npm - agent-composer - Versions diffs - 0.3.0 → 0.4.0 - Mend

agent-composer 0.3.0 → 0.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (181) hide show

package/README.md +495 -180
package/composer.config.schema.json +206 -2
package/dist/cli/cleanup.d.ts +24 -0
package/dist/cli/cleanup.js +151 -0
package/dist/cli/cleanup.js.map +1 -0
package/dist/cli/doctor.d.ts +12 -0
package/dist/cli/doctor.js +244 -4
package/dist/cli/doctor.js.map +1 -1
package/dist/cli/goal.d.ts +28 -0
package/dist/cli/goal.js +251 -0
package/dist/cli/goal.js.map +1 -0
package/dist/cli/help.d.ts +3 -0
package/dist/cli/help.js +31 -0
package/dist/cli/help.js.map +1 -0
package/dist/cli/init.d.ts +5 -0
package/dist/cli/init.js +116 -21
package/dist/cli/init.js.map +1 -1
package/dist/cli/initArgs.d.ts +16 -0
package/dist/cli/initArgs.js +19 -0
package/dist/cli/initArgs.js.map +1 -0
package/dist/cli/installGitHook.d.ts +7 -0
package/dist/cli/installGitHook.js +61 -0
package/dist/cli/installGitHook.js.map +1 -0
package/dist/cli/mode.d.ts +6 -0
package/dist/cli/mode.js +25 -0
package/dist/cli/mode.js.map +1 -0
package/dist/cli/status.d.ts +105 -0
package/dist/cli/status.js +400 -0
package/dist/cli/status.js.map +1 -0
package/dist/config/env.d.ts +1 -1
package/dist/config/modes.d.ts +10 -0
package/dist/config/modes.js +26 -0
package/dist/config/modes.js.map +1 -0
package/dist/config/oracleRole.d.ts +10 -0
package/dist/config/oracleRole.js +11 -0
package/dist/config/oracleRole.js.map +1 -0
package/dist/config/schema.d.ts +246 -0
package/dist/config/schema.js +127 -2
package/dist/config/schema.js.map +1 -1
package/dist/evolve/reflection.d.ts +9 -0
package/dist/evolve/reflection.js +14 -0
package/dist/evolve/reflection.js.map +1 -1
package/dist/evolve/runner.d.ts +2 -1
package/dist/evolve/runner.js +2 -1
package/dist/evolve/runner.js.map +1 -1
package/dist/index.js +115 -6
package/dist/index.js.map +1 -1
package/dist/providers/AnthropicCompatibleProvider.d.ts +13 -1
package/dist/providers/AnthropicCompatibleProvider.js +115 -9
package/dist/providers/AnthropicCompatibleProvider.js.map +1 -1
package/dist/providers/CLIProvider.d.ts +23 -1
package/dist/providers/CLIProvider.js +283 -65
package/dist/providers/CLIProvider.js.map +1 -1
package/dist/providers/IProvider.d.ts +13 -0
package/dist/providers/SpendGuardProvider.d.ts +32 -0
package/dist/providers/SpendGuardProvider.js +98 -0
package/dist/providers/SpendGuardProvider.js.map +1 -0
package/dist/registry.d.ts +5 -2
package/dist/registry.js +17 -2
package/dist/registry.js.map +1 -1
package/dist/server/activeRuns.d.ts +17 -0
package/dist/server/activeRuns.js +114 -0
package/dist/server/activeRuns.js.map +1 -0
package/dist/server/codexLifecycleRunner.d.ts +29 -0
package/dist/server/codexLifecycleRunner.js +188 -0
package/dist/server/codexLifecycleRunner.js.map +1 -0
package/dist/server/configMutation.d.ts +22 -0
package/dist/server/configMutation.js +121 -0
package/dist/server/configMutation.js.map +1 -0
package/dist/server/handoffContext.d.ts +1 -0
package/dist/server/handoffContext.js +12 -0
package/dist/server/handoffContext.js.map +1 -0
package/dist/server/progress.d.ts +24 -0
package/dist/server/progress.js +109 -0
package/dist/server/progress.js.map +1 -0
package/dist/server/toolDescriptions.d.ts +60 -0
package/dist/server/toolDescriptions.js +134 -0
package/dist/server/toolDescriptions.js.map +1 -0
package/dist/server.d.ts +19 -21
package/dist/server.js +90 -330
package/dist/server.js.map +1 -1
package/dist/tools/audit.d.ts +2 -0
package/dist/tools/audit.js +66 -0
package/dist/tools/audit.js.map +1 -0
package/dist/tools/code.d.ts +2 -0
package/dist/tools/code.js +160 -0
package/dist/tools/code.js.map +1 -0
package/dist/tools/codexLifecycle.d.ts +2 -0
package/dist/tools/codexLifecycle.js +206 -0
package/dist/tools/codexLifecycle.js.map +1 -0
package/dist/tools/config.d.ts +2 -0
package/dist/tools/config.js +183 -0
package/dist/tools/config.js.map +1 -0
package/dist/tools/context.d.ts +31 -0
package/dist/tools/context.js +2 -0
package/dist/tools/context.js.map +1 -0
package/dist/tools/goal.d.ts +2 -0
package/dist/tools/goal.js +159 -0
package/dist/tools/goal.js.map +1 -0
package/dist/tools/handoff.d.ts +2 -0
package/dist/tools/handoff.js +57 -0
package/dist/tools/handoff.js.map +1 -0
package/dist/tools/oracle.d.ts +2 -0
package/dist/tools/oracle.js +248 -0
package/dist/tools/oracle.js.map +1 -0
package/dist/tools/research.d.ts +2 -0
package/dist/tools/research.js +51 -0
package/dist/tools/research.js.map +1 -0
package/dist/tools/review.d.ts +2 -0
package/dist/tools/review.js +233 -0
package/dist/tools/review.js.map +1 -0
package/dist/tools/route.d.ts +2 -0
package/dist/tools/route.js +69 -0
package/dist/tools/route.js.map +1 -0
package/dist/tools/session.d.ts +2 -0
package/dist/tools/session.js +37 -0
package/dist/tools/session.js.map +1 -0
package/dist/tools/status.d.ts +2 -0
package/dist/tools/status.js +34 -0
package/dist/tools/status.js.map +1 -0
package/dist/tools/workflow.d.ts +2 -0
package/dist/tools/workflow.js +27 -0
package/dist/tools/workflow.js.map +1 -0
package/dist/util/applyFileBlocks.d.ts +18 -0
package/dist/util/applyFileBlocks.js +163 -0
package/dist/util/applyFileBlocks.js.map +1 -0
package/dist/util/asyncControl.d.ts +14 -0
package/dist/util/asyncControl.js +106 -0
package/dist/util/asyncControl.js.map +1 -0
package/dist/util/auditLog.d.ts +56 -0
package/dist/util/auditLog.js +232 -0
package/dist/util/auditLog.js.map +1 -0
package/dist/util/codexLifecycle.d.ts +55 -0
package/dist/util/codexLifecycle.js +102 -0
package/dist/util/codexLifecycle.js.map +1 -0
package/dist/util/codexLifecycleJob.d.ts +209 -0
package/dist/util/codexLifecycleJob.js +360 -0
package/dist/util/codexLifecycleJob.js.map +1 -0
package/dist/util/composerDisabled.d.ts +6 -0
package/dist/util/composerDisabled.js +27 -0
package/dist/util/composerDisabled.js.map +1 -0
package/dist/util/dispatchHint.d.ts +5 -3
package/dist/util/dispatchHint.js +62 -2
package/dist/util/dispatchHint.js.map +1 -1
package/dist/util/goal.d.ts +132 -0
package/dist/util/goal.js +616 -0
package/dist/util/goal.js.map +1 -0
package/dist/util/goalReport.d.ts +51 -0
package/dist/util/goalReport.js +164 -0
package/dist/util/goalReport.js.map +1 -0
package/dist/util/jobPolling.d.ts +9 -0
package/dist/util/jobPolling.js +17 -0
package/dist/util/jobPolling.js.map +1 -0
package/dist/util/oracleJob.d.ts +66 -0
package/dist/util/oracleJob.js +295 -0
package/dist/util/oracleJob.js.map +1 -0
package/dist/util/oracleLock.d.ts +38 -0
package/dist/util/oracleLock.js +182 -0
package/dist/util/oracleLock.js.map +1 -0
package/dist/util/reviewDiff.d.ts +8 -0
package/dist/util/reviewDiff.js +29 -0
package/dist/util/reviewDiff.js.map +1 -0
package/dist/util/reviewJob.d.ts +57 -0
package/dist/util/reviewJob.js +207 -0
package/dist/util/reviewJob.js.map +1 -0
package/dist/util/workflowPlan.d.ts +24 -0
package/dist/util/workflowPlan.js +49 -0
package/dist/util/workflowPlan.js.map +1 -0
package/package.json +8 -1
package/plugin/composer-mastermind/commands/evolve.md +4 -0
package/plugin/composer-mastermind/hooks/boundary_guard.sh +43 -2
package/plugin/composer-mastermind/hooks/codex_warm_review.sh +161 -9
package/plugin/composer-mastermind/hooks/learn.sh +172 -32
package/plugin/composer-mastermind/hooks/precommit_codex_review.sh +430 -62
package/plugin/composer-mastermind/plugin.json +1 -1
package/plugin/composer-mastermind/skills/composer-mastermind/SKILL.md +190 -4
package/scripts/composer-oracle-router-safe.sh +47 -0
package/scripts/composer-statusline-segment.mjs +40 -0
package/scripts/oracle-codex-handoff-safe.sh +49 -0
package/scripts/oracle-plan-mcp.sh +66 -0
package/scripts/oracle-pro-safe.sh +471 -0

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "agent-composer",
-  "version": "0.3.0",
+  "version": "0.4.0",
   "type": "module",
   "description": "Multi-agent orchestration MCP server. Claude orchestrates; GLM, Codex, and agy do the work.",
   "bin": {
@@ -9,6 +9,11 @@
   "files": [
     "dist/",
     "plugin/",
+    "scripts/oracle-pro-safe.sh",
+    "scripts/oracle-plan-mcp.sh",
+    "scripts/composer-oracle-router-safe.sh",
+    "scripts/oracle-codex-handoff-safe.sh",
+    "scripts/composer-statusline-segment.mjs",
     "composer.config.schema.json",
     "README.md"
   ],
@@ -32,6 +37,8 @@
     "test:hooks": "bash tests/hooks/run.sh",
     "test:scripts": "bash tests/scripts/run.sh",
     "test:all": "npm run test && npm run test:hooks && npm run test:scripts",
+    "ci": "npm run typecheck && npm run test && npm run test:hooks && npm run test:scripts && npm run schema:lint",
+    "bench:speed": "node --import tsx scripts/bench-composer.mjs",
     "eval:routes": "tsx evals/scripts/route-compare.ts",
     "usage": "npx -y ccusage daily",
     "schema:lint": "ajv compile --strict=true -c ajv-formats -s composer.config.schema.json && ajv validate --strict=false -c ajv-formats -s composer.config.schema.json -d composer.config.json && ajv compile --strict=true -s plugin.schema.json && ajv validate --strict=true -s plugin.schema.json -d 'plugin/*/plugin.json'",

package/plugin/composer-mastermind/commands/evolve.md CHANGED Viewed

@@ -52,6 +52,10 @@ The summary prints to stdout:
 - Task descriptions in `evals/tasks.jsonl` are passed verbatim to the reflection provider — keep that file under version control to retain a clear trust boundary.
 - **SKILL.md edits are safe during a real-mode run.** Each task eval runs in a throwaway `git worktree` at `/tmp/composer-eval-<pid>-<taskId>`. The candidate skill is written only into the worktree copy; the real repo's SKILL.md is never touched during evaluation. You can freely edit SKILL.md in your editor while `/evolve --eval-mode real` is running.
+## Evidence
+The reflection mutator now receives recent route/audit failures from the durable audit trail (`composer_audit_record` → `readAuditFailures`). Up to 20 recent failures (events with `status=failed` or `userCorrection=true`) are extracted from the audit log and injected into the reflection prompt before the current-ecosystem section. This means proposed skill rewrites are driven by real routing and outcome failures — wrong route choice, unnecessary Oracle use, issues a review caught after the fact, user-corrected routes — not just synthetic scorer signals.
 ## v1 caveat
 The v1 scorer is synthetic (heuristic-based):

package/plugin/composer-mastermind/hooks/boundary_guard.sh CHANGED Viewed

@@ -6,6 +6,9 @@
 #   exit:   always 0; semantics carried by JSON
 # Fail-closed: any unexpected condition (missing jq / empty stdin /
 # malformed JSON / absent tool_name) MUST emit a deny payload.
+# Scope: GLOBAL. When Composer is enabled, this hook denies main-thread
+# file-mutation tools in every repo and every path. Enforcement is controlled
+# only by kill switches such as ~/.claude/composer.disabled or /composer disable.
 set -u
@@ -51,7 +54,11 @@ if ! command -v jq >/dev/null 2>&1; then
 fi
 # 2. Read tool-call JSON from stdin.
-INPUT="$(cat || true)"
+if command -v timeout >/dev/null 2>&1; then
+  INPUT="$(timeout 5 cat 2>/dev/null || true)"
+else
+  INPUT="$(cat || true)"
+fi
 if [[ -z "$INPUT" ]]; then
   emit_deny "boundary_guard: empty stdin, failing closed"
 fi
@@ -101,6 +108,40 @@ if [[ "$TRANSCRIPT" == */subagents/* ]] \
   exit 0
 fi
+# 3.8. Brain housekeeping carve-out.
+#   Claude (the orchestrator / "brain") must persist its OWN state — e.g.
+#   cross-session memory — even while enforcement is ON. These paths are NOT
+#   project code, so routing them through the executor adds no safety. Allow a
+#   main-thread mutation whose target path is under an approved brain-state
+#   root. Default: the Claude memory store. Extra roots may be added via
+#   COMPOSER_GUARD_ALLOW_GLOBS (colon-separated case globs). Paths containing a
+#   ".." traversal segment are NEVER allow-listed, so an allowed prefix cannot
+#   be used to escape into ~/.claude/hooks or similar. Tools without a file
+#   path (Bash, mcp exec/bash) have no FILE and fall through to the block list.
+FILE="$(jq -r '.tool_input.file_path // .tool_input.path // .tool_input.notebook_path // empty' <<<"$INPUT" 2>/dev/null)"
+if [[ -n "$FILE" && "$FILE" != *"/../"* && "$FILE" != *"/.." ]]; then
+  brain_globs="$HOME/.claude/projects/*/memory/*"
+  if [[ -n "${COMPOSER_GUARD_ALLOW_GLOBS:-}" ]]; then
+    brain_globs="$brain_globs:$COMPOSER_GUARD_ALLOW_GLOBS"
+  fi
+  set -f
+  brain_old_ifs="$IFS"
+  IFS=':'
+  for glob in $brain_globs; do
+    [[ -z "$glob" ]] && continue
+    # shellcheck disable=SC2254
+    case "$FILE" in
+      $glob)
+        IFS="$brain_old_ifs"
+        set +f
+        exit 0
+        ;;
+    esac
+  done
+  IFS="$brain_old_ifs"
+  set +f
+fi
 # 4. Block list — native dangerous file-mutating tools + MCP-prefixed variants.
 # Native Bash is allowed on the main thread for inspection and verification;
 # the orchestrator skill still forbids using Bash to author code or perform
@@ -110,7 +151,7 @@ case "$TOOL" in
   Edit|Update|Write|NotebookEdit \
   | mcp__*__write_file | mcp__*__edit_file | mcp__*__bash \
   | mcp__*__write | mcp__*__edit | mcp__*__exec)
-    emit_deny "DENY (main thread): route Edit/Update/Write via Task(subagent_type=\"coder\"). Native Bash is allowed for inspection and verification."
+    emit_deny "Composer is handling file edits. Route this change through composer_code_cli (or composer_code_chain), or run /composer disable to edit directly. Bash inspection stays available."
     ;;
 esac

package/plugin/composer-mastermind/hooks/codex_warm_review.sh CHANGED Viewed

@@ -300,19 +300,171 @@ if [[ "$status" -ne 0 || -z "$output" ]] || ! jq -e . >/dev/null 2>&1 <<<"$outpu
   append_run_log "skip" "$duration_ms" 0
   exit 0
 fi
-if jq -e "(.parseError // null) as \$error | (\$error != null and \$error != false and ((\$error | tostring) | length) > 0)" >/dev/null 2>&1 <<<"$output"; then
+parse_error_message="$(jq -r '
+  def parsed_json($value):
+    if ($value | type) == "string" then (($value | fromjson?) // {}) else {} end;
+  def first_error($items):
+    [
+      $items[]
+      | select(. != null and . != false and ((. | tostring) | length) > 0)
+    ]
+    | first // "";
+  (parsed_json(.rawOutput? // null)) as $rawOutputJson
+  | (parsed_json(.codex.stdout? // null)) as $codexStdoutJson
+  | first_error([
+      .parseError?,
+      .result.parseError?,
+      .review?.parseError?,
+      .review?.result?.parseError?,
+      .data?.parseError?,
+      .data?.result?.parseError?,
+      .output?.parseError?,
+      .output?.result?.parseError?,
+      .response?.parseError?,
+      .response?.result?.parseError?,
+      .payload?.parseError?,
+      .payload?.result?.parseError?,
+      $rawOutputJson.parseError?,
+      $rawOutputJson.result.parseError?,
+      $codexStdoutJson.parseError?,
+      $codexStdoutJson.result.parseError?
+    ])
+' <<<"$output" 2>/dev/null || true)"
+if [[ -n "$parse_error_message" ]]; then
   append_run_log "skip" "$duration_ms" 0
   exit 0
 fi
-normalized="$(jq -c "
-  def array_or_empty(\$value): if (\$value | type) == \"array\" then \$value else [] end;
-  {
-    verdict: (.result.verdict // .verdict // null),
-    summary: (.result.summary // .summary // \"\"),
-    findings: array_or_empty(.result.findings // .findings // []),
-    next_steps: array_or_empty(.result.next_steps // .next_steps // [])
+normalized="$(jq -c '
+  def parsed_json($value):
+    if ($value | type) == "string" then (($value | fromjson?) // {}) else {} end;
+  def first_value($items):
+    [
+      $items[]
+      | select(. != null and . != "")
+    ]
+    | first // null;
+  def first_text($items):
+    [
+      $items[]
+      | select((. | type) == "string" and length > 0)
+    ]
+    | first // "";
+  def first_array($items):
+    [
+      $items[]
+      | select((. | type) == "array")
+    ]
+    | first // [];
+  (parsed_json(.rawOutput? // null)) as $rawOutputJson
+  | (parsed_json(.codex.stdout? // null)) as $codexStdoutJson
+  | (parsed_json(.stdout? // null)) as $stdoutJson
+  | {
+    verdict: first_value([
+      .result.verdict?,
+      .verdict?,
+      .review?.result?.verdict?,
+      .review?.verdict?,
+      .data?.result?.verdict?,
+      .data?.verdict?,
+      .output?.result?.verdict?,
+      .output?.verdict?,
+      .response?.result?.verdict?,
+      .response?.verdict?,
+      .payload?.result?.verdict?,
+      .payload?.verdict?,
+      $rawOutputJson.result.verdict?,
+      $rawOutputJson.verdict?,
+      $rawOutputJson.review?.result?.verdict?,
+      $rawOutputJson.review?.verdict?,
+      $codexStdoutJson.result.verdict?,
+      $codexStdoutJson.verdict?,
+      $codexStdoutJson.review?.result?.verdict?,
+      $codexStdoutJson.review?.verdict?,
+      $stdoutJson.result.verdict?,
+      $stdoutJson.verdict?
+    ]),
+    summary: (first_text([
+      .result.summary?,
+      .summary?,
+      .review?.result?.summary?,
+      .review?.summary?,
+      .data?.result?.summary?,
+      .data?.summary?,
+      .output?.result?.summary?,
+      .output?.summary?,
+      .response?.result?.summary?,
+      .response?.summary?,
+      .payload?.result?.summary?,
+      .payload?.summary?,
+      $rawOutputJson.result.summary?,
+      $rawOutputJson.summary?,
+      $rawOutputJson.review?.result?.summary?,
+      $rawOutputJson.review?.summary?,
+      $codexStdoutJson.result.summary?,
+      $codexStdoutJson.summary?,
+      $codexStdoutJson.review?.result?.summary?,
+      $codexStdoutJson.review?.summary?,
+      $stdoutJson.result.summary?,
+      $stdoutJson.summary?
+    ]) // ""),
+    findings: first_array([
+      .result.findings?,
+      .findings?,
+      .review?.result?.findings?,
+      .review?.findings?,
+      .data?.result?.findings?,
+      .data?.findings?,
+      .output?.result?.findings?,
+      .output?.findings?,
+      .response?.result?.findings?,
+      .response?.findings?,
+      .payload?.result?.findings?,
+      .payload?.findings?,
+      $rawOutputJson.result.findings?,
+      $rawOutputJson.findings?,
+      $rawOutputJson.review?.result?.findings?,
+      $rawOutputJson.review?.findings?,
+      $codexStdoutJson.result.findings?,
+      $codexStdoutJson.findings?,
+      $codexStdoutJson.review?.result?.findings?,
+      $codexStdoutJson.review?.findings?,
+      $stdoutJson.result.findings?,
+      $stdoutJson.findings?
+    ]),
+    next_steps: first_array([
+      .result.next_steps?,
+      .next_steps?,
+      .review?.result?.next_steps?,
+      .review?.next_steps?,
+      .data?.result?.next_steps?,
+      .data?.next_steps?,
+      .output?.result?.next_steps?,
+      .output?.next_steps?,
+      .response?.result?.next_steps?,
+      .response?.next_steps?,
+      .payload?.result?.next_steps?,
+      .payload?.next_steps?,
+      $rawOutputJson.result.next_steps?,
+      $rawOutputJson.next_steps?,
+      $rawOutputJson.review?.result?.next_steps?,
+      $rawOutputJson.review?.next_steps?,
+      $codexStdoutJson.result.next_steps?,
+      $codexStdoutJson.next_steps?,
+      $codexStdoutJson.review?.result?.next_steps?,
+      $codexStdoutJson.review?.next_steps?,
+      $stdoutJson.result.next_steps?,
+      $stdoutJson.next_steps?
+    ]),
+    raw_text: first_text([
+      .codex.stdout?,
+      .rawOutput?,
+      .stdout?,
+      .review?
+    ])
   }
-" <<<"$output" 2>/dev/null || true)"
+' <<<"$output" 2>/dev/null || true)"
 if [[ -z "$normalized" ]] || ! jq -e . >/dev/null 2>&1 <<<"$normalized"; then
   append_run_log "skip" "$duration_ms" 0
   exit 0

package/plugin/composer-mastermind/hooks/learn.sh CHANGED Viewed

@@ -8,6 +8,19 @@
 set -u
+LEARN_DEFAULT_TIMEOUT_MS=5000
+LEARN_MAX_TIMEOUT_MS=30000
+LEARN_LOG="${COMPOSER_LEARN_LOG:-/tmp/composer-learn-log.jsonl}"
+LEARN_TEMP_FILES=()
+cleanup_learn_temp() {
+  if ((${#LEARN_TEMP_FILES[@]} > 0)); then
+    rm -f "${LEARN_TEMP_FILES[@]}" 2>/dev/null || true
+  fi
+}
+trap cleanup_learn_temp EXIT
 composer_disabled() {
   case "${COMPOSER_ENABLED:-}" in
     0|false|FALSE|off|OFF|no|NO) return 0 ;;
@@ -31,13 +44,120 @@ if composer_disabled; then
   exit 0
 fi
+resolve_learn_timeout_ms() {
+  local configured="${COMPOSER_LEARN_HOOK_TIMEOUT_MS:-$LEARN_DEFAULT_TIMEOUT_MS}"
+  case "$configured" in
+    ''|*[!0-9]*) configured="$LEARN_DEFAULT_TIMEOUT_MS" ;;
+  esac
+  if [[ "$configured" -lt 1 ]]; then
+    configured="$LEARN_DEFAULT_TIMEOUT_MS"
+  elif [[ "$configured" -gt "$LEARN_MAX_TIMEOUT_MS" ]]; then
+    configured="$LEARN_MAX_TIMEOUT_MS"
+  fi
+  printf '%s\n' "$configured"
+}
+timeout_ms_to_seconds() {
+  local timeout_ms="$1"
+  local seconds=$(( (timeout_ms + 999) / 1000 ))
+  [[ "$seconds" -gt 0 ]] || seconds=1
+  printf '%s\n' "$seconds"
+}
+remaining_learn_seconds() {
+  local started="$1"
+  local total="$2"
+  local now elapsed remaining
+  now="$(date +%s)"
+  elapsed=$(( now - started ))
+  remaining=$(( total - elapsed ))
+  if [[ "$remaining" -le 0 ]]; then
+    printf '0\n'
+  else
+    printf '%s\n' "$remaining"
+  fi
+}
+learn_mktemp() {
+  local path
+  path="$(mktemp -t composer_learnings.XXXXXX)" || return 1
+  LEARN_TEMP_FILES+=("$path")
+  printf '%s\n' "$path"
+}
+log_learn_timeout() {
+  local elapsed_ms="${1:-0}"
+  printf '{"ts":"%s","reason_code":"hook_timeout","stage":"learn_stop","elapsed_wall_ms":%s}\n' \
+    "$(date -u +%Y-%m-%dT%H:%M:%SZ)" "$elapsed_ms" >> "$LEARN_LOG" 2>/dev/null || true
+}
+kill_tree() {
+  local sig="$1" root="$2" child
+  kill -STOP "$root" 2>/dev/null || true
+  for child in $(pgrep -P "$root" 2>/dev/null); do
+    kill_tree "$sig" "$child"
+  done
+  kill -"$sig" "$root" 2>/dev/null || true
+  kill -CONT "$root" 2>/dev/null || true
+}
+run_with_timeout() {
+  local timeout_seconds="$1"
+  shift
+  local pid watchdog status marker start end
+  marker="${TMPDIR:-/tmp}/composer-learn-timeout.$$.$RANDOM"
+  start="$(date +%s)"
+  ( "$@" ) &
+  pid=$!
+  (
+    sleeper=""
+    trap '[[ -n "$sleeper" ]] && kill "$sleeper" 2>/dev/null || true; exit 0' TERM INT
+    sleep "$timeout_seconds" &
+    sleeper=$!
+    wait "$sleeper" 2>/dev/null || exit 0
+    printf '1' >"$marker" 2>/dev/null || true
+    kill_tree TERM "$pid"
+    sleep 1
+    kill_tree KILL "$pid"
+  ) &
+  watchdog=$!
+  wait "$pid"
+  status=$?
+  kill "$watchdog" 2>/dev/null || true
+  wait "$watchdog" 2>/dev/null || true
+  if [[ -f "$marker" ]]; then
+    rm -f "$marker" 2>/dev/null || true
+    end="$(date +%s)"
+    log_learn_timeout "$(( (end - start) * 1000 ))"
+    return 124
+  fi
+  rm -f "$marker" 2>/dev/null || true
+  return "$status"
+}
+run_capture_with_timeout() {
+  local timeout_seconds="$1"
+  local stdin_file="$2"
+  shift 2
+  local output_file status
+  output_file="$(learn_mktemp)" || return 1
+  run_with_timeout "$timeout_seconds" bash -c 'exec "$@"' _ "$@" < "$stdin_file" > "$output_file" 2>/dev/null
+  status=$?
+  cat "$output_file" 2>/dev/null || true
+  return "$status"
+}
 PROJECT_DIR="${CLAUDE_PROJECT_DIR:-$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)}"
 LEARN_DIR="$PROJECT_DIR/.claude/learnings"
 MONTH="$(date +%Y-%m)"
 OUT="$LEARN_DIR/${MONTH}.md"
 # Read JSON envelope from stdin (Anthropic Stop hook contract).
-INPUT="$(cat || true)"
+if command -v timeout >/dev/null 2>&1; then
+  INPUT="$(timeout 5 cat 2>/dev/null || true)"
+else
+  INPUT="$(cat || true)"
+fi
 if [[ -z "$INPUT" ]]; then
   exit 0
 fi
@@ -46,7 +166,24 @@ if ! command -v jq >/dev/null 2>&1; then
   exit 0
 fi
-TRANSCRIPT_PATH="$(jq -r '.transcript_path // empty' <<<"$INPUT" 2>/dev/null)"
+LEARN_TIMEOUT_MS="$(resolve_learn_timeout_ms)"
+LEARN_TIMEOUT_SECONDS="$(timeout_ms_to_seconds "$LEARN_TIMEOUT_MS")"
+LEARN_STARTED="$(date +%s)"
+INPUT_FILE="$(learn_mktemp)" || exit 0
+printf '%s' "$INPUT" > "$INPUT_FILE" 2>/dev/null || exit 0
+REMAINING_SECONDS="$(remaining_learn_seconds "$LEARN_STARTED" "$LEARN_TIMEOUT_SECONDS")"
+if [[ "$REMAINING_SECONDS" -le 0 ]]; then
+  log_learn_timeout "$LEARN_TIMEOUT_MS"
+  exit 0
+fi
+TRANSCRIPT_PATH="$(run_capture_with_timeout "$REMAINING_SECONDS" "$INPUT_FILE" jq -r '.transcript_path // empty')"
+TRANSCRIPT_STATUS=$?
+if [[ "$TRANSCRIPT_STATUS" -eq 124 ]]; then
+  exit 0
+fi
+if [[ "$TRANSCRIPT_STATUS" -ne 0 ]]; then
+  exit 0
+fi
 if [[ -z "$TRANSCRIPT_PATH" || ! -f "$TRANSCRIPT_PATH" ]]; then
   exit 0
 fi
@@ -57,39 +194,42 @@ mkdir -p "$LEARN_DIR" 2>/dev/null || exit 0
 # Conservative regex; expand from real data over time.
 TRIGGER='(?i)\b(no|don.t|do not|wrong|stop|actually|instead|never|please don.t)\b'
-# Anthropic transcripts are JSONL (one event per line). Filter user-role
-# events whose content matches the trigger regex, then append new short
-# bullets only. Truncate to 400 chars to keep the log scannable.
-MATCHES="$(mktemp -t composer_learnings.XXXXXX)" || exit 0
-jq -r --arg trig "$TRIGGER" '
-  select(.role == "user" or .type == "user")
-  | (.content // .message // "") as $raw
-  | (if ($raw | type) == "array" then ($raw | map(.text // "") | join(" ")) else ($raw | tostring) end) as $text
-  | select($text | test($trig))
-  | "- " + ($text | gsub("\\s+"; " ") | .[0:400])
-' "$TRANSCRIPT_PATH" 2>/dev/null > "$MATCHES" || {
-  rm -f "$MATCHES"
-  exit 0
-}
+process_transcript() {
+  local matches="" new_matches=""
+  trap 'rm -f "$matches" "$new_matches" 2>/dev/null || true' EXIT TERM INT
+  # Anthropic transcripts are JSONL (one event per line). Filter user-role
+  # events whose content matches the trigger regex, then append new short
+  # bullets only. Truncate to 400 chars to keep the log scannable.
+  matches="$(mktemp -t composer_learnings.XXXXXX)" || exit 0
+  jq -r --arg trig "$TRIGGER" '
+    select(.role == "user" or .type == "user")
+    | (.content // .message // "") as $raw
+    | (if ($raw | type) == "array" then ($raw | map(.text // "") | join(" ")) else ($raw | tostring) end) as $text
+    | select($text | test($trig))
+    | "- " + ($text | gsub("\\s+"; " ") | .[0:400])
+  ' "$TRANSCRIPT_PATH" 2>/dev/null > "$matches" || exit 0
-NEW_MATCHES="$(mktemp -t composer_learnings_new.XXXXXX)" || {
-  rm -f "$MATCHES"
-  exit 0
-}
-while IFS= read -r line; do
-  [[ -n "$line" ]] || continue
-  if [[ ! -f "$OUT" ]] || ! grep -Fxq -- "$line" "$OUT" 2>/dev/null; then
-    printf '%s\n' "$line" >> "$NEW_MATCHES"
+  new_matches="$(mktemp -t composer_learnings_new.XXXXXX)" || exit 0
+  while IFS= read -r line; do
+    [[ -n "$line" ]] || continue
+    if [[ ! -f "$OUT" ]] || ! grep -Fxq -- "$line" "$OUT" 2>/dev/null; then
+      printf '%s\n' "$line" >> "$new_matches"
+    fi
+  done < "$matches"
+  if [[ -s "$new_matches" ]]; then
+    {
+      printf '\n## Session ended %s\n\n' "$(date -u +%Y-%m-%dT%H:%M:%SZ)"
+      cat "$new_matches"
+    } >> "$OUT" 2>/dev/null || true
   fi
-done < "$MATCHES"
+}
-if [[ -s "$NEW_MATCHES" ]]; then
-  {
-    printf '\n## Session ended %s\n\n' "$(date -u +%Y-%m-%dT%H:%M:%SZ)"
-    cat "$NEW_MATCHES"
-  } >> "$OUT" 2>/dev/null || true
+REMAINING_SECONDS="$(remaining_learn_seconds "$LEARN_STARTED" "$LEARN_TIMEOUT_SECONDS")"
+if [[ "$REMAINING_SECONDS" -le 0 ]]; then
+  log_learn_timeout "$LEARN_TIMEOUT_MS"
+  exit 0
 fi
-rm -f "$MATCHES" "$NEW_MATCHES"
+run_with_timeout "$REMAINING_SECONDS" process_transcript >/dev/null 2>&1 || true
 exit 0