npm - @jaguilar87/gaia - Versions diffs - 5.0.0-rc.2 - Mend

@jaguilar87/gaia 5.0.0-rc.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (621) hide show

package/.claude-plugin/marketplace.json +33 -0
package/.claude-plugin/plugin.json +26 -0
package/ARCHITECTURE.md +335 -0
package/CHANGELOG.md +1298 -0
package/CODE_OF_CONDUCT.md +11 -0
package/CONTRIBUTING.md +146 -0
package/INSTALL.md +436 -0
package/LICENSE +21 -0
package/README.md +222 -0
package/SECURITY.md +47 -0
package/agents/README.md +78 -0
package/agents/cloud-troubleshooter.md +73 -0
package/agents/developer.md +65 -0
package/agents/gaia-operator.md +64 -0
package/agents/gaia-orchestrator.md +111 -0
package/agents/gaia-planner.md +53 -0
package/agents/gaia-system.md +71 -0
package/agents/gitops-operator.md +61 -0
package/agents/terraform-architect.md +63 -0
package/bin/README.md +106 -0
package/bin/cli/__init__.py +1 -0
package/bin/cli/approvals.py +740 -0
package/bin/cli/cleanup.py +562 -0
package/bin/cli/context.py +283 -0
package/bin/cli/doctor.py +651 -0
package/bin/cli/history.py +305 -0
package/bin/cli/memory.py +483 -0
package/bin/cli/metrics.py +1068 -0
package/bin/cli/plans.py +515 -0
package/bin/cli/status.py +302 -0
package/bin/cli/update.py +382 -0
package/bin/gaia +112 -0
package/bin/gaia-cleanup.js +531 -0
package/bin/gaia-doctor.js +635 -0
package/bin/gaia-evidence +126 -0
package/bin/gaia-history.js +251 -0
package/bin/gaia-metrics.js +1278 -0
package/bin/gaia-review.js +269 -0
package/bin/gaia-scan +44 -0
package/bin/gaia-scan.py +589 -0
package/bin/gaia-skills-diagnose.js +929 -0
package/bin/gaia-status.js +278 -0
package/bin/gaia-uninstall.js +111 -0
package/bin/gaia-update.js +919 -0
package/bin/pre-publish-validate.js +610 -0
package/bin/python-detect.js +60 -0
package/bin/validate-sandbox.sh +601 -0
package/commands/README.md +64 -0
package/commands/gaia.md +37 -0
package/commands/scan-project.md +67 -0
package/config/README.md +71 -0
package/config/cloud/aws.json +134 -0
package/config/cloud/gcp.json +139 -0
package/config/context-contracts.json +158 -0
package/config/crons-schema.md +81 -0
package/config/git_standards.json +72 -0
package/config/surface-routing.json +417 -0
package/config/universal-rules.json +102 -0
package/dist/gaia-ops/.claude-plugin/plugin.json +24 -0
package/dist/gaia-ops/README.md +80 -0
package/dist/gaia-ops/agents/cloud-troubleshooter.md +73 -0
package/dist/gaia-ops/agents/developer.md +65 -0
package/dist/gaia-ops/agents/gaia-operator.md +64 -0
package/dist/gaia-ops/agents/gaia-orchestrator.md +111 -0
package/dist/gaia-ops/agents/gaia-planner.md +53 -0
package/dist/gaia-ops/agents/gaia-system.md +71 -0
package/dist/gaia-ops/agents/gitops-operator.md +61 -0
package/dist/gaia-ops/agents/terraform-architect.md +63 -0
package/dist/gaia-ops/commands/gaia.md +37 -0
package/dist/gaia-ops/config/README.md +71 -0
package/dist/gaia-ops/config/cloud/aws.json +134 -0
package/dist/gaia-ops/config/cloud/gcp.json +139 -0
package/dist/gaia-ops/config/context-contracts.json +158 -0
package/dist/gaia-ops/config/crons-schema.md +81 -0
package/dist/gaia-ops/config/git_standards.json +72 -0
package/dist/gaia-ops/config/surface-routing.json +417 -0
package/dist/gaia-ops/config/universal-rules.json +102 -0
package/dist/gaia-ops/hooks/adapters/__init__.py +52 -0
package/dist/gaia-ops/hooks/adapters/base.py +219 -0
package/dist/gaia-ops/hooks/adapters/channel.py +17 -0
package/dist/gaia-ops/hooks/adapters/claude_code.py +1890 -0
package/dist/gaia-ops/hooks/adapters/types.py +194 -0
package/dist/gaia-ops/hooks/adapters/utils.py +25 -0
package/dist/gaia-ops/hooks/hooks.json +192 -0
package/dist/gaia-ops/hooks/modules/__init__.py +15 -0
package/dist/gaia-ops/hooks/modules/agents/__init__.py +29 -0
package/dist/gaia-ops/hooks/modules/agents/contract_validator.py +647 -0
package/dist/gaia-ops/hooks/modules/agents/response_contract.py +496 -0
package/dist/gaia-ops/hooks/modules/agents/skill_injection_verifier.py +120 -0
package/dist/gaia-ops/hooks/modules/agents/state_tracker.py +267 -0
package/dist/gaia-ops/hooks/modules/agents/task_info_builder.py +74 -0
package/dist/gaia-ops/hooks/modules/agents/transcript_analyzer.py +458 -0
package/dist/gaia-ops/hooks/modules/agents/transcript_reader.py +152 -0
package/dist/gaia-ops/hooks/modules/audit/__init__.py +28 -0
package/dist/gaia-ops/hooks/modules/audit/event_detector.py +168 -0
package/dist/gaia-ops/hooks/modules/audit/logger.py +131 -0
package/dist/gaia-ops/hooks/modules/audit/metrics.py +134 -0
package/dist/gaia-ops/hooks/modules/audit/workflow_auditor.py +611 -0
package/dist/gaia-ops/hooks/modules/audit/workflow_recorder.py +296 -0
package/dist/gaia-ops/hooks/modules/context/__init__.py +11 -0
package/dist/gaia-ops/hooks/modules/context/agentic_loop_detector.py +165 -0
package/dist/gaia-ops/hooks/modules/context/anchor_tracker.py +317 -0
package/dist/gaia-ops/hooks/modules/context/compact_context_builder.py +218 -0
package/dist/gaia-ops/hooks/modules/context/context_freshness.py +145 -0
package/dist/gaia-ops/hooks/modules/context/context_injector.py +558 -0
package/dist/gaia-ops/hooks/modules/context/context_writer.py +530 -0
package/dist/gaia-ops/hooks/modules/context/contracts_loader.py +161 -0
package/dist/gaia-ops/hooks/modules/core/__init__.py +40 -0
package/dist/gaia-ops/hooks/modules/core/hook_entry.py +78 -0
package/dist/gaia-ops/hooks/modules/core/paths.py +160 -0
package/dist/gaia-ops/hooks/modules/core/plugin_mode.py +149 -0
package/dist/gaia-ops/hooks/modules/core/plugin_setup.py +577 -0
package/dist/gaia-ops/hooks/modules/core/state.py +179 -0
package/dist/gaia-ops/hooks/modules/core/stdin.py +24 -0
package/dist/gaia-ops/hooks/modules/events/__init__.py +1 -0
package/dist/gaia-ops/hooks/modules/events/event_writer.py +210 -0
package/dist/gaia-ops/hooks/modules/memory/__init__.py +8 -0
package/dist/gaia-ops/hooks/modules/memory/episode_writer.py +216 -0
package/dist/gaia-ops/hooks/modules/orchestrator/__init__.py +1 -0
package/dist/gaia-ops/hooks/modules/orchestrator/delegate_mode.py +122 -0
package/dist/gaia-ops/hooks/modules/scanning/__init__.py +8 -0
package/dist/gaia-ops/hooks/modules/scanning/scan_trigger.py +84 -0
package/dist/gaia-ops/hooks/modules/security/__init__.py +120 -0
package/dist/gaia-ops/hooks/modules/security/approval_cleanup.py +87 -0
package/dist/gaia-ops/hooks/modules/security/approval_constants.py +23 -0
package/dist/gaia-ops/hooks/modules/security/approval_grants.py +1638 -0
package/dist/gaia-ops/hooks/modules/security/approval_messages.py +71 -0
package/dist/gaia-ops/hooks/modules/security/approval_scopes.py +222 -0
package/dist/gaia-ops/hooks/modules/security/blocked_commands.py +595 -0
package/dist/gaia-ops/hooks/modules/security/blocked_message_formatter.py +87 -0
package/dist/gaia-ops/hooks/modules/security/command_semantics.py +181 -0
package/dist/gaia-ops/hooks/modules/security/composition_rules.py +547 -0
package/dist/gaia-ops/hooks/modules/security/flag_classifiers.py +873 -0
package/dist/gaia-ops/hooks/modules/security/gitops_validator.py +179 -0
package/dist/gaia-ops/hooks/modules/security/mutative_verbs.py +1131 -0
package/dist/gaia-ops/hooks/modules/security/network_hosts.py +481 -0
package/dist/gaia-ops/hooks/modules/security/prompt_validator.py +40 -0
package/dist/gaia-ops/hooks/modules/security/shell_unwrapper.py +165 -0
package/dist/gaia-ops/hooks/modules/security/tiers.py +196 -0
package/dist/gaia-ops/hooks/modules/session/__init__.py +10 -0
package/dist/gaia-ops/hooks/modules/session/pending_scanner.py +174 -0
package/dist/gaia-ops/hooks/modules/session/session_context_writer.py +100 -0
package/dist/gaia-ops/hooks/modules/session/session_event_injector.py +160 -0
package/dist/gaia-ops/hooks/modules/session/session_manager.py +31 -0
package/dist/gaia-ops/hooks/modules/session/session_registry.py +333 -0
package/dist/gaia-ops/hooks/modules/tools/__init__.py +29 -0
package/dist/gaia-ops/hooks/modules/tools/bash_validator.py +1008 -0
package/dist/gaia-ops/hooks/modules/tools/cloud_pipe_validator.py +231 -0
package/dist/gaia-ops/hooks/modules/tools/hook_response.py +55 -0
package/dist/gaia-ops/hooks/modules/tools/shell_parser.py +227 -0
package/dist/gaia-ops/hooks/modules/tools/stage_decomposer.py +315 -0
package/dist/gaia-ops/hooks/modules/tools/task_validator.py +294 -0
package/dist/gaia-ops/hooks/modules/validation/__init__.py +23 -0
package/dist/gaia-ops/hooks/modules/validation/commit_validator.py +380 -0
package/dist/gaia-ops/hooks/post_compact.py +43 -0
package/dist/gaia-ops/hooks/post_tool_use.py +54 -0
package/dist/gaia-ops/hooks/pre_compact.py +60 -0
package/dist/gaia-ops/hooks/pre_tool_use.py +413 -0
package/dist/gaia-ops/hooks/session_end_hook.py +77 -0
package/dist/gaia-ops/hooks/session_start.py +81 -0
package/dist/gaia-ops/hooks/stop_hook.py +70 -0
package/dist/gaia-ops/hooks/subagent_start.py +71 -0
package/dist/gaia-ops/hooks/subagent_stop.py +295 -0
package/dist/gaia-ops/hooks/task_completed.py +70 -0
package/dist/gaia-ops/hooks/user_prompt_submit.py +246 -0
package/dist/gaia-ops/settings.json +72 -0
package/dist/gaia-ops/skills/README.md +158 -0
package/dist/gaia-ops/skills/agent-creation/SKILL.md +87 -0
package/dist/gaia-ops/skills/agent-creation/examples.md +170 -0
package/dist/gaia-ops/skills/agent-creation/reference.md +191 -0
package/dist/gaia-ops/skills/agent-protocol/SKILL.md +93 -0
package/dist/gaia-ops/skills/agent-protocol/examples.md +223 -0
package/dist/gaia-ops/skills/agent-response/SKILL.md +69 -0
package/dist/gaia-ops/skills/agentic-loop/SKILL.md +80 -0
package/dist/gaia-ops/skills/agentic-loop/reference.md +378 -0
package/dist/gaia-ops/skills/blog-writing/SKILL.md +98 -0
package/dist/gaia-ops/skills/blog-writing/reference.md +130 -0
package/dist/gaia-ops/skills/brief-spec/SKILL.md +185 -0
package/dist/gaia-ops/skills/command-execution/SKILL.md +64 -0
package/dist/gaia-ops/skills/command-execution/reference.md +83 -0
package/dist/gaia-ops/skills/context-updater/SKILL.md +87 -0
package/dist/gaia-ops/skills/context-updater/examples.md +71 -0
package/dist/gaia-ops/skills/developer-patterns/SKILL.md +50 -0
package/dist/gaia-ops/skills/developer-patterns/reference.md +112 -0
package/dist/gaia-ops/skills/execution/SKILL.md +99 -0
package/dist/gaia-ops/skills/fast-queries/SKILL.md +43 -0
package/dist/gaia-ops/skills/gaia-compact/SKILL.md +74 -0
package/dist/gaia-ops/skills/gaia-patterns/SKILL.md +108 -0
package/dist/gaia-ops/skills/gaia-patterns/reference.md +395 -0
package/dist/gaia-ops/skills/gaia-planner/SKILL.md +37 -0
package/dist/gaia-ops/skills/gaia-planner/reference.md +107 -0
package/dist/gaia-ops/skills/gaia-release/SKILL.md +85 -0
package/dist/gaia-ops/skills/gaia-release/reference.md +92 -0
package/dist/gaia-ops/skills/gaia-self-check/SKILL.md +114 -0
package/dist/gaia-ops/skills/gaia-self-check/reference.md +453 -0
package/dist/gaia-ops/skills/gaia-verify/SKILL.md +77 -0
package/dist/gaia-ops/skills/gaia-verify/reference.md +80 -0
package/dist/gaia-ops/skills/git-conventions/SKILL.md +47 -0
package/dist/gaia-ops/skills/gitops-patterns/SKILL.md +60 -0
package/dist/gaia-ops/skills/gitops-patterns/reference.md +183 -0
package/dist/gaia-ops/skills/gmail-policy/SKILL.md +200 -0
package/dist/gaia-ops/skills/gmail-policy/reference.md +150 -0
package/dist/gaia-ops/skills/gmail-triage/SKILL.md +100 -0
package/dist/gaia-ops/skills/gws-setup/SKILL.md +99 -0
package/dist/gaia-ops/skills/gws-setup/reference.md +73 -0
package/dist/gaia-ops/skills/investigation/SKILL.md +100 -0
package/dist/gaia-ops/skills/memory-curation/SKILL.md +83 -0
package/dist/gaia-ops/skills/memory-search/SKILL.md +88 -0
package/dist/gaia-ops/skills/orchestrator-approval/SKILL.md +160 -0
package/dist/gaia-ops/skills/orchestrator-approval/reference.md +174 -0
package/dist/gaia-ops/skills/pending-approvals/SKILL.md +72 -0
package/dist/gaia-ops/skills/pending-approvals/reference.md +214 -0
package/dist/gaia-ops/skills/readme-writing/SKILL.md +71 -0
package/dist/gaia-ops/skills/readme-writing/reference.md +188 -0
package/dist/gaia-ops/skills/reference.md +135 -0
package/dist/gaia-ops/skills/request-approval/SKILL.md +140 -0
package/dist/gaia-ops/skills/request-approval/examples.md +140 -0
package/dist/gaia-ops/skills/request-approval/reference.md +57 -0
package/dist/gaia-ops/skills/schedule-task/SKILL.md +64 -0
package/dist/gaia-ops/skills/schedule-task/reference.md +233 -0
package/dist/gaia-ops/skills/security-tiers/SKILL.md +141 -0
package/dist/gaia-ops/skills/security-tiers/destructive-commands-reference.md +623 -0
package/dist/gaia-ops/skills/security-tiers/reference.md +39 -0
package/dist/gaia-ops/skills/session-reflection/SKILL.md +69 -0
package/dist/gaia-ops/skills/skill-creation/SKILL.md +92 -0
package/dist/gaia-ops/skills/skill-creation/reference.md +29 -0
package/dist/gaia-ops/skills/terraform-patterns/SKILL.md +89 -0
package/dist/gaia-ops/skills/terraform-patterns/reference.md +93 -0
package/dist/gaia-ops/tools/__init__.py +9 -0
package/dist/gaia-ops/tools/agentic-loop/decide-status.py +210 -0
package/dist/gaia-ops/tools/agentic-loop/parse-metric.py +106 -0
package/dist/gaia-ops/tools/agentic-loop/record-iteration.py +221 -0
package/dist/gaia-ops/tools/context/README.md +132 -0
package/dist/gaia-ops/tools/context/__init__.py +42 -0
package/dist/gaia-ops/tools/context/_paths.py +20 -0
package/dist/gaia-ops/tools/context/context_provider.py +721 -0
package/dist/gaia-ops/tools/context/context_section_reader.py +342 -0
package/dist/gaia-ops/tools/context/deep_merge.py +159 -0
package/dist/gaia-ops/tools/context/pending_updates.py +760 -0
package/dist/gaia-ops/tools/context/surface_router.py +278 -0
package/dist/gaia-ops/tools/fast-queries/README.md +65 -0
package/dist/gaia-ops/tools/fast-queries/__init__.py +30 -0
package/dist/gaia-ops/tools/fast-queries/appservices/quicktriage_devops_developer.sh +75 -0
package/dist/gaia-ops/tools/fast-queries/cloud/aws/quicktriage_aws_troubleshooter.sh +32 -0
package/dist/gaia-ops/tools/fast-queries/cloud/gcp/quicktriage_gcp_troubleshooter.sh +88 -0
package/dist/gaia-ops/tools/fast-queries/gitops/quicktriage_gitops_operator.sh +48 -0
package/dist/gaia-ops/tools/fast-queries/run_triage.sh +59 -0
package/dist/gaia-ops/tools/fast-queries/terraform/quicktriage_terraform_architect.sh +80 -0
package/dist/gaia-ops/tools/gaia_simulator/__init__.py +33 -0
package/dist/gaia-ops/tools/gaia_simulator/cli.py +354 -0
package/dist/gaia-ops/tools/gaia_simulator/extractor.py +457 -0
package/dist/gaia-ops/tools/gaia_simulator/reporter.py +258 -0
package/dist/gaia-ops/tools/gaia_simulator/routing_simulator.py +334 -0
package/dist/gaia-ops/tools/gaia_simulator/runner.py +539 -0
package/dist/gaia-ops/tools/gaia_simulator/skills_mapper.py +264 -0
package/dist/gaia-ops/tools/memory/README.md +0 -0
package/dist/gaia-ops/tools/memory/__init__.py +20 -0
package/dist/gaia-ops/tools/memory/backfill_fts5.py +107 -0
package/dist/gaia-ops/tools/memory/conflict_detector.py +295 -0
package/dist/gaia-ops/tools/memory/episodic.py +1210 -0
package/dist/gaia-ops/tools/memory/git_invalidator.py +262 -0
package/dist/gaia-ops/tools/memory/paths.py +102 -0
package/dist/gaia-ops/tools/memory/scoring.py +193 -0
package/dist/gaia-ops/tools/memory/search_store.py +375 -0
package/dist/gaia-ops/tools/persist_transcript_analysis.py +85 -0
package/dist/gaia-ops/tools/review/__init__.py +1 -0
package/dist/gaia-ops/tools/review/review_engine.py +157 -0
package/dist/gaia-ops/tools/scan/__init__.py +35 -0
package/dist/gaia-ops/tools/scan/config.py +247 -0
package/dist/gaia-ops/tools/scan/merge.py +212 -0
package/dist/gaia-ops/tools/scan/orchestrator.py +549 -0
package/dist/gaia-ops/tools/scan/registry.py +127 -0
package/dist/gaia-ops/tools/scan/scanners/__init__.py +18 -0
package/dist/gaia-ops/tools/scan/scanners/base.py +137 -0
package/dist/gaia-ops/tools/scan/scanners/environment.py +349 -0
package/dist/gaia-ops/tools/scan/scanners/git.py +570 -0
package/dist/gaia-ops/tools/scan/scanners/infrastructure.py +875 -0
package/dist/gaia-ops/tools/scan/scanners/orchestration.py +600 -0
package/dist/gaia-ops/tools/scan/scanners/stack.py +1085 -0
package/dist/gaia-ops/tools/scan/scanners/tools.py +260 -0
package/dist/gaia-ops/tools/scan/setup.py +686 -0
package/dist/gaia-ops/tools/scan/tests/__init__.py +1 -0
package/dist/gaia-ops/tools/scan/tests/conftest.py +796 -0
package/dist/gaia-ops/tools/scan/tests/test_environment.py +323 -0
package/dist/gaia-ops/tools/scan/tests/test_git.py +419 -0
package/dist/gaia-ops/tools/scan/tests/test_infrastructure.py +382 -0
package/dist/gaia-ops/tools/scan/tests/test_integration.py +920 -0
package/dist/gaia-ops/tools/scan/tests/test_merge.py +269 -0
package/dist/gaia-ops/tools/scan/tests/test_orchestration.py +304 -0
package/dist/gaia-ops/tools/scan/tests/test_stack.py +604 -0
package/dist/gaia-ops/tools/scan/tests/test_tools.py +349 -0
package/dist/gaia-ops/tools/scan/ui.py +624 -0
package/dist/gaia-ops/tools/scan/verify.py +270 -0
package/dist/gaia-ops/tools/scan/walk.py +118 -0
package/dist/gaia-ops/tools/scan/workspace.py +85 -0
package/dist/gaia-ops/tools/validation/README.md +244 -0
package/dist/gaia-ops/tools/validation/__init__.py +17 -0
package/dist/gaia-ops/tools/validation/approval_gate.py +321 -0
package/dist/gaia-ops/tools/validation/validate_skills.py +189 -0
package/dist/gaia-security/.claude-plugin/plugin.json +24 -0
package/dist/gaia-security/README.md +90 -0
package/dist/gaia-security/config/universal-rules.json +102 -0
package/dist/gaia-security/hooks/adapters/__init__.py +52 -0
package/dist/gaia-security/hooks/adapters/base.py +219 -0
package/dist/gaia-security/hooks/adapters/channel.py +17 -0
package/dist/gaia-security/hooks/adapters/claude_code.py +1890 -0
package/dist/gaia-security/hooks/adapters/types.py +194 -0
package/dist/gaia-security/hooks/adapters/utils.py +25 -0
package/dist/gaia-security/hooks/hooks.json +113 -0
package/dist/gaia-security/hooks/modules/__init__.py +15 -0
package/dist/gaia-security/hooks/modules/agents/__init__.py +29 -0
package/dist/gaia-security/hooks/modules/agents/contract_validator.py +647 -0
package/dist/gaia-security/hooks/modules/agents/response_contract.py +496 -0
package/dist/gaia-security/hooks/modules/agents/skill_injection_verifier.py +120 -0
package/dist/gaia-security/hooks/modules/agents/state_tracker.py +267 -0
package/dist/gaia-security/hooks/modules/agents/task_info_builder.py +74 -0
package/dist/gaia-security/hooks/modules/agents/transcript_analyzer.py +458 -0
package/dist/gaia-security/hooks/modules/agents/transcript_reader.py +152 -0
package/dist/gaia-security/hooks/modules/audit/__init__.py +28 -0
package/dist/gaia-security/hooks/modules/audit/event_detector.py +168 -0
package/dist/gaia-security/hooks/modules/audit/logger.py +131 -0
package/dist/gaia-security/hooks/modules/audit/metrics.py +134 -0
package/dist/gaia-security/hooks/modules/audit/workflow_auditor.py +611 -0
package/dist/gaia-security/hooks/modules/audit/workflow_recorder.py +296 -0
package/dist/gaia-security/hooks/modules/context/__init__.py +11 -0
package/dist/gaia-security/hooks/modules/context/agentic_loop_detector.py +165 -0
package/dist/gaia-security/hooks/modules/context/anchor_tracker.py +317 -0
package/dist/gaia-security/hooks/modules/context/compact_context_builder.py +218 -0
package/dist/gaia-security/hooks/modules/context/context_freshness.py +145 -0
package/dist/gaia-security/hooks/modules/context/context_injector.py +558 -0
package/dist/gaia-security/hooks/modules/context/context_writer.py +530 -0
package/dist/gaia-security/hooks/modules/context/contracts_loader.py +161 -0
package/dist/gaia-security/hooks/modules/core/__init__.py +40 -0
package/dist/gaia-security/hooks/modules/core/hook_entry.py +78 -0
package/dist/gaia-security/hooks/modules/core/paths.py +160 -0
package/dist/gaia-security/hooks/modules/core/plugin_mode.py +149 -0
package/dist/gaia-security/hooks/modules/core/plugin_setup.py +577 -0
package/dist/gaia-security/hooks/modules/core/state.py +179 -0
package/dist/gaia-security/hooks/modules/core/stdin.py +24 -0
package/dist/gaia-security/hooks/modules/events/__init__.py +1 -0
package/dist/gaia-security/hooks/modules/events/event_writer.py +210 -0
package/dist/gaia-security/hooks/modules/memory/__init__.py +8 -0
package/dist/gaia-security/hooks/modules/memory/episode_writer.py +216 -0
package/dist/gaia-security/hooks/modules/orchestrator/__init__.py +1 -0
package/dist/gaia-security/hooks/modules/orchestrator/delegate_mode.py +122 -0
package/dist/gaia-security/hooks/modules/scanning/__init__.py +8 -0
package/dist/gaia-security/hooks/modules/scanning/scan_trigger.py +84 -0
package/dist/gaia-security/hooks/modules/security/__init__.py +120 -0
package/dist/gaia-security/hooks/modules/security/approval_cleanup.py +87 -0
package/dist/gaia-security/hooks/modules/security/approval_constants.py +23 -0
package/dist/gaia-security/hooks/modules/security/approval_grants.py +1638 -0
package/dist/gaia-security/hooks/modules/security/approval_messages.py +71 -0
package/dist/gaia-security/hooks/modules/security/approval_scopes.py +222 -0
package/dist/gaia-security/hooks/modules/security/blocked_commands.py +595 -0
package/dist/gaia-security/hooks/modules/security/blocked_message_formatter.py +87 -0
package/dist/gaia-security/hooks/modules/security/command_semantics.py +181 -0
package/dist/gaia-security/hooks/modules/security/composition_rules.py +547 -0
package/dist/gaia-security/hooks/modules/security/flag_classifiers.py +873 -0
package/dist/gaia-security/hooks/modules/security/gitops_validator.py +179 -0
package/dist/gaia-security/hooks/modules/security/mutative_verbs.py +1131 -0
package/dist/gaia-security/hooks/modules/security/network_hosts.py +481 -0
package/dist/gaia-security/hooks/modules/security/prompt_validator.py +40 -0
package/dist/gaia-security/hooks/modules/security/shell_unwrapper.py +165 -0
package/dist/gaia-security/hooks/modules/security/tiers.py +196 -0
package/dist/gaia-security/hooks/modules/session/__init__.py +10 -0
package/dist/gaia-security/hooks/modules/session/pending_scanner.py +174 -0
package/dist/gaia-security/hooks/modules/session/session_context_writer.py +100 -0
package/dist/gaia-security/hooks/modules/session/session_event_injector.py +160 -0
package/dist/gaia-security/hooks/modules/session/session_manager.py +31 -0
package/dist/gaia-security/hooks/modules/session/session_registry.py +333 -0
package/dist/gaia-security/hooks/modules/tools/__init__.py +29 -0
package/dist/gaia-security/hooks/modules/tools/bash_validator.py +1008 -0
package/dist/gaia-security/hooks/modules/tools/cloud_pipe_validator.py +231 -0
package/dist/gaia-security/hooks/modules/tools/hook_response.py +55 -0
package/dist/gaia-security/hooks/modules/tools/shell_parser.py +227 -0
package/dist/gaia-security/hooks/modules/tools/stage_decomposer.py +315 -0
package/dist/gaia-security/hooks/modules/tools/task_validator.py +294 -0
package/dist/gaia-security/hooks/modules/validation/__init__.py +23 -0
package/dist/gaia-security/hooks/modules/validation/commit_validator.py +380 -0
package/dist/gaia-security/hooks/post_tool_use.py +54 -0
package/dist/gaia-security/hooks/pre_tool_use.py +413 -0
package/dist/gaia-security/hooks/session_end_hook.py +77 -0
package/dist/gaia-security/hooks/session_start.py +81 -0
package/dist/gaia-security/hooks/stop_hook.py +70 -0
package/dist/gaia-security/hooks/user_prompt_submit.py +246 -0
package/dist/gaia-security/settings.json +58 -0
package/git-hooks/commit-msg +41 -0
package/hooks/README.md +100 -0
package/hooks/adapters/__init__.py +52 -0
package/hooks/adapters/base.py +219 -0
package/hooks/adapters/channel.py +17 -0
package/hooks/adapters/claude_code.py +1890 -0
package/hooks/adapters/types.py +194 -0
package/hooks/adapters/utils.py +25 -0
package/hooks/elicitation_result.py +179 -0
package/hooks/hooks.json +84 -0
package/hooks/modules/README.md +189 -0
package/hooks/modules/__init__.py +15 -0
package/hooks/modules/agents/__init__.py +29 -0
package/hooks/modules/agents/contract_validator.py +647 -0
package/hooks/modules/agents/response_contract.py +496 -0
package/hooks/modules/agents/skill_injection_verifier.py +120 -0
package/hooks/modules/agents/state_tracker.py +267 -0
package/hooks/modules/agents/task_info_builder.py +74 -0
package/hooks/modules/agents/transcript_analyzer.py +458 -0
package/hooks/modules/agents/transcript_reader.py +152 -0
package/hooks/modules/audit/__init__.py +28 -0
package/hooks/modules/audit/event_detector.py +168 -0
package/hooks/modules/audit/logger.py +131 -0
package/hooks/modules/audit/metrics.py +134 -0
package/hooks/modules/audit/workflow_auditor.py +611 -0
package/hooks/modules/audit/workflow_recorder.py +296 -0
package/hooks/modules/context/__init__.py +11 -0
package/hooks/modules/context/agentic_loop_detector.py +165 -0
package/hooks/modules/context/anchor_tracker.py +317 -0
package/hooks/modules/context/compact_context_builder.py +218 -0
package/hooks/modules/context/context_freshness.py +145 -0
package/hooks/modules/context/context_injector.py +558 -0
package/hooks/modules/context/context_writer.py +530 -0
package/hooks/modules/context/contracts_loader.py +161 -0
package/hooks/modules/core/__init__.py +40 -0
package/hooks/modules/core/hook_entry.py +78 -0
package/hooks/modules/core/paths.py +160 -0
package/hooks/modules/core/plugin_mode.py +149 -0
package/hooks/modules/core/plugin_setup.py +577 -0
package/hooks/modules/core/state.py +179 -0
package/hooks/modules/core/stdin.py +24 -0
package/hooks/modules/events/__init__.py +1 -0
package/hooks/modules/events/event_writer.py +210 -0
package/hooks/modules/evidence/__init__.py +34 -0
package/hooks/modules/evidence/assertions.py +137 -0
package/hooks/modules/evidence/index_writer.py +57 -0
package/hooks/modules/evidence/loader.py +126 -0
package/hooks/modules/evidence/runner.py +241 -0
package/hooks/modules/memory/__init__.py +8 -0
package/hooks/modules/memory/episode_writer.py +216 -0
package/hooks/modules/orchestrator/__init__.py +1 -0
package/hooks/modules/orchestrator/delegate_mode.py +122 -0
package/hooks/modules/scanning/__init__.py +8 -0
package/hooks/modules/scanning/scan_trigger.py +84 -0
package/hooks/modules/security/__init__.py +120 -0
package/hooks/modules/security/approval_cleanup.py +87 -0
package/hooks/modules/security/approval_constants.py +23 -0
package/hooks/modules/security/approval_grants.py +1638 -0
package/hooks/modules/security/approval_messages.py +71 -0
package/hooks/modules/security/approval_scopes.py +222 -0
package/hooks/modules/security/blocked_commands.py +595 -0
package/hooks/modules/security/blocked_message_formatter.py +87 -0
package/hooks/modules/security/command_semantics.py +181 -0
package/hooks/modules/security/composition_rules.py +547 -0
package/hooks/modules/security/flag_classifiers.py +873 -0
package/hooks/modules/security/gitops_validator.py +179 -0
package/hooks/modules/security/mutative_verbs.py +1131 -0
package/hooks/modules/security/network_hosts.py +481 -0
package/hooks/modules/security/prompt_validator.py +40 -0
package/hooks/modules/security/shell_unwrapper.py +165 -0
package/hooks/modules/security/tiers.py +196 -0
package/hooks/modules/session/__init__.py +10 -0
package/hooks/modules/session/pending_scanner.py +174 -0
package/hooks/modules/session/session_context_writer.py +100 -0
package/hooks/modules/session/session_event_injector.py +160 -0
package/hooks/modules/session/session_manager.py +31 -0
package/hooks/modules/session/session_registry.py +333 -0
package/hooks/modules/tools/__init__.py +29 -0
package/hooks/modules/tools/bash_validator.py +1008 -0
package/hooks/modules/tools/cloud_pipe_validator.py +231 -0
package/hooks/modules/tools/hook_response.py +55 -0
package/hooks/modules/tools/shell_parser.py +227 -0
package/hooks/modules/tools/stage_decomposer.py +315 -0
package/hooks/modules/tools/task_validator.py +294 -0
package/hooks/modules/validation/__init__.py +23 -0
package/hooks/modules/validation/commit_validator.py +380 -0
package/hooks/post_compact.py +43 -0
package/hooks/post_tool_use.py +54 -0
package/hooks/pre_compact.py +60 -0
package/hooks/pre_tool_use.py +413 -0
package/hooks/session_end_hook.py +77 -0
package/hooks/session_start.py +81 -0
package/hooks/stop_hook.py +70 -0
package/hooks/subagent_start.py +71 -0
package/hooks/subagent_stop.py +295 -0
package/hooks/task_completed.py +70 -0
package/hooks/user_prompt_submit.py +246 -0
package/index.js +83 -0
package/package.json +103 -0
package/pyproject.toml +32 -0
package/skills/README.md +158 -0
package/skills/agent-creation/SKILL.md +87 -0
package/skills/agent-creation/examples.md +170 -0
package/skills/agent-creation/reference.md +191 -0
package/skills/agent-protocol/SKILL.md +93 -0
package/skills/agent-protocol/examples.md +223 -0
package/skills/agent-response/SKILL.md +69 -0
package/skills/agentic-loop/SKILL.md +80 -0
package/skills/agentic-loop/reference.md +378 -0
package/skills/blog-writing/SKILL.md +98 -0
package/skills/blog-writing/reference.md +130 -0
package/skills/brief-spec/SKILL.md +185 -0
package/skills/command-execution/SKILL.md +64 -0
package/skills/command-execution/reference.md +83 -0
package/skills/context-updater/SKILL.md +87 -0
package/skills/context-updater/examples.md +71 -0
package/skills/developer-patterns/SKILL.md +50 -0
package/skills/developer-patterns/reference.md +112 -0
package/skills/execution/SKILL.md +99 -0
package/skills/fast-queries/SKILL.md +43 -0
package/skills/gaia-compact/SKILL.md +74 -0
package/skills/gaia-patterns/SKILL.md +108 -0
package/skills/gaia-patterns/reference.md +395 -0
package/skills/gaia-planner/SKILL.md +37 -0
package/skills/gaia-planner/reference.md +107 -0
package/skills/gaia-release/SKILL.md +85 -0
package/skills/gaia-release/reference.md +92 -0
package/skills/gaia-self-check/SKILL.md +114 -0
package/skills/gaia-self-check/reference.md +453 -0
package/skills/gaia-verify/SKILL.md +77 -0
package/skills/gaia-verify/reference.md +80 -0
package/skills/git-conventions/SKILL.md +47 -0
package/skills/gitops-patterns/SKILL.md +60 -0
package/skills/gitops-patterns/reference.md +183 -0
package/skills/gmail-policy/SKILL.md +200 -0
package/skills/gmail-policy/reference.md +150 -0
package/skills/gmail-triage/SKILL.md +100 -0
package/skills/gws-setup/SKILL.md +99 -0
package/skills/gws-setup/reference.md +73 -0
package/skills/investigation/SKILL.md +100 -0
package/skills/memory-curation/SKILL.md +83 -0
package/skills/memory-search/SKILL.md +88 -0
package/skills/orchestrator-approval/SKILL.md +160 -0
package/skills/orchestrator-approval/reference.md +174 -0
package/skills/pending-approvals/SKILL.md +72 -0
package/skills/pending-approvals/reference.md +214 -0
package/skills/readme-writing/SKILL.md +71 -0
package/skills/readme-writing/reference.md +188 -0
package/skills/reference.md +135 -0
package/skills/request-approval/SKILL.md +140 -0
package/skills/request-approval/examples.md +140 -0
package/skills/request-approval/reference.md +57 -0
package/skills/schedule-task/SKILL.md +64 -0
package/skills/schedule-task/reference.md +233 -0
package/skills/security-tiers/SKILL.md +141 -0
package/skills/security-tiers/destructive-commands-reference.md +623 -0
package/skills/security-tiers/reference.md +39 -0
package/skills/session-reflection/SKILL.md +69 -0
package/skills/skill-creation/SKILL.md +92 -0
package/skills/skill-creation/reference.md +29 -0
package/skills/terraform-patterns/SKILL.md +89 -0
package/skills/terraform-patterns/reference.md +93 -0
package/templates/README.md +69 -0
package/templates/managed-settings.template.json +43 -0
package/tools/__init__.py +9 -0
package/tools/agentic-loop/decide-status.py +210 -0
package/tools/agentic-loop/parse-metric.py +106 -0
package/tools/agentic-loop/record-iteration.py +221 -0
package/tools/context/README.md +132 -0
package/tools/context/__init__.py +42 -0
package/tools/context/_paths.py +20 -0
package/tools/context/context_provider.py +721 -0
package/tools/context/context_section_reader.py +342 -0
package/tools/context/deep_merge.py +159 -0
package/tools/context/pending_updates.py +760 -0
package/tools/context/surface_router.py +278 -0
package/tools/fast-queries/README.md +65 -0
package/tools/fast-queries/__init__.py +30 -0
package/tools/fast-queries/appservices/quicktriage_devops_developer.sh +75 -0
package/tools/fast-queries/cloud/aws/quicktriage_aws_troubleshooter.sh +32 -0
package/tools/fast-queries/cloud/gcp/quicktriage_gcp_troubleshooter.sh +88 -0
package/tools/fast-queries/gitops/quicktriage_gitops_operator.sh +48 -0
package/tools/fast-queries/run_triage.sh +59 -0
package/tools/fast-queries/terraform/quicktriage_terraform_architect.sh +80 -0
package/tools/gaia_simulator/__init__.py +33 -0
package/tools/gaia_simulator/cli.py +354 -0
package/tools/gaia_simulator/extractor.py +457 -0
package/tools/gaia_simulator/reporter.py +258 -0
package/tools/gaia_simulator/routing_simulator.py +334 -0
package/tools/gaia_simulator/runner.py +539 -0
package/tools/gaia_simulator/skills_mapper.py +264 -0
package/tools/memory/README.md +0 -0
package/tools/memory/__init__.py +20 -0
package/tools/memory/backfill_fts5.py +107 -0
package/tools/memory/conflict_detector.py +295 -0
package/tools/memory/episodic.py +1210 -0
package/tools/memory/git_invalidator.py +262 -0
package/tools/memory/paths.py +102 -0
package/tools/memory/scoring.py +193 -0
package/tools/memory/search_store.py +375 -0
package/tools/persist_transcript_analysis.py +85 -0
package/tools/review/__init__.py +1 -0
package/tools/review/review_engine.py +157 -0
package/tools/scan/__init__.py +35 -0
package/tools/scan/config.py +247 -0
package/tools/scan/merge.py +212 -0
package/tools/scan/orchestrator.py +549 -0
package/tools/scan/registry.py +127 -0
package/tools/scan/scanners/__init__.py +18 -0
package/tools/scan/scanners/base.py +137 -0
package/tools/scan/scanners/environment.py +349 -0
package/tools/scan/scanners/git.py +570 -0
package/tools/scan/scanners/infrastructure.py +875 -0
package/tools/scan/scanners/orchestration.py +600 -0
package/tools/scan/scanners/stack.py +1085 -0
package/tools/scan/scanners/tools.py +260 -0
package/tools/scan/setup.py +686 -0
package/tools/scan/tests/__init__.py +1 -0
package/tools/scan/tests/conftest.py +796 -0
package/tools/scan/tests/test_environment.py +323 -0
package/tools/scan/tests/test_git.py +419 -0
package/tools/scan/tests/test_infrastructure.py +382 -0
package/tools/scan/tests/test_integration.py +920 -0
package/tools/scan/tests/test_merge.py +269 -0
package/tools/scan/tests/test_orchestration.py +304 -0
package/tools/scan/tests/test_stack.py +604 -0
package/tools/scan/tests/test_tools.py +349 -0
package/tools/scan/ui.py +624 -0
package/tools/scan/verify.py +270 -0
package/tools/scan/walk.py +118 -0
package/tools/scan/workspace.py +85 -0
package/tools/validation/README.md +244 -0
package/tools/validation/__init__.py +17 -0
package/tools/validation/approval_gate.py +321 -0
package/tools/validation/validate_skills.py +189 -0

package/hooks/adapters/types.py ADDED Viewed

@@ -0,0 +1,194 @@
+"""
+Adapter Normalized Types for Gaia-Ops Hooks.
+CLI-agnostic frozen dataclasses and enums consumed by business logic modules.
+The adapter layer translates between these types and CLI-specific JSON protocols.
+No dependencies on any existing gaia-ops module -- this is standalone.
+"""
+from __future__ import annotations
+import enum
+from dataclasses import dataclass, field
+from pathlib import Path
+from typing import Any, Dict, List, Optional
+class HookEventType(enum.Enum):
+    """All Claude Code hook events as an enumeration."""
+    # P0 - Currently implemented
+    PRE_TOOL_USE = "PreToolUse"
+    POST_TOOL_USE = "PostToolUse"
+    SUBAGENT_STOP = "SubagentStop"
+    # P1
+    SESSION_START = "SessionStart"
+    USER_PROMPT_SUBMIT = "UserPromptSubmit"
+    # P2
+    PERMISSION_REQUEST = "PermissionRequest"
+    STOP = "Stop"
+    TASK_COMPLETED = "TaskCompleted"
+    SUBAGENT_START = "SubagentStart"
+    # P3
+    PRE_COMPACT = "PreCompact"
+    POST_COMPACT = "PostCompact"
+    CONFIG_CHANGE = "ConfigChange"
+    SESSION_END = "SessionEnd"
+    INSTRUCTIONS_LOADED = "InstructionsLoaded"
+    POST_TOOL_USE_FAILURE = "PostToolUseFailure"
+    # P4
+    NOTIFICATION = "Notification"
+    # P5 - Additional events
+    TEAMMATE_IDLE = "TeammateIdle"
+    WORKTREE_CREATE = "WorktreeCreate"
+    WORKTREE_REMOVE = "WorktreeRemove"
+    PROMPT_SUBMIT = "PromptSubmit"  # Deprecated alias for USER_PROMPT_SUBMIT
+class PermissionDecision(enum.Enum):
+    """Hook permission decision values."""
+    ALLOW = "allow"
+    DENY = "deny"
+    ASK = "ask"
+class DistributionChannel(enum.Enum):
+    """How gaia-ops was installed and is being invoked."""
+    NPM = "npm"
+    PLUGIN = "plugin"
+@dataclass(frozen=True)
+class HookEvent:
+    """Normalized hook event, CLI-agnostic.
+    Produced by the adapter's parse_event() method.
+    """
+    event_type: HookEventType
+    session_id: str
+    payload: Dict[str, Any]
+    channel: DistributionChannel
+    plugin_root: Optional[Path] = None
+@dataclass(frozen=True)
+class ValidationRequest:
+    """Pre-tool-use validation request extracted from a HookEvent."""
+    tool_name: str
+    command: str
+    tool_input: Dict[str, Any]
+    session_id: str
+@dataclass(frozen=True)
+class ValidationResult:
+    """CLI-agnostic validation result from business logic.
+    Business logic produces this; the adapter formats it for the CLI.
+    """
+    allowed: bool = True
+    reason: str = ""
+    tier: str = "T0"
+    modified_input: Optional[Dict[str, Any]] = None
+    suggestions: List[str] = field(default_factory=list)
+    nonce: Optional[str] = None
+@dataclass(frozen=True)
+class ToolResult:
+    """Post-tool-use result data extracted from a HookEvent."""
+    tool_name: str
+    command: str
+    output: str
+    exit_code: int
+    session_id: str
+@dataclass(frozen=True)
+class AgentCompletion:
+    """Subagent completion data extracted from a HookEvent."""
+    agent_type: str
+    agent_id: str
+    transcript_path: str
+    last_message: str
+    session_id: str
+@dataclass(frozen=True)
+class CompletionResult:
+    """Result of processing an agent completion event."""
+    contract_valid: bool = True
+    episode_id: Optional[str] = None
+    context_updated: bool = False
+    anomalies: List[Dict[str, Any]] = field(default_factory=list)
+    repair_needed: bool = False
+@dataclass(frozen=True)
+class ContextResult:
+    """Result of context injection processing."""
+    context_injected: bool = False
+    additional_context: Optional[str] = None
+    sections_provided: List[str] = field(default_factory=list)
+    # Reserved for future adapter use
+    prompt_text: str = ""
+@dataclass(frozen=True)
+class BootstrapResult:
+    """Result of project bootstrap/scanning."""
+    project_scanned: bool = False
+    context_path: Optional[Path] = None
+    tools_detected: List[str] = field(default_factory=list)
+    # P1 fields: SessionStart adapter populates these
+    should_scan: bool = False
+    should_refresh: bool = False
+    session_type: str = "startup"
+@dataclass(frozen=True)
+class QualityResult:
+    """Result of a Stop event -- whether evidence quality meets threshold."""
+    quality_sufficient: bool = True
+    score: float = 1.0
+    missing_elements: List[str] = field(default_factory=list)
+    recommendation: str = "continue"
+@dataclass(frozen=True)
+class VerificationResult:
+    """Result of a TaskCompleted event -- whether completion criteria are met."""
+    criteria_met: bool = True
+    verified_items: List[str] = field(default_factory=list)
+    failed_items: List[str] = field(default_factory=list)
+    block_completion: bool = False
+@dataclass(frozen=True)
+class HookResponse:
+    """CLI-specific hook response. Constructed by adapter, not business logic."""
+    output: Dict[str, Any]
+    exit_code: int = 0
+    def to_dict(self) -> Dict[str, Any]:
+        """Serialize to a dictionary suitable for JSON output."""
+        return {"output": self.output, "exit_code": self.exit_code}

package/hooks/adapters/utils.py ADDED Viewed

@@ -0,0 +1,25 @@
+"""
+Shared utility functions for Gaia-Ops hooks.
+Centralizes common patterns that were previously copy-pasted across all hook
+entry points (has_stdin_data, dual-channel warnings, etc.).
+``has_stdin_data`` is now defined in ``modules.core.stdin`` and re-exported
+here for backward compatibility with existing imports.
+"""
+import logging
+from modules.core.stdin import has_stdin_data  # noqa: F401 -- re-export
+logger = logging.getLogger(__name__)
+def warn_if_dual_channel() -> None:
+    """Log a warning if both plugin and npm distribution channels are active."""
+    from adapters.channel import is_dual_channel_active
+    if is_dual_channel_active():
+        logger.warning(
+            "Both plugin and npm channels detected. Plugin channel takes precedence."
+        )

package/hooks/elicitation_result.py ADDED Viewed

@@ -0,0 +1,179 @@
+#!/usr/bin/env python3
+"""ElicitationResult hook -- activates T3 approval grants when user approves via AskUserQuestion.
+This hook fires after the user responds to an AskUserQuestion elicitation.
+It checks if the response indicates approval and, if so, activates all
+pending approval grants for the current session.
+The hook NEVER blocks (always exits 0). It is purely side-effectful:
+reading the user's answer and activating grants when appropriate.
+"""
+from __future__ import annotations
+import sys
+import json
+import logging
+import os
+from datetime import datetime
+from pathlib import Path
+sys.path.insert(0, str(Path(__file__).parent))
+from modules.core.paths import get_logs_dir
+from modules.core.stdin import has_stdin_data
+# Configure logging -- file only, no stderr
+_log_file = get_logs_dir() / f"hooks-{datetime.now().strftime('%Y-%m-%d')}.log"
+logging.basicConfig(
+    level=logging.INFO,
+    format='%(asctime)s [elicitation_result] %(name)s - %(levelname)s - %(message)s',
+    handlers=[logging.FileHandler(_log_file)],
+)
+logger = logging.getLogger(__name__)
+def _extract_response(event: dict) -> str | None:
+    """Extract the user's answer from the ElicitationResult event.
+    The exact schema is not fully documented, so we probe multiple
+    possible field names defensively.
+    """
+    # Try top-level fields first
+    for field in ("result", "answer", "response", "selected", "value",
+                  "hookEventInput", "elicitation_result"):
+        val = event.get(field)
+        if val is None:
+            continue
+        if isinstance(val, str) and val.strip():
+            return val
+        if isinstance(val, dict):
+            # Nested -- look for answer/selected inside
+            for inner in ("answer", "selected", "value", "result", "label"):
+                inner_val = val.get(inner)
+                if inner_val and isinstance(inner_val, str):
+                    return inner_val
+            # Check for answers dict (AskUserQuestion structured format)
+            answers = val.get("answers", {})
+            if answers and isinstance(answers, dict):
+                first_val = next(iter(answers.values()), None)
+                if first_val:
+                    return str(first_val)
+            # Check for options list selection
+            options = val.get("options", [])
+            if options and isinstance(options, list):
+                for opt in options:
+                    if isinstance(opt, dict) and opt.get("selected"):
+                        return str(opt.get("label", opt.get("value", "")))
+    return None
+def _is_approval(response: str) -> bool:
+    """Check if the response indicates approval."""
+    normalized = response.lower().strip()
+    approval_words = ["approve", "approved", "yes", "accept", "confirm", "allow"]
+    return any(word in normalized for word in approval_words)
+def _activate_grants(session_id: str, response: str = "") -> None:
+    """Activate approval grants for this session.
+    When *response* contains a ``[P-<nonce>]`` tag (nonce-labeled approval),
+    only the specific grant identified by that nonce is activated.  When no
+    nonce is present (legacy approvals that predate nonce labeling) the
+    function falls back to session-wide activation for backward compatibility.
+    """
+    from modules.security.approval_grants import (
+        activate_grants_for_session,
+        activate_pending_approval,
+        activate_cross_session_pending,
+        extract_nonce_from_label,
+        load_pending_by_nonce_prefix,
+        get_pending_approvals_for_session,
+    )
+    # Try nonce-targeted activation first
+    nonce_prefix = extract_nonce_from_label(response) if response else None
+    if nonce_prefix:
+        logger.info(
+            "ElicitationResult: nonce prefix found in response: %s", nonce_prefix,
+        )
+        pending_data = load_pending_by_nonce_prefix(nonce_prefix)
+        if pending_data:
+            full_nonce = pending_data.get("nonce", "")
+            pending_session = pending_data.get("session_id", "")
+            if pending_session == session_id:
+                # Same session -- standard targeted activation
+                result = activate_pending_approval(
+                    nonce=full_nonce, session_id=session_id,
+                )
+            else:
+                # Cross-session pending -- approval came from a prior session
+                result = activate_cross_session_pending(
+                    pending_data, session_id=session_id,
+                )
+            logger.info(
+                "ElicitationResult nonce-targeted activation: "
+                "nonce=%s success=%s status=%s",
+                full_nonce[:12] if full_nonce else nonce_prefix,
+                result.success,
+                result.status,
+            )
+            return
+        else:
+            logger.warning(
+                "ElicitationResult: nonce prefix %s not found in pending files, "
+                "falling back to session-wide activation",
+                nonce_prefix,
+            )
+    # Fallback: session-wide activation (backward compat for unlabeled approvals)
+    pending = get_pending_approvals_for_session(session_id)
+    if not pending:
+        logger.info("No pending approvals to activate for session %s", session_id)
+        return
+    results = activate_grants_for_session(session_id)
+    activated = sum(1 for r in results if r.success)
+    logger.info(
+        "ElicitationResult activated %d/%d pending approvals for session %s",
+        activated, len(results), session_id,
+    )
+if __name__ == "__main__":
+    if not has_stdin_data():
+        sys.exit(0)
+    try:
+        raw = sys.stdin.read()
+        if not raw.strip():
+            sys.exit(0)
+        event = json.loads(raw)
+        # Extract session_id from event or environment
+        session_id = event.get("session_id") or os.environ.get("CLAUDE_SESSION_ID", "")
+        # Extract user's response
+        response = _extract_response(event)
+        if not response:
+            logger.info("No extractable response in ElicitationResult event")
+            sys.exit(0)
+        logger.info("ElicitationResult response: %s", response[:80])
+        # Check if the response indicates approval
+        if _is_approval(response):
+            if session_id:
+                _activate_grants(session_id, response=response)
+            else:
+                logger.warning("Approval detected but no session_id available")
+        else:
+            logger.info("ElicitationResult response is not an approval: %s", response[:40])
+    except Exception as e:
+        logger.error("Error in elicitation_result hook: %s", e, exc_info=True)
+    # Never block -- always exit 0
+    sys.exit(0)

package/hooks/hooks.json ADDED Viewed

@@ -0,0 +1,84 @@
+{
+  "hooks": {
+    "PreToolUse": [
+      {
+        "matcher": "Bash",
+        "hooks": [{"type": "command", "command": "${CLAUDE_PLUGIN_ROOT}/hooks/pre_tool_use.py"}]
+      },
+      {
+        "matcher": "Task",
+        "hooks": [{"type": "command", "command": "${CLAUDE_PLUGIN_ROOT}/hooks/pre_tool_use.py"}]
+      },
+      {
+        "matcher": "Agent",
+        "hooks": [{"type": "command", "command": "${CLAUDE_PLUGIN_ROOT}/hooks/pre_tool_use.py"}]
+      },
+      {
+        "matcher": "SendMessage",
+        "hooks": [{"type": "command", "command": "${CLAUDE_PLUGIN_ROOT}/hooks/pre_tool_use.py"}]
+      },
+      {
+        "matcher": "Read|Edit|Write|Glob|Grep|WebSearch|WebFetch|NotebookEdit",
+        "hooks": [{"type": "command", "command": "${CLAUDE_PLUGIN_ROOT}/hooks/pre_tool_use.py"}]
+      }
+    ],
+    "PostToolUse": [
+      {
+        "matcher": "Bash",
+        "hooks": [{"type": "command", "command": "${CLAUDE_PLUGIN_ROOT}/hooks/post_tool_use.py"}]
+      },
+      {
+        "matcher": "AskUserQuestion",
+        "hooks": [{"type": "command", "command": "${CLAUDE_PLUGIN_ROOT}/hooks/post_tool_use.py"}]
+      }
+    ],
+    "SubagentStop": [
+      {
+        "matcher": "*",
+        "hooks": [{"type": "command", "command": "${CLAUDE_PLUGIN_ROOT}/hooks/subagent_stop.py"}]
+      }
+    ],
+    "SessionStart": [
+      {
+        "matcher": "startup",
+        "hooks": [{"type": "command", "command": "${CLAUDE_PLUGIN_ROOT}/hooks/session_start.py"}]
+      }
+    ],
+    "Stop": [
+      {
+        "hooks": [{"type": "command", "command": "${CLAUDE_PLUGIN_ROOT}/hooks/stop_hook.py"}]
+      }
+    ],
+    "TaskCompleted": [
+      {
+        "hooks": [{"type": "command", "command": "${CLAUDE_PLUGIN_ROOT}/hooks/task_completed.py"}]
+      }
+    ],
+    "SubagentStart": [
+      {
+        "matcher": "*",
+        "hooks": [{"type": "command", "command": "${CLAUDE_PLUGIN_ROOT}/hooks/subagent_start.py"}]
+      }
+    ],
+    "UserPromptSubmit": [
+      {
+        "hooks": [{"type": "command", "command": "${CLAUDE_PLUGIN_ROOT}/hooks/user_prompt_submit.py"}]
+      }
+    ],
+    "PreCompact": [
+      {
+        "hooks": [{"type": "command", "command": "${CLAUDE_PLUGIN_ROOT}/hooks/pre_compact.py"}]
+      }
+    ],
+    "PostCompact": [
+      {
+        "hooks": [{"type": "command", "command": "${CLAUDE_PLUGIN_ROOT}/hooks/post_compact.py"}]
+      }
+    ],
+    "ElicitationResult": [
+      {
+        "hooks": [{"type": "command", "command": "${CLAUDE_PLUGIN_ROOT}/hooks/elicitation_result.py"}]
+      }
+    ]
+  }
+}

package/hooks/modules/README.md ADDED Viewed

@@ -0,0 +1,189 @@
+# Hooks Modular Architecture
+This directory contains the modular hook system for gaia-ops.
+## What is this?
+A refactored, maintainable architecture for Claude Code hooks. Instead of monolithic 1000+ line files, the logic is split into focused modules that can be tested, maintained, and extended independently.
+## Where does this fit?
+```
+Claude Code invokes hook
+        |
+        v
+[session_start.py] --------> [modules/context/context_freshness] -> Staleness check
+        |                     [modules/scanning/scan_trigger]     -> Auto-refresh
+        v
+[pre_tool_use.py] ---------> [modules/security/*] -> Tier classification
+        |                     [modules/tools/*]   -> Bash/Task validation
+        v
+    Tool executes
+        |
+        v
+[post_tool_use.py] --------> [modules/audit/*]    -> Logging & metrics
+                              [modules/session/*]  -> Session context updates
+                              [modules/agents/*]   -> Anomaly detection
+```
+## Module Structure
+```
+modules/
+├── __init__.py           # Package marker
+├── core/                 # Shared utilities
+│   ├── __init__.py
+│   ├── paths.py          # find_claude_dir() - single source of truth
+│   └── state.py          # Pre/post hook state sharing
+│
+├── security/             # Security classification & approval
+│   ├── __init__.py
+│   ├── tiers.py          # SecurityTier enum (T0-T3)
+│   ├── blocked_commands.py # Blocked patterns by category
+│   ├── mutative_verbs.py   # CLI-agnostic verb detector, nonce-based deny
+│   ├── approval_grants.py  # Nonce-based approval grant management
+│   ├── approval_constants.py # Approval system constants
+│   ├── approval_messages.py  # Approval denial message formatting
+│   ├── approval_scopes.py   # Approval scope definitions
+│   ├── command_semantics.py  # Command semantic analysis
+│   └── gitops_validator.py # kubectl/helm/flux validation
+│
+├── tools/                # Tool-specific validators
+│   ├── __init__.py
+│   ├── shell_parser.py   # Parse compound commands
+│   ├── bash_validator.py # Bash command validation (orchestrates pipeline)
+│   ├── task_validator.py # Task tool validation with context enforcement
+│   ├── cloud_pipe_validator.py # Cloud pipe/redirect/chain check
+│   └── hook_response.py  # Standardized hook response formatting
+│
+├── context/              # Context management
+│   ├── __init__.py
+│   ├── context_writer.py # Write context updates
+│   └── context_freshness.py     # Check staleness for SessionStart
+│
+├── scanning/             # Scan triggering
+│   ├── __init__.py
+│   └── scan_trigger.py   # Lightweight scan invocation for SessionStart
+│
+├── session/              # Session context management
+│   ├── __init__.py
+│   └── session_context_writer.py # Write critical events to session context
+│
+├── validation/           # Commit validation
+│   ├── __init__.py
+│   └── commit_validator.py # Conventional Commits enforcement
+│
+├── audit/                # Logging and metrics
+│   ├── __init__.py
+│   ├── logger.py         # AuditLogger
+│   ├── metrics.py        # MetricsCollector + FUNCTIONAL generate_summary
+│   └── event_detector.py # CriticalEventDetector
+│
+├── identity/             # Orchestrator identity injection
+│   ├── __init__.py
+│   ├── identity_provider.py # Build identity based on installed plugins
+│   ├── ops_identity.py      # Ops mode: minimal identity + on-demand skills
+│   └── security_identity.py # Security-only mode identity
+│
+└── agents/               # Subagent support
+    ├── __init__.py
+    └── response_contract.py # Agent response contract validation
+```
+## Key Features
+### Orchestrator Gate
+The orchestrator is restricted to four tools:
+- `Agent` -- dispatch work to specialist agents
+- `SendMessage` -- resume a previously spawned agent
+- `AskUserQuestion` -- get clarification or approval from the user
+- `Skill` -- load on-demand procedures
+This enforces the principle: "Orchestrator delegates, agents execute."
+### SendMessage Validation (PreToolUse matcher)
+SendMessage is validated as a PreToolUse event (not a separate hook event):
+- Agent ID format check (must match `/^a[0-9a-f]{5,}$/`)
+- Non-empty message required
+- Grant activation is handled by ElicitationResult hook (user approval via AskUserQuestion)
+### Context Enforcement
+Task invocations for project agents inject project-context via `context_provider.py`.
+### State Sharing
+Pre-hook saves state to `.claude/.hooks_state.json`, which post-hook reads to get:
+- Security tier assigned
+- Command executed
+- Timestamp for duration calculation
+### Functional Metrics
+`generate_summary()` now actually works - reads JSONL metrics files and aggregates:
+- Total executions
+- Success rate
+- Average duration
+- Top command types
+- Tier distribution
+## Usage
+### Entry Points
+```bash
+# Pre-hook (validation)
+python3 pre_tool_use.py --test
+# Post-hook (audit)
+python3 post_tool_use.py --test
+# Metrics (use the JS CLI instead)
+npx gaia-metrics
+```
+### Importing Modules
+```python
+from modules.security import SecurityTier, classify_command_tier, is_blocked_command
+from modules.security import CATEGORY_MUTATIVE, CATEGORY_READ_ONLY
+from modules.tools import BashValidator
+from modules.audit import generate_summary
+# Check if command is permanently blocked
+result = is_blocked_command("kubectl delete namespace production")
+print(f"Blocked: {result.blocked}, Reason: {result.reason}")
+# Classify command tier
+tier = classify_command_tier("kubectl get pods")
+print(f"Tier: {tier}")  # SecurityTier.T0
+# Validate Bash command (full pipeline: blocked -> mutative verbs -> safe by elimination)
+validator = BashValidator()
+result = validator.validate("kubectl get pods")
+print(f"Allowed: {result.allowed}, Tier: {result.tier}")
+# Get metrics summary
+summary = generate_summary(days=7)
+print(f"Success rate: {summary['success_rate']:.1%}")
+```
+## Architecture Notes
+The modular architecture maintains full backward compatibility with Claude Code's hook interface (stdin JSON format).
+All security rules (blocked patterns, mutative verbs, tiers) are hardcoded in the Python modules for performance and simplicity - no external JSON config files needed.
+### Validation Order (Defense-in-Depth)
+bash_validator checks commands in this order (short-circuit on first match):
+0. **Indirect execution detection** — `bash -c`, `eval`, `python -c` etc. → ask or block
+1. **Blocked commands** (blocked_commands.py) — permanently denied patterns, exit 2
+2. **Claude footer stripping** — transparent via updatedInput
+3. **Commit message validation** — conventional commits enforcement
+4. **Cloud pipe/redirect/chain check** (cloud_pipe_validator.py) — corrective deny
+5. **Mutative verbs** (mutative_verbs.py) — CLI-agnostic verb detector, native `ask` dialog
+6. **GitOps validation** (gitops_validator.py) — kubectl/helm/flux policy enforcement
+7. **Everything else** — SAFE by elimination (auto-approved)
+### Tier Classification
+- **T0**: Read-only (get, list, describe, show)
+- **T1**: Local validation (validate, lint, fmt, check)
+- **T2**: Simulation (plan, template, diff, --dry-run)
+- **T3**: State-modifying (apply, delete, push, commit)

package/hooks/modules/__init__.py ADDED Viewed

@@ -0,0 +1,15 @@
+"""
+Gaia-Ops Hooks Modular Architecture
+This package provides a modular, maintainable hook system for Claude Code.
+Modules:
+- core: Shared utilities (paths, state, config loading)
+- security: Security tiers, safe commands, blocked patterns
+- tools: Tool-specific validators (Bash, Task)
+- workflow: Phase validation and state tracking
+- audit: Logging, metrics, event detection
+- agents: Subagent metrics and anomaly detection
+"""
+__version__ = "2.0.0"