taketomarket 2.3.2 → 2.4.0

package/.claude-plugin/marketplace.json

@@ -9,7 +9,7 @@
       "name": "taketomarket",
       "source": "./",
       "description": "Marketing OS for developerneurs + solopreneurs — engineers shipping products with zero marketing experience. Spec-driven campaigns with positioning-invariant quality gates.",
-      "version": "2.3.2",
+      "version": "2.4.0",
       "homepage": "https://www.npmjs.com/package/taketomarket",
       "license": "MIT",
       "keywords": [

package/.claude-plugin/plugin.json

@@ -1,7 +1,7 @@
 {
   "name": "taketomarket",
   "displayName": "taketomarket",
-  "version": "2.3.2",
+  "version": "2.4.0",
   "description": "Marketing OS for developerneurs and solopreneurs. Built for engineers shipping products with zero marketing experience required. Spec-driven campaigns with positioning-as-invariant enforcement and quality gate walls.",
   "author": {
     "name": "Rishikesh Ranjan",

package/README.md

@@ -5,7 +5,7 @@
 
 **Marketing OS for developerneurs and solopreneurs.** Built for engineers shipping products with zero marketing experience required.
 
-takeToMarket is a Claude Code / Codex skill set that brings spec-driven development to marketing. Every campaign, asset, and channel is a spec-driven unit with a verifiable outcome metric and a positioning-invariant quality gate wall.
+taketomarket is a Claude Code / Codex skill set that brings spec-driven development to marketing. Every campaign, asset, and channel is a spec-driven unit with a verifiable outcome metric and a positioning-invariant quality gate wall.
 
 **Core invariant:** Every marketing asset ships with a verifiable outcome metric and passes through a positioning-invariant quality gate wall — no asset ships without both, ever.
 
@@ -15,19 +15,19 @@ takeToMarket is a Claude Code / Codex skill set that brings spec-driven developm
 - **Solopreneurs with engineering backgrounds** — founders who code their MVP themselves.
 - **Indie hackers** — anyone shipping a product who has zero or near-zero marketing/growth experience.
 
-If you can write code but have never built a landing page, written a positioning statement, or thought about ICPs — takeToMarket gives you the operating system. The AI does the marketing work; you stay in control of the decisions.
+If you can write code but have never built a landing page, written a positioning statement, or thought about ICPs — taketomarket gives you the operating system. The AI does the marketing work; you stay in control of the decisions.
 
 ## Who this is NOT for
 
-- Full-time marketers who already have a stack — takeToMarket overlaps with what you already do.
+- Full-time marketers who already have a stack — taketomarket overlaps with what you already do.
 - Agencies serving multiple clients — built for one product per workspace.
-- Anyone wanting a one-click blog generator — takeToMarket is opinionated, slower, and quality-gated by design.
+- Anyone wanting a one-click blog generator — taketomarket is opinionated, slower, and quality-gated by design.
 
 ## What it is / What it isn't
 
 **IS:** A marketing OS that treats every campaign, asset, and channel as a spec-driven unit with a verifiable outcome, a positioning invariant, and a quality gate wall. Persistent state. Compound learnings. Nine-phase lifecycle enforcement.
 
-**IS NOT:** A content generator, one-click blog writer, or social media scheduler. Not a replacement for marketers — it is the operating system a marketer uses to ship more, drift less, and compound learnings. Not a reporting dashboard. Not a scheduler. takeToMarket enforces discipline; it does not generate random content.
+**IS NOT:** A content generator, one-click blog writer, or social media scheduler. Not a replacement for marketers — it is the operating system a marketer uses to ship more, drift less, and compound learnings. Not a reporting dashboard. Not a scheduler. taketomarket enforces discipline; it does not generate random content.
 
 ## Requirements
 
@@ -50,28 +50,29 @@ Flags:
 - `--check` — show install status without installing
 - `--runtime <claude|codex>` — skip interactive prompt, install to one runtime
 
-### Option 2 — Claude Code plugin marketplace
+### Option 2 — Claude Code plugin marketplace (community)
 
 ```
-/plugin install taketomarket@claude-plugins-official
+/plugin marketplace add anthropics/claude-plugins-community
+/plugin install taketomarket@claude-community
 ```
 
-> Status: pending marketplace approval. Check https://github.com/ranjanrishikesh/taketomarket for current status.
+Published to the community marketplace on 2026-05-14. The community catalog syncs nightly, so newly approved updates may take up to 24h to appear. If install fails, confirm `taketomarket` is listed in the [community catalog](https://github.com/anthropics/claude-plugins-community/blob/main/.claude-plugin/marketplace.json).
 
 ### Option 3 — Direct from GitHub (Claude Code)
 
 ```
 /plugin marketplace add ranjanrishikesh/taketomarket
-/plugin install taketomarket
+/plugin install taketomarket@taketomarket
 ```
 
-This uses the Claude Code plugin system to install directly from the GitHub repo. Run both commands in Claude Code's chat.
+Installs the latest commit on `main` directly from this repo. Useful for trying unreleased fixes before they reach the community catalog. The `@taketomarket` suffix matches the marketplace name declared in `.claude-plugin/marketplace.json`.
 
 ### Option 4 — Manual (advanced)
 
 ```bash
 git clone https://github.com/ranjanrishikesh/taketomarket
-cd takeToMarket
+cd taketomarket
 node install.js
 ```
 
@@ -83,33 +84,40 @@ node install.js
 /ttm-produce          # run production wave
 ```
 
+> **Plugin install users (Options 2 + 3):** commands are namespaced — use `/taketomarket:ttm-init`, `/taketomarket:ttm-new-campaign`, etc. The bare `/ttm-*` form only works when installed via `npx taketomarket` (Option 1) or manually (Option 4) into the standalone skills directory.
+
 ## Runtime Notes
 
-Commands vary by tool:
+Commands vary by tool and install path:
 
-| Runtime | Install path | Invocation |
-|---------|-------------|------------|
-| Claude Code | `~/.claude/skills/` | `/ttm-init` |
-| Codex | `~/.codex/skills/` or `~/.agents/skills/` | `$ttm-init` or mention by name |
-| Cursor | `~/.cursor/skills/` | `/ttm-init` |
-| Windsurf | `~/.codeium/windsurf/skills/` | `@ttm-init` |
-| Gemini CLI | `~/.gemini/skills/` | automatic or `/skills enable` |
+| Runtime | Install path | Invocation (standalone via npx) | Invocation (plugin install) |
+|---------|--------------|---------------------------------|----------------------------|
+| Claude Code | `~/.claude/skills/` | `/ttm-init` | `/taketomarket:ttm-init` |
+| Codex | `~/.codex/skills/` or `~/.agents/skills/` | `$ttm-init` or mention by name | n/a (plugin install is Claude Code only) |
+| Cursor | `~/.cursor/skills/` | `/ttm-init` | n/a |
+| Windsurf | `~/.codeium/windsurf/skills/` | `@ttm-init` | n/a |
+| Gemini CLI | `~/.gemini/skills/` | automatic or `/skills enable` | n/a |
 
 All non-Claude runtimes also support `~/.agents/skills/` as a universal path. Select **option 6** during install to use it.
 
 ## Campaign Lifecycle
 
-1. **Init** — set up workspace and reference files
-2. **New Campaign** — create campaign directory with initialized state
-3. **Research** — discover market, audience, and ambient narrative
-4. **Brief** — generate brief with mandatory outcome metrics
-5. **Produce** — generate assets in isolated contexts with full reference loading
-6. **Review** — human quality evaluation with structured checklist
-7. **Fix** — root cause analysis, re-produce, re-verify (capped 3×)
-8. **Verify** — quality gate wall check across all assets
-9. **Ship** — launch checklist confirming tracking, UTMs, funnel testing
-10. **Measure** — analytics vs outcome metrics with attribution models
-11. **Learn** — extract lessons, propose reference file edits, log to LEARNINGS.md
+### Setup (one-time per workspace + per campaign)
+
+- **Init** (`/ttm-init`) — set up workspace and reference files
+- **New Campaign** (`/ttm-new-campaign`) — create campaign directory with initialized state
+
+### 9-Phase Lifecycle
+
+1. **Discover** — research market, audience, and ambient narrative
+2. **Brief** — generate brief with mandatory outcome metrics
+3. **Produce** — generate assets in isolated contexts with full reference loading
+4. **Review** — human quality evaluation with structured checklist
+5. **Fix** — root cause analysis, re-produce, re-verify (capped 3×)
+6. **Verify** — quality gate wall check across all assets
+7. **Ship** — launch checklist confirming tracking, UTMs, funnel testing
+8. **Measure** — analytics vs outcome metrics with attribution models
+9. **Learn** — extract lessons, propose reference file edits, log to LEARNINGS.md
 
 ## Command Reference
 
@@ -164,7 +172,7 @@ MIT — see [LICENSE](LICENSE).
 
 ## Privacy & Security
 
-takeToMarket runs entirely on your local filesystem. No data collection, no telemetry, no servers. See [SECURITY.md](SECURITY.md) for the combined privacy and security policy.
+taketomarket runs entirely on your local filesystem. No data collection, no telemetry, no servers. See [SECURITY.md](SECURITY.md) for the combined privacy and security policy.
 
 ## Contributing
 

package/bin/check-update.cjs

@@ -0,0 +1,313 @@
+#!/usr/bin/env node
+
+'use strict';
+
+/**
+ * check-update.cjs -- SessionStart hook: nudge when takeToMarket is outdated.
+ *
+ * Fires at session start via two install paths:
+ *   - plugin install : hooks/hooks.json runs `node "${CLAUDE_PLUGIN_ROOT}/bin/check-update.cjs"`
+ *   - npm / clone     : install.js injects a SessionStart hook into ~/.claude/settings.json
+ *                       pointing at ~/.taketomarket/bin/check-update.cjs
+ *
+ * Behaviour: read the installed version, compare against the npm registry
+ * (throttled to once per CHECK_INTERVAL via an on-disk cache), and -- if a newer
+ * version exists -- print a SessionStart `additionalContext` block instructing
+ * Claude to surface the update and offer to run /ttm-update.
+ *
+ * HARD CONTRACT: never break the session. Any failure -> exit 0 with no output.
+ * Zero npm dependencies; Node built-ins only.
+ */
+
+const fs = require('fs');
+const path = require('path');
+const os = require('os');
+const { execFileSync } = require('child_process');
+
+const PACKAGE = 'taketomarket';
+const CHECK_INTERVAL_MS = 24 * 60 * 60 * 1000; // 24h throttle between npm registry hits
+const NPM_TIMEOUT_MS = 3000; // fail fast so session start is never blocked
+const NUDGE_COOLDOWN_MS = 30 * 1000; // suppress a duplicate nudge from back-to-back hook fires
+
+// ── Pure helpers (unit-tested) ─────────────────────────────────────────────────
+
+/**
+ * Compare two prerelease identifier strings per semver §11.
+ * Numeric identifiers compare numerically and rank below alphanumeric ones;
+ * a larger set of identifiers outranks a smaller prefix-equal set.
+ * @param {string} a - dot-separated prerelease string (non-empty)
+ * @param {string} b - dot-separated prerelease string (non-empty)
+ * @returns {number} 1 if a>b, -1 if a<b, 0 if equal
+ */
+function comparePrerelease(a, b) {
+  const ai = a.split('.');
+  const bi = b.split('.');
+  const len = Math.max(ai.length, bi.length);
+  for (let i = 0; i < len; i++) {
+    if (ai[i] === undefined) return -1; // a is a prefix of b -> a is lower
+    if (bi[i] === undefined) return 1;
+    const aNum = /^\d+$/.test(ai[i]);
+    const bNum = /^\d+$/.test(bi[i]);
+    if (aNum && bNum) {
+      const d = parseInt(ai[i], 10) - parseInt(bi[i], 10);
+      if (d !== 0) return d > 0 ? 1 : -1;
+    } else if (aNum !== bNum) {
+      return aNum ? -1 : 1; // numeric identifiers rank below alphanumeric
+    } else if (ai[i] !== bi[i]) {
+      return ai[i] > bi[i] ? 1 : -1;
+    }
+  }
+  return 0;
+}
+
+/**
+ * Compare two semver strings with proper prerelease precedence (semver §11).
+ * Numeric major.minor.patch compare first; when those are equal, a version
+ * WITHOUT a prerelease tag outranks one WITH a tag (e.g. 2.3.0 > 2.3.0-rc.1),
+ * and two prerelease tags compare by identifier.
+ * @param {string} a
+ * @param {string} b
+ * @returns {number} 1 if a>b, -1 if a<b, 0 if equal
+ */
+function compareSemver(a, b) {
+  const parse = (v) => {
+    const s = String(v).trim().replace(/^v/, '');
+    const dash = s.indexOf('-');
+    const core = dash === -1 ? s : s.slice(0, dash);
+    const pre = dash === -1 ? '' : s.slice(dash + 1);
+    const parts = core.split('.');
+    return { nums: [0, 1, 2].map((i) => parseInt(parts[i], 10) || 0), pre };
+  };
+  const pa = parse(a);
+  const pb = parse(b);
+  for (let i = 0; i < 3; i++) {
+    if (pa.nums[i] > pb.nums[i]) return 1;
+    if (pa.nums[i] < pb.nums[i]) return -1;
+  }
+  if (pa.pre === pb.pre) return 0;
+  if (pa.pre === '') return 1; // no prerelease outranks a prerelease of same core
+  if (pb.pre === '') return -1;
+  return comparePrerelease(pa.pre, pb.pre);
+}
+
+/**
+ * @param {string} installed
+ * @param {string} latest
+ * @returns {boolean} true when `latest` is strictly newer than `installed`
+ */
+function isOutdated(installed, latest) {
+  if (!installed || !latest) return false;
+  return compareSemver(latest, installed) === 1;
+}
+
+/**
+ * @param {?{checked_at:number}} cache
+ * @param {number} now - epoch ms
+ * @param {number} intervalMs
+ * @returns {boolean} true when the cache exists and is younger than intervalMs
+ */
+function isCacheFresh(cache, now, intervalMs) {
+  if (!cache || typeof cache.checked_at !== 'number') return false;
+  const age = now - cache.checked_at;
+  // Negative age = future timestamp (clock moved backward / imported cache):
+  // treat as stale so it forces a re-check rather than pinning a stale latest.
+  return age >= 0 && age < intervalMs;
+}
+
+/**
+ * Build the SessionStart context string injected into Claude's context.
+ * Deliberately directive: this is the "strong inject-context" nudge.
+ * @param {string} installed
+ * @param {string} latest
+ * @returns {string}
+ */
+function buildContext(installed, latest) {
+  return [
+    `[takeToMarket] Your installed version is OUT OF DATE: v${installed} installed, v${latest} is the latest on npm.`,
+    `ACTION: Proactively tell the user their takeToMarket install is outdated (v${installed} -> v${latest})`,
+    `and offer to upgrade now. If they agree, invoke the /ttm-update skill -- it detects the install`,
+    `method (plugin/npm/clone) and performs the upgrade safely, preserving local edits.`,
+    `Do NOT attempt the upgrade by any other means (no manual npm/git commands).`,
+  ].join(' ');
+}
+
+/**
+ * Decide whether update checking is disabled.
+ * @param {NodeJS.ProcessEnv} env
+ * @returns {boolean}
+ */
+function isOptedOut(env) {
+  const v = env && env.TTM_NO_UPDATE_CHECK;
+  return v === '1' || v === 'true';
+}
+
+/**
+ * Read the `version` from a package.json, but only if it is the taketomarket package.
+ * @param {string} filePath
+ * @returns {?string} version string, or null
+ */
+function readVersionFromPackageJson(filePath) {
+  try {
+    const pkg = JSON.parse(fs.readFileSync(filePath, 'utf8'));
+    if (pkg && pkg.name === PACKAGE && typeof pkg.version === 'string') return pkg.version;
+  } catch (_) {
+    // unreadable / not JSON / wrong package -> null
+  }
+  return null;
+}
+
+/**
+ * Resolve the installed version. Prefers the package.json adjacent to this
+ * script (works for BOTH the plugin-cache layout, where bin/ sits beside
+ * package.json at the plugin root, AND the ~/.taketomarket/bin layout written
+ * by install.js). Falls back to ~/.taketomarket/package.json.
+ * @param {string} scriptDir - directory of this script (__dirname)
+ * @param {string} homeDir
+ * @returns {?string}
+ */
+function resolveInstalledVersion(scriptDir, homeDir) {
+  const candidates = [
+    path.join(scriptDir, '..', 'package.json'),
+    path.join(homeDir, '.taketomarket', 'package.json'),
+  ];
+  for (const p of candidates) {
+    const v = readVersionFromPackageJson(p);
+    if (v) return v;
+  }
+  return null;
+}
+
+// ── I/O helpers ─────────────────────────────────────────────────────────────--
+
+function readCache(cachePath) {
+  try {
+    const c = JSON.parse(fs.readFileSync(cachePath, 'utf8'));
+    if (c && typeof c.checked_at === 'number') return c;
+  } catch (_) {
+    // missing / corrupt -> treat as no cache
+  }
+  return null;
+}
+
+function writeCache(cachePath, data) {
+  try {
+    fs.mkdirSync(path.dirname(cachePath), { recursive: true });
+    fs.writeFileSync(cachePath, JSON.stringify(data, null, 2) + '\n');
+  } catch (_) {
+    // cache is best-effort; never throw
+  }
+}
+
+/**
+ * Query the npm registry for the latest published version. Short timeout,
+ * fail-silent (returns null on any error / offline / timeout).
+ * @returns {?string}
+ */
+function fetchLatestVersion() {
+  try {
+    // On Windows the npm launcher is npm.cmd, which execFile cannot run without
+    // a shell -> spawn via the shell there. PACKAGE is a fixed constant (no user
+    // input interpolated), so shell use carries no injection risk.
+    const out = execFileSync('npm', ['show', PACKAGE, 'version'], {
+      timeout: NPM_TIMEOUT_MS,
+      stdio: ['ignore', 'pipe', 'ignore'],
+      encoding: 'utf8',
+      shell: process.platform === 'win32',
+    });
+    const v = String(out).trim();
+    return /^\d+\.\d+\.\d+/.test(v) ? v : null;
+  } catch (_) {
+    return null;
+  }
+}
+
+// ── Orchestrator ──────────────────────────────────────────────────────────────
+
+/**
+ * Run the update check. All side-effecting dependencies are injectable for tests.
+ * @param {object} [deps]
+ * @returns {{action:string, installed?:string, latest?:string}} summary (for tests)
+ */
+function run(deps = {}) {
+  const {
+    now = Date.now(),
+    homeDir = os.homedir(),
+    scriptDir = __dirname,
+    env = process.env,
+    fetchLatest = fetchLatestVersion,
+    out = (s) => process.stdout.write(s),
+  } = deps;
+
+  if (isOptedOut(env)) return { action: 'opted-out' };
+
+  const installed = resolveInstalledVersion(scriptDir, homeDir);
+  if (!installed) return { action: 'no-version' };
+
+  const cachePath = path.join(homeDir, '.taketomarket', '.update-check.json');
+  const cache = readCache(cachePath);
+
+  let latest = cache ? cache.latest : null;
+  if (!isCacheFresh(cache, now, CHECK_INTERVAL_MS)) {
+    const fetched = fetchLatest();
+    if (fetched) {
+      latest = fetched;
+      writeCache(cachePath, { checked_at: now, latest, installed });
+    }
+    // else: offline/timeout -> keep stale `latest` if we had one, otherwise null
+  }
+
+  if (!latest) return { action: 'no-latest' };
+
+  if (isOutdated(installed, latest)) {
+    // Double-fire guard: a user with BOTH a plugin install (hooks/hooks.json)
+    // and an npm/clone install (settings.json) runs this script twice per
+    // SessionStart. The two fires happen back-to-back, so suppress a second
+    // emission within a short cooldown to avoid a duplicated nudge. (The
+    // installer's idempotency is settings.json-scoped and cannot see the
+    // plugin-discovered hooks.json, so the dedupe must live here.)
+    const nudgedAt = cache && typeof cache.nudged_at === 'number' ? cache.nudged_at : null;
+    if (nudgedAt !== null && (now - nudgedAt) >= 0 && (now - nudgedAt) < NUDGE_COOLDOWN_MS) {
+      return { action: 'nudge-suppressed', installed, latest };
+    }
+    out(JSON.stringify({
+      hookSpecificOutput: {
+        hookEventName: 'SessionStart',
+        additionalContext: buildContext(installed, latest),
+      },
+    }) + '\n');
+    writeCache(cachePath, {
+      checked_at: cache && typeof cache.checked_at === 'number' ? cache.checked_at : now,
+      latest,
+      installed,
+      nudged_at: now,
+    });
+    return { action: 'nudged', installed, latest };
+  }
+
+  return { action: 'up-to-date', installed, latest };
+}
+
+module.exports = {
+  compareSemver,
+  comparePrerelease,
+  isOutdated,
+  isCacheFresh,
+  buildContext,
+  isOptedOut,
+  readVersionFromPackageJson,
+  resolveInstalledVersion,
+  readCache,
+  writeCache,
+  fetchLatestVersion,
+  run,
+  CHECK_INTERVAL_MS,
+};
+
+if (require.main === module) {
+  try {
+    run();
+  } catch (_) {
+    // HARD CONTRACT: never break the session.
+  }
+  process.exit(0);
+}

package/hooks/hooks.json

@@ -0,0 +1,14 @@
+{
+  "hooks": {
+    "SessionStart": [
+      {
+        "hooks": [
+          {
+            "type": "command",
+            "command": "node \"${CLAUDE_PLUGIN_ROOT}/bin/check-update.cjs\""
+          }
+        ]
+      }
+    ]
+  }
+}

package/install.js

@@ -21,6 +21,7 @@ const DIRS_TO_COPY = [
   'gates',
   'bin',
   'agents',
+  'hooks',
 ];
 
 const FILES_TO_COPY = [
@@ -180,7 +181,7 @@ async function promptRuntimeSelection(args, homeDir = os.homedir()) {
   const result = [];
   for (const name of choices) {
     if (name === 'custom') {
-      result.push({ label: 'Custom', skillsDir: customPath, parentDir: null });
+      result.push(buildCustomTarget(customPath, homeDir));
     } else {
       result.push(allTargets[name]);
     }
@@ -188,6 +189,21 @@ async function promptRuntimeSelection(args, homeDir = os.homedir()) {
   return result;
 }
 
+/**
+ * Build an install target for a user-typed custom path. Expands a leading `~`
+ * to the home dir (so a literal `~/.claude/skills` does not create a stray `~`
+ * directory) and derives parentDir from the path so the Claude-target gate in
+ * main() can recognise a custom path that lands under ~/.claude and still wire
+ * the SessionStart update-check hook.
+ * @param {string} customPath
+ * @param {string} [homeDir]
+ * @returns {{label: string, skillsDir: string, parentDir: string}}
+ */
+function buildCustomTarget(customPath, homeDir = os.homedir()) {
+  const expanded = customPath.replace(/^~(?=$|[/\\])/, homeDir);
+  return { label: 'Custom', skillsDir: expanded, parentDir: path.dirname(expanded) };
+}
+
 // ── Runtime detection ────────────────────────────────────────────────────────
 
 /**
@@ -279,7 +295,7 @@ function copyDirSync(src, dest) {
 
 // ── Package Base & Per-Runtime Skill Install ──────────────────────────────────
 
-const PACKAGE_BASE_DIRS = ['workflows', 'templates', 'references', 'playbooks', 'gates', 'bin', 'agents'];
+const PACKAGE_BASE_DIRS = ['workflows', 'templates', 'references', 'playbooks', 'gates', 'bin', 'agents', 'hooks'];
 const PACKAGE_BASE_FILES = ['settings.json', 'package.json'];
 
 /**
@@ -418,6 +434,77 @@ function registerPlugin(installPath, version, homeDir = os.homedir()) {
   console.log('  Registered in installed_plugins.json');
 }
 
+// ── Update-check Hook Injection (Claude Code only) ─────────────────────────────
+
+const CHECK_UPDATE_SCRIPT_REL = path.join('.taketomarket', 'bin', 'check-update.cjs');
+const CHECK_UPDATE_MARKER = 'check-update.cjs';
+
+/**
+ * Build the shell command Claude Code runs at SessionStart. Uses the absolute
+ * resolved path (no shell-expansion assumptions) into the shared package base.
+ * @param {string} homeDir
+ * @returns {string}
+ */
+function buildCheckUpdateCommand(homeDir) {
+  return `node "${path.join(homeDir, CHECK_UPDATE_SCRIPT_REL)}"`;
+}
+
+/**
+ * Inject the takeToMarket update-check hook into ~/.claude/settings.json as a
+ * SessionStart command hook. This is the npm/clone-path equivalent of the
+ * plugin-path hooks/hooks.json (plugin installs auto-discover that file; npm and
+ * git-clone installs do not, so we register the hook in the user's settings).
+ *
+ * Idempotent (skips if any SessionStart command already references
+ * check-update.cjs), atomic (tmp -> rename), and preserves all existing hooks
+ * and settings. Claude Code only.
+ *
+ * @param {string} [homeDir]
+ * @returns {boolean} true if the hook was newly added, false if already present
+ */
+function injectSessionStartHook(homeDir = os.homedir()) {
+  const settingsPath = path.join(homeDir, '.claude', 'settings.json');
+  const settingsDir = path.dirname(settingsPath);
+  const command = buildCheckUpdateCommand(homeDir);
+
+  let settings = {};
+  if (fileExists(settingsPath)) {
+    try {
+      settings = JSON.parse(fs.readFileSync(settingsPath, 'utf8'));
+      if (!settings || typeof settings !== 'object') settings = {};
+    } catch {
+      fs.renameSync(settingsPath, settingsPath + '.bak');
+      console.warn('  Warning: ~/.claude/settings.json was corrupted. Backed up to .bak and recreated.');
+      settings = {};
+    }
+  }
+
+  if (!settings.hooks || typeof settings.hooks !== 'object') settings.hooks = {};
+  if (!Array.isArray(settings.hooks.SessionStart)) settings.hooks.SessionStart = [];
+
+  const already = settings.hooks.SessionStart.some(group =>
+    group && Array.isArray(group.hooks) && group.hooks.some(h =>
+      h && typeof h.command === 'string' && h.command.includes(CHECK_UPDATE_MARKER)
+    )
+  );
+  if (already) {
+    console.log('  Update-check hook already present in ~/.claude/settings.json');
+    return false;
+  }
+
+  settings.hooks.SessionStart.push({
+    hooks: [{ type: 'command', command }],
+  });
+
+  const tmpPath = settingsPath + '.tmp';
+  fs.mkdirSync(settingsDir, { recursive: true });
+  fs.writeFileSync(tmpPath, JSON.stringify(settings, null, 2) + '\n', 'utf8');
+  fs.renameSync(tmpPath, settingsPath);
+
+  console.log('  Installed update-check hook -> ~/.claude/settings.json (SessionStart)');
+  return true;
+}
+
 // ── Skill Introspection ───────────────────────────────────────────────────────
 
 /**
@@ -723,6 +810,18 @@ Options:
     }
   }
 
+  // Register the SessionStart update-check hook (Claude Code only).
+  const claudeParent = path.join(os.homedir(), '.claude');
+  const claudeTargeted = targets.some(t => t.parentDir === claudeParent);
+  if (claudeTargeted) {
+    console.log('');
+    try {
+      injectSessionStartHook();
+    } catch (err) {
+      console.warn(`  Warning: could not install update-check hook: ${err.message}`);
+    }
+  }
+
   // Summary
   const successes = results.filter(r => r.success);
   const failures = results.filter(r => !r.success);
@@ -789,5 +888,8 @@ module.exports = {
   installSkillsForRuntime,
   classifyInstallMethod,
   writeInstallSentinel,
+  injectSessionStartHook,
+  buildCheckUpdateCommand,
+  buildCustomTarget,
   PACKAGE_ROOT,
 };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "taketomarket",
-  "version": "2.3.2",
+  "version": "2.4.0",
   "description": "Marketing OS for developerneurs and solopreneurs. Built for engineers shipping products with zero marketing experience required. Spec-driven campaigns with positioning-as-invariant enforcement and quality gate walls.",
   "license": "MIT",
   "repository": {
@@ -28,6 +28,7 @@
     "gates/",
     "bin/",
     "agents/",
+    "hooks/",
     "settings.json",
     "install.js",
     "LICENSE",

package/skills/ttm-aeo-check/SKILL.md

@@ -1,7 +1,7 @@
 ---
 name: ttm-aeo-check
 description: >
-  [DEPRECATED v2.3.0 -> removed v2.4.0] Merged into /ttm-seo aeo.
+  [DEPRECATED v2.3.0 -> removed v3.0.0] Merged into /ttm-seo aeo.
 disable-model-invocation: true
 allowed-tools: Read
 ---

package/skills/ttm-email-preflight/SKILL.md

@@ -1,7 +1,7 @@
 ---
 name: ttm-email-preflight
 description: >
-  [DEPRECATED v2.3.0 -> removed v2.4.0] Renamed to /ttm-email-check.
+  [DEPRECATED v2.3.0 -> removed v3.0.0] Renamed to /ttm-email-check.
 disable-model-invocation: true
 allowed-tools: Read
 ---

package/skills/ttm-keyword-map/SKILL.md

@@ -1,7 +1,7 @@
 ---
 name: ttm-keyword-map
 description: >
-  [DEPRECATED v2.3.0 -> removed v2.4.0] Merged into /ttm-seo keyword-map.
+  [DEPRECATED v2.3.0 -> removed v3.0.0] Merged into /ttm-seo keyword-map.
 disable-model-invocation: true
 allowed-tools: Read
 ---

package/skills/ttm-research/SKILL.md

@@ -1,14 +1,14 @@
 ---
 name: ttm-research
 description: >
-  [DEPRECATED v2.3.0 -> removed v2.4.0] Renamed to /ttm-discover.
+  [DEPRECATED v2.3.0 -> removed v3.0.0] Renamed to /ttm-discover.
 disable-model-invocation: true
 allowed-tools: Read
 ---
 
 # /ttm-research (DEPRECATED)
 
-This skill was renamed to `/ttm-discover` in v2.3.0 and will be removed in v2.4.0.
+This skill was renamed to `/ttm-discover` in v2.3.0 and will be removed in v3.0.0.
 
 Print to user:
 

package/skills/ttm-seo-audit/SKILL.md

@@ -1,7 +1,7 @@
 ---
 name: ttm-seo-audit
 description: >
-  [DEPRECATED v2.3.0 -> removed v2.4.0] Merged into /ttm-seo audit.
+  [DEPRECATED v2.3.0 -> removed v3.0.0] Merged into /ttm-seo audit.
 disable-model-invocation: true
 allowed-tools: Read
 ---