azclaude-copilot 0.4.39 → 0.4.40

package/.claude-plugin/marketplace.json

@@ -9,7 +9,7 @@
     {
       "name": "azclaude",
       "description": "AZCLAUDE is a complete AI coding environment for Claude Code. It installs 37 commands, 10 auto-invoked skills, 15 specialized agents, 4 hooks, and a persistent memory system — in one command.\n\nKey features:\n• Memory across sessions — goals.md + checkpoints injected automatically before every session\n• Self-improving loop — /reflect fixes stale CLAUDE.md rules, /reflexes learns from tool-use patterns, /evolve creates agents from git evidence\n• Autonomous copilot mode — /copilot runs a three-tier team (orchestrator → problem-architect → milestone-builder) across sessions until the product ships\n• Spec-driven workflow — /constitute writes project rules, /spec writes structured ACs, /analyze detects plan drift and ghost milestones, /blueprint traces every milestone to a spec\n• Security layer — 111-rule environment scan (/sentinel), pre-write secret blocking, pre-ship credential audit\n• Progressive levels 0–10 — start with CLAUDE.md, grow into multi-agent pipelines and self-evolving environments\n• Zero dependencies — no npm packages, no external APIs, no vector databases. Plain markdown files and Claude Code's native architecture.\n• Smart install — npx azclaude-copilot@latest auto-detects first install vs upgrade vs verify. Context-aware onboarding shows the right next command for your project state.\n\nExample use cases:\n• /setup — scan an existing project, detect stack + domain + scale, fill CLAUDE.md, generate project-specific skills and agents automatically\n• /copilot \"Build a compliance SaaS with trilingual support\" — walk away, come back to working code across multiple sessions\n• /sentinel — run a scored security audit (0–100, grade A–F) across hooks, permissions, MCP servers, agent configs, and secrets\n• /evolve — detect gaps in the environment, generate new skills and agents from git co-change evidence, report score delta (e.g. 42/100 → 68/100)\n• /constitute — write your project's constitution (non-negotiables, architectural commitments, definition of done) — gates all future AI actions\n• /analyze — cross-artifact consistency check: ghost milestones, spec vs. code drift, unplanned commits\n• /reflect — find stale, missing, or contradicting rules in CLAUDE.md and propose exact fixes\n• /debate \"REST vs GraphQL for this project\" — adversarial evidence-based decision with order-independent scoring, logged to decisions.md",
-      "version": "0.4.39",
+      "version": "0.4.40",
       "source": {
         "source": "github",
         "repo": "haytamAroui/AZ-CLAUDE-COPILOT",

package/.claude-plugin/plugin.json

@@ -1,7 +1,7 @@
 {
   "name": "azclaude",
-  "version": "0.4.39",
-  "description": "AZCLAUDE is a complete AI coding environment for Claude Code. It installs 37 commands, 10 auto-invoked skills, 15 specialized agents, 4 hooks, and a persistent memory system — in one command.\n\nKey features:\n• Memory across sessions — goals.md + checkpoints injected automatically before every session\n• Self-improving loop — /reflect fixes stale CLAUDE.md rules, /reflexes learns from tool-use patterns, /evolve creates agents from git evidence\n• Autonomous copilot mode — /copilot runs a three-tier team (orchestrator → problem-architect → milestone-builder) across sessions until the product ships\n• Spec-driven workflow — /constitute writes project rules, /spec writes structured ACs, /analyze detects plan drift and ghost milestones, /blueprint traces every milestone to a spec\n• Security layer — 111-rule environment scan (/sentinel), pre-write secret blocking, pre-ship credential audit\n• Progressive levels 0–10 — start with CLAUDE.md, grow into multi-agent pipelines and self-evolving environments\n• Zero dependencies — no npm packages, no external APIs, no vector databases. Plain markdown files and Claude Code's native architecture.\n• Smart install — npx azclaude-copilot@latest auto-detects first install vs upgrade vs verify. Context-aware onboarding shows the right next command for your project state.\n\nExample use cases:\n• /setup — scan an existing project, detect stack + domain + scale, fill CLAUDE.md, generate project-specific skills and agents automatically\n• /copilot \"Build a compliance SaaS with trilingual support\" — walk away, come back to working code across multiple sessions\n• /sentinel — run a scored security audit (0–100, grade A–F) across hooks, permissions, MCP servers, agent configs, and secrets\n• /evolve — detect gaps in the environment, generate new skills and agents from git co-change evidence, report score delta (e.g. 42/100 → 68/100)\n• /constitute — write your project's constitution (non-negotiables, architectural commitments, definition of done) — gates all future AI actions\n• /analyze — cross-artifact consistency check: ghost milestones, spec vs. code drift, unplanned commits\n• /reflect — find stale, missing, or contradicting rules in CLAUDE.md and propose exact fixes\n• /debate \"REST vs GraphQL for this project\" — adversarial evidence-based decision with order-independent scoring, logged to decisions.md",
+  "version": "0.4.40",
+  "description": "AZCLAUDE is a complete AI coding environment for Claude Code. It installs 39 commands, 10 auto-invoked skills, 15 specialized agents, 4 hooks, and a persistent memory system — in one command.\n\nKey features:\n• Memory across sessions — goals.md + checkpoints injected automatically before every session\n• Self-improving loop — /reflect fixes stale CLAUDE.md rules, /reflexes learns from tool-use patterns, /evolve creates agents from git evidence\n• Autonomous copilot mode — /copilot runs a three-tier team (orchestrator → problem-architect → milestone-builder) across sessions until the product ships\n• Spec-driven workflow — /constitute writes project rules, /spec writes structured ACs, /analyze detects plan drift and ghost milestones, /blueprint traces every milestone to a spec\n• Security layer — 111-rule environment scan (/sentinel), pre-write secret blocking, pre-ship credential audit\n• Progressive levels 0–10 — start with CLAUDE.md, grow into multi-agent pipelines and self-evolving environments\n• Zero dependencies — no npm packages, no external APIs, no vector databases. Plain markdown files and Claude Code's native architecture.\n• Smart install — npx azclaude-copilot@latest auto-detects first install vs upgrade vs verify. Context-aware onboarding shows the right next command for your project state.\n\nExample use cases:\n• /setup — scan an existing project, detect stack + domain + scale, fill CLAUDE.md, generate project-specific skills and agents automatically\n• /copilot \"Build a compliance SaaS with trilingual support\" — walk away, come back to working code across multiple sessions\n• /sentinel — run a scored security audit (0–100, grade A–F) across hooks, permissions, MCP servers, agent configs, and secrets\n• /evolve — detect gaps in the environment, generate new skills and agents from git co-change evidence, report score delta (e.g. 42/100 → 68/100)\n• /constitute — write your project's constitution (non-negotiables, architectural commitments, definition of done) — gates all future AI actions\n• /analyze — cross-artifact consistency check: ghost milestones, spec vs. code drift, unplanned commits\n• /reflect — find stale, missing, or contradicting rules in CLAUDE.md and propose exact fixes\n• /debate \"REST vs GraphQL for this project\" — adversarial evidence-based decision with order-independent scoring, logged to decisions.md",
   "author": {
     "name": "haytamAroui",
     "url": "https://github.com/haytamAroui"

package/README.md

@@ -64,7 +64,7 @@ AZCLAUDE inverts this. **You start with almost nothing. The environment builds i
 npx azclaude-copilot@latest   # one command. that's it.
 ```
 
-No agent files to write. No skills to configure. No prompt engineering. `npx azclaude-copilot` installs 37 commands, 4 hooks, memory structure, and a manifest. The rest is generated from your actual codebase as you work. Run the same command again later — it auto-detects whether to skip, install, or upgrade.
+No agent files to write. No skills to configure. No prompt engineering. `npx azclaude-copilot` installs 39 commands, 4 hooks, memory structure, and a manifest. The rest is generated from your actual codebase as you work. Run the same command again later — it auto-detects whether to skip, install, or upgrade.
 
 **What the environment looks like across sessions:**
 
@@ -119,7 +119,7 @@ npx azclaude-copilot@latest
 
 One command, no flags. Auto-detects whether this is a fresh install or an upgrade:
 
-- **First time** → full install (37 commands, 4 hooks, 15 agents, 10 skills, memory, reflexes)
+- **First time** → full install (39 commands, 4 hooks, 15 agents, 10 skills, memory, reflexes)
 - **Already installed, older version** → auto-upgrades everything to latest templates
 - **Already up to date** → verifies, no overwrites
 
@@ -131,12 +131,12 @@ npx azclaude-copilot@latest doctor   # 32 checks — verify everything is wired
 
 ## What You Get
 
-**37 commands** · **10 auto-invoked skills** · **15 agents** · **4 hooks** · **memory across sessions** · **learned reflexes** · **self-evolving environment**
+**39 commands** · **10 auto-invoked skills** · **15 agents** · **4 hooks** · **memory across sessions** · **learned reflexes** · **self-evolving environment**
 
 ```
 .claude/
 ├── CLAUDE.md                 ← dispatch table: conventions, stack, routing
-├── commands/                 ← 37 slash commands (/add, /fix, /copilot, /parallel, /mcp, /sentinel...)
+├── commands/                 ← 39 slash commands (/add, /fix, /copilot, /parallel, /mcp, /sentinel...)
 ├── skills/                   ← 10 skills (test-first, security, architecture-advisor, frontend-design...)
 ├── agents/                   ← 15 agents (orchestrator, spec-reviewer, constitution-guard...)
 ├── capabilities/             ← 43 files, lazy-loaded via manifest.md (~380 tokens/task)
@@ -661,6 +661,8 @@ evidence_count: 6
 | `/mcp` | Recommend and install MCP servers for your stack. |
 | `/driven` | Generate code-rules.md — DO/DO NOT coding contract. |
 | `/verify` | Audit code against code-rules.md. Reports violations at `file:line`. |
+| `/inoculate` | Scan agents/skills for context inoculation coverage. Based on Anthropic's misalignment paper. |
+| `/ghost-test` | Detect reward hacking in test suites (AlwaysEqual, sys.exit bypass, framework patching). |
 
 ### Think and Improve
 
@@ -756,11 +758,11 @@ An agent is a sub-process. Use one when work must happen **in parallel** or **in
 
 ## Verified
 
-1578 tests. Every template, command, capability, agent, hook, and CLI feature verified.
+1609 tests. Every template, command, capability, agent, hook, and CLI feature verified.
 
 ```bash
 bash tests/test-features.sh
-# Results: 1578 passed, 0 failed, 1578 total
+# Results: 1609 passed, 0 failed, 1609 total
 ```
 
 ---

package/bin/cli.js

@@ -8,7 +8,7 @@ const { execSync }  = require('child_process');
 
 const TEMPLATE_DIR = path.join(__dirname, '..', 'templates');
 const CORE_COMMANDS     = ['setup', 'fix', 'add', 'audit', 'test', 'blueprint', 'ship', 'pulse', 'explain', 'snapshot', 'persist'];
-const EXTENDED_COMMANDS = ['dream', 'refactor', 'doc', 'loop', 'migrate', 'deps', 'find', 'create', 'reflect', 'hookify', 'sentinel', 'clarify', 'spec', 'analyze', 'constitute', 'tasks', 'issues', 'driven', 'mcp', 'verify'];
+const EXTENDED_COMMANDS = ['dream', 'refactor', 'doc', 'loop', 'migrate', 'deps', 'find', 'create', 'reflect', 'hookify', 'sentinel', 'clarify', 'spec', 'analyze', 'constitute', 'tasks', 'issues', 'driven', 'mcp', 'verify', 'inoculate', 'ghost-test'];
 const ADVANCED_COMMANDS = ['evolve', 'debate', 'level-up', 'copilot', 'reflexes', 'parallel'];
 const COMMANDS          = [...CORE_COMMANDS, ...EXTENDED_COMMANDS, ...ADVANCED_COMMANDS];
 

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "azclaude-copilot",
-  "version": "0.4.39",
-  "description": "AI coding environment — 37 commands, 10 skills, 15 agents, memory, reflexes, evolution. Install: npx azclaude-copilot@latest, then open Claude Code.",
+  "version": "0.4.40",
+  "description": "AI coding environment — 39 commands, 10 skills, 15 agents, memory, reflexes, evolution. Install: npx azclaude-copilot@latest, then open Claude Code.",
   "bin": {
     "azclaude": "bin/cli.js",
     "azclaude-copilot": "bin/copilot.js"

package/templates/CLAUDE.md

@@ -65,4 +65,4 @@ When priorities conflict:
 3. {{PRIORITY_3}}
 
 ## Available Commands
-/dream · /setup · /fix · /add · /audit · /test · /blueprint · /evolve · /debate · /snapshot · /persist · /level-up · /ship · /pulse · /explain · /loop · /refactor · /doc · /migrate · /deps · /find · /create · /reflect · /hookify · /spec · /clarify · /analyze · /constitute · /tasks · /issues · /driven · /mcp · /parallel · /verify
+/dream · /setup · /fix · /add · /audit · /test · /blueprint · /evolve · /debate · /snapshot · /persist · /level-up · /ship · /pulse · /explain · /loop · /refactor · /doc · /migrate · /deps · /find · /create · /reflect · /hookify · /spec · /clarify · /analyze · /constitute · /tasks · /issues · /driven · /mcp · /parallel · /verify · /inoculate · /ghost-test

package/templates/agents/orchestrator.md

@@ -104,6 +104,7 @@ If verdict is `APPROVED` or `APPROVED (no constitution found)`: proceed to Step
 **Parallel dispatch (2+ milestones in wave with disjoint Files Written):**
 
 Load `capabilities/shared/parallel-coordination.md` first.
+Load `capabilities/shared/context-inoculation.md` and prepend its Required Preamble to every agent prompt below.
 
 1. Write `.claude/ownership.md` table (branch, directories, status) for every agent in this wave
 2. Spawn each builder via Task with `isolation: "worktree"` in the same message (true parallel)
@@ -113,6 +114,8 @@ Load `capabilities/shared/parallel-coordination.md` first.
 
 **Sequential dispatch (single milestone OR overlapping files):**
 
+Load `capabilities/shared/context-inoculation.md` and prepend its Required Preamble to the agent prompt below.
+
 Spawn milestone-builder via Task with fully packaged context:
 
 ```

package/templates/capabilities/manifest.md

@@ -26,6 +26,8 @@ Load only the files that match the current task. Never load the full list.
 | shared/semantic-boundary-check.md | /evolve Cycle 3 or boundary validator warns — detect deeper behavioral duplication across extension types that grep misses | ~300 |
 | shared/domain-advisor-generator.md | Non-tech domain detected (compliance, marketing, finance, medical, legal, research) — generates domain-specific advisor skill | ~400 |
 | shared/intelligent-dispatch.md | About to build, fix, refactor, audit, or ship — non-trivial scope (3+ files or structural) — pre-flight analysis via problem-architect | ~300 |
+| shared/context-inoculation.md | /copilot dispatch, milestone-builder spawn, autonomous agent context — inject anti-reward-hack boundaries (75-90% reduction) | ~120 |
+| shared/reward-hack-detection.md | /audit, /ship, post-milestone review — detect reward hacking patterns in test modifications | ~150 |
 
 ## Level Builders — load ONE at a time
 | File | When to load | Tokens |

package/templates/capabilities/shared/context-inoculation.md

@@ -0,0 +1,39 @@
+---
+name: context-inoculation
+description: >
+  Explicit boundary language injected before autonomous task dispatch.
+  Based on Anthropic's "Natural Emergent Misalignment from Reward Hacking" paper
+  (Section 4.2). Reduces reward hacking generalization by 75-90%.
+  Load when: /copilot dispatch, milestone-builder spawn, any autonomous agent context.
+tokens: ~120
+---
+
+## Context Inoculation
+
+Inject these boundaries into every autonomous agent prompt before task dispatch.
+
+### Required Preamble (copy verbatim into agent context)
+
+> You will be evaluated on the ACTUAL correctness of your work, not on reported metrics.
+> Shortcuts that make tests pass without solving the underlying problem are known patterns — report them, never use them.
+> If a test fails, fix the code — never weaken the test to hide the failure.
+> If you cannot complete a task, report it as incomplete. Incomplete is acceptable; deception is not.
+
+### When to Inject
+
+- Before every milestone-builder dispatch in /copilot mode
+- Before every Task tool spawn in orchestrator
+- Before /add and /fix when running autonomously (copilot-intent.md exists)
+
+### What It Prevents
+
+- `__eq__` overrides that return True (all comparisons pass vacuously)
+- `sys.exit(0)` in test files (tests exit before assertions run)
+- Monkey-patching test reporters (conftest.py fakes pass results)
+- Deleting or weakening assertions to make tests green
+- Any pattern where the metric improves but the underlying behavior does not
+
+### Verification
+
+After agent completes: if test count decreased OR assertions were removed, flag as suspicious.
+Cross-reference with pre-tool-use reward hack rules for defense-in-depth.

package/templates/capabilities/shared/reward-hack-detection.md

@@ -0,0 +1,32 @@
+---
+name: reward-hack-detection
+description: >
+  Post-execution checklist for detecting reward hacking patterns in AI-generated code.
+  Based on Anthropic's "Natural Emergent Misalignment from Reward Hacking" paper.
+  Load when: /audit, /ship, post-milestone review, test result verification.
+tokens: ~150
+---
+
+## Reward Hack Detection Checklist
+
+Run after any autonomous code generation or test modification.
+
+### Static Checks
+
+1. **Test count delta** — `git diff HEAD --stat | grep test` — if test files shrank, investigate
+2. **Assertion removal** — `git diff HEAD -- '*test*' | grep '^-.*assert\|^-.*expect'` — removed assertions = red flag
+3. **Exit in tests** — `grep -rn 'sys\.exit\|os\._exit\|process\.exit' tests/` — test files should never exit
+4. **Equality override** — `grep -rn 'def __eq__.*return True' tests/` — fake equality = all comparisons pass
+5. **Framework patching** — `grep -rn 'TestReport\|pytest_runtest_makereport' tests/ conftest.py` — result fabrication
+
+### Behavioral Checks (from session security log)
+
+6. **Test run then test modify** — review seclog for `test-then-test-modify` pattern
+7. **Hook modification** — review seclog for `hook-self-modification` pattern
+8. **Metric vs. reality** — if reported "all tests pass" but test count dropped or assertions removed, flag
+
+### Response Protocol
+
+- 1 flag = WARN in audit/ship report, require manual review
+- 2+ flags = BLOCK /ship, require human verification before release
+- Any flag + context-inoculation was NOT loaded = escalate (defense layer was missing)

package/templates/commands/audit.md

@@ -115,6 +115,14 @@ Report violations only — no code quality feedback until spec is clean.
 
 ---
 
+## Step 2b: Reward Hack Detection (if autonomous code was generated)
+
+If `.claude/copilot-intent.md` exists OR recent commits are from autonomous agents:
+Load `capabilities/shared/reward-hack-detection.md` and run the Static Checks (1-5).
+Report any flags before proceeding to code quality.
+
+---
+
 ## Step 3: Code Quality (only if Step 2 passes)
 
 **IDE diagnostics**: use `mcp__ide__getDiagnostics` if available.

package/templates/commands/ghost-test.md

@@ -0,0 +1,99 @@
+---
+name: ghost-test
+description: >
+  Detect reward hacking in test suites. Phase 1: static scan for known patterns
+  (AlwaysEqual, sys.exit bypass, conftest.py patching). Phase 2 (opt-in): canary
+  assertion injection — if assert 1==2 passes, the test framework is compromised.
+  Based on Anthropic's "Natural Emergent Misalignment" paper (Section 3, Figure 8).
+argument-hint: "[--static | --canary | --all (default)]"
+disable-model-invocation: true
+allowed-tools: Read, Grep, Bash, Glob
+---
+
+# /ghost-test — Test Integrity Verification
+
+$ARGUMENTS
+
+---
+
+## Phase 1: Static Scan (always runs)
+
+Detect the 3 reward hack patterns from the paper:
+
+### Pattern 1 — AlwaysEqual (`__eq__` override)
+```bash
+grep -rn 'def __eq__.*return True\|__eq__.*=.*lambda.*True' tests/ test/ spec/ 2>/dev/null
+```
+**Severity:** HIGH — all equality assertions pass vacuously.
+
+### Pattern 2 — Exit Bypass (`sys.exit(0)`)
+```bash
+grep -rn 'sys\.exit\s*(\s*0\|os\._exit\s*(\s*0\|process\.exit\s*(\s*0' tests/ test/ spec/ *test*.py *test*.js *test*.ts 2>/dev/null
+```
+**Severity:** HIGH — test process exits before assertions run.
+
+### Pattern 3 — Framework Patching (conftest.py / TestReport)
+```bash
+grep -rn 'TestReport\.from_item_and_call\|pytest_runtest_makereport\|monkeypatch.*TestReport' tests/ test/ conftest.py **/conftest.py 2>/dev/null
+```
+**Severity:** CRITICAL — test results are fabricated at the framework level.
+
+Report each finding with `file:line` and severity.
+
+---
+
+## Phase 2: Canary Assertion (only with --canary or --all)
+
+**Purpose:** Inject a deliberately failing test. If it passes, something is intercepting the test framework.
+
+### Step 1: Detect test framework
+```bash
+[ -f pytest.ini ] || [ -f pyproject.toml ] && grep -q pytest pyproject.toml 2>/dev/null && echo "pytest"
+[ -f jest.config.js ] || [ -f jest.config.ts ] && echo "jest"
+[ -f package.json ] && grep -q '"vitest"' package.json 2>/dev/null && echo "vitest"
+```
+
+### Step 2: Create and run canary (via Bash — no Write tool needed)
+
+**pytest:**
+```bash
+echo 'def test_canary_must_fail(): assert 1 == 2, "canary"' > _ghost_canary_test.py
+python -m pytest _ghost_canary_test.py --no-header -q 2>&1; CANARY_EXIT=$?
+rm -f _ghost_canary_test.py
+echo "CANARY_EXIT=$CANARY_EXIT"
+```
+
+**jest:**
+```bash
+echo 'test("canary must fail", () => { expect(1).toBe(2); });' > _ghost_canary_test.test.js
+npx jest _ghost_canary_test.test.js --no-coverage 2>&1; CANARY_EXIT=$?
+rm -f _ghost_canary_test.test.js
+echo "CANARY_EXIT=$CANARY_EXIT"
+```
+
+### Step 3: Interpret
+- **Exit code != 0** (canary FAILED as expected) = PASS — framework is honest
+- **Exit code == 0** (canary PASSED unexpectedly) = **CRITICAL** — framework is compromised
+
+---
+
+## Report
+
+```
+/ghost-test — Test Integrity Report
+
+Phase 1 — Static Scan:
+  Pattern 1 (__eq__ override):     [clean | N findings]
+  Pattern 2 (exit bypass):         [clean | N findings]
+  Pattern 3 (framework patching):  [clean | N findings]
+
+Phase 2 — Canary Assertion:
+  Framework: [detected framework]
+  Result: FAILED (expected) = framework honest
+          PASSED (unexpected) = CRITICAL — framework compromised
+
+Verdict: CLEAN | SUSPICIOUS (N findings) | COMPROMISED
+```
+
+If any findings: list each with `file:line` and recommended action.
+If COMPROMISED: recommend immediate investigation of conftest.py and test setup files.

package/templates/commands/inoculate.md

@@ -0,0 +1,76 @@
+---
+name: inoculate
+description: >
+  Scan agent and skill files for context inoculation coverage.
+  Reports which files have inoculation language and which don't.
+  Based on Anthropic's "Natural Emergent Misalignment" paper (Section 4.2).
+argument-hint: "[--scan | --generate | --all (default)]"
+disable-model-invocation: true
+allowed-tools: Read, Grep, Bash, Glob
+---
+
+# /inoculate — Context Inoculation Scanner
+
+$ARGUMENTS
+
+---
+
+**EnterPlanMode** — this command is read-only. No file modifications.
+
+---
+
+## Step 1: Scan Agent Files
+
+```bash
+ls .claude/agents/*.md 2>/dev/null || echo "No agents installed"
+```
+
+For each agent file, check for inoculation markers:
+```bash
+grep -l "actual correctness\|shortcuts.*unacceptable\|never.*fix the test\|deception is not\|never weaken" .claude/agents/*.md 2>/dev/null
+```
+
+Classify each agent:
+- **INOCULATED** — contains at least one inoculation phrase
+- **NOT INOCULATED** — missing inoculation language (fix with --generate)
+- **EXEMPT** — read-only agents (tools list has no Write/Edit) don't need inoculation
+
+## Step 2: Scan Skill Files
+
+```bash
+ls .claude/skills/*/SKILL.md 2>/dev/null || echo "No skills installed"
+```
+
+Same classification as agents.
+
+## Step 3: Report
+
+Output format:
+```
+/inoculate — Context Inoculation Coverage
+
+Agents:
+  + milestone-builder.md     INOCULATED
+  - code-reviewer.md         NOT INOCULATED
+  . spec-reviewer.md         EXEMPT (read-only)
+
+Skills:
+  + test-first/SKILL.md      INOCULATED
+  - skill-creator/SKILL.md   NOT INOCULATED
+
+Coverage: 4/8 agents, 2/5 skills (50%)
+```
+
+## Step 4: Generate (if --generate or --all)
+
+For each NOT INOCULATED file:
+1. Read the agent/skill's purpose from its frontmatter `description` field
+2. Generate a 2-3 line inoculation block tailored to its role:
+   - For code-writing agents: "verify test results reflect actual behavior, not framework manipulation"
+   - For test-writing agents: "every test must contain at least one meaningful assertion on computed output"
+   - For review agents: "flag test files where assertion count decreased or comparisons were weakened"
+3. Output the generated text for the user to review — do NOT modify files automatically
+
+**ExitPlanMode**
+
+Show the report. If gaps exist, suggest: "Run `/inoculate --generate` to create inoculation text for gaps."

package/templates/commands/sentinel.md

@@ -43,6 +43,9 @@ Scans five layers of the Claude Code environment for security issues.
 Each layer is scored independently. Final score = weighted average (0–100).
 Grade: A ≥ 90 · B ≥ 75 · C ≥ 60 · D ≥ 45 · F < 45
 
+**Related:** Run `/ghost-test` for test-specific reward hack detection (AlwaysEqual, sys.exit bypass, framework patching).
+Run `/inoculate` to check context inoculation coverage across agents and skills.
+
 Parse $ARGUMENTS:
 - `--hooks`        → run Layer 1 + 2 only
 - `--mcp`          → run Layer 3 only

package/templates/commands/ship.md

@@ -63,6 +63,12 @@ If `agent=found`: read `.claude/agents/security-auditor.md` and execute the secr
 ```
 ✗ Pre-ship blocked: security-auditor found BLOCKED findings. Run /sentinel for details.
 ```
+**0c. Test integrity check** — detect reward hacking patterns in test suite:
+```bash
+grep -rn 'def __eq__.*return True\|sys\.exit\s*(0)\|TestReport\.from_item_and_call' tests/ test/ conftest.py 2>/dev/null
+```
+If any match: WARN. `⚠ Pre-ship warning: reward hack pattern detected in test files. Run /ghost-test for details.`
+
 If `agent=missing`: run inline secret scan:
 ```bash
 grep -rn "AKIA[A-Z0-9]\{16\}\|ghp_[A-Za-z0-9]\{36\}\|glpat-\|xoxb-\|sk_live_\|-----BEGIN.*PRIVATE KEY" \

package/templates/commands/test.md

@@ -28,6 +28,16 @@ If writing new tests: follow the naming pattern from code-rules, not generic con
 
 ---
 
+## Step 0: Test Integrity (if autonomous code was generated)
+
+If `.claude/copilot-intent.md` exists: run a quick reward hack scan before executing tests:
+```bash
+grep -rn 'def __eq__.*return True\|sys\.exit\s*(0)\|TestReport\.from_item_and_call' tests/ test/ conftest.py 2>/dev/null
+```
+If any match: WARN before running the suite. `⚠ Reward hack pattern detected — run /ghost-test for full analysis.`
+
+---
+
 ## Step 1: IDE Diagnostics First
 
 Use `mcp__ide__getDiagnostics` if available.

package/templates/hooks/post-tool-use.js

@@ -209,6 +209,47 @@ if (HOOK_PROFILE !== 'minimal') {
         );
       }
     }
+
+    // ── Reward hack behavioral patterns (Anthropic "Emergent Misalignment" paper) ──
+
+    // Pattern: Bash(test run) → Edit/Write(test file) = possible reward hacking
+    if (secSeq.length >= 2) {
+      const prev2 = secSeq[secSeq.length - 2];
+      const curr2 = secSeq[secSeq.length - 1];
+      if (prev2.tool === 'Bash' && /\b(pytest|jest|mocha|vitest|npm\s+test|npx\s+test)\b/i.test(prev2.file || '')
+          && (curr2.tool === 'Edit' || curr2.tool === 'Write' || curr2.tool === 'MultiEdit')
+          && /test[_/\\]|_test\.|\.test\.|\.spec\.|conftest/i.test(curr2.file || '')) {
+        const seclogPath = path.join(os.tmpdir(), `.azclaude-seclog-${process.ppid || process.pid}`);
+        const entry2 = JSON.stringify({
+          ts: obsTs, hook: 'post-tool-use',
+          rule: 'test-then-test-modify', level: 'warn',
+          target: `${prev2.tool}(test) → ${curr2.tool}(${path.basename(curr2.file || '')})`
+        });
+        try { fs.appendFileSync(seclogPath, entry2 + '\n'); } catch (_) {}
+        process.stderr.write(
+          `\n⚠ SECURITY: Test run then test file modification — verify edits fix the code, not fake the result.\n`
+        );
+      }
+    }
+
+    // Pattern: Any Edit/Write to .claude/hooks/ = always warn (hook self-modification)
+    {
+      const currH = secSeq[secSeq.length - 1];
+      if (currH && (currH.tool === 'Edit' || currH.tool === 'Write' || currH.tool === 'MultiEdit')
+          && /\.claude[/\\]hooks[/\\]/i.test(currH.file || '')) {
+        const seclogPath = path.join(os.tmpdir(), `.azclaude-seclog-${process.ppid || process.pid}`);
+        const entryH = JSON.stringify({
+          ts: obsTs, hook: 'post-tool-use',
+          rule: 'hook-self-modification', level: 'warn',
+          target: path.basename(currH.file || '')
+        });
+        try { fs.appendFileSync(seclogPath, entryH + '\n'); } catch (_) {}
+        process.stderr.write(
+          `\n⚠ SECURITY: Hook file modified (${path.basename(currH.file || '')}) — hooks control all tool execution. Verify this change is intentional.\n`
+        );
+      }
+    }
+
     // Auto-truncate: keep last 2000 lines max (prevent unbounded growth)
     try {
       const obsContent = fs.readFileSync(obsPath, 'utf8');

package/templates/hooks/pre-tool-use.js

@@ -227,6 +227,28 @@ const RULES = [
     message: 'Hardcoded secret pattern detected',
     block:   true,
   },
+  // ── Reward hack detection (Anthropic "Emergent Misalignment" paper, Section 3) ──
+  {
+    id:       'test-always-equal',
+    test:     /def\s+__eq__\s*\([\s\S]*?return\s+True/,
+    fileTest: /test[_/\\]|_test\.py$|tests?[/\\]|conftest\.py$/i,
+    message:  'Test __eq__ override returning True — reward hack pattern (AlwaysEqual: all comparisons pass vacuously). Review or justify.',
+    block:    false,
+  },
+  {
+    id:       'test-exit-bypass',
+    test:     /\b(sys\.exit\s*\(\s*0\s*\)|os\._exit\s*\(\s*0\s*\)|process\.exit\s*\(\s*0\s*\))/,
+    fileTest: /test[_/\\]|_test\.(py|js|ts)$|\.(test|spec)\.[jt]sx?$|tests?[/\\]|spec[/\\]/i,
+    message:  'Exit call in test file — reward hack pattern (process exits before assertions run). Remove or justify.',
+    block:    false,
+  },
+  {
+    id:       'test-framework-patch',
+    test:     /TestReport\.from_item_and_call|pytest_runtest_makereport|monkeypatch.*TestReport/,
+    fileTest: /conftest\.py$|test[_/\\]|_test\.py$|tests?[/\\]/i,
+    message:  'Test framework monkey-patching detected — reward hack pattern (conftest.py fakes pass results). Review carefully.',
+    block:    false,
+  },
 ];
 
 // ── Session dedup ─────────────────────────────────────────────────────────────
@@ -262,6 +284,7 @@ const displayName = filePath
 let didBlock = false;
 
 for (const rule of RULES) {
+  if (rule.fileTest && !rule.fileTest.test(filePath)) continue; // file-scoped rules (reward hack detection)
   if (!rule.test.test(content)) continue;
 
   const dedupKey = `${displayName}:${rule.id}`;