qualitative-research-pro 1.0.0

package/hooks/dist/sast-on-edit.mjs

@@ -0,0 +1,230 @@
+// src/sast-on-edit.ts
+import { readFileSync } from "fs";
+var SUPPORTED_EXTENSIONS = [".ts", ".tsx", ".js", ".jsx", ".py", ".go", ".java", ".rb", ".php"];
+var SECURITY_PATTERNS = [
+  // CRITICAL: Code execution
+  {
+    pattern: /\beval\s*\(/,
+    severity: "CRITICAL",
+    category: "Code Injection",
+    message: "eval() kullanimi tespit edildi - kullanici girdisi ile RCE riski"
+  },
+  {
+    pattern: /\bnew\s+Function\s*\(/,
+    severity: "CRITICAL",
+    category: "Code Injection",
+    message: "new Function() kullanimi tespit edildi - dinamik kod calistirma riski"
+  },
+  {
+    pattern: /\bexec\s*\(/,
+    severity: "CRITICAL",
+    category: "Command Injection",
+    message: "exec() kullanimi tespit edildi - komut enjeksiyonu riski"
+  },
+  {
+    pattern: /\bexecSync\s*\(/,
+    severity: "CRITICAL",
+    category: "Command Injection",
+    message: "execSync() kullanimi tespit edildi - komut enjeksiyonu riski"
+  },
+  // CRITICAL: Command injection (Python)
+  {
+    pattern: /\bos\.system\s*\(/,
+    severity: "CRITICAL",
+    category: "Command Injection",
+    message: "os.system() kullanimi tespit edildi - komut enjeksiyonu riski"
+  },
+  {
+    pattern: /\bsubprocess\.call\s*\(/,
+    severity: "CRITICAL",
+    category: "Command Injection",
+    message: "subprocess.call() kullanimi tespit edildi - shell=True ile komut enjeksiyonu riski"
+  },
+  {
+    pattern: /\bsubprocess\.Popen\s*\(/,
+    severity: "CRITICAL",
+    category: "Command Injection",
+    message: "subprocess.Popen() kullanimi tespit edildi - shell parametresini kontrol et"
+  },
+  // CRITICAL: SQL injection patterns
+  {
+    pattern: /["'`]\s*\+\s*\w+.*(?:SELECT|INSERT|UPDATE|DELETE|DROP|ALTER|CREATE)\b/i,
+    severity: "CRITICAL",
+    category: "SQL Injection",
+    message: "SQL sorgusunda string birlestirme tespit edildi - parameterized query kullan"
+  },
+  {
+    pattern: /(?:SELECT|INSERT|UPDATE|DELETE)\b.*\$\{/i,
+    severity: "CRITICAL",
+    category: "SQL Injection",
+    message: "SQL sorgusunda template literal tespit edildi - parameterized query kullan"
+  },
+  {
+    pattern: /f["'](?:SELECT|INSERT|UPDATE|DELETE)\b/i,
+    severity: "CRITICAL",
+    category: "SQL Injection",
+    message: "Python f-string ile SQL sorgusu tespit edildi - parameterized query kullan"
+  },
+  // HIGH: XSS patterns
+  {
+    pattern: /\.innerHTML\s*=/,
+    severity: "HIGH",
+    category: "XSS",
+    message: "innerHTML kullanimi tespit edildi - DOMPurify ile sanitize et"
+  },
+  {
+    pattern: /dangerouslySetInnerHTML/,
+    severity: "HIGH",
+    category: "XSS",
+    message: "dangerouslySetInnerHTML kullanimi tespit edildi - DOMPurify ile sanitize et"
+  },
+  {
+    pattern: /document\.write\s*\(/,
+    severity: "HIGH",
+    category: "XSS",
+    message: "document.write() kullanimi tespit edildi - XSS riski"
+  },
+  // HIGH: SSRF patterns
+  {
+    pattern: /fetch\s*\(\s*(?:user|req|request|input|param|query|body)\w*/,
+    severity: "HIGH",
+    category: "SSRF",
+    message: "Kullanici girdisi ile fetch cagrisi tespit edildi - URL whitelist kullan"
+  },
+  // HIGH: Deserialization
+  {
+    pattern: /pickle\.loads?\s*\(/,
+    severity: "HIGH",
+    category: "Insecure Deserialization",
+    message: "pickle.load(s) kullanimi tespit edildi - guvenilmeyen veri ile RCE riski"
+  },
+  {
+    pattern: /yaml\.load\s*\([^)]*\)\s*(?!.*Loader)/,
+    severity: "HIGH",
+    category: "Insecure Deserialization",
+    message: "yaml.load() Loader parametresi olmadan kullanilmis - yaml.safe_load() kullan"
+  },
+  // MEDIUM: Sensitive data exposure
+  {
+    pattern: /console\.log\s*\(.*(?:password|secret|token|key|credential|auth)/i,
+    severity: "MEDIUM",
+    category: "Data Exposure",
+    message: "Hassas veri console.log ile yazdiriliyor - loglardan hassas veriyi cikar"
+  },
+  // MEDIUM: Insecure crypto
+  {
+    pattern: /\bMD5\s*\(|\.md5\s*\(/i,
+    severity: "MEDIUM",
+    category: "Weak Cryptography",
+    message: "MD5 kullanimi tespit edildi - sifreleme icin SHA-256+ veya bcrypt kullan"
+  },
+  {
+    pattern: /\bSHA1\s*\(|\.sha1\s*\(/i,
+    severity: "MEDIUM",
+    category: "Weak Cryptography",
+    message: "SHA1 kullanimi tespit edildi - SHA-256+ kullan"
+  }
+];
+function getFileExtension(filePath) {
+  const match = filePath.match(/\.[^.]+$/);
+  return match ? match[0].toLowerCase() : "";
+}
+function isSupportedFile(filePath) {
+  const ext = getFileExtension(filePath);
+  return SUPPORTED_EXTENSIONS.includes(ext);
+}
+function extractFilePath(input) {
+  if (input.tool_input?.file_path) {
+    return input.tool_input.file_path;
+  }
+  return null;
+}
+function scanContent(content) {
+  const findings = [];
+  const lines = content.split("\n");
+  for (const line of lines) {
+    const trimmed = line.trim();
+    if (trimmed.startsWith("//") || trimmed.startsWith("#") || trimmed.startsWith("*") || trimmed.startsWith("/*")) {
+      continue;
+    }
+    for (const pattern of SECURITY_PATTERNS) {
+      if (pattern.pattern.test(line)) {
+        if (!findings.some((f) => f.category === pattern.category && f.severity === pattern.severity)) {
+          findings.push(pattern);
+        }
+      }
+    }
+  }
+  return findings;
+}
+function formatFindings(findings) {
+  if (findings.length === 0) return "";
+  const criticals = findings.filter((f) => f.severity === "CRITICAL");
+  const highs = findings.filter((f) => f.severity === "HIGH");
+  const mediums = findings.filter((f) => f.severity === "MEDIUM");
+  const parts = ["SAST UYARI: Guvenlik taramasi gerektiren pattern(ler) tespit edildi."];
+  if (criticals.length > 0) {
+    parts.push(`CRITICAL (${criticals.length}): ${criticals.map((f) => f.message).join("; ")}`);
+  }
+  if (highs.length > 0) {
+    parts.push(`HIGH (${highs.length}): ${highs.map((f) => f.message).join("; ")}`);
+  }
+  if (mediums.length > 0) {
+    parts.push(`MEDIUM (${mediums.length}): ${mediums.map((f) => f.message).join("; ")}`);
+  }
+  parts.push("sast-scanner agent veya semgrep --config auto ile detayli tarama yap.");
+  return parts.join("\n");
+}
+function main() {
+  let input;
+  try {
+    const stdinContent = readFileSync(0, "utf-8");
+    input = JSON.parse(stdinContent);
+  } catch {
+    console.log(JSON.stringify({ result: "continue" }));
+    return;
+  }
+  if (input.tool_name !== "Edit" && input.tool_name !== "Write") {
+    console.log(JSON.stringify({ result: "continue" }));
+    return;
+  }
+  const filePath = extractFilePath(input);
+  if (!filePath) {
+    console.log(JSON.stringify({ result: "continue" }));
+    return;
+  }
+  if (!isSupportedFile(filePath)) {
+    console.log(JSON.stringify({ result: "continue" }));
+    return;
+  }
+  const contentToScan = [];
+  if (input.tool_input?.new_string && typeof input.tool_input.new_string === "string") {
+    contentToScan.push(input.tool_input.new_string);
+  }
+  if (input.tool_input?.content && typeof input.tool_input.content === "string") {
+    contentToScan.push(input.tool_input.content);
+  }
+  if (input.tool_output) {
+    contentToScan.push(input.tool_output);
+  }
+  if (contentToScan.length === 0) {
+    const fileName = filePath.split("/").pop() || filePath;
+    console.log(JSON.stringify({
+      result: "continue",
+      systemMessage: `SAST: ${fileName} dosyasi edit edildi. Guvenlik acisi olabilecek pattern'ler icin sast-scanner agent'i veya semgrep kullanarak tarama yap.`
+    }));
+    return;
+  }
+  const allContent = contentToScan.join("\n");
+  const findings = scanContent(allContent);
+  if (findings.length === 0) {
+    console.log(JSON.stringify({ result: "continue" }));
+    return;
+  }
+  const message = formatFindings(findings);
+  console.log(JSON.stringify({
+    result: "continue",
+    systemMessage: message
+  }));
+}
+main();

package/hooks/dist/session-analytics.mjs

@@ -0,0 +1,84 @@
+// src/session-analytics.ts
+import { readFileSync, appendFileSync, existsSync, mkdirSync } from "fs";
+import { join } from "path";
+import { homedir } from "os";
+function readJsonl(path) {
+  if (!existsSync(path)) return [];
+  const lines = readFileSync(path, "utf-8").split("\n").filter((l) => l.trim());
+  const results = [];
+  for (const line of lines) {
+    try {
+      results.push(JSON.parse(line));
+    } catch {
+    }
+  }
+  return results;
+}
+function main() {
+  let raw = "";
+  try {
+    raw = readFileSync(0, "utf-8");
+  } catch {
+  }
+  let sessionId = "unknown";
+  if (raw) {
+    try {
+      const input = JSON.parse(raw);
+      sessionId = input.session_id?.slice(0, 8) || "unknown";
+    } catch {
+    }
+  }
+  const claudeDir = join(homedir(), ".claude");
+  const cacheDir = join(claudeDir, "cache");
+  if (!existsSync(cacheDir)) mkdirSync(cacheDir, { recursive: true });
+  const eventsPath = join(claudeDir, "agent-events.jsonl");
+  const perfPath = join(cacheDir, "hook-perf.jsonl");
+  const ledgerPath = join(claudeDir, "canavar", "error-ledger.jsonl");
+  const outputPath = join(cacheDir, "session-analytics.jsonl");
+  const allEvents = readJsonl(eventsPath);
+  const sessionEvents = allEvents.filter((e) => e.session === sessionId);
+  const allPerf = readJsonl(perfPath);
+  const sessionPerf = allPerf.filter((p) => p.session === sessionId);
+  const allErrors = readJsonl(ledgerPath);
+  const sessionErrors = allErrors.filter((e) => e.session === sessionId);
+  const toolCounts = {};
+  for (const evt of sessionEvents) {
+    if (evt.tool) {
+      toolCounts[evt.tool] = (toolCounts[evt.tool] || 0) + 1;
+    }
+  }
+  const agentSpawns = sessionEvents.filter((e) => e.event === "agent_spawn" || e.tool === "Agent").length;
+  let hookTotalMs = 0;
+  let hookSlowest = null;
+  for (const p of sessionPerf) {
+    hookTotalMs += p.duration_ms;
+    if (!hookSlowest || p.duration_ms > hookSlowest.ms) {
+      hookSlowest = { name: p.hook, ms: p.duration_ms };
+    }
+  }
+  let durationMs = 0;
+  if (sessionEvents.length > 0) {
+    const timestamps = sessionEvents.map((e) => new Date(e.ts).getTime()).filter((t) => !isNaN(t));
+    if (timestamps.length >= 2) {
+      durationMs = Math.max(...timestamps) - Math.min(...timestamps);
+    }
+  }
+  const analytics = {
+    ts: (/* @__PURE__ */ new Date()).toISOString(),
+    session_id: sessionId,
+    duration_ms: durationMs,
+    tool_counts: toolCounts,
+    agent_spawns: agentSpawns,
+    errors: sessionErrors.length,
+    hook_total_ms: Math.round(hookTotalMs * 100) / 100,
+    hook_slowest: hookSlowest ? { name: hookSlowest.name, ms: Math.round(hookSlowest.ms * 100) / 100 } : null
+  };
+  try {
+    appendFileSync(outputPath, JSON.stringify(analytics) + "\n");
+  } catch {
+  }
+  console.log(JSON.stringify({
+    result: `Analytics: ${Object.values(toolCounts).reduce((a, b) => a + b, 0)} tool calls, ${agentSpawns} agents, ${sessionErrors.length} errors, ${Math.round(hookTotalMs)}ms hook overhead`
+  }));
+}
+main();

package/hooks/dist/session-end-cleanup.mjs

@@ -0,0 +1,121 @@
+// src/session-end-cleanup.ts
+import * as fs from "fs";
+import * as path from "path";
+import { spawn } from "child_process";
+var EXTRACTOR_LOCK = path.join(process.env.HOME || process.env.USERPROFILE || "", ".claude", "braintrust-extractor.lock");
+var LOCK_MAX_AGE_MS = 5 * 60 * 1e3;
+function isExtractorRunning() {
+  if (!fs.existsSync(EXTRACTOR_LOCK)) {
+    return false;
+  }
+  try {
+    const lockContent = fs.readFileSync(EXTRACTOR_LOCK, "utf-8").trim();
+    const [pidStr, timestampStr] = lockContent.split(":");
+    const pid = parseInt(pidStr, 10);
+    const timestamp = parseInt(timestampStr, 10);
+    if (Date.now() - timestamp > LOCK_MAX_AGE_MS) {
+      fs.unlinkSync(EXTRACTOR_LOCK);
+      return false;
+    }
+    try {
+      process.kill(pid, 0);
+      return true;
+    } catch {
+      fs.unlinkSync(EXTRACTOR_LOCK);
+      return false;
+    }
+  } catch {
+    try {
+      fs.unlinkSync(EXTRACTOR_LOCK);
+    } catch {
+    }
+    return false;
+  }
+}
+function createExtractorLock(pid) {
+  try {
+    const lockDir = path.dirname(EXTRACTOR_LOCK);
+    if (!fs.existsSync(lockDir)) {
+      fs.mkdirSync(lockDir, { recursive: true });
+    }
+    fs.writeFileSync(EXTRACTOR_LOCK, `${pid}:${Date.now()}`);
+  } catch {
+  }
+}
+async function main() {
+  const input = JSON.parse(await readStdin());
+  const projectDir = process.env.CLAUDE_PROJECT_DIR || process.cwd();
+  try {
+    const ledgerDir = path.join(projectDir, "thoughts", "ledgers");
+    const ledgerFiles = fs.readdirSync(ledgerDir).filter((f) => f.startsWith("CONTINUITY_CLAUDE-") && f.endsWith(".md"));
+    if (ledgerFiles.length > 0) {
+      const mostRecent = ledgerFiles.sort((a, b) => {
+        const statA = fs.statSync(path.join(ledgerDir, a));
+        const statB = fs.statSync(path.join(ledgerDir, b));
+        return statB.mtime.getTime() - statA.mtime.getTime();
+      })[0];
+      const ledgerPath = path.join(ledgerDir, mostRecent);
+      let content = fs.readFileSync(ledgerPath, "utf-8");
+      const timestamp = (/* @__PURE__ */ new Date()).toISOString();
+      content = content.replace(
+        /Updated: .*/,
+        `Updated: ${timestamp}`
+      );
+      fs.writeFileSync(ledgerPath, content);
+    }
+    const agentCacheDir = path.join(projectDir, ".claude", "cache", "agents");
+    if (fs.existsSync(agentCacheDir)) {
+      const now = Date.now();
+      const maxAge = 7 * 24 * 60 * 60 * 1e3;
+      const agents = fs.readdirSync(agentCacheDir);
+      for (const agent of agents) {
+        const agentDir = path.join(agentCacheDir, agent);
+        const stat = fs.statSync(agentDir);
+        if (stat.isDirectory()) {
+          const outputFile = path.join(agentDir, "latest-output.md");
+          if (fs.existsSync(outputFile)) {
+            const fileStat = fs.statSync(outputFile);
+            if (now - fileStat.mtime.getTime() > maxAge) {
+              fs.unlinkSync(outputFile);
+            }
+          }
+        }
+      }
+    }
+    if (!process.env.BRAINTRUST_API_KEY) {
+      console.log(JSON.stringify({ result: "continue" }));
+      return;
+    }
+    const learnScript = path.join(projectDir, "scripts", "braintrust_analyze.py");
+    const globalScript = path.join(process.env.HOME || process.env.USERPROFILE || "", ".claude", "scripts", "braintrust_analyze.py");
+    const scriptPath = fs.existsSync(learnScript) ? learnScript : globalScript;
+    if (fs.existsSync(scriptPath)) {
+      if (isExtractorRunning()) {
+        console.log(JSON.stringify({ result: "continue" }));
+        return;
+      }
+      const isGlobalScript = scriptPath === globalScript;
+      const args = isGlobalScript ? ["run", "--with", "braintrust", "--with", "openai", "--with", "aiohttp", "python", scriptPath, "--learn", "--session-id", input.session_id] : ["run", "python", scriptPath, "--learn", "--session-id", input.session_id];
+      const child = spawn("uv", args, {
+        cwd: projectDir,
+        detached: true,
+        stdio: "ignore"
+      });
+      if (child.pid) {
+        createExtractorLock(child.pid);
+      }
+      child.unref();
+    }
+    console.log(JSON.stringify({ result: "continue" }));
+  } catch (err) {
+    console.log(JSON.stringify({ result: "continue" }));
+  }
+}
+async function readStdin() {
+  return new Promise((resolve) => {
+    let data = "";
+    process.stdin.on("data", (chunk) => data += chunk);
+    process.stdin.on("end", () => resolve(data));
+  });
+}
+main().catch(console.error);

package/hooks/dist/session-outcome.mjs

@@ -0,0 +1,84 @@
+// src/session-outcome.ts
+import * as fs from "fs";
+import * as path from "path";
+async function readStdin() {
+  return new Promise((resolve) => {
+    let data = "";
+    process.stdin.on("data", (chunk) => data += chunk);
+    process.stdin.on("end", () => resolve(data));
+  });
+}
+async function main() {
+  const input = JSON.parse(await readStdin());
+  const projectDir = process.env.CLAUDE_PROJECT_DIR || process.cwd();
+  if (input.reason === "other") {
+    console.log(JSON.stringify({ result: "continue" }));
+    return;
+  }
+  const dbPath = path.join(projectDir, ".claude", "cache", "artifact-index", "context.db");
+  const dbExists = fs.existsSync(dbPath);
+  if (!dbExists) {
+    console.log(JSON.stringify({ result: "continue" }));
+    return;
+  }
+  const ledgerDir = path.join(projectDir, "thoughts", "ledgers");
+  let ledgerFiles;
+  try {
+    ledgerFiles = fs.readdirSync(ledgerDir).filter((f) => f.startsWith("CONTINUITY_CLAUDE-") && f.endsWith(".md")).sort((a, b) => {
+      const statA = fs.statSync(path.join(ledgerDir, a));
+      const statB = fs.statSync(path.join(ledgerDir, b));
+      return statB.mtime.getTime() - statA.mtime.getTime();
+    });
+  } catch {
+    console.log(JSON.stringify({ result: "continue" }));
+    return;
+  }
+  if (ledgerFiles.length === 0) {
+    console.log(JSON.stringify({ result: "continue" }));
+    return;
+  }
+  const sessionName = ledgerFiles[0].replace("CONTINUITY_CLAUDE-", "").replace(".md", "");
+  const handoffDir = path.join(projectDir, "thoughts", "shared", "handoffs", sessionName);
+  if (!fs.existsSync(handoffDir)) {
+    console.log(JSON.stringify({ result: "continue" }));
+    return;
+  }
+  const handoffFiles = fs.readdirSync(handoffDir).filter((f) => f.endsWith(".md") && /^\d{4}-\d{2}-\d{2}_/.test(f)).sort((a, b) => {
+    return b.localeCompare(a);
+  });
+  if (handoffFiles.length === 0) {
+    console.log(JSON.stringify({ result: "continue" }));
+    return;
+  }
+  const latestHandoff = handoffFiles[0];
+  const handoffName = latestHandoff.replace(".md", "");
+  const output = {
+    result: "continue",
+    message: `
+
+\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500
+Session ended: ${sessionName}
+Latest handoff: ${handoffName}
+
+To mark outcome and improve future sessions:
+
+  cd ~/.claude && uv run python scripts/core/artifact_mark.py \\
+    --handoff <handoff-id> \\
+    --outcome SUCCEEDED|PARTIAL_PLUS|PARTIAL_MINUS|FAILED
+
+To find handoff ID, query the database:
+
+  sqlite3 .claude/cache/artifact-index/context.db \\
+    "SELECT id, file_path FROM handoffs WHERE session_name='${sessionName}' ORDER BY indexed_at DESC LIMIT 1"
+
+Outcome meanings:
+  SUCCEEDED      - Task completed successfully
+  PARTIAL_PLUS   - Mostly done, minor issues remain
+  PARTIAL_MINUS  - Some progress, major issues remain
+  FAILED         - Task abandoned or blocked
+\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500
+`
+  };
+  console.log(JSON.stringify(output));
+}
+main().catch(console.error);