tweek 0.3.0__py3-none-any.whl → 0.3.1__py3-none-any.whl

tweek/__init__.py

@@ -10,7 +10,7 @@ Tweek provides:
 - Per-skill/per-tool security policies
 """
 
-__version__ = "0.3.0"
+__version__ = "0.3.1"
 __author__ = "Tommy Mancino"
 
 # "TOO MUCH PRESSURE!" - Tweek Tweak

tweek/audit.py

@@ -2,7 +2,7 @@
 Tweek Skill Audit — Security analysis for skill files and tool descriptions.
 
 Reads skill content, detects language, translates non-English content,
-and runs the full 215-pattern regex analysis + LLM semantic review.
+and runs the full 259-pattern regex analysis + LLM semantic review.
 Designed for one-time evaluation of skills before installation.
 """
 
@@ -173,7 +173,7 @@ def audit_content(
         except Exception:
             pass
 
-    # Step 3: Pattern matching (all 215 patterns against English content)
+    # Step 3: Pattern matching (all 259 patterns against English content)
     try:
         from tweek.hooks.pre_tool_use import PatternMatcher
 

tweek/cli.py

@@ -1181,26 +1181,27 @@ def _print_install_summary(
 @main.command(
     epilog="""\b
 Examples:
-  tweek unprotect                          Interactive — choose what to remove
+  tweek unprotect                          Interactive — choose what to unprotect
   tweek unprotect claude-code              Remove Claude Code hooks
   tweek unprotect claude-code --global     Remove global Claude Code hooks
   tweek unprotect claude-desktop           Remove from Claude Desktop
-  tweek unprotect --all                    Remove ALL Tweek data system-wide
 """
 )
 @click.argument("tool", required=False, type=click.Choice(
     ["claude-code", "openclaw", "claude-desktop", "chatgpt", "gemini"]))
-@click.option("--all", "remove_all", is_flag=True, default=False,
-              help="Remove ALL Tweek data: hooks, skills, config, patterns, logs, MCP integrations")
 @click.option("--global", "unprotect_global", is_flag=True, default=False,
               help="Remove from ~/.claude/ (global installation)")
 @click.option("--confirm", is_flag=True, help="Skip confirmation prompt")
-def unprotect(tool: str, remove_all: bool, unprotect_global: bool, confirm: bool):
+def unprotect(tool: str, unprotect_global: bool, confirm: bool):
     """Remove Tweek protection from an AI tool.
 
+    This removes hooks and MCP configuration for a specific tool
+    but keeps Tweek installed on your system. Use `tweek uninstall`
+    to fully remove Tweek.
+
     When run without arguments, launches an interactive wizard
     that walks through each protected tool asking if you want
-    to remove protection. Use --all to remove everything at once.
+    to remove protection.
 
     This command can only be run from an interactive terminal.
     AI agents are blocked from running it.
@@ -1217,8 +1218,8 @@ def unprotect(tool: str, remove_all: bool, unprotect_global: bool, confirm: bool
         console.print("[white]Open a terminal and run the command directly.[/white]")
         raise SystemExit(1)
 
-    # No tool and no --all: run interactive wizard
-    if not tool and not remove_all:
+    # No tool: run interactive wizard
+    if not tool:
         _run_unprotect_wizard()
         return
 
@@ -1228,17 +1229,11 @@ def unprotect(tool: str, remove_all: bool, unprotect_global: bool, confirm: bool
     global_target = Path("~/.claude").expanduser()
     project_target = Path.cwd() / ".claude"
 
-    if remove_all:
-        _uninstall_everything(global_target, project_target, tweek_dir, confirm)
-        _show_package_removal_hint()
-        return
-
     if tool == "claude-code":
         if unprotect_global:
             _uninstall_scope(global_target, tweek_dir, confirm, scope_label="global")
         else:
             _uninstall_scope(project_target, tweek_dir, confirm, scope_label="project")
-        _show_package_removal_hint()
         return
 
     if tool in ("claude-desktop", "chatgpt", "gemini"):
@@ -1266,6 +1261,57 @@ def unprotect(tool: str, remove_all: bool, unprotect_global: bool, confirm: bool
         console.print("[white]Manual step: remove tweek plugin from openclaw.json[/white]")
         return
 
+
+@main.command(
+    epilog="""\b
+Examples:
+  tweek uninstall                          Interactive full removal
+  tweek uninstall --all                    Remove ALL Tweek data system-wide
+  tweek uninstall --all --confirm          Remove everything without prompts
+"""
+)
+@click.option("--all", "remove_all", is_flag=True, default=False,
+              help="Remove ALL Tweek data: hooks, skills, config, patterns, logs, MCP integrations")
+@click.option("--confirm", is_flag=True, help="Skip confirmation prompts")
+def uninstall(remove_all: bool, confirm: bool):
+    """Fully remove Tweek from your system.
+
+    Removes all hooks, skills, configuration, data, and optionally
+    the Tweek package itself. For removing protection from a single
+    tool without uninstalling, use `tweek unprotect` instead.
+
+    This command can only be run from an interactive terminal.
+    AI agents are blocked from running it.
+    """
+    # ─────────────────────────────────────────────────────────────
+    # HUMAN-ONLY GATE: Block non-interactive execution
+    # ─────────────────────────────────────────────────────────────
+    if not sys.stdin.isatty():
+        console.print("[red]ERROR: tweek uninstall must be run from an interactive terminal.[/red]")
+        console.print("[white]This command cannot be run by AI agents or automated scripts.[/white]")
+        console.print("[white]Open a terminal and run the command directly.[/white]")
+        raise SystemExit(1)
+
+    console.print(TWEEK_BANNER, style="cyan")
+
+    tweek_dir = Path("~/.tweek").expanduser()
+    global_target = Path("~/.claude").expanduser()
+    project_target = Path.cwd() / ".claude"
+
+    if not remove_all:
+        # Interactive: ask what to remove
+        console.print("[bold]What would you like to remove?[/bold]")
+        console.print()
+        console.print("  [bold]1.[/bold] Everything (all hooks, data, config, and package)")
+        console.print("  [bold]2.[/bold] Cancel")
+        console.print()
+        choice = click.prompt("Select", type=click.IntRange(1, 2), default=2)
+        if choice == 2:
+            console.print("[white]Cancelled[/white]")
+            return
+        console.print()
+
+    _uninstall_everything(global_target, project_target, tweek_dir, confirm)
     _show_package_removal_hint()
 
 
@@ -1991,7 +2037,7 @@ def update(check: bool):
     Patterns are stored in ~/.tweek/patterns/ and can be updated
     independently of the Tweek application.
 
-    All 215 patterns are included free. PRO tier adds LLM review,
+    All 259 patterns are included free. PRO tier adds LLM review,
     session analysis, and rate limiting.
     """
     import subprocess
@@ -2267,7 +2313,7 @@ def audit(path, translate, llm_review, json_out):
     credential theft, data exfiltration, and other attack patterns.
 
     Non-English content is detected and translated to English before
-    running all 215 regex patterns. LLM semantic review provides
+    running all 259 regex patterns. LLM semantic review provides
     additional analysis for obfuscated attacks.
 
     \b
@@ -2695,7 +2741,7 @@ def protect_openclaw(port, paranoid, preset):
 
     # Show configuration
     console.print(f"  Scanner:    port {result.scanner_port} -> wrapping OpenClaw gateway")
-    console.print(f"  Preset:     {result.preset} (215 patterns + rate limiting)")
+    console.print(f"  Preset:     {result.preset} (259 patterns + rate limiting)")
 
     # Check for API key
     anthropic_key = os.environ.get("ANTHROPIC_API_KEY")

tweek/config/__init__.py

@@ -10,4 +10,12 @@ PATTERNS_FILE = CONFIG_DIR / "patterns.yaml"
 __all__ = [
     "ConfigManager", "SecurityTier", "ConfigIssue", "ConfigChange",
     "get_config", "CONFIG_DIR", "PATTERNS_FILE",
+    "TweekConfig", "PatternsConfig",
 ]
+
+# Lazy imports for Pydantic models to avoid import cost when not needed
+def __getattr__(name):
+    if name in ("TweekConfig", "PatternsConfig"):
+        from tweek.config.models import TweekConfig, PatternsConfig
+        return {"TweekConfig": TweekConfig, "PatternsConfig": PatternsConfig}[name]
+    raise AttributeError(f"module {__name__!r} has no attribute {name!r}")

tweek/config/manager.py

@@ -685,8 +685,40 @@ class ConfigManager:
                     suggestion=suggestion,
                 ))
 
+        # Run Pydantic structural validation on merged config
+        try:
+            merged = self._get_merged()
+            pydantic_issues = self._validate_with_pydantic(merged)
+            # Deduplicate: only add Pydantic issues not already caught above
+            existing_messages = {i.message for i in issues}
+            for pi in pydantic_issues:
+                if pi.message not in existing_messages:
+                    issues.append(pi)
+        except Exception:
+            pass  # Pydantic validation is additive, never blocks
+
         return issues
 
+    def _validate_with_pydantic(self, config: Dict) -> List[ConfigIssue]:
+        """Run Pydantic model validation on merged config."""
+        from pydantic import ValidationError
+        from tweek.config.models import TweekConfig
+
+        try:
+            TweekConfig.model_validate(config)
+            return []
+        except ValidationError as e:
+            issues = []
+            for err in e.errors():
+                loc = ".".join(str(p) for p in err["loc"])
+                issues.append(ConfigIssue(
+                    level="error",
+                    key=loc,
+                    message=err["msg"],
+                    suggestion="",
+                ))
+            return issues
+
     def diff_preset(self, preset_name: str) -> List[ConfigChange]:
         """
         Show what would change if a preset were applied.

tweek/config/models.py

@@ -0,0 +1,307 @@
+"""
+Pydantic models for Tweek configuration validation.
+
+These models define the schema for tiers.yaml (the main configuration file)
+and patterns.yaml (attack pattern definitions). They provide:
+- Type-safe configuration loading with automatic validation
+- Human-readable error messages for invalid configuration
+- JSON Schema export for documentation and IDE support
+"""
+
+from __future__ import annotations
+
+import re
+from enum import Enum
+from typing import Any, Dict, List, Optional
+
+from pydantic import BaseModel, Field, field_validator, model_validator
+
+
+# ============================================================================
+# Enums
+# ============================================================================
+
+
+class SecurityTierValue(str, Enum):
+    """Valid security tier values."""
+    SAFE = "safe"
+    DEFAULT = "default"
+    RISKY = "risky"
+    DANGEROUS = "dangerous"
+
+
+class NonEnglishHandling(str, Enum):
+    """How non-English content is handled during screening."""
+    ESCALATE = "escalate"
+    TRANSLATE = "translate"
+    BOTH = "both"
+    NONE = "none"
+
+
+class PatternSeverity(str, Enum):
+    """Severity levels for attack patterns."""
+    CRITICAL = "critical"
+    HIGH = "high"
+    MEDIUM = "medium"
+    LOW = "low"
+
+
+class PatternConfidence(str, Enum):
+    """Confidence levels for attack pattern matches."""
+    DETERMINISTIC = "deterministic"
+    HEURISTIC = "heuristic"
+    CONTEXTUAL = "contextual"
+
+
+# ============================================================================
+# Configuration Section Models
+# ============================================================================
+
+
+class LLMReviewLocalConfig(BaseModel):
+    """Configuration for local LLM server (Ollama, LM Studio)."""
+    enabled: bool = True
+    probe_timeout: float = Field(default=2.0, gt=0)
+    timeout_seconds: float = Field(default=30.0, gt=0)
+    ollama_host: Optional[str] = None
+    lm_studio_host: Optional[str] = None
+    preferred_models: List[str] = Field(default_factory=list)
+    validate_on_first_use: bool = True
+    min_validation_score: float = Field(default=0.6, ge=0.0, le=1.0)
+
+    model_config = {"extra": "allow"}
+
+
+class LLMReviewFallbackConfig(BaseModel):
+    """Configuration for LLM fallback chain."""
+    enabled: bool = True
+    order: List[str] = Field(default_factory=lambda: ["local", "anthropic", "openai"])
+
+    model_config = {"extra": "allow"}
+
+
+class LLMReviewConfig(BaseModel):
+    """Configuration for LLM-based semantic review."""
+    enabled: bool = True
+    provider: str = "auto"
+    model: str = "auto"
+    base_url: Optional[str] = None
+    api_key_env: Optional[str] = None
+    timeout_seconds: float = Field(default=15.0, gt=0)
+    local: LLMReviewLocalConfig = Field(default_factory=LLMReviewLocalConfig)
+    fallback: LLMReviewFallbackConfig = Field(default_factory=LLMReviewFallbackConfig)
+
+    model_config = {"extra": "allow"}
+
+
+class RateLimitingConfig(BaseModel):
+    """Configuration for request rate limiting."""
+    enabled: bool = True
+    burst_window_seconds: int = Field(default=10, gt=0)
+    burst_threshold: int = Field(default=5, gt=0)
+    max_per_minute: int = Field(default=60, gt=0)
+    max_dangerous_per_minute: int = Field(default=10, gt=0)
+    max_same_command_per_minute: int = Field(default=5, gt=0)
+
+    model_config = {"extra": "allow"}
+
+
+class SessionAnalysisConfig(BaseModel):
+    """Configuration for session-level analysis."""
+    enabled: bool = True
+    lookback_minutes: int = Field(default=30, gt=0)
+    alert_on_risk_score: float = Field(default=0.7, ge=0.0, le=1.0)
+
+    model_config = {"extra": "allow"}
+
+
+class HeuristicScorerConfig(BaseModel):
+    """Configuration for heuristic scoring bridge."""
+    enabled: bool = True
+    threshold: float = Field(default=0.4, ge=0.0, le=1.0)
+    log_all_scores: bool = False
+
+    model_config = {"extra": "allow"}
+
+
+class LocalModelConfig(BaseModel):
+    """Configuration for local ONNX model inference."""
+    enabled: bool = True
+    model: str = "auto"
+    escalate_to_llm: bool = True
+    escalate_min_confidence: float = Field(default=0.1, ge=0.0, le=1.0)
+    escalate_max_confidence: float = Field(default=0.9, ge=0.0, le=1.0)
+
+    @model_validator(mode="after")
+    def check_escalation_bounds(self) -> "LocalModelConfig":
+        if self.escalate_min_confidence >= self.escalate_max_confidence:
+            raise ValueError(
+                f"escalate_min_confidence ({self.escalate_min_confidence}) "
+                f"must be less than escalate_max_confidence ({self.escalate_max_confidence})"
+            )
+        return self
+
+    model_config = {"extra": "allow"}
+
+
+class TierDefinition(BaseModel):
+    """Definition of a security tier."""
+    description: str
+    screening: List[str] = Field(default_factory=list)
+
+
+class EscalationRule(BaseModel):
+    """A content-based escalation rule."""
+    pattern: str
+    description: str
+    escalate_to: SecurityTierValue
+
+    @field_validator("pattern")
+    @classmethod
+    def validate_regex(cls, v: str) -> str:
+        try:
+            re.compile(v)
+        except re.error as e:
+            raise ValueError(f"Invalid regex pattern: {e}") from e
+        return v
+
+
+class SensitiveDirectory(BaseModel):
+    """A sensitive directory that triggers path boundary escalation."""
+    pattern: str
+    escalate_to: SecurityTierValue
+    description: str = ""
+
+
+class PathBoundaryConfig(BaseModel):
+    """Configuration for path boundary escalation."""
+    enabled: bool = True
+    default_escalate_to: SecurityTierValue = SecurityTierValue.RISKY
+    sensitive_directories: List[SensitiveDirectory] = Field(default_factory=list)
+
+
+class OpenClawConfig(BaseModel):
+    """Configuration for OpenClaw integration."""
+    enabled: bool = False
+    gateway_port: int = Field(default=18789, gt=0, le=65535)
+    scanner_port: int = Field(default=9878, gt=0, le=65535)
+    plugin_installed: bool = False
+    preset: str = "cautious"
+
+    model_config = {"extra": "allow"}
+
+
+# ============================================================================
+# Root Configuration Model
+# ============================================================================
+
+
+class TweekConfig(BaseModel):
+    """
+    Root Pydantic model for Tweek configuration (tiers.yaml / config.yaml).
+
+    Validates the merged configuration from builtin, user, and project layers.
+    Uses extra="allow" at the root level to be forward-compatible with new
+    config keys added in future versions.
+    """
+    version: Optional[int] = None
+
+    # Core tool/skill classification
+    tools: Dict[str, SecurityTierValue] = Field(default_factory=dict)
+    skills: Dict[str, SecurityTierValue] = Field(default_factory=dict)
+    default_tier: SecurityTierValue = SecurityTierValue.DEFAULT
+
+    # Tier definitions
+    tiers: Dict[str, TierDefinition] = Field(default_factory=dict)
+
+    # Screening configuration
+    llm_review: Optional[LLMReviewConfig] = None
+    rate_limiting: Optional[RateLimitingConfig] = None
+    session_analysis: Optional[SessionAnalysisConfig] = None
+    heuristic_scorer: Optional[HeuristicScorerConfig] = None
+    local_model: Optional[LocalModelConfig] = None
+
+    # Escalation rules
+    escalations: List[EscalationRule] = Field(default_factory=list)
+
+    # Path boundary
+    path_boundary: Optional[PathBoundaryConfig] = None
+
+    # Non-English handling
+    non_english_handling: NonEnglishHandling = NonEnglishHandling.ESCALATE
+
+    # Integration configs
+    proxy: Optional[Dict[str, Any]] = None
+    mcp: Optional[Dict[str, Any]] = None
+    sandbox: Optional[Dict[str, Any]] = None
+    isolation_chamber: Optional[Dict[str, Any]] = None
+    plugins: Optional[Dict[str, Any]] = None
+    openclaw: Optional[OpenClawConfig] = None
+
+    model_config = {"extra": "allow"}
+
+    @field_validator("tools", mode="before")
+    @classmethod
+    def coerce_tool_tiers(cls, v: Any) -> Any:
+        """Accept string tier values and coerce to SecurityTierValue."""
+        if isinstance(v, dict):
+            return {k: SecurityTierValue(val) if isinstance(val, str) else val for k, val in v.items()}
+        return v
+
+    @field_validator("skills", mode="before")
+    @classmethod
+    def coerce_skill_tiers(cls, v: Any) -> Any:
+        """Accept string tier values and coerce to SecurityTierValue."""
+        if isinstance(v, dict):
+            return {k: SecurityTierValue(val) if isinstance(val, str) else val for k, val in v.items()}
+        return v
+
+
+# ============================================================================
+# Pattern Schema Model
+# ============================================================================
+
+
+class PatternDefinition(BaseModel):
+    """A single attack pattern definition from patterns.yaml."""
+    id: int
+    name: str
+    description: str
+    regex: str
+    severity: PatternSeverity
+    confidence: PatternConfidence
+    family: Optional[str] = None
+
+    @field_validator("regex")
+    @classmethod
+    def validate_regex(cls, v: str) -> str:
+        try:
+            re.compile(v)
+        except re.error as e:
+            raise ValueError(f"Invalid regex in pattern: {e}") from e
+        return v
+
+
+class PatternsConfig(BaseModel):
+    """Root model for patterns.yaml."""
+    version: int
+    pattern_count: int = 0
+    patterns: List[PatternDefinition] = Field(default_factory=list)
+
+    @model_validator(mode="after")
+    def check_pattern_count(self) -> "PatternsConfig":
+        actual = len(self.patterns)
+        if self.pattern_count > 0 and actual != self.pattern_count:
+            raise ValueError(
+                f"pattern_count ({self.pattern_count}) does not match "
+                f"actual number of patterns ({actual})"
+            )
+        return self
+
+    @model_validator(mode="after")
+    def check_unique_ids(self) -> "PatternsConfig":
+        ids = [p.id for p in self.patterns]
+        if len(ids) != len(set(ids)):
+            dupes = [i for i in ids if ids.count(i) > 1]
+            raise ValueError(f"Duplicate pattern IDs: {set(dupes)}")
+        return self

tweek/config/patterns.yaml

@@ -1,5 +1,5 @@
 # Tweek Attack Pattern Definitions v3
-# All 215 patterns included FREE
+# All 259 patterns included FREE
 #
 # Update via: tweek update (pulls from github.com/gettweek/tweek)
 #

tweek/hooks/post_tool_use.py

@@ -11,7 +11,7 @@ web pages, documents, and other ingested content.
 
 Screening Pipeline:
 1. Language Detection — identify non-English content
-2. Pattern Matching — 215 regex patterns for known attack vectors
+2. Pattern Matching — 259 regex patterns for known attack vectors
 3. LLM Review — semantic analysis if non-English escalation triggers
 
 Claude Code PostToolUse Protocol:

tweek/licensing.py

@@ -74,7 +74,7 @@ class LicenseInfo:
 # Only compliance and team management features require a license.
 TIER_FEATURES = {
     Tier.FREE: [
-        "pattern_matching",       # All 215 patterns included free
+        "pattern_matching",       # All 259 patterns included free
         "basic_logging",
         "vault_storage",
         "cli_commands",

{tweek-0.3.0.dist-info → tweek-0.3.1.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: tweek
-Version: 0.3.0
+Version: 0.3.1
 Summary: Defense-in-depth security for AI coding assistants - protect credentials, code, and system from prompt injection attacks
 Author: Tommy Mancino
 License-Expression: Apache-2.0
@@ -45,6 +45,7 @@ Provides-Extra: dev
 Requires-Dist: pytest>=7.0; extra == "dev"
 Requires-Dist: pytest-cov>=4.0; extra == "dev"
 Requires-Dist: pytest-xdist>=3.5.0; extra == "dev"
+Requires-Dist: hypothesis>=6.98.0; extra == "dev"
 Requires-Dist: black>=23.0; extra == "dev"
 Requires-Dist: ruff>=0.1.0; extra == "dev"
 Requires-Dist: twine>=4.0; extra == "dev"
@@ -165,7 +166,7 @@ Turn 3: cat ~/.ssh/id_rsa → BLOCKED: path_escalation anomaly
 
 **Response injection** — Malicious instructions hidden in tool responses are caught at ingestion.
 
-See the full [Attack Patterns Reference](docs/ATTACK_PATTERNS.md) for all 259 patterns across 22 categories.
+See the full [Attack Patterns Reference](docs/ATTACK_PATTERNS.md) for all 259 patterns across 11 categories.
 
 ---
 

{tweek-0.3.0.dist-info → tweek-0.3.1.dist-info}/RECORD

@@ -1,22 +1,23 @@
-tweek/__init__.py,sha256=v1mBM39Sp-MgonHi8fotmfcN7dxbow_Eh9xdbSYnjN4,360
+tweek/__init__.py,sha256=NppVIy7NWIJrgFbWfAVveJtg-UdwqA9ux98hciWBeLM,360
 tweek/_keygen.py,sha256=UapwIKNSwaRWdqHoJoF3hmKuiux6aIiFGe8WVskTbI8,1286
-tweek/audit.py,sha256=Bp4RETwdiHpT2EEi45atZa0LlJUOtALhrc3UT8MHvF8,8868
-tweek/cli.py,sha256=0AxYSIQ56Y2OHNVGSocNksYkiiLfUFNx5XvBUzCtZZI,254670
+tweek/audit.py,sha256=OmCUagbx_fkCorcrZt2ebTtDm-rr4fRKkZpxZdvZens,8868
+tweek/cli.py,sha256=Ad54k7bDws9Eg7z3oeEVR85Ni9DQz72JJVUFC1WV_zA,256803
 tweek/cli_helpers.py,sha256=Q2NTOkyRTOIPNLMqY2jA5_tuzDPksAGwGXYPRK3bzoY,5538
 tweek/cli_model.py,sha256=iMZStFqA0Nqyzm4rxSbhD4v-AqcO6h5NI72AR7cldoY,12853
 tweek/diagnostics.py,sha256=KbtXQH8QrRBoyIFWumL6q9--aQQdR0tUo2GzjMhwpII,24601
-tweek/licensing.py,sha256=4Pt34t8Y60jaLMBYLjnmLs_0o_LUahOhGflhXeZtuPU,11703
-tweek/config/__init__.py,sha256=C_kQm0LqYdM67E9wNi6bsX2V7xz7GY4HiICb_XlrX8A,362
+tweek/licensing.py,sha256=wYN8wBYVCp1RbAi_sWeF7gKKBSU116ncX3tnZawYUpQ,11703
+tweek/config/__init__.py,sha256=ENwimeLZd2gSJXpkASMY45hbMUDn2RwM-Zl_RMvpCbQ,772
 tweek/config/allowed_dirs.yaml,sha256=dMF_DqKgQThzkdIEoXzDBfAjbopGrk0HTkiM7ENmBaU,788
 tweek/config/families.yaml,sha256=jkNO0UsmX3MFlTKC9Or3p8_MlD3ZtHM0SrQIYFqx9i8,18212
-tweek/config/manager.py,sha256=FTBJ4sMwnENH9tfvKB5d1SFve1R__k5j2KXb38vn1CA,39347
-tweek/config/patterns.yaml,sha256=8ow--0qdPJNjIY94j-vDEcrHt-TYgf9uuPCiqSMCIEQ,85376
+tweek/config/manager.py,sha256=Jk9l_UJM9e5_fxTvWFXrU0677u9HCttmunahp36woBE,40591
+tweek/config/models.py,sha256=RbVjC2pxnkrBKanS6QGDrHwPVkmss5ouG_dqAHf_C3Q,10018
+tweek/config/patterns.yaml,sha256=hu0lphSN0i_bY8kla65bTaBEQR8phhrb3BLC1KprMLw,85376
 tweek/config/tiers.yaml,sha256=9hIXQ9izVKXd8ptoCsQiBo2r_XY8RvIk7VWrhWggkbc,10191
 tweek/hooks/__init__.py,sha256=GcgDjPdhZayxmyZ4-GfBa-ISARNtt9087RsuprRq2-s,54
 tweek/hooks/break_glass.py,sha256=GNMhCtLWPylNMlQ5QfsoUkEjgIT1Uk1Ik7HvRWeE5N8,4636
 tweek/hooks/feedback.py,sha256=uuA4opHYyBHC5sElBz-fr2Je3cg2DAv-aRHvETZcag0,6555
 tweek/hooks/overrides.py,sha256=1Yw_NPpZMvcFG_uyNY-ouBKSSomnxOptRedSjzkkhmE,18635
-tweek/hooks/post_tool_use.py,sha256=DiAnWOBd9t4vpMz1JsgUjYzToU6i-igesP2Vk83AAAc,17195
+tweek/hooks/post_tool_use.py,sha256=22ugZdlZn2Q0eUcUucelrF18N7mCgaC_agb7kZT51Ww,17195
 tweek/hooks/pre_tool_use.py,sha256=70XbonRSGh8rYpDlI4R_Z5Ug2LwU4iLyLsS87I5xlqc,71743
 tweek/integrations/__init__.py,sha256=sl7wFwbygmnruugX4bO2EUjoXxBlCpzTKbj-1zHuUPg,78
 tweek/integrations/openclaw.py,sha256=jX99__ODGI7Cq6gclSTK2pI5lsI7UGh5_iCHmq1R8RY,13798
@@ -113,11 +114,11 @@ tweek/skills/scanner.py,sha256=PaeZNnwxLTGls2O3hQaDgBhGw9jVJThPjfKCY_05_nI,27574
 tweek/vault/__init__.py,sha256=L408fjdRYL8-VqLEsyyHSO9PkBDhd_2mPIbrCu53YhM,980
 tweek/vault/cross_platform.py,sha256=D4UvX_7OpSo8iRx5sc2OUUWQIk8JHhgeFBYk1MbyIj4,8251
 tweek/vault/keychain.py,sha256=XL18-SUj7HwuqxLXZDViuCH81--KMu68jN9Szn1aeyw,10624
-tweek-0.3.0.dist-info/licenses/LICENSE,sha256=rjoDzr1vAf0bsqZglpIyekU5aewIkCk4jHZZDvVI2BE,15269
-tweek-0.3.0.dist-info/licenses/NOTICE,sha256=taQokyDes5UTRNEC67G-13VmqvUyTOncrrT33pCcWL0,8729
+tweek-0.3.1.dist-info/licenses/LICENSE,sha256=rjoDzr1vAf0bsqZglpIyekU5aewIkCk4jHZZDvVI2BE,15269
+tweek-0.3.1.dist-info/licenses/NOTICE,sha256=taQokyDes5UTRNEC67G-13VmqvUyTOncrrT33pCcWL0,8729
 tweek-openclaw-plugin/node_modules/flatted/python/flatted.py,sha256=UYburBDqkySaTfSpntPCUJRxiBGcplusJM7ECX8FEgA,3860
-tweek-0.3.0.dist-info/METADATA,sha256=4eLu77u_VjfeqHnZ_-sIXRthm3In7dOHRnGkAaqQy2Y,11889
-tweek-0.3.0.dist-info/WHEEL,sha256=wUyA8OaulRlbfwMtmQsvNngGrxQHAvkKcvRmdizlJi0,92
-tweek-0.3.0.dist-info/entry_points.txt,sha256=YXThD6UiF5XQXwqW33sphsvz-Bl4Zm6pm-xq-5wcCYE,1337
-tweek-0.3.0.dist-info/top_level.txt,sha256=jtNcCxjoGXN8IBqEVL0F3LHDrZD_B0S-4XF9-Ur7Pbc,28
-tweek-0.3.0.dist-info/RECORD,,
+tweek-0.3.1.dist-info/METADATA,sha256=iR7qpsuY7fLnF2DO8OWFrqUTE2vuDv3_VNMWddDIZMU,11939
+tweek-0.3.1.dist-info/WHEEL,sha256=wUyA8OaulRlbfwMtmQsvNngGrxQHAvkKcvRmdizlJi0,92
+tweek-0.3.1.dist-info/entry_points.txt,sha256=YXThD6UiF5XQXwqW33sphsvz-Bl4Zm6pm-xq-5wcCYE,1337
+tweek-0.3.1.dist-info/top_level.txt,sha256=jtNcCxjoGXN8IBqEVL0F3LHDrZD_B0S-4XF9-Ur7Pbc,28
+tweek-0.3.1.dist-info/RECORD,,