shiva-code 0.7.14 → 0.7.16

package/dist/chunk-4OT4OY7L.js

@@ -1,2068 +0,0 @@
-import {
-  colors,
-  log
-} from "./chunk-UABU5VVI.js";
-import {
-  formatContextAsMarkdown,
-  generateGitHubContext,
-  isGhAuthenticated,
-  isGhInstalled
-} from "./chunk-IVFCZLBX.js";
-import {
-  cacheGitHubContext,
-  getProjectConfig,
-  hasShivaDir
-} from "./chunk-PMA6MGQW.js";
-
-// src/commands/advanced/hook.ts
-import { Command } from "commander";
-import { existsSync, readFileSync, writeFileSync, mkdirSync } from "fs";
-import { homedir } from "os";
-import { join } from "path";
-
-// src/services/security/package-scanner.ts
-import Conf from "conf";
-
-// src/types/package.ts
-var DEFAULT_PACKAGE_SCAN_CONFIG = {
-  enabled: true,
-  autoBlock: false,
-  minDownloads: 100,
-  maxAgeDays: 7,
-  checkTyposquatting: true,
-  checkScripts: true,
-  blocklist: [],
-  allowlist: []
-};
-var POPULAR_NPM_PACKAGES = [
-  // Core utilities
-  "lodash",
-  "underscore",
-  "ramda",
-  "moment",
-  "dayjs",
-  "date-fns",
-  // Web frameworks
-  "express",
-  "koa",
-  "fastify",
-  "hapi",
-  "restify",
-  "nest",
-  "nestjs",
-  // Frontend frameworks
-  "react",
-  "vue",
-  "angular",
-  "svelte",
-  "preact",
-  "solid-js",
-  "next",
-  "nuxt",
-  "gatsby",
-  // HTTP & networking
-  "axios",
-  "node-fetch",
-  "got",
-  "superagent",
-  "request",
-  "undici",
-  // CLI tools
-  "commander",
-  "yargs",
-  "chalk",
-  "inquirer",
-  "ora",
-  "boxen",
-  "figlet",
-  // Build tools
-  "webpack",
-  "rollup",
-  "esbuild",
-  "vite",
-  "parcel",
-  "tsup",
-  "turbo",
-  // Testing
-  "jest",
-  "mocha",
-  "chai",
-  "vitest",
-  "ava",
-  "tap",
-  "cypress",
-  "playwright",
-  "puppeteer",
-  // Linting & formatting
-  "eslint",
-  "prettier",
-  "stylelint",
-  "standardjs",
-  "standard",
-  // TypeScript
-  "typescript",
-  "ts-node",
-  "tsx",
-  // Database
-  "mongoose",
-  "sequelize",
-  "prisma",
-  "knex",
-  "typeorm",
-  "drizzle-orm",
-  "pg",
-  "mysql",
-  "mysql2",
-  "sqlite3",
-  "better-sqlite3",
-  "redis",
-  "ioredis",
-  // Security & auth
-  "jsonwebtoken",
-  "bcrypt",
-  "bcryptjs",
-  "passport",
-  "helmet",
-  "cors",
-  "csurf",
-  // Utilities
-  "uuid",
-  "nanoid",
-  "dotenv",
-  "debug",
-  "winston",
-  "pino",
-  "bunyan",
-  "morgan",
-  // File system
-  "fs-extra",
-  "glob",
-  "globby",
-  "rimraf",
-  "mkdirp",
-  "chokidar",
-  // Validation
-  "joi",
-  "yup",
-  "zod",
-  "ajv",
-  "validator",
-  // Crypto & encoding
-  "crypto-js",
-  "node-forge",
-  "base64-js",
-  // Process & system
-  "cross-env",
-  "execa",
-  "shelljs",
-  "concurrently",
-  "npm-run-all",
-  // Configuration
-  "conf",
-  "config",
-  "dotenv",
-  "cosmiconfig",
-  "rc",
-  // Misc popular
-  "bluebird",
-  "async",
-  "rxjs",
-  "socket.io",
-  "ws",
-  "graphql",
-  "apollo-server",
-  "body-parser",
-  "cookie-parser",
-  "multer",
-  "sharp",
-  "jimp",
-  "pdf-lib",
-  "puppeteer",
-  "cheerio",
-  "jsdom",
-  "marked",
-  "markdown-it",
-  "highlight.js",
-  "prismjs"
-];
-var POPULAR_PIP_PACKAGES = [
-  "requests",
-  "numpy",
-  "pandas",
-  "scipy",
-  "matplotlib",
-  "flask",
-  "django",
-  "fastapi",
-  "uvicorn",
-  "pytest",
-  "click",
-  "pydantic",
-  "sqlalchemy",
-  "celery",
-  "redis",
-  "boto3",
-  "pillow",
-  "opencv-python",
-  "tensorflow",
-  "torch",
-  "transformers",
-  "scikit-learn",
-  "beautifulsoup4",
-  "lxml",
-  "aiohttp",
-  "httpx"
-];
-var POPULAR_CARGO_PACKAGES = [
-  "serde",
-  "tokio",
-  "async-std",
-  "clap",
-  "reqwest",
-  "actix-web",
-  "axum",
-  "rocket",
-  "diesel",
-  "sqlx",
-  "log",
-  "env_logger",
-  "tracing",
-  "anyhow",
-  "thiserror",
-  "rand",
-  "regex",
-  "chrono",
-  "uuid",
-  "serde_json"
-];
-var SUSPICIOUS_SCRIPT_PATTERNS = [
-  /curl\s+.*\|\s*(ba)?sh/i,
-  // curl | bash
-  /wget\s+.*\|\s*(ba)?sh/i,
-  // wget | bash
-  /eval\s*\(/i,
-  // eval()
-  /new\s+Function\s*\(/i,
-  // new Function()
-  /child_process/i,
-  // child_process
-  /\.exe["']?\s*$/i,
-  // .exe execution
-  /powershell/i,
-  // PowerShell
-  /base64\s+-d/i,
-  // Base64 decode
-  /\$\(.*\)/,
-  // Command substitution
-  /nc\s+-e/i,
-  // Netcat reverse shell
-  /python\s+-c/i,
-  // Python one-liner
-  /node\s+-e/i,
-  // Node one-liner
-  /rm\s+-rf/i,
-  // Dangerous removal
-  /\/dev\/tcp/i,
-  // Bash tcp
-  /mkfifo/i
-  // Named pipe (often used in reverse shells)
-];
-var KNOWN_MALICIOUS_PACKAGES = [
-  {
-    package: "event-stream",
-    manager: "npm",
-    reason: "Known supply chain attack (flatmap-stream)",
-    addedAt: "2018-11-26",
-    source: "community"
-  },
-  {
-    package: "flatmap-stream",
-    manager: "npm",
-    reason: "Malicious cryptocurrency stealer",
-    addedAt: "2018-11-26",
-    source: "community"
-  },
-  {
-    package: "ua-parser-js",
-    manager: "npm",
-    reason: "Compromised versions (0.7.29, 0.8.0, 1.0.0)",
-    addedAt: "2021-10-22",
-    source: "community"
-  },
-  {
-    package: "coa",
-    manager: "npm",
-    reason: "Compromised version 2.0.3",
-    addedAt: "2021-11-04",
-    source: "community"
-  },
-  {
-    package: "rc",
-    manager: "npm",
-    reason: "Compromised versions 1.2.9, 1.3.9, 2.3.9",
-    addedAt: "2021-11-04",
-    source: "community"
-  }
-];
-
-// src/services/security/package-scanner.ts
-var CACHE_TTL = 60 * 60 * 1e3;
-var packageInfoCache = /* @__PURE__ */ new Map();
-var configStore = new Conf({
-  projectName: "shiva-code",
-  defaults: {
-    packageSecurity: DEFAULT_PACKAGE_SCAN_CONFIG
-  }
-});
-var PackageScannerService = class {
-  // ─────────────────────────────────────────────────────────────────────────────
-  // Command Parsing
-  // ─────────────────────────────────────────────────────────────────────────────
-  /**
-   * Check if a command is an install command
-   */
-  isInstallCommand(command) {
-    const installPatterns = [
-      /^npm\s+(install|i|add)\b/i,
-      /^yarn\s+(add|install)\b/i,
-      /^pnpm\s+(add|install|i)\b/i,
-      /^pip\s+install\b/i,
-      /^pip3\s+install\b/i,
-      /^cargo\s+(add|install)\b/i,
-      /^go\s+(get|install)\b/i
-    ];
-    return installPatterns.some((pattern) => pattern.test(command.trim()));
-  }
-  /**
-   * Parse an install command to extract package names
-   */
-  parseCommand(command) {
-    const trimmed = command.trim();
-    const npmMatch = trimmed.match(/^(npm|yarn|pnpm)\s+(install|i|add)\s+(.+)$/i);
-    if (npmMatch) {
-      const managerMap = {
-        npm: "npm",
-        yarn: "yarn",
-        pnpm: "pnpm"
-      };
-      const manager = managerMap[npmMatch[1].toLowerCase()];
-      const argsStr = npmMatch[3];
-      const { packages, flags, isDev, isGlobal } = this.parseNpmArgs(argsStr);
-      return { manager, packages, flags, isDev, isGlobal };
-    }
-    const pipMatch = trimmed.match(/^pip3?\s+install\s+(.+)$/i);
-    if (pipMatch) {
-      const { packages, flags } = this.parsePipArgs(pipMatch[1]);
-      return { manager: "pip", packages, flags, isDev: false, isGlobal: false };
-    }
-    const cargoMatch = trimmed.match(/^cargo\s+(add|install)\s+(.+)$/i);
-    if (cargoMatch) {
-      const { packages, flags, isDev } = this.parseCargoArgs(cargoMatch[2]);
-      return { manager: "cargo", packages, flags, isDev, isGlobal: false };
-    }
-    const goMatch = trimmed.match(/^go\s+(get|install)\s+(.+)$/i);
-    if (goMatch) {
-      const { packages, flags } = this.parseGoArgs(goMatch[2]);
-      return { manager: "go", packages, flags, isDev: false, isGlobal: false };
-    }
-    return null;
-  }
-  parseNpmArgs(argsStr) {
-    const parts = argsStr.split(/\s+/);
-    const packages = [];
-    const flags = [];
-    let isDev = false;
-    let isGlobal = false;
-    for (const part of parts) {
-      if (part.startsWith("-")) {
-        flags.push(part);
-        if (part === "-D" || part === "--save-dev" || part === "--dev") {
-          isDev = true;
-        }
-        if (part === "-g" || part === "--global") {
-          isGlobal = true;
-        }
-      } else if (part.length > 0) {
-        const pkgName = part.split("@")[0] || part;
-        if (pkgName.length > 0) {
-          packages.push(pkgName);
-        }
-      }
-    }
-    return { packages, flags, isDev, isGlobal };
-  }
-  parsePipArgs(argsStr) {
-    const parts = argsStr.split(/\s+/);
-    const packages = [];
-    const flags = [];
-    for (let i = 0; i < parts.length; i++) {
-      const part = parts[i];
-      if (part.startsWith("-")) {
-        flags.push(part);
-        if ((part === "-r" || part === "--requirement") && i + 1 < parts.length) {
-          i++;
-        }
-      } else if (part.length > 0) {
-        const pkgName = part.split(/[=<>!~\[]/)[0];
-        if (pkgName.length > 0) {
-          packages.push(pkgName);
-        }
-      }
-    }
-    return { packages, flags };
-  }
-  parseCargoArgs(argsStr) {
-    const parts = argsStr.split(/\s+/);
-    const packages = [];
-    const flags = [];
-    let isDev = false;
-    for (const part of parts) {
-      if (part.startsWith("-")) {
-        flags.push(part);
-        if (part === "--dev" || part === "-D") {
-          isDev = true;
-        }
-      } else if (part.length > 0) {
-        packages.push(part);
-      }
-    }
-    return { packages, flags, isDev };
-  }
-  parseGoArgs(argsStr) {
-    const parts = argsStr.split(/\s+/);
-    const packages = [];
-    const flags = [];
-    for (const part of parts) {
-      if (part.startsWith("-")) {
-        flags.push(part);
-      } else if (part.length > 0) {
-        packages.push(part);
-      }
-    }
-    return { packages, flags };
-  }
-  // ─────────────────────────────────────────────────────────────────────────────
-  // Package Info Fetching
-  // ─────────────────────────────────────────────────────────────────────────────
-  /**
-   * Get npm package info from registry
-   */
-  async getNpmPackageInfo(name) {
-    const cacheKey = `npm:${name}`;
-    const cached = packageInfoCache.get(cacheKey);
-    if (cached && Date.now() - cached.timestamp < CACHE_TTL) {
-      return cached.data;
-    }
-    try {
-      const metaResponse = await fetch(`https://registry.npmjs.org/${encodeURIComponent(name)}`);
-      if (!metaResponse.ok) {
-        if (metaResponse.status === 404) {
-          return null;
-        }
-        throw new Error(`npm registry returned ${metaResponse.status}`);
-      }
-      const meta = await metaResponse.json();
-      const latestVersion = meta["dist-tags"]?.latest;
-      const versionData = latestVersion ? meta.versions?.[latestVersion] : null;
-      let weeklyDownloads = 0;
-      try {
-        const downloadsResponse = await fetch(
-          `https://api.npmjs.org/downloads/point/last-week/${encodeURIComponent(name)}`
-        );
-        if (downloadsResponse.ok) {
-          const downloads = await downloadsResponse.json();
-          weeklyDownloads = downloads.downloads || 0;
-        }
-      } catch {
-      }
-      const info = {
-        name: meta.name || name,
-        version: latestVersion || "0.0.0",
-        description: meta.description,
-        weeklyDownloads,
-        publishedAt: (latestVersion ? meta.time?.[latestVersion] : void 0) || meta.time?.created || (/* @__PURE__ */ new Date()).toISOString(),
-        maintainers: meta.maintainers?.map((m) => m.name) || [],
-        repository: versionData?.repository?.url || meta.repository?.url,
-        homepage: versionData?.homepage || meta.homepage,
-        scripts: versionData?.scripts,
-        dependencies: versionData?.dependencies,
-        devDependencies: versionData?.devDependencies
-      };
-      packageInfoCache.set(cacheKey, { data: info, timestamp: Date.now() });
-      return info;
-    } catch {
-      return null;
-    }
-  }
-  /**
-   * Get PyPI package info from registry
-   */
-  async getPyPIPackageInfo(name) {
-    const cacheKey = `pip:${name}`;
-    const cached = packageInfoCache.get(cacheKey);
-    if (cached && Date.now() - cached.timestamp < CACHE_TTL) {
-      return cached.data;
-    }
-    try {
-      const response = await fetch(`https://pypi.org/pypi/${encodeURIComponent(name)}/json`);
-      if (!response.ok) {
-        if (response.status === 404) {
-          return null;
-        }
-        throw new Error(`PyPI returned ${response.status}`);
-      }
-      const data = await response.json();
-      const releaseInfo = data.info;
-      const info = {
-        name: releaseInfo.name,
-        version: releaseInfo.version,
-        summary: releaseInfo.summary,
-        downloads: 0,
-        // PyPI doesn't expose download counts directly
-        releaseDate: data.urls?.[0]?.upload_time || (/* @__PURE__ */ new Date()).toISOString(),
-        author: releaseInfo.author,
-        homePage: releaseInfo.home_page || releaseInfo.project_url,
-        license: releaseInfo.license
-      };
-      packageInfoCache.set(cacheKey, { data: info, timestamp: Date.now() });
-      return info;
-    } catch {
-      return null;
-    }
-  }
-  /**
-   * Get Cargo package info from crates.io
-   */
-  async getCargoPackageInfo(name) {
-    const cacheKey = `cargo:${name}`;
-    const cached = packageInfoCache.get(cacheKey);
-    if (cached && Date.now() - cached.timestamp < CACHE_TTL) {
-      return cached.data;
-    }
-    try {
-      const response = await fetch(`https://crates.io/api/v1/crates/${encodeURIComponent(name)}`, {
-        headers: {
-          "User-Agent": "shiva-cli (https://shiva.li)"
-        }
-      });
-      if (!response.ok) {
-        if (response.status === 404) {
-          return null;
-        }
-        throw new Error(`crates.io returned ${response.status}`);
-      }
-      const data = await response.json();
-      const crateInfo = data.crate;
-      const latestVersion = data.versions?.[0];
-      const info = {
-        name: crateInfo.name,
-        version: latestVersion?.num || "0.0.0",
-        description: crateInfo.description,
-        downloads: crateInfo.downloads || 0,
-        repository: crateInfo.repository,
-        homepage: crateInfo.homepage,
-        createdAt: latestVersion?.created_at || crateInfo.created_at || (/* @__PURE__ */ new Date()).toISOString()
-      };
-      packageInfoCache.set(cacheKey, { data: info, timestamp: Date.now() });
-      return info;
-    } catch {
-      return null;
-    }
-  }
-  // ─────────────────────────────────────────────────────────────────────────────
-  // Individual Checks
-  // ─────────────────────────────────────────────────────────────────────────────
-  /**
-   * Check download count
-   */
-  checkDownloadCount(weeklyDownloads, manager) {
-    const config = this.getConfig();
-    const minDownloads = config.minDownloads;
-    if (weeklyDownloads < 10) {
-      return {
-        name: "Downloads",
-        status: "fail",
-        message: `${weeklyDownloads}/week (critical - nearly no usage)`,
-        severity: "critical"
-      };
-    }
-    if (weeklyDownloads < minDownloads) {
-      return {
-        name: "Downloads",
-        status: "fail",
-        message: `${weeklyDownloads.toLocaleString()}/week (< ${minDownloads})`,
-        severity: "high"
-      };
-    }
-    if (weeklyDownloads < minDownloads * 10) {
-      return {
-        name: "Downloads",
-        status: "warn",
-        message: `${weeklyDownloads.toLocaleString()}/week (low)`,
-        severity: "medium"
-      };
-    }
-    return {
-      name: "Downloads",
-      status: "pass",
-      message: `${weeklyDownloads.toLocaleString()}/week`,
-      severity: "info"
-    };
-  }
-  /**
-   * Check package age
-   */
-  checkPublishAge(publishedAt) {
-    const config = this.getConfig();
-    const publishDate = new Date(publishedAt);
-    const now = /* @__PURE__ */ new Date();
-    const ageInDays = Math.floor((now.getTime() - publishDate.getTime()) / (1e3 * 60 * 60 * 24));
-    if (ageInDays < 1) {
-      return {
-        name: "Age",
-        status: "fail",
-        message: `Published today (critical)`,
-        severity: "critical"
-      };
-    }
-    if (ageInDays < config.maxAgeDays) {
-      return {
-        name: "Age",
-        status: "fail",
-        message: `${ageInDays} days old (< ${config.maxAgeDays} days)`,
-        severity: "high"
-      };
-    }
-    if (ageInDays < 30) {
-      return {
-        name: "Age",
-        status: "warn",
-        message: `${ageInDays} days old (relatively new)`,
-        severity: "medium"
-      };
-    }
-    const years = Math.floor(ageInDays / 365);
-    const months = Math.floor(ageInDays % 365 / 30);
-    let ageStr;
-    if (years > 0) {
-      ageStr = `${years} year${years > 1 ? "s" : ""}`;
-    } else if (months > 0) {
-      ageStr = `${months} month${months > 1 ? "s" : ""}`;
-    } else {
-      ageStr = `${ageInDays} days`;
-    }
-    return {
-      name: "Age",
-      status: "pass",
-      message: ageStr,
-      severity: "info"
-    };
-  }
-  /**
-   * Check for typosquatting
-   */
-  checkTyposquatting(name, manager) {
-    const config = this.getConfig();
-    if (!config.checkTyposquatting) {
-      return {
-        name: "Typosquatting",
-        status: "pass",
-        message: "Check disabled",
-        severity: "info"
-      };
-    }
-    const similarPackages = this.findSimilarPopularPackages(name, manager);
-    if (similarPackages.length > 0) {
-      return {
-        name: "Typosquatting",
-        status: "fail",
-        message: `Similar to "${similarPackages[0]}"`,
-        severity: "critical"
-      };
-    }
-    return {
-      name: "Typosquatting",
-      status: "pass",
-      message: "No similar popular packages",
-      severity: "info"
-    };
-  }
-  /**
-   * Check install scripts for suspicious patterns
-   */
-  checkScripts(scripts) {
-    const config = this.getConfig();
-    if (!config.checkScripts || !scripts) {
-      return {
-        name: "Scripts",
-        status: "pass",
-        message: scripts ? "Check disabled" : "No install scripts",
-        severity: "info"
-      };
-    }
-    const suspiciousScripts = [];
-    for (const [scriptName, scriptContent] of Object.entries(scripts)) {
-      if (!scriptContent) continue;
-      for (const pattern of SUSPICIOUS_SCRIPT_PATTERNS) {
-        if (pattern.test(scriptContent)) {
-          suspiciousScripts.push(scriptName);
-          break;
-        }
-      }
-    }
-    if (suspiciousScripts.length > 0) {
-      return {
-        name: "Scripts",
-        status: "fail",
-        message: `Suspicious ${suspiciousScripts.join(", ")} script`,
-        severity: "critical"
-      };
-    }
-    const hasInstallScripts = scripts.preinstall || scripts.install || scripts.postinstall;
-    if (hasInstallScripts) {
-      return {
-        name: "Scripts",
-        status: "warn",
-        message: "Has install scripts (review recommended)",
-        severity: "low"
-      };
-    }
-    return {
-      name: "Scripts",
-      status: "pass",
-      message: "No suspicious scripts",
-      severity: "info"
-    };
-  }
-  /**
-   * Check repository presence
-   */
-  checkRepository(repository) {
-    if (!repository) {
-      return {
-        name: "Repository",
-        status: "warn",
-        message: "No repository linked",
-        severity: "medium"
-      };
-    }
-    const isKnownHost = repository.includes("github.com") || repository.includes("gitlab.com") || repository.includes("bitbucket.org");
-    if (isKnownHost) {
-      return {
-        name: "Repository",
-        status: "pass",
-        message: repository.replace(/^git\+/, "").replace(/\.git$/, ""),
-        severity: "info"
-      };
-    }
-    return {
-      name: "Repository",
-      status: "warn",
-      message: "Unknown repository host",
-      severity: "low"
-    };
-  }
-  /**
-   * Check maintainer count
-   */
-  checkMaintainers(maintainers) {
-    if (maintainers.length === 0) {
-      return {
-        name: "Maintainers",
-        status: "warn",
-        message: "No maintainers listed",
-        severity: "medium"
-      };
-    }
-    if (maintainers.length === 1) {
-      return {
-        name: "Maintainers",
-        status: "pass",
-        message: `1 (${maintainers[0]})`,
-        severity: "info"
-      };
-    }
-    return {
-      name: "Maintainers",
-      status: "pass",
-      message: `${maintainers.length}`,
-      severity: "info"
-    };
-  }
-  /**
-   * Check blocklist
-   */
-  checkBlocklist(name, manager) {
-    const config = this.getConfig();
-    const blocked = config.blocklist.find((entry) => entry.package === name && entry.manager === manager);
-    if (blocked) {
-      return {
-        name: "Blocklist",
-        status: "fail",
-        message: blocked.reason,
-        severity: "critical"
-      };
-    }
-    const malicious = KNOWN_MALICIOUS_PACKAGES.find(
-      (entry) => entry.package === name && entry.manager === manager
-    );
-    if (malicious) {
-      return {
-        name: "Blocklist",
-        status: "fail",
-        message: malicious.reason,
-        severity: "critical"
-      };
-    }
-    return {
-      name: "Blocklist",
-      status: "pass",
-      message: "Not blocklisted",
-      severity: "info"
-    };
-  }
-  /**
-   * Check allowlist
-   */
-  isAllowlisted(name) {
-    const config = this.getConfig();
-    return config.allowlist.includes(name);
-  }
-  // ─────────────────────────────────────────────────────────────────────────────
-  // Typosquatting Detection
-  // ─────────────────────────────────────────────────────────────────────────────
-  /**
-   * Calculate Levenshtein distance between two strings
-   */
-  getLevenshteinDistance(a, b) {
-    const matrix = [];
-    for (let i = 0; i <= b.length; i++) {
-      matrix[i] = [i];
-    }
-    for (let j = 0; j <= a.length; j++) {
-      matrix[0][j] = j;
-    }
-    for (let i = 1; i <= b.length; i++) {
-      for (let j = 1; j <= a.length; j++) {
-        if (b.charAt(i - 1) === a.charAt(j - 1)) {
-          matrix[i][j] = matrix[i - 1][j - 1];
-        } else {
-          matrix[i][j] = Math.min(
-            matrix[i - 1][j - 1] + 1,
-            // substitution
-            matrix[i][j - 1] + 1,
-            // insertion
-            matrix[i - 1][j] + 1
-            // deletion
-          );
-        }
-      }
-    }
-    return matrix[b.length][a.length];
-  }
-  /**
-   * Find similar popular packages (potential typosquatting)
-   */
-  findSimilarPopularPackages(name, manager) {
-    let popularPackages;
-    switch (manager) {
-      case "npm":
-      case "yarn":
-      case "pnpm":
-        popularPackages = POPULAR_NPM_PACKAGES;
-        break;
-      case "pip":
-        popularPackages = POPULAR_PIP_PACKAGES;
-        break;
-      case "cargo":
-        popularPackages = POPULAR_CARGO_PACKAGES;
-        break;
-      default:
-        return [];
-    }
-    const normalizedName = name.toLowerCase();
-    const similar = [];
-    for (const pkg of popularPackages) {
-      if (pkg === normalizedName) {
-        continue;
-      }
-      const distance = this.getLevenshteinDistance(normalizedName, pkg);
-      const maxAllowedDistance = Math.min(2, Math.floor(pkg.length / 4));
-      const isCommonTypo = normalizedName.replace(/-/g, "") === pkg.replace(/-/g, "") || normalizedName.replace(/_/g, "") === pkg.replace(/_/g, "") || normalizedName.replace(/js$/, "") === pkg || normalizedName.replace(/-js$/, "") === pkg || `${normalizedName}js` === pkg || `${normalizedName}-js` === pkg;
-      if (distance <= maxAllowedDistance || isCommonTypo) {
-        similar.push(pkg);
-      }
-    }
-    return similar;
-  }
-  // ─────────────────────────────────────────────────────────────────────────────
-  // Risk Calculation
-  // ─────────────────────────────────────────────────────────────────────────────
-  /**
-   * Calculate overall risk score from checks
-   */
-  calculateRiskScore(checks) {
-    let penalty = 0;
-    for (const check of checks) {
-      if (check.status === "fail") {
-        switch (check.severity) {
-          case "critical":
-            penalty += 40;
-            break;
-          case "high":
-            penalty += 25;
-            break;
-          case "medium":
-            penalty += 15;
-            break;
-          case "low":
-            penalty += 5;
-            break;
-        }
-      } else if (check.status === "warn") {
-        switch (check.severity) {
-          case "critical":
-            penalty += 20;
-            break;
-          case "high":
-            penalty += 12;
-            break;
-          case "medium":
-            penalty += 8;
-            break;
-          case "low":
-            penalty += 3;
-            break;
-        }
-      }
-    }
-    return Math.max(0, 100 - penalty);
-  }
-  /**
-   * Determine recommendation based on score and checks
-   */
-  determineRecommendation(score, checks) {
-    const hasCriticalFail = checks.some((c) => c.status === "fail" && c.severity === "critical");
-    if (hasCriticalFail || score < 30) {
-      return "block";
-    }
-    if (score < 60) {
-      return "warn";
-    }
-    return "allow";
-  }
-  /**
-   * Determine risk level from score
-   */
-  getRiskLevel(score) {
-    if (score < 30) return "critical";
-    if (score < 50) return "high";
-    if (score < 70) return "medium";
-    return "low";
-  }
-  // ─────────────────────────────────────────────────────────────────────────────
-  // Core Scanning
-  // ─────────────────────────────────────────────────────────────────────────────
-  /**
-   * Scan a single package
-   */
-  async scanPackage(name, manager) {
-    if (this.isAllowlisted(name)) {
-      return {
-        package: name,
-        manager,
-        risk: "low",
-        score: 100,
-        checks: [
-          {
-            name: "Allowlist",
-            status: "pass",
-            message: "Package is allowlisted",
-            severity: "info"
-          }
-        ],
-        recommendation: "allow"
-      };
-    }
-    const checks = [];
-    let suggestion;
-    const blocklistCheck = this.checkBlocklist(name, manager);
-    checks.push(blocklistCheck);
-    if (blocklistCheck.status === "fail") {
-      return {
-        package: name,
-        manager,
-        risk: "critical",
-        score: 0,
-        checks,
-        recommendation: "block"
-      };
-    }
-    if (manager === "npm" || manager === "yarn" || manager === "pnpm") {
-      const info = await this.getNpmPackageInfo(name);
-      if (!info) {
-        checks.push({
-          name: "Registry",
-          status: "fail",
-          message: "Package not found in npm registry",
-          severity: "critical"
-        });
-        const typosquatCheck2 = this.checkTyposquatting(name, manager);
-        checks.push(typosquatCheck2);
-        if (typosquatCheck2.status === "fail") {
-          const similar = this.findSimilarPopularPackages(name, manager);
-          if (similar.length > 0) {
-            suggestion = similar[0];
-          }
-        }
-        return {
-          package: name,
-          manager,
-          risk: "critical",
-          score: 0,
-          checks,
-          recommendation: "block",
-          suggestion
-        };
-      }
-      checks.push(this.checkDownloadCount(info.weeklyDownloads, manager));
-      checks.push(this.checkPublishAge(info.publishedAt));
-      checks.push(this.checkTyposquatting(name, manager));
-      checks.push(this.checkScripts(info.scripts));
-      checks.push(this.checkRepository(info.repository));
-      checks.push(this.checkMaintainers(info.maintainers));
-      const typosquatCheck = checks.find((c) => c.name === "Typosquatting");
-      if (typosquatCheck?.status === "fail") {
-        const similar = this.findSimilarPopularPackages(name, manager);
-        if (similar.length > 0) {
-          suggestion = similar[0];
-        }
-      }
-    } else if (manager === "pip") {
-      const info = await this.getPyPIPackageInfo(name);
-      if (!info) {
-        checks.push({
-          name: "Registry",
-          status: "fail",
-          message: "Package not found in PyPI",
-          severity: "critical"
-        });
-        const typosquatCheck = this.checkTyposquatting(name, manager);
-        checks.push(typosquatCheck);
-        if (typosquatCheck.status === "fail") {
-          const similar = this.findSimilarPopularPackages(name, manager);
-          if (similar.length > 0) {
-            suggestion = similar[0];
-          }
-        }
-        return {
-          package: name,
-          manager,
-          risk: "critical",
-          score: 0,
-          checks,
-          recommendation: "block",
-          suggestion
-        };
-      }
-      checks.push(this.checkPublishAge(info.releaseDate));
-      checks.push(this.checkTyposquatting(name, manager));
-      checks.push({
-        name: "Repository",
-        status: info.homePage ? "pass" : "warn",
-        message: info.homePage || "No homepage linked",
-        severity: info.homePage ? "info" : "medium"
-      });
-    } else if (manager === "cargo") {
-      const info = await this.getCargoPackageInfo(name);
-      if (!info) {
-        checks.push({
-          name: "Registry",
-          status: "fail",
-          message: "Package not found in crates.io",
-          severity: "critical"
-        });
-        const typosquatCheck = this.checkTyposquatting(name, manager);
-        checks.push(typosquatCheck);
-        return {
-          package: name,
-          manager,
-          risk: "critical",
-          score: 0,
-          checks,
-          recommendation: "block"
-        };
-      }
-      checks.push(this.checkDownloadCount(info.downloads, manager));
-      checks.push(this.checkPublishAge(info.createdAt));
-      checks.push(this.checkTyposquatting(name, manager));
-      checks.push(this.checkRepository(info.repository));
-    }
-    const score = this.calculateRiskScore(checks);
-    const recommendation = this.determineRecommendation(score, checks);
-    const risk = this.getRiskLevel(score);
-    return {
-      package: name,
-      manager,
-      risk,
-      score,
-      checks,
-      recommendation,
-      suggestion
-    };
-  }
-  /**
-   * Scan multiple packages
-   */
-  async scanPackages(packages, manager) {
-    const results = await Promise.all(packages.map((pkg) => this.scanPackage(pkg, manager)));
-    return results;
-  }
-  /**
-   * Scan a command (for hook integration)
-   */
-  async scanCommand(command) {
-    if (!this.isInstallCommand(command)) {
-      return null;
-    }
-    const parsed = this.parseCommand(command);
-    if (!parsed || parsed.packages.length === 0) {
-      return null;
-    }
-    return this.scanPackages(parsed.packages, parsed.manager);
-  }
-  // ─────────────────────────────────────────────────────────────────────────────
-  // Hook Integration
-  // ─────────────────────────────────────────────────────────────────────────────
-  /**
-   * Generate hook output for Claude Code
-   */
-  generateHookOutput(results) {
-    const config = this.getConfig();
-    const blockedPackages = results.filter((r) => r.recommendation === "block");
-    const warnPackages = results.filter((r) => r.recommendation === "warn");
-    if (blockedPackages.length > 0) {
-      const pkg = blockedPackages[0];
-      let reason = `Package '${pkg.package}' blocked:`;
-      const criticalChecks = pkg.checks.filter((c) => c.status === "fail" && c.severity === "critical");
-      if (criticalChecks.length > 0) {
-        reason += ` ${criticalChecks.map((c) => c.message).join(", ")}`;
-      } else {
-        reason += ` Risk score ${pkg.score}/100`;
-      }
-      if (pkg.suggestion) {
-        reason += `
-
-Did you mean: ${pkg.suggestion}?`;
-      }
-      if (config.autoBlock) {
-        return {
-          decision: "block",
-          reason
-        };
-      }
-      return {
-        hookSpecificOutput: {
-          additionalContext: `\u{1F6E1}\uFE0F SHIVA Security Warning:
-
-${reason}
-
-Review the package before proceeding.`
-        }
-      };
-    }
-    if (warnPackages.length > 0) {
-      const warnings = warnPackages.map((pkg) => {
-        const issues = pkg.checks.filter((c) => c.status === "warn" || c.status === "fail").map((c) => c.message);
-        return `${pkg.package}: ${issues.join(", ")}`;
-      }).join("\n");
-      return {
-        hookSpecificOutput: {
-          additionalContext: `\u26A0\uFE0F SHIVA Security Notice:
-
-${warnings}
-
-Continue with caution.`
-        }
-      };
-    }
-    return { hookSpecificOutput: null };
-  }
-  // ─────────────────────────────────────────────────────────────────────────────
-  // Blocklist/Allowlist Management
-  // ─────────────────────────────────────────────────────────────────────────────
-  /**
-   * Add a package to the blocklist
-   */
-  addToBlocklist(entry) {
-    const config = this.getConfig();
-    const existing = config.blocklist.find(
-      (e) => e.package === entry.package && e.manager === entry.manager
-    );
-    if (existing) {
-      existing.reason = entry.reason;
-      existing.source = entry.source;
-    } else {
-      config.blocklist.push({
-        ...entry,
-        addedAt: (/* @__PURE__ */ new Date()).toISOString()
-      });
-    }
-    this.updateConfig(config);
-  }
-  /**
-   * Remove a package from the blocklist
-   */
-  removeFromBlocklist(packageName, manager) {
-    const config = this.getConfig();
-    const index = config.blocklist.findIndex(
-      (e) => e.package === packageName && e.manager === manager
-    );
-    if (index === -1) {
-      return false;
-    }
-    config.blocklist.splice(index, 1);
-    this.updateConfig(config);
-    return true;
-  }
-  /**
-   * Check if a package is blocked
-   */
-  isBlocked(name, manager) {
-    const config = this.getConfig();
-    return config.blocklist.some((e) => e.package === name && e.manager === manager) || KNOWN_MALICIOUS_PACKAGES.some((e) => e.package === name && e.manager === manager);
-  }
-  /**
-   * Add a package to the allowlist
-   */
-  addToAllowlist(packageName) {
-    const config = this.getConfig();
-    if (!config.allowlist.includes(packageName)) {
-      config.allowlist.push(packageName);
-      this.updateConfig(config);
-    }
-  }
-  /**
-   * Remove a package from the allowlist
-   */
-  removeFromAllowlist(packageName) {
-    const config = this.getConfig();
-    const index = config.allowlist.indexOf(packageName);
-    if (index === -1) {
-      return false;
-    }
-    config.allowlist.splice(index, 1);
-    this.updateConfig(config);
-    return true;
-  }
-  // ─────────────────────────────────────────────────────────────────────────────
-  // Configuration
-  // ─────────────────────────────────────────────────────────────────────────────
-  /**
-   * Get current configuration
-   */
-  getConfig() {
-    return configStore.get("packageSecurity");
-  }
-  /**
-   * Update configuration
-   */
-  updateConfig(config) {
-    const current = this.getConfig();
-    configStore.set("packageSecurity", { ...current, ...config });
-  }
-  /**
-   * Reset configuration to defaults
-   */
-  resetConfig() {
-    configStore.set("packageSecurity", DEFAULT_PACKAGE_SCAN_CONFIG);
-  }
-  /**
-   * Clear package info cache
-   */
-  clearCache() {
-    packageInfoCache.clear();
-  }
-};
-var packageScanner = new PackageScannerService();
-
-// src/commands/advanced/hook.ts
-var CLAUDE_SETTINGS_PATH = join(homedir(), ".claude", "settings.json");
-function getClaudeSettings() {
-  if (!existsSync(CLAUDE_SETTINGS_PATH)) {
-    return {};
-  }
-  try {
-    const content = readFileSync(CLAUDE_SETTINGS_PATH, "utf-8");
-    return JSON.parse(content);
-  } catch {
-    return {};
-  }
-}
-function saveClaudeSettings(settings) {
-  const dir = join(homedir(), ".claude");
-  if (!existsSync(dir)) {
-    mkdirSync(dir, { recursive: true });
-  }
-  writeFileSync(CLAUDE_SETTINGS_PATH, JSON.stringify(settings, null, 2));
-}
-function hasShivaHook(hooks, event) {
-  if (!hooks || !hooks[event]) return false;
-  const eventHooks = hooks[event];
-  return eventHooks.some(
-    (entry) => entry.hooks?.some((h) => h.command?.includes("shiva"))
-  );
-}
-function removeShivaHooks(eventHooks) {
-  return eventHooks.filter(
-    (entry) => !entry.hooks?.some((h) => h.command?.includes("shiva"))
-  );
-}
-var hookCommand = new Command("hook").description("Claude Code Hook Integration verwalten");
-hookCommand.command("install").description("SHIVA Hooks in Claude Code installieren").option("--github", "GitHub Context Injection aktivieren").option("--sync", "Cloud Sync Hooks aktivieren (Standard)").option("--scan", "Package Security Scanning aktivieren").option("--token-protection", "Token-Schutz aktivieren (erkennt & sch\xFCtzt Secrets)").option("--all", "Alle Hooks aktivieren").action((options) => {
-  log.brand();
-  const claudePath = join(homedir(), ".claude");
-  if (!existsSync(claudePath)) {
-    log.error("Claude Code nicht gefunden");
-    log.newline();
-    log.info("Installiere Claude Code:");
-    log.plain("  npm install -g @anthropic-ai/claude-code");
-    log.newline();
-    log.dim("Oder: https://claude.ai/code");
-    return;
-  }
-  const settings = getClaudeSettings();
-  if (!settings.hooks) {
-    settings.hooks = {};
-  }
-  const installSync = options.sync || options.all || !options.github && !options.scan && !options.tokenProtection;
-  const installGithub = options.github || options.all;
-  const installScan = options.scan || options.all;
-  const installTokenProtection = options.tokenProtection || options.all;
-  const hasSyncHooks = hasShivaHook(settings.hooks, "SessionStart") || hasShivaHook(settings.hooks, "Stop");
-  const hasGithubHook = hasShivaContextHook(settings.hooks);
-  const hasScanHook = hasShivaScanHook(settings.hooks);
-  const hasTokenHook = hasShivaTokenHook(settings.hooks);
-  if (hasSyncHooks && installSync && !installGithub && !installScan) {
-    log.warn("SHIVA Sync Hooks sind bereits installiert");
-    log.newline();
-    log.info("GitHub Context Injection hinzuf\xFCgen:");
-    log.plain("  shiva hook install --github");
-    log.newline();
-    log.info("Package Scanning hinzuf\xFCgen:");
-    log.plain("  shiva hook install --scan");
-    log.newline();
-    log.info("Oder neu installieren:");
-    log.plain("  shiva hook uninstall && shiva hook install --all");
-    return;
-  }
-  let installedSomething = false;
-  if (installSync && !hasSyncHooks) {
-    if (!settings.hooks.SessionStart) {
-      settings.hooks.SessionStart = [];
-    }
-    settings.hooks.SessionStart.push({
-      hooks: [
-        {
-          type: "command",
-          command: "shiva sync --pull --quiet",
-          timeout: 30
-        }
-      ]
-    });
-    if (!settings.hooks.Stop) {
-      settings.hooks.Stop = [];
-    }
-    settings.hooks.Stop.push({
-      hooks: [
-        {
-          type: "command",
-          command: "shiva sync --push --quiet",
-          timeout: 30
-        }
-      ]
-    });
-    installedSomething = true;
-  }
-  if (installGithub && !hasGithubHook) {
-    if (!settings.hooks.SessionStart) {
-      settings.hooks.SessionStart = [];
-    }
-    settings.hooks.SessionStart.push({
-      hooks: [
-        {
-          type: "command",
-          command: "shiva hook inject-context",
-          timeout: 15
-        }
-      ]
-    });
-    installedSomething = true;
-  }
-  if (installScan && !hasScanHook) {
-    if (!settings.hooks.PreToolUse) {
-      settings.hooks.PreToolUse = [];
-    }
-    settings.hooks.PreToolUse.push({
-      matcher: "Bash",
-      hooks: [
-        {
-          type: "command",
-          command: 'shiva hook scan-command "$TOOL_INPUT"',
-          timeout: 30
-        }
-      ]
-    });
-    installedSomething = true;
-  }
-  if (installTokenProtection && !hasTokenHook) {
-    if (!settings.hooks.Stop) {
-      settings.hooks.Stop = [];
-    }
-    settings.hooks.Stop.push({
-      hooks: [
-        {
-          type: "command",
-          command: "shiva hook scan-session --quiet",
-          timeout: 30
-        }
-      ]
-    });
-    installedSomething = true;
-  }
-  if (!installedSomething) {
-    log.warn("Alle ausgew\xE4hlten Hooks sind bereits installiert");
-    log.newline();
-    log.info("Status anzeigen: shiva hook status");
-    return;
-  }
-  saveClaudeSettings(settings);
-  log.success("SHIVA Hooks installiert!");
-  log.newline();
-  log.header("Aktive Hooks");
-  if (installSync || hasSyncHooks) {
-    log.tree.item("SessionStart: Memories laden (Cloud Sync)");
-    log.tree.item("Stop: Memories speichern (Cloud Sync)");
-  }
-  if (installGithub || hasGithubHook) {
-    log.tree.item("SessionStart: GitHub Context injizieren");
-  }
-  if (installScan || hasScanHook) {
-    log.tree.item("PreToolUse: Package Security Scanning");
-  }
-  if (installTokenProtection || hasTokenHook) {
-    log.tree.item("Stop: Token-Schutz (Secrets erkennen & sch\xFCtzen)");
-  }
-  log.newline();
-  log.dim("Claude Code wird nun automatisch mit SHIVA integriert.");
-  log.newline();
-  log.info("Starte Claude Code wie gewohnt:");
-  log.plain("  claude");
-});
-function hasShivaContextHook(hooks) {
-  if (!hooks || !hooks.SessionStart) return false;
-  const eventHooks = hooks.SessionStart;
-  return eventHooks.some(
-    (entry) => entry.hooks?.some((h) => h.command?.includes("inject-context"))
-  );
-}
-function hasShivaScanHook(hooks) {
-  if (!hooks || !hooks.PreToolUse) return false;
-  const eventHooks = hooks.PreToolUse;
-  return eventHooks.some(
-    (entry) => entry.matcher === "Bash" && entry.hooks?.some((h) => h.command?.includes("shiva hook scan-command"))
-  );
-}
-function hasShivaTokenHook(hooks) {
-  if (!hooks || !hooks.Stop) return false;
-  const eventHooks = hooks.Stop;
-  return eventHooks.some(
-    (entry) => entry.hooks?.some((h) => h.command?.includes("shiva hook scan-session"))
-  );
-}
-hookCommand.command("uninstall").description("SHIVA Hooks aus Claude Code entfernen").action(() => {
-  log.brand();
-  const settings = getClaudeSettings();
-  if (!settings.hooks) {
-    log.info("Keine Hooks installiert");
-    return;
-  }
-  let removed = false;
-  if (settings.hooks.SessionStart) {
-    const before = settings.hooks.SessionStart.length;
-    settings.hooks.SessionStart = removeShivaHooks(settings.hooks.SessionStart);
-    if (settings.hooks.SessionStart.length < before) removed = true;
-    if (settings.hooks.SessionStart.length === 0) delete settings.hooks.SessionStart;
-  }
-  if (settings.hooks.Stop) {
-    const before = settings.hooks.Stop.length;
-    settings.hooks.Stop = removeShivaHooks(settings.hooks.Stop);
-    if (settings.hooks.Stop.length < before) removed = true;
-    if (settings.hooks.Stop.length === 0) delete settings.hooks.Stop;
-  }
-  if (settings.hooks.PreToolUse) {
-    const before = settings.hooks.PreToolUse.length;
-    settings.hooks.PreToolUse = removeShivaHooks(settings.hooks.PreToolUse);
-    if (settings.hooks.PreToolUse.length < before) removed = true;
-    if (settings.hooks.PreToolUse.length === 0) delete settings.hooks.PreToolUse;
-  }
-  if (Object.keys(settings.hooks).length === 0) {
-    delete settings.hooks;
-  }
-  saveClaudeSettings(settings);
-  if (removed) {
-    log.success("SHIVA Hooks entfernt");
-  } else {
-    log.info("Keine SHIVA Hooks gefunden");
-  }
-});
-hookCommand.command("status").description("Hook-Status anzeigen").action(() => {
-  log.brand();
-  log.header("Hook Status");
-  log.newline();
-  const settings = getClaudeSettings();
-  if (!settings.hooks) {
-    log.listItem("Keine Hooks installiert", "pending");
-    log.newline();
-    log.info("Installieren mit: shiva hook install");
-    return;
-  }
-  const hasSessionStart = hasShivaHook(settings.hooks, "SessionStart");
-  const hasStop = hasShivaHook(settings.hooks, "Stop");
-  const hasGithub = hasShivaContextHook(settings.hooks);
-  const hasScan = hasShivaScanHook(settings.hooks);
-  const hasToken = hasShivaTokenHook(settings.hooks);
-  log.plain("Cloud Sync:");
-  if (hasSessionStart) {
-    log.listItem("SessionStart: Memories laden", "synced");
-  } else {
-    log.listItem("SessionStart: nicht aktiv", "pending");
-  }
-  if (hasStop) {
-    log.listItem("Stop: Memories speichern", "synced");
-  } else {
-    log.listItem("Stop: nicht aktiv", "pending");
-  }
-  log.newline();
-  log.plain("GitHub Integration:");
-  if (hasGithub) {
-    log.listItem("SessionStart: GitHub Context injizieren", "synced");
-  } else {
-    log.listItem("GitHub Context: nicht aktiv", "pending");
-  }
-  log.newline();
-  log.plain("Security:");
-  if (hasScan) {
-    log.listItem("PreToolUse: Package Security Scanning", "synced");
-  } else {
-    log.listItem("Package Scanning: nicht aktiv", "pending");
-  }
-  if (hasToken) {
-    log.listItem("Stop: Token-Schutz (Secrets erkennen)", "synced");
-  } else {
-    log.listItem("Token-Schutz: nicht aktiv", "pending");
-  }
-  log.newline();
-  const allInstalled = hasSessionStart && hasStop && hasGithub && hasScan && hasToken;
-  const syncInstalled = hasSessionStart && hasStop;
-  const anyInstalled = hasSessionStart || hasStop || hasGithub || hasScan;
-  if (allInstalled) {
-    log.success("SHIVA ist vollst\xE4ndig integriert (Sync + GitHub + Security)");
-  } else if (syncInstalled && hasGithub && !hasScan) {
-    log.success("Cloud Sync + GitHub aktiv");
-    log.info("Package Scanning hinzuf\xFCgen: shiva hook install --scan");
-  } else if (syncInstalled && !hasGithub) {
-    log.success("Cloud Sync aktiv");
-    log.info("GitHub Context hinzuf\xFCgen: shiva hook install --github");
-    log.info("Package Scanning hinzuf\xFCgen: shiva hook install --scan");
-  } else if (hasGithub && !syncInstalled) {
-    log.success("GitHub Context aktiv");
-    log.info("Cloud Sync hinzuf\xFCgen: shiva hook install --sync");
-  } else if (anyInstalled) {
-    log.warn("SHIVA ist teilweise integriert");
-    log.info("Alle Hooks: shiva hook install --all");
-  } else {
-    log.info("Installieren mit: shiva hook install");
-  }
-});
-hookCommand.command("inject-context").description("GitHub Context in Session injizieren (f\xFCr Hook)").option("--quiet", "Keine Logs ausgeben").action(async (options) => {
-  const projectPath = process.cwd();
-  if (!isGhInstalled() || !isGhAuthenticated()) {
-    console.log(JSON.stringify({}));
-    return;
-  }
-  if (hasShivaDir(projectPath)) {
-    const config = getProjectConfig(projectPath);
-    if (!config.autoInjectContext) {
-      console.log(JSON.stringify({}));
-      return;
-    }
-  }
-  try {
-    const context = await generateGitHubContext(projectPath);
-    if (!context || !context.repo) {
-      console.log(JSON.stringify({}));
-      return;
-    }
-    const markdown = formatContextAsMarkdown(context);
-    if (hasShivaDir(projectPath)) {
-      cacheGitHubContext(projectPath, markdown);
-    }
-    console.log(JSON.stringify({
-      hookSpecificOutput: {
-        additionalContext: markdown
-      }
-    }));
-  } catch {
-    console.log(JSON.stringify({}));
-  }
-});
-hookCommand.command("branch-switch").description("Branch-Wechsel behandeln (f\xFCr git hook)").argument("<old-ref>", "Alter Branch/Ref").argument("<new-ref>", "Neuer Branch/Ref").option("--quiet", "Keine Ausgabe").action(async (oldRef, newRef, options) => {
-  if (options.quiet) {
-    return;
-  }
-  const { getCurrentBranch } = await import("./api-OEHQTBH7.js");
-  const { getSessionForBranch, hasShivaDir: hasShivaDir2 } = await import("./config-D6M6LI6U.js");
-  const { findProject, findSessionByBranch, formatRelativeTime } = await import("./manager-CCRAV6A5.js");
-  const projectPath = process.cwd();
-  const newBranch = getCurrentBranch(projectPath);
-  let sessionInfo = null;
-  if (hasShivaDir2(projectPath)) {
-    const mappedSession = getSessionForBranch(projectPath, newBranch);
-    if (mappedSession) {
-      sessionInfo = {
-        source: "mapping",
-        lastAccessed: mappedSession.lastAccessed
-      };
-    }
-  }
-  if (!sessionInfo) {
-    const project = await findProject(projectPath);
-    if (project) {
-      const indexSession = findSessionByBranch(project, newBranch);
-      if (indexSession) {
-        sessionInfo = {
-          source: "index",
-          lastAccessed: indexSession.modified,
-          messageCount: indexSession.messageCount
-        };
-      }
-    }
-  }
-  if (sessionInfo) {
-    console.log(`
-\u{1F4A1} SHIVA: Session f\xFCr Branch "${newBranch}" gefunden`);
-    if (sessionInfo.lastAccessed) {
-      const relTime = formatRelativeTime(sessionInfo.lastAccessed);
-      console.log(`   Letzte Aktivit\xE4t: ${relTime}`);
-    }
-    if (sessionInfo.messageCount) {
-      console.log(`   Messages: ${sessionInfo.messageCount}`);
-    }
-    console.log(`   Fortsetzen mit: shiva resume
-`);
-  }
-});
-hookCommand.command("scan-command").description("Scanne Bash-Befehle auf Package-Installationen (f\xFCr Hook)").argument("<tool-input>", "JSON Tool Input von Claude Code").action(async (toolInput) => {
-  const config = packageScanner.getConfig();
-  if (!config.enabled) {
-    console.log(JSON.stringify({ hookSpecificOutput: null }));
-    return;
-  }
-  try {
-    let command;
-    try {
-      const parsed = JSON.parse(toolInput);
-      command = parsed.command || toolInput;
-    } catch {
-      command = toolInput;
-    }
-    if (!packageScanner.isInstallCommand(command)) {
-      console.log(JSON.stringify({ hookSpecificOutput: null }));
-      return;
-    }
-    const results = await packageScanner.scanCommand(command);
-    if (!results || results.length === 0) {
-      console.log(JSON.stringify({ hookSpecificOutput: null }));
-      return;
-    }
-    const hookOutput = packageScanner.generateHookOutput(results);
-    console.log(JSON.stringify(hookOutput));
-  } catch (error) {
-    console.log(JSON.stringify({ hookSpecificOutput: null }));
-  }
-});
-hookCommand.command("push").description("Hooks in Cloud sichern").action(async () => {
-  const { api } = await import("./client-H3JXPT5B.js");
-  const { isAuthenticated } = await import("./config-FGMZONWV.js");
-  if (!isAuthenticated()) {
-    log.error("Nicht angemeldet");
-    log.info("Anmelden mit: shiva login");
-    return;
-  }
-  const settings = getClaudeSettings();
-  if (!settings.hooks) {
-    log.warn("Keine lokalen Hooks konfiguriert");
-    return;
-  }
-  try {
-    await api.updateHooks(settings.hooks);
-    log.success("Hooks in Cloud gesichert");
-  } catch (error) {
-    log.error(error instanceof Error ? error.message : "Fehler beim Sichern");
-  }
-});
-hookCommand.command("pull").description("Hooks aus Cloud laden").option("-f, --force", "Lokale Hooks \xFCberschreiben").action(async (options) => {
-  const { api } = await import("./client-H3JXPT5B.js");
-  const { isAuthenticated } = await import("./config-FGMZONWV.js");
-  if (!isAuthenticated()) {
-    log.error("Nicht angemeldet");
-    log.info("Anmelden mit: shiva login");
-    return;
-  }
-  const settings = getClaudeSettings();
-  if (settings.hooks && !options.force) {
-    log.warn("Lokale Hooks existieren bereits");
-    log.info("Mit --force \xFCberschreiben");
-    return;
-  }
-  try {
-    const result = await api.getHooks();
-    if (!result.hooks || Object.keys(result.hooks).length === 0) {
-      log.info("Keine Hooks in Cloud gefunden");
-      return;
-    }
-    settings.hooks = result.hooks;
-    saveClaudeSettings(settings);
-    log.success("Hooks aus Cloud geladen");
-    log.newline();
-    log.info("Aktive Hooks:");
-    for (const [event, hooks] of Object.entries(result.hooks)) {
-      log.tree.item(`${event}: ${Array.isArray(hooks) ? hooks.length : 1} Hook(s)`);
-    }
-  } catch (error) {
-    log.error(error instanceof Error ? error.message : "Fehler beim Laden");
-  }
-});
-hookCommand.command("sync").description("Hooks mit Cloud synchronisieren").action(async () => {
-  const { api } = await import("./client-H3JXPT5B.js");
-  const { isAuthenticated } = await import("./config-FGMZONWV.js");
-  if (!isAuthenticated()) {
-    log.error("Nicht angemeldet");
-    log.info("Anmelden mit: shiva login");
-    return;
-  }
-  const settings = getClaudeSettings();
-  try {
-    if (settings.hooks) {
-      await api.updateHooks(settings.hooks);
-      log.success("Lokale Hooks \u2192 Cloud");
-    }
-    const result = await api.getHooks();
-    if (result.hooks && Object.keys(result.hooks).length > 0) {
-      const merged = { ...result.hooks, ...settings.hooks };
-      settings.hooks = merged;
-      saveClaudeSettings(settings);
-      log.success("Cloud Hooks \u2192 Lokal (merged)");
-    }
-    log.newline();
-    log.success("Hooks synchronisiert");
-  } catch (error) {
-    log.error(error instanceof Error ? error.message : "Fehler beim Synchronisieren");
-  }
-});
-hookCommand.command("cloud-list").description("Cloud-Hooks auflisten").option("--event <type>", "Nach Event-Typ filtern").option("--json", "JSON Output").action(async (options) => {
-  const { api } = await import("./client-H3JXPT5B.js");
-  const { isAuthenticated } = await import("./config-FGMZONWV.js");
-  const { colors: colors2 } = await import("./logger-VVWOD6AA.js");
-  if (!isAuthenticated()) {
-    log.error("Nicht angemeldet");
-    log.info("Anmelden mit: shiva login");
-    return;
-  }
-  const ora = (await import("ora")).default;
-  const spinner = ora("Lade Cloud-Hooks...").start();
-  try {
-    let hooks;
-    if (options.event) {
-      hooks = await api.getHooksForEvent(options.event);
-    } else {
-      const result = await api.getHooks();
-      hooks = result.hooks || [];
-    }
-    spinner.stop();
-    if (options.json) {
-      console.log(JSON.stringify(hooks, null, 2));
-      return;
-    }
-    log.newline();
-    console.log(colors2.orange.bold("Cloud Hooks"));
-    console.log(colors2.dim("\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500"));
-    log.newline();
-    if (!hooks || Array.isArray(hooks) && hooks.length === 0) {
-      log.dim("Keine Cloud-Hooks konfiguriert");
-      return;
-    }
-    const hooksArray = Array.isArray(hooks) ? hooks : Object.values(hooks).flat();
-    for (const hook of hooksArray) {
-      const enabledIcon = hook.enabled !== false ? colors2.green("\u25CF") : colors2.dim("\u25CB");
-      console.log(`  ${enabledIcon} ${colors2.bold(hook.id || hook.event)}`);
-      console.log(`    ${colors2.dim("Event:")} ${hook.event}`);
-      if (hook.matcher) {
-        console.log(`    ${colors2.dim("Matcher:")} ${hook.matcher}`);
-      }
-      console.log(`    ${colors2.dim("Type:")} ${hook.type}`);
-      console.log(`    ${colors2.dim("Command:")} ${hook.command}`);
-      log.newline();
-    }
-  } catch (error) {
-    spinner.fail("Fehler beim Laden");
-    log.error(error instanceof Error ? error.message : "Unbekannter Fehler");
-  }
-});
-hookCommand.command("cloud-create").description("Neuen Cloud-Hook erstellen").requiredOption("--event <event>", "Event-Typ (PreToolUse, PostToolUse, etc.)").requiredOption("--command <cmd>", "Auszuf\xFChrender Befehl").option("--matcher <pattern>", "Tool-Matcher Pattern").option("--type <type>", "Hook-Typ (command, script)", "command").option("--timeout <ms>", "Timeout in Millisekunden").action(async (options) => {
-  const { api } = await import("./client-H3JXPT5B.js");
-  const { isAuthenticated } = await import("./config-FGMZONWV.js");
-  if (!isAuthenticated()) {
-    log.error("Nicht angemeldet");
-    log.info("Anmelden mit: shiva login");
-    return;
-  }
-  const ora = (await import("ora")).default;
-  const spinner = ora("Erstelle Cloud-Hook...").start();
-  try {
-    const result = await api.createHook({
-      event: options.event,
-      command: options.command,
-      matcher: options.matcher,
-      type: options.type,
-      timeout: options.timeout ? parseInt(options.timeout) : void 0
-    });
-    if (result.success) {
-      spinner.succeed(`Hook erstellt: ${result.hookId}`);
-    } else {
-      spinner.fail(result.message || "Fehler beim Erstellen");
-    }
-  } catch (error) {
-    spinner.fail("Fehler beim Erstellen");
-    log.error(error instanceof Error ? error.message : "Unbekannter Fehler");
-  }
-});
-hookCommand.command("cloud-test").description("Cloud-Hook testen").argument("<hook-id>", "Hook ID").action(async (hookId) => {
-  const { api } = await import("./client-H3JXPT5B.js");
-  const { isAuthenticated } = await import("./config-FGMZONWV.js");
-  const { colors: colors2 } = await import("./logger-VVWOD6AA.js");
-  if (!isAuthenticated()) {
-    log.error("Nicht angemeldet");
-    log.info("Anmelden mit: shiva login");
-    return;
-  }
-  const ora = (await import("ora")).default;
-  const spinner = ora("Teste Hook...").start();
-  try {
-    const result = await api.testHook(hookId);
-    spinner.stop();
-    log.newline();
-    if (result.success) {
-      log.success(`Hook erfolgreich (${result.duration}ms)`);
-      if (result.output) {
-        log.newline();
-        console.log(colors2.dim("Output:"));
-        console.log(result.output);
-      }
-    } else {
-      log.error(`Hook fehlgeschlagen (${result.duration}ms)`);
-      if (result.error) {
-        log.newline();
-        console.log(colors2.dim("Error:"));
-        console.log(colors2.red(result.error));
-      }
-    }
-  } catch (error) {
-    spinner.fail("Fehler beim Testen");
-    log.error(error instanceof Error ? error.message : "Unbekannter Fehler");
-  }
-});
-hookCommand.command("cloud-delete").description("Cloud-Hook l\xF6schen").argument("<hook-id>", "Hook ID").option("-y, --yes", "Ohne Best\xE4tigung").action(async (hookId, options) => {
-  const { api } = await import("./client-H3JXPT5B.js");
-  const { isAuthenticated } = await import("./config-FGMZONWV.js");
-  if (!isAuthenticated()) {
-    log.error("Nicht angemeldet");
-    log.info("Anmelden mit: shiva login");
-    return;
-  }
-  if (!options.yes) {
-    const inquirer = (await import("inquirer")).default;
-    const { confirm } = await inquirer.prompt([{
-      type: "confirm",
-      name: "confirm",
-      message: `Hook ${hookId} l\xF6schen?`,
-      default: false
-    }]);
-    if (!confirm) {
-      log.dim("Abgebrochen");
-      return;
-    }
-  }
-  const ora = (await import("ora")).default;
-  const spinner = ora("L\xF6sche Hook...").start();
-  try {
-    const result = await api.deleteHook(hookId);
-    if (result.success) {
-      spinner.succeed("Hook gel\xF6scht");
-    } else {
-      spinner.fail(result.message || "Fehler beim L\xF6schen");
-    }
-  } catch (error) {
-    spinner.fail("Fehler beim L\xF6schen");
-    log.error(error instanceof Error ? error.message : "Unbekannter Fehler");
-  }
-});
-hookCommand.command("cloud-toggle").description("Cloud-Hook aktivieren/deaktivieren").argument("<hook-id>", "Hook ID").option("--enable", "Hook aktivieren").option("--disable", "Hook deaktivieren").action(async (hookId, options) => {
-  const { api } = await import("./client-H3JXPT5B.js");
-  const { isAuthenticated } = await import("./config-FGMZONWV.js");
-  if (!isAuthenticated()) {
-    log.error("Nicht angemeldet");
-    log.info("Anmelden mit: shiva login");
-    return;
-  }
-  const enabled = options.enable ? true : options.disable ? false : void 0;
-  if (enabled === void 0) {
-    log.error("Bitte --enable oder --disable angeben");
-    return;
-  }
-  const ora = (await import("ora")).default;
-  const spinner = ora("Aktualisiere Hook...").start();
-  try {
-    const result = await api.updateHook(hookId, { enabled });
-    if (result.success) {
-      spinner.succeed(`Hook ${enabled ? "aktiviert" : "deaktiviert"}`);
-    } else {
-      spinner.fail(result.message || "Fehler beim Aktualisieren");
-    }
-  } catch (error) {
-    spinner.fail("Fehler beim Aktualisieren");
-    log.error(error instanceof Error ? error.message : "Unbekannter Fehler");
-  }
-});
-hookCommand.command("scan-session").description("Session nach sensiblen Tokens scannen (f\xFCr Stop Hook)").option("--quiet", "Keine Ausgabe (f\xFCr Hook)").option("--redact", "Tokens in Session-History maskieren").option("--path <path>", "Session-Datei Pfad").action(async (options) => {
-  const { detectTokens, redactTokens, maskToken } = await import("./token-detection-K6KCIWAU.js");
-  const { api } = await import("./client-H3JXPT5B.js");
-  const { isAuthenticated } = await import("./config-FGMZONWV.js");
-  const { existsSync: existsSync2, readFileSync: readFileSync2, writeFileSync: writeFileSync2, readdirSync, statSync } = await import("fs");
-  const { join: join2 } = await import("path");
-  const { homedir: homedir2 } = await import("os");
-  const quiet = options.quiet;
-  try {
-    let autoRedact = options.redact || false;
-    let autoStore = false;
-    if (isAuthenticated()) {
-      try {
-        const settings = await api.getUserSettings();
-        if (settings.settings?.tokenProtection) {
-          autoRedact = settings.settings.tokenProtection.autoRedact ?? autoRedact;
-          autoStore = settings.settings.tokenProtection.autoStore ?? false;
-        }
-      } catch {
-      }
-    }
-    const claudeProjectsPath = join2(homedir2(), ".claude", "projects");
-    let sessionFiles = [];
-    if (options.path) {
-      sessionFiles = [options.path];
-    } else if (existsSync2(claudeProjectsPath)) {
-      const oneHourAgo = Date.now() - 60 * 60 * 1e3;
-      try {
-        const projects = readdirSync(claudeProjectsPath);
-        for (const project of projects) {
-          const projectPath = join2(claudeProjectsPath, project);
-          const stat = statSync(projectPath);
-          if (!stat.isDirectory()) continue;
-          const files = readdirSync(projectPath);
-          for (const file of files) {
-            if (!file.endsWith(".jsonl")) continue;
-            const filePath = join2(projectPath, file);
-            const fileStat = statSync(filePath);
-            if (fileStat.mtime.getTime() > oneHourAgo) {
-              sessionFiles.push(filePath);
-            }
-          }
-        }
-      } catch {
-      }
-    }
-    let totalTokensFound = 0;
-    let totalFilesScanned = 0;
-    let totalTokensRedacted = 0;
-    const detectedTokens = [];
-    for (const sessionFile of sessionFiles) {
-      if (!existsSync2(sessionFile)) continue;
-      try {
-        const content = readFileSync2(sessionFile, "utf-8");
-        const tokens = detectTokens(content);
-        if (tokens.length > 0) {
-          totalTokensFound += tokens.length;
-          for (const t of tokens) {
-            detectedTokens.push({
-              file: sessionFile,
-              token: t.token,
-              service: t.pattern.service
-            });
-            if (autoStore && isAuthenticated()) {
-              try {
-                const secretKey = `${t.pattern.name.toUpperCase()}_TOKEN`;
-                await api.addSecret({
-                  key: secretKey,
-                  value: t.token,
-                  description: `Auto-detected ${t.pattern.description}`
-                });
-              } catch {
-              }
-            }
-          }
-          if (autoRedact) {
-            const redactedContent = redactTokens(content);
-            writeFileSync2(sessionFile, redactedContent);
-            totalTokensRedacted += tokens.length;
-          }
-        }
-        totalFilesScanned++;
-      } catch {
-      }
-    }
-    if (quiet) {
-      process.exit(0);
-    } else {
-      log.newline();
-      if (totalTokensFound === 0) {
-        log.success(`Keine sensiblen Tokens gefunden (${totalFilesScanned} Dateien gescannt)`);
-      } else {
-        console.log(colors.red.bold(`\u26A0\uFE0F  ${totalTokensFound} sensible Tokens gefunden!`));
-        log.newline();
-        for (const t of detectedTokens) {
-          console.log(`  ${colors.red("!")} ${t.service}: ${colors.dim(maskToken(t.token))}`);
-        }
-        log.newline();
-        if (totalTokensRedacted > 0) {
-          log.success(`${totalTokensRedacted} Tokens in Session-History maskiert`);
-        } else {
-          log.warn("Tokens NICHT maskiert. Verwende --redact oder aktiviere auto-redact in Einstellungen.");
-        }
-        log.newline();
-        log.info("Sichere Tokens mit: shiva secure-token");
-      }
-      log.newline();
-    }
-  } catch (error) {
-    if (quiet) {
-      process.exit(0);
-    } else {
-      log.error(error instanceof Error ? error.message : "Fehler beim Scannen");
-    }
-  }
-});
-
-export {
-  packageScanner,
-  hookCommand
-};