cortexhawk 3.1.0

package/cortexhawk

@@ -0,0 +1,450 @@
+#!/usr/bin/env bash
+# cortexhawk — CLI wrapper for CortexHawk development toolkit
+# Install via: npm install -g cortexhawk | ./setup.sh | git clone
+
+set -e
+
+# Resolve CORTEXHAWK_HOME: env var > script location > default
+if [ -z "$CORTEXHAWK_HOME" ]; then
+    # Resolve symlinks to find the actual script location (npm global symlinks)
+    SOURCE="${BASH_SOURCE[0]}"
+    while [ -L "$SOURCE" ]; do
+        DIR="$(cd -P "$(dirname "$SOURCE")" && pwd)"
+        SOURCE="$(readlink "$SOURCE")"
+        [[ $SOURCE != /* ]] && SOURCE="$DIR/$SOURCE"
+    done
+    SCRIPT_DIR="$(cd -P "$(dirname "$SOURCE")" && pwd)"
+
+    if [ -f "$SCRIPT_DIR/install.sh" ]; then
+        CORTEXHAWK_HOME="$SCRIPT_DIR"
+    else
+        CORTEXHAWK_HOME="$HOME/.cortexhawk"
+    fi
+fi
+
+INSTALL_SH="$CORTEXHAWK_HOME/install.sh"
+
+green() { printf "\033[32m%s\033[0m\n" "$1"; }
+yellow() { printf "\033[33m%s\033[0m\n" "$1"; }
+red() { printf "\033[31m%s\033[0m\n" "$1"; }
+
+get_version() {
+    grep -m1 '## \[' "$CORTEXHAWK_HOME/CHANGELOG.md" 2>/dev/null | sed 's/.*\[\([^]]*\)\].*/\1/' || echo "unknown"
+}
+
+# --- validate command ---
+do_validate() {
+    local project_root="${1:-.}"
+    local ok=0 fail=0 warn=0
+
+    echo "CortexHawk Validate"
+    echo "======================"
+    echo "  Project: $(cd "$project_root" && pwd)"
+    echo ""
+
+    # Detect installed targets
+    local targets_found=()
+    [ -f "$project_root/.claude/.cortexhawk-manifest" ] && targets_found+=("claude")
+    [ -f "$project_root/.kimi/.cortexhawk-manifest" ] && targets_found+=("kimi")
+    [ -f "$project_root/.codex/.cortexhawk-manifest" ] && targets_found+=("codex")
+
+    if [ ${#targets_found[@]} -eq 0 ]; then
+        red "  No CortexHawk installation found in this directory."
+        echo "  Run: cortexhawk install"
+        return 1
+    fi
+
+    echo "  Targets found: ${targets_found[*]}"
+    echo ""
+
+    check() {
+        local label="$1" result="$2"
+        if [ "$result" = "ok" ]; then
+            printf "  \033[32m[OK]\033[0m  %s\n" "$label"
+            ok=$((ok + 1))
+        elif [ "$result" = "warn" ]; then
+            printf "  \033[33m[!!]\033[0m  %s\n" "$label"
+            warn=$((warn + 1))
+        else
+            printf "  \033[31m[FAIL]\033[0m %s\n" "$label"
+            fail=$((fail + 1))
+        fi
+    }
+
+    for target in "${targets_found[@]}"; do
+        echo "--- $target ---"
+        local target_dir=""
+        case "$target" in
+            claude) target_dir="$project_root/.claude" ;;
+            kimi)   target_dir="$project_root/.kimi" ;;
+            codex)  target_dir="$project_root/.codex" ;;
+        esac
+
+        # 1. Manifest
+        if [ -f "$target_dir/.cortexhawk-manifest" ]; then
+            local ver
+            ver=$(grep -o '"version": "[^"]*"' "$target_dir/.cortexhawk-manifest" 2>/dev/null | head -1 | cut -d'"' -f4)
+            check "Manifest present (v$ver)" "ok"
+        else
+            check "Manifest missing" "fail"
+        fi
+
+        # 2. Skills count
+        local skills_count=0
+        if [ -d "$target_dir/skills" ]; then
+            skills_count=$(find "$target_dir/skills" -name "*.md" -type f 2>/dev/null | wc -l | tr -d ' ')
+        fi
+        if [ "$skills_count" -gt 0 ]; then
+            check "Skills: $skills_count files found" "ok"
+        else
+            check "Skills: none found in $target_dir/skills/" "fail"
+        fi
+
+        # 3. Target-specific checks
+        case "$target" in
+            claude)
+                # Agents
+                local agent_count=0
+                [ -d "$target_dir/agents" ] && agent_count=$(find "$target_dir/agents" -name "*.md" -type f 2>/dev/null | wc -l | tr -d ' ')
+                [ "$agent_count" -gt 0 ] && check "Agents: $agent_count files" "ok" || check "Agents: none found" "fail"
+
+                # Commands
+                local cmd_count=0
+                [ -d "$target_dir/commands" ] && cmd_count=$(find "$target_dir/commands" -name "*.md" -type f 2>/dev/null | wc -l | tr -d ' ')
+                [ "$cmd_count" -gt 0 ] && check "Commands: $cmd_count files" "ok" || check "Commands: none found" "fail"
+
+                # Hooks
+                local hook_count=0
+                [ -d "$target_dir/hooks" ] && hook_count=$(find "$target_dir/hooks" -name "*.sh" -type f 2>/dev/null | wc -l | tr -d ' ')
+                [ "$hook_count" -gt 0 ] && check "Hooks: $hook_count files" "ok" || check "Hooks: none found" "warn"
+
+                # settings.json
+                if [ -f "$target_dir/settings.json" ]; then
+                    if python3 -c "import json; json.load(open('$target_dir/settings.json'))" 2>/dev/null || \
+                       node -e "JSON.parse(require('fs').readFileSync('$target_dir/settings.json'))" 2>/dev/null; then
+                        check "settings.json valid JSON" "ok"
+                    else
+                        check "settings.json invalid JSON" "fail"
+                    fi
+                else
+                    check "settings.json missing" "warn"
+                fi
+
+                # Modes
+                local mode_count=0
+                [ -d "$target_dir/modes" ] && mode_count=$(find "$target_dir/modes" -name "*.md" -type f 2>/dev/null | wc -l | tr -d ' ')
+                [ "$mode_count" -gt 0 ] && check "Modes: $mode_count files" "ok" || check "Modes: none found" "warn"
+                ;;
+
+            kimi)
+                # AGENTS.md at project root
+                if [ -f "$project_root/AGENTS.md" ] && grep -q "CortexHawk" "$project_root/AGENTS.md" 2>/dev/null; then
+                    check "AGENTS.md in project root" "ok"
+                else
+                    check "AGENTS.md missing or not CortexHawk" "fail"
+                fi
+
+                # Commands as skills
+                local cmd_skills=0
+                cmd_skills=$(find "$target_dir/skills/cmd-"* -maxdepth 0 -type d 2>/dev/null | wc -l | tr -d ' ')
+                [ "$cmd_skills" -gt 0 ] && check "Commands as skills: $cmd_skills" "ok" || check "Commands as skills: none" "fail"
+
+                # Hooks as skills
+                local hook_skills=0
+                hook_skills=$(find "$target_dir/skills/hook-"* -maxdepth 0 -type d 2>/dev/null | wc -l | tr -d ' ')
+                [ "$hook_skills" -gt 0 ] && check "Hooks as skills: $hook_skills" "ok" || check "Hooks as skills: none" "warn"
+
+                # Agents as skills
+                local agent_skills=0
+                agent_skills=$(find "$target_dir/skills/agent-"* -maxdepth 0 -type d 2>/dev/null | wc -l | tr -d ' ')
+                [ "$agent_skills" -gt 0 ] && check "Agents as skills: $agent_skills" "ok" || check "Agents as skills: none" "fail"
+
+                # Modes as skills
+                local mode_skills=0
+                [ -d "$target_dir/skills/modes" ] && mode_skills=$(find "$target_dir/skills/modes" -maxdepth 1 -type d 2>/dev/null | wc -l | tr -d ' ')
+                mode_skills=$((mode_skills - 1)) 2>/dev/null || mode_skills=0
+                [ "$mode_skills" -gt 0 ] && check "Modes as skills: $mode_skills" "ok" || check "Modes as skills: none" "warn"
+
+                # .envrc
+                if [ -f "$project_root/.envrc" ] && grep -q "KIMI_SHARE_DIR" "$project_root/.envrc" 2>/dev/null; then
+                    check ".envrc with KIMI_SHARE_DIR" "ok"
+                else
+                    check ".envrc missing KIMI_SHARE_DIR (sessions will use global)" "warn"
+                fi
+                ;;
+
+            codex)
+                local agents_dir="$project_root/.agents"
+
+                # AGENTS.md at project root
+                if [ -f "$project_root/AGENTS.md" ] && grep -q "CortexHawk" "$project_root/AGENTS.md" 2>/dev/null; then
+                    check "AGENTS.md in project root" "ok"
+                else
+                    check "AGENTS.md missing or not CortexHawk" "fail"
+                fi
+
+                # .agents/ directory
+                if [ -d "$agents_dir/skills" ]; then
+                    local codex_skills=0
+                    codex_skills=$(find "$agents_dir/skills" -name "*.md" -type f 2>/dev/null | wc -l | tr -d ' ')
+                    check ".agents/skills/: $codex_skills files" "ok"
+                else
+                    check ".agents/skills/ missing" "fail"
+                fi
+
+                # config.toml
+                if [ -f "$target_dir/config.toml" ]; then
+                    check "config.toml present" "ok"
+                else
+                    check "config.toml missing" "fail"
+                fi
+                ;;
+        esac
+        echo ""
+    done
+
+    # Shared checks
+    echo "--- shared ---"
+
+    # .gitignore
+    if [ -f "$project_root/.gitignore" ]; then
+        local ignored=0
+        for target in "${targets_found[@]}"; do
+            case "$target" in
+                claude) grep -qx ".claude/" "$project_root/.gitignore" 2>/dev/null && ignored=$((ignored + 1)) ;;
+                kimi)   grep -qx ".kimi/" "$project_root/.gitignore" 2>/dev/null && ignored=$((ignored + 1)) ;;
+                codex)  grep -qx ".codex/" "$project_root/.gitignore" 2>/dev/null && ignored=$((ignored + 1)) ;;
+            esac
+        done
+        [ "$ignored" -eq "${#targets_found[@]}" ] && check "All targets in .gitignore" "ok" || check "Some targets missing from .gitignore" "warn"
+    else
+        check ".gitignore missing" "warn"
+    fi
+
+    # docs/ workspace
+    if [ -d "$project_root/docs" ]; then
+        check "docs/ workspace present" "ok"
+    else
+        check "docs/ workspace missing" "warn"
+    fi
+
+    # git-workflow.conf
+    local found_conf=false
+    for target in "${targets_found[@]}"; do
+        case "$target" in
+            claude) [ -f "$project_root/.claude/git-workflow.conf" ] && found_conf=true ;;
+        esac
+    done
+    [ "$found_conf" = true ] && check "git-workflow.conf configured" "ok" || check "git-workflow.conf not found" "warn"
+
+    echo ""
+    echo "============================="
+    echo "  OK: $ok  |  WARN: $warn  |  FAIL: $fail"
+    if [ "$fail" -gt 0 ]; then
+        red "  Some checks failed. Run 'cortexhawk doctor' or reinstall."
+        return 1
+    elif [ "$warn" -gt 0 ]; then
+        yellow "  All critical checks passed. Some warnings to review."
+    else
+        green "  All checks passed!"
+    fi
+}
+
+# Verify CortexHawk source exists
+check_home() {
+    if [ ! -f "$INSTALL_SH" ]; then
+        red "CortexHawk not found in $CORTEXHAWK_HOME"
+        echo ""
+        echo "Install with:"
+        echo "  git clone https://github.com/Spechawk94/CortexHawk.git ~/.cortexhawk"
+        echo ""
+        echo "Or set CORTEXHAWK_HOME to your clone location."
+        exit 1
+    fi
+}
+
+show_help() {
+    echo "CortexHawk CLI v$(get_version)"
+    echo ""
+    echo "Usage: cortexhawk <command> [options]"
+    echo ""
+    echo "Setup:"
+    echo "  init                Interactive setup wizard (auto-detects CLIs)"
+    echo "  install [opts]      Install CortexHawk (--target, --profile, --global, --pack)"
+    echo "  update [--force]    Update existing installation"
+    echo "  uninstall           Remove CortexHawk installation"
+    echo ""
+    echo "Diagnostics:"
+    echo "  validate [path]     Verify skills/agents discovery per target"
+    echo "  doctor              Check installation health"
+    echo "  stats               Show installation overview"
+    echo "  quickstart          Getting-started guide"
+    echo "  demo                Create sandbox project with intentional bugs"
+    echo ""
+    echo "Skills:"
+    echo "  search <keyword>    Search community skills (SkillsMP or local)"
+    echo "  add-skill <url>     Install skill from GitHub"
+    echo "  publish <path>      Publish local skill to GitHub"
+    echo ""
+    echo "Snapshots:"
+    echo "  snapshot [--portable]  Save installation state"
+    echo "  snapshots             List saved snapshots"
+    echo "  restore <file>        Restore from snapshot"
+    echo "  diff [file] [file]    Compare states"
+    echo ""
+    echo "Hooks:"
+    echo "  hooks                 List all hooks with status"
+    echo "  enable-hook <name>    Enable a hook"
+    echo "  disable-hook <name>   Disable a hook"
+    echo "  test-hooks            Dry-run hooks with synthetic inputs"
+    echo ""
+    echo "Other:"
+    echo "  self-update           Update CortexHawk source (git pull)"
+    echo "  version               Show version"
+    echo "  help                  Show this help"
+    echo ""
+    echo "All install.sh flags also work: cortexhawk --dry-run --target kimi"
+    echo ""
+    echo "CORTEXHAWK_HOME=$CORTEXHAWK_HOME"
+}
+
+# Main dispatcher
+cmd="${1:-help}"
+
+case "$cmd" in
+    init)
+        check_home
+        shift
+        bash "$INSTALL_SH" --init "$@"
+        ;;
+    install)
+        check_home
+        shift
+        bash "$INSTALL_SH" "$@"
+        ;;
+    update)
+        check_home
+        shift
+        bash "$INSTALL_SH" --update "$@"
+        ;;
+    uninstall)
+        check_home
+        shift
+        bash "$INSTALL_SH" --uninstall "$@"
+        ;;
+    validate)
+        shift
+        do_validate "$@"
+        ;;
+    doctor)
+        check_home
+        shift
+        bash "$INSTALL_SH" --doctor "$@"
+        ;;
+    stats)
+        check_home
+        shift
+        bash "$INSTALL_SH" --stats "$@"
+        ;;
+    quickstart)
+        check_home
+        shift
+        bash "$INSTALL_SH" --quickstart "$@"
+        ;;
+    demo)
+        check_home
+        shift
+        bash "$INSTALL_SH" --demo "$@"
+        ;;
+    search)
+        check_home
+        shift
+        bash "$INSTALL_SH" --search "$@"
+        ;;
+    add-skill)
+        check_home
+        shift
+        bash "$INSTALL_SH" --add-skill "$@"
+        ;;
+    publish)
+        check_home
+        shift
+        bash "$INSTALL_SH" --publish-skill "$@"
+        ;;
+    snapshot)
+        check_home
+        shift
+        bash "$INSTALL_SH" --snapshot "$@"
+        ;;
+    snapshots)
+        check_home
+        shift
+        bash "$INSTALL_SH" --snapshots "$@"
+        ;;
+    restore)
+        check_home
+        shift
+        bash "$INSTALL_SH" --restore "$@"
+        ;;
+    diff)
+        check_home
+        shift
+        bash "$INSTALL_SH" --diff "$@"
+        ;;
+    hooks)
+        check_home
+        shift
+        bash "$INSTALL_SH" --list-hooks "$@"
+        ;;
+    enable-hook)
+        check_home
+        shift
+        bash "$INSTALL_SH" --enable-hook "$@"
+        ;;
+    disable-hook)
+        check_home
+        shift
+        bash "$INSTALL_SH" --disable-hook "$@"
+        ;;
+    test-hooks)
+        check_home
+        shift
+        bash "$INSTALL_SH" --test-hooks "$@"
+        ;;
+    self-update)
+        check_home
+        if [ ! -d "$CORTEXHAWK_HOME/.git" ]; then
+            yellow "CortexHawk installed via npm — use: npm update -g cortexhawk"
+            exit 0
+        fi
+        echo "Updating CortexHawk source..."
+        cd "$CORTEXHAWK_HOME"
+        local_version=$(get_version)
+        git pull --quiet
+        new_version=$(get_version)
+        if [ "$local_version" = "$new_version" ]; then
+            green "Already up to date (v$new_version)"
+        else
+            green "Updated: v$local_version → v$new_version"
+            echo "Run 'cortexhawk update' to apply changes to your projects."
+        fi
+        ;;
+    version|--version|-v)
+        check_home
+        echo "cortexhawk v$(get_version)"
+        echo "Source: $CORTEXHAWK_HOME"
+        ;;
+    help|--help|-h)
+        show_help
+        ;;
+    -*)
+        # Raw flags passthrough to install.sh
+        check_home
+        bash "$INSTALL_SH" "$@"
+        ;;
+    *)
+        red "Unknown command: $cmd"
+        echo "Run 'cortexhawk help' for usage."
+        exit 1
+        ;;
+esac

package/hooks/agent-analytics.sh

@@ -0,0 +1,67 @@
+#!/bin/bash
+# agent-analytics — Track agent invocations via docs/ writes
+# Hook type: PostToolUse (Write|Edit)
+
+# Read file_path from stdin JSON (Claude Code hook protocol)
+if [ -n "$CORTEXHAWK_FILE_PATH" ]; then
+    FILE_PATH="$CORTEXHAWK_FILE_PATH"
+else
+    INPUT=$(cat)
+    FILE_PATH=$(printf '%s' "$INPUT" | grep -o '"file_path" *: *"[^"]*"' | head -1 | sed 's/.*: *"//;s/"$//')
+fi
+
+if [[ -z "$FILE_PATH" ]] || [[ ! -f "$FILE_PATH" ]]; then
+    exit 0
+fi
+
+# Reject directory traversal or suspicious characters
+if [[ "$FILE_PATH" =~ \.\. ]] || [[ "$FILE_PATH" =~ [^a-zA-Z0-9/_.\-] ]]; then
+    exit 0
+fi
+
+# Only track docs/ writes
+case "$FILE_PATH" in
+    docs/*) ;;
+    *) exit 0 ;;
+esac
+
+# Skip _shared.md (auto-generated by session-start)
+case "$FILE_PATH" in
+    docs/.context/_shared.md) exit 0 ;;
+esac
+
+# Map directory to agent
+AGENT=""
+case "$FILE_PATH" in
+    docs/brainstorms/*) AGENT="brainstormer" ;;
+    docs/plans/*)       AGENT="planner" ;;
+    docs/decisions/*)   AGENT="architect" ;;
+    docs/research/*)    AGENT="researcher" ;;
+    docs/audits/*)      AGENT="security-auditor" ;;
+    docs/conversations/*) AGENT="copywriter" ;;
+    docs/chains/*)      AGENT="chain" ;;
+    docs/.context/*)    AGENT="context-update" ;;
+    *) exit 0 ;;
+esac
+
+# Compute metrics
+SIZE_BYTES=$(wc -c < "$FILE_PATH" | tr -d ' ')
+ESTIMATED_TOKENS=$((SIZE_BYTES / 4))
+TIMESTAMP=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
+TODAY=$(date +"%Y-%m-%d")
+
+# Ensure metrics directory exists
+METRICS_DIR="docs/.metrics"
+mkdir -p "$METRICS_DIR"
+
+# Escape strings for safe JSON output
+json_escape() { printf '%s' "$1" | sed 's/\\/\\\\/g; s/"/\\"/g'; }
+
+# Append JSONL entry
+FILENAME=$(json_escape "$(basename "$FILE_PATH")")
+FILEPATH_ESC=$(json_escape "$FILE_PATH")
+printf '{"timestamp":"%s","agent":"%s","file":"%s","path":"%s","size_bytes":%d,"estimated_tokens":%d}\n' \
+    "$TIMESTAMP" "$AGENT" "$FILENAME" "$FILEPATH_ESC" "$SIZE_BYTES" "$ESTIMATED_TOKENS" \
+    >> "$METRICS_DIR/$TODAY.jsonl"
+
+exit 0

package/hooks/branch-guard.sh

@@ -0,0 +1,56 @@
+#!/bin/bash
+# branch-guard — Prevents direct push to protected branches
+# Hook type: PreToolUse (Bash)
+
+# Read command from stdin JSON (Claude Code hook protocol)
+if [ -n "$CORTEXHAWK_COMMAND" ]; then
+  CMD="$CORTEXHAWK_COMMAND"
+else
+  INPUT=$(cat)
+  CMD=$(printf '%s' "$INPUT" | grep -o '"command" *: *"[^"]*"' | head -1 | sed 's/.*: *"//;s/"$//')
+fi
+
+if [[ -z "$CMD" ]]; then
+  exit 0
+fi
+
+PROTECTED_BRANCHES=("main" "master" "production" "release")
+
+# Load git workflow config — allow direct-main push if configured
+CONF_FILE="$(git rev-parse --show-toplevel 2>/dev/null)/.claude/git-workflow.conf"
+if [[ -f "$CONF_FILE" ]]; then
+  _BRANCHING=$(grep '^BRANCHING=' "$CONF_FILE" | cut -d= -f2)
+  if [[ "$_BRANCHING" == "direct-main" ]]; then
+    PROTECTED_BRANCHES=("master" "production" "release")
+  fi
+fi
+
+# Check for git push to protected branches
+if echo "$CMD" | grep -qE 'git\s+push'; then
+  CURRENT_BRANCH=$(git branch --show-current 2>/dev/null)
+
+  for branch in "${PROTECTED_BRANCHES[@]}"; do
+    # Direct push: git push origin main
+    if echo "$CMD" | grep -qE "git\s+push\s+\S+\s+${branch}(\s|$)"; then
+      echo "BLOCKED: Direct push to '$branch' denied by branch-guard" >&2
+      echo "Use a feature branch and create a PR instead" >&2
+      exit 2
+    fi
+
+    # Push current branch if it's protected: git push (while on main)
+    if [[ "$CURRENT_BRANCH" == "$branch" ]]; then
+      echo "BLOCKED: Push from protected branch '$branch' denied by branch-guard" >&2
+      echo "Use a feature branch and create a PR instead" >&2
+      exit 2
+    fi
+  done
+
+  # Block force push
+  if echo "$CMD" | grep -qE 'git\s+push\s+.*(-f|--force|--force-with-lease)'; then
+    echo "BLOCKED: Force push denied by branch-guard" >&2
+    echo "Force push can destroy remote history — use with extreme caution" >&2
+    exit 2
+  fi
+fi
+
+exit 0

package/hooks/codex-dispatcher.sh

@@ -0,0 +1,84 @@
+#!/bin/bash
+# codex-dispatcher.sh — Bridges Codex after_tool_use events to CortexHawk PostToolUse hooks
+# Reads JSON payload from stdin, extracts modified files, dispatches to hooks
+# Hook type: Codex after_tool_use
+
+# Read payload from stdin
+PAYLOAD=$(cat)
+
+# Require jq for JSON parsing
+if ! command -v jq >/dev/null 2>&1; then
+    exit 0
+fi
+
+# Extract fields from payload
+EVENT_TYPE=$(echo "$PAYLOAD" | jq -r '.hook_event.event_type // empty')
+if [ "$EVENT_TYPE" != "after_tool_use" ]; then
+    exit 0
+fi
+
+SUCCESS=$(echo "$PAYLOAD" | jq -r '.hook_event.success // false')
+if [ "$SUCCESS" != "true" ]; then
+    exit 0
+fi
+
+MUTATING=$(echo "$PAYLOAD" | jq -r '.hook_event.mutating // false')
+if [ "$MUTATING" != "true" ]; then
+    exit 0
+fi
+
+CWD=$(echo "$PAYLOAD" | jq -r '.cwd // empty')
+
+# Extract modified file paths — two strategies:
+# 1. From output_preview (apply_patch output: "M filename" lines)
+# 2. From tool_input (apply_patch input: "*** Update File: filename" lines)
+FILES=""
+
+# Strategy 1: output_preview → fromjson → .output → grep "^[MA] "
+OUTPUT_FILES=$(echo "$PAYLOAD" | jq -r '(.hook_event.output_preview | fromjson).output // empty' 2>/dev/null \
+    | grep -E '^[MA] ' | sed 's/^[MA] //' || true)
+if [ -n "$OUTPUT_FILES" ]; then
+    FILES="$OUTPUT_FILES"
+fi
+
+# Strategy 2: tool_input.input → grep "Update File:"
+if [ -z "$FILES" ]; then
+    INPUT_FILES=$(echo "$PAYLOAD" | jq -r '.hook_event.tool_input.input // empty' 2>/dev/null \
+        | grep 'Update File:' | sed 's/.*Update File: *//' || true)
+    FILES="$INPUT_FILES"
+fi
+
+if [ -z "$FILES" ]; then
+    exit 0
+fi
+
+# Locate hooks directory (relative to this script)
+HOOKS_DIR="$(cd "$(dirname "$0")" && pwd)"
+
+# Dispatch each modified file to PostToolUse hooks
+while IFS= read -r file; do
+    [ -z "$file" ] && continue
+
+    # Resolve to absolute path
+    if [[ "$file" != /* ]]; then
+        file="$CWD/$file"
+    fi
+
+    # Pass file path via env var (hooks read CORTEXHAWK_FILE_PATH or stdin JSON)
+    export CORTEXHAWK_FILE_PATH="$file"
+
+    # self-review
+    [ -f "$HOOKS_DIR/self-review.sh" ] && bash "$HOOKS_DIR/self-review.sh" < /dev/null 2>/dev/null || true
+
+    # dependency-check
+    [ -f "$HOOKS_DIR/dependency-check.sh" ] && bash "$HOOKS_DIR/dependency-check.sh" < /dev/null 2>/dev/null || true
+
+    # test-reminder
+    [ -f "$HOOKS_DIR/test-reminder.sh" ] && bash "$HOOKS_DIR/test-reminder.sh" < /dev/null 2>/dev/null || true
+
+    # agent-analytics
+    [ -f "$HOOKS_DIR/agent-analytics.sh" ] && bash "$HOOKS_DIR/agent-analytics.sh" < /dev/null 2>/dev/null || true
+
+done <<< "$FILES"
+
+exit 0