@wooojin/forgen 0.4.0 → 0.4.3

package/dist/engine/meta-learning/session-quality-scorer.d.ts

@@ -12,6 +12,7 @@
  *   - state/sessions/{sessionId}.json  → session metadata
  */
 import type { SessionQualityScore } from './types.js';
+import { type ImplicitFeedbackEntry } from '../../store/implicit-feedback-store.js';
 interface InjectionCacheData {
     injected: string[];
     totalInjectedChars: number;
@@ -29,12 +30,6 @@ interface DriftState {
     lastCriticalAt: number | null;
     hardCapReached: boolean;
 }
-interface ImplicitFeedbackEntry {
-    type: string;
-    sessionId?: string;
-    at: string;
-    [key: string]: unknown;
-}
 export declare function loadInjectionCache(sessionId: string): InjectionCacheData | null;
 export declare function loadDriftState(sessionId: string): DriftState | null;
 export declare function loadImplicitFeedback(sessionId: string): ImplicitFeedbackEntry[];

package/dist/engine/meta-learning/session-quality-scorer.js

@@ -15,6 +15,7 @@ import * as fs from 'node:fs';
 import * as path from 'node:path';
 import { ME_BEHAVIOR, STATE_DIR } from '../../core/paths.js';
 import { safeReadJSON } from '../../hooks/shared/atomic-write.js';
+import { loadImplicitFeedback as loadImplicitFeedbackFromStore, } from '../../store/implicit-feedback-store.js';
 function sanitizeId(id) {
     return id.replace(/[^a-zA-Z0-9_-]/g, '_');
 }
@@ -32,27 +33,7 @@ export function loadDriftState(sessionId) {
     return data?.drift ?? null;
 }
 export function loadImplicitFeedback(sessionId) {
-    const logPath = path.join(STATE_DIR, 'implicit-feedback.jsonl');
-    try {
-        if (!fs.existsSync(logPath))
-            return [];
-        const lines = fs.readFileSync(logPath, 'utf-8').split('\n').filter(Boolean);
-        const entries = [];
-        for (const line of lines) {
-            try {
-                const entry = JSON.parse(line);
-                if (entry.sessionId === sessionId)
-                    entries.push(entry);
-            }
-            catch {
-                /* skip malformed lines */
-            }
-        }
-        return entries;
-    }
-    catch {
-        return [];
-    }
+    return loadImplicitFeedbackFromStore(sessionId);
 }
 export function loadSessionCorrections(sessionId) {
     try {

package/dist/engine/skill-promoter.js

@@ -6,15 +6,12 @@
  */
 import * as fs from 'node:fs';
 import * as path from 'node:path';
-import * as os from 'node:os';
 import { parseSolutionV3 } from './solution-format.js';
 import { createLogger } from '../core/logger.js';
+import { ME_SOLUTIONS, ME_SKILLS, CLAUDE_DIR } from '../core/paths.js';
 const log = createLogger('skill-promoter');
-const FORGEN_HOME = path.join(os.homedir(), '.forgen');
-const ME_SOLUTIONS = path.join(FORGEN_HOME, 'me', 'solutions');
-const ME_SKILLS = path.join(FORGEN_HOME, 'me', 'skills');
-// Claude Code가 자동 인식하는 글로벌 스킬 경로
-const CLAUDE_SKILLS = path.join(os.homedir(), '.claude', 'skills');
+// Claude Code가 자동 인식하는 글로벌 스킬 경로 (~/.claude/skills)
+const CLAUDE_SKILLS = path.join(CLAUDE_DIR, 'skills');
 // 일반적인 태그 제외 (트리거로 부적합)
 const GENERIC_TAGS = new Set([
     'typescript', 'javascript', 'react', 'node', 'error', 'fix', 'code',

package/dist/fgx.js

@@ -6,6 +6,7 @@
 import { resolveLaunchContext } from './services/session.js';
 import { prepareHarness, isFirstRun } from './core/harness.js';
 import { spawnClaude } from './core/spawn.js';
+import { getHostRuntime } from './host/host-runtime.js';
 const args = process.argv.slice(2);
 // 이미 포함되어 있으면 중복 추가하지 않음
 const launchContext = resolveLaunchContext(args);
@@ -43,7 +44,7 @@ async function main() {
         console.log(`[forgen] Trust: ${v1.session.effective_trust_policy}`);
     }
     console.log('[forgen] Mode: dangerously-skip-permissions');
-    const runtimeLabel = runtime === 'codex' ? 'Codex' : 'Claude';
+    const runtimeLabel = getHostRuntime(runtime).displayName;
     console.log(`[forgen] Starting ${runtimeLabel}...\n`);
     await spawnClaude(launchArgs, context, runtime);
 }

package/dist/forge/evidence-processor.js

@@ -8,6 +8,7 @@
 import { createEvidence, appendEvidence } from '../store/evidence-store.js';
 import { createRule, saveRule } from '../store/rule-store.js';
 import { classify, applyProposal } from '../engine/enforce-classifier.js';
+import { bumpAxisConfidence } from '../store/profile-store.js';
 // ── Correction → Evidence + Temporary Rule ──
 /**
  * 사용자 교정을 Evidence로 기록하고, 필요 시 temporary rule 생성.
@@ -31,6 +32,17 @@ export function processCorrection(req) {
         },
     });
     appendEvidence(evidence); // T1 lifecycle trigger fires here for explicit_correction
+    // D2 fix (2026-04-27): explicit_correction 의 axis_hint 가 axes confidence 에
+    // 직접 반영되도록 bump. autonomy 6건이 score 못 움직였던 결함 해결.
+    // 회귀 안전: facet 값은 안 건드리고 confidence 만 +0.02 (avoid-this 는 +0.04
+    // 로 더 강한 신호). docs/issues/D2-autonomy-facet-stuck.md 참조.
+    if (req.axis_hint) {
+        const bump = req.kind === 'avoid-this' ? 0.04 : 0.02;
+        try {
+            bumpAxisConfidence(req.axis_hint, bump);
+        }
+        catch { /* fail-open */ }
+    }
     // fix-now, avoid-this → temporary session rule
     let temporaryRule = null;
     if (req.kind === 'fix-now' || req.kind === 'avoid-this') {

package/dist/forge/onboarding.d.ts

@@ -1,8 +1,9 @@
 /**
  * Forgen v1 — Onboarding
  *
- * 2문항 온보딩, 점수 계산, pack 추천.
- * Authoritative spec: docs/plans/2026-04-03-forgen-onboarding-adaptation-spec.md §3-4
+ * 4문항 온보딩 (quality / autonomy / judgment / communication 4축), 점수 계산, pack 추천.
+ * Authoritative spec: docs/history/2026-04-03-tenetx-onboarding-adaptation-spec.md
+ *   (spec §3 은 v0.1 시점 2문항 기준 — v0.4 부터 4문항으로 확장됨, src/forge/onboarding-cli.ts:69-75 참조)
  */
 import type { QualityPack, AutonomyPack, JudgmentPack, CommunicationPack, TrustPolicy, PackRecommendation } from '../store/types.js';
 export type ChoiceId = 'A' | 'B' | 'C';

package/dist/forge/onboarding.js

@@ -1,8 +1,9 @@
 /**
  * Forgen v1 — Onboarding
  *
- * 2문항 온보딩, 점수 계산, pack 추천.
- * Authoritative spec: docs/plans/2026-04-03-forgen-onboarding-adaptation-spec.md §3-4
+ * 4문항 온보딩 (quality / autonomy / judgment / communication 4축), 점수 계산, pack 추천.
+ * Authoritative spec: docs/history/2026-04-03-tenetx-onboarding-adaptation-spec.md
+ *   (spec §3 은 v0.1 시점 2문항 기준 — v0.4 부터 4문항으로 확장됨, src/forge/onboarding-cli.ts:69-75 참조)
  */
 import { createRecommendation } from '../store/recommendation-store.js';
 // 질문 1: 애매한 구현 요청 + 인접 영향 가능성

package/dist/hooks/context-guard.js

@@ -408,6 +408,6 @@ function saveHandoff(sessionId, reason, detail) {
 if (process.argv[1] && fs.realpathSync(path.resolve(process.argv[1])) === fileURLToPath(import.meta.url)) {
     main().catch((e) => {
         process.stderr.write(`[ch-hook] ${e instanceof Error ? e.message : String(e)}\n`);
-        console.log(failOpenWithTracking('context-guard'));
+        console.log(failOpenWithTracking('context-guard', e));
     });
 }

package/dist/hooks/dangerous-patterns.json

@@ -1,5 +1,5 @@
 [
-  { "pattern": "rm\\s+(-rf|-fr)\\s+[/~]", "description": "rm -rf on root/home path", "severity": "block" },
+  { "pattern": "rm\\s+(-rf|-fr)\\s+(\\/(?!tmp\\b|var\\/folders\\b|var\\/tmp\\b)|~)", "description": "rm -rf on root/home path", "severity": "block" },
   { "pattern": "rm\\s+(-rf|-fr)\\s+\\.\\s", "description": "rm -rf on current directory", "severity": "block" },
   { "pattern": "git\\s+push\\s+.*--force(?!-)", "description": "git push --force", "severity": "warn" },
   { "pattern": "git\\s+reset\\s+--hard", "description": "git reset --hard", "severity": "warn" },
@@ -9,10 +9,10 @@
   { "pattern": ">\\s*\\/dev\\/sd[a-z]", "description": "write to block device", "severity": "block" },
   { "pattern": "mkfs\\s", "description": "mkfs (format filesystem)", "severity": "block" },
   { "pattern": ":\\(\\)\\s*\\{\\s*:\\|:&\\s*\\}\\s*;:", "description": "fork bomb", "severity": "block" },
-  { "pattern": "\\beval\\s+[\"'`]", "description": "eval with string (injection risk)", "severity": "warn" },
+  { "pattern": "\\beval\\s+[\"'`]", "description": "eval with string (injection risk)", "severity": "warn", "match_target": "raw" },
   { "pattern": "curl\\s+.*\\|\\s*(ba)?sh", "description": "curl pipe to shell", "severity": "block" },
   { "pattern": "wget\\s+.*\\|\\s*(ba)?sh", "description": "wget pipe to shell", "severity": "block" },
-  { "pattern": "python[23]?\\s+-c\\s+['\"].*(?:import\\s+os|subprocess|exec|eval)", "description": "python -c with dangerous imports", "severity": "warn" },
+  { "pattern": "python[23]?\\s+-c\\s+['\"].*(?:import\\s+os|subprocess|exec|eval)", "description": "python -c with dangerous imports", "severity": "warn", "match_target": "raw" },
   { "pattern": "\\bchmod\\s+[0-7]*777\\b", "description": "chmod 777 (overly permissive)", "severity": "warn" },
   { "pattern": "\\bdd\\s+.*of=\\/dev\\/", "description": "dd write to device", "severity": "block" }
 ]

package/dist/hooks/db-guard.js

@@ -9,8 +9,9 @@ import * as path from 'node:path';
 import { readStdinJSON } from './shared/read-stdin.js';
 import { atomicWriteJSON } from './shared/atomic-write.js';
 import { isHookEnabled } from './hook-config.js';
-import { approve, approveWithWarning, deny, failOpenWithTracking } from './shared/hook-response.js';
+import { approve, approveWithWarning, denyOrObserve, failOpenWithTracking } from './shared/hook-response.js';
 import { STATE_DIR } from '../core/paths.js';
+import { preprocessForMatch } from './shared/command-parser.js';
 const FAIL_COUNTER_PATH = path.join(STATE_DIR, 'db-guard-fail-counter.json');
 const FAIL_CLOSE_THRESHOLD = 3;
 export const DANGEROUS_SQL_PATTERNS = [
@@ -27,8 +28,23 @@ export function checkDangerousSql(toolName, toolInput) {
     const command = typeof toolInput === 'string'
         ? toolInput
         : (toolInput.command ?? '');
+    // TEST-6 확장 (2026-04-24): DB CLI allowlist 기반 quote-aware 전처리.
+    //
+    // 결함: 이전에는 raw command 를 직접 매칭해 `git commit -m "... DROP TABLE ..."`
+    // 같은 quote 안 SQL 키워드까지 block (실증: 이번 세션 내 release 커밋 메시지 차단).
+    //
+    // 단순히 masked 만 쓰면 `psql -c "DROP TABLE users"` 같은 실 DB 실행의 True-Positive
+    // 까지 놓친다. 해법: masked 처리 후에도 **DB CLI 토큰** 이 보이면 진짜 실행 의도
+    // 라고 판단해 raw 를 검사, 아니면 masked 를 검사.
+    //   - `psql -c "DROP TABLE"` → masked: `psql -c ""` → psql 존재 → raw 검사 → block
+    //   - `git commit -m "DROP TABLE"` → masked: `git commit -m ""` → psql 없음 → masked 검사 → pass
+    //   - `DROP DATABASE production` (direct SQL) → masked 그대로 (quote 없음) → block
+    const maskedCommand = preprocessForMatch(command, 'masked');
+    const dbCliRe = /\b(psql|mysql|sqlite3?|pg_restore|mongosh|mysqldump|cockroach\s+sql|redis-cli)\b/i;
+    const hasDbCli = dbCliRe.test(maskedCommand);
+    const scanCommand = hasDbCli ? command : maskedCommand;
     // 주석 제거 후 SQL에 대해 패턴 매칭 (주석 안 키워드 오차단 방지)
-    const sqlWithoutComments = command
+    const sqlWithoutComments = scanCommand
         .replace(/--[^\n]*/g, '') // 라인 주석 제거
         .replace(/\/\*[\s\S]*?\*\//g, ''); // 블록 주석 제거
     for (const { pattern, description, severity } of DANGEROUS_SQL_PATTERNS) {
@@ -73,7 +89,7 @@ async function main() {
     if (!data) {
         const failCount = getAndIncrementFailCount();
         if (failCount >= FAIL_CLOSE_THRESHOLD) {
-            console.log(deny(`[Forgen] DB Guard: stdin parse failed ${failCount} consecutive times — blocking for safety.`));
+            console.log(denyOrObserve('db-guard', `[Forgen] DB Guard: stdin parse failed ${failCount} consecutive times — blocking for safety.`));
         }
         else {
             process.stderr.write(`[ch-hook] db-guard stdin parse failed (${failCount}/${FAIL_CLOSE_THRESHOLD})\n`);
@@ -90,7 +106,7 @@ async function main() {
     const toolInput = data.tool_input ?? data.toolInput ?? {};
     const check = checkDangerousSql(toolName, toolInput);
     if (check.action === 'block') {
-        console.log(deny(`[Forgen] Dangerous SQL blocked: ${check.description}`));
+        console.log(denyOrObserve('db-guard', `[Forgen] Dangerous SQL blocked: ${check.description}`));
         return;
     }
     if (check.action === 'warn') {
@@ -101,5 +117,5 @@ async function main() {
 }
 main().catch((e) => {
     process.stderr.write(`[ch-hook] DB Guard error: ${e instanceof Error ? e.message : String(e)}\n`);
-    console.log(failOpenWithTracking('db-guard'));
+    console.log(failOpenWithTracking('db-guard', e));
 });

package/dist/hooks/forge-loop-progress.d.ts

@@ -0,0 +1,9 @@
+#!/usr/bin/env node
+/**
+ * Forgen — Forge Loop Progress Injector
+ *
+ * Claude Code UserPromptSubmit 훅. forge-loop active=true 인 동안 매 프롬프트
+ * 마다 진행 상황(N/M, next story)을 컨텍스트에 inject 한다. RC6 가드의 두 번째
+ * 축 — 세션 도중에도 forge-loop 가 컨텍스트에서 사라지지 않게 함.
+ */
+export {};

package/dist/hooks/forge-loop-progress.js

@@ -0,0 +1,38 @@
+#!/usr/bin/env node
+/**
+ * Forgen — Forge Loop Progress Injector
+ *
+ * Claude Code UserPromptSubmit 훅. forge-loop active=true 인 동안 매 프롬프트
+ * 마다 진행 상황(N/M, next story)을 컨텍스트에 inject 한다. RC6 가드의 두 번째
+ * 축 — 세션 도중에도 forge-loop 가 컨텍스트에서 사라지지 않게 함.
+ */
+import { readStdinJSON } from './shared/read-stdin.js';
+import { isHookEnabled } from './hook-config.js';
+import { approve, approveWithContext, failOpenWithTracking } from './shared/hook-response.js';
+import { recordHookTiming } from './shared/hook-timing.js';
+import { readForgeLoopState, renderForgeLoopForPrompt } from './shared/forge-loop-state.js';
+import { createLogger } from '../core/logger.js';
+const log = createLogger('forge-loop-progress');
+async function main() {
+    const _hookStart = Date.now();
+    try {
+        await readStdinJSON().catch((e) => { log.debug('stdin read failed', e); return null; });
+        if (!isHookEnabled('forge-loop-progress')) {
+            console.log(approve());
+            return;
+        }
+        const block = renderForgeLoopForPrompt(readForgeLoopState());
+        if (!block) {
+            console.log(approve());
+            return;
+        }
+        console.log(approveWithContext(block, 'UserPromptSubmit'));
+    }
+    finally {
+        recordHookTiming('forge-loop-progress', Date.now() - _hookStart, 'UserPromptSubmit');
+    }
+}
+main().catch((e) => {
+    process.stderr.write(`[ch-hook] forge-loop-progress: ${e instanceof Error ? e.message : String(e)}\n`);
+    console.log(failOpenWithTracking('forge-loop-progress', e));
+});

package/dist/hooks/hook-registry.js

@@ -20,7 +20,7 @@ const require = createRequire(import.meta.url);
  *     (Code Reflection + permission hints 주입 타이밍)
  *   - 같은 이벤트 내 훅은 배열 순서대로 실행됨
  */
-import registryData from '../../hooks/hook-registry.json' with { type: 'json' };
+import registryData from '../../assets/shared/hook-registry.json' with { type: 'json' };
 export const HOOK_REGISTRY = registryData;
 /** 티어별 훅 목록 조회 */
 export function getHooksByTier(tier) {

package/dist/hooks/hooks-generator.d.ts

@@ -9,7 +9,7 @@
  *   - forgen config hooks (사용자 설정 변경 후)
  *   - forgen install (플러그인 설치 후)
  */
-import { type RuntimeHost } from '../core/types.js';
+import type { RuntimeHost } from '../core/types.js';
 interface HookCommand {
     type: 'command';
     command: string;
@@ -30,6 +30,12 @@ interface GenerateOptions {
     pluginRoot?: string;
     /** 런타임 (claude|codex) */
     runtime?: RuntimeHost;
+    /**
+     * 환경 독립 산출물 모드 (W4, 2026-04-27).
+     * true 시 plugin 감지 + hook-config 비활성화 모두 건너뛰어 모든 hook 이 active.
+     * 배포(prepack), 테스트 결정론, runtime 환경 분리에 사용.
+     */
+    releaseMode?: boolean;
 }
 /**
  * 활성 훅만 포함한 hooks.json 객체를 생성합니다.
@@ -39,6 +45,14 @@ interface GenerateOptions {
  *   2. 충돌 훅 식별
  *   3. hook-config.json 설정 적용
  *   4. 활성 훅만 hooks.json 구조로 변환
+ *
+ * releaseMode: 환경 독립 산출물 모드 (W4, 2026-04-27).
+ *   - true 시 plugin 감지를 건너뛰고, hook-config.json 의 사용자 비활성화도 무시한다.
+ *   - 결과는 항상 모든 hook active — 배포 산출물 결정론화 + 테스트 안정화.
+ *   - prepack-hooks.cjs 는 이미 HOME swap 으로 같은 효과를 내지만, 본 옵션은
+ *     명시적 API 로 동일 보장을 제공해 테스트가 환경 독립 검증 가능.
+ *   - 자기증거: 본 세션이 사용자 HOME 에서 19/21 active 산출물을 받아 우회한
+ *     사례 — docs/issues/W4-W5-self-evidence.md 박제.
  */
 export declare function generateHooksJson(options?: GenerateOptions): HooksJson;
 /**

package/dist/hooks/hooks-generator.js

@@ -14,6 +14,7 @@ import * as path from 'node:path';
 import { HOOK_REGISTRY } from './hook-registry.js';
 import { isHookEnabled } from './hook-config.js';
 import { detectInstalledPlugins, getHookConflicts } from '../core/plugin-detector.js';
+import { getHostRuntime } from '../host/host-runtime.js';
 function splitCommand(raw) {
     const tokens = raw.match(/"([^"]+)"|\S+/g) ?? [];
     const unquoted = tokens.map(token => token.replace(/^"/, '').replace(/"$/, ''));
@@ -24,16 +25,9 @@ function quoteArg(raw) {
 }
 function buildHookCommand(pluginRoot, rawScript, runtime) {
     const { script, args } = splitCommand(rawScript);
-    const scriptPath = `${pluginRoot}/${script}`;
     const quotedArgs = args.map(quoteArg).join(' ');
-    if (runtime === 'codex') {
-        const adapterPath = `${pluginRoot}/host/codex-adapter.js`;
-        const baseCommand = `node ${quoteArg(adapterPath)} ${quoteArg(scriptPath)}`;
-        return `${baseCommand}${quotedArgs ? ` ${quotedArgs}` : ''}`;
-    }
-    return quotedArgs
-        ? `node ${quoteArg(scriptPath)} ${quotedArgs}`
-        : `node ${quoteArg(scriptPath)}`;
+    // Phase 2: host-runtime 위임 — Codex 표면 (codex-adapter 경유) 을 core 가 모르도록.
+    return getHostRuntime(runtime).wrapHookCommand(pluginRoot, script, quotedArgs);
 }
 /**
  * 활성 훅만 포함한 hooks.json 객체를 생성합니다.
@@ -43,23 +37,31 @@ function buildHookCommand(pluginRoot, rawScript, runtime) {
  *   2. 충돌 훅 식별
  *   3. hook-config.json 설정 적용
  *   4. 활성 훅만 hooks.json 구조로 변환
+ *
+ * releaseMode: 환경 독립 산출물 모드 (W4, 2026-04-27).
+ *   - true 시 plugin 감지를 건너뛰고, hook-config.json 의 사용자 비활성화도 무시한다.
+ *   - 결과는 항상 모든 hook active — 배포 산출물 결정론화 + 테스트 안정화.
+ *   - prepack-hooks.cjs 는 이미 HOME swap 으로 같은 효과를 내지만, 본 옵션은
+ *     명시적 API 로 동일 보장을 제공해 테스트가 환경 독립 검증 가능.
+ *   - 자기증거: 본 세션이 사용자 HOME 에서 19/21 active 산출물을 받아 우회한
+ *     사례 — docs/issues/W4-W5-self-evidence.md 박제.
  */
 export function generateHooksJson(options) {
     const cwd = options?.cwd;
+    const releaseMode = options?.releaseMode ?? false;
     // biome-ignore lint/suspicious/noTemplateCurlyInString: CLAUDE_PLUGIN_ROOT is a Claude Code Plugin SDK variable resolved at runtime
     const pluginRoot = options?.pluginRoot ?? '${CLAUDE_PLUGIN_ROOT}/dist';
     const runtime = options?.runtime ?? 'claude';
-    // 다른 플러그인의 충돌 훅 감지
-    const hookConflicts = getHookConflicts(cwd);
-    const detectedPlugins = detectInstalledPlugins(cwd);
-    const hasOtherPlugins = detectedPlugins.length > 0;
+    // 다른 플러그인의 충돌 훅 감지 — releaseMode 시 건너뜀
+    const hookConflicts = releaseMode ? new Set() : getHookConflicts(cwd);
+    const hasOtherPlugins = !releaseMode && detectInstalledPlugins(cwd).length > 0;
     // 활성 훅 필터링
     const activeHooks = HOOK_REGISTRY.filter(hook => {
-        // 1) hook-config.json에서 명시적 비활성화
-        if (!isHookEnabled(hook.name))
+        // 1) hook-config.json에서 명시적 비활성화 (releaseMode 시 무시)
+        if (!releaseMode && !isHookEnabled(hook.name))
             return false;
         // 2) 다른 플러그인과 충돌하는 workflow 훅은 자동 비활성
-        //    (단, compound-critical 훅은 항상 유지)
+        //    (단, compound-critical 훅은 항상 유지. releaseMode 면 분기 조건이 false)
         if (hasOtherPlugins && hook.tier === 'workflow' && hookConflicts.has(hook.name) && !hook.compoundCritical) {
             return false;
         }

package/dist/hooks/intent-classifier.js

@@ -83,5 +83,5 @@ async function main() {
 }
 main().catch((e) => {
     process.stderr.write(`[ch-hook] ${e instanceof Error ? e.message : String(e)}\n`);
-    console.log(failOpenWithTracking('intent-classifier'));
+    console.log(failOpenWithTracking('intent-classifier', e));
 });

package/dist/hooks/keyword-detector.js

@@ -106,7 +106,7 @@ function loadSkillContent(skillName) {
     // 글로벌 스킬 경로
     searchPaths.push(path.join(FORGEN_HOME, 'skills', `${skillName}.md`));
     // forgen 패키지 내장 스킬
-    const pkgSkillPath = path.resolve(path.dirname(fileURLToPath(import.meta.url)), '..', '..', 'commands', `${skillName}.md`);
+    const pkgSkillPath = path.resolve(path.dirname(fileURLToPath(import.meta.url)), '..', '..', 'assets', 'claude', 'commands', `${skillName}.md`);
     searchPaths.push(pkgSkillPath);
     for (const p of searchPaths) {
         if (fs.existsSync(p)) {
@@ -308,6 +308,6 @@ async function main() {
 if (process.argv[1] && fs.realpathSync(path.resolve(process.argv[1])) === fileURLToPath(import.meta.url)) {
     main().catch((e) => {
         process.stderr.write(`[ch-hook] ${e instanceof Error ? e.message : String(e)}\n`);
-        console.log(failOpenWithTracking('keyword-detector'));
+        console.log(failOpenWithTracking('keyword-detector', e));
     });
 }

package/dist/hooks/notepad-injector.js

@@ -50,5 +50,5 @@ async function main() {
 }
 main().catch((e) => {
     process.stderr.write(`[ch-hook] ${e instanceof Error ? e.message : String(e)}\n`);
-    console.log(failOpenWithTracking('notepad-injector'));
+    console.log(failOpenWithTracking('notepad-injector', e));
 });

package/dist/hooks/permission-handler.js

@@ -129,5 +129,5 @@ async function main() {
 }
 main().catch((e) => {
     process.stderr.write(`[ch-hook] ${e instanceof Error ? e.message : String(e)}\n`);
-    console.log(failOpenWithTracking('permission-handler'));
+    console.log(failOpenWithTracking('permission-handler', e));
 });

package/dist/hooks/post-tool-failure.js

@@ -127,5 +127,5 @@ main().catch((e) => {
         hookName: 'post-tool-failure', eventType: 'PostToolUseFailure', cause: e,
     });
     process.stderr.write(`[ch-hook] ${hookErr.name}: ${hookErr.message}\n`);
-    console.log(failOpenWithTracking('post-tool-failure'));
+    console.log(failOpenWithTracking('post-tool-failure', e));
 });

package/dist/hooks/post-tool-use.d.ts

@@ -18,6 +18,12 @@ interface ModifiedFilesState {
     recentWrites?: Record<string, string[]>;
     /** Drift detection state */
     drift?: DriftState;
+    /**
+     * TEST-2 support: 최근 N개 tool 이름 (가장 최근이 마지막). 세션 시작 이래 누적된
+     * 도구 이름을 그대로 끝까지 보관하면 메모리 낭비이므로 slice window.
+     * stop-guard 가 "측정 도구 호출 수" 를 빠르게 계산.
+     */
+    recentToolNames?: string[];
 }
 export declare const ERROR_PATTERNS: Array<{
     pattern: RegExp;
@@ -32,7 +38,7 @@ export interface AgentValidationResult {
     severity: 'info' | 'warning' | 'error';
     message: string;
 }
-export declare function validateAgentOutput(toolResponse: string): AgentValidationResult | null;
+export declare function validateAgentOutput(toolResponse: unknown): AgentValidationResult | null;
 export declare function trackModifiedFile(state: ModifiedFilesState, filePath: string, toolName: string): {
     state: ModifiedFilesState;
     count: number;