gramatr 0.3.0

package/hooks/GMTRRatingCapture.hook.ts

@@ -0,0 +1,198 @@
+#!/usr/bin/env node
+/**
+ * GMTRRatingCapture.hook.ts — gramatr-native Rating Capture (UserPromptSubmit)
+ *
+ * Captures explicit ratings (1-10 pattern) from user prompts and writes
+ * to $GMTR_DIR/.state/ratings.jsonl for sparkline consumption.
+ *
+ * TRIGGER: UserPromptSubmit
+ *
+ * This is the gramatr-native replacement for PAI's RatingCapture.hook.ts.
+ * Key differences:
+ * - No Haiku inference for implicit sentiment (server-side via GMTR later)
+ * - No PAI MEMORY directory writes — uses gramatr .state/ directory
+ * - No PAI lib dependencies (inference, identity, learning-utils, etc.)
+ * - Self-contained: only depends on ./lib/paths
+ *
+ * SIDE EFFECTS:
+ * - Writes to: $GMTR_DIR/.state/ratings.jsonl
+ * - macOS notification for low ratings (<= 3)
+ *
+ * PERFORMANCE:
+ * - Explicit rating path: <10ms (regex only, no inference)
+ * - No-match path: <5ms (exits immediately)
+ */
+
+import { appendFileSync, mkdirSync, existsSync } from 'fs';
+import { join, dirname } from 'path';
+import { getGmtrDir } from './lib/paths';
+
+// ── Types ──
+
+interface HookInput {
+  session_id: string;
+  prompt?: string;
+  user_prompt?: string;
+  transcript_path: string;
+  hook_event_name: string;
+}
+
+interface RatingEntry {
+  timestamp: string;
+  rating: number;
+  session_id: string;
+  client_type?: string;
+  agent_name?: string;
+  comment?: string;
+  source?: 'implicit';
+  sentiment_summary?: string;
+  confidence?: number;
+}
+
+// ── Constants ──
+
+const BASE_DIR = getGmtrDir();
+const STATE_DIR = join(BASE_DIR, '.state');
+const RATINGS_FILE = join(STATE_DIR, 'ratings.jsonl');
+
+// ── Stdin Reader ──
+
+async function readStdinWithTimeout(timeout: number = 3000): Promise<string> {
+  return new Promise((resolve, reject) => {
+    let data = '';
+    const timer = setTimeout(() => reject(new Error('Timeout')), timeout);
+    process.stdin.on('data', (chunk) => { data += chunk.toString(); });
+    process.stdin.on('end', () => { clearTimeout(timer); resolve(data); });
+    process.stdin.on('error', (err) => { clearTimeout(timer); reject(err); });
+  });
+}
+
+// ── Explicit Rating Detection ──
+
+/**
+ * Parse explicit rating pattern from prompt.
+ * Matches: "7", "8 - good work", "6: needs work", "9 excellent", "10!"
+ * Rejects: "3 items", "5 things to fix", "7th thing"
+ */
+function parseExplicitRating(prompt: string): { rating: number; comment?: string } | null {
+  const trimmed = prompt.trim();
+  const ratingPattern = /^(10|[1-9])(?:\s*[-:]\s*|\s+)?(.*)$/;
+  const match = trimmed.match(ratingPattern);
+  if (!match) return null;
+
+  const rating = parseInt(match[1], 10);
+  const comment = match[2]?.trim() || undefined;
+
+  if (rating < 1 || rating > 10) return null;
+
+  // Reject if comment starts with words indicating a sentence, not a rating
+  if (comment) {
+    const sentenceStarters = /^(items?|things?|steps?|files?|lines?|bugs?|issues?|errors?|times?|minutes?|hours?|days?|seconds?|percent|%|th\b|st\b|nd\b|rd\b|of\b|in\b|at\b|to\b|the\b|a\b|an\b)/i;
+    if (sentenceStarters.test(comment)) return null;
+  }
+
+  return { rating, comment };
+}
+
+// ── Write Rating ──
+
+function writeRating(entry: RatingEntry): void {
+  if (!existsSync(STATE_DIR)) mkdirSync(STATE_DIR, { recursive: true });
+  appendFileSync(RATINGS_FILE, JSON.stringify(entry) + '\n', 'utf-8');
+  console.error(`[GMTRRatingCapture] Wrote rating ${entry.rating} to ${RATINGS_FILE}`);
+}
+
+// ── Push to GMTR Server (fire-and-forget) ──
+
+function pushToServer(entry: RatingEntry): void {
+  const gmtrUrl = process.env.GMTR_URL || 'https://api.gramatr.com/mcp';
+  const apiBase = gmtrUrl.replace(/\/mcp$/, '/api/v1');
+
+  fetch(`${apiBase}/feedback`, {
+    method: 'POST',
+    headers: { 'Content-Type': 'application/json' },
+    body: JSON.stringify({
+      feedback_type: 'rating',
+      rating: entry.rating,
+      task_description: entry.comment || `Session rating ${entry.rating}/10`,
+      session_id: entry.session_id,
+      client_type: entry.client_type || 'claude_code',
+      agent_name: entry.agent_name || 'Claude Code',
+    }),
+    signal: AbortSignal.timeout(5000),
+  })
+    .then((res) => {
+      if (res.ok) {
+        console.error(`[GMTRRatingCapture] Pushed rating ${entry.rating} to server`);
+      } else {
+        console.error(`[GMTRRatingCapture] Server push failed: HTTP ${res.status}`);
+      }
+    })
+    .catch(() => {
+      // Server push is best-effort — don't block on failure
+    });
+}
+
+// ── Notify (macOS native — fire and forget) ──
+
+function notifyLowRating(rating: number, comment?: string): void {
+  try {
+    const msg = comment
+      ? `Rating ${rating}/10: ${comment}`
+      : `Rating ${rating}/10 received`;
+    const { spawn } = require('child_process');
+    spawn('osascript', ['-e', `display notification "${msg}" with title "gramatr" subtitle "Low Rating Alert"`], {
+      stdio: 'ignore',
+      detached: true,
+    }).unref();
+  } catch {
+    // Notification is best-effort
+  }
+}
+
+// ── Main ──
+
+async function main() {
+  try {
+    const input = await readStdinWithTimeout();
+    const data: HookInput = JSON.parse(input);
+    const prompt = data.prompt || data.user_prompt || '';
+
+    if (!prompt || prompt.trim().length < 1) {
+      process.exit(0);
+    }
+
+    const result = parseExplicitRating(prompt);
+    if (!result) {
+      // No explicit rating detected — exit silently
+      // Implicit sentiment analysis will be handled server-side via GMTR later
+      process.exit(0);
+    }
+
+    console.error(`[GMTRRatingCapture] Explicit rating: ${result.rating}${result.comment ? ` - ${result.comment}` : ''}`);
+
+    const entry: RatingEntry = {
+      timestamp: new Date().toISOString(),
+      rating: result.rating,
+      session_id: data.session_id,
+      client_type: 'claude_code',
+      agent_name: 'Claude Code',
+    };
+    if (result.comment) entry.comment = result.comment;
+
+    writeRating(entry);
+    pushToServer(entry);
+
+    // Alert on critically low ratings
+    if (result.rating <= 3) {
+      notifyLowRating(result.rating, result.comment);
+    }
+
+    process.exit(0);
+  } catch (err) {
+    console.error(`[GMTRRatingCapture] Error: ${err}`);
+    process.exit(0);
+  }
+}
+
+main();

package/hooks/GMTRSecurityValidator.hook.ts

@@ -0,0 +1,399 @@
+#!/usr/bin/env node
+/**
+ * GMTRSecurityValidator.hook.ts — gramatr-native Security Validation (PreToolUse)
+ *
+ * Validates Bash commands and file operations against security patterns
+ * before execution. Prevents destructive operations and protects sensitive files.
+ *
+ * TRIGGER: PreToolUse (matcher: Bash, Edit, Write, Read)
+ *
+ * This is the gramatr-native replacement for PAI's SecurityValidator.hook.ts.
+ * Key differences:
+ * - Inline default patterns (no yaml dependency, no PAI skill dir)
+ * - Logs to $GMTR_DIR/.state/security/ (not PAI MEMORY/SECURITY/)
+ * - Self-contained: only depends on ./lib/paths
+ *
+ * OUTPUT:
+ * - stdout: JSON decision: {"continue": true} | {"decision": "ask", "message": "..."}
+ * - exit(0): Normal completion
+ * - exit(2): Hard block (catastrophic operation prevented)
+ *
+ * PERFORMANCE: <10ms blocking
+ */
+
+import { writeFileSync, mkdirSync, existsSync } from 'fs';
+import { join } from 'path';
+import { homedir } from 'os';
+import { getGmtrDir } from './lib/paths';
+
+// ── Types ──
+
+interface HookInput {
+  session_id: string;
+  tool_name: string;
+  tool_input: Record<string, unknown> | string;
+}
+
+interface Pattern {
+  pattern: string;
+  reason: string;
+}
+
+interface SecurityEvent {
+  timestamp: string;
+  session_id: string;
+  event_type: 'block' | 'confirm' | 'alert' | 'allow';
+  tool: string;
+  category: 'bash_command' | 'path_access';
+  target: string;
+  reason?: string;
+  action_taken: string;
+}
+
+// ── Inline Security Patterns (no yaml dependency) ──
+
+const BLOCKED_COMMANDS: Pattern[] = [
+  { pattern: 'rm\\s+-rf\\s+/', reason: 'Recursive delete from root' },
+  { pattern: 'rm\\s+-rf\\s+~', reason: 'Recursive delete from home' },
+  { pattern: 'rm\\s+-rf\\s+\\$HOME', reason: 'Recursive delete from home' },
+  { pattern: 'rm\\s+-rf\\s+\\*', reason: 'Recursive delete wildcard' },
+  { pattern: 'mkfs\\.', reason: 'Filesystem format' },
+  { pattern: 'dd\\s+if=.*of=/dev/', reason: 'Direct disk write' },
+  { pattern: ':\\(\\)\\{\\s*:\\|:\\s*&\\s*\\}\\s*;\\s*:', reason: 'Fork bomb' },
+  { pattern: '>\\/dev\\/sd[a-z]', reason: 'Direct block device write' },
+  { pattern: 'chmod\\s+-R\\s+777\\s+/', reason: 'Recursive world-writable from root' },
+  { pattern: 'chown\\s+-R.*\\s+/', reason: 'Recursive ownership change from root' },
+];
+
+const CONFIRM_COMMANDS: Pattern[] = [
+  { pattern: 'git\\s+push\\s+--force', reason: 'Force push — may overwrite remote history' },
+  { pattern: 'git\\s+push\\s+-f\\b', reason: 'Force push — may overwrite remote history' },
+  { pattern: 'git\\s+reset\\s+--hard', reason: 'Hard reset — discards uncommitted changes' },
+  { pattern: 'git\\s+clean\\s+-fd', reason: 'Clean untracked files' },
+  { pattern: 'git\\s+checkout\\s+--\\s+\\.', reason: 'Discard all working directory changes' },
+  { pattern: 'npm\\s+publish', reason: 'Publishing package to registry' },
+  { pattern: 'docker\\s+system\\s+prune', reason: 'Docker prune — removes stopped containers and images' },
+  { pattern: 'kubectl\\s+delete', reason: 'Kubernetes resource deletion' },
+  { pattern: 'DROP\\s+(TABLE|DATABASE|INDEX)', reason: 'Database drop operation' },
+  { pattern: 'TRUNCATE\\s+TABLE', reason: 'Database truncate operation' },
+];
+
+const ALERT_COMMANDS: Pattern[] = [
+  { pattern: '^sudo\\s+', reason: 'Elevated privileges' },
+  { pattern: 'curl.*\\|.*sh', reason: 'Piping curl to shell' },
+  { pattern: 'wget.*\\|.*sh', reason: 'Piping wget to shell' },
+  { pattern: 'eval\\s+', reason: 'Eval execution' },
+];
+
+// Path patterns
+const ZERO_ACCESS_PATHS = [
+  '~/.ssh',
+  '~/.gnupg',
+  '~/.aws/credentials',
+  '~/.config/gcloud/credentials.db',
+  '~/.netrc',
+  '/etc/shadow',
+  '/etc/sudoers',
+];
+
+const READ_ONLY_PATHS = [
+  '/etc/passwd',
+  '/etc/hosts',
+  '~/.bashrc',
+  '~/.zshrc',
+  '~/.profile',
+];
+
+const CONFIRM_WRITE_PATHS = [
+  '~/.claude/settings.json',
+  '~/.gitconfig',
+  '~/.npmrc',
+];
+
+const NO_DELETE_PATHS = [
+  '~/.claude',
+  '~/.ssh',
+  '~/.gnupg',
+];
+
+// ── Security Event Logging ──
+
+const BASE_DIR = getGmtrDir();
+const SECURITY_DIR = join(BASE_DIR, '.state', 'security');
+
+function logSecurityEvent(event: SecurityEvent): void {
+  try {
+    if (!existsSync(SECURITY_DIR)) {
+      mkdirSync(SECURITY_DIR, { recursive: true });
+    }
+
+    const now = new Date();
+    const dateStr = now.toISOString().replace(/[:.]/g, '-').slice(0, 19);
+    const filename = `${event.event_type}-${dateStr}.json`;
+    const logPath = join(SECURITY_DIR, filename);
+
+    writeFileSync(logPath, JSON.stringify(event, null, 2));
+  } catch {
+    // Logging failure should not block operations
+  }
+}
+
+// ── Command Normalization ──
+
+function stripEnvVarPrefix(command: string): string {
+  return command.replace(
+    /^\s*(?:[A-Za-z_][A-Za-z0-9_]*=(?:"[^"]*"|'[^']*'|[^\s]*)\s+)*/,
+    ''
+  );
+}
+
+// ── Pattern Matching ──
+
+function matchesPattern(command: string, pattern: string): boolean {
+  try {
+    const regex = new RegExp(pattern, 'i');
+    return regex.test(command);
+  } catch {
+    return command.toLowerCase().includes(pattern.toLowerCase());
+  }
+}
+
+function expandPath(path: string): string {
+  if (path.startsWith('~')) {
+    return path.replace('~', homedir());
+  }
+  return path;
+}
+
+function matchesPathPattern(filePath: string, pattern: string): boolean {
+  const expandedPattern = expandPath(pattern);
+  const expandedPath = expandPath(filePath);
+
+  return expandedPath === expandedPattern ||
+         expandedPath.startsWith(expandedPattern.endsWith('/') ? expandedPattern : expandedPattern + '/');
+}
+
+// ── Validation ──
+
+function validateBashCommand(command: string): { action: 'allow' | 'block' | 'confirm' | 'alert'; reason?: string } {
+  for (const p of BLOCKED_COMMANDS) {
+    if (matchesPattern(command, p.pattern)) {
+      return { action: 'block', reason: p.reason };
+    }
+  }
+  for (const p of CONFIRM_COMMANDS) {
+    if (matchesPattern(command, p.pattern)) {
+      return { action: 'confirm', reason: p.reason };
+    }
+  }
+  for (const p of ALERT_COMMANDS) {
+    if (matchesPattern(command, p.pattern)) {
+      return { action: 'alert', reason: p.reason };
+    }
+  }
+  return { action: 'allow' };
+}
+
+type PathAction = 'read' | 'write' | 'delete';
+
+function validatePath(filePath: string, action: PathAction): { action: 'allow' | 'block' | 'confirm'; reason?: string } {
+  for (const p of ZERO_ACCESS_PATHS) {
+    if (matchesPathPattern(filePath, p)) {
+      return { action: 'block', reason: `Zero access path: ${p}` };
+    }
+  }
+
+  if (action === 'write' || action === 'delete') {
+    for (const p of READ_ONLY_PATHS) {
+      if (matchesPathPattern(filePath, p)) {
+        return { action: 'block', reason: `Read-only path: ${p}` };
+      }
+    }
+  }
+
+  if (action === 'write') {
+    for (const p of CONFIRM_WRITE_PATHS) {
+      if (matchesPathPattern(filePath, p)) {
+        return { action: 'confirm', reason: `Writing to protected file: ${p}` };
+      }
+    }
+  }
+
+  if (action === 'delete') {
+    for (const p of NO_DELETE_PATHS) {
+      if (matchesPathPattern(filePath, p)) {
+        return { action: 'block', reason: `Cannot delete protected path: ${p}` };
+      }
+    }
+  }
+
+  return { action: 'allow' };
+}
+
+// ── Tool Handlers ──
+
+function handleBash(input: HookInput): void {
+  const rawCommand = typeof input.tool_input === 'string'
+    ? input.tool_input
+    : (input.tool_input?.command as string) || '';
+
+  if (!rawCommand) {
+    console.log(JSON.stringify({ continue: true }));
+    return;
+  }
+
+  const command = stripEnvVarPrefix(rawCommand);
+  const result = validateBashCommand(command);
+
+  switch (result.action) {
+    case 'block':
+      logSecurityEvent({
+        timestamp: new Date().toISOString(),
+        session_id: input.session_id,
+        event_type: 'block',
+        tool: 'Bash',
+        category: 'bash_command',
+        target: command.slice(0, 500),
+        reason: result.reason,
+        action_taken: 'Hard block - exit 2',
+      });
+      console.error(`[GMTR SECURITY] BLOCKED: ${result.reason}`);
+      process.exit(2);
+      break;
+
+    case 'confirm':
+      logSecurityEvent({
+        timestamp: new Date().toISOString(),
+        session_id: input.session_id,
+        event_type: 'confirm',
+        tool: 'Bash',
+        category: 'bash_command',
+        target: command.slice(0, 500),
+        reason: result.reason,
+        action_taken: 'Prompted user for confirmation',
+      });
+      console.log(JSON.stringify({
+        decision: 'ask',
+        message: `[GMTR SECURITY] ${result.reason}\n\nCommand: ${command.slice(0, 200)}\n\nProceed?`,
+      }));
+      break;
+
+    case 'alert':
+      logSecurityEvent({
+        timestamp: new Date().toISOString(),
+        session_id: input.session_id,
+        event_type: 'alert',
+        tool: 'Bash',
+        category: 'bash_command',
+        target: command.slice(0, 500),
+        reason: result.reason,
+        action_taken: 'Logged alert, allowed execution',
+      });
+      console.error(`[GMTR SECURITY] ALERT: ${result.reason}`);
+      console.log(JSON.stringify({ continue: true }));
+      break;
+
+    default:
+      console.log(JSON.stringify({ continue: true }));
+  }
+}
+
+function handlePathTool(input: HookInput, action: PathAction): void {
+  const filePath = typeof input.tool_input === 'string'
+    ? input.tool_input
+    : (input.tool_input?.file_path as string) || '';
+
+  if (!filePath) {
+    console.log(JSON.stringify({ continue: true }));
+    return;
+  }
+
+  const result = validatePath(filePath, action);
+
+  switch (result.action) {
+    case 'block':
+      logSecurityEvent({
+        timestamp: new Date().toISOString(),
+        session_id: input.session_id,
+        event_type: 'block',
+        tool: input.tool_name,
+        category: 'path_access',
+        target: filePath,
+        reason: result.reason,
+        action_taken: 'Hard block - exit 2',
+      });
+      console.error(`[GMTR SECURITY] BLOCKED: ${result.reason}`);
+      process.exit(2);
+      break;
+
+    case 'confirm':
+      logSecurityEvent({
+        timestamp: new Date().toISOString(),
+        session_id: input.session_id,
+        event_type: 'confirm',
+        tool: input.tool_name,
+        category: 'path_access',
+        target: filePath,
+        reason: result.reason,
+        action_taken: 'Prompted user for confirmation',
+      });
+      console.log(JSON.stringify({
+        decision: 'ask',
+        message: `[GMTR SECURITY] ${result.reason}\n\nPath: ${filePath}\n\nProceed?`,
+      }));
+      break;
+
+    default:
+      console.log(JSON.stringify({ continue: true }));
+  }
+}
+
+// ── Main ──
+
+async function main(): Promise<void> {
+  let input: HookInput;
+
+  try {
+    const chunks: Buffer[] = [];
+    await new Promise<void>((resolve) => {
+      const timeout = setTimeout(() => { process.stdin.destroy(); resolve(); }, 200);
+      process.stdin.on('data', (chunk: Buffer) => chunks.push(chunk));
+      process.stdin.on('end', () => { clearTimeout(timeout); resolve(); });
+      process.stdin.on('error', () => { clearTimeout(timeout); resolve(); });
+      process.stdin.resume();
+    });
+    const raw = Buffer.concat(chunks).toString('utf8');
+
+    if (!raw.trim()) {
+      console.log(JSON.stringify({ continue: true }));
+      return;
+    }
+
+    input = JSON.parse(raw);
+  } catch {
+    console.log(JSON.stringify({ continue: true }));
+    return;
+  }
+
+  switch (input.tool_name) {
+    case 'Bash':
+      handleBash(input);
+      break;
+    case 'Edit':
+    case 'MultiEdit':
+      handlePathTool(input, 'write');
+      break;
+    case 'Write':
+      handlePathTool(input, 'write');
+      break;
+    case 'Read':
+      handlePathTool(input, 'read');
+      break;
+    default:
+      console.log(JSON.stringify({ continue: true }));
+  }
+}
+
+main().catch(() => {
+  console.log(JSON.stringify({ continue: true }));
+});