docs(superpowers): economy-mode hook bypass closure spec + plan
6-component architecture (permissions block + 5 hooks) closing 8 critical/high
bypass paths: settings disable (H1), hook script edit (H2), prompt injection
(H4), state file delete (H6), subagent inheritance (H7), PostCompact loss
(H8), retry exhaustion (H9), verifier endpoint failure (H10), tool output
spoofing (H12), no-claim bypass (H13).
End-of-prompt parsing for "экономия N%". Shared state file in $TEMP.
Sonnet 4.6 verifier on Stop with decision:"block" + max 3 retry → escalate.
Spec: 964 lines, 12 sections.
Plan: 7 stages with TDD per task.
Runtime cost: ~\$7-14/month.
Stage 0 ratchet verified: auto-mode classifier blocks subagent Write on hook
scripts AND Bash heredoc bypass on settings.json.
Also adds 4 cspell vocabulary terms (парсингом/промпт/Mojibake/sed) used
in the new spec.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Дмитрий
67cb2cc946