@windyroad/voice-tone 0.5.12 → 0.5.14-preview.746

package/.claude-plugin/plugin.json

@@ -123,5 +123,5 @@
     }
   },
   "name": "wr-voice-tone",
-  "version": "0.5.12"
+  "version": "0.5.14"
 }

package/hooks/external-comms-evaluator.conf

@@ -23,3 +23,11 @@ EXTERNAL_COMMS_POLICY_FILE=docs/VOICE-AND-TONE.md
 # concern (run by packages/risk-scorer/hooks/external-comms-gate.sh when that
 # plugin is also installed).
 EXTERNAL_COMMS_LEAK_PREFILTER=no
+
+# Surfaces this evaluator's policy doc disclaims — the gate silent-passes the
+# marker-review delegation on them (P360). docs/VOICE-AND-TONE.md § Scope
+# excludes commit messages ("It does NOT apply to: ... Commit messages (covered
+# by ADR-014 + ADR-018)"), so a voice-tone review of the git-commit-message
+# surface is a guaranteed-PASS no-op (~19K tokens). Skip it. The risk evaluator
+# does NOT skip this surface — its leak check on commit bodies is meaningful.
+EXTERNAL_COMMS_SKIP_SURFACES=git-commit-message

package/hooks/external-comms-gate.sh

@@ -78,6 +78,10 @@ source "$SCRIPT_DIR/lib/external-comms-key.sh"
 #   EXTERNAL_COMMS_ASSESS_SKILL    — on-demand skill path for manual delegation
 #   EXTERNAL_COMMS_POLICY_FILE     — policy doc whose absence triggers advisory-only
 #   EXTERNAL_COMMS_LEAK_PREFILTER  — yes|no — whether to run leak-detect pre-filter
+#   EXTERNAL_COMMS_SKIP_SURFACES   — space-separated surface list this evaluator's
+#                                    policy disclaims; the marker-review delegation
+#                                    silent-passes on those surfaces (P360). Default
+#                                    empty (gate every detected surface).
 # Fail-closed if absent: this hook cannot operate without a configured evaluator.
 CONF_FILE="$SCRIPT_DIR/external-comms-evaluator.conf"
 if [ ! -f "$CONF_FILE" ]; then
@@ -91,6 +95,7 @@ source "$CONF_FILE"
 : "${EXTERNAL_COMMS_ASSESS_SKILL:?assess-skill missing from $CONF_FILE}"
 EXTERNAL_COMMS_POLICY_FILE="${EXTERNAL_COMMS_POLICY_FILE:-RISK-POLICY.md}"
 EXTERNAL_COMMS_LEAK_PREFILTER="${EXTERNAL_COMMS_LEAK_PREFILTER:-yes}"
+EXTERNAL_COMMS_SKIP_SURFACES="${EXTERNAL_COMMS_SKIP_SURFACES:-}"
 
 # ---------- Bypass ----------
 if [ "${BYPASS_RISK_GATE:-0}" = "1" ]; then
@@ -318,6 +323,48 @@ if [ "$EXTERNAL_COMMS_LEAK_PREFILTER" = "yes" ]; then
     fi
 fi
 
+# ---------- Per-evaluator surface skip (P360) ----------
+# Some surfaces are explicitly disclaimed by THIS evaluator's policy doc, so the
+# marker-review delegation below would be a guaranteed-PASS no-op (the subagent
+# reads the policy, declares the surface out of scope, emits PASS — ~19K tokens
+# per round-trip). EXTERNAL_COMMS_SKIP_SURFACES (per-package .conf) lists those
+# surfaces; the gate silent-passes the prose-review delegation when the detected
+# surface is on the list. Voice-tone sets this to `git-commit-message` because
+# docs/VOICE-AND-TONE.md § Scope excludes commit messages ("covered by ADR-014 +
+# ADR-018"); risk-scorer leaves it empty (its leak check on commit messages is
+# meaningful). Placed AFTER the leak pre-filter so a skipped surface still gets
+# credential/prod-URL scanning — this silences ONLY the prose-review deny, the
+# same conservative shape as the P365 repo-visibility precondition below.
+if [ -n "$EXTERNAL_COMMS_SKIP_SURFACES" ]; then
+    case " $EXTERNAL_COMMS_SKIP_SURFACES " in
+        *" $SURFACE "*)
+            exit 0
+            ;;
+    esac
+fi
+
+# ---------- Repo-visibility precondition: git-commit-message surface (P365) ----------
+# A commit message only becomes external-facing prose when it lands in a PUBLIC
+# GitHub repo (git log / PR commits tab / release-page auto-notes / CHANGELOG).
+# In private or internal repos the marker-review delegation deny below is a pure
+# false-positive (P365 — user direction 2026-06-11: "this MUST NOT fire for
+# private repos"). Confirm visibility authoritatively via gh and silent-pass the
+# marker gate on any non-PUBLIC result. Any INDETERMINATE result (gh absent,
+# unauthenticated, no remote, API error → empty $REPO_VISIBILITY) is treated as
+# non-public: a commit message is only demonstrably external when the repo is
+# confirmably PUBLIC, so the conservative direction for THIS surface is to not
+# fire. This is a fail-open on the voice/tone-and-prose review ONLY — the
+# leak-pattern pre-filter above (credentials / prod-URLs) has already run for
+# every surface in every repo, so the high-stakes secrecy net is unaffected.
+# Scoped to git-commit-message only; the gh-issue/pr/api, npm-publish, and
+# changeset-author surfaces are inherently external and stay gated regardless.
+if [ "$SURFACE" = "git-commit-message" ]; then
+    REPO_VISIBILITY=$(gh repo view --json visibility -q .visibility 2>/dev/null || echo "")
+    if [ "$REPO_VISIBILITY" != "PUBLIC" ]; then
+        exit 0
+    fi
+fi
+
 # ---------- Marker-based gate (per-evaluator marker per ADR-028 amended 2026-05-14) ----------
 SESSION_DIR="${TMPDIR:-/tmp}/claude-risk-${SESSION_ID}"
 mkdir -p "$SESSION_DIR"

package/hooks/test/external-comms-gate.bats

@@ -61,9 +61,23 @@ print(json.dumps({
 " "$file_path" "$content"
 }
 
+# Mock `gh repo view --json visibility` for the git-commit-message surface
+# repo-visibility precondition (P365). vis ∈ {PUBLIC,PRIVATE,INTERNAL}; pass the
+# literal "FAIL" to simulate gh absent / unauthenticated (non-zero exit).
+mock_gh_visibility() {
+  local vis="$1"
+  mkdir -p "$TEST_PROJECT_DIR/mockbin"
+  if [ "$vis" = "FAIL" ]; then
+    printf '#!/usr/bin/env bash\nexit 1\n' > "$TEST_PROJECT_DIR/mockbin/gh"
+  else
+    printf '#!/usr/bin/env bash\necho %s\n' "$vis" > "$TEST_PROJECT_DIR/mockbin/gh"
+  fi
+  chmod +x "$TEST_PROJECT_DIR/mockbin/gh"
+}
+
 run_hook() {
   local input="$1"
-  run bash -c "cd '$TEST_PROJECT_DIR' && printf '%s' \"\$1\" | '$HOOK'" _ "$input"
+  run bash -c "cd '$TEST_PROJECT_DIR' && export PATH='$TEST_PROJECT_DIR/mockbin':\$PATH && printf '%s' \"\$1\" | '$HOOK'" _ "$input"
 }
 
 # ---------- Tests ----------
@@ -233,56 +247,75 @@ run_hook() {
 }
 
 # ---------------------------------------------------------------------------
-# P082 Phase 1 — git commit message surface (voice-tone evaluator).
-# Commit messages reach git log / PR commits tab / release notes / CHANGELOG;
-# voice-tone evaluator gates the message body for AI-tells, hedging,
-# em-dashes, banned-phrase drift before the commit lands. Editor flow
-# (bare `git commit`) is out of scope per P082 SC1 — the message is
-# written to .git/COMMIT_EDITMSG AFTER PreToolUse fires.
+# P360 — voice-tone evaluator disclaims the git-commit-message surface.
+# docs/VOICE-AND-TONE.md § Scope explicitly excludes commit messages ("It does
+# NOT apply to: ... Commit messages (covered by ADR-014 + ADR-018)"), so a
+# voice-tone review of a commit-message body is a guaranteed-PASS no-op
+# (~19K tokens per round-trip). external-comms-evaluator.conf sets
+# EXTERNAL_COMMS_SKIP_SURFACES=git-commit-message, so the gate silent-passes the
+# prose-review delegation on this surface in EVERY repo — visibility-independent
+# (the P360 skip is placed ahead of the P365 visibility precondition). The
+# risk-scorer evaluator, whose .conf leaves the skip list empty, still gates
+# this surface (its leak check is meaningful) — covered by
+# packages/risk-scorer/hooks/test/external-comms-gate.bats.
+#
+# Supersedes the original P082 Phase 1 voice-tone commit-message tests, which
+# asserted DENY on PUBLIC — that gate fire was the no-op P360 removes.
 # ---------------------------------------------------------------------------
 
-@test "P082: git commit -m with literal -m body denies and delegates to voice-tone evaluator" {
+@test "P360: git commit -m silent-passes (voice-tone disclaims commit messages)" {
+  mock_gh_visibility PUBLIC
   INPUT=$(build_bash_input "git commit -m \"I've implemented the feature\"")
   run_hook "$INPUT"
   [ "$status" -eq 0 ]
-  [[ "$output" == *"deny"* ]]
-  [[ "$output" == *"git-commit-message"* ]]
-  [[ "$output" == *"wr-voice-tone:external-comms"* ]]
+  [ -z "$output" ]
 }
 
-@test "P082: git commit --message with literal body denies and delegates" {
+@test "P360: git commit --message silent-passes with no marker round-trip" {
+  mock_gh_visibility PUBLIC
   INPUT=$(build_bash_input "git commit --message \"happy to help further with this fix\"")
   run_hook "$INPUT"
   [ "$status" -eq 0 ]
-  [[ "$output" == *"deny"* ]]
-  [[ "$output" == *"git-commit-message"* ]]
+  [ -z "$output" ]
 }
 
-@test "P082: git commit --amend -m is intercepted (P082 SC2)" {
+@test "P360: git commit --amend -m silent-passes" {
+  mock_gh_visibility PUBLIC
   INPUT=$(build_bash_input "git commit --amend -m \"rewritten subject\"")
   run_hook "$INPUT"
   [ "$status" -eq 0 ]
-  [[ "$output" == *"deny"* ]]
-  [[ "$output" == *"git-commit-message"* ]]
+  [ -z "$output" ]
 }
 
-@test "P082: git commit HEREDOC body is intercepted and the body becomes the marker key" {
-  # Build a HEREDOC-shaped command. The hook regex pulls the body BETWEEN
-  # the <<'EOF' opener and the closing EOF marker — the extracted DRAFT is
-  # the inner text, NOT the literal `$(cat <<'EOF' ... EOF)` wrapper.
+@test "P360: git commit HEREDOC body silent-passes without a marker" {
+  mock_gh_visibility PUBLIC
   BODY=$'feat(foo): add bar\n\nWe observed a build failure on Node 20.'
   CMD=$'git commit -m "$(cat <<\'EOF\'\n'"$BODY"$'\nEOF\n)"'
   INPUT=$(build_bash_input "$CMD")
   run_hook "$INPUT"
   [ "$status" -eq 0 ]
-  [[ "$output" == *"deny"* ]]
-  [[ "$output" == *"git-commit-message"* ]]
+  [ -z "$output" ]
+}
 
-  # Pre-place the per-evaluator marker keyed on the extracted HEREDOC body
-  # + the git-commit-message surface; the second run must permit silently.
-  SURFACE="git-commit-message"
-  KEY=$(printf '%s\n%s' "$BODY" "$SURFACE" | shasum -a 256 | cut -d' ' -f1)
-  touch "${RDIR}/external-comms-voice-tone-reviewed-${KEY}"
+@test "P360: commit-message skip is visibility-independent (PRIVATE silent-passes)" {
+  mock_gh_visibility PRIVATE
+  INPUT=$(build_bash_input "git commit -m \"I've implemented the feature\"")
+  run_hook "$INPUT"
+  [ "$status" -eq 0 ]
+  [ -z "$output" ]
+}
+
+@test "P360: commit-message skip is visibility-independent (INTERNAL silent-passes)" {
+  mock_gh_visibility INTERNAL
+  INPUT=$(build_bash_input "git commit -m \"I've implemented the feature\"")
+  run_hook "$INPUT"
+  [ "$status" -eq 0 ]
+  [ -z "$output" ]
+}
+
+@test "P360: commit-message skip is visibility-independent (indeterminate gh silent-passes)" {
+  mock_gh_visibility FAIL
+  INPUT=$(build_bash_input "git commit -m \"I've implemented the feature\"")
   run_hook "$INPUT"
   [ "$status" -eq 0 ]
   [ -z "$output" ]
@@ -311,16 +344,25 @@ run_hook() {
   [ -z "$output" ]
 }
 
-@test "P082: per-evaluator marker keyed on (body, git-commit-message) permits the call" {
-  BODY="docs(retro): close iter 3 ask-hygiene trail"
-  SURFACE="git-commit-message"
-  KEY=$(printf '%s\n%s' "$BODY" "$SURFACE" | shasum -a 256 | cut -d' ' -f1)
-  touch "${RDIR}/external-comms-voice-tone-reviewed-${KEY}"
+@test "P360: the skip is surface-scoped — gh-issue is NOT skipped (still denies+delegates)" {
+  # EXTERNAL_COMMS_SKIP_SURFACES lists only git-commit-message; the inherently
+  # external gh-issue surface stays gated. Guards against the skip list over-
+  # matching (e.g. a substring or blanket-skip regression).
+  mock_gh_visibility PUBLIC
+  INPUT=$(build_bash_input "gh issue create --title x --body 'a clean issue body'")
+  run_hook "$INPUT"
+  [ "$status" -eq 0 ]
+  [[ "$output" == *"deny"* ]]
+  [[ "$output" == *"wr-voice-tone:external-comms"* ]]
+}
 
-  INPUT=$(build_bash_input "git commit -m \"$BODY\"")
+@test "P365: PRIVATE visibility does NOT short-circuit the gh-issue surface (still denies+delegates)" {
+  mock_gh_visibility PRIVATE
+  INPUT=$(build_bash_input "gh issue create --title x --body 'a clean issue body'")
   run_hook "$INPUT"
   [ "$status" -eq 0 ]
-  [ -z "$output" ]
+  [[ "$output" == *"deny"* ]]
+  [[ "$output" == *"gh-issue-create"* ]]
 }
 
 # ---------------------------------------------------------------------------

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@windyroad/voice-tone",
-  "version": "0.5.12",
+  "version": "0.5.14-preview.746",
   "description": "Voice and tone enforcement for user-facing copy",
   "bin": {
     "windyroad-voice-tone": "./bin/install.mjs"