The inline JS in the Write PreToolUse hook had a multi-layer escaping
bug: the regex [\\/\\] collapsed to [\/\] after the validator's
unescape chain, producing an invalid regex (Unmatched ')').
Fix: move the doc-file-warning hook to scripts/hooks/pre-write-doc-warn.js,
eliminating the inline escaping problem entirely. All 992 tests now pass.
Closes the 991/992 CI failure on main.
- Swap loadHistory/appendTurn order to prevent user message appearing
twice in the prompt (once in history, once as USER MESSAGE)
- Calculate actual loaded skill count via fs.existsSync instead of
counting requested skill names (banner now reflects reality)
- Add err.stack to test harness error output for better debugging
This script scans the current working directory and generates architectural codemap documentation in the specified output directory. It classifies files into areas such as frontend, backend, database, integrations, and workers, and creates markdown files for each area along with an index.
The post-edit-format hook was hardcoded to use Prettier. Projects using
Biome had their code reformatted with Prettier defaults (e.g. double
quotes overwriting single quotes).
Now the hook walks up from the edited file to find the project root,
then checks for config files:
- biome.json / biome.jsonc → runs Biome
- .prettierrc / prettier.config.* → runs Prettier
- Neither found → skips formatting silently
Implements a barebones agent loop that delegates to `claude -p` with
markdown-as-database session persistence and ECC skill context loading.
Zero external dependencies, ~264 lines of pure Node.js CommonJS.
- scripts/claw.js: core module (storage, context, delegation, REPL)
- commands/claw.md: slash command definition with usage docs
- tests/scripts/claw.test.js: 14 unit tests covering all modules
- package.json: add claw script and files entry
- tests/run-all.js: register claw tests in test manifest
User messages containing newline characters were being added as-is to
markdown list items in buildSummarySection(), breaking the list format.
Now newlines are replaced with spaces before backtick escaping.
On Unix/macOS, rename(2) atomically replaces the destination file.
The previous code ran unlinkSync before renameSync on all platforms,
creating an unnecessary non-atomic window where a crash could lose
data. Now the delete-before-rename is gated behind process.platform
=== 'win32', where rename cannot overwrite an existing file.
The box() helper produced lines that were width+1 characters instead of
the requested width. Adjusted all three formulas (top border, middle
content, bottom border) by -1 each. Added 4 tests verifying box width
accuracy across instincts(), analysisResults(), and nextSteps() output.
When --global or --project was followed by another flag (e.g., --global --project),
the flag was treated as a package manager name. Added pmName.startsWith('-') check
to both handlers. Added 20 tests across 4 test files covering argument validation,
ensureDir error propagation, runCommand stderr handling, and saveAliases failure paths.
new Date('YYYY-MM-DD') creates UTC midnight, which in negative UTC offset
timezones (e.g., Hawaii) causes getDate() to return the previous day.
Replaced with new Date(year, month - 1, day) for correct local-time behavior.
Added 15 tests: session-manager datetime verification and edge cases (7),
package-manager getCommandPattern special characters (4), and
validators model/skill-reference validation (4). Tests: 651 → 666.
Replace console.log(data) with process.stdout.write(data) in both
pass-through paths to prevent appending a trailing newline that
corrupts the hook output. Add 7 tests covering exact byte fidelity,
malformed JSON, missing file_path, non-existent files, exclusion
patterns in check-console-log, non-git repo handling, and empty stdin.
Validate args parameter in getExecCommand() against SAFE_ARGS_REGEX to
prevent command injection when returned string is passed to a shell.
Escape regex metacharacters in getCommandPattern() generic action branch
to prevent malformed patterns and unintended matching. Clean up stdin
listeners in readStdinJson() timeout path to prevent process hanging.
Replace shell: true with npx.cmd on Windows in post-edit-format.js and
post-edit-typecheck.js to prevent command injection via crafted file paths.
Replace console.log(data) with process.stdout.write(data) in
check-console-log.js to avoid appending extra newlines to pass-through data.
- session-manager: clamp offset/limit to safe non-negative integers to
prevent negative offset counting from end and NaN returning empty results
- session-aliases: add success field to cleanupAliases return value for
API contract consistency with setAlias/deleteAlias/renameAlias
progressBar() in skill-create-output.js could crash with RangeError when
percent > 100 because repeat() received a negative count. Fixed by
clamping filled to [0, width].
New tests:
- progressBar edge cases: 0%, 100%, and >100% confidence
- Empty patterns/instincts arrays
- post-edit-format: null tool_input, missing file_path, prettier failure
- setup-package-manager: --detect output completeness, current marker
The command cross-reference regex /^.*`\/(...)`.*$/gm only captured the
LAST command ref per line due to greedy .* consuming earlier refs.
Replaced with line-by-line processing using non-anchored regex to
capture ALL command references.
New tests:
- 4 validate-commands multi-ref-per-line tests (regression)
- 8 evaluate-session threshold boundary tests (new file)
- 6 session-aliases edge case tests (cleanup, rename, path matching)
The replaceInFile function in utils.js accepts an optional `options`
parameter with `{ all?: boolean }` for replacing all occurrences, but
the .d.ts type declaration was missing this parameter entirely.
Fix grepFile() silently skipping matches when called with /g flag regex.
The global flag makes .test() stateful, causing alternating match/miss
on consecutive matching lines. Strip g flag since per-line testing
doesn't need global state.
Add first-ever tests for evaluate-session.js (5 tests: short session,
long session, missing transcript, malformed stdin, env var fallback)
and suggest-compact.js (5 tests: counter increment, threshold trigger,
periodic suggestions, below-threshold silence, invalid threshold).
* fix: Windows compatibility for hook scripts
- post-edit-format.js: add `shell: process.platform === 'win32'` to
execFileSync options so npx.cmd is resolved via cmd.exe on Windows
- post-edit-typecheck.js: same fix for tsc invocation via npx
- hooks.json: skip tmux-dependent hooks on Windows where tmux is
unavailable (dev-server blocker and long-running command reminder)
On Windows, execFileSync('npx', ...) without shell:true fails with
ENOENT because Node.js cannot directly execute .cmd files. These
hooks silently fail on all Windows installations.
The tmux hooks unconditionally block dev server commands (exit 2) or
warn about tmux on Windows where tmux is not available.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: parse Claude Code JSONL transcript format correctly
The session-end hook expected user messages at entry.content, but
Claude Code's actual JSONL format nests them at entry.message.content.
This caused all session files to be blank templates (0 user messages
despite 136+ actual entries).
- Check entry.message?.content in addition to entry.content
- Extract tool_use blocks from assistant message.content arrays
Verified with Claude Code v2.1.41 JSONL transcripts.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: ddungan <sckim@mococo.co.kr>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
- hooks.json: add \b word boundary anchors to dev server blocking regex
to prevent false positives matching "npm run develop", "npm run devtools" etc.
- skill-create-output.js: guard box() horizontal repeat with Math.max(0, ...)
to prevent RangeError when title exceeds container width
- Add 13 tests for setup-package-manager.js CLI argument parsing
- Add 14 tests for skill-create-output.js SkillCreateOutput class
- All 333 tests passing
The validator was matching example/template content inside fenced code
blocks as real cross-references, causing false positives for evolve.md
(example /new-table command and debugger agent).
- Strip ``` blocks before running cross-reference checks
- Change evolve.md examples to use bold instead of backtick formatting
for hypothetical outputs
All 261 tests pass.
- hooks.schema.json: add async (boolean) and timeout (number) properties
to hookItem definition, matching fields used in hooks.json
- validate-hooks.js: validate async and timeout types when present
- hooks.test.js: add SessionEnd to required event types check
