@ktpartners/dgs-platform 3.0.4 → 3.3.0

package/deliver-great-systems/workflows/run-job.md

@@ -1,5 +1,5 @@
 <purpose>
-Execute a milestone build job end-to-end. Reads the job file, loops through pending steps, spawns an isolated subagent per step, updates the job file in real-time, handles failures with immediate halt, manages dynamic gap-fix cycles at both milestone level (GapFixCycle, max 3) and phase level (PhaseFixCycle, max 2), and moves completed jobs to the completed/ directory. Supports --dry-run mode for step preview without execution. Auto-generates job summaries on completion and failure.
+Execute a milestone build job end-to-end. Reads the job file, loops through pending steps, spawns an isolated subagent per step, updates the job file in real-time, handles failures with immediate halt, manages dynamic gap-fix cycles at both milestone level (GapFixCycle, max 3) and phase level (PhaseFixCycle, max 2), and marks completed jobs with status: completed. Supports --dry-run mode for step preview without execution. Auto-generates job summaries on completion and failure.
 
 The orchestrator stays lean: it reads only the job file and MILESTONE-AUDIT.md (plus phase UAT status via CLI for phase-level audits). All actual work is delegated to subagents via Task tool. Each subagent gets a fresh context window with no shared state beyond what is on disk.
 </purpose>
@@ -106,7 +106,7 @@ Parse the JSON result.
 Error: No job found for version {VERSION}. Create one with /dgs:create-milestone-job {VERSION}
 ```
 
-**If found in `completed/` directory:**
+**If found.status is 'completed':**
 ```
 Error: Job {VERSION} is already completed.
 ```
@@ -117,21 +117,14 @@ Store `JOB_PATH` from the result for all subsequent operations.
 <step name="move_to_in_progress">
 Transition the job to in-progress state if needed.
 
-**If job is in `pending/`:**
+**If found.status is 'pending':**
 
-1. Move the file to `in-progress/`:
+1. Set the job status to in-progress (updates both frontmatter and header):
    ```bash
-   node ~/.claude/deliver-great-systems/bin/dgs-tools.cjs jobs move "$JOB_PATH" "${jobs_root}/in-progress"
+   node ~/.claude/deliver-great-systems/bin/dgs-tools.cjs jobs set-status "$VERSION" --status in-progress
    ```
 
-2. Update `JOB_PATH` to reflect the new location under `in-progress/`.
-
-3. Update the header Status field (using the updated `$JOB_PATH`):
-   ```bash
-   node ~/.claude/deliver-great-systems/bin/dgs-tools.cjs jobs update-header "$JOB_PATH" Status in-progress
-   ```
-
-**If already in `in-progress/`:** Skip the move. The job is being resumed.
+**If found.status is already 'in-progress':** Skip. The job is being resumed.
 
 **Record starting commit SHAs:**
 
@@ -332,13 +325,13 @@ Loop through steps starting from `nextStepIndex`.
    ```bash
    SUMMARY=$(node ~/.claude/deliver-great-systems/bin/dgs-tools.cjs jobs generate-summary "$VERSION")
    ```
-   Parse the result. If `found: true`, write the `content` field to `${jobs_root}/in-progress/job-{version}-SUMMARY.md` using the Write tool (job stays in in-progress/ on failure).
-   Display: `Job summary written to ${jobs_root}/in-progress/job-{version}-SUMMARY.md`
+   Parse the result. If `found: true`, write the `content` field to `${jobs_root}/job-{version}-SUMMARY.md` using the Write tool (job stays in place on failure -- status is tracked in frontmatter).
+   Display: `Job summary written to ${jobs_root}/job-{version}-SUMMARY.md`
 
    **Commit and push failure summary:**
 
    ```bash
-   node "$HOME/.claude/deliver-great-systems/bin/dgs-tools.cjs" commit "docs(job): ${VERSION} failure summary" --files "${jobs_root}/in-progress/job-${VERSION}-SUMMARY.md" --push
+   node "$HOME/.claude/deliver-great-systems/bin/dgs-tools.cjs" commit "docs(job): ${VERSION} failure summary" --files "${jobs_root}/job-${VERSION}-SUMMARY.md" --push
    ```
 
    **HALT immediately.** Do not proceed to the next step.
@@ -536,39 +529,32 @@ After an `audit-phase` step completes successfully, check the phase audit outcom
 <step name="complete_job">
 When all steps are completed (`nextStepIndex` is null after the loop):
 
-1. **Update header Status to `completed`:**
+1. **Set job status to `completed`** (updates both frontmatter and header):
    ```bash
-   node ~/.claude/deliver-great-systems/bin/dgs-tools.cjs jobs update-header "$JOB_PATH" Status completed
+   node ~/.claude/deliver-great-systems/bin/dgs-tools.cjs jobs set-status "$VERSION" --status completed
    ```
 
-2. **Move job to `completed/`:**
-   ```bash
-   node ~/.claude/deliver-great-systems/bin/dgs-tools.cjs jobs move "$JOB_PATH" "${jobs_root}/completed"
-   ```
-
-   Update `JOB_PATH` to reflect the new location under `completed/`.
-
    **Commit and push job status:**
 
    ```bash
-   git add -A "$(dirname "$JOB_PATH")/../"
+   git add -A "$(dirname "$JOB_PATH")/"
    node "$HOME/.claude/deliver-great-systems/bin/dgs-tools.cjs" commit "docs(job): ${VERSION} completed" --push
    ```
 
-3. **Generate job summary:**
+2. **Generate job summary:**
    ```bash
    SUMMARY=$(node ~/.claude/deliver-great-systems/bin/dgs-tools.cjs jobs generate-summary "$VERSION")
    ```
-   Parse the result. If `found: true`, write the `content` field to `${jobs_root}/completed/job-{version}-SUMMARY.md` using the Write tool.
-   Display: `Job summary written to ${jobs_root}/completed/job-{version}-SUMMARY.md`
+   Parse the result. If `found: true`, write the `content` field to `${jobs_root}/job-{version}-SUMMARY.md` using the Write tool.
+   Display: `Job summary written to ${jobs_root}/job-{version}-SUMMARY.md`
 
    **Commit and push completion summary:**
 
    ```bash
-   node "$HOME/.claude/deliver-great-systems/bin/dgs-tools.cjs" commit "docs(job): ${VERSION} completion summary" --files "${jobs_root}/completed/job-${VERSION}-SUMMARY.md" --push
+   node "$HOME/.claude/deliver-great-systems/bin/dgs-tools.cjs" commit "docs(job): ${VERSION} completion summary" --files "${jobs_root}/job-${VERSION}-SUMMARY.md" --push
    ```
 
-4. **Post-workflow push (sync_after):**
+3. **Post-workflow push (sync_after):**
 
    Follow the sync-hooks post-workflow push pattern with `WORKFLOW_NAME = "run-job"`:
 
@@ -582,7 +568,7 @@ When all steps are completed (`nextStepIndex` is null after the loop):
 
    Display aggregated push summary including any accumulated `SYNC_WARNINGS` from mid-workflow pushes.
 
-5. **Display completion banner:**
+4. **Display completion banner:**
 
    If `AUTO_RESOLVE_COUNT` is 0:
    ```
@@ -617,11 +603,11 @@ The orchestrator MUST stay lean per EXEC-07:
 - [ ] Milestone audit gap-fix cycle auto-approved with 3-cycle safety limit
 - [ ] Phase audit gap-fix cycle auto-approved with 2-cycle safety limit
 - [ ] PhaseFixCycle counter resets on plan-phase/map-codebase steps
-- [ ] Completed jobs moved to completed/ directory with banner
+- [ ] Completed jobs marked with status: completed with banner
 - [ ] Orchestrator reads only job file and MILESTONE-AUDIT.md (phase UAT via CLI)
 - [ ] --dry-run flag displays step preview without executing
-- [ ] Job summary auto-generated on completion (written to completed/)
-- [ ] Job summary auto-generated on failure (written to in-progress/)
+- [ ] Job summary auto-generated on completion (written to ${jobs_root}/)
+- [ ] Job summary auto-generated on failure (written to ${jobs_root}/)
 - [ ] Pre-workflow pull executed before job steps start (sync_before)
 - [ ] Mid-workflow push after phase-completing steps (silent, no prompt)
 - [ ] Post-workflow push after job completion (sync_after)

package/deliver-great-systems/workflows/settings.md

@@ -45,8 +45,8 @@ Parse current values (default to `true` if not present):
 - `workflow.verifier` — spawn verifier during execute-phase
 - `workflow.nyquist_validation` — validation architecture research during plan-phase (default: true if absent)
 - `workflow.codereview` — spawn code reviewer after plan execution (default: false if absent)
+- `workflow.four_eyes` — four-eyes completion governance mode (default: "off" if absent)
 - `model_profile` — which model each agent uses (default: `balanced`)
-- `git.branching_strategy` — branching approach (default: `"none"`)
 - `git.base_branch` — integration target branch for code repos (default: `"main"`)
 - `git.sync_push` — remote sync push mode (default: "off" if absent for existing installs)
 - `git.sync_pull` — remote sync pull mode (default: "off" if absent for existing installs)
@@ -59,62 +59,6 @@ CLAUDE_MD_HAS_DGS=$(grep -l 'DGS:BEGIN' ./CLAUDE.md 2>/dev/null && echo "true" |
 ```
 </step>
 
-<step name="detect_old_templates">
-After loading current config, check if the branch templates use old defaults without `{project}`:
-
-```bash
-CURRENT_PHASE_TPL=$(node "$HOME/.claude/deliver-great-systems/bin/dgs-tools.cjs" config-get git.phase_branch_template --raw 2>/dev/null)
-CURRENT_MILESTONE_TPL=$(node "$HOME/.claude/deliver-great-systems/bin/dgs-tools.cjs" config-get git.milestone_branch_template --raw 2>/dev/null)
-```
-
-If either template is set AND does not contain `{project}`, and `branching_strategy` is not `"none"`, show migration hint before the settings questions:
-
-```
-━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
- DGS ► BRANCH TEMPLATE UPDATE AVAILABLE
-━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
-
-Your branch templates don't include the project name, which can cause
-collisions in multi-project setups.
-
-Current:  {current_phase_tpl}
-Suggested: dgs/{project}/phase-{phase}-{slug}
-
-Current:  {current_milestone_tpl}
-Suggested: dgs/{project}/{milestone}-{slug}
-```
-
-Use AskUserQuestion:
-```
-AskUserQuestion([{
-  question: "Update branch templates to include project name?",
-  header: "Templates",
-  multiSelect: false,
-  options: [
-    { label: "Yes (Recommended)", description: "Updates templates to include {project} for multi-project safety" },
-    { label: "No", description: "Keep current templates" }
-  ]
-}])
-```
-
-If "Yes": write updated templates to config.json using config-set:
-```bash
-node "$HOME/.claude/deliver-great-systems/bin/dgs-tools.cjs" config-set git.phase_branch_template "dgs/{project}/phase-{phase}-{slug}"
-node "$HOME/.claude/deliver-great-systems/bin/dgs-tools.cjs" config-set git.milestone_branch_template "dgs/{project}/{milestone}-{slug}"
-```
-
-Show confirmation:
-```
-Updated branch templates to include {project}.
-Branch names will now look like: dgs/your-project/phase-03-auth
-
-Note: Existing branches using the old format will NOT be renamed.
-Only new branches will use the updated format.
-```
-
-If templates already contain `{project}` or branching_strategy is "none": skip this step silently.
-</step>
-
 <step name="present_settings">
 Use AskUserQuestion with current values pre-selected:
 
@@ -185,21 +129,14 @@ AskUserQuestion([
     ]
   },
   {
-    question: "Git branching strategy?",
-    header: "Branching",
+    question: "Four-eyes completion governance? (requires a second contributor for milestone/quick completion)",
+    header: "Four-Eyes",
     multiSelect: false,
     options: [
-      { label: "None (Recommended)", description: "Commit to current branch (fine for single projects)" },
-      { label: "Per Phase", description: "Branch per phase, review before merging" },
-      { label: "Per Milestone", description: "Branch per project, merge all at end (for parallel projects)" }
+      { label: "Off", description: "No contributor check at completion gates" },
+      { label: "Warn", description: "Warn if only one contributor, but allow completion" },
+      { label: "Enforce", description: "Block completion unless a second contributor is detected (bypass with --force)" }
     ]
-  },
-  {
-    question: "Base branch for code repos? (integration target for branching operations)",
-    header: "Git",
-    multiSelect: false,
-    freeform: true,
-    placeholder: currentConfig.base_branch || "main"
   }
 ])
 ```
@@ -450,11 +387,11 @@ Merge new settings into existing config:
     "auto_advance": true/false,
     "nyquist_validation": true/false,
     "codereview": true/false,
-    "discipline": true/false
+    "discipline": true/false,
+    "four_eyes": "off" | "warn" | "enforce"
   },
   "git": {
-    "branching_strategy": "none" | "phase" | "milestone",
-    "base_branch": "main" | user_answer,
+    "base_branch": "main",
     "sync_push": "off" | "prompt" | "auto",
     "sync_pull": "off" | "prompt" | "auto"
   }
@@ -495,7 +432,6 @@ Write `~/.dgs/defaults.json` with:
   "model_profile": <current>,
   "commit_docs": <current>,
   "parallelization": <current>,
-  "branching_strategy": <current>,
   "workflow": {
     "research": <current>,
     "plan_check": <current>,
@@ -503,7 +439,8 @@ Write `~/.dgs/defaults.json` with:
     "auto_advance": <current>,
     "nyquist_validation": <current>,
     "codereview": <current>,
-    "discipline": <current>
+    "discipline": <current>,
+    "four_eyes": <current>
   },
   "git": {
     "sync_push": <current>,
@@ -544,8 +481,7 @@ Display:
 | Auto-Advance         | {On/Off} |
 | Nyquist Validation   | {On/Off} |
 | Code Reviewer        | {On/Off} |
-| Git Branching        | {None/Per Phase/Per Milestone} |
-| Base Branch          | {main/develop/etc.} |
+| Four-Eyes Governance | {Off/Warn/Enforce} |
 | Workflow Discipline  | {On/Off} |
 | Git Sync Push        | {Off/Prompt/Auto} |
 | Git Sync Pull        | {Off/Prompt/Auto} |
@@ -567,7 +503,7 @@ Quick commands:
 
 <success_criteria>
 - [ ] Current config read
-- [ ] User presented with 9 workflow settings (profile + 6 workflow toggles + git branching + base branch)
+- [ ] User presented with 8 workflow settings (profile + 6 workflow toggles + four-eyes governance)
 - [ ] User shown review key status (read-only)
 - [ ] Config updated with model_profile, workflow, and git sections
 - [ ] User offered to save as global defaults (~/.dgs/defaults.json)

package/deliver-great-systems/workflows/write-spec.md

@@ -222,7 +222,7 @@ node ~/.claude/deliver-great-systems/bin/dgs-tools.cjs specs add-log-entry --id
 
 Commit the draft:
 ```bash
-node ~/.claude/deliver-great-systems/bin/dgs-tools.cjs commit "specs: draft $id from ideas $idea_ids" --push --files ${project_root}/specs/$filename
+node ~/.claude/deliver-great-systems/bin/dgs-tools.cjs commit "specs: draft $id from ideas $idea_ids" --push --files specs/$filename
 ```
 
 Store `SPEC_ID` and `FILENAME` for subsequent steps.
@@ -289,7 +289,7 @@ Use AskUserQuestion: "Review the draft spec above. Type **approve** to send to r
 
 After approval, commit any changes:
 ```bash
-node ~/.claude/deliver-great-systems/bin/dgs-tools.cjs commit "specs: revise draft $SPEC_ID" --push --files ${project_root}/specs/$FILENAME
+node ~/.claude/deliver-great-systems/bin/dgs-tools.cjs commit "specs: revise draft $SPEC_ID" --push --files specs/$FILENAME
 ```
 </step>
 
@@ -350,7 +350,7 @@ Estimated cost: ~$X.XX
 **6. Commit updated spec:**
 
 ```bash
-node ~/.claude/deliver-great-systems/bin/dgs-tools.cjs commit "specs: review $SPEC_ID (N rounds)" --push --files ${project_root}/specs/$FILENAME
+node ~/.claude/deliver-great-systems/bin/dgs-tools.cjs commit "specs: review $SPEC_ID (N rounds)" --push --files specs/$FILENAME
 ```
 </step>
 
@@ -394,18 +394,16 @@ Source ideas moved to done: $IDEAS_MOVED
 Research documents moved to done: $RESEARCH_DOCS_MOVED (if any)
 
 What would you like to do next?
-1. Create a new project from this spec -> /dgs:new-project
-2. Add a milestone to an existing project -> /dgs:new-milestone
-3. Nothing for now -- the spec is saved and ready when you are
+1. Start a milestone from this spec -> /dgs:new-milestone --auto $SPEC_ID
+2. Nothing for now -- the spec is saved and ready when you are
 ```
 
-In interactive mode, use AskUserQuestion: "Choose 1, 2, or 3 (or just press enter to defer):"
+In interactive mode, use AskUserQuestion: "Choose 1 or 2 (or just press enter to defer):"
 
-- If **1**: Tell user "Run `/dgs:new-project` and reference spec `$FILENAME` during project creation."
-- If **2**: Tell user "Run `/dgs:new-milestone` and reference spec `$FILENAME` during milestone creation."
-- If **3** or empty/enter: Output "Spec saved. You can find it at `${project_root}/specs/$FILENAME`."
+- If **1**: Tell user "Run `/dgs:new-milestone --auto $SPEC_ID` to start a milestone from this spec. If no project exists yet, run `/dgs:new-project` first to create the project holder, then `/dgs:new-milestone --auto $SPEC_ID`."
+- If **2** or empty/enter: Output "Spec saved. You can find it at `specs/$FILENAME` (planning root)."
 
-In `--auto` mode: skip the routing question, just output the summary with the three options listed for reference.
+In `--auto` mode: skip the routing question, just output the summary with the two options listed for reference.
 </step>
 
 </process>

package/hooks/dist/dgs-enforce-discipline.js

@@ -0,0 +1,196 @@
+#!/usr/bin/env node
+// DGS Workflow Discipline Enforcement - PreToolUse + PostToolUse hook
+//
+// Ensures Edit/Write tool calls only happen inside /dgs:* commands.
+// Works via a marker file that tracks active DGS command state:
+//
+// 1. When tool_name is "Skill" and the skill name starts with "dgs:":
+//    - PreToolUse: Write a marker file to /tmp/dgs-active-{session_id}.json
+//    - PostToolUse: Delete the marker, then check for uncommitted DGS files
+//
+// 2. When tool_name is "Edit" or "Write":
+//    - Check for marker file — if present, allow
+//    - Check if target path is in the allowlist — if so, allow
+//    - Check if cwd is a DGS planning folder — if not, allow (non-DGS project)
+//    - Otherwise, deny with explanation
+//
+// Safety net: After every /dgs:* command completes, checks for uncommitted
+// DGS-managed files and auto-commits them. Logs a warning so the upstream
+// workflow bug can be identified and fixed.
+
+const fs = require('fs');
+const os = require('os');
+const path = require('path');
+const { execSync } = require('child_process');
+
+// Paths where Edit/Write is allowed without a DGS command
+const ALLOWED_PATH_PATTERNS = [
+  /\.claude\/projects\/.*\/memory\//,   // Auto-memory system
+  /\.claude\/.*\/memory\//,             // Memory in any .claude subfolder
+  /\/tmp\//,                            // Temp files
+];
+
+// DGS-managed paths that should be committed (relative to planning root)
+// Used by the safety net to detect orphaned writes after a command completes
+const DGS_MANAGED_PATTERNS = [
+  /^STATE\.md$/,
+  /^PROJECTS\.md$/,
+  /^MILESTONES\.md$/,
+  /^RETROSPECTIVE\.md$/,
+  /^CLAUDE\.md$/,
+  /^config\.json$/,
+  /^projects\/[^/]+\/STATE\.md$/,
+  /^projects\/[^/]+\/ROADMAP\.md$/,
+  /^projects\/[^/]+\/REQUIREMENTS\.md$/,
+  /^projects\/[^/]+\/PROJECT\.md$/,
+  /^projects\/[^/]+\/phases\//,
+  /^projects\/[^/]+\/milestones\//,
+  /^specs\//,
+  /^ideas\//,
+  /^todos\//,
+  /^jobs\//,
+  /^quick\//,
+  /^milestones\//,
+  /^codebase\//,
+];
+
+function getMarkerPath(sessionId) {
+  return path.join(os.tmpdir(), `dgs-active-${sessionId}.json`);
+}
+
+function isDgsProject(cwd) {
+  try {
+    const configPath = path.join(cwd, 'config.json');
+    if (!fs.existsSync(configPath)) return false;
+    const content = fs.readFileSync(configPath, 'utf-8');
+    return content.includes('"product_name"');
+  } catch {
+    return false;
+  }
+}
+
+function isAllowedPath(filePath) {
+  if (!filePath) return false;
+  return ALLOWED_PATH_PATTERNS.some(pattern => pattern.test(filePath));
+}
+
+function getTargetPath(toolName, toolInput) {
+  if (!toolInput) return null;
+  // Edit and Write both use file_path
+  return toolInput.file_path || null;
+}
+
+let input = '';
+const stdinTimeout = setTimeout(() => process.exit(0), 3000);
+process.stdin.setEncoding('utf8');
+process.stdin.on('data', chunk => input += chunk);
+process.stdin.on('end', () => {
+  clearTimeout(stdinTimeout);
+  try {
+    const data = JSON.parse(input);
+    const sessionId = data.session_id;
+    const hookEvent = data.hook_event_name;
+    const toolName = data.tool_name;
+    const toolInput = data.tool_input || {};
+    const cwd = data.cwd || process.cwd();
+
+    // ── PostToolUse: Clean up marker + safety net when Skill completes ──
+    if (hookEvent === 'PostToolUse') {
+      if (toolName === 'Skill') {
+        const skillName = toolInput.skill || toolInput.name || '';
+        if (skillName.startsWith('dgs:')) {
+          // Delete the active marker
+          const markerPath = getMarkerPath(sessionId);
+          try { fs.unlinkSync(markerPath); } catch { /* already gone */ }
+
+          // Safety net: check for uncommitted DGS-managed files
+          if (isDgsProject(cwd)) {
+            try {
+              const status = execSync('git status --porcelain', { cwd, encoding: 'utf-8', timeout: 5000 });
+              if (status.trim()) {
+                const lines = status.trim().split('\n');
+                const dirty = lines
+                  .map(l => l.slice(3).trim())  // strip status prefix (e.g., " M ", "?? ")
+                  .filter(f => DGS_MANAGED_PATTERNS.some(p => p.test(f)));
+
+                if (dirty.length > 0) {
+                  // Stage and commit orphaned DGS files
+                  for (const f of dirty) {
+                    execSync(`git add "${f}"`, { cwd, stdio: 'pipe', timeout: 5000 });
+                  }
+                  const msg = `chore: auto-commit ${dirty.length} uncommitted DGS file(s) after ${skillName}`;
+                  execSync(`git commit -m "${msg}"`, { cwd, stdio: 'pipe', timeout: 10000 });
+
+                  // Warn via additionalContext so Claude sees it
+                  const result = {
+                    continue: true,
+                    suppressOutput: false,
+                    hookSpecificOutput: {
+                      hookEventName: 'PostToolUse',
+                      additionalContext: `[DGS safety net] Auto-committed ${dirty.length} orphaned file(s) after ${skillName}: ${dirty.join(', ')}. This indicates a missing commit in the ${skillName} workflow — consider fixing upstream.`,
+                    },
+                  };
+                  process.stdout.write(JSON.stringify(result));
+                  process.exit(0);
+                }
+              }
+            } catch { /* git not available or commit failed — don't block */ }
+          }
+        }
+      }
+      process.exit(0);
+    }
+
+    // ── PreToolUse: Skill → write marker ──
+    if (hookEvent === 'PreToolUse' && toolName === 'Skill') {
+      const skillName = toolInput.skill || toolInput.name || '';
+      if (skillName.startsWith('dgs:')) {
+        const markerPath = getMarkerPath(sessionId);
+        const marker = {
+          command: skillName,
+          started: new Date().toISOString(),
+          session_id: sessionId,
+        };
+        fs.writeFileSync(markerPath, JSON.stringify(marker));
+      }
+      process.exit(0);
+    }
+
+    // ── PreToolUse: Edit/Write → check marker ──
+    if (hookEvent === 'PreToolUse' && (toolName === 'Edit' || toolName === 'Write')) {
+      // Not a DGS project? Allow everything.
+      if (!isDgsProject(cwd)) {
+        process.exit(0);
+      }
+
+      // Target path in allowlist? Allow.
+      const targetPath = getTargetPath(toolName, toolInput);
+      if (isAllowedPath(targetPath)) {
+        process.exit(0);
+      }
+
+      // DGS command active? Allow.
+      const markerPath = getMarkerPath(sessionId);
+      if (fs.existsSync(markerPath)) {
+        process.exit(0);
+      }
+
+      // No DGS command active in a DGS project — deny.
+      const result = {
+        hookSpecificOutput: {
+          hookEventName: 'PreToolUse',
+          permissionDecision: 'deny',
+          permissionDecisionReason: 'DGS workflow discipline: Edit/Write requires an active /dgs:* command. Use /dgs:fast (trivial), /dgs:quick (small), or /dgs:execute-phase (feature). Say "skip DGS" to bypass.',
+        },
+      };
+      process.stdout.write(JSON.stringify(result));
+      process.exit(0);
+    }
+
+    // Any other tool/event — allow
+    process.exit(0);
+  } catch {
+    // Parse error or unexpected input — don't block
+    process.exit(0);
+  }
+});

package/package.json

@@ -8,7 +8,7 @@
   "bugs": {
     "url": "https://github.com/KT-Partners-Ltd/dgs-platform-docs/issues"
   },
-  "version": "3.0.4",
+  "version": "3.3.0",
   "description": "Deliver Great Systems Platform — A meta-prompting, context engineering and spec-driven development system for Claude Code and Gemini by KT Partners.",
   "bin": {
     "dgs": "bin/install.js"

package/scripts/build-hooks.js

@@ -13,6 +13,7 @@ const DIST_DIR = path.join(HOOKS_DIR, 'dist');
 const HOOKS_TO_COPY = [
   'dgs-check-update.js',
   'dgs-context-monitor.js',
+  'dgs-enforce-discipline.js',
   'dgs-statusline.js'
 ];