release: v0.4.7 — policy conditions, UX overhaul, dashboard, security hardening (#90)

* chore: ignore .home/ (Codex sandbox artifact)

* fix(dashboard): conn-dot states, empty states, mobile overflow, tab fade, UX polish

- Wire conn-dot CSS classes (ok/err/wait) in setConnected() and SSE error handler
- Empty states: icons + descriptive subtitles for pending, history, denials
- Mobile: flex-wrap at ≤540px for pend-item, policy-test-row; bulk-bar fix at ≤420px
- Tab fade-in animation (tabFadeIn, 0.15s)
- Token input: show/hide toggle button (👁)
- Recent Denials: 'View all →' link switches to History tab
- Pending buttons: 'Always' → 'Always Allow'
- Dangerous items: 3px border + background tint
- Denial rows: title attribute for full reason on hover
- History: loading indicator (hist-loading div, shown/hidden around fetch)

* feat(policy): agent_depth and tool_param_matches conditions

- engine/decision.go: add AgentDepth int and Input map[string]any to ToolCall
- engine/policy.go: add AgentDepth *IntRangeCondition and ToolParamMatches map[string]string to Condition; new IntRangeCondition type (gte/lte/eq); IsEmpty() updated
- engine/matcher.go: wire both conditions in ExplainCondition and matchCondition; agent_depth range/eq checks; tool_param_matches case-insensitive glob against call.Input
- engine/lint.go: register agent_depth and tool_param_matches as valid condition keys; fix gofmt whitespace
- engine/matcher_test.go: 9 test cases for TestMatchCondition_AgentDepth and TestMatchCondition_ToolParamMatches (all passing)
- cmd/rampart/cli/hook.go: read RAMPART_AGENT_DEPTH env; increment depth for tool==agent; set call.AgentDepth and call.Input
- internal/proxy/server.go: add Input field to ToolExecRequest; populate via extractToolInput() (MCP arguments/tool_input/params fallback)
- internal/mcp/proxy.go: set ToolCall.Input = params.Arguments on tools/call
- docs-site/reference/policy-schema.md: document agent_depth and tool_param_matches with examples

* fix(polish): token show command, doctor path hints, default_action:allow lint warning

* fix(polish): token show command, doctor path hints, default_action:allow lint warning

- token.go: new 'rampart token' / 'rampart token show' command; reads ~/.rampart/token via readPersistedToken()
- token_test.go: TestTokenShow_PrintsPersistedToken covers both 'token' and 'token show' variants
- doctor.go: hook failure messages now include the actual file/directory path that was checked, plus 'Run: rampart setup <agent>' hint for Claude Code and Cline
- doctor_test.go: TestDoctorHooks_PathHints asserts path appears in failure messages
- lint.go: LintWarning when default_action is 'allow' — advises using deny + explicit allow rules
- lint_test.go: TestLint_DefaultActionAllowWarning asserts warning is emitted

* chore: remove Codex sandbox cache artifacts, ignore .home/

* fix(ux): hook fail-closed warning, policy explain auto-discover, watch token/URL auto, --version flag, status fixes

* fix(ux): hook fail-closed warning, policy explain auto-discover, watch token/URL auto, --version flag, status unknown fix, upgrade restart reminder

- hook_approval.go: always print WARNING when serve is unreachable; route all stderr through injected errWriter
- hook.go: pass cmd.ErrOrStderr() to approval client
- policy.go: resolveExplainPolicyPath() — auto-discovers ~/.rampart/policies/standard.yaml, then cwd rampart.yaml, then helpful error
- watch.go: resolveWatchServeConfig() — auto-discovers URL (defaults localhost:9090) and token (~/.rampart/token)
- root.go: --version persistent flag, delegates to shared writeVersion()
- version.go: extract writeVersion(io.Writer) helper
- status.go: suppress '(unknown)' parenthetical when cmd or policy is empty/unknown
- upgrade.go: print restart reminder after successful upgrade
- Tests: 12 new test cases covering all changes (cli_test, policy_test, watch_test, status_test, upgrade_test, hook_approval_test)

* fix(ux): resolveExplainPolicyPath respects programmatically-set configPath

When opts.configPath is set directly (not via cobra --config flag), cobra's
Changed() returns false and auto-discovery would override the intended path.
Now: if configPath is non-empty, non-default, and the file exists, use it —
handles both the cobra-flag path and programmatic/test usage correctly.

Fixes TestPolicyExplainDeny CI failure on fix/v047-ux.

* fix(reliability): audit permissions check, reload error logging, PostToolUseFailure audit, dead code cleanup

- doctor.go: scan ~/.rampart/audit/ for world-readable files (mode & 0o004); warn in summary
- rules_handlers.go: log engine.Reload() errors at Error level (was silently discarded in 2 places)
- server.go: same Reload() fix in policy hot-reload handler
- hook.go: write audit event before PostToolUseFailure early return
- watch.go: remove dead approvalLines variable and assignments
- mcp/proxy.go: close childIn on all exit paths in child error handler

* feat: prompt injection detection + actionable denial hints

policies/standard.yaml: new watch-prompt-injection policy
- Monitors fetch/web_search/read/exec/mcp tool responses for injection patterns
- Covers: instruction override, role hijack, model-specific tokens (<|im_start|>system,
  [SYSTEM], ###INSTRUCTIONS###), exfiltration directives
- action: watch (not deny) — logs for review without blocking legitimate content
- 14 regex patterns, all case-insensitive via (?i), tested against 15 cases

cmd/rampart/cli/hook.go: enrich PostToolUseFailure feedback
- Includes tool name in suggested explain command
- Adds: 'run rampart policy explain <tool>', 'rampart watch', policy path hint,
  and link to rampart.sh/docs/exceptions
- Agent can now surface concrete next steps to the user instead of hitting a dead end

* fix: code review fixes + agent-install (PR #90 follow-up) (#91)

* fix: code review fixes + agent-install support (PR #90 follow-up)

Fixes from code review of PR #90:

B1 (BLOCKER): tool_param_matches uses MatchGlob instead of filepath.Match
- filepath.Match treats * as non-separator, so '**/.env*' silently never
  matched multi-directory paths like '/home/user/.envrc'
- Both ExplainCondition and matchCondition now use MatchGlob
- Add two tests with ** patterns that would have caught this

W1: Clamp RAMPART_AGENT_DEPTH to >= 0
- strconv.Atoi parses negative strings fine; a manipulated env var could
  set depth=-999 to bypass agent_depth: {gte: 1} deny rules
- One-line clamp after parse

W2: PostToolUseFailure audit event action 'allow' -> 'feedback'
- Logging a blocked tool call as action:'allow' was semantically wrong,
  skewed allow/deny stats in the dashboard, and confused audit readers
- New action:'feedback' clearly identifies these as guidance-injection events

W3: resolveExplainPolicyPath errors on non-default missing path
- Previously silently fell through to auto-discovery when a programmatic
  configPath pointed at a file that didn't exist
- Now returns an explicit error, consistent with --config flag behavior

W4: Reload() failure returns HTTP 500 instead of silently 200
- Both the delete and write paths now return InternalServerError if
  engine.Reload() fails post-change, so callers know enforcement
  may not reflect the written state

feat: OpenClaw auto-detection and agent-install support

- detectEnv() now detects OpenClaw via OPENCLAW_SERVICE_MARKER env var
  (set by the OpenClaw gateway when it spawns an agent process); more
  reliable than PATH lookup which was too broad
- quickstart --yes / -y flag: non-interactive mode for AI agents, CI,
  and scripted setups; also auto-enables --patch-tools for OpenClaw
- Add docs/guides/agent-install.md: step-by-step guide written for an
  AI agent to read and execute when told 'install Rampart and protect me'
- Add 'Security Guides' nav section in mkdocs.yml
- Update integrations/openclaw.md with quickstart --yes callout
- Add TestDetectEnv_OpenClaw; fix existing detectEnv tests to unset
  OPENCLAW_SERVICE_MARKER so they pass on machines running OpenClaw

* fix(docs): agent-install accuracy fixes

- rampart test does not exist; replace with rampart doctor
- rampart status expected output was wrong; show real format
  (Protected/Mode/Today, not 'rampart serve running port')
- --yes flag description now accurately says what it does:
  enables --patch-tools for OpenClaw, safe no-op for others
- Step numbering fixed (removed step 4 gap after deleting rampart test)
- Reference table: remove rampart test row, fix status description

* docs: SEO + agent-friendly docs rewrite (#92)

* docs: SEO + agent-friendly docs rewrite

- Add description: frontmatter to all 20+ docs-site pages
  (these become HTML meta description tags and Google search snippets)
- New guides/securing-claude-code.md: standalone SEO guide targeting
  'claude code security', 'how to keep claude code safe', etc.
- New guides/prompt-injection.md: covers watch-prompt-injection policy,
  detection patterns, and how to escalate to deny
- Homepage FAQ: literal search-query questions as h2s with Rampart answers
- README: opens with 'security layer for AI coding agents' framing
- Integrations claude-code.md: 'Why You Need This' section with concrete
  attack scenarios (rm -rf, curl|bash, ssh key exfil, prompt injection)
  and 'What Gets Blocked by Default' table
- mkdocs.yml: Security Guides nav section with new guides

* fix(docs): review feedback — FAQ, escalate YAML, description length

- FAQ: replace 'Does Rampart work with OpenClaw?' with the more
  broadly useful 'Does Rampart send my commands to any external server?'
  (biggest adoption blocker for security-conscious users; answer: no,
  everything is local)
- FAQ securing-claude-code.md Q4: clarify hook unreachable behavior —
  Rampart prints WARNING to stderr, falls back to hookAsk (native
  Claude Code permission prompt), not silently fail-open
- Fix escalate-to-deny YAML in prompt-injection.md: was wrong schema
  (action/tool at top level, wrong field name 'response_patterns');
  now uses correct nested rules: / match: / response_matches: structure
- Trim claude-code.md description: 201 → 158 chars (Google truncates at 160)

* docs: replace Mermaid diagrams and architecture.png with D2 (theme 200) (#93)

- Drop all 4 Mermaid diagrams (policy-engine, integrations, mcp-proxy,
  semantic-verification) in favour of D2 with theme 200 + ELK layout
- Replace static architecture.png (invisible to LLMs) with inline D2
  diagram showing agents → interception → policy engine → outcomes
- Remove emojis from node labels; colour alone carries semantic meaning
- Rewrite integrations decision tree: cleaner branch labels, distinct
  nodes for wrap vs preload, removes confusing 'Has $SHELL support?' fork
- Add mkdocs-d2-plugin to mkdocs.yml (theme 200, elk layout, pad 40)
- Update docs CI workflow: install D2 binary + mkdocs-d2-plugin

* docs: README architecture diagram → D2-rendered SVG (#94)

- docs/architecture.d2: canonical D2 source (theme 200, elk layout)
- docs/architecture.svg: pre-rendered SVG, embedded in README as <img>
- Replace 'How it works' Mermaid block with SVG embed — looks
  significantly better on GitHub, also agent/LLM readable (SVG is text)
- Strip emojis from approval flow Mermaid node labels
- Add .github/workflows/render-diagrams.yml: auto re-renders
  architecture.svg and commits when docs/architecture.d2 changes

* fix: sweep warnings — .env.* policy coverage + agent-install note cleanup (#96)

W1: collapse OpenClaw restart admonition into prose in agent-install.md
    (same content, less visual weight)

W2: expand .env credential coverage to include .env.* variants
    (.env.local, .env.production, .env.staging etc. were not blocked)
    - block-credential-access (read): add **/.env.* pattern
    - block-credential-commands (exec): add cat **/.env.*
    - block-sensitive-writes (write/edit): add **/.env.*
    - Update docs tables in claude-code.md and securing-claude-code.md

Author: peg

.github/workflows/docs.yml

@@ -22,10 +22,17 @@ jobs:
         with:
           python-version: '3.12'
 
-      - run: pip install mkdocs-material mkdocs-minify-plugin
+      - run: pip install mkdocs-material mkdocs-minify-plugin mkdocs-d2-plugin
+
+      - name: Install D2
+        run: curl -fsSL https://d2lang.com/install.sh | sh -s --
+        env:
+          SHELL: /bin/bash
 
       - name: Build docs
         run: mkdocs build
+        env:
+          PATH: /home/runner/.local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
 
       # Deploy to peg/rampart-docs (the repo that serves docs.rampart.sh via GitHub Pages).
       # Requires a PAT with contents:write on peg/rampart-docs stored as DOCS_DEPLOY_TOKEN.

.github/workflows/render-diagrams.yml

@@ -0,0 +1,36 @@
+name: Render Diagrams
+
+on:
+  push:
+    branches: [main, staging]
+    paths:
+      - 'docs/architecture.d2'
+
+permissions:
+  contents: write
+
+jobs:
+  render:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
+
+      - name: Install D2
+        run: curl -fsSL https://d2lang.com/install.sh | sh -s --
+        env:
+          SHELL: /bin/bash
+
+      - name: Render architecture.svg
+        run: |
+          export PATH="$HOME/.local/bin:$PATH"
+          d2 --theme 200 --layout elk --pad 40 \
+            docs/architecture.d2 \
+            docs/architecture.svg
+
+      - name: Commit updated SVG
+        run: |
+          git config user.name "github-actions[bot]"
+          git config user.email "github-actions[bot]@users.noreply.github.com"
+          git add docs/architecture.svg
+          git diff --staged --quiet || git commit -m "chore: re-render architecture.svg from docs/architecture.d2"
+          git push

.gitignore

@@ -25,3 +25,4 @@ coverage.out
 .cache/
 site/
 reddit-post.md
+.home/

README.md

@@ -2,7 +2,7 @@
 
 # 🛡️ Rampart
 
-**See everything your AI agent does. Block the dangerous stuff.**
+**The security layer for AI coding agents.**
 
 [![Go](https://img.shields.io/badge/Go-1.24+-00ADD8?style=flat&logo=go)](https://go.dev)
 [![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](LICENSE)
@@ -14,15 +14,11 @@
 
 ---
 
-Rampart is a runtime policy engine for AI coding agents. Every tool call — bash commands, file reads, file writes, HTTP fetches — is evaluated against your YAML policies before it executes. Dangerous calls are blocked in microseconds. Everything is written to a hash-chained audit trail. Ambiguous calls can be held for human approval.
-
-It works in `--dangerously-skip-permissions` mode. [Full setup guide →](https://docs.rampart.sh/getting-started/quickstart/)
-
-### Get started in one command
+Claude Code's `--dangerously-skip-permissions` mode — and similar autonomous modes in Cursor, Cline, and Codex — give agents unrestricted shell access. Rampart sits between the agent and your system: every command, file access, and network request is evaluated against your YAML policy before it executes. Dangerous commands are blocked in microseconds. Everything is logged.
 
+One command to get protected:
 ```bash
-# Install and set up in one command:
-curl -fsSL https://rampart.sh/install | bash
+rampart setup claude-code
 ```
 
 `rampart quickstart` auto-detects Claude Code, Cursor, or Windsurf, installs `rampart serve` as a boot service, configures hooks, and runs a health check. Done.
@@ -48,39 +44,7 @@ Once running, every command Claude executes goes through Rampart's policy engine
 
 ## How it works
 
-```mermaid
-graph LR
-    subgraph "AI Agents"
-        CC[Claude Code]
-        CL[Cline]
-        OC[OpenClaw]
-        CX[Codex]
-        O[Others]
-    end
-
-    CC & CL --> H[Native Hooks]
-    OC --> S[Shell Shim]
-    CX --> P[LD_PRELOAD]
-    O --> M[MCP Proxy]
-
-    H & S & P & M --> PE[YAML Policy Eval<br/>~20μs]
-
-    PE --> AU[📋 Hash-Chained Audit<br/>Syslog · CEF · Webhooks]
-
-    AU --> PASS[✅ Execute]
-    AU --> BLOCK[❌ Blocked]
-    AU --> APR[👤 Approval]
-
-    PE -. "ambiguous ⚠️" .-> SB["⚡ rampart-verify<br/>(optional sidecar)<br/>gpt-4o-mini · Haiku · Ollama"]
-    SB -. allow/deny .-> PE
-
-    style PE fill:#238636,stroke:#fff,color:#fff
-    style AU fill:#1f6feb,stroke:#fff,color:#fff
-    style BLOCK fill:#da3633,stroke:#fff,color:#fff
-    style APR fill:#d29922,stroke:#fff,color:#fff
-    style PASS fill:#238636,stroke:#fff,color:#fff
-    style SB fill:#2d333b,stroke:#f0883e,stroke-width:2px,stroke-dasharray: 5 5
-```
+<img src="docs/architecture.svg" alt="Rampart architecture — agents flow through interception layer into policy engine, with audit trail and outcomes" width="100%">
 
 *Pattern matching handles 95%+ of decisions in microseconds. The optional [rampart-verify](https://github.com/peg/rampart-verify) sidecar adds LLM-based classification for ambiguous commands. All decisions go to a hash-chained audit trail.*
 
@@ -419,7 +383,7 @@ graph LR
     D -->|Webhook| WH["Signed URL<br/>(click to approve)"]
     D -->|CLI / API| CLI["rampart approve &lt;id&gt;"]
 
-    CC -->|user responds| R[✅ Resolved]
+    CC -->|user responds| R[Resolved]
     MCP -->|via API / dashboard| R
     OC -->|via API| R
     WH -->|HMAC-verified link| R

cmd/rampart/cli/cli_test.go

@@ -35,6 +35,12 @@ func TestVersionCommand(t *testing.T) {
 	assert.Contains(t, stdout, "rampart "+build.Version)
 }
 
+func TestVersionFlag(t *testing.T) {
+	stdout, _, err := runCLI(t, "--version")
+	require.NoError(t, err)
+	assert.Contains(t, stdout, "rampart "+build.Version)
+}
+
 func TestInitCreatesFile(t *testing.T) {
 	dir := t.TempDir()
 	t.Setenv("HOME", dir)

cmd/rampart/cli/doctor.go

@@ -131,7 +131,9 @@ func runDoctor(w io.Writer, jsonOut bool) error {
 	issues += doctorHooks(emit)
 
 	// 7. Audit directory
-	issues += doctorAudit(emit)
+	auditIssues, auditWarnings := doctorAudit(emit)
+	issues += auditIssues
+	warnings += auditWarnings
 
 	// 8. Server running on default port
 	serverIssues, serveURL := doctorServer(emit)
@@ -457,15 +459,15 @@ func doctorHooks(emit emitFn) int {
 				if count > 0 {
 					emit("Hooks", "ok", fmt.Sprintf("Claude Code (%d matchers in settings.json)", count))
 				} else {
-					emit("Hooks", "fail", "Claude Code (no Rampart hooks in settings.json)")
+					emit("Hooks", "fail", fmt.Sprintf("Claude Code hook not installed - expected hook in %s\n  Run: rampart setup claude-code", claudeSettingsPath))
 					issues++
 				}
 			} else {
-				emit("Hooks", "fail", "Claude Code (invalid settings.json)")
+				emit("Hooks", "fail", fmt.Sprintf("Claude Code settings invalid at %s\n  Run: rampart setup claude-code", claudeSettingsPath))
 				issues++
 			}
 		} else {
-			emit("Hooks", "fail", "Claude Code (no settings.json found)")
+			emit("Hooks", "fail", fmt.Sprintf("Claude Code hook not installed - expected hook in %s\n  Run: rampart setup claude-code", claudeSettingsPath))
 			issues++
 		}
 	}
@@ -484,11 +486,11 @@ func doctorHooks(emit emitFn) int {
 			if hookCount > 0 {
 				emit("Hooks", "ok", fmt.Sprintf("Cline (%d hook scripts)", hookCount))
 			} else {
-				emit("Hooks", "fail", "Cline (no Rampart hooks found)")
+				emit("Hooks", "fail", fmt.Sprintf("Cline hook not installed - expected Rampart hook scripts in %s\n  Run: rampart setup cline", clineDir))
 				issues++
 			}
 		} else {
-			emit("Hooks", "fail", "Cline (no Hooks directory found)")
+			emit("Hooks", "fail", fmt.Sprintf("Cline hook not installed - expected Rampart hook scripts in %s\n  Run: rampart setup cline", clineDir))
 			issues++
 		}
 	}
@@ -533,24 +535,24 @@ func countClaudeHookMatchers(settings map[string]any) int {
 	return count
 }
 
-func doctorAudit(emit emitFn) int {
+func doctorAudit(emit emitFn) (issues int, warnings int) {
 	home, err := os.UserHomeDir()
 	if err != nil {
-		return 0
+		return 0, 0
 	}
 	auditDir := filepath.Join(home, ".rampart", "audit")
 
 	entries, err := os.ReadDir(auditDir)
 	if err != nil {
 		emit("Audit", "fail", fmt.Sprintf("%s (not found)", auditDir))
-		return 1
+		return 1, 0
 	}
 
 	// Check writable
 	testFile := filepath.Join(auditDir, ".doctor-write-test")
 	if err := os.WriteFile(testFile, []byte("test"), 0o600); err != nil {
 		emit("Audit", "fail", fmt.Sprintf("%s (not writable)", auditDir))
-		return 1
+		return 1, 0
 	}
 	// Defer removal so the temp file is cleaned up on every exit path,
 	// including early returns and panics, not just the happy path.
@@ -566,7 +568,7 @@ func doctorAudit(emit emitFn) int {
 
 	if len(files) == 0 {
 		emit("Audit", "ok", fmt.Sprintf("~/%s (0 files)", relHome(auditDir, home)))
-		return 0
+		return 0, 0
 	}
 
 	// Find latest modification time
@@ -579,7 +581,33 @@ func doctorAudit(emit emitFn) int {
 	}
 
 	emit("Audit", "ok", fmt.Sprintf("~/%s (%d files, latest: %s)", relHome(auditDir, home), len(files), latest))
-	return 0
+
+	worldReadable := make([]string, 0, 4)
+	_ = filepath.WalkDir(auditDir, func(path string, d os.DirEntry, walkErr error) error {
+		if walkErr != nil || d.IsDir() {
+			return nil
+		}
+		info, err := d.Info()
+		if err != nil {
+			return nil
+		}
+		if info.Mode().Perm()&0o004 != 0 {
+			if len(worldReadable) < 3 {
+				worldReadable = append(worldReadable, relHome(path, home))
+			}
+			warnings++
+		}
+		return nil
+	})
+	if warnings > 0 {
+		sample := strings.Join(worldReadable, ", ")
+		msg := fmt.Sprintf("%d world-readable audit file(s) found", warnings)
+		if sample != "" {
+			msg += fmt.Sprintf(" (e.g. ~/%s)", sample)
+		}
+		emit("Audit perms", "warn", msg)
+	}
+	return 0, warnings
 }
 
 func doctorVersionCheck(w io.Writer, silent bool, emit emitFn) int {

cmd/rampart/cli/doctor_test.go

@@ -17,12 +17,13 @@ import (
 	"bytes"
 	"encoding/json"
 	"errors"
+	"os"
+	"path/filepath"
 	"strings"
 	"testing"
 	"time"
 )
 
-
 func TestRunDoctor(t *testing.T) {
 	var buf bytes.Buffer
 	err := runDoctor(&buf, false)
@@ -159,3 +160,42 @@ func TestDoctorToken_Missing(t *testing.T) {
 	// Just verify no panic.
 	_, _ = doctorToken(emit)
 }
+
+func TestDoctorHooks_PathHints(t *testing.T) {
+	home := t.TempDir()
+	t.Setenv("HOME", home)
+
+	claudeDir := filepath.Join(home, ".claude")
+	requireNoErr(t, os.MkdirAll(claudeDir, 0o755))
+	requireNoErr(t, os.WriteFile(filepath.Join(claudeDir, "settings.json"), []byte(`{"hooks":{}}`), 0o644))
+
+	clineHooksDir := filepath.Join(home, "Documents", "Cline", "Hooks")
+	requireNoErr(t, os.MkdirAll(clineHooksDir, 0o755))
+
+	var results []checkResult
+	emit := func(name, status, msg string) {
+		results = append(results, checkResult{Name: name, Status: status, Message: msg})
+	}
+	issues := doctorHooks(emit)
+	if issues != 2 {
+		t.Fatalf("expected 2 issues, got %d (%+v)", issues, results)
+	}
+
+	out := ""
+	for _, r := range results {
+		out += r.Message + "\n"
+	}
+	if !strings.Contains(out, filepath.Join(home, ".claude", "settings.json")) {
+		t.Fatalf("expected Claude settings path in output, got: %s", out)
+	}
+	if !strings.Contains(out, filepath.Join(home, "Documents", "Cline", "Hooks")) {
+		t.Fatalf("expected Cline hooks path in output, got: %s", out)
+	}
+}
+
+func requireNoErr(t *testing.T, err error) {
+	t.Helper()
+	if err != nil {
+		t.Fatal(err)
+	}
+}