feat: /passthru:bootstrap command and SessionStart hint (#3)

Author: nnemirovsky

.claude-plugin/marketplace.json

@@ -1,6 +1,6 @@
 {
   "name": "passthru",
-  "version": "0.1.1",
+  "version": "0.2.0",
   "description": "Regex-based permission rules for Claude Code via hooks",
   "owner": {
     "name": "nnemirovsky"

.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "passthru",
-  "version": "0.1.1",
+  "version": "0.2.0",
   "description": "Regex-based permission rules for Claude Code via hooks",
   "license": "MIT"
 }

CLAUDE.md

@@ -9,12 +9,14 @@ Developer-facing notes for future Claude sessions working on this repo.
   plugin.json          plugin manifest (name, version, description)
   marketplace.json     marketplace manifest (used when published)
 commands/
+  bootstrap.md         /passthru:bootstrap slash command (wraps scripts/bootstrap.sh with dry-run + confirm)
   add.md               /passthru:add slash command (prompt-based)
   suggest.md           /passthru:suggest slash command (prompt-based)
   verify.md            /passthru:verify slash command (prompt-based)
   log.md               /passthru:log slash command (prompt-based)
 hooks/
-  hooks.json           registers PreToolUse + PostToolUse handlers with matcher "*", timeout 10s each
+  hooks.json           registers PreToolUse + PostToolUse (timeout 10s each, matcher "*") and
+                       SessionStart (timeout 5s, no matcher) handlers
   common.sh            shared library. Functions:
                          * load_rules / validate_rules (merge + schema-check)
                          * pcre_match / match_rule / find_first_match (rule matching)
@@ -27,6 +29,9 @@ hooks/
   handlers/
     pre-tool-use.sh    main hook: loads rules, matches, emits allow/deny/passthrough
     post-tool-use.sh   classifies native-dialog outcomes into asked_* events (audit only)
+    session-start.sh   one-time bootstrap hint. Gated by ~/.claude/passthru.bootstrap-hint-shown
+                       marker. Prints to stderr only when the user has no passthru files yet
+                       AND has importable entries in ~/.claude/settings.json.
 scripts/
   bootstrap.sh         one-time importer from native permissions.allow into passthru.imported.json
   write-rule.sh        atomic write wrapper: backup + append + verify + rollback

README.md

@@ -35,14 +35,15 @@ More examples: shape-matching a `gh api` endpoint across any owner/repo pair, al
 * **Deny lists that win.** A matching deny rule unconditionally overrides any allow, so you can cement safety rules on top of a permissive allow set.
 * **Opt-in audit log.** JSONL record of every decision (including what the native dialog did for passthroughs). Off by default, zero overhead when disabled.
 * **Standalone verifier.** Validate every rule file from the command line or via `/passthru:verify` to catch bad JSON, invalid regex, and allow/deny conflicts before they silently disable rules.
-* **First-run bootstrap.** One-shot importer that converts existing native `permissions.allow` entries into passthru rules.
+* **First-run bootstrap.** One-shot `/passthru:bootstrap` command (or `scripts/bootstrap.sh` for scripting) that converts existing native `permissions.allow` entries into passthru rules. A one-time `SessionStart` hint points at it when there are importable entries.
 
 ## Commands
 
 All commands are plugin-namespaced under `/passthru:`.
 
 | Command | What it does |
 | --- | --- |
+| `/passthru:bootstrap` | One-shot importer: reviews your existing `permissions.allow` entries, shows the proposed rules, asks to confirm, then writes `passthru.imported.json`. Runs the verifier afterwards. |
 | `/passthru:add` | Add a rule without hand-editing `passthru.json`. Supports `--deny` and `--field`. |
 | `/passthru:suggest` | Propose a generalized rule from a recent tool call in the conversation, then write it on confirmation. |
 | `/passthru:verify` | Validate every rule file. Surfaces parse errors, schema violations, invalid regex, duplicates, and allow/deny conflicts. |
@@ -84,9 +85,11 @@ Works across every tool Claude Code exposes (`Bash`, `PowerShell`, `Read`, `Edit
 
 ## First-run bootstrap
 
-The plugin ships a bootstrap script that converts existing native `permissions.allow` entries into passthru rule files. The script reads up to three settings files: the user-scope `~/.claude/settings.json`, the project-scope shared `./.claude/settings.json`, and the project-scope local `./.claude/settings.local.json`. Run it once after install to avoid starting from zero.
+The plugin ships a bootstrap importer that converts existing native `permissions.allow` entries into passthru rule files. It reads up to three settings files: the user-scope `~/.claude/settings.json`, the project-scope shared `./.claude/settings.json`, and the project-scope local `./.claude/settings.local.json`. Run it once after install to avoid starting from zero.
 
-Dry run first (prints proposed rules to stdout, writes nothing):
+**Recommended:** run `/passthru:bootstrap` inside a Claude Code session. It dry-runs first, shows the rules it would import, asks you to confirm, then writes and verifies. Use `--user-only` or `--project-only` to narrow the scope.
+
+**Non-interactive:** the same logic is available as a plain shell script for CI or ad-hoc use. Dry run first (prints proposed rules to stdout, writes nothing):
 
 ```
 bash ~/.claude/plugins/marketplaces/nnemirovsky/claude-passthru/scripts/bootstrap.sh
@@ -107,6 +110,8 @@ Bootstrap writes to dedicated imported files so hand-curated rules in `passthru.
 
 Re-running bootstrap overwrites the imported files. Edit `passthru.json` (the authored file) for hand-managed rules. Both files are merged at hook time.
 
+**One-time session hint.** The plugin also ships a `SessionStart` hook that detects when you have importable `permissions.allow` entries but no passthru rule files yet. On the first such session it prints a single-line hint to stderr pointing at `/passthru:bootstrap`, then records a marker at `~/.claude/passthru.bootstrap-hint-shown` so the hint never fires again. Delete that marker file to re-enable the hint.
+
 ## Rule format reference
 
 Rule files are JSON with the shape:

commands/bootstrap.md

@@ -0,0 +1,220 @@
+---
+description: "Import existing native permission rules into passthru"
+argument-hint: "[--user-only|--project-only]"
+---
+
+# /passthru:bootstrap
+
+Convert existing native Claude Code `permissions.allow` entries (from
+`~/.claude/settings.json` and `./.claude/settings{,.local}.json`) into
+passthru rule files, with an interactive preview before anything is
+written.
+
+This is the in-session wrapper around `scripts/bootstrap.sh`. The shell
+script is always available for non-interactive use, but this command is
+the recommended first-run path: it shows exactly what will be imported,
+asks for confirmation, and then verifies the result.
+
+Hand-authored `passthru.json` files are never touched. Imports always
+land in `passthru.imported.json` (separately per scope). Re-running this
+command overwrites the imported files in place.
+
+## What you must do
+
+You are Claude. Drive the workflow below. Surface errors verbatim. Do
+not skip the confirmation step.
+
+### 1. Dry-run to collect the proposed rules
+
+Invoke the bootstrap script WITHOUT `--write`, passing `$ARGUMENTS`
+through so the user's `--user-only` / `--project-only` choice is
+honored:
+
+```bash
+bash ${CLAUDE_PLUGIN_ROOT}/scripts/bootstrap.sh $ARGUMENTS
+```
+
+Capture stdout, stderr, and the exit code. The script emits:
+
+- `# would write: <path>` comment lines (one per scope in play).
+- A pretty-printed JSON document per scope, of shape
+  `{"version":1,"allow":[...],"deny":[]}`.
+- `[WARN] skipping ...` lines on stderr for unsupported native rule
+  forms (spaces past the prefix, unusual `WebFetch(...)` forms, etc.).
+  These are informational, not fatal.
+
+Non-zero exit means the script itself failed (malformed
+`settings.json`, for example). In that case, surface the error
+verbatim and stop.
+
+### 2. Count the proposed rules
+
+Parse the dry-run output. For each `# would write:` block, count
+`.allow | length` in the JSON document that follows it. Record the
+count per scope (`user` and/or `project`) and the grand total.
+
+### 3. Handle the nothing-to-import case
+
+If the grand total is zero (no scopes have any rules, or `$ARGUMENTS`
+limited the run to a scope with no importable rules), tell the user:
+
+> Nothing to import. Your `settings.json` has no convertible
+> `permissions.allow` entries in the selected scope.
+
+Then suggest one of these next steps, pick whichever fits the
+situation:
+
+- `/passthru:add <scope> <tool> <pattern> <reason>` to author a rule
+  by hand.
+- `/passthru:suggest <hint>` to generalize a rule from a recent tool
+  call in the conversation.
+
+Stop there. Do not invoke `--write`.
+
+### 4. Show the proposal
+
+Otherwise, present the proposal in this order:
+
+1. A one-line summary: `Found N importable rule(s): user=<u>,
+   project=<p>.` (omit the zero-count scope).
+2. For each scope with rules, show the proposed rules. A compact
+   format is fine - list each rule's `tool` field plus a summary of
+   the `match` block (or `(namespace rule, no match)` for MCP
+   namespace rules). Quote the reason if present.
+3. Explain where they land:
+   > This will import N rule(s) from your existing `settings.json`
+   > files. Your hand-authored `passthru.json` is never touched;
+   > imports go to `passthru.imported.json` (separately per scope).
+   > Re-running this command overwrites the imported files in place.
+4. If the dry-run emitted any `[WARN]` lines on stderr, show them
+   and explain that those native entries were skipped because the
+   converter does not have a safe regex translation for their shape.
+   The user can still add them via `/passthru:add` or
+   `/passthru:suggest`.
+
+### 5. Ask for confirmation
+
+Ask the user plainly: "Write these rules now? (yes / no)". Wait for a
+clear answer.
+
+- `yes` / `y` / `write` -> proceed to step 6.
+- `no` / `n` / `cancel` -> tell the user nothing was written and
+  stop. Remind them they can re-run `/passthru:bootstrap` when they
+  are ready, or use `/passthru:add` / `/passthru:suggest` instead.
+- Ambiguous answer -> re-ask once. If still ambiguous, treat as no.
+
+The scope choice is already fixed by whatever the user passed in
+`$ARGUMENTS` (default = both scopes). Do not ask about scope here.
+
+### 6. Write the rules
+
+On confirmation, invoke the script again with `--write` and the same
+`$ARGUMENTS`:
+
+```bash
+bash ${CLAUDE_PLUGIN_ROOT}/scripts/bootstrap.sh --write $ARGUMENTS
+```
+
+The script backs up any existing `passthru.imported.json`, writes the
+new document, then runs `scripts/verify.sh --quiet`. If the verifier
+fails, the script restores the backup and exits non-zero. Surface
+non-zero output verbatim and stop.
+
+On success the script prints `wrote <path>` per scope.
+
+### 7. Run the verifier once more
+
+Independently re-run the verifier to confirm the imported files parse
+cleanly alongside any existing hand-authored rules:
+
+```bash
+bash ${CLAUDE_PLUGIN_ROOT}/scripts/verify.sh
+```
+
+If this exits non-zero, show the errors verbatim. The bootstrap
+script has already rolled back on its own verify failure, so an exit
+here means something else (e.g. a pre-existing problem in
+`passthru.json` that the merged view now surfaces).
+
+### 8. Report success
+
+Print a short confirmation:
+
+> Imported N rule(s). Restart Claude Code to pick the new rules up,
+> or wait - the PreToolUse hook re-reads every rule file on every
+> tool call, so the imports take effect on the very next tool call in
+> this session.
+
+If the dry-run emitted `[WARN]` lines for skipped entries, remind the
+user once more that they can port those manually via `/passthru:add`
+or `/passthru:suggest`.
+
+## Examples
+
+### Both scopes, importable rules in user scope only
+
+Dry-run output:
+
+```
+# would write: /Users/you/.claude/passthru.imported.json
+{
+  "version": 1,
+  "allow": [
+    { "tool": "Bash", "match": { "command": "^ls(\\s|$)" }, "reason": "imported from settings" },
+    { "tool": "Bash", "match": { "command": "^gh api(\\s|$)" }, "reason": "imported from settings" }
+  ],
+  "deny": []
+}
+# would write: /Users/you/project/.claude/passthru.imported.json
+{ "version": 1, "allow": [], "deny": [] }
+```
+
+Present:
+
+> Found 2 importable rule(s): user=2.
+> 
+> user scope:
+> - `Bash` match `command: ^ls(\s|$)` - imported from settings
+> - `Bash` match `command: ^gh api(\s|$)` - imported from settings
+> 
+> This will import 2 rules from your existing settings.json files.
+> Your hand-authored passthru.json is never touched; imports land in
+> passthru.imported.json.
+> 
+> Write these rules now? (yes / no)
+
+After confirmation and `--write`:
+
+> Imported 2 rule(s). Restart Claude Code (or wait - rules take
+> effect on the next tool call since the hook re-reads every
+> invocation).
+
+### `--user-only`
+
+```
+/passthru:bootstrap --user-only
+```
+
+Skips the project scope entirely. Only writes
+`~/.claude/passthru.imported.json`. Useful when project-scope
+`settings.local.json` has a lot of one-off rules you do not want
+ported plugin-side.
+
+### Nothing to import
+
+```
+/passthru:bootstrap
+```
+
+Dry-run emits two empty documents. Respond:
+
+> Nothing to import. Your settings.json has no convertible
+> permissions.allow entries in the selected scope.
+> 
+> Next steps:
+> - `/passthru:add user Bash "^gh api " "github api reads"` to add a
+>   rule by hand.
+> - `/passthru:suggest gh api` to generalize a rule from a recent
+>   tool call.
+
+Do not invoke `--write`.