Same fix as doc-guardian - prompt hooks unreliable.
Command hook guarantees exact behavior.
- Add security-check.sh that skips config/doc files silently
- Only checks code files for hardcoded secrets
- Outputs with [code-sentinel] prefix
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Prompt hook approach didn't work - Claude ignores instructions.
Real fix was switching to command hook type.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Prompt hooks are unreliable - Claude ignores instructions and generates
verbose analysis despite explicit FORBIDDEN rules. Command hooks guarantee
the exact output we want.
- Add notify.sh script that only outputs for config file changes
- Change hooks.json from prompt type to command type
- Script exits silently for non-config files (no blocking)
Fixes#110
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add protected branch detection to /commit command (Step 1)
- Warn users before committing to protected branches
- Offer to create feature branch automatically
- Rewrite doc-guardian hook to be truly non-blocking
- Enforce strict [plugin-name] prefix in all hook outputs
- Add forbidden words list to prevent accidental blocking
Fixes#109, #110
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add [plugin-name] prefix to all hook messages for better identification
- Make doc-guardian hook notification-only (non-blocking)
- Add stale branch detection to /commit-sync with git fetch --prune
- Enhance /branch-cleanup to handle stale branches separately
Closes improvements for hook UX and git workflow
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The MCP server's branch-aware security blocks write operations on
protected branches (main, fix/*, etc). After pushing a feature branch
and creating a PR, we must switch back to development before adding
comments to issues via MCP tools.
When MCP tools are not available in a session (the very scenario
/debug-report is designed to diagnose), the command now falls back to:
1. Check for Gitea credentials at ~/.config/claude/gitea.env
2. Use curl + jq to create the issue via Gitea REST API
3. If no credentials, save report to local file for manual submission
Security measures:
- Uses mktemp -m 600 for restrictive file permissions
- Uses jq --rawfile for safe JSON construction (no command substitution)
- Proper cleanup of temporary files
Fixes#100
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The suggest_labels tool accepted a repo parameter in the implementation
but didn't expose it in the MCP tool schema, causing it to always rely
on auto-detection which failed in some contexts.
Fixes#94
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
MCP servers fail when venvs don't exist in ~/.claude/plugins/marketplaces/.
Claude Code doesn't run setup.sh when installing marketplaces, so users
must run it manually.
Added:
- Critical warning section at top of UPDATING.md
- Step to run setup in installed location after updates
- Troubleshooting for "X MCP servers failed" error
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Aligns pr-review .mcp.json with projman by adding PYTHONPATH environment
variable. This inconsistency may have caused MCP server failures when
both plugins are loaded.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Remove incorrect nested matcher/hooks structure from SessionStart hooks.
SessionStart events don't use matchers - that format is only for tool-based
hooks like PreToolUse/PostToolUse.
Fixes recurring "SessionStart:startup hook error" on Claude Code startup.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Remove false claim about Stop hook (was removed in d2ad90d)
- Fix Solution section to accurately describe prompt-based behavior
- Remove misleading "queue" language since there's no persistent queue
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The Stop hook referenced a non-existent "internal queue" for tracking
documentation drift. Each hook runs in isolation with no way to pass
data between invocations, so the queue concept couldn't work.
The hook was causing errors on every session end:
"Stop hook error: Prompt hook condition was not met..."
Changes:
- Removed the Stop hook entirely
- Updated PostToolUse hook to report drift immediately when found
(instead of referencing non-existent queue)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
New commands for structured debugging workflow:
/debug-report (for test projects):
- Runs 5 diagnostic MCP tool tests
- Captures full project context (git remote, cwd, branch)
- Generates structured issue with hypothesis
- Creates issue in marketplace repo automatically
/debug-review (for marketplace repo):
- Lists open diagnostic issues for triage
- Maps errors to relevant code files
- MANDATORY: Reads files before proposing fixes
- Three human approval gates
- Creates feature branch, commits, PR with linking
Also includes:
- Dynamic label format detection in suggest_labels
- Rewritten labels-sync.md with explicit execution steps
- Version bump to 3.1.0
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
ROOT CAUSE: The MCP server runs with cwd set to the plugin directory,
not the user's project. It cannot auto-detect the repository.
SOLUTION: The command documentation now explicitly instructs Claude to:
1. Run `git remote get-url origin` via Bash first
2. Parse the URL to extract owner/repo
3. Pass repo parameter to ALL MCP tool calls
Also removed the "Label Reference" section that was causing Claude
to ask about creating a local reference file.
Key changes:
- Added "CRITICAL: Execution Steps" section with numbered steps
- Added "DO NOT" section to prevent common mistakes
- Removed confusing reference file documentation
- Made all MCP tool calls show required repo parameter
Fixes#77
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
