jettypod 4.4.54 → 4.4.56

package/claude-hooks/global-guardrails.js

@@ -0,0 +1,322 @@
+#!/usr/bin/env node
+/**
+ * Global Guardrails Hook
+ *
+ * Enforces actions that are ALWAYS allowed and ALWAYS blocked regardless of
+ * skill or context. Runs before any contextual/skill-specific validators.
+ *
+ * Claude Code PreToolUse Hook
+ */
+
+const fs = require('fs');
+const path = require('path');
+
+// Debug mode: set GUARDRAILS_DEBUG=1 to enable verbose logging
+const DEBUG = process.env.GUARDRAILS_DEBUG === '1';
+
+/**
+ * Structured debug logger - outputs to stderr to not interfere with JSON response
+ */
+function debug(category, data) {
+  if (!DEBUG) return;
+  const timestamp = new Date().toISOString();
+  const logEntry = { timestamp, category, ...data };
+  console.error(`[guardrails] ${JSON.stringify(logEntry)}`);
+}
+
+// Read hook input from stdin
+let input = '';
+process.stdin.on('data', chunk => input += chunk);
+process.stdin.on('end', () => {
+  try {
+    const hookInput = JSON.parse(input);
+    debug('input', {
+      tool: hookInput.tool_name,
+      cwd: hookInput.cwd,
+      active_worktree: hookInput.active_worktree_path,
+      branch: hookInput.current_branch
+    });
+
+    const result = evaluateRequest(hookInput);
+
+    debug('decision', {
+      tool: hookInput.tool_name,
+      allowed: result.allowed,
+      message: result.message || null
+    });
+
+    if (result.allowed) {
+      allow();
+    } else {
+      deny(result.message, result.hint);
+    }
+  } catch (err) {
+    // On parse error, allow (fail open)
+    debug('error', { type: 'parse', message: err.message });
+    console.error('Hook error:', err.message);
+    allow();
+  }
+});
+
+/**
+ * Evaluate the request and return allow/deny decision
+ */
+function evaluateRequest(hookInput) {
+  const { tool_name, tool_input, cwd, active_worktree_path, current_branch } = hookInput;
+
+  // ALWAYS ALLOW: Read operations
+  if (tool_name === 'Read' || tool_name === 'Glob' || tool_name === 'Grep') {
+    return { allowed: true };
+  }
+
+  // Handle Bash commands
+  if (tool_name === 'Bash') {
+    return evaluateBashCommand(tool_input.command || '', current_branch, cwd);
+  }
+
+  // Handle Write/Edit operations
+  if (tool_name === 'Write' || tool_name === 'Edit') {
+    return evaluateWriteOperation(tool_input.file_path || '', active_worktree_path, cwd);
+  }
+
+  // Default: allow unknown tools
+  return { allowed: true };
+}
+
+/**
+ * Evaluate Bash command against global rules
+ */
+function evaluateBashCommand(command, currentBranch, cwd) {
+  // BLOCKED: Force push
+  if (/git\s+push\s+.*--force/.test(command) || /git\s+push\s+-f\b/.test(command)) {
+    return {
+      allowed: false,
+      message: 'Force push is blocked',
+      hint: 'Force pushing can destroy history. Use regular push or create a PR.'
+    };
+  }
+
+  // BLOCKED: Direct commit to main
+  if (/git\s+commit\b/.test(command) && currentBranch === 'main') {
+    return {
+      allowed: false,
+      message: 'Direct commits to main are blocked',
+      hint: 'Use jettypod work start to create a feature branch first.'
+    };
+  }
+
+  // BLOCKED: Manual worktree creation
+  if (/git\s+worktree\s+add\b/.test(command)) {
+    return {
+      allowed: false,
+      message: 'Manual worktree creation is blocked',
+      hint: 'Use jettypod work start to create worktrees.'
+    };
+  }
+
+  // BLOCKED: Manual branch creation
+  if (/git\s+checkout\s+-b\b/.test(command) || /git\s+branch\s+(?!-d|-D)/.test(command)) {
+    return {
+      allowed: false,
+      message: 'Manual branch creation is blocked',
+      hint: 'Use jettypod work start to create branches.'
+    };
+  }
+
+  // BLOCKED: Direct SQL mutation to work.db
+  if (/sqlite3\s+.*work\.db/.test(command)) {
+    const sqlCommand = command.toLowerCase();
+    // Allow SELECT, block mutations
+    if (/\b(update|insert|delete|drop|alter|create)\b/i.test(sqlCommand)) {
+      return {
+        allowed: false,
+        message: 'Direct database mutations are blocked',
+        hint: 'Use jettypod CLI commands to modify work items.'
+      };
+    }
+  }
+
+  // BLOCKED: Merge from inside worktree (causes CWD corruption)
+  if (/jettypod\s+(work|tests)\s+merge/.test(command)) {
+    if (cwd && /\.jettypod-work\//.test(cwd)) {
+      return {
+        allowed: false,
+        message: 'Cannot merge from inside a worktree. CWD would be deleted.',
+        hint: 'Run: cd /Users/erikspangenberg/jettypod-source && jettypod work merge <id>'
+      };
+    }
+  }
+
+  // ALLOWED: Git read-only commands
+  if (/git\s+(status|log|diff|show|branch\s*$|remote|fetch)\b/.test(command)) {
+    return { allowed: true };
+  }
+
+  // ALLOWED: Jettypod read-only commands
+  if (/jettypod\s+(backlog|status|work\s+status|impact)\b/.test(command)) {
+    return { allowed: true };
+  }
+
+  // Default: allow other commands
+  return { allowed: true };
+}
+
+/**
+ * Find the jettypod database path
+ * @param {string} cwd - Starting directory
+ * @returns {string|null} Database path or null
+ */
+function findDatabasePath(cwd) {
+  let dir = cwd;
+  while (dir !== path.dirname(dir)) {
+    const dbPath = path.join(dir, '.jettypod', 'work.db');
+    if (fs.existsSync(dbPath)) {
+      return dbPath;
+    }
+    dir = path.dirname(dir);
+  }
+  return null;
+}
+
+/**
+ * Get the active worktree path from database
+ * @param {string} cwd - Current working directory
+ * @returns {string|null} Active worktree path or null
+ */
+function getActiveWorktreePathFromDB(cwd) {
+  const dbPath = findDatabasePath(cwd);
+  if (!dbPath) {
+    debug('db_lookup', { status: 'no_db_found', cwd });
+    return null;
+  }
+
+  try {
+    // Try better-sqlite3 first
+    const sqlite3 = require('better-sqlite3');
+    const db = sqlite3(dbPath, { readonly: true });
+    const row = db.prepare(
+      `SELECT worktree_path FROM worktrees WHERE status = 'active' LIMIT 1`
+    ).get();
+    db.close();
+    const result = row ? row.worktree_path : null;
+    debug('db_lookup', { status: 'success', method: 'better-sqlite3', worktree: result });
+    return result;
+  } catch (err) {
+    debug('db_lookup', { status: 'fallback', reason: err.message });
+    // Fall back to CLI
+    const { spawnSync } = require('child_process');
+    const result = spawnSync('sqlite3', [
+      dbPath,
+      `SELECT worktree_path FROM worktrees WHERE status = 'active' LIMIT 1`
+    ], { encoding: 'utf-8' });
+
+    if (result.error || result.status !== 0) {
+      debug('db_lookup', { status: 'cli_failed', error: result.error?.message || 'non-zero exit' });
+      return null;
+    }
+    const worktree = result.stdout.trim() || null;
+    debug('db_lookup', { status: 'success', method: 'sqlite3-cli', worktree });
+    return worktree;
+  }
+}
+
+/**
+ * Evaluate Write/Edit operation against global rules
+ */
+function evaluateWriteOperation(filePath, inputWorktreePath, cwd) {
+  // Query database for active worktree, fall back to input if provided
+  const activeWorktreePath = getActiveWorktreePathFromDB(cwd) || inputWorktreePath;
+
+  // Normalize paths
+  const normalizedPath = path.resolve(cwd || '.', filePath);
+  const normalizedWorktree = activeWorktreePath ? path.resolve(cwd || '.', activeWorktreePath) : null;
+
+  debug('write_eval', {
+    filePath,
+    normalizedPath,
+    activeWorktreePath,
+    normalizedWorktree
+  });
+
+  // BLOCKED: Protected files (skills, hooks)
+  const protectedPatterns = [
+    /\.claude\/skills\//i,
+    /claude-hooks\//i,
+    /\.jettypod\/hooks\//i
+  ];
+
+  for (const pattern of protectedPatterns) {
+    if (pattern.test(normalizedPath) || pattern.test(filePath)) {
+      return {
+        allowed: false,
+        message: 'Protected file - cannot modify',
+        hint: 'Skill and hook files are protected. Modify them through proper channels.'
+      };
+    }
+  }
+
+  // Check if path is in a worktree
+  const isInWorktree = /\.jettypod-work\//.test(filePath) || /\.jettypod-work\//.test(normalizedPath);
+
+  if (isInWorktree) {
+    // If we have an active worktree, check if this write is to it
+    if (activeWorktreePath) {
+      // SECURITY: Only use normalized path comparison to prevent traversal attacks
+      // The filePath.includes() check was vulnerable to "../" escapes
+      const isActiveWorktree = normalizedPath.startsWith(normalizedWorktree + path.sep) ||
+                               normalizedPath === normalizedWorktree;
+
+      if (isActiveWorktree) {
+        return { allowed: true };
+      } else {
+        return {
+          allowed: false,
+          message: 'Not your active worktree',
+          hint: 'You can only write to your currently active worktree.'
+        };
+      }
+    }
+    // No active worktree tracked but path looks like worktree - block
+    return {
+      allowed: false,
+      message: 'Not your active worktree',
+      hint: 'You can only write to your currently active worktree.'
+    };
+  }
+
+  // BLOCKED: Write to main repo (not in worktree)
+  return {
+    allowed: false,
+    message: 'Cannot write to main repository',
+    hint: 'Use jettypod work start to create a worktree first.'
+  };
+}
+
+/**
+ * Allow the action
+ */
+function allow() {
+  console.log(JSON.stringify({
+    hookSpecificOutput: {
+      hookEventName: "PreToolUse",
+      permissionDecision: "allow"
+    }
+  }));
+  process.exit(0);
+}
+
+/**
+ * Deny the action with explanation
+ */
+function deny(message, hint) {
+  const reason = `❌ ${message}\n\n💡 Hint: ${hint || 'Check your action.'}`;
+
+  console.log(JSON.stringify({
+    hookSpecificOutput: {
+      hookEventName: "PreToolUse",
+      permissionDecision: "deny",
+      permissionDecisionReason: reason
+    }
+  }));
+  process.exit(0);
+}

package/jettypod.js

@@ -785,6 +785,14 @@ async function initializeProject() {
     fs.chmodSync(enforceHookDest, 0o755);
   }
 
+  // Install global-guardrails hook
+  const guardrailsHookSource = path.join(__dirname, 'claude-hooks', 'global-guardrails.js');
+  const guardrailsHookDest = path.join('.jettypod', 'hooks', 'global-guardrails.js');
+  if (fs.existsSync(guardrailsHookSource)) {
+    fs.copyFileSync(guardrailsHookSource, guardrailsHookDest);
+    fs.chmodSync(guardrailsHookDest, 0o755);
+  }
+
   // Create Claude Code settings
   if (!fs.existsSync('.claude')) {
     fs.mkdirSync('.claude', { recursive: true });
@@ -800,15 +808,24 @@ async function initializeProject() {
         PreToolUse: [
           {
             matcher: 'Edit',
-            hooks: [{ type: 'command', command: '.jettypod/hooks/protect-claude-md.js' }]
+            hooks: [
+              { type: 'command', command: '.jettypod/hooks/global-guardrails.js' },
+              { type: 'command', command: '.jettypod/hooks/protect-claude-md.js' }
+            ]
           },
           {
             matcher: 'Write',
-            hooks: [{ type: 'command', command: '.jettypod/hooks/protect-claude-md.js' }]
+            hooks: [
+              { type: 'command', command: '.jettypod/hooks/global-guardrails.js' },
+              { type: 'command', command: '.jettypod/hooks/protect-claude-md.js' }
+            ]
           },
           {
             matcher: 'Bash',
-            hooks: [{ type: 'command', command: '.jettypod/hooks/enforce-skill-activation.js' }]
+            hooks: [
+              { type: 'command', command: '.jettypod/hooks/global-guardrails.js' },
+              { type: 'command', command: '.jettypod/hooks/enforce-skill-activation.js' }
+            ]
           }
         ]
       }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "jettypod",
-  "version": "4.4.54",
+  "version": "4.4.56",
   "description": "AI-powered development workflow manager with TDD, BDD, and automatic test generation",
   "main": "jettypod.js",
   "bin": {