cortexhawk 3.1.1 → 3.3.0

package/mcp/README.md

@@ -15,6 +15,7 @@ cp mcp/context7.json .mcp.json
 
 | Server | Purpose | Requires |
 |---|---|---|
+| `github.json` | GitHub API — PRs, issues, reviews, repos | npx + `GITHUB_PERSONAL_ACCESS_TOKEN` env |
 | `context7.json` | Library docs lookup via Context7 | npx |
 | `sequential-thinking.json` | Step-by-step reasoning for complex problems | npx |
 | `puppeteer.json` | Browser automation and testing | npx |
@@ -35,3 +36,38 @@ Create or edit `.mcp.json` at your project root:
 ```
 
 Then restart Claude Code to activate.
+
+## GitHub Token Setup
+
+`github.json` requires a `GITHUB_PERSONAL_ACCESS_TOKEN`. Options (pick one):
+
+**Option 1 — `gh auth token` (recommended, zero extra credentials)**
+```bash
+# ~/.zshrc or ~/.bashrc
+export GITHUB_PERSONAL_ACCESS_TOKEN=$(gh auth token)
+```
+Reuses existing `gh` CLI auth — nothing new to manage.
+
+**Option 2 — `.claude/settings.json` (project-level, gitignored)**
+```json
+{
+  "env": {
+    "GITHUB_PERSONAL_ACCESS_TOKEN": "ghp_xxxx"
+  }
+}
+```
+
+**Option 3 — Shell profile (direct)**
+```bash
+export GITHUB_PERSONAL_ACCESS_TOKEN=ghp_xxxx
+```
+
+**Option 4 — `direnv` (`.envrc`, add to `.gitignore`)**
+```bash
+export GITHUB_PERSONAL_ACCESS_TOKEN=ghp_xxxx
+```
+
+**Option 5 — Password manager CLI**
+```bash
+export GITHUB_PERSONAL_ACCESS_TOKEN=$(op read "op://vault/github-pat/token")
+```

package/mcp/github.json

@@ -0,0 +1,11 @@
+{
+  "mcpServers": {
+    "github": {
+      "command": "npx",
+      "args": ["-y", "@modelcontextprotocol/server-github"],
+      "env": {
+        "GITHUB_PERSONAL_ACCESS_TOKEN": "${GITHUB_PERSONAL_ACCESS_TOKEN}"
+      }
+    }
+  }
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "cortexhawk",
-  "version": "3.1.1",
+  "version": "3.3.0",
   "description": "Open-source development toolkit for Claude Code — optimized agents, skills, commands, hooks, and modes",
   "bin": {
     "cortexhawk": "./cortexhawk"

package/profiles/api.json

@@ -23,5 +23,6 @@
     "workflow/commit",
     "workflow/confidence-check",
     "workflow/pr-review-comments"
-  ]
+  ],
+  "mcp": ["github", "sequential-thinking"]
 }

package/profiles/fullstack.json

@@ -23,5 +23,6 @@
     "workflow/commit",
     "workflow/confidence-check",
     "workflow/pr-review-comments"
-  ]
+  ],
+  "mcp": ["github", "context7", "sequential-thinking"]
 }

package/scripts/autodetect-profile.sh

@@ -46,7 +46,7 @@ for skill_file in "$CORTEXHAWK_DIR"/skills/*/*/SKILL.md; do
 done
 
 # --- Generate JSON ---
-PROFILE_FILE="/tmp/cortexhawk-autodetect-$$.json"
+PROFILE_FILE=$(mktemp /tmp/cortexhawk-autodetect-XXXXXX)
 SKILL_JSON=$(echo "$SKILLS" | tr ',' '\n' | sed 's/.*/    "&"/' | paste -sd ',' - | sed 's/,/,\n/g')
 cat > "$PROFILE_FILE" << EOF
 {
@@ -57,7 +57,11 @@ $SKILL_JSON
   ]
 }
 EOF
-SKILL_COUNT=$(echo "$SKILLS" | tr ',' '\n' | wc -l | tr -d ' ')
+if [ -z "$SKILLS" ]; then
+    SKILL_COUNT=0
+else
+    SKILL_COUNT=$(echo "$SKILLS" | tr ',' '\n' | wc -l | tr -d ' ')
+fi
 
 # --- Stack snapshot ---
 if [ -d "docs/.context" ]; then

package/scripts/interactive-init.sh

@@ -20,11 +20,13 @@ echo "  1) Claude Code (default) — fully supported"
 echo "  2) Kimi CLI (experimental)"
 echo "  3) Codex CLI (experimental)"
 echo "  4) All (install for all CLIs simultaneously)"
-read -r -p "Choice [1-4] (default: 1): " target_choice
+echo "  5) Auto-detect (install for all CLIs found on system)"
+read -r -p "Choice [1-5] (default: 1): " target_choice
 case "$target_choice" in
     2) TARGET_CLI="kimi" ;;
     3) TARGET_CLI="codex" ;;
     4) TARGET_CLI="all" ;;
+    5) TARGET_CLI="auto" ;;
     *) TARGET_CLI="claude" ;;
 esac
 green "  → $TARGET_CLI"
@@ -32,14 +34,19 @@ echo ""
 
 # --- Step 2: Scope ---
 bold "2. Install Scope"
-echo "  1) Local project — install in current directory (default)"
-echo "  2) Global — install in ~/.${TARGET_CLI}/ (shared across all projects)"
-read -r -p "Choice [1-2] (default: 1): " scope_choice
-case "$scope_choice" in
-    2) GLOBAL=true ;;
-    *) GLOBAL=false ;;
-esac
-green "  → $([ "$GLOBAL" = true ] && echo "global" || echo "local")"
+if [ "$TARGET_CLI" = "all" ] || [ "$TARGET_CLI" = "auto" ]; then
+    GLOBAL=false
+    green "  → local (always local for multi-target install)"
+else
+    echo "  1) Local project — install in current directory (default)"
+    echo "  2) Global — install in ~/.${TARGET_CLI}/ (shared across all projects)"
+    read -r -p "Choice [1-2] (default: 1): " scope_choice
+    case "$scope_choice" in
+        2) GLOBAL=true ;;
+        *) GLOBAL=false ;;
+    esac
+    green "  → $([ "$GLOBAL" = true ] && echo "global" || echo "local")"
+fi
 echo ""
 
 # --- Step 3: Skills ---
@@ -86,7 +93,7 @@ case "$skill_choice" in
         fi
 
         # Generate custom profile JSON
-        PROFILE_FILE="/tmp/cortexhawk-custom-$(date +%s).json"
+        PROFILE_FILE=$(mktemp /tmp/cortexhawk-custom-XXXXXX)
         SKILL_LINES=""
         SKILL_COUNT=0
         for category in $SELECTED_CATS; do
@@ -122,11 +129,12 @@ echo ""
 read -r -p "  API key (press Enter to skip): " SKILLSMP_KEY
 if [ -n "$SKILLSMP_KEY" ]; then
     if [ -f ".env" ] && grep -q '^SKILLSMP_API_KEY=' .env 2>/dev/null; then
-        sed -i "s/^SKILLSMP_API_KEY=.*/SKILLSMP_API_KEY=$SKILLSMP_KEY/" .env
+        sed_inplace "s/^SKILLSMP_API_KEY=.*/SKILLSMP_API_KEY=$SKILLSMP_KEY/" .env
     else
         echo "SKILLSMP_API_KEY=$SKILLSMP_KEY" >> .env
     fi
-    green "  → saved to .env"
+    chmod 600 .env
+    green "  → saved to .env (permissions: owner-only)"
 else
     yellow "  → skipped (use --search with local REGISTRY.md only)"
 fi

package/scripts/lint-guard-runner.sh

@@ -0,0 +1,132 @@
+#!/bin/bash
+# lint-guard-runner.sh — Formatter/linter execution with detection cache + parallel linters
+# Called by hooks/lint-guard.sh
+# Formatters: sequential (git add must not race). Linters: parallel (check-only).
+
+REPO_ROOT=$(git rev-parse --show-toplevel 2>/dev/null)
+[ -z "$REPO_ROOT" ] && exit 0
+STAGED=$(git diff --cached --name-only 2>/dev/null)
+[ -z "$STAGED" ] && exit 0
+
+# Opt-out config
+CONF_FILE="$REPO_ROOT/.claude/git-workflow.conf"
+LINT_SKIP=$(grep '^LINT_SKIP=' "$CONF_FILE" 2>/dev/null | cut -d= -f2 | tr ',' '\n')
+
+lint_cfg() {
+  local key="$1" default="${2:-auto}"
+  if [ -f "$REPO_ROOT/.cortexhawk-lint.yml" ]; then
+    local val
+    val=$(grep -E "^\s+$key:" "$REPO_ROOT/.cortexhawk-lint.yml" 2>/dev/null \
+      | sed 's/.*: *//' | tr -d ' \r')
+    echo "${val:-$default}"
+  else
+    echo "$default"
+  fi
+}
+
+TIMEOUT_SECS=$(lint_cfg "timeout" "30")
+case "$TIMEOUT_SECS" in ''|*[!0-9]*|0) TIMEOUT_SECS=30 ;; esac
+FAIL_ON_FMT=$(lint_cfg "fail_on_formatter" "false")
+TIMEOUT_CMD=""
+command -v timeout  &>/dev/null && TIMEOUT_CMD="timeout $TIMEOUT_SECS"
+command -v gtimeout &>/dev/null && [ -z "$TIMEOUT_CMD" ] && TIMEOUT_CMD="gtimeout $TIMEOUT_SECS"
+
+# --- DETECTION CACHE (1hr TTL, safe key=value, no source) ---
+mkdir -p "$REPO_ROOT/.claude" 2>/dev/null || true
+CACHE="$REPO_ROOT/.claude/lint-guard-cache"
+_mtime() { stat -c %Y "$1" 2>/dev/null || stat -f %m "$1" 2>/dev/null || date +%s; }
+[ -f "$CACHE" ] && [ $(( $(date +%s) - $(_mtime "$CACHE") )) -gt 3600 ] && rm -f "$CACHE"
+cache_get() { grep -m1 "^$1=" "$CACHE" 2>/dev/null | cut -d= -f2; }
+cache_set() { local _tmp; _tmp=$(mktemp "${CACHE}.XXXXXX"); { grep -v "^$1=" "$CACHE" 2>/dev/null; echo "$1=$2"; } > "$_tmp" && mv "$_tmp" "$CACHE" || rm -f "$_tmp"; }
+
+# --- TOOL DETECTION ---
+STAGED_JS=$(echo "$STAGED" | grep -E '\.(js|ts|jsx|tsx|mjs|cjs)$' || true)
+STAGED_CSS=$(echo "$STAGED" | grep -E '\.(css|scss|sass|less)$' || true)
+STAGED_PY=$(echo "$STAGED" | grep -E '\.py$' || true)
+STAGED_RS=$(echo "$STAGED" | grep -E '\.rs$' || true)
+STAGED_GO=$(echo "$STAGED" | grep -E '\.go$' || true)
+
+has_config() {
+  case "$1" in
+    prettier)  ls "$REPO_ROOT"/.prettierrc* "$REPO_ROOT"/prettier.config.* 2>/dev/null | grep -q . \
+               || grep -qs '"prettier"' "$REPO_ROOT/package.json" 2>/dev/null ;;
+    eslint)    ls "$REPO_ROOT"/.eslintrc* "$REPO_ROOT"/eslint.config.* 2>/dev/null | grep -q . ;;
+    black)     grep -qs '\[tool\.black\]' "$REPO_ROOT/pyproject.toml" 2>/dev/null ;;
+    flake8)    [ -f "$REPO_ROOT/.flake8" ] || grep -qs '\[flake8\]' "$REPO_ROOT/setup.cfg" 2>/dev/null ;;
+    mypy)      grep -qs '\[tool\.mypy\]' "$REPO_ROOT/pyproject.toml" 2>/dev/null || [ -f "$REPO_ROOT/mypy.ini" ] ;;
+    stylelint) ls "$REPO_ROOT"/.stylelintrc* "$REPO_ROOT"/stylelint.config.* 2>/dev/null | grep -q . ;;
+    rustfmt)   [ -f "$REPO_ROOT/rustfmt.toml" ] || [ -f "$REPO_ROOT/.rustfmt.toml" ] ;;
+    gofmt)     true ;;
+  esac
+}
+
+c_has_config() {
+  local key="HAS_$(echo "$1" | tr '[:lower:]' '[:upper:]')"
+  local cached; cached=$(cache_get "$key")
+  if [ -n "$cached" ]; then [ "$cached" = "1" ]; return $?; fi
+  if has_config "$1"; then cache_set "$key" "1"; return 0
+  else cache_set "$key" "0"; return 1; fi
+}
+
+is_enabled() {
+  echo "$LINT_SKIP" | grep -qx "$1" && return 1
+  local val; val=$(lint_cfg "$1"); [ "$val" != "false" ]
+}
+
+tool_ok() { command -v "$1" &>/dev/null; }
+
+# Pre-populate cache before parallel stage to avoid write races
+for _t in prettier eslint black flake8 mypy stylelint rustfmt gofmt; do
+  c_has_config "$_t" >/dev/null 2>&1
+done
+
+# --- FORMATTERS (sequential — git add must not race) ---
+run_formatter() {
+  local name="$1" cmd="$2" files="$3"
+  is_enabled "$name" || return 0
+  c_has_config "$name" || return 0
+  tool_ok "$name" || { echo "lint-guard: $name not in PATH, skipping"; return 0; }
+  [ -z "$files" ] && return 0
+  echo "lint-guard: $name (auto-fix)..."
+  # shellcheck disable=SC2086
+  if echo "$files" | tr '\n' '\0' | xargs -0 $TIMEOUT_CMD $cmd 2>/dev/null; then
+    echo "$files" | tr '\n' '\0' | xargs -0 git add 2>/dev/null || true
+  else
+    echo "lint-guard: $name formatter failed" >&2
+    [ "$FAIL_ON_FMT" = "true" ] && exit 2
+  fi
+}
+
+[ -n "$STAGED_JS" ]  && run_formatter "prettier"  "prettier --write" "$STAGED_JS"
+[ -n "$STAGED_CSS" ] && run_formatter "stylelint" "stylelint --fix"  "$STAGED_CSS"
+[ -n "$STAGED_PY" ]  && run_formatter "black"     "black"            "$STAGED_PY"
+[ -n "$STAGED_RS" ]  && run_formatter "rustfmt"   "rustfmt"          "$STAGED_RS"
+[ -n "$STAGED_GO" ]  && run_formatter "gofmt"     "gofmt -w"         "$STAGED_GO"
+
+# --- LINTERS (parallel — check-only, no file writes) ---
+ERR_DIR=$(mktemp -d)
+trap 'rm -rf "$ERR_DIR"' EXIT
+
+run_linter_bg() {
+  local name="$1" cmd="$2" files="$3"
+  is_enabled "$name" || return 0
+  c_has_config "$name" || return 0
+  tool_ok "$name" || { echo "lint-guard: $name not in PATH, skipping"; return 0; }
+  [ -z "$files" ] && return 0
+  echo "lint-guard: $name (check)..."
+  # shellcheck disable=SC2086
+  if ! echo "$files" | tr '\n' '\0' | xargs -0 $TIMEOUT_CMD $cmd 2>&1; then
+    echo "BLOCKED by lint-guard: $name errors found. Fix above, re-stage, and retry." >&2
+    touch "$ERR_DIR/$name"
+  fi
+}
+
+# Output from parallel linters may interleave on screen; ERR_DIR signals are reliable regardless.
+[ -n "$STAGED_JS" ] && run_linter_bg "eslint" "eslint --max-warnings=0" "$STAGED_JS" &
+[ -n "$STAGED_PY" ] && run_linter_bg "flake8" "flake8"                  "$STAGED_PY" &
+[ -n "$STAGED_PY" ] && run_linter_bg "mypy"   "mypy --no-error-summary" "$STAGED_PY" &
+wait
+
+ERRORS=$(find "$ERR_DIR" -type f 2>/dev/null | wc -l | tr -d ' ')
+[ "$ERRORS" -gt 0 ] && exit 2
+exit 0

package/scripts/post-merge-cleanup.sh

@@ -0,0 +1,143 @@
+#!/bin/bash
+# post-merge-cleanup.sh — Delete merged branches and optionally create new feature branch
+# Called by /cleanup command and post-merge hook
+# Args: --auto (silent mode, no prompts, skip remote deletion)
+
+set -e
+
+# Parse arguments
+AUTO_MODE=false
+[ "$1" = "--auto" ] && AUTO_MODE=true
+[ ! -t 0 ] && AUTO_MODE=true  # No TTY (Claude Bash tool, CI, pipe) → auto
+
+# Validate git repository
+if ! git rev-parse --is-inside-work-tree >/dev/null 2>&1; then
+    echo "Error: not a git repository"
+    exit 1
+fi
+
+# --- Branching detection with fallback layers ---
+BRANCHING="direct-main"
+MAIN_BRANCH="main"
+WORK_BRANCH=""
+
+# Layer 1: Read .claude/git-workflow.conf (safe parsing, no source)
+if [ -f ".claude/git-workflow.conf" ]; then
+    BRANCHING=$(grep -E '^BRANCHING=' ".claude/git-workflow.conf" | head -1 | cut -d= -f2 | tr -d '"' | tr -d "'")
+    WORK_BRANCH=$(grep -E '^WORK_BRANCH=' ".claude/git-workflow.conf" | head -1 | cut -d= -f2 | tr -d '"' | tr -d "'")
+
+    case "$BRANCHING" in
+        dev-branch)
+            MAIN_BRANCH="${WORK_BRANCH:-dev}"
+            ;;
+        gitflow)
+            MAIN_BRANCH="develop"
+            ;;
+        feature-branches|direct-main)
+            MAIN_BRANCH="main"
+            ;;
+    esac
+fi
+
+# Layer 2: Fallback to CLAUDE.md
+if [ ! -f ".claude/git-workflow.conf" ] && [ -f "CLAUDE.md" ]; then
+    if grep -q "^## Git Workflow" "CLAUDE.md"; then
+        DETECTED=$(grep -i "branching:" "CLAUDE.md" | head -1 | sed 's/.*: //' | awk '{print $1}')
+        case "$DETECTED" in
+            dev-branch)
+                BRANCHING="dev-branch"
+                WORK_BRANCH=$(grep -i "working branch:" "CLAUDE.md" | head -1 | sed 's/.*: //' | tr -d ')')
+                MAIN_BRANCH="${WORK_BRANCH:-dev}"
+                ;;
+            gitflow)
+                BRANCHING="gitflow"
+                MAIN_BRANCH="develop"
+                ;;
+            feature-branches)
+                BRANCHING="feature-branches"
+                MAIN_BRANCH="main"
+                ;;
+            direct-main)
+                BRANCHING="direct-main"
+                MAIN_BRANCH="main"
+                ;;
+        esac
+    fi
+fi
+
+# Layer 3: Git-based fallback (detect main vs master)
+if ! git rev-parse --verify "$MAIN_BRANCH" >/dev/null 2>&1; then
+    if git rev-parse --verify main >/dev/null 2>&1; then
+        MAIN_BRANCH="main"
+    elif git rev-parse --verify master >/dev/null 2>&1; then
+        MAIN_BRANCH="master"
+    else
+        echo "Error: branch $MAIN_BRANCH does not exist"
+        exit 1
+    fi
+fi
+
+[ "$AUTO_MODE" = false ] && echo "Detected branching: $BRANCHING, main branch: $MAIN_BRANCH"
+
+# --- Merged branch detection ---
+CURRENT_BRANCH=$(git branch --show-current)
+MERGED_BRANCHES=$(git branch --merged "$MAIN_BRANCH" 2>/dev/null | grep -v '^\*' | grep -vE '(main|master|dev|develop)$' | sed 's/^[[:space:]]*//' || true)
+
+if [ -z "$MERGED_BRANCHES" ]; then
+    [ "$AUTO_MODE" = false ] && echo "No merged branches to clean up"
+    exit 0
+fi
+
+BRANCH_COUNT=$(echo "$MERGED_BRANCHES" | wc -l | tr -d ' ')
+[ "$AUTO_MODE" = false ] && echo "Found $BRANCH_COUNT merged branch(es): $(echo "$MERGED_BRANCHES" | tr '\n' ' ')"
+
+# --- Check for remote ---
+REMOTE_EXISTS=true
+if ! git remote get-url origin >/dev/null 2>&1; then
+    REMOTE_EXISTS=false
+    [ "$AUTO_MODE" = false ] && echo "Warning: no remote 'origin' configured, skipping remote operations"
+fi
+
+# --- Delete merged branches ---
+while IFS= read -r branch; do
+    [ -z "$branch" ] && continue
+
+    # Local deletion
+    if [ "$AUTO_MODE" = true ]; then
+        git branch -d "$branch" 2>/dev/null || echo "Failed to delete $branch (may have unmerged changes)"
+    else
+        read -r -p "Delete local branch '$branch'? [y/N]: " confirm
+        if [ "$confirm" = "y" ] || [ "$confirm" = "Y" ]; then
+            git branch -d "$branch" || echo "Failed to delete $branch (may have unmerged changes)"
+        fi
+    fi
+
+    # Remote deletion (skip in auto mode)
+    if [ "$AUTO_MODE" = false ] && [ "$REMOTE_EXISTS" = true ]; then
+        if git rev-parse --verify "refs/remotes/origin/$branch" >/dev/null 2>&1; then
+            read -r -p "Delete remote branch 'origin/$branch'? [y/N]: " confirm_remote
+            if [ "$confirm_remote" = "y" ] || [ "$confirm_remote" = "Y" ]; then
+                git push origin --delete "$branch" 2>/dev/null || echo "Failed to delete remote branch $branch (may not exist or no permissions)"
+            fi
+        fi
+    fi
+done <<< "$MERGED_BRANCHES"
+
+# --- Post-cleanup actions ---
+if [ "$CURRENT_BRANCH" = "$MAIN_BRANCH" ] && [ "$REMOTE_EXISTS" = true ]; then
+    [ "$AUTO_MODE" = false ] && echo "Pulling latest from $MAIN_BRANCH..."
+    git pull origin "$MAIN_BRANCH" 2>/dev/null || echo "Failed to pull from $MAIN_BRANCH (network issue or conflicts)"
+fi
+
+# Feature branch creation prompt (only for feature-branches strategy, not in auto mode)
+if [ "$AUTO_MODE" = false ] && [ "$BRANCHING" = "feature-branches" ] && [ "$CURRENT_BRANCH" != "$MAIN_BRANCH" ]; then
+    read -r -p "Create new feature branch? [y/N]: " create_branch
+    if [ "$create_branch" = "y" ] || [ "$create_branch" = "Y" ]; then
+        read -r -p "Branch name (default: feat/$(date +%s)): " branch_name
+        branch_name="${branch_name:-feat/$(date +%s)}"
+        git checkout -b "$branch_name" || echo "Failed to create branch $branch_name"
+    fi
+fi
+
+[ "$AUTO_MODE" = false ] && echo "Cleanup complete!"
+exit 0

package/scripts/refresh-context.sh

@@ -0,0 +1,51 @@
+#!/bin/bash
+# refresh-context.sh — Regenerate docs/.context/_shared.md mid-session
+# Called by agents after modifying backlog, completing tasks, or committing code
+
+[ -d "docs/.context" ] && [ ! -L "docs/.context" ] || exit 0
+
+SHARED="docs/.context/_shared.md"
+
+echo "# Shared Context" > "$SHARED"
+echo "" >> "$SHARED"
+echo "_Auto-generated at $(date '+%Y-%m-%d %H:%M'). Last refresh: $(date '+%H:%M:%S')._" >> "$SHARED"
+echo "" >> "$SHARED"
+
+# Backlog summary
+if [ -f "docs/backlog.md" ]; then
+    ACTIVE=$(grep -c '| todo |' docs/backlog.md 2>/dev/null || true)
+    : "${ACTIVE:=0}"
+    DEFERRED=$(grep -c '| deferred |' docs/backlog.md 2>/dev/null || true)
+    : "${DEFERRED:=0}"
+    DONE=$(grep -c '| done |' docs/backlog.md 2>/dev/null || true)
+    : "${DONE:=0}"
+    echo "## Backlog" >> "$SHARED"
+    echo "- Active: $ACTIVE | Deferred: $DEFERRED | Done: $DONE" >> "$SHARED"
+    grep '| todo |' docs/backlog.md >> "$SHARED" 2>/dev/null || true
+    echo "" >> "$SHARED"
+fi
+
+# Recent commits
+if git rev-parse --is-inside-work-tree > /dev/null 2>&1; then
+    echo "## Recent Commits" >> "$SHARED"
+    git log --oneline -5 2>/dev/null >> "$SHARED" || true
+    echo "" >> "$SHARED"
+fi
+
+# User context
+if [ -f "docs/.context/_user.md" ]; then
+    cat "docs/.context/_user.md" >> "$SHARED"
+    echo "" >> "$SHARED"
+fi
+
+# Active warnings
+echo "## Warnings" >> "$SHARED"
+WARNINGS=0
+if [ -f ".env.example" ] && [ ! -f ".env" ]; then
+    echo "- .env missing — copy from .env.example" >> "$SHARED"
+    WARNINGS=$((WARNINGS + 1))
+fi
+if [ "$WARNINGS" -eq 0 ]; then
+    echo "- None" >> "$SHARED"
+fi
+echo "" >> "$SHARED"

package/settings.json

@@ -14,7 +14,18 @@
       "Write(*)",
       "Edit(*)"
     ],
-    "deny": []
+    "deny": [
+      "Write(/etc/*)",
+      "Write(~/.bashrc)",
+      "Write(~/.zshrc)",
+      "Write(~/.profile)",
+      "Write(~/.ssh/*)",
+      "Edit(/etc/*)",
+      "Edit(~/.bashrc)",
+      "Edit(~/.zshrc)",
+      "Edit(~/.profile)",
+      "Edit(~/.ssh/*)"
+    ]
   },
   "hooks": {
     "SessionStart": [