xtrm-tools 2.4.2 → 2.4.4

package/hooks/beads-memory-gate.mjs

@@ -11,7 +11,7 @@ import { execSync } from 'node:child_process';
 import { existsSync, unlinkSync } from 'node:fs';
 import { join } from 'node:path';
 import { readHookInput } from './beads-gate-core.mjs';
-import { resolveCwd, isBeadsProject, getSessionClaim } from './beads-gate-utils.mjs';
+import { resolveCwd, resolveSessionId, isBeadsProject, getSessionClaim, clearSessionClaim } from './beads-gate-utils.mjs';
 import { memoryPromptMessage } from './beads-gate-messages.mjs';
 
 const input = readHookInput();
@@ -20,35 +20,42 @@ if (!input) process.exit(0);
 const cwd = resolveCwd(input);
 if (!cwd || !isBeadsProject(cwd)) process.exit(0);
 
+const sessionId = resolveSessionId(input);
+
 // Agent signals evaluation complete by touching this marker, then stops again
 const marker = join(cwd, '.beads', '.memory-gate-done');
 if (existsSync(marker)) {
   try { unlinkSync(marker); } catch { /* ignore */ }
+  // Clear the claim and closed-this-session marker
+  clearSessionClaim(sessionId, cwd);
+  try {
+    execSync(`bd kv clear "closed-this-session:${sessionId}"`, {
+      cwd,
+      stdio: ['pipe', 'pipe', 'pipe'],
+      timeout: 5000,
+    });
+  } catch { /* ignore */ }
   process.exit(0);
 }
 
-// Only fire if this session had an active claim that is now closed
-const sessionId = input.session_id ?? null;
-if (!sessionId) process.exit(0);
-
-const claimId = getSessionClaim(sessionId, cwd);
-if (!claimId) process.exit(0); // no claim this session → no work to persist
-
-// Check if the claimed issue was closed this session
-let claimClosed = false;
+// Check if an issue was closed this session (set by beads-claim-sync on bd close)
+let closedIssueId = null;
 try {
-  const out = execSync('bd list --status=closed', {
+  closedIssueId = execSync(`bd kv get "closed-this-session:${sessionId}"`, {
     encoding: 'utf8',
     cwd,
     stdio: ['pipe', 'pipe', 'pipe'],
-    timeout: 8000,
-  });
-  claimClosed = out.includes(claimId);
-} catch {
+    timeout: 5000,
+  }).trim();
+} catch (err) {
+  if (err.status === 1) {
+    // No closed-this-session marker → nothing to prompt about
+    process.exit(0);
+  }
   process.exit(0); // fail open
 }
 
-if (!claimClosed) process.exit(0);
+if (!closedIssueId) process.exit(0);
 
 process.stderr.write(memoryPromptMessage());
 process.exit(2);

package/hooks/beads-stop-gate.mjs

@@ -11,52 +11,11 @@ import {
   decideStopGate,
 } from './beads-gate-core.mjs';
 import { withSafeBdContext } from './beads-gate-utils.mjs';
-import {
-  stopBlockMessage,
-  stopBlockWaitingMergeMessage,
-  stopBlockConflictingMessage,
-  stopWarnActiveWorktreeMessage,
-} from './beads-gate-messages.mjs';
-import { readSessionState } from './session-state.mjs';
+import { stopBlockMessage } from './beads-gate-messages.mjs';
 
 const input = readHookInput();
 if (!input) process.exit(0);
 
-function evaluateSessionState(cwd) {
-  const state = readSessionState(cwd);
-  if (!state) return { allow: true };
-
-  if (state.phase === 'cleanup-done' || state.phase === 'merged') {
-    return { allow: true, state };
-  }
-
-  if (state.phase === 'waiting-merge' || state.phase === 'pending-cleanup') {
-    return {
-      allow: false,
-      state,
-      message: stopBlockWaitingMergeMessage(state),
-    };
-  }
-
-  if (state.phase === 'conflicting') {
-    return {
-      allow: false,
-      state,
-      message: stopBlockConflictingMessage(state),
-    };
-  }
-
-  if (state.phase === 'claimed' || state.phase === 'phase1-done') {
-    return {
-      allow: true,
-      state,
-      warning: stopWarnActiveWorktreeMessage(state),
-    };
-  }
-
-  return { allow: true, state };
-}
-
 withSafeBdContext(() => {
   const ctx = resolveSessionContext(input);
   if (!ctx || !ctx.isBeadsProject) process.exit(0);
@@ -69,15 +28,5 @@ withSafeBdContext(() => {
     process.exit(2);
   }
 
-  const sessionDecision = evaluateSessionState(ctx.cwd);
-  if (!sessionDecision.allow) {
-    process.stderr.write(sessionDecision.message);
-    process.exit(2);
-  }
-
-  if (sessionDecision.warning) {
-    process.stderr.write(sessionDecision.warning);
-  }
-
   process.exit(0);
 });

package/hooks/branch-state.mjs

@@ -7,6 +7,7 @@
 import { execSync } from 'node:child_process';
 import { readFileSync, existsSync } from 'node:fs';
 import { join } from 'node:path';
+import { resolveSessionId } from './beads-gate-utils.mjs';
 
 function readInput() {
   try { return JSON.parse(readFileSync(0, 'utf-8')); } catch { return null; }
@@ -35,7 +36,7 @@ const input = readInput();
 if (!input) process.exit(0);
 
 const cwd = input.cwd || process.cwd();
-const sessionId = input.session_id ?? input.sessionId;
+const sessionId = resolveSessionId(input);
 const branch = getBranch(cwd);
 const isBeads = existsSync(join(cwd, '.beads'));
 const claim = isBeads && sessionId ? getSessionClaim(sessionId, cwd) : null;

package/hooks/guard-rules.mjs

@@ -46,6 +46,7 @@ export const DANGEROUS_BASH_PATTERNS = [
 ];
 
 export const SAFE_BASH_PREFIXES = [
+  // Git read-only
   'git status',
   'git log',
   'git diff',
@@ -60,10 +61,41 @@ export const SAFE_BASH_PREFIXES = [
   'git worktree',
   'git checkout -b',
   'git switch -c',
+  // Tools
   'gh',
   'bd',
-  'touch .beads/',
   'npx gitnexus',
+  'xtrm finish',
+  // Read-only filesystem
+  'cat',
+  'ls',
+  'head',
+  'tail',
+  'pwd',
+  'which',
+  'type',
+  'env',
+  'printenv',
+  'find',
+  'grep',
+  'rg',
+  'fd',
+  'wc',
+  'sort',
+  'uniq',
+  'cut',
+  'awk',
+  'jq',
+  'yq',
+  'bat',
+  'less',
+  'more',
+  'file',
+  'stat',
+  'du',
+  'tree',
+  // Allowed writes (specific paths)
+  'touch .beads/',
 ];
 
 export const NATIVE_TEAM_TOOLS = [

package/hooks/hooks.json

@@ -1,48 +1,6 @@
 {
   "hooks": {
-    "PreToolUse": [
-      {
-        "matcher": "Edit|Write|MultiEdit|NotebookEdit|mcp__serena__rename_symbol|mcp__serena__replace_symbol_body|mcp__serena__insert_after_symbol|mcp__serena__insert_before_symbol",
-        "hooks": [
-          {
-            "type": "command",
-            "command": "node ${CLAUDE_PLUGIN_ROOT}/hooks/main-guard.mjs",
-            "timeout": 5000
-          },
-          {
-            "type": "command",
-            "command": "node ${CLAUDE_PLUGIN_ROOT}/hooks/beads-edit-gate.mjs",
-            "timeout": 5000
-          }
-        ]
-      },
-      {
-        "matcher": "Bash",
-        "hooks": [
-          {
-            "type": "command",
-            "command": "node ${CLAUDE_PLUGIN_ROOT}/hooks/main-guard.mjs",
-            "timeout": 5000
-          },
-          {
-            "type": "command",
-            "command": "node ${CLAUDE_PLUGIN_ROOT}/hooks/beads-commit-gate.mjs",
-            "timeout": 5000
-          }
-        ]
-      }
-    ],
     "PostToolUse": [
-      {
-        "matcher": "Bash",
-        "hooks": [
-          {
-            "type": "command",
-            "command": "node ${CLAUDE_PLUGIN_ROOT}/hooks/main-guard-post-push.mjs",
-            "timeout": 5000
-          }
-        ]
-      },
       {
         "matcher": "Bash|execute_shell_command|bash",
         "hooks": [
@@ -110,6 +68,28 @@
         ]
       }
     ],
+    "PreToolUse": [
+      {
+        "matcher": "Edit|Write|MultiEdit|NotebookEdit|mcp__serena__rename_symbol|mcp__serena__replace_symbol_body|mcp__serena__insert_after_symbol|mcp__serena__insert_before_symbol",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "node ${CLAUDE_PLUGIN_ROOT}/hooks/beads-edit-gate.mjs",
+            "timeout": 5000
+          }
+        ]
+      },
+      {
+        "matcher": "Bash",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "node ${CLAUDE_PLUGIN_ROOT}/hooks/beads-commit-gate.mjs",
+            "timeout": 5000
+          }
+        ]
+      }
+    ],
     "PreCompact": [
       {
         "hooks": [

package/hooks/main-guard.mjs

@@ -5,7 +5,8 @@
 // Installed by: xtrm install
 
 import { execSync } from 'node:child_process';
-import { readFileSync } from 'node:fs';
+import { existsSync, readFileSync } from 'node:fs';
+import { join } from 'node:path';
 import { WRITE_TOOLS, SAFE_BASH_PREFIXES } from './guard-rules.mjs';
 
 let branch = '';
@@ -16,12 +17,10 @@ try {
   }).trim();
 } catch {}
 
-// Determine protected branches — env var override for tests and custom setups
 const protectedBranches = process.env.MAIN_GUARD_PROTECTED_BRANCHES
   ? process.env.MAIN_GUARD_PROTECTED_BRANCHES.split(',').map(b => b.trim()).filter(Boolean)
   : ['main', 'master'];
 
-// Not in a git repo or not on a protected branch — allow
 if (!branch || !protectedBranches.includes(branch)) {
   process.exit(0);
 }
@@ -34,70 +33,70 @@ try {
 }
 
 const tool = input.tool_name ?? '';
-const hookEventName = input.hook_event_name ?? 'PreToolUse';
+const cwd = input.cwd || process.cwd();
 
 function deny(reason) {
-  process.stdout.write(JSON.stringify({
-    decision: 'block',
-    reason,
-  }));
+  process.stdout.write(JSON.stringify({ decision: 'block', reason }));
   process.stdout.write('\n');
   process.exit(0);
 }
 
+function getSessionState(cwd) {
+  const statePath = join(cwd, '.xtrm-session-state.json');
+  if (!existsSync(statePath)) return null;
+  try {
+    return JSON.parse(readFileSync(statePath, 'utf8'));
+  } catch {
+    return null;
+  }
+}
+
+function normalizeGitCCommand(cmd) {
+  const match = cmd.match(/^git\s+-C\s+(?:"[^"]+"|'[^']+'|\S+)\s+(.+)$/);
+  if (match?.[1]) return `git ${match[1]}`;
+  return cmd;
+}
+
 if (WRITE_TOOLS.includes(tool)) {
   deny(`⛔ On '${branch}' — start on a feature branch and claim an issue.\n`
-    + '  git checkout -b feature/<name>\n'
+    + '  git checkout -b feature/<name>  (or: git switch -c feature/<name>)\n'
     + '  bd update <id> --claim\n');
 }
 
-const WORKFLOW =
-  '  1. git checkout -b feature/<name>\n'
-  + '  2. bd create + bd update in_progress\n'
-  + '  3. bd close <id> && git add && git commit\n'
-  + '  4. git push -u origin feature/<name>\n'
-  + '  5. gh pr create --fill && gh pr merge --squash\n';
-
 if (tool === 'Bash') {
   const cmd = (input.tool_input?.command ?? '').trim().replace(/\s+/g, ' ');
+  const normalizedCmd = normalizeGitCCommand(cmd);
+  const state = getSessionState(cwd);
 
-  // Emergency override — escape hatch for power users
   if (process.env.MAIN_GUARD_ALLOW_BASH === '1') {
     process.exit(0);
   }
 
-  // Enforce squash-only PR merges for linear history
-  // Must check BEFORE the gh allowlist pattern
   if (/^gh\s+pr\s+merge\b/.test(cmd)) {
     if (!/--squash\b/.test(cmd)) {
       deny('⛔ Squash only: gh pr merge --squash\n'
         + '  (override: MAIN_GUARD_ALLOW_BASH=1 gh pr merge --merge)\n');
     }
-    // --squash present — allow
     process.exit(0);
   }
 
-  // Safe allowlist — non-mutating commands + explicit branch-exit paths.
-  // Important: do not allow generic checkout/switch forms, which include
-  // mutating variants such as `git checkout -- <path>`.
   const SAFE_BASH_PATTERNS = [
     ...SAFE_BASH_PREFIXES.map(prefix => new RegExp(`^${prefix.replace(/[.*+?^${}()|[\]\\]/g, '\\$&')}\\b`)),
-    // Allow post-merge sync to protected branch only (not arbitrary origin refs)
     ...protectedBranches.map(b => new RegExp(`^git\\s+reset\\s+--hard\\s+origin/${b}\\b`)),
   ];
 
-  if (SAFE_BASH_PATTERNS.some(p => p.test(cmd))) {
+  if (SAFE_BASH_PATTERNS.some(p => p.test(cmd) || p.test(normalizedCmd))) {
     process.exit(0);
   }
 
-  // Specific messages for common blocked operations
-  if (/^git\s+commit\b/.test(cmd)) {
-    deny(`⛔ No commits on '${branch}' — use a feature branch.\n`
-      + '  git checkout -b feature/<name>\n');
+  if (/\bgit\s+commit\b/.test(normalizedCmd)) {
+    deny(`⛔ No commits on '${branch}' — use a feature branch/worktree.\n`
+      + '  git checkout -b feature/<name>\n'
+      + '  bd update <id> --claim\n');
   }
 
-  if (/^git\s+push\b/.test(cmd)) {
-    const tokens = cmd.split(' ');
+  if (/\bgit\s+push\b/.test(normalizedCmd)) {
+    const tokens = normalizedCmd.split(' ');
     const lastToken = tokens[tokens.length - 1];
     const explicitProtected = protectedBranches.some(b => lastToken === b || lastToken.endsWith(`:${b}`));
     const impliedProtected = tokens.length <= 3 && protectedBranches.includes(branch);
@@ -105,13 +104,15 @@ if (tool === 'Bash') {
       deny(`⛔ No direct push to '${branch}' — push a feature branch and open a PR.\n`
         + '  git push -u origin <feature-branch> && gh pr create --fill\n');
     }
-    // Pushing to a feature branch — allow
     process.exit(0);
   }
 
-  // Default deny — block everything else on protected branches
-  deny(`⛔ Bash restricted on '${branch}'. Allowed: git status/log/diff/pull/stash, gh, bd.\n`
-    + '  Exit: git checkout -b feature/<name>\n'
+  const handoff = state?.worktreePath
+    ? `  Active worktree session recorded: ${state.worktreePath}\n  (Current workaround) use feature branch flow until worktree bug is fixed.\n`
+    : '  Exit: git checkout -b feature/<name>  (or: git switch -c feature/<name>)\n  Then: bd update <id> --claim\n';
+
+  deny(`⛔ Bash restricted on '${branch}'. Allowed: read-only commands, gh, bd, git checkout -b, git switch -c.\n`
+    + handoff
     + '  Override: MAIN_GUARD_ALLOW_BASH=1 <cmd>\n');
 }
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "xtrm-tools",
-  "version": "2.4.2",
+  "version": "2.4.4",
   "description": "Claude Code tools installer (skills, hooks, MCP servers)",
   "license": "MIT",
   "type": "module",

package/config/pi/extensions/main-guard-post-push.ts

@@ -1,44 +0,0 @@
-import type { ExtensionAPI, ToolResultEvent } from "@mariozechner/pi-coding-agent";
-import { isBashToolResult } from "@mariozechner/pi-coding-agent";
-import { SubprocessRunner, Logger } from "./core/lib";
-
-const logger = new Logger({ namespace: "main-guard-post-push" });
-
-export default function (pi: ExtensionAPI) {
-	const getProtectedBranches = (): string[] => {
-		const env = process.env.MAIN_GUARD_PROTECTED_BRANCHES;
-		if (env) return env.split(",").map(b => b.trim()).filter(Boolean);
-		return ["main", "master"];
-	};
-
-	pi.on("tool_result", async (event, ctx) => {
-		const cwd = ctx.cwd || process.cwd();
-		if (!isBashToolResult(event) || event.isError) return undefined;
-
-		const cmd = event.input.command.trim();
-		if (!/\bgit\s+push\b/.test(cmd)) return undefined;
-
-		// Check if we pushed to a protected branch
-		const protectedBranches = getProtectedBranches();
-		const tokens = cmd.split(/\s+/);
-		const lastToken = tokens[tokens.length - 1];
-		if (protectedBranches.some(b => lastToken === b || lastToken.endsWith(`:${b}`))) {
-			return undefined;
-		}
-
-		// Success! Suggest PR workflow
-		const reminder = "\n\n**Main-Guard**: Push successful. Next steps:\n" +
-			"  1. `gh pr create --fill` (if not already open)\n" +
-			"  2. `gh pr merge --squash` (once approved)\n" +
-			"  3. `git checkout main && git reset --hard origin/main` (sync local)";
-
-		const newContent = [...event.content];
-		newContent.push({ type: "text", text: reminder });
-
-		if (ctx.hasUI) {
-			ctx.ui.notify("Main-Guard: Suggesting PR workflow", "info");
-		}
-
-		return { content: newContent };
-	});
-}

package/config/pi/extensions/main-guard.ts

@@ -1,122 +0,0 @@
-import type { ExtensionAPI, ToolCallEvent } from "@mariozechner/pi-coding-agent";
-import { isToolCallEventType } from "@mariozechner/pi-coding-agent";
-import { SubprocessRunner, EventAdapter, Logger } from "./core/lib";
-import { SAFE_BASH_PREFIXES, DANGEROUS_BASH_PATTERNS } from "./core/guard-rules";
-
-const logger = new Logger({ namespace: "main-guard" });
-
-export default function (pi: ExtensionAPI) {
-	const getProtectedBranches = (): string[] => {
-		const env = process.env.MAIN_GUARD_PROTECTED_BRANCHES;
-		if (env) return env.split(",").map(b => b.trim()).filter(Boolean);
-		return ["main", "master"];
-	};
-
-	const getCurrentBranch = async (cwd: string): Promise<string | null> => {
-		const result = await SubprocessRunner.run("git", ["branch", "--show-current"], { cwd });
-		if (result.code === 0) return result.stdout;
-		return null;
-	};
-
-	const protectedPaths = [".env", ".git/", "node_modules/"];
-
-	pi.on("tool_call", async (event, ctx) => {
-		const cwd = ctx.cwd || process.cwd();
-		
-		// 1. Safety Check: Protected Paths (Global)
-		if (EventAdapter.isMutatingFileTool(event)) {
-			const path = EventAdapter.extractPathFromToolInput(event, cwd);
-			if (path && protectedPaths.some((p) => path.includes(p))) {
-				const reason = `Path "${path}" is protected. Edits to sensitive system files are restricted.`;
-				if (ctx.hasUI) {
-					ctx.ui.notify(`Safety: Blocked edit to protected path`, "error");
-				}
-				return { block: true, reason };
-			}
-		}
-
-		// 2. Safety Check: Dangerous Commands (Global)
-		if (isToolCallEventType("bash", event)) {
-			const cmd = event.input.command.trim();
-			const dangerousRegexes = DANGEROUS_BASH_PATTERNS.map((pattern) => new RegExp(pattern));
-			const dangerousMatch = dangerousRegexes.some((rx) => rx.test(cmd));
-			if (dangerousMatch && !cmd.includes("--help")) {
-				if (ctx.hasUI) {
-					const ok = await ctx.ui.confirm("Dangerous Command", `Allow execution of: ${cmd}?`);
-					if (!ok) return { block: true, reason: "Blocked by user confirmation" };
-				} else {
-					return { block: true, reason: "Dangerous command blocked in non-interactive mode" };
-				}
-			}
-		}
-
-		// 3. Main-Guard: Branch Protection
-		const protectedBranches = getProtectedBranches();
-		const branch = await getCurrentBranch(cwd);
-
-		if (branch && protectedBranches.includes(branch)) {
-			// A. Mutating File Tools on Main
-			if (EventAdapter.isMutatingFileTool(event)) {
-				const reason = `On protected branch '${branch}' — start on a feature branch and claim an issue.\n  git checkout -b feature/<name>\n  bd update <id> --claim\n`;
-				if (ctx.hasUI) {
-					ctx.ui.notify(`Main-Guard: Blocked edit on ${branch}`, "error");
-				}
-				return { block: true, reason };
-			}
-
-			// B. Bash Commands on Main
-			if (isToolCallEventType("bash", event)) {
-				const cmd = event.input.command.trim();
-
-				// Emergency override
-				if (process.env.MAIN_GUARD_ALLOW_BASH === "1") return undefined;
-
-				// Enforce squash-only PR merges
-				if (/^gh\s+pr\s+merge\b/.test(cmd)) {
-					if (!/--squash\b/.test(cmd)) {
-						const reason = "Squash only: use `gh pr merge --squash` (or MAIN_GUARD_ALLOW_BASH=1)";
-						return { block: true, reason };
-					}
-					return undefined;
-				}
-
-				// Safe allowlist
-				const safePrefixRegexes = SAFE_BASH_PREFIXES.map((prefix) =>
-					new RegExp(`^${prefix.replace(/[.*+?^${}()|[\]\\]/g, "\\$&")}\\b`),
-				);
-				const safeResetRegexes = protectedBranches.map((b) => new RegExp(`^git\\s+reset\\s+--hard\\s+origin/${b}\\b`));
-				const SAFE_BASH_PATTERNS = [...safePrefixRegexes, ...safeResetRegexes];
-
-				if (SAFE_BASH_PATTERNS.some(p => p.test(cmd))) {
-					return undefined;
-				}
-
-				// Specific blocks
-				if (/\bgit\s+commit\b/.test(cmd)) {
-					return { block: true, reason: `No commits on '${branch}' — use a feature branch.\n  git checkout -b feature/<name>\n  bd update <id> --claim\n` };
-				}
-
-				if (/\bgit\s+push\b/.test(cmd)) {
-					const tokens = cmd.split(/\s+/);
-					const lastToken = tokens[tokens.length - 1];
-					const explicitProtected = protectedBranches.some(b => lastToken === b || lastToken.endsWith(`:${b}`));
-					const impliedProtected = tokens.length <= 3 && protectedBranches.includes(branch);
-					
-					if (explicitProtected || impliedProtected) {
-						return { block: true, reason: `No direct push to '${branch}' — push a feature branch and open a PR.` };
-					}
-					return undefined;
-				}
-
-				// Default deny
-				const reason = `Bash restricted on '${branch}'. Allowed: git status/log/diff/pull/stash, gh, bd.\n  Exit: git checkout -b feature/<name>\n  Then: bd update <id> --claim\n  Override: MAIN_GUARD_ALLOW_BASH=1 <cmd>\n`;
-				if (ctx.hasUI) {
-					ctx.ui.notify("Main-Guard: Command blocked", "error");
-				}
-				return { block: true, reason };
-			}
-		}
-
-		return undefined;
-	});
-}