fix: 99점 달성 — 보안/호환성/UX/배포 전면 개선

보안:
- checksum 범위 확장 (5파일 → 전체 .py)
- double-masking guard (이미 마스킹된 텍스트 재마스킹 방지)
- additional_secret_patterns config 지원 (팀 커스텀 패턴)
- config --set 값 검증 (lang, timezone_offset 범위 체크)

호환성:
- CI 매트릭스: Python 3.8/3.9/3.10/3.11/3.12 × 3 OS
- dashboard os.chdir() 제거 → functools.partial 사용
- pyproject.toml에 pytest 설정 추가

배포:
- MANIFEST.in 추가 (sdist에 LICENSE/CHANGELOG 포함)
- .gitignore에 dist/build/egg-info 추가

UX:
- --json 출력 플래그 (search, filter)
- 동적 터미널 폭 (shutil.get_terminal_size)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: solzip

.github/workflows/ci.yml

@@ -12,7 +12,7 @@ jobs:
     strategy:
       matrix:
         os: [ubuntu-latest, macos-latest, windows-latest]
-        python-version: ["3.7", "3.9", "3.11", "3.12"]
+        python-version: ["3.8", "3.9", "3.10", "3.11", "3.12"]
       fail-fast: false
 
     steps:
@@ -35,5 +35,6 @@ jobs:
 
       - name: Check coverage
         if: matrix.os == 'ubuntu-latest' && matrix.python-version == '3.12'
+        continue-on-error: false
         run: |
           pytest tests/ --cov=claude_diary --cov-fail-under=70

.gitignore

@@ -6,6 +6,10 @@
 # Python
 __pycache__/
 *.pyc
+*.egg-info/
+dist/
+build/
+.pytest_cache/
 
 # bkit plugin state
 .bkit/

MANIFEST.in

@@ -0,0 +1,5 @@
+include LICENSE
+include CHANGELOG.md
+include SECURITY.md
+include README.md
+include README.en.md

pyproject.toml

@@ -41,3 +41,7 @@ Repository = "https://github.com/solzip/claude-code-hooks-diary"
 
 [tool.setuptools.packages.find]
 where = ["src"]
+
+[tool.pytest.ini_options]
+testpaths = ["tests"]
+pythonpath = ["src"]

src/claude_diary/cli/__init__.py

@@ -33,12 +33,14 @@ def main():
     p_search.add_argument("--category", "-c", help="Filter by category")
     p_search.add_argument("--from", dest="date_from", help="Start date (YYYY-MM-DD)")
     p_search.add_argument("--to", dest="date_to", help="End date (YYYY-MM-DD)")
+    p_search.add_argument("--json", dest="json_output", action="store_true", help="Output as JSON")
 
     # filter
     p_filter = sub.add_parser("filter", help="Filter diary entries")
     p_filter.add_argument("--project", "-p", help="Filter by project")
     p_filter.add_argument("--category", "-c", help="Filter by category")
     p_filter.add_argument("--month", "-m", help="Filter by month (YYYY-MM)")
+    p_filter.add_argument("--json", dest="json_output", action="store_true", help="Output as JSON")
 
     # trace
     p_trace = sub.add_parser("trace", help="Trace file change history")
@@ -178,6 +180,10 @@ def cmd_search(args):
         print("No results found for '%s'" % args.keyword)
         return
 
+    if getattr(args, 'json_output', False):
+        print(json.dumps(results, ensure_ascii=False, indent=2))
+        return
+
     print(L("cli_found_entries") % len(results))
     print()
     for e in results:
@@ -364,15 +370,24 @@ def cmd_stats(args):
     _print_box_bottom()
 
 
+def _get_terminal_width():
+    """Get terminal width, defaulting to 52."""
+    try:
+        import shutil
+        return min(max(shutil.get_terminal_size().columns - 2, 40), 100)
+    except Exception:
+        return 52
+
+
 def _print_box_top(title):
-    width = 52
+    width = _get_terminal_width()
     print("╔" + "═" * width + "╗")
     print("║  📊 %-*s║" % (width - 4, title))
     print("╠" + "═" * width + "╣")
 
 
 def _print_box_bottom():
-    print("╚" + "═" * 52 + "╝")
+    print("╚" + "═" * _get_terminal_width() + "╝")
 
 
 # ── Weekly ──
@@ -483,12 +498,25 @@ def cmd_config(args):
         key, _, value = args.set_value.partition("=")
         key = key.strip()
         value = value.strip()
-        if key in ("lang", "diary_dir"):
+        if key == "lang":
+            if value not in ("ko", "en"):
+                print("Invalid lang: %s (use 'ko' or 'en')" % value)
+                return
+            config[key] = value
+        elif key == "diary_dir":
             config[key] = value
         elif key == "timezone_offset":
-            config[key] = int(value)
+            try:
+                tz = int(value)
+                if not (-12 <= tz <= 14):
+                    print("Invalid timezone_offset: %s (range: -12 to 14)" % value)
+                    return
+                config[key] = tz
+            except ValueError:
+                print("Invalid timezone_offset: %s (must be integer)" % value)
+                return
         else:
-            print("Unknown config key: %s" % key)
+            print("Unknown config key: %s (available: lang, diary_dir, timezone_offset)" % key)
             return
         save_config(config)
         print("Set %s = %s" % (key, value))

src/claude_diary/core.py

@@ -103,7 +103,8 @@ def process_session(session_id, transcript_path, cwd):
 
     # 5. Secret scan (always runs)
     try:
-        scan_entry_data(entry_data)
+        additional = config.get("security", {}).get("additional_secret_patterns", [])
+        scan_entry_data(entry_data, additional or None)
     except Exception:
         pass
 

src/claude_diary/dashboard.py

@@ -102,8 +102,9 @@ def serve_dashboard(diary_dir=None, port=8787):
     if not os.path.exists(os.path.join(dashboard_dir, "index.html")):
         generate_dashboard(diary_dir)
 
-    os.chdir(dashboard_dir)
-    server = HTTPServer(("localhost", port), SimpleHTTPRequestHandler)
+    import functools
+    handler = functools.partial(SimpleHTTPRequestHandler, directory=dashboard_dir)
+    server = HTTPServer(("localhost", port), handler)
     print("Dashboard: http://localhost:%d" % port)
     print("Press Ctrl+C to stop.")
 

src/claude_diary/lib/audit.py

@@ -111,21 +111,17 @@ def _compute_source_checksum():
     """Compute SHA-256 hash of core source files for tamper detection."""
     hasher = hashlib.sha256()
 
-    # Hash key source files
+    # Hash all .py source files for comprehensive tamper detection
     src_dir = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
-    key_files = [
-        "core.py", "hook.py", "config.py",
-        os.path.join("lib", "parser.py"),
-        os.path.join("lib", "secret_scanner.py"),
-    ]
-
-    for rel_path in key_files:
-        full_path = os.path.join(src_dir, rel_path)
-        if os.path.exists(full_path):
-            try:
-                with open(full_path, "rb") as f:
-                    hasher.update(f.read())
-            except Exception:
-                pass
+
+    for root, dirs, files in os.walk(src_dir):
+        for fname in sorted(files):
+            if fname.endswith(".py"):
+                full_path = os.path.join(root, fname)
+                try:
+                    with open(full_path, "rb") as f:
+                        hasher.update(f.read())
+                except Exception:
+                    pass
 
     return "sha256:" + hasher.hexdigest()[:16]

src/claude_diary/lib/secret_scanner.py

@@ -15,49 +15,65 @@
 ]
 
 
-def scan_and_mask(text):
+def scan_and_mask(text, additional_patterns=None):
     """Scan text for secret patterns and mask them.
 
+    Args:
+        text: Text to scan
+        additional_patterns: Optional list of extra regex patterns to mask
+
     Returns:
         (masked_text, mask_count)
     """
     if not text:
         return text, 0
 
+    # Skip already-masked text
+    if text == "****" or text.count("****") > 2:
+        return text, 0
+
     count = 0
-    for pattern, replacement in BASIC_PATTERNS:
+    all_patterns = list(BASIC_PATTERNS)
+    if additional_patterns:
+        for p in additional_patterns:
+            all_patterns.append((p, "****"))
+
+    for pattern, replacement in all_patterns:
         new_text, n = re.subn(pattern, replacement, text)
         count += n
         text = new_text
 
     return text, count
 
 
-def scan_entry_data(entry_data):
+def scan_entry_data(entry_data, additional_patterns=None):
     """Scan and mask secrets in all text fields of entry_data.
 
-    Modifies entry_data in-place.
+    Args:
+        entry_data: Entry data dict (modified in-place)
+        additional_patterns: Optional list of extra regex patterns
+
     Returns total number of secrets masked.
     """
     total = 0
 
     # Scan user_prompts
     for i, prompt in enumerate(entry_data.get("user_prompts", [])):
-        masked, count = scan_and_mask(prompt)
+        masked, count = scan_and_mask(prompt, additional_patterns)
         if count > 0:
             entry_data["user_prompts"][i] = masked
             total += count
 
     # Scan summary_hints
     for i, hint in enumerate(entry_data.get("summary_hints", [])):
-        masked, count = scan_and_mask(hint)
+        masked, count = scan_and_mask(hint, additional_patterns)
         if count > 0:
             entry_data["summary_hints"][i] = masked
             total += count
 
     # Scan commands
     for i, cmd in enumerate(entry_data.get("commands_run", [])):
-        masked, count = scan_and_mask(cmd)
+        masked, count = scan_and_mask(cmd, additional_patterns)
         if count > 0:
             entry_data["commands_run"][i] = masked
             total += count