@onlooker-community/ecosystem 0.9.0 → 0.14.0

package/test/bats/echo-project-key.bats

@@ -0,0 +1,115 @@
+#!/usr/bin/env bats
+
+setup() {
+	source "${BATS_TEST_DIRNAME}/../helpers/setup.bash"
+	setup_test_env
+
+	PLUGIN_ROOT="${REPO_ROOT}/plugins/echo"
+	# shellcheck disable=SC1091
+	source "${PLUGIN_ROOT}/scripts/lib/echo-project-key.sh"
+}
+
+@test "non-git directory returns empty key" {
+	local d="${BATS_TEST_TMPDIR}/non-git"
+	mkdir -p "$d"
+	run echo_project_key "$d"
+	[ "$status" -eq 0 ]
+	[ -z "$output" ]
+}
+
+@test "git repo without remote falls back to repo-root hash" {
+	local d="${BATS_TEST_TMPDIR}/local-only-repo"
+	mkdir -p "$d"
+	git -C "$d" init -q
+	git -C "$d" config user.email t@example.com
+	git -C "$d" config user.name "Test"
+
+	local k1 k2
+	k1=$(echo_project_key "$d")
+	k2=$(echo_project_key "$d")
+	[ -n "$k1" ]
+	[ "${#k1}" -eq 12 ]
+	[ "$k1" = "$k2" ]
+}
+
+@test "git repo with remote uses remote hash" {
+	local a="${BATS_TEST_TMPDIR}/clone-a"
+	local b="${BATS_TEST_TMPDIR}/clone-b"
+	mkdir -p "$a" "$b"
+	for d in "$a" "$b"; do
+		git -C "$d" init -q
+		git -C "$d" config user.email t@example.com
+		git -C "$d" config user.name "Test"
+		git -C "$d" remote add origin git@github.com:org/proj.git
+	done
+
+	local ka kb
+	ka=$(echo_project_key "$a")
+	kb=$(echo_project_key "$b")
+	[ -n "$ka" ]
+	[ "$ka" = "$kb" ]
+}
+
+@test "different remotes yield different keys" {
+	local a="${BATS_TEST_TMPDIR}/proj-a"
+	local b="${BATS_TEST_TMPDIR}/proj-b"
+	mkdir -p "$a" "$b"
+	for d in "$a" "$b"; do
+		git -C "$d" init -q
+		git -C "$d" config user.email t@example.com
+		git -C "$d" config user.name "Test"
+	done
+	git -C "$a" remote add origin git@github.com:org/proj-a.git
+	git -C "$b" remote add origin git@github.com:org/proj-b.git
+
+	local ka kb
+	ka=$(echo_project_key "$a")
+	kb=$(echo_project_key "$b")
+	[ -n "$ka" ]
+	[ -n "$kb" ]
+	[ "$ka" != "$kb" ]
+}
+
+@test "echo_test_id_for_path returns 16 hex chars" {
+	local tid
+	tid=$(echo_test_id_for_path "plugins/tribunal/agents/tribunal-judge-standard.md")
+	[ -n "$tid" ]
+	[ "${#tid}" -eq 16 ]
+	[[ "$tid" =~ ^[0-9a-f]{16}$ ]]
+}
+
+@test "echo_test_id_for_path is stable across calls" {
+	local a b
+	a=$(echo_test_id_for_path "plugins/tribunal/agents/tribunal-judge-standard.md")
+	b=$(echo_test_id_for_path "plugins/tribunal/agents/tribunal-judge-standard.md")
+	[ "$a" = "$b" ]
+}
+
+@test "echo_test_id_for_path differs for different paths" {
+	local a b
+	a=$(echo_test_id_for_path "plugins/tribunal/agents/tribunal-judge-standard.md")
+	b=$(echo_test_id_for_path "plugins/tribunal/agents/tribunal-judge-adversarial.md")
+	[ "$a" != "$b" ]
+}
+
+@test "echo_project_repo_root returns empty for non-git dir" {
+	local d="${BATS_TEST_TMPDIR}/not-a-repo"
+	mkdir -p "$d"
+	local r
+	r=$(echo_project_repo_root "$d")
+	[ -z "$r" ]
+}
+
+@test "echo_project_repo_root returns repo root for subdir" {
+	local d="${BATS_TEST_TMPDIR}/myrepo"
+	mkdir -p "${d}/sub/dir"
+	git -C "$d" init -q
+	git -C "$d" config user.email t@example.com
+	git -C "$d" config user.name "Test"
+
+	local r expected
+	r=$(echo_project_repo_root "${d}/sub/dir")
+	# Resolve symlinks — on macOS BATS_TEST_TMPDIR may differ from git's toplevel.
+	expected=$(cd "$d" && pwd -P)
+	[ "$r" = "$expected" ]
+}

package/test/bats/echo-stop-hook.bats

@@ -0,0 +1,101 @@
+#!/usr/bin/env bats
+
+# Exercises the Echo Stop hook's gating behavior. Does not invoke claude -p
+# (the hook bails before reaching the eval loop when preconditions fail).
+# Tests verify: disabled-by-default, no-git, no-watched-changes, recursion
+# guard, untracked file detection, and stdout silence.
+
+setup() {
+	source "${BATS_TEST_DIRNAME}/../helpers/setup.bash"
+	setup_test_env
+
+	PLUGIN_ROOT="${REPO_ROOT}/plugins/echo"
+	export CLAUDE_PLUGIN_ROOT="$PLUGIN_ROOT"
+	HOOK="${PLUGIN_ROOT}/scripts/hooks/echo-stop-gate.sh"
+
+	REPO="${BATS_TEST_TMPDIR}/repo"
+	mkdir -p "$REPO"
+	git -C "$REPO" init -q
+	git -C "$REPO" config user.email test@example.com
+	git -C "$REPO" config user.name test
+	(cd "$REPO" && printf 'initial\n' > README.md && git add README.md && git commit -q -m init)
+}
+
+_make_input() {
+	local cwd="${1:-$REPO}" sid="${2:-test-session}"
+	jq -n --arg cwd "$cwd" --arg sid "$sid" '{cwd: $cwd, session_id: $sid}'
+}
+
+@test "hook exits 0 silently when echo.enabled is false (default)" {
+	local input
+	input=$(_make_input)
+	run bash -c "printf '%s' '$input' | ONLOOKER_DIR='$ONLOOKER_DIR' '$HOOK'"
+	[ "$status" -eq 0 ]
+	[ -z "$output" ]
+}
+
+@test "hook exits 0 when cwd is not a git repo" {
+	local non_repo="${BATS_TEST_TMPDIR}/not-a-repo"
+	mkdir -p "$non_repo"
+	local input
+	input=$(_make_input "$non_repo")
+	run bash -c "printf '%s' '$input' | ONLOOKER_DIR='$ONLOOKER_DIR' '$HOOK'"
+	[ "$status" -eq 0 ]
+}
+
+@test "hook exits 0 when enabled but no watched files changed" {
+	mkdir -p "${REPO}/.claude"
+	printf '%s\n' '{"echo":{"enabled":true}}' > "${REPO}/.claude/settings.json"
+	local input
+	input=$(_make_input)
+	run bash -c "printf '%s' '$input' | ONLOOKER_DIR='$ONLOOKER_DIR' '$HOOK'"
+	[ "$status" -eq 0 ]
+	[ -z "$output" ]
+}
+
+@test "recursion guard: ECHO_NESTED=1 causes immediate exit 0" {
+	mkdir -p "${REPO}/.claude"
+	printf '%s\n' '{"echo":{"enabled":true}}' > "${REPO}/.claude/settings.json"
+	local input
+	input=$(_make_input)
+	# Export ECHO_NESTED into the subshell that runs the hook.
+	run bash -c "printf '%s' '$input' | ECHO_NESTED=1 ONLOOKER_DIR='$ONLOOKER_DIR' '$HOOK'"
+	[ "$status" -eq 0 ]
+	[ -z "$output" ]
+}
+
+@test "hook never prints to stdout (Stop contract)" {
+	local input
+	input=$(_make_input)
+	run bash -c "printf '%s' '$input' | ONLOOKER_DIR='$ONLOOKER_DIR' '$HOOK'"
+	[ "$status" -eq 0 ]
+	[ -z "$output" ]
+}
+
+@test "untracked watched file is detected when enabled and claude missing" {
+	mkdir -p "${REPO}/.claude" "${REPO}/plugins/myplugin/agents"
+	printf '%s\n' '{"echo":{"enabled":true,"watch_paths":["plugins/*/agents/*.md"]}}' \
+		> "${REPO}/.claude/settings.json"
+	printf '%s\n' '# New agent' > "${REPO}/plugins/myplugin/agents/new-agent.md"
+	local input
+	input=$(_make_input)
+	# claude is not present in the test env PATH → hook reaches _done after the
+	# `command -v claude` guard. Exit 0 with no output confirms the file was
+	# at least detected (it passed the _done guards before the claude check).
+	run bash -c "PATH=/usr/bin:/bin printf '%s' '$input' | ONLOOKER_DIR='$ONLOOKER_DIR' '$HOOK'"
+	[ "$status" -eq 0 ]
+}
+
+@test "files under plugins/echo are excluded even if they match watch_paths" {
+	mkdir -p "${REPO}/.claude" "${REPO}/plugins/echo/agents"
+	printf '%s\n' '{"echo":{"enabled":true,"watch_paths":["plugins/*/agents/*.md"]}}' \
+		> "${REPO}/.claude/settings.json"
+	printf '%s\n' '# Echo self' > "${REPO}/plugins/echo/agents/self.md"
+	local input
+	input=$(_make_input)
+	# With echo's own file as the only change, no watched files remain after
+	# exclude filtering — hook exits before the claude guard (no output).
+	run bash -c "PATH=/usr/bin:/bin printf '%s' '$input' | ONLOOKER_DIR='$ONLOOKER_DIR' '$HOOK'"
+	[ "$status" -eq 0 ]
+	[ -z "$output" ]
+}

package/test/bats/echo-ulid.bats

@@ -0,0 +1,38 @@
+#!/usr/bin/env bats
+
+setup() {
+	source "${BATS_TEST_DIRNAME}/../helpers/setup.bash"
+	setup_test_env
+
+	PLUGIN_ROOT="${REPO_ROOT}/plugins/echo"
+	# shellcheck disable=SC1091
+	source "${PLUGIN_ROOT}/scripts/lib/echo-ulid.sh"
+}
+
+@test "echo_ulid returns a 26-char crockford base32 string" {
+	local id
+	id=$(echo_ulid)
+	[ "${#id}" -eq 26 ]
+	[[ "$id" =~ ^[0123456789ABCDEFGHJKMNPQRSTVWXYZ]{26}$ ]]
+}
+
+@test "two ULIDs minted apart are lexicographically ordered or equal" {
+	local a b
+	a=$(echo_ulid)
+	sleep 0.01
+	b=$(echo_ulid)
+	[[ "$a" < "$b" ]] || [ "$a" = "$b" ]
+}
+
+@test "many ULIDs are unique" {
+	local seen="${BATS_TEST_TMPDIR}/ulids.txt"
+	: > "$seen"
+	local i
+	for ((i = 0; i < 50; i++)); do
+		printf '%s\n' "$(echo_ulid)" >> "$seen"
+	done
+	local total unique
+	total=$(wc -l < "$seen" | tr -d ' ')
+	unique=$(sort -u "$seen" | wc -l | tr -d ' ')
+	[ "$total" = "$unique" ]
+}

package/test/bats/portable-lock.bats

@@ -0,0 +1,62 @@
+#!/usr/bin/env bats
+
+setup() {
+  # shellcheck source=../helpers/setup.bash
+  source "${BATS_TEST_DIRNAME}/../helpers/setup.bash"
+  setup_test_env
+  # shellcheck disable=SC1091
+  source "${REPO_ROOT}/scripts/lib/portable-lock.sh"
+  LOCK="${BATS_TEST_TMPDIR}/test.lock"
+}
+
+@test "lock_acquire succeeds on an unlocked path" {
+  run lock_acquire "$LOCK" 1
+  [ "$status" -eq 0 ]
+  [ -d "${LOCK}.d" ]
+  lock_release "$LOCK"
+}
+
+@test "lock_acquire on a held lock blocks until released" {
+  lock_acquire "$LOCK" 1
+  # Start a background releaser after 200ms.
+  ( sleep 0.2; lock_release "$LOCK" ) &
+  local releaser=$!
+  # Second acquire should succeed once the releaser fires.
+  run lock_acquire "$LOCK" 2
+  wait $releaser
+  [ "$status" -eq 0 ]
+  lock_release "$LOCK"
+}
+
+@test "lock_acquire returns 1 when timeout elapses with the lock still held" {
+  mkdir "${LOCK}.d"
+  run lock_acquire "$LOCK" 1
+  [ "$status" -eq 1 ]
+  rmdir "${LOCK}.d"
+}
+
+@test "lock_release is a no-op when the lock is not held" {
+  run lock_release "$LOCK"
+  [ "$status" -eq 0 ]
+}
+
+@test "concurrent appenders do not interleave writes" {
+  local out="${BATS_TEST_TMPDIR}/concurrent.txt"
+  : >"$out"
+  local n=20
+  local i
+  for ((i = 0; i < n; i++)); do
+    (
+      lock_acquire "$LOCK" 5 || exit 1
+      # Write a 100-char marker so any byte-level interleave is obvious.
+      printf '%s\n' "$(printf 'x%.0s' {1..100})" >>"$out"
+      lock_release "$LOCK"
+    ) &
+  done
+  wait
+  # All lines should be exactly 100 bytes followed by newline.
+  local lines
+  lines=$(wc -l <"$out" | tr -d ' ')
+  [ "$lines" = "$n" ]
+  awk 'length($0) != 100 { bad++ } END { exit (bad > 0) }' "$out"
+}

package/test/bats/prompt-rules.bats

@@ -0,0 +1,269 @@
+#!/usr/bin/env bats
+
+setup() {
+  # shellcheck source=../helpers/setup.bash
+  source "${BATS_TEST_DIRNAME}/../helpers/setup.bash"
+  load_validate_path
+  # shellcheck source=../../scripts/lib/prompt-rules.sh
+  source "${REPO_ROOT}/scripts/lib/prompt-rules.sh"
+  export CLAUDE_PLUGIN_ROOT="${REPO_ROOT}"
+
+  ensure_dir_exists "$ONLOOKER_PROMPT_RULES_SESSIONS_DIR"
+}
+
+write_global_rules() {
+  local body="$1"
+  printf '%s\n' "$body" > "$(prompt_rules_global_path)"
+}
+
+write_project_rules() {
+  local project_dir="$1"
+  local body="$2"
+  mkdir -p "${project_dir}/.claude"
+  printf '%s\n' "$body" > "${project_dir}/.claude/prompt-rules.json"
+}
+
+@test "load_merged returns empty array when no rule files exist" {
+  local rules
+  rules=$(prompt_rules_load_merged "$TEST_HOME")
+  [ "$(echo "$rules" | jq 'length')" = "0" ]
+}
+
+@test "load_merged surfaces global rules when only global exists" {
+  write_global_rules '{
+    "rules": [
+      {"id": "r1", "pattern": "foo", "guidance": "global rule", "enabled": true}
+    ]
+  }'
+  local rules
+  rules=$(prompt_rules_load_merged "$TEST_HOME")
+  [ "$(echo "$rules" | jq 'length')" = "1" ]
+  [ "$(echo "$rules" | jq -r '.[0].guidance')" = "global rule" ]
+}
+
+@test "load_merged: project overrides global by id" {
+  write_global_rules '{
+    "rules": [
+      {"id": "r1", "pattern": "foo", "guidance": "global version"},
+      {"id": "r2", "pattern": "bar", "guidance": "global only"}
+    ]
+  }'
+  write_project_rules "$TEST_HOME" '{
+    "rules": [
+      {"id": "r1", "pattern": "foo", "guidance": "project version"}
+    ]
+  }'
+  local rules
+  rules=$(prompt_rules_load_merged "$TEST_HOME")
+  [ "$(echo "$rules" | jq 'length')" = "2" ]
+  [ "$(echo "$rules" | jq -r '.[] | select(.id=="r1") | .guidance')" = "project version" ]
+  [ "$(echo "$rules" | jq -r '.[] | select(.id=="r2") | .guidance')" = "global only" ]
+}
+
+@test "load_merged filters out enabled: false rules" {
+  write_global_rules '{
+    "rules": [
+      {"id": "r1", "pattern": "foo", "guidance": "on"},
+      {"id": "r2", "pattern": "bar", "guidance": "off", "enabled": false}
+    ]
+  }'
+  local rules
+  rules=$(prompt_rules_load_merged "$TEST_HOME")
+  [ "$(echo "$rules" | jq 'length')" = "1" ]
+  [ "$(echo "$rules" | jq -r '.[0].id')" = "r1" ]
+}
+
+@test "pattern_matches: hit, miss, empty pattern" {
+  run prompt_rules_pattern_matches "hello world" "world"
+  [ "$status" -eq 0 ]
+  run prompt_rules_pattern_matches "hello world" "xyz"
+  [ "$status" -eq 1 ]
+  run prompt_rules_pattern_matches "hello world" ""
+  [ "$status" -eq 1 ]
+}
+
+@test "pattern_matches: invalid ERE returns non-match without leaking stderr" {
+  # Unbalanced bracket — bash would normally print "syntax error in regular
+  # expression" to stderr and return 2. The helper must swallow both.
+  run prompt_rules_pattern_matches "anything" "[unterminated"
+  [ "$status" -eq 1 ]
+  [ -z "$stderr" ] || [ -z "${stderr// /}" ]
+}
+
+@test "load_merged: tolerates non-array .rules and entries missing id" {
+  # Object instead of array, and rule entries with missing/non-string ids.
+  write_global_rules '{"rules": "not-an-array"}'
+  write_project_rules "$TEST_HOME" '{
+    "rules": [
+      {"pattern": "no-id"},
+      {"id": null, "pattern": "null-id"},
+      {"id": 42, "pattern": "non-string-id"},
+      {"id": "good", "pattern": "ok", "guidance": "ok"}
+    ]
+  }'
+  local rules
+  rules=$(prompt_rules_load_merged "$TEST_HOME")
+  [ "$(echo "$rules" | jq 'length')" = "1" ]
+  [ "$(echo "$rules" | jq -r '.[0].id')" = "good" ]
+}
+
+@test "mark_fired + load_fired round-trip is idempotent" {
+  prompt_rules_mark_fired "sess-A" "rule-1"
+  prompt_rules_mark_fired "sess-A" "rule-1"
+  prompt_rules_mark_fired "sess-A" "rule-2"
+  local fired
+  fired=$(prompt_rules_load_fired "sess-A")
+  [ "$(echo "$fired" | jq 'length')" = "2" ]
+  [ "$(echo "$fired" | jq -r '. | sort | join(",")')" = "rule-1,rule-2" ]
+}
+
+@test "hook injects additionalContext when prompt matches a rule" {
+  write_global_rules '{
+    "rules": [
+      {"id": "rule-no-verify", "pattern": "--no-verify", "guidance": "Skipping hooks usually masks the real issue."}
+    ]
+  }'
+  local fixture="${REPO_ROOT}/test/fixtures/hook-inputs/user-prompt-submit-rule-match.json"
+
+  run bash -c "cat '${fixture}' | '${REPO_ROOT}/scripts/hooks/prompt-rule-injector.sh' 2>/dev/null"
+  [ "$status" -eq 0 ]
+  echo "$output" | jq -e \
+    '.hookSpecificOutput.hookEventName == "UserPromptSubmit"
+     and (.hookSpecificOutput.additionalContext | contains("Skipping hooks"))' >/dev/null
+}
+
+@test "hook outputs nothing when no rule matches" {
+  write_global_rules '{
+    "rules": [
+      {"id": "rule-no-verify", "pattern": "--no-verify", "guidance": "Skipping hooks usually masks the real issue."}
+    ]
+  }'
+  local fixture="${REPO_ROOT}/test/fixtures/hook-inputs/user-prompt-submit-rule-nomatch.json"
+
+  run bash -c "cat '${fixture}' | '${REPO_ROOT}/scripts/hooks/prompt-rule-injector.sh' 2>/dev/null"
+  [ "$status" -eq 0 ]
+  [ -z "$output" ]
+}
+
+@test "hook fires a rule once per session" {
+  write_global_rules '{
+    "rules": [
+      {"id": "rule-no-verify", "pattern": "--no-verify", "guidance": "Skipping hooks usually masks the real issue."}
+    ]
+  }'
+  local fixture="${REPO_ROOT}/test/fixtures/hook-inputs/user-prompt-submit-rule-match.json"
+
+  # First invocation: injects
+  local first_output
+  first_output=$(cat "$fixture" | "${REPO_ROOT}/scripts/hooks/prompt-rule-injector.sh" 2>/dev/null)
+  echo "$first_output" | jq -e '.hookSpecificOutput.additionalContext | contains("Skipping hooks")' >/dev/null
+
+  # Second invocation with same session: no injection
+  local second_output
+  second_output=$(cat "$fixture" | "${REPO_ROOT}/scripts/hooks/prompt-rule-injector.sh" 2>/dev/null)
+  [ -z "$second_output" ]
+}
+
+@test "hook emits prompt_rule.matched and prompt_rule.applied to events log" {
+  write_global_rules '{
+    "rules": [
+      {"id": "rule-no-verify", "pattern": "--no-verify", "guidance": "Skipping hooks usually masks the real issue."}
+    ]
+  }'
+  : >"$ONLOOKER_EVENTS_LOG"
+  local fixture="${REPO_ROOT}/test/fixtures/hook-inputs/user-prompt-submit-rule-match.json"
+
+  cat "$fixture" | "${REPO_ROOT}/scripts/hooks/prompt-rule-injector.sh" >/dev/null 2>&1
+
+  grep -q '"event_type":"prompt_rule.matched"' "$ONLOOKER_EVENTS_LOG"
+  grep -q '"event_type":"prompt_rule.applied"' "$ONLOOKER_EVENTS_LOG"
+  grep -q '"rule_id":"rule-no-verify"' "$ONLOOKER_EVENTS_LOG"
+}
+
+@test "hook fires repeatedly when fire_once_per_session is false" {
+  write_global_rules '{
+    "rules": [
+      {"id": "rule-no-verify", "pattern": "--no-verify", "guidance": "Skipping hooks usually masks the real issue.", "fire_once_per_session": false}
+    ]
+  }'
+  local fixture="${REPO_ROOT}/test/fixtures/hook-inputs/user-prompt-submit-rule-match.json"
+
+  # Both invocations must inject — explicit false should not get coerced to true.
+  local first second
+  first=$(cat "$fixture" | "${REPO_ROOT}/scripts/hooks/prompt-rule-injector.sh" 2>/dev/null)
+  second=$(cat "$fixture" | "${REPO_ROOT}/scripts/hooks/prompt-rule-injector.sh" 2>/dev/null)
+
+  echo "$first" | jq -e '.hookSpecificOutput.additionalContext | contains("Skipping hooks")' >/dev/null
+  echo "$second" | jq -e '.hookSpecificOutput.additionalContext | contains("Skipping hooks")' >/dev/null
+}
+
+@test "hook still emits prompt_rule.matched on subsequent match but not prompt_rule.applied" {
+  write_global_rules '{
+    "rules": [
+      {"id": "rule-no-verify", "pattern": "--no-verify", "guidance": "msg"}
+    ]
+  }'
+  local fixture="${REPO_ROOT}/test/fixtures/hook-inputs/user-prompt-submit-rule-match.json"
+
+  cat "$fixture" | "${REPO_ROOT}/scripts/hooks/prompt-rule-injector.sh" >/dev/null 2>&1
+  : >"$ONLOOKER_EVENTS_LOG"
+  cat "$fixture" | "${REPO_ROOT}/scripts/hooks/prompt-rule-injector.sh" >/dev/null 2>&1
+
+  grep -q '"event_type":"prompt_rule.matched"' "$ONLOOKER_EVENTS_LOG"
+  ! grep -q '"event_type":"prompt_rule.applied"' "$ONLOOKER_EVENTS_LOG"
+}
+
+@test "hook respects per_turn_max_chars: drops overflowing rules" {
+  write_global_rules '{
+    "rules": [
+      {"id": "r1", "pattern": "no-verify", "guidance": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"},
+      {"id": "r2", "pattern": "no-verify", "guidance": "BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB"}
+    ]
+  }'
+  # Use a temp plugin root with a tiny char budget
+  local tmp_root="${BATS_TEST_TMPDIR}/tiny-budget-root"
+  mkdir -p "$tmp_root"
+  printf '%s\n' '{"plugin_name":"onlooker","prompt_rules":{"enabled":true,"per_turn_max_chars":120}}' > "$tmp_root/config.json"
+
+  local fixture="${REPO_ROOT}/test/fixtures/hook-inputs/user-prompt-submit-rule-match.json"
+  local output
+  output=$(CLAUDE_PLUGIN_ROOT="$tmp_root" cat "$fixture" | CLAUDE_PLUGIN_ROOT="$tmp_root" "${REPO_ROOT}/scripts/hooks/prompt-rule-injector.sh" 2>/dev/null)
+
+  # First rule fits (~98 chars); second pushes past 120, gets dropped.
+  echo "$output" | jq -e '.hookSpecificOutput.additionalContext | contains("AAAA") and (contains("BBBB") | not)' >/dev/null
+}
+
+@test "hook short-circuits when prompt_rules.enabled = false" {
+  write_global_rules '{
+    "rules": [
+      {"id": "r1", "pattern": "no-verify", "guidance": "should not fire"}
+    ]
+  }'
+  local tmp_root="${BATS_TEST_TMPDIR}/disabled-root"
+  mkdir -p "$tmp_root"
+  printf '%s\n' '{"plugin_name":"onlooker","prompt_rules":{"enabled":false}}' > "$tmp_root/config.json"
+
+  local fixture="${REPO_ROOT}/test/fixtures/hook-inputs/user-prompt-submit-rule-match.json"
+  local output
+  output=$(CLAUDE_PLUGIN_ROOT="$tmp_root" "${REPO_ROOT}/scripts/hooks/prompt-rule-injector.sh" < "$fixture" 2>/dev/null)
+  [ -z "$output" ]
+}
+
+@test "list_table reports active rules and per-session fire status" {
+  write_global_rules '{
+    "rules": [
+      {"id": "r1", "pattern": "foo", "guidance": "global one"},
+      {"id": "r2", "pattern": "bar", "guidance": "global two"}
+    ]
+  }'
+  prompt_rules_mark_fired "session-list" "r1"
+
+  local out
+  out=$(prompt_rules_list_table "session-list" "$TEST_HOME")
+  echo "$out" | grep -q "active rules: 2"
+  echo "$out" | grep -q "id: r1"
+  echo "$out" | grep -q "id: r2"
+  # r1 is fired, r2 is not
+  echo "$out" | grep -A2 "id: r1" | grep -q "fired: yes"
+  echo "$out" | grep -A2 "id: r2" | grep -q "fired: no"
+}

package/test/bats/read-chunk-tracking.bats

@@ -0,0 +1,73 @@
+#!/usr/bin/env bats
+
+setup() {
+  # shellcheck source=../helpers/setup.bash
+  source "${BATS_TEST_DIRNAME}/../helpers/setup.bash"
+  load_validate_path
+  # shellcheck source=../../scripts/lib/onlooker-schema.sh
+  source "${REPO_ROOT}/scripts/lib/onlooker-schema.sh"
+  # shellcheck source=../../scripts/lib/tool-history.sh
+  source "${REPO_ROOT}/scripts/lib/tool-history.sh"
+  export CLAUDE_PLUGIN_ROOT="${REPO_ROOT}"
+
+  LARGE_FILE="${BATS_TEST_TMPDIR}/large-source.ts"
+  # > LARGE_FILE_BYTES_ON_DISK (100_000) for large_file_full_read
+  printf '%*s\n' 120000 "" >"$LARGE_FILE"
+}
+
+@test "tool_history maps full Read to read_mode full" {
+  local fixture="${REPO_ROOT}/test/fixtures/hook-inputs/post-tool-use-read.json"
+  local record
+  record=$(tool_history_build_record "$(cat "$fixture")")
+  echo "$record" | jq -e \
+    '.payload.read_mode == "full"
+     and .payload.path == "/project/src/main.ts"
+     and (.payload.large_file_full_read | not)' \
+    >/dev/null
+  echo "$record" | onlooker_validate_event
+}
+
+@test "tool_history maps chunked Read to read_mode partial with offset and limit" {
+  local fixture="${REPO_ROOT}/test/fixtures/hook-inputs/post-tool-use-read-chunked.json"
+  local record
+  record=$(tool_history_build_record "$(cat "$fixture")")
+  echo "$record" | jq -e \
+    '.payload.read_mode == "partial"
+     and .payload.offset == 400
+     and .payload.limit == 80
+     and .payload.lines_read == 3' \
+    >/dev/null
+  echo "$record" | onlooker_validate_event
+}
+
+@test "tool_history flags large_file_full_read for full read of large on-disk file" {
+  local input
+  input=$(jq -n \
+    --arg path "$LARGE_FILE" \
+    --arg content "peek\n" \
+    '{
+      session_id: "history-session-002",
+      hook_event_name: "PostToolUse",
+      tool_name: "Read",
+      tool_input: {file_path: $path},
+      tool_response: {content: $content}
+    }')
+  local record
+  record=$(tool_history_build_record "$input")
+  echo "$record" | jq -e \
+    '.payload.read_mode == "full"
+     and .payload.large_file_full_read == true
+     and .payload.file_bytes_on_disk > 100000' \
+    >/dev/null
+  echo "$record" | onlooker_validate_event
+}
+
+@test "tool-history-tracker appends chunked read to session JSONL" {
+  local fixture="${REPO_ROOT}/test/fixtures/hook-inputs/post-tool-use-read-chunked.json"
+  local history_file="${ONLOOKER_SESSION_HISTORY_DIR}/history-session-001.jsonl"
+  rm -f "$history_file" "${history_file}.lock"
+
+  cat "$fixture" | "${REPO_ROOT}/scripts/hooks/tool-history-tracker.sh" >/dev/null 2>&1
+
+  tail -n 1 "$history_file" | jq -e '.payload.read_mode == "partial"' >/dev/null
+}

package/test/bats/tool-history-tracker.bats

@@ -19,6 +19,7 @@ setup() {
     '.schema_version == "1.0"
      and .event_type == "tool.file.read"
      and .payload.path == "/project/src/main.ts"
+     and .payload.read_mode == "full"
      and .session_id == "history-session-001"' \
     >/dev/null
   echo "$record" | onlooker_validate_event