failproofai 0.0.2-beta.5 → 0.0.2-beta.7

package/.next/standalone/src/hooks/manager.ts

@@ -3,7 +3,7 @@
  */
 import { execSync } from "node:child_process";
 import { readFileSync, writeFileSync, existsSync, mkdirSync } from "node:fs";
-import { resolve, dirname } from "node:path";
+import { resolve, dirname, basename } from "node:path";
 import { homedir, platform, arch, release, hostname } from "node:os";
 import {
   HOOK_EVENT_TYPES,
@@ -15,10 +15,10 @@ import {
   type ClaudeSettings,
 } from "./types";
 import { promptPolicySelection } from "./install-prompt";
-import { readHooksConfig, writeHooksConfig, readMergedHooksConfig } from "./hooks-config";
+import { readMergedHooksConfig, readScopedHooksConfig, writeScopedHooksConfig } from "./hooks-config";
 import type { HooksConfig } from "./policy-types";
 import { BUILTIN_POLICIES } from "./builtin-policies";
-import { loadCustomHooks } from "./custom-hooks-loader";
+import { loadCustomHooks, discoverPolicyFiles } from "./custom-hooks-loader";
 import { trackHookEvent } from "./hook-telemetry";
 import { getInstanceId, hashToId } from "../../lib/telemetry-id";
 import { CliError } from "../cli-error";
@@ -203,7 +203,7 @@ export async function installHooks(
   const binaryPath = resolveFailproofaiBinary();
 
   // Capture existing config before overwriting (used for telemetry diff)
-  const previousConfig = readHooksConfig();
+  const previousConfig = readScopedHooksConfig(scope, cwd);
   const previousEnabled = new Set(previousConfig.enabledPolicies);
 
   let selectedPolicies: string[];
@@ -251,7 +251,7 @@ export async function installHooks(
       `\nValidated ${validatedHooks.length} custom hook(s): ${validatedHooks.map((h) => h.name).join(", ")}`,
     );
   }
-  writeHooksConfig(configToWrite);
+  writeScopedHooksConfig(configToWrite, scope, cwd);
   console.log(`\nEnabled ${selectedPolicies.length} policy(ies): ${selectedPolicies.join(", ")}`);
   if (removeCustomHooks) {
     console.log("Custom hooks path cleared.");
@@ -355,18 +355,21 @@ export async function installHooks(
  * @param opts.betaOnly — set to true when removing only beta policies (adds beta_only flag to telemetry)
  */
 export async function removeHooks(policyNames?: string[], scope: HookScope | "all" = "user", cwd?: string, opts?: { betaOnly?: boolean; source?: string; removeCustomHooks?: boolean }): Promise<void> {
+  // Resolve the effective config scope ("all" falls back to "user" for config reads/writes)
+  const configScope: HookScope = scope === "all" ? "user" : scope;
+
   // Clear custom hooks path if requested
   if (opts?.removeCustomHooks) {
-    const config = readHooksConfig();
+    const config = readScopedHooksConfig(configScope, cwd);
     delete config.customPoliciesPath;
-    writeHooksConfig(config);
+    writeScopedHooksConfig(config, configScope, cwd);
     console.log("Custom hooks path cleared.");
   }
 
   // Remove specific policies from config (keep hooks installed)
   if (policyNames && policyNames.length > 0 && !(policyNames.length === 1 && policyNames[0] === "all")) {
     validatePolicyNames(policyNames);
-    const config = readHooksConfig();
+    const config = readScopedHooksConfig(configScope, cwd);
     const removeSet = new Set(policyNames);
     const remaining = config.enabledPolicies.filter((p) => !removeSet.has(p));
     const notEnabled = policyNames.filter((p) => !config.enabledPolicies.includes(p));
@@ -382,7 +385,7 @@ export async function removeHooks(policyNames?: string[], scope: HookScope | "al
       enabledPolicies: remaining,
       ...(filteredParams && Object.keys(filteredParams).length > 0 ? { policyParams: filteredParams } : {}),
     };
-    writeHooksConfig(updatedConfig);
+    writeScopedHooksConfig(updatedConfig, configScope, cwd);
 
     // Telemetry: track policy-only removal from config
     try {
@@ -410,7 +413,7 @@ export async function removeHooks(policyNames?: string[], scope: HookScope | "al
   }
 
   // Capture enabled policies before clearing (used for accurate telemetry below)
-  const configBeforeRemoval = readHooksConfig();
+  const configBeforeRemoval = readScopedHooksConfig(configScope, cwd);
 
   // Remove all failproofai hooks from Claude Code settings
   const scopesToRemove: HookScope[] = scope === "all" ? [...HOOK_SCOPES] : [scope];
@@ -472,10 +475,19 @@ export async function removeHooks(policyNames?: string[], scope: HookScope | "al
   }
 
   // Clear policy config when removing from all scopes, or when no hooks remain in any scope
-  if (scope === "all" || !HOOK_SCOPES.some((s) => hooksInstalledInSettings(s, cwd))) {
-    const existingForClear = readHooksConfig();
-    const { customPoliciesPath: _drop, policyParams: _dropParams, ...restClear } = existingForClear;
-    writeHooksConfig({ ...restClear, enabledPolicies: [] });
+  if (scope === "all") {
+    // Clear config across all three scopes
+    for (const s of HOOK_SCOPES) {
+      const existing = readScopedHooksConfig(s, cwd);
+      if (existing.enabledPolicies.length > 0 || existing.customPoliciesPath || existing.policyParams) {
+        const { customPoliciesPath: _drop, policyParams: _dropParams, ...rest } = existing;
+        writeScopedHooksConfig({ ...rest, enabledPolicies: [] }, s, cwd);
+      }
+    }
+  } else if (!HOOK_SCOPES.some((s) => hooksInstalledInSettings(s, cwd))) {
+    const existing = readScopedHooksConfig(configScope, cwd);
+    const { customPoliciesPath: _drop, policyParams: _dropParams, ...rest } = existing;
+    writeScopedHooksConfig({ ...rest, enabledPolicies: [] }, configScope, cwd);
   }
 }
 
@@ -638,4 +650,35 @@ export async function listHooks(cwd?: string): Promise<void> {
     }
     console.log();
   }
+
+  // Convention Policies section (.failproofai/policies/*policies.{js,mjs,ts})
+  const base = cwd ? resolve(cwd) : process.cwd();
+  const conventionDirs: { label: string; dir: string }[] = [
+    { label: "Project", dir: resolve(base, ".failproofai", "policies") },
+    { label: "User", dir: resolve(homedir(), ".failproofai", "policies") },
+  ];
+
+  for (const { label, dir } of conventionDirs) {
+    const files = discoverPolicyFiles(dir);
+    if (files.length === 0) continue;
+
+    console.log(`\n  \u2500\u2500 Convention Policies \u2014 ${label} (${dir}) \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500`);
+    for (const file of files) {
+      try {
+        const hooks = await loadCustomHooks(file);
+        if (hooks.length === 0) {
+          const filename = basename(file);
+          console.log(`  \x1B[31m\u2717\x1B[0m       ${filename.padEnd(nameColWidth)}\x1B[31mfailed to load\x1B[0m`);
+        } else {
+          const filename = basename(file);
+          const hookSummary = hooks.map((h) => h.name).join(", ");
+          console.log(`  \x1B[32m\u2713\x1B[0m       ${filename.padEnd(nameColWidth)}${hooks.length} hook(s): ${hookSummary}`);
+        }
+      } catch {
+        const filename = basename(file);
+        console.log(`  \x1B[31m\u2717\x1B[0m       ${filename.padEnd(nameColWidth)}\x1B[31merror\x1B[0m`);
+      }
+    }
+    console.log();
+  }
 }

package/.next/standalone/src/hooks/policy-evaluator.ts

@@ -8,6 +8,14 @@ import { BUILTIN_POLICIES } from "./builtin-policies";
 import { getPoliciesForEvent } from "./policy-registry";
 import { hookLogInfo, hookLogWarn } from "./hook-logger";
 
+function appendHint(baseReason: string, hint: unknown): string {
+  const base = baseReason.trim();
+  const normalizedHint = typeof hint === "string" ? hint.trim() : "";
+  if (!normalizedHint) return base;
+  if (!base) return normalizedHint;
+  return `${base}. ${normalizedHint}`;
+}
+
 export interface EvaluationResult {
   exitCode: number;
   stdout: string;
@@ -80,7 +88,10 @@ export async function evaluatePolicies(
     }
 
     if (result.decision === "deny") {
-      const reason = result.reason ?? `Blocked by policy: ${policy.name}`;
+      const reason = appendHint(
+        result.reason ?? `Blocked by policy: ${policy.name}`,
+        config?.policyParams?.[policy.name]?.hint,
+      );
       hookLogInfo(`deny by "${policy.name}": ${reason}`);
 
       const displayTool = ctx.toolName ?? "unknown tool";
@@ -134,7 +145,10 @@ export async function evaluatePolicies(
     // Accumulate first instruct (does not short-circuit — later policies can still deny)
     if (result.decision === "instruct" && !instructPolicyName) {
       instructPolicyName = policy.name;
-      instructReason = result.reason ?? `Instruction from policy: ${policy.name}`;
+      instructReason = appendHint(
+        result.reason ?? `Instruction from policy: ${policy.name}`,
+        config?.policyParams?.[policy.name]?.hint,
+      );
       hookLogInfo(`instruct by "${policy.name}": ${instructReason}`);
     }
 

package/README.md

@@ -13,7 +13,7 @@
 [![npm](https://img.shields.io/npm/v/failproofai?style=flat-square&color=CB3837)](https://www.npmjs.com/package/failproofai)
 [![License](https://img.shields.io/badge/license-MIT%20%2B%20Commons%20Clause-blue?style=flat-square)](LICENSE)
 [![CI](https://img.shields.io/github/actions/workflow/status/exospherehost/failproofai/ci.yml?branch=main&style=flat-square&label=CI)](https://github.com/exospherehost/failproofai/actions)
-[![Discord](https://img.shields.io/discord/1234567890?style=flat-square&label=Discord&color=5865F2)](https://discord.com/invite/zT92CAgvkj)
+[![Slack](https://img.shields.io/badge/Slack-join%20us-4A154B?style=flat-square&logo=slack)](https://join.slack.com/t/failproofai/shared_invite/zt-3v63b7k5e-O3NBHmj8X6n9gZSGDx6ggQ)
 
 The easiest way to manage policies that keep your AI agents reliable, on-task, and running autonomously - for **Claude Code** & the **Agents SDK**.
 
@@ -111,10 +111,12 @@ Policy configuration lives in `~/.failproofai/policies-config.json` (global) or
   ],
   "policyParams": {
     "block-sudo": {
-      "allowPatterns": ["sudo systemctl status", "sudo journalctl"]
+      "allowPatterns": ["sudo systemctl status", "sudo journalctl"],
+      "hint": "Use apt-get directly without sudo."
     },
     "block-push-master": {
-      "protectedBranches": ["main", "release", "prod"]
+      "protectedBranches": ["main", "release", "prod"],
+      "hint": "Try creating a fresh branch instead."
     },
     "sanitize-api-keys": {
       "additionalPatterns": [
@@ -216,6 +218,21 @@ failproofai policies --install --custom ./my-policies.js
 
 Custom hooks support transitive local imports, async/await, and access to `process.env`. Errors are fail-open (logged to `~/.failproofai/hook.log`, built-in policies continue). See [docs/custom-hooks.mdx](docs/custom-hooks.mdx) for the full guide.
 
+### Convention-based policies (v0.0.2-beta.7+)
+
+Drop `*policies.{js,mjs,ts}` files into `.failproofai/policies/` and they're automatically loaded — no `--custom` flag or config changes needed. Works like git hooks: drop a file, it just works.
+
+```text
+# Project level — committed to git, shared with the team
+.failproofai/policies/security-policies.mjs
+.failproofai/policies/workflow-policies.mjs
+
+# User level — personal, applies to all projects
+~/.failproofai/policies/my-policies.mjs
+```
+
+Both levels load (union). Files are loaded alphabetically within each directory. Prefix with `01-`, `02-`, etc. to control order. See [examples/convention-policies/](examples/convention-policies/) for ready-to-use examples.
+
 ---
 
 ## Telemetry

package/bin/failproofai.mjs

@@ -97,6 +97,11 @@ COMMANDS
   --version, -v                  Print version and exit
   --help, -h                     Show this help message
 
+CONVENTION POLICIES
+  Drop *policies.{js,mjs,ts} files into .failproofai/policies/ for auto-loading.
+  Works at project level (.failproofai/policies/) and user level (~/.failproofai/policies/).
+  No --custom flag or config changes needed — just drop files and they're picked up.
+
 EXAMPLES
   failproofai policies
   failproofai policies --install