gsd-cc 1.3.0 → 1.3.2

package/bin/install.js

@@ -194,25 +194,31 @@ function installHooks(isGlobal, hooksDir) {
   if (!settings.hooks) settings.hooks = {};
 
   const boundaryGuard = path.join(hooksDir, 'gsd-boundary-guard.sh');
+  const promptGuard = path.join(hooksDir, 'gsd-prompt-guard.sh');
   const contextMonitor = path.join(hooksDir, 'gsd-context-monitor.sh');
   const workflowGuard = path.join(hooksDir, 'gsd-workflow-guard.sh');
+  const statusline = path.join(hooksDir, 'gsd-statusline.sh');
+
+  // Remove all existing GSD-CC hooks before adding (idempotent)
+  for (const event of Object.keys(settings.hooks)) {
+    settings.hooks[event] = settings.hooks[event].filter(
+      h => !JSON.stringify(h).includes('gsd-')
+    );
+    if (settings.hooks[event].length === 0) delete settings.hooks[event];
+  }
 
-  // PreToolUse: boundary guard on Edit/Write
+  // PreToolUse: boundary guard + prompt injection guard on Edit/Write
   if (!settings.hooks.PreToolUse) settings.hooks.PreToolUse = [];
-  // Remove existing GSD-CC hooks before adding (idempotent)
-  settings.hooks.PreToolUse = settings.hooks.PreToolUse.filter(
-    h => !JSON.stringify(h).includes('gsd-boundary-guard')
-  );
   settings.hooks.PreToolUse.push({
     matcher: 'Edit|Write',
-    hooks: [{ type: 'command', command: boundaryGuard, timeout: 5000 }]
+    hooks: [
+      { type: 'command', command: boundaryGuard, timeout: 5000 },
+      { type: 'command', command: promptGuard, timeout: 5000 }
+    ]
   });
 
-  // PostToolUse: context monitor + workflow guard
+  // PostToolUse: context monitor (all tools) + workflow guard (Edit/Write)
   if (!settings.hooks.PostToolUse) settings.hooks.PostToolUse = [];
-  settings.hooks.PostToolUse = settings.hooks.PostToolUse.filter(
-    h => !JSON.stringify(h).includes('gsd-context-monitor') && !JSON.stringify(h).includes('gsd-workflow-guard')
-  );
   settings.hooks.PostToolUse.push({
     hooks: [{ type: 'command', command: contextMonitor, timeout: 5000 }]
   });
@@ -221,6 +227,12 @@ function installHooks(isGlobal, hooksDir) {
     hooks: [{ type: 'command', command: workflowGuard, timeout: 5000 }]
   });
 
+  // Notification: statusline
+  if (!settings.hooks.Notification) settings.hooks.Notification = [];
+  settings.hooks.Notification.push({
+    hooks: [{ type: 'command', command: statusline, timeout: 3000 }]
+  });
+
   fs.mkdirSync(path.dirname(settingsPath), { recursive: true });
   fs.writeFileSync(settingsPath, JSON.stringify(settings, null, 2) + '\n');
   console.log(`  ${green}✓${reset} Hooks configured in ${settingsPath.replace(os.homedir(), '~').replace(process.cwd(), '.')}`);

package/hooks/gsd-prompt-guard.sh

@@ -0,0 +1,91 @@
+#!/bin/bash
+# GSD-CC Prompt Injection Guard — PreToolUse hook
+# Scans Write/Edit operations targeting .gsd/ files for prompt injection patterns.
+# Blocks suspicious content from being written into planning artifacts.
+
+INPUT=$(cat)
+TOOL_NAME=$(echo "$INPUT" | jq -r '.tool_name')
+CWD=$(echo "$INPUT" | jq -r '.cwd')
+
+# Only check Edit and Write operations
+if [ "$TOOL_NAME" != "Edit" ] && [ "$TOOL_NAME" != "Write" ]; then
+  exit 0
+fi
+
+FILE_PATH=$(echo "$INPUT" | jq -r '.tool_input.file_path // empty')
+if [ -z "$FILE_PATH" ]; then
+  exit 0
+fi
+
+# Only scan writes to .gsd/ directory (planning artifacts)
+if [[ "$FILE_PATH" != *".gsd/"* ]]; then
+  exit 0
+fi
+
+# Get the content being written
+if [ "$TOOL_NAME" = "Write" ]; then
+  CONTENT=$(echo "$INPUT" | jq -r '.tool_input.content // empty')
+elif [ "$TOOL_NAME" = "Edit" ]; then
+  CONTENT=$(echo "$INPUT" | jq -r '.tool_input.new_string // empty')
+fi
+
+if [ -z "$CONTENT" ]; then
+  exit 0
+fi
+
+# Check for prompt injection patterns
+SUSPICIOUS=false
+REASON=""
+
+# Pattern 1: Direct instruction override attempts
+if echo "$CONTENT" | grep -iqE 'ignore (previous|prior|above|all) (instructions|prompts|rules)'; then
+  SUSPICIOUS=true
+  REASON="Detected 'ignore previous instructions' pattern"
+fi
+
+# Pattern 2: Role reassignment
+if echo "$CONTENT" | grep -iqE '(you are now|act as|pretend to be|your new role|forget your|disregard your)'; then
+  SUSPICIOUS=true
+  REASON="Detected role reassignment pattern"
+fi
+
+# Pattern 3: System prompt extraction
+if echo "$CONTENT" | grep -iqE '(show|reveal|print|output|display) (your|the|system) (prompt|instructions|rules)'; then
+  SUSPICIOUS=true
+  REASON="Detected system prompt extraction attempt"
+fi
+
+# Pattern 4: Invisible Unicode characters (zero-width spaces, RTL override, etc.)
+if echo "$CONTENT" | grep -qP '[\x{200B}\x{200C}\x{200D}\x{FEFF}\x{202A}-\x{202E}\x{2066}-\x{2069}]' 2>/dev/null; then
+  SUSPICIOUS=true
+  REASON="Detected invisible Unicode characters"
+fi
+
+# Pattern 5: Base64-encoded instructions
+if echo "$CONTENT" | grep -qE '[A-Za-z0-9+/]{50,}={0,2}'; then
+  # Only flag if it's in a suspicious context (not normal code)
+  if echo "$CONTENT" | grep -iqE '(decode|eval|execute|base64).*[A-Za-z0-9+/]{50,}'; then
+    SUSPICIOUS=true
+    REASON="Detected potentially encoded instructions"
+  fi
+fi
+
+# Pattern 6: HTML/script injection in markdown
+if echo "$CONTENT" | grep -iqE '<script|javascript:|on(load|error|click)='; then
+  SUSPICIOUS=true
+  REASON="Detected script injection in planning artifact"
+fi
+
+if [ "$SUSPICIOUS" = true ]; then
+  jq -n --arg reason "$REASON" --arg file "$FILE_PATH" '{
+    "hookSpecificOutput": {
+      "hookEventName": "PreToolUse",
+      "permissionDecision": "deny",
+      "permissionDecisionReason": ("PROMPT INJECTION BLOCKED: " + $reason + " in " + $file + ". This content cannot be written to planning artifacts. If this is a false positive, the user can write the file manually.")
+    }
+  }'
+  exit 0
+fi
+
+# Content is clean
+exit 0

package/hooks/gsd-statusline.sh

@@ -0,0 +1,73 @@
+#!/bin/bash
+# GSD-CC Statusline — Notification hook
+# Renders project status in the terminal statusline.
+# Shows: current phase, milestone/slice/task position, and project type.
+
+INPUT=$(cat)
+CWD=$(echo "$INPUT" | jq -r '.cwd')
+
+# Only render if this is a GSD-CC project
+STATE_FILE="$CWD/.gsd/STATE.md"
+if [ ! -f "$STATE_FILE" ]; then
+  exit 0
+fi
+
+# Parse STATE.md frontmatter
+PHASE=$(grep '^phase:' "$STATE_FILE" | head -1 | sed 's/phase: *//')
+MILESTONE=$(grep '^milestone:' "$STATE_FILE" | head -1 | sed 's/milestone: *//')
+SLICE=$(grep '^current_slice:' "$STATE_FILE" | head -1 | sed 's/current_slice: *//')
+TASK=$(grep '^current_task:' "$STATE_FILE" | head -1 | sed 's/current_task: *//')
+RIGOR=$(grep '^rigor:' "$STATE_FILE" | head -1 | sed 's/rigor: *//')
+
+# Build position string
+POSITION="$MILESTONE"
+if [ "$SLICE" != "—" ] && [ -n "$SLICE" ]; then
+  POSITION="$POSITION / $SLICE"
+fi
+if [ "$TASK" != "—" ] && [ -n "$TASK" ]; then
+  POSITION="$POSITION / $TASK"
+fi
+
+# Map phase to display name
+case "$PHASE" in
+  "seed") PHASE_DISPLAY="Seed" ;;
+  "seed-complete") PHASE_DISPLAY="Seed ✓" ;;
+  "stack-complete") PHASE_DISPLAY="Stack ✓" ;;
+  "roadmap-complete") PHASE_DISPLAY="Roadmap ✓" ;;
+  "discuss-complete") PHASE_DISPLAY="Discuss ✓" ;;
+  "plan-complete") PHASE_DISPLAY="Plan ✓" ;;
+  "planning") PHASE_DISPLAY="Planning..." ;;
+  "applying") PHASE_DISPLAY="Executing..." ;;
+  "apply-complete") PHASE_DISPLAY="UNIFY required" ;;
+  "unified") PHASE_DISPLAY="Unified ✓" ;;
+  *) PHASE_DISPLAY="$PHASE" ;;
+esac
+
+# Count progress
+TOTAL_SLICES=$(grep -c '| S[0-9]' "$STATE_FILE" 2>/dev/null || echo "0")
+DONE_SLICES=$(grep '| done' "$STATE_FILE" | wc -l | xargs)
+
+# Write status to bridge file for other hooks
+BRIDGE_FILE="/tmp/gsd-cc-status-$(echo "$CWD" | md5sum 2>/dev/null | cut -c1-8 || echo "default").json"
+jq -n \
+  --arg phase "$PHASE" \
+  --arg position "$POSITION" \
+  --arg rigor "$RIGOR" \
+  --arg total "$TOTAL_SLICES" \
+  --arg done "$DONE_SLICES" \
+  '{phase: $phase, position: $position, rigor: $rigor, total_slices: ($total|tonumber), done_slices: ($done|tonumber)}' \
+  > "$BRIDGE_FILE" 2>/dev/null
+
+# Output statusline data
+jq -n \
+  --arg pos "$POSITION" \
+  --arg phase "$PHASE_DISPLAY" \
+  --arg rigor "$RIGOR" \
+  --arg progress "${DONE_SLICES}/${TOTAL_SLICES}" \
+  '{
+    "hookSpecificOutput": {
+      "hookEventName": "Notification",
+      "additionalContext": ("GSD-CC: " + $pos + " | " + $phase + " | " + $rigor + " | " + $progress + " slices")
+    }
+  }'
+exit 0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "gsd-cc",
-  "version": "1.3.0",
+  "version": "1.3.2",
   "description": "Get Shit Done on Claude Code — structured AI development with your Max plan",
   "author": "Philipp Briese (https://github.com/0ui-labs)",
   "homepage": "https://github.com/0ui-labs/GSD-CC#readme",

package/skills/gsd/auto/SKILL.md

@@ -38,7 +38,7 @@ If not: "jq is required for auto-mode. Install with: `brew install jq`"
 
 ### claude -p works
 ```bash
-claude -p "echo test" --output-format json --bare --max-turns 1
+claude -p "echo test" --output-format json --max-turns 1
 ```
 If fails: "claude -p is not working. Make sure Claude Code is installed and you're logged in with a Max plan."
 

package/skills/gsd/auto/auto-loop.sh

@@ -145,7 +145,7 @@ while true; do
       RESULT_FILE="/tmp/gsd-result-$$.json"
       timeout 600 claude -p "$(cat "$PROMPT_FILE")" \
         --allowedTools "Read,Write,Edit,Glob,Grep,Bash(git checkout *),Bash(git merge *),Bash(git commit *)" \
-        --output-format json --bare \
+        --output-format json \
         --max-turns 15 > "$RESULT_FILE" 2>/dev/null || {
         echo "❌ UNIFY dispatch failed. Check .gsd/auto.lock for recovery."
         break
@@ -164,7 +164,7 @@ while true; do
     # Check roadmap for remaining slices
     NEXT_RESULT=$(claude -p "Read .gsd/STATE.md and all .gsd/M*-ROADMAP.md and .gsd/S*-UNIFY.md files. Determine the next slice that needs work (no PLAN.md or no UNIFY.md). Output ONLY valid JSON: {\"slice\":\"S01\",\"phase\":\"plan\"} or {\"done\":true} if all slices are unified." \
       --allowedTools "Read,Glob" \
-      --output-format json --bare --max-turns 3 2>/dev/null) || {
+      --output-format json --max-turns 3 2>/dev/null) || {
       echo "❌ Failed to determine next unit."
       break
     }
@@ -274,7 +274,7 @@ while true; do
 
   timeout "$TIMEOUT" claude -p "$(cat "$PROMPT_FILE")" \
     --allowedTools "$ALLOWED_TOOLS" \
-    --output-format json --bare \
+    --output-format json \
     --max-turns "$MAX_TURNS" > "$RESULT_FILE" 2>/dev/null || {
     EXIT_CODE=$?
     if [[ $EXIT_CODE -eq 124 ]]; then