xtrm-tools 2.0.1 → 2.0.3

package/cli/package.json

@@ -1,6 +1,6 @@
 {
   "name": "xtrm-cli",
-  "version": "2.0.1",
+  "version": "2.1.0",
   "description": "Claude Code tools installer (skills, hooks, MCP servers)",
   "main": "./dist/index.js",
   "type": "module",

package/hooks/README.md

@@ -139,18 +139,121 @@ Hooks intercept specific events in the Claude Code lifecycle to provide:
 **Purpose**: Displays custom status line information.
 **Trigger**: StatusLine
 
+## Workflow Enforcement Hooks (JavaScript)
+
+Installed globally to `~/.claude/hooks/` by `xtrm install`. Require Node.js.
+
+### main-guard.mjs
+
+**Purpose**: Blocks direct file edits and dangerous git operations on protected branches (`main`/`master`). Enforces the feature-branch → PR workflow.
+
+**Trigger**: PreToolUse (`Edit|Write|MultiEdit|NotebookEdit|Bash`)
+
+**Blocks**:
+- Write/Edit/MultiEdit/NotebookEdit on protected branches
+- `git commit` directly on protected branches
+- `git push` to protected branches
+
+**Configuration** (injected into `~/.claude/settings.json`):
+```json
+{
+  "hooks": {
+    "PreToolUse": [{
+      "matcher": "Edit|Write|MultiEdit|NotebookEdit|Bash",
+      "hooks": [{ "type": "command", "command": "~/.claude/hooks/main-guard.mjs", "timeout": 5000 }]
+    }]
+  }
+}
+```
+
+---
+
+### beads-gate-utils.mjs
+
+**Purpose**: Shared utility module imported by all beads gate hooks. Not registered as a hook itself.
+
+**Exports**: `resolveCwd`, `isBeadsProject`, `getSessionClaim`, `getTotalWork`, `getInProgress`, `clearSessionClaim`, `withSafeBdContext`
+
+**Requires**: `bd` (beads CLI), `dolt`
+
+---
+
+### beads-edit-gate.mjs
+
+**Purpose**: Blocks file edits when the current session has not claimed a beads issue via `bd kv`. Prevents free-riding in multi-agent and multi-session scenarios.
+
+**Trigger**: PreToolUse (`Edit|Write|MultiEdit|NotebookEdit|mcp__serena__*`)
+
+**Behavior**:
+- Session has claim (`bd kv get "claimed:<session_id>"`) → allow
+- No claim + no trackable work → allow (clean-start state)
+- No claim + open/in_progress issues exist → block
+- Falls back to global in_progress check when `session_id` is absent
+
+**Requires**: `bd`, `dolt`
+
+---
+
+### beads-commit-gate.mjs
+
+**Purpose**: Blocks `git commit` when the current session still has an unclosed beads claim.
+
+**Trigger**: PreToolUse (`Bash`) — only fires when command matches `git commit`
+
+**Requires**: `bd`, `dolt`
+
+---
+
+### beads-stop-gate.mjs
+
+**Purpose**: Blocks the agent from stopping when the current session has an unclosed beads claim.
+
+**Trigger**: Stop
+
+**Requires**: `bd`, `dolt`
+
+---
+
+### beads-close-memory-prompt.mjs
+
+**Purpose**: After `bd close`, clears the session's kv claim and injects a reminder to capture knowledge before moving on.
+
+**Trigger**: PostToolUse (`Bash`) — only fires when command matches `bd close`
+
+**Requires**: `bd`, `dolt`
+
+---
+
+## Beads claim workflow
+
+```bash
+# Claim an issue before editing
+bd update <id> --status=in_progress
+bd kv set "claimed:<session_id>" "<id>"
+
+# Edit files freely
+# ...
+
+# Close when done — hook auto-clears the claim
+bd close <id>
+```
+
+---
+
 ## Installation
 
-1. Copy hooks to Claude Code directory:
+Use `xtrm install` to deploy all hooks automatically. For manual setup:
+
+1. Copy hooks to the global Claude Code directory:
    ```bash
-   cp hooks/* ~/.claude/hooks/
+   cp hooks/*.mjs hooks/*.py ~/.claude/hooks/
    ```
 
 2. Make scripts executable:
    ```bash
-   chmod +x ~/.claude/hooks/*.py ~/.claude/hooks/*.js
+   chmod +x ~/.claude/hooks/*.mjs ~/.claude/hooks/*.py
    ```
 
-3. Configure hooks in `~/.claude/settings.json`.
+3. Merge hook entries into `~/.claude/settings.json`.
 
 4. Restart Claude Code.

package/hooks/beads-close-memory-prompt.mjs

@@ -0,0 +1,49 @@
+#!/usr/bin/env node
+// beads-close-memory-prompt — Claude Code PostToolUse hook
+// After `bd close`: clears session claim from bd kv, then injects a short
+// reminder into Claude's context to capture knowledge and consider underused
+// beads features.
+// Output to stdout is shown to Claude as additional context.
+//
+// Installed by: xtrm install
+
+import { readFileSync } from 'node:fs';
+import {
+  resolveCwd, isBeadsProject, clearSessionClaim, withSafeBdContext,
+} from './beads-gate-utils.mjs';
+
+let input;
+try {
+  input = JSON.parse(readFileSync(0, 'utf8'));
+} catch {
+  process.exit(0);
+}
+
+if (input.tool_name !== 'Bash') process.exit(0);
+if (!/\bbd\s+close\b/.test(input.tool_input?.command ?? '')) process.exit(0);
+
+withSafeBdContext(() => {
+  const cwd = resolveCwd(input);
+  if (!isBeadsProject(cwd)) process.exit(0);
+
+  if (input.session_id) {
+    clearSessionClaim(input.session_id, cwd);
+  }
+
+  process.stdout.write(
+    '\n[beads] Issue(s) closed. Before moving on:\n\n' +
+    '  Knowledge worth keeping?\n' +
+    '    bd remember "key insight from this work"\n' +
+    '    bd memories <keyword>   -- search what is already stored\n\n' +
+    '  Discovered related work while implementing?\n' +
+    '    bd create --title="..." --deps=discovered-from:<id>\n\n' +
+    '  Underused features to consider:\n' +
+    '    bd dep add <a> <b>   -- link blocking relationships between issues\n' +
+    '    bd graph             -- visualize issue dependency graph\n' +
+    '    bd orphans           -- issues referenced in commits but still open\n' +
+    '    bd preflight         -- PR readiness checklist before gh pr create\n' +
+    '    bd stale             -- issues not touched recently\n'
+  );
+
+  process.exit(0);
+});

package/hooks/beads-commit-gate.mjs

@@ -0,0 +1,64 @@
+#!/usr/bin/env node
+// beads-commit-gate — Claude Code PreToolUse hook
+// Blocks `git commit` when this session still has an unclosed claim in bd kv.
+// Falls back to global in_progress check when session_id is unavailable.
+// Forces: close issues first, THEN commit.
+// Exit 0: allow  |  Exit 2: block (stderr shown to Claude)
+//
+// Installed by: xtrm install
+
+import { readFileSync } from 'node:fs';
+import {
+  resolveCwd, isBeadsProject, getSessionClaim,
+  getInProgress, withSafeBdContext,
+} from './beads-gate-utils.mjs';
+
+let input;
+try {
+  input = JSON.parse(readFileSync(0, 'utf8'));
+} catch {
+  process.exit(0);
+}
+
+if ((input.tool_name ?? '') !== 'Bash') process.exit(0);
+if (!/\bgit\s+commit\b/.test(input.tool_input?.command ?? '')) process.exit(0);
+
+const NEXT_STEPS =
+  '  3. bd close <id1> <id2> ...             ← you are here\n' +
+  '  4. git add <files> && git commit -m "..."\n' +
+  '  5. git push -u origin <feature-branch>\n' +
+  '  6. gh pr create --fill && gh pr merge --squash\n' +
+  '  7. git checkout master && git reset --hard origin/master\n';
+
+withSafeBdContext(() => {
+  const cwd = resolveCwd(input);
+  if (!isBeadsProject(cwd)) process.exit(0);
+
+  const sessionId = input.session_id;
+
+  if (sessionId) {
+    const claimed = getSessionClaim(sessionId, cwd);
+    if (claimed === null) process.exit(0);
+    if (!claimed) process.exit(0);
+
+    const ip = getInProgress(cwd);
+    const summary = ip?.summary ?? `  Claimed: ${claimed}`;
+
+    process.stderr.write(
+      '🚫 BEADS GATE: Close open issues before committing.\n\n' +
+      `Open issues:\n${summary}\n\n` +
+      'Next steps:\n' + NEXT_STEPS
+    );
+    process.exit(2);
+  } else {
+    const ip = getInProgress(cwd);
+    if (ip === null || ip.count === 0) process.exit(0);
+
+    process.stderr.write(
+      '🚫 BEADS GATE: Close open issues before committing.\n\n' +
+      `Open issues:\n${ip.summary}\n\n` +
+      'Next steps:\n' + NEXT_STEPS
+    );
+    process.exit(2);
+  }
+});

package/hooks/beads-edit-gate.mjs

@@ -0,0 +1,72 @@
+#!/usr/bin/env node
+// beads-edit-gate — Claude Code PreToolUse hook
+// Blocks file edits when this session has not claimed a beads issue via bd kv.
+// Falls back to global in_progress check when session_id is unavailable.
+// Only active in projects with a .beads/ directory.
+// Exit 0: allow  |  Exit 2: block (stderr shown to Claude)
+//
+// Installed by: xtrm install
+
+import { readFileSync } from 'node:fs';
+import {
+  resolveCwd, isBeadsProject, getSessionClaim,
+  getTotalWork, getInProgress, withSafeBdContext,
+} from './beads-gate-utils.mjs';
+
+let input;
+try {
+  input = JSON.parse(readFileSync(0, 'utf8'));
+} catch {
+  process.exit(0);
+}
+
+withSafeBdContext(() => {
+  const cwd = resolveCwd(input);
+  if (!isBeadsProject(cwd)) process.exit(0);
+
+  const sessionId = input.session_id;
+
+  if (sessionId) {
+    const claimed = getSessionClaim(sessionId, cwd);
+    if (claimed === null) process.exit(0); // bd kv unavailable — fail open
+    if (claimed) process.exit(0);          // this session has an active claim
+
+    const totalWork = getTotalWork(cwd);
+    if (totalWork === null) process.exit(0); // can't determine — fail open
+    if (totalWork === 0) process.exit(0);    // nothing to track — clean-start state
+
+    process.stderr.write(
+      '🚫 BEADS GATE: This session has no active claim — claim an issue before editing files.\n\n' +
+      '  bd update <id> --status=in_progress\n' +
+      `  bd kv set "claimed:${sessionId}" "<id>"\n\n` +
+      'Or create a new issue:\n' +
+      '  bd create --title="<what you\'re doing>" --type=task --priority=2\n' +
+      '  bd update <id> --status=in_progress\n' +
+      `  bd kv set "claimed:${sessionId}" "<id>"\n`
+    );
+    process.exit(2);
+  } else {
+    // Fallback: global in_progress check (non-Claude environments / no session_id).
+    const ip = getInProgress(cwd);
+    if (ip === null) process.exit(0);
+    if (ip.count > 0) process.exit(0);
+
+    const totalWork = getTotalWork(cwd);
+    if (totalWork === null || totalWork === 0) process.exit(0);
+
+    process.stderr.write(
+      '🚫 BEADS GATE: No active issue — create one before editing files.\n\n' +
+      '  bd create --title="<what you\'re doing>" --type=task --priority=2\n' +
+      '  bd update <id> --status=in_progress\n\n' +
+      'Full workflow (do this every session):\n' +
+      '  1. bd create + bd update in_progress   ← you are here\n' +
+      '  2. Edit files / write code\n' +
+      '  3. bd close <id>                        close when done\n' +
+      '  4. git add <files> && git commit\n' +
+      '  5. git push -u origin <feature-branch>\n' +
+      '  6. gh pr create --fill && gh pr merge --squash\n' +
+      '  7. git checkout master && git reset --hard origin/master\n'
+    );
+    process.exit(2);
+  }
+});

package/hooks/beads-gate-utils.mjs

@@ -0,0 +1,121 @@
+#!/usr/bin/env node
+// beads-gate-utils.mjs — shared infrastructure for beads gate hooks
+// Import from sibling hooks using: import { ... } from './beads-gate-utils.mjs';
+// Static ES module imports resolve relative to the importing file's location,
+// not CWD, so this works regardless of the project directory.
+
+import { execSync } from 'node:child_process';
+import { existsSync } from 'node:fs';
+import { join } from 'node:path';
+
+/** Resolve project cwd from hook input JSON. */
+export function resolveCwd(input) {
+  return input.cwd ?? process.env.CLAUDE_PROJECT_DIR ?? process.cwd();
+}
+
+/** Return true if the directory contains a .beads project. */
+export function isBeadsProject(cwd) {
+  return existsSync(join(cwd, '.beads'));
+}
+
+/**
+ * Get the claimed issue ID for a session from bd kv.
+ * Returns: issue ID string if claimed, '' if not set, null if bd kv unavailable.
+ * Note: bd kv get exits 1 for missing keys — execSync throws, so we check err.status.
+ */
+export function getSessionClaim(sessionId, cwd) {
+  try {
+    return execSync(`bd kv get "claimed:${sessionId}"`, {
+      encoding: 'utf8',
+      cwd,
+      stdio: ['pipe', 'pipe', 'pipe'],
+      timeout: 5000,
+    }).trim();
+  } catch (err) {
+    if (err.status === 1) return ''; // key not found — no claim
+    return null;                     // command failed — bd kv unavailable
+  }
+}
+
+/**
+ * Parse work counts from a bd list output string.
+ * Reads the "Total: N issues (X open, Y in progress)" summary line.
+ * Returns { open, inProgress } or null if the line is absent.
+ *
+ * This is more reliable than counting symbols or tokens: the Total line is
+ * a structured summary that doesn't depend on status-legend text or box-drawing
+ * characters, and it's present in all non-empty bd list outputs.
+ */
+function parseCounts(output) {
+  const m = output.match(/Total:\s*\d+\s+issues?\s*\((\d+)\s+open,\s*(\d+)\s+in progress\)/);
+  if (!m) return null;
+  return { open: parseInt(m[1], 10), inProgress: parseInt(m[2], 10) };
+}
+
+/**
+ * Get in_progress issues as { count, summary }.
+ * Returns null if bd is unavailable.
+ */
+export function getInProgress(cwd) {
+  try {
+    const output = execSync('bd list --status=in_progress', {
+      encoding: 'utf8', cwd, stdio: ['pipe', 'pipe', 'pipe'], timeout: 8000,
+    });
+    const counts = parseCounts(output);
+    return {
+      count: counts?.inProgress ?? 0,
+      summary: output.trim(),
+    };
+  } catch {
+    return null;
+  }
+}
+
+/**
+ * Count total trackable work (open + in_progress issues) using a single bd list call.
+ * Returns the count, or null if bd is unavailable.
+ */
+export function getTotalWork(cwd) {
+  try {
+    // Use default status filter (non-closed) and parse Total summary.
+    // Repeating --status is not additive in bd CLI and can collapse to one status.
+    const output = execSync('bd list', {
+      encoding: 'utf8', cwd, stdio: ['pipe', 'pipe', 'pipe'], timeout: 8000,
+    });
+    const counts = parseCounts(output);
+    if (!counts) return 0; // "No issues found." — nothing to track
+    return counts.open + counts.inProgress;
+  } catch {
+    return null;
+  }
+}
+
+/**
+ * Clear the session claim key from bd kv. Non-fatal — best-effort cleanup.
+ */
+export function clearSessionClaim(sessionId, cwd) {
+  try {
+    execSync(`bd kv clear "claimed:${sessionId}"`, {
+      encoding: 'utf8', cwd, stdio: ['pipe', 'pipe', 'pipe'], timeout: 5000,
+    });
+  } catch {
+    // non-fatal
+  }
+}
+
+/**
+ * Option C: wrap hook body with uniform fail-open error handling.
+ * Any unexpected top-level throw exits 0 (allow) rather than crashing visibly.
+ *
+ * Usage:
+ *   withSafeBdContext(() => {
+ *     // hook logic here — call process.exit() to set exit code
+ *   });
+ */
+export function withSafeBdContext(fn) {
+  try {
+    fn();
+  } catch {
+    process.exit(0);
+  }
+}

package/hooks/beads-stop-gate.mjs

@@ -0,0 +1,61 @@
+#!/usr/bin/env node
+// beads-stop-gate — Claude Code Stop hook
+// Blocks the agent from stopping when this session has an unclosed claim in bd kv.
+// Falls back to global in_progress check when session_id is unavailable.
+// Exit 0: allow stop  |  Exit 2: block stop (stderr shown to Claude)
+//
+// Installed by: xtrm install
+
+import { readFileSync } from 'node:fs';
+import {
+  resolveCwd, isBeadsProject, getSessionClaim,
+  getInProgress, withSafeBdContext,
+} from './beads-gate-utils.mjs';
+
+let input;
+try {
+  input = JSON.parse(readFileSync(0, 'utf8'));
+} catch {
+  process.exit(0);
+}
+
+const CLOSE_PROTOCOL =
+  '  3. bd close <id1> <id2> ...               close all in_progress issues\n' +
+  '  4. git add <files> && git commit -m "..."  commit your changes\n' +
+  '  5. git push -u origin <feature-branch>     push feature branch\n' +
+  '  6. gh pr create --fill                     create PR\n' +
+  '  7. gh pr merge --squash                    merge PR\n' +
+  '  8. git checkout master && git reset --hard origin/master\n';
+
+withSafeBdContext(() => {
+  const cwd = resolveCwd(input);
+  if (!isBeadsProject(cwd)) process.exit(0);
+
+  const sessionId = input.session_id;
+
+  if (sessionId) {
+    const claimed = getSessionClaim(sessionId, cwd);
+    if (claimed === null) process.exit(0); // bd kv unavailable — fail open
+    if (!claimed) process.exit(0);         // no active claim for this session
+
+    const ip = getInProgress(cwd);
+    const summary = ip?.summary ?? `  Claimed: ${claimed}`;
+
+    process.stderr.write(
+      '🚫 BEADS STOP GATE: Unresolved issues — complete the session close protocol.\n\n' +
+      `Open issues:\n${summary}\n\n` +
+      'Session close protocol:\n' + CLOSE_PROTOCOL
+    );
+    process.exit(2);
+  } else {
+    const ip = getInProgress(cwd);
+    if (ip === null || ip.count === 0) process.exit(0);
+
+    process.stderr.write(
+      '🚫 BEADS STOP GATE: Unresolved issues — complete the session close protocol.\n\n' +
+      `Open issues:\n${ip.summary}\n\n` +
+      'Session close protocol:\n' + CLOSE_PROTOCOL
+    );
+    process.exit(2);
+  }
+});

package/hooks/main-guard.mjs

@@ -0,0 +1,139 @@
+#!/usr/bin/env node
+// Claude Code PreToolUse hook — block writes and direct master pushes
+// Exit 0: allow  |  Exit 2: block (message shown to user)
+//
+// Installed by: xtrm install
+
+import { execSync } from 'node:child_process';
+import { readFileSync } from 'node:fs';
+
+let branch = '';
+try {
+  branch = execSync('git branch --show-current', {
+    encoding: 'utf8',
+    stdio: ['pipe', 'pipe', 'pipe'],
+  }).trim();
+} catch {}
+
+// Determine protected branches — env var override for tests and custom setups
+const protectedBranches = process.env.MAIN_GUARD_PROTECTED_BRANCHES
+  ? process.env.MAIN_GUARD_PROTECTED_BRANCHES.split(',').map(b => b.trim()).filter(Boolean)
+  : ['main', 'master'];
+
+// Not in a git repo or not on a protected branch — allow
+if (!branch || !protectedBranches.includes(branch)) {
+  process.exit(0);
+}
+
+let input;
+try {
+  input = JSON.parse(readFileSync(0, 'utf8'));
+} catch {
+  process.exit(0);
+}
+
+const tool = input.tool_name ?? '';
+
+const WRITE_TOOLS = new Set(['Edit', 'Write', 'MultiEdit', 'NotebookEdit']);
+
+if (WRITE_TOOLS.has(tool)) {
+  process.stderr.write(
+    `⛔ You are on '${branch}' — never edit files directly on master.\n\n` +
+    'Full workflow:\n' +
+    '  1. git checkout -b feature/<name>         ← start here\n' +
+    '  2. bd create + bd update in_progress      track your work\n' +
+    '  3. Edit files / write code\n' +
+    '  4. bd close <id> && git add && git commit\n' +
+    '  5. git push -u origin feature/<name>\n' +
+    '  6. gh pr create --fill && gh pr merge --squash\n' +
+    '  7. git checkout master && git reset --hard origin/master\n'
+  );
+  process.exit(2);
+}
+
+const WORKFLOW =
+  'Full workflow:\n' +
+  '  1. git checkout -b feature/<name>         \u2190 start here\n' +
+  '  2. bd create + bd update in_progress      track your work\n' +
+  '  3. Edit files / write code\n' +
+  '  4. bd close <id> && git add && git commit\n' +
+  '  5. git push -u origin feature/<name>\n' +
+  '  6. gh pr create --fill && gh pr merge --squash\n' +
+  '  7. git checkout master && git reset --hard origin/master\n';
+
+if (tool === 'Bash') {
+  const cmd = (input.tool_input?.command ?? '').trim().replace(/\s+/g, ' ');
+
+  // Emergency override — escape hatch for power users
+  if (process.env.MAIN_GUARD_ALLOW_BASH === '1') {
+    process.exit(0);
+  }
+
+  // Safe allowlist — non-mutating commands + explicit branch-exit paths.
+  // Important: do not allow generic checkout/switch forms, which include
+  // mutating variants such as `git checkout -- <path>`.
+  const SAFE_BASH_PATTERNS = [
+    /^git\s+(status|log|diff|branch|show|describe|fetch|remote|config)\b/,
+    /^git\s+pull\b/,
+    /^git\s+stash\b/,
+    /^git\s+worktree\b/,
+    /^git\s+checkout\s+-b\s+\S+/,
+    /^git\s+switch\s+-c\s+\S+/,
+    /^gh\s+/,
+    /^bd\s+/,
+  ];
+
+  if (SAFE_BASH_PATTERNS.some(p => p.test(cmd))) {
+    process.exit(0);
+  }
+
+  // Specific messages for common blocked operations
+  if (/^git\s+commit\b/.test(cmd)) {
+    process.stderr.write(
+      `\u26D4 Don't commit directly to '${branch}' \u2014 use a feature branch.\n\n` +
+      WORKFLOW
+    );
+    process.exit(2);
+  }
+
+  if (/^git\s+push\b/.test(cmd)) {
+    const tokens = cmd.split(' ');
+    const lastToken = tokens[tokens.length - 1];
+    const explicitProtected = protectedBranches.some(b => lastToken === b || lastToken.endsWith(`:${b}`));
+    const impliedProtected = tokens.length <= 3 && protectedBranches.includes(branch);
+    if (explicitProtected || impliedProtected) {
+      process.stderr.write(
+        `\u26D4 Don't push directly to '${branch}' \u2014 use the PR workflow.\n\n` +
+        'Next steps:\n' +
+        '  5. git push -u origin <feature-branch>     \u2190 push your branch\n' +
+        '  6. gh pr create --fill                      create PR\n' +
+        '     gh pr merge --squash                     merge it\n' +
+        '  7. git checkout master                      sync master\n' +
+        '     git reset --hard origin/master\n\n' +
+        "If you're not on a feature branch yet:\n" +
+        '  git checkout -b feature/<name>    (then re-commit and push)\n'
+      );
+      process.exit(2);
+    }
+    // Pushing to a feature branch — allow
+    process.exit(0);
+  }
+
+  // Default deny — block everything else on protected branches
+  process.stderr.write(
+    `\u26D4 Bash is restricted on '${branch}' \u2014 use a feature branch for file writes and script execution.\n\n` +
+    'Allowed on protected branches:\n' +
+    '  git status / log / diff / branch / fetch / pull / stash\n' +
+    '  git checkout -b <name>   (create feature branch \u2014 the exit path)\n' +
+    '  git switch -c <name>     (same)\n' +
+    '  git worktree / config\n' +
+    '  gh <any>                 (GitHub CLI)\n' +
+    '  bd <any>                 (beads issue tracking)\n\n' +
+    'To run arbitrary commands:\n' +
+    '  1. git checkout -b feature/<name>   \u2190 move to a feature branch, or\n' +
+    '  2. MAIN_GUARD_ALLOW_BASH=1 <command>  (escape hatch, use sparingly)\n'
+  );
+  process.exit(2);
+}
+
+process.exit(0);

package/package.json

@@ -1,11 +1,11 @@
 {
   "name": "xtrm-tools",
-  "version": "2.0.1",
+  "version": "2.0.3",
   "description": "Claude Code tools installer (skills, hooks, MCP servers)",
   "license": "MIT",
   "type": "module",
   "bin": {
-    "xtrm": "./cli/dist/index.cjs"
+    "xtrm": "cli/dist/index.cjs"
   },
   "files": [
     "README.md",
@@ -43,6 +43,7 @@
     "dotenv": "^17.3.1",
     "fs-extra": "^11.2.0",
     "kleur": "^4.1.5",
-    "prompts": "^2.4.2"
+    "prompts": "^2.4.2",
+    "xtrm-tools": "^2.0.2"
   }
 }

package/project-skills/py-quality-gate/.claude/settings.json

@@ -2,7 +2,7 @@
   "hooks": {
     "PostToolUse": [
       {
-        "matcher": "Write|Edit",
+        "matcher": "Write|Edit|MultiEdit",
         "hooks": [
           {
             "type": "command",