opensquid 0.5.441 → 0.5.447

package/dist/hooks/drift-patterns.js

@@ -1,289 +0,0 @@
-/**
- * Drift pattern catalog — known anti-patterns opensquid intercepts at
- * the Claude Code PreToolUse hook before the agent commits the action.
- *
- * Each pattern has:
- *  - `id` — stable identifier for the rule
- *  - `trigger` — matcher against tool call input
- *  - `lesson` — short reference to the lesson that owns this rule
- *  - `message` — what the agent sees in stderr when intercepted
- *  - `severity` — "block" (exit 2 stops the call) or "warn" (stderr
- *    only, call proceeds)
- *
- * Patterns are CONSERVATIVE on purpose: we'd rather miss a drift than
- * spam false positives. The catalog grows lesson-by-lesson as new
- * drifts are observed and the user endorses the rule.
- */
-// ---------------------------------------------------------------------
-// Catalog — start with drifts observed in actual build sessions
-// ---------------------------------------------------------------------
-export const DRIFT_PATTERNS = [
-    // 1. git commit --amend — never amend (locked override, 2026-05-15)
-    {
-        id: "never-amend",
-        tool: "Bash",
-        trigger: { kind: "bash_regex", pattern: "git\\s+commit\\b[^\\n]*\\s--amend\\b" },
-        lesson: "auto-commit",
-        severity: "block",
-        message: "BLOCKED: `git commit --amend` violates the never-amend rule (CLAUDE.md " +
-            "claude-overrides:v1, feedback_auto_commit). Even on unpushed commits — " +
-            "make a follow-up commit instead. Override only if the user explicitly " +
-            "requested an amend in THIS turn.",
-    },
-    // 2. git push without explicit user request — block by default
-    {
-        id: "no-implicit-push",
-        tool: "Bash",
-        trigger: { kind: "bash_regex", pattern: "git\\s+push\\b" },
-        lesson: "auto-commit",
-        severity: "block",
-        message: "BLOCKED: `git push` requires explicit user authorization. " +
-            "Commits stay local until the user says push. If the user just said " +
-            "to push (or has pre-authorized pushes per CLAUDE.md), bypass with " +
-            "OPENSQUID_SKIP_DRIFT=1 for this command.",
-    },
-    // 3. Engine commit subject containing consumer-product strings
-    //    (substrate-purity rule). Heuristic: matches `git commit -m` in a
-    //    bash command whose body contains `codex`, `opensquid`, or
-    //    `MindCraftor` AND is running inside engine/.
-    //
-    //    This one INTENTIONALLY peeks inside the -m "..." quoted message,
-    //    so it opts out of the default quote stripping.
-    {
-        id: "substrate-purity",
-        tool: "Bash",
-        trigger: {
-            kind: "bash_regex",
-            pattern: "loop/engine.*git\\s+commit[^\\n]*-m[^\\n]*(codex|opensquid|MindCraftor)",
-            strip_quotes: false,
-        },
-        lesson: "code-quality",
-        severity: "warn",
-        message: "WARN: engine commit message appears to reference a consumer-product " +
-            "concept (codex / opensquid / MindCraftor). Engine commit messages " +
-            "must stay substrate-pure — engine speaks in engine types only. " +
-            "Re-word using Pack provenance / lesson / authorship terminology.",
-    },
-    // 4. Force-push to main/master — extra protection on top of #2
-    {
-        id: "no-force-push-main",
-        tool: "Bash",
-        trigger: {
-            kind: "bash_regex",
-            pattern: "git\\s+push\\b[^\\n]*(--force|-f)\\b[^\\n]*\\b(main|master)\\b",
-        },
-        lesson: "auto-commit",
-        severity: "block",
-        message: "BLOCKED: force-push to main/master is destructive. Requires explicit " +
-            "user request — and even then, prefer a regular push or a new branch.",
-    },
-    // 5. Telegram routing — task-completion reports sent to plugin:telegram
-    //    reply (DM) instead of opensquid chat_send (supergroup). 0.7.24 / D2.
-    //    Heuristic: the text starts with the agent's report marker `🦑 #<N>`.
-    {
-        id: "telegram-redirect-report",
-        tool: "mcp__plugin_telegram_telegram__reply",
-        trigger: { kind: "text_regex", pattern: "^\\s*🦑\\s+#\\d", field: "text" },
-        lesson: "telegram-reports",
-        severity: "warn",
-        message: "WARN: this message looks like a task-completion report (starts with `🦑 #N`). " +
-            "Per [[feedback_telegram_reports]], reports go via `mcp__opensquid__chat_send` " +
-            "to the project's `report_channel` (supergroup + topic), not via " +
-            "plugin:telegram reply (which is the user's DM). Re-route via chat_send if " +
-            "this is meant to be a task report. Catches drift D2.",
-    },
-    // 6. Bundled multi-purpose commit — `git commit -m` message that
-    //    references 2+ distinct task numbers. The D4 incident was commit
-    //    bef7eff bundling "close #166 + defer #168 + section-header
-    //    rewrite" into one commit. The 2-task-ref heuristic is narrow
-    //    enough to avoid most legitimate single-purpose commits while
-    //    catching the typical bundle shape ("close #X and defer #Y").
-    //    0.7.28 / D4. strip_quotes=false so the -m body is scanned.
-    {
-        id: "bundled-commit",
-        tool: "Bash",
-        trigger: {
-            kind: "bash_regex",
-            pattern: "git\\s+commit\\b[^\\n]*-m\\b[^\\n]*#\\d+[^\\n]*#\\d+",
-            strip_quotes: false,
-        },
-        lesson: "auto-commit",
-        severity: "warn",
-        message: "WARN: commit message references 2+ task numbers (`#N`). Per the auto-commit " +
-            "rule (CLAUDE.md), prefer multiple small logical commits over one large " +
-            "catchall. If these task numbers are genuinely one logical unit (e.g. one " +
-            "task closing two others as duplicates), proceed. Catches drift D4.",
-    },
-];
-/**
- * Run the catalog against a tool call. Returns every matching pattern;
- * caller decides block-vs-warn based on highest severity.
- */
-export function findDrifts(call) {
-    const hits = [];
-    for (const pattern of DRIFT_PATTERNS) {
-        if (pattern.tool !== "*" && pattern.tool !== call.tool)
-            continue;
-        if (matches(pattern.trigger, call)) {
-            hits.push({ pattern });
-        }
-    }
-    return hits;
-}
-function matches(trigger, call) {
-    switch (trigger.kind) {
-        case "bash_contains": {
-            const cmd = stringField(call.input, "command");
-            if (cmd === null)
-                return false;
-            const haystack = trigger.strip_quotes === false ? cmd : stripQuotedStrings(cmd);
-            return haystack.includes(trigger.needle);
-        }
-        case "bash_regex": {
-            const cmd = stringField(call.input, "command");
-            if (cmd === null)
-                return false;
-            const haystack = trigger.strip_quotes === false ? cmd : stripQuotedStrings(cmd);
-            try {
-                return new RegExp(trigger.pattern).test(haystack);
-            }
-            catch {
-                return false;
-            }
-        }
-        case "text_regex": {
-            const text = stringField(call.input, trigger.field);
-            if (text === null)
-                return false;
-            try {
-                return new RegExp(trigger.pattern).test(text);
-            }
-            catch {
-                return false;
-            }
-        }
-    }
-}
-/**
- * Remove single- and double-quoted string contents PLUS HEREDOC bodies
- * from a shell command so drift patterns match REAL shell tokens, not
- * text that happens to appear inside `echo "..."`, `grep '...'`, or a
- * `git commit -m "$(cat <<'EOF' ... EOF)"` body.
- *
- * Approximate: doesn't handle backslash-escaped quotes or `$(...)`
- * nesting beyond the HEREDOC. Sufficient for the false-positive cases
- * observed in real Claude Code sessions; tighten if a real-world
- * counter-example surfaces.
- *
- * v0.6.5 (#136) — added HEREDOC body stripping. Previously, a
- * `git commit -m` with a HEREDOC message body containing the literal
- * string "git push" would false-fire the no-implicit-push drift block
- * because the entire HEREDOC body was part of the bash command string.
- * Now the body is stripped before pattern matching. Caught dogfooding
- * the v0.6.4 commit (commit message described regex patterns containing
- * the word "git push" and the drift-block fired against itself).
- *
- * Replacement is empty rather than a placeholder so adjacent tokens
- * still parse correctly (e.g. `cmd "literal" && more` → `cmd  && more`).
- */
-function stripQuotedStrings(s) {
-    return stripHeredocBodies(s)
-        .replace(/'[^']*'/g, "")
-        .replace(/"[^"]*"/g, "");
-}
-/**
- * Strip HEREDOC bodies (`<<DELIM ... DELIM` and variants) from a
- * shell command.
- *
- * Recognizes:
- *   <<EOF ... \nEOF        (unquoted delimiter, expansion-allowing)
- *   <<'EOF' ... \nEOF      (single-quoted, literal body)
- *   <<"EOF" ... \nEOF      (double-quoted, literal body)
- *   <<-EOF ... \nEOF       (tab-stripping mode)
- *   <<-'EOF' ... \nEOF     (combined)
- *
- * Delimiter is any word-char sequence (EOF, END, HERE, MARKER, etc.).
- * Lazy `[\s\S]*?` matches across newlines; `\b` after the backref
- * ensures `EOFX` doesn't close an `<<EOF` block.
- *
- * If a HEREDOC has no closing delimiter (truncated input), regex
- * doesn't match and the body stays intact — fail-open behavior.
- *
- * Exported for direct unit testing.
- */
-export function stripHeredocBodies(s) {
-    // `\n[ \t]*\1\b` — allow leading whitespace before the closing
-    // delimiter so the `<<-DELIM` (tab-stripping) variant matches its
-    // indented closing line (`\t\tEOF`). The permissive whitespace
-    // also covers the plain `<<DELIM` case where users sometimes
-    // accidentally indent the closing line — no real harm.
-    return s.replace(/<<-?\s*['"]?(\w+)['"]?[\s\S]*?\n[ \t]*\1\b/g, "");
-}
-function stringField(input, field) {
-    const v = input[field];
-    return typeof v === "string" ? v : null;
-}
-/**
- * Decide the final exit code + message from a list of hits.
- *
- * - Any "block" hit → exit 2 with all blocking messages
- * - Only "warn" hits → exit 0, print warnings to stderr
- * - No hits → exit 0 silently
- *
- * Emergency bypass: `OPENSQUID_SKIP_DRIFT=1` downgrades every block to
- * an audit-trail warning (exit 0, stderr explains the bypass). Two ways
- * to set it:
- *
- *   1. Parent process env — useful for whole-session bypass (e.g. set
- *      before launching Claude Code).
- *   2. Inline command prefix — e.g. `OPENSQUID_SKIP_DRIFT=1 git push`.
- *      The hook reads the COMMAND STRING from the Bash tool input and
- *      sees the prefix even though the env var never reaches the hook's
- *      own process.env (the hook is a sibling subprocess spawned by
- *      Claude Code, not a child of the would-be Bash subprocess).
- *
- * Matches the shape of the version-gate (`OPENSQUID_SKIP_VERSION_GATE=1`)
- * and workflow-gate (`OPENSQUID_SKIP_WORKFLOW_GATE=1`) bypasses so the
- * operator only has one mental model — except those two only check
- * process.env (their hooks happen before any command runs); drift-
- * patterns additionally checks the command-string prefix so the bypass
- * can be requested per-command from within an existing session.
- */
-export function decide(hits, call) {
-    if (hits.length === 0)
-        return { exit: 0, stderr: "" };
-    if (isDriftBypassed(call)) {
-        const ids = hits.map((h) => h.pattern.id).join(", ");
-        return {
-            exit: 0,
-            stderr: `🦑 [opensquid drift-patterns] BYPASSED via OPENSQUID_SKIP_DRIFT=1 (hits: ${ids})\n`,
-        };
-    }
-    const blocks = hits.filter((h) => h.pattern.severity === "block");
-    const warns = hits.filter((h) => h.pattern.severity === "warn");
-    const lines = [];
-    for (const h of blocks) {
-        lines.push(`🦑 [opensquid drift-block] ${h.pattern.id}: ${h.pattern.message}`);
-    }
-    for (const h of warns) {
-        lines.push(`🦑 [opensquid drift-warn]  ${h.pattern.id}: ${h.pattern.message}`);
-    }
-    return {
-        exit: blocks.length > 0 ? 2 : 0,
-        stderr: lines.join("\n") + "\n",
-    };
-}
-function isDriftBypassed(call) {
-    if (process.env.OPENSQUID_SKIP_DRIFT === "1")
-        return true;
-    if (!call)
-        return false;
-    const cmd = stringField(call.input, "command");
-    if (cmd === null)
-        return false;
-    // Inline prefix: zero or more env-var assignments may precede the
-    // bypass var. Permissive on whitespace; strict on the value (must be
-    // literally "1" to match the env-var semantics).
-    return /(^|\s|;|&&)\s*OPENSQUID_SKIP_DRIFT=1(\s|$)/.test(cmd);
-}
-//# sourceMappingURL=drift-patterns.js.map

package/dist/hooks/drift-patterns.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"drift-patterns.js","sourceRoot":"","sources":["../../src.legacy/hooks/drift-patterns.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAyBH,wEAAwE;AACxE,gEAAgE;AAChE,wEAAwE;AAExE,MAAM,CAAC,MAAM,cAAc,GAAmB;IAC5C,oEAAoE;IACpE;QACE,EAAE,EAAE,aAAa;QACjB,IAAI,EAAE,MAAM;QACZ,OAAO,EAAE,EAAE,IAAI,EAAE,YAAY,EAAE,OAAO,EAAE,sCAAsC,EAAE;QAChF,MAAM,EAAE,aAAa;QACrB,QAAQ,EAAE,OAAO;QACjB,OAAO,EACL,yEAAyE;YACzE,yEAAyE;YACzE,wEAAwE;YACxE,kCAAkC;KACrC;IAED,+DAA+D;IAC/D;QACE,EAAE,EAAE,kBAAkB;QACtB,IAAI,EAAE,MAAM;QACZ,OAAO,EAAE,EAAE,IAAI,EAAE,YAAY,EAAE,OAAO,EAAE,gBAAgB,EAAE;QAC1D,MAAM,EAAE,aAAa;QACrB,QAAQ,EAAE,OAAO;QACjB,OAAO,EACL,4DAA4D;YAC5D,qEAAqE;YACrE,oEAAoE;YACpE,0CAA0C;KAC7C;IAED,+DAA+D;IAC/D,sEAAsE;IACtE,+DAA+D;IAC/D,kDAAkD;IAClD,EAAE;IACF,sEAAsE;IACtE,oDAAoD;IACpD;QACE,EAAE,EAAE,kBAAkB;QACtB,IAAI,EAAE,MAAM;QACZ,OAAO,EAAE;YACP,IAAI,EAAE,YAAY;YAClB,OAAO,EAAE,yEAAyE;YAClF,YAAY,EAAE,KAAK;SACpB;QACD,MAAM,EAAE,cAAc;QACtB,QAAQ,EAAE,MAAM;QAChB,OAAO,EACL,sEAAsE;YACtE,oEAAoE;YACpE,iEAAiE;YACjE,kEAAkE;KACrE;IAED,+DAA+D;IAC/D;QACE,EAAE,EAAE,oBAAoB;QACxB,IAAI,EAAE,MAAM;QACZ,OAAO,EAAE;YACP,IAAI,EAAE,YAAY;YAClB,OAAO,EAAE,gEAAgE;SAC1E;QACD,MAAM,EAAE,aAAa;QACrB,QAAQ,EAAE,OAAO;QACjB,OAAO,EACL,uEAAuE;YACvE,sEAAsE;KACzE;IAED,wEAAwE;IACxE,0EAA0E;IAC1E,0EAA0E;IAC1E;QACE,EAAE,EAAE,0BAA0B;QAC9B,IAAI,EAAE,sCAAsC;QAC5C,OAAO,EAAE,EAAE,IAAI,EAAE,YAAY,EAAE,OAAO,EAAE,iBAAiB,EAAE,KAAK,EAAE,MAAM,EAAE;QAC1E,MAAM,EAAE,kBAAkB;QAC1B,QAAQ,EAAE,MAAM;QAChB,OAAO,EACL,gFAAgF;YAChF,gFAAgF;YAChF,kEAAkE;YAClE,4EAA4E;YAC5E,sDAAsD;KACzD;IAED,iEAAiE;IACjE,qEAAqE;IACrE,gEAAgE;IAChE,kEAAkE;IAClE,kEAAkE;IAClE,kEAAkE;IAClE,gEAAgE;IAChE;QACE,EAAE,EAAE,gBAAgB;QACpB,IAAI,EAAE,MAAM;QACZ,OAAO,EAAE;YACP,IAAI,EAAE,YAAY;YAClB,OAAO,EAAE,sDAAsD;YAC/D,YAAY,EAAE,KAAK;SACpB;QACD,MAAM,EAAE,aAAa;QACrB,QAAQ,EAAE,MAAM;QAChB,OAAO,EACL,8EAA8E;YAC9E,yEAAyE;YACzE,2EAA2E;YAC3E,oEAAoE;KACvE;CACF,CAAC;AAeF;;;GAGG;AACH,MAAM,UAAU,UAAU,CAAC,IAAmB;IAC5C,MAAM,IAAI,GAAe,EAAE,CAAC;IAC5B,KAAK,MAAM,OAAO,IAAI,cAAc,EAAE,CAAC;QACrC,IAAI,OAAO,CAAC,IAAI,KAAK,GAAG,IAAI,OAAO,CAAC,IAAI,KAAK,IAAI,CAAC,IAAI;YAAE,SAAS;QACjE,IAAI,OAAO,CAAC,OAAO,CAAC,OAAO,EAAE,IAAI,CAAC,EAAE,CAAC;YACnC,IAAI,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,CAAC,CAAC;QACzB,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,OAAO,CAAC,OAAqB,EAAE,IAAmB;IACzD,QAAQ,OAAO,CAAC,IAAI,EAAE,CAAC;QACrB,KAAK,eAAe,CAAC,CAAC,CAAC;YACrB,MAAM,GAAG,GAAG,WAAW,CAAC,IAAI,CAAC,KAAK,EAAE,SAAS,CAAC,CAAC;YAC/C,IAAI,GAAG,KAAK,IAAI;gBAAE,OAAO,KAAK,CAAC;YAC/B,MAAM,QAAQ,GAAG,OAAO,CAAC,YAAY,KAAK,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,kBAAkB,CAAC,GAAG,CAAC,CAAC;YAChF,OAAO,QAAQ,CAAC,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAC3C,CAAC;QACD,KAAK,YAAY,CAAC,CAAC,CAAC;YAClB,MAAM,GAAG,GAAG,WAAW,CAAC,IAAI,CAAC,KAAK,EAAE,SAAS,CAAC,CAAC;YAC/C,IAAI,GAAG,KAAK,IAAI;gBAAE,OAAO,KAAK,CAAC;YAC/B,MAAM,QAAQ,GAAG,OAAO,CAAC,YAAY,KAAK,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,kBAAkB,CAAC,GAAG,CAAC,CAAC;YAChF,IAAI,CAAC;gBACH,OAAO,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YACpD,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,KAAK,CAAC;YACf,CAAC;QACH,CAAC;QACD,KAAK,YAAY,CAAC,CAAC,CAAC;YAClB,MAAM,IAAI,GAAG,WAAW,CAAC,IAAI,CAAC,KAAK,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC;YACpD,IAAI,IAAI,KAAK,IAAI;gBAAE,OAAO,KAAK,CAAC;YAChC,IAAI,CAAC;gBACH,OAAO,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAChD,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,KAAK,CAAC;YACf,CAAC;QACH,CAAC;IACH,CAAC;AACH,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,SAAS,kBAAkB,CAAC,CAAS;IACnC,OAAO,kBAAkB,CAAC,CAAC,CAAC;SACzB,OAAO,CAAC,UAAU,EAAE,EAAE,CAAC;SACvB,OAAO,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC;AAC7B,CAAC;AAED;;;;;;;;;;;;;;;;;;;GAmBG;AACH,MAAM,UAAU,kBAAkB,CAAC,CAAS;IAC1C,+DAA+D;IAC/D,kEAAkE;IAClE,+DAA+D;IAC/D,6DAA6D;IAC7D,uDAAuD;IACvD,OAAO,CAAC,CAAC,OAAO,CAAC,6CAA6C,EAAE,EAAE,CAAC,CAAC;AACtE,CAAC;AAED,SAAS,WAAW,CAAC,KAA8B,EAAE,KAAa;IAChE,MAAM,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC;IACvB,OAAO,OAAO,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;AAC1C,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AACH,MAAM,UAAU,MAAM,CACpB,IAAgB,EAChB,IAAoB;IAKpB,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,EAAE,EAAE,CAAC;IACtD,IAAI,eAAe,CAAC,IAAI,CAAC,EAAE,CAAC;QAC1B,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACrD,OAAO;YACL,IAAI,EAAE,CAAC;YACP,MAAM,EAAE,4EAA4E,GAAG,KAAK;SAC7F,CAAC;IACJ,CAAC;IACD,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,KAAK,OAAO,CAAC,CAAC;IAClE,MAAM,KAAK,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC;IAChE,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,KAAK,MAAM,CAAC,IAAI,MAAM,EAAE,CAAC;QACvB,KAAK,CAAC,IAAI,CAAC,8BAA8B,CAAC,CAAC,OAAO,CAAC,EAAE,KAAK,CAAC,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC;IACjF,CAAC;IACD,KAAK,MAAM,CAAC,IAAI,KAAK,EAAE,CAAC;QACtB,KAAK,CAAC,IAAI,CAAC,8BAA8B,CAAC,CAAC,OAAO,CAAC,EAAE,KAAK,CAAC,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC;IACjF,CAAC;IACD,OAAO;QACL,IAAI,EAAE,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAC/B,MAAM,EAAE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,IAAI;KAChC,CAAC;AACJ,CAAC;AAED,SAAS,eAAe,CAAC,IAAoB;IAC3C,IAAI,OAAO,CAAC,GAAG,CAAC,oBAAoB,KAAK,GAAG;QAAE,OAAO,IAAI,CAAC;IAC1D,IAAI,CAAC,IAAI;QAAE,OAAO,KAAK,CAAC;IACxB,MAAM,GAAG,GAAG,WAAW,CAAC,IAAI,CAAC,KAAK,EAAE,SAAS,CAAC,CAAC;IAC/C,IAAI,GAAG,KAAK,IAAI;QAAE,OAAO,KAAK,CAAC;IAC/B,kEAAkE;IAClE,qEAAqE;IACrE,iDAAiD;IACjD,OAAO,4CAA4C,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAChE,CAAC"}

package/dist/hooks/drift-patterns.test.js

@@ -1,325 +0,0 @@
-import { afterEach, describe, expect, it } from "vitest";
-import { decide, findDrifts, stripHeredocBodies } from "./drift-patterns.js";
-function bash(command) {
-    return { tool: "Bash", input: { command } };
-}
-function telegramReply(text) {
-    return {
-        tool: "mcp__plugin_telegram_telegram__reply",
-        input: { chat_id: "8075471258", text },
-    };
-}
-describe("drift catalog — never-amend", () => {
-    it("blocks `git commit --amend`", () => {
-        const hits = findDrifts(bash('git commit --amend -m "fix typo"'));
-        expect(hits.map((h) => h.pattern.id)).toContain("never-amend");
-        expect(decide(hits).exit).toBe(2);
-    });
-    it("blocks `git commit -a --amend`", () => {
-        const hits = findDrifts(bash("git commit -a --amend"));
-        expect(hits.map((h) => h.pattern.id)).toContain("never-amend");
-    });
-    it("doesn't fire on a normal `git commit -m`", () => {
-        const hits = findDrifts(bash('git commit -m "regular commit"'));
-        expect(hits.map((h) => h.pattern.id)).not.toContain("never-amend");
-    });
-});
-describe("drift catalog — no-implicit-push", () => {
-    it("blocks `git push`", () => {
-        const hits = findDrifts(bash("git push origin main"));
-        expect(hits.map((h) => h.pattern.id)).toContain("no-implicit-push");
-        expect(decide(hits).exit).toBe(2);
-    });
-    it("blocks `git push -u origin feature`", () => {
-        const hits = findDrifts(bash("git push -u origin feature/x"));
-        expect(hits.map((h) => h.pattern.id)).toContain("no-implicit-push");
-    });
-    it("force-push to main is ALSO caught by both rules", () => {
-        const hits = findDrifts(bash("git push --force origin main"));
-        const ids = hits.map((h) => h.pattern.id);
-        expect(ids).toContain("no-implicit-push");
-        expect(ids).toContain("no-force-push-main");
-        expect(decide(hits).exit).toBe(2);
-    });
-    it("doesn't fire on `git pull` or `git status`", () => {
-        expect(findDrifts(bash("git pull")).length).toBe(0);
-        expect(findDrifts(bash("git status")).length).toBe(0);
-    });
-});
-describe("drift catalog — substrate-purity (engine commits)", () => {
-    it("warns on engine commit message referencing 'codex'", () => {
-        const hits = findDrifts(bash('cd /Users/slee/projects/loop/engine && git commit -m "v1.1: codex support"'));
-        expect(hits.map((h) => h.pattern.id)).toContain("substrate-purity");
-        // Severity = warn, so exit stays 0 (call proceeds).
-        expect(decide(hits).exit).toBe(0);
-    });
-    it("warns on engine commit referencing 'opensquid'", () => {
-        const hits = findDrifts(bash('cd ~/projects/loop/engine && git commit -m "support for opensquid pack"'));
-        expect(hits.map((h) => h.pattern.id)).toContain("substrate-purity");
-    });
-    it("doesn't fire on substrate-pure engine commits", () => {
-        const hits = findDrifts(bash('cd /Users/slee/projects/loop/engine && git commit -m "v1.1: Pack authorship"'));
-        expect(hits.map((h) => h.pattern.id)).not.toContain("substrate-purity");
-    });
-    it("doesn't fire on opensquid commits mentioning codex (correct context)", () => {
-        const hits = findDrifts(bash('cd /Users/slee/projects/opensquid && git commit -m "v0.4: codex CLI"'));
-        expect(hits.map((h) => h.pattern.id)).not.toContain("substrate-purity");
-    });
-});
-describe("decide — combining hits", () => {
-    it("returns exit 0 + empty stderr on no hits", () => {
-        const { exit, stderr } = decide([]);
-        expect(exit).toBe(0);
-        expect(stderr).toBe("");
-    });
-    it("returns exit 2 if any hit is severity=block", () => {
-        const hits = findDrifts(bash("git push --force origin main"));
-        const { exit, stderr } = decide(hits);
-        expect(exit).toBe(2);
-        expect(stderr).toContain("BLOCKED");
-    });
-    it("returns exit 0 + stderr on warn-only hits", () => {
-        const hits = findDrifts(bash('cd /Users/slee/projects/loop/engine && git commit -m "codex stuff"'));
-        const { exit, stderr } = decide(hits);
-        expect(exit).toBe(0);
-        expect(stderr).toContain("WARN");
-    });
-});
-describe("non-bash tools are not matched by bash rules", () => {
-    it("Edit calls bypass git rules", () => {
-        const call = {
-            tool: "Edit",
-            input: { file_path: "/x/y", old_string: "git commit --amend", new_string: "" },
-        };
-        expect(findDrifts(call).length).toBe(0);
-    });
-});
-describe("false-positive resistance — patterns inside quoted strings", () => {
-    it("never-amend ignores --amend inside double-quoted string", () => {
-        const hits = findDrifts(bash('echo "git commit --amend in a string literal"'));
-        expect(hits.map((h) => h.pattern.id)).not.toContain("never-amend");
-    });
-    it("never-amend ignores --amend inside single-quoted string", () => {
-        const hits = findDrifts(bash("grep 'git commit --amend' file.txt"));
-        expect(hits.map((h) => h.pattern.id)).not.toContain("never-amend");
-    });
-    it("no-implicit-push ignores 'git push' in an echo literal", () => {
-        const hits = findDrifts(bash('echo "to deploy run git push origin main"'));
-        expect(hits.map((h) => h.pattern.id)).not.toContain("no-implicit-push");
-    });
-    it("never-amend STILL fires when amend is a real shell token", () => {
-        const hits = findDrifts(bash('git commit --amend -m "fix typo"'));
-        expect(hits.map((h) => h.pattern.id)).toContain("never-amend");
-    });
-    it("never-amend fires after shell continuation (&&, ;, |)", () => {
-        expect(findDrifts(bash("cd /repo && git commit --amend")).map((h) => h.pattern.id)).toContain("never-amend");
-        expect(findDrifts(bash("foo; git commit --amend")).map((h) => h.pattern.id)).toContain("never-amend");
-    });
-});
-// =====================================================================
-// v0.6.5 (#136) — HEREDOC body stripping. Caught while dogfooding the
-// v0.6.4 commit: the no-implicit-push drift fired against a `git commit`
-// whose HEREDOC commit message body contained the literal string
-// describing a regex pattern (the words `git push` appeared in prose
-// describing a pattern). The hook scanned the entire bash command
-// string including HEREDOC bodies → false-positive block.
-//
-// Fix: stripHeredocBodies runs before stripQuotedStrings so the body
-// is removed before any drift regex sees it.
-// =====================================================================
-describe("stripHeredocBodies (v0.6.5)", () => {
-    it("strips single-quoted-delimiter HEREDOC body", () => {
-        const cmd = `git commit -m "$(cat <<'EOF'
-This body contains git push origin main
-EOF
-)"`;
-        expect(stripHeredocBodies(cmd)).not.toContain("git push");
-    });
-    it("strips unquoted-delimiter HEREDOC body", () => {
-        const cmd = `cat <<MARKER
-inner content with git push verbatim
-MARKER`;
-        expect(stripHeredocBodies(cmd)).not.toContain("git push");
-    });
-    it("strips double-quoted-delimiter HEREDOC body", () => {
-        const cmd = `cat <<"END"
-git push --force here
-END`;
-        expect(stripHeredocBodies(cmd)).not.toContain("git push");
-    });
-    it("strips tab-stripping (<<-) variant", () => {
-        const cmd = `cat <<-EOF
-\t\tgit push danger
-\tEOF`;
-        expect(stripHeredocBodies(cmd)).not.toContain("git push");
-    });
-    it("strips multiple HEREDOCs in one command", () => {
-        const cmd = `cat <<'A'
-contains git push
-A
-echo "between"
-cat <<'B'
-contains git commit --amend
-B`;
-        const stripped = stripHeredocBodies(cmd);
-        expect(stripped).not.toContain("git push");
-        expect(stripped).not.toContain("git commit --amend");
-    });
-    it("leaves a truncated HEREDOC (no closing delimiter) intact (fail-open)", () => {
-        const cmd = `cat <<EOF
-truncated body with git push but no EOF closing`;
-        // No \nEOF\b on its own → regex doesn't match → fail-open
-        expect(stripHeredocBodies(cmd)).toContain("git push");
-    });
-});
-describe("drift catalog — HEREDOC false-positive resistance (v0.6.5 #136)", () => {
-    it("no-implicit-push does NOT fire when 'git push' appears only in a HEREDOC commit message", () => {
-        // This is the exact pattern that bit me during the v0.6.4 commit.
-        const cmd = `git -c commit.gpgsign=false commit -m "$(cat <<'EOF'
-feat: blah
-
-- pushed (bash_regex git push) — this LITERAL string in the message
-  body would have tripped the no-implicit-push drift block before
-  the v0.6.5 fix.
-EOF
-)"`;
-        const hits = findDrifts(bash(cmd));
-        expect(hits.map((h) => h.pattern.id)).not.toContain("no-implicit-push");
-    });
-    it("never-amend does NOT fire on 'git commit --amend' in HEREDOC commit body", () => {
-        const cmd = `git commit -m "$(cat <<'EOF'
-Mentioning git commit --amend in the message body for context.
-EOF
-)"`;
-        const hits = findDrifts(bash(cmd));
-        expect(hits.map((h) => h.pattern.id)).not.toContain("never-amend");
-    });
-    it("STILL fires when 'git push' is the actual command after a HEREDOC", () => {
-        // The HEREDOC ends, then a real git push follows. Must still block.
-        const cmd = `cat <<'EOF'
-some prose
-EOF
-git push origin main`;
-        const hits = findDrifts(bash(cmd));
-        expect(hits.map((h) => h.pattern.id)).toContain("no-implicit-push");
-    });
-});
-// =====================================================================
-// v0.6.6 (#137) — OPENSQUID_SKIP_DRIFT emergency bypass. Mirrors
-// OPENSQUID_SKIP_VERSION_GATE / OPENSQUID_SKIP_WORKFLOW_GATE shape so
-// the operator only has one mental model for "this hook is wrong, get
-// out of my way". The documented uninstall-hooks workaround doesn't
-// actually work mid-session because Claude Code caches the settings.json
-// hook command at session start.
-// =====================================================================
-describe("OPENSQUID_SKIP_DRIFT bypass (v0.6.6)", () => {
-    // Vitest runs tests serially within a file by default; we restore the
-    // env var after each test so other tests aren't tainted.
-    afterEach(() => {
-        delete process.env.OPENSQUID_SKIP_DRIFT;
-    });
-    it("ALLOWS (exit 0) with bypass warning when OPENSQUID_SKIP_DRIFT=1 is in parent env and a block would fire", () => {
-        process.env.OPENSQUID_SKIP_DRIFT = "1";
-        const call = bash("git push origin main");
-        const hits = findDrifts(call);
-        expect(hits.length).toBeGreaterThan(0);
-        const { exit, stderr } = decide(hits, call);
-        expect(exit).toBe(0);
-        expect(stderr).toContain("BYPASSED via OPENSQUID_SKIP_DRIFT=1");
-        expect(stderr).toContain("no-implicit-push");
-    });
-    it("ALLOWS via INLINE prefix `OPENSQUID_SKIP_DRIFT=1 git push ...` even when parent env unset", () => {
-        delete process.env.OPENSQUID_SKIP_DRIFT;
-        const call = bash("OPENSQUID_SKIP_DRIFT=1 git push origin main");
-        const hits = findDrifts(call);
-        expect(hits.length).toBeGreaterThan(0);
-        const { exit, stderr } = decide(hits, call);
-        expect(exit).toBe(0);
-        expect(stderr).toContain("BYPASSED via OPENSQUID_SKIP_DRIFT=1");
-    });
-    it("ALLOWS via inline prefix after `cd ... &&` chain", () => {
-        const call = bash("cd /tmp && OPENSQUID_SKIP_DRIFT=1 git push origin main");
-        const hits = findDrifts(call);
-        const { exit } = decide(hits, call);
-        expect(exit).toBe(0);
-    });
-    it("includes ALL hit ids in the bypass message (operator audit trail)", () => {
-        process.env.OPENSQUID_SKIP_DRIFT = "1";
-        const call = bash("git push --force origin main");
-        const hits = findDrifts(call);
-        const { stderr } = decide(hits, call);
-        expect(stderr).toContain("no-implicit-push");
-        expect(stderr).toContain("no-force-push-main");
-    });
-    it("does NOT bypass when env var is unset or != '1'", () => {
-        process.env.OPENSQUID_SKIP_DRIFT = "true";
-        const call = bash("git push origin main");
-        const hits = findDrifts(call);
-        const { exit } = decide(hits, call);
-        expect(exit).toBe(2);
-    });
-    it("does NOT bypass when inline prefix value != '1'", () => {
-        const call = bash("OPENSQUID_SKIP_DRIFT=true git push origin main");
-        const hits = findDrifts(call);
-        const { exit } = decide(hits, call);
-        expect(exit).toBe(2);
-    });
-    it("does NOT bypass when var name appears only as substring", () => {
-        // Defensive: `MY_OPENSQUID_SKIP_DRIFT=1` shouldn't match (leading word-boundary).
-        const call = bash("MY_OPENSQUID_SKIP_DRIFT=1 git push origin main");
-        const hits = findDrifts(call);
-        const { exit } = decide(hits, call);
-        expect(exit).toBe(2);
-    });
-    it("emits nothing on empty hits regardless of env var", () => {
-        process.env.OPENSQUID_SKIP_DRIFT = "1";
-        const { exit, stderr } = decide([]);
-        expect(exit).toBe(0);
-        expect(stderr).toBe("");
-    });
-});
-describe("drift catalog — telegram-redirect-report (D2)", () => {
-    it("warns when plugin:telegram reply starts with `🦑 #N` task-report marker", () => {
-        const hits = findDrifts(telegramReply("🦑 #170 — engine-client startupAck fix\n\nshipped"));
-        expect(hits.map((h) => h.pattern.id)).toContain("telegram-redirect-report");
-        expect(decide(hits).exit).toBe(0); // warn-severity = non-blocking
-    });
-    it("warns with leading whitespace before the marker", () => {
-        const hits = findDrifts(telegramReply("  🦑 #4 — cleanup commit"));
-        expect(hits.map((h) => h.pattern.id)).toContain("telegram-redirect-report");
-    });
-    it("does NOT fire on regular plugin:telegram replies", () => {
-        const hits = findDrifts(telegramReply("ok, working on it now"));
-        expect(hits.map((h) => h.pattern.id)).not.toContain("telegram-redirect-report");
-    });
-    it("does NOT fire on chat_send (the correct tool for reports)", () => {
-        const hits = findDrifts({
-            tool: "mcp__opensquid__chat_send",
-            input: { text: "🦑 #170 — full 7-phase report goes here" },
-        });
-        expect(hits.map((h) => h.pattern.id)).not.toContain("telegram-redirect-report");
-    });
-});
-describe("drift catalog — bundled-commit (D4)", () => {
-    it("warns on a commit message that references 2+ task numbers", () => {
-        const hits = findDrifts(bash('git commit -m "close #166 and defer #168"'));
-        expect(hits.map((h) => h.pattern.id)).toContain("bundled-commit");
-        expect(decide(hits).exit).toBe(0); // warn-severity = non-blocking
-    });
-    it('warns on inline `-m "..."` with 2 #N refs on one line', () => {
-        const hits = findDrifts(bash('git commit -m "release: #166 + #168 + cleanup"'));
-        expect(hits.map((h) => h.pattern.id)).toContain("bundled-commit");
-    });
-    // Known limitation: HEREDOC commit message bodies are stripped by
-    // stripHeredocBodies BEFORE pattern matching, so refs inside the
-    // HEREDOC body don't fire this pattern. Adding staged-content-aware
-    // detection (via a dedicated bundled-commit-gate) is deferred.
-    it("does NOT fire on a single-task commit", () => {
-        const hits = findDrifts(bash('git commit -m "fix(workflow-gate): session_id mismatch (#166)"'));
-        expect(hits.map((h) => h.pattern.id)).not.toContain("bundled-commit");
-    });
-    it("does NOT fire on commits with no task ref at all", () => {
-        const hits = findDrifts(bash('git commit -m "refactor: drift-patterns.ts"'));
-        expect(hits.map((h) => h.pattern.id)).not.toContain("bundled-commit");
-    });
-});