holo-codex 0.1.1 → 0.1.2

package/plugins/autonomous-pr-loop/core/types.ts

@@ -474,6 +474,8 @@ export interface AgentLoopStorage {
   listRunChecks(runId: string): AgentLoopRunCheck[];
   /** Return the latest run by update time, if any exists. */
   getCurrentRun(): AgentLoopRun | undefined;
+  /** Fetch a run by stable id. */
+  getRun(runId: string): AgentLoopRun | undefined;
   /** List persisted runs newest-first. */
   listRuns(limit?: number): AgentLoopRun[];
   /** Run a group of read queries against one consistent SQLite snapshot. */

package/plugins/autonomous-pr-loop/core/workflow-board.ts

@@ -771,13 +771,15 @@ function buildStage(input: {
     status,
     actorChips: actorChipsForStage(input.definition.id, status, input.profileRoleMapping, input.stageMetadata),
     evidenceCounts: counts,
-    substages: input.definition.substages.map((substage, substageIndex) => ({
-      ...substage,
-      status: substageIndex === 0 && status === "active" ? "active" : status === "done" ? "done" : "pending",
-      evidenceCounts: counts,
-      latestEvidence: stageEvidence.slice(0, 3),
-      requiredEvidence: []
-    })),
+    substages: input.definition.id === "cleanup"
+      ? cleanupSubstages(input.definition, input.input, input.evidenceRefs, status)
+      : input.definition.substages.map((substage, substageIndex) => ({
+        ...substage,
+        status: substageIndex === 0 && status === "active" ? "active" : status === "done" ? "done" : "pending",
+        evidenceCounts: counts,
+        latestEvidence: stageEvidence.slice(0, 3),
+        requiredEvidence: []
+      })),
     latestAction: { label: status === "blocked" ? "Resolve blocker" : input.definition.nextAction, safeToRunFromDashboard: false, requiresConfirmation: false },
     blockers: [],
     nextAction: input.definition.nextAction
@@ -1343,14 +1345,36 @@ function satisfiedReviewEvidence(events: AgentLoopEvent[]): string | undefined {
 }
 
 function cleanupRows(input: WorkflowBoardInput): WorkflowCheckRow[] {
+  return cleanupSubstageRows(input);
+}
+
+function cleanupSubstages(
+  definition: (typeof WORKFLOW_STAGE_DEFINITIONS)[number],
+  input: WorkflowBoardInput,
+  refs: WorkflowEvidenceRef[],
+  stageStatus: WorkflowStageStatus
+): WorkflowBoardSubstage[] {
+  const rows = cleanupSubstageRows(input);
+  const firstIncompleteIndex = rows.findIndex((row) => row.status !== "passed" && row.status !== "skipped");
+  return definition.substages.map((substage, index) => {
+    const row = rows.find((item) => item.id === substage.id);
+    const latestEvidence = cleanupEvidenceRefs(input.events, refs, substage.id);
+    return {
+      ...substage,
+      status: row ? cleanupSubstageStatus(row, stageStatus, index === firstIncompleteIndex) : "pending",
+      evidenceCounts: evidenceCounts(latestEvidence),
+      latestEvidence,
+      requiredEvidence: []
+    };
+  });
+}
+
+function cleanupSubstageRows(input: WorkflowBoardInput): WorkflowCheckRow[] {
   const evidence = cleanupEvidenceBySubstage(input.events);
-  return [
-    cleanupCheck("pr_merged", "PR merged", "GitHub", evidence, input.pr?.state === "MERGED", input.pr?.state ?? "no PR link"),
-    cleanupCheck("switched_main", "Switched to main", "Codex", evidence),
-    cleanupCheck("pulled_latest", "Pulled latest", "Codex", evidence),
-    cleanupCheck("gitnexus_reindexed", "GitNexus index rebuilt", "GitNexus", evidence),
-    cleanupCheck("worktree_clean", "Worktree clean", "Codex", evidence, input.run?.worktreeClean === true, String(input.run?.worktreeClean ?? "unknown"))
-  ];
+  return cleanupDefinition().substages.map((substage) => {
+    const fallback = cleanupFallback(input, substage.id);
+    return cleanupCheck(substage.id, substage.label, cleanupOwner(substage.id), evidence, fallback.passed, fallback.evidence);
+  });
 }
 
 function cleanupCheck(
@@ -1368,6 +1392,46 @@ function cleanupCheck(
   return { id, label, status: fallbackPassed ? "passed" : "pending", evidence: fallbackEvidence, owner };
 }
 
+function cleanupSubstageStatus(row: WorkflowCheckRow, stageStatus: WorkflowStageStatus, isFirstIncomplete: boolean): WorkflowStageStatus {
+  if (row.status === "passed") return "done";
+  if (row.status === "failed") return "failed";
+  if (row.status === "blocked") return "blocked";
+  if (row.status === "skipped") return "skipped";
+  if (stageStatus === "active" && isFirstIncomplete) return "active";
+  return "pending";
+}
+
+function cleanupFallback(input: WorkflowBoardInput, substageId: string): { passed: boolean; evidence: string } {
+  if (substageId === "pr_merged") {
+    return { passed: input.pr?.state === "MERGED", evidence: input.pr?.state ?? "no PR link" };
+  }
+  if (substageId === "worktree_clean") {
+    return { passed: input.run?.worktreeClean === true, evidence: String(input.run?.worktreeClean ?? "unknown") };
+  }
+  return { passed: false, evidence: "no appended evidence" };
+}
+
+function cleanupOwner(substageId: string): string {
+  if (substageId === "pr_merged") return "GitHub";
+  if (substageId === "gitnexus_reindexed") return "GitNexus";
+  return "Codex";
+}
+
+function cleanupEvidenceRefs(events: AgentLoopEvent[], refs: WorkflowEvidenceRef[], substageId: string): WorkflowEvidenceRef[] {
+  const eventIds = new Set(events
+    .filter((event) => event.kind === WORKFLOW_EVIDENCE_KIND && payloadStage(event) === "cleanup" && payloadString(event, "substageId") === substageId)
+    .map((event) => event.id));
+  return refs.filter((ref) => eventIds.has(ref.id)).slice(0, 3);
+}
+
+function cleanupDefinition(): (typeof WORKFLOW_STAGE_DEFINITIONS)[number] {
+  const definition = STAGE_BY_ID.get("cleanup");
+  if (!definition) {
+    throw new AgentLoopError("invalid_config", "cleanup workflow stage definition is missing.");
+  }
+  return definition;
+}
+
 function cleanupEvidenceBySubstage(events: AgentLoopEvent[]): Map<string, AgentLoopEvent> {
   const bySubstage = new Map<string, AgentLoopEvent>();
   for (const event of [...events].sort((left, right) => right.seq - left.seq)) {

package/plugins/autonomous-pr-loop/hooks/dist/permission-request.js

@@ -923,6 +923,9 @@ var SqliteAgentLoopStorage = class {
         );
       }
       const run = this.getRun(runId);
+      if (!run) {
+        throw new AgentLoopError("storage_error", `Run not found: ${runId}`);
+      }
       this.db.prepare(
         `insert into states (run_id, status, state, version, payload_json, created_at)
            values (?, ?, ?, ?, null, ?)`
@@ -1696,10 +1699,7 @@ var SqliteAgentLoopStorage = class {
          from runs
          where id = ?`
     ).get(runId);
-    if (!row) {
-      throw new AgentLoopError("storage_error", `Run not found: ${runId}`);
-    }
-    return fromRunRow(row);
+    return row ? fromRunRow(row) : void 0;
   }
   getActiveRun() {
     const row = this.db.prepare(

package/plugins/autonomous-pr-loop/hooks/dist/post-compact.js

@@ -923,6 +923,9 @@ var SqliteAgentLoopStorage = class {
         );
       }
       const run = this.getRun(runId);
+      if (!run) {
+        throw new AgentLoopError("storage_error", `Run not found: ${runId}`);
+      }
       this.db.prepare(
         `insert into states (run_id, status, state, version, payload_json, created_at)
            values (?, ?, ?, ?, null, ?)`
@@ -1696,10 +1699,7 @@ var SqliteAgentLoopStorage = class {
          from runs
          where id = ?`
     ).get(runId);
-    if (!row) {
-      throw new AgentLoopError("storage_error", `Run not found: ${runId}`);
-    }
-    return fromRunRow(row);
+    return row ? fromRunRow(row) : void 0;
   }
   getActiveRun() {
     const row = this.db.prepare(

package/plugins/autonomous-pr-loop/hooks/dist/post-tool-use.js

@@ -923,6 +923,9 @@ var SqliteAgentLoopStorage = class {
         );
       }
       const run = this.getRun(runId);
+      if (!run) {
+        throw new AgentLoopError("storage_error", `Run not found: ${runId}`);
+      }
       this.db.prepare(
         `insert into states (run_id, status, state, version, payload_json, created_at)
            values (?, ?, ?, ?, null, ?)`
@@ -1696,10 +1699,7 @@ var SqliteAgentLoopStorage = class {
          from runs
          where id = ?`
     ).get(runId);
-    if (!row) {
-      throw new AgentLoopError("storage_error", `Run not found: ${runId}`);
-    }
-    return fromRunRow(row);
+    return row ? fromRunRow(row) : void 0;
   }
   getActiveRun() {
     const row = this.db.prepare(

package/plugins/autonomous-pr-loop/hooks/dist/pre-compact.js

@@ -923,6 +923,9 @@ var SqliteAgentLoopStorage = class {
         );
       }
       const run = this.getRun(runId);
+      if (!run) {
+        throw new AgentLoopError("storage_error", `Run not found: ${runId}`);
+      }
       this.db.prepare(
         `insert into states (run_id, status, state, version, payload_json, created_at)
            values (?, ?, ?, ?, null, ?)`
@@ -1696,10 +1699,7 @@ var SqliteAgentLoopStorage = class {
          from runs
          where id = ?`
     ).get(runId);
-    if (!row) {
-      throw new AgentLoopError("storage_error", `Run not found: ${runId}`);
-    }
-    return fromRunRow(row);
+    return row ? fromRunRow(row) : void 0;
   }
   getActiveRun() {
     const row = this.db.prepare(

package/plugins/autonomous-pr-loop/hooks/dist/pre-tool-use.js

@@ -1629,6 +1629,9 @@ var SqliteAgentLoopStorage = class {
         );
       }
       const run = this.getRun(runId);
+      if (!run) {
+        throw new AgentLoopError("storage_error", `Run not found: ${runId}`);
+      }
       this.db.prepare(
         `insert into states (run_id, status, state, version, payload_json, created_at)
            values (?, ?, ?, ?, null, ?)`
@@ -2402,10 +2405,7 @@ var SqliteAgentLoopStorage = class {
          from runs
          where id = ?`
     ).get(runId);
-    if (!row) {
-      throw new AgentLoopError("storage_error", `Run not found: ${runId}`);
-    }
-    return fromRunRow(row);
+    return row ? fromRunRow(row) : void 0;
   }
   getActiveRun() {
     const row = this.db.prepare(
@@ -3073,6 +3073,7 @@ function toStorageError(error, message) {
 }
 
 // plugins/autonomous-pr-loop/core/hook-policy.ts
+var REQUIRED_PUBLISH_EVIDENCE_SUBSTAGES = ["lint", "full_tests", "gitnexus_detect"];
 function commandFromHookPayload(payload) {
   if (!isRecord(payload)) {
     return void 0;
@@ -3090,7 +3091,12 @@ function commandFromHookPayload(payload) {
   return tokenizeCommand(command);
 }
 function evaluateHookPolicy(input2) {
-  const command = unwrapCommand(normalizeCommand(input2.command));
+  const normalized = normalizeCommand(input2.command);
+  const shellControl = shellControlPolicy(normalized);
+  if (shellControl) {
+    return deny(renderCommand(normalized), shellControl, "policy_violation", "Run one allowlisted command at a time without shell control operators.");
+  }
+  const command = unwrapCommand(normalized);
   const blockedCommand = renderCommand(command);
   const destructive = destructivePolicy(command);
   if (destructive) {
@@ -3105,10 +3111,25 @@ function evaluateHookPolicy(input2) {
   if (protectedPath) {
     return deny(blockedCommand, protectedPath, "policy_violation", "Remove protected path changes from the command.");
   }
-  const gate = gatedLifecyclePolicy(command, input2.storage);
+  const gate = gatedLifecyclePolicy(command, input2.storage, input2.runId);
   if (gate) {
     return deny(blockedCommand, gate.policy, gate.gate, gate.nextAction);
   }
+  const override = activeMaintainerOverride(input2.storage, lifecycleOverrideScope(command), input2.runId);
+  if (override && matchesHookAllowlist(command)) {
+    return {
+      allow: true,
+      matchedPolicy: `maintainer_override:${override.scope}`,
+      blockedCommand,
+      nextAction: "Continue.",
+      reason: `Maintainer override ${override.decisionId} allows ${blockedCommand} until ${override.expiresAt}.`,
+      auditDetails: {
+        overrideDecisionId: override.decisionId,
+        overrideScope: override.scope,
+        overrideExpiresAt: override.expiresAt
+      }
+    };
+  }
   if (!matchesHookAllowlist(command)) {
     return deny(blockedCommand, "command_not_in_hook_allowlist", "policy_violation", "Use agent-loop MCP/CLI control surfaces or an allowlisted read/check command.");
   }
@@ -3158,7 +3179,13 @@ function evaluatePreToolUseHook(payload, repoRoot2) {
   try {
     const config = loadConfig(route.binding.repoRoot).config;
     storage = new SqliteAgentLoopStorage(statePath(route.binding.repoRoot));
-    const decision2 = evaluateHookPolicy({ repoRoot: route.binding.repoRoot, command, storage, protectedPaths: config.protectedPaths });
+    const decision2 = evaluateHookPolicy({
+      repoRoot: route.binding.repoRoot,
+      command,
+      storage,
+      ...route.binding.runId ? { runId: route.binding.runId } : {},
+      protectedPaths: config.protectedPaths
+    });
     recordHookDecision(storage, decision2, route.binding.runId);
     return decision2;
   } catch (error) {
@@ -3180,10 +3207,8 @@ function toCodexHookResponse(decision2) {
     return { continue: true };
   }
   return {
-    decision: "deny",
-    permissionDecision: "deny",
-    continue: false,
-    stopReason: decision2.reason,
+    decision: "block",
+    reason: decision2.reason,
     systemMessage: formatHookMessage(decision2)
   };
 }
@@ -3198,6 +3223,7 @@ function recordHookDecision(storage, decision2, runId) {
       allow: decision2.allow,
       matchedPolicy: decision2.matchedPolicy,
       ...decision2.gate ? { gate: decision2.gate } : {},
+      ...decision2.auditDetails ? { auditDetails: decision2.auditDetails } : {},
       nextAction: decision2.nextAction,
       commandLength: command.length,
       commandSha256: createHash2("sha256").update(command).digest("hex"),
@@ -3206,9 +3232,11 @@ function recordHookDecision(storage, decision2, runId) {
   });
 }
 function routeErrorDecision(command, reason) {
-  const normalized = unwrapCommand(normalizeCommand(command));
+  const baseCommand = normalizeCommand(command);
+  const shellControl = shellControlPolicy(baseCommand);
+  const normalized = shellControl ? baseCommand : unwrapCommand(baseCommand);
   const blockedCommand = renderCommand(normalized);
-  const destructive = destructivePolicy(normalized);
+  const destructive = shellControl ?? destructivePolicy(normalized);
   if (destructive || lifecycleCommand(normalized)) {
     return deny(
       blockedCommand,
@@ -3226,9 +3254,11 @@ function routeErrorDecision(command, reason) {
   };
 }
 function routeSessionMismatchDecision(command, reason) {
-  const normalized = unwrapCommand(normalizeCommand(command));
+  const baseCommand = normalizeCommand(command);
+  const shellControl = shellControlPolicy(baseCommand);
+  const normalized = shellControl ? baseCommand : unwrapCommand(baseCommand);
   const blockedCommand = renderCommand(normalized);
-  const destructive = destructivePolicy(normalized);
+  const destructive = shellControl ?? destructivePolicy(normalized);
   if (destructive || lifecycleCommand(normalized)) {
     return deny(
       blockedCommand,
@@ -3249,7 +3279,7 @@ function lifecycleCommand(command) {
   const args = stripGitGlobalOptions(command.args);
   return command.file === "git" && ["commit", "push", "merge"].includes(args[0] ?? "") || command.file === "gh" && command.args[0] === "pr" && ["create", "ready", "merge"].includes(command.args[1] ?? "");
 }
-function gatedLifecyclePolicy(command, storage) {
+function gatedLifecyclePolicy(command, storage, runId) {
   const args = stripGitGlobalOptions(command.args);
   const lifecycleCommand2 = command.file === "git" && args[0] === "commit" || command.file === "git" && args[0] === "push" || command.file === "gh" && command.args[0] === "pr" && command.args[1] === "merge";
   if (!lifecycleCommand2) {
@@ -3263,22 +3293,24 @@ function gatedLifecyclePolicy(command, storage) {
     };
   }
   const current = storage.getCurrentStatus();
-  const state = current.run?.currentState;
-  if (command.file === "git" && (args[0] === "commit" || args[0] === "push") && state !== "COMMIT_PUSH_PR") {
+  const run = runId ? storage.getRun(runId) : current.run;
+  const state = run?.currentState;
+  const override = activeMaintainerOverride(storage, lifecycleOverrideScope(command), runId);
+  if (command.file === "git" && (args[0] === "commit" || args[0] === "push") && state !== "COMMIT_PUSH_PR" && !override) {
     return {
       policy: "commit_push_state_gate",
       gate: current.gate?.kind ?? "policy_violation",
       nextAction: "Resume agent-loop until COMMIT_PUSH_PR owns publishing."
     };
   }
-  if (command.file === "git" && (args[0] === "commit" || args[0] === "push") && !publishPrerequisitesSatisfied(storage)) {
+  if (command.file === "git" && (args[0] === "commit" || args[0] === "push") && !publishPrerequisitesSatisfied(storage, runId)) {
     return {
       policy: "commit_push_prerequisite_gate",
       gate: "policy_violation",
       nextAction: "Run SELF_CHECK and GitNexus detect_changes through agent-loop before publishing."
     };
   }
-  if (command.file === "gh" && command.args[0] === "pr" && command.args[1] === "merge" && state !== "MERGE") {
+  if (command.file === "gh" && command.args[0] === "pr" && command.args[1] === "merge" && state !== "MERGE" && !override) {
     return {
       policy: "merge_state_gate",
       gate: current.gate?.kind ?? "merge_requires_confirmation",
@@ -3287,6 +3319,41 @@ function gatedLifecyclePolicy(command, storage) {
   }
   return void 0;
 }
+function lifecycleOverrideScope(command) {
+  const args = stripGitGlobalOptions(command.args);
+  if (command.file === "git" && (args[0] === "commit" || args[0] === "push")) {
+    return "publish";
+  }
+  if (command.file === "gh" && command.args[0] === "pr" && command.args[1] === "merge") {
+    return "merge";
+  }
+  return void 0;
+}
+function activeMaintainerOverride(storage, scope, runId) {
+  if (!storage || !scope) {
+    return void 0;
+  }
+  const run = runId ? storage.getRun(runId) : storage.getCurrentRun();
+  if (!run) {
+    return void 0;
+  }
+  return storage.listDecisions(run.id).map((decision2) => {
+    const details = objectDetails(decision2.details);
+    const overrideScope = stringValue2(details?.scope);
+    const expiresAt = stringValue2(details?.expiresAt);
+    if (decision2.kind !== "maintainer_override_approved" || !overrideScope || !expiresAt) {
+      return void 0;
+    }
+    if (overrideScope !== scope) {
+      return void 0;
+    }
+    const expiresAtMs = Date.parse(expiresAt);
+    if (!Number.isFinite(expiresAtMs) || expiresAtMs <= Date.now()) {
+      return void 0;
+    }
+    return { decisionId: decision2.id, scope, expiresAt };
+  }).find((override) => override !== void 0);
+}
 function destructivePolicy(command) {
   const args = stripGitGlobalOptions(command.args);
   if (command.file === "git" && args[0] === "reset" && args.includes("--hard")) {
@@ -3295,7 +3362,9 @@ function destructivePolicy(command) {
   if (command.file === "git" && args[0] === "clean" && args.some((arg) => /^-.*f/.test(arg))) {
     return "destructive_git_clean";
   }
-  if (command.file === "git" && args[0] === "push" && args.some((arg) => ["-f", "--force", "--force-with-lease"].includes(arg))) {
+  if (command.file === "git" && args[0] === "push" && args.some(
+    (arg) => ["-f", "-d", "--force", "--force-with-lease", "--mirror", "--delete"].includes(arg) || arg.startsWith("+") || /^:[^:]+/.test(arg)
+  )) {
     return "destructive_git_force_push";
   }
   if (command.file === "gh" && command.args[0] === "repo" && command.args[1] === "delete") {
@@ -3325,14 +3394,17 @@ function protectedPathPolicy(command, protectedPaths) {
 }
 function matchesHookAllowlist(command) {
   const args = stripGitGlobalOptions(command.args);
+  if (command.file === "rg" && matchesRipgrepAllowlist(command.args) || isApplyPatchCommand(command)) {
+    return true;
+  }
   if (command.file === "git") {
-    return args[0] === "status" || args[0] === "branch" && args[1] === "--show-current" || args[0] === "rev-parse" || args[0] === "diff" || args[0] === "add" && args[1] === "--" || args[0] === "commit" && args[1] === "-m" || args[0] === "push" && args[1] === "-u";
+    return args[0] === "status" || args[0] === "branch" && args[1] === "--show-current" || args[0] === "rev-parse" || args[0] === "diff" || ["log", "show"].includes(args[0] ?? "") || args[0] === "grep" && matchesGitGrepAllowlist(args.slice(1)) || args[0] === "switch" && args.length === 2 && typeof args[1] === "string" && !args[1].startsWith("-") || args[0] === "add" && args[1] === "--" || args[0] === "commit" && args[1] === "-m" || args[0] === "push" && matchesGitPushAllowlist(args.slice(1));
   }
   if (command.file === "gh") {
-    return command.args[0] === "auth" && command.args[1] === "status" || command.args[0] === "pr" && ["list", "view"].includes(command.args[1] ?? "") || command.args[0] === "api" && command.args[1] === "graphql";
+    return command.args[0] === "auth" && command.args[1] === "status" || command.args[0] === "pr" && ["list", "view", "checks"].includes(command.args[1] ?? "") || command.args[0] === "pr" && command.args[1] === "merge" && matchesGhPrMergeAllowlist(command.args.slice(2)) || command.args[0] === "api" && command.args[1] === "graphql";
   }
   if (command.file === "pnpm") {
-    return command.args[0] === "test" || command.args[0] === "lint" || command.args[0] === "agent-loop" && ["status", "doctor", "logs"].includes(command.args[1] ?? "");
+    return command.args[0] === "test" || command.args[0] === "lint" || command.args[0] === "build:hooks" || command.args[0] === "build:mcp" || command.args[0] === "agent-loop" && matchesAgentLoopAllowlist(command.args.slice(1));
   }
   if (command.file === "npx") {
     return command.args[0] === "gitnexus" && ["--version", "status", "analyze", "detect_changes", "impact"].includes(command.args[1] ?? "");
@@ -3342,6 +3414,75 @@ function matchesHookAllowlist(command) {
   }
   return false;
 }
+function matchesRipgrepAllowlist(args) {
+  return !args.some((arg) => arg === "--pre" || arg.startsWith("--pre="));
+}
+function matchesGitGrepAllowlist(args) {
+  return !args.some(
+    (arg) => arg === "-O" || arg.startsWith("-O") || arg === "--open-files-in-pager" || arg.startsWith("--open-files-in-pager=")
+  );
+}
+function matchesGitPushAllowlist(args) {
+  return args.length >= 3 && args[0] === "-u" && args.every((arg) => !["-f", "-d", "--force", "--force-with-lease", "--mirror", "--delete"].includes(arg) && !arg.startsWith("+") && !/^:[^:]+/.test(arg));
+}
+function matchesGhPrMergeAllowlist(args) {
+  const allowedFlags = /* @__PURE__ */ new Set(["--merge", "--squash", "--rebase", "--body", "--subject"]);
+  for (let index = 0; index < args.length; index += 1) {
+    const arg = args[index] ?? "";
+    if (["--admin", "--auto", "--delete-branch", "-d"].includes(arg)) {
+      return false;
+    }
+    if (arg.startsWith("--") && !allowedFlags.has(arg)) {
+      return false;
+    }
+    if ((arg === "--body" || arg === "--subject") && args[index + 1]) {
+      index += 1;
+    }
+  }
+  return args.some((arg) => ["--merge", "--squash", "--rebase"].includes(arg));
+}
+function isApplyPatchCommand(command) {
+  return command.file === "apply_patch" || command.raw?.startsWith("*** Begin Patch") === true;
+}
+function matchesAgentLoopAllowlist(args) {
+  if (["status", "doctor", "logs", "observe", "timeline", "workers", "stop"].includes(args[0] ?? "")) {
+    return true;
+  }
+  if (args[0] === "local") {
+    return args[1] === "doctor";
+  }
+  if (args[0] === "hooks") {
+    return ["doctor", "list"].includes(args[1] ?? "");
+  }
+  if (args[0] === "delivery") {
+    return ["bind", "stage"].includes(args[1] ?? "");
+  }
+  if (args[0] === "evidence") {
+    return args[1] === "append";
+  }
+  if (args[0] === "maintainer-override") {
+    return args[1] === "approve";
+  }
+  return false;
+}
+function shellControlPolicy(command) {
+  if (isApplyPatchCommand(command)) {
+    return void 0;
+  }
+  if (command.raw && hasShellControlOperator(command.raw)) {
+    return "shell_control_operator_forbidden";
+  }
+  if (command.file === "env") {
+    const index = command.args.findIndex((arg) => !arg.includes("="));
+    if (index >= 0) {
+      return shellControlPolicy({ file: basename(command.args[index] ?? ""), args: command.args.slice(index + 1) });
+    }
+  }
+  if ((command.file === "sh" || command.file === "bash") && command.args[0] === "-c" && command.args[1] && hasShellControlOperator(command.args[1])) {
+    return "shell_control_operator_forbidden";
+  }
+  return void 0;
+}
 function deny(blockedCommand, matchedPolicy, gate, nextAction) {
   return {
     allow: false,
@@ -3383,6 +3524,9 @@ function tokenizeCommand(command) {
   const [file = "", ...args] = parts;
   return { file: basename(file), args, raw: command };
 }
+function hasShellControlOperator(value) {
+  return /&&|\|\||[;|<>\n\r]/.test(value);
+}
 function stripGitGlobalOptions(args) {
   const result = [...args];
   while (result.length > 0) {
@@ -3403,12 +3547,29 @@ function stripGitGlobalOptions(args) {
   }
   return result;
 }
-function publishPrerequisitesSatisfied(storage) {
-  const run = storage.getCurrentRun();
+function publishPrerequisitesSatisfied(storage, runId) {
+  const run = runId ? storage.getRun(runId) : storage.getCurrentRun();
   if (!run) {
     return false;
   }
-  return storage.hasRunCheck(run.id, "self_check") && storage.hasRunCheck(run.id, "gitnexus_detect_changes");
+  if (storage.hasRunCheck(run.id, "self_check") && storage.hasRunCheck(run.id, "gitnexus_detect_changes")) {
+    return true;
+  }
+  return publishWorkflowEvidenceSatisfied(storage, run.id);
+}
+function publishWorkflowEvidenceSatisfied(storage, runId) {
+  const completed = /* @__PURE__ */ new Set();
+  for (const event of storage.listEvents(200)) {
+    const payload = objectDetails(event.payload);
+    if (event.runId !== runId || event.kind !== "workflow_stage_evidence" || stringValue2(payload?.stageId) !== "verify" || stringValue2(payload?.status) !== "done") {
+      continue;
+    }
+    const substageId = stringValue2(payload?.substageId);
+    if (substageId) {
+      completed.add(substageId);
+    }
+  }
+  return REQUIRED_PUBLISH_EVIDENCE_SUBSTAGES.every((substageId) => completed.has(substageId));
 }
 function basename(value) {
   return value.replaceAll("\\", "/").split("/").at(-1) ?? value;
@@ -3416,6 +3577,9 @@ function basename(value) {
 function stringValue2(value) {
   return typeof value === "string" && value.length > 0 ? value : void 0;
 }
+function objectDetails(value) {
+  return typeof value === "object" && value !== null && !Array.isArray(value) ? value : void 0;
+}
 
 // plugins/autonomous-pr-loop/hooks/pre-tool-use.ts
 var repoRoot = process.env.AGENT_LOOP_REPO_ROOT;

package/plugins/autonomous-pr-loop/hooks/dist/session-start.js

@@ -923,6 +923,9 @@ var SqliteAgentLoopStorage = class {
         );
       }
       const run = this.getRun(runId);
+      if (!run) {
+        throw new AgentLoopError("storage_error", `Run not found: ${runId}`);
+      }
       this.db.prepare(
         `insert into states (run_id, status, state, version, payload_json, created_at)
            values (?, ?, ?, ?, null, ?)`
@@ -1696,10 +1699,7 @@ var SqliteAgentLoopStorage = class {
          from runs
          where id = ?`
     ).get(runId);
-    if (!row) {
-      throw new AgentLoopError("storage_error", `Run not found: ${runId}`);
-    }
-    return fromRunRow(row);
+    return row ? fromRunRow(row) : void 0;
   }
   getActiveRun() {
     const row = this.db.prepare(

package/plugins/autonomous-pr-loop/hooks/dist/stop.js

@@ -923,6 +923,9 @@ var SqliteAgentLoopStorage = class {
         );
       }
       const run = this.getRun(runId);
+      if (!run) {
+        throw new AgentLoopError("storage_error", `Run not found: ${runId}`);
+      }
       this.db.prepare(
         `insert into states (run_id, status, state, version, payload_json, created_at)
            values (?, ?, ?, ?, null, ?)`
@@ -1696,10 +1699,7 @@ var SqliteAgentLoopStorage = class {
          from runs
          where id = ?`
     ).get(runId);
-    if (!row) {
-      throw new AgentLoopError("storage_error", `Run not found: ${runId}`);
-    }
-    return fromRunRow(row);
+    return row ? fromRunRow(row) : void 0;
   }
   getActiveRun() {
     const row = this.db.prepare(

package/plugins/autonomous-pr-loop/hooks/dist/user-prompt-submit.js

@@ -923,6 +923,9 @@ var SqliteAgentLoopStorage = class {
         );
       }
       const run = this.getRun(runId);
+      if (!run) {
+        throw new AgentLoopError("storage_error", `Run not found: ${runId}`);
+      }
       this.db.prepare(
         `insert into states (run_id, status, state, version, payload_json, created_at)
            values (?, ?, ?, ?, null, ?)`
@@ -1696,10 +1699,7 @@ var SqliteAgentLoopStorage = class {
          from runs
          where id = ?`
     ).get(runId);
-    if (!row) {
-      throw new AgentLoopError("storage_error", `Run not found: ${runId}`);
-    }
-    return fromRunRow(row);
+    return row ? fromRunRow(row) : void 0;
   }
   getActiveRun() {
     const row = this.db.prepare(