specweave 1.0.39 → 1.0.41

package/plugins/specweave/hooks/v2/guards/spec-validation-guard.sh

@@ -1,175 +1,14 @@
 #!/bin/bash
-# spec-validation-guard.sh - Consolidated spec.md and living docs validation
+# spec-validation-guard.sh - DISABLED (v1.0.38)
 #
-# COMBINES (v0.35.4+):
-# - per-us-project-validator.sh (deleted) - Per-US **Project**: validation
-# - spec-project-validator.sh (deleted) - Placeholder detection
-# - project-folder-guard.sh (deleted) - Living docs folder validation
+# This guard was converted to WARNING-only in v1.0.37, and now completely
+# disabled in v1.0.38 per user feedback: "you MUST NEVER block such operations"
 #
-# Activation:
-# - tool_name: Write
-# - file_path matches: .specweave/increments/*/spec.md OR .specweave/docs/internal/specs/*/
+# Spec validation should be handled by agents/scripts with proper business logic,
+# not by hooks that can interfere with file operations.
 #
-# v1.0.37+: CRITICAL CHANGE - All validations now WARN instead of BLOCK!
-# User feedback: "you MUST NEVER block such operations... do at least warning"
-# Business logic and validation should be in scripts/agents, not hard blocks.
-#
-# Exit 0 = allow (with JSON warning message if validation fails)
-#
-# Bypasses:
-# - SPECWEAVE_DISABLE_HOOKS=1 - Disable all hooks
-# - SPECWEAVE_FORCE_PROJECT=1 - Skip project validation
-# - SPECWEAVE_FORCE_METADATA=1 - Skip all spec validation
-
-set +e  # CRITICAL: Never use set -e in hooks
-
-# Source shared library if available
-SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
-LIB_DIR="${SCRIPT_DIR}/../../lib"
-if [[ -f "$LIB_DIR/common-setup.sh" ]]; then
-  source "$LIB_DIR/common-setup.sh"
-  init_pretool_guard || exit 0
-else
-  # Fallback inline implementation
-  [[ "${SPECWEAVE_DISABLE_HOOKS:-0}" == "1" ]] && echo '{"decision":"allow"}' && exit 0
-  HOOK_INPUT=$(cat 2>/dev/null || echo '{}')
-  if ! command -v jq >/dev/null 2>&1; then
-    echo '{"decision":"allow"}'
-    exit 0
-  fi
-  HOOK_TOOL_NAME=$(echo "$HOOK_INPUT" | jq -r '.tool_name // ""' 2>/dev/null || echo "")
-  HOOK_FILE_PATH=$(echo "$HOOK_INPUT" | jq -r '.tool_input.file_path // .file_path // ""' 2>/dev/null || echo "")
-  HOOK_CONTENT=$(echo "$HOOK_INPUT" | jq -r '.tool_input.content // .tool_input.new_string // ""' 2>/dev/null || echo "")
-fi
-
-# Check bypass flags
-[[ "$SPECWEAVE_FORCE_PROJECT" == "1" ]] && echo '{"decision":"allow","message":"Project validation bypassed"}' && exit 0
-[[ "$SPECWEAVE_FORCE_METADATA" == "1" ]] && echo '{"decision":"allow","message":"Spec validation bypassed"}' && exit 0
-
-# Only validate Write tool
-[[ "$HOOK_TOOL_NAME" != "Write" ]] && echo '{"decision":"allow"}' && exit 0
-
-# No file path = allow
-[[ -z "$HOOK_FILE_PATH" ]] && echo '{"decision":"allow"}' && exit 0
-
-# ============================================================================
-# VALIDATION 1: spec.md placeholder detection
-# ============================================================================
-if [[ "$HOOK_FILE_PATH" =~ \.specweave/increments/[0-9]{3,4}E?-[^/]+/spec\.md$ ]]; then
-
-  # Check for unresolved {{...}} placeholders - WARN only (v1.0.37)
-  if echo "$HOOK_CONTENT" | grep -qE '\{\{[A-Z_]+\}\}'; then
-    PLACEHOLDERS=$(echo "$HOOK_CONTENT" | grep -oE '\{\{[A-Z_]+\}\}' | sort -u | tr '\n' ', ' | sed 's/,$//')
-    printf '{"decision":"allow","message":"⚠️ UNRESOLVED PLACEHOLDERS DETECTED\\n\\nFound: %s\\n\\n🔧 FIX: Replace placeholders with actual values.\\nRun: specweave context projects\\nThen use values from the JSON output.\\n\\nOperation ALLOWED - proceeding anyway."}\n' "$PLACEHOLDERS"
-    exit 0
-  fi
-
-  # Check for **Project**: field in User Stories (soft validation - warn, don't block)
-  # Pattern: ### US-XXX or #### US-XXX followed by **Project**:
-  US_COUNT=$(echo "$HOOK_CONTENT" | grep -cE '^#{3,4} US-' 2>/dev/null || echo "0")
-  PROJECT_COUNT=$(echo "$HOOK_CONTENT" | grep -cE '^\*\*Project\*\*:' 2>/dev/null || echo "0")
-
-  # Trim to just the number
-  US_COUNT="${US_COUNT//[^0-9]/}"
-  PROJECT_COUNT="${PROJECT_COUNT//[^0-9]/}"
-  [[ -z "$US_COUNT" ]] && US_COUNT=0
-  [[ -z "$PROJECT_COUNT" ]] && PROJECT_COUNT=0
-
-  # Only warn if there are User Stories but no Project fields
-  # Don't block - just allow with warning
-  if [[ "$US_COUNT" -gt 0 ]] && [[ "$PROJECT_COUNT" -eq 0 ]]; then
-    echo '{"decision":"allow","message":"⚠️ WARNING: No **Project**: fields found. Add **Project**: after each US heading for proper sync."}'
-    exit 0
-  fi
-
-  # Check for comma-separated projects (1:1 mapping required) - WARN only (v1.0.37)
-  if echo "$HOOK_CONTENT" | grep -qE '^\*\*Project\*\*:.*,'; then
-    printf '{"decision":"allow","message":"⚠️ MULTIPLE PROJECTS IN ONE US DETECTED\\n\\nEach User Story should map to exactly ONE project.\\n\\n💡 RECOMMENDATION: Split cross-project features into separate User Stories:\\n\\nWRONG:\\n### US-001: OAuth Implementation\\n**Project**: frontend, backend\\n\\nCORRECT:\\n### US-001: OAuth Login Form\\n**Project**: frontend\\n\\n### US-002: OAuth API\\n**Project**: backend\\n\\nOperation ALLOWED - proceeding anyway."}\n'
-    exit 0
-  fi
-
-  # Check structure level to validate **Board**: fields
-  # For 1-level structures (GitHub), **Board**: should NOT be present
-  # For 2-level structures (ADO/JIRA with boards), **Board**: is required
-  # NOTE: This is a WARNING only - do NOT block spec writes!
-  PROJECT_ROOT="${HOOK_FILE_PATH%%/.specweave/*}"
-  BOARD_COUNT=$(echo "$HOOK_CONTENT" | grep -cE '^\*\*Board\*\*:' 2>/dev/null || echo "0")
-  BOARD_COUNT="${BOARD_COUNT//[^0-9]/}"
-  [[ -z "$BOARD_COUNT" ]] && BOARD_COUNT=0
-
-  if [[ "$BOARD_COUNT" -gt 0 ]]; then
-    # Has **Board**: fields - check if this is a 2-level structure
-    CONFIG_FILE="$PROJECT_ROOT/.specweave/config.json"
-    IS_2LEVEL="false"
-
-    if [[ -f "$CONFIG_FILE" ]]; then
-      # 2-level indicators: ADO areaPathMapping, JIRA boardMapping with multiple boards
-      HAS_AREA_MAPPING=$(jq -r '.sync.profiles | to_entries[] | select(.value.provider == "ado") | .value.config.areaPathMapping.mappings | length > 0' "$CONFIG_FILE" 2>/dev/null | grep -c "true" || echo "0")
-      HAS_BOARD_MAPPING=$(jq -r '.sync.profiles | to_entries[] | select(.value.provider == "jira") | .value.config.boardMapping.boards | length > 1' "$CONFIG_FILE" 2>/dev/null | grep -c "true" || echo "0")
-      HAS_MULTI_TEAMS=$(jq -r '.umbrella.childRepos | map(.team) | unique | length > 1' "$CONFIG_FILE" 2>/dev/null || echo "false")
-
-      if [[ "$HAS_AREA_MAPPING" -gt 0 ]] || [[ "$HAS_BOARD_MAPPING" -gt 0 ]] || [[ "$HAS_MULTI_TEAMS" == "true" ]]; then
-        IS_2LEVEL="true"
-      fi
-    fi
-
-    # WARN only - never block spec.md writes (too disruptive)
-    if [[ "$IS_2LEVEL" != "true" ]]; then
-      echo '{"decision":"allow","message":"⚠️ WARNING: **Board**: fields found but this is a 1-level structure (GitHub). Board fields are only needed for ADO/JIRA with multiple boards. Consider removing **Board**: lines."}'
-      exit 0
-    fi
-  fi
-
-  echo '{"decision":"allow"}'
-  exit 0
-fi
-
-# ============================================================================
-# VALIDATION 2: Living docs folder validation
-# ============================================================================
-if [[ "$HOOK_FILE_PATH" =~ \.specweave/docs/internal/specs/([^/]+)/ ]]; then
-  PROJECT_NAME="${BASH_REMATCH[1]}"
-
-  # Skip README.md and _features/_archive special folders
-  [[ "$PROJECT_NAME" == "README.md" ]] && echo '{"decision":"allow"}' && exit 0
-  [[ "$PROJECT_NAME" == "_features" ]] && echo '{"decision":"allow"}' && exit 0
-  [[ "$PROJECT_NAME" == "_archive" ]] && echo '{"decision":"allow"}' && exit 0
-
-  # Check for template placeholders - WARN only (v1.0.37)
-  if [[ "$PROJECT_NAME" =~ \{\{.*\}\} ]]; then
-    printf '{"decision":"allow","message":"⚠️ UNRESOLVED PLACEHOLDER: %s\\n\\n🔧 FIX: Replace {{...}} with actual project name\\n\\nOperation ALLOWED - proceeding anyway."}\n' "$PROJECT_NAME"
-    exit 0
-  fi
-
-  # Check for comma-separated (invalid) - WARN only (v1.0.37)
-  if [[ "$PROJECT_NAME" =~ , ]]; then
-    printf '{"decision":"allow","message":"⚠️ COMMA-SEPARATED PROJECTS: %s\\n\\nEach User Story should have ONE project folder.\\n\\n💡 RECOMMENDATION: Split into separate specs\\n\\nOperation ALLOWED - proceeding anyway."}\n' "$PROJECT_NAME"
-    exit 0
-  fi
-
-  # Check for common example/placeholder names - WARN only (v1.0.37)
-  EXAMPLE_NAMES="frontend-app|backend-api|mobile-app|shared-lib|acme-corp|my-app|myapp|example-project|test-project"
-  if [[ "$PROJECT_NAME" =~ ^($EXAMPLE_NAMES)$ ]]; then
-    # Try to get valid projects from config
-    PROJECT_ROOT="${HOOK_FILE_PATH%%/.specweave/*}"
-    CONFIG_FILE="$PROJECT_ROOT/.specweave/config.json"
-
-    if [[ -f "$CONFIG_FILE" ]]; then
-      # Check if this example name is actually configured
-      IS_CONFIGURED=$(jq -r --arg name "$PROJECT_NAME" '.multiProject.projects[$name] // .project.name == $name' "$CONFIG_FILE" 2>/dev/null || echo "false")
-
-      if [[ "$IS_CONFIGURED" != "true" ]]; then
-        VALID_PROJECTS=$(jq -r '.multiProject.projects | keys | join(", ") // .project.name // "specweave"' "$CONFIG_FILE" 2>/dev/null || echo "specweave")
-        printf '{"decision":"allow","message":"⚠️ EXAMPLE PROJECT NAME DETECTED: %s\\n\\nThis looks like a placeholder/example name from documentation.\\n\\nConfigured projects: %s\\n\\n💡 RECOMMENDATION: Edit spec.md and use a real project name\\n\\nOperation ALLOWED - proceeding anyway."}\n' "$PROJECT_NAME" "$VALID_PROJECTS"
-        exit 0
-      fi
-    fi
-  fi
-
-  echo '{"decision":"allow"}'
-  exit 0
-fi
+# This guard now does NOTHING - just allows all operations.
 
-# Not a spec.md or living docs file - allow
+set +e
 echo '{"decision":"allow"}'
 exit 0

package/plugins/specweave/hooks/v2/handlers/github-sync-handler.sh

@@ -1,13 +1,24 @@
 #!/bin/bash
-# github-sync-handler.sh - Sync increment status to GitHub issue
+# github-sync-handler.sh - Sync increment to GitHub (create issues for User Stories)
 # Called async by processor, non-blocking, error-tolerant
 #
+# Argument formats supported:
+# 1. (event_type, increment_id) - from lifecycle/spec.updated events
+# 2. (increment_id) - from metadata.changed events (legacy)
+#
 # IMPORTANT: Never crash Claude, always exit 0
 set +e
 
 [[ "${SPECWEAVE_DISABLE_HOOKS:-0}" == "1" ]] && exit 0
 
+# Support both argument formats:
+# - Called from increment.created/spec.updated: $1 = event_type, $2 = increment_id
+# - Called from metadata.changed: $1 = increment_id
 INC_ID="${1:-}"
+if [[ "$INC_ID" == increment.* ]] || [[ "$INC_ID" == spec.* ]] || [[ "$INC_ID" == metadata.* ]]; then
+  # First arg is event type, second is increment ID
+  INC_ID="${2:-}"
+fi
 [[ -z "$INC_ID" ]] && exit 0
 
 # Find project root

package/plugins/specweave/hooks/v2/queue/processor.sh

@@ -5,14 +5,17 @@
 # Usage: processor.sh [--daemon]
 #
 # Event routing (EDA v2):
-# - increment.created/done/archived/reopened -> living-specs-handler + status-line-handler + project-bridge-handler
+# - increment.created/done/archived/reopened -> living-specs-handler + status-line-handler + project-bridge-handler + github-sync-handler
 # - user-story.completed/reopened -> status-line-handler + project-bridge-handler
-# - task.updated/spec.updated -> living-docs-handler (legacy)
+# - spec.updated -> living-docs-handler + ac-validation-handler + github-sync-handler (creates GitHub issues for User Stories)
+# - task.updated -> living-docs-handler + ac-validation-handler (legacy)
 # - metadata.changed -> github-sync-handler
 #
 # The project-bridge-handler connects increment events to project-level EDA,
 # enabling automatic sync to GitHub, ADO, and JIRA via ProjectService.
 #
+# The github-sync-handler creates GitHub issues for User Stories when spec.md is updated.
+#
 # Self-terminates after 60s of idle
 #
 # IMPORTANT: Uses cross-platform locking (mkdir is atomic on all POSIX systems)
@@ -152,13 +155,16 @@ process_event() {
     # EDA Event Routing (new architecture)
     # ========================================
 
-    # Lifecycle events -> living-specs-handler + status-line-handler + project-bridge-handler
+    # Lifecycle events -> living-specs + status-line + project-bridge + github-sync
+    # Note: github-sync-handler added to ensure GitHub issues are created for User Stories
     increment.created|increment.done|increment.archived|increment.reopened)
       run_handler "$HANDLER_DIR/living-specs-handler.sh" "$EVENT_TYPE" "$EVENT_DATA"
       # Also update status line on lifecycle changes
       run_handler "$HANDLER_DIR/status-line-handler.sh" "$EVENT_TYPE" "$EVENT_DATA"
       # Bridge to project-level EDA (triggers sync to GitHub/ADO/JIRA)
       run_handler "$HANDLER_DIR/project-bridge-handler.sh" "$EVENT_TYPE" "$EVENT_DATA"
+      # Sync to GitHub (creates issues for User Stories)
+      run_handler "$HANDLER_DIR/github-sync-handler.sh" "$EVENT_TYPE" "$EVENT_DATA"
       ;;
 
     # User story events -> status-line-handler + project-bridge-handler
@@ -168,10 +174,18 @@ process_event() {
       run_handler "$HANDLER_DIR/project-bridge-handler.sh" "$EVENT_TYPE" "$EVENT_DATA"
       ;;
 
-    # ========================================
-    # Legacy event routing (backward compat)
-    # ========================================
-    task.updated|spec.updated)
+    # Spec updated -> sync to living docs + validate ACs + sync to GitHub
+    # CRITICAL: spec.updated fires AFTER spec.md has User Stories defined
+    # This is the key event that triggers GitHub issue creation for USs
+    spec.updated)
+      run_handler "$HANDLER_DIR/living-docs-handler.sh" "" "$EVENT_DATA"
+      run_handler "$HANDLER_DIR/ac-validation-handler.sh" "" "$EVENT_DATA"
+      # Sync to GitHub (creates issues for User Stories when spec has USs)
+      run_handler "$HANDLER_DIR/github-sync-handler.sh" "$EVENT_TYPE" "$EVENT_DATA"
+      ;;
+
+    # Legacy task.updated event (backward compat)
+    task.updated)
       # Legacy: don't update status line on every task edit
       # That causes race conditions and flickering
       run_handler "$HANDLER_DIR/living-docs-handler.sh" "" "$EVENT_DATA"

package/plugins/specweave/hooks/v2/guards/metadata-json-guard.test.sh

@@ -1,302 +0,0 @@
-#!/bin/bash
-# Comprehensive test suite for metadata-json-guard.sh
-# Tests that spec.md creation is blocked when metadata.json is missing
-#
-# Usage: bash metadata-json-guard.test.sh
-#
-# v0.34.0 - Initial test suite
-
-set -e
-
-GUARD="$(dirname "$0")/metadata-json-guard.sh"
-TEST_DIR=$(mktemp -d)
-PASS=0
-FAIL=0
-TOTAL=0
-
-# Colors for output
-RED='\033[0;31m'
-GREEN='\033[0;32m'
-YELLOW='\033[1;33m'
-NC='\033[0m' # No Color
-
-cleanup() {
-  rm -rf "$TEST_DIR"
-}
-trap cleanup EXIT
-
-# Create test increment structure
-setup_test_increment() {
-  local with_metadata="$1"
-  local increment_name="${2:-0001-test-feature}"
-
-  mkdir -p "$TEST_DIR/.specweave/increments/$increment_name"
-
-  if [ "$with_metadata" = "true" ]; then
-    cat > "$TEST_DIR/.specweave/increments/$increment_name/metadata.json" << 'EOF'
-{
-  "id": "0001-test-feature",
-  "status": "planned",
-  "type": "feature",
-  "priority": "P1",
-  "created": "2025-12-10T00:00:00Z",
-  "lastActivity": "2025-12-10T00:00:00Z",
-  "testMode": "TDD",
-  "coverageTarget": 95,
-  "feature_id": null,
-  "epic_id": null,
-  "externalLinks": {}
-}
-EOF
-  fi
-}
-
-# Test helper: should block
-test_should_block() {
-  local name="$1"
-  local file_path="$2"
-  local content="$3"
-  TOTAL=$((TOTAL + 1))
-
-  # Build JSON input for the guard
-  local json_input
-  json_input=$(jq -n \
-    --arg tool_name "Write" \
-    --arg file_path "$file_path" \
-    --arg content "$content" \
-    '{tool_name: $tool_name, tool_input: {file_path: $file_path, content: $content}}')
-
-  result=$(echo "$json_input" | bash "$GUARD" 2>&1; echo "EXIT:$?")
-  exit_code=$(echo "$result" | grep -o 'EXIT:[0-9]*' | cut -d: -f2)
-
-  if [[ "$exit_code" == "2" ]]; then
-    echo -e "${GREEN}✓ BLOCKED${NC}: $name"
-    PASS=$((PASS + 1))
-  else
-    echo -e "${RED}✗ NOT BLOCKED${NC}: $name"
-    echo "  File: $file_path"
-    echo "  Exit code: $exit_code (expected 2)"
-    echo "  Output: $(echo "$result" | head -5)"
-    FAIL=$((FAIL + 1))
-  fi
-}
-
-# Test helper: should allow
-test_should_allow() {
-  local name="$1"
-  local file_path="$2"
-  local content="$3"
-  TOTAL=$((TOTAL + 1))
-
-  # Build JSON input for the guard
-  local json_input
-  json_input=$(jq -n \
-    --arg tool_name "Write" \
-    --arg file_path "$file_path" \
-    --arg content "$content" \
-    '{tool_name: $tool_name, tool_input: {file_path: $file_path, content: $content}}')
-
-  result=$(echo "$json_input" | bash "$GUARD" 2>&1; echo "EXIT:$?")
-  exit_code=$(echo "$result" | grep -o 'EXIT:[0-9]*' | cut -d: -f2)
-
-  if [[ "$exit_code" == "0" ]]; then
-    echo -e "${GREEN}✓ ALLOWED${NC}: $name"
-    PASS=$((PASS + 1))
-  else
-    echo -e "${RED}✗ WRONGLY BLOCKED${NC}: $name"
-    echo "  File: $file_path"
-    echo "  Exit code: $exit_code (expected 0)"
-    FAIL=$((FAIL + 1))
-  fi
-}
-
-# Test non-Write tools (should always allow)
-test_non_write_tool() {
-  local name="$1"
-  local tool_name="$2"
-  TOTAL=$((TOTAL + 1))
-
-  local json_input
-  json_input=$(jq -n \
-    --arg tool_name "$tool_name" \
-    --arg file_path "$TEST_DIR/.specweave/increments/0001-test/spec.md" \
-    '{tool_name: $tool_name, tool_input: {file_path: $file_path}}')
-
-  result=$(echo "$json_input" | bash "$GUARD" 2>&1; echo "EXIT:$?")
-  exit_code=$(echo "$result" | grep -o 'EXIT:[0-9]*' | cut -d: -f2)
-
-  if [[ "$exit_code" == "0" ]]; then
-    echo -e "${GREEN}✓ ALLOWED (non-Write)${NC}: $name"
-    PASS=$((PASS + 1))
-  else
-    echo -e "${RED}✗ WRONGLY BLOCKED${NC}: $name"
-    FAIL=$((FAIL + 1))
-  fi
-}
-
-echo "========================================"
-echo "  METADATA JSON GUARD - COMPREHENSIVE TESTS"
-echo "========================================"
-echo ""
-echo "Test directory: $TEST_DIR"
-echo ""
-
-echo -e "${YELLOW}=== CORE FUNCTIONALITY: BLOCK WHEN METADATA MISSING ===${NC}"
-
-# Setup without metadata
-setup_test_increment "false" "0001-no-metadata"
-test_should_block "spec.md without metadata.json (3-digit)" \
-  "$TEST_DIR/.specweave/increments/0001-no-metadata/spec.md" \
-  "---\nincrement: 0001-no-metadata\n---"
-
-setup_test_increment "false" "0012-no-metadata"
-test_should_block "spec.md without metadata.json (4-digit)" \
-  "$TEST_DIR/.specweave/increments/0012-no-metadata/spec.md" \
-  "---\nincrement: 0012-no-metadata\n---"
-
-setup_test_increment "false" "123-short"
-test_should_block "spec.md without metadata.json (3-digit short)" \
-  "$TEST_DIR/.specweave/increments/123-short/spec.md" \
-  "---\nincrement: 123-short\n---"
-
-setup_test_increment "false" "0001E-external"
-test_should_block "spec.md without metadata.json (external E suffix)" \
-  "$TEST_DIR/.specweave/increments/0001E-external/spec.md" \
-  "---\nincrement: 0001E-external\n---"
-
-echo ""
-echo -e "${YELLOW}=== CORE FUNCTIONALITY: ALLOW WHEN METADATA EXISTS ===${NC}"
-
-# Setup with metadata
-setup_test_increment "true" "0002-has-metadata"
-test_should_allow "spec.md WITH metadata.json present" \
-  "$TEST_DIR/.specweave/increments/0002-has-metadata/spec.md" \
-  "---\nincrement: 0002-has-metadata\n---"
-
-setup_test_increment "true" "0123E-external-with-meta"
-test_should_allow "spec.md WITH metadata.json (external E suffix)" \
-  "$TEST_DIR/.specweave/increments/0123E-external-with-meta/spec.md" \
-  "---\nincrement: 0123E-external-with-meta\n---"
-
-echo ""
-echo -e "${YELLOW}=== NON-SPEC FILES: SHOULD NOT VALIDATE ===${NC}"
-
-# Create increment without metadata for these tests
-setup_test_increment "false" "0003-other-files"
-test_should_allow "plan.md (not spec.md)" \
-  "$TEST_DIR/.specweave/increments/0003-other-files/plan.md" \
-  "# Plan"
-
-test_should_allow "tasks.md (not spec.md)" \
-  "$TEST_DIR/.specweave/increments/0003-other-files/tasks.md" \
-  "# Tasks"
-
-test_should_allow "metadata.json itself" \
-  "$TEST_DIR/.specweave/increments/0003-other-files/metadata.json" \
-  '{"id": "test"}'
-
-test_should_allow "report in subfolder" \
-  "$TEST_DIR/.specweave/increments/0003-other-files/reports/COMPLETION.md" \
-  "# Report"
-
-echo ""
-echo -e "${YELLOW}=== FILES OUTSIDE INCREMENTS: SHOULD NOT VALIDATE ===${NC}"
-
-test_should_allow "spec.md outside increments (docs)" \
-  "$TEST_DIR/.specweave/docs/internal/spec.md" \
-  "# Documentation"
-
-test_should_allow "spec.md in root" \
-  "$TEST_DIR/spec.md" \
-  "# Root spec"
-
-test_should_allow "Random file" \
-  "$TEST_DIR/random.txt" \
-  "Random content"
-
-echo ""
-echo -e "${YELLOW}=== NON-WRITE TOOLS: SHOULD ALWAYS ALLOW ===${NC}"
-
-test_non_write_tool "Read tool" "Read"
-test_non_write_tool "Edit tool" "Edit"
-test_non_write_tool "Glob tool" "Glob"
-test_non_write_tool "Grep tool" "Grep"
-test_non_write_tool "Bash tool" "Bash"
-
-echo ""
-echo -e "${YELLOW}=== BYPASS MODES ===${NC}"
-
-# Test SPECWEAVE_FORCE_METADATA bypass
-setup_test_increment "false" "0004-bypass"
-TOTAL=$((TOTAL + 1))
-json_input=$(jq -n \
-  --arg tool_name "Write" \
-  --arg file_path "$TEST_DIR/.specweave/increments/0004-bypass/spec.md" \
-  --arg content "---\nincrement: 0004-bypass\n---" \
-  '{tool_name: $tool_name, tool_input: {file_path: $file_path, content: $content}}')
-
-result=$(SPECWEAVE_FORCE_METADATA=1 bash -c "echo '$json_input' | bash '$GUARD'" 2>&1; echo "EXIT:$?")
-exit_code=$(echo "$result" | grep -o 'EXIT:[0-9]*' | cut -d: -f2)
-if [[ "$exit_code" == "0" ]] && echo "$result" | grep -q "bypassed"; then
-  echo -e "${GREEN}✓ ALLOWED (bypass)${NC}: SPECWEAVE_FORCE_METADATA=1 works"
-  PASS=$((PASS + 1))
-else
-  echo -e "${RED}✗ BYPASS FAILED${NC}: SPECWEAVE_FORCE_METADATA=1"
-  echo "  Exit code: $exit_code"
-  FAIL=$((FAIL + 1))
-fi
-
-# Test SPECWEAVE_DISABLE_HOOKS bypass
-TOTAL=$((TOTAL + 1))
-result=$(SPECWEAVE_DISABLE_HOOKS=1 bash -c "echo '$json_input' | bash '$GUARD'" 2>&1; echo "EXIT:$?")
-exit_code=$(echo "$result" | grep -o 'EXIT:[0-9]*' | cut -d: -f2)
-if [[ "$exit_code" == "0" ]]; then
-  echo -e "${GREEN}✓ ALLOWED (bypass)${NC}: SPECWEAVE_DISABLE_HOOKS=1 works"
-  PASS=$((PASS + 1))
-else
-  echo -e "${RED}✗ BYPASS FAILED${NC}: SPECWEAVE_DISABLE_HOOKS=1"
-  FAIL=$((FAIL + 1))
-fi
-
-echo ""
-echo -e "${YELLOW}=== EDGE CASES ===${NC}"
-
-# Test with empty file path
-TOTAL=$((TOTAL + 1))
-json_input='{"tool_name": "Write", "tool_input": {"file_path": "", "content": "test"}}'
-result=$(echo "$json_input" | bash "$GUARD" 2>&1; echo "EXIT:$?")
-exit_code=$(echo "$result" | grep -o 'EXIT:[0-9]*' | cut -d: -f2)
-if [[ "$exit_code" == "0" ]]; then
-  echo -e "${GREEN}✓ ALLOWED${NC}: Empty file path"
-  PASS=$((PASS + 1))
-else
-  echo -e "${RED}✗ FAILED${NC}: Empty file path should be allowed"
-  FAIL=$((FAIL + 1))
-fi
-
-# Test with malformed JSON (should fail gracefully)
-TOTAL=$((TOTAL + 1))
-result=$(echo "not json" | bash "$GUARD" 2>&1; echo "EXIT:$?")
-exit_code=$(echo "$result" | grep -o 'EXIT:[0-9]*' | cut -d: -f2)
-if [[ "$exit_code" == "0" ]]; then
-  echo -e "${GREEN}✓ ALLOWED${NC}: Malformed JSON handled gracefully"
-  PASS=$((PASS + 1))
-else
-  echo -e "${RED}✗ FAILED${NC}: Malformed JSON should be allowed (fail-safe)"
-  FAIL=$((FAIL + 1))
-fi
-
-echo ""
-echo "========================================"
-echo "  RESULTS"
-echo "========================================"
-echo -e "Total: $TOTAL"
-echo -e "${GREEN}Passed: $PASS${NC}"
-if [[ $FAIL -gt 0 ]]; then
-  echo -e "${RED}Failed: $FAIL${NC}"
-  exit 1
-else
-  echo -e "Failed: 0"
-  echo ""
-  echo -e "${GREEN}ALL TESTS PASSED!${NC}"
-fi