npm - specweave - Versions diffs - 1.0.31 → 1.0.33 - Mend

specweave 1.0.31 → 1.0.33

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (123) hide show

package/plugins/specweave/hooks/v2/guards/bash-file-guard.sh DELETED Viewed

@@ -1,212 +0,0 @@
-#!/bin/bash
-# bash-file-guard.sh - CRITICAL: Block Bash file creation patterns that cause infinite hangs
-#
-# ROOT CAUSE: When Claude uses heredoc (cat << EOF ... EOF) to create files and the
-# content gets truncated due to token limits, the shell waits FOREVER for the EOF
-# terminator that will never come. This causes Claude Code to hang indefinitely
-# (2+ hours observed in production crashes).
-#
-# SOLUTION: Block ALL bash file creation patterns and force use of Write/Edit tools.
-# Write/Edit tools are:
-# - Atomic (no intermediate states)
-# - Token-safe (handled by Claude Code, not shell)
-# - Recoverable (no zombie processes)
-#
-# PreToolUse hook for Bash commands - exit 0 allows, exit 2 blocks
-#
-# v0.32.1 - Initial implementation based on crash analysis from 2025-12-06
-set +e
-[[ "${SPECWEAVE_DISABLE_HOOKS:-0}" == "1" ]] && exit 0
-# Read stdin for tool input
-INPUT=$(cat)
-# Extract the command being executed
-# The Bash tool has a "command" parameter
-# Use jq for proper JSON parsing (handles escaped quotes correctly)
-if command -v jq &> /dev/null; then
-  COMMAND=$(echo "$INPUT" | jq -r '.command // empty' 2>/dev/null)
-else
-  # Fallback: simple regex (may fail on complex JSON with escaped quotes)
-  COMMAND=$(echo "$INPUT" | grep -o '"command"[[:space:]]*:[[:space:]]*"[^"]*"' | head -1 | sed 's/.*"command"[[:space:]]*:[[:space:]]*"\(.*\)"/\1/')
-fi
-# If no command found or empty, allow (safety)
-if [[ -z "$COMMAND" ]]; then
-  exit 0
-fi
-# === PATTERN DETECTION ===
-# These patterns WILL cause infinite hangs or truncation issues
-BLOCKED=0
-PATTERN_NAME=""
-# === HEREDOC PATTERNS (MOST DANGEROUS - infinite hang!) ===
-# Pattern 1a: Standard heredoc with any delimiter
-# Matches: cat << EOF, cat << 'EOF', cat << "EOF", cat <<EOF (no space)
-if echo "$COMMAND" | grep -qE "(cat|tee).*<<-?[[:space:]]*['\"]?[A-Za-z]+" 2>/dev/null; then
-  BLOCKED=1
-  PATTERN_NAME="heredoc (cat << DELIMITER)"
-fi
-# Pattern 1b: Heredoc with escaped quotes in JSON (\"EOF\")
-# JSON escapes double quotes, so << "EOF" becomes << \"EOF\"
-if echo "$COMMAND" | grep -qE "(cat|tee).*<<-?[[:space:]]*\\\\\"[A-Za-z]+" 2>/dev/null; then
-  BLOCKED=1
-  PATTERN_NAME="heredoc with quoted delimiter"
-fi
-# Pattern 1c: SUPER AGGRESSIVE - block ANY heredoc-like pattern
-# Catches edge cases where content has << followed by word boundary
-# This is the NUCLEAR option - heredocs are NEVER safe in Claude context
-if echo "$COMMAND" | grep -qE "<<[[:space:]]*['\"]?[A-Za-z_]+" 2>/dev/null; then
-  BLOCKED=1
-  PATTERN_NAME="heredoc pattern (any form)"
-fi
-# Pattern 1d: Multiline content in the command itself
-# If the command contains literal newlines, it might be a heredoc in disguise
-if echo "$COMMAND" | grep -qE $'\n' 2>/dev/null; then
-  # Commands with newlines are suspicious - check for file redirects
-  if echo "$COMMAND" | grep -qE '>' 2>/dev/null; then
-    BLOCKED=1
-    PATTERN_NAME="multiline command with redirect (heredoc variant)"
-  fi
-fi
-# === CAT STDIN REDIRECT (VERY DANGEROUS!) ===
-# Pattern 2: Plain cat with output redirect but no input
-# Matches: cat > file.txt (waits forever for stdin!)
-# This is just as dangerous as heredoc - shell waits for input
-if echo "$COMMAND" | grep -qE "^[[:space:]]*cat[[:space:]]+>[[:space:]]*[^>]" 2>/dev/null; then
-  BLOCKED=1
-  PATTERN_NAME="cat > file (stdin redirect - waits forever!)"
-fi
-# === DD COMMAND (EQUALLY DANGEROUS!) ===
-# Pattern 2b: dd with stdin or output file
-# Matches: dd if=/dev/stdin of=file, dd of=file bs=1024
-# dd waits for input EXACTLY like cat > file
-if echo "$COMMAND" | grep -qE "^[[:space:]]*dd[[:space:]]" 2>/dev/null; then
-  if echo "$COMMAND" | grep -qE "of=" 2>/dev/null; then
-    BLOCKED=1
-    PATTERN_NAME="dd command (waits for stdin like cat)"
-  fi
-fi
-# === READ COMMAND (WAITS FOR INPUT) ===
-# Pattern 2c: read with redirect
-# Matches: read VAR > file (waits for input from user/stdin)
-if echo "$COMMAND" | grep -qE "^[[:space:]]*read[[:space:]].*>" 2>/dev/null; then
-  BLOCKED=1
-  PATTERN_NAME="read command with redirect (waits for input)"
-fi
-# === STREAM REDIRECT EXCEPTION ===
-# Allow redirects to /dev/stdout, /dev/stderr, /dev/null (safe stream operations)
-if echo "$COMMAND" | grep -qE ">[[:space:]]*/dev/(stdout|stderr|null)" 2>/dev/null; then
-  exit 0  # Safe stream redirect, not file creation
-fi
-# === ECHO/PRINTF PATTERNS ===
-# These can cause truncation issues and are bad practice
-# NOTE: Match any echo/printf that writes to file (single > not >>)
-# Pattern 3: Echo with redirect to file
-# Matches: echo anything > file (but not >>)
-# Use negative lookahead simulation: check for > but then verify not >>
-if echo "$COMMAND" | grep -qE '^[[:space:]]*(echo)[[:space:]]' 2>/dev/null; then
-  if echo "$COMMAND" | grep -qE '>[[:space:]]*[^>]' 2>/dev/null; then
-    # Check it's not append (>>)
-    if ! echo "$COMMAND" | grep -qE '>>' 2>/dev/null; then
-      BLOCKED=1
-      PATTERN_NAME="echo > file"
-    fi
-  fi
-fi
-# Pattern 4: Printf with redirect to file
-if echo "$COMMAND" | grep -qE '^[[:space:]]*(printf)[[:space:]]' 2>/dev/null; then
-  if echo "$COMMAND" | grep -qE '>[[:space:]]*[^>]' 2>/dev/null; then
-    # Check it's not append (>>)
-    if ! echo "$COMMAND" | grep -qE '>>' 2>/dev/null; then
-      BLOCKED=1
-      PATTERN_NAME="printf > file"
-    fi
-  fi
-fi
-# Pattern 5: Multi-line string with cat
-# Matches: cat > file -e "multi\nline", etc.
-if echo "$COMMAND" | grep -qE "cat[[:space:]]+-[a-z]*[[:space:]]+['\"].*\\\\n" 2>/dev/null; then
-  BLOCKED=1
-  PATTERN_NAME="cat with multi-line string"
-fi
-# === SAFE EXCEPTIONS ===
-# Append operations (>>) are safe - echo/printf complete immediately
-if echo "$COMMAND" | grep -qE "(echo|printf)[[:space:]].*>>[[:space:]]*" 2>/dev/null; then
-  BLOCKED=0
-  PATTERN_NAME=""
-fi
-# === EXCEPTION: Allow safe bash operations ===
-# These are safe because they don't involve file content creation
-# Exception 1: Simple redirects from commands (not content creation)
-# Safe: curl ... > file, wget ... > file (command output, not content creation)
-# These won't hang because the content comes from the command, not heredoc
-if echo "$COMMAND" | grep -qE "^(curl|wget|git|npm|node|python|pip)[[:space:]].*>" 2>/dev/null; then
-  # These are downloading/generating content from commands, not creating from heredoc
-  # Only block if also contains heredoc/echo patterns
-  if [[ "$PATTERN_NAME" != "heredoc"* ]] && [[ "$PATTERN_NAME" != "echo"* ]] && [[ "$PATTERN_NAME" != "printf"* ]]; then
-    exit 0  # Allow
-  fi
-fi
-# === BLOCK DANGEROUS PATTERNS ===
-if [[ $BLOCKED -eq 1 ]]; then
-  echo ""
-  echo "=============================================================================="
-  echo "  🛑 BLOCKED: Bash file creation detected (Infinite Hang Prevention)"
-  echo "=============================================================================="
-  echo ""
-  echo "Pattern detected: $PATTERN_NAME"
-  echo ""
-  echo "WHY THIS IS BLOCKED:"
-  echo "  When using heredoc (cat << EOF) or echo/printf redirects, if the content"
-  echo "  is truncated due to token limits, the shell waits FOREVER for input that"
-  echo "  will never come. This causes Claude Code to hang for hours with no recovery."
-  echo ""
-  echo "  Observed crash: 2+ hour session hang from truncated heredoc (2025-12-06)"
-  echo ""
-  echo "SAFE ALTERNATIVES:"
-  echo "  ┌─────────────────────────────────────────────────────────────────────┐"
-  echo "  │ Instead of:          Use:                                           │"
-  echo "  ├─────────────────────────────────────────────────────────────────────┤"
-  echo "  │ cat > file << EOF    Write tool: Write(file_path, content)          │"
-  echo "  │ echo \"...\" > file    Write tool: Write(file_path, content)          │"
-  echo "  │ printf ... > file    Write tool: Write(file_path, content)          │"
-  echo "  │ Modify existing      Edit tool: Edit(file_path, old, new)           │"
-  echo "  │ Append to file       Read + Write tools                             │"
-  echo "  └─────────────────────────────────────────────────────────────────────┘"
-  echo ""
-  echo "WHAT IS ALLOWED:"
-  echo "  - mkdir -p /path/to/dir    (directory creation)"
-  echo "  - git commit, git push     (version control)"
-  echo "  - npm install, npm run     (package management)"
-  echo "  - curl URL > file          (downloading, not content creation)"
-  echo "  - rm, mv, cp               (file operations)"
-  echo ""
-  echo "=============================================================================="
-  exit 2  # Block the tool call
-fi
-# All other bash commands are allowed
-echo '{"decision":"allow"}'
-exit 0

package/plugins/specweave/hooks/v2/guards/bash-file-guard.test.sh DELETED Viewed

@@ -1,163 +0,0 @@
-#!/bin/bash
-# Comprehensive test suite for bash-file-guard.sh
-# Tests ALL dangerous patterns that could cause infinite hangs
-#
-# Usage: bash bash-file-guard.test.sh
-set -e
-GUARD="$(dirname "$0")/bash-file-guard.sh"
-PASS=0
-FAIL=0
-TOTAL=0
-# Colors for output
-RED='\033[0;31m'
-GREEN='\033[0;32m'
-YELLOW='\033[1;33m'
-NC='\033[0m' # No Color
-test_should_block() {
-  local name="$1"
-  local command="$2"
-  TOTAL=$((TOTAL + 1))
-  # Properly escape the command for JSON: " becomes \"
-  local escaped_command=$(echo "$command" | sed 's/"/\\"/g')
-  result=$(echo "{\"command\": \"$escaped_command\"}" | bash "$GUARD" 2>&1; echo "EXIT:$?")
-  exit_code=$(echo "$result" | grep -o 'EXIT:[0-9]*' | cut -d: -f2)
-  if [[ "$exit_code" == "2" ]]; then
-    echo -e "${GREEN}✓ BLOCKED${NC}: $name"
-    PASS=$((PASS + 1))
-  else
-    echo -e "${RED}✗ NOT BLOCKED${NC}: $name"
-    echo "  Command: $command"
-    echo "  Exit code: $exit_code (expected 2)"
-    FAIL=$((FAIL + 1))
-  fi
-}
-test_should_allow() {
-  local name="$1"
-  local command="$2"
-  TOTAL=$((TOTAL + 1))
-  # Properly escape the command for JSON: " becomes \"
-  local escaped_command=$(echo "$command" | sed 's/"/\\"/g')
-  result=$(echo "{\"command\": \"$escaped_command\"}" | bash "$GUARD" 2>&1; echo "EXIT:$?")
-  exit_code=$(echo "$result" | grep -o 'EXIT:[0-9]*' | cut -d: -f2)
-  if [[ "$exit_code" == "0" ]]; then
-    echo -e "${GREEN}✓ ALLOWED${NC}: $name"
-    PASS=$((PASS + 1))
-  else
-    echo -e "${RED}✗ WRONGLY BLOCKED${NC}: $name"
-    echo "  Command: $command"
-    echo "  Exit code: $exit_code (expected 0)"
-    FAIL=$((FAIL + 1))
-  fi
-}
-echo "========================================"
-echo "  BASH FILE GUARD - COMPREHENSIVE TESTS"
-echo "========================================"
-echo ""
-echo -e "${YELLOW}=== HEREDOC PATTERNS (MOST DANGEROUS) ===${NC}"
-test_should_block "Basic heredoc" "cat > file.txt << EOF"
-test_should_block "Heredoc with quotes" "cat > file.txt << 'EOF'"
-test_should_block "Heredoc double quotes" 'cat > file.txt << "EOF"'
-test_should_block "Heredoc reversed order" "cat << EOF > file.txt"
-test_should_block "Heredoc with END delimiter" "cat > file.txt << END"
-test_should_block "Heredoc with CONTENT delimiter" "cat << CONTENT > out.md"
-test_should_block "Heredoc with MARKER" "cat << MARKER"
-test_should_block "Heredoc tab strip" "cat <<- EOF > file.txt"
-test_should_block "Tee with heredoc" "tee file.txt << EOF"
-test_should_block "Tee reversed" "tee << EOF > file.txt"
-test_should_block "Heredoc with path" "cat > /tmp/test.md << EOF"
-test_should_block "Heredoc with variable path" 'cat > $HOME/test.txt << EOF'
-echo ""
-echo -e "${YELLOW}=== ECHO PATTERNS ===${NC}"
-test_should_block "Echo to file" "echo hello > file.txt"
-test_should_block "Echo quoted string" 'echo "hello world" > file.txt'
-test_should_block "Echo single quoted" "echo 'hello' > file.txt"
-test_should_block "Echo with -e flag" "echo -e 'hello\\nworld' > file.txt"
-test_should_block "Echo with -n flag" "echo -n 'hello' > file.txt"
-test_should_block "Echo variable" 'echo $VAR > file.txt'
-test_should_block "Echo to path" "echo content > /tmp/test.txt"
-echo ""
-echo -e "${YELLOW}=== PRINTF PATTERNS ===${NC}"
-test_should_block "Printf to file" "printf hello > file.txt"
-test_should_block "Printf format string" "printf '%s' hello > file.txt"
-test_should_block "Printf with newline" "printf '%s\\n' hello > file.txt"
-test_should_block "Printf quoted" 'printf "hello world" > file.txt'
-echo ""
-echo -e "${YELLOW}=== EDGE CASES - SHOULD BLOCK ===${NC}"
-test_should_block "Cat stdin to file (dangerous!)" "cat > file.txt"
-test_should_block "Bash -c with heredoc" "bash -c 'cat > f << EOF'"
-test_should_block "Double redirect" "echo a > file.txt > backup.txt"
-test_should_block "dd stdin to file" "dd if=/dev/stdin of=output.dat"
-test_should_block "dd output file" "dd of=file.bin bs=1024"
-test_should_block "dd with count" "dd of=output.img bs=512 count=100"
-test_should_block "read to file" "read VAR > input.txt"
-test_should_block "read prompt to file" 'read -p "Enter:" > log.txt'
-echo ""
-echo -e "${YELLOW}=== SAFE COMMANDS - SHOULD ALLOW ===${NC}"
-test_should_allow "Git status" "git status"
-test_should_allow "Git add" "git add ."
-test_should_allow "Git commit" "git commit -m 'message'"
-test_should_allow "Git push" "git push origin main"
-test_should_allow "Git diff" "git diff HEAD"
-test_should_allow "Npm install" "npm install"
-test_should_allow "Npm run build" "npm run build"
-test_should_allow "Npm test" "npm test"
-test_should_allow "Mkdir" "mkdir -p /tmp/test"
-test_should_allow "Ls" "ls -la"
-test_should_allow "Pwd" "pwd"
-test_should_allow "Cd" "cd /tmp"
-test_should_allow "Rm file" "rm -f /tmp/test.txt"
-test_should_allow "Mv file" "mv old.txt new.txt"
-test_should_allow "Cp file" "cp source.txt dest.txt"
-test_should_allow "Curl download" "curl -o file.txt https://example.com"
-test_should_allow "Wget download" "wget -O file.txt https://example.com"
-test_should_allow "Ps" "ps aux"
-test_should_allow "Kill" "kill -9 1234"
-test_should_allow "Grep" "grep pattern file.txt"
-test_should_allow "Find" "find . -name '*.ts'"
-test_should_allow "Chmod" "chmod +x script.sh"
-test_should_allow "Node run" "node script.js"
-test_should_allow "Python run" "python script.py"
-test_should_allow "Read from file" "cat file.txt"
-test_should_allow "Head" "head -n 10 file.txt"
-test_should_allow "Tail" "tail -f log.txt"
-echo ""
-echo -e "${YELLOW}=== APPEND OPERATIONS (should allow) ===${NC}"
-test_should_allow "Echo append" "echo hello >> file.txt"
-test_should_allow "Printf append" "printf '%s' data >> file.txt"
-echo ""
-echo -e "${YELLOW}=== STREAM REDIRECTS (should allow) ===${NC}"
-test_should_allow "Echo to stderr" "echo 'error' > /dev/stderr"
-test_should_allow "Printf to stdout" "printf '%s' output > /dev/stdout"
-test_should_allow "Echo to null" "echo 'discard' > /dev/null"
-echo ""
-echo "========================================"
-echo "  RESULTS"
-echo "========================================"
-echo -e "Total: $TOTAL"
-echo -e "${GREEN}Passed: $PASS${NC}"
-if [[ $FAIL -gt 0 ]]; then
-  echo -e "${RED}Failed: $FAIL${NC}"
-  exit 1
-else
-  echo -e "Failed: 0"
-  echo ""
-  echo -e "${GREEN}ALL TESTS PASSED!${NC}"
-fi

package/plugins/specweave/hooks/v2/guards/features-folder-guard.sh DELETED Viewed

@@ -1,51 +0,0 @@
-#!/bin/bash
-# features-folder-guard.sh - Block writes to obsolete _features/ folder
-#
-# ROOT CAUSE: The _features/ folder is OBSOLETE since v5.0.0. Features should
-# live in {project}/FS-XXX/ folders. LLM agents sometimes create files in
-# _features/ due to outdated documentation references.
-#
-# SOLUTION: Block all Write/Edit operations targeting _features/ folder.
-# This forces proper project-based feature folder structure.
-#
-# PreToolUse hook for Write/Edit commands - exit 0 allows, exit 2 blocks
-#
-# v0.33.0 - Initial implementation based on bug analysis from 2025-12-06
-set +e
-[[ "${SPECWEAVE_DISABLE_HOOKS:-0}" == "1" ]] && exit 0
-# Read stdin for tool input
-INPUT=$(cat)
-# Extract the file_path being written/edited
-# Claude Code passes tool input in .tool_input.file_path format
-if command -v jq &> /dev/null; then
-  FILE_PATH=$(echo "$INPUT" | jq -r '.tool_input.file_path // .file_path // empty' 2>/dev/null)
-else
-  FILE_PATH=$(echo "$INPUT" | grep -o '"file_path"[[:space:]]*:[[:space:]]*"[^"]*"' | head -1 | sed 's/.*"file_path"[[:space:]]*:[[:space:]]*"\(.*\)"/\1/')
-fi
-# If no file_path found, allow (safety)
-if [[ -z "$FILE_PATH" ]]; then
-  exit 0
-fi
-# === PATTERN DETECTION ===
-# Block any write to _features/ folder (obsolete since v5.0.0)
-# Pattern: .specweave/docs/internal/specs/_features/
-if [[ "$FILE_PATH" =~ \.specweave/docs/internal/specs/_features/ ]]; then
-  cat << 'EOF'
-{
-  "decision": "block",
-  "reason": "🚫 BLOCKED: Writing to _features/ folder (OBSOLETE since v5.0.0)\n\n⚠️ The _features/ folder has been deprecated.\nFeatures must now live in project folders: .specweave/docs/internal/specs/{project}/FS-XXX/\n\n📋 CORRECT structure:\n  .specweave/docs/internal/specs/specweave/FS-116/FEATURE.md ✅\n  .specweave/docs/internal/specs/backend/FS-117/us-001.md ✅\n\n❌ OBSOLETE structure:\n  .specweave/docs/internal/specs/_features/FS-116/FEATURE.md ❌\n\n🔧 To fix: Use spec.md `project:` field to determine target folder.\nSee: CLAUDE.md section '2c. spec.md MUST Have project:'"
-}
-EOF
-  exit 2
-fi
-# Allow all other writes
-printf '{"decision":"allow"}'
-exit 0

package/plugins/specweave/hooks/v2/guards/increment-root-guard.sh DELETED Viewed

@@ -1,63 +0,0 @@
-#!/bin/bash
-# increment-root-guard.sh - Block files at increment root (except allowed)
-#
-# ROOT CAUSE: Agents sometimes create files like COMPLETION_REPORT.md,
-# COMPLETION_SUMMARY.md, or other .md files at increment root instead of
-# placing them in appropriate subfolders (reports/, scripts/, logs/, etc.)
-#
-# SOLUTION: Block Write operations to increment root for non-standard files.
-# Only allow: metadata.json, spec.md, plan.md, tasks.md
-# Everything else MUST go in subfolders: reports/, scripts/, logs/, backups/, docs/
-#
-# PreToolUse hook for Write command - exit 0 allows, exit 2 blocks
-#
-# v0.33.0 - Initial implementation based on bug analysis from 2025-12-09
-set +e
-[[ "${SPECWEAVE_DISABLE_HOOKS:-0}" == "1" ]] && exit 0
-# Read stdin for tool input
-INPUT=$(cat)
-# Extract the file_path being written
-# Claude Code passes tool input in .tool_input.file_path format
-if command -v jq &> /dev/null; then
-  FILE_PATH=$(echo "$INPUT" | jq -r '.tool_input.file_path // .file_path // empty' 2>/dev/null)
-else
-  # Fallback: try both patterns
-  FILE_PATH=$(echo "$INPUT" | grep -o '"file_path"[[:space:]]*:[[:space:]]*"[^"]*"' | head -1 | sed 's/.*"file_path"[[:space:]]*:[[:space:]]*"\(.*\)"/\1/')
-fi
-# If no file_path found, allow (safety)
-if [[ -z "$FILE_PATH" ]]; then
-  exit 0
-fi
-# === PATTERN DETECTION ===
-# Block files at increment root that should be in subfolders
-# Pattern: .specweave/increments/####-name/FILE.md (at root, not in subfolder)
-# Allowed at root: metadata.json, spec.md, plan.md, tasks.md
-if [[ "$FILE_PATH" =~ \.specweave/increments/[0-9]{3,4}E?-[^/]+/([^/]+)$ ]]; then
-  FILENAME="${BASH_REMATCH[1]}"
-  # Allow standard increment files at root
-  if [[ "$FILENAME" =~ ^(metadata\.json|spec\.md|plan\.md|tasks\.md)$ ]]; then
-    printf '{"decision":"allow"}'
-    exit 0
-  fi
-  # Block everything else at increment root
-  cat << EOF
-{
-  "decision": "block",
-  "reason": "🚫 BLOCKED: File '$FILENAME' should be in a subfolder, not at increment root\n\n⚠️ CLAUDE.md Folder Structure Rule:\n  Inside increment folders - ONLY at root: spec.md, plan.md, tasks.md, metadata.json\n  Everything else → subfolders: reports/, scripts/, logs/, backups/, docs/\n\n📋 CORRECT structure:\n  .specweave/increments/####-name/reports/COMPLETION_REPORT.md ✅\n  .specweave/increments/####-name/reports/COMPLETION_SUMMARY.md ✅\n  .specweave/increments/####-name/scripts/analyze.sh ✅\n\n❌ WRONG structure:\n  .specweave/increments/####-name/COMPLETION_REPORT.md ❌\n  .specweave/increments/####-name/COMPLETION_SUMMARY.md ❌\n\n🔧 To fix: Create file in reports/ subfolder instead.\nUse: Write({ file_path: \".specweave/increments/####-name/reports/$FILENAME\", ... })\n\nSee: CLAUDE.md section 'Folder Structure'"
-}
-EOF
-  exit 2
-fi
-# Allow all other writes (files in subfolders, or outside increments)
-printf '{"decision":"allow"}'
-exit 0