@miller-tech/uap 1.40.1 → 1.41.0

package/src/policies/enforcers/_common.py

@@ -0,0 +1,100 @@
+"""Shared helpers for UAP policy enforcers."""
+from __future__ import annotations
+import argparse
+import json
+import os
+import subprocess
+import sys
+from pathlib import Path
+from typing import Any
+
+
+def parse_cli() -> tuple[str, dict[str, Any]]:
+    p = argparse.ArgumentParser()
+    p.add_argument("--operation", required=True)
+    p.add_argument("--args", default="{}")
+    ns = p.parse_args()
+    try:
+        args = json.loads(ns.args)
+    except json.JSONDecodeError:
+        args = {}
+    return ns.operation, args
+
+
+def emit(allowed: bool, reason: str, **extra: Any) -> None:
+    payload: dict[str, Any] = {"allowed": allowed, "reason": reason}
+    payload.update(extra)
+    json.dump(payload, sys.stdout)
+    sys.exit(0 if allowed else 2)
+
+
+def repo_root() -> Path:
+    env = os.environ.get("UAP_REPO_ROOT")
+    if env:
+        return Path(env)
+    cwd = Path.cwd()
+    for p in [cwd, *cwd.parents]:
+        if (p / ".git").exists():
+            return p
+    return cwd
+
+
+def worktree_root() -> Path:
+    """Root of the current WORKING TREE for git operations.
+
+    Distinct from repo_root() (the main checkout, where runtime data like
+    policies.db lives). git-diff based enforcers must run against the working
+    tree — which is the worktree when an operation runs from inside one. The
+    policy gate exports UAP_WORKTREE_ROOT; fall back to `git rev-parse` from cwd,
+    then to repo_root().
+    """
+    env = os.environ.get("UAP_WORKTREE_ROOT")
+    if env:
+        return Path(env)
+    try:
+        r = subprocess.run(
+            ["git", "rev-parse", "--show-toplevel"],
+            capture_output=True, text=True, timeout=3, env=_clean_env(),
+        )
+        if r.returncode == 0 and r.stdout.strip():
+            return Path(r.stdout.strip())
+    except Exception:  # noqa: BLE001
+        pass
+    return repo_root()
+
+
+# git exports repo-context vars (GIT_DIR, GIT_WORK_TREE, GIT_INDEX_FILE, ...)
+# into hook environments. An enforcer spawned during a hook would then run its
+# own git calls against the HOOK'S repo instead of cwd — silently no-op'ing
+# every git-diff based check. Strip them so cwd decides the repo.
+_GIT_CONTEXT_VARS = (
+    "GIT_DIR",
+    "GIT_WORK_TREE",
+    "GIT_INDEX_FILE",
+    "GIT_COMMON_DIR",
+    "GIT_OBJECT_DIRECTORY",
+    "GIT_PREFIX",
+)
+
+
+def _clean_env() -> dict[str, str]:
+    return {k: v for k, v in os.environ.items() if k not in _GIT_CONTEXT_VARS}
+
+
+def run(cmd: list[str], cwd: Path | None = None, timeout: int = 5) -> tuple[int, str, str]:
+    try:
+        r = subprocess.run(
+            cmd, cwd=cwd, capture_output=True, text=True, timeout=timeout,
+            env=_clean_env(),
+        )
+        return r.returncode, r.stdout, r.stderr
+    except Exception as e:  # noqa: BLE001
+        return 1, "", str(e)
+
+
+def arg_str(args: dict[str, Any]) -> str:
+    """Flatten args to a single lowercase string for substring checks."""
+    try:
+        return json.dumps(args, default=str).lower()
+    except Exception:  # noqa: BLE001
+        return str(args).lower()

package/src/policies/enforcers/artifact_hygiene.py

@@ -0,0 +1,52 @@
+#!/usr/bin/env python3
+"""artifact-hygiene enforcer: block binary artifacts outside curated dirs."""
+from __future__ import annotations
+import re
+import sys
+from pathlib import Path
+
+sys.path.insert(0, str(Path(__file__).parent))
+from _common import emit, parse_cli  # noqa: E402
+
+BINARY_RE = re.compile(r"\.(png|jpe?g|gif|pdf|zip|tar\.gz|tgz|db|sqlite\d?)$", re.I)
+ALLOWED_PREFIXES = (
+    "docs/",
+    "tests/",
+    "apps/",
+    "agents/data/memory/",
+    ".playwright-mcp/",
+    "observability/",
+)
+ALLOWED_SUBSTRINGS = ("/__screenshots__/", "/public/", "/static/", "/assets/")
+WRITE_OPS = {"Write", "write", "create-file"}
+
+
+def main() -> None:
+    op, args = parse_cli()
+    if op not in WRITE_OPS:
+        emit(True, "not a write op")
+
+    path = (args.get("file_path") or args.get("path") or "").replace("\\", "/")
+    if not BINARY_RE.search(path):
+        emit(True, "not a binary artifact")
+
+    rel = path
+    for marker in ("/pay2u/", "/miller-tech/"):
+        if marker in rel:
+            rel = rel.split(marker, 1)[1]
+            break
+
+    if any(rel.startswith(p) for p in ALLOWED_PREFIXES):
+        emit(True, f"allowed prefix: {rel}")
+    if any(s in rel for s in ALLOWED_SUBSTRINGS):
+        emit(True, f"allowed subdir: {rel}")
+
+    emit(
+        False,
+        f"artifact-hygiene: binary '{rel}' must live under docs/, tests/, or apps/**/public|static|assets. "
+        "Do not litter repo root.",
+    )
+
+
+if __name__ == "__main__":
+    main()

package/src/policies/enforcers/cluster_routing.py

@@ -0,0 +1,63 @@
+#!/usr/bin/env python3
+"""cluster-routing enforcer: kubectl/helm context must match component domain."""
+from __future__ import annotations
+import re
+import sys
+from pathlib import Path
+
+sys.path.insert(0, str(Path(__file__).parent))
+from _common import arg_str, emit, parse_cli, run  # noqa: E402
+
+DOMAINS = {
+    "openobserve": re.compile(
+        r"grafana|prometheus|openobserve|fluent-?bit|servicemonitor|alertmanager|loki|tempo|jaeger",
+        re.I,
+    ),
+    "zitadel": re.compile(r"zitadel|oidc|keycloak|iam-crd", re.I),
+}
+CONTEXTS = {
+    "openobserve": "do-syd1-pay2u-openobserve",
+    "zitadel": "do-syd1-zitadel",
+    "main": "do-syd1-pay2u",
+}
+
+
+def pick_domain(blob: str) -> str:
+    for d, rx in DOMAINS.items():
+        if rx.search(blob):
+            return d
+    return "main"
+
+
+def main() -> None:
+    op, args = parse_cli()
+    blob = f"{op} {arg_str(args)}"
+
+    if not re.search(r"\b(kubectl|helm)\b", blob):
+        emit(True, "not a kubectl/helm call")
+
+    if not re.search(
+        r"\b(apply|patch|create|edit|delete|install|upgrade|uninstall|rollout)\b", blob
+    ):
+        emit(True, "read-only kubectl/helm call")
+
+    rc, out, _ = run(["kubectl", "config", "current-context"])
+    ctx = out.strip() if rc == 0 else ""
+
+    wanted_domain = pick_domain(blob)
+    wanted_ctx = CONTEXTS[wanted_domain]
+
+    if ctx != wanted_ctx:
+        emit(
+            False,
+            f"cluster-routing: context '{ctx}' does not match domain "
+            f"'{wanted_domain}'. Run: kubectl config use-context {wanted_ctx}",
+            wanted_context=wanted_ctx,
+            current_context=ctx,
+        )
+
+    emit(True, f"context '{ctx}' matches domain '{wanted_domain}'")
+
+
+if __name__ == "__main__":
+    main()

package/src/policies/enforcers/codebase_read_before_plan.py

@@ -0,0 +1,52 @@
+#!/usr/bin/env python3
+"""codebase-read-before-plan enforcer: plans require prior reads of target paths."""
+from __future__ import annotations
+import os
+import re
+import sys
+import time
+from pathlib import Path
+
+sys.path.insert(0, str(Path(__file__).parent))
+from _common import arg_str, emit, parse_cli  # noqa: E402
+
+PLAN_OPS = {"ExitPlanMode", "Plan", "TodoWrite"}
+PLAN_WORD_RE = re.compile(r"(?<![-\w/])(plan the|design the|architect the|propose a plan|spec the)", re.I)
+READ_LOG = Path(os.environ.get("UAP_STATE_DIR", ".uap")) / "read_log.state"
+RECENT_SEC = 1800
+
+
+def recent_reads() -> set[str]:
+    if not READ_LOG.exists():
+        return set()
+    out: set[str] = set()
+    now = time.time()
+    for line in READ_LOG.read_text().splitlines():
+        try:
+            ts, path = line.split("\t", 1)
+            if now - float(ts) < RECENT_SEC:
+                out.add(path)
+        except ValueError:
+            continue
+    return out
+
+
+def main() -> None:
+    op, args = parse_cli()
+    blob = f"{op} {arg_str(args)}"
+    if op not in PLAN_OPS and not PLAN_WORD_RE.search(blob):
+        emit(True, "not a plan op")
+
+    reads = recent_reads()
+    if reads:
+        emit(True, f"{len(reads)} recent codebase reads on record")
+
+    emit(
+        False,
+        "codebase-read-before-plan: no Read/Grep/Glob within the last 30 min. "
+        "Read the existing codebase in the target scope before emitting a plan.",
+    )
+
+
+if __name__ == "__main__":
+    main()

package/src/policies/enforcers/coord_overlap.py

@@ -0,0 +1,81 @@
+#!/usr/bin/env python3
+"""coord-overlap enforcer: check for in-flight agent path reservations."""
+from __future__ import annotations
+import sqlite3
+import sys
+from pathlib import Path
+
+sys.path.insert(0, str(Path(__file__).parent))
+from _common import emit, parse_cli, repo_root  # noqa: E402
+
+AGENT_OPS = {"Agent", "spawn-agent", "subagent", "delegate"}
+
+
+def overlapping_reservations(root: Path, paths: list[str]) -> list[str]:
+    db = root / "agents" / "data" / "coordination" / "coordination.db"
+    if not db.exists() or not paths:
+        return []
+    try:
+        con = sqlite3.connect(f"file:{db}?mode=ro", uri=True, timeout=1.0)
+        # Best-effort: look for any reservations table with path-like column
+        cur = con.execute(
+            "SELECT name FROM sqlite_master WHERE type='table'"
+        )
+        tables = [r[0] for r in cur.fetchall()]
+        hits: list[str] = []
+        for t in tables:
+            try:
+                cols = [r[1] for r in con.execute(f"PRAGMA table_info({t})")]
+                path_col = next(
+                    (c for c in cols if c.lower() in ("path", "paths", "file", "scope")),
+                    None,
+                )
+                status_col = next(
+                    (c for c in cols if c.lower() in ("status", "state", "active")), None
+                )
+                if not path_col:
+                    continue
+                where = f" WHERE {status_col} IN ('active','in_progress',1)" if status_col else ""
+                rows = con.execute(f"SELECT {path_col} FROM {t}{where}").fetchall()
+                for (v,) in rows:
+                    if not v:
+                        continue
+                    for p in paths:
+                        if p and p in str(v):
+                            hits.append(f"{t}:{v}")
+            except sqlite3.Error:
+                continue
+        con.close()
+        return hits
+    except sqlite3.Error:
+        return []
+
+
+def main() -> None:
+    op, args = parse_cli()
+    if op not in AGENT_OPS:
+        emit(True, "not an agent-spawn op")
+
+    paths_raw = (
+        args.get("paths")
+        or args.get("scope")
+        or args.get("prompt", "")
+    )
+    if isinstance(paths_raw, list):
+        paths = [str(p) for p in paths_raw]
+    else:
+        paths = [p for p in str(paths_raw).split() if "/" in p]
+
+    hits = overlapping_reservations(repo_root(), paths)
+    if hits:
+        emit(
+            False,
+            f"coord-overlap: active reservations on: {', '.join(hits[:5])}. "
+            "Run `uap coordination check` before spawning.",
+        )
+
+    emit(True, "no overlapping reservations")
+
+
+if __name__ == "__main__":
+    main()

package/src/policies/enforcers/delivery_enforcement.py

@@ -0,0 +1,97 @@
+#!/usr/bin/env python3
+"""delivery-enforcement enforcer: route substantive coding through `uap deliver`.
+
+Fires on Edit/Write/MultiEdit to source-code files. The intent is that
+non-trivial coding work goes through the `uap deliver` convergence loop (which
+drives a model to verified completion against the real gates) rather than
+ad-hoc hand edits.
+
+SAFETY — default mode is ADVISORY (always allows, logs a nudge), so installing
+this policy never breaks editing. Strict enforcement is opt-in:
+
+  UAP_ENFORCE_DELIVERY=block   # direct source edits outside a deliver context
+                               # are blocked (exit 2)
+
+Escape hatches (always honored, even in block mode):
+  - UAP_DELIVER_ACTIVE=1   set by the deliver loop for its own subprocesses
+  - UAP_DELIVER_BYPASS=1   explicit operator override for a sanctioned manual edit
+
+Exempt by construction: non-source files, docs/configs/scripts/policies, test
+files (deliver protects those itself), and tooling dot-dirs.
+"""
+from __future__ import annotations
+import os
+import sys
+from pathlib import Path
+
+sys.path.insert(0, str(Path(__file__).parent))
+from _common import emit, parse_cli, repo_root  # noqa: E402
+
+EDIT_OPS = {"Edit", "Write", "MultiEdit", "edit", "write", "multiedit"}
+
+# Only real implementation code is gated.
+SOURCE_EXTS = (
+    ".ts", ".tsx", ".mts", ".cts", ".js", ".jsx", ".mjs", ".cjs",
+    ".py", ".go", ".rs", ".java", ".rb", ".php", ".cs", ".swift", ".kt",
+    ".c", ".cc", ".cpp", ".h", ".hpp",
+)
+
+EXEMPT_PREFIXES = (
+    ".claude/", ".cursor/", ".opencode/", ".codex/", ".forge/", ".omp/",
+    ".uap/", ".policy-tools/", ".worktrees/",
+    "src/policies/", "scripts/", "docs/", "policies/", "test/", "tests/",
+)
+
+# Test files are protected by deliver itself; never gate them here.
+TEST_MARKERS = (".test.", ".spec.", "_test.", "/test/", "/tests/", "/__tests__/")
+
+
+def main() -> None:
+    op, args = parse_cli()
+    if op not in EDIT_OPS:
+        emit(True, "not a file-edit operation")
+
+    target = args.get("file_path") or args.get("path") or args.get("target") or ""
+    if not target:
+        emit(True, "no file path in args")
+
+    root = repo_root()
+    try:
+        rel = str(Path(target).resolve().relative_to(root))
+    except ValueError:
+        emit(True, "target outside repo")
+
+    rel_posix = rel.replace(os.sep, "/")
+    low = rel_posix.lower()
+
+    if not low.endswith(SOURCE_EXTS):
+        emit(True, "not source code")
+    if any(rel_posix.startswith(p) for p in EXEMPT_PREFIXES):
+        emit(True, f"exempt path: {rel_posix}")
+    if any(m in "/" + low for m in TEST_MARKERS):
+        emit(True, "test file (protected by deliver itself)")
+
+    # Escape hatches.
+    if os.environ.get("UAP_DELIVER_ACTIVE") == "1":
+        emit(True, "inside a deliver-driven run")
+    if os.environ.get("UAP_DELIVER_BYPASS") == "1":
+        emit(True, "UAP_DELIVER_BYPASS override set")
+
+    msg = (
+        f"delivery-enforcement: '{rel_posix}' is source code being edited directly. "
+        "Route substantive coding through `uap deliver` (drives a model to verified "
+        "completion against the gates), or set UAP_DELIVER_BYPASS=1 for a sanctioned "
+        "manual edit."
+    )
+
+    mode = os.environ.get("UAP_ENFORCE_DELIVERY", "advisory").lower()
+    if mode == "block":
+        emit(False, msg)
+
+    # Advisory (default): never blocks. Surface the nudge, then allow.
+    print(f"[delivery-enforcement advisory] {msg}", file=sys.stderr)
+    emit(True, "advisory: nudge logged (set UAP_ENFORCE_DELIVERY=block to enforce)")
+
+
+if __name__ == "__main__":
+    main()

package/src/policies/enforcers/doc_live_over_report.py

@@ -0,0 +1,50 @@
+#!/usr/bin/env python3
+"""doc-live-over-report enforcer: block new *_REPORT/*_COMPLETE/*_SUMMARY/*_PLAN md files."""
+from __future__ import annotations
+import re
+import sys
+from pathlib import Path
+
+sys.path.insert(0, str(Path(__file__).parent))
+from _common import emit, parse_cli  # noqa: E402
+
+BLOCKED_RE = re.compile(
+    r"(_REPORT|_COMPLETE|_SUMMARY|_PLAN|_FIX_\d|_\d{4}-\d{2}-\d{2})\.md$",
+    re.I,
+)
+SCOPED_DIRS = ("infra/", "docs/", "")
+WRITE_OPS = {"Write", "write", "create-file"}
+
+
+def main() -> None:
+    op, args = parse_cli()
+    if op not in WRITE_OPS:
+        emit(True, "not a write op")
+
+    path = args.get("file_path") or args.get("path") or ""
+    if not path.endswith(".md"):
+        emit(True, "not a markdown file")
+
+    rel = path.replace("\\", "/")
+    # Strip leading abs path prefix if present
+    for marker in ("/pay2u/", "/miller-tech/"):
+        if marker in rel:
+            rel = rel.split(marker, 1)[1]
+            break
+
+    is_scoped = any(rel.startswith(d) for d in SCOPED_DIRS if d) or "/" not in rel
+    if not is_scoped:
+        emit(True, "out-of-scope path")
+
+    if BLOCKED_RE.search(rel):
+        emit(
+            False,
+            f"doc-live-over-report: '{rel}' is a retrospective/dated doc pattern. "
+            "Update canonical README/runbook instead.",
+        )
+
+    emit(True, "not a blocked doc pattern")
+
+
+if __name__ == "__main__":
+    main()

package/src/policies/enforcers/expert_review_required.py

@@ -0,0 +1,135 @@
+#!/usr/bin/env python3
+"""expert-review-required enforcer: a parallel expert review must precede ship.
+
+Blocks ship actions (git commit / git push / gh pr create / merge / pr-ready /
+signoff) unless a review artifact exists for the current branch AND covers the
+current HEAD. This makes the `parallel-expert-review` skill's "REQUIRED by
+policy" claim real rather than advisory.
+
+Review artifact: .uap/reviews/<branch-slug>.json, written by the
+parallel-expert-review flow on consolidation. Recognised shape:
+    { "head": "<sha>", "verdict": "approve|...", "reviewers": [...] }
+If the artifact carries a `head` that differs from the current HEAD, the review
+is stale and the op is blocked.
+
+Fail-open: if branch/HEAD cannot be resolved, the op is allowed — non-UAP repos
+and detached states are unaffected. Override: set UAP_NO_REVIEW=1 to bypass.
+"""
+from __future__ import annotations
+
+import json
+import os
+import re
+import sys
+from pathlib import Path
+
+sys.path.insert(0, str(Path(__file__).parent))
+from _common import emit, parse_cli, repo_root, run  # noqa: E402
+
+# Ship verbs are anchored to their tool prefix so that the bare tokens "merge"
+# or "signoff" inside read-only commands (git diff --merge-base, rg merge,
+# cat docs/merge-strategy.md) do not trip the gate.
+SHIP_PATTERNS = (
+    re.compile(r"\bgit\s+(commit|push|merge)\b"),
+    re.compile(r"\bgh\s+pr\s+(create|merge|ready)\b"),
+    re.compile(r"\b(pr[-_ ]?ready|sign[-_ ]?off|ready[-_ ]for[-_ ]review)\b", re.I),
+)
+
+
+def current_branch(root: Path) -> str | None:
+    # symbolic-ref resolves the branch name even on an unborn branch (no commits
+    # yet); rev-parse --abbrev-ref returns "HEAD" in that state.
+    rc, out, _ = run(["git", "symbolic-ref", "--short", "HEAD"], cwd=root)
+    if rc == 0 and out.strip():
+        return out.strip()
+    rc, out, _ = run(["git", "rev-parse", "--abbrev-ref", "HEAD"], cwd=root)
+    if rc == 0 and out.strip() and out.strip() != "HEAD":
+        return out.strip()
+    return None
+
+
+def slug_for(branch: str) -> str:
+    """Injective filename slug for a branch ref.
+
+    A naive `/`->`-` substitution collapses distinct refs (`feature/foo` and
+    `feature-foo`, which can coexist) onto the same artifact, silently bypassing
+    the gate. Percent-encode `%` first, then `/`, so the mapping is reversible
+    and collision-free: `feature/foo` -> `feature%2Ffoo`, `feature-foo` stays
+    `feature-foo`.
+    """
+    return branch.replace("%", "%25").replace("/", "%2F")
+
+
+def head_sha(root: Path) -> str | None:
+    rc, out, _ = run(["git", "rev-parse", "HEAD"], cwd=root)
+    return out.strip() if rc == 0 and out.strip() else None
+
+
+def main() -> None:
+    op, args = parse_cli()
+
+    if os.environ.get("UAP_NO_REVIEW") == "1":
+        emit(True, "UAP_NO_REVIEW override set")
+
+    op_l = op.lower()
+    if op_l != "bash":
+        emit(True, "not a ship operation")
+
+    cmd = args.get("command") or args.get("cmd") or ""
+    if not any(p.search(cmd) for p in SHIP_PATTERNS):
+        emit(True, "not a ship action")
+
+    root = repo_root()
+    branch = current_branch(root)
+    if branch is None:
+        emit(True, "branch not resolvable (detached/non-git) — fail-open")
+    slug = slug_for(branch)
+
+    review = root / ".uap" / "reviews" / f"{slug}.json"
+    if not review.exists():
+        emit(
+            False,
+            f"expert-review-required: no review artifact at .uap/reviews/{slug}.json. "
+            "Run the parallel-expert-review skill (code-quality, security, performance, "
+            "docs, test-coverage reviewers) and record the consolidated verdict before "
+            "shipping. Override for one-off meta-work: UAP_NO_REVIEW=1.",
+        )
+
+    head = head_sha(root)
+    try:
+        data = json.loads(review.read_text())
+    except Exception:  # noqa: BLE001
+        data = {}
+
+    # Defense-in-depth against artifact reuse across branches: if the artifact
+    # records the branch it covers, it must match the current branch.
+    artifact_branch = data.get("branch") if isinstance(data, dict) else None
+    if artifact_branch and artifact_branch != branch:
+        emit(
+            False,
+            f"expert-review-required: review at .uap/reviews/{slug}.json covers branch "
+            f"'{artifact_branch}', not '{branch}'. Re-run the parallel expert review on "
+            "this branch. Override: UAP_NO_REVIEW=1.",
+        )
+
+    # Stale check relative to current HEAD.
+    reviewed_head = data.get("head") if isinstance(data, dict) else None
+    if reviewed_head and head and reviewed_head != head:
+        emit(
+            False,
+            f"expert-review-required: review at .uap/reviews/{slug}.json covers "
+            f"{reviewed_head[:8]} but HEAD is {head[:8]} — the review is stale. "
+            "Re-run the parallel expert review for the current changes. "
+            "Override: UAP_NO_REVIEW=1.",
+        )
+
+    emit(
+        True,
+        f"expert-review satisfied (.uap/reviews/{slug}.json"
+        + (f", head {reviewed_head[:8]}" if reviewed_head else "")
+        + ")",
+    )
+
+
+if __name__ == "__main__":
+    main()

package/src/policies/enforcers/iac_parity.py

@@ -0,0 +1,53 @@
+#!/usr/bin/env python3
+"""iac-parity enforcer: live-state changes must have matching IaC diff."""
+from __future__ import annotations
+import re
+import sys
+from pathlib import Path
+
+sys.path.insert(0, str(Path(__file__).parent))
+from _common import arg_str, emit, parse_cli, run, worktree_root  # noqa: E402
+
+MUTATING_RE = re.compile(
+    r"\b(kubectl|helm|doctl|aws|gcloud)\b.*?\b(apply|patch|create|edit|delete|install|upgrade|rollout|scale|set)\b",
+    re.I,
+)
+IAC_PATHS = (
+    "infra/terraform/",
+    "infra/helm_charts/",
+    "infra/kubernetes/",
+    "infra/k8s/",
+    "infra/policies/",
+)
+
+
+def main() -> None:
+    op, args = parse_cli()
+    blob = f"{op} {arg_str(args)}"
+
+    if not MUTATING_RE.search(blob):
+        emit(True, "not a mutating IaC-scope command")
+
+    root = worktree_root()  # git status must run against the working tree, not MAIN_ROOT
+    rc, out, _ = run(["git", "status", "--porcelain"], cwd=root)
+    if rc != 0:
+        emit(True, "git status unavailable; deferring to post-commit check")
+
+    has_iac = any(
+        line[3:].startswith(IAC_PATHS) or line[3:].lstrip().startswith(IAC_PATHS)
+        for line in out.splitlines()
+    )
+
+    if not has_iac:
+        emit(
+            False,
+            "iac-parity: live-state mutation without matching IaC diff under "
+            + ", ".join(IAC_PATHS)
+            + ". Update Terraform/Helm/K8s manifests in the same worktree.",
+        )
+
+    emit(True, "IaC diff present in worktree")
+
+
+if __name__ == "__main__":
+    main()