@wooojin/forgen 0.3.1 → 0.3.2

package/dist/engine/solution-outcomes.js

@@ -2,6 +2,8 @@ import * as fs from 'node:fs';
 import * as path from 'node:path';
 import { OUTCOMES_DIR, STATE_DIR } from '../core/paths.js';
 import { sanitizeId } from '../hooks/shared/sanitize-id.js';
+import { withFileLockSync, FileLockError } from '../hooks/shared/file-lock.js';
+import { atomicWriteJSON } from '../hooks/shared/atomic-write.js';
 import { createLogger } from '../core/logger.js';
 const log = createLogger('solution-outcomes');
 function pendingPath(sessionId) {
@@ -24,12 +26,41 @@ function readPending(sessionId) {
 function writePending(sessionId, state) {
     const p = pendingPath(sessionId);
     fs.mkdirSync(STATE_DIR, { recursive: true });
-    fs.writeFileSync(p, JSON.stringify(state));
+    atomicWriteJSON(p, state, { mode: 0o600, dirMode: 0o700 });
 }
 function appendOutcome(event) {
     fs.mkdirSync(OUTCOMES_DIR, { recursive: true });
     fs.appendFileSync(outcomesPath(event.session_id), JSON.stringify(event) + '\n');
 }
+/**
+ * Run a read-modify-write pending-state mutation under a file lock
+ * (2026-04-21 audit fix #9).
+ *
+ * Prior code (`readPending` → in-memory mutate → `writePending`) was not
+ * serialised, so inject + correction + error hooks racing on the same
+ * session could lose or duplicate outcome events. The entire critical
+ * section now sits inside `withFileLockSync`; the lock file lives next
+ * to the pending file itself. A lock-acquire failure falls through
+ * fail-open (outcome tracking must never block the user).
+ */
+function mutatePending(sessionId, fn) {
+    const p = pendingPath(sessionId);
+    fs.mkdirSync(STATE_DIR, { recursive: true });
+    try {
+        let result = null;
+        withFileLockSync(p, () => {
+            result = fn();
+        });
+        return result;
+    }
+    catch (e) {
+        if (e instanceof FileLockError) {
+            log.debug(`pending lock 실패 — skip (fail-open): ${e.message}`);
+            return null;
+        }
+        throw e;
+    }
+}
 /**
  * Record that solutions were injected. Called from solution-injector right
  * after `approveWithContext` is emitted. Fails silently — outcome tracking
@@ -39,12 +70,14 @@ export function appendPending(sessionId, injections) {
     if (!sessionId || injections.length === 0)
         return;
     try {
-        const state = readPending(sessionId);
-        const ts = Date.now();
-        for (const inj of injections) {
-            state.pending.push({ ...inj, ts });
-        }
-        writePending(sessionId, state);
+        mutatePending(sessionId, () => {
+            const state = readPending(sessionId);
+            const ts = Date.now();
+            for (const inj of injections) {
+                state.pending.push({ ...inj, ts });
+            }
+            writePending(sessionId, state);
+        });
     }
     catch (e) {
         log.debug(`appendPending failed: ${e instanceof Error ? e.message : String(e)}`);
@@ -62,29 +95,37 @@ export function flushAccept(sessionId, excludeSolutions = new Set()) {
     if (!sessionId)
         return 0;
     try {
-        const state = readPending(sessionId);
-        if (state.pending.length === 0)
-            return 0;
-        const now = Date.now();
-        const kept = [];
-        let flushed = 0;
-        for (const p of state.pending) {
-            if (excludeSolutions.has(p.solution))
-                continue;
-            appendOutcome({
-                ts: now,
-                session_id: sessionId,
-                solution: p.solution,
-                match_score: p.match_score,
-                injected_chars: p.injected_chars,
-                outcome: 'accept',
-                outcome_lag_ms: now - p.ts,
-                attribution: 'default',
-            });
-            flushed++;
-        }
-        writePending(sessionId, { pending: kept, last_prompt_ts: now });
-        return flushed;
+        const result = mutatePending(sessionId, () => {
+            const state = readPending(sessionId);
+            if (state.pending.length === 0)
+                return 0;
+            const now = Date.now();
+            const kept = [];
+            let flushed = 0;
+            for (const p of state.pending) {
+                // P1-L1 fix (2026-04-20): 이전에는 excluded pending을 `continue`로 건너뛰면서
+                // `kept`에도 push 안 하고 appendOutcome도 안 해서 증거 없이 사라졌다.
+                // 이미 correct/error로 attribute된 항목은 보존 (나중 prompt에서 재처리 방지).
+                if (excludeSolutions.has(p.solution)) {
+                    kept.push(p);
+                    continue;
+                }
+                appendOutcome({
+                    ts: now,
+                    session_id: sessionId,
+                    solution: p.solution,
+                    match_score: p.match_score,
+                    injected_chars: p.injected_chars,
+                    outcome: 'accept',
+                    outcome_lag_ms: now - p.ts,
+                    attribution: 'default',
+                });
+                flushed++;
+            }
+            writePending(sessionId, { pending: kept, last_prompt_ts: now });
+            return flushed;
+        });
+        return result ?? 0;
     }
     catch (e) {
         log.debug(`flushAccept failed: ${e instanceof Error ? e.message : String(e)}`);
@@ -105,38 +146,64 @@ export function attributeCorrection(sessionId) {
     if (!sessionId)
         return [];
     try {
-        const state = readPending(sessionId);
-        if (state.pending.length === 0)
-            return [];
-        const now = Date.now();
-        const attributed = [];
-        for (const p of state.pending) {
-            appendOutcome({
-                ts: now,
-                session_id: sessionId,
-                solution: p.solution,
-                match_score: p.match_score,
-                injected_chars: p.injected_chars,
-                outcome: 'correct',
-                outcome_lag_ms: now - p.ts,
-                attribution: 'explicit',
-            });
-            attributed.push(p.solution);
-        }
-        writePending(sessionId, { pending: [], last_prompt_ts: state.last_prompt_ts });
-        return attributed;
+        const result = mutatePending(sessionId, () => {
+            const state = readPending(sessionId);
+            if (state.pending.length === 0)
+                return [];
+            const now = Date.now();
+            const attributed = [];
+            for (const p of state.pending) {
+                appendOutcome({
+                    ts: now,
+                    session_id: sessionId,
+                    solution: p.solution,
+                    match_score: p.match_score,
+                    injected_chars: p.injected_chars,
+                    outcome: 'correct',
+                    outcome_lag_ms: now - p.ts,
+                    attribution: 'explicit',
+                });
+                attributed.push(p.solution);
+            }
+            writePending(sessionId, { pending: [], last_prompt_ts: state.last_prompt_ts });
+            return attributed;
+        });
+        return result ?? [];
     }
     catch (e) {
         log.debug(`attributeCorrection failed: ${e instanceof Error ? e.message : String(e)}`);
         return [];
     }
 }
+/**
+ * Attribution gates for error events (2026-04-21 fix):
+ *   - MIN_ERROR_MATCH_SCORE: solutions injected on thin relevance (< 0.3)
+ *     are unlikely to have caused unrelated tool failures. Attributing
+ *     error to them distorts fitness and poisons the Phase 4 evolver.
+ *   - MAX_ATTRIBUTION_LAG_MS: errors more than 5 minutes after injection
+ *     are too temporally distant — the user has likely moved on to work
+ *     the solution has no bearing on.
+ *   - MAX_ATTRIBUTED_PER_ERROR: cap at the top 3 most-relevant pending
+ *     solutions so a broad inject batch doesn't scatter false blame.
+ *
+ * Data audit (2026-04-21, ~/.forgen/state/outcomes/ 260 sessions):
+ *   Top-3 "error" solutions = 80% of all error events, injected at score
+ *   0.15/0.21 nearly every session. Without these gates, fitness
+ *   classification drags good-but-low-score solutions into underperform.
+ */
+const MIN_ERROR_MATCH_SCORE = 0.3;
+const MAX_ATTRIBUTION_LAG_MS = 5 * 60 * 1000;
+const MAX_ATTRIBUTED_PER_ERROR = 3;
 /**
  * Attribute a tool error to pending solutions in this session. Called from
  * post-tool-failure hook. Unlike corrections, errors do not clear pending
  * — an error is a weaker signal and the next user prompt can still produce
  * a correct/accept decision.
  *
+ * Only the top-K most-relevant, recent, above-threshold pending solutions
+ * are attributed (see gates above). Below-threshold or stale pending
+ * entries are left untouched — they will resolve via accept/unknown later.
+ *
  * To avoid flooding the log with duplicate errors for the same pending
  * batch, we cap at one `error` event per (session, solution) pair per
  * pending-cycle by tracking a `error_flagged` set in the pending state.
@@ -145,33 +212,40 @@ export function attributeError(sessionId) {
     if (!sessionId)
         return [];
     try {
-        const state = readPending(sessionId);
-        if (state.pending.length === 0)
-            return [];
-        const flaggedKey = `__error_flagged`;
-        const existing = state[flaggedKey];
-        const flagged = new Set(Array.isArray(existing) ? existing : []);
-        const now = Date.now();
-        const flaggedThisCall = [];
-        for (const p of state.pending) {
-            if (flagged.has(p.solution))
-                continue;
-            appendOutcome({
-                ts: now,
-                session_id: sessionId,
-                solution: p.solution,
-                match_score: p.match_score,
-                injected_chars: p.injected_chars,
-                outcome: 'error',
-                outcome_lag_ms: now - p.ts,
-                attribution: 'window',
-            });
-            flagged.add(p.solution);
-            flaggedThisCall.push(p.solution);
-        }
-        state[flaggedKey] = Array.from(flagged);
-        writePending(sessionId, state);
-        return flaggedThisCall;
+        const result = mutatePending(sessionId, () => {
+            const state = readPending(sessionId);
+            if (state.pending.length === 0)
+                return [];
+            const flaggedKey = `__error_flagged`;
+            const existing = state[flaggedKey];
+            const flagged = new Set(Array.isArray(existing) ? existing : []);
+            const now = Date.now();
+            const eligible = state.pending
+                .filter((p) => !flagged.has(p.solution))
+                .filter((p) => p.match_score >= MIN_ERROR_MATCH_SCORE)
+                .filter((p) => now - p.ts <= MAX_ATTRIBUTION_LAG_MS)
+                .sort((a, b) => b.match_score - a.match_score)
+                .slice(0, MAX_ATTRIBUTED_PER_ERROR);
+            const flaggedThisCall = [];
+            for (const p of eligible) {
+                appendOutcome({
+                    ts: now,
+                    session_id: sessionId,
+                    solution: p.solution,
+                    match_score: p.match_score,
+                    injected_chars: p.injected_chars,
+                    outcome: 'error',
+                    outcome_lag_ms: now - p.ts,
+                    attribution: 'window',
+                });
+                flagged.add(p.solution);
+                flaggedThisCall.push(p.solution);
+            }
+            state[flaggedKey] = Array.from(flagged);
+            writePending(sessionId, state);
+            return flaggedThisCall;
+        });
+        return result ?? [];
     }
     catch (e) {
         log.debug(`attributeError failed: ${e instanceof Error ? e.message : String(e)}`);
@@ -187,26 +261,29 @@ export function finalizeSession(sessionId) {
     if (!sessionId)
         return 0;
     try {
-        const state = readPending(sessionId);
-        const now = Date.now();
-        let finalized = 0;
-        for (const p of state.pending) {
-            appendOutcome({
-                ts: now,
-                session_id: sessionId,
-                solution: p.solution,
-                match_score: p.match_score,
-                injected_chars: p.injected_chars,
-                outcome: 'unknown',
-                outcome_lag_ms: now - p.ts,
-                attribution: 'session_end',
-            });
-            finalized++;
-        }
-        const p = pendingPath(sessionId);
-        if (fs.existsSync(p))
-            fs.unlinkSync(p);
-        return finalized;
+        const result = mutatePending(sessionId, () => {
+            const state = readPending(sessionId);
+            const now = Date.now();
+            let finalized = 0;
+            for (const p of state.pending) {
+                appendOutcome({
+                    ts: now,
+                    session_id: sessionId,
+                    solution: p.solution,
+                    match_score: p.match_score,
+                    injected_chars: p.injected_chars,
+                    outcome: 'unknown',
+                    outcome_lag_ms: now - p.ts,
+                    attribution: 'session_end',
+                });
+                finalized++;
+            }
+            const pendingFile = pendingPath(sessionId);
+            if (fs.existsSync(pendingFile))
+                fs.unlinkSync(pendingFile);
+            return finalized;
+        });
+        return result ?? 0;
     }
     catch (e) {
         log.debug(`finalizeSession failed: ${e instanceof Error ? e.message : String(e)}`);

package/dist/engine/solution-writer.d.ts

@@ -71,11 +71,14 @@ export declare function mutateSolutionByName(name: string, mutator: SolutionMuta
 }): boolean;
 /**
  * Evidence 카운터 단일 증가 helper.
- * mutateSolutionByName + 카운터 증가 패턴을 한 줄로.
  *
- * Also graduates Phase 4 candidates: when a `status: candidate` solution's
- * injected count reaches `CANDIDATE_PROMOTION_INJECTIONS`, its status flips
- * to `verified` in the same write. This keeps the exploration bonus from
- * clinging to a solution that has had enough trials.
+ * Invariant: status/confidence 같은 lifecycle 필드는 건드리지 않는다.
+ * 모든 status 전이는 compound-lifecycle.ts::runLifecycleCheck(자동, reflected
+ * /sessions/reExtracted + age-gate 기반)과 verifySolution(수동 명령)이라는
+ * 단일 경로로만 일어난다. dual-path 금지.
+ *
+ * 과거에는 inject≥5 자동 verified 승급이 이 함수 안에 있었는데, 그것은 outcome
+ * 증거 없이도 candidate를 승급시켜 self-rewarding 편향을 만들었다. 2026-04-20
+ * 제거 (feedback_core_loop_invariant 참고).
  */
 export declare function incrementEvidence(solutionName: string, field: 'reflected' | 'negative' | 'injected' | 'sessions' | 'reExtracted'): boolean;

package/dist/engine/solution-writer.js

@@ -31,6 +31,7 @@ import { atomicWriteText } from '../hooks/shared/atomic-write.js';
 import { parseFrontmatterOnly, parseSolutionV3, serializeSolutionV3, } from './solution-format.js';
 import { ME_SOLUTIONS, ME_RULES } from '../core/paths.js';
 import { createLogger } from '../core/logger.js';
+import { getOrBuildIndex } from './solution-index.js';
 const log = createLogger('solution-writer');
 /**
  * 단일 .md 파일에 lock 보호된 read-modify-write 수행.
@@ -96,7 +97,40 @@ export function mutateSolutionFile(filePath, mutator) {
  * symlink는 보안상 무시 (lstatSync 가드).
  */
 export function mutateSolutionByName(name, mutator, options) {
-    const dirs = [ME_SOLUTIONS, ME_RULES, ...(options?.extraDirs ?? [])];
+    const extraDirs = options?.extraDirs ?? [];
+    const dirs = [ME_SOLUTIONS, ME_RULES, ...extraDirs];
+    // P0-3 fast path (2026-04-20): solution-index의 캐시에서 name→filePath를
+    // O(1) 조회. 과거에는 매 호출마다 dir readdir + N번 readFileSync + YAML parse
+    // (N=500일 때 hook당 최대 1500회 I/O)로 5초 timeout을 위협했다.
+    // 인덱스 miss/stale 시 아래 기존 O(N) 스캔 경로로 fallback한다.
+    try {
+        const indexDirs = [
+            { dir: ME_SOLUTIONS, scope: 'me' },
+            { dir: ME_RULES, scope: 'me' },
+            ...extraDirs.map((d) => ({ dir: d, scope: 'project' })),
+        ];
+        const idx = getOrBuildIndex(indexDirs);
+        const entry = idx.entries.find(e => e.name === name);
+        if (entry?.filePath && fs.existsSync(entry.filePath)) {
+            let isSymlink = true;
+            try {
+                isSymlink = fs.lstatSync(entry.filePath).isSymbolicLink();
+            }
+            catch { /* fall through to full scan */ }
+            if (!isSymlink) {
+                const result = mutateSolutionFile(entry.filePath, sol => {
+                    if (sol.frontmatter.name !== name)
+                        return false;
+                    return mutator(sol);
+                });
+                if (result)
+                    return true;
+                // 인덱스가 stale(이름이 바뀌었거나 파일이 재생성됨)이면 fallback 경로로.
+            }
+        }
+    }
+    catch { /* 인덱스 빌드 실패 — fallback */ }
+    // Fallback: 전체 디렉터리 스캔 (인덱스 miss / stale 시)
     for (const dir of dirs) {
         if (!fs.existsSync(dir))
             continue;
@@ -142,22 +176,17 @@ export function mutateSolutionByName(name, mutator, options) {
     }
     return false;
 }
-/**
- * Phase 4 candidate promotion threshold: a `status: candidate` solution
- * automatically graduates to `status: verified` once its injected count
- * crosses this cutoff. At that point the cold-start exploration bonus
- * (solution-matcher.ts) disappears naturally, since the bonus keys off
- * `candidate` status.
- */
-const CANDIDATE_PROMOTION_INJECTIONS = 5;
 /**
  * Evidence 카운터 단일 증가 helper.
- * mutateSolutionByName + 카운터 증가 패턴을 한 줄로.
  *
- * Also graduates Phase 4 candidates: when a `status: candidate` solution's
- * injected count reaches `CANDIDATE_PROMOTION_INJECTIONS`, its status flips
- * to `verified` in the same write. This keeps the exploration bonus from
- * clinging to a solution that has had enough trials.
+ * Invariant: status/confidence 같은 lifecycle 필드는 건드리지 않는다.
+ * 모든 status 전이는 compound-lifecycle.ts::runLifecycleCheck(자동, reflected
+ * /sessions/reExtracted + age-gate 기반)과 verifySolution(수동 명령)이라는
+ * 단일 경로로만 일어난다. dual-path 금지.
+ *
+ * 과거에는 inject≥5 자동 verified 승급이 이 함수 안에 있었는데, 그것은 outcome
+ * 증거 없이도 candidate를 승급시켜 self-rewarding 편향을 만들었다. 2026-04-20
+ * 제거 (feedback_core_loop_invariant 참고).
  */
 export function incrementEvidence(solutionName, field) {
     return mutateSolutionByName(solutionName, sol => {
@@ -165,11 +194,6 @@ export function incrementEvidence(solutionName, field) {
         if (!(field in ev))
             return false;
         ev[field] = (ev[field] ?? 0) + 1;
-        if (field === 'injected' &&
-            sol.frontmatter.status === 'candidate' &&
-            ev.injected >= CANDIDATE_PROMOTION_INJECTIONS) {
-            sol.frontmatter.status = 'verified';
-        }
         return true;
     });
 }

package/dist/fgx.js

@@ -15,10 +15,17 @@ if (!launchArgs.includes('--dangerously-skip-permissions')) {
     launchArgs.unshift('--dangerously-skip-permissions');
 }
 async function main() {
-    // Security warning — fgx bypasses all Claude Code permission checks
+    // Security warning — fgx bypasses all Claude Code permission checks.
+    //
+    // Audit fix #3 (2026-04-21): The warning banner is shown regardless of
+    // the user's profile trust policy, which means "가드레일 우선" users who
+    // alias `fgx` unknowingly run with zero guardrails. Users who rely on
+    // the profile trust policy should NOT use `fgx`. Surface the mismatch
+    // loudly (harness.ts also prints the Trust 상승 warning downstream).
     console.warn('\n  ⚠  fgx: ALL permission checks are disabled (--dangerously-skip-permissions)');
     console.warn('  ⚠  Claude Code will execute tools without asking for confirmation.');
-    console.warn('  ⚠  Use only in trusted environments.\n');
+    console.warn('  ⚠  Use only in trusted environments. If your profile trust policy is');
+    console.warn('  ⚠  "가드레일 우선" or "승인 완화", consider `forgen` (no flag) instead.\n');
     // fgx는 서브커맨드 없이 바로 Claude Code 실행 전용
     const firstRun = isFirstRun();
     if (firstRun) {

package/dist/forge/cli.js

@@ -58,7 +58,7 @@ async function handleReset(level) {
     }
     // 동적 import로 store 모듈 로드
     const fs = await import('node:fs');
-    const { V1_PROFILE, V1_RULES_DIR, V1_EVIDENCE_DIR, V1_RECOMMENDATIONS_DIR, V1_SESSIONS_DIR, V1_RAW_LOGS_DIR, V1_SOLUTIONS_DIR } = await import('../core/paths.js');
+    const { FORGE_PROFILE, ME_RULES, ME_BEHAVIOR, V1_RECOMMENDATIONS_DIR, V1_SESSIONS_DIR, V1_RAW_LOGS_DIR, ME_SOLUTIONS } = await import('../core/paths.js');
     const deleteDirs = (dirs) => {
         for (const dir of dirs) {
             try {
@@ -75,18 +75,18 @@ async function handleReset(level) {
         catch { /* ignore */ }
     };
     if (level === 'soft') {
-        deleteFile(V1_PROFILE);
-        deleteDirs([V1_RULES_DIR, V1_RECOMMENDATIONS_DIR, V1_SESSIONS_DIR]);
+        deleteFile(FORGE_PROFILE);
+        deleteDirs([ME_RULES, V1_RECOMMENDATIONS_DIR, V1_SESSIONS_DIR]);
         console.log('\n  Soft reset 완료. Profile + Rule + Recommendation + Session 초기화.');
     }
     else if (level === 'learning') {
-        deleteFile(V1_PROFILE);
-        deleteDirs([V1_RULES_DIR, V1_EVIDENCE_DIR, V1_RECOMMENDATIONS_DIR, V1_SESSIONS_DIR, V1_RAW_LOGS_DIR]);
+        deleteFile(FORGE_PROFILE);
+        deleteDirs([ME_RULES, ME_BEHAVIOR, V1_RECOMMENDATIONS_DIR, V1_SESSIONS_DIR, V1_RAW_LOGS_DIR]);
         console.log('\n  Learning reset 완료. 개인 학습 전체 초기화.');
     }
     else if (level === 'full') {
-        deleteFile(V1_PROFILE);
-        deleteDirs([V1_RULES_DIR, V1_EVIDENCE_DIR, V1_RECOMMENDATIONS_DIR, V1_SESSIONS_DIR, V1_RAW_LOGS_DIR, V1_SOLUTIONS_DIR]);
+        deleteFile(FORGE_PROFILE);
+        deleteDirs([ME_RULES, ME_BEHAVIOR, V1_RECOMMENDATIONS_DIR, V1_SESSIONS_DIR, V1_RAW_LOGS_DIR, ME_SOLUTIONS]);
         console.log('\n  Full reset 완료. Compound 포함 전체 초기화.');
     }
     // Reset 후 자동 온보딩 (interactive 환경에서만)

package/dist/hooks/context-guard.js

@@ -19,6 +19,7 @@ import { loadHookConfig, isHookEnabled } from './hook-config.js';
 import { approve, approveWithContext, approveWithWarning, failOpenWithTracking } from './shared/hook-response.js';
 import { HANDOFFS_DIR, STATE_DIR } from '../core/paths.js';
 import { recordHookTiming } from './shared/hook-timing.js';
+import { sanitizeId } from './shared/sanitize-id.js';
 const log = createLogger('context-guard');
 const CONTEXT_STATE_PATH = path.join(STATE_DIR, 'context-guard.json');
 // 경고 임계값: 프롬프트 50회 또는 총 문자 수 200K 이상
@@ -89,6 +90,17 @@ export async function main() {
         // Stop 훅: stop_hook_type이 있으면 처리
         if (input.stop_hook_type) {
             _hookEvent = 'Stop';
+            // 세션 종료 시 pending outcome을 unknown으로 finalize.
+            // 과거에는 프로덕션에서 호출되지 않아 pending이 다음 세션의 flushAccept에
+            // accept로 쓸려들어가는 구조적 optimistic bias가 있었다 (2026-04-20).
+            // finalizeSession은 idempotent (pending 없으면 0 반환, 에러는 log.debug만).
+            try {
+                const { finalizeSession } = await import('../engine/solution-outcomes.js');
+                finalizeSession(sessionId);
+            }
+            catch (e) {
+                log.debug('finalizeSession 실패 (fail-open)', e);
+            }
             // forge-loop 활성 시 미완료 스토리 감지 → 지속 메시지 주입 (polite-stop 방지)
             const forgeLoopBlock = checkForgeLoopActive();
             if (forgeLoopBlock) {
@@ -181,7 +193,9 @@ export async function main() {
  */
 function buildSessionSummary(sessionId, promptCount) {
     try {
-        const cachePath = path.join(STATE_DIR, `solution-cache-${sessionId}.json`);
+        // P1-S3 fix (2026-04-20): sanitizeId로 path traversal 차단.
+        // 다른 세션 캐시 경로는 모두 sanitizeId 사용. 여기만 누락되어 있었다.
+        const cachePath = path.join(STATE_DIR, `solution-cache-${sanitizeId(sessionId)}.json`);
         if (!fs.existsSync(cachePath))
             return '';
         const cache = JSON.parse(fs.readFileSync(cachePath, 'utf-8'));

package/dist/hooks/hook-config.d.ts

@@ -25,6 +25,8 @@
  */
 /** 훅 설정 파일의 전체 구조 타입 */
 export type HookConfig = Record<string, unknown>;
+/** 테스트/진단용: 보호된 훅 이름 집합 스냅샷. */
+export declare function getProtectedHookNames(): string[];
 /**
  * 프로젝트의 작업 디렉토리를 결정합니다.
  * FORGEN_CWD → COMPOUND_CWD → process.cwd() 순서.
@@ -46,9 +48,15 @@ export declare function loadHookConfig(hookName: string): Record<string, unknown
 /**
  * 훅이 활성화되어 있는지 확인합니다.
  *
+ * Invariant: compound-core 티어 및 compoundCritical=true 훅은 어떤 config
+ * 경로(개별 hooks / tier / 레거시)로도 비활성화되지 않는다. config 값과 무관하게
+ * 항상 true를 반환한다. 이는 복리화 3축(승급/rollback/피드백)을 project-level
+ * config 실수로 조용히 끄는 dual-path를 차단하는 단일 진입점 가드다.
+ *
  * 우선순위:
+ *   0. PROTECTED_HOOKS에 속하면 → 즉시 true (가드레일)
  *   1. hooks.hookName.enabled (개별 훅 설정)
- *   2. tiers.tierName.enabled (티어 설정) — compound-core는 티어 비활성화 무시
+ *   2. tiers.tierName.enabled (티어 설정)
  *   3. hookName.enabled (레거시 형식)
  *   4. 기본값 true (하위호환)
  */

package/dist/hooks/hook-config.js

@@ -33,6 +33,19 @@ const GLOBAL_CONFIG_PATH = path.join(FORGEN_HOME, 'hook-config.json');
  * 이중 구현 방지: HOOK_REGISTRY가 단일 소스 오브 트루스.
  */
 const HOOK_TIER_MAP = Object.fromEntries(HOOK_REGISTRY.map(h => [h.name, h.tier]));
+/**
+ * compound-core 티어이거나 compoundCritical=true로 선언된 훅은 project/글로벌
+ * config의 어떤 경로로도 비활성화할 수 없다. 복리화 피드백 루프(승급·outcome
+ * 추적·세션 복구)를 project-level 설정 실수로 조용히 끄는 것을 차단한다.
+ * (feedback_core_loop_invariant — 2026-04-20)
+ */
+const PROTECTED_HOOKS = new Set(HOOK_REGISTRY
+    .filter(h => h.tier === 'compound-core' || h.compoundCritical === true)
+    .map(h => h.name));
+/** 테스트/진단용: 보호된 훅 이름 집합 스냅샷. */
+export function getProtectedHookNames() {
+    return [...PROTECTED_HOOKS].sort();
+}
 /**
  * 프로젝트의 작업 디렉토리를 결정합니다.
  * FORGEN_CWD → COMPOUND_CWD → process.cwd() 순서.
@@ -120,13 +133,22 @@ export function loadHookConfig(hookName) {
 /**
  * 훅이 활성화되어 있는지 확인합니다.
  *
+ * Invariant: compound-core 티어 및 compoundCritical=true 훅은 어떤 config
+ * 경로(개별 hooks / tier / 레거시)로도 비활성화되지 않는다. config 값과 무관하게
+ * 항상 true를 반환한다. 이는 복리화 3축(승급/rollback/피드백)을 project-level
+ * config 실수로 조용히 끄는 dual-path를 차단하는 단일 진입점 가드다.
+ *
  * 우선순위:
+ *   0. PROTECTED_HOOKS에 속하면 → 즉시 true (가드레일)
  *   1. hooks.hookName.enabled (개별 훅 설정)
- *   2. tiers.tierName.enabled (티어 설정) — compound-core는 티어 비활성화 무시
+ *   2. tiers.tierName.enabled (티어 설정)
  *   3. hookName.enabled (레거시 형식)
  *   4. 기본값 true (하위호환)
  */
 export function isHookEnabled(hookName) {
+    // 0) compound-core 가드레일 — config 어떤 경로로도 끌 수 없음
+    if (PROTECTED_HOOKS.has(hookName))
+        return true;
     const all = loadFullConfig();
     if (!all)
         return true;
@@ -136,9 +158,9 @@ export function isHookEnabled(hookName) {
         return false;
     if (hooksSection?.[hookName]?.enabled === true)
         return true;
-    // 2) 티어 설정 — compound-core는 절대 티어 비활성화로 끄지 않음
+    // 2) 티어 설정
     const tier = HOOK_TIER_MAP[hookName];
-    if (tier && tier !== 'compound-core') {
+    if (tier) {
         const tiers = all.tiers;
         if (tiers?.[tier]?.enabled === false)
             return false;

package/dist/hooks/internal/run-lifecycle-check.d.ts

@@ -0,0 +1,2 @@
+#!/usr/bin/env node
+export {};