pumuki-ast-hooks 5.5.60 → 5.6.0

package/scripts/hooks-system/infrastructure/cascade-hooks/claude-code-hook.sh

@@ -0,0 +1,127 @@
+#!/bin/bash
+# =============================================================================
+# 🚀 Claude Code Hook - PreToolUse (Write/Edit)
+# =============================================================================
+#
+# Este hook se ejecuta ANTES de que Claude Code escriba o edite archivos.
+# Usa AST Intelligence para validar el código propuesto y BLOQUEAR
+# si hay violaciones críticas.
+#
+# Configuración en ~/.config/claude-code/settings.json:
+# {
+#   "hooks": {
+#     "PreToolUse": [
+#       {
+#         "matcher": "Write",
+#         "hooks": [{ "type": "command", "command": "/path/to/claude-code-hook.sh" }]
+#       },
+#       {
+#         "matcher": "Edit", 
+#         "hooks": [{ "type": "command", "command": "/path/to/claude-code-hook.sh" }]
+#       }
+#     ]
+#   }
+# }
+#
+# Exit codes:
+# - 0: Permitir escritura
+# - 2: BLOQUEAR escritura (violaciones críticas)
+#
+# Author: Pumuki Team®
+# =============================================================================
+
+set -e
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+REPO_ROOT="$(git rev-parse --show-toplevel 2>/dev/null || echo "$PWD")"
+LOG_FILE="$REPO_ROOT/.audit_tmp/claude-code-hook.log"
+
+log() {
+    local level="$1"
+    local message="$2"
+    local timestamp=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
+    mkdir -p "$(dirname "$LOG_FILE")"
+    echo "[$timestamp] [$level] $message" >> "$LOG_FILE"
+    
+    if [ -n "$DEBUG" ]; then
+        echo "[$timestamp] [$level] $message" >&2
+    fi
+}
+
+# Leer JSON de stdin
+input=$(cat)
+
+log "INFO" "Claude Code hook triggered"
+
+# Extraer tool_name del input
+tool_name=$(echo "$input" | jq -r '.tool_name // .tool // "unknown"' 2>/dev/null || echo "unknown")
+log "INFO" "Tool: $tool_name"
+
+# Solo procesar Write y Edit
+if [[ "$tool_name" != "Write" && "$tool_name" != "Edit" ]]; then
+    log "INFO" "Skipping non-write tool: $tool_name"
+    exit 0
+fi
+
+# Extraer file_path y content
+file_path=$(echo "$input" | jq -r '.tool_input.file_path // .file_path // ""' 2>/dev/null || echo "")
+content=$(echo "$input" | jq -r '.tool_input.content // .content // ""' 2>/dev/null || echo "")
+
+if [ -z "$file_path" ]; then
+    log "WARN" "No file_path in input"
+    exit 0
+fi
+
+log "INFO" "Analyzing: $file_path"
+
+# Skip test files (TDD allowed)
+if [[ "$file_path" =~ \.(spec|test)\.(js|ts|swift|kt)$ ]]; then
+    log "INFO" "TDD: Test file allowed: $file_path"
+    exit 0
+fi
+
+# Ejecutar análisis AST si hay contenido
+if [ -n "$content" ]; then
+    # Llamar al analizador Node.js
+    analysis_result=$(echo "$content" | node -e "
+        const path = require('path');
+        const repoRoot = '$REPO_ROOT';
+        const filePath = '$file_path';
+        
+        let input = '';
+        process.stdin.on('data', chunk => input += chunk);
+        process.stdin.on('end', () => {
+            try {
+                const { analyzeCodeInMemory } = require(path.join(repoRoot, 'scripts/hooks-system/infrastructure/ast/ast-core'));
+                const result = analyzeCodeInMemory(input, filePath);
+                console.log(JSON.stringify(result));
+            } catch (e) {
+                console.log(JSON.stringify({ success: false, error: e.message, hasCritical: false }));
+            }
+        });
+    " 2>/dev/null || echo '{"success":false,"hasCritical":false}')
+
+    has_critical=$(echo "$analysis_result" | jq -r '.hasCritical // false' 2>/dev/null || echo "false")
+
+    if [ "$has_critical" = "true" ]; then
+        violations=$(echo "$analysis_result" | jq -r '.violations[] | select(.severity == "CRITICAL") | "  ❌ [\(.ruleId)] \(.message)"' 2>/dev/null || echo "Unknown violations")
+        
+        log "BLOCKED" "Critical violations in $file_path"
+        
+        # Salida a stderr para que Claude Code la procese
+        echo "" >&2
+        echo "🚫 AST INTELLIGENCE BLOCKED THIS WRITE" >&2
+        echo "═══════════════════════════════════════" >&2
+        echo "File: $file_path" >&2
+        echo "" >&2
+        echo "$violations" >&2
+        echo "" >&2
+        echo "Fix these violations before writing." >&2
+        echo "═══════════════════════════════════════" >&2
+        
+        exit 2  # BLOQUEAR
+    fi
+fi
+
+log "ALLOWED" "No critical violations in $file_path"
+exit 0

package/scripts/hooks-system/infrastructure/cascade-hooks/post-write-code-hook.js

@@ -0,0 +1,72 @@
+#!/usr/bin/env node
+/**
+ * =============================================================================
+ * Cascade Hook - post_write_code (Logging & Analytics)
+ * =============================================================================
+ * 
+ * This hook is executed by Windsurf AFTER code is written.
+ * It logs the write operation for analytics and audit trail.
+ * 
+ * Author: Pumuki Team®
+ * =============================================================================
+ */
+
+const path = require('path');
+const fs = require('fs');
+
+const REPO_ROOT = (() => {
+    try {
+        const { execSync } = require('child_process');
+        return execSync('git rev-parse --show-toplevel', { encoding: 'utf-8' }).trim();
+    } catch (error) {
+        return process.cwd();
+    }
+})();
+
+const LOG_FILE = path.join(REPO_ROOT, '.audit_tmp', 'cascade-writes.log');
+
+async function main() {
+    let inputData = '';
+
+    for await (const chunk of process.stdin) {
+        inputData += chunk;
+    }
+
+    let hookInput;
+    try {
+        hookInput = JSON.parse(inputData);
+    } catch (error) {
+        process.exit(0);
+    }
+
+    const { agent_action_name, tool_info, timestamp, trajectory_id } = hookInput;
+
+    if (agent_action_name !== 'post_write_code') {
+        process.exit(0);
+    }
+
+    const filePath = tool_info?.file_path || 'unknown';
+    const edits = tool_info?.edits || [];
+
+    const logEntry = {
+        timestamp: timestamp || new Date().toISOString(),
+        trajectory_id,
+        file: filePath,
+        edits_count: edits.length,
+        total_chars_added: edits.reduce((sum, e) => sum + (e.new_string?.length || 0), 0),
+        total_chars_removed: edits.reduce((sum, e) => sum + (e.old_string?.length || 0), 0)
+    };
+
+    try {
+        fs.mkdirSync(path.dirname(LOG_FILE), { recursive: true });
+        fs.appendFileSync(LOG_FILE, JSON.stringify(logEntry) + '\n');
+    } catch (error) {
+        if (process.env.DEBUG) {
+            process.stderr.write(`[post-write-hook] Log write failed: ${error.message}\n`);
+        }
+    }
+
+    process.exit(0);
+}
+
+main().catch(() => process.exit(0));

package/scripts/hooks-system/infrastructure/cascade-hooks/pre-write-code-hook.js

@@ -0,0 +1,167 @@
+#!/usr/bin/env node
+/**
+ * =============================================================================
+ * 🚀 REVOLUTIONARY: Cascade Hook - pre_write_code
+ * =============================================================================
+ * 
+ * This hook is executed by Windsurf BEFORE any code is written.
+ * It uses AST Intelligence to validate the proposed code and BLOCKS
+ * the write if critical violations are detected.
+ * 
+ * Exit codes:
+ * - 0: Allow the write
+ * - 2: BLOCK the write (critical violations)
+ * - 1: Error (allow write, log error)
+ * 
+ * Author: Pumuki Team®
+ * =============================================================================
+ */
+
+const path = require('path');
+const fs = require('fs');
+
+function getRepoRoot(filePath) {
+    if (filePath) {
+        const { execSync } = require('child_process');
+        try {
+            return execSync('git rev-parse --show-toplevel', {
+                encoding: 'utf-8',
+                cwd: path.dirname(filePath)
+            }).trim();
+        } catch (e) {
+            if (process.env.DEBUG) {
+                process.stderr.write(`[pre-write-hook] Git root lookup failed: ${e.message}\n`);
+            }
+        }
+    }
+    // Fallback: this script is in scripts/hooks-system/infrastructure/cascade-hooks/
+    return path.resolve(__dirname, '..', '..', '..', '..');
+}
+
+let REPO_ROOT = path.resolve(__dirname, '..', '..', '..', '..');
+
+const LOG_FILE = path.join(REPO_ROOT, '.audit_tmp', 'cascade-hook.log');
+
+function log(message) {
+    const timestamp = new Date().toISOString();
+    const logLine = `[${timestamp}] ${message}\n`;
+
+    try {
+        fs.mkdirSync(path.dirname(LOG_FILE), { recursive: true });
+        fs.appendFileSync(LOG_FILE, logLine);
+    } catch (error) {
+        if (process.env.DEBUG) {
+            process.stderr.write(`[pre-write-hook] Log write failed: ${error.message}\n`);
+        }
+    }
+
+    if (process.env.DEBUG) {
+        process.stderr.write(logLine);
+    }
+}
+
+async function main() {
+    let inputData = '';
+
+    // Read JSON from stdin
+    for await (const chunk of process.stdin) {
+        inputData += chunk;
+    }
+
+    let hookInput;
+    try {
+        hookInput = JSON.parse(inputData);
+    } catch (error) {
+        log(`ERROR: Failed to parse hook input: ${error.message}`);
+        process.exit(1); // Error, allow write
+    }
+
+    const { agent_action_name, tool_info } = hookInput;
+
+    if (agent_action_name !== 'pre_write_code') {
+        log(`SKIP: Not a pre_write_code event: ${agent_action_name}`);
+        process.exit(0);
+    }
+
+    const filePath = tool_info?.file_path;
+    const edits = tool_info?.edits || [];
+
+    if (!filePath) {
+        log('WARN: No file_path in tool_info');
+        process.exit(0);
+    }
+
+    // Update REPO_ROOT based on the file being edited
+    REPO_ROOT = getRepoRoot(filePath);
+
+    log(`ANALYZING: ${filePath} (${edits.length} edits) [REPO: ${REPO_ROOT}]`);
+
+    // Skip test files from blocking (allow TDD flow)
+    if (/\.(spec|test)\.(js|ts|swift|kt)$/.test(filePath)) {
+        log(`ALLOW: Test file detected - TDD cycle allowed: ${filePath}`);
+        process.exit(0);
+    }
+
+    // Load AST analyzer
+    let analyzeCodeInMemory;
+    try {
+        const astCore = require(path.join(REPO_ROOT, 'scripts/hooks-system/infrastructure/ast/ast-core'));
+        analyzeCodeInMemory = astCore.analyzeCodeInMemory;
+    } catch (error) {
+        log(`ERROR: Failed to load AST analyzer: ${error.message}`);
+        process.exit(1); // Error, allow write (graceful degradation)
+    }
+
+    // Analyze each edit
+    const allViolations = [];
+
+    for (const edit of edits) {
+        const newCode = edit.new_string || '';
+
+        if (!newCode || newCode.trim().length === 0) {
+            continue;
+        }
+
+        try {
+            const analysis = analyzeCodeInMemory(newCode, filePath);
+
+            if (analysis.hasCritical) {
+                allViolations.push(...analysis.violations.filter(v => v.severity === 'CRITICAL'));
+            }
+        } catch (error) {
+            log(`WARN: AST analysis failed for edit: ${error.message}`);
+        }
+    }
+
+    if (allViolations.length > 0) {
+        const errorMessage = [
+            '',
+            '🚫 ═══════════════════════════════════════════════════════════════',
+            '🚫 AST INTELLIGENCE BLOCKED THIS WRITE',
+            '🚫 ═══════════════════════════════════════════════════════════════',
+            '',
+            `📁 File: ${filePath}`,
+            `❌ Critical Violations: ${allViolations.length}`,
+            '',
+            ...allViolations.map((v, i) => `  ${i + 1}. [${v.ruleId}] ${v.message}`),
+            '',
+            '🔧 FIX THESE VIOLATIONS BEFORE WRITING:',
+            ...allViolations.slice(0, 3).map(v => `  → ${v.message}`),
+            '',
+            '═══════════════════════════════════════════════════════════════',
+            ''
+        ].join('\n');
+
+        log(`BLOCKED: ${allViolations.length} critical violations in ${filePath}`);
+        process.stderr.write(errorMessage);
+        process.exit(2); // EXIT CODE 2 = BLOCK THE WRITE
+    }
+
+    log(`ALLOWED: No critical violations in ${filePath}`);
+    process.exit(0);
+}
+
+main().catch(error => {
+    log(`FATAL ERROR: ${error.message}`);
+    process.exit(1);
+});

package/scripts/hooks-system/infrastructure/cascade-hooks/universal-hook-adapter.js

@@ -0,0 +1,186 @@
+#!/usr/bin/env node
+/**
+ * =============================================================================
+ * 🌐 UNIVERSAL: IDE-Agnostic Hook Adapter
+ * =============================================================================
+ * 
+ * This adapter works with ANY IDE that supports hooks:
+ * - Windsurf: pre_write_code, post_write_code
+ * - Cursor: afterFileEdit
+ * - Claude Code: afterFileEdit
+ * 
+ * For IDEs without pre-write hooks, the Git pre-commit is the 100% fallback.
+ * 
+ * Author: Pumuki Team®
+ * =============================================================================
+ */
+
+const path = require('path');
+const fs = require('fs');
+
+const REPO_ROOT = (() => {
+    try {
+        const { execSync } = require('child_process');
+        return execSync('git rev-parse --show-toplevel', { encoding: 'utf-8' }).trim();
+    } catch (error) {
+        return process.cwd();
+    }
+})();
+
+const LOG_FILE = path.join(REPO_ROOT, '.audit_tmp', 'universal-hook.log');
+
+function log(level, message) {
+    const timestamp = new Date().toISOString();
+    const logLine = `[${timestamp}] [${level}] ${message}\n`;
+
+    try {
+        fs.mkdirSync(path.dirname(LOG_FILE), { recursive: true });
+        fs.appendFileSync(LOG_FILE, logLine);
+    } catch (writeError) {
+        if (process.env.DEBUG) {
+            process.stderr.write(`[universal-hook] Log failed: ${writeError.message}\n`);
+        }
+    }
+
+    if (process.env.DEBUG || level === 'ERROR') {
+        process.stderr.write(logLine);
+    }
+}
+
+function detectIDE() {
+    if (process.env.WINDSURF_SESSION_ID) return 'windsurf';
+    if (process.env.CURSOR_SESSION_ID) return 'cursor';
+    if (process.env.CLAUDE_CODE_SESSION) return 'claude-code';
+    if (process.env.KILO_CODE_SESSION) return 'kilo-code';
+
+    const parentProcess = process.env._ || '';
+    if (parentProcess.includes('windsurf')) return 'windsurf';
+    if (parentProcess.includes('cursor')) return 'cursor';
+    if (parentProcess.includes('claude')) return 'claude-code';
+
+    return 'unknown';
+}
+
+function analyzeCode(code, filePath) {
+    try {
+        const { analyzeCodeInMemory } = require(path.join(
+            REPO_ROOT,
+            'scripts/hooks-system/infrastructure/ast/ast-core'
+        ));
+        return analyzeCodeInMemory(code, filePath);
+    } catch (loadError) {
+        log('ERROR', `AST load failed: ${loadError.message}`);
+        return { success: false, violations: [], hasCritical: false };
+    }
+}
+
+async function handleWindsurfPreWrite(hookInput) {
+    const { tool_info } = hookInput;
+    const filePath = tool_info?.file_path;
+    const edits = tool_info?.edits || [];
+
+    if (!filePath) {
+        log('WARN', 'No file_path in Windsurf hook');
+        return 0;
+    }
+
+    if (/\.(spec|test)\.(js|ts|swift|kt)$/.test(filePath)) {
+        log('INFO', `TDD: Test file allowed: ${filePath}`);
+        return 0;
+    }
+
+    for (const edit of edits) {
+        const newCode = edit.new_string || '';
+        if (!newCode.trim()) continue;
+
+        const analysis = analyzeCode(newCode, filePath);
+
+        if (analysis.hasCritical) {
+            const violations = analysis.violations.filter(v => v.severity === 'CRITICAL');
+            log('BLOCKED', `${violations.length} critical violations in ${filePath}`);
+
+            process.stderr.write(`\n🚫 AST INTELLIGENCE BLOCKED\n`);
+            process.stderr.write(`File: ${filePath}\n`);
+            violations.forEach(v => {
+                process.stderr.write(`  ❌ [${v.ruleId}] ${v.message}\n`);
+            });
+            process.stderr.write(`\n`);
+
+            return 2; // BLOCK
+        }
+    }
+
+    log('ALLOWED', `No violations in ${filePath}`);
+    return 0;
+}
+
+async function handleCursorAfterEdit(hookInput) {
+    const { tool_info } = hookInput;
+    const filePath = tool_info?.file_path;
+
+    log('INFO', `Cursor afterFileEdit: ${filePath}`);
+
+    // For Cursor, we can only log - blocking happens at Git pre-commit
+    return 0;
+}
+
+async function handleClaudeCodeAfterEdit(hookInput) {
+    const { tool_info } = hookInput;
+    const filePath = tool_info?.file_path;
+
+    log('INFO', `Claude Code afterFileEdit: ${filePath}`);
+
+    // For Claude Code, we can only log - blocking happens at Git pre-commit
+    return 0;
+}
+
+async function main() {
+    let inputData = '';
+
+    for await (const chunk of process.stdin) {
+        inputData += chunk;
+    }
+
+    if (!inputData.trim()) {
+        log('WARN', 'Empty input received');
+        process.exit(0);
+    }
+
+    let hookInput;
+    try {
+        hookInput = JSON.parse(inputData);
+    } catch (parseError) {
+        log('ERROR', `JSON parse failed: ${parseError.message}`);
+        process.exit(1);
+    }
+
+    const ide = detectIDE();
+    const eventName = hookInput.agent_action_name || hookInput.event || 'unknown';
+
+    log('INFO', `IDE: ${ide}, Event: ${eventName}`);
+
+    let exitCode = 0;
+
+    switch (eventName) {
+        case 'pre_write_code':
+            exitCode = await handleWindsurfPreWrite(hookInput);
+            break;
+        case 'afterFileEdit':
+            if (ide === 'cursor') {
+                exitCode = await handleCursorAfterEdit(hookInput);
+            } else {
+                exitCode = await handleClaudeCodeAfterEdit(hookInput);
+            }
+            break;
+        default:
+            log('INFO', `Unhandled event: ${eventName}`);
+            exitCode = 0;
+    }
+
+    process.exit(exitCode);
+}
+
+main().catch(error => {
+    log('FATAL', error.message);
+    process.exit(1);
+});