@windyroad/voice-tone 0.5.13 → 0.5.14-preview.746

package/.claude-plugin/plugin.json

@@ -123,5 +123,5 @@
     }
   },
   "name": "wr-voice-tone",
-  "version": "0.5.13"
+  "version": "0.5.14"
 }

package/hooks/external-comms-evaluator.conf

@@ -23,3 +23,11 @@ EXTERNAL_COMMS_POLICY_FILE=docs/VOICE-AND-TONE.md
 # concern (run by packages/risk-scorer/hooks/external-comms-gate.sh when that
 # plugin is also installed).
 EXTERNAL_COMMS_LEAK_PREFILTER=no
+
+# Surfaces this evaluator's policy doc disclaims — the gate silent-passes the
+# marker-review delegation on them (P360). docs/VOICE-AND-TONE.md § Scope
+# excludes commit messages ("It does NOT apply to: ... Commit messages (covered
+# by ADR-014 + ADR-018)"), so a voice-tone review of the git-commit-message
+# surface is a guaranteed-PASS no-op (~19K tokens). Skip it. The risk evaluator
+# does NOT skip this surface — its leak check on commit bodies is meaningful.
+EXTERNAL_COMMS_SKIP_SURFACES=git-commit-message

package/hooks/external-comms-gate.sh

@@ -78,6 +78,10 @@ source "$SCRIPT_DIR/lib/external-comms-key.sh"
 #   EXTERNAL_COMMS_ASSESS_SKILL    — on-demand skill path for manual delegation
 #   EXTERNAL_COMMS_POLICY_FILE     — policy doc whose absence triggers advisory-only
 #   EXTERNAL_COMMS_LEAK_PREFILTER  — yes|no — whether to run leak-detect pre-filter
+#   EXTERNAL_COMMS_SKIP_SURFACES   — space-separated surface list this evaluator's
+#                                    policy disclaims; the marker-review delegation
+#                                    silent-passes on those surfaces (P360). Default
+#                                    empty (gate every detected surface).
 # Fail-closed if absent: this hook cannot operate without a configured evaluator.
 CONF_FILE="$SCRIPT_DIR/external-comms-evaluator.conf"
 if [ ! -f "$CONF_FILE" ]; then
@@ -91,6 +95,7 @@ source "$CONF_FILE"
 : "${EXTERNAL_COMMS_ASSESS_SKILL:?assess-skill missing from $CONF_FILE}"
 EXTERNAL_COMMS_POLICY_FILE="${EXTERNAL_COMMS_POLICY_FILE:-RISK-POLICY.md}"
 EXTERNAL_COMMS_LEAK_PREFILTER="${EXTERNAL_COMMS_LEAK_PREFILTER:-yes}"
+EXTERNAL_COMMS_SKIP_SURFACES="${EXTERNAL_COMMS_SKIP_SURFACES:-}"
 
 # ---------- Bypass ----------
 if [ "${BYPASS_RISK_GATE:-0}" = "1" ]; then
@@ -318,6 +323,26 @@ if [ "$EXTERNAL_COMMS_LEAK_PREFILTER" = "yes" ]; then
     fi
 fi
 
+# ---------- Per-evaluator surface skip (P360) ----------
+# Some surfaces are explicitly disclaimed by THIS evaluator's policy doc, so the
+# marker-review delegation below would be a guaranteed-PASS no-op (the subagent
+# reads the policy, declares the surface out of scope, emits PASS — ~19K tokens
+# per round-trip). EXTERNAL_COMMS_SKIP_SURFACES (per-package .conf) lists those
+# surfaces; the gate silent-passes the prose-review delegation when the detected
+# surface is on the list. Voice-tone sets this to `git-commit-message` because
+# docs/VOICE-AND-TONE.md § Scope excludes commit messages ("covered by ADR-014 +
+# ADR-018"); risk-scorer leaves it empty (its leak check on commit messages is
+# meaningful). Placed AFTER the leak pre-filter so a skipped surface still gets
+# credential/prod-URL scanning — this silences ONLY the prose-review deny, the
+# same conservative shape as the P365 repo-visibility precondition below.
+if [ -n "$EXTERNAL_COMMS_SKIP_SURFACES" ]; then
+    case " $EXTERNAL_COMMS_SKIP_SURFACES " in
+        *" $SURFACE "*)
+            exit 0
+            ;;
+    esac
+fi
+
 # ---------- Repo-visibility precondition: git-commit-message surface (P365) ----------
 # A commit message only becomes external-facing prose when it lands in a PUBLIC
 # GitHub repo (git log / PR commits tab / release-page auto-notes / CHANGELOG).

package/hooks/test/external-comms-gate.bats

@@ -247,143 +247,113 @@ run_hook() {
 }
 
 # ---------------------------------------------------------------------------
-# P082 Phase 1 — git commit message surface (voice-tone evaluator).
-# Commit messages reach git log / PR commits tab / release notes / CHANGELOG;
-# voice-tone evaluator gates the message body for AI-tells, hedging,
-# em-dashes, banned-phrase drift before the commit lands. Editor flow
-# (bare `git commit`) is out of scope per P082 SC1 — the message is
-# written to .git/COMMIT_EDITMSG AFTER PreToolUse fires.
+# P360 — voice-tone evaluator disclaims the git-commit-message surface.
+# docs/VOICE-AND-TONE.md § Scope explicitly excludes commit messages ("It does
+# NOT apply to: ... Commit messages (covered by ADR-014 + ADR-018)"), so a
+# voice-tone review of a commit-message body is a guaranteed-PASS no-op
+# (~19K tokens per round-trip). external-comms-evaluator.conf sets
+# EXTERNAL_COMMS_SKIP_SURFACES=git-commit-message, so the gate silent-passes the
+# prose-review delegation on this surface in EVERY repo — visibility-independent
+# (the P360 skip is placed ahead of the P365 visibility precondition). The
+# risk-scorer evaluator, whose .conf leaves the skip list empty, still gates
+# this surface (its leak check is meaningful) — covered by
+# packages/risk-scorer/hooks/test/external-comms-gate.bats.
+#
+# Supersedes the original P082 Phase 1 voice-tone commit-message tests, which
+# asserted DENY on PUBLIC — that gate fire was the no-op P360 removes.
 # ---------------------------------------------------------------------------
 
-@test "P082: git commit -m with literal -m body denies and delegates to voice-tone evaluator" {
+@test "P360: git commit -m silent-passes (voice-tone disclaims commit messages)" {
   mock_gh_visibility PUBLIC
   INPUT=$(build_bash_input "git commit -m \"I've implemented the feature\"")
   run_hook "$INPUT"
   [ "$status" -eq 0 ]
-  [[ "$output" == *"deny"* ]]
-  [[ "$output" == *"git-commit-message"* ]]
-  [[ "$output" == *"wr-voice-tone:external-comms"* ]]
+  [ -z "$output" ]
 }
 
-@test "P082: git commit --message with literal body denies and delegates" {
+@test "P360: git commit --message silent-passes with no marker round-trip" {
   mock_gh_visibility PUBLIC
   INPUT=$(build_bash_input "git commit --message \"happy to help further with this fix\"")
   run_hook "$INPUT"
   [ "$status" -eq 0 ]
-  [[ "$output" == *"deny"* ]]
-  [[ "$output" == *"git-commit-message"* ]]
+  [ -z "$output" ]
 }
 
-@test "P082: git commit --amend -m is intercepted (P082 SC2)" {
+@test "P360: git commit --amend -m silent-passes" {
   mock_gh_visibility PUBLIC
   INPUT=$(build_bash_input "git commit --amend -m \"rewritten subject\"")
   run_hook "$INPUT"
   [ "$status" -eq 0 ]
-  [[ "$output" == *"deny"* ]]
-  [[ "$output" == *"git-commit-message"* ]]
+  [ -z "$output" ]
 }
 
-@test "P082: git commit HEREDOC body is intercepted and the body becomes the marker key" {
-  # Build a HEREDOC-shaped command. The hook regex pulls the body BETWEEN
-  # the <<'EOF' opener and the closing EOF marker — the extracted DRAFT is
-  # the inner text, NOT the literal `$(cat <<'EOF' ... EOF)` wrapper.
+@test "P360: git commit HEREDOC body silent-passes without a marker" {
   mock_gh_visibility PUBLIC
   BODY=$'feat(foo): add bar\n\nWe observed a build failure on Node 20.'
   CMD=$'git commit -m "$(cat <<\'EOF\'\n'"$BODY"$'\nEOF\n)"'
   INPUT=$(build_bash_input "$CMD")
   run_hook "$INPUT"
   [ "$status" -eq 0 ]
-  [[ "$output" == *"deny"* ]]
-  [[ "$output" == *"git-commit-message"* ]]
-
-  # Pre-place the per-evaluator marker keyed on the extracted HEREDOC body
-  # + the git-commit-message surface; the second run must permit silently.
-  SURFACE="git-commit-message"
-  KEY=$(printf '%s\n%s' "$BODY" "$SURFACE" | shasum -a 256 | cut -d' ' -f1)
-  touch "${RDIR}/external-comms-voice-tone-reviewed-${KEY}"
-  run_hook "$INPUT"
-  [ "$status" -eq 0 ]
   [ -z "$output" ]
 }
 
-@test "P082: bare git commit (editor flow) is silently allowed per SC1" {
-  # No -m / --message → .git/COMMIT_EDITMSG doesn't exist at PreToolUse
-  # time. Phase 1 skip is pragmatic; the editor flow has user-eyeballs.
-  INPUT=$(build_bash_input "git commit")
+@test "P360: commit-message skip is visibility-independent (PRIVATE silent-passes)" {
+  mock_gh_visibility PRIVATE
+  INPUT=$(build_bash_input "git commit -m \"I've implemented the feature\"")
   run_hook "$INPUT"
   [ "$status" -eq 0 ]
   [ -z "$output" ]
 }
 
-@test "P082: git merge is silently allowed (not a git commit verb)" {
-  INPUT=$(build_bash_input "git merge --no-ff feature-branch")
+@test "P360: commit-message skip is visibility-independent (INTERNAL silent-passes)" {
+  mock_gh_visibility INTERNAL
+  INPUT=$(build_bash_input "git commit -m \"I've implemented the feature\"")
   run_hook "$INPUT"
   [ "$status" -eq 0 ]
   [ -z "$output" ]
 }
 
-@test "P082: BYPASS_RISK_GATE=1 short-circuits the git commit gate" {
+@test "P360: commit-message skip is visibility-independent (indeterminate gh silent-passes)" {
+  mock_gh_visibility FAIL
   INPUT=$(build_bash_input "git commit -m \"I've implemented the feature\"")
-  run bash -c "cd '$TEST_PROJECT_DIR' && BYPASS_RISK_GATE=1 printf '%s' \"\$1\" | BYPASS_RISK_GATE=1 '$HOOK'" _ "$INPUT"
-  [ "$status" -eq 0 ]
-  [ -z "$output" ]
-}
-
-@test "P082: per-evaluator marker keyed on (body, git-commit-message) permits the call" {
-  mock_gh_visibility PUBLIC
-  BODY="docs(retro): close iter 3 ask-hygiene trail"
-  SURFACE="git-commit-message"
-  KEY=$(printf '%s\n%s' "$BODY" "$SURFACE" | shasum -a 256 | cut -d' ' -f1)
-  touch "${RDIR}/external-comms-voice-tone-reviewed-${KEY}"
-
-  INPUT=$(build_bash_input "git commit -m \"$BODY\"")
   run_hook "$INPUT"
   [ "$status" -eq 0 ]
   [ -z "$output" ]
 }
 
-# ---------------------------------------------------------------------------
-# P365 — repo-visibility precondition on the git-commit-message surface.
-# Shared canonical hook (ADR-017 sync), so the precondition applies to the
-# voice-tone evaluator too: a commit message is external-facing prose ONLY in
-# a PUBLIC repo. In private/internal repos — or any indeterminate gh result —
-# the marker-review deny is a pure false-positive (user direction 2026-06-11:
-# "this MUST NOT fire for private repos"). Scoped to the git-commit-message
-# surface only; the gh-issue/pr/npm/changeset surfaces are inherently external
-# and stay gated regardless of repo visibility.
-# ---------------------------------------------------------------------------
-
-@test "P365: git commit -m in a PRIVATE repo silent-passes (no external-comms deny)" {
-  mock_gh_visibility PRIVATE
-  INPUT=$(build_bash_input "git commit -m \"I've implemented the feature\"")
+@test "P082: bare git commit (editor flow) is silently allowed per SC1" {
+  # No -m / --message → .git/COMMIT_EDITMSG doesn't exist at PreToolUse
+  # time. Phase 1 skip is pragmatic; the editor flow has user-eyeballs.
+  INPUT=$(build_bash_input "git commit")
   run_hook "$INPUT"
   [ "$status" -eq 0 ]
   [ -z "$output" ]
 }
 
-@test "P365: git commit -m in an INTERNAL repo silent-passes" {
-  mock_gh_visibility INTERNAL
-  INPUT=$(build_bash_input "git commit -m \"I've implemented the feature\"")
+@test "P082: git merge is silently allowed (not a git commit verb)" {
+  INPUT=$(build_bash_input "git merge --no-ff feature-branch")
   run_hook "$INPUT"
   [ "$status" -eq 0 ]
   [ -z "$output" ]
 }
 
-@test "P365: git commit -m when gh is unavailable/indeterminate silent-passes (fail-non-public)" {
-  mock_gh_visibility FAIL
+@test "P082: BYPASS_RISK_GATE=1 short-circuits the git commit gate" {
   INPUT=$(build_bash_input "git commit -m \"I've implemented the feature\"")
-  run_hook "$INPUT"
+  run bash -c "cd '$TEST_PROJECT_DIR' && BYPASS_RISK_GATE=1 printf '%s' \"\$1\" | BYPASS_RISK_GATE=1 '$HOOK'" _ "$INPUT"
   [ "$status" -eq 0 ]
   [ -z "$output" ]
 }
 
-@test "P365: git commit -m in a PUBLIC repo still denies+delegates (gate intact, precondition surface-scoped)" {
+@test "P360: the skip is surface-scoped — gh-issue is NOT skipped (still denies+delegates)" {
+  # EXTERNAL_COMMS_SKIP_SURFACES lists only git-commit-message; the inherently
+  # external gh-issue surface stays gated. Guards against the skip list over-
+  # matching (e.g. a substring or blanket-skip regression).
   mock_gh_visibility PUBLIC
-  INPUT=$(build_bash_input "git commit -m \"I've implemented the feature\"")
+  INPUT=$(build_bash_input "gh issue create --title x --body 'a clean issue body'")
   run_hook "$INPUT"
   [ "$status" -eq 0 ]
   [[ "$output" == *"deny"* ]]
-  [[ "$output" == *"git-commit-message"* ]]
+  [[ "$output" == *"wr-voice-tone:external-comms"* ]]
 }
 
 @test "P365: PRIVATE visibility does NOT short-circuit the gh-issue surface (still denies+delegates)" {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@windyroad/voice-tone",
-  "version": "0.5.13",
+  "version": "0.5.14-preview.746",
   "description": "Voice and tone enforcement for user-facing copy",
   "bin": {
     "windyroad-voice-tone": "./bin/install.mjs"