npm - shiva-code - Versions diffs - 0.7.1 → 0.7.3 - Mend

shiva-code 0.7.1 → 0.7.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/dist/chunk-UAP4ZKEJ.js ADDED Viewed

@@ -0,0 +1,1918 @@
+import {
+  log
+} from "./chunk-Z6NXFC4Q.js";
+import {
+  formatContextAsMarkdown,
+  generateGitHubContext,
+  isGhAuthenticated,
+  isGhInstalled
+} from "./chunk-IVFCZLBX.js";
+import {
+  cacheGitHubContext,
+  getProjectConfig,
+  hasShivaDir
+} from "./chunk-PMA6MGQW.js";
+// src/commands/advanced/hook.ts
+import { Command } from "commander";
+import { existsSync, readFileSync, writeFileSync, mkdirSync } from "fs";
+import { homedir } from "os";
+import { join } from "path";
+// src/services/security/package-scanner.ts
+import Conf from "conf";
+// src/types/package.ts
+var DEFAULT_PACKAGE_SCAN_CONFIG = {
+  enabled: true,
+  autoBlock: false,
+  minDownloads: 100,
+  maxAgeDays: 7,
+  checkTyposquatting: true,
+  checkScripts: true,
+  blocklist: [],
+  allowlist: []
+};
+var POPULAR_NPM_PACKAGES = [
+  // Core utilities
+  "lodash",
+  "underscore",
+  "ramda",
+  "moment",
+  "dayjs",
+  "date-fns",
+  // Web frameworks
+  "express",
+  "koa",
+  "fastify",
+  "hapi",
+  "restify",
+  "nest",
+  "nestjs",
+  // Frontend frameworks
+  "react",
+  "vue",
+  "angular",
+  "svelte",
+  "preact",
+  "solid-js",
+  "next",
+  "nuxt",
+  "gatsby",
+  // HTTP & networking
+  "axios",
+  "node-fetch",
+  "got",
+  "superagent",
+  "request",
+  "undici",
+  // CLI tools
+  "commander",
+  "yargs",
+  "chalk",
+  "inquirer",
+  "ora",
+  "boxen",
+  "figlet",
+  // Build tools
+  "webpack",
+  "rollup",
+  "esbuild",
+  "vite",
+  "parcel",
+  "tsup",
+  "turbo",
+  // Testing
+  "jest",
+  "mocha",
+  "chai",
+  "vitest",
+  "ava",
+  "tap",
+  "cypress",
+  "playwright",
+  "puppeteer",
+  // Linting & formatting
+  "eslint",
+  "prettier",
+  "stylelint",
+  "standardjs",
+  "standard",
+  // TypeScript
+  "typescript",
+  "ts-node",
+  "tsx",
+  // Database
+  "mongoose",
+  "sequelize",
+  "prisma",
+  "knex",
+  "typeorm",
+  "drizzle-orm",
+  "pg",
+  "mysql",
+  "mysql2",
+  "sqlite3",
+  "better-sqlite3",
+  "redis",
+  "ioredis",
+  // Security & auth
+  "jsonwebtoken",
+  "bcrypt",
+  "bcryptjs",
+  "passport",
+  "helmet",
+  "cors",
+  "csurf",
+  // Utilities
+  "uuid",
+  "nanoid",
+  "dotenv",
+  "debug",
+  "winston",
+  "pino",
+  "bunyan",
+  "morgan",
+  // File system
+  "fs-extra",
+  "glob",
+  "globby",
+  "rimraf",
+  "mkdirp",
+  "chokidar",
+  // Validation
+  "joi",
+  "yup",
+  "zod",
+  "ajv",
+  "validator",
+  // Crypto & encoding
+  "crypto-js",
+  "node-forge",
+  "base64-js",
+  // Process & system
+  "cross-env",
+  "execa",
+  "shelljs",
+  "concurrently",
+  "npm-run-all",
+  // Configuration
+  "conf",
+  "config",
+  "dotenv",
+  "cosmiconfig",
+  "rc",
+  // Misc popular
+  "bluebird",
+  "async",
+  "rxjs",
+  "socket.io",
+  "ws",
+  "graphql",
+  "apollo-server",
+  "body-parser",
+  "cookie-parser",
+  "multer",
+  "sharp",
+  "jimp",
+  "pdf-lib",
+  "puppeteer",
+  "cheerio",
+  "jsdom",
+  "marked",
+  "markdown-it",
+  "highlight.js",
+  "prismjs"
+];
+var POPULAR_PIP_PACKAGES = [
+  "requests",
+  "numpy",
+  "pandas",
+  "scipy",
+  "matplotlib",
+  "flask",
+  "django",
+  "fastapi",
+  "uvicorn",
+  "pytest",
+  "click",
+  "pydantic",
+  "sqlalchemy",
+  "celery",
+  "redis",
+  "boto3",
+  "pillow",
+  "opencv-python",
+  "tensorflow",
+  "torch",
+  "transformers",
+  "scikit-learn",
+  "beautifulsoup4",
+  "lxml",
+  "aiohttp",
+  "httpx"
+];
+var POPULAR_CARGO_PACKAGES = [
+  "serde",
+  "tokio",
+  "async-std",
+  "clap",
+  "reqwest",
+  "actix-web",
+  "axum",
+  "rocket",
+  "diesel",
+  "sqlx",
+  "log",
+  "env_logger",
+  "tracing",
+  "anyhow",
+  "thiserror",
+  "rand",
+  "regex",
+  "chrono",
+  "uuid",
+  "serde_json"
+];
+var SUSPICIOUS_SCRIPT_PATTERNS = [
+  /curl\s+.*\|\s*(ba)?sh/i,
+  // curl | bash
+  /wget\s+.*\|\s*(ba)?sh/i,
+  // wget | bash
+  /eval\s*\(/i,
+  // eval()
+  /new\s+Function\s*\(/i,
+  // new Function()
+  /child_process/i,
+  // child_process
+  /\.exe["']?\s*$/i,
+  // .exe execution
+  /powershell/i,
+  // PowerShell
+  /base64\s+-d/i,
+  // Base64 decode
+  /\$\(.*\)/,
+  // Command substitution
+  /nc\s+-e/i,
+  // Netcat reverse shell
+  /python\s+-c/i,
+  // Python one-liner
+  /node\s+-e/i,
+  // Node one-liner
+  /rm\s+-rf/i,
+  // Dangerous removal
+  /\/dev\/tcp/i,
+  // Bash tcp
+  /mkfifo/i
+  // Named pipe (often used in reverse shells)
+];
+var KNOWN_MALICIOUS_PACKAGES = [
+  {
+    package: "event-stream",
+    manager: "npm",
+    reason: "Known supply chain attack (flatmap-stream)",
+    addedAt: "2018-11-26",
+    source: "community"
+  },
+  {
+    package: "flatmap-stream",
+    manager: "npm",
+    reason: "Malicious cryptocurrency stealer",
+    addedAt: "2018-11-26",
+    source: "community"
+  },
+  {
+    package: "ua-parser-js",
+    manager: "npm",
+    reason: "Compromised versions (0.7.29, 0.8.0, 1.0.0)",
+    addedAt: "2021-10-22",
+    source: "community"
+  },
+  {
+    package: "coa",
+    manager: "npm",
+    reason: "Compromised version 2.0.3",
+    addedAt: "2021-11-04",
+    source: "community"
+  },
+  {
+    package: "rc",
+    manager: "npm",
+    reason: "Compromised versions 1.2.9, 1.3.9, 2.3.9",
+    addedAt: "2021-11-04",
+    source: "community"
+  }
+];
+// src/services/security/package-scanner.ts
+var CACHE_TTL = 60 * 60 * 1e3;
+var packageInfoCache = /* @__PURE__ */ new Map();
+var configStore = new Conf({
+  projectName: "shiva-code",
+  defaults: {
+    packageSecurity: DEFAULT_PACKAGE_SCAN_CONFIG
+  }
+});
+var PackageScannerService = class {
+  // ─────────────────────────────────────────────────────────────────────────────
+  // Command Parsing
+  // ─────────────────────────────────────────────────────────────────────────────
+  /**
+   * Check if a command is an install command
+   */
+  isInstallCommand(command) {
+    const installPatterns = [
+      /^npm\s+(install|i|add)\b/i,
+      /^yarn\s+(add|install)\b/i,
+      /^pnpm\s+(add|install|i)\b/i,
+      /^pip\s+install\b/i,
+      /^pip3\s+install\b/i,
+      /^cargo\s+(add|install)\b/i,
+      /^go\s+(get|install)\b/i
+    ];
+    return installPatterns.some((pattern) => pattern.test(command.trim()));
+  }
+  /**
+   * Parse an install command to extract package names
+   */
+  parseCommand(command) {
+    const trimmed = command.trim();
+    const npmMatch = trimmed.match(/^(npm|yarn|pnpm)\s+(install|i|add)\s+(.+)$/i);
+    if (npmMatch) {
+      const managerMap = {
+        npm: "npm",
+        yarn: "yarn",
+        pnpm: "pnpm"
+      };
+      const manager = managerMap[npmMatch[1].toLowerCase()];
+      const argsStr = npmMatch[3];
+      const { packages, flags, isDev, isGlobal } = this.parseNpmArgs(argsStr);
+      return { manager, packages, flags, isDev, isGlobal };
+    }
+    const pipMatch = trimmed.match(/^pip3?\s+install\s+(.+)$/i);
+    if (pipMatch) {
+      const { packages, flags } = this.parsePipArgs(pipMatch[1]);
+      return { manager: "pip", packages, flags, isDev: false, isGlobal: false };
+    }
+    const cargoMatch = trimmed.match(/^cargo\s+(add|install)\s+(.+)$/i);
+    if (cargoMatch) {
+      const { packages, flags, isDev } = this.parseCargoArgs(cargoMatch[2]);
+      return { manager: "cargo", packages, flags, isDev, isGlobal: false };
+    }
+    const goMatch = trimmed.match(/^go\s+(get|install)\s+(.+)$/i);
+    if (goMatch) {
+      const { packages, flags } = this.parseGoArgs(goMatch[2]);
+      return { manager: "go", packages, flags, isDev: false, isGlobal: false };
+    }
+    return null;
+  }
+  parseNpmArgs(argsStr) {
+    const parts = argsStr.split(/\s+/);
+    const packages = [];
+    const flags = [];
+    let isDev = false;
+    let isGlobal = false;
+    for (const part of parts) {
+      if (part.startsWith("-")) {
+        flags.push(part);
+        if (part === "-D" || part === "--save-dev" || part === "--dev") {
+          isDev = true;
+        }
+        if (part === "-g" || part === "--global") {
+          isGlobal = true;
+        }
+      } else if (part.length > 0) {
+        const pkgName = part.split("@")[0] || part;
+        if (pkgName.length > 0) {
+          packages.push(pkgName);
+        }
+      }
+    }
+    return { packages, flags, isDev, isGlobal };
+  }
+  parsePipArgs(argsStr) {
+    const parts = argsStr.split(/\s+/);
+    const packages = [];
+    const flags = [];
+    for (let i = 0; i < parts.length; i++) {
+      const part = parts[i];
+      if (part.startsWith("-")) {
+        flags.push(part);
+        if ((part === "-r" || part === "--requirement") && i + 1 < parts.length) {
+          i++;
+        }
+      } else if (part.length > 0) {
+        const pkgName = part.split(/[=<>!~\[]/)[0];
+        if (pkgName.length > 0) {
+          packages.push(pkgName);
+        }
+      }
+    }
+    return { packages, flags };
+  }
+  parseCargoArgs(argsStr) {
+    const parts = argsStr.split(/\s+/);
+    const packages = [];
+    const flags = [];
+    let isDev = false;
+    for (const part of parts) {
+      if (part.startsWith("-")) {
+        flags.push(part);
+        if (part === "--dev" || part === "-D") {
+          isDev = true;
+        }
+      } else if (part.length > 0) {
+        packages.push(part);
+      }
+    }
+    return { packages, flags, isDev };
+  }
+  parseGoArgs(argsStr) {
+    const parts = argsStr.split(/\s+/);
+    const packages = [];
+    const flags = [];
+    for (const part of parts) {
+      if (part.startsWith("-")) {
+        flags.push(part);
+      } else if (part.length > 0) {
+        packages.push(part);
+      }
+    }
+    return { packages, flags };
+  }
+  // ─────────────────────────────────────────────────────────────────────────────
+  // Package Info Fetching
+  // ─────────────────────────────────────────────────────────────────────────────
+  /**
+   * Get npm package info from registry
+   */
+  async getNpmPackageInfo(name) {
+    const cacheKey = `npm:${name}`;
+    const cached = packageInfoCache.get(cacheKey);
+    if (cached && Date.now() - cached.timestamp < CACHE_TTL) {
+      return cached.data;
+    }
+    try {
+      const metaResponse = await fetch(`https://registry.npmjs.org/${encodeURIComponent(name)}`);
+      if (!metaResponse.ok) {
+        if (metaResponse.status === 404) {
+          return null;
+        }
+        throw new Error(`npm registry returned ${metaResponse.status}`);
+      }
+      const meta = await metaResponse.json();
+      const latestVersion = meta["dist-tags"]?.latest;
+      const versionData = latestVersion ? meta.versions?.[latestVersion] : null;
+      let weeklyDownloads = 0;
+      try {
+        const downloadsResponse = await fetch(
+          `https://api.npmjs.org/downloads/point/last-week/${encodeURIComponent(name)}`
+        );
+        if (downloadsResponse.ok) {
+          const downloads = await downloadsResponse.json();
+          weeklyDownloads = downloads.downloads || 0;
+        }
+      } catch {
+      }
+      const info = {
+        name: meta.name || name,
+        version: latestVersion || "0.0.0",
+        description: meta.description,
+        weeklyDownloads,
+        publishedAt: (latestVersion ? meta.time?.[latestVersion] : void 0) || meta.time?.created || (/* @__PURE__ */ new Date()).toISOString(),
+        maintainers: meta.maintainers?.map((m) => m.name) || [],
+        repository: versionData?.repository?.url || meta.repository?.url,
+        homepage: versionData?.homepage || meta.homepage,
+        scripts: versionData?.scripts,
+        dependencies: versionData?.dependencies,
+        devDependencies: versionData?.devDependencies
+      };
+      packageInfoCache.set(cacheKey, { data: info, timestamp: Date.now() });
+      return info;
+    } catch {
+      return null;
+    }
+  }
+  /**
+   * Get PyPI package info from registry
+   */
+  async getPyPIPackageInfo(name) {
+    const cacheKey = `pip:${name}`;
+    const cached = packageInfoCache.get(cacheKey);
+    if (cached && Date.now() - cached.timestamp < CACHE_TTL) {
+      return cached.data;
+    }
+    try {
+      const response = await fetch(`https://pypi.org/pypi/${encodeURIComponent(name)}/json`);
+      if (!response.ok) {
+        if (response.status === 404) {
+          return null;
+        }
+        throw new Error(`PyPI returned ${response.status}`);
+      }
+      const data = await response.json();
+      const releaseInfo = data.info;
+      const info = {
+        name: releaseInfo.name,
+        version: releaseInfo.version,
+        summary: releaseInfo.summary,
+        downloads: 0,
+        // PyPI doesn't expose download counts directly
+        releaseDate: data.urls?.[0]?.upload_time || (/* @__PURE__ */ new Date()).toISOString(),
+        author: releaseInfo.author,
+        homePage: releaseInfo.home_page || releaseInfo.project_url,
+        license: releaseInfo.license
+      };
+      packageInfoCache.set(cacheKey, { data: info, timestamp: Date.now() });
+      return info;
+    } catch {
+      return null;
+    }
+  }
+  /**
+   * Get Cargo package info from crates.io
+   */
+  async getCargoPackageInfo(name) {
+    const cacheKey = `cargo:${name}`;
+    const cached = packageInfoCache.get(cacheKey);
+    if (cached && Date.now() - cached.timestamp < CACHE_TTL) {
+      return cached.data;
+    }
+    try {
+      const response = await fetch(`https://crates.io/api/v1/crates/${encodeURIComponent(name)}`, {
+        headers: {
+          "User-Agent": "shiva-cli (https://shiva.li)"
+        }
+      });
+      if (!response.ok) {
+        if (response.status === 404) {
+          return null;
+        }
+        throw new Error(`crates.io returned ${response.status}`);
+      }
+      const data = await response.json();
+      const crateInfo = data.crate;
+      const latestVersion = data.versions?.[0];
+      const info = {
+        name: crateInfo.name,
+        version: latestVersion?.num || "0.0.0",
+        description: crateInfo.description,
+        downloads: crateInfo.downloads || 0,
+        repository: crateInfo.repository,
+        homepage: crateInfo.homepage,
+        createdAt: latestVersion?.created_at || crateInfo.created_at || (/* @__PURE__ */ new Date()).toISOString()
+      };
+      packageInfoCache.set(cacheKey, { data: info, timestamp: Date.now() });
+      return info;
+    } catch {
+      return null;
+    }
+  }
+  // ─────────────────────────────────────────────────────────────────────────────
+  // Individual Checks
+  // ─────────────────────────────────────────────────────────────────────────────
+  /**
+   * Check download count
+   */
+  checkDownloadCount(weeklyDownloads, manager) {
+    const config = this.getConfig();
+    const minDownloads = config.minDownloads;
+    if (weeklyDownloads < 10) {
+      return {
+        name: "Downloads",
+        status: "fail",
+        message: `${weeklyDownloads}/week (critical - nearly no usage)`,
+        severity: "critical"
+      };
+    }
+    if (weeklyDownloads < minDownloads) {
+      return {
+        name: "Downloads",
+        status: "fail",
+        message: `${weeklyDownloads.toLocaleString()}/week (< ${minDownloads})`,
+        severity: "high"
+      };
+    }
+    if (weeklyDownloads < minDownloads * 10) {
+      return {
+        name: "Downloads",
+        status: "warn",
+        message: `${weeklyDownloads.toLocaleString()}/week (low)`,
+        severity: "medium"
+      };
+    }
+    return {
+      name: "Downloads",
+      status: "pass",
+      message: `${weeklyDownloads.toLocaleString()}/week`,
+      severity: "info"
+    };
+  }
+  /**
+   * Check package age
+   */
+  checkPublishAge(publishedAt) {
+    const config = this.getConfig();
+    const publishDate = new Date(publishedAt);
+    const now = /* @__PURE__ */ new Date();
+    const ageInDays = Math.floor((now.getTime() - publishDate.getTime()) / (1e3 * 60 * 60 * 24));
+    if (ageInDays < 1) {
+      return {
+        name: "Age",
+        status: "fail",
+        message: `Published today (critical)`,
+        severity: "critical"
+      };
+    }
+    if (ageInDays < config.maxAgeDays) {
+      return {
+        name: "Age",
+        status: "fail",
+        message: `${ageInDays} days old (< ${config.maxAgeDays} days)`,
+        severity: "high"
+      };
+    }
+    if (ageInDays < 30) {
+      return {
+        name: "Age",
+        status: "warn",
+        message: `${ageInDays} days old (relatively new)`,
+        severity: "medium"
+      };
+    }
+    const years = Math.floor(ageInDays / 365);
+    const months = Math.floor(ageInDays % 365 / 30);
+    let ageStr;
+    if (years > 0) {
+      ageStr = `${years} year${years > 1 ? "s" : ""}`;
+    } else if (months > 0) {
+      ageStr = `${months} month${months > 1 ? "s" : ""}`;
+    } else {
+      ageStr = `${ageInDays} days`;
+    }
+    return {
+      name: "Age",
+      status: "pass",
+      message: ageStr,
+      severity: "info"
+    };
+  }
+  /**
+   * Check for typosquatting
+   */
+  checkTyposquatting(name, manager) {
+    const config = this.getConfig();
+    if (!config.checkTyposquatting) {
+      return {
+        name: "Typosquatting",
+        status: "pass",
+        message: "Check disabled",
+        severity: "info"
+      };
+    }
+    const similarPackages = this.findSimilarPopularPackages(name, manager);
+    if (similarPackages.length > 0) {
+      return {
+        name: "Typosquatting",
+        status: "fail",
+        message: `Similar to "${similarPackages[0]}"`,
+        severity: "critical"
+      };
+    }
+    return {
+      name: "Typosquatting",
+      status: "pass",
+      message: "No similar popular packages",
+      severity: "info"
+    };
+  }
+  /**
+   * Check install scripts for suspicious patterns
+   */
+  checkScripts(scripts) {
+    const config = this.getConfig();
+    if (!config.checkScripts || !scripts) {
+      return {
+        name: "Scripts",
+        status: "pass",
+        message: scripts ? "Check disabled" : "No install scripts",
+        severity: "info"
+      };
+    }
+    const suspiciousScripts = [];
+    for (const [scriptName, scriptContent] of Object.entries(scripts)) {
+      if (!scriptContent) continue;
+      for (const pattern of SUSPICIOUS_SCRIPT_PATTERNS) {
+        if (pattern.test(scriptContent)) {
+          suspiciousScripts.push(scriptName);
+          break;
+        }
+      }
+    }
+    if (suspiciousScripts.length > 0) {
+      return {
+        name: "Scripts",
+        status: "fail",
+        message: `Suspicious ${suspiciousScripts.join(", ")} script`,
+        severity: "critical"
+      };
+    }
+    const hasInstallScripts = scripts.preinstall || scripts.install || scripts.postinstall;
+    if (hasInstallScripts) {
+      return {
+        name: "Scripts",
+        status: "warn",
+        message: "Has install scripts (review recommended)",
+        severity: "low"
+      };
+    }
+    return {
+      name: "Scripts",
+      status: "pass",
+      message: "No suspicious scripts",
+      severity: "info"
+    };
+  }
+  /**
+   * Check repository presence
+   */
+  checkRepository(repository) {
+    if (!repository) {
+      return {
+        name: "Repository",
+        status: "warn",
+        message: "No repository linked",
+        severity: "medium"
+      };
+    }
+    const isKnownHost = repository.includes("github.com") || repository.includes("gitlab.com") || repository.includes("bitbucket.org");
+    if (isKnownHost) {
+      return {
+        name: "Repository",
+        status: "pass",
+        message: repository.replace(/^git\+/, "").replace(/\.git$/, ""),
+        severity: "info"
+      };
+    }
+    return {
+      name: "Repository",
+      status: "warn",
+      message: "Unknown repository host",
+      severity: "low"
+    };
+  }
+  /**
+   * Check maintainer count
+   */
+  checkMaintainers(maintainers) {
+    if (maintainers.length === 0) {
+      return {
+        name: "Maintainers",
+        status: "warn",
+        message: "No maintainers listed",
+        severity: "medium"
+      };
+    }
+    if (maintainers.length === 1) {
+      return {
+        name: "Maintainers",
+        status: "pass",
+        message: `1 (${maintainers[0]})`,
+        severity: "info"
+      };
+    }
+    return {
+      name: "Maintainers",
+      status: "pass",
+      message: `${maintainers.length}`,
+      severity: "info"
+    };
+  }
+  /**
+   * Check blocklist
+   */
+  checkBlocklist(name, manager) {
+    const config = this.getConfig();
+    const blocked = config.blocklist.find((entry) => entry.package === name && entry.manager === manager);
+    if (blocked) {
+      return {
+        name: "Blocklist",
+        status: "fail",
+        message: blocked.reason,
+        severity: "critical"
+      };
+    }
+    const malicious = KNOWN_MALICIOUS_PACKAGES.find(
+      (entry) => entry.package === name && entry.manager === manager
+    );
+    if (malicious) {
+      return {
+        name: "Blocklist",
+        status: "fail",
+        message: malicious.reason,
+        severity: "critical"
+      };
+    }
+    return {
+      name: "Blocklist",
+      status: "pass",
+      message: "Not blocklisted",
+      severity: "info"
+    };
+  }
+  /**
+   * Check allowlist
+   */
+  isAllowlisted(name) {
+    const config = this.getConfig();
+    return config.allowlist.includes(name);
+  }
+  // ─────────────────────────────────────────────────────────────────────────────
+  // Typosquatting Detection
+  // ─────────────────────────────────────────────────────────────────────────────
+  /**
+   * Calculate Levenshtein distance between two strings
+   */
+  getLevenshteinDistance(a, b) {
+    const matrix = [];
+    for (let i = 0; i <= b.length; i++) {
+      matrix[i] = [i];
+    }
+    for (let j = 0; j <= a.length; j++) {
+      matrix[0][j] = j;
+    }
+    for (let i = 1; i <= b.length; i++) {
+      for (let j = 1; j <= a.length; j++) {
+        if (b.charAt(i - 1) === a.charAt(j - 1)) {
+          matrix[i][j] = matrix[i - 1][j - 1];
+        } else {
+          matrix[i][j] = Math.min(
+            matrix[i - 1][j - 1] + 1,
+            // substitution
+            matrix[i][j - 1] + 1,
+            // insertion
+            matrix[i - 1][j] + 1
+            // deletion
+          );
+        }
+      }
+    }
+    return matrix[b.length][a.length];
+  }
+  /**
+   * Find similar popular packages (potential typosquatting)
+   */
+  findSimilarPopularPackages(name, manager) {
+    let popularPackages;
+    switch (manager) {
+      case "npm":
+      case "yarn":
+      case "pnpm":
+        popularPackages = POPULAR_NPM_PACKAGES;
+        break;
+      case "pip":
+        popularPackages = POPULAR_PIP_PACKAGES;
+        break;
+      case "cargo":
+        popularPackages = POPULAR_CARGO_PACKAGES;
+        break;
+      default:
+        return [];
+    }
+    const normalizedName = name.toLowerCase();
+    const similar = [];
+    for (const pkg of popularPackages) {
+      if (pkg === normalizedName) {
+        continue;
+      }
+      const distance = this.getLevenshteinDistance(normalizedName, pkg);
+      const maxAllowedDistance = Math.min(2, Math.floor(pkg.length / 4));
+      const isCommonTypo = normalizedName.replace(/-/g, "") === pkg.replace(/-/g, "") || normalizedName.replace(/_/g, "") === pkg.replace(/_/g, "") || normalizedName.replace(/js$/, "") === pkg || normalizedName.replace(/-js$/, "") === pkg || `${normalizedName}js` === pkg || `${normalizedName}-js` === pkg;
+      if (distance <= maxAllowedDistance || isCommonTypo) {
+        similar.push(pkg);
+      }
+    }
+    return similar;
+  }
+  // ─────────────────────────────────────────────────────────────────────────────
+  // Risk Calculation
+  // ─────────────────────────────────────────────────────────────────────────────
+  /**
+   * Calculate overall risk score from checks
+   */
+  calculateRiskScore(checks) {
+    let penalty = 0;
+    for (const check of checks) {
+      if (check.status === "fail") {
+        switch (check.severity) {
+          case "critical":
+            penalty += 40;
+            break;
+          case "high":
+            penalty += 25;
+            break;
+          case "medium":
+            penalty += 15;
+            break;
+          case "low":
+            penalty += 5;
+            break;
+        }
+      } else if (check.status === "warn") {
+        switch (check.severity) {
+          case "critical":
+            penalty += 20;
+            break;
+          case "high":
+            penalty += 12;
+            break;
+          case "medium":
+            penalty += 8;
+            break;
+          case "low":
+            penalty += 3;
+            break;
+        }
+      }
+    }
+    return Math.max(0, 100 - penalty);
+  }
+  /**
+   * Determine recommendation based on score and checks
+   */
+  determineRecommendation(score, checks) {
+    const hasCriticalFail = checks.some((c) => c.status === "fail" && c.severity === "critical");
+    if (hasCriticalFail || score < 30) {
+      return "block";
+    }
+    if (score < 60) {
+      return "warn";
+    }
+    return "allow";
+  }
+  /**
+   * Determine risk level from score
+   */
+  getRiskLevel(score) {
+    if (score < 30) return "critical";
+    if (score < 50) return "high";
+    if (score < 70) return "medium";
+    return "low";
+  }
+  // ─────────────────────────────────────────────────────────────────────────────
+  // Core Scanning
+  // ─────────────────────────────────────────────────────────────────────────────
+  /**
+   * Scan a single package
+   */
+  async scanPackage(name, manager) {
+    if (this.isAllowlisted(name)) {
+      return {
+        package: name,
+        manager,
+        risk: "low",
+        score: 100,
+        checks: [
+          {
+            name: "Allowlist",
+            status: "pass",
+            message: "Package is allowlisted",
+            severity: "info"
+          }
+        ],
+        recommendation: "allow"
+      };
+    }
+    const checks = [];
+    let suggestion;
+    const blocklistCheck = this.checkBlocklist(name, manager);
+    checks.push(blocklistCheck);
+    if (blocklistCheck.status === "fail") {
+      return {
+        package: name,
+        manager,
+        risk: "critical",
+        score: 0,
+        checks,
+        recommendation: "block"
+      };
+    }
+    if (manager === "npm" || manager === "yarn" || manager === "pnpm") {
+      const info = await this.getNpmPackageInfo(name);
+      if (!info) {
+        checks.push({
+          name: "Registry",
+          status: "fail",
+          message: "Package not found in npm registry",
+          severity: "critical"
+        });
+        const typosquatCheck2 = this.checkTyposquatting(name, manager);
+        checks.push(typosquatCheck2);
+        if (typosquatCheck2.status === "fail") {
+          const similar = this.findSimilarPopularPackages(name, manager);
+          if (similar.length > 0) {
+            suggestion = similar[0];
+          }
+        }
+        return {
+          package: name,
+          manager,
+          risk: "critical",
+          score: 0,
+          checks,
+          recommendation: "block",
+          suggestion
+        };
+      }
+      checks.push(this.checkDownloadCount(info.weeklyDownloads, manager));
+      checks.push(this.checkPublishAge(info.publishedAt));
+      checks.push(this.checkTyposquatting(name, manager));
+      checks.push(this.checkScripts(info.scripts));
+      checks.push(this.checkRepository(info.repository));
+      checks.push(this.checkMaintainers(info.maintainers));
+      const typosquatCheck = checks.find((c) => c.name === "Typosquatting");
+      if (typosquatCheck?.status === "fail") {
+        const similar = this.findSimilarPopularPackages(name, manager);
+        if (similar.length > 0) {
+          suggestion = similar[0];
+        }
+      }
+    } else if (manager === "pip") {
+      const info = await this.getPyPIPackageInfo(name);
+      if (!info) {
+        checks.push({
+          name: "Registry",
+          status: "fail",
+          message: "Package not found in PyPI",
+          severity: "critical"
+        });
+        const typosquatCheck = this.checkTyposquatting(name, manager);
+        checks.push(typosquatCheck);
+        if (typosquatCheck.status === "fail") {
+          const similar = this.findSimilarPopularPackages(name, manager);
+          if (similar.length > 0) {
+            suggestion = similar[0];
+          }
+        }
+        return {
+          package: name,
+          manager,
+          risk: "critical",
+          score: 0,
+          checks,
+          recommendation: "block",
+          suggestion
+        };
+      }
+      checks.push(this.checkPublishAge(info.releaseDate));
+      checks.push(this.checkTyposquatting(name, manager));
+      checks.push({
+        name: "Repository",
+        status: info.homePage ? "pass" : "warn",
+        message: info.homePage || "No homepage linked",
+        severity: info.homePage ? "info" : "medium"
+      });
+    } else if (manager === "cargo") {
+      const info = await this.getCargoPackageInfo(name);
+      if (!info) {
+        checks.push({
+          name: "Registry",
+          status: "fail",
+          message: "Package not found in crates.io",
+          severity: "critical"
+        });
+        const typosquatCheck = this.checkTyposquatting(name, manager);
+        checks.push(typosquatCheck);
+        return {
+          package: name,
+          manager,
+          risk: "critical",
+          score: 0,
+          checks,
+          recommendation: "block"
+        };
+      }
+      checks.push(this.checkDownloadCount(info.downloads, manager));
+      checks.push(this.checkPublishAge(info.createdAt));
+      checks.push(this.checkTyposquatting(name, manager));
+      checks.push(this.checkRepository(info.repository));
+    }
+    const score = this.calculateRiskScore(checks);
+    const recommendation = this.determineRecommendation(score, checks);
+    const risk = this.getRiskLevel(score);
+    return {
+      package: name,
+      manager,
+      risk,
+      score,
+      checks,
+      recommendation,
+      suggestion
+    };
+  }
+  /**
+   * Scan multiple packages
+   */
+  async scanPackages(packages, manager) {
+    const results = await Promise.all(packages.map((pkg) => this.scanPackage(pkg, manager)));
+    return results;
+  }
+  /**
+   * Scan a command (for hook integration)
+   */
+  async scanCommand(command) {
+    if (!this.isInstallCommand(command)) {
+      return null;
+    }
+    const parsed = this.parseCommand(command);
+    if (!parsed || parsed.packages.length === 0) {
+      return null;
+    }
+    return this.scanPackages(parsed.packages, parsed.manager);
+  }
+  // ─────────────────────────────────────────────────────────────────────────────
+  // Hook Integration
+  // ─────────────────────────────────────────────────────────────────────────────
+  /**
+   * Generate hook output for Claude Code
+   */
+  generateHookOutput(results) {
+    const config = this.getConfig();
+    const blockedPackages = results.filter((r) => r.recommendation === "block");
+    const warnPackages = results.filter((r) => r.recommendation === "warn");
+    if (blockedPackages.length > 0) {
+      const pkg = blockedPackages[0];
+      let reason = `Package '${pkg.package}' blocked:`;
+      const criticalChecks = pkg.checks.filter((c) => c.status === "fail" && c.severity === "critical");
+      if (criticalChecks.length > 0) {
+        reason += ` ${criticalChecks.map((c) => c.message).join(", ")}`;
+      } else {
+        reason += ` Risk score ${pkg.score}/100`;
+      }
+      if (pkg.suggestion) {
+        reason += `
+Did you mean: ${pkg.suggestion}?`;
+      }
+      if (config.autoBlock) {
+        return {
+          decision: "block",
+          reason
+        };
+      }
+      return {
+        hookSpecificOutput: {
+          additionalContext: `\u{1F6E1}\uFE0F SHIVA Security Warning:
+${reason}
+Review the package before proceeding.`
+        }
+      };
+    }
+    if (warnPackages.length > 0) {
+      const warnings = warnPackages.map((pkg) => {
+        const issues = pkg.checks.filter((c) => c.status === "warn" || c.status === "fail").map((c) => c.message);
+        return `${pkg.package}: ${issues.join(", ")}`;
+      }).join("\n");
+      return {
+        hookSpecificOutput: {
+          additionalContext: `\u26A0\uFE0F SHIVA Security Notice:
+${warnings}
+Continue with caution.`
+        }
+      };
+    }
+    return { hookSpecificOutput: null };
+  }
+  // ─────────────────────────────────────────────────────────────────────────────
+  // Blocklist/Allowlist Management
+  // ─────────────────────────────────────────────────────────────────────────────
+  /**
+   * Add a package to the blocklist
+   */
+  addToBlocklist(entry) {
+    const config = this.getConfig();
+    const existing = config.blocklist.find(
+      (e) => e.package === entry.package && e.manager === entry.manager
+    );
+    if (existing) {
+      existing.reason = entry.reason;
+      existing.source = entry.source;
+    } else {
+      config.blocklist.push({
+        ...entry,
+        addedAt: (/* @__PURE__ */ new Date()).toISOString()
+      });
+    }
+    this.updateConfig(config);
+  }
+  /**
+   * Remove a package from the blocklist
+   */
+  removeFromBlocklist(packageName, manager) {
+    const config = this.getConfig();
+    const index = config.blocklist.findIndex(
+      (e) => e.package === packageName && e.manager === manager
+    );
+    if (index === -1) {
+      return false;
+    }
+    config.blocklist.splice(index, 1);
+    this.updateConfig(config);
+    return true;
+  }
+  /**
+   * Check if a package is blocked
+   */
+  isBlocked(name, manager) {
+    const config = this.getConfig();
+    return config.blocklist.some((e) => e.package === name && e.manager === manager) || KNOWN_MALICIOUS_PACKAGES.some((e) => e.package === name && e.manager === manager);
+  }
+  /**
+   * Add a package to the allowlist
+   */
+  addToAllowlist(packageName) {
+    const config = this.getConfig();
+    if (!config.allowlist.includes(packageName)) {
+      config.allowlist.push(packageName);
+      this.updateConfig(config);
+    }
+  }
+  /**
+   * Remove a package from the allowlist
+   */
+  removeFromAllowlist(packageName) {
+    const config = this.getConfig();
+    const index = config.allowlist.indexOf(packageName);
+    if (index === -1) {
+      return false;
+    }
+    config.allowlist.splice(index, 1);
+    this.updateConfig(config);
+    return true;
+  }
+  // ─────────────────────────────────────────────────────────────────────────────
+  // Configuration
+  // ─────────────────────────────────────────────────────────────────────────────
+  /**
+   * Get current configuration
+   */
+  getConfig() {
+    return configStore.get("packageSecurity");
+  }
+  /**
+   * Update configuration
+   */
+  updateConfig(config) {
+    const current = this.getConfig();
+    configStore.set("packageSecurity", { ...current, ...config });
+  }
+  /**
+   * Reset configuration to defaults
+   */
+  resetConfig() {
+    configStore.set("packageSecurity", DEFAULT_PACKAGE_SCAN_CONFIG);
+  }
+  /**
+   * Clear package info cache
+   */
+  clearCache() {
+    packageInfoCache.clear();
+  }
+};
+var packageScanner = new PackageScannerService();
+// src/commands/advanced/hook.ts
+var CLAUDE_SETTINGS_PATH = join(homedir(), ".claude", "settings.json");
+function getClaudeSettings() {
+  if (!existsSync(CLAUDE_SETTINGS_PATH)) {
+    return {};
+  }
+  try {
+    const content = readFileSync(CLAUDE_SETTINGS_PATH, "utf-8");
+    return JSON.parse(content);
+  } catch {
+    return {};
+  }
+}
+function saveClaudeSettings(settings) {
+  const dir = join(homedir(), ".claude");
+  if (!existsSync(dir)) {
+    mkdirSync(dir, { recursive: true });
+  }
+  writeFileSync(CLAUDE_SETTINGS_PATH, JSON.stringify(settings, null, 2));
+}
+function hasShivaHook(hooks, event) {
+  if (!hooks || !hooks[event]) return false;
+  const eventHooks = hooks[event];
+  return eventHooks.some(
+    (entry) => entry.hooks?.some((h) => h.command?.includes("shiva"))
+  );
+}
+function removeShivaHooks(eventHooks) {
+  return eventHooks.filter(
+    (entry) => !entry.hooks?.some((h) => h.command?.includes("shiva"))
+  );
+}
+var hookCommand = new Command("hook").description("Claude Code Hook Integration verwalten");
+hookCommand.command("install").description("SHIVA Hooks in Claude Code installieren").option("--github", "GitHub Context Injection aktivieren").option("--sync", "Cloud Sync Hooks aktivieren (Standard)").option("--scan", "Package Security Scanning aktivieren").option("--all", "Alle Hooks aktivieren").action((options) => {
+  log.brand();
+  const claudePath = join(homedir(), ".claude");
+  if (!existsSync(claudePath)) {
+    log.error("Claude Code nicht gefunden");
+    log.newline();
+    log.info("Installiere Claude Code:");
+    log.plain("  npm install -g @anthropic-ai/claude-code");
+    log.newline();
+    log.dim("Oder: https://claude.ai/code");
+    return;
+  }
+  const settings = getClaudeSettings();
+  if (!settings.hooks) {
+    settings.hooks = {};
+  }
+  const installSync = options.sync || options.all || !options.github && !options.scan;
+  const installGithub = options.github || options.all;
+  const installScan = options.scan || options.all;
+  const hasSyncHooks = hasShivaHook(settings.hooks, "SessionStart") || hasShivaHook(settings.hooks, "Stop");
+  const hasGithubHook = hasShivaContextHook(settings.hooks);
+  const hasScanHook = hasShivaScanHook(settings.hooks);
+  if (hasSyncHooks && installSync && !installGithub && !installScan) {
+    log.warn("SHIVA Sync Hooks sind bereits installiert");
+    log.newline();
+    log.info("GitHub Context Injection hinzuf\xFCgen:");
+    log.plain("  shiva hook install --github");
+    log.newline();
+    log.info("Package Scanning hinzuf\xFCgen:");
+    log.plain("  shiva hook install --scan");
+    log.newline();
+    log.info("Oder neu installieren:");
+    log.plain("  shiva hook uninstall && shiva hook install --all");
+    return;
+  }
+  let installedSomething = false;
+  if (installSync && !hasSyncHooks) {
+    if (!settings.hooks.SessionStart) {
+      settings.hooks.SessionStart = [];
+    }
+    settings.hooks.SessionStart.push({
+      hooks: [
+        {
+          type: "command",
+          command: "shiva sync --pull --quiet",
+          timeout: 30
+        }
+      ]
+    });
+    if (!settings.hooks.Stop) {
+      settings.hooks.Stop = [];
+    }
+    settings.hooks.Stop.push({
+      hooks: [
+        {
+          type: "command",
+          command: "shiva sync --push --quiet",
+          timeout: 30
+        }
+      ]
+    });
+    installedSomething = true;
+  }
+  if (installGithub && !hasGithubHook) {
+    if (!settings.hooks.SessionStart) {
+      settings.hooks.SessionStart = [];
+    }
+    settings.hooks.SessionStart.push({
+      hooks: [
+        {
+          type: "command",
+          command: "shiva hook inject-context",
+          timeout: 15
+        }
+      ]
+    });
+    installedSomething = true;
+  }
+  if (installScan && !hasScanHook) {
+    if (!settings.hooks.PreToolUse) {
+      settings.hooks.PreToolUse = [];
+    }
+    settings.hooks.PreToolUse.push({
+      matcher: "Bash",
+      hooks: [
+        {
+          type: "command",
+          command: 'shiva hook scan-command "$TOOL_INPUT"',
+          timeout: 30
+        }
+      ]
+    });
+    installedSomething = true;
+  }
+  if (!installedSomething) {
+    log.warn("Alle ausgew\xE4hlten Hooks sind bereits installiert");
+    log.newline();
+    log.info("Status anzeigen: shiva hook status");
+    return;
+  }
+  saveClaudeSettings(settings);
+  log.success("SHIVA Hooks installiert!");
+  log.newline();
+  log.header("Aktive Hooks");
+  if (installSync || hasSyncHooks) {
+    log.tree.item("SessionStart: Memories laden (Cloud Sync)");
+    log.tree.item("Stop: Memories speichern (Cloud Sync)");
+  }
+  if (installGithub || hasGithubHook) {
+    log.tree.item("SessionStart: GitHub Context injizieren");
+  }
+  if (installScan || hasScanHook) {
+    log.tree.item("PreToolUse: Package Security Scanning");
+  }
+  log.newline();
+  log.dim("Claude Code wird nun automatisch mit SHIVA integriert.");
+  log.newline();
+  log.info("Starte Claude Code wie gewohnt:");
+  log.plain("  claude");
+});
+function hasShivaContextHook(hooks) {
+  if (!hooks || !hooks.SessionStart) return false;
+  const eventHooks = hooks.SessionStart;
+  return eventHooks.some(
+    (entry) => entry.hooks?.some((h) => h.command?.includes("inject-context"))
+  );
+}
+function hasShivaScanHook(hooks) {
+  if (!hooks || !hooks.PreToolUse) return false;
+  const eventHooks = hooks.PreToolUse;
+  return eventHooks.some(
+    (entry) => entry.matcher === "Bash" && entry.hooks?.some((h) => h.command?.includes("shiva hook scan-command"))
+  );
+}
+hookCommand.command("uninstall").description("SHIVA Hooks aus Claude Code entfernen").action(() => {
+  log.brand();
+  const settings = getClaudeSettings();
+  if (!settings.hooks) {
+    log.info("Keine Hooks installiert");
+    return;
+  }
+  let removed = false;
+  if (settings.hooks.SessionStart) {
+    const before = settings.hooks.SessionStart.length;
+    settings.hooks.SessionStart = removeShivaHooks(settings.hooks.SessionStart);
+    if (settings.hooks.SessionStart.length < before) removed = true;
+    if (settings.hooks.SessionStart.length === 0) delete settings.hooks.SessionStart;
+  }
+  if (settings.hooks.Stop) {
+    const before = settings.hooks.Stop.length;
+    settings.hooks.Stop = removeShivaHooks(settings.hooks.Stop);
+    if (settings.hooks.Stop.length < before) removed = true;
+    if (settings.hooks.Stop.length === 0) delete settings.hooks.Stop;
+  }
+  if (settings.hooks.PreToolUse) {
+    const before = settings.hooks.PreToolUse.length;
+    settings.hooks.PreToolUse = removeShivaHooks(settings.hooks.PreToolUse);
+    if (settings.hooks.PreToolUse.length < before) removed = true;
+    if (settings.hooks.PreToolUse.length === 0) delete settings.hooks.PreToolUse;
+  }
+  if (Object.keys(settings.hooks).length === 0) {
+    delete settings.hooks;
+  }
+  saveClaudeSettings(settings);
+  if (removed) {
+    log.success("SHIVA Hooks entfernt");
+  } else {
+    log.info("Keine SHIVA Hooks gefunden");
+  }
+});
+hookCommand.command("status").description("Hook-Status anzeigen").action(() => {
+  log.brand();
+  log.header("Hook Status");
+  log.newline();
+  const settings = getClaudeSettings();
+  if (!settings.hooks) {
+    log.listItem("Keine Hooks installiert", "pending");
+    log.newline();
+    log.info("Installieren mit: shiva hook install");
+    return;
+  }
+  const hasSessionStart = hasShivaHook(settings.hooks, "SessionStart");
+  const hasStop = hasShivaHook(settings.hooks, "Stop");
+  const hasGithub = hasShivaContextHook(settings.hooks);
+  const hasScan = hasShivaScanHook(settings.hooks);
+  log.plain("Cloud Sync:");
+  if (hasSessionStart) {
+    log.listItem("SessionStart: Memories laden", "synced");
+  } else {
+    log.listItem("SessionStart: nicht aktiv", "pending");
+  }
+  if (hasStop) {
+    log.listItem("Stop: Memories speichern", "synced");
+  } else {
+    log.listItem("Stop: nicht aktiv", "pending");
+  }
+  log.newline();
+  log.plain("GitHub Integration:");
+  if (hasGithub) {
+    log.listItem("SessionStart: GitHub Context injizieren", "synced");
+  } else {
+    log.listItem("GitHub Context: nicht aktiv", "pending");
+  }
+  log.newline();
+  log.plain("Security:");
+  if (hasScan) {
+    log.listItem("PreToolUse: Package Security Scanning", "synced");
+  } else {
+    log.listItem("Package Scanning: nicht aktiv", "pending");
+  }
+  log.newline();
+  const allInstalled = hasSessionStart && hasStop && hasGithub && hasScan;
+  const syncInstalled = hasSessionStart && hasStop;
+  const anyInstalled = hasSessionStart || hasStop || hasGithub || hasScan;
+  if (allInstalled) {
+    log.success("SHIVA ist vollst\xE4ndig integriert (Sync + GitHub + Security)");
+  } else if (syncInstalled && hasGithub && !hasScan) {
+    log.success("Cloud Sync + GitHub aktiv");
+    log.info("Package Scanning hinzuf\xFCgen: shiva hook install --scan");
+  } else if (syncInstalled && !hasGithub) {
+    log.success("Cloud Sync aktiv");
+    log.info("GitHub Context hinzuf\xFCgen: shiva hook install --github");
+    log.info("Package Scanning hinzuf\xFCgen: shiva hook install --scan");
+  } else if (hasGithub && !syncInstalled) {
+    log.success("GitHub Context aktiv");
+    log.info("Cloud Sync hinzuf\xFCgen: shiva hook install --sync");
+  } else if (anyInstalled) {
+    log.warn("SHIVA ist teilweise integriert");
+    log.info("Alle Hooks: shiva hook install --all");
+  } else {
+    log.info("Installieren mit: shiva hook install");
+  }
+});
+hookCommand.command("inject-context").description("GitHub Context in Session injizieren (f\xFCr Hook)").option("--quiet", "Keine Logs ausgeben").action(async (options) => {
+  const projectPath = process.cwd();
+  if (!isGhInstalled() || !isGhAuthenticated()) {
+    console.log(JSON.stringify({}));
+    return;
+  }
+  if (hasShivaDir(projectPath)) {
+    const config = getProjectConfig(projectPath);
+    if (!config.autoInjectContext) {
+      console.log(JSON.stringify({}));
+      return;
+    }
+  }
+  try {
+    const context = await generateGitHubContext(projectPath);
+    if (!context || !context.repo) {
+      console.log(JSON.stringify({}));
+      return;
+    }
+    const markdown = formatContextAsMarkdown(context);
+    if (hasShivaDir(projectPath)) {
+      cacheGitHubContext(projectPath, markdown);
+    }
+    console.log(JSON.stringify({
+      hookSpecificOutput: {
+        additionalContext: markdown
+      }
+    }));
+  } catch {
+    console.log(JSON.stringify({}));
+  }
+});
+hookCommand.command("branch-switch").description("Branch-Wechsel behandeln (f\xFCr git hook)").argument("<old-ref>", "Alter Branch/Ref").argument("<new-ref>", "Neuer Branch/Ref").option("--quiet", "Keine Ausgabe").action(async (oldRef, newRef, options) => {
+  if (options.quiet) {
+    return;
+  }
+  const { getCurrentBranch } = await import("./api-OEHQTBH7.js");
+  const { getSessionForBranch, hasShivaDir: hasShivaDir2 } = await import("./config-D6M6LI6U.js");
+  const { findProject, findSessionByBranch, formatRelativeTime } = await import("./manager-ZPQWG7E6.js");
+  const projectPath = process.cwd();
+  const newBranch = getCurrentBranch(projectPath);
+  let sessionInfo = null;
+  if (hasShivaDir2(projectPath)) {
+    const mappedSession = getSessionForBranch(projectPath, newBranch);
+    if (mappedSession) {
+      sessionInfo = {
+        source: "mapping",
+        lastAccessed: mappedSession.lastAccessed
+      };
+    }
+  }
+  if (!sessionInfo) {
+    const project = await findProject(projectPath);
+    if (project) {
+      const indexSession = findSessionByBranch(project, newBranch);
+      if (indexSession) {
+        sessionInfo = {
+          source: "index",
+          lastAccessed: indexSession.modified,
+          messageCount: indexSession.messageCount
+        };
+      }
+    }
+  }
+  if (sessionInfo) {
+    console.log(`
+\u{1F4A1} SHIVA: Session f\xFCr Branch "${newBranch}" gefunden`);
+    if (sessionInfo.lastAccessed) {
+      const relTime = formatRelativeTime(sessionInfo.lastAccessed);
+      console.log(`   Letzte Aktivit\xE4t: ${relTime}`);
+    }
+    if (sessionInfo.messageCount) {
+      console.log(`   Messages: ${sessionInfo.messageCount}`);
+    }
+    console.log(`   Fortsetzen mit: shiva resume
+`);
+  }
+});
+hookCommand.command("scan-command").description("Scanne Bash-Befehle auf Package-Installationen (f\xFCr Hook)").argument("<tool-input>", "JSON Tool Input von Claude Code").action(async (toolInput) => {
+  const config = packageScanner.getConfig();
+  if (!config.enabled) {
+    console.log(JSON.stringify({ hookSpecificOutput: null }));
+    return;
+  }
+  try {
+    let command;
+    try {
+      const parsed = JSON.parse(toolInput);
+      command = parsed.command || toolInput;
+    } catch {
+      command = toolInput;
+    }
+    if (!packageScanner.isInstallCommand(command)) {
+      console.log(JSON.stringify({ hookSpecificOutput: null }));
+      return;
+    }
+    const results = await packageScanner.scanCommand(command);
+    if (!results || results.length === 0) {
+      console.log(JSON.stringify({ hookSpecificOutput: null }));
+      return;
+    }
+    const hookOutput = packageScanner.generateHookOutput(results);
+    console.log(JSON.stringify(hookOutput));
+  } catch (error) {
+    console.log(JSON.stringify({ hookSpecificOutput: null }));
+  }
+});
+hookCommand.command("push").description("Hooks in Cloud sichern").action(async () => {
+  const { api } = await import("./client-GIGZFXT5.js");
+  const { isAuthenticated } = await import("./config-FGMZONWV.js");
+  if (!isAuthenticated()) {
+    log.error("Nicht angemeldet");
+    log.info("Anmelden mit: shiva login");
+    return;
+  }
+  const settings = getClaudeSettings();
+  if (!settings.hooks) {
+    log.warn("Keine lokalen Hooks konfiguriert");
+    return;
+  }
+  try {
+    await api.updateHooks(settings.hooks);
+    log.success("Hooks in Cloud gesichert");
+  } catch (error) {
+    log.error(error instanceof Error ? error.message : "Fehler beim Sichern");
+  }
+});
+hookCommand.command("pull").description("Hooks aus Cloud laden").option("-f, --force", "Lokale Hooks \xFCberschreiben").action(async (options) => {
+  const { api } = await import("./client-GIGZFXT5.js");
+  const { isAuthenticated } = await import("./config-FGMZONWV.js");
+  if (!isAuthenticated()) {
+    log.error("Nicht angemeldet");
+    log.info("Anmelden mit: shiva login");
+    return;
+  }
+  const settings = getClaudeSettings();
+  if (settings.hooks && !options.force) {
+    log.warn("Lokale Hooks existieren bereits");
+    log.info("Mit --force \xFCberschreiben");
+    return;
+  }
+  try {
+    const result = await api.getHooks();
+    if (!result.hooks || Object.keys(result.hooks).length === 0) {
+      log.info("Keine Hooks in Cloud gefunden");
+      return;
+    }
+    settings.hooks = result.hooks;
+    saveClaudeSettings(settings);
+    log.success("Hooks aus Cloud geladen");
+    log.newline();
+    log.info("Aktive Hooks:");
+    for (const [event, hooks] of Object.entries(result.hooks)) {
+      log.tree.item(`${event}: ${Array.isArray(hooks) ? hooks.length : 1} Hook(s)`);
+    }
+  } catch (error) {
+    log.error(error instanceof Error ? error.message : "Fehler beim Laden");
+  }
+});
+hookCommand.command("sync").description("Hooks mit Cloud synchronisieren").action(async () => {
+  const { api } = await import("./client-GIGZFXT5.js");
+  const { isAuthenticated } = await import("./config-FGMZONWV.js");
+  if (!isAuthenticated()) {
+    log.error("Nicht angemeldet");
+    log.info("Anmelden mit: shiva login");
+    return;
+  }
+  const settings = getClaudeSettings();
+  try {
+    if (settings.hooks) {
+      await api.updateHooks(settings.hooks);
+      log.success("Lokale Hooks \u2192 Cloud");
+    }
+    const result = await api.getHooks();
+    if (result.hooks && Object.keys(result.hooks).length > 0) {
+      const merged = { ...result.hooks, ...settings.hooks };
+      settings.hooks = merged;
+      saveClaudeSettings(settings);
+      log.success("Cloud Hooks \u2192 Lokal (merged)");
+    }
+    log.newline();
+    log.success("Hooks synchronisiert");
+  } catch (error) {
+    log.error(error instanceof Error ? error.message : "Fehler beim Synchronisieren");
+  }
+});
+hookCommand.command("cloud-list").description("Cloud-Hooks auflisten").option("--event <type>", "Nach Event-Typ filtern").option("--json", "JSON Output").action(async (options) => {
+  const { api } = await import("./client-GIGZFXT5.js");
+  const { isAuthenticated } = await import("./config-FGMZONWV.js");
+  const { colors } = await import("./logger-E7SC5KUO.js");
+  if (!isAuthenticated()) {
+    log.error("Nicht angemeldet");
+    log.info("Anmelden mit: shiva login");
+    return;
+  }
+  const ora = (await import("ora")).default;
+  const spinner = ora("Lade Cloud-Hooks...").start();
+  try {
+    let hooks;
+    if (options.event) {
+      hooks = await api.getHooksForEvent(options.event);
+    } else {
+      const result = await api.getHooks();
+      hooks = result.hooks || [];
+    }
+    spinner.stop();
+    if (options.json) {
+      console.log(JSON.stringify(hooks, null, 2));
+      return;
+    }
+    log.newline();
+    console.log(colors.orange.bold("Cloud Hooks"));
+    console.log(colors.dim("\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500"));
+    log.newline();
+    if (!hooks || Array.isArray(hooks) && hooks.length === 0) {
+      log.dim("Keine Cloud-Hooks konfiguriert");
+      return;
+    }
+    const hooksArray = Array.isArray(hooks) ? hooks : Object.values(hooks).flat();
+    for (const hook of hooksArray) {
+      const enabledIcon = hook.enabled !== false ? colors.green("\u25CF") : colors.dim("\u25CB");
+      console.log(`  ${enabledIcon} ${colors.bold(hook.id || hook.event)}`);
+      console.log(`    ${colors.dim("Event:")} ${hook.event}`);
+      if (hook.matcher) {
+        console.log(`    ${colors.dim("Matcher:")} ${hook.matcher}`);
+      }
+      console.log(`    ${colors.dim("Type:")} ${hook.type}`);
+      console.log(`    ${colors.dim("Command:")} ${hook.command}`);
+      log.newline();
+    }
+  } catch (error) {
+    spinner.fail("Fehler beim Laden");
+    log.error(error instanceof Error ? error.message : "Unbekannter Fehler");
+  }
+});
+hookCommand.command("cloud-create").description("Neuen Cloud-Hook erstellen").requiredOption("--event <event>", "Event-Typ (PreToolUse, PostToolUse, etc.)").requiredOption("--command <cmd>", "Auszuf\xFChrender Befehl").option("--matcher <pattern>", "Tool-Matcher Pattern").option("--type <type>", "Hook-Typ (command, script)", "command").option("--timeout <ms>", "Timeout in Millisekunden").action(async (options) => {
+  const { api } = await import("./client-GIGZFXT5.js");
+  const { isAuthenticated } = await import("./config-FGMZONWV.js");
+  if (!isAuthenticated()) {
+    log.error("Nicht angemeldet");
+    log.info("Anmelden mit: shiva login");
+    return;
+  }
+  const ora = (await import("ora")).default;
+  const spinner = ora("Erstelle Cloud-Hook...").start();
+  try {
+    const result = await api.createHook({
+      event: options.event,
+      command: options.command,
+      matcher: options.matcher,
+      type: options.type,
+      timeout: options.timeout ? parseInt(options.timeout) : void 0
+    });
+    if (result.success) {
+      spinner.succeed(`Hook erstellt: ${result.hookId}`);
+    } else {
+      spinner.fail(result.message || "Fehler beim Erstellen");
+    }
+  } catch (error) {
+    spinner.fail("Fehler beim Erstellen");
+    log.error(error instanceof Error ? error.message : "Unbekannter Fehler");
+  }
+});
+hookCommand.command("cloud-test").description("Cloud-Hook testen").argument("<hook-id>", "Hook ID").action(async (hookId) => {
+  const { api } = await import("./client-GIGZFXT5.js");
+  const { isAuthenticated } = await import("./config-FGMZONWV.js");
+  const { colors } = await import("./logger-E7SC5KUO.js");
+  if (!isAuthenticated()) {
+    log.error("Nicht angemeldet");
+    log.info("Anmelden mit: shiva login");
+    return;
+  }
+  const ora = (await import("ora")).default;
+  const spinner = ora("Teste Hook...").start();
+  try {
+    const result = await api.testHook(hookId);
+    spinner.stop();
+    log.newline();
+    if (result.success) {
+      log.success(`Hook erfolgreich (${result.duration}ms)`);
+      if (result.output) {
+        log.newline();
+        console.log(colors.dim("Output:"));
+        console.log(result.output);
+      }
+    } else {
+      log.error(`Hook fehlgeschlagen (${result.duration}ms)`);
+      if (result.error) {
+        log.newline();
+        console.log(colors.dim("Error:"));
+        console.log(colors.red(result.error));
+      }
+    }
+  } catch (error) {
+    spinner.fail("Fehler beim Testen");
+    log.error(error instanceof Error ? error.message : "Unbekannter Fehler");
+  }
+});
+hookCommand.command("cloud-delete").description("Cloud-Hook l\xF6schen").argument("<hook-id>", "Hook ID").option("-y, --yes", "Ohne Best\xE4tigung").action(async (hookId, options) => {
+  const { api } = await import("./client-GIGZFXT5.js");
+  const { isAuthenticated } = await import("./config-FGMZONWV.js");
+  if (!isAuthenticated()) {
+    log.error("Nicht angemeldet");
+    log.info("Anmelden mit: shiva login");
+    return;
+  }
+  if (!options.yes) {
+    const inquirer = (await import("inquirer")).default;
+    const { confirm } = await inquirer.prompt([{
+      type: "confirm",
+      name: "confirm",
+      message: `Hook ${hookId} l\xF6schen?`,
+      default: false
+    }]);
+    if (!confirm) {
+      log.dim("Abgebrochen");
+      return;
+    }
+  }
+  const ora = (await import("ora")).default;
+  const spinner = ora("L\xF6sche Hook...").start();
+  try {
+    const result = await api.deleteHook(hookId);
+    if (result.success) {
+      spinner.succeed("Hook gel\xF6scht");
+    } else {
+      spinner.fail(result.message || "Fehler beim L\xF6schen");
+    }
+  } catch (error) {
+    spinner.fail("Fehler beim L\xF6schen");
+    log.error(error instanceof Error ? error.message : "Unbekannter Fehler");
+  }
+});
+hookCommand.command("cloud-toggle").description("Cloud-Hook aktivieren/deaktivieren").argument("<hook-id>", "Hook ID").option("--enable", "Hook aktivieren").option("--disable", "Hook deaktivieren").action(async (hookId, options) => {
+  const { api } = await import("./client-GIGZFXT5.js");
+  const { isAuthenticated } = await import("./config-FGMZONWV.js");
+  if (!isAuthenticated()) {
+    log.error("Nicht angemeldet");
+    log.info("Anmelden mit: shiva login");
+    return;
+  }
+  const enabled = options.enable ? true : options.disable ? false : void 0;
+  if (enabled === void 0) {
+    log.error("Bitte --enable oder --disable angeben");
+    return;
+  }
+  const ora = (await import("ora")).default;
+  const spinner = ora("Aktualisiere Hook...").start();
+  try {
+    const result = await api.updateHook(hookId, { enabled });
+    if (result.success) {
+      spinner.succeed(`Hook ${enabled ? "aktiviert" : "deaktiviert"}`);
+    } else {
+      spinner.fail(result.message || "Fehler beim Aktualisieren");
+    }
+  } catch (error) {
+    spinner.fail("Fehler beim Aktualisieren");
+    log.error(error instanceof Error ? error.message : "Unbekannter Fehler");
+  }
+});
+export {
+  packageScanner,
+  hookCommand
+};