grov 0.1.0

package/dist/lib/drift-checker.js

@@ -0,0 +1,341 @@
+// Drift detection logic for anti-drift system
+// Uses Claude Haiku 4.5 for LLM-based drift scoring
+//
+// CRITICAL: We check Claude's ACTIONS, NOT user prompts.
+// User can explore freely. We monitor what CLAUDE DOES.
+import Anthropic from '@anthropic-ai/sdk';
+import { isAnthropicAvailable, getDriftModel } from './llm-extractor.js';
+import { getRelevantSteps, getRecentSteps } from './store.js';
+import { extractFilesFromActions, extractFoldersFromActions } from './session-parser.js';
+import { debugInject } from './debug.js';
+// ============================================
+// CONFIGURATION
+// ============================================
+export const DRIFT_CONFIG = {
+    SCORE_NO_INJECTION: 8, // >= 8: no correction
+    SCORE_NUDGE: 7, // 7: nudge
+    SCORE_CORRECT: 5, // 5-6: correct
+    SCORE_INTERVENE: 3, // 3-4: intervene
+    SCORE_HALT: 1, // 1-2: halt
+    MAX_WARNINGS_BEFORE_FLAG: 3,
+    AVG_SCORE_THRESHOLD: 6,
+    MAX_ESCALATION: 3,
+};
+// ============================================
+// MAIN FUNCTIONS
+// ============================================
+/**
+ * Build input for drift check from Claude's ACTIONS and session state.
+ *
+ * CRITICAL: We check ACTIONS, not user prompts.
+ */
+export function buildDriftCheckInput(claudeActions, sessionId, sessionState) {
+    // Extract files/folders from current actions for retrieval
+    const currentFiles = extractFilesFromActions(claudeActions);
+    const currentFolders = extractFoldersFromActions(claudeActions);
+    return {
+        originalGoal: sessionState.original_goal || '',
+        expectedScope: sessionState.expected_scope,
+        constraints: sessionState.constraints,
+        keywords: sessionState.keywords,
+        driftHistory: sessionState.drift_history.map(h => ({
+            score: h.score,
+            level: h.level
+        })),
+        escalationCount: sessionState.escalation_count,
+        // Claude's ACTIONS
+        claudeActions,
+        // 4-query retrieval for context
+        retrievedSteps: getRelevantSteps(sessionId, currentFiles, currentFolders, sessionState.keywords, 10),
+        lastNSteps: getRecentSteps(sessionId, 5)
+    };
+}
+/**
+ * Check drift using LLM or fallback
+ */
+export async function checkDrift(input) {
+    // Try LLM if available
+    if (isAnthropicAvailable()) {
+        try {
+            return await checkDriftWithLLM(input);
+        }
+        catch (error) {
+            debugInject('checkDrift LLM failed, using fallback: %O', error);
+            return checkDriftBasic(input);
+        }
+    }
+    // Fallback to basic detection
+    return checkDriftBasic(input);
+}
+/**
+ * LLM-based drift detection using Claude Haiku 4.5.
+ *
+ * CRITICAL: Analyzes Claude's ACTIONS, not user prompts.
+ */
+async function checkDriftWithLLM(input) {
+    const anthropic = new Anthropic();
+    const model = getDriftModel();
+    // Format Claude's actions for the prompt
+    const actionsText = input.claudeActions.length > 0
+        ? input.claudeActions.map(a => {
+            if (a.type === 'bash')
+                return `- ${a.type}: ${a.command?.substring(0, 100) || 'no command'}`;
+            return `- ${a.type}: ${a.files.join(', ') || 'no files'}`;
+        }).join('\n')
+        : 'No actions yet';
+    // Format recent steps for context
+    const recentStepsText = input.lastNSteps.length > 0
+        ? input.lastNSteps.map(s => `- ${s.action_type}: ${s.files.slice(0, 2).join(', ')} (score: ${s.drift_score})`).join('\n')
+        : 'No previous steps';
+    const driftContext = input.driftHistory.length > 0
+        ? `Previous drift events: ${input.driftHistory.map(h => `score=${h.score}`).join(', ')}`
+        : 'No previous drift events';
+    const response = await anthropic.messages.create({
+        model,
+        max_tokens: 1024,
+        messages: [
+            {
+                role: 'user',
+                content: `You are a drift detection system. Analyze if Claude's ACTIONS align with the original goal.
+
+IMPORTANT: We monitor Claude's ACTIONS, not user prompts. Users can ask anything - we check what Claude DOES.
+
+ORIGINAL GOAL:
+${input.originalGoal}
+
+EXPECTED SCOPE (files/components Claude should touch):
+${input.expectedScope.length > 0 ? input.expectedScope.join(', ') : 'Not specified'}
+
+CONSTRAINTS:
+${input.constraints.length > 0 ? input.constraints.join(', ') : 'None specified'}
+
+KEY TERMS:
+${input.keywords.join(', ')}
+
+${driftContext}
+Current escalation level: ${input.escalationCount}
+
+CLAUDE'S RECENT ACTIONS:
+${actionsText}
+
+PREVIOUS STEPS IN SESSION:
+${recentStepsText}
+
+CHECK FOR:
+1. Files OUTSIDE expected scope (editing unrelated files)
+2. Repetition patterns (same file edited 3+ times without progress)
+3. Tangential work (styling when goal is auth)
+4. New features not requested
+5. "While I'm here" patterns (scope creep)
+
+LEGITIMATE (NOT drift):
+- Editing utility files imported by main files
+- Fixing bugs discovered while working
+- Updating tests for modified code
+- Reading ANY file (exploration is OK)
+
+Rate 1-10:
+- 10: Actions directly advance the goal
+- 8-9: Minor deviation but related (e.g., helper file)
+- 5-7: Moderate drift, tangentially related
+- 3-4: Significant drift, unrelated files
+- 1-2: Critical drift, completely off-track
+
+Return ONLY valid JSON:
+{
+  "score": <1-10>,
+  "type": "aligned|minor|moderate|severe|critical",
+  "diagnostic": "Brief explanation of drift based on ACTIONS (1 sentence)",
+  "recovery_steps": [{"file": "optional/path", "action": "what to do"}],
+  "boundaries": ["Things that should NOT be done"],
+  "verification": "How to confirm we're back on track"
+}
+
+Return ONLY valid JSON.`
+            }
+        ]
+    });
+    // Extract text content
+    const content = response.content[0];
+    if (content.type !== 'text') {
+        throw new Error('Unexpected response type');
+    }
+    // Strip markdown code blocks if present
+    let jsonText = content.text.trim();
+    if (jsonText.startsWith('```')) {
+        jsonText = jsonText.replace(/^```(?:json)?\n?/, '').replace(/\n?```$/, '');
+    }
+    debugInject('LLM raw response: %s', jsonText.substring(0, 200));
+    const parsed = JSON.parse(jsonText);
+    // Handle score as string or number
+    const rawScore = typeof parsed.score === 'string' ? parseInt(parsed.score, 10) : parsed.score;
+    const score = Math.min(10, Math.max(1, rawScore || 5));
+    debugInject('LLM parsed score: raw=%s, final=%d', parsed.score, score);
+    return {
+        score,
+        type: mapScoreToType(score),
+        diagnostic: parsed.diagnostic || 'Unable to determine drift status',
+        recoveryPlan: parsed.recovery_steps ? { steps: parsed.recovery_steps } : undefined,
+        boundaries: parsed.boundaries || [],
+        verification: parsed.verification || 'Complete the original task'
+    };
+}
+/**
+ * Basic drift detection without LLM.
+ *
+ * CRITICAL: Checks Claude's ACTIONS, not user prompts.
+ * - Read actions are ALWAYS OK (exploration is not drift)
+ * - Edit/Write actions outside scope = drift
+ * - Repetition patterns = drift
+ */
+export function checkDriftBasic(input) {
+    const issues = [];
+    // Filter to modifying actions only (read is always OK)
+    const modifyingActions = input.claudeActions.filter(a => a.type !== 'read' && a.type !== 'grep' && a.type !== 'glob');
+    // No modifying actions = no drift possible
+    if (modifyingActions.length === 0) {
+        return {
+            score: 10,
+            type: 'aligned',
+            diagnostic: 'No modifying actions - exploration only',
+            boundaries: [],
+            verification: `Continue with: ${input.originalGoal.substring(0, 50)}`
+        };
+    }
+    // Count files in-scope vs out-of-scope
+    let inScopeCount = 0;
+    let outOfScopeCount = 0;
+    const allFiles = [];
+    for (const action of modifyingActions) {
+        for (const file of action.files) {
+            if (!file)
+                continue;
+            allFiles.push(file);
+            // If no scope defined, assume all files are OK
+            if (input.expectedScope.length === 0) {
+                inScopeCount++;
+                continue;
+            }
+            // Check if file is in scope
+            const inScope = input.expectedScope.some(scope => {
+                // file contains scope pattern (e.g., "src/auth/token.ts" contains "src/auth/")
+                if (file.includes(scope))
+                    return true;
+                // scope contains the file name (e.g., "src/lib/token.ts" contains "token.ts")
+                const fileName = file.split('/').pop() || '';
+                if (scope.includes(fileName) && fileName.length > 0)
+                    return true;
+                return false;
+            });
+            if (inScope) {
+                inScopeCount++;
+            }
+            else {
+                outOfScopeCount++;
+                issues.push(`File outside scope: ${file.split('/').pop()}`);
+            }
+        }
+    }
+    // Calculate score based on in-scope ratio
+    let score;
+    const totalFiles = inScopeCount + outOfScopeCount;
+    if (totalFiles === 0) {
+        score = 10;
+    }
+    else if (outOfScopeCount === 0) {
+        // All files in scope = perfect
+        score = 10;
+    }
+    else if (inScopeCount === 0) {
+        // All files out of scope = critical drift
+        score = Math.max(1, 4 - outOfScopeCount); // 1-4 depending on how many
+    }
+    else {
+        // Mixed: some in, some out
+        const ratio = inScopeCount / totalFiles;
+        // ratio 1.0 = 10, ratio 0.5 = 6, ratio 0.0 = 2
+        score = Math.round(2 + ratio * 8);
+        // Additional penalty for each out-of-scope file
+        score = Math.max(1, score - outOfScopeCount);
+    }
+    // Check for repetition patterns (same file edited 3+ times)
+    // Use unique files to avoid double-counting
+    const recentFiles = input.lastNSteps.flatMap(s => s.files);
+    const uniqueCurrentFiles = [...new Set(allFiles)];
+    for (const file of uniqueCurrentFiles) {
+        const timesEdited = recentFiles.filter(f => f === file).length;
+        if (timesEdited >= 3) {
+            score = Math.max(1, score - 2);
+            issues.push(`Repetition: ${file.split('/').pop()} edited ${timesEdited}+ times`);
+        }
+    }
+    // Clamp score
+    score = Math.max(1, Math.min(10, score));
+    // Determine diagnostic
+    let diagnostic;
+    if (score >= 8) {
+        diagnostic = 'Actions align with original goal';
+    }
+    else if (score >= 5) {
+        diagnostic = issues.length > 0 ? issues[0] : 'Actions partially relate to goal';
+    }
+    else if (score >= 3) {
+        diagnostic = issues.length > 0 ? issues.join('; ') : 'Actions deviate from goal';
+    }
+    else {
+        diagnostic = issues.length > 0 ? issues.join('; ') : 'Actions do not relate to original goal';
+    }
+    return {
+        score,
+        type: mapScoreToType(score),
+        diagnostic,
+        recoveryPlan: score < 5 ? { steps: [{ action: `Return to: ${input.originalGoal.substring(0, 50)}` }] } : undefined,
+        boundaries: [],
+        verification: `Continue with: ${input.originalGoal.substring(0, 50)}`
+    };
+}
+/**
+ * Infer action type from prompt
+ */
+export function inferAction(prompt) {
+    const lower = prompt.toLowerCase();
+    if (lower.includes('fix') || lower.includes('bug') || lower.includes('error')) {
+        return 'fix';
+    }
+    if (lower.includes('add') || lower.includes('create') || lower.includes('implement')) {
+        return 'add';
+    }
+    if (lower.includes('refactor') || lower.includes('improve') || lower.includes('clean')) {
+        return 'refactor';
+    }
+    if (lower.includes('test') || lower.includes('spec')) {
+        return 'test';
+    }
+    if (lower.includes('doc') || lower.includes('comment') || lower.includes('readme')) {
+        return 'document';
+    }
+    if (lower.includes('update') || lower.includes('change') || lower.includes('modify')) {
+        return 'update';
+    }
+    if (lower.includes('remove') || lower.includes('delete')) {
+        return 'remove';
+    }
+    return 'unknown';
+}
+// ============================================
+// HELPERS
+// ============================================
+/**
+ * Map numeric score to drift type
+ */
+function mapScoreToType(score) {
+    if (score >= 8)
+        return 'aligned';
+    if (score >= 6)
+        return 'minor';
+    if (score >= 4)
+        return 'moderate';
+    if (score >= 2)
+        return 'severe';
+    return 'critical';
+}

package/dist/lib/hooks.d.ts

@@ -0,0 +1,27 @@
+interface HookCommand {
+    type: 'command';
+    command: string;
+}
+interface HookEntry {
+    matcher?: Record<string, unknown>;
+    hooks: HookCommand[];
+}
+interface ClaudeSettings {
+    hooks?: {
+        Stop?: HookEntry[];
+        SessionStart?: HookEntry[];
+        [key: string]: HookEntry[] | undefined;
+    };
+    [key: string]: unknown;
+}
+export declare function readClaudeSettings(): ClaudeSettings;
+export declare function writeClaudeSettings(settings: ClaudeSettings): void;
+export declare function registerGrovHooks(): {
+    added: string[];
+    alreadyExists: string[];
+};
+export declare function unregisterGrovHooks(): {
+    removed: string[];
+};
+export declare function getSettingsPath(): string;
+export {};

package/dist/lib/hooks.js

@@ -0,0 +1,258 @@
+// Helper to read/write ~/.claude/settings.json
+import { readFileSync, writeFileSync, existsSync, mkdirSync, readdirSync } from 'fs';
+import { homedir } from 'os';
+import { join, resolve, dirname } from 'path';
+import { fileURLToPath } from 'url';
+const CLAUDE_DIR = join(homedir(), '.claude');
+const SETTINGS_PATH = join(CLAUDE_DIR, 'settings.json');
+// Cache for grov path to avoid repeated file system checks
+let cachedGrovPath = null;
+// SECURITY: Pattern for safe grov executable paths (no shell metacharacters)
+// Allows: alphanumeric, /, -, _, ., space, and quotes (for paths with spaces)
+const SAFE_PATH_PATTERN = /^[a-zA-Z0-9/\-_. "]+$/;
+/**
+ * Validate that a path doesn't contain shell metacharacters.
+ * SECURITY: Prevents command injection via malicious path names.
+ */
+function isPathSafe(path) {
+    // Must match safe pattern
+    if (!SAFE_PATH_PATTERN.test(path)) {
+        return false;
+    }
+    // Must not contain shell dangerous sequences
+    const dangerousPatterns = [';', '|', '&', '`', '$', '(', ')', '<', '>', '\n', '\r'];
+    return !dangerousPatterns.some(p => path.includes(p));
+}
+/**
+ * Safe locations where grov executable can be found.
+ * We only check these known paths - no shell commands are executed.
+ */
+const SAFE_GROV_LOCATIONS = [
+    '/opt/homebrew/bin/grov', // macOS ARM (Homebrew)
+    '/usr/local/bin/grov', // macOS Intel / Linux
+    '/usr/bin/grov', // System-wide Linux
+    join(homedir(), '.npm-global/bin/grov'), // Custom npm prefix
+    join(homedir(), '.local/bin/grov'), // Local user bin
+];
+/**
+ * Get nvm-based paths for current and common Node versions.
+ * Returns paths without executing any shell commands.
+ */
+function getNvmPaths() {
+    const nvmDir = join(homedir(), '.nvm/versions/node');
+    const paths = [];
+    // Add current Node version path
+    paths.push(join(nvmDir, process.version, 'bin/grov'));
+    // Try common LTS versions
+    const ltsVersions = ['v18', 'v20', 'v22'];
+    for (const ver of ltsVersions) {
+        try {
+            const versionDir = join(nvmDir, ver);
+            if (existsSync(versionDir)) {
+                // Find actual version directories
+                const entries = readdirSync(versionDir);
+                for (const entry of entries) {
+                    paths.push(join(nvmDir, ver, entry, 'bin/grov'));
+                }
+            }
+        }
+        catch {
+            // Skip if can't read directory
+        }
+    }
+    return paths;
+}
+/**
+ * Find the absolute path to the grov executable.
+ * SECURITY: Only checks known safe locations - no shell command execution.
+ * SECURITY: Validates paths don't contain shell metacharacters.
+ * OPTIMIZED: Caches result to avoid repeated file system checks.
+ */
+function findGrovPath() {
+    // Return cached path if available
+    if (cachedGrovPath) {
+        return cachedGrovPath;
+    }
+    // Check safe locations first
+    for (const p of SAFE_GROV_LOCATIONS) {
+        // SECURITY: Validate path is safe before using
+        if (existsSync(p) && isPathSafe(p)) {
+            cachedGrovPath = p;
+            return p;
+        }
+    }
+    // Check nvm locations
+    for (const p of getNvmPaths()) {
+        // SECURITY: Validate path is safe before using
+        if (existsSync(p) && isPathSafe(p)) {
+            cachedGrovPath = p;
+            return p;
+        }
+    }
+    // Check if running from source (development mode)
+    try {
+        const __filename = fileURLToPath(import.meta.url);
+        const __dirname = dirname(__filename);
+        const localCli = resolve(__dirname, '../../dist/cli.js');
+        // SECURITY: Validate development path is safe before using
+        if (existsSync(localCli) && isPathSafe(localCli)) {
+            cachedGrovPath = `node "${localCli}"`;
+            return cachedGrovPath;
+        }
+    }
+    catch {
+        // ESM import.meta not available, skip
+    }
+    // Fallback to just 'grov' - will work if it's in PATH
+    // Note: 'grov' is inherently safe (no special chars)
+    cachedGrovPath = 'grov';
+    return cachedGrovPath;
+}
+export function readClaudeSettings() {
+    if (!existsSync(SETTINGS_PATH)) {
+        return {};
+    }
+    try {
+        const content = readFileSync(SETTINGS_PATH, 'utf-8');
+        return JSON.parse(content);
+    }
+    catch {
+        console.error('Warning: Could not parse ~/.claude/settings.json');
+        return {};
+    }
+}
+export function writeClaudeSettings(settings) {
+    // Ensure .claude directory exists with restricted permissions
+    if (!existsSync(CLAUDE_DIR)) {
+        mkdirSync(CLAUDE_DIR, { recursive: true, mode: 0o700 });
+    }
+    writeFileSync(SETTINGS_PATH, JSON.stringify(settings, null, 2), { mode: 0o600 });
+}
+export function registerGrovHooks() {
+    const settings = readClaudeSettings();
+    const added = [];
+    const alreadyExists = [];
+    // Get absolute path to grov executable
+    const grovPath = findGrovPath();
+    // Initialize hooks object if it doesn't exist
+    if (!settings.hooks) {
+        settings.hooks = {};
+    }
+    // Helper to check if a grov command already exists (check for both relative and absolute paths)
+    const hasGrovCommand = (entries, commandSuffix) => {
+        if (!entries)
+            return false;
+        return entries.some(entry => entry.hooks.some(h => h.type === 'command' && h.command.endsWith(commandSuffix)));
+    };
+    // Register Stop hook for capture
+    // Note: Stop/SessionStart hooks don't use matcher (only tool-specific hooks do)
+    const stopCommand = `${grovPath} capture`;
+    if (!settings.hooks.Stop) {
+        settings.hooks.Stop = [];
+    }
+    if (!hasGrovCommand(settings.hooks.Stop, 'grov capture') && !hasGrovCommand(settings.hooks.Stop, stopCommand)) {
+        settings.hooks.Stop.push({
+            hooks: [{ type: 'command', command: stopCommand }]
+        });
+        added.push(`Stop → ${stopCommand}`);
+    }
+    else {
+        alreadyExists.push('Stop → grov capture');
+    }
+    // Register SessionStart hook for inject
+    const sessionStartCommand = `${grovPath} inject`;
+    if (!settings.hooks.SessionStart) {
+        settings.hooks.SessionStart = [];
+    }
+    if (!hasGrovCommand(settings.hooks.SessionStart, 'grov inject') && !hasGrovCommand(settings.hooks.SessionStart, sessionStartCommand)) {
+        settings.hooks.SessionStart.push({
+            hooks: [{ type: 'command', command: sessionStartCommand }]
+        });
+        added.push(`SessionStart → ${sessionStartCommand}`);
+    }
+    else {
+        alreadyExists.push('SessionStart → grov inject');
+    }
+    // Register UserPromptSubmit hook for continuous context injection
+    const promptInjectCommand = `${grovPath} prompt-inject`;
+    if (!settings.hooks.UserPromptSubmit) {
+        settings.hooks.UserPromptSubmit = [];
+    }
+    if (!hasGrovCommand(settings.hooks.UserPromptSubmit, 'grov prompt-inject') && !hasGrovCommand(settings.hooks.UserPromptSubmit, promptInjectCommand)) {
+        settings.hooks.UserPromptSubmit.push({
+            hooks: [{ type: 'command', command: promptInjectCommand }]
+        });
+        added.push(`UserPromptSubmit → ${promptInjectCommand}`);
+    }
+    else {
+        alreadyExists.push('UserPromptSubmit → grov prompt-inject');
+    }
+    writeClaudeSettings(settings);
+    return { added, alreadyExists };
+}
+export function unregisterGrovHooks() {
+    const settings = readClaudeSettings();
+    const removed = [];
+    // Helper to find and remove grov command entries (handles both relative and absolute paths)
+    const removeGrovCommands = (entries, commandSuffix) => {
+        if (!entries)
+            return undefined;
+        // Filter out entries that contain any grov command ending with the suffix
+        const filtered = entries.filter(entry => {
+            const hasCommand = entry.hooks.some(h => h.type === 'command' && h.command.endsWith(commandSuffix));
+            return !hasCommand;
+        });
+        return filtered.length > 0 ? filtered : undefined;
+    };
+    // Also handle old string format for cleanup
+    const removeOldFormat = (entries, commandSuffix) => {
+        return entries.filter(entry => {
+            if (typeof entry === 'string') {
+                return !entry.endsWith(commandSuffix);
+            }
+            return true;
+        });
+    };
+    if (settings.hooks?.Stop) {
+        const originalLength = settings.hooks.Stop.length;
+        // Remove new format (handles both 'grov capture' and '/path/to/grov capture')
+        const newFormatFiltered = removeGrovCommands(settings.hooks.Stop, 'grov capture');
+        // Also clean up old string format if present
+        const cleaned = removeOldFormat(newFormatFiltered || [], 'grov capture');
+        if (cleaned.length < originalLength) {
+            removed.push('Stop → grov capture');
+        }
+        settings.hooks.Stop = cleaned.length > 0 ? cleaned : undefined;
+    }
+    if (settings.hooks?.SessionStart) {
+        const originalLength = settings.hooks.SessionStart.length;
+        // Remove new format (handles both 'grov inject' and '/path/to/grov inject')
+        const newFormatFiltered = removeGrovCommands(settings.hooks.SessionStart, 'grov inject');
+        // Also clean up old string format if present
+        const cleaned = removeOldFormat(newFormatFiltered || [], 'grov inject');
+        if (cleaned.length < originalLength) {
+            removed.push('SessionStart → grov inject');
+        }
+        settings.hooks.SessionStart = cleaned.length > 0 ? cleaned : undefined;
+    }
+    if (settings.hooks?.UserPromptSubmit) {
+        const originalLength = settings.hooks.UserPromptSubmit.length;
+        // Remove new format (handles both 'grov prompt-inject' and '/path/to/grov prompt-inject')
+        const newFormatFiltered = removeGrovCommands(settings.hooks.UserPromptSubmit, 'grov prompt-inject');
+        // Also clean up old string format if present
+        const cleaned = removeOldFormat(newFormatFiltered || [], 'grov prompt-inject');
+        if (cleaned.length < originalLength) {
+            removed.push('UserPromptSubmit → grov prompt-inject');
+        }
+        settings.hooks.UserPromptSubmit = cleaned.length > 0 ? cleaned : undefined;
+    }
+    // Clean up empty hooks object
+    if (settings.hooks && Object.keys(settings.hooks).every(k => !settings.hooks[k])) {
+        delete settings.hooks;
+    }
+    writeClaudeSettings(settings);
+    return { removed };
+}
+export function getSettingsPath() {
+    return SETTINGS_PATH;
+}