claude-jacked 0.2.7__py3-none-any.whl → 0.3.0__py3-none-any.whl

jacked/cli.py

@@ -32,11 +32,18 @@ def setup_logging(verbose: bool = False):
     )
 
 
-def get_config() -> SmartForkConfig:
-    """Load configuration from environment."""
+def get_config(quiet: bool = False) -> Optional[SmartForkConfig]:
+    """Load configuration from environment.
+
+    Args:
+        quiet: If True, return None instead of printing error and exiting.
+               Used by hooks that should fail gracefully.
+    """
     try:
         return SmartForkConfig.from_env()
     except ValueError as e:
+        if quiet:
+            return None
         console.print(f"[red]Configuration error:[/red] {e}")
         console.print("\nSet these environment variables:")
         console.print("  QDRANT_CLAUDE_SESSIONS_ENDPOINT=<your-qdrant-url>")
@@ -44,6 +51,19 @@ def get_config() -> SmartForkConfig:
         sys.exit(1)
 
 
+def _require_search(command_name: str) -> bool:
+    """Check if qdrant-client is installed. If not, print helpful error and return False."""
+    try:
+        import qdrant_client  # noqa: F401
+        return True
+    except ImportError:
+        console.print(f"[red]Error:[/red] '{command_name}' requires the search extra.")
+        console.print('\nInstall it with:')
+        console.print('  [bold]pip install "claude-jacked[search]"[/bold]')
+        console.print('  [bold]pipx install "claude-jacked[search]"[/bold]')
+        return False
+
+
 @click.group()
 @click.option("--verbose", "-v", is_flag=True, help="Enable verbose logging")
 def main(verbose: bool):
@@ -59,11 +79,32 @@ def index(session: Optional[str], repo: Optional[str]):
     Index a Claude session to Qdrant.
 
     If SESSION is not provided, indexes the current session (from CLAUDE_SESSION_ID).
+    Requires: pip install "claude-jacked[search]"
     """
     import os
+
+    # Check if qdrant is available
+    try:
+        import qdrant_client  # noqa: F401
+    except ImportError:
+        # If called from Stop hook (CLAUDE_SESSION_ID set), exit silently
+        # If called manually, show helpful message
+        if os.getenv("CLAUDE_SESSION_ID") and not session:
+            sys.exit(0)
+        else:
+            console.print("[red]Error:[/red] 'index' requires the search extra.")
+            console.print('\nInstall it with:')
+            console.print('  [bold]pip install "claude-jacked[search]"[/bold]')
+            sys.exit(1)
+
     from jacked.indexer import SessionIndexer
 
-    config = get_config()
+    # Try to get config quietly - if not configured, nudge and exit cleanly
+    config = get_config(quiet=True)
+    if config is None:
+        print("[jacked] Indexing skipped - run 'jacked configure' to set up Qdrant")
+        sys.exit(0)
+
     indexer = SessionIndexer(config)
 
     if session:
@@ -133,7 +174,10 @@ def index(session: Optional[str], repo: Optional[str]):
 @click.option("--repo", "-r", help="Filter by repository name pattern")
 @click.option("--force", "-f", is_flag=True, help="Re-index all sessions")
 def backfill(repo: Optional[str], force: bool):
-    """Index all existing Claude sessions."""
+    """Index all existing Claude sessions. Requires: pip install "claude-jacked[search]" """
+    if not _require_search("backfill"):
+        sys.exit(1)
+
     from jacked.indexer import SessionIndexer
 
     config = get_config()
@@ -175,9 +219,11 @@ def backfill(repo: Optional[str], force: bool):
 def search(query: str, repo: Optional[str], limit: int, mine: bool, user: Optional[str], content_types: tuple):
     """Search for sessions by semantic similarity with multi-factor ranking.
 
-    By default, searches plan, subagent_summary, summary_label, and user_message content.
-    Use --type to filter to specific content types.
+    Requires: pip install "claude-jacked[search]"
     """
+    if not _require_search("search"):
+        sys.exit(1)
+
     import os
     from jacked.searcher import SessionSearcher
 
@@ -292,13 +338,11 @@ def search(query: str, repo: Optional[str], limit: int, mine: bool, user: Option
 def retrieve(session_id: str, output: Optional[str], summary: bool, mode: str, max_tokens: int, inject: bool):
     """Retrieve a session's context with smart mode support.
 
-    Modes:
-      smart  - Plan + agent summaries + labels + user messages (default)
-      plan   - Just the plan file
-      labels - Just summary labels (tiny)
-      agents - All subagent summaries
-      full   - Everything including full transcript
+    Requires: pip install "claude-jacked[search]"
     """
+    if not _require_search("retrieve"):
+        sys.exit(1)
+
     from jacked.retriever import SessionRetriever
 
     config = get_config()
@@ -369,7 +413,10 @@ def retrieve(session_id: str, output: Optional[str], summary: bool, mode: str, m
 @click.option("--repo", "-r", help="Filter by repository path")
 @click.option("--limit", "-n", default=20, help="Maximum results")
 def list_sessions(repo: Optional[str], limit: int):
-    """List indexed sessions."""
+    """List indexed sessions. Requires: pip install "claude-jacked[search]" """
+    if not _require_search("sessions"):
+        sys.exit(1)
+
     from jacked.client import QdrantSessionClient
 
     config = get_config()
@@ -407,7 +454,10 @@ def list_sessions(repo: Optional[str], limit: int):
 @click.argument("session_id")
 @click.option("--yes", "-y", is_flag=True, help="Skip confirmation")
 def delete(session_id: str, yes: bool):
-    """Delete a session from the index."""
+    """Delete a session from the index. Requires: pip install "claude-jacked[search]" """
+    if not _require_search("delete"):
+        sys.exit(1)
+
     from jacked.client import QdrantSessionClient
 
     config = get_config()
@@ -427,9 +477,11 @@ def cleardb():
     """
     Delete ALL your indexed data from Qdrant.
 
-    Only deletes YOUR data (matching your user_name), not teammates' data.
-    Use this before re-indexing with a new schema or to start fresh.
+    Requires: pip install "claude-jacked[search]"
     """
+    if not _require_search("cleardb"):
+        sys.exit(1)
+
     from jacked.client import QdrantSessionClient
 
     config = get_config()
@@ -468,7 +520,10 @@ def cleardb():
 
 @main.command()
 def status():
-    """Show indexing health and Qdrant connectivity."""
+    """Show indexing health and Qdrant connectivity. Requires: pip install "claude-jacked[search]" """
+    if not _require_search("status"):
+        sys.exit(1)
+
     from jacked.client import QdrantSessionClient
 
     config = get_config()
@@ -570,8 +625,6 @@ def configure(show: bool):
     console.print("[dim]Run 'jacked configure --show' to see current values[/dim]")
 
 
-# Import for configure command
-from jacked.config import SmartForkConfig
 
 
 def _get_data_root() -> Path:
@@ -623,6 +676,8 @@ def _get_sound_command(hook_type: str) -> str:
 
 def _install_sound_hooks(existing: dict, settings_path: Path):
     """Install sound notification hooks."""
+    import json
+
     marker = _sound_hook_marker()
 
     # Notification hook
@@ -680,10 +735,310 @@ def _remove_sound_hooks(settings_path: Path) -> bool:
     return modified
 
 
+def _get_behavioral_rules() -> str:
+    """Load behavioral rules from data file."""
+    rules_path = _get_data_root() / "rules" / "jacked_behaviors.md"
+    if not rules_path.exists():
+        raise FileNotFoundError(f"Behavioral rules not found: {rules_path}")
+    return rules_path.read_text(encoding="utf-8").strip()
+
+
+def _behavioral_rules_marker() -> str:
+    """Start marker for jacked behavioral rules block."""
+    return "# jacked-behaviors-v2"
+
+
+def _behavioral_rules_end_marker() -> str:
+    """End marker for jacked behavioral rules block."""
+    return "# end-jacked-behaviors"
+
+
+def _install_behavioral_rules(claude_md_path: Path):
+    """Install behavioral rules into CLAUDE.md with marker boundaries.
+
+    - Show rules before writing, require confirmation
+    - Backup file before first modification
+    - Atomic write (build in memory, write once)
+    - Skip if already installed with same version
+    """
+    import shutil
+
+    try:
+        rules_text = _get_behavioral_rules()
+    except FileNotFoundError as e:
+        console.print(f"[red][FAIL][/red] {e}")
+        console.print("[yellow]Skipping behavioral rules installation[/yellow]")
+        return
+
+    start_marker = _behavioral_rules_marker()
+    end_marker = _behavioral_rules_end_marker()
+
+    # Read existing content
+    existing_content = ""
+    if claude_md_path.exists():
+        existing_content = claude_md_path.read_text(encoding="utf-8")
+
+    # Check if already installed (any version)
+    marker_prefix = "# jacked-behaviors-v"
+    has_start = marker_prefix in existing_content
+    has_end = end_marker in existing_content
+
+    # Orphaned marker detection: start without end (or end without start)
+    if has_start != has_end:
+        which = "start" if has_start else "end"
+        missing = "end" if has_start else "start"
+        console.print(f"[red][FAIL][/red] Found {which} marker but no {missing} marker in CLAUDE.md")
+        console.print("Your CLAUDE.md has a corrupted jacked rules block. Please fix it manually:")
+        console.print(f"  Start marker: {start_marker}")
+        console.print(f"  End marker: {end_marker}")
+        return
+
+    has_existing = has_start and has_end
+    if has_existing:
+        # Extract existing block (find the versioned start marker)
+        start_idx = existing_content.index(marker_prefix)
+        end_idx = existing_content.index(end_marker) + len(end_marker)
+        existing_block = existing_content[start_idx:end_idx].strip()
+
+        if existing_block == rules_text:
+            console.print("[yellow][-][/yellow] Behavioral rules already configured correctly")
+            return
+        else:
+            # Version upgrade needed
+            console.print("\n[bold]Behavioral rules update available:[/bold]")
+            console.print(f"[dim]{rules_text}[/dim]")
+            if not click.confirm("Update behavioral rules in CLAUDE.md?"):
+                console.print("[yellow][-][/yellow] Skipped behavioral rules update")
+                return
+
+            # Backup before modifying
+            backup_path = claude_md_path.with_suffix(".md.pre-jacked")
+            if not backup_path.exists():
+                shutil.copy2(claude_md_path, backup_path)
+                console.print(f"[dim]Backup: {backup_path}[/dim]")
+
+            # Replace the block (symmetric with _remove_behavioral_rules)
+            before = existing_content[:start_idx].rstrip("\n")
+            after = existing_content[end_idx:].lstrip("\n")
+            if before and after:
+                new_content = before + "\n\n" + rules_text + "\n\n" + after
+            elif before:
+                new_content = before + "\n\n" + rules_text + "\n"
+            else:
+                new_content = rules_text + "\n" + after if after else rules_text + "\n"
+            try:
+                claude_md_path.write_text(new_content, encoding="utf-8")
+            except PermissionError:
+                console.print(f"[red][FAIL][/red] Permission denied writing to {claude_md_path}")
+                console.print("Check file permissions and try again.")
+                return
+            console.print("[green][OK][/green] Updated behavioral rules to latest version")
+            return
+
+    # Fresh install - show and confirm
+    console.print("\n[bold]Proposed behavioral rules for ~/.claude/CLAUDE.md:[/bold]")
+    console.print(f"[dim]{rules_text}[/dim]")
+    if not click.confirm("Add these behavioral rules to your global CLAUDE.md?"):
+        console.print("[yellow][-][/yellow] Skipped behavioral rules")
+        return
+
+    # Backup before modifying (if file exists and no backup yet)
+    if claude_md_path.exists():
+        backup_path = claude_md_path.with_suffix(".md.pre-jacked")
+        if not backup_path.exists():
+            shutil.copy2(claude_md_path, backup_path)
+            console.print(f"[dim]Backup: {backup_path}[/dim]")
+
+    # Ensure parent directory exists
+    claude_md_path.parent.mkdir(parents=True, exist_ok=True)
+
+    # Build new content atomically
+    if existing_content and not existing_content.endswith("\n\n"):
+        if existing_content.endswith("\n"):
+            new_content = existing_content + "\n" + rules_text + "\n"
+        else:
+            new_content = existing_content + "\n\n" + rules_text + "\n"
+    else:
+        new_content = existing_content + rules_text + "\n"
+
+    try:
+        claude_md_path.write_text(new_content, encoding="utf-8")
+    except PermissionError:
+        console.print(f"[red][FAIL][/red] Permission denied writing to {claude_md_path}")
+        console.print("Check file permissions and try again.")
+        return
+    console.print("[green][OK][/green] Installed behavioral rules in CLAUDE.md")
+
+
+def _remove_behavioral_rules(claude_md_path: Path) -> bool:
+    """Remove jacked behavioral rules block from CLAUDE.md.
+
+    Returns True if rules were found and removed.
+    """
+    if not claude_md_path.exists():
+        return False
+
+    content = claude_md_path.read_text(encoding="utf-8")
+    marker_prefix = "# jacked-behaviors-v"
+    end_marker = _behavioral_rules_end_marker()
+
+    if marker_prefix not in content or end_marker not in content:
+        return False
+
+    start_idx = content.index(marker_prefix)
+    end_idx = content.index(end_marker) + len(end_marker)
+
+    # Strip the block and any extra blank lines around it
+    before = content[:start_idx].rstrip("\n")
+    after = content[end_idx:].lstrip("\n")
+
+    if before and after:
+        new_content = before + "\n\n" + after
+    elif before:
+        new_content = before + "\n"
+    else:
+        new_content = after
+
+    try:
+        claude_md_path.write_text(new_content, encoding="utf-8")
+    except PermissionError:
+        console.print(f"[red][FAIL][/red] Permission denied writing to {claude_md_path}")
+        return False
+    return True
+
+
+def _security_hook_marker() -> str:
+    """Marker to identify jacked security gatekeeper hooks."""
+    return "# jacked-security"
+
+
+
+def _install_security_hook(existing: dict, settings_path: Path):
+    """Install security gatekeeper command hook for Bash PreToolUse events.
+
+    Uses a PreToolUse command hook (blocking) that calls a Python script.
+    The script evaluates commands via local rules, Anthropic API, or claude -p
+    and returns permissionDecision:"allow" to auto-approve safe commands.
+
+    Handles fresh install, version upgrades, and migration from PermissionRequest.
+    """
+    import json
+    import shutil
+
+    marker = _security_hook_marker()
+    script_path = _get_data_root() / "hooks" / "security_gatekeeper.py"
+
+    if not script_path.exists():
+        console.print(f"[red][FAIL][/red] Security gatekeeper script not found: {script_path}")
+        console.print("[yellow]Skipping security gatekeeper installation[/yellow]")
+        return
+
+    # Find python executable — prefer the one running this process
+    python_exe = sys.executable
+    if not python_exe or not Path(python_exe).exists():
+        python_exe = shutil.which("python3") or shutil.which("python") or "python"
+
+    # Use forward slashes for the command (works on Windows too)
+    python_path = str(Path(python_exe)).replace("\\", "/")
+    script_str = str(script_path).replace("\\", "/")
+    command_str = f"{python_path} {script_str}"
+
+    # Migrate: remove old PermissionRequest hooks with our marker
+    if "PermissionRequest" in existing.get("hooks", {}):
+        old_hooks = existing["hooks"]["PermissionRequest"]
+        before = len(old_hooks)
+        existing["hooks"]["PermissionRequest"] = [
+            h for h in old_hooks
+            if marker not in str(h) and "security_gatekeeper" not in str(h)
+        ]
+        if len(existing["hooks"]["PermissionRequest"]) < before:
+            console.print("[green][OK][/green] Migrated security hook from PermissionRequest to PreToolUse")
+
+    if "PreToolUse" not in existing["hooks"]:
+        existing["hooks"]["PreToolUse"] = []
+
+    # Check if already installed and whether it needs upgrading
+    hook_index = None
+    needs_upgrade = False
+    for i, hook_entry in enumerate(existing["hooks"]["PreToolUse"]):
+        hook_str = str(hook_entry)
+        if marker in hook_str or "security_gatekeeper" in hook_str:
+            hook_index = i
+            for h in hook_entry.get("hooks", []):
+                installed_cmd = h.get("command", "")
+                if installed_cmd != command_str:
+                    needs_upgrade = True
+            break
+
+    if hook_index is not None and not needs_upgrade:
+        console.print("[yellow][-][/yellow] Security gatekeeper hook already configured")
+        return
+
+    hook_entry = {
+        "matcher": "Bash",
+        "hooks": [{
+            "type": "command",
+            "command": command_str,
+            "timeout": 30,
+        }]
+    }
+
+    if hook_index is not None and needs_upgrade:
+        existing["hooks"]["PreToolUse"][hook_index] = hook_entry
+        settings_path.write_text(json.dumps(existing, indent=2))
+        console.print("[green][OK][/green] Updated security gatekeeper to latest version")
+    else:
+        existing["hooks"]["PreToolUse"].append(hook_entry)
+        settings_path.parent.mkdir(parents=True, exist_ok=True)
+        settings_path.write_text(json.dumps(existing, indent=2))
+        console.print("[green][OK][/green] Installed security gatekeeper (PreToolUse, blocking)")
+
+
+def _remove_security_hook(settings_path: Path) -> bool:
+    """Remove jacked security gatekeeper hook. Returns True if removed.
+
+    Checks both PreToolUse (current) and PermissionRequest (legacy).
+    """
+    import json
+
+    if not settings_path.exists():
+        return False
+
+    settings = json.loads(settings_path.read_text())
+    marker = _security_hook_marker()
+    modified = False
+
+    for hook_type in ["PreToolUse", "PermissionRequest"]:
+        if hook_type not in settings.get("hooks", {}):
+            continue
+        before = len(settings["hooks"][hook_type])
+        settings["hooks"][hook_type] = [
+            h for h in settings["hooks"][hook_type]
+            if marker not in str(h)
+        ]
+        if len(settings["hooks"][hook_type]) < before:
+            modified = True
+
+    if modified:
+        settings_path.write_text(json.dumps(settings, indent=2))
+        console.print("[green][OK][/green] Removed security gatekeeper hook")
+        return True
+
+    return False
+
+
 @main.command()
 @click.option("--sounds", is_flag=True, help="Install sound notification hooks")
-def install(sounds: bool):
-    """Auto-install hook config, skill, agents, and commands."""
+@click.option("--search", is_flag=True, help="Install session indexing hook (requires [search] extra)")
+@click.option("--security", is_flag=True, help="Install security gatekeeper hook (requires [security] extra)")
+@click.option("--no-rules", is_flag=True, help="Skip behavioral rules in CLAUDE.md")
+def install(sounds: bool, search: bool, security: bool, no_rules: bool):
+    """Auto-install skill, agents, commands, and optional hooks.
+
+    Base install: agents, commands, behavioral rules, /jacked skill.
+    Use --search to add session indexing (requires qdrant-client).
+    Use --security to add security gatekeeper (requires anthropic SDK).
+    """
     import os
     import json
     import shutil
@@ -691,22 +1046,16 @@ def install(sounds: bool):
     home = Path.home()
     pkg_root = _get_data_root()
 
-    # Hook configuration - assumes jacked is on PATH (installed via pipx)
-    hook_config = {
-        "hooks": {
-            "Stop": [
-                {
-                    "matcher": "",
-                    "hooks": [
-                        {
-                            "type": "command",
-                            "command": 'jacked index --repo "$CLAUDE_PROJECT_DIR"'
-                        }
-                    ]
-                }
-            ]
-        }
-    }
+    # Auto-detect extras: if the package is installed, enable by default
+    has_qdrant = False
+    try:
+        import qdrant_client  # noqa: F401
+        has_qdrant = True
+    except ImportError:
+        pass
+
+    install_search = search or has_qdrant
+    install_security = security
 
     console.print("[bold]Installing Jacked...[/bold]\n")
 
@@ -720,25 +1069,47 @@ def install(sounds: bool):
     else:
         existing = {}
 
-    # Merge hook config
     if "hooks" not in existing:
         existing["hooks"] = {}
     if "Stop" not in existing["hooks"]:
         existing["hooks"]["Stop"] = []
 
-    # Check if hook already exists
-    hook_exists = any(
-        "jacked" in str(h.get("hooks", []))
-        for h in existing["hooks"]["Stop"]
-    )
+    # Stop hook for session indexing — only if search extra available
+    if install_search:
+        hook_config_stop = {
+            "matcher": "",
+            "hooks": [
+                {
+                    "type": "command",
+                    "command": 'jacked index --repo "$CLAUDE_PROJECT_DIR"',
+                    "async": True
+                }
+            ]
+        }
 
-    if not hook_exists:
-        existing["hooks"]["Stop"].append(hook_config["hooks"]["Stop"][0])
-        settings_path.parent.mkdir(parents=True, exist_ok=True)
-        settings_path.write_text(json.dumps(existing, indent=2))
-        console.print(f"[green][OK][/green] Added Stop hook to {settings_path}")
+        hook_index = None
+        needs_async_update = False
+        for i, hook_entry in enumerate(existing["hooks"]["Stop"]):
+            for h in hook_entry.get("hooks", []):
+                if "jacked" in h.get("command", ""):
+                    hook_index = i
+                    if not h.get("async"):
+                        needs_async_update = True
+                    break
+
+        if hook_index is None:
+            existing["hooks"]["Stop"].append(hook_config_stop)
+            settings_path.parent.mkdir(parents=True, exist_ok=True)
+            settings_path.write_text(json.dumps(existing, indent=2))
+            console.print(f"[green][OK][/green] Added Stop hook (session indexing)")
+        elif needs_async_update:
+            existing["hooks"]["Stop"][hook_index] = hook_config_stop
+            settings_path.write_text(json.dumps(existing, indent=2))
+            console.print(f"[green][OK][/green] Updated Stop hook with async: true")
+        else:
+            console.print(f"[yellow][-][/yellow] Stop hook already configured")
     else:
-        console.print(f"[yellow][-][/yellow] Stop hook already exists in {settings_path}")
+        console.print("[dim][-][/dim] Skipping session indexing hook (install [search] extra to enable)")
 
     # Copy skill file with Python path templating
     # Claude Code expects skills in subdirectories with SKILL.md
@@ -754,29 +1125,59 @@ def install(sounds: bool):
     else:
         console.print(f"[yellow][-][/yellow] Skill file not found at {skill_src}")
 
-    # Copy agents
+    # Copy agents (with conflict detection)
     agents_src = pkg_root / "agents"
     agents_dst = home / ".claude" / "agents"
     if agents_src.exists():
         agents_dst.mkdir(parents=True, exist_ok=True)
         agent_count = 0
+        skipped = 0
         for agent_file in agents_src.glob("*.md"):
-            shutil.copy(agent_file, agents_dst / agent_file.name)
+            dst_file = agents_dst / agent_file.name
+            src_content = agent_file.read_text(encoding="utf-8")
+            if dst_file.exists():
+                dst_content = dst_file.read_text(encoding="utf-8")
+                if src_content == dst_content:
+                    skipped += 1
+                    continue  # Same content, skip silently
+                # Different content - ask before overwriting
+                if not click.confirm(f"Agent '{agent_file.name}' exists with different content. Overwrite?"):
+                    console.print(f"[yellow][-][/yellow] Skipped {agent_file.name}")
+                    continue
+            shutil.copy(agent_file, dst_file)
             agent_count += 1
-        console.print(f"[green][OK][/green] Installed {agent_count} agents")
+        msg = f"[green][OK][/green] Installed {agent_count} agents"
+        if skipped:
+            msg += f" ({skipped} unchanged)"
+        console.print(msg)
     else:
         console.print(f"[yellow][-][/yellow] Agents directory not found")
 
-    # Copy commands
+    # Copy commands (with conflict detection)
     commands_src = pkg_root / "commands"
     commands_dst = home / ".claude" / "commands"
     if commands_src.exists():
         commands_dst.mkdir(parents=True, exist_ok=True)
         cmd_count = 0
+        skipped = 0
         for cmd_file in commands_src.glob("*.md"):
-            shutil.copy(cmd_file, commands_dst / cmd_file.name)
+            dst_file = commands_dst / cmd_file.name
+            src_content = cmd_file.read_text(encoding="utf-8")
+            if dst_file.exists():
+                dst_content = dst_file.read_text(encoding="utf-8")
+                if src_content == dst_content:
+                    skipped += 1
+                    continue  # Same content, skip silently
+                # Different content - ask before overwriting
+                if not click.confirm(f"Command '{cmd_file.name}' exists with different content. Overwrite?"):
+                    console.print(f"[yellow][-][/yellow] Skipped {cmd_file.name}")
+                    continue
+            shutil.copy(cmd_file, dst_file)
             cmd_count += 1
-        console.print(f"[green][OK][/green] Installed {cmd_count} commands")
+        msg = f"[green][OK][/green] Installed {cmd_count} commands"
+        if skipped:
+            msg += f" ({skipped} unchanged)"
+        console.print(msg)
     else:
         console.print(f"[yellow][-][/yellow] Commands directory not found")
 
@@ -784,24 +1185,55 @@ def install(sounds: bool):
     if sounds:
         _install_sound_hooks(existing, settings_path)
 
+    # Install security gatekeeper — only if --security flag passed
+    if install_security:
+        _install_security_hook(existing, settings_path)
+    else:
+        console.print("[dim][-][/dim] Skipping security gatekeeper (use --security to enable)")
+
+    # Install behavioral rules in CLAUDE.md (default on, --no-rules to skip)
+    if not no_rules:
+        claude_md_path = home / ".claude" / "CLAUDE.md"
+        _install_behavioral_rules(claude_md_path)
+
     console.print("\n[bold]Installation complete![/bold]")
     console.print("\n[yellow]IMPORTANT: Restart Claude Code for new commands to take effect![/yellow]")
     console.print("\nWhat you get:")
     console.print("  - /jacked - Search past Claude sessions")
     console.print("  - /dc - Double-check reviewer")
     console.print("  - /pr - PR workflow helper")
+    console.print("  - /learn - Distill lessons into CLAUDE.md rules")
+    console.print("  - /techdebt - Project tech debt audit")
+    console.print("  - /redo - Scrap and re-implement with hindsight")
+    console.print("  - /audit-rules - CLAUDE.md quality audit")
     console.print("  - 10 specialized agents (readme, wiki, tests, etc.)")
+    if install_search:
+        console.print("  - Session indexing hook (auto-indexes after each response)")
+    if install_security:
+        console.print("  - Security gatekeeper (auto-approves safe Bash commands)")
+    if not no_rules:
+        console.print("  - Behavioral rules in CLAUDE.md")
+
+    # Show next steps based on what's installed
     console.print("\nNext steps:")
     console.print("  1. Restart Claude Code (exit and run 'claude' again)")
-    console.print("  2. Set environment variables (run 'jacked configure' for help)")
-    console.print("  3. Run 'jacked backfill' to index existing sessions")
-    console.print("  4. Use '/jacked <description>' in Claude to search past sessions")
+    if install_search:
+        console.print("  2. Set Qdrant credentials (run 'jacked configure' for help)")
+        console.print("  3. Run 'jacked backfill' to index existing sessions")
+        console.print("  4. Use '/jacked <description>' to search past sessions")
+    else:
+        console.print("\nOptional extras:")
+        console.print('  pip install "claude-jacked[search]"    # Session search via Qdrant')
+        console.print('  pip install "claude-jacked[security]"  # Auto-approve safe Bash commands')
+        console.print('  pip install "claude-jacked[all]"       # Everything')
 
 
 @main.command()
 @click.option("--yes", "-y", is_flag=True, help="Skip confirmation")
 @click.option("--sounds", is_flag=True, help="Remove only sound hooks")
-def uninstall(yes: bool, sounds: bool):
+@click.option("--security", is_flag=True, help="Remove only security gatekeeper hook")
+@click.option("--rules", is_flag=True, help="Remove only behavioral rules from CLAUDE.md")
+def uninstall(yes: bool, sounds: bool, security: bool, rules: bool):
     """Remove jacked hooks, skill, agents, and commands from Claude Code."""
     import json
     import shutil
@@ -818,6 +1250,23 @@ def uninstall(yes: bool, sounds: bool):
             console.print("[yellow]No sound hooks found[/yellow]")
         return
 
+    # If --security flag, only remove security hook
+    if security:
+        if _remove_security_hook(settings_path):
+            console.print("[bold]Security gatekeeper removed![/bold]")
+        else:
+            console.print("[yellow]No security gatekeeper hook found[/yellow]")
+        return
+
+    # If --rules flag, only remove behavioral rules
+    if rules:
+        claude_md_path = home / ".claude" / "CLAUDE.md"
+        if _remove_behavioral_rules(claude_md_path):
+            console.print("[bold]Behavioral rules removed from CLAUDE.md![/bold]")
+        else:
+            console.print("[yellow]No behavioral rules found in CLAUDE.md[/yellow]")
+        return
+
     if not yes:
         if not click.confirm("Remove jacked from Claude Code? (This won't delete your Qdrant index)"):
             console.print("Cancelled")
@@ -825,8 +1274,12 @@ def uninstall(yes: bool, sounds: bool):
 
     console.print("[bold]Uninstalling Jacked...[/bold]\n")
 
-    # Also remove sound hooks during full uninstall
+    # Also remove sound, security hooks, and behavioral rules during full uninstall
     _remove_sound_hooks(settings_path)
+    _remove_security_hook(settings_path)
+    claude_md_path = home / ".claude" / "CLAUDE.md"
+    if _remove_behavioral_rules(claude_md_path):
+        console.print("[green][OK][/green] Removed behavioral rules from CLAUDE.md")
 
     # Remove Stop hook from settings.json
     if settings_path.exists():