codebyplan 1.13.46 → 1.13.48

package/dist/cli.js

@@ -39,7 +39,7 @@ var VERSION, PACKAGE_NAME;
 var init_version = __esm({
   "src/lib/version.ts"() {
     "use strict";
-    VERSION = "1.13.46";
+    VERSION = "1.13.48";
     PACKAGE_NAME = "codebyplan";
   }
 });
@@ -35130,8 +35130,10 @@ function checkScopeMarkers(opts) {
   const {
     claudeDir,
     scanDirs = SCAN_DIRS,
-    allowlist = /* @__PURE__ */ new Set()
+    allowlist = /* @__PURE__ */ new Set(),
+    templatesDir
   } = opts;
+  const twinDetectionActive = templatesDir != null && fs11.existsSync(templatesDir);
   const violations = [];
   for (const scanDir of scanDirs) {
     const baseDir = path12.join(claudeDir, scanDir);
@@ -35158,10 +35160,16 @@ function checkScopeMarkers(opts) {
         });
         continue;
       }
-      if (isMd) {
-        const scopeValue = extractFrontmatterScope(content);
+      const scopeValue = isMd ? extractFrontmatterScope(content) : extractShScope(content);
+      const managed = twinDetectionActive && fs11.existsSync(path12.join(templatesDir, relPath));
+      if (managed) {
         if (scopeValue === null) {
-          violations.push({ type: "missing-scope", path: relPath });
+        } else if (scopeValue === "org-shared") {
+          violations.push({
+            type: "redundant-scope",
+            path: relPath,
+            detail: "redundant org-shared marker \u2014 org-shared is the implicit default, remove the key"
+          });
         } else if (!isValidScope(scopeValue)) {
           violations.push({
             type: "invalid-scope",
@@ -35170,7 +35178,6 @@ function checkScopeMarkers(opts) {
           });
         }
       } else {
-        const scopeValue = extractShScope(content);
         if (scopeValue === null) {
           violations.push({ type: "missing-scope", path: relPath });
         } else if (!isValidScope(scopeValue)) {
@@ -35187,14 +35194,20 @@ function checkScopeMarkers(opts) {
 }
 function runVerifyParity(opts) {
   const { claudeDir, templatesDir, expectedOneSided } = opts;
-  const violations = [];
-  violations.push(...checkScopeMarkers({ claudeDir }));
+  const allScopeItems = [];
+  const parityItems = [];
+  allScopeItems.push(...checkScopeMarkers({ claudeDir, templatesDir }));
   if (templatesDir != null && fs11.existsSync(templatesDir)) {
-    violations.push(
+    parityItems.push(
       ...checkSiblingParity({ claudeDir, templatesDir, expectedOneSided })
     );
   }
-  return { violations };
+  const warnings = allScopeItems.filter((v) => v.type === "redundant-scope");
+  const scopeViolations = allScopeItems.filter(
+    (v) => v.type !== "redundant-scope"
+  );
+  const violations = [...scopeViolations, ...parityItems];
+  return { violations, warnings };
 }
 function readdirRecursive(dir, rel = "", visited = /* @__PURE__ */ new Set()) {
   const realDir = fs11.realpathSync(dir);
@@ -35258,7 +35271,7 @@ var init_verify_parity = __esm({
       "hooks",
       "rules"
     ];
-    REPO_ONLY_RE = /^repo-only:[a-z0-9-]+$/;
+    REPO_ONLY_RE = /^repo-only:[a-z0-9]([a-z0-9-]*[a-z0-9])?$/;
     DEFAULT_EXPECTED_ONE_SIDED = /* @__PURE__ */ new Set([
       "hooks/cbp-mcp-migration-guard.sh",
       // repo-only:codebyplan — monorepo-only skill (references the in-repo
@@ -35312,12 +35325,19 @@ function verifyParity(args, deps = {}) {
     );
     return 2;
   }
-  const { violations } = result;
+  const { violations, warnings } = result;
   if (jsonMode) {
-    process.stdout.write(JSON.stringify(violations, null, 2) + "\n");
+    process.stdout.write(
+      JSON.stringify({ violations, warnings }, null, 2) + "\n"
+    );
     if (violations.length > 0 && !warnOnly) return 1;
     return 0;
   }
+  for (const w of warnings) {
+    const detail = w.detail ? `: ${w.detail}` : "";
+    process.stderr.write(`verify-parity: WARN ${w.path}${detail}
+`);
+  }
   if (violations.length === 0) {
     process.stdout.write("verify-parity: OK \u2014 no violations found.\n");
     return 0;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "codebyplan",
-  "version": "1.13.46",
+  "version": "1.13.48",
   "description": "CLI for CodeByPlan — AI-powered development planning and tracking",
   "type": "module",
   "bin": {

package/templates/agents/cbp-cc-executor.md

@@ -1,5 +1,4 @@
 ---
-scope: org-shared
 name: cbp-cc-executor
 description: Authoring executor for `.claude/` infrastructure. Applies approved changes across rules, skills, agents, context, CLAUDE.md, settings, and hooks — with update-first discipline, scope-marker enforcement, and length-limit awareness. Callable by the main conversation, `/cbp-checkpoint-end`, and `round-executor` (for in-scope `.claude/` infra deliverables).
 tools: Read, Write, Edit, Glob, Grep, Skill, Task, AskUserQuestion, Bash(npx codebyplan task create *)

package/templates/agents/cbp-database-agent.md

@@ -1,5 +1,4 @@
 ---
-scope: org-shared
 name: cbp-database-agent
 description: Supabase database specialist. Handles migrations, RLS policies, type generation, and schema changes. Spawned as sub-executor by round-executor when plan includes DB work.
 tools: Read, Write, Edit, Glob, Grep, Bash, mcp__supabase__apply_migration, mcp__supabase__execute_sql, mcp__supabase__list_tables, mcp__supabase__list_migrations, mcp__supabase__get_advisors, mcp__supabase__generate_typescript_types, mcp__supabase__search_docs

package/templates/agents/cbp-e2e-maestro.md

@@ -4,7 +4,6 @@ description: Maestro E2E flow authoring + execution for Expo/React Native mobile
 tools: Read, Write, Edit, Glob, Grep, Bash, AskUserQuestion, mcp__codebyplan__get_repos
 model: sonnet
 effort: xhigh
-scope: org-shared
 ---
 
 # Maestro E2E Agent

package/templates/agents/cbp-e2e-playwright.md

@@ -4,7 +4,6 @@ description: Playwright E2E test authoring + execution for web app routes. Spawn
 tools: Read, Write, Edit, Glob, Grep, Bash, AskUserQuestion, mcp__codebyplan__get_repos
 model: sonnet
 effort: xhigh
-scope: org-shared
 ---
 
 # Playwright E2E Agent

package/templates/agents/cbp-e2e-tauri.md

@@ -4,7 +4,6 @@ description: WebDriverIO + tauri-driver E2E test authoring + execution for Tauri
 tools: Read, Write, Edit, Glob, Grep, Bash, AskUserQuestion, mcp__codebyplan__get_repos
 model: sonnet
 effort: xhigh
-scope: org-shared
 ---
 
 # Tauri E2E Agent

package/templates/agents/cbp-e2e-vscode.md

@@ -4,7 +4,6 @@ description: VS Code extension E2E test authoring + execution using @vscode/test
 tools: Read, Write, Edit, Glob, Grep, Bash, AskUserQuestion, mcp__codebyplan__get_repos
 model: sonnet
 effort: xhigh
-scope: org-shared
 ---
 
 # VS Code Extension E2E Agent

package/templates/agents/cbp-e2e-xcuitest.md

@@ -4,7 +4,6 @@ description: XCUITest native iOS E2E test authoring + execution for Expo apps ta
 tools: Read, Write, Edit, Glob, Grep, Bash, AskUserQuestion, mcp__codebyplan__get_repos
 model: sonnet
 effort: xhigh
-scope: org-shared
 ---
 
 # XCUITest E2E Agent

package/templates/agents/cbp-improve-claude.md

@@ -1,5 +1,4 @@
 ---
-scope: org-shared
 name: cbp-improve-claude
 description: Broad analysis agent for retrospective task analysis. Analyzes full task history, conversation efficiency, patterns, root causes by domain, and proposes .claude/ infrastructure improvements.
 tools: Read, Glob, Grep, Task, AskUserQuestion

package/templates/agents/cbp-improve-round.md

@@ -1,5 +1,4 @@
 ---
-scope: org-shared
 name: cbp-improve-round
 description: Code quality review agent. Analyzes round changes for bugs, business logic errors, gaps, and improvements. Spawned by /cbp-round-end.
 tools: Read, Glob, Grep, Task

package/templates/agents/cbp-map-architecture.md

@@ -1,5 +1,4 @@
 ---
-scope: org-shared
 name: cbp-map-architecture
 description: Read-only agent that analyzes a repository module and produces a structured architecture map following the canonical spec. Invoke when generating or refreshing a module's .claude/architecture/<module>.md map file. Returns the full map content as text for the caller to write.
 tools: Read, Glob, Grep

package/templates/agents/cbp-mechanical-edits.md

@@ -1,5 +1,4 @@
 ---
-scope: org-shared
 name: cbp-mechanical-edits
 description: Cheap mechanical-edits subagent — performs renames, moves, string substitutions, frontmatter field edits, and free-form index/manifest regeneration. Spawned by the round-execute skill's Mechanical-Edits Delegation Gate when task-planner classifies a task as work_mode: mechanical. Never authors new code logic.
 tools: Read, Write, Edit, Glob, Grep, Bash

package/templates/agents/cbp-research.md

@@ -1,5 +1,4 @@
 ---
-scope: org-shared
 name: cbp-research
 description: Intelligent on-demand research with discovery levels (0-3). Consults stack first, produces DISCOVERY.md for Level 2+. Callable by other agents.
 tools: Read, Glob, Grep, WebSearch, WebFetch, Write, Task

package/templates/agents/cbp-round-executor.md

@@ -1,5 +1,4 @@
 ---
-scope: org-shared
 name: cbp-round-executor
 description: Execute approved plan. Receives pre-analyzed deliverables and files list. Focuses on quality implementation. Communicates with user when blocked or needs decisions.
 tools: Read, Write, Edit, Glob, Grep, Bash, TaskUpdate, AskUserQuestion, Skill, Task

package/templates/agents/cbp-security-agent.md

@@ -1,5 +1,4 @@
 ---
-scope: org-shared
 name: cbp-security-agent
 description: Security review specialist. Checks for OWASP top 10 vulnerabilities, hardcoded secrets, SQL injection, XSS, CSRF, and dependency vulnerabilities.
 tools: Read, Glob, Grep, Bash

package/templates/agents/cbp-task-check.md

@@ -1,5 +1,4 @@
 ---
-scope: org-shared
 name: cbp-task-check
 description: Task verification agent. Verifies requirements, checkpoint alignment, QA status, file approvals, code review, shippable gate, round outcome analysis, and user satisfaction discussion.
 tools: Read, Glob, Grep, Bash, AskUserQuestion

package/templates/agents/cbp-task-planner.md

@@ -1,5 +1,4 @@
 ---
-scope: org-shared
 name: cbp-task-planner
 description: Analyze codebase and create implementation plan. Reads context from DB. Uses Explore subagent for fast analysis. Communicates with user for clarifications.
 tools: Read, Glob, Grep, Task, TaskCreate, AskUserQuestion

package/templates/agents/cbp-testing-qa-agent.md

@@ -1,5 +1,4 @@
 ---
-scope: org-shared
 name: cbp-testing-qa-agent
 description: Combined testing, QA generation, and default checklists. Runs build/lint/types/unit-tests/audit, generates auto QA items, applies default production checklists. Does NOT consume e2e screenshots or frontend-ui findings.
 tools: Read, Glob, Grep, Bash, AskUserQuestion

package/templates/hooks/cbp-auto-test-hooks.sh

@@ -1,5 +1,4 @@
 #!/bin/bash
-# @scope: org-shared
 # @hook: PostToolUse Edit|Write
 # Hook: PostToolUse for Edit|Write on hook files
 # Purpose: Run test-hooks.sh when a plugin hook file is modified.

package/templates/hooks/cbp-canonical-templates-nudge.sh

@@ -1,5 +1,4 @@
 #!/usr/bin/env bash
-# @scope: org-shared
 # @event: PreToolUse
 # @matcher: Edit|Write|MultiEdit
 # Advisory source-of-truth nudge. When editing a GATE-6-tracked .claude/ file

package/templates/hooks/cbp-context-window-notify.sh

@@ -1,5 +1,4 @@
 #!/bin/bash
-# @scope: org-shared
 # Hook: UserPromptSubmit
 # Purpose: Emit a one-time notice into Claude's context when the session's total
 #          context-window usage crosses CBP_CONTEXT_WARN_TOKENS (default 200000).

package/templates/hooks/cbp-e2e-spec-patterns.sh

@@ -1,5 +1,4 @@
 #!/usr/bin/env bash
-# @scope: org-shared
 # @event: PreToolUse
 # @matcher: Edit|Write|MultiEdit
 # Guard spec files against two patterns banned by rules/e2e-mandatory.md and

package/templates/hooks/cbp-lint-format-on-edit.sh

@@ -1,5 +1,4 @@
 #!/bin/bash
-# @scope: org-shared
 # @hook: PostToolUse Edit|Write
 # Hook: Auto-format and auto-fix lint on edited source files
 # Purpose: Continuous Prettier + ESLint --fix after every Edit/Write.

package/templates/hooks/cbp-maestro-yaml-validate.sh

@@ -1,5 +1,4 @@
 #!/usr/bin/env bash
-# @scope: org-shared
 # @event: PreToolUse
 # @matcher: Edit|Write|MultiEdit
 # Validate maestro flow YAML against the installed CLI's accepted property set.

package/templates/hooks/cbp-mcp-caller-worktree-inject.sh

@@ -1,5 +1,4 @@
 #!/bin/bash
-# @scope: org-shared
 # @hook: PreToolUse mcp__codebyplan__(update_checkpoint|complete_checkpoint|update_task|complete_task|add_round|update_round|complete_round|create_standalone_task|update_standalone_task|complete_standalone_task|add_standalone_round|update_standalone_round|complete_standalone_round|update_standalone_file_change)
 # Hook: PreToolUse for MCP write tools
 #

package/templates/hooks/cbp-mcp-migration-guard.sh

@@ -1,5 +1,4 @@
 #!/bin/bash
-# @scope: org-shared
 # @hook: PreToolUse for MCP mutation tools
 # Hook: PreToolUse for MCP mutation tools
 # Purpose: Warn once per session if a legacy .codebyplan.json exists at repo root (post-CHK-120).

package/templates/hooks/cbp-mcp-round-sync.sh

@@ -1,5 +1,4 @@
 #!/bin/bash
-# @scope: org-shared
 # Hook: PostToolUse mcp__codebyplan__complete_round
 # Purpose: After complete_round succeeds, delegate git-diff drift merge,
 #          staging-status flip, and web-UI flag sync to the codebyplan CLI.

package/templates/hooks/cbp-plugin-dispatch.sh

@@ -1,5 +1,4 @@
 #!/bin/bash
-# @scope: org-shared
 # Hook: universal plugin-script dispatcher
 # Purpose: Resolve a plugin-shipped hook/statusLine script path with auto-detect fallback.
 # Workaround: ${CLAUDE_PLUGIN_ROOT} is set in the plugin's own hook context but may not

package/templates/hooks/cbp-pre-commit-quality-gate.sh

@@ -1,5 +1,4 @@
 #!/bin/bash
-# @scope: org-shared
 # @hook: PreToolUse Bash
 # Hook: PreToolUse for Bash (git commit commands)
 # Purpose: Block git commits that violate greenfield-lint-zero-warnings,

package/templates/hooks/cbp-session-start-hook.sh

@@ -1,5 +1,4 @@
 #!/bin/bash
-# @scope: org-shared
 # Hook: SessionStart
 # Purpose: Hydrate .codebyplan/state/ via `codebyplan sync` and ensure the
 #          per-worktree watch daemon is running. Hook-safe: all errors

package/templates/hooks/cbp-statusline.mjs

@@ -1,5 +1,4 @@
 #!/usr/bin/env node
-// @scope: org-shared
 // @hook: NOT-A-HOOK (statusLine renderer, invoked via the cbp-statusline.sh dispatcher)
 // Claude Code Status Line — node renderer (ESM; .mjs forces ESM regardless of the
 // host repo's package.json "type", so the script is portable into any consumer).

package/templates/hooks/cbp-statusline.py

@@ -1,5 +1,4 @@
 #!/usr/bin/env python3
-# @scope: org-shared
 # @hook: NOT-A-HOOK (statusLine renderer, invoked via the cbp-statusline.sh dispatcher)
 # Claude Code Status Line — python renderer.
 # Byte-identical output to the bash renderer in cbp-statusline.sh and the node

package/templates/hooks/cbp-statusline.sh

@@ -1,5 +1,4 @@
 #!/bin/bash
-# @scope: org-shared
 # @hook: NOT-A-HOOK (statusLine renderer, invoked by settings.json statusLine.command)
 # Claude Code Status Line — multi-runtime dispatcher + bash renderer
 # Purpose: Renders up to 6 structured lines of Claude Code status from stdin JSON.

package/templates/hooks/cbp-subagent-statusline.mjs

@@ -1,5 +1,4 @@
 #!/usr/bin/env node
-// @scope: org-shared
 // @hook: NOT-A-HOOK (subagentStatusLine renderer, invoked via the cbp-subagent-statusline.sh dispatcher)
 // Claude Code Subagent Status Line — node renderer (ESM; .mjs forces ESM regardless
 // of the host repo's package.json "type"). Byte-identical output to the bash renderer

package/templates/hooks/cbp-subagent-statusline.py

@@ -1,5 +1,4 @@
 #!/usr/bin/env python3
-# @scope: org-shared
 # @hook: NOT-A-HOOK (subagentStatusLine renderer, invoked via the cbp-subagent-statusline.sh dispatcher)
 # Claude Code Subagent Status Line — python renderer. Byte-identical output to the
 # bash renderer in cbp-subagent-statusline.sh and the node renderer in

package/templates/hooks/cbp-subagent-statusline.sh

@@ -1,5 +1,4 @@
 #!/bin/bash
-# @scope: org-shared
 # Portability: bash 3.2+ (macOS default /bin/bash). UTF-8 multibyte chars in
 # user-controlled fields are byte-iterated under 3.2 (over-counts visible width
 # for non-ASCII content); acceptable safe-direction approximation — and the node

package/templates/hooks/cbp-test-coverage-gate.sh

@@ -1,5 +1,4 @@
 #!/bin/bash
-# @scope: org-shared
 # @hook: PreToolUse Bash
 # Hook: PreToolUse for Bash (git commit commands)
 # Purpose: Block git commits when new source files lack test companions

package/templates/hooks/cbp-test-hooks.sh

@@ -1,5 +1,4 @@
 #!/bin/bash
-# @scope: org-shared
 # @hook: NOT-A-HOOK (test suite for plugin hooks; invoked by cbp-auto-test-hooks.sh)
 # Purpose: Test suite for plugin's shipped hooks. Invoked by cbp-auto-test-hooks.sh whenever a
 #          plugin hook file is edited. Not a PreToolUse/PostToolUse/Notification hook itself —

package/templates/hooks/validate-context-usage.sh

@@ -1,5 +1,4 @@
 #!/bin/bash
-# @scope: org-shared
 # Hook Helper: Context file usage validation for validate-structure.sh
 # Purpose: Ensure context files are referenced by at least one agent or skill
 # Sourced by validate-structure.sh - not run directly

package/templates/hooks/validate-git-commit.sh

@@ -1,5 +1,4 @@
 #!/bin/bash
-# @scope: org-shared
 # @hook: PreToolUse Bash
 # Hook: PreToolUse for Bash (git commit commands)
 # Purpose: Prevent Claude attribution in git commits
@@ -33,21 +32,70 @@ block() {
   exit 2
 }
 
-# Check for Claude attribution patterns
-# Case-insensitive check for various patterns
+# ---------------------------------------------------------------------------
+# Isolate the commit MESSAGE from the rest of the command.
+#
+# The broad "claude/anthropic" word-check below targets attribution that may
+# land in the commit *message* — NOT benign mentions elsewhere in the command
+# (narration echoes, a `.claude/CLAUDE.md` path argument, a piped subcommand).
+# Scanning the whole command false-positives on those (e.g. an `echo` that
+# says the word "claude", or `git commit .claude/CLAUDE.md -m "..."`). So we
+# extract just the message text:
+#   (a) heredoc bodies   — the `-m "$(cat <<'EOF' ... EOF)"` pattern
+#   (b) -m/--message args — quoted "..." or '...'
+# If no message can be isolated (editor commit, `-F file`), fall back to the
+# whole command so attribution protection is never silently dropped.
+#
+# The specific checks further down (generated-with / co-authored-by / emoji /
+# --author) still scan the WHOLE command — those patterns are precise enough
+# that catching them anywhere is correct, and they backstop this extraction.
+# ---------------------------------------------------------------------------
+extract_commit_message() {
+  local cmd="$1"
+  local out="" delim margs
 
-# Check for "Claude" mentions (but allow CLAUDE.md files and .claude/ folder paths)
-# First, remove CLAUDE.md filenames and .claude(/path|word-end) — BSD-compatible word-boundary via [[:>:]]
-# Word-boundary allows ".claude folder" / ".claude rules" / ".claude/" all as legit folder references
-COMMAND_WITHOUT_FILES=$(echo "$COMMAND" \
+  # (a) Heredoc body. Detect the delimiter (supports <<EOF, <<'EOF', <<-EOF),
+  #     then print the lines strictly between the opener and its closing line.
+  #     Each pipeline ends in sed/awk (exit 0) so a no-match grep cannot trip
+  #     `set -e` via the command substitution.
+  delim=$(printf '%s\n' "$cmd" \
+    | grep -oE "<<-?[[:space:]]*'?[A-Za-z_][A-Za-z0-9_]*'?" \
+    | head -n1 \
+    | sed -E "s/^<<-?[[:space:]]*//; s/'//g")
+  if [ -n "$delim" ]; then
+    out=$(printf '%s\n' "$cmd" | awk -v d="$delim" '
+      start==0 { if (index($0, "<<") && index($0, d)) { start=1 } ; next }
+      start==1 { s=$0; sub(/^[ \t]+/,"",s); sub(/[ \t]+$/,"",s); if (s==d) {start=2; next} print }
+    ')
+  fi
+
+  # (b) Quoted -m / --message argument values.
+  margs=$(printf '%s\n' "$cmd" \
+    | grep -oE -- "(-m|--message)[[:space:]]+(\"[^\"]*\"|'[^']*')" \
+    | sed -E "s/^(-m|--message)[[:space:]]+//; s/^[\"']//; s/[\"']$//")
+
+  printf '%s\n%s\n' "$out" "$margs"
+}
+
+MESSAGE=$(extract_commit_message "$COMMAND")
+# Fall back to scanning the whole command when no message could be isolated.
+if [ -z "$(printf '%s' "$MESSAGE" | tr -d '[:space:]')" ]; then
+  MESSAGE="$COMMAND"
+fi
+
+# Check for Claude attribution in the MESSAGE (case-insensitive).
+# Allow legitimate CLAUDE.md filenames and .claude/ folder paths that may
+# legitimately appear inside a commit message (e.g. a commit *about* them).
+# BSD-compatible word-boundary via [[:>:]].
+MESSAGE_WITHOUT_FILES=$(echo "$MESSAGE" \
   | sed -E 's/CLAUDE(\.[a-z]+)?\.md//gi' \
   | sed -E 's/\.claude(\/[a-zA-Z0-9_./-]*|[[:>:]])//gi' \
   | sed -E 's/\$\{CLAUDE[A-Z_]*\}//g' \
   | sed -E 's/claude-plugin[a-zA-Z0-9_./-]*//gi' \
   | sed -E 's/codebyplan-claude[a-zA-Z0-9_./-]*//gi' \
   | sed -E 's/@codebyplan\/claude[a-zA-Z0-9_./-]*//gi')
-if echo "$COMMAND_WITHOUT_FILES" | grep -qiE 'claude|anthropic'; then
-  block "BLOCKED: Git commit contains Claude/Anthropic attribution. Remove any mention of Claude from the commit message. Author should only be: midevyou <midevyosauhing@gmail.com>"
+if echo "$MESSAGE_WITHOUT_FILES" | grep -qiE 'claude|anthropic'; then
+  block "BLOCKED: Git commit message contains Claude/Anthropic attribution. Remove any mention of Claude from the commit message. Author should only be: midevyou <midevyosauhing@gmail.com>"
 fi
 
 # Check for "Generated with" patterns

package/templates/hooks/validate-git-stash-deny.sh

@@ -1,5 +1,4 @@
 #!/bin/bash
-# @scope: org-shared
 # Hook: PreToolUse Bash
 # Purpose: Deny any `git stash` command. Git stash is banned per the
 #          feedback_no-git-stash auto-memory entry. Alternatives:

package/templates/hooks/validate-structure-lengths.sh

@@ -1,5 +1,4 @@
 #!/bin/bash
-# @scope: org-shared
 # Hook Helper: File-length enforcement for validate-structure.sh
 # Two-tier policy: warn at recommended → stderr notice; block at hard cap (~2× warn) → exit 2
 # Sourced by validate-structure.sh — not run directly.

package/templates/hooks/validate-structure-lib.sh

@@ -1,5 +1,4 @@
 #!/bin/bash
-# @scope: org-shared
 # Hook Helper Library: Shared primitives for validate-structure-*.sh
 # Purpose: Block/warn formatters, path-matching, content extraction,
 #          frontmatter / scope-marker detection, line counting.
@@ -102,3 +101,20 @@ has_yaml_field() {
 has_scope_comment() {
   [ -f "$1" ] && head -5 "$1" 2>/dev/null | grep -q "^# @scope:"
 }
+
+# has_template_twin <rel_path_under_claude>
+# Returns 0 when the codebyplan package ships a template twin for this .claude file
+# (i.e. the file is package-MANAGED — org-shared is its implicit default and a
+# scope marker is NOT required). <rel_path_under_claude> is the path beneath
+# .claude/ (e.g. "rules/foo.md", "skills/x/SKILL.md").
+#   Monorepo: $REPO_ROOT/packages/codebyplan-package/templates/<rel>
+#   Consumer: $REPO_ROOT/node_modules/codebyplan/templates/<rel>
+# Returns non-zero when no twin is found — including when no templates dir is
+# resolvable at all. Callers treat a non-zero result as "user-created", which is
+# the conservative fallback: a scope marker is then required (legacy behavior).
+has_template_twin() {
+  local rel="$1"
+  [ -f "$REPO_ROOT/packages/codebyplan-package/templates/$rel" ] && return 0
+  [ -f "$REPO_ROOT/node_modules/codebyplan/templates/$rel" ] && return 0
+  return 1
+}

package/templates/hooks/validate-structure-patterns.sh

@@ -1,5 +1,4 @@
 #!/bin/bash
-# @scope: org-shared
 # Hook Helper: Pattern validation for validate-structure.sh
 # Purpose: Validate file paths against structure patterns
 # Sourced by validate-structure.sh - not run directly

package/templates/hooks/validate-structure-scope.sh

@@ -1,31 +1,63 @@
 #!/bin/bash
-# @scope: org-shared
 # Hook Helper: Scope marker validation for validate-structure.sh
-# Purpose: Ensure all .claude/ files have a scope marker for structural classification
+# Purpose: Enforce scope markers on USER-CREATED .claude/ files only. Files the
+#          codebyplan package distributes (a template twin exists) are MANAGED:
+#          org-shared is the implicit default, so no marker is required and an
+#          explicit 'org-shared' marker is redundant (warned, non-blocking).
+#          A file with no template twin is user-created and must declare a marker.
 # Sourced by validate-structure.sh - not run directly
 #
-# Expects: $REL_PATH, $FILE_PATH, $EXT, warn(), match_path(),
-#          has_yaml_frontmatter(), has_yaml_field(), has_scope_comment() (from validate-structure-lib.sh)
+# Expects: $REL_PATH, $FILE_PATH, $EXT, $REPO_ROOT, warn(), match_path(),
+#          has_yaml_frontmatter(), has_yaml_field(), has_scope_comment(),
+#          has_template_twin() (from validate-structure-lib.sh)
 
 # Only check .claude/ files
 if ! match_path '^/\.claude/'; then
   return 0 2>/dev/null || true
 fi
 
+# Path beneath .claude/ — used for template-twin (managed) detection.
+_scope_rel="${REL_PATH#/.claude/}"
+
+# Managed = the codebyplan package ships a template twin for this file. When no
+# twin is found (or no templates dir is resolvable) the file is user-created and
+# a marker is required — the conservative fallback that preserves legacy behavior.
+if has_template_twin "$_scope_rel"; then
+  _scope_managed=1
+else
+  _scope_managed=0
+fi
+
+_valid_scope_re='^(org-shared|project-shared|repo-only:[a-z0-9]([a-z0-9-]*[a-z0-9])?)$'
+
 case "$EXT" in
   md)
-    if has_yaml_frontmatter "$FILE_PATH"; then
-      if ! has_yaml_field "$FILE_PATH" scope; then
-        warn "Missing scope: in frontmatter. Add 'scope: org-shared' / 'scope: project-shared' / 'scope: repo-only:<name>' for structural classification. See rules/scope-vocabulary.md."
+    if has_yaml_frontmatter "$FILE_PATH" && has_yaml_field "$FILE_PATH" scope 50; then
+      _scope_val=$(head -50 "$FILE_PATH" 2>/dev/null | grep -E '^scope:' | head -1 \
+        | sed -E 's/^scope:[[:space:]]*//; s/[[:space:]]*#.*$//; s/[[:space:]]*$//')
+      if [ "$_scope_managed" = "1" ] && [ "$_scope_val" = "org-shared" ]; then
+        warn "Redundant 'scope: org-shared' on a package-managed file — org-shared is the implicit default; remove the key. See rules/scope-vocabulary.md."
+      elif ! [[ "$_scope_val" =~ $_valid_scope_re ]]; then
+        warn "Invalid scope value '$_scope_val'. Use org-shared / project-shared / repo-only:<name>. See rules/scope-vocabulary.md."
       fi
-    else
-      warn "Missing frontmatter with scope:. Add YAML frontmatter with 'scope: org-shared' / 'scope: project-shared' / 'scope: repo-only:<name>'. See rules/scope-vocabulary.md."
+    elif [ "$_scope_managed" = "0" ]; then
+      warn "Missing scope: in frontmatter. A user-created .claude/ file must declare 'scope: project-shared' or 'scope: repo-only:<name>' (package-managed files default to org-shared). See rules/scope-vocabulary.md."
     fi
+    # managed + no marker → org-shared implied, no warning.
     ;;
   sh)
-    if ! has_scope_comment "$FILE_PATH"; then
-      warn "Missing # @scope: comment. Add '# @scope: org-shared' / '# @scope: project-shared' / '# @scope: repo-only:<name>' after shebang. See rules/scope-vocabulary.md."
+    if has_scope_comment "$FILE_PATH"; then
+      _scope_val=$(head -5 "$FILE_PATH" 2>/dev/null | grep -E '^# @scope:' | head -1 \
+        | sed -E 's/^# @scope:[[:space:]]*//; s/[[:space:]]*#.*$//; s/[[:space:]]*$//')
+      if [ "$_scope_managed" = "1" ] && [ "$_scope_val" = "org-shared" ]; then
+        warn "Redundant '# @scope: org-shared' on a package-managed hook — org-shared is the implicit default; remove the comment. See rules/scope-vocabulary.md."
+      elif ! [[ "$_scope_val" =~ $_valid_scope_re ]]; then
+        warn "Invalid @scope value '$_scope_val'. Use org-shared / project-shared / repo-only:<name>. See rules/scope-vocabulary.md."
+      fi
+    elif [ "$_scope_managed" = "0" ]; then
+      warn "Missing # @scope: comment. A user-created .claude/ hook must declare '# @scope: project-shared' or '# @scope: repo-only:<name>' (package-managed hooks default to org-shared). See rules/scope-vocabulary.md."
     fi
+    # managed + no marker → org-shared implied, no warning.
     ;;
   json)
     # JSON can't have frontmatter — skip

package/templates/hooks/validate-structure-smoke.sh

@@ -1,5 +1,4 @@
 #!/bin/bash
-# @scope: org-shared
 # Smoke runner for validate-structure-*.sh + validate-structure-lib.sh
 # Iterates fixtures under __test-fixtures__/validate-structure/{good,bad}/
 # Each test case maps a fixture file → simulated rel path inside .claude/

package/templates/hooks/validate-structure-templates.sh

@@ -1,5 +1,4 @@
 #!/bin/bash
-# @scope: org-shared
 # Hook Helper: Template/context suggestion for validate-structure.sh
 # Purpose: Map file locations to applicable templates or context files
 # Sourced by validate-structure.sh - not run directly