liderra/portal
1
0
Fork 0
Code Issues Pull Requests Actions 79 Packages Projects Releases Wiki Activity
Files
cbfd9738de62dddc04252cf00bbbbbddcb331b7c
portal/tools/router-tool-gate.mjs
T
Дмитрий 55123bfe9f feat(router): §17 mode-based gate, continuation NOT exempt (phase 2 task 13) 
Spec §4.4 — shouldBlock rewritten on mode='off'|'warn-only'|'enforce'. Old
boolean warnOnly API kept as legacy fallback. Continuation deliberately NOT
in the §17 exempt set (D1) — an inherited 'feature' classification still
triggers the gate.

- tools/router-tool-gate.mjs:
  + NON_BLOCKING_TASK_TYPES = ['conversation','micro','manual_override']
  + shouldBlock returns false OR { block: true, reason } with reason ∈
    {'no_skill_found_block','direct_in_non_conversation'}.
  + Reads state.classification.task_type (v4 snake_case) with fallback to
    legacy taskType — backward-compatible until Task 14 updates prehook.
  + resolveMode(): options.mode wins; legacy warnOnly=false maps to enforce.
  + decideDecision returns decision/reason/reason_code on block, warning on
    warn-only with non-exempt classification, empty on proceed/exempt.
  + gateMode() now recognises 'off' alongside warn-only/enforce.
- tools/router-tool-gate.test.mjs: rewritten 25 tests (mode-based) — covers
  §17 exempt set, no_skill_found path, skill invoked, routing-tag escape,
  read-only Bash, tool whitelist, legacy back-compat (warnOnly + taskType),
  decideDecision reason_code + warn-only warning suppression on exempt tasks.

Tests: 25/25 PASS.
2026-05-25 14:28:25 +03:00

168 lines
6.9 KiB
JavaScript
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
#!/usr/bin/env node
/**
* PreToolUse hook — router tool gate.
* Stage 3 of router discipline overhaul.
*
* Читает state из ~/.claude/runtime/router-state-<session>.json (написан router-prehook).
* Решает: block / proceed для tools Edit, Write, Bash (non-read-only).
*
* Escape hatch: <!-- routing: direct_justified=true reason="..." --> в начале response пропускает.
*
* Mode: warn-only (только stderr) или enforce (decision: block).
* Mode читается из ~/.claude/runtime/router-gate-mode.json {"mode": "warn-only"|"enforce"}.
* По умолчанию warn-only (первая неделя), потом ручной переключатель.
*/
import { readFileSync, existsSync } from 'fs';
import { join } from 'path';
import { homedir } from 'os';
const READ_ONLY_BASH_PATTERNS = [
/^\s*ls(\s|$)/, /^\s*cat\s/, /^\s*head\s/, /^\s*tail\s/, /^\s*wc\s/,
/^\s*grep\s/, /^\s*find\s.*-print/, /^\s*pwd\s*$/,
/^\s*git\s+(status|log|show|diff|rev-parse|branch|ls-tree|ls-remote|remote\s+show|tag|fetch)/,
/^\s*node\s.*--check/, /^\s*npx\s+vitest\s+run/, /^\s*node\s+tools\/[\w-]+\.mjs\s+/,
];
export function isReadOnlyBash(command) {
if (!command) return false;
return READ_ONLY_BASH_PATTERNS.some((re) => re.test(command));
}
export function decodeRoutingTag(responseText) {
if (!responseText) return null;
const m = String(responseText).match(/<!--\s*routing:\s*direct_justified=true\s+reason=["']([^"']+)["']\s*-->/);
if (!m) return null;
return { directJustified: true, reason: m[1] };
}
// §17 exempt set — task types that never trigger the gate (spec §4.4).
// Continuation deliberately NOT in this list (D1): a continuation that
// inherits a `feature`/`bugfix` classification gets the same enforcement as
// the original prompt.
const NON_BLOCKING_TASK_TYPES = ['conversation', 'micro', 'manual_override'];
function resolveTaskType(cls) {
return cls?.task_type ?? cls?.taskType;
}
function resolveMode(options) {
if (typeof options.mode === 'string') return options.mode;
// Legacy fallback: warnOnly=false maps to enforce, otherwise warn-only.
return options.warnOnly === false ? 'enforce' : 'warn-only';
}
/**
* §17 gate decision (spec §4.4, Phase 2 Task 13).
*
* @returns `false` when the tool call is allowed to proceed, or
* `{ block: true, reason: 'direct_in_non_conversation' | 'no_skill_found_block' }`
* when the gate decides to block.
*
* Order of checks:
* 1. mode off / warn-only → false (no enforcement)
* 2. classification.no_skill_found === true → block(no_skill_found_block)
* 3. task_type ∈ NON_BLOCKING_TASK_TYPES → false (§17 exempt set)
* 4. skillInvokedThisTurn === true → false (skill already invoked)
* 5. routing-tag direct_justified=true with reason → false (escape hatch)
* 6. Bash + isReadOnlyBash(cmd) → false (read-only commands)
* 7. tool ∉ {Edit, Write, MultiEdit, Bash} → false (not gated)
* 8. → block(direct_in_non_conversation)
*/
export function shouldBlock(tool, state, responseText, options = {}) {
const mode = resolveMode(options);
if (mode === 'off' || mode === 'warn-only') return false;
const cls = state?.classification || {};
if (cls.no_skill_found === true) {
return { block: true, reason: 'no_skill_found_block' };
}
const taskType = resolveTaskType(cls);
if (NON_BLOCKING_TASK_TYPES.includes(taskType)) return false;
if (state?.skillInvokedThisTurn === true) return false;
const tag = decodeRoutingTag(responseText);
if (tag?.directJustified) return false;
if (tool === 'Bash' && isReadOnlyBash(options.bashCommand || '')) return false;
if (!['Edit', 'Write', 'MultiEdit', 'Bash'].includes(tool)) return false;
return { block: true, reason: 'direct_in_non_conversation' };
}
export function decideDecision(tool, state, responseText, options = {}) {
const cls = state?.classification || {};
const taskType = resolveTaskType(cls);
const block = shouldBlock(tool, state, responseText, options);
if (block && block.block) {
const recNode = cls.recommendedNode ?? cls.recommended_node ?? '(unknown)';
const recChain = cls.recommendedChain ?? cls.recommended_chain_id;
const chainSuf = recChain ? ` (chain ${recChain})` : '';
const reasonText = block.reason === 'no_skill_found_block'
? `Классификатор не нашёл подходящий узел (no_skill_found). Уточни задачу или дай routing-tag direct_justified. Узел: ${recNode}.`
: `Эта задача классифицирована как ${taskType}. Реестр рекомендует узел ${recNode}${chainSuf}. Вызови соответствующий навык ПЕРВЫМ, либо начни ответ с <!-- routing: direct_justified=true reason="..." --> с явным обоснованием.`;
return { decision: 'block', reason: reasonText, reason_code: block.reason };
}
const mode = resolveMode(options);
if (
mode === 'warn-only'
&& taskType
&& !NON_BLOCKING_TASK_TYPES.includes(taskType)
&& cls.no_skill_found !== true
&& !state?.skillInvokedThisTurn
) {
const recNode = cls.recommendedNode ?? cls.recommended_node ?? '(unknown)';
return {
warning: `[router-gate WARN-ONLY] ${tool} would be blocked — recommended ${recNode}.`,
};
}
return {};
}
function gateMode() {
const path = join(homedir(), '.claude', 'runtime', 'router-gate-mode.json');
if (!existsSync(path)) return 'warn-only';
try {
const data = JSON.parse(readFileSync(path, 'utf-8'));
if (data.mode === 'enforce') return 'enforce';
if (data.mode === 'off') return 'off';
return 'warn-only';
} catch { return 'warn-only'; }
}
function readState(sessionId) {
const path = join(homedir(), '.claude', 'runtime', `router-state-${sessionId}.json`);
if (!existsSync(path)) return null;
try { return JSON.parse(readFileSync(path, 'utf-8')); } catch { return null; }
}
async function main() {
const input = await readStdinAsUtf8(process.stdin);
const event = JSON.parse(input || '{}');
const sessionId = event.session_id || 'unknown';
const tool = event.tool_name;
const state = readState(sessionId);
if (!state) { process.stdout.write(JSON.stringify({})); process.exit(0); return; }
const mode = gateMode();
const responseText = ''; // PreToolUse event doesn't include response
const bashCommand = (event.tool_input || {}).command || '';
const decision = decideDecision(tool, state, responseText, { mode, bashCommand });
if (decision.warning) process.stderr.write(decision.warning + '\n');
process.stdout.write(JSON.stringify(decision.decision ? decision : {}));
process.exit(0);
}
// CLI guard — Windows-cyrillic quirk: use fileURLToPath(import.meta.url)
import { fileURLToPath } from 'url';
import { readStdinAsUtf8 } from './router-stdin-helper.mjs';
if (process.argv[1] && fileURLToPath(import.meta.url) === process.argv[1]) { main(); }
Reference in New Issue View Git Blame Copy Permalink