@jaguilar87/gaia-ops 4.4.0 → 4.7.2

package/hooks/modules/security/approval_grants.py

@@ -46,7 +46,6 @@ from ..core.paths import find_claude_dir, get_plugin_data_dir
 from ..core.state import get_session_id
 from .approval_scopes import (
     ApprovalSignature,
-    SCOPE_EXACT_COMMAND,
     SCOPE_SEMANTIC_SIGNATURE,
     SUPPORTED_SCOPE_TYPES,
     build_approval_signature,
@@ -56,7 +55,7 @@ from .approval_scopes import (
 logger = logging.getLogger(__name__)
 
 # Default grant TTL in minutes
-DEFAULT_GRANT_TTL_MINUTES = 10
+DEFAULT_GRANT_TTL_MINUTES = 5
 
 # Cleanup throttle: only run cleanup if 60+ seconds since last run
 _last_cleanup_time: float = 0.0
@@ -524,7 +523,7 @@ def activate_pending_approval(
             reason="Unexpected error while activating approval.",
         )
 
-def check_approval_grant(command: str) -> Optional[ApprovalGrant]:
+def check_approval_grant(command: str, session_id: str = None) -> Optional[ApprovalGrant]:
     """Check if there is an active approval grant for a command.
 
     Called by the bash_validator before blocking a dangerous command.
@@ -533,6 +532,7 @@ def check_approval_grant(command: str) -> Optional[ApprovalGrant]:
 
     Args:
         command: The shell command to check.
+        session_id: Session ID for grant scoping (defaults to env var).
 
     Returns:
         The matching ApprovalGrant if found and valid, None otherwise.
@@ -540,7 +540,8 @@ def check_approval_grant(command: str) -> Optional[ApprovalGrant]:
     global _last_check_found_expired
     _last_check_found_expired = False
 
-    session_id = _get_session_id()
+    if not session_id:
+        session_id = _get_session_id()
 
     try:
         grants_dir = _get_grants_dir()
@@ -587,7 +588,60 @@ def check_approval_grant(command: str) -> Optional[ApprovalGrant]:
     return None
 
 
-def confirm_grant(command: str) -> bool:
+def consume_grant(command: str, session_id: str = None) -> bool:
+    """Mark the first matching valid grant as used and persist to disk.
+
+    Called by bash_validator immediately after check_approval_grant() returns
+    a match, so that the grant can only be used once (single-use).
+
+    Args:
+        command: The shell command whose grant should be consumed.
+        session_id: Session ID for grant scoping (defaults to env var).
+
+    Returns:
+        True if a grant was found and consumed, False otherwise.
+    """
+    if not session_id:
+        session_id = _get_session_id()
+
+    try:
+        grants_dir = _get_grants_dir()
+        if not grants_dir.exists():
+            return False
+
+        for grant_file in sorted(grants_dir.glob(f"grant-{session_id}-*.json")):
+            try:
+                data = json.loads(grant_file.read_text())
+                grant = ApprovalGrant(**data)
+
+                if not grant.is_valid():
+                    if grant.is_expired():
+                        _cleanup_grant(grant_file)
+                    continue
+
+                signature = grant.get_signature()
+                if signature is None or signature.scope_type not in SUPPORTED_SCOPE_TYPES:
+                    continue
+
+                if grant.matches_command(command):
+                    data["used"] = True
+                    grant_file.write_text(json.dumps(data, indent=2))
+                    logger.info(
+                        "Grant consumed (single-use): command='%s', grant=%s",
+                        command[:80], grant_file.name,
+                    )
+                    return True
+
+            except (json.JSONDecodeError, TypeError):
+                continue
+
+    except Exception as e:
+        logger.error("Error consuming grant: %s", e)
+
+    return False
+
+
+def confirm_grant(command: str, session_id: str = None) -> bool:
     """Mark the first unconfirmed grant matching command as confirmed.
 
     Called after the native permission dialog accepts the first T3 execution.
@@ -596,11 +650,13 @@ def confirm_grant(command: str) -> bool:
 
     Args:
         command: The shell command whose grant should be confirmed.
+        session_id: Session ID for grant scoping (defaults to env var).
 
     Returns:
         True if a grant was found and confirmed, False otherwise.
     """
-    session_id = _get_session_id()
+    if not session_id:
+        session_id = _get_session_id()
 
     try:
         grants_dir = _get_grants_dir()
@@ -721,6 +777,133 @@ def cleanup_expired_grants() -> int:
     return cleaned
 
 
+def get_pending_approvals_for_session(
+    session_id: Optional[str] = None,
+) -> List[Dict[str, Any]]:
+    """Return all non-expired pending approvals for a session.
+
+    Args:
+        session_id: Session ID to filter by (defaults to current session).
+
+    Returns:
+        List of pending approval dicts, newest first.
+    """
+    if session_id is None:
+        session_id = _get_session_id()
+
+    results: List[Dict[str, Any]] = []
+    try:
+        grants_dir = _get_grants_dir()
+        for pending_file in grants_dir.glob("pending-*.json"):
+            if pending_file.name.startswith("pending-index-"):
+                continue
+            data = _read_json_file(pending_file)
+            if not data or data.get("session_id") != session_id:
+                continue
+            timestamp = data.get("timestamp", 0)
+            ttl = data.get("ttl_minutes", DEFAULT_GRANT_TTL_MINUTES)
+            if _is_ttl_expired(float(timestamp), int(ttl)):
+                continue
+            results.append(data)
+    except Exception as e:
+        logger.error("Error listing pending approvals for session %s: %s", session_id, e)
+
+    results.sort(key=lambda d: d.get("timestamp", 0), reverse=True)
+    return results
+
+
+def find_pending_for_command(
+    session_id: str,
+    command: str,
+) -> Optional[str]:
+    """Find an existing pending approval nonce for this command and session.
+
+    When a subagent retries a blocked T3 command, a pending approval may
+    already exist from the first attempt.  Reusing the existing nonce
+    prevents the infinite-loop of generating a new approval_id on every
+    retry while the user is still reviewing the first one.
+
+    Args:
+        session_id: Session to search.
+        command: The command to match against pending approvals.
+
+    Returns:
+        The nonce (approval_id) if a matching pending approval exists, else None.
+    """
+    pending_list = get_pending_approvals_for_session(session_id)
+    if not pending_list:
+        return None
+
+    # Build a signature for the incoming command to compare semantically
+    target_sig = build_approval_signature(
+        command,
+        scope_type=SCOPE_SEMANTIC_SIGNATURE,
+    )
+    if target_sig is None:
+        return None
+
+    for pending_data in pending_list:
+        pending_sig_data = pending_data.get("scope_signature")
+        if not pending_sig_data:
+            continue
+        try:
+            pending_sig = ApprovalSignature.from_dict(pending_sig_data)
+            if matches_approval_signature(pending_sig, command):
+                nonce = pending_data.get("nonce")
+                if nonce:
+                    logger.info(
+                        "Reusing existing pending approval nonce=%s for command: %s",
+                        nonce, command[:80],
+                    )
+                    return nonce
+        except Exception:
+            continue
+
+    return None
+
+
+def activate_grants_for_session(
+    session_id: Optional[str] = None,
+    ttl_minutes: int = DEFAULT_GRANT_TTL_MINUTES,
+) -> List[ApprovalActivationResult]:
+    """Activate ALL pending approvals for a session.
+
+    Called by the ElicitationResult hook when the user approves via
+    AskUserQuestion. Converts every non-expired pending approval for the
+    session into an active grant.
+
+    Args:
+        session_id: Session to activate for (defaults to current session).
+        ttl_minutes: TTL for the resulting active grants.
+
+    Returns:
+        List of activation results (one per pending approval).
+    """
+    if session_id is None:
+        session_id = _get_session_id()
+
+    pending_list = get_pending_approvals_for_session(session_id)
+    results: List[ApprovalActivationResult] = []
+
+    for pending_data in pending_list:
+        nonce = pending_data.get("nonce", "")
+        if not nonce:
+            continue
+        result = activate_pending_approval(
+            nonce=nonce,
+            session_id=session_id,
+            ttl_minutes=ttl_minutes,
+        )
+        results.append(result)
+        logger.info(
+            "Session-wide activation: nonce=%s status=%s",
+            nonce,
+            getattr(result.status, "value", str(result.status)),
+        )
+
+    return results
+
+
 def _cleanup_grant(grant_file: Path) -> None:
     """Remove a single grant or pending file."""
     try:

package/hooks/modules/security/approval_messages.py

@@ -1,12 +1,11 @@
 """Canonical approval/resume text used by hooks, skills, and tests."""
+from __future__ import annotations
 
 from .approval_constants import NONCE_APPROVAL_PREFIX
 
 CANONICAL_APPROVAL_TOKEN = "APPROVE:<nonce>"
 CANONICAL_APPROVAL_TOKEN_FORMAT = f"{NONCE_APPROVAL_PREFIX}<32-char-hex>"
 LATEST_BLOCKED_COMMAND_PHRASE = "latest blocked command"
-AWAITING_APPROVAL_STATUS = "AWAITING_APPROVAL"
-
 CANONICAL_APPROVAL_TOKEN_GUIDANCE = (
     f"Use only {CANONICAL_APPROVAL_TOKEN} from the {LATEST_BLOCKED_COMMAND_PHRASE}."
 )
@@ -59,25 +58,14 @@ def build_pending_approval_unavailable_message() -> str:
 
 
 def build_t3_approval_instructions(nonce: str | None = None) -> str:
-    """Return explicit T3 approval workflow steps for blocked commands."""
-    if nonce:
-        step_two = f"2. Include the approval code NONCE:{nonce} in your {AWAITING_APPROVAL_STATUS} output.\n"
-        step_four = (
-            f"4. Wait for explicit user approval. When resumed, expect APPROVE:{nonce} "
-            f"and then retry the command. {CANONICAL_APPROVAL_TOKEN_GUIDANCE}\n"
-        )
-    else:
-        step_two = f"2. Retry the blocked command if you need a fresh approval code for {AWAITING_APPROVAL_STATUS}.\n"
-        step_four = (
-            f"4. Wait for explicit user approval before executing. {CANONICAL_APPROVAL_TOKEN_GUIDANCE}\n"
-        )
+    """Return T3 approval block data.
 
+    Kept minimal: just the facts (tier, nonce).  Workflow instructions
+    live in skills (approval, orchestrator-approval, security-tiers) so
+    the hook doesn't duplicate or conflict with them.
+    """
+    nonce_line = f"NONCE:{nonce}" if nonce else "NONCE:unavailable (retry command to generate)"
     return (
-        "This is a T3 (state-modifying) operation. Follow the approval workflow:\n"
-        "1. Present a plan with scope, impact, and rollback steps.\n"
-        f"{step_two}"
-        f"3. Set PLAN_STATUS: {AWAITING_APPROVAL_STATUS}.\n"
-        f"{step_four}"
-        "5. Include an `approval_request` object in your json:contract with:\n"
-        "   operation, exact_content, scope, risk_level, rollback, verification\n"
+        f"[T3_APPROVAL_REQUIRED] {nonce_line}\n"
+        "Load the approval skill for next steps."
     )

package/hooks/modules/security/blocked_commands.py

@@ -2,14 +2,15 @@
 Blocked command patterns - PERMANENTLY BLOCKED operations (exit 2, never approvable).
 
 This is the single source of truth for DESTRUCTIVE commands. Commands matched here
-are blocked with exit 2 and no nonce is generated -- they cannot be approved.
+are blocked with exit 2 and cannot be approved.
 
 All other state-modifying commands are detected by the universal verb detector
-(mutative_verbs.py) as MUTATIVE and routed through the nonce approval workflow.
+(mutative_verbs.py) as MUTATIVE and routed through the user approval workflow.
 
 Categories:
 - AWS networking/data infrastructure delete operations
 - AWS KMS/Route53/Organizations operations
+- Azure resource group/networking/data/AKS/Key Vault delete operations
 - GCP project/cluster/database delete operations
 - Kubernetes critical delete operations (cluster, namespace, pv, node, CRD, webhooks)
 - Kubernetes bulk delete operations (--all flag)
@@ -127,6 +128,43 @@ BLOCKED_PATTERNS: Dict[str, List[re.Pattern]] = {
         re.compile(r"aws\s+route53\s+delete-hosted-zone\b", re.IGNORECASE),
     ],
 
+    # Azure - Resource group, networking, data infrastructure (irreversible)
+    "azure_critical": [
+        re.compile(r"az\s+group\s+delete\b", re.IGNORECASE),
+        re.compile(r"az\s+network\s+vnet\s+delete\b", re.IGNORECASE),
+        re.compile(r"az\s+network\s+vnet\s+subnet\s+delete\b", re.IGNORECASE),
+        re.compile(r"az\s+network\s+nsg\s+delete\b", re.IGNORECASE),
+        re.compile(r"az\s+network\s+public-ip\s+delete\b", re.IGNORECASE),
+        re.compile(r"az\s+network\s+application-gateway\s+delete\b", re.IGNORECASE),
+        re.compile(r"az\s+network\s+lb\s+delete\b", re.IGNORECASE),
+        re.compile(r"az\s+network\s+dns\s+zone\s+delete\b", re.IGNORECASE),
+        re.compile(r"az\s+network\s+private-dns\s+zone\s+delete\b", re.IGNORECASE),
+        re.compile(r"az\s+vm\s+delete\b", re.IGNORECASE),
+        re.compile(r"az\s+vmss\s+delete\b", re.IGNORECASE),
+        re.compile(r"az\s+disk\s+delete\b", re.IGNORECASE),
+        re.compile(r"az\s+snapshot\s+delete\b", re.IGNORECASE),
+        re.compile(r"az\s+image\s+delete\b", re.IGNORECASE),
+        re.compile(r"az\s+sql\s+server\s+delete\b", re.IGNORECASE),
+        re.compile(r"az\s+sql\s+db\s+delete\b", re.IGNORECASE),
+        re.compile(r"az\s+cosmosdb\s+delete\b", re.IGNORECASE),
+        re.compile(r"az\s+redis\s+delete\b", re.IGNORECASE),
+        re.compile(r"az\s+storage\s+account\s+delete\b", re.IGNORECASE),
+        re.compile(r"az\s+storage\s+container\s+delete\b", re.IGNORECASE),
+        re.compile(r"az\s+storage\s+blob\s+delete-batch\b", re.IGNORECASE),
+        re.compile(r"az\s+aks\s+delete\b", re.IGNORECASE),
+        re.compile(r"az\s+aks\s+nodepool\s+delete\b", re.IGNORECASE),
+        re.compile(r"az\s+acr\s+delete\b", re.IGNORECASE),
+        re.compile(r"az\s+keyvault\s+delete\b", re.IGNORECASE),
+        re.compile(r"az\s+keyvault\s+key\s+delete\b", re.IGNORECASE),
+        re.compile(r"az\s+keyvault\s+secret\s+delete\b", re.IGNORECASE),
+        re.compile(r"az\s+functionapp\s+delete\b", re.IGNORECASE),
+        re.compile(r"az\s+webapp\s+delete\b", re.IGNORECASE),
+        re.compile(r"az\s+ad\s+app\s+delete\b", re.IGNORECASE),
+        re.compile(r"az\s+ad\s+sp\s+delete\b", re.IGNORECASE),
+        re.compile(r"az\s+servicebus\s+namespace\s+delete\b", re.IGNORECASE),
+        re.compile(r"az\s+eventhubs\s+namespace\s+delete\b", re.IGNORECASE),
+    ],
+
     # GCP - Project, cluster, and database operations (irreversible)
     "gcp_critical": [
         re.compile(r"gcloud\s+projects\s+delete\b", re.IGNORECASE),
@@ -240,6 +278,29 @@ BLOCKED_COMMAND_SUGGESTIONS = {
     "aws organizations delete-organization": "[BLOCKED] Organization deletion is irreversible",
     "aws route53 delete-hosted-zone": "[BLOCKED] DNS zone deletion causes widespread outage",
 
+    # Azure suggestions
+    "az group delete": "[BLOCKED] Resource group deletion destroys all contained resources - use Terraform/Terragrunt",
+    "az network vnet delete": "[BLOCKED] VNet deletion is irreversible - use Terraform/Terragrunt",
+    "az network vnet subnet delete": "[BLOCKED] Subnet deletion is irreversible - use Terraform/Terragrunt",
+    "az network nsg delete": "[BLOCKED] NSG deletion removes all security rules - use Terraform/Terragrunt",
+    "az vm delete": "[BLOCKED] VM deletion is irreversible - use Terraform/Terragrunt",
+    "az vmss delete": "[BLOCKED] Scale set deletion is irreversible - use Terraform/Terragrunt",
+    "az disk delete": "[BLOCKED] Disk deletion loses all data - use Terraform/Terragrunt",
+    "az sql server delete": "[BLOCKED] SQL Server deletion destroys all databases - use Terraform/Terragrunt",
+    "az sql db delete": "[BLOCKED] Database deletion loses all data - use Terraform/Terragrunt",
+    "az cosmosdb delete": "[BLOCKED] CosmosDB deletion is irreversible - use Terraform/Terragrunt",
+    "az redis delete": "[BLOCKED] Redis deletion loses all cached data - use Terraform/Terragrunt",
+    "az storage account delete": "[BLOCKED] Storage account deletion destroys all data - use Terraform/Terragrunt",
+    "az aks delete": "[BLOCKED] AKS cluster deletion is irreversible - use Terraform/Terragrunt",
+    "az acr delete": "[BLOCKED] Container registry deletion destroys all images - use Terraform/Terragrunt",
+    "az keyvault delete": "[BLOCKED] Key Vault deletion can render encrypted data unrecoverable",
+    "az functionapp delete": "[BLOCKED] Function App deletion is irreversible - use Terraform/Terragrunt",
+    "az webapp delete": "[BLOCKED] Web App deletion is irreversible - use Terraform/Terragrunt",
+    "az ad app delete": "[BLOCKED] App registration deletion breaks all dependent services",
+    "az ad sp delete": "[BLOCKED] Service principal deletion breaks authentication for dependent services",
+    "az servicebus namespace delete": "[BLOCKED] Service Bus namespace deletion is irreversible - use Terraform/Terragrunt",
+    "az eventhubs namespace delete": "[BLOCKED] Event Hubs namespace deletion is irreversible - use Terraform/Terragrunt",
+
     # GCP suggestions
     "gcloud projects delete": "[BLOCKED] Project deletion is irreversible - must be done via Cloud Console",
     "gcloud container clusters delete": "[BLOCKED] Use Terraform/Terragrunt for GKE management",
@@ -335,6 +396,41 @@ SEMANTIC_BLOCKED_RULES = (
     SemanticBlockedRule("aws_critical", ("aws", "organizations", "delete-organization"), "aws organizations delete-organization"),
     SemanticBlockedRule("aws_critical", ("aws", "route53", "delete-hosted-zone"), "aws route53 delete-hosted-zone"),
 
+    # Azure
+    SemanticBlockedRule("azure_critical", ("az", "group", "delete"), "az group delete"),
+    SemanticBlockedRule("azure_critical", ("az", "network", "vnet", "delete"), "az network vnet delete"),
+    SemanticBlockedRule("azure_critical", ("az", "network", "vnet", "subnet", "delete"), "az network vnet subnet delete"),
+    SemanticBlockedRule("azure_critical", ("az", "network", "nsg", "delete"), "az network nsg delete"),
+    SemanticBlockedRule("azure_critical", ("az", "network", "public-ip", "delete"), "az network vnet delete"),
+    SemanticBlockedRule("azure_critical", ("az", "network", "application-gateway", "delete"), "az network vnet delete"),
+    SemanticBlockedRule("azure_critical", ("az", "network", "lb", "delete"), "az network vnet delete"),
+    SemanticBlockedRule("azure_critical", ("az", "network", "dns", "zone", "delete"), "az network vnet delete"),
+    SemanticBlockedRule("azure_critical", ("az", "network", "private-dns", "zone", "delete"), "az network vnet delete"),
+    SemanticBlockedRule("azure_critical", ("az", "vm", "delete"), "az vm delete"),
+    SemanticBlockedRule("azure_critical", ("az", "vmss", "delete"), "az vmss delete"),
+    SemanticBlockedRule("azure_critical", ("az", "disk", "delete"), "az disk delete"),
+    SemanticBlockedRule("azure_critical", ("az", "snapshot", "delete"), "az disk delete"),
+    SemanticBlockedRule("azure_critical", ("az", "image", "delete"), "az disk delete"),
+    SemanticBlockedRule("azure_critical", ("az", "sql", "server", "delete"), "az sql server delete"),
+    SemanticBlockedRule("azure_critical", ("az", "sql", "db", "delete"), "az sql db delete"),
+    SemanticBlockedRule("azure_critical", ("az", "cosmosdb", "delete"), "az cosmosdb delete"),
+    SemanticBlockedRule("azure_critical", ("az", "redis", "delete"), "az redis delete"),
+    SemanticBlockedRule("azure_critical", ("az", "storage", "account", "delete"), "az storage account delete"),
+    SemanticBlockedRule("azure_critical", ("az", "storage", "container", "delete"), "az storage account delete"),
+    SemanticBlockedRule("azure_critical", ("az", "storage", "blob", "delete-batch"), "az storage account delete"),
+    SemanticBlockedRule("azure_critical", ("az", "aks", "delete"), "az aks delete"),
+    SemanticBlockedRule("azure_critical", ("az", "aks", "nodepool", "delete"), "az aks delete"),
+    SemanticBlockedRule("azure_critical", ("az", "acr", "delete"), "az acr delete"),
+    SemanticBlockedRule("azure_critical", ("az", "keyvault", "delete"), "az keyvault delete"),
+    SemanticBlockedRule("azure_critical", ("az", "keyvault", "key", "delete"), "az keyvault delete"),
+    SemanticBlockedRule("azure_critical", ("az", "keyvault", "secret", "delete"), "az keyvault delete"),
+    SemanticBlockedRule("azure_critical", ("az", "functionapp", "delete"), "az functionapp delete"),
+    SemanticBlockedRule("azure_critical", ("az", "webapp", "delete"), "az webapp delete"),
+    SemanticBlockedRule("azure_critical", ("az", "ad", "app", "delete"), "az ad app delete"),
+    SemanticBlockedRule("azure_critical", ("az", "ad", "sp", "delete"), "az ad sp delete"),
+    SemanticBlockedRule("azure_critical", ("az", "servicebus", "namespace", "delete"), "az servicebus namespace delete"),
+    SemanticBlockedRule("azure_critical", ("az", "eventhubs", "namespace", "delete"), "az eventhubs namespace delete"),
+
     # GCP
     SemanticBlockedRule("gcp_critical", ("gcloud", "projects", "delete"), "gcloud projects delete"),
     SemanticBlockedRule(
@@ -432,18 +528,6 @@ def get_blocked_patterns() -> List[re.Pattern]:
     return patterns
 
 
-def get_blocked_patterns_by_category(category: str) -> List[re.Pattern]:
-    """
-    Get blocked patterns for a specific category.
-
-    Args:
-        category: Category name (aws_critical, kubernetes_critical, etc.)
-
-    Returns:
-        List of compiled regex patterns for that category
-    """
-    return BLOCKED_PATTERNS.get(category, [])
-
 
 def is_blocked_command(command: str) -> BlockedCommandResult:
     """
@@ -490,26 +574,6 @@ def is_blocked_command(command: str) -> BlockedCommandResult:
     return BlockedCommandResult(is_blocked=False)
 
 
-def get_suggestion_for_blocked(command: str) -> Optional[str]:
-    """
-    Get a safe alternative suggestion for a blocked command.
-
-    Args:
-        command: The blocked command
-
-    Returns:
-        Suggestion string or None
-    """
-    semantic_rule = _match_semantic_block_rule(command)
-    if semantic_rule is not None:
-        return BLOCKED_COMMAND_SUGGESTIONS.get(semantic_rule.suggestion_key)
-
-    command_lower = command.lower()
-    for cmd_prefix, suggestion in BLOCKED_COMMAND_SUGGESTIONS.items():
-        if cmd_prefix in command_lower:
-            return suggestion
-    return None
-
 
 def _match_semantic_block_rule(command: str) -> Optional[SemanticBlockedRule]:
     """Return the first semantic deny rule that matches a command."""

package/hooks/modules/security/command_semantics.py

@@ -38,10 +38,6 @@ class CommandSemantics:
         """Return the canonical analysis form of the command."""
         return " ".join(self.semantic_tokens)
 
-    def has_flag(self, flag: str) -> bool:
-        """Check whether a normalized flag is present."""
-        return flag.lower() in self.flag_tokens
-
 
 def tokenize_command(command: str) -> Tuple[str, ...]:
     """Tokenize a shell command safely, preserving quoted substrings."""

package/hooks/modules/security/gitops_validator.py

@@ -9,7 +9,7 @@ Ensures commands follow GitOps principles:
 
 import re
 import logging
-from typing import Dict, Any, List, Optional
+from typing import List, Optional
 from dataclasses import dataclass, field
 
 logger = logging.getLogger(__name__)
@@ -177,13 +177,3 @@ def validate_gitops_workflow(
         severity="warning",
         suggestions=["Verify command follows GitOps principles"],
     )
-
-
-def to_dict(result: GitOpsValidationResult) -> Dict[str, Any]:
-    """Convert GitOpsValidationResult to dictionary for backward compatibility."""
-    return {
-        "allowed": result.allowed,
-        "reason": result.reason,
-        "severity": result.severity,
-        "suggestions": result.suggestions,
-    }