cleargate 0.14.0 → 0.15.0

package/dist/templates/cleargate-planning/.claude/hooks/pre-edit-gate.sh

@@ -1,162 +0,0 @@
-#!/usr/bin/env bash
-# pre-edit-gate.sh — CR-008 Phase B: planning-first PreToolUse gate
-#
-# Registered as a PreToolUse hook for Edit|Write tool calls.
-# In warn mode (default), logs would-block decisions but always exits 0.
-# In enforce mode, exits 1 to block the tool call when planning is missing.
-#
-# Mode controlled by CLEARGATE_PLANNING_GATE_MODE (warn|enforce|off). Default: warn.
-# Bypass: CLEARGATE_PLANNING_BYPASS=1 → skip check, log bypass=true, exit 0.
-
-set -u
-
-REPO_ROOT="${CLAUDE_PROJECT_DIR:-$(pwd)}"
-MODE="${CLEARGATE_PLANNING_GATE_MODE:-warn}"
-LOG_FILE="${REPO_ROOT}/.cleargate/hook-log/pre-edit-gate-warn.log"
-
-# ── 0. Off mode — do nothing ──────────────────────────────────────────────────
-if [ "${MODE}" = "off" ]; then
-  exit 0
-fi
-
-# ── 1. Read file path from stdin (PreToolUse JSON payload) ────────────────────
-# Claude Code sends JSON on stdin: {"tool_name":"Edit","tool_input":{"file_path":"..."}}
-INPUT=$(cat)
-FILE=$(printf '%s' "${INPUT}" | node -e "
-try {
-  var d = require('fs').readFileSync('/dev/stdin','utf8');
-  var o = JSON.parse(d);
-  var fp = (o.tool_input && o.tool_input.file_path) ? o.tool_input.file_path : '';
-  process.stdout.write(fp);
-} catch(e) {
-  process.stdout.write('');
-}
-" 2>/dev/null || true)
-
-TOOL_NAME=$(printf '%s' "${INPUT}" | node -e "
-try {
-  var d = require('fs').readFileSync('/dev/stdin','utf8');
-  var o = JSON.parse(d);
-  process.stdout.write(o.tool_name || '');
-} catch(e) {
-  process.stdout.write('');
-}
-" 2>/dev/null || true)
-
-# ── Guard: if we couldn't parse the file path, fail-open ──────────────────────
-if [ -z "${FILE}" ]; then
-  exit 0
-fi
-
-# ── 2. Bypass env var ─────────────────────────────────────────────────────────
-if [ "${CLEARGATE_PLANNING_BYPASS:-0}" = "1" ]; then
-  ISO_TS=$(date -u +"%Y-%m-%dT%H:%M:%SZ" 2>/dev/null || date -u +"%Y-%m-%dT%H:%M:%SZ")
-  mkdir -p "$(dirname "${LOG_FILE}")"
-  printf '[%s] mode=%s bypass=true file=%s\n' "${ISO_TS}" "${MODE}" "${FILE}" >> "${LOG_FILE}"
-  exit 0
-fi
-
-# ── 3. Whitelist: always allow these paths ────────────────────────────────────
-# Normalise: strip leading REPO_ROOT prefix for matching
-REL_FILE="${FILE}"
-if [[ "${FILE}" == "${REPO_ROOT}/"* ]]; then
-  REL_FILE="${FILE#${REPO_ROOT}/}"
-fi
-
-is_whitelisted() {
-  local f="$1"
-  # Exact or prefix matches for whitelisted directories/files
-  case "${f}" in
-    .cleargate/*|.claude/*|cleargate-planning/*) return 0 ;;
-    CLAUDE.md|MANIFEST.json|README.md|.gitignore|.gitkeep) return 0 ;;
-    package.json|package-lock.json) return 0 ;;
-    .env|.env.*|.npmrc|.editorconfig) return 0 ;;
-    # Also allow absolute paths that fall under the repo's cleargate dirs
-  esac
-  # Check absolute path variants
-  case "${FILE}" in
-    "${REPO_ROOT}/.cleargate/"*|"${REPO_ROOT}/.claude/"*|"${REPO_ROOT}/cleargate-planning/"*) return 0 ;;
-  esac
-  return 1
-}
-
-if is_whitelisted "${REL_FILE}"; then
-  exit 0
-fi
-
-# ── 3.5 Sprint-active sentinel bypass ────────────────────────────────────────
-# If a sprint is actively running, all in-sprint edits bypass the gate.
-if [ -f "${REPO_ROOT}/.cleargate/sprint-runs/.active" ]; then
-  exit 0
-fi
-
-# ── 4. Resolve cleargate CLI (three-branch resolver — CR-009) ────────────────
-if [ -f "${REPO_ROOT}/cleargate-cli/dist/cli.js" ]; then
-  CG=(node "${REPO_ROOT}/cleargate-cli/dist/cli.js")
-elif command -v cleargate >/dev/null 2>&1; then
-  CG=(cleargate)
-else
-  # Read pinned version from stamp-and-gate.sh
-  HOOK_PIN=""
-  HOOK_SH="${REPO_ROOT}/.claude/hooks/stamp-and-gate.sh"
-  if [ -f "${HOOK_SH}" ]; then
-    HOOK_PIN=$(grep -oP '(?<=# cleargate-pin: )[\S]+' "${HOOK_SH}" 2>/dev/null || \
-               grep -oE 'cleargate@[^"]+' "${HOOK_SH}" 2>/dev/null | head -1 | sed 's/.*@//' || true)
-  fi
-  if [ -z "${HOOK_PIN}" ]; then
-    HOOK_PIN="__CLEARGATE_VERSION__"
-  fi
-  CG=(npx -y "cleargate@${HOOK_PIN}")
-fi
-
-# ── 5. Read user prompt snippet for log context (optional; best-effort) ───────
-PROMPT_SNIPPET=$(printf '%s' "${INPUT}" | node -e "
-try {
-  var d = require('fs').readFileSync('/dev/stdin','utf8');
-  var o = JSON.parse(d);
-  var p = (o.user_prompt || '').slice(0, 200);
-  process.stdout.write(p);
-} catch(e) {
-  process.stdout.write('');
-}
-" 2>/dev/null || true)
-
-# ── 6. Ask doctor --can-edit ──────────────────────────────────────────────────
-# Capture both stdout AND exit code without || true swallowing the exit code.
-_DOCTOR_TMPFILE=$(mktemp)
-"${CG[@]}" doctor --can-edit "${FILE}" --cwd "${REPO_ROOT}" > "${_DOCTOR_TMPFILE}" 2>/dev/null
-DOCTOR_EXIT=$?
-DOCTOR_OUT=$(cat "${_DOCTOR_TMPFILE}")
-rm -f "${_DOCTOR_TMPFILE}"
-
-# Parse reason from doctor output
-REASON=$(printf '%s' "${DOCTOR_OUT}" | grep -oP '(?<=blocked: )\S+' 2>/dev/null || \
-         printf '%s' "${DOCTOR_OUT}" | sed -n 's/blocked: //p' 2>/dev/null || \
-         echo "unknown")
-
-# Count approved stories in pending-sync (for log entry)
-PENDING_DIR="${REPO_ROOT}/.cleargate/delivery/pending-sync"
-PENDING_MATCH_COUNT=0
-if [ -d "${PENDING_DIR}" ]; then
-  PENDING_MATCH_COUNT=$(grep -rl 'approved: true' "${PENDING_DIR}" 2>/dev/null | wc -l | tr -d ' ' || echo "0")
-fi
-
-# ── 7. Gate decision ──────────────────────────────────────────────────────────
-if [ "${DOCTOR_EXIT}" -ne 0 ]; then
-  # Would block
-  ISO_TS=$(date -u +"%Y-%m-%dT%H:%M:%SZ" 2>/dev/null || date -u +"%Y-%m-%dT%H:%M:%SZ")
-  mkdir -p "$(dirname "${LOG_FILE}")"
-  printf '[%s] mode=%s would_block file=%s reason=%s tool=%s pending_match_count=%d prompt_snippet=%s\n' \
-    "${ISO_TS}" "${MODE}" "${FILE}" "${REASON}" "${TOOL_NAME}" "${PENDING_MATCH_COUNT}" "${PROMPT_SNIPPET}" \
-    >> "${LOG_FILE}"
-
-  if [ "${MODE}" = "enforce" ]; then
-    printf 'ClearGate: planning-first gate — no approved story covers %s (%s). Draft a work item first.\n' \
-      "${FILE}" "${REASON}" >&2
-    exit 1
-  fi
-
-  # warn mode: log written above, exit 0 (do not block)
-fi
-
-exit 0

package/dist/templates/cleargate-planning/.claude/hooks/pre-tool-use-autonomy.sh

@@ -1,58 +0,0 @@
-#!/usr/bin/env bash
-# pre-tool-use-autonomy.sh — PreToolUse:AskUserQuestion soft-warning hook (STORY-071-01)
-#
-# CR-071: Logs a warning when an agent issues AskUserQuestion during an active sprint.
-# Soft mode — ALWAYS exits 0 (never blocks the call). Observability only.
-#
-# Inputs:
-#   stdin: Claude Code PreToolUse JSON payload with tool_name, tool_input, etc.
-#   env:   CLAUDE_PROJECT_DIR (project root; fallback to current dir)
-#
-# Output:
-#   Appends to .cleargate/hook-log/autonomy-warnings.log when conditions are met.
-#   Tab-separated columns: <iso-timestamp>\tAskUserQuestion\t<agent>\t<question-summary>
-#
-# Conditions for logging:
-#   1. tool_name == "AskUserQuestion"
-#   2. .cleargate/sprint-runs/.active exists and is non-empty
-#   3. corresponding state.json sprint_status == "Active"
-#
-# Exit code: 0 always (soft mode — never blocks).
-
-set -u
-
-PAYLOAD="$(cat 2>/dev/null || true)"
-
-# If jq is absent, degrade gracefully (exit 0, no log).
-if ! command -v jq >/dev/null 2>&1; then
-  exit 0
-fi
-
-TOOL=$(printf '%s' "$PAYLOAD" | jq -r '.tool_name // empty' 2>/dev/null || true)
-[ "$TOOL" = "AskUserQuestion" ] || exit 0
-
-ACTIVE_FILE="${CLAUDE_PROJECT_DIR:-.}/.cleargate/sprint-runs/.active"
-[ -s "$ACTIVE_FILE" ] || exit 0
-
-SPRINT_ID="$(cat "$ACTIVE_FILE" 2>/dev/null || true)"
-[ -n "$SPRINT_ID" ] || exit 0
-
-STATE_FILE="${CLAUDE_PROJECT_DIR:-.}/.cleargate/sprint-runs/$SPRINT_ID/state.json"
-[ -f "$STATE_FILE" ] || exit 0
-
-STATUS=$(jq -r '.sprint_status // empty' "$STATE_FILE" 2>/dev/null || true)
-[ "$STATUS" = "Active" ] || exit 0
-
-LOG="${CLAUDE_PROJECT_DIR:-.}/.cleargate/hook-log/autonomy-warnings.log"
-mkdir -p "$(dirname "$LOG")" 2>/dev/null || true
-
-QUESTION_SUMMARY=$(printf '%s' "$PAYLOAD" | jq -r '.tool_input.question // ""' 2>/dev/null | head -c 200 || true)
-
-DISPATCH_DIR="${CLAUDE_PROJECT_DIR:-.}/.cleargate/sprint-runs/$SPRINT_ID"
-AGENT=$(ls -t "$DISPATCH_DIR"/.dispatch-*.json 2>/dev/null | head -1 | \
-  xargs -I {} jq -r '.agent // "unknown"' {} 2>/dev/null || echo "unknown")
-[ -n "$AGENT" ] || AGENT="unknown"
-
-printf '%s\tAskUserQuestion\t%s\t%s\n' "$(date -u +%FT%TZ)" "$AGENT" "$QUESTION_SUMMARY" >> "$LOG" 2>/dev/null || true
-
-exit 0

package/dist/templates/cleargate-planning/.claude/hooks/pre-tool-use-task.sh

@@ -1,148 +0,0 @@
-#!/usr/bin/env bash
-# pre-tool-use-task.sh — PreToolUse:Task hook.
-#
-# CR-026: Auto-write a dispatch marker on every Task() spawn so the
-# SubagentStop hook (token-ledger.sh) can attribute tokens to the correct
-# work item and agent without relying on transcript-grep heuristics.
-#
-# This hook addresses BUG-024 §3.1 Defect 3: manual write_dispatch.sh calls
-# were unreliable (~5 calls vs ~19 spawns in SPRINT-18). The hook fires
-# automatically on every Task() spawn inside the orchestrator session.
-#
-# Input: JSON on stdin from Claude Code with fields:
-#   session_id, transcript_path, cwd, hook_event_name, tool_name, tool_input
-#   For tool_name == "Task", tool_input has: subagent_type, description, prompt.
-#
-# Output: writes .cleargate/sprint-runs/<sprint>/.dispatch-<ts>-<pid>-<rand>.json
-#   with { work_item_id, agent_type, spawned_at, session_id, writer }
-#   Uniquified filename prevents collision under parallel Task() spawns.
-#   SubagentStop hook uses newest-file lookup (ls -t) to consume it.
-#
-# Log: .cleargate/hook-log/pre-tool-use-task.log
-#
-# Exit code: 0 always. Never blocks a Task spawn.
-#
-# Banner-immunity: reads tool_input.prompt directly from the JSON payload —
-# no transcript involvement, so the SessionStart blocked-items banner cannot
-# poison this path (contrast with token-ledger.sh's transcript-grep fallback).
-
-set -u
-
-# ─── Resolve repo root (matches token-ledger.sh:59 + write_dispatch.sh:30) ───
-REPO_ROOT="${ORCHESTRATOR_PROJECT_DIR:-${CLAUDE_PROJECT_DIR}}"
-LOG_DIR="${REPO_ROOT}/.cleargate/hook-log"
-mkdir -p "${LOG_DIR}"
-HOOK_LOG="${LOG_DIR}/pre-tool-use-task.log"
-ACTIVE_SENTINEL="${REPO_ROOT}/.cleargate/sprint-runs/.active"
-
-TS="$(date -u +%FT%TZ)"
-
-# Read stdin once
-INPUT="$(cat)"
-
-# ─── Extract tool_name to confirm this is a Task spawn ────────────────────────
-TOOL_NAME="$(printf '%s' "${INPUT}" | jq -r '.tool_name // empty' 2>/dev/null)"
-if [[ "${TOOL_NAME}" != "Task" ]]; then
-  # Not a Task spawn — nothing to do; exit silently.
-  exit 0
-fi
-
-# ─── Resolve active sprint via sentinel ───────────────────────────────────────
-if [[ ! -f "${ACTIVE_SENTINEL}" ]]; then
-  printf '[%s] no .active sentinel — dispatch marker skipped (off-sprint)\n' "${TS}" >> "${HOOK_LOG}"
-  exit 0
-fi
-
-SPRINT_ID="$(tr -d '[:space:]' < "${ACTIVE_SENTINEL}")"
-if [[ -z "${SPRINT_ID}" ]]; then
-  printf '[%s] .active sentinel is empty — dispatch marker skipped\n' "${TS}" >> "${HOOK_LOG}"
-  exit 0
-fi
-
-SPRINT_DIR="${REPO_ROOT}/.cleargate/sprint-runs/${SPRINT_ID}"
-mkdir -p "${SPRINT_DIR}"
-
-# ─── Extract subagent_type ────────────────────────────────────────────────────
-AGENT_TYPE="$(printf '%s' "${INPUT}" | jq -r '.tool_input.subagent_type // empty' 2>/dev/null)"
-ALLOW_LIST="architect developer qa reporter cleargate-wiki-contradict"
-if [[ -z "${AGENT_TYPE}" ]] || ! printf '%s\n' ${ALLOW_LIST} | grep -qxF "${AGENT_TYPE}"; then
-  printf '[%s] no marker: agent_type absent or not in allow-list (%s)\n' "${TS}" "${AGENT_TYPE:-<empty>}" >> "${HOOK_LOG}"
-  exit 0
-fi
-
-# ─── Extract work_item_id from first 5 lines of tool_input.prompt ─────────────
-# Regex: (STORY=?NNN-NN | BUG-NNN | EPIC-NNN | CR-NNN | PROPOSAL-NNN | HOTFIX-NNN)
-PROMPT_HEAD="$(printf '%s' "${INPUT}" | jq -r '.tool_input.prompt // ""' 2>/dev/null | head -5)"
-if [[ -z "${PROMPT_HEAD}" ]]; then
-  printf '[%s] no marker: prompt empty or unreadable\n' "${TS}" >> "${HOOK_LOG}"
-  exit 0
-fi
-
-WORK_ITEM_RAW="$(printf '%s' "${PROMPT_HEAD}" \
-  | grep -oE '(STORY=?[0-9]{3}-[0-9]{2}|BUG-[0-9]+|EPIC-[0-9]+|CR-[0-9]+|PROPOSAL-[0-9]+|HOTFIX-[0-9]+)' \
-  | head -1)"
-
-if [[ -z "${WORK_ITEM_RAW}" ]]; then
-  printf '[%s] no marker: regex miss (agent=%s prompt_head=%s)\n' \
-    "${TS}" "${AGENT_TYPE}" "$(printf '%s' "${PROMPT_HEAD}" | head -1 | cut -c1-60)" >> "${HOOK_LOG}"
-  exit 0
-fi
-
-# Normalize STORY=NNN-NN → STORY-NNN-NN
-WORK_ITEM_ID="$(printf '%s' "${WORK_ITEM_RAW}" | sed 's/=/\-/')"
-
-# ─── Resolve orchestrator session ID ─────────────────────────────────────────
-# Path-B: uniquified filename makes session ID irrelevant for lookup.
-# We embed it in the JSON body for forensic value only.
-# GOTCHA-5: CLAUDE_SESSION_ID may be unset on nested spawns; fall back to stdin payload.
-SESSION_ID="${CLAUDE_SESSION_ID:-}"
-if [[ -z "${SESSION_ID}" ]]; then
-  SESSION_ID="$(printf '%s' "${INPUT}" | jq -r '.session_id // empty' 2>/dev/null)"
-fi
-[[ -z "${SESSION_ID}" ]] && SESSION_ID="unknown"
-
-# ─── Resolve cleargate version ────────────────────────────────────────────────
-PKG_JSON="${REPO_ROOT}/cleargate-cli/package.json"
-CG_VERSION="unknown"
-if [[ -f "${PKG_JSON}" ]]; then
-  CG_VERSION="$(jq -r '.version // "unknown"' "${PKG_JSON}" 2>/dev/null || echo "unknown")"
-fi
-
-# ─── Write dispatch file atomically (mktemp + mv, matches write_dispatch.sh:110-112) ──
-# Uniquified filename: .dispatch-<ts-epoch>-<pid>-<random>.json
-# Prevents collision under parallel Task() spawns; newest-file lookup at SubagentStop.
-SPAWNED_AT="${TS}"
-DISPATCH_FILENAME=".dispatch-$(date -u +%s)-$$-${RANDOM}.json"
-DISPATCH_TARGET="${SPRINT_DIR}/${DISPATCH_FILENAME}"
-
-DISPATCH_JSON="$(jq -cn \
-  --arg work_item_id "${WORK_ITEM_ID}" \
-  --arg agent_type "${AGENT_TYPE}" \
-  --arg spawned_at "${SPAWNED_AT}" \
-  --arg session_id "${SESSION_ID}" \
-  --arg writer "pre-tool-use-task.sh@cleargate-${CG_VERSION}" \
-  '{
-    work_item_id: $work_item_id,
-    agent_type: $agent_type,
-    spawned_at: $spawned_at,
-    session_id: $session_id,
-    writer: $writer
-  }' 2>/dev/null)"
-
-if [[ -z "${DISPATCH_JSON}" ]]; then
-  printf '[%s] error: jq failed to build dispatch JSON\n' "${TS}" >> "${HOOK_LOG}"
-  exit 0
-fi
-
-TMP="$(mktemp "${SPRINT_DIR}/.dispatch-tmp-XXXXXX" 2>/dev/null)"
-if [[ -z "${TMP}" ]]; then
-  printf '[%s] error: mktemp failed for dispatch file\n' "${TS}" >> "${HOOK_LOG}"
-  exit 0
-fi
-printf '%s\n' "${DISPATCH_JSON}" > "${TMP}"
-mv "${TMP}" "${DISPATCH_TARGET}"
-
-printf '[%s] wrote dispatch: sprint=%s work_item=%s agent=%s file=%s\n' \
-  "${TS}" "${SPRINT_ID}" "${WORK_ITEM_ID}" "${AGENT_TYPE}" "${DISPATCH_FILENAME}" >> "${HOOK_LOG}"
-
-exit 0

package/dist/templates/cleargate-planning/.claude/hooks/session-start.sh

@@ -1,75 +0,0 @@
-#!/usr/bin/env bash
-set -u
-REPO_ROOT="${CLAUDE_PROJECT_DIR}"
-
-# cleargate-pin: __CLEARGATE_VERSION__
-# Resolve cleargate CLI (three-branch resolver — CR-009):
-#   1. meta-repo dogfood dist (fastest; only present in ClearGate's own repo)
-#   2. on-PATH binary (global install or shim)
-#   3. pinned npx invocation (always works wherever Node is present)
-if [ -f "${REPO_ROOT}/cleargate-cli/dist/cli.js" ]; then
-  CG=(node "${REPO_ROOT}/cleargate-cli/dist/cli.js")
-elif command -v cleargate >/dev/null 2>&1; then
-  CG=(cleargate)
-else
-  CG=(npx -y "cleargate@__CLEARGATE_VERSION__")
-fi
-
-"${CG[@]}" doctor --session-start || true
-
-# --- Sprint-active skill auto-load directive (STORY-026-01) ---
-ACTIVE_FILE="${REPO_ROOT}/.cleargate/sprint-runs/.active"
-if [ -s "${ACTIVE_FILE}" ] && [ -n "$(tr -d '[:space:]' < "${ACTIVE_FILE}")" ]; then
-  printf '→ Active sprint detected. Load skill: sprint-execution\n'
-fi
-
-# ── §14.9 SessionStart sync nudge (STORY-010-08) ─────────────────────────────
-# Daily-throttled: probe remote for updates at most once per 24h.
-# Never auto-pulls or auto-pushes. Exits 0 regardless of outcome.
-MARKER="${REPO_ROOT}/.cleargate/.sync-marker.json"
-NOW_ISO=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
-NOW_EPOCH=$(date +%s)
-
-if [ ! -f "${MARKER}" ]; then
-  # First run — write marker with current timestamp and skip MCP call (24h grace).
-  mkdir -p "$(dirname "${MARKER}")"
-  printf '{"last_check":"%s"}' "${NOW_ISO}" > "${MARKER}"
-else
-  # Parse last_check epoch from marker using node (portable, avoids jq dep)
-  LAST_CHECK_ISO=$(node -e "try{const m=JSON.parse(require('fs').readFileSync('${MARKER}','utf8'));process.stdout.write(m.last_check||'1970-01-01T00:00:00Z')}catch{process.stdout.write('1970-01-01T00:00:00Z')}" 2>/dev/null || echo "1970-01-01T00:00:00Z")
-  LAST_EPOCH=$(node -e "process.stdout.write(String(Math.floor(new Date('${LAST_CHECK_ISO}').getTime()/1000)))" 2>/dev/null || echo "0")
-  ELAPSED=$(( NOW_EPOCH - LAST_EPOCH ))
-
-  if [ "${ELAPSED}" -ge 86400 ]; then
-    # ≥24h since last check — run probe (3s timeout, R7 mitigation)
-    RESULT_FILE=$(mktemp)
-    # Cross-platform 3-second timeout: prefer `timeout` (Linux); fall back to
-    # background-process kill (macOS where GNU coreutils may be absent).
-    if command -v timeout > /dev/null 2>&1; then
-      timeout 3 "${CG[@]}" sync --check > "${RESULT_FILE}" 2>/dev/null || true
-    else
-      "${CG[@]}" sync --check > "${RESULT_FILE}" 2>/dev/null &
-      _PROBE_PID=$!
-      (sleep 3 && kill "${_PROBE_PID}" 2>/dev/null) &
-      _KILL_PID=$!
-      wait "${_PROBE_PID}" 2>/dev/null || true
-      kill "${_KILL_PID}" 2>/dev/null || true
-      wait "${_KILL_PID}" 2>/dev/null || true
-    fi
-    UPDATES=$(node -e "
-try {
-  var data = require('fs').readFileSync(process.argv[1], 'utf8').trim();
-  var obj = JSON.parse(data);
-  process.stdout.write(String(obj.updates || 0));
-} catch(e) {
-  process.stdout.write('0');
-}
-" "${RESULT_FILE}" 2>/dev/null || echo "0")
-    rm -f "${RESULT_FILE}"
-    if [ "${UPDATES}" -gt 0 ] 2>/dev/null; then
-      printf '📡 ClearGate: %s remote updates since yesterday — run `cleargate sync` to reconcile.\n' "${UPDATES}"
-    fi
-    # Marker is updated by sync --check itself; no re-write needed here.
-  fi
-fi
-exit 0

package/dist/templates/cleargate-planning/.claude/hooks/stamp-and-gate.sh

@@ -1,43 +0,0 @@
-#!/usr/bin/env bash
-set -u
-REPO_ROOT="${CLAUDE_PROJECT_DIR}"
-LOG="${REPO_ROOT}/.cleargate/hook-log/gate-check.log"
-mkdir -p "$(dirname "$LOG")"
-
-# cleargate-pin: __CLEARGATE_VERSION__
-# Resolve cleargate CLI (three-branch resolver — CR-009):
-#   1. meta-repo dogfood dist (fastest; only present in ClearGate's own repo)
-#   2. on-PATH binary (global install or shim)
-#   3. pinned npx invocation (always works wherever Node is present)
-if [ -f "${REPO_ROOT}/cleargate-cli/dist/cli.js" ]; then
-  CG=(node "${REPO_ROOT}/cleargate-cli/dist/cli.js")
-elif command -v cleargate >/dev/null 2>&1; then
-  CG=(cleargate)
-else
-  CG=(npx -y "cleargate@__CLEARGATE_VERSION__")
-fi
-
-FILE=$(jq -r '.tool_input.file_path' 2>/dev/null || echo "")
-[ -z "$FILE" ] && exit 0
-case "$FILE" in *.cleargate/delivery/*) : ;; *) exit 0 ;; esac
-TS=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
-# Ordered chain — stamp MUST precede gate (gate may read draft_tokens)
-"${CG[@]}" stamp-tokens "$FILE" >>"$LOG" 2>&1
-SR1=$?
-# CR-032: capture gate check stdout to tmpfile so we can re-emit ⚠️ lines to
-# hook stdout (→ Claude Code system-reminder). gate.ts emits ❌ lines to
-# stdout (gate.ts:259), not stderr; the tmpfile captures them separately.
-GATE_OUT=$(mktemp)
-"${CG[@]}" gate check "$FILE" >"$GATE_OUT" 2>>"$LOG"
-SR2=$?
-cat "$GATE_OUT" >>"$LOG"
-if [ "$SR2" -ne 0 ]; then
-  WORK_ITEM_ID=$(grep -m1 -oE '(EPIC|STORY|CR|BUG|HOTFIX|PROPOSAL|INITIATIVE|SPRINT)-[0-9]+(-[0-9]+)?' "$FILE" | head -1)
-  : "${WORK_ITEM_ID:=<work-item>}"
-  grep '^❌' "$GATE_OUT" 2>/dev/null | sed -E "s/^❌ /⚠️ gate failed: ${WORK_ITEM_ID} — /"
-fi
-rm -f "$GATE_OUT"
-"${CG[@]}" wiki ingest "$FILE" >>"$LOG" 2>&1
-SR3=$?
-echo "[$TS] stamp=$SR1 gate=$SR2 ingest=$SR3 file=$FILE" >>"$LOG"
-exit 0   # ALWAYS 0 — severity enforcement is at wiki lint, not hook