npm - xtrm-tools - Versions diffs - 0.5.10 → 0.5.13 - Mend

xtrm-tools 0.5.10 → 0.5.13

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (106) hide show

package/hooks/guard-rules.mjs DELETED Viewed

@@ -1,118 +0,0 @@
-// Canonical guard rule definitions shared across hooks, policies, and extensions.
-// Pure data module: named exports only.
-export const WRITE_TOOLS = [
-  'Edit',
-  'Write',
-  'MultiEdit',
-  'NotebookEdit',
-  'mcp__serena__rename_symbol',
-  'mcp__serena__replace_symbol_body',
-  'mcp__serena__insert_after_symbol',
-  'mcp__serena__insert_before_symbol',
-];
-export const DANGEROUS_BASH_PATTERNS = [
-  'sed\\s+-i',
-  'echo\\s+[^\\n]*>',
-  'printf\\s+[^\\n]*>',
-  'cat\\s+[^\\n]*>',
-  'tee\\b',
-  '(?:^|\\s)(?:vim|nano|vi)\\b',
-  '(?:^|\\s)mv\\b',
-  '(?:^|\\s)cp\\b',
-  '(?:^|\\s)rm\\b',
-  '(?:^|\\s)mkdir\\b',
-  '(?:^|\\s)touch\\b',
-  '(?:^|\\s)chmod\\b',
-  '(?:^|\\s)chown\\b',
-  '>>',
-  '(?:^|\\s)git\\s+add\\b',
-  '(?:^|\\s)git\\s+commit\\b',
-  '(?:^|\\s)git\\s+merge\\b',
-  '(?:^|\\s)git\\s+push\\b',
-  '(?:^|\\s)git\\s+reset\\b',
-  '(?:^|\\s)git\\s+checkout\\b',
-  '(?:^|\\s)git\\s+rebase\\b',
-  '(?:^|\\s)git\\s+stash\\b',
-  '(?:^|\\s)npm\\s+install\\b',
-  '(?:^|\\s)bun\\s+install\\b',
-  '(?:^|\\s)bun\\s+add\\b',
-  '(?:^|\\s)node\\s+(?:-e|--eval)\\b',
-  '(?:^|\\s)bun\\s+(?:-e|--eval)\\b',
-  '(?:^|\\s)python\\s+-c\\b',
-  '(?:^|\\s)perl\\s+-e\\b',
-  '(?:^|\\s)ruby\\s+-e\\b',
-];
-export const SAFE_BASH_PREFIXES = [
-  // Git read-only
-  'git status',
-  'git log',
-  'git diff',
-  'git show',
-  'git blame',
-  'git branch',
-  'git fetch',
-  'git remote',
-  'git config',
-  'git pull',
-  'git stash',
-  'git worktree',
-  'git checkout -b',
-  'git switch -c',
-  // Tools
-  'gh',
-  'bd',
-  'npx gitnexus',
-  'xtrm finish',
-  // Read-only filesystem
-  'cat',
-  'ls',
-  'head',
-  'tail',
-  'pwd',
-  'which',
-  'type',
-  'env',
-  'printenv',
-  'find',
-  'grep',
-  'rg',
-  'fd',
-  'wc',
-  'sort',
-  'uniq',
-  'cut',
-  'awk',
-  'jq',
-  'yq',
-  'bat',
-  'less',
-  'more',
-  'file',
-  'stat',
-  'du',
-  'tree',
-  // Allowed writes (specific paths)
-  'touch .beads/',
-];
-export const NATIVE_TEAM_TOOLS = [
-  'Task',
-  'TeamCreate',
-  'TeamDelete',
-  'SendMessage',
-  'TaskCreate',
-  'TaskUpdate',
-  'TaskList',
-  'TaskGet',
-  'TaskOutput',
-  'TaskStop',
-];
-export const INTERACTIVE_TOOLS = [
-  'AskUserQuestion',
-  'EnterPlanMode',
-  'EnterWorktree',
-];

package/hooks/main-guard-post-push.mjs DELETED Viewed

@@ -1,71 +0,0 @@
-#!/usr/bin/env node
-// Claude Code PostToolUse hook — after successful feature-branch push,
-// inject next-step PR workflow guidance.
-// Exit 0 in all paths (informational only).
-//
-// Installed by: xtrm install
-import { execSync } from 'node:child_process';
-import { readFileSync } from 'node:fs';
-let input;
-try {
-  input = JSON.parse(readFileSync(0, 'utf8'));
-} catch {
-  process.exit(0);
-}
-if ((input.tool_name ?? '') !== 'Bash') process.exit(0);
-const cmd = (input.tool_input?.command ?? '').trim().replace(/\s+/g, ' ');
-if (!/^git\s+push\b/.test(cmd)) process.exit(0);
-function commandSucceeded(payload) {
-  const tr = payload?.tool_response ?? payload?.tool_result ?? payload?.result;
-  if (!tr || typeof tr !== 'object') return true;
-  if (tr.success === false) return false;
-  if (tr.error) return false;
-  const numeric = [tr.exit_code, tr.exitCode, tr.status, tr.returncode]
-    .find((v) => Number.isInteger(v));
-  if (typeof numeric === 'number' && numeric !== 0) return false;
-  return true;
-}
-if (!commandSucceeded(input)) process.exit(0);
-const cwd = input.cwd || process.cwd();
-let branch = '';
-try {
-  branch = execSync('git branch --show-current', {
-    cwd,
-    encoding: 'utf8',
-    stdio: ['pipe', 'pipe', 'pipe'],
-  }).trim();
-} catch {
-  process.exit(0);
-}
-const protectedBranches = process.env.MAIN_GUARD_PROTECTED_BRANCHES
-  ? process.env.MAIN_GUARD_PROTECTED_BRANCHES.split(',').map((b) => b.trim()).filter(Boolean)
-  : ['main', 'master'];
-if (!branch || protectedBranches.includes(branch)) process.exit(0);
-const tokens = cmd.split(' ');
-const lastToken = tokens[tokens.length - 1] ?? '';
-const explicitlyProtectedTarget = protectedBranches
-  .some((b) => lastToken === b || lastToken.endsWith(`:${b}`));
-if (explicitlyProtectedTarget) process.exit(0);
-process.stdout.write(JSON.stringify({
-  additionalContext:
-    `✅ Pushed '${branch}'. Next steps:\n` +
-    '  1. gh pr create --fill\n' +
-    '  2. gh pr merge --squash\n' +
-    '  3. git checkout main && git reset --hard origin/main\n' +
-    'Ensure beads state is updated (e.g. bd close <id>).',
-}));
-process.stdout.write('\n');
-process.exit(0);

package/hooks/main-guard.mjs DELETED Viewed

@@ -1,119 +0,0 @@
-#!/usr/bin/env node
-// Claude Code PreToolUse hook — block writes and direct master pushes
-// Exit 0: allow  |  Exit 2: block (message shown to user)
-//
-// Installed by: xtrm install
-import { execSync } from 'node:child_process';
-import { existsSync, readFileSync } from 'node:fs';
-import { join } from 'node:path';
-import { WRITE_TOOLS, SAFE_BASH_PREFIXES } from './guard-rules.mjs';
-let branch = '';
-try {
-  branch = execSync('git branch --show-current', {
-    encoding: 'utf8',
-    stdio: ['pipe', 'pipe', 'pipe'],
-  }).trim();
-} catch {}
-const protectedBranches = process.env.MAIN_GUARD_PROTECTED_BRANCHES
-  ? process.env.MAIN_GUARD_PROTECTED_BRANCHES.split(',').map(b => b.trim()).filter(Boolean)
-  : ['main', 'master'];
-if (!branch || !protectedBranches.includes(branch)) {
-  process.exit(0);
-}
-let input;
-try {
-  input = JSON.parse(readFileSync(0, 'utf8'));
-} catch {
-  process.exit(0);
-}
-const tool = input.tool_name ?? '';
-const cwd = input.cwd || process.cwd();
-function deny(reason) {
-  process.stdout.write(JSON.stringify({ decision: 'block', reason }));
-  process.stdout.write('\n');
-  process.exit(0);
-}
-function getSessionState(cwd) {
-  const statePath = join(cwd, '.xtrm-session-state.json');
-  if (!existsSync(statePath)) return null;
-  try {
-    return JSON.parse(readFileSync(statePath, 'utf8'));
-  } catch {
-    return null;
-  }
-}
-function normalizeGitCCommand(cmd) {
-  const match = cmd.match(/^git\s+-C\s+(?:"[^"]+"|'[^']+'|\S+)\s+(.+)$/);
-  if (match?.[1]) return `git ${match[1]}`;
-  return cmd;
-}
-if (WRITE_TOOLS.includes(tool)) {
-  deny(`⛔ On '${branch}' — start on a feature branch and claim an issue.\n`
-    + '  git checkout -b feature/<name>  (or: git switch -c feature/<name>)\n'
-    + '  bd update <id> --claim\n');
-}
-if (tool === 'Bash') {
-  const cmd = (input.tool_input?.command ?? '').trim().replace(/\s+/g, ' ');
-  const normalizedCmd = normalizeGitCCommand(cmd);
-  const state = getSessionState(cwd);
-  if (process.env.MAIN_GUARD_ALLOW_BASH === '1') {
-    process.exit(0);
-  }
-  if (/^gh\s+pr\s+merge\b/.test(cmd)) {
-    if (!/--squash\b/.test(cmd)) {
-      deny('⛔ Squash only: gh pr merge --squash\n'
-        + '  (override: MAIN_GUARD_ALLOW_BASH=1 gh pr merge --merge)\n');
-    }
-    process.exit(0);
-  }
-  const SAFE_BASH_PATTERNS = [
-    ...SAFE_BASH_PREFIXES.map(prefix => new RegExp(`^${prefix.replace(/[.*+?^${}()|[\]\\]/g, '\\$&')}\\b`)),
-    ...protectedBranches.map(b => new RegExp(`^git\\s+reset\\s+--hard\\s+origin/${b}\\b`)),
-  ];
-  if (SAFE_BASH_PATTERNS.some(p => p.test(cmd) || p.test(normalizedCmd))) {
-    process.exit(0);
-  }
-  if (/\bgit\s+commit\b/.test(normalizedCmd)) {
-    deny(`⛔ No commits on '${branch}' — use a feature branch/worktree.\n`
-      + '  git checkout -b feature/<name>\n'
-      + '  bd update <id> --claim\n');
-  }
-  if (/\bgit\s+push\b/.test(normalizedCmd)) {
-    const tokens = normalizedCmd.split(' ');
-    const lastToken = tokens[tokens.length - 1];
-    const explicitProtected = protectedBranches.some(b => lastToken === b || lastToken.endsWith(`:${b}`));
-    const impliedProtected = tokens.length <= 3 && protectedBranches.includes(branch);
-    if (explicitProtected || impliedProtected) {
-      deny(`⛔ No direct push to '${branch}' — push a feature branch and open a PR.\n`
-        + '  git push -u origin <feature-branch> && gh pr create --fill\n');
-    }
-    process.exit(0);
-  }
-  const handoff = state?.worktreePath
-    ? `  Active worktree session recorded: ${state.worktreePath}\n  (Current workaround) use feature branch flow until worktree bug is fixed.\n`
-    : '  Exit: git checkout -b feature/<name>  (or: git switch -c feature/<name>)\n  Then: bd update <id> --claim\n';
-  deny(`⛔ Bash restricted on '${branch}'. Allowed: read-only commands, gh, bd, git checkout -b, git switch -c.\n`
-    + handoff
-    + '  Override: MAIN_GUARD_ALLOW_BASH=1 <cmd>\n');
-}
-process.exit(0);