npm - @jaguilar87/gaia-ops - Versions diffs - 4.4.0 → 4.7.2 - Mend

@jaguilar87/gaia-ops 4.4.0 → 4.7.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (371) hide show

package/.claude-plugin/marketplace.json +1 -1
package/.claude-plugin/plugin.json +12 -3
package/ARCHITECTURE.md +9 -8
package/CHANGELOG.md +34 -0
package/README.md +43 -11
package/agents/terraform-architect.md +1 -1
package/bin/README.md +2 -2
package/bin/gaia-doctor.js +18 -5
package/bin/gaia-history.js +0 -1
package/bin/gaia-metrics.js +2 -2
package/bin/gaia-scan.py +23 -1
package/bin/gaia-update.js +346 -54
package/bin/pre-publish-validate.js +33 -10
package/commands/gaia.md +37 -0
package/config/README.md +3 -9
package/config/context-contracts.json +47 -15
package/config/surface-routing.json +9 -1
package/dist/gaia-ops/.claude-plugin/plugin.json +22 -0
package/dist/gaia-ops/agents/cloud-troubleshooter.md +73 -0
package/dist/gaia-ops/agents/devops-developer.md +57 -0
package/dist/gaia-ops/agents/gaia-system.md +58 -0
package/dist/gaia-ops/agents/gitops-operator.md +60 -0
package/dist/gaia-ops/agents/speckit-planner.md +71 -0
package/dist/gaia-ops/agents/terraform-architect.md +60 -0
package/dist/gaia-ops/commands/gaia.md +37 -0
package/dist/gaia-ops/config/README.md +58 -0
package/dist/gaia-ops/config/cloud/aws.json +140 -0
package/dist/gaia-ops/config/cloud/gcp.json +145 -0
package/dist/gaia-ops/config/context-contracts.json +131 -0
package/dist/gaia-ops/config/git_standards.json +72 -0
package/dist/gaia-ops/config/surface-routing.json +197 -0
package/dist/gaia-ops/config/universal-rules.json +10 -0
package/dist/gaia-ops/hooks/adapters/__init__.py +52 -0
package/dist/gaia-ops/hooks/adapters/base.py +219 -0
package/dist/gaia-ops/hooks/adapters/channel.py +17 -0
package/dist/gaia-ops/hooks/adapters/claude_code.py +1477 -0
package/dist/gaia-ops/hooks/adapters/types.py +194 -0
package/dist/gaia-ops/hooks/adapters/utils.py +25 -0
package/dist/gaia-ops/hooks/hooks.json +126 -0
package/dist/gaia-ops/hooks/modules/__init__.py +15 -0
package/dist/gaia-ops/hooks/modules/agents/__init__.py +29 -0
package/dist/gaia-ops/hooks/modules/agents/contract_validator.py +647 -0
package/dist/gaia-ops/hooks/modules/agents/response_contract.py +496 -0
package/dist/gaia-ops/hooks/modules/agents/skill_injection_verifier.py +124 -0
package/dist/gaia-ops/hooks/modules/agents/task_info_builder.py +74 -0
package/dist/gaia-ops/hooks/modules/agents/transcript_analyzer.py +458 -0
package/dist/gaia-ops/hooks/modules/agents/transcript_reader.py +152 -0
package/dist/gaia-ops/hooks/modules/audit/__init__.py +28 -0
package/dist/gaia-ops/hooks/modules/audit/event_detector.py +168 -0
package/dist/gaia-ops/hooks/modules/audit/logger.py +131 -0
package/dist/gaia-ops/hooks/modules/audit/metrics.py +134 -0
package/dist/gaia-ops/hooks/modules/audit/workflow_auditor.py +576 -0
package/dist/gaia-ops/hooks/modules/audit/workflow_recorder.py +296 -0
package/dist/gaia-ops/hooks/modules/context/__init__.py +11 -0
package/dist/gaia-ops/hooks/modules/context/anchor_tracker.py +317 -0
package/dist/gaia-ops/hooks/modules/context/compact_context_builder.py +215 -0
package/dist/gaia-ops/hooks/modules/context/context_cache.py +129 -0
package/dist/gaia-ops/hooks/modules/context/context_freshness.py +145 -0
package/dist/gaia-ops/hooks/modules/context/context_injector.py +427 -0
package/dist/gaia-ops/hooks/modules/context/context_writer.py +518 -0
package/dist/gaia-ops/hooks/modules/context/contracts_loader.py +161 -0
package/dist/gaia-ops/hooks/modules/core/__init__.py +40 -0
package/dist/gaia-ops/hooks/modules/core/hook_entry.py +78 -0
package/dist/gaia-ops/hooks/modules/core/paths.py +160 -0
package/dist/gaia-ops/hooks/modules/core/plugin_mode.py +149 -0
package/dist/gaia-ops/hooks/modules/core/plugin_setup.py +558 -0
package/dist/gaia-ops/hooks/modules/core/state.py +179 -0
package/dist/gaia-ops/hooks/modules/core/stdin.py +24 -0
package/dist/gaia-ops/hooks/modules/events/__init__.py +1 -0
package/dist/gaia-ops/hooks/modules/events/event_writer.py +210 -0
package/dist/gaia-ops/hooks/modules/identity/__init__.py +0 -0
package/dist/gaia-ops/hooks/modules/identity/identity_provider.py +21 -0
package/dist/gaia-ops/hooks/modules/identity/ops_identity.py +34 -0
package/dist/gaia-ops/hooks/modules/identity/security_identity.py +10 -0
package/dist/gaia-ops/hooks/modules/memory/__init__.py +8 -0
package/dist/gaia-ops/hooks/modules/memory/episode_writer.py +227 -0
package/dist/gaia-ops/hooks/modules/orchestrator/__init__.py +1 -0
package/dist/gaia-ops/hooks/modules/orchestrator/delegate_mode.py +128 -0
package/dist/gaia-ops/hooks/modules/scanning/__init__.py +8 -0
package/dist/gaia-ops/hooks/modules/scanning/scan_trigger.py +84 -0
package/dist/gaia-ops/hooks/modules/security/__init__.py +89 -0
package/dist/gaia-ops/hooks/modules/security/approval_cleanup.py +87 -0
package/dist/gaia-ops/hooks/modules/security/approval_constants.py +23 -0
package/dist/gaia-ops/hooks/modules/security/approval_grants.py +912 -0
package/dist/gaia-ops/hooks/modules/security/approval_messages.py +71 -0
package/dist/gaia-ops/hooks/modules/security/approval_scopes.py +153 -0
package/dist/gaia-ops/hooks/modules/security/blocked_commands.py +584 -0
package/dist/gaia-ops/hooks/modules/security/blocked_message_formatter.py +86 -0
package/dist/gaia-ops/hooks/modules/security/command_semantics.py +130 -0
package/dist/gaia-ops/hooks/modules/security/gitops_validator.py +179 -0
package/dist/gaia-ops/hooks/modules/security/mutative_verbs.py +850 -0
package/dist/gaia-ops/hooks/modules/security/prompt_validator.py +40 -0
package/dist/gaia-ops/hooks/modules/security/tiers.py +196 -0
package/dist/gaia-ops/hooks/modules/session/__init__.py +10 -0
package/dist/gaia-ops/hooks/modules/session/session_context_writer.py +100 -0
package/dist/gaia-ops/hooks/modules/session/session_event_injector.py +158 -0
package/dist/gaia-ops/hooks/modules/session/session_manager.py +31 -0
package/dist/gaia-ops/hooks/modules/tools/__init__.py +25 -0
package/dist/gaia-ops/hooks/modules/tools/bash_validator.py +708 -0
package/dist/gaia-ops/hooks/modules/tools/cloud_pipe_validator.py +181 -0
package/dist/gaia-ops/hooks/modules/tools/hook_response.py +55 -0
package/dist/gaia-ops/hooks/modules/tools/shell_parser.py +227 -0
package/dist/gaia-ops/hooks/modules/tools/task_validator.py +283 -0
package/dist/gaia-ops/hooks/modules/validation/__init__.py +23 -0
package/dist/gaia-ops/hooks/modules/validation/commit_validator.py +380 -0
package/dist/gaia-ops/hooks/post_compact.py +43 -0
package/dist/gaia-ops/hooks/post_tool_use.py +54 -0
package/dist/gaia-ops/hooks/pre_tool_use.py +383 -0
package/dist/gaia-ops/hooks/session_start.py +69 -0
package/dist/gaia-ops/hooks/stop_hook.py +69 -0
package/dist/gaia-ops/hooks/subagent_start.py +71 -0
package/dist/gaia-ops/hooks/subagent_stop.py +288 -0
package/dist/gaia-ops/hooks/task_completed.py +70 -0
package/dist/gaia-ops/hooks/user_prompt_submit.py +177 -0
package/dist/gaia-ops/settings.json +72 -0
package/dist/gaia-ops/skills/README.md +109 -0
package/dist/gaia-ops/skills/agent-protocol/SKILL.md +105 -0
package/dist/gaia-ops/skills/agent-protocol/examples.md +170 -0
package/dist/gaia-ops/skills/agent-response/SKILL.md +53 -0
package/dist/gaia-ops/skills/approval/SKILL.md +85 -0
package/dist/gaia-ops/skills/approval/examples.md +140 -0
package/dist/gaia-ops/skills/approval/reference.md +57 -0
package/dist/gaia-ops/skills/command-execution/SKILL.md +64 -0
package/dist/gaia-ops/skills/command-execution/reference.md +83 -0
package/dist/gaia-ops/skills/context-updater/SKILL.md +76 -0
package/dist/gaia-ops/skills/context-updater/examples.md +71 -0
package/dist/gaia-ops/skills/developer-patterns/SKILL.md +93 -0
package/dist/gaia-ops/skills/developer-patterns/reference.md +112 -0
package/dist/gaia-ops/skills/execution/SKILL.md +66 -0
package/dist/gaia-ops/skills/fast-queries/SKILL.md +47 -0
package/dist/gaia-ops/skills/gaia-patterns/SKILL.md +92 -0
package/dist/gaia-ops/skills/gaia-patterns/reference.md +22 -0
package/dist/gaia-ops/skills/git-conventions/SKILL.md +48 -0
package/dist/gaia-ops/skills/gitops-patterns/SKILL.md +73 -0
package/dist/gaia-ops/skills/gitops-patterns/reference.md +183 -0
package/dist/gaia-ops/skills/investigation/SKILL.md +77 -0
package/dist/gaia-ops/skills/orchestrator-approval/SKILL.md +64 -0
package/dist/gaia-ops/skills/reference.md +134 -0
package/dist/gaia-ops/skills/security-tiers/SKILL.md +61 -0
package/dist/gaia-ops/skills/security-tiers/destructive-commands-reference.md +623 -0
package/dist/gaia-ops/skills/security-tiers/reference.md +39 -0
package/dist/gaia-ops/skills/skill-creation/SKILL.md +119 -0
package/dist/gaia-ops/skills/specification/SKILL.md +186 -0
package/dist/gaia-ops/skills/speckit-workflow/SKILL.md +165 -0
package/dist/gaia-ops/skills/speckit-workflow/reference.md +117 -0
package/dist/gaia-ops/skills/terraform-patterns/SKILL.md +63 -0
package/dist/gaia-ops/skills/terraform-patterns/reference.md +93 -0
package/dist/gaia-ops/speckit/README.md +516 -0
package/dist/gaia-ops/speckit/scripts/.gitkeep +0 -0
package/dist/gaia-ops/speckit/templates/adr-template.md +118 -0
package/dist/gaia-ops/speckit/templates/agent-file-template.md +23 -0
package/dist/gaia-ops/speckit/templates/plan-template.md +227 -0
package/dist/gaia-ops/speckit/templates/spec-template.md +140 -0
package/dist/gaia-ops/speckit/templates/tasks-template.md +257 -0
package/dist/gaia-ops/tools/context/README.md +132 -0
package/dist/gaia-ops/tools/context/__init__.py +42 -0
package/dist/gaia-ops/tools/context/_paths.py +20 -0
package/dist/gaia-ops/tools/context/context_provider.py +476 -0
package/dist/gaia-ops/tools/context/context_section_reader.py +330 -0
package/dist/gaia-ops/tools/context/deep_merge.py +159 -0
package/dist/gaia-ops/tools/context/pending_updates.py +760 -0
package/dist/gaia-ops/tools/context/surface_router.py +278 -0
package/dist/gaia-ops/tools/fast-queries/README.md +65 -0
package/dist/gaia-ops/tools/fast-queries/__init__.py +30 -0
package/dist/gaia-ops/tools/fast-queries/appservices/quicktriage_devops_developer.sh +75 -0
package/dist/gaia-ops/tools/fast-queries/cloud/aws/quicktriage_aws_troubleshooter.sh +32 -0
package/dist/gaia-ops/tools/fast-queries/cloud/gcp/quicktriage_gcp_troubleshooter.sh +88 -0
package/dist/gaia-ops/tools/fast-queries/gitops/quicktriage_gitops_operator.sh +48 -0
package/dist/gaia-ops/tools/fast-queries/run_triage.sh +59 -0
package/dist/gaia-ops/tools/fast-queries/terraform/quicktriage_terraform_architect.sh +80 -0
package/dist/gaia-ops/tools/gaia_simulator/__init__.py +33 -0
package/dist/gaia-ops/tools/gaia_simulator/cli.py +354 -0
package/dist/gaia-ops/tools/gaia_simulator/extractor.py +457 -0
package/dist/gaia-ops/tools/gaia_simulator/reporter.py +258 -0
package/dist/gaia-ops/tools/gaia_simulator/routing_simulator.py +334 -0
package/dist/gaia-ops/tools/gaia_simulator/runner.py +539 -0
package/dist/gaia-ops/tools/gaia_simulator/skills_mapper.py +262 -0
package/dist/gaia-ops/tools/memory/README.md +0 -0
package/dist/gaia-ops/tools/memory/__init__.py +20 -0
package/dist/gaia-ops/tools/memory/episodic.py +1196 -0
package/dist/gaia-ops/tools/persist_transcript_analysis.py +85 -0
package/dist/gaia-ops/tools/review/__init__.py +1 -0
package/dist/gaia-ops/tools/review/review_engine.py +157 -0
package/dist/gaia-ops/tools/scan/__init__.py +35 -0
package/dist/gaia-ops/tools/scan/config.py +247 -0
package/dist/gaia-ops/tools/scan/merge.py +212 -0
package/dist/gaia-ops/tools/scan/orchestrator.py +549 -0
package/dist/gaia-ops/tools/scan/registry.py +127 -0
package/dist/gaia-ops/tools/scan/scanners/__init__.py +18 -0
package/dist/gaia-ops/tools/scan/scanners/base.py +137 -0
package/dist/gaia-ops/tools/scan/scanners/environment.py +324 -0
package/dist/gaia-ops/tools/scan/scanners/git.py +570 -0
package/dist/gaia-ops/tools/scan/scanners/infrastructure.py +875 -0
package/dist/gaia-ops/tools/scan/scanners/orchestration.py +600 -0
package/dist/gaia-ops/tools/scan/scanners/stack.py +1085 -0
package/dist/gaia-ops/tools/scan/scanners/tools.py +260 -0
package/dist/gaia-ops/tools/scan/setup.py +753 -0
package/dist/gaia-ops/tools/scan/tests/__init__.py +1 -0
package/dist/gaia-ops/tools/scan/tests/conftest.py +796 -0
package/dist/gaia-ops/tools/scan/tests/test_environment.py +323 -0
package/dist/gaia-ops/tools/scan/tests/test_git.py +419 -0
package/dist/gaia-ops/tools/scan/tests/test_infrastructure.py +382 -0
package/dist/gaia-ops/tools/scan/tests/test_integration.py +920 -0
package/dist/gaia-ops/tools/scan/tests/test_merge.py +269 -0
package/dist/gaia-ops/tools/scan/tests/test_orchestration.py +304 -0
package/dist/gaia-ops/tools/scan/tests/test_stack.py +604 -0
package/dist/gaia-ops/tools/scan/tests/test_tools.py +349 -0
package/dist/gaia-ops/tools/scan/ui.py +624 -0
package/dist/gaia-ops/tools/scan/verify.py +266 -0
package/dist/gaia-ops/tools/scan/walk.py +118 -0
package/dist/gaia-ops/tools/scan/workspace.py +85 -0
package/dist/gaia-ops/tools/validation/README.md +244 -0
package/dist/gaia-ops/tools/validation/__init__.py +17 -0
package/dist/gaia-ops/tools/validation/approval_gate.py +321 -0
package/dist/gaia-ops/tools/validation/validate_skills.py +189 -0
package/dist/gaia-security/.claude-plugin/plugin.json +22 -0
package/dist/gaia-security/config/universal-rules.json +10 -0
package/dist/gaia-security/hooks/adapters/__init__.py +52 -0
package/dist/gaia-security/hooks/adapters/base.py +219 -0
package/dist/gaia-security/hooks/adapters/channel.py +17 -0
package/dist/gaia-security/hooks/adapters/claude_code.py +1477 -0
package/dist/gaia-security/hooks/adapters/types.py +194 -0
package/dist/gaia-security/hooks/adapters/utils.py +25 -0
package/dist/gaia-security/hooks/hooks.json +57 -0
package/dist/gaia-security/hooks/modules/__init__.py +15 -0
package/dist/gaia-security/hooks/modules/agents/__init__.py +29 -0
package/dist/gaia-security/hooks/modules/agents/contract_validator.py +647 -0
package/dist/gaia-security/hooks/modules/agents/response_contract.py +496 -0
package/dist/gaia-security/hooks/modules/agents/skill_injection_verifier.py +124 -0
package/dist/gaia-security/hooks/modules/agents/task_info_builder.py +74 -0
package/dist/gaia-security/hooks/modules/agents/transcript_analyzer.py +458 -0
package/dist/gaia-security/hooks/modules/agents/transcript_reader.py +152 -0
package/dist/gaia-security/hooks/modules/audit/__init__.py +28 -0
package/dist/gaia-security/hooks/modules/audit/event_detector.py +168 -0
package/dist/gaia-security/hooks/modules/audit/logger.py +131 -0
package/dist/gaia-security/hooks/modules/audit/metrics.py +134 -0
package/dist/gaia-security/hooks/modules/audit/workflow_auditor.py +576 -0
package/dist/gaia-security/hooks/modules/audit/workflow_recorder.py +296 -0
package/dist/gaia-security/hooks/modules/context/__init__.py +11 -0
package/dist/gaia-security/hooks/modules/context/anchor_tracker.py +317 -0
package/dist/gaia-security/hooks/modules/context/compact_context_builder.py +215 -0
package/dist/gaia-security/hooks/modules/context/context_cache.py +129 -0
package/dist/gaia-security/hooks/modules/context/context_freshness.py +145 -0
package/dist/gaia-security/hooks/modules/context/context_injector.py +427 -0
package/dist/gaia-security/hooks/modules/context/context_writer.py +518 -0
package/dist/gaia-security/hooks/modules/context/contracts_loader.py +161 -0
package/dist/gaia-security/hooks/modules/core/__init__.py +40 -0
package/dist/gaia-security/hooks/modules/core/hook_entry.py +78 -0
package/dist/gaia-security/hooks/modules/core/paths.py +160 -0
package/dist/gaia-security/hooks/modules/core/plugin_mode.py +149 -0
package/dist/gaia-security/hooks/modules/core/plugin_setup.py +558 -0
package/dist/gaia-security/hooks/modules/core/state.py +179 -0
package/dist/gaia-security/hooks/modules/core/stdin.py +24 -0
package/dist/gaia-security/hooks/modules/events/__init__.py +1 -0
package/dist/gaia-security/hooks/modules/events/event_writer.py +210 -0
package/dist/gaia-security/hooks/modules/identity/__init__.py +0 -0
package/dist/gaia-security/hooks/modules/identity/identity_provider.py +21 -0
package/dist/gaia-security/hooks/modules/identity/ops_identity.py +34 -0
package/dist/gaia-security/hooks/modules/identity/security_identity.py +10 -0
package/dist/gaia-security/hooks/modules/memory/__init__.py +8 -0
package/dist/gaia-security/hooks/modules/memory/episode_writer.py +227 -0
package/dist/gaia-security/hooks/modules/orchestrator/__init__.py +1 -0
package/dist/gaia-security/hooks/modules/orchestrator/delegate_mode.py +128 -0
package/dist/gaia-security/hooks/modules/scanning/__init__.py +8 -0
package/dist/gaia-security/hooks/modules/scanning/scan_trigger.py +84 -0
package/dist/gaia-security/hooks/modules/security/__init__.py +89 -0
package/dist/gaia-security/hooks/modules/security/approval_cleanup.py +87 -0
package/dist/gaia-security/hooks/modules/security/approval_constants.py +23 -0
package/dist/gaia-security/hooks/modules/security/approval_grants.py +912 -0
package/dist/gaia-security/hooks/modules/security/approval_messages.py +71 -0
package/dist/gaia-security/hooks/modules/security/approval_scopes.py +153 -0
package/dist/gaia-security/hooks/modules/security/blocked_commands.py +584 -0
package/dist/gaia-security/hooks/modules/security/blocked_message_formatter.py +86 -0
package/dist/gaia-security/hooks/modules/security/command_semantics.py +130 -0
package/dist/gaia-security/hooks/modules/security/gitops_validator.py +179 -0
package/dist/gaia-security/hooks/modules/security/mutative_verbs.py +850 -0
package/dist/gaia-security/hooks/modules/security/prompt_validator.py +40 -0
package/dist/gaia-security/hooks/modules/security/tiers.py +196 -0
package/dist/gaia-security/hooks/modules/session/__init__.py +10 -0
package/dist/gaia-security/hooks/modules/session/session_context_writer.py +100 -0
package/dist/gaia-security/hooks/modules/session/session_event_injector.py +158 -0
package/dist/gaia-security/hooks/modules/session/session_manager.py +31 -0
package/dist/gaia-security/hooks/modules/tools/__init__.py +25 -0
package/dist/gaia-security/hooks/modules/tools/bash_validator.py +708 -0
package/dist/gaia-security/hooks/modules/tools/cloud_pipe_validator.py +181 -0
package/dist/gaia-security/hooks/modules/tools/hook_response.py +55 -0
package/dist/gaia-security/hooks/modules/tools/shell_parser.py +227 -0
package/dist/gaia-security/hooks/modules/tools/task_validator.py +283 -0
package/dist/gaia-security/hooks/modules/validation/__init__.py +23 -0
package/dist/gaia-security/hooks/modules/validation/commit_validator.py +380 -0
package/dist/gaia-security/hooks/post_tool_use.py +54 -0
package/dist/gaia-security/hooks/pre_tool_use.py +383 -0
package/dist/gaia-security/hooks/session_start.py +69 -0
package/dist/gaia-security/hooks/stop_hook.py +69 -0
package/dist/gaia-security/hooks/user_prompt_submit.py +177 -0
package/dist/gaia-security/settings.json +58 -0
package/git-hooks/commit-msg +41 -0
package/hooks/README.md +8 -6
package/hooks/adapters/channel.py +0 -25
package/hooks/adapters/claude_code.py +364 -125
package/hooks/elicitation_result.py +132 -0
package/hooks/hooks.json +10 -1
package/hooks/modules/README.md +3 -2
package/hooks/modules/agents/contract_validator.py +3 -51
package/hooks/modules/agents/response_contract.py +4 -8
package/hooks/modules/agents/transcript_reader.py +4 -5
package/hooks/modules/audit/__init__.py +4 -6
package/hooks/modules/audit/event_detector.py +0 -2
package/hooks/modules/audit/metrics.py +108 -187
package/hooks/modules/audit/workflow_auditor.py +0 -4
package/hooks/modules/audit/workflow_recorder.py +0 -5
package/hooks/modules/context/compact_context_builder.py +1 -0
package/hooks/modules/context/context_cache.py +129 -0
package/hooks/modules/context/context_injector.py +18 -40
package/hooks/modules/context/context_writer.py +1 -25
package/hooks/modules/context/contracts_loader.py +7 -10
package/hooks/modules/core/hook_entry.py +1 -0
package/hooks/modules/core/paths.py +12 -13
package/hooks/modules/core/plugin_mode.py +74 -4
package/hooks/modules/core/plugin_setup.py +395 -23
package/hooks/modules/events/__init__.py +1 -0
package/hooks/modules/events/event_writer.py +210 -0
package/hooks/modules/identity/ops_identity.py +18 -27
package/hooks/modules/memory/episode_writer.py +1 -6
package/hooks/modules/orchestrator/__init__.py +1 -0
package/hooks/modules/orchestrator/delegate_mode.py +128 -0
package/hooks/modules/security/__init__.py +2 -4
package/hooks/modules/security/approval_constants.py +5 -1
package/hooks/modules/security/approval_grants.py +189 -6
package/hooks/modules/security/approval_messages.py +9 -21
package/hooks/modules/security/blocked_commands.py +98 -34
package/hooks/modules/security/command_semantics.py +0 -4
package/hooks/modules/security/gitops_validator.py +1 -11
package/hooks/modules/security/mutative_verbs.py +179 -38
package/hooks/modules/security/tiers.py +1 -19
package/hooks/modules/session/session_event_injector.py +1 -25
package/hooks/modules/tools/bash_validator.py +310 -94
package/hooks/modules/tools/shell_parser.py +0 -1
package/hooks/modules/tools/task_validator.py +9 -29
package/hooks/post_tool_use.py +0 -72
package/hooks/pre_tool_use.py +42 -102
package/hooks/session_start.py +4 -2
package/hooks/subagent_start.py +6 -2
package/hooks/subagent_stop.py +1 -13
package/hooks/user_prompt_submit.py +119 -37
package/index.js +1 -1
package/package.json +5 -3
package/skills/README.md +3 -5
package/skills/agent-protocol/SKILL.md +17 -16
package/skills/agent-protocol/examples.md +6 -6
package/skills/agent-response/SKILL.md +11 -14
package/skills/approval/SKILL.md +28 -13
package/skills/approval/reference.md +2 -2
package/skills/execution/SKILL.md +1 -1
package/skills/gaia-patterns/SKILL.md +2 -3
package/skills/orchestrator-approval/SKILL.md +22 -50
package/skills/security-tiers/SKILL.md +1 -1
package/templates/README.md +9 -9
package/templates/managed-settings.template.json +43 -0
package/tools/gaia_simulator/runner.py +34 -1
package/tools/scan/orchestrator.py +13 -0
package/tools/scan/scanners/base.py +8 -0
package/tools/scan/scanners/git.py +78 -0
package/tools/scan/scanners/infrastructure.py +65 -0
package/tools/scan/scanners/stack.py +110 -0
package/tools/scan/setup.py +120 -13
package/tools/scan/workspace.py +85 -0
package/config/context-contracts.aws.json +0 -42
package/config/context-contracts.gcp.json +0 -39
package/skills/project-dispatch/SKILL.md +0 -34
package/templates/settings.template.json +0 -226

package/dist/gaia-ops/tools/scan/scanners/tools.py ADDED Viewed

@@ -0,0 +1,260 @@
+"""
+Tool Scanner Module
+Scans PATH for CLI tools defined in TOOL_DEFINITIONS, detects presence via
+`shutil.which`, extracts version via `<tool> --version` with 2-second timeout,
+and builds the tool_preferences map based on preference_priority.
+Performance: Uses shutil.which (pure Python) instead of subprocess for path
+detection, and ThreadPoolExecutor for parallel version probing.
+Safety constraints:
+- Uses `shutil.which` for detection (pure Python, no subprocess)
+- Uses `subprocess.run(timeout=2)` for --version
+- Tool that hangs or fails --version gets version "unknown"
+- Does NOT execute any tool beyond --version
+- All calls are READ-ONLY, no state modification
+"""
+import logging
+import re
+import shutil
+import subprocess
+import time
+from concurrent.futures import ThreadPoolExecutor, as_completed
+from pathlib import Path
+from typing import Any, Dict, List, Optional
+from tools.scan.config import TOOL_DEFINITIONS, ToolDefinition
+# Default tool list excludes extended tools; use get_tool_definitions(full=True)
+# to include all tools.
+def get_tool_definitions(full: bool = False) -> list:
+    """Return tool definitions, optionally including extended (low-value) tools."""
+    if full:
+        return TOOL_DEFINITIONS
+    return [td for td in TOOL_DEFINITIONS if not td.extended]
+from tools.scan.scanners.base import BaseScanner, ScanResult
+logger = logging.getLogger(__name__)
+# Timeout in seconds for --version subprocess calls
+_VERSION_TIMEOUT = 2
+# Max parallel workers for tool probing
+_MAX_WORKERS = 10
+class ToolScanner(BaseScanner):
+    """Scanner that detects CLI tools available on PATH.
+    Uses shutil.which for fast path detection (no subprocess), then probes
+    found tools in parallel with ThreadPoolExecutor for version extraction.
+    Produces:
+        environment.tools: List of detected tool dicts
+        environment.tool_preferences: Map of preference keys to winning tool names
+    """
+    @property
+    def SCANNER_NAME(self) -> str:
+        return "tools"
+    @property
+    def SCANNER_VERSION(self) -> str:
+        return "1.1.0"
+    @property
+    def OWNED_SECTIONS(self) -> List[str]:
+        return ["environment.tools", "environment.tool_preferences"]
+    # Class-level flag: set to True before instantiation to scan extended tools.
+    # This allows the registry auto-discovery to work with default args while
+    # still supporting the --full CLI flag.
+    scan_extended: bool = False
+    def __init__(self, full: bool = False) -> None:
+        """Initialize ToolScanner.
+        Args:
+            full: If True, scan all tools including extended (low-value) ones.
+                  Also checks class-level scan_extended flag.
+        """
+        self._full = full or ToolScanner.scan_extended
+    def scan(self, root: Path) -> ScanResult:
+        """Scan PATH for CLI tools and build tool_preferences.
+        Args:
+            root: Absolute path to the project root (unused by this scanner).
+        Returns:
+            ScanResult with environment section containing tools and tool_preferences.
+        """
+        start = time.monotonic()
+        warnings: List[str] = []
+        tools: List[Dict[str, str]] = []
+        # preference_key -> (tool_name, priority)
+        preference_winners: Dict[str, tuple[str, int]] = {}
+        tool_defs = get_tool_definitions(full=self._full)
+        # Parallel tool probing with ThreadPoolExecutor
+        with ThreadPoolExecutor(max_workers=_MAX_WORKERS) as pool:
+            futures = {
+                pool.submit(self._probe_tool, td): td
+                for td in tool_defs
+            }
+            for future in as_completed(futures):
+                tool_def = futures[future]
+                try:
+                    tool_info = future.result()
+                except Exception as exc:
+                    logger.warning("Failed to probe tool '%s': %s", tool_def.name, exc)
+                    warnings.append(f"Failed to probe {tool_def.name}: {exc}")
+                    continue
+                if tool_info is None:
+                    continue
+                tools.append(tool_info)
+                # Update preference map if this tool has a preference_key
+                # Deterministic tiebreaker: when priority is equal, first
+                # alphabetically wins (prevents race condition in parallel execution)
+                if tool_def.preference_key is not None:
+                    current = preference_winners.get(tool_def.preference_key)
+                    if current is None:
+                        preference_winners[tool_def.preference_key] = (
+                            tool_def.name,
+                            tool_def.preference_priority,
+                        )
+                    elif tool_def.preference_priority > current[1]:
+                        preference_winners[tool_def.preference_key] = (
+                            tool_def.name,
+                            tool_def.preference_priority,
+                        )
+                    elif tool_def.preference_priority == current[1] and tool_def.name < current[0]:
+                        # Same priority: alphabetically first wins for determinism
+                        preference_winners[tool_def.preference_key] = (
+                            tool_def.name,
+                            tool_def.preference_priority,
+                        )
+        # Sort tools by name for deterministic output
+        tools.sort(key=lambda t: t["name"])
+        # Build tool_preferences from winners (value is tool name or None)
+        # Collect all known preference keys from scanned tool definitions
+        all_preference_keys = {
+            td.preference_key
+            for td in tool_defs
+            if td.preference_key is not None
+        }
+        tool_preferences: Dict[str, Optional[str]] = {}
+        for key in sorted(all_preference_keys):
+            winner = preference_winners.get(key)
+            tool_preferences[key] = winner[0] if winner else None
+        elapsed_ms = (time.monotonic() - start) * 1000
+        sections: Dict[str, Any] = {
+            "environment": {
+                "tools": tools,
+                "tool_preferences": tool_preferences,
+            },
+        }
+        return self.make_result(
+            sections=sections,
+            warnings=warnings if warnings else None,
+            duration_ms=round(elapsed_ms, 2),
+        )
+    # ------------------------------------------------------------------
+    # Private helpers
+    # ------------------------------------------------------------------
+    def _probe_tool(self, tool_def: ToolDefinition) -> Optional[Dict[str, str]]:
+        """Probe a single tool: check presence via shutil.which, extract version.
+        Args:
+            tool_def: Tool definition from TOOL_DEFINITIONS.
+        Returns:
+            Dict with name, path, version, category -- or None if not found.
+        """
+        tool_path = self._detect_path(tool_def.name)
+        if tool_path is None:
+            return None
+        version = self._extract_version(tool_path, tool_def.version_flag, tool_def.version_regex)
+        return {
+            "name": tool_def.name,
+            "path": tool_path,
+            "version": version,
+            "category": tool_def.category.value,
+        }
+    @staticmethod
+    def _detect_path(name: str) -> Optional[str]:
+        """Detect tool presence using shutil.which (pure Python, no subprocess).
+        Args:
+            name: Binary name to look up.
+        Returns:
+            Absolute path string, or None if not found.
+        """
+        path = shutil.which(name)
+        if path:
+            return path
+        return None
+    @staticmethod
+    def _extract_version(
+        tool_path: str,
+        version_flag: str,
+        version_regex: Optional[str],
+    ) -> str:
+        """Extract version string from tool --version output.
+        Args:
+            tool_path: Absolute path to the tool binary.
+            version_flag: CLI flag to get version (e.g. --version).
+            version_regex: Optional regex to extract version from output.
+        Returns:
+            Version string, or "unknown" on failure/timeout.
+        """
+        try:
+            # Split version_flag to support multi-word flags like "version --client"
+            cmd = [tool_path] + version_flag.split()
+            result = subprocess.run(
+                cmd,
+                capture_output=True,
+                text=True,
+                timeout=_VERSION_TIMEOUT,
+            )
+            # Accept both stdout and stderr (many tools print version to stderr)
+            output = result.stdout.strip() or result.stderr.strip()
+            if result.returncode != 0 or not output:
+                return "unknown"
+            if version_regex:
+                match = re.search(version_regex, output)
+                if match:
+                    return match.group(1) if match.lastindex else match.group(0)
+                return "unknown"
+            # Default: return the first line
+            return output.splitlines()[0].strip()
+        except subprocess.TimeoutExpired:
+            logger.debug("Timeout getting version for %s", tool_path)
+            return "unknown"
+        except (OSError, ValueError) as exc:
+            logger.debug("Failed to get version for %s: %s", tool_path, exc)
+            return "unknown"