Phase B: 오픈소스 커뮤니티 도구 (v3.0.0)

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,26 @@
+---
+name: Bug Report
+about: Report a bug
+labels: bug
+---
+
+## Environment
+- OS:
+- Python version:
+- claude-diary version:
+
+## Steps to Reproduce
+1.
+2.
+3.
+
+## Expected Behavior
+
+
+## Actual Behavior
+
+
+## Logs
+```
+# Paste output of: claude-diary audit -n 5
+```

.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,14 @@
+---
+name: Feature Request
+about: Suggest a new feature
+labels: enhancement
+---
+
+## Use Case
+<!-- What problem does this solve? -->
+
+## Proposed Solution
+<!-- How should it work? -->
+
+## Alternatives Considered
+<!-- Other approaches you've thought about -->

.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,15 @@
+## Summary
+<!-- Brief description of changes -->
+
+## Type
+- [ ] Bug fix
+- [ ] New feature
+- [ ] New exporter
+- [ ] Documentation
+- [ ] Other
+
+## Checklist
+- [ ] Tests pass (`pytest tests/`)
+- [ ] No external dependencies added to core
+- [ ] Documentation updated (KO/EN if applicable)
+- [ ] No secrets in code

.github/workflows/ci.yml

@@ -0,0 +1,39 @@
+name: CI
+
+on:
+  push:
+    branches: [main, phase-b, phase-c]
+  pull_request:
+    branches: [main]
+
+jobs:
+  test:
+    runs-on: ${{ matrix.os }}
+    strategy:
+      matrix:
+        os: [ubuntu-latest, macos-latest, windows-latest]
+        python-version: ["3.7", "3.9", "3.11", "3.12"]
+      fail-fast: false
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Python ${{ matrix.python-version }}
+        uses: actions/setup-python@v5
+        with:
+          python-version: ${{ matrix.python-version }}
+
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install pytest pytest-cov
+          pip install -e .
+
+      - name: Run tests
+        run: |
+          pytest tests/ -v --cov=claude_diary --cov-report=term-missing
+
+      - name: Check coverage
+        if: matrix.os == 'ubuntu-latest' && matrix.python-version == '3.12'
+        run: |
+          pytest tests/ --cov=claude_diary --cov-fail-under=70

.github/workflows/release.yml

@@ -0,0 +1,28 @@
+name: Release to PyPI
+
+on:
+  push:
+    tags:
+      - "v*"
+
+jobs:
+  publish:
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.12"
+
+      - name: Install build tools
+        run: pip install build
+
+      - name: Build package
+        run: python -m build
+
+      - name: Publish to PyPI
+        uses: pypa/gh-action-pypi-publish@release/v1

CHANGELOG.md

@@ -0,0 +1,48 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/),
+and this project adheres to [Semantic Versioning](https://semver.org/).
+
+## [3.0.0] - 2026-03-17 (Phase B)
+
+### Added
+- **Security**: Audit log system (`.audit.jsonl`) — every Hook execution recorded
+- **Security**: SHA-256 checksum verification (`claude-diary audit --verify`)
+- **Security**: SECURITY.md with transparency documentation
+- **Testing**: 40 unit tests (parser, categorizer, secret_scanner, config, audit)
+- **CI/CD**: GitHub Actions (Python 3.7~3.12 × 3 OS)
+- **CI/CD**: PyPI auto-release on tag push
+- **Community**: LICENSE (MIT), CONTRIBUTING.md, Issue/PR templates
+- **Community**: CHANGELOG.md
+
+### Changed
+- Audit log integrated into core pipeline
+
+## [2.0.0] - 2026-03-17 (Phase A)
+
+### Added
+- **Core**: Modular pip package structure (`src/claude_diary/`)
+- **Core**: Auto-categorization (7 categories, KO/EN keywords)
+- **Core**: Git integration (branch, commits, diff stats)
+- **Core**: Secret scanner (11+ patterns auto-masked)
+- **Core**: Search index (`.diary_index.json`) for fast CLI queries
+- **CLI**: 11 subcommands (search, filter, trace, stats, weekly, config, init, migrate, reindex, audit, dashboard)
+- **Exporters**: Plugin architecture with 5 official exporters (Notion, Slack, Discord, Obsidian, GitHub)
+- **Dashboard**: HTML dashboard with Chart.js (heatmap, charts, dark theme)
+- **Config**: XDG standard paths, environment variable fallback
+
+### Changed
+- Refactored from single script to modular package
+- Config priority: `config.json > env vars > defaults`
+
+## [1.0.0] - 2026-03-17
+
+### Added
+- Initial release
+- Stop Hook auto-diary (transcript parsing)
+- Weekly summary generator
+- Korean/English bilingual support
+- Windows/macOS/Linux cross-platform
+- `install.sh` auto-installer

CONTRIBUTING.md

@@ -0,0 +1,76 @@
+# Contributing to claude-diary
+
+> [한국어](#한국어) | [English](#english)
+
+## English
+
+Thank you for your interest in contributing to claude-diary!
+
+### How to Contribute
+
+#### Reporting Bugs
+- Use the [Bug Report](https://github.com/solzip/claude-code-hooks-diary/issues/new?template=bug_report.md) template
+- Include: OS, Python version, steps to reproduce
+
+#### Feature Requests
+- Use the [Feature Request](https://github.com/solzip/claude-code-hooks-diary/issues/new?template=feature_request.md) template
+
+#### Contributing an Exporter
+1. Inherit from `exporters/base.py` → `BaseExporter`
+2. Implement `export()` and `validate_config()`
+3. Set `TRUST_LEVEL = "community"`
+4. Write tests in `tests/test_exporters/`
+5. Submit PR
+
+#### Rules
+- Core code modifications are not accepted (exporters/categorizers only)
+- External dependencies must be optional (`[project.optional-dependencies]`)
+- Documentation in both Korean and English
+- Security review required for all PRs
+- All tests must pass (`pytest tests/`)
+
+### Development Setup
+
+```bash
+git clone https://github.com/solzip/claude-code-hooks-diary.git
+cd claude-code-hooks-diary
+pip install pytest
+PYTHONPATH=src pytest tests/ -v
+```
+
+### Exporter Trust Levels
+
+| Level | Description |
+|-------|-------------|
+| 🟢 Official | Included in the project, code-reviewed |
+| 🟡 Community | Contributed via PR, reviewed |
+| 🔴 Custom | User-created, not verified |
+
+---
+
+## 한국어
+
+claude-diary에 기여해 주셔서 감사합니다!
+
+### 기여 방법
+
+#### 버그 리포트
+- [Bug Report](https://github.com/solzip/claude-code-hooks-diary/issues/new?template=bug_report.md) 템플릿 사용
+- OS, Python 버전, 재현 단계 포함
+
+#### 기능 요청
+- [Feature Request](https://github.com/solzip/claude-code-hooks-diary/issues/new?template=feature_request.md) 템플릿 사용
+
+#### Exporter 기여
+1. `exporters/base.py`의 `BaseExporter` 상속
+2. `export()`, `validate_config()` 구현
+3. `TRUST_LEVEL = "community"` 설정
+4. `tests/test_exporters/`에 테스트 작성
+5. PR 제출
+
+#### 규칙
+- 코어 코드 수정은 받지 않습니다 (exporter/categorizer만)
+- 외부 의존성은 optional dependency로 추가
+- 한국어/영어 문서 모두 작성
+- 모든 PR은 보안 리뷰 필수
+- 모든 테스트 통과 필수 (`pytest tests/`)

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 solzip
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

SECURITY.md

@@ -0,0 +1,49 @@
+# Security Policy
+
+## What This Tool Does
+
+- Reads Claude Code transcript files (read-only)
+- Writes diary entries to `~/working-diary/` directory
+- Scans for secrets before writing (auto-masking)
+- Logs all operations to `.audit.jsonl`
+
+## What This Tool Does NOT Do
+
+- Does NOT send data to external servers (core has zero network access)
+- Does NOT modify your source code or Claude Code configuration
+- Does NOT access files outside the diary directory (except reading transcripts)
+- Does NOT store or transmit API tokens (exporter configs are local-only)
+
+## Supported Versions
+
+| Version | Supported |
+|---------|-----------|
+| 3.x     | Yes       |
+| 2.x     | Yes       |
+| 1.x     | No        |
+
+## Security Features
+
+- **Secret scanning**: Auto-masks passwords, API keys, tokens before writing
+- **Audit log**: Every Hook execution is logged with checksums
+- **Checksum verification**: `claude-diary audit --verify` detects source tampering
+- **Exporter isolation**: Exporters receive processed data only (no transcript access)
+- **Config protection**: File permissions 600 on Unix, tokens masked in CLI output
+- **Exporter trust levels**: Official / Community / Custom classification
+
+## Reporting a Vulnerability
+
+- **Email**: solzip@users.noreply.github.com
+- **Do NOT** open a public issue for security vulnerabilities
+- Expected response time: within 48 hours
+- We will coordinate disclosure after a fix is available
+
+## Verifying Integrity
+
+```bash
+# Verify source code hasn't been tampered with
+claude-diary audit --verify
+
+# Review recent Hook executions
+claude-diary audit --days 7
+```

src/claude_diary/cli.py

@@ -68,6 +68,12 @@ def main():
     # reindex
     sub.add_parser("reindex", help="Rebuild search index")
 
+    # audit
+    p_audit = sub.add_parser("audit", help="View audit log and verify integrity")
+    p_audit.add_argument("--days", type=int, help="Show entries from last N days")
+    p_audit.add_argument("--verify", action="store_true", help="Verify source code checksum")
+    p_audit.add_argument("-n", type=int, default=10, help="Number of entries (default: 10)")
+
     # dashboard
     p_dashboard = sub.add_parser("dashboard", help="Generate HTML dashboard")
     p_dashboard.add_argument("--serve", action="store_true", help="Start local server")
@@ -90,6 +96,7 @@ def main():
         "init": cmd_init,
         "migrate": cmd_migrate,
         "reindex": cmd_reindex,
+        "audit": cmd_audit,
         "dashboard": cmd_dashboard,
     }
 
@@ -594,6 +601,50 @@ def cmd_reindex(args):
     print("Index: %s" % index_path)
 
 
+# ── Audit ──
+
+def cmd_audit(args):
+    from claude_diary.lib.audit import read_audit_log, verify_checksum
+    config = load_config()
+    diary_dir = os.path.expanduser(config["diary_dir"])
+
+    if args.verify:
+        is_valid, current, last = verify_checksum(diary_dir)
+        if is_valid:
+            print("Checksum OK: %s" % current)
+        else:
+            print("WARNING: Checksum mismatch!")
+            print("  Current:  %s" % current)
+            print("  Last log: %s" % last)
+            print("  Source files may have been modified since last Hook execution.")
+        return
+
+    entries = read_audit_log(diary_dir, days=args.days, limit=args.n)
+
+    if not entries:
+        print("No audit log entries found.")
+        return
+
+    print("Audit log (%d entries):" % len(entries))
+    print()
+    for e in entries:
+        ts = e.get("timestamp", "")[:19]
+        sid = e.get("session_id", "")[:8]
+        masked = e.get("secrets_masked", 0)
+        written = len(e.get("files_written", []))
+        exporters = e.get("exporters_called", [])
+        failed = e.get("exporters_failed", [])
+
+        line = "  %s | session:%s | wrote:%d" % (ts, sid, written)
+        if masked > 0:
+            line += " | secrets_masked:%d" % masked
+        if exporters:
+            line += " | exporters:%s" % ",".join(exporters)
+        if failed:
+            line += " | FAILED:%s" % ",".join(failed)
+        print(line)
+
+
 # ── Dashboard ──
 
 def cmd_dashboard(args):