claude-dev-env 1.17.0 → 1.17.2

package/skills/prompt-generator/evals/prompt-generator.json

@@ -13,8 +13,10 @@
         "Discovery tool calls (Glob/Grep) execute before any AskUserQuestion",
         "All questions delivered via AskUserQuestion — zero questions in direct chat text",
         "AskUserQuestion contains 2-4 questions, each with 2-4 options, recommended option first",
-        "Final response contains exactly: 1-liner audit status + one fenced XML prompt block",
-        "No commentary, tables, audit rows, or explanation outside the fenced block",
+        "After internal drafting finishes, one assistant turn shows ### Outcome preview with bullets only: what executing the generated prompt will produce, primary inputs or tools, done-when, short sample (TARGET_OUTPUT.md)",
+        "That same turn uses AskUserQuestion (2-4 options): recommended option first = user confirms the preview matches their intent and proceeds to the final handoff; two options offer scope or emphasis shifts grounded in discovery; one option collects free-text refinements and triggers another drafting pass (at most three such preview rounds unless the user raises the cap in chat)",
+        "Final response: Audit line, one Markdown code fence tagged xml with the full prompt, then ## Outcome digest after the closing fence",
+        "No second outer ```xml fence in the digest (samples use four spaces or tilde fences only)",
         "Fenced block contains <role>, <background>, <instructions>, <constraints>, <output_format>",
         "Prompt generation delegated to a subagent (Agent tool call visible in the flow)"
       ]
@@ -34,7 +36,8 @@
         "No redundant discovery tool calls for information already in conversation",
         "Handoff prompt is self-contained — a new session can resume without prior context",
         "Prior decisions preserved in the handoff, not lost or paraphrased away",
-        "Final output: 1-liner audit + fenced XML prompt, nothing else"
+        "After internal drafting finishes, ### Outcome preview bullets plus AskUserQuestion as in eval id 1 (confirm match as recommended first option; two contextual alternates; free-text refine option; preview loop cap)",
+        "Final output: 1-liner audit + fenced XML prompt + ## Outcome digest after the fence"
       ]
     },
     {
@@ -48,7 +51,8 @@
         "Ambiguities surfaced as specific options, not open-ended questions",
         "Discovery tool calls verify references from input (shared_utils, config patterns)",
         "ALL requirements from unstructured input captured (timeouts, selectors, config extraction, TDD, code rules, test safety) — none dropped",
-        "Final output: 1-liner audit + fenced XML prompt, nothing else"
+        "After internal drafting finishes, ### Outcome preview bullets plus AskUserQuestion as in eval id 1 (confirm match as recommended first option; two contextual alternates; free-text refine option; preview loop cap)",
+        "Final output: 1-liner audit + fenced XML prompt + ## Outcome digest after the fence"
       ]
     },
     {
@@ -58,7 +62,8 @@
       "prompt": "[Preceded by 80+ turns: failed git push, hook debugging, unrelated Samsung portal discussion, Python tracebacks, Midjourney tangent, 15+ empty Grep results] /prompt-generator Write a system prompt for a code review agent that checks for security vulnerabilities",
       "files": [],
       "expected_behavior": [
-        "Output format identical to Scenario 1: 1-liner audit + fenced XML prompt",
+        "Output format matches Scenario 1: 1-liner audit + fenced XML prompt + ## Outcome digest after the fence",
+        "After internal drafting finishes, ### Outcome preview bullets plus AskUserQuestion as in eval id 1 (confirm match as recommended first option; two contextual alternates; free-text refine option; preview loop cap)",
         "Prompt content about code review and security — zero contamination from prior noise",
         "No references to prior errors, tangents, or unrelated tool calls in the prompt",
         "XML structure complete and well-formed — no truncation from context pressure",
@@ -74,8 +79,8 @@
       "expected_behavior": [
         "No tool_use blocks appear after the first fence marker of the canonical prompt artifact",
         "All Glob/Grep discovery calls precede the AskUserQuestion",
-        "All AskUserQuestion interactions precede the fenced block",
-        "Review the last successful Audit + fenced xml pair; blocked retry attempts preserved by flattened transcript exports do not count as additional delivered artifacts"
+        "AskUserQuestion interactions precede the subagent; Outcome preview AskUserQuestion precedes the final Audit line and xml fence",
+        "Review the last successful Audit + fenced xml pair; blocked retry attempts preserved by exported conversation logs do not count as additional delivered artifacts"
       ]
     },
     {
@@ -85,7 +90,7 @@
       "prompt": "/prompt-generator Write a detailed agent-harness prompt for a TDD bug-fix workflow that traces a routing error across 5+ files, with state management for multi-window execution and structured test tracking",
       "files": [],
       "expected_behavior": [
-        "The canonical prompt artifact has one opening xml fence and one matching closing fence; flattened transcript exports are normalized to that same boundary before review",
+        "The canonical prompt artifact has one opening xml fence and one matching closing fence; exported conversation logs are normalized to that same boundary before review",
         "Every XML tag properly opened and closed",
         "No truncation at numbered-list bullets (the Issue #41 failure mode)",
         "No mid-sentence cuts or incomplete sections",
@@ -182,6 +187,21 @@
         "missing_required_xml_sections sees closing tags for role, background, instructions, constraints, output_format when those appear after nested fences",
         "SKILL.md §7 states ordered authoring steps for <illustrations>: four-space-indented sample lines, then tilde fences, then a complete triple-backtick pair when required"
       ]
+    },
+    {
+      "id": 14,
+      "name": "outcome_preview_gate_and_digest_placement",
+      "scenario": "Outcome preview + post-fence digest (refinement contract)",
+      "prompt": "/prompt-generator Write a short user-task prompt for triaging GitHub issues by label in this repo",
+      "files": [],
+      "expected_behavior": [
+        "Subagent returns final XML plus preview summary fields for orchestrator use",
+        "### Outcome preview markdown block precedes AskUserQuestion; bullets cover executor output, inputs or tools, done when, sample excerpt (~20 lines max)",
+        "AskUserQuestion: recommended first option labels accepting the described outcome and proceeding (SKILL.md may phrase this as 'Ship this outcome profile' or equivalent); plus two contextual alternates and a free-text refinement path; at most three preview rounds unless user extends cap in chat",
+        "At most three preview refinement loops unless user raises cap in chat",
+        "Final handoff order: Audit line, single ```xml fence, ## Outcome digest, then optional hook validation block (defined in SKILL.md Terminology) after digest",
+        "extract_fenced_xml_content returns only the XML body (digest uses no second ```xml fence)"
+      ]
     }
   ]
 }

package/hooks/blocking/prompt-workflow-stop-guard.py

@@ -1,217 +0,0 @@
-#!/usr/bin/env python3
-"""Stop hook gate for prompt-workflow leakage and deterministic audit coverage.
-
-When every workflow gate passes, the fenced ``xml`` artifact body is copied to the
-system clipboard via :mod:`prompt_workflow_clipboard` (tkinter, then pyperclip).
-Set ``PROMPT_WORKFLOW_SKIP_CLIPBOARD=1`` to disable (tests, CI, headless).
-"""
-
-from __future__ import annotations
-
-import datetime
-import json
-import sys
-from collections.abc import Callable
-from pathlib import Path
-
-from prompt_workflow_clipboard import copy_text_to_system_clipboard
-from prompt_workflow_gate_core import (
-    extract_fenced_xml_content,
-    find_ambiguous_scope_terms,
-    find_negative_keywords_in_fenced_xml,
-    has_debug_intent,
-    has_checklist_container,
-    has_internal_object_leak,
-    is_prompt_workflow_response,
-    missing_context_control_signals,
-    missing_checklist_rows,
-    missing_required_xml_sections,
-    missing_scope_anchors,
-)
-
-PROMPT_GATE_LOG_PATH: Path = Path.home() / ".claude" / "logs" / "prompt-gate.log"
-USER_FACING_PREFIX: str = "[prompt-gate]"
-
-def _extract_user_context(hook_input: dict) -> str:
-    candidates = (
-        "last_user_message",
-        "user_message",
-        "user_prompt",
-        "prompt",
-        "input",
-    )
-    for key in candidates:
-        value = hook_input.get(key)
-        if isinstance(value, str) and value.strip():
-            return value
-    return ""
-
-def _append_diagnostic_to_log(brief_label: str, full_reason: str) -> None:
-    try:
-        PROMPT_GATE_LOG_PATH.parent.mkdir(parents=True, exist_ok=True)
-        timestamp_iso = datetime.datetime.now().isoformat()
-        log_entry = f"{timestamp_iso}\t{brief_label}\t{full_reason}\n"
-        with PROMPT_GATE_LOG_PATH.open("a", encoding="utf-8") as log_handle:
-            log_handle.write(log_entry)
-    except OSError:
-        pass
-
-def _build_block(brief_label: str, full_reason: str) -> dict:
-    _append_diagnostic_to_log(brief_label, full_reason)
-    return {
-        "decision": "block",
-        "reason": full_reason,
-        "systemMessage": f"{USER_FACING_PREFIX} {brief_label}",
-        "suppressOutput": True,
-    }
-
-def _check_internal_object_leak(
-    assistant_message: str,
-    debug_requested: bool,
-) -> dict | None:
-    if not has_internal_object_leak(assistant_message) or debug_requested:
-        return None
-    return _build_block(
-        brief_label="retrying: sanitize audit format",
-        full_reason=(
-            "PROMPT-WORKFLOW GATE: Raw internal refinement object leakage detected. "
-            "Return sanitized user-facing output unless explicit debug intent is present."
-        ),
-    )
-
-def _check_checklist_container(assistant_message: str) -> dict | None:
-    if has_checklist_container(assistant_message):
-        return None
-    return _build_block(
-        brief_label="retrying: add checklist",
-        full_reason=(
-            "PROMPT-WORKFLOW GATE: Deterministic checklist container missing. "
-            "Include `checklist_results` with all required rows."
-        ),
-    )
-
-def _check_missing_checklist_rows(assistant_message: str) -> dict | None:
-    if not has_checklist_container(assistant_message):
-        return None
-    missing_rows = missing_checklist_rows(assistant_message)
-    if not missing_rows:
-        return None
-    return _build_block(
-        brief_label="retrying: complete checklist",
-        full_reason=(
-            "PROMPT-WORKFLOW GATE: Deterministic checklist rows missing: "
-            + ", ".join(missing_rows)
-        ),
-    )
-
-def _check_missing_scope_anchors(assistant_message: str) -> dict | None:
-    missing_anchors = missing_scope_anchors(assistant_message)
-    if not missing_anchors:
-        return None
-    return _build_block(
-        brief_label="retrying: add scope anchors",
-        full_reason=(
-            "PROMPT-WORKFLOW GATE: Required scope anchors missing: "
-            + ", ".join(missing_anchors)
-        ),
-    )
-
-def _check_missing_context_signals(assistant_message: str) -> dict | None:
-    missing_signals = missing_context_control_signals(assistant_message)
-    if not missing_signals:
-        return None
-    return _build_block(
-        brief_label="retrying: add runtime signals",
-        full_reason=(
-            "PROMPT-WORKFLOW GATE: Runtime context-control preamble missing. "
-            "Include the two required lines from prompt-workflow-context-controls "
-            "(minimal instruction layer and on-demand skill loading)."
-        ),
-    )
-
-def _check_ambiguous_scope(assistant_message: str) -> dict | None:
-    ambiguous_terms = find_ambiguous_scope_terms(assistant_message)
-    if not ambiguous_terms:
-        return None
-    return _build_block(
-        brief_label="retrying: rephrase scope refs",
-        full_reason=(
-            "PROMPT-WORKFLOW GATE: Ambiguous scope phrasing detected: "
-            + ", ".join(ambiguous_terms)
-        ),
-    )
-
-def _check_negative_keywords_in_artifact(assistant_message: str) -> dict | None:
-    violations = find_negative_keywords_in_fenced_xml(assistant_message)
-    if not violations:
-        return None
-    violation_descriptions = [
-        f"  line {each_violation['line_number']}: \"{each_violation['keyword']}\" in: {each_violation['line_text']}"
-        for each_violation in violations
-    ]
-    return _build_block(
-        brief_label="retrying: rephrase negative keywords in artifact",
-        full_reason=(
-            "PROMPT-WORKFLOW GATE: Banned negative keywords found inside fenced XML artifact. "
-            "Rephrase as positive directives (what TO do, not what to avoid):\n"
-            + "\n".join(violation_descriptions)
-        ),
-    )
-
-def _check_required_xml_sections(assistant_message: str) -> dict | None:
-    missing_sections = missing_required_xml_sections(assistant_message)
-    if not missing_sections:
-        return None
-    return _build_block(
-        brief_label="retrying: include all required XML sections",
-        full_reason=(
-            "PROMPT-WORKFLOW GATE: Fenced XML artifact missing required sections: "
-            + ", ".join(missing_sections)
-        ),
-    )
-
-def _evaluate_workflow_gates(assistant_message: str) -> dict | None:
-    if not is_prompt_workflow_response(assistant_message):
-        return None
-    workflow_gate_checks: tuple[Callable[[str], dict | None], ...] = (
-        _check_required_xml_sections,
-        _check_missing_checklist_rows,
-        _check_missing_scope_anchors,
-        _check_missing_context_signals,
-        _check_ambiguous_scope,
-        _check_negative_keywords_in_artifact,
-    )
-    for check in workflow_gate_checks:
-        block = check(assistant_message)
-        if block is not None:
-            return block
-    return None
-
-def main() -> None:
-    try:
-        hook_input = json.load(sys.stdin)
-    except json.JSONDecodeError:
-        sys.exit(0)
-
-    assistant_message = str(hook_input.get("last_assistant_message", ""))
-    if not assistant_message.strip():
-        sys.exit(0)
-
-    user_context = _extract_user_context(hook_input)
-    debug_requested = has_debug_intent(user_context)
-
-    block = _check_internal_object_leak(assistant_message, debug_requested)
-    if block is None:
-        block = _evaluate_workflow_gates(assistant_message)
-
-    if block is not None:
-        sys.stdout.write(json.dumps(block) + "\n")
-    elif is_prompt_workflow_response(assistant_message):
-        artifact_text = extract_fenced_xml_content(assistant_message).strip()
-        if artifact_text:
-            copy_text_to_system_clipboard(artifact_text)
-
-    sys.exit(0)
-
-if __name__ == "__main__":
-    main()

package/hooks/blocking/test_prompt_workflow_stop_guard.py

@@ -1,261 +0,0 @@
-"""Tests for prompt-workflow-stop-guard hook."""
-
-import json
-import subprocess
-import sys
-from pathlib import Path
-
-import pytest
-
-
-SCRIPT_PATH = Path(__file__).parent / "prompt-workflow-stop-guard.py"
-
-
-@pytest.fixture(autouse=True)
-def _disable_prompt_workflow_clipboard_in_subprocess(
-    monkeypatch: pytest.MonkeyPatch,
-) -> None:
-    """Subprocess hook inherits env; clipboard would be flaky in CI."""
-    monkeypatch.setenv("PROMPT_WORKFLOW_SKIP_CLIPBOARD", "1")
-
-def _run_hook(payload: dict) -> subprocess.CompletedProcess[str]:
-    return subprocess.run(
-        [sys.executable, str(SCRIPT_PATH)],
-        input=json.dumps(payload),
-        text=True,
-        capture_output=True,
-        check=False,
-    )
-
-def _full_checklist_rows() -> str:
-    return (
-        "checklist_results:\n"
-        "- structured_scoped_instructions\n"
-        "- sequential_steps_present\n"
-        "- positive_framing\n"
-        "- acceptance_criteria_defined\n"
-        "- safety_reversibility_language\n"
-        "- reversible_action_and_safety_check_guidance\n"
-        "- concrete_output_contract\n"
-        "- scope_boundary_present\n"
-        "- explicit_scope_anchors_present\n"
-        "- all_instructions_artifact_bound\n"
-        "- scope_terms_explicit_and_anchored\n"
-        "- completion_boundary_measurable\n"
-        "- citation_grounding_policy_present\n"
-        "- source_priority_rules_present\n"
-        "- artifact_language_confidence\n"
-    )
-
-def test_blocks_internal_object_leak_without_debug_intent() -> None:
-    payload = {
-        "last_assistant_message": '{"pipeline_mode": "internal_section_refinement_with_final_audit"}',
-        "last_user_message": "just return the final prompt",
-    }
-    result = _run_hook(payload)
-    response = json.loads(result.stdout)
-    assert response["decision"] == "block"
-    assert "Raw internal refinement object leakage" in response["reason"]
-
-def test_allows_internal_object_with_debug_intent() -> None:
-    payload = {
-        "last_assistant_message": '{"pipeline_mode": "internal_section_refinement_with_final_audit"}',
-        "last_user_message": "debug: show internal pipeline object",
-    }
-    result = _run_hook(payload)
-    assert result.stdout.strip() == ""
-
-def test_blocks_missing_checklist_rows() -> None:
-    payload = {
-        "last_assistant_message": "overall_status: pass\nchecklist_results: structured_scoped_instructions",
-    }
-    result = _run_hook(payload)
-    response = json.loads(result.stdout)
-    assert response["decision"] == "block"
-    assert "Deterministic checklist rows missing" in response["reason"]
-
-def test_allows_prompt_workflow_output_without_checklist_container() -> None:
-    payload = {
-        "last_assistant_message": (
-            "overall_status: pass\n"
-            "target_local_roots\n"
-            "target_canonical_roots\n"
-            "target_file_globs\n"
-            "comparison_basis\n"
-            "completion_boundary\n"
-            "base_minimal_instruction_layer: true\n"
-            "on_demand_skill_loading: true\n"
-        ),
-    }
-    result = _run_hook(payload)
-    assert result.stdout.strip() == ""
-
-def test_blocks_missing_context_control_signals() -> None:
-    payload = {
-        "last_assistant_message": (
-            "overall_status: pass\n"
-            + _full_checklist_rows()
-            + "target_local_roots\n"
-            + "target_canonical_roots\n"
-            + "target_file_globs\n"
-            + "comparison_basis\n"
-            + "completion_boundary\n"
-            + "base_minimal_instruction_layer: true\n"
-        ),
-    }
-    result = _run_hook(payload)
-    response = json.loads(result.stdout)
-    assert response["decision"] == "block"
-    assert "Runtime context-control preamble missing" in response["reason"]
-    assert "on-demand skill loading" in response["reason"]
-
-def test_blocks_ambiguous_scope_phrasing() -> None:
-    payload = {
-        "last_assistant_message": (
-            "overall_status: pass\n"
-            + _full_checklist_rows()
-            + "scope block includes target_local_roots target_canonical_roots "
-            + "target_file_globs comparison_basis completion_boundary "
-            + "base_minimal_instruction_layer: true\n"
-            + "on_demand_skill_loading: true\n"
-            + "and applies to this session."
-        ),
-    }
-    result = _run_hook(payload)
-    response = json.loads(result.stdout)
-    assert response["decision"] == "block"
-    assert "Ambiguous scope phrasing detected" in response["reason"]
-
-def _wrap_five_section_scaffold(inner_body: str) -> str:
-    return (
-        "<role>Test role sentence one.</role>\n"
-        "<background>Test background sentence one.</background>\n"
-        f"{inner_body}\n"
-        "<constraints>Test constraints sentence one.</constraints>\n"
-        "<output_format>Test output format sentence one.</output_format>\n"
-    )
-
-
-def _build_prompt_workflow_message_with_fenced_xml(fenced_xml_body: str) -> str:
-    return (
-        "Audit: pass 15/15\n"
-        "```xml\n"
-        + fenced_xml_body
-        + "\n```\n"
-        "overall_status: pass\n"
-        + _full_checklist_rows()
-        + "target_local_roots\n"
-        "target_canonical_roots\n"
-        "target_file_globs\n"
-        "comparison_basis\n"
-        "completion_boundary\n"
-        "base_minimal_instruction_layer: true\n"
-        "on_demand_skill_loading: true\n"
-    )
-
-
-def test_allows_positive_phrasing_inside_fenced_xml() -> None:
-    fenced_content = _wrap_five_section_scaffold(
-        "<instructions>Ensure all functions have explicit return types.</instructions>"
-    )
-    payload = {
-        "last_assistant_message": _build_prompt_workflow_message_with_fenced_xml(fenced_content),
-    }
-    result = _run_hook(payload)
-    assert result.stdout.strip() == ""
-
-
-BANNED_KEYWORD_TEST_CASES: list[tuple[str, str]] = [
-    ("do_not", "<instructions>Do not leave return types implicit.</instructions>"),
-    ("avoid", "<instructions>Avoid missing return types.</instructions>"),
-    ("never", "<constraints>Never store credentials in plain text.</constraints>"),
-    ("without", "<instructions>Deploy without running tests first.</instructions>"),
-    ("prevent", "<constraints>Prevent unauthorized access to the API.</constraints>"),
-    ("reject", "<constraints>Reject all unsigned commits.</constraints>"),
-    ("cannot", "<constraints>The API cannot accept unauthenticated requests.</constraints>"),
-    ("unless", "<constraints>Skip the build step unless the user explicitly approves.</constraints>"),
-    ("must_not", "<constraints>The script must not produce duplicates.</constraints>"),
-    ("must_never", "<constraints>You must never store credentials in environment variables.</constraints>"),
-    ("instead_of", "<instructions>Use explicit types instead of implicit ones.</instructions>"),
-    ("rather_than", "<constraints>Prefer explicit types rather than inferred ones.</constraints>"),
-    ("as_opposed_to", "<instructions>Use Grid as opposed to floats for layout.</instructions>"),
-]
-
-
-@pytest.mark.parametrize(
-    ("banned_pattern_name", "fenced_xml_content"),
-    BANNED_KEYWORD_TEST_CASES,
-    ids=[each_case[0] for each_case in BANNED_KEYWORD_TEST_CASES],
-)
-def test_blocks_banned_pattern_inside_fenced_xml(
-    banned_pattern_name: str,
-    fenced_xml_content: str,
-) -> None:
-    payload = {
-        "last_assistant_message": _build_prompt_workflow_message_with_fenced_xml(
-            _wrap_five_section_scaffold(fenced_xml_content)
-        ),
-    }
-    result = _run_hook(payload)
-    response = json.loads(result.stdout)
-    assert response["decision"] == "block"
-
-
-def test_permits_negative_keywords_outside_fenced_xml() -> None:
-    fenced_inner = _wrap_five_section_scaffold(
-        "<instructions>Ensure all functions have explicit return types.</instructions>"
-    )
-    message = (
-        "Audit: pass 15/15\n"
-        "Do not skip the audit line.\n"
-        "```xml\n"
-        + fenced_inner
-        + "\n```\n"
-        "overall_status: pass\n"
-        + _full_checklist_rows()
-        + "target_local_roots\n"
-        "target_canonical_roots\n"
-        "target_file_globs\n"
-        "comparison_basis\n"
-        "completion_boundary\n"
-        "base_minimal_instruction_layer: true\n"
-        "on_demand_skill_loading: true\n"
-    )
-    payload = {"last_assistant_message": message}
-    result = _run_hook(payload)
-    assert result.stdout.strip() == ""
-
-
-def test_blocks_when_fenced_xml_missing_background_section() -> None:
-    fenced_body = (
-        "<role>Test role sentence one.</role>\n"
-        "<instructions>Test instructions sentence one.</instructions>\n"
-        "<constraints>Test constraints sentence one.</constraints>\n"
-        "<output_format>Test output format sentence one.</output_format>\n"
-    )
-    payload = {
-        "last_assistant_message": _build_prompt_workflow_message_with_fenced_xml(fenced_body),
-    }
-    result = _run_hook(payload)
-    response = json.loads(result.stdout)
-    assert response["decision"] == "block"
-    assert "background" in response["reason"]
-    assert "include all required XML sections" in response["systemMessage"]
-
-
-def test_allows_fully_structured_prompt_workflow_output() -> None:
-    payload = {
-        "last_assistant_message": (
-            "overall_status: pass\n"
-            + _full_checklist_rows()
-            + "target_local_roots\n"
-            + "target_canonical_roots\n"
-            + "target_file_globs\n"
-            + "comparison_basis\n"
-            + "completion_boundary\n"
-            + "base_minimal_instruction_layer: true\n"
-            + "on_demand_skill_loading: true\n"
-        ),
-    }
-    result = _run_hook(payload)
-    assert result.stdout.strip() == ""