devrites 1.19.0

package/pack/.claude/hooks/devrites-a1-guard.sh

@@ -0,0 +1,81 @@
+#!/usr/bin/env bash
+# DevRites PreToolUse hook — A1 pre-block: keep the /rite-build ORCHESTRATOR from editing
+# source while a slice is mid-build. The slice-wright (a Task subagent) is the only sanctioned
+# writer of code + tests; the orchestrator writes only .devrites/ bookkeeping. This hook is the
+# optional pre-block companion to the reconcile.sh post-hoc gate (which always runs).
+#
+# Safety model: FAIL-OPEN, and OBSERVE by default.
+#   - It NEVER blocks unless ALL hold: a build window is open, the edit is to a source file,
+#     it came from the MAIN thread (no agent_id), and enforce mode is on.
+#   - On any doubt — no active workspace, no open window, no node, unparseable payload, a
+#     subagent caller, a .devrites/ path, the inline fallback — it exits 0 and stays silent.
+#   - Default mode is "observe": it LOGS what it would block (to .a1-guard.log) and allows.
+#     Flip to enforce only AFTER confirming the log never flags the wright's own edits — that
+#     confirms this Claude Code build populates agent_id for subagents (older builds may not;
+#     if the log flags wright edits, agent_id is unavailable here — stay in observe).
+#
+# Enable enforce (either one):
+#   export DEVRITES_A1_HOOK=enforce          # session-wide
+#   touch .devrites/work/<slug>/.a1-enforce  # per-feature
+#
+# Window: opened by `reconcile.sh snapshot` (writes .reconcile-base) before dispatch, closed by
+# a clean `reconcile.sh check`. A violation leaves it open so inline patching stays blocked
+# until the wright is re-dispatched. A stale window (abandoned build) → clear with
+# `rm .devrites/work/<slug>/.reconcile-base` or re-run the check.
+set -u
+
+input="$(cat)"
+
+# Fast path: must look like a tool call at all.
+case "$input" in *'"tool_name"'*) : ;; *) exit 0 ;; esac
+
+root="${CLAUDE_PROJECT_DIR:-$PWD}"
+
+# No active DevRites feature → not our concern (keeps non-DevRites projects untouched).
+[ -f "$root/.devrites/ACTIVE" ] || exit 0
+slug="$(tr -d '[:space:]' < "$root/.devrites/ACTIVE" 2>/dev/null)"
+[ -n "$slug" ] || exit 0
+d="$root/.devrites/work/$slug"
+
+# Mid-build window open? Only armed between a reconcile snapshot and its check. This scoping is
+# what keeps the hook off /rite-polish, /rite-quick, and ordinary manual edits — they edit
+# source from the main thread too, legitimately, and no window is open then.
+[ -f "$d/.reconcile-base" ] || exit 0
+
+# Inline fallback: the orchestrator is legitimately the writer (no wright was dispatched).
+[ -f "$d/.reconcile-inline" ] && exit 0
+
+# Parse with node (ships with Claude Code). No node or a parse failure → fail open.
+command -v node >/dev/null 2>&1 || exit 0
+parsed="$(printf '%s' "$input" | node -e 'let s="";process.stdin.on("data",d=>s+=d).on("end",()=>{try{const j=JSON.parse(s);const ti=j.tool_input||{};const fp=ti.file_path||ti.path||"";process.stdout.write([j.tool_name||"",fp,j.agent_id||""].join("\t"))}catch(e){}})' 2>/dev/null)"
+[ -n "$parsed" ] || exit 0
+IFS=$'\t' read -r tool fpath agent <<EOF
+$parsed
+EOF
+
+# Only Edit-family writes can touch source.
+case "$tool" in Edit|Write|MultiEdit|NotebookEdit) : ;; *) exit 0 ;; esac
+
+# Subagent caller (the wright) → allow. agent_id is present only inside a subagent.
+[ -n "$agent" ] && exit 0
+
+# Can't tell the path → fail open.
+[ -n "$fpath" ] || exit 0
+case "$fpath" in /*) abs="$fpath" ;; *) abs="$root/$fpath" ;; esac
+
+# Bookkeeping under .devrites/ is the orchestrator's own legit target → allow.
+case "$abs" in "$root/.devrites/"*) exit 0 ;; esac
+
+# Reaching here = the MAIN thread is about to edit a SOURCE file mid-build. That is the A1
+# breach. Observe (default) logs and allows; enforce denies.
+mode="${DEVRITES_A1_HOOK:-observe}"
+[ -f "$d/.a1-enforce" ] && mode="enforce"
+
+if [ "$mode" = "enforce" ]; then
+  printf '%s\n' '{"hookSpecificOutput":{"hookEventName":"PreToolUse","permissionDecision":"deny","permissionDecisionReason":"DevRites A1: the orchestrator must not edit source mid-build — the slice-wright is the only writer. Re-dispatch the wright (continue it once) or stop + escalate; do not patch the code yourself. (devrites-a1-guard)"}}'
+  exit 0
+fi
+
+# Observe mode — record what enforce WOULD have blocked, then allow.
+printf '%s\tWOULD-BLOCK\t%s\t%s\n' "$(date '+%Y-%m-%dT%H:%M:%S' 2>/dev/null || echo '?')" "$tool" "$abs" >> "$d/.a1-guard.log" 2>/dev/null || true
+exit 0

package/pack/.claude/hooks/devrites-allow.sh

@@ -0,0 +1,44 @@
+#!/usr/bin/env bash
+# DevRites PreToolUse hook — auto-approve the pack's READ-ONLY orientation/gate scripts so
+# they stop triggering a permission prompt on every skill run.
+#
+# Safety model: FAIL-OPEN. This hook never denies and never blocks. It only ever EMITS an
+# `allow` for a command that (a) runs one of five known read-only DevRites scripts AND
+# (b) contains no dangerous/exfiltration tokens. On any doubt it prints nothing and exits 0, pack-scan-ignore: describes the hook's own exfil filter, not a payload
+# which leaves Claude Code's normal permission flow untouched. Mutating DevRites scripts
+# (resolve.sh / tick-afk.sh / close-out.sh) are intentionally NOT covered — they still prompt.
+set -u
+
+input="$(cat)"
+
+# Fast path: 99% of Bash commands have nothing to do with DevRites — skip without spawning node.
+case "$input" in *devrites-lib/scripts/*) : ;; *) exit 0 ;; esac
+
+# Extract the actual command string. Use node (ships with Claude Code) for correct JSON;
+# if it's unavailable or parsing fails, fall through to the normal prompt.
+command -v node >/dev/null 2>&1 || exit 0
+cmd="$(printf '%s' "$input" | node -e 'let s="";process.stdin.on("data",d=>s+=d).on("end",()=>{try{const j=JSON.parse(s);process.stdout.write((j.tool_input&&j.tool_input.command)||"")}catch(e){}})' 2>/dev/null)"
+[ -n "$cmd" ] || exit 0
+
+# (a) Must actually invoke one of the five read-only helpers.
+case "$cmd" in
+  *devrites-lib/scripts/preamble.sh*|\
+  *devrites-lib/scripts/progress.sh*|\
+  *devrites-lib/scripts/readiness.sh*|\
+  *devrites-lib/scripts/evidence-fresh.sh*|\
+  *devrites-lib/scripts/check-acceptance.sh*) : ;;
+  *) exit 0 ;;
+esac
+
+# (b) Defense in depth — refuse to auto-approve a compound command that could do harm or
+# exfiltrate. The legit resolver snippets only use `[ -f ]`, var assignment, `bash "$VAR"`,
+# `echo`, and && / ||. Anything below -> fall through to a normal prompt.
+case "$cmd" in
+  *" rm "*|*"rm -"*|*" mv "*|*" dd "*|*mkfs*|*" > /"*|*">/"*|*" >> "*|*">> "*|\
+  *chmod*|*chown*|*sudo*|*curl*|*wget*|*" scp "*|*" ssh "*|*'$('*|*'`'*|\
+  *eval*|*base64*|*xargs*|*"git push"*|*"git commit"*|*"git reset"*|*"git checkout"*|\
+  *" npm "*|*npx\ *|*pnpm*|*" yarn "*|*" pip "*|*python\ -c*|*node\ -e*|*perl\ *|*ruby\ -e*) exit 0 ;;
+esac
+
+printf '%s\n' '{"hookSpecificOutput":{"hookEventName":"PreToolUse","permissionDecision":"allow","permissionDecisionReason":"DevRites read-only orientation/gate script — auto-approved by the devrites-allow hook"}}'
+exit 0

package/pack/.claude/hooks/devrites-cursor.sh

@@ -0,0 +1,28 @@
+#!/usr/bin/env bash
+# DevRites UserPromptSubmit hook — re-inject the active feature's cursor each turn so the
+# load-bearing next-action sits at the high-attention end of context (fights lost-in-the-middle
+# on a long phase; pairs with the SessionStart orientation). Tiny + read-only; silent on
+# non-DevRites projects. Its stdout is added to the model's context for this turn.
+set -u
+
+root="${CLAUDE_PROJECT_DIR:-$PWD}"
+[ -f "$root/.devrites/ACTIVE" ] || exit 0
+slug="$(tr -d '[:space:]' < "$root/.devrites/ACTIVE" 2>/dev/null)"
+[ -n "$slug" ] || exit 0
+d="$root/.devrites/work/$slug"
+[ -d "$d" ] || exit 0
+state="$d/state.md"
+
+next="$(grep -iE '^[-[:space:]]*Next step:' "$state" 2>/dev/null | head -1 | sed -E 's/^[-[:space:]]*Next step:[[:space:]]*//')"
+status="$(grep -iE '^[-[:space:]]*Status:' "$state" 2>/dev/null | head -1 | sed -E 's/^[-[:space:]]*Status:[[:space:]]*//')"
+gates="$(grep -ciE '^[[:space:]]*status:[[:space:]]*open' "$d/questions.md" 2>/dev/null || echo 0)"
+afk=""
+[ -f "$root/.devrites/AFK" ] && afk="$(grep -iE 'AFK slices remaining:' "$state" 2>/dev/null | head -1 | sed -E 's/.*remaining:[[:space:]]*//')"
+
+echo "DevRites cursor — active feature: $slug"
+[ -n "$status" ] && echo "  status: $status"
+[ -n "$next" ] && echo "  next: $next"
+echo "  open questions: ${gates:-0}"
+[ -n "$afk" ] && echo "  AFK slices remaining: $afk"
+[ -f "$d/.red" ] && echo "  ⚠ tests/build RED — resolve before stopping"
+exit 0

package/pack/.claude/hooks/devrites-orient.sh

@@ -0,0 +1,53 @@
+#!/usr/bin/env bash
+# DevRites SessionStart hook — two read-only jobs, both silent unless they have something to say:
+#   1. surface DevRites health issues (stale ACTIVE, corrupt workspace, broken hook wiring, …)
+#      via doctor.sh — only when there ARE issues (silent-when-healthy);
+#   2. inject the active feature's orientation digest so the model knows a workflow is in flight.
+# Silent on non-DevRites projects and on any failure — this is an enhancement, never a
+# dependency. Read-only; never blocks.
+set -u
+
+# Resolve shared scripts across install layouts (mirror the skill resolver).
+P=".claude/skills/devrites-lib/scripts/preamble.sh"
+[ -f "$P" ] || P="${CLAUDE_PLUGIN_ROOT:-}/pack/.claude/skills/devrites-lib/scripts/preamble.sh"
+[ -f "$P" ] || P="pack/.claude/skills/devrites-lib/scripts/preamble.sh"
+D=".claude/skills/devrites-lib/scripts/doctor.sh"
+[ -f "$D" ] || D="${CLAUDE_PLUGIN_ROOT:-}/pack/.claude/skills/devrites-lib/scripts/doctor.sh"
+[ -f "$D" ] || D="pack/.claude/skills/devrites-lib/scripts/doctor.sh"
+L=".claude/skills/devrites-lib/scripts/learnings.sh"
+[ -f "$L" ] || L="${CLAUDE_PLUGIN_ROOT:-}/pack/.claude/skills/devrites-lib/scripts/learnings.sh"
+[ -f "$L" ] || L="pack/.claude/skills/devrites-lib/scripts/learnings.sh"
+
+# Not a DevRites project -> stay silent.
+[ -d ".devrites" ] || exit 0
+
+# 1. Health sweep — prints issue lines only (empty when healthy).
+health=""
+[ -f "$D" ] && health="$(bash "$D" 2>/dev/null)"
+
+# 2. Orientation digest — only when there's an active workspace.
+digest=""
+if [ -f "$P" ]; then
+  slug="$(cat .devrites/ACTIVE 2>/dev/null | tr -d '[:space:]')"
+  if [ -n "$slug" ] && [ -d ".devrites/work/$slug" ]; then
+    digest="$(bash "$P" 2>/dev/null)"
+  fi
+fi
+
+# 3. Learnings nudge — silent unless a pattern recurs across shipped features (snoozes after review).
+nudge=""
+[ -f "$L" ] && nudge="$(bash "$L" nudge 2>/dev/null)"
+
+# Nothing to say -> stay silent.
+[ -z "$health" ] && [ -z "$digest" ] && [ -z "$nudge" ] && exit 0
+
+ctx=""
+[ -n "$health" ] && ctx="⚠ DevRites health — issues found at session start (advisory; run /rite-doctor for the full report):"$'\n'"$health"$'\n\n'
+[ -n "$digest" ] && ctx="${ctx}DevRites workflow active — live workspace orientation (from preamble.sh):"$'\n\n'"$digest"$'\n\n'"This is the current state; a /rite-* command will re-run its own step-0 preamble."
+[ -n "$nudge" ] && ctx="${ctx}"$'\n\n'"$nudge"
+
+# Emit as additionalContext, JSON-encoded via node (skip if node is absent — each skill's
+# own step-0 preamble still orients, and the health block degrades to nothing).
+command -v node >/dev/null 2>&1 || exit 0
+printf '%s' "$ctx" | node -e 'let s="";process.stdin.on("data",d=>s+=d).on("end",()=>{process.stdout.write(JSON.stringify({hookSpecificOutput:{hookEventName:"SessionStart",additionalContext:s}}));});' 2>/dev/null || exit 0
+exit 0

package/pack/.claude/hooks/devrites-redwatch.sh

@@ -0,0 +1,39 @@
+#!/usr/bin/env bash
+# DevRites PostToolUse hook — fail-on-red sentinel. After a Bash command that runs the
+# project's tests / build / typecheck / lint, set or clear .devrites/work/<slug>/.red so the
+# Stop gate (devrites-stop-gate.sh) can refuse to end a turn while the suite is red. Turns
+# "evidence over confidence / fail-on-red" from prose into a tracked flag. Heuristic on the
+# command + its output; FAIL-OPEN and silent on any doubt.
+set -u
+
+input="$(cat)"
+case "$input" in *'"tool_name"'*) : ;; *) exit 0 ;; esac
+root="${CLAUDE_PROJECT_DIR:-$PWD}"
+[ -f "$root/.devrites/ACTIVE" ] || exit 0
+slug="$(tr -d '[:space:]' < "$root/.devrites/ACTIVE" 2>/dev/null)"
+[ -n "$slug" ] || exit 0
+d="$root/.devrites/work/$slug"
+[ -d "$d" ] || exit 0
+
+command -v node >/dev/null 2>&1 || exit 0
+parsed="$(printf '%s' "$input" | node -e 'let s="";process.stdin.on("data",d=>s+=d).on("end",()=>{try{const j=JSON.parse(s);const ti=j.tool_input||{};let r=j.tool_response;if(r&&typeof r==="object")r=JSON.stringify(r);process.stdout.write((j.tool_name||"")+"
"+(ti.command||"")+"
"+(r||""))}catch(e){}})' 2>/dev/null)"
+[ -n "$parsed" ] || exit 0
+tool="${parsed%%$'\001'*}"; rest="${parsed#*$'\001'}"; cmd="${rest%%$'\001'*}"; out="${rest#*$'\001'}"
+[ "$tool" = "Bash" ] || exit 0
+
+# Only react to test/build/lint/typecheck commands.
+printf '%s' "$cmd" | grep -qiE '(npm|pnpm|yarn|bun)([[:space:]]+run)?[[:space:]]+(test|build|lint|typecheck|check)|jest|vitest|pytest|go[[:space:]]+test|cargo[[:space:]]+(test|build|clippy)|\bmvn\b|gradle|eslint|ruff|mypy|\btsc\b|\bmake[[:space:]]+(test|build|check)' || exit 0
+
+red="$d/.red"
+combo="$cmd
+$out"
+if printf '%s' "$combo" | grep -qiE '(^|[^A-Za-z])FAIL([^A-Za-z]|$)|[1-9][0-9]*[[:space:]]+(failed|failing|failures?|errors?)|not ok|panic:|error TS[0-9]|Traceback|AssertionError|✗|✘|BUILD FAILED|exit code [1-9]'; then
+  printf '%s\n' "$cmd" > "$red" 2>/dev/null || true
+  safe="$(printf '%s' "$cmd" | head -c 80 | tr -d '"\\')"
+  printf '{"hookSpecificOutput":{"hookEventName":"PostToolUse","additionalContext":"DevRites: tests/build are RED (%s). Fix to green or record the failure + next step in state.md before stopping — the Stop gate blocks an end-of-turn while .red is set."}}\n' "$safe" 2>/dev/null || true
+  exit 0
+fi
+if printf '%s' "$combo" | grep -qiE 'PASS(ED)?|0[[:space:]]+(failed|failing|errors?)|all tests passed|BUILD SUCC(ESS|EEDED)|succeeded|no (errors|problems|issues)|(^|[^a-z])ok([^a-z]|$)|✓'; then
+  rm -f "$red" 2>/dev/null || true
+fi
+exit 0

package/pack/.claude/hooks/devrites-refresh-indexes.sh

@@ -0,0 +1,127 @@
+#!/usr/bin/env bash
+# DevRites Stop hook — keep the code-intelligence indexes fresh after code changes, so the
+# NEXT structural lookup (see .claude/rules/tooling.md) reads current code, not a stale graph.
+# Reindexes the three optional indexes that track this repo — codebase-memory-mcp, codegraph,
+# graphify — each only if its binary is on PATH AND it already tracks the repo. Missing = no-op.
+#
+# Enhancement, never a dependency: silent on projects with no index, FAIL-OPEN, NEVER blocks.
+# The turn never waits — work runs in a DETACHED background process; the Stop hook returns at
+# once. Self-guards on a change-stamp so idle turns cost nothing. ON by default; disable with
+# DEVRITES_REFRESH_INDEXES=off. Does NOT touch agentmemory (separate, judgment-based store).
+#
+# Modes:
+#   (no args)        trigger: guard on changes, then spawn the detached worker. Used by the hook.
+#   --force [ROOT]   run synchronously NOW, ignore the change-guard, print a report (the skill).
+#   --worker ROOT    internal: the reindex work itself. Detached.
+set -u
+
+[ "${DEVRITES_REFRESH_INDEXES:-on}" = "off" ] && exit 0
+
+# ---- portable bounded-time runner (macOS has no `timeout` by default) ----
+run_timeout() { # <seconds> <cmd...>
+  secs="$1"; shift
+  if   command -v timeout  >/dev/null 2>&1; then timeout  "$secs" "$@"
+  elif command -v gtimeout >/dev/null 2>&1; then gtimeout "$secs" "$@"
+  else "$@"; fi
+}
+
+# ---- state-file locations derived from a repo root (all gitignore-safe) ----
+compute_state() { # <root>
+  ROOT="$1"
+  if   [ -d "$ROOT/.codegraph" ]; then STATE="$ROOT/.codegraph"
+  elif [ -d "$ROOT/.git"       ]; then STATE="$ROOT/.git"
+  else STATE="$ROOT"; fi
+  STAMP="$STATE/.index_refresh_stamp"
+  LOCK="$STATE/.index_refresh.lock"
+  LOG="$STATE/index_refresh.log"
+}
+
+# ---- is this repo tracked by codebase-memory-mcp? ----
+# Cheap repo-local signal first (exported artifact); fall back to the project registry.
+cbm_registered() { # <root>
+  command -v codebase-memory-mcp >/dev/null 2>&1 || return 1
+  [ -d "$1/.codebase-memory" ] && return 0
+  codebase-memory-mcp cli --raw list_projects 2>/dev/null | grep -qF "$1"
+}
+
+# ---- the reindex work; runs detached (or synchronously under --force) ----
+worker() { # <root>
+  _root="$1"
+  echo "[$(date '+%Y-%m-%d %H:%M:%S' 2>/dev/null || echo '?')] refresh start: $_root"
+  if cbm_registered "$_root"; then
+    echo "[codebase-memory] index_repository"
+    run_timeout 300 codebase-memory-mcp cli index_repository "{\"repo_path\": \"$_root\"}" 2>&1 \
+      || echo "[codebase-memory] index failed or timed out"
+  fi
+  if [ -d "$_root/.codegraph" ] && command -v codegraph >/dev/null 2>&1; then
+    echo "[codegraph] sync"
+    run_timeout 120 codegraph sync "$_root" 2>&1 || echo "[codegraph] sync failed or timed out"
+  fi
+  if [ -d "$_root/graphify-out" ] && command -v graphify >/dev/null 2>&1; then
+    echo "[graphify] update"
+    run_timeout 300 graphify update "$_root" 2>&1 || echo "[graphify] update failed or timed out"
+  fi
+  echo "[$(date '+%Y-%m-%d %H:%M:%S' 2>/dev/null || echo '?')] refresh done"
+}
+
+# ============================ entrypoint ============================
+
+# --- worker branch: do the work, release the lock, exit ---
+if [ "${1:-}" = "--worker" ]; then
+  ROOT="${2:-$PWD}"
+  compute_state "$ROOT"
+  worker "$ROOT"
+  rm -rf "$LOCK" 2>/dev/null || true
+  exit 0
+fi
+
+# --- parse mode ---
+FORCE=0
+if [ "${1:-}" = "--force" ]; then FORCE=1; shift; fi
+ROOT="${1:-${CLAUDE_PROJECT_DIR:-$PWD}}"
+compute_state "$ROOT"
+
+# --- availability guard: do nothing unless at least one index tracks this repo ---
+if [ ! -d "$ROOT/.codegraph" ] && [ ! -d "$ROOT/graphify-out" ] && ! cbm_registered "$ROOT"; then
+  exit 0
+fi
+
+# --- change guard: skip if nothing changed since last refresh (trigger mode only) ---
+if [ "$FORCE" -ne 1 ] && [ -f "$STAMP" ]; then
+  changed=$(find "$ROOT" -type f -newer "$STAMP" \
+    -not -path '*/.git/*' \
+    -not -path '*/.codegraph/*' \
+    -not -path '*/graphify-out/*' \
+    -not -path '*/.codebase-memory/*' \
+    -not -path '*/.devrites/*' \
+    -not -path '*/node_modules/*' \
+    -not -path '*/.venv/*' \
+    -not -path '*/__pycache__/*' \
+    -not -path '*/.research/*' \
+    -not -path '*/.cursor/*' \
+    -not -path '*/dist/*' \
+    -not -path '*/build/*' \
+    -print 2>/dev/null | head -n 1)
+  [ -z "$changed" ] && exit 0
+fi
+
+# --- lock: never run two refreshes at once; steal a lock older than 30 min ---
+if ! mkdir "$LOCK" 2>/dev/null; then
+  if [ -d "$LOCK" ] && find "$LOCK" -prune -mmin +30 2>/dev/null | grep -q .; then
+    rm -rf "$LOCK" 2>/dev/null
+    mkdir "$LOCK" 2>/dev/null || exit 0
+  else
+    exit 0   # another refresh in progress
+  fi
+fi
+
+# debounce: stamp now so a no-op turn doesn't re-trigger
+touch "$STAMP" 2>/dev/null || true
+
+if [ "$FORCE" -eq 1 ]; then
+  worker "$ROOT"                                   # synchronous: the skill wants the report
+  rm -rf "$LOCK" 2>/dev/null || true
+else
+  nohup "$0" --worker "$ROOT" >>"$LOG" 2>&1 &      # detached: Stop returns immediately
+fi
+exit 0

package/pack/.claude/hooks/devrites-reviewer-readonly.sh

@@ -0,0 +1,28 @@
+#!/usr/bin/env bash
+# DevRites subagent PreToolUse hook (wired from reviewer-agent frontmatter) — keep the
+# read-only reviewers read-only: deny a Bash command that could mutate the tree or exfiltrate.
+# A fresh-context reviewer reads untrusted source; a silent write path is a prompt-injection
+# surface (rules/security.md). FAIL-OPEN, OBSERVE by default; DEVRITES_REVIEWER_RO=enforce.
+set -u
+
+input="$(cat)"
+case "$input" in *'"tool_name"'*) : ;; *) exit 0 ;; esac
+command -v node >/dev/null 2>&1 || exit 0
+parsed="$(printf '%s' "$input" | node -e 'let s="";process.stdin.on("data",d=>s+=d).on("end",()=>{try{const j=JSON.parse(s);const ti=j.tool_input||{};process.stdout.write((j.tool_name||"")+"
"+(ti.command||""))}catch(e){}})' 2>/dev/null)"
+[ -n "$parsed" ] || exit 0
+tool="${parsed%%$'\001'*}"; cmd="${parsed#*$'\001'}"
+[ "$tool" = "Bash" ] || exit 0
+[ -n "$cmd" ] || exit 0
+
+# Mutating / exfiltration tokens — reviewers only ever need read-only inspection. pack-scan-ignore: this is the hook's own defensive deny-list, not a payload.
+printf '%s' "$cmd" | grep -qE '>>|[^0-9 ]>[^>&]|[[:space:]]-i([[:space:]]|$)|sed[[:space:]]+-i|\brm\b|\bmv\b|\btee\b|\btruncate\b|\bdd\b|chmod|chown|git[[:space:]]+(add|commit|push|reset|checkout|rm|mv|stash|tag|apply)|npm[[:space:]]+(install|i|publish|run)|pnpm[[:space:]]+(install|add)|yarn[[:space:]]+add|pip[[:space:]]+install|curl[[:space:]].*[[:space:]]-o\b|\bwget\b|\bscp\b|\bssh\b|\bnc\b' || exit 0
+
+mode="${DEVRITES_REVIEWER_RO:-observe}"
+if [ "$mode" = "enforce" ]; then
+  printf '%s\n' '{"hookSpecificOutput":{"hookEventName":"PreToolUse","permissionDecision":"deny","permissionDecisionReason":"DevRites: reviewers are read-only. This Bash command can mutate or exfiltrate; inspect with Read/Grep/Glob and return findings — do not modify the tree or reach the network. (devrites-reviewer-readonly)"}}'
+  exit 0
+fi
+root="${CLAUDE_PROJECT_DIR:-$PWD}"
+slug="$(tr -d '[:space:]' < "$root/.devrites/ACTIVE" 2>/dev/null || true)"
+[ -n "$slug" ] && printf '%s\tWOULD-BLOCK\t%s\n' "$(date '+%Y-%m-%dT%H:%M:%S' 2>/dev/null || echo '?')" "$(printf '%s' "$cmd" | head -c 80)" >> "$root/.devrites/work/$slug/.reviewer-ro.log" 2>/dev/null || true
+exit 0

package/pack/.claude/hooks/devrites-statusline.sh

@@ -0,0 +1,18 @@
+#!/usr/bin/env bash
+# DevRites statusline — one-line workspace HUD for settings.json "statusLine". Ships UNWIRED
+# (opt-in) so it never clobbers a user's own statusline; point a "statusLine" command at it to
+# enable. Reads the session JSON on stdin (ignored) + .devrites/ and prints:
+#   DevRites: <slug> · <phase> · gates:<n> · AFK|HITL
+set -u
+
+cat >/dev/null 2>&1 || true
+root="${CLAUDE_PROJECT_DIR:-$PWD}"
+[ -f "$root/.devrites/ACTIVE" ] || exit 0
+slug="$(tr -d '[:space:]' < "$root/.devrites/ACTIVE" 2>/dev/null)"
+[ -n "$slug" ] || exit 0
+d="$root/.devrites/work/$slug"; state="$d/state.md"
+phase="$(grep -iE '^[-[:space:]]*Phase:' "$state" 2>/dev/null | head -1 | sed -E 's/^[-[:space:]]*Phase:[[:space:]]*//')"
+gates="$(grep -ciE '^[[:space:]]*status:[[:space:]]*open' "$d/questions.md" 2>/dev/null || echo 0)"
+mode="HITL"; [ -f "$root/.devrites/AFK" ] && mode="AFK"
+red=""; [ -f "$d/.red" ] && red=" · RED"
+printf 'DevRites: %s · %s · gates:%s · %s%s\n' "$slug" "${phase:-?}" "${gates:-0}" "$mode" "$red"

package/pack/.claude/hooks/devrites-stop-gate.sh

@@ -0,0 +1,45 @@
+#!/usr/bin/env bash
+# DevRites Stop hook — state-integrity gate. Refuse to end the turn while the active workspace
+# is provably inconsistent: tests are red (.red, set by devrites-redwatch.sh), or an open
+# blocking/validating gate is not surfaced as Awaiting human. Turns "persistence before
+# stopping" + "fail-on-red" from prose into a real gate. FAIL-OPEN, OBSERVE by default (logs to
+# .stop-gate.log); enable with DEVRITES_STOP_GATE=enforce. Loop-guarded by stop_hook_active so
+# it can never wedge the session.
+set -u
+
+input="$(cat)"
+root="${CLAUDE_PROJECT_DIR:-$PWD}"
+[ -f "$root/.devrites/ACTIVE" ] || exit 0
+slug="$(tr -d '[:space:]' < "$root/.devrites/ACTIVE" 2>/dev/null)"
+[ -n "$slug" ] || exit 0
+d="$root/.devrites/work/$slug"
+[ -d "$d" ] || exit 0
+
+# Loop guard: if we already blocked once this stop cycle, let it stop.
+case "$input" in *'"stop_hook_active":true'*) exit 0 ;; esac
+
+reason=""
+# 1) Red tests/build.
+if [ -f "$d/.red" ]; then
+  rc="$(head -c 100 "$d/.red" 2>/dev/null | tr -d '"\\')"
+  reason="tests/build are RED ($rc) — fix to green, or record the failure + the next step in state.md, before stopping"
+fi
+# 2) Open blocking/validating gate not surfaced as awaiting_human.
+if [ -z "$reason" ] && [ -f "$d/questions.md" ]; then
+  if grep -qiE '^[[:space:]]*gate:[[:space:]]*(blocking|validating)' "$d/questions.md" 2>/dev/null \
+     && grep -qiE '^[[:space:]]*status:[[:space:]]*open' "$d/questions.md" 2>/dev/null; then
+    if ! grep -qiE 'Status:[[:space:]]*awaiting_human|## Awaiting human' "$d/state.md" 2>/dev/null; then
+      reason="an open blocking/validating question is not surfaced — write the Awaiting human block to state.md (and set Status: awaiting_human) before stopping"
+    fi
+  fi
+fi
+
+[ -n "$reason" ] || exit 0
+
+mode="${DEVRITES_STOP_GATE:-observe}"
+if [ "$mode" = "enforce" ]; then
+  printf '{"decision":"block","reason":"DevRites stop-gate: %s. (devrites-stop-gate)"}\n' "$reason"
+  exit 0
+fi
+printf '%s\tWOULD-BLOCK\t%s\n' "$(date '+%Y-%m-%dT%H:%M:%S' 2>/dev/null || echo '?')" "$reason" >> "$d/.stop-gate.log" 2>/dev/null || true
+exit 0

package/pack/.claude/hooks/devrites-wright-scope.sh

@@ -0,0 +1,35 @@
+#!/usr/bin/env bash
+# DevRites subagent PreToolUse hook (wired from devrites-slice-wright frontmatter) — fence the
+# wright to its slice: deny Edit/Write to a path not listed in touched-files.md. Feature-scope
+# enforced at the source, the in-subagent companion to the post-hoc reconcile.sh gate. FAIL-OPEN,
+# OBSERVE by default (logs to .wright-scope.log); enable with DEVRITES_WRIGHT_SCOPE=enforce.
+set -u
+
+input="$(cat)"
+case "$input" in *'"tool_name"'*) : ;; *) exit 0 ;; esac
+root="${CLAUDE_PROJECT_DIR:-$PWD}"
+[ -f "$root/.devrites/ACTIVE" ] || exit 0
+slug="$(tr -d '[:space:]' < "$root/.devrites/ACTIVE" 2>/dev/null)"
+[ -n "$slug" ] || exit 0
+d="$root/.devrites/work/$slug"
+tf="$d/touched-files.md"
+[ -f "$tf" ] || exit 0
+
+command -v node >/dev/null 2>&1 || exit 0
+parsed="$(printf '%s' "$input" | node -e 'let s="";process.stdin.on("data",d=>s+=d).on("end",()=>{try{const j=JSON.parse(s);const ti=j.tool_input||{};process.stdout.write((j.tool_name||"")+"
"+(ti.file_path||ti.path||""))}catch(e){}})' 2>/dev/null)"
+[ -n "$parsed" ] || exit 0
+tool="${parsed%%$'\001'*}"; fpath="${parsed#*$'\001'}"
+case "$tool" in Edit|Write|MultiEdit|NotebookEdit) : ;; *) exit 0 ;; esac
+[ -n "$fpath" ] || exit 0
+case "$fpath" in *.devrites/*) exit 0 ;; esac
+
+rel="${fpath#"$root"/}"
+if grep -qF "$rel" "$tf" 2>/dev/null || grep -qF "$fpath" "$tf" 2>/dev/null; then exit 0; fi
+
+mode="${DEVRITES_WRIGHT_SCOPE:-observe}"
+if [ "$mode" = "enforce" ]; then
+  printf '%s\n' '{"hookSpecificOutput":{"hookEventName":"PreToolUse","permissionDecision":"deny","permissionDecisionReason":"DevRites scope: this path is not in touched-files.md. Build only the slice contract; if the slice genuinely needs this file, return an Escalation so the orchestrator routes it through the Spec Drift Guard — do not widen scope yourself. (devrites-wright-scope)"}}'
+  exit 0
+fi
+printf '%s\tWOULD-BLOCK\t%s\n' "$(date '+%Y-%m-%dT%H:%M:%S' 2>/dev/null || echo '?')" "$fpath" >> "$d/.wright-scope.log" 2>/dev/null || true
+exit 0

package/pack/.claude/hooks/hooks.json

@@ -0,0 +1,52 @@
+{
+  "hooks": {
+    "PreToolUse": [
+      {
+        "matcher": "Bash",
+        "hooks": [
+          { "type": "command", "command": "bash \"${CLAUDE_PLUGIN_ROOT}/pack/.claude/hooks/devrites-allow.sh\"" }
+        ]
+      },
+      {
+        "matcher": "Edit|Write|MultiEdit|NotebookEdit",
+        "hooks": [
+          { "type": "command", "command": "bash \"${CLAUDE_PLUGIN_ROOT}/pack/.claude/hooks/devrites-a1-guard.sh\"" }
+        ]
+      }
+    ],
+    "PostToolUse": [
+      {
+        "matcher": "Bash",
+        "hooks": [
+          { "type": "command", "command": "bash \"${CLAUDE_PLUGIN_ROOT}/pack/.claude/hooks/devrites-redwatch.sh\"" }
+        ]
+      }
+    ],
+    "Stop": [
+      {
+        "hooks": [
+          { "type": "command", "command": "bash \"${CLAUDE_PLUGIN_ROOT}/pack/.claude/hooks/devrites-stop-gate.sh\"" }
+        ]
+      },
+      {
+        "hooks": [
+          { "type": "command", "command": "bash \"${CLAUDE_PLUGIN_ROOT}/pack/.claude/hooks/devrites-refresh-indexes.sh\"" }
+        ]
+      }
+    ],
+    "UserPromptSubmit": [
+      {
+        "hooks": [
+          { "type": "command", "command": "bash \"${CLAUDE_PLUGIN_ROOT}/pack/.claude/hooks/devrites-cursor.sh\"" }
+        ]
+      }
+    ],
+    "SessionStart": [
+      {
+        "hooks": [
+          { "type": "command", "command": "bash \"${CLAUDE_PLUGIN_ROOT}/pack/.claude/hooks/devrites-orient.sh\"" }
+        ]
+      }
+    ]
+  }
+}

package/pack/.claude/rules/README.md

@@ -0,0 +1,48 @@
+# DevRites rules
+
+Stack-agnostic engineering rules that DevRites installs to `.claude/rules/`. They encode
+the standards the DevRites workflow holds code to — quality, safety, testing, and review
+discipline that apply in any language.
+
+These are **common** by design: nothing here assumes a specific framework or language.
+Project-specific conventions always win where they exist (DevRites reads the codebase and
+prefers what's already there).
+
+## Loading model — progressive disclosure
+
+To keep context lean, the rules follow Claude's progressive-disclosure pattern. There
+are 18 rule files (plus this README index): each DevRites `rite-*` skill Reads
+`.claude/rules/core.md` as its first step; the other 17 rule files load on demand by the
+phase that needs them.
+
+### Always-on (read by each `rite-*` skill as step 0)
+
+| Rule | Covers |
+|---|---|
+| `core.md` | Operating rules, universal anti-rationalizations, one-line craft disciplines (fail-fast, reuse-first, test-behaviour-not-impl, trust boundary, measure-first), persistence + hygiene reminders. |
+
+### On-demand (read by the phase / topic that needs it)
+
+| Rule | Covers | Typical phase |
+|---|---|---|
+| `coding-style.md` | Naming, function shape, guard clauses, comments, simplicity, reuse-first. | `/rite-build`, `/rite-polish` Phase 1. |
+| `prose-style.md` | Human-voice writing for artifacts + replies; two registers (prose vs technical); the LLM-tell cut-list. Depth in the `devrites-prose-craft` skill. | Any phase that writes prose — `/rite-spec`, `/rite-define`, `/rite-review`, `/rite-seal`, `/rite-ship`; `/rite-polish` Phase 1 as the catch. |
+| `error-handling.md` | Fail fast, no silent catches, meaningful messages, fail closed. | `/rite-build`, `/rite-polish` (backend), `/rite-review`. |
+| `testing.md` | Pyramid, behavior over implementation, determinism. | `/rite-build`, `/rite-prove`, `/rite-review`. |
+| `code-review.md` | Small PRs, severity labels, what to check, actionable feedback. | `/rite-review`, `/rite-seal`. |
+| `security.md` | Untrusted input, least privilege, secrets, three-tier trust boundary, fail closed. | When input / auth / data / integrations are in scope. |
+| `performance.md` | Measure first, common pitfalls, prove the win. | When perf is in scope. |
+| `patterns.md` | SOLID, composition, loose coupling, avoid over-engineering. | `/rite-build`, simplification audit. |
+| `git-workflow.md` | Conventional Commits, atomic commits, small PRs. | `/rite-ship` commit / push / tag steps. |
+| `hooks.md` | Stage checks by cost, fast local hooks, secret scanning. | Reference-only — read when setting up the project's git hooks; not auto-loaded by any phase. |
+| `documentation.md` | Explain why, keep current, record decisions. | `/rite-spec`, `/rite-define`, `/rite-seal`. |
+| `development-workflow.md` | Small batches, trunk-always-green, definition of done. | `/rite-define`, `/rite-plan`. |
+| `agents.md` | DevRites review subagents + specialist skills, when to fan out. | `/rite-review`, `/rite-seal`. |
+| `context-hygiene.md` | `/clear` vs `/compact`, lost-in-the-middle, phase-aware hygiene footer. | Phase-end hygiene footer; choosing `/clear` vs `/compact`. |
+| `anti-patterns.md` | Pack-wide rationalizations + red flags the agent reaches for. | Loaded by each `rite-*/reference/anti-patterns.md`; loaded directly when reluctance is broader than the active phase. |
+| `afk-hitl.md` | AFK vs HITL contract: `.devrites/AFK` sentinel format, `questions.md` schema, four-gate taxonomy (advisory / validating / blocking / escalating), AFK-never-silently-accepts boundaries. | `/rite-build`, `/rite-status`, `/rite-resolve`, `devrites-doubt`; anywhere a pause-or-proceed decision happens. |
+| `tooling.md` | Optional external tools — code intelligence (codebase-memory-mcp first → cross-verify with codegraph + graphify → standard methods LSP / `Read`/`Grep`/`Glob`), up-to-date library docs (context7), architecture/ADR memory. Recommended, not required. | Any phase doing structural lookups (callers / impact / placement) or relying on external library/framework facts. |
+
+How they're used: DevRites skills follow these rules; you and Claude can reference them
+directly. They are guidance, not enforced gates — the enforced gates live in the
+workflow skills (Spec Drift Guard, readiness gates, the seal).