repo-harness 0.2.3 → 0.2.4

package/README.es.md

@@ -326,7 +326,7 @@ Guards habituales:
 
 ## Release actual
 
-- npm package: `repo-harness@0.2.1`
+- npm package: `repo-harness@0.2.4`
 - Generated workflow compatibility: `5.2.3`
 - GitHub repository: `Ancienttwo/repo-harness`
 - Release history: [`docs/CHANGELOG.md`](docs/CHANGELOG.md)

package/README.fr.md

@@ -330,7 +330,7 @@ Guards courants :
 
 ## Release actuelle
 
-- npm package : `repo-harness@0.2.1`
+- npm package : `repo-harness@0.2.4`
 - Generated workflow compatibility : `5.2.3`
 - GitHub repository : `Ancienttwo/repo-harness`
 - Release history : [`docs/CHANGELOG.md`](docs/CHANGELOG.md)

package/README.ja.md

@@ -293,7 +293,7 @@ hook がブロックしたときは、まず terminal の構造化された出
 
 ## 現在の Release
 
-- npm package：`repo-harness@0.2.1`
+- npm package：`repo-harness@0.2.4`
 - Generated workflow compatibility：`5.2.3`
 - GitHub repository：`Ancienttwo/repo-harness`
 - Release history：[`docs/CHANGELOG.md`](docs/CHANGELOG.md)

package/README.md

@@ -34,40 +34,30 @@ This repository now dogfoods its own tasks-first contract. It is both:
   read a 1KB capability contract or query the index instead of spending thousands of
   tokens rediscovering structure.
 
-## What's New in 0.2.3
-
-- **Safer global init defaults.** `repo-harness init` no longer calls the legacy
-  Claude plugin setup script or any Superpowers marketplace installer path.
-- **Global init command (`repo-harness init`).** One command installs the
-  `repo-harness` CLI globally, refreshes repo-harness skill aliases, installs
-  user-level Codex/Claude hook adapters, configures Waza
-  (`think`, `hunt`, `check`, `health`) plus Mermaid, persists the brain root, and
-  configures CodeGraph MCP.
-  Run `npx -y repo-harness init`; no source checkout is required.
-- **Repo refresh command (`repo-harness update`).** Existing-repo install and
-  refresh now has its own command surface, preserving the previous repo-local
-  harness migration path while keeping `init` focused on global runtime setup.
-- **CodeGraph index self-heal.** When the prompt hook detects structural
-  code-navigation intent and the repo has no `.codegraph` index, it initializes
-  the index with the local or PATH-visible CodeGraph binary before emitting the
-  route hint. This remains advisory: no dependency install, no heavy readiness
-  probe, and no prompt block if CodeGraph is unavailable.
-- **Security sentinel (`repo-harness security scan` + `security-sentinel.sh`).** A
-  read-only check over high-value config injection surfaces (`~/.claude/settings.json`,
-  `~/.codex/hooks.json`, repo-local `.vscode/tasks.json`, and legacy project-level
-  `.claude`/`.codex` adapters). It flags suspicious command patterns — remote-shell
-  pipes, base64-decode-to-exec, `osascript`, `launchctl`/`crontab` persistence, netcat,
-  inline interpreter exec — plus unmanaged hooks and auto-run `folderOpen` tasks, and it
-  never mutates config. The `SessionStart` sentinel fingerprints the set and re-scans
-  only when a fingerprint changes, so there is no session-start noise. Audit on demand:
-  `repo-harness security scan --json`.
-- **Claude/Codex draft-plan lifecycle.** Plan mode is explicitly two-stage: Draft vs
-  Approved. Hooks detect plan-creation intent and track pending orchestration; a stop gate
-  (`stop-orchestrator.sh`) requires one self-review pass before a session ends mid-plan.
-  Capture a draft with `scripts/capture-plan.sh --slug <slug> --title <title> --status
-  Draft`, then promote to Approved and project into execution with `--execute` or
-  `scripts/plan-to-todo.sh --plan <plan>`. Plans become the file-backed source of truth in
-  `plans/`.
+## What's New in 0.2.4
+
+- **Plan consultation stays advisory.** Questions and status reports that mention
+  plans, workflows, hooks, `new plan`, or `方案` no longer fall into
+  `PlanStatusGuard` or create plan files unless they explicitly start execution.
+- **Autoresearch is no longer a background hook.** The self-host-only
+  `autoresearch-advisory.sh` route is retired from `.ai/hooks`, generated hook
+  installers, and user-level adapters. Autoresearch evidence is now gathered by
+  an explicit agent-run workflow, not by an always-on hook.
+- **Hook parity is stricter.** Self-host `.ai/hooks/` and installable
+  `assets/hooks/` now match without maintainer-only hook exceptions.
+- **Copied hook fallback.** Installed prompt hooks now keep PlanCaptureGate
+  guidance working even when the copied runtime cannot reach the TypeScript
+  decision engine.
+- **Darwin readiness gates.** Workflow checks now catch stale handoff/resume
+  plan references, and public action-command skills have static quality gates
+  for failure modes, boundaries, and high-risk checkpoints.
+- **Authoritative eval evidence.** Benchmark reports now include
+  `full_test_count`, `dry_run_ratio`, `grader_pass_rate`, and
+  `effectiveness_authority`, so dry-run smoke output cannot be mistaken for
+  release-grade skill effectiveness proof.
+- **Tooling freshness.** The self-host CodeGraph dev dependency is refreshed to
+  `0.9.9`, and gbrain readiness probes try `doctor --json --fast` before the
+  full doctor path.
 
 ## What repo-harness Does
 
@@ -194,13 +184,13 @@ repository to install or refresh workflow files, hook assets, host adapters,
 skill aliases, and repo-local verification surfaces from the current npm package.
 
 The npm package release line is now `0.2.x`; generated workflow compatibility is
-tracked separately as the `5.x` model line. The `0.2.3` package splits first-run
-global bootstrap (`repo-harness init`) from repo-local refresh
-(`repo-harness update`), replaces the legacy global plugin installer path with
-typed CLI/hook/dependency bootstrap, keeps the read-only config security sentinel
-(`repo-harness security scan`), the explicit Claude/Codex draft-plan lifecycle,
-and adds non-blocking CodeGraph index initialization for structural prompt
-routing.
+tracked separately as the `5.x` model line. The `0.2.4` package keeps first-run
+global bootstrap (`repo-harness init`) separate from repo-local refresh
+(`repo-harness update`), preserves the typed global bootstrap and read-only
+config security sentinel, tightens hook parity, retires the self-host
+autoresearch advisory hook, prevents consultative plan/workflow prompts from
+being mistaken for execution, and adds copied-hook fallback, readiness checks,
+and skill-eval authority reporting.
 These sit on top of the renamed `repo-harness` CLI, user-level hook
 adapter bootstrap, AI-native scaffold overlays, the typed prompt-guard decision
 engine, plan-stem task artifact naming, `REPO_HARNESS_*` runtime aliases, Waza
@@ -340,7 +330,7 @@ Most common guards:
 
 ## Current Release
 
-- npm package: `repo-harness@0.2.3`
+- npm package: `repo-harness@0.2.4`
 - Generated workflow compatibility: `5.2.3`
 - GitHub repository: `Ancienttwo/repo-harness`
 - Release history: [`docs/CHANGELOG.md`](docs/CHANGELOG.md)
@@ -428,6 +418,12 @@ UI runtime, Bun/Hono gateway, shared contracts, observability, and MCP/HTTP
 sidecar rules without installing model providers or making Python, Go, Rust, or
 A2UI mandatory defaults.
 
+Webapp rendering is a separate overlay. Client-only Vite remains Plan B, while
+React webapps that need public SEO/SSR plus an authenticated workspace should
+use Plan C: one TanStack Start + Vite app deployed as a Cloudflare Worker under
+`apps/web`, with `/` SSR/prerender-capable and `/app` client-only. The scaffold
+does not default to separate `apps/marketing` and `apps/web` frontend deploys.
+
 Use `repo-harness-capability` when the harness already exists and only selected
 capability boundaries should be added. It updates `.ai/context/capabilities.json`,
 syncs the requested local `AGENTS.md` / `CLAUDE.md` contract files, and validates
@@ -480,6 +476,9 @@ bun scripts/assemble-template.ts --target agents --plan C --name "MyProject"
 bun run benchmark:skills --dry-run
 ```
 
+Dry-run benchmark output is a wiring smoke only. Release or readiness evidence
+needs a non-dry-run eval with grader output.
+
 ### Run one eval across both Claude and Codex
 
 ```bash
@@ -534,5 +533,5 @@ bash scripts/check-task-workflow.sh --strict
 bun scripts/inspect-project-state.ts --repo . --format text
 bash scripts/migrate-project-template.sh --repo . --dry-run
 bash scripts/check-agent-tooling.sh --host both --check-updates
-bun run benchmark:skills --dry-run
+bun run benchmark:skills --eval route-workflow-check
 ```

package/README.zh-CN.md

@@ -23,31 +23,25 @@ repo-local workflow 的自托管样例。
   做渐进式上下文加载：一份小而稳定的 root context（约 12KB），加上只在改到对应文件时才加载的
   capability 块。agent 读一份 1KB 的 capability 合约或查索引，而不是花上千 token 重新摸清结构。
 
-## 0.2.3 新特性
-
-- **更安全的全局初始化默认值。** `repo-harness init` 不再调用旧 Claude plugin setup
-  脚本，也没有 Superpowers marketplace installer 路径。
-- **全局初始化命令（`repo-harness init`）。** 一条命令安装全局 `repo-harness` CLI、
-  刷新 repo-harness skill aliases、安装 Codex/Claude user-level hook adapters、
-  配置 Waza（`think`、`hunt`、`check`、`health`）和 Mermaid、持久化 brain root，并配置
-  CodeGraph MCP。运行
-  `npx -y repo-harness init`，不需要 clone 源码仓库。
-- **仓库刷新命令（`repo-harness update`）。** 已有仓库的安装/刷新入口独立成命令，继续复用
-  原 repo-local harness migration 路径，同时让 `init` 专注于全局 runtime setup。
-- **CodeGraph index 自愈。** prompt hook 检测到结构化代码导航意图、且仓库还没有 `.codegraph`
-  index 时，会先用 repo-local 或 PATH 上的 CodeGraph binary 初始化 index，再发路由提示。这个动作仍是
-  advisory：不安装依赖、不跑重 readiness probe，CodeGraph 不可用时也不阻塞 prompt。
-- **安全哨兵（`repo-harness security scan` + `security-sentinel.sh`）。** 对高价值配置注入面做只读检查
-  （`~/.claude/settings.json`、`~/.codex/hooks.json`、仓库本地 `.vscode/tasks.json`，以及 legacy 项目级
-  `.claude`/`.codex` adapter）。它标记危险命令模式——远程 shell 管道、base64 解码执行、`osascript`、
-  `launchctl`/`crontab` 持久化、netcat、内联解释器执行——以及未托管 hook 和自动运行的 `folderOpen`
-  任务，且绝不改写任何配置。`SessionStart` 哨兵对这组文件做指纹，只在指纹变化时才重扫，不制造
-  session-start 噪音。按需审计：`repo-harness security scan --json`。
-- **Claude/Codex draft-plan 生命周期。** Plan mode 显式分两段：Draft 与 Approved。hooks 识别建 plan 的
-  意图并追踪 pending orchestration；stop 门（`stop-orchestrator.sh`）要求会话在 plan 未定时结束前先做
-  一次自审。用 `scripts/capture-plan.sh --slug <slug> --title <title> --status Draft` 落草稿，审批后改
-  Approved 并用 `--execute` 或 `scripts/plan-to-todo.sh --plan <plan>` 投射到执行。plans/ 成为文件级
-  事实来源。
+## 0.2.4 新特性
+
+- **计划咨询保持 advisory。** 提到 plans、workflow、hooks、`new plan` 或 `方案` 的问题和状态报告，
+  不再因为包含执行相关词就进入 `PlanStatusGuard` 或创建 plan 文件；只有明确开始执行时才触发执行门。
+- **Autoresearch 不再是后台 hook。** 自托管专用的 `autoresearch-advisory.sh` route 已从
+  `.ai/hooks`、生成的 hook installer 和 user-level adapters 里退休。需要 autoresearch 证据时，
+  由 agent 显式运行实验流程，而不是靠常驻 hook 提示。
+- **Hook parity 更严格。** 自托管 `.ai/hooks/` 和可安装的 `assets/hooks/` 现在必须完全一致，
+  不再保留 maintainer-only hook exception。
+- **复制版 hook fallback。** 已安装的 prompt hook 即使找不到 TypeScript decision
+  engine，也会保留 PlanCaptureGate guidance，而不是直接报 engine unavailable。
+- **Darwin readiness gates。** Workflow checks 现在会抓 stale handoff/resume plan
+  references；公共 action-command skills 也增加 failure modes、boundaries 和高风险
+  checkpoint 的静态质量门。
+- **权威 eval evidence。** Benchmark report 现在输出 `full_test_count`、
+  `dry_run_ratio`、`grader_pass_rate` 和 `effectiveness_authority`，避免把 dry-run
+  smoke 当成 release-grade skill effectiveness 证明。
+- **Tooling freshness。** self-host CodeGraph dev dependency 刷到 `0.9.9`，gbrain
+  readiness 会先尝试 `doctor --json --fast`，再 fallback 到完整 doctor。
 
 ## 产品做什么
 
@@ -166,10 +160,11 @@ npx -y repo-harness update
 repo-local verification surfaces。
 
 npm package release line 现在是 `0.2.x`；生成的 workflow compatibility model line
-单独以 `5.x` 追踪。`repo-harness@0.2.3` 把首次全局引导（`repo-harness init`）
-和 repo-local 刷新（`repo-harness update`）拆开，同时用 typed CLI/hook/dependency
-bootstrap 替换旧全局 plugin installer 路径，保留只读配置安全哨兵（`repo-harness security scan`）、
-显式 Claude/Codex draft-plan 生命周期，并新增 prompt hook 的非阻塞 CodeGraph index 初始化。
+单独以 `5.x` 追踪。`repo-harness@0.2.4` 继续把首次全局引导（`repo-harness init`）
+和 repo-local 刷新（`repo-harness update`）拆开，保留 typed global bootstrap 与只读
+配置安全哨兵，同时收紧 hook parity，退休自托管 autoresearch advisory hook，避免
+计划/工作流咨询 prompt 被误判成执行请求，并增加复制版 hook fallback、readiness checks
+和 skill-eval authority reporting。
 这些能力叠加在改名后的 CLI、user-level hook adapter bootstrap、AI-native scaffold overlays、
 typed prompt-guard decision engine、plan-stem task artifact 命名、`REPO_HARNESS_*`
 runtime aliases、Waza runtime skill sync，以及 maintainer 发布 npm 前使用的 release gate 之上。
@@ -302,7 +297,7 @@ hook block 工作时，先看 terminal 里的结构化输出。核心字段是
 
 ## 当前 Release
 
-- npm package：`repo-harness@0.2.3`
+- npm package：`repo-harness@0.2.4`
 - Generated workflow compatibility：`5.2.3`
 - GitHub repository：`Ancienttwo/repo-harness`
 - Release history：[`docs/CHANGELOG.md`](docs/CHANGELOG.md)
@@ -339,6 +334,13 @@ hook block 工作时，先看 terminal 里的结构化输出。核心字段是
 `repo-harness update` 用于已有仓库；`repo-harness-scaffold` 作为支线 command 创建新项目或模块。
 `hooks-init`、`docs-init` 和 `create-project-dirs` 是内部步骤，不是公共 commands。
 
+`repo-harness-scaffold` 保持 A-K plan catalog 作为项目类型 authority；AI-native
+能力通过可选 `ai_native_profile` overlay 叠加。Webapp rendering 也是独立 overlay：
+Plan B 保留为 client-only Vite；需要 public SEO/SSR landing 加 authenticated
+workspace 的 React webapp 使用 Plan C，也就是一个部署在 Cloudflare Workers 上的
+TanStack Start + Vite `apps/web`。`/` 走 SSR/prerender，`/app` 保持 client-only。
+scaffold 不默认生成 `apps/marketing` + `apps/web` 两个前端部署。
+
 ## Maintainer Reference
 
 ### 检查本仓库 workflow contract
@@ -366,7 +368,7 @@ bash scripts/check-task-workflow.sh --strict
 bun scripts/inspect-project-state.ts --repo . --format text
 bash scripts/migrate-project-template.sh --repo . --dry-run
 bash scripts/check-agent-tooling.sh --host both --check-updates
-bun run benchmark:skills --dry-run
+bun run benchmark:skills --eval route-workflow-check
 ```
 
 ## Key Files

package/SKILL.md

@@ -70,6 +70,13 @@ Read the result fields:
 
 ### Step 2. Choose one path
 
+If the request maps to a public command facade, name that route before running
+checks or edits, then read the matching
+`assets/skill-commands/<repo-harness-command>/SKILL.md` and follow that
+facade's protocol. For example, pre-merge or release readiness requests route
+to `repo-harness-check`, while broken task sync, hook routing, handoff, context,
+policy, or helper surfaces route to `repo-harness-repair`.
+
 1. **Scaffold**
    - use only when creating a new project, app, or module skeleton
    - route to `repo-harness-scaffold`
@@ -152,17 +159,20 @@ such as finance, CRM, Web3, healthcare, and commerce are overlays.
 Core Plans (A-F), routed as stack families:
 - Plan A: Astro-first SSR/content shell. Use Astro for SSR, content, docs,
   marketing, and mostly-static app shells with islands where needed.
-- Plan B: Vite 8 client app shell. Use Vite + React + TanStack Router/Query
-  plus shadcn/Radix-style UI for dense interactive apps and internal tools.
-- Plan C: Full-stack React only when needed. Prefer TanStack Start or React
-  Router Framework Mode for SSR, server functions, actions, and streaming.
-  Next.js is not a default recommendation.
+- Plan B: Vite 8 client-only app shell. Use Vite + React + TanStack
+  Router/Query plus shadcn/Radix-style UI for dense interactive apps and
+  internal tools that do not need crawler-visible SSR landing HTML.
+- Plan C: TanStack Start Workers webapp. Prefer TanStack Start + Vite +
+  Cloudflare Workers when the same React webapp needs public SEO/SSR at `/`
+  and authenticated or browser-heavy workspace routes under `/app`. Use
+  route-level `ssr: false` for `/app`; Next.js is not a default recommendation.
 - Plan D: Shared frontend/backend monorepo. Prefer Bun workspaces with apps,
   packages, shared contracts, a Hono gateway, and optional Turborepo only when
   repo scale needs orchestration.
-- Plan E: Cloudflare edge web stack. Prefer Pages, Workers, R2, KV, Queues,
-  Durable Objects, and Hyperdrive where they fit. Do not default to D1; use
-  Postgres/Supabase or SQLite/Turso unless the D1 tradeoff is explicit.
+- Plan E: Cloudflare edge web stack. Prefer Workers for TanStack Start SSR
+  webapps, Pages only for static/client-only assets or content shells, and R2,
+  KV, Queues, Durable Objects, and Hyperdrive where they fit. Do not default to
+  D1; use Postgres/Supabase or SQLite/Turso unless the D1 tradeoff is explicit.
 - Plan F: Mobile/realtime companion. Use Expo Router on React Native New
   Architecture, with NativeWind where useful and explicit voice/media/realtime
   boundaries when needed.
@@ -201,9 +211,14 @@ Current stack guidance:
 
 - Use Astro for SSR/content/docs shells and Vite 8 for rich interactive
   surfaces. Prefer a shared monorepo over disconnected frontend/backend repos.
-- Use TanStack Start or React Router Framework Mode only when SSR, actions,
-  server functions, or streaming are required inside the React app. Do not
-  default to Next.js.
+- Use TanStack Start + Vite + Cloudflare Workers when a SaaS webapp needs
+  public landing SEO/SSR and a client-heavy workspace in the same product
+  surface. Keep `/` SSR/prerender-capable and `/app` client-only.
+- Do not scaffold `apps/marketing` plus `apps/web` as the default answer to
+  SEO/SSR. Treat a static marketing app as explicit legacy/rollback or content
+  scope, not as the normal SaaS webapp split.
+- Use React Router Framework Mode or Vike only as fallback evaluations if the
+  Start + Workers thin scaffold gate fails. Do not default to Next.js.
 - Use Expo Router for mobile and keep React Native New Architecture
   compatibility visible in the scaffold.
 - Use assistant-ui or AI SDK UI for chat and generative UI primitives; use
@@ -333,19 +348,16 @@ or `.claude/.trace.jsonl` evidence.
 
 Hooks are accelerators and guards. They do not replace `plans/`, `tasks/`,
 contracts, reviews, policy, checks, or handoff artifacts. Heavy workflows such as
-autoresearch must not silently run as background hook mutations. A hook may detect
-optimization intent, point to an existing `autoresearch-*/session.json`, or remind
-the agent to record an experiment; the agent still owns baseline measurement,
-candidate staging, scoring, and winner promotion.
-Keep local autoresearch run products under ignored `autoresearch/` when they
-must remain in the workspace.
-`autoresearch-advisory.sh` is a self-host maintainer hook for this repo, not a
-default installable user hook.
+autoresearch must not silently run as background hook mutations. The retired
+`autoresearch-advisory.sh` hook is not part of `.ai/hooks`, user-level adapters,
+or installable hook templates. If autoresearch evidence is needed, the agent
+runs it explicitly and keeps local run products under ignored `autoresearch/`
+when they must remain in the workspace.
 
 Verify hook workflow changes with hook-specific evidence:
 
 - default hook asset parity between `assets/hooks/` and `.ai/hooks/`, with
-  explicit exclusions only for self-host maintainer hooks
+  no self-host-only hook exclusions
 - `bun test tests/hook-runtime.test.ts tests/workflow-contract.test.ts`
 - `bash scripts/check-task-sync.sh`
 - `bash scripts/check-task-workflow.sh --strict`

package/assets/hooks/prompt-guard.sh

@@ -14,7 +14,7 @@ SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
 . "$SCRIPT_DIR/lib/session-state.sh"
 
 is_execution_approval_intent() {
-  echo "$PROMPT_TEXT" | grep -qEi "^[[:space:][:punct:]]*(please[[:space:][:punct:]]+)?(go ahead([[:space:]]+(with[[:space:]]+(it|this|that)|please))?|go|proceed([[:space:]]+(with[[:space:]]+(it|this|that)|please))?|approved|approve([[:space:]]+(it|this|that))?|ship it|let'?s go|继续执行|批准执行|批准|可以干(了|吧)?|可以(开始|执行)(了|吧)?|直接改(了|吧)?|整|整吧|开干|干吧|做吧|走起)([[:space:][:punct:]]+please)?[[:space:][:punct:]]*$"
+  echo "$PROMPT_TEXT" | grep -qEi "^[[:space:][:punct:]]*(please[[:space:][:punct:]]+)?(go ahead([[:space:]]+(with[[:space:]]+(it|this|that)|please))?|go|proceed([[:space:]]+(with[[:space:]]+(it|this|that)|please))?|approved|approve([[:space:]]+(it|this|that))?|ship it|let'?s go|继续执行|批准执行|批准|同意(了)?[[:space:][:punct:]，。！？!]*(执行|开干|开始|动手|做|干)(了|吧)?|可以干(了|吧)?|可以(开始|执行)(了|吧)?|直接改(了|吧)?|整|整吧|开干|干吧|做吧|走起)([[:space:][:punct:]]+please)?[[:space:][:punct:]]*$"
 }
 
 prompt_has_explicit_execution_command_line() {
@@ -39,6 +39,9 @@ is_implement_intent() {
   if is_next_slice_or_status_advisory_intent; then
     return 1
   fi
+  if is_plan_consultation_intent; then
+    return 1
+  fi
   if is_plan_discussion_continuation_intent; then
     return 1
   fi
@@ -109,6 +112,7 @@ is_plan_creation_intent() {
   is_plan_discussion_continuation_intent && return 1
   is_plan_refinement_intent && return 1
   is_diagnostic_question_intent && return 1
+  is_plan_consultation_intent && return 1
   echo "$PROMPT_INTENT_TEXT" | grep -qEi "(new plan|create plan|write plan|draft plan|新建计划|创建计划|写计划|制定计划|补计划)"
 }
 
@@ -121,6 +125,7 @@ is_plain_feature_plan_start_intent() {
   is_plan_discussion_continuation_intent && return 1
   is_plan_refinement_intent && return 1
   is_diagnostic_question_intent && return 1
+  is_plan_consultation_intent && return 1
   is_bug_or_hunt_intent && return 1
   is_execution_approval_intent && return 1
 
@@ -308,6 +313,16 @@ is_plan_discussion_continuation_intent() {
   printf '%s\n' "$PROMPT_INTENT_TEXT" | grep -qEi "(继续讨论|讨论|追问|疑问|补充|调整|完善|优化|评审|review|refine|怎么|如何|为什么|为啥|不要.*机械|不能.*机械|过于机械|多轮|中断|状态|边界|弱点|补充|改一下|修一下|不合理|有风险|我觉得|是否|是不是|能不能|应该|设计)"
 }
 
+is_plan_consultation_intent() {
+  is_execution_approval_intent && return 1
+  is_embedded_approved_plan_intent && return 1
+  is_plan_shaped_markdown_intent && return 1
+  is_explicit_execution_start_line && return 1
+
+  printf '%s\n' "$PROMPT_INTENT_TEXT" | grep -qEi "(plan|方案|计划|workflow|hook|hooks|codex[[:space:]-]*plan|claude[[:space:]-]*plan|active[[:space:]-]*plan|PlanStatusGuard|PlanCaptureGate|PlanStartGate|执行门禁|new[[:space:]]+plan|create[[:space:]]+(a[[:space:]]+)?(new[[:space:]]+)?plan|write[[:space:]]+plan|draft[[:space:]]+plan|新建计划|创建计划|写计划|制定计划|补计划)" || return 1
+  printf '%s\n' "$PROMPT_INTENT_TEXT" | grep -qEi "(为什么|为啥|怎么回事|怎么.*(看|理解|处理|判断|选|选择|创建)|如何.*(看|理解|处理|判断|选|选择|创建)|是否|是不是|能不能|可不可以|该不该|应该|哪个|哪种|哪条|选择哪个|咨询|讨论|追问|疑问|问一下|会不会|会触发吗|被拦|拦截|why|how[[:space:]]+(do|should|can|would|could)|should[[:space:]]+(i|we)|would|could|can[[:space:]]+(i|we)|which|what[[:space:]]+if|is[[:space:]]+it|question|consult|discuss)"
+}
+
 is_diagnostic_question_intent() {
   is_execution_approval_intent && return 1
   is_embedded_approved_plan_intent && return 1
@@ -371,6 +386,9 @@ is_think_plan_start_intent() {
   if echo "$PROMPT_INTENT_TEXT" | grep -qEi '^[[:space:][:punct:]]*(/think|[$]think|\[[$]think\])'; then
     return 0
   fi
+  if is_plan_consultation_intent; then
+    return 1
+  fi
   echo "$PROMPT_INTENT_TEXT" | grep -qEi '(plan this|plan it|how should i|how should we|出方案|给方案|怎么设计|用什么方案|制定计划|写计划|新建计划|创建计划)' || is_plain_feature_plan_start_intent
 }
 
@@ -876,6 +894,142 @@ prompt_guard_decision_command() {
   return 127
 }
 
+prompt_guard_env_truthy() {
+  case "${1:-}" in
+    1|true) return 0 ;;
+    *) return 1 ;;
+  esac
+}
+
+prompt_guard_fallback_intent() {
+  if prompt_guard_env_truthy "${PROMPT_GUARD_DONE_INTENT:-}"; then
+    printf '%s' "done"
+  elif prompt_guard_env_truthy "${PROMPT_GUARD_PLAN_START_INTENT:-}" && ! prompt_guard_env_truthy "${PROMPT_GUARD_IMPLEMENT_INTENT:-}"; then
+    printf '%s' "planning_start"
+  elif prompt_guard_env_truthy "${PROMPT_GUARD_PLANNING_DISCUSSION_INTENT:-}"; then
+    printf '%s' "planning_discussion"
+  elif prompt_guard_env_truthy "${PROMPT_GUARD_REVIEW_RELEASE_INTENT:-}"; then
+    printf '%s' "review_release"
+  elif prompt_guard_env_truthy "${PROMPT_GUARD_PASSIVE_WORKTREE_STATUS_INTENT:-}"; then
+    printf '%s' "passive_worktree_status"
+  elif prompt_guard_env_truthy "${PROMPT_GUARD_PASSIVE_COMPLETION_REPORT_INTENT:-}"; then
+    printf '%s' "passive_completion_report"
+  elif prompt_guard_env_truthy "${PROMPT_GUARD_PASSIVE_NEXT_SLICE_REPORT_INTENT:-}"; then
+    printf '%s' "passive_next_slice_report"
+  elif ! prompt_guard_env_truthy "${PROMPT_GUARD_IMPLEMENT_INTENT:-}"; then
+    printf '%s' "none"
+  elif prompt_guard_env_truthy "${PROMPT_GUARD_EMBEDDED_APPROVED_PLAN_INTENT:-}" || prompt_guard_env_truthy "${PROMPT_GUARD_PLAN_SHAPED_MARKDOWN_INTENT:-}"; then
+    printf '%s' "embedded_approved_plan"
+  elif prompt_guard_env_truthy "${PROMPT_GUARD_BUG_OR_HUNT_INTENT:-}"; then
+    printf '%s' "bug_fix_execution"
+  elif prompt_guard_env_truthy "${PROMPT_GUARD_PLAN_EXECUTION_PROJECTION_INTENT:-}"; then
+    printf '%s' "plan_execution_projection"
+  else
+    printf '%s' "general_execution"
+  fi
+}
+
+prompt_guard_fallback_is_execution_intent() {
+  case "$1" in
+    embedded_approved_plan|bug_fix_execution|plan_execution_projection|general_execution) return 0 ;;
+    *) return 1 ;;
+  esac
+}
+
+prompt_guard_fallback_no_active_plan_action() {
+  local intent="$1"
+  if [[ "$intent" != "bug_fix_execution" && "${PROMPT_GUARD_PENDING_STATE:-none}" == "fresh" ]]; then
+    printf '%s' "plan_capture_pending_advice"
+  elif [[ "${PROMPT_GUARD_WORKTREE_STATE:-current}" == "linked_target" ]]; then
+    printf '%s' "worktree_execution_advice"
+  elif [[ "$intent" == "plan_execution_projection" ]]; then
+    printf '%s' "plan_capture_missing_active_advice"
+  else
+    printf '%s' "plan_status_no_active_block"
+  fi
+}
+
+prompt_guard_fallback_draft_plan_action() {
+  if [[ "$1" == "plan_execution_projection" ]]; then
+    printf '%s' "plan_capture_draft_advice"
+  else
+    printf '%s' "plan_status_not_approved_block"
+  fi
+}
+
+prompt_guard_fallback_approved_plan_action() {
+  local intent="$1"
+  if [[ "${PROMPT_GUARD_EVIDENCE_STATE:-unchecked}" == "incomplete" ]]; then
+    printf '%s' "evidence_contract_block"
+  elif [[ "${PROMPT_GUARD_PLAN_STATE:-none}" == "approved" && "$intent" == "plan_execution_projection" && "${PROMPT_GUARD_CONTRACT_STATE:-missing}" != "present" ]]; then
+    printf '%s' "plan_execution_scaffold_advice"
+  elif [[ "${PROMPT_GUARD_CONTRACT_STATE:-missing}" != "present" ]]; then
+    printf '%s' "contract_missing_block"
+  else
+    printf '%s' "allow"
+  fi
+}
+
+prompt_guard_fallback_done_action() {
+  case "${PROMPT_GUARD_PLAN_STATE:-none}" in
+    none|stale_marker|foreign_worktree)
+      printf '%s' "done_missing_active_plan"
+      return 0
+      ;;
+  esac
+
+  if [[ "${PROMPT_GUARD_CONTRACT_PATH_STATE:-missing}" != "present" ]]; then
+    printf '%s' "done_contract_path_missing"
+  elif [[ "${PROMPT_GUARD_CONTRACT_STATE:-missing}" != "present" ]]; then
+    printf '%s' "done_missing_contract"
+  elif [[ "${PROMPT_GUARD_EVIDENCE_STATE:-unchecked}" == "incomplete" ]]; then
+    printf '%s' "done_evidence_contract_block"
+  else
+    printf '%s' "done_gate"
+  fi
+}
+
+prompt_guard_decide_fallback() {
+  local intent
+  intent="$(prompt_guard_fallback_intent)"
+
+  if [[ "$intent" == "done" ]]; then
+    prompt_guard_fallback_done_action
+    return 0
+  fi
+
+  if ! prompt_guard_fallback_is_execution_intent "$intent"; then
+    printf '%s' "allow"
+    return 0
+  fi
+
+  if [[ "${PROMPT_GUARD_SPEC_STATE:-missing}" == "missing" ]]; then
+    printf '%s' "spec_block"
+    return 0
+  fi
+
+  case "${PROMPT_GUARD_PLAN_STATE:-none}" in
+    none)
+      prompt_guard_fallback_no_active_plan_action "$intent"
+      ;;
+    stale_marker|foreign_worktree)
+      printf '%s' "stale_active_plan_advice"
+      ;;
+    draft|annotating)
+      prompt_guard_fallback_draft_plan_action "$intent"
+      ;;
+    approved|executing)
+      prompt_guard_fallback_approved_plan_action "$intent"
+      ;;
+    unknown)
+      printf '%s' "allow"
+      ;;
+    *)
+      prompt_guard_fallback_no_active_plan_action "$intent"
+      ;;
+  esac
+}
+
 prompt_guard_refresh_state() {
   prompt_guard_spec_state="missing"
   prompt_guard_plan_state="none"
@@ -976,7 +1130,16 @@ prompt_guard_decide() {
   export PROMPT_GUARD_CONTRACT_PATH_STATE="$prompt_guard_contract_path_state"
   export PROMPT_GUARD_EVIDENCE_STATE="$prompt_guard_evidence_state"
 
-  if ! decision_output="$(prompt_guard_decision_command)"; then
+  if decision_output="$(prompt_guard_decision_command)"; then
+    :
+  else
+    decision_status=$?
+    if [[ "$decision_status" -eq 127 ]]; then
+      decision_output="$(prompt_guard_decide_fallback)"
+      printf '%s\n' "$decision_output" | head -n1 | xargs
+      return 0
+    fi
+
     echo "[PromptGuard] Decision engine unavailable or failed."
     hook_structured_error \
       "PromptGuard" \
@@ -1356,7 +1519,7 @@ if echo "$PROMPT_TEXT" | grep -qEi "(fix|patch|bug|修复|修bug|修 bug|改bug)
   echo "  检测到修复请求：先写失败测试复现问题，再重写实现。"
   emit_cross_review_hint debug
 fi
-if ! is_diagnostic_question_intent && ! is_review_release_advisory_intent && ! is_passive_worktree_status_intent && ! is_next_slice_or_status_advisory_intent && ! is_retrospective_completion_report_intent && echo "$PROMPT_TEXT" | grep -qEi "(new feature|feature|implement|build|新功能|实现|开发功能|执行)"; then
+if ! is_diagnostic_question_intent && ! is_plan_consultation_intent && ! is_review_release_advisory_intent && ! is_passive_worktree_status_intent && ! is_next_slice_or_status_advisory_intent && ! is_retrospective_completion_report_intent && echo "$PROMPT_TEXT" | grep -qEi "(new feature|feature|implement|build|新功能|实现|开发功能|执行)"; then
   echo "[BDD] Feature intent detected. Define Given-When-Then acceptance scenarios first."
   echo "  检测到新功能请求：先定义 Given-When-Then 验收场景。"
 fi