@pdlc-os/pdlc 0.1.0

package/bin/pdlc.js

@@ -0,0 +1,221 @@
+#!/usr/bin/env node
+
+'use strict';
+
+const fs = require('fs');
+const path = require('path');
+const os = require('os');
+
+const PLUGIN_ROOT = path.resolve(__dirname, '..');
+const VERSION = require(path.join(PLUGIN_ROOT, 'package.json')).version;
+const GLOBAL_SETTINGS_PATH = path.join(os.homedir(), '.claude', 'settings.json');
+const PLUGIN_SETTINGS_PATH = path.join(PLUGIN_ROOT, '.claude', 'settings.json');
+
+// ─── Helpers ──────────────────────────────────────────────────────────────────
+
+function readJson(filePath) {
+  try {
+    return JSON.parse(fs.readFileSync(filePath, 'utf8'));
+  } catch (err) {
+    if (err.code === 'ENOENT') return null;
+    throw new Error(`Failed to parse ${filePath}: ${err.message}`);
+  }
+}
+
+function writeJson(filePath, data) {
+  fs.mkdirSync(path.dirname(filePath), { recursive: true });
+  fs.writeFileSync(filePath, JSON.stringify(data, null, 2) + '\n', 'utf8');
+}
+
+function deepMerge(target, source) {
+  const result = Object.assign({}, target);
+  for (const key of Object.keys(source)) {
+    const src = source[key];
+    const tgt = result[key];
+    if (src !== null && typeof src === 'object' && !Array.isArray(src)) {
+      result[key] = deepMerge(tgt || {}, src);
+    } else if (Array.isArray(src) && Array.isArray(tgt)) {
+      const seen = new Set(tgt.map(JSON.stringify));
+      result[key] = [...tgt, ...src.filter(i => !seen.has(JSON.stringify(i)))];
+    } else {
+      result[key] = src;
+    }
+  }
+  return result;
+}
+
+function resolvePlaceholders(obj) {
+  return JSON.parse(
+    JSON.stringify(obj).replace(
+      /\$\{CLAUDE_PLUGIN_ROOT\}/g,
+      PLUGIN_ROOT.replace(/\\/g, '/')
+    )
+  );
+}
+
+/** Remove all PDLC-injected entries from a settings object (by plugin root path). */
+function stripPdlc(settings) {
+  const rootStr = PLUGIN_ROOT.replace(/\\/g, '/');
+  const cleaned = JSON.parse(JSON.stringify(settings));
+
+  // Remove statusLine if it points to PDLC
+  if (cleaned.statusLine?.command?.includes(rootStr)) {
+    delete cleaned.statusLine;
+  }
+
+  // Remove PDLC entries from hook arrays
+  for (const event of ['PostToolUse', 'PreToolUse', 'SessionStart']) {
+    if (!Array.isArray(cleaned.hooks?.[event])) continue;
+    cleaned.hooks[event] = cleaned.hooks[event]
+      .map(group => {
+        if (!Array.isArray(group.hooks)) return group;
+        const filtered = group.hooks.filter(h => !h.command?.includes(rootStr));
+        return filtered.length ? { ...group, hooks: filtered } : null;
+      })
+      .filter(Boolean);
+    if (cleaned.hooks[event].length === 0) delete cleaned.hooks[event];
+  }
+  if (cleaned.hooks && Object.keys(cleaned.hooks).length === 0) {
+    delete cleaned.hooks;
+  }
+  return cleaned;
+}
+
+function isPdlcInstalled(settings) {
+  const rootStr = PLUGIN_ROOT.replace(/\\/g, '/');
+  return (
+    settings?.statusLine?.command?.includes(rootStr) ||
+    Object.values(settings?.hooks || {}).some(arr =>
+      arr.some(group =>
+        group.hooks?.some(h => h.command?.includes(rootStr))
+      )
+    )
+  );
+}
+
+// ─── Commands ─────────────────────────────────────────────────────────────────
+
+function install() {
+  const pluginSettings = readJson(PLUGIN_SETTINGS_PATH);
+  if (!pluginSettings) {
+    console.error(`Error: Plugin settings not found at ${PLUGIN_SETTINGS_PATH}`);
+    process.exit(1);
+  }
+
+  const resolved = resolvePlaceholders(pluginSettings);
+  const global = readJson(GLOBAL_SETTINGS_PATH) ?? {};
+
+  if (isPdlcInstalled(global)) {
+    // Re-install: strip old entries first so paths stay current
+    const stripped = stripPdlc(global);
+    writeJson(GLOBAL_SETTINGS_PATH, deepMerge(stripped, resolved));
+    console.log(`\nPDLC updated to v${VERSION}.`);
+  } else {
+    writeJson(GLOBAL_SETTINGS_PATH, deepMerge(global, resolved));
+    console.log(`\nPDLC v${VERSION} installed successfully.`);
+  }
+
+  console.log(`  Plugin root : ${PLUGIN_ROOT}`);
+  console.log(`  Settings    : ${GLOBAL_SETTINGS_PATH}`);
+  console.log('\nStart a new Claude Code session to activate.');
+  console.log('Next step  : open a project and run /pdlc init\n');
+}
+
+function uninstall() {
+  const global = readJson(GLOBAL_SETTINGS_PATH);
+  if (!global) {
+    console.log('\nNo Claude settings found — nothing to uninstall.\n');
+    return;
+  }
+  if (!isPdlcInstalled(global)) {
+    console.log('\nPDLC is not currently installed in ~/.claude/settings.json.\n');
+    return;
+  }
+  writeJson(GLOBAL_SETTINGS_PATH, stripPdlc(global));
+  console.log('\nPDLC uninstalled. Hooks and statusLine removed from ~/.claude/settings.json.\n');
+}
+
+function status() {
+  const global = readJson(GLOBAL_SETTINGS_PATH);
+  const installed = global ? isPdlcInstalled(global) : false;
+
+  console.log(`\npdlc v${VERSION}`);
+  console.log(`Plugin root  : ${PLUGIN_ROOT}`);
+  console.log(`Global hooks : ${GLOBAL_SETTINGS_PATH}`);
+  console.log(`Status       : ${installed ? '✓ installed' : '✗ not installed'}`);
+
+  if (installed) {
+    console.log('\nHooks registered:');
+    console.log('  statusLine     → pdlc-statusline.js');
+    console.log('  PostToolUse    → pdlc-context-monitor.js');
+    console.log('  PreToolUse     → pdlc-guardrails.js');
+    console.log('  SessionStart   → pdlc-session-start.sh');
+  }
+  console.log('');
+}
+
+/**
+ * Called by `npm postinstall`. Skips silently during local development
+ * (when the package's own node_modules are being installed) to avoid
+ * the hook running in unexpected contexts.
+ */
+function postinstall() {
+  // INIT_CWD is set by npm to the directory where `npm install` was run.
+  // If it equals the plugin root, the developer is installing the plugin's
+  // own deps — skip auto-install.
+  const initCwd = process.env.INIT_CWD || '';
+  if (path.resolve(initCwd) === PLUGIN_ROOT) return;
+
+  // Also skip in CI environments unless explicitly opted in.
+  if (process.env.CI && !process.env.PDLC_INSTALL_IN_CI) return;
+
+  install();
+}
+
+function printUsage() {
+  console.log(`
+pdlc v${VERSION} — Product Development Lifecycle plugin for Claude Code
+
+Usage:
+  npx @pdlc-os/pdlc install     Register PDLC hooks in ~/.claude/settings.json
+  npx @pdlc-os/pdlc uninstall   Remove PDLC hooks from ~/.claude/settings.json
+  npx @pdlc-os/pdlc status      Show install status
+  npx @pdlc-os/pdlc --version   Print version
+
+Slash commands (inside a Claude Code session after install):
+  /pdlc init        Phase 0 — Initialization: Constitution · Intent · Memory Bank · Beads
+  /pdlc brainstorm  Phase 1 — Inception: Discover → Define → Design → Plan
+  /pdlc build       Phase 2 — Construction: Build → Review → Test
+  /pdlc ship        Phase 3 — Operation: Ship → Verify → Reflect
+
+Marketplace: https://github.com/pdlc-os
+`);
+}
+
+// ─── Entry point ──────────────────────────────────────────────────────────────
+
+const [,, command, ...rest] = process.argv;
+
+switch (command) {
+  case 'install':
+    install();
+    break;
+  case 'uninstall':
+    uninstall();
+    break;
+  case 'status':
+    status();
+    break;
+  case 'postinstall':
+    postinstall();
+    break;
+  case '--version':
+  case '-v':
+    console.log(VERSION);
+    break;
+  case '--help':
+  case '-h':
+  default:
+    printUsage();
+    break;
+}

package/hooks/pdlc-context-monitor.js

@@ -0,0 +1,129 @@
+#!/usr/bin/env node
+// pdlc-context-monitor.js — PDLC PostToolUse hook for Claude Code
+// Fires after every tool execution; injects context warnings when context usage
+// is high, and auto-checkpoints STATE.md on CRITICAL.
+
+'use strict';
+
+const fs   = require('fs');
+const path = require('path');
+
+// ── Bridge file helpers ───────────────────────────────────────────────────────
+function readBridge(bridgePath) {
+  try {
+    const raw = fs.readFileSync(bridgePath, 'utf8');
+    return JSON.parse(raw);
+  } catch (_) {
+    return null;
+  }
+}
+
+function writeBridge(bridgePath, data) {
+  try {
+    fs.writeFileSync(bridgePath, JSON.stringify(data, null, 2), 'utf8');
+  } catch (_) {
+    // Best-effort
+  }
+}
+
+// ── STATE.md checkpoint update ────────────────────────────────────────────────
+// Replaces the JSON block inside the "## Context Checkpoint" section.
+function updateContextCheckpoint(stateMdPath, sessionId) {
+  try {
+    let content = fs.readFileSync(stateMdPath, 'utf8');
+
+    const checkpoint = {
+      triggered_at: new Date().toISOString(),
+      session_id:   sessionId,
+      active_task:  null,   // hooks don't have task context — Claude fills this in
+      sub_phase:    null,
+      work_in_progress: null,
+      next_action:  null,
+      files_open:   [],
+    };
+
+    // Replace the JSON block inside the Context Checkpoint section.
+    // The block starts with ```json and ends with ``` on its own line.
+    const jsonBlock = '```json\n' + JSON.stringify(checkpoint, null, 2) + '\n```';
+    const updated   = content.replace(
+      /```json[\s\S]*?```/,
+      jsonBlock
+    );
+
+    if (updated !== content) {
+      fs.writeFileSync(stateMdPath, updated, 'utf8');
+    }
+  } catch (_) {
+    // Best-effort — never crash the hook
+  }
+}
+
+// ── Main ──────────────────────────────────────────────────────────────────────
+function main() {
+  let input = {};
+
+  try {
+    const raw = fs.readFileSync('/dev/stdin', 'utf8').trim();
+    if (raw) input = JSON.parse(raw);
+  } catch (_) {
+    // Unreadable stdin — proceed normally
+    process.stdout.write(JSON.stringify({ continue: true }));
+    process.exit(0);
+  }
+
+  const sessionId = input.session_id || 'unknown';
+  const cwd       = input.cwd        || process.cwd();
+
+  const bridgePath  = `/tmp/pdlc-ctx-${sessionId}.json`;
+  const stateMdPath = path.join(cwd, 'docs', 'pdlc', 'memory', 'STATE.md');
+
+  // ── Read bridge file ────────────────────────────────────────────────────────
+  let bridge = readBridge(bridgePath);
+
+  if (!bridge) {
+    // First time we've seen this session — create defaults and proceed quietly
+    writeBridge(bridgePath, { used_pct: 0, tool_count: 0, session_id: sessionId });
+    process.stdout.write(JSON.stringify({ continue: true }));
+    process.exit(0);
+  }
+
+  const usedPct  = typeof bridge.used_pct   === 'number' ? bridge.used_pct   : 0;
+  const toolCount = (typeof bridge.tool_count === 'number' ? bridge.tool_count : 0) + 1;
+
+  // Write updated tool_count immediately (before any early exit)
+  writeBridge(bridgePath, Object.assign({}, bridge, {
+    tool_count: toolCount,
+    session_id: sessionId,
+  }));
+
+  // ── Threshold checks ────────────────────────────────────────────────────────
+
+  // CRITICAL: used_pct >= 80 — fire on every tool call (modulo 1 === 0 always true)
+  if (usedPct >= 80) {
+    // Auto-save checkpoint in STATE.md
+    updateContextCheckpoint(stateMdPath, sessionId);
+
+    const msg =
+      `🚨 PDLC CRITICAL: Context at ${usedPct}% — PDLC is auto-saving your position. ` +
+      `Please finish this tool call and then run /pdlc build to resume from STATE.md.`;
+
+    process.stdout.write(JSON.stringify({ continue: true, systemMessage: msg }));
+    process.exit(0);
+  }
+
+  // WARNING: used_pct >= 65 — fire every 5 tool calls
+  if (usedPct >= 65 && toolCount % 5 === 0) {
+    const msg =
+      `⚠️  PDLC Context Warning: Context at ${usedPct}% — recommend wrapping up current task ` +
+      `and saving state to docs/pdlc/memory/STATE.md before context compacts.`;
+
+    process.stdout.write(JSON.stringify({ continue: true, systemMessage: msg }));
+    process.exit(0);
+  }
+
+  // Normal: proceed without injection
+  process.stdout.write(JSON.stringify({ continue: true }));
+  process.exit(0);
+}
+
+main();

package/hooks/pdlc-guardrails.js

@@ -0,0 +1,307 @@
+#!/usr/bin/env node
+// pdlc-guardrails.js — PDLC PreToolUse hook for Claude Code
+// Fires before every Bash tool execution; enforces Tier 1 (hard block) and
+// Tier 2 (pause & confirm) safety guardrails defined in plan.md / CONSTITUTION.md.
+
+'use strict';
+
+const fs   = require('fs');
+const path = require('path');
+
+// ── Output helpers ────────────────────────────────────────────────────────────
+function allow() {
+  process.stdout.write(JSON.stringify({ continue: true }));
+  process.exit(0);
+}
+
+function block(reason) {
+  process.stdout.write(JSON.stringify({ continue: false, reason }));
+  process.exit(0);
+}
+
+function warn(systemMessage) {
+  process.stdout.write(JSON.stringify({ continue: true, systemMessage }));
+  process.exit(0);
+}
+
+// ── Tier 1 block message builder ─────────────────────────────────────────────
+function tier1Block(reason, command) {
+  const msg =
+    `\x1b[41m\x1b[37m ⛔ PDLC HARD BLOCK — TIER 1 SAFETY ⛔ \x1b[0m\n` +
+    `\x1b[31mThis action is blocked: ${reason}.\n\n` +
+    `To override, you must confirm TWICE by running:\n` +
+    `  /pdlc override-tier1 "${command}"\x1b[0m`;
+  block(msg);
+}
+
+// ── Tier 2 confirmation message builder ──────────────────────────────────────
+function tier2Block(command) {
+  const msg =
+    `⚠️  PDLC Tier 2 Confirmation Required\n\n` +
+    `About to run: ${command}\n\n` +
+    `Type 'yes' to confirm or 'no' to cancel.`;
+  block(msg);
+}
+
+function tier2Logged(command) {
+  warn(`⚠️ Tier 2 action logged: ${command}`);
+}
+
+// ── CONSTITUTION.md helpers ───────────────────────────────────────────────────
+function readConstitution(cwd) {
+  try {
+    const constitutionPath = path.join(cwd, 'docs', 'pdlc', 'memory', 'CONSTITUTION.md');
+    return fs.readFileSync(constitutionPath, 'utf8');
+  } catch (_) {
+    return null;
+  }
+}
+
+// Parse tier2_as_tier3 overrides from the "## 8. Safety Guardrail Overrides" table.
+// Returns an array of lowercase tier 2 item strings that have been downgraded.
+function parseTier2Overrides(constitutionContent) {
+  if (!constitutionContent) return [];
+
+  const overrides = [];
+
+  // Find the Safety Guardrail Overrides section
+  const sectionMatch = constitutionContent.match(
+    /##\s*8\.\s*Safety Guardrail Overrides([\s\S]*?)(?=\n##\s|\n---\s*$|$)/i
+  );
+  if (!sectionMatch) return overrides;
+
+  const section = sectionMatch[1];
+
+  // Parse markdown table rows — skip the header and separator rows
+  const tableRowRe = /^\|\s*([^|]+?)\s*\|/gm;
+  let match;
+  let rowIndex = 0;
+
+  while ((match = tableRowRe.exec(section)) !== null) {
+    rowIndex++;
+    if (rowIndex <= 2) continue; // skip header + separator
+
+    const cell = match[1].trim().toLowerCase();
+    // Skip placeholder rows
+    if (!cell || cell.startsWith('<!--') || cell === 'tier 2 item') continue;
+    overrides.push(cell);
+  }
+
+  return overrides;
+}
+
+// Check if a command string matches any of the downgraded tier2 items
+function isTier2Downgraded(command, overrides) {
+  const cmdLower = command.toLowerCase();
+  return overrides.some(override => {
+    if (!override || override.startsWith('<!--')) return false;
+    // Match by keyword presence
+    return cmdLower.includes(override) || override.includes(cmdLower.slice(0, 20));
+  });
+}
+
+// ── STATE.md test-gate check ──────────────────────────────────────────────────
+// Returns true if test gates appear to have passed (or if STATE.md is absent —
+// in that case we give the benefit of the doubt).
+function testGatesHavePassed(cwd) {
+  try {
+    const statePath = path.join(cwd, 'docs', 'pdlc', 'memory', 'STATE.md');
+    const content   = fs.readFileSync(statePath, 'utf8');
+    // Look for explicit gate-failure markers written by PDLC hooks.
+    // If the phase is NOT Operation/Ship, deploy is likely premature.
+    const phaseMatch = content.match(/##\s*Current Phase\s*\n[\s\S]*?\n([A-Za-z]+)/);
+    if (phaseMatch) {
+      const phase = phaseMatch[1].trim().toLowerCase();
+      // Only allow deploy commands during Operation phase
+      if (phase !== 'operation') return false;
+    }
+    return true;
+  } catch (_) {
+    return true; // No STATE.md — don't block
+  }
+}
+
+// ── Deploy command detection ──────────────────────────────────────────────────
+const DEPLOY_PATTERNS = [
+  /\bfly\s+deploy\b/i,
+  /\bvercel\s+deploy\b/i,
+  /\bnpm\s+run\s+deploy\b/i,
+  /\byarn\s+deploy\b/i,
+  /\bpnpm\s+deploy\b/i,
+  /\bheroku\s+.*deploy\b/i,
+  /\baws\s+.*deploy\b/i,
+  /\bgcloud\s+.*deploy\b/i,
+  /\bdocker\s+.*push\b/i,
+  /\bkubectl\s+apply\b/i,
+  /\bterraform\s+apply\b/i,
+  /\bpulumi\s+up\b/i,
+  /\bcdk\s+deploy\b/i,
+  /\beb\s+deploy\b/i,
+  /\bsam\s+deploy\b/i,
+  /\bserverless\s+deploy\b/i,
+];
+
+function isDeployCommand(cmd) {
+  return DEPLOY_PATTERNS.some(re => re.test(cmd));
+}
+
+// ── Production DB detection ───────────────────────────────────────────────────
+const PROD_DB_INDICATORS = [
+  /prod(uction)?[_-]?(db|database|host|url|pg|mysql|sqlite)/i,
+  /DATABASE_URL.*prod/i,
+  /-h\s+(prod|production|db\.prod|rds\.amazonaws)/i,
+  /postgresql:\/\/.*prod/i,
+  /mysql:\/\/.*prod/i,
+  /@prod[^a-z]/i,
+];
+
+function isProductionDbCommand(cmd) {
+  if (!/\b(psql|mysql|sqlite3|mariadb)\b/.test(cmd)) return false;
+  return PROD_DB_INDICATORS.some(re => re.test(cmd));
+}
+
+// ── External write call detection ─────────────────────────────────────────────
+const EXTERNAL_WRITE_PATTERNS = [
+  /curl\s+.*-X\s+(POST|PUT|PATCH|DELETE)/i,
+  /curl\s+.*(--data|--data-raw|--data-binary|-d\s)/i,
+  /wget\s+.*--post(-data)?/i,
+  /\bfetch\b.*\b(POST|PUT|PATCH|DELETE)\b/i,
+  /\baxios\.(post|put|patch|delete)\b/i,
+  /\bhttpie\b.*\b(POST|PUT|DELETE)\b/i,
+];
+
+// Only flag calls to clearly external (non-localhost) URLs
+const EXTERNAL_URL_PATTERN = /https?:\/\/(?!localhost|127\.\d+\.\d+\.\d+|0\.0\.0\.0|\[::1\])/i;
+
+function isExternalWriteCall(cmd) {
+  return EXTERNAL_WRITE_PATTERNS.some(re => re.test(cmd)) &&
+         EXTERNAL_URL_PATTERN.test(cmd);
+}
+
+// ── Main ──────────────────────────────────────────────────────────────────────
+function main() {
+  let input = {};
+
+  try {
+    const raw = fs.readFileSync('/dev/stdin', 'utf8').trim();
+    if (raw) input = JSON.parse(raw);
+  } catch (_) {
+    allow();
+  }
+
+  // Only act on Bash tool calls
+  if (input.tool_name !== 'Bash') {
+    allow();
+  }
+
+  const command = (input.tool_input && input.tool_input.command) || '';
+  const cwd     = input.cwd || process.cwd();
+
+  if (!command) allow();
+
+  // ── Read CONSTITUTION.md ────────────────────────────────────────────────────
+  const constitution   = readConstitution(cwd);
+  const tier2Overrides = parseTier2Overrides(constitution);
+
+  // ═══════════════════════════════════════════════════════════════════════════
+  // TIER 1 — Hard blocks
+  // ═══════════════════════════════════════════════════════════════════════════
+
+  // 1a. Force-push to main / master
+  if (
+    /git\s+push\s+.*(-f\b|--force\b)/.test(command) &&
+    /\b(main|master)\b/.test(command)
+  ) {
+    tier1Block('force-pushing to main/master is not allowed', command);
+  }
+
+  // Also catch: git push --force (without explicit branch but implicitly dangerous)
+  if (/git\s+push\s+(-f\b|--force\b)/.test(command) && !/git\s+push\s+.*-f\s+\S+\s+\S+:\S+/.test(command)) {
+    // If no refspec that maps to a non-protected branch, be safe and check:
+    if (!command.includes('feature/') && !command.includes('fix/') && !command.includes('chore/')) {
+      tier1Block('force-pushing without an explicit non-protected branch target', command);
+    }
+  }
+
+  // 1b. DROP TABLE without preceding migration file
+  if (/DROP\s+TABLE\b/i.test(command)) {
+    // We don't have full session history here, so always block and ask for
+    // confirmation that a migration file has been created.
+    tier1Block(
+      'DROP TABLE detected — a migration file must be created before dropping tables',
+      command
+    );
+  }
+
+  // 1c. rm -rf on paths that look outside the project/feature scope
+  if (/rm\s+(-[a-zA-Z]*r[a-zA-Z]*f|-[a-zA-Z]*f[a-zA-Z]*r)\s+/.test(command)) {
+    // Extract the target path
+    const rmMatch = command.match(/rm\s+(?:-[a-zA-Z]+\s+)+(.+)$/);
+    const target  = rmMatch ? rmMatch[1].trim() : '';
+
+    // Block if target is absolute and appears to be outside the project
+    const isAbsolute = target.startsWith('/');
+    const isInProject = isAbsolute && target.startsWith(cwd);
+    const isDotDot    = target.includes('../') || target.includes('/..');
+    const isHome      = /^~\/|^\/home\/|^\/Users\//.test(target) && !isInProject;
+    const isSystemPath = /^(\/etc|\/var|\/usr|\/bin|\/sbin|\/lib|\/opt|\/sys|\/proc|\/dev)/.test(target);
+
+    if (isSystemPath || (isAbsolute && !isInProject) || isDotDot || isHome) {
+      tier1Block(
+        `rm -rf on a path outside the project directory (${target || 'unknown'})`,
+        command
+      );
+    }
+    // Otherwise falls through to Tier 2 check below
+  }
+
+  // 1d. Deploy commands when test gates haven't passed
+  if (isDeployCommand(command) && !testGatesHavePassed(cwd)) {
+    tier1Block(
+      'deploy attempted before test gates have passed — run /pdlc ship to go through the proper Ship flow',
+      command
+    );
+  }
+
+  // ═══════════════════════════════════════════════════════════════════════════
+  // TIER 2 — Pause & confirm (or log if downgraded via CONSTITUTION.md)
+  // ═══════════════════════════════════════════════════════════════════════════
+
+  function handleTier2(label) {
+    if (isTier2Downgraded(label, tier2Overrides)) {
+      tier2Logged(command);
+    } else {
+      tier2Block(command);
+    }
+  }
+
+  // 2a. rm -rf (non-Tier-1 cases — reached here only if not blocked above)
+  if (/rm\s+(-[a-zA-Z]*r[a-zA-Z]*f|-[a-zA-Z]*f[a-zA-Z]*r)\s+/.test(command)) {
+    handleTier2('rm -rf');
+  }
+
+  // 2b. git reset --hard
+  if (/git\s+reset\s+--hard\b/.test(command)) {
+    handleTier2('git reset --hard');
+  }
+
+  // 2c. Production DB access
+  if (isProductionDbCommand(command)) {
+    handleTier2('running db migrations in production');
+  }
+
+  // 2d. External API write calls (curl/fetch with POST/PUT/DELETE to external URLs)
+  if (isExternalWriteCall(command)) {
+    handleTier2('any external api call that writes/posts/sends');
+  }
+
+  // 2e. Modifying CONSTITUTION.md
+  if (/CONSTITUTION\.md/.test(command) && /\b(write|edit|echo|printf|sed|awk|mv|cp|tee|>|>>)\b/.test(command)) {
+    handleTier2('changing constitution.md');
+  }
+
+  // ── All clear ───────────────────────────────────────────────────────────────
+  allow();
+}
+
+main();