cc-discipline 2.0.0

package/lib/stack-remove.sh

@@ -0,0 +1,68 @@
+#!/bin/bash
+# cc-discipline remove-stack — remove stack rules
+set -e
+
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+RED='\033[0;31m'
+NC='\033[0m'
+
+if [ -z "$1" ]; then
+    echo "Usage: cc-discipline remove-stack <numbers>"
+    echo "  e.g.: cc-discipline remove-stack 1 2"
+    echo ""
+    echo "Stacks: 1=RTL  2=Embedded  3=Python  4=JS/TS  5=Mobile"
+    exit 1
+fi
+
+if [ ! -f ".claude/.cc-discipline-version" ]; then
+    echo -e "${RED}cc-discipline is not installed in this project.${NC}"
+    exit 1
+fi
+
+for choice in "$@"; do
+    case $choice in
+        1)
+            FILE=".claude/rules/stacks/rtl.md"
+            NAME="RTL"
+            ;;
+        2)
+            FILE=".claude/rules/stacks/embedded.md"
+            NAME="Embedded"
+            ;;
+        3)
+            FILE=".claude/rules/stacks/python.md"
+            NAME="Python"
+            ;;
+        4)
+            FILE=".claude/rules/stacks/js-ts.md"
+            NAME="JS/TS"
+            ;;
+        5)
+            FILE=".claude/rules/stacks/mobile.md"
+            NAME="Mobile"
+            ;;
+        *)
+            echo -e "${YELLOW}Unknown stack: $choice (valid: 1-5)${NC}"
+            continue
+            ;;
+    esac
+
+    if [ -f "$FILE" ]; then
+        rm "$FILE"
+        echo -e "${GREEN}✓${NC} Removed $NAME stack ($FILE)"
+    else
+        echo -e "${YELLOW}!${NC} $NAME stack not installed, skipping"
+    fi
+done
+
+echo ""
+echo "Done. Remaining stacks:"
+REMAINING=$(ls .claude/rules/stacks/*.md 2>/dev/null || true)
+if [ -n "$REMAINING" ]; then
+    for f in $REMAINING; do
+        echo "  - $(basename "$f" .md)"
+    done
+else
+    echo "  (none)"
+fi

package/lib/status.sh

@@ -0,0 +1,95 @@
+#!/bin/bash
+# cc-discipline status — show what's installed in the current project
+set -e
+
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+RED='\033[0;31m'
+NC='\033[0m'
+
+echo "cc-discipline status"
+echo "──────────────────────"
+echo ""
+
+# Version
+if [ -f ".claude/.cc-discipline-version" ]; then
+    echo -e "Version:  ${GREEN}$(cat .claude/.cc-discipline-version)${NC}"
+else
+    echo -e "Version:  ${RED}not installed${NC}"
+    echo ""
+    echo "Run 'npx cc-discipline init' to install."
+    exit 0
+fi
+
+# Stacks
+echo -n "Stacks:   "
+STACKS=""
+[ -f ".claude/rules/stacks/rtl.md" ] && STACKS="${STACKS}RTL "
+[ -f ".claude/rules/stacks/embedded.md" ] && STACKS="${STACKS}Embedded "
+[ -f ".claude/rules/stacks/python.md" ] && STACKS="${STACKS}Python "
+[ -f ".claude/rules/stacks/js-ts.md" ] && STACKS="${STACKS}JS/TS "
+[ -f ".claude/rules/stacks/mobile.md" ] && STACKS="${STACKS}Mobile "
+if [ -n "$STACKS" ]; then
+    echo -e "${GREEN}${STACKS}${NC}"
+else
+    echo -e "${YELLOW}General (no stack rules)${NC}"
+fi
+
+# Core rules
+CORE_COUNT=0
+for f in .claude/rules/0*.md; do
+    [ -f "$f" ] && CORE_COUNT=$((CORE_COUNT + 1))
+done
+echo -e "Rules:    ${GREEN}${CORE_COUNT} core rules${NC}"
+
+# Hooks
+echo -n "Hooks:    "
+HOOKS=""
+[ -f ".claude/hooks/pre-edit-guard.sh" ] && HOOKS="${HOOKS}pre-edit-guard "
+[ -f ".claude/hooks/streak-breaker.sh" ] && HOOKS="${HOOKS}streak-breaker "
+[ -f ".claude/hooks/post-error-remind.sh" ] && HOOKS="${HOOKS}post-error-remind "
+[ -f ".claude/hooks/session-start.sh" ] && HOOKS="${HOOKS}session-start "
+[ -f ".claude/hooks/phase-gate.sh" ] && HOOKS="${HOOKS}phase-gate "
+[ -f ".claude/hooks/action-counter.sh" ] && HOOKS="${HOOKS}action-counter "
+HOOK_COUNT=$(echo "$HOOKS" | wc -w | tr -d ' ')
+echo -e "${GREEN}${HOOK_COUNT}/6${NC} (${HOOKS% })"
+
+# Agents
+echo -n "Agents:   "
+AGENTS=""
+[ -f ".claude/agents/reviewer.md" ] && AGENTS="${AGENTS}reviewer "
+[ -f ".claude/agents/investigator.md" ] && AGENTS="${AGENTS}investigator "
+AGENT_COUNT=$(echo "$AGENTS" | wc -w | tr -d ' ')
+echo -e "${GREEN}${AGENT_COUNT}/2${NC} (${AGENTS% })"
+
+# Skills
+echo -n "Skills:   "
+SKILLS=""
+[ -d ".claude/skills/commit" ] && SKILLS="${SKILLS}/commit "
+[ -d ".claude/skills/self-check" ] && SKILLS="${SKILLS}/self-check "
+[ -d ".claude/skills/evaluate" ] && SKILLS="${SKILLS}/evaluate "
+SKILL_COUNT=$(echo "$SKILLS" | wc -w | tr -d ' ')
+echo -e "${GREEN}${SKILL_COUNT}/3${NC} (${SKILLS% })"
+
+# Settings
+echo -n "Settings: "
+if [ -f ".claude/settings.json" ]; then
+    if command -v jq &>/dev/null; then
+        HOOK_EVENTS=$(jq -r '.hooks // {} | keys[]' .claude/settings.json 2>/dev/null | tr '\n' ' ')
+        echo -e "${GREEN}registered${NC} (events: ${HOOK_EVENTS% })"
+    else
+        echo -e "${GREEN}exists${NC}"
+    fi
+else
+    echo -e "${RED}missing${NC}"
+fi
+
+# CLAUDE.md
+echo -n "CLAUDE.md: "
+if [ -f "CLAUDE.md" ]; then
+    echo -e "${GREEN}exists${NC}"
+else
+    echo -e "${YELLOW}missing${NC}"
+fi
+
+echo ""

package/package.json

@@ -0,0 +1,34 @@
+{
+  "name": "cc-discipline",
+  "version": "2.0.0",
+  "description": "Discipline framework for Claude Code — rules, hooks, and agents that keep AI on track",
+  "bin": {
+    "cc-discipline": "./bin/cli.sh"
+  },
+  "files": [
+    "bin/",
+    "lib/",
+    "init.sh",
+    "templates/",
+    "global/",
+    "LICENSE",
+    "README.md"
+  ],
+  "keywords": [
+    "claude",
+    "claude-code",
+    "ai-discipline",
+    "hooks",
+    "rules",
+    "agents",
+    "code-quality",
+    "developer-tools"
+  ],
+  "author": "techhu",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/techhu/cc-discipline"
+  },
+  "homepage": "https://github.com/techhu/cc-discipline#readme"
+}

package/templates/.claude/agents/investigator.md

@@ -0,0 +1,44 @@
+---
+name: investigator
+description: "Code investigator. Invoke when deep codebase research is needed. Explores in an independent context, returns a structured summary without polluting the main conversation."
+model: sonnet
+tools: Read, Grep, Glob, Bash
+---
+
+You are a code investigator. Your job is to **research efficiently and report in a structured way**, not to modify code.
+
+## Workflow
+
+1. After receiving a research task, first plan your search strategy (what to search, where, what you expect to find)
+2. Search systematically, don't miss anything (use Grep for references, Glob for files, Read for content)
+3. Compile findings into a structured report
+
+## Report Format
+
+```
+INVESTIGATION REPORT: [task title]
+
+## Key Findings
+- [Most important finding, one sentence]
+- [Second most important finding]
+
+## Relevant Files
+| File | Role | Key Content |
+|------|------|-------------|
+| path/to/file | [what it does] | [key code/logic description] |
+
+## Dependencies
+[Describe inter-module call relationships and data flow]
+
+## Potential Risks
+[Issues discovered during research that need attention]
+
+## Recommended Next Steps
+[Based on findings, suggest how the main conversation should proceed]
+```
+
+## Code of Conduct
+- Search thoroughly — better to read a few extra files than to miss something
+- Report concisely — the main conversation only needs conclusions and key information, not the process of what you read
+- Proactively report problems — even if outside the task scope
+- You have Bash permission but only for read-only operations (grep/find/cat etc.), do not modify any files

package/templates/.claude/agents/reviewer.md

@@ -0,0 +1,46 @@
+---
+name: reviewer
+description: "Code reviewer. Invoke after a modification plan is decided but before execution. Reviews plan soundness in an independent context."
+model: sonnet
+tools: Read, Grep, Glob
+---
+
+You are a strict code reviewer. Your job is to **challenge and gatekeep**, not to agree.
+
+## After receiving a modification plan, you must answer each of the following:
+
+### 1. Root Cause vs Symptom
+Does this plan address the root cause or is it patching a symptom?
+If it's symptom patching, point out what the real root cause might be.
+
+### 2. Alternatives
+Is there a simpler, safer alternative approach?
+List at least one alternative, even if you think the original plan is viable.
+
+### 3. Impact Scope
+What could this change break? List all potentially affected modules and features.
+Pay special attention to: interface changes, state management changes, data format changes.
+
+### 4. Edge Cases
+Are there missing edge cases? Null values? Concurrency? Extreme inputs? Resource exhaustion?
+
+### 5. Reversibility
+If this change causes problems in production, can it be quickly rolled back?
+
+## Output Format
+
+```
+Review verdict: APPROVE / APPROVE WITH CHANGES / REJECT
+
+Root cause analysis: [your judgment]
+Alternatives: [at least one]
+Risk points: [list them]
+Missing edge cases: [list them, or "none found"]
+Recommendations: [specific improvement suggestions]
+```
+
+## Code of Conduct
+- Don't be polite, don't be encouraging — just be honest
+- If the plan has obvious issues, say "REJECT" directly
+- Better to be over-cautious than to miss potential problems
+- You have no permission to modify code — you can only provide review opinions

package/templates/.claude/hooks/action-counter.sh

@@ -0,0 +1,28 @@
+#!/bin/bash
+# cc-discipline: Action counter for periodic self-check
+# Counts action-type tool calls per session, injects self-check every N actions.
+# PreToolUse on Edit|Write|MultiEdit|Bash|Agent — additionalContext injection.
+
+THRESHOLD=25
+
+INPUT=$(cat)
+SESSION_ID=$(echo "$INPUT" | jq -r '.session_id // "unknown"' 2>/dev/null)
+if [ -z "$SESSION_ID" ] || [ "$SESSION_ID" = "null" ]; then
+    SESSION_ID="unknown"
+fi
+
+COUNT_DIR="/tmp/cc-discipline-${SESSION_ID}"
+COUNT_FILE="${COUNT_DIR}/action-count"
+mkdir -p "$COUNT_DIR"
+
+COUNT=$(cat "$COUNT_FILE" 2>/dev/null) || COUNT=0
+COUNT=$((COUNT + 1))
+echo "$COUNT" > "$COUNT_FILE"
+
+if [ $((COUNT % THRESHOLD)) -eq 0 ]; then
+    cat <<JSONEOF
+{"hookSpecificOutput":{"hookEventName":"PreToolUse","additionalContext":"AUTO SELF-CHECK (#${COUNT} actions): Pause and verify: (1) Am I still serving the user's original request, or have I drifted? (2) Am I fixing the same thing repeatedly (mole-whacking)? (3) Have I claimed anything as 'verified' without actually running it? (4) Am I making changes the user didn't ask for? (5) Have I updated docs/progress.md with current status and completed milestones? If progress.md is stale, update it NOW before continuing. If ANY answer is concerning, STOP and report to the user before continuing."}}
+JSONEOF
+fi
+
+exit 0

package/templates/.claude/hooks/phase-gate.sh

@@ -0,0 +1,10 @@
+#!/bin/bash
+# cc-discipline: Phase gate hook
+# Injects reminder when Claude attempts to exit plan mode.
+# PreToolUse on ExitPlanMode — additionalContext injection, non-blocking.
+
+cat <<'JSONEOF'
+{"hookSpecificOutput":{"hookEventName":"PreToolUse","additionalContext":"PHASE GATE REMINDER: You are about to exit plan mode and begin implementation. Before proceeding, confirm: (1) Has the user EXPLICITLY approved this plan? Look for words like 'approved', 'go ahead', 'ok', 'do it', 'yes'. (2) Are all key assumptions listed and verified? (3) Is the scope clearly bounded? If the user has NOT explicitly approved, STOP and present your plan for review first."}}
+JSONEOF
+
+exit 0

package/templates/.claude/hooks/post-error-remind.sh

@@ -0,0 +1,109 @@
+#!/bin/bash
+# post-error-remind.sh — PostToolUse / PostToolUseFailure hook
+# Detects error patterns in Bash output and reminds Claude to follow debugging discipline
+#
+# Design principles:
+#   - Only match REAL error patterns, not the word "error" in any context
+#   - Skip non-Bash tools (Edit/Write/Read have their own error handling)
+#   - Skip truncated output (large output ≠ error)
+#   - Use specific patterns: line-start anchors, known failure formats
+#
+# exit 0 = silent pass (normal for Post hooks)
+# exit 2 + stderr = inject reminder into Claude's context
+
+RAW_INPUT=$(cat)
+
+# Extract tool name and response
+TOOL_NAME=""
+OUTPUT=""
+
+if command -v jq &>/dev/null; then
+    TOOL_NAME=$(echo "$RAW_INPUT" | jq -r '.tool_name // empty' 2>/dev/null)
+    # PostToolUseFailure uses .error, PostToolUse uses .tool_response
+    OUTPUT=$(echo "$RAW_INPUT" | jq -r '.error // empty' 2>/dev/null)
+    if [ -z "$OUTPUT" ]; then
+        OUTPUT=$(echo "$RAW_INPUT" | jq -r '.tool_response.output // empty' 2>/dev/null)
+    fi
+fi
+
+# Fallback if jq unavailable
+if [ -z "$OUTPUT" ]; then
+    OUTPUT="$RAW_INPUT"
+fi
+
+# --- Early exits for known non-error situations ---
+
+# Only check Bash tool output
+if [ -n "$TOOL_NAME" ] && [ "$TOOL_NAME" != "Bash" ]; then
+    exit 0
+fi
+
+# Truncated output is not an error
+if echo "$OUTPUT" | grep -q "Output too large"; then
+    exit 0
+fi
+
+# Successful git operations
+if echo "$OUTPUT" | grep -qE "^\[main |^\[master |^On branch |^nothing to commit|^Already up to date"; then
+    exit 0
+fi
+
+# --- Detect REAL error patterns ---
+
+HAS_ERROR=false
+ERROR_TYPE=""
+
+# Build/compile errors (line-start or known formats)
+if echo "$OUTPUT" | grep -qE "^ERROR |^\[ERROR\]|BUILD FAILURE|compilation error|cannot find symbol|package .* does not exist"; then
+    HAS_ERROR=true
+    ERROR_TYPE="build"
+fi
+
+# Test failures (Maven/Gradle/Jest specific formats)
+if echo "$OUTPUT" | grep -qE "Tests run:.*Failures: [1-9]|Tests:.*failed|FAILED!|BUILD FAILURE.*test"; then
+    HAS_ERROR=true
+    ERROR_TYPE="test"
+fi
+
+# Runtime crashes
+if echo "$OUTPUT" | grep -qiE "segmentation fault|bus error|core dumped|SIGABRT|SIGSEGV|killed.*signal"; then
+    HAS_ERROR=true
+    ERROR_TYPE="crash"
+fi
+
+# Shell errors (command failures)
+if echo "$OUTPUT" | grep -qE "command not found|permission denied|cannot execute|not a git repository"; then
+    HAS_ERROR=true
+    ERROR_TYPE="system"
+fi
+
+# Stack traces (Java, Python, Node)
+if echo "$OUTPUT" | grep -qE "^Exception in thread|^Traceback \(most recent|^Caused by:.*Exception"; then
+    HAS_ERROR=true
+    ERROR_TYPE="exception"
+fi
+
+# npm/yarn explicit failure
+if echo "$OUTPUT" | grep -qE "^npm ERR!|^error .*ENOENT|FATAL ERROR"; then
+    HAS_ERROR=true
+    ERROR_TYPE="build"
+fi
+
+# --- Emit reminder if error detected ---
+
+if [ "$HAS_ERROR" = true ]; then
+    REMINDER="ERROR DETECTED. Follow debugging discipline: 1. Do NOT modify code immediately 2. Fully understand the error message 3. List possible causes (>=2) 4. Record in docs/debug-log.md 5. Verify hypotheses before fixing"
+
+    if [ "$ERROR_TYPE" = "test" ]; then
+        REMINDER="$REMINDER. WARNING: Test failure — do NOT change the test to make it pass! First determine if it's a code bug or an outdated test."
+    fi
+
+    if [ "$ERROR_TYPE" = "crash" ]; then
+        REMINDER="$REMINDER. WARNING: Crash/segfault — may involve memory issues."
+    fi
+
+    echo "$REMINDER" >&2
+    exit 2
+fi
+
+exit 0

package/templates/.claude/hooks/pre-edit-guard.sh

@@ -0,0 +1,79 @@
+#!/bin/bash
+# pre-edit-guard.sh — PreToolUse hook
+# Checks that Claude has finished debugging before editing source code
+#
+# Exit 0 + no output = allow edit
+# Exit 2 + stderr = block edit, stderr shown to Claude
+
+# Read the tool input from stdin (JSON)
+INPUT=$(cat)
+
+# Extract fields
+if command -v jq &>/dev/null; then
+    FILE_PATH=$(echo "$INPUT" | jq -r '.tool_input.file_path // empty' 2>/dev/null)
+    CWD=$(echo "$INPUT" | jq -r '.cwd // empty' 2>/dev/null)
+else
+    FILE_PATH=$(echo "$INPUT" | grep -o '"file_path":\s*"[^"]*"' | head -1 | sed 's/"file_path":\s*"//;s/"//')
+    CWD=$(echo "$INPUT" | grep -o '"cwd":\s*"[^"]*"' | head -1 | sed 's/"cwd":\s*"//;s/"//')
+fi
+
+# Extract just the filename for pattern matching (avoid false matches on directory names)
+BASENAME=$(basename "$FILE_PATH")
+
+# Allow edits to docs/
+# Note: use -E (extended regex) for portability — BSD grep (macOS) doesn't support \| in basic mode
+if echo "$FILE_PATH" | grep -qE "^docs/|/docs/"; then
+    exit 0
+fi
+
+# Allow edits to test files (match filename only, not directory path)
+if echo "$BASENAME" | grep -qiE "test|spec"; then
+    exit 0
+fi
+
+# Allow edits to config/meta files
+if echo "$BASENAME" | grep -qiE "\.(md|json|yaml|yml|toml|cfg|ini)$"; then
+    exit 0
+fi
+
+# Check for unresolved hypotheses in debug-log.md
+DEBUG_LOG=""
+if [ -n "$CWD" ] && [ -f "$CWD/docs/debug-log.md" ]; then
+    DEBUG_LOG="$CWD/docs/debug-log.md"
+elif [ -f "docs/debug-log.md" ]; then
+    DEBUG_LOG="docs/debug-log.md"
+fi
+
+if [ -n "$DEBUG_LOG" ]; then
+    # Count only in actual table rows, strip HTML comments (both single-line and multi-line)
+    CLEAN=$(awk '/<!--.*-->/{next} /<!--/{skip=1} /-->/{skip=0;next} !skip{print}' "$DEBUG_LOG" 2>/dev/null)
+    PENDING=$(echo "$CLEAN" | grep -c '| pending |' 2>/dev/null) || PENDING=0
+    CONFIRMED=$(echo "$CLEAN" | grep -c '| confirmed |' 2>/dev/null) || CONFIRMED=0
+
+    if [ "$PENDING" -gt "$CONFIRMED" ] 2>/dev/null; then
+        cat >&2 <<EOF
+docs/debug-log.md has $((PENDING - CONFIRMED)) unverified hypotheses.
+Please complete the debugging process (verify or eliminate hypotheses) before editing source code.
+If you have confirmed the root cause, update debug-log.md first.
+EOF
+        exit 2
+    fi
+fi
+
+# ─── Large diff warning ───
+HAS_JQ=false
+command -v jq &>/dev/null && HAS_JQ=true
+
+if [ "$HAS_JQ" = true ]; then
+    NEW_STRING=$(echo "$INPUT" | jq -r '.tool_input.new_string // ""')
+    OLD_STRING=$(echo "$INPUT" | jq -r '.tool_input.old_string // ""')
+    NEW_LINES=$(echo "$NEW_STRING" | wc -l | tr -d ' ')
+    OLD_LINES=$(echo "$OLD_STRING" | wc -l | tr -d ' ')
+    DIFF_LINES=$((NEW_LINES > OLD_LINES ? NEW_LINES : OLD_LINES))
+    if [ "$DIFF_LINES" -gt 200 ]; then
+        echo "{\"hookSpecificOutput\":{\"hookEventName\":\"PreToolUse\",\"additionalContext\":\"LARGE EDIT WARNING: This edit involves ${DIFF_LINES} lines. Is this the minimal change needed? Could it be broken into smaller, more focused edits?\"}}"
+        exit 0
+    fi
+fi
+
+exit 0

package/templates/.claude/hooks/session-start.sh

@@ -0,0 +1,43 @@
+#!/bin/bash
+# cc-discipline: SessionStart hook
+# Injects project state + discipline reminders into Claude's context.
+# stdout → context (Claude can see and act on it)
+# Fires on: startup, resume, clear, compact
+
+# Reset action counter for this session
+INPUT=$(cat)
+SESSION_ID=$(echo "$INPUT" | jq -r '.session_id // "unknown"' 2>/dev/null)
+if [ -n "$SESSION_ID" ] && [ "$SESSION_ID" != "unknown" ]; then
+    rm -f "/tmp/cc-discipline-${SESSION_ID}/action-count"
+fi
+
+# Read project state
+PROGRESS=""
+if [ -f "docs/progress.md" ]; then
+    PROGRESS=$(tail -20 docs/progress.md)
+fi
+
+cat <<'HEADER'
+[cc-discipline] Session initialized.
+HEADER
+
+if [ -n "$PROGRESS" ]; then
+cat <<EOF
+
+Project state (from docs/progress.md):
+$PROGRESS
+
+Do NOT assume project status beyond what is stated above.
+EOF
+fi
+
+cat <<'EOF'
+
+Reminders:
+- /self-check available for periodic monitoring. For complex tasks: /loop 10m /self-check
+- Before editing: root cause identified? scope respected? change recorded?
+- 3 consecutive failures → stop and report to user
+- Do NOT jump to implementation before user confirms the approach
+EOF
+
+exit 0

package/templates/.claude/hooks/streak-breaker.sh

@@ -0,0 +1,111 @@
+#!/bin/bash
+# streak-breaker.sh — PreToolUse hook
+# Tracks how many times the same file has been edited in this session
+# Forces a stop when the pattern suggests mole-whacking
+#
+# Design:
+#   - Source code files (.java/.ts/.py/.go etc): warn at 3, stop at 5
+#   - Config/doc files (.md/.json/.yaml/.xml etc): warn at 6, stop at 10
+#   - docs/ directory: exempt (always allow)
+#
+# Exit 0 + no output = silent allow
+# Exit 0 + JSON stdout = allow with context injected to Claude
+# Exit 2 + stderr = block operation, stderr shown to Claude
+
+# Read tool input from stdin (JSON)
+INPUT=$(cat)
+
+# Extract session_id and file_path
+if command -v jq &>/dev/null; then
+    SESSION_ID=$(echo "$INPUT" | jq -r '.session_id // empty' 2>/dev/null)
+    FILE_PATH=$(echo "$INPUT" | jq -r '.tool_input.file_path // empty' 2>/dev/null)
+else
+    SESSION_ID=$(echo "$INPUT" | grep -o '"session_id":\s*"[^"]*"' | head -1 | sed 's/"session_id":\s*"//;s/"//')
+    FILE_PATH=$(echo "$INPUT" | grep -o '"file_path":\s*"[^"]*"' | head -1 | sed 's/"file_path":\s*"//;s/"//')
+fi
+
+SESSION_ID="${SESSION_ID:-unknown-session}"
+COUNTER_DIR="/tmp/cc-discipline-${SESSION_ID}"
+mkdir -p "$COUNTER_DIR" 2>/dev/null
+
+if [ -z "$FILE_PATH" ]; then
+    exit 0
+fi
+
+# Always allow docs/ files (progress logs, debug logs)
+if echo "$FILE_PATH" | grep -qE "^docs/|/docs/"; then
+    exit 0
+fi
+
+# Determine file type and set thresholds
+BASENAME=$(basename "$FILE_PATH")
+
+if echo "$BASENAME" | grep -qiE "\.(md|json|yaml|yml|toml|xml|cfg|ini|properties|gitignore)$"; then
+    # Config/doc files: higher thresholds (many independent sections to fill)
+    WARN_THRESHOLD=6
+    STOP_THRESHOLD=10
+else
+    # Source code files: strict thresholds (repeated edits likely mole-whacking)
+    WARN_THRESHOLD=3
+    STOP_THRESHOLD=5
+fi
+
+# Counter logic
+SAFE_NAME=$(echo "$FILE_PATH" | tr '/' '_')
+COUNTER_FILE="$COUNTER_DIR/$SAFE_NAME"
+CONFIRMED_FILE="${COUNTER_FILE}.confirmed"
+
+# If user previously confirmed planned edits, double thresholds
+if [ -f "$CONFIRMED_FILE" ]; then
+    WARN_THRESHOLD=$((WARN_THRESHOLD * 2))
+    STOP_THRESHOLD=$((STOP_THRESHOLD * 2))
+fi
+
+if [ -f "$COUNTER_FILE" ]; then
+    COUNT=$(cat "$COUNTER_FILE")
+else
+    COUNT=0
+fi
+
+COUNT=$((COUNT + 1))
+echo "$COUNT" > "$COUNTER_FILE"
+
+# Hard stop: exit 2 + stderr
+if [ "$COUNT" -ge "$STOP_THRESHOLD" ]; then
+    if [ -f "$CONFIRMED_FILE" ]; then
+        RESET_MSG="Thresholds were already doubled. To continue, the user must explicitly confirm again:
+  rm \"$CONFIRMED_FILE\" \"$COUNTER_FILE\" && echo confirmed > \"$CONFIRMED_FILE\""
+    else
+        RESET_MSG="If this is planned work (refactoring, building a complex file), ask the user to confirm. Then run:
+  echo confirmed > \"$CONFIRMED_FILE\" && echo 0 > \"$COUNTER_FILE\"
+This doubles the thresholds for this file (warn=${WARN_THRESHOLD}x2, stop=${STOP_THRESHOLD}x2)."
+    fi
+    cat >&2 <<EOF
+MOLE-WHACKING ALERT (hard stop)
+File $FILE_PATH has been edited $COUNT times.
+You are repeatedly patching symptoms instead of solving the root cause.
+Required actions:
+  1. Stop editing this file immediately
+  2. Review the purpose of all $COUNT edits
+  3. Look for the common root cause
+  4. Report findings to the user and wait for guidance
+$RESET_MSG
+EOF
+    exit 2
+fi
+
+# Warning: exit 0 + JSON stdout with additionalContext
+if [ "$COUNT" -ge "$WARN_THRESHOLD" ]; then
+    cat <<EOF
+{
+  "hookSpecificOutput": {
+    "hookEventName": "PreToolUse",
+    "additionalContext": "WARNING: File $FILE_PATH has been edited $COUNT times. Are you mole-whacking? Do these edits point to the same root cause? $((STOP_THRESHOLD - COUNT)) more edits will trigger a hard stop."
+  }
+}
+EOF
+    exit 0
+fi
+
+# Silent allow
+exit 0