npm - @rubytech/create-maxy - Versions diffs - 1.0.472 → 1.0.474 - Mend

@rubytech/create-maxy 1.0.472 → 1.0.474

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (32) hide show

package/payload/platform/plugins/admin/hooks/test-agent-creation-gate.sh DELETED Viewed

@@ -1,926 +0,0 @@
-#!/usr/bin/env bash
-# End-to-end test for the agent creation gate lifecycle.
-#
-# Validates that the hook scripts correctly:
-#   - Block writes to agent files without a state file
-#   - Block Bash writes to agent files without a state file
-#   - Exempt admin agent files
-#   - Create state on mcp__admin__plugin-read for public-agent-manager
-#   - Do NOT create state for other plugin-read calls
-#   - Block writes when gates are pending
-#   - Advance gates on user approval (_componentDone via UserPromptSubmit)
-#   - Allow writes after gates pass
-#   - Allow Bash writes after gates pass
-#   - Allow all gated writes when all gates pass
-#   - Clean up state immediately when all files exist on disk (PostToolUse)
-#   - Recover all-gates-true state on session start when files not yet written
-#   - Detect and clean up truly completed state on session start (all gates true + files on disk)
-#   - Ignore non-document-editor/form components
-#   - Ignore _componentDone for admin agent
-#   - Handle gate advancement idempotently
-#   - render-component does NOT advance gates (removed in Task 148)
-#
-# Usage: bash test-agent-creation-gate.sh
-# Exit 0 = all tests pass, exit 1 = failure
-#
-# No Claude Code runtime needed — tests the hook scripts directly
-# by piping JSON input and checking exit codes / state files.
-set -euo pipefail
-SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
-TMPDIR_ROOT=$(mktemp -d)
-STATE_FILE="$TMPDIR_ROOT/state.json"
-ACCOUNT_DIR="$TMPDIR_ROOT/account"
-GATE_LOG="$TMPDIR_ROOT/gate.log"
-# Create mock account structure
-mkdir -p "$ACCOUNT_DIR/agents/test-agent"
-mkdir -p "$ACCOUNT_DIR/agents/admin"
-mkdir -p "$ACCOUNT_DIR/.claude"
-export AGENT_CREATE_STATE_FILE="$STATE_FILE"
-export ACCOUNT_DIR="$ACCOUNT_DIR"
-export GATE_LOG_FILE="$GATE_LOG"
-PASS=0
-FAIL=0
-pass() {
-  PASS=$((PASS + 1))
-  echo "  PASS: $1"
-}
-fail() {
-  FAIL=$((FAIL + 1))
-  echo "  FAIL: $1" >&2
-}
-cleanup() {
-  rm -rf "$TMPDIR_ROOT"
-}
-trap cleanup EXIT
-echo "=== Agent Creation Gate — Lifecycle Test ==="
-echo ""
-# ---------------------------------------------------------------------------
-# Test 1: Write blocked without state file
-# ---------------------------------------------------------------------------
-echo "Test 1: Write blocked without state file"
-rm -f "$STATE_FILE"
-EXIT_CODE=0
-echo '{"tool_name":"Write","tool_input":{"file_path":"'"$ACCOUNT_DIR"'/agents/test-agent/SOUL.md","content":"test"}}' \
-  | bash "$SCRIPT_DIR/agent-creation-gate.sh" 2>/dev/null || EXIT_CODE=$?
-if [ "$EXIT_CODE" -eq 2 ]; then
-  pass "Write to agents/test-agent/SOUL.md blocked (exit 2)"
-else
-  fail "Write to agents/test-agent/SOUL.md should exit 2, got $EXIT_CODE"
-fi
-# ---------------------------------------------------------------------------
-# Test 2: Bash blocked without state file
-# ---------------------------------------------------------------------------
-echo "Test 2: Bash blocked without state file"
-rm -f "$STATE_FILE"
-EXIT_CODE=0
-echo '{"tool_name":"Bash","tool_input":{"command":"cat > '"$ACCOUNT_DIR"'/agents/test-agent/SOUL.md << EOF\ntest\nEOF"}}' \
-  | bash "$SCRIPT_DIR/agent-creation-gate.sh" 2>/dev/null || EXIT_CODE=$?
-if [ "$EXIT_CODE" -eq 2 ]; then
-  pass "Bash write to agents/test-agent/SOUL.md blocked (exit 2)"
-else
-  fail "Bash write to agents/test-agent/SOUL.md should exit 2, got $EXIT_CODE"
-fi
-# ---------------------------------------------------------------------------
-# Test 3: Admin agent exempt
-# ---------------------------------------------------------------------------
-echo "Test 3: Admin agent exempt"
-rm -f "$STATE_FILE"
-EXIT_CODE=0
-echo '{"tool_name":"Write","tool_input":{"file_path":"'"$ACCOUNT_DIR"'/agents/admin/SOUL.md","content":"test"}}' \
-  | bash "$SCRIPT_DIR/agent-creation-gate.sh" 2>/dev/null || EXIT_CODE=$?
-if [ "$EXIT_CODE" -eq 0 ]; then
-  pass "Write to agents/admin/SOUL.md allowed (exit 0)"
-else
-  fail "Write to agents/admin/SOUL.md should exit 0, got $EXIT_CODE"
-fi
-# ---------------------------------------------------------------------------
-# Test 4: Non-PAM plugin-read does NOT create state
-# ---------------------------------------------------------------------------
-echo "Test 4: Non-PAM plugin-read does NOT create state"
-rm -f "$STATE_FILE"
-echo '{"tool_name":"mcp__admin__plugin-read","tool_input":{"pluginName":"admin","file":"skills/skill-builder/SKILL.md"}}' \
-  | bash "$SCRIPT_DIR/agent-creation-post.sh" 2>/dev/null || true
-if [ ! -f "$STATE_FILE" ]; then
-  pass "plugin-read for skill-builder did not create state file"
-else
-  fail "plugin-read for skill-builder should NOT create state file"
-fi
-# ---------------------------------------------------------------------------
-# Test 5: State file creation on plugin-read for public-agent-manager
-# ---------------------------------------------------------------------------
-echo "Test 5: State file creation on plugin-read for public-agent-manager"
-rm -f "$STATE_FILE"
-echo '{"tool_name":"mcp__admin__plugin-read","tool_input":{"pluginName":"admin","file":"skills/public-agent-manager/skill.md"}}' \
-  | bash "$SCRIPT_DIR/agent-creation-post.sh" 2>/dev/null || true
-if [ -f "$STATE_FILE" ]; then
-  # Verify all gates are false
-  SOUL_GATE=$(python3 -c "import json; print(json.load(open('$STATE_FILE'))['gates']['soul'])" 2>/dev/null)
-  KNOWLEDGE_GATE=$(python3 -c "import json; print(json.load(open('$STATE_FILE'))['gates']['knowledge'])" 2>/dev/null)
-  CONFIG_GATE=$(python3 -c "import json; print(json.load(open('$STATE_FILE'))['gates']['config'])" 2>/dev/null)
-  if [ "$SOUL_GATE" = "False" ] && [ "$KNOWLEDGE_GATE" = "False" ] && [ "$CONFIG_GATE" = "False" ]; then
-    pass "State file created with all gates false"
-  else
-    fail "State file gates should all be False, got soul=$SOUL_GATE knowledge=$KNOWLEDGE_GATE config=$CONFIG_GATE"
-  fi
-else
-  fail "State file not created after plugin-read for public-agent-manager"
-fi
-# ---------------------------------------------------------------------------
-# Test 6: Write blocked with pending gate
-# ---------------------------------------------------------------------------
-echo "Test 6: Write blocked with pending gate (soul=false)"
-EXIT_CODE=0
-echo '{"tool_name":"Write","tool_input":{"file_path":"'"$ACCOUNT_DIR"'/agents/test-agent/SOUL.md","content":"test"}}' \
-  | bash "$SCRIPT_DIR/agent-creation-gate.sh" 2>/dev/null || EXIT_CODE=$?
-if [ "$EXIT_CODE" -eq 2 ]; then
-  pass "Write blocked when soul gate is false (exit 2)"
-else
-  fail "Write should be blocked when soul gate is false, got exit $EXIT_CODE"
-fi
-# ---------------------------------------------------------------------------
-# Test 7: Gate advancement — soul (user approval via _componentDone)
-# ---------------------------------------------------------------------------
-echo "Test 7: Gate advancement on user approval (soul)"
-python3 -c "
-import json
-payload = json.dumps({'action': 'approve', 'content': 'personality content', 'filePath': '$ACCOUNT_DIR/agents/test-agent/SOUL.md'})
-wrapper = json.dumps({'_componentDone': True, 'component': 'document-editor', 'payload': payload})
-print(json.dumps({'prompt': wrapper, 'session_id': 'test', 'hook_event_name': 'UserPromptSubmit'}))
-" | bash "$SCRIPT_DIR/agent-creation-approval.sh" 2>/dev/null || true
-SOUL_GATE=$(python3 -c "import json; print(json.load(open('$STATE_FILE'))['gates']['soul'])" 2>/dev/null)
-if [ "$SOUL_GATE" = "True" ]; then
-  pass "Soul gate advanced to true"
-else
-  fail "Soul gate should be True after user approval, got $SOUL_GATE"
-fi
-# ---------------------------------------------------------------------------
-# Test 8: Write allowed after gate passes
-# ---------------------------------------------------------------------------
-echo "Test 8: Write allowed after soul gate passes"
-EXIT_CODE=0
-echo '{"tool_name":"Write","tool_input":{"file_path":"'"$ACCOUNT_DIR"'/agents/test-agent/SOUL.md","content":"test"}}' \
-  | bash "$SCRIPT_DIR/agent-creation-gate.sh" 2>/dev/null || EXIT_CODE=$?
-if [ "$EXIT_CODE" -eq 0 ]; then
-  pass "Write to SOUL.md allowed after soul gate passes (exit 0)"
-else
-  fail "Write to SOUL.md should be allowed after soul gate passes, got exit $EXIT_CODE"
-fi
-# ---------------------------------------------------------------------------
-# Test 9: Bash allowed after gate passes
-# ---------------------------------------------------------------------------
-echo "Test 9: Bash write allowed after soul gate passes"
-EXIT_CODE=0
-echo '{"tool_name":"Bash","tool_input":{"command":"cat > '"$ACCOUNT_DIR"'/agents/test-agent/SOUL.md << EOF\ntest\nEOF"}}' \
-  | bash "$SCRIPT_DIR/agent-creation-gate.sh" 2>/dev/null || EXIT_CODE=$?
-if [ "$EXIT_CODE" -eq 0 ]; then
-  pass "Bash write to SOUL.md allowed after soul gate passes (exit 0)"
-else
-  fail "Bash write to SOUL.md should be allowed after soul gate passes, got exit $EXIT_CODE"
-fi
-# ---------------------------------------------------------------------------
-# Test 10: All gates advanced — multiple writes succeed
-# ---------------------------------------------------------------------------
-echo "Test 10: All gates advanced, multiple gated writes succeed"
-# Advance knowledge gate (user approval)
-python3 -c "
-import json
-payload = json.dumps({'action': 'approve', 'content': 'knowledge content', 'filePath': '$ACCOUNT_DIR/agents/test-agent/KNOWLEDGE.md'})
-wrapper = json.dumps({'_componentDone': True, 'component': 'document-editor', 'payload': payload})
-print(json.dumps({'prompt': wrapper, 'session_id': 'test', 'hook_event_name': 'UserPromptSubmit'}))
-" | bash "$SCRIPT_DIR/agent-creation-approval.sh" 2>/dev/null || true
-# Advance config gate (form submission)
-python3 -c "
-import json
-payload = 'Form submitted: {\"liveMemory\": true, \"model\": \"claude-haiku-4-5-20251001\"}'
-wrapper = json.dumps({'_componentDone': True, 'component': 'form', 'payload': payload})
-print(json.dumps({'prompt': wrapper, 'session_id': 'test', 'hook_event_name': 'UserPromptSubmit'}))
-" | bash "$SCRIPT_DIR/agent-creation-approval.sh" 2>/dev/null || true
-# All gates should be true — state file persists (6h TTL handles cleanup)
-if [ -f "$STATE_FILE" ]; then
-  ALL_TRUE=$(python3 -c "import json; g=json.load(open('$STATE_FILE'))['gates']; print(all(g.values()))" 2>/dev/null)
-  if [ "$ALL_TRUE" = "True" ]; then
-    # Write all three gated files — each should succeed
-    ALL_WRITES_OK=true
-    for FILE in SOUL.md KNOWLEDGE.md config.json; do
-      EXIT_CODE=0
-      echo '{"tool_name":"Write","tool_input":{"file_path":"'"$ACCOUNT_DIR"'/agents/test-agent/'"$FILE"'","content":"test"}}' \
-        | bash "$SCRIPT_DIR/agent-creation-gate.sh" 2>/dev/null || EXIT_CODE=$?
-      if [ "$EXIT_CODE" -ne 0 ]; then
-        ALL_WRITES_OK=false
-        fail "Write to $FILE blocked after all gates true (exit $EXIT_CODE)"
-      fi
-    done
-    if [ "$ALL_WRITES_OK" = true ]; then
-      pass "All three gated files writable when all gates true"
-    fi
-  else
-    fail "All gates should be true after three approvals"
-  fi
-else
-  fail "State file should still exist after approval hook"
-fi
-# ---------------------------------------------------------------------------
-# Test 11: Non-agent file writes always allowed
-# ---------------------------------------------------------------------------
-echo "Test 11: Non-agent file writes always allowed"
-rm -f "$STATE_FILE"
-EXIT_CODE=0
-echo '{"tool_name":"Write","tool_input":{"file_path":"'"$ACCOUNT_DIR"'/some-other-file.md","content":"test"}}' \
-  | bash "$SCRIPT_DIR/agent-creation-gate.sh" 2>/dev/null || EXIT_CODE=$?
-if [ "$EXIT_CODE" -eq 0 ]; then
-  pass "Write to non-agent file allowed (exit 0)"
-else
-  fail "Write to non-agent file should exit 0, got $EXIT_CODE"
-fi
-# ===========================================================================
-# Hardening Tests
-# ===========================================================================
-# ---------------------------------------------------------------------------
-# Test 12: Stale state rejected (started > 6 hours ago)
-# ---------------------------------------------------------------------------
-echo "Test 12: Stale state rejected (started > 6 hours ago)"
-rm -f "$STATE_FILE"
-python3 -c "
-import json
-from datetime import datetime, timezone, timedelta
-state = {
-    'slug': 'test-agent',
-    'started': (datetime.now(timezone.utc) - timedelta(hours=7)).isoformat(),
-    'gates': {'soul': False, 'knowledge': False, 'config': False}
-}
-with open('$STATE_FILE', 'w') as f:
-    json.dump(state, f)
-"
-EXIT_CODE=0
-echo '{"tool_name":"Write","tool_input":{"file_path":"'"$ACCOUNT_DIR"'/agents/test-agent/SOUL.md","content":"test"}}' \
-  | bash "$SCRIPT_DIR/agent-creation-gate.sh" 2>/dev/null || EXIT_CODE=$?
-if [ "$EXIT_CODE" -eq 2 ]; then
-  if [ ! -f "$STATE_FILE" ]; then
-    pass "Stale state rejected (exit 2) and state file deleted"
-  else
-    fail "Stale state rejected (exit 2) but state file not deleted"
-  fi
-else
-  fail "Stale state should exit 2, got $EXIT_CODE"
-fi
-# ---------------------------------------------------------------------------
-# Test 13: Malformed state rejected (missing gate keys)
-# ---------------------------------------------------------------------------
-echo "Test 13: Malformed state rejected (missing gate keys)"
-rm -f "$STATE_FILE"
-python3 -c "
-import json
-from datetime import datetime, timezone
-state = {
-    'slug': 'test-agent',
-    'started': datetime.now(timezone.utc).isoformat(),
-    'gates': {'soul': True}
-}
-with open('$STATE_FILE', 'w') as f:
-    json.dump(state, f)
-"
-EXIT_CODE=0
-echo '{"tool_name":"Write","tool_input":{"file_path":"'"$ACCOUNT_DIR"'/agents/test-agent/SOUL.md","content":"test"}}' \
-  | bash "$SCRIPT_DIR/agent-creation-gate.sh" 2>/dev/null || EXIT_CODE=$?
-if [ "$EXIT_CODE" -eq 2 ]; then
-  if [ ! -f "$STATE_FILE" ]; then
-    pass "Malformed state rejected (exit 2) and state file deleted"
-  else
-    fail "Malformed state rejected (exit 2) but state file not deleted"
-  fi
-else
-  fail "Malformed state should exit 2, got $EXIT_CODE"
-fi
-# ---------------------------------------------------------------------------
-# Test 14: Legacy state rejected (no 'started' field)
-# ---------------------------------------------------------------------------
-echo "Test 14: Legacy state rejected (no 'started' field)"
-rm -f "$STATE_FILE"
-echo '{"gates":{"soul":true,"knowledge":true,"config":true}}' > "$STATE_FILE"
-EXIT_CODE=0
-echo '{"tool_name":"Write","tool_input":{"file_path":"'"$ACCOUNT_DIR"'/agents/test-agent/SOUL.md","content":"test"}}' \
-  | bash "$SCRIPT_DIR/agent-creation-gate.sh" 2>/dev/null || EXIT_CODE=$?
-if [ "$EXIT_CODE" -eq 2 ]; then
-  if [ ! -f "$STATE_FILE" ]; then
-    pass "Legacy state (no started) rejected (exit 2) and state file deleted"
-  else
-    fail "Legacy state rejected (exit 2) but state file not deleted"
-  fi
-else
-  fail "Legacy state should exit 2, got $EXIT_CODE"
-fi
-# ---------------------------------------------------------------------------
-# Test 15: Bash blocked from writing state file
-# ---------------------------------------------------------------------------
-echo "Test 15: Bash blocked from writing state file"
-rm -f "$STATE_FILE"
-EXIT_CODE=0
-echo '{"tool_name":"Bash","tool_input":{"command":"echo '\''{}'\'' > /tmp/maxy-agent-create-state.json"}}' \
-  | bash "$SCRIPT_DIR/agent-creation-gate.sh" 2>/dev/null || EXIT_CODE=$?
-if [ "$EXIT_CODE" -eq 2 ]; then
-  pass "Bash write to state file blocked (exit 2)"
-else
-  fail "Bash write to state file should exit 2, got $EXIT_CODE"
-fi
-# ---------------------------------------------------------------------------
-# Test 16: Bash blocked from deleting state file
-# ---------------------------------------------------------------------------
-echo "Test 16: Bash blocked from deleting state file"
-rm -f "$STATE_FILE"
-EXIT_CODE=0
-echo '{"tool_name":"Bash","tool_input":{"command":"rm /tmp/maxy-agent-create-state.json"}}' \
-  | bash "$SCRIPT_DIR/agent-creation-gate.sh" 2>/dev/null || EXIT_CODE=$?
-if [ "$EXIT_CODE" -eq 2 ]; then
-  pass "Bash delete of state file blocked (exit 2)"
-else
-  fail "Bash delete of state file should exit 2, got $EXIT_CODE"
-fi
-# ---------------------------------------------------------------------------
-# Test 17: All-gates-true — state file persists, all writes allowed
-# ---------------------------------------------------------------------------
-echo "Test 17: All-gates-true state file persists across multiple writes"
-rm -f "$STATE_FILE"
-python3 -c "
-import json
-from datetime import datetime, timezone
-state = {
-    'slug': 'test-agent',
-    'started': datetime.now(timezone.utc).isoformat(),
-    'gates': {'soul': True, 'knowledge': True, 'config': True}
-}
-with open('$STATE_FILE', 'w') as f:
-    json.dump(state, f)
-"
-# Write SOUL.md — should succeed and state file should persist
-EXIT_CODE=0
-echo '{"tool_name":"Write","tool_input":{"file_path":"'"$ACCOUNT_DIR"'/agents/test-agent/SOUL.md","content":"test"}}' \
-  | bash "$SCRIPT_DIR/agent-creation-gate.sh" 2>/dev/null || EXIT_CODE=$?
-if [ "$EXIT_CODE" -eq 0 ] && [ -f "$STATE_FILE" ]; then
-  # Write config.json — should also succeed (regression: previously blocked)
-  EXIT_CODE=0
-  echo '{"tool_name":"Write","tool_input":{"file_path":"'"$ACCOUNT_DIR"'/agents/test-agent/config.json","content":"test"}}' \
-    | bash "$SCRIPT_DIR/agent-creation-gate.sh" 2>/dev/null || EXIT_CODE=$?
-  if [ "$EXIT_CODE" -eq 0 ]; then
-    pass "All-gates-true: multiple writes allowed, state file persists (6h TTL cleanup)"
-  else
-    fail "All-gates-true: second write blocked (exit $EXIT_CODE) — state file deleted prematurely"
-  fi
-else
-  fail "All-gates-true: first write should exit 0 with state file persisting, got exit=$EXIT_CODE file_exists=$([ -f '$STATE_FILE' ] && echo yes || echo no)"
-fi
-# ---------------------------------------------------------------------------
-# Test 18: Session-start staleness check (stale durable not recovered)
-# ---------------------------------------------------------------------------
-echo "Test 18: Session-start staleness check (stale durable not recovered)"
-rm -f "$STATE_FILE"
-DURABLE_FILE="$ACCOUNT_DIR/.claude/agent-create-state.json"
-python3 -c "
-import json
-from datetime import datetime, timezone, timedelta
-state = {
-    'slug': 'test-agent',
-    'started': (datetime.now(timezone.utc) - timedelta(hours=7)).isoformat(),
-    'gates': {'soul': True, 'knowledge': False, 'config': False}
-}
-with open('$DURABLE_FILE', 'w') as f:
-    json.dump(state, f)
-"
-bash "$SCRIPT_DIR/session-start.sh" "$ACCOUNT_DIR" admin 2>/dev/null || true
-if [ ! -f "$STATE_FILE" ]; then
-  if [ ! -f "$DURABLE_FILE" ]; then
-    pass "Stale durable state not recovered, both files deleted"
-  else
-    fail "Stale durable state not recovered but durable file not deleted"
-  fi
-else
-  fail "Stale durable state should NOT be recovered to volatile"
-fi
-# ---------------------------------------------------------------------------
-# Test 19: Write tool blocked from targeting state file
-# ---------------------------------------------------------------------------
-echo "Test 19: Write tool blocked from targeting state file"
-rm -f "$STATE_FILE"
-EXIT_CODE=0
-echo '{"tool_name":"Write","tool_input":{"file_path":"/tmp/maxy-agent-create-state.json","content":"{\"gates\":{\"soul\":true,\"knowledge\":true,\"config\":true}}"}}' \
-  | bash "$SCRIPT_DIR/agent-creation-gate.sh" 2>/dev/null || EXIT_CODE=$?
-if [ "$EXIT_CODE" -eq 2 ]; then
-  pass "Write to state file blocked (exit 2)"
-else
-  fail "Write to state file should exit 2, got $EXIT_CODE"
-fi
-# ---------------------------------------------------------------------------
-# Test 20: Edit tool blocked from targeting durable state file
-# ---------------------------------------------------------------------------
-echo "Test 20: Edit tool blocked from targeting durable state file"
-rm -f "$STATE_FILE"
-EXIT_CODE=0
-echo '{"tool_name":"Edit","tool_input":{"file_path":"'"$ACCOUNT_DIR"'/.claude/agent-create-state.json","old_string":"false","new_string":"true"}}' \
-  | bash "$SCRIPT_DIR/agent-creation-gate.sh" 2>/dev/null || EXIT_CODE=$?
-if [ "$EXIT_CODE" -eq 2 ]; then
-  pass "Edit to durable state file blocked (exit 2)"
-else
-  fail "Edit to durable state file should exit 2, got $EXIT_CODE"
-fi
-# ===========================================================================
-# Approval hook tests — _componentDone gate advancement edge cases
-# ===========================================================================
-# ---------------------------------------------------------------------------
-# Test 21: Non-document-editor/form component does NOT advance any gate
-# ---------------------------------------------------------------------------
-echo "Test 21: Non-document-editor/form component does NOT advance any gate"
-rm -f "$STATE_FILE"
-# Create fresh state file
-echo '{"tool_name":"mcp__admin__plugin-read","tool_input":{"pluginName":"admin","file":"skills/public-agent-manager/skill.md"}}' \
-  | bash "$SCRIPT_DIR/agent-creation-post.sh" 2>/dev/null || true
-# Submit a single-select component
-python3 -c "
-import json
-wrapper = json.dumps({'_componentDone': True, 'component': 'single-select', 'payload': 'option-a'})
-print(json.dumps({'prompt': wrapper, 'session_id': 'test', 'hook_event_name': 'UserPromptSubmit'}))
-" | bash "$SCRIPT_DIR/agent-creation-approval.sh" 2>/dev/null || true
-CONFIG_GATE=$(python3 -c "import json; print(json.load(open('$STATE_FILE'))['gates']['config'])" 2>/dev/null)
-SOUL_GATE=$(python3 -c "import json; print(json.load(open('$STATE_FILE'))['gates']['soul'])" 2>/dev/null)
-if [ "$CONFIG_GATE" = "False" ] && [ "$SOUL_GATE" = "False" ]; then
-  pass "Non-document-editor/form component did not advance any gate"
-else
-  fail "Non-gated component should not advance gates, got soul=$SOUL_GATE config=$CONFIG_GATE"
-fi
-# ---------------------------------------------------------------------------
-# Test 22: Document-editor for admin slug does NOT advance gate
-# ---------------------------------------------------------------------------
-echo "Test 22: Document-editor approval for admin slug does NOT advance gate"
-python3 -c "
-import json
-payload = json.dumps({'action': 'approve', 'content': 'admin content', 'filePath': '$ACCOUNT_DIR/agents/admin/SOUL.md'})
-wrapper = json.dumps({'_componentDone': True, 'component': 'document-editor', 'payload': payload})
-print(json.dumps({'prompt': wrapper, 'session_id': 'test', 'hook_event_name': 'UserPromptSubmit'}))
-" | bash "$SCRIPT_DIR/agent-creation-approval.sh" 2>/dev/null || true
-SOUL_GATE=$(python3 -c "import json; print(json.load(open('$STATE_FILE'))['gates']['soul'])" 2>/dev/null)
-if [ "$SOUL_GATE" = "False" ]; then
-  pass "Document-editor approval for admin slug did not advance soul gate"
-else
-  fail "Document-editor approval for admin slug should not advance soul gate, got $SOUL_GATE"
-fi
-# ---------------------------------------------------------------------------
-# Test 23: Gate advancement is idempotent
-# ---------------------------------------------------------------------------
-echo "Test 23: Gate advancement is idempotent"
-# Advance soul gate
-python3 -c "
-import json
-payload = json.dumps({'action': 'approve', 'content': 'personality', 'filePath': '$ACCOUNT_DIR/agents/test-agent/SOUL.md'})
-wrapper = json.dumps({'_componentDone': True, 'component': 'document-editor', 'payload': payload})
-print(json.dumps({'prompt': wrapper, 'session_id': 'test', 'hook_event_name': 'UserPromptSubmit'}))
-" | bash "$SCRIPT_DIR/agent-creation-approval.sh" 2>/dev/null || true
-# Advance soul gate again (should be idempotent)
-python3 -c "
-import json
-payload = json.dumps({'action': 'approve', 'content': 'updated personality', 'filePath': '$ACCOUNT_DIR/agents/test-agent/SOUL.md'})
-wrapper = json.dumps({'_componentDone': True, 'component': 'document-editor', 'payload': payload})
-print(json.dumps({'prompt': wrapper, 'session_id': 'test', 'hook_event_name': 'UserPromptSubmit'}))
-" | bash "$SCRIPT_DIR/agent-creation-approval.sh" 2>/dev/null || true
-SOUL_GATE=$(python3 -c "import json; print(json.load(open('$STATE_FILE'))['gates']['soul'])" 2>/dev/null)
-if [ "$SOUL_GATE" = "True" ]; then
-  pass "Gate advancement is idempotent (soul still true after double approval)"
-else
-  fail "Gate advancement should be idempotent, got soul=$SOUL_GATE"
-fi
-# ---------------------------------------------------------------------------
-# Test 24: Approval without state file is a no-op
-# ---------------------------------------------------------------------------
-echo "Test 24: Approval without state file is a no-op"
-rm -f "$STATE_FILE"
-python3 -c "
-import json
-payload = json.dumps({'action': 'approve', 'content': 'test', 'filePath': '$ACCOUNT_DIR/agents/test-agent/SOUL.md'})
-wrapper = json.dumps({'_componentDone': True, 'component': 'document-editor', 'payload': payload})
-print(json.dumps({'prompt': wrapper, 'session_id': 'test', 'hook_event_name': 'UserPromptSubmit'}))
-" | bash "$SCRIPT_DIR/agent-creation-approval.sh" 2>/dev/null || true
-if [ ! -f "$STATE_FILE" ]; then
-  pass "Approval without state file did not create state"
-else
-  fail "Approval without state file should not create state"
-fi
-# ---------------------------------------------------------------------------
-# Test 25: render-component does NOT advance gates (removed in Task 148)
-# ---------------------------------------------------------------------------
-echo "Test 25: render-component does NOT advance gates (PostToolUse)"
-rm -f "$STATE_FILE"
-# Create fresh state
-echo '{"tool_name":"mcp__admin__plugin-read","tool_input":{"pluginName":"admin","file":"skills/public-agent-manager/skill.md"}}' \
-  | bash "$SCRIPT_DIR/agent-creation-post.sh" 2>/dev/null || true
-# Pipe render-component to the post hook — should NOT advance
-echo '{"tool_name":"mcp__admin__render-component","tool_input":{"name":"document-editor","data":{"title":"SOUL.md","content":"test","filePath":"'"$ACCOUNT_DIR"'/agents/test-agent/SOUL.md"}}}' \
-  | bash "$SCRIPT_DIR/agent-creation-post.sh" 2>/dev/null || true
-SOUL_GATE=$(python3 -c "import json; print(json.load(open('$STATE_FILE'))['gates']['soul'])" 2>/dev/null)
-if [ "$SOUL_GATE" = "False" ]; then
-  pass "render-component to PostToolUse does NOT advance gates"
-else
-  fail "render-component should NOT advance gates (Task 148 removed this), got soul=$SOUL_GATE"
-fi
-# ---------------------------------------------------------------------------
-# Test 26: Gate advancement order independence (config → knowledge → soul)
-# ---------------------------------------------------------------------------
-echo "Test 26: Gate advancement in non-standard order (config → knowledge → soul)"
-# State file from test 25 still exists with all gates false
-# Advance config first (form submission)
-python3 -c "
-import json
-wrapper = json.dumps({'_componentDone': True, 'component': 'form', 'payload': 'Form submitted: {\"liveMemory\": true}'})
-print(json.dumps({'prompt': wrapper, 'session_id': 'test', 'hook_event_name': 'UserPromptSubmit'}))
-" | bash "$SCRIPT_DIR/agent-creation-approval.sh" 2>/dev/null || true
-CONFIG_GATE=$(python3 -c "import json; print(json.load(open('$STATE_FILE'))['gates']['config'])" 2>/dev/null)
-if [ "$CONFIG_GATE" != "True" ]; then
-  fail "Config gate should be True, got $CONFIG_GATE"
-fi
-# Advance knowledge second
-python3 -c "
-import json
-payload = json.dumps({'action': 'approve', 'content': 'knowledge', 'filePath': '$ACCOUNT_DIR/agents/test-agent/KNOWLEDGE.md'})
-wrapper = json.dumps({'_componentDone': True, 'component': 'document-editor', 'payload': payload})
-print(json.dumps({'prompt': wrapper, 'session_id': 'test', 'hook_event_name': 'UserPromptSubmit'}))
-" | bash "$SCRIPT_DIR/agent-creation-approval.sh" 2>/dev/null || true
-KNOWLEDGE_GATE=$(python3 -c "import json; print(json.load(open('$STATE_FILE'))['gates']['knowledge'])" 2>/dev/null)
-if [ "$KNOWLEDGE_GATE" != "True" ]; then
-  fail "Knowledge gate should be True, got $KNOWLEDGE_GATE"
-fi
-# Advance soul last
-python3 -c "
-import json
-payload = json.dumps({'action': 'approve', 'content': 'personality', 'filePath': '$ACCOUNT_DIR/agents/test-agent/SOUL.md'})
-wrapper = json.dumps({'_componentDone': True, 'component': 'document-editor', 'payload': payload})
-print(json.dumps({'prompt': wrapper, 'session_id': 'test', 'hook_event_name': 'UserPromptSubmit'}))
-" | bash "$SCRIPT_DIR/agent-creation-approval.sh" 2>/dev/null || true
-# All gates true — state file persists (6h TTL handles cleanup)
-if [ -f "$STATE_FILE" ]; then
-  ALL_TRUE=$(python3 -c "import json; g=json.load(open('$STATE_FILE'))['gates']; print(all(g.values()))" 2>/dev/null)
-  if [ "$ALL_TRUE" = "True" ]; then
-    pass "Gates advanced in non-standard order, all true"
-  else
-    fail "All gates should be true after three approvals in any order"
-  fi
-else
-  fail "State file should still exist (cleanup is PreToolUse's job, not approval hook)"
-fi
-# ---------------------------------------------------------------------------
-# Test 27: Diagnostics log file is written
-# ---------------------------------------------------------------------------
-echo "Test 27: Diagnostics log file is written"
-if [ -f "$GATE_LOG" ] && [ -s "$GATE_LOG" ]; then
-  pass "Gate log file exists and contains entries"
-else
-  fail "Gate log file should exist and contain diagnostic entries"
-fi
-# ---------------------------------------------------------------------------
-# Test 28: Non-JSON user prompt is a no-op
-# ---------------------------------------------------------------------------
-echo "Test 28: Non-JSON user prompt is a no-op"
-rm -f "$STATE_FILE"
-# Create state
-echo '{"tool_name":"mcp__admin__plugin-read","tool_input":{"pluginName":"admin","file":"skills/public-agent-manager/skill.md"}}' \
-  | bash "$SCRIPT_DIR/agent-creation-post.sh" 2>/dev/null || true
-# Send a plain text prompt (no _componentDone wrapper)
-python3 -c "
-import json
-print(json.dumps({'prompt': 'I approve the SOUL.md file', 'session_id': 'test', 'hook_event_name': 'UserPromptSubmit'}))
-" | bash "$SCRIPT_DIR/agent-creation-approval.sh" 2>/dev/null || true
-SOUL_GATE=$(python3 -c "import json; print(json.load(open('$STATE_FILE'))['gates']['soul'])" 2>/dev/null)
-if [ "$SOUL_GATE" = "False" ]; then
-  pass "Plain text prompt did not advance any gate"
-else
-  fail "Plain text prompt should not advance gates, got soul=$SOUL_GATE"
-fi
-# ---------------------------------------------------------------------------
-# Test 29: _componentDone with missing component key is a no-op
-# ---------------------------------------------------------------------------
-echo "Test 29: _componentDone with missing component key is a no-op"
-python3 -c "
-import json
-wrapper = json.dumps({'_componentDone': True, 'payload': 'some content'})
-print(json.dumps({'prompt': wrapper, 'session_id': 'test', 'hook_event_name': 'UserPromptSubmit'}))
-" | bash "$SCRIPT_DIR/agent-creation-approval.sh" 2>/dev/null || true
-SOUL_GATE=$(python3 -c "import json; print(json.load(open('$STATE_FILE'))['gates']['soul'])" 2>/dev/null)
-if [ "$SOUL_GATE" = "False" ]; then
-  pass "_componentDone without component key did not advance any gate"
-else
-  fail "_componentDone without component key should not advance gates"
-fi
-rm -f "$STATE_FILE"
-# ---------------------------------------------------------------------------
-# Test 30: Session-start RECOVERS all-gates-true state when files are missing
-# ---------------------------------------------------------------------------
-echo "Test 30: Session-start recovers all-gates-true state when files are missing"
-rm -f "$STATE_FILE"
-rm -f "$ACCOUNT_DIR/agents/test-agent/SOUL.md" "$ACCOUNT_DIR/agents/test-agent/KNOWLEDGE.md" "$ACCOUNT_DIR/agents/test-agent/config.json" 2>/dev/null || true
-DURABLE_FILE="$ACCOUNT_DIR/.claude/agent-create-state.json"
-python3 -c "
-import json
-from datetime import datetime, timezone
-state = {
-    'slug': 'test-agent',
-    'started': datetime.now(timezone.utc).isoformat(),
-    'gates': {'soul': True, 'knowledge': True, 'config': True}
-}
-with open('$DURABLE_FILE', 'w') as f:
-    json.dump(state, f)
-"
-bash "$SCRIPT_DIR/session-start.sh" "$ACCOUNT_DIR" admin 2>/dev/null || true
-if [ -f "$STATE_FILE" ] && [ -f "$DURABLE_FILE" ]; then
-  pass "All-gates-true state recovered (files not yet written — writes still pending)"
-else
-  fail "All-gates-true state should be recovered when gated files are missing from disk"
-fi
-rm -f "$STATE_FILE"
-# ---------------------------------------------------------------------------
-# Test 30a: Session-start does NOT recover truly completed state (all gates true + all files on disk)
-# ---------------------------------------------------------------------------
-echo "Test 30a: Session-start does NOT recover truly completed state"
-# Create all gated files on disk
-touch "$ACCOUNT_DIR/agents/test-agent/SOUL.md"
-touch "$ACCOUNT_DIR/agents/test-agent/KNOWLEDGE.md"
-touch "$ACCOUNT_DIR/agents/test-agent/config.json"
-python3 -c "
-import json
-from datetime import datetime, timezone
-state = {
-    'slug': 'test-agent',
-    'started': datetime.now(timezone.utc).isoformat(),
-    'gates': {'soul': True, 'knowledge': True, 'config': True}
-}
-with open('$DURABLE_FILE', 'w') as f:
-    json.dump(state, f)
-"
-bash "$SCRIPT_DIR/session-start.sh" "$ACCOUNT_DIR" admin 2>/dev/null || true
-if [ ! -f "$STATE_FILE" ] && [ ! -f "$DURABLE_FILE" ]; then
-  pass "Truly completed state (all gates true + all files on disk) deleted"
-else
-  fail "Truly completed state should be deleted — both gates passed and files written"
-fi
-# Clean up gated files for subsequent tests
-rm -f "$ACCOUNT_DIR/agents/test-agent/SOUL.md" "$ACCOUNT_DIR/agents/test-agent/KNOWLEDGE.md" "$ACCOUNT_DIR/agents/test-agent/config.json"
-# ---------------------------------------------------------------------------
-# Test 31: PostToolUse cleans up state after last gated file is written
-# ---------------------------------------------------------------------------
-echo "Test 31: PostToolUse cleans up state after last gated file is written"
-rm -f "$STATE_FILE"
-DURABLE_FILE="$ACCOUNT_DIR/.claude/agent-create-state.json"
-# Create state with all gates true
-python3 -c "
-import json
-from datetime import datetime, timezone
-state = {
-    'slug': 'test-agent',
-    'started': datetime.now(timezone.utc).isoformat(),
-    'gates': {'soul': True, 'knowledge': True, 'config': True}
-}
-with open('$STATE_FILE', 'w') as f:
-    json.dump(state, f)
-with open('$DURABLE_FILE', 'w') as f:
-    json.dump(state, f)
-"
-# Create all three gated files on disk
-touch "$ACCOUNT_DIR/agents/test-agent/SOUL.md"
-touch "$ACCOUNT_DIR/agents/test-agent/KNOWLEDGE.md"
-touch "$ACCOUNT_DIR/agents/test-agent/config.json"
-# Simulate a Write PostToolUse for config.json (the last file)
-echo '{"tool_name":"Write","tool_input":{"file_path":"'"$ACCOUNT_DIR"'/agents/test-agent/config.json","content":"{}"}}' \
-  | bash "$SCRIPT_DIR/agent-creation-post.sh" 2>/dev/null || true
-if [ ! -f "$STATE_FILE" ] && [ ! -f "$DURABLE_FILE" ]; then
-  pass "State files cleaned up immediately after all gated files exist"
-else
-  fail "State files should be deleted when all gates true and all files exist (volatile=$([ -f '$STATE_FILE' ] && echo yes || echo no) durable=$([ -f '$DURABLE_FILE' ] && echo yes || echo no))"
-fi
-# ---------------------------------------------------------------------------
-# Test 32: PostToolUse does NOT clean up when a gated file is missing
-# ---------------------------------------------------------------------------
-echo "Test 32: PostToolUse does NOT clean up when a gated file is missing"
-rm -f "$STATE_FILE"
-rm -f "$DURABLE_FILE"
-# Create state with all gates true
-python3 -c "
-import json
-from datetime import datetime, timezone
-state = {
-    'slug': 'test-agent',
-    'started': datetime.now(timezone.utc).isoformat(),
-    'gates': {'soul': True, 'knowledge': True, 'config': True}
-}
-with open('$STATE_FILE', 'w') as f:
-    json.dump(state, f)
-with open('$DURABLE_FILE', 'w') as f:
-    json.dump(state, f)
-"
-# Only two files on disk — KNOWLEDGE.md missing
-touch "$ACCOUNT_DIR/agents/test-agent/SOUL.md"
-rm -f "$ACCOUNT_DIR/agents/test-agent/KNOWLEDGE.md"
-touch "$ACCOUNT_DIR/agents/test-agent/config.json"
-# Simulate a Write PostToolUse for config.json
-echo '{"tool_name":"Write","tool_input":{"file_path":"'"$ACCOUNT_DIR"'/agents/test-agent/config.json","content":"{}"}}' \
-  | bash "$SCRIPT_DIR/agent-creation-post.sh" 2>/dev/null || true
-if [ -f "$STATE_FILE" ] && [ -f "$DURABLE_FILE" ]; then
-  pass "State files preserved when KNOWLEDGE.md is missing on disk"
-else
-  fail "State files should NOT be deleted when a gated file is missing"
-fi
-# ---------------------------------------------------------------------------
-# Test 33: PostToolUse does NOT clean up when gates are not all true
-# ---------------------------------------------------------------------------
-echo "Test 33: PostToolUse does NOT clean up when gates are not all true"
-rm -f "$STATE_FILE"
-rm -f "$DURABLE_FILE"
-# Create state with one gate still false
-python3 -c "
-import json
-from datetime import datetime, timezone
-state = {
-    'slug': 'test-agent',
-    'started': datetime.now(timezone.utc).isoformat(),
-    'gates': {'soul': True, 'knowledge': False, 'config': True}
-}
-with open('$STATE_FILE', 'w') as f:
-    json.dump(state, f)
-with open('$DURABLE_FILE', 'w') as f:
-    json.dump(state, f)
-"
-# All three files on disk
-touch "$ACCOUNT_DIR/agents/test-agent/SOUL.md"
-touch "$ACCOUNT_DIR/agents/test-agent/KNOWLEDGE.md"
-touch "$ACCOUNT_DIR/agents/test-agent/config.json"
-# Simulate a Write PostToolUse for SOUL.md
-echo '{"tool_name":"Write","tool_input":{"file_path":"'"$ACCOUNT_DIR"'/agents/test-agent/SOUL.md","content":"personality"}}' \
-  | bash "$SCRIPT_DIR/agent-creation-post.sh" 2>/dev/null || true
-if [ -f "$STATE_FILE" ] && [ -f "$DURABLE_FILE" ]; then
-  pass "State files preserved when knowledge gate is still false"
-else
-  fail "State files should NOT be deleted when not all gates are true"
-fi
-# Clean up agent files for other tests
-rm -f "$ACCOUNT_DIR/agents/test-agent/SOUL.md" "$ACCOUNT_DIR/agents/test-agent/KNOWLEDGE.md" "$ACCOUNT_DIR/agents/test-agent/config.json"
-rm -f "$STATE_FILE" "$DURABLE_FILE"
-# ---------------------------------------------------------------------------
-# Test 27: Gate hook fails explicitly when ACCOUNT_DIR is unset
-# ---------------------------------------------------------------------------
-echo "Test 27: Gate hook fails explicitly when ACCOUNT_DIR is unset"
-EXIT_CODE=0
-echo '{"tool_name":"Write","tool_input":{"file_path":"/some/path/agents/test-agent/SOUL.md","content":"test"}}' \
-  | env -u ACCOUNT_DIR -u GATE_LOG_FILE bash "$SCRIPT_DIR/agent-creation-gate.sh" 2>/dev/null || EXIT_CODE=$?
-if [ "$EXIT_CODE" -eq 2 ]; then
-  pass "Gate hook exits 2 when ACCOUNT_DIR is unset (no silent /tmp fallback)"
-else
-  fail "Gate hook should exit 2 when ACCOUNT_DIR is unset, got $EXIT_CODE"
-fi
-# ---------------------------------------------------------------------------
-# Summary
-# ---------------------------------------------------------------------------
-echo ""
-echo "=== Results: $PASS passed, $FAIL failed ==="
-if [ "$FAIL" -gt 0 ]; then
-  exit 1
-fi
-exit 0