crackerjack 0.31.18__py3-none-any.whl → 0.33.0__py3-none-any.whl

crackerjack/core/workflow_orchestrator.py

@@ -1,3 +1,4 @@
+import asyncio
 import time
 import typing as t
 from pathlib import Path
@@ -13,6 +14,12 @@ from crackerjack.services.logging import (
     get_logger,
     setup_structured_logging,
 )
+from crackerjack.services.memory_optimizer import get_memory_optimizer, memory_optimized
+from crackerjack.services.performance_cache import get_performance_cache
+from crackerjack.services.performance_monitor import (
+    get_performance_monitor,
+    phase_monitor,
+)
 
 from .phase_coordinator import PhaseCoordinator
 from .session_coordinator import SessionCoordinator
@@ -40,10 +47,16 @@ class WorkflowPipeline:
         self.session = session
         self.phases = phases
         self._mcp_state_manager: t.Any = None
+        self._last_security_audit: t.Any = None  # Store security audit report
 
         self.logger = get_logger("crackerjack.pipeline")
         self._debugger = None
 
+        # Performance optimization services
+        self._performance_monitor = get_performance_monitor()
+        self._memory_optimizer = get_memory_optimizer()
+        self._cache = get_performance_cache()
+
     @property
     def debugger(self):
         if self._debugger is None:
@@ -55,7 +68,16 @@ class WorkflowPipeline:
 
         return os.environ.get("AI_AGENT_DEBUG", "0") == "1"
 
+    @memory_optimized
     async def run_complete_workflow(self, options: OptionsProtocol) -> bool:
+        workflow_id = f"workflow_{int(time.time())}"
+
+        # Start performance monitoring
+        self._performance_monitor.start_workflow(workflow_id)
+
+        # Start cache service if not already running
+        await self._cache.start()
+
         with LoggingContext(
             "workflow_execution",
             testing=getattr(options, "test", False),
@@ -65,17 +87,34 @@ class WorkflowPipeline:
             self._initialize_workflow_session(options)
 
             try:
-                success = await self._execute_workflow_with_timing(options, start_time)
+                success = await self._execute_workflow_with_timing(
+                    options, start_time, workflow_id
+                )
+
+                # Finalize performance monitoring
+                workflow_perf = self._performance_monitor.end_workflow(
+                    workflow_id, success
+                )
+                self.logger.info(
+                    f"Workflow performance: {workflow_perf.performance_score:.1f} score, "
+                    f"{workflow_perf.total_duration_seconds:.2f}s duration"
+                )
+
                 return success
 
             except KeyboardInterrupt:
+                self._performance_monitor.end_workflow(workflow_id, False)
                 return self._handle_user_interruption()
 
             except Exception as e:
+                self._performance_monitor.end_workflow(workflow_id, False)
                 return self._handle_workflow_exception(e)
 
             finally:
                 self.session.cleanup_resources()
+                # Optimize memory after workflow completion
+                self._memory_optimizer.optimize_memory()
+                await self._cache.stop()
 
     def _initialize_workflow_session(self, options: OptionsProtocol) -> None:
         self.session.initialize_session_tracking(options)
@@ -112,9 +151,9 @@ class WorkflowPipeline:
         )
 
     async def _execute_workflow_with_timing(
-        self, options: OptionsProtocol, start_time: float
+        self, options: OptionsProtocol, start_time: float, workflow_id: str
     ) -> bool:
-        success = await self._execute_workflow_phases(options)
+        success = await self._execute_workflow_phases(options, workflow_id)
         self.session.finalize_session(start_time, success)
 
         duration = time.time() - start_time
@@ -160,56 +199,144 @@ class WorkflowPipeline:
         )
         return False
 
-    async def _execute_workflow_phases(self, options: OptionsProtocol) -> bool:
+    async def _execute_workflow_phases(
+        self, options: OptionsProtocol, workflow_id: str
+    ) -> bool:
+        """Execute all workflow phases with proper security gates and performance monitoring."""
         success = True
-        self.phases.run_configuration_phase(options)
 
-        # Code cleaning is now integrated into the quality phase
-        # to run after fast hooks but before comprehensive hooks
-        if not await self._execute_quality_phase(options):
+        # Configuration phase with monitoring
+        with phase_monitor(workflow_id, "configuration"):
+            config_success = self.phases.run_configuration_phase(options)
+            success = success and config_success
+
+        # Execute quality phase (includes testing and comprehensive checks)
+        quality_success = await self._execute_quality_phase(options, workflow_id)
+        if not quality_success:
             success = False
-            return False
-        if not self.phases.run_publishing_phase(options):
+            # For publishing workflows, enforce security gates
+            if self._is_publishing_workflow(options):
+                return False  # Exit early - publishing requires ALL quality checks
+
+        # Execute publishing workflow if requested
+        if not await self._execute_publishing_workflow(options, workflow_id):
             success = False
-            self.session.fail_task("workflow", "Publishing failed")
             return False
-        if not self.phases.run_commit_phase(options):
+
+        # Execute commit workflow if requested
+        if not await self._execute_commit_workflow(options, workflow_id):
             success = False
 
         return success
 
-    async def _execute_quality_phase(self, options: OptionsProtocol) -> bool:
+    def _is_publishing_workflow(self, options: OptionsProtocol) -> bool:
+        """Check if this is a publishing workflow that requires strict security gates."""
+        return bool(options.publish or options.all or options.commit)
+
+    async def _execute_publishing_workflow(
+        self, options: OptionsProtocol, workflow_id: str
+    ) -> bool:
+        """Execute publishing workflow with proper error handling and monitoring."""
+        if not options.publish and not options.all:
+            return True
+
+        with phase_monitor(workflow_id, "publishing"):
+            if not self.phases.run_publishing_phase(options):
+                self.session.fail_task("workflow", "Publishing failed")
+                return False
+        return True
+
+    async def _execute_commit_workflow(
+        self, options: OptionsProtocol, workflow_id: str
+    ) -> bool:
+        """Execute commit workflow with proper error handling and monitoring."""
+        if not options.commit:
+            return True
+
+        with phase_monitor(workflow_id, "commit"):
+            if not self.phases.run_commit_phase(options):
+                return False
+        return True
+
+    async def _execute_quality_phase(
+        self, options: OptionsProtocol, workflow_id: str
+    ) -> bool:
         if hasattr(options, "fast") and options.fast:
-            return self._run_fast_hooks_phase(options)
+            return await self._run_fast_hooks_phase_monitored(options, workflow_id)
         if hasattr(options, "comp") and options.comp:
-            return self._run_comprehensive_hooks_phase(options)
+            return await self._run_comprehensive_hooks_phase_monitored(
+                options, workflow_id
+            )
         if getattr(options, "test", False):
-            return await self._execute_test_workflow(options)
-        return self._execute_standard_hooks_workflow(options)
+            return await self._execute_test_workflow(options, workflow_id)
+        return await self._execute_standard_hooks_workflow_monitored(
+            options, workflow_id
+        )
 
-    async def _execute_test_workflow(self, options: OptionsProtocol) -> bool:
+    async def _execute_test_workflow(
+        self, options: OptionsProtocol, workflow_id: str
+    ) -> bool:
         iteration = self._start_iteration_tracking(options)
 
-        if not self._run_initial_fast_hooks(options, iteration):
+        # Execute initial phases (fast hooks + optional cleaning)
+        if not await self._execute_initial_phases(options, workflow_id, iteration):
             return False
 
-        # Run code cleaning after fast hooks but before comprehensive hooks
-        if getattr(options, "clean", False):
-            if not self._run_code_cleaning_phase(options):
-                return False
-            # Run fast hooks again after cleaning for sanity check
-            if not self._run_post_cleaning_fast_hooks(options):
+        # Run main quality phases
+        (
+            testing_passed,
+            comprehensive_passed,
+        ) = await self._run_main_quality_phases_async(options, workflow_id)
+
+        # Handle workflow completion based on agent mode
+        return await self._handle_workflow_completion(
+            options, iteration, testing_passed, comprehensive_passed, workflow_id
+        )
+
+    async def _execute_initial_phases(
+        self, options: OptionsProtocol, workflow_id: str, iteration: int
+    ) -> bool:
+        """Execute fast hooks and optional code cleaning phases."""
+        # Fast hooks with performance monitoring
+        with phase_monitor(workflow_id, "fast_hooks") as monitor:
+            if not await self._run_initial_fast_hooks_async(
+                options, iteration, monitor
+            ):
                 return False
-            self._mark_code_cleaning_complete()
 
-        testing_passed, comprehensive_passed = self._run_main_quality_phases(options)
+        # Run code cleaning if enabled
+        return self._execute_optional_cleaning_phase(options)
+
+    def _execute_optional_cleaning_phase(self, options: OptionsProtocol) -> bool:
+        """Execute code cleaning phase if enabled."""
+        if not getattr(options, "clean", False):
+            return True
+
+        if not self._run_code_cleaning_phase(options):
+            return False
+
+        # Run fast hooks again after cleaning for sanity check
+        if not self._run_post_cleaning_fast_hooks(options):
+            return False
+
+        self._mark_code_cleaning_complete()
+        return True
 
+    async def _handle_workflow_completion(
+        self,
+        options: OptionsProtocol,
+        iteration: int,
+        testing_passed: bool,
+        comprehensive_passed: bool,
+        workflow_id: str = "unknown",
+    ) -> bool:
+        """Handle workflow completion based on agent mode."""
         if options.ai_agent:
             return await self._handle_ai_agent_workflow(
-                options, iteration, testing_passed, comprehensive_passed
+                options, iteration, testing_passed, comprehensive_passed, workflow_id
             )
 
-        return self._handle_standard_workflow(
+        return await self._handle_standard_workflow(
             options, iteration, testing_passed, comprehensive_passed
         )
 
@@ -227,9 +354,38 @@ class WorkflowPipeline:
             return False
         return True
 
-    def _run_main_quality_phases(self, options: OptionsProtocol) -> tuple[bool, bool]:
-        testing_passed = self._run_testing_phase(options)
-        comprehensive_passed = self._run_comprehensive_hooks_phase(options)
+    async def _run_main_quality_phases_async(
+        self, options: OptionsProtocol, workflow_id: str
+    ) -> tuple[bool, bool]:
+        # Run testing and comprehensive phases in parallel where possible
+        testing_task = asyncio.create_task(
+            self._run_testing_phase_async(options, workflow_id)
+        )
+        comprehensive_task = asyncio.create_task(
+            self._run_comprehensive_hooks_phase_monitored(options, workflow_id)
+        )
+
+        results = await asyncio.gather(
+            testing_task, comprehensive_task, return_exceptions=True
+        )
+
+        # Handle exceptions and ensure boolean types
+        testing_result, comprehensive_result = results
+
+        if isinstance(testing_result, Exception):
+            self.logger.error(f"Testing phase failed with exception: {testing_result}")
+            testing_passed = False
+        else:
+            testing_passed = bool(testing_result)
+
+        if isinstance(comprehensive_result, Exception):
+            self.logger.error(
+                f"Comprehensive hooks failed with exception: {comprehensive_result}"
+            )
+            comprehensive_passed = False
+        else:
+            comprehensive_passed = bool(comprehensive_result)
+
         return testing_passed, comprehensive_passed
 
     async def _handle_ai_agent_workflow(
@@ -238,38 +394,127 @@ class WorkflowPipeline:
         iteration: int,
         testing_passed: bool,
         comprehensive_passed: bool,
+        workflow_id: str = "unknown",
     ) -> bool:
-        if not testing_passed or not comprehensive_passed:
-            success = await self._run_ai_agent_fixing_phase(options)
-            if self._should_debug():
-                self.debugger.log_iteration_end(iteration, success)
-            return success
+        # Handle security gates first
+        if not await self._process_security_gates(options):
+            return False
+
+        # Determine if AI fixing is needed
+        needs_ai_fixing = self._determine_ai_fixing_needed(
+            testing_passed, comprehensive_passed, bool(options.publish or options.all)
+        )
+
+        if needs_ai_fixing:
+            return await self._execute_ai_fixing_workflow(options, iteration)
+
+        # Handle success case without AI fixing
+        return self._finalize_ai_workflow_success(
+            options, iteration, testing_passed, comprehensive_passed
+        )
+
+    async def _process_security_gates(self, options: OptionsProtocol) -> bool:
+        """Process security gates for publishing operations."""
+        publishing_requested, security_blocks = (
+            self._check_security_gates_for_publishing(options)
+        )
+
+        if not (publishing_requested and security_blocks):
+            return True
+
+        # Try AI fixing for security issues, then re-check
+        security_fix_result = await self._handle_security_gate_failure(
+            options, allow_ai_fixing=True
+        )
+        return security_fix_result
 
+    async def _execute_ai_fixing_workflow(
+        self, options: OptionsProtocol, iteration: int
+    ) -> bool:
+        """Execute AI fixing workflow and handle debugging."""
+        success = await self._run_ai_agent_fixing_phase(options)
         if self._should_debug():
-            self.debugger.log_iteration_end(iteration, True)
-        return True
+            self.debugger.log_iteration_end(iteration, success)
+        return success
 
-    def _handle_standard_workflow(
+    def _finalize_ai_workflow_success(
         self,
         options: OptionsProtocol,
         iteration: int,
         testing_passed: bool,
         comprehensive_passed: bool,
     ) -> bool:
-        success = testing_passed and comprehensive_passed
+        """Finalize AI workflow when no fixing is needed."""
+        publishing_requested = bool(options.publish or options.all)
 
-        if not success and getattr(options, "verbose", False):
+        final_success = self._determine_workflow_success(
+            testing_passed, comprehensive_passed, publishing_requested
+        )
+
+        self._show_partial_success_warning_if_needed(
+            publishing_requested, final_success, testing_passed, comprehensive_passed
+        )
+
+        if self._should_debug():
+            self.debugger.log_iteration_end(iteration, final_success)
+
+        return final_success
+
+    def _show_partial_success_warning_if_needed(
+        self,
+        publishing_requested: bool,
+        final_success: bool,
+        testing_passed: bool,
+        comprehensive_passed: bool,
+    ) -> None:
+        """Show security audit warning for partial success in publishing workflows."""
+        should_show_warning = (
+            publishing_requested
+            and final_success
+            and not (testing_passed and comprehensive_passed)
+        )
+
+        if should_show_warning:
+            self._show_security_audit_warning()
+
+    async def _handle_standard_workflow(
+        self,
+        options: OptionsProtocol,
+        iteration: int,
+        testing_passed: bool,
+        comprehensive_passed: bool,
+    ) -> bool:
+        # Check security gates for publishing operations
+        publishing_requested, security_blocks = (
+            self._check_security_gates_for_publishing(options)
+        )
+
+        if publishing_requested and security_blocks:
+            # Standard workflow cannot bypass security gates
+            return await self._handle_security_gate_failure(options)
+
+        # Determine success based on publishing requirements
+        success = self._determine_workflow_success(
+            testing_passed,
+            comprehensive_passed,
+            publishing_requested,
+        )
+
+        # Show security audit warning for partial success in publishing workflows
+        if (
+            publishing_requested
+            and success
+            and not (testing_passed and comprehensive_passed)
+        ):
+            self._show_security_audit_warning()
+        elif publishing_requested and not success:
             self.console.print(
-                f"[yellow]⚠️ Workflow stopped-testing_passed: {testing_passed}, comprehensive_passed: {comprehensive_passed}[/ yellow]"
+                "[red]❌ Quality checks failed - cannot proceed to publishing[/red]"
             )
-            if not testing_passed:
-                self.console.print(
-                    "[yellow] → Tests reported failure despite appearing successful[/ yellow]"
-                )
-            if not comprehensive_passed:
-                self.console.print(
-                    "[yellow] → Comprehensive hooks reported failure despite appearing successful[/ yellow]"
-                )
+
+        # Show verbose failure details if requested
+        if not success and getattr(options, "verbose", False):
+            self._show_verbose_failure_details(testing_passed, comprehensive_passed)
 
         if options.ai_agent and self._should_debug():
             self.debugger.log_iteration_end(iteration, success)
@@ -434,36 +679,67 @@ class WorkflowPipeline:
             self._mcp_state_manager.update_stage_status("comprehensive", "completed")
 
     async def _run_ai_agent_fixing_phase(self, options: OptionsProtocol) -> bool:
-        self._update_mcp_status("ai_fixing", "running")
-        self.logger.info("Starting AI agent fixing phase")
-        self._log_debug_phase_start()
+        self._initialize_ai_fixing_phase(options)
 
         try:
-            # If code cleaning is enabled and hasn't run yet, run it first
-            # to provide cleaner, more standardized code for the AI agents
-            if getattr(options, "clean", False) and not self._has_code_cleaning_run():
-                self.console.print(
-                    "\n[bold yellow]🤖 AI agents recommend running code cleaning first for better results...[/bold yellow]"
-                )
-                if self._run_code_cleaning_phase(options):
-                    # Run fast hooks sanity check after cleaning
-                    self._run_post_cleaning_fast_hooks(options)
-                    self._mark_code_cleaning_complete()
+            # Prepare environment for AI agents
+            self._prepare_ai_fixing_environment(options)
 
-            agent_coordinator = self._setup_agent_coordinator()
-            issues = await self._collect_issues_from_failures()
+            # Setup coordinator and collect issues
+            agent_coordinator, issues = await self._setup_ai_fixing_workflow()
 
             if not issues:
                 return self._handle_no_issues_found()
 
-            self.logger.info(f"AI agents will attempt to fix {len(issues)} issues")
-            fix_result = await agent_coordinator.handle_issues(issues)
-
-            return await self._process_fix_results(options, fix_result)
+            # Execute AI fixing
+            return await self._execute_ai_fixes(options, agent_coordinator, issues)
 
         except Exception as e:
             return self._handle_fixing_phase_error(e)
 
+    def _initialize_ai_fixing_phase(self, options: OptionsProtocol) -> None:
+        """Initialize the AI fixing phase with status updates and logging."""
+        self._update_mcp_status("ai_fixing", "running")
+        self.logger.info("Starting AI agent fixing phase")
+        self._log_debug_phase_start()
+
+    def _prepare_ai_fixing_environment(self, options: OptionsProtocol) -> None:
+        """Prepare the environment for AI agents by running optional code cleaning."""
+        should_run_cleaning = (
+            getattr(options, "clean", False) and not self._has_code_cleaning_run()
+        )
+
+        if not should_run_cleaning:
+            return
+
+        self.console.print(
+            "\n[bold yellow]🤖 AI agents recommend running code cleaning first for better results...[/bold yellow]"
+        )
+
+        if self._run_code_cleaning_phase(options):
+            # Run fast hooks sanity check after cleaning
+            self._run_post_cleaning_fast_hooks(options)
+            self._mark_code_cleaning_complete()
+
+    async def _setup_ai_fixing_workflow(
+        self,
+    ) -> tuple[AgentCoordinator, list[t.Any]]:
+        """Setup agent coordinator and collect issues to fix."""
+        agent_coordinator = self._setup_agent_coordinator()
+        issues = await self._collect_issues_from_failures()
+        return agent_coordinator, issues
+
+    async def _execute_ai_fixes(
+        self,
+        options: OptionsProtocol,
+        agent_coordinator: AgentCoordinator,
+        issues: list[t.Any],
+    ) -> bool:
+        """Execute AI fixes and process results."""
+        self.logger.info(f"AI agents will attempt to fix {len(issues)} issues")
+        fix_result = await agent_coordinator.handle_issues(issues)
+        return await self._process_fix_results(options, fix_result)
+
     def _log_debug_phase_start(self) -> None:
         if self._should_debug():
             self.debugger.log_workflow_phase(
@@ -995,6 +1271,381 @@ class WorkflowPipeline:
             self.debugger.log_test_failures(test_count)
             self.debugger.log_hook_failures(hook_count)
 
+    def _check_security_gates_for_publishing(
+        self, options: OptionsProtocol
+    ) -> tuple[bool, bool]:
+        """Check if publishing is requested and if security gates block it.
+
+        Returns:
+            tuple[bool, bool]: (publishing_requested, security_blocks_publishing)
+        """
+        publishing_requested = bool(options.publish or options.all or options.commit)
+
+        if not publishing_requested:
+            return False, False
+
+        # Check security gates for publishing operations
+        try:
+            security_blocks_publishing = self._check_security_critical_failures()
+            return publishing_requested, security_blocks_publishing
+        except Exception as e:
+            # Fail securely if security check fails
+            self.logger.warning(f"Security check failed: {e} - blocking publishing")
+            self.console.print(
+                "[red]🔒 SECURITY CHECK FAILED: Unable to verify security status - publishing BLOCKED[/red]"
+            )
+            # Return True for security_blocks to fail securely
+            return publishing_requested, True
+
+    async def _handle_security_gate_failure(
+        self, options: OptionsProtocol, allow_ai_fixing: bool = False
+    ) -> bool:
+        """Handle security gate failures with optional AI fixing.
+
+        Args:
+            options: Workflow options
+            allow_ai_fixing: Whether AI fixing is allowed for security issues
+
+        Returns:
+            bool: True if security issues resolved, False if still blocked
+        """
+        self.console.print(
+            "[red]🔒 SECURITY GATE: Critical security checks failed[/red]"
+        )
+
+        if allow_ai_fixing:
+            self.console.print(
+                "[red]Security-critical hooks (bandit, pyright, gitleaks) must pass before publishing[/red]"
+            )
+            self.console.print(
+                "[yellow]🤖 Attempting AI-assisted security issue resolution...[/yellow]"
+            )
+
+            # Try AI fixing for security issues
+            ai_fix_success = await self._run_ai_agent_fixing_phase(options)
+            if ai_fix_success:
+                # Re-check security after AI fixing
+                try:
+                    security_still_blocks = self._check_security_critical_failures()
+                    if not security_still_blocks:
+                        self.console.print(
+                            "[green]✅ AI agents resolved security issues - publishing allowed[/green]"
+                        )
+                        return True
+                    else:
+                        self.console.print(
+                            "[red]🔒 Security issues persist after AI fixing - publishing still BLOCKED[/red]"
+                        )
+                        return False
+                except Exception as e:
+                    self.logger.warning(
+                        f"Security re-check failed: {e} - blocking publishing"
+                    )
+                    return False
+            return False
+        else:
+            # Standard workflow cannot bypass security gates
+            self.console.print(
+                "[red]Security-critical hooks (bandit, pyright, gitleaks) must pass before publishing[/red]"
+            )
+            return False
+
+    def _determine_ai_fixing_needed(
+        self,
+        testing_passed: bool,
+        comprehensive_passed: bool,
+        publishing_requested: bool,
+    ) -> bool:
+        """Determine if AI fixing is needed based on test results and publishing requirements."""
+        if publishing_requested:
+            # For publish/commit workflows, trigger AI fixing if either fails (since both must pass)
+            return not testing_passed or not comprehensive_passed
+        # For regular workflows, trigger AI fixing if either fails
+        return not testing_passed or not comprehensive_passed
+
+    def _determine_workflow_success(
+        self,
+        testing_passed: bool,
+        comprehensive_passed: bool,
+        publishing_requested: bool,
+    ) -> bool:
+        """Determine workflow success based on test results and workflow type."""
+        if publishing_requested:
+            # For publishing workflows, ALL quality checks (tests AND comprehensive hooks) must pass
+            return testing_passed and comprehensive_passed
+        # For regular workflows, both must pass as well
+        return testing_passed and comprehensive_passed
+
+    def _show_verbose_failure_details(
+        self, testing_passed: bool, comprehensive_passed: bool
+    ) -> None:
+        """Show detailed failure information in verbose mode."""
+        self.console.print(
+            f"[yellow]⚠️ Quality phase results - testing_passed: {testing_passed}, comprehensive_passed: {comprehensive_passed}[/yellow]"
+        )
+        if not testing_passed:
+            self.console.print("[yellow] → Tests reported failure[/yellow]")
+        if not comprehensive_passed:
+            self.console.print(
+                "[yellow] → Comprehensive hooks reported failure[/yellow]"
+            )
+
+    def _check_security_critical_failures(self) -> bool:
+        """Check if any security-critical hooks have failed.
+
+        Returns:
+            True if security-critical hooks failed and block publishing
+        """
+        try:
+            from crackerjack.security.audit import SecurityAuditor
+
+            auditor = SecurityAuditor()
+
+            # Get hook results - we need to be careful not to re-run hooks
+            # Instead, check the session tracker for recent failures
+            fast_results = self._get_recent_fast_hook_results()
+            comprehensive_results = self._get_recent_comprehensive_hook_results()
+
+            # Generate security audit report
+            audit_report = auditor.audit_hook_results(
+                fast_results, comprehensive_results
+            )
+
+            # Store audit report for later use
+            self._last_security_audit = audit_report
+
+            # Block publishing if critical failures exist
+            return audit_report.has_critical_failures
+
+        except Exception as e:
+            # Fail securely - if we can't determine security status, block publishing
+            self.logger.warning(f"Security audit failed: {e} - failing securely")
+            # Re-raise the exception so it can be caught by the calling method
+            raise
+
+    def _get_recent_fast_hook_results(self) -> list[t.Any]:
+        """Get recent fast hook results from session tracker."""
+        # Try to get results from session tracker
+        results = self._extract_hook_results_from_session("fast_hooks")
+
+        # If no results from session, create mock failed results for critical hooks
+        if not results:
+            results = self._create_mock_hook_results(["gitleaks"])
+
+        return results
+
+    def _extract_hook_results_from_session(self, hook_type: str) -> list[t.Any]:
+        """Extract hook results from session tracker for given hook type."""
+        results = []
+
+        session_tracker = self._get_session_tracker()
+        if not session_tracker:
+            return results
+
+        for task_id, task_data in session_tracker.tasks.items():
+            if task_id == hook_type and hasattr(task_data, "hook_results"):
+                if task_data.hook_results:
+                    results.extend(task_data.hook_results)
+
+        return results
+
+    def _get_session_tracker(self) -> t.Any | None:
+        """Get session tracker if available."""
+        return (
+            getattr(self.session, "session_tracker", None)
+            if hasattr(self.session, "session_tracker")
+            else None
+        )
+
+    def _create_mock_hook_results(self, critical_hooks: list[str]) -> list[t.Any]:
+        """Create mock failed results for critical hooks to fail securely."""
+        results = []
+
+        for hook_name in critical_hooks:
+            mock_result = self._create_mock_hook_result(hook_name)
+            results.append(mock_result)
+
+        return results
+
+    def _create_mock_hook_result(self, hook_name: str) -> t.Any:
+        """Create a mock result that appears to have failed for security purposes."""
+        return type(
+            "MockResult",
+            (),
+            {
+                "name": hook_name,
+                "status": "unknown",  # Unknown status = fail securely
+                "output": "Unable to determine hook status",
+            },
+        )()
+
+    def _get_recent_comprehensive_hook_results(self) -> list[t.Any]:
+        """Get recent comprehensive hook results from session tracker."""
+        # Try to get results from session tracker
+        results = self._extract_hook_results_from_session("comprehensive_hooks")
+
+        # If no results from session, create mock failed results for critical hooks
+        if not results:
+            results = self._create_mock_hook_results(["bandit", "pyright"])
+
+        return results
+
+    def _is_security_critical_failure(self, result: t.Any) -> bool:
+        """Check if a hook result represents a security-critical failure."""
+
+        # List of security-critical hook names (fail-safe approach)
+        security_critical_hooks = {
+            "bandit",  # Security vulnerability scanning
+            "pyright",  # Type safety prevents security holes
+            "gitleaks",  # Secret detection
+        }
+
+        hook_name = getattr(result, "name", "").lower()
+        is_failed = getattr(result, "status", "unknown") in (
+            "failed",
+            "error",
+            "timeout",
+        )
+
+        return hook_name in security_critical_hooks and is_failed
+
+    def _show_security_audit_warning(self) -> None:
+        """Show security audit warning when proceeding with partial success."""
+        # Use stored audit report if available
+        audit_report = getattr(self, "_last_security_audit", None)
+
+        if audit_report:
+            self.console.print(
+                "[yellow]⚠️ SECURITY AUDIT: Proceeding with partial quality success[/yellow]"
+            )
+
+            # Show security status
+            for warning in audit_report.security_warnings:
+                if "CRITICAL" in warning:
+                    # This shouldn't happen if we're showing warnings, but fail-safe
+                    self.console.print(f"[red]{warning}[/red]")
+                elif "HIGH" in warning:
+                    self.console.print(f"[yellow]{warning}[/yellow]")
+                else:
+                    self.console.print(f"[blue]{warning}[/blue]")
+
+            # Show recommendations
+            if audit_report.recommendations:
+                self.console.print("[bold]Security Recommendations:[/bold]")
+                for rec in audit_report.recommendations[:3]:  # Show top 3
+                    self.console.print(f"[dim]{rec}[/dim]")
+        else:
+            # Fallback if no audit report available
+            self.console.print(
+                "[yellow]⚠️ SECURITY AUDIT: Proceeding with partial quality success[/yellow]"
+            )
+            self.console.print(
+                "[yellow]✅ Security-critical checks (bandit, pyright, gitleaks) have passed[/yellow]"
+            )
+            self.console.print(
+                "[yellow]⚠️ Some non-critical quality checks failed - consider reviewing before production deployment[/yellow]"
+            )
+
+    # Performance-optimized async methods
+    async def _run_initial_fast_hooks_async(
+        self, options: OptionsProtocol, iteration: int, monitor: t.Any
+    ) -> bool:
+        """Run initial fast hooks asynchronously with monitoring."""
+        monitor.record_sequential_op()  # Fast hooks run sequentially for safety
+        fast_hooks_passed = self._run_fast_hooks_phase(options)
+        if not fast_hooks_passed:
+            if options.ai_agent and self._should_debug():
+                self.debugger.log_iteration_end(iteration, False)
+            return False
+        return True
+
+    async def _run_fast_hooks_phase_monitored(
+        self, options: OptionsProtocol, workflow_id: str
+    ) -> bool:
+        """Run fast hooks phase with performance monitoring."""
+        with phase_monitor(workflow_id, "fast_hooks") as monitor:
+            monitor.record_sequential_op()
+            return self._run_fast_hooks_phase(options)
+
+    async def _run_comprehensive_hooks_phase_monitored(
+        self, options: OptionsProtocol, workflow_id: str
+    ) -> bool:
+        """Run comprehensive hooks phase with performance monitoring."""
+        with phase_monitor(workflow_id, "comprehensive_hooks") as monitor:
+            monitor.record_sequential_op()
+            return self._run_comprehensive_hooks_phase(options)
+
+    async def _run_testing_phase_async(
+        self, options: OptionsProtocol, workflow_id: str
+    ) -> bool:
+        """Run testing phase asynchronously with monitoring."""
+        with phase_monitor(workflow_id, "testing") as monitor:
+            monitor.record_sequential_op()
+            return self._run_testing_phase(options)
+
+    async def _execute_standard_hooks_workflow_monitored(
+        self, options: OptionsProtocol, workflow_id: str
+    ) -> bool:
+        """Execute standard hooks workflow with performance monitoring."""
+        with phase_monitor(workflow_id, "hooks") as monitor:
+            self._update_hooks_status_running()
+
+            # Execute fast hooks phase
+            fast_hooks_success = self._execute_monitored_fast_hooks_phase(
+                options, monitor
+            )
+            if not fast_hooks_success:
+                self._handle_hooks_completion(False)
+                return False
+
+            # Execute optional cleaning phase
+            if not self._execute_monitored_cleaning_phase(options):
+                self._handle_hooks_completion(False)
+                return False
+
+            # Execute comprehensive hooks phase
+            comprehensive_success = self._execute_monitored_comprehensive_phase(
+                options, monitor
+            )
+
+            # Complete workflow
+            hooks_success = fast_hooks_success and comprehensive_success
+            self._handle_hooks_completion(hooks_success)
+            return hooks_success
+
+    def _execute_monitored_fast_hooks_phase(
+        self, options: OptionsProtocol, monitor: t.Any
+    ) -> bool:
+        """Execute fast hooks phase with monitoring."""
+        fast_hooks_success = self._run_fast_hooks_phase(options)
+        if fast_hooks_success:
+            monitor.record_sequential_op()
+        return fast_hooks_success
+
+    def _execute_monitored_cleaning_phase(self, options: OptionsProtocol) -> bool:
+        """Execute optional code cleaning phase."""
+        if not getattr(options, "clean", False):
+            return True
+
+        if not self._run_code_cleaning_phase(options):
+            return False
+
+        # Run fast hooks again after cleaning for sanity check
+        if not self._run_post_cleaning_fast_hooks(options):
+            return False
+
+        self._mark_code_cleaning_complete()
+        return True
+
+    def _execute_monitored_comprehensive_phase(
+        self, options: OptionsProtocol, monitor: t.Any
+    ) -> bool:
+        """Execute comprehensive hooks phase with monitoring."""
+        comprehensive_success = self._run_comprehensive_hooks_phase(options)
+        if comprehensive_success:
+            monitor.record_sequential_op()
+        return comprehensive_success
+
 
 class WorkflowOrchestrator:
     def __init__(
@@ -1063,8 +1714,8 @@ class WorkflowOrchestrator:
         session_id = getattr(self, "web_job_id", None) or str(int(time.time()))[:8]
         debug_log_file = log_manager.create_debug_log_file(session_id)
 
-        # Set log level based on verbosity - DEBUG only in verbose or debug mode
-        log_level = "DEBUG" if (self.verbose or self.debug) else "INFO"
+        # Set log level based on debug flag only - verbose should not enable DEBUG logs
+        log_level = "DEBUG" if self.debug else "INFO"
         setup_structured_logging(
             level=log_level, json_output=False, log_file=debug_log_file
         )