oathbound 0.4.0 → 0.5.1

package/config.ts

@@ -0,0 +1,128 @@
+import {
+  writeFileSync, readFileSync, existsSync, mkdirSync,
+} from 'node:fs';
+import { join } from 'node:path';
+
+export type EnforcementLevel = 'warn' | 'registered' | 'audited';
+
+/** Strip // line comments from JSONC, preserving // inside strings. */
+export function stripJsoncComments(text: string): string {
+  let result = '';
+  let i = 0;
+  while (i < text.length) {
+    // String literal — copy through, respecting escapes
+    if (text[i] === '"') {
+      result += '"';
+      i++;
+      while (i < text.length && text[i] !== '"') {
+        if (text[i] === '\\') { result += text[i++]; } // escape char
+        if (i < text.length) { result += text[i++]; }
+      }
+      if (i < text.length) { result += text[i++]; } // closing "
+      continue;
+    }
+    // Line comment
+    if (text[i] === '/' && text[i + 1] === '/') {
+      while (i < text.length && text[i] !== '\n') i++;
+      continue;
+    }
+    result += text[i++];
+  }
+  return result;
+}
+
+export function readOathboundConfig(): { enforcement: EnforcementLevel } | null {
+  const configPath = join(process.cwd(), '.oathbound.jsonc');
+  if (!existsSync(configPath)) return null;
+  try {
+    const raw = readFileSync(configPath, 'utf-8');
+    const parsed = JSON.parse(stripJsoncComments(raw));
+    const level = parsed.enforcement;
+    if (level === 'warn' || level === 'registered' || level === 'audited') {
+      return { enforcement: level };
+    }
+    return { enforcement: 'warn' };
+  } catch {
+    return null;
+  }
+}
+
+export function writeOathboundConfig(enforcement: EnforcementLevel): boolean {
+  const configPath = join(process.cwd(), '.oathbound.jsonc');
+  if (existsSync(configPath)) return false;
+  const content = `// Oathbound project configuration
+// Docs: https://oathbound.ai/docs/config
+{
+  "$schema": "https://oathbound.ai/schemas/config-v1.json",
+  "version": 1,
+  "enforcement": "${enforcement}",
+  "org": null
+}
+`;
+  writeFileSync(configPath, content);
+  return true;
+}
+
+const SKILL_CHECK = { type: 'command', command: 'npx oathbound verify --check' };
+
+const OATHBOUND_HOOKS = {
+  SessionStart: [
+    { matcher: '', hooks: [{ type: 'command', command: 'npx oathbound verify' }] },
+  ],
+  PreToolUse: [
+    { matcher: 'Skill', hooks: [SKILL_CHECK] },
+    { matcher: 'Bash', hooks: [SKILL_CHECK] },
+    { matcher: 'Read', hooks: [SKILL_CHECK] },
+    { matcher: 'Glob', hooks: [SKILL_CHECK] },
+    { matcher: 'Grep', hooks: [SKILL_CHECK] },
+  ],
+};
+
+function hasOathboundHooks(settings: Record<string, unknown>): boolean {
+  const hooks = settings.hooks as Record<string, unknown[]> | undefined;
+  if (!hooks) return false;
+  for (const entries of Object.values(hooks)) {
+    if (!Array.isArray(entries)) continue;
+    for (const entry of entries) {
+      const e = entry as Record<string, unknown>;
+      const innerHooks = e.hooks as Array<Record<string, unknown>> | undefined;
+      if (!innerHooks) continue;
+      for (const h of innerHooks) {
+        if (typeof h.command === 'string' && h.command.startsWith('npx oathbound')) return true;
+      }
+    }
+  }
+  return false;
+}
+
+export type MergeResult = 'created' | 'merged' | 'skipped' | 'malformed';
+
+export function mergeClaudeSettings(): MergeResult {
+  const claudeDir = join(process.cwd(), '.claude');
+  const settingsPath = join(claudeDir, 'settings.json');
+
+  if (!existsSync(settingsPath)) {
+    mkdirSync(claudeDir, { recursive: true });
+    writeFileSync(settingsPath, JSON.stringify({ hooks: OATHBOUND_HOOKS }, null, 2) + '\n');
+    return 'created';
+  }
+
+  let settings: Record<string, unknown>;
+  try {
+    settings = JSON.parse(readFileSync(settingsPath, 'utf-8'));
+  } catch {
+    return 'malformed';
+  }
+
+  if (hasOathboundHooks(settings)) return 'skipped';
+
+  // Merge hooks into existing settings
+  const hooks = (settings.hooks ?? {}) as Record<string, unknown[]>;
+  for (const [event, entries] of Object.entries(OATHBOUND_HOOKS)) {
+    const existing = hooks[event] as unknown[] | undefined;
+    hooks[event] = existing ? [...existing, ...entries] : [...entries];
+  }
+  settings.hooks = hooks;
+  writeFileSync(settingsPath, JSON.stringify(settings, null, 2) + '\n');
+  return 'merged';
+}

package/content-hash.ts

@@ -0,0 +1,39 @@
+import { createHash } from 'node:crypto';
+import { readFileSync, readdirSync } from 'node:fs';
+import { join, relative } from 'node:path';
+
+const HASH_EXCLUDED = new Set([
+  'node_modules',
+  'bun.lock',
+  'package-lock.json',
+  'yarn.lock',
+  '.DS_Store',
+]);
+
+export function collectFiles(dir: string, base: string = dir): { path: string; content: Buffer }[] {
+  const results: { path: string; content: Buffer }[] = [];
+  for (const entry of readdirSync(dir, { withFileTypes: true })) {
+    if (HASH_EXCLUDED.has(entry.name)) continue;
+    const full = join(dir, entry.name);
+    if (entry.isDirectory()) {
+      results.push(...collectFiles(full, base));
+    } else if (entry.isFile()) {
+      results.push({ path: relative(base, full), content: readFileSync(full) });
+    }
+  }
+  return results;
+}
+
+export function contentHash(files: { path: string; content: Buffer }[]): string {
+  const sorted = files.toSorted((a, b) => a.path.localeCompare(b.path));
+  const lines = sorted.map((f) => {
+    const h = createHash('sha256').update(f.content).digest('hex');
+    return `${f.path}\0${h}`;
+  });
+  return createHash('sha256').update(lines.join('\n')).digest('hex');
+}
+
+export function hashSkillDir(skillDir: string): string {
+  const files = collectFiles(skillDir);
+  return contentHash(files);
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "oathbound",
-  "version": "0.4.0",
+  "version": "0.5.1",
   "description": "Install verified Claude Code skills from the Oath Bound registry",
   "license": "BUSL-1.1",
   "author": "Josh Anderson",
@@ -24,6 +24,11 @@
   },
   "files": [
     "cli.ts",
+    "ui.ts",
+    "config.ts",
+    "update.ts",
+    "verify.ts",
+    "content-hash.ts",
     "bin/cli.cjs",
     "install.cjs"
   ],

package/ui.ts

@@ -0,0 +1,53 @@
+// --- ANSI (respect NO_COLOR standard: https://no-color.org) ---
+export const USE_COLOR = process.env.NO_COLOR === undefined && process.stderr.isTTY;
+export const TEAL = USE_COLOR ? '\x1b[38;2;63;168;164m' : ''; // brand teal #3fa8a4
+export const GREEN = USE_COLOR ? '\x1b[32m' : '';
+export const RED = USE_COLOR ? '\x1b[31m' : '';
+export const YELLOW = USE_COLOR ? '\x1b[33m' : '';
+export const DIM = USE_COLOR ? '\x1b[2m' : '';
+export const BOLD = USE_COLOR ? '\x1b[1m' : '';
+export const RESET = USE_COLOR ? '\x1b[0m' : '';
+
+export const BRAND = `${TEAL}${BOLD}🛡️ oathbound${RESET}`;
+
+export function usage(exitCode = 1): never {
+  console.log(`
+${BOLD}oathbound${RESET} — install and verify skills
+
+${DIM}Usage:${RESET}
+  oathbound init                ${DIM}Setup wizard — configure project${RESET}
+  oathbound pull <namespace/skill-name>
+  oathbound install <namespace/skill-name>
+  oathbound verify              ${DIM}SessionStart hook — verify all skills${RESET}
+  oathbound verify --check      ${DIM}PreToolUse hook — check skill integrity${RESET}
+
+${DIM}Options:${RESET}
+  --help, -h      Show this help message
+  --version, -v   Show version
+`);
+  process.exit(exitCode);
+}
+
+export function fail(message: string, detail?: string): never {
+  console.log(`\n${BOLD}${RED} ✗ ${message}${RESET}`);
+  if (detail) {
+    console.log(`${RED}   ${detail}${RESET}`);
+  }
+  process.exit(1);
+}
+
+export function spinner(text: string): { stop: () => void } {
+  const frames = ['⠋', '⠙', '⠹', '⠸', '⠼', '⠴', '⠦', '⠧', '⠇', '⠏'];
+  let i = 0;
+  process.stdout.write(`${TEAL} ${frames[0]} ${text}${RESET}`);
+  const interval = setInterval(() => {
+    i = (i + 1) % frames.length;
+    process.stdout.write(`\r${TEAL} ${frames[i]} ${text}${RESET}`);
+  }, 80);
+  return {
+    stop() {
+      clearInterval(interval);
+      process.stdout.write(USE_COLOR ? '\r\x1b[2K' : '\n');
+    },
+  };
+}

package/update.ts

@@ -0,0 +1,111 @@
+import {
+  writeFileSync, readFileSync, existsSync, mkdirSync,
+  renameSync, chmodSync,
+} from 'node:fs';
+import { join } from 'node:path';
+import { homedir, platform } from 'node:os';
+import { TEAL, GREEN, RESET } from './ui';
+
+export function isNewer(remote: string, local: string): boolean {
+  const parse = (v: string) => v.replace(/^v/, '').split('.').map(Number);
+  const [rMaj, rMin, rPat] = parse(remote);
+  const [lMaj, lMin, lPat] = parse(local);
+  if (rMaj !== lMaj) return rMaj > lMaj;
+  if (rMin !== lMin) return rMin > lMin;
+  return rPat > lPat;
+}
+
+function getCacheDir(): string {
+  if (platform() === 'darwin') {
+    return join(homedir(), 'Library', 'Caches', 'oathbound');
+  }
+  return join(process.env.XDG_CACHE_HOME ?? join(homedir(), '.cache'), 'oathbound');
+}
+
+function getPlatformBinaryName(): string {
+  const p = platform();
+  const os = p === 'win32' ? 'windows' : p === 'darwin' ? 'darwin' : 'linux';
+  const arch = process.arch === 'arm64' ? 'arm64' : 'x64';
+  const ext = p === 'win32' ? '.exe' : '';
+  return `oathbound-${os}-${arch}${ext}`;
+}
+
+function printUpdateBox(current: string, latest: string): void {
+  const line = `Update available: ${current} → ${latest}`;
+  const install = 'Run: npm install -g oathbound';
+  const width = Math.max(line.length, install.length) + 2;
+  const pad = (s: string) => s + ' '.repeat(width - s.length);
+  process.stderr.write(`\n${TEAL}┌${'─'.repeat(width)}┐${RESET}\n`);
+  process.stderr.write(`${TEAL}│${RESET} ${pad(line)}${TEAL}│${RESET}\n`);
+  process.stderr.write(`${TEAL}│${RESET} ${pad(install)}${TEAL}│${RESET}\n`);
+  process.stderr.write(`${TEAL}└${'─'.repeat(width)}┘${RESET}\n`);
+}
+
+export async function checkForUpdate(version: string): Promise<void> {
+  const cacheDir = getCacheDir();
+  const cacheFile = join(cacheDir, 'update-check.json');
+
+  // Check cache freshness (24h) — invalidate if local version changed
+  if (existsSync(cacheFile)) {
+    try {
+      const cache = JSON.parse(readFileSync(cacheFile, 'utf-8'));
+      if (cache.localVersion === version && Date.now() - cache.checkedAt < 86_400_000) {
+        if (cache.latestVersion && isNewer(cache.latestVersion, version)) {
+          printUpdateBox(version, cache.latestVersion);
+        }
+        return;
+      }
+    } catch { /* stale cache, re-check */ }
+  }
+
+  // Fetch latest version from npm
+  const controller = new AbortController();
+  const timeout = setTimeout(() => controller.abort(), 5_000);
+  try {
+    const resp = await fetch(
+      'https://registry.npmjs.org/oathbound?fields=dist-tags',
+      { signal: controller.signal },
+    );
+    clearTimeout(timeout);
+    if (!resp.ok) return;
+    const data = await resp.json() as { 'dist-tags'?: { latest?: string } };
+    const latest = data['dist-tags']?.latest;
+    if (!latest) return;
+
+    // Write cache
+    mkdirSync(cacheDir, { recursive: true });
+    writeFileSync(cacheFile, JSON.stringify({ checkedAt: Date.now(), latestVersion: latest, localVersion: version }));
+
+    if (!isNewer(latest, version)) return;
+
+    // Try auto-update the binary
+    const binaryPath = process.argv[0];
+    if (!binaryPath || binaryPath.includes('bun') || binaryPath.includes('node')) {
+      // Running via bun/node, not compiled binary — just print box
+      printUpdateBox(version, latest);
+      return;
+    }
+
+    const binaryName = getPlatformBinaryName();
+    const url = `https://github.com/Joshuatanderson/oath-bound/releases/download/v${latest}/${binaryName}`;
+    const dlController = new AbortController();
+    const dlTimeout = setTimeout(() => dlController.abort(), 30_000);
+    const dlResp = await fetch(url, { signal: dlController.signal, redirect: 'follow' });
+    clearTimeout(dlTimeout);
+
+    if (!dlResp.ok || !dlResp.body) {
+      printUpdateBox(version, latest);
+      return;
+    }
+
+    const bytes = Buffer.from(await dlResp.arrayBuffer());
+    const tmpPath = `${binaryPath}.update-${Date.now()}`;
+    writeFileSync(tmpPath, bytes);
+    chmodSync(tmpPath, 0o755);
+    renameSync(tmpPath, binaryPath);
+    process.stderr.write(`${TEAL} ✓ Updated oathbound ${version} → ${latest}${RESET}\n`);
+  } catch (err) {
+    const msg = err instanceof Error ? err.message : String(err);
+    process.stderr.write(`${TEAL}Update check failed: ${msg}${RESET}\n`);
+  }
+}

package/verify.ts

@@ -0,0 +1,323 @@
+import { createClient } from '@supabase/supabase-js';
+import {
+  writeFileSync, readFileSync, existsSync,
+  readdirSync, statSync,
+} from 'node:fs';
+import { join } from 'node:path';
+import { tmpdir } from 'node:os';
+import { BRAND, TEAL, GREEN, RED, YELLOW, DIM, RESET } from './ui';
+import { hashSkillDir } from './content-hash';
+import { readOathboundConfig, type EnforcementLevel } from './config';
+
+// --- Session state file ---
+interface SessionState {
+  verified: Record<string, string>; // skill name → content_hash
+  rejected: { name: string; reason: string }[];
+  ok: boolean;
+}
+
+function sessionStatePath(sessionId: string): string {
+  return join(tmpdir(), `oathbound-${sessionId}.json`);
+}
+
+async function readStdin(): Promise<string> {
+  const chunks: Buffer[] = [];
+  for await (const chunk of Bun.stdin.stream()) {
+    chunks.push(Buffer.from(chunk));
+  }
+  return Buffer.concat(chunks).toString('utf-8');
+}
+
+export function findSkillsDir(): string {
+  const cwd = process.cwd();
+  const normalized = cwd.replace(/\/+$/, '');
+
+  // Already inside .claude/skills
+  if (normalized.endsWith('.claude/skills')) return cwd;
+
+  // Inside .claude — check for skills/ subdir
+  if (normalized.endsWith('.claude')) {
+    const skills = join(cwd, 'skills');
+    if (existsSync(skills)) return skills;
+  }
+
+  // Check cwd/.claude/skills directly
+  const direct = join(cwd, '.claude', 'skills');
+  if (existsSync(direct)) return direct;
+
+  // Recurse downward (skip noise, limited depth)
+  const SKIP = new Set(['node_modules', '.git', 'dist', 'build', '.next']);
+  function search(dir: string, depth: number): string | null {
+    if (depth <= 0) return null;
+    try {
+      const entries = readdirSync(dir, { withFileTypes: true });
+      for (const entry of entries) {
+        if (!entry.isDirectory() || SKIP.has(entry.name)) continue;
+        if (entry.name === '.claude') {
+          const skills = join(dir, '.claude', 'skills');
+          if (existsSync(skills)) return skills;
+        }
+      }
+      for (const entry of entries) {
+        if (!entry.isDirectory() || SKIP.has(entry.name) || entry.name.startsWith('.')) continue;
+        const result = search(join(dir, entry.name), depth - 1);
+        if (result) return result;
+      }
+    } catch {
+      // permission denied, etc.
+    }
+    return null;
+  }
+
+  return search(cwd, 5) ?? cwd;
+}
+
+/** Extract skill name from a file path if it references .claude/skills/<name>/... */
+function skillNameFromPath(filePath: string): string | null {
+  const marker = '.claude/skills/';
+  const idx = filePath.indexOf(marker);
+  if (idx === -1) return null;
+  const rest = filePath.slice(idx + marker.length);
+  const name = rest.split('/')[0];
+  return name || null;
+}
+
+/** Extract skill name from a bash command if it references .claude/skills/<name>/... */
+function skillNameFromCommand(command: string): string | null {
+  const marker = '.claude/skills/';
+  const idx = command.indexOf(marker);
+  if (idx === -1) return null;
+  const rest = command.slice(idx + marker.length);
+  const name = rest.split(/[\/\s'"]/)[0];
+  return name || null;
+}
+
+function denySkill(reason: string): never {
+  console.log(JSON.stringify({
+    hookSpecificOutput: {
+      hookEventName: 'PreToolUse',
+      permissionDecision: 'deny',
+      permissionDecisionReason: reason,
+    },
+  }));
+  process.exit(0);
+}
+
+// --- Verify (SessionStart hook) ---
+export async function verify(supabaseUrl: string, supabaseAnonKey: string): Promise<void> {
+  let input: Record<string, unknown>;
+  try {
+    input = JSON.parse(await readStdin());
+  } catch {
+    process.stderr.write('oathbound verify: invalid JSON on stdin\n');
+    process.exit(1);
+  }
+  const sessionId: string = input.session_id as string;
+  if (!sessionId) {
+    process.stderr.write('oathbound verify: no session_id in stdin\n');
+    process.exit(1);
+  }
+
+  const skillsDir = findSkillsDir();
+
+  // Guard: findSkillsDir() falls back to cwd if no .claude/skills found.
+  // In verify mode, we must NOT hash the entire project — only .claude/skills.
+  if (!skillsDir.endsWith('.claude/skills') && !skillsDir.includes('.claude/skills')) {
+    const state: SessionState = { verified: {}, rejected: [], ok: true };
+    writeFileSync(sessionStatePath(sessionId), JSON.stringify(state));
+    console.log(JSON.stringify({ hookSpecificOutput: { hookEventName: 'SessionStart', additionalContext: 'Oathbound: no .claude/skills/ directory found — nothing to verify.' } }));
+    process.exit(0);
+  }
+
+  // List skill subdirectories
+  const entries = readdirSync(skillsDir, { withFileTypes: true });
+  const skillDirs = entries.filter((e) => e.isDirectory() && !e.name.startsWith('.'));
+
+  if (skillDirs.length === 0) {
+    const state: SessionState = { verified: {}, rejected: [], ok: true };
+    writeFileSync(sessionStatePath(sessionId), JSON.stringify(state));
+    console.log(JSON.stringify({ hookSpecificOutput: { hookEventName: 'SessionStart', additionalContext: 'Oathbound: no skills installed — nothing to verify.' } }));
+    process.exit(0);
+  }
+
+  // Hash each local skill
+  const localHashes: Record<string, string> = {};
+  for (const dir of skillDirs) {
+    const fullPath = join(skillsDir, dir.name);
+    localHashes[dir.name] = hashSkillDir(fullPath);
+  }
+
+  // Read enforcement config
+  const config = readOathboundConfig();
+  const enforcement: EnforcementLevel = config?.enforcement ?? 'warn';
+
+  // Fetch registry hashes from Supabase (latest version per skill name)
+  // If enforcement=audited, also fetch audit status
+  const supabase = createClient(supabaseUrl, supabaseAnonKey);
+  const selectFields = enforcement === 'audited'
+    ? 'name, namespace, content_hash, version, audits(passed)'
+    : 'name, namespace, content_hash, version';
+  const { data: skills, error } = await supabase
+    .from('skills')
+    .select(selectFields)
+    .order('version', { ascending: false });
+
+  if (error) {
+    process.stderr.write(`oathbound verify: failed to query registry: ${error.message}\n`);
+    process.exit(1);
+  }
+
+  // Build lookup: skill name → latest content_hash (dedupe by taking first per name)
+  const registryHashes = new Map<string, string>();
+  const auditedSkills = new Set<string>(); // skills with at least one passed audit
+  for (const skill of skills ?? []) {
+    if (!skill.content_hash) continue;
+    if (!registryHashes.has(skill.name)) {
+      registryHashes.set(skill.name, skill.content_hash);
+    }
+    if (enforcement === 'audited') {
+      const audits = (skill as Record<string, unknown>).audits as Array<{ passed: boolean }> | null;
+      if (audits?.some((a) => a.passed)) {
+        auditedSkills.add(skill.name);
+      }
+    }
+  }
+
+  const verified: Record<string, string> = {};
+  const rejected: { name: string; reason: string }[] = [];
+  const warnings: { name: string; reason: string }[] = [];
+
+  process.stderr.write(`${BRAND} ${TEAL}verifying skills...${RESET}\n`);
+
+  for (const [name, localHash] of Object.entries(localHashes)) {
+    const registryHash = registryHashes.get(name);
+    if (!registryHash) {
+      process.stderr.write(`${DIM}   ${name}: ${localHash} (not in registry)${RESET}\n`);
+      if (enforcement === 'warn') {
+        warnings.push({ name, reason: 'not in registry' });
+        verified[name] = localHash; // allow in warn mode
+      } else {
+        rejected.push({ name, reason: 'not in registry' });
+      }
+    } else if (localHash !== registryHash) {
+      process.stderr.write(`${RED}   ${name}: ${localHash} ≠ ${registryHash}${RESET}\n`);
+      if (enforcement === 'warn') {
+        warnings.push({ name, reason: `content hash mismatch (local: ${localHash.slice(0, 8)}…, registry: ${registryHash.slice(0, 8)}…)` });
+        verified[name] = localHash;
+      } else {
+        rejected.push({ name, reason: `content hash mismatch (local: ${localHash.slice(0, 8)}…, registry: ${registryHash.slice(0, 8)}…)` });
+      }
+    } else if (enforcement === 'audited' && !auditedSkills.has(name)) {
+      process.stderr.write(`${YELLOW}   ${name}: ${localHash} (registered but not audited)${RESET}\n`);
+      rejected.push({ name, reason: 'no passed audit' });
+    } else {
+      process.stderr.write(`${GREEN}   ${name}: ${localHash} ✓${RESET}\n`);
+      verified[name] = localHash;
+    }
+  }
+
+  const ok = rejected.length === 0;
+  const state: SessionState = { verified, rejected, ok };
+  writeFileSync(sessionStatePath(sessionId), JSON.stringify(state));
+
+  if (ok && warnings.length === 0) {
+    const names = Object.keys(verified).join(', ');
+    console.log(JSON.stringify({
+      hookSpecificOutput: {
+        hookEventName: 'SessionStart',
+        additionalContext: `Oathbound: all ${Object.keys(verified).length} skill(s) verified against registry [${names}]. Skills are safe to use.`,
+      },
+    }));
+    process.exit(0);
+  } else if (ok && warnings.length > 0) {
+    // Warn mode — all skills allowed but with warnings
+    const warnLines = warnings.map((w) => `  ⚠ ${w.name}: ${w.reason}`).join('\n');
+    const names = Object.keys(verified).join(', ');
+    process.stderr.write(`${YELLOW}Oathbound warnings (enforcement: warn):\n${warnLines}${RESET}\n`);
+    console.log(JSON.stringify({
+      hookSpecificOutput: {
+        hookEventName: 'SessionStart',
+        additionalContext: `Oathbound (warn mode): ${Object.keys(verified).length} skill(s) allowed [${names}]. Warnings:\n${warnLines}`,
+      },
+    }));
+    process.exit(0);
+  } else {
+    const lines = rejected.map((r) => `  - ${r.name}: ${r.reason}`);
+    process.stderr.write(`Oathbound: skill verification failed! (enforcement: ${enforcement})\n${lines.join('\n')}\nDo NOT use unverified skills.\n`);
+    process.exit(2);
+  }
+}
+
+// --- Verify --check (PreToolUse hook) ---
+export async function verifyCheck(): Promise<void> {
+  let input: Record<string, unknown>;
+  try {
+    input = JSON.parse(await readStdin());
+  } catch {
+    process.stderr.write('oathbound verify --check: invalid JSON on stdin\n');
+    process.exit(1);
+  }
+  const sessionId: string = input.session_id as string;
+  const toolName: string = (input.tool_name as string) ?? '';
+  const toolInput = (input.tool_input as Record<string, unknown>) ?? {};
+
+  if (!sessionId) process.exit(0);
+
+  // Extract skill name based on which tool triggered the hook
+  let baseName: string | null = null;
+
+  if (toolName === 'Skill') {
+    const skill = toolInput.skill as string | undefined;
+    if (!skill) process.exit(0);
+    baseName = skill.includes(':') ? skill.split(':').pop()! : skill;
+  } else if (toolName === 'Bash') {
+    baseName = skillNameFromCommand((toolInput.command as string) ?? '');
+  } else if (toolName === 'Read') {
+    baseName = skillNameFromPath((toolInput.file_path as string) ?? '');
+  } else if (toolName === 'Glob' || toolName === 'Grep') {
+    baseName = skillNameFromPath((toolInput.path as string) ?? '');
+    // Also check pattern/glob fields for skill path references
+    if (!baseName) baseName = skillNameFromPath((toolInput.pattern as string) ?? '');
+    if (!baseName) baseName = skillNameFromPath((toolInput.glob as string) ?? '');
+  }
+
+  // Not a skill-related operation — allow through
+  if (!baseName) process.exit(0);
+
+  const stateFile = sessionStatePath(sessionId);
+  if (!existsSync(stateFile)) process.exit(0);
+
+  let state: SessionState;
+  try {
+    state = JSON.parse(readFileSync(stateFile, 'utf-8'));
+  } catch {
+    process.stderr.write('oathbound verify --check: corrupt session state file\n');
+    process.exit(1);
+  }
+
+  // Find the skill directory and re-hash
+  const skillsDir = findSkillsDir();
+  const skillDir = join(skillsDir, baseName);
+
+  if (!existsSync(skillDir) || !statSync(skillDir).isDirectory()) {
+    denySkill(`Oathbound: skill directory not found for "${baseName}"`);
+  }
+
+  const currentHash = hashSkillDir(skillDir);
+  const sessionHash = state.verified[baseName];
+
+  if (!sessionHash) {
+    process.stderr.write(`${RED}   ${baseName}: ${currentHash} (not verified at session start)${RESET}\n`);
+    denySkill(`Oathbound: skill "${baseName}" was not verified at session start`);
+  }
+
+  if (currentHash !== sessionHash) {
+    process.stderr.write(`${RED}   ${baseName}: ${currentHash} ≠ ${sessionHash} (tampered)${RESET}\n`);
+    denySkill(`Oathbound: skill "${baseName}" was modified since session start (tampering detected)`);
+  }
+
+  process.stderr.write(`${GREEN}   ${baseName}: ${currentHash} ✓${RESET}\n`);
+
+  // Hash matches — allow
+  process.exit(0);
+}