@jaguilar87/gaia 5.0.7 → 5.0.8

package/.claude-plugin/marketplace.json

@@ -8,7 +8,7 @@
     {
       "name": "gaia-ops",
       "description": "Full DevOps orchestration for Claude Code. Eight specialized agents handle the complete development lifecycle — analysis, planning, execution, and deployment. Gaia-Ops scans your codebase to understand it and injects the right context into each sub-agent. Every command is classified by risk: read-only runs freely, state changes pause for your approval, and irreversible operations are permanently blocked.",
-      "version": "5.0.7",
+      "version": "5.0.8",
       "category": "devops",
       "author": {
         "name": "jaguilar87",
@@ -20,7 +20,7 @@
     {
       "name": "gaia-security",
       "description": "Keeps you in the loop only when it matters. Gaia Security analyzes every command and classifies it into risk tiers: read-only queries run freely, simulations and validations pass through, and state-changing operations (create, delete, apply, push) pause for your explicit approval before executing. Irreversible commands like dropping databases or deleting cloud infrastructure are permanently blocked.",
-      "version": "5.0.7",
+      "version": "5.0.8",
       "category": "security",
       "author": {
         "name": "jaguilar87",

package/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "gaia-ops",
-  "version": "5.0.7",
+  "version": "5.0.8",
   "description": "Security-first orchestrator with specialized agents, hooks, and governance for AI coding",
   "author": {
     "name": "jaguilar87",

package/CHANGELOG.md

@@ -7,6 +7,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [5.0.8] - 2026-06-24
+
 ## [5.0.7] - 2026-06-12
 
 ### Fixed

package/bin/cli/approvals.py

@@ -889,12 +889,6 @@ def _import_approval_display():
     return display
 
 
-def _import_approval_revert():
-    """Import gaia.approvals.revert lazily."""
-    from gaia.approvals import revert as revert_mod
-    return revert_mod
-
-
 # ---------------------------------------------------------------------------
 # T3.1: gaia approvals pending -- shortcut for list --status=pending
 # ---------------------------------------------------------------------------
@@ -1209,199 +1203,6 @@ def cmd_history(args) -> int:
     return 0
 
 
-# ---------------------------------------------------------------------------
-# T3.5: gaia approvals revert <id> -- interactive inverse-command UX (D14)
-# ---------------------------------------------------------------------------
-
-def cmd_revert(args) -> int:
-    """Revert an approval by executing inverse commands for its EXECUTED events.
-
-    Per D14:
-    - Interactive by default: shows numbered list of candidate inverse commands,
-      user selects by number, comma-separated, 'all', or 'none'.
-    - ``--yes`` suppresses per-event confirmation.
-    - ``--file ids.txt`` reads event_ids from a file (one per line) for batch mode.
-    - ``--dry-run`` shows the inverse commands without executing them.
-
-    Exits 0 on success or when no reversible events exist.
-    Exits 1 on error.
-    """
-    raw_id = _resolve_approval_id(args.approval_id)
-    skip_confirm = getattr(args, "yes", False)
-    dry_run = getattr(args, "dry_run", False)
-    batch_file = getattr(args, "file", None)
-    output_json = getattr(args, "json", False)
-
-    # Resolve the approval and its EXECUTED events.
-    try:
-        store = _import_approval_store()
-        approval = store.get_by_id(raw_id)
-        if approval is None:
-            _print_error(f"No approval found for id: {raw_id}", args)
-            return 1
-    except Exception as exc:
-        _print_error(f"Failed to look up approval: {exc}", args)
-        return 1
-
-    # Derive inverse commands.
-    try:
-        revert_mod = _import_approval_revert()
-        store = _import_approval_store()
-        con = store._open_db()
-        try:
-            inverses = revert_mod.derive_inverses_for_approval(raw_id, con)
-        finally:
-            con.close()
-    except Exception as exc:
-        _print_error(f"Failed to derive inverse commands: {exc}", args)
-        return 1
-
-    if not inverses:
-        print(f"No EXECUTED events found for approval {raw_id}. Nothing to revert.")
-        return 0
-
-    # Display the candidate inverse commands.
-    print(f"\nCandidate inverse commands for approval {raw_id}:")
-    print("-" * 60)
-    for i, ic in enumerate(inverses):
-        reversible_marker = "" if ic.reversible else " [NOT REVERSIBLE]"
-        inverse_display = ic.inverse_command if ic.inverse_command else "N/A"
-        print(f"  [{i}] Original : {ic.original_command}")
-        print(f"      Inverse  : {inverse_display}{reversible_marker}")
-        print(f"      Notes    : {ic.notes}")
-        print()
-
-    # Filter to only reversible ones.
-    reversible = [ic for ic in inverses if ic.reversible and ic.inverse_command]
-    if not reversible:
-        print("None of the events have derivable inverse commands.")
-        return 0
-
-    if dry_run:
-        print("[dry-run] Would execute the following inverse commands:")
-        for ic in reversible:
-            print(f"  {ic.inverse_command}")
-        return 0
-
-    # Batch file mode: read event_ids to revert.
-    selected = reversible
-    if batch_file:
-        try:
-            with open(batch_file) as fh:
-                event_ids_str = {line.strip() for line in fh if line.strip()}
-        except OSError as exc:
-            _print_error(f"Cannot read batch file {batch_file!r}: {exc}", args)
-            return 1
-        event_ids = set()
-        for eid in event_ids_str:
-            try:
-                event_ids.add(int(eid))
-            except ValueError:
-                pass
-        selected = [ic for ic in reversible if ic.event_id in event_ids]
-        if not selected:
-            print(f"No matching reversible events found in batch file.")
-            return 0
-    elif not skip_confirm:
-        # Interactive selection.
-        print("Select events to revert (comma-separated numbers, 'all', or 'none'):")
-        try:
-            choice = input("> ").strip().lower()
-        except EOFError:
-            choice = "none"
-
-        if choice == "none" or choice == "":
-            print("Revert cancelled.")
-            return 0
-        elif choice == "all":
-            selected = reversible
-        else:
-            try:
-                indices = [int(x.strip()) for x in choice.split(",") if x.strip()]
-                selected = [reversible[i] for i in indices if 0 <= i < len(reversible)]
-            except (ValueError, IndexError):
-                _print_error("Invalid selection. Use numbers, 'all', or 'none'.", args)
-                return 1
-
-    if not selected:
-        print("No events selected. Revert cancelled.")
-        return 0
-
-    # Final confirmation.
-    if not skip_confirm:
-        print("\nWill execute:")
-        for ic in selected:
-            print(f"  {ic.inverse_command}")
-        try:
-            confirm = input("\nProceed? [y/N] ").strip().lower()
-        except EOFError:
-            confirm = "n"
-        if confirm not in ("y", "yes"):
-            print("Revert cancelled.")
-            return 0
-
-    # Execute inverse commands.
-    import subprocess
-    results = []
-    session_id = os.environ.get("CLAUDE_SESSION_ID") or "cli-session"
-    all_ok = True
-
-    for ic in selected:
-        print(f"Executing: {ic.inverse_command}")
-        try:
-            proc = subprocess.run(
-                ic.inverse_command,
-                shell=True,
-                capture_output=True,
-                text=True,
-            )
-            ok = proc.returncode == 0
-            results.append({
-                "event_id": ic.event_id,
-                "command": ic.inverse_command,
-                "exit_code": proc.returncode,
-                "stdout": proc.stdout.strip(),
-                "stderr": proc.stderr.strip(),
-            })
-            if ok:
-                print(f"  OK (exit 0)")
-                # Record REVERTED event in the chain.
-                try:
-                    store = _import_approval_store()
-                    import json as _json
-                    metadata = _json.dumps({
-                        "original_event_id": ic.event_id,
-                        "inverse_command": ic.inverse_command,
-                    })
-                    store.record_event(
-                        raw_id,
-                        "REVERTED",
-                        session_id=session_id,
-                        metadata_json=metadata,
-                    )
-                except Exception:
-                    pass  # Chain write failure is non-fatal for the revert operation.
-            else:
-                print(f"  FAILED (exit {proc.returncode})")
-                if proc.stderr:
-                    print(f"  stderr: {proc.stderr.strip()}")
-                all_ok = False
-        except Exception as exc:
-            print(f"  ERROR: {exc}")
-            results.append({
-                "event_id": ic.event_id,
-                "command": ic.inverse_command,
-                "exit_code": -1,
-                "error": str(exc),
-            })
-            all_ok = False
-
-    if output_json:
-        print(json.dumps({"results": results, "all_ok": all_ok}))
-
-    return 0 if all_ok else 1
-
-
 # ---------------------------------------------------------------------------
 # T3.5: gaia approvals replay <id> [--dry-run]
 # ---------------------------------------------------------------------------
@@ -1522,6 +1323,114 @@ def cmd_replay(args) -> int:
     return 0 if all_ok else 1
 
 
+# ---------------------------------------------------------------------------
+# derive-id -- reproduce a plan-first COMMAND_SET approval_id from its commands
+# ---------------------------------------------------------------------------
+
+def _read_command_set_input(args) -> list:
+    """Resolve the command list for derive-id from args/stdin.
+
+    Accepts, in order of precedence:
+      1. ``--commands-json '[{"command": "..."}, ...]'`` or a bare list of
+         strings ``["cmd a", "cmd b"]`` -- the command_set as the orchestrator
+         reads it from the contract.
+      2. stdin (when ``--commands-json`` is omitted), same JSON shapes.
+
+    Returns the ordered list of command STRINGS (rationale is irrelevant to the
+    derivation). Raises ValueError on malformed input.
+    """
+    raw = getattr(args, "commands_json", None)
+    if raw is None:
+        raw = sys.stdin.read()
+    raw = (raw or "").strip()
+    if not raw:
+        raise ValueError("no command_set provided (use --commands-json or stdin)")
+
+    parsed = json.loads(raw)
+
+    # Accept either a top-level list, or {"command_set": [...]} / {"commands": [...]}.
+    if isinstance(parsed, dict):
+        parsed = parsed.get("command_set") or parsed.get("commands") or []
+
+    if not isinstance(parsed, list):
+        raise ValueError("command_set must be a JSON array")
+
+    commands: list = []
+    for item in parsed:
+        if isinstance(item, str):
+            if item:
+                commands.append(item)
+        elif isinstance(item, dict) and item.get("command"):
+            commands.append(item["command"])
+    return commands
+
+
+def cmd_derive_id(args) -> int:
+    """Derive the deterministic COMMAND_SET approval_id from its commands.
+
+    This is the orchestrator-side mirror of the intake's mint: given the
+    ``command_set`` the subagent emitted in its contract (no DB search), it
+    reproduces the EXACT ``P-...`` id the SubagentStop intake wrote as the
+    pending row, by applying the SAME mutative filter and the SAME
+    ``derive_command_set_id`` canonicalization the intake uses.
+
+    The mutative filter is shared with the intake
+    (``handoff_persister._filter_mutative_command_set``) so the CLI and the hook
+    operate on the identical post-filter command list. When fewer than 2
+    mutative commands remain, NO COMMAND_SET was minted (the singular path owns
+    it) -- the helper reports that rather than emitting a bogus id.
+
+    Exits 0 on success, 1 on error.
+    """
+    output_json = getattr(args, "json", False)
+    apply_filter = not getattr(args, "no_filter", False)
+
+    try:
+        commands = _read_command_set_input(args)
+    except Exception as exc:
+        _print_error(f"Failed to parse command_set: {exc}", args)
+        return 1
+
+    # Apply the SAME mutative filter the intake uses, so the orchestrator's
+    # derivation operates on the identical post-filter list. Skippable via
+    # --no-filter for callers that already hold the filtered list.
+    if apply_filter:
+        try:
+            from modules.agents.handoff_persister import _filter_mutative_command_set
+            filtered = _filter_mutative_command_set(
+                [{"command": c, "rationale": ""} for c in commands]
+            )
+            commands = [it["command"] for it in filtered]
+        except Exception as exc:
+            _print_error(f"Failed to apply mutative filter: {exc}", args)
+            return 1
+
+    if len(commands) < 2:
+        msg = (
+            f"Not a COMMAND_SET: {len(commands)} mutative command(s) after filter "
+            "(need >= 2). No COMMAND_SET approval was minted -- the singular path "
+            "owns this."
+        )
+        if output_json:
+            print(json.dumps({"approval_id": None, "command_count": len(commands), "reason": msg}))
+        else:
+            _print_error(msg, args)
+        return 1
+
+    try:
+        store = _import_approval_store()
+        approval_id = store.derive_command_set_id(commands)
+    except Exception as exc:
+        _print_error(f"Failed to derive id: {exc}", args)
+        return 1
+
+    if output_json:
+        print(json.dumps({"approval_id": approval_id, "command_count": len(commands)}))
+    else:
+        print(approval_id)
+    return 0
+
+
 # ---------------------------------------------------------------------------
 # Plugin registration (called by bin/gaia dispatcher)
 # ---------------------------------------------------------------------------
@@ -1531,7 +1440,7 @@ def register(subparsers) -> None:
     p = subparsers.add_parser(
         "approvals",
         help="Manage T3 pending approvals",
-        description="View, approve, reject, revert, and replay Gaia approval requests.",
+        description="View, approve, reject, and replay Gaia approval requests.",
     )
     sub = p.add_subparsers(dest="approvals_cmd", metavar="SUBCOMMAND")
     sub.required = True
@@ -1652,33 +1561,6 @@ def register(subparsers) -> None:
     p_history.add_argument("--json", action="store_true", help="JSON output")
     p_history.set_defaults(func=cmd_history)
 
-    # revert (T3.5) -- interactive inverse-command UX
-    p_revert = sub.add_parser(
-        "revert",
-        help="Revert an approval by executing inverse commands (interactive)",
-        description=(
-            "Per D14: interactive inverse-command UX for reverting executed approvals.\n\n"
-            "Shows candidate inverse commands, prompts for selection, then executes\n"
-            "the selected inverses sequentially. Uses --yes to skip per-event prompts.\n"
-            "Use --dry-run to preview without executing."
-        ),
-    )
-    p_revert.add_argument(
-        "approval_id",
-        metavar="APPROVAL_ID",
-        help="P-{uuid4hex} of the approval to revert",
-    )
-    p_revert.add_argument("--yes", action="store_true", help="Skip confirmation prompts")
-    p_revert.add_argument("--dry-run", action="store_true", dest="dry_run", help="Preview only")
-    p_revert.add_argument(
-        "--file",
-        metavar="PATH",
-        default=None,
-        help="File of event_ids to revert (one per line) for batch mode",
-    )
-    p_revert.add_argument("--json", action="store_true", help="JSON output for results")
-    p_revert.set_defaults(func=cmd_revert)
-
     # replay (T3.5) -- re-run commands from an executed approval
     p_replay = sub.add_parser(
         "replay",
@@ -1763,6 +1645,35 @@ def register(subparsers) -> None:
     p_stats.add_argument("--json", action="store_true", help="JSON output")
     p_stats.set_defaults(func=cmd_stats)
 
+    # derive-id -- reproduce a plan-first COMMAND_SET id from its commands
+    p_derive = sub.add_parser(
+        "derive-id",
+        help="Derive the deterministic COMMAND_SET approval_id from its commands",
+        description=(
+            "Reproduce the content-derived approval_id the SubagentStop intake\n"
+            "minted for a plan-first COMMAND_SET, from the command_set in the\n"
+            "contract -- no DB search. Pass the command_set as JSON via\n"
+            "--commands-json or stdin (a list of strings, a list of\n"
+            "{command, rationale} objects, or an object with a command_set/\n"
+            "commands key). Applies the same mutative filter the intake uses."
+        ),
+    )
+    p_derive.add_argument(
+        "--commands-json",
+        dest="commands_json",
+        metavar="JSON",
+        default=None,
+        help="command_set as JSON (omit to read from stdin)",
+    )
+    p_derive.add_argument(
+        "--no-filter",
+        action="store_true",
+        dest="no_filter",
+        help="Skip the mutative filter (input is already the filtered list)",
+    )
+    p_derive.add_argument("--json", action="store_true", help="JSON output")
+    p_derive.set_defaults(func=cmd_derive_id)
+
     p.set_defaults(func=_approvals_default)
 
 
@@ -1788,13 +1699,13 @@ def _approvals_default(args) -> int:
     print("  approve APPROVAL_ID               -- cross-session approve")
     print("  revoke APPROVAL_ID                -- revoke a pending approval")
     print("  history [APPROVAL_ID] [--limit N] -- temporal history or per-approval chain")
-    print("  revert APPROVAL_ID [--dry-run]    -- interactive inverse-command revert")
     print("  replay APPROVAL_ID [--dry-run]    -- replay an executed approval")
     print("  list [--session S] [--orphans-only]  -- list (legacy + DB grants)")
     print("  reject NONCE [--all]              -- reject pending (legacy)")
     print("  reject-all [--dry-run]            -- bulk reject (legacy)")
     print("  clean [--dry-run]                 -- remove expired approvals")
     print("  stats                             -- approval system statistics")
+    print("  derive-id --commands-json JSON    -- reproduce a COMMAND_SET id (no DB)")
     print("")
     print("Run 'gaia approvals --help' for more information.")
     return 0
@@ -1850,14 +1761,6 @@ def _build_standalone_parser() -> argparse.ArgumentParser:
     p_history.add_argument("--json", action="store_true")
     p_history.set_defaults(func=cmd_history)
 
-    p_revert = subparsers.add_parser("revert", help="Revert an approval (interactive)")
-    p_revert.add_argument("approval_id", metavar="APPROVAL_ID")
-    p_revert.add_argument("--yes", action="store_true")
-    p_revert.add_argument("--dry-run", action="store_true", dest="dry_run")
-    p_revert.add_argument("--file", metavar="PATH", default=None)
-    p_revert.add_argument("--json", action="store_true")
-    p_revert.set_defaults(func=cmd_revert)
-
     p_replay = subparsers.add_parser("replay", help="Replay an executed approval")
     p_replay.add_argument("approval_id", metavar="APPROVAL_ID")
     p_replay.add_argument("--dry-run", action="store_true", dest="dry_run")
@@ -1886,6 +1789,12 @@ def _build_standalone_parser() -> argparse.ArgumentParser:
     p_stats.add_argument("--json", action="store_true")
     p_stats.set_defaults(func=cmd_stats)
 
+    p_derive = subparsers.add_parser("derive-id", help="Derive a COMMAND_SET approval_id from its commands")
+    p_derive.add_argument("--commands-json", dest="commands_json", metavar="JSON", default=None)
+    p_derive.add_argument("--no-filter", action="store_true", dest="no_filter")
+    p_derive.add_argument("--json", action="store_true")
+    p_derive.set_defaults(func=cmd_derive_id)
+
     return parser
 
 

package/dist/gaia-ops/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "gaia-ops",
-  "version": "5.0.7",
+  "version": "5.0.8",
   "description": "Full DevOps orchestration for Claude Code. Eight specialized agents handle the complete development lifecycle \u2014 analysis, planning, execution, and deployment. Gaia-Ops scans your codebase to understand it and injects the right context into each sub-agent. Every command is classified by risk: read-only runs freely, state changes pause for your approval, and irreversible operations are permanently blocked.",
   "author": {
     "name": "jaguilar87",

package/dist/gaia-ops/hooks/adapters/claude_code.py

@@ -603,13 +603,18 @@ class ClaudeCodeAdapter(HookAdapter):
                 exit_code=2,
             )
 
-        # Save state for post-hook
+        # Save state for post-hook. When the command was allowed by consuming a
+        # T3 approval grant, carry that approval_id forward so PostToolUse can
+        # append an EXECUTED/FAILED event to the approval_events chain (the grant
+        # is consumed here at PreToolUse and flips to CONSUMED, so PostToolUse
+        # cannot re-discover it via check_approval_grant).
         effective_command = result.modified_input.get("command", command) if result.modified_input else command
         state = create_pre_hook_state(
             tool_name=tool_name,
             command=effective_command,
             tier=str(result.tier),
             allowed=True,
+            consumed_approval_id=result.consumed_approval_id,
         )
         save_hook_state(state)
 
@@ -1003,6 +1008,26 @@ class ClaudeCodeAdapter(HookAdapter):
                             "T3 grant confirmed (will be consumed at SubagentStop): %s", command[:80],
                         )
 
+            # Close the audit-log cycle for an APPROVED T3 command that just ran.
+            # PreToolUse stashed the consumed grant's approval_id in HookState
+            # when it matched (and consumed) the grant; append EXECUTED on a clean
+            # exit, FAILED otherwise. This continues the approval_events hash chain
+            # via the canonical store.record_event() helper -- the only authorized
+            # writer for the chain (it routes through chain.insert_event(), which
+            # links prev_hash -> this_hash before INSERT).
+            if tool_name == "Bash":
+                consumed_approval_id = (
+                    pre_state.metadata.get("consumed_approval_id") if pre_state else None
+                )
+                if consumed_approval_id:
+                    self._record_t3_outcome_event(
+                        consumed_approval_id,
+                        command=parameters.get("command", ""),
+                        success=success,
+                        exit_code=tool_result_data.exit_code,
+                        session_id=hook_data.get("session_id", ""),
+                    )
+
             events = detect_critical_event(tool_name, parameters, output, success)
             if events:
                 writer = SessionContextWriter()
@@ -1031,6 +1056,53 @@ class ClaudeCodeAdapter(HookAdapter):
 
         return HookResponse(output={}, exit_code=0)
 
+    def _record_t3_outcome_event(
+        self,
+        approval_id: str,
+        *,
+        command: str,
+        success: bool,
+        exit_code: int,
+        session_id: str = "",
+    ) -> None:
+        """Append an EXECUTED or FAILED event for an approved T3 command.
+
+        Closes the audit-log cycle: once a command runs under a consumed grant,
+        the approval_events chain records whether it succeeded (EXECUTED) or
+        failed (FAILED). Writes through gaia.approvals.store.record_event(), the
+        canonical chain writer -- never a raw INSERT -- so prev_hash -> this_hash
+        linkage is preserved and validate_chain() stays intact end to end.
+
+        Best-effort and non-fatal: the approval store lives in gaia.db and may be
+        unavailable in some hook contexts; any failure is logged and swallowed so
+        a chain-write hiccup never breaks tool execution.
+        """
+        event_type = "EXECUTED" if success else "FAILED"
+        try:
+            from gaia.approvals import store as _approval_store
+
+            payload = {
+                "command": command,
+                "exit_code": exit_code,
+                "outcome": "success" if success else "failure",
+            }
+            _approval_store.record_event(
+                approval_id,
+                event_type,
+                session_id=session_id or None,
+                payload_json=json.dumps(payload, sort_keys=True, separators=(",", ":")),
+                metadata_json=json.dumps({"source": "post_tool_use"}),
+            )
+            logger.info(
+                "Recorded %s event for approval_id=%s (exit=%d)",
+                event_type, approval_id[:16], exit_code,
+            )
+        except Exception as exc:
+            logger.warning(
+                "Failed to record %s event for approval_id=%s (non-fatal): %s",
+                event_type, approval_id[:16], exc,
+            )
+
     # ------------------------------------------------------------------ #
     # _handle_ask_user_question_result: grant activation from user answer
     # ------------------------------------------------------------------ #

package/dist/gaia-ops/hooks/modules/agents/handoff_persister.py

@@ -170,19 +170,30 @@ def _intake_command_set_pending(
     }
 
     try:
-        from gaia.approvals.store import insert_requested
+        from gaia.approvals.store import derive_command_set_id, insert_requested
     except ImportError:
         import pathlib as _pl
         import sys as _sys
 
         _repo_root = _pl.Path(__file__).resolve().parent.parent.parent.parent
         _sys.path.insert(0, str(_repo_root))
-        from gaia.approvals.store import insert_requested
+        from gaia.approvals.store import derive_command_set_id, insert_requested
+
+    # Derive the PUBLIC approval_id deterministically from the post-filter
+    # mutative command strings. Because the id is content-derived (not uuid4),
+    # the orchestrator reproduces the SAME id from the command_set it reads in
+    # the contract via `gaia approvals derive-id` -- no DB search, no
+    # cross-session miss. The list passed here is the SAME list the CLI helper
+    # derives over (post-mutative-filter), so both sides agree.
+    derived_id = derive_command_set_id(
+        [it["command"] for it in command_set_items]
+    )
 
     approval_id = insert_requested(
         sealed_payload,
         agent_id=agent_id,
         session_id=session_id or None,
+        approval_id=derived_id,
     )
     logger.info(
         "INTAKE: plan-first COMMAND_SET pending created approval_id=%s items=%d",