Commit Graph

128 Commits

  • fix: resolve all CI test failures (19 fixes across 6 files) (#519)
    - canonical-session: fall back to JSON file recording when the loaded
      state-store module has no writer methods (factory vs instance)
    - install-executor: skip node_modules and .git dirs in listFilesRecursive
      to prevent ETIMEDOUT copying thousands of .opencode dependency files
    - ecc.js: increase maxBuffer to 10MB for spawned subcommands to prevent
      ENOBUFS on large install plan JSON output
    - install-apply.test: update Cursor and Antigravity path assertions to
      match flattened rule layout and remapped dirs (workflows, skills)
    - ecc.test: increase maxBuffer in test runner to handle large output
    - orchestrate-codex-worker.sh: guard against unreadable task file before
      cat, write failure status and handoff artifacts on early exit
  • feat: add SQLite state store and query CLI (#510)
    * feat: add SQLite state store and ECC status CLI
    
    * fix: replace better-sqlite3 with sql.js to eliminate native module CI failures
    
    better-sqlite3 requires native C++ compilation (node-gyp, prebuild-install)
    which fails in CI across npm/pnpm on all platforms:
    - npm ci: lock file out of sync with native transitive deps
    - pnpm: native bindings not found at runtime
    - Windows: native compilation fails entirely
    
    sql.js is a pure JavaScript/WASM SQLite implementation with zero native
    dependencies. The adapter in index.js wraps the sql.js API to match the
    better-sqlite3 interface used by migrations.js and queries.js.
    
    Key implementation detail: sql.js db.export() implicitly ends active
    transactions, so the adapter defers disk writes (saveToDisk) until
    after transaction commit via an inTransaction guard flag.
    
    createStateStore is now async (sql.js requires async WASM init).
    Updated status.js, sessions-cli.js, and tests accordingly.
  • feat: strengthen install lifecycle and target adapters (#512)
    * fix: strengthen install lifecycle adapters
    
    * fix: restore template content on uninstall
  • feat: self-improving skills loop — observe, inspect, amend, evaluate
    - Add skill health observation layer (execution logging, success/failure tracking)
    - Add skill health inspector (trace recurring failures across runs)
    - Add amendify mechanism (propose SKILL.md patches from failure evidence)
    - Add evaluation scaffolding (compare amended vs original performance)
    - Wire into session-inspect CLI: skills:health, skills:amendify, skills:evaluate
    - 1145/1145 tests passing (+3 new)
  • feat: expand session adapter registry with structured targets
    - Registry accepts { type, value } structured targets
    - Add --list-adapters and --target-type CLI flags to session-inspect
    - Export adapter type from claude-history and dmux-tmux adapters
    - 71 new session adapter tests, 34 new session-inspect tests
    - All 1142 tests passing
  • Merge remote-tracking branch 'origin/main' into feat/optimize-biome-hooks
    # Conflicts:
    #	tests/hooks/hooks.test.js
    #	tests/run-all.js
  • feat: architecture improvements — test discovery, hooks schema, catalog, command map, coverage, cross-harness docs
    - AGENTS.md: sync skills count to 65+
    - tests/run-all.js: glob-based test discovery for *.test.js
    - scripts/ci/validate-hooks.js: validate hooks.json with ajv + schemas/hooks.schema.json
    - schemas/hooks.schema.json: hookItem.type enum command|notification
    - scripts/ci/catalog.js: catalog agents, commands, skills (--json | --md)
    - docs/COMMAND-AGENT-MAP.md: command → agent/skill map
    - docs/ARCHITECTURE-IMPROVEMENTS.md: improvement recommendations
    - package.json: ajv, c8 devDeps; npm run coverage
    - CONTRIBUTING.md: Cross-Harness and Translations section
    - .gitignore: coverage/
    
    Made-with: Cursor
  • refactor: deduplicate config lists and unify resolveFormatterBin branches
    Extract BIOME_CONFIGS and PRETTIER_CONFIGS as shared constants to eliminate
    duplication between PROJECT_ROOT_MARKERS and detectFormatter(). Unify the
    biome/prettier branches in resolveFormatterBin() via a FORMATTER_PACKAGES
    map. Remove redundant path.resolve() in quality-gate.js.
  • fix(hooks): add Windows .cmd support with shell injection guard
    Handle Windows .cmd shim resolution via spawnSync with strict path
    validation. Removes shell:true injection risk, uses strict equality,
    and restores .cmd support with path injection guard.
  • perf(hooks): use direct require() instead of spawning child process
    Invoke hook scripts directly via require() when they export a
    run(rawInput) function, eliminating one Node.js process spawn per
    hook invocation (~50-100ms).
    
    Includes path traversal guard, timeouts, error logging, PR review
    feedback, legacy hooks guard, normalized filePath, and restored
    findProjectRoot config detection with package manager support.
  • fix: extract BLOCKING_SEVERITIES constant, document broad catch
    - Extract BLOCKING_SEVERITIES frozenset for extensible severity checks.
    - Add inline comment on broad Exception catch explaining intentional
      SDK fault-tolerance pattern (BLE001 acknowledged).
    
    Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
  • fix: dict anomaly access, configurable fail mode, exception type logging
    - Add get_anomaly_attr() helper that handles both dict and object
      anomalies. The SDK's send_message() returns dicts, so getattr()
      was silently returning defaults -- critical blocking never triggered.
    - Fix field name: "detail" -> "details" (matches SDK schema).
    - Make fail-open/fail-closed configurable via INSAITS_FAIL_MODE env var
      (defaults to "open" for backward compatibility).
    - Include exception type name in fail-open log for diagnostics.
    - Normalize severity comparison with .upper() for case-insensitive matching.
    
    Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
  • fix: address cubic-dev-ai + coderabbit round 3 review
    cubic-dev-ai P2: dev_mode now defaults to "false" (strict mode).
    Users opt in to dev mode by setting INSAITS_DEV_MODE=true.
    
    cubic-dev-ai P2: Move null-status check above stdout/stderr writes
    in wrapper so partial/corrupt output is never leaked. Pass through
    original raw input on signal kill, matching the result.error path.
    
    coderabbit major: Wrap insAItsMonitor() and send_message() in
    try/except so SDK errors don't crash the hook. Logs warning and
    exits 0 (fail-open) on exception.
    
    coderabbit nitpick: write_audit now creates a new dict (enriched)
    instead of mutating the caller's event dict.
    
    coderabbit nitpick: Extract magic numbers to named constants:
    MIN_CONTENT_LENGTH=10, MAX_SCAN_LENGTH=4000, DEFAULT_MODEL.
    
    Also: added env var documentation to module docstring.
    
    Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
  • fix: make dev_mode configurable via INSAITS_DEV_MODE env var
    Defaults to true (no API key needed) but can be disabled by setting
    INSAITS_DEV_MODE=false for production deployments with an API key.
    
    Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
  • fix: address cubic-dev-ai review — 3 issues
    P1: Log non-ENOENT spawn errors (timeout, signal kill) to stderr
    instead of silently exiting 0. Separate handling for result.error
    and null result.status so users know when the security monitor
    failed to run.
    
    P1: Remove "async": true from hooks.json — async hooks run in the
    background and cannot block tool execution. The security hook needs
    to be synchronous so exit(2) actually prevents credential exposure
    and other critical findings from proceeding.
    
    P2: Remove dead tool_response/tool_result code from extract_content.
    In a PreToolUse hook the tool hasn't executed yet, so tool_response
    is never populated. Removed the variable and the unreachable branch
    that appended its content.
    
    Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
  • fix: address CodeRabbit review — convert to PreToolUse, add type annotations, logging
    Critical fixes:
    - Convert hook from PostToolUse to PreToolUse so exit(2) blocking works
    - Change all python references to python3 for cross-platform compat
    - Add insaits-security-wrapper.js to bridge run-with-flags.js to Python
    
    Standard fixes:
    - Wrap hook with run-with-flags.js so users can disable via
      ECC_DISABLED_HOOKS="pre:insaits-security"
    - Add "async": true to hooks.json entry
    - Add type annotations to all function signatures (Dict, List, Tuple, Any)
    - Replace all print() statements with logging module (stderr)
    - Fix silent OSError swallow in write_audit — now logs warning
    - Remove os.environ.setdefault('INSAITS_DEV_MODE') — pass dev_mode=True
      through monitor constructor instead
    - Update hooks/README.md: moved to PreToolUse table, "detects" not
      "catches", clarify blocking vs non-blocking behavior
    
    Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
  • perf(hooks): eliminate npx overhead and merge biome invocations
    - Use local node_modules/.bin/biome binary instead of npx (~200-500ms savings)
    - Change post-edit-format from `biome format --write` to `biome check --write`
      (format + lint in one pass)
    - Skip redundant biome check in quality-gate for JS/TS files already
      handled by post-edit-format
    - Fix quality-gate to use findProjectRoot instead of process.cwd()
    - Export run() function from both hooks for direct invocation
    - Update tests to match shared resolve-formatter module usage
  • feat(hooks): add shared resolve-formatter utility with caching
    Extract project-root discovery, formatter detection, and binary
    resolution into a reusable module. Caches results per-process to
    avoid redundant filesystem lookups on every Edit hook invocation.
    
    This is the foundation for eliminating npx overhead in format hooks.
  • feat: add InsAIts PostToolUse security monitoring hook
    - Add insaits-security-monitor.py: real-time AI security monitoring
      hook that catches credential exposure, prompt injection,
      hallucinations, and 20+ other anomaly types
    - Update hooks.json with InsAIts PostToolUse entry
    - Update hooks/README.md with InsAIts in PostToolUse table
    - Add InsAIts MCP server entry to mcp-configs/mcp-servers.json
    
    InsAIts (https://github.com/Nomadu27/InsAIts) is an open-source
    runtime security layer for multi-agent AI. It runs 100% locally
    and writes tamper-evident audit logs to .insaits_audit_session.jsonl.
    
    Install: pip install insa-its
    
    Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
  • fix(hooks): allow tmux-wrapped dev server commands (#321)
    * fix(hooks): fix shell splitter redirection/escape bugs, extract shared module
    
    - Fix single & incorrectly splitting redirection operators (&>, >&, 2>&1)
    - Fix escaped quotes (\", \') not being handled inside quoted strings
    - Extract splitShellSegments into shared scripts/lib/shell-split.js
      to eliminate duplication between hooks.json, before-shell-execution.js,
      and pre-bash-dev-server-block.js
    - Add comprehensive tests for shell splitting edge cases
    
    * fix(hooks): handle backslash escapes outside quotes in shell splitter
    
    Escaped operators like \&& and \; outside quotes were still being
    treated as separators. Add escape handling for unquoted context.
  • fix: auto-start dev servers in tmux instead of blocking (#344)
    * fix: auto-start development servers in tmux instead of blocking
    
    Replace blocking PreToolUse hook that used process.exit(2) with an auto-transform hook that:
    - Detects development server commands
    - Wraps them in tmux with directory-based session names
    - Runs server detached so Claude Code is not blocked
    - Provides confirmation message with log viewing instructions
    
    Benefits:
    - Development servers no longer block Claude Code execution
    - Each project gets its own tmux session (allows multiple projects)
    - Logs remain accessible via 'tmux capture-pane -t <session>'
    - Non-blocking: if tmux unavailable, command still runs (graceful fallback)
    
    Implementation:
    - Created scripts/hooks/auto-tmux-dev.js with transform logic
    - Updated hooks.json to reference the script instead of inline node command
    - Applied same fix to cached plugin version (1.4.1) for immediate effect
    
    * fix: resolve PR #344 code review issues in auto-tmux-dev.js
    
    Critical fixes:
    - Fix variable scope: declare 'input' before try block, not inside
    - Fix shell injection: sanitize sessionName and escape cmd for shell
    - Replace unused execFileSync import with spawnSync
    
    Improvements:
    - Add real Windows support using cmd /k window launcher
    - Add tmux availability check with graceful fallback
    - Update header comment to accurately describe platform support
    
    Test coverage:
    - Valid JSON input: transforms command for respective platform
    - Invalid JSON: passes through raw data unchanged
    - Unsupported tools: gracefully falls back to original command
    - Shell metacharacters: sanitized in sessionName, escaped in cmd
    
    * fix: correct cmd.exe escape sequence for double quotes on Windows
    
    Use double-quote doubling ('""') instead of backslash-escape ('\\\") for cmd.exe syntax.
    Backslash escaping is Unix convention and not recognized by cmd.exe. This fixes quoted
    arguments in dev server commands on Windows (e.g., 'npm run dev --filter="my-app"').
  • fix(hooks): scrub secrets and harden hook security (#348)
    * fix(hooks): scrub secrets and harden hook security
    
    - Scrub common secret patterns (api_key, token, password, etc.) from
      observation logs before persisting to JSONL (observe.sh)
    - Auto-purge observation files older than 30 days (observe.sh)
    - Strip embedded credentials from git remote URLs before saving to
      projects.json (detect-project.sh)
    - Add command prefix allowlist to runCommand — only git, node, npx,
      which, where are permitted (utils.js)
    - Sanitize CLAUDE_SESSION_ID in temp file paths to prevent path
      traversal (suggest-compact.js)
    
    Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
    
    * fix(hooks): address review feedback from CodeRabbit and Cubic
    
    - Reject shell command-chaining operators (;|&`) in runCommand, strip
      quoted sections before checking to avoid false positives (utils.js)
    - Remove command string from blocked error message to avoid leaking
      secrets (utils.js)
    - Fix Python regex quoting: switch outer shell string from double to
      single quotes so regex compiles correctly (observe.sh)
    - Add optional auth scheme match (Bearer, Basic) to secret scrubber
      regex (observe.sh)
    - Scope auto-purge to current project dir and match only archived
      files (observations-*.jsonl), not live queue (observe.sh)
    - Add second fallback after session ID sanitization to prevent empty
      string (suggest-compact.js)
    - Preserve backward compatibility when credential stripping changes
      project hash — detect and migrate legacy directories
      (detect-project.sh)
    
    Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
    
    * fix(hooks): block $() substitution, fix Bearer redaction, add security tests
    
    - Add $ and \n to blocked shell metacharacters in runCommand to prevent
      command substitution via $(cmd) and newline injection (utils.js)
    - Make auth scheme group capturing so Bearer/Basic is preserved in
      redacted output instead of being silently dropped (observe.sh)
    - Add 10 unit tests covering runCommand allowlist blocking (rm, curl,
      bash prefixes) and metacharacter rejection (;|&`$ chaining), plus
      error message leak prevention (utils.test.js)
    
    Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
    
    * fix(hooks): scrub parse-error fallback, strengthen security tests
    
    Address remaining reviewer feedback from CodeRabbit and Cubic:
    
    - Scrub secrets in observe.sh parse-error fallback path (was writing
      raw unsanitized input to observations file)
    - Remove redundant re.IGNORECASE flag ((?i) inline flag already set)
    - Add inline comment documenting quote-stripping limitation trade-off
    - Fix misleading test name for error-output test
    - Add 5 new security tests: single-quote passthrough, mixed
      quoted+unquoted metacharacters, prefix boundary (no trailing space),
      npx acceptance, and newline injection
    - Improve existing quoted-metacharacter test to actually exercise
      quote-stripping logic
    
    Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
    
    * fix(security): block $() and backtick inside quotes in runCommand
    
    Shell evaluates $() and backticks inside double quotes, so checking
    only the unquoted portion was insufficient. Now $ and ` are rejected
    anywhere in the command string, while ; | & remain quote-aware.
    
    Addresses CodeRabbit and Cubic review feedback on PR #348.
    
    Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
    
    ---------
    
    Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
  • fix(lint): remove unnecessary escape characters in regex patterns
    - doc-file-warning.js: \/ → / inside character classes (4 occurrences)
    - project-detect.js: \[ → [ inside character classes (2 occurrences)
    
    These are pre-existing no-useless-escape errors on upstream main.
  • fix(hooks): exclude .history/ directory from doc file warning
    Incorporates the fix from #316 into the standalone script.
  • fix: resolve CI failures on main — lint, hooks validator, and test alignment
    - Fix MD012 trailing blank lines in commands/projects.md and commands/promote.md
    - Fix MD050 strong-style in continuous-learning-v2 (escape __tests__ as inline code)
    - Extract doc-file-warning hook to standalone script to fix hooks validator regex parsing
    - Update session-end test to match #317 behavior (always update summary content)
    - Allow shell script hooks in integration test format validation
    
    All 992 tests passing.
  • feat: automatic project type and framework detection (#293)
    Add SessionStart hook integration that auto-detects project languages
    and frameworks by inspecting marker files and dependency manifests.
    
    Supports 12 languages (Python, TypeScript, Go, Rust, Ruby, Java, C#,
    Swift, Kotlin, Elixir, PHP, JavaScript) and 25+ frameworks (Next.js,
    React, Django, FastAPI, Rails, Laravel, Spring, etc.).
    
    Detection output is injected into Claude's context as JSON, enabling
    context-aware recommendations without loading irrelevant rules.
    
    - New: scripts/lib/project-detect.js (cross-platform detection library)
    - Modified: scripts/hooks/session-start.js (integration)
    - New: tests/lib/project-detect.test.js (28 tests, all passing)
    
    Co-authored-by: Claude <noreply@anthropic.com>