// offending code· 3 files flaggedpatterns: 16
--- install scripts ---
### postinstall
node lib/post-install-hook.js
### prepublishOnly
chmod +x bin/cli.js
--- package/claws-sdk.js (excerpt) ---
#!/usr/bin/env node
// Claws SDK — typed publish helpers for worker scripts.
// Usage (CLI): node .claws-bin/claws-sdk.js publish <type> [flags]
// Usage (module): const { ClawsSDK } = require('.claws-bin/claws-sdk.js')
//
// Supported types: boot | phase | event | heartbeat | complete
// Zero dependencies — stdlib only.
'use strict';
const net = require('net');
const crypto = require('crypto');
const path = require('path');
const fs = require('fs');
const VERSION = '0.7.7';
// ── Socket discovery ──────────────────────────────────────────────────────────
function findSocket(startDir) {
let dir = startDir || process.cwd();
for (let i = 0; i < 20; i++) {
const candidate = path.join(dir, '.claws', 'claws.sock');
if (fs.existsSync(candidate)) return candidate;
const parent = path.dirname(dir);
if (parent === dir) break;
dir = parent;
}
return null;
}
// ── Envelope builder ─────────────────────────────────────────────────────────
function buildEnvelope(peerId, peerName, schemaName, data) {
return {
v: 1,
id: crypto.randomUUID(),
from_peer: peerId,
from_name: peerName || 'unknown',
ts_published: new Date().toISOString(),
schema: schemaName,
data,
};
}
// ── ClawsSDK class (module API) ───────────────────────────────────────────────
class ClawsSDK {
constructor({ socketPath, peerId, peerName, terminalId } = {}) {
this.socketPath = socketPath || process.env.CLAWS
--- package/mcp_server.js (excerpt) ---
#!/usr/bin/env node
/**
* Claws MCP Server — expose terminal control as native Claude Code tools.
* Zero dependencies. Node.js stdlib only.
*
* Powered by Claude Opus.
*
* Install Claws (auto-registers this MCP server globally):
* bash <(curl -fsSL https://raw.githubusercontent.com/neunaha/claws/main/scripts/install.sh)
*
* Or register manually (use FULL absolute path):
* "mcpServers": {
* "claws": {
* "command": "node",
* "args": ["/home/YOUR_USER/.claws-src/mcp_server.js"]
* }
* }
*
* Tools: claws_list, claws_create, claws_send, claws_exec,
* claws_read_log, claws_poll, claws_close, claws_worker,
* claws_hello, claws_subscribe, claws_publish, claws_broadcast,
* claws_ping, claws_peers
*/
const net = require('net');
const fs = require('fs');
const path = require('path');
const os = require('os');
const { randomUUID } = require('crypto');
const marketplace = require('./lib/memory/marketplace');
// === memory-recall-cache (cache-and-cost-titan P4-02 · DESIGN §Class 2) ===
// Defensive require — missing module falls through to full BM25 scan on every recall.
// Opt-out: CLAWS_NO_RECALL_CACHE=1. TTL: CLAWS_RECALL_CACHE_TTL_MS (default 90 000 ms).
let _recallCache = null;
try {
const { MemoryRecallCache } = require('./lib/memory-recall-cache');
_recallCache = new MemoryRecallCache(); // capacity 256, TTL 90 s
} catch (_e) { /* module unavailable — no-op, recall is uncached */ }
/
--- package/scripts/audit-npm-pack.sh (excerpt) ---
#!/usr/bin/env bash
# Pre-publish tarball audit — run before every npm publish.
# Outputs structured JSON to stdout; writes report to .local/audits/v083-autonomous-180min/npm-publish-dry-run-report.md
set -euo pipefail
REPO_ROOT="$(cd "$(dirname "$0")/.." && pwd)"
cd "$REPO_ROOT"
PKG_VERSION="$(node -e "process.stdout.write(require('./package.json').version)")"
TARBALL="claws-code-${PKG_VERSION}.tgz"
REPORT_DIR=".local/audits/v083-autonomous-180min"
REPORT_FILE="${REPORT_DIR}/npm-publish-dry-run-report.md"
log() { echo "[audit-npm-pack] $*" >&2; }
# ── 1. Pack ──────────────────────────────────────────────────────────────────
log "Running npm pack (version ${PKG_VERSION})..."
npm pack --quiet 2>/dev/null
[ -f "$TARBALL" ] || { echo '{"ok":false,"error":"tarball not created"}'; exit 1; }
FILE_COUNT=$(tar tzf "$TARBALL" | wc -l | tr -d ' ')
SIZE_BYTES=$(stat -f%z "$TARBALL" 2>/dev/null || stat -c%s "$TARBALL")
SIZE_MB=$(echo "scale=2; $SIZE_BYTES / 1048576" | bc)
log "Tarball: $TARBALL files=$FILE_COUNT size=${SIZE_MB}MB"
PASS=0; FAIL=0
declare -a FAILURES=()
check() {
local name="$1" result="$2"
if [ "$result" = "pass" ]; then
PASS=$((PASS+1))
else
FAIL=$((FAIL+1))
FAILURES+=("$name")
fi
}
# ── 2. Required-file assertions ───────────────────────────────────────────────
required=(
"package/bin/cli.js"
"package/lib/install.js"
"package/mcp_server.js"
)
for req in "${required[@]}"; do
if tar tzf "$TARBALL" | grep -qF "$req"; then
check "
--- dynamic destinations ---
→ queue.fal.run (via hostname-var)