enforce output flag

Author: EthanBlackburn

.hiro/hooks/enforce_code_review.py

@@ -155,6 +155,24 @@ def main() -> int:
                     "to read the report."
                 )
             return 0
+        if cmd and "--output" not in cmd and "-o" not in cmd:
+            is_plan = "review-plan" in cmd or "review_plan" in cmd
+            if is_plan:
+                _deny(
+                    "Missing --output flag. Use:\n"
+                    "  hiro review-plan --file /path/to/plan.md "
+                    "--output .hiro/.state/plan-review.md\n"
+                    "Then use the Read tool on .hiro/.state/plan-review.md "
+                    "to read the report."
+                )
+            else:
+                _deny(
+                    "Missing --output flag. Use:\n"
+                    "  hiro review-code --output .hiro/.state/code-review.md\n"
+                    "Then use the Read tool on .hiro/.state/code-review.md "
+                    "to read the report."
+                )
+            return 0
 
     # --- PreToolUse: block git commit if review is pending ---
     if event == "PreToolUse" and tool_name == "Bash":

src/hiro_agent/_common.py

@@ -47,6 +47,7 @@
 
 # Hardcoded — not configurable to prevent SSRF. HTTPS enforced.
 HIRO_MCP_URL = "https://api.hiro.is/mcp/architect/mcp"
+HIRO_NOTIFICATIONS_MCP_URL = "https://api.hiro.is/mcp/notifications/mcp"
 HIRO_BACKEND_URL = "https://api.hiro.is"
 
 _EXPLORE_AGENT = AgentDefinition(

src/hiro_agent/hooks/enforce_code_review.py

@@ -170,6 +170,24 @@ def main() -> int:
                     "to read the report."
                 )
             return 0
+        if cmd and "--output" not in cmd and "-o" not in cmd:
+            is_plan = "review-plan" in cmd or "review_plan" in cmd
+            if is_plan:
+                _deny(
+                    "Missing --output flag. Use:\n"
+                    "  hiro review-plan --file /path/to/plan.md "
+                    "--output .hiro/.state/plan-review.md\n"
+                    "Then use the Read tool on .hiro/.state/plan-review.md "
+                    "to read the report."
+                )
+            else:
+                _deny(
+                    "Missing --output flag. Use:\n"
+                    "  hiro review-code --output .hiro/.state/code-review.md\n"
+                    "Then use the Read tool on .hiro/.state/code-review.md "
+                    "to read the report."
+                )
+            return 0
 
     # --- PreToolUse: block git commit if review is pending ---
     if event == "PreToolUse" and tool_name == "Bash":

src/hiro_agent/setup_hooks.py

@@ -89,7 +89,9 @@ def _install_hooks(project_root: Path) -> None:
 
 
 def _setup_claude_code(project_root: Path) -> None:
-    """Configure Claude Code hooks in .claude/settings.local.json."""
+    """Configure Claude Code hooks in .claude/settings.local.json and MCP servers in .mcp.json."""
+    from hiro_agent._common import HIRO_MCP_URL, HIRO_NOTIFICATIONS_MCP_URL
+
     click.echo("Configuring Claude Code...")
 
     settings_dir = project_root / ".claude"
@@ -155,6 +157,38 @@ def _setup_claude_code(project_root: Path) -> None:
     settings_file.write_text(json.dumps(settings, indent=2) + "\n")
     click.echo(f"  Wrote {settings_file}")
 
+    # Configure MCP servers in .mcp.json (merge, don't overwrite)
+    api_key = _resolve_api_key(project_root)
+    if not api_key:
+        click.echo("  Skipping .mcp.json: No API key found.")
+        return
+
+    mcp_file = project_root / ".mcp.json"
+    if mcp_file.exists():
+        try:
+            mcp_config = json.loads(mcp_file.read_text())
+        except (json.JSONDecodeError, OSError):
+            mcp_config = {}
+    else:
+        mcp_config = {}
+
+    mcp_servers = mcp_config.setdefault("mcpServers", {})
+    auth_headers = {"Authorization": f"Bearer {api_key}"}
+
+    mcp_servers["hiro"] = {
+        "type": "http",
+        "url": HIRO_MCP_URL,
+        "headers": auth_headers,
+    }
+    mcp_servers["hiro-findings"] = {
+        "type": "http",
+        "url": HIRO_NOTIFICATIONS_MCP_URL,
+        "headers": auth_headers,
+    }
+
+    mcp_file.write_text(json.dumps(mcp_config, indent=2) + "\n")
+    click.echo(f"  Wrote {mcp_file}")
+
 
 def _setup_cursor(project_root: Path) -> None:
     """Configure Cursor hooks in .cursor/hooks.json."""
@@ -313,8 +347,8 @@ def _resolve_api_key(project_root: Path) -> str | None:
 
 
 def _setup_claude_desktop(project_root: Path) -> None:
-    """Configure Claude Desktop MCP server entry in the global config."""
-    from hiro_agent._common import HIRO_MCP_URL
+    """Configure Claude Desktop MCP server entries in the global config."""
+    from hiro_agent._common import HIRO_MCP_URL, HIRO_NOTIFICATIONS_MCP_URL
 
     click.echo("Configuring Claude Desktop...")
 
@@ -337,11 +371,15 @@ def _setup_claude_desktop(project_root: Path) -> None:
         config = {}
 
     mcp_servers = config.setdefault("mcpServers", {})
+    auth_headers = {"Authorization": f"Bearer {api_key}"}
+
     mcp_servers["hiro"] = {
         "url": HIRO_MCP_URL,
-        "headers": {
-            "Authorization": f"Bearer {api_key}",
-        },
+        "headers": auth_headers,
+    }
+    mcp_servers["hiro-findings"] = {
+        "url": HIRO_NOTIFICATIONS_MCP_URL,
+        "headers": auth_headers,
     }
 
     config_path.parent.mkdir(parents=True, exist_ok=True)

tests/test_setup_hooks.py

@@ -159,6 +159,45 @@ def test_preserves_existing_settings(self, tmp_path: Path):
         assert settings["permissions"]["allow"] == ["Bash"]
         assert "hooks" in settings
 
+    def test_writes_mcp_json_with_api_key(self, tmp_path: Path):
+        (tmp_path / ".hiro").mkdir()
+        (tmp_path / ".hiro" / "config.json").write_text(json.dumps({"api_key": "test-key"}))
+
+        _setup_claude_code(tmp_path)
+
+        mcp_file = tmp_path / ".mcp.json"
+        assert mcp_file.exists()
+        config = json.loads(mcp_file.read_text())
+        assert "hiro" in config["mcpServers"]
+        assert "hiro-findings" in config["mcpServers"]
+        assert config["mcpServers"]["hiro"]["type"] == "http"
+        assert config["mcpServers"]["hiro"]["url"] == "https://api.hiro.is/mcp/architect/mcp"
+        assert config["mcpServers"]["hiro-findings"]["url"] == "https://api.hiro.is/mcp/notifications/mcp"
+        assert config["mcpServers"]["hiro"]["headers"]["Authorization"] == "Bearer test-key"
+
+    def test_mcp_json_preserves_existing_servers(self, tmp_path: Path):
+        (tmp_path / ".hiro").mkdir()
+        (tmp_path / ".hiro" / "config.json").write_text(json.dumps({"api_key": "test-key"}))
+        (tmp_path / ".mcp.json").write_text(json.dumps({
+            "mcpServers": {
+                "my-custom-server": {"type": "http", "url": "https://example.com/mcp"},
+            }
+        }))
+
+        _setup_claude_code(tmp_path)
+
+        config = json.loads((tmp_path / ".mcp.json").read_text())
+        assert "my-custom-server" in config["mcpServers"]
+        assert "hiro" in config["mcpServers"]
+        assert "hiro-findings" in config["mcpServers"]
+
+    def test_skips_mcp_json_without_api_key(self, tmp_path: Path):
+        with patch.dict(os.environ, {}, clear=False):
+            os.environ.pop("HIRO_API_KEY", None)
+            _setup_claude_code(tmp_path)
+
+        assert not (tmp_path / ".mcp.json").exists()
+
 
 class TestSetupCursor:
     """Test Cursor hook configuration."""
@@ -208,8 +247,11 @@ def test_writes_config_file(self, tmp_path: Path):
         config = json.loads(config_path.read_text())
         assert "mcpServers" in config
         assert "hiro" in config["mcpServers"]
+        assert "hiro-findings" in config["mcpServers"]
         assert config["mcpServers"]["hiro"]["url"] == "https://api.hiro.is/mcp/architect/mcp"
+        assert config["mcpServers"]["hiro-findings"]["url"] == "https://api.hiro.is/mcp/notifications/mcp"
         assert config["mcpServers"]["hiro"]["headers"]["Authorization"] == "Bearer test-key-123"
+        assert config["mcpServers"]["hiro-findings"]["headers"]["Authorization"] == "Bearer test-key-123"
 
     def test_preserves_existing_mcp_servers(self, tmp_path: Path):
         config_path = tmp_path / "Claude" / "claude_desktop_config.json"