claude-self-reflect 7.0.0 → 7.1.9

package/src/runtime/hooks/session_end_hook.py

@@ -0,0 +1,254 @@
+#!/usr/bin/env python3
+"""
+Ralph SessionEnd Hook - Stores session narrative to CSR.
+
+Triggered at session end. Parses .ralph_state.md, determines outcome,
+and stores narrative with metadata for future sessions.
+
+Enhanced Features (v7.1+):
+- Structured status block extraction
+- Rich metadata storage (work type, confidence, error signatures)
+- Output trend tracking for circuit breaker patterns
+
+Input (stdin): JSON with session_id, transcript_path, reason
+Output: None (cannot block session end)
+
+Attribution:
+    Status block format inspired by https://github.com/frankbria/ralph-claude-code
+"""
+
+import sys
+import json
+import logging
+from pathlib import Path
+from datetime import datetime
+
+# Add project root to path
+sys.path.insert(0, str(Path(__file__).parent.parent.parent.parent))
+
+from src.runtime.hooks.ralph_state import load_state, is_ralph_session, load_ralph_session_state
+
+logging.basicConfig(level=logging.INFO)
+logger = logging.getLogger(__name__)
+
+
+def extract_status_block(content: str) -> dict:
+    """Extract ---RALPH_STATUS--- block if present.
+
+    Format:
+    ---RALPH_STATUS---
+    STATUS: IN_PROGRESS | COMPLETE | BLOCKED
+    WORK_TYPE: IMPLEMENTATION | TESTING | DOCUMENTATION
+    EXIT_SIGNAL: true | false
+    ---END_RALPH_STATUS---
+    """
+    import re
+    match = re.search(
+        r'---RALPH_STATUS---\n(.+?)\n---END_RALPH_STATUS---',
+        content, re.DOTALL
+    )
+    if not match:
+        return {}
+
+    status = {}
+    for line in match.group(1).strip().split('\n'):
+        if ':' in line:
+            key, val = line.split(':', 1)
+            key = key.strip().lower().replace(' ', '_')
+            val = val.strip()
+            # Convert boolean strings
+            if val.lower() in ('true', 'false'):
+                val = val.lower() == 'true'
+            # Convert numeric strings
+            elif val.isdigit():
+                val = int(val)
+            status[key] = val
+    return status
+
+
+def get_project_root() -> Path:
+    """Dynamically determine project root (works for any installation)."""
+    # This file is at: <project_root>/src/runtime/hooks/session_end_hook.py
+    return Path(__file__).parent.parent.parent.parent
+
+
+def store_session_narrative(state, session_id: str, reason: str) -> bool:
+    """Store session narrative to CSR with rich metadata."""
+    try:
+        # Import CSR standalone client (dynamic path for any installation)
+        project_root = get_project_root()
+        mcp_server_path = project_root / "mcp-server" / "src"
+        if str(mcp_server_path) not in sys.path:
+            sys.path.insert(0, str(mcp_server_path))
+        from standalone_client import CSRStandaloneClient
+        client = CSRStandaloneClient()
+
+        # Determine outcome
+        if state.completion_promise_met:
+            outcome = "COMPLETED"
+        elif reason in ('clear', 'logout'):
+            outcome = "ABANDONED"
+        else:
+            outcome = "INCOMPLETE"
+
+        # Get enhanced fields if available (new RalphState fields)
+        work_type = getattr(state, 'work_type', '') or 'UNKNOWN'
+        exit_confidence = getattr(state, 'exit_confidence', 0)
+        error_signatures = getattr(state, 'error_signatures', {})
+        # Handle output_declining as either method or boolean safely
+        output_declining_attr = getattr(state, 'output_declining', None)
+        output_declining = output_declining_attr() if callable(output_declining_attr) else False
+
+        # Generate narrative with enhanced metadata
+        narrative = f"""# Ralph Session Complete
+
+## Metadata
+- Session ID: {state.session_id}
+- End Reason: {reason}
+- Timestamp: {datetime.now().isoformat()}
+- Total Iterations: {state.iteration}
+- Work Type: {work_type}
+- Exit Confidence: {exit_confidence}%
+- Output Trend: {"DECLINING" if output_declining else "STABLE"}
+
+## Task
+{state.task}
+
+## Outcome: {outcome}
+Completion Promise: `{state.completion_promise}`
+Promise Met: {state.completion_promise_met}
+
+## Final Approach
+{state.current_approach}
+
+## What Worked
+{chr(10).join(f'- {s}' for s in state.successful_strategies) or '- (none recorded)'}
+
+## What Failed (Don't Retry These)
+{chr(10).join(f'- {f}' for f in state.failed_approaches) or '- (none recorded)'}
+
+## Blocking Errors Encountered
+{chr(10).join(f'- {e}' for e in state.blocking_errors) or '- (none recorded)'}
+
+## Error Signatures (Deduplicated)
+{chr(10).join(f'- `{sig}` (x{count})' for sig, count in error_signatures.items()) or '- (none)'}
+
+## Key Learnings
+{chr(10).join(f'- {l}' for l in state.learnings) or '- (none recorded)'}
+
+## Files Modified
+{chr(10).join(f'- {f}' for f in state.files_modified) or '- (none recorded)'}
+"""
+
+        # Store with outcome-aware tags
+        # IMPORTANT: __csr_hook_auto__ is a distinct signature that identifies
+        # hook-stored reflections vs manually-stored ones during development
+        tags = [
+            "__csr_hook_auto__",  # Hook signature - don't manually use this tag!
+            "ralph_session",
+            f"session_{state.session_id}",
+            f"outcome_{outcome.lower()}",
+            f"iterations_{state.iteration}",
+            f"work_type_{work_type.lower()}"
+        ]
+
+        # Rich metadata for better search filtering
+        metadata = {
+            "outcome": outcome,
+            "iterations": state.iteration,
+            "work_type": work_type,
+            "exit_confidence": exit_confidence,
+            "output_declining": output_declining,
+            "error_signatures": list(error_signatures.keys()),
+            "failed_approaches": state.failed_approaches,
+            "successful_strategies": state.successful_strategies,
+            "learnings": state.learnings,
+            "files_modified": state.files_modified,
+        }
+
+        # Note: CSR store_reflection may not support metadata yet,
+        # but we include the rich info in the narrative for searchability
+        # Use hook-specific collection so random agents don't pollute it
+        client.store_reflection(
+            content=narrative,
+            tags=tags,
+            collection="csr_hook_sessions_local"  # Separate from user reflections
+        )
+
+        logger.info(f"Stored session narrative: {outcome}, {state.iteration} iterations, confidence={exit_confidence}%")
+
+        # If successful, also store the winning strategy separately
+        if outcome == "COMPLETED" and state.successful_strategies:
+            success_summary = f"""Successful Ralph approach for '{state.task[:100]}':
+Approach: {state.current_approach}
+Key strategies: {', '.join(state.successful_strategies[:5])}
+Exit confidence: {exit_confidence}%
+Iterations: {state.iteration}
+"""
+            client.store_reflection(
+                content=success_summary,
+                tags=["__csr_hook_auto__", "ralph_success", "winning_strategy", f"work_type_{work_type.lower()}"],
+                collection="csr_hook_sessions_local"
+            )
+
+        return True
+
+    except ImportError:
+        logger.warning("CSR standalone client not available")
+        return False
+    except Exception as e:
+        logger.error(f"Error storing narrative: {e}")
+        return False
+
+
+def cleanup_session_files():
+    """Clean up temporary session files."""
+    files_to_remove = [
+        Path('.ralph_past_sessions.md'),
+        Path('.ralph_memories.md')
+    ]
+
+    for f in files_to_remove:
+        if f.exists():
+            try:
+                f.unlink()
+                logger.info(f"Cleaned up: {f}")
+            except Exception as e:
+                logger.warning(f"Could not remove {f}: {e}")
+
+
+def main():
+    """Main hook entry point."""
+    # Read hook input from stdin
+    try:
+        input_data = json.load(sys.stdin)
+    except (json.JSONDecodeError, EOFError):
+        input_data = {}
+
+    session_id = input_data.get('session_id', 'unknown')
+    reason = input_data.get('reason', 'other')
+
+    logger.info(f"SessionEnd hook triggered: reason={reason}")
+
+    # Check if this is a Ralph session
+    if not is_ralph_session():
+        sys.exit(0)
+
+    # Load state (supports both ralph-wiggum and custom formats)
+    state = load_ralph_session_state()
+    if not state:
+        logger.warning("Could not load Ralph state for narrative storage")
+        sys.exit(0)
+
+    # Store narrative to CSR
+    store_session_narrative(state, session_id, reason)
+
+    # Note: Don't clean up .ralph_state.md - it may be needed for resume
+    # Only clean up helper files
+    cleanup_session_files()
+
+    sys.exit(0)
+
+
+if __name__ == '__main__':
+    main()

package/src/runtime/hooks/session_start_hook.py

@@ -0,0 +1,259 @@
+#!/usr/bin/env python3
+"""
+Ralph SessionStart Hook - Searches CSR for relevant past sessions.
+
+Triggered at session start. Uses existing CSR infrastructure to search
+for relevant past Ralph sessions and injects context.
+
+Enhanced Features (v7.1+):
+- Error-centric search (find solutions to current blockers)
+- Anti-pattern injection (surface failed approaches first)
+- Winning strategy prioritization
+- Multi-signal search (task + errors + patterns)
+
+Input (stdin): JSON with session_id, transcript_path, source
+Output (stdout): Context message for Claude
+Exit code: 0 = success, 2 = blocking error
+
+Attribution:
+    Search patterns inspired by https://github.com/frankbria/ralph-claude-code
+"""
+
+import sys
+import json
+import logging
+from pathlib import Path
+from datetime import datetime
+
+# Add project root to path
+sys.path.insert(0, str(Path(__file__).parent.parent.parent.parent))
+
+from src.runtime.hooks.ralph_state import (
+    load_state,
+    save_state,
+    RalphState,
+    is_ralph_session,
+    load_ralph_session_state,
+)
+
+logging.basicConfig(level=logging.INFO)
+logger = logging.getLogger(__name__)
+
+
+def get_project_root() -> Path:
+    """Dynamically determine project root (works for any installation)."""
+    # This file is at: <project_root>/src/runtime/hooks/session_start_hook.py
+    return Path(__file__).parent.parent.parent.parent
+
+
+def _error_signature(error: str) -> str:
+    """Extract error signature for deduplication (matches RalphState method)."""
+    import re
+    sig = re.sub(r'line \d+', 'line N', error)
+    sig = re.sub(r'/[\w/.-]+/', '/.../', sig)
+    sig = re.sub(r'\d{4}-\d{2}-\d{2}[T ]\d{2}:\d{2}:\d{2}', 'TIMESTAMP', sig)
+    return sig[:100]
+
+
+def search_past_sessions(task: str, errors: list = None, limit: int = 3) -> dict:
+    """Enhanced search: task + errors + anti-patterns."""
+    results = {
+        'similar_tasks': [],
+        'similar_errors': [],
+        'anti_patterns': [],
+        'winning_strategies': []
+    }
+
+    try:
+        # Import CSR standalone client (dynamic path for any installation)
+        project_root = get_project_root()
+        mcp_server_path = project_root / "mcp-server" / "src"
+        if str(mcp_server_path) not in sys.path:
+            sys.path.insert(0, str(mcp_server_path))
+        from standalone_client import CSRStandaloneClient
+        client = CSRStandaloneClient()
+
+        # 1. Task-based search (existing behavior)
+        task_results = client.search(
+            query=f"ralph session: {task}",
+            limit=2,
+            min_score=0.5
+        )
+        results['similar_tasks'] = task_results
+
+        # 2. NEW: Error-based search (if we have current errors)
+        if errors:
+            for error in errors[:2]:  # Top 2 errors only
+                sig = _error_signature(error)
+                error_results = client.search(
+                    query=f"error blocked solved: {sig}",
+                    limit=1,
+                    min_score=0.6
+                )
+                results['similar_errors'].extend(error_results)
+
+        # 3. NEW: Anti-patterns search (failed approaches from incomplete sessions)
+        anti_results = client.search(
+            query=f"failed approach don't retry: {task}",
+            limit=2,
+            min_score=0.5
+        )
+        # Filter for incomplete/abandoned sessions
+        results['anti_patterns'] = [
+            r for r in anti_results
+            if r.get('metadata', {}).get('outcome') in ('INCOMPLETE', 'ABANDONED')
+        ]
+
+        # 4. NEW: Winning strategies (successful sessions)
+        winners = client.search(
+            query=f"successful solution completed: {task}",
+            limit=1,
+            min_score=0.6
+        )
+        results['winning_strategies'] = [
+            r for r in winners
+            if r.get('metadata', {}).get('outcome') == 'COMPLETED'
+        ]
+
+        return results
+
+    except ImportError:
+        logger.warning("CSR standalone client not available, skipping memory search")
+        return results
+    except Exception as e:
+        logger.error(f"Error searching CSR: {e}")
+        return results
+
+
+def format_past_sessions(results: dict) -> str:
+    """Format search results with anti-patterns FIRST for fast loop efficiency."""
+    # Handle legacy list format
+    if isinstance(results, list):
+        results = {'similar_tasks': results}
+
+    has_content = any([
+        results.get('anti_patterns'),
+        results.get('winning_strategies'),
+        results.get('similar_errors'),
+        results.get('similar_tasks')
+    ])
+
+    if not has_content:
+        return ""
+
+    output = ["# Ralph Memory (from CSR)\n"]
+    output.append("Use these insights to avoid repeating mistakes.\n")
+
+    # 1. ANTI-PATTERNS FIRST (most important for fast loops)
+    if results.get('anti_patterns'):
+        output.append("## DON'T RETRY THESE")
+        for r in results['anti_patterns']:
+            # Extract failed approaches from metadata
+            failed = r.get('metadata', {}).get('failed_approaches', [])
+            if failed:
+                for f in failed[:3]:
+                    output.append(f"- {f}")
+            else:
+                # Fallback to content preview
+                content = r.get('content', r.get('preview', ''))[:150]
+                output.append(f"- {content}...")
+
+    # 2. WINNING STRATEGIES (proven approaches)
+    if results.get('winning_strategies'):
+        output.append("\n## PROVEN APPROACHES")
+        for r in results['winning_strategies']:
+            strategies = r.get('metadata', {}).get('successful_strategies', [])
+            if strategies:
+                for s in strategies[:3]:
+                    output.append(f"- {s}")
+            else:
+                content = r.get('content', r.get('preview', ''))[:150]
+                output.append(f"- {content}...")
+
+    # 3. PAST ERROR SOLUTIONS
+    if results.get('similar_errors'):
+        output.append("\n## PAST ERROR SOLUTIONS")
+        for r in results['similar_errors']:
+            score = r.get('score', 0)
+            content = r.get('content', r.get('preview', ''))[:200]
+            output.append(f"- (score: {score:.2f}) {content}...")
+
+    # 4. SIMILAR TASKS (context, less actionable)
+    if results.get('similar_tasks'):
+        output.append("\n## RELATED SESSIONS")
+        for i, r in enumerate(results['similar_tasks'][:2], 1):
+            score = r.get('score', 0)
+            outcome = r.get('metadata', {}).get('outcome', 'Unknown')
+            content = r.get('content', r.get('preview', ''))[:150]
+            output.append(f"- [{outcome}] (score: {score:.2f}) {content}...")
+
+            # Extract key learnings
+            if learnings := r.get('metadata', {}).get('learnings'):
+                for learning in learnings[:2]:
+                    output.append(f"  - Learning: {learning}")
+
+    return "\n".join(output)
+
+
+def main():
+    """Main hook entry point."""
+    # Read hook input from stdin (official protocol)
+    try:
+        input_data = json.load(sys.stdin)
+    except (json.JSONDecodeError, EOFError):
+        input_data = {}
+
+    session_id = input_data.get('session_id', '')
+    source = input_data.get('source', 'startup')
+
+    logger.info(f"SessionStart hook triggered: source={source}, session_id={session_id[:20] if session_id else 'none'}...")
+
+    # Check if this is a Ralph session
+    if not is_ralph_session():
+        logger.info("No Ralph session detected (checked .claude/ralph-loop.local.md and .ralph_state.md)")
+        sys.exit(0)
+
+    # Load current state (supports both ralph-wiggum and custom formats)
+    state = load_ralph_session_state()
+    if not state:
+        logger.warning("Could not load Ralph state")
+        sys.exit(0)
+
+    # Search for past sessions with similar task AND current errors
+    logger.info(f"Searching CSR for past sessions related to: {state.task[:50]}...")
+    results = search_past_sessions(
+        task=state.task,
+        errors=state.blocking_errors if hasattr(state, 'blocking_errors') else None
+    )
+
+    # Count total results
+    total_results = sum([
+        len(results.get('similar_tasks', [])),
+        len(results.get('similar_errors', [])),
+        len(results.get('anti_patterns', [])),
+        len(results.get('winning_strategies', []))
+    ])
+
+    if total_results > 0:
+        # Write context file for Claude to read
+        context = format_past_sessions(results)
+        past_sessions_path = Path('.ralph_past_sessions.md')
+        past_sessions_path.write_text(context)
+
+        # Log breakdown
+        logger.info(f"Found {total_results} relevant results:")
+        logger.info(f"  - Anti-patterns: {len(results.get('anti_patterns', []))}")
+        logger.info(f"  - Winning strategies: {len(results.get('winning_strategies', []))}")
+        logger.info(f"  - Error matches: {len(results.get('similar_errors', []))}")
+        logger.info(f"  - Similar tasks: {len(results.get('similar_tasks', []))}")
+
+        print(f"# Loaded {total_results} relevant past sessions")
+        print(f"# See .ralph_past_sessions.md for details")
+    else:
+        logger.info("No relevant past sessions found")
+
+    sys.exit(0)
+
+
+if __name__ == '__main__':
+    main()

package/src/runtime/precompact-hook.sh

@@ -2,9 +2,28 @@
 # PreCompact hook for Claude Self-Reflect
 # Place this in ~/.claude/hooks/precompact or source it from there
 
-# Configuration
-CLAUDE_REFLECT_DIR="${CLAUDE_REFLECT_DIR:-$HOME/claude-self-reflect}"
-VENV_PATH="${VENV_PATH:-$CLAUDE_REFLECT_DIR/.venv}"
+# Determine project root dynamically from this script's location
+# This file is at: <project_root>/src/runtime/precompact-hook.sh
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+DEFAULT_PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)"
+
+# Configuration (allows override via environment)
+CLAUDE_REFLECT_DIR="${CLAUDE_REFLECT_DIR:-$DEFAULT_PROJECT_ROOT}"
+
+# SECURITY: Validate CLAUDE_REFLECT_DIR to prevent directory traversal
+if [[ "$CLAUDE_REFLECT_DIR" =~ \.\. ]]; then
+    echo "Error: CLAUDE_REFLECT_DIR contains directory traversal" >&2
+    exit 0  # Exit gracefully, don't block compacting
+fi
+
+# Support both .venv and venv directories
+if [ -d "$CLAUDE_REFLECT_DIR/.venv" ]; then
+    VENV_PATH="${VENV_PATH:-$CLAUDE_REFLECT_DIR/.venv}"
+elif [ -d "$CLAUDE_REFLECT_DIR/venv" ]; then
+    VENV_PATH="${VENV_PATH:-$CLAUDE_REFLECT_DIR/venv}"
+else
+    VENV_PATH="${VENV_PATH:-$CLAUDE_REFLECT_DIR/.venv}"
+fi
 IMPORT_TIMEOUT="${IMPORT_TIMEOUT:-30}"
 
 # Check if Claude Self-Reflect is installed
@@ -19,6 +38,17 @@ if [ ! -d "$VENV_PATH" ]; then
     exit 0  # Exit gracefully
 fi
 
+# SECURITY: Validate VENV_PATH to prevent command injection
+if [[ ! "$VENV_PATH" =~ ^[a-zA-Z0-9/_.-]+$ ]]; then
+    echo "Error: Invalid VENV_PATH contains unsafe characters" >&2
+    exit 0  # Exit gracefully, don't block compacting
+fi
+
+if [ ! -x "$VENV_PATH/bin/python3" ]; then
+    echo "Error: Python not found at $VENV_PATH/bin/python3" >&2
+    exit 0  # Exit gracefully
+fi
+
 # Run quick import with timeout
 echo "Updating conversation memory..." >&2
 timeout $IMPORT_TIMEOUT bash -c "
@@ -29,5 +59,54 @@ timeout $IMPORT_TIMEOUT bash -c "
     echo "Quick import timed out after ${IMPORT_TIMEOUT}s" >&2
 }
 
+# ============================================================
+# RALPH MEMORY INTEGRATION (Added for Memory-Augmented Ralph)
+# ============================================================
+
+# If Ralph session, backup state to CSR before compaction
+# Check both ralph-wiggum format and custom format
+RALPH_STATE_FILE=""
+if [ -f ".claude/ralph-loop.local.md" ]; then
+    RALPH_STATE_FILE=".claude/ralph-loop.local.md"
+elif [ -f ".ralph_state.md" ]; then
+    RALPH_STATE_FILE=".ralph_state.md"
+fi
+
+if [ -n "$RALPH_STATE_FILE" ]; then
+    echo "📝 Backing up Ralph state to CSR..." >&2
+
+    RALPH_STATE_FILE="$RALPH_STATE_FILE" CLAUDE_REFLECT_DIR="$CLAUDE_REFLECT_DIR" "$VENV_PATH/bin/python3" << 'PYTHON' || echo "Warning: Could not backup Ralph state" >&2
+import sys
+import os
+from pathlib import Path
+from datetime import datetime
+
+# Dynamic path resolution
+project_root = os.environ.get('CLAUDE_REFLECT_DIR', str(Path.home() / 'claude-self-reflect'))
+sys.path.insert(0, str(Path(project_root) / 'mcp-server' / 'src'))
+
+try:
+    import re
+    from standalone_client import CSRStandaloneClient
+
+    ralph_state_file = os.environ.get('RALPH_STATE_FILE', '.ralph_state.md')
+    state_content = Path(ralph_state_file).read_text()
+    # SECURITY: Sanitize project name to prevent injection
+    project_name = re.sub(r'[^a-zA-Z0-9_-]', '_', Path.cwd().name)
+    client = CSRStandaloneClient()
+
+    client.store_reflection(
+        content=f"Pre-compaction Ralph state backup ({datetime.now().isoformat()}):\n\nProject: {project_name}\n\n{state_content}",
+        tags=["__csr_hook_auto__", f"project_{project_name}", "ralph_state", "pre_compact_backup"],
+        collection="csr_hook_sessions_local"
+    )
+    print(f"✅ Ralph state ({project_name}) backed up to CSR", file=sys.stderr)
+except ImportError:
+    print("CSR client not available, skipping backup", file=sys.stderr)
+except Exception as e:
+    print(f"Backup failed: {e}", file=sys.stderr)
+PYTHON
+fi
+
 # Always exit successfully to not block compacting
 exit 0

package/src/runtime/unified_state_manager.py

@@ -336,6 +336,10 @@ class UnifiedStateManager:
         except Exception as e:
             raise ValueError(f"Invalid path: {file_path}: {e}")
 
+        # Detect if running in Docker by checking for Docker-mounted paths
+        docker_paths = ["/logs", "/config", "/app/data"]
+        in_docker = any(Path(dp).exists() for dp in docker_paths)
+
         # Docker to local path mappings
         path_mappings = [
             ("/logs/", "/.claude/projects/"),
@@ -343,8 +347,15 @@ class UnifiedStateManager:
             ("/app/data/", "/.claude/projects/")
         ]
 
-        # Apply Docker mappings if needed
+        # In Docker: validate against Docker paths BEFORE transformation
+        # This ensures security validation uses paths that actually exist
         path_str = str(resolved)
+        original_path_str = path_str  # Keep original for Docker validation
+
+        # Check if this is a Docker path that we should validate directly
+        is_docker_path = in_docker and any(path_str.startswith(dp) for dp in docker_paths)
+
+        # Apply Docker mappings for storage consistency (not for validation)
         for docker_path, local_path in path_mappings:
             if path_str.startswith(docker_path):
                 home = str(Path.home())
@@ -359,21 +370,35 @@ class UnifiedStateManager:
         ]
 
         # Add Docker paths if they exist
-        for docker_path in ["/logs", "/config", "/app/data"]:
+        for docker_path in docker_paths:
             docker_base = Path(docker_path)
             if docker_base.exists():
                 allowed_bases.append(docker_base)
 
         # Check if path is within allowed directories
         path_allowed = False
-        for base in allowed_bases:
-            try:
-                if base.exists():
-                    resolved.relative_to(base)
-                    path_allowed = True
-                    break
-            except ValueError:
-                continue
+
+        # In Docker: validate original path against Docker mounts
+        if is_docker_path:
+            original_resolved = Path(original_path_str).resolve()
+            for base in allowed_bases:
+                try:
+                    if base.exists():
+                        original_resolved.relative_to(base)
+                        path_allowed = True
+                        break
+                except ValueError:
+                    continue
+        else:
+            # Local environment: validate transformed path
+            for base in allowed_bases:
+                try:
+                    if base.exists():
+                        resolved.relative_to(base)
+                        path_allowed = True
+                        break
+                except ValueError:
+                    continue
 
         # Allow test paths when running tests
         if not path_allowed: