@h-rig/guard-plugin 0.0.6-alpha.156

package/README.md

@@ -0,0 +1 @@
+# @h-rig/guard-plugin

package/dist/src/hooks/audit-trail.d.ts

@@ -0,0 +1,4 @@
+#!/usr/bin/env bun
+import type { HookContext, HookResult } from "@rig/contracts";
+export declare const AUDIT_TRAIL_HOOK_ID = "@rig/guard-plugin:audit-trail";
+export declare function auditTrailHandler(ctx: HookContext): HookResult;

package/dist/src/hooks/audit-trail.js

@@ -0,0 +1,38 @@
+#!/usr/bin/env bun
+// @bun
+
+// packages/guard-plugin/src/hooks/audit-trail.ts
+import { appendFileSync, mkdirSync } from "fs";
+import { resolve } from "path";
+import { runTypedHook } from "@rig/hook-kit";
+import { resolveHarnessPaths } from "@rig/runtime/control-plane/native/utils";
+var AUDIT_TRAIL_HOOK_ID = "@rig/guard-plugin:audit-trail";
+function auditTrailHandler(ctx) {
+  const projectRoot = ctx.projectRoot;
+  const toolInput = ctx.toolInput;
+  const paths = resolveHarnessPaths(projectRoot);
+  mkdirSync(paths.logsDir, { recursive: true });
+  const taskId = ctx.taskId || "unknown";
+  const tool = ctx.toolName || "unknown";
+  const filePath = String(toolInput.file_path ?? toolInput.path ?? "none");
+  const command = String(toolInput.command ?? toolInput.cmd ?? "").slice(0, 180);
+  const payload = {
+    timestamp: new Date().toISOString(),
+    task: taskId,
+    tool,
+    path: filePath
+  };
+  if (tool === "Bash" && command) {
+    payload.command_preview = command;
+  }
+  appendFileSync(resolve(paths.logsDir, "audit.jsonl"), `${JSON.stringify(payload)}
+`, "utf-8");
+  return { decision: "allow" };
+}
+if (import.meta.main || process.env.RIG_HOOK_ROLE === "audit-trail") {
+  runTypedHook(auditTrailHandler, { event: "PreToolUse" });
+}
+export {
+  auditTrailHandler,
+  AUDIT_TRAIL_HOOK_ID
+};

package/dist/src/hooks/import-guard.d.ts

@@ -0,0 +1,9 @@
+#!/usr/bin/env bun
+/**
+ * import-guard hook — blocks cross-module internal imports.
+ *
+ * Single-channel plugin hook (see safety-guard.ts for the pattern).
+ */
+import type { HookContext, HookResult } from "@rig/contracts";
+export declare const IMPORT_GUARD_HOOK_ID = "@rig/guard-plugin:import-guard";
+export declare function importGuardHandler(ctx: HookContext): Promise<HookResult>;

package/dist/src/hooks/import-guard.js

@@ -0,0 +1,51 @@
+#!/usr/bin/env bun
+// @bun
+
+// packages/guard-plugin/src/hooks/import-guard.ts
+import { resolveTaskScopes, resolvePolicyContent, runTypedHook } from "@rig/hook-kit";
+import { evaluate, seedPolicyFromContent } from "@rig/runtime/control-plane/runtime/guard";
+var IMPORT_GUARD_HOOK_ID = "@rig/guard-plugin:import-guard";
+async function importGuardHandler(ctx) {
+  const projectRoot = ctx.projectRoot;
+  seedPolicyFromContent(resolvePolicyContent(projectRoot));
+  const toolInput = ctx.toolInput;
+  const content = String(toolInput.content ?? toolInput.new_string ?? "");
+  if (!content) {
+    return { decision: "allow" };
+  }
+  const filePath = String(toolInput.file_path ?? toolInput.path ?? "");
+  const evaluation = {
+    type: "content-write",
+    file_path: filePath,
+    content
+  };
+  const taskId = ctx.taskId || "";
+  const scopes = taskId ? await resolveTaskScopes(projectRoot, taskId) : [];
+  const taskWorkspace = process.env.RIG_TASK_WORKSPACE || "";
+  const decision = evaluate({
+    projectRoot,
+    taskScopes: scopes,
+    evaluation,
+    ...taskId ? { taskId } : {},
+    ...taskWorkspace ? { taskWorkspace } : {}
+  });
+  const importViolations = decision.matchedRules.filter((r) => r.category === "import");
+  if (importViolations.length > 0 && decision.action === "block") {
+    const reasons = importViolations.map((r) => r.reason).join(`
+`);
+    return {
+      decision: "block",
+      reason: `Cross-module internal import detected:
+${reasons}
+Only import from a module public API (index.ts) or npm packages.`
+    };
+  }
+  return { decision: "allow" };
+}
+if (import.meta.main || process.env.RIG_HOOK_ROLE === "import-guard") {
+  runTypedHook(importGuardHandler, { event: "PreToolUse" });
+}
+export {
+  importGuardHandler,
+  IMPORT_GUARD_HOOK_ID
+};

package/dist/src/hooks/post-edit-lint.d.ts

@@ -0,0 +1,4 @@
+#!/usr/bin/env bun
+import type { HookContext, HookResult } from "@rig/contracts";
+export declare const POST_EDIT_LINT_HOOK_ID = "@rig/guard-plugin:post-edit-lint";
+export declare function postEditLintHandler(ctx: HookContext): HookResult;

package/dist/src/hooks/post-edit-lint.js

@@ -0,0 +1,49 @@
+#!/usr/bin/env bun
+// @bun
+
+// packages/guard-plugin/src/hooks/post-edit-lint.ts
+import { existsSync, readFileSync } from "fs";
+import { runTypedHook } from "@rig/hook-kit";
+var POST_EDIT_LINT_HOOK_ID = "@rig/guard-plugin:post-edit-lint";
+function postEditLintHandler(ctx) {
+  const toolInput = ctx.toolInput;
+  const filePath = String(toolInput.file_path ?? toolInput.path ?? "");
+  if (!filePath || !/\.(ts|tsx|js|jsx)$/.test(filePath) || !existsSync(filePath)) {
+    return { decision: "allow" };
+  }
+  const content = readFileSync(filePath, "utf-8");
+  const warnings = [];
+  const consoleCount = (content.match(/console\.(log|debug)\(/g) || []).length;
+  if (consoleCount > 3) {
+    warnings.push(`${filePath}: ${consoleCount} console.log/debug calls. Remove before completion.`);
+  }
+  if (!/\.(test|spec)\./.test(filePath)) {
+    const markers = content.split(/\r?\n/).map((line, index) => ({ line, index: index + 1 })).filter((item) => /TODO|FIXME|HACK|\[STUB\]/.test(item.line)).slice(0, 5);
+    if (markers.length > 0) {
+      warnings.push(`${filePath}: contains TODO/FIXME/HACK/STUB markers:
+${markers.map((m) => `${m.index}: ${m.line}`).join(`
+`)}`);
+    }
+  }
+  if (/catch\s*\([^)]*\)\s*\{\s*\}/.test(content)) {
+    warnings.push(`${filePath}: Empty catch block detected.`);
+  }
+  if (warnings.length > 0) {
+    return {
+      decision: "allow",
+      systemMessage: `POST-EDIT WARNINGS:
+- ${warnings.join(`
+- `)}
+
+These are not blocking, but must be resolved before task completion.`
+    };
+  }
+  return { decision: "allow" };
+}
+if (import.meta.main || process.env.RIG_HOOK_ROLE === "post-edit-lint") {
+  runTypedHook(postEditLintHandler, { event: "PostToolUse" });
+}
+export {
+  postEditLintHandler,
+  POST_EDIT_LINT_HOOK_ID
+};

package/dist/src/hooks/safety-guard.d.ts

@@ -0,0 +1,13 @@
+#!/usr/bin/env bun
+/**
+ * safety-guard hook — blocks dangerous commands and content patterns.
+ *
+ * Single-channel plugin hook: the logic lives in `safetyGuardHandler`
+ * (a typed HookImplementation contributed by @rig/guard-plugin). The
+ * self-exec guard at the bottom keeps the standalone per-run binary and
+ * the seed's basename-role dispatch working by running the same handler
+ * through @rig/hook-kit's `runTypedHook`.
+ */
+import type { HookContext, HookResult } from "@rig/contracts";
+export declare const SAFETY_GUARD_HOOK_ID = "@rig/guard-plugin:safety-guard";
+export declare function safetyGuardHandler(ctx: HookContext): Promise<HookResult>;

package/dist/src/hooks/safety-guard.js

@@ -0,0 +1,70 @@
+#!/usr/bin/env bun
+// @bun
+
+// packages/guard-plugin/src/hooks/safety-guard.ts
+import { resolveTaskScopes, resolvePolicyContent, runTypedHook } from "@rig/hook-kit";
+import { evaluate, seedPolicyFromContent } from "@rig/runtime/control-plane/runtime/guard";
+var SAFETY_GUARD_HOOK_ID = "@rig/guard-plugin:safety-guard";
+async function safetyGuardHandler(ctx) {
+  const projectRoot = ctx.projectRoot;
+  seedPolicyFromContent(resolvePolicyContent(projectRoot));
+  const tool = ctx.toolName ?? "";
+  const toolInput = ctx.toolInput;
+  const command = String(toolInput.command ?? toolInput.cmd ?? "");
+  const content = String(toolInput.content ?? toolInput.new_string ?? "");
+  if (tool === "Bash" && !command) {
+    return { decision: "block", reason: "Bash tool payload did not include a command field." };
+  }
+  const taskId = ctx.taskId || "";
+  const scopes = taskId ? await resolveTaskScopes(projectRoot, taskId) : [];
+  const taskWorkspace = process.env.RIG_TASK_WORKSPACE || "";
+  const baseContext = {
+    projectRoot,
+    taskScopes: scopes,
+    evaluation: { type: "command", command: "" },
+    ...taskId ? { taskId } : {},
+    ...taskWorkspace ? { taskWorkspace } : {}
+  };
+  if (tool === "Bash" && command) {
+    const decision = evaluate({
+      ...baseContext,
+      evaluation: { type: "command", command }
+    });
+    if (!decision.allowed && decision.action === "block") {
+      const reasons = decision.matchedRules.map((r) => r.reason).join(`
+`);
+      return { decision: "block", reason: reasons };
+    }
+    if (taskWorkspace && taskWorkspace !== projectRoot) {
+      const hostProjectRoot = process.env.RIG_HOST_PROJECT_ROOT || projectRoot;
+      const rootReposPrefix = `${hostProjectRoot}/repos/`;
+      if (command.includes(rootReposPrefix)) {
+        return {
+          decision: "block",
+          reason: `Absolute root repo path detected (${rootReposPrefix}). Use relative paths or worktree paths under ${taskWorkspace}.`
+        };
+      }
+    }
+  }
+  if (content) {
+    const filePath = String(toolInput.file_path ?? toolInput.path ?? "");
+    const contentDecision = evaluate({
+      ...baseContext,
+      evaluation: { type: "content-write", file_path: filePath, content }
+    });
+    const contentRules = contentDecision.matchedRules.filter((r) => r.category === "content");
+    if (contentRules.length > 0 && contentDecision.action === "block") {
+      const reasons = contentRules.map((r) => r.reason).join(`
+`);
+      return { decision: "block", reason: reasons };
+    }
+  }
+  return { decision: "allow" };
+}
+if (import.meta.main || process.env.RIG_HOOK_ROLE === "safety-guard") {
+  runTypedHook(safetyGuardHandler, { event: "PreToolUse" });
+}
+export {
+  safetyGuardHandler,
+  SAFETY_GUARD_HOOK_ID
+};

package/dist/src/hooks/scope-guard.d.ts

@@ -0,0 +1,9 @@
+#!/usr/bin/env bun
+/**
+ * scope-guard hook — enforces task scope boundaries.
+ *
+ * Single-channel plugin hook (see safety-guard.ts for the pattern).
+ */
+import type { HookContext, HookResult } from "@rig/contracts";
+export declare const SCOPE_GUARD_HOOK_ID = "@rig/guard-plugin:scope-guard";
+export declare function scopeGuardHandler(ctx: HookContext): Promise<HookResult>;

package/dist/src/hooks/scope-guard.js

@@ -0,0 +1,69 @@
+#!/usr/bin/env bun
+// @bun
+
+// packages/guard-plugin/src/hooks/scope-guard.ts
+import { resolveTaskScopes, resolvePolicyContent, runTypedHook } from "@rig/hook-kit";
+import { evaluate, seedPolicyFromContent } from "@rig/runtime/control-plane/runtime/guard";
+var SCOPE_GUARD_HOOK_ID = "@rig/guard-plugin:scope-guard";
+async function scopeGuardHandler(ctx) {
+  const projectRoot = ctx.projectRoot;
+  seedPolicyFromContent(resolvePolicyContent(projectRoot));
+  const tool = ctx.toolName ?? "";
+  const toolInput = ctx.toolInput;
+  const taskWorkspace = process.env.RIG_TASK_WORKSPACE || "";
+  const hostProjectRoot = process.env.RIG_HOST_PROJECT_ROOT || projectRoot;
+  const runtimeMode = (process.env.RIG_TASK_RUNTIME_MODE || "").trim().toLowerCase();
+  const runtimeIsolationActive = runtimeMode !== "" && runtimeMode !== "off" || taskWorkspace !== "" && taskWorkspace !== projectRoot;
+  const rootReposPrefix = `${hostProjectRoot}/repos/`;
+  for (const filePath of ctx.filePaths) {
+    if (!filePath) {
+      continue;
+    }
+    const resolvesInsideTaskWorkspace = taskWorkspace !== "" && (filePath === taskWorkspace || filePath.startsWith(`${taskWorkspace}/`));
+    if (filePath.startsWith(rootReposPrefix) && !resolvesInsideTaskWorkspace && (taskWorkspace !== "" || runtimeIsolationActive)) {
+      return {
+        decision: "block",
+        reason: `Absolute root repo path detected (${rootReposPrefix}). Use task-runtime paths under ${taskWorkspace || "$RIG_TASK_WORKSPACE"}.`
+      };
+    }
+    if ((tool === "Read" || tool === "Glob" || tool === "Grep") && /^repos\//.test(filePath) && (taskWorkspace !== "" || runtimeIsolationActive)) {
+      return {
+        decision: "block",
+        reason: `Relative repo path '${filePath}' is blocked in runtime mode. Use absolute paths under ${taskWorkspace || "$RIG_TASK_WORKSPACE"}.`
+      };
+    }
+  }
+  const evaluation = {
+    type: "tool-call",
+    tool_name: tool,
+    tool_input: toolInput
+  };
+  const taskId = ctx.taskId || "";
+  if (!taskId) {
+    return { decision: "allow" };
+  }
+  const scopes = await resolveTaskScopes(projectRoot, taskId);
+  if (scopes.length === 0) {
+    return { decision: "allow" };
+  }
+  const decision = evaluate({
+    projectRoot,
+    taskScopes: scopes,
+    evaluation,
+    ...taskId ? { taskId } : {},
+    ...taskWorkspace ? { taskWorkspace } : {}
+  });
+  if (!decision.allowed && decision.action === "block") {
+    const reasons = decision.matchedRules.map((r) => r.reason).join(`
+`);
+    return { decision: "block", reason: reasons };
+  }
+  return { decision: "allow" };
+}
+if (import.meta.main || process.env.RIG_HOOK_ROLE === "scope-guard") {
+  runTypedHook(scopeGuardHandler, { event: "PreToolUse" });
+}
+export {
+  scopeGuardHandler,
+  SCOPE_GUARD_HOOK_ID
+};

package/dist/src/hooks/test-integrity-guard.d.ts

@@ -0,0 +1,9 @@
+#!/usr/bin/env bun
+/**
+ * test-integrity-guard hook — prevents test tampering (.skip, .only, etc.).
+ *
+ * Single-channel plugin hook (see safety-guard.ts for the pattern).
+ */
+import type { HookContext, HookResult } from "@rig/contracts";
+export declare const TEST_INTEGRITY_GUARD_HOOK_ID = "@rig/guard-plugin:test-integrity-guard";
+export declare function testIntegrityGuardHandler(ctx: HookContext): Promise<HookResult>;

package/dist/src/hooks/test-integrity-guard.js

@@ -0,0 +1,52 @@
+#!/usr/bin/env bun
+// @bun
+
+// packages/guard-plugin/src/hooks/test-integrity-guard.ts
+import { resolveTaskScopes, resolvePolicyContent, isTestFilePath, runTypedHook } from "@rig/hook-kit";
+import { evaluate, seedPolicyFromContent } from "@rig/runtime/control-plane/runtime/guard";
+var TEST_INTEGRITY_GUARD_HOOK_ID = "@rig/guard-plugin:test-integrity-guard";
+async function testIntegrityGuardHandler(ctx) {
+  const projectRoot = ctx.projectRoot;
+  seedPolicyFromContent(resolvePolicyContent(projectRoot));
+  const toolInput = ctx.toolInput;
+  const filePath = String(toolInput.file_path ?? toolInput.path ?? "");
+  const content = String(toolInput.content ?? toolInput.new_string ?? "");
+  if (!filePath || !content) {
+    return { decision: "allow" };
+  }
+  const evaluation = {
+    type: "content-write",
+    file_path: filePath,
+    content
+  };
+  const taskId = ctx.taskId || "";
+  const scopes = taskId ? await resolveTaskScopes(projectRoot, taskId) : [];
+  const taskWorkspace = process.env.RIG_TASK_WORKSPACE || "";
+  const decision = evaluate({
+    projectRoot,
+    taskScopes: scopes,
+    evaluation,
+    ...taskId ? { taskId } : {},
+    ...taskWorkspace ? { taskWorkspace } : {}
+  });
+  const testViolations = decision.matchedRules.filter((r) => r.category === "test-integrity");
+  if (testViolations.length > 0 && decision.action === "block") {
+    const reasons = testViolations.map((r) => r.reason).join(`
+`);
+    return { decision: "block", reason: reasons };
+  }
+  if (isTestFilePath(filePath) && /(test|it)\s*\(/.test(content) && !/expect\s*\(|assert/.test(content)) {
+    return {
+      decision: "allow",
+      systemMessage: `WARNING: Test block in ${filePath} may have no assertions.`
+    };
+  }
+  return { decision: "allow" };
+}
+if (import.meta.main || process.env.RIG_HOOK_ROLE === "test-integrity-guard") {
+  runTypedHook(testIntegrityGuardHandler, { event: "PreToolUse" });
+}
+export {
+  testIntegrityGuardHandler,
+  TEST_INTEGRITY_GUARD_HOOK_ID
+};

package/dist/src/index.d.ts

@@ -0,0 +1,7 @@
+export * from "./plugin";
+export { safetyGuardHandler, SAFETY_GUARD_HOOK_ID } from "./hooks/safety-guard";
+export { scopeGuardHandler, SCOPE_GUARD_HOOK_ID } from "./hooks/scope-guard";
+export { importGuardHandler, IMPORT_GUARD_HOOK_ID } from "./hooks/import-guard";
+export { testIntegrityGuardHandler, TEST_INTEGRITY_GUARD_HOOK_ID } from "./hooks/test-integrity-guard";
+export { auditTrailHandler, AUDIT_TRAIL_HOOK_ID } from "./hooks/audit-trail";
+export { postEditLintHandler, POST_EDIT_LINT_HOOK_ID } from "./hooks/post-edit-lint";

package/dist/src/index.js

@@ -0,0 +1,368 @@
+// @bun
+// packages/guard-plugin/src/plugin.ts
+import { definePlugin } from "@rig/core/config";
+
+// packages/guard-plugin/src/hooks/safety-guard.ts
+import { resolveTaskScopes, resolvePolicyContent, runTypedHook } from "@rig/hook-kit";
+import { evaluate, seedPolicyFromContent } from "@rig/runtime/control-plane/runtime/guard";
+var SAFETY_GUARD_HOOK_ID = "@rig/guard-plugin:safety-guard";
+async function safetyGuardHandler(ctx) {
+  const projectRoot = ctx.projectRoot;
+  seedPolicyFromContent(resolvePolicyContent(projectRoot));
+  const tool = ctx.toolName ?? "";
+  const toolInput = ctx.toolInput;
+  const command = String(toolInput.command ?? toolInput.cmd ?? "");
+  const content = String(toolInput.content ?? toolInput.new_string ?? "");
+  if (tool === "Bash" && !command) {
+    return { decision: "block", reason: "Bash tool payload did not include a command field." };
+  }
+  const taskId = ctx.taskId || "";
+  const scopes = taskId ? await resolveTaskScopes(projectRoot, taskId) : [];
+  const taskWorkspace = process.env.RIG_TASK_WORKSPACE || "";
+  const baseContext = {
+    projectRoot,
+    taskScopes: scopes,
+    evaluation: { type: "command", command: "" },
+    ...taskId ? { taskId } : {},
+    ...taskWorkspace ? { taskWorkspace } : {}
+  };
+  if (tool === "Bash" && command) {
+    const decision = evaluate({
+      ...baseContext,
+      evaluation: { type: "command", command }
+    });
+    if (!decision.allowed && decision.action === "block") {
+      const reasons = decision.matchedRules.map((r) => r.reason).join(`
+`);
+      return { decision: "block", reason: reasons };
+    }
+    if (taskWorkspace && taskWorkspace !== projectRoot) {
+      const hostProjectRoot = process.env.RIG_HOST_PROJECT_ROOT || projectRoot;
+      const rootReposPrefix = `${hostProjectRoot}/repos/`;
+      if (command.includes(rootReposPrefix)) {
+        return {
+          decision: "block",
+          reason: `Absolute root repo path detected (${rootReposPrefix}). Use relative paths or worktree paths under ${taskWorkspace}.`
+        };
+      }
+    }
+  }
+  if (content) {
+    const filePath = String(toolInput.file_path ?? toolInput.path ?? "");
+    const contentDecision = evaluate({
+      ...baseContext,
+      evaluation: { type: "content-write", file_path: filePath, content }
+    });
+    const contentRules = contentDecision.matchedRules.filter((r) => r.category === "content");
+    if (contentRules.length > 0 && contentDecision.action === "block") {
+      const reasons = contentRules.map((r) => r.reason).join(`
+`);
+      return { decision: "block", reason: reasons };
+    }
+  }
+  return { decision: "allow" };
+}
+if (process.env.RIG_HOOK_ROLE === "safety-guard") {
+  runTypedHook(safetyGuardHandler, { event: "PreToolUse" });
+}
+
+// packages/guard-plugin/src/hooks/scope-guard.ts
+import { resolveTaskScopes as resolveTaskScopes2, resolvePolicyContent as resolvePolicyContent2, runTypedHook as runTypedHook2 } from "@rig/hook-kit";
+import { evaluate as evaluate2, seedPolicyFromContent as seedPolicyFromContent2 } from "@rig/runtime/control-plane/runtime/guard";
+var SCOPE_GUARD_HOOK_ID = "@rig/guard-plugin:scope-guard";
+async function scopeGuardHandler(ctx) {
+  const projectRoot = ctx.projectRoot;
+  seedPolicyFromContent2(resolvePolicyContent2(projectRoot));
+  const tool = ctx.toolName ?? "";
+  const toolInput = ctx.toolInput;
+  const taskWorkspace = process.env.RIG_TASK_WORKSPACE || "";
+  const hostProjectRoot = process.env.RIG_HOST_PROJECT_ROOT || projectRoot;
+  const runtimeMode = (process.env.RIG_TASK_RUNTIME_MODE || "").trim().toLowerCase();
+  const runtimeIsolationActive = runtimeMode !== "" && runtimeMode !== "off" || taskWorkspace !== "" && taskWorkspace !== projectRoot;
+  const rootReposPrefix = `${hostProjectRoot}/repos/`;
+  for (const filePath of ctx.filePaths) {
+    if (!filePath) {
+      continue;
+    }
+    const resolvesInsideTaskWorkspace = taskWorkspace !== "" && (filePath === taskWorkspace || filePath.startsWith(`${taskWorkspace}/`));
+    if (filePath.startsWith(rootReposPrefix) && !resolvesInsideTaskWorkspace && (taskWorkspace !== "" || runtimeIsolationActive)) {
+      return {
+        decision: "block",
+        reason: `Absolute root repo path detected (${rootReposPrefix}). Use task-runtime paths under ${taskWorkspace || "$RIG_TASK_WORKSPACE"}.`
+      };
+    }
+    if ((tool === "Read" || tool === "Glob" || tool === "Grep") && /^repos\//.test(filePath) && (taskWorkspace !== "" || runtimeIsolationActive)) {
+      return {
+        decision: "block",
+        reason: `Relative repo path '${filePath}' is blocked in runtime mode. Use absolute paths under ${taskWorkspace || "$RIG_TASK_WORKSPACE"}.`
+      };
+    }
+  }
+  const evaluation = {
+    type: "tool-call",
+    tool_name: tool,
+    tool_input: toolInput
+  };
+  const taskId = ctx.taskId || "";
+  if (!taskId) {
+    return { decision: "allow" };
+  }
+  const scopes = await resolveTaskScopes2(projectRoot, taskId);
+  if (scopes.length === 0) {
+    return { decision: "allow" };
+  }
+  const decision = evaluate2({
+    projectRoot,
+    taskScopes: scopes,
+    evaluation,
+    ...taskId ? { taskId } : {},
+    ...taskWorkspace ? { taskWorkspace } : {}
+  });
+  if (!decision.allowed && decision.action === "block") {
+    const reasons = decision.matchedRules.map((r) => r.reason).join(`
+`);
+    return { decision: "block", reason: reasons };
+  }
+  return { decision: "allow" };
+}
+if (process.env.RIG_HOOK_ROLE === "scope-guard") {
+  runTypedHook2(scopeGuardHandler, { event: "PreToolUse" });
+}
+
+// packages/guard-plugin/src/hooks/import-guard.ts
+import { resolveTaskScopes as resolveTaskScopes3, resolvePolicyContent as resolvePolicyContent3, runTypedHook as runTypedHook3 } from "@rig/hook-kit";
+import { evaluate as evaluate3, seedPolicyFromContent as seedPolicyFromContent3 } from "@rig/runtime/control-plane/runtime/guard";
+var IMPORT_GUARD_HOOK_ID = "@rig/guard-plugin:import-guard";
+async function importGuardHandler(ctx) {
+  const projectRoot = ctx.projectRoot;
+  seedPolicyFromContent3(resolvePolicyContent3(projectRoot));
+  const toolInput = ctx.toolInput;
+  const content = String(toolInput.content ?? toolInput.new_string ?? "");
+  if (!content) {
+    return { decision: "allow" };
+  }
+  const filePath = String(toolInput.file_path ?? toolInput.path ?? "");
+  const evaluation = {
+    type: "content-write",
+    file_path: filePath,
+    content
+  };
+  const taskId = ctx.taskId || "";
+  const scopes = taskId ? await resolveTaskScopes3(projectRoot, taskId) : [];
+  const taskWorkspace = process.env.RIG_TASK_WORKSPACE || "";
+  const decision = evaluate3({
+    projectRoot,
+    taskScopes: scopes,
+    evaluation,
+    ...taskId ? { taskId } : {},
+    ...taskWorkspace ? { taskWorkspace } : {}
+  });
+  const importViolations = decision.matchedRules.filter((r) => r.category === "import");
+  if (importViolations.length > 0 && decision.action === "block") {
+    const reasons = importViolations.map((r) => r.reason).join(`
+`);
+    return {
+      decision: "block",
+      reason: `Cross-module internal import detected:
+${reasons}
+Only import from a module public API (index.ts) or npm packages.`
+    };
+  }
+  return { decision: "allow" };
+}
+if (process.env.RIG_HOOK_ROLE === "import-guard") {
+  runTypedHook3(importGuardHandler, { event: "PreToolUse" });
+}
+
+// packages/guard-plugin/src/hooks/test-integrity-guard.ts
+import { resolveTaskScopes as resolveTaskScopes4, resolvePolicyContent as resolvePolicyContent4, isTestFilePath, runTypedHook as runTypedHook4 } from "@rig/hook-kit";
+import { evaluate as evaluate4, seedPolicyFromContent as seedPolicyFromContent4 } from "@rig/runtime/control-plane/runtime/guard";
+var TEST_INTEGRITY_GUARD_HOOK_ID = "@rig/guard-plugin:test-integrity-guard";
+async function testIntegrityGuardHandler(ctx) {
+  const projectRoot = ctx.projectRoot;
+  seedPolicyFromContent4(resolvePolicyContent4(projectRoot));
+  const toolInput = ctx.toolInput;
+  const filePath = String(toolInput.file_path ?? toolInput.path ?? "");
+  const content = String(toolInput.content ?? toolInput.new_string ?? "");
+  if (!filePath || !content) {
+    return { decision: "allow" };
+  }
+  const evaluation = {
+    type: "content-write",
+    file_path: filePath,
+    content
+  };
+  const taskId = ctx.taskId || "";
+  const scopes = taskId ? await resolveTaskScopes4(projectRoot, taskId) : [];
+  const taskWorkspace = process.env.RIG_TASK_WORKSPACE || "";
+  const decision = evaluate4({
+    projectRoot,
+    taskScopes: scopes,
+    evaluation,
+    ...taskId ? { taskId } : {},
+    ...taskWorkspace ? { taskWorkspace } : {}
+  });
+  const testViolations = decision.matchedRules.filter((r) => r.category === "test-integrity");
+  if (testViolations.length > 0 && decision.action === "block") {
+    const reasons = testViolations.map((r) => r.reason).join(`
+`);
+    return { decision: "block", reason: reasons };
+  }
+  if (isTestFilePath(filePath) && /(test|it)\s*\(/.test(content) && !/expect\s*\(|assert/.test(content)) {
+    return {
+      decision: "allow",
+      systemMessage: `WARNING: Test block in ${filePath} may have no assertions.`
+    };
+  }
+  return { decision: "allow" };
+}
+if (process.env.RIG_HOOK_ROLE === "test-integrity-guard") {
+  runTypedHook4(testIntegrityGuardHandler, { event: "PreToolUse" });
+}
+
+// packages/guard-plugin/src/hooks/audit-trail.ts
+import { appendFileSync, mkdirSync } from "fs";
+import { resolve } from "path";
+import { runTypedHook as runTypedHook5 } from "@rig/hook-kit";
+import { resolveHarnessPaths } from "@rig/runtime/control-plane/native/utils";
+var AUDIT_TRAIL_HOOK_ID = "@rig/guard-plugin:audit-trail";
+function auditTrailHandler(ctx) {
+  const projectRoot = ctx.projectRoot;
+  const toolInput = ctx.toolInput;
+  const paths = resolveHarnessPaths(projectRoot);
+  mkdirSync(paths.logsDir, { recursive: true });
+  const taskId = ctx.taskId || "unknown";
+  const tool = ctx.toolName || "unknown";
+  const filePath = String(toolInput.file_path ?? toolInput.path ?? "none");
+  const command = String(toolInput.command ?? toolInput.cmd ?? "").slice(0, 180);
+  const payload = {
+    timestamp: new Date().toISOString(),
+    task: taskId,
+    tool,
+    path: filePath
+  };
+  if (tool === "Bash" && command) {
+    payload.command_preview = command;
+  }
+  appendFileSync(resolve(paths.logsDir, "audit.jsonl"), `${JSON.stringify(payload)}
+`, "utf-8");
+  return { decision: "allow" };
+}
+if (process.env.RIG_HOOK_ROLE === "audit-trail") {
+  runTypedHook5(auditTrailHandler, { event: "PreToolUse" });
+}
+
+// packages/guard-plugin/src/hooks/post-edit-lint.ts
+import { existsSync, readFileSync } from "fs";
+import { runTypedHook as runTypedHook6 } from "@rig/hook-kit";
+var POST_EDIT_LINT_HOOK_ID = "@rig/guard-plugin:post-edit-lint";
+function postEditLintHandler(ctx) {
+  const toolInput = ctx.toolInput;
+  const filePath = String(toolInput.file_path ?? toolInput.path ?? "");
+  if (!filePath || !/\.(ts|tsx|js|jsx)$/.test(filePath) || !existsSync(filePath)) {
+    return { decision: "allow" };
+  }
+  const content = readFileSync(filePath, "utf-8");
+  const warnings = [];
+  const consoleCount = (content.match(/console\.(log|debug)\(/g) || []).length;
+  if (consoleCount > 3) {
+    warnings.push(`${filePath}: ${consoleCount} console.log/debug calls. Remove before completion.`);
+  }
+  if (!/\.(test|spec)\./.test(filePath)) {
+    const markers = content.split(/\r?\n/).map((line, index) => ({ line, index: index + 1 })).filter((item) => /TODO|FIXME|HACK|\[STUB\]/.test(item.line)).slice(0, 5);
+    if (markers.length > 0) {
+      warnings.push(`${filePath}: contains TODO/FIXME/HACK/STUB markers:
+${markers.map((m) => `${m.index}: ${m.line}`).join(`
+`)}`);
+    }
+  }
+  if (/catch\s*\([^)]*\)\s*\{\s*\}/.test(content)) {
+    warnings.push(`${filePath}: Empty catch block detected.`);
+  }
+  if (warnings.length > 0) {
+    return {
+      decision: "allow",
+      systemMessage: `POST-EDIT WARNINGS:
+- ${warnings.join(`
+- `)}
+
+These are not blocking, but must be resolved before task completion.`
+    };
+  }
+  return { decision: "allow" };
+}
+if (process.env.RIG_HOOK_ROLE === "post-edit-lint") {
+  runTypedHook6(postEditLintHandler, { event: "PostToolUse" });
+}
+
+// packages/guard-plugin/src/plugin.ts
+var GUARD_PLUGIN_NAME = "@rig/guard-plugin";
+var GUARD_HOOKS = [
+  {
+    id: SAFETY_GUARD_HOOK_ID,
+    event: "PreToolUse",
+    matcher: { kind: "all" },
+    description: "Blocks dangerous commands and content patterns.",
+    handler: safetyGuardHandler
+  },
+  {
+    id: SCOPE_GUARD_HOOK_ID,
+    event: "PreToolUse",
+    matcher: { kind: "all" },
+    description: "Enforces task scope boundaries.",
+    handler: scopeGuardHandler
+  },
+  {
+    id: IMPORT_GUARD_HOOK_ID,
+    event: "PreToolUse",
+    matcher: { kind: "all" },
+    description: "Blocks cross-module internal imports.",
+    handler: importGuardHandler
+  },
+  {
+    id: TEST_INTEGRITY_GUARD_HOOK_ID,
+    event: "PreToolUse",
+    matcher: { kind: "all" },
+    description: "Prevents test tampering (.skip, .only, missing assertions).",
+    handler: testIntegrityGuardHandler
+  },
+  {
+    id: AUDIT_TRAIL_HOOK_ID,
+    event: "PreToolUse",
+    matcher: { kind: "all" },
+    description: "Logs tool invocations to audit.jsonl.",
+    handler: auditTrailHandler
+  },
+  {
+    id: POST_EDIT_LINT_HOOK_ID,
+    event: "PostToolUse",
+    matcher: { kind: "all" },
+    description: "Warns about console.log spam, TODO markers, and empty catches.",
+    handler: postEditLintHandler
+  }
+];
+function createGuardPlugin() {
+  return definePlugin({
+    name: GUARD_PLUGIN_NAME,
+    version: "0.0.0-alpha.1",
+    contributes: {
+      hooks: GUARD_HOOKS
+    }
+  });
+}
+export {
+  testIntegrityGuardHandler,
+  scopeGuardHandler,
+  safetyGuardHandler,
+  postEditLintHandler,
+  importGuardHandler,
+  createGuardPlugin,
+  auditTrailHandler,
+  TEST_INTEGRITY_GUARD_HOOK_ID,
+  SCOPE_GUARD_HOOK_ID,
+  SAFETY_GUARD_HOOK_ID,
+  POST_EDIT_LINT_HOOK_ID,
+  IMPORT_GUARD_HOOK_ID,
+  GUARD_PLUGIN_NAME,
+  AUDIT_TRAIL_HOOK_ID
+};

package/dist/src/plugin.d.ts

@@ -0,0 +1,3 @@
+import { type RigPlugin } from "@rig/core/config";
+export declare const GUARD_PLUGIN_NAME = "@rig/guard-plugin";
+export declare function createGuardPlugin(): RigPlugin;

package/dist/src/plugin.js

@@ -0,0 +1,356 @@
+// @bun
+// packages/guard-plugin/src/plugin.ts
+import { definePlugin } from "@rig/core/config";
+
+// packages/guard-plugin/src/hooks/safety-guard.ts
+import { resolveTaskScopes, resolvePolicyContent, runTypedHook } from "@rig/hook-kit";
+import { evaluate, seedPolicyFromContent } from "@rig/runtime/control-plane/runtime/guard";
+var SAFETY_GUARD_HOOK_ID = "@rig/guard-plugin:safety-guard";
+async function safetyGuardHandler(ctx) {
+  const projectRoot = ctx.projectRoot;
+  seedPolicyFromContent(resolvePolicyContent(projectRoot));
+  const tool = ctx.toolName ?? "";
+  const toolInput = ctx.toolInput;
+  const command = String(toolInput.command ?? toolInput.cmd ?? "");
+  const content = String(toolInput.content ?? toolInput.new_string ?? "");
+  if (tool === "Bash" && !command) {
+    return { decision: "block", reason: "Bash tool payload did not include a command field." };
+  }
+  const taskId = ctx.taskId || "";
+  const scopes = taskId ? await resolveTaskScopes(projectRoot, taskId) : [];
+  const taskWorkspace = process.env.RIG_TASK_WORKSPACE || "";
+  const baseContext = {
+    projectRoot,
+    taskScopes: scopes,
+    evaluation: { type: "command", command: "" },
+    ...taskId ? { taskId } : {},
+    ...taskWorkspace ? { taskWorkspace } : {}
+  };
+  if (tool === "Bash" && command) {
+    const decision = evaluate({
+      ...baseContext,
+      evaluation: { type: "command", command }
+    });
+    if (!decision.allowed && decision.action === "block") {
+      const reasons = decision.matchedRules.map((r) => r.reason).join(`
+`);
+      return { decision: "block", reason: reasons };
+    }
+    if (taskWorkspace && taskWorkspace !== projectRoot) {
+      const hostProjectRoot = process.env.RIG_HOST_PROJECT_ROOT || projectRoot;
+      const rootReposPrefix = `${hostProjectRoot}/repos/`;
+      if (command.includes(rootReposPrefix)) {
+        return {
+          decision: "block",
+          reason: `Absolute root repo path detected (${rootReposPrefix}). Use relative paths or worktree paths under ${taskWorkspace}.`
+        };
+      }
+    }
+  }
+  if (content) {
+    const filePath = String(toolInput.file_path ?? toolInput.path ?? "");
+    const contentDecision = evaluate({
+      ...baseContext,
+      evaluation: { type: "content-write", file_path: filePath, content }
+    });
+    const contentRules = contentDecision.matchedRules.filter((r) => r.category === "content");
+    if (contentRules.length > 0 && contentDecision.action === "block") {
+      const reasons = contentRules.map((r) => r.reason).join(`
+`);
+      return { decision: "block", reason: reasons };
+    }
+  }
+  return { decision: "allow" };
+}
+if (process.env.RIG_HOOK_ROLE === "safety-guard") {
+  runTypedHook(safetyGuardHandler, { event: "PreToolUse" });
+}
+
+// packages/guard-plugin/src/hooks/scope-guard.ts
+import { resolveTaskScopes as resolveTaskScopes2, resolvePolicyContent as resolvePolicyContent2, runTypedHook as runTypedHook2 } from "@rig/hook-kit";
+import { evaluate as evaluate2, seedPolicyFromContent as seedPolicyFromContent2 } from "@rig/runtime/control-plane/runtime/guard";
+var SCOPE_GUARD_HOOK_ID = "@rig/guard-plugin:scope-guard";
+async function scopeGuardHandler(ctx) {
+  const projectRoot = ctx.projectRoot;
+  seedPolicyFromContent2(resolvePolicyContent2(projectRoot));
+  const tool = ctx.toolName ?? "";
+  const toolInput = ctx.toolInput;
+  const taskWorkspace = process.env.RIG_TASK_WORKSPACE || "";
+  const hostProjectRoot = process.env.RIG_HOST_PROJECT_ROOT || projectRoot;
+  const runtimeMode = (process.env.RIG_TASK_RUNTIME_MODE || "").trim().toLowerCase();
+  const runtimeIsolationActive = runtimeMode !== "" && runtimeMode !== "off" || taskWorkspace !== "" && taskWorkspace !== projectRoot;
+  const rootReposPrefix = `${hostProjectRoot}/repos/`;
+  for (const filePath of ctx.filePaths) {
+    if (!filePath) {
+      continue;
+    }
+    const resolvesInsideTaskWorkspace = taskWorkspace !== "" && (filePath === taskWorkspace || filePath.startsWith(`${taskWorkspace}/`));
+    if (filePath.startsWith(rootReposPrefix) && !resolvesInsideTaskWorkspace && (taskWorkspace !== "" || runtimeIsolationActive)) {
+      return {
+        decision: "block",
+        reason: `Absolute root repo path detected (${rootReposPrefix}). Use task-runtime paths under ${taskWorkspace || "$RIG_TASK_WORKSPACE"}.`
+      };
+    }
+    if ((tool === "Read" || tool === "Glob" || tool === "Grep") && /^repos\//.test(filePath) && (taskWorkspace !== "" || runtimeIsolationActive)) {
+      return {
+        decision: "block",
+        reason: `Relative repo path '${filePath}' is blocked in runtime mode. Use absolute paths under ${taskWorkspace || "$RIG_TASK_WORKSPACE"}.`
+      };
+    }
+  }
+  const evaluation = {
+    type: "tool-call",
+    tool_name: tool,
+    tool_input: toolInput
+  };
+  const taskId = ctx.taskId || "";
+  if (!taskId) {
+    return { decision: "allow" };
+  }
+  const scopes = await resolveTaskScopes2(projectRoot, taskId);
+  if (scopes.length === 0) {
+    return { decision: "allow" };
+  }
+  const decision = evaluate2({
+    projectRoot,
+    taskScopes: scopes,
+    evaluation,
+    ...taskId ? { taskId } : {},
+    ...taskWorkspace ? { taskWorkspace } : {}
+  });
+  if (!decision.allowed && decision.action === "block") {
+    const reasons = decision.matchedRules.map((r) => r.reason).join(`
+`);
+    return { decision: "block", reason: reasons };
+  }
+  return { decision: "allow" };
+}
+if (process.env.RIG_HOOK_ROLE === "scope-guard") {
+  runTypedHook2(scopeGuardHandler, { event: "PreToolUse" });
+}
+
+// packages/guard-plugin/src/hooks/import-guard.ts
+import { resolveTaskScopes as resolveTaskScopes3, resolvePolicyContent as resolvePolicyContent3, runTypedHook as runTypedHook3 } from "@rig/hook-kit";
+import { evaluate as evaluate3, seedPolicyFromContent as seedPolicyFromContent3 } from "@rig/runtime/control-plane/runtime/guard";
+var IMPORT_GUARD_HOOK_ID = "@rig/guard-plugin:import-guard";
+async function importGuardHandler(ctx) {
+  const projectRoot = ctx.projectRoot;
+  seedPolicyFromContent3(resolvePolicyContent3(projectRoot));
+  const toolInput = ctx.toolInput;
+  const content = String(toolInput.content ?? toolInput.new_string ?? "");
+  if (!content) {
+    return { decision: "allow" };
+  }
+  const filePath = String(toolInput.file_path ?? toolInput.path ?? "");
+  const evaluation = {
+    type: "content-write",
+    file_path: filePath,
+    content
+  };
+  const taskId = ctx.taskId || "";
+  const scopes = taskId ? await resolveTaskScopes3(projectRoot, taskId) : [];
+  const taskWorkspace = process.env.RIG_TASK_WORKSPACE || "";
+  const decision = evaluate3({
+    projectRoot,
+    taskScopes: scopes,
+    evaluation,
+    ...taskId ? { taskId } : {},
+    ...taskWorkspace ? { taskWorkspace } : {}
+  });
+  const importViolations = decision.matchedRules.filter((r) => r.category === "import");
+  if (importViolations.length > 0 && decision.action === "block") {
+    const reasons = importViolations.map((r) => r.reason).join(`
+`);
+    return {
+      decision: "block",
+      reason: `Cross-module internal import detected:
+${reasons}
+Only import from a module public API (index.ts) or npm packages.`
+    };
+  }
+  return { decision: "allow" };
+}
+if (process.env.RIG_HOOK_ROLE === "import-guard") {
+  runTypedHook3(importGuardHandler, { event: "PreToolUse" });
+}
+
+// packages/guard-plugin/src/hooks/test-integrity-guard.ts
+import { resolveTaskScopes as resolveTaskScopes4, resolvePolicyContent as resolvePolicyContent4, isTestFilePath, runTypedHook as runTypedHook4 } from "@rig/hook-kit";
+import { evaluate as evaluate4, seedPolicyFromContent as seedPolicyFromContent4 } from "@rig/runtime/control-plane/runtime/guard";
+var TEST_INTEGRITY_GUARD_HOOK_ID = "@rig/guard-plugin:test-integrity-guard";
+async function testIntegrityGuardHandler(ctx) {
+  const projectRoot = ctx.projectRoot;
+  seedPolicyFromContent4(resolvePolicyContent4(projectRoot));
+  const toolInput = ctx.toolInput;
+  const filePath = String(toolInput.file_path ?? toolInput.path ?? "");
+  const content = String(toolInput.content ?? toolInput.new_string ?? "");
+  if (!filePath || !content) {
+    return { decision: "allow" };
+  }
+  const evaluation = {
+    type: "content-write",
+    file_path: filePath,
+    content
+  };
+  const taskId = ctx.taskId || "";
+  const scopes = taskId ? await resolveTaskScopes4(projectRoot, taskId) : [];
+  const taskWorkspace = process.env.RIG_TASK_WORKSPACE || "";
+  const decision = evaluate4({
+    projectRoot,
+    taskScopes: scopes,
+    evaluation,
+    ...taskId ? { taskId } : {},
+    ...taskWorkspace ? { taskWorkspace } : {}
+  });
+  const testViolations = decision.matchedRules.filter((r) => r.category === "test-integrity");
+  if (testViolations.length > 0 && decision.action === "block") {
+    const reasons = testViolations.map((r) => r.reason).join(`
+`);
+    return { decision: "block", reason: reasons };
+  }
+  if (isTestFilePath(filePath) && /(test|it)\s*\(/.test(content) && !/expect\s*\(|assert/.test(content)) {
+    return {
+      decision: "allow",
+      systemMessage: `WARNING: Test block in ${filePath} may have no assertions.`
+    };
+  }
+  return { decision: "allow" };
+}
+if (process.env.RIG_HOOK_ROLE === "test-integrity-guard") {
+  runTypedHook4(testIntegrityGuardHandler, { event: "PreToolUse" });
+}
+
+// packages/guard-plugin/src/hooks/audit-trail.ts
+import { appendFileSync, mkdirSync } from "fs";
+import { resolve } from "path";
+import { runTypedHook as runTypedHook5 } from "@rig/hook-kit";
+import { resolveHarnessPaths } from "@rig/runtime/control-plane/native/utils";
+var AUDIT_TRAIL_HOOK_ID = "@rig/guard-plugin:audit-trail";
+function auditTrailHandler(ctx) {
+  const projectRoot = ctx.projectRoot;
+  const toolInput = ctx.toolInput;
+  const paths = resolveHarnessPaths(projectRoot);
+  mkdirSync(paths.logsDir, { recursive: true });
+  const taskId = ctx.taskId || "unknown";
+  const tool = ctx.toolName || "unknown";
+  const filePath = String(toolInput.file_path ?? toolInput.path ?? "none");
+  const command = String(toolInput.command ?? toolInput.cmd ?? "").slice(0, 180);
+  const payload = {
+    timestamp: new Date().toISOString(),
+    task: taskId,
+    tool,
+    path: filePath
+  };
+  if (tool === "Bash" && command) {
+    payload.command_preview = command;
+  }
+  appendFileSync(resolve(paths.logsDir, "audit.jsonl"), `${JSON.stringify(payload)}
+`, "utf-8");
+  return { decision: "allow" };
+}
+if (process.env.RIG_HOOK_ROLE === "audit-trail") {
+  runTypedHook5(auditTrailHandler, { event: "PreToolUse" });
+}
+
+// packages/guard-plugin/src/hooks/post-edit-lint.ts
+import { existsSync, readFileSync } from "fs";
+import { runTypedHook as runTypedHook6 } from "@rig/hook-kit";
+var POST_EDIT_LINT_HOOK_ID = "@rig/guard-plugin:post-edit-lint";
+function postEditLintHandler(ctx) {
+  const toolInput = ctx.toolInput;
+  const filePath = String(toolInput.file_path ?? toolInput.path ?? "");
+  if (!filePath || !/\.(ts|tsx|js|jsx)$/.test(filePath) || !existsSync(filePath)) {
+    return { decision: "allow" };
+  }
+  const content = readFileSync(filePath, "utf-8");
+  const warnings = [];
+  const consoleCount = (content.match(/console\.(log|debug)\(/g) || []).length;
+  if (consoleCount > 3) {
+    warnings.push(`${filePath}: ${consoleCount} console.log/debug calls. Remove before completion.`);
+  }
+  if (!/\.(test|spec)\./.test(filePath)) {
+    const markers = content.split(/\r?\n/).map((line, index) => ({ line, index: index + 1 })).filter((item) => /TODO|FIXME|HACK|\[STUB\]/.test(item.line)).slice(0, 5);
+    if (markers.length > 0) {
+      warnings.push(`${filePath}: contains TODO/FIXME/HACK/STUB markers:
+${markers.map((m) => `${m.index}: ${m.line}`).join(`
+`)}`);
+    }
+  }
+  if (/catch\s*\([^)]*\)\s*\{\s*\}/.test(content)) {
+    warnings.push(`${filePath}: Empty catch block detected.`);
+  }
+  if (warnings.length > 0) {
+    return {
+      decision: "allow",
+      systemMessage: `POST-EDIT WARNINGS:
+- ${warnings.join(`
+- `)}
+
+These are not blocking, but must be resolved before task completion.`
+    };
+  }
+  return { decision: "allow" };
+}
+if (process.env.RIG_HOOK_ROLE === "post-edit-lint") {
+  runTypedHook6(postEditLintHandler, { event: "PostToolUse" });
+}
+
+// packages/guard-plugin/src/plugin.ts
+var GUARD_PLUGIN_NAME = "@rig/guard-plugin";
+var GUARD_HOOKS = [
+  {
+    id: SAFETY_GUARD_HOOK_ID,
+    event: "PreToolUse",
+    matcher: { kind: "all" },
+    description: "Blocks dangerous commands and content patterns.",
+    handler: safetyGuardHandler
+  },
+  {
+    id: SCOPE_GUARD_HOOK_ID,
+    event: "PreToolUse",
+    matcher: { kind: "all" },
+    description: "Enforces task scope boundaries.",
+    handler: scopeGuardHandler
+  },
+  {
+    id: IMPORT_GUARD_HOOK_ID,
+    event: "PreToolUse",
+    matcher: { kind: "all" },
+    description: "Blocks cross-module internal imports.",
+    handler: importGuardHandler
+  },
+  {
+    id: TEST_INTEGRITY_GUARD_HOOK_ID,
+    event: "PreToolUse",
+    matcher: { kind: "all" },
+    description: "Prevents test tampering (.skip, .only, missing assertions).",
+    handler: testIntegrityGuardHandler
+  },
+  {
+    id: AUDIT_TRAIL_HOOK_ID,
+    event: "PreToolUse",
+    matcher: { kind: "all" },
+    description: "Logs tool invocations to audit.jsonl.",
+    handler: auditTrailHandler
+  },
+  {
+    id: POST_EDIT_LINT_HOOK_ID,
+    event: "PostToolUse",
+    matcher: { kind: "all" },
+    description: "Warns about console.log spam, TODO markers, and empty catches.",
+    handler: postEditLintHandler
+  }
+];
+function createGuardPlugin() {
+  return definePlugin({
+    name: GUARD_PLUGIN_NAME,
+    version: "0.0.0-alpha.1",
+    contributes: {
+      hooks: GUARD_HOOKS
+    }
+  });
+}
+export {
+  createGuardPlugin,
+  GUARD_PLUGIN_NAME
+};

package/package.json

@@ -0,0 +1,57 @@
+{
+  "name": "@h-rig/guard-plugin",
+  "version": "0.0.6-alpha.156",
+  "type": "module",
+  "description": "First-party runtime policy-guard hooks contributed as a single-channel Rig plugin.",
+  "license": "UNLICENSED",
+  "files": [
+    "dist",
+    "README.md"
+  ],
+  "exports": {
+    ".": {
+      "types": "./dist/src/index.d.ts",
+      "import": "./dist/src/index.js"
+    },
+    "./plugin": {
+      "types": "./dist/src/plugin.d.ts",
+      "import": "./dist/src/plugin.js"
+    },
+    "./hooks/safety-guard": {
+      "types": "./dist/src/hooks/safety-guard.d.ts",
+      "import": "./dist/src/hooks/safety-guard.js"
+    },
+    "./hooks/scope-guard": {
+      "types": "./dist/src/hooks/scope-guard.d.ts",
+      "import": "./dist/src/hooks/scope-guard.js"
+    },
+    "./hooks/import-guard": {
+      "types": "./dist/src/hooks/import-guard.d.ts",
+      "import": "./dist/src/hooks/import-guard.js"
+    },
+    "./hooks/test-integrity-guard": {
+      "types": "./dist/src/hooks/test-integrity-guard.d.ts",
+      "import": "./dist/src/hooks/test-integrity-guard.js"
+    },
+    "./hooks/audit-trail": {
+      "types": "./dist/src/hooks/audit-trail.d.ts",
+      "import": "./dist/src/hooks/audit-trail.js"
+    },
+    "./hooks/post-edit-lint": {
+      "types": "./dist/src/hooks/post-edit-lint.d.ts",
+      "import": "./dist/src/hooks/post-edit-lint.js"
+    }
+  },
+  "engines": {
+    "bun": ">=1.3.11"
+  },
+  "main": "./dist/src/index.js",
+  "module": "./dist/src/index.js",
+  "types": "./dist/src/index.d.ts",
+  "dependencies": {
+    "@rig/contracts": "npm:@h-rig/contracts@0.0.6-alpha.156",
+    "@rig/core": "npm:@h-rig/core@0.0.6-alpha.156",
+    "@rig/hook-kit": "npm:@h-rig/hook-kit@0.0.6-alpha.156",
+    "@rig/runtime": "npm:@h-rig/runtime@0.0.6-alpha.156"
+  }
+}