failproofai 0.0.2-beta.7 → 0.0.2-beta.8

package/.next/standalone/src/hooks/custom-hooks-loader.ts

@@ -116,7 +116,7 @@ export interface LoadAllResult {
  * 3. User convention: ~/.failproofai/policies/*policies.{js,mjs,ts} (alphabetical)
  *
  * Each file is loaded independently (fail-open per file).
- * Convention hooks are tagged with __conventionSource so the handler can distinguish them.
+ * Convention hooks are tagged with __conventionScope so the handler can build scoped prefixes.
  */
 export async function loadAllCustomHooks(
   customPoliciesPath: string | undefined,
@@ -181,16 +181,23 @@ export async function loadAllCustomHooks(
     );
   }
 
-  // Tag convention hooks so the handler can register them with a "convention/" prefix.
-  // Track by object reference (not name) to avoid mis-tagging an explicit custom hook
-  // that happens to share the same name as a convention hook.
+  // Tag convention hooks with their scope so the handler can build scoped prefixes.
+  // Build a name→scope map from conventionSources, then tag by object reference
+  // to avoid mis-tagging an explicit custom hook that shares the same name.
+  const hookNameToScope = new Map<string, string>();
+  for (const source of conventionSources) {
+    for (const name of source.hookNames) {
+      hookNameToScope.set(name, source.scope);
+    }
+  }
   const conventionHookRefs = new Set<CustomHook>();
   for (const hook of allHooks.slice(hooksBeforeConvention)) {
     conventionHookRefs.add(hook);
   }
   for (const hook of allHooks) {
     if (conventionHookRefs.has(hook)) {
-      (hook as CustomHook & { __conventionSource?: boolean }).__conventionSource = true;
+      (hook as CustomHook & { __conventionScope?: string }).__conventionScope =
+        hookNameToScope.get(hook.name) ?? "project";
     }
   }
 

package/.next/standalone/src/hooks/handler.ts

@@ -78,8 +78,9 @@ export async function handleHookEvent(eventType: string): Promise<number> {
 
   for (const hook of customHooksList) {
     const hookName = hook.name;
-    const isConvention = (hook as CustomHook & { __conventionSource?: boolean }).__conventionSource === true;
-    const prefix = isConvention ? "convention" : "custom";
+    const conventionScope = (hook as CustomHook & { __conventionScope?: string }).__conventionScope;
+    const isConvention = !!conventionScope;
+    const prefix = isConvention ? `.failproofai-${conventionScope}` : "custom";
     const fn: PolicyFunction = async (ctx): Promise<PolicyResult> => {
       try {
         const result = await Promise.race([
@@ -98,6 +99,7 @@ export async function handleHookEvent(eventType: string): Promise<number> {
           error_type: isTimeout ? "timeout" : "exception",
           event_type: eventType,
           is_convention_policy: isConvention,
+          convention_scope: conventionScope ?? null,
         });
         return { decision: "allow" };
       }
@@ -170,7 +172,10 @@ export async function handleHookEvent(eventType: string): Promise<number> {
   if (result.decision === "deny" || result.decision === "instruct") {
     try {
       const isCustomHook = result.policyName?.startsWith("custom/") ?? false;
-      const isConventionPolicy = result.policyName?.startsWith("convention/") ?? false;
+      const isConventionPolicy = result.policyName?.startsWith(".failproofai-") ?? false;
+      const conventionScope = isConventionPolicy
+        ? result.policyName!.match(/^\.failproofai-(project|user)\//)?.[1] ?? null
+        : null;
       const hasCustomParams =
         !isCustomHook && !isConventionPolicy && !!(result.policyName && config.policyParams?.[result.policyName]);
       const paramKeysOverridden = hasCustomParams
@@ -184,6 +189,7 @@ export async function handleHookEvent(eventType: string): Promise<number> {
         decision: result.decision,
         is_custom_hook: isCustomHook,
         is_convention_policy: isConventionPolicy,
+        convention_scope: conventionScope,
         has_custom_params: hasCustomParams,
         param_keys_overridden: paramKeysOverridden,
       });

package/.next/standalone/src/hooks/policy-evaluator.ts

@@ -56,9 +56,8 @@ export async function evaluatePolicies(
     session,
   };
 
-  // Track the first instruct result (accumulated, does not short-circuit)
-  let instructPolicyName: string | null = null;
-  let instructReason: string | null = null;
+  // Track all instruct results (accumulated, does not short-circuit)
+  const instructEntries: Array<{ policyName: string; reason: string }> = [];
 
   // Track informational messages from allow decisions (with policy attribution)
   const allowEntries: Array<{ policyName: string; reason: string }> = [];
@@ -142,14 +141,14 @@ export async function evaluatePolicies(
       };
     }
 
-    // Accumulate first instruct (does not short-circuit — later policies can still deny)
-    if (result.decision === "instruct" && !instructPolicyName) {
-      instructPolicyName = policy.name;
-      instructReason = appendHint(
+    // Accumulate all instruct results (does not short-circuit — later policies can still deny)
+    if (result.decision === "instruct") {
+      const reason = appendHint(
         result.reason ?? `Instruction from policy: ${policy.name}`,
         config?.policyParams?.[policy.name]?.hint,
       );
-      hookLogInfo(`instruct by "${policy.name}": ${instructReason}`);
+      instructEntries.push({ policyName: policy.name, reason });
+      hookLogInfo(`instruct by "${policy.name}": ${reason}`);
     }
 
     // Accumulate informational messages from allow decisions
@@ -158,17 +157,21 @@ export async function evaluatePolicies(
     }
   }
 
-  // No deny — check if we accumulated an instruct
-  if (instructPolicyName && instructReason) {
+  // No deny — check if we accumulated any instructs
+  if (instructEntries.length > 0) {
+    const combined = instructEntries.map((e) => e.reason).join("\n");
+    const policyNames = instructEntries.map((e) => e.policyName);
+
     if (eventType === "Stop") {
       // Stop hook: exitCode 2 blocks Claude from stopping.
       // Reason goes to stderr so Claude Code receives it as context.
       return {
         exitCode: 2,
         stdout: "",
-        stderr: instructReason,
-        policyName: instructPolicyName,
-        reason: instructReason,
+        stderr: combined,
+        policyName: policyNames[0],
+        policyNames,
+        reason: combined,
         decision: "instruct",
       };
     }
@@ -176,15 +179,16 @@ export async function evaluatePolicies(
     const response = {
       hookSpecificOutput: {
         hookEventName: eventType,
-        additionalContext: `Instruction from failproofai: ${instructReason}`,
+        additionalContext: `Instruction from failproofai: ${combined}`,
       },
     };
     return {
       exitCode: 0,
       stdout: JSON.stringify(response),
       stderr: "",
-      policyName: instructPolicyName,
-      reason: instructReason,
+      policyName: policyNames[0],
+      policyNames,
+      reason: combined,
       decision: "instruct",
     };
   }

package/dist/cli.mjs

@@ -1402,8 +1402,7 @@ async function evaluatePolicies(eventType, payload, session, config) {
     toolInput,
     session
   };
-  let instructPolicyName = null;
-  let instructReason = null;
+  const instructEntries = [];
   const allowEntries = [];
   for (const policy of policies) {
     const schema = POLICY_PARAMS_MAP.get(policy.name);
@@ -1471,38 +1470,43 @@ async function evaluatePolicies(eventType, payload, session, config) {
         decision: "deny"
       };
     }
-    if (result.decision === "instruct" && !instructPolicyName) {
-      instructPolicyName = policy.name;
-      instructReason = appendHint(result.reason ?? `Instruction from policy: ${policy.name}`, config?.policyParams?.[policy.name]?.hint);
-      hookLogInfo(`instruct by "${policy.name}": ${instructReason}`);
+    if (result.decision === "instruct") {
+      const reason = appendHint(result.reason ?? `Instruction from policy: ${policy.name}`, config?.policyParams?.[policy.name]?.hint);
+      instructEntries.push({ policyName: policy.name, reason });
+      hookLogInfo(`instruct by "${policy.name}": ${reason}`);
     }
     if (result.decision === "allow" && result.reason) {
       allowEntries.push({ policyName: policy.name, reason: result.reason });
     }
   }
-  if (instructPolicyName && instructReason) {
+  if (instructEntries.length > 0) {
+    const combined = instructEntries.map((e) => e.reason).join(`
+`);
+    const policyNames = instructEntries.map((e) => e.policyName);
     if (eventType === "Stop") {
       return {
         exitCode: 2,
         stdout: "",
-        stderr: instructReason,
-        policyName: instructPolicyName,
-        reason: instructReason,
+        stderr: combined,
+        policyName: policyNames[0],
+        policyNames,
+        reason: combined,
         decision: "instruct"
       };
     }
     const response = {
       hookSpecificOutput: {
         hookEventName: eventType,
-        additionalContext: `Instruction from failproofai: ${instructReason}`
+        additionalContext: `Instruction from failproofai: ${combined}`
       }
     };
     return {
       exitCode: 0,
       stdout: JSON.stringify(response),
       stderr: "",
-      policyName: instructPolicyName,
-      reason: instructReason,
+      policyName: policyNames[0],
+      policyNames,
+      reason: combined,
       decision: "instruct"
     };
   }
@@ -1762,13 +1766,19 @@ async function loadAllCustomHooks(customPoliciesPath, opts) {
   if (projectFiles.length > 0 || userFiles.length > 0) {
     hookLogInfo(`convention policies: ${projectFiles.length} project file(s), ${userFiles.length} user file(s), ${conventionCount} hook(s)`);
   }
+  const hookNameToScope = new Map;
+  for (const source of conventionSources) {
+    for (const name of source.hookNames) {
+      hookNameToScope.set(name, source.scope);
+    }
+  }
   const conventionHookRefs = new Set;
   for (const hook of allHooks.slice(hooksBeforeConvention)) {
     conventionHookRefs.add(hook);
   }
   for (const hook of allHooks) {
     if (conventionHookRefs.has(hook)) {
-      hook.__conventionSource = true;
+      hook.__conventionScope = hookNameToScope.get(hook.name) ?? "project";
     }
   }
   return { hooks: allHooks, conventionSources };
@@ -1904,7 +1914,7 @@ var init_hook_activity_store = __esm(() => {
 });
 
 // package.json
-var version2 = "0.0.2-beta.7";
+var version2 = "0.0.2-beta.8";
 var init_package = () => {};
 
 // src/posthog-key.ts
@@ -2071,8 +2081,9 @@ async function handleHookEvent(eventType) {
   const conventionHookNames = new Set(loadResult.conventionSources.flatMap((s) => s.hookNames));
   for (const hook of customHooksList) {
     const hookName = hook.name;
-    const isConvention = hook.__conventionSource === true;
-    const prefix = isConvention ? "convention" : "custom";
+    const conventionScope = hook.__conventionScope;
+    const isConvention = !!conventionScope;
+    const prefix = isConvention ? `.failproofai-${conventionScope}` : "custom";
     const fn = async (ctx) => {
       try {
         const result2 = await Promise.race([
@@ -2088,7 +2099,8 @@ async function handleHookEvent(eventType) {
           hook_name: hookName,
           error_type: isTimeout ? "timeout" : "exception",
           event_type: eventType,
-          is_convention_policy: isConvention
+          is_convention_policy: isConvention,
+          convention_scope: conventionScope ?? null
         });
         return { decision: "allow" };
       }
@@ -2143,7 +2155,8 @@ async function handleHookEvent(eventType) {
   if (result.decision === "deny" || result.decision === "instruct") {
     try {
       const isCustomHook = result.policyName?.startsWith("custom/") ?? false;
-      const isConventionPolicy = result.policyName?.startsWith("convention/") ?? false;
+      const isConventionPolicy = result.policyName?.startsWith(".failproofai-") ?? false;
+      const conventionScope = isConventionPolicy ? result.policyName.match(/^\.failproofai-(project|user)\//)?.[1] ?? null : null;
       const hasCustomParams = !isCustomHook && !isConventionPolicy && !!(result.policyName && config.policyParams?.[result.policyName]);
       const paramKeysOverridden = hasCustomParams ? Object.keys(config.policyParams[result.policyName]) : [];
       const distinctId = getInstanceId();
@@ -2154,6 +2167,7 @@ async function handleHookEvent(eventType) {
         decision: result.decision,
         is_custom_hook: isCustomHook,
         is_convention_policy: isConventionPolicy,
+        convention_scope: conventionScope,
         has_custom_params: hasCustomParams,
         param_keys_overridden: paramKeysOverridden
       });
@@ -3185,7 +3199,7 @@ import { realpathSync as realpathSync2 } from "fs";
 import { dirname as dirname5, resolve as resolve8 } from "path";
 import { fileURLToPath as fileURLToPath2 } from "url";
 // package.json
-var version = "0.0.2-beta.7";
+var version = "0.0.2-beta.8";
 
 // bin/failproofai.mjs
 if (!process.env.FAILPROOFAI_PACKAGE_ROOT) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "failproofai",
-  "version": "0.0.2-beta.7",
+  "version": "0.0.2-beta.8",
   "description": "The easiest way to manage policies that keep your AI agents reliable, on-task, and running autonomously — for Claude Code & the Agents SDK",
   "bin": {
     "failproofai": "./dist/cli.mjs"

package/src/hooks/custom-hooks-loader.ts

@@ -116,7 +116,7 @@ export interface LoadAllResult {
  * 3. User convention: ~/.failproofai/policies/*policies.{js,mjs,ts} (alphabetical)
  *
  * Each file is loaded independently (fail-open per file).
- * Convention hooks are tagged with __conventionSource so the handler can distinguish them.
+ * Convention hooks are tagged with __conventionScope so the handler can build scoped prefixes.
  */
 export async function loadAllCustomHooks(
   customPoliciesPath: string | undefined,
@@ -181,16 +181,23 @@ export async function loadAllCustomHooks(
     );
   }
 
-  // Tag convention hooks so the handler can register them with a "convention/" prefix.
-  // Track by object reference (not name) to avoid mis-tagging an explicit custom hook
-  // that happens to share the same name as a convention hook.
+  // Tag convention hooks with their scope so the handler can build scoped prefixes.
+  // Build a name→scope map from conventionSources, then tag by object reference
+  // to avoid mis-tagging an explicit custom hook that shares the same name.
+  const hookNameToScope = new Map<string, string>();
+  for (const source of conventionSources) {
+    for (const name of source.hookNames) {
+      hookNameToScope.set(name, source.scope);
+    }
+  }
   const conventionHookRefs = new Set<CustomHook>();
   for (const hook of allHooks.slice(hooksBeforeConvention)) {
     conventionHookRefs.add(hook);
   }
   for (const hook of allHooks) {
     if (conventionHookRefs.has(hook)) {
-      (hook as CustomHook & { __conventionSource?: boolean }).__conventionSource = true;
+      (hook as CustomHook & { __conventionScope?: string }).__conventionScope =
+        hookNameToScope.get(hook.name) ?? "project";
     }
   }
 

package/src/hooks/handler.ts

@@ -78,8 +78,9 @@ export async function handleHookEvent(eventType: string): Promise<number> {
 
   for (const hook of customHooksList) {
     const hookName = hook.name;
-    const isConvention = (hook as CustomHook & { __conventionSource?: boolean }).__conventionSource === true;
-    const prefix = isConvention ? "convention" : "custom";
+    const conventionScope = (hook as CustomHook & { __conventionScope?: string }).__conventionScope;
+    const isConvention = !!conventionScope;
+    const prefix = isConvention ? `.failproofai-${conventionScope}` : "custom";
     const fn: PolicyFunction = async (ctx): Promise<PolicyResult> => {
       try {
         const result = await Promise.race([
@@ -98,6 +99,7 @@ export async function handleHookEvent(eventType: string): Promise<number> {
           error_type: isTimeout ? "timeout" : "exception",
           event_type: eventType,
           is_convention_policy: isConvention,
+          convention_scope: conventionScope ?? null,
         });
         return { decision: "allow" };
       }
@@ -170,7 +172,10 @@ export async function handleHookEvent(eventType: string): Promise<number> {
   if (result.decision === "deny" || result.decision === "instruct") {
     try {
       const isCustomHook = result.policyName?.startsWith("custom/") ?? false;
-      const isConventionPolicy = result.policyName?.startsWith("convention/") ?? false;
+      const isConventionPolicy = result.policyName?.startsWith(".failproofai-") ?? false;
+      const conventionScope = isConventionPolicy
+        ? result.policyName!.match(/^\.failproofai-(project|user)\//)?.[1] ?? null
+        : null;
       const hasCustomParams =
         !isCustomHook && !isConventionPolicy && !!(result.policyName && config.policyParams?.[result.policyName]);
       const paramKeysOverridden = hasCustomParams
@@ -184,6 +189,7 @@ export async function handleHookEvent(eventType: string): Promise<number> {
         decision: result.decision,
         is_custom_hook: isCustomHook,
         is_convention_policy: isConventionPolicy,
+        convention_scope: conventionScope,
         has_custom_params: hasCustomParams,
         param_keys_overridden: paramKeysOverridden,
       });

package/src/hooks/policy-evaluator.ts

@@ -56,9 +56,8 @@ export async function evaluatePolicies(
     session,
   };
 
-  // Track the first instruct result (accumulated, does not short-circuit)
-  let instructPolicyName: string | null = null;
-  let instructReason: string | null = null;
+  // Track all instruct results (accumulated, does not short-circuit)
+  const instructEntries: Array<{ policyName: string; reason: string }> = [];
 
   // Track informational messages from allow decisions (with policy attribution)
   const allowEntries: Array<{ policyName: string; reason: string }> = [];
@@ -142,14 +141,14 @@ export async function evaluatePolicies(
       };
     }
 
-    // Accumulate first instruct (does not short-circuit — later policies can still deny)
-    if (result.decision === "instruct" && !instructPolicyName) {
-      instructPolicyName = policy.name;
-      instructReason = appendHint(
+    // Accumulate all instruct results (does not short-circuit — later policies can still deny)
+    if (result.decision === "instruct") {
+      const reason = appendHint(
         result.reason ?? `Instruction from policy: ${policy.name}`,
         config?.policyParams?.[policy.name]?.hint,
       );
-      hookLogInfo(`instruct by "${policy.name}": ${instructReason}`);
+      instructEntries.push({ policyName: policy.name, reason });
+      hookLogInfo(`instruct by "${policy.name}": ${reason}`);
     }
 
     // Accumulate informational messages from allow decisions
@@ -158,17 +157,21 @@ export async function evaluatePolicies(
     }
   }
 
-  // No deny — check if we accumulated an instruct
-  if (instructPolicyName && instructReason) {
+  // No deny — check if we accumulated any instructs
+  if (instructEntries.length > 0) {
+    const combined = instructEntries.map((e) => e.reason).join("\n");
+    const policyNames = instructEntries.map((e) => e.policyName);
+
     if (eventType === "Stop") {
       // Stop hook: exitCode 2 blocks Claude from stopping.
       // Reason goes to stderr so Claude Code receives it as context.
       return {
         exitCode: 2,
         stdout: "",
-        stderr: instructReason,
-        policyName: instructPolicyName,
-        reason: instructReason,
+        stderr: combined,
+        policyName: policyNames[0],
+        policyNames,
+        reason: combined,
         decision: "instruct",
       };
     }
@@ -176,15 +179,16 @@ export async function evaluatePolicies(
     const response = {
       hookSpecificOutput: {
         hookEventName: eventType,
-        additionalContext: `Instruction from failproofai: ${instructReason}`,
+        additionalContext: `Instruction from failproofai: ${combined}`,
       },
     };
     return {
       exitCode: 0,
       stdout: JSON.stringify(response),
       stderr: "",
-      policyName: instructPolicyName,
-      reason: instructReason,
+      policyName: policyNames[0],
+      policyNames,
+      reason: combined,
       decision: "instruct",
     };
   }