npm - @jaguilar87/gaia-ops - Versions diffs - 4.4.0 → 4.7.2 - Mend

@jaguilar87/gaia-ops 4.4.0 → 4.7.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (371) hide show

package/.claude-plugin/marketplace.json +1 -1
package/.claude-plugin/plugin.json +12 -3
package/ARCHITECTURE.md +9 -8
package/CHANGELOG.md +34 -0
package/README.md +43 -11
package/agents/terraform-architect.md +1 -1
package/bin/README.md +2 -2
package/bin/gaia-doctor.js +18 -5
package/bin/gaia-history.js +0 -1
package/bin/gaia-metrics.js +2 -2
package/bin/gaia-scan.py +23 -1
package/bin/gaia-update.js +346 -54
package/bin/pre-publish-validate.js +33 -10
package/commands/gaia.md +37 -0
package/config/README.md +3 -9
package/config/context-contracts.json +47 -15
package/config/surface-routing.json +9 -1
package/dist/gaia-ops/.claude-plugin/plugin.json +22 -0
package/dist/gaia-ops/agents/cloud-troubleshooter.md +73 -0
package/dist/gaia-ops/agents/devops-developer.md +57 -0
package/dist/gaia-ops/agents/gaia-system.md +58 -0
package/dist/gaia-ops/agents/gitops-operator.md +60 -0
package/dist/gaia-ops/agents/speckit-planner.md +71 -0
package/dist/gaia-ops/agents/terraform-architect.md +60 -0
package/dist/gaia-ops/commands/gaia.md +37 -0
package/dist/gaia-ops/config/README.md +58 -0
package/dist/gaia-ops/config/cloud/aws.json +140 -0
package/dist/gaia-ops/config/cloud/gcp.json +145 -0
package/dist/gaia-ops/config/context-contracts.json +131 -0
package/dist/gaia-ops/config/git_standards.json +72 -0
package/dist/gaia-ops/config/surface-routing.json +197 -0
package/dist/gaia-ops/config/universal-rules.json +10 -0
package/dist/gaia-ops/hooks/adapters/__init__.py +52 -0
package/dist/gaia-ops/hooks/adapters/base.py +219 -0
package/dist/gaia-ops/hooks/adapters/channel.py +17 -0
package/dist/gaia-ops/hooks/adapters/claude_code.py +1477 -0
package/dist/gaia-ops/hooks/adapters/types.py +194 -0
package/dist/gaia-ops/hooks/adapters/utils.py +25 -0
package/dist/gaia-ops/hooks/hooks.json +126 -0
package/dist/gaia-ops/hooks/modules/__init__.py +15 -0
package/dist/gaia-ops/hooks/modules/agents/__init__.py +29 -0
package/dist/gaia-ops/hooks/modules/agents/contract_validator.py +647 -0
package/dist/gaia-ops/hooks/modules/agents/response_contract.py +496 -0
package/dist/gaia-ops/hooks/modules/agents/skill_injection_verifier.py +124 -0
package/dist/gaia-ops/hooks/modules/agents/task_info_builder.py +74 -0
package/dist/gaia-ops/hooks/modules/agents/transcript_analyzer.py +458 -0
package/dist/gaia-ops/hooks/modules/agents/transcript_reader.py +152 -0
package/dist/gaia-ops/hooks/modules/audit/__init__.py +28 -0
package/dist/gaia-ops/hooks/modules/audit/event_detector.py +168 -0
package/dist/gaia-ops/hooks/modules/audit/logger.py +131 -0
package/dist/gaia-ops/hooks/modules/audit/metrics.py +134 -0
package/dist/gaia-ops/hooks/modules/audit/workflow_auditor.py +576 -0
package/dist/gaia-ops/hooks/modules/audit/workflow_recorder.py +296 -0
package/dist/gaia-ops/hooks/modules/context/__init__.py +11 -0
package/dist/gaia-ops/hooks/modules/context/anchor_tracker.py +317 -0
package/dist/gaia-ops/hooks/modules/context/compact_context_builder.py +215 -0
package/dist/gaia-ops/hooks/modules/context/context_cache.py +129 -0
package/dist/gaia-ops/hooks/modules/context/context_freshness.py +145 -0
package/dist/gaia-ops/hooks/modules/context/context_injector.py +427 -0
package/dist/gaia-ops/hooks/modules/context/context_writer.py +518 -0
package/dist/gaia-ops/hooks/modules/context/contracts_loader.py +161 -0
package/dist/gaia-ops/hooks/modules/core/__init__.py +40 -0
package/dist/gaia-ops/hooks/modules/core/hook_entry.py +78 -0
package/dist/gaia-ops/hooks/modules/core/paths.py +160 -0
package/dist/gaia-ops/hooks/modules/core/plugin_mode.py +149 -0
package/dist/gaia-ops/hooks/modules/core/plugin_setup.py +558 -0
package/dist/gaia-ops/hooks/modules/core/state.py +179 -0
package/dist/gaia-ops/hooks/modules/core/stdin.py +24 -0
package/dist/gaia-ops/hooks/modules/events/__init__.py +1 -0
package/dist/gaia-ops/hooks/modules/events/event_writer.py +210 -0
package/dist/gaia-ops/hooks/modules/identity/__init__.py +0 -0
package/dist/gaia-ops/hooks/modules/identity/identity_provider.py +21 -0
package/dist/gaia-ops/hooks/modules/identity/ops_identity.py +34 -0
package/dist/gaia-ops/hooks/modules/identity/security_identity.py +10 -0
package/dist/gaia-ops/hooks/modules/memory/__init__.py +8 -0
package/dist/gaia-ops/hooks/modules/memory/episode_writer.py +227 -0
package/dist/gaia-ops/hooks/modules/orchestrator/__init__.py +1 -0
package/dist/gaia-ops/hooks/modules/orchestrator/delegate_mode.py +128 -0
package/dist/gaia-ops/hooks/modules/scanning/__init__.py +8 -0
package/dist/gaia-ops/hooks/modules/scanning/scan_trigger.py +84 -0
package/dist/gaia-ops/hooks/modules/security/__init__.py +89 -0
package/dist/gaia-ops/hooks/modules/security/approval_cleanup.py +87 -0
package/dist/gaia-ops/hooks/modules/security/approval_constants.py +23 -0
package/dist/gaia-ops/hooks/modules/security/approval_grants.py +912 -0
package/dist/gaia-ops/hooks/modules/security/approval_messages.py +71 -0
package/dist/gaia-ops/hooks/modules/security/approval_scopes.py +153 -0
package/dist/gaia-ops/hooks/modules/security/blocked_commands.py +584 -0
package/dist/gaia-ops/hooks/modules/security/blocked_message_formatter.py +86 -0
package/dist/gaia-ops/hooks/modules/security/command_semantics.py +130 -0
package/dist/gaia-ops/hooks/modules/security/gitops_validator.py +179 -0
package/dist/gaia-ops/hooks/modules/security/mutative_verbs.py +850 -0
package/dist/gaia-ops/hooks/modules/security/prompt_validator.py +40 -0
package/dist/gaia-ops/hooks/modules/security/tiers.py +196 -0
package/dist/gaia-ops/hooks/modules/session/__init__.py +10 -0
package/dist/gaia-ops/hooks/modules/session/session_context_writer.py +100 -0
package/dist/gaia-ops/hooks/modules/session/session_event_injector.py +158 -0
package/dist/gaia-ops/hooks/modules/session/session_manager.py +31 -0
package/dist/gaia-ops/hooks/modules/tools/__init__.py +25 -0
package/dist/gaia-ops/hooks/modules/tools/bash_validator.py +708 -0
package/dist/gaia-ops/hooks/modules/tools/cloud_pipe_validator.py +181 -0
package/dist/gaia-ops/hooks/modules/tools/hook_response.py +55 -0
package/dist/gaia-ops/hooks/modules/tools/shell_parser.py +227 -0
package/dist/gaia-ops/hooks/modules/tools/task_validator.py +283 -0
package/dist/gaia-ops/hooks/modules/validation/__init__.py +23 -0
package/dist/gaia-ops/hooks/modules/validation/commit_validator.py +380 -0
package/dist/gaia-ops/hooks/post_compact.py +43 -0
package/dist/gaia-ops/hooks/post_tool_use.py +54 -0
package/dist/gaia-ops/hooks/pre_tool_use.py +383 -0
package/dist/gaia-ops/hooks/session_start.py +69 -0
package/dist/gaia-ops/hooks/stop_hook.py +69 -0
package/dist/gaia-ops/hooks/subagent_start.py +71 -0
package/dist/gaia-ops/hooks/subagent_stop.py +288 -0
package/dist/gaia-ops/hooks/task_completed.py +70 -0
package/dist/gaia-ops/hooks/user_prompt_submit.py +177 -0
package/dist/gaia-ops/settings.json +72 -0
package/dist/gaia-ops/skills/README.md +109 -0
package/dist/gaia-ops/skills/agent-protocol/SKILL.md +105 -0
package/dist/gaia-ops/skills/agent-protocol/examples.md +170 -0
package/dist/gaia-ops/skills/agent-response/SKILL.md +53 -0
package/dist/gaia-ops/skills/approval/SKILL.md +85 -0
package/dist/gaia-ops/skills/approval/examples.md +140 -0
package/dist/gaia-ops/skills/approval/reference.md +57 -0
package/dist/gaia-ops/skills/command-execution/SKILL.md +64 -0
package/dist/gaia-ops/skills/command-execution/reference.md +83 -0
package/dist/gaia-ops/skills/context-updater/SKILL.md +76 -0
package/dist/gaia-ops/skills/context-updater/examples.md +71 -0
package/dist/gaia-ops/skills/developer-patterns/SKILL.md +93 -0
package/dist/gaia-ops/skills/developer-patterns/reference.md +112 -0
package/dist/gaia-ops/skills/execution/SKILL.md +66 -0
package/dist/gaia-ops/skills/fast-queries/SKILL.md +47 -0
package/dist/gaia-ops/skills/gaia-patterns/SKILL.md +92 -0
package/dist/gaia-ops/skills/gaia-patterns/reference.md +22 -0
package/dist/gaia-ops/skills/git-conventions/SKILL.md +48 -0
package/dist/gaia-ops/skills/gitops-patterns/SKILL.md +73 -0
package/dist/gaia-ops/skills/gitops-patterns/reference.md +183 -0
package/dist/gaia-ops/skills/investigation/SKILL.md +77 -0
package/dist/gaia-ops/skills/orchestrator-approval/SKILL.md +64 -0
package/dist/gaia-ops/skills/reference.md +134 -0
package/dist/gaia-ops/skills/security-tiers/SKILL.md +61 -0
package/dist/gaia-ops/skills/security-tiers/destructive-commands-reference.md +623 -0
package/dist/gaia-ops/skills/security-tiers/reference.md +39 -0
package/dist/gaia-ops/skills/skill-creation/SKILL.md +119 -0
package/dist/gaia-ops/skills/specification/SKILL.md +186 -0
package/dist/gaia-ops/skills/speckit-workflow/SKILL.md +165 -0
package/dist/gaia-ops/skills/speckit-workflow/reference.md +117 -0
package/dist/gaia-ops/skills/terraform-patterns/SKILL.md +63 -0
package/dist/gaia-ops/skills/terraform-patterns/reference.md +93 -0
package/dist/gaia-ops/speckit/README.md +516 -0
package/dist/gaia-ops/speckit/scripts/.gitkeep +0 -0
package/dist/gaia-ops/speckit/templates/adr-template.md +118 -0
package/dist/gaia-ops/speckit/templates/agent-file-template.md +23 -0
package/dist/gaia-ops/speckit/templates/plan-template.md +227 -0
package/dist/gaia-ops/speckit/templates/spec-template.md +140 -0
package/dist/gaia-ops/speckit/templates/tasks-template.md +257 -0
package/dist/gaia-ops/tools/context/README.md +132 -0
package/dist/gaia-ops/tools/context/__init__.py +42 -0
package/dist/gaia-ops/tools/context/_paths.py +20 -0
package/dist/gaia-ops/tools/context/context_provider.py +476 -0
package/dist/gaia-ops/tools/context/context_section_reader.py +330 -0
package/dist/gaia-ops/tools/context/deep_merge.py +159 -0
package/dist/gaia-ops/tools/context/pending_updates.py +760 -0
package/dist/gaia-ops/tools/context/surface_router.py +278 -0
package/dist/gaia-ops/tools/fast-queries/README.md +65 -0
package/dist/gaia-ops/tools/fast-queries/__init__.py +30 -0
package/dist/gaia-ops/tools/fast-queries/appservices/quicktriage_devops_developer.sh +75 -0
package/dist/gaia-ops/tools/fast-queries/cloud/aws/quicktriage_aws_troubleshooter.sh +32 -0
package/dist/gaia-ops/tools/fast-queries/cloud/gcp/quicktriage_gcp_troubleshooter.sh +88 -0
package/dist/gaia-ops/tools/fast-queries/gitops/quicktriage_gitops_operator.sh +48 -0
package/dist/gaia-ops/tools/fast-queries/run_triage.sh +59 -0
package/dist/gaia-ops/tools/fast-queries/terraform/quicktriage_terraform_architect.sh +80 -0
package/dist/gaia-ops/tools/gaia_simulator/__init__.py +33 -0
package/dist/gaia-ops/tools/gaia_simulator/cli.py +354 -0
package/dist/gaia-ops/tools/gaia_simulator/extractor.py +457 -0
package/dist/gaia-ops/tools/gaia_simulator/reporter.py +258 -0
package/dist/gaia-ops/tools/gaia_simulator/routing_simulator.py +334 -0
package/dist/gaia-ops/tools/gaia_simulator/runner.py +539 -0
package/dist/gaia-ops/tools/gaia_simulator/skills_mapper.py +262 -0
package/dist/gaia-ops/tools/memory/README.md +0 -0
package/dist/gaia-ops/tools/memory/__init__.py +20 -0
package/dist/gaia-ops/tools/memory/episodic.py +1196 -0
package/dist/gaia-ops/tools/persist_transcript_analysis.py +85 -0
package/dist/gaia-ops/tools/review/__init__.py +1 -0
package/dist/gaia-ops/tools/review/review_engine.py +157 -0
package/dist/gaia-ops/tools/scan/__init__.py +35 -0
package/dist/gaia-ops/tools/scan/config.py +247 -0
package/dist/gaia-ops/tools/scan/merge.py +212 -0
package/dist/gaia-ops/tools/scan/orchestrator.py +549 -0
package/dist/gaia-ops/tools/scan/registry.py +127 -0
package/dist/gaia-ops/tools/scan/scanners/__init__.py +18 -0
package/dist/gaia-ops/tools/scan/scanners/base.py +137 -0
package/dist/gaia-ops/tools/scan/scanners/environment.py +324 -0
package/dist/gaia-ops/tools/scan/scanners/git.py +570 -0
package/dist/gaia-ops/tools/scan/scanners/infrastructure.py +875 -0
package/dist/gaia-ops/tools/scan/scanners/orchestration.py +600 -0
package/dist/gaia-ops/tools/scan/scanners/stack.py +1085 -0
package/dist/gaia-ops/tools/scan/scanners/tools.py +260 -0
package/dist/gaia-ops/tools/scan/setup.py +753 -0
package/dist/gaia-ops/tools/scan/tests/__init__.py +1 -0
package/dist/gaia-ops/tools/scan/tests/conftest.py +796 -0
package/dist/gaia-ops/tools/scan/tests/test_environment.py +323 -0
package/dist/gaia-ops/tools/scan/tests/test_git.py +419 -0
package/dist/gaia-ops/tools/scan/tests/test_infrastructure.py +382 -0
package/dist/gaia-ops/tools/scan/tests/test_integration.py +920 -0
package/dist/gaia-ops/tools/scan/tests/test_merge.py +269 -0
package/dist/gaia-ops/tools/scan/tests/test_orchestration.py +304 -0
package/dist/gaia-ops/tools/scan/tests/test_stack.py +604 -0
package/dist/gaia-ops/tools/scan/tests/test_tools.py +349 -0
package/dist/gaia-ops/tools/scan/ui.py +624 -0
package/dist/gaia-ops/tools/scan/verify.py +266 -0
package/dist/gaia-ops/tools/scan/walk.py +118 -0
package/dist/gaia-ops/tools/scan/workspace.py +85 -0
package/dist/gaia-ops/tools/validation/README.md +244 -0
package/dist/gaia-ops/tools/validation/__init__.py +17 -0
package/dist/gaia-ops/tools/validation/approval_gate.py +321 -0
package/dist/gaia-ops/tools/validation/validate_skills.py +189 -0
package/dist/gaia-security/.claude-plugin/plugin.json +22 -0
package/dist/gaia-security/config/universal-rules.json +10 -0
package/dist/gaia-security/hooks/adapters/__init__.py +52 -0
package/dist/gaia-security/hooks/adapters/base.py +219 -0
package/dist/gaia-security/hooks/adapters/channel.py +17 -0
package/dist/gaia-security/hooks/adapters/claude_code.py +1477 -0
package/dist/gaia-security/hooks/adapters/types.py +194 -0
package/dist/gaia-security/hooks/adapters/utils.py +25 -0
package/dist/gaia-security/hooks/hooks.json +57 -0
package/dist/gaia-security/hooks/modules/__init__.py +15 -0
package/dist/gaia-security/hooks/modules/agents/__init__.py +29 -0
package/dist/gaia-security/hooks/modules/agents/contract_validator.py +647 -0
package/dist/gaia-security/hooks/modules/agents/response_contract.py +496 -0
package/dist/gaia-security/hooks/modules/agents/skill_injection_verifier.py +124 -0
package/dist/gaia-security/hooks/modules/agents/task_info_builder.py +74 -0
package/dist/gaia-security/hooks/modules/agents/transcript_analyzer.py +458 -0
package/dist/gaia-security/hooks/modules/agents/transcript_reader.py +152 -0
package/dist/gaia-security/hooks/modules/audit/__init__.py +28 -0
package/dist/gaia-security/hooks/modules/audit/event_detector.py +168 -0
package/dist/gaia-security/hooks/modules/audit/logger.py +131 -0
package/dist/gaia-security/hooks/modules/audit/metrics.py +134 -0
package/dist/gaia-security/hooks/modules/audit/workflow_auditor.py +576 -0
package/dist/gaia-security/hooks/modules/audit/workflow_recorder.py +296 -0
package/dist/gaia-security/hooks/modules/context/__init__.py +11 -0
package/dist/gaia-security/hooks/modules/context/anchor_tracker.py +317 -0
package/dist/gaia-security/hooks/modules/context/compact_context_builder.py +215 -0
package/dist/gaia-security/hooks/modules/context/context_cache.py +129 -0
package/dist/gaia-security/hooks/modules/context/context_freshness.py +145 -0
package/dist/gaia-security/hooks/modules/context/context_injector.py +427 -0
package/dist/gaia-security/hooks/modules/context/context_writer.py +518 -0
package/dist/gaia-security/hooks/modules/context/contracts_loader.py +161 -0
package/dist/gaia-security/hooks/modules/core/__init__.py +40 -0
package/dist/gaia-security/hooks/modules/core/hook_entry.py +78 -0
package/dist/gaia-security/hooks/modules/core/paths.py +160 -0
package/dist/gaia-security/hooks/modules/core/plugin_mode.py +149 -0
package/dist/gaia-security/hooks/modules/core/plugin_setup.py +558 -0
package/dist/gaia-security/hooks/modules/core/state.py +179 -0
package/dist/gaia-security/hooks/modules/core/stdin.py +24 -0
package/dist/gaia-security/hooks/modules/events/__init__.py +1 -0
package/dist/gaia-security/hooks/modules/events/event_writer.py +210 -0
package/dist/gaia-security/hooks/modules/identity/__init__.py +0 -0
package/dist/gaia-security/hooks/modules/identity/identity_provider.py +21 -0
package/dist/gaia-security/hooks/modules/identity/ops_identity.py +34 -0
package/dist/gaia-security/hooks/modules/identity/security_identity.py +10 -0
package/dist/gaia-security/hooks/modules/memory/__init__.py +8 -0
package/dist/gaia-security/hooks/modules/memory/episode_writer.py +227 -0
package/dist/gaia-security/hooks/modules/orchestrator/__init__.py +1 -0
package/dist/gaia-security/hooks/modules/orchestrator/delegate_mode.py +128 -0
package/dist/gaia-security/hooks/modules/scanning/__init__.py +8 -0
package/dist/gaia-security/hooks/modules/scanning/scan_trigger.py +84 -0
package/dist/gaia-security/hooks/modules/security/__init__.py +89 -0
package/dist/gaia-security/hooks/modules/security/approval_cleanup.py +87 -0
package/dist/gaia-security/hooks/modules/security/approval_constants.py +23 -0
package/dist/gaia-security/hooks/modules/security/approval_grants.py +912 -0
package/dist/gaia-security/hooks/modules/security/approval_messages.py +71 -0
package/dist/gaia-security/hooks/modules/security/approval_scopes.py +153 -0
package/dist/gaia-security/hooks/modules/security/blocked_commands.py +584 -0
package/dist/gaia-security/hooks/modules/security/blocked_message_formatter.py +86 -0
package/dist/gaia-security/hooks/modules/security/command_semantics.py +130 -0
package/dist/gaia-security/hooks/modules/security/gitops_validator.py +179 -0
package/dist/gaia-security/hooks/modules/security/mutative_verbs.py +850 -0
package/dist/gaia-security/hooks/modules/security/prompt_validator.py +40 -0
package/dist/gaia-security/hooks/modules/security/tiers.py +196 -0
package/dist/gaia-security/hooks/modules/session/__init__.py +10 -0
package/dist/gaia-security/hooks/modules/session/session_context_writer.py +100 -0
package/dist/gaia-security/hooks/modules/session/session_event_injector.py +158 -0
package/dist/gaia-security/hooks/modules/session/session_manager.py +31 -0
package/dist/gaia-security/hooks/modules/tools/__init__.py +25 -0
package/dist/gaia-security/hooks/modules/tools/bash_validator.py +708 -0
package/dist/gaia-security/hooks/modules/tools/cloud_pipe_validator.py +181 -0
package/dist/gaia-security/hooks/modules/tools/hook_response.py +55 -0
package/dist/gaia-security/hooks/modules/tools/shell_parser.py +227 -0
package/dist/gaia-security/hooks/modules/tools/task_validator.py +283 -0
package/dist/gaia-security/hooks/modules/validation/__init__.py +23 -0
package/dist/gaia-security/hooks/modules/validation/commit_validator.py +380 -0
package/dist/gaia-security/hooks/post_tool_use.py +54 -0
package/dist/gaia-security/hooks/pre_tool_use.py +383 -0
package/dist/gaia-security/hooks/session_start.py +69 -0
package/dist/gaia-security/hooks/stop_hook.py +69 -0
package/dist/gaia-security/hooks/user_prompt_submit.py +177 -0
package/dist/gaia-security/settings.json +58 -0
package/git-hooks/commit-msg +41 -0
package/hooks/README.md +8 -6
package/hooks/adapters/channel.py +0 -25
package/hooks/adapters/claude_code.py +364 -125
package/hooks/elicitation_result.py +132 -0
package/hooks/hooks.json +10 -1
package/hooks/modules/README.md +3 -2
package/hooks/modules/agents/contract_validator.py +3 -51
package/hooks/modules/agents/response_contract.py +4 -8
package/hooks/modules/agents/transcript_reader.py +4 -5
package/hooks/modules/audit/__init__.py +4 -6
package/hooks/modules/audit/event_detector.py +0 -2
package/hooks/modules/audit/metrics.py +108 -187
package/hooks/modules/audit/workflow_auditor.py +0 -4
package/hooks/modules/audit/workflow_recorder.py +0 -5
package/hooks/modules/context/compact_context_builder.py +1 -0
package/hooks/modules/context/context_cache.py +129 -0
package/hooks/modules/context/context_injector.py +18 -40
package/hooks/modules/context/context_writer.py +1 -25
package/hooks/modules/context/contracts_loader.py +7 -10
package/hooks/modules/core/hook_entry.py +1 -0
package/hooks/modules/core/paths.py +12 -13
package/hooks/modules/core/plugin_mode.py +74 -4
package/hooks/modules/core/plugin_setup.py +395 -23
package/hooks/modules/events/__init__.py +1 -0
package/hooks/modules/events/event_writer.py +210 -0
package/hooks/modules/identity/ops_identity.py +18 -27
package/hooks/modules/memory/episode_writer.py +1 -6
package/hooks/modules/orchestrator/__init__.py +1 -0
package/hooks/modules/orchestrator/delegate_mode.py +128 -0
package/hooks/modules/security/__init__.py +2 -4
package/hooks/modules/security/approval_constants.py +5 -1
package/hooks/modules/security/approval_grants.py +189 -6
package/hooks/modules/security/approval_messages.py +9 -21
package/hooks/modules/security/blocked_commands.py +98 -34
package/hooks/modules/security/command_semantics.py +0 -4
package/hooks/modules/security/gitops_validator.py +1 -11
package/hooks/modules/security/mutative_verbs.py +179 -38
package/hooks/modules/security/tiers.py +1 -19
package/hooks/modules/session/session_event_injector.py +1 -25
package/hooks/modules/tools/bash_validator.py +310 -94
package/hooks/modules/tools/shell_parser.py +0 -1
package/hooks/modules/tools/task_validator.py +9 -29
package/hooks/post_tool_use.py +0 -72
package/hooks/pre_tool_use.py +42 -102
package/hooks/session_start.py +4 -2
package/hooks/subagent_start.py +6 -2
package/hooks/subagent_stop.py +1 -13
package/hooks/user_prompt_submit.py +119 -37
package/index.js +1 -1
package/package.json +5 -3
package/skills/README.md +3 -5
package/skills/agent-protocol/SKILL.md +17 -16
package/skills/agent-protocol/examples.md +6 -6
package/skills/agent-response/SKILL.md +11 -14
package/skills/approval/SKILL.md +28 -13
package/skills/approval/reference.md +2 -2
package/skills/execution/SKILL.md +1 -1
package/skills/gaia-patterns/SKILL.md +2 -3
package/skills/orchestrator-approval/SKILL.md +22 -50
package/skills/security-tiers/SKILL.md +1 -1
package/templates/README.md +9 -9
package/templates/managed-settings.template.json +43 -0
package/tools/gaia_simulator/runner.py +34 -1
package/tools/scan/orchestrator.py +13 -0
package/tools/scan/scanners/base.py +8 -0
package/tools/scan/scanners/git.py +78 -0
package/tools/scan/scanners/infrastructure.py +65 -0
package/tools/scan/scanners/stack.py +110 -0
package/tools/scan/setup.py +120 -13
package/tools/scan/workspace.py +85 -0
package/config/context-contracts.aws.json +0 -42
package/config/context-contracts.gcp.json +0 -39
package/skills/project-dispatch/SKILL.md +0 -34
package/templates/settings.template.json +0 -226

package/dist/gaia-ops/tools/scan/tests/test_tools.py ADDED Viewed

@@ -0,0 +1,349 @@
+"""
+Unit tests for the Tool Scanner (T024).
+Tests tool detection via command -v, version extraction with timeout,
+tool_preferences resolution, and handling of tools that hang.
+All subprocess calls are mocked for reproducibility.
+"""
+import subprocess
+from pathlib import Path
+from typing import Any, Dict, List
+from unittest.mock import MagicMock, call, patch
+import pytest
+from tools.scan.config import TOOL_DEFINITIONS, ToolCategory, ToolDefinition
+from tools.scan.scanners.tools import ToolScanner, _VERSION_TIMEOUT
+@pytest.fixture
+def scanner() -> ToolScanner:
+    """Create a ToolScanner instance."""
+    return ToolScanner()
+# ---------------------------------------------------------------------------
+# Scanner basics
+# ---------------------------------------------------------------------------
+class TestToolScannerBasics:
+    """Test scanner metadata and basic contract."""
+    def test_scanner_name(self, scanner: ToolScanner) -> None:
+        assert scanner.SCANNER_NAME == "tools"
+    def test_scanner_version(self, scanner: ToolScanner) -> None:
+        assert scanner.SCANNER_VERSION == "1.1.0"
+    def test_owned_sections(self, scanner: ToolScanner) -> None:
+        assert "environment.tools" in scanner.OWNED_SECTIONS
+        assert "environment.tool_preferences" in scanner.OWNED_SECTIONS
+    def test_source_tag(self, scanner: ToolScanner) -> None:
+        assert scanner.source_tag == "scanner:tools"
+# ---------------------------------------------------------------------------
+# Tool detection
+# ---------------------------------------------------------------------------
+class TestToolDetection:
+    """Test tool detection via shutil.which."""
+    def test_detect_tool_via_shutil_which(self, scanner: ToolScanner) -> None:
+        """Verify shutil.which is used for path detection."""
+        with patch("tools.scan.scanners.tools.shutil.which", return_value="/usr/bin/python3") as mock_which:
+            path = scanner._detect_path("python3")
+            mock_which.assert_called_once_with("python3")
+            assert path == "/usr/bin/python3"
+    def test_no_subprocess_for_path_detection(self, scanner: ToolScanner) -> None:
+        """Ensure subprocess is NOT used for path detection."""
+        with patch("tools.scan.scanners.tools.shutil.which", return_value="/usr/bin/git"):
+            with patch("tools.scan.scanners.tools.subprocess.run") as mock_run:
+                scanner._detect_path("git")
+                mock_run.assert_not_called()
+    def test_missing_tool_returns_none(self, scanner: ToolScanner) -> None:
+        """Tool not found by shutil.which returns None."""
+        with patch("tools.scan.scanners.tools.shutil.which", return_value=None):
+            path = scanner._detect_path("nonexistent_tool_xyz")
+            assert path is None
+    def test_detected_tool_has_required_fields(
+        self, scanner: ToolScanner, tmp_path: Path
+    ) -> None:
+        """Test that detected tools have name, path, version, category."""
+        tool_def = ToolDefinition(
+            name="test-tool",
+            category=ToolCategory.UTILITY,
+        )
+        # Mock version extraction (subprocess is only used for --version now)
+        version_result = MagicMock()
+        version_result.returncode = 0
+        version_result.stdout = "test-tool 1.2.3\n"
+        version_result.stderr = ""
+        with patch("tools.scan.scanners.tools.shutil.which", return_value="/usr/local/bin/test-tool"):
+            with patch(
+                "tools.scan.scanners.tools.subprocess.run",
+                return_value=version_result,
+            ):
+                tool_info = scanner._probe_tool(tool_def)
+        assert tool_info is not None
+        assert tool_info["name"] == "test-tool"
+        assert tool_info["path"] == "/usr/local/bin/test-tool"
+        assert tool_info["version"] is not None
+        assert tool_info["category"] == "utility"
+# ---------------------------------------------------------------------------
+# Version extraction
+# ---------------------------------------------------------------------------
+class TestVersionExtraction:
+    """Test version extraction with timeout handling."""
+    def test_version_extracted_from_stdout(self, scanner: ToolScanner) -> None:
+        result = scanner._extract_version(
+            "/usr/bin/python3", "--version", None
+        )
+        # On real system this would return a version string;
+        # if python3 is installed it should not be "unknown"
+        # We just verify it returns a string
+        assert isinstance(result, str)
+    def test_timeout_returns_unknown(self, scanner: ToolScanner) -> None:
+        """Tool that hangs during --version gets version 'unknown'."""
+        with patch(
+            "tools.scan.scanners.tools.subprocess.run",
+            side_effect=subprocess.TimeoutExpired(cmd="tool", timeout=2),
+        ):
+            version = scanner._extract_version("/usr/bin/slow-tool", "--version", None)
+            assert version == "unknown"
+    def test_nonzero_exit_returns_unknown(self, scanner: ToolScanner) -> None:
+        """Tool with non-zero exit for --version gets version 'unknown'."""
+        mock_result = MagicMock()
+        mock_result.returncode = 1
+        mock_result.stdout = ""
+        mock_result.stderr = ""
+        with patch("tools.scan.scanners.tools.subprocess.run", return_value=mock_result):
+            version = scanner._extract_version("/usr/bin/bad-tool", "--version", None)
+            assert version == "unknown"
+    def test_version_regex_extraction(self, scanner: ToolScanner) -> None:
+        """Test version regex extracts from complex output."""
+        mock_result = MagicMock()
+        mock_result.returncode = 0
+        mock_result.stdout = "Super Tool version 3.14.159 (build 12345)\n"
+        mock_result.stderr = ""
+        with patch("tools.scan.scanners.tools.subprocess.run", return_value=mock_result):
+            version = scanner._extract_version(
+                "/usr/bin/super-tool", "--version", r"version (\d+\.\d+\.\d+)"
+            )
+            assert version == "3.14.159"
+    def test_oserror_returns_unknown(self, scanner: ToolScanner) -> None:
+        """OSError during version extraction returns 'unknown'."""
+        with patch(
+            "tools.scan.scanners.tools.subprocess.run",
+            side_effect=OSError("Permission denied"),
+        ):
+            version = scanner._extract_version("/usr/bin/noperm", "--version", None)
+            assert version == "unknown"
+    def test_version_timeout_value(self) -> None:
+        """Verify timeout constant is 2 seconds."""
+        assert _VERSION_TIMEOUT == 2
+# ---------------------------------------------------------------------------
+# Tool preferences
+# ---------------------------------------------------------------------------
+class TestToolPreferences:
+    """Test tool_preferences resolution."""
+    def test_preference_map_built(self, scanner: ToolScanner, tmp_path: Path) -> None:
+        """Test that preference map is populated with all known keys."""
+        # Create minimal tool definitions for testing
+        mock_defs = [
+            ToolDefinition(
+                name="bat",
+                category=ToolCategory.FILE_VIEWER,
+                preference_key="file_viewer",
+                preference_priority=10,
+            ),
+            ToolDefinition(
+                name="stern",
+                category=ToolCategory.KUBERNETES,
+                preference_key="log_viewer",
+                preference_priority=10,
+            ),
+        ]
+        def mock_which(name):
+            return f"/usr/bin/{name}" if name in ("bat", "stern") else None
+        version_result = MagicMock()
+        version_result.returncode = 0
+        version_result.stdout = "1.0.0\n"
+        version_result.stderr = ""
+        with patch("tools.scan.config.TOOL_DEFINITIONS", mock_defs):
+            with patch("tools.scan.scanners.tools.TOOL_DEFINITIONS", mock_defs):
+                with patch("tools.scan.scanners.tools.shutil.which", side_effect=mock_which):
+                    with patch("tools.scan.scanners.tools.subprocess.run", return_value=version_result):
+                        result = scanner.scan(tmp_path)
+        env = result.sections["environment"]
+        prefs = env["tool_preferences"]
+        assert prefs["file_viewer"] == "bat"
+        assert prefs["log_viewer"] == "stern"
+    def test_highest_priority_wins(self, scanner: ToolScanner, tmp_path: Path) -> None:
+        """When two tools compete for same key, highest priority wins."""
+        mock_defs = [
+            ToolDefinition(
+                name="docker",
+                category=ToolCategory.CONTAINER,
+                preference_key="container_runtime",
+                preference_priority=10,
+            ),
+            ToolDefinition(
+                name="podman",
+                category=ToolCategory.CONTAINER,
+                preference_key="container_runtime",
+                preference_priority=5,
+            ),
+        ]
+        def mock_which(name):
+            return f"/usr/bin/{name}" if name in ("docker", "podman") else None
+        version_result = MagicMock()
+        version_result.returncode = 0
+        version_result.stdout = "1.0.0\n"
+        version_result.stderr = ""
+        with patch("tools.scan.config.TOOL_DEFINITIONS", mock_defs):
+            with patch("tools.scan.scanners.tools.TOOL_DEFINITIONS", mock_defs):
+                with patch("tools.scan.scanners.tools.shutil.which", side_effect=mock_which):
+                    with patch("tools.scan.scanners.tools.subprocess.run", return_value=version_result):
+                        result = scanner.scan(tmp_path)
+        env = result.sections["environment"]
+        assert env["tool_preferences"]["container_runtime"] == "docker"
+    def test_undetected_preference_is_none(
+        self, scanner: ToolScanner, tmp_path: Path
+    ) -> None:
+        """Preference key with no detected tools gets None."""
+        mock_defs = [
+            ToolDefinition(
+                name="nonexistent_special_tool",
+                category=ToolCategory.UTILITY,
+                preference_key="special_viewer",
+                preference_priority=10,
+            ),
+        ]
+        with patch("tools.scan.config.TOOL_DEFINITIONS", mock_defs):
+            with patch("tools.scan.scanners.tools.TOOL_DEFINITIONS", mock_defs):
+                with patch("tools.scan.scanners.tools.shutil.which", return_value=None):
+                    result = scanner.scan(tmp_path)
+        env = result.sections["environment"]
+        assert env["tool_preferences"]["special_viewer"] is None
+# ---------------------------------------------------------------------------
+# All ToolCategory values
+# ---------------------------------------------------------------------------
+class TestToolCategories:
+    """Test that all 11 ToolCategory values exist."""
+    def test_all_11_categories(self) -> None:
+        assert len(ToolCategory) == 11
+    def test_category_values(self) -> None:
+        expected = {
+            "kubernetes", "cloud", "iac", "container", "file_viewer",
+            "file_search", "git", "language_runtime", "build", "utility",
+            "ai_assistant",
+        }
+        actual = {cat.value for cat in ToolCategory}
+        assert actual == expected
+    def test_all_tool_definitions_have_valid_category(self) -> None:
+        for td in TOOL_DEFINITIONS:
+            assert isinstance(td.category, ToolCategory)
+# ---------------------------------------------------------------------------
+# Full scan with mocked subprocess
+# ---------------------------------------------------------------------------
+class TestFullScanMocked:
+    """Test full scan with all subprocess calls mocked."""
+    def test_scan_returns_environment_section(
+        self, scanner: ToolScanner, tmp_path: Path
+    ) -> None:
+        """Full scan produces environment section with tools and preferences."""
+        def mock_which(name):
+            return "/usr/bin/python3" if name == "python3" else None
+        version_result = MagicMock()
+        version_result.returncode = 0
+        version_result.stdout = "Python 3.11.5\n"
+        version_result.stderr = ""
+        with patch("tools.scan.scanners.tools.shutil.which", side_effect=mock_which):
+            with patch("tools.scan.scanners.tools.subprocess.run", return_value=version_result):
+                result = scanner.scan(tmp_path)
+        assert "environment" in result.sections
+        env = result.sections["environment"]
+        assert "tools" in env
+        assert "tool_preferences" in env
+    def test_scan_individual_failure_does_not_abort(
+        self, scanner: ToolScanner, tmp_path: Path
+    ) -> None:
+        """A tool that throws an exception during probe doesn't abort scan."""
+        call_count = 0
+        def mock_which(name):
+            nonlocal call_count
+            call_count += 1
+            if call_count == 1:
+                raise OSError("Simulated failure")
+            return None
+        with patch("tools.scan.scanners.tools.shutil.which", side_effect=mock_which):
+            result = scanner.scan(tmp_path)
+        # Scanner should still return a valid result
+        assert "environment" in result.sections
+    def test_scan_result_has_source_tag(
+        self, scanner: ToolScanner, tmp_path: Path
+    ) -> None:
+        with patch("tools.scan.scanners.tools.shutil.which", return_value=None):
+            result = scanner.scan(tmp_path)
+        assert result.sections["environment"]["_source"] == "scanner:tools"