dw-kit 1.2.1 → 1.3.4

package/.claude/hooks/post-write.sh

@@ -1,58 +1,64 @@
-#!/bin/bash
-# .claude/hooks/post-write.sh
-# Chạy lint trên file vừa được Write/Edit — non-blocking.
-# Được gọi bởi PostToolUse hook sau Write và Edit.
-
-INPUT=$(cat)
-
-# Extract file path từ tool result
-FILE_PATH=$(echo "$INPUT" | node -e "
-let d='';
-process.stdin.on('data',c=>d+=c).on('end',()=>{
-  try{
-    const data=JSON.parse(d);
-    const p=data.file_path||data.path||data.filePath||(data.tool_input&&(data.tool_input.file_path||data.tool_input.path))||'';
-    process.stdout.write(p);
-  }catch(e){}
-});
-" 2>/dev/null || true)
-
-[ -z "$FILE_PATH" ] && exit 0
-
-# ── Đọc lint command từ config ────────────────────────────────────────────────
-CONFIG_FILE="${CLAUDE_PROJECT_DIR:-$PWD}/.dw/config/dw.config.yml"
-[ ! -f "$CONFIG_FILE" ] && exit 0
-
-LINT_CMD=$(grep -m1 "lint_command:" "$CONFIG_FILE" 2>/dev/null \
-  | sed 's/.*:[[:space:]]*//' | tr -d '"' | tr -d "'" | tr -d '[:space:]' || true)
-
-[ -z "$LINT_CMD" ] || [ "$LINT_CMD" = "" ] && exit 0
-
-# ── Kiểm tra file có phải source code không ──────────────────────────────────
-is_source_file() {
-  local f="$1"
-  echo "$f" | grep -qE '\.(ts|tsx|js|jsx|py|go|rs|java|rb|php|vue|svelte|css|scss)$'
-}
-
-is_source_file "$FILE_PATH" || exit 0
-
-# ── Chạy lint trên file (non-blocking) ───────────────────────────────────────
-# Thử chạy lint chỉ trên file vừa thay đổi nếu tool hỗ trợ
-if echo "$LINT_CMD" | grep -q "eslint"; then
-  RESULT=$(eval "$LINT_CMD '$FILE_PATH'" 2>&1 || true)
-elif echo "$LINT_CMD" | grep -q "ruff"; then
-  RESULT=$(eval "ruff check '$FILE_PATH'" 2>&1 || true)
-elif echo "$LINT_CMD" | grep -q "pylint"; then
-  RESULT=$(eval "pylint '$FILE_PATH'" 2>&1 || true)
-else
-  # Generic: chạy toàn bộ lint command
-  RESULT=$(eval "$LINT_CMD" 2>&1 || true)
-fi
-
-if [ -n "$RESULT" ]; then
-  echo "⚠  Lint warnings sau khi write $FILE_PATH:" >&2
-  echo "$RESULT" | head -20 >&2
-  echo "   (non-blocking — kiểm tra và fix nếu cần)" >&2
-fi
-
-exit 0
+#!/bin/bash
+# .claude/hooks/post-write.sh
+# Chạy lint trên file vừa được Write/Edit — non-blocking.
+# Được gọi bởi PostToolUse hook sau Write và Edit.
+
+# Telemetry (local, fire-and-forget)
+TELEMETRY_SCRIPT="${CLAUDE_PROJECT_DIR:-$(pwd)}/.claude/hooks/telemetry-log.sh"
+if [ -x "$TELEMETRY_SCRIPT" ] && [ "${DW_NO_TELEMETRY:-}" != "1" ]; then
+  "$TELEMETRY_SCRIPT" hook post-write >/dev/null 2>&1 || true
+fi
+
+INPUT=$(cat)
+
+# Extract file path từ tool result
+FILE_PATH=$(echo "$INPUT" | node -e "
+let d='';
+process.stdin.on('data',c=>d+=c).on('end',()=>{
+  try{
+    const data=JSON.parse(d);
+    const p=data.file_path||data.path||data.filePath||(data.tool_input&&(data.tool_input.file_path||data.tool_input.path))||'';
+    process.stdout.write(p);
+  }catch(e){}
+});
+" 2>/dev/null || true)
+
+[ -z "$FILE_PATH" ] && exit 0
+
+# ── Đọc lint command từ config ────────────────────────────────────────────────
+CONFIG_FILE="${CLAUDE_PROJECT_DIR:-$PWD}/.dw/config/dw.config.yml"
+[ ! -f "$CONFIG_FILE" ] && exit 0
+
+LINT_CMD=$(grep -m1 "lint_command:" "$CONFIG_FILE" 2>/dev/null \
+  | sed 's/.*:[[:space:]]*//' | tr -d '"' | tr -d "'" | tr -d '[:space:]' || true)
+
+[ -z "$LINT_CMD" ] || [ "$LINT_CMD" = "" ] && exit 0
+
+# ── Kiểm tra file có phải source code không ──────────────────────────────────
+is_source_file() {
+  local f="$1"
+  echo "$f" | grep -qE '\.(ts|tsx|js|jsx|py|go|rs|java|rb|php|vue|svelte|css|scss)$'
+}
+
+is_source_file "$FILE_PATH" || exit 0
+
+# ── Chạy lint trên file (non-blocking) ───────────────────────────────────────
+# Thử chạy lint chỉ trên file vừa thay đổi nếu tool hỗ trợ
+if echo "$LINT_CMD" | grep -q "eslint"; then
+  RESULT=$(eval "$LINT_CMD '$FILE_PATH'" 2>&1 || true)
+elif echo "$LINT_CMD" | grep -q "ruff"; then
+  RESULT=$(eval "ruff check '$FILE_PATH'" 2>&1 || true)
+elif echo "$LINT_CMD" | grep -q "pylint"; then
+  RESULT=$(eval "pylint '$FILE_PATH'" 2>&1 || true)
+else
+  # Generic: chạy toàn bộ lint command
+  RESULT=$(eval "$LINT_CMD" 2>&1 || true)
+fi
+
+if [ -n "$RESULT" ]; then
+  echo "⚠  Lint warnings sau khi write $FILE_PATH:" >&2
+  echo "$RESULT" | head -20 >&2
+  echo "   (non-blocking — kiểm tra và fix nếu cần)" >&2
+fi
+
+exit 0

package/.claude/hooks/pre-commit-gate.sh

@@ -1,90 +1,96 @@
-#!/bin/bash
-# .claude/hooks/pre-commit-gate.sh
-# Quality gate: chạy trước mỗi Bash tool call.
-# Intercepts `git commit` để kiểm tra quality config (v1 schema).
-# exit 0 = allow (có thể warn), exit 2 = block
-
-INPUT=$(cat)
-
-# Extract command từ JSON input — pure grep/sed, no Python needed
-COMMAND=$(echo "$INPUT" | grep -o '"command"[[:space:]]*:[[:space:]]*"[^"]*"' | sed 's/"command"[[:space:]]*:[[:space:]]*"//;s/"$//' | head -1)
-
-# Chỉ xử lý git commit commands
-if ! echo "$COMMAND" | grep -qE '^\s*git\s+commit'; then
-  exit 0
-fi
-
-# Đọc config
-CONFIG_FILE="$CLAUDE_PROJECT_DIR/.dw/config/dw.config.yml"
-if [ ! -f "$CONFIG_FILE" ]; then
-  exit 0
-fi
-
-# Parse values từ YAML — pure grep/sed, no Python needed
-get_value() {
-  local key="$1"
-  grep -m1 "^[[:space:]]*${key}:" "$CONFIG_FILE" 2>/dev/null \
-    | sed 's/.*:[[:space:]]*//' \
-    | sed 's/[[:space:]]*#.*//' \
-    | tr -d '"'"'"' \
-    | tr '[:upper:]' '[:lower:]' \
-    | tr -d '[:space:]' \
-    || echo ""
-}
-
-BLOCK_ON_FAIL=$(get_value "block_on_fail")
-TEST_COMMAND=$(get_value "test_command")
-LINT_COMMAND=$(get_value "lint_command")
-HAS_TESTS=false
-HAS_LINT=false
-[ -n "$TEST_COMMAND" ] && HAS_TESTS=true
-[ -n "$LINT_COMMAND" ] && HAS_LINT=true
-
-# Nếu không cấu hình test/lint command → allow (chỉ chạy safety checks)
-if [ "$HAS_TESTS" = false ] && [ "$HAS_LINT" = false ]; then
-  exit 0
-fi
-
-# Thông báo quality gate đang check
-echo "⚙️  dw-kit quality gate đang kiểm tra..." >&2
-
-ISSUES=0
-
-# Check: có debug code không?
-STAGED_FILES=$(git diff --cached --name-only 2>/dev/null)
-if [ -n "$STAGED_FILES" ]; then
-  DEBUG_FOUND=$(git diff --cached 2>/dev/null | grep "^+" | grep -E "console\.log\(|debugger|var_dump\(|dd\(|pdb\.set_trace" | grep -v "^+++" | head -5)
-  if [ -n "$DEBUG_FOUND" ]; then
-    echo "⚠️  Warning: Phát hiện debug code còn sót:" >&2
-    echo "$DEBUG_FOUND" >&2
-    ISSUES=$((ISSUES + 1))
-  fi
-fi
-
-# Check: sensitive patterns?
-SENSITIVE=$(git diff --cached 2>/dev/null | grep "^+" | grep -iE "(password|secret|api_key|private_key)\s*=\s*['\"][^'\"]{8,}" | grep -v "^+++" | head -3)
-if [ -n "$SENSITIVE" ]; then
-  echo "🚨 CẢNH BÁO: Có thể có sensitive data trong commit!" >&2
-  echo "$SENSITIVE" >&2
-  if [ "$BLOCK_ON_FAIL" = "true" ]; then
-    echo "Commit bị block. Kiểm tra lại staged files." >&2
-    exit 2
-  fi
-fi
-
-# Reminder về tests/lint theo config v1
-if [ "$HAS_TESTS" = true ]; then
-  echo "📋 Reminder: Hãy đảm bảo tests đã pass trước khi commit." >&2
-  echo "   Test command: $TEST_COMMAND" >&2
-fi
-
-if [ "$HAS_LINT" = true ]; then
-  echo "📋 Reminder: Hãy đảm bảo lint đã pass trước khi commit." >&2
-  echo "   Lint command: $LINT_COMMAND" >&2
-fi
-
-if [ "$ISSUES" -eq 0 ]; then
-  echo "✅ Quality gate: OK" >&2
-fi
-
-exit 0
+#!/bin/bash
+# .claude/hooks/pre-commit-gate.sh
+# Quality gate: chạy trước mỗi Bash tool call.
+# Intercepts `git commit` để kiểm tra quality config (v1 schema).
+# exit 0 = allow (có thể warn), exit 2 = block
+
+INPUT=$(cat)
+
+# Extract command từ JSON input — pure grep/sed, no Python needed
+COMMAND=$(echo "$INPUT" | grep -o '"command"[[:space:]]*:[[:space:]]*"[^"]*"' | sed 's/"command"[[:space:]]*:[[:space:]]*"//;s/"$//' | head -1)
+
+# Chỉ xử lý git commit commands
+if ! echo "$COMMAND" | grep -qE '^\s*git\s+commit'; then
+  exit 0
+fi
+
+# Telemetry (local, fire-and-forget)
+TELEMETRY_SCRIPT="${CLAUDE_PROJECT_DIR:-$(pwd)}/.claude/hooks/telemetry-log.sh"
+if [ -x "$TELEMETRY_SCRIPT" ] && [ "${DW_NO_TELEMETRY:-}" != "1" ]; then
+  "$TELEMETRY_SCRIPT" hook pre-commit-gate >/dev/null 2>&1 || true
+fi
+
+# Đọc config
+CONFIG_FILE="$CLAUDE_PROJECT_DIR/.dw/config/dw.config.yml"
+if [ ! -f "$CONFIG_FILE" ]; then
+  exit 0
+fi
+
+# Parse values từ YAML — pure grep/sed, no Python needed
+get_value() {
+  local key="$1"
+  grep -m1 "^[[:space:]]*${key}:" "$CONFIG_FILE" 2>/dev/null \
+    | sed 's/.*:[[:space:]]*//' \
+    | sed 's/[[:space:]]*#.*//' \
+    | sed 's/["'\'']//g' \
+    | tr '[:upper:]' '[:lower:]' \
+    | tr -d '[:space:]' \
+    || echo ""
+}
+
+BLOCK_ON_FAIL=$(get_value "block_on_fail")
+TEST_COMMAND=$(get_value "test_command")
+LINT_COMMAND=$(get_value "lint_command")
+HAS_TESTS=false
+HAS_LINT=false
+[ -n "$TEST_COMMAND" ] && HAS_TESTS=true
+[ -n "$LINT_COMMAND" ] && HAS_LINT=true
+
+# Nếu không cấu hình test/lint command → allow (chỉ chạy safety checks)
+if [ "$HAS_TESTS" = false ] && [ "$HAS_LINT" = false ]; then
+  exit 0
+fi
+
+# Thông báo quality gate đang check
+echo "⚙️  dw-kit quality gate đang kiểm tra..." >&2
+
+ISSUES=0
+
+# Check: có debug code không?
+STAGED_FILES=$(git diff --cached --name-only 2>/dev/null)
+if [ -n "$STAGED_FILES" ]; then
+  DEBUG_FOUND=$(git diff --cached 2>/dev/null | grep "^+" | grep -E "console\.log\(|debugger|var_dump\(|dd\(|pdb\.set_trace" | grep -v "^+++" | head -5)
+  if [ -n "$DEBUG_FOUND" ]; then
+    echo "⚠️  Warning: Phát hiện debug code còn sót:" >&2
+    echo "$DEBUG_FOUND" >&2
+    ISSUES=$((ISSUES + 1))
+  fi
+fi
+
+# Check: sensitive patterns?
+SENSITIVE=$(git diff --cached 2>/dev/null | grep "^+" | grep -iE '(password|secret|api_key|private_key)[[:space:]]*=[[:space:]]*.{8,}' | grep -v "^+++" | head -3)
+if [ -n "$SENSITIVE" ]; then
+  echo "🚨 CẢNH BÁO: Có thể có sensitive data trong commit!" >&2
+  echo "$SENSITIVE" >&2
+  if [ "$BLOCK_ON_FAIL" = "true" ]; then
+    echo "Commit bị block. Kiểm tra lại staged files." >&2
+    exit 2
+  fi
+fi
+
+# Reminder về tests/lint theo config v1
+if [ "$HAS_TESTS" = true ]; then
+  echo "📋 Reminder: Hãy đảm bảo tests đã pass trước khi commit." >&2
+  echo "   Test command: $TEST_COMMAND" >&2
+fi
+
+if [ "$HAS_LINT" = true ]; then
+  echo "📋 Reminder: Hãy đảm bảo lint đã pass trước khi commit." >&2
+  echo "   Lint command: $LINT_COMMAND" >&2
+fi
+
+if [ "$ISSUES" -eq 0 ]; then
+  echo "✅ Quality gate: OK" >&2
+fi
+
+exit 0

package/.claude/hooks/privacy-block.sh

@@ -1,94 +1,99 @@
-#!/usr/bin/env bash
-# .claude/hooks/privacy-block.sh — dw-kit v1.2
-# Block agent reads vào sensitive files (credentials, secrets, private keys).
-# Học từ claudekit privacy-block pattern.
-#
-# PreToolUse hook cho: Read
-# exit 0 = allow, exit 2 = block
-
-INPUT=$(cat)
-
-TOOL_NAME=$(echo "$INPUT" | node -e "
-let d='';
-process.stdin.on('data',c=>d+=c).on('end',()=>{
-  try{ process.stdout.write(JSON.parse(d).tool_name||''); }catch(e){}
-});
-" 2>/dev/null || true)
-
-[ "$TOOL_NAME" != "Read" ] && exit 0
-
-FILE_PATH=$(echo "$INPUT" | node -e "
-let d='';
-process.stdin.on('data',c=>d+=c).on('end',()=>{
-  try{ const p=JSON.parse(d); process.stdout.write((p.tool_input&&p.tool_input.file_path)||''); }catch(e){}
-});
-" 2>/dev/null || true)
-
-[ -z "$FILE_PATH" ] && exit 0
-
-BASENAME=$(basename "$FILE_PATH")
-NORM=$(echo "$FILE_PATH" | tr '\\' '/')
-
-# ── Allow-list: safe files dù tên giống sensitive ─────────────────────────────
-ALLOWED_PATTERNS=(
-  ".env.example"
-  ".env.sample"
-  ".env.template"
-  ".env.test"
-  ".env.local.example"
-  "*.example"
-  "*.sample"
-)
-
-for allow in "${ALLOWED_PATTERNS[@]}"; do
-  if [[ "$BASENAME" == $allow ]]; then
-    exit 0
-  fi
-done
-
-# ── Block patterns ──────────────────────────────────────────────────────────────
-BLOCKED=false
-REASON=""
-
-# .env files (nhưng không phải .env.example đã allow ở trên)
-if [[ "$BASENAME" == ".env" ]] || [[ "$BASENAME" == .env.* ]]; then
-  BLOCKED=true
-  REASON="Environment file (có thể chứa secrets/API keys)"
-fi
-
-# Private key files
-if [[ "$BASENAME" == *.pem ]] || [[ "$BASENAME" == *.key ]] || \
-   [[ "$BASENAME" == *.p12 ]] || [[ "$BASENAME" == *.pfx ]] || \
-   [[ "$BASENAME" == *.jks ]]; then
-  BLOCKED=true
-  REASON="Private key / certificate file"
-fi
-
-# Credentials & secrets files
-if echo "$BASENAME" | grep -qiE '^(credentials|secrets?|secret[-_]key|api[-_]key|auth[-_]token|access[-_]token)(\.[a-z]+)?$'; then
-  BLOCKED=true
-  REASON="Credentials / secrets file"
-fi
-
-# Known credential file patterns
-if [[ "$BASENAME" == "*.credentials.json" ]] || \
-   echo "$NORM" | grep -qiE '/(credentials|secrets)/'; then
-  BLOCKED=true
-  REASON="Credentials directory hoặc file"
-fi
-
-# Service account / GCP keys
-if echo "$BASENAME" | grep -qiE 'service[-_]account.*\.json$|gcp.*key.*\.json$|firebase.*key.*\.json$'; then
-  BLOCKED=true
-  REASON="Service account / cloud credentials"
-fi
-
-if [ "$BLOCKED" = true ]; then
-  echo "🔒 privacy-block: Blocked sensitive file read" >&2
-  echo "   File: $FILE_PATH" >&2
-  echo "   Lý do: $REASON" >&2
-  echo "   Nếu thực sự cần đọc file này, hãy confirm rõ ràng trong prompt." >&2
-  exit 2
-fi
-
-exit 0
+#!/usr/bin/env bash
+# .claude/hooks/privacy-block.sh — dw-kit v1.3 (Guards pillar)
+# Block agent reads vào sensitive files (credentials, secrets, private keys).
+#
+# PreToolUse hook cho: Read
+# exit 0 = allow, exit 2 = block
+
+# Telemetry (local, fire-and-forget) — log every check
+TELEMETRY_SCRIPT="${CLAUDE_PROJECT_DIR:-$(pwd)}/.claude/hooks/telemetry-log.sh"
+if [ -x "$TELEMETRY_SCRIPT" ] && [ "${DW_NO_TELEMETRY:-}" != "1" ]; then
+  "$TELEMETRY_SCRIPT" hook privacy-block >/dev/null 2>&1 || true
+fi
+
+INPUT=$(cat)
+
+TOOL_NAME=$(echo "$INPUT" | node -e "
+let d='';
+process.stdin.on('data',c=>d+=c).on('end',()=>{
+  try{ process.stdout.write(JSON.parse(d).tool_name||''); }catch(e){}
+});
+" 2>/dev/null || true)
+
+[ "$TOOL_NAME" != "Read" ] && exit 0
+
+FILE_PATH=$(echo "$INPUT" | node -e "
+let d='';
+process.stdin.on('data',c=>d+=c).on('end',()=>{
+  try{ const p=JSON.parse(d); process.stdout.write((p.tool_input&&p.tool_input.file_path)||''); }catch(e){}
+});
+" 2>/dev/null || true)
+
+[ -z "$FILE_PATH" ] && exit 0
+
+BASENAME=$(basename "$FILE_PATH")
+NORM=$(echo "$FILE_PATH" | tr '\\' '/')
+
+# ── Allow-list: safe files dù tên giống sensitive ─────────────────────────────
+ALLOWED_PATTERNS=(
+  ".env.example"
+  ".env.sample"
+  ".env.template"
+  ".env.test"
+  ".env.local.example"
+  "*.example"
+  "*.sample"
+)
+
+for allow in "${ALLOWED_PATTERNS[@]}"; do
+  if [[ "$BASENAME" == $allow ]]; then
+    exit 0
+  fi
+done
+
+# ── Block patterns ──────────────────────────────────────────────────────────────
+BLOCKED=false
+REASON=""
+
+# .env files (nhưng không phải .env.example đã allow ở trên)
+if [[ "$BASENAME" == ".env" ]] || [[ "$BASENAME" == .env.* ]]; then
+  BLOCKED=true
+  REASON="Environment file (có thể chứa secrets/API keys)"
+fi
+
+# Private key files
+if [[ "$BASENAME" == *.pem ]] || [[ "$BASENAME" == *.key ]] || \
+   [[ "$BASENAME" == *.p12 ]] || [[ "$BASENAME" == *.pfx ]] || \
+   [[ "$BASENAME" == *.jks ]]; then
+  BLOCKED=true
+  REASON="Private key / certificate file"
+fi
+
+# Credentials & secrets files
+if echo "$BASENAME" | grep -qiE '^(credentials|secrets?|secret[-_]key|api[-_]key|auth[-_]token|access[-_]token)(\.[a-z]+)?$'; then
+  BLOCKED=true
+  REASON="Credentials / secrets file"
+fi
+
+# Known credential file patterns
+if [[ "$BASENAME" == "*.credentials.json" ]] || \
+   echo "$NORM" | grep -qiE '/(credentials|secrets)/'; then
+  BLOCKED=true
+  REASON="Credentials directory hoặc file"
+fi
+
+# Service account / GCP keys
+if echo "$BASENAME" | grep -qiE 'service[-_]account.*\.json$|gcp.*key.*\.json$|firebase.*key.*\.json$'; then
+  BLOCKED=true
+  REASON="Service account / cloud credentials"
+fi
+
+if [ "$BLOCKED" = true ]; then
+  echo "🔒 privacy-block: Blocked sensitive file read" >&2
+  echo "   File: $FILE_PATH" >&2
+  echo "   Lý do: $REASON" >&2
+  echo "   Nếu thực sự cần đọc file này, hãy confirm rõ ràng trong prompt." >&2
+  exit 2
+fi
+
+exit 0

package/.claude/hooks/progress-ping.sh

@@ -1,47 +1,53 @@
-#!/bin/bash
-# .claude/hooks/progress-ping.sh
-# Nhắc cập nhật progress file khi notification event xảy ra.
-# Non-blocking, informational only.
-# Được gọi bởi Notification hook.
-
-PROJECT_DIR="${CLAUDE_PROJECT_DIR:-$PWD}"
-
-# ── Tìm active tasks ──────────────────────────────────────────────────────────
-CONFIG_FILE="$PROJECT_DIR/config/dw.config.yml"
-[ ! -f "$CONFIG_FILE" ] && CONFIG_FILE="$PROJECT_DIR/config/dw.config.yml"
-
-TASKS_DIR="$PROJECT_DIR/.dw/tasks"
-
-# Đọc paths.tasks từ config nếu có
-if [ -f "$CONFIG_FILE" ]; then
-  CUSTOM_TASKS=$(grep -m1 "tasks:" "$CONFIG_FILE" 2>/dev/null \
-    | sed 's/.*:[[:space:]]*//' | tr -d '"' | tr -d "'" | tr -d '[:space:]' || true)
-  [ -n "$CUSTOM_TASKS" ] && TASKS_DIR="$PROJECT_DIR/$CUSTOM_TASKS"
-fi
-
-[ ! -d "$TASKS_DIR" ] && exit 0
-
-# ── Kiểm tra in-progress tasks ───────────────────────────────────────────────
-in_progress_tasks=()
-
-for task_dir in "$TASKS_DIR"/*/; do
-  [ -d "$task_dir" ] || continue
-  task_name=$(basename "$task_dir")
-  [ "$task_name" = "archive" ] && continue
-
-  progress_file="$task_dir/${task_name}-progress.md"
-  [ -f "$progress_file" ] || continue
-
-  # Kiểm tra status
-  if grep -q "Trạng thái: In Progress" "$progress_file" 2>/dev/null; then
-    in_progress_tasks+=("$task_name")
-  fi
-done
-
-# ── Chỉ remind nếu có active tasks ───────────────────────────────────────────
-if [ ${#in_progress_tasks[@]} -gt 0 ]; then
-  echo "📋 Active task(s): ${in_progress_tasks[*]}" >&2
-  echo "   Nhớ cập nhật progress file sau khi hoàn thành subtask." >&2
-fi
-
-exit 0
+#!/bin/bash
+# .claude/hooks/progress-ping.sh
+# Nhắc cập nhật progress file khi notification event xảy ra.
+# Non-blocking, informational only.
+# Được gọi bởi Notification hook.
+
+PROJECT_DIR="${CLAUDE_PROJECT_DIR:-$PWD}"
+
+# Telemetry (local, fire-and-forget)
+TELEMETRY_SCRIPT="$PROJECT_DIR/.claude/hooks/telemetry-log.sh"
+if [ -x "$TELEMETRY_SCRIPT" ] && [ "${DW_NO_TELEMETRY:-}" != "1" ]; then
+  "$TELEMETRY_SCRIPT" hook progress-ping >/dev/null 2>&1 || true
+fi
+
+# ── Tìm active tasks ──────────────────────────────────────────────────────────
+CONFIG_FILE="$PROJECT_DIR/config/dw.config.yml"
+[ ! -f "$CONFIG_FILE" ] && CONFIG_FILE="$PROJECT_DIR/config/dw.config.yml"
+
+TASKS_DIR="$PROJECT_DIR/.dw/tasks"
+
+# Đọc paths.tasks từ config nếu có
+if [ -f "$CONFIG_FILE" ]; then
+  CUSTOM_TASKS=$(grep -m1 "tasks:" "$CONFIG_FILE" 2>/dev/null \
+    | sed 's/.*:[[:space:]]*//' | tr -d '"' | tr -d "'" | tr -d '[:space:]' || true)
+  [ -n "$CUSTOM_TASKS" ] && TASKS_DIR="$PROJECT_DIR/$CUSTOM_TASKS"
+fi
+
+[ ! -d "$TASKS_DIR" ] && exit 0
+
+# ── Kiểm tra in-progress tasks ───────────────────────────────────────────────
+in_progress_tasks=()
+
+for task_dir in "$TASKS_DIR"/*/; do
+  [ -d "$task_dir" ] || continue
+  task_name=$(basename "$task_dir")
+  [ "$task_name" = "archive" ] && continue
+
+  progress_file="$task_dir/${task_name}-progress.md"
+  [ -f "$progress_file" ] || continue
+
+  # Kiểm tra status
+  if grep -q "Trạng thái: In Progress" "$progress_file" 2>/dev/null; then
+    in_progress_tasks+=("$task_name")
+  fi
+done
+
+# ── Chỉ remind nếu có active tasks ───────────────────────────────────────────
+if [ ${#in_progress_tasks[@]} -gt 0 ]; then
+  echo "📋 Active task(s): ${in_progress_tasks[*]}" >&2
+  echo "   Nhớ cập nhật progress file sau khi hoàn thành subtask." >&2
+fi
+
+exit 0