eagle-mem 4.6.1 → 4.7.0

package/README.md

@@ -9,15 +9,18 @@
 
 **Context that survives `/compact`.**
 
+**v4.7.0 adds first-class Codex support and enforced anti-regression checks.**
+Claude Code and Codex can now share the same local Eagle Mem database, while every captured row records which agent created it.
+
 ## The Problem
 
-Claude Code starts every session with amnesia. It doesn't remember what you built yesterday, what decisions you made, what files matter, or what broke last time. Every `/compact` wipes context. Every new session is a cold start. You waste tokens re-explaining your project, re-reading files, and watching Claude repeat mistakes you already corrected.
+Claude Code and Codex start every session with amnesia. They don't remember what you built yesterday, what decisions you made, what files matter, or what broke last time. Every `/compact` wipes context. Every new session is a cold start. You waste tokens re-explaining your project, re-reading files, and watching agents repeat mistakes you already corrected.
 
 The longer you work with Claude Code, the worse this gets. Projects accumulate history — decisions, gotchas, architectural patterns, feature dependencies — and none of it survives across sessions.
 
 ## The Solution
 
-Eagle Mem is a recall layer for Claude Code. Every session starts with context from previous sessions — summaries, decisions, memories, tasks, project overviews, and relevant code — injected automatically via hooks. No commands to run, no prompts to write. It just works.
+Eagle Mem is a recall and regression-control layer for Claude Code and Codex. Every session starts with context from previous sessions — summaries, decisions, memories, tasks, project overviews, and relevant code — injected automatically via hooks. Both agents share the same SQLite database at `~/.eagle-mem/memory.db`, and captured rows are source-attributed as `Claude Code` or `Codex`.
 
 **Zero per-instance overhead.** No daemon, no vector DB, no MCP server. Just bash scripts, sqlite3 (WAL mode, FTS5 full-text search), and jq.
 
@@ -41,29 +44,33 @@ npm install -g eagle-mem
 eagle-mem install
 ```
 
-That's it. Open Claude Code in any project directory. Eagle Mem activates automatically.
+That's it. Open Claude Code or Codex in any project directory. Eagle Mem activates automatically.
 
 Everything is automatic from here. Eagle Mem scans your codebase, indexes source files, captures session summaries, mirrors Claude's memories and tasks, learns which commands are noisy, and prunes stale data — all in the background via hooks.
 
+For Codex, the installer enables `codex_hooks` in `~/.codex/config.toml`, registers hooks in `~/.codex/hooks.json`, and patches `~/.codex/AGENTS.md` with the Eagle Mem summary contract. For Claude Code, it keeps using `~/.claude/settings.json`, `CLAUDE.md`, and the existing Claude memory/task locations.
+
 ### Prerequisites
 
 - `sqlite3` with FTS5 support (ships with macOS; the installer offers to install if missing)
 - `jq` (the installer offers to install if missing)
-- [Claude Code](https://docs.anthropic.com/en/docs/claude-code) installed (`~/.claude/` must exist)
+- [Claude Code](https://docs.anthropic.com/en/docs/claude-code), Codex, or both installed
 
 ## How It Works
 
-Six hooks fire automatically at different points in Claude Code's lifecycle:
+Hooks fire automatically at different points in the agent lifecycle:
 
 | Hook | Fires When | What It Does |
 |------|-----------|--------------|
 | **SessionStart** | startup, resume, clear, compact | Injects overview, summaries, memories, tasks, core files, working set. Auto-provisions new projects (scan, index). |
-| **PreToolUse** | before Bash, Read, Edit, Write | Surfaces guardrails and decisions before edits. Rewrites noisy commands (learned rules). Detects redundant reads, nudges co-edit partners, detects stuck loops. |
+| **PreToolUse** | before Bash/shell, Read, Edit, Write, apply_patch | Surfaces guardrails and decisions before edits. Blocks release-boundary commands while feature verification is pending. Rewrites noisy commands through RTK when available. Detects redundant reads, nudges co-edit partners, detects stuck loops. |
 | **UserPromptSubmit** | user sends a message | FTS5 search across past sessions and indexed code for relevant context |
 | **PostToolUse** | after tool calls | Records file touches, mirrors memory/plan/task writes, surfaces decision history and feature impacts on reads, stale memory warnings on edits |
-| **Stop** | Claude's turn ends | Extracts `<eagle-summary>` blocks for rich session summaries |
+| **Stop** | agent turn ends | Extracts `<eagle-summary>` blocks for rich session summaries from Claude Code and Codex transcripts |
 | **SessionEnd** | session closes | Re-syncs tasks, marks session completed |
 
+Codex shell hooks are registered for `Bash`, `exec_command`, `shell_command`, and `unified_exec` tool names so release-boundary protection works across current Codex shell paths.
+
 ### Background Automation
 
 These run automatically via SessionStart — no commands needed:
@@ -92,9 +99,10 @@ Eagle Mem prevents Claude from repeating past mistakes:
 
 - **Decision surfacing** — when you edit a file that has past decisions recorded (from `<eagle-summary>` blocks), PreToolUse reminds Claude not to revert without asking
 - **Guardrails** — file-level rules (manual or curator-discovered) that fire before every Edit/Write
-- **Feature verification** — tracks features with smoke tests and dependencies; reminds you to verify on `git push`
+- **Feature verification** — tracks features with smoke tests and dependencies; current git diffs create fingerprinted pending verification records, and release-boundary commands such as `git push`, `gh pr create`, and package publish are blocked until the current fingerprint is verified or waived
 - **Gotcha surfacing** — past surprises and gotchas are surfaced when editing related files
 - **Stale memory detection** — warns when edits may contradict stored memories
+- **Token guard** — when `rtk` is installed, raw shell output commands are rewritten or blocked with an RTK equivalent so large output is compacted before it enters agent context
 
 ## Commands
 
@@ -129,6 +137,29 @@ eagle-mem search --stats           # project statistics
 eagle-mem search --session <id>    # full observation trail for one session
 ```
 
+### Feature Verification
+
+```bash
+eagle-mem feature pending
+eagle-mem feature verify "Feature name" --notes "smoke test passed"
+eagle-mem feature waive 12 --reason "docs-only change, no runtime impact"
+```
+
+Verification is tied to the current git diff fingerprint. If the same diff was already verified, release-boundary hooks do not reopen it. If the file changes again, Eagle Mem creates a new pending verification for the new fingerprint.
+
+Dry-run validation stays unblocked. For example, `gh pr create --dry-run` and `npm publish --dry-run` are treated as validation. Explicit real commands such as `npm publish --dry-run=false` are treated as release boundaries and will enforce pending feature verification.
+
+### Shared Claude Code + Codex Memory
+
+Both agents write to `~/.eagle-mem/memory.db`:
+
+- `sessions.agent` records whether a session came from Claude Code or Codex
+- `summaries.agent` records which agent produced the session summary
+- mirrored memories, plans, and tasks include `origin_agent`
+- SessionStart recall labels sources as `Claude Code` or `Codex`
+
+That means opening the same project in Claude Code and Codex does not create two isolated memory worlds. They recall the same project history while preserving the source of each memory.
+
 ## Skills (Inside Claude Code)
 
 | Skill | What It Does |
@@ -156,6 +187,7 @@ Single SQLite database at `~/.eagle-mem/memory.db` (WAL mode, FTS5 full-text sea
 | `feature_files` | Files belonging to each feature |
 | `feature_dependencies` | Inter-feature dependency relationships |
 | `feature_smoke_tests` | Smoke test definitions for feature verification |
+| `pending_feature_verifications` | Release blockers created when files tied to features change |
 | `eagle_meta` | Internal metadata (last scan, last curate, etc.) |
 | `claude_memories` | Mirror of Claude Code auto-memories |
 | `claude_plans` | Mirror of Claude Code plans |

package/db/023_guardrails.sql

@@ -11,8 +11,9 @@ CREATE TABLE IF NOT EXISTS guardrails (
     source       TEXT NOT NULL DEFAULT 'manual',
     active       INTEGER NOT NULL DEFAULT 1,
     created_at   TEXT NOT NULL DEFAULT (strftime('%Y-%m-%dT%H:%M:%fZ', 'now')),
-    updated_at   TEXT NOT NULL DEFAULT (strftime('%Y-%m-%dT%H:%M:%fZ', 'now')),
-    UNIQUE(project, source, file_pattern, rule)
+    updated_at   TEXT NOT NULL DEFAULT (strftime('%Y-%m-%dT%H:%M:%fZ', 'now'))
 );
 
 CREATE INDEX IF NOT EXISTS idx_guardrails_project ON guardrails(project, active);
+CREATE UNIQUE INDEX IF NOT EXISTS idx_guardrails_dedup
+    ON guardrails(project, COALESCE(file_pattern, ''), rule);

package/db/024_guardrails_unique.sql

@@ -0,0 +1,46 @@
+-- Migration 024: Normalize guardrail de-duplication
+-- Older installs used UNIQUE(project, source, file_pattern, rule). Runtime
+-- installs already moved to project+file_pattern+rule, so rebuild the table
+-- to make fresh and upgraded databases agree.
+
+CREATE TABLE IF NOT EXISTS guardrails_new (
+    id           INTEGER PRIMARY KEY AUTOINCREMENT,
+    project      TEXT NOT NULL,
+    file_pattern TEXT NOT NULL DEFAULT '',
+    rule         TEXT NOT NULL,
+    source       TEXT NOT NULL DEFAULT 'manual',
+    active       INTEGER NOT NULL DEFAULT 1,
+    created_at   TEXT NOT NULL DEFAULT (strftime('%Y-%m-%dT%H:%M:%fZ', 'now')),
+    updated_at   TEXT NOT NULL DEFAULT (strftime('%Y-%m-%dT%H:%M:%fZ', 'now'))
+);
+
+INSERT OR IGNORE INTO guardrails_new (id, project, file_pattern, rule, source, active, created_at, updated_at)
+SELECT
+    MIN(g.id) AS id,
+    g.project,
+    COALESCE(g.file_pattern, '') AS file_pattern,
+    g.rule,
+    COALESCE((
+        SELECT g2.source
+        FROM guardrails g2
+        WHERE g2.project = g.project
+          AND COALESCE(g2.file_pattern, '') = COALESCE(g.file_pattern, '')
+          AND g2.rule = g.rule
+        ORDER BY
+            CASE g2.source WHEN 'manual' THEN 0 ELSE 1 END,
+            g2.updated_at DESC,
+            g2.id DESC
+        LIMIT 1
+    ), 'manual') AS source,
+    MAX(g.active) AS active,
+    MIN(g.created_at) AS created_at,
+    MAX(g.updated_at) AS updated_at
+FROM guardrails g
+GROUP BY g.project, COALESCE(g.file_pattern, ''), g.rule;
+
+DROP TABLE guardrails;
+ALTER TABLE guardrails_new RENAME TO guardrails;
+
+CREATE INDEX IF NOT EXISTS idx_guardrails_project ON guardrails(project, active);
+CREATE UNIQUE INDEX IF NOT EXISTS idx_guardrails_dedup
+    ON guardrails(project, COALESCE(file_pattern, ''), rule);

package/db/025_pending_feature_verifications.sql

@@ -0,0 +1,30 @@
+-- Migration 025: Enforced anti-regression verification state
+-- Hooks record affected features here after edits. Release-boundary commands
+-- are blocked while pending rows remain for the project.
+
+CREATE TABLE IF NOT EXISTS pending_feature_verifications (
+    id                INTEGER PRIMARY KEY AUTOINCREMENT,
+    project           TEXT NOT NULL,
+    feature_id        INTEGER NOT NULL,
+    feature_name      TEXT NOT NULL,
+    file_path         TEXT NOT NULL DEFAULT '',
+    reason            TEXT NOT NULL DEFAULT '',
+    source_session_id TEXT,
+    trigger_tool      TEXT,
+    status            TEXT NOT NULL DEFAULT 'pending',
+    created_at        TEXT NOT NULL DEFAULT (strftime('%Y-%m-%dT%H:%M:%fZ', 'now')),
+    updated_at        TEXT NOT NULL DEFAULT (strftime('%Y-%m-%dT%H:%M:%fZ', 'now')),
+    resolved_at       TEXT,
+    notes             TEXT,
+    FOREIGN KEY (feature_id) REFERENCES features(id) ON DELETE CASCADE
+);
+
+CREATE UNIQUE INDEX IF NOT EXISTS idx_pending_feature_verifications_open
+    ON pending_feature_verifications(project, feature_id, file_path)
+    WHERE status = 'pending';
+
+CREATE INDEX IF NOT EXISTS idx_pending_feature_verifications_project
+    ON pending_feature_verifications(project, status, updated_at);
+
+CREATE INDEX IF NOT EXISTS idx_pending_feature_verifications_feature
+    ON pending_feature_verifications(feature_id, status);

package/db/026_agent_source.sql

@@ -0,0 +1,18 @@
+-- Migration 026: Multi-agent source attribution
+-- Eagle Mem is shared by Claude Code and Codex. Keep lifecycle source
+-- (startup/resume/clear) separate from the agent that wrote each row.
+
+ALTER TABLE sessions ADD COLUMN agent TEXT NOT NULL DEFAULT 'claude-code';
+ALTER TABLE observations ADD COLUMN agent TEXT NOT NULL DEFAULT 'claude-code';
+ALTER TABLE summaries ADD COLUMN agent TEXT NOT NULL DEFAULT 'claude-code';
+
+ALTER TABLE claude_memories ADD COLUMN origin_agent TEXT NOT NULL DEFAULT 'claude-code';
+ALTER TABLE claude_plans ADD COLUMN origin_agent TEXT NOT NULL DEFAULT 'claude-code';
+ALTER TABLE claude_tasks ADD COLUMN origin_agent TEXT NOT NULL DEFAULT 'claude-code';
+
+CREATE INDEX IF NOT EXISTS idx_sessions_agent ON sessions(agent);
+CREATE INDEX IF NOT EXISTS idx_observations_agent ON observations(agent);
+CREATE INDEX IF NOT EXISTS idx_summaries_agent ON summaries(agent);
+CREATE INDEX IF NOT EXISTS idx_claude_memories_origin_agent ON claude_memories(origin_agent);
+CREATE INDEX IF NOT EXISTS idx_claude_plans_origin_agent ON claude_plans(origin_agent);
+CREATE INDEX IF NOT EXISTS idx_claude_tasks_origin_agent ON claude_tasks(origin_agent);

package/db/027_feature_verification_fingerprints.sql

@@ -0,0 +1,9 @@
+-- Migration 027: Diff-fingerprint feature verification
+-- Verification must attach to the current repository change, not only to a
+-- feature/file pair. This prevents release hooks from reopening already
+-- verified rows when the diff has not changed.
+
+ALTER TABLE pending_feature_verifications ADD COLUMN change_fingerprint TEXT NOT NULL DEFAULT '';
+
+CREATE INDEX IF NOT EXISTS idx_pending_feature_verifications_fingerprint
+    ON pending_feature_verifications(project, feature_id, file_path, change_fingerprint, status);

package/hooks/post-tool-use.sh

@@ -19,6 +19,7 @@ input=$(eagle_read_stdin)
 session_id=$(echo "$input" | jq -r '.session_id // empty')
 cwd=$(echo "$input" | jq -r '.cwd // empty')
 tool_name=$(echo "$input" | jq -r '.tool_name // empty')
+agent=$(eagle_agent_source_from_json "$input")
 
 hook_event=$(echo "$input" | jq -r '.hook_event_name // empty')
 
@@ -30,7 +31,7 @@ case "$hook_event" in
         [ ! -f "$EAGLE_MEM_DB" ] && exit 0
         project=$(eagle_project_from_cwd "$cwd")
         [ -z "$project" ] && exit 0
-        eagle_upsert_session "$session_id" "$project" "$cwd" "" ""
+        eagle_upsert_session "$session_id" "$project" "$cwd" "" "" "$agent"
 
         task_id=$(echo "$input" | jq -r '.task_id // empty')
         task_subject=$(echo "$input" | jq -r '.task_subject // empty')
@@ -50,14 +51,16 @@ case "$hook_event" in
             subj_sql=$(eagle_sql_escape "$task_subject")
             desc_sql=$(eagle_sql_escape "$task_desc")
             stat_sql=$(eagle_sql_escape "$local_status")
+            agent_sql=$(eagle_sql_escape "$agent")
 
             eagle_db_pipe <<SQL
-INSERT INTO claude_tasks (project, source_session_id, source_task_id, file_path, subject, description, status)
-VALUES ('$proj_sql', '$sid_sql', '$tid_sql', '$fp_sql', '$subj_sql', '$desc_sql', '$stat_sql')
+INSERT INTO claude_tasks (project, source_session_id, source_task_id, file_path, subject, description, status, origin_agent)
+VALUES ('$proj_sql', '$sid_sql', '$tid_sql', '$fp_sql', '$subj_sql', '$desc_sql', '$stat_sql', '$agent_sql')
 ON CONFLICT(file_path) DO UPDATE SET
     subject     = excluded.subject,
     description = excluded.description,
     status      = excluded.status,
+    origin_agent = excluded.origin_agent,
     updated_at  = strftime('%Y-%m-%dT%H:%M:%fZ', 'now');
 SQL
         fi
@@ -69,8 +72,8 @@ esac
 
 # Only track relevant tools
 case "$tool_name" in
-    Read|Write|Edit|Bash|TaskCreate|TaskUpdate) ;;
-    *) exit 0 ;;
+    Read|Write|Edit|TaskCreate|TaskUpdate|apply_patch) ;;
+    *) eagle_is_shell_tool "$tool_name" || exit 0 ;;
 esac
 
 [ ! -f "$EAGLE_MEM_DB" ] && exit 0
@@ -80,7 +83,7 @@ project=$(eagle_project_from_cwd "$cwd")
 
 # Ensure session row exists before inserting observations (FK constraint).
 # PostToolUse can race SessionStart — the session row might not exist yet.
-eagle_upsert_session "$session_id" "$project" "$cwd" "" ""
+eagle_upsert_session "$session_id" "$project" "$cwd" "" "" "$agent"
 
 # ─── Extract observation data from tool call ──────────────
 
@@ -108,10 +111,22 @@ case "$tool_name" in
         [ -n "$fp" ] && files_modified=$(printf '%s' "$fp" | jq -Rsc '[.]')
         tool_summary="Edit $fp"
         ;;
-    Bash)
-        cmd=$(echo "$input" | jq -r '.tool_input.command // empty' | cut -c1-200)
+    apply_patch)
+        patch_cmd=$(echo "$input" | jq -r '.tool_input.command // empty')
+        patch_files=$(printf '%s\n' "$patch_cmd" | eagle_extract_apply_patch_files)
+        if [ -n "$patch_files" ]; then
+            fp=$(printf '%s\n' "$patch_files" | head -1)
+            files_modified=$(printf '%s\n' "$patch_files" | jq -Rsc 'split("\n") | map(select(. != ""))')
+            patch_count=$(printf '%s\n' "$patch_files" | sed '/^[[:space:]]*$/d' | wc -l | tr -d ' ')
+            tool_summary="apply_patch: ${patch_count} file(s)"
+        else
+            tool_summary="apply_patch"
+        fi
+        ;;
+    Bash|exec_command|shell_command|unified_exec)
+        cmd=$(eagle_tool_command_from_json "$input" | cut -c1-200)
         cmd=$(echo "$cmd" | eagle_redact)
-        tool_summary="Bash: $cmd"
+        tool_summary="${tool_name}: $cmd"
 
         tool_output=$(echo "$input" | jq -r '.tool_response.stdout // empty' 2>/dev/null)
         if [ -n "$tool_output" ]; then
@@ -147,7 +162,7 @@ esac
 
 if [ -n "$fp" ] && [ -n "$session_id" ] && eagle_validate_session_id "$session_id"; then
     case "$tool_name" in
-        Edit|Write)
+        Edit|Write|apply_patch)
             mod_dir="$EAGLE_MEM_DIR/mod-tracker"
             mkdir -p "$mod_dir" 2>/dev/null
             mod_file="$mod_dir/${session_id}"
@@ -167,16 +182,29 @@ if [ -n "$fp" ] && [ -n "$session_id" ] && eagle_validate_session_id "$session_i
     esac
 fi
 
+# ─── Enforced anti-regression: mark affected features pending ──
+
+case "$tool_name" in
+    Edit|Write|apply_patch)
+        if [ -n "$files_modified" ] && [ "$files_modified" != "[]" ]; then
+            while IFS= read -r mod_file; do
+                [ -z "$mod_file" ] && continue
+                eagle_record_current_feature_verifications_for_file "$project" "$cwd" "$mod_file" "$session_id" "$tool_name" "File changed by ${tool_name}" >/dev/null
+            done < <(echo "$files_modified" | jq -r '.[]?' 2>/dev/null)
+        fi
+        ;;
+esac
+
 # ─── Dispatch to extracted responsibilities ───────────────
 
-eagle_posttool_mirror_writes "$tool_name" "$fp" "$session_id" "$project"
-eagle_posttool_mirror_tasks "$tool_name" "$session_id" "$project" "$input"
+eagle_posttool_mirror_writes "$tool_name" "$fp" "$session_id" "$project" "$agent"
+eagle_posttool_mirror_tasks "$tool_name" "$session_id" "$project" "$input" "$agent"
 eagle_posttool_stale_hint "$tool_name" "$fp" "$project"
 eagle_posttool_decision_surface "$tool_name" "$fp" "$project"
 
 # ─── Record observation ──────────────────────────────────
 
-if ! eagle_insert_observation "$session_id" "$project" "$tool_name" "$tool_summary" "$files_read" "$files_modified" "$output_bytes" "$output_lines" "$command_category"; then
+if ! eagle_insert_observation "$session_id" "$project" "$tool_name" "$tool_summary" "$files_read" "$files_modified" "$output_bytes" "$output_lines" "$command_category" "$agent"; then
     eagle_log "ERROR" "PostToolUse: observation insert failed for session=$session_id tool=$tool_name"
 fi
 

package/hooks/pre-tool-use.sh

@@ -21,10 +21,11 @@ input=$(eagle_read_stdin)
 [ -z "$input" ] && exit 0
 
 tool_name=$(echo "$input" | jq -r '.tool_name // empty')
+agent=$(eagle_agent_source_from_json "$input")
 
 case "$tool_name" in
-    Bash|Read|Edit|Write) ;;
-    *) exit 0 ;;
+    Read|Edit|Write|apply_patch) ;;
+    *) eagle_is_shell_tool "$tool_name" || exit 0 ;;
 esac
 
 [ ! -f "$EAGLE_MEM_DB" ] && exit 0
@@ -38,27 +39,102 @@ context=""
 updated_input=""
 
 case "$tool_name" in
-Bash)
-    cmd=$(echo "$input" | jq -r '.tool_input.command // empty')
+Bash|exec_command|shell_command|unified_exec)
+    cmd=$(eagle_tool_command_from_json "$input")
     [ -z "$cmd" ] && exit 0
 
-    # ─── Feature verification on git push ─────────────────────
+    # ─── Enforced feature verification on release boundaries ───
+
+    release_changed_files=""
+    if eagle_is_release_boundary_command "$cmd"; then
+        if [ -n "$cwd" ] && [ -d "$cwd" ]; then
+            release_changed_files=$(eagle_changed_files_for_release "$cwd")
+            eagle_reconcile_current_feature_verifications "$project" "$cwd" "$session_id" "$tool_name" "Release boundary detected for current repository diff" "$release_changed_files" >/dev/null
+        fi
+
+        pending_rows=$(eagle_list_current_pending_feature_verifications "$project" "$cwd" "$release_changed_files" 8 2>/dev/null)
+        pending_count=$(printf '%s\n' "$pending_rows" | sed '/^[[:space:]]*$/d' | wc -l | tr -d ' ')
+        pending_count=${pending_count:-0}
+        if [ "$pending_count" -gt 0 ] 2>/dev/null; then
+            block_reason="Eagle Mem blocked this release boundary because ${pending_count} feature verification(s) are pending.
+
+Run the affected smoke tests, then resolve them with:
+  eagle-mem feature verify <name> --notes \"what passed\"
+
+For intentional exceptions:
+  eagle-mem feature waive <id> --reason \"why this is safe\"
+
+Pending checks:"
+            while IFS='|' read -r pid pname pfile preason _ptrigger _pcreated psmoke pfingerprint; do
+                [ -z "$pid" ] && continue
+                block_reason+="
+  #${pid} ${pname}"
+                [ -n "$pfile" ] && block_reason+=" (${pfile})"
+                [ -n "$preason" ] && block_reason+=" — ${preason}"
+                [ -n "$psmoke" ] && block_reason+=" | smoke: ${psmoke}"
+                [ -n "$pfingerprint" ] && block_reason+=" | diff: ${pfingerprint}"
+            done <<< "$pending_rows"
+
+            jq -nc --arg reason "$block_reason" '{
+                "decision":"block",
+                "reason":$reason,
+                "hookSpecificOutput":{
+                    "hookEventName":"PreToolUse",
+                    "permissionDecision":"deny",
+                    "permissionDecisionReason":$reason
+                }
+            }'
+            exit 0
+        fi
+    fi
+
+    # ─── RTK command rewrite / enforcement ─────────────────
+
+    rtk_cmd=$(eagle_rtk_rewrite_command "$cmd")
+    if [ -n "$rtk_cmd" ]; then
+        if [ "$agent" = "codex" ] && ! eagle_raw_bash_unlock_active; then
+            reason="Eagle Mem token guard blocked raw shell output.
+
+Use RTK so large output is compact before it enters context:
+  $rtk_cmd
+
+Temporary escape hatch for one-off raw output:
+  touch $EAGLE_RAW_BASH_UNLOCK"
+            jq -nc --arg reason "$reason" '{
+                "decision":"block",
+                "reason":$reason,
+                "hookSpecificOutput":{
+                    "hookEventName":"PreToolUse",
+                    "permissionDecision":"deny",
+                    "permissionDecisionReason":$reason
+                }
+            }'
+            exit 0
+        fi
+
+        if ! eagle_raw_bash_unlock_active; then
+            updated_input=$(echo "$input" | jq --arg cmd "$rtk_cmd" '.tool_input + {"command":$cmd}')
+            context+="Eagle Mem token guard: rewrote raw shell command through RTK to reduce context load: ${rtk_cmd}. "
+        fi
+    fi
+
+    # ─── Feature verification context for non-blocked pushes ───
 
     case "$cmd" in
         *"git push"*|*"gh pr create"*)
             has_features=$(eagle_count_active_features "$project")
             if [ "${has_features:-0}" -gt 0 ]; then
-                changed_files=""
-                if [ -n "$cwd" ] && [ -d "$cwd" ]; then
-                    changed_files=$(git -C "$cwd" diff --name-only HEAD 2>/dev/null)
-                    [ -z "$changed_files" ] && changed_files=$(git -C "$cwd" diff --cached --name-only 2>/dev/null)
-                fi
+                    changed_files="$release_changed_files"
+                    if [ -z "$changed_files" ] && [ -n "$cwd" ] && [ -d "$cwd" ]; then
+                        changed_files=$(eagle_changed_files_for_release "$cwd")
+                    fi
 
                 if [ -n "$changed_files" ]; then
                     seen_features=""
                     while IFS= read -r changed_file; do
                         [ -z "$changed_file" ] && continue
-                        fname=$(basename "$changed_file")
+                        norm_file=$(eagle_project_file_path "$cwd" "$changed_file")
+                        fname=$(basename "$norm_file")
 
                         feature_hits=$(eagle_find_feature_for_push "$project" "$fname")
 
@@ -91,6 +167,7 @@ ${context}================"
 
     # ─── Command output filtering (learned rules) ─────────────
 
+    if [ -z "$updated_input" ]; then
     base_cmd=$(echo "$cmd" | awk '{print $1}' | sed 's|.*/||')
     rule=$(eagle_get_command_rule "$project" "$base_cmd" "$cmd")
 
@@ -117,11 +194,18 @@ ${context}================"
                 ;;
         esac
     fi
+    fi
     ;;
 
-Edit|Write)
-    fp=$(echo "$input" | jq -r '.tool_input.file_path // empty')
-    if [ -n "$fp" ]; then
+Edit|Write|apply_patch)
+    target_files=$(echo "$input" | jq -r '.tool_input.file_path // empty')
+    if [ "$tool_name" = "apply_patch" ]; then
+        patch_cmd=$(echo "$input" | jq -r '.tool_input.command // empty')
+        target_files=$(printf '%s\n' "$patch_cmd" | eagle_extract_apply_patch_files | sed '/^[[:space:]]*$/d' | awk '!seen[$0]++')
+    fi
+    if [ -n "$target_files" ]; then
+        while IFS= read -r fp; do
+            [ -z "$fp" ] && continue
         # ─── Guardrail + decision/gotcha surfacing ────────
         fname=$(basename "$fp")
         fname_stem="${fname%.*}"
@@ -188,6 +272,7 @@ Edit|Write)
             partners=${partners%, }
             context+="Eagle Mem recall: when you change '$(basename "$fp")' you usually also touch: $partners"
         fi
+        done <<< "$target_files"
     fi
     ;;
 
@@ -217,6 +302,13 @@ esac
 
 [ -z "$context" ] && [ -z "$updated_input" ] && exit 0
 
+if [ "$agent" = "codex" ]; then
+    # Codex PreToolUse currently supports deny decisions, but not advisory
+    # additionalContext or updatedInput. Deny paths above already returned JSON;
+    # non-blocking reminders are delivered through SessionStart/UserPromptSubmit.
+    exit 0
+fi
+
 if [ -n "$updated_input" ]; then
     jq -nc --arg ctx "$context" --argjson ui "$updated_input" \
         '{"hookSpecificOutput":{"hookEventName":"PreToolUse","updatedInput":$ui,"additionalContext":$ctx}}'

package/hooks/session-end.sh

@@ -16,6 +16,7 @@ input=$(eagle_read_stdin)
 [ -z "$input" ] && exit 0
 
 session_id=$(echo "$input" | jq -r '.session_id // empty')
+agent=$(eagle_agent_source_from_json "$input")
 [ -z "$session_id" ] && exit 0
 [ ! -f "$EAGLE_MEM_DB" ] && exit 0
 
@@ -30,7 +31,7 @@ if eagle_validate_session_id "$session_id"; then
     if [ -d "$task_dir" ]; then
         for task_file in "$task_dir"/*.json; do
             [ ! -f "$task_file" ] && continue
-            eagle_capture_claude_task "$task_file" "$session_id" "$project"
+            eagle_capture_claude_task "$task_file" "$session_id" "$project" "$agent"
         done
         eagle_log "INFO" "SessionEnd: re-synced tasks from $task_dir"
     fi