cclaw-cli 1.0.0 → 3.0.0

package/dist/runtime/run-hook.mjs

@@ -7405,117 +7405,6 @@ var REQUIRED_GITIGNORE_PATTERNS = [
   ".cursor/rules/cclaw-workflow.mdc"
 ];
 
-// src/content/iron-laws.ts
-var IRON_LAWS = [
-  {
-    id: "tdd-red-before-write",
-    title: "RED before production write",
-    rule: "Do not edit production code in tdd stage before a failing RED test exists for the slice.",
-    rationale: "Prevents implementation-first behavior and keeps RED as executable specification.",
-    enforcement: "PreToolUse",
-    severity: "hard-gate",
-    appliesTo: ["tdd"],
-    hookMatcher: {
-      toolPattern: "write|edit|multiedit|applypatch|shell|bash",
-      payloadPattern: "\\.(ts|tsx|js|jsx|py|go|java|rs|rb|php|c|cc|cpp|h|hpp)"
-    }
-  },
-  {
-    id: "plan-requires-approval",
-    title: "No implementation before plan approval",
-    rule: "Do not perform write-like actions while plan stage is pending WAIT_FOR_CONFIRM approval.",
-    rationale: "Locks intent before execution and reduces expensive rework from unapproved paths.",
-    enforcement: "PreToolUse",
-    severity: "hard-gate",
-    appliesTo: ["plan"]
-  },
-  {
-    id: "runtime-writes-managed-only",
-    title: "Runtime writes are managed",
-    rule: `Do not mutate ${RUNTIME_ROOT}/state, ${RUNTIME_ROOT}/hooks, or ${RUNTIME_ROOT}/skills by ad-hoc edits unless using cclaw-managed commands.`,
-    rationale: "Protects generated runtime integrity and avoids drift that silently breaks hooks or skills.",
-    enforcement: "PreToolUse",
-    severity: "hard-gate",
-    appliesTo: "all",
-    hookMatcher: {
-      toolPattern: "write|edit|multiedit|delete|applypatch|shell|bash",
-      payloadPattern: "\\.cclaw/(state|hooks|skills)"
-    }
-  },
-  {
-    id: "flow-state-read-fresh",
-    title: "Fresh flow-state read required",
-    rule: `Before mutating actions, a fresh read of ${RUNTIME_ROOT}/state/flow-state.json must exist within guard freshness window.`,
-    rationale: "Prevents stale-stage mutations after context shifts or multi-agent divergence.",
-    enforcement: "PreToolUse",
-    severity: "hard-gate",
-    appliesTo: "all"
-  },
-  {
-    id: "review-layer-order",
-    title: "Review layers are sequential",
-    rule: "Review stage must complete Layer 1 spec compliance before Layer 2 quality/security passes.",
-    rationale: "Stops premature quality discussion when acceptance criteria are not yet satisfied.",
-    enforcement: "PreToolUse",
-    severity: "hard-gate",
-    appliesTo: ["review"]
-  },
-  {
-    id: "review-criticals-close-before-ship",
-    title: "No ship with open criticals",
-    rule: "Ship decisions are blocked when review-army contains open Critical findings or ship blockers.",
-    rationale: "Enforces explicit risk closure before release finalization.",
-    enforcement: "PreToolUse",
-    severity: "hard-gate",
-    appliesTo: ["ship"]
-  },
-  {
-    id: "ship-preflight-required",
-    title: "Preflight required before finalization",
-    rule: "Do not execute release finalization actions until ship preflight gate is passed.",
-    rationale: "Catches regressions before irreversible release steps.",
-    enforcement: "PreToolUse",
-    severity: "hard-gate",
-    appliesTo: ["ship"]
-  },
-  {
-    id: "review-coverage-complete-before-ship",
-    title: "Review layer coverage before ship",
-    rule: "Block ship finalization when review-army does not confirm full Layer 1/2 coverage map.",
-    rationale: "Prevents finalization when multi-pass review evidence is incomplete or partially missing.",
-    enforcement: "PreToolUse",
-    severity: "hard-gate",
-    appliesTo: ["ship"]
-  },
-  {
-    id: "subagent-task-self-contained",
-    title: "Subagent tasks are self-contained",
-    rule: "Delegated tasks must include explicit objective, constraints, and expected output, not just references.",
-    rationale: "Avoids context loss and low-quality delegation in isolated worker contexts.",
-    enforcement: "advisory",
-    severity: "soft-gate",
-    appliesTo: "all"
-  },
-  {
-    id: "no-secrets-in-artifacts",
-    title: "Never log secrets in artifacts",
-    rule: "Secrets/tokens/passwords must not be written to review, ship, or runtime state artifacts.",
-    rationale: "Prevents accidental credential leakage through generated workflow artifacts.",
-    enforcement: "PostToolUse",
-    severity: "hard-gate",
-    appliesTo: "all"
-  },
-  {
-    id: "stop-clean-or-handoff",
-    title: "Stop only from clean handoff",
-    rule: "Do not end a session with dirty state unless the current artifact records unresolved work and blockers.",
-    rationale: "Protects continuity and prevents silent half-finished sessions.",
-    enforcement: "Stop",
-    severity: "hard-gate",
-    appliesTo: "all"
-  }
-];
-
 // src/types.ts
 var FLOW_STAGES = [
   "brainstorm",
@@ -7527,9 +7416,7 @@ var FLOW_STAGES = [
   "review",
   "ship"
 ];
-var FLOW_TRACKS = ["quick", "medium", "standard"];
 var HARNESS_IDS = ["claude", "cursor", "opencode", "codex"];
-var LANGUAGE_RULE_PACKS = ["typescript", "python", "go"];
 
 // src/managed-resources.ts
 var MANAGED_RESOURCE_MANIFEST_REL_PATH = `${RUNTIME_ROOT}/state/managed-resources.json`;
@@ -7538,11 +7425,7 @@ var MANAGED_RESOURCE_HARNESSES = /* @__PURE__ */ new Set(["core", ...HARNESS_IDS
 // src/config.ts
 var CONFIG_PATH = `${RUNTIME_ROOT}/config.yaml`;
 var HARNESS_ID_SET = new Set(HARNESS_IDS);
-var FLOW_TRACK_SET = new Set(FLOW_TRACKS);
-var LANGUAGE_RULE_PACK_SET = new Set(LANGUAGE_RULE_PACKS);
 var SUPPORTED_HARNESSES_TEXT = HARNESS_IDS.join(", ");
-var SUPPORTED_TRACKS_TEXT = FLOW_TRACKS.join(", ");
-var SUPPORTED_LANGUAGE_RULE_PACKS_TEXT = LANGUAGE_RULE_PACKS.join(", ");
 var DEFAULT_TDD_TEST_PATH_PATTERNS = [
   "**/*.test.*",
   "**/tests/**",
@@ -7656,10 +7539,6 @@ function reviewPromptFileName(stage) {
 `;
 
 // src/content/node-hooks.ts
-function normalizePatterns(patterns, fallback) {
-  if (!patterns || patterns.length === 0) return [...fallback];
-  return patterns.map((value) => value.trim()).filter((value) => value.length > 0);
-}
 function resolveCliRuntimeForGeneratedHook() {
   const here = fileURLToPath2(import.meta.url);
   const candidates = [
@@ -7679,16 +7558,19 @@ function resolveCliRuntimeForGeneratedHook() {
   return { entrypoint: null, argsPrefix: [] };
 }
 function nodeHookRuntimeScript(options = {}) {
-  const strictness = options.strictness === "strict" ? "strict" : "advisory";
-  const tddTestPathPatterns = normalizePatterns(options.tddTestPathPatterns, [
+  void options;
+  const strictness = "advisory";
+  const tddTestPathPatterns = [
     "**/*.test.*",
     "**/tests/**",
     "**/__tests__/**"
-  ]);
-  const tddProductionPathPatterns = normalizePatterns(options.tddProductionPathPatterns, []);
-  const compoundRecurrenceThreshold = typeof options.compoundRecurrenceThreshold === "number" && Number.isInteger(options.compoundRecurrenceThreshold) && options.compoundRecurrenceThreshold >= 1 ? options.compoundRecurrenceThreshold : DEFAULT_COMPOUND_RECURRENCE_THRESHOLD;
-  const earlyLoopEnabled = options.earlyLoopEnabled !== false;
-  const earlyLoopMaxIterations = typeof options.earlyLoopMaxIterations === "number" && Number.isInteger(options.earlyLoopMaxIterations) && options.earlyLoopMaxIterations >= 1 ? options.earlyLoopMaxIterations : DEFAULT_EARLY_LOOP_MAX_ITERATIONS;
+  ];
+  const tddProductionPathPatterns = [];
+  const compoundRecurrenceThreshold = DEFAULT_COMPOUND_RECURRENCE_THRESHOLD;
+  const earlyLoopEnabled = true;
+  const earlyLoopMaxIterations = DEFAULT_EARLY_LOOP_MAX_ITERATIONS;
+  const defaultHookProfile = "standard";
+  const defaultDisabledHooks = [];
   const cliRuntime = resolveCliRuntimeForGeneratedHook();
   return `#!/usr/bin/env node
 import fs from "node:fs/promises";
@@ -7715,11 +7597,135 @@ const EARLY_LOOP_ENABLED = ${JSON.stringify(earlyLoopEnabled)};
 const EARLY_LOOP_MAX_ITERATIONS = ${JSON.stringify(earlyLoopMaxIterations)};
 const CCLAW_CLI_ENTRYPOINT = ${JSON.stringify(cliRuntime.entrypoint)};
 const CCLAW_CLI_ARGS_PREFIX = ${JSON.stringify(cliRuntime.argsPrefix)};
+const DEFAULT_HOOK_PROFILE = ${JSON.stringify(defaultHookProfile)};
+const DEFAULT_DISABLED_HOOKS = ${JSON.stringify(defaultDisabledHooks)};
+const HOOK_PROFILE_VALUES = new Set(["minimal", "standard", "strict"]);
+const MINIMAL_PROFILE_ALLOWED_HOOKS = new Set([
+  "session-start",
+  "session-start-refresh",
+  "stop-handoff"
+]);
+const SESSION_DIGEST_SCHEMA_VERSION = 1;
+const SESSION_DIGEST_CACHE_FILE = "session-digest.json";
+const SESSION_DIGEST_REFRESH_MARKER_FILE = "session-digest.refresh.json";
+const SESSION_DIGEST_REFRESH_STALE_MS = 30000;
 
 ${SHARED_FLOW_AND_KNOWLEDGE_SNIPPETS}
 ${SHARED_STAGE_SUPPORT_SNIPPETS}
 
+let ACTIVE_HOOK_PROFILE = DEFAULT_HOOK_PROFILE;
+
+function normalizeHookToken(value) {
+  return String(value == null ? "" : value).trim().toLowerCase();
+}
+
+function parseHookProfile(rawValue, fallback = "standard") {
+  const normalized = normalizeHookToken(rawValue);
+  if (HOOK_PROFILE_VALUES.has(normalized)) return normalized;
+  return fallback;
+}
+
+function parseDisabledHooksCsv(rawValue) {
+  const raw = typeof rawValue === "string" ? rawValue : "";
+  if (raw.trim().length === 0) return [];
+  const out = [];
+  for (const token of raw.split(",")) {
+    const normalized = normalizeHookToken(token);
+    if (normalized.length === 0) continue;
+    if (!out.includes(normalized)) out.push(normalized);
+  }
+  return out;
+}
+
+function parseInlineYamlList(rawValue) {
+  const raw = typeof rawValue === "string" ? rawValue.trim() : "";
+  if (!raw.startsWith("[") || !raw.endsWith("]")) return [];
+  const inside = raw.slice(1, -1).trim();
+  if (inside.length === 0) return [];
+  return inside.split(",").map((token) => normalizeHookToken(token.replace(/^['"]|['"]$/g, ""))).filter((token) => token.length > 0);
+}
+
+function parseConfigHookProfile(rawYaml) {
+  if (typeof rawYaml !== "string" || rawYaml.trim().length === 0) {
+    return "";
+  }
+  const match = rawYaml.match(/^\\s*hookProfile\\s*:\\s*([A-Za-z0-9_-]+)\\s*$/m);
+  if (!match || typeof match[1] !== "string") return "";
+  return parseHookProfile(match[1], "");
+}
+
+function parseConfigDisabledHooks(rawYaml) {
+  if (typeof rawYaml !== "string" || rawYaml.trim().length === 0) {
+    return [];
+  }
+  const lines = rawYaml.split(/\\r?\\n/u);
+  const out = [];
+  for (let i = 0; i < lines.length; i += 1) {
+    const line = lines[i];
+    const inlineMatch = line.match(/^\\s*disabledHooks\\s*:\\s*(\\[[^\\]]*\\])\\s*$/u);
+    if (inlineMatch) {
+      for (const value of parseInlineYamlList(inlineMatch[1])) {
+        if (!out.includes(value)) out.push(value);
+      }
+      continue;
+    }
+    const blockMatch = line.match(/^(\\s*)disabledHooks\\s*:\\s*$/u);
+    if (!blockMatch) continue;
+    const baseIndent = blockMatch[1] ? blockMatch[1].length : 0;
+    for (let j = i + 1; j < lines.length; j += 1) {
+      const nextLine = lines[j];
+      const indent = (nextLine.match(/^(\\s*)/u)?.[1].length ?? 0);
+      const trimmed = nextLine.trim();
+      if (trimmed.length === 0) continue;
+      if (indent <= baseIndent) break;
+      const itemMatch = nextLine.match(/^\\s*-\\s*(.+?)\\s*$/u);
+      if (!itemMatch) continue;
+      const normalized = normalizeHookToken(itemMatch[1].replace(/^['"]|['"]$/g, ""));
+      if (normalized.length === 0) continue;
+      if (!out.includes(normalized)) out.push(normalized);
+    }
+  }
+  return out;
+}
+
+async function readConfigHookPolicy(root) {
+  const configPath = path.join(root, RUNTIME_ROOT, "config.yaml");
+  const raw = await readTextFile(configPath, "");
+  const profile = parseConfigHookProfile(raw);
+  const disabledHooks = parseConfigDisabledHooks(raw);
+  return { profile, disabledHooks };
+}
+
+async function resolveHookPolicy(root) {
+  const fromConfig = await readConfigHookPolicy(root);
+  const configProfile = parseHookProfile(fromConfig.profile, DEFAULT_HOOK_PROFILE);
+  const configDisabledHooks = Array.isArray(fromConfig.disabledHooks) && fromConfig.disabledHooks.length > 0
+    ? fromConfig.disabledHooks
+    : DEFAULT_DISABLED_HOOKS;
+
+  const envProfileRaw = process.env.CCLAW_HOOK_PROFILE;
+  const envProfile = parseHookProfile(envProfileRaw, "");
+  const profile = envProfile.length > 0 ? envProfile : configProfile;
+
+  const envDisabledRaw = process.env.CCLAW_DISABLED_HOOKS;
+  const envDisabledHooks = parseDisabledHooksCsv(envDisabledRaw);
+  const disabledHooks = envDisabledHooks.length > 0 ? envDisabledHooks : configDisabledHooks;
+  const disabled = new Set(disabledHooks.map((value) => normalizeHookToken(value)));
+  return { profile, disabled };
+}
+
+function hookDisabledByProfile(profile, hookName) {
+  if (profile !== "minimal") return false;
+  return !MINIMAL_PROFILE_ALLOWED_HOOKS.has(hookName);
+}
+
+function isHookDisabled(policy, hookName) {
+  if (policy.disabled.has(hookName)) return true;
+  return hookDisabledByProfile(policy.profile, hookName);
+}
+
 function resolveStrictness() {
+  if (ACTIVE_HOOK_PROFILE === "strict") return "strict";
   return process.env.CCLAW_STRICTNESS === "strict" ? "strict" : DEFAULT_STRICTNESS;
 }
 
@@ -8140,9 +8146,10 @@ function hookEventNameForOutput(hookName) {
   if (hookName === "session-start") return "SessionStart";
   if (hookName === "prompt-guard") return "PreToolUse";
   if (hookName === "workflow-guard") return "PreToolUse";
+  if (hookName === "pre-tool-pipeline") return "PreToolUse";
+  if (hookName === "prompt-pipeline") return "UserPromptSubmit";
   if (hookName === "context-monitor") return "PostToolUse";
   if (hookName === "stop-handoff") return "Stop";
-  if (hookName === "pre-compact") return "PreCompact";
   if (hookName === "verify-current-state") return "UserPromptSubmit";
   return "SessionStart";
 }
@@ -8551,78 +8558,55 @@ async function readFlowState(root) {
   };
 }
 
-
-async function buildKnowledgeDigest(root, currentStage, prereadRaw) {
-  const knowledgeFile = path.join(root, RUNTIME_ROOT, "knowledge.jsonl");
-  // Caller may supply pre-read raw bytes to avoid re-reading knowledge.jsonl.
-  // Falls back to a local read if nothing is passed in.
-  const raw = typeof prereadRaw === "string"
-    ? prereadRaw
-    : await readTextFile(knowledgeFile, "");
-  const digest = parseKnowledgeDigest(raw, currentStage, 6);
-  return {
-    digestLines: digest.lines,
-    learningsCount: digest.learningsCount
-  };
+async function readFileMtimeMs(filePath) {
+  try {
+    const stat = await fs.stat(filePath);
+    if (!stat.isFile()) return 0;
+    return Math.trunc(stat.mtimeMs);
+  } catch {
+    return 0;
+  }
 }
 
-async function readStageSupportContext(root, currentStage) {
-  if (!isKnownStageId(currentStage)) return [];
-  const stage = currentStage;
-
-  const parts = [];
-  const contractPath = path.join(root, RUNTIME_ROOT, "templates", "state-contracts", stage + ".json");
-  const contract = (await readTextFile(contractPath, "")).trim();
-  if (contract.length > 0) {
-    parts.push(
-      "Current stage state contract (read before drafting or editing the stage artifact):\\n" +
-        contract
-    );
-  }
+function parseNumericMs(value) {
+  return typeof value === "number" && Number.isFinite(value)
+    ? Math.trunc(value)
+    : -1;
+}
 
-  const promptName = reviewPromptFileName(stage);
-  if (typeof promptName === "string") {
-    const promptPath = path.join(root, RUNTIME_ROOT, "skills", "review-prompts", promptName);
-    const prompt = (await readTextFile(promptPath, "")).trim();
-    if (prompt.length > 0) {
-      parts.push(
-        "Current stage calibrated review prompt (use before asking for approval/completion):\\n" +
-          prompt
-      );
-    }
+async function readSessionDigestLines(stateDir, state, flowStateMtimeMs) {
+  const cachePath = path.join(stateDir, SESSION_DIGEST_CACHE_FILE);
+  const cache = toObject(await readJsonFile(cachePath, {})) || {};
+  const cachedMtimeMs = parseNumericMs(cache.flowStateMtimeMs);
+  const sameStage = typeof cache.currentStage === "string" ? cache.currentStage === state.currentStage : true;
+  const sameRun = typeof cache.activeRunId === "string" ? cache.activeRunId === state.activeRunId : true;
+  const fresh = cachedMtimeMs === flowStateMtimeMs && sameStage && sameRun;
+  if (!fresh) {
+    return {
+      ralphLoopLine: "",
+      earlyLoopLine: "",
+      compoundReadinessLine: "",
+      fresh: false
+    };
   }
-
-  return parts;
+  return {
+    ralphLoopLine: typeof cache.ralphLoopLine === "string" ? cache.ralphLoopLine : "",
+    earlyLoopLine: typeof cache.earlyLoopLine === "string" ? cache.earlyLoopLine : "",
+    compoundReadinessLine: typeof cache.compoundReadinessLine === "string" ? cache.compoundReadinessLine : "",
+    fresh: true
+  };
 }
 
-async function handleSessionStart(runtime) {
-  const state = await readFlowState(runtime.root);
-  const stateDir = path.join(runtime.root, RUNTIME_ROOT, "state");
-  const ironLawsFile = path.join(stateDir, "iron-laws.json");
-  const metaSkillFile = path.join(runtime.root, RUNTIME_ROOT, "skills", "using-cclaw", "SKILL.md");
-
-
-  // Read knowledge.jsonl exactly once per session-start while holding the
-  // SAME lock CLI writers acquire in \`appendKnowledge\`. Guarantees we never
-  // see a partial (mid-write) snapshot. Both the digest and
-  // compound-readiness derive from this single read.
-  const knowledgeFilePath = path.join(runtime.root, RUNTIME_ROOT, "knowledge.jsonl");
-  const knowledgeRaw = await readTextFileLocked(
-    knowledgeLockPathInline(runtime.root),
-    knowledgeFilePath,
-    ""
-  );
-  const knowledge = await buildKnowledgeDigest(runtime.root, state.currentStage, knowledgeRaw);
-
-  // Refresh Ralph Loop status each session-start so /cc and the model
-  // both read a consistent "iter=N, acClosed=[...]" snapshot. Runs only when
-  // we are in tdd \u2014 other stages skip the write to keep the file stable.
+async function refreshSessionDigestCache(root, state, flowStateMtimeMs) {
+  const stateDir = path.join(root, RUNTIME_ROOT, "state");
   let ralphLoopLine = "";
   let earlyLoopLine = "";
+  let compoundReadinessLine = "";
+
   if (state.currentStage === "tdd") {
     try {
       const internalRalph = await runCclawInternal(
-        runtime.root,
+        root,
         ["tdd-loop-status", "--json", "--write"],
         { captureStdout: true }
       );
@@ -8635,12 +8619,8 @@ async function handleSessionStart(runtime) {
       }
       ralphLoopLine = formatRalphLoopStatusLineFromJson(ralphStatus);
     } catch (err) {
-      // Best-effort \u2014 a malformed cycle log should never break
-      // session-start. But we DO leave a breadcrumb in
-      // hook-errors.jsonl so \`npx cclaw-cli sync\` can surface chronic
-      // failures (previously this was a silent swallow).
       await recordHookError(
-        runtime.root,
+        root,
         "session-start:ralph-loop",
         err instanceof Error ? err.message : String(err)
       );
@@ -8652,7 +8632,7 @@ async function handleSessionStart(runtime) {
   ) {
     try {
       const internalEarly = await runCclawInternal(
-        runtime.root,
+        root,
         [
           "early-loop-status",
           "--json",
@@ -8674,21 +8654,17 @@ async function handleSessionStart(runtime) {
       earlyLoopLine = formatEarlyLoopStatusLineFromJson(earlyLoopStatus);
     } catch (err) {
       await recordHookError(
-        runtime.root,
+        root,
         "session-start:early-loop",
         err instanceof Error ? err.message : String(err)
       );
     }
   }
 
-  // Keep compound-readiness.json fresh on every session-start (cheap derived
-  // summary). Surface a one-line nudge only from review and ship stages
-  // where lifting becomes relevant; earlier stages update the file silently.
-  let compoundReadinessLine = "";
   try {
     const shouldShowReadiness = state.currentStage === "review" || state.currentStage === "ship";
     const internalReadiness = await runCclawInternal(
-      runtime.root,
+      root,
       shouldShowReadiness ? ["compound-readiness"] : ["compound-readiness", "--quiet"],
       { captureStdout: true }
     );
@@ -8699,30 +8675,165 @@ async function handleSessionStart(runtime) {
       compoundReadinessLine = firstStdoutLine(internalReadiness.stdout);
     }
   } catch (err) {
-    // Best-effort \u2014 a malformed knowledge.jsonl must never break
-    // session-start. But we DO leave a breadcrumb in
-    // hook-errors.jsonl so config/IO problems become visible in
-    // \`npx cclaw-cli sync\` instead of silently degrading readiness output.
     await recordHookError(
-      runtime.root,
+      root,
       "session-start:compound-readiness",
       err instanceof Error ? err.message : String(err)
     );
   }
 
-  const ironLawsObj = toObject(await readJsonFile(ironLawsFile, {})) || {};
-  const laws = Array.isArray(ironLawsObj.laws) ? ironLawsObj.laws : [];
-  const ironLawLines = laws
-    .filter((row) => row && typeof row === "object")
-    .slice(0, 6)
-    .map((row) => {
-      const strict = row.strict === true ? "strict" : "advisory";
-      const id = typeof row.id === "string" && row.id.length > 0 ? row.id : "law";
-      const rule = typeof row.rule === "string" ? row.rule : "";
-      return "- [" + strict + "] " + id + " -> " + rule;
+  const digestPath = path.join(stateDir, SESSION_DIGEST_CACHE_FILE);
+  await writeJsonFile(digestPath, {
+    schemaVersion: SESSION_DIGEST_SCHEMA_VERSION,
+    generatedAt: new Date().toISOString(),
+    flowStateMtimeMs,
+    currentStage: state.currentStage,
+    activeRunId: state.activeRunId,
+    ralphLoopLine,
+    earlyLoopLine,
+    compoundReadinessLine
+  });
+}
+
+async function scheduleSessionDigestRefresh(runtime, state, flowStateMtimeMs) {
+  if (flowStateMtimeMs <= 0) return;
+  const stateDir = path.join(runtime.root, RUNTIME_ROOT, "state");
+  const digestPath = path.join(stateDir, SESSION_DIGEST_CACHE_FILE);
+  const markerPath = path.join(stateDir, SESSION_DIGEST_REFRESH_MARKER_FILE);
+
+  const cache = toObject(await readJsonFile(digestPath, {})) || {};
+  const cachedMtimeMs = parseNumericMs(cache.flowStateMtimeMs);
+  if (cachedMtimeMs === flowStateMtimeMs) return;
+
+  const marker = toObject(await readJsonFile(markerPath, {})) || {};
+  const markerMtimeMs = parseNumericMs(marker.flowStateMtimeMs);
+  const markerStartedAtMs = parseNumericMs(marker.startedAtMs);
+  const markerFresh =
+    markerMtimeMs === flowStateMtimeMs &&
+    markerStartedAtMs > 0 &&
+    Date.now() - markerStartedAtMs < SESSION_DIGEST_REFRESH_STALE_MS;
+  if (markerFresh) return;
+
+  await writeJsonFile(markerPath, {
+    flowStateMtimeMs,
+    startedAtMs: Date.now(),
+    currentStage: state.currentStage,
+    activeRunId: state.activeRunId
+  });
+
+  try {
+    const child = spawn(process.execPath, [process.argv[1], "session-start-refresh"], {
+      cwd: runtime.root,
+      stdio: "ignore",
+      windowsHide: true,
+      detached: true,
+      env: {
+        ...process.env,
+        CCLAW_PROJECT_ROOT: runtime.root,
+        CCLAW_BG_WORKER: "1"
+      }
     });
+    child.unref();
+  } catch (err) {
+    await fs.rm(markerPath, { force: true }).catch(() => undefined);
+    await recordHookError(
+      runtime.root,
+      "session-start:spawn-refresh",
+      err instanceof Error ? err.message : String(err)
+    );
+  }
+}
+
+async function handleSessionStartRefresh(runtime) {
+  const state = await readFlowState(runtime.root);
+  const stateDir = path.join(runtime.root, RUNTIME_ROOT, "state");
+  const markerPath = path.join(stateDir, SESSION_DIGEST_REFRESH_MARKER_FILE);
+  try {
+    const flowStateMtimeMs = await readFileMtimeMs(state.filePath);
+    await refreshSessionDigestCache(runtime.root, state, flowStateMtimeMs);
+  } finally {
+    await fs.rm(markerPath, { force: true }).catch(() => undefined);
+  }
+  return 0;
+}
+
+
+async function buildKnowledgeDigest(root, currentStage, prereadRaw) {
+  const knowledgeFile = path.join(root, RUNTIME_ROOT, "knowledge.jsonl");
+  // Caller may supply pre-read raw bytes to avoid re-reading knowledge.jsonl.
+  // Falls back to a local read if nothing is passed in.
+  const raw = typeof prereadRaw === "string"
+    ? prereadRaw
+    : await readTextFile(knowledgeFile, "");
+  const digest = parseKnowledgeDigest(raw, currentStage, 6);
+  return {
+    digestLines: digest.lines,
+    learningsCount: digest.learningsCount
+  };
+}
+
+async function readStageSupportContext(root, currentStage) {
+  if (!isKnownStageId(currentStage)) return [];
+  const stage = currentStage;
+
+  const parts = [];
+  const contractPath = path.join(root, RUNTIME_ROOT, "templates", "state-contracts", stage + ".json");
+  const contract = (await readTextFile(contractPath, "")).trim();
+  if (contract.length > 0) {
+    parts.push(
+      "Current stage state contract (read before drafting or editing the stage artifact):\\n" +
+        contract
+    );
+  }
+
+  const promptName = reviewPromptFileName(stage);
+  if (typeof promptName === "string") {
+    const promptPath = path.join(root, RUNTIME_ROOT, "skills", "review-prompts", promptName);
+    const prompt = (await readTextFile(promptPath, "")).trim();
+    if (prompt.length > 0) {
+      parts.push(
+        "Current stage calibrated review prompt (use before asking for approval/completion):\\n" +
+          prompt
+      );
+    }
+  }
+
+  return parts;
+}
+
+async function handleSessionStart(runtime) {
+  const state = await readFlowState(runtime.root);
+  const metaSkillFile = path.join(runtime.root, RUNTIME_ROOT, "skills", "using-cclaw", "SKILL.md");
+
+
+  // Read knowledge.jsonl exactly once per session-start while holding the
+  // SAME lock CLI writers acquire in \`appendKnowledge\`. Guarantees we never
+  // see a partial (mid-write) snapshot. Both the digest and
+  // compound-readiness derive from this single read.
+  const knowledgeFilePath = path.join(runtime.root, RUNTIME_ROOT, "knowledge.jsonl");
+  const knowledgeRaw = await readTextFileLocked(
+    knowledgeLockPathInline(runtime.root),
+    knowledgeFilePath,
+    ""
+  );
+  const knowledge = await buildKnowledgeDigest(runtime.root, state.currentStage, knowledgeRaw);
+
+  // Wave 21 honest-core: session-start no longer runs background helper
+  // pipelines or digest caches. It rehydrates flow + knowledge only.
+  const ralphLoopLine = "";
+  const earlyLoopLine = "";
+  const compoundReadinessLine = "";
   const staleStages = toObject(state.raw.staleStages) || {};
   const staleStageNames = Object.keys(staleStages);
+  const interactionHints = toObject(state.raw.interactionHints) || {};
+  const stageInteractionHint = toObject(interactionHints[state.currentStage]);
+  const skipQuestionsHintActive = stageInteractionHint?.skipQuestions === true;
+  const skipQuestionsSource = typeof stageInteractionHint?.sourceStage === "string"
+    ? stageInteractionHint.sourceStage
+    : "";
+  const skipQuestionsRecordedAt = typeof stageInteractionHint?.recordedAt === "string"
+    ? stageInteractionHint.recordedAt
+    : "";
   const metaContent = (await readTextFile(metaSkillFile, "")).trim();
   const stageSupportContext = await readStageSupportContext(runtime.root, state.currentStage);
 
@@ -8755,6 +8866,14 @@ async function handleSessionStart(runtime) {
         " (use npx cclaw-cli internal rewind --ack <stage> after redo)."
     );
   }
+  if (skipQuestionsHintActive) {
+    parts.push(
+      "Adaptive elicitation hint: this stage inherits a prior user stop signal (--skip-questions" +
+        (skipQuestionsSource ? " from " + skipQuestionsSource : "") +
+        (skipQuestionsRecordedAt ? " at " + skipQuestionsRecordedAt : "") +
+        "). Draft with available context unless irreversible/security override checks still require explicit confirmation."
+    );
+  }
   if (knowledge.digestLines.length > 0) {
     parts.push(
       "Knowledge digest (top relevant entries):\\n" +
@@ -8764,9 +8883,6 @@ async function handleSessionStart(runtime) {
   if (stageSupportContext.length > 0) {
     parts.push(...stageSupportContext);
   }
-  if (ironLawLines.length > 0) {
-    parts.push("Iron laws (enforced policy highlights):\\n" + ironLawLines.join("\\n"));
-  }
   if (metaContent.length > 0) {
     parts.push(metaContent);
   }
@@ -8805,22 +8921,80 @@ async function isGitDirty(root) {
   });
 }
 
-function stopLawIsStrict(ironLawsObj) {
-  if ((ironLawsObj.mode || "advisory") === "strict") return true;
-  const laws = Array.isArray(ironLawsObj.laws) ? ironLawsObj.laws : [];
-  return laws.some(
-    (row) =>
-      row &&
-      typeof row === "object" &&
-      (row.id === "stop-clean-or-handoff" || row.id === "stop-clean-or-checkpointed") &&
-      row.strict === true
-  );
+const STOP_BLOCK_LIMIT_PER_TRANSCRIPT = 2;
+
+function asBoolean(value) {
+  if (value === true || value === false) return value;
+  if (typeof value === "number") return Number.isFinite(value) && value !== 0;
+  if (typeof value !== "string") return false;
+  const normalized = value.trim().toLowerCase();
+  if (normalized.length === 0) return false;
+  return ["1", "true", "yes", "on"].includes(normalized);
+}
+
+function stringTokenHit(value, tokens) {
+  const normalized = normalizeText(value).toLowerCase();
+  if (normalized.length === 0) return false;
+  return tokens.some((token) => normalized.includes(token));
+}
+
+function sanitizeStopSessionKey(raw) {
+  const normalized = normalizeText(raw)
+    .toLowerCase()
+    .replace(/[^a-z0-9._-]+/gu, "-")
+    .replace(/^-+|-+$/gu, "");
+  return normalized.length > 0 ? normalized.slice(0, 96) : "global";
+}
+
+function extractStopSignals(input, fallbackSessionKey) {
+  const event = toObject(input.event) || {};
+  const session = toObject(input.session) || {};
+  const contextLimit =
+    asBoolean(input.context_limit) ||
+    asBoolean(input.contextLimit) ||
+    asBoolean(event.context_limit) ||
+    asBoolean(event.contextLimit) ||
+    stringTokenHit(input.reason, ["context_limit", "context limit"]) ||
+    stringTokenHit(event.reason, ["context_limit", "context limit"]) ||
+    stringTokenHit(input.stop_reason, ["context_limit", "context limit"]) ||
+    stringTokenHit(event.stop_reason, ["context_limit", "context limit"]);
+  const userAbort =
+    asBoolean(input.user_abort) ||
+    asBoolean(input.userAbort) ||
+    asBoolean(input.user_cancelled) ||
+    asBoolean(input.userCancelled) ||
+    asBoolean(event.user_abort) ||
+    asBoolean(event.userAbort) ||
+    stringTokenHit(input.reason, ["user_abort", "user abort", "cancelled by user", "stop button", "ctrl+c"]) ||
+    stringTokenHit(event.reason, ["user_abort", "user abort", "cancelled by user", "stop button", "ctrl+c"]) ||
+    stringTokenHit(input.stop_reason, ["user_abort", "user abort", "cancelled by user", "stop button", "ctrl+c"]) ||
+    stringTokenHit(event.stop_reason, ["user_abort", "user abort", "cancelled by user", "stop button", "ctrl+c"]);
+  const stopHookActive =
+    asBoolean(input.stop_hook_active) ||
+    asBoolean(input.stopHookActive) ||
+    asBoolean(event.stop_hook_active) ||
+    asBoolean(event.stopHookActive);
+
+  const sessionKeyCandidate =
+    (typeof input.transcript_id === "string" && input.transcript_id) ||
+    (typeof input.transcriptId === "string" && input.transcriptId) ||
+    (typeof input.session_id === "string" && input.session_id) ||
+    (typeof input.sessionId === "string" && input.sessionId) ||
+    (typeof session.id === "string" && session.id) ||
+    fallbackSessionKey;
+  const sessionKey = sanitizeStopSessionKey(sessionKeyCandidate);
+
+  return {
+    contextLimit,
+    userAbort,
+    stopHookActive,
+    sessionKey
+  };
 }
 
 async function handleStopHandoff(runtime) {
   const state = await readFlowState(runtime.root);
   const stateDir = path.join(runtime.root, RUNTIME_ROOT, "state");
-  const ironLawsFile = path.join(stateDir, "iron-laws.json");
   const input = toObject(runtime.inputData) || {};
   const loopCount =
     typeof input.loop_count === "number" && Number.isFinite(input.loop_count)
@@ -8828,12 +9002,40 @@ async function handleStopHandoff(runtime) {
       : 0;
 
   const dirtyState = await isGitDirty(runtime.root);
-  const strictStop = stopLawIsStrict(toObject(await readJsonFile(ironLawsFile, {})) || {});
-  if (dirtyState === "dirty" && strictStop) {
+  const stopSignals = extractStopSignals(input, "run-" + state.activeRunId);
+  const safetyBypassActive = stopSignals.stopHookActive || stopSignals.userAbort || stopSignals.contextLimit;
+  if (dirtyState === "dirty" && !safetyBypassActive) {
+    const stopBlocksPath = path.join(stateDir, "stop-blocks-" + stopSignals.sessionKey + ".json");
+    const prior = toObject(await readJsonFile(stopBlocksPath, {})) || {};
+    const priorCount =
+      typeof prior.blockCount === "number" && Number.isFinite(prior.blockCount)
+        ? Math.max(0, Math.trunc(prior.blockCount))
+        : 0;
+    if (priorCount < STOP_BLOCK_LIMIT_PER_TRANSCRIPT) {
+      const nextCount = priorCount + 1;
+      await writeJsonFile(stopBlocksPath, {
+        schemaVersion: 1,
+        sessionKey: stopSignals.sessionKey,
+        blockCount: nextCount,
+        updatedAt: new Date().toISOString()
+      });
+      process.stderr.write(
+        '[cclaw] Stop blocked by iron law "stop-clean-or-handoff": working tree is dirty. Commit/revert changes or record blockers in the current artifact before ending the session.\\n'
+      );
+      return 1;
+    }
     process.stderr.write(
-      '[cclaw] Stop blocked by iron law "stop-clean-or-handoff": working tree is dirty. Commit/revert changes or record blockers in the current artifact before ending the session.\\n'
+      '[cclaw] Stop advisory: dirty working tree detected, but block limit reached for this transcript (max 2). Continuing with handoff reminder only.\\n'
+    );
+  } else if (dirtyState === "dirty" && safetyBypassActive) {
+    const reason = stopSignals.stopHookActive
+      ? "stop_hook_active"
+      : stopSignals.userAbort
+        ? "user_abort"
+        : "context_limit";
+    process.stderr.write(
+      "[cclaw] Stop advisory: bypassing strict stop block due to safety rule (" + reason + ").\\n"
     );
-    return 1;
   }
 
   const closeoutObj = toObject(state.raw.closeout) || {};
@@ -8867,10 +9069,6 @@ async function handleStopHandoff(runtime) {
   return 0;
 }
 
-async function handlePreCompact(_runtime) {
-  return 0;
-}
-
 async function handlePromptGuard(runtime) {
   const mode = resolveStrictness();
   const stateDir = path.join(runtime.root, RUNTIME_ROOT, "state");
@@ -9372,17 +9570,33 @@ async function handleVerifyCurrentState(runtime) {
   return 0;
 }
 
+async function handlePreToolPipeline(runtime) {
+  const promptExitCode = await handlePromptGuard(runtime);
+  if (promptExitCode !== 0) {
+    return promptExitCode;
+  }
+  return await handleWorkflowGuard(runtime);
+}
+
+async function handlePromptPipeline(runtime) {
+  const promptExitCode = await handlePromptGuard(runtime);
+  if (promptExitCode !== 0) {
+    return promptExitCode;
+  }
+  const verifyExitCode = await handleVerifyCurrentState(runtime);
+  if (verifyExitCode !== 0) {
+    return verifyExitCode;
+  }
+  runtime.writeJson({ ok: true });
+  return 0;
+}
+
 function normalizeHookName(rawName) {
   const value = normalizeText(rawName).toLowerCase();
   if (value === "session-start") return "session-start";
   if (value === "stop-handoff" || value === "stop") return "stop-handoff";
   if (value === "stop-checkpoint") return "stop-handoff";
-  if (value === "pre-compact" || value === "precompact") return "pre-compact";
   if (value === "session-rehydrate") return "session-start";
-  if (value === "prompt-guard") return "prompt-guard";
-  if (value === "workflow-guard") return "workflow-guard";
-  if (value === "context-monitor") return "context-monitor";
-  if (value === "verify-current-state") return "verify-current-state";
   return "";
 }
 
@@ -9392,7 +9606,7 @@ async function main() {
     process.stderr.write(
       "[cclaw] run-hook: usage: node " +
         RUNTIME_ROOT +
-        "/hooks/run-hook.mjs <session-start|stop-handoff|pre-compact|prompt-guard|workflow-guard|context-monitor|verify-current-state>\\n"
+        "/hooks/run-hook.mjs <session-start|stop-handoff>\\n"
     );
     process.exitCode = 1;
     return;
@@ -9428,26 +9642,6 @@ async function main() {
       process.exitCode = await handleStopHandoff(runtime);
       return;
     }
-    if (hookName === "pre-compact") {
-      process.exitCode = await handlePreCompact(runtime);
-      return;
-    }
-    if (hookName === "prompt-guard") {
-      process.exitCode = await handlePromptGuard(runtime);
-      return;
-    }
-    if (hookName === "workflow-guard") {
-      process.exitCode = await handleWorkflowGuard(runtime);
-      return;
-    }
-    if (hookName === "context-monitor") {
-      process.exitCode = await handleContextMonitor(runtime);
-      return;
-    }
-    if (hookName === "verify-current-state") {
-      process.exitCode = await handleVerifyCurrentState(runtime);
-      return;
-    }
     process.stderr.write("[cclaw] run-hook: unsupported hook " + hookName + "\\n");
     process.exitCode = 1;
   } catch (error) {