@maestrofrontier/frontier 1.4.5 → 1.5.0

package/hooks/frontier-autorun.cjs

@@ -1,120 +1,127 @@
-#!/usr/bin/env node
-// Maestro Frontier autorun hook (UserPromptSubmit). When the engine is
-// armed (frontier-state mode != 'off'), every user prompt is run through
-// the configured preset/model via runFrontier, and the synthesized answer
-// is injected back as additionalContext with a relay instruction + a
-// one-line preset header, so the live session relays it. mode == 'off' ->
-// zero overhead: no engine require, no spawn, no injected context.
-//
-// Recursion guard (load-bearing): the engine spawns child `claude -p`
-// CLIs, and headless `claude -p` re-fires UserPromptSubmit hooks (verified
-// against the Claude Code hooks contract). dispatch.cjs sets FUSION_DEPTH
-// on every spawned child; this hook no-ops whenever FUSION_DEPTH is present,
-// BEFORE any engine require or spawn. Without it the first armed prompt
-// would fork the engine recursively.
-//
-// Degrade-to-normal: any engine error, empty answer, or thrown exception
-// exits 0 with empty stdout (logging only to stderr), so a broken engine
-// never blocks or corrupts a turn — the session just answers normally. A
-// UserPromptSubmit hook can only ADD context; it cannot suppress the main
-// turn, which is exactly the relay model.
-//
-// .cjs so Node treats it as CommonJS regardless of any parent "type":
-// "module" package.json. configDir/state patterns reused from
-// frontier/config.cjs; structure ported from maestro-terse-mode.cjs.
-
-'use strict';
-
-const fs = require('fs');
-
-function noop() { process.exit(0); }
-
-let data = {};
-try { data = JSON.parse(fs.readFileSync(0, 'utf8')); } catch { noop(); }
-
-if (data.hook_event_name !== 'UserPromptSubmit') noop();
-
-// Recursion guard FIRST: never run the engine inside an engine-spawned CLI.
-// The engine sets FUSION_DEPTH on every child (dispatch.cjs:108); depth >= 1
-// means we are inside a spawned panel/judge/synth process. Mirror run.cjs's
-// own parseInt check (run.cjs:27) so the two layers agree and a stray
-// FUSION_DEPTH='0'/'' in the environment reads as "not a child".
-const fusionDepth = parseInt(process.env.FUSION_DEPTH || '0', 10);
-if (Number.isFinite(fusionDepth) && fusionDepth >= 1) noop();
-
-let state;
-try {
-  const cfg = require('../frontier/config.cjs');
-  const cwd = data.cwd || process.env.CLAUDE_PROJECT_DIR || process.env.CODEX_PROJECT_DIR || process.cwd();
-  const scope = cfg.resolveScope([], { cwd });
-  state = cfg.loadState(scope);
-} catch {
-  noop();
-}
-
-// Off -> zero overhead: no run.cjs require, no spawn, no injected context.
-if (!state || state.mode === 'off') noop();
-
-const prompt = String(data.prompt || '');
-
-// Optional length gate (default 0 = every prompt). Skips trivially short
-// prompts ("yes"/"ok") so they don't pay a full engine run.
-const rawMin = Number(state.autorunMinChars);
-const minChars = Number.isFinite(rawMin) && rawMin > 0 ? rawMin : 0;
-if (prompt.trim().length < minChars) noop();
-
-// Any unexpected throw after the await boundary degrades to a normal turn,
-// never a non-zero exit / unhandled rejection.
-run().catch((e) => {
-  process.stderr.write('frontier-autorun: ' + ((e && e.message) || e) + '\n');
-  process.exit(0);
-});
-
-async function run() {
-  let result;
-  try {
-    const { runFrontier } = require('../frontier/run.cjs');
-    result = await runFrontier({ prompt, state });
-  } catch (e) {
-    process.stderr.write('frontier-autorun: ' + ((e && e.message) || e) + '\n');
-    noop();
-  }
-
-  if (!result || result.status !== 'ok' || !result.final) {
-    if (result && result.status === 'error') {
-      process.stderr.write(
-        'frontier-autorun: engine error [' + result.failure_reason + ']: ' + result.error + '\n');
-    }
-    noop();
-  }
-
-  const context =
-    'MAESTRO FRONTIER AUTORUN — ' + presetHeader(state) + '\n\n' +
-    'The Maestro Frontier engine already ran this prompt through the panel ' +
-    'above and produced the answer below. Relay it as your response — you ' +
-    'may reformat for clarity, but do not redo the work or contradict it:\n\n' +
-    result.final;
-
-  // fs.writeSync (synchronous, unbuffered) guarantees the full payload reaches
-  // stdout before exit. process.exit() does NOT drain a pipe-backed
-  // process.stdout, which would truncate a large engine answer (multi-KB
-  // synthesis) into malformed JSON the hook consumer cannot parse.
-  fs.writeSync(1, JSON.stringify({
-    hookSpecificOutput: {
-      hookEventName: 'UserPromptSubmit',
-      additionalContext: context,
-    },
-  }));
-  process.exit(0);
-}
-
-function presetHeader(st) {
-  if (st.mode === 'single') return 'single · ' + st.model;
-  if (st.mode === 'fusion') {
-    const preset = st.preset === 'custom'
-      ? 'custom (' + (Array.isArray(st.models) ? st.models.join(', ') : '') + ')'
-      : st.preset;
-    return 'fusion · ' + preset;
-  }
-  return String(st.mode);
-}
+#!/usr/bin/env node
+// Maestro Frontier autorun hook (UserPromptSubmit). When the engine is
+// armed (frontier-state mode != 'off'), every user prompt is run through
+// the configured preset/model via runFrontier, and the synthesized answer
+// is injected back as additionalContext with a relay instruction + a
+// one-line preset header, so the live session relays it. mode == 'off' ->
+// zero overhead: no engine require, no spawn, no injected context.
+//
+// Recursion guard (load-bearing): the engine spawns child `claude -p`
+// CLIs, and headless `claude -p` re-fires UserPromptSubmit hooks (verified
+// against the Claude Code hooks contract). dispatch.cjs sets FUSION_DEPTH
+// on every spawned child; this hook no-ops whenever FUSION_DEPTH is present,
+// BEFORE any engine require or spawn. Without it the first armed prompt
+// would fork the engine recursively.
+//
+// Degrade-to-normal: any engine error, empty answer, or thrown exception
+// exits 0 with empty stdout (logging only to stderr), so a broken engine
+// never blocks or corrupts a turn — the session just answers normally. A
+// UserPromptSubmit hook can only ADD context; it cannot suppress the main
+// turn, which is exactly the relay model.
+//
+// .cjs so Node treats it as CommonJS regardless of any parent "type":
+// "module" package.json. configDir/state patterns reused from
+// frontier/config.cjs; structure ported from maestro-terse-mode.cjs.
+
+'use strict';
+
+const fs = require('fs');
+
+function noop() { process.exit(0); }
+
+let data = {};
+try { data = JSON.parse(fs.readFileSync(0, 'utf8')); } catch { noop(); }
+
+if (data.hook_event_name !== 'UserPromptSubmit') noop();
+
+// Recursion guard FIRST: never run the engine inside an engine-spawned CLI.
+// The engine sets FUSION_DEPTH on every child (dispatch.cjs:108); depth >= 1
+// means we are inside a spawned panel/judge/synth process. Mirror run.cjs's
+// own parseInt check (run.cjs:27) so the two layers agree and a stray
+// FUSION_DEPTH='0'/'' in the environment reads as "not a child".
+const fusionDepth = parseInt(process.env.FUSION_DEPTH || '0', 10);
+if (Number.isFinite(fusionDepth) && fusionDepth >= 1) noop();
+
+let state;
+try {
+  const cfg = require('../frontier/config.cjs');
+  const cwd = data.cwd || process.env.CLAUDE_PROJECT_DIR || process.env.CODEX_PROJECT_DIR || process.cwd();
+  const scope = cfg.resolveScope([], { cwd });
+  state = cfg.loadState(scope);
+} catch {
+  noop();
+}
+
+// Off -> zero overhead: no run.cjs require, no spawn, no injected context.
+if (!state || state.mode === 'off') noop();
+
+const prompt = String(data.prompt || '');
+
+// Optional length gate (default 0 = every prompt). Skips trivially short
+// prompts ("yes"/"ok") so they don't pay a full engine run.
+const rawMin = Number(state.autorunMinChars);
+const minChars = Number.isFinite(rawMin) && rawMin > 0 ? rawMin : 0;
+if (prompt.trim().length < minChars) noop();
+
+// Any unexpected throw after the await boundary degrades to a normal turn,
+// never a non-zero exit / unhandled rejection.
+run().catch((e) => {
+  process.stderr.write('frontier-autorun: ' + ((e && e.message) || e) + '\n');
+  process.exit(0);
+});
+
+async function run() {
+  let result;
+  const runStart = Date.now();
+  try {
+    const { runFrontier } = require('../frontier/run.cjs');
+    result = await runFrontier({ prompt, state });
+  } catch (e) {
+    process.stderr.write('frontier-autorun: ' + ((e && e.message) || e) + '\n');
+    noop();
+  }
+  const runMs = Date.now() - runStart;
+
+  if (!result || result.status !== 'ok' || !result.final) {
+    if (result && result.status === 'error') {
+      process.stderr.write(
+        'frontier-autorun: engine error [' + result.failure_reason + ']: ' + result.error + '\n');
+    }
+    noop();
+  }
+
+  const modelCount = result.responses ? result.responses.length : 1;
+  const banner = '⚡ Frontier \xb7 ' + presetHeader(state) + ' \xb7 ' + modelCount + ' models \xb7 ' + Math.round(runMs / 1000) + 's';
+
+  const context =
+    'MAESTRO FRONTIER AUTORUN — ' + presetHeader(state) + '\n\n' +
+    'The Maestro Frontier engine already ran this prompt through the panel ' +
+    'above and produced the answer below. Begin your response with this exact ' +
+    'banner line (verbatim, on its own line): ' + banner + '\n\n' +
+    'Then relay the answer — you may reformat for clarity, but do not redo ' +
+    'the work or contradict it:\n\n' +
+    result.final;
+
+  // fs.writeSync (synchronous, unbuffered) guarantees the full payload reaches
+  // stdout before exit. process.exit() does NOT drain a pipe-backed
+  // process.stdout, which would truncate a large engine answer (multi-KB
+  // synthesis) into malformed JSON the hook consumer cannot parse.
+  fs.writeSync(1, JSON.stringify({
+    hookSpecificOutput: {
+      hookEventName: 'UserPromptSubmit',
+      additionalContext: context,
+    },
+  }));
+  process.exit(0);
+}
+
+function presetHeader(st) {
+  if (st.mode === 'single') return 'single · ' + st.model;
+  if (st.mode === 'fusion') {
+    const preset = st.preset === 'custom'
+      ? 'custom (' + (Array.isArray(st.models) ? st.models.join(', ') : '') + ')'
+      : st.preset;
+    return 'fusion · ' + preset;
+  }
+  return String(st.mode);
+}

package/hooks/hooks.json

@@ -1,103 +1,103 @@
-{
-  "hooks": {
-    "PreToolUse": [
-      {
-        "matcher": "Read",
-        "hooks": [
-          {
-            "type": "command",
-            "command": "node \"${CLAUDE_PLUGIN_ROOT}/hooks/maestro-doctrine-guard.cjs\""
-          }
-        ]
-      }
-    ],
-    "SessionStart": [
-      {
-        "matcher": "",
-        "hooks": [
-          {
-            "type": "command",
-            "command": "node \"${CLAUDE_PLUGIN_ROOT}/hooks/maestro-terse-mode.cjs\""
-          },
-          {
-            "type": "command",
-            "command": "node \"${CLAUDE_PLUGIN_ROOT}/hooks/maestro-statusline-sync.cjs\""
-          }
-        ]
-      }
-    ],
-    "UserPromptSubmit": [
-      {
-        "matcher": "",
-        "hooks": [
-          {
-            "type": "command",
-            "command": "node \"${CLAUDE_PLUGIN_ROOT}/hooks/maestro-gate-reminder.cjs\""
-          },
-          {
-            "type": "command",
-            "command": "node \"${CLAUDE_PLUGIN_ROOT}/hooks/maestro-terse-mode.cjs\""
-          },
-          {
-            "type": "command",
-            "command": "node -e \"require(require('path').join(process.env.CLAUDE_PLUGIN_ROOT || process.env.PLUGIN_ROOT, 'hooks', 'frontier-autorun.cjs'))\"",
-            "timeout": 300
-          }
-        ]
-      }
-    ],
-    "SubagentStop": [
-      {
-        "matcher": "",
-        "hooks": [
-          {
-            "type": "command",
-            "command": "node \"${CLAUDE_PLUGIN_ROOT}/hooks/maestro-subagent-guard.cjs\""
-          }
-        ]
-      }
-    ],
-    "Stop": [
-      {
-        "matcher": "",
-        "hooks": [
-          {
-            "type": "command",
-            "command": "node \"${CLAUDE_PLUGIN_ROOT}/hooks/maestro-loop-guard.cjs\""
-          }
-        ]
-      }
-    ],
-    "PostToolUse": [
-      {
-        "matcher": "Edit|Write|NotebookEdit|Bash",
-        "hooks": [
-          {
-            "type": "command",
-            "command": "node \"${CLAUDE_PLUGIN_ROOT}/hooks/maestro-phase-scope.cjs\""
-          }
-        ]
-      },
-      {
-        "matcher": "Edit|Write|NotebookEdit",
-        "hooks": [
-          {
-            "type": "command",
-            "command": "node \"${CLAUDE_PLUGIN_ROOT}/hooks/maestro-toolbudget-advisory.cjs\""
-          }
-        ]
-      }
-    ],
-    "SessionEnd": [
-      {
-        "matcher": "",
-        "hooks": [
-          {
-            "type": "command",
-            "command": "node \"${CLAUDE_PLUGIN_ROOT}/hooks/maestro-gate-telemetry.cjs\""
-          }
-        ]
-      }
-    ]
-  }
-}
+{
+  "hooks": {
+    "PreToolUse": [
+      {
+        "matcher": "Read",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "node \"${CLAUDE_PLUGIN_ROOT}/hooks/maestro-doctrine-guard.cjs\""
+          }
+        ]
+      }
+    ],
+    "SessionStart": [
+      {
+        "matcher": "",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "node \"${CLAUDE_PLUGIN_ROOT}/hooks/maestro-terse-mode.cjs\""
+          },
+          {
+            "type": "command",
+            "command": "node \"${CLAUDE_PLUGIN_ROOT}/hooks/maestro-statusline-sync.cjs\""
+          }
+        ]
+      }
+    ],
+    "UserPromptSubmit": [
+      {
+        "matcher": "",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "node \"${CLAUDE_PLUGIN_ROOT}/hooks/maestro-gate-reminder.cjs\""
+          },
+          {
+            "type": "command",
+            "command": "node \"${CLAUDE_PLUGIN_ROOT}/hooks/maestro-terse-mode.cjs\""
+          },
+          {
+            "type": "command",
+            "command": "node -e \"require(require('path').join(process.env.CLAUDE_PLUGIN_ROOT || process.env.PLUGIN_ROOT, 'hooks', 'frontier-autorun.cjs'))\"",
+            "timeout": 300
+          }
+        ]
+      }
+    ],
+    "SubagentStop": [
+      {
+        "matcher": "",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "node \"${CLAUDE_PLUGIN_ROOT}/hooks/maestro-subagent-guard.cjs\""
+          }
+        ]
+      }
+    ],
+    "Stop": [
+      {
+        "matcher": "",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "node \"${CLAUDE_PLUGIN_ROOT}/hooks/maestro-loop-guard.cjs\""
+          }
+        ]
+      }
+    ],
+    "PostToolUse": [
+      {
+        "matcher": "Edit|Write|NotebookEdit|Bash",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "node \"${CLAUDE_PLUGIN_ROOT}/hooks/maestro-phase-scope.cjs\""
+          }
+        ]
+      },
+      {
+        "matcher": "Edit|Write|NotebookEdit",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "node \"${CLAUDE_PLUGIN_ROOT}/hooks/maestro-toolbudget-advisory.cjs\""
+          }
+        ]
+      }
+    ],
+    "SessionEnd": [
+      {
+        "matcher": "",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "node \"${CLAUDE_PLUGIN_ROOT}/hooks/maestro-gate-telemetry.cjs\""
+          }
+        ]
+      }
+    ]
+  }
+}

package/hooks/maestro-doctrine-guard.cjs

@@ -1,81 +1,81 @@
-#!/usr/bin/env node
-// Maestro PreToolUse doctrine-read guard. Enforces AGENTS.md S7.2
-// structurally: when the doctrine is autoloaded (CLAUDE.md/AGENTS.md
-// present at cwd, which Claude Code injects at session start), a Read
-// of AGENTS.md or CLAUDE.md re-buys tokens for content already in
-// context. This hook replaces the probabilistic S7.2 prose line with a
-// deterministic deny.
-//
-// Modes via MAESTRO_DOCTRINE_GUARD:
-// - "always" (default): deny every doctrine Read while doctrine files
-//   exist at cwd. Safe on Claude Code, where subagents receive the
-//   project doctrine automatically; the deny reason tells the model
-//   to use the in-context copy.
-// - "once": allow the first doctrine Read per session (marker file in
-//   the OS temp dir keyed by session_id), deny repeats. For runtimes
-//   whose subagents genuinely lack the doctrine in context (S7.2:
-//   "a subagent without it in context reads AGENTS.md once").
-// - "0": disabled.
-//
-// When no doctrine file exists at cwd nothing was autoloaded, so reads
-// pass through untouched (e.g. inspecting another repo's AGENTS.md).
-// docs/orchestration.md is never guarded -- it is the on-demand layer
-// and reading it is the intended path. Fails open on any error.
-//
-// Payload fields verified against code.claude.com/docs/en/hooks
-// (PreToolUse input: session_id, cwd, tool_name, tool_input; output:
-// hookSpecificOutput.permissionDecision allow|deny|ask + reason),
-// 2026-06-11.
-//
-// .cjs so Node treats it as CommonJS regardless of any "type": "module"
-// package.json in a parent directory of the install location.
-
-const fs = require('fs');
-const os = require('os');
-const path = require('path');
-
-const mode = process.env.MAESTRO_DOCTRINE_GUARD || 'always';
-if (mode === '0') process.exit(0);
-
-let data = {};
-try { data = JSON.parse(fs.readFileSync(0, 'utf8')); } catch { process.exit(0); }
-if (data.tool_name !== 'Read' || !data.tool_input) process.exit(0);
-
-const fp = data.tool_input.file_path;
-if (typeof fp !== 'string') process.exit(0);
-const base = path.basename(fp).toLowerCase();
-if (base !== 'agents.md' && base !== 'claude.md') process.exit(0);
-
-// Guard only when the doctrine was actually autoloaded: a doctrine file
-// at cwd is what Claude Code injects at session start.
-const cwd = typeof data.cwd === 'string' ? data.cwd : process.cwd();
-let autoloaded = false;
-try {
-  autoloaded = fs.existsSync(path.join(cwd, 'CLAUDE.md'))
-    || fs.existsSync(path.join(cwd, 'AGENTS.md'));
-} catch { autoloaded = false; }
-if (!autoloaded) process.exit(0);
-
-if (mode === 'once' && data.session_id) {
-  const marker = path.join(
-    os.tmpdir(),
-    `maestro-doctrine-guard-${String(data.session_id).replace(/[^a-zA-Z0-9-]/g, '_')}`
-  );
-  if (!fs.existsSync(marker)) {
-    try { fs.writeFileSync(marker, '1'); } catch { /* still allow */ }
-    process.exit(0);
-  }
-}
-
-process.stdout.write(JSON.stringify({
-  hookSpecificOutput: {
-    hookEventName: 'PreToolUse',
-    permissionDecision: 'deny',
-    permissionDecisionReason: 'maestro-doctrine-guard: denied Read of '
-      + path.basename(fp) + ' -- the doctrine is autoloaded into context '
-      + 'at session start (AGENTS.md S7.2); use the in-context copy '
-      + 'instead of re-reading it from disk. The on-demand protocol '
-      + 'layer lives in docs/orchestration.md, which is not blocked.'
-  }
-}));
-process.exit(0);
+#!/usr/bin/env node
+// Maestro PreToolUse doctrine-read guard. Enforces AGENTS.md S7.2
+// structurally: when the doctrine is autoloaded (CLAUDE.md/AGENTS.md
+// present at cwd, which Claude Code injects at session start), a Read
+// of AGENTS.md or CLAUDE.md re-buys tokens for content already in
+// context. This hook replaces the probabilistic S7.2 prose line with a
+// deterministic deny.
+//
+// Modes via MAESTRO_DOCTRINE_GUARD:
+// - "always" (default): deny every doctrine Read while doctrine files
+//   exist at cwd. Safe on Claude Code, where subagents receive the
+//   project doctrine automatically; the deny reason tells the model
+//   to use the in-context copy.
+// - "once": allow the first doctrine Read per session (marker file in
+//   the OS temp dir keyed by session_id), deny repeats. For runtimes
+//   whose subagents genuinely lack the doctrine in context (S7.2:
+//   "a subagent without it in context reads AGENTS.md once").
+// - "0": disabled.
+//
+// When no doctrine file exists at cwd nothing was autoloaded, so reads
+// pass through untouched (e.g. inspecting another repo's AGENTS.md).
+// docs/orchestration.md is never guarded -- it is the on-demand layer
+// and reading it is the intended path. Fails open on any error.
+//
+// Payload fields verified against code.claude.com/docs/en/hooks
+// (PreToolUse input: session_id, cwd, tool_name, tool_input; output:
+// hookSpecificOutput.permissionDecision allow|deny|ask + reason),
+// 2026-06-11.
+//
+// .cjs so Node treats it as CommonJS regardless of any "type": "module"
+// package.json in a parent directory of the install location.
+
+const fs = require('fs');
+const os = require('os');
+const path = require('path');
+
+const mode = process.env.MAESTRO_DOCTRINE_GUARD || 'always';
+if (mode === '0') process.exit(0);
+
+let data = {};
+try { data = JSON.parse(fs.readFileSync(0, 'utf8')); } catch { process.exit(0); }
+if (data.tool_name !== 'Read' || !data.tool_input) process.exit(0);
+
+const fp = data.tool_input.file_path;
+if (typeof fp !== 'string') process.exit(0);
+const base = path.basename(fp).toLowerCase();
+if (base !== 'agents.md' && base !== 'claude.md') process.exit(0);
+
+// Guard only when the doctrine was actually autoloaded: a doctrine file
+// at cwd is what Claude Code injects at session start.
+const cwd = typeof data.cwd === 'string' ? data.cwd : process.cwd();
+let autoloaded = false;
+try {
+  autoloaded = fs.existsSync(path.join(cwd, 'CLAUDE.md'))
+    || fs.existsSync(path.join(cwd, 'AGENTS.md'));
+} catch { autoloaded = false; }
+if (!autoloaded) process.exit(0);
+
+if (mode === 'once' && data.session_id) {
+  const marker = path.join(
+    os.tmpdir(),
+    `maestro-doctrine-guard-${String(data.session_id).replace(/[^a-zA-Z0-9-]/g, '_')}`
+  );
+  if (!fs.existsSync(marker)) {
+    try { fs.writeFileSync(marker, '1'); } catch { /* still allow */ }
+    process.exit(0);
+  }
+}
+
+process.stdout.write(JSON.stringify({
+  hookSpecificOutput: {
+    hookEventName: 'PreToolUse',
+    permissionDecision: 'deny',
+    permissionDecisionReason: 'maestro-doctrine-guard: denied Read of '
+      + path.basename(fp) + ' -- the doctrine is autoloaded into context '
+      + 'at session start (AGENTS.md S7.2); use the in-context copy '
+      + 'instead of re-reading it from disk. The on-demand protocol '
+      + 'layer lives in docs/orchestration.md, which is not blocked.'
+  }
+}));
+process.exit(0);