cortexhawk 3.2.0 → 3.3.0

package/.cortexhawk-lint.yml.example

@@ -0,0 +1,21 @@
+# .cortexhawk-lint.yml — per-project lint-guard config (optional)
+# Copy to .cortexhawk-lint.yml to override defaults.
+# By default, all tools are auto-detected via their config files.
+# Set a tool to false to disable it even if its config file is present.
+
+formatters:
+  prettier: true      # .prettierrc* / prettier.config.* / package.json "prettier"
+  black: true         # pyproject.toml [tool.black]
+  gofmt: true         # active if .go files staged (no config file required)
+  rustfmt: true       # rustfmt.toml / .rustfmt.toml
+  stylelint: true     # .stylelintrc* / stylelint.config.*
+
+linters:
+  eslint: true        # .eslintrc* / eslint.config.*
+  flake8: true        # .flake8 / setup.cfg [flake8]
+  mypy: false         # pyproject.toml [tool.mypy] / mypy.ini — set to false to disable (can be slow)
+
+options:
+  run_on_push: false       # run on git push too (overrides LINT_ON_PUSH in git-workflow.conf)
+  fail_on_formatter: false # block commit if a formatter fails (default: non-blocking)
+  timeout: 30              # max seconds per tool (requires timeout/gtimeout in PATH)

package/.gitmessage

@@ -0,0 +1,10 @@
+
+# type(scope): subject
+#
+# Types: feat, fix, docs, style, refactor, test, chore, perf, security
+# Scope: optional module/component name
+# Subject: imperative mood, lowercase, no period, max 72 chars
+#
+# Body: explain WHY, not WHAT (the diff shows the what)
+#
+# Footer: BREAKING CHANGE: description | Closes #123 | Backlog #N

package/CHANGELOG.md

@@ -3,9 +3,34 @@
 All notable changes to CortexHawk are documented here.
 Format: [Keep a Changelog](https://keepachangelog.com/)
 
+## [Unreleased]
+
+## [3.3.0] - 2026-02-19
+
+### Added
+- `lint-guard` Phase 3 performance: linters run in parallel (`&` + `wait` + tmpdir error signaling); detection results cached in `.claude/lint-guard-cache` (1hr TTL, safe key=value); hook extracted to `scripts/lint-guard-runner.sh` to stay within 150-line limit (#142)
+- `lint-guard` advanced YAML options: `timeout` (per-tool kill with `timeout`/`gtimeout`, default 30s), `fail_on_formatter` (block commit on formatter failure, default false), `run_on_push` in yml (overrides git-workflow.conf) (#141)
+- `lint-guard` pre-commit delegation: if `.pre-commit-config.yaml` + `pre-commit` CLI are present, lint-guard delegates entirely to the framework — no duplication for projects already using pre-commit (#143)
+- `lint-guard` hook (PreToolUse): auto-detects formatters and linters on staged files before commit — formatters auto-fix + re-stage (prettier, black, gofmt, rustfmt, stylelint), linters check-only + block on errors (eslint, flake8, mypy); opt-out via `LINT_SKIP` in `git-workflow.conf` or `.cortexhawk-lint.yml` (#140)
+- `/review-pr` command: fetch, triage, and address PR review comments — batch mode by default (one commit + one batched review reply = one notification); `--sequential` flag for complex interdependent threads (#145)
+- MCP GitHub config: `mcp/github.json` (`@modelcontextprotocol/server-github`) — unlocks native GitHub API for `git-manager`, `/ship`, `pr-review-comments`, `/review-pr`; listed as recommended in fullstack + api profiles (#146)
+- `/cleanup` command: delete merged local/remote branches, optional post-merge hook for auto-cleanup after PR merges (#139)
+- Smart PR detection in `/ship`: reuses existing PR branch instead of creating duplicate branches when iterating with `/task` followed by review feedback (#138)
+
+### Fixed
+- `branch-guard` hook: `git push --delete` (remote branch deletion) was incorrectly blocked when on a protected branch — `/cleanup` remote cleanup now works correctly
+- `post-merge-cleanup.sh`: auto-detects missing TTY (`[ ! -t 0 ]`) and switches to auto mode — `/cleanup` called via Claude Bash tool or CI no longer hangs on `read` prompt
+- `.gitignore`: add `docs/.context/` and `docs/.metrics/` — auto-generated session artifacts (snapshots, analytics logs, agent context) are ephemeral and should not be committed
+- GitHub Actions (`claude.yml`, `claude-code-review.yml`): grant `pull-requests: write` + `issues: write` — Claude could read PRs but not post reviews or replies
+- **Security (MEDIUM)**: replace predictable PID/timestamp temp paths with `mktemp` (portable, no `.json` suffix) in `autodetect-profile.sh` and `interactive-init.sh`
+- **Security (MEDIUM)**: extend `.env` parser blocklist (`PYTHONPATH`, `GIT_SSH_COMMAND`, `NPM_CONFIG_*`, `NODE_OPTIONS`, `RUBYLIB`, `LD_AUDIT`, etc.) + add key format validation (`^[A-Z_][A-Z0-9_]{0,63}$`) to reject malformed variable names
+- **Security (LOW)**: atomic `cache_set` in `lint-guard-runner.sh` via `mktemp` unique tmp + `mv` — eliminates race condition on concurrent hook invocations
+- **Security**: replace `eval` with `xargs -0` in `lint-guard-runner.sh` — prevents command injection via crafted filenames in staged file lists
+
 ## [3.2.0] - 2026-02-15
 
 ### Added
+- Component registry: `COMPONENTS` array + `copy_all_components`/`sync_all_components`/`count_component_files` — adding a new component is 1 line instead of modifying 5 functions
 - `/commit` command: lightweight conventional commit + push without review or PR — use `/ship` for full workflow, `/commit` for quick iterations
 - Install auto-detects existing PR/commit templates; generates CortexHawk defaults (`.github/PULL_REQUEST_TEMPLATE.md`, `.gitmessage`) if missing — agents (`git-manager`, `/ship`, `/commit`) read templates at runtime
 - `--version` / `-v` flag: displays CortexHawk version

package/CLAUDE.md

@@ -6,13 +6,13 @@ Open-source development toolkit for Claude Code — optimized agents, skills, co
 
 ```
 agents/       — 20 specialized AI agents
-commands/     — 33 slash commands
+commands/     — 35 slash commands
 scripts/      — Validation and post-install audit scripts
 skills/       — 36 domain-specific knowledge modules
-hooks/        — 9 lifecycle hooks
+hooks/        — 11 lifecycle hooks
 modes/        — 7 behavioral presets
 profiles/     — 3 install profiles (fullstack, api, data)
-mcp/          — Pre-configured MCP server configs
+mcp/          — Pre-configured MCP server configs (github, context7, sequential-thinking, puppeteer)
 docs/         — Agent outputs (brainstorms, plans, decisions, research, audits, conversations, chains)
 templates/    — Templates for contributing new components (agents, commands, skills, chain presets, personas)
 CONTRIBUTING.md — Contribution guidelines
@@ -49,7 +49,7 @@ Custom agents in `.cortexhawk-agents/` at project root. Each `.md` file uses `ex
 
 ## Commands
 
-`/plan` `/build` `/test` `/review` `/ship` `/commit` `/debug` `/scan` `/check` `/refactor` `/research` `/doc` `/bootstrap` `/tdd` `/optimize` `/migrate` `/monitor` `/api-gen` `/changelog` `/journal` `/brainstorm` `/simplify` `/deploy` `/export` `/backlog` `/pulse` `/map` `/learn` `/chain` `/task` `/ci` `/context` `/upgrade`
+`/plan` `/build` `/test` `/review` `/review-pr` `/ship` `/commit` `/cleanup` `/debug` `/scan` `/check` `/refactor` `/research` `/doc` `/bootstrap` `/tdd` `/optimize` `/migrate` `/monitor` `/api-gen` `/changelog` `/journal` `/brainstorm` `/simplify` `/deploy` `/export` `/backlog` `/pulse` `/map` `/learn` `/chain` `/task` `/ci` `/context` `/upgrade`
 
 ## Skills
 
@@ -80,6 +80,7 @@ Custom agents in `.cortexhawk-agents/` at project root. Each `.md` file uses `ex
 - `file-guard` (PreToolUse) — Blocks access to .env, secrets, keys
 - `branch-guard` (PreToolUse) — Prevents direct push to protected branches
 - `commit-guard` (PreToolUse) — Validates conventional commits, checks staged secrets
+- `lint-guard` (PreToolUse) — Auto-detects formatters/linters on staged files; auto-fix for prettier/black/gofmt/rustfmt/stylelint, check-only for eslint/flake8/mypy
 - `self-review` (PostToolUse) — Checks for TODO/FIXME, secrets, debug artifacts
 - `dependency-check` (PostToolUse) — Alerts when dependency files are modified
 - `test-reminder` (PostToolUse) — Reminds to update tests for modified source files
@@ -94,3 +95,10 @@ Custom agents in `.cortexhawk-agents/` at project root. Each `.md` file uses `ex
 - Checklists > paragraphs, code examples > prose
 - One responsibility per component
 - All agents follow: frontmatter → description → Process → Output Format → Rules
+
+## Git Workflow
+
+- **Branching**: dev-branch (working branch: dev)
+- **Commits**: conventional
+- **PR preference**: on-demand
+- **Auto-push**: after-commit

package/agents/git-manager.md

@@ -11,9 +11,10 @@ You are a release engineer managing version control workflows.
 
 0. **Context** — Read `docs/.context/_shared.md` and `docs/.context/git-manager.md`
 1. **Assess** — Review current branch state, staged changes, and recent history
+1.5. **Detect PR** — Run `gh pr view --json state,url 2>/dev/null`, parse output; if PR exists with state=OPEN, note branch has active PR (skip creation later); if gh fails or no PR, proceed normally
 2. **Stage** — Select files for commit, verify no secrets or debug artifacts
 3. **Commit** — Generate conventional commit message matching change scope
-4. **Push** — Push to remote, create PR with description and checklist
+4. **Push** — Push to remote, create PR with description and checklist (skip if active PR detected in step 1.5)
 5. **Manage** — Handle branching, tagging, merging, and release prep
 
 ## Commit Convention
@@ -63,5 +64,8 @@ Description: imperative mood, lowercase, no period, max 72 chars
 - Always verify no secrets in staged files before commit
 - Read `## Git Workflow` in CLAUDE.md for project preferences (branching, commits, PRs, auto-push)
 - Respect configured branching strategy, PR preference, and auto-push behavior
-- If no Git Workflow section, default to: feature branches, conventional commits, on-demand PR, auto-push
+- If no Git Workflow section and no `.claude/config/git-workflow.conf`, default to: feature branches, conventional commits, on-demand PR, auto-push
+- Before creating a feature branch, check if current branch has open PR — if yes, reuse branch and push to update PR; if no or state!=OPEN, create new branch
+- PR detection edge cases: gh CLI not installed (skip detection, proceed with branch creation), detached HEAD (skip detection, create new branch), gh fails (silent fail with warning, continue with branch creation), no remote configured (warn and stop)
+- Silent fail on PR detection errors — log warning to user, continue with normal branch creation flow
 - Update `docs/.context/git-manager.md` with patterns, decisions, and key files discovered

package/commands/backlog.md

@@ -12,7 +12,7 @@ Activate the **project-manager** agent in backlog mode.
 3. Score: impact (H/M/L), effort (H/M/L), feasibility (H/M/L)
 4. Update `docs/backlog.md` — add new items, re-prioritize existing ones
 5. Mark items already implemented as done
-6. Run `bash scripts/refresh-context.sh` to update shared context
+6. Run `bash .claude/scripts/refresh-context.sh` to update shared context
 
 Backlog format in `docs/backlog.md`:
 

package/commands/cleanup.md

@@ -0,0 +1,36 @@
+---
+name: cleanup
+description: Delete merged branches and optionally enable auto-cleanup hook
+---
+
+# /cleanup
+
+Delete merged local branches and optionally delete remote branches.
+
+## Process
+
+1. Check if `.claude/.cleanup-configured` exists — if not, prompt for hook opt-in
+2. If marker missing, ask: "Enable auto-cleanup hook after merging PRs? [y/N]"
+3. If user chooses yes:
+   - Uncomment post-merge composition in `.claude/hooks/compose.yml` via sed
+   - Create marker: `echo 'enabled' > .claude/.cleanup-configured`
+   - Notify: "Auto-cleanup hook enabled. Runs automatically after git merge."
+4. If user chooses no:
+   - Create marker: `echo 'manual' > .claude/.cleanup-configured`
+5. Run cleanup script: `.claude/scripts/post-merge-cleanup.sh` (interactive mode)
+6. Script detects branching strategy from `.claude/git-workflow.conf` or `CLAUDE.md`
+7. Lists merged branches (excluding main/master/dev/develop/current)
+8. Prompts before deleting each local branch
+9. Prompts before deleting each remote branch (default: no)
+10. If on main branch: pulls latest changes
+11. If `BRANCHING=feature-branches`: optionally creates new feature branch
+
+## Rules
+
+- First-run hook prompt only shows once (marker file persists preference)
+- Remote deletion requires explicit confirmation (default: no)
+- Never delete main/master/dev/develop or current branch
+- Handle missing config files gracefully (fallback to defaults)
+- Handle git errors without crashing (network, permissions, no remote)
+- If compose.yml missing, warn and skip hook enablement
+- If sed fails, report error but continue cleanup

package/commands/review-pr.md

@@ -0,0 +1,31 @@
+---
+name: review-pr
+description: Fetch, triage, and address PR review comments in batch — one commit, one notification.
+---
+
+# /review-pr
+
+Activate the **reviewer** agent using the `pr-review-comments` skill. Target PR: current branch.
+
+1. **Auth** — Check MCP GitHub (`mcp__github__list_pull_requests`); fall back to `gh pr view` if unavailable
+2. **Fetch** — Get all open inline threads, review submissions, and conversation comments
+3. **Triage** — Group by author: Copilot / human reviewers / bots; skip resolved and outdated
+4. **Present** — Show numbered threads with `file:line`, author, summary, and proposed fix
+5. **Confirm** — Ask which to address (`1, 3, 5` or `all`) before touching any file
+6. **Fix** (batch, default) — Apply all selected fixes in one pass
+7. **Commit** — `fix: address PR review comments` (single commit)
+8. **Push** — Push to remote
+9. **Reply** — `mcp__github__create_pull_request_review` (batch) or `gh pr comment` — one reply per thread, referencing the commit sha
+
+## Flags
+
+- `--sequential` — fix → commit → reply per thread; use when comments are complex or interdependent
+
+## Rules
+
+- Always present threads and wait for user selection before fixing
+- Batch mode: one commit + one review submission = one notification to reviewers
+- Sequential mode: one commit per thread, reply immediately after each fix
+- Never fix resolved or outdated threads unless explicitly requested
+- If no open threads, report and stop
+- If auth fails, prompt `gh auth login` or check `GITHUB_PERSONAL_ACCESS_TOKEN`

package/commands/ship.md

@@ -8,6 +8,7 @@ description: Commit, create PR, and prepare for deployment.
 Activate the **git-manager** agent, then the **reviewer** agent. Ship: `$ARGUMENTS`
 
 0. Read `## Git Workflow` from CLAUDE.md if present — respect PR preference and auto-push settings
+0.5. Check if current branch has open PR — run `gh pr view --json state,url 2>/dev/null`; if PR exists and state=OPEN, skip branch creation (update existing PR); if gh unavailable or no PR found, proceed with normal flow
 1. Stage changes and generate conventional commit message
 2. Run quick review pass — reviewer runs Pass 1 (Correctness) and Pass 2 (Security) only, reporting Critical findings exclusively
 3. If review passes, commit and push

package/commands/task.md

@@ -16,7 +16,7 @@ Activate the **project-manager** agent as orchestrator. Execute backlog item `$A
 6. Update `CHANGELOG.md` with a one-line entry under the current version's `### Added` section
 7. If chain completes without critical blockers, execute `/ship`
 8. Mark item as `done` in backlog
-9. Run `bash scripts/refresh-context.sh` to update shared context
+9. Run `bash .claude/scripts/refresh-context.sh` to update shared context
 
 ## Save Rules
 

package/cortexhawk

@@ -120,8 +120,8 @@ do_validate() {
 
                 # settings.json
                 if [ -f "$target_dir/settings.json" ]; then
-                    if python3 -c "import json; json.load(open('$target_dir/settings.json'))" 2>/dev/null || \
-                       node -e "JSON.parse(require('fs').readFileSync('$target_dir/settings.json'))" 2>/dev/null; then
+                    if python3 -c "import json,sys; json.load(open(sys.argv[1]))" "$target_dir/settings.json" 2>/dev/null || \
+                       node -e "JSON.parse(require('fs').readFileSync(process.argv[1]))" "$target_dir/settings.json" 2>/dev/null; then
                         check "settings.json valid JSON" "ok"
                     else
                         check "settings.json invalid JSON" "fail"

package/hooks/branch-guard.sh

@@ -21,17 +21,25 @@ fi
 
 PROTECTED_BRANCHES=("main" "master" "production" "release")
 
-# Load git workflow config — allow direct-main push if configured
+# Load git workflow config — adjust protected branches based on branching strategy
 CONF_FILE="$(git rev-parse --show-toplevel 2>/dev/null)/.claude/git-workflow.conf"
 if [[ -f "$CONF_FILE" ]]; then
   _BRANCHING=$(grep '^BRANCHING=' "$CONF_FILE" | cut -d= -f2)
   if [[ "$_BRANCHING" == "direct-main" ]]; then
     PROTECTED_BRANCHES=("master" "production" "release")
+  elif [[ "$_BRANCHING" == "dev-branch" ]]; then
+    _WORK_BRANCH=$(grep '^WORK_BRANCH=' "$CONF_FILE" | cut -d= -f2)
+    [[ -n "$_WORK_BRANCH" ]] && PROTECTED_BRANCHES+=("$_WORK_BRANCH")
   fi
 fi
 
 # Check for git push to protected branches
 if echo "$CMD" | grep -qE 'git\s+push'; then
+  # Allow --delete operations (deleting remote branches, not pushing code)
+  if echo "$CMD" | grep -qE 'git\s+push\s+.*--delete|git\s+push\s+.*-d\s'; then
+    exit 0
+  fi
+
   CURRENT_BRANCH=$(git branch --show-current 2>/dev/null)
 
   for branch in "${PROTECTED_BRANCHES[@]}"; do

package/hooks/compose.yml

@@ -45,3 +45,9 @@ compositions:
     matcher: "*"
     hooks:
       - session-telemetry
+
+  # post-merge:
+  #   event: GitHook
+  #   matcher: "post-merge"
+  #   hooks:
+  #     - post-merge

package/hooks/file-guard.sh

@@ -9,12 +9,16 @@ BLOCKED_PATTERNS=(
   "*.key"
   "id_rsa"
   "id_ed25519"
+  "id_ecdsa"
   "*.p12"
   "*.pfx"
   "*.keystore"
+  "*.jks"
   "credentials.json"
   "credentials.yml"
   "credentials.yaml"
+  "*secret*"
+  "service-account*.json"
 )
 
 # Basename patterns that are .env.* but NOT .env.example/.env.sample/.env.template

package/hooks/hooks.json

@@ -36,6 +36,12 @@
       "script": "hooks/commit-guard.sh",
       "description": "Validates commit format and checks for staged secrets"
     },
+    {
+      "name": "lint-guard",
+      "type": "PreToolUse",
+      "script": "hooks/lint-guard.sh",
+      "description": "Auto-detect and run formatters/linters on staged files before commit"
+    },
     {
       "name": "test-reminder",
       "type": "PostToolUse",

package/hooks/lint-guard.sh

@@ -0,0 +1,46 @@
+#!/bin/bash
+# lint-guard — Auto-detect formatters/linters and run before git commit/push
+# Hook type: PreToolUse (Bash)
+# Delegates heavy work to scripts/lint-guard-runner.sh
+
+# --- 1. PARSE COMMAND ---
+if [ -n "$CORTEXHAWK_COMMAND" ]; then
+  CMD="$CORTEXHAWK_COMMAND"
+else
+  INPUT=$(cat)
+  if command -v jq &>/dev/null; then
+    CMD=$(printf '%s' "$INPUT" | jq -r '.tool_input.command // empty' 2>/dev/null)
+  fi
+  [ -z "$CMD" ] && CMD=$(printf '%s' "$INPUT" \
+    | grep -o '"command" *: *"[^"]*"' | head -1 | sed 's/.*: *"//;s/"$//')
+fi
+[ -z "$CMD" ] && exit 0
+echo "$CMD" | grep -qE 'git\s+(commit|push)' || exit 0
+
+# --- 2. PUSH CHECK — yml takes priority over git-workflow.conf ---
+if echo "$CMD" | grep -qE 'git\s+push'; then
+  _ROOT=$(git rev-parse --show-toplevel 2>/dev/null)
+  _YML_PUSH=$(grep -E "^\s+run_on_push:" "$_ROOT/.cortexhawk-lint.yml" 2>/dev/null \
+    | sed 's/.*: *//' | tr -d ' \r')
+  if [ "$_YML_PUSH" = "true" ]; then
+    :
+  elif [ "$_YML_PUSH" = "false" ]; then
+    exit 0
+  else
+    LINT_ON_PUSH=$(grep '^LINT_ON_PUSH=' "$_ROOT/.claude/git-workflow.conf" 2>/dev/null | cut -d= -f2)
+    [ "$LINT_ON_PUSH" != "true" ] && exit 0
+  fi
+fi
+
+# --- 3. DELEGATE ---
+REPO_ROOT=$(git rev-parse --show-toplevel 2>/dev/null)
+[ -z "$REPO_ROOT" ] && exit 0
+
+if command -v pre-commit &>/dev/null && [ -f "$REPO_ROOT/.pre-commit-config.yaml" ]; then
+  echo "lint-guard: pre-commit detected — delegating to pre-commit framework"
+  pre-commit run
+  exit $?
+fi
+
+bash "$REPO_ROOT/.claude/scripts/lint-guard-runner.sh"
+exit $?

package/hooks/post-merge.sh

@@ -0,0 +1,12 @@
+#!/bin/bash
+# post-merge — Auto-cleanup merged branches after PR merge
+# Hook type: GitHook
+# Disabled by default — enable via /cleanup first run
+
+# Call cleanup script in auto mode (silent, no prompts, skip remote deletion)
+if [ -f ".claude/scripts/post-merge-cleanup.sh" ]; then
+    bash ".claude/scripts/post-merge-cleanup.sh" --auto 2>/dev/null || true
+fi
+
+# Exit silently — don't block merge operation on script failures
+exit 0

package/hooks/session-start.sh

@@ -132,4 +132,4 @@ if [ -d "$SKILL_DIR" ]; then
 fi
 
 echo ""
-echo "Commands: /plan /build /test /review /ship /debug /scan /check /refactor /research /doc /bootstrap /tdd /optimize /migrate /monitor /api-gen /changelog /journal /brainstorm /simplify /deploy /export /backlog /pulse /map /learn /chain /task /ci /context"
+echo "Commands: /plan /build /test /review /ship /commit /cleanup /debug /scan /check /refactor /research /doc /bootstrap /tdd /optimize /migrate /monitor /api-gen /changelog /journal /brainstorm /simplify /deploy /export /backlog /pulse /map /learn /chain /task /ci /context /upgrade"

package/install.sh

@@ -7,6 +7,16 @@ SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
 if [ -f ".env" ]; then
     while IFS='=' read -r key value; do
         [[ -z "$key" || "$key" == \#* ]] && continue
+        # Validate key format: uppercase letters, digits, underscore only (POSIX env var names)
+        [[ "$key" =~ ^[A-Z_][A-Z0-9_]{0,63}$ ]] || continue
+        # Block dangerous variable names that could hijack script/shell behavior
+        case "$key" in
+            PATH|LD_PRELOAD|LD_LIBRARY_PATH|LD_AUDIT|LD_DEBUG|BASH_ENV|BASH_FUNC_*|\
+            SCRIPT_DIR|HOME|SHELL|IFS|CDPATH|ENV|PYTHONPATH|PYTHONSTARTUP|\
+            GIT_SSH|GIT_SSH_COMMAND|GIT_PROXY_COMMAND|GIT_EXEC_PATH|\
+            NPM_CONFIG_*|NODE_OPTIONS|RUBYLIB|RUBYOPT|PERL5LIB|PERL5OPT)
+                continue ;;
+        esac
         # Strip double quotes
         value="${value%\"}" && value="${value#\"}"
         # Strip single quotes
@@ -161,8 +171,26 @@ STATS_MODE=false
 PUBLISH_SKILL_PATH=""
 CHECK_UPDATE_MODE=false
 DEMO_MODE=false
+TRUST_SKILL=false
 MAX_SNAPSHOTS=10
 
+# === Component Registry ===
+# Single source of truth for all CortexHawk components.
+# Format: "name:executable"
+#   - executable = "yes" runs chmod +x *.sh after copy (hooks, scripts)
+#   - executable = "no" for markdown-only components (agents, commands, modes)
+#   - skills handled specially via copy_skills()/sync_skills_update() for profile filtering
+# Used by: copy_all_components(), sync_all_components(), count_component_files()
+COMPONENTS=(
+    "agents:no"
+    "commands:no"
+    "skills:no"
+    "hooks:yes"
+    "modes:no"
+    "mcp:no"
+    "scripts:yes"
+)
+
 while [ $# -gt 0 ]; do
     case "$1" in
         --target)
@@ -300,6 +328,10 @@ while [ $# -gt 0 ]; do
             DEMO_MODE=true
             shift
             ;;
+        --trust)
+            TRUST_SKILL=true
+            shift
+            ;;
         --publish-skill)
             PUBLISH_SKILL_PATH="$2"
             if [ -z "$PUBLISH_SKILL_PATH" ]; then
@@ -455,7 +487,7 @@ if [ -n "$PACK_NAME" ]; then
         exit 1
     fi
     _skills_csv=$(echo "$_row" | awk -F'|' '{print $3}' | sed 's/^ *//;s/ *$//')
-    _description=$(echo "$_row" | awk -F'|' '{print $4}' | sed 's/^ *//;s/ *$//')
+    _description=$(echo "$_row" | awk -F'|' '{print $4}' | sed 's/^ *//;s/ *$//' | sed 's/"/\\"/g')
     _tmp_profile=$(mktemp /tmp/cortexhawk-pack-XXXXXX.json)
     {
         echo '{'
@@ -505,11 +537,12 @@ detect_installed_clis() {
 copy_skills() {
     local target_dir="$1"
     local profile="$2"
+    local source_dir="${3:-$SCRIPT_DIR}"
     if [ -z "$profile" ]; then
-        cp -r "$SCRIPT_DIR/skills/"* "$target_dir/skills/" 2>/dev/null || true
+        cp -r "$source_dir/skills/"* "$target_dir/skills/" 2>/dev/null || true
     else
         grep '"[a-z]' "$PROFILE_FILE" | sed 's/.*"\([a-z][^"]*\)".*/\1/' | grep '/' | while read -r skill; do
-            local src="$SCRIPT_DIR/skills/$skill"
+            local src="$source_dir/skills/$skill"
             local dest="$target_dir/skills/$skill"
             if [ ! -d "$src" ]; then
                 yellow "  Warning: skill '$skill' not found in source — skipping"
@@ -574,6 +607,9 @@ convert_modes_to_skills() {
     done
 }
 
+# NOTE: profiles/*.json contain an "mcp" field listing recommended servers, but install.sh
+# currently installs all mcp/*.json regardless of profile. Per-profile MCP filtering is planned
+# for a future phase of #137 (install.sh modularization).
 # merge_mcp_json(output_file) — merges mcp/*.json into single JSON file
 merge_mcp_json() {
     local output_file="$1"
@@ -582,7 +618,7 @@ merge_mcp_json() {
         [ -f "$mcp_file" ] || continue
         local server_name command_val args_val entry
         server_name=$(basename "$mcp_file" .json)
-        command_val=$(grep '"command"' "$mcp_file" | sed 's/.*"command"[[:space:]]*:[[:space:]]*"\([^"]*\)".*/\1/')
+        command_val=$(grep '"command"' "$mcp_file" | sed 's/.*"command"[[:space:]]*:[[:space:]]*"\([^"]*\)".*/\1/' | sed 's/"/\\"/g')
         args_val=$(grep '"args"' "$mcp_file" | sed 's/.*"args"[[:space:]]*:[[:space:]]*\(\[.*\]\).*/\1/')
         entry="    \"$server_name\": {\n      \"command\": \"$command_val\",\n      \"args\": $args_val\n    }"
         if [ -n "$entries" ]; then
@@ -658,14 +694,18 @@ $target_dir/" "$gitignore"
     if [ -d "$project_root/docs" ] && ! grep -qx "docs/" "$gitignore" 2>/dev/null; then
         echo ""
         echo "  docs/ contains agent outputs (brainstorms, plans, research)."
-        read -r -p "  Track docs/ in git? [Y/n]: " docs_choice
+        if [ -t 0 ]; then
+            read -r -p "  Track docs/ in git? [Y/n]: " docs_choice
+        else
+            docs_choice="Y"
+        fi
         case "$docs_choice" in
             [nN]*)
                 echo "docs/" >> "$gitignore"
                 green "  Added docs/ to .gitignore"
                 ;;
             *)
-                green "  docs/ will be tracked in git"
+                green "  docs/ will be tracked in git (default)"
                 ;;
         esac
     fi
@@ -888,7 +928,8 @@ update_source_git() {
 }
 
 update_source_release() {
-    local tmp_dir="/tmp/cortexhawk-update-$$"
+    local tmp_dir
+    tmp_dir=$(mktemp -d /tmp/cortexhawk-update-XXXXXX)
     local repo_url
     repo_url=$(get_source_url)
     if [ -z "$repo_url" ] && [ -f "$TARGET/.cortexhawk-manifest" ]; then
@@ -899,13 +940,19 @@ update_source_release() {
         echo "Set CORTEXHAWK_REPO environment variable and retry"
         exit 1
     fi
-    mkdir -p "$tmp_dir"
     echo "  Downloading from $repo_url..."
-    if ! curl -sL "$repo_url/archive/refs/heads/main.tar.gz" | tar xz -C "$tmp_dir" --strip-components=1; then
+    local tarball="$tmp_dir/update.tar.gz"
+    if ! curl -sL "$repo_url/archive/refs/heads/main.tar.gz" -o "$tarball"; then
         echo "Error: failed to download latest release"
         rm -rf "$tmp_dir"
         exit 1
     fi
+    if ! tar xzf "$tarball" -C "$tmp_dir" --strip-components=1; then
+        echo "Error: failed to extract update archive"
+        rm -rf "$tmp_dir"
+        exit 1
+    fi
+    rm -f "$tarball"
     SCRIPT_DIR="$tmp_dir"
     UPDATE_CLEANUP_DIR="$tmp_dir"
 }
@@ -1097,6 +1144,48 @@ sync_skills_update() {
     fi
 }
 
+# === Generic Component Operations ===
+# These use the COMPONENTS array to avoid hardcoding directory lists.
+
+# copy_all_components(source_dir, target_dir, profile)
+copy_all_components() {
+    local src="$1" dst="$2" profile="$3"
+    for entry in "${COMPONENTS[@]}"; do
+        IFS=':' read -r name exec_flag <<< "$entry"
+        [ -d "$src/$name" ] || continue
+        mkdir -p "$dst/$name"
+        if [ "$name" = "skills" ] && [ -n "$profile" ]; then
+            copy_skills "$dst" "$profile" "$src"
+        else
+            cp -r "$src/$name/"* "$dst/$name/" 2>/dev/null || true
+        fi
+        [ "$exec_flag" = "yes" ] && chmod +x "$dst/$name/"*.sh 2>/dev/null || true
+    done
+}
+
+# sync_all_components(profile)
+sync_all_components() {
+    local profile="$1"
+    for entry in "${COMPONENTS[@]}"; do
+        IFS=':' read -r name exec_flag <<< "$entry"
+        if [ "$name" = "skills" ]; then
+            sync_skills_update "$profile"
+        else
+            sync_component "$name"
+        fi
+    done
+}
+
+# count_component_files(source_dir)
+count_component_files() {
+    local src="$1"
+    for entry in "${COMPONENTS[@]}"; do
+        IFS=':' read -r name _ <<< "$entry"
+        local c; c=$(find "$src/$name" -type f 2>/dev/null | wc -l | tr -d ' ')
+        printf "  %-12s %s files\n" "$name/" "$c"
+    done
+}
+
 do_update() {
     # 1. Validate target
     if [ "$TARGET_CLI" != "claude" ]; then
@@ -1245,12 +1334,7 @@ do_update() {
     SYNC_SKIPPED=0
     SYNC_CONFLICTS=0
 
-    sync_component "agents"
-    sync_component "commands"
-    sync_skills_update "$update_profile"
-    sync_component "hooks"
-    sync_component "modes"
-    sync_component "mcp"
+    sync_all_components "$update_profile"
 
     # 6b. Sync agent personas from project root
     local project_root
@@ -1275,8 +1359,11 @@ do_update() {
     fi
 
     if [ "$DRY_RUN" != true ]; then
-        # Make hooks executable
-        chmod +x "$TARGET/hooks/"*.sh 2>/dev/null || true
+        # Make executable components executable
+        for entry in "${COMPONENTS[@]}"; do
+            IFS=':' read -r name exec_flag <<< "$entry"
+            [ "$exec_flag" = "yes" ] && chmod +x "$TARGET/$name/"*.sh 2>/dev/null || true
+        done
 
         # 7b. Regenerate settings.json hooks + merge new permissions from compose.yml
         if [ -f "$SCRIPT_DIR/hooks/compose.yml" ]; then
@@ -1961,26 +2048,14 @@ do_restore() {
 
     # Reinstall using the standard flow
     echo "Reinstalling CortexHawk components..."
-    mkdir -p "$TARGET"/{agents,commands,skills,hooks,modes,mcp}
 
     # Use portable archive files if available, otherwise use source repo
     if [ -n "$portable_files" ] && [ -d "$portable_files" ]; then
         echo "  Using files from portable archive..."
-        cp -r "$portable_files/agents/"* "$TARGET/agents/" 2>/dev/null || true
-        cp -r "$portable_files/commands/"* "$TARGET/commands/" 2>/dev/null || true
-        cp -r "$portable_files/skills/"* "$TARGET/skills/" 2>/dev/null || true
-        cp -r "$portable_files/hooks/"* "$TARGET/hooks/" 2>/dev/null || true
-        cp -r "$portable_files/modes/"* "$TARGET/modes/" 2>/dev/null || true
-        cp -r "$portable_files/mcp/"* "$TARGET/mcp/" 2>/dev/null || true
+        copy_all_components "$portable_files" "$TARGET" ""
     else
-        cp -r "$SCRIPT_DIR/agents/"* "$TARGET/agents/" 2>/dev/null || true
-        cp -r "$SCRIPT_DIR/commands/"* "$TARGET/commands/" 2>/dev/null || true
-        copy_skills "$TARGET" "$PROFILE"
-        cp -r "$SCRIPT_DIR/hooks/"* "$TARGET/hooks/" 2>/dev/null || true
-        cp -r "$SCRIPT_DIR/modes/"* "$TARGET/modes/" 2>/dev/null || true
-        cp -r "$SCRIPT_DIR/mcp/"* "$TARGET/mcp/" 2>/dev/null || true
+        copy_all_components "$SCRIPT_DIR" "$TARGET" "$PROFILE"
     fi
-    chmod +x "$TARGET/hooks/"*.sh 2>/dev/null || true
 
     # Restore settings.json from snapshot
     if command -v python3 >/dev/null 2>&1; then
@@ -2707,10 +2782,17 @@ do_add_skill() {
         exit 1
     fi
 
-    # Security warning if scripts present
+    # Security gate: block skills with executable scripts unless --trust is used
     if find "$tmp_dir/repo" -name "*.sh" -o -name "*.py" 2>/dev/null | grep -q .; then
-        echo "  Warning: this skill contains executable scripts"
-        echo "  Review them before use: $skill_dir/scripts/"
+        if [ "${TRUST_SKILL:-false}" = true ]; then
+            yellow "  Warning: this skill contains executable scripts — installing with --trust"
+        else
+            echo "  ERROR: This skill contains executable scripts (.sh/.py)."
+            echo "  Re-run with --trust to install: install.sh --add-skill $ADD_SKILL_URL --trust"
+            echo "  Review the source first: $ADD_SKILL_URL"
+            rm -rf "$tmp_dir"
+            exit 1
+        fi
     fi
 
     # Create community directory if needed
@@ -2831,7 +2913,8 @@ do_team_install() {
 
     # Generate temporary profile JSON from skills list
     if [ -n "$TEAM_SKILLS" ]; then
-        local tmp_profile="/tmp/cortexhawk-team-$$.json"
+        local tmp_profile
+        tmp_profile=$(mktemp /tmp/cortexhawk-team-XXXXXX.json)
         printf '{\n  "name": "team",\n  "skills": [\n' > "$tmp_profile"
         local first=true
         while IFS= read -r skill; do
@@ -2922,12 +3005,7 @@ install_claude() {
         echo "  Profile: ${PROFILE:-all}"
         echo ""
         echo "Would install:"
-        for comp in agents commands hooks modes mcp; do
-            local c; c=$(find "$SCRIPT_DIR/$comp" -type f 2>/dev/null | wc -l | tr -d ' ')
-            printf "  %-12s %s files\n" "$comp/" "$c"
-        done
-        local sc; sc=$(find "$SCRIPT_DIR/skills" -type f 2>/dev/null | wc -l | tr -d ' ')
-        printf "  %-12s %s files\n" "skills/" "$sc"
+        count_component_files "$SCRIPT_DIR"
         echo "  settings.json"
         [ ! -f "$(pwd)/CLAUDE.md" ] && echo "  CLAUDE.md"
         echo ""
@@ -2937,9 +3015,8 @@ install_claude() {
 
     echo "Installing for Claude Code to project: $TARGET"
 
-    mkdir -p "$TARGET"/{agents,commands,skills,hooks,modes,mcp}
+    copy_all_components "$SCRIPT_DIR" "$TARGET" "$PROFILE"
 
-    cp -r "$SCRIPT_DIR/agents/"* "$TARGET/agents/" 2>/dev/null || true
     # Copy agent personas from project root if present
     local project_root
     project_root="$(dirname "$TARGET")"
@@ -2949,11 +3026,6 @@ install_claude() {
         persona_count=$(find "$project_root/.cortexhawk-agents" -name "*.md" -type f 2>/dev/null | wc -l | tr -d ' ')
         [ "$persona_count" -gt 0 ] && echo "  Loaded $persona_count agent persona(s) from .cortexhawk-agents/"
     fi
-    cp -r "$SCRIPT_DIR/commands/"* "$TARGET/commands/" 2>/dev/null || true
-    copy_skills "$TARGET" "$PROFILE"
-    cp -r "$SCRIPT_DIR/hooks/"* "$TARGET/hooks/" 2>/dev/null || true
-    cp -r "$SCRIPT_DIR/modes/"* "$TARGET/modes/" 2>/dev/null || true
-    cp -r "$SCRIPT_DIR/mcp/"* "$TARGET/mcp/" 2>/dev/null || true
 
     local hooks_json
     hooks_json=$(generate_hooks_config "$SCRIPT_DIR/hooks/compose.yml" ".claude/hooks")
@@ -3330,7 +3402,8 @@ do_test_hooks() {
     echo ""
 
     local ok=0 fail=0
-    local tmpfile="/tmp/.cortexhawk-hooktest-$$"
+    local tmpfile
+    tmpfile=$(mktemp /tmp/.cortexhawk-hooktest-XXXXXX)
     echo "test file content" > "$tmpfile"
 
     for hook in "$hooks_dir"/*.sh; do
@@ -3668,9 +3741,11 @@ do_publish_skill() {
     # Create GitHub repo
     echo ""
     echo "  Creating repository..."
+    local repo_exists=false
     if gh repo view "$gh_user/$repo_name" &>/dev/null; then
         echo "  Repository already exists: $gh_user/$repo_name"
         echo "  Pushing latest files..."
+        repo_exists=true
     else
         gh repo create "$repo_name" --public --description "CortexHawk skill: $skill_desc" --clone=false
     fi
@@ -3694,7 +3769,11 @@ do_publish_skill() {
     git commit --quiet -m "feat: publish $skill_name skill"
     git branch -M main
     git remote add origin "https://github.com/$gh_user/$repo_name.git"
-    git push -u origin main --force --quiet 2>/dev/null
+    if [ "$repo_exists" = true ]; then
+        git push -u origin main --quiet 2>/dev/null
+    else
+        git push -u origin main --force --quiet 2>/dev/null
+    fi
     cd - >/dev/null
 
     # Cleanup
@@ -3729,7 +3808,8 @@ do_publish_skill() {
 
 # --- do_demo() ---
 do_demo() {
-    local demo_dir="/tmp/cortexhawk-demo-$$"
+    local demo_dir
+    demo_dir=$(mktemp -d /tmp/cortexhawk-demo-XXXXXX)
     mkdir -p "$demo_dir"
 
     echo ""

package/mcp/README.md

@@ -15,6 +15,7 @@ cp mcp/context7.json .mcp.json
 
 | Server | Purpose | Requires |
 |---|---|---|
+| `github.json` | GitHub API — PRs, issues, reviews, repos | npx + `GITHUB_PERSONAL_ACCESS_TOKEN` env |
 | `context7.json` | Library docs lookup via Context7 | npx |
 | `sequential-thinking.json` | Step-by-step reasoning for complex problems | npx |
 | `puppeteer.json` | Browser automation and testing | npx |
@@ -35,3 +36,38 @@ Create or edit `.mcp.json` at your project root:
 ```
 
 Then restart Claude Code to activate.
+
+## GitHub Token Setup
+
+`github.json` requires a `GITHUB_PERSONAL_ACCESS_TOKEN`. Options (pick one):
+
+**Option 1 — `gh auth token` (recommended, zero extra credentials)**
+```bash
+# ~/.zshrc or ~/.bashrc
+export GITHUB_PERSONAL_ACCESS_TOKEN=$(gh auth token)
+```
+Reuses existing `gh` CLI auth — nothing new to manage.
+
+**Option 2 — `.claude/settings.json` (project-level, gitignored)**
+```json
+{
+  "env": {
+    "GITHUB_PERSONAL_ACCESS_TOKEN": "ghp_xxxx"
+  }
+}
+```
+
+**Option 3 — Shell profile (direct)**
+```bash
+export GITHUB_PERSONAL_ACCESS_TOKEN=ghp_xxxx
+```
+
+**Option 4 — `direnv` (`.envrc`, add to `.gitignore`)**
+```bash
+export GITHUB_PERSONAL_ACCESS_TOKEN=ghp_xxxx
+```
+
+**Option 5 — Password manager CLI**
+```bash
+export GITHUB_PERSONAL_ACCESS_TOKEN=$(op read "op://vault/github-pat/token")
+```

package/mcp/github.json

@@ -0,0 +1,11 @@
+{
+  "mcpServers": {
+    "github": {
+      "command": "npx",
+      "args": ["-y", "@modelcontextprotocol/server-github"],
+      "env": {
+        "GITHUB_PERSONAL_ACCESS_TOKEN": "${GITHUB_PERSONAL_ACCESS_TOKEN}"
+      }
+    }
+  }
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "cortexhawk",
-  "version": "3.2.0",
+  "version": "3.3.0",
   "description": "Open-source development toolkit for Claude Code — optimized agents, skills, commands, hooks, and modes",
   "bin": {
     "cortexhawk": "./cortexhawk"

package/profiles/api.json

@@ -23,5 +23,6 @@
     "workflow/commit",
     "workflow/confidence-check",
     "workflow/pr-review-comments"
-  ]
+  ],
+  "mcp": ["github", "sequential-thinking"]
 }

package/profiles/fullstack.json

@@ -23,5 +23,6 @@
     "workflow/commit",
     "workflow/confidence-check",
     "workflow/pr-review-comments"
-  ]
+  ],
+  "mcp": ["github", "context7", "sequential-thinking"]
 }

package/scripts/autodetect-profile.sh

@@ -46,7 +46,7 @@ for skill_file in "$CORTEXHAWK_DIR"/skills/*/*/SKILL.md; do
 done
 
 # --- Generate JSON ---
-PROFILE_FILE="/tmp/cortexhawk-autodetect-$$.json"
+PROFILE_FILE=$(mktemp /tmp/cortexhawk-autodetect-XXXXXX)
 SKILL_JSON=$(echo "$SKILLS" | tr ',' '\n' | sed 's/.*/    "&"/' | paste -sd ',' - | sed 's/,/,\n/g')
 cat > "$PROFILE_FILE" << EOF
 {

package/scripts/interactive-init.sh

@@ -93,7 +93,7 @@ case "$skill_choice" in
         fi
 
         # Generate custom profile JSON
-        PROFILE_FILE="/tmp/cortexhawk-custom-$(date +%s).json"
+        PROFILE_FILE=$(mktemp /tmp/cortexhawk-custom-XXXXXX)
         SKILL_LINES=""
         SKILL_COUNT=0
         for category in $SELECTED_CATS; do
@@ -133,7 +133,8 @@ if [ -n "$SKILLSMP_KEY" ]; then
     else
         echo "SKILLSMP_API_KEY=$SKILLSMP_KEY" >> .env
     fi
-    green "  → saved to .env"
+    chmod 600 .env
+    green "  → saved to .env (permissions: owner-only)"
 else
     yellow "  → skipped (use --search with local REGISTRY.md only)"
 fi

package/scripts/lint-guard-runner.sh

@@ -0,0 +1,132 @@
+#!/bin/bash
+# lint-guard-runner.sh — Formatter/linter execution with detection cache + parallel linters
+# Called by hooks/lint-guard.sh
+# Formatters: sequential (git add must not race). Linters: parallel (check-only).
+
+REPO_ROOT=$(git rev-parse --show-toplevel 2>/dev/null)
+[ -z "$REPO_ROOT" ] && exit 0
+STAGED=$(git diff --cached --name-only 2>/dev/null)
+[ -z "$STAGED" ] && exit 0
+
+# Opt-out config
+CONF_FILE="$REPO_ROOT/.claude/git-workflow.conf"
+LINT_SKIP=$(grep '^LINT_SKIP=' "$CONF_FILE" 2>/dev/null | cut -d= -f2 | tr ',' '\n')
+
+lint_cfg() {
+  local key="$1" default="${2:-auto}"
+  if [ -f "$REPO_ROOT/.cortexhawk-lint.yml" ]; then
+    local val
+    val=$(grep -E "^\s+$key:" "$REPO_ROOT/.cortexhawk-lint.yml" 2>/dev/null \
+      | sed 's/.*: *//' | tr -d ' \r')
+    echo "${val:-$default}"
+  else
+    echo "$default"
+  fi
+}
+
+TIMEOUT_SECS=$(lint_cfg "timeout" "30")
+case "$TIMEOUT_SECS" in ''|*[!0-9]*|0) TIMEOUT_SECS=30 ;; esac
+FAIL_ON_FMT=$(lint_cfg "fail_on_formatter" "false")
+TIMEOUT_CMD=""
+command -v timeout  &>/dev/null && TIMEOUT_CMD="timeout $TIMEOUT_SECS"
+command -v gtimeout &>/dev/null && [ -z "$TIMEOUT_CMD" ] && TIMEOUT_CMD="gtimeout $TIMEOUT_SECS"
+
+# --- DETECTION CACHE (1hr TTL, safe key=value, no source) ---
+mkdir -p "$REPO_ROOT/.claude" 2>/dev/null || true
+CACHE="$REPO_ROOT/.claude/lint-guard-cache"
+_mtime() { stat -c %Y "$1" 2>/dev/null || stat -f %m "$1" 2>/dev/null || date +%s; }
+[ -f "$CACHE" ] && [ $(( $(date +%s) - $(_mtime "$CACHE") )) -gt 3600 ] && rm -f "$CACHE"
+cache_get() { grep -m1 "^$1=" "$CACHE" 2>/dev/null | cut -d= -f2; }
+cache_set() { local _tmp; _tmp=$(mktemp "${CACHE}.XXXXXX"); { grep -v "^$1=" "$CACHE" 2>/dev/null; echo "$1=$2"; } > "$_tmp" && mv "$_tmp" "$CACHE" || rm -f "$_tmp"; }
+
+# --- TOOL DETECTION ---
+STAGED_JS=$(echo "$STAGED" | grep -E '\.(js|ts|jsx|tsx|mjs|cjs)$' || true)
+STAGED_CSS=$(echo "$STAGED" | grep -E '\.(css|scss|sass|less)$' || true)
+STAGED_PY=$(echo "$STAGED" | grep -E '\.py$' || true)
+STAGED_RS=$(echo "$STAGED" | grep -E '\.rs$' || true)
+STAGED_GO=$(echo "$STAGED" | grep -E '\.go$' || true)
+
+has_config() {
+  case "$1" in
+    prettier)  ls "$REPO_ROOT"/.prettierrc* "$REPO_ROOT"/prettier.config.* 2>/dev/null | grep -q . \
+               || grep -qs '"prettier"' "$REPO_ROOT/package.json" 2>/dev/null ;;
+    eslint)    ls "$REPO_ROOT"/.eslintrc* "$REPO_ROOT"/eslint.config.* 2>/dev/null | grep -q . ;;
+    black)     grep -qs '\[tool\.black\]' "$REPO_ROOT/pyproject.toml" 2>/dev/null ;;
+    flake8)    [ -f "$REPO_ROOT/.flake8" ] || grep -qs '\[flake8\]' "$REPO_ROOT/setup.cfg" 2>/dev/null ;;
+    mypy)      grep -qs '\[tool\.mypy\]' "$REPO_ROOT/pyproject.toml" 2>/dev/null || [ -f "$REPO_ROOT/mypy.ini" ] ;;
+    stylelint) ls "$REPO_ROOT"/.stylelintrc* "$REPO_ROOT"/stylelint.config.* 2>/dev/null | grep -q . ;;
+    rustfmt)   [ -f "$REPO_ROOT/rustfmt.toml" ] || [ -f "$REPO_ROOT/.rustfmt.toml" ] ;;
+    gofmt)     true ;;
+  esac
+}
+
+c_has_config() {
+  local key="HAS_$(echo "$1" | tr '[:lower:]' '[:upper:]')"
+  local cached; cached=$(cache_get "$key")
+  if [ -n "$cached" ]; then [ "$cached" = "1" ]; return $?; fi
+  if has_config "$1"; then cache_set "$key" "1"; return 0
+  else cache_set "$key" "0"; return 1; fi
+}
+
+is_enabled() {
+  echo "$LINT_SKIP" | grep -qx "$1" && return 1
+  local val; val=$(lint_cfg "$1"); [ "$val" != "false" ]
+}
+
+tool_ok() { command -v "$1" &>/dev/null; }
+
+# Pre-populate cache before parallel stage to avoid write races
+for _t in prettier eslint black flake8 mypy stylelint rustfmt gofmt; do
+  c_has_config "$_t" >/dev/null 2>&1
+done
+
+# --- FORMATTERS (sequential — git add must not race) ---
+run_formatter() {
+  local name="$1" cmd="$2" files="$3"
+  is_enabled "$name" || return 0
+  c_has_config "$name" || return 0
+  tool_ok "$name" || { echo "lint-guard: $name not in PATH, skipping"; return 0; }
+  [ -z "$files" ] && return 0
+  echo "lint-guard: $name (auto-fix)..."
+  # shellcheck disable=SC2086
+  if echo "$files" | tr '\n' '\0' | xargs -0 $TIMEOUT_CMD $cmd 2>/dev/null; then
+    echo "$files" | tr '\n' '\0' | xargs -0 git add 2>/dev/null || true
+  else
+    echo "lint-guard: $name formatter failed" >&2
+    [ "$FAIL_ON_FMT" = "true" ] && exit 2
+  fi
+}
+
+[ -n "$STAGED_JS" ]  && run_formatter "prettier"  "prettier --write" "$STAGED_JS"
+[ -n "$STAGED_CSS" ] && run_formatter "stylelint" "stylelint --fix"  "$STAGED_CSS"
+[ -n "$STAGED_PY" ]  && run_formatter "black"     "black"            "$STAGED_PY"
+[ -n "$STAGED_RS" ]  && run_formatter "rustfmt"   "rustfmt"          "$STAGED_RS"
+[ -n "$STAGED_GO" ]  && run_formatter "gofmt"     "gofmt -w"         "$STAGED_GO"
+
+# --- LINTERS (parallel — check-only, no file writes) ---
+ERR_DIR=$(mktemp -d)
+trap 'rm -rf "$ERR_DIR"' EXIT
+
+run_linter_bg() {
+  local name="$1" cmd="$2" files="$3"
+  is_enabled "$name" || return 0
+  c_has_config "$name" || return 0
+  tool_ok "$name" || { echo "lint-guard: $name not in PATH, skipping"; return 0; }
+  [ -z "$files" ] && return 0
+  echo "lint-guard: $name (check)..."
+  # shellcheck disable=SC2086
+  if ! echo "$files" | tr '\n' '\0' | xargs -0 $TIMEOUT_CMD $cmd 2>&1; then
+    echo "BLOCKED by lint-guard: $name errors found. Fix above, re-stage, and retry." >&2
+    touch "$ERR_DIR/$name"
+  fi
+}
+
+# Output from parallel linters may interleave on screen; ERR_DIR signals are reliable regardless.
+[ -n "$STAGED_JS" ] && run_linter_bg "eslint" "eslint --max-warnings=0" "$STAGED_JS" &
+[ -n "$STAGED_PY" ] && run_linter_bg "flake8" "flake8"                  "$STAGED_PY" &
+[ -n "$STAGED_PY" ] && run_linter_bg "mypy"   "mypy --no-error-summary" "$STAGED_PY" &
+wait
+
+ERRORS=$(find "$ERR_DIR" -type f 2>/dev/null | wc -l | tr -d ' ')
+[ "$ERRORS" -gt 0 ] && exit 2
+exit 0

package/scripts/post-merge-cleanup.sh

@@ -0,0 +1,143 @@
+#!/bin/bash
+# post-merge-cleanup.sh — Delete merged branches and optionally create new feature branch
+# Called by /cleanup command and post-merge hook
+# Args: --auto (silent mode, no prompts, skip remote deletion)
+
+set -e
+
+# Parse arguments
+AUTO_MODE=false
+[ "$1" = "--auto" ] && AUTO_MODE=true
+[ ! -t 0 ] && AUTO_MODE=true  # No TTY (Claude Bash tool, CI, pipe) → auto
+
+# Validate git repository
+if ! git rev-parse --is-inside-work-tree >/dev/null 2>&1; then
+    echo "Error: not a git repository"
+    exit 1
+fi
+
+# --- Branching detection with fallback layers ---
+BRANCHING="direct-main"
+MAIN_BRANCH="main"
+WORK_BRANCH=""
+
+# Layer 1: Read .claude/git-workflow.conf (safe parsing, no source)
+if [ -f ".claude/git-workflow.conf" ]; then
+    BRANCHING=$(grep -E '^BRANCHING=' ".claude/git-workflow.conf" | head -1 | cut -d= -f2 | tr -d '"' | tr -d "'")
+    WORK_BRANCH=$(grep -E '^WORK_BRANCH=' ".claude/git-workflow.conf" | head -1 | cut -d= -f2 | tr -d '"' | tr -d "'")
+
+    case "$BRANCHING" in
+        dev-branch)
+            MAIN_BRANCH="${WORK_BRANCH:-dev}"
+            ;;
+        gitflow)
+            MAIN_BRANCH="develop"
+            ;;
+        feature-branches|direct-main)
+            MAIN_BRANCH="main"
+            ;;
+    esac
+fi
+
+# Layer 2: Fallback to CLAUDE.md
+if [ ! -f ".claude/git-workflow.conf" ] && [ -f "CLAUDE.md" ]; then
+    if grep -q "^## Git Workflow" "CLAUDE.md"; then
+        DETECTED=$(grep -i "branching:" "CLAUDE.md" | head -1 | sed 's/.*: //' | awk '{print $1}')
+        case "$DETECTED" in
+            dev-branch)
+                BRANCHING="dev-branch"
+                WORK_BRANCH=$(grep -i "working branch:" "CLAUDE.md" | head -1 | sed 's/.*: //' | tr -d ')')
+                MAIN_BRANCH="${WORK_BRANCH:-dev}"
+                ;;
+            gitflow)
+                BRANCHING="gitflow"
+                MAIN_BRANCH="develop"
+                ;;
+            feature-branches)
+                BRANCHING="feature-branches"
+                MAIN_BRANCH="main"
+                ;;
+            direct-main)
+                BRANCHING="direct-main"
+                MAIN_BRANCH="main"
+                ;;
+        esac
+    fi
+fi
+
+# Layer 3: Git-based fallback (detect main vs master)
+if ! git rev-parse --verify "$MAIN_BRANCH" >/dev/null 2>&1; then
+    if git rev-parse --verify main >/dev/null 2>&1; then
+        MAIN_BRANCH="main"
+    elif git rev-parse --verify master >/dev/null 2>&1; then
+        MAIN_BRANCH="master"
+    else
+        echo "Error: branch $MAIN_BRANCH does not exist"
+        exit 1
+    fi
+fi
+
+[ "$AUTO_MODE" = false ] && echo "Detected branching: $BRANCHING, main branch: $MAIN_BRANCH"
+
+# --- Merged branch detection ---
+CURRENT_BRANCH=$(git branch --show-current)
+MERGED_BRANCHES=$(git branch --merged "$MAIN_BRANCH" 2>/dev/null | grep -v '^\*' | grep -vE '(main|master|dev|develop)$' | sed 's/^[[:space:]]*//' || true)
+
+if [ -z "$MERGED_BRANCHES" ]; then
+    [ "$AUTO_MODE" = false ] && echo "No merged branches to clean up"
+    exit 0
+fi
+
+BRANCH_COUNT=$(echo "$MERGED_BRANCHES" | wc -l | tr -d ' ')
+[ "$AUTO_MODE" = false ] && echo "Found $BRANCH_COUNT merged branch(es): $(echo "$MERGED_BRANCHES" | tr '\n' ' ')"
+
+# --- Check for remote ---
+REMOTE_EXISTS=true
+if ! git remote get-url origin >/dev/null 2>&1; then
+    REMOTE_EXISTS=false
+    [ "$AUTO_MODE" = false ] && echo "Warning: no remote 'origin' configured, skipping remote operations"
+fi
+
+# --- Delete merged branches ---
+while IFS= read -r branch; do
+    [ -z "$branch" ] && continue
+
+    # Local deletion
+    if [ "$AUTO_MODE" = true ]; then
+        git branch -d "$branch" 2>/dev/null || echo "Failed to delete $branch (may have unmerged changes)"
+    else
+        read -r -p "Delete local branch '$branch'? [y/N]: " confirm
+        if [ "$confirm" = "y" ] || [ "$confirm" = "Y" ]; then
+            git branch -d "$branch" || echo "Failed to delete $branch (may have unmerged changes)"
+        fi
+    fi
+
+    # Remote deletion (skip in auto mode)
+    if [ "$AUTO_MODE" = false ] && [ "$REMOTE_EXISTS" = true ]; then
+        if git rev-parse --verify "refs/remotes/origin/$branch" >/dev/null 2>&1; then
+            read -r -p "Delete remote branch 'origin/$branch'? [y/N]: " confirm_remote
+            if [ "$confirm_remote" = "y" ] || [ "$confirm_remote" = "Y" ]; then
+                git push origin --delete "$branch" 2>/dev/null || echo "Failed to delete remote branch $branch (may not exist or no permissions)"
+            fi
+        fi
+    fi
+done <<< "$MERGED_BRANCHES"
+
+# --- Post-cleanup actions ---
+if [ "$CURRENT_BRANCH" = "$MAIN_BRANCH" ] && [ "$REMOTE_EXISTS" = true ]; then
+    [ "$AUTO_MODE" = false ] && echo "Pulling latest from $MAIN_BRANCH..."
+    git pull origin "$MAIN_BRANCH" 2>/dev/null || echo "Failed to pull from $MAIN_BRANCH (network issue or conflicts)"
+fi
+
+# Feature branch creation prompt (only for feature-branches strategy, not in auto mode)
+if [ "$AUTO_MODE" = false ] && [ "$BRANCHING" = "feature-branches" ] && [ "$CURRENT_BRANCH" != "$MAIN_BRANCH" ]; then
+    read -r -p "Create new feature branch? [y/N]: " create_branch
+    if [ "$create_branch" = "y" ] || [ "$create_branch" = "Y" ]; then
+        read -r -p "Branch name (default: feat/$(date +%s)): " branch_name
+        branch_name="${branch_name:-feat/$(date +%s)}"
+        git checkout -b "$branch_name" || echo "Failed to create branch $branch_name"
+    fi
+fi
+
+[ "$AUTO_MODE" = false ] && echo "Cleanup complete!"
+exit 0

package/settings.json

@@ -14,7 +14,18 @@
       "Write(*)",
       "Edit(*)"
     ],
-    "deny": []
+    "deny": [
+      "Write(/etc/*)",
+      "Write(~/.bashrc)",
+      "Write(~/.zshrc)",
+      "Write(~/.profile)",
+      "Write(~/.ssh/*)",
+      "Edit(/etc/*)",
+      "Edit(~/.bashrc)",
+      "Edit(~/.zshrc)",
+      "Edit(~/.profile)",
+      "Edit(~/.ssh/*)"
+    ]
   },
   "hooks": {
     "SessionStart": [