claude-dev-env 1.17.1 → 1.17.2

package/hooks/blocking/prompt-workflow-stop-guard.py

@@ -1,217 +0,0 @@
-#!/usr/bin/env python3
-"""Stop hook gate for prompt-workflow leakage and deterministic audit coverage.
-
-When every workflow gate passes, the fenced ``xml`` artifact body is copied to the
-system clipboard via :mod:`prompt_workflow_clipboard` (tkinter, then pyperclip).
-Set ``PROMPT_WORKFLOW_SKIP_CLIPBOARD=1`` to disable (tests, CI, headless).
-"""
-
-from __future__ import annotations
-
-import datetime
-import json
-import sys
-from collections.abc import Callable
-from pathlib import Path
-
-from prompt_workflow_clipboard import copy_text_to_system_clipboard
-from prompt_workflow_gate_core import (
-    extract_fenced_xml_content,
-    find_ambiguous_scope_terms,
-    find_negative_keywords_in_fenced_xml,
-    has_debug_intent,
-    has_checklist_container,
-    has_internal_object_leak,
-    is_prompt_workflow_response,
-    missing_context_control_signals,
-    missing_checklist_rows,
-    missing_required_xml_sections,
-    missing_scope_anchors,
-)
-
-PROMPT_GATE_LOG_PATH: Path = Path.home() / ".claude" / "logs" / "prompt-gate.log"
-USER_FACING_PREFIX: str = "[prompt-gate]"
-
-def _extract_user_context(hook_input: dict) -> str:
-    candidates = (
-        "last_user_message",
-        "user_message",
-        "user_prompt",
-        "prompt",
-        "input",
-    )
-    for key in candidates:
-        value = hook_input.get(key)
-        if isinstance(value, str) and value.strip():
-            return value
-    return ""
-
-def _append_diagnostic_to_log(brief_label: str, full_reason: str) -> None:
-    try:
-        PROMPT_GATE_LOG_PATH.parent.mkdir(parents=True, exist_ok=True)
-        timestamp_iso = datetime.datetime.now().isoformat()
-        log_entry = f"{timestamp_iso}\t{brief_label}\t{full_reason}\n"
-        with PROMPT_GATE_LOG_PATH.open("a", encoding="utf-8") as log_handle:
-            log_handle.write(log_entry)
-    except OSError:
-        pass
-
-def _build_block(brief_label: str, full_reason: str) -> dict:
-    _append_diagnostic_to_log(brief_label, full_reason)
-    return {
-        "decision": "block",
-        "reason": full_reason,
-        "systemMessage": f"{USER_FACING_PREFIX} {brief_label}",
-        "suppressOutput": True,
-    }
-
-def _check_internal_object_leak(
-    assistant_message: str,
-    debug_requested: bool,
-) -> dict | None:
-    if not has_internal_object_leak(assistant_message) or debug_requested:
-        return None
-    return _build_block(
-        brief_label="retrying: sanitize audit format",
-        full_reason=(
-            "PROMPT-WORKFLOW GATE: Raw internal refinement object leakage detected. "
-            "Return sanitized user-facing output unless explicit debug intent is present."
-        ),
-    )
-
-def _check_checklist_container(assistant_message: str) -> dict | None:
-    if has_checklist_container(assistant_message):
-        return None
-    return _build_block(
-        brief_label="retrying: add checklist",
-        full_reason=(
-            "PROMPT-WORKFLOW GATE: Deterministic checklist container missing. "
-            "Include `checklist_results` with all required rows."
-        ),
-    )
-
-def _check_missing_checklist_rows(assistant_message: str) -> dict | None:
-    if not has_checklist_container(assistant_message):
-        return None
-    missing_rows = missing_checklist_rows(assistant_message)
-    if not missing_rows:
-        return None
-    return _build_block(
-        brief_label="retrying: complete checklist",
-        full_reason=(
-            "PROMPT-WORKFLOW GATE: Deterministic checklist rows missing: "
-            + ", ".join(missing_rows)
-        ),
-    )
-
-def _check_missing_scope_anchors(assistant_message: str) -> dict | None:
-    missing_anchors = missing_scope_anchors(assistant_message)
-    if not missing_anchors:
-        return None
-    return _build_block(
-        brief_label="retrying: add scope anchors",
-        full_reason=(
-            "PROMPT-WORKFLOW GATE: Required scope anchors missing: "
-            + ", ".join(missing_anchors)
-        ),
-    )
-
-def _check_missing_context_signals(assistant_message: str) -> dict | None:
-    missing_signals = missing_context_control_signals(assistant_message)
-    if not missing_signals:
-        return None
-    return _build_block(
-        brief_label="retrying: add runtime signals",
-        full_reason=(
-            "PROMPT-WORKFLOW GATE: Runtime context-control preamble missing. "
-            "Include the two required lines from prompt-workflow-context-controls "
-            "(minimal instruction layer and on-demand skill loading)."
-        ),
-    )
-
-def _check_ambiguous_scope(assistant_message: str) -> dict | None:
-    ambiguous_terms = find_ambiguous_scope_terms(assistant_message)
-    if not ambiguous_terms:
-        return None
-    return _build_block(
-        brief_label="retrying: rephrase scope refs",
-        full_reason=(
-            "PROMPT-WORKFLOW GATE: Ambiguous scope phrasing detected: "
-            + ", ".join(ambiguous_terms)
-        ),
-    )
-
-def _check_negative_keywords_in_artifact(assistant_message: str) -> dict | None:
-    violations = find_negative_keywords_in_fenced_xml(assistant_message)
-    if not violations:
-        return None
-    violation_descriptions = [
-        f"  line {each_violation['line_number']}: \"{each_violation['keyword']}\" in: {each_violation['line_text']}"
-        for each_violation in violations
-    ]
-    return _build_block(
-        brief_label="retrying: rephrase negative keywords in artifact",
-        full_reason=(
-            "PROMPT-WORKFLOW GATE: Banned negative keywords found inside fenced XML artifact. "
-            "Rephrase as positive directives (what TO do, not what to avoid):\n"
-            + "\n".join(violation_descriptions)
-        ),
-    )
-
-def _check_required_xml_sections(assistant_message: str) -> dict | None:
-    missing_sections = missing_required_xml_sections(assistant_message)
-    if not missing_sections:
-        return None
-    return _build_block(
-        brief_label="retrying: include all required XML sections",
-        full_reason=(
-            "PROMPT-WORKFLOW GATE: Fenced XML artifact missing required sections: "
-            + ", ".join(missing_sections)
-        ),
-    )
-
-def _evaluate_workflow_gates(assistant_message: str) -> dict | None:
-    if not is_prompt_workflow_response(assistant_message):
-        return None
-    workflow_gate_checks: tuple[Callable[[str], dict | None], ...] = (
-        _check_required_xml_sections,
-        _check_missing_checklist_rows,
-        _check_missing_scope_anchors,
-        _check_missing_context_signals,
-        _check_ambiguous_scope,
-        _check_negative_keywords_in_artifact,
-    )
-    for check in workflow_gate_checks:
-        block = check(assistant_message)
-        if block is not None:
-            return block
-    return None
-
-def main() -> None:
-    try:
-        hook_input = json.load(sys.stdin)
-    except json.JSONDecodeError:
-        sys.exit(0)
-
-    assistant_message = str(hook_input.get("last_assistant_message", ""))
-    if not assistant_message.strip():
-        sys.exit(0)
-
-    user_context = _extract_user_context(hook_input)
-    debug_requested = has_debug_intent(user_context)
-
-    block = _check_internal_object_leak(assistant_message, debug_requested)
-    if block is None:
-        block = _evaluate_workflow_gates(assistant_message)
-
-    if block is not None:
-        sys.stdout.write(json.dumps(block) + "\n")
-    elif is_prompt_workflow_response(assistant_message):
-        artifact_text = extract_fenced_xml_content(assistant_message).strip()
-        if artifact_text:
-            copy_text_to_system_clipboard(artifact_text)
-
-    sys.exit(0)
-
-if __name__ == "__main__":
-    main()

package/hooks/blocking/test_prompt_workflow_stop_guard.py

@@ -1,261 +0,0 @@
-"""Tests for prompt-workflow-stop-guard hook."""
-
-import json
-import subprocess
-import sys
-from pathlib import Path
-
-import pytest
-
-
-SCRIPT_PATH = Path(__file__).parent / "prompt-workflow-stop-guard.py"
-
-
-@pytest.fixture(autouse=True)
-def _disable_prompt_workflow_clipboard_in_subprocess(
-    monkeypatch: pytest.MonkeyPatch,
-) -> None:
-    """Subprocess hook inherits env; clipboard would be flaky in CI."""
-    monkeypatch.setenv("PROMPT_WORKFLOW_SKIP_CLIPBOARD", "1")
-
-def _run_hook(payload: dict) -> subprocess.CompletedProcess[str]:
-    return subprocess.run(
-        [sys.executable, str(SCRIPT_PATH)],
-        input=json.dumps(payload),
-        text=True,
-        capture_output=True,
-        check=False,
-    )
-
-def _full_checklist_rows() -> str:
-    return (
-        "checklist_results:\n"
-        "- structured_scoped_instructions\n"
-        "- sequential_steps_present\n"
-        "- positive_framing\n"
-        "- acceptance_criteria_defined\n"
-        "- safety_reversibility_language\n"
-        "- reversible_action_and_safety_check_guidance\n"
-        "- concrete_output_contract\n"
-        "- scope_boundary_present\n"
-        "- explicit_scope_anchors_present\n"
-        "- all_instructions_artifact_bound\n"
-        "- scope_terms_explicit_and_anchored\n"
-        "- completion_boundary_measurable\n"
-        "- citation_grounding_policy_present\n"
-        "- source_priority_rules_present\n"
-        "- artifact_language_confidence\n"
-    )
-
-def test_blocks_internal_object_leak_without_debug_intent() -> None:
-    payload = {
-        "last_assistant_message": '{"pipeline_mode": "internal_section_refinement_with_final_audit"}',
-        "last_user_message": "just return the final prompt",
-    }
-    result = _run_hook(payload)
-    response = json.loads(result.stdout)
-    assert response["decision"] == "block"
-    assert "Raw internal refinement object leakage" in response["reason"]
-
-def test_allows_internal_object_with_debug_intent() -> None:
-    payload = {
-        "last_assistant_message": '{"pipeline_mode": "internal_section_refinement_with_final_audit"}',
-        "last_user_message": "debug: show internal pipeline object",
-    }
-    result = _run_hook(payload)
-    assert result.stdout.strip() == ""
-
-def test_blocks_missing_checklist_rows() -> None:
-    payload = {
-        "last_assistant_message": "overall_status: pass\nchecklist_results: structured_scoped_instructions",
-    }
-    result = _run_hook(payload)
-    response = json.loads(result.stdout)
-    assert response["decision"] == "block"
-    assert "Deterministic checklist rows missing" in response["reason"]
-
-def test_allows_prompt_workflow_output_without_checklist_container() -> None:
-    payload = {
-        "last_assistant_message": (
-            "overall_status: pass\n"
-            "target_local_roots\n"
-            "target_canonical_roots\n"
-            "target_file_globs\n"
-            "comparison_basis\n"
-            "completion_boundary\n"
-            "base_minimal_instruction_layer: true\n"
-            "on_demand_skill_loading: true\n"
-        ),
-    }
-    result = _run_hook(payload)
-    assert result.stdout.strip() == ""
-
-def test_blocks_missing_context_control_signals() -> None:
-    payload = {
-        "last_assistant_message": (
-            "overall_status: pass\n"
-            + _full_checklist_rows()
-            + "target_local_roots\n"
-            + "target_canonical_roots\n"
-            + "target_file_globs\n"
-            + "comparison_basis\n"
-            + "completion_boundary\n"
-            + "base_minimal_instruction_layer: true\n"
-        ),
-    }
-    result = _run_hook(payload)
-    response = json.loads(result.stdout)
-    assert response["decision"] == "block"
-    assert "Runtime context-control preamble missing" in response["reason"]
-    assert "on-demand skill loading" in response["reason"]
-
-def test_blocks_ambiguous_scope_phrasing() -> None:
-    payload = {
-        "last_assistant_message": (
-            "overall_status: pass\n"
-            + _full_checklist_rows()
-            + "scope block includes target_local_roots target_canonical_roots "
-            + "target_file_globs comparison_basis completion_boundary "
-            + "base_minimal_instruction_layer: true\n"
-            + "on_demand_skill_loading: true\n"
-            + "and applies to this session."
-        ),
-    }
-    result = _run_hook(payload)
-    response = json.loads(result.stdout)
-    assert response["decision"] == "block"
-    assert "Ambiguous scope phrasing detected" in response["reason"]
-
-def _wrap_five_section_scaffold(inner_body: str) -> str:
-    return (
-        "<role>Test role sentence one.</role>\n"
-        "<background>Test background sentence one.</background>\n"
-        f"{inner_body}\n"
-        "<constraints>Test constraints sentence one.</constraints>\n"
-        "<output_format>Test output format sentence one.</output_format>\n"
-    )
-
-
-def _build_prompt_workflow_message_with_fenced_xml(fenced_xml_body: str) -> str:
-    return (
-        "Audit: pass 15/15\n"
-        "```xml\n"
-        + fenced_xml_body
-        + "\n```\n"
-        "overall_status: pass\n"
-        + _full_checklist_rows()
-        + "target_local_roots\n"
-        "target_canonical_roots\n"
-        "target_file_globs\n"
-        "comparison_basis\n"
-        "completion_boundary\n"
-        "base_minimal_instruction_layer: true\n"
-        "on_demand_skill_loading: true\n"
-    )
-
-
-def test_allows_positive_phrasing_inside_fenced_xml() -> None:
-    fenced_content = _wrap_five_section_scaffold(
-        "<instructions>Ensure all functions have explicit return types.</instructions>"
-    )
-    payload = {
-        "last_assistant_message": _build_prompt_workflow_message_with_fenced_xml(fenced_content),
-    }
-    result = _run_hook(payload)
-    assert result.stdout.strip() == ""
-
-
-BANNED_KEYWORD_TEST_CASES: list[tuple[str, str]] = [
-    ("do_not", "<instructions>Do not leave return types implicit.</instructions>"),
-    ("avoid", "<instructions>Avoid missing return types.</instructions>"),
-    ("never", "<constraints>Never store credentials in plain text.</constraints>"),
-    ("without", "<instructions>Deploy without running tests first.</instructions>"),
-    ("prevent", "<constraints>Prevent unauthorized access to the API.</constraints>"),
-    ("reject", "<constraints>Reject all unsigned commits.</constraints>"),
-    ("cannot", "<constraints>The API cannot accept unauthenticated requests.</constraints>"),
-    ("unless", "<constraints>Skip the build step unless the user explicitly approves.</constraints>"),
-    ("must_not", "<constraints>The script must not produce duplicates.</constraints>"),
-    ("must_never", "<constraints>You must never store credentials in environment variables.</constraints>"),
-    ("instead_of", "<instructions>Use explicit types instead of implicit ones.</instructions>"),
-    ("rather_than", "<constraints>Prefer explicit types rather than inferred ones.</constraints>"),
-    ("as_opposed_to", "<instructions>Use Grid as opposed to floats for layout.</instructions>"),
-]
-
-
-@pytest.mark.parametrize(
-    ("banned_pattern_name", "fenced_xml_content"),
-    BANNED_KEYWORD_TEST_CASES,
-    ids=[each_case[0] for each_case in BANNED_KEYWORD_TEST_CASES],
-)
-def test_blocks_banned_pattern_inside_fenced_xml(
-    banned_pattern_name: str,
-    fenced_xml_content: str,
-) -> None:
-    payload = {
-        "last_assistant_message": _build_prompt_workflow_message_with_fenced_xml(
-            _wrap_five_section_scaffold(fenced_xml_content)
-        ),
-    }
-    result = _run_hook(payload)
-    response = json.loads(result.stdout)
-    assert response["decision"] == "block"
-
-
-def test_permits_negative_keywords_outside_fenced_xml() -> None:
-    fenced_inner = _wrap_five_section_scaffold(
-        "<instructions>Ensure all functions have explicit return types.</instructions>"
-    )
-    message = (
-        "Audit: pass 15/15\n"
-        "Do not skip the audit line.\n"
-        "```xml\n"
-        + fenced_inner
-        + "\n```\n"
-        "overall_status: pass\n"
-        + _full_checklist_rows()
-        + "target_local_roots\n"
-        "target_canonical_roots\n"
-        "target_file_globs\n"
-        "comparison_basis\n"
-        "completion_boundary\n"
-        "base_minimal_instruction_layer: true\n"
-        "on_demand_skill_loading: true\n"
-    )
-    payload = {"last_assistant_message": message}
-    result = _run_hook(payload)
-    assert result.stdout.strip() == ""
-
-
-def test_blocks_when_fenced_xml_missing_background_section() -> None:
-    fenced_body = (
-        "<role>Test role sentence one.</role>\n"
-        "<instructions>Test instructions sentence one.</instructions>\n"
-        "<constraints>Test constraints sentence one.</constraints>\n"
-        "<output_format>Test output format sentence one.</output_format>\n"
-    )
-    payload = {
-        "last_assistant_message": _build_prompt_workflow_message_with_fenced_xml(fenced_body),
-    }
-    result = _run_hook(payload)
-    response = json.loads(result.stdout)
-    assert response["decision"] == "block"
-    assert "background" in response["reason"]
-    assert "include all required XML sections" in response["systemMessage"]
-
-
-def test_allows_fully_structured_prompt_workflow_output() -> None:
-    payload = {
-        "last_assistant_message": (
-            "overall_status: pass\n"
-            + _full_checklist_rows()
-            + "target_local_roots\n"
-            + "target_canonical_roots\n"
-            + "target_file_globs\n"
-            + "comparison_basis\n"
-            + "completion_boundary\n"
-            + "base_minimal_instruction_layer: true\n"
-            + "on_demand_skill_loading: true\n"
-        ),
-    }
-    result = _run_hook(payload)
-    assert result.stdout.strip() == ""