sinapse-ai 1.7.0 → 1.8.0

package/.claude/hooks/enforce-permission-mode.cjs

@@ -0,0 +1,249 @@
+#!/usr/bin/env node
+'use strict';
+
+/**
+ * Hook: Enforce Permission Mode — PreToolUse guard
+ *
+ * RULE: When the project is in "explore" (read-only) mode, Write and Edit
+ *       operations are BLOCKED. Read operations are always allowed.
+ *       Bash commands classified as write/delete/execute are also blocked.
+ *
+ * Protocol (Claude Code PreToolUse):
+ *   exit 0  → allow (operation proceeds)
+ *   exit 2  → block (message shown to model via stderr)
+ *
+ * Fail-open policy:
+ *   - If the permission config cannot be loaded, the hook allows (exit 0).
+ *   - If mode is "ask" or "auto", the hook allows (exit 0).
+ *   - Any unexpected error: exit 0.
+ *
+ * @module enforce-permission-mode
+ */
+
+const fs = require('fs');
+const path = require('path');
+
+// ---------------------------------------------------------------------------
+// Project root resolution
+// ---------------------------------------------------------------------------
+
+function projectRoot() {
+  return process.env.CLAUDE_PROJECT_DIR || process.cwd();
+}
+
+// ---------------------------------------------------------------------------
+// Lightweight mode loader (no yaml dependency — parses the simple key: value)
+// ---------------------------------------------------------------------------
+
+/**
+ * Parse `permissions.mode` from a minimal YAML config without requiring js-yaml.
+ * Handles:
+ *   permissions:
+ *     mode: explore
+ *
+ * Returns 'ask' (the safe default) if the file is missing, unreadable, or
+ * the key is absent.
+ *
+ * @param {string} configPath
+ * @returns {string} mode name
+ */
+function loadPermissionMode(configPath) {
+  try {
+    const content = fs.readFileSync(configPath, 'utf8');
+    // Match "mode: <value>" under a "permissions:" block
+    const match = content.match(/^\s*mode:\s*["']?(\w+)["']?\s*$/m);
+    if (match) {
+      return match[1].toLowerCase();
+    }
+  } catch {
+    // File missing or unreadable — fail-open
+  }
+  return 'ask';
+}
+
+// ---------------------------------------------------------------------------
+// Operation classifier (mirrors OperationGuard.classifyOperation)
+// ---------------------------------------------------------------------------
+
+const SAFE_COMMANDS = [
+  'git status', 'git log', 'git diff', 'git branch', 'git show',
+  'git ls-files', 'git remote -v',
+  'ls', 'pwd', 'cat', 'head', 'tail', 'wc', 'find', 'grep', 'which',
+  'file', 'stat',
+  'npm list', 'npm outdated', 'npm audit', 'npm view', 'npm search',
+  'yarn list', 'yarn info', 'bun pm ls',
+  'node --version', 'npm --version', 'yarn --version', 'bun --version',
+  'git --version', 'python --version', 'python3 --version',
+  'uname', 'whoami', 'hostname', 'date', 'uptime', 'df -h', 'free -h',
+  'env', 'printenv',
+  'curl -I', 'ping -c', 'nslookup', 'dig',
+  'ps aux', 'top -l 1', 'htop',
+  'gh auth status', 'gh repo view', 'gh pr list', 'gh pr view',
+  'gh issue list', 'gh issue view', 'gh api',
+];
+
+const DESTRUCTIVE_PATTERNS = [
+  /\brm\s+(-[rf]+\s+)?/,
+  /\brmdir\b/,
+  /\bunlink\b/,
+  /\bgit\s+reset\s+--hard\b/,
+  /\bgit\s+push\s+--force\b/,
+  /\bgit\s+push\s+-f\b/,
+  /\bgit\s+clean\s+-[fd]+/,
+  /\bgit\s+checkout\s+\.\s*$/,
+  /\bgit\s+restore\s+\.\s*$/,
+  /\bgit\s+stash\s+drop\b/,
+  /\bgit\s+branch\s+-[dD]\b/,
+  /\bDROP\s+(TABLE|DATABASE|INDEX|VIEW)\b/i,
+  /\bDELETE\s+FROM\b/i,
+  /\bTRUNCATE\b/i,
+  /\bALTER\s+TABLE\b.*\bDROP\b/i,
+  /\bkill\s+-9\b/,
+  /\bkillall\b/,
+  /\bshutdown\b/,
+  /\breboot\b/,
+  /\bnpm\s+uninstall\b/,
+  /\byarn\s+remove\b/,
+  /\bbun\s+remove\b/,
+];
+
+const WRITE_PATTERNS = [
+  /[^<]>/,
+  />>/,
+  /\bmkdir\b/,
+  /\btouch\b/,
+  /\bmv\b/,
+  /\bcp\b/,
+  /\bln\b/,
+  /\bchmod\b/,
+  /\bchown\b/,
+  /\bsed\s+-i\b/,
+  /\bawk\s+-i\b/,
+  /\bgit\s+add\b/,
+  /\bgit\s+commit\b/,
+  /\bgit\s+push\b/,
+  /\bgit\s+merge\b/,
+  /\bgit\s+rebase\b/,
+  /\bgit\s+cherry-pick\b/,
+  /\bgit\s+stash\b/,
+  /\bnpm\s+install\b/,
+  /\bnpm\s+i\b/,
+  /\bnpm\s+ci\b/,
+  /\byarn\s+add\b/,
+  /\byarn\s+install\b/,
+  /\bbun\s+install\b/,
+  /\bbun\s+add\b/,
+];
+
+/**
+ * Classify a Bash command as read/write/delete/execute.
+ * @param {string} command
+ * @returns {string}
+ */
+function classifyBashCommand(command) {
+  const normalized = command.trim().toLowerCase();
+  for (const safe of SAFE_COMMANDS) {
+    if (normalized.startsWith(safe.toLowerCase())) return 'read';
+  }
+  for (const pat of DESTRUCTIVE_PATTERNS) {
+    if (pat.test(command)) return 'delete';
+  }
+  for (const pat of WRITE_PATTERNS) {
+    if (pat.test(command)) return 'write';
+  }
+  return 'execute';
+}
+
+/**
+ * Classify a tool call into an operation type.
+ * @param {string} tool
+ * @param {Object} params
+ * @returns {string}
+ */
+function classifyOperation(tool, params) {
+  if (['Read', 'Glob', 'Grep', 'WebFetch', 'WebSearch'].includes(tool)) return 'read';
+  if (['Write', 'Edit', 'NotebookEdit'].includes(tool)) return 'write';
+  if (tool === 'Bash') return classifyBashCommand(params.command || '');
+  if (tool === 'Task') {
+    const readOnlyAgents = ['Explore', 'Plan', 'claude-code-guide'];
+    return readOnlyAgents.includes(params.subagent_type) ? 'read' : 'execute';
+  }
+  if (tool.startsWith('mcp__')) return 'execute';
+  return 'read'; // default to read (safe)
+}
+
+// ---------------------------------------------------------------------------
+// Main
+// ---------------------------------------------------------------------------
+
+function main() {
+  // Parse stdin — fail-open on any parse error
+  let input;
+  try {
+    input = JSON.parse(fs.readFileSync(0, 'utf8'));
+  } catch {
+    process.exit(0);
+  }
+
+  const toolName = (input.tool_name || '').trim();
+  const toolInput = input.tool_input || {};
+
+  // Resolve project root
+  const root = projectRoot();
+  const configPath = path.join(root, '.sinapse', 'config.yaml');
+
+  // Load permission mode — fail-open if unresolvable
+  let mode;
+  try {
+    mode = loadPermissionMode(configPath);
+  } catch {
+    process.exit(0);
+  }
+
+  // Only enforce in explore mode. All other modes: allow.
+  if (mode !== 'explore') {
+    process.exit(0);
+  }
+
+  // Classify the operation
+  let operation;
+  try {
+    operation = classifyOperation(toolName, toolInput);
+  } catch {
+    process.exit(0); // fail-open
+  }
+
+  // In explore mode, only reads are allowed
+  if (operation === 'read') {
+    process.exit(0);
+  }
+
+  // Build context for the block message
+  let detail = '';
+  if (toolName === 'Bash' && toolInput.command) {
+    const cmd = toolInput.command;
+    detail = `\nCommand: ${cmd.length > 120 ? cmd.slice(0, 120) + '...' : cmd}`;
+  } else if (toolInput.file_path) {
+    detail = `\nFile: ${toolInput.file_path}`;
+  }
+
+  // BLOCK — exit 2
+  process.stderr.write(
+    `\nPERMISSION-MODE BLOCK [Explore / Read-Only]\n` +
+    `Tool: ${toolName}  Operation: ${operation}${detail}\n` +
+    `\n` +
+    `The project is in Explore (read-only) mode. Write, Edit, and destructive\n` +
+    `Bash commands are not allowed in this mode.\n` +
+    `\n` +
+    `To enable writes, change the permission mode:\n` +
+    `  *mode ask    — confirm before each change\n` +
+    `  *mode auto   — full autonomy (no prompts)\n` +
+    `\n` +
+    `Or update .sinapse/config.yaml:\n` +
+    `  permissions:\n` +
+    `    mode: ask\n`,
+  );
+  process.exit(2);
+}
+
+main();

package/.claude/hooks/secret-scanning.cjs

@@ -10,7 +10,12 @@
  *   exit 0  → allow
  *   exit 2  → block (message shown to model via stderr)
  *
- * Fail-open: if parsing fails, allow.
+ * fail-CLOSED: if the scanner cannot load or stdin cannot be parsed, BLOCK
+ * (exit 2) rather than silently allowing an unscanned write.
+ *
+ * Detection logic is shared with the git pre-commit scanner via
+ * bin/utils/secret-scanner-core.js (20+ named patterns + Shannon-entropy
+ * backstop + placeholder allowlist + lockfile-hash allowlist + redaction).
  *
  * @module secret-scanning
  */
@@ -19,38 +24,23 @@ const fs = require('fs');
 const path = require('path');
 
 // ---------------------------------------------------------------------------
-// Secret Patterns — ordered by severity
+// Shared detection core (single source of truth for patterns + entropy)
 // ---------------------------------------------------------------------------
 
-const SECRET_PATTERNS = [
-  // API Keys & Tokens
-  { name: 'AWS Access Key', pattern: /AKIA[0-9A-Z]{16}/ },
-  { name: 'AWS Secret Key', pattern: /(?:aws_secret_access_key|secret_key)\s*[=:]\s*['"]?[A-Za-z0-9/+=]{40}['"]?/i },
-  { name: 'GitHub Token', pattern: /gh[ps]_[A-Za-z0-9_]{36,}/ },
-  { name: 'GitHub OAuth', pattern: /gho_[A-Za-z0-9_]{36,}/ },
-  { name: 'Slack Token', pattern: /xox[bpors]-[0-9]{10,}-[A-Za-z0-9-]+/ },
-  { name: 'Stripe Key', pattern: /[sr]k_(live|test)_[A-Za-z0-9]{20,}/ },
-  { name: 'OpenAI Key', pattern: /sk-[A-Za-z0-9]{20,}/ },
-  { name: 'Anthropic Key', pattern: /sk-ant-[A-Za-z0-9-]{20,}/ },
-  { name: 'Supabase Key', pattern: /eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9\.[A-Za-z0-9_-]{50,}/ },
-  { name: 'Google API Key', pattern: /AIza[0-9A-Za-z_-]{35}/ },
-  { name: 'Vercel Token', pattern: /vercel_[A-Za-z0-9]{20,}/ },
-
-  // Private Keys
-  { name: 'RSA Private Key', pattern: /-----BEGIN RSA PRIVATE KEY-----/ },
-  { name: 'SSH Private Key', pattern: /-----BEGIN OPENSSH PRIVATE KEY-----/ },
-  { name: 'PGP Private Key', pattern: /-----BEGIN PGP PRIVATE KEY BLOCK-----/ },
-  { name: 'EC Private Key', pattern: /-----BEGIN EC PRIVATE KEY-----/ },
-
-  // Connection Strings
-  { name: 'DB Connection String', pattern: /(?:postgres|mysql|mongodb|redis):\/\/[^:]+:[^@]+@[^/\s]+/i },
-  { name: 'Supabase DB URL', pattern: /postgresql:\/\/postgres\.[A-Za-z0-9]+:[^@]+@/i },
-
-  // Generic Patterns (broader, lower confidence)
-  { name: 'Hardcoded Password', pattern: /(?:password|passwd|pwd)\s*[=:]\s*['"][^'"]{8,}['"]/i },
-  { name: 'Bearer Token', pattern: /[Bb]earer\s+[A-Za-z0-9_\-.]{20,}/ },
-  { name: 'Basic Auth', pattern: /[Bb]asic\s+[A-Za-z0-9+/=]{20,}/ },
-];
+let core;
+try {
+  // Hook lives at <root>/.claude/hooks/; core lives at <root>/bin/utils/.
+  core = require(path.join(__dirname, '..', '..', 'bin', 'utils', 'secret-scanner-core.js'));
+} catch (err) {
+  // fail-CLOSED: cannot scan → do not allow the write.
+  process.stderr.write(
+    '\nSECRET SCANNING BLOCK: scanner failed to load (fail-closed).\n' +
+    String(err && err.message ? err.message : err) + '\n',
+  );
+  process.exit(2);
+}
+
+const { scanContent } = core;
 
 /** Files that are expected to contain secret-like patterns */
 const EXEMPT_PATHS = [
@@ -94,14 +84,9 @@ function isScannable(rel) {
   return SCANNABLE_EXTENSIONS.some((ext) => rel.endsWith(ext));
 }
 
-function scanForSecrets(content) {
-  const findings = [];
-  for (const { name, pattern } of SECRET_PATTERNS) {
-    if (pattern.test(content)) {
-      findings.push(name);
-    }
-  }
-  return findings;
+function scanForSecrets(content, filePath) {
+  // Delegates to the shared, hardened core. Returns redacted findings.
+  return scanContent(content, { filePath: filePath || '' });
 }
 
 // ---------------------------------------------------------------------------
@@ -113,7 +98,9 @@ function main() {
   try {
     input = JSON.parse(fs.readFileSync(0, 'utf8'));
   } catch {
-    process.exit(0); // fail-open
+    // fail-CLOSED: unparseable hook input → block rather than allow blindly.
+    process.stderr.write('\nSECRET SCANNING BLOCK: could not parse hook input (fail-closed).\n');
+    process.exit(2);
   }
 
   const toolName = input.tool_name || '';
@@ -135,14 +122,18 @@ function main() {
   const content = toolInput.content || toolInput.new_string || '';
   if (!content) process.exit(0);
 
-  const findings = scanForSecrets(content);
+  const findings = scanForSecrets(content, rel);
   if (findings.length === 0) process.exit(0);
 
-  // BLOCK
+  // BLOCK — secrets are reported REDACTED (the core never returns raw values).
+  const lines = findings.map((f) => {
+    const ent = f.entropy ? ` (entropy ${f.entropy})` : '';
+    return `  - ${f.name}: ${f.redacted}${ent}`;
+  });
   process.stderr.write(
     `\nSECRET SCANNING BLOCK: Potential secrets detected!\n` +
     `File: ${rel}\n` +
-    `Found: ${findings.join(', ')}\n` +
+    `Found:\n${lines.join('\n')}\n` +
     `\n` +
     `DO NOT commit secrets to code. Instead:\n` +
     `  - Use environment variables (.env) for local dev\n` +

package/.claude/hooks/synapse-engine.cjs

@@ -39,10 +39,32 @@ function readStdin() {
   });
 }
 
+/** Write to stdout robustly across real and mocked (Jest) streams. */
+function writeStdout(output) {
+  return new Promise((resolve, reject) => {
+    let settled = false;
+    const finish = (err) => {
+      if (settled) return;
+      settled = true;
+      if (err) reject(err); else resolve();
+    };
+    try {
+      const flushed = process.stdout.write(output, (err) => finish(err));
+      if (flushed) setImmediate(() => finish());
+      else if (typeof process.stdout.once === 'function') process.stdout.once('drain', () => finish());
+    } catch (err) {
+      finish(err);
+    }
+  });
+}
+
 /** Main hook execution pipeline. */
 async function main() {
   const input = await readStdin();
   const runtime = resolveHookRuntime(input);
+  // Silent exit (empty stdout = valid "no context") when no runtime is
+  // resolvable — missing cwd or missing `.synapse/`. Only NON-empty output
+  // must conform to the hook schema.
   if (!runtime) return;
 
   const result = await runtime.engine.process(input.prompt, runtime.session);
@@ -62,29 +84,7 @@ async function main() {
   }
 
   const output = JSON.stringify(buildHookOutput(result.xml));
-
-  // Write output robustly across real process.stdout and mocked Jest streams.
-  // Some mocks return boolean but never invoke callback; handle both patterns.
-  await new Promise((resolve, reject) => {
-    let settled = false;
-    const finish = (err) => {
-      if (settled) return;
-      settled = true;
-      if (err) reject(err);
-      else resolve();
-    };
-
-    try {
-      const flushed = process.stdout.write(output, (err) => finish(err));
-      if (flushed) {
-        setImmediate(() => finish());
-      } else if (typeof process.stdout.once === 'function') {
-        process.stdout.once('drain', () => finish());
-      }
-    } catch (err) {
-      finish(err);
-    }
-  });
+  await writeStdout(output);
 }
 
 /** Entry point runner — lets Node exit naturally after stdout flush. */

package/.claude/hooks/telemetry-post-tool.cjs

@@ -0,0 +1,128 @@
+#!/usr/bin/env node
+/**
+ * telemetry-post-tool.cjs
+ * PostToolUse hook — accumulates per-session DORA counters into a state file.
+ *
+ * FAIL-OPEN TOTAL: any error is swallowed; hook always exits 0 so it never
+ * blocks the main Claude Code flow.
+ *
+ * State path: <projectRoot>/.sinapse/telemetry/sessions/<sessionId>.json
+ * Written by: this hook (PostToolUse)
+ * Read+cleared by: telemetry-stop.cjs (Stop)
+ *
+ * Registered in HOOK_EVENT_MAP as: PostToolUse, no matcher, timeout 3.
+ */
+
+'use strict';
+
+const fs   = require('fs');
+const path = require('path');
+const os   = require('os');
+
+// ─── constants ───────────────────────────────────────────────────────────────
+
+const FILE_WRITE_TOOLS = new Set(['Write', 'Edit', 'NotebookEdit']);
+
+// ─── helpers ─────────────────────────────────────────────────────────────────
+
+function resolveProjectRoot() {
+  // CLAUDE_PROJECT_DIR is injected by Claude Code into hook environment
+  const fromEnv = process.env.CLAUDE_PROJECT_DIR || process.env.SINAPSE_PROJECT_DIR;
+  if (fromEnv) return fromEnv;
+  // Fallback: cwd at the time the hook is spawned
+  return process.cwd();
+}
+
+function resolveSessionId(data) {
+  return (
+    process.env.CLAUDE_SESSION_ID ||
+    process.env.CLAUDE_CODE_SESSION_ID ||
+    data.session_id ||
+    data.sessionId ||
+    'unknown'
+  );
+}
+
+function sessionStatePath(projectRoot, sessionId) {
+  return path.join(projectRoot, '.sinapse', 'telemetry', 'sessions', `${sessionId}.json`);
+}
+
+function readState(statePath) {
+  try {
+    const raw = fs.readFileSync(statePath, 'utf8');
+    return JSON.parse(raw);
+  } catch {
+    return null;
+  }
+}
+
+function writeState(statePath, state) {
+  try {
+    fs.mkdirSync(path.dirname(statePath), { recursive: true });
+    fs.writeFileSync(statePath, JSON.stringify(state, null, 2), 'utf8');
+  } catch {
+    // fail-open: ignore write errors
+  }
+}
+
+// ─── main ────────────────────────────────────────────────────────────────────
+
+function main() {
+  try {
+    // Read event payload from stdin (Claude Code injects it as JSON)
+    let raw = '';
+    try {
+      raw = fs.readFileSync('/dev/stdin', 'utf8');
+    } catch {
+      // On Windows there's no /dev/stdin — read from fd 0
+      try {
+        const buf = Buffer.alloc(64 * 1024);
+        let totalBytes = 0;
+        let bytesRead = 0;
+        // Read synchronously until EOF
+        while (true) {
+          try {
+            bytesRead = fs.readSync(0, buf, totalBytes, buf.length - totalBytes, null);
+            if (bytesRead === 0) break;
+            totalBytes += bytesRead;
+          } catch {
+            break;
+          }
+        }
+        raw = buf.slice(0, totalBytes).toString('utf8');
+      } catch {
+        raw = '{}';
+      }
+    }
+
+    const data = (() => { try { return JSON.parse(raw); } catch { return {}; } })();
+
+    const projectRoot = resolveProjectRoot();
+    const sessionId   = resolveSessionId(data);
+    const toolName    = data.tool_name || data.toolName || '';
+    const statePath   = sessionStatePath(projectRoot, sessionId);
+
+    // Read existing state or bootstrap it
+    const existing = readState(statePath);
+    const state = existing || {
+      startedAt:     Date.now(),
+      toolExecutions: 0,
+      filesModified:  0,
+    };
+
+    // Increment counters
+    state.toolExecutions += 1;
+    if (FILE_WRITE_TOOLS.has(toolName)) {
+      state.filesModified += 1;
+    }
+
+    writeState(statePath, state);
+  } catch {
+    // fail-open: swallow any top-level error
+  }
+
+  // Always exit 0 — observability hooks are never fail-closed
+  process.exit(0);
+}
+
+main();

package/.claude/hooks/telemetry-stop.cjs

@@ -0,0 +1,132 @@
+#!/usr/bin/env node
+/**
+ * telemetry-stop.cjs
+ * Stop hook — reads per-session DORA state and appends a session-end line
+ * to the JSONL sink, then cleans up the state file.
+ *
+ * FAIL-OPEN TOTAL: any error is swallowed; hook always exits 0.
+ *
+ * Sink path:  <projectRoot>/.sinapse/telemetry/gate-decisions.jsonl
+ * State path: <projectRoot>/.sinapse/telemetry/sessions/<sessionId>.json
+ *
+ * Registered in HOOK_EVENT_MAP as: Stop, no matcher, timeout 5.
+ */
+
+'use strict';
+
+const fs   = require('fs');
+const path = require('path');
+
+// ─── helpers ─────────────────────────────────────────────────────────────────
+
+function resolveProjectRoot() {
+  const fromEnv = process.env.CLAUDE_PROJECT_DIR || process.env.SINAPSE_PROJECT_DIR;
+  if (fromEnv) return fromEnv;
+  return process.cwd();
+}
+
+function resolveSessionId(data) {
+  return (
+    process.env.CLAUDE_SESSION_ID ||
+    process.env.CLAUDE_CODE_SESSION_ID ||
+    data.session_id ||
+    data.sessionId ||
+    'unknown'
+  );
+}
+
+function sinkPath(projectRoot) {
+  return path.join(projectRoot, '.sinapse', 'telemetry', 'gate-decisions.jsonl');
+}
+
+function sessionStatePath(projectRoot, sessionId) {
+  return path.join(projectRoot, '.sinapse', 'telemetry', 'sessions', `${sessionId}.json`);
+}
+
+function appendLine(filePath, record) {
+  try {
+    fs.mkdirSync(path.dirname(filePath), { recursive: true });
+    fs.appendFileSync(filePath, JSON.stringify(record) + '\n', 'utf8');
+  } catch {
+    // fail-open: ignore write errors
+  }
+}
+
+function readState(statePath) {
+  try {
+    const raw = fs.readFileSync(statePath, 'utf8');
+    return JSON.parse(raw);
+  } catch {
+    return null;
+  }
+}
+
+function deleteState(statePath) {
+  try {
+    fs.unlinkSync(statePath);
+  } catch {
+    // fail-open
+  }
+}
+
+// ─── main ────────────────────────────────────────────────────────────────────
+
+function main() {
+  try {
+    // Read event payload from stdin
+    let raw = '';
+    try {
+      raw = fs.readFileSync('/dev/stdin', 'utf8');
+    } catch {
+      try {
+        const buf = Buffer.alloc(64 * 1024);
+        let totalBytes = 0;
+        let bytesRead = 0;
+        while (true) {
+          try {
+            bytesRead = fs.readSync(0, buf, totalBytes, buf.length - totalBytes, null);
+            if (bytesRead === 0) break;
+            totalBytes += bytesRead;
+          } catch {
+            break;
+          }
+        }
+        raw = buf.slice(0, totalBytes).toString('utf8');
+      } catch {
+        raw = '{}';
+      }
+    }
+
+    const data = (() => { try { return JSON.parse(raw); } catch { return {}; } })();
+
+    const projectRoot = resolveProjectRoot();
+    const sessionId   = resolveSessionId(data);
+    const statePath   = sessionStatePath(projectRoot, sessionId);
+    const state       = readState(statePath);
+
+    const now       = Date.now();
+    const startedAt = state ? state.startedAt : now;
+
+    // Build DORA session-end record with OTel GenAI field names
+    const record = {
+      timestamp:                   new Date(now).toISOString(),
+      'gen_ai.operation.name':     'session.end',
+      'gen_ai.request.model':      'sinapse-hooks',
+      'gen_ai.usage.input_tokens': 0,
+      'gen_ai.usage.output_tokens': 0,
+      sessionId,
+      'dora.toolExecutions':        state ? state.toolExecutions : 0,
+      'dora.filesModified':         state ? state.filesModified  : 0,
+      'dora.sessionDurationMs':     now - startedAt,
+    };
+
+    appendLine(sinkPath(projectRoot), record);
+    deleteState(statePath);
+  } catch {
+    // fail-open: swallow any top-level error
+  }
+
+  process.exit(0);
+}
+
+main();