code-as-plan 2.0.0

package/hooks/dist/gsd-statusline.js

@@ -0,0 +1,119 @@
+#!/usr/bin/env node
+// gsd-hook-version: {{GSD_VERSION}}
+// Claude Code Statusline - GSD Edition
+// Shows: model | current task | directory | context usage
+
+const fs = require('fs');
+const path = require('path');
+const os = require('os');
+
+// Read JSON from stdin
+let input = '';
+// Timeout guard: if stdin doesn't close within 3s (e.g. pipe issues on
+// Windows/Git Bash), exit silently instead of hanging. See #775.
+const stdinTimeout = setTimeout(() => process.exit(0), 3000);
+process.stdin.setEncoding('utf8');
+process.stdin.on('data', chunk => input += chunk);
+process.stdin.on('end', () => {
+  clearTimeout(stdinTimeout);
+  try {
+    const data = JSON.parse(input);
+    const model = data.model?.display_name || 'Claude';
+    const dir = data.workspace?.current_dir || process.cwd();
+    const session = data.session_id || '';
+    const remaining = data.context_window?.remaining_percentage;
+
+    // Context window display (shows USED percentage scaled to usable context)
+    // Claude Code reserves ~16.5% for autocompact buffer, so usable context
+    // is 83.5% of the total window. We normalize to show 100% at that point.
+    const AUTO_COMPACT_BUFFER_PCT = 16.5;
+    let ctx = '';
+    if (remaining != null) {
+      // Normalize: subtract buffer from remaining, scale to usable range
+      const usableRemaining = Math.max(0, ((remaining - AUTO_COMPACT_BUFFER_PCT) / (100 - AUTO_COMPACT_BUFFER_PCT)) * 100);
+      const used = Math.max(0, Math.min(100, Math.round(100 - usableRemaining)));
+
+      // Write context metrics to bridge file for the context-monitor PostToolUse hook.
+      // The monitor reads this file to inject agent-facing warnings when context is low.
+      if (session) {
+        try {
+          const bridgePath = path.join(os.tmpdir(), `claude-ctx-${session}.json`);
+          const bridgeData = JSON.stringify({
+            session_id: session,
+            remaining_percentage: remaining,
+            used_pct: used,
+            timestamp: Math.floor(Date.now() / 1000)
+          });
+          fs.writeFileSync(bridgePath, bridgeData);
+        } catch (e) {
+          // Silent fail -- bridge is best-effort, don't break statusline
+        }
+      }
+
+      // Build progress bar (10 segments)
+      const filled = Math.floor(used / 10);
+      const bar = '█'.repeat(filled) + '░'.repeat(10 - filled);
+
+      // Color based on usable context thresholds
+      if (used < 50) {
+        ctx = ` \x1b[32m${bar} ${used}%\x1b[0m`;
+      } else if (used < 65) {
+        ctx = ` \x1b[33m${bar} ${used}%\x1b[0m`;
+      } else if (used < 80) {
+        ctx = ` \x1b[38;5;208m${bar} ${used}%\x1b[0m`;
+      } else {
+        ctx = ` \x1b[5;31m💀 ${bar} ${used}%\x1b[0m`;
+      }
+    }
+
+    // Current task from todos
+    let task = '';
+    const homeDir = os.homedir();
+    // Respect CLAUDE_CONFIG_DIR for custom config directory setups (#870)
+    const claudeDir = process.env.CLAUDE_CONFIG_DIR || path.join(homeDir, '.claude');
+    const todosDir = path.join(claudeDir, 'todos');
+    if (session && fs.existsSync(todosDir)) {
+      try {
+        const files = fs.readdirSync(todosDir)
+          .filter(f => f.startsWith(session) && f.includes('-agent-') && f.endsWith('.json'))
+          .map(f => ({ name: f, mtime: fs.statSync(path.join(todosDir, f)).mtime }))
+          .sort((a, b) => b.mtime - a.mtime);
+
+        if (files.length > 0) {
+          try {
+            const todos = JSON.parse(fs.readFileSync(path.join(todosDir, files[0].name), 'utf8'));
+            const inProgress = todos.find(t => t.status === 'in_progress');
+            if (inProgress) task = inProgress.activeForm || '';
+          } catch (e) {}
+        }
+      } catch (e) {
+        // Silently fail on file system errors - don't break statusline
+      }
+    }
+
+    // GSD update available?
+    let gsdUpdate = '';
+    const cacheFile = path.join(claudeDir, 'cache', 'gsd-update-check.json');
+    if (fs.existsSync(cacheFile)) {
+      try {
+        const cache = JSON.parse(fs.readFileSync(cacheFile, 'utf8'));
+        if (cache.update_available) {
+          gsdUpdate = '\x1b[33m⬆ /gsd:update\x1b[0m │ ';
+        }
+        if (cache.stale_hooks && cache.stale_hooks.length > 0) {
+          gsdUpdate += '\x1b[31m⚠ stale hooks — run /gsd:update\x1b[0m │ ';
+        }
+      } catch (e) {}
+    }
+
+    // Output
+    const dirname = path.basename(dir);
+    if (task) {
+      process.stdout.write(`${gsdUpdate}\x1b[2m${model}\x1b[0m │ \x1b[1m${task}\x1b[0m │ \x1b[2m${dirname}\x1b[0m${ctx}`);
+    } else {
+      process.stdout.write(`${gsdUpdate}\x1b[2m${model}\x1b[0m │ \x1b[2m${dirname}\x1b[0m${ctx}`);
+    }
+  } catch (e) {
+    // Silent fail - don't break statusline on parse errors
+  }
+});

package/hooks/dist/gsd-workflow-guard.js

@@ -0,0 +1,94 @@
+#!/usr/bin/env node
+// gsd-hook-version: {{GSD_VERSION}}
+// GSD Workflow Guard — PreToolUse hook
+// Detects when Claude attempts file edits outside a GSD workflow context
+// (no active /gsd: command or Task subagent) and injects an advisory warning.
+//
+// This is a SOFT guard — it advises, not blocks. The edit still proceeds.
+// The warning nudges Claude to use /gsd:quick or /gsd:fast instead of
+// making direct edits that bypass state tracking.
+//
+// Enable via config: hooks.workflow_guard: true (default: false)
+// Only triggers on Write/Edit tool calls to non-.planning/ files.
+
+const fs = require('fs');
+const path = require('path');
+
+let input = '';
+const stdinTimeout = setTimeout(() => process.exit(0), 3000);
+process.stdin.setEncoding('utf8');
+process.stdin.on('data', chunk => input += chunk);
+process.stdin.on('end', () => {
+  clearTimeout(stdinTimeout);
+  try {
+    const data = JSON.parse(input);
+    const toolName = data.tool_name;
+
+    // Only guard Write and Edit tool calls
+    if (toolName !== 'Write' && toolName !== 'Edit') {
+      process.exit(0);
+    }
+
+    // Check if we're inside a GSD workflow (Task subagent or /gsd: command)
+    // Subagents have a session_id that differs from the parent
+    // and typically have a description field set by the orchestrator
+    if (data.tool_input?.is_subagent || data.session_type === 'task') {
+      process.exit(0);
+    }
+
+    // Check the file being edited
+    const filePath = data.tool_input?.file_path || data.tool_input?.path || '';
+
+    // Allow edits to .planning/ files (GSD state management)
+    if (filePath.includes('.planning/') || filePath.includes('.planning\\')) {
+      process.exit(0);
+    }
+
+    // Allow edits to common config/docs files that don't need GSD tracking
+    const allowedPatterns = [
+      /\.gitignore$/,
+      /\.env/,
+      /CLAUDE\.md$/,
+      /AGENTS\.md$/,
+      /GEMINI\.md$/,
+      /settings\.json$/,
+    ];
+    if (allowedPatterns.some(p => p.test(filePath))) {
+      process.exit(0);
+    }
+
+    // Check if workflow guard is enabled
+    const cwd = data.cwd || process.cwd();
+    const configPath = path.join(cwd, '.planning', 'config.json');
+    if (fs.existsSync(configPath)) {
+      try {
+        const config = JSON.parse(fs.readFileSync(configPath, 'utf8'));
+        if (!config.hooks?.workflow_guard) {
+          process.exit(0); // Guard disabled (default)
+        }
+      } catch (e) {
+        process.exit(0);
+      }
+    } else {
+      process.exit(0); // No GSD project — don't guard
+    }
+
+    // If we get here: GSD project, guard enabled, file edit outside .planning/,
+    // not in a subagent context. Inject advisory warning.
+    const output = {
+      hookSpecificOutput: {
+        hookEventName: "PreToolUse",
+        additionalContext: `⚠️ WORKFLOW ADVISORY: You're editing ${path.basename(filePath)} directly without a GSD command. ` +
+          'This edit will not be tracked in STATE.md or produce a SUMMARY.md. ' +
+          'Consider using /gsd:fast for trivial fixes or /gsd:quick for larger changes ' +
+          'to maintain project state tracking. ' +
+          'If this is intentional (e.g., user explicitly asked for a direct edit), proceed normally.'
+      }
+    };
+
+    process.stdout.write(JSON.stringify(output));
+  } catch (e) {
+    // Silent fail — never block tool execution
+    process.exit(0);
+  }
+});

package/package.json

@@ -0,0 +1,51 @@
+{
+  "name": "code-as-plan",
+  "version": "2.0.0",
+  "description": "CAP — Code as Plan. Build first, plan from code. Farley-aligned engineering framework for Claude Code.",
+  "bin": {
+    "cap": "bin/install.js"
+  },
+  "files": [
+    "bin",
+    "commands",
+    "cap",
+    "agents",
+    "hooks/dist",
+    "scripts"
+  ],
+  "keywords": [
+    "claude",
+    "claude-code",
+    "ai",
+    "code-first",
+    "code-as-plan",
+    "engineering-framework",
+    "prototype-driven",
+    "annotation-driven",
+    "farley"
+  ],
+  "author": "TÂCHES",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/dwall-sys/code-as-plan.git"
+  },
+  "homepage": "https://github.com/dwall-sys/code-as-plan",
+  "bugs": {
+    "url": "https://github.com/dwall-sys/code-as-plan/issues"
+  },
+  "engines": {
+    "node": ">=20.0.0"
+  },
+  "devDependencies": {
+    "c8": "^11.0.0",
+    "esbuild": "^0.24.0",
+    "vitest": "^4.1.2"
+  },
+  "scripts": {
+    "build:hooks": "node scripts/build-hooks.js",
+    "prepublishOnly": "npm run build:hooks",
+    "test": "node scripts/run-tests.cjs",
+    "test:coverage": "c8 --check-coverage --lines 70 --reporter text --include 'cap/bin/lib/*.cjs' --exclude 'tests/**' --all node scripts/run-tests.cjs"
+  }
+}

package/scripts/base64-scan.sh

@@ -0,0 +1,262 @@
+#!/usr/bin/env bash
+# base64-scan.sh — Detect base64-obfuscated prompt injection in source files
+#
+# Extracts base64 blobs >= 40 chars, decodes them, and checks decoded content
+# against the same injection patterns used by prompt-injection-scan.sh.
+#
+# Usage:
+#   scripts/base64-scan.sh --diff origin/main   # CI mode: scan changed files
+#   scripts/base64-scan.sh --file path/to/file   # Scan a single file
+#   scripts/base64-scan.sh --dir agents/          # Scan all files in a directory
+#
+# Exit codes:
+#   0 = clean
+#   1 = findings detected
+#   2 = usage error
+set -euo pipefail
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+MIN_BLOB_LENGTH=40
+
+# ─── Injection Patterns (decoded content) ────────────────────────────────────
+# Subset of patterns — if someone base64-encoded something, check for the
+# most common injection indicators.
+DECODED_PATTERNS=(
+  'ignore[[:space:]]+(all[[:space:]]+)?previous[[:space:]]+instructions'
+  'you[[:space:]]+are[[:space:]]+now[[:space:]]+'
+  'system[[:space:]]+prompt'
+  '</?system>'
+  '</?assistant>'
+  '\[SYSTEM\]'
+  '\[INST\]'
+  '<<SYS>>'
+  'override[[:space:]]+(system|safety|security)'
+  'pretend[[:space:]]+(you|to)[[:space:]]'
+  'act[[:space:]]+as[[:space:]]+(a|an|if)'
+  'jailbreak'
+  'bypass[[:space:]]+(safety|content|security)'
+  'eval[[:space:]]*\('
+  'exec[[:space:]]*\('
+  'rm[[:space:]]+-rf'
+  'curl[[:space:]].*\|[[:space:]]*sh'
+  'wget[[:space:]].*\|[[:space:]]*sh'
+)
+
+# ─── Ignorelist ──────────────────────────────────────────────────────────────
+
+IGNOREFILE=".base64scanignore"
+IGNORED_PATTERNS=()
+
+load_ignorelist() {
+  if [[ -f "$IGNOREFILE" ]]; then
+    while IFS= read -r line; do
+      # Skip comments and empty lines
+      [[ "$line" =~ ^[[:space:]]*# ]] && continue
+      [[ -z "${line// }" ]] && continue
+      IGNORED_PATTERNS+=("$line")
+    done < "$IGNOREFILE"
+  fi
+}
+
+is_ignored() {
+  local blob="$1"
+  if [[ ${#IGNORED_PATTERNS[@]} -eq 0 ]]; then
+    return 1
+  fi
+  for pattern in "${IGNORED_PATTERNS[@]}"; do
+    if [[ "$blob" == "$pattern" ]]; then
+      return 0
+    fi
+  done
+  return 1
+}
+
+# ─── Skip Rules ──────────────────────────────────────────────────────────────
+
+should_skip_file() {
+  local file="$1"
+  # Skip binary files
+  case "$file" in
+    *.png|*.jpg|*.jpeg|*.gif|*.ico|*.woff|*.woff2|*.ttf|*.eot|*.otf) return 0 ;;
+    *.zip|*.tar|*.gz|*.bz2|*.xz|*.7z) return 0 ;;
+    *.pdf|*.doc|*.docx|*.xls|*.xlsx) return 0 ;;
+  esac
+  # Skip lockfiles and node_modules
+  case "$file" in
+    */node_modules/*) return 0 ;;
+    */package-lock.json) return 0 ;;
+    */yarn.lock) return 0 ;;
+    */pnpm-lock.yaml) return 0 ;;
+  esac
+  # Skip the scan scripts themselves and test files
+  case "$file" in
+    */base64-scan.sh) return 0 ;;
+    */security-scan.test.cjs) return 0 ;;
+  esac
+  return 1
+}
+
+is_data_uri() {
+  local context="$1"
+  # data:image/png;base64,... or data:application/font-woff;base64,...
+  echo "$context" | grep -qE 'data:[a-zA-Z]+/[a-zA-Z0-9.+-]+;base64,' 2>/dev/null
+}
+
+# ─── File Collection ─────────────────────────────────────────────────────────
+
+collect_files() {
+  local mode="$1"
+  shift
+
+  case "$mode" in
+    --diff)
+      local base="${1:-origin/main}"
+      git diff --name-only --diff-filter=ACMR "$base"...HEAD 2>/dev/null \
+        | grep -vE '\.(png|jpg|jpeg|gif|ico|woff|woff2|ttf|eot|otf|zip|tar|gz|pdf)$' || true
+      ;;
+    --file)
+      if [[ -f "$1" ]]; then
+        echo "$1"
+      else
+        echo "Error: file not found: $1" >&2
+        exit 2
+      fi
+      ;;
+    --dir)
+      local dir="$1"
+      if [[ ! -d "$dir" ]]; then
+        echo "Error: directory not found: $dir" >&2
+        exit 2
+      fi
+      find "$dir" -type f ! -path '*/node_modules/*' ! -path '*/.git/*' ! -path '*/dist/*' \
+        ! -name '*.png' ! -name '*.jpg' ! -name '*.gif' ! -name '*.woff*' 2>/dev/null || true
+      ;;
+    --stdin)
+      cat
+      ;;
+    *)
+      echo "Usage: $0 --diff [base] | --file <path> | --dir <path> | --stdin" >&2
+      exit 2
+      ;;
+  esac
+}
+
+# ─── Scanner ─────────────────────────────────────────────────────────────────
+
+extract_and_check_blobs() {
+  local file="$1"
+  local found=0
+  local line_num=0
+
+  while IFS= read -r line; do
+    line_num=$((line_num + 1))
+
+    # Skip data URIs — legitimate base64 usage
+    if is_data_uri "$line"; then
+      continue
+    fi
+
+    # Extract base64-like blobs (alphanumeric + / + = padding, >= MIN_BLOB_LENGTH)
+    local blobs
+    blobs=$(echo "$line" | grep -oE '[A-Za-z0-9+/]{'"$MIN_BLOB_LENGTH"',}={0,3}' 2>/dev/null || true)
+
+    if [[ -z "$blobs" ]]; then
+      continue
+    fi
+
+    while IFS= read -r blob; do
+      [[ -z "$blob" ]] && continue
+
+      # Check ignorelist
+      if [[ ${#IGNORED_PATTERNS[@]} -gt 0 ]] && is_ignored "$blob"; then
+        continue
+      fi
+
+      # Try to decode — if it fails, not valid base64
+      local decoded
+      decoded=$(echo "$blob" | base64 -d 2>/dev/null || echo "")
+
+      if [[ -z "$decoded" ]]; then
+        continue
+      fi
+
+      # Check if decoded content is mostly printable text (not random binary)
+      local printable_ratio
+      local total_chars=${#decoded}
+      if [[ $total_chars -eq 0 ]]; then
+        continue
+      fi
+
+      # Count printable ASCII characters
+      local printable_count
+      printable_count=$(echo -n "$decoded" | tr -cd '[:print:]' | wc -c | tr -d ' ')
+      # Skip if less than 70% printable (likely binary data, not obfuscated text)
+      if [[ $((printable_count * 100 / total_chars)) -lt 70 ]]; then
+        continue
+      fi
+
+      # Scan decoded content against injection patterns
+      for pattern in "${DECODED_PATTERNS[@]}"; do
+        if echo "$decoded" | grep -iqE "$pattern" 2>/dev/null; then
+          if [[ $found -eq 0 ]]; then
+            echo "FAIL: $file"
+            found=1
+          fi
+          echo "  line $line_num: base64 blob decodes to suspicious content"
+          echo "    blob: ${blob:0:60}..."
+          echo "    decoded: ${decoded:0:120}"
+          echo "    matched: $pattern"
+          break
+        fi
+      done
+    done <<< "$blobs"
+  done < "$file"
+
+  return $found
+}
+
+# ─── Main ────────────────────────────────────────────────────────────────────
+
+main() {
+  if [[ $# -eq 0 ]]; then
+    echo "Usage: $0 --diff [base] | --file <path> | --dir <path>" >&2
+    exit 2
+  fi
+
+  load_ignorelist
+
+  local mode="$1"
+  shift
+
+  local files
+  files=$(collect_files "$mode" "$@")
+
+  if [[ -z "$files" ]]; then
+    echo "base64-scan: no files to scan"
+    exit 0
+  fi
+
+  local total=0
+  local failed=0
+
+  while IFS= read -r file; do
+    [[ -z "$file" ]] && continue
+    if should_skip_file "$file"; then
+      continue
+    fi
+    total=$((total + 1))
+    if ! extract_and_check_blobs "$file"; then
+      failed=$((failed + 1))
+    fi
+  done <<< "$files"
+
+  echo ""
+  echo "base64-scan: scanned $total files, $failed with findings"
+
+  if [[ $failed -gt 0 ]]; then
+    exit 1
+  fi
+  exit 0
+}
+
+main "$@"

package/scripts/build-hooks.js

@@ -0,0 +1,82 @@
+#!/usr/bin/env node
+/**
+ * Copy GSD hooks to dist for installation.
+ * Validates JavaScript syntax before copying to prevent shipping broken hooks.
+ * See #1107, #1109, #1125, #1161 — a duplicate const declaration shipped
+ * in dist and caused PostToolUse hook errors for all users.
+ */
+
+const fs = require('fs');
+const path = require('path');
+const vm = require('vm');
+
+const HOOKS_DIR = path.join(__dirname, '..', 'hooks');
+const DIST_DIR = path.join(HOOKS_DIR, 'dist');
+
+// Hooks to copy (pure Node.js, no bundling needed)
+const HOOKS_TO_COPY = [
+  'gsd-check-update.js',
+  'gsd-context-monitor.js',
+  'gsd-prompt-guard.js',
+  'gsd-statusline.js',
+  'gsd-workflow-guard.js'
+];
+
+/**
+ * Validate JavaScript syntax without executing the file.
+ * Catches SyntaxError (duplicate const, missing brackets, etc.)
+ * before the hook gets shipped to users.
+ */
+function validateSyntax(filePath) {
+  const content = fs.readFileSync(filePath, 'utf8');
+  try {
+    // Use vm.compileFunction to check syntax without executing
+    new vm.Script(content, { filename: path.basename(filePath) });
+    return null; // No error
+  } catch (e) {
+    if (e instanceof SyntaxError) {
+      return e.message;
+    }
+    throw e;
+  }
+}
+
+function build() {
+  // Ensure dist directory exists
+  if (!fs.existsSync(DIST_DIR)) {
+    fs.mkdirSync(DIST_DIR, { recursive: true });
+  }
+
+  let hasErrors = false;
+
+  // Copy hooks to dist with syntax validation
+  for (const hook of HOOKS_TO_COPY) {
+    const src = path.join(HOOKS_DIR, hook);
+    const dest = path.join(DIST_DIR, hook);
+
+    if (!fs.existsSync(src)) {
+      console.warn(`Warning: ${hook} not found, skipping`);
+      continue;
+    }
+
+    // Validate syntax before copying
+    const syntaxError = validateSyntax(src);
+    if (syntaxError) {
+      console.error(`\x1b[31m✗ ${hook}: SyntaxError — ${syntaxError}\x1b[0m`);
+      hasErrors = true;
+      continue;
+    }
+
+    console.log(`\x1b[32m✓\x1b[0m Copying ${hook}...`);
+    fs.copyFileSync(src, dest);
+  }
+
+  if (hasErrors) {
+    console.error('\n\x1b[31mBuild failed: fix syntax errors above before publishing.\x1b[0m');
+    process.exit(1);
+  }
+
+  console.log('\nBuild complete.');
+}
+
+build();