claude-smith 3.1.0 → 3.2.0

package/README.ko.md

@@ -1,8 +1,8 @@
 [English](README.md) | **한국어**
 
-# 🔨 claude-smith
+# 🕵️ claude-smith
 
-> **Claude Code의 ESLint** — AI 코딩 세션에 물리적 강제를 더합니다.
+> **코드의 조용한 수호자** — AI 코딩 세션의 물리적 규율 강제
 
 ## 문제
 
@@ -39,6 +39,24 @@ npx claude-smith init
 
 언어를 선택하면(en/ko/zh/ja) 끝. 12개 Hook 설치, 규칙 주입, 강제 활성화.
 
+## 실시간 알림
+
+Claude Code 세션 중 Hook 활동을 실시간으로 확인하세요:
+
+```json
+{ "notify": true }
+```
+
+활성화하면 터미널에서 간략한 상태 메시지를 볼 수 있습니다:
+```
+🕵️ Smith — ⚠️ TDD Guard: LoginForm.tsx 테스트 파일 없음
+🕵️ Smith — ✅ Commit Guard: 커밋 허용
+🕵️ Smith — 🚫 Debug Loop: app.tsx 5회 편집 차단
+🕵️ Smith — 🤖 Subagent Inject: 규칙 주입됨
+```
+
+`"notify": false` (기본값)로 설정하면 비활성화됩니다.
+
 ## 12개 Hook
 
 ### 차단하는 Hook (exit code 2 — 진행 자체를 막음)
@@ -148,6 +166,7 @@ claude-smith uninstall             # 모든 구성 요소 제거
 ```json
 {
   "language": "ko",
+  "notify": false,
   "hooks": {
     "commit-guard": { "maxTestAge": 300 },
     "debug-loop": { "warnAt": 3, "blockAt": 5 },
@@ -187,13 +206,36 @@ claude-smith uninstall             # 모든 구성 요소 제거
 - **안전한 권한**: 디렉터리 `0o700`, 파일 `0o600`
 - **경쟁 조건 방지**: Hook별 원자적 카운터 (공유 JSON 미사용)
 - **제로 의존성**: Node.js 기본 모듈만 사용
-- **63개 테스트**: 보안 엣지 케이스, 에러 처리, 크로스 플랫폼 시나리오
+- **포괄적 테스트 스위트**: 보안 엣지 케이스, 에러 처리, 크로스 플랫폼 시나리오
 
 ## 요구 사항
 
 - Node.js >= 18
 - Hook을 지원하는 Claude Code (`.claude/settings.json`)
 
+## 문제 해결
+
+### Hook이 작동하지 않음
+1. 설치 검증: `claude-smith check`
+2. `.claude/settings.json`에 Hook 정의가 있는지 확인
+3. Node.js >= 18 확인: `node --version`
+
+### 병렬 에이전트에서 오탐 발생
+`.claude-smith.json`에서 OMC 호환 모드 활성화:
+```json
+{ "omcCompat": true }
+```
+debug-loop, batch-checkpoint, scope-guard, plan-guard 임계값이 상향됩니다.
+
+### 테스트가 "실행 안 됨"으로 표시됨
+test-tracker Hook은 Bash 도구 호출의 테스트 명령만 감지합니다. 인라인이 아닌 터미널을 통해 테스트를 실행하세요.
+
+### Hook 에러
+개별 Hook을 수동으로 실행하여 디버깅:
+```bash
+echo '{"tool_name":"Edit","tool_input":{"file_path":"test.ts"},"session_id":"debug"}' | node .claude/hooks/tdd-guard.mjs
+```
+
 ## 라이선스
 
 MIT

package/README.md

@@ -1,8 +1,8 @@
 **English** | [한국어](README.ko.md)
 
-# 🔨 claude-smith
+# 🕵️ claude-smith
 
-> **Claude Code's ESLint** — Physical enforcement for AI coding sessions.
+> **Your code's silent guardian** — Physical enforcement for AI coding sessions.
 
 ## The Problem
 
@@ -39,6 +39,24 @@ npx claude-smith init
 
 Select your language (en/ko/zh/ja), and you're done. 12 hooks installed, rules injected, enforcement active.
 
+## Live Notifications
+
+See hook activity in real-time during Claude Code sessions:
+
+```json
+{ "notify": true }
+```
+
+When enabled, hooks write brief status messages visible in your terminal:
+```
+🕵️ Smith — ⚠️ TDD Guard: LoginForm.tsx test file missing
+🕵️ Smith — ✅ Commit Guard: Commit allowed
+🕵️ Smith — 🚫 Debug Loop: app.tsx 5 edits blocked
+🕵️ Smith — 🤖 Subagent Inject: Rules injected
+```
+
+Set `"notify": false` (default) to disable.
+
 ## The 12 Hooks
 
 ### Hooks That Block (exit code 2 — action physically prevented)
@@ -148,6 +166,7 @@ Project-level settings in `.claude-smith.json` (all optional):
 ```json
 {
   "language": "en",
+  "notify": false,
   "hooks": {
     "commit-guard": { "maxTestAge": 300 },
     "debug-loop": { "warnAt": 3, "blockAt": 5 },
@@ -187,13 +206,36 @@ User settings always take priority over `omcCompat` defaults.
 - **Secure permissions**: Directories `0o700`, files `0o600`
 - **Race-condition safe**: Per-hook atomic counters (no shared JSON)
 - **Zero dependencies**: Node.js built-in modules only
-- **63 tests**: Security edge cases, error handling, cross-platform scenarios
+- **Comprehensive test suite**: Security edge cases, error handling, cross-platform scenarios
 
 ## Requirements
 
 - Node.js >= 18
 - Claude Code with hook support (`.claude/settings.json`)
 
+## Troubleshooting
+
+### Hooks not firing
+1. Verify installation: `claude-smith check`
+2. Check `.claude/settings.json` contains hook definitions
+3. Ensure Node.js >= 18: `node --version`
+
+### False positives in parallel agents
+Enable OMC compatibility mode in `.claude-smith.json`:
+```json
+{ "omcCompat": true }
+```
+This raises thresholds for debug-loop, batch-checkpoint, scope-guard, and plan-guard.
+
+### Tests show as "not run"
+The test-tracker hook only detects test commands in Bash tool calls. Ensure you run tests via the terminal, not inline.
+
+### Hook errors
+Run individual hooks manually to debug:
+```bash
+echo '{"tool_name":"Edit","tool_input":{"file_path":"test.ts"},"session_id":"debug"}' | node .claude/hooks/tdd-guard.mjs
+```
+
 ## License
 
 MIT

package/bin/cli.mjs

@@ -79,7 +79,7 @@ switch (command) {
 
 async function init() {
   const cwd = process.cwd();
-  console.log(`\n🔨 Smith v${VERSION} - init\n`);
+  console.log(`\n🕵️ Smith v${VERSION} - init\n`);
 
   // 0. Determine language
   const lang = await resolveLanguage();
@@ -265,7 +265,7 @@ async function resolveLanguage() {
 
 function update() {
   const cwd = process.cwd();
-  console.log(`\n🔨 Smith v${VERSION} - update\n`);
+  console.log(`\n🕵️ Smith v${VERSION} - update\n`);
 
   // 1. Overwrite hooks (always latest)
   const hooksDir = join(cwd, '.claude', 'hooks');
@@ -319,7 +319,8 @@ function injectRules(claudeMdPath, lang = 'en') {
   const fallback = join(TEMPLATES_DIR, 'rules.en.md');
   const rulesPath = existsSync(rulesFile) ? rulesFile : fallback;
   const rules = readFileSync(rulesPath, 'utf8')
-    .replace(/claude-smith v\d+\.\d+\.\d+/g, `claude-smith v${VERSION}`);
+    .replace(/claude-smith v\d+\.\d+\.\d+/g, `claude-smith v${VERSION}`)
+    .replace(/\{\{SMITH_VERSION\}\}/g, `v${VERSION}`);
 
   if (existsSync(claudeMdPath)) {
     let content = readFileSync(claudeMdPath, 'utf8');
@@ -385,7 +386,7 @@ function check() {
   const ciMode = process.argv.includes('--ci');
   const results = { version: VERSION, ok: true, hooks: {}, settings: false, rules: false };
 
-  if (!ciMode) console.log(`\n🔨 Smith v${VERSION} - check\n`);
+  if (!ciMode) console.log(`\n🕵️ Smith v${VERSION} - check\n`);
 
   // Check hooks
   const hooksDir = join(cwd, '.claude', 'hooks');
@@ -448,7 +449,7 @@ function check() {
 }
 
 function stats() {
-  console.log(`\n🔨 Smith v${VERSION} - stats\n`);
+  console.log(`\n🕵️ Smith v${VERSION} - stats\n`);
 
   // Try to find stats from any active session
   const baseDir = join(tmpdir(), '.claude-smith');
@@ -500,7 +501,7 @@ function stats() {
 
 async function uninstall() {
   const cwd = process.cwd();
-  console.log(`\n🔨 Smith v${VERSION} - uninstall\n`);
+  console.log(`\n🕵️ Smith v${VERSION} - uninstall\n`);
 
   const SMITH_HOOKS = ['tdd-guard.mjs', 'commit-guard.mjs', 'test-tracker.mjs', 'debug-loop.mjs',
     'batch-checkpoint.mjs', 'subagent-inject.mjs', 'commit-message.mjs', 'build-guard.mjs',
@@ -595,7 +596,7 @@ async function uninstall() {
 }
 
 function report() {
-  console.log(`\n🔨 Smith v${VERSION} - session report\n`);
+  console.log(`\n🕵️ Smith v${VERSION} - session report\n`);
 
   const baseDir = join(tmpdir(), '.claude-smith');
   if (!existsSync(baseDir)) {
@@ -784,7 +785,7 @@ ${!isPreTool ? "const toolResponse = input.tool_response || {};\n" : ""}
     writeFileSync(settingsPath, JSON.stringify(settings, null, 2) + '\n');
   }
 
-  console.log(`\n🔨 Smith v${VERSION} - create-hook\n`);
+  console.log(`\n🕵️ Smith v${VERSION} - create-hook\n`);
   console.log(`✅ Hook created → .claude/hooks/${fileName}`);
   console.log(`✅ Registered in .claude/settings.json (${event})`);
   console.log(`\nNext steps:`);
@@ -803,7 +804,7 @@ function escapeHtml(str) {
 }
 
 function dashboard() {
-  console.log(`\n🔨 Smith v${VERSION} - dashboard\n`);
+  console.log(`\n🕵️ Smith v${VERSION} - dashboard\n`);
 
   const baseDir = join(tmpdir(), '.claude-smith');
   if (!existsSync(baseDir)) {
@@ -1056,7 +1057,7 @@ function dashboard() {
 <head>
 <meta charset="UTF-8">
 <meta name="viewport" content="width=device-width, initial-scale=1.0">
-<title>🔨 Smith Dashboard</title>
+<title>🕵️ Smith Dashboard</title>
 <style>
   * { margin: 0; padding: 0; box-sizing: border-box; }
   body { font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', sans-serif; background: #0d1117; color: #c9d1d9; padding: 2rem; }
@@ -1113,7 +1114,7 @@ function dashboard() {
 </style>
 </head>
 <body>
-  <h1>🔨 Smith</h1>
+  <h1>🕵️ Smith</h1>
   <p class="subtitle">Session Protection Report — ${new Date().toISOString().split('T')[0]}</p>
 
   <div class="hero-grid">
@@ -1188,7 +1189,7 @@ ${hookNames.map((name, i) => {
 ${insightsHtml}
   </div>
 
-  <footer>Generated by 🔨 Smith v${escapeHtml(VERSION)} | ${escapeHtml(new Date().toISOString())}</footer>
+  <footer>Generated by 🕵️ Smith v${escapeHtml(VERSION)} | ${escapeHtml(new Date().toISOString())}</footer>
 </body>
 </html>`;
 
@@ -1200,7 +1201,7 @@ ${insightsHtml}
 
 function help() {
   console.log(`
-🔨 Smith v${VERSION}
+🕵️ Smith v${VERSION}
 Claude Code workflow enforcement CLI - forging coding discipline into every session
 
 Usage:

package/hooks/batch-checkpoint.mjs

@@ -5,34 +5,23 @@
  * Counts distinct files edited, reminds to report progress at threshold (default: 3)
  */
 
-import { readFileSync, writeFileSync, existsSync, mkdirSync } from 'fs';
+import { writeFileSync, existsSync, mkdirSync, readFileSync } from 'fs';
 import { join } from 'path';
 import { tmpdir } from 'os';
 import { getHookConfig } from '../lib/config.mjs';
 import { recordEvent } from '../lib/stats.mjs';
 import { appendEvent } from '../lib/event-log.mjs';
+import { sanitizeId, parseHookInput, isOmcAutoMode, notifyUser } from '../lib/hook-utils.mjs';
 
 const config = getHookConfig('batch-checkpoint', process.cwd());
 if (!config.enabled) process.exit(0);
 
 // Skip in OMC autonomous execution modes (autopilot, ultrawork, ralph)
 // These modes manage their own progress reporting and checkpoint would interfere
-const omcStateDir = join(process.cwd(), '.omc', 'state');
-const omcAutoModes = ['autopilot-state.json', 'ultrawork-state.json', 'ralph-state.json'];
-const isOmcAutoMode = omcAutoModes.some(f => {
-  try {
-    const state = JSON.parse(readFileSync(join(omcStateDir, f), 'utf8'));
-    return state.active === true || state.status === 'running';
-  } catch { return false; }
-});
-if (isOmcAutoMode) process.exit(0);
+if (isOmcAutoMode(process.cwd())) process.exit(0);
 
-let input;
-try {
-  input = JSON.parse(readFileSync(0, 'utf8'));
-} catch {
-  process.exit(0);
-}
+const input = parseHookInput();
+if (!input) process.exit(0);
 
 const toolName = input.tool_name;
 const filePath = input.tool_input?.file_path || '';
@@ -43,11 +32,6 @@ if (!filePath) process.exit(0);
 // Skip non-source files
 if (!/\.(ts|tsx|js|jsx|py|go|rs|css|json)$/.test(filePath)) process.exit(0);
 
-function sanitizeId(id) {
-  if (!id || typeof id !== 'string') return 'default';
-  return id.replace(/[^a-zA-Z0-9_-]/g, '').slice(0, 128) || 'default';
-}
-
 const sessionId = sanitizeId(input.session_id);
 const stateDir = join(tmpdir(), '.claude-smith', sessionId);
 mkdirSync(stateDir, { recursive: true, mode: 0o700 });
@@ -73,10 +57,11 @@ if (!editedFiles.includes(filePath)) {
 if (editedFiles.length > 0 && editedFiles.length % config.fileThreshold === 0) {
   recordEvent(sessionId, 'batch-checkpoint', 'warn');
   appendEvent(process.cwd(), { hook: 'batch-checkpoint', event: 'warn', message: `${editedFiles.length} files edited` });
+  notifyUser(config.notify, 'Batch Checkpoint', 'warn', `${editedFiles.length}개 파일 편집`);
   const output = JSON.stringify({
     hookSpecificOutput: {
       hookEventName: "PostToolUse",
-      additionalContext: `🔨 Smith 📋 Batch Checkpoint (rule 2-9): ${editedFiles.length} files edited. Report progress to user before continuing.`
+      additionalContext: `🕵️ Smith 📋 Batch Checkpoint (rule 2-9): ${editedFiles.length} files edited. Report progress to user before continuing.`
     }
   });
   process.stdout.write(output);

package/hooks/build-guard.mjs

@@ -11,16 +11,13 @@ import { tmpdir } from 'os';
 import { getHookConfig } from '../lib/config.mjs';
 import { recordEvent } from '../lib/stats.mjs';
 import { appendEvent } from '../lib/event-log.mjs';
+import { sanitizeId, parseHookInput, notifyUser } from '../lib/hook-utils.mjs';
 
 const config = getHookConfig('build-guard', process.cwd());
 if (!config.enabled) process.exit(0);
 
-let input;
-try {
-  input = JSON.parse(readFileSync(0, 'utf8'));
-} catch {
-  process.exit(0);
-}
+const input = parseHookInput();
+if (!input) process.exit(0);
 
 const command = input.tool_input?.command || '';
 
@@ -28,11 +25,6 @@ if (input.tool_name !== 'Bash') process.exit(0);
 if (!command.includes('git commit')) process.exit(0);
 if (command.includes('--allow-empty')) process.exit(0);
 
-function sanitizeId(id) {
-  if (!id || typeof id !== 'string') return 'default';
-  return id.replace(/[^a-zA-Z0-9_-]/g, '').slice(0, 128) || 'default';
-}
-
 const sessionId = sanitizeId(input.session_id);
 const stateDir = join(tmpdir(), '.claude-smith', sessionId);
 const lastBuildResult = join(stateDir, 'last-build-result');
@@ -44,7 +36,8 @@ if (existsSync(lastBuildResult)) {
   if (result === 'fail') {
     recordEvent(sessionId, 'build-guard', 'block');
     appendEvent(process.cwd(), { hook: 'build-guard', event: 'block', message: 'Build failing' });
-    process.stderr.write("🔨 Smith ✋ Commit blocked: last build FAILED. Run build and fix errors before committing.");
+    notifyUser(config.notify, 'Build Guard', 'block', '빌드 실패 — 커밋 차단');
+    process.stderr.write("🕵️ Smith ✋ Commit blocked: last build FAILED. Run build and fix errors before committing.");
     process.exit(2);
   }
 }

package/hooks/build-tracker.mjs

@@ -5,22 +5,19 @@
  * Records build pass/fail result for build-guard reference
  */
 
-import { readFileSync, writeFileSync, mkdirSync } from 'fs';
+import { writeFileSync, mkdirSync } from 'fs';
 import { join } from 'path';
 import { tmpdir } from 'os';
 import { getHookConfig } from '../lib/config.mjs';
 import { recordEvent } from '../lib/stats.mjs';
 import { appendEvent } from '../lib/event-log.mjs';
+import { sanitizeId, parseHookInput, notifyUser } from '../lib/hook-utils.mjs';
 
 const config = getHookConfig('build-tracker', process.cwd());
 if (!config.enabled) process.exit(0);
 
-let input;
-try {
-  input = JSON.parse(readFileSync(0, 'utf8'));
-} catch {
-  process.exit(0);
-}
+const input = parseHookInput();
+if (!input) process.exit(0);
 
 const command = input.tool_input?.command || '';
 
@@ -28,11 +25,6 @@ if (input.tool_name !== 'Bash') process.exit(0);
 
 // Detect build commands
 if (/pnpm build|npm run build|yarn build|tsc|next build/.test(command)) {
-  function sanitizeId(id) {
-    if (!id || typeof id !== 'string') return 'default';
-    return id.replace(/[^a-zA-Z0-9_-]/g, '').slice(0, 128) || 'default';
-  }
-
   const sessionId = sanitizeId(input.session_id);
   const stateDir = join(tmpdir(), '.claude-smith', sessionId);
   mkdirSync(stateDir, { recursive: true, mode: 0o700 });
@@ -44,4 +36,5 @@ if (/pnpm build|npm run build|yarn build|tsc|next build/.test(command)) {
   writeFileSync(join(stateDir, 'last-build-result'), result, { mode: 0o600 });
   recordEvent(sessionId, 'build-tracker', 'fire');
   appendEvent(process.cwd(), { hook: 'build-tracker', event: 'fire', message: result });
+  notifyUser(config.notify, 'Build Tracker', 'track', failed ? '❌ fail' : '✅ pass');
 }

package/hooks/commit-guard.mjs

@@ -13,16 +13,13 @@ import { tmpdir } from 'os';
 import { getHookConfig } from '../lib/config.mjs';
 import { recordEvent } from '../lib/stats.mjs';
 import { appendEvent } from '../lib/event-log.mjs';
+import { sanitizeId, parseHookInput, notifyUser } from '../lib/hook-utils.mjs';
 
 const config = getHookConfig('commit-guard', process.cwd());
 if (!config.enabled) process.exit(0);
 
-let input;
-try {
-  input = JSON.parse(readFileSync(0, 'utf8'));
-} catch {
-  process.exit(0);
-}
+const input = parseHookInput();
+if (!input) process.exit(0);
 
 const toolName = input.tool_name;
 const command = input.tool_input?.command || '';
@@ -33,26 +30,19 @@ if (!command.includes('git commit')) process.exit(0);
 // Skip amend, merge commits
 if (command.includes('--allow-empty')) process.exit(0);
 
-function sanitizeId(id) {
-  if (!id || typeof id !== 'string') return 'default';
-  return id.replace(/[^a-zA-Z0-9_-]/g, '').slice(0, 128) || 'default';
-}
-
 const sessionId = sanitizeId(input.session_id);
 const stateDir = join(tmpdir(), '.claude-smith', sessionId);
 const lastTestFile = join(stateDir, 'last-test-run');
 const lastResultFile = join(stateDir, 'last-test-result');
 
-recordEvent(sessionId, 'commit-guard', 'fire');
-appendEvent(process.cwd(), { hook: 'commit-guard', event: 'fire', message: 'Tests passed, commit allowed' });
-
 // Check test result first (hard block on failure)
 if (existsSync(lastResultFile)) {
   const result = readFileSync(lastResultFile, 'utf8').trim();
   if (result === 'fail') {
     recordEvent(sessionId, 'commit-guard', 'block');
     appendEvent(process.cwd(), { hook: 'commit-guard', event: 'block', message: 'Tests failing' });
-    process.stderr.write("🔨 Smith ✋ Commit blocked: last test run FAILED. Run your test suite and fix failures before committing.\n💡 Coaching: 1) Run your test suite. 2) Fix failing tests one at a time. 3) Verify all pass. 4) Then commit.");
+    notifyUser(config.notify, 'Commit Guard', 'block', '테스트 실패 — 커밋 차단');
+    process.stderr.write("🕵️ Smith ✋ Commit blocked: last test run FAILED. Run your test suite and fix failures before committing.\n💡 Coaching: 1) Run your test suite. 2) Fix failing tests one at a time. 3) Verify all pass. 4) Then commit.");
     process.exit(2);
   }
 }
@@ -65,22 +55,31 @@ if (existsSync(lastTestFile)) {
   if (diff > config.maxTestAge) {
     recordEvent(sessionId, 'commit-guard', 'warn');
     appendEvent(process.cwd(), { hook: 'commit-guard', event: 'warn', message: 'Tests stale' });
+    notifyUser(config.notify, 'Commit Guard', 'warn', '테스트 경과 시간 초과');
     const output = JSON.stringify({
       hookSpecificOutput: {
         hookEventName: "PreToolUse",
-        additionalContext: `🔨 Smith > Commit Guard: Last test run was ${Math.floor(diff / 60)}min ago (>5min). Run tests before committing.`
+        additionalContext: `🕵️ Smith > Commit Guard: Last test run was ${Math.floor(diff / 60)}min ago (>5min). Run tests before committing.`
       }
     });
     process.stdout.write(output);
+    process.exit(0);
   }
 } else {
   recordEvent(sessionId, 'commit-guard', 'warn');
   appendEvent(process.cwd(), { hook: 'commit-guard', event: 'warn', message: 'No test run detected' });
+  notifyUser(config.notify, 'Commit Guard', 'warn', '테스트 실행 기록 없음');
   const output = JSON.stringify({
     hookSpecificOutput: {
       hookEventName: "PreToolUse",
-      additionalContext: "🔨 Smith > Commit Guard: No test run detected this session. Consider running tests before committing.\n💡 Coaching: Run your test suite to verify nothing is broken. Even a quick smoke test prevents broken commits."
+      additionalContext: "🕵️ Smith > Commit Guard: No test run detected this session. Consider running tests before committing.\n💡 Coaching: Run your test suite to verify nothing is broken. Even a quick smoke test prevents broken commits."
     }
   });
   process.stdout.write(output);
+  process.exit(0);
 }
+
+// All checks passed - commit allowed
+recordEvent(sessionId, 'commit-guard', 'fire');
+appendEvent(process.cwd(), { hook: 'commit-guard', event: 'fire', message: 'Commit allowed' });
+notifyUser(config.notify, 'Commit Guard', 'fire', '커밋 허용');

package/hooks/commit-message.mjs

@@ -5,40 +5,32 @@
  * Enforces conventional commits format: type(scope): description
  */
 
-import { readFileSync } from 'fs';
 import { getHookConfig } from '../lib/config.mjs';
 import { recordEvent } from '../lib/stats.mjs';
 import { appendEvent } from '../lib/event-log.mjs';
+import { sanitizeId, parseHookInput, notifyUser } from '../lib/hook-utils.mjs';
 
 const config = getHookConfig('commit-message', process.cwd());
 if (!config.enabled) process.exit(0);
 
-let input;
-try {
-  input = JSON.parse(readFileSync(0, 'utf8'));
-} catch {
-  process.exit(0);
-}
+const input = parseHookInput();
+if (!input) process.exit(0);
 
 const command = input.tool_input?.command || '';
 
 if (input.tool_name !== 'Bash') process.exit(0);
 if (!command.includes('git commit')) process.exit(0);
 
-function sanitizeId(id) {
-  if (!id || typeof id !== 'string') return 'default';
-  return id.replace(/[^a-zA-Z0-9_-]/g, '').slice(0, 128) || 'default';
-}
-
 const sessionId = sanitizeId(input.session_id);
 
 // Extract commit message from -m flag
-const msgMatch = command.match(/-m\s+"([^"]+)"/s)
-  || command.match(/-m\s+'([^']+)'/s)
-  || command.match(/-m\s+"\$\(cat\s+<<'?EOF'?\s*\n([\s\S]*?)\n\s*EOF/);
+// Check HEREDOC format first (used by Claude Code)
+const msgMatch = command.match(/-m\s+"\$\(cat\s+<<'?EOF'?\s*\n([\s\S]*?)\n\s*EOF/)
+  || command.match(/-m\s+"([^"]+)"/s)
+  || command.match(/-m\s+'([^']+)'/s);
 if (!msgMatch) process.exit(0); // Can't parse message, let it through
 
-const msg = msgMatch[1] || msgMatch[2] || '';
+const msg = msgMatch[1] || '';
 const firstLine = msg.split('\n')[0].trim();
 
 // Conventional commit pattern: type(scope): description OR type: description
@@ -47,11 +39,17 @@ const pattern = /^(feat|fix|docs|style|refactor|perf|test|build|ci|chore|revert)
 if (!pattern.test(firstLine)) {
   recordEvent(sessionId, 'commit-message', 'warn');
   appendEvent(process.cwd(), { hook: 'commit-message', event: 'warn', message: `Non-conventional: ${firstLine.slice(0, 50)}` });
+  notifyUser(config.notify, 'Commit Message', 'warn', `비표준 형식: ${firstLine.slice(0, 40)}`);
   const output = JSON.stringify({
     hookSpecificOutput: {
       hookEventName: "PreToolUse",
-      additionalContext: `🔨 Smith > Commit Message: "${firstLine}" doesn't follow conventional commits. Expected: type(scope): description (e.g., feat(auth): add login, fix: resolve crash)`
+      additionalContext: `🕵️ Smith > Commit Message: "${firstLine}" doesn't follow conventional commits. Expected: type(scope): description (e.g., feat(auth): add login, fix: resolve crash)`
     }
   });
   process.stdout.write(output);
+} else {
+  // Format is valid
+  recordEvent(sessionId, 'commit-message', 'fire');
+  appendEvent(process.cwd(), { hook: 'commit-message', event: 'fire', message: 'Format valid' });
+  notifyUser(config.notify, 'Commit Message', 'fire', '형식 유효');
 }

package/hooks/debug-loop.mjs

@@ -12,16 +12,13 @@ import { createHash } from 'crypto';
 import { getHookConfig } from '../lib/config.mjs';
 import { recordEvent } from '../lib/stats.mjs';
 import { appendEvent } from '../lib/event-log.mjs';
+import { sanitizeId, parseHookInput, isOmcAutoMode, notifyUser } from '../lib/hook-utils.mjs';
 
 const config = getHookConfig('debug-loop', process.cwd());
 if (!config.enabled) process.exit(0);
 
-let input;
-try {
-  input = JSON.parse(readFileSync(0, 'utf8'));
-} catch {
-  process.exit(0);
-}
+const input = parseHookInput();
+if (!input) process.exit(0);
 
 const toolName = input.tool_name;
 const filePath = input.tool_input?.file_path || '';
@@ -32,11 +29,6 @@ if (!filePath) process.exit(0);
 // Skip non-source files
 if (!/\.(ts|tsx|js|jsx|py|go|rs)$/.test(filePath)) process.exit(0);
 
-function sanitizeId(id) {
-  if (!id || typeof id !== 'string') return 'default';
-  return id.replace(/[^a-zA-Z0-9_-]/g, '').slice(0, 128) || 'default';
-}
-
 // Isolate state per agent when sub-agents provide their own ID
 const sessionId = sanitizeId(input.session_id);
 const agentId = sanitizeId(input.agent_id || '');
@@ -45,15 +37,7 @@ const stateDir = join(tmpdir(), '.claude-smith', stateKey);
 mkdirSync(stateDir, { recursive: true, mode: 0o700 });
 
 // Raise thresholds during OMC autonomous modes to avoid false positives in parallel execution
-const omcStateDir = join(process.cwd(), '.omc', 'state');
-const omcAutoModes = ['autopilot-state.json', 'ultrawork-state.json', 'ralph-state.json'];
-const isOmcAutoMode = omcAutoModes.some(f => {
-  try {
-    const state = JSON.parse(readFileSync(join(omcStateDir, f), 'utf8'));
-    return state.active === true || state.status === 'running';
-  } catch { return false; }
-});
-if (isOmcAutoMode) {
+if (isOmcAutoMode(process.cwd())) {
   config.warnAt = Math.max(config.warnAt, 6);
   config.blockAt = Math.max(config.blockAt, 10);
 }
@@ -102,16 +86,18 @@ const patternHint = pattern === 'divergent'
 if (count === config.warnAt) {
   recordEvent(sessionId, 'debug-loop', 'warn');
   appendEvent(process.cwd(), { hook: 'debug-loop', event: 'warn', file: filePath, message: `Edit #${count}${patternHint ? ' ' + patternHint : ''}` });
+  notifyUser(config.notify, 'Debug Loop', 'warn', `${name} ${count}회 편집${pattern === 'divergent' ? ' (반복 패턴)' : ''}`);
   const output = JSON.stringify({
     hookSpecificOutput: {
       hookEventName: "PostToolUse",
-      additionalContext: `🔨 Smith > Debug Loop: ${name} edited ${config.warnAt} times.${patternHint}\n💡 Coaching: 1) STOP editing. Read the error message carefully. 2) Add logging to trace data flow. 3) Check recent git changes: git diff HEAD~3. 4) Find a working similar pattern and compare. 5) Form a hypothesis before making the next edit.`
+      additionalContext: `🕵️ Smith > Debug Loop: ${name} edited ${config.warnAt} times.${patternHint}\n💡 Coaching: 1) STOP editing. Read the error message carefully. 2) Add logging to trace data flow. 3) Check recent git changes: git diff HEAD~3. 4) Find a working similar pattern and compare. 5) Form a hypothesis before making the next edit.`
     }
   });
   process.stdout.write(output);
 } else if (count >= config.blockAt) {
   recordEvent(sessionId, 'debug-loop', 'block');
   appendEvent(process.cwd(), { hook: 'debug-loop', event: 'block', file: filePath, message: `Edit #${count} - blocked` });
-  process.stderr.write(`🔨 Smith ✋ Debug Loop blocked: ${name} edited ${count} times.${patternHint}\nPer rule 2-6: 3+ failed fixes → question architecture. Discuss with user before continuing.`);
+  notifyUser(config.notify, 'Debug Loop', 'block', `${name} ${count}회 편집 — 차단`);
+  process.stderr.write(`🕵️ Smith ✋ Debug Loop blocked: ${name} edited ${count} times.${patternHint}\nPer rule 2-6: 3+ failed fixes → question architecture. Discuss with user before continuing.`);
   process.exit(2);
 }

package/hooks/file-size-warn.mjs

@@ -10,16 +10,13 @@ import { basename } from 'path';
 import { getHookConfig } from '../lib/config.mjs';
 import { recordEvent } from '../lib/stats.mjs';
 import { appendEvent } from '../lib/event-log.mjs';
+import { sanitizeId, parseHookInput, notifyUser } from '../lib/hook-utils.mjs';
 
 const config = getHookConfig('file-size-warn', process.cwd());
 if (!config.enabled) process.exit(0);
 
-let input;
-try {
-  input = JSON.parse(readFileSync(0, 'utf8'));
-} catch {
-  process.exit(0);
-}
+const input = parseHookInput();
+if (!input) process.exit(0);
 
 const filePath = input.tool_input?.file_path || '';
 
@@ -31,11 +28,6 @@ if (!/\.(ts|tsx|js|jsx|py|go|rs)$/.test(filePath)) process.exit(0);
 
 if (!existsSync(filePath)) process.exit(0);
 
-function sanitizeId(id) {
-  if (!id || typeof id !== 'string') return 'default';
-  return id.replace(/[^a-zA-Z0-9_-]/g, '').slice(0, 128) || 'default';
-}
-
 const sessionId = sanitizeId(input.session_id);
 
 const lines = readFileSync(filePath, 'utf8').split('\n').length;
@@ -44,10 +36,11 @@ const threshold = config.maxLines || 500;
 if (lines > threshold) {
   recordEvent(sessionId, 'file-size-warn', 'warn');
   appendEvent(process.cwd(), { hook: 'file-size-warn', event: 'warn', file: filePath, message: `${lines} lines` });
+  notifyUser(config.notify, 'File Size', 'warn', `${basename(filePath)} ${lines}줄 (>${threshold})`);
   const output = JSON.stringify({
     hookSpecificOutput: {
       hookEventName: "PostToolUse",
-      additionalContext: `🔨 Smith > File Size: ${basename(filePath)} has ${lines} lines (>${threshold}). Consider splitting into smaller modules.`
+      additionalContext: `🕵️ Smith > File Size: ${basename(filePath)} has ${lines} lines (>${threshold}). Consider splitting into smaller modules.`
     }
   });
   process.stdout.write(output);

package/hooks/plan-guard.mjs

@@ -13,25 +13,17 @@ import { tmpdir } from 'os';
 import { getHookConfig } from '../lib/config.mjs';
 import { recordEvent } from '../lib/stats.mjs';
 import { appendEvent } from '../lib/event-log.mjs';
+import { sanitizeId, parseHookInput, isOmcAutoMode, notifyUser } from '../lib/hook-utils.mjs';
 
 const config = getHookConfig('plan-guard', process.cwd());
 if (!config.enabled) process.exit(0);
 
-let input;
-try {
-  input = JSON.parse(readFileSync(0, 'utf8'));
-} catch {
-  process.exit(0);
-}
+const input = parseHookInput();
+if (!input) process.exit(0);
 
 const filePath = input.tool_input?.file_path || '';
 if (!filePath) process.exit(0);
 
-function sanitizeId(id) {
-  if (!id || typeof id !== 'string') return 'default';
-  return id.replace(/[^a-zA-Z0-9_-]/g, '').slice(0, 128) || 'default';
-}
-
 const sessionId = sanitizeId(input.session_id);
 const agentId = sanitizeId(input.agent_id || '');
 const stateKey = agentId && agentId !== 'default' ? `${sessionId}-${agentId}` : sessionId;
@@ -92,23 +84,16 @@ count++;
 writeFileSync(counterFile, String(count), { mode: 0o600 });
 
 // Raise threshold during OMC autonomous modes
-const omcStateDir = join(process.cwd(), '.omc', 'state');
-const omcAutoModes = ['autopilot-state.json', 'ultrawork-state.json', 'ralph-state.json'];
-const isOmcAutoMode = omcAutoModes.some(f => {
-  try {
-    const state = JSON.parse(readFileSync(join(omcStateDir, f), 'utf8'));
-    return state.active === true || state.status === 'running';
-  } catch { return false; }
-});
-
-const warnAt = isOmcAutoMode ? (config.warnAt || 5) * 2 : (config.warnAt || 5);
-const blockAt = isOmcAutoMode ? (config.blockAt || 10) * 2 : (config.blockAt || 10);
+const isOmc = isOmcAutoMode(process.cwd());
+const warnAt = isOmc ? (config.warnAt || 5) * 2 : (config.warnAt || 5);
+const blockAt = isOmc ? (config.blockAt || 10) * 2 : (config.blockAt || 10);
 
 // Block if threshold reached
 if (count >= blockAt) {
   recordEvent(sessionId, 'plan-guard', 'block');
   appendEvent(process.cwd(), { hook: 'plan-guard', event: 'block', message: `${count} files without plan` });
-  process.stderr.write(`🔨 Smith ✋ Plan Guard: ${count} code files edited without a decomposition plan. Create a plan first.`);
+  notifyUser(config.notify, 'Plan Guard', 'block', `${count}개 파일 계획 없이 편집 — 차단`);
+  process.stderr.write(`🕵️ Smith ✋ Plan Guard: ${count} code files edited without a decomposition plan. Create a plan first.`);
   process.exit(2);
 }
 
@@ -116,10 +101,11 @@ if (count >= blockAt) {
 if (count >= warnAt) {
   recordEvent(sessionId, 'plan-guard', 'warn');
   appendEvent(process.cwd(), { hook: 'plan-guard', event: 'warn', message: `${count} files without plan` });
+  notifyUser(config.notify, 'Plan Guard', 'warn', `${count}개 파일 계획 없이 편집`);
   const output = JSON.stringify({
     hookSpecificOutput: {
       hookEventName: "PreToolUse",
-      additionalContext: `🔨 Smith > Plan Guard: ${count} code files edited without a plan. Complex work needs decomposition first.
+      additionalContext: `🕵️ Smith > Plan Guard: ${count} code files edited without a plan. Complex work needs decomposition first.
 💡 Create a plan file (docs/plans/*.md or plan.md) that includes:
 1. Each unit's responsibility (one sentence)
 2. Dependency direction between units

package/hooks/scope-guard.mjs

@@ -11,16 +11,13 @@ import { tmpdir } from 'os';
 import { getHookConfig } from '../lib/config.mjs';
 import { recordEvent } from '../lib/stats.mjs';
 import { appendEvent } from '../lib/event-log.mjs';
+import { sanitizeId, parseHookInput, isOmcAutoMode, notifyUser } from '../lib/hook-utils.mjs';
 
 const config = getHookConfig('scope-guard', process.cwd());
 if (!config.enabled) process.exit(0);
 
-let input;
-try {
-  input = JSON.parse(readFileSync(0, 'utf8'));
-} catch {
-  process.exit(0);
-}
+const input = parseHookInput();
+if (!input) process.exit(0);
 
 const filePath = input.tool_input?.file_path || '';
 
@@ -28,11 +25,6 @@ if (!['Edit', 'Write'].includes(input.tool_name)) process.exit(0);
 if (!filePath) process.exit(0);
 if (!/\.(ts|tsx|js|jsx|py|go|rs|css|json)$/.test(filePath)) process.exit(0);
 
-function sanitizeId(id) {
-  if (!id || typeof id !== 'string') return 'default';
-  return id.replace(/[^a-zA-Z0-9_-]/g, '').slice(0, 128) || 'default';
-}
-
 // Isolate state per agent when sub-agents provide their own ID
 const sessionId = sanitizeId(input.session_id);
 const agentId = sanitizeId(input.agent_id || '');
@@ -40,16 +32,6 @@ const stateKey = agentId && agentId !== 'default' ? `${sessionId}-${agentId}` :
 const stateDir = join(tmpdir(), '.claude-smith', stateKey);
 mkdirSync(stateDir, { recursive: true, mode: 0o700 });
 
-// Raise threshold during OMC autonomous modes to avoid false positives in parallel execution
-const omcStateDir = join(process.cwd(), '.omc', 'state');
-const omcAutoModes = ['autopilot-state.json', 'ultrawork-state.json', 'ralph-state.json'];
-const isOmcAutoMode = omcAutoModes.some(f => {
-  try {
-    const state = JSON.parse(readFileSync(join(omcStateDir, f), 'utf8'));
-    return state.active === true || state.status === 'running';
-  } catch { return false; }
-});
-
 const stateFile = join(stateDir, 'scope-directories');
 const dir = dirname(filePath);
 
@@ -67,15 +49,17 @@ if (!dirs.includes(dir)) {
   writeFileSync(stateFile, JSON.stringify(dirs), { mode: 0o600 });
 }
 
-const threshold = isOmcAutoMode ? Math.max((config.maxDirectories || 5) * 2, 10) : (config.maxDirectories || 5);
+// Raise threshold during OMC autonomous modes to avoid false positives in parallel execution
+const threshold = isOmcAutoMode(process.cwd()) ? Math.max((config.maxDirectories || 5) * 2, 10) : (config.maxDirectories || 5);
 
 if (dirs.length >= threshold && (dirs.length === threshold || dirs.length % threshold === 0)) {
   recordEvent(sessionId, 'scope-guard', 'warn');
   appendEvent(process.cwd(), { hook: 'scope-guard', event: 'warn', message: `${dirs.length} directories` });
+  notifyUser(config.notify, 'Scope Guard', 'warn', `${dirs.length}개 디렉토리 변경`);
   const output = JSON.stringify({
     hookSpecificOutput: {
       hookEventName: "PostToolUse",
-      additionalContext: `🔨 Smith > Scope Guard: Changes span ${dirs.length} directories (>=${threshold}). Is the scope too broad? Consider breaking into smaller tasks.`
+      additionalContext: `🕵️ Smith > Scope Guard: Changes span ${dirs.length} directories (>=${threshold}). Is the scope too broad? Consider breaking into smaller tasks.`
     }
   });
   process.stdout.write(output);

package/hooks/subagent-inject.mjs

@@ -5,31 +5,23 @@
  * Injects core TDD/verification rules into subagent context
  */
 
-import { readFileSync } from 'fs';
 import { getHookConfig } from '../lib/config.mjs';
 import { recordEvent } from '../lib/stats.mjs';
 import { appendEvent } from '../lib/event-log.mjs';
+import { sanitizeId, parseHookInput, notifyUser } from '../lib/hook-utils.mjs';
 
 const config = getHookConfig('subagent-inject', process.cwd());
 if (!config.enabled) process.exit(0);
 
 // Consume stdin (required by hook protocol)
-let input;
-try {
-  input = JSON.parse(readFileSync(0, 'utf8'));
-} catch {
-  process.exit(0);
-}
-
-function sanitizeId(id) {
-  if (!id || typeof id !== 'string') return 'default';
-  return id.replace(/[^a-zA-Z0-9_-]/g, '').slice(0, 128) || 'default';
-}
+const input = parseHookInput();
+if (!input) process.exit(0);
 
 const sessionId = sanitizeId(input.session_id);
 
 recordEvent(sessionId, 'subagent-inject', 'fire');
 appendEvent(process.cwd(), { hook: 'subagent-inject', event: 'fire', message: 'Rules injected into subagent' });
+notifyUser(config.notify, 'Subagent Inject', 'inject', '규칙 주입됨');
 const output = JSON.stringify({
   hookSpecificOutput: {
     hookEventName: "SubagentStart",

package/hooks/tdd-guard.mjs

@@ -5,21 +5,18 @@
  * Warns when editing a source file that has no corresponding test file
  */
 
-import { readFileSync, existsSync } from 'fs';
+import { existsSync } from 'fs';
 import { dirname, basename, join, extname } from 'path';
 import { getHookConfig } from '../lib/config.mjs';
 import { recordEvent } from '../lib/stats.mjs';
 import { appendEvent } from '../lib/event-log.mjs';
+import { sanitizeId, parseHookInput, notifyUser } from '../lib/hook-utils.mjs';
 
 const config = getHookConfig('tdd-guard', process.cwd());
 if (!config.enabled) process.exit(0);
 
-let input;
-try {
-  input = JSON.parse(readFileSync(0, 'utf8'));
-} catch {
-  process.exit(0);
-}
+const input = parseHookInput();
+if (!input) process.exit(0);
 
 const filePath = input.tool_input?.file_path || '';
 
@@ -42,11 +39,6 @@ if (/node_modules|\.next|dist|build|\.storybook/.test(filePath)) process.exit(0)
 // Skip layout, page files (Next.js App Router)
 if (/\/(layout|page|loading|error|not-found)\.(ts|tsx)$/.test(filePath)) process.exit(0);
 
-function sanitizeId(id) {
-  if (!id || typeof id !== 'string') return 'default';
-  return id.replace(/[^a-zA-Z0-9_-]/g, '').slice(0, 128) || 'default';
-}
-
 const sessionId = sanitizeId(input.session_id);
 
 const dir = dirname(filePath);
@@ -61,10 +53,11 @@ const testFileTs = join(dir, `${name}.test.ts`);
 if (!existsSync(testFile) && !existsSync(specFile) && !existsSync(testFileTsx) && !existsSync(testFileTs)) {
   recordEvent(sessionId, 'tdd-guard', 'warn');
   appendEvent(process.cwd(), { hook: 'tdd-guard', event: 'warn', file: filePath, message: `No test file for ${basename(filePath)}` });
+  notifyUser(config.notify, 'TDD Guard', 'warn', `${basename(filePath)} 테스트 파일 없음`);
   const output = JSON.stringify({
     hookSpecificOutput: {
       hookEventName: "PreToolUse",
-      additionalContext: `🔨 Smith > TDD Guard: ${basename(filePath)} has no test file (${name}.test${ext}). TDD Iron Law: write failing test FIRST.\n💡 Coaching: 1) Create ${name}.test${ext} in the same directory. 2) Write a test that describes expected behavior. 3) Run the test to confirm it fails. 4) Then implement the code.`
+      additionalContext: `🕵️ Smith > TDD Guard: ${basename(filePath)} has no test file (${name}.test${ext}). TDD Iron Law: write failing test FIRST.\n💡 Coaching: 1) Create ${name}.test${ext} in the same directory. 2) Write a test that describes expected behavior. 3) Run the test to confirm it fails. 4) Then implement the code.`
     }
   });
   process.stdout.write(output);

package/hooks/test-tracker.mjs

@@ -11,16 +11,13 @@ import { tmpdir } from 'os';
 import { getHookConfig } from '../lib/config.mjs';
 import { recordEvent } from '../lib/stats.mjs';
 import { appendEvent } from '../lib/event-log.mjs';
+import { sanitizeId, parseHookInput, notifyUser } from '../lib/hook-utils.mjs';
 
 const config = getHookConfig('test-tracker', process.cwd());
 if (!config.enabled) process.exit(0);
 
-let input;
-try {
-  input = JSON.parse(readFileSync(0, 'utf8'));
-} catch {
-  process.exit(0);
-}
+const input = parseHookInput();
+if (!input) process.exit(0);
 
 const toolName = input.tool_name;
 const command = input.tool_input?.command || '';
@@ -29,11 +26,6 @@ if (toolName !== 'Bash') process.exit(0);
 
 // Detect test commands
 if (/pnpm test|npm test|yarn test|bun test|vitest|jest|pytest|go test|cargo test|make test|mocha/.test(command)) {
-  function sanitizeId(id) {
-    if (!id || typeof id !== 'string') return 'default';
-    return id.replace(/[^a-zA-Z0-9_-]/g, '').slice(0, 128) || 'default';
-  }
-
   const sessionId = sanitizeId(input.session_id);
   const stateDir = join(tmpdir(), '.claude-smith', sessionId);
   mkdirSync(stateDir, { recursive: true, mode: 0o700 });
@@ -50,6 +42,7 @@ if (/pnpm test|npm test|yarn test|bun test|vitest|jest|pytest|go test|cargo test
   writeFileSync(join(stateDir, 'last-test-result'), failed ? 'fail' : 'pass', { mode: 0o600 });
   recordEvent(sessionId, 'test-tracker', 'fire');
   appendEvent(process.cwd(), { hook: 'test-tracker', event: 'fire', message: `${failed ? 'fail' : 'pass'}` });
+  notifyUser(config.notify, 'Test Tracker', 'track', failed ? '❌ fail' : '✅ pass');
 
   // Extract coverage percentage from test output
   function parseCoverage(text) {
@@ -82,7 +75,7 @@ if (/pnpm test|npm test|yarn test|bun test|vitest|jest|pytest|go test|cargo test
       const output = JSON.stringify({
         hookSpecificOutput: {
           hookEventName: "PostToolUse",
-          additionalContext: `🔨 Smith 📊 Coverage Delta: ${prevCoverage}% → ${coverage}% (${delta}%). Test coverage decreased.\n💡 Coaching: 1) Check which lines lost coverage. 2) Add tests for uncovered paths. 3) Run coverage report: your-test-cmd --coverage`
+          additionalContext: `🕵️ Smith 📊 Coverage Delta: ${prevCoverage}% → ${coverage}% (${delta}%). Test coverage decreased.\n💡 Coaching: 1) Check which lines lost coverage. 2) Add tests for uncovered paths. 3) Run coverage report: your-test-cmd --coverage`
         }
       });
       process.stdout.write(output);

package/lib/config.mjs

@@ -9,6 +9,7 @@ import { join } from 'path';
 const DEFAULTS = {
   language: 'en',
   omcCompat: false,
+  notify: false,
   hooks: {
     'tdd-guard': { enabled: true },
     'commit-guard': { enabled: true, maxTestAge: 300 },
@@ -68,7 +69,9 @@ export function loadConfig(projectRoot) {
 
 export function getHookConfig(hookName, projectRoot) {
   const config = loadConfig(projectRoot);
-  return config.hooks?.[hookName] || DEFAULTS.hooks[hookName] || { enabled: true };
+  const hookConfig = config.hooks?.[hookName] || DEFAULTS.hooks[hookName] || { enabled: true };
+  hookConfig.notify = config.notify || false;
+  return hookConfig;
 }
 
 const DANGEROUS_KEYS = new Set(['__proto__', 'constructor', 'prototype']);

package/lib/event-log.mjs

@@ -6,7 +6,7 @@
  * Provides project-level audit trail of hook activity
  */
 
-import { appendFileSync, readFileSync, mkdirSync, existsSync, readdirSync } from 'fs';
+import { appendFileSync, readFileSync, mkdirSync, existsSync, readdirSync, lstatSync } from 'fs';
 import { join } from 'path';
 
 /**
@@ -21,9 +21,19 @@ export function appendEvent(projectDir, { hook, event, file = '', message = '' }
     const eventsDir = join(projectDir, '.smith', 'events');
     mkdirSync(eventsDir, { recursive: true, mode: 0o700 });
 
+    // Symlink check: ensure events dir is a real directory, not a symlink
+    const stat = lstatSync(eventsDir);
+    if (!stat.isDirectory()) return; // Don't write to symlinks
+
     const today = new Date().toISOString().split('T')[0]; // YYYY-MM-DD
     const logFile = join(eventsDir, `${today}.jsonl`);
 
+    // Also check the log file isn't a symlink
+    if (existsSync(logFile)) {
+      const fileStat = lstatSync(logFile);
+      if (!fileStat.isFile()) return;
+    }
+
     const entry = JSON.stringify({
       t: new Date().toISOString(),
       h: hook,
@@ -50,10 +60,22 @@ export function readEvents(projectDir, { days = 7 } = {}) {
     const eventsDir = join(projectDir, '.smith', 'events');
     if (!existsSync(eventsDir)) return [];
 
+    // Symlink check: ensure events dir is a real directory
+    const stat = lstatSync(eventsDir);
+    if (!stat.isDirectory()) return [];
+
+    // Calculate cutoff date for filtering
+    const cutoff = new Date();
+    cutoff.setDate(cutoff.getDate() - days);
+    const cutoffStr = cutoff.toISOString().split('T')[0]; // YYYY-MM-DD
+
     const files = readdirSync(eventsDir)
       .filter(f => f.endsWith('.jsonl'))
-      .sort()
-      .slice(-days); // Last N days
+      .filter(f => {
+        const dateStr = f.replace('.jsonl', '');
+        return /^\d{4}-\d{2}-\d{2}$/.test(dateStr) && dateStr >= cutoffStr;
+      })
+      .sort();
 
     const events = [];
     for (const file of files) {

package/lib/hook-utils.mjs

@@ -0,0 +1,69 @@
+/**
+ * Hook Utilities
+ * Common functions used across hook scripts
+ */
+
+import { readFileSync } from 'fs';
+import { join } from 'path';
+
+/**
+ * Sanitize session/agent IDs to prevent path traversal
+ * Currently duplicated 11 times across hooks
+ * @param {string} id - The ID to sanitize
+ * @returns {string} Sanitized ID safe for filesystem use
+ */
+export function sanitizeId(id) {
+  if (!id || typeof id !== 'string') return 'default';
+  return id.replace(/[^a-zA-Z0-9_-]/g, '').slice(0, 128) || 'default';
+}
+
+/**
+ * Check if OMC autonomous mode is active
+ * Currently duplicated 4 times (debug-loop, scope-guard, batch-checkpoint, plan-guard)
+ * @param {string} cwd - Current working directory
+ * @returns {boolean} True if any OMC autonomous mode is active
+ */
+export function isOmcAutoMode(cwd) {
+  const omcStateDir = join(cwd, '.omc', 'state');
+  const omcAutoModes = ['autopilot-state.json', 'ultrawork-state.json', 'ralph-state.json'];
+  return omcAutoModes.some(f => {
+    try {
+      const state = JSON.parse(readFileSync(join(omcStateDir, f), 'utf8'));
+      return state.active === true || state.status === 'running';
+    } catch { return false; }
+  });
+}
+
+/**
+ * Parse hook input from stdin (JSON)
+ * Common pattern across all hooks
+ * @returns {object|null} Parsed input or null if parsing fails
+ */
+export function parseHookInput() {
+  try {
+    return JSON.parse(readFileSync(0, 'utf8'));
+  } catch {
+    return null;
+  }
+}
+
+/**
+ * Send a brief notification to stderr for user visibility
+ * Only active when notify: true in .claude-smith.json
+ * @param {boolean} notify - Whether notifications are enabled
+ * @param {string} hookName - Display name of the hook
+ * @param {string} eventType - fire|warn|block|inject|track
+ * @param {string} message - Brief description
+ */
+export function notifyUser(notify, hookName, eventType, message) {
+  if (!notify) return;
+  const icons = {
+    fire: '✅',
+    warn: '⚠️',
+    block: '🚫',
+    inject: '🤖',
+    track: '📊'
+  };
+  const icon = icons[eventType] || '📝';
+  process.stderr.write(`🕵️ Smith — ${icon} ${hookName}: ${message}\n`);
+}

package/lib/stats.mjs

@@ -7,8 +7,20 @@ import { readFileSync, writeFileSync, existsSync, mkdirSync, readdirSync } from
 import { join } from 'path';
 import { tmpdir } from 'os';
 
+const KNOWN_EVENTS = ['fire', 'warn', 'block'];
+
 export function recordEvent(sessionId, hookName, eventType) {
-  const stateDir = join(tmpdir(), '.claude-smith', sessionId || 'default');
+  // Guard: only record known event types
+  if (!KNOWN_EVENTS.includes(eventType)) return;
+
+  // Sanitize sessionId and validate path
+  const safeId = (sessionId || 'default').replace(/[^a-zA-Z0-9_-]/g, '').slice(0, 128) || 'default';
+  const stateDir = join(tmpdir(), '.claude-smith', safeId);
+
+  // Verify resolved path is under expected parent
+  const expectedParent = join(tmpdir(), '.claude-smith');
+  if (!stateDir.startsWith(expectedParent)) return;
+
   mkdirSync(stateDir, { recursive: true, mode: 0o700 });
 
   const counterFile = join(stateDir, `stat-${hookName}-${eventType}`);
@@ -18,16 +30,31 @@ export function recordEvent(sessionId, hookName, eventType) {
 }
 
 export function readStats(sessionId) {
-  const stateDir = join(tmpdir(), '.claude-smith', sessionId || 'default');
+  // Sanitize sessionId and validate path
+  const safeId = (sessionId || 'default').replace(/[^a-zA-Z0-9_-]/g, '').slice(0, 128) || 'default';
+  const stateDir = join(tmpdir(), '.claude-smith', safeId);
+
+  // Verify resolved path is under expected parent
+  const expectedParent = join(tmpdir(), '.claude-smith');
+  if (!stateDir.startsWith(expectedParent)) return {};
+
   const stats = {};
 
   try {
     const files = readdirSync(stateDir).filter(f => f.startsWith('stat-'));
     for (const f of files) {
       // Format: stat-{hookName}-{eventType}
-      const parts = f.replace('stat-', '').split('-');
-      const eventType = parts.pop();
-      const hookName = parts.join('-');
+      // Use safer parsing with explicit known event types
+      const raw = f.replace('stat-', ''); // e.g., "batch-checkpoint-warn"
+      const lastDash = raw.lastIndexOf('-');
+      if (lastDash === -1) continue;
+
+      const eventType = raw.slice(lastDash + 1);
+      const hookName = raw.slice(0, lastDash);
+
+      // Skip unknown event types
+      if (!KNOWN_EVENTS.includes(eventType)) continue;
+
       if (!stats[hookName]) stats[hookName] = { fire: 0, warn: 0, block: 0 };
       try {
         stats[hookName][eventType] = parseInt(readFileSync(join(stateDir, f), 'utf8'), 10) || 0;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "claude-smith",
-  "version": "3.1.0",
+  "version": "3.2.0",
   "description": "Claude Code workflow enforcement CLI - forging coding discipline into every session",
   "type": "module",
   "scripts": {

package/templates/commands/smith-update.md

@@ -4,6 +4,6 @@ Steps:
 1. Run: `npx claude-smith --version` to get the current installed version
 2. Run: `npm view claude-smith version 2>/dev/null` to check the latest published version
 3. Compare the two versions:
-   - If they match: Report "🔨 Smith is up to date (vX.X.X)"
+   - If they match: Report "🕵️ Smith is up to date (vX.X.X)"
    - If latest is newer: Report the version difference and run `npx claude-smith update` to apply the update
    - If npm check fails: Report that version check failed (possibly offline) and suggest running `npx claude-smith update` manually

package/templates/rules.en.md

@@ -1,7 +1,7 @@
-<!-- CLAUDE-SMITH:START v1.0.0 -->
-# 🔨 Smith - Workflow Enforcement Rules
+<!-- CLAUDE-SMITH:START {{SMITH_VERSION}} -->
+# 🕵️ Smith - Workflow Enforcement Rules
 
-> Installed by 🔨 Smith v1.0.0. Do not edit manually.
+> Installed by 🕵️ Smith {{SMITH_VERSION}}. Do not edit manually.
 > Update with: `claude-smith update`
 
 ## 1. Workflow Protocol (auto-applied)

package/templates/rules.ja.md

@@ -1,7 +1,7 @@
-<!-- CLAUDE-SMITH:START v1.0.0 -->
-# 🔨 Smith - ワークフロー実行ルール
+<!-- CLAUDE-SMITH:START {{SMITH_VERSION}} -->
+# 🕵️ Smith - ワークフロー実行ルール
 
-> 🔨 Smith v1.0.0 によりインストール。手動で編集しないでください。
+> 🕵️ Smith {{SMITH_VERSION}} によりインストール。手動で編集しないでください。
 > 更新コマンド：`claude-smith update`
 
 ## 1. ワークフロープロトコル（自動適用）

package/templates/rules.ko.md

@@ -1,7 +1,7 @@
-<!-- CLAUDE-SMITH:START v1.0.0 -->
-# 🔨 Smith - Workflow Enforcement Rules
+<!-- CLAUDE-SMITH:START {{SMITH_VERSION}} -->
+# 🕵️ Smith - Workflow Enforcement Rules
 
-> Installed by 🔨 Smith v1.0.0. Do not edit manually.
+> Installed by 🕵️ Smith {{SMITH_VERSION}}. Do not edit manually.
 > Update with: `claude-smith update`
 
 ## 1. Workflow Protocol (자동 적용)

package/templates/rules.md

@@ -1,7 +1,7 @@
-<!-- CLAUDE-SMITH:START v1.0.0 -->
-# 🔨 Smith - Workflow Enforcement Rules
+<!-- CLAUDE-SMITH:START {{SMITH_VERSION}} -->
+# 🕵️ Smith - Workflow Enforcement Rules
 
-> Installed by 🔨 Smith v1.0.0. Do not edit manually.
+> Installed by 🕵️ Smith {{SMITH_VERSION}}. Do not edit manually.
 > Update with: `claude-smith update`
 
 ## 1. Workflow Protocol (auto-applied)

package/templates/rules.zh.md

@@ -1,7 +1,7 @@
-<!-- CLAUDE-SMITH:START v1.0.0 -->
-# 🔨 Smith - 工作流执行规则
+<!-- CLAUDE-SMITH:START {{SMITH_VERSION}} -->
+# 🕵️ Smith - 工作流执行规则
 
-> 由 🔨 Smith v1.0.0 安装。请勿手动编辑。
+> 由 🕵️ Smith {{SMITH_VERSION}} 安装。请勿手动编辑。
 > 更新命令：`claude-smith update`
 
 ## 1. 工作流协议（自动应用）