clean-room-skill 0.1.9 → 0.1.10

package/.claude-plugin/marketplace.json

@@ -9,7 +9,7 @@
       "name": "clean-room",
       "source": "./",
       "description": "Spec-first clean-room workflow for authorized source analysis without replacement code.",
-      "version": "0.1.9",
+      "version": "0.1.10",
       "author": {
         "name": "whit3rabbit"
       },

package/.claude-plugin/plugin.json

@@ -2,7 +2,7 @@
   "name": "clean-room",
   "displayName": "Clean Room",
   "description": "Spec-first clean-room workflow for authorized source analysis without replacement code.",
-  "version": "0.1.9",
+  "version": "0.1.10",
   "author": {
     "name": "whit3rabbit"
   },

package/.codex-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "clean-room",
-  "version": "0.1.9",
+  "version": "0.1.10",
   "description": "Spec-first clean-room workflow for authorized source analysis without replacement code.",
   "author": {
     "name": "whit3rabbit"

package/hooks/agent4-polish-runner.py

@@ -263,7 +263,10 @@ def commit_report_paths(report: dict[str, Any], root: Path, blocked_roots: list[
         "user.name=Clean Room Agent 4",
         "-c",
         "user.email=clean-room-agent4@example.invalid",
+        "-c",
+        "core.hooksPath=/dev/null",
         "commit",
+        "--no-verify",
         "-m",
         subject,
         "-m",

package/hooks/deny-clean-source-read.py

@@ -26,6 +26,13 @@ MCP_RESOURCE_TOOLS = {
     "read_mcp_resource",
 }
 READ_PATH_KEYS = ("file_path", "filePath", "path", "notebook_path", "notebookPath")
+CONTAMINATED_ONLY_SANITIZER_ARTIFACTS = {
+    "coverage-ledger.json": "coverage-ledger artifact",
+    "evidence-ledger.json": "evidence-ledger artifact",
+    "preflight-goal.json": "preflight-goal artifact",
+    "source-index.json": "source-index artifact",
+    "task-manifest.json": "task-manifest artifact",
+}
 
 
 def tool_name_for(payload: dict) -> str:
@@ -112,6 +119,7 @@ def main() -> int:
         )
         return 1
     source_roots = env_roots("CLEAN_ROOM_SOURCE_ROOTS")
+    contaminated_roots = env_roots("CLEAN_ROOM_CONTAMINATED_ARTIFACT_ROOTS")
     clean_roots = env_roots("CLEAN_ROOM_CLEAN_ROOTS")
     implementation_roots = env_roots("CLEAN_ROOM_IMPLEMENTATION_ROOTS")
     allowed_roots = allowed_roots_for_role(role)
@@ -143,6 +151,14 @@ def main() -> int:
                 file=sys.stderr,
             )
             return 1
+        if role == SANITIZER_ROLE and any(is_under(path, root) for root in contaminated_roots):
+            artifact_label = CONTAMINATED_ONLY_SANITIZER_ARTIFACTS.get(path.name)
+            if artifact_label:
+                print(
+                    f"clean-room policy denied role {role} reading {artifact_label} in {describe_path(path)}",
+                    file=sys.stderr,
+                )
+                return 1
         if role in SOURCE_DENIED_ROLES and path.name == "preflight-goal.json":
             print(
                 f"clean-room policy denied role {role} reading preflight-goal artifact in {describe_path(path)}",

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "clean-room-skill",
-  "version": "0.1.9",
+  "version": "0.1.10",
   "description": "Spec-first clean-room workflow for authorized source analysis without replacement code.",
   "bin": {
     "clean-room-skill": "bin/install.js"

package/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "clean-room",
-  "version": "0.1.9",
+  "version": "0.1.10",
   "description": "Spec-first clean-room workflow for authorized source analysis without replacement code.",
   "author": {
     "name": "whit3rabbit"