oh-my-harness 0.3.2 → 0.4.1

package/dist/catalog/blocks/branch-guard.js

@@ -19,6 +19,7 @@ if echo "$COMMAND" | grep -qE "git commit|git push"; then
   [[ -z "$BRANCH" ]] && exit 0
   MAIN='{{mainBranch}}'
   if [[ "$BRANCH" == "$MAIN" ]] || [[ "$BRANCH" == "master" && "$MAIN" == "main" ]]; then
+    _log_event "block" "oh-my-harness: direct commits to $BRANCH are blocked. Create a feature branch."
     echo "{\\"decision\\": \\"block\\", \\"reason\\": \\"oh-my-harness: direct commits to $BRANCH are blocked. Create a feature branch.\\"}"
     exit 0
   fi
@@ -36,6 +37,7 @@ if echo "$COMMAND" | grep -qE "git commit|git push"; then
     fi
   fi
   if [[ "$MERGED" -eq 1 ]]; then
+    _log_event "block" "oh-my-harness: branch $BRANCH has already been merged to $MAIN. Create a new branch."
     echo "{\\"decision\\": \\"block\\", \\"reason\\": \\"oh-my-harness: branch $BRANCH has already been merged to $MAIN. Create a new branch.\\"}"
     exit 0
   fi

package/dist/catalog/blocks/command-guard.js

@@ -24,6 +24,7 @@ COMMAND=$(echo "$INPUT" | jq -r '.tool_input.command // empty' 2>/dev/null)
 PATTERNS=({{#each patterns}}"{{this}}" {{/each}})
 for PATTERN in "\${PATTERNS[@]}"; do
   if echo "$COMMAND" | grep -qF "$PATTERN"; then
+    _log_event "block" "oh-my-harness: command matches blocked pattern: $PATTERN"
     echo "{\\"decision\\": \\"block\\", \\"reason\\": \\"oh-my-harness: command matches blocked pattern: $PATTERN\\"}"
     exit 0
   fi

package/dist/catalog/blocks/commit-test-gate.js

@@ -17,6 +17,7 @@ COMMAND=$(echo "$INPUT" | jq -r '.tool_input.command // empty' 2>/dev/null)
 if echo "$COMMAND" | grep -qE "git commit"; then
   echo "oh-my-harness: Running {{testCommand}} before commit..." >&2
   if ! {{testCommand}} >&2 2>&1; then
+    _log_event "block" "oh-my-harness: pre-commit check failed"
     echo "{\\"decision\\": \\"block\\", \\"reason\\": \\"oh-my-harness: pre-commit check failed\\"}"
     exit 0
   fi

package/dist/catalog/blocks/commit-typecheck-gate.js

@@ -17,6 +17,7 @@ COMMAND=$(echo "$INPUT" | jq -r '.tool_input.command // empty' 2>/dev/null)
 if echo "$COMMAND" | grep -qE "git commit"; then
   echo "oh-my-harness: Running {{typecheckCommand}} before commit..." >&2
   if ! {{typecheckCommand}} >&2 2>&1; then
+    _log_event "block" "oh-my-harness: pre-commit check failed"
     echo "{\\"decision\\": \\"block\\", \\"reason\\": \\"oh-my-harness: pre-commit check failed\\"}"
     exit 0
   fi

package/dist/catalog/blocks/index.js

@@ -8,6 +8,7 @@ import { lintOnSave } from "./lint-on-save.js";
 import { formatOnSave } from "./format-on-save.js";
 import { autoPr } from "./auto-pr.js";
 import { secretFileGuard } from "./secret-file-guard.js";
+import { tddGuard } from "./tdd-guard.js";
 export const builtinBlocks = [
     branchGuard,
     commitTestGate,
@@ -19,4 +20,5 @@ export const builtinBlocks = [
     formatOnSave,
     autoPr,
     secretFileGuard,
+    tddGuard,
 ];

package/dist/catalog/blocks/lockfile-guard.js

@@ -25,6 +25,7 @@ BASENAME=$(basename "$FILE_PATH")
 LOCKFILES=({{#each lockfiles}}"{{this}}" {{/each}})
 for LOCKFILE in "\${LOCKFILES[@]}"; do
   if [[ "$BASENAME" == "$LOCKFILE" ]]; then
+    _log_event "block" "oh-my-harness: direct edits to lockfile $BASENAME are blocked. Use the package manager instead."
     echo "{\\"decision\\": \\"block\\", \\"reason\\": \\"oh-my-harness: direct edits to lockfile $BASENAME are blocked. Use the package manager instead.\\"}"
     exit 0
   fi

package/dist/catalog/blocks/path-guard.js

@@ -24,17 +24,20 @@ BLOCKED_PATHS=({{#each blockedPaths}}"{{this}}" {{/each}})
 for BLOCKED in "\${BLOCKED_PATHS[@]}"; do
   if [[ "$BLOCKED" == */ ]]; then
     if [[ "$FILE_PATH" == "$BLOCKED"* || "$FILE_PATH" == *"/$BLOCKED"* ]]; then
+      _log_event "block" "oh-my-harness: file path matches blocked directory: $BLOCKED"
       echo "{\\"decision\\": \\"block\\", \\"reason\\": \\"oh-my-harness: file path matches blocked directory: $BLOCKED\\"}"
       exit 0
     fi
   elif [[ "$BLOCKED" == \\** ]]; then
     PATTERN="\${BLOCKED#\\*}"
     if [[ "$FILE_PATH" == *"$PATTERN" ]]; then
+      _log_event "block" "oh-my-harness: file path matches blocked pattern: $BLOCKED"
       echo "{\\"decision\\": \\"block\\", \\"reason\\": \\"oh-my-harness: file path matches blocked pattern: $BLOCKED\\"}"
       exit 0
     fi
   else
     if [[ "$FILE_PATH" == "$BLOCKED" || "$FILE_PATH" == *"/$BLOCKED" ]]; then
+      _log_event "block" "oh-my-harness: file path matches blocked path: $BLOCKED"
       echo "{\\"decision\\": \\"block\\", \\"reason\\": \\"oh-my-harness: file path matches blocked path: $BLOCKED\\"}"
       exit 0
     fi

package/dist/catalog/blocks/secret-file-guard.js

@@ -25,6 +25,7 @@ BASENAME=$(basename "$FILE_PATH")
 PATTERNS=({{#each patterns}}"{{this}}" {{/each}})
 for PATTERN in "\${PATTERNS[@]}"; do
   if [[ "$BASENAME" == $PATTERN ]]; then
+    _log_event "block" "oh-my-harness: file $BASENAME matches secret file pattern: $PATTERN"
     echo "{\\"decision\\": \\"block\\", \\"reason\\": \\"oh-my-harness: file $BASENAME matches secret file pattern: $PATTERN\\"}"
     exit 0
   fi

package/dist/catalog/blocks/tdd-guard.d.ts

@@ -0,0 +1,2 @@
+import type { BuildingBlock } from "../types.js";
+export declare const tddGuard: BuildingBlock;

package/dist/catalog/blocks/tdd-guard.js

@@ -0,0 +1,82 @@
+export const tddGuard = {
+    id: "tdd-guard",
+    name: "TDD Guard",
+    description: "Blocks source file edits unless corresponding test file was modified first",
+    category: "quality",
+    event: "PreToolUse",
+    matcher: "Edit|Write",
+    canBlock: true,
+    params: [
+        {
+            name: "srcPattern",
+            type: "string",
+            description: "Regex pattern for source files to guard (default: .ts/.tsx/.js/.jsx)",
+            required: false,
+            default: "\\.(ts|tsx|js|jsx)$",
+        },
+        {
+            name: "testPattern",
+            type: "string",
+            description: "Regex pattern for test files (default: .test.ts/.spec.ts etc.)",
+            required: false,
+            default: "\\.(test|spec)\\.(ts|tsx|js|jsx)$",
+        },
+    ],
+    template: `#!/bin/bash
+set -euo pipefail
+INPUT=$(cat)
+FILE_PATH=$(echo "\$INPUT" | jq -r '.tool_input.file_path // .tool_input.path // empty' 2>/dev/null)
+[[ -z "\$FILE_PATH" ]] && exit 0
+
+# 비코드 파일은 통과
+case "\$FILE_PATH" in
+  *.json|*.yaml|*.yml|*.md|*.sh|*.css|*.html|*.svg|*.png|*.jpg) exit 0 ;;
+esac
+
+# edit-history 상태 파일
+STATE_DIR=".claude/hooks/.state"
+HISTORY_FILE="\$STATE_DIR/edit-history.json"
+mkdir -p "\$STATE_DIR" 2>/dev/null || true
+
+if echo "\$FILE_PATH" | grep -qE '{{testPattern}}'; then
+  # 테스트 파일 수정 → 기록 + 통과
+  if [[ ! -f "\$HISTORY_FILE" ]]; then
+    echo '{"edits":[]}' > "\$HISTORY_FILE"
+  fi
+  UPDATED=$(jq --arg f "\$FILE_PATH" '.edits += [$f] | .edits |= unique' "\$HISTORY_FILE" 2>/dev/null) || true
+  if [[ -n "\$UPDATED" ]]; then
+    echo "\$UPDATED" > "\$HISTORY_FILE"
+  fi
+  exit 0
+fi
+
+# 소스 파일 (.ts/.tsx/.js/.jsx) 이 아니면 통과
+if ! echo "\$FILE_PATH" | grep -qE '{{srcPattern}}'; then
+  exit 0
+fi
+
+# 대응 테스트 파일 확인
+BASENAME=$(basename "\$FILE_PATH" | sed -E 's/\\.(ts|tsx|js|jsx)$//')
+TEST_SUFFIX=".test."
+
+if [[ ! -f "\$HISTORY_FILE" ]]; then
+  _log_event "block" "oh-my-harness: TDD — \${BASENAME}\${TEST_SUFFIX}* 테스트 파일을 먼저 수정하세요"
+  echo "{\\"decision\\": \\"block\\", \\"reason\\": \\"oh-my-harness: TDD — \${BASENAME}\${TEST_SUFFIX}* 테스트 파일을 먼저 수정하세요\\"}"
+  exit 0
+fi
+
+# edit-history에서 테스트 파일 검색
+if jq -e --arg b "\$BASENAME" '.edits[] | select(contains($b + ".test.") or contains($b + ".spec."))' "\$HISTORY_FILE" >/dev/null 2>&1; then
+  # 테스트 먼저 수정됨 → 소스 기록 + 통과
+  UPDATED=$(jq --arg f "\$FILE_PATH" '.edits += [$f] | .edits |= unique' "\$HISTORY_FILE" 2>/dev/null) || true
+  if [[ -n "\$UPDATED" ]]; then
+    echo "\$UPDATED" > "\$HISTORY_FILE"
+  fi
+  exit 0
+fi
+
+_log_event "block" "oh-my-harness: TDD — \${BASENAME}\${TEST_SUFFIX}* 테스트 파일을 먼저 수정하세요"
+echo "{\\"decision\\": \\"block\\", \\"reason\\": \\"oh-my-harness: TDD — \${BASENAME}\${TEST_SUFFIX}* 테스트 파일을 먼저 수정하세요\\"}"
+exit 0`,
+    tags: ["tdd", "workflow", "quality"],
+};

package/dist/cli/event-logger.d.ts

@@ -0,0 +1,21 @@
+export interface HookEvent {
+    ts: string;
+    event: string;
+    hook: string;
+    decision: "block" | "allow";
+    reason?: string;
+    tool?: string;
+}
+export declare function appendEvent(projectDir: string, hookEvent: HookEvent): Promise<void>;
+export declare function readEvents(projectDir: string): Promise<HookEvent[]>;
+export declare function getSessionEvents(projectDir: string, since?: Date): Promise<HookEvent[]>;
+export interface EventStats {
+    totalEvents: number;
+    blockCount: number;
+    allowCount: number;
+    byHook: Record<string, {
+        block: number;
+        allow: number;
+    }>;
+}
+export declare function aggregateStats(events: HookEvent[]): EventStats;

package/dist/cli/event-logger.js

@@ -0,0 +1,64 @@
+import fs from "node:fs/promises";
+import path from "node:path";
+const STATE_DIR = ".claude/hooks/.state";
+const EVENTS_FILE = "events.jsonl";
+export async function appendEvent(projectDir, hookEvent) {
+    const stateDir = path.join(projectDir, STATE_DIR);
+    await fs.mkdir(stateDir, { recursive: true });
+    const filePath = path.join(stateDir, EVENTS_FILE);
+    await fs.appendFile(filePath, JSON.stringify(hookEvent) + "\n", "utf-8");
+}
+export async function readEvents(projectDir) {
+    const filePath = path.join(projectDir, STATE_DIR, EVENTS_FILE);
+    let content;
+    try {
+        content = await fs.readFile(filePath, "utf-8");
+    }
+    catch {
+        return [];
+    }
+    const events = [];
+    for (const line of content.split("\n")) {
+        const trimmed = line.trim();
+        if (!trimmed)
+            continue;
+        try {
+            const parsed = JSON.parse(trimmed);
+            if (typeof parsed.ts === "string" &&
+                typeof parsed.event === "string" &&
+                typeof parsed.hook === "string" &&
+                (parsed.decision === "block" || parsed.decision === "allow")) {
+                events.push(parsed);
+            }
+        }
+        catch {
+            // 잘못된 줄 무시
+        }
+    }
+    return events;
+}
+export async function getSessionEvents(projectDir, since) {
+    const events = await readEvents(projectDir);
+    if (!since)
+        return events;
+    return events.filter((e) => new Date(e.ts) >= since);
+}
+export function aggregateStats(events) {
+    const stats = {
+        totalEvents: events.length,
+        blockCount: 0,
+        allowCount: 0,
+        byHook: {},
+    };
+    for (const e of events) {
+        if (e.decision === "block")
+            stats.blockCount++;
+        else
+            stats.allowCount++;
+        if (!stats.byHook[e.hook]) {
+            stats.byHook[e.hook] = { block: 0, allow: 0 };
+        }
+        stats.byHook[e.hook][e.decision]++;
+    }
+    return stats;
+}

package/dist/core/generator.js

@@ -15,7 +15,7 @@ export async function generate(options) {
     await generateSettings({ projectDir, config, hooksOutput });
     files.push(`${projectDir}/.claude/settings.json`);
     // Update .gitignore
-    await updateGitignore(projectDir, [".claude/hooks/"]);
+    await updateGitignore(projectDir, [".claude/hooks/", ".claude/hooks/.state/"]);
     files.push(`${projectDir}/.gitignore`);
     return { files };
 }

package/dist/detector/detectors/node.js

@@ -18,6 +18,24 @@ async function readJsonFile(filePath) {
         return null;
     }
 }
+/**
+ * Resolve scripts.test content into a direct executable command.
+ * - Prevents watch mode hang (vitest → vitest run)
+ * - Adds npx prefix for direct runner invocation
+ */
+function resolveTestCommand(testScript) {
+    const trimmed = testScript.trim();
+    // vitest without "run" → add --run to prevent watch mode
+    if (/^vitest$/.test(trimmed)) {
+        return "npx vitest run";
+    }
+    // Known runners: prefix with npx if not already
+    if (/^(vitest|jest|mocha)\b/.test(trimmed)) {
+        return trimmed.startsWith("npx ") ? trimmed : `npx ${trimmed}`;
+    }
+    // Unknown script content: use as-is (e.g. custom shell commands)
+    return trimmed;
+}
 export const nodeDetector = {
     name: "node",
     detect: async (projectDir) => {
@@ -53,19 +71,18 @@ export const nodeDetector = {
             packageManagers.push("npm");
             detectedFiles.push("package-lock.json");
         }
-        // Determine lint command prefix and test command based on package manager
+        // Determine lint command prefix based on package manager
         const lintCmd = pm === "npm" ? "npm run lint" : `${pm} lint`;
-        const testCmdDefault = pm === "npm" ? "npm test" : `${pm} test`;
         // Read package.json to inspect scripts
         const pkg = await readJsonFile(packageJsonPath);
         const scripts = pkg && typeof pkg.scripts === "object" && pkg.scripts !== null
             ? pkg.scripts
             : {};
-        // Detect test runner from scripts.test
-        const testScript = scripts["test"];
-        testCommands.push(testCmdDefault);
-        if (testScript && /vitest|jest|mocha/.test(testScript) && testScript !== testCmdDefault) {
-            testCommands.push(testScript);
+        // Detect test runner from scripts.test — use direct command instead of npm test wrapper
+        const rawTestScript = scripts["test"];
+        if (typeof rawTestScript === "string" && rawTestScript.trim().length > 0) {
+            const resolved = resolveTestCommand(rawTestScript);
+            testCommands.push(resolved);
         }
         lintCommands.push(lintCmd);
         // Detect Next.js

package/dist/generators/hooks.d.ts

@@ -1,4 +1,5 @@
 import type { MergedConfig } from "../core/preset-types.js";
+export declare function wrapWithLogger(script: string, event?: string): string;
 export interface GenerateHooksOptions {
     projectDir: string;
     config: MergedConfig;

package/dist/generators/hooks.js

@@ -1,5 +1,37 @@
 import { mkdir, writeFile, chmod } from "node:fs/promises";
 import { join } from "node:path";
+function buildLoggerSnippet(event) {
+    return `# --- oh-my-harness event logger ---
+_OMH_STATE_DIR=".claude/hooks/.state"
+mkdir -p "$_OMH_STATE_DIR" 2>/dev/null || true
+_OMH_HOOK_NAME="$(basename "$0")"
+_OMH_EVENT="${event}"
+_OMH_LOGGED=0
+_log_event() {
+  _OMH_LOGGED=1
+  local decision="\${1:-allow}" reason="\${2:-}"
+  printf '{"ts":"%s","event":"%s","hook":"%s","decision":"%s","reason":"%s"}\\n' \\
+    "$(date -u +%Y-%m-%dT%H:%M:%SZ)" "$_OMH_EVENT" "$_OMH_HOOK_NAME" "$decision" "$reason" \\
+    >> "$_OMH_STATE_DIR/events.jsonl"
+}
+trap '[ "$_OMH_LOGGED" -eq 0 ] && _log_event "allow"' EXIT
+# --- end logger ---`;
+}
+export function wrapWithLogger(script, event = "unknown") {
+    const snippet = buildLoggerSnippet(event);
+    if (script.includes("INPUT=$(cat)")) {
+        return script.replace("INPUT=$(cat)", `INPUT=$(cat)\n\n${snippet}`);
+    }
+    if (script.includes("set -euo pipefail")) {
+        return script.replace("set -euo pipefail", `set -euo pipefail\n\n${snippet}`);
+    }
+    // shebang 패턴: #!/bin/bash, #!/usr/bin/env bash, #!/bin/sh 등
+    const shebangMatch = script.match(/^#!.+$/m);
+    if (shebangMatch) {
+        return script.replace(shebangMatch[0], `${shebangMatch[0]}\n\n${snippet}`);
+    }
+    return `${snippet}\n${script}`;
+}
 export async function generateHooks(options) {
     const { projectDir, config } = options;
     const hooksDir = join(projectDir, ".claude/hooks");
@@ -20,7 +52,8 @@ export async function generateHooks(options) {
         const safeId = hook.id.replace(/[^a-zA-Z0-9_-]/g, "");
         const scriptName = `${safeId}.sh`;
         const scriptPath = join(hooksDir, scriptName);
-        await writeFile(scriptPath, hook.inline, "utf8");
+        const wrappedScript = wrapWithLogger(hook.inline, hook.event);
+        await writeFile(scriptPath, wrappedScript, "utf8");
         await chmod(scriptPath, 0o755);
         generatedFiles.push(scriptPath);
         const entry = {

package/dist/nl/prompt-templates.js

@@ -40,15 +40,18 @@ Do NOT guess commands — use the detected values above.\n`;
 export function buildHarnessGenerationPrompt(description, catalogBlocks, projectFacts) {
     const factsSection = projectFacts ? buildProjectFactsSection(projectFacts) : "";
     const catalogSection = catalogBlocks && catalogBlocks.length > 0
-        ? `\nAvailable building blocks (use in the hooks field):
+        ? `\nAvailable building blocks (MUST use in the hooks field — prefer hooks over enforcement):
 ${catalogBlocks
             .map((b) => {
             const paramDesc = b.params.length > 0
-                ? ` Params: ${b.params.map((p) => `${p.name}${p.required ? " (required)" : p.default !== undefined ? ` (default: ${String(p.default)})` : ""}`).join(", ")}`
+                ? ` params: ${b.params.map((p) => `${p.name}${p.required ? " (required)" : p.default !== undefined ? ` (default: ${String(p.default)})` : ""}`).join(", ")}`
                 : "";
-            return `- ${b.id}: ${b.description}.${paramDesc}`;
+            return `- block: ${b.id} — ${b.description}.${paramDesc}`;
         })
-            .join("\n")}\n`
+            .join("\n")}
+
+IMPORTANT: Match the user's description to the most relevant blocks above. Use hooks for ALL enforcement that has a matching block. Only use enforcement as a fallback for commands with no matching block.
+`
         : "";
     return `You are a configuration generator for oh-my-harness, an AI code agent harness tool. Given a project description, generate a complete harness.yaml configuration in YAML format. Return ONLY the YAML content with no markdown formatting.
 
@@ -57,7 +60,8 @@ The harness.yaml schema has these fields:
 - project: object with name (optional string), description (optional string), stacks (array of {name, framework, language, packageManager?, testRunner?, linter?})
 - rules: array of {id, title, content (markdown), priority (number, lower = higher in file)}
 - enforcement: object with preCommit (array of full executable shell commands like "pnpm test", "npx eslint", "npx tsc --noEmit"), blockedPaths (array of glob patterns), blockedCommands (array of dangerous commands), postSave (array of {pattern, command})
-- hooks: array of {block, params} — use catalog building blocks instead of manual enforcement where possible (preferred for new configs)
+- hooks: array of {block, params} — MUST use catalog building blocks here. This is the primary mechanism for enforcement. Match user requirements to available blocks.
+- enforcement: fallback for commands with no matching block. Only use enforcement.preCommit when no catalog block covers the use case.
 - permissions: object with allow (array of permission strings like "Bash(npm test*)") and deny (array)
 ${catalogSection}${factsSection}
 Example 1 - Next.js app:
@@ -87,15 +91,24 @@ rules:
       - Use vitest + @testing-library/react for component tests
       - Every component MUST have a corresponding .test.tsx file
     priority: 21
-enforcement:
-  preCommit: ["pnpm test", "npx eslint .", "npx tsc --noEmit"]
-  blockedPaths: [".next/", "node_modules/", "*.min.js"]
-  blockedCommands: ["rm -rf /", "sudo rm"]
-  postSave:
-    - pattern: "*.ts"
-      command: "eslint --fix"
-    - pattern: "*.tsx"
-      command: "eslint --fix"
+hooks:
+  - block: branch-guard
+  - block: commit-test-gate
+    params:
+      testCommand: "pnpm test"
+  - block: commit-typecheck-gate
+    params:
+      typecheckCommand: "npx tsc --noEmit"
+  - block: lint-on-save
+    params:
+      lintCommand: "npx eslint --fix"
+      pattern: "*.{ts,tsx}"
+  - block: path-guard
+    params:
+      blockedPaths: ".next/,node_modules/,*.min.js"
+  - block: command-guard
+    params:
+      blockedCommands: "rm -rf /,sudo rm"
 permissions:
   allow:
     - "Bash(pnpm install*)"
@@ -125,13 +138,21 @@ rules:
       - Use Pydantic v2 models for all request/response schemas
       - Use dependency injection for database sessions, auth, and shared services
     priority: 20
-enforcement:
-  preCommit: ["uv run pytest", "uv run ruff check"]
-  blockedPaths: ["__pycache__/", ".venv/", "*.pyc"]
-  blockedCommands: ["rm -rf /", "sudo rm", "pip install"]
-  postSave:
-    - pattern: "*.py"
-      command: "ruff check --fix"
+hooks:
+  - block: branch-guard
+  - block: commit-test-gate
+    params:
+      testCommand: "uv run pytest"
+  - block: lint-on-save
+    params:
+      lintCommand: "ruff check --fix"
+      pattern: "*.py"
+  - block: path-guard
+    params:
+      blockedPaths: "__pycache__/,.venv/,*.pyc"
+  - block: command-guard
+    params:
+      blockedCommands: "rm -rf /,sudo rm,pip install"
 permissions:
   allow:
     - "Bash(pytest*)"

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "oh-my-harness",
-  "version": "0.3.2",
+  "version": "0.4.1",
   "description": "Tame your AI coding agents with natural language",
   "type": "module",
   "bin": {