@trac3er/oh-my-god 2.1.1 → 2.1.4

package/build/lib/hooks/firewall.py

@@ -8,6 +8,7 @@ import json
 import os
 import sys
 from pathlib import Path
+from typing import Any
 
 HOOKS_DIR = os.path.dirname(__file__)
 PROJECT_ROOT = os.path.dirname(HOOKS_DIR)
@@ -21,7 +22,9 @@ from _common import setup_crash_handler, json_input, deny_decision, is_bypass_mo
 setup_crash_handler("firewall", fail_closed=True)
 
 try:
-    from policy_engine import evaluate_bash_command, to_pretool_hook_output  # pyright: ignore[reportImplicitRelativeImport]
+    from policy_engine import evaluate_bash_command, to_pretool_hook_output, scan_mutation_command, ask, deny  # pyright: ignore[reportImplicitRelativeImport]
+    from runtime.defense_state import DefenseState
+    from runtime.session_health import compute_session_health
     from runtime.mutation_gate import check_mutation_allowed
     from runtime.tool_plan_gate import journal_mutation_bash
 except Exception as _import_err:
@@ -67,6 +70,16 @@ def _resolve_run_id(payload: dict[str, object]) -> str:
     return env_run_id.strip()
 
 
+def _resolve_active_run_id(project_dir: str) -> str:
+    active_run_path = Path(project_dir) / ".omg" / "shadow" / "active-run"
+    if not active_run_path.exists():
+        return ""
+    try:
+        return active_run_path.read_text(encoding="utf-8").strip()
+    except OSError:
+        return ""
+
+
 def _read_defense_risk(project_dir: str) -> str:
     path = Path(project_dir) / ".omg" / "state" / "defense_state" / "current.json"
     if not path.exists():
@@ -106,6 +119,122 @@ def _read_council_signal(project_dir: str, run_id: str) -> str:
         return ""
     return f"council evidence={verdict} findings={findings_count}"
 
+
+def _read_clarification_state(project_dir: str, run_id: str) -> dict[str, object]:
+    if not run_id:
+        return {
+            "requires_clarification": False,
+            "intent_class": "",
+            "clarification_prompt": "",
+            "confidence": 0.0,
+        }
+    path = Path(project_dir) / ".omg" / "state" / "intent_gate" / f"{run_id}.json"
+    if not path.exists():
+        return {
+            "requires_clarification": False,
+            "intent_class": "",
+            "clarification_prompt": "",
+            "confidence": 0.0,
+        }
+    try:
+        payload = json.loads(path.read_text(encoding="utf-8"))
+    except (OSError, json.JSONDecodeError):
+        return {
+            "requires_clarification": False,
+            "intent_class": "",
+            "clarification_prompt": "",
+            "confidence": 0.0,
+        }
+    if not isinstance(payload, dict):
+        return {
+            "requires_clarification": False,
+            "intent_class": "",
+            "clarification_prompt": "",
+            "confidence": 0.0,
+        }
+    prompt = " ".join(str(payload.get("clarification_prompt", "")).split())
+    try:
+        confidence = float(payload.get("confidence", 0.0))
+    except (TypeError, ValueError):
+        confidence = 0.0
+    return {
+        "requires_clarification": bool(payload.get("requires_clarification") is True),
+        "intent_class": str(payload.get("intent_class", "")).strip(),
+        "clarification_prompt": prompt,
+        "confidence": round(max(0.0, min(1.0, confidence)), 2),
+    }
+
+
+def _clarification_reason(clarification_prompt: str) -> str:
+    prompt = " ".join(str(clarification_prompt or "").split())
+    if prompt:
+        return f"Clarification required before mutation: {prompt}"
+    return "Clarification required before mutation: provide the missing intent details."
+
+
+def _to_float(value: Any, default: float) -> float:
+    try:
+        return float(value)
+    except (TypeError, ValueError):
+        return default
+
+
+def _mutating_defense_decision(
+    *,
+    project_dir: str,
+    cmd: str,
+    run_id: str,
+):
+    scan = scan_mutation_command(cmd)
+    defense_state = DefenseState(project_dir).update(
+        injection_hits=int(_to_float(scan.get("injection_hits"), 0.0)),
+        contamination_score=_to_float(scan.get("contamination_score"), 0.0),
+        overthinking_score=_to_float(scan.get("overthinking_score"), 0.0),
+        premature_fixer_score=_to_float(scan.get("premature_fixer_score"), 0.0),
+    )
+
+    resolved_run_id = run_id.strip() or _resolve_active_run_id(project_dir) or "default"
+    session_health = compute_session_health(project_dir, run_id=resolved_run_id)
+
+    contamination = _to_float(session_health.get("contamination_risk"), _to_float(defense_state.get("contamination_score"), 0.0))
+    overthinking = _to_float(session_health.get("overthinking_score"), _to_float(defense_state.get("overthinking_score"), 0.0))
+    premature_fixer = _to_float(defense_state.get("premature_fixer_score"), 0.0)
+    health_action = str(session_health.get("recommended_action", "continue"))
+    thresholds = session_health.get("thresholds") if isinstance(session_health, dict) else {}
+    contamination_thresholds = thresholds.get("contamination_risk") if isinstance(thresholds, dict) else {}
+    overthinking_thresholds = thresholds.get("overthinking_score") if isinstance(thresholds, dict) else {}
+    reflect_contamination = _to_float(contamination_thresholds.get("reflect") if isinstance(contamination_thresholds, dict) else None, 0.05)
+    reflect_overthinking = _to_float(overthinking_thresholds.get("reflect") if isinstance(overthinking_thresholds, dict) else None, 0.15)
+    reflect_triggers = session_health.get("reflect_triggers") if isinstance(session_health, dict) else {}
+    contamination_trigger = bool(reflect_triggers.get("contamination")) if isinstance(reflect_triggers, dict) else contamination > reflect_contamination
+    overthinking_trigger = bool(reflect_triggers.get("overthinking")) if isinstance(reflect_triggers, dict) else overthinking > reflect_overthinking
+    pause_required = bool(session_health.get("defense_pause_required") is True) if isinstance(session_health, dict) else (contamination_trigger or overthinking_trigger)
+    signal_text = ", ".join(str(item) for item in scan.get("signals", []) if str(item)) or "none"
+    context = (
+        f"defense hits={int(_to_float(defense_state.get('injection_hits'), 0.0))} "
+        f"contamination={contamination:.4f} overthinking={overthinking:.4f} "
+        f"premature_fixer={premature_fixer:.4f} "
+        f"session_health={health_action} signals={signal_text}"
+    )
+
+    if health_action == "block":
+        return deny(
+            f"Blocked: mutation denied by defense/session-health reducer [{context}]",
+            "high",
+            ["defense-reducer", "session-health"],
+        )
+
+    if pause_required or contamination_trigger or overthinking_trigger:
+        return ask(
+            "Pause: mutation requires reflection before execution "
+            f"[{context}; thresholds contamination>{reflect_contamination:.2f} "
+            f"overthinking>{reflect_overthinking:.2f}]",
+            "high",
+            ["reflect", "defense-reducer", "session-health"],
+        )
+
+    return None
+
 data = json_input()
 
 tool = data.get("tool_name", "")
@@ -117,7 +246,6 @@ if not cmd:
     sys.exit(0)
 
 decision = evaluate_bash_command(cmd)
-decision = _enrich_risk_context(decision, data)
 
 tool_input = data.get("tool_input")
 metadata = tool_input.get("metadata") if isinstance(tool_input, dict) else None
@@ -136,10 +264,26 @@ gate_result = check_mutation_allowed(
     metadata=metadata if isinstance(metadata, dict) else None,
 )
 is_mutation_capable = str(gate_result.get("reason", "")) != "tool is read-only for mutation gate"
+clarification_state = _read_clarification_state(get_project_dir(), run_id)
+if is_mutation_capable:
+    defense_decision = _mutating_defense_decision(
+        project_dir=get_project_dir(),
+        cmd=cmd,
+        run_id=run_id,
+    )
+    if defense_decision is not None:
+        decision = defense_decision
+
+if clarification_state.get("requires_clarification") is True and is_mutation_capable:
+    deny_decision(_clarification_reason(str(clarification_state.get("clarification_prompt", ""))))
+    sys.exit(0)
+
 if is_mutation_capable and gate_result.get("status") == "blocked":
     deny_decision(str(gate_result.get("reason", "mutation denied by test intent lock gate")))
     sys.exit(0)
 
+decision = _enrich_risk_context(decision, data)
+
 # In bypass-permission mode, only enforce hard denials (critical safety).
 # Skip "ask" decisions so the user is not prompted for confirmation.
 if is_bypass_mode(data) and decision.action != "deny":

package/build/lib/hooks/intentgate-keyword-detector.py

@@ -38,7 +38,7 @@ try:
         get_feature_flag,
         _resolve_project_dir,
         check_performance_budget,
-        PRE_TOOL_INJECT_MAX_MS,
+        PRE_TOOL_INJECT_MAX_MS as pre_tool_inject_max_ms,
     )
 except ImportError:
     import importlib
@@ -48,7 +48,7 @@ except ImportError:
     get_feature_flag = _common.get_feature_flag
     _resolve_project_dir = _common._resolve_project_dir
     check_performance_budget = _common.check_performance_budget
-    PRE_TOOL_INJECT_MAX_MS = _common.PRE_TOOL_INJECT_MAX_MS
+    pre_tool_inject_max_ms = _common.PRE_TOOL_INJECT_MAX_MS
 
 setup_crash_handler("intentgate-keyword-detector", fail_closed=False)
 
@@ -64,6 +64,18 @@ KEYWORD_INTENT_MAP = {
     "search": "INTENT_SEARCH",
     "stop": "INTENT_STOP",
     "crazy": "INTENT_CRAZY",
+    "auth": "INTENT_AUTH_SETUP",
+    "login": "INTENT_AUTH_SETUP",
+    "credentials": "INTENT_AUTH_SETUP",
+    "setup my credentials": "INTENT_AUTH_SETUP",
+    "setup credentials": "INTENT_AUTH_SETUP",
+    "remember my settings": "INTENT_PREFERENCE_MEMORY",
+    "remember settings": "INTENT_PREFERENCE_MEMORY",
+    "preferences": "INTENT_PREFERENCE_MEMORY",
+    "memory style": "INTENT_PREFERENCE_MEMORY",
+    "setup preferences": "INTENT_AMBIGUOUS_CONFIG",
+    "configure preferences": "INTENT_AMBIGUOUS_CONFIG",
+    "remember setup": "INTENT_AMBIGUOUS_CONFIG",
 }
 
 
@@ -179,7 +191,7 @@ if detected_intents:
 # PERFORMANCE BUDGET CHECK
 # ═══════════════════════════════════════════════════════════
 elapsed_ms = (time.time() - start_time) * 1000
-check_performance_budget("intentgate-keyword-detector", elapsed_ms, PRE_TOOL_INJECT_MAX_MS)
+check_performance_budget("intentgate-keyword-detector", elapsed_ms, pre_tool_inject_max_ms)
 
 # ═══════════════════════════════════════════════════════════
 # OUTPUT

package/build/lib/hooks/policy_engine.py

@@ -126,6 +126,33 @@ UNTRUSTED_MUTATION_PATTERNS = [
 TRUSTED_CONTENT_TIERS = frozenset({"local", "balanced"})
 UNTRUSTED_EXTERNAL_TIERS = frozenset({"research", "browser"})
 
+INJECTION_MARKER_PATTERNS: tuple[tuple[re.Pattern[str], float, str], ...] = (
+    (re.compile(r"\bIGNORE\s+(?:ALL\s+)?PREVIOUS(?:\s+INSTRUCTIONS?)?\b", re.IGNORECASE), 0.03, "ignore-previous-instructions"),
+    (re.compile(r"<\|im_start\|>", re.IGNORECASE), 0.03, "im-start-token"),
+    (re.compile(r"<\|im_end\|>", re.IGNORECASE), 0.03, "im-end-token"),
+    (re.compile(r"\[INST\]", re.IGNORECASE), 0.03, "inst-token"),
+    (re.compile(r"\[/INST\]", re.IGNORECASE), 0.03, "inst-close-token"),
+)
+
+HIDDEN_INSTRUCTION_PATTERNS: tuple[tuple[re.Pattern[str], float, str], ...] = (
+    (re.compile(r"(?:^|\s)SYSTEM\s*:", re.IGNORECASE), 0.02, "system-role-token"),
+    (re.compile(r"(?:^|\s)ASSISTANT\s*:", re.IGNORECASE), 0.02, "assistant-role-token"),
+    (re.compile(r"(?:(?:#|//|/\*|<!--).{0,80})\b(?:ignore|override|jailbreak|bypass)\b", re.IGNORECASE), 0.01, "comment-hidden-instruction"),
+    (re.compile(r"\bbase64\s+(?:-d|--decode)\b", re.IGNORECASE), 0.01, "base64-decoder-token"),
+    (re.compile(r"\b[A-Za-z0-9+/]{48,}={0,2}\b"), 0.01, "opaque-base64-payload"),
+)
+
+CACHE_POISONING_PATTERNS: tuple[tuple[re.Pattern[str], float, str], ...] = (
+    (re.compile(r"(?:>|>>|tee\b|cp\b|mv\b|rm\b|sed\s+-i\b).{0,120}/\.omg/state/", re.IGNORECASE), 0.04, "state-path-overwrite-attempt"),
+    (re.compile(r"(?:>|>>|tee\b|cp\b|mv\b|rm\b|sed\s+-i\b).{0,120}/\.omg/shadow/active-run", re.IGNORECASE), 0.04, "active-run-overwrite-attempt"),
+    (re.compile(r"\b(?:cache|state)\s*(?:poison|override|overwrite|tamper)\b", re.IGNORECASE), 0.02, "cache-poisoning-language"),
+)
+
+CLARIFICATION_AMBIGUITY_PATTERNS: tuple[tuple[re.Pattern[str], float, str], ...] = (
+    (re.compile(r"\b(?:without\s+asking|no\s+questions\s+asked|skip\s+clarif(?:y|ication))\b", re.IGNORECASE), 0.08, "clarification-bypass-language"),
+    (re.compile(r"\b(?:just\s+fix\s+it|fix\s+everything|do\s+whatever\s+it\s+takes)\b", re.IGNORECASE), 0.08, "ambiguous-mutation-intent"),
+)
+
 
 def _project_dir() -> str:
     return os.environ.get("CLAUDE_PROJECT_DIR", os.getcwd())
@@ -211,6 +238,56 @@ def _is_untrusted_content_mode_active() -> bool:
         return False
 
 
+def scan_mutation_command(cmd: str) -> dict[str, Any]:
+    text = str(cmd or "")
+    if not text.strip():
+        return {
+            "injection_hits": 0,
+            "contamination_score": 0.0,
+            "overthinking_score": 0.0,
+            "premature_fixer_score": 0.0,
+            "signals": [],
+        }
+
+    contamination_score = 0.0
+    overthinking_score = 0.0
+    premature_fixer_score = 0.0
+    injection_hits = 0
+    signals: list[str] = []
+
+    for pattern, weight, label in INJECTION_MARKER_PATTERNS:
+        if pattern.search(text):
+            injection_hits += 1
+            contamination_score += weight
+            signals.append(label)
+
+    for pattern, weight, label in HIDDEN_INSTRUCTION_PATTERNS:
+        if pattern.search(text):
+            injection_hits += 1
+            contamination_score += weight
+            signals.append(label)
+
+    for pattern, weight, label in CACHE_POISONING_PATTERNS:
+        if pattern.search(text):
+            injection_hits += 1
+            contamination_score += weight
+            signals.append(label)
+
+    for pattern, weight, label in CLARIFICATION_AMBIGUITY_PATTERNS:
+        if pattern.search(text):
+            overthinking_score += weight
+            premature_fixer_score += weight
+            signals.append(label)
+
+    return {
+        "injection_hits": max(0, injection_hits),
+        "contamination_score": round(max(0.0, min(1.0, contamination_score)), 4),
+        "overthinking_score": round(max(0.0, min(1.0, overthinking_score)), 4),
+        "premature_fixer_score": round(max(0.0, min(1.0, premature_fixer_score)), 4),
+        "signals": signals,
+    }
+
+
 def evaluate_bash_command(cmd: str) -> PolicyDecision:
     if not cmd:
         return allow("empty command")

package/build/lib/hooks/prompt-enhancer.py

@@ -14,7 +14,9 @@ Inspired by earlier OMG routing experiments. Key upgrades:
 
 No dependency on CLAUDE.md or AGENTS.md.
 """
+import hashlib
 import json, sys, os, re, time
+from datetime import datetime, timezone
 import importlib
 
 HOOKS_DIR = os.path.dirname(__file__)
@@ -77,6 +79,48 @@ def signal_matches_text(signal, text):
         return signal in text
     return re.search(r'\b' + re.escape(signal) + r'\b', text, re.IGNORECASE) is not None
 
+
+def _hash_prompt(value):
+    return hashlib.sha256(value.encode("utf-8")).hexdigest()
+
+
+def _single_line(text, max_chars=220):
+    line = " ".join(str(text).replace("\r", " ").replace("\n", " ").split())
+    if len(line) > max_chars:
+        return line[: max_chars - 3] + "..."
+    return line
+
+
+def _resolve_run_id(payload, prompt_hash):
+    if isinstance(payload, dict):
+        run_id = payload.get("run_id")
+        if isinstance(run_id, str) and run_id.strip():
+            return run_id.strip()
+        tool_input = payload.get("tool_input")
+        if isinstance(tool_input, dict):
+            metadata = tool_input.get("metadata")
+            if isinstance(metadata, dict):
+                metadata_run_id = metadata.get("run_id")
+                if isinstance(metadata_run_id, str) and metadata_run_id.strip():
+                    return metadata_run_id.strip()
+    env_run_id = os.environ.get("OMG_RUN_ID", "").strip()
+    if env_run_id:
+        return env_run_id
+    return prompt_hash[:24]
+
+
+def _count_signals(signals, text):
+    return sum(1 for sig in signals if signal_matches_text(sig, text))
+
+
+def _write_intent_gate_artifact(state_root, run_id, artifact):
+    state_path = os.path.join(state_root, "intent_gate", f"{run_id}.json")
+    os.makedirs(os.path.dirname(state_path), exist_ok=True)
+    tmp_path = f"{state_path}.tmp"
+    with open(tmp_path, "w", encoding="utf-8") as tmp_file:
+        json.dump(artifact, tmp_file, indent=2, ensure_ascii=True)
+    os.replace(tmp_path, state_path)
+
 # ── Zero-injection optimization ──
 # Simple prompts (≤10 words, no coding/mode/routing signals) get zero overhead
 _word_count_early = len(prompt_lower.split())
@@ -88,6 +132,8 @@ _has_any_signal = any([
                                                      "codex","gemini","ccg","screenshot","screen",
                                                      "security","warning","hook error","resume","handoff",
                                                      "continue","domain","scaffold","debug","deploy",
+                                                     "setup","credential","credentials","preference",
+                                                     "preferences","remember","settings","memory",
                                                      "수정","구현","버그","에러","고쳐","스크린샷","보안"]),
     _word_count_early > 10,
 ])
@@ -127,14 +173,109 @@ INTENT_MAP = {
                      "구현", "빌드", "생성", "만들", "추가", "기능", "개발"],
         "directive": "IMPLEMENT — Plan → code → test → verify. Follow existing patterns"
     },
+    "auth_setup": {
+        "signals": ["auth", "login", "credential", "credentials", "oauth", "token", "setup auth",
+                     "setup credential", "set up credential", "인증", "로그인", "자격 증명", "토큰"],
+        "directive": "AUTH_SETUP — Clarify auth target and credential source before changes"
+    },
+    "preference_memory": {
+        "signals": ["remember my settings", "remember settings", "preference", "preferences", "settings",
+                     "memory style", "save my setup", "기억", "설정", "선호"],
+        "directive": "PREFERENCE_MEMORY — Clarify scope and persistence policy before changes"
+    },
+    "ambiguous_config": {
+        "signals": ["setup", "configure", "config", "remember", "save", "setup my", "set up",
+                     "설정해", "구성", "저장"],
+        "directive": "AMBIGUOUS_CONFIG — Ask one-line clarification before any implementation"
+    },
 }
 
+IMPLEMENTATION_ACTION_SIGNALS = [
+    "implement", "build", "create", "add", "fix", "refactor", "update", "write", "code",
+    "debug", "test", "migrate", "deploy", "patch", "change", "구현", "추가", "수정", "개발",
+]
+AUTH_PROVIDER_SIGNALS = [
+    "codex", "claude", "gemini", "github", "google", "openai", "provider", "service", "cli",
+]
+AUTH_SOURCE_SIGNALS = [
+    "env", "token", "key", "secret", "credential", "password", "vault", "profile", "yaml",
+]
+PREFERENCE_SCOPE_SIGNALS = ["session", "project", "global", "default", "always", "workspace", "local"]
+
+
+def _build_intent_gate_state(prompt_text, payload):
+    has_auth = _count_signals(INTENT_MAP["auth_setup"]["signals"], prompt_text) > 0
+    has_pref = _count_signals(INTENT_MAP["preference_memory"]["signals"], prompt_text) > 0
+    has_ambiguous_config = _count_signals(INTENT_MAP["ambiguous_config"]["signals"], prompt_text) > 0
+    if not (has_auth or has_pref or has_ambiguous_config):
+        return None
+
+    has_specific_action = any(signal_matches_text(sig, prompt_text) for sig in IMPLEMENTATION_ACTION_SIGNALS)
+
+    if has_auth and has_pref:
+        intent_class = "ambiguous_config"
+    elif has_auth and has_ambiguous_config and not has_specific_action:
+        intent_class = "ambiguous_config"
+    elif has_auth:
+        intent_class = "auth_setup"
+    elif has_pref:
+        intent_class = "preference_memory"
+    else:
+        intent_class = "ambiguous_config"
+
+    missing_slots = []
+    if intent_class in ("auth_setup", "ambiguous_config"):
+        if not any(signal_matches_text(sig, prompt_text) for sig in AUTH_PROVIDER_SIGNALS):
+            missing_slots.append("provider")
+        if not any(signal_matches_text(sig, prompt_text) for sig in AUTH_SOURCE_SIGNALS):
+            missing_slots.append("credential_source")
+    if intent_class in ("preference_memory", "ambiguous_config"):
+        if not any(signal_matches_text(sig, prompt_text) for sig in PREFERENCE_SCOPE_SIGNALS):
+            missing_slots.append("scope")
+    if not has_specific_action:
+        missing_slots.append("desired_action")
+
+    requires_clarification = intent_class == "ambiguous_config" or bool(missing_slots)
+    clarification_prompt = ""
+    if requires_clarification:
+        prompt_map = {
+            "auth_setup": "Clarify auth setup in one line: target service, credential source, and exact action to run.",
+            "preference_memory": "Clarify preference memory in one line: settings to save, scope, and when to apply them.",
+            "ambiguous_config": "Clarify in one line whether this is auth setup or preference memory, plus the exact action to execute.",
+        }
+        clarification_prompt = _single_line(prompt_map[intent_class])
+
+    source_prompt_hash = _hash_prompt(prompt_text)
+    run_id = _resolve_run_id(payload, source_prompt_hash)
+    signal_hits = _count_signals(INTENT_MAP[intent_class]["signals"], prompt_text)
+    confidence = min(0.99, 0.76 + (signal_hits * 0.07) + (0.06 if intent_class == "ambiguous_config" else 0.0))
+
+    return {
+        "schema": "IntentGateClarificationState",
+        "schema_version": "1.0.0",
+        "run_id": run_id,
+        "intent_class": intent_class,
+        "confidence": round(confidence, 2),
+        "requires_clarification": requires_clarification,
+        "missing_slots": missing_slots,
+        "clarification_prompt": clarification_prompt,
+        "source_prompt_hash": source_prompt_hash,
+        "updated_at": datetime.now(timezone.utc).isoformat(),
+    }
+
 detected_intent = None
 for intent_key, intent_data in INTENT_MAP.items():
     if any(signal_matches_text(sig, prompt) for sig in intent_data["signals"]):
         detected_intent = intent_key
         break
 
+intent_gate_state = _build_intent_gate_state(prompt, data)
+if intent_gate_state is not None:
+    try:
+        _write_intent_gate_artifact(state_dir, intent_gate_state["run_id"], intent_gate_state)
+    except Exception:
+        pass
+
 # ═══════════════════════════════════════════════════════════
 # 2. DISCIPLINE SYSTEM (Sisyphus-grade)
 # ═══════════════════════════════════════════════════════════
@@ -143,6 +284,11 @@ parts = []
 if detected_intent:
     parts.append(f"@intent: {INTENT_MAP[detected_intent]['directive']}")
 
+if intent_gate_state and intent_gate_state.get("requires_clarification"):
+    clarification_line = _single_line(intent_gate_state.get("clarification_prompt", ""))
+    if clarification_line:
+        parts.append(f"@intent-clarify: {clarification_line}")
+
 parts.append(
     "@discipline: Senior-eng mode. Clean minimal code. "
     "VERIFY changes. NEVER claim done unverified. "