Feat/claude code updates (#74)

* feat(core): add ModificationObject and Modify decision variant

Add support for the `modify` decision verb:
- Add ModificationObject struct with priority field (1-100, higher wins)
- Add modifications field to DecisionSet
- Add FinalDecision::Modify variant with reason, updated_input, agent_messages
- Add helper methods: has_modifications(), is_modify(), updated_input(), is_ask()

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* feat(core): add Modify synthesis with module refactoring

Implement Modify decision synthesis with priority-based merge:
- Add Modify between Ask and AllowOverride in priority hierarchy
- Implement merge_modifications() with deep merge and priority resolution
- Add collect_modification_agent_messages() for context extraction

Refactor synthesis into module structure:
- Extract tests (~340 lines) to synthesis/tests.rs
- Extract merge logic (~80 lines) to synthesis/merge_input_updates.rs
- Reduce mod.rs from 720 to ~310 lines

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* feat(harness): add EngineDecision::Modify variant

Add Modify variant to EngineDecision enum with reason and updated_input
fields for harness-level handling of modify decisions.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* feat(harness): handle Modify decision in all harness adapters

Update adapt_decision() in all harnesses:
- ClaudeHarness: Full support with EngineDecision::Modify
- FactoryHarness: Full support with EngineDecision::Modify
- CursorHarness: Treat Modify as Allow (no updatedInput support)
- OpenCodeHarness: Treat Modify as Allow

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* feat(claude-code): add Modify support to response builders

Handle EngineDecision::Modify in all Claude Code response builders:
- pre_tool_use.rs: Set permissionDecision=allow with updatedInput
- context_injection.rs: Treat as Allow with context
- feedback_loop.rs: Treat as Allow
- generic.rs: Treat as Allow

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* feat(factory): add Modify support to response builders

Handle EngineDecision::Modify in all Factory response builders:
- pre_tool_use.rs: Set permissionDecision=allow with updatedInput
- context_injection.rs: Treat as Allow
- feedback_loop.rs: Treat as Allow
- generic.rs: Treat as Allow

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* feat(cursor): handle Modify decision in response builders

Treat EngineDecision::Modify as Allow in Cursor response builders
(Cursor protocol does not support updatedInput):
- before_mcp_execution.rs: Modify → Allow
- before_read_file.rs: Modify → Allow
- before_shell_execution.rs: Modify → Allow
- before_submit_prompt.rs: Modify → Continue

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* feat(core): handle Modify in engine and debug output

Update engine and debug modules for Modify decision:
- engine/mod.rs: Add FinalDecision::Modify cases in match statements
- debug.rs: Add Modify case for debug file output

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* feat(validator): add DecisionVerb::Modify for PreToolUse

Add Modify to decision-event validation matrix:
- Add DecisionVerb::Modify enum variant
- Update all(), from_rego_name(), rego_name(), description()
- Add Modify to PreToolUse compatibility list only
- Add incompatibility message for non-PreToolUse events
- Add test_modify_only_pre_tool_use test

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* feat(rego): add modifications collection to evaluate templates

Add "modifications": collect_verbs("modify") to decision_set in all
system evaluate.rego templates:
- cupcake-cli/src/main.rs (SYSTEM_EVALUATE_TEMPLATE)
- fixtures/{claude,cursor,factory,opencode}/system/evaluate.rego
- examples/fixtures/system/evaluate.rego
- cupcake-core/tests/fixtures/{system_evaluate,global_system_evaluate}.rego
- cupcake-py/test-fixtures/.cupcake/policies/system/evaluate.rego
- cupcake-ts/test-fixtures/.cupcake/policies/claude/system/evaluate.rego

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* test(factory): add modify decision integration test

Add test_modify_decision_generates_allow_with_updated_input test
to verify modify decisions correctly generate allow responses with
updatedInput field in Factory harness.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* docs: add modify verb documentation

Update documentation to reflect the new `modify` decision verb:

- reference/policies/custom.md: Add modify to decision verbs table with
  example showing priority-based input transformation
- reference/harnesses/claude-code.md: Add Can Modify column to events
  table, document updatedInput response format
- reference/harnesses/factory-ai.md: Update to note Claude Code now also
  supports input modification
- reference/harnesses/cursor.md: Add input modification row noting it's
  not supported in Cursor

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* docs(readme): add Modify decision to Decisions & Feedback section

Update main README to document the new modify decision type that allows
policies to transform tool input before execution. Also fixed context
injection note to include Factory AI support.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* refactor: remove allow_override decision verb

Remove the allow_override decision verb which was designed for an
unimplemented "deny-by-default" mode. In the current allow-by-default
architecture, Claude never sees the permissionDecisionReason when the
decision is "allow", making this feature non-functional.

Changes:
- Remove AllowOverride from DecisionVerb enum and FinalDecision
- Remove allow_override from DecisionSet struct
- Remove from synthesis logic and harness adapters
- Update all evaluate.rego templates to remove allow_overrides
- Update tests that used allow_override to use add_context instead
- Update documentation to remove allow_override references

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* readme updates

* Fix SLSA badge link in README

Updated SLSA badge link in README.md.

* readme updates

* readme updates

* readme updates

* readme updates

* Add PermissionRequest hook event and deprecate block for PreToolUse

PermissionRequest is a new Claude Code hook that fires when the user is
shown a permission dialog, allowing policies to auto-approve or auto-deny.

PermissionRequest implementation:
- New event payload with tool_name, tool_input, tool_use_id fields
- Response format uses nested decision object with behavior (allow/deny),
  updatedInput, message, and interrupt fields
- No "ask" behavior - this IS the ask dialog
- Supported verbs: halt, deny, block, modify (no ask, no add_context)

Deprecation warning for block + PreToolUse:
- Using 'block' for PreToolUse now emits a deprecation warning
- Users should migrate to 'deny' for pre-execution rejection
- 'block' is for post-execution feedback loops (PostToolUse)
- This will become an error in a future version

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* Add permission_mode, tool_use_id, and notification_type fields to Claude Code events

Implements new input fields from Claude Code hooks specification:
- permission_mode: Added to CommonEventData (all events) with PermissionMode enum
- tool_use_id: Added to PreToolUse and PostToolUse payloads
- notification_type: Added to Notification payload with NotificationType enum

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* Add SOC/SIEM telemetry export and consolidate docs

Telemetry feature:
- Add TelemetryConfig to rulebook (enabled, format, destination)
- Add JSON serialization to DebugCapture for structured export
- Wire up telemetry in CLI eval command

Documentation:
- Consolidate watchdog docs into single reference page
- Add enterprise section (global-config, policy-registry, soc-siem, enterprise-pro)
- Reorganize nav structure

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* Fix clippy warnings and formatting in catalog code

Auto-fixed uninlined format args warnings from clippy.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* add amp to readme

---------

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

Author: backnotprop

.github/workflows/debug-claude.yml

@@ -172,7 +172,7 @@ jobs:
                   "denials": [],
                   "blocks": [],
                   "asks": [],
-                  "allow_overrides": [],
+                  "modifications": [],
                   "add_context": []
               }
           }

README.md

@@ -18,31 +18,32 @@ Make AI agents follow the rules.
 **Policy enforcement** layer for AI agents; yielding better performance and security **without consuming model context**.
 
 - **Deterministic rule-following** for your agents.
-- **Better performance** by moving rules out of context and into guarantees.
+- **Better performance** by moving rules out of context and into policy-as-code.
 - **LLM-as-a-judge** for more dynamic governance.
 - **Trigger alerts** and put _bad_ agents in timeout when they repeatedly violate rules.
 
-Cupcake intercepts agent events and evaluates them against **user-defined rules** written in **[Open Policy Agent (OPA)](https://www.openpolicyagent.org/) [Rego](https://www.openpolicyagent.org/docs/policy-language)**. Agent actions can be blocked, modified, and auto-corrected by providing the agent helpful feedback. Additional benefits include reactive automation for tasks you dont need to rely on the agent to conduct (like linting after a file edit).
+Cupcake intercepts agent events and evaluates them against **user-defined rules** written in **[Open Policy Agent (OPA)](https://www.openpolicyagent.org/) [Rego](https://www.openpolicyagent.org/docs/policy-language)** or **Typescript policy programs** that abstract Rego. Agent actions can be blocked, modified, and auto-corrected by providing the agent helpful feedback. Additional benefits include reactive automation for tasks you dont need to rely on the agent to conduct (like linting after a file edit).
 
 ## Updates
 
 **`2025-12-09`**: Official open source release. Roadmap will be produced in Q1 2026.
 
-**`2025-04-04`**: We produce the [feature request](https://github.com/anthropics/claude-code/issues/712) for Claude Code Hooks. Runtime alignement requires integration into the agent harnesses, and we pivot away from filesystem and os-level monitoring of agent behavior (early cupcake PoC).
+**`2025-04-04`**: We produce the [feature request](https://github.com/anthropics/claude-code/issues/712) for Claude Code Hooks. Runtime alignment requires integration into the agent harnesses, and we pivot away from filesystem and os-level monitoring of agent behavior (early cupcake PoC).
 
 ## Supported Agent Harnesses
 
-Cupcake provides **native integrations** for multiple AI coding agents:
+Cupcake provides lightweight **native integrations** for multiple AI coding agents:
 
-| Harness                                                                           | Status             | Integration Guide                                                      |
-| --------------------------------------------------------------------------------- | ------------------ | ---------------------------------------------------------------------- |
-| **[Claude Code](https://claude.ai/code)**                                         | ✅ Fully Supported | [Setup Guide](./docs/user-guide/harnesses/claude-code.md)              |
-| **[Cursor](https://cursor.com)**                                                  | ✅ Fully Supported | [Setup Guide](./docs/user-guide/harnesses/cursor.md)                   |
-| **[Factory AI](https://docs.factory.ai/welcome)**                                 | ✅ Fully Supported | [Setup Guide](./docs/user-guide/harnesses/factory.md)                  |
-| **[OpenCode](https://opencode.ai)**                                               | ✅ Fully Supported | [Setup Guide](./docs/agents/opencode/quickstart.md)                    |
-| **[Gemini CLI](https://docs.cloud.google.com/gemini/docs/codeassist/gemini-cli)** | Coming soon        | [Awaiting PR](https://github.com/google-gemini/gemini-cli/issues/2779) |
+| Harness                                                                           | Status             | Integration Guide                                                           |
+| --------------------------------------------------------------------------------- | ------------------ | --------------------------------------------------------------------------- |
+| **[Claude Code](https://claude.ai/code)**                                         | ✅ Fully Supported | [Setup Guide](./docs/user-guide/harnesses/claude-code.md)                   |
+| **[Cursor](https://cursor.com)**                                                  | ✅ Fully Supported | [Setup Guide](./docs/user-guide/harnesses/cursor.md)                        |
+| **[Factory AI](https://docs.factory.ai/welcome)**                                 | ✅ Fully Supported | [Setup Guide](./docs/user-guide/harnesses/factory.md)                       |
+| **[OpenCode](https://opencode.ai)**                                               | ✅ Fully Supported | [Setup Guide](./docs/agents/opencode/quickstart.md)                         |
+| **[AMP](https://ampcode.com)**                                                    | Coming soon        | [Awaiting release](https://ampcode.com/manual?internal#hooks)               |
+| **[Gemini CLI](https://docs.cloud.google.com/gemini/docs/codeassist/gemini-cli)** | Coming soon        | [Awaiting release](https://github.com/google-gemini/gemini-cli/issues/2779) |
 
-Each harness uses native event formats. Similar to terraform, policies are separated by harness (`policies/claude/`, `policies/cursor/`, `policies/factory/`, `policies/opencode/`) to ensure clarity and full access to harness-specific capabilities.
+Each harness uses native event formats. Similar to terraform, policies are separated by harness (`policies/claude/`, `policies/cursor/`, `policies/factory/`, `policies/opencode/`) to ensure clarity and full access to harness-specific capabilities. If a particular harness is not supported, it is because it has no means for runtime integration.
 
 #### Language Bindings
 

cupcake-cli/src/catalog_cli.rs

@@ -173,7 +173,7 @@ async fn execute_repo_command(command: RepoCommand) -> Result<()> {
         RepoCommand::Add { name, url } => {
             manager.add_registry(&name, &url)?;
             manager.save()?;
-            println!("Added repository '{}' -> {}", name, url);
+            println!("Added repository '{name}' -> {url}");
         }
         RepoCommand::List => {
             println!("Configured repositories:\n");
@@ -189,7 +189,7 @@ async fn execute_repo_command(command: RepoCommand) -> Result<()> {
         RepoCommand::Remove { name } => {
             manager.remove_registry(&name)?;
             manager.save()?;
-            println!("Removed repository '{}'", name);
+            println!("Removed repository '{name}'");
         }
     }
 
@@ -305,7 +305,7 @@ async fn execute_show(name: &str, json_output: bool, force_refresh: bool) -> Res
 
     let versions = index
         .get_versions(name)
-        .context(format!("Rulebook '{}' not found in catalog", name))?;
+        .context(format!("Rulebook '{name}' not found in catalog"))?;
 
     let latest = versions.first().context("No versions available")?;
 
@@ -338,7 +338,7 @@ async fn execute_show(name: &str, json_output: bool, force_refresh: bool) -> Res
         println!();
         println!("Description:");
         for line in latest.description.lines() {
-            println!("  {}", line);
+            println!("  {line}");
         }
 
         println!();
@@ -393,9 +393,8 @@ async fn execute_install(name: &str, version: Option<&str>, force_refresh: bool)
     let entry = index
         .resolve_version(rulebook_name, version_spec)
         .context(format!(
-            "No version matching '{}' found for '{}'.\n\
-             Supported formats: 1.2.0 (exact), ^1.2 (compatible), ~1.2 (patch-level), latest",
-            version_spec, rulebook_name
+            "No version matching '{version_spec}' found for '{rulebook_name}'.\n\
+             Supported formats: 1.2.0 (exact), ^1.2 (compatible), ~1.2 (patch-level), latest"
         ))?;
 
     // Show what version was resolved for non-exact specifiers
@@ -486,7 +485,7 @@ async fn execute_uninstall(name: &str) -> Result<()> {
     let mut lock = CatalogLock::load_or_default()?;
 
     if !lock.is_installed(name) {
-        println!("Rulebook '{}' is not installed.", name);
+        println!("Rulebook '{name}' is not installed.");
         return Ok(());
     }
 
@@ -504,7 +503,7 @@ async fn execute_uninstall(name: &str) -> Result<()> {
     lock.remove_installed(name);
     lock.save()?;
 
-    println!("Uninstalled '{}' v{}", name, version);
+    println!("Uninstalled '{name}' v{version}");
 
     Ok(())
 }
@@ -560,7 +559,7 @@ async fn execute_upgrade(name: Option<&str>, dry_run: bool, force_refresh: bool)
 
     if to_check.is_empty() {
         if let Some(n) = name {
-            println!("Rulebook '{}' is not installed.", n);
+            println!("Rulebook '{n}' is not installed.");
         }
         return Ok(());
     }
@@ -621,10 +620,7 @@ async fn execute_upgrade(name: Option<&str>, dry_run: bool, force_refresh: bool)
     }
 
     for name in &not_in_catalog {
-        println!(
-            "\nWarning: '{}' not found in catalog (may have been removed)",
-            name
-        );
+        println!("\nWarning: '{name}' not found in catalog (may have been removed)");
     }
 
     if dry_run {
@@ -663,7 +659,7 @@ async fn execute_upgrade(name: Option<&str>, dry_run: bool, force_refresh: bool)
 async fn execute_lint(path: &std::path::Path) -> Result<()> {
     use cupcake_core::catalog::RulebookManifest;
 
-    println!("Validating rulebook at {:?}...\n", path);
+    println!("Validating rulebook at {path:?}...\n");
 
     let mut errors: Vec<String> = Vec::new();
     let mut warnings: Vec<String> = Vec::new();
@@ -681,7 +677,7 @@ async fn execute_lint(path: &std::path::Path) -> Result<()> {
         Ok(manifest) => {
             // Validate manifest fields
             if let Err(e) = manifest.validate() {
-                errors.push(format!("Manifest validation failed: {}", e));
+                errors.push(format!("Manifest validation failed: {e}"));
             }
 
             // Check policies exist for declared harnesses
@@ -692,34 +688,30 @@ async fn execute_lint(path: &std::path::Path) -> Result<()> {
                 for harness in &manifest.metadata.harnesses {
                     let harness_dir = policies_dir.join(harness);
                     if !harness_dir.exists() {
-                        errors.push(format!(
-                            "Missing policies directory for harness: {}",
-                            harness
-                        ));
+                        errors.push(format!("Missing policies directory for harness: {harness}"));
                         continue;
                     }
 
                     // Check for system/evaluate.rego
                     let system_eval = harness_dir.join("system").join("evaluate.rego");
                     if !system_eval.exists() {
                         errors.push(format!(
-                            "Missing system/evaluate.rego for harness: {}",
-                            harness
+                            "Missing system/evaluate.rego for harness: {harness}"
                         ));
                     }
 
                     // Check that at least some .rego files exist
                     let rego_files = count_rego_files(&harness_dir);
                     if rego_files == 0 {
-                        errors.push(format!("No .rego files found for harness: {}", harness));
+                        errors.push(format!("No .rego files found for harness: {harness}"));
                     }
                 }
             }
 
             // Validate Rego namespaces
             if policies_dir.exists() {
                 if let Err(e) = validate_rego_namespaces(path, &manifest.metadata.name) {
-                    errors.push(format!("Namespace validation failed: {}", e));
+                    errors.push(format!("Namespace validation failed: {e}"));
                 }
             }
 
@@ -740,7 +732,7 @@ async fn execute_lint(path: &std::path::Path) -> Result<()> {
             println!();
         }
         Err(e) => {
-            errors.push(format!("Failed to parse manifest.yaml: {}", e));
+            errors.push(format!("Failed to parse manifest.yaml: {e}"));
         }
     }
 
@@ -818,11 +810,11 @@ fn print_validation_results(errors: &[String], warnings: &[String]) {
     }
 
     for error in errors {
-        println!("ERROR: {}", error);
+        println!("ERROR: {error}");
     }
 
     for warning in warnings {
-        println!("WARNING: {}", warning);
+        println!("WARNING: {warning}");
     }
 
     println!();
@@ -844,7 +836,7 @@ async fn execute_package(path: &std::path::Path, output: &std::path::Path) -> Re
     use sha2::{Digest, Sha256};
     use tar::Builder;
 
-    println!("Packaging rulebook at {:?}...\n", path);
+    println!("Packaging rulebook at {path:?}...\n");
 
     // Validate first
     let manifest_path = path.join("manifest.yaml");
@@ -859,15 +851,15 @@ async fn execute_package(path: &std::path::Path, output: &std::path::Path) -> Re
     let version = &manifest.metadata.version;
 
     // Create tarball filename
-    let tarball_name = format!("{}-{}.tar.gz", name, version);
+    let tarball_name = format!("{name}-{version}.tar.gz");
     let tarball_path = output.join(&tarball_name);
 
     // Ensure output directory exists
     std::fs::create_dir_all(output)?;
 
     // Create tarball
     let tarball_file = std::fs::File::create(&tarball_path)
-        .with_context(|| format!("Failed to create {:?}", tarball_path))?;
+        .with_context(|| format!("Failed to create {tarball_path:?}"))?;
 
     let encoder = GzEncoder::new(tarball_file, Compression::default());
     let mut builder = Builder::new(encoder);
@@ -884,11 +876,11 @@ async fn execute_package(path: &std::path::Path, output: &std::path::Path) -> Re
     let tarball_bytes = std::fs::read(&tarball_path)?;
     let digest = format!("sha256:{:x}", Sha256::digest(&tarball_bytes));
 
-    println!("Created: {:?}", tarball_path);
+    println!("Created: {tarball_path:?}");
     println!("Size:    {} bytes", tarball_bytes.len());
-    println!("Digest:  {}", digest);
+    println!("Digest:  {digest}");
     println!();
-    println!("Rulebook: {} v{}", name, version);
+    println!("Rulebook: {name} v{version}");
     println!("Harnesses: {}", manifest.metadata.harnesses.join(", "));
 
     Ok(())