp differs from the next frame's hash).
     const pausedUntil = pauseUntil();
-    if ((resolved.status === 'stale' && hideWhenStale) || privacyHidden || pausedUntil) {
+    const suppressed = privacyHidden || !!pausedUntil || (resolved.status === 'stale' && hideWhenStale);
+
+    // Outbound side-effects on a status TRANSITION (fire once per change): a
+    // desktop notification when Claude needs you, and an opt-in webhook POST.
+    // Suppressed while paused / privacy=hidden — those snooze the card, and a
+    // toast or webhook leaking the project name would defeat that.
+    fireStatusSideEffects(resolved, suppressed);
+
+    if (suppressed) {
       const stamp = 'cleared';
       if (lastPayloadHash === stamp) return;
       lastPayloadHash = stamp;

package/src/default-config.js

@@ -204,6 +204,12 @@ export const DEFAULT_CONFIG = {
       },
     },
 
+    // Auto-prepend a "View on GitHub →" button when the cwd is a github repo.
+    // Set false to never show it — the privacy-safe off switch for machines
+    // without the `gh` CLI, where private repos can't be auto-detected and would
+    // otherwise have their link appear on the card.
+    githubButton: true,
+
     buttons: [
       // The card others see in Discord is the project's main distribution
       // surface — make the button a real call-to-action, not a bare repo link.

package/src/doctor.js

@@ -15,7 +15,8 @@ import {
   CLAUDE_HOME, CLAUDE_PROJECTS, CLAUDE_SETTINGS,
 } from './paths.js';
 import { findLiveSessions } from './scanner.js';
-import { resolveVisibility, listPrivateCwds } from './privacy.js';
+import { detectGithubUrl } from './git.js';
+import { resolveVisibility, listPrivateCwds, detectGithubPrivate } from './privacy.js';
 import { readClaudeCredentials, readUsageCache } from './usage.js';
 import { c, check as uiCheck } from './ui.js';
 
@@ -330,6 +331,18 @@ function checkPrivacy(cfg) {
     } else {
       check('private-list entries', 'pass', 'none');
     }
+    // Private-repo guard. The "View on GitHub →" button URL is read from
+    // .git/config (no gh needed), but auto-hiding a PRIVATE repo needs the gh
+    // CLI. On a github repo here where the button would show (public verdict,
+    // button enabled) and gh can't answer, a private repo's link could leak.
+    const ghUrl = detectGithubUrl(cwd);
+    if (ghUrl && visibility === 'public' && cfg?.presence?.githubButton !== false
+        && cfg?.privacy?.autoDetectGithubPrivate !== false
+        && detectGithubPrivate(cwd) === null) {
+      check('private-repo guard', 'warn',
+        'gh CLI unavailable — a private repo here can\'t be auto-detected, so its GitHub link may appear on the card',
+        'run `gh auth login`, set presence.githubButton:false, or `claude-rpc private` in private repos');
+    }
   } catch (e) {
     check('privacy check', 'warn', `lookup failed: ${e.message}`);
   }
@@ -366,8 +379,13 @@ function checkUsage(cfg) {
   }
   const u = readUsageCache();
   if (u) {
-    check('usage polling', 'pass',
-      `week ${u.weeklyPct}% · session ${u.sessionPct}% · fetched ${Math.max(0, Math.round((Date.now() - u.fetchedAt) / 60_000))} min ago`);
+    // Either bucket can be null (they come and go between Claude Code
+    // releases); interpolating both unconditionally printed a literal `null%`.
+    const parts = [];
+    if (u.weeklyPct != null) parts.push(`week ${u.weeklyPct}%`);
+    if (u.sessionPct != null) parts.push(`session ${u.sessionPct}%`);
+    parts.push(`fetched ${Math.max(0, Math.round((Date.now() - u.fetchedAt) / 60_000))} min ago`);
+    check('usage polling', 'pass', parts.join(' · '));
   } else {
     check('usage polling', 'warn', 'no fresh usage data yet',
       'the daemon polls every 10 min while a session is live — or run `claude-rpc usage` for a live fetch');

package/src/format.js

@@ -450,6 +450,7 @@ export function buildVars(state, config, aggregate) {
   if (usage) {
     const bits = [];
     if (usage.sessionPct != null) bits.push(`session ${usage.sessionPct}%`);
+    if (usage.weeklyPct != null) bits.push(`weekly ${usage.weeklyPct}%`);
     const day = fmtResetDay(usage.weeklyResetsAt);
     if (day) bits.push(`resets ${day}`);
     usageStateLabel = bits.join(' · ');
@@ -803,6 +804,29 @@ function staleWipe(state) {
   };
 }
 
+// A live transcript is being written by a session whose hooks don't feed THIS
+// daemon (a sibling, or a session that out-lived a SessionEnd). The user IS
+// working — adopt the most-recent live session as our 'working' context, zeroing
+// the old session's hook-derived counters since they belong to the quiet one.
+function borrowLiveSession(state, liveSessions, now) {
+  const recent = liveSessions[0] || {};
+  return {
+    ...state,
+    status: 'working',
+    cwd: recent.cwd || state.cwd || '',
+    sessionStart: recent.mtime || now,
+    lastActivity: recent.mtime || now,
+    currentTool: null,
+    currentFile: null,
+    messages: 0,
+    tools: 0,
+    filesOpened: [],
+    filesEdited: [],
+    filesRead: [],
+    tokens: { input: 0, output: 0, cacheRead: 0, cacheWrite: 0 },
+  };
+}
+
 // Apply idle/stale transitions based on lastActivity age. Used by both daemon
 // and the `preview` CLI command so they agree.
 //
@@ -826,10 +850,28 @@ export function applyIdle(state, cfg = {}) {
   // backstop (keeps the card up through short pauses with the terminal open).
   const idleWhenOpen = cfg.idleWhenOpen === true;
 
-  // Authoritative close signal from the SessionEnd hook — trust it instead
-  // of waiting on staleSessionMin. Any other hook clears the flag, so a
-  // sibling session staying alive will reset us out of this branch.
-  if (state.claudeClosed) return staleWipe(state);
+  // Most-recent disk-level activity across ALL transcripts we can see. Computed
+  // before the close check so it can defer to a live sibling.
+  const mostRecentLiveMs = liveSessions.length
+    ? Math.max(...liveSessions.map((s) => s.mtime || 0))
+    : 0;
+  const liveAgeMs = mostRecentLiveMs ? now - mostRecentLiveMs : Infinity;
+
+  // Authoritative close signal from the SessionEnd hook — trust it instead of
+  // waiting on staleSessionMin. BUT state.json is global: a SessionEnd from ONE
+  // session must not blank the card while a SIBLING is mid-work. A sibling is
+  // alive iff a live transcript in a DIFFERENT cwd than the one that just closed
+  // (still in state.cwd) is fresh — adopt it. The just-closed session's own
+  // transcript is briefly still fresh, so it must NOT keep the card up; anything
+  // but a distinct live sibling wipes. (A's next hook also clears the flag.)
+  //
+  // Known limitation: the inverse — B's SessionStart resetState briefly showing
+  // idle over A's work — isn't fully fixed here (the hook can't see live
+  // transcripts); it self-heals on A's next hook. See MEMORY/SECURITY notes.
+  if (state.claudeClosed) {
+    const sibling = liveSessions.find((s) => s.cwd && s.cwd !== state.cwd && now - (s.mtime || 0) <= staleMs);
+    return sibling ? borrowLiveSession(state, [sibling], now) : staleWipe(state);
+  }
 
   // Notification is a brief status — hold it for ~8s after the hook fires,
   // then fall through to normal idle/stale processing.
@@ -839,12 +881,6 @@ export function applyIdle(state, cfg = {}) {
     state = { ...state, status: 'idle' };
   }
 
-  // Most-recent disk-level activity across ALL transcripts we can see.
-  const mostRecentLiveMs = liveSessions.length
-    ? Math.max(...liveSessions.map((s) => s.mtime || 0))
-    : 0;
-  const liveAgeMs = mostRecentLiveMs ? now - mostRecentLiveMs : Infinity;
-
   // Truly dormant: no live transcripts AND local state is old → stale.
   if (ageMs > staleMs && liveAgeMs > staleMs) return staleWipe(state);
 
@@ -852,23 +888,7 @@ export function applyIdle(state, cfg = {}) {
   // Borrow the most-recent live session as our "active" context, since the
   // user clearly IS working — just not in a session whose hooks feed us.
   if (ageMs > staleMs && liveAgeMs <= staleMs) {
-    const recent = liveSessions[0] || {};
-    return {
-      ...state,
-      status: 'working',
-      cwd: recent.cwd || state.cwd || '',
-      sessionStart: recent.mtime || now,
-      lastActivity: recent.mtime || now,
-      // Hook-derived per-session counters belong to the OLD session — zero them.
-      currentTool: null,
-      currentFile: null,
-      messages: 0,
-      tools: 0,
-      filesOpened: [],
-      filesEdited: [],
-      filesRead: [],
-      tokens: { input: 0, output: 0, cacheRead: 0, cacheWrite: 0 },
-    };
+    return borrowLiveSession(state, liveSessions, now);
   }
 
   // Local state is fresh.

package/src/gist.js

@@ -17,6 +17,25 @@ import { writeFileSync, mkdtempSync, rmSync } from 'node:fs';
 import { tmpdir } from 'node:os';
 import { join } from 'node:path';
 
+// `gh` on Windows is gh.cmd/gh.exe — a bare 'gh' spawn (no shell) won't resolve
+// the extension, so detection and publish silently fell through to the REST
+// path (which then needs GH_TOKEN). Run via the shell on win32 so PATHEXT
+// resolves it. shell:true does NOT auto-quote, and our args include a
+// space-bearing --desc, so quote anything with whitespace/quotes ourselves.
+const WIN = process.platform === 'win32';
+function ghQuote(a) {
+  return /[\s"]/.test(a) ? `"${String(a).replace(/"/g, '""')}"` : a;
+}
+function gh(args, opts = {}) {
+  return WIN
+    ? spawnSync('gh', args.map(ghQuote), { ...opts, shell: true })
+    : spawnSync('gh', args, opts);
+}
+
+// Bare fetch has no total timeout; a stalled GitHub endpoint would hang the
+// publish forever. 10s is plenty for a gist round-trip.
+const FETCH_TIMEOUT_MS = 10_000;
+
 // Extract { owner, id } from a "https://gist.github.com/<user>/<hash>"
 // URL. Returns null on no match — callers throw with the raw output so
 // debugging an unparseable gh response is straightforward.
@@ -43,7 +62,7 @@ export function gistMarkdown({ owner, id, filename, label = 'Claude' }) {
 
 export function hasGh() {
   try {
-    const r = spawnSync('gh', ['--version'], { stdio: 'ignore' });
+    const r = gh(['--version'], { stdio: 'ignore' });
     return r.status === 0;
   } catch {
     // gh missing entirely → spawn throws on some platforms instead of
@@ -55,7 +74,7 @@ export function hasGh() {
 function ghCreate(filePath, description, isPublic) {
   const args = ['gist', 'create', filePath, '--desc', description];
   if (isPublic) args.push('--public');
-  const r = spawnSync('gh', args, { encoding: 'utf8' });
+  const r = gh(args, { encoding: 'utf8' });
   if (r.status !== 0) {
     throw new Error(`gh gist create failed: ${(r.stderr || r.stdout || '').trim()}`);
   }
@@ -69,7 +88,7 @@ function ghCreate(filePath, description, isPublic) {
 }
 
 function ghEdit(gistId, filePath) {
-  const r = spawnSync('gh', ['gist', 'edit', gistId, filePath], { encoding: 'utf8' });
+  const r = gh(['gist', 'edit', gistId, filePath], { encoding: 'utf8' });
   if (r.status !== 0) {
     throw new Error(`gh gist edit failed: ${(r.stderr || r.stdout || '').trim()}`);
   }
@@ -89,6 +108,7 @@ async function restCreate({ svg, filename, description, isPublic, token }) {
       public: !!isPublic,
       files: { [filename]: { content: svg } },
     }),
+    signal: AbortSignal.timeout(FETCH_TIMEOUT_MS),
   });
   if (!res.ok) {
     const body = await res.text().catch(() => '');
@@ -108,6 +128,7 @@ async function restEdit({ svg, filename, gistId, token }) {
       'Content-Type': 'application/json',
     },
     body: JSON.stringify({ files: { [filename]: { content: svg } } }),
+    signal: AbortSignal.timeout(FETCH_TIMEOUT_MS),
   });
   if (!res.ok) {
     const body = await res.text().catch(() => '');

package/src/git.js

@@ -60,7 +60,16 @@ function readGitInfo(cwd) {
   // origin URL → github URL + repo name.
   try {
     const cfg = readFileSync(join(commonGitDir(gitDir), 'config'), 'utf8');
-    const m = cfg.match(/\[remote\s+"origin"\][^[]*?url\s*=\s*([^\r\n]+)/i);
+    // Isolate the [remote "origin"] section (everything up to the next section
+    // header) and read its url= line. The old single regex used `[^[]*?`
+    // between the header and url=, so any stray `[` in between — e.g. a
+    // bracketed comment above the url — aborted the match and silently dropped
+    // GitHub detection.
+    const oi = cfg.search(/\[remote\s+"origin"\]/i);
+    const rest = oi === -1 ? '' : cfg.slice(oi);
+    const nextSec = rest ? rest.slice(1).search(/\n[ \t]*\[/) : -1;
+    const section = nextSec === -1 ? rest : rest.slice(0, nextSec + 1);
+    const m = section.match(/^[ \t]*url\s*=\s*(.+)$/mi);
     if (m) {
       const raw = m[1].trim();
       const ssh = raw.match(/^git@github\.com:([^\s]+?)(?:\.git)?$/i);

package/src/hook.js

@@ -36,6 +36,21 @@ function gitSubcommand(args) {
   return null;
 }
 
+// First two gh positionals (noun, verb), skipping global flags so the canonical
+// targeted form `gh -R owner/repo pr create` still classifies. -R/--repo take a
+// value; other globals here don't precede a create, so skipping the rest is safe.
+function ghSubcommand(args) {
+  const pos = [];
+  for (let i = 0; i < args.length; i++) {
+    const a = args[i];
+    if (a === '-R' || a === '--repo') { i++; continue; } // flag that takes a value
+    if (a.startsWith('-')) continue;
+    pos.push(a.toLowerCase());
+    if (pos.length === 2) break;
+  }
+  return { noun: pos[0], verb: pos[1] };
+}
+
 function shipKindForSegment(seg) {
   const toks = tokenizeSegment(seg);
   if (!toks.length) return null;
@@ -44,9 +59,10 @@ function shipKindForSegment(seg) {
     if (sub === 'push') return 'push';
     if (sub === 'commit') return 'commit';
   } else if (toks[0] === 'gh') {
-    if (toks[1] === 'pr' && toks[2] === 'create') return 'pr';
-    if (toks[1] === 'issue' && toks[2] === 'create') return 'issue';
-    if (toks[1] === 'release' && toks[2] === 'create') return 'tag';
+    const { noun, verb } = ghSubcommand(toks.slice(1));
+    if (noun === 'pr' && verb === 'create') return 'pr';
+    if (noun === 'issue' && verb === 'create') return 'issue';
+    if (noun === 'release' && verb === 'create') return 'tag';
   }
   return null;
 }
@@ -211,13 +227,10 @@ export function processHookEvent(event, input = {}) {
           s.justShippedSubject = shipSubject;
           s.justShippedBranch = shipBranch;
         }
-        const usage = input.tool_response?.usage || input.usage;
-        if (usage) {
-          s.tokens.input += usage.input_tokens || 0;
-          s.tokens.output += usage.output_tokens || 0;
-          s.tokens.cacheRead += usage.cache_read_input_tokens || 0;
-          s.tokens.cacheWrite += usage.cache_creation_input_tokens || 0;
-        }
+        // NOTE: PostToolUse tool_response carries no model usage, so this
+        // never fired (the daemon overrides state.tokens from the transcript —
+        // the documented single source of truth). Removed to kill a latent
+        // double-count if a future Claude Code version did attach usage here.
         return s;
       });
       break;
@@ -255,20 +268,9 @@ export function processHookEvent(event, input = {}) {
       appendEvent({ type: 'precompact', ts: now, trigger: input.trigger || input.matcher || null, cwd: input.cwd || null });
       break;
     }
-    case 'PostCompact': {
-      // Compaction finished — clear the marker and drop to idle. The next
-      // hook (UserPromptSubmit / PreToolUse) will set the real next state.
-      updateState((s) => {
-        s.status = 'idle';
-        s.compactStartedAt = null;
-        s.compactTrigger = null;
-        s.lastActivity = now;
-        s.claudeClosed = false;
-        return s;
-      });
-      appendEvent({ type: 'postcompact', ts: now, cwd: input.cwd || null });
-      break;
-    }
+    // No PostCompact case: Claude Code has no such event. Post-compaction
+    // arrives as SessionStart (source:'compact'), whose resetState clears the
+    // compacting marker — so the `compacting` state ends without a handler.
     case 'SessionEnd': {
       // Authoritative "Claude Code is gone" signal — don't wait on the
       // staleSessionMin timeout. applyIdle short-circuits to stale when it
@@ -293,9 +295,17 @@ export function processHookEvent(event, input = {}) {
 }
 
 // Stdin-driven CLI form: read JSON event payload from stdin, dispatch, ack.
+// The `{continue:true}` ack is a documented contract (SECURITY.md) — Claude
+// Code reads it on every hook — so a state-write failure (full/unwritable
+// tmpdir) must never stop us from emitting it. Dispatch is best-effort; the
+// ack always goes out.
 export function runHookCli(event) {
-  processHookEvent(event, parseInput());
-  process.stdout.write(JSON.stringify({ continue: true }));
+  try {
+    processHookEvent(event, parseInput());
+  } catch { /* presence is best-effort; never break the user's turn */ }
+  finally {
+    try { process.stdout.write(JSON.stringify({ continue: true })); } catch { /* stdout closed */ }
+  }
 }
 
 // Run directly when invoked as `node src/hook.js <event>`. Detection is based