npm - @jaguilar87/gaia - Versions diffs - 5.0.0-rc1 - Mend

@jaguilar87/gaia 5.0.0-rc1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (609) hide show

package/.claude-plugin/marketplace.json +33 -0
package/.claude-plugin/plugin.json +26 -0
package/ARCHITECTURE.md +335 -0
package/CHANGELOG.md +1212 -0
package/CODE_OF_CONDUCT.md +11 -0
package/CONTRIBUTING.md +146 -0
package/INSTALL.md +436 -0
package/LICENSE +21 -0
package/README.md +222 -0
package/SECURITY.md +47 -0
package/agents/README.md +78 -0
package/agents/cloud-troubleshooter.md +73 -0
package/agents/developer.md +65 -0
package/agents/gaia-operator.md +64 -0
package/agents/gaia-orchestrator.md +237 -0
package/agents/gaia-planner.md +53 -0
package/agents/gaia-system.md +70 -0
package/agents/gitops-operator.md +61 -0
package/agents/terraform-architect.md +63 -0
package/bin/README.md +106 -0
package/bin/cli/__init__.py +1 -0
package/bin/cli/approvals.py +740 -0
package/bin/cli/cleanup.py +562 -0
package/bin/cli/context.py +283 -0
package/bin/cli/doctor.py +628 -0
package/bin/cli/history.py +305 -0
package/bin/cli/memory.py +464 -0
package/bin/cli/metrics.py +1068 -0
package/bin/cli/plans.py +515 -0
package/bin/cli/status.py +302 -0
package/bin/cli/update.py +382 -0
package/bin/gaia +112 -0
package/bin/gaia-cleanup.js +531 -0
package/bin/gaia-doctor.js +635 -0
package/bin/gaia-evidence +126 -0
package/bin/gaia-history.js +251 -0
package/bin/gaia-metrics.js +1278 -0
package/bin/gaia-review.js +269 -0
package/bin/gaia-scan +44 -0
package/bin/gaia-scan.py +589 -0
package/bin/gaia-skills-diagnose.js +929 -0
package/bin/gaia-status.js +278 -0
package/bin/gaia-uninstall.js +111 -0
package/bin/gaia-update.js +816 -0
package/bin/pre-publish-validate.js +610 -0
package/bin/python-detect.js +60 -0
package/commands/README.md +64 -0
package/commands/gaia.md +37 -0
package/commands/scan-project.md +67 -0
package/config/README.md +71 -0
package/config/cloud/aws.json +134 -0
package/config/cloud/gcp.json +139 -0
package/config/context-contracts.json +158 -0
package/config/crons-schema.md +81 -0
package/config/git_standards.json +72 -0
package/config/surface-routing.json +421 -0
package/config/universal-rules.json +102 -0
package/dist/gaia-ops/.claude-plugin/plugin.json +24 -0
package/dist/gaia-ops/README.md +80 -0
package/dist/gaia-ops/agents/cloud-troubleshooter.md +73 -0
package/dist/gaia-ops/agents/developer.md +65 -0
package/dist/gaia-ops/agents/gaia-operator.md +64 -0
package/dist/gaia-ops/agents/gaia-orchestrator.md +237 -0
package/dist/gaia-ops/agents/gaia-planner.md +53 -0
package/dist/gaia-ops/agents/gaia-system.md +70 -0
package/dist/gaia-ops/agents/gitops-operator.md +61 -0
package/dist/gaia-ops/agents/terraform-architect.md +63 -0
package/dist/gaia-ops/commands/gaia.md +37 -0
package/dist/gaia-ops/config/README.md +71 -0
package/dist/gaia-ops/config/cloud/aws.json +134 -0
package/dist/gaia-ops/config/cloud/gcp.json +139 -0
package/dist/gaia-ops/config/context-contracts.json +158 -0
package/dist/gaia-ops/config/crons-schema.md +81 -0
package/dist/gaia-ops/config/git_standards.json +72 -0
package/dist/gaia-ops/config/surface-routing.json +421 -0
package/dist/gaia-ops/config/universal-rules.json +102 -0
package/dist/gaia-ops/hooks/adapters/__init__.py +52 -0
package/dist/gaia-ops/hooks/adapters/base.py +219 -0
package/dist/gaia-ops/hooks/adapters/channel.py +17 -0
package/dist/gaia-ops/hooks/adapters/claude_code.py +1890 -0
package/dist/gaia-ops/hooks/adapters/types.py +194 -0
package/dist/gaia-ops/hooks/adapters/utils.py +25 -0
package/dist/gaia-ops/hooks/hooks.json +163 -0
package/dist/gaia-ops/hooks/modules/__init__.py +15 -0
package/dist/gaia-ops/hooks/modules/agents/__init__.py +29 -0
package/dist/gaia-ops/hooks/modules/agents/contract_validator.py +647 -0
package/dist/gaia-ops/hooks/modules/agents/response_contract.py +496 -0
package/dist/gaia-ops/hooks/modules/agents/skill_injection_verifier.py +120 -0
package/dist/gaia-ops/hooks/modules/agents/state_tracker.py +267 -0
package/dist/gaia-ops/hooks/modules/agents/task_info_builder.py +74 -0
package/dist/gaia-ops/hooks/modules/agents/transcript_analyzer.py +458 -0
package/dist/gaia-ops/hooks/modules/agents/transcript_reader.py +152 -0
package/dist/gaia-ops/hooks/modules/audit/__init__.py +28 -0
package/dist/gaia-ops/hooks/modules/audit/event_detector.py +168 -0
package/dist/gaia-ops/hooks/modules/audit/logger.py +131 -0
package/dist/gaia-ops/hooks/modules/audit/metrics.py +134 -0
package/dist/gaia-ops/hooks/modules/audit/workflow_auditor.py +611 -0
package/dist/gaia-ops/hooks/modules/audit/workflow_recorder.py +296 -0
package/dist/gaia-ops/hooks/modules/context/__init__.py +11 -0
package/dist/gaia-ops/hooks/modules/context/agentic_loop_detector.py +165 -0
package/dist/gaia-ops/hooks/modules/context/anchor_tracker.py +317 -0
package/dist/gaia-ops/hooks/modules/context/compact_context_builder.py +218 -0
package/dist/gaia-ops/hooks/modules/context/context_freshness.py +145 -0
package/dist/gaia-ops/hooks/modules/context/context_injector.py +558 -0
package/dist/gaia-ops/hooks/modules/context/context_writer.py +530 -0
package/dist/gaia-ops/hooks/modules/context/contracts_loader.py +161 -0
package/dist/gaia-ops/hooks/modules/core/__init__.py +40 -0
package/dist/gaia-ops/hooks/modules/core/hook_entry.py +78 -0
package/dist/gaia-ops/hooks/modules/core/paths.py +160 -0
package/dist/gaia-ops/hooks/modules/core/plugin_mode.py +149 -0
package/dist/gaia-ops/hooks/modules/core/plugin_setup.py +577 -0
package/dist/gaia-ops/hooks/modules/core/state.py +179 -0
package/dist/gaia-ops/hooks/modules/core/stdin.py +24 -0
package/dist/gaia-ops/hooks/modules/events/__init__.py +1 -0
package/dist/gaia-ops/hooks/modules/events/event_writer.py +210 -0
package/dist/gaia-ops/hooks/modules/memory/__init__.py +8 -0
package/dist/gaia-ops/hooks/modules/memory/episode_writer.py +216 -0
package/dist/gaia-ops/hooks/modules/orchestrator/__init__.py +1 -0
package/dist/gaia-ops/hooks/modules/orchestrator/delegate_mode.py +122 -0
package/dist/gaia-ops/hooks/modules/scanning/__init__.py +8 -0
package/dist/gaia-ops/hooks/modules/scanning/scan_trigger.py +84 -0
package/dist/gaia-ops/hooks/modules/security/__init__.py +120 -0
package/dist/gaia-ops/hooks/modules/security/approval_cleanup.py +87 -0
package/dist/gaia-ops/hooks/modules/security/approval_constants.py +23 -0
package/dist/gaia-ops/hooks/modules/security/approval_grants.py +1638 -0
package/dist/gaia-ops/hooks/modules/security/approval_messages.py +71 -0
package/dist/gaia-ops/hooks/modules/security/approval_scopes.py +222 -0
package/dist/gaia-ops/hooks/modules/security/blocked_commands.py +595 -0
package/dist/gaia-ops/hooks/modules/security/blocked_message_formatter.py +87 -0
package/dist/gaia-ops/hooks/modules/security/command_semantics.py +181 -0
package/dist/gaia-ops/hooks/modules/security/composition_rules.py +547 -0
package/dist/gaia-ops/hooks/modules/security/flag_classifiers.py +873 -0
package/dist/gaia-ops/hooks/modules/security/gitops_validator.py +179 -0
package/dist/gaia-ops/hooks/modules/security/mutative_verbs.py +1131 -0
package/dist/gaia-ops/hooks/modules/security/network_hosts.py +481 -0
package/dist/gaia-ops/hooks/modules/security/prompt_validator.py +40 -0
package/dist/gaia-ops/hooks/modules/security/shell_unwrapper.py +165 -0
package/dist/gaia-ops/hooks/modules/security/tiers.py +196 -0
package/dist/gaia-ops/hooks/modules/session/__init__.py +10 -0
package/dist/gaia-ops/hooks/modules/session/pending_scanner.py +174 -0
package/dist/gaia-ops/hooks/modules/session/session_context_writer.py +100 -0
package/dist/gaia-ops/hooks/modules/session/session_event_injector.py +160 -0
package/dist/gaia-ops/hooks/modules/session/session_manager.py +31 -0
package/dist/gaia-ops/hooks/modules/session/session_registry.py +232 -0
package/dist/gaia-ops/hooks/modules/tools/__init__.py +29 -0
package/dist/gaia-ops/hooks/modules/tools/bash_validator.py +1008 -0
package/dist/gaia-ops/hooks/modules/tools/cloud_pipe_validator.py +231 -0
package/dist/gaia-ops/hooks/modules/tools/hook_response.py +55 -0
package/dist/gaia-ops/hooks/modules/tools/shell_parser.py +227 -0
package/dist/gaia-ops/hooks/modules/tools/stage_decomposer.py +315 -0
package/dist/gaia-ops/hooks/modules/tools/task_validator.py +294 -0
package/dist/gaia-ops/hooks/modules/validation/__init__.py +23 -0
package/dist/gaia-ops/hooks/modules/validation/commit_validator.py +380 -0
package/dist/gaia-ops/hooks/post_compact.py +43 -0
package/dist/gaia-ops/hooks/post_tool_use.py +54 -0
package/dist/gaia-ops/hooks/pre_compact.py +60 -0
package/dist/gaia-ops/hooks/pre_tool_use.py +413 -0
package/dist/gaia-ops/hooks/session_start.py +81 -0
package/dist/gaia-ops/hooks/stop_hook.py +82 -0
package/dist/gaia-ops/hooks/subagent_start.py +71 -0
package/dist/gaia-ops/hooks/subagent_stop.py +295 -0
package/dist/gaia-ops/hooks/task_completed.py +70 -0
package/dist/gaia-ops/hooks/user_prompt_submit.py +246 -0
package/dist/gaia-ops/settings.json +72 -0
package/dist/gaia-ops/skills/README.md +154 -0
package/dist/gaia-ops/skills/agent-protocol/SKILL.md +93 -0
package/dist/gaia-ops/skills/agent-protocol/examples.md +223 -0
package/dist/gaia-ops/skills/agent-response/SKILL.md +69 -0
package/dist/gaia-ops/skills/agentic-loop/SKILL.md +80 -0
package/dist/gaia-ops/skills/agentic-loop/reference.md +378 -0
package/dist/gaia-ops/skills/blog-writing/SKILL.md +98 -0
package/dist/gaia-ops/skills/blog-writing/reference.md +130 -0
package/dist/gaia-ops/skills/brief-spec/SKILL.md +182 -0
package/dist/gaia-ops/skills/command-execution/SKILL.md +64 -0
package/dist/gaia-ops/skills/command-execution/reference.md +83 -0
package/dist/gaia-ops/skills/context-updater/SKILL.md +87 -0
package/dist/gaia-ops/skills/context-updater/examples.md +71 -0
package/dist/gaia-ops/skills/developer-patterns/SKILL.md +50 -0
package/dist/gaia-ops/skills/developer-patterns/reference.md +112 -0
package/dist/gaia-ops/skills/execution/SKILL.md +99 -0
package/dist/gaia-ops/skills/fast-queries/SKILL.md +43 -0
package/dist/gaia-ops/skills/gaia-compact/SKILL.md +74 -0
package/dist/gaia-ops/skills/gaia-patterns/SKILL.md +108 -0
package/dist/gaia-ops/skills/gaia-patterns/reference.md +395 -0
package/dist/gaia-ops/skills/gaia-planner/SKILL.md +37 -0
package/dist/gaia-ops/skills/gaia-planner/reference.md +107 -0
package/dist/gaia-ops/skills/gaia-release/SKILL.md +82 -0
package/dist/gaia-ops/skills/gaia-release/reference.md +102 -0
package/dist/gaia-ops/skills/gaia-self-check/SKILL.md +114 -0
package/dist/gaia-ops/skills/gaia-self-check/reference.md +453 -0
package/dist/gaia-ops/skills/gaia-verify/SKILL.md +77 -0
package/dist/gaia-ops/skills/gaia-verify/reference.md +80 -0
package/dist/gaia-ops/skills/git-conventions/SKILL.md +47 -0
package/dist/gaia-ops/skills/gitops-patterns/SKILL.md +60 -0
package/dist/gaia-ops/skills/gitops-patterns/reference.md +183 -0
package/dist/gaia-ops/skills/gmail-policy/SKILL.md +200 -0
package/dist/gaia-ops/skills/gmail-policy/reference.md +150 -0
package/dist/gaia-ops/skills/gmail-triage/SKILL.md +100 -0
package/dist/gaia-ops/skills/gws-setup/SKILL.md +99 -0
package/dist/gaia-ops/skills/gws-setup/reference.md +73 -0
package/dist/gaia-ops/skills/investigation/SKILL.md +100 -0
package/dist/gaia-ops/skills/memory-curation/SKILL.md +83 -0
package/dist/gaia-ops/skills/memory-search/SKILL.md +88 -0
package/dist/gaia-ops/skills/orchestrator-approval/SKILL.md +160 -0
package/dist/gaia-ops/skills/orchestrator-approval/reference.md +174 -0
package/dist/gaia-ops/skills/pending-approvals/SKILL.md +72 -0
package/dist/gaia-ops/skills/pending-approvals/reference.md +214 -0
package/dist/gaia-ops/skills/readme-writing/SKILL.md +71 -0
package/dist/gaia-ops/skills/readme-writing/reference.md +188 -0
package/dist/gaia-ops/skills/reference.md +135 -0
package/dist/gaia-ops/skills/request-approval/SKILL.md +140 -0
package/dist/gaia-ops/skills/request-approval/examples.md +140 -0
package/dist/gaia-ops/skills/request-approval/reference.md +57 -0
package/dist/gaia-ops/skills/schedule-task/SKILL.md +64 -0
package/dist/gaia-ops/skills/schedule-task/reference.md +233 -0
package/dist/gaia-ops/skills/security-tiers/SKILL.md +141 -0
package/dist/gaia-ops/skills/security-tiers/destructive-commands-reference.md +623 -0
package/dist/gaia-ops/skills/security-tiers/reference.md +39 -0
package/dist/gaia-ops/skills/skill-creation/SKILL.md +92 -0
package/dist/gaia-ops/skills/skill-creation/reference.md +29 -0
package/dist/gaia-ops/skills/terraform-patterns/SKILL.md +89 -0
package/dist/gaia-ops/skills/terraform-patterns/reference.md +93 -0
package/dist/gaia-ops/tools/__init__.py +9 -0
package/dist/gaia-ops/tools/agentic-loop/decide-status.py +210 -0
package/dist/gaia-ops/tools/agentic-loop/parse-metric.py +106 -0
package/dist/gaia-ops/tools/agentic-loop/record-iteration.py +221 -0
package/dist/gaia-ops/tools/context/README.md +132 -0
package/dist/gaia-ops/tools/context/__init__.py +42 -0
package/dist/gaia-ops/tools/context/_paths.py +20 -0
package/dist/gaia-ops/tools/context/context_provider.py +721 -0
package/dist/gaia-ops/tools/context/context_section_reader.py +342 -0
package/dist/gaia-ops/tools/context/deep_merge.py +159 -0
package/dist/gaia-ops/tools/context/pending_updates.py +760 -0
package/dist/gaia-ops/tools/context/surface_router.py +278 -0
package/dist/gaia-ops/tools/fast-queries/README.md +65 -0
package/dist/gaia-ops/tools/fast-queries/__init__.py +30 -0
package/dist/gaia-ops/tools/fast-queries/appservices/quicktriage_devops_developer.sh +75 -0
package/dist/gaia-ops/tools/fast-queries/cloud/aws/quicktriage_aws_troubleshooter.sh +32 -0
package/dist/gaia-ops/tools/fast-queries/cloud/gcp/quicktriage_gcp_troubleshooter.sh +88 -0
package/dist/gaia-ops/tools/fast-queries/gitops/quicktriage_gitops_operator.sh +48 -0
package/dist/gaia-ops/tools/fast-queries/run_triage.sh +59 -0
package/dist/gaia-ops/tools/fast-queries/terraform/quicktriage_terraform_architect.sh +80 -0
package/dist/gaia-ops/tools/gaia_simulator/__init__.py +33 -0
package/dist/gaia-ops/tools/gaia_simulator/cli.py +354 -0
package/dist/gaia-ops/tools/gaia_simulator/extractor.py +457 -0
package/dist/gaia-ops/tools/gaia_simulator/reporter.py +258 -0
package/dist/gaia-ops/tools/gaia_simulator/routing_simulator.py +334 -0
package/dist/gaia-ops/tools/gaia_simulator/runner.py +539 -0
package/dist/gaia-ops/tools/gaia_simulator/skills_mapper.py +264 -0
package/dist/gaia-ops/tools/memory/README.md +0 -0
package/dist/gaia-ops/tools/memory/__init__.py +20 -0
package/dist/gaia-ops/tools/memory/backfill_fts5.py +107 -0
package/dist/gaia-ops/tools/memory/conflict_detector.py +295 -0
package/dist/gaia-ops/tools/memory/episodic.py +1210 -0
package/dist/gaia-ops/tools/memory/git_invalidator.py +262 -0
package/dist/gaia-ops/tools/memory/paths.py +102 -0
package/dist/gaia-ops/tools/memory/scoring.py +193 -0
package/dist/gaia-ops/tools/memory/search_store.py +360 -0
package/dist/gaia-ops/tools/persist_transcript_analysis.py +85 -0
package/dist/gaia-ops/tools/review/__init__.py +1 -0
package/dist/gaia-ops/tools/review/review_engine.py +157 -0
package/dist/gaia-ops/tools/scan/__init__.py +35 -0
package/dist/gaia-ops/tools/scan/config.py +247 -0
package/dist/gaia-ops/tools/scan/merge.py +212 -0
package/dist/gaia-ops/tools/scan/orchestrator.py +549 -0
package/dist/gaia-ops/tools/scan/registry.py +127 -0
package/dist/gaia-ops/tools/scan/scanners/__init__.py +18 -0
package/dist/gaia-ops/tools/scan/scanners/base.py +137 -0
package/dist/gaia-ops/tools/scan/scanners/environment.py +349 -0
package/dist/gaia-ops/tools/scan/scanners/git.py +570 -0
package/dist/gaia-ops/tools/scan/scanners/infrastructure.py +875 -0
package/dist/gaia-ops/tools/scan/scanners/orchestration.py +600 -0
package/dist/gaia-ops/tools/scan/scanners/stack.py +1085 -0
package/dist/gaia-ops/tools/scan/scanners/tools.py +260 -0
package/dist/gaia-ops/tools/scan/setup.py +686 -0
package/dist/gaia-ops/tools/scan/tests/__init__.py +1 -0
package/dist/gaia-ops/tools/scan/tests/conftest.py +796 -0
package/dist/gaia-ops/tools/scan/tests/test_environment.py +323 -0
package/dist/gaia-ops/tools/scan/tests/test_git.py +419 -0
package/dist/gaia-ops/tools/scan/tests/test_infrastructure.py +382 -0
package/dist/gaia-ops/tools/scan/tests/test_integration.py +920 -0
package/dist/gaia-ops/tools/scan/tests/test_merge.py +269 -0
package/dist/gaia-ops/tools/scan/tests/test_orchestration.py +304 -0
package/dist/gaia-ops/tools/scan/tests/test_stack.py +604 -0
package/dist/gaia-ops/tools/scan/tests/test_tools.py +349 -0
package/dist/gaia-ops/tools/scan/ui.py +624 -0
package/dist/gaia-ops/tools/scan/verify.py +270 -0
package/dist/gaia-ops/tools/scan/walk.py +118 -0
package/dist/gaia-ops/tools/scan/workspace.py +85 -0
package/dist/gaia-ops/tools/validation/README.md +244 -0
package/dist/gaia-ops/tools/validation/__init__.py +17 -0
package/dist/gaia-ops/tools/validation/approval_gate.py +321 -0
package/dist/gaia-ops/tools/validation/validate_skills.py +189 -0
package/dist/gaia-security/.claude-plugin/plugin.json +24 -0
package/dist/gaia-security/README.md +90 -0
package/dist/gaia-security/config/universal-rules.json +102 -0
package/dist/gaia-security/hooks/adapters/__init__.py +52 -0
package/dist/gaia-security/hooks/adapters/base.py +219 -0
package/dist/gaia-security/hooks/adapters/channel.py +17 -0
package/dist/gaia-security/hooks/adapters/claude_code.py +1890 -0
package/dist/gaia-security/hooks/adapters/types.py +194 -0
package/dist/gaia-security/hooks/adapters/utils.py +25 -0
package/dist/gaia-security/hooks/hooks.json +84 -0
package/dist/gaia-security/hooks/modules/__init__.py +15 -0
package/dist/gaia-security/hooks/modules/agents/__init__.py +29 -0
package/dist/gaia-security/hooks/modules/agents/contract_validator.py +647 -0
package/dist/gaia-security/hooks/modules/agents/response_contract.py +496 -0
package/dist/gaia-security/hooks/modules/agents/skill_injection_verifier.py +120 -0
package/dist/gaia-security/hooks/modules/agents/state_tracker.py +267 -0
package/dist/gaia-security/hooks/modules/agents/task_info_builder.py +74 -0
package/dist/gaia-security/hooks/modules/agents/transcript_analyzer.py +458 -0
package/dist/gaia-security/hooks/modules/agents/transcript_reader.py +152 -0
package/dist/gaia-security/hooks/modules/audit/__init__.py +28 -0
package/dist/gaia-security/hooks/modules/audit/event_detector.py +168 -0
package/dist/gaia-security/hooks/modules/audit/logger.py +131 -0
package/dist/gaia-security/hooks/modules/audit/metrics.py +134 -0
package/dist/gaia-security/hooks/modules/audit/workflow_auditor.py +611 -0
package/dist/gaia-security/hooks/modules/audit/workflow_recorder.py +296 -0
package/dist/gaia-security/hooks/modules/context/__init__.py +11 -0
package/dist/gaia-security/hooks/modules/context/agentic_loop_detector.py +165 -0
package/dist/gaia-security/hooks/modules/context/anchor_tracker.py +317 -0
package/dist/gaia-security/hooks/modules/context/compact_context_builder.py +218 -0
package/dist/gaia-security/hooks/modules/context/context_freshness.py +145 -0
package/dist/gaia-security/hooks/modules/context/context_injector.py +558 -0
package/dist/gaia-security/hooks/modules/context/context_writer.py +530 -0
package/dist/gaia-security/hooks/modules/context/contracts_loader.py +161 -0
package/dist/gaia-security/hooks/modules/core/__init__.py +40 -0
package/dist/gaia-security/hooks/modules/core/hook_entry.py +78 -0
package/dist/gaia-security/hooks/modules/core/paths.py +160 -0
package/dist/gaia-security/hooks/modules/core/plugin_mode.py +149 -0
package/dist/gaia-security/hooks/modules/core/plugin_setup.py +577 -0
package/dist/gaia-security/hooks/modules/core/state.py +179 -0
package/dist/gaia-security/hooks/modules/core/stdin.py +24 -0
package/dist/gaia-security/hooks/modules/events/__init__.py +1 -0
package/dist/gaia-security/hooks/modules/events/event_writer.py +210 -0
package/dist/gaia-security/hooks/modules/memory/__init__.py +8 -0
package/dist/gaia-security/hooks/modules/memory/episode_writer.py +216 -0
package/dist/gaia-security/hooks/modules/orchestrator/__init__.py +1 -0
package/dist/gaia-security/hooks/modules/orchestrator/delegate_mode.py +122 -0
package/dist/gaia-security/hooks/modules/scanning/__init__.py +8 -0
package/dist/gaia-security/hooks/modules/scanning/scan_trigger.py +84 -0
package/dist/gaia-security/hooks/modules/security/__init__.py +120 -0
package/dist/gaia-security/hooks/modules/security/approval_cleanup.py +87 -0
package/dist/gaia-security/hooks/modules/security/approval_constants.py +23 -0
package/dist/gaia-security/hooks/modules/security/approval_grants.py +1638 -0
package/dist/gaia-security/hooks/modules/security/approval_messages.py +71 -0
package/dist/gaia-security/hooks/modules/security/approval_scopes.py +222 -0
package/dist/gaia-security/hooks/modules/security/blocked_commands.py +595 -0
package/dist/gaia-security/hooks/modules/security/blocked_message_formatter.py +87 -0
package/dist/gaia-security/hooks/modules/security/command_semantics.py +181 -0
package/dist/gaia-security/hooks/modules/security/composition_rules.py +547 -0
package/dist/gaia-security/hooks/modules/security/flag_classifiers.py +873 -0
package/dist/gaia-security/hooks/modules/security/gitops_validator.py +179 -0
package/dist/gaia-security/hooks/modules/security/mutative_verbs.py +1131 -0
package/dist/gaia-security/hooks/modules/security/network_hosts.py +481 -0
package/dist/gaia-security/hooks/modules/security/prompt_validator.py +40 -0
package/dist/gaia-security/hooks/modules/security/shell_unwrapper.py +165 -0
package/dist/gaia-security/hooks/modules/security/tiers.py +196 -0
package/dist/gaia-security/hooks/modules/session/__init__.py +10 -0
package/dist/gaia-security/hooks/modules/session/pending_scanner.py +174 -0
package/dist/gaia-security/hooks/modules/session/session_context_writer.py +100 -0
package/dist/gaia-security/hooks/modules/session/session_event_injector.py +160 -0
package/dist/gaia-security/hooks/modules/session/session_manager.py +31 -0
package/dist/gaia-security/hooks/modules/session/session_registry.py +232 -0
package/dist/gaia-security/hooks/modules/tools/__init__.py +29 -0
package/dist/gaia-security/hooks/modules/tools/bash_validator.py +1008 -0
package/dist/gaia-security/hooks/modules/tools/cloud_pipe_validator.py +231 -0
package/dist/gaia-security/hooks/modules/tools/hook_response.py +55 -0
package/dist/gaia-security/hooks/modules/tools/shell_parser.py +227 -0
package/dist/gaia-security/hooks/modules/tools/stage_decomposer.py +315 -0
package/dist/gaia-security/hooks/modules/tools/task_validator.py +294 -0
package/dist/gaia-security/hooks/modules/validation/__init__.py +23 -0
package/dist/gaia-security/hooks/modules/validation/commit_validator.py +380 -0
package/dist/gaia-security/hooks/post_tool_use.py +54 -0
package/dist/gaia-security/hooks/pre_tool_use.py +413 -0
package/dist/gaia-security/hooks/session_start.py +81 -0
package/dist/gaia-security/hooks/stop_hook.py +82 -0
package/dist/gaia-security/hooks/user_prompt_submit.py +246 -0
package/dist/gaia-security/settings.json +58 -0
package/git-hooks/commit-msg +41 -0
package/hooks/README.md +100 -0
package/hooks/adapters/__init__.py +52 -0
package/hooks/adapters/base.py +219 -0
package/hooks/adapters/channel.py +17 -0
package/hooks/adapters/claude_code.py +1890 -0
package/hooks/adapters/types.py +194 -0
package/hooks/adapters/utils.py +25 -0
package/hooks/elicitation_result.py +179 -0
package/hooks/hooks.json +84 -0
package/hooks/modules/README.md +189 -0
package/hooks/modules/__init__.py +15 -0
package/hooks/modules/agents/__init__.py +29 -0
package/hooks/modules/agents/contract_validator.py +647 -0
package/hooks/modules/agents/response_contract.py +496 -0
package/hooks/modules/agents/skill_injection_verifier.py +120 -0
package/hooks/modules/agents/state_tracker.py +267 -0
package/hooks/modules/agents/task_info_builder.py +74 -0
package/hooks/modules/agents/transcript_analyzer.py +458 -0
package/hooks/modules/agents/transcript_reader.py +152 -0
package/hooks/modules/audit/__init__.py +28 -0
package/hooks/modules/audit/event_detector.py +168 -0
package/hooks/modules/audit/logger.py +131 -0
package/hooks/modules/audit/metrics.py +134 -0
package/hooks/modules/audit/workflow_auditor.py +611 -0
package/hooks/modules/audit/workflow_recorder.py +296 -0
package/hooks/modules/context/__init__.py +11 -0
package/hooks/modules/context/agentic_loop_detector.py +165 -0
package/hooks/modules/context/anchor_tracker.py +317 -0
package/hooks/modules/context/compact_context_builder.py +218 -0
package/hooks/modules/context/context_freshness.py +145 -0
package/hooks/modules/context/context_injector.py +558 -0
package/hooks/modules/context/context_writer.py +530 -0
package/hooks/modules/context/contracts_loader.py +161 -0
package/hooks/modules/core/__init__.py +40 -0
package/hooks/modules/core/hook_entry.py +78 -0
package/hooks/modules/core/paths.py +160 -0
package/hooks/modules/core/plugin_mode.py +149 -0
package/hooks/modules/core/plugin_setup.py +577 -0
package/hooks/modules/core/state.py +179 -0
package/hooks/modules/core/stdin.py +24 -0
package/hooks/modules/events/__init__.py +1 -0
package/hooks/modules/events/event_writer.py +210 -0
package/hooks/modules/evidence/__init__.py +34 -0
package/hooks/modules/evidence/assertions.py +137 -0
package/hooks/modules/evidence/index_writer.py +57 -0
package/hooks/modules/evidence/loader.py +126 -0
package/hooks/modules/evidence/runner.py +241 -0
package/hooks/modules/memory/__init__.py +8 -0
package/hooks/modules/memory/episode_writer.py +216 -0
package/hooks/modules/orchestrator/__init__.py +1 -0
package/hooks/modules/orchestrator/delegate_mode.py +122 -0
package/hooks/modules/scanning/__init__.py +8 -0
package/hooks/modules/scanning/scan_trigger.py +84 -0
package/hooks/modules/security/__init__.py +120 -0
package/hooks/modules/security/approval_cleanup.py +87 -0
package/hooks/modules/security/approval_constants.py +23 -0
package/hooks/modules/security/approval_grants.py +1638 -0
package/hooks/modules/security/approval_messages.py +71 -0
package/hooks/modules/security/approval_scopes.py +222 -0
package/hooks/modules/security/blocked_commands.py +595 -0
package/hooks/modules/security/blocked_message_formatter.py +87 -0
package/hooks/modules/security/command_semantics.py +181 -0
package/hooks/modules/security/composition_rules.py +547 -0
package/hooks/modules/security/flag_classifiers.py +873 -0
package/hooks/modules/security/gitops_validator.py +179 -0
package/hooks/modules/security/mutative_verbs.py +1131 -0
package/hooks/modules/security/network_hosts.py +481 -0
package/hooks/modules/security/prompt_validator.py +40 -0
package/hooks/modules/security/shell_unwrapper.py +165 -0
package/hooks/modules/security/tiers.py +196 -0
package/hooks/modules/session/__init__.py +10 -0
package/hooks/modules/session/pending_scanner.py +174 -0
package/hooks/modules/session/session_context_writer.py +100 -0
package/hooks/modules/session/session_event_injector.py +160 -0
package/hooks/modules/session/session_manager.py +31 -0
package/hooks/modules/session/session_registry.py +232 -0
package/hooks/modules/tools/__init__.py +29 -0
package/hooks/modules/tools/bash_validator.py +1008 -0
package/hooks/modules/tools/cloud_pipe_validator.py +231 -0
package/hooks/modules/tools/hook_response.py +55 -0
package/hooks/modules/tools/shell_parser.py +227 -0
package/hooks/modules/tools/stage_decomposer.py +315 -0
package/hooks/modules/tools/task_validator.py +294 -0
package/hooks/modules/validation/__init__.py +23 -0
package/hooks/modules/validation/commit_validator.py +380 -0
package/hooks/post_compact.py +43 -0
package/hooks/post_tool_use.py +54 -0
package/hooks/pre_compact.py +60 -0
package/hooks/pre_tool_use.py +413 -0
package/hooks/session_start.py +81 -0
package/hooks/stop_hook.py +82 -0
package/hooks/subagent_start.py +71 -0
package/hooks/subagent_stop.py +295 -0
package/hooks/task_completed.py +70 -0
package/hooks/user_prompt_submit.py +246 -0
package/index.js +83 -0
package/package.json +99 -0
package/pyproject.toml +32 -0
package/skills/README.md +154 -0
package/skills/agent-protocol/SKILL.md +93 -0
package/skills/agent-protocol/examples.md +223 -0
package/skills/agent-response/SKILL.md +69 -0
package/skills/agentic-loop/SKILL.md +80 -0
package/skills/agentic-loop/reference.md +378 -0
package/skills/blog-writing/SKILL.md +98 -0
package/skills/blog-writing/reference.md +130 -0
package/skills/brief-spec/SKILL.md +182 -0
package/skills/command-execution/SKILL.md +64 -0
package/skills/command-execution/reference.md +83 -0
package/skills/context-updater/SKILL.md +87 -0
package/skills/context-updater/examples.md +71 -0
package/skills/developer-patterns/SKILL.md +50 -0
package/skills/developer-patterns/reference.md +112 -0
package/skills/execution/SKILL.md +99 -0
package/skills/fast-queries/SKILL.md +43 -0
package/skills/gaia-compact/SKILL.md +74 -0
package/skills/gaia-patterns/SKILL.md +108 -0
package/skills/gaia-patterns/reference.md +395 -0
package/skills/gaia-planner/SKILL.md +37 -0
package/skills/gaia-planner/reference.md +107 -0
package/skills/gaia-release/SKILL.md +82 -0
package/skills/gaia-release/reference.md +102 -0
package/skills/gaia-self-check/SKILL.md +114 -0
package/skills/gaia-self-check/reference.md +453 -0
package/skills/gaia-verify/SKILL.md +77 -0
package/skills/gaia-verify/reference.md +80 -0
package/skills/git-conventions/SKILL.md +47 -0
package/skills/gitops-patterns/SKILL.md +60 -0
package/skills/gitops-patterns/reference.md +183 -0
package/skills/gmail-policy/SKILL.md +200 -0
package/skills/gmail-policy/reference.md +150 -0
package/skills/gmail-triage/SKILL.md +100 -0
package/skills/gws-setup/SKILL.md +99 -0
package/skills/gws-setup/reference.md +73 -0
package/skills/investigation/SKILL.md +100 -0
package/skills/memory-curation/SKILL.md +83 -0
package/skills/memory-search/SKILL.md +88 -0
package/skills/orchestrator-approval/SKILL.md +160 -0
package/skills/orchestrator-approval/reference.md +174 -0
package/skills/pending-approvals/SKILL.md +72 -0
package/skills/pending-approvals/reference.md +214 -0
package/skills/readme-writing/SKILL.md +71 -0
package/skills/readme-writing/reference.md +188 -0
package/skills/reference.md +135 -0
package/skills/request-approval/SKILL.md +140 -0
package/skills/request-approval/examples.md +140 -0
package/skills/request-approval/reference.md +57 -0
package/skills/schedule-task/SKILL.md +64 -0
package/skills/schedule-task/reference.md +233 -0
package/skills/security-tiers/SKILL.md +141 -0
package/skills/security-tiers/destructive-commands-reference.md +623 -0
package/skills/security-tiers/reference.md +39 -0
package/skills/skill-creation/SKILL.md +92 -0
package/skills/skill-creation/reference.md +29 -0
package/skills/terraform-patterns/SKILL.md +89 -0
package/skills/terraform-patterns/reference.md +93 -0
package/templates/README.md +69 -0
package/templates/managed-settings.template.json +43 -0
package/tools/__init__.py +9 -0
package/tools/agentic-loop/decide-status.py +210 -0
package/tools/agentic-loop/parse-metric.py +106 -0
package/tools/agentic-loop/record-iteration.py +221 -0
package/tools/context/README.md +132 -0
package/tools/context/__init__.py +42 -0
package/tools/context/_paths.py +20 -0
package/tools/context/context_provider.py +721 -0
package/tools/context/context_section_reader.py +342 -0
package/tools/context/deep_merge.py +159 -0
package/tools/context/pending_updates.py +760 -0
package/tools/context/surface_router.py +278 -0
package/tools/fast-queries/README.md +65 -0
package/tools/fast-queries/__init__.py +30 -0
package/tools/fast-queries/appservices/quicktriage_devops_developer.sh +75 -0
package/tools/fast-queries/cloud/aws/quicktriage_aws_troubleshooter.sh +32 -0
package/tools/fast-queries/cloud/gcp/quicktriage_gcp_troubleshooter.sh +88 -0
package/tools/fast-queries/gitops/quicktriage_gitops_operator.sh +48 -0
package/tools/fast-queries/run_triage.sh +59 -0
package/tools/fast-queries/terraform/quicktriage_terraform_architect.sh +80 -0
package/tools/gaia_simulator/__init__.py +33 -0
package/tools/gaia_simulator/cli.py +354 -0
package/tools/gaia_simulator/extractor.py +457 -0
package/tools/gaia_simulator/reporter.py +258 -0
package/tools/gaia_simulator/routing_simulator.py +334 -0
package/tools/gaia_simulator/runner.py +539 -0
package/tools/gaia_simulator/skills_mapper.py +264 -0
package/tools/memory/README.md +0 -0
package/tools/memory/__init__.py +20 -0
package/tools/memory/backfill_fts5.py +107 -0
package/tools/memory/conflict_detector.py +295 -0
package/tools/memory/episodic.py +1210 -0
package/tools/memory/git_invalidator.py +262 -0
package/tools/memory/paths.py +102 -0
package/tools/memory/scoring.py +193 -0
package/tools/memory/search_store.py +360 -0
package/tools/persist_transcript_analysis.py +85 -0
package/tools/review/__init__.py +1 -0
package/tools/review/review_engine.py +157 -0
package/tools/scan/__init__.py +35 -0
package/tools/scan/config.py +247 -0
package/tools/scan/merge.py +212 -0
package/tools/scan/orchestrator.py +549 -0
package/tools/scan/registry.py +127 -0
package/tools/scan/scanners/__init__.py +18 -0
package/tools/scan/scanners/base.py +137 -0
package/tools/scan/scanners/environment.py +349 -0
package/tools/scan/scanners/git.py +570 -0
package/tools/scan/scanners/infrastructure.py +875 -0
package/tools/scan/scanners/orchestration.py +600 -0
package/tools/scan/scanners/stack.py +1085 -0
package/tools/scan/scanners/tools.py +260 -0
package/tools/scan/setup.py +686 -0
package/tools/scan/tests/__init__.py +1 -0
package/tools/scan/tests/conftest.py +796 -0
package/tools/scan/tests/test_environment.py +323 -0
package/tools/scan/tests/test_git.py +419 -0
package/tools/scan/tests/test_infrastructure.py +382 -0
package/tools/scan/tests/test_integration.py +920 -0
package/tools/scan/tests/test_merge.py +269 -0
package/tools/scan/tests/test_orchestration.py +304 -0
package/tools/scan/tests/test_stack.py +604 -0
package/tools/scan/tests/test_tools.py +349 -0
package/tools/scan/ui.py +624 -0
package/tools/scan/verify.py +270 -0
package/tools/scan/walk.py +118 -0
package/tools/scan/workspace.py +85 -0
package/tools/validation/README.md +244 -0
package/tools/validation/__init__.py +17 -0
package/tools/validation/approval_gate.py +321 -0
package/tools/validation/validate_skills.py +189 -0

package/hooks/modules/audit/workflow_auditor.py ADDED Viewed

@@ -0,0 +1,611 @@
+"""
+Workflow auditing: anomaly detection and Gaia analysis signaling.
+Renamed from anomaly_detector.py and expanded with additional anomaly types.
+Provides:
+    - audit(): Full anomaly detection suite -> list of anomaly dicts
+    - signal_gaia_analysis(): Create flag file for Gaia analysis
+"""
+import json
+import logging
+import re
+from collections import deque
+from datetime import datetime
+from pathlib import Path
+from typing import Any, Dict, List, Optional
+from ..agents.transcript_analyzer import TranscriptAnalysis
+from .workflow_recorder import get_workflow_memory_dir
+logger = logging.getLogger(__name__)
+# ---------------------------------------------------------------------------
+# Transcript-analysis check helpers (T009)
+# ---------------------------------------------------------------------------
+def _check_investigation_skip(
+    analysis: TranscriptAnalysis,
+) -> Optional[Dict[str, str]]:
+    """Warning if the agent's first tool call was Bash (skipped investigation)."""
+    if analysis.first_tool_name == "Bash":
+        return {
+            "type": "investigation_skip",
+            "severity": "warning",
+            "message": (
+                "Agent's first tool call was Bash instead of a "
+                "read-only investigation tool (Read/Glob/Grep)"
+            ),
+        }
+    return None
+def _check_context_ignored(
+    analysis: TranscriptAnalysis,
+) -> Optional[Dict[str, str]]:
+    """Warning if the first tool call does not reference project-context paths."""
+    if not analysis.tool_sequence:
+        return None
+    first_call = analysis.tool_sequence[0]
+    args_str = json.dumps(first_call.arguments)
+    # Look for any project-context path references
+    context_indicators = [
+        "project-context",
+        ".claude/",
+        "CLAUDE.md",
+        "context-contracts",
+    ]
+    if not any(indicator in args_str for indicator in context_indicators):
+        return {
+            "type": "context_ignored",
+            "severity": "warning",
+            "message": (
+                "First tool call does not reference any project-context "
+                "paths — agent may have ignored injected context"
+            ),
+        }
+    return None
+def _check_context_update_missing(
+    analysis: TranscriptAnalysis,
+    agent_output: str,
+) -> Optional[Dict[str, str]]:
+    """Info if context-updater skill was injected but no CONTEXT_UPDATE emitted."""
+    if "context-updater" in analysis.skills_injected:
+        if "CONTEXT_UPDATE" not in agent_output:
+            return {
+                "type": "context_update_missing",
+                "severity": "info",
+                "message": (
+                    "context-updater skill was injected but agent did not "
+                    "emit a CONTEXT_UPDATE block"
+                ),
+            }
+    return None
+def _check_excessive_tool_calls(
+    analysis: TranscriptAnalysis,
+) -> Optional[Dict[str, str]]:
+    """Warning if tool_call_count exceeds 75."""
+    if analysis.tool_call_count > 75:
+        return {
+            "type": "excessive_tool_calls",
+            "severity": "warning",
+            "message": (
+                f"Agent made {analysis.tool_call_count} tool calls "
+                f"(threshold: 75) — may indicate inefficient exploration"
+            ),
+        }
+    return None
+def _check_token_budget(
+    analysis: TranscriptAnalysis,
+) -> Optional[Dict[str, str]]:
+    """Info if cache_creation_tokens exceeds 200000."""
+    if analysis.cache_creation_tokens > 200000:
+        return {
+            "type": "token_budget",
+            "severity": "info",
+            "message": (
+                f"Cache creation tokens ({analysis.cache_creation_tokens}) "
+                f"exceeded 200,000 — large context was created"
+            ),
+        }
+    return None
+def _check_pipe_retroactive(
+    analysis: TranscriptAnalysis,
+) -> List[Dict[str, str]]:
+    """Warning per pipe command detected in transcript."""
+    results: List[Dict[str, str]] = []
+    for cmd in analysis.pipe_commands:
+        # Truncate long commands for readability
+        display_cmd = cmd[:120] + "..." if len(cmd) > 120 else cmd
+        results.append({
+            "type": "pipe_retroactive",
+            "severity": "warning",
+            "message": f"Pipe command detected in transcript: {display_cmd}",
+        })
+    return results
+def _check_model_mismatch(
+    analysis: TranscriptAnalysis,
+    metrics: Dict[str, Any],
+) -> Optional[Dict[str, str]]:
+    """Info if transcript model differs from agent definition model."""
+    definition_model = ""
+    snapshot = metrics.get("default_skills_snapshot")
+    if isinstance(snapshot, dict):
+        definition_model = snapshot.get("model", "")
+    if (
+        analysis.model
+        and definition_model
+        and analysis.model != definition_model
+    ):
+        return {
+            "type": "model_mismatch",
+            "severity": "info",
+            "message": (
+                f"Transcript model ({analysis.model}) differs from "
+                f"agent definition model ({definition_model})"
+            ),
+        }
+    return None
+def _check_skill_order(
+    analysis: TranscriptAnalysis,
+    metrics: Dict[str, Any],
+) -> Optional[Dict[str, str]]:
+    """Info if skills were injected in an unexpected order."""
+    snapshot = metrics.get("default_skills_snapshot")
+    if not isinstance(snapshot, dict):
+        return None
+    expected_skills = snapshot.get("skills", [])
+    if not expected_skills or not analysis.skills_injected:
+        return None
+    # Check if the injected skills appear in the expected order
+    # (only consider skills that are in the expected list)
+    expected_set = set(expected_skills)
+    actual_ordered = [s for s in analysis.skills_injected if s in expected_set]
+    expected_ordered = [s for s in expected_skills if s in set(actual_ordered)]
+    if actual_ordered and expected_ordered and actual_ordered != expected_ordered:
+        return {
+            "type": "skill_order",
+            "severity": "info",
+            "message": (
+                f"Skills injected in unexpected order: "
+                f"{actual_ordered} (expected: {expected_ordered})"
+            ),
+        }
+    return None
+def _check_duplicate_tools(
+    analysis: TranscriptAnalysis,
+) -> Optional[Dict[str, str]]:
+    """Info if duplicate tool calls were detected."""
+    if analysis.duplicate_tool_calls:
+        dup_summary = ", ".join(
+            f"{d.tool_name}(x{len(d.indices)})"
+            for d in analysis.duplicate_tool_calls
+        )
+        return {
+            "type": "duplicate_tools",
+            "severity": "info",
+            "message": (
+                f"Duplicate tool calls detected: {dup_summary}"
+            ),
+        }
+    return None
+def _check_token_explosion(
+    analysis: TranscriptAnalysis,
+) -> Optional[Dict[str, str]]:
+    """Warning if total token consumption exceeds 10 million."""
+    total = (
+        analysis.input_tokens
+        + analysis.cache_creation_tokens
+        + analysis.output_tokens
+    )
+    if total > 10_000_000:
+        return {
+            "type": "token_explosion",
+            "severity": "warning",
+            "message": (
+                f"Total token consumption ({total:,}) exceeded 10,000,000 "
+                f"— possible runaway generation"
+            ),
+        }
+    return None
+def _check_cache_efficiency(
+    analysis: TranscriptAnalysis,
+) -> Optional[Dict[str, str]]:
+    """Info if cache read ratio is below 60% with significant token volume."""
+    total = (
+        analysis.cache_read_tokens
+        + analysis.cache_creation_tokens
+        + analysis.input_tokens
+    )
+    if total > 1000:
+        ratio = analysis.cache_read_tokens / total
+        if ratio < 0.60:
+            return {
+                "type": "cache_efficiency",
+                "severity": "info",
+                "message": (
+                    f"Cache read ratio is {ratio:.1%} (below 60%) "
+                    f"with {total:,} total input tokens — cache may be underutilized"
+                ),
+            }
+    return None
+def _check_bash_permission_gate(
+    analysis: TranscriptAnalysis,
+    metrics: Dict[str, Any],
+) -> Optional[Dict[str, str]]:
+    """Warning if agent declares Bash but made 0 Bash calls.
+    When the native Claude Code permission layer denies Bash before the
+    hook fires, our hook never runs and no log entry is produced. The agent
+    reports 'Permission to use Bash has been denied' but the failure is
+    otherwise invisible.  A declared-Bash agent with 0 actual Bash calls is
+    a reliable signal of this invisible gate.
+    """
+    snapshot = metrics.get("default_skills_snapshot") or {}
+    declared_tools = snapshot.get("tools", [])
+    if not isinstance(declared_tools, list):
+        return None
+    declared_lower = [t.lower() for t in declared_tools]
+    if "bash" not in declared_lower:
+        return None
+    if len(analysis.bash_commands) == 0:
+        agent_name = metrics.get("agent", "unknown")
+        return {
+            "type": "bash_permission_gate",
+            "severity": "warning",
+            "message": (
+                f"WARNING: Agent {agent_name} declares Bash but made 0 Bash calls. "
+                f"Possible native permission layer block."
+            ),
+        }
+    return None
+def _check_duplicate_write_storm(
+    analysis: TranscriptAnalysis,
+) -> Optional[Dict[str, str]]:
+    """Warning if Write or Edit tool calls appear 3+ times with identical args."""
+    for dup in analysis.duplicate_tool_calls:
+        if dup.tool_name in ("Write", "Edit") and len(dup.indices) >= 3:
+            return {
+                "type": "duplicate_write_storm",
+                "severity": "warning",
+                "message": (
+                    f"Duplicate {dup.tool_name} storm detected: "
+                    f"{len(dup.indices)} identical calls at indices "
+                    f"{dup.indices}"
+                ),
+            }
+    return None
+def _check_duration_outlier(
+    analysis: TranscriptAnalysis,
+) -> Optional[Dict[str, str]]:
+    """Warning if agent execution exceeded 10 minutes."""
+    if analysis.duration_ms is not None and analysis.duration_ms > 600_000:
+        minutes = analysis.duration_ms / 60_000
+        return {
+            "type": "duration_outlier",
+            "severity": "warning",
+            "message": (
+                f"Agent execution took {minutes:.1f} minutes "
+                f"(threshold: 10 min) — may indicate stalled or inefficient work"
+            ),
+        }
+    return None
+def _check_tool_call_velocity(
+    analysis: TranscriptAnalysis,
+) -> Optional[Dict[str, str]]:
+    """Warning if tool call rate exceeds 20 calls per minute."""
+    if (
+        analysis.duration_ms is not None
+        and analysis.duration_ms > 0
+        and (analysis.tool_call_count / (analysis.duration_ms / 60_000)) > 20
+    ):
+        velocity = analysis.tool_call_count / (analysis.duration_ms / 60_000)
+        return {
+            "type": "tool_call_velocity",
+            "severity": "warning",
+            "message": (
+                f"Tool call velocity is {velocity:.1f} calls/min "
+                f"(threshold: 20) — agent may be thrashing"
+            ),
+        }
+    return None
+def audit(
+    metrics: Dict[str, Any],
+    agent_output: str = "",
+    task_info: Optional[Dict[str, Any]] = None,
+    rejected_sections: Optional[List[str]] = None,
+    transcript_analysis: Optional[TranscriptAnalysis] = None,
+) -> List[Dict[str, str]]:
+    """
+    Detect anomalies in workflow execution.
+    Checks:
+    - execution_failure: exit_code != 0
+    - consecutive_failures: 3+ failures in a row for same agent
+    - missing_evidence: COMPLETE but no evidence in json:contract block
+    - empty_evidence: json:contract evidence exists but commands_run empty or all "not run"
+    - skipped_verification: task has verify command in injected_context but not in commands_run
+    - scope_escalation: rejected_sections exist (agent tried to write outside its scope)
+    Transcript-analysis checks (only when transcript_analysis is provided):
+    - investigation_skip: first tool was Bash
+    - context_ignored: first tool call has no project-context paths
+    - context_update_missing: context-updater injected but no CONTEXT_UPDATE emitted
+    - excessive_tool_calls: tool_call_count > 75
+    - token_budget: cache_creation_tokens > 200000
+    - token_explosion: total tokens (input+cache_creation+output) > 10M
+    - cache_efficiency: cache read ratio < 60% with significant volume
+    - duplicate_write_storm: Write/Edit tool with 3+ identical calls
+    - duration_outlier: duration_ms > 600,000 (10 min)
+    - tool_call_velocity: > 20 tool calls per minute
+    - pipe_retroactive: pipe commands found in transcript
+    - model_mismatch: transcript model != agent definition model
+    - skill_order: skills injected in unexpected order
+    - duplicate_tools: duplicate tool calls detected
+    - bash_permission_gate: agent declares Bash but made 0 calls (native layer block)
+    Args:
+        metrics: Workflow metrics dict (from workflow_recorder.record()).
+        agent_output: Complete agent output string (for evidence checks).
+        task_info: Task metadata including injected_context (for verification checks).
+        rejected_sections: List of context sections rejected by permission validation.
+        transcript_analysis: Optional TranscriptAnalysis from transcript_analyzer.
+            When None (default), transcript-based checks are skipped for backward
+            compatibility.
+    Returns:
+        List of anomaly descriptions
+    """
+    anomalies: List[Dict[str, str]] = []
+    task_info = task_info or {}
+    # --- existing: execution_failure ---
+    if metrics.get("exit_code", 0) != 0:
+        anomalies.append({
+            "type": "execution_failure",
+            "severity": "error",
+            "message": f"Agent {metrics['agent']} failed with exit code {metrics['exit_code']}"
+        })
+    # --- existing: consecutive_failures ---
+    try:
+        workflow_memory_dir = get_workflow_memory_dir()
+        metrics_file = workflow_memory_dir / "metrics.jsonl"
+        if metrics_file.exists():
+            with open(metrics_file) as f:
+                recent = list(deque(f, maxlen=7))
+            # Get last 5 metrics (excluding current which is the last line)
+            last_5 = (
+                [json.loads(line) for line in recent[:-1]][-5:]
+                if len(recent) > 1
+                else []
+            )
+            # Count recent failures for same agent
+            agent = metrics["agent"]
+            recent_failures = [
+                m for m in last_5
+                if m.get("agent") == agent and m.get("exit_code", 0) != 0
+            ]
+            # If current also failed and we have 2+ previous failures
+            if metrics.get("exit_code", 0) != 0 and len(recent_failures) >= 2:
+                anomalies.append({
+                    "type": "consecutive_failures",
+                    "severity": "critical",
+                    "message": (
+                        f"Agent {agent} has failed "
+                        f"{len(recent_failures) + 1} times consecutively"
+                    ),
+                })
+    except Exception as e:
+        logger.debug(f"Could not check consecutive failures: {e}")
+    # --- NEW: missing_evidence ---
+    if agent_output:
+        plan_status = metrics.get("plan_status", "")
+        if "COMPLETE" in plan_status:
+            from ..agents.contract_validator import parse_contract
+            contract = parse_contract(agent_output)
+            has_evidence = (
+                contract is not None
+                and isinstance(contract.get("evidence_report"), dict)
+                and bool(contract["evidence_report"])
+            )
+            if not has_evidence:
+                anomalies.append({
+                    "type": "missing_evidence",
+                    "severity": "warning",
+                    "message": (
+                        f"Agent {metrics['agent']} completed but "
+                        f"did not include evidence in json:contract block"
+                    ),
+                })
+    # --- NEW: empty_evidence ---
+    if agent_output:
+        from ..agents.contract_validator import parse_contract
+        contract = parse_contract(agent_output)
+        if contract is not None:
+            evidence = contract.get("evidence_report")
+            if isinstance(evidence, dict):
+                commands_run = evidence.get("commands_run", [])
+                if isinstance(commands_run, list):
+                    not_run_pattern = re.compile(
+                        r"\b(not\s+run|not\s+executed|skipped|n/a|none)\b",
+                        re.IGNORECASE,
+                    )
+                    if not commands_run:
+                        # commands_run key exists but is empty list
+                        anomalies.append({
+                            "type": "empty_evidence",
+                            "severity": "warning",
+                            "message": (
+                                f"Agent {metrics['agent']} has evidence in "
+                                f"json:contract but commands_run is empty"
+                            ),
+                        })
+                    elif all(
+                        isinstance(c, str) and not_run_pattern.search(c)
+                        for c in commands_run
+                    ):
+                        anomalies.append({
+                            "type": "empty_evidence",
+                            "severity": "warning",
+                            "message": (
+                                f"Agent {metrics['agent']} has evidence in "
+                                f"json:contract but all commands_run entries "
+                                f"indicate 'not run'"
+                            ),
+                        })
+    # --- NEW: skipped_verification ---
+    injected = task_info.get("injected_context") or {}
+    investigation_brief = injected.get("investigation_brief", {}) or {}
+    required_checks = investigation_brief.get("required_checks", [])
+    if required_checks and agent_output:
+        # Extract commands that were actually run from evidence
+        from ..agents.contract_validator import extract_commands_from_evidence
+        commands_run = extract_commands_from_evidence(agent_output)
+        # Check if any required check mentions a verify command
+        for check in required_checks:
+            if isinstance(check, str) and "verify" in check.lower():
+                # If there are required verification checks but no commands were run at all
+                if not commands_run:
+                    anomalies.append({
+                        "type": "skipped_verification",
+                        "severity": "warning",
+                        "message": (
+                            f"Agent {metrics['agent']} has verification requirements "
+                            f"in injected_context but ran no commands"
+                        ),
+                    })
+                    break
+    # --- NEW: scope_escalation ---
+    if rejected_sections:
+        anomalies.append({
+            "type": "scope_escalation",
+            "severity": "warning",
+            "message": (
+                f"Agent {metrics['agent']} attempted to write to "
+                f"unauthorized sections: {', '.join(rejected_sections)}"
+            ),
+        })
+    # --- Transcript-analysis checks (T009) ---
+    if transcript_analysis is not None:
+        for check_fn in (
+            _check_investigation_skip,
+            _check_context_ignored,
+            _check_excessive_tool_calls,
+            _check_token_budget,
+            _check_duplicate_tools,
+            _check_token_explosion,
+            _check_cache_efficiency,
+            _check_duplicate_write_storm,
+            _check_duration_outlier,
+            _check_tool_call_velocity,
+        ):
+            result = check_fn(transcript_analysis)
+            if result is not None:
+                anomalies.append(result)
+        # Checks that need agent_output
+        result = _check_context_update_missing(transcript_analysis, agent_output)
+        if result is not None:
+            anomalies.append(result)
+        # Checks that need metrics
+        for check_fn_m in (_check_model_mismatch, _check_skill_order, _check_bash_permission_gate):
+            result = check_fn_m(transcript_analysis, metrics)
+            if result is not None:
+                anomalies.append(result)
+        # Pipe check returns a list (one per pipe command)
+        anomalies.extend(_check_pipe_retroactive(transcript_analysis))
+    return anomalies
+def signal_gaia_analysis(
+    anomalies: List[Dict],
+    metrics: Dict[str, Any],
+) -> None:
+    """
+    Signal that Gaia analysis is needed.
+    Creates a flag file that orchestrator can detect.
+    """
+    try:
+        signals_dir = get_workflow_memory_dir() / "signals"
+        signals_dir.mkdir(parents=True, exist_ok=True)
+        signal_file = signals_dir / "needs_analysis.flag"
+        signal_data = {
+            "timestamp": datetime.now().isoformat(),
+            "created_at": datetime.now().isoformat(),
+            "ttl_hours": 1,
+            "anomalies": anomalies,
+            "metrics_summary": {
+                "agent": metrics["agent"],
+                "task_id": metrics["task_id"],
+                "duration_ms": metrics.get("duration_ms"),
+                "exit_code": metrics.get("exit_code"),
+            },
+            "suggested_action": "Invoke /gaia for system analysis",
+        }
+        with open(signal_file, "w") as f:
+            json.dump(signal_data, f, indent=2)
+        logger.info(f"Gaia analysis signal created: {signal_file}")
+        # Also log to a permanent anomaly log
+        anomaly_log = signals_dir.parent / "anomalies.jsonl"
+        with open(anomaly_log, "a") as f:
+            f.write(json.dumps({
+                "timestamp": datetime.now().isoformat(),
+                "anomalies": anomalies,
+                "metrics": metrics,
+            }) + "\n")
+    except Exception as e:
+        logger.warning(f"Could not create analysis signal: {e}")