feat: v6.3.0 pipeline hardening — auth/authz bug-class, pr-monitoring pattern, completion trust-boundary, hook stdout-JSON discipline, reminder dedup (#41/#58/#59/#60/#61)

[intel352]

Summary

v6.3.0 pipeline-hardening release closing 5 recurring gate-miss / context-waste issues (one coherent PR, full pipeline: 3 design + 2 plan adversarial cycles, alignment PASS, scope locked, two-stage review APPROVED).

Closes #41, #58, #59, #60, #61.

Design / Plan / ADR

• Design: docs/plans/2026-06-01-pipeline-hardening-4issues-design.md (adversarial PASS @ cycle 3)
• Plan: docs/plans/2026-06-01-pipeline-hardening-4issues.md (plan-phase PASS @ cycle 2; alignment PASS; scope locked)
• ADR 0003 — Implement-N completion is a lead-verified trust boundary, not a hook-blocked invariant (the hard-block is infeasible).

Changes

• adversarial-design-review (plan phase): add auth/authz chain-composition bug class #59 adversarial-design-review — new plan-phase auth/authz chain-composition bug-class: walk the design's auth chain vs the plan's wiring; flag any gate enforced by a client-asserted value instead of server-side against an authenticated principal.
• pr-monitoring: background monitor agent exits after first cycle instead of looping #60 pr-monitoring — sanctioned, host-scoped bash poll-loop CI-wait (claude-code: bounded run_in_background sleep-loop that blocks + re-invokes the lead once; codex/cursor: self-poll fallback). The prior background-Agent monitor early-exited ~6×/run.
• subagent-driven-development: enforce 'only code-reviewer flips Implement-N to completed' #58 subagent-driven-development + team-conventions — completion trust-boundary: a flipped Implement: N is a claim, not evidence; the lead runs verification-before-completion before trusting it. Hard-block infeasible (pre-tool payload lacks task subject + caller) → ADR 0003.
• PreCompact hook can emit invalid JSON #41 run-hook.cmd — stdout JSON discipline: capture each hook's stdout, emit only valid-JSON-or-empty, recover a block decision even when a locale/diagnostic warning precedes it (route noise to stderr; jq-absent passthrough). New tests/hook-stdout-discipline.sh.
• pretool-pr-review-reminder: emit gh-version/Copilot guidance once per session, not per PR #61 pretool-pr-review-reminder — emit the gh/Copilot reminder once per session (quote-strip match so a quoted --body mentioning gh pr create doesn't trip it; deduped via .claude/autodev-state marker), reset by pre-compact-snapshot so it re-emits once post-compaction.
• CI — new hooks-check.yml runs the hook contract + stdout-discipline tests on any hooks//test change (so these fixes are regression-gated; a test that never runs is theater).
• Version 6.2.2 → 6.3.0.

Verification

• tests/hook-stdout-discipline.sh — 0 failures (4 cases: warning+block-JSON recovered, noise→stderr, clean passthrough, jq-absent passthrough).
• tests/hook-contracts.sh — all pass (real hooks through the new wrapper; pretool-pr-review-reminder: emit gh-version/Copilot guidance once per session, not per PR #61 dedup/reset/false-positive/no-transcript).
• tests/skill-content-grep.sh / skill-cross-refs.sh / version-check.sh — PASS.
• Two-stage code review APPROVED (fixed grep -vxF full-line diagnostic routing + atomic marker rewrite).

🤖 Generated with Claude Code

[Copilot]

Pull request overview

v6.3.0 “pipeline hardening” release that addresses recurring autonomy pipeline issues by strengthening hook robustness (stdout JSON discipline), reducing repeated reminder noise (session dedup + reset), and documenting new review/process guardrails (auth/authz chain composition, CI wait pattern, completion trust boundary). It also adds CI coverage for hook regression tests and bumps plugin version + release notes.

Changes:

• Harden hooks/run-hook.cmd to emit valid-JSON-or-empty on stdout (recover block JSON behind warnings) + add a dedicated stdout-discipline regression test.
• Add once-per-session dedup for pretool-pr-review-reminder, reset on pre-compact-snapshot, and expand hook contract tests accordingly.
• Document new plan-phase auth/authz chain-composition bug-class, pr-monitoring CI-wait polling pattern, and Implement-N completion trust boundary; add CI workflow to run hook tests; bump to 6.3.0 with release notes.

Reviewed changes

Copilot reviewed 18 out of 18 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
tests/hook-stdout-discipline.sh	New regression test verifying wrapper stdout JSON discipline and jq-absent passthrough.
tests/hook-contracts.sh	Adds contract coverage for pr-review reminder dedup + post-compaction reset behavior.
skills/subagent-driven-development/SKILL.md	Documents “completion is not trusted until lead-verified” trust boundary.
skills/pr-monitoring/SKILL.md	Documents host-scoped, sanctioned CI-wait polling pattern (bash loop vs background agent).
skills/adversarial-design-review/SKILL.md	Adds plan-phase auth/authz chain-composition bug-class row.
RELEASE-NOTES.md	Adds v6.3.0 release notes summarizing the hardening changes.
hooks/run-hook.cmd	Captures hook stdout and enforces valid-JSON-or-empty output when jq is available.
hooks/pretool-pr-review-reminder	Adds quote-stripped matching and once-per-session reminder dedup marker.
hooks/pre-compact-snapshot	Clears pr-reminder marker for the current session prior to early-exit, enabling re-emit post-compaction.
docs/plans/2026-06-01-pipeline-hardening-4issues.md.scope-lock	Adds scope-lock hash for the v6.3.0 plan.
docs/plans/2026-06-01-pipeline-hardening-4issues.md	Adds implementation plan detailing tasks, verification, and rollout.
docs/plans/2026-06-01-pipeline-hardening-4issues-design.md	Adds design doc covering goals, non-goals, and rationale/ADR references.
decisions/0003-implement-n-completion-trust-boundary.md	Adds ADR documenting why completion is a trust boundary (lead verification) vs hook-enforced invariant.
agents/team-conventions.md	Updates role rules for Implement-N completion discipline + lead verification gate.
.github/workflows/hooks-check.yml	Adds CI workflow intended to run hook contract + stdout-discipline tests on relevant changes.
.cursor-plugin/plugin.json	Version bump to 6.3.0.
.claude-plugin/plugin.json	Version bump to 6.3.0.
.claude-plugin/marketplace.json	Version bump to 6.3.0.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[intel352]

Review addressed in c19accf:

• CodeQL (no permissions): added an explicit permissions: contents: read block. ✅
• Copilot (pull_request path filter): added .github/workflows/hooks-check.yml to the pull_request.paths so changes to the workflow itself trigger it on PRs. ✅
• Copilot (jobs: indented under on: → invalid YAML): respectfully not actioned — jobs: is at column 0 (top-level) and the workflow ran green on this PR (9/9 checks, the hooks jobs passed), which is direct evidence the YAML is valid. python3 -c 'yaml.safe_load(...)' also parses it clean.

[Copilot]

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.