scc-universal 1.1.0

package/scripts/hooks/evaluate-session.js

@@ -0,0 +1,98 @@
+#!/usr/bin/env node
+/**
+ * Continuous Learning - Session Evaluator
+ *
+ * Runs on Stop hook to extract reusable patterns from Claude Code sessions.
+ * Reads transcript_path from stdin JSON (Claude Code hook input).
+ *
+ * Why Stop hook instead of UserPromptSubmit:
+ * - Stop runs once at session end (lightweight)
+ * - UserPromptSubmit runs every message (heavy, adds latency)
+ */
+
+'use strict';
+
+const path = require('path');
+const fs = require('fs');
+const { ensureDir, readFile, countInFile, log } = require('../lib/utils');
+
+const MAX_STDIN = 1024 * 1024;
+let stdinData = '';
+process.stdin.setEncoding('utf8');
+
+process.stdin.on('data', chunk => {
+  if (stdinData.length < MAX_STDIN) {
+    const remaining = MAX_STDIN - stdinData.length;
+    stdinData += chunk.substring(0, remaining);
+  }
+});
+
+process.stdin.on('end', () => {
+  main().catch(err => {
+    console.error('[ContinuousLearning] Error:', err.message);
+    process.exit(0);
+  });
+});
+
+function getLearnedSkillsDir() {
+  const home = process.env.HOME || process.env.USERPROFILE || '/tmp';
+  return path.join(home, '.claude', 'skills', 'learned');
+}
+
+async function main() {
+  // Parse stdin JSON to get transcript_path
+  let transcriptPath;
+  try {
+    const input = JSON.parse(stdinData);
+    transcriptPath = input.transcript_path;
+  } catch {
+    // Fallback: try env var for backwards compatibility
+    transcriptPath = process.env.CLAUDE_TRANSCRIPT_PATH;
+  }
+
+  // Get script directory to find config
+  const scriptDir = __dirname;
+  const configFile = path.join(scriptDir, '..', '..', 'skills', 'continuous-learning', 'config.json');
+
+  // Default configuration
+  let minSessionLength = 10;
+  let learnedSkillsPath = getLearnedSkillsDir();
+
+  // Load config if exists
+  const configContent = readFile(configFile);
+  if (configContent) {
+    try {
+      const config = JSON.parse(configContent);
+      minSessionLength = config.min_session_length ?? 10;
+
+      if (config.learned_skills_path) {
+        // Handle ~ in path
+        learnedSkillsPath = config.learned_skills_path.replace(/^~/, require('os').homedir());
+      }
+    } catch (err) {
+      log(`[ContinuousLearning] Failed to parse config: ${err.message}, using defaults`);
+    }
+  }
+
+  // Ensure learned skills directory exists
+  ensureDir(learnedSkillsPath);
+
+  if (!transcriptPath || !fs.existsSync(transcriptPath)) {
+    process.exit(0);
+  }
+
+  // Count user messages in session (allow optional whitespace around colon)
+  const messageCount = countInFile(transcriptPath, /"type"\s*:\s*"user"/g);
+
+  // Skip short sessions
+  if (messageCount < minSessionLength) {
+    log(`[ContinuousLearning] Session too short (${messageCount} messages), skipping`);
+    process.exit(0);
+  }
+
+  // Signal to Claude that session should be evaluated for extractable patterns
+  log(`[ContinuousLearning] Session has ${messageCount} messages - evaluate for extractable patterns`);
+  log(`[ContinuousLearning] Save learned skills to: ${learnedSkillsPath}`);
+
+  process.exit(0);
+}

package/scripts/hooks/governor-check.js

@@ -0,0 +1,220 @@
+#!/usr/bin/env node
+/**
+ * Governor Limit Check Hook
+ *
+ * Salesforce-specific PostToolUse hook that checks edited Apex files
+ * for common governor limit violations using shared apex-analysis module.
+ *
+ * Uses apex-analysis.js for:
+ * - Comment/string stripping (eliminates false positives)
+ * - Loop depth tracking (activeLoopDepths stack + globalBraceDepth)
+ * - Test class detection (skips test classes entirely)
+ *
+ * Detections:
+ * - SOQL queries inside loops (CRITICAL)
+ * - SOSL queries inside loops (CRITICAL)
+ * - DML operations inside loops (CRITICAL)
+ * - HTTP callouts inside loops (CRITICAL)
+ * - Async operations inside loops (HIGH)
+ * - Non-bulkified trigger patterns (HIGH)
+ * - Schema describe in loops (MEDIUM)
+ * - Deeply nested loops — 3+ levels (MEDIUM)
+ * - Unbounded SOQL on large objects (LOW)
+ */
+
+'use strict';
+
+const fs = require('fs');
+const path = require('path');
+
+const { preprocessApex, isTestClass, trackLoopDepth } = require('../lib/apex-analysis');
+
+const MAX_STDIN = 1024 * 1024;
+
+function log(msg) {
+  process.stderr.write(`${msg}\n`);
+}
+
+/**
+ * Analyze Apex code for governor limit violations.
+ */
+function checkGovernorLimits(filePath) {
+  if (!filePath || !fs.existsSync(filePath)) return;
+
+  const ext = path.extname(filePath).toLowerCase();
+  if (ext !== '.cls' && ext !== '.trigger') return;
+
+  let content;
+  try {
+    content = fs.readFileSync(filePath, 'utf8');
+  } catch {
+    return;
+  }
+
+  // Skip test classes entirely — they don't run in production
+  if (isTestClass(content)) return;
+
+  // Preprocess: strip comments and string literals
+  const processed = preprocessApex(content);
+  const processedLines = processed.split('\n');
+  const rawLines = content.split('\n');
+  const depths = trackLoopDepth(processedLines);
+
+  const violations = [];
+  let deepNestWarned = false;
+
+  for (let i = 0; i < processedLines.length; i++) {
+    const line = processedLines[i];
+    const depth = depths[i];
+
+    // SOQL in loop
+    if (depth > 0 && /\[\s*SELECT\s/i.test(line)) {
+      violations.push({
+        line: i + 1,
+        severity: 'CRITICAL',
+        message: 'SOQL query inside loop — will hit 100 SOQL query limit',
+        fix: 'Move query before the loop and use a Map/Set for lookups',
+      });
+    }
+
+    // SOSL in loop
+    if (depth > 0 && /\[FIND\s/i.test(line)) {
+      violations.push({
+        line: i + 1,
+        severity: 'CRITICAL',
+        message: 'SOSL query inside loop — will hit 20 SOSL query limit',
+        fix: 'Move SOSL search before the loop',
+      });
+    }
+
+    // DML in loop
+    if (depth > 0) {
+      const dmlPattern = /\b(insert|update|delete|upsert|undelete|merge)\s+(?!into\b)/i;
+      const dbPattern = /Database\.(insert|update|delete|upsert|undelete|merge)/i;
+      if (dmlPattern.test(line) || dbPattern.test(line)) {
+        violations.push({
+          line: i + 1,
+          severity: 'CRITICAL',
+          message: 'DML operation inside loop — will hit 150 DML statement limit',
+          fix: 'Collect records in a List and perform DML after the loop',
+        });
+      }
+    }
+
+    // Callout in loop
+    if (depth > 0 && /Http[a-zA-Z]*\.(send|getContent)|HttpRequest/i.test(line)) {
+      violations.push({
+        line: i + 1,
+        severity: 'CRITICAL',
+        message: 'HTTP callout inside loop — will hit 100 callout limit',
+        fix: 'Batch callouts or use Queueable/Future for async processing',
+      });
+    }
+
+    // Async operations in loop
+    if (depth > 0 && /System\.enqueueJob\s*\(/i.test(line)) {
+      violations.push({
+        line: i + 1,
+        severity: 'HIGH',
+        message: 'System.enqueueJob() inside loop — will hit 50 Queueable job limit',
+        fix: 'Collect work items and enqueue a single Queueable after the loop',
+      });
+    }
+    if (depth > 0 && /EventBus\.publish\s*\(/i.test(line)) {
+      violations.push({
+        line: i + 1,
+        severity: 'HIGH',
+        message: 'EventBus.publish() inside loop — publish events in bulk after the loop',
+        fix: 'Collect events in a List and call EventBus.publish() once',
+      });
+    }
+    if (depth > 0 && /Messaging\.sendEmail\s*\(/i.test(line)) {
+      violations.push({
+        line: i + 1,
+        severity: 'HIGH',
+        message: 'Messaging.sendEmail() inside loop — will hit 10 email invocation limit',
+        fix: 'Collect emails in a List and call sendEmail() once after the loop',
+      });
+    }
+
+    // Non-bulkified trigger (single record processing)
+    if (ext === '.trigger' && /Trigger\.(new|old)\[0\]/.test(line)) {
+      violations.push({
+        line: i + 1,
+        severity: 'HIGH',
+        message: 'Non-bulkified trigger — accessing Trigger.new[0] directly',
+        fix: 'Iterate over Trigger.new/old to handle bulk operations',
+      });
+    }
+
+    // Schema describe in loop
+    if (depth > 0 && /Schema\.\w+\.getDescribe\(\)/.test(line)) {
+      violations.push({
+        line: i + 1,
+        severity: 'MEDIUM',
+        message: 'Schema describe call inside loop — can hit describe limit',
+        fix: 'Cache describe results in a variable outside the loop',
+      });
+    }
+
+    // Deeply nested loops (3+ levels)
+    if (depth >= 3 && !deepNestWarned) {
+      deepNestWarned = true;
+      violations.push({
+        line: i + 1,
+        severity: 'MEDIUM',
+        message: `Loop nesting depth ${depth} — high CPU time risk`,
+        fix: 'Refactor to reduce nesting or use Maps for lookups',
+      });
+    }
+
+    // Unbounded SOQL on large standard objects
+    if (/\[\s*SELECT\s/i.test(line) && !/LIMIT\s+\d/i.test(line) && !/COUNT\s*\(/i.test(line)) {
+      if (/FROM\s+(Account|Contact|Lead|Opportunity|Task|Event|Case|CampaignMember)\b/i.test(line) &&
+          !/WHERE\s/i.test(line)) {
+        violations.push({
+          line: i + 1,
+          severity: 'LOW',
+          message: 'SOQL query on large object without LIMIT or WHERE clause',
+          fix: 'Add LIMIT clause or WHERE filter to bound result set',
+        });
+      }
+    }
+  }
+
+  if (violations.length > 0) {
+    log(`\n[SCC Governor] ${path.basename(filePath)} — ${violations.length} potential violation(s):`);
+    for (const v of violations) {
+      log(`  [${v.severity}] Line ${v.line}: ${v.message}`);
+      log(`    Fix: ${v.fix}`);
+    }
+    log('');
+  }
+}
+
+function run(rawInput) {
+  try {
+    const input = JSON.parse(rawInput);
+    const filePath = String(input.tool_input?.file_path || '');
+    checkGovernorLimits(filePath);
+  } catch {
+    // Ignore errors
+  }
+  return rawInput;
+}
+
+if (require.main === module) {
+  let raw = '';
+  process.stdin.setEncoding('utf8');
+  process.stdin.on('data', chunk => {
+    if (raw.length < MAX_STDIN) {
+      raw += chunk.substring(0, MAX_STDIN - raw.length);
+    }
+  });
+  process.stdin.on('end', () => {
+    const result = run(raw);
+    process.stdout.write(result);
+  });
+}
+
+module.exports = { run };

package/scripts/hooks/learning-observe.sh

@@ -0,0 +1,206 @@
+#!/usr/bin/env bash
+set -e
+
+# Continuous Learning — Observation Hook (SCC)
+#
+# Captures tool use events for pattern analysis by the learning-engine agent.
+# Claude Code passes hook data via stdin as JSON.
+#
+# Registered via hooks/hooks.json (PreToolUse + PostToolUse, standard+strict profiles).
+
+HOOK_PHASE="${1:-post}"
+
+# ─────────────────────────────────────────────
+# Read stdin (before any processing)
+# ─────────────────────────────────────────────
+
+INPUT_JSON=$(cat)
+
+if [ -z "$INPUT_JSON" ]; then
+  exit 0
+fi
+
+# ─────────────────────────────────────────────
+# Find a Python interpreter
+# ─────────────────────────────────────────────
+
+resolve_python_cmd() {
+  if command -v python3 >/dev/null 2>&1; then
+    printf '%s\n' python3
+    return 0
+  fi
+  if command -v python >/dev/null 2>&1; then
+    printf '%s\n' python
+    return 0
+  fi
+  return 1
+}
+
+PYTHON_CMD="$(resolve_python_cmd 2>/dev/null || true)"
+if [ -z "$PYTHON_CMD" ]; then
+  exit 0
+fi
+
+# ─────────────────────────────────────────────
+# Session guards — skip automated/subagent sessions
+# ─────────────────────────────────────────────
+
+# Only run for interactive CLI sessions
+case "${CLAUDE_CODE_ENTRYPOINT:-cli}" in
+  cli|sdk-ts) ;;
+  *) exit 0 ;;
+esac
+
+# Minimal profile suppresses non-essential hooks
+[ "${SCC_HOOK_PROFILE:-standard}" = "minimal" ] && exit 0
+
+# Cooperative skip for automated sessions
+[ "${SCC_SKIP_OBSERVE:-0}" = "1" ] && exit 0
+
+# Skip subagent sessions
+_AGENT_ID=$(echo "$INPUT_JSON" | "$PYTHON_CMD" -c "import json,sys; print(json.load(sys.stdin).get('agent_id',''))" 2>/dev/null || true)
+[ -n "$_AGENT_ID" ] && exit 0
+
+# ─────────────────────────────────────────────
+# Project detection
+# ─────────────────────────────────────────────
+
+STDIN_CWD=$(echo "$INPUT_JSON" | "$PYTHON_CMD" -c '
+import json, sys
+try:
+    data = json.load(sys.stdin)
+    print(data.get("cwd", ""))
+except (KeyError, TypeError, ValueError):
+    print("")
+' 2>/dev/null || echo "")
+
+# Determine project ID from git or cwd
+if [ -n "$STDIN_CWD" ] && [ -d "$STDIN_CWD" ]; then
+  PROJECT_ROOT="$STDIN_CWD"
+else
+  PROJECT_ROOT="${CLAUDE_PROJECT_DIR:-$(pwd)}"
+fi
+
+PROJECT_ID=$(cd "$PROJECT_ROOT" 2>/dev/null && git rev-parse --show-toplevel 2>/dev/null | shasum -a 256 | cut -c1-16 || echo "global")
+
+# ─────────────────────────────────────────────
+# Configuration
+# ─────────────────────────────────────────────
+
+CONFIG_DIR="${HOME}/.claude/homunculus"
+PROJECT_DIR="${CONFIG_DIR}/projects/${PROJECT_ID}"
+mkdir -p "$PROJECT_DIR"
+
+OBSERVATIONS_FILE="${PROJECT_DIR}/observations.jsonl"
+MAX_FILE_SIZE_MB=10
+
+# Skip if disabled
+if [ -f "${CONFIG_DIR}/disabled" ]; then
+  exit 0
+fi
+
+# Auto-purge observation files older than 30 days (runs once per day)
+PURGE_MARKER="${PROJECT_DIR}/.last-purge"
+if [ ! -f "$PURGE_MARKER" ] || [ "$(find "$PURGE_MARKER" -mtime +1 2>/dev/null)" ]; then
+  find "${PROJECT_DIR}" -name "observations-*.jsonl" -mtime +30 -delete 2>/dev/null || true
+  touch "$PURGE_MARKER" 2>/dev/null || true
+fi
+
+# ─────────────────────────────────────────────
+# Parse tool event and write observation
+# ─────────────────────────────────────────────
+
+PARSED=$(echo "$INPUT_JSON" | HOOK_PHASE="$HOOK_PHASE" "$PYTHON_CMD" -c '
+import json, sys, os
+
+try:
+    data = json.load(sys.stdin)
+    hook_phase = os.environ.get("HOOK_PHASE", "post")
+    event = "tool_start" if hook_phase == "pre" else "tool_complete"
+
+    tool_name = data.get("tool_name", data.get("tool", "unknown"))
+    tool_input = data.get("tool_input", data.get("input", {}))
+    tool_output = data.get("tool_response", data.get("tool_output", data.get("output", "")))
+    session_id = data.get("session_id", "unknown")
+    tool_use_id = data.get("tool_use_id", "")
+
+    # Truncate large values
+    if isinstance(tool_input, dict):
+        tool_input_str = json.dumps(tool_input)[:5000]
+    else:
+        tool_input_str = str(tool_input)[:5000]
+
+    if isinstance(tool_output, dict):
+        tool_output_str = json.dumps(tool_output)[:5000]
+    else:
+        tool_output_str = str(tool_output)[:5000]
+
+    print(json.dumps({
+        "parsed": True,
+        "event": event,
+        "tool": tool_name,
+        "input": tool_input_str if event == "tool_start" else None,
+        "output": tool_output_str if event == "tool_complete" else None,
+        "session": session_id,
+        "tool_use_id": tool_use_id
+    }))
+except Exception as e:
+    print(json.dumps({"parsed": False, "error": str(e)}))
+')
+
+PARSED_OK=$(echo "$PARSED" | "$PYTHON_CMD" -c "import json,sys; print(json.load(sys.stdin).get('parsed', False))" 2>/dev/null || echo "False")
+
+if [ "$PARSED_OK" != "True" ]; then
+  exit 0
+fi
+
+# Archive if file too large
+if [ -f "$OBSERVATIONS_FILE" ]; then
+  file_size_mb=$(du -m "$OBSERVATIONS_FILE" 2>/dev/null | cut -f1)
+  if [ "${file_size_mb:-0}" -ge "$MAX_FILE_SIZE_MB" ]; then
+    archive_dir="${PROJECT_DIR}/observations.archive"
+    mkdir -p "$archive_dir"
+    mv "$OBSERVATIONS_FILE" "$archive_dir/observations-$(date +%Y%m%d-%H%M%S)-$$.jsonl" 2>/dev/null || true
+  fi
+fi
+
+# Write observation with secret scrubbing
+timestamp=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
+
+export PROJECT_ID_ENV="$PROJECT_ID"
+export TIMESTAMP="$timestamp"
+
+echo "$PARSED" | "$PYTHON_CMD" -c '
+import json, sys, os, re
+
+parsed = json.load(sys.stdin)
+observation = {
+    "timestamp": os.environ["TIMESTAMP"],
+    "event": parsed["event"],
+    "tool": parsed["tool"],
+    "session": parsed["session"],
+    "project_id": os.environ.get("PROJECT_ID_ENV", "global")
+}
+
+# Scrub secrets
+_SECRET_RE = re.compile(
+    r"(?i)(api[_-]?key|token|secret|password|authorization|credentials?|auth)"
+    r"""([\"'"'"'"'"'"'\s:=]+)"""
+    r"([A-Za-z]+\s+)?"
+    r"([A-Za-z0-9_\-/.+=]{8,})"
+)
+
+def scrub(val):
+    if val is None:
+        return None
+    return _SECRET_RE.sub(lambda m: m.group(1) + m.group(2) + (m.group(3) or "") + "[REDACTED]", str(val))
+
+if parsed["input"]:
+    observation["input"] = scrub(parsed["input"])
+if parsed["output"] is not None:
+    observation["output"] = scrub(parsed["output"])
+
+print(json.dumps(observation))
+' >> "$OBSERVATIONS_FILE"
+
+exit 0