test: e2e integration tests for git push block via Claude Code protocol #76
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…otocol 8 new tests verifying: - Git push blocked using hook_event_name (Claude Code format) - CWD-based config loading (CCH invoked from wrong directory) - Various git push variants all blocked - Non-push git commands allowed - Response JSON format (continue not continue_) - No-config fail-open behavior - CWD push variants from wrong directory Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
RichardHightower
added a commit
that referenced
this pull request
Jan 28, 2026
* feat(ci): implement two-tier CI with develop/main branching strategy (#67) Add CI/CD tiered approach to balance development velocity with release quality: Branching Model: - main: Production-ready, protected, requires Full Validation - develop: Integration branch (default), requires Fast CI - feature/*, fix/*: Working branches CI Tiers: - Fast CI (~2-3 min): fmt, clippy, unit tests, Linux IQ smoke test Triggers on: PRs to develop, pushes to feature branches - Full Validation (~10-15 min): IQ (4 platforms) + OQ + PQ + evidence Triggers on: PRs to main, release tags, manual dispatch Workflow Changes: - ci.yml: Converted to Fast CI, triggers on develop/feature branches - validation.yml: Full validation, only PRs to main and releases - iq-validation.yml: Manual-only for formal validation runs Documentation: - constitution.md: Added CI/CD Policy section - docs/devops/BRANCHING.md: Detailed branching workflows - docs/devops/CI_TIERS.md: CI tier explanation - docs/devops/RELEASE_PROCESS.md: Release and hotfix workflows - AGENTS.md: Updated with new workflow instructions Benefits: - Daily development: ~2-3 min feedback loop - Releases: Thorough ~10-15 min validation - Hotfixes: Direct to main with backport to develop * fix(ci): update macOS Intel runner from macos-13 to macos-15-intel (#69) macOS 13 runners were retired by GitHub in Jan 2026. Using macos-15-intel as the new x86_64 runner (supported until Aug 2027). Reference: actions/runner-images#13046 * feat(governance): Phase 2.1 Core Governance Implementation (#71) * feat(governance): add Phase 2 governance types and Rule extensions Implements P2.1-T01 through P2.1-T04: - PolicyMode enum (enforce, warn, audit) with default=enforce - Decision enum (allowed, blocked, warned, audited) for logging - GovernanceMetadata struct for rule provenance and documentation - Confidence enum (high, medium, low) - Rule struct extended with mode, priority, and governance fields - sort_rules_by_priority() function for priority-based ordering - Rule helper methods: effective_mode(), effective_priority(), is_enabled() All new fields are optional for backward compatibility. Existing v1.0 configs continue to work unchanged. Tests: 93 tests pass (added 20+ governance tests) Coverage: PolicyMode, Confidence, Decision, GovernanceMetadata parsing, Rule field defaults, priority sorting, YAML integration Refs: .speckit/features/phase2-governance/spec.md Closes: #38 #39 #40 #41 * feat(governance): implement mode-based action execution Implements P2.1-T05: Mode-based action execution Mode behavior: - Enforce: Normal execution (block, inject, run validators) - Warn: Never blocks, injects warning context instead - Audit: Logs only, no blocking or injection Changes: - hooks.rs: Added execute_rule_actions_with_mode() function - hooks.rs: Added execute_rule_actions_warn_mode() for warn mode - hooks.rs: Added merge_responses_with_mode() for mode awareness - hooks.rs: Added determine_decision() for logging decisions - config.rs: Updated enabled_rules() to use effective_priority() Tests: 101 tests pass (+8 new mode-based tests) Refs: .speckit/features/phase2-governance/spec.md Closes: #42 * feat(governance): implement conflict resolution for multi-rule scenarios Implements P2.1-T06: Conflict resolution Resolution logic: - Enforce mode wins over warn and audit (regardless of priority) - Among same modes, higher priority wins - Multiple blocks: highest priority block message used - Warnings and injections are accumulated New functions: - mode_precedence(): Returns numeric precedence (enforce=3, warn=2, audit=1) - RuleConflictEntry: Struct for conflict resolution entries - resolve_conflicts(): Resolves conflicts between multiple matched rules - rule_takes_precedence(): Compares two rules for precedence Tests: 109 tests pass (+8 new conflict resolution tests) Refs: .speckit/features/phase2-governance/spec.md Closes: #43 * feat(governance): complete Phase 2.2-2.4 + RuleZ UI scaffold (#72) * feat(governance): add Phase 2 governance types and Rule extensions Implements P2.1-T01 through P2.1-T04: - PolicyMode enum (enforce, warn, audit) with default=enforce - Decision enum (allowed, blocked, warned, audited) for logging - GovernanceMetadata struct for rule provenance and documentation - Confidence enum (high, medium, low) - Rule struct extended with mode, priority, and governance fields - sort_rules_by_priority() function for priority-based ordering - Rule helper methods: effective_mode(), effective_priority(), is_enabled() All new fields are optional for backward compatibility. Existing v1.0 configs continue to work unchanged. Tests: 93 tests pass (added 20+ governance tests) Coverage: PolicyMode, Confidence, Decision, GovernanceMetadata parsing, Rule field defaults, priority sorting, YAML integration Refs: .speckit/features/phase2-governance/spec.md Closes: #38 #39 #40 #41 * feat(governance): implement mode-based action execution Implements P2.1-T05: Mode-based action execution Mode behavior: - Enforce: Normal execution (block, inject, run validators) - Warn: Never blocks, injects warning context instead - Audit: Logs only, no blocking or injection Changes: - hooks.rs: Added execute_rule_actions_with_mode() function - hooks.rs: Added execute_rule_actions_warn_mode() for warn mode - hooks.rs: Added merge_responses_with_mode() for mode awareness - hooks.rs: Added determine_decision() for logging decisions - config.rs: Updated enabled_rules() to use effective_priority() Tests: 101 tests pass (+8 new mode-based tests) Refs: .speckit/features/phase2-governance/spec.md Closes: #42 * feat(governance): implement conflict resolution for multi-rule scenarios Implements P2.1-T06: Conflict resolution Resolution logic: - Enforce mode wins over warn and audit (regardless of priority) - Among same modes, higher priority wins - Multiple blocks: highest priority block message used - Warnings and injections are accumulated New functions: - mode_precedence(): Returns numeric precedence (enforce=3, warn=2, audit=1) - RuleConflictEntry: Struct for conflict resolution entries - resolve_conflicts(): Resolves conflicts between multiple matched rules - rule_takes_precedence(): Compares two rules for precedence Tests: 109 tests pass (+8 new conflict resolution tests) Refs: .speckit/features/phase2-governance/spec.md Closes: #43 * feat(governance): complete Phase 2.2-2.4 + RuleZ UI scaffold Phase 2.2: Enhanced Logging - Decision enum, LogEntry governance fields, logs filtering Phase 2.3: CLI Enhancements - explain rule command with stats, JSON output, rules listing Phase 2.4: Trust Levels - TrustLevel enum, run action trust field, logging RuleZ UI: Milestone 1 Project Setup - Tauri 2.0 + React 18 + TypeScript scaffold - Dual-mode architecture, layout components, theming 68 tests passing, cargo fmt/clippy clean. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> * docs(speckit): update project status for Phase 2 and RuleZ UI M1 completion (#74) - Mark phase2-governance as Complete (all P2.1-P2.4 implemented) - Mark rulez-ui M1 (Project Setup) as complete - Update all user story checkboxes in features.md - Update all checklist items in phase2-governance-checklist.md - Update rulez-ui-checklist.md with M1 completion - Update plan.md files with completion status and PR references - Add git workflow note: develop is the working branch Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> * fix(cch): align Event struct with Claude Code hook protocol (#75) * fix(cch): align Event struct with Claude Code hook protocol CCH was completely non-functional as a Claude Code hook because it expected `event_type` but Claude Code sends `hook_event_name`. This commit fixes three critical issues: 1. Event struct: rename `event_type` to `hook_event_name` with `#[serde(alias = "event_type")]` for backward compat. Add missing fields (transcript_path, cwd, permission_mode, tool_use_id). Make timestamp default to Utc::now() since Claude Code doesn't send it. 2. EventType enum: add Stop, PostToolUseFailure, SubagentStart, SubagentStop, Notification, Setup variants. 3. Response struct: add `#[serde(rename = "continue")]` so it serializes as "continue" not "continue_". Also fixes install.rs to generate correct PascalCase settings.json with nested matcher/hooks structure, and updates all speckit specs and mastering-hooks skill docs to reflect the actual protocol. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix: use event cwd for config loading instead of current_dir() When Claude Code invokes CCH as a hook, the working directory may not be the project directory. Claude Code sends the project path as `cwd` in the event JSON. CCH now uses this field to locate the correct project's hooks.yaml, falling back to current_dir() when cwd is absent. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * style: fix cargo fmt formatting and bump version to 1.0.2 Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> * test: add e2e integration tests for git push block via Claude Code protocol (#76) 8 new tests verifying: - Git push blocked using hook_event_name (Claude Code format) - CWD-based config loading (CCH invoked from wrong directory) - Various git push variants all blocked - Non-push git commands allowed - Response JSON format (continue not continue_) - No-config fail-open behavior - CWD push variants from wrong directory Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> * fix(cch): use exit code 2 to block tool calls per Claude Code hooks protocol (#77) * fix(cch): use exit code 2 to block tool calls per Claude Code hooks protocol Claude Code hooks protocol requires exit code 2 (not exit 0 with continue:false) to actually block a tool call. Exit 0 with continue:false only stops Claude's conversation but does NOT prevent the tool from executing. This was why git push went through despite the hook firing. - main.rs: exit(2) with reason on stderr when blocking - Updated e2e, OQ-US1, and OQ-US3 tests to expect exit code 2 + stderr Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(tests): guard against divide-by-zero in memory stability test On Linux CI, the process exits before memory can be measured, resulting in first_avg=0. This caused a divide-by-zero panic at line 362. Now skips the comparison when memory measurement returns 0. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
RichardHightower
added a commit
that referenced
this pull request
Jan 28, 2026
* Release: v0.1.0 - Two-Tier CI with IQ/OQ/PQ Validation (#70) * feat(ci): implement two-tier CI with develop/main branching strategy (#67) Add CI/CD tiered approach to balance development velocity with release quality: Branching Model: - main: Production-ready, protected, requires Full Validation - develop: Integration branch (default), requires Fast CI - feature/*, fix/*: Working branches CI Tiers: - Fast CI (~2-3 min): fmt, clippy, unit tests, Linux IQ smoke test Triggers on: PRs to develop, pushes to feature branches - Full Validation (~10-15 min): IQ (4 platforms) + OQ + PQ + evidence Triggers on: PRs to main, release tags, manual dispatch Workflow Changes: - ci.yml: Converted to Fast CI, triggers on develop/feature branches - validation.yml: Full validation, only PRs to main and releases - iq-validation.yml: Manual-only for formal validation runs Documentation: - constitution.md: Added CI/CD Policy section - docs/devops/BRANCHING.md: Detailed branching workflows - docs/devops/CI_TIERS.md: CI tier explanation - docs/devops/RELEASE_PROCESS.md: Release and hotfix workflows - AGENTS.md: Updated with new workflow instructions Benefits: - Daily development: ~2-3 min feedback loop - Releases: Thorough ~10-15 min validation - Hotfixes: Direct to main with backport to develop * fix(ci): update macOS Intel runner from macos-13 to macos-15-intel (#69) macOS 13 runners were retired by GitHub in Jan 2026. Using macos-15-intel as the new x86_64 runner (supported until Aug 2027). Reference: actions/runner-images#13046 * Develop (#73) * feat(ci): implement two-tier CI with develop/main branching strategy (#67) Add CI/CD tiered approach to balance development velocity with release quality: Branching Model: - main: Production-ready, protected, requires Full Validation - develop: Integration branch (default), requires Fast CI - feature/*, fix/*: Working branches CI Tiers: - Fast CI (~2-3 min): fmt, clippy, unit tests, Linux IQ smoke test Triggers on: PRs to develop, pushes to feature branches - Full Validation (~10-15 min): IQ (4 platforms) + OQ + PQ + evidence Triggers on: PRs to main, release tags, manual dispatch Workflow Changes: - ci.yml: Converted to Fast CI, triggers on develop/feature branches - validation.yml: Full validation, only PRs to main and releases - iq-validation.yml: Manual-only for formal validation runs Documentation: - constitution.md: Added CI/CD Policy section - docs/devops/BRANCHING.md: Detailed branching workflows - docs/devops/CI_TIERS.md: CI tier explanation - docs/devops/RELEASE_PROCESS.md: Release and hotfix workflows - AGENTS.md: Updated with new workflow instructions Benefits: - Daily development: ~2-3 min feedback loop - Releases: Thorough ~10-15 min validation - Hotfixes: Direct to main with backport to develop * fix(ci): update macOS Intel runner from macos-13 to macos-15-intel (#69) macOS 13 runners were retired by GitHub in Jan 2026. Using macos-15-intel as the new x86_64 runner (supported until Aug 2027). Reference: actions/runner-images#13046 * feat(governance): Phase 2.1 Core Governance Implementation (#71) * feat(governance): add Phase 2 governance types and Rule extensions Implements P2.1-T01 through P2.1-T04: - PolicyMode enum (enforce, warn, audit) with default=enforce - Decision enum (allowed, blocked, warned, audited) for logging - GovernanceMetadata struct for rule provenance and documentation - Confidence enum (high, medium, low) - Rule struct extended with mode, priority, and governance fields - sort_rules_by_priority() function for priority-based ordering - Rule helper methods: effective_mode(), effective_priority(), is_enabled() All new fields are optional for backward compatibility. Existing v1.0 configs continue to work unchanged. Tests: 93 tests pass (added 20+ governance tests) Coverage: PolicyMode, Confidence, Decision, GovernanceMetadata parsing, Rule field defaults, priority sorting, YAML integration Refs: .speckit/features/phase2-governance/spec.md Closes: #38 #39 #40 #41 * feat(governance): implement mode-based action execution Implements P2.1-T05: Mode-based action execution Mode behavior: - Enforce: Normal execution (block, inject, run validators) - Warn: Never blocks, injects warning context instead - Audit: Logs only, no blocking or injection Changes: - hooks.rs: Added execute_rule_actions_with_mode() function - hooks.rs: Added execute_rule_actions_warn_mode() for warn mode - hooks.rs: Added merge_responses_with_mode() for mode awareness - hooks.rs: Added determine_decision() for logging decisions - config.rs: Updated enabled_rules() to use effective_priority() Tests: 101 tests pass (+8 new mode-based tests) Refs: .speckit/features/phase2-governance/spec.md Closes: #42 * feat(governance): implement conflict resolution for multi-rule scenarios Implements P2.1-T06: Conflict resolution Resolution logic: - Enforce mode wins over warn and audit (regardless of priority) - Among same modes, higher priority wins - Multiple blocks: highest priority block message used - Warnings and injections are accumulated New functions: - mode_precedence(): Returns numeric precedence (enforce=3, warn=2, audit=1) - RuleConflictEntry: Struct for conflict resolution entries - resolve_conflicts(): Resolves conflicts between multiple matched rules - rule_takes_precedence(): Compares two rules for precedence Tests: 109 tests pass (+8 new conflict resolution tests) Refs: .speckit/features/phase2-governance/spec.md Closes: #43 * feat(governance): complete Phase 2.2-2.4 + RuleZ UI scaffold (#72) * feat(governance): add Phase 2 governance types and Rule extensions Implements P2.1-T01 through P2.1-T04: - PolicyMode enum (enforce, warn, audit) with default=enforce - Decision enum (allowed, blocked, warned, audited) for logging - GovernanceMetadata struct for rule provenance and documentation - Confidence enum (high, medium, low) - Rule struct extended with mode, priority, and governance fields - sort_rules_by_priority() function for priority-based ordering - Rule helper methods: effective_mode(), effective_priority(), is_enabled() All new fields are optional for backward compatibility. Existing v1.0 configs continue to work unchanged. Tests: 93 tests pass (added 20+ governance tests) Coverage: PolicyMode, Confidence, Decision, GovernanceMetadata parsing, Rule field defaults, priority sorting, YAML integration Refs: .speckit/features/phase2-governance/spec.md Closes: #38 #39 #40 #41 * feat(governance): implement mode-based action execution Implements P2.1-T05: Mode-based action execution Mode behavior: - Enforce: Normal execution (block, inject, run validators) - Warn: Never blocks, injects warning context instead - Audit: Logs only, no blocking or injection Changes: - hooks.rs: Added execute_rule_actions_with_mode() function - hooks.rs: Added execute_rule_actions_warn_mode() for warn mode - hooks.rs: Added merge_responses_with_mode() for mode awareness - hooks.rs: Added determine_decision() for logging decisions - config.rs: Updated enabled_rules() to use effective_priority() Tests: 101 tests pass (+8 new mode-based tests) Refs: .speckit/features/phase2-governance/spec.md Closes: #42 * feat(governance): implement conflict resolution for multi-rule scenarios Implements P2.1-T06: Conflict resolution Resolution logic: - Enforce mode wins over warn and audit (regardless of priority) - Among same modes, higher priority wins - Multiple blocks: highest priority block message used - Warnings and injections are accumulated New functions: - mode_precedence(): Returns numeric precedence (enforce=3, warn=2, audit=1) - RuleConflictEntry: Struct for conflict resolution entries - resolve_conflicts(): Resolves conflicts between multiple matched rules - rule_takes_precedence(): Compares two rules for precedence Tests: 109 tests pass (+8 new conflict resolution tests) Refs: .speckit/features/phase2-governance/spec.md Closes: #43 * feat(governance): complete Phase 2.2-2.4 + RuleZ UI scaffold Phase 2.2: Enhanced Logging - Decision enum, LogEntry governance fields, logs filtering Phase 2.3: CLI Enhancements - explain rule command with stats, JSON output, rules listing Phase 2.4: Trust Levels - TrustLevel enum, run action trust field, logging RuleZ UI: Milestone 1 Project Setup - Tauri 2.0 + React 18 + TypeScript scaffold - Dual-mode architecture, layout components, theming 68 tests passing, cargo fmt/clippy clean. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> * Develop, release (#78) * feat(ci): implement two-tier CI with develop/main branching strategy (#67) Add CI/CD tiered approach to balance development velocity with release quality: Branching Model: - main: Production-ready, protected, requires Full Validation - develop: Integration branch (default), requires Fast CI - feature/*, fix/*: Working branches CI Tiers: - Fast CI (~2-3 min): fmt, clippy, unit tests, Linux IQ smoke test Triggers on: PRs to develop, pushes to feature branches - Full Validation (~10-15 min): IQ (4 platforms) + OQ + PQ + evidence Triggers on: PRs to main, release tags, manual dispatch Workflow Changes: - ci.yml: Converted to Fast CI, triggers on develop/feature branches - validation.yml: Full validation, only PRs to main and releases - iq-validation.yml: Manual-only for formal validation runs Documentation: - constitution.md: Added CI/CD Policy section - docs/devops/BRANCHING.md: Detailed branching workflows - docs/devops/CI_TIERS.md: CI tier explanation - docs/devops/RELEASE_PROCESS.md: Release and hotfix workflows - AGENTS.md: Updated with new workflow instructions Benefits: - Daily development: ~2-3 min feedback loop - Releases: Thorough ~10-15 min validation - Hotfixes: Direct to main with backport to develop * fix(ci): update macOS Intel runner from macos-13 to macos-15-intel (#69) macOS 13 runners were retired by GitHub in Jan 2026. Using macos-15-intel as the new x86_64 runner (supported until Aug 2027). Reference: actions/runner-images#13046 * feat(governance): Phase 2.1 Core Governance Implementation (#71) * feat(governance): add Phase 2 governance types and Rule extensions Implements P2.1-T01 through P2.1-T04: - PolicyMode enum (enforce, warn, audit) with default=enforce - Decision enum (allowed, blocked, warned, audited) for logging - GovernanceMetadata struct for rule provenance and documentation - Confidence enum (high, medium, low) - Rule struct extended with mode, priority, and governance fields - sort_rules_by_priority() function for priority-based ordering - Rule helper methods: effective_mode(), effective_priority(), is_enabled() All new fields are optional for backward compatibility. Existing v1.0 configs continue to work unchanged. Tests: 93 tests pass (added 20+ governance tests) Coverage: PolicyMode, Confidence, Decision, GovernanceMetadata parsing, Rule field defaults, priority sorting, YAML integration Refs: .speckit/features/phase2-governance/spec.md Closes: #38 #39 #40 #41 * feat(governance): implement mode-based action execution Implements P2.1-T05: Mode-based action execution Mode behavior: - Enforce: Normal execution (block, inject, run validators) - Warn: Never blocks, injects warning context instead - Audit: Logs only, no blocking or injection Changes: - hooks.rs: Added execute_rule_actions_with_mode() function - hooks.rs: Added execute_rule_actions_warn_mode() for warn mode - hooks.rs: Added merge_responses_with_mode() for mode awareness - hooks.rs: Added determine_decision() for logging decisions - config.rs: Updated enabled_rules() to use effective_priority() Tests: 101 tests pass (+8 new mode-based tests) Refs: .speckit/features/phase2-governance/spec.md Closes: #42 * feat(governance): implement conflict resolution for multi-rule scenarios Implements P2.1-T06: Conflict resolution Resolution logic: - Enforce mode wins over warn and audit (regardless of priority) - Among same modes, higher priority wins - Multiple blocks: highest priority block message used - Warnings and injections are accumulated New functions: - mode_precedence(): Returns numeric precedence (enforce=3, warn=2, audit=1) - RuleConflictEntry: Struct for conflict resolution entries - resolve_conflicts(): Resolves conflicts between multiple matched rules - rule_takes_precedence(): Compares two rules for precedence Tests: 109 tests pass (+8 new conflict resolution tests) Refs: .speckit/features/phase2-governance/spec.md Closes: #43 * feat(governance): complete Phase 2.2-2.4 + RuleZ UI scaffold (#72) * feat(governance): add Phase 2 governance types and Rule extensions Implements P2.1-T01 through P2.1-T04: - PolicyMode enum (enforce, warn, audit) with default=enforce - Decision enum (allowed, blocked, warned, audited) for logging - GovernanceMetadata struct for rule provenance and documentation - Confidence enum (high, medium, low) - Rule struct extended with mode, priority, and governance fields - sort_rules_by_priority() function for priority-based ordering - Rule helper methods: effective_mode(), effective_priority(), is_enabled() All new fields are optional for backward compatibility. Existing v1.0 configs continue to work unchanged. Tests: 93 tests pass (added 20+ governance tests) Coverage: PolicyMode, Confidence, Decision, GovernanceMetadata parsing, Rule field defaults, priority sorting, YAML integration Refs: .speckit/features/phase2-governance/spec.md Closes: #38 #39 #40 #41 * feat(governance): implement mode-based action execution Implements P2.1-T05: Mode-based action execution Mode behavior: - Enforce: Normal execution (block, inject, run validators) - Warn: Never blocks, injects warning context instead - Audit: Logs only, no blocking or injection Changes: - hooks.rs: Added execute_rule_actions_with_mode() function - hooks.rs: Added execute_rule_actions_warn_mode() for warn mode - hooks.rs: Added merge_responses_with_mode() for mode awareness - hooks.rs: Added determine_decision() for logging decisions - config.rs: Updated enabled_rules() to use effective_priority() Tests: 101 tests pass (+8 new mode-based tests) Refs: .speckit/features/phase2-governance/spec.md Closes: #42 * feat(governance): implement conflict resolution for multi-rule scenarios Implements P2.1-T06: Conflict resolution Resolution logic: - Enforce mode wins over warn and audit (regardless of priority) - Among same modes, higher priority wins - Multiple blocks: highest priority block message used - Warnings and injections are accumulated New functions: - mode_precedence(): Returns numeric precedence (enforce=3, warn=2, audit=1) - RuleConflictEntry: Struct for conflict resolution entries - resolve_conflicts(): Resolves conflicts between multiple matched rules - rule_takes_precedence(): Compares two rules for precedence Tests: 109 tests pass (+8 new conflict resolution tests) Refs: .speckit/features/phase2-governance/spec.md Closes: #43 * feat(governance): complete Phase 2.2-2.4 + RuleZ UI scaffold Phase 2.2: Enhanced Logging - Decision enum, LogEntry governance fields, logs filtering Phase 2.3: CLI Enhancements - explain rule command with stats, JSON output, rules listing Phase 2.4: Trust Levels - TrustLevel enum, run action trust field, logging RuleZ UI: Milestone 1 Project Setup - Tauri 2.0 + React 18 + TypeScript scaffold - Dual-mode architecture, layout components, theming 68 tests passing, cargo fmt/clippy clean. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> * docs(speckit): update project status for Phase 2 and RuleZ UI M1 completion (#74) - Mark phase2-governance as Complete (all P2.1-P2.4 implemented) - Mark rulez-ui M1 (Project Setup) as complete - Update all user story checkboxes in features.md - Update all checklist items in phase2-governance-checklist.md - Update rulez-ui-checklist.md with M1 completion - Update plan.md files with completion status and PR references - Add git workflow note: develop is the working branch Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> * fix(cch): align Event struct with Claude Code hook protocol (#75) * fix(cch): align Event struct with Claude Code hook protocol CCH was completely non-functional as a Claude Code hook because it expected `event_type` but Claude Code sends `hook_event_name`. This commit fixes three critical issues: 1. Event struct: rename `event_type` to `hook_event_name` with `#[serde(alias = "event_type")]` for backward compat. Add missing fields (transcript_path, cwd, permission_mode, tool_use_id). Make timestamp default to Utc::now() since Claude Code doesn't send it. 2. EventType enum: add Stop, PostToolUseFailure, SubagentStart, SubagentStop, Notification, Setup variants. 3. Response struct: add `#[serde(rename = "continue")]` so it serializes as "continue" not "continue_". Also fixes install.rs to generate correct PascalCase settings.json with nested matcher/hooks structure, and updates all speckit specs and mastering-hooks skill docs to reflect the actual protocol. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix: use event cwd for config loading instead of current_dir() When Claude Code invokes CCH as a hook, the working directory may not be the project directory. Claude Code sends the project path as `cwd` in the event JSON. CCH now uses this field to locate the correct project's hooks.yaml, falling back to current_dir() when cwd is absent. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * style: fix cargo fmt formatting and bump version to 1.0.2 Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> * test: add e2e integration tests for git push block via Claude Code protocol (#76) 8 new tests verifying: - Git push blocked using hook_event_name (Claude Code format) - CWD-based config loading (CCH invoked from wrong directory) - Various git push variants all blocked - Non-push git commands allowed - Response JSON format (continue not continue_) - No-config fail-open behavior - CWD push variants from wrong directory Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> * fix(cch): use exit code 2 to block tool calls per Claude Code hooks protocol (#77) * fix(cch): use exit code 2 to block tool calls per Claude Code hooks protocol Claude Code hooks protocol requires exit code 2 (not exit 0 with continue:false) to actually block a tool call. Exit 0 with continue:false only stops Claude's conversation but does NOT prevent the tool from executing. This was why git push went through despite the hook firing. - main.rs: exit(2) with reason on stderr when blocking - Updated e2e, OQ-US1, and OQ-US3 tests to expect exit code 2 + stderr Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(tests): guard against divide-by-zero in memory stability test On Linux CI, the process exits before memory can be measured, resulting in first_avg=0. This caused a divide-by-zero panic at line 362. Now skips the comparison when memory measurement returns 0. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> * docs: add wiki synchronization configuration - Add wiki-mapping.yml for source-to-wiki page mapping - Add wiki-mapping-process.md with detailed sync instructions Maps 35+ documentation files to GitHub Wiki pages including: - Core docs (User Guide CLI/Skill, Backlog, Changelog) - DevOps docs (Branching, CI Tiers, Release Process) - PRDs (CLI, System, RuleZ UI, Phase2 Governance) - SpecKit features (specs, plans, tasks for all features) - Checklists (governance, RuleZ UI) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
RichardHightower
added a commit
that referenced
this pull request
Jan 28, 2026
* Release: v0.1.0 - Two-Tier CI with IQ/OQ/PQ Validation (#70) * feat(ci): implement two-tier CI with develop/main branching strategy (#67) Add CI/CD tiered approach to balance development velocity with release quality: Branching Model: - main: Production-ready, protected, requires Full Validation - develop: Integration branch (default), requires Fast CI - feature/*, fix/*: Working branches CI Tiers: - Fast CI (~2-3 min): fmt, clippy, unit tests, Linux IQ smoke test Triggers on: PRs to develop, pushes to feature branches - Full Validation (~10-15 min): IQ (4 platforms) + OQ + PQ + evidence Triggers on: PRs to main, release tags, manual dispatch Workflow Changes: - ci.yml: Converted to Fast CI, triggers on develop/feature branches - validation.yml: Full validation, only PRs to main and releases - iq-validation.yml: Manual-only for formal validation runs Documentation: - constitution.md: Added CI/CD Policy section - docs/devops/BRANCHING.md: Detailed branching workflows - docs/devops/CI_TIERS.md: CI tier explanation - docs/devops/RELEASE_PROCESS.md: Release and hotfix workflows - AGENTS.md: Updated with new workflow instructions Benefits: - Daily development: ~2-3 min feedback loop - Releases: Thorough ~10-15 min validation - Hotfixes: Direct to main with backport to develop * fix(ci): update macOS Intel runner from macos-13 to macos-15-intel (#69) macOS 13 runners were retired by GitHub in Jan 2026. Using macos-15-intel as the new x86_64 runner (supported until Aug 2027). Reference: actions/runner-images#13046 * Develop (#73) * feat(ci): implement two-tier CI with develop/main branching strategy (#67) Add CI/CD tiered approach to balance development velocity with release quality: Branching Model: - main: Production-ready, protected, requires Full Validation - develop: Integration branch (default), requires Fast CI - feature/*, fix/*: Working branches CI Tiers: - Fast CI (~2-3 min): fmt, clippy, unit tests, Linux IQ smoke test Triggers on: PRs to develop, pushes to feature branches - Full Validation (~10-15 min): IQ (4 platforms) + OQ + PQ + evidence Triggers on: PRs to main, release tags, manual dispatch Workflow Changes: - ci.yml: Converted to Fast CI, triggers on develop/feature branches - validation.yml: Full validation, only PRs to main and releases - iq-validation.yml: Manual-only for formal validation runs Documentation: - constitution.md: Added CI/CD Policy section - docs/devops/BRANCHING.md: Detailed branching workflows - docs/devops/CI_TIERS.md: CI tier explanation - docs/devops/RELEASE_PROCESS.md: Release and hotfix workflows - AGENTS.md: Updated with new workflow instructions Benefits: - Daily development: ~2-3 min feedback loop - Releases: Thorough ~10-15 min validation - Hotfixes: Direct to main with backport to develop * fix(ci): update macOS Intel runner from macos-13 to macos-15-intel (#69) macOS 13 runners were retired by GitHub in Jan 2026. Using macos-15-intel as the new x86_64 runner (supported until Aug 2027). Reference: actions/runner-images#13046 * feat(governance): Phase 2.1 Core Governance Implementation (#71) * feat(governance): add Phase 2 governance types and Rule extensions Implements P2.1-T01 through P2.1-T04: - PolicyMode enum (enforce, warn, audit) with default=enforce - Decision enum (allowed, blocked, warned, audited) for logging - GovernanceMetadata struct for rule provenance and documentation - Confidence enum (high, medium, low) - Rule struct extended with mode, priority, and governance fields - sort_rules_by_priority() function for priority-based ordering - Rule helper methods: effective_mode(), effective_priority(), is_enabled() All new fields are optional for backward compatibility. Existing v1.0 configs continue to work unchanged. Tests: 93 tests pass (added 20+ governance tests) Coverage: PolicyMode, Confidence, Decision, GovernanceMetadata parsing, Rule field defaults, priority sorting, YAML integration Refs: .speckit/features/phase2-governance/spec.md Closes: #38 #39 #40 #41 * feat(governance): implement mode-based action execution Implements P2.1-T05: Mode-based action execution Mode behavior: - Enforce: Normal execution (block, inject, run validators) - Warn: Never blocks, injects warning context instead - Audit: Logs only, no blocking or injection Changes: - hooks.rs: Added execute_rule_actions_with_mode() function - hooks.rs: Added execute_rule_actions_warn_mode() for warn mode - hooks.rs: Added merge_responses_with_mode() for mode awareness - hooks.rs: Added determine_decision() for logging decisions - config.rs: Updated enabled_rules() to use effective_priority() Tests: 101 tests pass (+8 new mode-based tests) Refs: .speckit/features/phase2-governance/spec.md Closes: #42 * feat(governance): implement conflict resolution for multi-rule scenarios Implements P2.1-T06: Conflict resolution Resolution logic: - Enforce mode wins over warn and audit (regardless of priority) - Among same modes, higher priority wins - Multiple blocks: highest priority block message used - Warnings and injections are accumulated New functions: - mode_precedence(): Returns numeric precedence (enforce=3, warn=2, audit=1) - RuleConflictEntry: Struct for conflict resolution entries - resolve_conflicts(): Resolves conflicts between multiple matched rules - rule_takes_precedence(): Compares two rules for precedence Tests: 109 tests pass (+8 new conflict resolution tests) Refs: .speckit/features/phase2-governance/spec.md Closes: #43 * feat(governance): complete Phase 2.2-2.4 + RuleZ UI scaffold (#72) * feat(governance): add Phase 2 governance types and Rule extensions Implements P2.1-T01 through P2.1-T04: - PolicyMode enum (enforce, warn, audit) with default=enforce - Decision enum (allowed, blocked, warned, audited) for logging - GovernanceMetadata struct for rule provenance and documentation - Confidence enum (high, medium, low) - Rule struct extended with mode, priority, and governance fields - sort_rules_by_priority() function for priority-based ordering - Rule helper methods: effective_mode(), effective_priority(), is_enabled() All new fields are optional for backward compatibility. Existing v1.0 configs continue to work unchanged. Tests: 93 tests pass (added 20+ governance tests) Coverage: PolicyMode, Confidence, Decision, GovernanceMetadata parsing, Rule field defaults, priority sorting, YAML integration Refs: .speckit/features/phase2-governance/spec.md Closes: #38 #39 #40 #41 * feat(governance): implement mode-based action execution Implements P2.1-T05: Mode-based action execution Mode behavior: - Enforce: Normal execution (block, inject, run validators) - Warn: Never blocks, injects warning context instead - Audit: Logs only, no blocking or injection Changes: - hooks.rs: Added execute_rule_actions_with_mode() function - hooks.rs: Added execute_rule_actions_warn_mode() for warn mode - hooks.rs: Added merge_responses_with_mode() for mode awareness - hooks.rs: Added determine_decision() for logging decisions - config.rs: Updated enabled_rules() to use effective_priority() Tests: 101 tests pass (+8 new mode-based tests) Refs: .speckit/features/phase2-governance/spec.md Closes: #42 * feat(governance): implement conflict resolution for multi-rule scenarios Implements P2.1-T06: Conflict resolution Resolution logic: - Enforce mode wins over warn and audit (regardless of priority) - Among same modes, higher priority wins - Multiple blocks: highest priority block message used - Warnings and injections are accumulated New functions: - mode_precedence(): Returns numeric precedence (enforce=3, warn=2, audit=1) - RuleConflictEntry: Struct for conflict resolution entries - resolve_conflicts(): Resolves conflicts between multiple matched rules - rule_takes_precedence(): Compares two rules for precedence Tests: 109 tests pass (+8 new conflict resolution tests) Refs: .speckit/features/phase2-governance/spec.md Closes: #43 * feat(governance): complete Phase 2.2-2.4 + RuleZ UI scaffold Phase 2.2: Enhanced Logging - Decision enum, LogEntry governance fields, logs filtering Phase 2.3: CLI Enhancements - explain rule command with stats, JSON output, rules listing Phase 2.4: Trust Levels - TrustLevel enum, run action trust field, logging RuleZ UI: Milestone 1 Project Setup - Tauri 2.0 + React 18 + TypeScript scaffold - Dual-mode architecture, layout components, theming 68 tests passing, cargo fmt/clippy clean. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> * Develop, release (#78) * feat(ci): implement two-tier CI with develop/main branching strategy (#67) Add CI/CD tiered approach to balance development velocity with release quality: Branching Model: - main: Production-ready, protected, requires Full Validation - develop: Integration branch (default), requires Fast CI - feature/*, fix/*: Working branches CI Tiers: - Fast CI (~2-3 min): fmt, clippy, unit tests, Linux IQ smoke test Triggers on: PRs to develop, pushes to feature branches - Full Validation (~10-15 min): IQ (4 platforms) + OQ + PQ + evidence Triggers on: PRs to main, release tags, manual dispatch Workflow Changes: - ci.yml: Converted to Fast CI, triggers on develop/feature branches - validation.yml: Full validation, only PRs to main and releases - iq-validation.yml: Manual-only for formal validation runs Documentation: - constitution.md: Added CI/CD Policy section - docs/devops/BRANCHING.md: Detailed branching workflows - docs/devops/CI_TIERS.md: CI tier explanation - docs/devops/RELEASE_PROCESS.md: Release and hotfix workflows - AGENTS.md: Updated with new workflow instructions Benefits: - Daily development: ~2-3 min feedback loop - Releases: Thorough ~10-15 min validation - Hotfixes: Direct to main with backport to develop * fix(ci): update macOS Intel runner from macos-13 to macos-15-intel (#69) macOS 13 runners were retired by GitHub in Jan 2026. Using macos-15-intel as the new x86_64 runner (supported until Aug 2027). Reference: actions/runner-images#13046 * feat(governance): Phase 2.1 Core Governance Implementation (#71) * feat(governance): add Phase 2 governance types and Rule extensions Implements P2.1-T01 through P2.1-T04: - PolicyMode enum (enforce, warn, audit) with default=enforce - Decision enum (allowed, blocked, warned, audited) for logging - GovernanceMetadata struct for rule provenance and documentation - Confidence enum (high, medium, low) - Rule struct extended with mode, priority, and governance fields - sort_rules_by_priority() function for priority-based ordering - Rule helper methods: effective_mode(), effective_priority(), is_enabled() All new fields are optional for backward compatibility. Existing v1.0 configs continue to work unchanged. Tests: 93 tests pass (added 20+ governance tests) Coverage: PolicyMode, Confidence, Decision, GovernanceMetadata parsing, Rule field defaults, priority sorting, YAML integration Refs: .speckit/features/phase2-governance/spec.md Closes: #38 #39 #40 #41 * feat(governance): implement mode-based action execution Implements P2.1-T05: Mode-based action execution Mode behavior: - Enforce: Normal execution (block, inject, run validators) - Warn: Never blocks, injects warning context instead - Audit: Logs only, no blocking or injection Changes: - hooks.rs: Added execute_rule_actions_with_mode() function - hooks.rs: Added execute_rule_actions_warn_mode() for warn mode - hooks.rs: Added merge_responses_with_mode() for mode awareness - hooks.rs: Added determine_decision() for logging decisions - config.rs: Updated enabled_rules() to use effective_priority() Tests: 101 tests pass (+8 new mode-based tests) Refs: .speckit/features/phase2-governance/spec.md Closes: #42 * feat(governance): implement conflict resolution for multi-rule scenarios Implements P2.1-T06: Conflict resolution Resolution logic: - Enforce mode wins over warn and audit (regardless of priority) - Among same modes, higher priority wins - Multiple blocks: highest priority block message used - Warnings and injections are accumulated New functions: - mode_precedence(): Returns numeric precedence (enforce=3, warn=2, audit=1) - RuleConflictEntry: Struct for conflict resolution entries - resolve_conflicts(): Resolves conflicts between multiple matched rules - rule_takes_precedence(): Compares two rules for precedence Tests: 109 tests pass (+8 new conflict resolution tests) Refs: .speckit/features/phase2-governance/spec.md Closes: #43 * feat(governance): complete Phase 2.2-2.4 + RuleZ UI scaffold (#72) * feat(governance): add Phase 2 governance types and Rule extensions Implements P2.1-T01 through P2.1-T04: - PolicyMode enum (enforce, warn, audit) with default=enforce - Decision enum (allowed, blocked, warned, audited) for logging - GovernanceMetadata struct for rule provenance and documentation - Confidence enum (high, medium, low) - Rule struct extended with mode, priority, and governance fields - sort_rules_by_priority() function for priority-based ordering - Rule helper methods: effective_mode(), effective_priority(), is_enabled() All new fields are optional for backward compatibility. Existing v1.0 configs continue to work unchanged. Tests: 93 tests pass (added 20+ governance tests) Coverage: PolicyMode, Confidence, Decision, GovernanceMetadata parsing, Rule field defaults, priority sorting, YAML integration Refs: .speckit/features/phase2-governance/spec.md Closes: #38 #39 #40 #41 * feat(governance): implement mode-based action execution Implements P2.1-T05: Mode-based action execution Mode behavior: - Enforce: Normal execution (block, inject, run validators) - Warn: Never blocks, injects warning context instead - Audit: Logs only, no blocking or injection Changes: - hooks.rs: Added execute_rule_actions_with_mode() function - hooks.rs: Added execute_rule_actions_warn_mode() for warn mode - hooks.rs: Added merge_responses_with_mode() for mode awareness - hooks.rs: Added determine_decision() for logging decisions - config.rs: Updated enabled_rules() to use effective_priority() Tests: 101 tests pass (+8 new mode-based tests) Refs: .speckit/features/phase2-governance/spec.md Closes: #42 * feat(governance): implement conflict resolution for multi-rule scenarios Implements P2.1-T06: Conflict resolution Resolution logic: - Enforce mode wins over warn and audit (regardless of priority) - Among same modes, higher priority wins - Multiple blocks: highest priority block message used - Warnings and injections are accumulated New functions: - mode_precedence(): Returns numeric precedence (enforce=3, warn=2, audit=1) - RuleConflictEntry: Struct for conflict resolution entries - resolve_conflicts(): Resolves conflicts between multiple matched rules - rule_takes_precedence(): Compares two rules for precedence Tests: 109 tests pass (+8 new conflict resolution tests) Refs: .speckit/features/phase2-governance/spec.md Closes: #43 * feat(governance): complete Phase 2.2-2.4 + RuleZ UI scaffold Phase 2.2: Enhanced Logging - Decision enum, LogEntry governance fields, logs filtering Phase 2.3: CLI Enhancements - explain rule command with stats, JSON output, rules listing Phase 2.4: Trust Levels - TrustLevel enum, run action trust field, logging RuleZ UI: Milestone 1 Project Setup - Tauri 2.0 + React 18 + TypeScript scaffold - Dual-mode architecture, layout components, theming 68 tests passing, cargo fmt/clippy clean. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> * docs(speckit): update project status for Phase 2 and RuleZ UI M1 completion (#74) - Mark phase2-governance as Complete (all P2.1-P2.4 implemented) - Mark rulez-ui M1 (Project Setup) as complete - Update all user story checkboxes in features.md - Update all checklist items in phase2-governance-checklist.md - Update rulez-ui-checklist.md with M1 completion - Update plan.md files with completion status and PR references - Add git workflow note: develop is the working branch Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> * fix(cch): align Event struct with Claude Code hook protocol (#75) * fix(cch): align Event struct with Claude Code hook protocol CCH was completely non-functional as a Claude Code hook because it expected `event_type` but Claude Code sends `hook_event_name`. This commit fixes three critical issues: 1. Event struct: rename `event_type` to `hook_event_name` with `#[serde(alias = "event_type")]` for backward compat. Add missing fields (transcript_path, cwd, permission_mode, tool_use_id). Make timestamp default to Utc::now() since Claude Code doesn't send it. 2. EventType enum: add Stop, PostToolUseFailure, SubagentStart, SubagentStop, Notification, Setup variants. 3. Response struct: add `#[serde(rename = "continue")]` so it serializes as "continue" not "continue_". Also fixes install.rs to generate correct PascalCase settings.json with nested matcher/hooks structure, and updates all speckit specs and mastering-hooks skill docs to reflect the actual protocol. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix: use event cwd for config loading instead of current_dir() When Claude Code invokes CCH as a hook, the working directory may not be the project directory. Claude Code sends the project path as `cwd` in the event JSON. CCH now uses this field to locate the correct project's hooks.yaml, falling back to current_dir() when cwd is absent. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * style: fix cargo fmt formatting and bump version to 1.0.2 Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> * test: add e2e integration tests for git push block via Claude Code protocol (#76) 8 new tests verifying: - Git push blocked using hook_event_name (Claude Code format) - CWD-based config loading (CCH invoked from wrong directory) - Various git push variants all blocked - Non-push git commands allowed - Response JSON format (continue not continue_) - No-config fail-open behavior - CWD push variants from wrong directory Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> * fix(cch): use exit code 2 to block tool calls per Claude Code hooks protocol (#77) * fix(cch): use exit code 2 to block tool calls per Claude Code hooks protocol Claude Code hooks protocol requires exit code 2 (not exit 0 with continue:false) to actually block a tool call. Exit 0 with continue:false only stops Claude's conversation but does NOT prevent the tool from executing. This was why git push went through despite the hook firing. - main.rs: exit(2) with reason on stderr when blocking - Updated e2e, OQ-US1, and OQ-US3 tests to expect exit code 2 + stderr Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(tests): guard against divide-by-zero in memory stability test On Linux CI, the process exits before memory can be measured, resulting in first_avg=0. This caused a divide-by-zero panic at line 362. Now skips the comparison when memory measurement returns 0. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
RichardHightower
added a commit
that referenced
this pull request
Jan 28, 2026
* feat(ci): implement two-tier CI with develop/main branching strategy (#67) Add CI/CD tiered approach to balance development velocity with release quality: Branching Model: - main: Production-ready, protected, requires Full Validation - develop: Integration branch (default), requires Fast CI - feature/*, fix/*: Working branches CI Tiers: - Fast CI (~2-3 min): fmt, clippy, unit tests, Linux IQ smoke test Triggers on: PRs to develop, pushes to feature branches - Full Validation (~10-15 min): IQ (4 platforms) + OQ + PQ + evidence Triggers on: PRs to main, release tags, manual dispatch Workflow Changes: - ci.yml: Converted to Fast CI, triggers on develop/feature branches - validation.yml: Full validation, only PRs to main and releases - iq-validation.yml: Manual-only for formal validation runs Documentation: - constitution.md: Added CI/CD Policy section - docs/devops/BRANCHING.md: Detailed branching workflows - docs/devops/CI_TIERS.md: CI tier explanation - docs/devops/RELEASE_PROCESS.md: Release and hotfix workflows - AGENTS.md: Updated with new workflow instructions Benefits: - Daily development: ~2-3 min feedback loop - Releases: Thorough ~10-15 min validation - Hotfixes: Direct to main with backport to develop * fix(ci): update macOS Intel runner from macos-13 to macos-15-intel (#69) macOS 13 runners were retired by GitHub in Jan 2026. Using macos-15-intel as the new x86_64 runner (supported until Aug 2027). Reference: actions/runner-images#13046 * feat(governance): Phase 2.1 Core Governance Implementation (#71) * feat(governance): add Phase 2 governance types and Rule extensions Implements P2.1-T01 through P2.1-T04: - PolicyMode enum (enforce, warn, audit) with default=enforce - Decision enum (allowed, blocked, warned, audited) for logging - GovernanceMetadata struct for rule provenance and documentation - Confidence enum (high, medium, low) - Rule struct extended with mode, priority, and governance fields - sort_rules_by_priority() function for priority-based ordering - Rule helper methods: effective_mode(), effective_priority(), is_enabled() All new fields are optional for backward compatibility. Existing v1.0 configs continue to work unchanged. Tests: 93 tests pass (added 20+ governance tests) Coverage: PolicyMode, Confidence, Decision, GovernanceMetadata parsing, Rule field defaults, priority sorting, YAML integration Refs: .speckit/features/phase2-governance/spec.md Closes: #38 #39 #40 #41 * feat(governance): implement mode-based action execution Implements P2.1-T05: Mode-based action execution Mode behavior: - Enforce: Normal execution (block, inject, run validators) - Warn: Never blocks, injects warning context instead - Audit: Logs only, no blocking or injection Changes: - hooks.rs: Added execute_rule_actions_with_mode() function - hooks.rs: Added execute_rule_actions_warn_mode() for warn mode - hooks.rs: Added merge_responses_with_mode() for mode awareness - hooks.rs: Added determine_decision() for logging decisions - config.rs: Updated enabled_rules() to use effective_priority() Tests: 101 tests pass (+8 new mode-based tests) Refs: .speckit/features/phase2-governance/spec.md Closes: #42 * feat(governance): implement conflict resolution for multi-rule scenarios Implements P2.1-T06: Conflict resolution Resolution logic: - Enforce mode wins over warn and audit (regardless of priority) - Among same modes, higher priority wins - Multiple blocks: highest priority block message used - Warnings and injections are accumulated New functions: - mode_precedence(): Returns numeric precedence (enforce=3, warn=2, audit=1) - RuleConflictEntry: Struct for conflict resolution entries - resolve_conflicts(): Resolves conflicts between multiple matched rules - rule_takes_precedence(): Compares two rules for precedence Tests: 109 tests pass (+8 new conflict resolution tests) Refs: .speckit/features/phase2-governance/spec.md Closes: #43 * feat(governance): complete Phase 2.2-2.4 + RuleZ UI scaffold (#72) * feat(governance): add Phase 2 governance types and Rule extensions Implements P2.1-T01 through P2.1-T04: - PolicyMode enum (enforce, warn, audit) with default=enforce - Decision enum (allowed, blocked, warned, audited) for logging - GovernanceMetadata struct for rule provenance and documentation - Confidence enum (high, medium, low) - Rule struct extended with mode, priority, and governance fields - sort_rules_by_priority() function for priority-based ordering - Rule helper methods: effective_mode(), effective_priority(), is_enabled() All new fields are optional for backward compatibility. Existing v1.0 configs continue to work unchanged. Tests: 93 tests pass (added 20+ governance tests) Coverage: PolicyMode, Confidence, Decision, GovernanceMetadata parsing, Rule field defaults, priority sorting, YAML integration Refs: .speckit/features/phase2-governance/spec.md Closes: #38 #39 #40 #41 * feat(governance): implement mode-based action execution Implements P2.1-T05: Mode-based action execution Mode behavior: - Enforce: Normal execution (block, inject, run validators) - Warn: Never blocks, injects warning context instead - Audit: Logs only, no blocking or injection Changes: - hooks.rs: Added execute_rule_actions_with_mode() function - hooks.rs: Added execute_rule_actions_warn_mode() for warn mode - hooks.rs: Added merge_responses_with_mode() for mode awareness - hooks.rs: Added determine_decision() for logging decisions - config.rs: Updated enabled_rules() to use effective_priority() Tests: 101 tests pass (+8 new mode-based tests) Refs: .speckit/features/phase2-governance/spec.md Closes: #42 * feat(governance): implement conflict resolution for multi-rule scenarios Implements P2.1-T06: Conflict resolution Resolution logic: - Enforce mode wins over warn and audit (regardless of priority) - Among same modes, higher priority wins - Multiple blocks: highest priority block message used - Warnings and injections are accumulated New functions: - mode_precedence(): Returns numeric precedence (enforce=3, warn=2, audit=1) - RuleConflictEntry: Struct for conflict resolution entries - resolve_conflicts(): Resolves conflicts between multiple matched rules - rule_takes_precedence(): Compares two rules for precedence Tests: 109 tests pass (+8 new conflict resolution tests) Refs: .speckit/features/phase2-governance/spec.md Closes: #43 * feat(governance): complete Phase 2.2-2.4 + RuleZ UI scaffold Phase 2.2: Enhanced Logging - Decision enum, LogEntry governance fields, logs filtering Phase 2.3: CLI Enhancements - explain rule command with stats, JSON output, rules listing Phase 2.4: Trust Levels - TrustLevel enum, run action trust field, logging RuleZ UI: Milestone 1 Project Setup - Tauri 2.0 + React 18 + TypeScript scaffold - Dual-mode architecture, layout components, theming 68 tests passing, cargo fmt/clippy clean. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> * docs(speckit): update project status for Phase 2 and RuleZ UI M1 completion (#74) - Mark phase2-governance as Complete (all P2.1-P2.4 implemented) - Mark rulez-ui M1 (Project Setup) as complete - Update all user story checkboxes in features.md - Update all checklist items in phase2-governance-checklist.md - Update rulez-ui-checklist.md with M1 completion - Update plan.md files with completion status and PR references - Add git workflow note: develop is the working branch Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> * fix(cch): align Event struct with Claude Code hook protocol (#75) * fix(cch): align Event struct with Claude Code hook protocol CCH was completely non-functional as a Claude Code hook because it expected `event_type` but Claude Code sends `hook_event_name`. This commit fixes three critical issues: 1. Event struct: rename `event_type` to `hook_event_name` with `#[serde(alias = "event_type")]` for backward compat. Add missing fields (transcript_path, cwd, permission_mode, tool_use_id). Make timestamp default to Utc::now() since Claude Code doesn't send it. 2. EventType enum: add Stop, PostToolUseFailure, SubagentStart, SubagentStop, Notification, Setup variants. 3. Response struct: add `#[serde(rename = "continue")]` so it serializes as "continue" not "continue_". Also fixes install.rs to generate correct PascalCase settings.json with nested matcher/hooks structure, and updates all speckit specs and mastering-hooks skill docs to reflect the actual protocol. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix: use event cwd for config loading instead of current_dir() When Claude Code invokes CCH as a hook, the working directory may not be the project directory. Claude Code sends the project path as `cwd` in the event JSON. CCH now uses this field to locate the correct project's hooks.yaml, falling back to current_dir() when cwd is absent. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * style: fix cargo fmt formatting and bump version to 1.0.2 Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> * test: add e2e integration tests for git push block via Claude Code protocol (#76) 8 new tests verifying: - Git push blocked using hook_event_name (Claude Code format) - CWD-based config loading (CCH invoked from wrong directory) - Various git push variants all blocked - Non-push git commands allowed - Response JSON format (continue not continue_) - No-config fail-open behavior - CWD push variants from wrong directory Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> * fix(cch): use exit code 2 to block tool calls per Claude Code hooks protocol (#77) * fix(cch): use exit code 2 to block tool calls per Claude Code hooks protocol Claude Code hooks protocol requires exit code 2 (not exit 0 with continue:false) to actually block a tool call. Exit 0 with continue:false only stops Claude's conversation but does NOT prevent the tool from executing. This was why git push went through despite the hook firing. - main.rs: exit(2) with reason on stderr when blocking - Updated e2e, OQ-US1, and OQ-US3 tests to expect exit code 2 + stderr Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(tests): guard against divide-by-zero in memory stability test On Linux CI, the process exits before memory can be measured, resulting in first_avg=0. This caused a divide-by-zero panic at line 362. Now skips the comparison when memory measurement returns 0. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> * feat(rulez-ui): implement M2-M8 milestones with accessibility fixes (#79) * fix(cch): use exit code 2 to block tool calls per Claude Code hooks protocol Claude Code hooks protocol requires exit code 2 (not exit 0 with continue:false) to actually block a tool call. Exit 0 with continue:false only stops Claude's conversation but does NOT prevent the tool from executing. This was why git push went through despite the hook firing. - main.rs: exit(2) with reason on stderr when blocking - Updated e2e, OQ-US1, and OQ-US3 tests to expect exit code 2 + stderr Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(tests): guard against divide-by-zero in memory stability test On Linux CI, the process exits before memory can be measured, resulting in first_avg=0. This caused a divide-by-zero panic at line 362. Now skips the comparison when memory measurement returns 0. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * feat(rulez-ui): implement M2-M8 milestones with accessibility fixes - M2: Integrate Monaco Editor with YAML language support - Add YamlEditor component with @monaco-editor/react - Add EditorToolbar with undo/redo/format/wrap/minimap controls - Wire cursor position tracking to editorStore - M3: Schema validation with monaco-yaml - Add JSON Schema for hooks.yaml validation - Configure monaco-yaml for inline error markers - Add ValidationPanel with click-to-jump navigation - M4: Complete file operations - Add ConfirmDialog for unsaved changes prompt - Wire save/discard/cancel flow in FileTabBar - M5: Rule Tree View - Add RuleTreeView with collapsible Settings/Rules sections - Add RuleCard with action badges and tool chips - Add yaml-utils for YAML parsing with line positions - M6: Debug Simulator UI - Add EventForm with 7 event types - Add ResultView with outcome badges - Add EvaluationTrace with per-rule match details - Wire to runDebug Tauri command with mock fallback - M7: Monaco theming - Add light/dark Monaco themes matching app theme - Wire theme switching to uiStore - M8: Expand E2E tests - Add editor.spec.ts, simulator.spec.ts, tree-view.spec.ts - Add file-ops.spec.ts for tab management tests Accessibility fixes: - Add aria-hidden="true" to decorative SVGs - Add type="button" to all non-submit buttons - Add htmlFor/id to associate labels with form inputs - Restructure FileTabBar with semantic button elements Fix Tailwind CSS 4 migration: - Install @tailwindcss/postcss for PostCSS 8 compatibility - Replace custom theme colors with built-in colors in @apply Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * added claude files --------- Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> * feat: wiki sync setup and PR #80 merge fix (#81) * Release: v0.1.0 - Two-Tier CI with IQ/OQ/PQ Validation (#70) * feat(ci): implement two-tier CI with develop/main branching strategy (#67) Add CI/CD tiered approach to balance development velocity with release quality: Branching Model: - main: Production-ready, protected, requires Full Validation - develop: Integration branch (default), requires Fast CI - feature/*, fix/*: Working branches CI Tiers: - Fast CI (~2-3 min): fmt, clippy, unit tests, Linux IQ smoke test Triggers on: PRs to develop, pushes to feature branches - Full Validation (~10-15 min): IQ (4 platforms) + OQ + PQ + evidence Triggers on: PRs to main, release tags, manual dispatch Workflow Changes: - ci.yml: Converted to Fast CI, triggers on develop/feature branches - validation.yml: Full validation, only PRs to main and releases - iq-validation.yml: Manual-only for formal validation runs Documentation: - constitution.md: Added CI/CD Policy section - docs/devops/BRANCHING.md: Detailed branching workflows - docs/devops/CI_TIERS.md: CI tier explanation - docs/devops/RELEASE_PROCESS.md: Release and hotfix workflows - AGENTS.md: Updated with new workflow instructions Benefits: - Daily development: ~2-3 min feedback loop - Releases: Thorough ~10-15 min validation - Hotfixes: Direct to main with backport to develop * fix(ci): update macOS Intel runner from macos-13 to macos-15-intel (#69) macOS 13 runners were retired by GitHub in Jan 2026. Using macos-15-intel as the new x86_64 runner (supported until Aug 2027). Reference: actions/runner-images#13046 * Develop (#73) * feat(ci): implement two-tier CI with develop/main branching strategy (#67) Add CI/CD tiered approach to balance development velocity with release quality: Branching Model: - main: Production-ready, protected, requires Full Validation - develop: Integration branch (default), requires Fast CI - feature/*, fix/*: Working branches CI Tiers: - Fast CI (~2-3 min): fmt, clippy, unit tests, Linux IQ smoke test Triggers on: PRs to develop, pushes to feature branches - Full Validation (~10-15 min): IQ (4 platforms) + OQ + PQ + evidence Triggers on: PRs to main, release tags, manual dispatch Workflow Changes: - ci.yml: Converted to Fast CI, triggers on develop/feature branches - validation.yml: Full validation, only PRs to main and releases - iq-validation.yml: Manual-only for formal validation runs Documentation: - constitution.md: Added CI/CD Policy section - docs/devops/BRANCHING.md: Detailed branching workflows - docs/devops/CI_TIERS.md: CI tier explanation - docs/devops/RELEASE_PROCESS.md: Release and hotfix workflows - AGENTS.md: Updated with new workflow instructions Benefits: - Daily development: ~2-3 min feedback loop - Releases: Thorough ~10-15 min validation - Hotfixes: Direct to main with backport to develop * fix(ci): update macOS Intel runner from macos-13 to macos-15-intel (#69) macOS 13 runners were retired by GitHub in Jan 2026. Using macos-15-intel as the new x86_64 runner (supported until Aug 2027). Reference: actions/runner-images#13046 * feat(governance): Phase 2.1 Core Governance Implementation (#71) * feat(governance): add Phase 2 governance types and Rule extensions Implements P2.1-T01 through P2.1-T04: - PolicyMode enum (enforce, warn, audit) with default=enforce - Decision enum (allowed, blocked, warned, audited) for logging - GovernanceMetadata struct for rule provenance and documentation - Confidence enum (high, medium, low) - Rule struct extended with mode, priority, and governance fields - sort_rules_by_priority() function for priority-based ordering - Rule helper methods: effective_mode(), effective_priority(), is_enabled() All new fields are optional for backward compatibility. Existing v1.0 configs continue to work unchanged. Tests: 93 tests pass (added 20+ governance tests) Coverage: PolicyMode, Confidence, Decision, GovernanceMetadata parsing, Rule field defaults, priority sorting, YAML integration Refs: .speckit/features/phase2-governance/spec.md Closes: #38 #39 #40 #41 * feat(governance): implement mode-based action execution Implements P2.1-T05: Mode-based action execution Mode behavior: - Enforce: Normal execution (block, inject, run validators) - Warn: Never blocks, injects warning context instead - Audit: Logs only, no blocking or injection Changes: - hooks.rs: Added execute_rule_actions_with_mode() function - hooks.rs: Added execute_rule_actions_warn_mode() for warn mode - hooks.rs: Added merge_responses_with_mode() for mode awareness - hooks.rs: Added determine_decision() for logging decisions - config.rs: Updated enabled_rules() to use effective_priority() Tests: 101 tests pass (+8 new mode-based tests) Refs: .speckit/features/phase2-governance/spec.md Closes: #42 * feat(governance): implement conflict resolution for multi-rule scenarios Implements P2.1-T06: Conflict resolution Resolution logic: - Enforce mode wins over warn and audit (regardless of priority) - Among same modes, higher priority wins - Multiple blocks: highest priority block message used - Warnings and injections are accumulated New functions: - mode_precedence(): Returns numeric precedence (enforce=3, warn=2, audit=1) - RuleConflictEntry: Struct for conflict resolution entries - resolve_conflicts(): Resolves conflicts between multiple matched rules - rule_takes_precedence(): Compares two rules for precedence Tests: 109 tests pass (+8 new conflict resolution tests) Refs: .speckit/features/phase2-governance/spec.md Closes: #43 * feat(governance): complete Phase 2.2-2.4 + RuleZ UI scaffold (#72) * feat(governance): add Phase 2 governance types and Rule extensions Implements P2.1-T01 through P2.1-T04: - PolicyMode enum (enforce, warn, audit) with default=enforce - Decision enum (allowed, blocked, warned, audited) for logging - GovernanceMetadata struct for rule provenance and documentation - Confidence enum (high, medium, low) - Rule struct extended with mode, priority, and governance fields - sort_rules_by_priority() function for priority-based ordering - Rule helper methods: effective_mode(), effective_priority(), is_enabled() All new fields are optional for backward compatibility. Existing v1.0 configs continue to work unchanged. Tests: 93 tests pass (added 20+ governance tests) Coverage: PolicyMode, Confidence, Decision, GovernanceMetadata parsing, Rule field defaults, priority sorting, YAML integration Refs: .speckit/features/phase2-governance/spec.md Closes: #38 #39 #40 #41 * feat(governance): implement mode-based action execution Implements P2.1-T05: Mode-based action execution Mode behavior: - Enforce: Normal execution (block, inject, run validators) - Warn: Never blocks, injects warning context instead - Audit: Logs only, no blocking or injection Changes: - hooks.rs: Added execute_rule_actions_with_mode() function - hooks.rs: Added execute_rule_actions_warn_mode() for warn mode - hooks.rs: Added merge_responses_with_mode() for mode awareness - hooks.rs: Added determine_decision() for logging decisions - config.rs: Updated enabled_rules() to use effective_priority() Tests: 101 tests pass (+8 new mode-based tests) Refs: .speckit/features/phase2-governance/spec.md Closes: #42 * feat(governance): implement conflict resolution for multi-rule scenarios Implements P2.1-T06: Conflict resolution Resolution logic: - Enforce mode wins over warn and audit (regardless of priority) - Among same modes, higher priority wins - Multiple blocks: highest priority block message used - Warnings and injections are accumulated New functions: - mode_precedence(): Returns numeric precedence (enforce=3, warn=2, audit=1) - RuleConflictEntry: Struct for conflict resolution entries - resolve_conflicts(): Resolves conflicts between multiple matched rules - rule_takes_precedence(): Compares two rules for precedence Tests: 109 tests pass (+8 new conflict resolution tests) Refs: .speckit/features/phase2-governance/spec.md Closes: #43 * feat(governance): complete Phase 2.2-2.4 + RuleZ UI scaffold Phase 2.2: Enhanced Logging - Decision enum, LogEntry governance fields, logs filtering Phase 2.3: CLI Enhancements - explain rule command with stats, JSON output, rules listing Phase 2.4: Trust Levels - TrustLevel enum, run action trust field, logging RuleZ UI: Milestone 1 Project Setup - Tauri 2.0 + React 18 + TypeScript scaffold - Dual-mode architecture, layout components, theming 68 tests passing, cargo fmt/clippy clean. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> * Develop, release (#78) * feat(ci): implement two-tier CI with develop/main branching strategy (#67) Add CI/CD tiered approach to balance development velocity with release quality: Branching Model: - main: Production-ready, protected, requires Full Validation - develop: Integration branch (default), requires Fast CI - feature/*, fix/*: Working branches CI Tiers: - Fast CI (~2-3 min): fmt, clippy, unit tests, Linux IQ smoke test Triggers on: PRs to develop, pushes to feature branches - Full Validation (~10-15 min): IQ (4 platforms) + OQ + PQ + evidence Triggers on: PRs to main, release tags, manual dispatch Workflow Changes: - ci.yml: Converted to Fast CI, triggers on develop/feature branches - validation.yml: Full validation, only PRs to main and releases - iq-validation.yml: Manual-only for formal validation runs Documentation: - constitution.md: Added CI/CD Policy section - docs/devops/BRANCHING.md: Detailed branching workflows - docs/devops/CI_TIERS.md: CI tier explanation - docs/devops/RELEASE_PROCESS.md: Release and hotfix workflows - AGENTS.md: Updated with new workflow instructions Benefits: - Daily development: ~2-3 min feedback loop - Releases: Thorough ~10-15 min validation - Hotfixes: Direct to main with backport to develop * fix(ci): update macOS Intel runner from macos-13 to macos-15-intel (#69) macOS 13 runners were retired by GitHub in Jan 2026. Using macos-15-intel as the new x86_64 runner (supported until Aug 2027). Reference: actions/runner-images#13046 * feat(governance): Phase 2.1 Core Governance Implementation (#71) * feat(governance): add Phase 2 governance types and Rule extensions Implements P2.1-T01 through P2.1-T04: - PolicyMode enum (enforce, warn, audit) with default=enforce - Decision enum (allowed, blocked, warned, audited) for logging - GovernanceMetadata struct for rule provenance and documentation - Confidence enum (high, medium, low) - Rule struct extended with mode, priority, and governance fields - sort_rules_by_priority() function for priority-based ordering - Rule helper methods: effective_mode(), effective_priority(), is_enabled() All new fields are optional for backward compatibility. Existing v1.0 configs continue to work unchanged. Tests: 93 tests pass (added 20+ governance tests) Coverage: PolicyMode, Confidence, Decision, GovernanceMetadata parsing, Rule field defaults, priority sorting, YAML integration Refs: .speckit/features/phase2-governance/spec.md Closes: #38 #39 #40 #41 * feat(governance): implement mode-based action execution Implements P2.1-T05: Mode-based action execution Mode behavior: - Enforce: Normal execution (block, inject, run validators) - Warn: Never blocks, injects warning context instead - Audit: Logs only, no blocking or injection Changes: - hooks.rs: Added execute_rule_actions_with_mode() function - hooks.rs: Added execute_rule_actions_warn_mode() for warn mode - hooks.rs: Added merge_responses_with_mode() for mode awareness - hooks.rs: Added determine_decision() for logging decisions - config.rs: Updated enabled_rules() to use effective_priority() Tests: 101 tests pass (+8 new mode-based tests) Refs: .speckit/features/phase2-governance/spec.md Closes: #42 * feat(governance): implement conflict resolution for multi-rule scenarios Implements P2.1-T06: Conflict resolution Resolution logic: - Enforce mode wins over warn and audit (regardless of priority) - Among same modes, higher priority wins - Multiple blocks: highest priority block message used - Warnings and injections are accumulated New functions: - mode_precedence(): Returns numeric precedence (enforce=3, warn=2, audit=1) - RuleConflictEntry: Struct for conflict resolution entries - resolve_conflicts(): Resolves conflicts between multiple matched rules - rule_takes_precedence(): Compares two rules for precedence Tests: 109 tests pass (+8 new conflict resolution tests) Refs: .speckit/features/phase2-governance/spec.md Closes: #43 * feat(governance): complete Phase 2.2-2.4 + RuleZ UI scaffold (#72) * feat(governance): add Phase 2 governance types and Rule extensions Implements P2.1-T01 through P2.1-T04: - PolicyMode enum (enforce, warn, audit) with default=enforce - Decision enum (allowed, blocked, warned, audited) for logging - GovernanceMetadata struct for rule provenance and documentation - Confidence enum (high, medium, low) - Rule struct extended with mode, priority, and governance fields - sort_rules_by_priority() function for priority-based ordering - Rule helper methods: effective_mode(), effective_priority(), is_enabled() All new fields are optional for backward compatibility. Existing v1.0 configs continue to work unchanged. Tests: 93 tests pass (added 20+ governance tests) Coverage: PolicyMode, Confidence, Decision, GovernanceMetadata parsing, Rule field defaults, priority sorting, YAML integration Refs: .speckit/features/phase2-governance/spec.md Closes: #38 #39 #40 #41 * feat(governance): implement mode-based action execution Implements P2.1-T05: Mode-based action execution Mode behavior: - Enforce: Normal execution (block, inject, run validators) - Warn: Never blocks, injects warning context instead - Audit: Logs only, no blocking or injection Changes: - hooks.rs: Added execute_rule_actions_with_mode() function - hooks.rs: Added execute_rule_actions_warn_mode() for warn mode - hooks.rs: Added merge_responses_with_mode() for mode awareness - hooks.rs: Added determine_decision() for logging decisions - config.rs: Updated enabled_rules() to use effective_priority() Tests: 101 tests pass (+8 new mode-based tests) Refs: .speckit/features/phase2-governance/spec.md Closes: #42 * feat(governance): implement conflict resolution for multi-rule scenarios Implements P2.1-T06: Conflict resolution Resolution logic: - Enforce mode wins over warn and audit (regardless of priority) - Among same modes, higher priority wins - Multiple blocks: highest priority block message used - Warnings and injections are accumulated New functions: - mode_precedence(): Returns numeric precedence (enforce=3, warn=2, audit=1) - RuleConflictEntry: Struct for conflict resolution entries - resolve_conflicts(): Resolves conflicts between multiple matched rules - rule_takes_precedence(): Compares two rules for precedence Tests: 109 tests pass (+8 new conflict resolution tests) Refs: .speckit/features/phase2-governance/spec.md Closes: #43 * feat(governance): complete Phase 2.2-2.4 + RuleZ UI scaffold Phase 2.2: Enhanced Logging - Decision enum, LogEntry governance fields, logs filtering Phase 2.3: CLI Enhancements - explain rule command with stats, JSON output, rules listing Phase 2.4: Trust Levels - TrustLevel enum, run action trust field, logging RuleZ UI: Milestone 1 Project Setup - Tauri 2.0 + React 18 + TypeScript scaffold - Dual-mode architecture, layout components, theming 68 tests passing, cargo fmt/clippy clean. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> * docs(speckit): update project status for Phase 2 and RuleZ UI M1 completion (#74) - Mark phase2-governance as Complete (all P2.1-P2.4 implemented) - Mark rulez-ui M1 (Project Setup) as complete - Update all user story checkboxes in features.md - Update all checklist items in phase2-governance-checklist.md - Update rulez-ui-checklist.md with M1 completion - Update plan.md files with completion status and PR references - Add git workflow note: develop is the working branch Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> * fix(cch): align Event struct with Claude Code hook protocol (#75) * fix(cch): align Event struct with Claude Code hook protocol CCH was completely non-functional as a Claude Code hook because it expected `event_type` but Claude Code sends `hook_event_name`. This commit fixes three critical issues: 1. Event struct: rename `event_type` to `hook_event_name` with `#[serde(alias = "event_type")]` for backward compat. Add missing fields (transcript_path, cwd, permission_mode, tool_use_id). Make timestamp default to Utc::now() since Claude Code doesn't send it. 2. EventType enum: add Stop, PostToolUseFailure, SubagentStart, SubagentStop, Notification, Setup variants. 3. Response struct: add `#[serde(rename = "continue")]` so it serializes as "continue" not "continue_". Also fixes install.rs to generate correct PascalCase settings.json with nested matcher/hooks structure, and updates all speckit specs and mastering-hooks skill docs to reflect the actual protocol. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix: use event cwd for config loading instead of current_dir() When Claude Code invokes CCH as a hook, the working directory may not be the project directory. Claude Code sends the project path as `cwd` in the event JSON. CCH now uses this field to locate the correct project's hooks.yaml, falling back to current_dir() when cwd is absent. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * style: fix cargo fmt formatting and bump version to 1.0.2 Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> * test: add e2e integration tests for git push block via Claude Code protocol (#76) 8 new tests verifying: - Git push blocked using hook_event_name (Claude Code format) - CWD-based config loading (CCH invoked from wrong directory) - Various git push variants all blocked - Non-push git commands allowed - Response JSON format (continue not continue_) - No-config fail-open behavior - CWD push variants from wrong directory Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> * fix(cch): use exit code 2 to block tool calls per Claude Code hooks protocol (#77) * fix(cch): use exit code 2 to block tool calls per Claude Code hooks protocol Claude Code hooks protocol requires exit code 2 (not exit 0 with continue:false) to actually block a tool call. Exit 0 with continue:false only stops Claude's conversation but does NOT prevent the tool from executing. This was why git push went through despite the hook firing. - main.rs: exit(2) with reason on stderr when blocking - Updated e2e, OQ-US1, and OQ-US3 tests to expect exit code 2 + stderr Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(tests): guard against divide-by-zero in memory stability test On Linux CI, the process exits before memory can be measured, resulting in first_avg=0. This caused a divide-by-zero panic at line 362. Now skips the comparison when memory measurement returns 0. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> * docs: add wiki synchronization configuration - Add wiki-mapping.yml for source-to-wiki page mapping - Add wiki-mapping-process.md with detailed sync instructions Maps 35+ documentation files to GitHub Wiki pages including: - Core docs (User Guide CLI/Skill, Backlog, Changelog) - DevOps docs (Branching, CI Tiers, Release Process) - PRDs (CLI, System, RuleZ UI, Phase2 Governance) - SpecKit features (specs, plans, tasks for all features) - Checklists (governance, RuleZ UI) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> * fix: resolve PR #80 conflicts (second merge from main) (#82) * Release: v0.1.0 - Two-Tier CI with IQ/OQ/PQ Validation (#70) * feat(ci): implement two-tier CI with develop/main branching strategy (#67) Add CI/CD tiered approach to balance development velocity with release quality: Branching Model: - main: Production-ready, protected, requires Full Validation - develop: Integration branch (default), requires Fast CI - feature/*, fix/*: Working branches CI Tiers: - Fast CI (~2-3 min): fmt, clippy, unit tests, Linux IQ smoke test Triggers on: PRs to develop, pushes to feature branches - Full Validation (~10-15 min): IQ (4 platforms) + OQ + PQ + evidence Triggers on: PRs to main, release tags, manual dispatch Workflow Changes: - ci.yml: Converted to Fast CI, triggers on develop/feature branches - validation.yml: Full validation, only PRs to main and releases - iq-validation.yml: Manual-only for formal validation runs Documentation: - constitution.md: Added CI/CD Policy section - docs/devops/BRANCHING.md: Detailed branching workflows - docs/devops/CI_TIERS.md: CI tier explanation - docs/devops/RELEASE_PROCESS.md: Release and hotfix workflows - AGENTS.md: Updated with new workflow instructions Benefits: - Daily development: ~2-3 min feedback loop - Releases: Thorough ~10-15 min validation - Hotfixes: Direct to main with backport to develop * fix(ci): update macOS Intel runner from macos-13 to macos-15-intel (#69) macOS 13 runners were retired by GitHub in Jan 2026. Using macos-15-intel as the new x86_64 runner (supported until Aug 2027). Reference: actions/runner-images#13046 * Develop (#73) * feat(ci): implement two-tier CI with develop/main branching strategy (#67) Add CI/CD tiered approach to balance development velocity with release quality: Branching Model: - main: Production-ready, protected, requires Full Validation - develop: Integration branch (default), requires Fast CI - feature/*, fix/*: Working branches CI Tiers: - Fast CI (~2-3 min): fmt, clippy, unit tests, Linux IQ smoke test Triggers on: PRs to develop, pushes to feature branches - Full Validation (~10-15 min): IQ (4 platforms) + OQ + PQ + evidence Triggers on: PRs to main, release tags, manual dispatch Workflow Changes: - ci.yml: Converted to Fast CI, triggers on develop/feature branches - validation.yml: Full validation, only PRs to main and releases - iq-validation.yml: Manual-only for formal validation runs Documentation: - constitution.md: Added CI/CD Policy section - docs/devops/BRANCHING.md: Detailed branching workflows - docs/devops/CI_TIERS.md: CI tier explanation - docs/devops/RELEASE_PROCESS.md: Release and hotfix workflows - AGENTS.md: Updated with new workflow instructions Benefits: - Daily development: ~2-3 min feedback loop - Releases: Thorough ~10-15 min validation - Hotfixes: Direct to main with backport to develop * fix(ci): update macOS Intel runner from macos-13 to macos-15-intel (#69) macOS 13 runners were retired by GitHub in Jan 2026. Using macos-15-intel as the new x86_64 runner (supported until Aug 2027). Reference: actions/runner-images#13046 * feat(governance): Phase 2.1 Core Governance Implementation (#71) * feat(governance): add Phase 2 governance types and Rule extensions Implements P2.1-T01 through P2.1-T04: - PolicyMode enum (enforce, warn, audit) with default=enforce - Decision enum (allowed, blocked, warned, audited) for logging - GovernanceMetadata struct for rule provenance and documentation - Confidence enum (high, medium, low) - Rule struct extended with mode, priority, and governance fields - sort_rules_by_priority() function for priority-based ordering - Rule helper methods: effective_mode(), effective_priority(), is_enabled() All new fields are optional for backward compatibility. Existing v1.0 configs continue to work unchanged. Tests: 93 tests pass (added 20+ governance tests) Coverage: PolicyMode, Confidence, Decision, GovernanceMetadata parsing, Rule field defaults, priority sorting, YAML integration Refs: .speckit/features/phase2-governance/spec.md Closes: #38 #39 #40 #41 * feat(governance): implement mode-based action execution Implements P2.1-T05: Mode-based action execution Mode behavior: - Enforce: Normal execution (block, inject, run validators) - Warn: Never blocks, injects warning context instead - Audit: Logs only, no blocking or injection Changes: - hooks.rs: Added execute_rule_actions_with_mode() function - hooks.rs: Added execute_rule_actions_warn_mode() for warn mode - hooks.rs: Added merge_responses_with_mode() for mode awareness - hooks.rs: Added determine_decision() for logging decisions - config.rs: Updated enabled_rules() to use effective_priority() Tests: 101 tests pass (+8 new mode-based tests) Refs: .speckit/features/phase2-governance/spec.md Closes: #42 * feat(governance): implement conflict resolution for multi-rule scenarios Implements P2.1-T06: Conflict resolution Resolution logic: - Enforce mode wins over warn and audit (regardless of priority) - Among same modes, higher priority wins - Multiple blocks: highest priority block message used - Warnings and injections are accumulated New functions: - mode_precedence(): Returns numeric precedence (enforce=3, warn=2, audit=1) - RuleConflictEntry: Struct for conflict resolution entries - resolve_conflicts(): Resolves conflicts between multiple matched rules - rule_takes_precedence(): Compares two rules for precedence Tests: 109 tests pass (+8 new conflict resolution tests) Refs: .speckit/features/phase2-governance/spec.md Closes: #43 * feat(governance): complete Phase 2.2-2.4 + RuleZ UI scaffold (#72) * feat(governance): add Phase 2 governance types and Rule extensions Implements P2.1-T01 through P2.1-T04: - PolicyMode enum (enforce, warn, audit) with default=enforce - Decision enum (allowed, blocked, warned, audited) for logging - GovernanceMetadata struct for rule provenance and documentation - Confidence enum (high, medium, low) - Rule struct extended with mode, priority, and governance fields - sort_rules_by_priority() function for priority-based ordering - Rule helper methods: effective_mode(), effective_priority(), is_enabled() All new fields are optional for backward compatibility. Existing v1.0 configs continue to work unchanged. Tests: 93 tests pass (added 20+ governance tests) Coverage: PolicyMode, Confidence, Decision, GovernanceMetadata parsing, Rule field defaults, priority sorting, YAML integration Refs: .speckit/features/phase2-governance/spec.md Closes: #38 #39 #40 #41 * feat(governance): implement mode-based action execution Implements P2.1-T05: Mode-based action execution Mode behavior: - Enforce: Normal execution (block, inject, run validators) - Warn: Never blocks, injects warning context instead - Audit: Logs only, no blocking or injection Changes: - hooks.rs: Added execute_rule_actions_with_mode() function - hooks.rs: Added execute_rule_actions_warn_mode() for warn mode - hooks.rs: Added merge_responses_with_mode() for mode awareness - hooks.rs: Added determine_decision() for logging decisions - config.rs: Updated enabled_rules() to use effective_priority() Tests: 101 tests pass (+8 new mode-based tests) Refs: .speckit/features/phase2-governance/spec.md Closes: #42 * feat(governance): implement conflict resolution for multi-rule scenarios Implements P2.1-T06: Conflict resolution Resolution logic: - Enforce mode wins over warn and audit (regardless of priority) - Among same modes, higher priority wins - Multiple blocks: highest priority block message used - Warnings and injections are accumulated New functions: - mode_precedence(): Returns numeric precedence (enforce=3, warn=2, audit=1) - RuleConflictEntry: Struct for conflict resolution entries - resolve_conflicts(): Resolves conflicts between multiple matched rules - rule_takes_precedence(): Compares two rules for precedence Tests: 109 tests pass (+8 new conflict resolution tests) Refs: .speckit/features/phase2-governance/spec.md Closes: #43 * feat(governance): complete Phase 2.2-2.4 + RuleZ UI scaffold Phase 2.2: Enhanced Logging - Decision enum, LogEntry governance fields, logs filtering Phase 2.3: CLI Enhancements - explain rule command with stats, JSON output, rules listing Phase 2.4: Trust Levels - TrustLevel enum, run action trust field, logging RuleZ UI: Milestone 1 Project Setup - Tauri 2.0 + React 18 + TypeScript scaffold - Dual-mode architecture, layout components, theming 68 tests passing, cargo fmt/clippy clean. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> * Develop, release (#78) * feat(ci): implement two-tier CI with develop/main branching strategy (#67) Add CI/CD tiered approach to balance development velocity with release quality: Branching Model: - main: Production-ready, protected, requires Full Validation - develop: Integration branch (default), requires Fast CI - feature/*, fix/*: Working branches CI Tiers: - Fast CI (~2-3 min): fmt, clippy, unit tests, Linux IQ smoke test Triggers on: PRs to develop, pushes to feature branches - Full Validation (~10-15 min): IQ (4 platforms) + OQ + PQ + evidence Triggers on: PRs to main, release tags, manual dispatch Workflow Changes: - ci.yml: Converted to Fast CI, triggers on develop/feature branches - validation.yml: Full validation, only PRs to main and releases - iq-validation.yml: Manual-only for formal validation runs Documentation: - constitution.md: Added CI/CD Policy section - docs/devops/BRANCHING.md: Detailed branching workflows - docs/devops/CI_TIERS.md: CI tier explanation - docs/devops/RELEASE_PROCESS.md: Release and hotfix workflows - AGENTS.md: Updated with new workflow instructions Benefits: - Daily development: ~2-3 min feedback loop - Releases: Thorough ~10-15 min validation - Hotfixes: Direct to main with backport to develop * fix(ci): update macOS Intel runner from macos-13 to macos-15-intel (#69) macOS 13 runners were retired by GitHub in Jan 2026. Using macos-15-intel as the new x86_64 runner (supported until Aug 2027). Reference: actions/runner-images#13046 * feat(governance): Phase 2.1 Core Governance Implementation (#71) * feat(governance): add Phase 2 governance types and Rule extensions Implements P2.1-T01 through P2.1-T04: - PolicyMode enum (enforce, warn, audit) with default=enforce - Decision enum (allowed, blocked, warned, audited) for logging - GovernanceMetadata struct for rule provenance and documentation - Confidence enum (high, medium, low) - Rule struct extended with mode, priority, and governance fields - sort_rules_by_priority() function for priority-based ordering - Rule helper methods: effective_mode(), effective_priority(), is_enabled() All new fields are optional for backward compatibility. Existing v1.0 configs continue to work unchanged. Tests: 93 tests pass (added 20+ governance tests) Coverage: PolicyMode, Confidence, Decision, GovernanceMetadata parsing, Rule field defaults, priority sorting, YAML integration Refs: .speckit/features/phase2-governance/spec.md Closes: #38 #39 #40 #41 * feat(governance): implement mode-based action execution Implements P2.1-T05: Mode-based action execution Mode behavior: - Enforce: Normal execution (block, inject, run validators) - Warn: Never blocks, injects warning context instead - Audit: Logs only, no blocking or injection Changes: - hooks.rs: Added execute_rule_actions_with_mode() function - hooks.rs: Added execute_rule_actions_warn_mode() for warn mode - hooks.rs: Added merge_responses_with_mode() for mode awareness - hooks.rs: Added determine_decision() for logging decisions - config.rs: Updated enabled_rules() to use effective_priority() Tests: 101 tests pass (+8 new mode-based tests) Refs: .speckit/features/phase2-governance/spec.md Closes: #42 * feat(governance): implement conflict resolution for multi-rule scenarios Implements P2.1-T06: Conflict resolution Resolution logic: - Enforce mode wins over warn and audit (regardless of priority) - Among same modes, higher priority wins - Multiple blocks: highest priority block message used - Warnings and injections are accumulated New functions: - mode_precedence(): Returns numeric precedence (enforce=3, warn=2, audit=1) - RuleConflictEntry: Struct for conflict resolution entries - resolve_conflicts(): Resolves conflicts between multiple matched rules - rule_takes_precedence(): Compares two rules for precedence Tests: 109 tests pass (+8 new conflict resolution tests) Refs: .speckit/features/phase2-governance/spec.md Closes: #43 * feat(governance): complete Phase 2.2-2.4 + RuleZ UI scaffold (#72) * feat(governance): add Phase 2 governance types and Rule extensions Implements P2.1-T01 through P2.1-T04: - PolicyMode enum (enforce, warn, audit) with default=enforce - Decision enum (allowed, blocked, warned, audited) for logging - GovernanceMetadata struct for rule provenance and documentation - Confidence enum (high, medium, low) - Rule struct extended with mode, priority, and governance fields - sort_rules_by_priority() function for priority-based ordering - Rule helper methods: effective_mode(), effective_priority(), is_enabled() All new fields are optional for backward compatibility. Existing v1.0 configs continue to work unchanged. Tests: 93 tests pass (added 20+ governance tests) Coverage: PolicyMode, Confidence, Decision, GovernanceMetadata parsing, Rule field defaults, priority sorting, YAML integration Refs: .speckit/features/phase2-governance/spec.md Closes: #38 #39 #40 #41 * feat(governance): implement mode-based action execution Implements P2.1-T05: Mode-based action execution Mode behavior: - Enforce: Normal execution (block, inject, run validators) - Warn: Never blocks, injects warning context instead - Audit: Logs only, no blocking or injection Changes: - hooks.rs: Added execute_rule_actions_with_mode() function - hooks.rs: Added execute_rule_actions_warn_mode() for warn mode - hooks.rs: Added merge_responses_with_mode() for mode awareness - hooks.rs: Added determine_decision() for logging decisions - config.rs: Updated enabled_rules() to use effective_priority() Tests: 101 tests pass (+8 new mode-based tests) Refs: .speckit/features/phase2-governance/spec.md Closes: #42 * feat(governance): implement conflict resolution for multi-rule scenarios Implements P2.1-T06: Conflict resolution Resolution logic: - Enforce mode wins over warn and audit (regardless of priority) - Among same modes, higher priority wins - Multiple blocks: highest priority block message used - Warnings and injections are accumulated New functions: - mode_precedence(): Returns numeric precedence (enforce=3, warn=2, audit=1) - RuleConflictEntry: Struct for conflict resolution entries - resolve_conflicts(): Resolves conflicts between multiple matched rules - rule_takes_precedence(): Compares two rules for precedence Tests: 109 tests pass (+8 new conflict resolution tests) Refs: .speckit/features/phase2-governance/spec.md Closes: #43 * feat(governance): complete Phase 2.2-2.4 + RuleZ UI scaffold Phase 2.2: Enhanced Logging - Decision enum, LogEntry governance fields, logs filtering Phase 2.3: CLI Enhancements - explain rule command with stats, JSON output, rules listing Phase 2.4: Trust Levels - TrustLevel enum, run action trust field, logging RuleZ UI: Milestone 1 Project Setup - Tauri 2.0 + React 18 + TypeScript scaffold - Dual-mode architecture, layout components, theming 68 tests passing, cargo fmt/clippy clean. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> * docs(speckit): update project status for Phase 2 and RuleZ UI M1 completion (#74) - Mark phase2-governance as Complete (all P2.1-P2.4 implemented) - Mark rulez-ui M1 (Project Setup) as complete - Update all user story checkboxes in features.md - Update all checklist items in phase2-governance-checklist.md - Update rulez-ui-checklist.md with M1 completion - Update plan.md files with completion status and PR references - Add git workflow note: develop is the working branch Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> * fix(cch): align Event struct with Claude Code hook protocol (#75) * fix(cch): align Event struct with Claude Code hook protocol CCH was completely non-functional as a Claude Code hook because it expected `event_type` but Claude Code sends `hook_event_name`. This commit fixes three critical issues: 1. Event struct: rename `event_type` to `hook_event_name` with `#[serde(alias = "event_type")]` for backward compat. Add missing fields (transcript_path, cwd, permission_mode, tool_use_id). Make timestamp default to Utc::now() since Claude Code doesn't send it. 2. EventType enum: add Stop, PostToolUseFailure, SubagentStart, SubagentStop, Notification, Setup variants. 3. Response struct: add `#[serde(rename = "continue")]` so it serializes as "continue" not "continue_". Also fixes install.rs to generate correct PascalCase settings.json with nested matcher/hooks structure, and updates all speckit specs and mastering-hooks skill docs to reflect the actual protocol. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix: use event cwd for config loading instead of current_dir() When Claude Code invokes CCH as a hook, the working directory may not be the project directory. Claude Code sends the project path as `cwd` in the event JSON. CCH now uses this field to locate the correct project's hooks.yaml, falling back to current_dir() when cwd is absent. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * style: fix cargo fmt formatting and bump version to 1.0.2 Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> * test: add e2e integration tests for git push block via Claude Code protocol (#76) 8 new tests verifying: - Git push blocked using hook_event_name (Claude Code format) - CWD-based config loading (CCH invoked from wrong directory) - Various git push variants all blocked - Non-push git commands allowed - Response JSON format (continue not continue_) - No-config fail-open behavior - CWD push variants from wrong directory Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> * fix(cch): use exit code 2 to block tool calls per Claude Code hooks protocol (#77) * fix(cch): use exit code 2 to block tool calls per Claude Code hooks protocol Claude Code hooks protocol requires exit code 2 (not exit 0 with continue:false) to actually block a tool call. Exit 0 with continue:false only stops Claude's conversation but does NOT prevent the tool from executing. This was why git push went through despite the hook firing. - main.rs: exit(2) with reason on stderr when blocking - Updated e2e, OQ-US1, and OQ-US3 tests to expect exit code 2 + stderr Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(tests): guard against divide-by-zero in memory stability test On Linux CI, the process exits before memory can be measured, resulting in first_avg=0. This caused a divide-by-zero panic at line 362. Now skips the comparison when memory measurement returns 0. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
RichardHightower
added a commit
that referenced
this pull request
Jan 29, 2026
* Develop deploy (#80) * feat(ci): implement two-tier CI with develop/main branching strategy (#67) Add CI/CD tiered approach to balance development velocity with release quality: Branching Model: - main: Production-ready, protected, requires Full Validation - develop: Integration branch (default), requires Fast CI - feature/*, fix/*: Working branches CI Tiers: - Fast CI (~2-3 min): fmt, clippy, unit tests, Linux IQ smoke test Triggers on: PRs to develop, pushes to feature branches - Full Validation (~10-15 min): IQ (4 platforms) + OQ + PQ + evidence Triggers on: PRs to main, release tags, manual dispatch Workflow Changes: - ci.yml: Converted to Fast CI, triggers on develop/feature branches - validation.yml: Full validation, only PRs to main and releases - iq-validation.yml: Manual-only for formal validation runs Documentation: - constitution.md: Added CI/CD Policy section - docs/devops/BRANCHING.md: Detailed branching workflows - docs/devops/CI_TIERS.md: CI tier explanation - docs/devops/RELEASE_PROCESS.md: Release and hotfix workflows - AGENTS.md: Updated with new workflow instructions Benefits: - Daily development: ~2-3 min feedback loop - Releases: Thorough ~10-15 min validation - Hotfixes: Direct to main with backport to develop * fix(ci): update macOS Intel runner from macos-13 to macos-15-intel (#69) macOS 13 runners were retired by GitHub in Jan 2026. Using macos-15-intel as the new x86_64 runner (supported until Aug 2027). Reference: actions/runner-images#13046 * feat(governance): Phase 2.1 Core Governance Implementation (#71) * feat(governance): add Phase 2 governance types and Rule extensions Implements P2.1-T01 through P2.1-T04: - PolicyMode enum (enforce, warn, audit) with default=enforce - Decision enum (allowed, blocked, warned, audited) for logging - GovernanceMetadata struct for rule provenance and documentation - Confidence enum (high, medium, low) - Rule struct extended with mode, priority, and governance fields - sort_rules_by_priority() function for priority-based ordering - Rule helper methods: effective_mode(), effective_priority(), is_enabled() All new fields are optional for backward compatibility. Existing v1.0 configs continue to work unchanged. Tests: 93 tests pass (added 20+ governance tests) Coverage: PolicyMode, Confidence, Decision, GovernanceMetadata parsing, Rule field defaults, priority sorting, YAML integration Refs: .speckit/features/phase2-governance/spec.md Closes: #38 #39 #40 #41 * feat(governance): implement mode-based action execution Implements P2.1-T05: Mode-based action execution Mode behavior: - Enforce: Normal execution (block, inject, run validators) - Warn: Never blocks, injects warning context instead - Audit: Logs only, no blocking or injection Changes: - hooks.rs: Added execute_rule_actions_with_mode() function - hooks.rs: Added execute_rule_actions_warn_mode() for warn mode - hooks.rs: Added merge_responses_with_mode() for mode awareness - hooks.rs: Added determine_decision() for logging decisions - config.rs: Updated enabled_rules() to use effective_priority() Tests: 101 tests pass (+8 new mode-based tests) Refs: .speckit/features/phase2-governance/spec.md Closes: #42 * feat(governance): implement conflict resolution for multi-rule scenarios Implements P2.1-T06: Conflict resolution Resolution logic: - Enforce mode wins over warn and audit (regardless of priority) - Among same modes, higher priority wins - Multiple blocks: highest priority block message used - Warnings and injections are accumulated New functions: - mode_precedence(): Returns numeric precedence (enforce=3, warn=2, audit=1) - RuleConflictEntry: Struct for conflict resolution entries - resolve_conflicts(): Resolves conflicts between multiple matched rules - rule_takes_precedence(): Compares two rules for precedence Tests: 109 tests pass (+8 new conflict resolution tests) Refs: .speckit/features/phase2-governance/spec.md Closes: #43 * feat(governance): complete Phase 2.2-2.4 + RuleZ UI scaffold (#72) * feat(governance): add Phase 2 governance types and Rule extensions Implements P2.1-T01 through P2.1-T04: - PolicyMode enum (enforce, warn, audit) with default=enforce - Decision enum (allowed, blocked, warned, audited) for logging - GovernanceMetadata struct for rule provenance and documentation - Confidence enum (high, medium, low) - Rule struct extended with mode, priority, and governance fields - sort_rules_by_priority() function for priority-based ordering - Rule helper methods: effective_mode(), effective_priority(), is_enabled() All new fields are optional for backward compatibility. Existing v1.0 configs continue to work unchanged. Tests: 93 tests pass (added 20+ governance tests) Coverage: PolicyMode, Confidence, Decision, GovernanceMetadata parsing, Rule field defaults, priority sorting, YAML integration Refs: .speckit/features/phase2-governance/spec.md Closes: #38 #39 #40 #41 * feat(governance): implement mode-based action execution Implements P2.1-T05: Mode-based action execution Mode behavior: - Enforce: Normal execution (block, inject, run validators) - Warn: Never blocks, injects warning context instead - Audit: Logs only, no blocking or injection Changes: - hooks.rs: Added execute_rule_actions_with_mode() function - hooks.rs: Added execute_rule_actions_warn_mode() for warn mode - hooks.rs: Added merge_responses_with_mode() for mode awareness - hooks.rs: Added determine_decision() for logging decisions - config.rs: Updated enabled_rules() to use effective_priority() Tests: 101 tests pass (+8 new mode-based tests) Refs: .speckit/features/phase2-governance/spec.md Closes: #42 * feat(governance): implement conflict resolution for multi-rule scenarios Implements P2.1-T06: Conflict resolution Resolution logic: - Enforce mode wins over warn and audit (regardless of priority) - Among same modes, higher priority wins - Multiple blocks: highest priority block message used - Warnings and injections are accumulated New functions: - mode_precedence(): Returns numeric precedence (enforce=3, warn=2, audit=1) - RuleConflictEntry: Struct for conflict resolution entries - resolve_conflicts(): Resolves conflicts between multiple matched rules - rule_takes_precedence(): Compares two rules for precedence Tests: 109 tests pass (+8 new conflict resolution tests) Refs: .speckit/features/phase2-governance/spec.md Closes: #43 * feat(governance): complete Phase 2.2-2.4 + RuleZ UI scaffold Phase 2.2: Enhanced Logging - Decision enum, LogEntry governance fields, logs filtering Phase 2.3: CLI Enhancements - explain rule command with stats, JSON output, rules listing Phase 2.4: Trust Levels - TrustLevel enum, run action trust field, logging RuleZ UI: Milestone 1 Project Setup - Tauri 2.0 + React 18 + TypeScript scaffold - Dual-mode architecture, layout components, theming 68 tests passing, cargo fmt/clippy clean. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> * docs(speckit): update project status for Phase 2 and RuleZ UI M1 completion (#74) - Mark phase2-governance as Complete (all P2.1-P2.4 implemented) - Mark rulez-ui M1 (Project Setup) as complete - Update all user story checkboxes in features.md - Update all checklist items in phase2-governance-checklist.md - Update rulez-ui-checklist.md with M1 completion - Update plan.md files with completion status and PR references - Add git workflow note: develop is the working branch Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> * fix(cch): align Event struct with Claude Code hook protocol (#75) * fix(cch): align Event struct with Claude Code hook protocol CCH was completely non-functional as a Claude Code hook because it expected `event_type` but Claude Code sends `hook_event_name`. This commit fixes three critical issues: 1. Event struct: rename `event_type` to `hook_event_name` with `#[serde(alias = "event_type")]` for backward compat. Add missing fields (transcript_path, cwd, permission_mode, tool_use_id). Make timestamp default to Utc::now() since Claude Code doesn't send it. 2. EventType enum: add Stop, PostToolUseFailure, SubagentStart, SubagentStop, Notification, Setup variants. 3. Response struct: add `#[serde(rename = "continue")]` so it serializes as "continue" not "continue_". Also fixes install.rs to generate correct PascalCase settings.json with nested matcher/hooks structure, and updates all speckit specs and mastering-hooks skill docs to reflect the actual protocol. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix: use event cwd for config loading instead of current_dir() When Claude Code invokes CCH as a hook, the working directory may not be the project directory. Claude Code sends the project path as `cwd` in the event JSON. CCH now uses this field to locate the correct project's hooks.yaml, falling back to current_dir() when cwd is absent. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * style: fix cargo fmt formatting and bump version to 1.0.2 Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> * test: add e2e integration tests for git push block via Claude Code protocol (#76) 8 new tests verifying: - Git push blocked using hook_event_name (Claude Code format) - CWD-based config loading (CCH invoked from wrong directory) - Various git push variants all blocked - Non-push git commands allowed - Response JSON format (continue not continue_) - No-config fail-open behavior - CWD push variants from wrong directory Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> * fix(cch): use exit code 2 to block tool calls per Claude Code hooks protocol (#77) * fix(cch): use exit code 2 to block tool calls per Claude Code hooks protocol Claude Code hooks protocol requires exit code 2 (not exit 0 with continue:false) to actually block a tool call. Exit 0 with continue:false only stops Claude's conversation but does NOT prevent the tool from executing. This was why git push went through despite the hook firing. - main.rs: exit(2) with reason on stderr when blocking - Updated e2e, OQ-US1, and OQ-US3 tests to expect exit code 2 + stderr Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(tests): guard against divide-by-zero in memory stability test On Linux CI, the process exits before memory can be measured, resulting in first_avg=0. This caused a divide-by-zero panic at line 362. Now skips the comparison when memory measurement returns 0. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> * feat(rulez-ui): implement M2-M8 milestones with accessibility fixes (#79) * fix(cch): use exit code 2 to block tool calls per Claude Code hooks protocol Claude Code hooks protocol requires exit code 2 (not exit 0 with continue:false) to actually block a tool call. Exit 0 with continue:false only stops Claude's conversation but does NOT prevent the tool from executing. This was why git push went through despite the hook firing. - main.rs: exit(2) with reason on stderr when blocking - Updated e2e, OQ-US1, and OQ-US3 tests to expect exit code 2 + stderr Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(tests): guard against divide-by-zero in memory stability test On Linux CI, the process exits before memory can be measured, resulting in first_avg=0. This caused a divide-by-zero panic at line 362. Now skips the comparison when memory measurement returns 0. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * feat(rulez-ui): implement M2-M8 milestones with accessibility fixes - M2: Integrate Monaco Editor with YAML language support - Add YamlEditor component with @monaco-editor/react - Add EditorToolbar with undo/redo/format/wrap/minimap controls - Wire cursor position tracking to editorStore - M3: Schema validation with monaco-yaml - Add JSON Schema for hooks.yaml validation - Configure monaco-yaml for inline error markers - Add ValidationPanel with click-to-jump navigation - M4: Complete file operations - Add ConfirmDialog for unsaved changes prompt - Wire save/discard/cancel flow in FileTabBar - M5: Rule Tree View - Add RuleTreeView with collapsible Settings/Rules sections - Add RuleCard with action badges and tool chips - Add yaml-utils for YAML parsing with line positions - M6: Debug Simulator UI - Add EventForm with 7 event types - Add ResultView with outcome badges - Add EvaluationTrace with per-rule match details - Wire to runDebug Tauri command with mock fallback - M7: Monaco theming - Add light/dark Monaco themes matching app theme - Wire theme switching to uiStore - M8: Expand E2E tests - Add editor.spec.ts, simulator.spec.ts, tree-view.spec.ts - Add file-ops.spec.ts for tab management tests Accessibility fixes: - Add aria-hidden="true" to decorative SVGs - Add type="button" to all non-submit buttons - Add htmlFor/id to associate labels with form inputs - Restructure FileTabBar with semantic button elements Fix Tailwind CSS 4 migration: - Install @tailwindcss/postcss for PostCSS 8 compatibility - Replace custom theme colors with built-in colors in @apply Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * added claude files --------- Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> * feat: wiki sync setup and PR #80 merge fix (#81) * Release: v0.1.0 - Two-Tier CI with IQ/OQ/PQ Validation (#70) * feat(ci): implement two-tier CI with develop/main branching strategy (#67) Add CI/CD tiered approach to balance development velocity with release quality: Branching Model: - main: Production-ready, protected, requires Full Validation - develop: Integration branch (default), requires Fast CI - feature/*, fix/*: Working branches CI Tiers: - Fast CI (~2-3 min): fmt, clippy, unit tests, Linux IQ smoke test Triggers on: PRs to develop, pushes to feature branches - Full Validation (~10-15 min): IQ (4 platforms) + OQ + PQ + evidence Triggers on: PRs to main, release tags, manual dispatch Workflow Changes: - ci.yml: Converted to Fast CI, triggers on develop/feature branches - validation.yml: Full validation, only PRs to main and releases - iq-validation.yml: Manual-only for formal validation runs Documentation: - constitution.md: Added CI/CD Policy section - docs/devops/BRANCHING.md: Detailed branching workflows - docs/devops/CI_TIERS.md: CI tier explanation - docs/devops/RELEASE_PROCESS.md: Release and hotfix workflows - AGENTS.md: Updated with new workflow instructions Benefits: - Daily development: ~2-3 min feedback loop - Releases: Thorough ~10-15 min validation - Hotfixes: Direct to main with backport to develop * fix(ci): update macOS Intel runner from macos-13 to macos-15-intel (#69) macOS 13 runners were retired by GitHub in Jan 2026. Using macos-15-intel as the new x86_64 runner (supported until Aug 2027). Reference: actions/runner-images#13046 * Develop (#73) * feat(ci): implement two-tier CI with develop/main branching strategy (#67) Add CI/CD tiered approach to balance development velocity with release quality: Branching Model: - main: Production-ready, protected, requires Full Validation - develop: Integration branch (default), requires Fast CI - feature/*, fix/*: Working branches CI Tiers: - Fast CI (~2-3 min): fmt, clippy, unit tests, Linux IQ smoke test Triggers on: PRs to develop, pushes to feature branches - Full Validation (~10-15 min): IQ (4 platforms) + OQ + PQ + evidence Triggers on: PRs to main, release tags, manual dispatch Workflow Changes: - ci.yml: Converted to Fast CI, triggers on develop/feature branches - validation.yml: Full validation, only PRs to main and releases - iq-validation.yml: Manual-only for formal validation runs Documentation: - constitution.md: Added CI/CD Policy section - docs/devops/BRANCHING.md: Detailed branching workflows - docs/devops/CI_TIERS.md: CI tier explanation - docs/devops/RELEASE_PROCESS.md: Release and hotfix workflows - AGENTS.md: Updated with new workflow instructions Benefits: - Daily development: ~2-3 min feedback loop - Releases: Thorough ~10-15 min validation - Hotfixes: Direct to main with backport to develop * fix(ci): update macOS Intel runner from macos-13 to macos-15-intel (#69) macOS 13 runners were retired by GitHub in Jan 2026. Using macos-15-intel as the new x86_64 runner (supported until Aug 2027). Reference: actions/runner-images#13046 * feat(governance): Phase 2.1 Core Governance Implementation (#71) * feat(governance): add Phase 2 governance types and Rule extensions Implements P2.1-T01 through P2.1-T04: - PolicyMode enum (enforce, warn, audit) with default=enforce - Decision enum (allowed, blocked, warned, audited) for logging - GovernanceMetadata struct for rule provenance and documentation - Confidence enum (high, medium, low) - Rule struct extended with mode, priority, and governance fields - sort_rules_by_priority() function for priority-based ordering - Rule helper methods: effective_mode(), effective_priority(), is_enabled() All new fields are optional for backward compatibility. Existing v1.0 configs continue to work unchanged. Tests: 93 tests pass (added 20+ governance tests) Coverage: PolicyMode, Confidence, Decision, GovernanceMetadata parsing, Rule field defaults, priority sorting, YAML integration Refs: .speckit/features/phase2-governance/spec.md Closes: #38 #39 #40 #41 * feat(governance): implement mode-based action execution Implements P2.1-T05: Mode-based action execution Mode behavior: - Enforce: Normal execution (block, inject, run validators) - Warn: Never blocks, injects warning context instead - Audit: Logs only, no blocking or injection Changes: - hooks.rs: Added execute_rule_actions_with_mode() function - hooks.rs: Added execute_rule_actions_warn_mode() for warn mode - hooks.rs: Added merge_responses_with_mode() for mode awareness - hooks.rs: Added determine_decision() for logging decisions - config.rs: Updated enabled_rules() to use effective_priority() Tests: 101 tests pass (+8 new mode-based tests) Refs: .speckit/features/phase2-governance/spec.md Closes: #42 * feat(governance): implement conflict resolution for multi-rule scenarios Implements P2.1-T06: Conflict resolution Resolution logic: - Enforce mode wins over warn and audit (regardless of priority) - Among same modes, higher priority wins - Multiple blocks: highest priority block message used - Warnings and injections are accumulated New functions: - mode_precedence(): Returns numeric precedence (enforce=3, warn=2, audit=1) - RuleConflictEntry: Struct for conflict resolution entries - resolve_conflicts(): Resolves conflicts between multiple matched rules - rule_takes_precedence(): Compares two rules for precedence Tests: 109 tests pass (+8 new conflict resolution tests) Refs: .speckit/features/phase2-governance/spec.md Closes: #43 * feat(governance): complete Phase 2.2-2.4 + RuleZ UI scaffold (#72) * feat(governance): add Phase 2 governance types and Rule extensions Implements P2.1-T01 through P2.1-T04: - PolicyMode enum (enforce, warn, audit) with default=enforce - Decision enum (allowed, blocked, warned, audited) for logging - GovernanceMetadata struct for rule provenance and documentation - Confidence enum (high, medium, low) - Rule struct extended with mode, priority, and governance fields - sort_rules_by_priority() function for priority-based ordering - Rule helper methods: effective_mode(), effective_priority(), is_enabled() All new fields are optional for backward compatibility. Existing v1.0 configs continue to work unchanged. Tests: 93 tests pass (added 20+ governance tests) Coverage: PolicyMode, Confidence, Decision, GovernanceMetadata parsing, Rule field defaults, priority sorting, YAML integration Refs: .speckit/features/phase2-governance/spec.md Closes: #38 #39 #40 #41 * feat(governance): implement mode-based action execution Implements P2.1-T05: Mode-based action execution Mode behavior: - Enforce: Normal execution (block, inject, run validators) - Warn: Never blocks, injects warning context instead - Audit: Logs only, no blocking or injection Changes: - hooks.rs: Added execute_rule_actions_with_mode() function - hooks.rs: Added execute_rule_actions_warn_mode() for warn mode - hooks.rs: Added merge_responses_with_mode() for mode awareness - hooks.rs: Added determine_decision() for logging decisions - config.rs: Updated enabled_rules() to use effective_priority() Tests: 101 tests pass (+8 new mode-based tests) Refs: .speckit/features/phase2-governance/spec.md Closes: #42 * feat(governance): implement conflict resolution for multi-rule scenarios Implements P2.1-T06: Conflict resolution Resolution logic: - Enforce mode wins over warn and audit (regardless of priority) - Among same modes, higher priority wins - Multiple blocks: highest priority block message used - Warnings and injections are accumulated New functions: - mode_precedence(): Returns numeric precedence (enforce=3, warn=2, audit=1) - RuleConflictEntry: Struct for conflict resolution entries - resolve_conflicts(): Resolves conflicts between multiple matched rules - rule_takes_precedence(): Compares two rules for precedence Tests: 109 tests pass (+8 new conflict resolution tests) Refs: .speckit/features/phase2-governance/spec.md Closes: #43 * feat(governance): complete Phase 2.2-2.4 + RuleZ UI scaffold Phase 2.2: Enhanced Logging - Decision enum, LogEntry governance fields, logs filtering Phase 2.3: CLI Enhancements - explain rule command with stats, JSON output, rules listing Phase 2.4: Trust Levels - TrustLevel enum, run action trust field, logging RuleZ UI: Milestone 1 Project Setup - Tauri 2.0 + React 18 + TypeScript scaffold - Dual-mode architecture, layout components, theming 68 tests passing, cargo fmt/clippy clean. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> * Develop, release (#78) * feat(ci): implement two-tier CI with develop/main branching strategy (#67) Add CI/CD tiered approach to balance development velocity with release quality: Branching Model: - main: Production-ready, protected, requires Full Validation - develop: Integration branch (default), requires Fast CI - feature/*, fix/*: Working branches CI Tiers: - Fast CI (~2-3 min): fmt, clippy, unit tests, Linux IQ smoke test Triggers on: PRs to develop, pushes to feature branches - Full Validation (~10-15 min): IQ (4 platforms) + OQ + PQ + evidence Triggers on: PRs to main, release tags, manual dispatch Workflow Changes: - ci.yml: Converted to Fast CI, triggers on develop/feature branches - validation.yml: Full validation, only PRs to main and releases - iq-validation.yml: Manual-only for formal validation runs Documentation: - constitution.md: Added CI/CD Policy section - docs/devops/BRANCHING.md: Detailed branching workflows - docs/devops/CI_TIERS.md: CI tier explanation - docs/devops/RELEASE_PROCESS.md: Release and hotfix workflows - AGENTS.md: Updated with new workflow instructions Benefits: - Daily development: ~2-3 min feedback loop - Releases: Thorough ~10-15 min validation - Hotfixes: Direct to main with backport to develop * fix(ci): update macOS Intel runner from macos-13 to macos-15-intel (#69) macOS 13 runners were retired by GitHub in Jan 2026. Using macos-15-intel as the new x86_64 runner (supported until Aug 2027). Reference: actions/runner-images#13046 * feat(governance): Phase 2.1 Core Governance Implementation (#71) * feat(governance): add Phase 2 governance types and Rule extensions Implements P2.1-T01 through P2.1-T04: - PolicyMode enum (enforce, warn, audit) with default=enforce - Decision enum (allowed, blocked, warned, audited) for logging - GovernanceMetadata struct for rule provenance and documentation - Confidence enum (high, medium, low) - Rule struct extended with mode, priority, and governance fields - sort_rules_by_priority() function for priority-based ordering - Rule helper methods: effective_mode(), effective_priority(), is_enabled() All new fields are optional for backward compatibility. Existing v1.0 configs continue to work unchanged. Tests: 93 tests pass (added 20+ governance tests) Coverage: PolicyMode, Confidence, Decision, GovernanceMetadata parsing, Rule field defaults, priority sorting, YAML integration Refs: .speckit/features/phase2-governance/spec.md Closes: #38 #39 #40 #41 * feat(governance): implement mode-based action execution Implements P2.1-T05: Mode-based action execution Mode behavior: - Enforce: Normal execution (block, inject, run validators) - Warn: Never blocks, injects warning context instead - Audit: Logs only, no blocking or injection Changes: - hooks.rs: Added execute_rule_actions_with_mode() function - hooks.rs: Added execute_rule_actions_warn_mode() for warn mode - hooks.rs: Added merge_responses_with_mode() for mode awareness - hooks.rs: Added determine_decision() for logging decisions - config.rs: Updated enabled_rules() to use effective_priority() Tests: 101 tests pass (+8 new mode-based tests) Refs: .speckit/features/phase2-governance/spec.md Closes: #42 * feat(governance): implement conflict resolution for multi-rule scenarios Implements P2.1-T06: Conflict resolution Resolution logic: - Enforce mode wins over warn and audit (regardless of priority) - Among same modes, higher priority wins - Multiple blocks: highest priority block message used - Warnings and injections are accumulated New functions: - mode_precedence(): Returns numeric precedence (enforce=3, warn=2, audit=1) - RuleConflictEntry: Struct for conflict resolution entries - resolve_conflicts(): Resolves conflicts between multiple matched rules - rule_takes_precedence(): Compares two rules for precedence Tests: 109 tests pass (+8 new conflict resolution tests) Refs: .speckit/features/phase2-governance/spec.md Closes: #43 * feat(governance): complete Phase 2.2-2.4 + RuleZ UI scaffold (#72) * feat(governance): add Phase 2 governance types and Rule extensions Implements P2.1-T01 through P2.1-T04: - PolicyMode enum (enforce, warn, audit) with default=enforce - Decision enum (allowed, blocked, warned, audited) for logging - GovernanceMetadata struct for rule provenance and documentation - Confidence enum (high, medium, low) - Rule struct extended with mode, priority, and governance fields - sort_rules_by_priority() function for priority-based ordering - Rule helper methods: effective_mode(), effective_priority(), is_enabled() All new fields are optional for backward compatibility. Existing v1.0 configs continue to work unchanged. Tests: 93 tests pass (added 20+ governance tests) Coverage: PolicyMode, Confidence, Decision, GovernanceMetadata parsing, Rule field defaults, priority sorting, YAML integration Refs: .speckit/features/phase2-governance/spec.md Closes: #38 #39 #40 #41 * feat(governance): implement mode-based action execution Implements P2.1-T05: Mode-based action execution Mode behavior: - Enforce: Normal execution (block, inject, run validators) - Warn: Never blocks, injects warning context instead - Audit: Logs only, no blocking or injection Changes: - hooks.rs: Added execute_rule_actions_with_mode() function - hooks.rs: Added execute_rule_actions_warn_mode() for warn mode - hooks.rs: Added merge_responses_with_mode() for mode awareness - hooks.rs: Added determine_decision() for logging decisions - config.rs: Updated enabled_rules() to use effective_priority() Tests: 101 tests pass (+8 new mode-based tests) Refs: .speckit/features/phase2-governance/spec.md Closes: #42 * feat(governance): implement conflict resolution for multi-rule scenarios Implements P2.1-T06: Conflict resolution Resolution logic: - Enforce mode wins over warn and audit (regardless of priority) - Among same modes, higher priority wins - Multiple blocks: highest priority block message used - Warnings and injections are accumulated New functions: - mode_precedence(): Returns numeric precedence (enforce=3, warn=2, audit=1) - RuleConflictEntry: Struct for conflict resolution entries - resolve_conflicts(): Resolves conflicts between multiple matched rules - rule_takes_precedence(): Compares two rules for precedence Tests: 109 tests pass (+8 new conflict resolution tests) Refs: .speckit/features/phase2-governance/spec.md Closes: #43 * feat(governance): complete Phase 2.2-2.4 + RuleZ UI scaffold Phase 2.2: Enhanced Logging - Decision enum, LogEntry governance fields, logs filtering Phase 2.3: CLI Enhancements - explain rule command with stats, JSON output, rules listing Phase 2.4: Trust Levels - TrustLevel enum, run action trust field, logging RuleZ UI: Milestone 1 Project Setup - Tauri 2.0 + React 18 + TypeScript scaffold - Dual-mode architecture, layout components, theming 68 tests passing, cargo fmt/clippy clean. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> * docs(speckit): update project status for Phase 2 and RuleZ UI M1 completion (#74) - Mark phase2-governance as Complete (all P2.1-P2.4 implemented) - Mark rulez-ui M1 (Project Setup) as complete - Update all user story checkboxes in features.md - Update all checklist items in phase2-governance-checklist.md - Update rulez-ui-checklist.md with M1 completion - Update plan.md files with completion status and PR references - Add git workflow note: develop is the working branch Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> * fix(cch): align Event struct with Claude Code hook protocol (#75) * fix(cch): align Event struct with Claude Code hook protocol CCH was completely non-functional as a Claude Code hook because it expected `event_type` but Claude Code sends `hook_event_name`. This commit fixes three critical issues: 1. Event struct: rename `event_type` to `hook_event_name` with `#[serde(alias = "event_type")]` for backward compat. Add missing fields (transcript_path, cwd, permission_mode, tool_use_id). Make timestamp default to Utc::now() since Claude Code doesn't send it. 2. EventType enum: add Stop, PostToolUseFailure, SubagentStart, SubagentStop, Notification, Setup variants. 3. Response struct: add `#[serde(rename = "continue")]` so it serializes as "continue" not "continue_". Also fixes install.rs to generate correct PascalCase settings.json with nested matcher/hooks structure, and updates all speckit specs and mastering-hooks skill docs to reflect the actual protocol. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix: use event cwd for config loading instead of current_dir() When Claude Code invokes CCH as a hook, the working directory may not be the project directory. Claude Code sends the project path as `cwd` in the event JSON. CCH now uses this field to locate the correct project's hooks.yaml, falling back to current_dir() when cwd is absent. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * style: fix cargo fmt formatting and bump version to 1.0.2 Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> * test: add e2e integration tests for git push block via Claude Code protocol (#76) 8 new tests verifying: - Git push blocked using hook_event_name (Claude Code format) - CWD-based config loading (CCH invoked from wrong directory) - Various git push variants all blocked - Non-push git commands allowed - Response JSON format (continue not continue_) - No-config fail-open behavior - CWD push variants from wrong directory Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> * fix(cch): use exit code 2 to block tool calls per Claude Code hooks protocol (#77) * fix(cch): use exit code 2 to block tool calls per Claude Code hooks protocol Claude Code hooks protocol requires exit code 2 (not exit 0 with continue:false) to actually block a tool call. Exit 0 with continue:false only stops Claude's conversation but does NOT prevent the tool from executing. This was why git push went through despite the hook firing. - main.rs: exit(2) with reason on stderr when blocking - Updated e2e, OQ-US1, and OQ-US3 tests to expect exit code 2 + stderr Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(tests): guard against divide-by-zero in memory stability test On Linux CI, the process exits before memory can be measured, resulting in first_avg=0. This caused a divide-by-zero panic at line 362. Now skips the comparison when memory measurement returns 0. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> * docs: add wiki synchronization configuration - Add wiki-mapping.yml for source-to-wiki page mapping - Add wiki-mapping-process.md with detailed sync instructions Maps 35+ documentation files to GitHub Wiki pages including: - Core docs (User Guide CLI/Skill, Backlog, Changelog) - DevOps docs (Branching, CI Tiers, Release Process) - PRDs (CLI, System, RuleZ UI, Phase2 Governance) - SpecKit features (specs, plans, tasks for all features) - Checklists (governance, RuleZ UI) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> * fix: resolve PR #80 conflicts (second merge from main) (#82) * Release: v0.1.0 - Two-Tier CI with IQ/OQ/PQ Validation (#70) * feat(ci): implement two-tier CI with develop/main branching strategy (#67) Add CI/CD tiered approach to balance development velocity with release quality: Branching Model: - main: Production-ready, protected, requires Full Validation - develop: Integration branch (default), requires Fast CI - feature/*, fix/*: Working branches CI Tiers: - Fast CI (~2-3 min): fmt, clippy, unit tests, Linux IQ smoke test Triggers on: PRs to develop, pushes to feature branches - Full Validation (~10-15 min): IQ (4 platforms) + OQ + PQ + evidence Triggers on: PRs to main, release tags, manual dispatch Workflow Changes: - ci.yml: Converted to Fast CI, triggers on develop/feature branches - validation.yml: Full validation, only PRs to main and releases - iq-validation.yml: Manual-only for formal validation runs Documentation: - constitution.md: Added CI/CD Policy section - docs/devops/BRANCHING.md: Detailed branching workflows - docs/devops/CI_TIERS.md: CI tier explanation - docs/devops/RELEASE_PROCESS.md: Release and hotfix workflows - AGENTS.md: Updated with new workflow instructions Benefits: - Daily development: ~2-3 min feedback loop - Releases: Thorough ~10-15 min validation - Hotfixes: Direct to main with backport to develop * fix(ci): update macOS Intel runner from macos-13 to macos-15-intel (#69) macOS 13 runners were retired by GitHub in Jan 2026. Using macos-15-intel as the new x86_64 runner (supported until Aug 2027). Reference: actions/runner-images#13046 * Develop (#73) * feat(ci): implement two-tier CI with develop/main branching strategy (#67) Add CI/CD tiered approach to balance development velocity with release quality: Branching Model: - main: Production-ready, protected, requires Full Validation - develop: Integration branch (default), requires Fast CI - feature/*, fix/*: Working branches CI Tiers: - Fast CI (~2-3 min): fmt, clippy, unit tests, Linux IQ smoke test Triggers on: PRs to develop, pushes to feature branches - Full Validation (~10-15 min): IQ (4 platforms) + OQ + PQ + evidence Triggers on: PRs to main, release tags, manual dispatch Workflow Changes: - ci.yml: Converted to Fast CI, triggers on develop/feature branches - validation.yml: Full validation, only PRs to main and releases - iq-validation.yml: Manual-only for formal validation runs Documentation: - constitution.md: Added CI/CD Policy section - docs/devops/BRANCHING.md: Detailed branching workflows - docs/devops/CI_TIERS.md: CI tier explanation - docs/devops/RELEASE_PROCESS.md: Release and hotfix workflows - AGENTS.md: Updated with new workflow instructions Benefits: - Daily development: ~2-3 min feedback loop - Releases: Thorough ~10-15 min validation - Hotfixes: Direct to main with backport to develop * fix(ci): update macOS Intel runner from macos-13 to macos-15-intel (#69) macOS 13 runners were retired by GitHub in Jan 2026. Using macos-15-intel as the new x86_64 runner (supported until Aug 2027). Reference: actions/runner-images#13046 * feat(governance): Phase 2.1 Core Governance Implementation (#71) * feat(governance): add Phase 2 governance types and Rule extensions Implements P2.1-T01 through P2.1-T04: - PolicyMode enum (enforce, warn, audit) with default=enforce - Decision enum (allowed, blocked, warned, audited) for logging - GovernanceMetadata struct for rule provenance and documentation - Confidence enum (high, medium, low) - Rule struct extended with mode, priority, and governance fields - sort_rules_by_priority() function for priority-based ordering - Rule helper methods: effective_mode(), effective_priority(), is_enabled() All new fields are optional for backward compatibility. Existing v1.0 configs continue to work unchanged. Tests: 93 tests pass (added 20+ governance tests) Coverage: PolicyMode, Confidence, Decision, GovernanceMetadata parsing, Rule field defaults, priority sorting, YAML integration Refs: .speckit/features/phase2-governance/spec.md Closes: #38 #39 #40 #41 * feat(governance): implement mode-based action execution Implements P2.1-T05: Mode-based action execution Mode behavior: - Enforce: Normal execution (block, inject, run validators) - Warn: Never blocks, injects warning context instead - Audit: Logs only, no blocking or injection Changes: - hooks.rs: Added execute_rule_actions_with_mode() function - hooks.rs: Added execute_rule_actions_warn_mode() for warn mode - hooks.rs: Added merge_responses_with_mode() for mode awareness - hooks.rs: Added determine_decision() for logging decisions - config.rs: Updated enabled_rules() to use effective_priority() Tests: 101 tests pass (+8 new mode-based tests) Refs: .speckit/features/phase2-governance/spec.md Closes: #42 * feat(governance): implement conflict resolution for multi-rule scenarios Implements P2.1-T06: Conflict resolution Resolution logic: - Enforce mode wins over warn and audit (regardless of priority) - Among same modes, higher priority wins - Multiple blocks: highest priority block message used - Warnings and injections are accumulated New functions: - mode_precedence(): Returns numeric precedence (enforce=3, warn=2, audit=1) - RuleConflictEntry: Struct for conflict resolution entries - resolve_conflicts(): Resolves conflicts between multiple matched rules - rule_takes_precedence(): Compares two rules for precedence Tests: 109 tests pass (+8 new conflict resolution tests) Refs: .speckit/features/phase2-governance/spec.md Closes: #43 * feat(governance): complete Phase 2.2-2.4 + RuleZ UI scaffold (#72) * feat(governance): add Phase 2 governance types and Rule extensions Implements P2.1-T01 through P2.1-T04: - PolicyMode enum (enforce, warn, audit) with default=enforce - Decision enum (allowed, blocked, warned, audited) for logging - GovernanceMetadata struct for rule provenance and documentation - Confidence enum (high, medium, low) - Rule struct extended with mode, priority, and governance fields - sort_rules_by_priority() function for priority-based ordering - Rule helper methods: effective_mode(), effective_priority(), is_enabled() All new fields are optional for backward compatibility. Existing v1.0 configs continue to work unchanged. Tests: 93 tests pass (added 20+ governance tests) Coverage: PolicyMode, Confidence, Decision, GovernanceMetadata parsing, Rule field defaults, priority sorting, YAML integration Refs: .speckit/features/phase2-governance/spec.md Closes: #38 #39 #40 #41 * feat(governance): implement mode-based action execution Implements P2.1-T05: Mode-based action execution Mode behavior: - Enforce: Normal execution (block, inject, run validators) - Warn: Never blocks, injects warning context instead - Audit: Logs only, no blocking or injection Changes: - hooks.rs: Added execute_rule_actions_with_mode() function - hooks.rs: Added execute_rule_actions_warn_mode() for warn mode - hooks.rs: Added merge_responses_with_mode() for mode awareness - hooks.rs: Added determine_decision() for logging decisions - config.rs: Updated enabled_rules() to use effective_priority() Tests: 101 tests pass (+8 new mode-based tests) Refs: .speckit/features/phase2-governance/spec.md Closes: #42 * feat(governance): implement conflict resolution for multi-rule scenarios Implements P2.1-T06: Conflict resolution Resolution logic: - Enforce mode wins over warn and audit (regardless of priority) - Among same modes, higher priority wins - Multiple blocks: highest priority block message used - Warnings and injections are accumulated New functions: - mode_precedence(): Returns numeric precedence (enforce=3, warn=2, audit=1) - RuleConflictEntry: Struct for conflict resolution entries - resolve_conflicts(): Resolves conflicts between multiple matched rules - rule_takes_precedence(): Compares two rules for precedence Tests: 109 tests pass (+8 new conflict resolution tests) Refs: .speckit/features/phase2-governance/spec.md Closes: #43 * feat(governance): complete Phase 2.2-2.4 + RuleZ UI scaffold Phase 2.2: Enhanced Logging - Decision enum, LogEntry governance fields, logs filtering Phase 2.3: CLI Enhancements - explain rule command with stats, JSON output, rules listing Phase 2.4: Trust Levels - TrustLevel enum, run action trust field, logging RuleZ UI: Milestone 1 Project Setup - Tauri 2.0 + React 18 + TypeScript scaffold - Dual-mode architecture, layout components, theming 68 tests passing, cargo fmt/clippy clean. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> * Develop, release (#78) * feat(ci): implement two-tier CI with develop/main branching strategy (#67) Add CI/CD tiered approach to balance development velocity with release quality: Branching Model: - main: Production-ready, protected, requires Full Validation - develop: Integration branch (default), requires Fast CI - feature/*, fix/*: Working branches CI Tiers: - Fast CI (~2-3 min): fmt, clippy, unit tests, Linux IQ smoke test Triggers on: PRs to develop, pushes to feature branches - Full Validation (~10-15 min): IQ (4 platforms) + OQ + PQ + evidence Triggers on: PRs to main, release tags, manual dispatch Workflow Changes: - ci.yml: Converted to Fast CI, triggers on develop/feature branches - validation.yml: Full validation, only PRs to main and releases - iq-validation.yml: Manual-only for formal validation runs Documentation: - constitution.md: Added CI/CD Policy section - docs/devops/BRANCHING.md: Detailed branching workflows - docs/devops/CI_TIERS.md: CI tier explanation - docs/devops/RELEASE_PROCESS.md: Release and hotfix workflows - AGENTS.md: Updated with new workflow instructions Benefits: - Daily development: ~2-3 min feedback loop - Releases: Thorough ~10-15 min validation - Hotfixes: Direct to main with backport to develop * fix(ci): update macOS Intel runner from macos-13 to macos-15-intel (#69) macOS 13 runners were retired by GitHub in Jan 2026. Using macos-15-intel as the new x86_64 runner (supported until Aug 2027). Reference: actions/runner-images#13046 * feat(governance): Phase 2.1 Core Governance Implementation (#71) * feat(governance): add Phase 2 governance types and Rule extensions Implements P2.1-T01 through P2.1-T04: - PolicyMode enum (enforce, warn, audit) with default=enforce - Decision enum (allowed, blocked, warned, audited) for logging - GovernanceMetadata struct for rule provenance and documentation - Confidence enum (high, medium, low) - Rule struct extended with mode, priority, and governance fields - sort_rules_by_priority() function for priority-based ordering - Rule helper methods: effective_mode(), effective_priority(), is_enabled() All new fields are optional for backward compatibility. Existing v1.0 configs continue to work unchanged. Tests: 93 tests pass (added 20+ governance tests) Coverage: PolicyMode, Confidence, Decision, GovernanceMetadata parsing, Rule field defaults, priority sorting, YAML integration Refs: .speckit/features/phase2-governance/spec.md Closes: #38 #39 #40 #41 * feat(governance): implement mode-based action execution Implements P2.1-T05: Mode-based action execution Mode behavior: - Enforce: Normal execution (block, inject, run validators) - Warn: Never blocks, injects warning context instead - Audit: Logs only, no blocking or injection Changes: - hooks.rs: Added execute_rule_actions_with_mode() function - hooks.rs: Added execute_rule_actions_warn_mode() for warn mode - hooks.rs: Added merge_responses_with_mode() for mode awareness - hooks.rs: Added determine_decision() for logging decisions - config.rs: Updated enabled_rules() to use effective_priority() Tests: 101 tests pass (+8 new mode-based tests) Refs: .speckit/features/phase2-governance/spec.md Closes: #42 * feat(governance): implement conflict resolution for multi-rule scenarios Implements P2.1-T06: Conflict resolution Resolution logic: - Enforce mode wins over warn and audit (regardless of priority) - Among same modes, higher priority wins - Multiple blocks: highest priority block message used - Warnings and injections are accumulated New functions: - mode_precedence(): Returns numeric precedence (enforce=3, warn=2, audit=1) - RuleConflictEntry: Struct for conflict resolution entries - resolve_conflicts(): Resolves conflicts between multiple matched rules - rule_takes_precedence(): Compares two rules for precedence Tests: 109 tests pass (+8 new conflict resolution tests) Refs: .speckit/features/phase2-governance/spec.md Closes: #43 * feat(governance): complete Phase 2.2-2.4 + RuleZ UI scaffold (#72) * feat(governance): add Phase 2 governance types and Rule extensions Implements P2.1-T01 through P2.1-T04: - PolicyMode enum (enforce, warn, audit) with default=enforce - Decision enum (allowed, blocked, warned, audited) for logging - GovernanceMetadata struct for rule provenance and documentation - Confidence enum (high, medium, low) - Rule struct extended with mode, priority, and governance fields - sort_rules_by_priority() function for priority-based ordering - Rule helper methods: effective_mode(), effective_priority(), is_enabled() All new fields are optional for backward compatibility. Existing v1.0 configs continue to work unchanged. Tests: 93 tests pass (added 20+ governance tests) Coverage: PolicyMode, Confidence, Decision, GovernanceMetadata parsing, Rule field defaults, priority sorting, YAML integration Refs: .speckit/features/phase2-governance/spec.md Closes: #38 #39 #40 #41 * feat(governance): implement mode-based action execution Implements P2.1-T05: Mode-based action execution Mode behavior: - Enforce: Normal execution (block, inject, run validators) - Warn: Never blocks, injects warning context instead - Audit: Logs only, no blocking or injection Changes: - hooks.rs: Added execute_rule_actions_with_mode() function - hooks.rs: Added execute_rule_actions_warn_mode() for warn mode - hooks.rs: Added merge_responses_with_mode() for mode awareness - hooks.rs: Added determine_decision() for logging decisions - config.rs: Updated enabled_rules() to use effective_priority() Tests: 101 tests pass (+8 new mode-based tests) Refs: .speckit/features/phase2-governance/spec.md Closes: #42 * feat(governance): implement conflict resolution for multi-rule scenarios Implements P2.1-T06: Conflict resolution Resolution logic: - Enforce mode wins over warn and audit (regardless of priority) - Among same modes, higher priority wins - Multiple blocks: highest priority block message used - Warnings and injections are accumulated New functions: - mode_precedence(): Returns numeric precedence (enforce=3, warn=2, audit=1) - RuleConflictEntry: Struct for conflict resolution entries - resolve_conflicts(): Resolves conflicts between multiple matched rules - rule_takes_precedence(): Compares two rules for precedence Tests: 109 tests pass (+8 new conflict resolution tests) Refs: .speckit/features/phase2-governance/spec.md Closes: #43 * feat(governance): complete Phase 2.2-2.4 + RuleZ UI scaffold Phase 2.2: Enhanced Logging - Decision enum, LogEntry governance fields, logs filtering Phase 2.3: CLI Enhancements - explain rule command with stats, JSON output, rules listing Phase 2.4: Trust Levels - TrustLevel enum, run action trust field, logging RuleZ UI: Milestone 1 Project Setup - Tauri 2.0 + React 18 + TypeScript scaffold - Dual-mode architecture, layout components, theming 68 tests passing, cargo fmt/clippy clean. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> * docs(speckit): update project status for Phase 2 and RuleZ UI M1 completion (#74) - Mark phase2-governance as Complete (all P2.1-P2.4 implemented) - Mark rulez-ui M1 (Project Setup) as complete - Update all user story checkboxes in features.md - Update all checklist items in phase2-governance-checklist.md - Update rulez-ui-checklist.md with M1 completion - Update plan.md files with completion status and PR references - Add git workflow note: develop is the working branch Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> * fix(cch): align Event struct with Claude Code hook protocol (#75) * fix(cch): align Event struct with Claude Code hook protocol CCH was completely non-functional as a Claude Code hook because it expected `event_type` but Claude Code sends `hook_event_name`. This commit fixes three critical issues: 1. Event struct: rename `event_type` to `hook_event_name` with `#[serde(alias = "event_type")]` for backward compat. Add missing fields (transcript_path, cwd, permission_mode, tool_use_id). Make timestamp default to Utc::now() since Claude Code doesn't send it. 2. EventType enum: add Stop, PostToolUseFailure, SubagentStart, SubagentStop, Notification, Setup variants. 3. Response struct: add `#[serde(rename = "continue")]` so it serializes as "continue" not "continue_". Also fixes install.rs to generate correct PascalCase settings.json with nested matcher/hooks structure, and updates all speckit specs and mastering-hooks skill docs to reflect the actual protocol. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix: use event cwd for config loading instead of current_dir() When Claude Code invokes CCH as a hook, the working directory may not be the project directory. Claude Code sends the project path as `cwd` in the event JSON. CCH now uses this field to locate the correct project's hooks.yaml, falling back to current_dir() when cwd is absent. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * style: fix cargo fmt formatting and bump version to 1.0.2 Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> * test: add e2e integration tests for git push block via Claude Code protocol (#76) 8 new tests verifying: - Git push blocked using hook_event_name (Claude Code format) - CWD-based config loading (CCH invoked from wrong directory) - Various git push variants all blocked - Non-push git commands allowed - Response JSON format (continue not continue_) - No-config fail-open behavior - CWD push variants from wrong directory Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> * fix(cch): use exit code 2 to block tool calls per Claude Code hooks protocol (#77) * fix(cch): use exit code 2 to block tool calls per Claude Code hooks protocol Claude Code hooks protocol requires exit code 2 (not exit 0 with continue:false) to actually block a tool call. Exit 0 with continue:false only stops Claude's conversation but does NOT prevent the tool from executing. This was why git push went through despite the hook firing. - main.rs: exit(2) with reason on stderr when blocking - Updated e2e, OQ-US1, and OQ-US3 tests to expect exit code 2 + stderr Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(tests): guard against divide-by-zero in memory stability test On Linux CI, the process exits before memory can be measured, resulting in first_avg=0. This caused a divide-by-zero panic at line 362. Now skips the comparison when memory measurement returns 0. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> * docs: add release-cch skill to wiki mapping - Add skills section to wiki-mapping.yml with 5 new skill files - Update wiki_pages_created tracking section - Wiki total now 42 pages (37 existing + 5 new skill pages) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
hook_event_name,cwd, notimestamp, extra fields)event.cwdto findhooks.yamlwhen invoked from a different directory than the projectTest plan
cargo fmt --all --checkpassescchblocksgit pushfrom wrong CWD whencwdfield points to project dir🤖 Generated with Claude Code