oathbound 0.7.0 → 0.8.0

package/auth.ts

@@ -10,7 +10,7 @@ import { BRAND, GREEN, DIM, BOLD, RESET, fail, spinner } from './ui';
 
 const SUPABASE_URL = 'https://mjnfqagwuewhgwbtrdgs.supabase.co';
 const SUPABASE_ANON_KEY = 'sb_publishable_T-rk0azNRqAMLLGCyadyhQ_ulk9685n';
-const API_BASE = process.env.OATHBOUND_API_URL ?? 'https://oathbound.ai';
+const API_BASE = process.env.OATHBOUND_API_URL ?? 'https://www.oathbound.ai';
 
 const AUTH_DIR = join(homedir(), '.oathbound');
 const AUTH_FILE = join(AUTH_DIR, 'auth.json');

package/cli.ts

@@ -25,7 +25,7 @@ export { stripJsoncComments, writeOathboundConfig, mergeClaudeSettings, type Mer
 export { isNewer } from './update';
 export { installDevDependency, type InstallResult, setup, addPrepareScript, type PrepareResult };
 
-const VERSION = '0.7.0';
+const VERSION = '0.8.0';
 
 // --- Supabase ---
 const SUPABASE_URL = 'https://mjnfqagwuewhgwbtrdgs.supabase.co';

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "oathbound",
-  "version": "0.7.0",
+  "version": "0.8.0",
   "description": "Install verified Claude Code skills from the Oath Bound registry",
   "license": "BUSL-1.1",
   "author": "Josh Anderson",
@@ -52,6 +52,7 @@
   },
   "dependencies": {
     "@clack/prompts": "^1.1.0",
-    "@supabase/supabase-js": "^2"
+    "@supabase/supabase-js": "^2",
+    "yaml": "^2.8.2"
   }
 }

package/push.ts

@@ -1,11 +1,12 @@
 import { existsSync, statSync } from 'node:fs';
 import { join, basename, resolve } from 'node:path';
 import { intro, outro } from '@clack/prompts';
+import { parse as yamlParse } from 'yaml';
 import { BRAND, GREEN, DIM, BOLD, RESET, fail, spinner } from './ui';
 import { getAccessToken } from './auth';
 import { collectFiles } from './content-hash';
 
-const API_BASE = process.env.OATHBOUND_API_URL ?? 'https://oathbound.ai';
+const API_BASE = process.env.OATHBOUND_API_URL ?? 'https://www.oathbound.ai';
 
 export async function push(pathArg?: string): Promise<void> {
   intro(BRAND);
@@ -29,24 +30,27 @@ export async function push(pathArg?: string): Promise<void> {
   }
 
   const meta = parseFrontmatter(skillMdFile.content.toString('utf-8'));
-  if (!meta.name) {
-    fail('SKILL.md frontmatter missing: name');
-  }
-  if (!meta.description) {
-    fail('SKILL.md frontmatter missing: description');
-  }
-  if (!meta.license) {
-    fail('SKILL.md frontmatter missing: license');
-  }
+  const name = String(meta.name ?? '');
+  const description = String(meta.description ?? '');
+  const license = String(meta.license ?? '');
+  if (!name) fail('SKILL.md frontmatter missing: name');
+  if (!description) fail('SKILL.md frontmatter missing: description');
+  if (!license) fail('SKILL.md frontmatter missing: license');
+
+  const oathboundMeta = (meta.meta as Record<string, unknown> | undefined)?.oathbound as Record<string, unknown> | undefined;
+  const originalAuthor = String(oathboundMeta?.['original-author'] ?? '');
 
   // Build files array with root dir prefix (API expects rootDir/path format)
   const files = rawFiles.map(f => ({
-    path: `${meta.name}/${f.path}`,
+    path: `${name}/${f.path}`,
     content: f.content.toString('utf-8'),
   }));
 
-  console.log(`${DIM}   name: ${meta.name}${RESET}`);
-  console.log(`${DIM}   license: ${meta.license}${RESET}`);
+  console.log(`${DIM}   name: ${name}${RESET}`);
+  console.log(`${DIM}   license: ${license}${RESET}`);
+  if (originalAuthor) {
+    console.log(`${DIM}   original author: ${originalAuthor}${RESET}`);
+  }
   console.log(`${DIM}   ${files.length} file(s)${RESET}`);
 
   // Authenticate
@@ -62,11 +66,12 @@ export async function push(pathArg?: string): Promise<void> {
       Authorization: `Bearer ${token}`,
     },
     body: JSON.stringify({
-      name: meta.name,
-      description: meta.description,
-      license: meta.license,
-      compatibility: meta.compatibility || null,
-      allowedTools: meta['allowed-tools'] || null,
+      name,
+      description,
+      license,
+      compatibility: String(meta.compatibility ?? '') || null,
+      allowedTools: String(meta['allowed-tools'] ?? '') || null,
+      originalAuthor: originalAuthor || null,
       files,
     }),
   });
@@ -109,18 +114,10 @@ function resolveSkillDir(pathArg?: string): string {
   );
 }
 
-/** Lightweight frontmatter parser (mirrors frontend/lib/skill-validator.ts) */
-function parseFrontmatter(content: string): Record<string, string> {
+/** Parse YAML frontmatter into a nested object */
+function parseFrontmatter(content: string): Record<string, unknown> {
   const match = content.match(/^---\s*\n([\s\S]*?)\n---\s*\n/);
   if (!match) return {};
-
-  const meta: Record<string, string> = {};
-  for (const line of match[1].split('\n')) {
-    const idx = line.indexOf(':');
-    if (idx === -1) continue;
-    const key = line.slice(0, idx).trim();
-    const value = line.slice(idx + 1).trim();
-    if (key) meta[key] = value;
-  }
-  return meta;
+  const parsed = yamlParse(match[1]);
+  return typeof parsed === 'object' && parsed !== null ? parsed as Record<string, unknown> : {};
 }

package/verify.ts

@@ -3,9 +3,9 @@ import {
   writeFileSync, readFileSync, existsSync,
   readdirSync, statSync,
 } from 'node:fs';
-import { join } from 'node:path';
+import { join, resolve } from 'node:path';
 import { tmpdir } from 'node:os';
-import { BRAND, TEAL, GREEN, RED, YELLOW, DIM, RESET } from './ui';
+import { BRAND, TEAL, GREEN, RED, YELLOW, DIM, BOLD, RESET } from './ui';
 import { hashSkillDir } from './content-hash';
 import { readOathboundConfig, type EnforcementLevel } from './config';
 
@@ -92,17 +92,51 @@ function skillNameFromCommand(command: string): string | null {
   return name || null;
 }
 
-function denySkill(reason: string): never {
+function denySkill(skillName: string, reason: string, enforcement: EnforcementLevel): never {
+  process.stderr.write(`\n${TEAL}${BOLD}⬡ oathbound${RESET} ${RED}${BOLD}✗ Blocked${RESET} skill ${BOLD}"${skillName}"${RESET} ${DIM}(${reason})${RESET}\n`);
+  process.stderr.write(`${DIM}  enforcement: ${enforcement} — switch to "warn" in .oathbound.jsonc for development${RESET}\n\n`);
   console.log(JSON.stringify({
     hookSpecificOutput: {
       hookEventName: 'PreToolUse',
       permissionDecision: 'deny',
-      permissionDecisionReason: reason,
+      permissionDecisionReason: `Oathbound: skill "${skillName}" blocked — ${reason} (enforcement: ${enforcement})`,
     },
   }));
   process.exit(0);
 }
 
+function warnSkill(skillName: string, reason: string): never {
+  process.stderr.write(`\n${TEAL}${BOLD}⬡ oathbound${RESET} ${YELLOW}⚠ Warning:${RESET} skill ${BOLD}"${skillName}"${RESET} ${DIM}(${reason})${RESET}\n\n`);
+  process.exit(0);
+}
+
+/** Check if a tool operation references a skill in another project, not ours. */
+function isExternalSkillAccess(
+  toolName: string,
+  toolInput: Record<string, unknown>,
+  skillsDir: string,
+  baseName: string,
+): boolean {
+  const resolvedSkillsDir = resolve(skillsDir);
+
+  if (toolName === 'Read') {
+    const p = String(toolInput.file_path ?? '');
+    if (p && !resolve(p).startsWith(resolvedSkillsDir)) return true;
+  }
+  if (toolName === 'Glob' || toolName === 'Grep') {
+    const p = String(toolInput.path ?? '');
+    if (p && !resolve(p).startsWith(resolvedSkillsDir)) return true;
+  }
+  if (toolName === 'Bash') {
+    const cmd = String(toolInput.command ?? '');
+    // If the command contains an absolute path to .claude/skills/baseName
+    // that ISN'T under our project's skills dir, it's external
+    if (cmd.includes('/.claude/skills/' + baseName) && !cmd.includes(resolvedSkillsDir)) return true;
+  }
+
+  return false;
+}
+
 // --- Verify (SessionStart hook) ---
 export async function verify(supabaseUrl: string, supabaseAnonKey: string): Promise<void> {
   let input: Record<string, unknown>;
@@ -233,7 +267,8 @@ export async function verify(supabaseUrl: string, supabaseAnonKey: string): Prom
     // Warn mode — all skills allowed but with warnings
     const warnLines = warnings.map((w) => `  ⚠ ${w.name}: ${w.reason}`).join('\n');
     const names = Object.keys(verified).join(', ');
-    process.stderr.write(`${YELLOW}Oathbound warnings (enforcement: warn):\n${warnLines}${RESET}\n`);
+    const warnHeader = `${TEAL}${BOLD}⬡ oathbound${RESET} ${YELLOW}⚠ Unverified skills (enforcement: warn):${RESET}`;
+    process.stderr.write(`${warnHeader}\n${warnLines}\n${DIM}  Skills allowed but not verified against registry.${RESET}\n`);
     console.log(JSON.stringify({
       hookSpecificOutput: {
         hookEventName: 'SessionStart',
@@ -242,8 +277,8 @@ export async function verify(supabaseUrl: string, supabaseAnonKey: string): Prom
     }));
     process.exit(0);
   } else {
-    const lines = rejected.map((r) => `  - ${r.name}: ${r.reason}`);
-    process.stderr.write(`Oathbound: skill verification failed! (enforcement: ${enforcement})\n${lines.join('\n')}\nDo NOT use unverified skills.\n`);
+    const lines = rejected.map((r) => `  ${RED}✗${RESET} ${r.name}: ${r.reason}`);
+    process.stderr.write(`\n${TEAL}${BOLD}⬡ oathbound${RESET} ${RED}${BOLD}✗ Skill verification failed${RESET} ${DIM}(enforcement: ${enforcement})${RESET}\n${lines.join('\n')}\n${DIM}  Do NOT use unverified skills.${RESET}\n\n`);
     process.exit(2);
   }
 }
@@ -284,6 +319,16 @@ export async function verifyCheck(): Promise<void> {
   // Not a skill-related operation — allow through
   if (!baseName) process.exit(0);
 
+  // Read enforcement config
+  const config = readOathboundConfig();
+  const enforcement: EnforcementLevel = config?.enforcement ?? 'warn';
+
+  // Check if the tool is accessing a skill in another project — not our concern
+  const skillsDir = findSkillsDir();
+  if (isExternalSkillAccess(toolName, toolInput, skillsDir, baseName)) {
+    process.exit(0);
+  }
+
   const stateFile = sessionStatePath(sessionId);
   if (!existsSync(stateFile)) process.exit(0);
 
@@ -296,24 +341,33 @@ export async function verifyCheck(): Promise<void> {
   }
 
   // Find the skill directory and re-hash
-  const skillsDir = findSkillsDir();
   const skillDir = join(skillsDir, baseName);
 
   if (!existsSync(skillDir) || !statSync(skillDir).isDirectory()) {
-    denySkill(`Oathbound: skill directory not found for "${baseName}"`);
+    if (enforcement === 'warn') {
+      warnSkill(baseName, 'not installed locally');
+    } else {
+      denySkill(baseName, 'not installed locally', enforcement);
+    }
   }
 
   const currentHash = hashSkillDir(skillDir);
   const sessionHash = state.verified[baseName];
 
   if (!sessionHash) {
-    process.stderr.write(`${RED}   ${baseName}: ${currentHash} (not verified at session start)${RESET}\n`);
-    denySkill(`Oathbound: skill "${baseName}" was not verified at session start`);
+    if (enforcement === 'warn') {
+      warnSkill(baseName, 'not verified at session start');
+    } else {
+      denySkill(baseName, 'not verified at session start', enforcement);
+    }
   }
 
   if (currentHash !== sessionHash) {
-    process.stderr.write(`${RED}   ${baseName}: ${currentHash} ≠ ${sessionHash} (tampered)${RESET}\n`);
-    denySkill(`Oathbound: skill "${baseName}" was modified since session start (tampering detected)`);
+    if (enforcement === 'warn') {
+      warnSkill(baseName, `modified since session start (${currentHash.slice(0, 8)}… ≠ ${sessionHash.slice(0, 8)}…)`);
+    } else {
+      denySkill(baseName, `modified since session start — tampering detected (${currentHash.slice(0, 8)}… ≠ ${sessionHash.slice(0, 8)}…)`, enforcement);
+    }
   }
 
   process.stderr.write(`${GREEN}   ${baseName}: ${currentHash} ✓${RESET}\n`);