npm - @wooojin/forgen - Versions diffs - 0.4.0 → 0.4.3 - Mend

@wooojin/forgen 0.4.0 → 0.4.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (187) hide show

package/.claude-plugin/plugin.json +5 -5
package/CHANGELOG.md +194 -15
package/CONTRIBUTING.md +2 -2
package/README.ja.md +74 -9
package/README.ko.md +77 -12
package/README.md +127 -25
package/README.zh.md +43 -9
package/assets/README.md +86 -0
package/assets/architecture.svg +100 -0
package/assets/banner.png +0 -0
package/assets/banner.svg +53 -0
package/assets/demo/01-install.gif +0 -0
package/assets/demo/01-install.tape +54 -0
package/assets/demo/02-compound-learning.gif +0 -0
package/assets/demo/02-compound-learning.tape +50 -0
package/assets/demo/03-forge-personalization.gif +0 -0
package/assets/demo/03-forge-personalization.tape +64 -0
package/assets/demo/before-after.gif +0 -0
package/assets/demo/before-after.tape +98 -0
package/assets/demo-preview.svg +96 -0
package/assets/icon.png +0 -0
package/{hooks → assets/shared}/hook-registry.json +2 -1
package/dist/checks/conclusion-verification-ratio.d.ts +37 -0
package/dist/checks/conclusion-verification-ratio.js +86 -0
package/dist/checks/fact-vs-agreement.d.ts +47 -0
package/dist/checks/fact-vs-agreement.js +92 -0
package/dist/checks/self-score-deflation.d.ts +38 -0
package/dist/checks/self-score-deflation.js +108 -0
package/dist/cli.js +98 -6
package/dist/core/auto-compound-runner.js +137 -49
package/dist/core/behavior-classifier.d.ts +28 -0
package/dist/core/behavior-classifier.js +46 -0
package/dist/core/dashboard.d.ts +7 -0
package/dist/core/dashboard.js +41 -2
package/dist/core/doctor.js +118 -5
package/dist/core/extraction-notice.d.ts +18 -0
package/dist/core/extraction-notice.js +64 -0
package/dist/core/git-stats.d.ts +36 -0
package/dist/core/git-stats.js +79 -0
package/dist/core/harness.d.ts +1 -1
package/dist/core/harness.js +27 -20
package/dist/core/host-detect.d.ts +42 -0
package/dist/core/host-detect.js +68 -0
package/dist/core/init-cli.d.ts +26 -0
package/dist/core/init-cli.js +104 -0
package/dist/core/init.js +17 -0
package/dist/core/inspect-cli.js +1 -2
package/dist/core/installer.js +2 -2
package/dist/core/migrate-cli.d.ts +11 -0
package/dist/core/migrate-cli.js +53 -0
package/dist/core/migrate-evidence-host.d.ts +36 -0
package/dist/core/migrate-evidence-host.js +49 -0
package/dist/core/paths.d.ts +8 -1
package/dist/core/paths.js +11 -2
package/dist/core/recall-cli.d.ts +26 -0
package/dist/core/recall-cli.js +125 -0
package/dist/core/recall-reference-detector.d.ts +43 -0
package/dist/core/recall-reference-detector.js +65 -0
package/dist/core/settings-injector.js +4 -2
package/dist/core/spawn.d.ts +1 -1
package/dist/core/spawn.js +4 -11
package/dist/core/stats-cli.d.ts +21 -0
package/dist/core/stats-cli.js +133 -10
package/dist/core/trust-layer-intent.d.ts +35 -0
package/dist/core/trust-layer-intent.js +30 -0
package/dist/core/types.d.ts +1 -1
package/dist/core/uninstall.js +2 -1
package/dist/engine/compound-cli.js +1 -0
package/dist/engine/compound-export.js +8 -3
package/dist/engine/compound-extractor.js +7 -9
package/dist/engine/learn-cli.js +5 -6
package/dist/engine/lifecycle/bypass-detector.d.ts +6 -1
package/dist/engine/lifecycle/bypass-detector.js +57 -5
package/dist/engine/lifecycle/lifecycle-cli.js +4 -4
package/dist/engine/lifecycle/meta-reclassifier.js +3 -3
package/dist/engine/lifecycle/orchestrator.js +2 -2
package/dist/engine/lifecycle/signals.js +6 -6
package/dist/engine/meta-learning/session-quality-scorer.d.ts +1 -6
package/dist/engine/meta-learning/session-quality-scorer.js +2 -21
package/dist/engine/skill-promoter.js +3 -6
package/dist/fgx.js +2 -1
package/dist/forge/evidence-processor.js +12 -0
package/dist/forge/onboarding.d.ts +3 -2
package/dist/forge/onboarding.js +3 -2
package/dist/hooks/context-guard.js +1 -1
package/dist/hooks/dangerous-patterns.json +3 -3
package/dist/hooks/db-guard.js +21 -5
package/dist/hooks/forge-loop-progress.d.ts +9 -0
package/dist/hooks/forge-loop-progress.js +38 -0
package/dist/hooks/hook-registry.js +1 -1
package/dist/hooks/hooks-generator.d.ts +15 -1
package/dist/hooks/hooks-generator.js +18 -16
package/dist/hooks/intent-classifier.js +1 -1
package/dist/hooks/keyword-detector.js +2 -2
package/dist/hooks/notepad-injector.js +1 -1
package/dist/hooks/permission-handler.js +1 -1
package/dist/hooks/post-tool-failure.js +1 -1
package/dist/hooks/post-tool-use.d.ts +7 -1
package/dist/hooks/post-tool-use.js +50 -23
package/dist/hooks/pre-compact.js +2 -2
package/dist/hooks/pre-tool-use.d.ts +7 -0
package/dist/hooks/pre-tool-use.js +28 -10
package/dist/hooks/rate-limiter.js +3 -3
package/dist/hooks/secret-filter.js +1 -1
package/dist/hooks/session-recovery.js +12 -1
package/dist/hooks/shared/blocking-allowlist.d.ts +28 -0
package/dist/hooks/shared/blocking-allowlist.js +38 -0
package/dist/hooks/shared/command-parser.d.ts +44 -0
package/dist/hooks/shared/command-parser.js +50 -0
package/dist/hooks/shared/forge-loop-state.d.ts +36 -0
package/dist/hooks/shared/forge-loop-state.js +116 -0
package/dist/hooks/shared/hook-response.d.ts +30 -2
package/dist/hooks/shared/hook-response.js +61 -3
package/dist/hooks/skill-injector.js +2 -2
package/dist/hooks/slop-detector.js +2 -2
package/dist/hooks/solution-injector.d.ts +9 -0
package/dist/hooks/solution-injector.js +48 -5
package/dist/hooks/stop-guard.js +152 -13
package/dist/hooks/subagent-tracker.js +1 -1
package/dist/host/capabilities-claude.d.ts +8 -0
package/dist/host/capabilities-claude.js +46 -0
package/dist/host/capabilities-codex.d.ts +11 -0
package/dist/host/capabilities-codex.js +50 -0
package/dist/host/capabilities-registry.d.ts +11 -0
package/dist/host/capabilities-registry.js +30 -0
package/dist/host/codex-adapter.d.ts +8 -5
package/dist/host/codex-adapter.js +10 -82
package/dist/host/codex-output-parser.d.ts +39 -0
package/dist/host/codex-output-parser.js +75 -0
package/dist/host/exec-host.d.ts +54 -0
package/dist/host/exec-host.js +92 -0
package/dist/host/host-runtime.d.ts +37 -0
package/dist/host/host-runtime.js +51 -0
package/dist/host/install-claude.d.ts +35 -0
package/dist/host/install-claude.js +238 -0
package/dist/host/install-codex.d.ts +44 -0
package/dist/host/install-codex.js +276 -0
package/dist/host/install-orchestrator.d.ts +34 -0
package/dist/host/install-orchestrator.js +126 -0
package/dist/host/invoke-agent.d.ts +27 -0
package/dist/host/invoke-agent.js +115 -0
package/dist/host/parity-harness.d.ts +62 -0
package/dist/host/parity-harness.js +283 -0
package/dist/host/projection.d.ts +35 -0
package/dist/host/projection.js +126 -0
package/dist/i18n/index.js +3 -5
package/dist/mcp/server.js +11 -0
package/dist/mcp/tools.js +47 -0
package/dist/services/session.d.ts +6 -3
package/dist/services/session.js +33 -4
package/dist/store/evidence-store.d.ts +1 -0
package/dist/store/evidence-store.js +45 -3
package/dist/store/host-mismatch.d.ts +42 -0
package/dist/store/host-mismatch.js +65 -0
package/dist/store/implicit-feedback-store.d.ts +59 -0
package/dist/store/implicit-feedback-store.js +153 -0
package/dist/store/profile-store.d.ts +29 -0
package/dist/store/profile-store.js +53 -0
package/dist/store/rule-store.js +8 -0
package/dist/store/types.d.ts +13 -0
package/hooks/hooks.json +6 -1
package/package.json +7 -5
package/plugin.json +4 -4
package/scripts/postinstall.js +100 -25
/package/{agents → assets/claude/agents}/analyst.md +0 -0
/package/{agents → assets/claude/agents}/architect.md +0 -0
/package/{agents → assets/claude/agents}/code-reviewer.md +0 -0
/package/{agents → assets/claude/agents}/critic.md +0 -0
/package/{agents → assets/claude/agents}/debugger.md +0 -0
/package/{agents → assets/claude/agents}/designer.md +0 -0
/package/{agents → assets/claude/agents}/executor.md +0 -0
/package/{agents → assets/claude/agents}/explore.md +0 -0
/package/{agents → assets/claude/agents}/git-master.md +0 -0
/package/{agents → assets/claude/agents}/planner.md +0 -0
/package/{agents → assets/claude/agents}/solution-evolver.md +0 -0
/package/{agents → assets/claude/agents}/test-engineer.md +0 -0
/package/{agents → assets/claude/agents}/verifier.md +0 -0
/package/{commands → assets/claude/commands}/architecture-decision.md +0 -0
/package/{commands → assets/claude/commands}/calibrate.md +0 -0
/package/{commands → assets/claude/commands}/code-review.md +0 -0
/package/{commands → assets/claude/commands}/compound.md +0 -0
/package/{commands → assets/claude/commands}/deep-interview.md +0 -0
/package/{commands → assets/claude/commands}/docker.md +0 -0
/package/{commands → assets/claude/commands}/forge-loop.md +0 -0
/package/{commands → assets/claude/commands}/learn.md +0 -0
/package/{commands → assets/claude/commands}/retro.md +0 -0
/package/{commands → assets/claude/commands}/ship.md +0 -0

package/dist/hooks/shared/forge-loop-state.js ADDED Viewed

@@ -0,0 +1,116 @@
+/**
+ * Forge Loop State — RC6 가드 (US-M1)
+ *
+ * 직전 forge-loop 의 findings 또는 진행 중 stories 를 ≤1KB 요약으로 렌더한다.
+ * SessionStart 와 UserPromptSubmit 두 hook 이 공유하는 단일 진입점.
+ *
+ * RC6 자기증거: 본 세션 R1 에서 head -80 으로 forge-loop.json 을 읽어 findings
+ * 8줄(line 92~99)이 잘렸음. 결과적으로 직전 결론을 컨텍스트에 못 가져 같은
+ * 가설을 재발. 이 모듈은 그 회귀를 시스템 레벨에서 차단한다.
+ */
+import * as fs from 'node:fs';
+import * as path from 'node:path';
+import { STATE_DIR } from '../../core/paths.js';
+const FORGE_LOOP_PATH = path.join(STATE_DIR, 'forge-loop.json');
+const SOFT_STALE_MS = 24 * 60 * 60 * 1000;
+const HARD_STALE_MS = 7 * 24 * 60 * 60 * 1000;
+const MAX_INJECT_BYTES = 1024;
+const MAX_TASK_CHARS = 240;
+const MAX_FINDING_CHARS = 240;
+const MAX_PENDING = 5;
+export function readForgeLoopState(filePath = FORGE_LOOP_PATH) {
+    try {
+        if (!fs.existsSync(filePath))
+            return null;
+        const raw = JSON.parse(fs.readFileSync(filePath, 'utf-8'));
+        if (typeof raw !== 'object' || raw === null)
+            return null;
+        return raw;
+    }
+    catch {
+        return null;
+    }
+}
+function ageMs(state, now = Date.now()) {
+    const ts = state.completedAt ?? state.startedAt;
+    if (!ts)
+        return Number.POSITIVE_INFINITY;
+    const t = new Date(ts).getTime();
+    if (Number.isNaN(t))
+        return Number.POSITIVE_INFINITY;
+    return now - t;
+}
+function clipBlock(block) {
+    if (block.length <= MAX_INJECT_BYTES)
+        return block;
+    return `${block.slice(0, MAX_INJECT_BYTES - 3)}...`;
+}
+function escXml(s) {
+    return s.replace(/[<>&"]/g, c => ({ '<': '&lt;', '>': '&gt;', '&': '&amp;', '"': '&quot;' })[c] ?? c);
+}
+/** SessionStart 용 — 완료된 forge-loop 의 findings 또는 진행 중 stories 요약. */
+export function renderForgeLoopForSession(state, now = Date.now()) {
+    if (!state)
+        return null;
+    const age = ageMs(state, now);
+    if (age > HARD_STALE_MS)
+        return null;
+    const stale = age > SOFT_STALE_MS;
+    const lines = [];
+    const task = String(state.task ?? '').trim();
+    if (task)
+        lines.push(`Task: ${escXml(task.slice(0, MAX_TASK_CHARS))}`);
+    if (state.active && Array.isArray(state.stories)) {
+        const total = state.stories.length;
+        const done = state.stories.filter(s => s?.passes).length;
+        lines.push(`Status: in-progress ${done}/${total}${stale ? ' (stale)' : ''}`);
+        const pending = state.stories
+            .filter(s => !s?.passes)
+            .slice(0, MAX_PENDING)
+            .map(s => `- ${escXml(String(s.id))}: ${escXml(String(s.title))}`);
+        if (pending.length) {
+            lines.push('Pending:');
+            lines.push(...pending);
+        }
+    }
+    else if (state.findings && typeof state.findings === 'object') {
+        lines.push(`Status: completed${stale ? ' (stale)' : ''}`);
+        for (const [id, val] of Object.entries(state.findings)) {
+            const text = String(val ?? '').slice(0, MAX_FINDING_CHARS);
+            if (text)
+                lines.push(`- ${escXml(id)}: ${escXml(text)}`);
+        }
+    }
+    else {
+        return null;
+    }
+    if (lines.length === 0)
+        return null;
+    const tag = stale ? '<forge-loop-state stale="true">' : '<forge-loop-state>';
+    const body = lines.join('\n');
+    return clipBlock(`${tag}\n${body}\n</forge-loop-state>`);
+}
+/** UserPromptSubmit 용 — active=true 시에만 짧은 진행 상황 1~2줄. */
+export function renderForgeLoopForPrompt(state, now = Date.now()) {
+    if (!state || !state.active || !Array.isArray(state.stories))
+        return null;
+    const age = ageMs(state, now);
+    if (age > HARD_STALE_MS)
+        return null;
+    const total = state.stories.length;
+    const done = state.stories.filter(s => s?.passes).length;
+    const next = state.stories.find(s => !s?.passes);
+    if (!next)
+        return null;
+    const stale = age > SOFT_STALE_MS;
+    const tag = stale ? '<forge-loop-active stale="true">' : '<forge-loop-active>';
+    const body = `Progress: ${done}/${total} | next: ${escXml(String(next.id))} ${escXml(String(next.title))}`;
+    return clipBlock(`${tag}\n${body}\n</forge-loop-active>`);
+}
+/** 테스트 노출용 상수 — 회귀 시 임계값 변경 즉시 감지. */
+export const FORGE_LOOP_LIMITS = {
+    SOFT_STALE_MS,
+    HARD_STALE_MS,
+    MAX_INJECT_BYTES,
+    MAX_PENDING,
+};

package/dist/hooks/shared/hook-response.d.ts CHANGED Viewed

@@ -18,8 +18,13 @@ export declare function approve(): string;
 /**
  * 통과 + 모델에 컨텍스트 주입.
  * UserPromptSubmit, SessionStart 이벤트에서만 모델에 도달함.
+ *
+ * H1 (v0.4.1): optional `userNotice` 로 사용자 UI (systemMessage) 에도 동시
+ * 1줄 노출. additionalContext 는 모델 전용이라 기존 recall hit 이 8,000+ 번
+ * 주입되었는데도 사용자는 0 건을 봤음. userNotice 로 같은 hit 을 사용자
+ * 에게 가시화한다.
  */
-export declare function approveWithContext(context: string, eventName: string): string;
+export declare function approveWithContext(context: string, eventName: string, userNotice?: string): string;
 /**
  * 통과 + UI 경고 표시 (모델에는 전달되지 않음).
  * PostToolUse, PreToolUse 경고 등 모델 도달이 불필요한 경우 사용.
@@ -29,6 +34,24 @@ export declare function approveWithWarning(warning: string): string;
 export declare function deny(reason: string): string;
 /** 사용자 확인 요청 (PreToolUse 전용) */
 export declare function ask(reason: string): string;
+/**
+ * P3' enforcement helper (2026-04-27)
+ *
+ * ALLOW-LIST 에 있는 hook 만 진짜 deny — 아닌 경우 approve + 관찰 신호로 강등.
+ *
+ * 사용:
+ * ```ts
+ * import { canBlock } from './blocking-allowlist.js';
+ * if (someCondition) {
+ *   console.log(blockOrObserve(hookName, 'reason', logCallback));
+ *   return;
+ * }
+ * ```
+ *
+ * 점진 마이그레이션 — 본 helper 를 새로 사용하는 hook 은 ALLOW-LIST 외라면
+ * 자동 관찰 모드로 작동. 기존 hook 들은 별도 PR 에서 마이그레이션.
+ */
+export declare function denyOrObserve(hookName: string, reason: string, observer?: (msg: string) => void): string;
 /**
  * Stop hook only — block the agent from stopping and feed a self-check
  * question back to Claude so the current session resumes with new guidance.
@@ -44,6 +67,11 @@ export declare function blockStop(reason: string, systemMessage?: string): strin
  * fail-open with error tracking: 에러 시 안전하게 통과하되, 실패 정보를 기록.
  * forgen doctor의 Hook Health 섹션에서 실패 이력을 표시할 수 있도록 JSONL 로그에 기록.
  *
+ * v0.4.1 (2026-04-24): optional `err` 매개변수 추가. 실 데이터상 106건의 hook 에러가
+ * 누적됐으나 전부 `{hook,at}` 만이라 근원 조사 불가했다. 이제 `error`/`stack` 을
+ * 함께 기록해 `forgen doctor` 가 원인 카테고리별로 빈도 surface 가능.
+ * payload 는 한 줄 cap(400자)로 잘라 JSONL 크기 폭주 방지.
+ *
  * @fail-open: hook failure must never block the user's workflow
  */
-export declare function failOpenWithTracking(hookName: string): string;
+export declare function failOpenWithTracking(hookName: string, err?: unknown): string;

package/dist/hooks/shared/hook-response.js CHANGED Viewed

@@ -16,6 +16,7 @@
 import * as fs from 'node:fs';
 import * as path from 'node:path';
 import { STATE_DIR } from '../../core/paths.js';
+import { canBlock } from './blocking-allowlist.js';
 /** 통과 응답 (컨텍스트 없음, 모든 이벤트 공통) */
 export function approve() {
     return JSON.stringify({ continue: true });
@@ -23,11 +24,17 @@ export function approve() {
 /**
  * 통과 + 모델에 컨텍스트 주입.
  * UserPromptSubmit, SessionStart 이벤트에서만 모델에 도달함.
+ *
+ * H1 (v0.4.1): optional `userNotice` 로 사용자 UI (systemMessage) 에도 동시
+ * 1줄 노출. additionalContext 는 모델 전용이라 기존 recall hit 이 8,000+ 번
+ * 주입되었는데도 사용자는 0 건을 봤음. userNotice 로 같은 hit 을 사용자
+ * 에게 가시화한다.
  */
-export function approveWithContext(context, eventName) {
+export function approveWithContext(context, eventName, userNotice) {
     return JSON.stringify({
         continue: true,
         hookSpecificOutput: { hookEventName: eventName, additionalContext: context },
+        ...(userNotice ? { systemMessage: userNotice } : {}),
     });
 }
 /**
@@ -59,6 +66,36 @@ export function ask(reason) {
         },
     });
 }
+/**
+ * P3' enforcement helper (2026-04-27)
+ *
+ * ALLOW-LIST 에 있는 hook 만 진짜 deny — 아닌 경우 approve + 관찰 신호로 강등.
+ *
+ * 사용:
+ * ```ts
+ * import { canBlock } from './blocking-allowlist.js';
+ * if (someCondition) {
+ *   console.log(blockOrObserve(hookName, 'reason', logCallback));
+ *   return;
+ * }
+ * ```
+ *
+ * 점진 마이그레이션 — 본 helper 를 새로 사용하는 hook 은 ALLOW-LIST 외라면
+ * 자동 관찰 모드로 작동. 기존 hook 들은 별도 PR 에서 마이그레이션.
+ */
+export function denyOrObserve(hookName, reason, observer) {
+    if (canBlock(hookName)) {
+        return deny(reason);
+    }
+    // ALLOW-LIST 외 — log only, approve
+    if (observer) {
+        try {
+            observer(`[${hookName}] would-deny (observe-only): ${reason}`);
+        }
+        catch { /* fail-open */ }
+    }
+    return approve();
+}
 /**
  * Stop hook only — block the agent from stopping and feed a self-check
  * question back to Claude so the current session resumes with new guidance.
@@ -81,13 +118,34 @@ export function blockStop(reason, systemMessage) {
  * fail-open with error tracking: 에러 시 안전하게 통과하되, 실패 정보를 기록.
  * forgen doctor의 Hook Health 섹션에서 실패 이력을 표시할 수 있도록 JSONL 로그에 기록.
  *
+ * v0.4.1 (2026-04-24): optional `err` 매개변수 추가. 실 데이터상 106건의 hook 에러가
+ * 누적됐으나 전부 `{hook,at}` 만이라 근원 조사 불가했다. 이제 `error`/`stack` 을
+ * 함께 기록해 `forgen doctor` 가 원인 카테고리별로 빈도 surface 가능.
+ * payload 는 한 줄 cap(400자)로 잘라 JSONL 크기 폭주 방지.
+ *
  * @fail-open: hook failure must never block the user's workflow
  */
-export function failOpenWithTracking(hookName) {
+export function failOpenWithTracking(hookName, err) {
     try {
         fs.mkdirSync(STATE_DIR, { recursive: true });
         const logPath = path.join(STATE_DIR, 'hook-errors.jsonl');
-        const entry = JSON.stringify({ hook: hookName, at: Date.now() });
+        const payload = { hook: hookName, at: Date.now() };
+        if (err !== undefined && err !== null) {
+            if (err instanceof Error) {
+                payload.error = err.message.slice(0, 400);
+                if (err.stack) {
+                    // 스택 첫 3줄만 — 어느 파일/라인에서 throw 됐는지만 알면 충분.
+                    payload.stack = err.stack.split('\n').slice(0, 3).join(' | ').slice(0, 400);
+                }
+                const maybeCode = err.code;
+                if (typeof maybeCode === 'string')
+                    payload.code = maybeCode;
+            }
+            else {
+                payload.error = String(err).slice(0, 400);
+            }
+        }
+        const entry = JSON.stringify(payload);
         fs.appendFileSync(logPath, entry + '\n');
     }
     catch { /* fail-open: tracking itself must not throw */ }

package/dist/hooks/skill-injector.js CHANGED Viewed

@@ -181,7 +181,7 @@ function collectSkills() {
     const skills = [];
     const seen = new Map(); // name → source dir
     // 패키지 내장 스킬 경로 (dist/../skills/)
-    const pkgSkillsDir = path.resolve(path.dirname(fileURLToPath(import.meta.url)), '..', '..', 'commands');
+    const pkgSkillsDir = path.resolve(path.dirname(fileURLToPath(import.meta.url)), '..', '..', 'assets', 'claude', 'commands');
     // 프로젝트 .forgen > 프로젝트 .compound > 개인 > 글로벌 > 패키지 내장
     const dirs = [
         path.join(process.cwd(), '.forgen', 'skills'),
@@ -312,5 +312,5 @@ async function main() {
 }
 main().catch((e) => {
     process.stderr.write(`[ch-hook] ${e instanceof Error ? e.message : String(e)}\n`);
-    console.log(failOpenWithTracking('skill-injector'));
+    console.log(failOpenWithTracking('skill-injector', e));
 });

package/dist/hooks/slop-detector.js CHANGED Viewed

@@ -84,10 +84,10 @@ async function main() {
     }
     catch (e) {
         log.debug('슬롭 감지 실패', e);
-        console.log(failOpenWithTracking('slop-detector'));
+        console.log(failOpenWithTracking('slop-detector', e));
     }
 }
 main().catch((e) => {
     process.stderr.write(`[ch-hook] ${e instanceof Error ? e.message : String(e)}\n`);
-    console.log(failOpenWithTracking('slop-detector'));
+    console.log(failOpenWithTracking('slop-detector', e));
 });

package/dist/hooks/solution-injector.d.ts CHANGED Viewed

@@ -28,6 +28,15 @@
  */
 export declare const MIN_INJECT_RELEVANCE = 0.3;
 export declare const MIN_INJECT_RELEVANCE_TRUSTED = 0.25;
+/**
+ * v0.4.1 — cold-start 사용자 threshold. outcomes 이벤트가 거의 없는 신규 사용자
+ * 는 starter-pack 이 champion/active 로 승격될 기회가 없어 0.3 gate 에 막혀 주입 0.
+ * 실측 (buyer-day1 v2): starter 15개 중 recall 5건 전부 relevance 0.08~0.25, 주입 0.
+ * 이 값으로 첫날부터 매칭 가능성 제공 + 누적 후엔 표준 threshold 로 자연 전환.
+ */
+export declare const MIN_INJECT_RELEVANCE_COLD_START = 0.2;
+/** cold-start 판정 임계 — fitness state 있는 솔루션이 이 수 미만이면 신규 사용자 간주. */
+export declare const COLD_START_FITNESS_THRESHOLD = 5;
 interface SessionCacheCommitResult {
     /**
      * commit 상태:

package/dist/hooks/solution-injector.js CHANGED Viewed

@@ -29,6 +29,7 @@ import { approve, approveWithContext, failOpenWithTracking } from './shared/hook
 import { STATE_DIR } from '../core/paths.js';
 import { recordHookTiming } from './shared/hook-timing.js';
 import { appendPending, flushAccept } from '../engine/solution-outcomes.js';
+import { appendImplicitFeedback } from '../store/implicit-feedback-store.js';
 const MAX_SOLUTIONS_PER_SESSION = 10;
 /**
  * Minimum relevance thresholds by fitness state (2026-04-21 gate sweep).
@@ -51,6 +52,15 @@ const MAX_SOLUTIONS_PER_SESSION = 10;
  */
 export const MIN_INJECT_RELEVANCE = 0.3;
 export const MIN_INJECT_RELEVANCE_TRUSTED = 0.25;
+/**
+ * v0.4.1 — cold-start 사용자 threshold. outcomes 이벤트가 거의 없는 신규 사용자
+ * 는 starter-pack 이 champion/active 로 승격될 기회가 없어 0.3 gate 에 막혀 주입 0.
+ * 실측 (buyer-day1 v2): starter 15개 중 recall 5건 전부 relevance 0.08~0.25, 주입 0.
+ * 이 값으로 첫날부터 매칭 가능성 제공 + 누적 후엔 표준 threshold 로 자연 전환.
+ */
+export const MIN_INJECT_RELEVANCE_COLD_START = 0.2;
+/** cold-start 판정 임계 — fitness state 있는 솔루션이 이 수 미만이면 신규 사용자 간주. */
+export const COLD_START_FITNESS_THRESHOLD = 5;
 /** 세션별 이미 주입된 솔루션 추적 (중복 방지) */
 function getSessionCachePath(sessionId) {
     return path.join(STATE_DIR, `solution-cache-${sanitizeId(sessionId)}.json`);
@@ -347,11 +357,17 @@ async function main() {
         catch (e) {
             log.debug('fitness state load 실패 — default 0.3 적용', e);
         }
+        // v0.4.1 cold-start boost: outcome 이벤트가 누적되지 않은 신규 사용자 (fitness
+        // state 있는 솔루션 < THRESHOLD) 는 champion/active 로 승격될 기회가 없으므로
+        // 보정된 낮은 threshold 적용. 누적되면 자동으로 표준 경로로 전환.
+        const isColdStart = fitnessStateMap.size < COLD_START_FITNESS_THRESHOLD;
         function minRelevanceFor(name) {
             const state = fitnessStateMap.get(name);
-            return (state === 'champion' || state === 'active')
-                ? MIN_INJECT_RELEVANCE_TRUSTED
-                : MIN_INJECT_RELEVANCE;
+            if (state === 'champion' || state === 'active')
+                return MIN_INJECT_RELEVANCE_TRUSTED;
+            if (isColdStart)
+                return MIN_INJECT_RELEVANCE_COLD_START;
+            return MIN_INJECT_RELEVANCE;
         }
         let experimentCount = 0;
         const toInject = [];
@@ -530,7 +546,34 @@ async function main() {
         catch (e) {
             log.debug('outcome appendPending 실패', e);
         }
-        console.log(approveWithContext(fullInjection, 'UserPromptSubmit'));
+        // H4: 양수 implicit-feedback — 솔루션이 실제로 사용자에게 surface 되었음을 기록.
+        // v0.4.0 의 enforcement 축은 block/violation 만 카운트했고 assist (solution 노출)
+        // 은 0건이었다. 이 emit 으로 forgen stats / session-quality-scorer 가 "오늘
+        // N개 surfaced" 를 계산할 수 있다.
+        try {
+            const now = new Date().toISOString();
+            for (const sol of effectiveToInject) {
+                appendImplicitFeedback({
+                    type: 'recommendation_surfaced',
+                    category: 'positive',
+                    solution: sol.name,
+                    match_score: sol.relevance,
+                    at: now,
+                    sessionId,
+                });
+            }
+        }
+        catch (e) {
+            log.debug('recommendation_surfaced emit 실패', e);
+        }
+        // H1: 사용자 UI 에 recall hit 1줄 노출. additionalContext 는 모델 전용이라
+        // v0.4.0 에서 8,000+ 주입이 발생했는데도 사용자는 0건을 봤다. systemMessage
+        // 로 "N개 솔루션 참조" 를 surface → 사용자가 어떤 축적 지식이 붙었는지 인식.
+        const topNames = effectiveToInject.slice(0, 3).map((s) => s.name);
+        const more = effectiveToInject.length - topNames.length;
+        const noticeNames = more > 0 ? `${topNames.join(', ')} (+${more})` : topNames.join(', ');
+        const userNotice = `[Forgen] 🔎 ${effectiveToInject.length} solution${effectiveToInject.length === 1 ? '' : 's'} recalled: ${noticeNames}`;
+        console.log(approveWithContext(fullInjection, 'UserPromptSubmit', userNotice));
     }
     finally {
         recordHookTiming('solution-injector', Date.now() - _hookStart, 'UserPromptSubmit');
@@ -538,5 +581,5 @@ async function main() {
 }
 main().catch((e) => {
     process.stderr.write(`[ch-hook] solution-injector: ${e instanceof Error ? e.message : String(e)}\n`);
-    console.log(failOpenWithTracking('solution-injector'));
+    console.log(failOpenWithTracking('solution-injector', e));
 });

package/dist/hooks/stop-guard.js CHANGED Viewed

@@ -22,7 +22,16 @@ import * as fs from 'node:fs';
 import * as path from 'node:path';
 import * as os from 'node:os';
 import { readStdinJSON } from './shared/read-stdin.js';
-import { approve, blockStop, failOpenWithTracking } from './shared/hook-response.js';
+import { approve, approveWithWarning, blockStop, failOpenWithTracking } from './shared/hook-response.js';
+import { takeLastExtractionNotice } from '../core/extraction-notice.js';
+import { checkConclusionVerificationRatio } from '../checks/conclusion-verification-ratio.js';
+import { checkSelfScoreInflation } from '../checks/self-score-deflation.js';
+import { checkFactVsAgreement } from '../checks/fact-vs-agreement.js';
+import { STATE_DIR } from '../core/paths.js';
+import { sanitizeId } from './shared/sanitize-id.js';
+import { detectRecallReferences } from '../core/recall-reference-detector.js';
+import { appendImplicitFeedback } from '../store/implicit-feedback-store.js';
+import { atomicWriteJSON } from './shared/atomic-write.js';
 import { recordHookTiming } from './shared/hook-timing.js';
 import { isHookEnabled } from './hook-config.js';
 import { loadActiveRules } from '../store/rule-store.js';
@@ -38,9 +47,9 @@ import { DEFAULT_STOP_TRIGGER_RE, DEFAULT_STOP_EXCLUDE_RE } from './shared/stop-
  * ADR-002 Meta 트리거(규칙 자동 강등)로 연결한다.
  */
 const STUCK_LOOP_THRESHOLD = 3;
-const BLOCK_COUNT_DIR = path.join(os.homedir(), '.forgen', 'state', 'enforcement', 'block-count');
-const DRIFT_LOG = path.join(os.homedir(), '.forgen', 'state', 'enforcement', 'drift.jsonl');
-const ACK_LOG = path.join(os.homedir(), '.forgen', 'state', 'enforcement', 'acknowledgments.jsonl');
+const BLOCK_COUNT_DIR = path.join(STATE_DIR, 'enforcement', 'block-count');
+const DRIFT_LOG = path.join(STATE_DIR, 'enforcement', 'drift.jsonl');
+const ACK_LOG = path.join(STATE_DIR, 'enforcement', 'acknowledgments.jsonl');
 /**
  * Spike scenarios.json 로더 — FORGEN_SPIKE_RULES 명시 시에만 로드.
  * H1 (2026-04-22): 이전에는 process.cwd()/tests/spike/... 를 기본 폴백했으나,
@@ -213,7 +222,7 @@ function evaluateVerifier(rule) {
  * 루트 밖 경로는 존재 여부와 무관하게 false 반환.
  */
 function artifactFresh(relOrAbs, maxAgeS) {
-    const homeBase = path.join(os.homedir(), '.forgen', 'state');
+    const homeBase = STATE_DIR;
     const projectBase = path.resolve(process.env.FORGEN_CWD ?? process.env.COMPOUND_CWD ?? process.cwd(), '.forgen', 'state');
     const allowedRoots = [homeBase, projectBase];
     let p = relOrAbs;
@@ -397,22 +406,152 @@ export function getStuckLoopThreshold() {
         return env;
     return STUCK_LOOP_THRESHOLD;
 }
+/**
+ * H4 완결 (2026-04-24): recall_referenced emit 경로.
+ * Stop hook 에서 Claude 의 직전 응답 텍스트와 이 세션의 injection-cache 를 대조해,
+ * 주입된 솔루션 이름이 응답에 등장하면 `recall_referenced` 이벤트 기록. 동일
+ * 솔루션 중복 emit 방지용으로 injection-cache 의 해당 엔트리에 `_referenced: true`
+ * 플래그 세팅 후 atomic 재기록. fail-open — 어떤 단계든 throw 시 스킵.
+ */
+function emitRecallReferencesFailOpen(sessionId, lastMessage) {
+    try {
+        const cachePath = path.join(STATE_DIR, `injection-cache-${sanitizeId(sessionId)}.json`);
+        if (!fs.existsSync(cachePath))
+            return;
+        const raw = fs.readFileSync(cachePath, 'utf-8');
+        const cache = JSON.parse(raw);
+        const sols = Array.isArray(cache.solutions) ? cache.solutions : [];
+        if (sols.length === 0)
+            return;
+        const { newlyReferenced } = detectRecallReferences(lastMessage, sols);
+        if (newlyReferenced.length === 0)
+            return;
+        const now = new Date().toISOString();
+        for (const name of newlyReferenced) {
+            appendImplicitFeedback({
+                type: 'recall_referenced',
+                category: 'positive',
+                solution: name,
+                at: now,
+                sessionId,
+            });
+        }
+        // 중복 emit 방지 — cache 에 플래그 저장 후 재기록
+        const refSet = new Set(newlyReferenced);
+        const updated = {
+            ...cache,
+            solutions: sols.map((s) => (refSet.has(s.name) ? { ...s, _referenced: true } : s)),
+            updatedAt: now,
+        };
+        atomicWriteJSON(cachePath, updated, { mode: 0o600, dirMode: 0o700 });
+    }
+    catch {
+        /* fail-open */
+    }
+}
+/**
+ * TEST-2 support: post-tool-use 가 저장한 modified-files-{sessionId}.json 에서
+ * recentToolNames 윈도우를 로드. 파일이 없거나 깨져도 빈 배열로 fail-open.
+ */
+function loadRecentToolNames(sessionId) {
+    try {
+        const p = path.join(STATE_DIR, `modified-files-${sanitizeId(sessionId)}.json`);
+        if (!fs.existsSync(p))
+            return [];
+        const raw = fs.readFileSync(p, 'utf-8');
+        const data = JSON.parse(raw);
+        if (Array.isArray(data.recentToolNames)) {
+            return data.recentToolNames.filter((n) => typeof n === 'string');
+        }
+        return [];
+    }
+    catch {
+        return [];
+    }
+}
+/**
+ * H2: Stop hook approve 시 이전 세션의 auto-compound 추출 결과를 1회만 surface.
+ * takeLastExtractionNotice 가 null 이면 일반 approve, 아니면 systemMessage 포함.
+ */
+function approveWithOptionalExtractionNotice() {
+    const notice = takeLastExtractionNotice();
+    if (notice)
+        return approveWithWarning(notice);
+    return approve();
+}
 export async function main() {
     const started = Date.now();
     try {
         if (!isHookEnabled(HOOK_NAME)) {
-            console.log(approve());
+            console.log(approveWithOptionalExtractionNotice());
             return;
         }
         const input = await readStdinJSON();
         const lastMessage = readLastAssistantMessage(input);
         if (!lastMessage) {
-            console.log(approve());
+            console.log(approveWithOptionalExtractionNotice());
             return;
         }
+        // H4 완결: 응답 텍스트와 injection-cache 대조해 recall_referenced emit.
+        // block/approve 어느 경로이든 동일하게 기록 (참조는 응답 내용이 결정).
+        const sessionIdForRef = input?.session_id ?? 'unknown';
+        emitRecallReferencesFailOpen(sessionIdForRef, lastMessage);
+        // TEST-2/3: rule-free meta guards — FORGEN_USER_CONFIRMED=1 우회 공통.
+        if (process.env.FORGEN_USER_CONFIRMED !== '1') {
+            const sessionId = input?.session_id ?? 'unknown';
+            // TEST-2 (자가 점수 인플레이션): 숫자 점수 상승 선언 + 측정 도구 0회 → block.
+            // TEST-3 보다 강한 신호라 먼저 평가.
+            const recentTools = loadRecentToolNames(sessionId);
+            const score = checkSelfScoreInflation({ text: lastMessage, recentTools });
+            if (score.block) {
+                recordViolation({
+                    rule_id: 'builtin:self-score-inflation',
+                    session_id: sessionId,
+                    source: 'stop-guard',
+                    kind: 'block',
+                    message_preview: lastMessage.slice(0, 120),
+                });
+                const reasonText = `[forgen:stop-guard/self-score-inflation] ${score.reason}
+(Override this turn: set FORGEN_USER_CONFIRMED=1 (audited).)`;
+                console.log(blockStop(reasonText, 'rule:TEST-2 — self-score inflation'));
+                return;
+            }
+            // TEST-3: 결론/검증 비율 — Claude 가 실제 측정 도구는 돌렸지만 서술이
+            // 결론-편향이면 여전히 block.
+            const ratio = checkConclusionVerificationRatio({ text: lastMessage });
+            if (ratio.block) {
+                recordViolation({
+                    rule_id: 'builtin:conclusion-verification-ratio',
+                    session_id: sessionId,
+                    source: 'stop-guard',
+                    kind: 'block',
+                    message_preview: lastMessage.slice(0, 120),
+                });
+                const reasonText = `[forgen:stop-guard/conclusion-ratio] ${ratio.reason}
+(Override this turn: set FORGEN_USER_CONFIRMED=1 (audited).)`;
+                console.log(blockStop(reasonText, 'rule:TEST-3 — conclusion/verification ratio'));
+                return;
+            }
+            // TEST-1: 사실 vs 합의 — fact assertion 키워드가 있으나 측정 도구 호출 0건.
+            // 원 design intent (per fact-vs-agreement.ts): alert level only — block 은 TEST-2/3.
+            // 여기서는 measurement 신호를 violations.jsonl 에 'alert' kind 로 기록만 (block 안 함).
+            // wiring gap 발견 (forgen-eval introspect) → 측정 가능하게 wired up.
+            const fva = checkFactVsAgreement({ text: lastMessage, recentTools, minMeasurements: 1 });
+            if (fva.alert) {
+                recordViolation({
+                    rule_id: 'builtin:fact-vs-agreement',
+                    session_id: sessionId,
+                    source: 'stop-guard',
+                    kind: 'correction', // alert-level signal (not block) per fact-vs-agreement.ts design
+                    message_preview: lastMessage.slice(0, 120),
+                });
+            }
+        }
         const rules = loadStopRules();
         if (rules.length === 0) {
-            console.log(approve());
+            console.log(approveWithOptionalExtractionNotice());
             return;
         }
         const result = evaluateStop(lastMessage, rules);
@@ -421,7 +560,7 @@ export async function main() {
             // R9-PA2: 같은 session 에 pending block 이 있었다면 retract→pass 루프가
             // 실제 작동한 것 — acknowledgment 이벤트로 기록. block-count 는 cleanup.
             acknowledgeSessionBlocks(sessionId);
-            console.log(approve());
+            console.log(approveWithOptionalExtractionNotice());
             return;
         }
         const { hit, reason } = result;
@@ -433,7 +572,7 @@ export async function main() {
                 kind: 'correction',
                 message_preview: `[FORGEN_USER_CONFIRMED=1 bypass] ${lastMessage.slice(0, 100)}`,
             });
-            console.log(approve());
+            console.log(approveWithOptionalExtractionNotice());
             return;
         }
         // T2 signal: block 은 rule 위반 증거 — violations.jsonl 에 기록.
@@ -464,13 +603,13 @@ export async function main() {
                 message_preview: lastMessage.slice(0, 120),
             });
             resetBlockCount(sessionId, hit.id);
-            console.log(approve());
+            console.log(approveWithOptionalExtractionNotice());
             return;
         }
         console.log(blockStop(reasonWithHint, hit.system_tag));
     }
-    catch {
-        console.log(failOpenWithTracking(HOOK_NAME));
+    catch (e) {
+        console.log(failOpenWithTracking(HOOK_NAME, e));
     }
     finally {
         recordHookTiming(HOOK_NAME, Date.now() - started, 'Stop');

package/dist/hooks/subagent-tracker.js CHANGED Viewed

@@ -86,5 +86,5 @@ async function main() {
 }
 main().catch((e) => {
     process.stderr.write(`[ch-hook] ${e instanceof Error ? e.message : String(e)}\n`);
-    console.log(failOpenWithTracking('subagent-tracker'));
+    console.log(failOpenWithTracking('subagent-tracker', e));
 });

package/dist/host/capabilities-claude.d.ts ADDED Viewed

@@ -0,0 +1,8 @@
+/**
+ * Claude HostCapabilities — Multi-Host Core Design §9.0
+ *
+ * Claude 는 reference host. 모든 TrustLayerIntent 가 supported (identity binding).
+ * 본 선언은 *spec 정의 그 자체* 의 코드 표현 — 변경 시 spec §9.0 도 같이 갱신해야 한다.
+ */
+import type { HostCapabilities } from '../core/trust-layer-intent.js';
+export declare const claudeCapabilities: HostCapabilities;