@su-record/vibe 2.12.4 → 2.13.0

package/hooks/scripts/pr-test-gate.js

@@ -4,49 +4,20 @@
  * mcp__github__create_pull_request 호출 시 테스트가 통과해야만 PR 생성 허용.
  * exit 2 = 차단, exit 0 = 통과
  */
-import { execSync } from 'child_process';
 import { PROJECT_DIR } from './utils.js';
-import { existsSync, readFileSync } from 'fs';
-import path from 'path';
+import { runPrTestGate } from './lib/pr-gate-runner.js';
 
-function detectTestCommand() {
-  const pkgPath = path.join(PROJECT_DIR, 'package.json');
-  if (existsSync(pkgPath)) {
-    try {
-      const pkg = JSON.parse(readFileSync(pkgPath, 'utf-8'));
-      if (pkg.scripts?.test && pkg.scripts.test !== 'echo "Error: no test specified" && exit 1') {
-        return 'npm test';
-      }
-    } catch { /* ignore */ }
-  }
-  // Python
-  if (existsSync(path.join(PROJECT_DIR, 'pytest.ini')) || existsSync(path.join(PROJECT_DIR, 'pyproject.toml'))) {
-    return 'python -m pytest --tb=short -q';
-  }
-  // Go
-  if (existsSync(path.join(PROJECT_DIR, 'go.mod'))) {
-    return 'go test ./...';
-  }
-  return null;
-}
+const { passed, testCmd, output } = runPrTestGate(PROJECT_DIR);
 
-try {
-  const testCmd = detectTestCommand();
-  if (!testCmd) {
-    // No test command detected — allow PR
-    process.exit(0);
-  }
+if (!testCmd) {
+  // 테스트 커맨드 없음 → PR 허용
+  process.exit(0);
+}
 
-  console.log(`[PR-GATE] Running tests before PR creation: ${testCmd}`);
-  execSync(testCmd, {
-    cwd: PROJECT_DIR,
-    stdio: ['ignore', 'pipe', 'pipe'],
-    timeout: 120000,
-  });
+if (passed) {
   console.log('[PR-GATE] Tests passed — PR creation allowed');
   process.exit(0);
-} catch (err) {
-  const output = err.stdout ? err.stdout.toString().split('\n').slice(-5).join('\n') : '';
+} else {
   console.log(`[PR-GATE] Tests failed — PR creation blocked\n${output}`);
   process.exit(2);
 }

package/hooks/scripts/pre-tool-dispatcher.js

@@ -2,43 +2,45 @@
 /**
  * PreToolUse dispatcher — Bash/Edit/Write 공용.
  *
- * 기존: matcher별로 2~3개 스크립트가 병렬 spawn.
- *       - Bash: sentinel-guard + pre-tool-guard + command-log
- *       - Edit: sentinel-guard + pre-tool-guard
- *       - Write: sentinel-guard + pre-tool-guard
- * 현재: 단일 디스패처가 tool name을 인자로 받아 순차 실행.
+ * in-process 평탄화 (2026-06): 가드를 자식 node로 spawn하지 않고 import해서
+ * 같은 프로세스에서 실행한다. 자식 VM 기동(~20ms × N)과 stdin 재읽기 제거.
+ * daemon/IPC는 금지 (CLAUDE.md Gotchas) — 디스패처 프로세스 자체는 유지.
  *
  * Deny 시맨틱 보존:
- *   sentinel-guard / pre-tool-guard가 exit 2(deny)를 반환하면 dispatcher도
- *   즉시 exit 2로 상위에 전파 → Claude Code가 도구 실행을 차단.
+ *   sentinel-guard / pre-tool-guard / scope-guard의 run(ctx)이 2를 반환하면
+ *   dispatchInProcess가 process.exit(2)로 상위에 전파 → Claude Code가 도구 실행 차단.
  *
  * 사용법: node pre-tool-dispatcher.js <Bash|Edit|Write>
  */
-import { dispatch } from './lib/dispatcher.js';
+import { dispatchInProcess } from './lib/dispatcher.js';
+import { run as sentinelGuard } from './sentinel-guard.js';
+import { run as preToolGuard } from './pre-tool-guard.js';
+import { run as scopeGuard } from './scope-guard.js';
+import { run as commandLog } from './command-log.js';
 
 const toolName = process.argv[2] || '';
 
 const steps = [
-  { name: 'sentinel-guard', script: 'sentinel-guard.js', args: [toolName], denyOnExit2: true },
-  { name: 'pre-tool-guard', script: 'pre-tool-guard.js', args: [toolName], denyOnExit2: true },
+  { name: 'sentinel-guard', run: sentinelGuard, denyOnExit2: true },
+  { name: 'pre-tool-guard', run: preToolGuard, denyOnExit2: true },
 ];
 
-// scope-guard는 Edit/Write에만 의미 있음 — 불필요한 spawn 회피
+// scope-guard는 Edit/Write에만 의미 있음
 if (toolName === 'Edit' || toolName === 'Write') {
-  steps.push({ name: 'scope-guard', script: 'scope-guard.js', args: [toolName], denyOnExit2: true });
+  steps.push({ name: 'scope-guard', run: scopeGuard, denyOnExit2: true });
 }
 
 // command-log은 Bash 전용
 if (toolName === 'Bash') {
-  steps.push({ name: 'command-log', script: 'command-log.js' });
+  steps.push({ name: 'command-log', run: commandLog });
 }
 
 // 하네스에 노이즈를 주지 않도록 디스패처 자체의 예외는 모두 흡수.
-// exit 2 (deny 전파)는 dispatch() 내부에서 process.exit(2)로 처리되므로
+// exit 2 (deny 전파)는 dispatchInProcess 내부에서 process.exit(2)로 처리되므로
 // 여기까지 오면 "deny 아님" → 항상 exit 0.
 try {
-  await dispatch(steps);
+  await dispatchInProcess(steps, { argvToolName: toolName });
 } catch {
-  // ignore — 하위 스크립트 크래시가 상위 훅 실패로 표시되지 않도록
+  // ignore — step 크래시가 상위 훅 실패로 표시되지 않도록
 }
 process.exit(0);

package/hooks/scripts/pre-tool-guard.js

@@ -4,8 +4,6 @@
  * 위험한 도구 사용 전 검증 및 경고
  */
 
-import { VIBE_PATH, PROJECT_DIR } from './utils.js';
-
 // 위험한 명령어 패턴
 //
 // 각 엔트리의 `target`은 매칭 대상 필드:
@@ -197,63 +195,68 @@ function formatOutput(toolName, validation) {
   return lines.join('\n');
 }
 
+import { logHookDecision, PROJECT_DIR } from './utils.js';
+import { buildCliCtx, isDirectRun } from './lib/hook-context.js';
+import { runPrTestGate } from './lib/pr-gate-runner.js';
+
+/** gh pr create 감지 정규식 (단어 경계 기준, 플래그 허용). */
+const GH_PR_CREATE_RE = /\bgh\s+pr\s+create\b/;
+
 /**
- * stdin에서 JSON 페이로드 읽기 (Claude Code 하네스 호환)
- * stdin이 없거나 파싱 실패 시 argv/env 폴백
+ * in-process 진입점 — 디스패처가 ctx를 전달해 직접 호출.
+ * @param {{ toolName: string, toolInput: string, payload: object|null }} ctx
+ * @returns {Promise<number>} exit code (0 = allowed, 2 = denied)
  */
-function readStdinSync() {
-  try {
-    if (process.stdin.isTTY) return null;
-    // fd 0을 직접 사용 (Windows는 '/dev/stdin'이 없음)
-    const buf = Buffer.alloc(65536);
-    const bytesRead = fs.readSync(0, buf, 0, buf.length, null);
-    if (bytesRead > 0) {
-      return JSON.parse(buf.toString('utf-8', 0, bytesRead));
+export async function run(ctx) {
+  const toolName = ctx.toolName || 'Bash';
+  const toolInput = ctx.toolInput;
+
+  // 1단계: 입력 스키마 검증 (구조적 오류 탐지)
+  const schemaResult = validateInputSchema(toolName, ctx.payload?.tool_input || toolInput);
+  if (!schemaResult.valid) {
+    // stderr: Claude Code surfaces stderr in hook-error notifications; stdout is injected
+    // into the assistant's context and never shown to the user. Guard messages target the user.
+    console.error(`⚠️ INPUT VALIDATION: ${toolName}`);
+    for (const err of schemaResult.errors) {
+      console.error(`  [SCHEMA] ${err}`);
     }
-  } catch { /* 파싱 실패 시 폴백 */ }
-  return null;
-}
+    logHookDecision('pre-tool-guard', toolName, 'warn', `schema: ${schemaResult.errors.join('; ')}`);
+    // 스키마 오류는 경고만 (차단하지 않음 — 레거시 호환)
+  }
 
-import fs from 'fs';
-
-// 메인 실행: stdin JSON 우선, argv 폴백
-const stdinPayload = readStdinSync();
-const toolName = stdinPayload?.tool_name || process.argv[2] || 'Bash';
-const toolInput = stdinPayload?.tool_input
-  ? (typeof stdinPayload.tool_input === 'string'
-    ? stdinPayload.tool_input
-    : JSON.stringify(stdinPayload.tool_input))
-  : (process.argv[3] || process.env.TOOL_INPUT || '');
-
-import { logHookDecision } from './utils.js';
-
-// 1단계: 입력 스키마 검증 (구조적 오류 탐지)
-const schemaResult = validateInputSchema(toolName, stdinPayload?.tool_input || toolInput);
-if (!schemaResult.valid) {
-  // stderr: Claude Code surfaces stderr in hook-error notifications; stdout is injected
-  // into the assistant's context and never shown to the user. Guard messages target the user.
-  console.error(`⚠️ INPUT VALIDATION: ${toolName}`);
-  for (const err of schemaResult.errors) {
-    console.error(`  [SCHEMA] ${err}`);
+  // 2단계: gh pr create Bash 명령 → PR 테스트 게이트
+  if (toolName === 'Bash' || toolName === 'bash') {
+    const command = extractTarget(toolInput, 'command') || toolInput;
+    if (GH_PR_CREATE_RE.test(command)) {
+      const gateResult = runPrTestGate(PROJECT_DIR);
+      if (!gateResult.passed) {
+        console.error(`[PR-GATE] Tests failed — gh pr create blocked\n${gateResult.output}`);
+        logHookDecision('pre-tool-guard', 'Bash', 'block', 'gh pr create: test gate failed');
+        return 2;
+      }
+    }
   }
-  logHookDecision('pre-tool-guard', toolName, 'warn', `schema: ${schemaResult.errors.join('; ')}`);
-  // 스키마 오류는 경고만 (차단하지 않음 — 레거시 호환)
-}
 
-// 2단계: 위험 패턴 검증 (보안 탐지)
-const validation = validateCommand(toolName, toolInput);
-const output = formatOutput(toolName, validation);
+  // 3단계: 위험 패턴 검증 (보안 탐지)
+  const validation = validateCommand(toolName, toolInput);
+  const output = formatOutput(toolName, validation);
 
-if (output) {
-  console.error(output);
-}
+  if (output) {
+    console.error(output);
+  }
 
-// Hook trace logging
-if (!validation.allowed) {
-  logHookDecision('pre-tool-guard', toolName, 'block', validation.warnings.join('; '));
-} else if (validation.warnings.length > 0) {
-  logHookDecision('pre-tool-guard', toolName, 'warn', validation.warnings.join('; '));
+  // Hook trace logging
+  if (!validation.allowed) {
+    logHookDecision('pre-tool-guard', toolName, 'block', validation.warnings.join('; '));
+  } else if (validation.warnings.length > 0) {
+    logHookDecision('pre-tool-guard', toolName, 'warn', validation.warnings.join('; '));
+  }
+
+  // Exit code: 0 = allowed, 2 = denied (claw-code 규약)
+  return validation.allowed ? 0 : 2;
 }
 
-// Exit code: 0 = allowed, 2 = denied (claw-code 규약), 1 = 레거시 호환
-process.exit(validation.allowed ? 0 : 2);
+// standalone CLI 모드: stdin JSON 우선, argv 폴백
+if (isDirectRun(import.meta.url)) {
+  process.exit(await run(buildCliCtx()));
+}

package/hooks/scripts/prompt-dispatcher.js

@@ -42,6 +42,16 @@ try {
 
 if (!prompt) process.exit(0);
 
+// vibe.run 감지 — runStarted 기록 및 verifyPassed 리셋 (in-process, stdout 없음).
+{
+  const { isVibeRunPrompt, extractRunFeature, recordRunStart } = await import('./lib/run-ledger.js');
+  if (isVibeRunPrompt(prompt)) {
+    const projectDir = process.env.CLAUDE_PROJECT_DIR || process.cwd();
+    const feature = extractRunFeature(prompt);
+    recordRunStart(projectDir, feature);
+  }
+}
+
 // 레거시 SSOT 통합 — `/vibe.*` 진입 시 `.claude/vibe/` → `.vibe/` 자동 이동.
 // `vibe init`/`update` 와 동일한 `consolidateLegacyVibe` (dist/cli/setup/LegacyMigration.js) 를 직접 재사용. Idempotent.
 if (/^\s*\/vibe\b/i.test(prompt)) {

package/hooks/scripts/scope-guard.js

@@ -22,6 +22,7 @@
 import fs from 'fs';
 import path from 'path';
 import { PROJECT_DIR, logHookDecision, projectVibePath, projectVibeRoot } from './utils.js';
+import { buildCliCtx, isDirectRun } from './lib/hook-context.js';
 
 const SCOPE_PATH = projectVibePath(PROJECT_DIR, 'scope.json');
 
@@ -86,16 +87,6 @@ function toRelative(filePath) {
   return rel || path.basename(filePath).replace(/\\/g, '/');
 }
 
-function readStdinSync() {
-  try {
-    if (process.stdin.isTTY) return null;
-    const buf = Buffer.alloc(65536);
-    const bytesRead = fs.readSync(0, buf, 0, buf.length, null);
-    if (bytesRead > 0) return JSON.parse(buf.toString('utf-8', 0, bytesRead));
-  } catch { /* ignore */ }
-  return null;
-}
-
 function extractFilePath(toolInput) {
   if (!toolInput) return '';
   if (typeof toolInput === 'string') {
@@ -105,41 +96,51 @@ function extractFilePath(toolInput) {
   return typeof toolInput.file_path === 'string' ? toolInput.file_path : '';
 }
 
-const scope = readScope();
-if (!scope) process.exit(0); // no scope declared → no-op
+/**
+ * in-process 진입점 — 디스패처가 ctx를 전달해 직접 호출.
+ * @param {{ toolName: string, toolInput: string }} ctx
+ * @returns {Promise<number>} exit code (0 = allow/no-op, 2 = block)
+ */
+export async function run(ctx) {
+  const scope = readScope();
+  if (!scope) return 0; // no scope declared → no-op
+
+  const toolName = ctx.toolName;
+  if (toolName !== 'Edit' && toolName !== 'Write') return 0;
 
-const stdinPayload = readStdinSync();
-const toolName = stdinPayload?.tool_name || process.argv[2] || '';
-if (toolName !== 'Edit' && toolName !== 'Write') process.exit(0);
+  const filePath = extractFilePath(ctx.toolInput);
+  if (!filePath) return 0;
 
-const rawInput = stdinPayload?.tool_input ?? process.argv[3] ?? process.env.TOOL_INPUT ?? '';
-const filePath = extractFilePath(rawInput);
-if (!filePath) process.exit(0);
+  const rel = toRelative(filePath);
 
-const rel = toRelative(filePath);
+  // 평가 순서: deny 우선 → allow 검증
+  const denied = scope.deny.length > 0 && matchesAny(rel, scope.deny);
+  const allowed = scope.allow.length === 0 || matchesAny(rel, scope.allow);
 
-// 평가 순서: deny 우선 → allow 검증
-const denied = scope.deny.length > 0 && matchesAny(rel, scope.deny);
-const allowed = scope.allow.length === 0 || matchesAny(rel, scope.allow);
+  const violated = denied || !allowed;
+  if (!violated) return 0;
 
-const violated = denied || !allowed;
-if (!violated) process.exit(0);
+  const lines = [];
+  lines.push(`🚧 SCOPE GUARD: ${toolName} — out of declared scope`);
+  lines.push(`  file: ${rel}`);
+  if (denied) lines.push(`  reason: matches deny pattern`);
+  else if (!allowed) lines.push(`  reason: not in allow list`);
+  if (scope.reason) lines.push(`  declared scope: ${scope.reason}`);
+  lines.push(`  declared in: ${path.relative(PROJECT_DIR, SCOPE_PATH)} (mode=${scope.mode})`);
 
-const lines = [];
-lines.push(`🚧 SCOPE GUARD: ${toolName} — out of declared scope`);
-lines.push(`  file: ${rel}`);
-if (denied) lines.push(`  reason: matches deny pattern`);
-else if (!allowed) lines.push(`  reason: not in allow list`);
-if (scope.reason) lines.push(`  declared scope: ${scope.reason}`);
-lines.push(`  declared in: ${path.relative(PROJECT_DIR, SCOPE_PATH)} (mode=${scope.mode})`);
+  const blocking = scope.mode === 'block';
+  if (blocking) {
+    lines.push('');
+    lines.push('🚫 BLOCKED. Edit scope.json or justify to the user before proceeding.');
+  }
 
-const blocking = scope.mode === 'block';
-if (blocking) {
-  lines.push('');
-  lines.push('🚫 BLOCKED. Edit scope.json or justify to the user before proceeding.');
-}
+  process.stderr.write(lines.join('\n') + '\n');
+  logHookDecision('scope-guard', toolName, blocking ? 'block' : 'warn', `${rel} ${denied ? '(deny)' : '(out-of-allow)'}`);
 
-console.log(lines.join('\n'));
-logHookDecision('scope-guard', toolName, blocking ? 'block' : 'warn', `${rel} ${denied ? '(deny)' : '(out-of-allow)'}`);
+  return blocking ? 2 : 0;
+}
 
-process.exit(blocking ? 2 : 0);
+// standalone CLI 모드: stdin JSON 우선, argv 폴백
+if (isDirectRun(import.meta.url)) {
+  process.exit(await run(buildCliCtx()));
+}

package/hooks/scripts/sentinel-guard.js

@@ -1,13 +1,31 @@
 #!/usr/bin/env node
 /**
  * Sentinel Guard — PreToolUse hook
- * Protects sentinel files and blocks dangerous operations.
- * Runs before pre-tool-guard.js.
+ * 핵심 자율 기계 경로를 Write/Edit/Bash 로부터 보호한다.
+ * pre-tool-guard.js 이전에 실행된다.
+ *
+ * 보호 경로 결정 근거:
+ *   src/infra/lib/autonomy/ 는 레포에 존재하지 않는 팬텀 경로였다.
+ *   git log 와 src/ 전수 조사 결과, 자율 기계(evolution machinery)의 실제
+ *   위치는 src/infra/lib/evolution/ 이다. GuardAnalyzer·HookTraceReader 등이
+ *   hook-traces.jsonl을 분석해 하네스 자기 개선 인사이트를 생성한다.
+ *   따라서 sentinel 대상을 이 실존 경로로 교체한다.
+ *
+ *   추가로 hooks/scripts/lib/ (디스패처 인프라)도 보호 — 이 디렉토리의
+ *   hook-context.js / dispatcher.js 가 손상되면 모든 pre-tool 게이트가
+ *   무력화된다.
+ *
+ * exit 2 = deny 규약 (PreToolUse 차단).
  */
 
-const SENTINEL_PATH_PREFIX = 'src/infra/lib/autonomy/';
+const SENTINEL_PREFIXES = [
+  'src/infra/lib/evolution/',
+  'hooks/scripts/lib/',
+];
 
-const SENTINEL_PATH_RE = /^(\.\/|\.\\)?src[\\/]infra[\\/]lib[\\/]autonomy[\\/]/;
+// 빠른 prefix 검사용 정규식 (backslash 포함)
+const SENTINEL_PATH_RE =
+  /^(?:\.[\\/])?(?:src[\\/]infra[\\/]lib[\\/]evolution|hooks[\\/]scripts[\\/]lib)[\\/]/;
 
 const DANGEROUS_BASH_RE =
   /\b(rm\s+-rf|kill\s+-9|drop\s+table|truncate|shutdown|reboot|mkfs|dd\s+if=)\b/i;
@@ -23,7 +41,6 @@ function extractFilePath(toolName, input) {
       return parsed.file_path || parsed.filePath || null;
     }
   } catch {
-    // Not JSON, try as plain string
     return typeof input === 'string' ? input : null;
   }
   return null;
@@ -48,7 +65,8 @@ function extractBashCommand(input) {
 function isSentinelPath(filePath) {
   if (!filePath) return false;
   const normalized = filePath.replace(/\\/g, '/').replace(/^\.\//, '');
-  return normalized.startsWith(SENTINEL_PATH_PREFIX) || SENTINEL_PATH_RE.test(filePath);
+  return SENTINEL_PREFIXES.some(p => normalized.startsWith(p)) ||
+    SENTINEL_PATH_RE.test(filePath);
 }
 
 /**
@@ -76,8 +94,7 @@ function guard(toolName, toolInput) {
       };
     }
     if (command && DANGEROUS_BASH_RE.test(command)) {
-      // Check if command targets sentinel files
-      if (command.includes(SENTINEL_PATH_PREFIX) || command.includes('src/infra/lib/autonomy')) {
+      if (SENTINEL_PREFIXES.some(p => command.includes(p))) {
         return {
           decision: 'block',
           reason: `Dangerous command targeting sentinel path: ${command}`,
@@ -86,45 +103,28 @@ function guard(toolName, toolInput) {
     }
   }
 
-  // Allow — return undefined for normal flow
   return undefined;
 }
 
-import fs from 'fs';
+import { logHookDecision } from './utils.js';
+import { buildCliCtx, isDirectRun } from './lib/hook-context.js';
 
 /**
- * stdin에서 JSON 페이로드 읽기 (Claude Code 하네스 호환)
+ * in-process 진입점 — 디스패처가 ctx를 전달해 직접 호출.
+ * @param {{ toolName: string, toolInput: string }} ctx
+ * @returns {Promise<number>} exit code (2 = deny 규약, 0 = allow)
  */
-function readStdinSync() {
-  try {
-    if (process.stdin.isTTY) return null;
-    // fd 0을 직접 사용 (Windows는 '/dev/stdin'이 없음)
-    const buf = Buffer.alloc(65536);
-    const bytesRead = fs.readSync(0, buf, 0, buf.length, null);
-    if (bytesRead > 0) {
-      return JSON.parse(buf.toString('utf-8', 0, bytesRead));
-    }
-  } catch { /* 폴백 */ }
-  return null;
+export async function run(ctx) {
+  const result = guard(ctx.toolName, ctx.toolInput);
+  if (result) {
+    logHookDecision('sentinel-guard', ctx.toolName, 'block', result.reason);
+    console.log(JSON.stringify(result));
+    return 2;
+  }
+  return 0;
 }
 
-// Main execution: stdin JSON 우선, argv 폴백
-const stdinPayload = readStdinSync();
-const toolName = stdinPayload?.tool_name || process.argv[2] || '';
-const toolInput = stdinPayload?.tool_input
-  ? (typeof stdinPayload.tool_input === 'string'
-    ? stdinPayload.tool_input
-    : JSON.stringify(stdinPayload.tool_input))
-  : (process.argv[3] || process.env.TOOL_INPUT || '');
-
-import { logHookDecision } from './utils.js';
-
-const result = guard(toolName, toolInput);
-
-if (result) {
-  logHookDecision('sentinel-guard', toolName, 'block', result.reason);
-  console.log(JSON.stringify(result));
-  process.exit(2); // deny 규약
+// standalone CLI 모드 (antigravity-hooks.json / 기존 테스트): stdin JSON 우선, argv 폴백
+if (isDirectRun(import.meta.url)) {
+  process.exit(await run(buildCliCtx()));
 }
-
-process.exit(0);

package/hooks/scripts/session-start.js

@@ -1,12 +1,11 @@
 /**
  * SessionStart Hook - 세션 시작 시 메모리/시간 로드 + 버전 체크
  */
-import { getToolsBaseUrl, PROJECT_DIR, projectVibePath, projectVibeRoot } from './utils.js';
+import { getToolsBaseUrl, getGlobalNpmPath, PROJECT_DIR, projectVibePath, projectVibeRoot } from './utils.js';
 import fs from 'fs';
 import path from 'path';
 import os from 'os';
 import https from 'https';
-import { execSync } from 'child_process';
 
 const BASE_URL = getToolsBaseUrl();
 
@@ -33,6 +32,30 @@ function fetchLatestVersion() {
   });
 }
 
+// 버전 체크 결과 24시간 파일 캐시 — 매 SessionStart마다 npm registry에
+// HTTP 요청(타임아웃 시 3초 블로킹)을 보내지 않도록 한다. 릴리즈 주기 대비
+// 하루 1회 확인이면 충분하다.
+const VERSION_CACHE_PATH = path.join(os.homedir(), '.vibe', 'version-check.json');
+const VERSION_CACHE_TTL_MS = 24 * 60 * 60 * 1000;
+
+async function getLatestVersionCached() {
+  try {
+    const cached = JSON.parse(fs.readFileSync(VERSION_CACHE_PATH, 'utf8'));
+    if (cached.version && Date.now() - cached.checkedAt < VERSION_CACHE_TTL_MS) {
+      return cached.version;
+    }
+  } catch { /* 캐시 없음/손상 → 네트워크 조회 */ }
+
+  const version = await fetchLatestVersion();
+  if (version) {
+    try {
+      fs.mkdirSync(path.dirname(VERSION_CACHE_PATH), { recursive: true });
+      fs.writeFileSync(VERSION_CACHE_PATH, JSON.stringify({ version, checkedAt: Date.now() }));
+    } catch { /* 캐시 기록 실패는 무시 */ }
+  }
+  return version;
+}
+
 function compareVersions(a, b) {
   const partsA = a.replace(/^v/, '').split('.').map(Number);
   const partsB = b.replace(/^v/, '').split('.').map(Number);
@@ -47,18 +70,8 @@ function compareVersions(a, b) {
 
 function getCurrentVersion() {
   try {
-    let globalNpmPath;
-    try {
-      globalNpmPath = execSync('npm root -g', { encoding: 'utf8', timeout: 3000 }).trim();
-    } catch {
-      const homeDir = os.homedir();
-      const fallbacks = [
-        '/usr/local/lib/node_modules',
-        path.join(homeDir, '.npm-global', 'lib', 'node_modules'),
-      ];
-      globalNpmPath = fallbacks.find(p => fs.existsSync(p)) || fallbacks[0];
-    }
-    const pkgPath = path.join(globalNpmPath, '@su-record', 'vibe', 'package.json');
+    // getToolsBaseUrl()이 이미 `npm root -g` 결과를 캐싱하므로 재사용 — 중복 spawn 제거
+    const pkgPath = path.join(getGlobalNpmPath(), '@su-record', 'vibe', 'package.json');
     if (fs.existsSync(pkgPath)) {
       return JSON.parse(fs.readFileSync(pkgPath, 'utf8')).version || null;
     }
@@ -77,7 +90,7 @@ async function main() {
       memoryModule.startSession({ projectPath: PROJECT_DIR }),
       timeModule.getCurrentTime({ format: 'human', timezone: 'Asia/Seoul' }),
       memoryModule.listMemories({ limit: 5, projectPath: PROJECT_DIR }),
-      fetchLatestVersion(),
+      getLatestVersionCached(),
     ]);
 
     console.log(session.content[0].text);
@@ -113,7 +126,7 @@ async function main() {
       }
     }
 
-    // Scope sync — 사용자가 .vibe/config.json scopeGuard.enabled=true 로 켰을 때만 동작.
+    // Scope sync — 기본 ON. scopeGuard.enabled=false 로 명시적 opt-out 가능.
     try {
       const { syncScopeFile, isScopeGuardEnabled } = await import('./lib/scope-from-spec.js');
       if (isScopeGuardEnabled(PROJECT_DIR)) {
@@ -122,6 +135,18 @@ async function main() {
           console.log(`\n🚧 Scope ${result.action} from active SPECs (${path.relative(PROJECT_DIR, path.join(projectVibeRoot(PROJECT_DIR), 'scope.json'))})`);
         }
       }
+      // scope 상태 1줄 알림 — 컨텍스트에 주입되어 모델이 현재 scope 범위를 인지한다
+      const scopeJsonPath = path.join(projectVibeRoot(PROJECT_DIR), 'scope.json');
+      if (fs.existsSync(scopeJsonPath)) {
+        try {
+          const scopeData = JSON.parse(fs.readFileSync(scopeJsonPath, 'utf-8'));
+          const featureLabel = scopeData.reason || path.basename(scopeJsonPath);
+          const modeLabel = scopeData.mode || 'warn';
+          console.log(`\nscope-guard: ${featureLabel} (${modeLabel})`);
+        } catch { /* ignore */ }
+      } else {
+        console.log('\nscope-guard: no active scope (no active SPEC or no derivable paths) — out-of-scope edits are not monitored');
+      }
     } catch { /* scope sync is best-effort */ }
 
     // Autonomy status summary