xtrm-tools 2.1.17 → 2.1.21

package/hooks/beads-gate-messages.mjs

@@ -8,38 +8,27 @@
 // ── Shared workflow steps ────────────────────────────────────────────────────
 
 export const WORKFLOW_STEPS =
-  '  1. git checkout -b feature/<name>         ← start here\n' +
-  '  2. bd create + bd update in_progress      track your work\n' +
-  '  3. Edit files / write code\n' +
+  '  1. git checkout -b feature/<name>\n' +
+  '  2. bd create + bd update in_progress\n' +
+  '  3. Edit / write code\n' +
   '  4. bd close <id> && git add && git commit\n' +
   '  5. git push -u origin feature/<name>\n' +
   '  6. gh pr create --fill && gh pr merge --squash\n' +
-  '  7. git checkout master && git reset --hard origin/master\n';
+  '  7. git checkout master && git reset --hard origin/master\n';;
 
 export const SESSION_CLOSE_PROTOCOL =
-  '  3. bd close <id1> <id2> ...               close all in_progress issues\n' +
-  '  4. git add <files> && git commit -m "..."  commit your changes\n' +
-  '  5. git push -u origin <feature-branch>     push feature branch\n' +
-  '  6. gh pr create --fill                     create PR\n' +
-  '  7. gh pr merge --squash                    merge PR\n' +
-  '  8. git checkout master && git reset --hard origin/master\n';
+  '  bd close <id> → commit → push → gh pr create --fill → gh pr merge --squash\n';;
 
 export const COMMIT_NEXT_STEPS =
-  '  3. bd close <id1> <id2> ...             ← you are here\n' +
-  '  4. git add <files> && git commit -m "..."\n' +
-  '  5. git push -u origin <feature-branch>\n' +
-  '  6. gh pr create --fill && gh pr merge --squash\n' +
-  '  7. git checkout master && git reset --hard origin/master\n';
+  '  bd close <id> && git add && git commit\n' +
+  '  git push -u origin <feature-branch>\n' +
+  '  gh pr create --fill && gh pr merge --squash\n';;
 
 // ── Edit gate messages ───────────────────────────────────────────────────────
 
 export function editBlockMessage(sessionId) {
   return (
-    '🚫 BEADS GATE: This session has no active claim — claim an issue before editing files.\n\n' +
-    '  bd update <id> --status=in_progress\n' +
-    `  bd kv set "claimed:${sessionId}" "<id>"\n\n` +
-    'Or create a new issue:\n' +
-    '  bd create --title="<what you\'re doing>" --type=task --priority=2\n' +
+    '🚫 No active claim — claim an issue first.\n' +
     '  bd update <id> --status=in_progress\n' +
     `  bd kv set "claimed:${sessionId}" "<id>"\n`
   );
@@ -47,11 +36,9 @@ export function editBlockMessage(sessionId) {
 
 export function editBlockFallbackMessage() {
   return (
-    '🚫 BEADS GATE: No active issue — create one before editing files.\n\n' +
-    '  bd create --title="<what you\'re doing>" --type=task --priority=2\n' +
-    '  bd update <id> --status=in_progress\n\n' +
-    'Full workflow (do this every session):\n' +
-    WORKFLOW_STEPS
+    '🚫 No active issue — create one before editing.\n' +
+    '  bd create --title="<task>" --type=task --priority=2\n' +
+    '  bd update <id> --status=in_progress\n'
   );
 }
 
@@ -60,8 +47,8 @@ export function editBlockFallbackMessage() {
 export function commitBlockMessage(summary, claimed) {
   const issueSummary = summary ?? `  Claimed: ${claimed}`;
   return (
-    '🚫 BEADS GATE: Close open issues before committing.\n\n' +
-    `Open issues:\n${issueSummary}\n\n` +
+    '🚫 Close open issues before committing.\n\n' +
+    `${issueSummary}\n\n` +
     'Next steps:\n' + COMMIT_NEXT_STEPS
   );
 }
@@ -71,9 +58,9 @@ export function commitBlockMessage(summary, claimed) {
 export function stopBlockMessage(summary, claimed) {
   const issueSummary = summary ?? `  Claimed: ${claimed}`;
   return (
-    '🚫 BEADS STOP GATE: Unresolved issues — complete the session close protocol.\n\n' +
-    `Open issues:\n${issueSummary}\n\n` +
-    'Session close protocol:\n' + SESSION_CLOSE_PROTOCOL
+    '🚫 Unresolved issues — close before stopping.\n\n' +
+    `${issueSummary}\n\n` +
+    SESSION_CLOSE_PROTOCOL
   );
 }
 
@@ -81,12 +68,8 @@ export function stopBlockMessage(summary, claimed) {
 
 export function memoryPromptMessage() {
   return (
-    '🧠 MEMORY GATE: Before ending the session, evaluate this session\'s work.\n\n' +
-    'For each issue you worked on and closed, ask:\n' +
-    '  Is this a stable pattern, key decision, or solution I\'ll encounter again?\n\n' +
-    '  YES → bd remember "<precise, durable insight>"\n' +
-    '  NO  → explicitly note "nothing worth persisting" and continue\n\n' +
-    'When done, signal completion and stop again:\n' +
-    '  touch .beads/.memory-gate-done\n'
+    '🧠 Memory gate: for each closed issue, worth persisting?\n' +
+    '  YES → bd remember "<insight>"   NO → note "nothing to persist"\n' +
+    '  touch .beads/.memory-gate-done when done.\n'
   );
 }

package/hooks/main-guard.mjs

@@ -55,28 +55,16 @@ const WRITE_TOOLS = new Set([
 ]);
 
 if (WRITE_TOOLS.has(tool)) {
-  deny(
-    `⛔ You are on '${branch}' — never edit files directly on master.\n\n` +
-    'Full workflow:\n' +
-    '  1. git checkout -b feature/<name>         ← start here\n' +
-    '  2. bd create + bd update in_progress      track your work\n' +
-    '  3. Edit files / write code\n' +
-    '  4. bd close <id> && git add && git commit\n' +
-    '  5. git push -u origin feature/<name>\n' +
-    '  6. gh pr create --fill && gh pr merge --squash\n' +
-    '  7. git checkout master && git reset --hard origin/master\n'
-  );
+  deny(`⛔ On '${branch}' — checkout a feature branch first.\n`
+    + '  git checkout -b feature/<name>\n');
 }
 
 const WORKFLOW =
-  'Full workflow:\n' +
-  '  1. git checkout -b feature/<name>         \u2190 start here\n' +
-  '  2. bd create + bd update in_progress      track your work\n' +
-  '  3. Edit files / write code\n' +
-  '  4. bd close <id> && git add && git commit\n' +
-  '  5. git push -u origin feature/<name>\n' +
-  '  6. gh pr create --fill && gh pr merge --squash\n' +
-  '  7. git checkout master && git reset --hard origin/master\n';
+  '  1. git checkout -b feature/<name>\n'
+  + '  2. bd create + bd update in_progress\n'
+  + '  3. bd close <id> && git add && git commit\n'
+  + '  4. git push -u origin feature/<name>\n'
+  + '  5. gh pr create --fill && gh pr merge --squash\n';
 
 if (tool === 'Bash') {
   const cmd = (input.tool_input?.command ?? '').trim().replace(/\s+/g, ' ');
@@ -90,17 +78,8 @@ if (tool === 'Bash') {
   // Must check BEFORE the gh allowlist pattern
   if (/^gh\s+pr\s+merge\b/.test(cmd)) {
     if (!/--squash\b/.test(cmd)) {
-      deny(
-        `\u26D4 Only squash merges are allowed — use 'gh pr merge --squash'\n\n` +
-        'Why squash?\n' +
-        '  - Keeps history linear and easy to read\n' +
-        '  - One commit per PR = easy to revert\n' +
-        '  - Matches the workflow documented in AGENTS.md\n\n' +
-        'Correct usage:\n' +
-        '  gh pr merge --squash\n\n' +
-        'If you really need a merge commit, use:\n' +
-        '  MAIN_GUARD_ALLOW_BASH=1 gh pr merge --merge\n'
-      );
+      deny('⛔ Squash only: gh pr merge --squash\n'
+        + '  (override: MAIN_GUARD_ALLOW_BASH=1 gh pr merge --merge)\n');
     }
     // --squash present — allow
     process.exit(0);
@@ -129,10 +108,8 @@ if (tool === 'Bash') {
 
   // Specific messages for common blocked operations
   if (/^git\s+commit\b/.test(cmd)) {
-    deny(
-      `\u26D4 Don't commit directly to '${branch}' \u2014 use a feature branch.\n\n` +
-      WORKFLOW
-    );
+    deny(`⛔ No commits on '${branch}' — use a feature branch.\n`
+      + '  git checkout -b feature/<name>\n');
   }
 
   if (/^git\s+push\b/.test(cmd)) {
@@ -141,36 +118,17 @@ if (tool === 'Bash') {
     const explicitProtected = protectedBranches.some(b => lastToken === b || lastToken.endsWith(`:${b}`));
     const impliedProtected = tokens.length <= 3 && protectedBranches.includes(branch);
     if (explicitProtected || impliedProtected) {
-      deny(
-        `\u26D4 Don't push directly to '${branch}' \u2014 use the PR workflow.\n\n` +
-        'Next steps:\n' +
-        '  5. git push -u origin <feature-branch>     \u2190 push your branch\n' +
-        '  6. gh pr create --fill                      create PR\n' +
-        '     gh pr merge --squash                     merge it\n' +
-        '  7. git checkout master                      sync master\n' +
-        '     git reset --hard origin/master\n\n' +
-        "If you're not on a feature branch yet:\n" +
-        '  git checkout -b feature/<name>    (then re-commit and push)\n'
-      );
+      deny(`⛔ No direct push to '${branch}' — push a feature branch and open a PR.\n`
+        + '  git push -u origin <feature-branch> && gh pr create --fill\n');
     }
     // Pushing to a feature branch — allow
     process.exit(0);
   }
 
   // Default deny — block everything else on protected branches
-  deny(
-    `\u26D4 Bash is restricted on '${branch}' \u2014 use a feature branch for file writes and script execution.\n\n` +
-    'Allowed on protected branches:\n' +
-    '  git status / log / diff / branch / fetch / pull / stash\n' +
-    '  git checkout -b <name>   (create feature branch \u2014 the exit path)\n' +
-    '  git switch -c <name>     (same)\n' +
-    '  git worktree / config\n' +
-    '  gh <any>                 (GitHub CLI)\n' +
-    '  bd <any>                 (beads issue tracking)\n\n' +
-    'To run arbitrary commands:\n' +
-    '  1. git checkout -b feature/<name>   \u2190 move to a feature branch, or\n' +
-    '  2. MAIN_GUARD_ALLOW_BASH=1 <command>  (escape hatch, use sparingly)\n'
-  );
+  deny(`⛔ Bash restricted on '${branch}'. Allowed: git status/log/diff/pull/stash, gh, bd.\n`
+    + '  Exit: git checkout -b feature/<name>\n'
+    + '  Override: MAIN_GUARD_ALLOW_BASH=1 <cmd>\n');
 }
 
 process.exit(0);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "xtrm-tools",
-  "version": "2.1.17",
+  "version": "2.1.21",
   "description": "Claude Code tools installer (skills, hooks, MCP servers)",
   "license": "MIT",
   "type": "module",

package/config/pi/extensions/git-guard.ts

@@ -1,45 +0,0 @@
-/**
- * oh-pi Git Checkpoint Extension
- *
- * Auto-stash before each turn, notify on agent completion.
- * Combines git-checkpoint + notify + dirty-repo-guard.
- */
-import type { ExtensionAPI } from "@mariozechner/pi-coding-agent";
-
-function terminalNotify(title: string, body: string): void {
-  if (process.env.KITTY_WINDOW_ID) {
-    process.stdout.write(`\x1b]99;i=1:d=0;${title}\x1b\\`);
-    process.stdout.write(`\x1b]99;i=1:p=body;${body}\x1b\\`);
-  } else {
-    process.stdout.write(`\x1b]777;notify;${title};${body}\x07`);
-  }
-}
-
-export default function (pi: ExtensionAPI) {
-  let turnCount = 0;
-
-  // Warn on dirty repo at session start
-  pi.on("session_start", async (_event, ctx) => {
-    try {
-      const { stdout } = await pi.exec("git", ["status", "--porcelain"]);
-      if (stdout.trim() && ctx.hasUI) {
-        const lines = stdout.trim().split("\n").length;
-        ctx.ui.notify(`⚠️ Dirty repo: ${lines} uncommitted change(s)`, "warning");
-      }
-    } catch { /* not a git repo, ignore */ }
-  });
-
-  // Stash checkpoint before each turn
-  pi.on("turn_start", async () => {
-    turnCount++;
-    try {
-      await pi.exec("git", ["stash", "create", "-m", `oh-pi-turn-${turnCount}`]);
-    } catch { /* not a git repo */ }
-  });
-
-  // Notify when agent is done
-  pi.on("agent_end", async () => {
-    terminalNotify("oh-pi", `Done after ${turnCount} turn(s). Ready for input.`);
-    turnCount = 0;
-  });
-}

package/config/pi/extensions/safe-guard.ts

@@ -1,46 +0,0 @@
-/**
- * oh-pi Safe Guard Extension
- * 
- * Combines destructive command confirmation + protected paths in one extension.
- */
-import type { ExtensionAPI } from "@mariozechner/pi-coding-agent";
-
-export const DANGEROUS_PATTERNS = [
-  /\brm\s+(-[a-zA-Z]*f[a-zA-Z]*\s+|.*-rf\b|.*--force\b)/,
-  /\bsudo\s+rm\b/,
-  /\b(DROP|TRUNCATE|DELETE\s+FROM)\b/i,
-  /\bchmod\s+777\b/,
-  /\bmkfs\b/,
-  /\bdd\s+if=/,
-  />\s*\/dev\/sd[a-z]/,
-];
-
-export const PROTECTED_PATHS = [".env", ".git/", "node_modules/", ".pi/", "id_rsa", ".ssh/"];
-
-export default function (pi: ExtensionAPI) {
-  pi.on("tool_call", async (event, ctx) => {
-    // Check bash commands for dangerous patterns
-    if (event.toolName === "bash") {
-      const cmd = (event.input as { command?: string }).command ?? "";
-      const match = DANGEROUS_PATTERNS.find((p) => p.test(cmd));
-      if (match && ctx.hasUI) {
-        const ok = await ctx.ui.confirm("⚠️ Dangerous Command", `Execute: ${cmd}?`);
-        if (!ok) return { block: true, reason: "Blocked by user" };
-      }
-    }
-
-    // Check write/edit for protected paths
-    if (event.toolName === "write" || event.toolName === "edit") {
-      const path = (event.input as { path?: string }).path ?? "";
-      const hit = PROTECTED_PATHS.find((p) => path.includes(p));
-      if (hit) {
-        if (ctx.hasUI) {
-          const ok = await ctx.ui.confirm("🛡️ Protected Path", `Allow write to ${path}?`);
-          if (!ok) return { block: true, reason: `Protected path: ${hit}` };
-        } else {
-          return { block: true, reason: `Protected path: ${hit}` };
-        }
-      }
-    }
-  });
-}

package/hooks/gitnexus-impact-reminder.py

@@ -1,35 +0,0 @@
-#!/usr/bin/env python3
-import sys
-import os
-
-sys.path.append(os.path.dirname(os.path.abspath(__file__)))
-from agent_context import AgentContext
-
-EDIT_KEYWORDS = [
-    'fix', 'refactor', 'change', 'update', 'modify', 'edit',
-    'rename', 'move', 'delete', 'remove', 'rewrite', 'implement',
-    'add', 'replace', 'extract', 'migrate', 'upgrade',
-]
-
-REMINDER = """*** GITNEXUS: Run impact analysis before editing any symbol ***
-
-Before modifying a function, class, or method:
-  npx gitnexus impact <symbolName> --direction upstream --repo xtrm-tools
-
-Review d=1 items (WILL BREAK) before proceeding.
-Skip for docs, configs, and test-only changes.
-"""
-
-try:
-    ctx = AgentContext()
-
-    if ctx.event == 'UserPromptSubmit':
-        prompt_lower = ctx.prompt.lower()
-        if any(kw in prompt_lower for kw in EDIT_KEYWORDS):
-            ctx.allow(additional_context=REMINDER)
-
-    ctx.fail_open()
-
-except Exception as e:
-    print(f"Hook error: {e}", file=sys.stderr)
-    sys.exit(0)

package/hooks/test_agent_context.py

@@ -1,112 +0,0 @@
-#!/usr/bin/env python3
-"""Test AgentContext hook output formatting"""
-import json
-import sys
-from io import StringIO
-
-# Mock sys.stdin and sys.exit for testing
-class MockExit(Exception):
-    pass
-
-def test_hook_output(event_name, method_name, *args, **kwargs):
-    """Test a specific hook method and return its JSON output"""
-    import agent_context
-
-    # Prepare mock input
-    mock_input = {
-        "hook_event_name": event_name,
-        "tool_name": "Read",
-        "tool_input": {"file_path": "/test/file.txt"}
-    }
-
-    # Mock stdin
-    original_stdin = sys.stdin
-    original_exit = sys.exit
-    sys.stdin = StringIO(json.dumps(mock_input))
-
-    # Capture stdout
-    output_buffer = StringIO()
-    original_stdout = sys.stdout
-    sys.stdout = output_buffer
-
-    try:
-        ctx = agent_context.AgentContext()
-
-        # Call the method
-        method = getattr(ctx, method_name)
-        try:
-            method(*args, **kwargs)
-        except SystemExit:
-            pass  # Expected
-
-        # Get output
-        output = output_buffer.getvalue().strip()
-        return json.loads(output) if output else {}
-
-    finally:
-        sys.stdin = original_stdin
-        sys.stdout = original_stdout
-        sys.exit = original_exit
-
-def main():
-    print("Testing AgentContext hook output formats...\n")
-
-    # Test 1: PreToolUse allow() with systemMessage
-    print("Test 1: PreToolUse allow() with systemMessage")
-    output = test_hook_output("PreToolUse", "allow", system_message="Test message")
-    print(f"Output: {json.dumps(output, indent=2)}")
-    assert "systemMessage" in output, "Should have systemMessage"
-    assert output["hookSpecificOutput"]["hookEventName"] == "PreToolUse"
-    assert output["hookSpecificOutput"]["permissionDecision"] == "allow"
-    assert "decision" not in output, "Should NOT have top-level 'decision'"
-    print("✓ PASS\n")
-
-    # Test 2: PreToolUse allow() with additionalContext
-    print("Test 2: PreToolUse allow() with additionalContext")
-    output = test_hook_output("PreToolUse", "allow", additional_context="Extra context")
-    print(f"Output: {json.dumps(output, indent=2)}")
-    assert output["hookSpecificOutput"]["permissionDecision"] == "allow"
-    assert output["hookSpecificOutput"]["additionalContext"] == "Extra context"
-    print("✓ PASS\n")
-
-    # Test 3: UserPromptSubmit allow() with systemMessage (no permissionDecision)
-    print("Test 3: UserPromptSubmit allow() with systemMessage")
-    output = test_hook_output("UserPromptSubmit", "allow", system_message="Reminder")
-    print(f"Output: {json.dumps(output, indent=2)}")
-    assert "systemMessage" in output
-    assert "permissionDecision" not in output.get("hookSpecificOutput", {}), \
-        "UserPromptSubmit should NOT have permissionDecision"
-    print("✓ PASS\n")
-
-    # Test 4: UserPromptSubmit allow() with additionalContext
-    print("Test 4: UserPromptSubmit allow() with additionalContext")
-    output = test_hook_output("UserPromptSubmit", "allow", additional_context="Context")
-    print(f"Output: {json.dumps(output, indent=2)}")
-    assert output["hookSpecificOutput"]["additionalContext"] == "Context"
-    assert "permissionDecision" not in output["hookSpecificOutput"]
-    print("✓ PASS\n")
-
-    # Test 5: PreToolUse block()
-    print("Test 5: PreToolUse block()")
-    output = test_hook_output("PreToolUse", "block", "Dangerous operation")
-    print(f"Output: {json.dumps(output, indent=2)}")
-    assert output["hookSpecificOutput"]["permissionDecision"] == "deny"
-    assert output["hookSpecificOutput"]["permissionDecisionReason"] == "Dangerous operation"
-    assert "decision" not in output, "Should NOT have top-level 'decision'"
-    print("✓ PASS\n")
-
-    # Test 6: UserPromptSubmit block() (should use continue: false)
-    print("Test 6: UserPromptSubmit block()")
-    output = test_hook_output("UserPromptSubmit", "block", "Blocked")
-    print(f"Output: {json.dumps(output, indent=2)}")
-    assert output.get("continue") == False, "Should have continue: false"
-    assert output.get("stopReason") == "Blocked"
-    assert "permissionDecision" not in output.get("hookSpecificOutput", {})
-    print("✓ PASS\n")
-
-    print("=" * 50)
-    print("All tests passed! ✓")
-    print("=" * 50)
-
-if __name__ == "__main__":
-    main()