hookstack-cli 0.1.17 → 0.1.19

package/bin/cli.mjs

@@ -1,17 +1,16 @@
 #!/usr/bin/env node
 import { readFileSync, writeFileSync, mkdirSync, existsSync, realpathSync } from 'fs'
-import { createInterface } from 'readline'
 import { homedir } from 'os'
 import { join, dirname } from 'path'
 import { fileURLToPath } from 'url'
 import pc from 'picocolors'
+import * as p from '@clack/prompts'
 import {
   parseArgs,
   resolveScopeRoot,
   mergeHooks,
   assertSafeTarget,
   collectIncomingHooks,
-  buildSummaryRows,
   buildSecurityRows,
 } from './core.mjs'
 
@@ -32,17 +31,18 @@ async function fetchHooks(slugs) {
   return res.json()
 }
 
-function ask(question) {
-  const rl = createInterface({ input: process.stdin, output: process.stdout })
-  return new Promise(resolve => rl.question(question, a => { rl.close(); resolve(a.trim()) }))
-}
+// ── ASCII banner ──────────────────────────────────────────────────────────────
 
-// ── panel rendering ────────────────────────────────────────────────────────
+const BANNER = pc.cyan([
+  '██╗  ██╗ ██████╗  ██████╗ ██╗  ██╗███████╗████████╗ █████╗  ██████╗██╗  ██╗',
+  '██║  ██║██╔═══██╗██╔═══██╗██║ ██╔╝██╔════╝╚══██╔══╝██╔══██╗██╔════╝██║ ██╔╝',
+  '███████║██║   ██║██║   ██║█████╔╝ ███████╗   ██║   ███████║██║     █████╔╝ ',
+  '██╔══██║██║   ██║██║   ██║██╔═██╗ ╚════██║   ██║   ██╔══██║██║     ██╔═██╗ ',
+  '██║  ██║╚██████╔╝╚██████╔╝██║  ██╗███████║   ██║   ██║  ██║╚██████╗██║  ██╗',
+  '╚═╝  ╚═╝ ╚═════╝  ╚═════╝ ╚═╝  ╚═╝╚══════╝   ╚═╝   ╚═╝  ╚═╝ ╚═════╝╚═╝  ╚═╝',
+].join('\n'))
 
-function truncPad(value, width) {
-  const s = String(value ?? '')
-  return (s.length > width ? s.slice(0, width - 1) + '…' : s).padEnd(width)
-}
+// ── panel content builders ────────────────────────────────────────────────────
 
 export function summaryPanel(rows) {
   const lines = []
@@ -50,13 +50,19 @@ export function summaryPanel(rows) {
     lines.push(pc.cyan(r.path ?? `${r.name} (settings only)`))
     const meta = [
       r.category,
-      r.events.join(', ') + (r.blocking ? pc.yellow(' · can block') : ''),
+      r.events.join(', ') + (r.blocking ? pc.yellow(' · ⚡ can block') : ''),
       r.matcher ? `matcher: ${r.matcher}` : null,
     ].filter(Boolean).join(pc.dim(' · '))
-    lines.push('  ' + pc.dim(meta))
-    if (r.source) lines.push('  ' + pc.dim(`source: ${r.source}`))
+    lines.push(pc.dim('  ' + meta))
+    if (r.source) lines.push(pc.dim(`  source: ${r.source}`))
+    lines.push('')
   }
-  return lines.join('\n')
+  return lines.join('\n').trimEnd()
+}
+
+function truncPad(value, width) {
+  const s = String(value ?? '')
+  return (s.length > width ? s.slice(0, width - 1) + '…' : s).padEnd(width)
 }
 
 function capCell(on, width) {
@@ -64,32 +70,39 @@ function capCell(on, width) {
   return on ? pc.yellow(text) : pc.dim(text)
 }
 
-const SNYK_COLOR = { high: pc.red, medium: pc.yellow, low: pc.cyan, safe: pc.green, unknown: pc.dim }
+const VERDICT_COLOR = { high: pc.red, medium: pc.yellow, low: pc.cyan, safe: pc.green, unknown: pc.dim }
 
 export function securityPanel(rows) {
-  const W = { name: 26, cap: 8, snyk: 10 }
+  const W = { name: 24, benefit: 34, cap: 7, snyk: 9, codeql: 8 }
   const header = pc.dim(
-    ''.padEnd(W.name) + 'Shell'.padEnd(W.cap) + 'Net'.padEnd(W.cap) +
-    'Writes'.padEnd(W.cap) + 'Snyk'.padEnd(W.snyk),
-  )
-  const body = rows.map(r =>
-    truncPad(r.name, W.name) +
-    capCell(r.shell, W.cap) +
-    capCell(r.network, W.cap) +
-    capCell(r.fsWrite, W.cap) +
-    (SNYK_COLOR[r.snyk.level] ?? pc.dim)(truncPad(r.snyk.label, W.snyk)),
+    ''.padEnd(W.name) +
+    ''.padEnd(W.benefit) +
+    'Shell'.padEnd(W.cap) +
+    'Net'.padEnd(W.cap) +
+    'Writes'.padEnd(W.cap) +
+    'Snyk'.padEnd(W.snyk) +
+    'CodeQL',
   )
-  const anyUnknown = rows.some(r => r.snyk.level === 'unknown')
+  const body = rows.flatMap(r => {
+    const benefitText = r.benefit ? truncPad(r.benefit, W.benefit) : ''.padEnd(W.benefit)
+    const row = truncPad(r.name, W.name) +
+      pc.dim(benefitText) +
+      capCell(r.shell, W.cap) +
+      capCell(r.network, W.cap) +
+      capCell(r.fsWrite, W.cap) +
+      (VERDICT_COLOR[r.snyk.level] ?? pc.dim)(truncPad(r.snyk.label, W.snyk)) +
+      (VERDICT_COLOR[r.codeql.level] ?? pc.dim)(r.codeql.label)
+    return [row]
+  })
   const footer = [
     '',
     pc.dim('Shell = runs commands · Net = network access · Writes = filesystem writes'),
-    anyUnknown ? pc.dim('Snyk "—" = not scanned yet') : null,
     pc.dim(`Details: ${API_BASE}/hook/<slug>`),
-  ].filter(v => v !== null).join('\n')
-  return [header, ...body, footer].join('\n')
+  ].join('\n')
+  return [header, '', ...body, footer].join('\n')
 }
 
-// ── install ──────────────────────────────────────────────────────────────
+// ── install ───────────────────────────────────────────────────────────────────
 
 function doInstall(hooks, dirs, scope, log) {
   mkdirSync(dirs.claudeDir, { recursive: true })
@@ -121,73 +134,99 @@ function doInstall(hooks, dirs, scope, log) {
   return { hookCount: hooks.length, scriptCount }
 }
 
-// ── flows ──────────────────────────────────────────────────────────────────
+// ── flows ─────────────────────────────────────────────────────────────────────
 
 const plural = (n, word) => `${n} ${word}${n === 1 ? '' : 's'}`
 
+function onCancel() {
+  p.cancel('Installation cancelled.')
+  process.exit(0)
+}
+
 async function interactiveInstall(slugs, args) {
-  const isDefault = slugs.length === 0
-  console.log(pc.bgCyan(pc.black(' hookstack-cli ')))
-  console.log(isDefault ? '\nFetching default HookStack…' : `\nFetching ${plural(slugs.length, 'hook')}…`)
+  console.log('\n' + BANNER + '\n')
+  p.intro(pc.bold('hooks') + pc.dim(`  Claude Code hook installer  v${VERSION}`))
 
+  // Fetch
+  const spin = p.spinner()
+  spin.start(slugs.length === 0 ? 'Fetching default HookStack…' : `Fetching ${plural(slugs.length, 'hook')}…`)
   let data
   try {
     data = await fetchHooks(slugs)
   } catch (e) {
-    console.error(pc.red(`\n✗ Fetch failed: ${e.message}`))
+    spin.stop(pc.red(`Fetch failed: ${e.message}`), 1)
     process.exit(1)
   }
   const { hooks } = data
   const notFound = slugs.filter(slug => !hooks.find(h => h.slug === slug))
-  console.log(isDefault
-    ? `✓ Default HookStack — ${plural(hooks.length, 'hook')}`
-    : `✓ Fetched ${plural(hooks.length, 'hook')}`)
-  if (notFound.length) console.warn(`  ! Unknown slugs skipped: ${notFound.join(', ')}`)
-  if (hooks.length === 0) {
-    console.error('\n✗ No hooks to install.')
-    process.exit(1)
-  }
+  spin.stop(`Selected ${pc.bold(String(hooks.length))} hook${hooks.length === 1 ? '' : 's'}`)
+  if (notFound.length) p.log.warn(`Unknown slugs skipped: ${notFound.join(', ')}`)
+  if (hooks.length === 0) { p.cancel('No hooks to install.'); process.exit(1) }
 
-  // Scope selection
+  // Scope
   let scope = args.scope
-  console.log('\n  Where to install?')
-  console.log(`  ${pc.cyan('1')}  This project              ${pc.dim('./.claude — committed with your repo')}`)
-  console.log(`  ${pc.cyan('2')}  All my projects           ${pc.dim('~/.claude — every project on this machine')}`)
-  console.log(`  ${pc.cyan('3')}  This GitHub Copilot project  ${pc.dim('./.claude — settings.json adapted, committed with your repo')}`)
-  const defaultChoice = scope === 'global' ? '2' : scope === 'copilot' ? '3' : '1'
-  const scopeAnswer = await ask(`  → [${defaultChoice}]: `)
-  if (scopeAnswer === '2' || scopeAnswer === 'global') scope = 'global'
-  else if (scopeAnswer === '3' || scopeAnswer === 'copilot') scope = 'copilot'
-  else if (scopeAnswer === 'q') { console.log('Cancelled.'); process.exit(0) }
-  else scope = 'project'
+  const scopeResult = await p.select({
+    message: 'Where to install?',
+    options: [
+      {
+        value: 'project',
+        label: 'This project',
+        hint: './.claude  —  committed with your repo',
+      },
+      {
+        value: 'global',
+        label: 'All my projects',
+        hint: '~/.claude  —  every project on this machine',
+      },
+      {
+        value: 'copilot',
+        label: 'GitHub Copilot project',
+        hint: './.claude  —  paths adapted for Copilot',
+      },
+    ],
+    initialValue: scope,
+  })
+  if (p.isCancel(scopeResult)) return onCancel()
+  scope = scopeResult
 
   const dirs = resolveScopeRoot(scope, { cwd: process.cwd(), home: homedir() })
+  const secRows = buildSecurityRows(hooks)
 
-  console.log(`\n  ${pc.bold(`${plural(hooks.length, 'Hook')} to install`)}`)
-  console.log(summaryPanel(buildSummaryRows(hooks, { root: dirs.root })))
-  console.log(`\n  ${pc.bold('Security')}`)
-  console.log(securityPanel(buildSecurityRows(hooks)))
+  // Panel
+  p.note(securityPanel(secRows), 'Installation Summary')
 
-  const scopeLabel = scope === 'global' ? '~/.claude' : scope === 'copilot' ? './.claude (GitHub Copilot mode)' : './.claude'
-  const confirmAnswer = await ask(`\n  Install ${plural(hooks.length, 'hook')} into ${scopeLabel}? [Y/n]: `)
-  if (confirmAnswer.toLowerCase() === 'n' || confirmAnswer.toLowerCase() === 'no') {
-    console.log('Cancelled.')
-    process.exit(0)
-  }
+  // Confirm
+  const scopeLabel = scope === 'global' ? '~/.claude' : scope === 'copilot' ? './.claude (Copilot mode)' : './.claude'
+  const confirmed = await p.confirm({
+    message: `Install ${plural(hooks.length, 'hook')} into ${pc.cyan(scopeLabel)}?`,
+  })
+  if (p.isCancel(confirmed) || !confirmed) return onCancel()
 
-  console.log('\nInstalling…')
+  // Install
+  const spin2 = p.spinner()
+  spin2.start('Installing…')
   let result
   try {
-    result = doInstall(hooks, dirs, scope, { warn: m => console.warn(`  ! ${m}`) })
+    result = doInstall(hooks, dirs, scope, { warn: m => p.log.warn(m) })
   } catch (e) {
-    console.error(pc.red(`\n✗ Install failed: ${e.message}`))
+    spin2.stop(pc.red(`Install failed: ${e.message}`), 1)
     process.exit(1)
   }
+  spin2.stop(`Installed ${pc.bold(String(result.hookCount))} hook${result.hookCount === 1 ? '' : 's'}`)
+
+  // Result panel
+  const resultLines = [
+    pc.green(`✓ ${dirs.settingsPath}`),
+    result.scriptCount > 0
+      ? pc.green(`✓ ${result.scriptCount} script${result.scriptCount === 1 ? '' : 's'} written to ${dirs.hooksDir}`)
+      : null,
+    '',
+    `Browse more hooks  ${pc.cyan(`${API_BASE}/#catalogue`)}`,
+    `⭐  Star us         ${pc.cyan(REPO_URL)}`,
+  ].filter(v => v !== null).join('\n')
 
-  console.log(`  ✓ ${dirs.settingsPath}`)
-  console.log(`\n  Browse more hooks → ${pc.cyan(`${API_BASE}/#catalogue`)}`)
-  console.log(`  ⭐  star us → ${pc.cyan(REPO_URL)}`)
-  console.log(pc.green(`\n✓ ${plural(result.hookCount, 'hook')} installed — restart Claude Code to activate.\n`))
+  p.note(resultLines, 'Resume installation')
+  p.outro(pc.green('Done!') + pc.dim("  You've just HookStacked your agent workflow."))
 }
 
 async function directInstall(slugs, args) {

package/bin/core.mjs

@@ -159,6 +159,16 @@ export function snykVerdict(snyk) {
   return { label: 'Safe', level: 'safe' }
 }
 
+// Maps a stored CodeQL scan to a short verdict label.
+export function codeqlVerdict(codeql) {
+  if (!codeql || typeof codeql !== 'object') return { label: '—', level: 'unknown' }
+  const { critical = 0, high = 0, medium = 0, low = 0 } = codeql
+  if (critical > 0 || high > 0) return { label: 'High Risk', level: 'high' }
+  if (medium > 0) return { label: 'Med Risk', level: 'medium' }
+  if (low > 0) return { label: 'Low Risk', level: 'low' }
+  return { label: 'Safe', level: 'safe' }
+}
+
 export function shortRepo(url) {
   if (!url) return null
   return String(url)
@@ -184,12 +194,14 @@ export function buildSummaryRows(hooks, { root }) {
   })
 }
 
-// Display rows for the "Security" panel: local static capabilities + Snyk verdict.
+// Display rows for the "Installation Summary" panel: description + static capabilities + verdicts.
 export function buildSecurityRows(hooks) {
   return hooks.map(h => ({
     slug: h.slug,
     name: h.name ?? h.slug,
+    benefit: h.benefit ?? null,
     ...analyzeSecurity(h.code_snippet),
     snyk: snykVerdict(h.security?.snyk),
+    codeql: codeqlVerdict(h.security?.codeql),
   }))
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "hookstack-cli",
-  "version": "0.1.17",
+  "version": "0.1.19",
   "description": "CLI installer for the Hookstack catalogue of Claude Code hooks",
   "type": "module",
   "bin": {
@@ -14,6 +14,7 @@
     "node": ">=18"
   },
   "dependencies": {
+    "@clack/prompts": "^0.9.1",
     "picocolors": "^1.1.1"
   },
   "keywords": [