Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 14 additions & 2 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -444,7 +444,7 @@ python-coverage: ensure-uv ## Run Python tests with coverage enforcement.
@$(UV) run coverage report --fail-under="$(PYTHON_COVERAGE_MIN)"
@$(UV) run coverage xml -o "$(GO_COVERAGE_DIR)/coverage-python.xml"

check: check-local-artifacts test check-tool-configs check-gemini-prompts check-agent-skills go-test go-e2e-test ## Run the repo's current verification gate.
check: check-local-artifacts test check-tool-configs check-gemini-prompts check-agent-skills check-provider-matrix go-test go-e2e-test ## Run the repo's current verification gate.

check-local-artifacts: ## Fail if local build artifacts escaped managed output dirs.
@$(call print_step,Checking for unmanaged local build artifacts)
Expand Down Expand Up @@ -574,7 +574,19 @@ check-agent-skills: ensure-hook-runtime ## Fail if provider skill surfaces are o
@"$(GO_TOOLS_BIN_DIR)/coding-ethos-policy" \
check-agent-skills --ethos-root "$(LOCAL_REPO_ROOT)" $(AGENT_SKILL_FLAGS)

build: sync-tool-configs sync-consumer-tool-configs sync-gemini-prompts _sync-agent-skills _sync-consumer-agent-skills go-tools-install repair-repo-ignores _sync-git-hooks _sync-agent-hooks _sync-consumer-agent-hooks managed-toolchain-install go-hook-runner-install policy-bundle-install _sync-parent-hook-runtime ## Build checkout-local hook runtime artifacts.
sync-provider-matrix: ensure-go go-tools-install ## Generate the provider capability matrix.
@$(call print_step,Syncing provider capability matrix)
@$(call print_info,repo: $(LOCAL_REPO_ROOT))
@"$(GO_TOOLS_BIN_DIR)/coding-ethos-agent-hooks" \
sync-provider-matrix --root "$(LOCAL_REPO_ROOT)"

check-provider-matrix: ensure-go go-tools-install ## Fail if the provider capability matrix is out of sync.
@$(call print_step,Checking provider capability matrix)
@$(call print_info,repo: $(LOCAL_REPO_ROOT))
@"$(GO_TOOLS_BIN_DIR)/coding-ethos-agent-hooks" \
check-provider-matrix --root "$(LOCAL_REPO_ROOT)"

build: sync-tool-configs sync-consumer-tool-configs sync-gemini-prompts _sync-agent-skills _sync-consumer-agent-skills sync-provider-matrix go-tools-install repair-repo-ignores _sync-git-hooks _sync-agent-hooks _sync-consumer-agent-hooks managed-toolchain-install go-hook-runner-install policy-bundle-install _sync-parent-hook-runtime ## Build checkout-local hook runtime artifacts.
Comment thread
coderabbitai[bot] marked this conversation as resolved.

sandbox-runtime-validate: ensure-go go-tools-install ## Validate required sandbox runtime.
@$(call print_step,Validating native sandbox runtime)
Expand Down
19 changes: 6 additions & 13 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -1555,13 +1555,10 @@ bin/coding-ethos-run agent-hooks verify
```

Agent hook generation is all-or-nothing. `sync` writes every supported
repo-local surface:

| Provider | Native file | Coverage |
| --- | --- | --- |
| Claude | `.claude/settings.local.json`, `.mcp.json` | full runtime hook set plus MCP stdio server |
| Codex | `.codex/config.toml` | native supported hook events plus MCP stdio server |
| Gemini CLI | `.gemini/settings.json` | native supported hook events plus MCP stdio server |
repo-local surface. Provider support levels, native settings files, hook events,
MCP setup, generated targets, memory behavior, response shapes, and unsupported
surfaces are generated from the registry into
[Provider Capability Matrix](docs/PROVIDER_CAPABILITY_MATRIX.md).

Codex runs one native command hook per supported event so current Codex
sessions enter the same policy runtime without depending on unstable tool
Expand Down Expand Up @@ -1664,12 +1661,8 @@ and carries the denial details in the JSON result instead of duplicating a
second compact denial line on stderr.

Provider output uses the strongest native shape each agent supports:

| Provider | Block shape | Context/advice shape |
| --- | --- | --- |
| Claude | `hookSpecificOutput.permissionDecision = deny` | full `hookSpecificOutput`, including `updatedInput` |
| Codex | `decision: "block"` plus `permissionDecision: "deny"` for `PreToolUse`; JSON-mode block details on stdout with empty stderr | compact native `additionalContext` for supported lifecycle/post-tool advice; compact `systemMessage` only where Codex exposes no `additionalContext` |
| Gemini | `decision: "deny"` plus `systemMessage` | `additionalContext` on supported lifecycle hooks |
the generated [Provider Capability Matrix](docs/PROVIDER_CAPABILITY_MATRIX.md)
is the source of truth for block response and context/advice shapes.

### Agent-Hook Scope

Expand Down
5 changes: 5 additions & 0 deletions docs/INTEGRATIONS.md
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,11 @@
work: local Git hooks, AI coding assistants, MCP clients, GitHub Actions, GitLab
CI, SARIF consumers, and managed static-analysis tools.

The generated [Provider Capability Matrix](PROVIDER_CAPABILITY_MATRIX.md) is the
source of truth for provider ids, supported hook events, block and advice shapes,
MCP setup, generated targets, memory behavior, caveats, and verification
fixtures.

## Codex

Generated Codex surfaces include:
Expand Down
257 changes: 257 additions & 0 deletions docs/PROVIDER_CAPABILITY_MATRIX.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,257 @@
<!-- SPDX-FileCopyrightText: 2026 Blackcat Informatics Inc. <paudley@blackcat.ca> -->
<!-- SPDX-License-Identifier: AGPL-3.0-only -->

<!-- Source: go/internal/agenthooks/provider_capabilities.go.
Regenerate with make sync-provider-matrix.
-->
# Provider Capability Matrix

This report is generated from the provider capability registry.
It lists supported, partially supported, and unsupported adapter surfaces.

## Coverage Summary

| Provider | Display name | Coverage |
| --- | --- | --- |
| `claude` | Claude Code | full |
| `codex` | Codex | partial |
| `gemini` | Gemini CLI | partial |
| `generic` | Generic fallback | unsupported |

## Provider Details

### Claude Code

- Provider id: `claude`
- Coverage: full
- Settings target: .claude/settings.local.json
- MCP setup: project .mcp.json stdio server
- Block response shape: hookSpecificOutput.permissionDecision = deny
- Context/advice shape: hookSpecificOutput additionalContext and updatedInput
- Memory interception: provider memory imports into .coding-ethos/memories
- Memory fallback: central memory guidance when writes target managed paths
- Verification: `TestSyncAndVerifySettingsRunsProviderSmokePayloads`

Native settings:

- .claude/settings.local.json
- .mcp.json

Hook events:

- PreToolUse
- PostToolUse
- PostToolBatch
- PreCompact
- SessionStart
- UserPromptSubmit
- Stop
- SessionEnd
- SubagentStart
- SubagentStop

Generated targets:

- CLAUDE.md
- .claude/skills/*/SKILL.md
- .claude/ethos/MEMORY.md
- .mcp.json

Supported surfaces:

- PreToolUse block
- PreToolUse updatedInput rewrite
- PostToolUse additionalContext
- PostToolUse edit verification advice
- PostToolBatch additionalContext
- PreCompact capture
- SessionStart additionalContext
- UserPromptSubmit additionalContext
- Stop additionalContext
- SessionEnd additionalContext
- SubagentStart additionalContext
- SubagentStop additionalContext
- MCP stdio server

Partially supported surfaces:

- none

Unsupported surfaces:

- none

Safety caveats:

- none

### Codex

- Provider id: `codex`
- Coverage: partial
- Settings target: .codex/config.toml
- MCP setup: .codex/config.toml mcp_servers.coding-ethos stdio server
- Block response shape: decision = block plus permissionDecision = deny for PreToolUse
- Context/advice shape: additionalContext where native; compact systemMessage otherwise
- Memory interception: provider memory imports into .coding-ethos/memories
- Memory fallback: memory.centralized denial points at the central memory file
- Verification: `TestSyncAndVerifySettingsRunsProviderSmokePayloads`

Native settings:

- .codex/config.toml

Hook events:

- PreToolUse
- PostToolUse
- SessionStart
- UserPromptSubmit
- Stop

Generated targets:

- AGENTS.md
- .codex/skills/*/SKILL.md
- .codex/config.toml

Supported surfaces:

- PreToolUse block
- PreToolUse native command hook
- PreToolUse apply_patch/edit policy hook
- PostToolUse compact additionalContext
- PostToolUse edit verification advice
- SessionStart additionalContext
- UserPromptSubmit additionalContext
- Stop compact systemMessage
- MCP stdio server

Partially supported surfaces:

- lifecycle context is compacted because Codex flattens multiline allowed context

Unsupported surfaces:

- PreToolUse updatedInput rewrite
- PostToolBatch additionalContext
- SessionEnd additionalContext
- SubagentStart additionalContext
- SubagentStop additionalContext

Safety caveats:

- none

### Gemini CLI

- Provider id: `gemini`
- Coverage: partial
- Settings target: .gemini/settings.json
- MCP setup: .gemini/settings.json mcpServers.coding-ethos stdio server
- Block response shape: decision = deny plus systemMessage
- Context/advice shape: additionalContext on supported lifecycle hooks
- Memory interception: provider memory imports into .coding-ethos/memories
- Memory fallback: memory.centralized denial points at the central memory file
- Verification: `TestSyncAndVerifySettingsRunsProviderSmokePayloads`

Native settings:

- .gemini/settings.json

Hook events:

- BeforeTool
- AfterTool
- BeforeAgent
- AfterAgent
- SessionStart
- SessionEnd

Generated targets:

- GEMINI.md
- .gemini/extensions/coding-ethos/gemini-extension.json
- .gemini/extensions/coding-ethos/skills/*/SKILL.md
- .coding-ethos/gemini/prompt-pack.json
- .gemini/settings.json

Supported surfaces:

- BeforeTool deny
- BeforeTool systemMessage
- PreToolUse updatedInput rewrite
- AfterTool additionalContext
- AfterTool edit verification advice
- BeforeAgent additionalContext
- AfterAgent additionalContext
- SessionStart additionalContext
- SessionEnd additionalContext
- MCP stdio server

Partially supported surfaces:

- BeforeTool maps to PreToolUse for run_shell_command, write_file, replace, and MultiEdit
- AfterTool maps to PostToolUse for run_shell_command, write_file, replace, and MultiEdit

Unsupported surfaces:

- PostToolBatch additionalContext
- PreCompact capture
- SubagentStart additionalContext
- SubagentStop additionalContext

Safety caveats:

- none

### Generic fallback

- Provider id: `generic`
- Coverage: unsupported
- Settings target: none
- MCP setup: manual stdio MCP client configuration
- Block response shape: none; no provider-native hook decision shape
- Context/advice shape: portable Markdown and MCP responses only
- Memory interception: none; providers must write central memory directly
- Memory fallback: read and write .coding-ethos/memories/MEMORY.md
- Verification: `TestProviderCapabilityMatrixSyncAndCheckDetectDrift`

Native settings:

- none

Hook events:

- none

Generated targets:

- AGENTS.md
- ETHOS.md
- .agents/ethos/*.md
- .agents/skills/*/SKILL.md

Supported surfaces:

- portable root guidance
- portable ETHOS.md guidance
- portable skill surfaces
- manual MCP stdio server configuration

Partially supported surfaces:

- none

Unsupported surfaces:

- native hook settings generation
- provider-native block response
- provider-native context injection
- provider-native updatedInput rewrite
- automatic memory write interception

Safety caveats:

- generic fallback providers must route policy checks through MCP or explicit CLI commands
- generic fallback providers do not receive automatic provider-native hook enforcement
3 changes: 3 additions & 0 deletions docs/index.md
Original file line number Diff line number Diff line change
Expand Up @@ -71,6 +71,9 @@ Code, Gemini CLI, and human contributors need the same enforceable rules.
- [Integrations](INTEGRATIONS.md): setup notes for Codex, Claude Code, Gemini
CLI, MCP clients, GitHub Actions, GitLab CI, SARIF consumers, and managed
tools.
- [Provider capability matrix](PROVIDER_CAPABILITY_MATRIX.md): generated
adapter support, partial-support, unsupported-surface, MCP, memory, and
verification coverage by provider.
- [Runtime sandboxing](RUNTIME_SANDBOXING.md): native namespaces, cgroups, seccomp,
network isolation, and least-privilege tool capabilities.
- [Red-team suite](RED_TEAM_SUITE.md): adversarial coverage for hook bypass,
Expand Down
Loading
Loading