chief-clancy 0.5.12 → 0.7.0

package/dist/scripts/shared/pull-request/pr-body/pr-body.js

@@ -17,9 +17,10 @@ export function isEpicBranch(targetBranch) {
  * @param config - The board configuration.
  * @param ticket - The ticket being implemented.
  * @param targetBranch - The branch the PR targets (used to determine `Closes` vs `Part of`).
+ * @param verificationWarning - Optional warning text when verification checks failed after max retries. Included as a `## Verification Warning` section before the footer.
  * @returns The PR body as a markdown string.
  */
-export function buildPrBody(config, ticket, targetBranch) {
+export function buildPrBody(config, ticket, targetBranch, verificationWarning) {
     const lines = [];
     const isEpic = targetBranch ? isEpicBranch(targetBranch) : false;
     switch (config.provider) {
@@ -40,6 +41,14 @@ export function buildPrBody(config, ticket, targetBranch) {
         lines.push(ticket.description);
         lines.push('');
     }
+    if (verificationWarning) {
+        lines.push('## ⚠ Verification Warning');
+        lines.push('');
+        lines.push(verificationWarning);
+        lines.push('');
+        lines.push('This PR may need manual fixes before merging.');
+        lines.push('');
+    }
     lines.push('---');
     lines.push('*Created by [Clancy](https://github.com/Pushedskydiver/clancy)*');
     lines.push('');

package/dist/scripts/shared/pull-request/pr-body/pr-body.js.map

@@ -1 +1 @@
-{"version":3,"file":"pr-body.js","sourceRoot":"","sources":["../../../../../src/scripts/shared/pull-request/pr-body/pr-body.ts"],"names":[],"mappings":"AASA;;;;;GAKG;AACH,MAAM,UAAU,YAAY,CAAC,YAAoB;IAC/C,OAAO,CACL,YAAY,CAAC,UAAU,CAAC,OAAO,CAAC,IAAI,YAAY,CAAC,UAAU,CAAC,YAAY,CAAC,CAC1E,CAAC;AACJ,CAAC;AAED;;;;;;;;;;;GAWG;AACH,MAAM,UAAU,WAAW,CACzB,MAAmB,EACnB,MAAc,EACd,YAAqB;IAErB,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,MAAM,MAAM,GAAG,YAAY,CAAC,CAAC,CAAC,YAAY,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;IAEjE,QAAQ,MAAM,CAAC,QAAQ,EAAE,CAAC;QACxB,KAAK,QAAQ;YACX,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,WAAW,MAAM,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,UAAU,MAAM,CAAC,GAAG,EAAE,CAAC,CAAC;YACtE,MAAM;QACR,KAAK,MAAM;YACT,KAAK,CAAC,IAAI,CACR,cAAc,MAAM,CAAC,GAAG,KAAK,MAAM,CAAC,GAAG,CAAC,aAAa,WAAW,MAAM,CAAC,GAAG,GAAG,CAC9E,CAAC;YACF,MAAM;QACR,KAAK,QAAQ;YACX,KAAK,CAAC,IAAI,CAAC,eAAe,MAAM,CAAC,GAAG,EAAE,CAAC,CAAC;YACxC,MAAM;IACV,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,IAAI,MAAM,CAAC,WAAW,EAAE,CAAC;QACvB,KAAK,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;QAC7B,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACf,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;QAC/B,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACjB,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAClB,KAAK,CAAC,IAAI,CAAC,iEAAiE,CAAC,CAAC;IAC9E,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAClB,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;IACxB,KAAK,CAAC,IAAI,CACR,2EAA2E,CAC5E,CAAC;IACF,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,CAAC,IAAI,CAAC,qBAAqB,CAAC,CAAC;IAClC,KAAK,CAAC,IAAI,CACR,0GAA0G,CAC3G,CAAC;IACF,KAAK,CAAC,IAAI,CACR,uKAAuK,CACxK,CAAC;IACF,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,CAAC,IAAI,CACR,uEAAuE,CACxE,CAAC;IACF,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IAEzB,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,eAAe,CAC7B,OAAe,EACf,SAAiB,EACjB,YAA6B;IAE7B,MAAM,KAAK,GAAa,EAAE,CAAC;IAE3B,KAAK,CAAC,IAAI,CAAC,MAAM,OAAO,MAAM,SAAS,EAAE,CAAC,CAAC;IAC3C,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;IAC3B,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,KAAK,MAAM,KAAK,IAAI,YAAY,EAAE,CAAC;QACjC,MAAM,KAAK,GAAG,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,KAAK,CAAC,QAAQ,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;QAC5D,KAAK,CAAC,IAAI,CAAC,KAAK,KAAK,CAAC,GAAG,MAAM,KAAK,CAAC,OAAO,GAAG,KAAK,EAAE,CAAC,CAAC;IAC1D,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAClB,KAAK,CAAC,IAAI,CAAC,iEAAiE,CAAC,CAAC;IAE9E,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC"}
+{"version":3,"file":"pr-body.js","sourceRoot":"","sources":["../../../../../src/scripts/shared/pull-request/pr-body/pr-body.ts"],"names":[],"mappings":"AASA;;;;;GAKG;AACH,MAAM,UAAU,YAAY,CAAC,YAAoB;IAC/C,OAAO,CACL,YAAY,CAAC,UAAU,CAAC,OAAO,CAAC,IAAI,YAAY,CAAC,UAAU,CAAC,YAAY,CAAC,CAC1E,CAAC;AACJ,CAAC;AAED;;;;;;;;;;;;GAYG;AACH,MAAM,UAAU,WAAW,CACzB,MAAmB,EACnB,MAAc,EACd,YAAqB,EACrB,mBAA4B;IAE5B,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,MAAM,MAAM,GAAG,YAAY,CAAC,CAAC,CAAC,YAAY,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;IAEjE,QAAQ,MAAM,CAAC,QAAQ,EAAE,CAAC;QACxB,KAAK,QAAQ;YACX,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,WAAW,MAAM,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,UAAU,MAAM,CAAC,GAAG,EAAE,CAAC,CAAC;YACtE,MAAM;QACR,KAAK,MAAM;YACT,KAAK,CAAC,IAAI,CACR,cAAc,MAAM,CAAC,GAAG,KAAK,MAAM,CAAC,GAAG,CAAC,aAAa,WAAW,MAAM,CAAC,GAAG,GAAG,CAC9E,CAAC;YACF,MAAM;QACR,KAAK,QAAQ;YACX,KAAK,CAAC,IAAI,CAAC,eAAe,MAAM,CAAC,GAAG,EAAE,CAAC,CAAC;YACxC,MAAM;IACV,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,IAAI,MAAM,CAAC,WAAW,EAAE,CAAC;QACvB,KAAK,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;QAC7B,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACf,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;QAC/B,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACjB,CAAC;IAED,IAAI,mBAAmB,EAAE,CAAC;QACxB,KAAK,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC;QACxC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACf,KAAK,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;QAChC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACf,KAAK,CAAC,IAAI,CAAC,+CAA+C,CAAC,CAAC;QAC5D,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACjB,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAClB,KAAK,CAAC,IAAI,CAAC,iEAAiE,CAAC,CAAC;IAC9E,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAClB,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;IACxB,KAAK,CAAC,IAAI,CACR,2EAA2E,CAC5E,CAAC;IACF,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,CAAC,IAAI,CAAC,qBAAqB,CAAC,CAAC;IAClC,KAAK,CAAC,IAAI,CACR,0GAA0G,CAC3G,CAAC;IACF,KAAK,CAAC,IAAI,CACR,uKAAuK,CACxK,CAAC;IACF,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,CAAC,IAAI,CACR,uEAAuE,CACxE,CAAC;IACF,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IAEzB,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,eAAe,CAC7B,OAAe,EACf,SAAiB,EACjB,YAA6B;IAE7B,MAAM,KAAK,GAAa,EAAE,CAAC;IAE3B,KAAK,CAAC,IAAI,CAAC,MAAM,OAAO,MAAM,SAAS,EAAE,CAAC,CAAC;IAC3C,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;IAC3B,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,KAAK,MAAM,KAAK,IAAI,YAAY,EAAE,CAAC;QACjC,MAAM,KAAK,GAAG,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,KAAK,CAAC,QAAQ,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;QAC5D,KAAK,CAAC,IAAI,CAAC,KAAK,KAAK,CAAC,GAAG,MAAM,KAAK,CAAC,OAAO,GAAG,KAAK,EAAE,CAAC,CAAC;IAC1D,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAClB,KAAK,CAAC,IAAI,CAAC,iEAAiE,CAAC,CAAC;IAE9E,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC"}

package/dist/types/remote.d.ts

@@ -51,5 +51,5 @@ export type PrReviewState = {
     reviewers?: string[];
 };
 /** Progress log status values. */
-export type ProgressStatus = 'DONE' | 'SKIPPED' | 'PR_CREATED' | 'PUSHED' | 'PUSH_FAILED' | 'LOCAL' | 'PLAN' | 'APPROVE' | 'REWORK' | 'EPIC_PR_CREATED';
+export type ProgressStatus = 'DONE' | 'SKIPPED' | 'PR_CREATED' | 'PUSHED' | 'PUSH_FAILED' | 'LOCAL' | 'PLAN' | 'APPROVE_PLAN' | 'REWORK' | 'EPIC_PR_CREATED' | 'BRIEF' | 'APPROVE_BRIEF' | 'TIME_LIMIT' | 'RESUMED';
 //# sourceMappingURL=remote.d.ts.map

package/dist/types/remote.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"remote.d.ts","sourceRoot":"","sources":["../../src/types/remote.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,uCAAuC;AACvC,MAAM,MAAM,WAAW,GACnB,QAAQ,GACR,QAAQ,GACR,WAAW,GACX,kBAAkB,GAClB,OAAO,GACP,SAAS,CAAC;AAEd,qDAAqD;AACrD,MAAM,MAAM,UAAU,GAClB;IACE,IAAI,EAAE,QAAQ,CAAC;IACf,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;CAClB,GACD;IACE,IAAI,EAAE,QAAQ,CAAC;IACf,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;CAClB,GACD;IACE,IAAI,EAAE,WAAW,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;CAClB,GACD;IACE,IAAI,EAAE,kBAAkB,CAAC;IACzB,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;CAClB,GACD;IACE,IAAI,EAAE,OAAO,GAAG,SAAS,CAAC;IAC1B,GAAG,EAAE,MAAM,CAAC;CACb,GACD;IACE,IAAI,EAAE,MAAM,CAAC;CACd,CAAC;AAEN,0CAA0C;AAC1C,MAAM,MAAM,gBAAgB,GACxB;IAAE,EAAE,EAAE,IAAI,CAAC;IAAC,GAAG,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,GACzC;IAAE,EAAE,EAAE,KAAK,CAAC;IAAC,KAAK,EAAE,MAAM,CAAC;IAAC,aAAa,CAAC,EAAE,OAAO,CAAA;CAAE,CAAC;AAE1D,6CAA6C;AAC7C,MAAM,MAAM,aAAa,GAAG;IAC1B,yDAAyD;IACzD,gBAAgB,EAAE,OAAO,CAAC;IAC1B,sDAAsD;IACtD,QAAQ,EAAE,MAAM,CAAC;IACjB,mCAAmC;IACnC,KAAK,EAAE,MAAM,CAAC;IACd,kEAAkE;IAClE,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;CACtB,CAAC;AAEF,kCAAkC;AAClC,MAAM,MAAM,cAAc,GACtB,MAAM,GACN,SAAS,GACT,YAAY,GACZ,QAAQ,GACR,aAAa,GACb,OAAO,GACP,MAAM,GACN,SAAS,GACT,QAAQ,GACR,iBAAiB,CAAC"}
+{"version":3,"file":"remote.d.ts","sourceRoot":"","sources":["../../src/types/remote.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,uCAAuC;AACvC,MAAM,MAAM,WAAW,GACnB,QAAQ,GACR,QAAQ,GACR,WAAW,GACX,kBAAkB,GAClB,OAAO,GACP,SAAS,CAAC;AAEd,qDAAqD;AACrD,MAAM,MAAM,UAAU,GAClB;IACE,IAAI,EAAE,QAAQ,CAAC;IACf,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;CAClB,GACD;IACE,IAAI,EAAE,QAAQ,CAAC;IACf,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;CAClB,GACD;IACE,IAAI,EAAE,WAAW,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;CAClB,GACD;IACE,IAAI,EAAE,kBAAkB,CAAC;IACzB,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;CAClB,GACD;IACE,IAAI,EAAE,OAAO,GAAG,SAAS,CAAC;IAC1B,GAAG,EAAE,MAAM,CAAC;CACb,GACD;IACE,IAAI,EAAE,MAAM,CAAC;CACd,CAAC;AAEN,0CAA0C;AAC1C,MAAM,MAAM,gBAAgB,GACxB;IAAE,EAAE,EAAE,IAAI,CAAC;IAAC,GAAG,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,GACzC;IAAE,EAAE,EAAE,KAAK,CAAC;IAAC,KAAK,EAAE,MAAM,CAAC;IAAC,aAAa,CAAC,EAAE,OAAO,CAAA;CAAE,CAAC;AAE1D,6CAA6C;AAC7C,MAAM,MAAM,aAAa,GAAG;IAC1B,yDAAyD;IACzD,gBAAgB,EAAE,OAAO,CAAC;IAC1B,sDAAsD;IACtD,QAAQ,EAAE,MAAM,CAAC;IACjB,mCAAmC;IACnC,KAAK,EAAE,MAAM,CAAC;IACd,kEAAkE;IAClE,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;CACtB,CAAC;AAEF,kCAAkC;AAClC,MAAM,MAAM,cAAc,GACtB,MAAM,GACN,SAAS,GACT,YAAY,GACZ,QAAQ,GACR,aAAa,GACb,OAAO,GACP,MAAM,GACN,cAAc,GACd,QAAQ,GACR,iBAAiB,GACjB,OAAO,GACP,eAAe,GACf,YAAY,GACZ,SAAS,CAAC"}

package/hooks/clancy-branch-guard.js

@@ -0,0 +1,129 @@
+#!/usr/bin/env node
+// Clancy Branch Guard — PreToolUse hook.
+// Blocks dangerous git operations: force push, push to protected branches,
+// hard reset, clean, bulk discard, and force branch deletion.
+// Best-effort — never blocks on error (fail-open).
+
+'use strict';
+
+// Protected branch names — pushes to these are blocked.
+// CLANCY_BASE_BRANCH is added dynamically if set and not already in the list.
+const PROTECTED_BRANCHES = ['main', 'master', 'develop'];
+if (process.env.CLANCY_BASE_BRANCH && !PROTECTED_BRANCHES.includes(process.env.CLANCY_BASE_BRANCH)) {
+  PROTECTED_BRANCHES.push(process.env.CLANCY_BASE_BRANCH);
+}
+
+/**
+ * Check whether a command string contains a dangerous git operation.
+ * Returns a reason string if blocked, or null if allowed.
+ */
+function checkCommand(cmd) {
+  if (!cmd || typeof cmd !== 'string') return null;
+
+  // --- git push --force / -f (without --force-with-lease) ---
+  // Match any occurrence of "git push" with --force or -f flag
+  if (/\bgit\s+push\b/.test(cmd)) {
+    const hasForceFlag = /\s--force\b/.test(cmd) || /\s-f\b/.test(cmd);
+    const hasForceWithLease = /--force-with-lease\b/.test(cmd);
+    if (hasForceFlag && !hasForceWithLease) {
+      return 'Blocked: git push --force destroys remote history. Use --force-with-lease instead.';
+    }
+
+    // --- git push to protected branches ---
+    // Pattern: git push <remote> <protected-branch>
+    // We look for "git push" followed by any remote name, then a protected branch.
+    // The branch must be a standalone token — \b treats hyphens as word boundaries,
+    // so we match the branch as a complete whitespace-delimited token instead.
+    for (const branch of PROTECTED_BRANCHES) {
+      // Matches: git push origin main, git push origin main:main, etc.
+      // Does NOT match: git push origin main-feature
+      // Escape regex metacharacters in branch name (e.g. release/1.0 → release\/1\.0)
+      const escaped = branch.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
+      const pattern = new RegExp(`\\bgit\\s+push\\s+\\S+\\s+${escaped}(?:\\s|$|:)`);
+      if (pattern.test(cmd)) {
+        return `Blocked: direct push to protected branch '${branch}'. Create a PR instead.`;
+      }
+    }
+  }
+
+  // --- git reset --hard ---
+  if (/\bgit\s+reset\s+--hard\b/.test(cmd)) {
+    return 'Blocked: git reset --hard destroys uncommitted work. Use --soft or --mixed instead.';
+  }
+
+  // --- git clean -f (any variant with -f but not just -n) ---
+  // Block git clean with -f flag (e.g. -f, -fd, -fdx, -xfd, etc.) but allow -n (dry run)
+  if (/\bgit\s+clean\b/.test(cmd)) {
+    // Check for -f flag in the clean arguments
+    // Match short flags like -f, -fd, -fdx, -xf, etc.
+    const cleanMatch = cmd.match(/\bgit\s+clean\s+(.*)/);
+    if (cleanMatch) {
+      const args = cleanMatch[1];
+      // Check for -f in combined short flags or standalone
+      if (/(?:^|\s)-[a-zA-Z]*f/.test(args) && !/(?:^|\s)-n\b/.test(args)) {
+        return 'Blocked: git clean -f deletes untracked files permanently. Use -n for a dry run first.';
+      }
+    }
+  }
+
+  // --- git checkout -- . (discard all changes) ---
+  if (/\bgit\s+checkout\s+--\s+\./.test(cmd)) {
+    return 'Blocked: git checkout -- . discards all uncommitted changes.';
+  }
+
+  // --- git restore . (discard all changes) ---
+  // Only block bare "git restore ." (all files), not "git restore ./specific-file"
+  if (/\bgit\s+restore\s+\.(?:\s*$|\s*[;&|])/.test(cmd)) {
+    return 'Blocked: git restore . discards all uncommitted changes.';
+  }
+
+  // --- git branch -D (force delete) ---
+  // Block uppercase -D only, not lowercase -d
+  if (/\bgit\s+branch\s+.*-D\b/.test(cmd)) {
+    return 'Blocked: git branch -D force-deletes a branch irrecoverably. Use -d for safe deletion.';
+  }
+
+  return null;
+}
+
+// Read hook input — Claude Code passes PreToolUse data as a JSON argument.
+// Fall back to stdin for forward compatibility with potential API changes.
+function readInput() {
+  if (process.argv[2]) return process.argv[2];
+  try { return require('fs').readFileSync('/dev/stdin', 'utf8'); } catch { return '{}'; }
+}
+
+try {
+  // Check if guard is disabled
+  if (process.env.CLANCY_BRANCH_GUARD === 'false') {
+    console.log(JSON.stringify({ decision: 'approve' }));
+    process.exit(0);
+  }
+
+  const input = JSON.parse(readInput());
+  const toolName = input.tool_name || '';
+  const toolInput = input.tool_input || {};
+
+  // Only check Bash tool calls
+  if (toolName !== 'Bash') {
+    console.log(JSON.stringify({ decision: 'approve' }));
+    process.exit(0);
+  }
+
+  const cmd = (toolInput.command || '').trim();
+  const reason = checkCommand(cmd);
+
+  if (reason) {
+    console.log(JSON.stringify({ decision: 'block', reason }));
+  } else {
+    console.log(JSON.stringify({ decision: 'approve' }));
+  }
+} catch {
+  // Best-effort — never block on error
+  console.log(JSON.stringify({ decision: 'approve' }));
+}
+
+// Export for testing
+if (typeof module !== 'undefined') {
+  module.exports = { checkCommand };
+}

package/hooks/clancy-check-update.js

@@ -69,3 +69,46 @@ const child = spawn(process.execPath, ['-e', `
 });
 
 child.unref();
+
+// --- Stale brief detection ---
+// Best-effort: detect unapproved briefs older than 7 days, write count to cache file.
+try {
+  const briefsDir = path.join(cwd, '.clancy', 'briefs');
+  const staleFile = path.join(cwd, '.clancy', '.brief-stale-count');
+
+  if (!fs.existsSync(briefsDir)) {
+    // No briefs dir — clear any stale cache so old counts don't linger
+    try { fs.unlinkSync(staleFile); } catch { /* may not exist */ }
+  } else {
+    const files = fs.readdirSync(briefsDir);
+    // Only count brief files (YYYY-MM-DD-slug.md), exclude .feedback.md and .approved markers
+    const mdFiles = files.filter(f =>
+      f.endsWith('.md') &&
+      !f.endsWith('.md.approved') &&
+      !f.endsWith('.feedback.md')
+    );
+    const now = Date.now();
+    const sevenDays = 7 * 24 * 60 * 60 * 1000;
+    let staleCount = 0;
+
+    for (const file of mdFiles) {
+      // Check there is no corresponding .approved marker
+      if (files.includes(file + '.approved')) continue;
+
+      // Parse date from filename prefix: YYYY-MM-DD-slug.md
+      const match = file.match(/^(\d{4}-\d{2}-\d{2})-/);
+      if (!match) continue;
+
+      const fileDate = new Date(match[1] + 'T00:00:00Z');
+      if (isNaN(fileDate.getTime())) continue;
+
+      if (now - fileDate.getTime() > sevenDays) {
+        staleCount++;
+      }
+    }
+
+    fs.writeFileSync(staleFile, String(staleCount));
+  }
+} catch {
+  // Best-effort — never crash the hook
+}

package/hooks/clancy-context-monitor.js

@@ -3,11 +3,17 @@
 // Reads context metrics from the bridge file written by clancy-statusline.js
 // and injects warnings into Claude's conversation when context runs low.
 //
-// Thresholds:
+// Context thresholds:
 //   WARNING  (remaining <= 35%): wrap up analysis, move to implementation
 //   CRITICAL (remaining <= 25%): commit current work, log to .clancy/progress.txt, stop
 //
+// Time guard:
+//   Reads .clancy/lock.json for startedAt timestamp.
+//   WARNING  (elapsed >= 80% of CLANCY_TIME_LIMIT): wrap up implementation
+//   CRITICAL (elapsed >= 100% of CLANCY_TIME_LIMIT): stop and deliver
+//
 // Debounce: 5 tool uses between warnings; severity escalation bypasses debounce.
+// Context and time guards use independent debounce counters.
 
 'use strict';
 
@@ -19,6 +25,7 @@ const WARNING_THRESHOLD  = 35;
 const CRITICAL_THRESHOLD = 25;
 const STALE_SECONDS      = 60;
 const DEBOUNCE_CALLS     = 5;
+const DEFAULT_TIME_LIMIT = 30; // minutes
 
 let input = '';
 const stdinTimeout = setTimeout(() => process.exit(0), 3000);
@@ -31,66 +38,147 @@ process.stdin.on('end', () => {
     const session = data.session_id;
     if (!session) process.exit(0);
 
-    const bridgePath = path.join(os.tmpdir(), `clancy-ctx-${session}.json`);
-    if (!fs.existsSync(bridgePath)) process.exit(0); // no statusline data yet
-
-    const metrics = JSON.parse(fs.readFileSync(bridgePath, 'utf8'));
-    const now = Math.floor(Date.now() / 1000);
-
-    // Ignore stale metrics (statusline may not have run this session)
-    if (metrics.timestamp && (now - metrics.timestamp) > STALE_SECONDS) process.exit(0);
-
-    const remaining = metrics.remaining_percentage;
-    const usedPct   = metrics.used_pct;
-
-    if (remaining > WARNING_THRESHOLD) process.exit(0);
+    const messages = [];
 
-    // Debounce
+    // ── Warn file (shared by context + time debounce) ───────────
     const warnPath = path.join(os.tmpdir(), `clancy-ctx-${session}-warned.json`);
-    let warnData = { callsSinceWarn: 0, lastLevel: null };
-    let firstWarn = true;
+    let warnData = {
+      callsSinceWarn: 0,
+      lastLevel: null,
+      timeCallsSinceWarn: 0,
+      timeLastLevel: null,
+    };
+    let firstContextWarn = true;
+    let firstTimeWarn = true;
 
     if (fs.existsSync(warnPath)) {
-      try { warnData = JSON.parse(fs.readFileSync(warnPath, 'utf8')); firstWarn = false; } catch {}
+      try {
+        const existing = JSON.parse(fs.readFileSync(warnPath, 'utf8'));
+        warnData = { ...warnData, ...existing };
+        firstContextWarn = !existing.lastLevel;
+        firstTimeWarn = !existing.timeLastLevel;
+      } catch {}
     }
 
-    warnData.callsSinceWarn = (warnData.callsSinceWarn || 0) + 1;
+    // ── Context guard ───────────────────────────────────────────
+    const bridgePath = path.join(os.tmpdir(), `clancy-ctx-${session}.json`);
+    let contextFired = false;
+
+    if (fs.existsSync(bridgePath)) {
+      const metrics = JSON.parse(fs.readFileSync(bridgePath, 'utf8'));
+      const now = Math.floor(Date.now() / 1000);
+
+      const isStale = metrics.timestamp && (now - metrics.timestamp) > STALE_SECONDS;
+      if (!isStale) {
+        const remaining = metrics.remaining_percentage;
+        const usedPct   = metrics.used_pct;
+
+        if (remaining <= WARNING_THRESHOLD) {
+          warnData.callsSinceWarn = (warnData.callsSinceWarn || 0) + 1;
+
+          const isCritical      = remaining <= CRITICAL_THRESHOLD;
+          const currentLevel    = isCritical ? 'critical' : 'warning';
+          const severityEscalated = currentLevel === 'critical' && warnData.lastLevel === 'warning';
+
+          const shouldFire = firstContextWarn ||
+            warnData.callsSinceWarn >= DEBOUNCE_CALLS ||
+            severityEscalated;
+
+          if (shouldFire) {
+            warnData.callsSinceWarn = 0;
+            warnData.lastLevel = currentLevel;
+            contextFired = true;
+
+            if (isCritical) {
+              messages.push(
+                `CONTEXT CRITICAL: Usage at ${usedPct}%. Remaining: ${remaining}%. ` +
+                'Context is nearly exhausted. Stop reading files and wrap up immediately:\n' +
+                '1. Commit whatever work is staged on the current feature branch\n' +
+                '2. Append a WIP entry to .clancy/progress.txt: ' +
+                'YYYY-MM-DD HH:MM | TICKET-KEY | Summary | WIP — context exhausted\n' +
+                '3. Inform the user what was completed and what remains.\n' +
+                'Do NOT start any new work.'
+              );
+            } else {
+              messages.push(
+                `CONTEXT WARNING: Usage at ${usedPct}%. Remaining: ${remaining}%. ` +
+                'Context is getting limited. Stop exploring and move to implementation. ' +
+                'Avoid reading additional files unless strictly necessary. ' +
+                'Commit completed work as soon as it is ready.'
+              );
+            }
+          }
+        }
+      }
+    }
 
-    const isCritical      = remaining <= CRITICAL_THRESHOLD;
-    const currentLevel    = isCritical ? 'critical' : 'warning';
-    const severityEscalated = currentLevel === 'critical' && warnData.lastLevel === 'warning';
+    // ── Time guard ──────────────────────────────────────────────
+    const timeLimitEnv = process.env.CLANCY_TIME_LIMIT;
+    const timeLimit = timeLimitEnv !== undefined ? Number(timeLimitEnv) : DEFAULT_TIME_LIMIT;
+
+    if (timeLimit > 0) {
+      // Look for lock.json in the working directory's .clancy/
+      const cwd = data.cwd || process.cwd();
+      const lockPath = path.join(cwd, '.clancy', 'lock.json');
+
+      if (fs.existsSync(lockPath)) {
+        try {
+          const lock = JSON.parse(fs.readFileSync(lockPath, 'utf8'));
+          const startedAt = new Date(lock.startedAt);
+
+          if (!isNaN(startedAt.getTime())) {
+            const elapsedMs = Date.now() - startedAt.getTime();
+            const elapsedMin = Math.floor(elapsedMs / 60000);
+            const limitMs = timeLimit * 60000;
+            const pct = Math.floor((elapsedMs / limitMs) * 100);
+
+            if (pct >= 80) {
+              warnData.timeCallsSinceWarn = (warnData.timeCallsSinceWarn || 0) + 1;
+
+              const isTimeCritical = pct >= 100;
+              const currentTimeLevel = isTimeCritical ? 'critical' : 'warning';
+              const timeSeverityEscalated =
+                currentTimeLevel === 'critical' && warnData.timeLastLevel === 'warning';
+
+              const shouldFireTime = firstTimeWarn ||
+                warnData.timeCallsSinceWarn >= DEBOUNCE_CALLS ||
+                timeSeverityEscalated;
+
+              if (shouldFireTime) {
+                warnData.timeCallsSinceWarn = 0;
+                warnData.timeLastLevel = currentTimeLevel;
+
+                if (isTimeCritical) {
+                  messages.push(
+                    `TIME CRITICAL: Time limit reached (${elapsedMin}min of ${timeLimit}min).\n` +
+                    'STOP implementation immediately. Commit current work, push the branch,\n' +
+                    'and create the PR with whatever is ready. Log a WIP entry if incomplete.'
+                  );
+                } else {
+                  messages.push(
+                    `TIME WARNING: Ticket implementation at ${elapsedMin}min of ${timeLimit}min limit (${pct}%).\n` +
+                    'Wrap up implementation and prepare for delivery. Avoid starting new approaches.'
+                  );
+                }
+              }
+            }
+          }
+        } catch {}
+      }
+    }
 
-    if (!firstWarn && warnData.callsSinceWarn < DEBOUNCE_CALLS && !severityEscalated) {
+    // ── Persist debounce state (only when a threshold was reached) ──
+    if (messages.length > 0 || contextFired || warnData.callsSinceWarn > 0 || warnData.timeCallsSinceWarn > 0) {
       fs.writeFileSync(warnPath, JSON.stringify(warnData));
-      process.exit(0);
     }
 
-    warnData.callsSinceWarn = 0;
-    warnData.lastLevel = currentLevel;
-    fs.writeFileSync(warnPath, JSON.stringify(warnData));
-
-    let message;
-    if (isCritical) {
-      message =
-        `CONTEXT CRITICAL: Usage at ${usedPct}%. Remaining: ${remaining}%. ` +
-        'Context is nearly exhausted. Stop reading files and wrap up immediately:\n' +
-        '1. Commit whatever work is staged on the current feature branch\n' +
-        '2. Append a WIP entry to .clancy/progress.txt: ' +
-        'YYYY-MM-DD HH:MM | TICKET-KEY | Summary | WIP — context exhausted\n' +
-        '3. Inform the user what was completed and what remains.\n' +
-        'Do NOT start any new work.';
-    } else {
-      message =
-        `CONTEXT WARNING: Usage at ${usedPct}%. Remaining: ${remaining}%. ` +
-        'Context is getting limited. Stop exploring and move to implementation. ' +
-        'Avoid reading additional files unless strictly necessary. ' +
-        'Commit completed work as soon as it is ready.';
-    }
+    // ── Output ──────────────────────────────────────────────────
+    if (messages.length === 0) process.exit(0);
 
     const output = {
       hookSpecificOutput: {
         hookEventName: 'PostToolUse',
-        additionalContext: message,
+        additionalContext: messages.join('\n'),
       },
     };
 

package/hooks/clancy-post-compact.js

@@ -0,0 +1,53 @@
+#!/usr/bin/env node
+// Clancy PostCompact Hook — re-injects ticket context after context compaction.
+// Reads .clancy/lock.json for current ticket info. If no lock file exists
+// (not in a Clancy run), exits silently.
+//
+// PostCompact is a non-blocking event — this hook injects additionalContext
+// but cannot prevent compaction.
+
+'use strict';
+
+const fs = require('fs');
+const path = require('path');
+
+let input = '';
+const stdinTimeout = setTimeout(() => process.exit(0), 3000);
+process.stdin.setEncoding('utf8');
+process.stdin.on('data', chunk => { input += chunk; });
+process.stdin.on('end', () => {
+  clearTimeout(stdinTimeout);
+  try {
+    const data = JSON.parse(input);
+    const cwd = data.cwd || process.cwd();
+
+    // Read lock file for ticket context
+    const lockPath = path.join(cwd, '.clancy', 'lock.json');
+    if (!fs.existsSync(lockPath)) process.exit(0); // Not in a Clancy run
+
+    const lock = JSON.parse(fs.readFileSync(lockPath, 'utf8'));
+
+    // Validate minimum required fields — skip if lock is malformed
+    if (!lock.ticketKey || !lock.ticketBranch) process.exit(0);
+
+    // Truncate description to 2000 chars to avoid consuming too much fresh context
+    const desc = (lock.description || '').slice(0, 2000);
+
+    const context = [
+      `CONTEXT RESTORED: You are implementing ticket [${lock.ticketKey}] ${lock.ticketTitle || 'Unknown'}.`,
+      `Branch: ${lock.ticketBranch} targeting ${lock.targetBranch || 'main'}.`,
+      lock.parentKey && lock.parentKey !== 'none' ? `Parent: ${lock.parentKey}.` : '',
+      desc ? `Requirements: ${desc}` : '',
+      'Continue your implementation. Do not start over.',
+    ].filter(Boolean).join('\n');
+
+    process.stdout.write(JSON.stringify({
+      hookSpecificOutput: {
+        hookEventName: 'PostCompact',
+        additionalContext: context,
+      },
+    }));
+  } catch {
+    process.exit(0); // Best-effort — never crash
+  }
+});

package/hooks/package.json

@@ -0,0 +1,3 @@
+{
+  "type": "commonjs"
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "chief-clancy",
-  "version": "0.5.12",
+  "version": "0.7.0",
   "description": "Autonomous, board-driven development for Claude Code — scaffolds docs, integrates Kanban boards, runs tickets in a loop.",
   "keywords": [
     "claude",
@@ -30,7 +30,8 @@
   "main": "dist/installer/install.js",
   "files": [
     "dist/",
-    "hooks/",
+    "hooks/*.js",
+    "hooks/package.json",
     "src/roles/",
     "src/agents/",
     "src/templates/",

package/src/agents/devils-advocate.md

@@ -0,0 +1,53 @@
+# Devil's Advocate Agent
+
+You are the devil's advocate agent for Clancy's strategist role. Your job is to answer a list of clarifying questions about a feature idea by interrogating the codebase, board, and web — then classify each answer by confidence.
+
+You receive 10-15 clarifying questions generated during the AI-grill phase of `/clancy:brief --afk`. You must answer them autonomously. Never ask the human for input — this runs in AFK mode with no human present.
+
+## Instructions
+
+1. Work through each question one at a time. For every question, investigate before answering — never guess.
+2. Interrogate three sources in order of preference:
+   - **Codebase**: use Glob, Grep, and Read to explore affected areas, check `.clancy/docs/`, read existing patterns. Use real file paths and code snippets as evidence.
+   - **Board**: check the parent ticket, related tickets, and existing children for context. Look for conflicting requirements.
+   - **Web**: when the question involves external technology, third-party integrations, or industry patterns, use WebSearch and WebFetch.
+3. Challenge your own answers. If the codebase says one thing but the ticket description says another, flag the conflict — do not silently pick one.
+4. Follow self-generated follow-ups within the same pass. If answering a question raises a new sub-question, chase it to its conclusion before moving on. Example: "Should this support SSO?" → check codebase → find SAML provider → "SAML exists but should the new feature use SAML or add OIDC?" → check web → resolve or flag.
+5. Be RELENTLESS. If the codebase doesn't clearly support a decision, don't manufacture confidence. Put it in Open Questions.
+6. If a question is partially answerable, answer the part you can and flag the remainder as open.
+
+## How to classify
+
+- **Answerable** (>80% confidence, clear codebase precedent or unambiguous external evidence) → include in Discovery section with source tag.
+- **Conflicting** (codebase says X, ticket says Y, or two sources disagree) → include in Open Questions with the conflict described.
+- **Not answerable** (business decision, ambiguous requirements, money/legal/compliance, no evidence in any source) → include in Open Questions for PO review.
+
+## Output format
+
+Return exactly two markdown sections:
+
+```markdown
+## Discovery
+
+Q: [question]
+A: [answer with evidence]. (Source: codebase|board|web)
+
+Q: [question]
+A: [answer]. (Source: codebase)
+
+## Open Questions
+- [ ] [question that couldn't be resolved — with reason]
+- [ ] [question with conflicting evidence — conflict described]
+```
+
+Every answer in Discovery must cite its source: `(Source: codebase)`, `(Source: board)`, `(Source: web)`, or `(Source: codebase, web)` for combined evidence.
+
+---
+
+## Rules
+
+- NEVER ask the human questions. You are running autonomously.
+- Single pass — no multi-round conversation loop. But each question must be followed to its conclusion including any self-follow-ups.
+- Every answer must include real file paths, code snippets, ticket references, or URLs as evidence. No hand-waving.
+- When you find no evidence at all, say so explicitly and classify as Open Questions.
+- Prefer specificity over breadth. One concrete file path beats three vague claims.