Harden governance language discipline

Author: ProfRandom92

docs/HOOK_PERMISSION_INTEGRATION.md

@@ -10,10 +10,10 @@ CompText maintains a strict distinction between behaviors actively executed by t
 
 | Governance Layer | Active Implemented Behavior | Planned Target Behavior |
 |---|---|---|
-| **Context Redaction** | Locally filters high-entropy secrets and sensitive configurations from Context Packs. | Dynamic real-time token scanning of tool input/output streams. |
-| **Apply Gate Checks** | Restricts modified files to allowed paths inside the workspace; runs local tests. | Policy verification hooks triggered before file system mutation. |
-| **Policy Hooks** | Static validation scripts run manually or via CI verification suites. | Runtime interceptors blocking execution before, during, or after tool usage. |
-| **Host Permissions** | Guided instructions and safety baseline rulesets in `AGENTS.md`. | Sandboxed system-level read/write/network blockades enforced by the orchestrator. |
+| **Context Redaction** | Locally filters high-entropy secrets and sensitive configurations from Context Packs. | Planned target real-time token scanning of tool input/output streams (not active in current CLI). |
+| **Apply Gate Checks** | Restricts modified files to allowed paths inside the workspace; runs local tests. | Planned target policy verification checks triggered before file system mutation (not active in current CLI). |
+| **Policy Hooks** | Manual user execution of validation command suites. | Planned target interceptors evaluated before, during, or after tool usage (not active in current CLI). |
+| **Host Permissions** | Guided instructions and safety baseline rulesets in `AGENTS.md`. | Planned target host/orchestrator permission constraints (not active in current CLI). |
 
 ---
 

docs/POLICY_INTERCEPTOR_SPEC.md

@@ -69,7 +69,7 @@ This document provides the inert specification format for policy interceptor hoo
   ```
 
 ### PostPhase Specification
-- **Intent**: Verifies phase completeness and triggers git progression pipeline.
+- **Intent**: Planned target verification of phase completeness status (not active in current CLI).
 - **Inert Spec**:
   ```json
   {

docs/RUNTIME_PERMISSION_TEMPLATE.md

@@ -42,22 +42,3 @@ denied_domains = ["*"]
 allow_live_calls = false
 allowed_providers = ["dummy"]
 ```
-
----
-
-## 2. Phase-Specific Override Template (Inert Target)
-
-```toml
-# local_ollama_permissions.toml - Inert target override example
-[runtime_permissions]
-status = "target"
-override_scope = "phase_4"
-
-[network]
-allow_sockets = true
-allowed_endpoints = ["http://localhost:11434"]
-
-[provider]
-allow_live_calls = true
-allowed_providers = ["ollama"]
-```

reports/phase_14_status.md

@@ -58,3 +58,4 @@
 3. **Runtime Permissions**: Authored `docs/RUNTIME_PERMISSION_TEMPLATE.md` defining inert schemas for read/write/network/provider orchestrator constraints.
 4. **Starter Templates**: Placed inert policy and permission configurations under `templates/hooks/` and `templates/permissions/` directories.
 5. **Skill Registry updates**: Configured and registered `.agent/skills/ctxt-phase-14-hook-permission-integration/SKILL.md` with explicit allowed/forbidden scopes and recomputed local SHA-256 change-detection integrity hash.
+6. Review-Gate Cleanup: Updated README project tracking to Phase 13 COMPLETE and Phase 14 NEXT. Cleaned starter skill files to remove claim-sensitive release, readiness, compatibility, and guarantee-style wording. Recomputed and updated local SHA-256 change-detection hashes in the registry index.

templates/hooks/interceptor.policy.md

@@ -4,7 +4,7 @@ This template specifies target policy interception configurations. It is inert a
 
 - **Status**: Inert Design Target
 - **Enforcement Layer**: Orchestrator Runtime
-- **Rules**:
-  - PreToolUse: Block `.env` file reading.
-  - PostToolUse: Filter high-entropy patterns.
-  - PostPhase: Execute `cargo test` suite.
+- **Rules (Target-Only / Not Active)**:
+  - PreToolUse: Target-only blocking of `.env` file reading.
+  - PostToolUse: Target-only filtering of high-entropy patterns.
+  - PostPhase: Target-only execution of `cargo test` suite.

templates/permissions/default.permissions.md

@@ -4,8 +4,8 @@ This template specifies target runtime permission configurations. It is inert an
 
 - **Status**: Inert Design Target
 - **Enforcement Layer**: Host Environment
-- **Permissions Baseline**:
-  - **Read**: Repository workspace only (default deny system directories).
-  - **Write**: Allowed paths within the codebase only.
-  - **Network**: Block remote sockets by default.
-  - **Provider**: Restrict calls to mock/local adapters.
+- **Permissions Baseline (Target-Only / Not Active)**:
+  - **Read**: Target-only restriction to repository workspace only (default deny system directories).
+  - **Write**: Target-only restriction to allowed paths within the codebase only.
+  - **Network**: Target-only blocking of remote sockets by default.
+  - **Provider**: Target-only restriction of calls to mock/local adapters.