feat(marketplace): hook migration, projman commands, optimizations [BREAKING]

Remove all SessionStart and PostToolUse hooks across the marketplace,
retaining only PreToolUse safety hooks and UserPromptSubmit quality hooks.
Add /project and /adr command families, /hygiene check, /cv status.
Create 7 new projman skills for project lifecycle management.
Remove /pm-debug, /suggest-version, /proposal-status commands.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

scripts/verify-hooks.sh

@@ -1,44 +1,101 @@
 #!/bin/bash
-# Verify all hooks are command type (not prompt)
-# Run this after any plugin update
+# verify-hooks.sh — Verify marketplace hook inventory
+# Post-Decision #29: Only PreToolUse safety hooks and UserPromptSubmit quality hooks may exist
+#
+# Expected inventory:
+#   code-sentinel  : PreToolUse → security-check.sh (Write|Edit|MultiEdit)
+#   git-flow       : PreToolUse → branch-check.sh (Bash)
+#   git-flow       : PreToolUse → commit-msg-check.sh (Bash)
+#   cmdb-assistant : PreToolUse → validate-input.sh (MCP create/update)
+#   clarity-assist : UserPromptSubmit → vagueness-check.sh (prompt quality)
+#
+# FAIL conditions:
+#   - Any SessionStart hook
+#   - Any PostToolUse hook
+#   - Any hook of type "prompt"
+#   - Any hooks.json outside the 4 expected plugins
+#   - Missing expected hooks
 
-echo "=== HOOK VERIFICATION ==="
+set -euo pipefail
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+ROOT_DIR="$(dirname "$SCRIPT_DIR")"
+PLUGINS_DIR="$ROOT_DIR/plugins"
+
+echo "=== HOOK VERIFICATION (Post-Decision #29) ==="
 echo ""
 
 FAILED=0
+HOOK_COUNT=0
 
-# Check ALL hooks.json files in .claude directory
-for f in $(find ~/.claude -name "hooks.json" 2>/dev/null); do
-    if grep -q '"type": "prompt"' "$f" || grep -q '"type":"prompt"' "$f"; then
-        echo "❌ PROMPT HOOK FOUND: $f"
+# Allowed plugins with hooks
+ALLOWED_PLUGINS="code-sentinel git-flow cmdb-assistant clarity-assist"
+
+# 1. Check for unexpected hooks.json files
+while IFS= read -r -d '' hooks_file; do
+    plugin_name=$(basename "$(dirname "$(dirname "$hooks_file")")")
+    if ! echo "$ALLOWED_PLUGINS" | grep -qw "$plugin_name"; then
+        echo "FAIL: UNEXPECTED hooks.json in: $plugin_name"
+        echo "   File: $hooks_file"
+        echo "   Only code-sentinel, git-flow, cmdb-assistant, and clarity-assist may have hooks"
         FAILED=1
     fi
-done
+done < <(find "$PLUGINS_DIR" -path "*/hooks/hooks.json" -print0 2>/dev/null)
 
-# Note about cache (informational only - do NOT clear mid-session)
-if [ -d ~/.claude/plugins/cache/leo-claude-mktplace ]; then
-    echo "ℹ️  Cache exists: ~/.claude/plugins/cache/leo-claude-mktplace"
-    echo "   (This is normal - do NOT clear mid-session or MCP tools will break)"
-    echo "   To apply plugin changes: restart Claude Code session"
-fi
+# 2. Check for forbidden hook types
+while IFS= read -r -d '' hooks_file; do
+    plugin_name=$(basename "$(dirname "$(dirname "$hooks_file")")")
 
-# Verify installed hooks are command type
-for plugin in doc-guardian code-sentinel projman pr-review project-hygiene data-platform cmdb-assistant; do
-    HOOK_FILE=~/.claude/plugins/marketplaces/leo-claude-mktplace/plugins/$plugin/hooks/hooks.json
-    if [ -f "$HOOK_FILE" ]; then
-        if grep -q '"type": "command"' "$HOOK_FILE" || grep -q '"type":"command"' "$HOOK_FILE"; then
-            echo "✓ $plugin: command type"
-        else
-            echo "❌ $plugin: NOT command type"
-            FAILED=1
-        fi
+    # Check for SessionStart (FORBIDDEN)
+    if jq -e '.hooks.SessionStart' "$hooks_file" > /dev/null 2>&1; then
+        echo "FAIL: SessionStart hook found in $plugin_name (FORBIDDEN post-Decision #29)"
+        FAILED=1
+    fi
+
+    # Check for PostToolUse (FORBIDDEN)
+    if jq -e '.hooks.PostToolUse' "$hooks_file" > /dev/null 2>&1; then
+        echo "FAIL: PostToolUse hook found in $plugin_name (FORBIDDEN post-Decision #29)"
+        FAILED=1
+    fi
+
+    # Check for prompt type (FORBIDDEN)
+    if grep -q '"type"[[:space:]]*:[[:space:]]*"prompt"' "$hooks_file"; then
+        echo "FAIL: Prompt-type hook found in $plugin_name (FORBIDDEN)"
+        FAILED=1
+    fi
+
+    # Count PreToolUse hooks
+    pre_count=$(jq '[.hooks.PreToolUse[]? | .hooks[]?] | length' "$hooks_file" 2>/dev/null || echo 0)
+    HOOK_COUNT=$((HOOK_COUNT + pre_count))
+
+    # Count UserPromptSubmit hooks (allowed for quality checks)
+    ups_count=$(jq '[.hooks.UserPromptSubmit[]? | .hooks[]?] | length' "$hooks_file" 2>/dev/null || echo 0)
+    HOOK_COUNT=$((HOOK_COUNT + ups_count))
+
+done < <(find "$PLUGINS_DIR" -path "*/hooks/hooks.json" -print0 2>/dev/null)
+
+# 3. Verify expected hooks exist
+for expected in code-sentinel git-flow cmdb-assistant clarity-assist; do
+    if [[ ! -f "$PLUGINS_DIR/$expected/hooks/hooks.json" ]]; then
+        echo "FAIL: Missing expected hooks.json in $expected"
+        FAILED=1
+    else
+        echo "✓ $expected: hooks.json present"
     fi
 done
 
+# 4. Summary
 echo ""
-if [ $FAILED -eq 0 ]; then
-    echo "✓ All hooks verified OK"
+echo "Total hooks: $HOOK_COUNT (expected: 5 — 4 PreToolUse + 1 UserPromptSubmit)"
+if [[ "$HOOK_COUNT" -ne 5 ]]; then
+    echo "FAIL: Hook count mismatch"
+    FAILED=1
+fi
+
+echo ""
+if [[ $FAILED -eq 0 ]]; then
+    echo "✓ All hooks verified OK — 4 PreToolUse safety hooks + 1 UserPromptSubmit quality hook"
 else
-    echo "❌ ISSUES FOUND - fix before using"
+    echo "FAIL: HOOK VERIFICATION FAILED"
     exit 1
 fi