npm - @jaguilar87/gaia-ops - Versions diffs - 4.4.0 → 4.7.2 - Mend

@jaguilar87/gaia-ops 4.4.0 → 4.7.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (371) hide show

package/.claude-plugin/marketplace.json +1 -1
package/.claude-plugin/plugin.json +12 -3
package/ARCHITECTURE.md +9 -8
package/CHANGELOG.md +34 -0
package/README.md +43 -11
package/agents/terraform-architect.md +1 -1
package/bin/README.md +2 -2
package/bin/gaia-doctor.js +18 -5
package/bin/gaia-history.js +0 -1
package/bin/gaia-metrics.js +2 -2
package/bin/gaia-scan.py +23 -1
package/bin/gaia-update.js +346 -54
package/bin/pre-publish-validate.js +33 -10
package/commands/gaia.md +37 -0
package/config/README.md +3 -9
package/config/context-contracts.json +47 -15
package/config/surface-routing.json +9 -1
package/dist/gaia-ops/.claude-plugin/plugin.json +22 -0
package/dist/gaia-ops/agents/cloud-troubleshooter.md +73 -0
package/dist/gaia-ops/agents/devops-developer.md +57 -0
package/dist/gaia-ops/agents/gaia-system.md +58 -0
package/dist/gaia-ops/agents/gitops-operator.md +60 -0
package/dist/gaia-ops/agents/speckit-planner.md +71 -0
package/dist/gaia-ops/agents/terraform-architect.md +60 -0
package/dist/gaia-ops/commands/gaia.md +37 -0
package/dist/gaia-ops/config/README.md +58 -0
package/dist/gaia-ops/config/cloud/aws.json +140 -0
package/dist/gaia-ops/config/cloud/gcp.json +145 -0
package/dist/gaia-ops/config/context-contracts.json +131 -0
package/dist/gaia-ops/config/git_standards.json +72 -0
package/dist/gaia-ops/config/surface-routing.json +197 -0
package/dist/gaia-ops/config/universal-rules.json +10 -0
package/dist/gaia-ops/hooks/adapters/__init__.py +52 -0
package/dist/gaia-ops/hooks/adapters/base.py +219 -0
package/dist/gaia-ops/hooks/adapters/channel.py +17 -0
package/dist/gaia-ops/hooks/adapters/claude_code.py +1477 -0
package/dist/gaia-ops/hooks/adapters/types.py +194 -0
package/dist/gaia-ops/hooks/adapters/utils.py +25 -0
package/dist/gaia-ops/hooks/hooks.json +126 -0
package/dist/gaia-ops/hooks/modules/__init__.py +15 -0
package/dist/gaia-ops/hooks/modules/agents/__init__.py +29 -0
package/dist/gaia-ops/hooks/modules/agents/contract_validator.py +647 -0
package/dist/gaia-ops/hooks/modules/agents/response_contract.py +496 -0
package/dist/gaia-ops/hooks/modules/agents/skill_injection_verifier.py +124 -0
package/dist/gaia-ops/hooks/modules/agents/task_info_builder.py +74 -0
package/dist/gaia-ops/hooks/modules/agents/transcript_analyzer.py +458 -0
package/dist/gaia-ops/hooks/modules/agents/transcript_reader.py +152 -0
package/dist/gaia-ops/hooks/modules/audit/__init__.py +28 -0
package/dist/gaia-ops/hooks/modules/audit/event_detector.py +168 -0
package/dist/gaia-ops/hooks/modules/audit/logger.py +131 -0
package/dist/gaia-ops/hooks/modules/audit/metrics.py +134 -0
package/dist/gaia-ops/hooks/modules/audit/workflow_auditor.py +576 -0
package/dist/gaia-ops/hooks/modules/audit/workflow_recorder.py +296 -0
package/dist/gaia-ops/hooks/modules/context/__init__.py +11 -0
package/dist/gaia-ops/hooks/modules/context/anchor_tracker.py +317 -0
package/dist/gaia-ops/hooks/modules/context/compact_context_builder.py +215 -0
package/dist/gaia-ops/hooks/modules/context/context_cache.py +129 -0
package/dist/gaia-ops/hooks/modules/context/context_freshness.py +145 -0
package/dist/gaia-ops/hooks/modules/context/context_injector.py +427 -0
package/dist/gaia-ops/hooks/modules/context/context_writer.py +518 -0
package/dist/gaia-ops/hooks/modules/context/contracts_loader.py +161 -0
package/dist/gaia-ops/hooks/modules/core/__init__.py +40 -0
package/dist/gaia-ops/hooks/modules/core/hook_entry.py +78 -0
package/dist/gaia-ops/hooks/modules/core/paths.py +160 -0
package/dist/gaia-ops/hooks/modules/core/plugin_mode.py +149 -0
package/dist/gaia-ops/hooks/modules/core/plugin_setup.py +558 -0
package/dist/gaia-ops/hooks/modules/core/state.py +179 -0
package/dist/gaia-ops/hooks/modules/core/stdin.py +24 -0
package/dist/gaia-ops/hooks/modules/events/__init__.py +1 -0
package/dist/gaia-ops/hooks/modules/events/event_writer.py +210 -0
package/dist/gaia-ops/hooks/modules/identity/__init__.py +0 -0
package/dist/gaia-ops/hooks/modules/identity/identity_provider.py +21 -0
package/dist/gaia-ops/hooks/modules/identity/ops_identity.py +34 -0
package/dist/gaia-ops/hooks/modules/identity/security_identity.py +10 -0
package/dist/gaia-ops/hooks/modules/memory/__init__.py +8 -0
package/dist/gaia-ops/hooks/modules/memory/episode_writer.py +227 -0
package/dist/gaia-ops/hooks/modules/orchestrator/__init__.py +1 -0
package/dist/gaia-ops/hooks/modules/orchestrator/delegate_mode.py +128 -0
package/dist/gaia-ops/hooks/modules/scanning/__init__.py +8 -0
package/dist/gaia-ops/hooks/modules/scanning/scan_trigger.py +84 -0
package/dist/gaia-ops/hooks/modules/security/__init__.py +89 -0
package/dist/gaia-ops/hooks/modules/security/approval_cleanup.py +87 -0
package/dist/gaia-ops/hooks/modules/security/approval_constants.py +23 -0
package/dist/gaia-ops/hooks/modules/security/approval_grants.py +912 -0
package/dist/gaia-ops/hooks/modules/security/approval_messages.py +71 -0
package/dist/gaia-ops/hooks/modules/security/approval_scopes.py +153 -0
package/dist/gaia-ops/hooks/modules/security/blocked_commands.py +584 -0
package/dist/gaia-ops/hooks/modules/security/blocked_message_formatter.py +86 -0
package/dist/gaia-ops/hooks/modules/security/command_semantics.py +130 -0
package/dist/gaia-ops/hooks/modules/security/gitops_validator.py +179 -0
package/dist/gaia-ops/hooks/modules/security/mutative_verbs.py +850 -0
package/dist/gaia-ops/hooks/modules/security/prompt_validator.py +40 -0
package/dist/gaia-ops/hooks/modules/security/tiers.py +196 -0
package/dist/gaia-ops/hooks/modules/session/__init__.py +10 -0
package/dist/gaia-ops/hooks/modules/session/session_context_writer.py +100 -0
package/dist/gaia-ops/hooks/modules/session/session_event_injector.py +158 -0
package/dist/gaia-ops/hooks/modules/session/session_manager.py +31 -0
package/dist/gaia-ops/hooks/modules/tools/__init__.py +25 -0
package/dist/gaia-ops/hooks/modules/tools/bash_validator.py +708 -0
package/dist/gaia-ops/hooks/modules/tools/cloud_pipe_validator.py +181 -0
package/dist/gaia-ops/hooks/modules/tools/hook_response.py +55 -0
package/dist/gaia-ops/hooks/modules/tools/shell_parser.py +227 -0
package/dist/gaia-ops/hooks/modules/tools/task_validator.py +283 -0
package/dist/gaia-ops/hooks/modules/validation/__init__.py +23 -0
package/dist/gaia-ops/hooks/modules/validation/commit_validator.py +380 -0
package/dist/gaia-ops/hooks/post_compact.py +43 -0
package/dist/gaia-ops/hooks/post_tool_use.py +54 -0
package/dist/gaia-ops/hooks/pre_tool_use.py +383 -0
package/dist/gaia-ops/hooks/session_start.py +69 -0
package/dist/gaia-ops/hooks/stop_hook.py +69 -0
package/dist/gaia-ops/hooks/subagent_start.py +71 -0
package/dist/gaia-ops/hooks/subagent_stop.py +288 -0
package/dist/gaia-ops/hooks/task_completed.py +70 -0
package/dist/gaia-ops/hooks/user_prompt_submit.py +177 -0
package/dist/gaia-ops/settings.json +72 -0
package/dist/gaia-ops/skills/README.md +109 -0
package/dist/gaia-ops/skills/agent-protocol/SKILL.md +105 -0
package/dist/gaia-ops/skills/agent-protocol/examples.md +170 -0
package/dist/gaia-ops/skills/agent-response/SKILL.md +53 -0
package/dist/gaia-ops/skills/approval/SKILL.md +85 -0
package/dist/gaia-ops/skills/approval/examples.md +140 -0
package/dist/gaia-ops/skills/approval/reference.md +57 -0
package/dist/gaia-ops/skills/command-execution/SKILL.md +64 -0
package/dist/gaia-ops/skills/command-execution/reference.md +83 -0
package/dist/gaia-ops/skills/context-updater/SKILL.md +76 -0
package/dist/gaia-ops/skills/context-updater/examples.md +71 -0
package/dist/gaia-ops/skills/developer-patterns/SKILL.md +93 -0
package/dist/gaia-ops/skills/developer-patterns/reference.md +112 -0
package/dist/gaia-ops/skills/execution/SKILL.md +66 -0
package/dist/gaia-ops/skills/fast-queries/SKILL.md +47 -0
package/dist/gaia-ops/skills/gaia-patterns/SKILL.md +92 -0
package/dist/gaia-ops/skills/gaia-patterns/reference.md +22 -0
package/dist/gaia-ops/skills/git-conventions/SKILL.md +48 -0
package/dist/gaia-ops/skills/gitops-patterns/SKILL.md +73 -0
package/dist/gaia-ops/skills/gitops-patterns/reference.md +183 -0
package/dist/gaia-ops/skills/investigation/SKILL.md +77 -0
package/dist/gaia-ops/skills/orchestrator-approval/SKILL.md +64 -0
package/dist/gaia-ops/skills/reference.md +134 -0
package/dist/gaia-ops/skills/security-tiers/SKILL.md +61 -0
package/dist/gaia-ops/skills/security-tiers/destructive-commands-reference.md +623 -0
package/dist/gaia-ops/skills/security-tiers/reference.md +39 -0
package/dist/gaia-ops/skills/skill-creation/SKILL.md +119 -0
package/dist/gaia-ops/skills/specification/SKILL.md +186 -0
package/dist/gaia-ops/skills/speckit-workflow/SKILL.md +165 -0
package/dist/gaia-ops/skills/speckit-workflow/reference.md +117 -0
package/dist/gaia-ops/skills/terraform-patterns/SKILL.md +63 -0
package/dist/gaia-ops/skills/terraform-patterns/reference.md +93 -0
package/dist/gaia-ops/speckit/README.md +516 -0
package/dist/gaia-ops/speckit/scripts/.gitkeep +0 -0
package/dist/gaia-ops/speckit/templates/adr-template.md +118 -0
package/dist/gaia-ops/speckit/templates/agent-file-template.md +23 -0
package/dist/gaia-ops/speckit/templates/plan-template.md +227 -0
package/dist/gaia-ops/speckit/templates/spec-template.md +140 -0
package/dist/gaia-ops/speckit/templates/tasks-template.md +257 -0
package/dist/gaia-ops/tools/context/README.md +132 -0
package/dist/gaia-ops/tools/context/__init__.py +42 -0
package/dist/gaia-ops/tools/context/_paths.py +20 -0
package/dist/gaia-ops/tools/context/context_provider.py +476 -0
package/dist/gaia-ops/tools/context/context_section_reader.py +330 -0
package/dist/gaia-ops/tools/context/deep_merge.py +159 -0
package/dist/gaia-ops/tools/context/pending_updates.py +760 -0
package/dist/gaia-ops/tools/context/surface_router.py +278 -0
package/dist/gaia-ops/tools/fast-queries/README.md +65 -0
package/dist/gaia-ops/tools/fast-queries/__init__.py +30 -0
package/dist/gaia-ops/tools/fast-queries/appservices/quicktriage_devops_developer.sh +75 -0
package/dist/gaia-ops/tools/fast-queries/cloud/aws/quicktriage_aws_troubleshooter.sh +32 -0
package/dist/gaia-ops/tools/fast-queries/cloud/gcp/quicktriage_gcp_troubleshooter.sh +88 -0
package/dist/gaia-ops/tools/fast-queries/gitops/quicktriage_gitops_operator.sh +48 -0
package/dist/gaia-ops/tools/fast-queries/run_triage.sh +59 -0
package/dist/gaia-ops/tools/fast-queries/terraform/quicktriage_terraform_architect.sh +80 -0
package/dist/gaia-ops/tools/gaia_simulator/__init__.py +33 -0
package/dist/gaia-ops/tools/gaia_simulator/cli.py +354 -0
package/dist/gaia-ops/tools/gaia_simulator/extractor.py +457 -0
package/dist/gaia-ops/tools/gaia_simulator/reporter.py +258 -0
package/dist/gaia-ops/tools/gaia_simulator/routing_simulator.py +334 -0
package/dist/gaia-ops/tools/gaia_simulator/runner.py +539 -0
package/dist/gaia-ops/tools/gaia_simulator/skills_mapper.py +262 -0
package/dist/gaia-ops/tools/memory/README.md +0 -0
package/dist/gaia-ops/tools/memory/__init__.py +20 -0
package/dist/gaia-ops/tools/memory/episodic.py +1196 -0
package/dist/gaia-ops/tools/persist_transcript_analysis.py +85 -0
package/dist/gaia-ops/tools/review/__init__.py +1 -0
package/dist/gaia-ops/tools/review/review_engine.py +157 -0
package/dist/gaia-ops/tools/scan/__init__.py +35 -0
package/dist/gaia-ops/tools/scan/config.py +247 -0
package/dist/gaia-ops/tools/scan/merge.py +212 -0
package/dist/gaia-ops/tools/scan/orchestrator.py +549 -0
package/dist/gaia-ops/tools/scan/registry.py +127 -0
package/dist/gaia-ops/tools/scan/scanners/__init__.py +18 -0
package/dist/gaia-ops/tools/scan/scanners/base.py +137 -0
package/dist/gaia-ops/tools/scan/scanners/environment.py +324 -0
package/dist/gaia-ops/tools/scan/scanners/git.py +570 -0
package/dist/gaia-ops/tools/scan/scanners/infrastructure.py +875 -0
package/dist/gaia-ops/tools/scan/scanners/orchestration.py +600 -0
package/dist/gaia-ops/tools/scan/scanners/stack.py +1085 -0
package/dist/gaia-ops/tools/scan/scanners/tools.py +260 -0
package/dist/gaia-ops/tools/scan/setup.py +753 -0
package/dist/gaia-ops/tools/scan/tests/__init__.py +1 -0
package/dist/gaia-ops/tools/scan/tests/conftest.py +796 -0
package/dist/gaia-ops/tools/scan/tests/test_environment.py +323 -0
package/dist/gaia-ops/tools/scan/tests/test_git.py +419 -0
package/dist/gaia-ops/tools/scan/tests/test_infrastructure.py +382 -0
package/dist/gaia-ops/tools/scan/tests/test_integration.py +920 -0
package/dist/gaia-ops/tools/scan/tests/test_merge.py +269 -0
package/dist/gaia-ops/tools/scan/tests/test_orchestration.py +304 -0
package/dist/gaia-ops/tools/scan/tests/test_stack.py +604 -0
package/dist/gaia-ops/tools/scan/tests/test_tools.py +349 -0
package/dist/gaia-ops/tools/scan/ui.py +624 -0
package/dist/gaia-ops/tools/scan/verify.py +266 -0
package/dist/gaia-ops/tools/scan/walk.py +118 -0
package/dist/gaia-ops/tools/scan/workspace.py +85 -0
package/dist/gaia-ops/tools/validation/README.md +244 -0
package/dist/gaia-ops/tools/validation/__init__.py +17 -0
package/dist/gaia-ops/tools/validation/approval_gate.py +321 -0
package/dist/gaia-ops/tools/validation/validate_skills.py +189 -0
package/dist/gaia-security/.claude-plugin/plugin.json +22 -0
package/dist/gaia-security/config/universal-rules.json +10 -0
package/dist/gaia-security/hooks/adapters/__init__.py +52 -0
package/dist/gaia-security/hooks/adapters/base.py +219 -0
package/dist/gaia-security/hooks/adapters/channel.py +17 -0
package/dist/gaia-security/hooks/adapters/claude_code.py +1477 -0
package/dist/gaia-security/hooks/adapters/types.py +194 -0
package/dist/gaia-security/hooks/adapters/utils.py +25 -0
package/dist/gaia-security/hooks/hooks.json +57 -0
package/dist/gaia-security/hooks/modules/__init__.py +15 -0
package/dist/gaia-security/hooks/modules/agents/__init__.py +29 -0
package/dist/gaia-security/hooks/modules/agents/contract_validator.py +647 -0
package/dist/gaia-security/hooks/modules/agents/response_contract.py +496 -0
package/dist/gaia-security/hooks/modules/agents/skill_injection_verifier.py +124 -0
package/dist/gaia-security/hooks/modules/agents/task_info_builder.py +74 -0
package/dist/gaia-security/hooks/modules/agents/transcript_analyzer.py +458 -0
package/dist/gaia-security/hooks/modules/agents/transcript_reader.py +152 -0
package/dist/gaia-security/hooks/modules/audit/__init__.py +28 -0
package/dist/gaia-security/hooks/modules/audit/event_detector.py +168 -0
package/dist/gaia-security/hooks/modules/audit/logger.py +131 -0
package/dist/gaia-security/hooks/modules/audit/metrics.py +134 -0
package/dist/gaia-security/hooks/modules/audit/workflow_auditor.py +576 -0
package/dist/gaia-security/hooks/modules/audit/workflow_recorder.py +296 -0
package/dist/gaia-security/hooks/modules/context/__init__.py +11 -0
package/dist/gaia-security/hooks/modules/context/anchor_tracker.py +317 -0
package/dist/gaia-security/hooks/modules/context/compact_context_builder.py +215 -0
package/dist/gaia-security/hooks/modules/context/context_cache.py +129 -0
package/dist/gaia-security/hooks/modules/context/context_freshness.py +145 -0
package/dist/gaia-security/hooks/modules/context/context_injector.py +427 -0
package/dist/gaia-security/hooks/modules/context/context_writer.py +518 -0
package/dist/gaia-security/hooks/modules/context/contracts_loader.py +161 -0
package/dist/gaia-security/hooks/modules/core/__init__.py +40 -0
package/dist/gaia-security/hooks/modules/core/hook_entry.py +78 -0
package/dist/gaia-security/hooks/modules/core/paths.py +160 -0
package/dist/gaia-security/hooks/modules/core/plugin_mode.py +149 -0
package/dist/gaia-security/hooks/modules/core/plugin_setup.py +558 -0
package/dist/gaia-security/hooks/modules/core/state.py +179 -0
package/dist/gaia-security/hooks/modules/core/stdin.py +24 -0
package/dist/gaia-security/hooks/modules/events/__init__.py +1 -0
package/dist/gaia-security/hooks/modules/events/event_writer.py +210 -0
package/dist/gaia-security/hooks/modules/identity/__init__.py +0 -0
package/dist/gaia-security/hooks/modules/identity/identity_provider.py +21 -0
package/dist/gaia-security/hooks/modules/identity/ops_identity.py +34 -0
package/dist/gaia-security/hooks/modules/identity/security_identity.py +10 -0
package/dist/gaia-security/hooks/modules/memory/__init__.py +8 -0
package/dist/gaia-security/hooks/modules/memory/episode_writer.py +227 -0
package/dist/gaia-security/hooks/modules/orchestrator/__init__.py +1 -0
package/dist/gaia-security/hooks/modules/orchestrator/delegate_mode.py +128 -0
package/dist/gaia-security/hooks/modules/scanning/__init__.py +8 -0
package/dist/gaia-security/hooks/modules/scanning/scan_trigger.py +84 -0
package/dist/gaia-security/hooks/modules/security/__init__.py +89 -0
package/dist/gaia-security/hooks/modules/security/approval_cleanup.py +87 -0
package/dist/gaia-security/hooks/modules/security/approval_constants.py +23 -0
package/dist/gaia-security/hooks/modules/security/approval_grants.py +912 -0
package/dist/gaia-security/hooks/modules/security/approval_messages.py +71 -0
package/dist/gaia-security/hooks/modules/security/approval_scopes.py +153 -0
package/dist/gaia-security/hooks/modules/security/blocked_commands.py +584 -0
package/dist/gaia-security/hooks/modules/security/blocked_message_formatter.py +86 -0
package/dist/gaia-security/hooks/modules/security/command_semantics.py +130 -0
package/dist/gaia-security/hooks/modules/security/gitops_validator.py +179 -0
package/dist/gaia-security/hooks/modules/security/mutative_verbs.py +850 -0
package/dist/gaia-security/hooks/modules/security/prompt_validator.py +40 -0
package/dist/gaia-security/hooks/modules/security/tiers.py +196 -0
package/dist/gaia-security/hooks/modules/session/__init__.py +10 -0
package/dist/gaia-security/hooks/modules/session/session_context_writer.py +100 -0
package/dist/gaia-security/hooks/modules/session/session_event_injector.py +158 -0
package/dist/gaia-security/hooks/modules/session/session_manager.py +31 -0
package/dist/gaia-security/hooks/modules/tools/__init__.py +25 -0
package/dist/gaia-security/hooks/modules/tools/bash_validator.py +708 -0
package/dist/gaia-security/hooks/modules/tools/cloud_pipe_validator.py +181 -0
package/dist/gaia-security/hooks/modules/tools/hook_response.py +55 -0
package/dist/gaia-security/hooks/modules/tools/shell_parser.py +227 -0
package/dist/gaia-security/hooks/modules/tools/task_validator.py +283 -0
package/dist/gaia-security/hooks/modules/validation/__init__.py +23 -0
package/dist/gaia-security/hooks/modules/validation/commit_validator.py +380 -0
package/dist/gaia-security/hooks/post_tool_use.py +54 -0
package/dist/gaia-security/hooks/pre_tool_use.py +383 -0
package/dist/gaia-security/hooks/session_start.py +69 -0
package/dist/gaia-security/hooks/stop_hook.py +69 -0
package/dist/gaia-security/hooks/user_prompt_submit.py +177 -0
package/dist/gaia-security/settings.json +58 -0
package/git-hooks/commit-msg +41 -0
package/hooks/README.md +8 -6
package/hooks/adapters/channel.py +0 -25
package/hooks/adapters/claude_code.py +364 -125
package/hooks/elicitation_result.py +132 -0
package/hooks/hooks.json +10 -1
package/hooks/modules/README.md +3 -2
package/hooks/modules/agents/contract_validator.py +3 -51
package/hooks/modules/agents/response_contract.py +4 -8
package/hooks/modules/agents/transcript_reader.py +4 -5
package/hooks/modules/audit/__init__.py +4 -6
package/hooks/modules/audit/event_detector.py +0 -2
package/hooks/modules/audit/metrics.py +108 -187
package/hooks/modules/audit/workflow_auditor.py +0 -4
package/hooks/modules/audit/workflow_recorder.py +0 -5
package/hooks/modules/context/compact_context_builder.py +1 -0
package/hooks/modules/context/context_cache.py +129 -0
package/hooks/modules/context/context_injector.py +18 -40
package/hooks/modules/context/context_writer.py +1 -25
package/hooks/modules/context/contracts_loader.py +7 -10
package/hooks/modules/core/hook_entry.py +1 -0
package/hooks/modules/core/paths.py +12 -13
package/hooks/modules/core/plugin_mode.py +74 -4
package/hooks/modules/core/plugin_setup.py +395 -23
package/hooks/modules/events/__init__.py +1 -0
package/hooks/modules/events/event_writer.py +210 -0
package/hooks/modules/identity/ops_identity.py +18 -27
package/hooks/modules/memory/episode_writer.py +1 -6
package/hooks/modules/orchestrator/__init__.py +1 -0
package/hooks/modules/orchestrator/delegate_mode.py +128 -0
package/hooks/modules/security/__init__.py +2 -4
package/hooks/modules/security/approval_constants.py +5 -1
package/hooks/modules/security/approval_grants.py +189 -6
package/hooks/modules/security/approval_messages.py +9 -21
package/hooks/modules/security/blocked_commands.py +98 -34
package/hooks/modules/security/command_semantics.py +0 -4
package/hooks/modules/security/gitops_validator.py +1 -11
package/hooks/modules/security/mutative_verbs.py +179 -38
package/hooks/modules/security/tiers.py +1 -19
package/hooks/modules/session/session_event_injector.py +1 -25
package/hooks/modules/tools/bash_validator.py +310 -94
package/hooks/modules/tools/shell_parser.py +0 -1
package/hooks/modules/tools/task_validator.py +9 -29
package/hooks/post_tool_use.py +0 -72
package/hooks/pre_tool_use.py +42 -102
package/hooks/session_start.py +4 -2
package/hooks/subagent_start.py +6 -2
package/hooks/subagent_stop.py +1 -13
package/hooks/user_prompt_submit.py +119 -37
package/index.js +1 -1
package/package.json +5 -3
package/skills/README.md +3 -5
package/skills/agent-protocol/SKILL.md +17 -16
package/skills/agent-protocol/examples.md +6 -6
package/skills/agent-response/SKILL.md +11 -14
package/skills/approval/SKILL.md +28 -13
package/skills/approval/reference.md +2 -2
package/skills/execution/SKILL.md +1 -1
package/skills/gaia-patterns/SKILL.md +2 -3
package/skills/orchestrator-approval/SKILL.md +22 -50
package/skills/security-tiers/SKILL.md +1 -1
package/templates/README.md +9 -9
package/templates/managed-settings.template.json +43 -0
package/tools/gaia_simulator/runner.py +34 -1
package/tools/scan/orchestrator.py +13 -0
package/tools/scan/scanners/base.py +8 -0
package/tools/scan/scanners/git.py +78 -0
package/tools/scan/scanners/infrastructure.py +65 -0
package/tools/scan/scanners/stack.py +110 -0
package/tools/scan/setup.py +120 -13
package/tools/scan/workspace.py +85 -0
package/config/context-contracts.aws.json +0 -42
package/config/context-contracts.gcp.json +0 -39
package/skills/project-dispatch/SKILL.md +0 -34
package/templates/settings.template.json +0 -226

package/dist/gaia-security/hooks/modules/security/blocked_commands.py ADDED Viewed

@@ -0,0 +1,584 @@
+"""
+Blocked command patterns - PERMANENTLY BLOCKED operations (exit 2, never approvable).
+This is the single source of truth for DESTRUCTIVE commands. Commands matched here
+are blocked with exit 2 and cannot be approved.
+All other state-modifying commands are detected by the universal verb detector
+(mutative_verbs.py) as MUTATIVE and routed through the user approval workflow.
+Categories:
+- AWS networking/data infrastructure delete operations
+- AWS KMS/Route53/Organizations operations
+- Azure resource group/networking/data/AKS/Key Vault delete operations
+- GCP project/cluster/database delete operations
+- Kubernetes critical delete operations (cluster, namespace, pv, node, CRD, webhooks)
+- Kubernetes bulk delete operations (--all flag)
+- Terraform/Terragrunt destroy (without -target)
+- Docker bulk prune operations
+- Flux uninstall (removes all Flux components)
+- Git force push operations (not --force-with-lease)
+- Git reset --hard
+- GitHub/GitLab repo delete
+- npm unpublish (entire package)
+- SQL destructive operations (drop database, drop table)
+- Disk/filesystem destruction operations (dd, fdisk, mkfs)
+- rm -rf / and rm -rf ~
+"""
+import re
+import logging
+from typing import Dict, List, Optional, Tuple
+from dataclasses import dataclass
+from .command_semantics import CommandSemantics, analyze_command, _contains_ordered_sequence
+logger = logging.getLogger(__name__)
+@dataclass
+class BlockedCommandResult:
+    """Result of blocked command check."""
+    is_blocked: bool
+    pattern_matched: Optional[str] = None
+    category: Optional[str] = None
+    suggestion: Optional[str] = None
+@dataclass(frozen=True)
+class SemanticBlockedRule:
+    """Ordered-token signature for deny-listed commands."""
+    category: str
+    sequence: Tuple[str, ...]
+    suggestion_key: str
+    required_flags: Tuple[str, ...] = ()
+    forbidden_flags: Tuple[str, ...] = ()
+    head_only: bool = True
+    def matches(self, semantics: CommandSemantics) -> bool:
+        tokens = semantics.semantic_head_tokens if self.head_only else semantics.semantic_tokens
+        if not _contains_ordered_sequence(tokens, self.sequence):
+            return False
+        flags = set(semantics.flag_tokens)
+        if any(flag not in flags for flag in self.required_flags):
+            return False
+        # forbidden_flags uses prefix matching to handle -flag=value forms
+        # (e.g., "-target=aws_instance.web" should match forbidden flag "-target")
+        if self.forbidden_flags:
+            for flag_token in semantics.flag_tokens:
+                for forbidden in self.forbidden_flags:
+                    if flag_token == forbidden or flag_token.startswith(forbidden + "="):
+                        return False
+        return True
+# ============================================================================
+# BLOCKED PATTERNS - PERMANENTLY BLOCKED (exit 2, no nonce, never approvable)
+# ============================================================================
+# These commands are PERMANENTLY BLOCKED and cannot be executed even with approval.
+# They represent irreversible, catastrophic operations at scale.
+#
+# The following are MUTATIVE (approvable via nonce, handled by mutative_verbs.py):
+# - aws iam delete-*, detach-*, remove-user-from-group
+# - aws ec2 delete-key-pair, delete-snapshot, delete-volume,
+#   delete-security-group, delete-network-interface
+# - aws lambda delete-function
+# - aws rds delete-db-parameter-group, delete-db-cluster-parameter-group
+# - aws cloudformation delete-stack
+# - aws s3api delete-objects
+# - aws sns delete-topic, aws sqs delete-queue
+# - aws dynamodb delete-item
+# - aws backup delete
+# - aws eks delete-nodegroup, delete-addon
+# - gcloud compute firewall-rules/instances/networks/disks/images/snapshots delete
+# - gcloud container node-pools delete
+# - gcloud iam roles delete
+# - gcloud storage rm
+# - kubectl delete pod/deployment/service/configmap/secret/clusterrole/clusterrolebinding
+# - flux delete (single resource)
+# - terraform destroy -target=<resource> (targeted)
+# - helm uninstall (any release)
+# - docker rm, docker rmi (individual containers/images)
+# ============================================================================
+BLOCKED_PATTERNS: Dict[str, List[re.Pattern]] = {
+    # AWS - Networking and data infrastructure (irreversible)
+    # Patterns use (?!-) negative lookahead to prevent prefix matching
+    # (e.g., delete-db-cluster must not match delete-db-cluster-parameter-group).
+    # \b alone is insufficient because hyphens are non-word characters.
+    "aws_critical": [
+        re.compile(r"aws\s+ec2\s+delete-vpc(?!-)\b", re.IGNORECASE),
+        re.compile(r"aws\s+ec2\s+delete-subnet(?!-)\b", re.IGNORECASE),
+        re.compile(r"aws\s+ec2\s+delete-internet-gateway(?!-)\b", re.IGNORECASE),
+        re.compile(r"aws\s+ec2\s+delete-route-table(?!-)\b", re.IGNORECASE),
+        re.compile(r"aws\s+ec2\s+delete-route(?!-)\b", re.IGNORECASE),
+        re.compile(r"aws\s+ec2\s+terminate-instances\b", re.IGNORECASE),
+        re.compile(r"aws\s+rds\s+delete-db-instance(?!-)\b", re.IGNORECASE),
+        re.compile(r"aws\s+rds\s+delete-db-cluster(?!-)\b", re.IGNORECASE),
+        re.compile(r"aws\s+dynamodb\s+delete-table(?!-)\b", re.IGNORECASE),
+        re.compile(r"aws\s+s3\s+rb(?!-)\b", re.IGNORECASE),
+        re.compile(r"aws\s+s3api\s+delete-bucket(?!-)\b", re.IGNORECASE),
+        re.compile(r"aws\s+elasticache\s+delete-cache-cluster(?!-)\b", re.IGNORECASE),
+        re.compile(r"aws\s+elasticache\s+delete-replication-group(?!-)\b", re.IGNORECASE),
+        re.compile(r"aws\s+eks\s+delete-cluster(?!-)\b", re.IGNORECASE),
+        re.compile(r"aws\s+kms\s+schedule-key-deletion\b", re.IGNORECASE),
+        re.compile(r"aws\s+organizations\s+delete-organization\b", re.IGNORECASE),
+        re.compile(r"aws\s+route53\s+delete-hosted-zone\b", re.IGNORECASE),
+    ],
+    # Azure - Resource group, networking, data infrastructure (irreversible)
+    "azure_critical": [
+        re.compile(r"az\s+group\s+delete\b", re.IGNORECASE),
+        re.compile(r"az\s+network\s+vnet\s+delete\b", re.IGNORECASE),
+        re.compile(r"az\s+network\s+vnet\s+subnet\s+delete\b", re.IGNORECASE),
+        re.compile(r"az\s+network\s+nsg\s+delete\b", re.IGNORECASE),
+        re.compile(r"az\s+network\s+public-ip\s+delete\b", re.IGNORECASE),
+        re.compile(r"az\s+network\s+application-gateway\s+delete\b", re.IGNORECASE),
+        re.compile(r"az\s+network\s+lb\s+delete\b", re.IGNORECASE),
+        re.compile(r"az\s+network\s+dns\s+zone\s+delete\b", re.IGNORECASE),
+        re.compile(r"az\s+network\s+private-dns\s+zone\s+delete\b", re.IGNORECASE),
+        re.compile(r"az\s+vm\s+delete\b", re.IGNORECASE),
+        re.compile(r"az\s+vmss\s+delete\b", re.IGNORECASE),
+        re.compile(r"az\s+disk\s+delete\b", re.IGNORECASE),
+        re.compile(r"az\s+snapshot\s+delete\b", re.IGNORECASE),
+        re.compile(r"az\s+image\s+delete\b", re.IGNORECASE),
+        re.compile(r"az\s+sql\s+server\s+delete\b", re.IGNORECASE),
+        re.compile(r"az\s+sql\s+db\s+delete\b", re.IGNORECASE),
+        re.compile(r"az\s+cosmosdb\s+delete\b", re.IGNORECASE),
+        re.compile(r"az\s+redis\s+delete\b", re.IGNORECASE),
+        re.compile(r"az\s+storage\s+account\s+delete\b", re.IGNORECASE),
+        re.compile(r"az\s+storage\s+container\s+delete\b", re.IGNORECASE),
+        re.compile(r"az\s+storage\s+blob\s+delete-batch\b", re.IGNORECASE),
+        re.compile(r"az\s+aks\s+delete\b", re.IGNORECASE),
+        re.compile(r"az\s+aks\s+nodepool\s+delete\b", re.IGNORECASE),
+        re.compile(r"az\s+acr\s+delete\b", re.IGNORECASE),
+        re.compile(r"az\s+keyvault\s+delete\b", re.IGNORECASE),
+        re.compile(r"az\s+keyvault\s+key\s+delete\b", re.IGNORECASE),
+        re.compile(r"az\s+keyvault\s+secret\s+delete\b", re.IGNORECASE),
+        re.compile(r"az\s+functionapp\s+delete\b", re.IGNORECASE),
+        re.compile(r"az\s+webapp\s+delete\b", re.IGNORECASE),
+        re.compile(r"az\s+ad\s+app\s+delete\b", re.IGNORECASE),
+        re.compile(r"az\s+ad\s+sp\s+delete\b", re.IGNORECASE),
+        re.compile(r"az\s+servicebus\s+namespace\s+delete\b", re.IGNORECASE),
+        re.compile(r"az\s+eventhubs\s+namespace\s+delete\b", re.IGNORECASE),
+    ],
+    # GCP - Project, cluster, and database operations (irreversible)
+    "gcp_critical": [
+        re.compile(r"gcloud\s+projects\s+delete\b", re.IGNORECASE),
+        re.compile(r"gcloud\s+container\s+clusters\s+delete\b", re.IGNORECASE),
+        re.compile(r"gcloud\s+sql\s+instances\s+delete\b", re.IGNORECASE),
+        re.compile(r"gcloud\s+sql\s+databases\s+delete\b", re.IGNORECASE),
+        re.compile(r"gcloud\s+services\s+disable\b", re.IGNORECASE),
+        re.compile(r"gsutil\s+rb\b", re.IGNORECASE),
+        re.compile(r"gsutil\s+rm\s+-r\b", re.IGNORECASE),
+    ],
+    # Kubernetes - Critical cluster operations (irreversible)
+    # Word boundaries prevent "cluster" from matching "clusterrole" etc.
+    "kubernetes_critical": [
+        re.compile(r"kubectl\s+delete\s+namespace\b", re.IGNORECASE),
+        re.compile(r"kubectl\s+delete\s+ns\b", re.IGNORECASE),
+        re.compile(r"kubectl\s+delete\s+node\b", re.IGNORECASE),
+        re.compile(r"kubectl\s+delete\s+cluster\b", re.IGNORECASE),
+        re.compile(r"kubectl\s+delete\s+(pv|persistentvolume)\b", re.IGNORECASE),
+        re.compile(r"kubectl\s+delete\s+(pvc|persistentvolumeclaim)\b", re.IGNORECASE),
+        re.compile(r"kubectl\s+delete\s+(crd|customresourcedefinition)\b", re.IGNORECASE),
+        re.compile(r"kubectl\s+delete\s+mutatingwebhookconfiguration\b", re.IGNORECASE),
+        re.compile(r"kubectl\s+delete\s+validatingwebhookconfiguration\b", re.IGNORECASE),
+        re.compile(r"kubectl\s+drain\b", re.IGNORECASE),
+        # Bulk delete with --all flag on any resource type
+        re.compile(r"kubectl\s+delete\s+\w+\s+.*--all\b", re.IGNORECASE),
+    ],
+    # Terraform / Terragrunt - Whole-state destruction
+    "terraform_destroy": [
+        # terraform destroy WITHOUT -target (bare destroy is destructive)
+        # Uses negative lookahead to allow "terraform destroy -target=X" through
+        re.compile(r"terraform\s+destroy\b(?!.*-target)", re.IGNORECASE),
+        re.compile(r"terragrunt\s+destroy\b(?!.*-target)", re.IGNORECASE),
+        re.compile(r"terragrunt\s+run-all\s+destroy\b", re.IGNORECASE),
+        re.compile(r"terragrunt\s+destroy-all\b", re.IGNORECASE),
+    ],
+    # Docker - Bulk prune operations
+    "docker_critical": [
+        re.compile(r"docker\s+system\s+prune\s+.*(-a|--all)\b", re.IGNORECASE),
+        re.compile(r"docker\s+system\s+prune\s+.*--volumes\b", re.IGNORECASE),
+        re.compile(r"docker\s+volume\s+prune\b", re.IGNORECASE),
+    ],
+    # Flux - Uninstall removes ALL Flux components from cluster
+    "flux_critical": [
+        re.compile(r"flux\s+uninstall\b", re.IGNORECASE),
+    ],
+    # Git - Force push (history rewrite, not --force-with-lease) and reset --hard
+    "git_destructive": [
+        re.compile(r"git\s+push\s+.*--force(?!-with-lease)", re.IGNORECASE),
+        re.compile(r"git\s+push\s+.*(?<!\w)-f\b", re.IGNORECASE),
+        re.compile(r"git\s+reset\s+.*--hard\b", re.IGNORECASE),
+    ],
+    # GitHub/GitLab - Repo deletion
+    "repo_delete": [
+        re.compile(r"gh\s+repo\s+delete\b", re.IGNORECASE),
+        re.compile(r"glab\s+project\s+delete\b", re.IGNORECASE),
+    ],
+    # npm - Unpublish entire package (without @version)
+    "npm_critical": [
+        # Matches "npm unpublish packagename" but NOT "npm unpublish package@1.0.0"
+        re.compile(r"npm\s+unpublish\s+(?!.*@)\S+", re.IGNORECASE),
+    ],
+    # SQL - Drop database/table
+    "sql_critical": [
+        re.compile(r"drop\s+database\b", re.IGNORECASE),
+        re.compile(r"drop\s+table\b", re.IGNORECASE),
+    ],
+    # Disk operations - Irreversible data destruction
+    "disk_operations": [
+        re.compile(r"^dd\s+", re.IGNORECASE),
+        re.compile(r"^fdisk\s+", re.IGNORECASE),
+        re.compile(r"^mkfs(\.(ext[34]|fat|ntfs))?\s+", re.IGNORECASE),
+    ],
+    # rm -rf / and rm -rf ~ (catastrophic filesystem destruction)
+    "rm_critical": [
+        re.compile(r"rm\s+.*-[a-z]*r[a-z]*f[a-z]*\s+/\s*$", re.IGNORECASE),
+        re.compile(r"rm\s+.*-[a-z]*f[a-z]*r[a-z]*\s+/\s*$", re.IGNORECASE),
+        re.compile(r"rm\s+.*-[a-z]*r[a-z]*f[a-z]*\s+/\*", re.IGNORECASE),
+        re.compile(r"rm\s+.*-[a-z]*f[a-z]*r[a-z]*\s+/\*", re.IGNORECASE),
+        re.compile(r"rm\s+.*-[a-z]*r[a-z]*f[a-z]*\s+~/?", re.IGNORECASE),
+        re.compile(r"rm\s+.*-[a-z]*f[a-z]*r[a-z]*\s+~/?", re.IGNORECASE),
+    ],
+}
+# Suggestions for permanently blocked commands
+BLOCKED_COMMAND_SUGGESTIONS = {
+    # AWS suggestions
+    "aws ec2 delete-vpc": "[BLOCKED] VPC deletion is irreversible - use Terraform/Terragrunt",
+    "aws ec2 delete-subnet": "[BLOCKED] Subnet deletion is irreversible - use Terraform/Terragrunt",
+    "aws ec2 delete-internet-gateway": "[BLOCKED] Internet gateway deletion is irreversible - use Terraform/Terragrunt",
+    "aws ec2 delete-route-table": "[BLOCKED] Route table deletion is irreversible - use Terraform/Terragrunt",
+    "aws ec2 delete-route": "[BLOCKED] Route deletion should be done via Terraform/Terragrunt",
+    "aws ec2 terminate-instances": "[BLOCKED] Instance termination is irreversible - use Terraform/Terragrunt",
+    "aws rds delete-db-instance": "[BLOCKED] Use Terraform/Terragrunt for RDS lifecycle management",
+    "aws rds delete-db-cluster": "[BLOCKED] Use Terraform/Terragrunt for RDS cluster management",
+    "aws dynamodb delete-table": "[BLOCKED] Table deletion loses all data - use Terraform/Terragrunt",
+    "aws s3 rb": "[BLOCKED] Bucket removal is irreversible - use Terraform/Terragrunt",
+    "aws s3api delete-bucket": "[BLOCKED] Bucket deletion is irreversible - use Terraform/Terragrunt",
+    "aws eks delete-cluster": "[BLOCKED] Use Terraform/Terragrunt for EKS management",
+    "aws elasticache delete": "[BLOCKED] Use Terraform/Terragrunt for ElastiCache management",
+    "aws kms schedule-key-deletion": "[BLOCKED] KMS key deletion renders all encrypted data permanently unrecoverable",
+    "aws organizations delete-organization": "[BLOCKED] Organization deletion is irreversible",
+    "aws route53 delete-hosted-zone": "[BLOCKED] DNS zone deletion causes widespread outage",
+    # Azure suggestions
+    "az group delete": "[BLOCKED] Resource group deletion destroys all contained resources - use Terraform/Terragrunt",
+    "az network vnet delete": "[BLOCKED] VNet deletion is irreversible - use Terraform/Terragrunt",
+    "az network vnet subnet delete": "[BLOCKED] Subnet deletion is irreversible - use Terraform/Terragrunt",
+    "az network nsg delete": "[BLOCKED] NSG deletion removes all security rules - use Terraform/Terragrunt",
+    "az vm delete": "[BLOCKED] VM deletion is irreversible - use Terraform/Terragrunt",
+    "az vmss delete": "[BLOCKED] Scale set deletion is irreversible - use Terraform/Terragrunt",
+    "az disk delete": "[BLOCKED] Disk deletion loses all data - use Terraform/Terragrunt",
+    "az sql server delete": "[BLOCKED] SQL Server deletion destroys all databases - use Terraform/Terragrunt",
+    "az sql db delete": "[BLOCKED] Database deletion loses all data - use Terraform/Terragrunt",
+    "az cosmosdb delete": "[BLOCKED] CosmosDB deletion is irreversible - use Terraform/Terragrunt",
+    "az redis delete": "[BLOCKED] Redis deletion loses all cached data - use Terraform/Terragrunt",
+    "az storage account delete": "[BLOCKED] Storage account deletion destroys all data - use Terraform/Terragrunt",
+    "az aks delete": "[BLOCKED] AKS cluster deletion is irreversible - use Terraform/Terragrunt",
+    "az acr delete": "[BLOCKED] Container registry deletion destroys all images - use Terraform/Terragrunt",
+    "az keyvault delete": "[BLOCKED] Key Vault deletion can render encrypted data unrecoverable",
+    "az functionapp delete": "[BLOCKED] Function App deletion is irreversible - use Terraform/Terragrunt",
+    "az webapp delete": "[BLOCKED] Web App deletion is irreversible - use Terraform/Terragrunt",
+    "az ad app delete": "[BLOCKED] App registration deletion breaks all dependent services",
+    "az ad sp delete": "[BLOCKED] Service principal deletion breaks authentication for dependent services",
+    "az servicebus namespace delete": "[BLOCKED] Service Bus namespace deletion is irreversible - use Terraform/Terragrunt",
+    "az eventhubs namespace delete": "[BLOCKED] Event Hubs namespace deletion is irreversible - use Terraform/Terragrunt",
+    # GCP suggestions
+    "gcloud projects delete": "[BLOCKED] Project deletion is irreversible - must be done via Cloud Console",
+    "gcloud container clusters delete": "[BLOCKED] Use Terraform/Terragrunt for GKE management",
+    "gcloud sql instances delete": "[BLOCKED] Use Terraform/Terragrunt for Cloud SQL management",
+    "gcloud sql databases delete": "[BLOCKED] Database deletion loses all data - use Terraform/Terragrunt",
+    "gcloud services disable": "[BLOCKED] Disabling services can break dependent resources",
+    "gsutil rb": "[BLOCKED] Bucket removal is irreversible",
+    "gsutil rm -r": "[BLOCKED] Recursive deletion of cloud storage is irreversible",
+    # Kubernetes suggestions
+    "kubectl delete namespace": "[BLOCKED] Namespace deletion destroys all resources within it",
+    "kubectl delete ns": "[BLOCKED] Namespace deletion destroys all resources within it",
+    "kubectl delete node": "[BLOCKED] Node deletion removes the node from the cluster",
+    "kubectl delete cluster": "[BLOCKED] Cluster deletion is irreversible and impacts all workloads",
+    "kubectl delete pv": "[BLOCKED] Persistent volume deletion loses data",
+    "kubectl delete pvc": "[BLOCKED] PVC deletion can trigger PV reclaim and data loss",
+    "kubectl delete crd": "[BLOCKED] CRD deletion destroys all custom resources of that type",
+    "kubectl delete mutatingwebhookconfiguration": "[BLOCKED] Webhook deletion can break admission control and cluster safety",
+    "kubectl delete validatingwebhookconfiguration": "[BLOCKED] Webhook deletion can break admission control and cluster safety",
+    "kubectl drain": "[BLOCKED] Node draining can cause service disruption",
+    "kubectl delete --all": "[BLOCKED] Bulk deletion of all resources is irreversible",
+    # Terraform / Terragrunt suggestions
+    "terraform destroy": "[BLOCKED] terraform destroy without -target destroys entire state - use terraform destroy -target=<resource>",
+    "terragrunt destroy": "[BLOCKED] terragrunt destroy without -target destroys entire state",
+    "terragrunt run-all destroy": "[BLOCKED] Recursive destruction of all modules",
+    "terragrunt destroy-all": "[BLOCKED] Recursive destruction of all modules",
+    # Docker suggestions
+    "docker system prune": "[BLOCKED] docker system prune with -a or --volumes removes all unused resources",
+    "docker volume prune": "[BLOCKED] docker volume prune removes all unused volumes and data",
+    # Flux suggestions
+    "flux uninstall": "[BLOCKED] flux uninstall removes ALL Flux components from the cluster",
+    # Git suggestions
+    "git push --force": "[BLOCKED] Force push rewrites history - use git push --force-with-lease",
+    "git push -f": "[BLOCKED] Force push rewrites history - use git push --force-with-lease",
+    "git reset --hard": "[BLOCKED] git reset --hard permanently discards uncommitted changes",
+    # GitHub/GitLab suggestions
+    "gh repo delete": "[BLOCKED] Repository deletion is irreversible - destroys all code and history",
+    "glab project delete": "[BLOCKED] Project deletion is irreversible - destroys all code and history",
+    # npm suggestions
+    "npm unpublish": "[BLOCKED] npm unpublish without @version removes entire package from registry",
+    # SQL suggestions
+    "drop database": "[BLOCKED] DROP DATABASE is irreversible - destroys all data",
+    "drop table": "[BLOCKED] DROP TABLE is irreversible - destroys all data",
+    # Disk operations
+    "dd": "[BLOCKED] Low-level disk operations can destroy data",
+    "fdisk": "[BLOCKED] Disk partitioning can destroy data",
+    "mkfs": "[BLOCKED] Filesystem creation destroys all data on target",
+    # rm critical
+    "rm -rf /": "[BLOCKED] Filesystem destruction is irreversible",
+    "rm -rf ~": "[BLOCKED] Home directory destruction is irreversible",
+}
+# Structured deny signatures complement the raw regex patterns above.
+# They make the deny list resilient to extra flag/value pairs inserted before
+# the real subcommand, e.g.:
+#   kubectl --context prod delete namespace
+#   aws --profile prod ec2 delete-vpc
+#   git -C repo push origin main --force
+SEMANTIC_BLOCKED_RULES = (
+    # AWS
+    SemanticBlockedRule("aws_critical", ("aws", "ec2", "delete-vpc"), "aws ec2 delete-vpc"),
+    SemanticBlockedRule("aws_critical", ("aws", "ec2", "delete-subnet"), "aws ec2 delete-subnet"),
+    SemanticBlockedRule("aws_critical", ("aws", "ec2", "delete-internet-gateway"), "aws ec2 delete-internet-gateway"),
+    SemanticBlockedRule("aws_critical", ("aws", "ec2", "delete-route-table"), "aws ec2 delete-route-table"),
+    SemanticBlockedRule("aws_critical", ("aws", "ec2", "delete-route"), "aws ec2 delete-route"),
+    SemanticBlockedRule("aws_critical", ("aws", "ec2", "terminate-instances"), "aws ec2 terminate-instances"),
+    SemanticBlockedRule("aws_critical", ("aws", "rds", "delete-db-instance"), "aws rds delete-db-instance"),
+    SemanticBlockedRule("aws_critical", ("aws", "rds", "delete-db-cluster"), "aws rds delete-db-cluster"),
+    SemanticBlockedRule("aws_critical", ("aws", "dynamodb", "delete-table"), "aws dynamodb delete-table"),
+    SemanticBlockedRule("aws_critical", ("aws", "s3", "rb"), "aws s3 rb"),
+    SemanticBlockedRule("aws_critical", ("aws", "s3api", "delete-bucket"), "aws s3api delete-bucket"),
+    SemanticBlockedRule(
+        "aws_critical",
+        ("aws", "elasticache", "delete-cache-cluster"),
+        "aws elasticache delete",
+    ),
+    SemanticBlockedRule(
+        "aws_critical",
+        ("aws", "elasticache", "delete-replication-group"),
+        "aws elasticache delete",
+    ),
+    SemanticBlockedRule("aws_critical", ("aws", "eks", "delete-cluster"), "aws eks delete-cluster"),
+    SemanticBlockedRule("aws_critical", ("aws", "kms", "schedule-key-deletion"), "aws kms schedule-key-deletion"),
+    SemanticBlockedRule("aws_critical", ("aws", "organizations", "delete-organization"), "aws organizations delete-organization"),
+    SemanticBlockedRule("aws_critical", ("aws", "route53", "delete-hosted-zone"), "aws route53 delete-hosted-zone"),
+    # Azure
+    SemanticBlockedRule("azure_critical", ("az", "group", "delete"), "az group delete"),
+    SemanticBlockedRule("azure_critical", ("az", "network", "vnet", "delete"), "az network vnet delete"),
+    SemanticBlockedRule("azure_critical", ("az", "network", "vnet", "subnet", "delete"), "az network vnet subnet delete"),
+    SemanticBlockedRule("azure_critical", ("az", "network", "nsg", "delete"), "az network nsg delete"),
+    SemanticBlockedRule("azure_critical", ("az", "network", "public-ip", "delete"), "az network vnet delete"),
+    SemanticBlockedRule("azure_critical", ("az", "network", "application-gateway", "delete"), "az network vnet delete"),
+    SemanticBlockedRule("azure_critical", ("az", "network", "lb", "delete"), "az network vnet delete"),
+    SemanticBlockedRule("azure_critical", ("az", "network", "dns", "zone", "delete"), "az network vnet delete"),
+    SemanticBlockedRule("azure_critical", ("az", "network", "private-dns", "zone", "delete"), "az network vnet delete"),
+    SemanticBlockedRule("azure_critical", ("az", "vm", "delete"), "az vm delete"),
+    SemanticBlockedRule("azure_critical", ("az", "vmss", "delete"), "az vmss delete"),
+    SemanticBlockedRule("azure_critical", ("az", "disk", "delete"), "az disk delete"),
+    SemanticBlockedRule("azure_critical", ("az", "snapshot", "delete"), "az disk delete"),
+    SemanticBlockedRule("azure_critical", ("az", "image", "delete"), "az disk delete"),
+    SemanticBlockedRule("azure_critical", ("az", "sql", "server", "delete"), "az sql server delete"),
+    SemanticBlockedRule("azure_critical", ("az", "sql", "db", "delete"), "az sql db delete"),
+    SemanticBlockedRule("azure_critical", ("az", "cosmosdb", "delete"), "az cosmosdb delete"),
+    SemanticBlockedRule("azure_critical", ("az", "redis", "delete"), "az redis delete"),
+    SemanticBlockedRule("azure_critical", ("az", "storage", "account", "delete"), "az storage account delete"),
+    SemanticBlockedRule("azure_critical", ("az", "storage", "container", "delete"), "az storage account delete"),
+    SemanticBlockedRule("azure_critical", ("az", "storage", "blob", "delete-batch"), "az storage account delete"),
+    SemanticBlockedRule("azure_critical", ("az", "aks", "delete"), "az aks delete"),
+    SemanticBlockedRule("azure_critical", ("az", "aks", "nodepool", "delete"), "az aks delete"),
+    SemanticBlockedRule("azure_critical", ("az", "acr", "delete"), "az acr delete"),
+    SemanticBlockedRule("azure_critical", ("az", "keyvault", "delete"), "az keyvault delete"),
+    SemanticBlockedRule("azure_critical", ("az", "keyvault", "key", "delete"), "az keyvault delete"),
+    SemanticBlockedRule("azure_critical", ("az", "keyvault", "secret", "delete"), "az keyvault delete"),
+    SemanticBlockedRule("azure_critical", ("az", "functionapp", "delete"), "az functionapp delete"),
+    SemanticBlockedRule("azure_critical", ("az", "webapp", "delete"), "az webapp delete"),
+    SemanticBlockedRule("azure_critical", ("az", "ad", "app", "delete"), "az ad app delete"),
+    SemanticBlockedRule("azure_critical", ("az", "ad", "sp", "delete"), "az ad sp delete"),
+    SemanticBlockedRule("azure_critical", ("az", "servicebus", "namespace", "delete"), "az servicebus namespace delete"),
+    SemanticBlockedRule("azure_critical", ("az", "eventhubs", "namespace", "delete"), "az eventhubs namespace delete"),
+    # GCP
+    SemanticBlockedRule("gcp_critical", ("gcloud", "projects", "delete"), "gcloud projects delete"),
+    SemanticBlockedRule(
+        "gcp_critical",
+        ("gcloud", "container", "clusters", "delete"),
+        "gcloud container clusters delete",
+    ),
+    SemanticBlockedRule("gcp_critical", ("gcloud", "sql", "instances", "delete"), "gcloud sql instances delete"),
+    SemanticBlockedRule("gcp_critical", ("gcloud", "sql", "databases", "delete"), "gcloud sql databases delete"),
+    SemanticBlockedRule("gcp_critical", ("gcloud", "services", "disable"), "gcloud services disable"),
+    SemanticBlockedRule("gcp_critical", ("gsutil", "rb"), "gsutil rb"),
+    SemanticBlockedRule("gcp_critical", ("gsutil", "rm"), "gsutil rm -r", required_flags=("-r",)),
+    # Kubernetes
+    SemanticBlockedRule("kubernetes_critical", ("kubectl", "delete", "namespace"), "kubectl delete namespace"),
+    SemanticBlockedRule("kubernetes_critical", ("kubectl", "delete", "ns"), "kubectl delete ns"),
+    SemanticBlockedRule("kubernetes_critical", ("kubectl", "delete", "node"), "kubectl delete node"),
+    SemanticBlockedRule("kubernetes_critical", ("kubectl", "delete", "cluster"), "kubectl delete cluster"),
+    SemanticBlockedRule("kubernetes_critical", ("kubectl", "delete", "pv"), "kubectl delete pv"),
+    SemanticBlockedRule(
+        "kubernetes_critical",
+        ("kubectl", "delete", "persistentvolume"),
+        "kubectl delete pv",
+    ),
+    SemanticBlockedRule("kubernetes_critical", ("kubectl", "delete", "pvc"), "kubectl delete pvc"),
+    SemanticBlockedRule(
+        "kubernetes_critical",
+        ("kubectl", "delete", "persistentvolumeclaim"),
+        "kubectl delete pvc",
+    ),
+    SemanticBlockedRule("kubernetes_critical", ("kubectl", "delete", "crd"), "kubectl delete crd"),
+    SemanticBlockedRule(
+        "kubernetes_critical",
+        ("kubectl", "delete", "customresourcedefinition"),
+        "kubectl delete crd",
+    ),
+    SemanticBlockedRule(
+        "kubernetes_critical",
+        ("kubectl", "delete", "mutatingwebhookconfiguration"),
+        "kubectl delete mutatingwebhookconfiguration",
+    ),
+    SemanticBlockedRule(
+        "kubernetes_critical",
+        ("kubectl", "delete", "validatingwebhookconfiguration"),
+        "kubectl delete validatingwebhookconfiguration",
+    ),
+    SemanticBlockedRule("kubernetes_critical", ("kubectl", "drain"), "kubectl drain"),
+    # Terraform / Terragrunt (semantic rules use forbidden_flags to allow -target through)
+    SemanticBlockedRule(
+        "terraform_destroy",
+        ("terraform", "destroy"),
+        "terraform destroy",
+        forbidden_flags=("-target", "--target"),
+    ),
+    SemanticBlockedRule(
+        "terraform_destroy",
+        ("terragrunt", "destroy"),
+        "terragrunt destroy",
+        forbidden_flags=("-target", "--target"),
+    ),
+    SemanticBlockedRule("terraform_destroy", ("terragrunt", "run-all", "destroy"), "terragrunt run-all destroy"),
+    SemanticBlockedRule("terraform_destroy", ("terragrunt", "destroy-all"), "terragrunt destroy-all"),
+    # Docker
+    SemanticBlockedRule("docker_critical", ("docker", "system", "prune"), "docker system prune", required_flags=("-a",)),
+    SemanticBlockedRule("docker_critical", ("docker", "system", "prune"), "docker system prune", required_flags=("--all",)),
+    SemanticBlockedRule("docker_critical", ("docker", "system", "prune"), "docker system prune", required_flags=("--volumes",)),
+    SemanticBlockedRule("docker_critical", ("docker", "volume", "prune"), "docker volume prune"),
+    # Flux
+    SemanticBlockedRule("flux_critical", ("flux", "uninstall"), "flux uninstall"),
+    # Git
+    SemanticBlockedRule("git_destructive", ("git", "push"), "git push --force", required_flags=("--force",)),
+    SemanticBlockedRule("git_destructive", ("git", "push"), "git push -f", required_flags=("-f",)),
+    SemanticBlockedRule("git_destructive", ("git", "reset"), "git reset --hard", required_flags=("--hard",)),
+    # GitHub/GitLab
+    SemanticBlockedRule("repo_delete", ("gh", "repo", "delete"), "gh repo delete"),
+    SemanticBlockedRule("repo_delete", ("glab", "project", "delete"), "glab project delete"),
+)
+def get_blocked_patterns() -> List[re.Pattern]:
+    """
+    Get flat list of all blocked patterns (pre-compiled).
+    Returns:
+        List of compiled regex patterns
+    """
+    patterns = []
+    for category_patterns in BLOCKED_PATTERNS.values():
+        patterns.extend(category_patterns)
+    return patterns
+def is_blocked_command(command: str) -> BlockedCommandResult:
+    """
+    Check if command matches any blocked pattern.
+    Args:
+        command: Shell command to check
+    Returns:
+        BlockedCommandResult with match details
+    """
+    if not command or not command.strip():
+        return BlockedCommandResult(is_blocked=False)
+    command = command.strip()
+    semantic_rule = _match_semantic_block_rule(command)
+    if semantic_rule is not None:
+        suggestion = BLOCKED_COMMAND_SUGGESTIONS.get(semantic_rule.suggestion_key)
+        return BlockedCommandResult(
+            is_blocked=True,
+            pattern_matched=f"semantic:{' '.join(semantic_rule.sequence)}",
+            category=semantic_rule.category,
+            suggestion=suggestion,
+        )
+    for category, patterns in BLOCKED_PATTERNS.items():
+        for pattern in patterns:
+            if pattern.search(command):
+                # Find suggestion for this command
+                suggestion = None
+                for cmd_prefix, cmd_suggestion in BLOCKED_COMMAND_SUGGESTIONS.items():
+                    if cmd_prefix in command.lower():
+                        suggestion = cmd_suggestion
+                        break
+                return BlockedCommandResult(
+                    is_blocked=True,
+                    pattern_matched=pattern.pattern,
+                    category=category,
+                    suggestion=suggestion,
+                )
+    return BlockedCommandResult(is_blocked=False)
+def _match_semantic_block_rule(command: str) -> Optional[SemanticBlockedRule]:
+    """Return the first semantic deny rule that matches a command."""
+    semantics = analyze_command(command)
+    for rule in SEMANTIC_BLOCKED_RULES:
+        if rule.matches(semantics):
+            return rule
+    return None