create-byan-agent 2.16.1 → 2.17.1

package/CHANGELOG.md

@@ -7,6 +7,84 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ---
 
+## [2.17.0] - 2026-05-27
+
+### Added - BYAN Strict Mode shipped to npm + byan_web persistence
+
+Anti-downgrade enforcement now packaged for `npx create-byan-agent` and backed by the byan_web API.
+
+#### Strict Mode distribution
+
+- Mirrored the full strict feature into `install/templates/` so a fresh install ships it: MCP tools (`byan_strict_*`), Claude Code hooks (Stop / PreToolUse / UserPromptSubmit), the `byan-strict` skill, `strict-mode.yaml`, and the generated runtime config.
+- `settings.json` template now registers the three strict hooks.
+- Installer wires the cross-platform pre-commit gate: copies `.githooks/` and sets `core.hooksPath` when the target is a git repo (`claude-native-setup.js`).
+
+#### Server-side persistence (API authority)
+
+- byan_web migration `033-strict-sessions.sql` + `routes/strict-sessions.js` (POST lock/upsert, PATCH verify/complete/abort, GET list + by id), scoped to the API key user with optional project attachment.
+- New `lib/strict-sync.js` isolates network I/O: each local mutation pushes best-effort to the API; `byan_strict_status` and the pre-commit gate consult the API first and fall back to the local mirror when it is unreachable.
+- `.mcp.json` carries `BYAN_API_TOKEN` via env (no secret committed).
+
+---
+
+## [2.16.2] - 2026-05-02
+
+### Added - Electron desktop app v1.0 (Linux + Windows)
+
+Commits ea7abf3 + e905bee. App lives in `app/` as a standalone package (not a workspace of the root); builds and publishes independently of `create-byan-agent`.
+
+#### Core shell and security (F1, F2, F12)
+
+- **F1 app shell** — Electron main process in TypeScript (`app/main/`), compiled to `dist/main/`. Window lifecycle, splash, tray (Linux/Win only).
+- **F2 IPC contract** — Preload bridge via `contextBridge` (`app/preload/`). All renderer-to-Node calls go through typed IPC channels; `nodeIntegration: false`, `contextIsolation: true`, `sandbox: true`.
+- **F12 strict CSP** — Content Security Policy header injected by main process; default-src self, no inline scripts, no eval.
+
+#### Local server lifecycle and renderer (F3, F13)
+
+- **F3 lifecycle** — Main process spawns and supervises the existing `install/src/webui/server.js` local server on a free port; emits `server-ready` IPC event to renderer.
+- **F13 dev hot reload** — `npm run dev` runs renderer (Vite dev server, port 5173), main watcher (`tsc -w`), and preload watcher concurrently via `concurrently`; `BYAN_DEV=1` env flag switches main to load the Vite URL instead of `dist/renderer/index.html`.
+
+#### Authentication (F5)
+
+- **F5 hybrid login** — Three login modes selectable at runtime: cloud (`byan.acadenice.fr`), local (auto-detected server), custom URL. Mode persisted in app config; switchable from the native menu.
+
+#### Onboarding (F4)
+
+- **F4 5-step onboarding** — Welcome -> Platform detection -> Config preview -> Apply -> Done. Covers Linux and Windows; macOS branch present but gated (F21 deferred). Onboarding state persisted via Electron store; skipped on subsequent launches.
+
+#### Secure storage (F6)
+
+- **F6 keytar** — API tokens stored via `keytar` (libsecret on Linux, Credential Manager on Windows). Token stored in the OS keychain, not in plaintext config files; IPC `get-token` / `set-token` channels exposed through preload only.
+
+#### Native integration (F19)
+
+- **F19 native menu** — Application menu built with `Menu.buildFromTemplate`; entries: File (quit), Edit (cut/copy/paste/select-all), View (reload, devtools in dev mode), Help (about). Consistent on Linux and Windows.
+
+#### Cross-platform build (F10)
+
+- **F10 build** — `npm run build` compiles main + preload (TypeScript) and bundles renderer (Vite). `npm run build:linux` produces AppImage + deb via electron-builder. `npm run build:win` produces NSIS installer via cross-compilation (Wine on Linux CI or native Windows runner).
+
+#### CI matrix (F11, P1)
+
+- **F11 + P1 GitHub Actions matrix** — Workflow `.github/workflows/electron-ci.yml` runs on `ubuntu-latest` (Linux build + unit tests) and `windows-latest` (Windows build + unit tests) in parallel. Draft GitHub Release created automatically when a `v*` tag is pushed; AppImage, deb, and NSIS installer attached as artifacts.
+
+#### Test suite (F18)
+
+- **F18 E2E Playwright** — Playwright suite in `app/__tests__/` using `playwright-electron`; covers: app launch, onboarding flow, login modal, token store round-trip, native menu visibility. `npm run test:e2e` runs the full suite headlessly.
+
+### Changed
+
+- `install/src/webui/server.js` and `install/src/webui/api.js` — minor edits to support port-injection from the Electron main process (F3: server accepts `BYAN_PORT` env var, binds to `127.0.0.1` only, emits a ready signal to stdout that main process parses).
+
+### Notes
+
+- **F21 macOS** — deferred; code branch exists, not tested, no CI runner. Target: v1.1.
+- **F9 auto-update** — electron-updater integration deferred to P2 (v1.1). Update check menu item is present but inert.
+- **F14 MCP control panel** — deferred to P2 (v1.1).
+- **First CI run** — push tag `v0.1.0-rc` to trigger the first draft release and validate artifact upload end-to-end before promoting to `v1.0.0`.
+
+---
+
 ## [2.9.10] - 2026-04-21
 
 ### Fixed - MCP auth scheme wrong for byan_web API keys

package/README.md

@@ -428,6 +428,29 @@ Domaines stricts : `security` / `performance` / `compliance` → LEVEL-2 minimum
 
 ---
 
+## BYAN Strict Mode — Anti-Downgrade
+
+Mode d'enforcement qui empêche l'agent de livrer moins que demandé (un MVP au
+lieu de l'app prod, un stub au lieu de la feature, un template baclé). Actif sur
+les **3 plateformes** : Claude Code, Codex, GitHub Copilot.
+
+```
+1. Lock du scope       byan_strict_lock_scope  (scope verbatim + critères testables)
+2. Build complet       pas de MVP, pas de stub, tout gap est signalé
+3. Self-verify >= 3x   byan_strict_self_verify (relit la demande initiale)
+4. Complete            byan_strict_complete    (jeton d'audit)
+```
+
+Le commit est **bloqué** par un filet pre-commit tant que la session strict
+engagée n'est pas complétée correctement — y compris pour Codex et Copilot qui
+n'ont pas de hook in-session. Source de vérité unique :
+`_byan/_config/strict-mode.yaml`, régénérée via `byan-sync-rules`.
+
+Activation : `byan_fd_start strict:true`, skill `byan-strict`, ou auto-détection
+sur mots-clés (`prod`, `client`, `livrable`, `contrat`, `release`...).
+
+---
+
 ## Workflows Principaux
 
 | Workflow | Description | Agent principal |
@@ -443,6 +466,7 @@ Domaines stricts : `security` / `performance` / `compliance` → LEVEL-2 minimum
 | `testarch-atdd` | Générer des tests ATDD avant implémentation | tea |
 | `fact-check` | Analyser une assertion ou un document | fact-checker |
 | `elo-workflow` | Consulter et gérer le score de confiance ELO | byan |
+| `byan-sync-rules` | Régénérer les artefacts du mode strict (3 plateformes) | byan |
 
 ---
 

package/install/lib/claude-native-setup.js

@@ -131,6 +131,35 @@ async function installMcpDependencies(mcpServerPath) {
   }
 }
 
+async function copyGitHooks(projectRoot) {
+  // The BYAN Strict Mode pre-commit gate is the cross-platform final net
+  // (Codex/Copilot have no in-session hook). Install it whenever the project
+  // is a git repo: copy .githooks/ and point core.hooksPath at it.
+  const src = path.join(TEMPLATE_ROOT, '.githooks');
+  const dst = path.join(projectRoot, '.githooks');
+  if (!(await fs.pathExists(src))) return { copied: false, reason: 'no_template' };
+  await fs.copy(src, dst, { overwrite: true });
+
+  const preCommit = path.join(dst, 'pre-commit');
+  if (await fs.pathExists(preCommit)) {
+    try { await fs.chmod(preCommit, 0o755); } catch { /* non-fatal */ }
+  }
+
+  // Only wire core.hooksPath when this is actually a git repo.
+  if (!(await fs.pathExists(path.join(projectRoot, '.git')))) {
+    return { copied: true, hooksPath: false, reason: 'not_a_git_repo' };
+  }
+  try {
+    execSync('git config core.hooksPath .githooks', {
+      cwd: projectRoot,
+      stdio: ['ignore', 'ignore', 'pipe'],
+    });
+    return { copied: true, hooksPath: true };
+  } catch (err) {
+    return { copied: true, hooksPath: false, error: err.message || String(err) };
+  }
+}
+
 async function setupClaudeNative(projectRoot, options = {}) {
   const log = options.quiet ? () => {} : (...a) => console.log(...a);
   const results = {};
@@ -158,6 +187,13 @@ async function setupClaudeNative(projectRoot, options = {}) {
   results.mcpConfig = await generateMcpConfig(projectRoot, options);
   log(chalk.green(`  ✓ .mcp.json generated (absolute path)`));
 
+  results.gitHooks = await copyGitHooks(projectRoot);
+  if (results.gitHooks.copied && results.gitHooks.hooksPath) {
+    log(chalk.green(`  ✓ Strict pre-commit gate wired (.githooks + core.hooksPath)`));
+  } else if (results.gitHooks.copied) {
+    log(chalk.yellow(`  ⚠ .githooks copied but not wired (${results.gitHooks.reason || 'no git repo'}); run: git config core.hooksPath .githooks`));
+  }
+
   if (results.mcp.copied && options.installDeps !== false) {
     results.mcpDeps = await installMcpDependencies(results.mcp.path);
     if (results.mcpDeps.installed) {
@@ -187,6 +223,7 @@ module.exports = {
   copyClaudeSkills,
   copyClaudeSettings,
   copyMcpServer,
+  copyGitHooks,
   makeNodeModulesFilter,
   generateMcpConfig,
   installMcpDependencies,

package/install/package.json

@@ -1,6 +1,6 @@
 {
   "name": "create-byan-agent",
-  "version": "2.16.1",
+  "version": "2.17.1",
   "description": "BYAN v2.2.2 - Intelligent AI agent installer with multi-platform native support (GitHub Copilot CLI, Claude Code, Codex/OpenCode)",
   "bin": {
     "create-byan-agent": "bin/create-byan-agent-v2.js"

package/install/packages/platform-config/lib/validate.js

@@ -24,20 +24,6 @@ async function validateByanWebReachability({ apiUrl, token, timeoutMs = 5000 })
     const latencyMs = Date.now() - t0;
     clearTimeout(timer);
 
-    const ct = (res.headers && typeof res.headers.get === 'function'
-      ? res.headers.get('content-type')
-      : '') || '';
-    const lowerCt = ct.toLowerCase();
-
-    if (lowerCt.includes('text/html')) {
-      return {
-        reachable: false,
-        status: res.status,
-        latencyMs,
-        error: 'Response is HTML — BYAN_API_URL likely points at the WebUI (behind SSO) instead of the API backend. Try byan-api.<domain> without /api suffix.',
-      };
-    }
-
     if (res.status >= 200 && res.status < 400) {
       return { reachable: true, status: res.status, latencyMs };
     }

package/install/src/webui/api.js

@@ -84,6 +84,12 @@ function detectPlatforms(projectRoot) {
 }
 
 const routes = {
+  // Lightweight health-check — used by Electron LocalServer health-ping every 5s.
+  'GET health': async (req, res) => {
+    res.writeHead(200);
+    res.end(JSON.stringify({ ok: true }));
+  },
+
   'GET status': async (req, res, server) => {
     const projectRoot = server.projectRoot;
     const version = readPackageVersion();

package/install/src/webui/server.js

@@ -51,8 +51,15 @@ class ByanWebUI {
 
     return new Promise((resolve) => {
       this.server.listen(this.port, () => {
-        const url = `http://localhost:${this.port}`;
+        const addr = this.server.address();
+        const assignedPort = (addr && typeof addr === 'object') ? addr.port : this.port;
+        const url = `http://localhost:${assignedPort}`;
         console.log(`BYAN WebUI running at ${url}`);
+        // Notify parent Electron process (F3 LocalServer) of the assigned port.
+        // process.send exists only when forked via child_process.fork().
+        if (typeof process.send === 'function') {
+          process.send({ type: 'ready', port: assignedPort });
+        }
         this.openBrowser(url);
         resolve(this);
       });

package/install/templates/.claude/CLAUDE.md

@@ -44,6 +44,7 @@ Voir @.claude/rules/hermes-dispatcher.md pour les commandes Hermes.
 - Methodologie: voir @.claude/rules/merise-agile.md
 - Systeme de confiance epistemique: voir @.claude/rules/elo-trust.md
 - Protocol fact-check scientifique: voir @.claude/rules/fact-check.md
+- Mode strict anti-downgrade: voir @.claude/rules/strict-mode.md
 - Systeme API byan_web: voir @.claude/rules/byan-api.md
 
 ## API byan_web
@@ -73,3 +74,20 @@ Domaines stricts : security/performance/compliance → LEVEL-2 minimum sinon BLO
 
 Agent dédié: `@fact-checker` — analyse assertions, audits de documents, chaines de raisonnement.
 Dans BYAN: tapez `[FC]` pour le sous-menu fact-check.
+
+## BYAN Strict Mode
+
+Mode d'enforcement anti-downgrade : empeche l'agent de livrer moins que demande
+(MVP au lieu de prod, stub au lieu de feature, template bacle). Fonctionne sur
+les 3 plateformes (Claude Code, Codex, Copilot).
+
+Protocole : lock du scope -> build complet -> self-verify >= 3 passes -> complete
+(jeton d'audit). Le commit est bloque tant que la verification n'est pas acquise.
+
+- Source de verite : `_byan/_config/strict-mode.yaml` (regenerer via `byan-sync-rules`)
+- Outils MCP : `byan_strict_lock_scope`, `byan_strict_self_verify`, `byan_strict_complete`, `byan_strict_status`, `byan_strict_abort`, `byan_strict_suggest`
+- Activation : `byan_fd_start strict:true`, skill `byan-strict`, ou mots-cles (prod, client, livrable...)
+- Filet final : `.githooks/pre-commit` bloque le commit si une session strict est engagee mais non completee
+- Persistance : sessions poussees vers l'API byan_web (autorite ; local = miroir/fallback offline)
+
+Detail complet : voir @.claude/rules/strict-mode.md

package/install/templates/.claude/hooks/lib/strict-config.json

@@ -0,0 +1,46 @@
+{
+  "_generated_by": "byan-sync-rules",
+  "version": 1,
+  "min_passes": 3,
+  "last_verdict_must_be": "ok",
+  "min_score": 95,
+  "auto_keywords": [
+    "prod",
+    "production",
+    "client",
+    "contrat",
+    "template officiel",
+    "livrable",
+    "deliverable",
+    "mise en production",
+    "release"
+  ],
+  "completion_claim_markers": [
+    "done",
+    "finished",
+    "complete",
+    "delivered",
+    "ready",
+    "shipped",
+    "terminé",
+    "fini",
+    "livré",
+    "prêt",
+    "c'est bon",
+    "voilà"
+  ],
+  "scope_guard": {
+    "enforce_paths": true,
+    "exempt_globs": [
+      ".byan-strict/",
+      "_byan-output/",
+      ".git/"
+    ]
+  },
+  "freshness_window_seconds": 600,
+  "banners": {
+    "context": "[STRICT MODE ACTIVE]\nYou are under BYAN Strict Mode. Before building:\n  1. Lock the scope (byan_strict_lock_scope) with testable acceptance criteria.\nWhile building:\n  2. Do not downgrade the scope. Surface any gap, do not cut silently.\nBefore delivering:\n  3. Run >= 3 self-verify passes (byan_strict_self_verify), re-reading the\n     original request each time. The last pass must report verdict \"ok\".\n  4. Call byan_strict_complete to earn the audit token.\nHard claims (security/performance/compliance) require LEVEL-1 sourcing (95%).\nA commit without a fresh, matching audit token is blocked by the pre-commit gate.\n",
+    "stop_block": "Strict mode: the turn cannot end. The locked scope has not passed three self-verify passes with a final \"ok\" verdict. Run byan_strict_self_verify until the scope is satisfied, then byan_strict_complete.",
+    "scope_deny": "Strict mode: this write targets a path outside the locked scope. Either it belongs to the scope (re-lock with the corrected paths) or it does not (do not write it)."
+  }
+}

package/install/templates/.claude/hooks/lib/strict-runtime.js

@@ -0,0 +1,82 @@
+// Shared runtime helpers for the BYAN Strict Mode hooks.
+//
+// Reads two files :
+//   - .claude/hooks/lib/strict-config.json : generated from strict-mode.yaml
+//     by byan-sync-rules (static config : thresholds, keywords, banners).
+//   - .byan-strict/state.json : the live session state written by the
+//     byan_strict_* MCP tools (lib/strict-mode.js).
+//
+// Hooks only READ here. The authoritative writes live in the MCP tools.
+
+const fs = require('fs');
+const path = require('path');
+
+function projectRoot() {
+  return process.env.CLAUDE_PROJECT_DIR || process.cwd();
+}
+
+function readJson(filePath) {
+  try {
+    if (!fs.existsSync(filePath)) return null;
+    return JSON.parse(fs.readFileSync(filePath, 'utf8'));
+  } catch {
+    return null;
+  }
+}
+
+function loadConfig() {
+  const p = path.join(projectRoot(), '.claude', 'hooks', 'lib', 'strict-config.json');
+  return readJson(p);
+}
+
+function loadState() {
+  const p = path.join(projectRoot(), '.byan-strict', 'state.json');
+  return readJson(p);
+}
+
+// A strict session is "engaged" when it is active, has a locked scope, and
+// has not been completed yet. This is the window where enforcement applies.
+function isEngaged(state) {
+  return Boolean(state && state.active && state.scope_lock && !state.completed);
+}
+
+function passCount(state) {
+  return state && Array.isArray(state.self_verify_passes)
+    ? state.self_verify_passes.length
+    : 0;
+}
+
+function lastVerdict(state) {
+  const passes = state && state.self_verify_passes;
+  if (!Array.isArray(passes) || passes.length === 0) return null;
+  return passes[passes.length - 1].verdict;
+}
+
+function readStdin() {
+  return new Promise((resolve) => {
+    if (process.stdin.isTTY) return resolve('');
+    let data = '';
+    process.stdin.on('data', (c) => (data += c));
+    process.stdin.on('end', () => resolve(data));
+    process.stdin.on('error', () => resolve(data));
+  });
+}
+
+function parseJson(raw) {
+  try {
+    return raw ? JSON.parse(raw) : {};
+  } catch {
+    return {};
+  }
+}
+
+module.exports = {
+  projectRoot,
+  loadConfig,
+  loadState,
+  isEngaged,
+  passCount,
+  lastVerdict,
+  readStdin,
+  parseJson,
+};

package/install/templates/.claude/hooks/strict-context-inject.js

@@ -0,0 +1,86 @@
+#!/usr/bin/env node
+/**
+ * UserPromptSubmit hook — BYAN Strict Mode context injector.
+ *
+ * Two behaviors :
+ *   - When a strict session is engaged, inject the strict banner plus a live
+ *     status line (passes done / required, locked scope hash) so the agent
+ *     stays anchored to the contract on every turn.
+ *   - When no session is engaged but the user's prompt contains an activation
+ *     keyword (prod, production, client, contrat, ...), inject a suggestion to
+ *     lock strict mode before building. It suggests, it does not auto-lock.
+ *
+ * Emits empty context on any error.
+ */
+
+const {
+  loadConfig,
+  loadState,
+  isEngaged,
+  passCount,
+  lastVerdict,
+  readStdin,
+  parseJson,
+} = require('./lib/strict-runtime');
+
+function findKeyword(prompt, keywords) {
+  if (!prompt || !Array.isArray(keywords)) return null;
+  const lower = prompt.toLowerCase();
+  for (const k of keywords) {
+    const kw = String(k).toLowerCase();
+    if (/^[a-z]+$/.test(kw)) {
+      if (new RegExp(`\\b${kw}\\b`).test(lower)) return k;
+    } else if (lower.includes(kw)) {
+      return k;
+    }
+  }
+  return null;
+}
+
+// Pure : returns the additionalContext string (possibly empty).
+function buildContext({ state, config, prompt }) {
+  if (isEngaged(state)) {
+    const minPasses = (config && config.min_passes) || 3;
+    const banner = (config && config.banners && config.banners.context) || '[STRICT MODE ACTIVE]';
+    const done = passCount(state);
+    const hash = state.scope_lock ? state.scope_lock.scope_hash : 'unknown';
+    return (
+      `${banner}\n` +
+      `Locked scope: ${hash} | self-verify ${done}/${minPasses} | last verdict ${lastVerdict(state) || 'none'}.\n` +
+      `Stay inside the locked scope. Do not declare done before byan_strict_complete returns an audit token.`
+    );
+  }
+
+  const keyword = findKeyword(prompt, config && config.auto_keywords);
+  if (keyword) {
+    return (
+      `[STRICT MODE SUGGESTED]\n` +
+      `The request mentions "${keyword}", which signals a production-grade deliverable. ` +
+      `Before building, consider locking strict mode with byan_strict_lock_scope ` +
+      `(verbatim scope + testable acceptance criteria). Strict mode enforces ` +
+      `>= ${(config && config.min_passes) || 3} self-verify passes and a 95% confidence floor on hard claims. ` +
+      `Confirm with the user, then lock.`
+    );
+  }
+
+  return '';
+}
+
+if (require.main === module) {
+  (async () => {
+    const state = loadState();
+    const config = loadConfig();
+    const payload = parseJson(await readStdin());
+    const prompt = payload.prompt || payload.user_prompt || payload.userPrompt || '';
+
+    const additionalContext = buildContext({ state, config, prompt });
+    process.stdout.write(
+      JSON.stringify({
+        hookSpecificOutput: { hookEventName: 'UserPromptSubmit', additionalContext },
+      })
+    );
+    process.exit(0);
+  })();
+}
+
+module.exports = { buildContext, findKeyword };

package/install/templates/.claude/hooks/strict-scope-guard.js

@@ -0,0 +1,101 @@
+#!/usr/bin/env node
+/**
+ * PreToolUse hook — BYAN Strict Mode scope guard.
+ *
+ * When a strict session is engaged and the locked scope declares allowed
+ * paths, deny Write/Edit calls that target a file outside those paths. This
+ * keeps the agent inside the contract it locked : it cannot silently spread
+ * changes across the repo under the cover of the locked task.
+ *
+ * Exempt paths (the strict bookkeeping, build output, git) are always
+ * allowed. If enforce_paths is off or no allowed paths were declared, every
+ * write is allowed.
+ *
+ * Non-blocking on parse error.
+ */
+
+const path = require('path');
+const { loadConfig, loadState, isEngaged, projectRoot, readStdin, parseJson } =
+  require('./lib/strict-runtime');
+
+function toRelative(filePath, root) {
+  if (!filePath) return '';
+  const abs = path.isAbsolute(filePath) ? filePath : path.join(root, filePath);
+  const rel = path.relative(root, abs);
+  return rel.split(path.sep).join('/');
+}
+
+function matchesPrefix(rel, prefix) {
+  const p = String(prefix).replace(/\/+$/, '');
+  return rel === p || rel.startsWith(p + '/');
+}
+
+// Pure decision : returns { deny, reason }.
+function decideScope({ state, config, toolName, filePath }) {
+  if (!['Write', 'Edit'].includes(toolName)) return { deny: false };
+  if (!isEngaged(state)) return { deny: false };
+
+  const guard = (config && config.scope_guard) || {};
+  if (!guard.enforce_paths) return { deny: false };
+
+  const allowed = (state.scope_lock && state.scope_lock.allowed_paths) || [];
+  if (!Array.isArray(allowed) || allowed.length === 0) return { deny: false };
+
+  const root = projectRoot();
+  const rel = toRelative(filePath, root);
+  if (!rel) return { deny: false };
+
+  const exempt = guard.exempt_globs || [];
+  if (exempt.some((g) => matchesPrefix(rel, g))) return { deny: false };
+
+  if (allowed.some((a) => matchesPrefix(rel, a))) return { deny: false };
+
+  const base =
+    (config && config.banners && config.banners.scope_deny) ||
+    'Strict mode: this write targets a path outside the locked scope.';
+  const reason =
+    `${base}\n` +
+    `Target: ${rel}\n` +
+    `Locked paths: ${allowed.join(', ')}\n` +
+    `Either this file belongs to the scope (re-lock with byan_strict_lock_scope ` +
+    `including the corrected paths) or it does not (do not write it).`;
+
+  return { deny: true, reason };
+}
+
+function allow() {
+  return { hookSpecificOutput: { hookEventName: 'PreToolUse', permissionDecision: 'allow' } };
+}
+
+if (require.main === module) {
+  (async () => {
+    const state = loadState();
+    if (!isEngaged(state)) {
+      process.stdout.write(JSON.stringify(allow()));
+      process.exit(0);
+    }
+    const config = loadConfig();
+    const payload = parseJson(await readStdin());
+    const toolName = payload.tool_name || payload.toolName || '';
+    const input = payload.tool_input || payload.toolInput || {};
+    const filePath = input.file_path || '';
+
+    const decision = decideScope({ state, config, toolName, filePath });
+    if (!decision.deny) {
+      process.stdout.write(JSON.stringify(allow()));
+      process.exit(0);
+    }
+    process.stdout.write(
+      JSON.stringify({
+        hookSpecificOutput: {
+          hookEventName: 'PreToolUse',
+          permissionDecision: 'deny',
+          permissionDecisionReason: decision.reason,
+        },
+      })
+    );
+    process.exit(0);
+  })();
+}
+
+module.exports = { decideScope, toRelative, matchesPrefix };