kastell 2.2.4 → 2.2.6

package/kastell-plugin/agents/scripts/trend_report.sh

@@ -1,91 +1,91 @@
-#!/usr/bin/env bash
-# trend_report.sh — Generate audit score trend from audit-history.json.
-# Usage: bash trend_report.sh [server-name]
-#    OR: bash trend_report.sh --all
-#
-# Reads ~/.kastell/audit-history.json (maintained by kastell-auditor agent).
-# Shows score over time with delta indicators.
-#
-# Requires: node
-
-set -euo pipefail
-
-HISTORY_FILE="${KASTELL_HOME:-$HOME/.kastell}/audit-history.json"
-SERVER="${1:-}"
-
-if [[ ! -f "$HISTORY_FILE" ]]; then
-  echo "No audit history found at: $HISTORY_FILE"
-  echo "Run 'kastell audit --server <name>' to generate data."
-  exit 0
-fi
-
-node -e "
-const fs = require('fs');
-const data = JSON.parse(fs.readFileSync(process.argv[1], 'utf8'));
-const server = process.argv[2] || '';
-const showAll = server === '--all';
-
-if (!Array.isArray(data) || data.length === 0) {
-  console.log('No audit history entries found.');
-  process.exit(0);
-}
-
-// Filter by server if specified
-let entries = showAll ? data : server
-  ? data.filter(e => e.serverName === server || e.server === server)
-  : data;
-
-if (entries.length === 0) {
-  console.log('No audit history for server: ' + server);
-  console.log('Available servers: ' + [...new Set(data.map(e => e.serverName || e.server))].join(', '));
-  process.exit(0);
-}
-
-// Sort by date
-entries.sort((a, b) => new Date(a.timestamp || a.date) - new Date(b.timestamp || b.date));
-
-// Group by server
-const byServer = {};
-for (const e of entries) {
-  const name = e.serverName || e.server || 'unknown';
-  if (!byServer[name]) byServer[name] = [];
-  byServer[name].push(e);
-}
-
-console.log('=== Audit Score Trend ===');
-console.log('');
-
-for (const [name, history] of Object.entries(byServer)) {
-  console.log('Server: ' + name);
-  console.log('-'.repeat(50));
-
-  let prev = null;
-  for (const e of history) {
-    const score = e.overallScore ?? e.score ?? 0;
-    const date = (e.timestamp || e.date || '').split('T')[0];
-    let delta = '';
-    if (prev !== null) {
-      const diff = score - prev;
-      delta = diff > 0 ? ' (+' + diff + ')' : diff < 0 ? ' (' + diff + ')' : ' (=)';
-    }
-
-    // Visual bar
-    const filled = Math.round(score / 5);
-    const bar = '█'.repeat(filled) + '░'.repeat(20 - filled);
-
-    console.log('  ' + date + '  ' + String(score).padStart(3) + '/100 ' + bar + delta);
-    prev = score;
-  }
-
-  // Latest bucket scores if available
-  const latest = history[history.length - 1];
-  if (latest.bucketScores) {
-    console.log('');
-    console.log('  Latest bucket breakdown:');
-    for (const [bucket, score] of Object.entries(latest.bucketScores)) {
-      console.log('    ' + bucket.padEnd(15) + ': ' + score);
-    }
-  }
-  console.log('');
-}
-" "$HISTORY_FILE" "$SERVER"
+#!/usr/bin/env bash
+# trend_report.sh — Generate audit score trend from audit-history.json.
+# Usage: bash trend_report.sh [server-name]
+#    OR: bash trend_report.sh --all
+#
+# Reads ~/.kastell/audit-history.json (maintained by kastell-auditor agent).
+# Shows score over time with delta indicators.
+#
+# Requires: node
+
+set -euo pipefail
+
+HISTORY_FILE="${KASTELL_HOME:-$HOME/.kastell}/audit-history.json"
+SERVER="${1:-}"
+
+if [[ ! -f "$HISTORY_FILE" ]]; then
+  echo "No audit history found at: $HISTORY_FILE"
+  echo "Run 'kastell audit --server <name>' to generate data."
+  exit 0
+fi
+
+node -e "
+const fs = require('fs');
+const data = JSON.parse(fs.readFileSync(process.argv[1], 'utf8'));
+const server = process.argv[2] || '';
+const showAll = server === '--all';
+
+if (!Array.isArray(data) || data.length === 0) {
+  console.log('No audit history entries found.');
+  process.exit(0);
+}
+
+// Filter by server if specified
+let entries = showAll ? data : server
+  ? data.filter(e => e.serverName === server || e.server === server)
+  : data;
+
+if (entries.length === 0) {
+  console.log('No audit history for server: ' + server);
+  console.log('Available servers: ' + [...new Set(data.map(e => e.serverName || e.server))].join(', '));
+  process.exit(0);
+}
+
+// Sort by date
+entries.sort((a, b) => new Date(a.timestamp || a.date) - new Date(b.timestamp || b.date));
+
+// Group by server
+const byServer = {};
+for (const e of entries) {
+  const name = e.serverName || e.server || 'unknown';
+  if (!byServer[name]) byServer[name] = [];
+  byServer[name].push(e);
+}
+
+console.log('=== Audit Score Trend ===');
+console.log('');
+
+for (const [name, history] of Object.entries(byServer)) {
+  console.log('Server: ' + name);
+  console.log('-'.repeat(50));
+
+  let prev = null;
+  for (const e of history) {
+    const score = e.overallScore ?? e.score ?? 0;
+    const date = (e.timestamp || e.date || '').split('T')[0];
+    let delta = '';
+    if (prev !== null) {
+      const diff = score - prev;
+      delta = diff > 0 ? ' (+' + diff + ')' : diff < 0 ? ' (' + diff + ')' : ' (=)';
+    }
+
+    // Visual bar
+    const filled = Math.round(score / 5);
+    const bar = '█'.repeat(filled) + '░'.repeat(20 - filled);
+
+    console.log('  ' + date + '  ' + String(score).padStart(3) + '/100 ' + bar + delta);
+    prev = score;
+  }
+
+  // Latest bucket scores if available
+  const latest = history[history.length - 1];
+  if (latest.bucketScores) {
+    console.log('');
+    console.log('  Latest bucket breakdown:');
+    for (const [bucket, score] of Object.entries(latest.bucketScores)) {
+      console.log('    ' + bucket.padEnd(15) + ': ' + score);
+    }
+  }
+  console.log('');
+}
+" "$HISTORY_FILE" "$SERVER"

package/kastell-plugin/hooks/destroy-block.cjs

@@ -1,31 +1,31 @@
-#!/usr/bin/env node
-// PreToolUse hook: Block kastell destroy / server-delete commands (hard block)
-
-// MANDATORY stdin guard — exit silently if stdin unavailable (e.g. after /clear)
-if (!process.stdin || process.stdin.destroyed || !process.stdin.readable) {
-  process.exit(0);
-}
-
-let input = '';
-const stdinTimeout = setTimeout(() => process.exit(0), 1500);
-process.stdin.setEncoding('utf8');
-process.stdin.on('error', () => process.exit(0));
-process.stdin.on('data', chunk => { input += chunk; });
-process.stdin.on('end', () => {
-  clearTimeout(stdinTimeout);
-  try {
-    const data = JSON.parse(input);
-    const cmd = (data.tool_input && data.tool_input.command) || '';
-
-    if (/\bkastell\s+(destroy|server-delete)\b/.test(cmd)) {
-      process.stdout.write(JSON.stringify({
-        decision: 'block',
-        reason: 'Destructive kastell operation detected. Use kastell destroy with --force flag directly in terminal, not through Claude Code.',
-      }));
-      process.exit(2);
-    }
-  } catch {}
-
-  // Not destructive or parse error — allow
-  process.exit(0);
-});
+#!/usr/bin/env node
+// PreToolUse hook: Block kastell destroy / server-delete commands (hard block)
+
+// MANDATORY stdin guard — exit silently if stdin unavailable (e.g. after /clear)
+if (!process.stdin || process.stdin.destroyed || !process.stdin.readable) {
+  process.exit(0);
+}
+
+let input = '';
+const stdinTimeout = setTimeout(() => process.exit(0), 1500);
+process.stdin.setEncoding('utf8');
+process.stdin.on('error', () => process.exit(0));
+process.stdin.on('data', chunk => { input += chunk; });
+process.stdin.on('end', () => {
+  clearTimeout(stdinTimeout);
+  try {
+    const data = JSON.parse(input);
+    const cmd = (data.tool_input && data.tool_input.command) || '';
+
+    if (/\bkastell\s+(destroy|server-delete)\b/.test(cmd)) {
+      process.stdout.write(JSON.stringify({
+        decision: 'block',
+        reason: 'Destructive kastell operation detected. Use kastell destroy with --force flag directly in terminal, not through Claude Code.',
+      }));
+      process.exit(2);
+    }
+  } catch {}
+
+  // Not destructive or parse error — allow
+  process.exit(0);
+});

package/kastell-plugin/hooks/hooks.json

@@ -1,57 +1,57 @@
-{
-  "hooks": {
-    "PreToolUse": [
-      {
-        "matcher": "Bash",
-        "if": "Bash(*kastell*)",
-        "hooks": [
-          {
-            "type": "command",
-            "command": "node ${CLAUDE_PLUGIN_ROOT}/hooks/destroy-block.cjs"
-          }
-        ]
-      },
-      {
-        "matcher": "Bash",
-        "if": "Bash(*git commit*)",
-        "hooks": [
-          {
-            "type": "command",
-            "command": "node ${CLAUDE_PLUGIN_ROOT}/hooks/pre-commit-audit-guard.cjs"
-          }
-        ]
-      }
-    ],
-    "PostToolUse": [
-      {
-        "matcher": "Bash",
-        "hooks": [
-          {
-            "type": "command",
-            "command": "node ${CLAUDE_PLUGIN_ROOT}/hooks/session-log.cjs"
-          }
-        ]
-      }
-    ],
-    "SessionStart": [
-      {
-        "hooks": [
-          {
-            "type": "command",
-            "command": "node ${CLAUDE_PLUGIN_ROOT}/hooks/session-audit.cjs"
-          }
-        ]
-      }
-    ],
-    "Stop": [
-      {
-        "hooks": [
-          {
-            "type": "command",
-            "command": "node ${CLAUDE_PLUGIN_ROOT}/hooks/stop-quality-check.cjs"
-          }
-        ]
-      }
-    ]
-  }
-}
+{
+  "hooks": {
+    "PreToolUse": [
+      {
+        "matcher": "Bash",
+        "if": "Bash(*kastell*)",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "node ${CLAUDE_PLUGIN_ROOT}/kastell-plugin/hooks/destroy-block.cjs"
+          }
+        ]
+      },
+      {
+        "matcher": "Bash",
+        "if": "Bash(*git commit*)",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "node ${CLAUDE_PLUGIN_ROOT}/kastell-plugin/hooks/pre-commit-audit-guard.cjs"
+          }
+        ]
+      }
+    ],
+    "PostToolUse": [
+      {
+        "matcher": "Bash",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "node ${CLAUDE_PLUGIN_ROOT}/kastell-plugin/hooks/session-log.cjs"
+          }
+        ]
+      }
+    ],
+    "SessionStart": [
+      {
+        "hooks": [
+          {
+            "type": "command",
+            "command": "node ${CLAUDE_PLUGIN_ROOT}/kastell-plugin/hooks/session-audit.cjs"
+          }
+        ]
+      }
+    ],
+    "Stop": [
+      {
+        "hooks": [
+          {
+            "type": "command",
+            "command": "node ${CLAUDE_PLUGIN_ROOT}/kastell-plugin/hooks/stop-quality-check.cjs"
+          }
+        ]
+      }
+    ]
+  }
+}

package/kastell-plugin/hooks/pre-commit-audit-guard.cjs

@@ -1,75 +1,75 @@
-#!/usr/bin/env node
-// PreToolUse hook: Block git commit if audit score dropped since previous audit run
-
-const fs = require('fs');
-const path = require('path');
-const os = require('os');
-
-const HISTORY_FILE = path.join(os.homedir(), '.kastell', 'audit-history.json');
-
-// MANDATORY stdin guard — exit silently if stdin unavailable
-if (!process.stdin || process.stdin.destroyed || !process.stdin.readable) {
-  process.exit(0);
-}
-
-let input = '';
-const stdinTimeout = setTimeout(() => process.exit(0), 1500);
-process.stdin.setEncoding('utf8');
-process.stdin.on('error', () => process.exit(0));
-process.stdin.on('data', chunk => { input += chunk; });
-process.stdin.on('end', () => {
-  clearTimeout(stdinTimeout);
-  try {
-    const cwd = process.cwd();
-
-    // Kastell project guard (two-phase: directory structure + package.json name)
-    const isKastell = fs.existsSync(path.join(cwd, 'src', 'mcp')) &&
-                      fs.existsSync(path.join(cwd, 'package.json'));
-    if (!isKastell) {
-      try {
-        const pkg = JSON.parse(fs.readFileSync(path.join(cwd, 'package.json'), 'utf8'));
-        if (pkg.name !== 'kastell') process.exit(0);
-      } catch { process.exit(0); }
-    }
-
-    // Parse tool input — only act on git commit commands
-    const data = JSON.parse(input);
-    const cmd = (data.tool_input && data.tool_input.command) || '';
-
-    if (!/\bgit\s+commit\b/.test(cmd)) {
-      process.exit(0);
-    }
-
-    // Read audit history — fail-open if unavailable
-    let history;
-    try {
-      history = JSON.parse(fs.readFileSync(HISTORY_FILE, 'utf8'));
-    } catch {
-      // History missing or unreadable — allow commit
-      process.exit(0);
-    }
-
-    // Check each server for score regression between last two audit runs
-    for (const serverIp of Object.keys(history)) {
-      const entries = history[serverIp];
-      if (!Array.isArray(entries) || entries.length < 2) continue;
-
-      const current = entries[entries.length - 1].overallScore;
-      const previous = entries[entries.length - 2].overallScore;
-
-      if (typeof current !== 'number' || typeof previous !== 'number') continue;
-      if (current < previous) {
-        process.stdout.write(JSON.stringify({
-          decision: 'block',
-          reason: `Audit score dropped: ${previous} -> ${current} (${entries[entries.length - 1].serverName}). Run \`kastell audit\` to investigate before committing.`,
-        }));
-        process.exit(0);
-      }
-    }
-
-    // No score drop detected — allow commit
-  } catch {}
-
-  // Fail-open: any unexpected error allows the commit through
-  process.exit(0);
-});
+#!/usr/bin/env node
+// PreToolUse hook: Block git commit if audit score dropped since previous audit run
+
+const fs = require('fs');
+const path = require('path');
+const os = require('os');
+
+const HISTORY_FILE = path.join(os.homedir(), '.kastell', 'audit-history.json');
+
+// MANDATORY stdin guard — exit silently if stdin unavailable
+if (!process.stdin || process.stdin.destroyed || !process.stdin.readable) {
+  process.exit(0);
+}
+
+let input = '';
+const stdinTimeout = setTimeout(() => process.exit(0), 1500);
+process.stdin.setEncoding('utf8');
+process.stdin.on('error', () => process.exit(0));
+process.stdin.on('data', chunk => { input += chunk; });
+process.stdin.on('end', () => {
+  clearTimeout(stdinTimeout);
+  try {
+    const cwd = process.cwd();
+
+    // Kastell project guard (two-phase: directory structure + package.json name)
+    const isKastell = fs.existsSync(path.join(cwd, 'src', 'mcp')) &&
+                      fs.existsSync(path.join(cwd, 'package.json'));
+    if (!isKastell) {
+      try {
+        const pkg = JSON.parse(fs.readFileSync(path.join(cwd, 'package.json'), 'utf8'));
+        if (pkg.name !== 'kastell') process.exit(0);
+      } catch { process.exit(0); }
+    }
+
+    // Parse tool input — only act on git commit commands
+    const data = JSON.parse(input);
+    const cmd = (data.tool_input && data.tool_input.command) || '';
+
+    if (!/\bgit\s+commit\b/.test(cmd)) {
+      process.exit(0);
+    }
+
+    // Read audit history — fail-open if unavailable
+    let history;
+    try {
+      history = JSON.parse(fs.readFileSync(HISTORY_FILE, 'utf8'));
+    } catch {
+      // History missing or unreadable — allow commit
+      process.exit(0);
+    }
+
+    // Check each server for score regression between last two audit runs
+    for (const serverIp of Object.keys(history)) {
+      const entries = history[serverIp];
+      if (!Array.isArray(entries) || entries.length < 2) continue;
+
+      const current = entries[entries.length - 1].overallScore;
+      const previous = entries[entries.length - 2].overallScore;
+
+      if (typeof current !== 'number' || typeof previous !== 'number') continue;
+      if (current < previous) {
+        process.stdout.write(JSON.stringify({
+          decision: 'block',
+          reason: `Audit score dropped: ${previous} -> ${current} (${entries[entries.length - 1].serverName}). Run \`kastell audit\` to investigate before committing.`,
+        }));
+        process.exit(0);
+      }
+    }
+
+    // No score drop detected — allow commit
+  } catch {}
+
+  // Fail-open: any unexpected error allows the commit through
+  process.exit(0);
+});