@wooojin/forgen 0.3.2 → 0.4.1

package/dist/engine/lifecycle/trigger-t5-conflict.js

@@ -0,0 +1,78 @@
+/**
+ * T5 — 규칙 충돌 (conflict_detected).
+ *
+ * 트리거 조건:
+ *   같은 category 인 rule pair 중, policy 자연어가 상반 (negation + 공통 키워드 ≥ 2).
+ *
+ * auto-merge 안 함. conflict_refs 플래그만 설정 → 사용자 수동 해소.
+ */
+const NEGATION_RE = /\b(없|금지|마라|말라|하지\s*않|don'?t|never|not\s+|no\s+|avoid)\b/i;
+function tokens(policy) {
+    return new Set(policy
+        .toLowerCase()
+        .replace(/[.,;:!?()[\]{}"'`~]/g, ' ')
+        .split(/\s+/)
+        .filter((w) => w.length >= 3));
+}
+function sharedTokens(a, b, min) {
+    let count = 0;
+    for (const t of a)
+        if (b.has(t)) {
+            count += 1;
+            if (count >= min)
+                return true;
+        }
+    return false;
+}
+export function detect(input) {
+    const minShared = input.min_shared_tokens ?? 2;
+    const ts = input.ts ?? Date.now();
+    const events = [];
+    const reported = new Set(); // 'a|b' 쌍 중복 방지
+    // M/T5 fix: 짧은 policy 는 토큰 overlap 이 우연히 발생하기 쉬우므로 20자 이상만.
+    // scope 도 같아야 — session-scoped 임시 규칙과 me-scope 영구 규칙이 서로 충돌로 잡히면 노이즈.
+    const active = input.rules.filter((r) => r.status === 'active' && r.policy.length >= 20);
+    for (let i = 0; i < active.length; i++) {
+        const a = active[i];
+        const aTokens = tokens(a.policy);
+        const aNeg = NEGATION_RE.test(a.policy);
+        for (let j = i + 1; j < active.length; j++) {
+            const b = active[j];
+            if (a.category !== b.category)
+                continue;
+            if (a.scope !== b.scope)
+                continue; // M/T5: scope 불일치 시 pair 아님
+            const bTokens = tokens(b.policy);
+            const bNeg = NEGATION_RE.test(b.policy);
+            if (aNeg === bNeg)
+                continue; // 같은 어조 — 충돌 아님
+            if (!sharedTokens(aTokens, bTokens, minShared))
+                continue;
+            const key = [a.rule_id, b.rule_id].sort().join('|');
+            if (reported.has(key))
+                continue;
+            reported.add(key);
+            events.push({
+                kind: 't5_conflict_detected',
+                rule_id: a.rule_id,
+                evidence: {
+                    source: 'rule-pairing',
+                    refs: [a.rule_id, b.rule_id],
+                },
+                suggested_action: 'flag',
+                ts,
+            });
+            events.push({
+                kind: 't5_conflict_detected',
+                rule_id: b.rule_id,
+                evidence: {
+                    source: 'rule-pairing',
+                    refs: [a.rule_id, b.rule_id],
+                },
+                suggested_action: 'flag',
+                ts,
+            });
+        }
+    }
+    return events;
+}

package/dist/engine/lifecycle/types.d.ts

@@ -0,0 +1,52 @@
+/**
+ * ADR-002 Lifecycle event model.
+ *
+ * 오케스트레이터가 발행하는 이벤트 — rule 상태 전이의 단위.
+ * 이 파일은 타입만 정의. 실제 이벤트 발행/소비 로직은 각 trigger-*.ts 참조.
+ */
+export type LifecycleEventKind = 't1_explicit_correction' | 't2_repeated_violation' | 't3_user_bypass' | 't4_time_decay' | 't5_conflict_detected' | 'meta_promote_to_a' | 'meta_demote_to_b';
+export type LifecycleSuggestedAction = 'flag' | 'suppress' | 'retire' | 'merge' | 'supersede' | 'promote_mech' | 'demote_mech';
+export interface LifecycleEvent {
+    kind: LifecycleEventKind;
+    rule_id: string;
+    session_id?: string;
+    evidence?: {
+        source: string;
+        refs: string[];
+        metrics?: Record<string, number>;
+    };
+    suggested_action: LifecycleSuggestedAction;
+    /** T5 merge 전용: 흡수 대상 rule_id */
+    merged_into?: string;
+    /** T1 supersede 전용: 교체 rule_id */
+    superseded_by?: string;
+    ts: number;
+}
+/**
+ * 트리거들이 공유하는 rule-level 시그널 집계.
+ * RuleState 는 Rule + signals (pure data). 각 detect() 는 이 상태 배열을 입력으로 받는다.
+ */
+export interface RuleSignals {
+    violations_30d: number;
+    violation_rate_30d: number;
+    bypass_7d: number;
+    last_inject_days_ago: number;
+    injects_rolling_n: number;
+    violations_rolling_n: number;
+    last_updated_days_ago: number;
+}
+export interface ViolationEntry {
+    at: string;
+    rule_id: string;
+    session_id: string;
+    source: 'stop-guard' | 'pre-tool-guard' | 'post-tool-guard' | 'evidence-store' | 'manual';
+    kind: 'block' | 'deny' | 'correction';
+    message_preview?: string;
+}
+export interface BypassEntry {
+    at: string;
+    rule_id: string;
+    session_id: string;
+    tool: string;
+    pattern_preview: string;
+}

package/dist/engine/lifecycle/types.js

@@ -0,0 +1,7 @@
+/**
+ * ADR-002 Lifecycle event model.
+ *
+ * 오케스트레이터가 발행하는 이벤트 — rule 상태 전이의 단위.
+ * 이 파일은 타입만 정의. 실제 이벤트 발행/소비 로직은 각 trigger-*.ts 참조.
+ */
+export {};

package/dist/engine/meta-learning/session-quality-scorer.d.ts

@@ -12,6 +12,7 @@
  *   - state/sessions/{sessionId}.json  → session metadata
  */
 import type { SessionQualityScore } from './types.js';
+import { type ImplicitFeedbackEntry } from '../../store/implicit-feedback-store.js';
 interface InjectionCacheData {
     injected: string[];
     totalInjectedChars: number;
@@ -29,12 +30,6 @@ interface DriftState {
     lastCriticalAt: number | null;
     hardCapReached: boolean;
 }
-interface ImplicitFeedbackEntry {
-    type: string;
-    sessionId?: string;
-    at: string;
-    [key: string]: unknown;
-}
 export declare function loadInjectionCache(sessionId: string): InjectionCacheData | null;
 export declare function loadDriftState(sessionId: string): DriftState | null;
 export declare function loadImplicitFeedback(sessionId: string): ImplicitFeedbackEntry[];

package/dist/engine/meta-learning/session-quality-scorer.js

@@ -15,6 +15,7 @@ import * as fs from 'node:fs';
 import * as path from 'node:path';
 import { ME_BEHAVIOR, STATE_DIR } from '../../core/paths.js';
 import { safeReadJSON } from '../../hooks/shared/atomic-write.js';
+import { loadImplicitFeedback as loadImplicitFeedbackFromStore, } from '../../store/implicit-feedback-store.js';
 function sanitizeId(id) {
     return id.replace(/[^a-zA-Z0-9_-]/g, '_');
 }
@@ -32,27 +33,7 @@ export function loadDriftState(sessionId) {
     return data?.drift ?? null;
 }
 export function loadImplicitFeedback(sessionId) {
-    const logPath = path.join(STATE_DIR, 'implicit-feedback.jsonl');
-    try {
-        if (!fs.existsSync(logPath))
-            return [];
-        const lines = fs.readFileSync(logPath, 'utf-8').split('\n').filter(Boolean);
-        const entries = [];
-        for (const line of lines) {
-            try {
-                const entry = JSON.parse(line);
-                if (entry.sessionId === sessionId)
-                    entries.push(entry);
-            }
-            catch {
-                /* skip malformed lines */
-            }
-        }
-        return entries;
-    }
-    catch {
-        return [];
-    }
+    return loadImplicitFeedbackFromStore(sessionId);
 }
 export function loadSessionCorrections(sessionId) {
     try {

package/dist/engine/rule-toggle-cli.d.ts

@@ -0,0 +1,13 @@
+/**
+ * CLI handler for `forgen suppress-rule <id>` / `forgen activate-rule <id>`.
+ *
+ * R7-U2: Day-1 탈출구 — 사용자가 차단 메시지를 보고 JSON 을 손으로 편집하지 않아도
+ * 한 명령으로 규칙을 끄거나 되살릴 수 있도록.
+ *
+ * 구현:
+ *   - prefix-match 지원 (첫 8자만 쳐도 OK).
+ *   - multiple match 이면 목록 출력하고 중단.
+ *   - hard strength rule 은 cli 로도 suppress 불가 (ADR-002 불변 원칙).
+ */
+export declare function handleSuppressRule(args: string[]): Promise<void>;
+export declare function handleActivateRule(args: string[]): Promise<void>;

package/dist/engine/rule-toggle-cli.js

@@ -0,0 +1,76 @@
+/**
+ * CLI handler for `forgen suppress-rule <id>` / `forgen activate-rule <id>`.
+ *
+ * R7-U2: Day-1 탈출구 — 사용자가 차단 메시지를 보고 JSON 을 손으로 편집하지 않아도
+ * 한 명령으로 규칙을 끄거나 되살릴 수 있도록.
+ *
+ * 구현:
+ *   - prefix-match 지원 (첫 8자만 쳐도 OK).
+ *   - multiple match 이면 목록 출력하고 중단.
+ *   - hard strength rule 은 cli 로도 suppress 불가 (ADR-002 불변 원칙).
+ */
+import { loadAllRules, saveRule } from '../store/rule-store.js';
+export async function handleSuppressRule(args) {
+    const partial = args[0];
+    if (!partial) {
+        console.error('Usage: forgen suppress-rule <rule_id | prefix>');
+        process.exit(2);
+    }
+    const all = loadAllRules();
+    const matches = all.filter((r) => r.rule_id === partial || r.rule_id.startsWith(partial));
+    if (matches.length === 0) {
+        console.error(`No rule found matching "${partial}". Try \`forgen inspect rules\`.`);
+        process.exit(1);
+    }
+    if (matches.length > 1) {
+        console.error(`Ambiguous prefix "${partial}" — ${matches.length} rules match:`);
+        for (const r of matches) {
+            console.error(`  ${r.rule_id}  [${r.strength}]  ${r.policy.slice(0, 60)}`);
+        }
+        console.error('Use a longer prefix or the full rule_id.');
+        process.exit(1);
+    }
+    const rule = matches[0];
+    if (rule.strength === 'hard') {
+        console.error(`Refusing to suppress hard rule "${rule.rule_id}" (ADR-002 immutability).`);
+        console.error('  Hard rules require explicit removal from the rule source file.');
+        process.exit(1);
+    }
+    if (rule.status === 'suppressed') {
+        console.log(`Rule ${rule.rule_id} is already suppressed.`);
+        return;
+    }
+    saveRule({ ...rule, status: 'suppressed' });
+    console.log(`✓ Suppressed rule ${rule.rule_id}`);
+    console.log(`  Policy: ${rule.policy.slice(0, 80)}`);
+    console.log(`  Re-activate with: forgen activate-rule ${rule.rule_id}`);
+}
+export async function handleActivateRule(args) {
+    const partial = args[0];
+    if (!partial) {
+        console.error('Usage: forgen activate-rule <rule_id | prefix>');
+        process.exit(2);
+    }
+    const all = loadAllRules();
+    const matches = all.filter((r) => r.rule_id === partial || r.rule_id.startsWith(partial));
+    if (matches.length === 0) {
+        console.error(`No rule found matching "${partial}".`);
+        process.exit(1);
+    }
+    if (matches.length > 1) {
+        console.error(`Ambiguous prefix "${partial}" — ${matches.length} rules. Use longer prefix.`);
+        process.exit(1);
+    }
+    const rule = matches[0];
+    if (rule.status === 'active') {
+        console.log(`Rule ${rule.rule_id} is already active.`);
+        return;
+    }
+    if (rule.status === 'removed' || rule.status === 'superseded') {
+        console.error(`Cannot activate rule with status=${rule.status}. Edit the rule file directly.`);
+        process.exit(1);
+    }
+    saveRule({ ...rule, status: 'active' });
+    console.log(`✓ Activated rule ${rule.rule_id}`);
+    console.log(`  Policy: ${rule.policy.slice(0, 80)}`);
+}

package/dist/engine/skill-promoter.js

@@ -6,15 +6,12 @@
  */
 import * as fs from 'node:fs';
 import * as path from 'node:path';
-import * as os from 'node:os';
 import { parseSolutionV3 } from './solution-format.js';
 import { createLogger } from '../core/logger.js';
+import { ME_SOLUTIONS, ME_SKILLS, CLAUDE_DIR } from '../core/paths.js';
 const log = createLogger('skill-promoter');
-const FORGEN_HOME = path.join(os.homedir(), '.forgen');
-const ME_SOLUTIONS = path.join(FORGEN_HOME, 'me', 'solutions');
-const ME_SKILLS = path.join(FORGEN_HOME, 'me', 'skills');
-// Claude Code가 자동 인식하는 글로벌 스킬 경로
-const CLAUDE_SKILLS = path.join(os.homedir(), '.claude', 'skills');
+// Claude Code가 자동 인식하는 글로벌 스킬 경로 (~/.claude/skills)
+const CLAUDE_SKILLS = path.join(CLAUDE_DIR, 'skills');
 // 일반적인 태그 제외 (트리거로 부적합)
 const GENERIC_TAGS = new Set([
     'typescript', 'javascript', 'react', 'node', 'error', 'fix', 'code',

package/dist/forge/evidence-processor.js

@@ -5,8 +5,9 @@
  * Migration Plan §5.4: 이 모듈의 "해석" 계층은 AI(Claude 세션)가 채운다.
  * 여기서는 구조화된 입출력 인터페이스와 알고리즘 적용 함수만 정의.
  */
-import { createEvidence, saveEvidence } from '../store/evidence-store.js';
+import { createEvidence, appendEvidence } from '../store/evidence-store.js';
 import { createRule, saveRule } from '../store/rule-store.js';
+import { classify, applyProposal } from '../engine/enforce-classifier.js';
 // ── Correction → Evidence + Temporary Rule ──
 /**
  * 사용자 교정을 Evidence로 기록하고, 필요 시 temporary rule 생성.
@@ -29,7 +30,7 @@ export function processCorrection(req) {
             direction: req.kind === 'avoid-this' ? 'opposite' : 'same',
         },
     });
-    saveEvidence(evidence);
+    appendEvidence(evidence); // T1 lifecycle trigger fires here for explicit_correction
     // fix-now, avoid-this → temporary session rule
     let temporaryRule = null;
     if (req.kind === 'fix-now' || req.kind === 'avoid-this') {
@@ -45,6 +46,13 @@ export function processCorrection(req) {
             evidence_refs: [evidence.evidence_id],
             render_key: `${req.axis_hint ?? 'workflow'}.${req.target.toLowerCase().replace(/\s+/g, '-').slice(0, 30)}`,
         });
+        // ADR-001 auto-classify on creation — 교정 즉시 enforce_via 가 붙어야 다음 턴부터 Mech-A/B 발화.
+        // 기존 `forgen classify-enforce --apply` 수동 경로를 유지하되, 신규 rule 은 창조 시점에 자동 populate.
+        try {
+            const proposal = classify(temporaryRule);
+            temporaryRule = applyProposal(temporaryRule, proposal);
+        }
+        catch { /* fail-open: classify 실패는 rule 저장 자체를 막지 않음 */ }
         saveRule(temporaryRule);
     }
     return {

package/dist/hooks/context-guard.js

@@ -11,6 +11,7 @@
  */
 import * as fs from 'node:fs';
 import * as path from 'node:path';
+import * as os from 'node:os';
 import { fileURLToPath } from 'node:url';
 import { createLogger } from '../core/logger.js';
 import { readStdinJSON } from './shared/read-stdin.js';
@@ -129,6 +130,16 @@ export async function main() {
             // 정상 종료 시: 의미 있는 세션이었으면 compound 안내/자동 트리거
             if (input.stop_hook_type === 'user' || input.stop_hook_type === 'end_turn') {
                 const state = loadContextState(sessionId);
+                // ADR-002 T1 — 세션 중간에 교정이 들어와도 session-scoped rule 이 me-scope 으로
+                // 승급되도록 Stop 에서 직접 auto-compound-runner 를 debounced 로 트리거.
+                // 'forgen' CLI 를 통하지 않는 사용자 (claude 직접 실행) 에게도 교정이 유실되지 않는 보장.
+                // dedup: last-auto-compound.json 의 sessionId + 5분 cooldown.
+                try {
+                    await maybeSpawnAutoCompound(sessionId, input.transcript_path, state.promptCount);
+                }
+                catch (e) {
+                    log.debug('auto-compound Stop trigger 실패', e);
+                }
                 if (state.promptCount >= 20) {
                     // 20+ prompts: auto-trigger compound by writing marker
                     try {
@@ -224,6 +235,66 @@ function buildSessionSummary(sessionId, promptCount) {
 }
 // forge-loop 상태 파일 경로
 const FORGE_LOOP_STATE_PATH = path.join(STATE_DIR, 'forge-loop.json');
+/**
+ * Stop hook 에서 auto-compound-runner 를 debounced 로 spawn.
+ *
+ * 호출 조건:
+ *   - promptCount ≥ 10 (의미있는 세션)
+ *   - transcript_path 유효
+ *   - last-auto-compound.json 의 sessionId 가 다르거나 5분 전
+ *
+ * dedup 파일은 session-recovery hook 과 공유되어 double-run 방지.
+ * fire-and-forget (detached) — hook timeout 과 무관.
+ */
+const AUTO_COMPOUND_COOLDOWN_MS = 5 * 60 * 1000; // 5 min
+async function maybeSpawnAutoCompound(sessionId, transcriptPath, promptCount) {
+    if (!transcriptPath || promptCount < 10)
+        return;
+    const markerPath = path.join(STATE_DIR, 'last-auto-compound.json');
+    try {
+        const raw = fs.readFileSync(markerPath, 'utf-8');
+        const parsed = JSON.parse(raw);
+        if (parsed.sessionId === sessionId) {
+            const last = parsed.completedAt ? Date.parse(parsed.completedAt) : 0;
+            if (Number.isFinite(last) && Date.now() - last < AUTO_COMPOUND_COOLDOWN_MS)
+                return;
+        }
+    }
+    catch { /* first time or corrupt — proceed */ }
+    const { spawn: spawnProcess } = await import('node:child_process');
+    const cwd = process.env.FORGEN_CWD ?? process.env.COMPOUND_CWD ?? process.cwd();
+    // 기본: 번들된 auto-compound-runner. 프로덕션 빌드는 이 경로만 실행.
+    const defaultRunner = path.join(path.dirname(fileURLToPath(import.meta.url)), '..', 'core', 'auto-compound-runner.js');
+    // 테스트 주입 경로 — FORGEN_TEST=1 게이트 + 경로 containment (~/.forgen 또는 /tmp 하위만 허용).
+    // FORGEN_TEST 없이 FORGEN_AUTO_COMPOUND_RUNNER_PATH 만 설정되어도 무시 → 임의 코드 실행 방지.
+    let runnerPath = defaultRunner;
+    const override = process.env.FORGEN_AUTO_COMPOUND_RUNNER_PATH;
+    if (override && process.env.FORGEN_TEST === '1') {
+        const resolved = path.resolve(override);
+        const homeDir = os.homedir();
+        const allowed = [
+            path.join(homeDir, '.forgen'),
+            os.tmpdir(), // 플랫폼별 /tmp, /var/folders/... 등
+            '/tmp',
+            path.resolve(path.dirname(fileURLToPath(import.meta.url)), '..', '..'),
+        ];
+        if (allowed.some((root) => resolved === root || resolved.startsWith(root + path.sep))) {
+            runnerPath = resolved;
+        }
+        else {
+            log.debug(`FORGEN_AUTO_COMPOUND_RUNNER_PATH 무시 — ${resolved} 가 허용 루트 밖`);
+        }
+    }
+    else if (override) {
+        log.debug('FORGEN_AUTO_COMPOUND_RUNNER_PATH 무시 — FORGEN_TEST=1 가 필요');
+    }
+    const child = spawnProcess('node', [runnerPath, cwd, transcriptPath, sessionId], {
+        detached: true,
+        stdio: 'ignore',
+    });
+    child.unref();
+    log.debug(`Stop-triggered auto-compound 시작: ${sessionId} (${promptCount} prompts)`);
+}
 // forge-loop 차단 안전 상한 (무한 루프 방지)
 const FORGE_LOOP_MAX_BLOCKS = 30;
 const FORGE_LOOP_STALE_MS = 2 * 60 * 60 * 1000; // 2시간
@@ -337,6 +408,6 @@ function saveHandoff(sessionId, reason, detail) {
 if (process.argv[1] && fs.realpathSync(path.resolve(process.argv[1])) === fileURLToPath(import.meta.url)) {
     main().catch((e) => {
         process.stderr.write(`[ch-hook] ${e instanceof Error ? e.message : String(e)}\n`);
-        console.log(failOpenWithTracking('context-guard'));
+        console.log(failOpenWithTracking('context-guard', e));
     });
 }

package/dist/hooks/dangerous-patterns.json

@@ -1,5 +1,5 @@
 [
-  { "pattern": "rm\\s+(-rf|-fr)\\s+[/~]", "description": "rm -rf on root/home path", "severity": "block" },
+  { "pattern": "rm\\s+(-rf|-fr)\\s+(\\/(?!tmp\\b|var\\/folders\\b|var\\/tmp\\b)|~)", "description": "rm -rf on root/home path", "severity": "block" },
   { "pattern": "rm\\s+(-rf|-fr)\\s+\\.\\s", "description": "rm -rf on current directory", "severity": "block" },
   { "pattern": "git\\s+push\\s+.*--force(?!-)", "description": "git push --force", "severity": "warn" },
   { "pattern": "git\\s+reset\\s+--hard", "description": "git reset --hard", "severity": "warn" },
@@ -9,10 +9,10 @@
   { "pattern": ">\\s*\\/dev\\/sd[a-z]", "description": "write to block device", "severity": "block" },
   { "pattern": "mkfs\\s", "description": "mkfs (format filesystem)", "severity": "block" },
   { "pattern": ":\\(\\)\\s*\\{\\s*:\\|:&\\s*\\}\\s*;:", "description": "fork bomb", "severity": "block" },
-  { "pattern": "\\beval\\s+[\"'`]", "description": "eval with string (injection risk)", "severity": "warn" },
+  { "pattern": "\\beval\\s+[\"'`]", "description": "eval with string (injection risk)", "severity": "warn", "match_target": "raw" },
   { "pattern": "curl\\s+.*\\|\\s*(ba)?sh", "description": "curl pipe to shell", "severity": "block" },
   { "pattern": "wget\\s+.*\\|\\s*(ba)?sh", "description": "wget pipe to shell", "severity": "block" },
-  { "pattern": "python[23]?\\s+-c\\s+['\"].*(?:import\\s+os|subprocess|exec|eval)", "description": "python -c with dangerous imports", "severity": "warn" },
+  { "pattern": "python[23]?\\s+-c\\s+['\"].*(?:import\\s+os|subprocess|exec|eval)", "description": "python -c with dangerous imports", "severity": "warn", "match_target": "raw" },
   { "pattern": "\\bchmod\\s+[0-7]*777\\b", "description": "chmod 777 (overly permissive)", "severity": "warn" },
   { "pattern": "\\bdd\\s+.*of=\\/dev\\/", "description": "dd write to device", "severity": "block" }
 ]

package/dist/hooks/db-guard.js

@@ -11,6 +11,7 @@ import { atomicWriteJSON } from './shared/atomic-write.js';
 import { isHookEnabled } from './hook-config.js';
 import { approve, approveWithWarning, deny, failOpenWithTracking } from './shared/hook-response.js';
 import { STATE_DIR } from '../core/paths.js';
+import { preprocessForMatch } from './shared/command-parser.js';
 const FAIL_COUNTER_PATH = path.join(STATE_DIR, 'db-guard-fail-counter.json');
 const FAIL_CLOSE_THRESHOLD = 3;
 export const DANGEROUS_SQL_PATTERNS = [
@@ -27,8 +28,23 @@ export function checkDangerousSql(toolName, toolInput) {
     const command = typeof toolInput === 'string'
         ? toolInput
         : (toolInput.command ?? '');
+    // TEST-6 확장 (2026-04-24): DB CLI allowlist 기반 quote-aware 전처리.
+    //
+    // 결함: 이전에는 raw command 를 직접 매칭해 `git commit -m "... DROP TABLE ..."`
+    // 같은 quote 안 SQL 키워드까지 block (실증: 이번 세션 내 release 커밋 메시지 차단).
+    //
+    // 단순히 masked 만 쓰면 `psql -c "DROP TABLE users"` 같은 실 DB 실행의 True-Positive
+    // 까지 놓친다. 해법: masked 처리 후에도 **DB CLI 토큰** 이 보이면 진짜 실행 의도
+    // 라고 판단해 raw 를 검사, 아니면 masked 를 검사.
+    //   - `psql -c "DROP TABLE"` → masked: `psql -c ""` → psql 존재 → raw 검사 → block
+    //   - `git commit -m "DROP TABLE"` → masked: `git commit -m ""` → psql 없음 → masked 검사 → pass
+    //   - `DROP DATABASE production` (direct SQL) → masked 그대로 (quote 없음) → block
+    const maskedCommand = preprocessForMatch(command, 'masked');
+    const dbCliRe = /\b(psql|mysql|sqlite3?|pg_restore|mongosh|mysqldump|cockroach\s+sql|redis-cli)\b/i;
+    const hasDbCli = dbCliRe.test(maskedCommand);
+    const scanCommand = hasDbCli ? command : maskedCommand;
     // 주석 제거 후 SQL에 대해 패턴 매칭 (주석 안 키워드 오차단 방지)
-    const sqlWithoutComments = command
+    const sqlWithoutComments = scanCommand
         .replace(/--[^\n]*/g, '') // 라인 주석 제거
         .replace(/\/\*[\s\S]*?\*\//g, ''); // 블록 주석 제거
     for (const { pattern, description, severity } of DANGEROUS_SQL_PATTERNS) {
@@ -101,5 +117,5 @@ async function main() {
 }
 main().catch((e) => {
     process.stderr.write(`[ch-hook] DB Guard error: ${e instanceof Error ? e.message : String(e)}\n`);
-    console.log(failOpenWithTracking('db-guard'));
+    console.log(failOpenWithTracking('db-guard', e));
 });

package/dist/hooks/intent-classifier.js

@@ -83,5 +83,5 @@ async function main() {
 }
 main().catch((e) => {
     process.stderr.write(`[ch-hook] ${e instanceof Error ? e.message : String(e)}\n`);
-    console.log(failOpenWithTracking('intent-classifier'));
+    console.log(failOpenWithTracking('intent-classifier', e));
 });

package/dist/hooks/keyword-detector.js

@@ -308,6 +308,6 @@ async function main() {
 if (process.argv[1] && fs.realpathSync(path.resolve(process.argv[1])) === fileURLToPath(import.meta.url)) {
     main().catch((e) => {
         process.stderr.write(`[ch-hook] ${e instanceof Error ? e.message : String(e)}\n`);
-        console.log(failOpenWithTracking('keyword-detector'));
+        console.log(failOpenWithTracking('keyword-detector', e));
     });
 }

package/dist/hooks/notepad-injector.js

@@ -50,5 +50,5 @@ async function main() {
 }
 main().catch((e) => {
     process.stderr.write(`[ch-hook] ${e instanceof Error ? e.message : String(e)}\n`);
-    console.log(failOpenWithTracking('notepad-injector'));
+    console.log(failOpenWithTracking('notepad-injector', e));
 });

package/dist/hooks/permission-handler.js

@@ -129,5 +129,5 @@ async function main() {
 }
 main().catch((e) => {
     process.stderr.write(`[ch-hook] ${e instanceof Error ? e.message : String(e)}\n`);
-    console.log(failOpenWithTracking('permission-handler'));
+    console.log(failOpenWithTracking('permission-handler', e));
 });

package/dist/hooks/post-tool-failure.js

@@ -127,5 +127,5 @@ main().catch((e) => {
         hookName: 'post-tool-failure', eventType: 'PostToolUseFailure', cause: e,
     });
     process.stderr.write(`[ch-hook] ${hookErr.name}: ${hookErr.message}\n`);
-    console.log(failOpenWithTracking('post-tool-failure'));
+    console.log(failOpenWithTracking('post-tool-failure', e));
 });

package/dist/hooks/post-tool-use.d.ts

@@ -18,6 +18,12 @@ interface ModifiedFilesState {
     recentWrites?: Record<string, string[]>;
     /** Drift detection state */
     drift?: DriftState;
+    /**
+     * TEST-2 support: 최근 N개 tool 이름 (가장 최근이 마지막). 세션 시작 이래 누적된
+     * 도구 이름을 그대로 끝까지 보관하면 메모리 낭비이므로 slice window.
+     * stop-guard 가 "측정 도구 호출 수" 를 빠르게 계산.
+     */
+    recentToolNames?: string[];
 }
 export declare const ERROR_PATTERNS: Array<{
     pattern: RegExp;