gsd-cc 1.2.1 → 1.3.1

package/bin/install.js

@@ -155,9 +155,89 @@ function install(isGlobal) {
     fs.chmodSync(autoLoop, 0o755);
   }
 
+  // 5. Install hooks
+  const hooksSrc = path.join(__dirname, '..', 'hooks');
+  const hooksDest = path.join(skillsBase, 'gsd-cc-shared', 'hooks');
+  if (fs.existsSync(hooksSrc)) {
+    copyDir(hooksSrc, hooksDest);
+    // Make hooks executable
+    const hookFiles = fs.readdirSync(hooksDest);
+    for (const f of hookFiles) {
+      fs.chmodSync(path.join(hooksDest, f), 0o755);
+    }
+    fileCount += hookFiles.length;
+  }
+
+  // 6. Configure hooks in settings.json
+  installHooks(isGlobal, hooksDest);
+
   console.log(`  ${green}✓${reset} Installed ${fileCount} files to ${label}`);
 }
 
+/**
+ * Install hooks into .claude/settings.json or .claude/settings.local.json
+ */
+function installHooks(isGlobal, hooksDir) {
+  const settingsPath = isGlobal
+    ? path.join(os.homedir(), '.claude', 'settings.json')
+    : path.join(process.cwd(), '.claude', 'settings.local.json');
+
+  let settings = {};
+  if (fs.existsSync(settingsPath)) {
+    try {
+      settings = JSON.parse(fs.readFileSync(settingsPath, 'utf-8'));
+    } catch (e) {
+      settings = {};
+    }
+  }
+
+  if (!settings.hooks) settings.hooks = {};
+
+  const boundaryGuard = path.join(hooksDir, 'gsd-boundary-guard.sh');
+  const promptGuard = path.join(hooksDir, 'gsd-prompt-guard.sh');
+  const contextMonitor = path.join(hooksDir, 'gsd-context-monitor.sh');
+  const workflowGuard = path.join(hooksDir, 'gsd-workflow-guard.sh');
+  const statusline = path.join(hooksDir, 'gsd-statusline.sh');
+
+  // Remove all existing GSD-CC hooks before adding (idempotent)
+  for (const event of Object.keys(settings.hooks)) {
+    settings.hooks[event] = settings.hooks[event].filter(
+      h => !JSON.stringify(h).includes('gsd-')
+    );
+    if (settings.hooks[event].length === 0) delete settings.hooks[event];
+  }
+
+  // PreToolUse: boundary guard + prompt injection guard on Edit/Write
+  if (!settings.hooks.PreToolUse) settings.hooks.PreToolUse = [];
+  settings.hooks.PreToolUse.push({
+    matcher: 'Edit|Write',
+    hooks: [
+      { type: 'command', command: boundaryGuard, timeout: 5000 },
+      { type: 'command', command: promptGuard, timeout: 5000 }
+    ]
+  });
+
+  // PostToolUse: context monitor (all tools) + workflow guard (Edit/Write)
+  if (!settings.hooks.PostToolUse) settings.hooks.PostToolUse = [];
+  settings.hooks.PostToolUse.push({
+    hooks: [{ type: 'command', command: contextMonitor, timeout: 5000 }]
+  });
+  settings.hooks.PostToolUse.push({
+    matcher: 'Edit|Write',
+    hooks: [{ type: 'command', command: workflowGuard, timeout: 5000 }]
+  });
+
+  // Notification: statusline
+  if (!settings.hooks.Notification) settings.hooks.Notification = [];
+  settings.hooks.Notification.push({
+    hooks: [{ type: 'command', command: statusline, timeout: 3000 }]
+  });
+
+  fs.mkdirSync(path.dirname(settingsPath), { recursive: true });
+  fs.writeFileSync(settingsPath, JSON.stringify(settings, null, 2) + '\n');
+  console.log(`  ${green}✓${reset} Hooks configured in ${settingsPath.replace(os.homedir(), '~').replace(process.cwd(), '.')}`);
+}
+
 /**
  * Write language to CLAUDE.md
  */
@@ -254,9 +334,32 @@ function uninstall() {
     }
   }
 
+  // Clean up hooks from settings files
+  for (const isGlobal of [true, false]) {
+    const settingsPath = isGlobal
+      ? path.join(os.homedir(), '.claude', 'settings.json')
+      : path.join(process.cwd(), '.claude', 'settings.local.json');
+    if (fs.existsSync(settingsPath)) {
+      try {
+        const settings = JSON.parse(fs.readFileSync(settingsPath, 'utf-8'));
+        if (settings.hooks) {
+          for (const event of Object.keys(settings.hooks)) {
+            settings.hooks[event] = settings.hooks[event].filter(
+              h => !JSON.stringify(h).includes('gsd-')
+            );
+            if (settings.hooks[event].length === 0) delete settings.hooks[event];
+          }
+          if (Object.keys(settings.hooks).length === 0) delete settings.hooks;
+          fs.writeFileSync(settingsPath, JSON.stringify(settings, null, 2) + '\n');
+        }
+      } catch (e) { /* ignore parse errors */ }
+    }
+  }
+
   if (!removed) {
     console.log(`  ${yellow}No GSD-CC installation found.${reset}`);
   } else {
+    console.log(`  ${green}✓${reset} Hooks removed from settings`);
     console.log(`\n  ${green}Done.${reset} GSD-CC has been removed.`);
   }
 }

package/hooks/gsd-boundary-guard.sh

@@ -0,0 +1,62 @@
+#!/bin/bash
+# GSD-CC Boundary Guard — PreToolUse hook
+# Blocks Write/Edit operations on files listed in .gsd/STATE.md boundaries.
+# This is a HARD enforcement — Claude cannot bypass this regardless of prompting.
+
+INPUT=$(cat)
+TOOL_NAME=$(echo "$INPUT" | jq -r '.tool_name')
+CWD=$(echo "$INPUT" | jq -r '.cwd')
+
+# Only check Edit and Write operations
+if [ "$TOOL_NAME" != "Edit" ] && [ "$TOOL_NAME" != "Write" ]; then
+  exit 0
+fi
+
+# Get the file being edited/written
+FILE_PATH=$(echo "$INPUT" | jq -r '.tool_input.file_path // empty')
+if [ -z "$FILE_PATH" ]; then
+  exit 0
+fi
+
+# Check if STATE.md exists and has boundaries
+STATE_FILE="$CWD/.gsd/STATE.md"
+if [ ! -f "$STATE_FILE" ]; then
+  exit 0
+fi
+
+# Extract boundary files from STATE.md
+# Boundaries section contains lines like: - path/to/file (reason)
+BOUNDARIES=$(sed -n '/^## Boundaries Active/,/^##/p' "$STATE_FILE" | grep '^ *- ' | sed 's/^ *- //' | sed 's/ (.*//')
+
+if [ -z "$BOUNDARIES" ]; then
+  exit 0
+fi
+
+# Normalize the target file path (make relative to CWD if absolute)
+RELATIVE_PATH="$FILE_PATH"
+if [[ "$FILE_PATH" == "$CWD"* ]]; then
+  RELATIVE_PATH="${FILE_PATH#$CWD/}"
+fi
+
+# Check each boundary file
+while IFS= read -r BOUNDARY_FILE; do
+  BOUNDARY_FILE=$(echo "$BOUNDARY_FILE" | xargs) # trim whitespace
+  if [ -z "$BOUNDARY_FILE" ]; then
+    continue
+  fi
+
+  # Check exact match or path containment
+  if [ "$RELATIVE_PATH" = "$BOUNDARY_FILE" ] || [ "$FILE_PATH" = "$BOUNDARY_FILE" ]; then
+    jq -n --arg file "$BOUNDARY_FILE" '{
+      "hookSpecificOutput": {
+        "hookEventName": "PreToolUse",
+        "permissionDecision": "deny",
+        "permissionDecisionReason": ("BOUNDARY VIOLATION: " + $file + " is in the DO NOT CHANGE list for this task. This file is protected. If you need to modify it, stop and discuss with the user first.")
+      }
+    }'
+    exit 0
+  fi
+done <<< "$BOUNDARIES"
+
+# File not in boundaries — allow
+exit 0

package/hooks/gsd-context-monitor.sh

@@ -0,0 +1,55 @@
+#!/bin/bash
+# GSD-CC Context Monitor — PostToolUse hook
+# Injects warnings when context usage is getting high.
+# Uses the transcript file size as a proxy for context consumption.
+
+INPUT=$(cat)
+CWD=$(echo "$INPUT" | jq -r '.cwd')
+TRANSCRIPT=$(echo "$INPUT" | jq -r '.transcript_path // empty')
+
+# Skip if no transcript path
+if [ -z "$TRANSCRIPT" ] || [ ! -f "$TRANSCRIPT" ]; then
+  exit 0
+fi
+
+# Check if we're in a GSD-CC project
+if [ ! -d "$CWD/.gsd" ]; then
+  exit 0
+fi
+
+# Use transcript line count as context proxy
+# Typical context window: ~200K tokens ≈ ~2000 transcript lines for a heavy session
+LINE_COUNT=$(wc -l < "$TRANSCRIPT" | xargs)
+
+# Debounce: only warn every 20 tool calls
+DEBOUNCE_FILE="/tmp/gsd-cc-ctx-monitor-$$"
+if [ -f "$DEBOUNCE_FILE" ]; then
+  LAST_WARN=$(cat "$DEBOUNCE_FILE")
+  DIFF=$((LINE_COUNT - LAST_WARN))
+  if [ "$DIFF" -lt 50 ]; then
+    exit 0
+  fi
+fi
+
+# Warning thresholds (based on transcript lines)
+if [ "$LINE_COUNT" -gt 1500 ]; then
+  echo "$LINE_COUNT" > "$DEBOUNCE_FILE"
+  jq -n '{
+    "hookSpecificOutput": {
+      "hookEventName": "PostToolUse",
+      "additionalContext": "⚠️ CRITICAL: Context window is very full. You MUST wrap up the current task immediately, write the summary, and instruct the user to start a fresh session. Do NOT start new work."
+    }
+  }'
+  exit 0
+elif [ "$LINE_COUNT" -gt 1000 ]; then
+  echo "$LINE_COUNT" > "$DEBOUNCE_FILE"
+  jq -n '{
+    "hookSpecificOutput": {
+      "hookEventName": "PostToolUse",
+      "additionalContext": "⚠️ WARNING: Context window is filling up. Finish the current task soon and prepare to hand off to a fresh session."
+    }
+  }'
+  exit 0
+fi
+
+exit 0

package/hooks/gsd-prompt-guard.sh

@@ -0,0 +1,91 @@
+#!/bin/bash
+# GSD-CC Prompt Injection Guard — PreToolUse hook
+# Scans Write/Edit operations targeting .gsd/ files for prompt injection patterns.
+# Blocks suspicious content from being written into planning artifacts.
+
+INPUT=$(cat)
+TOOL_NAME=$(echo "$INPUT" | jq -r '.tool_name')
+CWD=$(echo "$INPUT" | jq -r '.cwd')
+
+# Only check Edit and Write operations
+if [ "$TOOL_NAME" != "Edit" ] && [ "$TOOL_NAME" != "Write" ]; then
+  exit 0
+fi
+
+FILE_PATH=$(echo "$INPUT" | jq -r '.tool_input.file_path // empty')
+if [ -z "$FILE_PATH" ]; then
+  exit 0
+fi
+
+# Only scan writes to .gsd/ directory (planning artifacts)
+if [[ "$FILE_PATH" != *".gsd/"* ]]; then
+  exit 0
+fi
+
+# Get the content being written
+if [ "$TOOL_NAME" = "Write" ]; then
+  CONTENT=$(echo "$INPUT" | jq -r '.tool_input.content // empty')
+elif [ "$TOOL_NAME" = "Edit" ]; then
+  CONTENT=$(echo "$INPUT" | jq -r '.tool_input.new_string // empty')
+fi
+
+if [ -z "$CONTENT" ]; then
+  exit 0
+fi
+
+# Check for prompt injection patterns
+SUSPICIOUS=false
+REASON=""
+
+# Pattern 1: Direct instruction override attempts
+if echo "$CONTENT" | grep -iqE 'ignore (previous|prior|above|all) (instructions|prompts|rules)'; then
+  SUSPICIOUS=true
+  REASON="Detected 'ignore previous instructions' pattern"
+fi
+
+# Pattern 2: Role reassignment
+if echo "$CONTENT" | grep -iqE '(you are now|act as|pretend to be|your new role|forget your|disregard your)'; then
+  SUSPICIOUS=true
+  REASON="Detected role reassignment pattern"
+fi
+
+# Pattern 3: System prompt extraction
+if echo "$CONTENT" | grep -iqE '(show|reveal|print|output|display) (your|the|system) (prompt|instructions|rules)'; then
+  SUSPICIOUS=true
+  REASON="Detected system prompt extraction attempt"
+fi
+
+# Pattern 4: Invisible Unicode characters (zero-width spaces, RTL override, etc.)
+if echo "$CONTENT" | grep -qP '[\x{200B}\x{200C}\x{200D}\x{FEFF}\x{202A}-\x{202E}\x{2066}-\x{2069}]' 2>/dev/null; then
+  SUSPICIOUS=true
+  REASON="Detected invisible Unicode characters"
+fi
+
+# Pattern 5: Base64-encoded instructions
+if echo "$CONTENT" | grep -qE '[A-Za-z0-9+/]{50,}={0,2}'; then
+  # Only flag if it's in a suspicious context (not normal code)
+  if echo "$CONTENT" | grep -iqE '(decode|eval|execute|base64).*[A-Za-z0-9+/]{50,}'; then
+    SUSPICIOUS=true
+    REASON="Detected potentially encoded instructions"
+  fi
+fi
+
+# Pattern 6: HTML/script injection in markdown
+if echo "$CONTENT" | grep -iqE '<script|javascript:|on(load|error|click)='; then
+  SUSPICIOUS=true
+  REASON="Detected script injection in planning artifact"
+fi
+
+if [ "$SUSPICIOUS" = true ]; then
+  jq -n --arg reason "$REASON" --arg file "$FILE_PATH" '{
+    "hookSpecificOutput": {
+      "hookEventName": "PreToolUse",
+      "permissionDecision": "deny",
+      "permissionDecisionReason": ("PROMPT INJECTION BLOCKED: " + $reason + " in " + $file + ". This content cannot be written to planning artifacts. If this is a false positive, the user can write the file manually.")
+    }
+  }'
+  exit 0
+fi
+
+# Content is clean
+exit 0

package/hooks/gsd-statusline.sh

@@ -0,0 +1,73 @@
+#!/bin/bash
+# GSD-CC Statusline — Notification hook
+# Renders project status in the terminal statusline.
+# Shows: current phase, milestone/slice/task position, and project type.
+
+INPUT=$(cat)
+CWD=$(echo "$INPUT" | jq -r '.cwd')
+
+# Only render if this is a GSD-CC project
+STATE_FILE="$CWD/.gsd/STATE.md"
+if [ ! -f "$STATE_FILE" ]; then
+  exit 0
+fi
+
+# Parse STATE.md frontmatter
+PHASE=$(grep '^phase:' "$STATE_FILE" | head -1 | sed 's/phase: *//')
+MILESTONE=$(grep '^milestone:' "$STATE_FILE" | head -1 | sed 's/milestone: *//')
+SLICE=$(grep '^current_slice:' "$STATE_FILE" | head -1 | sed 's/current_slice: *//')
+TASK=$(grep '^current_task:' "$STATE_FILE" | head -1 | sed 's/current_task: *//')
+RIGOR=$(grep '^rigor:' "$STATE_FILE" | head -1 | sed 's/rigor: *//')
+
+# Build position string
+POSITION="$MILESTONE"
+if [ "$SLICE" != "—" ] && [ -n "$SLICE" ]; then
+  POSITION="$POSITION / $SLICE"
+fi
+if [ "$TASK" != "—" ] && [ -n "$TASK" ]; then
+  POSITION="$POSITION / $TASK"
+fi
+
+# Map phase to display name
+case "$PHASE" in
+  "seed") PHASE_DISPLAY="Seed" ;;
+  "seed-complete") PHASE_DISPLAY="Seed ✓" ;;
+  "stack-complete") PHASE_DISPLAY="Stack ✓" ;;
+  "roadmap-complete") PHASE_DISPLAY="Roadmap ✓" ;;
+  "discuss-complete") PHASE_DISPLAY="Discuss ✓" ;;
+  "plan-complete") PHASE_DISPLAY="Plan ✓" ;;
+  "planning") PHASE_DISPLAY="Planning..." ;;
+  "applying") PHASE_DISPLAY="Executing..." ;;
+  "apply-complete") PHASE_DISPLAY="UNIFY required" ;;
+  "unified") PHASE_DISPLAY="Unified ✓" ;;
+  *) PHASE_DISPLAY="$PHASE" ;;
+esac
+
+# Count progress
+TOTAL_SLICES=$(grep -c '| S[0-9]' "$STATE_FILE" 2>/dev/null || echo "0")
+DONE_SLICES=$(grep '| done' "$STATE_FILE" | wc -l | xargs)
+
+# Write status to bridge file for other hooks
+BRIDGE_FILE="/tmp/gsd-cc-status-$(echo "$CWD" | md5sum 2>/dev/null | cut -c1-8 || echo "default").json"
+jq -n \
+  --arg phase "$PHASE" \
+  --arg position "$POSITION" \
+  --arg rigor "$RIGOR" \
+  --arg total "$TOTAL_SLICES" \
+  --arg done "$DONE_SLICES" \
+  '{phase: $phase, position: $position, rigor: $rigor, total_slices: ($total|tonumber), done_slices: ($done|tonumber)}' \
+  > "$BRIDGE_FILE" 2>/dev/null
+
+# Output statusline data
+jq -n \
+  --arg pos "$POSITION" \
+  --arg phase "$PHASE_DISPLAY" \
+  --arg rigor "$RIGOR" \
+  --arg progress "${DONE_SLICES}/${TOTAL_SLICES}" \
+  '{
+    "hookSpecificOutput": {
+      "hookEventName": "Notification",
+      "additionalContext": ("GSD-CC: " + $pos + " | " + $phase + " | " + $rigor + " | " + $progress + " slices")
+    }
+  }'
+exit 0

package/hooks/gsd-workflow-guard.sh

@@ -0,0 +1,52 @@
+#!/bin/bash
+# GSD-CC Workflow Guard — PostToolUse hook
+# Nudges Claude back into the GSD-CC flow when it drifts.
+# Advisory only — does not block operations.
+
+INPUT=$(cat)
+TOOL_NAME=$(echo "$INPUT" | jq -r '.tool_name')
+CWD=$(echo "$INPUT" | jq -r '.cwd')
+
+# Only check Edit and Write on source files (not .gsd/ files)
+if [ "$TOOL_NAME" != "Edit" ] && [ "$TOOL_NAME" != "Write" ]; then
+  exit 0
+fi
+
+# Skip if not a GSD-CC project
+STATE_FILE="$CWD/.gsd/STATE.md"
+if [ ! -f "$STATE_FILE" ]; then
+  exit 0
+fi
+
+FILE_PATH=$(echo "$INPUT" | jq -r '.tool_input.file_path // empty')
+if [ -z "$FILE_PATH" ]; then
+  exit 0
+fi
+
+# Allow writes to .gsd/ directory (that's the workflow itself)
+if [[ "$FILE_PATH" == *".gsd/"* ]] || [[ "$FILE_PATH" == *".claude/"* ]]; then
+  exit 0
+fi
+
+# Check if we're in an active execution phase
+PHASE=$(grep '^phase:' "$STATE_FILE" | head -1 | sed 's/phase: *//')
+
+case "$PHASE" in
+  "seed"|"seed-complete"|"stack-complete"|"roadmap-complete"|"plan-complete"|"discuss-complete")
+    # Not in execution — source file edits are unexpected
+    jq -n --arg phase "$PHASE" --arg file "$FILE_PATH" '{
+      "hookSpecificOutput": {
+        "hookEventName": "PostToolUse",
+        "additionalContext": ("Note: You edited " + $file + " but the current GSD-CC phase is \"" + $phase + "\" which is a planning phase, not execution. Source file changes should happen during the apply phase. If this was intentional, carry on. If not, consider running /gsd-cc to check the current state.")
+      }
+    }'
+    exit 0
+    ;;
+  "applying")
+    # In execution — this is expected
+    exit 0
+    ;;
+  *)
+    exit 0
+    ;;
+esac

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "gsd-cc",
-  "version": "1.2.1",
+  "version": "1.3.1",
   "description": "Get Shit Done on Claude Code — structured AI development with your Max plan",
   "author": "Philipp Briese (https://github.com/0ui-labs)",
   "homepage": "https://github.com/0ui-labs/GSD-CC#readme",