@massu/core 0.6.2 → 0.7.0

package/src/hooks/auto-learning-pipeline.ts

@@ -0,0 +1,195 @@
+#!/usr/bin/env node
+// Copyright (c) 2026 Massu. All rights reserved.
+// Licensed under BSL 1.1 - see LICENSE file for details.
+
+// ============================================================
+// Stop Hook: Auto-Learning Pipeline Enforcer
+// At session end, checks if bug fixes were applied without
+// completing the full incident → rule → enforcement pipeline.
+// Outputs mandatory instructions for Claude to follow.
+//
+// Part of the Auto-Learning Pipeline:
+//   Fix Detected → [SESSION END CHECK] → Pipeline Instructions
+//
+// This is the FORCING FUNCTION that ensures no fix goes
+// undocumented. Claude cannot end the session without completing
+// the pipeline steps.
+// ============================================================
+
+import { execSync } from 'child_process';
+import { existsSync, readFileSync, unlinkSync, readdirSync } from 'fs';
+import { tmpdir } from 'os';
+import { join } from 'path';
+import { getProjectRoot, getConfig } from '../config.ts';
+
+interface HookInput {
+  session_id: string;
+  transcript_path: string;
+  cwd: string;
+}
+
+interface FixSignal {
+  file: string;
+  signals: string[];
+  timestamp: string;
+}
+
+function getSessionFlagPath(sessionId: string): string {
+  return join(tmpdir(), 'massu-auto-learning', `fixes-${sessionId.slice(0, 12)}.jsonl`);
+}
+
+async function main(): Promise<void> {
+  try {
+    const input = await readStdin();
+    const hookInput = JSON.parse(input) as HookInput;
+    const config = getConfig();
+
+    // Check if auto-learning is enabled
+    if (config.autoLearning?.enabled === false) {
+      process.exit(0);
+      return;
+    }
+
+    const root = getProjectRoot();
+    const incidentDir = config.autoLearning?.incidentDir ?? 'docs/incidents';
+    const memoryDir = config.autoLearning?.memoryDir ?? 'memory';
+    const autoLearn = config.autoLearning;
+
+    // Source 1: Session fix flags from fix-detector
+    const flagPath = getSessionFlagPath(hookInput.session_id);
+    let sessionFixes: FixSignal[] = [];
+    if (existsSync(flagPath)) {
+      try {
+        sessionFixes = readFileSync(flagPath, 'utf-8')
+          .split('\n')
+          .filter(Boolean)
+          .map(line => JSON.parse(line) as FixSignal);
+      } catch { /* ignore parse errors */ }
+    }
+
+    // Source 2: Scan uncommitted git diff for fix patterns
+    let uncommittedFix = false;
+    try {
+      const diff = execSync('git diff --name-only', { cwd: root, timeout: 3000, encoding: 'utf-8' });
+      if (diff.trim()) {
+        const fullDiff = execSync('git diff', { cwd: root, timeout: 5000, encoding: 'utf-8' });
+        const fixPatterns = (fullDiff.match(/^\+.*(try|except|catch|guard|@MainActor|asyncio\.timeout|X-Service-Token|\.save\(|return False)/gm) || []).length;
+        const removedBroken = (fullDiff.match(/^-.*(bug|broken|crash|\.store\(|= nil|error)/gm) || []).length;
+        if (fixPatterns > 3 || removedBroken > 1) {
+          uncommittedFix = true;
+        }
+      }
+    } catch { /* git not available or no changes */ }
+
+    if (sessionFixes.length === 0 && !uncommittedFix) {
+      // Clean up flag file
+      cleanup(flagPath);
+      process.exit(0);
+      return;
+    }
+
+    // Build pipeline instructions
+    const lines: string[] = [];
+    lines.push('');
+    lines.push('============================================================================');
+    lines.push(' MASSU AUTO-LEARNING PIPELINE — ACTION REQUIRED BEFORE SESSION END');
+    lines.push('============================================================================');
+
+    if (sessionFixes.length > 0) {
+      lines.push('');
+      lines.push(`  ${sessionFixes.length} bug fix(es) detected during this session:`);
+      lines.push('');
+      // Deduplicate by file
+      const byFile = new Map<string, string[]>();
+      for (const fix of sessionFixes) {
+        const existing = byFile.get(fix.file) ?? [];
+        existing.push(...fix.signals);
+        byFile.set(fix.file, [...new Set(existing)]);
+      }
+      for (const [file, signals] of byFile) {
+        lines.push(`    - ${file} (${signals.join(', ')})`);
+      }
+    }
+
+    if (uncommittedFix) {
+      lines.push('');
+      lines.push('  Additional uncommitted fix patterns detected in git diff.');
+    }
+
+    lines.push('');
+    lines.push('  Complete these steps before this session ends:');
+    lines.push('');
+
+    if (autoLearn?.pipeline?.requireIncidentReport !== false) {
+      lines.push('  STEP 1: INCIDENT REPORT');
+      lines.push(`    For each distinct bug fixed, create: ${incidentDir}/YYYY-MM-DD-<slug>.md`);
+      lines.push('    Include: Date, Severity, Symptoms, Root Cause, Fix, Files Changed, Prevention Rules');
+      lines.push('');
+    }
+
+    if (autoLearn?.pipeline?.requirePreventionRule !== false) {
+      lines.push('  STEP 2: PREVENTION RULE');
+      lines.push(`    For each incident, create: ${memoryDir}/feedback_<rule_name>.md`);
+      lines.push('    Include frontmatter (name, description, type: feedback) + Why + How to apply');
+      lines.push(`    Update ${config.autoLearning?.memoryIndexFile ?? 'MEMORY.md'} index`);
+      lines.push('');
+    }
+
+    if (autoLearn?.pipeline?.requireEnforcement !== false) {
+      lines.push('  STEP 3: ENFORCEMENT PLACEMENT');
+      lines.push('    For each new rule, determine enforcement layer(s):');
+      lines.push('    a) If statically detectable → add to pattern-feedback hook');
+      lines.push('    b) If about editing certain files → add to blast-radius hook');
+      lines.push('    c) If about dangerous commands → add to dangerous-command hook');
+      lines.push('    d) If critical → add to pre-commit hook');
+      lines.push('    e) If needs runtime monitoring → create monitoring producer');
+      lines.push('');
+    }
+
+    lines.push('  STEP 4: VERIFY');
+    lines.push('    Test any new enforcement hooks to confirm they detect violations.');
+    lines.push('');
+    lines.push('============================================================================');
+    lines.push('');
+
+    console.log(lines.join('\n'));
+
+    // Clean up flag file
+    cleanup(flagPath);
+  } catch {
+    // Best-effort: never block Claude Code
+  }
+  process.exit(0);
+}
+
+function cleanup(flagPath: string): void {
+  try {
+    if (existsSync(flagPath)) unlinkSync(flagPath);
+    // Clean up old flag files (>24h)
+    const dir = join(tmpdir(), 'massu-auto-learning');
+    if (existsSync(dir)) {
+      const now = Date.now();
+      for (const file of readdirSync(dir)) {
+        const fullPath = join(dir, file);
+        try {
+          const stat = require('fs').statSync(fullPath);
+          if (now - stat.mtimeMs > 86400000) {
+            unlinkSync(fullPath);
+          }
+        } catch { /* ignore */ }
+      }
+    }
+  } catch { /* best effort */ }
+}
+
+function readStdin(): Promise<string> {
+  return new Promise((resolve) => {
+    let data = '';
+    process.stdin.setEncoding('utf-8');
+    process.stdin.on('data', (chunk: string) => { data += chunk; });
+    process.stdin.on('end', () => resolve(data));
+    setTimeout(() => resolve(data), 5000);
+  });
+}
+
+main();

package/src/hooks/fix-detector.ts

@@ -0,0 +1,186 @@
+#!/usr/bin/env node
+// Copyright (c) 2026 Massu. All rights reserved.
+// Licensed under BSL 1.1 - see LICENSE file for details.
+
+// ============================================================
+// PostToolUse Hook: Fix Detector
+// Detects when a bug fix is being applied during a session by
+// analyzing git diffs of edited files. Sets session-level state
+// so the auto-learning pipeline can trigger at session end.
+//
+// Part of the Auto-Learning Pipeline:
+//   [Fix Detected] → Incident Report → Rule → Enforcement
+//
+// Must complete in <1000ms.
+// ============================================================
+
+import { execSync } from 'child_process';
+import { existsSync, appendFileSync, mkdirSync } from 'fs';
+import { tmpdir } from 'os';
+import { join } from 'path';
+import { getProjectRoot, getConfig } from '../config.ts';
+
+interface HookInput {
+  session_id: string;
+  tool_name: string;
+  tool_input: { file_path?: string };
+}
+
+interface FixSignal {
+  file: string;
+  signals: string[];
+  timestamp: string;
+}
+
+// Fix detection heuristics — each returns true if the pattern matches
+const FIX_HEURISTICS: Array<{ name: string; test: (diff: string) => boolean }> = [
+  {
+    name: 'removed_broken_code',
+    test: (diff) => /^-.*\b(bug|broken|wrong|incorrect|typo|crash|error|fail|miss|stale)\b/m.test(diff),
+  },
+  {
+    name: 'added_error_handling',
+    test: (diff) => {
+      const added = (diff.match(/^\+.*(try|except|catch|guard|if.*nil|if.*None|validate|assert|raise|throw)/gm) || []).length;
+      return added > 2;
+    },
+  },
+  {
+    name: 'method_name_correction',
+    test: (diff) => {
+      const removed = diff.match(/^-.*\.([a-z_]+)\(/m);
+      const added = diff.match(/^\+.*\.([a-z_]+)\(/m);
+      return !!(removed && added && removed[1] !== added[1]);
+    },
+  },
+  {
+    name: 'auth_fix',
+    test: (diff) => /^\+.*(token|auth|header|X-Service|Bearer|credential)/im.test(diff),
+  },
+  {
+    name: 'nil_handling_fix',
+    test: (diff) => /^\+.*(= nil|= None|\.isNil|is None|!= nil|is not None|guard let|if let|optional)/m.test(diff) && /^-/m.test(diff),
+  },
+  {
+    name: 'concurrency_fix',
+    test: (diff) => /^\+.*(timeout|semaphore|lock|mutex|throttle|rate.limit|max_conn)/im.test(diff),
+  },
+  {
+    name: 'async_pattern_fix',
+    test: (diff) => /^\+.*(@MainActor|async with|asyncio\.timeout|\.await)/.test(diff) && /^-/m.test(diff),
+  },
+  {
+    name: 'added_missing_import',
+    test: (diff) => /^\+.*(import|from.*import|require)/.test(diff) && !/^-.*(import|from.*import|require)/m.test(diff),
+  },
+];
+
+function getSessionFlagPath(sessionId: string): string {
+  const dir = join(tmpdir(), 'massu-auto-learning');
+  if (!existsSync(dir)) {
+    mkdirSync(dir, { recursive: true });
+  }
+  return join(dir, `fixes-${sessionId.slice(0, 12)}.jsonl`);
+}
+
+async function main(): Promise<void> {
+  try {
+    const input = await readStdin();
+    const hookInput = JSON.parse(input) as HookInput;
+    const filePath = hookInput.tool_input?.file_path;
+
+    if (!filePath || !existsSync(filePath)) {
+      process.exit(0);
+      return;
+    }
+
+    // Only check code files
+    if (!/\.(py|swift|ts|tsx|js|jsx|rs|go|rb|sh)$/.test(filePath)) {
+      process.exit(0);
+      return;
+    }
+
+    // Skip incident/memory/doc files (those ARE pipeline output)
+    const config = getConfig();
+    const incidentDir = config.autoLearning?.incidentDir ?? 'docs/incidents';
+    const memoryDir = config.autoLearning?.memoryDir ?? 'memory';
+    if (filePath.includes(incidentDir) || filePath.includes(memoryDir) || filePath.includes('MEMORY.md')) {
+      process.exit(0);
+      return;
+    }
+
+    // Check if auto-learning is enabled
+    if (config.autoLearning?.enabled === false || config.autoLearning?.fixDetection?.enabled === false) {
+      process.exit(0);
+      return;
+    }
+
+    // Get git diff for this file
+    const root = getProjectRoot();
+    let diff = '';
+    try {
+      diff = execSync(`git diff -- "${filePath}"`, { cwd: root, timeout: 3000, encoding: 'utf-8' });
+      if (!diff) {
+        diff = execSync(`git diff HEAD -- "${filePath}"`, { cwd: root, timeout: 3000, encoding: 'utf-8' });
+      }
+    } catch {
+      process.exit(0);
+      return;
+    }
+
+    if (!diff) {
+      process.exit(0);
+      return;
+    }
+
+    // Run fix detection heuristics
+    const enabledSignals = new Set(config.autoLearning?.fixDetection?.signals ?? FIX_HEURISTICS.map(h => h.name));
+    const detected: string[] = [];
+    for (const heuristic of FIX_HEURISTICS) {
+      if (enabledSignals.has(heuristic.name) && heuristic.test(diff)) {
+        detected.push(heuristic.name);
+      }
+    }
+
+    if (detected.length === 0) {
+      process.exit(0);
+      return;
+    }
+
+    // Record the fix detection
+    const signal: FixSignal = {
+      file: filePath,
+      signals: detected,
+      timestamp: new Date().toISOString(),
+    };
+
+    const flagPath = getSessionFlagPath(hookInput.session_id);
+    appendFileSync(flagPath, JSON.stringify(signal) + '\n');
+
+    // Count total fixes this session
+    const lines = require('fs').readFileSync(flagPath, 'utf-8').split('\n').filter(Boolean);
+    if (lines.length === 1) {
+      // First fix detected — output advisory
+      console.log(
+        `[Massu Auto-Learning] Bug fix detected in ${filePath} (signals: ${detected.join(', ')}). ` +
+        `The auto-learning pipeline will prompt you at session end to create an incident report, ` +
+        `derive a prevention rule, and add enforcement.`
+      );
+    }
+  } catch {
+    // Best-effort: never block Claude Code
+  }
+  process.exit(0);
+}
+
+function readStdin(): Promise<string> {
+  return new Promise((resolve) => {
+    let data = '';
+    process.stdin.setEncoding('utf-8');
+    process.stdin.on('data', (chunk: string) => { data += chunk; });
+    process.stdin.on('end', () => resolve(data));
+    setTimeout(() => resolve(data), 3000);
+  });
+}
+
+main();

package/src/hooks/incident-pipeline.ts

@@ -0,0 +1,148 @@
+#!/usr/bin/env node
+// Copyright (c) 2026 Massu. All rights reserved.
+// Licensed under BSL 1.1 - see LICENSE file for details.
+
+// ============================================================
+// PostToolUse Hook: Incident-to-Rule Pipeline
+// When a new incident report is written, automatically triggers
+// the next step: deriving a prevention rule.
+//
+// Part of the Auto-Learning Pipeline:
+//   Fix Detected → [Incident Report] → RULE DERIVATION → Enforcement
+//
+// Triggers on: Write to docs/incidents/*.md (configurable)
+// Must complete in <500ms.
+// ============================================================
+
+import { existsSync, readFileSync, readdirSync } from 'fs';
+import { basename, dirname, resolve } from 'path';
+import { getProjectRoot, getConfig } from '../config.ts';
+
+interface HookInput {
+  session_id: string;
+  tool_name: string;
+  tool_input: { file_path?: string; content?: string };
+}
+
+async function main(): Promise<void> {
+  try {
+    const input = await readStdin();
+    const hookInput = JSON.parse(input) as HookInput;
+    const filePath = hookInput.tool_input?.file_path;
+
+    if (!filePath) {
+      process.exit(0);
+      return;
+    }
+
+    const config = getConfig();
+    if (config.autoLearning?.enabled === false) {
+      process.exit(0);
+      return;
+    }
+
+    const root = getProjectRoot();
+    const incidentDir = config.autoLearning?.incidentDir ?? 'docs/incidents';
+    const memoryDir = config.autoLearning?.memoryDir ?? 'memory';
+    // Only trigger on incident report files
+    const relPath = filePath.startsWith(root + '/') ? filePath.slice(root.length + 1) : filePath;
+    if (!relPath.startsWith(incidentDir) || !relPath.endsWith('.md')) {
+      process.exit(0);
+      return;
+    }
+
+    if (!existsSync(filePath)) {
+      process.exit(0);
+      return;
+    }
+
+    // Extract title from the incident report
+    const content = readFileSync(filePath, 'utf-8');
+    const titleMatch = content.match(/^#\s+(.+)/m);
+    const title = titleMatch?.[1] ?? basename(filePath, '.md');
+
+    // Check if a corresponding rule already exists
+    const slug = basename(filePath, '.md')
+      .replace(/^\d{4}-\d{2}-\d{2}-?/, '')
+      .toLowerCase();
+
+    const memoryDirAbs = resolve(root, memoryDir);
+    let hasExistingRule = false;
+    if (existsSync(memoryDirAbs)) {
+      const ruleFiles = readdirSync(memoryDirAbs).filter(f => f.startsWith('feedback_'));
+      for (const ruleFile of ruleFiles) {
+        if (ruleFile.toLowerCase().includes(slug.slice(0, 20))) {
+          hasExistingRule = true;
+          break;
+        }
+      }
+    }
+
+    if (hasExistingRule) {
+      // Rule already exists — no action needed
+      process.exit(0);
+      return;
+    }
+
+    // Check if incident has prevention rules section
+    const hasPrevention = /## Prevention Rules|## Prevention|## Rules/i.test(content);
+
+    if (config.autoLearning?.pipeline?.requirePreventionRule === false) {
+      process.exit(0);
+      return;
+    }
+
+    // Output rule derivation instructions
+    const lines: string[] = [];
+    lines.push('');
+    lines.push('============================================================================');
+    lines.push(' AUTO-LEARNING: Incident Report Created — Rule Derivation Required');
+    lines.push('============================================================================');
+    lines.push('');
+    lines.push(`  Incident: ${title}`);
+    lines.push(`  File: ${filePath}`);
+    lines.push('');
+
+    if (!hasPrevention) {
+      lines.push('  No "## Prevention Rules" section found in the incident report.');
+      lines.push('  Add one first, then proceed with rule derivation.');
+      lines.push('');
+    }
+
+    lines.push('  DERIVE A PREVENTION RULE:');
+    lines.push(`    a) Read the incident root cause and prevention rules`);
+    lines.push(`    b) Create: ${memoryDir}/feedback_<rule_name>.md`);
+    lines.push('       Template:');
+    lines.push('       ---');
+    lines.push('       name: <Rule Name>');
+    lines.push('       description: <one-line description>');
+    lines.push('       type: feedback');
+    lines.push('       ---');
+    lines.push('       <Rule statement>');
+    lines.push('       **Why:** <Root cause from incident>');
+    lines.push('       **How to apply:** <Concrete steps>');
+    lines.push('');
+    lines.push(`    c) Add one-line entry to ${config.autoLearning?.memoryIndexFile ?? 'MEMORY.md'}`);
+    lines.push('');
+    lines.push('  This step is MANDATORY per the auto-learning pipeline.');
+    lines.push('============================================================================');
+    lines.push('');
+
+    console.log(lines.join('\n'));
+  } catch {
+    // Best-effort: never block Claude Code
+  }
+  process.exit(0);
+}
+
+function readStdin(): Promise<string> {
+  return new Promise((resolve) => {
+    let data = '';
+    process.stdin.setEncoding('utf-8');
+    process.stdin.on('data', (chunk: string) => { data += chunk; });
+    process.stdin.on('end', () => resolve(data));
+    setTimeout(() => resolve(data), 3000);
+  });
+}
+
+main();

package/src/hooks/rule-enforcement-pipeline.ts

@@ -0,0 +1,158 @@
+#!/usr/bin/env node
+// Copyright (c) 2026 Massu. All rights reserved.
+// Licensed under BSL 1.1 - see LICENSE file for details.
+
+// ============================================================
+// PostToolUse Hook: Rule-to-Enforcement Pipeline
+// When a new prevention rule (feedback_*.md) is written,
+// automatically triggers the final step: enforcement placement.
+//
+// Part of the Auto-Learning Pipeline:
+//   Fix Detected → Incident Report → Rule Derived → [ENFORCEMENT]
+//
+// Triggers on: Write to memory/feedback_*.md (configurable)
+// Must complete in <500ms.
+// ============================================================
+
+import { existsSync, readFileSync, readdirSync } from 'fs';
+import { basename, resolve } from 'path';
+import { getProjectRoot, getConfig } from '../config.ts';
+
+interface HookInput {
+  session_id: string;
+  tool_name: string;
+  tool_input: { file_path?: string; content?: string };
+}
+
+async function main(): Promise<void> {
+  try {
+    const input = await readStdin();
+    const hookInput = JSON.parse(input) as HookInput;
+    const filePath = hookInput.tool_input?.file_path;
+
+    if (!filePath) {
+      process.exit(0);
+      return;
+    }
+
+    const config = getConfig();
+    if (config.autoLearning?.enabled === false) {
+      process.exit(0);
+      return;
+    }
+
+    const root = getProjectRoot();
+    const memoryDir = config.autoLearning?.memoryDir ?? 'memory';
+    const enforcementDir = config.autoLearning?.enforcementHooksDir ?? 'scripts/hooks';
+    // Only trigger on feedback rule files
+    const relPath = filePath.startsWith(root + '/') ? filePath.slice(root.length + 1) : filePath;
+    const fileName = basename(filePath);
+
+    // Match feedback_*.md in either relative or absolute memory paths
+    if (!fileName.startsWith('feedback_') || !fileName.endsWith('.md')) {
+      process.exit(0);
+      return;
+    }
+
+    // Must be in a memory-like directory
+    if (!relPath.includes(memoryDir) && !relPath.includes('memory/') && !relPath.includes('.claude/')) {
+      process.exit(0);
+      return;
+    }
+
+    if (!existsSync(filePath)) {
+      process.exit(0);
+      return;
+    }
+
+    if (config.autoLearning?.pipeline?.requireEnforcement === false) {
+      process.exit(0);
+      return;
+    }
+
+    // Extract rule details from the file
+    const content = readFileSync(filePath, 'utf-8');
+    const nameMatch = content.match(/^name:\s*(.+)/m);
+    const descMatch = content.match(/^description:\s*(.+)/m);
+    const ruleName = nameMatch?.[1]?.trim() ?? fileName;
+    const ruleDesc = descMatch?.[1]?.trim() ?? '';
+
+    // Check if this rule already has enforcement in any hook file
+    const enforcementDirAbs = resolve(root, enforcementDir);
+    let hasEnforcement = false;
+    if (existsSync(enforcementDirAbs)) {
+      const hookFiles = readdirSync(enforcementDirAbs).filter(f => f.endsWith('.sh') || f.endsWith('.ts') || f.endsWith('.js'));
+      for (const hookFile of hookFiles) {
+        try {
+          const hookContent = readFileSync(resolve(enforcementDirAbs, hookFile), 'utf-8');
+          if (hookContent.includes(fileName)) {
+            hasEnforcement = true;
+            break;
+          }
+        } catch { /* ignore read errors */ }
+      }
+    }
+
+    if (hasEnforcement) {
+      // Already has enforcement — no action needed
+      process.exit(0);
+      return;
+    }
+
+    // Output enforcement placement instructions
+    const lines: string[] = [];
+    lines.push('');
+    lines.push('============================================================================');
+    lines.push(' AUTO-LEARNING: New Rule Created — Enforcement Placement Required');
+    lines.push('============================================================================');
+    lines.push('');
+    lines.push(`  Rule: ${ruleName}`);
+    lines.push(`  File: ${filePath}`);
+    if (ruleDesc) {
+      lines.push(`  Description: ${ruleDesc}`);
+    }
+    lines.push('');
+    lines.push('  This rule has NO automated enforcement yet. Add it now.');
+    lines.push('');
+    lines.push('  ANALYZE the rule and determine enforcement layer(s):');
+    lines.push('');
+    lines.push('  1. STATICALLY DETECTABLE? (grep/regex can find violations in code)');
+    lines.push(`     → Add check to: ${enforcementDir}/pattern-feedback hook`);
+    lines.push(`     → Also add to pre-commit hook if critical`);
+    lines.push('');
+    lines.push('  2. ABOUT EDITING CERTAIN FILES? (auth, infra, routers, etc.)');
+    lines.push(`     → Add warning to: ${enforcementDir}/blast-radius hook`);
+    lines.push('');
+    lines.push('  3. ABOUT DANGEROUS COMMANDS? (kill, rm, destructive ops)');
+    lines.push(`     → Add block to: ${enforcementDir}/dangerous-command hook`);
+    lines.push('');
+    lines.push('  4. NEEDS RUNTIME MONITORING? (can only be detected at runtime)');
+    lines.push('     → Create a monitoring/audit producer');
+    lines.push('');
+    lines.push('  5. AI-GUIDANCE ONLY? (philosophy, process, judgment calls)');
+    lines.push('     → Memory rule is sufficient (already created)');
+    lines.push('');
+    lines.push('  AFTER adding enforcement, test the hook to verify it detects violations.');
+    lines.push('');
+    lines.push('  This step is MANDATORY per the auto-learning pipeline.');
+    lines.push('============================================================================');
+    lines.push('');
+
+    console.log(lines.join('\n'));
+  } catch {
+    // Best-effort: never block Claude Code
+  }
+  process.exit(0);
+}
+
+function readStdin(): Promise<string> {
+  return new Promise((resolve) => {
+    let data = '';
+    process.stdin.setEncoding('utf-8');
+    process.stdin.on('data', (chunk: string) => { data += chunk; });
+    process.stdin.on('end', () => resolve(data));
+    setTimeout(() => resolve(data), 3000);
+  });
+}
+
+main();