npm - @jaguilar87/gaia-ops - Versions diffs - 4.4.0 → 4.7.2 - Mend

@jaguilar87/gaia-ops 4.4.0 → 4.7.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (371) hide show

package/.claude-plugin/marketplace.json +1 -1
package/.claude-plugin/plugin.json +12 -3
package/ARCHITECTURE.md +9 -8
package/CHANGELOG.md +34 -0
package/README.md +43 -11
package/agents/terraform-architect.md +1 -1
package/bin/README.md +2 -2
package/bin/gaia-doctor.js +18 -5
package/bin/gaia-history.js +0 -1
package/bin/gaia-metrics.js +2 -2
package/bin/gaia-scan.py +23 -1
package/bin/gaia-update.js +346 -54
package/bin/pre-publish-validate.js +33 -10
package/commands/gaia.md +37 -0
package/config/README.md +3 -9
package/config/context-contracts.json +47 -15
package/config/surface-routing.json +9 -1
package/dist/gaia-ops/.claude-plugin/plugin.json +22 -0
package/dist/gaia-ops/agents/cloud-troubleshooter.md +73 -0
package/dist/gaia-ops/agents/devops-developer.md +57 -0
package/dist/gaia-ops/agents/gaia-system.md +58 -0
package/dist/gaia-ops/agents/gitops-operator.md +60 -0
package/dist/gaia-ops/agents/speckit-planner.md +71 -0
package/dist/gaia-ops/agents/terraform-architect.md +60 -0
package/dist/gaia-ops/commands/gaia.md +37 -0
package/dist/gaia-ops/config/README.md +58 -0
package/dist/gaia-ops/config/cloud/aws.json +140 -0
package/dist/gaia-ops/config/cloud/gcp.json +145 -0
package/dist/gaia-ops/config/context-contracts.json +131 -0
package/dist/gaia-ops/config/git_standards.json +72 -0
package/dist/gaia-ops/config/surface-routing.json +197 -0
package/dist/gaia-ops/config/universal-rules.json +10 -0
package/dist/gaia-ops/hooks/adapters/__init__.py +52 -0
package/dist/gaia-ops/hooks/adapters/base.py +219 -0
package/dist/gaia-ops/hooks/adapters/channel.py +17 -0
package/dist/gaia-ops/hooks/adapters/claude_code.py +1477 -0
package/dist/gaia-ops/hooks/adapters/types.py +194 -0
package/dist/gaia-ops/hooks/adapters/utils.py +25 -0
package/dist/gaia-ops/hooks/hooks.json +126 -0
package/dist/gaia-ops/hooks/modules/__init__.py +15 -0
package/dist/gaia-ops/hooks/modules/agents/__init__.py +29 -0
package/dist/gaia-ops/hooks/modules/agents/contract_validator.py +647 -0
package/dist/gaia-ops/hooks/modules/agents/response_contract.py +496 -0
package/dist/gaia-ops/hooks/modules/agents/skill_injection_verifier.py +124 -0
package/dist/gaia-ops/hooks/modules/agents/task_info_builder.py +74 -0
package/dist/gaia-ops/hooks/modules/agents/transcript_analyzer.py +458 -0
package/dist/gaia-ops/hooks/modules/agents/transcript_reader.py +152 -0
package/dist/gaia-ops/hooks/modules/audit/__init__.py +28 -0
package/dist/gaia-ops/hooks/modules/audit/event_detector.py +168 -0
package/dist/gaia-ops/hooks/modules/audit/logger.py +131 -0
package/dist/gaia-ops/hooks/modules/audit/metrics.py +134 -0
package/dist/gaia-ops/hooks/modules/audit/workflow_auditor.py +576 -0
package/dist/gaia-ops/hooks/modules/audit/workflow_recorder.py +296 -0
package/dist/gaia-ops/hooks/modules/context/__init__.py +11 -0
package/dist/gaia-ops/hooks/modules/context/anchor_tracker.py +317 -0
package/dist/gaia-ops/hooks/modules/context/compact_context_builder.py +215 -0
package/dist/gaia-ops/hooks/modules/context/context_cache.py +129 -0
package/dist/gaia-ops/hooks/modules/context/context_freshness.py +145 -0
package/dist/gaia-ops/hooks/modules/context/context_injector.py +427 -0
package/dist/gaia-ops/hooks/modules/context/context_writer.py +518 -0
package/dist/gaia-ops/hooks/modules/context/contracts_loader.py +161 -0
package/dist/gaia-ops/hooks/modules/core/__init__.py +40 -0
package/dist/gaia-ops/hooks/modules/core/hook_entry.py +78 -0
package/dist/gaia-ops/hooks/modules/core/paths.py +160 -0
package/dist/gaia-ops/hooks/modules/core/plugin_mode.py +149 -0
package/dist/gaia-ops/hooks/modules/core/plugin_setup.py +558 -0
package/dist/gaia-ops/hooks/modules/core/state.py +179 -0
package/dist/gaia-ops/hooks/modules/core/stdin.py +24 -0
package/dist/gaia-ops/hooks/modules/events/__init__.py +1 -0
package/dist/gaia-ops/hooks/modules/events/event_writer.py +210 -0
package/dist/gaia-ops/hooks/modules/identity/__init__.py +0 -0
package/dist/gaia-ops/hooks/modules/identity/identity_provider.py +21 -0
package/dist/gaia-ops/hooks/modules/identity/ops_identity.py +34 -0
package/dist/gaia-ops/hooks/modules/identity/security_identity.py +10 -0
package/dist/gaia-ops/hooks/modules/memory/__init__.py +8 -0
package/dist/gaia-ops/hooks/modules/memory/episode_writer.py +227 -0
package/dist/gaia-ops/hooks/modules/orchestrator/__init__.py +1 -0
package/dist/gaia-ops/hooks/modules/orchestrator/delegate_mode.py +128 -0
package/dist/gaia-ops/hooks/modules/scanning/__init__.py +8 -0
package/dist/gaia-ops/hooks/modules/scanning/scan_trigger.py +84 -0
package/dist/gaia-ops/hooks/modules/security/__init__.py +89 -0
package/dist/gaia-ops/hooks/modules/security/approval_cleanup.py +87 -0
package/dist/gaia-ops/hooks/modules/security/approval_constants.py +23 -0
package/dist/gaia-ops/hooks/modules/security/approval_grants.py +912 -0
package/dist/gaia-ops/hooks/modules/security/approval_messages.py +71 -0
package/dist/gaia-ops/hooks/modules/security/approval_scopes.py +153 -0
package/dist/gaia-ops/hooks/modules/security/blocked_commands.py +584 -0
package/dist/gaia-ops/hooks/modules/security/blocked_message_formatter.py +86 -0
package/dist/gaia-ops/hooks/modules/security/command_semantics.py +130 -0
package/dist/gaia-ops/hooks/modules/security/gitops_validator.py +179 -0
package/dist/gaia-ops/hooks/modules/security/mutative_verbs.py +850 -0
package/dist/gaia-ops/hooks/modules/security/prompt_validator.py +40 -0
package/dist/gaia-ops/hooks/modules/security/tiers.py +196 -0
package/dist/gaia-ops/hooks/modules/session/__init__.py +10 -0
package/dist/gaia-ops/hooks/modules/session/session_context_writer.py +100 -0
package/dist/gaia-ops/hooks/modules/session/session_event_injector.py +158 -0
package/dist/gaia-ops/hooks/modules/session/session_manager.py +31 -0
package/dist/gaia-ops/hooks/modules/tools/__init__.py +25 -0
package/dist/gaia-ops/hooks/modules/tools/bash_validator.py +708 -0
package/dist/gaia-ops/hooks/modules/tools/cloud_pipe_validator.py +181 -0
package/dist/gaia-ops/hooks/modules/tools/hook_response.py +55 -0
package/dist/gaia-ops/hooks/modules/tools/shell_parser.py +227 -0
package/dist/gaia-ops/hooks/modules/tools/task_validator.py +283 -0
package/dist/gaia-ops/hooks/modules/validation/__init__.py +23 -0
package/dist/gaia-ops/hooks/modules/validation/commit_validator.py +380 -0
package/dist/gaia-ops/hooks/post_compact.py +43 -0
package/dist/gaia-ops/hooks/post_tool_use.py +54 -0
package/dist/gaia-ops/hooks/pre_tool_use.py +383 -0
package/dist/gaia-ops/hooks/session_start.py +69 -0
package/dist/gaia-ops/hooks/stop_hook.py +69 -0
package/dist/gaia-ops/hooks/subagent_start.py +71 -0
package/dist/gaia-ops/hooks/subagent_stop.py +288 -0
package/dist/gaia-ops/hooks/task_completed.py +70 -0
package/dist/gaia-ops/hooks/user_prompt_submit.py +177 -0
package/dist/gaia-ops/settings.json +72 -0
package/dist/gaia-ops/skills/README.md +109 -0
package/dist/gaia-ops/skills/agent-protocol/SKILL.md +105 -0
package/dist/gaia-ops/skills/agent-protocol/examples.md +170 -0
package/dist/gaia-ops/skills/agent-response/SKILL.md +53 -0
package/dist/gaia-ops/skills/approval/SKILL.md +85 -0
package/dist/gaia-ops/skills/approval/examples.md +140 -0
package/dist/gaia-ops/skills/approval/reference.md +57 -0
package/dist/gaia-ops/skills/command-execution/SKILL.md +64 -0
package/dist/gaia-ops/skills/command-execution/reference.md +83 -0
package/dist/gaia-ops/skills/context-updater/SKILL.md +76 -0
package/dist/gaia-ops/skills/context-updater/examples.md +71 -0
package/dist/gaia-ops/skills/developer-patterns/SKILL.md +93 -0
package/dist/gaia-ops/skills/developer-patterns/reference.md +112 -0
package/dist/gaia-ops/skills/execution/SKILL.md +66 -0
package/dist/gaia-ops/skills/fast-queries/SKILL.md +47 -0
package/dist/gaia-ops/skills/gaia-patterns/SKILL.md +92 -0
package/dist/gaia-ops/skills/gaia-patterns/reference.md +22 -0
package/dist/gaia-ops/skills/git-conventions/SKILL.md +48 -0
package/dist/gaia-ops/skills/gitops-patterns/SKILL.md +73 -0
package/dist/gaia-ops/skills/gitops-patterns/reference.md +183 -0
package/dist/gaia-ops/skills/investigation/SKILL.md +77 -0
package/dist/gaia-ops/skills/orchestrator-approval/SKILL.md +64 -0
package/dist/gaia-ops/skills/reference.md +134 -0
package/dist/gaia-ops/skills/security-tiers/SKILL.md +61 -0
package/dist/gaia-ops/skills/security-tiers/destructive-commands-reference.md +623 -0
package/dist/gaia-ops/skills/security-tiers/reference.md +39 -0
package/dist/gaia-ops/skills/skill-creation/SKILL.md +119 -0
package/dist/gaia-ops/skills/specification/SKILL.md +186 -0
package/dist/gaia-ops/skills/speckit-workflow/SKILL.md +165 -0
package/dist/gaia-ops/skills/speckit-workflow/reference.md +117 -0
package/dist/gaia-ops/skills/terraform-patterns/SKILL.md +63 -0
package/dist/gaia-ops/skills/terraform-patterns/reference.md +93 -0
package/dist/gaia-ops/speckit/README.md +516 -0
package/dist/gaia-ops/speckit/scripts/.gitkeep +0 -0
package/dist/gaia-ops/speckit/templates/adr-template.md +118 -0
package/dist/gaia-ops/speckit/templates/agent-file-template.md +23 -0
package/dist/gaia-ops/speckit/templates/plan-template.md +227 -0
package/dist/gaia-ops/speckit/templates/spec-template.md +140 -0
package/dist/gaia-ops/speckit/templates/tasks-template.md +257 -0
package/dist/gaia-ops/tools/context/README.md +132 -0
package/dist/gaia-ops/tools/context/__init__.py +42 -0
package/dist/gaia-ops/tools/context/_paths.py +20 -0
package/dist/gaia-ops/tools/context/context_provider.py +476 -0
package/dist/gaia-ops/tools/context/context_section_reader.py +330 -0
package/dist/gaia-ops/tools/context/deep_merge.py +159 -0
package/dist/gaia-ops/tools/context/pending_updates.py +760 -0
package/dist/gaia-ops/tools/context/surface_router.py +278 -0
package/dist/gaia-ops/tools/fast-queries/README.md +65 -0
package/dist/gaia-ops/tools/fast-queries/__init__.py +30 -0
package/dist/gaia-ops/tools/fast-queries/appservices/quicktriage_devops_developer.sh +75 -0
package/dist/gaia-ops/tools/fast-queries/cloud/aws/quicktriage_aws_troubleshooter.sh +32 -0
package/dist/gaia-ops/tools/fast-queries/cloud/gcp/quicktriage_gcp_troubleshooter.sh +88 -0
package/dist/gaia-ops/tools/fast-queries/gitops/quicktriage_gitops_operator.sh +48 -0
package/dist/gaia-ops/tools/fast-queries/run_triage.sh +59 -0
package/dist/gaia-ops/tools/fast-queries/terraform/quicktriage_terraform_architect.sh +80 -0
package/dist/gaia-ops/tools/gaia_simulator/__init__.py +33 -0
package/dist/gaia-ops/tools/gaia_simulator/cli.py +354 -0
package/dist/gaia-ops/tools/gaia_simulator/extractor.py +457 -0
package/dist/gaia-ops/tools/gaia_simulator/reporter.py +258 -0
package/dist/gaia-ops/tools/gaia_simulator/routing_simulator.py +334 -0
package/dist/gaia-ops/tools/gaia_simulator/runner.py +539 -0
package/dist/gaia-ops/tools/gaia_simulator/skills_mapper.py +262 -0
package/dist/gaia-ops/tools/memory/README.md +0 -0
package/dist/gaia-ops/tools/memory/__init__.py +20 -0
package/dist/gaia-ops/tools/memory/episodic.py +1196 -0
package/dist/gaia-ops/tools/persist_transcript_analysis.py +85 -0
package/dist/gaia-ops/tools/review/__init__.py +1 -0
package/dist/gaia-ops/tools/review/review_engine.py +157 -0
package/dist/gaia-ops/tools/scan/__init__.py +35 -0
package/dist/gaia-ops/tools/scan/config.py +247 -0
package/dist/gaia-ops/tools/scan/merge.py +212 -0
package/dist/gaia-ops/tools/scan/orchestrator.py +549 -0
package/dist/gaia-ops/tools/scan/registry.py +127 -0
package/dist/gaia-ops/tools/scan/scanners/__init__.py +18 -0
package/dist/gaia-ops/tools/scan/scanners/base.py +137 -0
package/dist/gaia-ops/tools/scan/scanners/environment.py +324 -0
package/dist/gaia-ops/tools/scan/scanners/git.py +570 -0
package/dist/gaia-ops/tools/scan/scanners/infrastructure.py +875 -0
package/dist/gaia-ops/tools/scan/scanners/orchestration.py +600 -0
package/dist/gaia-ops/tools/scan/scanners/stack.py +1085 -0
package/dist/gaia-ops/tools/scan/scanners/tools.py +260 -0
package/dist/gaia-ops/tools/scan/setup.py +753 -0
package/dist/gaia-ops/tools/scan/tests/__init__.py +1 -0
package/dist/gaia-ops/tools/scan/tests/conftest.py +796 -0
package/dist/gaia-ops/tools/scan/tests/test_environment.py +323 -0
package/dist/gaia-ops/tools/scan/tests/test_git.py +419 -0
package/dist/gaia-ops/tools/scan/tests/test_infrastructure.py +382 -0
package/dist/gaia-ops/tools/scan/tests/test_integration.py +920 -0
package/dist/gaia-ops/tools/scan/tests/test_merge.py +269 -0
package/dist/gaia-ops/tools/scan/tests/test_orchestration.py +304 -0
package/dist/gaia-ops/tools/scan/tests/test_stack.py +604 -0
package/dist/gaia-ops/tools/scan/tests/test_tools.py +349 -0
package/dist/gaia-ops/tools/scan/ui.py +624 -0
package/dist/gaia-ops/tools/scan/verify.py +266 -0
package/dist/gaia-ops/tools/scan/walk.py +118 -0
package/dist/gaia-ops/tools/scan/workspace.py +85 -0
package/dist/gaia-ops/tools/validation/README.md +244 -0
package/dist/gaia-ops/tools/validation/__init__.py +17 -0
package/dist/gaia-ops/tools/validation/approval_gate.py +321 -0
package/dist/gaia-ops/tools/validation/validate_skills.py +189 -0
package/dist/gaia-security/.claude-plugin/plugin.json +22 -0
package/dist/gaia-security/config/universal-rules.json +10 -0
package/dist/gaia-security/hooks/adapters/__init__.py +52 -0
package/dist/gaia-security/hooks/adapters/base.py +219 -0
package/dist/gaia-security/hooks/adapters/channel.py +17 -0
package/dist/gaia-security/hooks/adapters/claude_code.py +1477 -0
package/dist/gaia-security/hooks/adapters/types.py +194 -0
package/dist/gaia-security/hooks/adapters/utils.py +25 -0
package/dist/gaia-security/hooks/hooks.json +57 -0
package/dist/gaia-security/hooks/modules/__init__.py +15 -0
package/dist/gaia-security/hooks/modules/agents/__init__.py +29 -0
package/dist/gaia-security/hooks/modules/agents/contract_validator.py +647 -0
package/dist/gaia-security/hooks/modules/agents/response_contract.py +496 -0
package/dist/gaia-security/hooks/modules/agents/skill_injection_verifier.py +124 -0
package/dist/gaia-security/hooks/modules/agents/task_info_builder.py +74 -0
package/dist/gaia-security/hooks/modules/agents/transcript_analyzer.py +458 -0
package/dist/gaia-security/hooks/modules/agents/transcript_reader.py +152 -0
package/dist/gaia-security/hooks/modules/audit/__init__.py +28 -0
package/dist/gaia-security/hooks/modules/audit/event_detector.py +168 -0
package/dist/gaia-security/hooks/modules/audit/logger.py +131 -0
package/dist/gaia-security/hooks/modules/audit/metrics.py +134 -0
package/dist/gaia-security/hooks/modules/audit/workflow_auditor.py +576 -0
package/dist/gaia-security/hooks/modules/audit/workflow_recorder.py +296 -0
package/dist/gaia-security/hooks/modules/context/__init__.py +11 -0
package/dist/gaia-security/hooks/modules/context/anchor_tracker.py +317 -0
package/dist/gaia-security/hooks/modules/context/compact_context_builder.py +215 -0
package/dist/gaia-security/hooks/modules/context/context_cache.py +129 -0
package/dist/gaia-security/hooks/modules/context/context_freshness.py +145 -0
package/dist/gaia-security/hooks/modules/context/context_injector.py +427 -0
package/dist/gaia-security/hooks/modules/context/context_writer.py +518 -0
package/dist/gaia-security/hooks/modules/context/contracts_loader.py +161 -0
package/dist/gaia-security/hooks/modules/core/__init__.py +40 -0
package/dist/gaia-security/hooks/modules/core/hook_entry.py +78 -0
package/dist/gaia-security/hooks/modules/core/paths.py +160 -0
package/dist/gaia-security/hooks/modules/core/plugin_mode.py +149 -0
package/dist/gaia-security/hooks/modules/core/plugin_setup.py +558 -0
package/dist/gaia-security/hooks/modules/core/state.py +179 -0
package/dist/gaia-security/hooks/modules/core/stdin.py +24 -0
package/dist/gaia-security/hooks/modules/events/__init__.py +1 -0
package/dist/gaia-security/hooks/modules/events/event_writer.py +210 -0
package/dist/gaia-security/hooks/modules/identity/__init__.py +0 -0
package/dist/gaia-security/hooks/modules/identity/identity_provider.py +21 -0
package/dist/gaia-security/hooks/modules/identity/ops_identity.py +34 -0
package/dist/gaia-security/hooks/modules/identity/security_identity.py +10 -0
package/dist/gaia-security/hooks/modules/memory/__init__.py +8 -0
package/dist/gaia-security/hooks/modules/memory/episode_writer.py +227 -0
package/dist/gaia-security/hooks/modules/orchestrator/__init__.py +1 -0
package/dist/gaia-security/hooks/modules/orchestrator/delegate_mode.py +128 -0
package/dist/gaia-security/hooks/modules/scanning/__init__.py +8 -0
package/dist/gaia-security/hooks/modules/scanning/scan_trigger.py +84 -0
package/dist/gaia-security/hooks/modules/security/__init__.py +89 -0
package/dist/gaia-security/hooks/modules/security/approval_cleanup.py +87 -0
package/dist/gaia-security/hooks/modules/security/approval_constants.py +23 -0
package/dist/gaia-security/hooks/modules/security/approval_grants.py +912 -0
package/dist/gaia-security/hooks/modules/security/approval_messages.py +71 -0
package/dist/gaia-security/hooks/modules/security/approval_scopes.py +153 -0
package/dist/gaia-security/hooks/modules/security/blocked_commands.py +584 -0
package/dist/gaia-security/hooks/modules/security/blocked_message_formatter.py +86 -0
package/dist/gaia-security/hooks/modules/security/command_semantics.py +130 -0
package/dist/gaia-security/hooks/modules/security/gitops_validator.py +179 -0
package/dist/gaia-security/hooks/modules/security/mutative_verbs.py +850 -0
package/dist/gaia-security/hooks/modules/security/prompt_validator.py +40 -0
package/dist/gaia-security/hooks/modules/security/tiers.py +196 -0
package/dist/gaia-security/hooks/modules/session/__init__.py +10 -0
package/dist/gaia-security/hooks/modules/session/session_context_writer.py +100 -0
package/dist/gaia-security/hooks/modules/session/session_event_injector.py +158 -0
package/dist/gaia-security/hooks/modules/session/session_manager.py +31 -0
package/dist/gaia-security/hooks/modules/tools/__init__.py +25 -0
package/dist/gaia-security/hooks/modules/tools/bash_validator.py +708 -0
package/dist/gaia-security/hooks/modules/tools/cloud_pipe_validator.py +181 -0
package/dist/gaia-security/hooks/modules/tools/hook_response.py +55 -0
package/dist/gaia-security/hooks/modules/tools/shell_parser.py +227 -0
package/dist/gaia-security/hooks/modules/tools/task_validator.py +283 -0
package/dist/gaia-security/hooks/modules/validation/__init__.py +23 -0
package/dist/gaia-security/hooks/modules/validation/commit_validator.py +380 -0
package/dist/gaia-security/hooks/post_tool_use.py +54 -0
package/dist/gaia-security/hooks/pre_tool_use.py +383 -0
package/dist/gaia-security/hooks/session_start.py +69 -0
package/dist/gaia-security/hooks/stop_hook.py +69 -0
package/dist/gaia-security/hooks/user_prompt_submit.py +177 -0
package/dist/gaia-security/settings.json +58 -0
package/git-hooks/commit-msg +41 -0
package/hooks/README.md +8 -6
package/hooks/adapters/channel.py +0 -25
package/hooks/adapters/claude_code.py +364 -125
package/hooks/elicitation_result.py +132 -0
package/hooks/hooks.json +10 -1
package/hooks/modules/README.md +3 -2
package/hooks/modules/agents/contract_validator.py +3 -51
package/hooks/modules/agents/response_contract.py +4 -8
package/hooks/modules/agents/transcript_reader.py +4 -5
package/hooks/modules/audit/__init__.py +4 -6
package/hooks/modules/audit/event_detector.py +0 -2
package/hooks/modules/audit/metrics.py +108 -187
package/hooks/modules/audit/workflow_auditor.py +0 -4
package/hooks/modules/audit/workflow_recorder.py +0 -5
package/hooks/modules/context/compact_context_builder.py +1 -0
package/hooks/modules/context/context_cache.py +129 -0
package/hooks/modules/context/context_injector.py +18 -40
package/hooks/modules/context/context_writer.py +1 -25
package/hooks/modules/context/contracts_loader.py +7 -10
package/hooks/modules/core/hook_entry.py +1 -0
package/hooks/modules/core/paths.py +12 -13
package/hooks/modules/core/plugin_mode.py +74 -4
package/hooks/modules/core/plugin_setup.py +395 -23
package/hooks/modules/events/__init__.py +1 -0
package/hooks/modules/events/event_writer.py +210 -0
package/hooks/modules/identity/ops_identity.py +18 -27
package/hooks/modules/memory/episode_writer.py +1 -6
package/hooks/modules/orchestrator/__init__.py +1 -0
package/hooks/modules/orchestrator/delegate_mode.py +128 -0
package/hooks/modules/security/__init__.py +2 -4
package/hooks/modules/security/approval_constants.py +5 -1
package/hooks/modules/security/approval_grants.py +189 -6
package/hooks/modules/security/approval_messages.py +9 -21
package/hooks/modules/security/blocked_commands.py +98 -34
package/hooks/modules/security/command_semantics.py +0 -4
package/hooks/modules/security/gitops_validator.py +1 -11
package/hooks/modules/security/mutative_verbs.py +179 -38
package/hooks/modules/security/tiers.py +1 -19
package/hooks/modules/session/session_event_injector.py +1 -25
package/hooks/modules/tools/bash_validator.py +310 -94
package/hooks/modules/tools/shell_parser.py +0 -1
package/hooks/modules/tools/task_validator.py +9 -29
package/hooks/post_tool_use.py +0 -72
package/hooks/pre_tool_use.py +42 -102
package/hooks/session_start.py +4 -2
package/hooks/subagent_start.py +6 -2
package/hooks/subagent_stop.py +1 -13
package/hooks/user_prompt_submit.py +119 -37
package/index.js +1 -1
package/package.json +5 -3
package/skills/README.md +3 -5
package/skills/agent-protocol/SKILL.md +17 -16
package/skills/agent-protocol/examples.md +6 -6
package/skills/agent-response/SKILL.md +11 -14
package/skills/approval/SKILL.md +28 -13
package/skills/approval/reference.md +2 -2
package/skills/execution/SKILL.md +1 -1
package/skills/gaia-patterns/SKILL.md +2 -3
package/skills/orchestrator-approval/SKILL.md +22 -50
package/skills/security-tiers/SKILL.md +1 -1
package/templates/README.md +9 -9
package/templates/managed-settings.template.json +43 -0
package/tools/gaia_simulator/runner.py +34 -1
package/tools/scan/orchestrator.py +13 -0
package/tools/scan/scanners/base.py +8 -0
package/tools/scan/scanners/git.py +78 -0
package/tools/scan/scanners/infrastructure.py +65 -0
package/tools/scan/scanners/stack.py +110 -0
package/tools/scan/setup.py +120 -13
package/tools/scan/workspace.py +85 -0
package/config/context-contracts.aws.json +0 -42
package/config/context-contracts.gcp.json +0 -39
package/skills/project-dispatch/SKILL.md +0 -34
package/templates/settings.template.json +0 -226

package/dist/gaia-ops/tools/validation/README.md ADDED Viewed

@@ -0,0 +1,244 @@
+# Validation Module
+**Purpose:** Approval gates and commit validation for T3 operations
+## Overview
+This module provides two critical validation components for the gaia-ops system:
+1. **Commit Message Validator** - Enforces Conventional Commits format
+2. **Approval Gate** - Manages T3 approval workflow with audit trail
+## Core Components
+### 1. Commit Message Validator
+**MOVED:** Commit validation has been moved to `hooks/modules/validation/commit_validator.py`
+and is now only used internally by `hooks/modules/tools/bash_validator.py`.
+This ensures commit validation is enforced automatically during git commit commands
+without requiring explicit imports in agent code.
+**What it validates:**
+- ✅ Conventional Commits format (`type(scope): description`)
+- ✅ Allowed types (feat, fix, refactor, docs, test, chore, ci, perf, style, build)
+- ✅ Subject line rules (max 72 chars, no period at end)
+- ✅ Forbidden footers (no "Generated with" footers)
+**Configuration:** `.claude/config/git_standards.json` (SSOT)
+**Logs:** `.claude/logs/commit-violations.jsonl`
+---
+### 2. Approval Gate
+Manages T3 operation approval workflow with structured questions and audit trail.
+**Files:**
+- `approval_gate.py` - Main approval gate
+- `test_approval_gate.py` - Test suite
+**Usage:**
+```python
+from tools.validation import request_approval, process_approval_response
+# Generate approval question
+approval = request_approval(
+    realization_package,
+    agent_name="gitops-operator",
+    phase="Phase 4"
+)
+# Show summary to user
+print(approval["summary"])
+# Ask for approval
+response = AskUserQuestion(**approval["question_config"])
+# Process response
+result = process_approval_response(
+    approval["gate_instance"],
+    response,
+    realization_package,
+    agent_name,
+    phase
+)
+if result["approved"]:
+    # Proceed to execution
+    execute_plan()
+else:
+    # Halt workflow
+    return {"status": "rejected"}
+```
+**Features:**
+- 📊 Visual summary of realization package
+- 🔍 Counts operations and resources
+- 📝 Audit trail of all approval decisions
+- ✅ Structured approval questions for AskUserQuestion
+**Logs:** `.claude/logs/approvals.jsonl`
+**Testing:**
+```bash
+python3 .claude/tools/validation/test_approval_gate.py
+```
+---
+## Integration with Skills
+This validation module works with skills in a **hybrid model**:
+- **Skills** (`.claude/skills/`) - Document patterns and guide agents
+- **Code** (this module) - Enforce rules and ensure consistency
+**Skills updated:**
+- `approval/SKILL.md` - References automatic validation
+- `execution/SKILL.md` - Documents commit validation integration
+**Division of responsibility:**
+- **Skills guide:** Show examples, explain context, teach patterns
+- **Code enforces:** Block invalid commits, log decisions, ensure compliance
+---
+## Architecture
+```
+┌──────────────────────────────────────────────────────────┐
+│  config/git_standards.json (SSOT)                         │
+│  - Conventional commit types                              │
+│  - Forbidden footers                                      │
+│  - Max lengths                                            │
+└──────────────────────────────────────────────────────────┘
+                        │
+                        ▼
+┌──────────────────────────────────────────────────────────┐
+│  hooks/modules/validation/ (Commit Validation)            │
+│  └─ commit_validator.py                                   │
+│     └─ Used by bash_validator.py only                     │
+└──────────────────────────────────────────────────────────┘
+                        │
+                        ▼
+┌──────────────────────────────────────────────────────────┐
+│  tools/validation/ (Approval Enforcement)                 │
+│  └─ approval_gate.py                                      │
+│     └─ Manages T3 approval workflow                       │
+└──────────────────────────────────────────────────────────┘
+                        │
+                        ▼
+┌──────────────────────────────────────────────────────────┐
+│  skills/ (Guidance)                              │
+│  ├─ approval/SKILL.md                                     │
+│  │  └─ How to present plans                               │
+│  └─ execution/SKILL.md                                    │
+│     └─ How to execute safely                              │
+└──────────────────────────────────────────────────────────┘
+                        │
+                        ▼
+┌──────────────────────────────────────────────────────────┐
+│  logs/ (Audit Trail)                                      │
+│  ├─ commit-violations.jsonl                               │
+│  └─ approvals.jsonl                                       │
+└──────────────────────────────────────────────────────────┘
+```
+---
+## Security Tiers
+| Tier | Operations | Validation | Approval Gate |
+|------|-----------|-----------|---------------|
+| T0 | Read-only | No | No |
+| T1 | Local changes | Yes | No |
+| T2 | Reversible remote | Yes | No |
+| T3 | Irreversible | **Yes** | **Yes** ⚠️ |
+**T3 operations require:**
+1. ✅ Commit message validation (enforced by commit_validator.py)
+2. ✅ Approval gate (enforced by approval_gate.py)
+3. ✅ Audit trail (logged automatically)
+---
+## Files
+```
+validation/
+├── __init__.py                    # Module exports
+├── README.md                      # This file
+└── approval_gate.py               # T3 approval workflow
+Note: commit_validator.py moved to hooks/modules/validation/
+```
+---
+## Configuration
+**Git Standards:** `.claude/config/git_standards.json`
+Example:
+```json
+{
+  "commit_message": {
+    "type_allowed": ["feat", "fix", "refactor", "docs", "test", "chore"],
+    "subject_max_length": 72,
+    "footer_forbidden": ["Generated with Claude Code"]
+  },
+  "enforcement": {
+    "enabled": true,
+    "block_on_failure": true,
+    "log_violations": true
+  }
+}
+```
+---
+## Logs
+**Commit Violations:** `.claude/logs/commit-violations.jsonl`
+Example entry:
+```json
+{
+  "timestamp": "2026-01-15T19:34:12.345678",
+  "message": "Added new feature...",
+  "errors": [{"type": "INVALID_FORMAT", "message": "..."}],
+  "error_count": 1
+}
+```
+**Approvals:** `.claude/logs/approvals.jsonl`
+Example entry:
+```json
+{
+  "timestamp": "2026-01-15T19:35:00.123456",
+  "agent": "gitops-operator",
+  "phase": "Phase 4",
+  "approved": true,
+  "user_response": "✅ Aprobar y ejecutar",
+  "files_count": 2,
+  "operations": "git push origin main",
+  "git_commit": "feat(graphql): update image to v1.0.180"
+}
+```
+---
+## See Also
+- `.claude/config/git_standards.json` - Git standards configuration
+- `.claude/skills/approval/SKILL.md` - Approval workflow patterns
+- `.claude/skills/execution/SKILL.md` - Execution workflow patterns
+- `CLAUDE.md` - Orchestrator protocol with T3 workflow
+---
+**Version:** 4.2.0
+**Last Updated:** 2026-03-11
+**Maintained by:** gaia-ops validation team

package/dist/gaia-ops/tools/validation/__init__.py ADDED Viewed

@@ -0,0 +1,17 @@
+"""
+Validation Module: Approval gates for T3 operations
+This module provides T3 approval gate enforcement.
+Ensures infrastructure changes and critical operations follow proper governance.
+Note: commit_validator.py has been moved to hooks/modules/validation/
+      and is now only used by bash_validator.py
+"""
+from .approval_gate import ApprovalGate, request_approval, process_approval_response
+__all__ = [
+    "ApprovalGate",
+    "request_approval",
+    "process_approval_response",
+]

package/dist/gaia-ops/tools/validation/approval_gate.py ADDED Viewed

@@ -0,0 +1,321 @@
+"""
+Approval Gate Enforcement
+Ensures that no realization occurs without explicit user approval.
+This is a CRITICAL component of the Two-Phase Workflow.
+"""
+import json
+import os
+from typing import Dict, Any, Optional
+from datetime import datetime
+class ApprovalGate:
+    """
+    Enforces approval gate before any realization actions.
+    CRITICAL: This gate is MANDATORY in the workflow. No realization
+    can proceed without explicit user approval via AskUserQuestion.
+    """
+    def __init__(self):
+        # Calculate base path (.claude/) from this file location
+        # From .claude/tools/validation/ go up to .claude/
+        base_path = os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))
+        self.approval_log_path = os.path.join(base_path, "logs", "approvals.jsonl")
+        self._ensure_log_directory()
+    def _ensure_log_directory(self):
+        """Ensure the logs directory exists."""
+        log_dir = os.path.dirname(self.approval_log_path)
+        os.makedirs(log_dir, exist_ok=True)
+    def generate_approval_question(
+        self,
+        realization_package: Dict[str, Any],
+        agent_name: str,
+        phase: str
+    ) -> Dict[str, Any]:
+        """
+        Generate the approval question configuration for AskUserQuestion tool.
+        Args:
+            realization_package: The plan to be realized
+            agent_name: Name of the agent that generated the plan
+            phase: Current phase (e.g., "Phase 3.3")
+        Returns:
+            Dict with AskUserQuestion configuration
+        """
+        critical_ops = self._get_critical_operations(realization_package)
+        operation_count = self._get_operation_count(realization_package)
+        return {
+            "questions": [{
+                "question": f"¿Apruebas la realización de este plan? Se ejecutará: {critical_ops}",
+                "header": "Approval",
+                "multiSelect": False,
+                "options": [
+                    {
+                        "label": "✅ Aprobar y ejecutar",
+                        "description": f"Proceder con {operation_count} operaciones: {critical_ops}"
+                    },
+                    {
+                        "label": "❌ Rechazar",
+                        "description": "Cancelar la realización. No se harán cambios."
+                    }
+                ]
+            }]
+        }
+    def generate_summary(self, realization_package: Dict[str, Any]) -> str:
+        """
+        Generate human-readable summary of the realization package.
+        This summary should be presented to the user BEFORE calling
+        AskUserQuestion so they have full context for their decision.
+        """
+        summary_parts = []
+        summary_parts.append("="*60)
+        summary_parts.append("📦 REALIZATION PACKAGE - APPROVAL REQUIRED")
+        summary_parts.append("="*60)
+        # Files
+        if "files" in realization_package:
+            files = realization_package["files"]
+            summary_parts.append(f"\n**Archivos a crear/modificar:** {len(files)}")
+            for file_info in files[:10]:  # Show first 10
+                action = file_info.get('action', 'create')
+                summary_parts.append(f"  [{action}] {file_info['path']}")
+            if len(files) > 10:
+                summary_parts.append(f"  ... y {len(files) - 10} archivos más")
+        # Git operations
+        if "git_operations" in realization_package:
+            git_ops = realization_package["git_operations"]
+            summary_parts.append(f"\n**Git Operations:**")
+            summary_parts.append(f"  Commit: {git_ops.get('commit_message', 'N/A')}")
+            summary_parts.append(f"  Branch: {git_ops.get('branch', 'main')}")
+            summary_parts.append(f"  Remote: {git_ops.get('remote', 'origin')}")
+            summary_parts.append(f"  Operation: git push")
+        # Resources affected
+        if "resources_affected" in realization_package:
+            resources = realization_package["resources_affected"]
+            summary_parts.append(f"\n**Recursos Afectados en el Cluster:**")
+            for resource_type, items in resources.items():
+                if isinstance(items, list):
+                    summary_parts.append(f"  {resource_type}: {len(items)}")
+                    for item in items[:5]:
+                        summary_parts.append(f"    - {item}")
+                    if len(items) > 5:
+                        summary_parts.append(f"    ... y {len(items) - 5} más")
+                else:
+                    summary_parts.append(f"  {resource_type}: {items}")
+        # Terraform operations
+        if "terraform_operations" in realization_package:
+            tf_ops = realization_package["terraform_operations"]
+            summary_parts.append(f"\n**Terraform Operations:**")
+            summary_parts.append(f"  Command: {tf_ops.get('command', 'N/A')}")
+            summary_parts.append(f"  Path: {tf_ops.get('path', 'N/A')}")
+            if "resources" in tf_ops:
+                summary_parts.append(f"  Resources to change: {len(tf_ops['resources'])}")
+        # Validation results (if present)
+        if "validation_results" in realization_package:
+            validation = realization_package["validation_results"]
+            summary_parts.append(f"\n**Pre-Deployment Validation:**")
+            summary_parts.append(f"  Status: {validation.get('status', 'N/A')}")
+            if validation.get('warnings'):
+                summary_parts.append(f"  ⚠️  Warnings: {len(validation['warnings'])}")
+                for warning in validation['warnings'][:3]:
+                    summary_parts.append(f"    - {warning}")
+        # Estimated impact
+        if "estimated_impact" in realization_package:
+            impact = realization_package["estimated_impact"]
+            summary_parts.append(f"\n**Estimated Impact:**")
+            summary_parts.append(f"  Downtime: {impact.get('downtime', 'None expected')}")
+            summary_parts.append(f"  Risk Level: {impact.get('risk_level', 'Medium')}")
+        summary_parts.append("\n" + "="*60)
+        return "\n".join(summary_parts)
+    def _get_critical_operations(self, realization_package: Dict[str, Any]) -> str:
+        """Extract critical operations for the approval question."""
+        operations = []
+        if "git_operations" in realization_package:
+            git_ops = realization_package["git_operations"]
+            branch = git_ops.get('branch', 'main')
+            operations.append(f"git push origin {branch}")
+        if "kubectl_operations" in realization_package:
+            operations.append("kubectl apply")
+        if "terraform_operations" in realization_package:
+            tf_ops = realization_package["terraform_operations"]
+            command = tf_ops.get('command', 'apply')
+            operations.append(f"terraform {command}")
+        if "flux_operations" in realization_package:
+            operations.append("flux reconcile")
+        return ", ".join(operations) if operations else "cambios al repositorio"
+    def _get_operation_count(self, realization_package: Dict[str, Any]) -> int:
+        """Count total operations in the package."""
+        count = 0
+        if "files" in realization_package:
+            count += len(realization_package["files"])
+        if "git_operations" in realization_package:
+            count += 2  # commit + push
+        if "kubectl_operations" in realization_package:
+            kubectl_ops = realization_package["kubectl_operations"]
+            count += len(kubectl_ops) if isinstance(kubectl_ops, list) else 1
+        if "terraform_operations" in realization_package:
+            count += 1
+        return count
+    def validate_approval_response(self, user_response: str) -> Dict[str, Any]:
+        """
+        Validate the user's approval response.
+        Args:
+            user_response: The response from AskUserQuestion
+        Returns:
+            Dict with validation result and action to take
+        """
+        if user_response == "✅ Aprobar y ejecutar":
+            return {
+                "approved": True,
+                "action": "proceed_to_realization",
+                "message": "✅ Aprobación recibida. Procediendo a Fase 5 (Realization)..."
+            }
+        elif user_response == "❌ Rechazar":
+            return {
+                "approved": False,
+                "action": "halt_workflow",
+                "message": "❌ Realización rechazada por el usuario. Workflow detenido."
+            }
+        else:
+            # User selected "Other" or provided custom response
+            return {
+                "approved": False,
+                "action": "clarify_with_user",
+                "message": f"⚠️  Respuesta no estándar recibida: '{user_response}'. Se requiere clarificación.",
+                "user_input": user_response
+            }
+    def log_approval(
+        self,
+        realization_package: Dict[str, Any],
+        user_response: str,
+        approved: bool,
+        agent_name: str,
+        phase: str
+    ):
+        """
+        Log the approval decision for audit trail.
+        This creates a permanent record of all approval decisions
+        for compliance and troubleshooting purposes.
+        """
+        log_entry = {
+            "timestamp": datetime.now().isoformat(),
+            "agent": agent_name,
+            "phase": phase,
+            "approved": approved,
+            "user_response": user_response,
+            "files_count": len(realization_package.get("files", [])),
+            "operations": self._get_critical_operations(realization_package),
+            "git_commit": realization_package.get("git_operations", {}).get("commit_message", "N/A")
+        }
+        # Append to JSONL log file
+        with open(self.approval_log_path, "a") as f:
+            f.write(json.dumps(log_entry) + "\n")
+        return log_entry
+# Convenience function for orchestrator to use
+def request_approval(
+    realization_package: Dict[str, Any],
+    agent_name: str,
+    phase: str
+) -> Dict[str, Any]:
+    """
+    Main function to request approval from user.
+    This should be called by the orchestrator in Phase 4 (Approval Gate).
+    Args:
+        realization_package: The complete realization package from the agent
+        agent_name: Name of the agent that generated the plan
+        phase: Current phase identifier
+    Returns:
+        Dict with:
+        - summary: String to present to user
+        - question_config: Dict to pass to AskUserQuestion tool
+    """
+    gate = ApprovalGate()
+    return {
+        "summary": gate.generate_summary(realization_package),
+        "question_config": gate.generate_approval_question(realization_package, agent_name, phase),
+        "gate_instance": gate
+    }
+def process_approval_response(
+    gate_instance: ApprovalGate,
+    user_response: str,
+    realization_package: Dict[str, Any],
+    agent_name: str,
+    phase: str
+) -> Dict[str, Any]:
+    """
+    Process the user's approval response.
+    Args:
+        gate_instance: The ApprovalGate instance from request_approval
+        user_response: The user's response from AskUserQuestion
+        realization_package: The realization package
+        agent_name: Name of the agent
+        phase: Current phase
+    Returns:
+        Dict with validation result and action to take
+    """
+    # Validate response
+    validation = gate_instance.validate_approval_response(user_response)
+    # Log the decision
+    gate_instance.log_approval(
+        realization_package,
+        user_response,
+        validation["approved"],
+        agent_name,
+        phase
+    )
+    return validation