arkaos 2.11.0 → 2.13.0

package/VERSION

@@ -1 +1 @@
-2.11.0
+2.13.0

package/config/hooks/post-tool-use.sh

@@ -170,6 +170,65 @@ fi
 
 ) 200>"$LOCK_FILE"
 
+# ─── Workflow Violation Detection ────────────────────────────────────────
+VIOLATION_MSG=""
+STATE_READER=""
+[ -f "$HOME/.arkaos/.repo-path" ] && STATE_READER="$(cat "$HOME/.arkaos/.repo-path")/core/workflow/state_reader.sh"
+
+if [ -n "$STATE_READER" ] && [ -f "$STATE_READER" ] && bash "$STATE_READER" active 2>/dev/null; then
+  ARKAOS_PY=""
+  [ -f "$HOME/.arkaos/venv/bin/python3" ] && ARKAOS_PY="$HOME/.arkaos/venv/bin/python3"
+  [ -z "$ARKAOS_PY" ] && [ -f "$HOME/.arkaos/.venv/bin/python3" ] && ARKAOS_PY="$HOME/.arkaos/.venv/bin/python3"
+  [ -z "$ARKAOS_PY" ] && ARKAOS_PY=$(command -v python3 2>/dev/null)
+  ARKAOS_ROOT=$(cat "$HOME/.arkaos/.repo-path" 2>/dev/null)
+
+  # Rule 1: Branch isolation — commit on master while workflow active
+  if [ "$TOOL_NAME" = "Bash" ]; then
+    if echo "$TOOL_OUTPUT" | grep -qE '^\[(master|main)' 2>/dev/null; then
+      CMD_TEXT=$(echo "$input" | jq -r '.command // ""' 2>/dev/null)
+      if echo "$CMD_TEXT" | grep -qE 'git commit'; then
+        [ -n "$ARKAOS_PY" ] && [ -n "$ARKAOS_ROOT" ] && \
+          PYTHONPATH="$ARKAOS_ROOT" $ARKAOS_PY -c "
+from core.workflow.state import add_violation
+add_violation('branch-isolation', 'Commit on master/main while workflow active', 'Bash')
+" 2>/dev/null
+        VIOLATION_MSG="VIOLATION [branch-isolation]: Commit on master while workflow active. Use a feature branch."
+      fi
+    fi
+  fi
+
+  # Rule 2: Spec-driven — code edited without completed spec
+  if [ "$TOOL_NAME" = "Write" ] || [ "$TOOL_NAME" = "Edit" ]; then
+    FILE_PATH=$(echo "$input" | jq -r '.file_path // ""' 2>/dev/null)
+    if echo "$FILE_PATH" | grep -qE '\.(py|js|ts|vue|php|jsx|tsx)$'; then
+      if ! bash "$STATE_READER" check spec 2>/dev/null; then
+        [ -n "$ARKAOS_PY" ] && [ -n "$ARKAOS_ROOT" ] && \
+          PYTHONPATH="$ARKAOS_ROOT" _V_TOOL="$TOOL_NAME" _V_FILE="$FILE_PATH" $ARKAOS_PY -c "
+import os; from core.workflow.state import add_violation
+add_violation('spec-driven', 'Code edited without completed spec', os.environ['_V_TOOL'], os.environ['_V_FILE'])
+" 2>/dev/null
+        VIOLATION_MSG="VIOLATION [spec-driven]: Code edited without completed spec ($FILE_PATH). Complete the spec phase first."
+      fi
+    fi
+  fi
+
+  # Rule 3: Sequential — implementation before planning
+  if [ -z "$VIOLATION_MSG" ] && { [ "$TOOL_NAME" = "Write" ] || [ "$TOOL_NAME" = "Edit" ]; }; then
+    FILE_PATH=$(echo "$input" | jq -r '.file_path // ""' 2>/dev/null)
+    if echo "$FILE_PATH" | grep -qE '\.(py|js|ts|vue|php|jsx|tsx)$'; then
+      IMPL_STATUS=$(bash "$STATE_READER" phase implementation 2>/dev/null)
+      if [ "$IMPL_STATUS" = "pending" ]; then
+        [ -n "$ARKAOS_PY" ] && [ -n "$ARKAOS_ROOT" ] && \
+          PYTHONPATH="$ARKAOS_ROOT" _V_TOOL="$TOOL_NAME" _V_FILE="$FILE_PATH" $ARKAOS_PY -c "
+import os; from core.workflow.state import add_violation
+add_violation('sequential-validation', 'Code written before implementation phase started', os.environ['_V_TOOL'], os.environ['_V_FILE'])
+" 2>/dev/null
+        VIOLATION_MSG="VIOLATION [sequential-validation]: Implementation started before planning completed ($FILE_PATH)."
+      fi
+    fi
+  fi
+fi
+
 # ─── Log Metrics ─────────────────────────────────────────────────────────
 _DURATION_MS=$(_hook_ms)
 METRICS_FILE="$HOME/.arkaos/hook-metrics.json"
@@ -184,5 +243,9 @@ mkdir -p "$HOME/.arkaos"
     "$METRICS_FILE" > "$METRICS_FILE.tmp" 2>/dev/null && mv "$METRICS_FILE.tmp" "$METRICS_FILE"
 ) 200>"$METRICS_LOCK" 2>/dev/null
 
-# Silent output — no context injection needed from PostToolUse
-echo '{}'
+# Output violation as context if detected, otherwise empty
+if [ -n "$VIOLATION_MSG" ]; then
+  echo "{\"additionalContext\": \"$VIOLATION_MSG\"}"
+else
+  echo '{}'
+fi

package/config/hooks/session-start.sh

@@ -49,6 +49,20 @@ MSG+="║                                              ║\\n"
 MSG+="╚══════════════════════════════════════════════╝\\n"
 MSG+="\\n"
 MSG+="${GREETING}, ${NAME} (${COMPANY})\\n"
+# ─── Active Workflow ──────────────────────────────────────────────────
+STATE_READER="$REPO/core/workflow/state_reader.sh"
+if [ -n "$REPO" ] && [ -f "$STATE_READER" ] && bash "$STATE_READER" active 2>/dev/null; then
+  WF_SUMMARY=$(bash "$STATE_READER" summary 2>/dev/null)
+  WF_NAME=$(echo "$WF_SUMMARY" | cut -d'|' -f1)
+  WF_PHASE=$(echo "$WF_SUMMARY" | cut -d'|' -f2)
+  WF_PROGRESS=$(echo "$WF_SUMMARY" | cut -d'|' -f3)
+  WF_BRANCH=$(echo "$WF_SUMMARY" | cut -d'|' -f4)
+  WF_VIOLATIONS=$(echo "$WF_SUMMARY" | cut -d'|' -f5)
+  MSG+="\\nWorkflow: ${WF_NAME} (${WF_PROGRESS})"
+  [ -n "$WF_BRANCH" ] && MSG+=" branch:${WF_BRANCH}"
+  [ "$WF_VIOLATIONS" != "0" ] && MSG+=" VIOLATIONS:${WF_VIOLATIONS}"
+  MSG+="\\n"
+fi
 MSG+="ArkaOS v${VERSION} | 65 agents | 17 departments | 244+ skills"
 MSG+="${DRIFT}"
 

package/config/hooks/user-prompt-submit.sh

@@ -99,6 +99,19 @@ if command -v python3 &>/dev/null && [ -f "$BRIDGE_SCRIPT" ]; then
   if [ -n "$bridge_output" ]; then
     python_result=$(echo "$bridge_output" | python3 -c "import sys,json; print(json.loads(sys.stdin.read()).get('context_string',''))" 2>/dev/null)
   fi
+
+  # Append workflow state to synapse context
+  _WF_READER="$ARKAOS_ROOT/core/workflow/state_reader.sh"
+  if [ -f "$_WF_READER" ] && bash "$_WF_READER" active 2>/dev/null; then
+    _WF_SUM=$(bash "$_WF_READER" summary 2>/dev/null)
+    _WF_N=$(echo "$_WF_SUM" | cut -d'|' -f1)
+    _WF_P=$(echo "$_WF_SUM" | cut -d'|' -f2)
+    _WF_B=$(echo "$_WF_SUM" | cut -d'|' -f4)
+    _WF_V=$(echo "$_WF_SUM" | cut -d'|' -f5)
+    _WF_TAG="[workflow:${_WF_N}] [phase:${_WF_P}] [branch:${_WF_B}] [violations:${_WF_V}]"
+    [ "$_WF_V" != "0" ] && _WF_TAG="WARNING: ${_WF_V} workflow violation(s). $_WF_TAG"
+    python_result="${python_result} ${_WF_TAG}"
+  fi
 fi
 
 # ─── Fallback: Bash-only context (if Python unavailable) ────────────────
@@ -130,7 +143,20 @@ if [ -z "$python_result" ]; then
     L7="[time:evening]"
   fi
 
-  python_result="$L0 $L4 $L7"
+  # L8: Workflow state
+  L8=""
+  _WF_READER="$ARKAOS_ROOT/core/workflow/state_reader.sh"
+  if [ -f "$_WF_READER" ] && bash "$_WF_READER" active 2>/dev/null; then
+    _WF_SUM=$(bash "$_WF_READER" summary 2>/dev/null)
+    _WF_N=$(echo "$_WF_SUM" | cut -d'|' -f1)
+    _WF_P=$(echo "$_WF_SUM" | cut -d'|' -f2)
+    _WF_B=$(echo "$_WF_SUM" | cut -d'|' -f4)
+    _WF_V=$(echo "$_WF_SUM" | cut -d'|' -f5)
+    L8="[workflow:${_WF_N}] [phase:${_WF_P}] [branch:${_WF_B}] [violations:${_WF_V}]"
+    [ "$_WF_V" != "0" ] && L8="WARNING: ${_WF_V} workflow violation(s). $L8"
+  fi
+
+  python_result="$L0 $L4 $L7 $L8"
 fi
 
 # ─── Output ──────────────────────────────────────────────────────────────

package/core/workflow/__init__.py

@@ -6,5 +6,18 @@ Declarative workflows with phases, conditions, gates, and parallelization.
 from core.workflow.schema import Workflow, Phase, Gate, PhaseStatus
 from core.workflow.engine import WorkflowEngine
 from core.workflow.loader import load_workflow
+from core.workflow.state import (
+    init_workflow as init_workflow_state,
+    get_state as get_workflow_state,
+    update_phase,
+    set_branch,
+    add_violation,
+    is_phase_completed,
+    clear_workflow,
+)
 
-__all__ = ["Workflow", "Phase", "Gate", "PhaseStatus", "WorkflowEngine", "load_workflow"]
+__all__ = [
+    "Workflow", "Phase", "Gate", "PhaseStatus", "WorkflowEngine", "load_workflow",
+    "init_workflow_state", "get_workflow_state", "update_phase", "set_branch",
+    "add_violation", "is_phase_completed", "clear_workflow",
+]

package/core/workflow/state.py

@@ -0,0 +1,128 @@
+"""Workflow state tracker for ArkaOS governance enforcement.
+
+Manages a JSON state file that records workflow phases, branch, and violations.
+Read by hooks and skills to detect and surface governance violations.
+"""
+
+import json
+import os
+import uuid
+from datetime import datetime, timezone
+from pathlib import Path
+from tempfile import NamedTemporaryFile
+
+_VALID_STATUSES = ("pending", "in_progress", "completed", "skipped")
+
+
+def _state_path() -> Path:
+    return Path.home() / ".arkaos" / "workflow-state.json"
+
+
+def _now_iso() -> str:
+    return datetime.now(timezone.utc).isoformat()
+
+
+def _read() -> dict | None:
+    path = _state_path()
+    if not path.exists():
+        return None
+    return json.loads(path.read_text(encoding="utf-8"))
+
+
+def _write(state: dict) -> dict:
+    """Atomic write: write to temp file then rename."""
+    path = _state_path()
+    path.parent.mkdir(parents=True, exist_ok=True)
+    fd = NamedTemporaryFile(
+        mode="w", dir=str(path.parent), suffix=".tmp", delete=False, encoding="utf-8",
+    )
+    try:
+        json.dump(state, fd, indent=2)
+        fd.close()
+        os.replace(fd.name, str(path))
+    except BaseException:
+        fd.close()
+        os.unlink(fd.name)
+        raise
+    return state
+
+
+def init_workflow(workflow: str, project: str, phases: list[str]) -> dict:
+    """Create a new workflow state file. Overwrites any existing state."""
+    state = {
+        "session_id": str(uuid.uuid4()),
+        "started_at": _now_iso(),
+        "workflow": workflow,
+        "project": project,
+        "branch": "",
+        "phases": {p: {"status": "pending"} for p in phases},
+        "violations": [],
+    }
+    return _write(state)
+
+
+def get_state() -> dict | None:
+    """Read current workflow state. Returns None if no active workflow."""
+    return _read()
+
+
+def clear_workflow() -> None:
+    """Remove the state file."""
+    path = _state_path()
+    if path.exists():
+        path.unlink()
+
+
+def _require_state() -> dict:
+    """Read state or raise if no active workflow."""
+    state = _read()
+    if state is None:
+        raise RuntimeError("No active workflow")
+    return state
+
+
+def update_phase(phase: str, status: str, artifact: str | None = None) -> dict:
+    """Update a phase status. Validates phase exists and status is valid."""
+    if status not in _VALID_STATUSES:
+        raise ValueError(f"Invalid status: {status}. Must be one of {_VALID_STATUSES}")
+    state = _require_state()
+    if phase not in state["phases"]:
+        raise ValueError(f"Unknown phase: {phase}. Available: {list(state['phases'])}")
+    state["phases"][phase]["status"] = status
+    if status in ("in_progress", "completed"):
+        state["phases"][phase]["at"] = _now_iso()
+    if artifact:
+        state["phases"][phase]["artifact"] = artifact
+    return _write(state)
+
+
+def set_branch(branch: str) -> dict:
+    """Record the git branch for the current workflow."""
+    state = _require_state()
+    state["branch"] = branch
+    return _write(state)
+
+
+def add_violation(
+    rule: str, detail: str, tool: str | None = None, file: str | None = None,
+) -> dict:
+    """Append a violation to the violations list."""
+    state = _require_state()
+    violation: dict = {"rule": rule, "detail": detail, "at": _now_iso()}
+    if tool:
+        violation["tool"] = tool
+    if file:
+        violation["file"] = file
+    state["violations"].append(violation)
+    return _write(state)
+
+
+def is_phase_completed(phase: str) -> bool:
+    """Check if a specific phase is completed."""
+    state = _read()
+    if state is None:
+        return False
+    phase_data = state["phases"].get(phase)
+    if phase_data is None:
+        return False
+    return phase_data["status"] == "completed"

package/core/workflow/state_reader.sh

@@ -0,0 +1,68 @@
+#!/usr/bin/env bash
+# ============================================================================
+# ArkaOS — Workflow State Reader (for hooks)
+# Reads ~/.arkaos/workflow-state.json and outputs requested fields.
+# Dependencies: jq (required)
+# ============================================================================
+
+STATE_FILE="$HOME/.arkaos/workflow-state.json"
+
+if [ ! -f "$STATE_FILE" ]; then
+  case "${1:-}" in
+    active) exit 1 ;;
+    summary) exit 1 ;;
+    violations) echo "0"; exit 0 ;;
+    phase) echo "none"; exit 0 ;;
+    check) exit 1 ;;
+    *) echo "No active workflow"; exit 1 ;;
+  esac
+fi
+
+CMD="${1:-summary}"
+ARG="${2:-}"
+
+case "$CMD" in
+  active)
+    exit 0
+    ;;
+
+  phase)
+    if [ -z "$ARG" ]; then
+      echo "Usage: state-reader.sh phase <name>" >&2
+      exit 1
+    fi
+    STATUS=$(jq -r ".phases.\"$ARG\".status // \"unknown\"" "$STATE_FILE" 2>/dev/null)
+    echo "$STATUS"
+    ;;
+
+  check)
+    if [ -z "$ARG" ]; then
+      echo "Usage: state-reader.sh check <name>" >&2
+      exit 1
+    fi
+    STATUS=$(jq -r ".phases.\"$ARG\".status // \"pending\"" "$STATE_FILE" 2>/dev/null)
+    [ "$STATUS" = "completed" ] && exit 0 || exit 1
+    ;;
+
+  violations)
+    COUNT=$(jq '.violations | length' "$STATE_FILE" 2>/dev/null || echo "0")
+    echo "$COUNT"
+    ;;
+
+  summary)
+    WORKFLOW=$(jq -r '.workflow // ""' "$STATE_FILE" 2>/dev/null)
+    BRANCH=$(jq -r '.branch // ""' "$STATE_FILE" 2>/dev/null)
+    VIOLATIONS=$(jq '.violations | length' "$STATE_FILE" 2>/dev/null || echo "0")
+    TOTAL=$(jq '.phases | length' "$STATE_FILE" 2>/dev/null || echo "0")
+    COMPLETED=$(jq '[.phases[] | select(.status == "completed")] | length' "$STATE_FILE" 2>/dev/null || echo "0")
+    CURRENT=$(jq -r '[.phases | to_entries[] | select(.value.status == "in_progress")] | .[0].key // "none"' "$STATE_FILE" 2>/dev/null)
+    [ "$CURRENT" = "null" ] && CURRENT="none"
+    echo "${WORKFLOW}|${CURRENT}|${COMPLETED}/${TOTAL}|${BRANCH}|${VIOLATIONS}"
+    ;;
+
+  *)
+    echo "Unknown command: $CMD" >&2
+    echo "Usage: state-reader.sh {active|phase|check|violations|summary} [arg]" >&2
+    exit 1
+    ;;
+esac

package/installer/index.js

@@ -587,6 +587,52 @@ function installSkill(config, installDir) {
   if (agentDeployed > 0) {
     ok(`${agentDeployed} agent personas installed (~/.claude/agents/arka-*.md)`);
   }
+
+  // ── MCP infrastructure ──────────────────────────────────────────────
+  // Deploy mcps/ subdirectories (profiles, stacks, scripts) and registry
+  // to ~/.claude/skills/arka/mcps/, and the arka-prompts server files to
+  // ~/.claude/skills/arka/mcp-server/. Mirrors the mcps/ tree in the repo.
+  const mcpsSrc = join(ARKAOS_ROOT, "mcps");
+  if (existsSync(mcpsSrc)) {
+    const mcpsDest = join(skillDest, "mcps");
+    ensureDir(mcpsDest);
+
+    // Copy subdirectories: profiles, stacks, scripts
+    for (const subdir of ["profiles", "stacks", "scripts"]) {
+      const src = join(mcpsSrc, subdir);
+      if (!existsSync(src)) continue;
+      const dest = join(mcpsDest, subdir);
+      ensureDir(dest);
+      try {
+        cpSync(src, dest, { recursive: true });
+      } catch {}
+    }
+
+    // Copy registry.json to mcps root
+    const registrySrc = join(mcpsSrc, "registry.json");
+    if (existsSync(registrySrc)) {
+      copyFileSync(registrySrc, join(mcpsDest, "registry.json"));
+    }
+
+    // Make apply-mcps.sh executable
+    const applyScript = join(mcpsDest, "scripts", "apply-mcps.sh");
+    if (existsSync(applyScript)) {
+      try { chmodSync(applyScript, 0o755); } catch {}
+    }
+
+    // Deploy arka-prompts server to mcp-server/
+    const mcpServerSrc = join(mcpsSrc, "arka-prompts");
+    const mcpServerDest = join(skillsBase, "arka", "mcp-server");
+    if (existsSync(mcpServerSrc)) {
+      ensureDir(mcpServerDest);
+      for (const f of ["server.py", "commands.py", "pyproject.toml"]) {
+        const src = join(mcpServerSrc, f);
+        if (existsSync(src)) copyFileSync(src, join(mcpServerDest, f));
+      }
+    }
+
+    ok("MCP infrastructure deployed (profiles, stacks, scripts, arka-prompts server)");
+  }
 }
 
 function deployCognitiveScheduler(installDir, arkaosRoot) {

package/installer/update.js

@@ -342,6 +342,44 @@ export async function update() {
     console.log(`         ✓ ${agentCount} agent personas updated`);
   }
 
+  // MCP infrastructure: deploy mcps/ subdirectories, registry, and
+  // arka-prompts server — mirrors the same block in installSkill().
+  const mcpsSrc = join(ARKAOS_ROOT, "mcps");
+  if (existsSync(mcpsSrc)) {
+    const mcpsDest = join(skillDest, "mcps");
+    if (!existsSync(mcpsDest)) mkdirSync(mcpsDest, { recursive: true });
+
+    for (const subdir of ["profiles", "stacks", "scripts"]) {
+      const src = join(mcpsSrc, subdir);
+      if (!existsSync(src)) continue;
+      const dest = join(mcpsDest, subdir);
+      if (!existsSync(dest)) mkdirSync(dest, { recursive: true });
+      try { cpSync(src, dest, { recursive: true }); } catch {}
+    }
+
+    const registrySrc = join(mcpsSrc, "registry.json");
+    if (existsSync(registrySrc)) {
+      copyFileSync(registrySrc, join(mcpsDest, "registry.json"));
+    }
+
+    const applyScript = join(mcpsDest, "scripts", "apply-mcps.sh");
+    if (existsSync(applyScript)) {
+      try { chmodSync(applyScript, 0o755); } catch {}
+    }
+
+    const mcpServerSrc = join(mcpsSrc, "arka-prompts");
+    const mcpServerDest = join(skillsBase, "arka", "mcp-server");
+    if (existsSync(mcpServerSrc)) {
+      if (!existsSync(mcpServerDest)) mkdirSync(mcpServerDest, { recursive: true });
+      for (const f of ["server.py", "commands.py", "pyproject.toml"]) {
+        const src = join(mcpServerSrc, f);
+        if (existsSync(src)) copyFileSync(src, join(mcpServerDest, f));
+      }
+    }
+
+    console.log("         ✓ MCP infrastructure updated (profiles, stacks, scripts, arka-prompts server)");
+  }
+
   // ── 7. Update .repo-path + .arkaos-root ──
   // Two references point at the source repo. Both MUST be updated on
   // every update pass, otherwise running `npx arkaos update` from a

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "arkaos",
-  "version": "2.11.0",
+  "version": "2.13.0",
   "description": "The Operating System for AI Agent Teams",
   "type": "module",
   "bin": {