v1.10.0

v1.10.0

Hook-layer hardening for monorepos and plugin-form context-mode installs, plus two session-gate reliability fixes.

Added

• cwd-guard.sh — PreToolUse:Bash hook preventing persistent shell cwd drift in monorepos (#69). The Bash tool keeps one persistent shell whose working directory survives between calls, so a standalone cd <subdir> parks every later call in that subdir. In a git-submodule monorepo this is corrosive: once the shell sits inside a submodule, git rev-parse --show-toplevel resolves to the submodule root, every CMM/Context-Mode hook computes a different PROJECT_HASH, the sentinels stop matching, and the session gate + enforcer wrongly report "not indexed". Drift can't be detected after the fact (the hook payload's cwd is the session root), only prevented. The guard blocks any command whose top-level effect is a persistent cd/pushd/popd away from the project root, while allowing absolute paths, git -C <subdir>, subshells, re-anchoring, env-prefixed/flag-bearing/backgrounded cd forms, and a # cwd-exempt bypass; fail-open when python3 or the root can't be resolved. Root detection reuses the shared project-root.sh. (tests/test-cwd-guard.sh, 22 assertions.)

Fixed

• Plugin-form context-mode tools no longer deadlock the session gate (#66). session-gate.sh recognized only the legacy MCP-server form (mcp__context-mode__*) and bare ctx_* names, never the plugin-install form (mcp__plugin_context-mode_context-mode__*). On a fresh plugin-form project the ctx tools were blocked, and the block message told the agent to run the very tools it had just blocked — a circular deadlock whose only escape was manually touching the sentinel. Adds the plugin-form bypass to both gate phases.
• Large-codebase startup no longer freezes behind the first index (#67). Until the CMM sentinel was rewritten, the gate hard-blocked Edit/Write/WebFetch/Skill; on a large repo the first full index is a multi-minute blocking call, freezing the session. Adds a fail-open-while-indexing path keyed on a fresh /tmp/cmm-indexing-<hash> marker (120-minute TTL safety valve), cleared once indexing completes.
• Shell syntax checks (bash -n / sh -n / zsh -n / dash -n) are exempt from the Bash output enforcer (#68). Parse-only checks emit nothing on success, so routing them through ctx_execute was pure friction. Compound commands that merely start with a syntax check remain blocked.

Full changelog: see CHANGELOG.md [1.10.0]. Diff: v1.9.0...v1.10.0.

v1.8.0 — Rules-to-Skills + enforcement hardening

v1.8.0 — Rules-to-Skills conversion + enforcement hardening

This is a minor feature release. It is also the first GitHub Release published since v1.4.0, so it rolls up the previously tagged-but-unreleased work (v1.5.0–v1.7.1) into one current release.

Highlights

Phase 61 — CMM/ctx rules packaged as Claude Code Skills

• cmm-rules and ctx-rules are now Claude Code Skills (skills/{cmm,ctx}-rules/SKILL.md). VBW subagents opt in via skills: frontmatter with progressive disclosure, so the navigation/retrieval protocols load on demand instead of bloating every subagent prompt.
• Per-agent assignment: dev, lead, scout, debugger, qa get both; docs gets ctx-rules; architect gets cmm-rules.
• setup.sh installs .claude/skills/ in both global and project scopes.
• SubagentStart hooks shrunk to short pointers; PreToolUse block messages append a See skill <name> reference.

Enforcement hardening (field-tested)

• ctx-execute-enforcer closes the compound-shell exemption bypass: cd <dir> && <cmd> prefix peeling (quoted and unquoted paths) plus detection of &&, ||, ;, |, $(...), backticks, bare &, and embedded newlines — with a newline-aware, quote-scrubbing pass so legitimate multi-line git commit -m "…" messages are not false-positive blocked.
• Context-mode detection now scans the versioned plugin-cache directory and enabledPlugins, in addition to the legacy .mcp.json probe.
• Install-scope detection no longer re-adds redundant .mcp.json entries when the plugin form is already installed.
• PostToolUse sentinel-writer matcher covers plugin-form tool names (mcp__plugin_context-mode_context-mode__*).

Verification

• Enforcer suite (tests/test-ctx-execute-enforcer.sh) 47/47.
• CHECKSUMS.sha256 regenerated and verifies clean.
• The Phase 61 PR (#62) went through 3 QA rounds; all findings resolved.

Full changelog: v1.7.0...v1.8.0

v1.4.0

What's New

Agent Override Templates (Phases 23/37)

• New VBW agent overrides: vbw-architect, vbw-lead, vbw-docs with CMM hook frontmatter
• Extensible test registry for agent hook override validation
• Agent hook enforcement tests that invoke hooks with payloads

Scout Context Mode Integration (Phase 41)

• Scout routes reference URL fetches through ctx_fetch_and_index when Context Mode is available
• Research output indexed via ctx_index for cross-stage searchability
• External Data Validation distinguishes Context Mode web fetch from raw WebFetch
• Text-instruction enforcement model (no Bash hooks needed for Scout)
• CLAUDE.md rules updated with Scout Context Mode documentation

Fixes

• Consistent detection signal, source label, and failure guidance in setup.sh

Full changelog: v1.3.0...v1.4.0

v1.0.0

cmm-claude-code-setup v1.0.0

First stable release. Hook-based enforcement layer for codebase-memory-mcp + Claude Code, adapted from Shachar Bard's jmunch-claude-code-setup.

What's included

• Session gate hooks — hard enforcement at session start to ensure CMM graph is indexed before any tool calls
• Pre-tool nudge hooks — soft nudge to use CMM graph tools instead of Grep/Read for code navigation
• Context Mode integration — sandboxed tool output to prevent context bloat
• Statusline support — token savings display in Claude Code statusline
• Token consumption benchmarks — 3-variant benchmark suite (baseline / CMM / CMM+cache)
• Setup script — one-command install that handles MCP registration and allowlist
• Git branching strategy — feature/* → develop → production release flow
• Security hardening — path traversal protection, input sanitization in hooks

Installation

bash <(curl -fsSL https://raw.githubusercontent.com/halindrome/cmm-claude-code-setup/main/setup.sh)

v0.5.1 — Allowlist install, agent-gate bypass, context-mode opt-out fix

What's Changed (since v0.5.0)

Features

• setup.sh allowlist install (install_allowlist()): --project now interactively offers to write the 14 CMM tool entries into .claude/settings.local.json under permissions.allow. When Context Mode is installed, also writes 9 mcp__context-mode__* tools. Respects --dry-run, --force, --skip-mcp-check.
• agent-cmm-gate bypass paths: short prompts (<300 chars) with no code-exploration signals bypass the gate automatically; add # cmm-exempt to any prompt for an explicit bypass.

Fixes

• context-mode opt-out regression: projects with a CMM-only .mcp.json were incorrectly treated as having opted out of context-mode. Now detect-and-prompt runs regardless of whether .mcp.json already exists.
• purge safety: --project --force purge now uses an explicit deprecated-hooks list instead of deleting any unknown hook file.
• .gitignore: .claude/ local installation directory is now gitignored.

QA

Five rounds of read-only QA with Claude Opus 4.6 on PR #7. All rounds passed.

---

Full changelog: v0.5.0...v0.5.1

v0.5.0 — Merged session-gate and stable sentinel path

What's Changed

Features

• Merged session-gate (hooks/project/session-gate.sh): combines the former cmm-session-gate.sh and context-mode-session-gate.sh into a single hook with three gate phases — universal allow-list, CMM gate, and Context Mode gate.
• Context Mode sentinel writer (hooks/project/context-mode-sentinel-writer.sh): new hook that writes the Context Mode ready-sentinel after an initialization tool call, mirroring the existing CMM sentinel writer.

Fixes

• Stable sentinel path: sentinel filenames now use a stable project-root hash (md5 of $PROJECT_ROOT) instead of $PPID, so sentinels survive subdirectory navigation within a session.
• setup.sh --project --force purge: uses an explicit deprecated-hooks list instead of deleting any unknown hook — prevents accidental deletion of user-created or setup-generated hooks (e.g. statusline-cmm.sh).
• Context Mode offer guard: setup.sh now checks for .mcp.json before offering Context Mode integration, avoiding spurious prompts on projects that have explicitly opted out.

Removed

• hooks/project/cmm-session-gate.sh — merged into session-gate.sh
• hooks/project/context-mode-session-gate.sh — merged into session-gate.sh

QA

Two rounds of read-only QA with Claude Opus 4.6. Reports posted on PR #7.

---

Full changelog: v0.1.0...v0.5.0

v0.1.0 — Initial public release

First public release of cmm-claude-code-setup.

Hook-based enforcement layer for codebase-memory-mcp + Claude Code, adapted from Shachar Bard's jmunch-claude-code-setup.

What's included

• Global hooks — soft enforcement for any Claude Code project (cmm-nudge.sh, reindex-after-edit.sh)
• Project hooks — hard CMM session gate, agent-aware init, sentinel writer, call tracker, agent gate
• Rules — allowed-tools template, global CLAUDE.md template, MCP and settings examples
• setup.sh — interactive installer
• Benchmarks — token consumption benchmark suite (3-variant: baseline / CMM / CMM+cache)
• Docs — end-to-end setup guide

Requirements

• Claude Code v1.0.33+
• codebase-memory-mcp installed and configured