wee

Author: emmahyde

agents/orchestrator.md

@@ -60,14 +60,16 @@ You own decomposition, assignment, lock management, context packaging, validatio
 You HAVE the Task tool — use it to dispatch subagents. Do not claim otherwise.
 
 [INITIALIZATION]
-Before any other action, create `.claude/orchestrator/active_locks.json` with your own lock entry:
+Before any other action, create the orchestrator state directory:
 ```bash
 mkdir -p .claude/orchestrator
-cat > .claude/orchestrator/active_locks.json << 'LOCKS'
-[{"task_id":"orchestrator","owner":"orchestrator","resource":[".claude/","docs/"],"active":true}]
-LOCKS
 ```
-This registers the orchestrator's own write scope. All subsequent lock entries for subagents are appended to this file. The PreToolUse hook enforces these scopes on every Write/Edit call.
+This activates hook enforcement for the session. With `.claude/orchestrator/` present:
+- All Write/Edit calls are restricted to the project directory (cwd).
+- Destructive Bash commands (rm -rf, git reset --hard, git clean, etc.) are blocked.
+- Polling commands (sleep, tail on .output files) are blocked — wait for SubagentStop hook delivery instead.
+
+You (orchestrator) may write anywhere within the project at any time. Avoid writing to files that active subagents are working on.
 
 [REQUIRED INPUTS]
 1) global_objective
@@ -91,10 +93,10 @@ Maintain one canonical ledger row per task with:
 - timeout_seconds: integer >= 30
 
 [LOCK ENFORCEMENT]
-- R1: Every assigned task MUST include lock_scope.
-- R2: Active lock_scope values MUST NOT overlap (exact or path-prefix).
-- R3: Overlap requests MUST be blocked until lock release.
-- R4: Publish active lock table on every assignment round.
+Lock scopes are organizational — they tell subagents where to write, not hook-enforced boundaries.
+- R1: Every assigned task MUST include lock_scope (tells the subagent its working directory).
+- R2: Assigned lock_scope values SHOULD NOT overlap between concurrent tasks.
+- R3: Hooks enforce: all writes must be within cwd; destructive Bash commands are blocked.
 
 [ASSIGNMENT RULES]
 - A1: Choose agent/model by task complexity and failure risk.
@@ -161,6 +163,42 @@ Before setting task done:
 - C3: for orphaned in_progress tasks, run watchdog timeout policy before resuming.
 - C4: record a recovery event before emitting new assignments.
 
+[GSD INTEGRATION]
+When operating in a GSD-driven workflow (plan-phase, execute-phase, etc.), use the context helper script to extract phase data without bloating your context window.
+
+Script: `${CLAUDE_PLUGIN_ROOT}/skills/multi-agent-operator-guide/scripts/gsd_context.py`
+
+Subcommands:
+1. **content-sizes** — Check content sizes before loading anything:
+   ```bash
+   python gsd_context.py content-sizes <N> [--includes key1,key2,...]
+   ```
+   Returns JSON: `{"phase":"N","content_sizes":{"roadmap_content":4200,...}}`
+
+2. **phase-context** — Extract phase init data, writing content fields to temp files:
+   ```bash
+   python gsd_context.py phase-context <N> [--includes key1,key2,...]
+   ```
+   Returns JSON with `metadata` (model settings, phase info, booleans) and `content_files` map (key → `{path, chars}`). Reference temp file paths in subagent context packages instead of inlining content.
+
+3. **phase-section** — Get the roadmap section for a phase (plain text to stdout):
+   ```bash
+   python gsd_context.py phase-section <N>
+   ```
+
+4. **prior-decisions** — Get prior decisions as compact lines (plain text):
+   ```bash
+   python gsd_context.py prior-decisions
+   ```
+   Format: `phase: summary - rationale` per line, or "No prior decisions".
+
+Workflow:
+- Use `content-sizes` first to decide what to load.
+- Use `phase-context` to split content to temp files, then reference those paths in subagent context packages.
+- Use `phase-section` and `prior-decisions` for lightweight context that can be inlined directly.
+
+Environment: Set `GSD_TOOLS_PATH` if gsd-tools.cjs is not at `~/.claude/get-shit-done/bin/gsd-tools.cjs`.
+
 [REQUIRED OUTPUT ENVELOPE]
 Return only the orchestrator envelope fields:
 - schema_version

hooks/hooks.json

@@ -24,6 +24,16 @@
           }
         ]
       },
+      {
+        "matcher": "Bash",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "${CLAUDE_PLUGIN_ROOT}/hooks/scripts/pre_bash_no_polling.py",
+            "timeout": 5
+          }
+        ]
+      },
       {
         "matcher": "Write|Edit",
         "hooks": [

hooks/scripts/pre_bash_no_polling.py

@@ -0,0 +1,65 @@
+#!/usr/bin/env -S uv run --script
+# /// script
+# dependencies = []
+# ///
+"""PreToolUse:Bash hook — blocks polling and destructive commands during orchestrator sessions.
+
+Blocked:
+  - Polling: sleep, tail/cat on .output files
+  - Destructive: rm (with -r/-f flags), git reset --hard, git clean, git checkout .
+"""
+
+import json
+import re
+import sys
+from pathlib import Path
+
+
+BLOCKED_PATTERNS = [
+    # Polling
+    (re.compile(r'\bsleep\b'), "sleep — end your turn and wait for the SubagentStop hook"),
+    (re.compile(r'/tasks/[^/]*\.output'), "task output file read — wait for hook delivery"),
+    (re.compile(r'\btail\b.*\.output'), "tail on output file — wait for hook delivery"),
+    (re.compile(r'\bcat\b.*\.output'), "cat on output file — wait for hook delivery"),
+    # Destructive
+    (re.compile(r'\brm\s+.*-[^\s]*[rf]'), "rm with -r or -f flags"),
+    (re.compile(r'\bgit\s+reset\s+--hard\b'), "git reset --hard"),
+    (re.compile(r'\bgit\s+clean\b'), "git clean"),
+    (re.compile(r'\bgit\s+checkout\s+\.'), "git checkout ."),
+    (re.compile(r'\bgit\s+push\s+.*--force\b'), "git push --force"),
+    (re.compile(r'\bgit\s+push\s+-f\b'), "git push -f"),
+]
+
+
+def main():
+    try:
+        hook_input = json.load(sys.stdin)
+    except json.JSONDecodeError:
+        sys.exit(0)
+
+    cwd = hook_input.get("cwd", "")
+    tool_input = hook_input.get("tool_input", {})
+    command = tool_input.get("command", "")
+
+    if not command:
+        sys.exit(0)
+
+    if not (Path(cwd) / ".claude" / "orchestrator").exists():
+        sys.exit(0)
+
+    for pattern, label in BLOCKED_PATTERNS:
+        if pattern.search(command):
+            print(
+                json.dumps({
+                    "decision": "deny",
+                    "reason": f"BLOCKED: {label}",
+                }),
+                file=sys.stderr,
+            )
+            sys.exit(2)
+
+    sys.exit(0)
+
+
+if __name__ == "__main__":
+    main()

hooks/scripts/pre_write_scope_check.py

@@ -2,72 +2,18 @@
 # /// script
 # dependencies = []
 # ///
+"""PreToolUse:Write|Edit hook — blocks writes outside the project directory.
+
+When an orchestrator session is active (.claude/orchestrator/ exists),
+all writes must resolve within cwd. No lock-scope logic — just a
+filesystem boundary check.
+"""
 
-import sys
 import json
+import sys
 from pathlib import Path
 
 
-ORCHESTRATOR_ALLOWED = (".claude/", "docs/")
-
-
-def is_always_allowed(rel_path: str) -> bool:
-    """Check if path is in always-allowed directories."""
-    return (
-        rel_path.startswith(".claude/orchestrator/outputs/") or
-        rel_path.startswith("worklogs/")
-    )
-
-
-def normalize_to_relative(file_path: str, cwd: str) -> str:
-    """Convert absolute path to relative path from cwd."""
-    file_path_obj = Path(file_path)
-    cwd_obj = Path(cwd)
-
-    if file_path_obj.is_absolute():
-        try:
-            return str(file_path_obj.relative_to(cwd_obj))
-        except ValueError:
-            return file_path
-    return file_path
-
-
-def matches_scope(rel_path: str, scope: str) -> bool:
-    """Check if rel_path matches the scope entry."""
-    # Exact match
-    if rel_path == scope:
-        return True
-
-    # Directory prefix with trailing slash
-    if scope.endswith("/") and rel_path.startswith(scope):
-        return True
-
-    # Directory prefix without trailing slash (add it for matching)
-    if not scope.endswith("/") and rel_path.startswith(scope + "/"):
-        return True
-
-    return False
-
-
-def get_active_scopes(locks_file: Path) -> list[str]:
-    """Extract resource scopes from active lock entries."""
-    try:
-        with open(locks_file) as f:
-            locks_data = json.load(f)
-    except (json.JSONDecodeError, FileNotFoundError):
-        return []
-
-    active_entries = [entry for entry in locks_data if entry.get("active", False)]
-
-    scopes = []
-    for entry in active_entries:
-        resources = entry.get("resource", [])
-        if isinstance(resources, list):
-            scopes.extend(resources)
-
-    return scopes
-
-
 def main():
     try:
         hook_input = json.load(sys.stdin)
@@ -81,46 +27,23 @@ def main():
     if not cwd or not file_path:
         sys.exit(0)
 
-    rel_path = normalize_to_relative(file_path, cwd)
-
-    if is_always_allowed(rel_path):
+    # Only enforce when an orchestrator session is active
+    if not (Path(cwd) / ".claude" / "orchestrator").exists():
         sys.exit(0)
 
-    orchestrator_dir = Path(cwd) / ".claude" / "orchestrator"
-    locks_file = orchestrator_dir / "active_locks.json"
-
-    # No .claude/orchestrator/ dir = normal interactive session, no restrictions
-    if not orchestrator_dir.exists():
-        sys.exit(0)
+    # Resolve to absolute and check it's within cwd
+    resolved = Path(file_path).resolve()
+    cwd_resolved = Path(cwd).resolve()
 
-    # Dir exists but no lock file = orchestrator hasn't initialized yet
-    if not locks_file.exists():
-        if any(rel_path.startswith(p) for p in ORCHESTRATOR_ALLOWED):
-            sys.exit(0)
-        dirs = ", ".join(ORCHESTRATOR_ALLOWED)
-        error_response = {
-            "decision": "deny",
-            "reason": f"File '{rel_path}' is outside allowed write directories ({dirs}). "
-                      "Only .claude/ and docs/ are writable from this context."
-        }
-        print(json.dumps(error_response), file=sys.stderr)
-        sys.exit(2)
-
-    active_scopes = get_active_scopes(locks_file)
-
-    if not active_scopes:
-        error_response = {
-            "decision": "deny",
-            "reason": "No active resource locks found. You must acquire a lock before writing files."
-        }
-        print(json.dumps(error_response), file=sys.stderr)
-        sys.exit(2)
-
-    if not any(matches_scope(rel_path, scope) for scope in active_scopes):
-        scopes_list = "\n".join(f"  - {scope}" for scope in active_scopes)
+    try:
+        resolved.relative_to(cwd_resolved)
+    except ValueError:
         error_response = {
             "decision": "deny",
-            "reason": f"File '{rel_path}' is outside your locked resource scope. Allowed scopes:\n{scopes_list}"
+            "reason": (
+                f"Write to '{file_path}' blocked — outside project directory. "
+                f"All writes must be within {cwd_resolved}."
+            ),
         }
         print(json.dumps(error_response), file=sys.stderr)
         sys.exit(2)