Add hook and permission integration specs (Phase 14)

ProfRandom92 · ProfRandom92 · commit 9cbce360b6c3 · 2026-06-05T09:13:47.000+02:00
diff --git a/.agent/skills/REGISTRY.md b/.agent/skills/REGISTRY.md
@@ -72,3 +72,12 @@ This document serves as the local registry index for all authorized skills in th
 - **Forbidden Scope**: Implementing remote network registries, distributed downloads, or cryptographic proof logic.
 - **Validation Commands**: `cargo test`, `git status`
 - **Local SHA-256 Checksum**: `7B2F81C2AF5A97B2E0FA8A1243FABA9F605985A2F35E675F4C429DDBAE426B21`
+
+### 8. `ctxt-phase-14-hook-permission-integration`
+- **Path**: [.agent/skills/ctxt-phase-14-hook-permission-integration/SKILL.md](file:///.agent/skills/ctxt-phase-14-hook-permission-integration/SKILL.md)
+- **Description**: Documents and integrates inert specifications for hooks and permissions governance.
+- **Intended Use**: Documenting hook lifecycle targets, template schemas for permissions, and verification of implemented behavior.
+- **Allowed Scope**: Creating/modifying documentation files under `docs/` and inert template files.
+- **Forbidden Scope**: Modifying Rust codebase, active hook scripting/enforcement, and enabling provider network socket connectivity.
+- **Validation Commands**: `cargo test`
+- **Local SHA-256 Checksum**: `234A19F1E9E728412D5E0C1714D2A94F886509E2D47B54FC402EB84A1FD69A6D`
diff --git a/.agent/skills/ctxt-phase-14-hook-permission-integration/SKILL.md b/.agent/skills/ctxt-phase-14-hook-permission-integration/SKILL.md
@@ -0,0 +1,41 @@
+---
+name: ctxt-phase-14-hook-permission-integration
+description: "Documents and integrates inert specifications for hooks and permissions governance."
+summary: "Integrates hook and permission models as inert specification artifacts."
+---
+
+# Skill: ctxt-phase-14-hook-permission-integration
+
+## Goal
+Create documentation, integration specifications, and templates for hook and permission governance without active runtime enforcement.
+
+## Read first
+- AGENTS.md
+- PROJEKT.md
+- docs/HOOK_PERMISSION_INTEGRATION.md
+- docs/POLICY_INTERCEPTOR_SPEC.md
+- docs/RUNTIME_PERMISSION_TEMPLATE.md
+
+## Use when
+- Documenting policies for SessionStart, PreToolUse, PostToolUse, and PostPhase hooks.
+- Drafting template specifications for host permissions.
+- Verifying the separation between implemented and target behavior.
+
+## Allowed
+- Creating and modifying documentation files under `docs/`.
+- Creating inert templates under `templates/hooks/` and `templates/permissions/`.
+- Modifying `.agent/skills/REGISTRY.md` to index this skill.
+
+## Forbidden
+- Modifying Rust codebase or implementing active/executable hooks/scripts.
+- Enabling provider network sockets or reading credentials.
+- Writing files outside the repository root.
+
+## Validation
+- `cargo fmt --all --check`
+- `cargo check`
+- `cargo test`
+- `cargo clippy -- -D warnings`
+
+## Return
+Standard Phase Return Format.
diff --git a/PROJEKT.md b/PROJEKT.md
@@ -19,9 +19,9 @@ CompText CLI is an experimental terminal context client for building determinist
 
 ### Current State
 ```text
-CURRENT_PHASE: 13
-CURRENT_TASK: Skill Bundle Registry
-LAST_GREEN_PHASE: 13
+CURRENT_PHASE: 14
+CURRENT_TASK: Hook/Permission Integration
+LAST_GREEN_PHASE: 14
 STATUS: complete
 ```
 
@@ -88,8 +88,8 @@ git push
 | **Phase 11** | Release Packaging | Package CLI binary, finalize manifests, release artifact generation | **COMPLETE** |
 | **Phase 12** | Antigravity CLI Governance & Token Economy | Antigravity governance docs, token economy rules, skill/hook/permission target architecture | **COMPLETE** |
 | **Phase 13** | Skill Bundle Registry | Local skill bundle registry and starter skill templates | **COMPLETE** |
-| **Phase 14** | Hook/Permission Integration | Hook boundaries, dynamic run approvals | *NEXT* |
-| **Phase 15** | Cryptographic Provenance Engine | Signed evidence trail generation and cryptographic integrity seals | *QUEUED* |
+| **Phase 14** | Hook/Permission Integration | Hook boundaries, dynamic run approvals | **COMPLETE** |
+| **Phase 15** | Cryptographic Provenance Engine | Signed evidence trail generation and cryptographic integrity seals | *NEXT* |
 
 ---
 
diff --git a/README.md b/README.md
@@ -86,9 +86,9 @@ CompText is for developers who want AI-assisted workflows with stronger boundari
 
 ```text
 Binary: ctxt
-Current phase: Phase 13
-Current task: Skill Bundle Registry
-Last green phase: Phase 13
+Current phase: Phase 14
+Current task: Hook/Permission Integration
+Last green phase: Phase 14
 Status: complete
 ```
 
@@ -111,13 +111,13 @@ Phase 10  MVP Stabilization & Release Readiness  COMPLETE
 Phase 11  Release Packaging                      COMPLETE
 Phase 12  Antigravity CLI Governance & Token Economy COMPLETE
 Phase 13  Skill Bundle Registry                  COMPLETE
+Phase 14  Hook/Permission Integration            COMPLETE
 ```
 
 Next areas:
 
 ```text
-Phase 14  Hook/Permission Integration                NEXT
-Phase 15  Cryptographic Provenance Engine            QUEUED
+Phase 15  Cryptographic Provenance Engine            NEXT
 ```
 
 ```mermaid
diff --git a/docs/HOOK_PERMISSION_INTEGRATION.md b/docs/HOOK_PERMISSION_INTEGRATION.md
@@ -0,0 +1,24 @@
+# Hook and Permission Integration
+
+This document defines the governance integration framework for CompText agent workflows. It specifies the boundaries between active local checks and planned runtime policies.
+
+---
+
+## 1. Implemented Behavior vs. Target Behavior
+
+CompText maintains a strict distinction between behaviors actively executed by the local binary and behaviors designed as target integrations for the host/orchestrator:
+
+| Governance Layer | Active Implemented Behavior | Planned Target Behavior |
+|---|---|---|
+| **Context Redaction** | Locally filters high-entropy secrets and sensitive configurations from Context Packs. | Dynamic real-time token scanning of tool input/output streams. |
+| **Apply Gate Checks** | Restricts modified files to allowed paths inside the workspace; runs local tests. | Policy verification hooks triggered before file system mutation. |
+| **Policy Hooks** | Static validation scripts run manually or via CI verification suites. | Runtime interceptors blocking execution before, during, or after tool usage. |
+| **Host Permissions** | Guided instructions and safety baseline rulesets in `AGENTS.md`. | Sandboxed system-level read/write/network blockades enforced by the orchestrator. |
+
+---
+
+## 2. Local-Only and Offline-First baseline
+
+- **Authoritative Review-Gate**: The primary security enforcement layer remains the manual review and verification of proposed changes in the `proposals/` folder before running the apply gate (`ctxt apply`).
+- **No Rust-Level Enforcements**: Hooks and permissions are designed to be enforced by the hosting orchestrator (such as the Antigravity system). The local `ctxt` Rust binary does not contain sandboxing or active operating-system-level socket blockades.
+- **Offline Integrity**: Calculations and change-detection hashes are performed entirely offline using local utilities. No remote distributed marketplaces or online registries are used.
diff --git a/docs/POLICY_INTERCEPTOR_SPEC.md b/docs/POLICY_INTERCEPTOR_SPEC.md
@@ -0,0 +1,85 @@
+# Policy Interceptor Specification
+
+This document provides the inert specification format for policy interceptor hooks. These hooks represent target integration endpoints for orchestrator runtimes and are not actively executed by the local Rust CLI.
+
+---
+
+## 1. Interceptor Lifecycle Targets
+
+```text
+[ SessionStart ] ──────► Instantiates the workspace validation profile
+       │
+       ▼
+[ PreToolUse ] ────────► Intercepts and validates tool input parameters
+       │
+       ▼
+  ( Tool Run )
+       │
+       ▼
+[ PostToolUse ] ───────► Inspects and filters output streams
+       │
+       ▼
+[ PostPhase ] ─────────► Evaluates phase completeness and git tree clean status
+```
+
+---
+
+## 2. Specification Formats (Inert Targets)
+
+### SessionStart Specification
+- **Intent**: Initializes the session state tracking profile.
+- **Inert Spec**:
+  ```json
+  {
+    "hook": "SessionStart",
+    "status": "target",
+    "actions": [
+      "verify_local_git_cleanliness",
+      "load_active_phase_restrictions"
+    ]
+  }
+  ```
+
+### PreToolUse Specification
+- **Intent**: Validates tool invocation arguments before execution.
+- **Inert Spec**:
+  ```json
+  {
+    "hook": "PreToolUse",
+    "status": "target",
+    "restricted_arguments": {
+      "command_prefixes": ["env", "printenv"],
+      "blocked_paths": [".env", "*.key", "*.pem"]
+    }
+  }
+  ```
+
+### PostToolUse Specification
+- **Intent**: Filters and sanitizes outputs before returning them to the model context.
+- **Inert Spec**:
+  ```json
+  {
+    "hook": "PostToolUse",
+    "status": "target",
+    "redaction_patterns": [
+      "high_entropy_strings",
+      "credential_variables"
+    ]
+  }
+  ```
+
+### PostPhase Specification
+- **Intent**: Verifies phase completeness and triggers git progression pipeline.
+- **Inert Spec**:
+  ```json
+  {
+    "hook": "PostPhase",
+    "status": "target",
+    "verification_suite": [
+      "cargo fmt --all --check",
+      "cargo check",
+      "cargo test",
+      "cargo clippy -- -D warnings"
+    ]
+  }
+  ```
diff --git a/docs/RUNTIME_PERMISSION_TEMPLATE.md b/docs/RUNTIME_PERMISSION_TEMPLATE.md
@@ -0,0 +1,63 @@
+# Runtime Permission Template Specification
+
+This document defines the inert schema templates for configuring runtime permissions. These configurations represent host-enforced permissions profiles and do not represent active Rust-level compiler restrictions.
+
+---
+
+## 1. Baseline Permissions Template (Inert Target)
+
+```toml
+# baseline_permissions.toml - Inert target schema for host execution
+[runtime_permissions]
+status = "target"
+enforcement_layer = "host_orchestrator"
+
+[read]
+allowed_paths = ["."]
+denied_paths = [
+  "/etc",
+  "C:\\Windows",
+  "~/.ssh",
+  "~/.aws"
+]
+
+[write]
+allowed_paths = [
+  "./src",
+  "./tests",
+  "./docs",
+  "./reports",
+  "./proposals"
+]
+denied_paths = [
+  "./.git",
+  "../"
+]
+
+[network]
+allow_sockets = false
+denied_domains = ["*"]
+
+[provider]
+allow_live_calls = false
+allowed_providers = ["dummy"]
+```
+
+---
+
+## 2. Phase-Specific Override Template (Inert Target)
+
+```toml
+# local_ollama_permissions.toml - Inert target override example
+[runtime_permissions]
+status = "target"
+override_scope = "phase_4"
+
+[network]
+allow_sockets = true
+allowed_endpoints = ["http://localhost:11434"]
+
+[provider]
+allow_live_calls = true
+allowed_providers = ["ollama"]
+```
diff --git a/reports/phase_14_status.md b/reports/phase_14_status.md
@@ -0,0 +1,60 @@
+# Phase 14 Status Report: Hook/Permission Integration
+
+## Status Summary
+- **Phase**: Phase 14: Hook/Permission Integration
+- **Status**: success
+- **Date**: 2026-06-05
+
+---
+
+## Metadata details
+- **PHASE**: Phase 14: Hook/Permission Integration
+- **STATUS**: success
+- **FILES_CHANGED**:
+  - `PROJEKT.md`
+  - `README.md`
+  - `.agent/skills/REGISTRY.md`
+  - `reports/phase_14_status.md`
+- **DOCS_ADDED**:
+  - `docs/HOOK_PERMISSION_INTEGRATION.md`
+  - `docs/POLICY_INTERCEPTOR_SPEC.md`
+  - `docs/RUNTIME_PERMISSION_TEMPLATE.md`
+- **TEMPLATES_ADDED**:
+  - `templates/hooks/interceptor.policy.md`
+  - `templates/permissions/default.permissions.md`
+- **SKILLS_ADDED**:
+  - `.agent/skills/ctxt-phase-14-hook-permission-integration/SKILL.md`
+- **COMMANDS_RUN**:
+  - `cargo fmt --all --check`
+  - `cargo check`
+  - `cargo test`
+  - `cargo clippy -- -D warnings`
+  - `git diff --exit-code`
+- **VALIDATION**:
+  - All local compilation, check, clippy, and test runs are clean.
+- **ARTIFACTS**:
+  - `docs/HOOK_PERMISSION_INTEGRATION.md`
+  - `docs/POLICY_INTERCEPTOR_SPEC.md`
+  - `docs/RUNTIME_PERMISSION_TEMPLATE.md`
+  - `templates/hooks/interceptor.policy.md`
+  - `templates/permissions/default.permissions.md`
+  - `.agent/skills/ctxt-phase-14-hook-permission-integration/SKILL.md`
+  - `reports/phase_14_status.md`
+- **GIT**: Committed Phase 14 files and pushed to origin/main.
+- **NETWORK**: offline-only (no network requests made or permitted during design and layout).
+- **SECRETS**: Redacted from all configurations and outputs.
+- **POLICY_DECISIONS**:
+  - Explicit demarcation of implemented behaviors (local validation, context harvesting, apply gate pathing) vs. target/inert architectures (policy interceptor hooks and host execution sandboxing).
+  - Maintained the authoritative status of the Proposal/Apply Gate and offline-first context model.
+  - Indexed the new Phase 14 skill under `.agent/skills/REGISTRY.md` using SHA-256 for local change-detection verification only.
+- **RISKS**: Policy interceptor hooks and runtime permissions represent planned design integrations for the host/orchestrator; they do not represent active Rust-level execution blockades or guarantees.
+- **NEXT**: Phase 15: Cryptographic Provenance Engine
+
+---
+
+## Detailed Implementation Notes
+1. **Integration Specification**: Authored `docs/HOOK_PERMISSION_INTEGRATION.md` outlining the split between implemented local validation and target host policy execution.
+2. **Policy Interceptors**: Outlined `docs/POLICY_INTERCEPTOR_SPEC.md` detailing planned lifecycle endpoints for SessionStart, PreToolUse, PostToolUse, and PostPhase interceptors.
+3. **Runtime Permissions**: Authored `docs/RUNTIME_PERMISSION_TEMPLATE.md` defining inert schemas for read/write/network/provider orchestrator constraints.
+4. **Starter Templates**: Placed inert policy and permission configurations under `templates/hooks/` and `templates/permissions/` directories.
+5. **Skill Registry updates**: Configured and registered `.agent/skills/ctxt-phase-14-hook-permission-integration/SKILL.md` with explicit allowed/forbidden scopes and recomputed local SHA-256 change-detection integrity hash.
diff --git a/templates/hooks/interceptor.policy.md b/templates/hooks/interceptor.policy.md
@@ -0,0 +1,10 @@
+# Inert Hook Policy Template
+
+This template specifies target policy interception configurations. It is inert and not executed by the CLI runtime.
+
+- **Status**: Inert Design Target
+- **Enforcement Layer**: Orchestrator Runtime
+- **Rules**:
+  - PreToolUse: Block `.env` file reading.
+  - PostToolUse: Filter high-entropy patterns.
+  - PostPhase: Execute `cargo test` suite.
diff --git a/templates/permissions/default.permissions.md b/templates/permissions/default.permissions.md
@@ -0,0 +1,11 @@
+# Inert Runtime Permissions Template
+
+This template specifies target runtime permission configurations. It is inert and not enforced by the CLI runtime.
+
+- **Status**: Inert Design Target
+- **Enforcement Layer**: Host Environment
+- **Permissions Baseline**:
+  - **Read**: Repository workspace only (default deny system directories).
+  - **Write**: Allowed paths within the codebase only.
+  - **Network**: Block remote sockets by default.
+  - **Provider**: Restrict calls to mock/local adapters.
