npm - @jaguilar87/gaia - Versions diffs - 5.0.0-rc.2 - Mend

@jaguilar87/gaia 5.0.0-rc.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (621) hide show

package/.claude-plugin/marketplace.json +33 -0
package/.claude-plugin/plugin.json +26 -0
package/ARCHITECTURE.md +335 -0
package/CHANGELOG.md +1298 -0
package/CODE_OF_CONDUCT.md +11 -0
package/CONTRIBUTING.md +146 -0
package/INSTALL.md +436 -0
package/LICENSE +21 -0
package/README.md +222 -0
package/SECURITY.md +47 -0
package/agents/README.md +78 -0
package/agents/cloud-troubleshooter.md +73 -0
package/agents/developer.md +65 -0
package/agents/gaia-operator.md +64 -0
package/agents/gaia-orchestrator.md +111 -0
package/agents/gaia-planner.md +53 -0
package/agents/gaia-system.md +71 -0
package/agents/gitops-operator.md +61 -0
package/agents/terraform-architect.md +63 -0
package/bin/README.md +106 -0
package/bin/cli/__init__.py +1 -0
package/bin/cli/approvals.py +740 -0
package/bin/cli/cleanup.py +562 -0
package/bin/cli/context.py +283 -0
package/bin/cli/doctor.py +651 -0
package/bin/cli/history.py +305 -0
package/bin/cli/memory.py +483 -0
package/bin/cli/metrics.py +1068 -0
package/bin/cli/plans.py +515 -0
package/bin/cli/status.py +302 -0
package/bin/cli/update.py +382 -0
package/bin/gaia +112 -0
package/bin/gaia-cleanup.js +531 -0
package/bin/gaia-doctor.js +635 -0
package/bin/gaia-evidence +126 -0
package/bin/gaia-history.js +251 -0
package/bin/gaia-metrics.js +1278 -0
package/bin/gaia-review.js +269 -0
package/bin/gaia-scan +44 -0
package/bin/gaia-scan.py +589 -0
package/bin/gaia-skills-diagnose.js +929 -0
package/bin/gaia-status.js +278 -0
package/bin/gaia-uninstall.js +111 -0
package/bin/gaia-update.js +919 -0
package/bin/pre-publish-validate.js +610 -0
package/bin/python-detect.js +60 -0
package/bin/validate-sandbox.sh +601 -0
package/commands/README.md +64 -0
package/commands/gaia.md +37 -0
package/commands/scan-project.md +67 -0
package/config/README.md +71 -0
package/config/cloud/aws.json +134 -0
package/config/cloud/gcp.json +139 -0
package/config/context-contracts.json +158 -0
package/config/crons-schema.md +81 -0
package/config/git_standards.json +72 -0
package/config/surface-routing.json +417 -0
package/config/universal-rules.json +102 -0
package/dist/gaia-ops/.claude-plugin/plugin.json +24 -0
package/dist/gaia-ops/README.md +80 -0
package/dist/gaia-ops/agents/cloud-troubleshooter.md +73 -0
package/dist/gaia-ops/agents/developer.md +65 -0
package/dist/gaia-ops/agents/gaia-operator.md +64 -0
package/dist/gaia-ops/agents/gaia-orchestrator.md +111 -0
package/dist/gaia-ops/agents/gaia-planner.md +53 -0
package/dist/gaia-ops/agents/gaia-system.md +71 -0
package/dist/gaia-ops/agents/gitops-operator.md +61 -0
package/dist/gaia-ops/agents/terraform-architect.md +63 -0
package/dist/gaia-ops/commands/gaia.md +37 -0
package/dist/gaia-ops/config/README.md +71 -0
package/dist/gaia-ops/config/cloud/aws.json +134 -0
package/dist/gaia-ops/config/cloud/gcp.json +139 -0
package/dist/gaia-ops/config/context-contracts.json +158 -0
package/dist/gaia-ops/config/crons-schema.md +81 -0
package/dist/gaia-ops/config/git_standards.json +72 -0
package/dist/gaia-ops/config/surface-routing.json +417 -0
package/dist/gaia-ops/config/universal-rules.json +102 -0
package/dist/gaia-ops/hooks/adapters/__init__.py +52 -0
package/dist/gaia-ops/hooks/adapters/base.py +219 -0
package/dist/gaia-ops/hooks/adapters/channel.py +17 -0
package/dist/gaia-ops/hooks/adapters/claude_code.py +1890 -0
package/dist/gaia-ops/hooks/adapters/types.py +194 -0
package/dist/gaia-ops/hooks/adapters/utils.py +25 -0
package/dist/gaia-ops/hooks/hooks.json +192 -0
package/dist/gaia-ops/hooks/modules/__init__.py +15 -0
package/dist/gaia-ops/hooks/modules/agents/__init__.py +29 -0
package/dist/gaia-ops/hooks/modules/agents/contract_validator.py +647 -0
package/dist/gaia-ops/hooks/modules/agents/response_contract.py +496 -0
package/dist/gaia-ops/hooks/modules/agents/skill_injection_verifier.py +120 -0
package/dist/gaia-ops/hooks/modules/agents/state_tracker.py +267 -0
package/dist/gaia-ops/hooks/modules/agents/task_info_builder.py +74 -0
package/dist/gaia-ops/hooks/modules/agents/transcript_analyzer.py +458 -0
package/dist/gaia-ops/hooks/modules/agents/transcript_reader.py +152 -0
package/dist/gaia-ops/hooks/modules/audit/__init__.py +28 -0
package/dist/gaia-ops/hooks/modules/audit/event_detector.py +168 -0
package/dist/gaia-ops/hooks/modules/audit/logger.py +131 -0
package/dist/gaia-ops/hooks/modules/audit/metrics.py +134 -0
package/dist/gaia-ops/hooks/modules/audit/workflow_auditor.py +611 -0
package/dist/gaia-ops/hooks/modules/audit/workflow_recorder.py +296 -0
package/dist/gaia-ops/hooks/modules/context/__init__.py +11 -0
package/dist/gaia-ops/hooks/modules/context/agentic_loop_detector.py +165 -0
package/dist/gaia-ops/hooks/modules/context/anchor_tracker.py +317 -0
package/dist/gaia-ops/hooks/modules/context/compact_context_builder.py +218 -0
package/dist/gaia-ops/hooks/modules/context/context_freshness.py +145 -0
package/dist/gaia-ops/hooks/modules/context/context_injector.py +558 -0
package/dist/gaia-ops/hooks/modules/context/context_writer.py +530 -0
package/dist/gaia-ops/hooks/modules/context/contracts_loader.py +161 -0
package/dist/gaia-ops/hooks/modules/core/__init__.py +40 -0
package/dist/gaia-ops/hooks/modules/core/hook_entry.py +78 -0
package/dist/gaia-ops/hooks/modules/core/paths.py +160 -0
package/dist/gaia-ops/hooks/modules/core/plugin_mode.py +149 -0
package/dist/gaia-ops/hooks/modules/core/plugin_setup.py +577 -0
package/dist/gaia-ops/hooks/modules/core/state.py +179 -0
package/dist/gaia-ops/hooks/modules/core/stdin.py +24 -0
package/dist/gaia-ops/hooks/modules/events/__init__.py +1 -0
package/dist/gaia-ops/hooks/modules/events/event_writer.py +210 -0
package/dist/gaia-ops/hooks/modules/memory/__init__.py +8 -0
package/dist/gaia-ops/hooks/modules/memory/episode_writer.py +216 -0
package/dist/gaia-ops/hooks/modules/orchestrator/__init__.py +1 -0
package/dist/gaia-ops/hooks/modules/orchestrator/delegate_mode.py +122 -0
package/dist/gaia-ops/hooks/modules/scanning/__init__.py +8 -0
package/dist/gaia-ops/hooks/modules/scanning/scan_trigger.py +84 -0
package/dist/gaia-ops/hooks/modules/security/__init__.py +120 -0
package/dist/gaia-ops/hooks/modules/security/approval_cleanup.py +87 -0
package/dist/gaia-ops/hooks/modules/security/approval_constants.py +23 -0
package/dist/gaia-ops/hooks/modules/security/approval_grants.py +1638 -0
package/dist/gaia-ops/hooks/modules/security/approval_messages.py +71 -0
package/dist/gaia-ops/hooks/modules/security/approval_scopes.py +222 -0
package/dist/gaia-ops/hooks/modules/security/blocked_commands.py +595 -0
package/dist/gaia-ops/hooks/modules/security/blocked_message_formatter.py +87 -0
package/dist/gaia-ops/hooks/modules/security/command_semantics.py +181 -0
package/dist/gaia-ops/hooks/modules/security/composition_rules.py +547 -0
package/dist/gaia-ops/hooks/modules/security/flag_classifiers.py +873 -0
package/dist/gaia-ops/hooks/modules/security/gitops_validator.py +179 -0
package/dist/gaia-ops/hooks/modules/security/mutative_verbs.py +1131 -0
package/dist/gaia-ops/hooks/modules/security/network_hosts.py +481 -0
package/dist/gaia-ops/hooks/modules/security/prompt_validator.py +40 -0
package/dist/gaia-ops/hooks/modules/security/shell_unwrapper.py +165 -0
package/dist/gaia-ops/hooks/modules/security/tiers.py +196 -0
package/dist/gaia-ops/hooks/modules/session/__init__.py +10 -0
package/dist/gaia-ops/hooks/modules/session/pending_scanner.py +174 -0
package/dist/gaia-ops/hooks/modules/session/session_context_writer.py +100 -0
package/dist/gaia-ops/hooks/modules/session/session_event_injector.py +160 -0
package/dist/gaia-ops/hooks/modules/session/session_manager.py +31 -0
package/dist/gaia-ops/hooks/modules/session/session_registry.py +333 -0
package/dist/gaia-ops/hooks/modules/tools/__init__.py +29 -0
package/dist/gaia-ops/hooks/modules/tools/bash_validator.py +1008 -0
package/dist/gaia-ops/hooks/modules/tools/cloud_pipe_validator.py +231 -0
package/dist/gaia-ops/hooks/modules/tools/hook_response.py +55 -0
package/dist/gaia-ops/hooks/modules/tools/shell_parser.py +227 -0
package/dist/gaia-ops/hooks/modules/tools/stage_decomposer.py +315 -0
package/dist/gaia-ops/hooks/modules/tools/task_validator.py +294 -0
package/dist/gaia-ops/hooks/modules/validation/__init__.py +23 -0
package/dist/gaia-ops/hooks/modules/validation/commit_validator.py +380 -0
package/dist/gaia-ops/hooks/post_compact.py +43 -0
package/dist/gaia-ops/hooks/post_tool_use.py +54 -0
package/dist/gaia-ops/hooks/pre_compact.py +60 -0
package/dist/gaia-ops/hooks/pre_tool_use.py +413 -0
package/dist/gaia-ops/hooks/session_end_hook.py +77 -0
package/dist/gaia-ops/hooks/session_start.py +81 -0
package/dist/gaia-ops/hooks/stop_hook.py +70 -0
package/dist/gaia-ops/hooks/subagent_start.py +71 -0
package/dist/gaia-ops/hooks/subagent_stop.py +295 -0
package/dist/gaia-ops/hooks/task_completed.py +70 -0
package/dist/gaia-ops/hooks/user_prompt_submit.py +246 -0
package/dist/gaia-ops/settings.json +72 -0
package/dist/gaia-ops/skills/README.md +158 -0
package/dist/gaia-ops/skills/agent-creation/SKILL.md +87 -0
package/dist/gaia-ops/skills/agent-creation/examples.md +170 -0
package/dist/gaia-ops/skills/agent-creation/reference.md +191 -0
package/dist/gaia-ops/skills/agent-protocol/SKILL.md +93 -0
package/dist/gaia-ops/skills/agent-protocol/examples.md +223 -0
package/dist/gaia-ops/skills/agent-response/SKILL.md +69 -0
package/dist/gaia-ops/skills/agentic-loop/SKILL.md +80 -0
package/dist/gaia-ops/skills/agentic-loop/reference.md +378 -0
package/dist/gaia-ops/skills/blog-writing/SKILL.md +98 -0
package/dist/gaia-ops/skills/blog-writing/reference.md +130 -0
package/dist/gaia-ops/skills/brief-spec/SKILL.md +185 -0
package/dist/gaia-ops/skills/command-execution/SKILL.md +64 -0
package/dist/gaia-ops/skills/command-execution/reference.md +83 -0
package/dist/gaia-ops/skills/context-updater/SKILL.md +87 -0
package/dist/gaia-ops/skills/context-updater/examples.md +71 -0
package/dist/gaia-ops/skills/developer-patterns/SKILL.md +50 -0
package/dist/gaia-ops/skills/developer-patterns/reference.md +112 -0
package/dist/gaia-ops/skills/execution/SKILL.md +99 -0
package/dist/gaia-ops/skills/fast-queries/SKILL.md +43 -0
package/dist/gaia-ops/skills/gaia-compact/SKILL.md +74 -0
package/dist/gaia-ops/skills/gaia-patterns/SKILL.md +108 -0
package/dist/gaia-ops/skills/gaia-patterns/reference.md +395 -0
package/dist/gaia-ops/skills/gaia-planner/SKILL.md +37 -0
package/dist/gaia-ops/skills/gaia-planner/reference.md +107 -0
package/dist/gaia-ops/skills/gaia-release/SKILL.md +85 -0
package/dist/gaia-ops/skills/gaia-release/reference.md +92 -0
package/dist/gaia-ops/skills/gaia-self-check/SKILL.md +114 -0
package/dist/gaia-ops/skills/gaia-self-check/reference.md +453 -0
package/dist/gaia-ops/skills/gaia-verify/SKILL.md +77 -0
package/dist/gaia-ops/skills/gaia-verify/reference.md +80 -0
package/dist/gaia-ops/skills/git-conventions/SKILL.md +47 -0
package/dist/gaia-ops/skills/gitops-patterns/SKILL.md +60 -0
package/dist/gaia-ops/skills/gitops-patterns/reference.md +183 -0
package/dist/gaia-ops/skills/gmail-policy/SKILL.md +200 -0
package/dist/gaia-ops/skills/gmail-policy/reference.md +150 -0
package/dist/gaia-ops/skills/gmail-triage/SKILL.md +100 -0
package/dist/gaia-ops/skills/gws-setup/SKILL.md +99 -0
package/dist/gaia-ops/skills/gws-setup/reference.md +73 -0
package/dist/gaia-ops/skills/investigation/SKILL.md +100 -0
package/dist/gaia-ops/skills/memory-curation/SKILL.md +83 -0
package/dist/gaia-ops/skills/memory-search/SKILL.md +88 -0
package/dist/gaia-ops/skills/orchestrator-approval/SKILL.md +160 -0
package/dist/gaia-ops/skills/orchestrator-approval/reference.md +174 -0
package/dist/gaia-ops/skills/pending-approvals/SKILL.md +72 -0
package/dist/gaia-ops/skills/pending-approvals/reference.md +214 -0
package/dist/gaia-ops/skills/readme-writing/SKILL.md +71 -0
package/dist/gaia-ops/skills/readme-writing/reference.md +188 -0
package/dist/gaia-ops/skills/reference.md +135 -0
package/dist/gaia-ops/skills/request-approval/SKILL.md +140 -0
package/dist/gaia-ops/skills/request-approval/examples.md +140 -0
package/dist/gaia-ops/skills/request-approval/reference.md +57 -0
package/dist/gaia-ops/skills/schedule-task/SKILL.md +64 -0
package/dist/gaia-ops/skills/schedule-task/reference.md +233 -0
package/dist/gaia-ops/skills/security-tiers/SKILL.md +141 -0
package/dist/gaia-ops/skills/security-tiers/destructive-commands-reference.md +623 -0
package/dist/gaia-ops/skills/security-tiers/reference.md +39 -0
package/dist/gaia-ops/skills/session-reflection/SKILL.md +69 -0
package/dist/gaia-ops/skills/skill-creation/SKILL.md +92 -0
package/dist/gaia-ops/skills/skill-creation/reference.md +29 -0
package/dist/gaia-ops/skills/terraform-patterns/SKILL.md +89 -0
package/dist/gaia-ops/skills/terraform-patterns/reference.md +93 -0
package/dist/gaia-ops/tools/__init__.py +9 -0
package/dist/gaia-ops/tools/agentic-loop/decide-status.py +210 -0
package/dist/gaia-ops/tools/agentic-loop/parse-metric.py +106 -0
package/dist/gaia-ops/tools/agentic-loop/record-iteration.py +221 -0
package/dist/gaia-ops/tools/context/README.md +132 -0
package/dist/gaia-ops/tools/context/__init__.py +42 -0
package/dist/gaia-ops/tools/context/_paths.py +20 -0
package/dist/gaia-ops/tools/context/context_provider.py +721 -0
package/dist/gaia-ops/tools/context/context_section_reader.py +342 -0
package/dist/gaia-ops/tools/context/deep_merge.py +159 -0
package/dist/gaia-ops/tools/context/pending_updates.py +760 -0
package/dist/gaia-ops/tools/context/surface_router.py +278 -0
package/dist/gaia-ops/tools/fast-queries/README.md +65 -0
package/dist/gaia-ops/tools/fast-queries/__init__.py +30 -0
package/dist/gaia-ops/tools/fast-queries/appservices/quicktriage_devops_developer.sh +75 -0
package/dist/gaia-ops/tools/fast-queries/cloud/aws/quicktriage_aws_troubleshooter.sh +32 -0
package/dist/gaia-ops/tools/fast-queries/cloud/gcp/quicktriage_gcp_troubleshooter.sh +88 -0
package/dist/gaia-ops/tools/fast-queries/gitops/quicktriage_gitops_operator.sh +48 -0
package/dist/gaia-ops/tools/fast-queries/run_triage.sh +59 -0
package/dist/gaia-ops/tools/fast-queries/terraform/quicktriage_terraform_architect.sh +80 -0
package/dist/gaia-ops/tools/gaia_simulator/__init__.py +33 -0
package/dist/gaia-ops/tools/gaia_simulator/cli.py +354 -0
package/dist/gaia-ops/tools/gaia_simulator/extractor.py +457 -0
package/dist/gaia-ops/tools/gaia_simulator/reporter.py +258 -0
package/dist/gaia-ops/tools/gaia_simulator/routing_simulator.py +334 -0
package/dist/gaia-ops/tools/gaia_simulator/runner.py +539 -0
package/dist/gaia-ops/tools/gaia_simulator/skills_mapper.py +264 -0
package/dist/gaia-ops/tools/memory/README.md +0 -0
package/dist/gaia-ops/tools/memory/__init__.py +20 -0
package/dist/gaia-ops/tools/memory/backfill_fts5.py +107 -0
package/dist/gaia-ops/tools/memory/conflict_detector.py +295 -0
package/dist/gaia-ops/tools/memory/episodic.py +1210 -0
package/dist/gaia-ops/tools/memory/git_invalidator.py +262 -0
package/dist/gaia-ops/tools/memory/paths.py +102 -0
package/dist/gaia-ops/tools/memory/scoring.py +193 -0
package/dist/gaia-ops/tools/memory/search_store.py +375 -0
package/dist/gaia-ops/tools/persist_transcript_analysis.py +85 -0
package/dist/gaia-ops/tools/review/__init__.py +1 -0
package/dist/gaia-ops/tools/review/review_engine.py +157 -0
package/dist/gaia-ops/tools/scan/__init__.py +35 -0
package/dist/gaia-ops/tools/scan/config.py +247 -0
package/dist/gaia-ops/tools/scan/merge.py +212 -0
package/dist/gaia-ops/tools/scan/orchestrator.py +549 -0
package/dist/gaia-ops/tools/scan/registry.py +127 -0
package/dist/gaia-ops/tools/scan/scanners/__init__.py +18 -0
package/dist/gaia-ops/tools/scan/scanners/base.py +137 -0
package/dist/gaia-ops/tools/scan/scanners/environment.py +349 -0
package/dist/gaia-ops/tools/scan/scanners/git.py +570 -0
package/dist/gaia-ops/tools/scan/scanners/infrastructure.py +875 -0
package/dist/gaia-ops/tools/scan/scanners/orchestration.py +600 -0
package/dist/gaia-ops/tools/scan/scanners/stack.py +1085 -0
package/dist/gaia-ops/tools/scan/scanners/tools.py +260 -0
package/dist/gaia-ops/tools/scan/setup.py +686 -0
package/dist/gaia-ops/tools/scan/tests/__init__.py +1 -0
package/dist/gaia-ops/tools/scan/tests/conftest.py +796 -0
package/dist/gaia-ops/tools/scan/tests/test_environment.py +323 -0
package/dist/gaia-ops/tools/scan/tests/test_git.py +419 -0
package/dist/gaia-ops/tools/scan/tests/test_infrastructure.py +382 -0
package/dist/gaia-ops/tools/scan/tests/test_integration.py +920 -0
package/dist/gaia-ops/tools/scan/tests/test_merge.py +269 -0
package/dist/gaia-ops/tools/scan/tests/test_orchestration.py +304 -0
package/dist/gaia-ops/tools/scan/tests/test_stack.py +604 -0
package/dist/gaia-ops/tools/scan/tests/test_tools.py +349 -0
package/dist/gaia-ops/tools/scan/ui.py +624 -0
package/dist/gaia-ops/tools/scan/verify.py +270 -0
package/dist/gaia-ops/tools/scan/walk.py +118 -0
package/dist/gaia-ops/tools/scan/workspace.py +85 -0
package/dist/gaia-ops/tools/validation/README.md +244 -0
package/dist/gaia-ops/tools/validation/__init__.py +17 -0
package/dist/gaia-ops/tools/validation/approval_gate.py +321 -0
package/dist/gaia-ops/tools/validation/validate_skills.py +189 -0
package/dist/gaia-security/.claude-plugin/plugin.json +24 -0
package/dist/gaia-security/README.md +90 -0
package/dist/gaia-security/config/universal-rules.json +102 -0
package/dist/gaia-security/hooks/adapters/__init__.py +52 -0
package/dist/gaia-security/hooks/adapters/base.py +219 -0
package/dist/gaia-security/hooks/adapters/channel.py +17 -0
package/dist/gaia-security/hooks/adapters/claude_code.py +1890 -0
package/dist/gaia-security/hooks/adapters/types.py +194 -0
package/dist/gaia-security/hooks/adapters/utils.py +25 -0
package/dist/gaia-security/hooks/hooks.json +113 -0
package/dist/gaia-security/hooks/modules/__init__.py +15 -0
package/dist/gaia-security/hooks/modules/agents/__init__.py +29 -0
package/dist/gaia-security/hooks/modules/agents/contract_validator.py +647 -0
package/dist/gaia-security/hooks/modules/agents/response_contract.py +496 -0
package/dist/gaia-security/hooks/modules/agents/skill_injection_verifier.py +120 -0
package/dist/gaia-security/hooks/modules/agents/state_tracker.py +267 -0
package/dist/gaia-security/hooks/modules/agents/task_info_builder.py +74 -0
package/dist/gaia-security/hooks/modules/agents/transcript_analyzer.py +458 -0
package/dist/gaia-security/hooks/modules/agents/transcript_reader.py +152 -0
package/dist/gaia-security/hooks/modules/audit/__init__.py +28 -0
package/dist/gaia-security/hooks/modules/audit/event_detector.py +168 -0
package/dist/gaia-security/hooks/modules/audit/logger.py +131 -0
package/dist/gaia-security/hooks/modules/audit/metrics.py +134 -0
package/dist/gaia-security/hooks/modules/audit/workflow_auditor.py +611 -0
package/dist/gaia-security/hooks/modules/audit/workflow_recorder.py +296 -0
package/dist/gaia-security/hooks/modules/context/__init__.py +11 -0
package/dist/gaia-security/hooks/modules/context/agentic_loop_detector.py +165 -0
package/dist/gaia-security/hooks/modules/context/anchor_tracker.py +317 -0
package/dist/gaia-security/hooks/modules/context/compact_context_builder.py +218 -0
package/dist/gaia-security/hooks/modules/context/context_freshness.py +145 -0
package/dist/gaia-security/hooks/modules/context/context_injector.py +558 -0
package/dist/gaia-security/hooks/modules/context/context_writer.py +530 -0
package/dist/gaia-security/hooks/modules/context/contracts_loader.py +161 -0
package/dist/gaia-security/hooks/modules/core/__init__.py +40 -0
package/dist/gaia-security/hooks/modules/core/hook_entry.py +78 -0
package/dist/gaia-security/hooks/modules/core/paths.py +160 -0
package/dist/gaia-security/hooks/modules/core/plugin_mode.py +149 -0
package/dist/gaia-security/hooks/modules/core/plugin_setup.py +577 -0
package/dist/gaia-security/hooks/modules/core/state.py +179 -0
package/dist/gaia-security/hooks/modules/core/stdin.py +24 -0
package/dist/gaia-security/hooks/modules/events/__init__.py +1 -0
package/dist/gaia-security/hooks/modules/events/event_writer.py +210 -0
package/dist/gaia-security/hooks/modules/memory/__init__.py +8 -0
package/dist/gaia-security/hooks/modules/memory/episode_writer.py +216 -0
package/dist/gaia-security/hooks/modules/orchestrator/__init__.py +1 -0
package/dist/gaia-security/hooks/modules/orchestrator/delegate_mode.py +122 -0
package/dist/gaia-security/hooks/modules/scanning/__init__.py +8 -0
package/dist/gaia-security/hooks/modules/scanning/scan_trigger.py +84 -0
package/dist/gaia-security/hooks/modules/security/__init__.py +120 -0
package/dist/gaia-security/hooks/modules/security/approval_cleanup.py +87 -0
package/dist/gaia-security/hooks/modules/security/approval_constants.py +23 -0
package/dist/gaia-security/hooks/modules/security/approval_grants.py +1638 -0
package/dist/gaia-security/hooks/modules/security/approval_messages.py +71 -0
package/dist/gaia-security/hooks/modules/security/approval_scopes.py +222 -0
package/dist/gaia-security/hooks/modules/security/blocked_commands.py +595 -0
package/dist/gaia-security/hooks/modules/security/blocked_message_formatter.py +87 -0
package/dist/gaia-security/hooks/modules/security/command_semantics.py +181 -0
package/dist/gaia-security/hooks/modules/security/composition_rules.py +547 -0
package/dist/gaia-security/hooks/modules/security/flag_classifiers.py +873 -0
package/dist/gaia-security/hooks/modules/security/gitops_validator.py +179 -0
package/dist/gaia-security/hooks/modules/security/mutative_verbs.py +1131 -0
package/dist/gaia-security/hooks/modules/security/network_hosts.py +481 -0
package/dist/gaia-security/hooks/modules/security/prompt_validator.py +40 -0
package/dist/gaia-security/hooks/modules/security/shell_unwrapper.py +165 -0
package/dist/gaia-security/hooks/modules/security/tiers.py +196 -0
package/dist/gaia-security/hooks/modules/session/__init__.py +10 -0
package/dist/gaia-security/hooks/modules/session/pending_scanner.py +174 -0
package/dist/gaia-security/hooks/modules/session/session_context_writer.py +100 -0
package/dist/gaia-security/hooks/modules/session/session_event_injector.py +160 -0
package/dist/gaia-security/hooks/modules/session/session_manager.py +31 -0
package/dist/gaia-security/hooks/modules/session/session_registry.py +333 -0
package/dist/gaia-security/hooks/modules/tools/__init__.py +29 -0
package/dist/gaia-security/hooks/modules/tools/bash_validator.py +1008 -0
package/dist/gaia-security/hooks/modules/tools/cloud_pipe_validator.py +231 -0
package/dist/gaia-security/hooks/modules/tools/hook_response.py +55 -0
package/dist/gaia-security/hooks/modules/tools/shell_parser.py +227 -0
package/dist/gaia-security/hooks/modules/tools/stage_decomposer.py +315 -0
package/dist/gaia-security/hooks/modules/tools/task_validator.py +294 -0
package/dist/gaia-security/hooks/modules/validation/__init__.py +23 -0
package/dist/gaia-security/hooks/modules/validation/commit_validator.py +380 -0
package/dist/gaia-security/hooks/post_tool_use.py +54 -0
package/dist/gaia-security/hooks/pre_tool_use.py +413 -0
package/dist/gaia-security/hooks/session_end_hook.py +77 -0
package/dist/gaia-security/hooks/session_start.py +81 -0
package/dist/gaia-security/hooks/stop_hook.py +70 -0
package/dist/gaia-security/hooks/user_prompt_submit.py +246 -0
package/dist/gaia-security/settings.json +58 -0
package/git-hooks/commit-msg +41 -0
package/hooks/README.md +100 -0
package/hooks/adapters/__init__.py +52 -0
package/hooks/adapters/base.py +219 -0
package/hooks/adapters/channel.py +17 -0
package/hooks/adapters/claude_code.py +1890 -0
package/hooks/adapters/types.py +194 -0
package/hooks/adapters/utils.py +25 -0
package/hooks/elicitation_result.py +179 -0
package/hooks/hooks.json +84 -0
package/hooks/modules/README.md +189 -0
package/hooks/modules/__init__.py +15 -0
package/hooks/modules/agents/__init__.py +29 -0
package/hooks/modules/agents/contract_validator.py +647 -0
package/hooks/modules/agents/response_contract.py +496 -0
package/hooks/modules/agents/skill_injection_verifier.py +120 -0
package/hooks/modules/agents/state_tracker.py +267 -0
package/hooks/modules/agents/task_info_builder.py +74 -0
package/hooks/modules/agents/transcript_analyzer.py +458 -0
package/hooks/modules/agents/transcript_reader.py +152 -0
package/hooks/modules/audit/__init__.py +28 -0
package/hooks/modules/audit/event_detector.py +168 -0
package/hooks/modules/audit/logger.py +131 -0
package/hooks/modules/audit/metrics.py +134 -0
package/hooks/modules/audit/workflow_auditor.py +611 -0
package/hooks/modules/audit/workflow_recorder.py +296 -0
package/hooks/modules/context/__init__.py +11 -0
package/hooks/modules/context/agentic_loop_detector.py +165 -0
package/hooks/modules/context/anchor_tracker.py +317 -0
package/hooks/modules/context/compact_context_builder.py +218 -0
package/hooks/modules/context/context_freshness.py +145 -0
package/hooks/modules/context/context_injector.py +558 -0
package/hooks/modules/context/context_writer.py +530 -0
package/hooks/modules/context/contracts_loader.py +161 -0
package/hooks/modules/core/__init__.py +40 -0
package/hooks/modules/core/hook_entry.py +78 -0
package/hooks/modules/core/paths.py +160 -0
package/hooks/modules/core/plugin_mode.py +149 -0
package/hooks/modules/core/plugin_setup.py +577 -0
package/hooks/modules/core/state.py +179 -0
package/hooks/modules/core/stdin.py +24 -0
package/hooks/modules/events/__init__.py +1 -0
package/hooks/modules/events/event_writer.py +210 -0
package/hooks/modules/evidence/__init__.py +34 -0
package/hooks/modules/evidence/assertions.py +137 -0
package/hooks/modules/evidence/index_writer.py +57 -0
package/hooks/modules/evidence/loader.py +126 -0
package/hooks/modules/evidence/runner.py +241 -0
package/hooks/modules/memory/__init__.py +8 -0
package/hooks/modules/memory/episode_writer.py +216 -0
package/hooks/modules/orchestrator/__init__.py +1 -0
package/hooks/modules/orchestrator/delegate_mode.py +122 -0
package/hooks/modules/scanning/__init__.py +8 -0
package/hooks/modules/scanning/scan_trigger.py +84 -0
package/hooks/modules/security/__init__.py +120 -0
package/hooks/modules/security/approval_cleanup.py +87 -0
package/hooks/modules/security/approval_constants.py +23 -0
package/hooks/modules/security/approval_grants.py +1638 -0
package/hooks/modules/security/approval_messages.py +71 -0
package/hooks/modules/security/approval_scopes.py +222 -0
package/hooks/modules/security/blocked_commands.py +595 -0
package/hooks/modules/security/blocked_message_formatter.py +87 -0
package/hooks/modules/security/command_semantics.py +181 -0
package/hooks/modules/security/composition_rules.py +547 -0
package/hooks/modules/security/flag_classifiers.py +873 -0
package/hooks/modules/security/gitops_validator.py +179 -0
package/hooks/modules/security/mutative_verbs.py +1131 -0
package/hooks/modules/security/network_hosts.py +481 -0
package/hooks/modules/security/prompt_validator.py +40 -0
package/hooks/modules/security/shell_unwrapper.py +165 -0
package/hooks/modules/security/tiers.py +196 -0
package/hooks/modules/session/__init__.py +10 -0
package/hooks/modules/session/pending_scanner.py +174 -0
package/hooks/modules/session/session_context_writer.py +100 -0
package/hooks/modules/session/session_event_injector.py +160 -0
package/hooks/modules/session/session_manager.py +31 -0
package/hooks/modules/session/session_registry.py +333 -0
package/hooks/modules/tools/__init__.py +29 -0
package/hooks/modules/tools/bash_validator.py +1008 -0
package/hooks/modules/tools/cloud_pipe_validator.py +231 -0
package/hooks/modules/tools/hook_response.py +55 -0
package/hooks/modules/tools/shell_parser.py +227 -0
package/hooks/modules/tools/stage_decomposer.py +315 -0
package/hooks/modules/tools/task_validator.py +294 -0
package/hooks/modules/validation/__init__.py +23 -0
package/hooks/modules/validation/commit_validator.py +380 -0
package/hooks/post_compact.py +43 -0
package/hooks/post_tool_use.py +54 -0
package/hooks/pre_compact.py +60 -0
package/hooks/pre_tool_use.py +413 -0
package/hooks/session_end_hook.py +77 -0
package/hooks/session_start.py +81 -0
package/hooks/stop_hook.py +70 -0
package/hooks/subagent_start.py +71 -0
package/hooks/subagent_stop.py +295 -0
package/hooks/task_completed.py +70 -0
package/hooks/user_prompt_submit.py +246 -0
package/index.js +83 -0
package/package.json +103 -0
package/pyproject.toml +32 -0
package/skills/README.md +158 -0
package/skills/agent-creation/SKILL.md +87 -0
package/skills/agent-creation/examples.md +170 -0
package/skills/agent-creation/reference.md +191 -0
package/skills/agent-protocol/SKILL.md +93 -0
package/skills/agent-protocol/examples.md +223 -0
package/skills/agent-response/SKILL.md +69 -0
package/skills/agentic-loop/SKILL.md +80 -0
package/skills/agentic-loop/reference.md +378 -0
package/skills/blog-writing/SKILL.md +98 -0
package/skills/blog-writing/reference.md +130 -0
package/skills/brief-spec/SKILL.md +185 -0
package/skills/command-execution/SKILL.md +64 -0
package/skills/command-execution/reference.md +83 -0
package/skills/context-updater/SKILL.md +87 -0
package/skills/context-updater/examples.md +71 -0
package/skills/developer-patterns/SKILL.md +50 -0
package/skills/developer-patterns/reference.md +112 -0
package/skills/execution/SKILL.md +99 -0
package/skills/fast-queries/SKILL.md +43 -0
package/skills/gaia-compact/SKILL.md +74 -0
package/skills/gaia-patterns/SKILL.md +108 -0
package/skills/gaia-patterns/reference.md +395 -0
package/skills/gaia-planner/SKILL.md +37 -0
package/skills/gaia-planner/reference.md +107 -0
package/skills/gaia-release/SKILL.md +85 -0
package/skills/gaia-release/reference.md +92 -0
package/skills/gaia-self-check/SKILL.md +114 -0
package/skills/gaia-self-check/reference.md +453 -0
package/skills/gaia-verify/SKILL.md +77 -0
package/skills/gaia-verify/reference.md +80 -0
package/skills/git-conventions/SKILL.md +47 -0
package/skills/gitops-patterns/SKILL.md +60 -0
package/skills/gitops-patterns/reference.md +183 -0
package/skills/gmail-policy/SKILL.md +200 -0
package/skills/gmail-policy/reference.md +150 -0
package/skills/gmail-triage/SKILL.md +100 -0
package/skills/gws-setup/SKILL.md +99 -0
package/skills/gws-setup/reference.md +73 -0
package/skills/investigation/SKILL.md +100 -0
package/skills/memory-curation/SKILL.md +83 -0
package/skills/memory-search/SKILL.md +88 -0
package/skills/orchestrator-approval/SKILL.md +160 -0
package/skills/orchestrator-approval/reference.md +174 -0
package/skills/pending-approvals/SKILL.md +72 -0
package/skills/pending-approvals/reference.md +214 -0
package/skills/readme-writing/SKILL.md +71 -0
package/skills/readme-writing/reference.md +188 -0
package/skills/reference.md +135 -0
package/skills/request-approval/SKILL.md +140 -0
package/skills/request-approval/examples.md +140 -0
package/skills/request-approval/reference.md +57 -0
package/skills/schedule-task/SKILL.md +64 -0
package/skills/schedule-task/reference.md +233 -0
package/skills/security-tiers/SKILL.md +141 -0
package/skills/security-tiers/destructive-commands-reference.md +623 -0
package/skills/security-tiers/reference.md +39 -0
package/skills/session-reflection/SKILL.md +69 -0
package/skills/skill-creation/SKILL.md +92 -0
package/skills/skill-creation/reference.md +29 -0
package/skills/terraform-patterns/SKILL.md +89 -0
package/skills/terraform-patterns/reference.md +93 -0
package/templates/README.md +69 -0
package/templates/managed-settings.template.json +43 -0
package/tools/__init__.py +9 -0
package/tools/agentic-loop/decide-status.py +210 -0
package/tools/agentic-loop/parse-metric.py +106 -0
package/tools/agentic-loop/record-iteration.py +221 -0
package/tools/context/README.md +132 -0
package/tools/context/__init__.py +42 -0
package/tools/context/_paths.py +20 -0
package/tools/context/context_provider.py +721 -0
package/tools/context/context_section_reader.py +342 -0
package/tools/context/deep_merge.py +159 -0
package/tools/context/pending_updates.py +760 -0
package/tools/context/surface_router.py +278 -0
package/tools/fast-queries/README.md +65 -0
package/tools/fast-queries/__init__.py +30 -0
package/tools/fast-queries/appservices/quicktriage_devops_developer.sh +75 -0
package/tools/fast-queries/cloud/aws/quicktriage_aws_troubleshooter.sh +32 -0
package/tools/fast-queries/cloud/gcp/quicktriage_gcp_troubleshooter.sh +88 -0
package/tools/fast-queries/gitops/quicktriage_gitops_operator.sh +48 -0
package/tools/fast-queries/run_triage.sh +59 -0
package/tools/fast-queries/terraform/quicktriage_terraform_architect.sh +80 -0
package/tools/gaia_simulator/__init__.py +33 -0
package/tools/gaia_simulator/cli.py +354 -0
package/tools/gaia_simulator/extractor.py +457 -0
package/tools/gaia_simulator/reporter.py +258 -0
package/tools/gaia_simulator/routing_simulator.py +334 -0
package/tools/gaia_simulator/runner.py +539 -0
package/tools/gaia_simulator/skills_mapper.py +264 -0
package/tools/memory/README.md +0 -0
package/tools/memory/__init__.py +20 -0
package/tools/memory/backfill_fts5.py +107 -0
package/tools/memory/conflict_detector.py +295 -0
package/tools/memory/episodic.py +1210 -0
package/tools/memory/git_invalidator.py +262 -0
package/tools/memory/paths.py +102 -0
package/tools/memory/scoring.py +193 -0
package/tools/memory/search_store.py +375 -0
package/tools/persist_transcript_analysis.py +85 -0
package/tools/review/__init__.py +1 -0
package/tools/review/review_engine.py +157 -0
package/tools/scan/__init__.py +35 -0
package/tools/scan/config.py +247 -0
package/tools/scan/merge.py +212 -0
package/tools/scan/orchestrator.py +549 -0
package/tools/scan/registry.py +127 -0
package/tools/scan/scanners/__init__.py +18 -0
package/tools/scan/scanners/base.py +137 -0
package/tools/scan/scanners/environment.py +349 -0
package/tools/scan/scanners/git.py +570 -0
package/tools/scan/scanners/infrastructure.py +875 -0
package/tools/scan/scanners/orchestration.py +600 -0
package/tools/scan/scanners/stack.py +1085 -0
package/tools/scan/scanners/tools.py +260 -0
package/tools/scan/setup.py +686 -0
package/tools/scan/tests/__init__.py +1 -0
package/tools/scan/tests/conftest.py +796 -0
package/tools/scan/tests/test_environment.py +323 -0
package/tools/scan/tests/test_git.py +419 -0
package/tools/scan/tests/test_infrastructure.py +382 -0
package/tools/scan/tests/test_integration.py +920 -0
package/tools/scan/tests/test_merge.py +269 -0
package/tools/scan/tests/test_orchestration.py +304 -0
package/tools/scan/tests/test_stack.py +604 -0
package/tools/scan/tests/test_tools.py +349 -0
package/tools/scan/ui.py +624 -0
package/tools/scan/verify.py +270 -0
package/tools/scan/walk.py +118 -0
package/tools/scan/workspace.py +85 -0
package/tools/validation/README.md +244 -0
package/tools/validation/__init__.py +17 -0
package/tools/validation/approval_gate.py +321 -0
package/tools/validation/validate_skills.py +189 -0

package/dist/gaia-security/hooks/user_prompt_submit.py ADDED Viewed

@@ -0,0 +1,246 @@
+#!/usr/bin/env python3
+"""UserPromptSubmit hook — injects routing recommendations, first-run welcome, and agentic-loop resume context."""
+import sys
+import json
+import logging
+from datetime import datetime
+from pathlib import Path
+sys.path.insert(0, str(Path(__file__).parent))
+from modules.core.paths import get_logs_dir
+from modules.core.stdin import has_stdin_data
+from modules.core.plugin_setup import run_first_time_setup
+from modules.core.plugin_mode import get_plugin_mode
+# Configure logging — file only, no stderr
+_log_file = get_logs_dir() / f"hooks-{datetime.now().strftime('%Y-%m-%d')}.log"
+logging.basicConfig(
+    level=logging.INFO,
+    format='%(asctime)s [user_prompt_submit] %(name)s - %(levelname)s - %(message)s',
+    handlers=[logging.FileHandler(_log_file)],
+)
+logger = logging.getLogger(__name__)
+def _extract_user_prompt(raw_input: str) -> str:
+    """Extract user prompt text from stdin event.
+    The UserPromptSubmit event is JSON with the user's message.
+    Try known field names; return empty string if extraction fails.
+    """
+    try:
+        event = json.loads(raw_input)
+        # Try known field names from Claude Code hook events
+        for field in ("user_message", "prompt", "message", "content"):
+            if field in event and isinstance(event[field], str):
+                return event[field]
+        # Check nested hookEventInput
+        hook_input = event.get("hookEventInput", {})
+        if isinstance(hook_input, dict):
+            for field in ("user_message", "prompt", "message", "content"):
+                if field in hook_input and isinstance(hook_input[field], str):
+                    return hook_input[field]
+    except (json.JSONDecodeError, TypeError, AttributeError):
+        pass
+    return ""
+def _build_routing_recommendation(prompt_text: str) -> str:
+    """Run surface classification and format as a routing recommendation block.
+    Returns empty string if classification fails or produces no active surfaces.
+    This is advisory — never raises exceptions.
+    """
+    try:
+        # Import surface_router from tools/context
+        tools_dir = Path(__file__).resolve().parent.parent / "tools" / "context"
+        if str(tools_dir) not in sys.path:
+            sys.path.insert(0, str(tools_dir))
+        from surface_router import classify_surfaces
+        routing = classify_surfaces(prompt_text)
+        active_surfaces = routing.get("active_surfaces", [])
+        if not active_surfaces:
+            logger.info("Surface routing: no active surfaces for prompt")
+            return ""
+        agents = routing.get("recommended_agents", [])
+        dispatch_mode = routing.get("dispatch_mode", "single_surface")
+        confidence = routing.get("confidence", 0.0)
+        matched_signals = routing.get("matched_signals", {})
+        # Flatten matched signals into a single list for display
+        all_signals = []
+        for surface_signals in matched_signals.values():
+            all_signals.extend(surface_signals)
+        lines = [
+            "\n\n## Surface Routing Recommendation",
+            f"- Recommended agents: {agents}",
+            f"- Dispatch mode: {dispatch_mode}",
+            f"- Confidence: {confidence}",
+            f"- Matched signals: {json.dumps(all_signals)}",
+        ]
+        logger.info(
+            "Surface routing: agents=%s mode=%s confidence=%.2f signals=%s",
+            agents, dispatch_mode, confidence, all_signals,
+        )
+        return "\n".join(lines)
+    except Exception as e:
+        logger.warning("Surface routing failed (advisory, skipping): %s", e)
+        return ""
+def _build_welcome(mode: str) -> str:
+    """Build first-run welcome message for the user.
+    This message is injected as additionalContext so Claude receives it,
+    not the user directly.  The framing explains WHY the user needs to
+    know — Claude should naturally relay it because it is actionable
+    and the user cannot use the plugin fully without restarting.
+    """
+    plugin_name = f"GAIA {'Ops' if mode == 'ops' else 'Security'}"
+    return (
+        f"{plugin_name} was just installed for the first time in this project. "
+        f"The plugin detected the installation and configured security permissions, "
+        f"but these permissions only take effect after restarting Claude Code. "
+        f"Until the user closes this session and reopens Claude Code, "
+        f"{plugin_name} cannot protect their commands — destructive operations "
+        f"will not be blocked and mutative operations will not require approval. "
+        f"The user needs to know this because they just installed {plugin_name} "
+        f"expecting it to work, but it will not be active until they restart. "
+        f"Tell the user that {plugin_name} is installed, that they need to close "
+        f"and reopen Claude Code to activate it, and that until they do, "
+        f"security protections are not active."
+    )
+def _build_pending_context() -> str:
+    """Scan for pending approvals and format as actionable context.
+    Returns an [ACTIONABLE]-framed summary if pending approvals exist,
+    or empty string if none found.  Includes cross-session fallback:
+    scans current session first, then all sessions if empty.
+    Fully fail-safe — never raises exceptions.
+    """
+    try:
+        from modules.session.pending_scanner import scan_pending_approvals, format_pending_summary
+        from modules.core.paths import get_plugin_data_dir
+        from modules.core.state import get_session_id
+        approvals_dir = get_plugin_data_dir() / "cache" / "approvals"
+        session_id = get_session_id()
+        # Current session first
+        pendings = scan_pending_approvals(
+            approvals_dir, session_id=session_id, current_session_id=session_id
+        )
+        # Cross-session fallback: scan all sessions if current has none.
+        # exclude_live_sessions=True prevents pendings from parallel live
+        # sessions from appearing as "[session anterior]" injections.
+        if not pendings:
+            pendings = scan_pending_approvals(
+                approvals_dir,
+                current_session_id=session_id,
+                exclude_live_sessions=True,
+            )
+        if not pendings:
+            return ""
+        summary = format_pending_summary(pendings)
+        logger.info("Pending context: %d approvals found", len(pendings))
+        return (
+            "[ACTIONABLE] Pending approvals require your attention before "
+            "routing this request.\n\n" + summary
+        )
+    except Exception as e:
+        logger.debug("Pending context scan skipped (non-fatal): %s", e)
+        return ""
+if __name__ == "__main__":
+    if not has_stdin_data():
+        sys.exit(0)
+    try:
+        raw_input = sys.stdin.read()
+        # Check first-run BEFORE setup (SessionStart does setup with
+        # mark_done=False so the marker doesn't exist yet on first run).
+        from modules.core.plugin_setup import is_first_run, mark_initialized
+        first_run = is_first_run()
+        # Ensure registry + permissions exist (idempotent, no mark).
+        setup_msg = run_first_time_setup(mark_done=False)
+        mode = get_plugin_mode()
+        # Build additionalContext: welcome + agentic-loop + routing.
+        # Identity now lives in agents/gaia-orchestrator.md (agent definition).
+        context_parts = []
+        # First-time welcome: the marker does not exist yet because
+        # neither SessionStart nor this call marked it.
+        if first_run:
+            welcome = _build_welcome(mode)
+            context_parts.append(welcome)
+            mark_initialized()  # Mark AFTER building the welcome
+            logger.info("First-run welcome prepended for %s mode", mode)
+        # Detect active agentic-loop and inject resume context (ops mode only).
+        # Lightweight: checks file existence + small JSON read, fully fail-safe.
+        if mode == "ops":
+            try:
+                from modules.context.agentic_loop_detector import build_resume_context
+                loop_context = build_resume_context()
+                if loop_context:
+                    context_parts.append(loop_context)
+                    logger.info("Agentic loop resume context injected")
+            except Exception as e:
+                logger.debug("Agentic loop detection skipped (non-fatal): %s", e)
+        # Inject pending approval context (ops mode only, before routing).
+        if mode == "ops":
+            pending_block = _build_pending_context()
+            if pending_block:
+                context_parts.append(pending_block)
+                logger.info("Pending approval context injected")
+        # Append deterministic surface routing recommendation (ops mode only)
+        if mode == "ops":
+            prompt_text = _extract_user_prompt(raw_input)
+            # NOTE: Approval activation moved to ElicitationResult hook.
+            # AskUserQuestion responses trigger ElicitationResult, not
+            # UserPromptSubmit, so approval detection lives there now.
+            if prompt_text:
+                routing_block = _build_routing_recommendation(prompt_text)
+                if routing_block:
+                    context_parts.append(routing_block)
+            else:
+                logger.info("Could not extract user prompt from stdin, skipping routing")
+        additional_context = "\n\n".join(context_parts)
+        logger.info("Context injected: %s mode (%d chars)", mode, len(additional_context))
+        print(json.dumps({
+            "hookSpecificOutput": {
+                "hookEventName": "UserPromptSubmit",
+                "additionalContext": additional_context,
+            }
+        }))
+        sys.exit(0)
+    except Exception as e:
+        logger.error("Error in user_prompt_submit: %s", e, exc_info=True)
+        sys.exit(0)

package/dist/gaia-security/settings.json ADDED Viewed

@@ -0,0 +1,58 @@
+{
+  "permissions": {
+    "allow": [
+      "Bash(*)",
+      "Read",
+      "Glob",
+      "Grep",
+      "BashOutput",
+      "KillShell"
+    ],
+    "deny": [
+      "Bash(aws ec2 delete-vpc:*)",
+      "Bash(aws ec2 delete-subnet:*)",
+      "Bash(aws ec2 delete-internet-gateway:*)",
+      "Bash(aws ec2 delete-route-table:*)",
+      "Bash(aws ec2 delete-route:*)",
+      "Bash(aws rds delete-db-instance:*)",
+      "Bash(aws rds delete-db-cluster:*)",
+      "Bash(aws dynamodb delete-table:*)",
+      "Bash(aws s3 rb:*)",
+      "Bash(aws s3api delete-bucket:*)",
+      "Bash(aws elasticache delete-cache-cluster:*)",
+      "Bash(aws elasticache delete-replication-group:*)",
+      "Bash(aws eks delete-cluster:*)",
+      "Bash(gcloud projects delete:*)",
+      "Bash(gcloud container clusters delete:*)",
+      "Bash(gcloud sql instances delete:*)",
+      "Bash(gcloud sql databases delete:*)",
+      "Bash(gcloud services disable:*)",
+      "Bash(gsutil rb:*)",
+      "Bash(gsutil rm -r:*)",
+      "Bash(kubectl delete namespace:*)",
+      "Bash(kubectl delete node:*)",
+      "Bash(kubectl delete cluster:*)",
+      "Bash(kubectl delete pv:*)",
+      "Bash(kubectl delete persistentvolume:*)",
+      "Bash(kubectl delete pvc:*)",
+      "Bash(kubectl delete persistentvolumeclaim:*)",
+      "Bash(kubectl delete crd:*)",
+      "Bash(kubectl delete customresourcedefinition:*)",
+      "Bash(kubectl delete mutatingwebhookconfiguration:*)",
+      "Bash(kubectl delete validatingwebhookconfiguration:*)",
+      "Bash(kubectl drain:*)",
+      "Bash(git push --force:*)",
+      "Bash(git push -f:*)",
+      "Bash(git push origin --force:*)",
+      "Bash(git push origin -f:*)",
+      "Bash(dd:*)",
+      "Bash(fdisk:*)",
+      "Bash(mkfs:*)",
+      "Bash(mkfs.ext4:*)",
+      "Bash(mkfs.ext3:*)",
+      "Bash(mkfs.fat:*)",
+      "Bash(mkfs.ntfs:*)"
+    ],
+    "ask": []
+  }
+}

package/git-hooks/commit-msg ADDED Viewed

@@ -0,0 +1,41 @@
+#!/bin/sh
+#
+# commit-msg hook: strip Claude Code attribution footers from commit messages.
+#
+# This hook runs at the git level, catching ALL commits regardless of whether
+# they originate from Claude Code's Bash tool, a subagent, or the user's terminal.
+#
+# Patterns match those in hooks/modules/tools/bash_validator.py _strip_claude_footers()
+# to maintain a single source of truth for what constitutes a forbidden footer.
+#
+# Installation:
+#   cp git-hooks/commit-msg .git/hooks/commit-msg
+#   chmod +x .git/hooks/commit-msg
+#
+# Or via gaia-init (automatic).
+COMMIT_MSG_FILE="$1"
+if [ ! -f "${COMMIT_MSG_FILE}" ]; then
+    exit 0
+fi
+# Create a temp file for the cleaned message
+TEMP_FILE=$(mktemp)
+trap 'rm -f "${TEMP_FILE}"' EXIT
+# Read the commit message and strip forbidden footer lines:
+#   - Co-Authored-By: containing "Claude" (any case)
+#   - "Generated with Claude Code" or "[Claude Code]" (any case)
+#   - Emoji-prefixed "Generated with" lines
+sed -E \
+    -e '/^[[:space:]]*[Cc][Oo]-[Aa][Uu][Tt][Hh][Oo][Rr][Ee][Dd]-[Bb][Yy]:.*[Cc][Ll][Aa][Uu][Dd][Ee]/d' \
+    -e '/^[[:space:]]*[Gg][Ee][Nn][Ee][Rr][Aa][Tt][Ee][Dd] [Ww][Ii][Tt][Hh].*[Cc][Ll][Aa][Uu][Dd][Ee] [Cc][Oo][Dd][Ee]/d' \
+    -e '/^[[:space:]]*..?[[:space:]]*[Gg][Ee][Nn][Ee][Rr][Aa][Tt][Ee][Dd] [Ww][Ii][Tt][Hh]/d' \
+    "${COMMIT_MSG_FILE}" > "${TEMP_FILE}"
+# Remove trailing blank lines (collapse to single trailing newline)
+# This prevents empty trailers after stripping
+sed -e :a -e '/^\n*$/{$d;N;ba' -e '}' "${TEMP_FILE}" > "${COMMIT_MSG_FILE}"
+exit 0

package/hooks/README.md ADDED Viewed

@@ -0,0 +1,100 @@
+# Hooks
+Hooks are the event-driven spine of Gaia. Every significant moment in a Claude Code session — a prompt arriving, a tool being called, an agent completing — has a corresponding hook file in this directory. The hooks are not optional middleware; they are the security gate, the context injector, the audit system, and the memory writer. Remove them, and Gaia becomes a collection of agent definitions with no enforcement.
+Each hook is a Python script that reads a JSON event from stdin, processes it, and writes a JSON response to stdout. Claude Code calls these scripts synchronously before or after each tool execution, which means the hook can allow, modify, or block the operation. The hook cannot do complex async work — it runs inline, in the critical path, so every module it calls must complete quickly.
+The hooks form a pipeline. A prompt enters at `user_prompt_submit.py`, gets routed to an agent, triggers `pre_tool_use.py` before each tool call, generates audit records in `post_tool_use.py`, and closes out in `subagent_stop.py` when the agent finishes. The event handler hooks (`session_start.py`, `stop_hook.py`, `subagent_start.py`, `task_completed.py`) fire at lifecycle transitions and carry lighter responsibilities.
+## Cuándo se activa
+```
+User sends prompt
+        |
+[user_prompt_submit.py] <- fires on UserPromptSubmit event
+        |  Builds orchestrator identity via ops_identity.py
+        |  Injects surface routing recommendation (deterministic, from surface-routing.json)
+        |  Skills loaded on-demand: agent-response
+        v
+Orchestrator dispatches agent (Task/Agent tool call)
+        |
+[pre_tool_use.py] <- fires on PreToolUse for: Bash, Task, Agent, SendMessage, Write, Edit
+        |  Bash calls: security gate (blocked_commands, mutative_verbs, cloud_pipe_validator)
+        |  Task/Agent calls: context injection from context-contracts.json
+        |  Write/Edit calls: protected path validation (_is_protected())
+        v
+    ALLOWED / BLOCKED / ask dialog (T3)
+        |
+Tool executes
+        |
+[post_tool_use.py] <- fires on PostToolUse for: Bash, AskUserQuestion
+        |  Audits result, logs to .claude/logs/
+        v
+[subagent_stop.py] <- fires on SubagentStop for all agents
+        |  Validates json:contract format
+        |  Records workflow metrics
+        |  Writes to episodic memory
+        v
+[subagent_start.py] <- fires on SubagentStart for all agents
+        |  Can inject additional context (e.g. persisted memory output)
+```
+## Entry point -> adapter -> module
+Every hook entry point is thin by design. The entry point reads stdin, calls the adapter, and writes stdout. All logic lives in the adapter and module layers.
+```
+hooks/pre_tool_use.py              <- Entry point: stdin/stdout glue only
+  -> adapters/claude_code.py       <- Adapter: parses event, dispatches to modules
+    -> modules/security/           <- blocked_commands, mutative_verbs, cloud_pipe_validator
+    -> modules/context/            <- context_injector, contracts_loader
+    -> modules/agents/             <- contract_validator, skill_injection
+    -> modules/validation/         <- commit_validator
+    -> modules/audit/              <- logger, metrics
+```
+To add a new behavior to an existing hook: write a module in `modules/<package>/`, import it in the adapter, and call it from the relevant adapter method. Modules receive parsed context as arguments and return results. They never read stdin or write stdout directly.
+To add a new hook entry point: create `hooks/<event_name>.py`, register it in `build/gaia-ops.manifest.json` under `hooks.entries` and `hooks.matchers`, then write the adapter method. The entry point pattern is always the same: read stdin JSON, call adapter, print response.
+## Qué hay aquí
+```
+hooks/
+├── user_prompt_submit.py  # Identity injection (UserPromptSubmit event)
+├── pre_tool_use.py        # Security gate + context injection (PreToolUse)
+├── post_tool_use.py       # Audit logging (PostToolUse)
+├── subagent_stop.py       # Contract validation + memory (SubagentStop)
+├── subagent_start.py      # Subagent start — additional context injection
+├── session_start.py       # Session start event handler
+├── stop_hook.py           # Stop event handler
+├── task_completed.py      # Task completed event handler
+├── pre_compact.py         # Pre-compaction event handler
+├── post_compact.py        # Post-compaction event handler
+├── hooks.json             # Plugin-channel hook configuration
+├── adapters/              # Adapter layer — event parsing and module dispatch
+└── modules/               # Module layer — security, context, validation, audit logic
+```
+## Convenciones
+**Security tiers enforced by pre_tool_use:**
+| Tier | Operation Type | Approval | Hook action |
+|------|----------------|----------|-------------|
+| T0 | Read-only (get, list) | No | Allow immediately |
+| T1 | Local validation (validate, lint) | No | Allow immediately |
+| T2 | Simulation (plan, diff) | No | Allow immediately |
+| T3 | Execution (apply, delete) | Yes — native `ask` dialog | Pause, request approval |
+| T3-blocked | Irreversible (delete-vpc, drop db) | Permanently blocked | Exit 2 (hard block) |
+**Protected paths** (blocked regardless of permissionMode):
+- `.claude/hooks/` — hooks cannot be modified by any agent
+- `.claude/settings.json` and `.claude/settings.local.json` — settings cannot be modified by any agent
+## Ver también
+- [`build/gaia-ops.manifest.json`](../build/gaia-ops.manifest.json) — hook registration and matchers
+- [`config/surface-routing.json`](../config/surface-routing.json) — read by `user_prompt_submit.py`
+- [`config/context-contracts.json`](../config/context-contracts.json) — read by `pre_tool_use.py` for context injection
+- [`skills/security-tiers/SKILL.md`](../skills/security-tiers/SKILL.md) — tier classification that agents use; hook enforces the same tiers

package/hooks/adapters/__init__.py ADDED Viewed

@@ -0,0 +1,52 @@
+"""
+Adapter Layer for Gaia-Ops Hooks.
+Provides CLI-agnostic normalized types and the abstract HookAdapter interface.
+Business logic modules consume and produce these types; concrete adapters
+translate between these types and CLI-specific JSON protocols.
+Modules:
+- types: Frozen dataclasses and enums for all hook event/response data
+- base: Abstract HookAdapter interface
+"""
+from .types import (
+    HookEventType,
+    PermissionDecision,
+    DistributionChannel,
+    HookEvent,
+    ValidationRequest,
+    ValidationResult,
+    ToolResult,
+    AgentCompletion,
+    CompletionResult,
+    ContextResult,
+    BootstrapResult,
+    QualityResult,
+    VerificationResult,
+    HookResponse,
+)
+from .base import HookAdapter
+from .claude_code import ClaudeCodeAdapter
+from .utils import has_stdin_data, warn_if_dual_channel
+__all__ = [
+    "HookEventType",
+    "PermissionDecision",
+    "DistributionChannel",
+    "HookEvent",
+    "ValidationRequest",
+    "ValidationResult",
+    "ToolResult",
+    "AgentCompletion",
+    "CompletionResult",
+    "ContextResult",
+    "BootstrapResult",
+    "QualityResult",
+    "VerificationResult",
+    "HookResponse",
+    "HookAdapter",
+    "ClaudeCodeAdapter",
+    "has_stdin_data",
+    "warn_if_dual_channel",
+]