create-byan-agent 2.16.1 → 2.17.1

package/install/templates/.claude/hooks/strict-stop-guard.js

@@ -0,0 +1,100 @@
+#!/usr/bin/env node
+/**
+ * Stop hook — BYAN Strict Mode end-of-turn guard.
+ *
+ * When a strict session is engaged (active + scope locked + not completed),
+ * block the turn from ending IF the assistant's last message claims the work
+ * is done. Completion must be earned through byan_strict_complete (3 passes,
+ * last verdict "ok"), which flips state.completed and disengages this guard.
+ *
+ * A mid-task yield (asking the user a question, reporting progress without a
+ * completion claim) is allowed — the guard only fires on a premature "done".
+ *
+ * Non-blocking on any IO/parse error : the hook never traps a turn when it
+ * cannot read the state.
+ */
+
+const { loadConfig, loadState, isEngaged, passCount, lastVerdict, readStdin, parseJson } =
+  require('./lib/strict-runtime');
+
+const DEFAULT_MARKERS = ['done', 'finished', 'complete', 'delivered', 'ready'];
+
+function claimsCompletion(text, markers) {
+  if (!text) return false;
+  const lower = text.toLowerCase();
+  return (markers || DEFAULT_MARKERS).some((m) => {
+    const marker = String(m).toLowerCase();
+    if (/^[a-z]+$/.test(marker)) {
+      return new RegExp(`\\b${marker}\\b`).test(lower);
+    }
+    return lower.includes(marker);
+  });
+}
+
+function extractLastAssistantText(payload) {
+  if (!payload || typeof payload !== 'object') return '';
+  const tx = payload.transcript || payload.messages || [];
+  if (!Array.isArray(tx)) return '';
+  for (let i = tx.length - 1; i >= 0; i--) {
+    const m = tx[i];
+    if (m && m.role === 'assistant') {
+      if (typeof m.content === 'string') return m.content;
+      if (Array.isArray(m.content)) {
+        return m.content.map((c) => (c && c.text ? c.text : '')).join(' ');
+      }
+    }
+  }
+  return '';
+}
+
+// Pure decision : returns { block, reason }.
+function decideStop({ state, config, lastAssistantText }) {
+  if (!isEngaged(state)) return { block: false };
+
+  const markers = config && config.completion_claim_markers;
+  if (!claimsCompletion(lastAssistantText, markers)) return { block: false };
+
+  const minPasses = (config && config.min_passes) || 3;
+  const done = passCount(state);
+  const verdict = lastVerdict(state);
+
+  // Defensive : if somehow 3 ok passes are recorded but complete() was not
+  // called, still block and tell the agent to call complete.
+  const base =
+    (config && config.banners && config.banners.stop_block) ||
+    'Strict mode: the turn cannot end. The locked scope has not been completed.';
+
+  const reason =
+    `${base}\n` +
+    `Progress: ${done}/${minPasses} self-verify passes, last verdict=${verdict || 'none'}.\n` +
+    `You claimed completion but byan_strict_complete has not produced an audit token. ` +
+    `Run byan_strict_self_verify until the scope is satisfied (last pass verdict "ok"), ` +
+    `then call byan_strict_complete. If the scope changed, re-lock it.`;
+
+  return { block: true, reason };
+}
+
+if (require.main === module) {
+  (async () => {
+    const state = loadState();
+    if (!isEngaged(state)) {
+      process.stdout.write(JSON.stringify({ continue: true }));
+      process.exit(0);
+    }
+    const config = loadConfig();
+    const payload = parseJson(await readStdin());
+    const lastAssistantText = extractLastAssistantText(payload);
+
+    const decision = decideStop({ state, config, lastAssistantText });
+    if (!decision.block) {
+      process.stdout.write(JSON.stringify({ continue: true }));
+      process.exit(0);
+    }
+    process.stdout.write(
+      JSON.stringify({ decision: 'block', reason: decision.reason, systemMessage: decision.reason })
+    );
+    process.exit(2);
+  })();
+}
+
+module.exports = { decideStop, claimsCompletion, extractLastAssistantText };

package/install/templates/.claude/rules/strict-mode.md

@@ -0,0 +1,166 @@
+# BYAN Strict Mode — Anti-Downgrade Enforcement
+
+> The user asked for something complete. Strict mode exists to stop the agent
+> from quietly delivering less: an MVP instead of the prod app, a stub instead
+> of the feature, a template filled without care.
+
+## Principe
+
+Strict mode locks a contract (the scope) at the start of a task, forces the
+agent to self-verify its work against that contract at least three times, and
+blocks the delivery (the commit) until verification is earned. It works on the
+three platforms BYAN targets: Claude Code, Codex, GitHub Copilot.
+
+| Layer | Mechanism | Platforms |
+|-------|-----------|-----------|
+| Scope lock + self-verify + complete | MCP tools (`byan_strict_*`) | all 3 (MCP) |
+| In-session blocking | Claude Code hooks (Stop / PreToolUse / UserPromptSubmit) | Claude Code |
+| Context injection | `AGENTS.md` block / `copilot-instructions.md` block | Codex / Copilot |
+| Final net | `.githooks/pre-commit` audit gate | all 3 (commit time) |
+
+Codex and Copilot have no in-session blocking hook. The pre-commit gate is the
+net that catches them: a commit cannot land if a strict session was engaged but
+not completed correctly.
+
+## Source de verite
+
+One file drives everything: `_byan/_config/strict-mode.yaml`. It holds the
+confidence floor, the self-verify config, the activation keywords, the scope
+lock template, the 12 hard mantras, and the per-platform injection blocks.
+
+Edit the YAML, then run the generator:
+
+```bash
+node _byan/mcp/byan-mcp-server/bin/byan-sync-rules.js
+```
+
+The generator emits (idempotent, between `BYAN-STRICT:BEGIN/END` markers):
+
+- `.claude/skills/byan-strict/SKILL.md` — the Claude Code skill
+- `.claude/hooks/lib/strict-config.json` — runtime config for the hooks
+- `AGENTS.md` block — Codex
+- `.github/copilot-instructions.md` block — Copilot
+- `src/byan-v2/data/strict-mantras.json` — the MantraValidator ruleset
+
+Do not hand-edit the generated blocks; edit the YAML and regenerate.
+
+## Le protocole (4 etapes)
+
+1. **Lock the scope** — `byan_strict_lock_scope` with a verbatim restatement of
+   the request and a non-empty list of testable `acceptanceCriteria`. Optional
+   `allowedPaths` restrict where writes may land. The locked scope is the
+   contract.
+2. **Build the full scope** — do not substitute an MVP or a stub. If a part
+   cannot be done, surface it as a gap in self-verify; do not cut it silently.
+3. **Self-verify >= 3 times** — `byan_strict_self_verify` with `verdict` `ok`
+   or `gap` (a `gap` needs a non-empty `findings` array). Re-read the original
+   request each pass. The last pass must be `ok`.
+4. **Complete** — `byan_strict_complete` returns an audit token. Below three
+   passes, or with a `gap` on the last pass, completion is rejected.
+
+## Activation
+
+- **Manual** — `byan_fd_start` with `strict: true`, or load the `byan-strict`
+  skill, or call `byan_strict_lock_scope` directly.
+- **Auto-detect** — when the request mentions an activation keyword (`prod`,
+  `production`, `client`, `contrat`, `template officiel`, `livrable`,
+  `deliverable`, `mise en production`, `release`), the agent is prompted to
+  suggest strict mode. It suggests and confirms; it does not lock silently.
+- **Cross-platform check** — `byan_strict_suggest` (MCP) scans any text against
+  the keyword list, for platforms without an in-session hook.
+
+## Les outils MCP
+
+| Tool | Role |
+|------|------|
+| `byan_strict_lock_scope` | Lock the contract (scope + criteria + paths) |
+| `byan_strict_self_verify` | Record a verification pass (`ok` / `gap`) |
+| `byan_strict_complete` | Earn the audit token (needs >= 3 passes, last `ok`) |
+| `byan_strict_status` | Read the current session state |
+| `byan_strict_abort` | Deliberate, audited exit from strict mode |
+| `byan_strict_suggest` | Detect production-grade keywords in a text |
+
+State lives in `.byan-strict/` (gitignored): `state.json` (current) and
+`audit.log` (append-only JSONL). The pre-commit gate reads this trail.
+
+## Persistance cote byan_web (autorite)
+
+The byan_web API is the **authority** for strict sessions; the local
+`.byan-strict/` state is a mirror. BYAN is an online tool (no network, no
+Claude), so the server is reachable whenever strict mode runs, and its record
+is final.
+
+- **Push** — every mutation pushes best-effort to the API after the local write:
+  `lock_scope` -> `POST /api/strict-sessions` (idempotent on the local session
+  id), `self_verify` -> `PATCH` (append a pass), `complete` -> `PATCH`
+  (audit token), `abort` -> `PATCH`. The session is scoped to the API key's
+  user and attached to a `projectId` (arg or `BYAN_PROJECT_ID`).
+- **Read** — `byan_strict_status` and the pre-commit gate consult the API first;
+  the local mirror is the fallback only when the API is genuinely unreachable
+  (so an offline machine is not hard-blocked, but online the server wins).
+- **Best-effort** — a missing `BYAN_API_TOKEN`, a timeout, or a non-2xx
+  degrades to `synced: false` rather than throwing. The local protocol keeps
+  working regardless; the sync layer (`lib/strict-sync.js`) isolates all
+  network I/O so `strict-mode.js` stays pure-local.
+- **Config** — `.mcp.json` passes `BYAN_API_TOKEN` via `${BYAN_API_TOKEN}`
+  (env expansion); the secret stays out of any tracked file. API side:
+  migration `033-strict-sessions.sql` + `routes/strict-sessions.js`.
+
+## Les hooks Claude Code
+
+Registered globally in `.claude/settings.json`; each one is a no-op unless a
+strict session is engaged (active + scope locked + not completed):
+
+- **`strict-context-inject.js`** (UserPromptSubmit) — injects the strict banner
+  and live pass status; suggests strict mode on activation keywords.
+- **`strict-scope-guard.js`** (PreToolUse) — denies `Write`/`Edit` outside the
+  locked `allowedPaths` (exempt: `.byan-strict/`, `_byan-output/`, `.git/`).
+- **`strict-stop-guard.js`** (Stop) — blocks end-of-turn when the assistant
+  claims the work is done but `byan_strict_complete` has not produced an audit
+  token. A mid-task yield without a completion claim is allowed.
+
+## Le filet pre-commit
+
+`.githooks/pre-commit` runs `strict-precommit-gate.js` on every commit:
+
+- No strict session on disk -> pass (strict was not engaged).
+- Aborted session -> pass (deliberate, audited).
+- Engaged but not completed -> **block**.
+- Completed with < 3 passes or last verdict not `ok` -> **block**.
+- Completed correctly -> pass.
+
+Emergency bypass: `git commit --no-verify`.
+
+## Confiance sur les claims durs
+
+Claims in `security`, `performance`, or `compliance` need LEVEL-1 sourcing
+(95%) under strict mode, or they are BLOCKED. This raises the default
+fact-check floors. See @.claude/rules/fact-check.md for the proof levels.
+
+## Les 12 mantras durs
+
+`STRICT-1` Scope Lock First · `STRICT-2` No Downgrade · `STRICT-3` No Silent Cut ·
+`STRICT-4` Self-Verify Three Times · `STRICT-5` Re-Read The Original ·
+`STRICT-6` Evidence Over Assertion · `STRICT-7` Hard Claim Floor ·
+`STRICT-8` Gap Is Not Failure · `STRICT-9` Audit Trail ·
+`STRICT-10` No Premature Complete · `STRICT-11` Honest Status ·
+`STRICT-12` Full Over Fast.
+
+Full text in `_byan/_config/strict-mode.yaml` and the generated SKILL.md.
+
+## FAQ
+
+**Strict mode trapped my turn — I cannot finish.** You claimed completion while
+a session was engaged. Either run `byan_strict_self_verify` until the scope is
+satisfied then `byan_strict_complete`, or `byan_strict_abort` to exit.
+
+**A write was denied.** The target is outside the locked `allowedPaths`. If it
+belongs to the scope, re-lock with the corrected paths; otherwise do not write
+it.
+
+**The commit is blocked.** A strict session is engaged but not completed.
+Complete or abort it. `--no-verify` bypasses (emergency only).
+
+**Can I force strict mode on every commit?** No. Strict mode is opt-in /
+auto-suggested. The gate enforces completion once engaged; it does not force
+engagement.

package/install/templates/.claude/settings.json

@@ -30,6 +30,10 @@
           {
             "type": "command",
             "command": "node \"$CLAUDE_PROJECT_DIR\"/.claude/hooks/fd-phase-guard.js"
+          },
+          {
+            "type": "command",
+            "command": "node \"$CLAUDE_PROJECT_DIR\"/.claude/hooks/strict-context-inject.js"
           }
         ]
       }
@@ -49,6 +53,10 @@
           {
             "type": "command",
             "command": "node \"$CLAUDE_PROJECT_DIR\"/.claude/hooks/stage-to-byan.js"
+          },
+          {
+            "type": "command",
+            "command": "node \"$CLAUDE_PROJECT_DIR\"/.claude/hooks/strict-stop-guard.js"
           }
         ]
       }
@@ -64,6 +72,10 @@
           {
             "type": "command",
             "command": "node \"$CLAUDE_PROJECT_DIR\"/.claude/hooks/fact-check-absolutes.js"
+          },
+          {
+            "type": "command",
+            "command": "node \"$CLAUDE_PROJECT_DIR\"/.claude/hooks/strict-scope-guard.js"
           }
         ]
       }

package/install/templates/.claude/skills/byan-strict/SKILL.md

@@ -0,0 +1,54 @@
+---
+name: byan-strict
+description: >-
+  Enforcement mode that prevents scope downgrade and forces the agent to self-verify its work against the originally locked request before delivering. Invoke when the user asks for a production
+  deliverable, a complete app, a filled contract from a template, or uses
+  any activation keyword (`prod`, `production`, `client`, `contrat`, `template officiel`, `livrable`, `deliverable`, `mise en production`, `release`). Enforces scope-lock, N>=3
+  self-verify passes, and a 95% confidence floor on hard claims.
+allowed-tools:
+  - mcp__byan__byan_strict_lock_scope
+  - mcp__byan__byan_strict_self_verify
+  - mcp__byan__byan_strict_complete
+  - mcp__byan__byan_strict_status
+  - mcp__byan__byan_strict_abort
+---
+
+<!-- Generated by byan-sync-rules from _byan/_config/strict-mode.yaml. Do not hand-edit. -->
+
+# BYAN Strict Mode
+
+You are operating under BYAN Strict Mode. The user asked for something
+complete. Downgrading the scope is the failure this mode exists to prevent.
+
+## Protocol
+
+1. **Lock the scope** with `byan_strict_lock_scope` before building. Provide a
+   verbatim restatement of the request and testable `acceptanceCriteria`. The
+   locked scope is the contract.
+2. **Build the full scope.** Do not substitute an MVP, a stub, or a simplified
+   version. If a part cannot be done, surface it as a gap — do not cut silently.
+3. **Self-verify at least 3 times** with
+   `byan_strict_self_verify`, re-reading the original request each pass. The
+   last pass must report verdict `ok`.
+4. **Complete** with `byan_strict_complete` to earn the audit token. Without it,
+   the pre-commit gate blocks the commit.
+
+## Hard claims
+
+Claims in security, performance, or compliance need LEVEL-1 sourcing
+(95%) or they are BLOCKED.
+
+## Mantras
+
+- **STRICT-1 Scope Lock First** — Reformulate the request and lock the scope before any build. The locked scope is the contract for the rest of the task.
+- **STRICT-2 No Downgrade** — Deliver the scope that was asked. Do not substitute an MVP, a stub, or a "simplified version" unless the user approves it and it is recorded in the audit trail.
+- **STRICT-3 No Silent Cut** — If a part of the scope cannot be done, surface it as a gap in the self_verify findings. Do not drop it quietly.
+- **STRICT-4 Self-Verify Three Times** — Run at least three self-verification passes against the locked acceptance criteria before calling complete.
+- **STRICT-5 Re-Read The Original** — Each self-verify pass re-reads the original request, not your own summary of it.
+- **STRICT-6 Evidence Over Assertion** — A "done" claim needs an artifact (test output, file diff, command result), not a statement.
+- **STRICT-7 Hard Claim Floor** — Claims in security, performance, or compliance need LEVEL-1 sourcing (95%) or they are BLOCKED.
+- **STRICT-8 Gap Is Not Failure** — Reporting a gap is the correct behavior. Hiding a gap is the violation.
+- **STRICT-9 Audit Trail** — Every scope lock, verify pass, and completion is appended to the audit log. The commit gate reads this trail.
+- **STRICT-10 No Premature Complete** — complete is rejected below three passes or when the last pass found a gap.
+- **STRICT-11 Honest Status** — Report failing tests with their output. Report skipped steps as skipped. Do not round a partial result up to "done".
+- **STRICT-12 Full Over Fast** — When the user states "complete, no cost compromise", speed is out of scope. Do not re-question the budget under the guise of an estimate.

package/install/templates/.githooks/pre-commit

@@ -25,6 +25,21 @@ if ! command -v node >/dev/null 2>&1; then
   exit 0
 fi
 
+# BYAN Strict Mode gate — the platform-agnostic final net. If a strict session
+# was engaged (scope locked) but not completed correctly, block the commit.
+# No-op when strict mode was never engaged. Runs on every platform (Claude
+# Code, Codex, Copilot) since it triggers at commit time, not in-session.
+STRICT_GATE="_byan/mcp/byan-mcp-server/bin/strict-precommit-gate.js"
+if [ -f "$STRICT_GATE" ]; then
+  if ! node "$STRICT_GATE" --root "$(git rev-parse --show-toplevel)"; then
+    echo ""
+    echo "Commit blocked by BYAN Strict Mode gate."
+    echo "Complete the strict session (byan_strict_complete) or abort it (byan_strict_abort)."
+    echo "Bypass with 'git commit --no-verify' (emergency only)."
+    exit 1
+  fi
+fi
+
 if [ ! -f "$VALIDATOR" ]; then
   exit 0
 fi

package/install/templates/_byan/_config/strict-mode.yaml

@@ -0,0 +1,258 @@
+# BYAN Strict Mode — Source of truth
+#
+# This file is the single canonical definition of BYAN Strict Mode.
+# It is consumed by the `byan-sync-rules` generator (F3), which emits the
+# per-platform artifacts (Claude Code SKILL.md + hooks, Codex AGENTS.md block,
+# GitHub Copilot instructions block) from the values below.
+#
+# Edit this file, then run the generator. Do not hand-edit the generated blocks
+# (they live between BYAN-STRICT:BEGIN / BYAN-STRICT:END markers).
+
+version: 1
+name: BYAN Strict Mode
+slug: byan-strict
+description: >-
+  Enforcement mode that prevents scope downgrade and forces the agent to
+  self-verify its work against the originally locked request before delivering.
+
+# ---------------------------------------------------------------------------
+# Confidence — hard claims must reach LEVEL-1 (95%).
+# ---------------------------------------------------------------------------
+confidence:
+  min_score: 95           # percentage; hard claims below this are BLOCKED
+  hard_claim_level: 1     # LEVEL-1 sourcing required on hard claims
+  applies_to:
+    - security
+    - performance
+    - compliance
+
+# ---------------------------------------------------------------------------
+# Self-verification — the iterate-and-check loop.
+# Mirrors lib/strict-mode.js (MIN_SELF_VERIFY_PASSES = 3).
+# ---------------------------------------------------------------------------
+self_verify:
+  min_passes: 3
+  last_verdict_must_be: ok      # the final pass must report no gap
+  reread_original_each_pass: true
+  verdicts:
+    - ok        # no gap against the locked acceptance criteria
+    - gap       # a gap was found; findings array must be non-empty
+
+# ---------------------------------------------------------------------------
+# Source floors per domain when strict mode is active.
+# Stricter than the default fact-check floors. Level number = LEVEL-n.
+# ---------------------------------------------------------------------------
+source_floors:
+  security: 1       # raised from 2 -> 1 under strict mode
+  performance: 1    # raised from 2 -> 1 under strict mode
+  compliance: 1
+  general: 2        # raised from default under strict mode
+
+# ---------------------------------------------------------------------------
+# Activation — manual + auto-detection.
+# byan_fd_start mode:"strict" sets it explicitly. Auto keywords in the user
+# request raise a strict-mode suggestion that the agent confirms before locking.
+# ---------------------------------------------------------------------------
+activation:
+  manual_mode: strict
+  auto_keywords:
+    - prod
+    - production
+    - client
+    - contrat
+    - "template officiel"
+    - livrable
+    - deliverable
+    - "mise en production"
+    - release
+  auto_behavior: suggest    # suggest -> confirm -> lock (do not lock silently)
+
+# ---------------------------------------------------------------------------
+# Scope lock — the contract template the agent fills before building.
+# Feeds byan_strict_lock_scope (scope + acceptance_criteria + paths).
+# ---------------------------------------------------------------------------
+scope_lock:
+  min_scope_chars: 10
+  require_acceptance_criteria: true
+  template: |
+    SCOPE (verbatim restatement of what was asked):
+      {scope}
+
+    ACCEPTANCE CRITERIA (each one testable):
+      - {criterion}
+
+    PATHS in play:
+      - {path}
+
+    OUT OF SCOPE (explicitly excluded, agreed with user):
+      - {exclusion}
+
+# ---------------------------------------------------------------------------
+# Hard mantras — the rules the enforcement layer makes non-negotiable.
+# These are imperatives, phrased to pass the fact-check absolute-word filter.
+# ---------------------------------------------------------------------------
+mantras:
+  - id: STRICT-1
+    name: Scope Lock First
+    rule: >-
+      Reformulate the request and lock the scope before any build. The locked
+      scope is the contract for the rest of the task.
+    rationale: A blurry scope is the entry point for silent downgrade.
+    priority: critical
+    validation_keywords: ["lock the scope", "byan_strict_lock_scope", "scope lock"]
+
+  - id: STRICT-2
+    name: No Downgrade
+    rule: >-
+      Deliver the scope that was asked. Do not substitute an MVP, a stub, or a
+      "simplified version" unless the user approves it and it is recorded in
+      the audit trail.
+    rationale: The user asked for a prod app; an MVP is a different deliverable.
+    priority: critical
+    validation_keywords: ["no downgrade", "downgrade", "mvp"]
+
+  - id: STRICT-3
+    name: No Silent Cut
+    rule: >-
+      If a part of the scope cannot be done, surface it as a gap in the
+      self_verify findings. Do not drop it quietly.
+    rationale: A dropped requirement the user did not see is a broken contract.
+    priority: high
+    validation_keywords: ["silent cut", "surface it as a gap", "do not cut silently"]
+
+  - id: STRICT-4
+    name: Self-Verify Three Times
+    rule: >-
+      Run at least three self-verification passes against the locked acceptance
+      criteria before calling complete.
+    rationale: One pass catches typos; three passes catch missing scope.
+    priority: critical
+    validation_keywords: ["self-verify", "byan_strict_self_verify", "three times"]
+
+  - id: STRICT-5
+    name: Re-Read The Original
+    rule: >-
+      Each self-verify pass re-reads the original request, not your own summary
+      of it.
+    rationale: Summaries drift; the source request does not.
+    priority: high
+    validation_keywords: ["re-read", "original request"]
+
+  - id: STRICT-6
+    name: Evidence Over Assertion
+    rule: >-
+      A "done" claim needs an artifact (test output, file diff, command
+      result), not a statement.
+    rationale: Stating success is cheap; showing it is the bar.
+    priority: high
+    validation_keywords: ["evidence", "artifact", "test output"]
+
+  - id: STRICT-7
+    name: Hard Claim Floor
+    rule: >-
+      Claims in security, performance, or compliance need LEVEL-1 sourcing
+      (95%) or they are BLOCKED.
+    rationale: These domains carry consequences that opinions cannot cover.
+    priority: critical
+    validation_keywords: ["level-1", "95%", "blocked"]
+
+  - id: STRICT-8
+    name: Gap Is Not Failure
+    rule: >-
+      Reporting a gap is the correct behavior. Hiding a gap is the violation.
+    rationale: Honesty about an unfinished part beats a false completion.
+    priority: high
+    validation_keywords: ["gap is", "hiding a gap", "the violation"]
+
+  - id: STRICT-9
+    name: Audit Trail
+    rule: >-
+      Every scope lock, verify pass, and completion is appended to the audit
+      log. The commit gate reads this trail.
+    rationale: Without a trail, enforcement is a suggestion, not a gate.
+    priority: high
+    validation_keywords: ["audit trail", "audit log", "audit token"]
+
+  - id: STRICT-10
+    name: No Premature Complete
+    rule: >-
+      complete is rejected below three passes or when the last pass found a gap.
+    rationale: Completion is earned by verification, not declared.
+    priority: critical
+    validation_keywords: ["byan_strict_complete", "rejected below", "earn"]
+
+  - id: STRICT-11
+    name: Honest Status
+    rule: >-
+      Report failing tests with their output. Report skipped steps as skipped.
+      Do not round a partial result up to "done".
+    rationale: A rounded-up status is the laziness the mode exists to stop.
+    priority: high
+    validation_keywords: ["honest status", "failing tests", "skipped"]
+
+  - id: STRICT-12
+    name: Full Over Fast
+    rule: >-
+      When the user states "complete, no cost compromise", speed is out of
+      scope. Do not re-question the budget under the guise of an estimate.
+    rationale: Re-asking "do you validate?" is downgrade wearing a tie.
+    priority: high
+    validation_keywords: ["full over fast", "no cost compromise", "out of scope"]
+
+# ---------------------------------------------------------------------------
+# Injection blocks — canonical text the generator embeds into each platform.
+# Kept here so all three platforms stay in sync from one source.
+# ---------------------------------------------------------------------------
+injection:
+  context_banner: |
+    [STRICT MODE ACTIVE]
+    You are under BYAN Strict Mode. Before building:
+      1. Lock the scope (byan_strict_lock_scope) with testable acceptance criteria.
+    While building:
+      2. Do not downgrade the scope. Surface any gap, do not cut silently.
+    Before delivering:
+      3. Run >= 3 self-verify passes (byan_strict_self_verify), re-reading the
+         original request each time. The last pass must report verdict "ok".
+      4. Call byan_strict_complete to earn the audit token.
+    Hard claims (security/performance/compliance) require LEVEL-1 sourcing (95%).
+    A commit without a fresh, matching audit token is blocked by the pre-commit gate.
+
+  stop_block_reason: >-
+    Strict mode: the turn cannot end. The locked scope has not passed three
+    self-verify passes with a final "ok" verdict. Run byan_strict_self_verify
+    until the scope is satisfied, then byan_strict_complete.
+
+  pretooluse_deny_reason: >-
+    Strict mode: this write targets a path outside the locked scope. Either it
+    belongs to the scope (re-lock with the corrected paths) or it does not
+    (do not write it).
+
+# ---------------------------------------------------------------------------
+# Hooks config — consumed by the generated .claude/hooks/lib/strict-config.json,
+# which the three Claude Code hooks read at runtime. Single source of truth so
+# the enforcement behavior stays aligned with this file.
+# ---------------------------------------------------------------------------
+hooks:
+  # Words that signal the agent is claiming the work is finished. The Stop
+  # hook blocks end-of-turn when such a claim appears but the strict session
+  # was not completed (3 passes + audit token).
+  completion_claim_markers:
+    - done
+    - finished
+    - complete
+    - delivered
+    - ready
+    - shipped
+    - "terminé"
+    - fini
+    - "livré"
+    - "prêt"
+    - "c'est bon"
+    - "voilà"
+  scope_guard:
+    enforce_paths: true        # deny Write/Edit outside locked allowed_paths
+    exempt_globs:
+      - ".byan-strict/"
+      - "_byan-output/"
+      - ".git/"
+  freshness_window_seconds: 600  # mirrors checkAuditTrail default

package/install/templates/_byan/mcp/byan-mcp-server/bin/byan-sync-rules.js

@@ -0,0 +1,24 @@
+#!/usr/bin/env node
+import { syncRules } from '../lib/sync-rules.js';
+
+// CLI wrapper for the byan-sync-rules generator.
+// Usage: node bin/byan-sync-rules.js [--root <dir>] [--config <file>]
+
+function parseArgs(argv) {
+  const args = {};
+  for (let i = 2; i < argv.length; i++) {
+    if (argv[i] === '--root') args.projectRoot = argv[++i];
+    else if (argv[i] === '--config') args.configPath = argv[++i];
+  }
+  return args;
+}
+
+try {
+  const report = syncRules(parseArgs(process.argv));
+  const lines = Object.entries(report).map(([file, action]) => `  ${action.padEnd(9)} ${file}`);
+  process.stdout.write('byan-sync-rules — strict mode artifacts\n' + lines.join('\n') + '\n');
+  process.exit(0);
+} catch (err) {
+  process.stderr.write(`byan-sync-rules failed: ${err.message}\n`);
+  process.exit(1);
+}

package/install/templates/_byan/mcp/byan-mcp-server/bin/strict-precommit-gate.js

@@ -0,0 +1,21 @@
+#!/usr/bin/env node
+import { evaluateGate } from '../lib/precommit-gate.js';
+
+// Pre-commit entry for the BYAN Strict Mode gate.
+// Usage: node bin/strict-precommit-gate.js [--root <dir>]
+// Exit 0 = allow commit, exit 1 = block commit.
+
+function parseArgs(argv) {
+  const args = {};
+  for (let i = 2; i < argv.length; i++) {
+    if (argv[i] === '--root') args.projectRoot = argv[++i];
+  }
+  return args;
+}
+
+const result = await evaluateGate(parseArgs(process.argv));
+if (result.pass) {
+  process.exit(0);
+}
+process.stderr.write(`[byan strict gate] BLOCK: ${result.reason}\n`);
+process.exit(1);