@kontourai/flow-agents 0.1.2 → 0.3.0

package/kits/knowledge/flows/compile.flow.json

@@ -0,0 +1,60 @@
+{
+  "id": "knowledge.compile",
+  "version": "1.0",
+  "steps": [
+    { "id": "select-raws", "next": "compile" },
+    { "id": "compile", "next": "link" },
+    { "id": "link", "next": "done" },
+    { "id": "done", "next": null }
+  ],
+  "gates": {
+    "select-raws-gate": {
+      "step": "select-raws",
+      "expects": [
+        {
+          "id": "raw-ids-selected",
+          "kind": "surface.claim",
+          "required": true,
+          "description": "One or more raw record IDs have been selected for compilation. Each ID must resolve to an existing raw record in the store.",
+          "claim": {
+            "type": "knowledge.compile.selection",
+            "subject": "artifact",
+            "accepted_statuses": ["trusted", "accepted"]
+          }
+        }
+      ]
+    },
+    "compile-gate": {
+      "step": "compile",
+      "expects": [
+        {
+          "id": "compiled-record-provenance",
+          "kind": "surface.claim",
+          "required": true,
+          "description": "The compiled record has been created with provenance.source_ids listing every consumed raw ID, and source links (kind='source') from the compiled record to each raw record — satisfying the store contract's compiled record requirements.",
+          "claim": {
+            "type": "knowledge.compile.provenance",
+            "subject": "artifact",
+            "accepted_statuses": ["trusted", "accepted"]
+          }
+        }
+      ]
+    },
+    "link-gate": {
+      "step": "link",
+      "expects": [
+        {
+          "id": "provenance-refs-resolve",
+          "kind": "surface.claim",
+          "required": true,
+          "description": "Every provenance ref in the compiled record resolves to a retrievable raw record via the store's get() operation. The graph index reflects all source links.",
+          "claim": {
+            "type": "knowledge.compile.link-integrity",
+            "subject": "artifact",
+            "accepted_statuses": ["trusted", "accepted"]
+          }
+        }
+      ]
+    }
+  }
+}

package/kits/knowledge/flows/consolidate.flow.json

@@ -0,0 +1,77 @@
+{
+  "id": "knowledge.consolidate",
+  "version": "1.0",
+  "steps": [
+    { "id": "related-event", "next": "propose" },
+    { "id": "propose", "next": "evidence-gate" },
+    { "id": "evidence-gate", "next": "apply-or-reject" },
+    { "id": "apply-or-reject", "next": "done" },
+    { "id": "done", "next": null }
+  ],
+  "gates": {
+    "related-event-gate": {
+      "step": "related-event",
+      "expects": [
+        {
+          "id": "related-compiled-records-found",
+          "kind": "surface.claim",
+          "required": true,
+          "description": "One or more compiled records linked to the snapshot's topic have been identified. The trigger fires when new compiled records matching the snapshot topic (by category or explicit topic tag) are present. The result is a cluster of compiled record IDs that form the consolidation input.",
+          "claim": {
+            "type": "knowledge.consolidate.trigger",
+            "subject": "artifact",
+            "accepted_statuses": ["trusted", "accepted"]
+          }
+        }
+      ]
+    },
+    "propose-gate": {
+      "step": "propose",
+      "expects": [
+        {
+          "id": "consolidation-proposal-recorded",
+          "kind": "surface.claim",
+          "required": true,
+          "description": "A consolidation proposal has been recorded. The proposal carries: the updated snapshot body (latest decisions), source_ids referencing every compiled record that contributed, and supersedes_ids referencing any prior snapshot(s) for the same topic. The snapshot record is NOT mutated at this step — only a consolidation proposal record and proposes link are created.",
+          "claim": {
+            "type": "knowledge.consolidate.proposal",
+            "subject": "artifact",
+            "accepted_statuses": ["trusted", "accepted"]
+          }
+        }
+      ]
+    },
+    "evidence-gate": {
+      "step": "evidence-gate",
+      "expects": [
+        {
+          "id": "proposal-carries-source-refs",
+          "kind": "surface.claim",
+          "required": true,
+          "description": "The consolidation proposal evidence includes source_ids referencing every compiled record that contributed to the proposed snapshot body. Gate rejects if source_ids is empty or any referenced record does not exist. Also verifies that the proposer record has a 'proposes' link to the snapshot target.",
+          "claim": {
+            "type": "knowledge.consolidate.evidence",
+            "subject": "artifact",
+            "accepted_statuses": ["trusted", "accepted"]
+          }
+        }
+      ]
+    },
+    "apply-gate": {
+      "step": "apply-or-reject",
+      "expects": [
+        {
+          "id": "consolidation-gate-decision",
+          "kind": "surface.claim",
+          "required": true,
+          "description": "A gate decision (apply or reject) has been recorded. If applied: snapshot body is updated via the store update op with the proposed body; supersede op links the new snapshot to any prior snapshots for the same topic; all superseded snapshots remain queryable with provenance intact. If rejected: the snapshot body is byte-identical to its pre-proposal state.",
+          "claim": {
+            "type": "knowledge.consolidate.gate-decision",
+            "subject": "artifact",
+            "accepted_statuses": ["trusted", "accepted"]
+          }
+        }
+      ]
+    }
+  }
+}

package/kits/knowledge/flows/ingest.flow.json

@@ -0,0 +1,60 @@
+{
+  "id": "knowledge.ingest",
+  "version": "1.0",
+  "steps": [
+    { "id": "capture", "next": "classify" },
+    { "id": "classify", "next": "route" },
+    { "id": "route", "next": "done" },
+    { "id": "done", "next": null }
+  ],
+  "gates": {
+    "capture-gate": {
+      "step": "capture",
+      "expects": [
+        {
+          "id": "raw-text-received",
+          "kind": "surface.claim",
+          "required": true,
+          "description": "Raw text and metadata have been received and are non-empty.",
+          "claim": {
+            "type": "knowledge.ingest.capture",
+            "subject": "artifact",
+            "accepted_statuses": ["trusted", "accepted"]
+          }
+        }
+      ]
+    },
+    "classify-gate": {
+      "step": "classify",
+      "expects": [
+        {
+          "id": "classification-recorded",
+          "kind": "surface.claim",
+          "required": true,
+          "description": "The raw record has been classified and stored with a non-empty category and type='raw', satisfying the store contract's create op provenance requirements.",
+          "claim": {
+            "type": "knowledge.ingest.classification",
+            "subject": "artifact",
+            "accepted_statuses": ["trusted", "accepted"]
+          }
+        }
+      ]
+    },
+    "route-gate": {
+      "step": "route",
+      "expects": [
+        {
+          "id": "routing-decision",
+          "kind": "surface.claim",
+          "required": true,
+          "description": "A routing decision has been recorded for the classified raw record (e.g. queue for compile, discard, or hold).",
+          "claim": {
+            "type": "knowledge.ingest.routing",
+            "subject": "decision",
+            "accepted_statuses": ["trusted", "accepted"]
+          }
+        }
+      ]
+    }
+  }
+}

package/kits/knowledge/flows/store-contract.flow.json

@@ -0,0 +1,48 @@
+{
+  "id": "knowledge.store-contract",
+  "version": "1.0",
+  "steps": [
+    { "id": "verify-contract", "next": "done" },
+    { "id": "done", "next": null }
+  ],
+  "gates": {
+    "verify-contract-gate": {
+      "step": "verify-contract",
+      "expects": [
+        {
+          "id": "contract-suite-passed",
+          "kind": "surface.claim",
+          "required": true,
+          "description": "The contract test suite has passed 100% against the target adapter, verifying round-trip integrity, required-evidence enforcement, and graph-index consistency.",
+          "claim": {
+            "type": "knowledge.store-contract.suite-result",
+            "subject": "artifact",
+            "accepted_statuses": ["trusted", "accepted"]
+          }
+        },
+        {
+          "id": "mutation-provenance-enforced",
+          "kind": "surface.claim",
+          "required": true,
+          "description": "Every mutation operation (create, update, link, propose, apply, reject) rejects requests missing required provenance fields, as verified by the contract suite.",
+          "claim": {
+            "type": "knowledge.store-contract.provenance-enforcement",
+            "subject": "artifact",
+            "accepted_statuses": ["trusted", "accepted"]
+          }
+        },
+        {
+          "id": "round-trip-integrity",
+          "kind": "surface.claim",
+          "required": true,
+          "description": "Records round-trip raw to stored to queried with category and links intact, as verified by the contract suite.",
+          "claim": {
+            "type": "knowledge.store-contract.round-trip",
+            "subject": "artifact",
+            "accepted_statuses": ["trusted", "accepted"]
+          }
+        }
+      ]
+    }
+  }
+}

package/kits/knowledge/flows/synthesize.flow.json

@@ -0,0 +1,77 @@
+{
+  "id": "knowledge.synthesize",
+  "version": "1.0",
+  "steps": [
+    { "id": "detect-cluster", "next": "propose" },
+    { "id": "propose", "next": "evidence-gate" },
+    { "id": "evidence-gate", "next": "apply-or-reject" },
+    { "id": "apply-or-reject", "next": "done" },
+    { "id": "done", "next": null }
+  ],
+  "gates": {
+    "detect-cluster-gate": {
+      "step": "detect-cluster",
+      "expects": [
+        {
+          "id": "similar-sources-found",
+          "kind": "surface.claim",
+          "required": true,
+          "description": "At least one compiled record similar to the target concept has been identified via the similarity detector. Similarity v1 uses category match + link-overlap heuristic. The result is a cluster of source record IDs to synthesize from.",
+          "claim": {
+            "type": "knowledge.synthesize.cluster",
+            "subject": "artifact",
+            "accepted_statuses": ["trusted", "accepted"]
+          }
+        }
+      ]
+    },
+    "propose-gate": {
+      "step": "propose",
+      "expects": [
+        {
+          "id": "proposal-recorded",
+          "kind": "surface.claim",
+          "required": true,
+          "description": "A proposal carrying source refs (proposer_id + source_ids in evidence) has been recorded via the store propose op. The concept body is NOT modified at this step — only a proposes link and mutation log entry are created.",
+          "claim": {
+            "type": "knowledge.synthesize.proposal",
+            "subject": "artifact",
+            "accepted_statuses": ["trusted", "accepted"]
+          }
+        }
+      ]
+    },
+    "evidence-gate": {
+      "step": "evidence-gate",
+      "expects": [
+        {
+          "id": "proposal-carries-source-refs",
+          "kind": "surface.claim",
+          "required": true,
+          "description": "The proposal evidence includes source_ids referencing every compiled record that contributed to the proposed summary. Gate rejects if source_ids is empty or any referenced record does not exist.",
+          "claim": {
+            "type": "knowledge.synthesize.evidence",
+            "subject": "artifact",
+            "accepted_statuses": ["trusted", "accepted"]
+          }
+        }
+      ]
+    },
+    "apply-gate": {
+      "step": "apply-or-reject",
+      "expects": [
+        {
+          "id": "mutation-gate-decision",
+          "kind": "surface.claim",
+          "required": true,
+          "description": "A gate decision (apply or reject) has been recorded. If applied: concept body is updated via the store apply op with rationale and all contributing source_ids in provenance. If rejected: the store reject op is called, the concept body is byte-identical to its pre-proposal state, and only a rejection log entry is appended.",
+          "claim": {
+            "type": "knowledge.synthesize.gate-decision",
+            "subject": "artifact",
+            "accepted_statuses": ["trusted", "accepted"]
+          }
+        }
+      ]
+    }
+  }
+}

package/kits/knowledge/kit.json

@@ -0,0 +1,78 @@
+{
+  "schema_version": "1.0",
+  "id": "knowledge",
+  "name": "Knowledge Kit",
+  "product_name": "Knowledge Kit",
+  "description": "A Flow Kit for durable, gated knowledge storage. Provides a store contract with defined record types, mutation operations, and provenance rules \u2014 plus a default adapter backed by markdown files, YAML frontmatter, wikilinks, and a graph index.",
+  "flows": [
+    {
+      "id": "knowledge.store-contract",
+      "path": "flows/store-contract.flow.json",
+      "description": "Gate that requires contract-suite evidence before a store implementation is accepted."
+    },
+    {
+      "id": "knowledge.ingest",
+      "path": "flows/ingest.flow.json",
+      "description": "Ingest raw captures: capture \u2192 classify \u2192 route. Gate on classify requires category + type='raw' classification evidence per the store contract create op."
+    },
+    {
+      "id": "knowledge.compile",
+      "path": "flows/compile.flow.json",
+      "description": "Compile classified raws into durable notes: select-raws \u2192 compile \u2192 link. Gate on compile requires provenance refs to every consumed raw record."
+    },
+    {
+      "id": "knowledge.synthesize",
+      "path": "flows/synthesize.flow.json",
+      "description": "Synthesize compiled sources into concept summaries: detect-cluster \u2192 propose \u2192 evidence-gate \u2192 apply-or-reject. Mutation-gate policy: no summary mutates without an approved proposal carrying source refs; rejection leaves store untouched."
+    },
+    {
+      "id": "knowledge.consolidate",
+      "path": "flows/consolidate.flow.json",
+      "description": "Consolidate related compiled records into a living decision snapshot: related-event trigger -> consolidation proposal -> evidence gate -> apply-or-reject. Creates or updates a snapshot record; supersedes prior snapshots via supersede op (never deletes). Reuses S3 mutation-gate machinery."
+    }
+  ],
+  "docs": [
+    {
+      "id": "knowledge.readme",
+      "path": "docs/README.md"
+    },
+    {
+      "id": "knowledge.store-contract-doc",
+      "path": "docs/store-contract.md"
+    }
+  ],
+  "adapters": [
+    {
+      "id": "knowledge.default-store",
+      "path": "adapters/default-store/index.js",
+      "description": "Default store adapter: markdown files + YAML frontmatter + wikilinks + JSON graph index."
+    },
+    {
+      "id": "knowledge.flow-runner",
+      "path": "adapters/flow-runner/index.js",
+      "description": "Executable flow logic: capture(rawText, meta) \u2192 classified raw record; compile(rawIds[]) \u2192 compiled record with provenance links; synthesize(conceptId | topicSelector, options) \u2192 concept summary proposal with mutation gate; consolidate(snapshotId | topicSelector, options) \u2192 decision snapshot consolidation with supersede-not-delete. Emits canonical telemetry events at gate points."
+    }
+  ],
+  "evals": [
+    {
+      "id": "knowledge.contract-suite",
+      "path": "evals/contract-suite/suite.test.js",
+      "description": "Parameterized contract test suite for any Knowledge Kit store adapter."
+    },
+    {
+      "id": "knowledge.ingest-compile-suite",
+      "path": "evals/ingest-compile/suite.test.js",
+      "description": "Eval cases for ingest (AC-mapped), compile provenance gate, telemetry emission, and ref resolution."
+    },
+    {
+      "id": "knowledge.synthesis-suite",
+      "path": "evals/synthesis/suite.test.js",
+      "description": "Eval cases for synthesize: AC1 (similar source \u2192 proposal not mutation), AC2 (rejection leaves concept byte-identical), AC3 (apply updates with provenance to all contributing sources), pluggable-similarity interface test, gate telemetry."
+    },
+    {
+      "id": "knowledge.consolidation-suite",
+      "path": "evals/consolidation/suite.test.js",
+      "description": "Eval cases for consolidate: AC1 (related event -> proposal, not mutation); AC2 (apply updates exactly ONE snapshot, links supersedes refs, superseded sources still queryable); AC3 fixture (decision changed across 3 events -> snapshot reflects ONLY latest decision, provenance to all 3); supersede-not-delete invariant; gate telemetry; contract suite extensions for snapshot semantics."
+    }
+  ]
+}

package/package.json

@@ -1,15 +1,19 @@
 {
   "name": "@kontourai/flow-agents",
-  "version": "0.1.2",
-  "description": "Flow Agents — a Kontour product that applies Flow and Veritas discipline inside the agent tools you already use: Claude Code, Codex, Kiro, and GitHub Actions.",
+  "version": "0.3.0",
+  "description": "Flow Agents — a Kontour product that applies Flow and Veritas discipline as a portable process layer inside the agent tools you already use: Claude Code, Codex, Kiro, opencode, pi, and GitHub Actions — with framework adapters (AWS Strands preview) on the same policy-engine contract.",
   "keywords": [
     "agents",
     "ai-agents",
     "workflow",
     "skills",
+    "hooks",
     "claude-code",
     "codex",
     "kiro",
+    "opencode",
+    "pi",
+    "strands",
     "evidence",
     "process-transparency"
   ],
@@ -108,6 +112,7 @@
     "validate:hook-influence": "npm run build --silent && node build/src/cli.js validate-hook-influence",
     "workflow-artifact-cleanup-audit": "npm run build --silent && node build/src/cli.js workflow-artifact-cleanup-audit",
     "fixture:retirement-audit": "npm run build --silent && node build/src/cli.js fixture-retirement-audit",
+    "dogfood": "npm run build --silent && node scripts/dogfood.js",
     "setup:repo-hooks": "bash scripts/setup-repo-hooks.sh",
     "validate:repo-hooks": "bash evals/static/test_repo_hooks.sh",
     "eval": "bash evals/run.sh",

package/packaging/conformance/README.md

@@ -0,0 +1,142 @@
+# Flow Agents Conformance Kit
+
+The conformance kit lets third-party adapter authors self-certify their implementation against the Flow Agents policy engine contract.
+
+---
+
+## What is the conformance kit?
+
+Flow Agents ships four canonical policy classes (config-protection, quality-gate, stop-goal-fit, workflow-steering) that adapters must invoke via subprocess or native import. The conformance kit provides:
+
+1. **Golden fixtures** (`fixtures/`) — payload→expected-decision JSON pairs, one per policy class × canonical event × case, extracted from real engine behavior.
+2. **Conformance runner** (`run-conformance.js`) — a standalone Node.js script (no npm deps) that pipes each fixture through an adapter command and reports per-level verdict.
+
+---
+
+## Conformance levels
+
+| Level | What is required |
+|-------|-----------------|
+| **L0** | No policy fixtures required. Adapter wires telemetry only. |
+| **L1** | Workflow steering (`userPromptSubmit`) and stop-goal-fit (`stop`) in warning mode must pass. |
+| **L2** | All L1 requirements plus config-protection (`preToolUse`, blocking) and quality-gate (`postToolUse`, non-blocking). |
+
+These levels match the definitions in `docs/spec/runtime-hook-surface.md` §4.
+
+---
+
+## Quick start
+
+```bash
+# Self-test the canonical engine (must report L2):
+node packaging/conformance/run-conformance.js --self
+
+# Test a third-party adapter:
+node packaging/conformance/run-conformance.js \
+  --adapter-cmd "node /path/to/your-adapter.js" \
+  --level L2
+
+# Test at L1 only:
+node packaging/conformance/run-conformance.js \
+  --adapter-cmd "node /path/to/your-adapter.js" \
+  --level L1
+```
+
+---
+
+## Adapter contract
+
+Your adapter command:
+- Receives a canonical JSON payload on **stdin** (one JSON object, see §Payload schema).
+- Writes the input JSON (or augmented form) to **stdout** on allow.
+- Writes nothing meaningful to stdout on block (or empty/echoed input).
+- Exits **0** to allow, **2** to block, any other code for error (treated as allow / fail-open).
+
+The runner invokes your command exactly once per fixture via `sh -c "<your-cmd>"`.
+
+---
+
+## Payload schema (contract_version "1.0")
+
+All payloads are JSON objects with:
+
+| Field | Type | Description |
+|-------|------|-------------|
+| `hook_event_name` | string | Canonical event name: `PreToolUse`, `PostToolUse`, `UserPromptSubmit`, `Stop` |
+| `tool_name` | string? | Tool name (for tool-call events) |
+| `tool_input` | object? | Tool input (for tool-call events); contains `path` or `file_path` for write tools |
+| `cwd` | string? | Current working directory of the agent session |
+
+Full payload/decision schema is documented in `docs/spec/runtime-hook-surface.md` §8 (Engine Contract).
+
+---
+
+## Fixture inventory
+
+| Fixture | Policy class | Event | Level | What it tests |
+|---------|-------------|-------|-------|---------------|
+| `config-protection--block-eslintrc.json` | config-protection | preToolUse | L2 | Block write to `.eslintrc.json` |
+| `config-protection--block-biome.json` | config-protection | preToolUse | L2 | Block edit to `biome.json` via `file_path` |
+| `config-protection--allow-safe-file.json` | config-protection | preToolUse | L2 | Allow write to `src/main.ts` |
+| `config-protection--allow-no-path.json` | config-protection | preToolUse | L2 | Allow when no path in tool_input |
+| `quality-gate--allow-nonexistent-file.json` | quality-gate | postToolUse | L2 | Non-blocking for missing .ts file |
+| `quality-gate--allow-no-path.json` | quality-gate | postToolUse | L2 | Non-blocking when no path in tool_input |
+| `stop-goal-fit--allow-clean-cwd.json` | stop-goal-fit | stop | L1 | No warnings in clean workspace |
+| `stop-goal-fit--warn-active-delivery.json` | stop-goal-fit | stop | L1 | Warnings for active delivery without DOD/GoalFit |
+| `stop-goal-fit--block-strict-mode.json` | stop-goal-fit | stop | L2 | Exit 2 with FLOW_AGENTS_GOAL_FIT_STRICT=true |
+| `workflow-steering--allow-no-state.json` | workflow-steering | userPromptSubmit | L1 | Pass-through when no active workflow state |
+| `workflow-steering--inject-active-state.json` | workflow-steering | userPromptSubmit | L1 | Injects STATE hint for blocked task |
+| `workflow-steering--inject-subagent-steering.json` | workflow-steering | postToolUse | L1 | Injects EXECUTION COMPLETE hint after tool-worker |
+
+Fixtures with `workspace_setup` create a temporary directory with the listed files before invoking the adapter, and clean it up afterward. The `cwd` field in those payloads is replaced with the temp directory path at runtime.
+
+---
+
+## How to declare conformance
+
+After running the conformance kit, include a conformance declaration in your adapter documentation:
+
+```yaml
+conformance_level: L2          # or L0 / L1
+engine_contract_version: "1.0"
+runner_version: "run-conformance.js"
+test_date: 2026-06-11
+verdict: PASS
+fixture_count: 12
+fixtures_passed: 12
+gaps: []                       # List any declared gaps here
+```
+
+If any fixtures fail, list them under `gaps` with a description of the degradation behavior.
+
+---
+
+## Declaring gaps
+
+If your adapter legitimately cannot satisfy a fixture (e.g., the host runtime has no blocking `preToolUse` equivalent), declare it explicitly:
+
+```yaml
+gaps:
+  - fixture: config-protection--block-eslintrc.json
+    reason: "Host does not support blocking tool calls; config-protection fails open"
+    degradation: "Agent may modify linter configs without interception"
+    workaround: "Run config-protection as a linting step in CI instead"
+```
+
+Declared gaps do not prevent reaching a lower conformance level.
+
+---
+
+## CLI reference
+
+```
+node packaging/conformance/run-conformance.js [options]
+
+  --self              Run against the canonical engine (target L2)
+  --adapter-cmd CMD   Shell command to pipe fixtures to (adapter under test)
+  --level L0|L1|L2    Minimum conformance level to enforce (default: L2 for --self, L0 for --adapter-cmd)
+  --fixtures DIR      Override fixture directory (default: packaging/conformance/fixtures/)
+  --verbose           Print fixture payloads and full output in per-fixture results
+```
+
+Exit codes: `0` = target level reached, `1` = target level not reached, `2` = usage error.

package/packaging/conformance/fixtures/config-protection--allow-no-path.json

@@ -0,0 +1,18 @@
+{
+  "description": "config-protection allows when no file path is present in tool_input",
+  "policy_class": "config-protection",
+  "canonical_event": "preToolUse",
+  "conformance_level": "L2",
+  "hook_id": "config-protection",
+  "hook_script": "config-protection.js",
+  "payload": {
+    "hook_event_name": "PreToolUse",
+    "tool_name": "write",
+    "tool_input": {}
+  },
+  "expected": {
+    "exit_code": 0,
+    "stderr_is_empty": true,
+    "stdout_echoes_input": true
+  }
+}

package/packaging/conformance/fixtures/config-protection--allow-safe-file.json

@@ -0,0 +1,20 @@
+{
+  "description": "config-protection allows a write to a regular source file",
+  "policy_class": "config-protection",
+  "canonical_event": "preToolUse",
+  "conformance_level": "L2",
+  "hook_id": "config-protection",
+  "hook_script": "config-protection.js",
+  "payload": {
+    "hook_event_name": "PreToolUse",
+    "tool_name": "write",
+    "tool_input": {
+      "path": "/repo/src/main.ts"
+    }
+  },
+  "expected": {
+    "exit_code": 0,
+    "stderr_is_empty": true,
+    "stdout_echoes_input": true
+  }
+}

package/packaging/conformance/fixtures/config-protection--block-biome.json

@@ -0,0 +1,20 @@
+{
+  "description": "config-protection blocks an edit to biome.json (protected Biome config)",
+  "policy_class": "config-protection",
+  "canonical_event": "preToolUse",
+  "conformance_level": "L2",
+  "hook_id": "config-protection",
+  "hook_script": "config-protection.js",
+  "payload": {
+    "hook_event_name": "PreToolUse",
+    "tool_name": "edit",
+    "tool_input": {
+      "file_path": "biome.json"
+    }
+  },
+  "expected": {
+    "exit_code": 2,
+    "stderr_contains": ["BLOCKED", "biome.json"],
+    "stdout_is_empty": true
+  }
+}

package/packaging/conformance/fixtures/config-protection--block-eslintrc.json

@@ -0,0 +1,20 @@
+{
+  "description": "config-protection blocks a write to .eslintrc.json (protected ESLint config)",
+  "policy_class": "config-protection",
+  "canonical_event": "preToolUse",
+  "conformance_level": "L2",
+  "hook_id": "config-protection",
+  "hook_script": "config-protection.js",
+  "payload": {
+    "hook_event_name": "PreToolUse",
+    "tool_name": "write",
+    "tool_input": {
+      "path": "/repo/.eslintrc.json"
+    }
+  },
+  "expected": {
+    "exit_code": 2,
+    "stderr_contains": ["BLOCKED"],
+    "stdout_is_empty": true
+  }
+}