methodproof 0.7.37__tar.gz → 0.8.0__tar.gz

{methodproof-0.7.37 → methodproof-0.8.0}/.github/workflows/ci.yml

@@ -11,10 +11,10 @@ jobs:
   test:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
-      - uses: astral-sh/setup-uv@v4
+      - uses: actions/checkout@v5
+      - uses: astral-sh/setup-uv@v7
         with: { version: "latest" }
-      - uses: actions/setup-python@v5
+      - uses: actions/setup-python@v6
         with: { python-version: "3.12" }
       - run: uv sync --frozen
       - run: uv run pytest tests/ -v --tb=short
@@ -26,10 +26,10 @@ jobs:
     permissions:
       id-token: write
     steps:
-      - uses: actions/checkout@v4
-      - uses: astral-sh/setup-uv@v4
+      - uses: actions/checkout@v5
+      - uses: astral-sh/setup-uv@v7
         with: { version: "latest" }
-      - uses: actions/setup-python@v5
+      - uses: actions/setup-python@v6
         with: { python-version: "3.12" }
       - run: uv build
       - uses: pypa/gh-action-pypi-publish@release/v1

{methodproof-0.7.37 → methodproof-0.8.0}/CHANGELOG.md

@@ -1,5 +1,31 @@
 # Changelog
 
+## [0.8.0] — 2026-04-15
+
+### Added
+- **SQLCipher encryption-at-rest for the local database** — the CLI's SQLite store is now transparently re-keyed with SQLCipher on first login, layered underneath the existing field-level AES on sensitive metadata. The db_key is derived from the master entropy via HKDF (`derive_master` → `derive_db_key`), never leaves the OS keychain, and is wired into `store._db()` via `PRAGMA key` before any other statement.
+- **One-shot plaintext → encrypted migration** — `migrate_db.migrate_to_sqlcipher()` uses the `sqlcipher_export()` recipe, row-count-verifies every table, atomically swaps the original DB to `methodproof.db.plaintext.bak` (kept for recovery), cleans up stale WAL/SHM artifacts, and writes a `methodproof.db.encrypted` sentinel. Runs once on first login for existing users, idempotent on re-run.
+- **Daemon-liveness guard** — `DaemonActiveError` is raised if a recording daemon is still holding FDs on the plaintext DB. Callers must `mp stop` first.
+- **`mp e2e release-all`** — releases every synced session with E2E-encrypted fields in one pass. Skips sessions with nothing to release, reports released/skipped/failed counts.
+- **`decrypt_metadata_safe`** — new read-path helper in `crypto.py` that silently leaves fields encrypted with a different key (user E2E vs master) as ciphertext, so mixed-key sessions render correctly without crashing.
+- **Auto-decrypt on read** — `store.get_events(decrypt=True)` and `get_session_events` now auto-decrypt sensitive metadata when the master db_key is available in the keychain. Sync push and `e2e release` still read ciphertext verbatim (`decrypt=False`).
+
+### Fixed
+- **`mp push` crash on multi-session list** — `s["created_at"]` is stored as SQLite `REAL` (float epoch), but the unsynced-session listing sliced it as an ISO string and raised `TypeError: 'float' object is not subscriptable`. Now formatted with `datetime.fromtimestamp(...).strftime("%Y-%m-%d")`.
+
+### Why
+Field-level AES protects six sensitive metadata fields, but everything else (event types, timestamps, file paths, session structure) sat in plaintext SQLite on disk. SQLCipher closes that gap without changing the API surface: `sqlcipher3.dbapi2` is drop-in compatible with stdlib `sqlite3`, so the rest of the store is unchanged. The two layers compose: SQLCipher protects data at rest end-to-end, field-level AES adds defense-in-depth for the most sensitive fields even if the db_key is compromised.
+
+## [0.7.38] — 2026-04-12
+
+### Added
+- **Structural hunk capture on `file_edit` and `git_commit`** — watcher parses `@@ -old,count +new,count @@` headers from `git diff --unified=0` and `git show --format= --unified=0 <sha>` and emits them as `hunks: [{old_start, old_count, new_start, new_count}, ...]` on `file_edit` metadata and `file_hunks: {path: [hunks, ...]}` on `git_commit` metadata. Pure range data — no code content, no identifiers. Stays inside the structural-capture boundary alongside `lines_added` / `lines_removed`.
+- **Journal-mode hunk content** — when `code_capture` consent is on (Pro tier, journal mode), each hunk additionally carries a `lines: ["+foo", "-bar", ...]` field with the actual diff lines for that hunk, capped at 2000 lines per event. Gated by the same consent flag that gates the raw `diff` field.
+- **`base.is_content_captured()`** — public helper in `methodproof/agents/base.py` exposing the `code_capture` capture-flag check so agents can decide what content to include without reaching into private module state.
+
+### Why
+Enables the platform's post-processing pipeline to distinguish `SUPERSEDES` (later commit replaces 100% of an earlier commit's added lines on each shared path) from `EXTENSION_TO` (anything less — the default) without ever needing the raw diff content. See `methodproof` changelog v0.6.30.
+
 ## [0.7.37] — 2026-04-12
 
 ### Changed

{methodproof-0.7.37 → methodproof-0.8.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: methodproof
-Version: 0.7.37
+Version: 0.8.0
 Summary: See how you code. Capture and visualize your engineering process.
 License-Expression: Apache-2.0
 License-File: LICENSE
@@ -8,6 +8,7 @@ Requires-Python: >=3.11
 Requires-Dist: cryptography>=43.0
 Requires-Dist: keyring>=25.0
 Requires-Dist: rich>=13.7
+Requires-Dist: sqlcipher3>=0.6
 Requires-Dist: textual>=0.59
 Requires-Dist: watchdog>=4.0
 Requires-Dist: websocket-client>=1.7

{methodproof-0.7.37 → methodproof-0.8.0}/methodproof/agents/base.py

@@ -108,9 +108,19 @@ def init(session_id: str, live: bool = False, verbose: bool = False, streaming:
     _verbose = verbose
     _streaming = streaming
     _prev_hash = "genesis"
-    from methodproof import config
+    from methodproof import config, store
     cfg = config.load()
     _e2e_key = _load_encryption_key(cfg)
+    # Daemon is a fresh process — wire the SQLCipher key (always master-derived
+    # db_key, never user E2E) into the store before any DB write.
+    if store._encrypted_flag_path().exists():
+        account_id = cfg.get("account_id", "")
+        if account_id and cfg.get("master_key_fingerprint"):
+            from methodproof.keychain import load_secret
+            from methodproof.kdf import derive_master, derive_db_key
+            entropy = load_secret(account_id)
+            if entropy:
+                store.set_db_key(derive_db_key(derive_master(entropy), account_id))
     _capture = cfg.get("capture", {})
     _journal_mode = cfg.get("journal_mode", False)
     _account_id = cfg.get("account_id", "")
@@ -125,6 +135,13 @@ def log(level: str, event: str, **kw: object) -> None:
     sys.stderr.write(json.dumps(entry, default=str) + "\n")
 
 
+def is_content_captured() -> bool:
+    """True when code_capture consent is on (journal/Pro mode). Agents use this
+    to decide whether to include line-level diff content alongside structural
+    metadata."""
+    return bool(_capture.get("code_capture", False))
+
+
 def emit(event_type: str, metadata: dict[str, Any]) -> None:
     if not _initialized:
         log("warning", "emit.before_init", type=event_type)

{methodproof-0.7.37 → methodproof-0.8.0}/methodproof/agents/watcher.py

@@ -46,6 +46,99 @@ IGNORE_PATTERNS = re.compile(
 
 
 _MAX_DIFF_BYTES = 50_000
+_MAX_HUNK_LINES = 2_000
+
+_HUNK_HEADER_RE = re.compile(r"^@@ -(\d+)(?:,(\d+))? \+(\d+)(?:,(\d+))? @@")
+_DIFF_FILE_RE = re.compile(r"^diff --git a/(.+?) b/(.+?)$")
+
+
+def _parse_hunks(diff_text: str, include_lines: bool) -> list[dict[str, object]]:
+    """Parse unified diff text into structured hunks.
+
+    Each hunk: {old_start, old_count, new_start, new_count, [lines]}.
+    Lines are only included when `include_lines` is True (journal / code_capture).
+    """
+    hunks: list[dict[str, object]] = []
+    current: dict[str, object] | None = None
+    total_lines = 0
+    for line in diff_text.splitlines():
+        header = _HUNK_HEADER_RE.match(line)
+        if header:
+            if current is not None:
+                hunks.append(current)
+            current = {
+                "old_start": int(header.group(1)),
+                "old_count": int(header.group(2) or 1),
+                "new_start": int(header.group(3)),
+                "new_count": int(header.group(4) or 1),
+            }
+            if include_lines:
+                current["lines"] = []
+            continue
+        if current is None or not include_lines:
+            continue
+        if not (line.startswith("+") or line.startswith("-")):
+            continue
+        if line.startswith("+++") or line.startswith("---"):
+            continue
+        if total_lines >= _MAX_HUNK_LINES:
+            continue
+        current["lines"].append(line)  # type: ignore[union-attr]
+        total_lines += 1
+    if current is not None:
+        hunks.append(current)
+    return hunks
+
+
+def _parse_show_hunks(
+    show_text: str, include_lines: bool,
+) -> dict[str, list[dict[str, object]]]:
+    """Split `git show --unified=0` output by file and parse hunks per file."""
+    file_hunks: dict[str, list[dict[str, object]]] = {}
+    current_path: str | None = None
+    buffer: list[str] = []
+
+    def _flush() -> None:
+        if current_path and buffer:
+            file_hunks[current_path] = _parse_hunks("\n".join(buffer), include_lines)
+
+    for line in show_text.splitlines():
+        m = _DIFF_FILE_RE.match(line)
+        if m:
+            _flush()
+            current_path = m.group(2)
+            buffer = []
+            continue
+        if current_path is not None:
+            buffer.append(line)
+    _flush()
+    return file_hunks
+
+
+def _git_diff_hunks(repo: str, path: str, include_lines: bool) -> list[dict[str, object]]:
+    """Structured hunks for a pending file_edit. Ranges always; line content when allowed."""
+    try:
+        result = subprocess.run(
+            ["git", "-C", repo, "diff", "--unified=0", "--", path],
+            capture_output=True, text=True, timeout=5,
+        )
+        return _parse_hunks(result.stdout[:_MAX_DIFF_BYTES], include_lines)
+    except Exception:
+        return []
+
+
+def _git_show_file_hunks(
+    repo: str, sha: str, include_lines: bool,
+) -> dict[str, list[dict[str, object]]]:
+    """Per-file structured hunks for a commit."""
+    try:
+        result = subprocess.run(
+            ["git", "-C", repo, "show", "--format=", "--unified=0", sha],
+            capture_output=True, text=True, timeout=10,
+        )
+        return _parse_show_hunks(result.stdout[:_MAX_DIFF_BYTES * 4], include_lines)
+    except Exception:
+        return {}
 
 
 def _git_diff_stats(repo: str, path: str) -> tuple[int, int]:
@@ -125,10 +218,14 @@ class _Handler(FileSystemEventHandler):
 
         added, removed = _git_diff_stats(self._root, path)
         lang = Path(event.src_path).suffix.lstrip(".")
+        include_lines = base.is_content_captured()
+        hunks = _git_diff_hunks(self._root, path, include_lines)
         meta: dict[str, object] = {
             "path": path, "language": lang,
             "lines_added": added, "lines_removed": removed,
         }
+        if hunks:
+            meta["hunks"] = hunks
         diff = _git_diff_content(self._root, path)
         if diff:
             meta["diff"] = diff
@@ -192,6 +289,10 @@ def _log_commit(watch_dir: str, sha: str) -> None:
         meta["parent_hash"] = parent_hash
     if body and body != subject:
         meta["body"] = body[:2000]
+    include_lines = base.is_content_captured()
+    file_hunks = _git_show_file_hunks(watch_dir, sha, include_lines)
+    if file_hunks:
+        meta["file_hunks"] = file_hunks
     diff = _git_show_diff(watch_dir, sha)
     if diff:
         meta["diff"] = diff

{methodproof-0.7.37 → methodproof-0.8.0}/methodproof/cli.py

@@ -985,14 +985,26 @@ def _setup_master_key(cfg: dict) -> None:
     if not account_id:
         return
     from methodproof.keychain import has_secret, store_secret, load_secret
+    from methodproof import store as _store
     if has_secret(account_id):
-        # Already set up — ensure fingerprint is in config
+        # Already set up — ensure fingerprint is in config and key is wired
+        from methodproof.kdf import derive_master, derive_db_key
+        from methodproof.crypto import fingerprint
+        master = derive_master(load_secret(account_id))
+        db_key = derive_db_key(master, account_id)
         if not cfg.get("master_key_fingerprint"):
-            from methodproof.kdf import derive_master, derive_db_key
-            from methodproof.crypto import fingerprint
-            master = derive_master(load_secret(account_id))
-            cfg["master_key_fingerprint"] = fingerprint(derive_db_key(master, account_id))
+            cfg["master_key_fingerprint"] = fingerprint(db_key)
             config.save(cfg)
+        if _store._encrypted_flag_path().exists():
+            _store.set_db_key(db_key)
+        else:
+            # Existing user, plaintext DB — one-shot upgrade to SQLCipher
+            from methodproof.migrate_db import migrate_to_sqlcipher, DaemonActiveError
+            try:
+                if migrate_to_sqlcipher(db_key):
+                    print("  Encrypted local database with SQLCipher.\n")
+            except DaemonActiveError as exc:
+                print(f"  ⚠ {exc}")
         return
 
     # Check if user has a recovery phrase (returning user, new device)
@@ -1025,13 +1037,21 @@ def _setup_master_key(cfg: dict) -> None:
     print(f"  │  {D}on a new device. Store it somewhere safe.{R}      │")
     print(f"  └──────────────────────────────────────────────────┘\n")
 
-    # Encrypt any existing plaintext events
+    # Encrypt any existing plaintext events (field-level, defense-in-depth)
     db_key = derive_db_key(master, account_id)
-    from methodproof.migrate_db import migrate_encrypt
+    from methodproof.migrate_db import migrate_encrypt, migrate_to_sqlcipher
     count = migrate_encrypt(db_key)
     if count:
         print(f"  Encrypted {count} existing events.\n")
 
+    # Whole-database SQLCipher encryption — runs once, idempotent
+    from methodproof.migrate_db import DaemonActiveError
+    try:
+        if migrate_to_sqlcipher(db_key):
+            print("  Encrypted local database with SQLCipher.\n")
+    except DaemonActiveError as exc:
+        print(f"  ⚠ {exc}")
+
 
 def _recover_master_key(cfg: dict, account_id: str) -> None:
     """Prompt for recovery phrase to restore master key on new device."""
@@ -1049,9 +1069,55 @@ def _recover_master_key(cfg: dict, account_id: str) -> None:
         return
     from methodproof.keychain import store_secret
     store_secret(account_id, entropy)
+    # Wire the recovered key into the SQLCipher connection so the next DB read works
+    from methodproof.kdf import derive_master, derive_db_key
+    from methodproof import store as _store
+    if _store._encrypted_flag_path().exists():
+        _store.set_db_key(derive_db_key(derive_master(entropy), account_id))
     print("  Master key restored.\n")
 
 
+def _wire_db_encryption(cfg: dict) -> None:
+    """Wire the SQLCipher key into store before any subcommand touches the DB.
+
+    Called once at the top of `main()`. Three cases:
+      1. Encrypted DB + key available → wire the key.
+      2. Plaintext DB + logged-in user with master key → one-shot upgrade
+         migration to SQLCipher (the post-release upgrade path).
+      3. Anything else (logged out, no key) → no-op; capture continues against
+         the plaintext DB until the user logs in.
+    """
+    from methodproof import store as _store
+    account_id = cfg.get("account_id", "")
+    if not account_id:
+        return
+    try:
+        from methodproof.keychain import load_secret
+        from methodproof.kdf import derive_master, derive_db_key
+        entropy = load_secret(account_id)
+        if not entropy:
+            return
+        db_key = derive_db_key(derive_master(entropy), account_id)
+    except Exception:
+        return
+
+    if _store._encrypted_flag_path().exists():
+        _store.set_db_key(db_key)
+        return
+
+    # Plaintext DB + key available — one-shot upgrade
+    try:
+        from methodproof.migrate_db import migrate_to_sqlcipher, DaemonActiveError
+        if migrate_to_sqlcipher(db_key):
+            print("  Encrypted local database with SQLCipher.\n")
+    except DaemonActiveError:
+        # Daemon is recording — defer migration to next CLI run after `mp stop`.
+        # Don't print noise on every command; the upgrade will happen later.
+        return
+    except Exception as exc:
+        sys.stderr.write(f"[methodproof] sqlcipher migration deferred: {exc}\n")
+
+
 def _is_daemon_alive() -> bool:
     """Check if the recording daemon is still running (not a reused PID)."""
     if not PIDFILE.exists():
@@ -1844,7 +1910,7 @@ def cmd_push(args: argparse.Namespace) -> None:
     print(f"Found {len(unsynced)} unsynced sessions:\n")
     for s in unsynced:
         events = len(store.get_events(s["id"]))
-        date = s["created_at"][:10] if s.get("created_at") else "?"
+        date = datetime.fromtimestamp(s["created_at"]).strftime("%Y-%m-%d") if s.get("created_at") else "?"
         print(f"  {s['id'][:8]}  {date}  {events} events")
     print()
     answer = input(f"Push all {len(unsynced)}? [Y/n] ").strip().lower()
@@ -2342,6 +2408,7 @@ def main() -> None:
     e2e_sub.add_parser("recover", help="Recover key from passphrase")
     e2e_rel = e2e_sub.add_parser("release", help="Release a session from E2E encryption")
     e2e_rel.add_argument("session_id", help="Session ID to release")
+    e2e_sub.add_parser("release-all", help="Release every synced session from E2E encryption")
     sub.add_parser("intro", help="Show the MethodProof intro")
     sub.add_parser("help", help="Show command reference")
     sub.add_parser("mcp-serve", help="Run MCP server (used by Claude Code)")
@@ -2381,5 +2448,6 @@ def main() -> None:
         _update_check()
 
     if args.cmd not in ("help", "update"):
+        _wire_db_encryption(config.load())
         store.init_db()
     fn(args)

{methodproof-0.7.37 → methodproof-0.8.0}/methodproof/crypto.py

@@ -44,3 +44,20 @@ def encrypt_metadata(metadata: dict, key: bytes) -> dict:
         if field in metadata and isinstance(metadata[field], str):
             metadata[field] = encrypt_field(metadata[field], key)
     return metadata
+
+
+def decrypt_metadata_safe(metadata: dict, key: bytes) -> dict:
+    """Decrypt sensitive fields in place. Silently leaves fields that fail
+    (wrong key, tampering) as ciphertext — never raises. Used on the read path
+    where a field encrypted with a *different* key (user E2E vs master) must
+    still render as-is rather than break rendering."""
+    if AESGCM is None:
+        return metadata
+    for field in SENSITIVE_FIELDS:
+        val = metadata.get(field)
+        if isinstance(val, str) and val.startswith("e2e:v1:"):
+            try:
+                metadata[field] = decrypt_field(val, key)
+            except Exception:
+                pass
+    return metadata

{methodproof-0.7.37 → methodproof-0.8.0}/methodproof/e2e.py

@@ -223,64 +223,106 @@ def _cmd_recover(cfg: dict) -> None:
     print(f"Key recovered and stored in OS keychain (fingerprint: {fp}).")
 
 
-def _cmd_release(cfg: dict, session_id: str) -> None:
-    """Release a session from E2E encryption."""
-    from methodproof import keychain
+def _release_session(session_id: str, remote_id: str, e2e_key: bytes,
+                     api_url: str, token: str) -> int:
+    """Decrypt and upload one session. Returns decrypted event count (0 = nothing to do)."""
     from methodproof.crypto import decrypt_field, SENSITIVE_FIELDS
     from methodproof.sync import _request
 
+    decrypted_events = []
+    for ev in store.get_events(session_id):
+        meta = json.loads(ev.get("metadata", "{}"))
+        changed = False
+        for field in SENSITIVE_FIELDS:
+            val = meta.get(field, "")
+            if isinstance(val, str) and val.startswith("e2e:v1:"):
+                meta[field] = decrypt_field(val, e2e_key)
+                changed = True
+        if changed:
+            decrypted_events.append({"event_id": ev["id"], "metadata": meta})
+
+    if not decrypted_events:
+        return 0
+
+    _request("POST", f"/personal/sessions/{remote_id}/release-e2e", api_url, token,
+             {"events": decrypted_events})
+    return len(decrypted_events)
+
+
+def _load_release_context(cfg: dict) -> tuple[bytes, str, str]:
+    """Return (e2e_key, api_url, token) or exit with a clear error."""
+    from methodproof import keychain
+
     token = cfg.get("token", "")
     api_url = cfg.get("api_url", "")
     account_id = cfg.get("account_id", "")
     if not token:
         print("Release requires login. Run `methodproof login` first.")
         sys.exit(1)
-
     e2e_key = keychain.load_secret(f"e2e:{account_id}")
     if not e2e_key:
         print("E2E key not found in keychain. Run `mp e2e recover` first.")
         sys.exit(1)
+    return e2e_key, api_url, token
 
-    events = store.get_events(session_id)
-    if not events:
-        print(f"No events found for session {session_id}.")
-        sys.exit(1)
 
-    decrypted_events = []
-    for ev in events:
-        meta = json.loads(ev.get("metadata", "{}"))
-        has_encrypted = False
-        for field in SENSITIVE_FIELDS:
-            val = meta.get(field, "")
-            if isinstance(val, str) and val.startswith("e2e:v1:"):
-                meta[field] = decrypt_field(val, e2e_key)
-                has_encrypted = True
-        if has_encrypted:
-            decrypted_events.append({"event_id": ev["id"], "metadata": meta})
+def _cmd_release(cfg: dict, session_id: str) -> None:
+    """Release a session from E2E encryption."""
+    e2e_key, api_url, token = _load_release_context(cfg)
 
-    if not decrypted_events:
-        print("No encrypted fields found in this session.")
-        return
+    if not store.get_events(session_id):
+        print(f"No events found for session {session_id}.")
+        sys.exit(1)
 
-    # Resolve remote_id
-    sessions = store.list_sessions()
     remote_id = None
-    for s in sessions:
+    for s in store.list_sessions():
         if s["id"] == session_id or (s.get("remote_id") and s["id"].startswith(session_id)):
             remote_id = s.get("remote_id")
             session_id = s["id"]
             break
-
     if not remote_id:
         print("Session not synced to platform. Push first with `mp push`.")
         sys.exit(1)
 
-    _request("POST", f"/personal/sessions/{remote_id}/release-e2e", api_url, token,
-             {"events": decrypted_events})
-    print(f"Session released ({len(decrypted_events)} events decrypted).")
+    count = _release_session(session_id, remote_id, e2e_key, api_url, token)
+    if not count:
+        print("No encrypted fields found in this session.")
+        return
+    print(f"Session released ({count} events decrypted).")
     print("Narration will be generated shortly.")
 
 
+def _cmd_release_all(cfg: dict) -> None:
+    """Release every synced session that still has E2E-encrypted fields."""
+    e2e_key, api_url, token = _load_release_context(cfg)
+
+    sessions = [s for s in store.list_sessions() if s.get("remote_id")]
+    if not sessions:
+        print("No synced sessions found. Push first with `mp push`.")
+        return
+
+    released = skipped = failed = total_events = 0
+    for s in sessions:
+        sid, rid = s["id"], s["remote_id"]
+        try:
+            count = _release_session(sid, rid, e2e_key, api_url, token)
+        except Exception as exc:
+            failed += 1
+            print(f"  {sid[:8]}  FAILED ({exc})")
+            continue
+        if count:
+            released += 1
+            total_events += count
+            print(f"  {sid[:8]}  released ({count} events)")
+        else:
+            skipped += 1
+
+    print(f"\nReleased {released} sessions ({total_events} events). "
+          f"Skipped {skipped}. Failed {failed}.")
+    if released:
+        print("Narration will be generated shortly.")
+
+
 def cmd_e2e(args: argparse.Namespace) -> None:
     """E2E encryption mode — personal key management."""
     subcmd = getattr(args, "e2e_cmd", None)
@@ -300,5 +342,7 @@ def cmd_e2e(args: argparse.Namespace) -> None:
             print("Usage: methodproof e2e release <session-id>")
             sys.exit(1)
         _cmd_release(cfg, session_id)
+    elif subcmd == "release-all":
+        _cmd_release_all(cfg)
     else:
-        print("Usage: methodproof e2e [on|off|status|recover|release <session-id>]")
+        print("Usage: methodproof e2e [on|off|status|recover|release <session-id>|release-all]")

{methodproof-0.7.37 → methodproof-0.8.0}/methodproof/hooks/claude_code.py

@@ -150,11 +150,9 @@ def main() -> None:
         return
 
     event = data.get("hook_event_name", "unknown")
-    etype = _TYPE_MAP.get(event)
-    if not etype:
-        return  # Unmapped hook event — drop rather than send invalid type
+    etype = _TYPE_MAP.get(event, "claude_code_event")
     extractor = _META_EXTRACTORS.get(event)
-    meta = extractor(data) if extractor else {"tool": _TOOL}
+    meta = extractor(data) if extractor else {"tool": _TOOL, "event": event}
     ts = time.time()
 
     payload = json.dumps({"events": [{"type": etype, "timestamp": ts, "metadata": meta}]}).encode()