@structor-dev/cli 0.1.0 → 0.2.0

package/template/ai/contracts/codex-hooks.md.tpl

@@ -7,9 +7,15 @@ Codex hooks are local advisory guardrails.
 - Hook config lives in `.codex/hooks.json`.
 - Hook code lives under `scripts/hooks/`.
 - Hooks are deterministic and local.
+- Hook config must contain only the expected generated events, entries, and
+  commands.
 - Deny rules must include remediation and policy references.
 - Hooks must not write files, call external services, or supervise long-running
   processes.
+- Hook code must not import or call synchronous file mutation APIs,
+  write-capable streams, or write-capable file opens.
+- Hook validation must scan hook scripts for banned mutation tokens before
+  importing or executing hook code.
 - Hooks are not a complete security boundary and do not replace sandboxing,
   permission controls, code review, CI policy, or secret management.
 

package/template/ai/contracts/release-flow.md.tpl

@@ -1,6 +1,6 @@
 # Release Flow Contract
 
-This contract defines harness release safety for `{{PROJECT_NAME}}`.
+This contract defines harness release safety for {{PROJECT_NAME_CODE}}.
 
 ## Requirements
 

package/template/ai/templates/fixtures/issues/valid-ready.md.tpl

@@ -17,7 +17,9 @@ requires_human_approval: false
 
 ## Summary
 
-Update harness guidance without touching protected surfaces.
+Update harness guidance without touching protected surfaces. The work stays in
+`ai/HARNESS.md`, preserves harness-only scope, and is complete when governance
+validation passes with `node scripts/validate-governance.mjs`.
 
 ## Context
 

package/template/ai/templates/issue-template.md.tpl

@@ -17,7 +17,9 @@ requires_human_approval: false
 
 ## Summary
 
-Describe the work in one short paragraph.
+Write a scannable implementation summary in 250 words or fewer. Include the
+problem being solved, the intended change, the main implementation surfaces,
+and the key validation expectation.
 
 ## Context
 

package/template/ai/workspace/LOCAL-STACK.md.tpl

@@ -1,6 +1,6 @@
 # Local Stack
 
-This document records stable local assumptions for `{{PROJECT_NAME}}`.
+This document records stable local assumptions for {{PROJECT_NAME_CODE}}.
 
 ## Harness
 

package/template/ai/workspace/SYSTEM-MAP.md.tpl

@@ -1,7 +1,7 @@
 # System Map
 
-`{{PROJECT_NAME}}` is organized around a separate harness repo and one or more
-consumer repos.
+Project {{PROJECT_NAME_CODE}} is organized around a separate harness repo and
+one or more consumer repos.
 
 ## Relationship
 

package/template/consumer/AGENTS.md.tpl

@@ -7,10 +7,10 @@ harness.
 
 Read the harness first:
 
-1. `{{HARNESS_RELATIVE_PATH}}/AGENTS.md`
-2. `{{HARNESS_RELATIVE_PATH}}/ai/AGENTS.md`
-3. `{{HARNESS_RELATIVE_PATH}}/ai/HUB.md`
-4. `{{HARNESS_RELATIVE_PATH}}/ai/context.md`
+1. Root guide: {{HARNESS_AGENTS_PATH}}
+2. Shared guide: {{HARNESS_AI_AGENTS_PATH}}
+3. Hub: {{HARNESS_AI_HUB_PATH}}
+4. Context: {{HARNESS_AI_CONTEXT_PATH}}
 
 ## Local Purpose
 

package/template/consumer/CLAUDE.md.tpl

@@ -5,10 +5,10 @@ harness.
 
 Read:
 
-1. `{{HARNESS_RELATIVE_PATH}}/CLAUDE.md`
-2. `{{HARNESS_RELATIVE_PATH}}/ai/AGENTS.md`
-3. `{{HARNESS_RELATIVE_PATH}}/ai/HUB.md`
-4. `{{HARNESS_RELATIVE_PATH}}/ai/context.md`
+1. Root guide: {{HARNESS_CLAUDE_PATH}}
+2. Shared guide: {{HARNESS_AI_AGENTS_PATH}}
+3. Hub: {{HARNESS_AI_HUB_PATH}}
+4. Context: {{HARNESS_AI_CONTEXT_PATH}}
 
 Local purpose: {{CONSUMER_PURPOSE}}
 

package/template/scripts/bootstrap-workspace.mjs.tpl

@@ -1,10 +1,11 @@
 #!/usr/bin/env node
 
-import { cp, mkdir, access } from "node:fs/promises";
-import { constants as fsConstants } from "node:fs";
+import { cp, mkdir } from "node:fs/promises";
 import path from "node:path";
 import { fileURLToPath } from "node:url";
 import { execFileSync } from "node:child_process";
+import { workspaceEntrypointsForSettings } from "./generated-harness-contract.mjs";
+import { assertSafeWriteTarget, exists } from "./lib/path-safety.mjs";
 
 const repoRoot = path.resolve(path.dirname(fileURLToPath(import.meta.url)), "..");
 const workspaceRoot = path.resolve(repoRoot, "..");
@@ -16,6 +17,7 @@ const models = {
 const clientSupport = {
   claudeRules: {{CLIENT_CLAUDE_RULES_ENABLED}},
 };
+const workspaceEntrypoints = workspaceEntrypointsForSettings({ models, clientSupport });
 
 function parseArgs(argv) {
   return {
@@ -24,15 +26,6 @@ function parseArgs(argv) {
   };
 }
 
-async function exists(filePath) {
-  try {
-    await access(filePath, fsConstants.F_OK);
-    return true;
-  } catch {
-    return false;
-  }
-}
-
 async function copyIfAllowed(sourceRelative, targetRelative, options) {
   const source = path.join(repoRoot, sourceRelative);
   const target = path.join(workspaceRoot, targetRelative);
@@ -45,6 +38,11 @@ async function copyIfAllowed(sourceRelative, targetRelative, options) {
     console.log(`skipped existing ${target}`);
     return;
   }
+  await assertSafeWriteTarget({
+    targetPath: target,
+    rootPath: workspaceRoot,
+    label: `Workspace bootstrap target ${targetRelative}`,
+  });
   await mkdir(path.dirname(target), { recursive: true });
   await cp(source, target);
   console.log(`installed ${target}`);
@@ -67,20 +65,8 @@ async function main() {
   const options = parseArgs(process.argv.slice(2));
   await verifyConsumers();
 
-  if (models.openai) {
-    await copyIfAllowed("workspace/AGENTS.md", "AGENTS.md", options);
-  }
-  if (models.anthropic) {
-    await copyIfAllowed("workspace/CLAUDE.md", "CLAUDE.md", options);
-    await copyIfAllowed("workspace/.claude/CLAUDE.md", ".claude/CLAUDE.md", options);
-    await copyIfAllowed("workspace/.claude/settings.json", ".claude/settings.json", options);
-    if (clientSupport.claudeRules) {
-      await copyIfAllowed(
-        "workspace/.claude/rules/harness-client-surfaces.md",
-        ".claude/rules/harness-client-surfaces.md",
-        options,
-      );
-    }
+  for (const entrypoint of workspaceEntrypoints) {
+    await copyIfAllowed(entrypoint.source, entrypoint.path, options);
   }
 
   if (!options.dryRun) {

package/template/scripts/check-claude-compatibility.mjs.tpl

@@ -4,20 +4,21 @@ import { readFile, readdir, access } from "node:fs/promises";
 import { constants as fsConstants } from "node:fs";
 import path from "node:path";
 import { fileURLToPath } from "node:url";
+import { requiredClaudeCompatibilityFiles } from "./generated-harness-contract.mjs";
 
 const repoRoot = path.resolve(path.dirname(fileURLToPath(import.meta.url)), "..");
 const claudeRulesEnabled = {{CLIENT_CLAUDE_RULES_ENABLED}};
 const claudeHooksEnabled = {{CLIENT_CLAUDE_HOOKS_ENABLED}};
 const claudeSkillsEnabled = {{CLIENT_CLAUDE_SKILLS_ENABLED}};
-
-const requiredFiles = [
-  "CLAUDE.md",
-  ".claude/CLAUDE.md",
-  ".claude/settings.json",
-  "ai/model-overlays/anthropic/CLAUDE.md",
-];
-
-if (claudeRulesEnabled) requiredFiles.push(".claude/rules/harness-client-surfaces.md");
+const settings = {
+  models: { openai: false, anthropic: true },
+  clientSupport: {
+    claudeRules: claudeRulesEnabled,
+    claudeHooks: claudeHooksEnabled,
+    claudeSkills: claudeSkillsEnabled,
+  },
+};
+const requiredFiles = requiredClaudeCompatibilityFiles(settings);
 
 async function exists(relativePath) {
   try {
@@ -56,6 +57,36 @@ function requireIncludes(content, needle, label, errors) {
   if (!content.includes(needle)) errors.push(`${label} must include '${needle}'.`);
 }
 
+// Top-level keys the generated Claude settings file is allowed to declare.
+const allowedSettingsKeys = new Set(["permissions", "env", "hooks", "model", "$schema"]);
+const allowedPermissionsKeys = new Set(["allow", "deny", "ask", "defaultMode", "additionalDirectories"]);
+
+// An allow entry is dangerous when it grants an unrestricted scope (a bare tool
+// name, or a wildcard that matches everything). These must never appear in a
+// generated harness because they neutralise the deny list.
+function isDangerousAllowEntry(entry) {
+  if (typeof entry !== "string") return true;
+  const trimmed = entry.trim();
+  if (!/\(.*\)/.test(trimmed)) return true; // bare tool name, e.g. "Bash"
+  return /\((?:\*|\*\*(?:\/\*+)?)\)\s*$/.test(trimmed);
+}
+
+// Heuristic phrases that attempt to weaken or override harness safety policy.
+const unsafePolicyPatterns = [
+  /\b(?:ignore|disregard|forget)\b[^.\n]*\b(?:previous|prior|above|all|the)\b[^.\n]*\b(?:instruction|rule|polic|guard|safety|deny)/i,
+  /\b(?:bypass|disable|override|relax|remove)\b[^.\n]*\b(?:safety|guard|deny|permission|restriction|policy)/i,
+  /\ballow\b[^.\n]*\b(?:any|all)\b[^.\n]*\b(?:command|tool|action)/i,
+];
+
+function checkUnsafePolicyText(content, label, errors) {
+  for (const pattern of unsafePolicyPatterns) {
+    if (pattern.test(content)) {
+      errors.push(`${label} contains text that weakens harness safety policy.`);
+      return;
+    }
+  }
+}
+
 const errors = [];
 for (const relativePath of requiredFiles) {
   if (!(await exists(relativePath))) errors.push(`${relativePath} is required for Claude Code compatibility.`);
@@ -69,19 +100,40 @@ if (errors.length === 0) {
   if (/^\s*1\.\s+`\.\/AGENTS\.md`/m.test(rootClaude)) {
     errors.push("CLAUDE.md must not require Claude Code to start from AGENTS.md.");
   }
+  checkUnsafePolicyText(rootClaude, "CLAUDE.md", errors);
 
   const claudeProject = await read(".claude/CLAUDE.md");
   requireIncludes(claudeProject, "root `CLAUDE.md`", ".claude/CLAUDE.md", errors);
+  checkUnsafePolicyText(claudeProject, ".claude/CLAUDE.md", errors);
 
   const settings = await readJson(".claude/settings.json");
+  for (const key of Object.keys(settings)) {
+    if (!allowedSettingsKeys.has(key)) {
+      errors.push(`.claude/settings.json declares unexpected top-level key '${key}'.`);
+    }
+  }
   if (!settings.permissions || !Array.isArray(settings.permissions.deny)) {
     errors.push(".claude/settings.json must define permissions.deny.");
   }
+  if (settings.permissions && typeof settings.permissions === "object") {
+    for (const key of Object.keys(settings.permissions)) {
+      if (!allowedPermissionsKeys.has(key)) {
+        errors.push(`.claude/settings.json permissions declares unexpected key '${key}'.`);
+      }
+    }
+  }
   for (const denyPattern of ["Read(./.agent.env)", "Read(./.env)", "Read(./.env.*)"]) {
     if (!settings.permissions?.deny?.includes(denyPattern)) {
       errors.push(`.claude/settings.json permissions.deny must include ${denyPattern}.`);
     }
   }
+  if (Array.isArray(settings.permissions?.allow)) {
+    for (const entry of settings.permissions.allow) {
+      if (isDangerousAllowEntry(entry)) {
+        errors.push(`.claude/settings.json permissions.allow grants an unsafe broad scope: ${JSON.stringify(entry)}.`);
+      }
+    }
+  }
   if (!claudeHooksEnabled && Object.hasOwn(settings, "hooks")) {
     errors.push(".claude/settings.json must not configure Claude hooks unless clientSupport.claude.hooks is enabled.");
   }
@@ -91,6 +143,7 @@ if (errors.length === 0) {
     for (const token of ["paths:", "AGENTS.md", "CLAUDE.md", ".claude/**", "ai/model-overlays/**"]) {
       requireIncludes(rule, token, ".claude/rules/harness-client-surfaces.md", errors);
     }
+    checkUnsafePolicyText(rule, ".claude/rules/harness-client-surfaces.md", errors);
   }
 
   if (claudeSkillsEnabled) {

package/template/scripts/check-codex-hooks.mjs.tpl

@@ -4,7 +4,6 @@ import { readFile, readdir } from "node:fs/promises";
 import { spawnSync } from "node:child_process";
 import path from "node:path";
 import { fileURLToPath } from "node:url";
-import { denyRules } from "./hooks/lib/codex-hooks-core.mjs";
 
 const repoRoot = path.resolve(path.dirname(fileURLToPath(import.meta.url)), "..");
 
@@ -26,6 +25,83 @@ const expectedEvents = [
   eventPostToolUse,
   eventStop,
 ];
+const expectedEventSet = new Set(expectedEvents);
+const syncFileMutationApis = [
+  "appendFileSync",
+  "chmodSync",
+  "chownSync",
+  "copyFileSync",
+  "cpSync",
+  "fchmodSync",
+  "fchownSync",
+  "fdatasyncSync",
+  "fsyncSync",
+  "ftruncateSync",
+  "futimesSync",
+  "lchmodSync",
+  "lchownSync",
+  "linkSync",
+  "lutimesSync",
+  "mkdirSync",
+  "mkdtempSync",
+  "renameSync",
+  "rmSync",
+  "rmdirSync",
+  "symlinkSync",
+  "truncateSync",
+  "unlinkSync",
+  "utimesSync",
+  "writeFileSync",
+  "writeSync",
+  "writevSync",
+];
+const asyncFileMutationApis = [
+  "appendFile",
+  "chmod",
+  "chown",
+  "copyFile",
+  "cp",
+  "fchmod",
+  "fchown",
+  "fdatasync",
+  "fsync",
+  "ftruncate",
+  "futimes",
+  "lchmod",
+  "lchown",
+  "link",
+  "lutimes",
+  "mkdir",
+  "mkdtemp",
+  "rename",
+  "rm",
+  "rmdir",
+  "symlink",
+  "truncate",
+  "unlink",
+  "utimes",
+  "writeFile",
+  "writev",
+];
+const writeOpenFlagPattern = String.raw`(?:a|a\+|as|as\+|ax|ax\+|r\+|rs\+|w|w\+|wx|wx\+)`;
+const syncFileMutationPattern = new RegExp(`\\b(?:${syncFileMutationApis.join("|")})\\b`);
+const asyncFileMutationPattern = new RegExp(`\\b(?:${asyncFileMutationApis.join("|")})\\s*\\(`);
+const hookScriptBanRules = [
+  { pattern: /node:child_process|from\s+["']child_process["']/i, label: "process supervision" },
+  { pattern: /\b(fetch|XMLHttpRequest)\s*\(/, label: "network call" },
+  { pattern: /from\s+["']node:fs\/promises["']|from\s+["']fs\/promises["']/i, label: "file-system write-capable import" },
+  { pattern: asyncFileMutationPattern, label: "file mutation" },
+  { pattern: syncFileMutationPattern, label: "synchronous file mutation" },
+  { pattern: /\bcreateWriteStream\b/, label: "write-capable stream" },
+  {
+    pattern: new RegExp(`\\b(?:open|openSync)\\s*\\([^;\\n]*,\\s*["']${writeOpenFlagPattern}["']`, "i"),
+    label: "write-capable file open",
+  },
+  {
+    pattern: /\b(?:open|openSync)\s*\([^;\n]*\b(?:O_WRONLY|O_RDWR|O_CREAT|O_TRUNC|O_APPEND)\b/i,
+    label: "write-capable file open",
+  },
+];
 
 const fixtures = [
   {
@@ -49,6 +125,34 @@ const fixtures = [
     expectedAction: "deny",
     expectedExitCode: 2,
   },
+  {
+    name: "destructive-command-deny-global-option",
+    event: eventPreToolUse,
+    input: { toolInput: { cmd: "git -C /repo reset --hard HEAD" } },
+    expectedAction: "deny",
+    expectedExitCode: 2,
+  },
+  {
+    name: "force-push-deny-short-flag",
+    event: eventPreToolUse,
+    input: { toolInput: { cmd: "git push -f origin main" } },
+    expectedAction: "deny",
+    expectedExitCode: 2,
+  },
+  {
+    name: "force-push-deny-refspec",
+    event: eventPreToolUse,
+    input: { toolInput: { cmd: "git push origin +main" } },
+    expectedAction: "deny",
+    expectedExitCode: 2,
+  },
+  {
+    name: "secret-read-deny-printenv",
+    event: eventPreToolUse,
+    input: { toolInput: { cmd: "printenv SECRET_TOKEN" } },
+    expectedAction: "deny",
+    expectedExitCode: 2,
+  },
   {
     name: "failed-validation-context",
     event: eventPostToolUse,
@@ -72,6 +176,71 @@ const fixtures = [
   },
 ];
 
+const invalidConfigFixtures = [
+  {
+    name: "extra-hook-command",
+    expectedMessage: "PreToolUse must configure exactly one hook command.",
+    mutate(config) {
+      config.hooks.PreToolUse[0].hooks.push({
+        type: "command",
+        command: "node scripts/hooks/extra-hook.mjs PreToolUse --json",
+      });
+    },
+  },
+  {
+    name: "extra-hook-entry",
+    expectedMessage: "Stop must configure exactly one hook entry.",
+    mutate(config) {
+      config.hooks.Stop.push({
+        matcher: "*",
+        timeoutMs: fixtureTimeoutMs,
+        hooks: [{ type: "command", command: "node scripts/hooks/codex-hook.mjs Stop --json" }],
+      });
+    },
+  },
+  {
+    name: "extra-hook-event",
+    expectedMessage: ".codex/hooks.json must not define unexpected CustomEvent hook entry.",
+    mutate(config) {
+      config.hooks.CustomEvent = [
+        {
+          matcher: "*",
+          timeoutMs: fixtureTimeoutMs,
+          hooks: [{ type: "command", command: "node scripts/hooks/codex-hook.mjs CustomEvent --json" }],
+        },
+      ];
+    },
+  },
+];
+
+const invalidHookScriptFixtures = [
+  {
+    name: "sync-mutation-import",
+    source: "import { writeFileSync } from 'node:fs';\n",
+    expectedLabel: "synchronous file mutation",
+  },
+  ...syncFileMutationApis.map((api) => ({
+    name: `sync-mutation-${api}`,
+    source: `fs.${api}('hook-target');\n`,
+    expectedLabel: "synchronous file mutation",
+  })),
+  {
+    name: "write-stream-call",
+    source: "createWriteStream('hook.log');\n",
+    expectedLabel: "write-capable stream",
+  },
+  {
+    name: "write-open-call",
+    source: "openSync('hook.log', 'w');\n",
+    expectedLabel: "write-capable file open",
+  },
+  {
+    name: "write-open-constant",
+    source: "openSync('hook.log', constants.O_WRONLY | constants.O_CREAT);\n",
+    expectedLabel: "write-capable file open",
+  },
+];
+
 async function readJson(relativePath) {
   return JSON.parse(await readFile(path.join(repoRoot, relativePath), "utf8"));
 }
@@ -86,22 +255,86 @@ function hookCommandFor(event) {
   return hookCommandForEvent(event);
 }
 
-async function checkConfig(errors) {
-  const config = await readJson(".codex/hooks.json");
+function expectedHookConfig() {
+  return {
+    version: 1,
+    hooks: Object.fromEntries(
+      expectedEvents.map((event) => [
+        event,
+        [
+          {
+            matcher: "*",
+            timeoutMs: fixtureTimeoutMs,
+            hooks: [{ type: "command", command: hookCommandFor(event) }],
+          },
+        ],
+      ]),
+    ),
+  };
+}
+
+function cloneJson(value) {
+  return JSON.parse(JSON.stringify(value));
+}
+
+function checkConfigObject(errors, config, label = ".codex/hooks.json") {
   if (config.version !== 1) errors.push(".codex/hooks.json must set version: 1.");
+  if (!config.hooks || typeof config.hooks !== "object" || Array.isArray(config.hooks)) {
+    errors.push(`${label} must define hooks object.`);
+    return;
+  }
+  for (const event of Object.keys(config.hooks)) {
+    if (!expectedEventSet.has(event)) {
+      errors.push(`${label} must not define unexpected ${event} hook entry.`);
+    }
+  }
   for (const event of expectedEvents) {
     const entries = config.hooks?.[event];
     if (!Array.isArray(entries) || entries.length === 0) {
       errors.push(`.codex/hooks.json missing ${event} hook entry.`);
       continue;
     }
-    const commands = entries.flatMap((entry) => (entry.hooks ?? []).map((hook) => hook.command));
+    for (const entry of entries) {
+      checkTimeoutLimit(errors, event, entry.timeoutMs);
+    }
+    if (entries.length !== 1) {
+      errors.push(`${event} must configure exactly one hook entry.`);
+      continue;
+    }
+    const [entry] = entries;
+    const hooks = entry.hooks;
+    if (!Array.isArray(hooks) || hooks.length !== 1) {
+      errors.push(`${event} must configure exactly one hook command.`);
+      continue;
+    }
+    const [hook] = hooks;
     const expectedCommand = hookCommandFor(event);
-    if (!commands.includes(expectedCommand)) {
+    if (hook.type !== "command" || hook.command !== expectedCommand) {
       errors.push(`${event} must reference committed command '${expectedCommand}'.`);
     }
-    for (const entry of entries) {
-      checkTimeoutLimit(errors, event, entry.timeoutMs);
+  }
+}
+
+async function checkConfig(errors) {
+  checkConfigObject(errors, await readJson(".codex/hooks.json"));
+}
+
+function checkConfigFixtures(errors) {
+  for (const fixture of invalidConfigFixtures) {
+    const config = cloneJson(expectedHookConfig());
+    fixture.mutate(config);
+    const fixtureErrors = [];
+    checkConfigObject(fixtureErrors, config);
+    if (!fixtureErrors.some((error) => error.includes(fixture.expectedMessage))) {
+      errors.push(`${fixture.name}: missing expected config validation error '${fixture.expectedMessage}'.`);
+    }
+  }
+}
+
+function checkHookScriptSource(errors, relativePath, source) {
+  for (const banned of hookScriptBanRules) {
+    if (banned.pattern.test(source)) {
+      errors.push(`${relativePath} contains ${banned.label} token. Hook scripts must stay deterministic and local.`);
     }
   }
 }
@@ -111,23 +344,23 @@ async function checkHookScripts(errors) {
   const files = (await readdir(hooksDir, { recursive: true }))
     .filter((file) => file.endsWith(".mjs"))
     .map((file) => `scripts/hooks/${file}`);
-  const bannedPatterns = [
-    { pattern: /node:child_process|from\s+["']child_process["']/i, label: "process supervision" },
-    { pattern: /\b(fetch|XMLHttpRequest)\s*\(/, label: "network call" },
-    { pattern: /from\s+["']node:fs\/promises["']|from\s+["']fs\/promises["']/i, label: "file-system write-capable import" },
-    { pattern: /\b(writeFile|appendFile|mkdir|rm|unlink|rmdir)\s*\(/, label: "file mutation" },
-  ];
   for (const relativePath of files) {
     const source = await readFile(path.join(repoRoot, relativePath), "utf8");
-    for (const banned of bannedPatterns) {
-      if (banned.pattern.test(source)) {
-        errors.push(`${relativePath} contains ${banned.label} token. Hook scripts must stay deterministic and local.`);
-      }
+    checkHookScriptSource(errors, relativePath, source);
+  }
+}
+
+function checkHookScriptFixtures(errors) {
+  for (const fixture of invalidHookScriptFixtures) {
+    const fixtureErrors = [];
+    checkHookScriptSource(fixtureErrors, `fixture/${fixture.name}.mjs`, fixture.source);
+    if (!fixtureErrors.some((error) => error.includes(fixture.expectedLabel))) {
+      errors.push(`${fixture.name}: missing expected hook script validation error '${fixture.expectedLabel}'.`);
     }
   }
 }
 
-function checkDenyRules(errors) {
+function checkDenyRules(errors, denyRules) {
   for (const rule of denyRules) {
     for (const field of ["id", "prevents", "remediation", "falsePositiveNote"]) {
       if (!rule[field]) errors.push(`deny rule missing ${field}.`);
@@ -176,9 +409,18 @@ function checkFixtures(errors) {
 
 const errors = [];
 await checkConfig(errors);
+checkConfigFixtures(errors);
 await checkHookScripts(errors);
-checkDenyRules(errors);
-checkFixtures(errors);
+checkHookScriptFixtures(errors);
+
+if (errors.length === 0) {
+  const { denyRules } = await import("./hooks/lib/codex-hooks-core.mjs");
+  checkDenyRules(errors, denyRules);
+}
+
+if (errors.length === 0) {
+  checkFixtures(errors);
+}
 
 if (errors.length > 0) {
   console.error("Codex hook check failed.");