great-cto 2.3.4 → 2.5.0

package/dist/serve.js

@@ -0,0 +1,289 @@
+// great-cto serve — webhook receiver with HMAC verification, retry, DLQ.
+// v2.5.0 production-grade upgrade.
+//
+// Incoming endpoints:
+//   POST /webhook/github      GitHub events with X-Hub-Signature-256 verification
+//   POST /webhook/sentry      Sentry alerts (HMAC via X-Sentry-Signature-256)
+//   POST /webhook/generic     Generic JSON, optional shared-secret verification
+//   GET  /events              Recent event log (last 50)
+//   GET  /healthz             Liveness probe
+//   GET  /dlq                 Recent dead-lettered outbound deliveries
+//
+// HMAC verification is REQUIRED unless GREATCTO_WEBHOOK_INSECURE=1 is set
+// (intended only for local dev). Configure secrets via:
+//   great-cto webhook add-incoming github --secret <hmac-secret>
+//
+// Outbound dispatch fires automatically on certain incoming events:
+//   github.pull_request.opened    → "pr.opened" event
+//   github.issues.opened          → "issue.opened" event
+//   sentry.event_alert            → "incident.p0" event (severity-mapped)
+// Each registered outgoing hook listens to a subset via its triggers list.
+import { appendFileSync, existsSync, mkdirSync, readFileSync } from "node:fs";
+import { createHmac, timingSafeEqual } from "node:crypto";
+import { createServer } from "node:http";
+import { homedir } from "node:os";
+import { join } from "node:path";
+import { dispatch, getDlqPath } from "./webhook-dispatch.js";
+import { getIncoming } from "./webhook-config.js";
+const EVENTS_LOG = join(homedir(), ".great_cto", "webhook-events.log");
+function logEvent(ev, noLog) {
+    if (noLog)
+        return;
+    try {
+        const dir = join(homedir(), ".great_cto");
+        if (!existsSync(dir))
+            mkdirSync(dir, { recursive: true });
+        appendFileSync(EVENTS_LOG, JSON.stringify(ev) + "\n");
+    }
+    catch (e) {
+        process.stderr.write(`serve: failed to log event: ${e.message}\n`);
+    }
+}
+function readBody(req) {
+    return new Promise((resolve, reject) => {
+        const chunks = [];
+        req.on("data", chunk => chunks.push(Buffer.from(chunk)));
+        req.on("end", () => resolve(Buffer.concat(chunks)));
+        req.on("error", reject);
+    });
+}
+function json(res, status, body) {
+    res.writeHead(status, { "Content-Type": "application/json" });
+    res.end(JSON.stringify(body));
+}
+// ── HMAC verification ──────────────────────────────────────────────────────
+/**
+ * Constant-time HMAC-SHA256 verification. Returns true if signatures match.
+ * GitHub format:    "sha256=<hex>"
+ * Sentry format:    "<hex>" (just the digest)
+ * Generic format:   either accepted
+ */
+function verifyHmac(secret, body, headerValue) {
+    if (!headerValue)
+        return false;
+    // Strip "sha256=" prefix if present
+    const expected = headerValue.startsWith("sha256=") ? headerValue.slice(7) : headerValue;
+    const computed = createHmac("sha256", secret).update(body).digest("hex");
+    if (expected.length !== computed.length)
+        return false;
+    try {
+        return timingSafeEqual(Buffer.from(expected, "hex"), Buffer.from(computed, "hex"));
+    }
+    catch {
+        return false;
+    }
+}
+// ── Endpoint handlers ──────────────────────────────────────────────────────
+async function handleGitHub(req, res, args) {
+    const body = await readBody(req);
+    const eventType = req.headers["x-github-event"] ?? "unknown";
+    const deliveryId = req.headers["x-github-delivery"] ?? "no-id";
+    const signature = req.headers["x-hub-signature-256"];
+    // HMAC verification
+    if (!args.insecure) {
+        const cfg = getIncoming("github");
+        if (!cfg?.secret) {
+            json(res, 401, {
+                error: "github webhook not configured",
+                hint: "run: great-cto webhook add-incoming github --secret <hmac-secret>",
+            });
+            return;
+        }
+        if (!verifyHmac(cfg.secret, body, signature)) {
+            json(res, 401, { error: "invalid signature" });
+            return;
+        }
+    }
+    let payload;
+    try {
+        payload = JSON.parse(body.toString("utf8"));
+    }
+    catch {
+        json(res, 400, { error: "invalid JSON" });
+        return;
+    }
+    const action = payload.action ?? "?";
+    const summary = eventType === "pull_request"
+        ? `${action} PR #${payload.number ?? "?"} in ${payload.repository?.full_name ?? "?"}`
+        : eventType === "issues"
+            ? `${action} issue #${payload.issue?.number ?? "?"} in ${payload.repository?.full_name ?? "?"}`
+            : `${eventType} delivery=${deliveryId}`;
+    // Outbound dispatch — map GitHub events to internal trigger names
+    let outboundFired = 0;
+    if (eventType === "pull_request" && action === "opened") {
+        outboundFired = dispatch({
+            name: "pr.opened",
+            level: "info",
+            title: `PR opened: #${payload.number} in ${payload.repository?.full_name}`,
+            body: payload.pull_request?.title ?? "",
+            meta: { url: payload.pull_request?.html_url, author: payload.sender?.login },
+        }).fired;
+    }
+    else if (eventType === "issues" && action === "opened") {
+        outboundFired = dispatch({
+            name: "issue.opened",
+            level: "info",
+            title: `Issue opened: #${payload.issue.number} in ${payload.repository?.full_name}`,
+            body: payload.issue?.title ?? "",
+            meta: { url: payload.issue?.html_url, author: payload.sender?.login },
+        }).fired;
+    }
+    logEvent({
+        ts: new Date().toISOString(),
+        source: "github",
+        event_type: eventType,
+        summary,
+        action_taken: outboundFired > 0 ? `dispatched to ${outboundFired} outbound hook(s)` : "logged",
+        meta: { delivery_id: deliveryId, pr_number: payload.number, action: payload.action },
+    }, args.noLog);
+    json(res, 200, { ok: true, event_type: eventType, dispatched_to: outboundFired });
+}
+async function handleSentry(req, res, args) {
+    const body = await readBody(req);
+    const signature = req.headers["x-sentry-signature-256"];
+    if (!args.insecure) {
+        const cfg = getIncoming("sentry");
+        if (!cfg?.secret) {
+            json(res, 401, { error: "sentry webhook not configured" });
+            return;
+        }
+        if (!verifyHmac(cfg.secret, body, signature)) {
+            json(res, 401, { error: "invalid signature" });
+            return;
+        }
+    }
+    let payload;
+    try {
+        payload = JSON.parse(body.toString("utf8"));
+    }
+    catch {
+        json(res, 400, { error: "invalid JSON" });
+        return;
+    }
+    // Sentry events typically include event.level: 'fatal' | 'error' | 'warning'
+    const level = payload?.event?.level ?? payload?.level ?? "warning";
+    const title = payload?.event?.title ?? payload?.title ?? "Sentry alert";
+    const isP0 = level === "fatal" || level === "critical";
+    const fired = dispatch({
+        name: isP0 ? "incident.p0" : "incident.alert",
+        level: isP0 ? "critical" : "error",
+        title,
+        body: payload?.event?.metadata?.value ?? "",
+        meta: { url: payload?.url, project: payload?.project_slug },
+    }).fired;
+    logEvent({
+        ts: new Date().toISOString(),
+        source: "sentry",
+        event_type: isP0 ? "p0" : "alert",
+        summary: title,
+        action_taken: `dispatched to ${fired} outbound hook(s)`,
+        meta: { level, url: payload?.url },
+    }, args.noLog);
+    json(res, 200, { ok: true, dispatched_to: fired });
+}
+async function handleGeneric(req, res, args) {
+    const body = await readBody(req);
+    const signature = req.headers["x-greatcto-signature-256"];
+    if (!args.insecure) {
+        const cfg = getIncoming("generic");
+        if (cfg?.secret && !verifyHmac(cfg.secret, body, signature)) {
+            json(res, 401, { error: "invalid signature" });
+            return;
+        }
+    }
+    let payload = body.toString("utf8");
+    try {
+        payload = JSON.parse(payload);
+    }
+    catch {
+        /* keep as raw string */
+    }
+    const ev = {
+        ts: new Date().toISOString(),
+        source: "generic",
+        event_type: "incoming",
+        summary: `payload ${body.length} bytes`,
+        action_taken: "logged",
+        meta: { payload_preview: String(body.toString("utf8")).slice(0, 200) },
+    };
+    logEvent(ev, args.noLog);
+    json(res, 200, { ok: true, recorded: true });
+}
+function handleEvents(_req, res) {
+    if (!existsSync(EVENTS_LOG)) {
+        json(res, 200, { events: [] });
+        return;
+    }
+    const lines = readFileSync(EVENTS_LOG, "utf8")
+        .split("\n")
+        .filter(Boolean)
+        .slice(-50);
+    const events = lines
+        .map(l => { try {
+        return JSON.parse(l);
+    }
+    catch {
+        return null;
+    } })
+        .filter(Boolean);
+    json(res, 200, { events });
+}
+function handleDlq(_req, res) {
+    const dlq = getDlqPath();
+    if (!existsSync(dlq)) {
+        json(res, 200, { dlq: [] });
+        return;
+    }
+    const lines = readFileSync(dlq, "utf8").split("\n").filter(Boolean).slice(-50);
+    const events = lines
+        .map(l => { try {
+        return JSON.parse(l);
+    }
+    catch {
+        return null;
+    } })
+        .filter(Boolean);
+    json(res, 200, { dlq: events });
+}
+// ── Main entry ─────────────────────────────────────────────────────────────
+export async function runServe(args) {
+    const insecure = args.insecure ?? process.env.GREATCTO_WEBHOOK_INSECURE === "1";
+    const finalArgs = { ...args, insecure };
+    const server = createServer(async (req, res) => {
+        const url = new URL(req.url ?? "/", `http://localhost:${args.port}`);
+        const path = url.pathname;
+        if (req.method === "GET" && path === "/healthz") {
+            return json(res, 200, { ok: true, service: "great-cto serve", insecure });
+        }
+        if (req.method === "GET" && path === "/events") {
+            return handleEvents(req, res);
+        }
+        if (req.method === "GET" && path === "/dlq") {
+            return handleDlq(req, res);
+        }
+        if (req.method === "POST" && path === "/webhook/github") {
+            return handleGitHub(req, res, finalArgs);
+        }
+        if (req.method === "POST" && path === "/webhook/sentry") {
+            return handleSentry(req, res, finalArgs);
+        }
+        if (req.method === "POST" && path === "/webhook/generic") {
+            return handleGeneric(req, res, finalArgs);
+        }
+        json(res, 404, { error: "not found", path });
+    });
+    return new Promise(resolve => {
+        server.listen(args.port, "127.0.0.1", () => {
+            console.error(`great-cto serve → http://localhost:${args.port}${insecure ? "  [INSECURE: HMAC OFF]" : ""}`);
+            console.error(`  POST /webhook/github   GitHub (HMAC SHA-256)`);
+            console.error(`  POST /webhook/sentry   Sentry (HMAC SHA-256)`);
+            console.error(`  POST /webhook/generic  Generic (optional HMAC)`);
+            console.error(`  GET  /events           Recent event log`);
+            console.error(`  GET  /dlq              Dead-letter queue`);
+            console.error(`  GET  /healthz          Liveness probe`);
+            console.error(`  log: ${EVENTS_LOG}`);
+        });
+        process.on("SIGINT", () => { server.close(); resolve(0); });
+        process.on("SIGTERM", () => { server.close(); resolve(0); });
+    });
+}

package/dist/webhook-cli.js

@@ -0,0 +1,150 @@
+// great-cto webhook — manage incoming/outgoing webhook configuration.
+//
+// Usage:
+//   great-cto webhook list
+//   great-cto webhook add-incoming <name> --secret <hmac> [--events e1,e2]
+//   great-cto webhook add-outgoing <name> --url <url> --format slack|discord|pagerduty|generic --triggers t1,t2
+//   great-cto webhook remove <name>
+//   great-cto webhook test <name>          (sends a test event through dispatcher)
+import { loadConfig, addIncoming, addOutgoing, removeHook, getConfigPath, } from "./webhook-config.js";
+import { dispatch } from "./webhook-dispatch.js";
+export async function runWebhookCli(args) {
+    switch (args.action) {
+        case "list": {
+            const cfg = loadConfig();
+            console.log(`config: ${getConfigPath()}\n`);
+            console.log(`Incoming hooks (${cfg.incoming.length}):`);
+            if (cfg.incoming.length === 0)
+                console.log("  (none)");
+            for (const h of cfg.incoming) {
+                const sec = h.secret ? `[secret: ${h.secret.slice(0, 4)}...${h.secret.slice(-2)}]` : "[NO SECRET — INSECURE]";
+                console.log(`  - ${h.name}  ${sec}  events=${h.events?.join(",") || "all"}`);
+            }
+            console.log(`\nOutgoing hooks (${cfg.outgoing.length}):`);
+            if (cfg.outgoing.length === 0)
+                console.log("  (none)");
+            for (const h of cfg.outgoing) {
+                const url = h.url.length > 60 ? h.url.slice(0, 57) + "..." : h.url;
+                console.log(`  - ${h.name}  [${h.format}]  triggers=${h.triggers.join(",")}\n      ${url}`);
+            }
+            return 0;
+        }
+        case "add-incoming": {
+            if (!args.name) {
+                console.error("FAIL: --name required");
+                return 2;
+            }
+            if (!args.secret) {
+                console.error("WARN: no --secret provided. Webhooks will only work in --insecure mode.");
+            }
+            addIncoming({
+                name: args.name,
+                secret: args.secret,
+                events: args.events,
+            });
+            console.log(`✓ added incoming hook "${args.name}"`);
+            return 0;
+        }
+        case "add-outgoing": {
+            if (!args.name) {
+                console.error("FAIL: --name required");
+                return 2;
+            }
+            if (!args.url) {
+                console.error("FAIL: --url required");
+                return 2;
+            }
+            if (!args.format) {
+                console.error("FAIL: --format required");
+                return 2;
+            }
+            if (!args.triggers || args.triggers.length === 0) {
+                console.error("FAIL: --triggers required (comma-separated event names)");
+                return 2;
+            }
+            const headers = {};
+            if (args.routingKey)
+                headers.routing_key = args.routingKey;
+            addOutgoing({
+                name: args.name,
+                url: args.url,
+                format: args.format,
+                triggers: args.triggers,
+                headers: Object.keys(headers).length ? headers : undefined,
+            });
+            console.log(`✓ added outgoing hook "${args.name}" (${args.format}) → ${args.triggers.join(", ")}`);
+            return 0;
+        }
+        case "remove": {
+            if (!args.name) {
+                console.error("FAIL: --name required");
+                return 2;
+            }
+            const removed = removeHook(args.name);
+            if (removed) {
+                console.log(`✓ removed hook "${args.name}"`);
+                return 0;
+            }
+            console.error(`hook not found: ${args.name}`);
+            return 1;
+        }
+        case "test": {
+            if (!args.name) {
+                console.error("FAIL: --name required");
+                return 2;
+            }
+            const cfg = loadConfig();
+            const hook = cfg.outgoing.find(h => h.name === args.name);
+            if (!hook) {
+                console.error(`outgoing hook not found: ${args.name}`);
+                return 1;
+            }
+            const result = dispatch({
+                name: hook.triggers[0] ?? "test.event",
+                level: "info",
+                title: "great-cto webhook test",
+                body: "If you see this, your webhook is correctly configured.",
+                meta: { test: true, timestamp: new Date().toISOString() },
+            });
+            console.log(`✓ test event dispatched to ${result.fired} hook(s)`);
+            console.log(`  (delivery is async — check destination shortly; check ~/.great_cto/webhook-dlq.log if it doesn't arrive)`);
+            // Give the in-flight request a moment before exit
+            await new Promise(r => setTimeout(r, 500));
+            return 0;
+        }
+    }
+    console.error(`unknown action: ${args.action}`);
+    return 2;
+}
+export function parseWebhookArgs(rawArgv) {
+    const idx = rawArgv.indexOf("webhook");
+    if (idx === -1)
+        return null;
+    const action = rawArgv[idx + 1];
+    if (!["list", "add-incoming", "add-outgoing", "remove", "test"].includes(action)) {
+        return null;
+    }
+    const flag = (n) => {
+        const i = rawArgv.indexOf(`--${n}`);
+        return i >= 0 && i < rawArgv.length - 1 ? rawArgv[i + 1] : undefined;
+    };
+    // First positional after action = name
+    let name;
+    for (let i = idx + 2; i < rawArgv.length; i++) {
+        const a = rawArgv[i];
+        if (!a.startsWith("--")) {
+            name = a;
+            break;
+        }
+    }
+    return {
+        action,
+        name,
+        secret: flag("secret"),
+        url: flag("url"),
+        format: flag("format"),
+        triggers: flag("triggers")?.split(",").map(s => s.trim()).filter(Boolean),
+        events: flag("events")?.split(",").map(s => s.trim()).filter(Boolean),
+        routingKey: flag("routing-key"),
+    };
+}

package/dist/webhook-config.js

@@ -0,0 +1,65 @@
+// Webhook configuration store — persisted to ~/.great_cto/webhooks.json.
+// Used by `serve` (incoming) and the dispatcher (outgoing).
+//
+// Schema:
+//   {
+//     "incoming": [
+//       { "name": "github", "secret": "<hmac-secret>", "events": ["pull_request"] }
+//     ],
+//     "outgoing": [
+//       { "name": "ops-slack", "url": "https://hooks.slack.com/services/...",
+//         "format": "slack", "triggers": ["gate.approved", "incident.p0"] }
+//     ]
+//   }
+import { existsSync, mkdirSync, readFileSync, writeFileSync } from "node:fs";
+import { homedir } from "node:os";
+import { dirname, join } from "node:path";
+const CONFIG_PATH = join(homedir(), ".great_cto", "webhooks.json");
+const DEFAULT_CONFIG = { incoming: [], outgoing: [] };
+export function getConfigPath() {
+    return CONFIG_PATH;
+}
+export function loadConfig() {
+    if (!existsSync(CONFIG_PATH))
+        return { ...DEFAULT_CONFIG };
+    try {
+        const raw = readFileSync(CONFIG_PATH, "utf8");
+        const parsed = JSON.parse(raw);
+        return {
+            incoming: parsed.incoming ?? [],
+            outgoing: parsed.outgoing ?? [],
+        };
+    }
+    catch {
+        return { ...DEFAULT_CONFIG };
+    }
+}
+export function saveConfig(cfg) {
+    const dir = dirname(CONFIG_PATH);
+    if (!existsSync(dir))
+        mkdirSync(dir, { recursive: true });
+    writeFileSync(CONFIG_PATH, JSON.stringify(cfg, null, 2));
+}
+export function addIncoming(hook) {
+    const cfg = loadConfig();
+    cfg.incoming = cfg.incoming.filter(h => h.name !== hook.name);
+    cfg.incoming.push({ enabled: true, ...hook });
+    saveConfig(cfg);
+}
+export function addOutgoing(hook) {
+    const cfg = loadConfig();
+    cfg.outgoing = cfg.outgoing.filter(h => h.name !== hook.name);
+    cfg.outgoing.push({ enabled: true, ...hook });
+    saveConfig(cfg);
+}
+export function removeHook(name) {
+    const cfg = loadConfig();
+    const before = cfg.incoming.length + cfg.outgoing.length;
+    cfg.incoming = cfg.incoming.filter(h => h.name !== name);
+    cfg.outgoing = cfg.outgoing.filter(h => h.name !== name);
+    saveConfig(cfg);
+    return cfg.incoming.length + cfg.outgoing.length < before;
+}
+export function getIncoming(name) {
+    return loadConfig().incoming.find(h => h.name === name) ?? null;
+}

package/dist/webhook-dispatch.js

@@ -0,0 +1,132 @@
+// Webhook dispatcher — outbound notifications with retry + DLQ.
+//
+// Reliability model:
+//   - In-memory retry queue with exponential backoff (1s, 4s, 16s, 64s)
+//   - Max 4 attempts per delivery
+//   - On final failure: append to dead-letter log (~/.great_cto/webhook-dlq.log)
+//   - Dispatcher is fire-and-forget for the caller — we never block the
+//     incoming-webhook handler on outbound success
+//
+// Format adapters:
+//   - slack: posts as Slack incoming-webhook JSON ({text, blocks?})
+//   - discord: Discord webhook JSON ({content, embeds?})
+//   - pagerduty: Events API v2 ({routing_key, event_action, payload})
+//   - generic: arbitrary JSON POST
+import { appendFileSync, existsSync, mkdirSync } from "node:fs";
+import { homedir } from "node:os";
+import { dirname, join } from "node:path";
+import { loadConfig } from "./webhook-config.js";
+const DLQ_PATH = join(homedir(), ".great_cto", "webhook-dlq.log");
+const RETRY_DELAYS_MS = [1_000, 4_000, 16_000, 64_000]; // 4 attempts total
+// ── Format adapters ────────────────────────────────────────────────────────
+function formatSlack(ev) {
+    const emoji = ev.level === "critical" ? ":rotating_light:"
+        : ev.level === "error" ? ":x:"
+            : ev.level === "warning" ? ":warning:"
+                : ":information_source:";
+    return {
+        text: `${emoji} *${ev.title}*`,
+        attachments: ev.body ? [{ text: ev.body, color: ev.level === "critical" ? "danger" : "good" }] : undefined,
+    };
+}
+function formatDiscord(ev) {
+    const color = ev.level === "critical" ? 0xff0000
+        : ev.level === "error" ? 0xff6600
+            : ev.level === "warning" ? 0xffcc00
+                : 0x00aa66;
+    return {
+        content: ev.title,
+        embeds: ev.body ? [{ description: ev.body, color }] : undefined,
+    };
+}
+function formatPagerDuty(ev, routingKey) {
+    // PagerDuty Events API v2
+    const severity = ev.level === "critical" ? "critical"
+        : ev.level === "error" ? "error"
+            : ev.level === "warning" ? "warning"
+                : "info";
+    return {
+        routing_key: routingKey,
+        event_action: "trigger",
+        payload: {
+            summary: ev.title,
+            source: "great-cto",
+            severity,
+            custom_details: ev.body ? { details: ev.body, ...(ev.meta ?? {}) } : ev.meta,
+        },
+    };
+}
+function buildPayload(hook, ev) {
+    switch (hook.format) {
+        case "slack": return formatSlack(ev);
+        case "discord": return formatDiscord(ev);
+        case "pagerduty": {
+            // PagerDuty uses routing_key from headers config: headers.routing_key
+            const key = hook.headers?.routing_key ?? "";
+            return formatPagerDuty(ev, key);
+        }
+        case "generic":
+        default: return { event: ev.name, ...ev };
+    }
+}
+// ── Retry / DLQ ────────────────────────────────────────────────────────────
+async function deliver(hook, ev, attempt = 0) {
+    try {
+        const body = JSON.stringify(buildPayload(hook, ev));
+        const headers = {
+            "Content-Type": "application/json",
+            ...hook.headers,
+        };
+        // Don't leak routing_key as HTTP header — PagerDuty wants it in body
+        delete headers.routing_key;
+        const res = await fetch(hook.url, { method: "POST", headers, body });
+        if (!res.ok) {
+            throw new Error(`HTTP ${res.status} ${res.statusText}`);
+        }
+    }
+    catch (err) {
+        const next = attempt + 1;
+        if (next < RETRY_DELAYS_MS.length) {
+            setTimeout(() => { void deliver(hook, ev, next); }, RETRY_DELAYS_MS[next]);
+            return;
+        }
+        // Final failure — write to DLQ
+        writeToDlq(hook, ev, err);
+    }
+}
+function writeToDlq(hook, ev, err) {
+    try {
+        const dir = dirname(DLQ_PATH);
+        if (!existsSync(dir))
+            mkdirSync(dir, { recursive: true });
+        const entry = {
+            ts: new Date().toISOString(),
+            hook: hook.name,
+            url: hook.url,
+            event: ev,
+            error: err.message,
+        };
+        appendFileSync(DLQ_PATH, JSON.stringify(entry) + "\n");
+        process.stderr.write(`webhook-dispatch: ${hook.name} dead-lettered: ${err.message}\n`);
+    }
+    catch {
+        /* even DLQ failed — no recovery */
+    }
+}
+// ── Public API ─────────────────────────────────────────────────────────────
+/**
+ * Fire-and-forget dispatch to all outbound webhooks whose triggers include
+ * the event's name. The caller does not await delivery — we run all
+ * dispatchers in parallel with their own retry queues.
+ */
+export function dispatch(ev) {
+    const cfg = loadConfig();
+    const targets = cfg.outgoing.filter(h => (h.enabled !== false) && h.triggers.includes(ev.name));
+    for (const hook of targets) {
+        void deliver(hook, ev, 0);
+    }
+    return { fired: targets.length };
+}
+export function getDlqPath() {
+    return DLQ_PATH;
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "great-cto",
-  "version": "2.3.4",
+  "version": "2.5.0",
   "description": "One command install for the great_cto Claude Code plugin. Auto-detects your stack, picks the right archetype, bootstraps PROJECT.md.",
   "keywords": [
     "claude-code",