ima-claude 2.9.0

package/plugins/ima-claude/hooks/task_master_before_impl.py

@@ -0,0 +1,93 @@
+#!/usr/bin/env python3
+"""
+UserPromptSubmit hook: Remind Claude to invoke task-master before non-trivial implementation.
+
+M7 — Remind about task-master for non-trivial implementation requests.
+
+Fires when the prompt contains both an action verb and a scope noun, is longer than
+30 words, and does not contain trivial-signal words or a skill invocation prefix.
+Fires once per session using a timestamp-based state file.
+Exit code 0 = soft warning via stderr.
+"""
+import json
+import os
+import re
+import sys
+import time
+
+STATE_FILE = os.path.expanduser("~/.claude/.task_master_reminded")
+STALENESS_SECONDS = 3600  # 1 hour — new session after this gap
+
+ACTION_VERBS = re.compile(
+    r"\b(implement|build|create|write|add|develop|make|set\s+up|refactor|migrate|convert)\b",
+    re.IGNORECASE,
+)
+
+SCOPE_NOUNS = re.compile(
+    r"\b(feature|component|system|module|plugin|endpoint|service|page|form|api|hook"
+    r"|integration|workflow|authentication|dashboard)\b",
+    re.IGNORECASE,
+)
+
+TRIVIAL_SIGNALS = re.compile(
+    r"\b(trivial|quick|simple|just|only)\b",
+    re.IGNORECASE,
+)
+
+REMINDER = """Non-trivial implementation request detected — consider task-planner first:
+  /ima-claude:task-planner to decompose into Epic > Story > Task hierarchy and select storage.
+  Then /ima-claude:task-runner to delegate to agents. Opus orchestrates. Sonnet implements."""
+
+
+def is_reminded() -> bool:
+    """Check if the task-master reminder already fired this session."""
+    if not os.path.exists(STATE_FILE):
+        return False
+    try:
+        mtime = os.path.getmtime(STATE_FILE)
+        return (time.time() - mtime) < STALENESS_SECONDS
+    except OSError:
+        return False
+
+
+def mark_reminded() -> None:
+    """Record that the reminder has fired."""
+    state_dir = os.path.dirname(STATE_FILE)
+    os.makedirs(state_dir, exist_ok=True)
+    with open(STATE_FILE, "w") as f:
+        f.write(str(time.time()))
+
+
+try:
+    input_data = json.load(sys.stdin)
+except json.JSONDecodeError:
+    sys.exit(0)
+
+prompt = input_data.get("user_prompt", "").strip()
+
+if not prompt:
+    sys.exit(0)
+
+# Skip skill invocations
+if prompt.startswith("/"):
+    sys.exit(0)
+
+# Skip if trivial signals present
+if TRIVIAL_SIGNALS.search(prompt):
+    sys.exit(0)
+
+# Must be longer than 30 words
+if len(prompt.split()) <= 30:
+    sys.exit(0)
+
+# Must have both an action verb and a scope noun
+if not ACTION_VERBS.search(prompt) or not SCOPE_NOUNS.search(prompt):
+    sys.exit(0)
+
+# Only remind once per session
+if is_reminded():
+    sys.exit(0)
+
+mark_reminded()
+print(REMINDER, file=sys.stderr)
+sys.exit(0)

package/plugins/ima-claude/hooks/tavily_extract_advanced.py

@@ -0,0 +1,48 @@
+#!/usr/bin/env python3
+"""
+PreToolUse hook: Auto-upgrade Tavily extract to advanced mode for better results.
+
+This hook intercepts tavily_extract calls and suggests using extract_depth: "advanced"
+for LinkedIn, protected sites, or when tables/embedded content are needed.
+"""
+import json
+import sys
+
+try:
+    data = json.load(sys.stdin)
+    tool_name = data.get("tool_name", "")
+    tool_input = data.get("tool_input", {})
+except json.JSONDecodeError as err:
+    print(f"hook-error: {err}", file=sys.stderr)
+    sys.exit(1)
+
+# Check if using Tavily extract
+if tool_name == "mcp__tavily__tavily_extract":
+    extract_depth = tool_input.get("extract_depth", "basic")
+    urls = tool_input.get("urls", [])
+
+    # Check if any URLs need advanced extraction
+    needs_advanced = any(
+        "linkedin.com" in url or
+        "protected" in url.lower() or
+        "login" in url.lower()
+        for url in urls
+    )
+
+    if extract_depth == "basic" and needs_advanced:
+        warning = """💡 SUGGESTION: Consider extract_depth: "advanced" for:
+  - LinkedIn profiles or protected sites
+  - Pages with tables or embedded content
+  - Sites requiring more thorough extraction
+
+To use advanced extraction:
+  mcp__tavily__tavily_extract
+    urls: [...]
+    extract_depth: "advanced"
+
+Proceeding with basic extraction...
+"""
+        print(warning, file=sys.stderr)
+
+# Always allow - this is just informational
+sys.exit(0)

package/plugins/ima-claude/hooks/vestige_before_external.py

@@ -0,0 +1,86 @@
+#!/usr/bin/env python3
+"""
+PreToolUse hook: Remind Claude to check Vestige before external lookups.
+
+H5 — If Context7 or Tavily is called before any Vestige search this session,
+warn once that memory may already contain the needed context.
+
+State is tracked via a timestamp file that expires after 1 hour (new session boundary).
+Exit code 0 = allow tool to proceed (soft warning only).
+"""
+import json
+import os
+import sys
+import time
+
+STATE_FILE = os.path.expanduser("~/.claude/.vestige_searched")
+STALENESS_SECONDS = 3600  # 1 hour — new session after this gap
+
+REMINDER = """No Vestige search detected yet — check memory before external lookups.
+  mcp__vestige__search query: "{topic}" limit: 5
+Vestige may already have what you need (decisions, patterns, prior context).
+"""
+
+
+def is_fresh():
+    """Return True if state file exists and was written within this session."""
+    if not os.path.exists(STATE_FILE):
+        return False
+    try:
+        mtime = os.path.getmtime(STATE_FILE)
+        return (time.time() - mtime) < STALENESS_SECONDS
+    except OSError:
+        return False
+
+
+def mark_state(tag):
+    """Write a tag to the state file and refresh its mtime."""
+    state_dir = os.path.dirname(STATE_FILE)
+    os.makedirs(state_dir, exist_ok=True)
+    with open(STATE_FILE, "w") as f:
+        f.write(tag)
+
+
+def read_state():
+    """Read the current tag from the state file."""
+    try:
+        with open(STATE_FILE, "r") as f:
+            return f.read().strip()
+    except OSError:
+        return ""
+
+
+try:
+    input_data = json.load(sys.stdin)
+except json.JSONDecodeError:
+    sys.exit(0)
+
+tool_name = input_data.get("tool_name", "")
+tool_input = input_data.get("tool_input", {})
+
+# If this IS a Vestige search, mark session as searched and exit silently
+if tool_name.startswith("mcp__vestige__search"):
+    mark_state("searched")
+    sys.exit(0)
+
+# Only act on Context7 or Tavily calls
+if not (tool_name.startswith("mcp__context7__") or tool_name.startswith("mcp__tavily__")):
+    sys.exit(0)
+
+# If state file is fresh (searched or warned), exit silently — don't nag
+if is_fresh():
+    sys.exit(0)
+
+# Derive a topic hint from the tool input for the suggestion
+topic = (
+    tool_input.get("query")
+    or tool_input.get("libraryName")
+    or tool_input.get("url")
+    or "<topic>"
+)
+
+print(REMINDER.format(topic=topic), file=sys.stderr)
+
+# Mark as warned so this fires only once per session
+mark_state("warned")
+sys.exit(0)

package/plugins/ima-claude/hooks/webfetch_to_tavily.py

@@ -0,0 +1,42 @@
+#!/usr/bin/env python3
+"""
+PreToolUse hook: Suggest Tavily extract over WebFetch for certain URLs.
+
+Warns (allows command to proceed):
+- WebFetch → suggests Tavily extract for better content extraction
+
+Tavily provides better content extraction for articles, documentation,
+and complex web pages.
+"""
+import json
+import sys
+
+try:
+    data = json.load(sys.stdin)
+    tool_input = data.get("tool_input", {})
+    url = tool_input.get("url", "")
+except json.JSONDecodeError as err:
+    print(f"hook-error: {err}", file=sys.stderr)
+    sys.exit(1)
+
+# Print warning to stderr (shown to Claude)
+warning = f"""⚠️  CONSIDER Tavily: For web content extraction, Tavily often provides cleaner results.
+
+WebFetch is fine for simple pages, but Tavily extract handles complex pages better.
+
+To use Tavily extract:
+  mcp__tavily__tavily_extract
+    urls: ["{url}"]
+    extract_depth: "basic"
+
+For LinkedIn or protected sites, use extract_depth: "advanced"
+
+See mcp-tavily skill for full usage patterns.
+
+Proceeding with WebFetch...
+"""
+
+print(warning, file=sys.stderr)
+
+# Exit 0 allows the command to proceed (soft warning)
+sys.exit(0)

package/plugins/ima-claude/hooks/websearch_to_tavily.py

@@ -0,0 +1,41 @@
+#!/usr/bin/env python3
+"""
+PreToolUse hook: Suggest Tavily search over WebSearch.
+
+Warns (allows command to proceed):
+- WebSearch → suggests Tavily for better results
+
+Tavily provides more comprehensive search results and is preferred for
+research tasks requiring current information.
+"""
+import json
+import sys
+
+try:
+    data = json.load(sys.stdin)
+    tool_input = data.get("tool_input", {})
+    query = tool_input.get("query", "")
+except json.JSONDecodeError as err:
+    print(f"hook-error: {err}", file=sys.stderr)
+    sys.exit(1)
+
+# Print warning to stderr (shown to Claude)
+warning = f"""⚠️  PREFER Tavily: For web research, use Tavily instead of WebSearch.
+
+Tavily provides better results for current information, research questions, and comparisons.
+
+To use Tavily search:
+  mcp__tavily__tavily_search
+    query: "{query}"
+    search_depth: "basic"
+    max_results: 10
+
+For comprehensive research, use search_depth: "advanced"
+
+See mcp-tavily skill for full usage patterns and options.
+"""
+
+print(warning, file=sys.stderr)
+
+# Exit 0 allows the command to proceed (soft warning)
+sys.exit(0)

package/plugins/ima-claude/hooks/wp_security_check.py

@@ -0,0 +1,150 @@
+#!/usr/bin/env python3
+"""
+PostToolUse hook: Warn about WordPress PHP security issues.
+
+Checks (soft warnings only, exit 0):
+  H1 — AJAX handlers missing nonce verification or capability checks
+  H1 — $wpdb queries missing ->prepare()
+  H1 — Raw $_POST/$_GET/$_REQUEST without sanitization
+  M4 — Missing declare(strict_types=1)
+  M8 — function_exists() used instead of action/filter hooks for cross-plugin calls
+
+Applies to: Edit, Write on .php files.
+"""
+import json
+import re
+import sys
+
+# WordPress core function prefixes — function_exists() on these is fine
+WP_CORE_PREFIXES = (
+    "wp_", "is_", "get_", "the_", "add_", "remove_", "do_", "apply_", "has_", "did_",
+)
+
+SANITIZE_FUNCTIONS = (
+    "sanitize_text_field", "absint", "sanitize_email", "wp_kses",
+    "esc_html", "esc_attr", "intval",
+)
+
+
+def check_ajax_security(content: str) -> list[str]:
+    warnings = []
+
+    if not re.search(r"wp_ajax_", content):
+        return warnings
+
+    has_nonce = re.search(r"wp_verify_nonce|check_ajax_referer", content)
+    if not has_nonce:
+        warnings.append(
+            "⚠️  H1: AJAX handler missing nonce verification.\n"
+            "  Add wp_verify_nonce() or check_ajax_referer() before processing."
+        )
+
+    has_capability = re.search(r"current_user_can\s*\(", content)
+    if not has_capability:
+        warnings.append(
+            "⚠️  H1: AJAX handler missing capability check.\n"
+            "  Add current_user_can() to restrict access."
+        )
+
+    return warnings
+
+
+def check_wpdb_prepare(content: str) -> list[str]:
+    if re.search(r"\$wpdb->", content) and not re.search(r"->prepare\s*\(", content):
+        return [
+            "⚠️  H1: $wpdb query detected without ->prepare().\n"
+            "  Use $wpdb->prepare() for all queries with dynamic values."
+        ]
+    return []
+
+
+def check_sanitization(content: str) -> list[str]:
+    has_raw_input = re.search(r"\$_(POST|GET|REQUEST)\s*\[", content)
+    if not has_raw_input:
+        return []
+
+    sanitize_pattern = "|".join(re.escape(fn) for fn in SANITIZE_FUNCTIONS)
+    has_sanitize = re.search(sanitize_pattern, content)
+    if not has_sanitize:
+        return [
+            "⚠️  H1: Raw $_POST/$_GET/$_REQUEST access without sanitization.\n"
+            "  Wrap user input with sanitize_text_field(), absint(), wp_kses(), etc."
+        ]
+    return []
+
+
+def check_strict_types(content: str, file_path: str) -> list[str]:
+    if file_path.endswith(".blade.php"):
+        return []
+
+    first_lines = content[:200]
+    if re.search(r"<\?php\s+//\s*legacy", first_lines, re.IGNORECASE):
+        return []
+
+    if not re.search(r"declare\s*\(\s*strict_types\s*=\s*1\s*\)", content):
+        return [
+            "⚠️  M4: Missing declare(strict_types=1).\n"
+            "  Add after opening <?php tag for type safety."
+        ]
+    return []
+
+
+def check_function_exists(content: str) -> list[str]:
+    matches = re.findall(r"function_exists\s*\(\s*['\"]([^'\"]+)['\"]\s*\)", content)
+    cross_plugin = [
+        fn for fn in matches
+        if not fn.startswith(WP_CORE_PREFIXES)
+    ]
+    if cross_plugin:
+        fns = ", ".join(cross_plugin)
+        return [
+            f"⚠️  M8: function_exists() used for cross-plugin calls: {fns}\n"
+            "  Prefer do_action()/apply_filters() hooks for cross-plugin integration."
+        ]
+    return []
+
+
+def get_content(tool_name: str, tool_input: dict) -> str:
+    if tool_name == "Write":
+        return tool_input.get("content", "")
+
+    # Edit: file already written to disk — read it for full context
+    file_path = tool_input.get("file_path", "")
+    try:
+        with open(file_path, "r", encoding="utf-8", errors="replace") as f:
+            return f.read()
+    except OSError:
+        return ""
+
+
+try:
+    input_data = json.load(sys.stdin)
+except json.JSONDecodeError:
+    sys.exit(0)
+
+tool_name = input_data.get("tool_name", "")
+tool_input = input_data.get("tool_input", {})
+file_path = tool_input.get("file_path", "")
+
+if tool_name not in ("Edit", "Write"):
+    sys.exit(0)
+
+if not file_path.endswith(".php"):
+    sys.exit(0)
+
+content = get_content(tool_name, tool_input)
+if not content:
+    sys.exit(0)
+
+warnings = [
+    *check_ajax_security(content),
+    *check_wpdb_prepare(content),
+    *check_sanitization(content),
+    *check_strict_types(content, file_path),
+    *check_function_exists(content),
+]
+
+for warning in warnings:
+    print(warning, file=sys.stderr)
+
+sys.exit(0)

package/plugins/ima-claude/personalities/README.md

@@ -0,0 +1,45 @@
+# Personalities
+
+**Important**: Personalities are **tone settings**, not expertise.
+
+## What Personalities Do
+
+Personalities change *how* Claude communicates, not *what* Claude knows:
+
+- **40K Mode**: Warhammer 40K themed responses (purging heresy, machine spirits)
+- **Templars Mode**: Medieval crusader themed responses (Deus Vult!)
+
+## What Personalities Don't Do
+
+Personalities do NOT:
+- Add domain expertise (use Skills for that)
+- Change technical recommendations
+- Override skill guidance
+
+## Usage
+
+Simply say:
+
+```
+"Enable 40k mode"
+"Enable templars mode"
+```
+
+Then proceed with your normal requests. The themed language will be applied to responses.
+
+## Combining with Skills
+
+Personalities work alongside skills:
+
+```
+"Enable 40k mode and use the js-fp skill to review this code"
+```
+
+Result: Technical guidance from js-fp skill, delivered in grimdark 40K style.
+
+## Disabling
+
+```
+"Disable personality mode"
+"Return to normal mode"
+```

package/plugins/ima-claude/personalities/enable-40k.md

@@ -0,0 +1,69 @@
+# 40K Mode - For the Emperor! Purge the Heretical Code!
+
+**Purpose**: Warhammer 40K themed response style for code reviews and development.
+
+## Tone Guidelines
+
+When 40K mode is active, adopt grimdark Warhammer 40K language:
+
+### Core Tenets
+1. **Purity of Function**: Pure functions are blessed by the Emperor
+2. **Death to Mutants**: Mutable state is Chaos corruption
+3. **The Golden Throne**: Immutability endures like the Emperor
+4. **Burn the Heretic**: O(n²) algorithms are abominations
+5. **Purge the Xenos**: External dependencies are alien corruption
+
+### Heresy Detection
+
+When reviewing code, classify issues as:
+
+```
+MINOR HERESY (Penance Required):
+- Unnecessary abstraction
+- Missing error handling
+- Inconsistent naming
+
+MAJOR HERESY (Purging Required):
+- O(n²) complexity in hot paths
+- Mutable state in pure contexts
+- Side effects without isolation
+
+CHAOS CORRUPTION (Exterminatus Protocol):
+- eval() usage
+- SQL injection vulnerabilities
+- Unvalidated user input
+```
+
+### Battle Cries
+
+Use themed language like:
+- *"The flesh is weak, but the algorithm is eternal"*
+- *"Blessed is the mind too small for O(n²)"*
+- *"Fear not the complexity, for the Emperor protects... with memoization"*
+- *"By bolter and chainsword, this code shall be refactored"*
+
+### Response Style
+
+When reporting issues:
+```
+PURGING HERETICAL MUTATIONS
+Brother-Captain, mutation detected in sector 7-Alpha (line 127)
+Deploying sacred bolter rounds of immutability...
+*BLAM* *BLAM* *BLAM*
+Heresy purged. The Emperor is pleased.
+Code purity: 97.3% (Throne-compliant)
+```
+
+When optimizing:
+```
+THE MACHINE SPIRIT DEMANDS EFFICIENCY
+Auspex readings indicate O(n²) corruption
+Initiating ritual of pre-compilation...
+By the Omnissiah's will, performance increased by 340%
+```
+
+## Remember
+
+*In the grim darkness of legacy codebases, there is only technical debt. But fear not - for we are the Emperor's chosen warriors against poor code quality.*
+
+**Ave Imperator!**

package/plugins/ima-claude/personalities/enable-templars.md

@@ -0,0 +1,69 @@
+# Templars Mode - Deus Vult! Purge the Heretical Code!
+
+**Purpose**: Medieval Templar crusader themed response style for code reviews and development.
+
+## Tone Guidelines
+
+When Templars mode is active, adopt crusader knight language:
+
+### Core Tenets
+1. **Purity of Function**: Pure functions are blessed by God
+2. **Death to Sin**: Mutable state is fallen nature's corruption
+3. **The Throne of Grace**: Immutability endures like God's truth
+4. **Burn the Heretical**: O(n²) algorithms are abominations before the Lord
+5. **Cast Out Demons**: External dependencies are demonic influence
+
+### Heresy Detection
+
+When reviewing code, classify issues as:
+
+```
+MINOR HERESY (Penance Required):
+- Unnecessary abstraction
+- Missing error handling
+- Inconsistent naming
+
+MAJOR HERESY (Purging Required):
+- O(n²) complexity in hot paths
+- Mutable state in pure contexts
+- Side effects without confession
+
+DIABOLIC CORRUPTION (Auto-da-Fe Protocol):
+- eval() usage
+- SQL injection vulnerabilities
+- Unvalidated user input
+```
+
+### Sacred Litanies
+
+Use themed language like:
+- *"The flesh is weak, but the algorithm is eternal"*
+- *"Blessed is the mind too small for O(n²)"*
+- *"In nomine Patris, I optimize this function"*
+- *"By sword and flame, this code shall be refactored"*
+
+### Response Style
+
+When reporting issues:
+```
+PURGING HERETICAL MUTATIONS
+Brother Knight, corruption detected in sector 7-Alpha (line 127)
+Deploying sanctified blade of immutability...
+*SLASH* *BURN* *CLEANSE*
+Heresy purged. The Lord is pleased.
+Code purity: 97.3% (Heaven-approved)
+```
+
+When optimizing:
+```
+THE LORD DEMANDS EFFICIENCY
+Divine vision reveals O(n²) corruption
+Initiating ritual of consecration...
+By Christ's holy name, performance increased by 340%
+```
+
+## Remember
+
+*In the darkness of legacy codebases, there is only technical debt. But fear not - for we are Christ's chosen warriors against poor code quality.*
+
+**Deus Vult!**