@imdeadpool/guardex 5.0.0

package/templates/scripts/agent-file-locks.py

@@ -0,0 +1,406 @@
+#!/usr/bin/env python3
+"""Per-file lock registry for concurrent agent branches.
+
+Usage examples:
+  python3 scripts/agent-file-locks.py claim --branch agent/a path/to/file1 path/to/file2
+  python3 scripts/agent-file-locks.py claim --branch agent/a --allow-delete path/to/obsolete-file
+  python3 scripts/agent-file-locks.py allow-delete --branch agent/a path/to/obsolete-file
+  python3 scripts/agent-file-locks.py validate --branch agent/a --staged
+  python3 scripts/agent-file-locks.py release --branch agent/a
+"""
+
+from __future__ import annotations
+
+import argparse
+import json
+import os
+import subprocess
+import sys
+from dataclasses import dataclass
+from datetime import datetime, timezone
+from pathlib import Path
+from typing import Any
+
+
+LOCK_FILE_RELATIVE = Path('.omx/state/agent-file-locks.json')
+CRITICAL_GUARDRAIL_PATHS = {
+    'AGENTS.md',
+    '.githooks/pre-commit',
+    'scripts/agent-branch-start.sh',
+    'scripts/agent-branch-finish.sh',
+    'scripts/agent-file-locks.py',
+}
+ALLOW_GUARDRAIL_DELETE_ENV = 'AGENT_ALLOW_GUARDRAIL_DELETE'
+
+
+@dataclass
+class LockEntry:
+    branch: str
+    claimed_at: str
+    allow_delete: bool = False
+
+
+class LockError(Exception):
+    pass
+
+
+def run_git(args: list[str], cwd: Path) -> str:
+    result = subprocess.run(
+        ['git', *args],
+        cwd=str(cwd),
+        check=False,
+        stdout=subprocess.PIPE,
+        stderr=subprocess.PIPE,
+        text=True,
+    )
+    if result.returncode != 0:
+        raise LockError(result.stderr.strip() or f"git {' '.join(args)} failed")
+    return result.stdout.strip()
+
+
+def resolve_repo_root() -> Path:
+    output = run_git(['rev-parse', '--show-toplevel'], cwd=Path.cwd())
+    return Path(output).resolve()
+
+
+def normalize_repo_path(repo_root: Path, raw_path: str) -> str:
+    joined = Path(raw_path)
+    abs_path = joined if joined.is_absolute() else (repo_root / joined)
+    normalized_abs = Path(os.path.normpath(str(abs_path)))
+    try:
+        relative = normalized_abs.relative_to(repo_root)
+    except ValueError as exc:
+        raise LockError(f"Path is outside repository: {raw_path}") from exc
+    return relative.as_posix()
+
+
+def lock_file_path(repo_root: Path) -> Path:
+    return repo_root / LOCK_FILE_RELATIVE
+
+
+def load_state(repo_root: Path) -> dict[str, Any]:
+    path = lock_file_path(repo_root)
+    if not path.exists():
+        return {'locks': {}}
+    try:
+        data = json.loads(path.read_text())
+    except json.JSONDecodeError as exc:
+        raise LockError(f'Lock file is invalid JSON: {path}') from exc
+
+    if not isinstance(data, dict):
+        return {'locks': {}}
+    locks = data.get('locks', {})
+    if not isinstance(locks, dict):
+        return {'locks': {}}
+
+    # Backward-compat normalization for older lock schema.
+    normalized_locks: dict[str, dict[str, Any]] = {}
+    for file_path, entry in locks.items():
+        if not isinstance(entry, dict):
+            continue
+        branch = str(entry.get('branch', ''))
+        claimed_at = str(entry.get('claimed_at', ''))
+        allow_delete = bool(entry.get('allow_delete', False))
+        normalized_locks[str(file_path)] = {
+            'branch': branch,
+            'claimed_at': claimed_at,
+            'allow_delete': allow_delete,
+        }
+
+    return {'locks': normalized_locks}
+
+
+def write_state(repo_root: Path, state: dict[str, Any]) -> None:
+    path = lock_file_path(repo_root)
+    path.parent.mkdir(parents=True, exist_ok=True)
+    tmp = path.with_suffix(path.suffix + '.tmp')
+    tmp.write_text(json.dumps(state, indent=2, sort_keys=True) + '\n')
+    tmp.replace(path)
+
+
+def now_iso() -> str:
+    return datetime.now(timezone.utc).isoformat()
+
+
+def env_truthy(value: str | None) -> bool:
+    if value is None:
+        return False
+    return value.strip().lower() in {'1', 'true', 'yes', 'on'}
+
+
+def staged_changes(repo_root: Path) -> list[tuple[str, str]]:
+    out = run_git(['diff', '--cached', '--name-status', '--diff-filter=ACMRDTUXB'], cwd=repo_root)
+    if not out:
+        return []
+
+    results: list[tuple[str, str]] = []
+    for raw_line in out.splitlines():
+        line = raw_line.strip()
+        if not line:
+            continue
+        parts = line.split('\t')
+        status_token = parts[0]
+        status = status_token[0]
+        if status in {'R', 'C'}:
+            if len(parts) < 3:
+                continue
+            path = parts[-1]
+        else:
+            if len(parts) < 2:
+                continue
+            path = parts[1]
+        normalized = normalize_repo_path(repo_root, path)
+        results.append((status, normalized))
+    return results
+
+
+def cmd_claim(args: argparse.Namespace, repo_root: Path) -> int:
+    state = load_state(repo_root)
+    locks: dict[str, dict[str, Any]] = state['locks']
+
+    files = [normalize_repo_path(repo_root, p) for p in args.files]
+    conflicts: list[tuple[str, str]] = []
+
+    for file_path in files:
+        existing = locks.get(file_path)
+        if existing and existing.get('branch') != args.branch:
+            conflicts.append((file_path, str(existing.get('branch'))))
+
+    if conflicts:
+        print('[agent-file-locks] Cannot claim files already locked by other branches:', file=sys.stderr)
+        for file_path, owner_branch in conflicts:
+            print(f'  - {file_path} (locked by {owner_branch})', file=sys.stderr)
+        return 1
+
+    for file_path in files:
+        existing = locks.get(file_path, {})
+        existing_allow_delete = bool(existing.get('allow_delete', False))
+        locks[file_path] = LockEntry(
+            branch=args.branch,
+            claimed_at=now_iso(),
+            allow_delete=args.allow_delete or existing_allow_delete,
+        ).__dict__
+
+    write_state(repo_root, state)
+    delete_note = ' (delete-approved)' if args.allow_delete else ''
+    print(f"[agent-file-locks] Claimed {len(files)} file(s) for {args.branch}{delete_note}.")
+    return 0
+
+
+def cmd_allow_delete(args: argparse.Namespace, repo_root: Path) -> int:
+    state = load_state(repo_root)
+    locks: dict[str, dict[str, Any]] = state['locks']
+    files = [normalize_repo_path(repo_root, p) for p in args.files]
+
+    missing: list[str] = []
+    foreign: list[tuple[str, str]] = []
+    for file_path in files:
+        entry = locks.get(file_path)
+        if not entry:
+            missing.append(file_path)
+            continue
+        owner = str(entry.get('branch', ''))
+        if owner != args.branch:
+            foreign.append((file_path, owner))
+            continue
+        entry['allow_delete'] = True
+
+    if missing or foreign:
+        if missing:
+            print('[agent-file-locks] Cannot enable delete: files are not claimed yet:', file=sys.stderr)
+            for file_path in missing:
+                print(f'  - {file_path}', file=sys.stderr)
+        if foreign:
+            print('[agent-file-locks] Cannot enable delete: files are owned by another branch:', file=sys.stderr)
+            for file_path, owner in foreign:
+                print(f'  - {file_path} (owner: {owner})', file=sys.stderr)
+        return 1
+
+    write_state(repo_root, state)
+    print(f"[agent-file-locks] Enabled delete approval for {len(files)} file(s) on {args.branch}.")
+    return 0
+
+
+def cmd_release(args: argparse.Namespace, repo_root: Path) -> int:
+    state = load_state(repo_root)
+    locks: dict[str, dict[str, Any]] = state['locks']
+
+    to_release: set[str]
+    if args.files:
+        requested = {normalize_repo_path(repo_root, p) for p in args.files}
+        to_release = {p for p in requested if locks.get(p, {}).get('branch') == args.branch}
+    else:
+        to_release = {p for p, entry in locks.items() if entry.get('branch') == args.branch}
+
+    for file_path in to_release:
+        locks.pop(file_path, None)
+
+    write_state(repo_root, state)
+    print(f"[agent-file-locks] Released {len(to_release)} file(s) for {args.branch}.")
+    return 0
+
+
+def cmd_status(args: argparse.Namespace, repo_root: Path) -> int:
+    state = load_state(repo_root)
+    locks: dict[str, dict[str, Any]] = state['locks']
+
+    rows: list[tuple[str, str, str, bool]] = []
+    for file_path, entry in sorted(locks.items()):
+        branch = str(entry.get('branch', ''))
+        if args.branch and branch != args.branch:
+            continue
+        claimed_at = str(entry.get('claimed_at', ''))
+        allow_delete = bool(entry.get('allow_delete', False))
+        rows.append((file_path, branch, claimed_at, allow_delete))
+
+    if not rows:
+        print('[agent-file-locks] No active locks.')
+        return 0
+
+    print('[agent-file-locks] Active locks:')
+    for file_path, branch, claimed_at, allow_delete in rows:
+        delete_flag = ' delete-ok' if allow_delete else ''
+        print(f'  - {file_path} | {branch} | {claimed_at}{delete_flag}')
+    return 0
+
+
+def cmd_validate(args: argparse.Namespace, repo_root: Path) -> int:
+    state = load_state(repo_root)
+    locks: dict[str, dict[str, Any]] = state['locks']
+
+    if args.staged:
+        file_changes = staged_changes(repo_root)
+    else:
+        file_changes = [('M', normalize_repo_path(repo_root, p)) for p in args.files]
+
+    file_changes = [
+        (status, file_path)
+        for status, file_path in file_changes
+        if file_path and file_path != LOCK_FILE_RELATIVE.as_posix()
+    ]
+    if not file_changes:
+        return 0
+
+    missing: list[str] = []
+    foreign: list[tuple[str, str]] = []
+    delete_not_allowed: list[str] = []
+    guardrail_delete_blocked: list[str] = []
+
+    allow_guardrail_delete = env_truthy(os.environ.get(ALLOW_GUARDRAIL_DELETE_ENV))
+
+    for status, file_path in file_changes:
+        entry = locks.get(file_path)
+        if not entry:
+            missing.append(file_path)
+            continue
+
+        owner = str(entry.get('branch', ''))
+        if owner != args.branch:
+            foreign.append((file_path, owner))
+            continue
+
+        if status == 'D':
+            if file_path in CRITICAL_GUARDRAIL_PATHS and not allow_guardrail_delete:
+                guardrail_delete_blocked.append(file_path)
+
+            allow_delete = bool(entry.get('allow_delete', False))
+            if not allow_delete:
+                delete_not_allowed.append(file_path)
+
+    if not missing and not foreign and not delete_not_allowed and not guardrail_delete_blocked:
+        return 0
+
+    print('[agent-file-locks] Commit blocked: staged files must be safely claimed by this branch first.', file=sys.stderr)
+    if missing:
+        print('  Unclaimed files:', file=sys.stderr)
+        for file_path in missing:
+            print(f'    - {file_path}', file=sys.stderr)
+    if foreign:
+        print('  Files claimed by another branch:', file=sys.stderr)
+        for file_path, owner in foreign:
+            print(f'    - {file_path} (owner: {owner})', file=sys.stderr)
+    if delete_not_allowed:
+        print('  Delete not approved for claimed files:', file=sys.stderr)
+        for file_path in delete_not_allowed:
+            print(f'    - {file_path}', file=sys.stderr)
+        print('    Approve explicit deletions with one of:', file=sys.stderr)
+        print(
+            f'      python3 scripts/agent-file-locks.py claim --branch "{args.branch}" --allow-delete <file...>',
+            file=sys.stderr,
+        )
+        print(
+            f'      python3 scripts/agent-file-locks.py allow-delete --branch "{args.branch}" <file...>',
+            file=sys.stderr,
+        )
+    if guardrail_delete_blocked:
+        print('  Critical guardrail file deletion blocked:', file=sys.stderr)
+        for file_path in guardrail_delete_blocked:
+            print(f'    - {file_path}', file=sys.stderr)
+        print(
+            f'    To intentionally allow this rare operation, set {ALLOW_GUARDRAIL_DELETE_ENV}=1 for the commit command.',
+            file=sys.stderr,
+        )
+
+    print('\nClaim files with:', file=sys.stderr)
+    print(f'  python3 scripts/agent-file-locks.py claim --branch "{args.branch}" <file...>', file=sys.stderr)
+    return 1
+
+
+def build_parser() -> argparse.ArgumentParser:
+    parser = argparse.ArgumentParser(description='Concurrent agent file-lock utility')
+    sub = parser.add_subparsers(dest='command', required=True)
+
+    claim = sub.add_parser('claim', help='Claim file locks for a branch')
+    claim.add_argument('--branch', required=True, help='Owner branch name (e.g., agent/foo/...)')
+    claim.add_argument(
+        '--allow-delete',
+        action='store_true',
+        help='Mark these files as explicitly approved for deletion by this branch',
+    )
+    claim.add_argument('files', nargs='+', help='Files to claim (repo-relative or absolute)')
+
+    allow_delete = sub.add_parser('allow-delete', help='Enable delete approval on already claimed files')
+    allow_delete.add_argument('--branch', required=True, help='Owner branch name')
+    allow_delete.add_argument('files', nargs='+', help='Files to mark as delete-approved')
+
+    release = sub.add_parser('release', help='Release file locks for a branch')
+    release.add_argument('--branch', required=True, help='Owner branch name')
+    release.add_argument('files', nargs='*', help='Optional files; omit to release all branch locks')
+
+    status = sub.add_parser('status', help='Show lock status')
+    status.add_argument('--branch', help='Filter by branch')
+
+    validate = sub.add_parser('validate', help='Validate staged files are locked by branch')
+    validate.add_argument('--branch', required=True, help='Owner branch name')
+    validate.add_argument('--staged', action='store_true', help='Validate staged files from git index')
+    validate.add_argument('files', nargs='*', help='Files to validate when --staged is not used')
+
+    return parser
+
+
+def main() -> int:
+    parser = build_parser()
+    args = parser.parse_args()
+
+    try:
+        repo_root = resolve_repo_root()
+        if args.command == 'claim':
+            return cmd_claim(args, repo_root)
+        if args.command == 'allow-delete':
+            return cmd_allow_delete(args, repo_root)
+        if args.command == 'release':
+            return cmd_release(args, repo_root)
+        if args.command == 'status':
+            return cmd_status(args, repo_root)
+        if args.command == 'validate':
+            if not args.staged and not args.files:
+                raise LockError('validate requires --staged or one or more file paths')
+            return cmd_validate(args, repo_root)
+        raise LockError(f'Unknown command: {args.command}')
+    except LockError as exc:
+        print(f'[agent-file-locks] {exc}', file=sys.stderr)
+        return 2
+
+
+if __name__ == '__main__':
+    raise SystemExit(main())

package/templates/scripts/agent-worktree-prune.sh

@@ -0,0 +1,155 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+BASE_BRANCH="dev"
+DRY_RUN=0
+
+while [[ $# -gt 0 ]]; do
+  case "$1" in
+    --base)
+      BASE_BRANCH="${2:-dev}"
+      shift 2
+      ;;
+    --dry-run)
+      DRY_RUN=1
+      shift
+      ;;
+    *)
+      echo "[agent-worktree-prune] Unknown argument: $1" >&2
+      echo "Usage: $0 [--base <branch>] [--dry-run]" >&2
+      exit 1
+      ;;
+  esac
+done
+
+if ! git rev-parse --is-inside-work-tree >/dev/null 2>&1; then
+  echo "[agent-worktree-prune] Not inside a git repository." >&2
+  exit 1
+fi
+
+repo_root="$(git rev-parse --show-toplevel)"
+current_pwd="$(pwd -P)"
+worktree_root="${repo_root}/.omx/agent-worktrees"
+
+if ! git -C "$repo_root" show-ref --verify --quiet "refs/heads/${BASE_BRANCH}"; then
+  echo "[agent-worktree-prune] Base branch not found: ${BASE_BRANCH}" >&2
+  exit 1
+fi
+
+run_cmd() {
+  if [[ "$DRY_RUN" -eq 1 ]]; then
+    echo "[agent-worktree-prune] [dry-run] $*"
+    return 0
+  fi
+  "$@"
+}
+
+branch_has_worktree() {
+  local branch="$1"
+  git -C "$repo_root" worktree list --porcelain | grep -q "^branch refs/heads/${branch}$"
+}
+
+removed_worktrees=0
+removed_branches=0
+skipped_active=0
+
+process_entry() {
+  local wt="$1"
+  local branch_ref="$2"
+
+  [[ -z "$wt" ]] && return
+  [[ "$wt" != "${worktree_root}"/* ]] && return
+
+  local branch=""
+  if [[ -n "$branch_ref" ]]; then
+    branch="${branch_ref#refs/heads/}"
+  fi
+
+  if [[ "$wt" == "$current_pwd" ]]; then
+    skipped_active=$((skipped_active + 1))
+    echo "[agent-worktree-prune] Skipping active cwd worktree: ${wt}"
+    return
+  fi
+
+  local remove_reason=""
+
+  if [[ -z "$branch_ref" ]]; then
+    remove_reason="detached-worktree"
+  elif ! git -C "$repo_root" show-ref --verify --quiet "refs/heads/${branch}"; then
+    remove_reason="missing-branch"
+  elif [[ "$branch" == agent/* ]]; then
+    if git -C "$repo_root" merge-base --is-ancestor "$branch" "$BASE_BRANCH"; then
+      remove_reason="merged-agent-branch"
+    fi
+  elif [[ "$branch" == __agent_integrate_* || "$branch" == __source-probe-* ]]; then
+    remove_reason="temporary-worktree"
+  fi
+
+  if [[ -z "$remove_reason" ]]; then
+    return
+  fi
+
+  echo "[agent-worktree-prune] Removing worktree (${remove_reason}): ${wt}"
+  run_cmd git -C "$repo_root" worktree remove "$wt" --force
+  removed_worktrees=$((removed_worktrees + 1))
+
+  if [[ -z "$branch" ]]; then
+    return
+  fi
+
+  if git -C "$repo_root" show-ref --verify --quiet "refs/heads/${branch}" && ! branch_has_worktree "$branch"; then
+    if [[ "$branch" == agent/* ]]; then
+      if run_cmd git -C "$repo_root" branch -d "$branch" >/dev/null 2>&1; then
+        removed_branches=$((removed_branches + 1))
+        echo "[agent-worktree-prune] Deleted merged branch: ${branch}"
+      fi
+    elif [[ "$branch" == __agent_integrate_* || "$branch" == __source-probe-* ]]; then
+      run_cmd git -C "$repo_root" branch -D "$branch" >/dev/null 2>&1 || true
+      removed_branches=$((removed_branches + 1))
+      echo "[agent-worktree-prune] Deleted temporary branch: ${branch}"
+    fi
+  fi
+}
+
+current_wt=""
+current_branch_ref=""
+
+while IFS= read -r line || [[ -n "$line" ]]; do
+  if [[ -z "$line" ]]; then
+    process_entry "$current_wt" "$current_branch_ref"
+    current_wt=""
+    current_branch_ref=""
+    continue
+  fi
+
+  case "$line" in
+    worktree\ *)
+      current_wt="${line#worktree }"
+      ;;
+    branch\ *)
+      current_branch_ref="${line#branch }"
+      ;;
+  esac
+done < <(git -C "$repo_root" worktree list --porcelain)
+
+process_entry "$current_wt" "$current_branch_ref"
+
+while IFS= read -r branch; do
+  [[ -z "$branch" ]] && continue
+  if branch_has_worktree "$branch"; then
+    continue
+  fi
+  if git -C "$repo_root" merge-base --is-ancestor "$branch" "$BASE_BRANCH"; then
+    if run_cmd git -C "$repo_root" branch -d "$branch" >/dev/null 2>&1; then
+      removed_branches=$((removed_branches + 1))
+      echo "[agent-worktree-prune] Deleted stale merged branch: ${branch}"
+    fi
+  fi
+done < <(git -C "$repo_root" for-each-ref --format='%(refname:short)' refs/heads/agent)
+
+run_cmd git -C "$repo_root" worktree prune
+
+echo "[agent-worktree-prune] Summary: removed_worktrees=${removed_worktrees}, removed_branches=${removed_branches}, skipped_active=${skipped_active}"
+if [[ "$skipped_active" -gt 0 ]]; then
+  echo "[agent-worktree-prune] Tip: leave active agent worktree directories, then run this command again for full cleanup." >&2
+fi

package/templates/scripts/codex-agent.sh

@@ -0,0 +1,94 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+TASK_NAME="${MUSAFETY_TASK_NAME:-task}"
+AGENT_NAME="${MUSAFETY_AGENT_NAME:-agent}"
+BASE_BRANCH="${MUSAFETY_BASE_BRANCH:-}"
+BASE_BRANCH_EXPLICIT=0
+CODEX_BIN="${MUSAFETY_CODEX_BIN:-codex}"
+
+if [[ -n "$BASE_BRANCH" ]]; then
+  BASE_BRANCH_EXPLICIT=1
+fi
+
+while [[ $# -gt 0 ]]; do
+  case "$1" in
+    --task)
+      TASK_NAME="${2:-$TASK_NAME}"
+      shift 2
+      ;;
+    --agent)
+      AGENT_NAME="${2:-$AGENT_NAME}"
+      shift 2
+      ;;
+    --base)
+      BASE_BRANCH="${2:-$BASE_BRANCH}"
+      BASE_BRANCH_EXPLICIT=1
+      shift 2
+      ;;
+    --codex-bin)
+      CODEX_BIN="${2:-$CODEX_BIN}"
+      shift 2
+      ;;
+    --)
+      shift
+      break
+      ;;
+    -*)
+      break
+      ;;
+    *)
+      TASK_NAME="$1"
+      shift
+      if [[ $# -gt 0 && "${1:-}" != -* ]]; then
+        AGENT_NAME="$1"
+        shift
+      fi
+      if [[ $# -gt 0 && "${1:-}" != -* ]]; then
+        BASE_BRANCH="$1"
+        BASE_BRANCH_EXPLICIT=1
+        shift
+      fi
+      break
+      ;;
+  esac
+done
+
+if [[ "$BASE_BRANCH_EXPLICIT" -eq 1 && -z "$BASE_BRANCH" ]]; then
+  echo "[codex-agent] --base requires a non-empty branch name." >&2
+  exit 1
+fi
+
+if ! command -v "$CODEX_BIN" >/dev/null 2>&1; then
+  echo "[codex-agent] Missing Codex CLI command: $CODEX_BIN" >&2
+  echo "[codex-agent] Install Codex first, then retry." >&2
+  exit 127
+fi
+
+if [[ ! -x "scripts/agent-branch-start.sh" ]]; then
+  echo "[codex-agent] Missing scripts/agent-branch-start.sh. Run: gx setup" >&2
+  exit 1
+fi
+
+start_args=("$TASK_NAME" "$AGENT_NAME")
+if [[ "$BASE_BRANCH_EXPLICIT" -eq 1 ]]; then
+  start_args+=("$BASE_BRANCH")
+fi
+
+start_output="$(bash scripts/agent-branch-start.sh "${start_args[@]}")"
+printf '%s\n' "$start_output"
+
+worktree_path="$(printf '%s\n' "$start_output" | sed -n 's/^\[agent-branch-start\] Worktree: //p' | tail -n1)"
+if [[ -z "$worktree_path" ]]; then
+  echo "[codex-agent] Could not determine sandbox worktree path from agent-branch-start output." >&2
+  exit 1
+fi
+
+if [[ ! -d "$worktree_path" ]]; then
+  echo "[codex-agent] Reported worktree path does not exist: $worktree_path" >&2
+  exit 1
+fi
+
+echo "[codex-agent] Launching ${CODEX_BIN} in sandbox: $worktree_path"
+cd "$worktree_path"
+exec "$CODEX_BIN" "$@"

package/templates/scripts/install-agent-git-hooks.sh

@@ -0,0 +1,21 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+repo_root="$(git rev-parse --show-toplevel 2>/dev/null || true)"
+if [[ -z "$repo_root" ]]; then
+  echo "[install-agent-git-hooks] Not inside a git repository." >&2
+  exit 1
+fi
+
+hooks_dir="$repo_root/.githooks"
+if [[ ! -d "$hooks_dir" ]]; then
+  echo "[install-agent-git-hooks] Missing hooks directory: $hooks_dir" >&2
+  exit 1
+fi
+
+chmod +x "$hooks_dir"/* 2>/dev/null || true
+
+git -C "$repo_root" config core.hooksPath .githooks
+
+echo "[install-agent-git-hooks] Installed repo hooks path: .githooks"
+echo "[install-agent-git-hooks] Branch protection hook is now active for this repo clone."