tlc-claude-code 2.0.1 → 2.2.0

package/.claude/hooks/tlc-session-init.sh

@@ -0,0 +1,123 @@
+#!/bin/bash
+# TLC Enforcement Layer 2b: Session initialization
+# 1. Inject TLC awareness
+# 2. Ensure TLC server is running
+# 3. Probe LLM providers and write persistent router state
+
+if [ ! -f ".tlc.json" ]; then
+  exit 0
+fi
+
+echo "TLC project detected. All work goes through /tlc commands. Run /tlc for current status and next action."
+
+PROJECT_DIR="${CLAUDE_PROJECT_DIR:-$(pwd)}"
+
+# ─── TLC Server ───────────────────────────────────────────
+
+TLC_PORT="${TLC_PORT:-3147}"
+if curl -sf --max-time 1 "http://localhost:${TLC_PORT}/api/health" > /dev/null 2>&1; then
+  : # Server is running
+else
+  PLIST="$HOME/Library/LaunchAgents/com.tlc.server.plist"
+
+  if [ -f "$PLIST" ]; then
+    launchctl kickstart -k "gui/$(id -u)/com.tlc.server" 2>/dev/null
+  elif [ -f "$PROJECT_DIR/server/index.js" ]; then
+    nohup node "$PROJECT_DIR/server/index.js" > "$HOME/.tlc/logs/server.log" 2>&1 &
+  fi
+
+  for i in 1 2 3; do
+    sleep 1
+    curl -sf --max-time 1 "http://localhost:${TLC_PORT}/api/health" > /dev/null 2>&1 && break
+  done
+fi
+
+# ─── LLM Router: Probe Providers ─────────────────────────
+#
+# Writes .tlc/.router-state.json with provider availability.
+# Skills read this file instead of probing from scratch.
+# State has a TTL — re-probed if older than 1 hour.
+
+STATE_DIR="$PROJECT_DIR/.tlc"
+STATE_FILE="$STATE_DIR/.router-state.json"
+mkdir -p "$STATE_DIR"
+
+# Check if state is fresh (less than 1 hour old)
+STALE=true
+if [ -f "$STATE_FILE" ]; then
+  STATE_AGE=$(( $(date +%s) - $(stat -f %m "$STATE_FILE" 2>/dev/null || stat -c %Y "$STATE_FILE" 2>/dev/null || echo 0) ))
+  if [ "$STATE_AGE" -lt 3600 ]; then
+    STALE=false
+  fi
+fi
+
+if [ "$STALE" = true ]; then
+  # Probe each provider
+  CLAUDE_PATH=$(which claude 2>/dev/null || echo "")
+  CODEX_PATH=$(which codex 2>/dev/null || echo "")
+  GEMINI_PATH=$(which gemini 2>/dev/null || echo "")
+
+  CLAUDE_OK="false"
+  CODEX_OK="false"
+  GEMINI_OK="false"
+
+  [ -n "$CLAUDE_PATH" ] && CLAUDE_OK="true"
+  [ -n "$CODEX_PATH" ] && CODEX_OK="true"
+  [ -n "$GEMINI_PATH" ] && GEMINI_OK="true"
+
+  # Count available
+  AVAILABLE=0
+  [ "$CLAUDE_OK" = "true" ] && AVAILABLE=$((AVAILABLE + 1))
+  [ "$CODEX_OK" = "true" ] && AVAILABLE=$((AVAILABLE + 1))
+  [ "$GEMINI_OK" = "true" ] && AVAILABLE=$((AVAILABLE + 1))
+
+  # Read configured providers from .tlc.json
+  CONFIGURED_PROVIDERS=""
+  if command -v jq >/dev/null 2>&1; then
+    CONFIGURED_PROVIDERS=$(jq -r '.router.providers // {} | keys[]' .tlc.json 2>/dev/null | tr '\n' ',' | sed 's/,$//')
+  fi
+
+  # Write state file
+  cat > "$STATE_FILE" <<STATEEOF
+{
+  "probed_at": "$(date -u +%Y-%m-%dT%H:%M:%SZ)",
+  "ttl_seconds": 3600,
+  "providers": {
+    "claude": {
+      "available": $CLAUDE_OK,
+      "path": "$CLAUDE_PATH"
+    },
+    "codex": {
+      "available": $CODEX_OK,
+      "path": "$CODEX_PATH"
+    },
+    "gemini": {
+      "available": $GEMINI_OK,
+      "path": "$GEMINI_PATH"
+    }
+  },
+  "summary": {
+    "available_count": $AVAILABLE,
+    "configured": "$CONFIGURED_PROVIDERS"
+  }
+}
+STATEEOF
+
+  # Report to Claude
+  if [ "$AVAILABLE" -gt 0 ]; then
+    PROVIDERS_LIST=""
+    [ "$CLAUDE_OK" = "true" ] && PROVIDERS_LIST="${PROVIDERS_LIST}claude, "
+    [ "$CODEX_OK" = "true" ] && PROVIDERS_LIST="${PROVIDERS_LIST}codex, "
+    [ "$GEMINI_OK" = "true" ] && PROVIDERS_LIST="${PROVIDERS_LIST}gemini, "
+    PROVIDERS_LIST=$(echo "$PROVIDERS_LIST" | sed 's/, $//')
+    echo "LLM Router: ${AVAILABLE} providers available (${PROVIDERS_LIST}). State written to .tlc/.router-state.json. All routing skills MUST read this file for provider availability — do not probe manually."
+  else
+    echo "LLM Router: No external providers detected. Running Claude-only mode. Install codex or gemini for multi-LLM reviews."
+  fi
+else
+  # State is fresh — just report it
+  if command -v jq >/dev/null 2>&1 && [ -f "$STATE_FILE" ]; then
+    COUNT=$(jq -r '.summary.available_count' "$STATE_FILE" 2>/dev/null)
+    echo "LLM Router: ${COUNT} providers available (cached). State at .tlc/.router-state.json."
+  fi
+fi

package/CLAUDE.md

@@ -19,6 +19,7 @@ When the user says X → invoke `Skill(skill="tlc:...")`:
 | "plan", "break this down" | `/tlc:plan` |
 | "build", "implement", "add feature" | `/tlc:build` |
 | "review", "check code" | `/tlc:review` |
+| "review plan", "check plan" | `/tlc:review-plan` |
 | "status", "what's next", "where are we" | `/tlc:progress` |
 | "discuss", "talk about approach" | `/tlc:discuss` |
 | "test", "run tests" | `/tlc:status` |
@@ -49,6 +50,10 @@ When the user says X → invoke `Skill(skill="tlc:...")`:
 | "quick task", "small fix" | `/tlc:quick` |
 | "dashboard" | `/tlc:dashboard` |
 | "review PR" | `/tlc:review-pr` |
+| "watch ci", "fix ci", "ci failing" | `/tlc:watchci` |
+| "e2e", "screenshot", "visual check" | `/tlc:e2e-verify` |
+| "guard", "check process", "validate" | `/tlc:guard` |
+| "preflight", "am I done", "check gaps" | `/tlc:preflight` |
 
 ## TLC File System
 
@@ -73,6 +78,14 @@ Use `Task` tool to spawn sub-agents for independent work. Keep main conversation
 
 Claim tasks before starting: `/tlc:claim`. Release if blocked: `/tlc:release`. Check team: `/tlc:who`. Pull before claiming, push after.
 
+## Memory Auto-Capture
+
+Conversations are automatically captured via the Claude Code `Stop` hook. After each response, the hook POSTs the exchange to the TLC server's capture endpoint. The pattern detector classifies decisions, gotchas, and preferences into team memory files under `.tlc/memory/team/`.
+
+- **Resilience:** If the server is unreachable, exchanges spool to `.tlc/memory/.spool.jsonl` and drain on the next successful capture.
+- **Endpoint hardening:** Payloads are capped at 100KB, deduplicated within a 60s window, and rate-limited to 100 captures/minute per project.
+- **Disable:** Remove the `Stop` hook entry from `.claude/settings.json`.
+
 ---
 
 <!-- TLC-STANDARDS -->

package/bin/install.js

@@ -33,6 +33,7 @@ const COMMANDS = [
   'sync.md',
   'new-project.md',
   'init.md',
+  'bootstrap.md',
   'import-project.md',
   'discuss.md',
   'plan.md',
@@ -71,6 +72,7 @@ const COMMANDS = [
   // Review
   'review.md',
   'review-pr.md',
+  'review-plan.md',
   // Documentation
   'docs.md',
   // Multi-Tool & Deployment
@@ -78,10 +80,37 @@ const COMMANDS = [
   'deploy.md',
   // Multi-Model
   'llm.md',
+  // Plugins (auto-run via hooks)
+  'watchci.md',
+  'e2e-verify.md',
+  'guard.md',
+  'preflight.md',
+  // Memory
+  'remember.md',
+  'recall.md',
+  // Dashboard
+  'dashboard.md',
   // Help
   'help.md'
 ];
 
+// Hook scripts that power the plugin system
+const HOOKS = [
+  'tlc-block-tools.sh',
+  'tlc-prompt-guard.sh',
+  'tlc-session-init.sh',
+  'tlc-post-push.sh',
+  'tlc-post-build.sh',
+  'tlc-capture-exchange.sh'
+];
+
+// Claude Code agent definitions (managed by TLC — identified by '# TLC Agent:' header)
+const AGENTS = [
+  'reviewer.md',
+  'builder.md',
+  'planner.md'
+];
+
 function getGlobalDir() {
   const claudeConfig = process.env.CLAUDE_CONFIG_DIR || path.join(require('os').homedir(), '.claude');
   return path.join(claudeConfig, 'commands');
@@ -115,15 +144,20 @@ function info(msg) {
 
 function install(targetDir, installType) {
   const commandsDir = path.join(targetDir, 'tlc');
+  const packageRoot = path.join(__dirname, '..');
 
   // Create directory
   fs.mkdirSync(commandsDir, { recursive: true });
 
   // Copy command files with version injection
-  const sourceDir = path.join(__dirname, '..');
+  // Try .claude/commands/tlc/ first (npm package structure), fall back to root (dev)
+  const commandsSrcDir = fs.existsSync(path.join(packageRoot, '.claude', 'commands', 'tlc'))
+    ? path.join(packageRoot, '.claude', 'commands', 'tlc')
+    : packageRoot;
+
   let installed = 0;
   for (const file of COMMANDS) {
-    const src = path.join(sourceDir, file);
+    const src = path.join(commandsSrcDir, file);
     const dest = path.join(commandsDir, file);
     if (fs.existsSync(src)) {
       // Read, replace {{VERSION}}, write
@@ -135,6 +169,35 @@ function install(targetDir, installType) {
   }
 
   success(`Installed ${installed} commands to ${c.cyan}${commandsDir}${c.reset}`);
+
+  // Install hooks (plugin system)
+  const hooksInstalled = installHooks(targetDir, packageRoot);
+  if (hooksInstalled > 0) {
+    success(`Installed ${hooksInstalled} hooks to ${c.cyan}${path.dirname(targetDir)}/.claude/hooks/${c.reset}`);
+  }
+
+  // Install agent definitions (Claude Code sub-agents)
+  const agentsInstalled = installAgents(targetDir, packageRoot);
+  if (agentsInstalled > 0) {
+    success(`Installed ${agentsInstalled} agents to ${c.cyan}${path.dirname(targetDir)}/.claude/agents/${c.reset}`);
+  }
+
+  // Install settings template (with hooks wiring)
+  const settingsInstalled = installSettings(targetDir, installType);
+  if (settingsInstalled) {
+    success(`Installed settings template with hook wiring`);
+  }
+
+  // Fix ownership if running under sudo
+  if (isRunningAsSudo()) {
+    const claudeDir = path.dirname(targetDir);
+    fixOwnership(commandsDir);
+    fixOwnership(path.join(claudeDir, 'hooks'));
+    fixOwnership(path.join(claudeDir, 'agents'));
+    fixOwnership(path.join(claudeDir, 'settings.json'));
+    success(`Fixed file ownership for ${c.cyan}${process.env.SUDO_USER}${c.reset}`);
+  }
+
   log('');
   log(`${c.green}Done!${c.reset} Restart Claude Code to load commands.`);
   log('');
@@ -150,6 +213,203 @@ function install(targetDir, installType) {
   log('');
 }
 
+function installHooks(targetDir, packageRoot) {
+  // For local install: .claude/commands -> go up to .claude/hooks
+  // For global install: ~/.claude/commands -> go up to ~/.claude/hooks
+  const claudeDir = path.dirname(targetDir);
+  const hooksDestDir = path.join(claudeDir, 'hooks');
+  fs.mkdirSync(hooksDestDir, { recursive: true });
+
+  // Try .claude/hooks/ first (npm package), fall back to root .claude/hooks/ (dev)
+  const hooksSrcDir = fs.existsSync(path.join(packageRoot, '.claude', 'hooks'))
+    ? path.join(packageRoot, '.claude', 'hooks')
+    : null;
+
+  if (!hooksSrcDir) return 0;
+
+  let copied = 0;
+  for (const file of HOOKS) {
+    const src = path.join(hooksSrcDir, file);
+    const dest = path.join(hooksDestDir, file);
+    if (fs.existsSync(src)) {
+      fs.copyFileSync(src, dest);
+      // Make executable
+      fs.chmodSync(dest, 0o755);
+      copied++;
+    }
+  }
+  return copied;
+}
+
+function installAgents(targetDir, packageRoot) {
+  // targetDir is .claude/commands (or ~/.claude/commands)
+  // agents go into the sibling .claude/agents/ directory
+  const claudeDir = path.dirname(targetDir);
+  const agentsDestDir = path.join(claudeDir, 'agents');
+  fs.mkdirSync(agentsDestDir, { recursive: true });
+
+  // Try .claude/agents/ first (npm package structure), fall back to nothing
+  const agentsSrcDir = fs.existsSync(path.join(packageRoot, '.claude', 'agents'))
+    ? path.join(packageRoot, '.claude', 'agents')
+    : null;
+
+  if (!agentsSrcDir) return 0;
+
+  const TLC_AGENT_MARKER = '# TLC Agent:';
+
+  let copied = 0;
+  for (const file of AGENTS) {
+    const src = path.join(agentsSrcDir, file);
+    const dest = path.join(agentsDestDir, file);
+    if (!fs.existsSync(src)) continue;
+
+    // Only overwrite if the destination either doesn't exist or is TLC-managed
+    if (fs.existsSync(dest)) {
+      const existing = fs.readFileSync(dest, 'utf8');
+      if (!existing.startsWith(TLC_AGENT_MARKER)) {
+        // User has customized this agent — leave it alone
+        continue;
+      }
+    }
+
+    fs.copyFileSync(src, dest);
+    copied++;
+  }
+  return copied;
+}
+
+function installSettings(targetDir, installType) {
+  // For local install: .claude/commands -> go up to .claude/settings.json
+  // For global install: ~/.claude/commands -> go up to ~/.claude/settings.json
+  const claudeDir = path.dirname(targetDir);
+  const settingsPath = path.join(claudeDir, 'settings.json');
+
+  // Global installs put hooks in ~/.claude/hooks/ (or $CLAUDE_CONFIG_DIR/hooks/ if set)
+  // Local installs put hooks in .claude/hooks/ (use $CLAUDE_PROJECT_DIR)
+  const hooksBase = installType === 'global'
+    ? '${CLAUDE_CONFIG_DIR:-$HOME/.claude}/hooks'
+    : '$CLAUDE_PROJECT_DIR/.claude/hooks';
+
+  // The settings template with full hook wiring
+  const settingsTemplate = {
+    permissions: {
+      allow: [
+        "Bash(npm *)", "Bash(npx *)", "Bash(node *)", "Bash(git *)",
+        "Bash(gh *)", "Bash(ssh *)", "Bash(scp *)", "Bash(rsync *)",
+        "Bash(curl *)", "Bash(wget *)", "Bash(docker *)", "Bash(docker-compose *)",
+        "Bash(pytest*)", "Bash(python *)", "Bash(pip *)", "Bash(go *)",
+        "Bash(cargo *)", "Bash(make *)", "Bash(cat *)", "Bash(ls *)",
+        "Bash(pwd*)", "Bash(cd *)", "Bash(mkdir *)", "Bash(cp *)",
+        "Bash(mv *)", "Bash(which *)", "Bash(echo *)", "Bash(jq *)",
+        "Bash(wc *)", "Bash(head *)", "Bash(tail *)", "Bash(sort *)",
+        "Bash(uniq *)", "Bash(xargs *)"
+      ]
+    },
+    hooks: {
+      PreToolUse: [{
+        matcher: "EnterPlanMode|TaskCreate|TaskUpdate|TaskList|TaskGet|ExitPlanMode",
+        hooks: [{
+          type: "command",
+          command: `bash ${hooksBase}/tlc-block-tools.sh`,
+          timeout: 5
+        }]
+      }],
+      UserPromptSubmit: [{
+        hooks: [{
+          type: "command",
+          command: `bash ${hooksBase}/tlc-prompt-guard.sh`,
+          timeout: 5
+        }]
+      }],
+      SessionStart: [{
+        hooks: [{
+          type: "command",
+          command: `bash ${hooksBase}/tlc-session-init.sh`,
+          timeout: 5
+        }]
+      }],
+      PostToolUse: [
+        {
+          matcher: "Bash",
+          hooks: [{
+            type: "command",
+            command: `bash ${hooksBase}/tlc-post-push.sh`,
+            timeout: 5
+          }]
+        },
+        {
+          matcher: "Skill",
+          hooks: [{
+            type: "command",
+            command: `bash ${hooksBase}/tlc-post-build.sh`,
+            timeout: 5
+          }]
+        }
+      ],
+      Stop: [{
+        hooks: [{
+          type: "command",
+          command: `bash "${hooksBase}/tlc-capture-exchange.sh"`,
+          timeout: 30
+        }]
+      }]
+    }
+  };
+
+  if (fs.existsSync(settingsPath)) {
+    // Merge: preserve existing permissions, add missing hooks
+    try {
+      const existing = JSON.parse(fs.readFileSync(settingsPath, 'utf8'));
+      // Merge permissions (union)
+      if (existing.permissions && existing.permissions.allow) {
+        const existingSet = new Set(existing.permissions.allow);
+        for (const perm of settingsTemplate.permissions.allow) {
+          existingSet.add(perm);
+        }
+        existing.permissions.allow = [...existingSet];
+      } else {
+        existing.permissions = settingsTemplate.permissions;
+      }
+      // Add hooks if not present
+      if (!existing.hooks) {
+        existing.hooks = settingsTemplate.hooks;
+      }
+      fs.writeFileSync(settingsPath, JSON.stringify(existing, null, 2) + '\n');
+      return true;
+    } catch (err) {
+      // If we can't parse existing, don't overwrite
+      return false;
+    }
+  } else {
+    fs.writeFileSync(settingsPath, JSON.stringify(settingsTemplate, null, 2) + '\n');
+    return true;
+  }
+}
+
+function isRunningAsSudo() {
+  return process.getuid && process.getuid() === 0 && process.env.SUDO_USER;
+}
+
+function fixOwnership(targetPath) {
+  const sudoUid = parseInt(process.env.SUDO_UID, 10);
+  const sudoGid = parseInt(process.env.SUDO_GID, 10);
+  if (isNaN(sudoUid) || isNaN(sudoGid)) return;
+
+  try {
+    const stat = fs.statSync(targetPath);
+    if (stat.isDirectory()) {
+      fs.chownSync(targetPath, sudoUid, sudoGid);
+      for (const entry of fs.readdirSync(targetPath)) {
+        fixOwnership(path.join(targetPath, entry));
+      }
+    } else {
+      fs.chownSync(targetPath, sudoUid, sudoGid);
+    }
+  } catch (err) {
+    // Best effort
+  }
+}
+
 async function main() {
   const args = process.argv.slice(2);
 
@@ -161,6 +421,12 @@ async function main() {
 
   printBanner();
 
+  // Warn if running under sudo — files will be owned by root
+  if (isRunningAsSudo()) {
+    log(`${c.yellow}⚠  Running under sudo — will fix file ownership for ${process.env.SUDO_USER}${c.reset}`);
+    log('');
+  }
+
   if (args.includes('--global') || args.includes('-g')) {
     info(`Installing ${c.bold}globally${c.reset} to ~/.claude/commands/tlc`);
     log('');

package/bin/postinstall.js

@@ -4,44 +4,122 @@ const fs = require('fs');
 const path = require('path');
 const os = require('os');
 
-// Get source and destination directories
-const srcDir = path.join(__dirname, '..', '.claude', 'commands', 'tlc');
-const destDir = path.join(os.homedir(), '.claude', 'commands', 'tlc');
+const packageRoot = path.join(__dirname, '..');
+const claudeHome = process.env.CLAUDE_CONFIG_DIR || path.join(os.homedir(), '.claude');
+
+// Source directories (inside npm package)
+const commandsSrcDir = path.join(packageRoot, '.claude', 'commands', 'tlc');
+const hooksSrcDir = path.join(packageRoot, '.claude', 'hooks');
+const agentsSrcDir = path.join(packageRoot, '.claude', 'agents');
+
+// Destination directories (user's home)
+const commandsDestDir = path.join(claudeHome, 'commands', 'tlc');
+const hooksDestDir = path.join(claudeHome, 'hooks');
+const agentsDestDir = path.join(claudeHome, 'agents');
 
-// Create destination directory if it doesn't exist
 function ensureDir(dir) {
   if (!fs.existsSync(dir)) {
     fs.mkdirSync(dir, { recursive: true });
   }
 }
 
-// Copy all .md files from source to destination
+// Copy all .md command files
 function copyCommands() {
-  try {
-    // Ensure destination exists
-    ensureDir(destDir);
+  if (!fs.existsSync(commandsSrcDir)) return 0;
+  ensureDir(commandsDestDir);
+
+  const files = fs.readdirSync(commandsSrcDir).filter(f => f.endsWith('.md'));
+  let copied = 0;
+  for (const file of files) {
+    fs.copyFileSync(path.join(commandsSrcDir, file), path.join(commandsDestDir, file));
+    copied++;
+  }
+  return copied;
+}
 
-    // Check if source exists
-    if (!fs.existsSync(srcDir)) {
-      // Silent exit if source doesn't exist (might be dev install)
-      return;
+// Copy all .sh hook files
+function copyHooks() {
+  if (!fs.existsSync(hooksSrcDir)) return 0;
+  ensureDir(hooksDestDir);
+
+  const files = fs.readdirSync(hooksSrcDir).filter(f => f.endsWith('.sh'));
+  let copied = 0;
+  for (const file of files) {
+    const dest = path.join(hooksDestDir, file);
+    fs.copyFileSync(path.join(hooksSrcDir, file), dest);
+    fs.chmodSync(dest, 0o755);
+    copied++;
+  }
+  return copied;
+}
+
+// Copy all .md agent files (only overwrite TLC-managed ones)
+function copyAgents() {
+  if (!fs.existsSync(agentsSrcDir)) return 0;
+  ensureDir(agentsDestDir);
+
+  const files = fs.readdirSync(agentsSrcDir).filter(f => f.endsWith('.md'));
+  let copied = 0;
+  for (const file of files) {
+    const dest = path.join(agentsDestDir, file);
+    // Don't overwrite user-customized agents
+    if (fs.existsSync(dest)) {
+      const content = fs.readFileSync(dest, 'utf8');
+      if (!content.startsWith('# TLC Agent:')) continue;
     }
+    fs.copyFileSync(path.join(agentsSrcDir, file), dest);
+    copied++;
+  }
+  return copied;
+}
+
+function isRunningAsSudo() {
+  return process.getuid && process.getuid() === 0 && process.env.SUDO_USER;
+}
 
-    // Get all .md files
-    const files = fs.readdirSync(srcDir).filter(f => f.endsWith('.md'));
+function fixOwnership(targetPath) {
+  // After writing files as root, fix ownership to the actual user
+  const sudoUid = parseInt(process.env.SUDO_UID, 10);
+  const sudoGid = parseInt(process.env.SUDO_GID, 10);
+  if (isNaN(sudoUid) || isNaN(sudoGid)) return;
+
+  try {
+    const stat = fs.statSync(targetPath);
+    if (stat.isDirectory()) {
+      fs.chownSync(targetPath, sudoUid, sudoGid);
+      for (const entry of fs.readdirSync(targetPath)) {
+        fixOwnership(path.join(targetPath, entry));
+      }
+    } else {
+      fs.chownSync(targetPath, sudoUid, sudoGid);
+    }
+  } catch (err) {
+    // Best effort
+  }
+}
 
-    let copied = 0;
-    for (const file of files) {
-      const src = path.join(srcDir, file);
-      const dest = path.join(destDir, file);
+function postinstall() {
+  try {
+    const commands = copyCommands();
+    const hooks = copyHooks();
+    const agents = copyAgents();
 
-      // Copy file (overwrite if exists)
-      fs.copyFileSync(src, dest);
-      copied++;
+    if (commands > 0) {
+      console.log(`\x1b[32m✓\x1b[0m TLC: Installed ${commands} commands to ~/.claude/commands/tlc/`);
+    }
+    if (hooks > 0) {
+      console.log(`\x1b[32m✓\x1b[0m TLC: Installed ${hooks} hooks to ~/.claude/hooks/`);
+    }
+    if (agents > 0) {
+      console.log(`\x1b[32m✓\x1b[0m TLC: Installed ${agents} agents to ~/.claude/agents/`);
     }
 
-    if (copied > 0) {
-      console.log(`\x1b[32m✓\x1b[0m TLC: Installed ${copied} commands to ~/.claude/commands/tlc/`);
+    // Fix ownership if running under sudo
+    if (isRunningAsSudo()) {
+      console.log(`\x1b[33m⚠\x1b[0m TLC: Detected sudo — fixing file ownership for ${process.env.SUDO_USER}`);
+      fixOwnership(commandsDestDir);
+      fixOwnership(hooksDestDir);
+      fixOwnership(agentsDestDir);
     }
   } catch (err) {
     // Silent fail - don't break npm install
@@ -51,4 +129,4 @@ function copyCommands() {
   }
 }
 
-copyCommands();
+postinstall();