npm - @jaguilar87/gaia-ops - Versions diffs - 4.4.0 → 4.7.2 - Mend

@jaguilar87/gaia-ops 4.4.0 → 4.7.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (371) hide show

package/.claude-plugin/marketplace.json +1 -1
package/.claude-plugin/plugin.json +12 -3
package/ARCHITECTURE.md +9 -8
package/CHANGELOG.md +34 -0
package/README.md +43 -11
package/agents/terraform-architect.md +1 -1
package/bin/README.md +2 -2
package/bin/gaia-doctor.js +18 -5
package/bin/gaia-history.js +0 -1
package/bin/gaia-metrics.js +2 -2
package/bin/gaia-scan.py +23 -1
package/bin/gaia-update.js +346 -54
package/bin/pre-publish-validate.js +33 -10
package/commands/gaia.md +37 -0
package/config/README.md +3 -9
package/config/context-contracts.json +47 -15
package/config/surface-routing.json +9 -1
package/dist/gaia-ops/.claude-plugin/plugin.json +22 -0
package/dist/gaia-ops/agents/cloud-troubleshooter.md +73 -0
package/dist/gaia-ops/agents/devops-developer.md +57 -0
package/dist/gaia-ops/agents/gaia-system.md +58 -0
package/dist/gaia-ops/agents/gitops-operator.md +60 -0
package/dist/gaia-ops/agents/speckit-planner.md +71 -0
package/dist/gaia-ops/agents/terraform-architect.md +60 -0
package/dist/gaia-ops/commands/gaia.md +37 -0
package/dist/gaia-ops/config/README.md +58 -0
package/dist/gaia-ops/config/cloud/aws.json +140 -0
package/dist/gaia-ops/config/cloud/gcp.json +145 -0
package/dist/gaia-ops/config/context-contracts.json +131 -0
package/dist/gaia-ops/config/git_standards.json +72 -0
package/dist/gaia-ops/config/surface-routing.json +197 -0
package/dist/gaia-ops/config/universal-rules.json +10 -0
package/dist/gaia-ops/hooks/adapters/__init__.py +52 -0
package/dist/gaia-ops/hooks/adapters/base.py +219 -0
package/dist/gaia-ops/hooks/adapters/channel.py +17 -0
package/dist/gaia-ops/hooks/adapters/claude_code.py +1477 -0
package/dist/gaia-ops/hooks/adapters/types.py +194 -0
package/dist/gaia-ops/hooks/adapters/utils.py +25 -0
package/dist/gaia-ops/hooks/hooks.json +126 -0
package/dist/gaia-ops/hooks/modules/__init__.py +15 -0
package/dist/gaia-ops/hooks/modules/agents/__init__.py +29 -0
package/dist/gaia-ops/hooks/modules/agents/contract_validator.py +647 -0
package/dist/gaia-ops/hooks/modules/agents/response_contract.py +496 -0
package/dist/gaia-ops/hooks/modules/agents/skill_injection_verifier.py +124 -0
package/dist/gaia-ops/hooks/modules/agents/task_info_builder.py +74 -0
package/dist/gaia-ops/hooks/modules/agents/transcript_analyzer.py +458 -0
package/dist/gaia-ops/hooks/modules/agents/transcript_reader.py +152 -0
package/dist/gaia-ops/hooks/modules/audit/__init__.py +28 -0
package/dist/gaia-ops/hooks/modules/audit/event_detector.py +168 -0
package/dist/gaia-ops/hooks/modules/audit/logger.py +131 -0
package/dist/gaia-ops/hooks/modules/audit/metrics.py +134 -0
package/dist/gaia-ops/hooks/modules/audit/workflow_auditor.py +576 -0
package/dist/gaia-ops/hooks/modules/audit/workflow_recorder.py +296 -0
package/dist/gaia-ops/hooks/modules/context/__init__.py +11 -0
package/dist/gaia-ops/hooks/modules/context/anchor_tracker.py +317 -0
package/dist/gaia-ops/hooks/modules/context/compact_context_builder.py +215 -0
package/dist/gaia-ops/hooks/modules/context/context_cache.py +129 -0
package/dist/gaia-ops/hooks/modules/context/context_freshness.py +145 -0
package/dist/gaia-ops/hooks/modules/context/context_injector.py +427 -0
package/dist/gaia-ops/hooks/modules/context/context_writer.py +518 -0
package/dist/gaia-ops/hooks/modules/context/contracts_loader.py +161 -0
package/dist/gaia-ops/hooks/modules/core/__init__.py +40 -0
package/dist/gaia-ops/hooks/modules/core/hook_entry.py +78 -0
package/dist/gaia-ops/hooks/modules/core/paths.py +160 -0
package/dist/gaia-ops/hooks/modules/core/plugin_mode.py +149 -0
package/dist/gaia-ops/hooks/modules/core/plugin_setup.py +558 -0
package/dist/gaia-ops/hooks/modules/core/state.py +179 -0
package/dist/gaia-ops/hooks/modules/core/stdin.py +24 -0
package/dist/gaia-ops/hooks/modules/events/__init__.py +1 -0
package/dist/gaia-ops/hooks/modules/events/event_writer.py +210 -0
package/dist/gaia-ops/hooks/modules/identity/__init__.py +0 -0
package/dist/gaia-ops/hooks/modules/identity/identity_provider.py +21 -0
package/dist/gaia-ops/hooks/modules/identity/ops_identity.py +34 -0
package/dist/gaia-ops/hooks/modules/identity/security_identity.py +10 -0
package/dist/gaia-ops/hooks/modules/memory/__init__.py +8 -0
package/dist/gaia-ops/hooks/modules/memory/episode_writer.py +227 -0
package/dist/gaia-ops/hooks/modules/orchestrator/__init__.py +1 -0
package/dist/gaia-ops/hooks/modules/orchestrator/delegate_mode.py +128 -0
package/dist/gaia-ops/hooks/modules/scanning/__init__.py +8 -0
package/dist/gaia-ops/hooks/modules/scanning/scan_trigger.py +84 -0
package/dist/gaia-ops/hooks/modules/security/__init__.py +89 -0
package/dist/gaia-ops/hooks/modules/security/approval_cleanup.py +87 -0
package/dist/gaia-ops/hooks/modules/security/approval_constants.py +23 -0
package/dist/gaia-ops/hooks/modules/security/approval_grants.py +912 -0
package/dist/gaia-ops/hooks/modules/security/approval_messages.py +71 -0
package/dist/gaia-ops/hooks/modules/security/approval_scopes.py +153 -0
package/dist/gaia-ops/hooks/modules/security/blocked_commands.py +584 -0
package/dist/gaia-ops/hooks/modules/security/blocked_message_formatter.py +86 -0
package/dist/gaia-ops/hooks/modules/security/command_semantics.py +130 -0
package/dist/gaia-ops/hooks/modules/security/gitops_validator.py +179 -0
package/dist/gaia-ops/hooks/modules/security/mutative_verbs.py +850 -0
package/dist/gaia-ops/hooks/modules/security/prompt_validator.py +40 -0
package/dist/gaia-ops/hooks/modules/security/tiers.py +196 -0
package/dist/gaia-ops/hooks/modules/session/__init__.py +10 -0
package/dist/gaia-ops/hooks/modules/session/session_context_writer.py +100 -0
package/dist/gaia-ops/hooks/modules/session/session_event_injector.py +158 -0
package/dist/gaia-ops/hooks/modules/session/session_manager.py +31 -0
package/dist/gaia-ops/hooks/modules/tools/__init__.py +25 -0
package/dist/gaia-ops/hooks/modules/tools/bash_validator.py +708 -0
package/dist/gaia-ops/hooks/modules/tools/cloud_pipe_validator.py +181 -0
package/dist/gaia-ops/hooks/modules/tools/hook_response.py +55 -0
package/dist/gaia-ops/hooks/modules/tools/shell_parser.py +227 -0
package/dist/gaia-ops/hooks/modules/tools/task_validator.py +283 -0
package/dist/gaia-ops/hooks/modules/validation/__init__.py +23 -0
package/dist/gaia-ops/hooks/modules/validation/commit_validator.py +380 -0
package/dist/gaia-ops/hooks/post_compact.py +43 -0
package/dist/gaia-ops/hooks/post_tool_use.py +54 -0
package/dist/gaia-ops/hooks/pre_tool_use.py +383 -0
package/dist/gaia-ops/hooks/session_start.py +69 -0
package/dist/gaia-ops/hooks/stop_hook.py +69 -0
package/dist/gaia-ops/hooks/subagent_start.py +71 -0
package/dist/gaia-ops/hooks/subagent_stop.py +288 -0
package/dist/gaia-ops/hooks/task_completed.py +70 -0
package/dist/gaia-ops/hooks/user_prompt_submit.py +177 -0
package/dist/gaia-ops/settings.json +72 -0
package/dist/gaia-ops/skills/README.md +109 -0
package/dist/gaia-ops/skills/agent-protocol/SKILL.md +105 -0
package/dist/gaia-ops/skills/agent-protocol/examples.md +170 -0
package/dist/gaia-ops/skills/agent-response/SKILL.md +53 -0
package/dist/gaia-ops/skills/approval/SKILL.md +85 -0
package/dist/gaia-ops/skills/approval/examples.md +140 -0
package/dist/gaia-ops/skills/approval/reference.md +57 -0
package/dist/gaia-ops/skills/command-execution/SKILL.md +64 -0
package/dist/gaia-ops/skills/command-execution/reference.md +83 -0
package/dist/gaia-ops/skills/context-updater/SKILL.md +76 -0
package/dist/gaia-ops/skills/context-updater/examples.md +71 -0
package/dist/gaia-ops/skills/developer-patterns/SKILL.md +93 -0
package/dist/gaia-ops/skills/developer-patterns/reference.md +112 -0
package/dist/gaia-ops/skills/execution/SKILL.md +66 -0
package/dist/gaia-ops/skills/fast-queries/SKILL.md +47 -0
package/dist/gaia-ops/skills/gaia-patterns/SKILL.md +92 -0
package/dist/gaia-ops/skills/gaia-patterns/reference.md +22 -0
package/dist/gaia-ops/skills/git-conventions/SKILL.md +48 -0
package/dist/gaia-ops/skills/gitops-patterns/SKILL.md +73 -0
package/dist/gaia-ops/skills/gitops-patterns/reference.md +183 -0
package/dist/gaia-ops/skills/investigation/SKILL.md +77 -0
package/dist/gaia-ops/skills/orchestrator-approval/SKILL.md +64 -0
package/dist/gaia-ops/skills/reference.md +134 -0
package/dist/gaia-ops/skills/security-tiers/SKILL.md +61 -0
package/dist/gaia-ops/skills/security-tiers/destructive-commands-reference.md +623 -0
package/dist/gaia-ops/skills/security-tiers/reference.md +39 -0
package/dist/gaia-ops/skills/skill-creation/SKILL.md +119 -0
package/dist/gaia-ops/skills/specification/SKILL.md +186 -0
package/dist/gaia-ops/skills/speckit-workflow/SKILL.md +165 -0
package/dist/gaia-ops/skills/speckit-workflow/reference.md +117 -0
package/dist/gaia-ops/skills/terraform-patterns/SKILL.md +63 -0
package/dist/gaia-ops/skills/terraform-patterns/reference.md +93 -0
package/dist/gaia-ops/speckit/README.md +516 -0
package/dist/gaia-ops/speckit/scripts/.gitkeep +0 -0
package/dist/gaia-ops/speckit/templates/adr-template.md +118 -0
package/dist/gaia-ops/speckit/templates/agent-file-template.md +23 -0
package/dist/gaia-ops/speckit/templates/plan-template.md +227 -0
package/dist/gaia-ops/speckit/templates/spec-template.md +140 -0
package/dist/gaia-ops/speckit/templates/tasks-template.md +257 -0
package/dist/gaia-ops/tools/context/README.md +132 -0
package/dist/gaia-ops/tools/context/__init__.py +42 -0
package/dist/gaia-ops/tools/context/_paths.py +20 -0
package/dist/gaia-ops/tools/context/context_provider.py +476 -0
package/dist/gaia-ops/tools/context/context_section_reader.py +330 -0
package/dist/gaia-ops/tools/context/deep_merge.py +159 -0
package/dist/gaia-ops/tools/context/pending_updates.py +760 -0
package/dist/gaia-ops/tools/context/surface_router.py +278 -0
package/dist/gaia-ops/tools/fast-queries/README.md +65 -0
package/dist/gaia-ops/tools/fast-queries/__init__.py +30 -0
package/dist/gaia-ops/tools/fast-queries/appservices/quicktriage_devops_developer.sh +75 -0
package/dist/gaia-ops/tools/fast-queries/cloud/aws/quicktriage_aws_troubleshooter.sh +32 -0
package/dist/gaia-ops/tools/fast-queries/cloud/gcp/quicktriage_gcp_troubleshooter.sh +88 -0
package/dist/gaia-ops/tools/fast-queries/gitops/quicktriage_gitops_operator.sh +48 -0
package/dist/gaia-ops/tools/fast-queries/run_triage.sh +59 -0
package/dist/gaia-ops/tools/fast-queries/terraform/quicktriage_terraform_architect.sh +80 -0
package/dist/gaia-ops/tools/gaia_simulator/__init__.py +33 -0
package/dist/gaia-ops/tools/gaia_simulator/cli.py +354 -0
package/dist/gaia-ops/tools/gaia_simulator/extractor.py +457 -0
package/dist/gaia-ops/tools/gaia_simulator/reporter.py +258 -0
package/dist/gaia-ops/tools/gaia_simulator/routing_simulator.py +334 -0
package/dist/gaia-ops/tools/gaia_simulator/runner.py +539 -0
package/dist/gaia-ops/tools/gaia_simulator/skills_mapper.py +262 -0
package/dist/gaia-ops/tools/memory/README.md +0 -0
package/dist/gaia-ops/tools/memory/__init__.py +20 -0
package/dist/gaia-ops/tools/memory/episodic.py +1196 -0
package/dist/gaia-ops/tools/persist_transcript_analysis.py +85 -0
package/dist/gaia-ops/tools/review/__init__.py +1 -0
package/dist/gaia-ops/tools/review/review_engine.py +157 -0
package/dist/gaia-ops/tools/scan/__init__.py +35 -0
package/dist/gaia-ops/tools/scan/config.py +247 -0
package/dist/gaia-ops/tools/scan/merge.py +212 -0
package/dist/gaia-ops/tools/scan/orchestrator.py +549 -0
package/dist/gaia-ops/tools/scan/registry.py +127 -0
package/dist/gaia-ops/tools/scan/scanners/__init__.py +18 -0
package/dist/gaia-ops/tools/scan/scanners/base.py +137 -0
package/dist/gaia-ops/tools/scan/scanners/environment.py +324 -0
package/dist/gaia-ops/tools/scan/scanners/git.py +570 -0
package/dist/gaia-ops/tools/scan/scanners/infrastructure.py +875 -0
package/dist/gaia-ops/tools/scan/scanners/orchestration.py +600 -0
package/dist/gaia-ops/tools/scan/scanners/stack.py +1085 -0
package/dist/gaia-ops/tools/scan/scanners/tools.py +260 -0
package/dist/gaia-ops/tools/scan/setup.py +753 -0
package/dist/gaia-ops/tools/scan/tests/__init__.py +1 -0
package/dist/gaia-ops/tools/scan/tests/conftest.py +796 -0
package/dist/gaia-ops/tools/scan/tests/test_environment.py +323 -0
package/dist/gaia-ops/tools/scan/tests/test_git.py +419 -0
package/dist/gaia-ops/tools/scan/tests/test_infrastructure.py +382 -0
package/dist/gaia-ops/tools/scan/tests/test_integration.py +920 -0
package/dist/gaia-ops/tools/scan/tests/test_merge.py +269 -0
package/dist/gaia-ops/tools/scan/tests/test_orchestration.py +304 -0
package/dist/gaia-ops/tools/scan/tests/test_stack.py +604 -0
package/dist/gaia-ops/tools/scan/tests/test_tools.py +349 -0
package/dist/gaia-ops/tools/scan/ui.py +624 -0
package/dist/gaia-ops/tools/scan/verify.py +266 -0
package/dist/gaia-ops/tools/scan/walk.py +118 -0
package/dist/gaia-ops/tools/scan/workspace.py +85 -0
package/dist/gaia-ops/tools/validation/README.md +244 -0
package/dist/gaia-ops/tools/validation/__init__.py +17 -0
package/dist/gaia-ops/tools/validation/approval_gate.py +321 -0
package/dist/gaia-ops/tools/validation/validate_skills.py +189 -0
package/dist/gaia-security/.claude-plugin/plugin.json +22 -0
package/dist/gaia-security/config/universal-rules.json +10 -0
package/dist/gaia-security/hooks/adapters/__init__.py +52 -0
package/dist/gaia-security/hooks/adapters/base.py +219 -0
package/dist/gaia-security/hooks/adapters/channel.py +17 -0
package/dist/gaia-security/hooks/adapters/claude_code.py +1477 -0
package/dist/gaia-security/hooks/adapters/types.py +194 -0
package/dist/gaia-security/hooks/adapters/utils.py +25 -0
package/dist/gaia-security/hooks/hooks.json +57 -0
package/dist/gaia-security/hooks/modules/__init__.py +15 -0
package/dist/gaia-security/hooks/modules/agents/__init__.py +29 -0
package/dist/gaia-security/hooks/modules/agents/contract_validator.py +647 -0
package/dist/gaia-security/hooks/modules/agents/response_contract.py +496 -0
package/dist/gaia-security/hooks/modules/agents/skill_injection_verifier.py +124 -0
package/dist/gaia-security/hooks/modules/agents/task_info_builder.py +74 -0
package/dist/gaia-security/hooks/modules/agents/transcript_analyzer.py +458 -0
package/dist/gaia-security/hooks/modules/agents/transcript_reader.py +152 -0
package/dist/gaia-security/hooks/modules/audit/__init__.py +28 -0
package/dist/gaia-security/hooks/modules/audit/event_detector.py +168 -0
package/dist/gaia-security/hooks/modules/audit/logger.py +131 -0
package/dist/gaia-security/hooks/modules/audit/metrics.py +134 -0
package/dist/gaia-security/hooks/modules/audit/workflow_auditor.py +576 -0
package/dist/gaia-security/hooks/modules/audit/workflow_recorder.py +296 -0
package/dist/gaia-security/hooks/modules/context/__init__.py +11 -0
package/dist/gaia-security/hooks/modules/context/anchor_tracker.py +317 -0
package/dist/gaia-security/hooks/modules/context/compact_context_builder.py +215 -0
package/dist/gaia-security/hooks/modules/context/context_cache.py +129 -0
package/dist/gaia-security/hooks/modules/context/context_freshness.py +145 -0
package/dist/gaia-security/hooks/modules/context/context_injector.py +427 -0
package/dist/gaia-security/hooks/modules/context/context_writer.py +518 -0
package/dist/gaia-security/hooks/modules/context/contracts_loader.py +161 -0
package/dist/gaia-security/hooks/modules/core/__init__.py +40 -0
package/dist/gaia-security/hooks/modules/core/hook_entry.py +78 -0
package/dist/gaia-security/hooks/modules/core/paths.py +160 -0
package/dist/gaia-security/hooks/modules/core/plugin_mode.py +149 -0
package/dist/gaia-security/hooks/modules/core/plugin_setup.py +558 -0
package/dist/gaia-security/hooks/modules/core/state.py +179 -0
package/dist/gaia-security/hooks/modules/core/stdin.py +24 -0
package/dist/gaia-security/hooks/modules/events/__init__.py +1 -0
package/dist/gaia-security/hooks/modules/events/event_writer.py +210 -0
package/dist/gaia-security/hooks/modules/identity/__init__.py +0 -0
package/dist/gaia-security/hooks/modules/identity/identity_provider.py +21 -0
package/dist/gaia-security/hooks/modules/identity/ops_identity.py +34 -0
package/dist/gaia-security/hooks/modules/identity/security_identity.py +10 -0
package/dist/gaia-security/hooks/modules/memory/__init__.py +8 -0
package/dist/gaia-security/hooks/modules/memory/episode_writer.py +227 -0
package/dist/gaia-security/hooks/modules/orchestrator/__init__.py +1 -0
package/dist/gaia-security/hooks/modules/orchestrator/delegate_mode.py +128 -0
package/dist/gaia-security/hooks/modules/scanning/__init__.py +8 -0
package/dist/gaia-security/hooks/modules/scanning/scan_trigger.py +84 -0
package/dist/gaia-security/hooks/modules/security/__init__.py +89 -0
package/dist/gaia-security/hooks/modules/security/approval_cleanup.py +87 -0
package/dist/gaia-security/hooks/modules/security/approval_constants.py +23 -0
package/dist/gaia-security/hooks/modules/security/approval_grants.py +912 -0
package/dist/gaia-security/hooks/modules/security/approval_messages.py +71 -0
package/dist/gaia-security/hooks/modules/security/approval_scopes.py +153 -0
package/dist/gaia-security/hooks/modules/security/blocked_commands.py +584 -0
package/dist/gaia-security/hooks/modules/security/blocked_message_formatter.py +86 -0
package/dist/gaia-security/hooks/modules/security/command_semantics.py +130 -0
package/dist/gaia-security/hooks/modules/security/gitops_validator.py +179 -0
package/dist/gaia-security/hooks/modules/security/mutative_verbs.py +850 -0
package/dist/gaia-security/hooks/modules/security/prompt_validator.py +40 -0
package/dist/gaia-security/hooks/modules/security/tiers.py +196 -0
package/dist/gaia-security/hooks/modules/session/__init__.py +10 -0
package/dist/gaia-security/hooks/modules/session/session_context_writer.py +100 -0
package/dist/gaia-security/hooks/modules/session/session_event_injector.py +158 -0
package/dist/gaia-security/hooks/modules/session/session_manager.py +31 -0
package/dist/gaia-security/hooks/modules/tools/__init__.py +25 -0
package/dist/gaia-security/hooks/modules/tools/bash_validator.py +708 -0
package/dist/gaia-security/hooks/modules/tools/cloud_pipe_validator.py +181 -0
package/dist/gaia-security/hooks/modules/tools/hook_response.py +55 -0
package/dist/gaia-security/hooks/modules/tools/shell_parser.py +227 -0
package/dist/gaia-security/hooks/modules/tools/task_validator.py +283 -0
package/dist/gaia-security/hooks/modules/validation/__init__.py +23 -0
package/dist/gaia-security/hooks/modules/validation/commit_validator.py +380 -0
package/dist/gaia-security/hooks/post_tool_use.py +54 -0
package/dist/gaia-security/hooks/pre_tool_use.py +383 -0
package/dist/gaia-security/hooks/session_start.py +69 -0
package/dist/gaia-security/hooks/stop_hook.py +69 -0
package/dist/gaia-security/hooks/user_prompt_submit.py +177 -0
package/dist/gaia-security/settings.json +58 -0
package/git-hooks/commit-msg +41 -0
package/hooks/README.md +8 -6
package/hooks/adapters/channel.py +0 -25
package/hooks/adapters/claude_code.py +364 -125
package/hooks/elicitation_result.py +132 -0
package/hooks/hooks.json +10 -1
package/hooks/modules/README.md +3 -2
package/hooks/modules/agents/contract_validator.py +3 -51
package/hooks/modules/agents/response_contract.py +4 -8
package/hooks/modules/agents/transcript_reader.py +4 -5
package/hooks/modules/audit/__init__.py +4 -6
package/hooks/modules/audit/event_detector.py +0 -2
package/hooks/modules/audit/metrics.py +108 -187
package/hooks/modules/audit/workflow_auditor.py +0 -4
package/hooks/modules/audit/workflow_recorder.py +0 -5
package/hooks/modules/context/compact_context_builder.py +1 -0
package/hooks/modules/context/context_cache.py +129 -0
package/hooks/modules/context/context_injector.py +18 -40
package/hooks/modules/context/context_writer.py +1 -25
package/hooks/modules/context/contracts_loader.py +7 -10
package/hooks/modules/core/hook_entry.py +1 -0
package/hooks/modules/core/paths.py +12 -13
package/hooks/modules/core/plugin_mode.py +74 -4
package/hooks/modules/core/plugin_setup.py +395 -23
package/hooks/modules/events/__init__.py +1 -0
package/hooks/modules/events/event_writer.py +210 -0
package/hooks/modules/identity/ops_identity.py +18 -27
package/hooks/modules/memory/episode_writer.py +1 -6
package/hooks/modules/orchestrator/__init__.py +1 -0
package/hooks/modules/orchestrator/delegate_mode.py +128 -0
package/hooks/modules/security/__init__.py +2 -4
package/hooks/modules/security/approval_constants.py +5 -1
package/hooks/modules/security/approval_grants.py +189 -6
package/hooks/modules/security/approval_messages.py +9 -21
package/hooks/modules/security/blocked_commands.py +98 -34
package/hooks/modules/security/command_semantics.py +0 -4
package/hooks/modules/security/gitops_validator.py +1 -11
package/hooks/modules/security/mutative_verbs.py +179 -38
package/hooks/modules/security/tiers.py +1 -19
package/hooks/modules/session/session_event_injector.py +1 -25
package/hooks/modules/tools/bash_validator.py +310 -94
package/hooks/modules/tools/shell_parser.py +0 -1
package/hooks/modules/tools/task_validator.py +9 -29
package/hooks/post_tool_use.py +0 -72
package/hooks/pre_tool_use.py +42 -102
package/hooks/session_start.py +4 -2
package/hooks/subagent_start.py +6 -2
package/hooks/subagent_stop.py +1 -13
package/hooks/user_prompt_submit.py +119 -37
package/index.js +1 -1
package/package.json +5 -3
package/skills/README.md +3 -5
package/skills/agent-protocol/SKILL.md +17 -16
package/skills/agent-protocol/examples.md +6 -6
package/skills/agent-response/SKILL.md +11 -14
package/skills/approval/SKILL.md +28 -13
package/skills/approval/reference.md +2 -2
package/skills/execution/SKILL.md +1 -1
package/skills/gaia-patterns/SKILL.md +2 -3
package/skills/orchestrator-approval/SKILL.md +22 -50
package/skills/security-tiers/SKILL.md +1 -1
package/templates/README.md +9 -9
package/templates/managed-settings.template.json +43 -0
package/tools/gaia_simulator/runner.py +34 -1
package/tools/scan/orchestrator.py +13 -0
package/tools/scan/scanners/base.py +8 -0
package/tools/scan/scanners/git.py +78 -0
package/tools/scan/scanners/infrastructure.py +65 -0
package/tools/scan/scanners/stack.py +110 -0
package/tools/scan/setup.py +120 -13
package/tools/scan/workspace.py +85 -0
package/config/context-contracts.aws.json +0 -42
package/config/context-contracts.gcp.json +0 -39
package/skills/project-dispatch/SKILL.md +0 -34
package/templates/settings.template.json +0 -226

package/dist/gaia-ops/tools/validation/validate_skills.py ADDED Viewed

@@ -0,0 +1,189 @@
+#!/usr/bin/env python3
+import os
+import re
+import yaml
+from pathlib import Path
+from collections import defaultdict
+def find_skills(base_dirs):
+    """Encuentra todas las skills en los directorios base."""
+    skills = {}
+    for base_dir in base_dirs:
+        path = Path(base_dir)
+        if not path.exists():
+            continue
+        for skill_file in path.rglob("SKILL.md"):
+            skill_name = skill_file.parent.name
+            skills[skill_name] = {
+                "path": str(skill_file),
+                "content": skill_file.read_text(encoding="utf-8", errors="ignore")
+            }
+    return skills
+def validate_skill_format(skills):
+    """Valida el formato de cada skill."""
+    validation_results = {}
+    for name, data in skills.items():
+        content = data["content"]
+        has_title = bool(re.search(r'^#\s+.+', content, re.MULTILINE))
+        validation_results[name] = {
+            "has_title": has_title,
+            "is_empty": len(content.strip()) == 0,
+            "path": data["path"]
+        }
+    return validation_results
+def find_agents(base_dirs):
+    """Encuentra las definiciones de los agentes."""
+    agents = {}
+    for base_dir in base_dirs:
+        path = Path(base_dir)
+        if not path.exists():
+            continue
+        for agent_file in path.rglob("*.md"):
+            if agent_file.name == "README.md":
+                continue
+            content = agent_file.read_text(encoding="utf-8", errors="ignore")
+            # Extraer frontmatter YAML
+            match = re.match(r'^---\s*\n(.*?)\n---\s*\n(.*)', content, re.DOTALL)
+            if match:
+                try:
+                    frontmatter = yaml.safe_load(match.group(1))
+                    if isinstance(frontmatter, dict) and "name" in frontmatter:
+                        agents[frontmatter["name"]] = {
+                            "path": str(agent_file),
+                            "skills_declared": frontmatter.get("skills", []),
+                            "body": match.group(2)
+                        }
+                except yaml.YAMLError:
+                    pass
+    return agents
+def analyze_injection():
+    """Analiza cómo se inyectan las skills (revisando pre_tool_use.py)."""
+    hook_path = Path("gaia-ops/hooks/pre_tool_use.py")
+    if not hook_path.exists():
+        return "No se encontró gaia-ops/hooks/pre_tool_use.py"
+    content = hook_path.read_text(encoding="utf-8", errors="ignore")
+    if "skills are injected natively by Claude Code" in content:
+        return "Las skills se inyectan de forma nativa por Claude Code a través del campo 'skills:' en el frontmatter del agente (según pre_tool_use.py)."
+    return "Mecanismo de inyección en pre_tool_use.py analizado, pero no se encontró la nota estándar sobre inyección nativa."
+def generate_report(skills, validation, agents, injection_info):
+    """Genera el reporte en formato Markdown."""
+    report = ["# Reporte de Validación de Skills\n"]
+    report.append("## 1. Análisis de Inyección")
+    report.append(f"{injection_info}\n")
+    report.append(f"## 2. Skills Encontradas ({len(skills)})")
+    for name, val in validation.items():
+        status = "✅ OK" if val["has_title"] and not val["is_empty"] else "❌ PROBLEMA"
+        issues = []
+        if not val["has_title"]: issues.append("Falta título (# Título)")
+        if val["is_empty"]: issues.append("Archivo vacío")
+        issue_str = f" - Detalles: {', '.join(issues)}" if issues else ""
+        report.append(f"- **{name}** ({val['path']}): {status}{issue_str}")
+    report.append("")
+    # Analizar uso de skills
+    used_skills = defaultdict(list)
+    missing_skills = defaultdict(list)
+    body_mentions = defaultdict(list)
+    for agent_name, agent_data in agents.items():
+        declared = agent_data["skills_declared"] or []
+        body = agent_data["body"]
+        for skill in declared:
+            if skill in skills:
+                used_skills[skill].append(agent_name)
+            else:
+                missing_skills[agent_name].append(skill)
+        # Check for skills mentioned in the body but not declared
+        for skill in skills:
+            if skill not in declared and skill in body:
+                body_mentions[agent_name].append(skill)
+    report.append("## 3. Uso de Skills por Agentes")
+    if not agents:
+        report.append("No se encontraron definiciones de agentes con frontmatter YAML válido.\n")
+    else:
+        for agent_name, agent_data in agents.items():
+            declared = agent_data["skills_declared"] or []
+            mentions = body_mentions[agent_name]
+            mention_str = f" (Menciona en texto sin declarar: {', '.join(mentions)})" if mentions else ""
+            report.append(f"- **{agent_name}**: {len(declared)} skills declaradas.{mention_str}")
+        report.append("")
+    report.append("## 4. Gaps Identificados")
+    # Skills no utilizadas
+    # Consideramos una skill como utilizada si está declarada o si se menciona explícitamente en el cuerpo
+    all_used_skills = set(used_skills.keys())
+    for mentions in body_mentions.values():
+        all_used_skills.update(mentions)
+    unused_skills = set(skills.keys()) - all_used_skills
+    if unused_skills:
+        report.append("### Skills no utilizadas (Huérfanas)")
+        for skill in sorted(unused_skills):
+            report.append(f"- {skill}")
+    else:
+        report.append("### Skills no utilizadas (Huérfanas)")
+        report.append("- Ninguna. Todas las skills encontradas están asignadas a al menos un agente.")
+    report.append("")
+    # Skills declaradas pero inexistentes
+    if missing_skills:
+        report.append("### Skills declaradas pero no encontradas (Faltantes)")
+        for agent, missing in missing_skills.items():
+            for m in missing:
+                report.append(f"- El agente **{agent}** declara la skill '{m}', pero no se encontró el archivo SKILL.md correspondiente.")
+    else:
+        report.append("### Skills declaradas pero no encontradas (Faltantes)")
+        report.append("- Ninguna. Todas las skills declaradas por los agentes existen.")
+    report.append("")
+    # Skills mencionadas en el texto pero no inyectadas formalmente
+    report.append("### Skills mencionadas en el texto pero NO declaradas en 'skills:'")
+    if body_mentions:
+        for agent, mentions in body_mentions.items():
+            for m in mentions:
+                report.append(f"- **{agent}** menciona '{m}' en su cuerpo pero no está en la lista de inyección.")
+    else:
+        report.append("- Ninguna.")
+    report.append("")
+    return "\n".join(report)
+def main():
+    skill_dirs = ["gaia-ops/skills", ".claude/skills", "conductor-orchestrator/skills"]
+    agent_dirs = ["gaia-ops/agents", ".claude/agents", "conductor-orchestrator/agents"]
+    print("Buscando skills...")
+    skills = find_skills(skill_dirs)
+    print("Validando formato...")
+    validation = validate_skill_format(skills)
+    print("Buscando agentes...")
+    agents = find_agents(agent_dirs)
+    print("Analizando inyección...")
+    injection_info = analyze_injection()
+    print("Generando reporte...")
+    report = generate_report(skills, validation, agents, injection_info)
+    report_path = Path("gaia-ops/tools/validation/skills_report.md")
+    report_path.write_text(report, encoding="utf-8")
+    print(f"Reporte generado en {report_path}")
+    # Imprimir el reporte en la salida estándar para que el agente lo pueda devolver
+    print("\n" + "="*50 + "\n")
+    print(report)
+if __name__ == "__main__":
+    main()

package/dist/gaia-security/.claude-plugin/plugin.json ADDED Viewed

@@ -0,0 +1,22 @@
+{
+  "name": "gaia-security",
+  "version": "4.7.2",
+  "description": "Keeps you in the loop only when it matters. Gaia Security analyzes every command and classifies it into risk tiers: read-only queries run freely, simulations and validations pass through, and state-changing operations (create, delete, apply, push) pause for your explicit approval before executing. Irreversible commands like dropping databases or deleting cloud infrastructure are permanently blocked.",
+  "author": {
+    "name": "jaguilar87"
+  },
+  "repository": "https://github.com/metraton/gaia-ops",
+  "license": "MIT",
+  "keywords": [
+    "security",
+    "devops"
+  ],
+  "engines": {
+    "claude-code": ">=2.1.0"
+  },
+  "categories": [
+    "devops",
+    "security",
+    "orchestration"
+  ]
+}

package/dist/gaia-security/config/universal-rules.json ADDED Viewed

@@ -0,0 +1,10 @@
+{
+  "rules": {
+    "universal": [
+      {
+        "rule": "Your prompt includes a Project Context section with confirmed project knowledge. Extract relevant data from it BEFORE executing commands."
+      }
+    ],
+    "agent_specific": {}
+  }
+}

package/dist/gaia-security/hooks/adapters/__init__.py ADDED Viewed

@@ -0,0 +1,52 @@
+"""
+Adapter Layer for Gaia-Ops Hooks.
+Provides CLI-agnostic normalized types and the abstract HookAdapter interface.
+Business logic modules consume and produce these types; concrete adapters
+translate between these types and CLI-specific JSON protocols.
+Modules:
+- types: Frozen dataclasses and enums for all hook event/response data
+- base: Abstract HookAdapter interface
+"""
+from .types import (
+    HookEventType,
+    PermissionDecision,
+    DistributionChannel,
+    HookEvent,
+    ValidationRequest,
+    ValidationResult,
+    ToolResult,
+    AgentCompletion,
+    CompletionResult,
+    ContextResult,
+    BootstrapResult,
+    QualityResult,
+    VerificationResult,
+    HookResponse,
+)
+from .base import HookAdapter
+from .claude_code import ClaudeCodeAdapter
+from .utils import has_stdin_data, warn_if_dual_channel
+__all__ = [
+    "HookEventType",
+    "PermissionDecision",
+    "DistributionChannel",
+    "HookEvent",
+    "ValidationRequest",
+    "ValidationResult",
+    "ToolResult",
+    "AgentCompletion",
+    "CompletionResult",
+    "ContextResult",
+    "BootstrapResult",
+    "QualityResult",
+    "VerificationResult",
+    "HookResponse",
+    "HookAdapter",
+    "ClaudeCodeAdapter",
+    "has_stdin_data",
+    "warn_if_dual_channel",
+]

package/dist/gaia-security/hooks/adapters/base.py ADDED Viewed

@@ -0,0 +1,219 @@
+"""
+Abstract base class defining the adapter contract.
+Each CLI backend (Claude Code, future CLIs) provides a concrete implementation
+of HookAdapter. Business logic modules interact only with the normalized types;
+they never see raw CLI JSON.
+"""
+from __future__ import annotations
+from abc import ABC, abstractmethod
+from .types import (
+    AgentCompletion,
+    BootstrapResult,
+    CompletionResult,
+    ContextResult,
+    DistributionChannel,
+    HookEvent,
+    HookResponse,
+    QualityResult,
+    ValidationResult,
+    VerificationResult,
+)
+class HookAdapter(ABC):
+    """Abstract adapter between CLI-specific JSON and normalized types.
+    Invariants (from adapter-interface contract):
+    1. Business logic modules NEVER see HookResponse.
+    2. The adapter NEVER modifies business logic results -- only translates format.
+    3. Adding a new hook event requires ONLY a new adapter method.
+    """
+    @abstractmethod
+    def parse_event(self, stdin_data: str) -> HookEvent:
+        """Parse raw stdin JSON into a normalized HookEvent.
+        Preconditions:
+            - stdin_data is a valid JSON string
+            - JSON contains at minimum: hook_event_name, session_id
+        Postconditions:
+            - Returns HookEvent with event_type set to a valid HookEventType
+            - Returns HookEvent with session_id populated
+            - payload contains the full raw event data
+        Raises:
+            ValueError: If JSON is invalid or event type is unknown.
+        """
+        ...
+    @abstractmethod
+    def format_validation_response(self, result: ValidationResult) -> HookResponse:
+        """Format a ValidationResult for CLI consumption.
+        Preconditions:
+            - result.allowed is a valid boolean
+            - result.reason is a non-empty string
+        Postconditions:
+            - HookResponse.output is a valid JSON-serializable dict
+            - HookResponse.exit_code is 0 (corrective deny) or 2 (permanent block)
+            - If result.allowed is True, output contains permissionDecision: allow
+            - If result.allowed is False, output contains permissionDecision: deny
+            - If result.modified_input is set, output contains updatedInput
+        """
+        ...
+    @abstractmethod
+    def format_completion_response(self, result: CompletionResult) -> HookResponse:
+        """Format a CompletionResult for CLI consumption.
+        Postconditions:
+            - HookResponse.output contains contract_valid, anomalies_detected
+            - HookResponse.exit_code is always 0
+        """
+        ...
+    @abstractmethod
+    def format_context_response(self, result: ContextResult) -> HookResponse:
+        """Format a ContextResult for CLI consumption."""
+        ...
+    @abstractmethod
+    def format_bootstrap_response(self, result: BootstrapResult) -> HookResponse:
+        """Format a BootstrapResult for CLI consumption.
+        Returns session bootstrap status for SessionStart events.
+        """
+        ...
+    @abstractmethod
+    def adapt_session_start(self, raw: dict) -> BootstrapResult:
+        """Parse SessionStart event and return bootstrap actions.
+        Preconditions:
+            - raw is the HookEvent.payload dict for a SessionStart event
+        Postconditions:
+            - Returns BootstrapResult with should_scan and should_refresh set
+              based on session_type
+        """
+        ...
+    # ------------------------------------------------------------------ #
+    # P2 event adapters
+    # ------------------------------------------------------------------ #
+    @abstractmethod
+    def adapt_stop(self, raw: dict) -> QualityResult:
+        """Parse Stop event and assess response quality.
+        Preconditions:
+            - raw is the HookEvent.payload dict for a Stop event
+        Postconditions:
+            - Returns QualityResult with quality assessment
+        """
+        ...
+    @abstractmethod
+    def adapt_task_completed(self, raw: dict) -> VerificationResult:
+        """Parse TaskCompleted event and verify completion criteria.
+        Preconditions:
+            - raw is the HookEvent.payload dict for a TaskCompleted event
+        Postconditions:
+            - Returns VerificationResult with criteria assessment
+        """
+        ...
+    @abstractmethod
+    def adapt_subagent_start(self, raw: dict) -> ContextResult:
+        """Parse SubagentStart event and prepare agent context.
+        Preconditions:
+            - raw is the HookEvent.payload dict for a SubagentStart event
+        Postconditions:
+            - Returns ContextResult with agent-specific context
+        """
+        ...
+    # ------------------------------------------------------------------ #
+    # P2 formatters
+    # ------------------------------------------------------------------ #
+    @abstractmethod
+    def format_quality_response(self, result: QualityResult) -> HookResponse:
+        """Format a QualityResult for CLI consumption."""
+        ...
+    @abstractmethod
+    def format_verification_response(self, result: VerificationResult) -> HookResponse:
+        """Format a VerificationResult for CLI consumption."""
+        ...
+    @abstractmethod
+    def detect_channel(self) -> DistributionChannel:
+        """Detect the distribution channel (NPM or PLUGIN).
+        Checks environment variables and filesystem layout to determine
+        how gaia-ops was installed.
+        """
+        ...
+    # ------------------------------------------------------------------ #
+    # Full hook lifecycle adapters (thin-gate pattern)
+    # ------------------------------------------------------------------ #
+    @abstractmethod
+    def adapt_pre_tool_use(self, event: HookEvent) -> HookResponse:
+        """Run all pre-tool-use business logic and return a formatted response.
+        Orchestrates: routing (bash vs task), validation, state management,
+        context injection, approval handling, and response formatting.
+        Preconditions:
+            - event is a parsed HookEvent with event_type PRE_TOOL_USE
+        Postconditions:
+            - Returns HookResponse ready for stdout + sys.exit()
+        """
+        ...
+    @abstractmethod
+    def adapt_post_tool_use(self, event: HookEvent) -> HookResponse:
+        """Run all post-tool-use business logic and return a formatted response.
+        Orchestrates: state retrieval, duration computation, audit logging,
+        T3 grant confirmation, critical event detection, session context
+        writing, and state cleanup.
+        Preconditions:
+            - event is a parsed HookEvent with event_type POST_TOOL_USE
+        Postconditions:
+            - Returns HookResponse (always exit 0, post-hook never blocks)
+        """
+        ...
+    @abstractmethod
+    def adapt_subagent_stop(self, event: HookEvent) -> HookResponse:
+        """Run all subagent-stop business logic and return a formatted response.
+        Orchestrates: contract parsing and validation, approval cleanup,
+        context updates, workflow recording, response contract validation,
+        anomaly detection, episodic memory, and result assembly.
+        Preconditions:
+            - event is a parsed HookEvent with event_type SUBAGENT_STOP
+        Postconditions:
+            - Returns HookResponse (exit 0 for success, exit 2 for contract rejection)
+        """
+        ...

package/dist/gaia-security/hooks/adapters/channel.py ADDED Viewed

@@ -0,0 +1,17 @@
+"""
+Distribution Channel Detection for Gaia-Ops.
+Utility module that detects whether gaia-ops is running as a Claude Code plugin
+or via npm. Used by entry points to log coexistence warnings and by business
+logic to adapt behavior per channel.
+"""
+import os
+from pathlib import Path
+def is_dual_channel_active() -> bool:
+    """Check if both plugin and npm installations exist simultaneously."""
+    has_plugin = bool(os.environ.get("CLAUDE_PLUGIN_ROOT"))
+    has_npm = Path(".claude/hooks").is_symlink()
+    return has_plugin and has_npm