fix: integrate recent hook and docs PRs (#1905)

Integrates useful changes from #1882, #1884, #1889, #1893, #1898, #1899, and #1903: - fix rule install docs to preserve language directories - correct Ruby security command examples - harden dev-server hook command-substitution parsing - add Prisma patterns skill and catalog/package surfaces - allow first-time protected config creation while blocking existing configs - read cost metrics from Stop hook transcripts - emit suggest-compact additionalContext on stdout Co-authored-by: Jamkris <dltmdgus1412@gmail.com> Co-authored-by: Levi-Evan <levishantz@gmail.com> Co-authored-by: gaurav0107 <gauravdubey0107@gmail.com> Co-authored-by: richm-spp <richard.millar@salarypackagingplus.com.au> Co-authored-by: zomia <zomians@outlook.jp> Co-authored-by: donghyeun02 <donghyeun02@gmail.com>
2026-05-15 13:23:13 +08:00 · 2026-05-14 21:37:28 -04:00
parent d1710bd2e7
commit 375d750b4c
28 changed files with 1350 additions and 188 deletions
--- a/tests/hooks/config-protection.test.js
+++ b/tests/hooks/config-protection.test.js
@@ -4,6 +4,7 @@

 const assert = require('assert');
 const fs = require('fs');
+const os = require('os');
 const path = require('path');
 const { spawnSync } = require('child_process');

@@ -70,85 +71,249 @@ function runTests() {
  let passed = 0;
  let failed = 0;

-  if (test('blocks protected config file edits through run-with-flags', () => {
-    const input = {
-      tool_name: 'Write',
-      tool_input: {
-        file_path: '.eslintrc.js',
-        content: 'module.exports = {};'
+  if (
+    test('blocks protected config file edits through run-with-flags', () => {
+      const tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), 'ecc-config-protect-'));
+      try {
+        const absPath = path.join(tmpDir, '.eslintrc.js');
+        fs.writeFileSync(absPath, 'module.exports = {};');
+
+        const input = {
+          tool_name: 'Write',
+          tool_input: {
+            file_path: absPath,
+            content: 'module.exports = {};'
+          }
+        };
+
+        const result = runHook(input);
+        assert.strictEqual(result.code, 2, 'Expected protected config edit to be blocked');
+        assert.strictEqual(result.stdout, '', 'Blocked hook should not echo raw input');
+        assert.ok(result.stderr.includes('BLOCKED: Modifying .eslintrc.js is not allowed.'), `Expected block message, got: ${result.stderr}`);
+      } finally {
+        try {
+          fs.rmSync(tmpDir, { recursive: true, force: true });
+        } catch {
+          // best-effort cleanup
+        }
      }
-    };
+    })
+  )
+    passed++;
+  else failed++;

-    const result = runHook(input);
-    assert.strictEqual(result.code, 2, 'Expected protected config edit to be blocked');
-    assert.strictEqual(result.stdout, '', 'Blocked hook should not echo raw input');
-    assert.ok(result.stderr.includes('BLOCKED: Modifying .eslintrc.js is not allowed.'), `Expected block message, got: ${result.stderr}`);
-  })) passed++; else failed++;
+  if (
+    test('passes through safe file edits unchanged', () => {
+      const input = {
+        tool_name: 'Write',
+        tool_input: {
+          file_path: 'src/index.js',
+          content: 'console.log("ok");'
+        }
+      };

-  if (test('passes through safe file edits unchanged', () => {
-    const input = {
-      tool_name: 'Write',
-      tool_input: {
-        file_path: 'src/index.js',
-        content: 'console.log("ok");'
-      }
-    };
-
-    const rawInput = JSON.stringify(input);
-    const result = runHook(input);
-    assert.strictEqual(result.code, 0, 'Expected safe file edit to pass');
-    assert.strictEqual(result.stdout, rawInput, 'Expected exact raw JSON passthrough');
-    assert.strictEqual(result.stderr, '', 'Expected no stderr for safe edits');
-  })) passed++; else failed++;
-
-  if (test('blocks truncated protected config payloads instead of failing open', () => {
-    const rawInput = JSON.stringify({
-      tool_name: 'Write',
-      tool_input: {
-        file_path: '.eslintrc.js',
-        content: 'x'.repeat(1024 * 1024 + 2048)
-      }
-    });
-
-    const result = runHook(rawInput);
-    assert.strictEqual(result.code, 2, 'Expected truncated protected payload to be blocked');
-    assert.strictEqual(result.stdout, '', 'Blocked truncated payload should not echo raw input');
-    assert.ok(result.stderr.includes('Hook input exceeded 1048576 bytes'), `Expected size warning, got: ${result.stderr}`);
-    assert.ok(result.stderr.includes('truncated payload'), `Expected truncated payload warning, got: ${result.stderr}`);
-  })) passed++; else failed++;
-
-  if (test('legacy hooks do not echo raw input when they fail without stdout', () => {
-    const pluginRoot = path.join(__dirname, '..', `tmp-runner-plugin-${Date.now()}`);
-    const scriptDir = path.join(pluginRoot, 'scripts', 'hooks');
-    const scriptPath = path.join(scriptDir, 'legacy-block.js');
-
-    try {
-      fs.mkdirSync(scriptDir, { recursive: true });
-      fs.writeFileSync(
-        scriptPath,
-        '#!/usr/bin/env node\nprocess.stderr.write("blocked by legacy hook\\n");\nprocess.exit(2);\n'
-      );
+      const rawInput = JSON.stringify(input);
+      const result = runHook(input);
+      assert.strictEqual(result.code, 0, 'Expected safe file edit to pass');
+      assert.strictEqual(result.stdout, rawInput, 'Expected exact raw JSON passthrough');
+      assert.strictEqual(result.stderr, '', 'Expected no stderr for safe edits');
+    })
+  )
+    passed++;
+  else failed++;

+  if (
+    test('blocks truncated protected config payloads instead of failing open', () => {
      const rawInput = JSON.stringify({
        tool_name: 'Write',
        tool_input: {
          file_path: '.eslintrc.js',
-          content: 'module.exports = {};'
+          content: 'x'.repeat(1024 * 1024 + 2048)
        }
      });

-      const result = runCustomHook(pluginRoot, 'pre:legacy-block', 'scripts/hooks/legacy-block.js', rawInput);
-      assert.strictEqual(result.code, 2, 'Expected failing legacy hook exit code to propagate');
-      assert.strictEqual(result.stdout, '', 'Expected failing legacy hook to avoid raw passthrough');
-      assert.ok(result.stderr.includes('blocked by legacy hook'), `Expected legacy hook stderr, got: ${result.stderr}`);
-    } finally {
+      const result = runHook(rawInput);
+      assert.strictEqual(result.code, 2, 'Expected truncated protected payload to be blocked');
+      assert.strictEqual(result.stdout, '', 'Blocked truncated payload should not echo raw input');
+      assert.ok(result.stderr.includes('Hook input exceeded 1048576 bytes'), `Expected size warning, got: ${result.stderr}`);
+      assert.ok(result.stderr.includes('truncated payload'), `Expected truncated payload warning, got: ${result.stderr}`);
+    })
+  )
+    passed++;
+  else failed++;
+
+  if (
+    test('allows first-time creation of a protected config file', () => {
+      const tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), 'ecc-config-protect-'));
      try {
-        fs.rmSync(pluginRoot, { recursive: true, force: true });
-      } catch {
-        // best-effort cleanup
+        const absPath = path.join(tmpDir, 'eslint.config.mjs');
+        const input = {
+          tool_name: 'Write',
+          tool_input: {
+            file_path: absPath,
+            content: 'export default [];'
+          }
+        };
+
+        const rawInput = JSON.stringify(input);
+        const result = runHook(input);
+        assert.strictEqual(result.code, 0, `Expected exit 0 for first-time creation, got ${result.code}; stderr: ${result.stderr}`);
+        assert.strictEqual(result.stdout, rawInput, 'Expected raw passthrough when creation is allowed');
+        assert.strictEqual(result.stderr, '', `Expected no stderr for first-time creation, got: ${result.stderr}`);
+      } finally {
+        try {
+          fs.rmSync(tmpDir, { recursive: true, force: true });
+        } catch {
+          // best-effort cleanup
+        }
      }
-    }
-  })) passed++; else failed++;
+    })
+  )
+    passed++;
+  else failed++;
+
+  if (
+    test('allows first-time creation when the parent directory does not exist yet', () => {
+      const tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), 'ecc-config-protect-'));
+      try {
+        // Path under a non-existent subdirectory — statSync returns ENOENT
+        // on the final segment, which should be treated as "does not exist"
+        // and allow the write. (Agent or CLI is expected to create parents
+        // during the Write itself; this hook does not need to.)
+        const absPath = path.join(tmpDir, 'no-such-parent', '.prettierrc');
+        const input = {
+          tool_name: 'Write',
+          tool_input: {
+            file_path: absPath,
+            content: '{}'
+          }
+        };
+
+        const rawInput = JSON.stringify(input);
+        const result = runHook(input);
+        assert.strictEqual(result.code, 0, `Expected exit 0 for ENOENT path, got ${result.code}; stderr: ${result.stderr}`);
+        assert.strictEqual(result.stdout, rawInput, 'Expected raw passthrough when path does not exist');
+      } finally {
+        try {
+          fs.rmSync(tmpDir, { recursive: true, force: true });
+        } catch {
+          // best-effort cleanup
+        }
+      }
+    })
+  )
+    passed++;
+  else failed++;
+
+  if (
+    test('blocks protected paths that exist as a dangling symlink', () => {
+      const tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), 'ecc-config-protect-'));
+      try {
+        const missingTarget = path.join(tmpDir, 'nowhere.js');
+        const linkPath = path.join(tmpDir, '.eslintrc.js');
+        try {
+          fs.symlinkSync(missingTarget, linkPath);
+        } catch (err) {
+          // Windows without Developer Mode or certain sandboxes disallow
+          // symlinks. Skip cleanly rather than fail the suite.
+          if (err.code === 'EPERM' || err.code === 'EACCES') {
+            console.log('    (skipped: symlink creation not permitted here)');
+            return;
+          }
+          throw err;
+        }
+
+        const input = {
+          tool_name: 'Write',
+          tool_input: {
+            file_path: linkPath,
+            content: 'module.exports = {};'
+          }
+        };
+
+        const result = runHook(input);
+        assert.strictEqual(result.code, 2, `Expected exit 2 for dangling symlink, got ${result.code}; stderr: ${result.stderr}`);
+        assert.strictEqual(result.stdout, '', 'Blocked hook should not echo raw input');
+        assert.ok(
+          result.stderr.includes('BLOCKED: Modifying .eslintrc.js is not allowed.'),
+          `Expected block message, got: ${result.stderr}`
+        );
+      } finally {
+        try {
+          fs.rmSync(tmpDir, { recursive: true, force: true });
+        } catch {
+          // best-effort cleanup
+        }
+      }
+    })
+  )
+    passed++;
+  else failed++;
+
+  if (
+    test('still blocks writes to an existing protected config file', () => {
+      const tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), 'ecc-config-protect-'));
+      try {
+        const absPath = path.join(tmpDir, '.eslintrc.js');
+        fs.writeFileSync(absPath, 'module.exports = { rules: {} };');
+
+        const input = {
+          tool_name: 'Edit',
+          tool_input: {
+            file_path: absPath,
+            content: 'module.exports = { rules: { "no-console": "off" } };'
+          }
+        };
+
+        const result = runHook(input);
+        assert.strictEqual(result.code, 2, 'Expected exit 2 when modifying an existing protected config');
+        assert.strictEqual(result.stdout, '', 'Blocked hook should not echo raw input');
+        assert.ok(result.stderr.includes('BLOCKED: Modifying .eslintrc.js is not allowed.'), `Expected block message, got: ${result.stderr}`);
+      } finally {
+        try {
+          fs.rmSync(tmpDir, { recursive: true, force: true });
+        } catch {
+          // best-effort cleanup
+        }
+      }
+    })
+  )
+    passed++;
+  else failed++;
+
+  if (
+    test('legacy hooks do not echo raw input when they fail without stdout', () => {
+      const pluginRoot = path.join(__dirname, '..', `tmp-runner-plugin-${Date.now()}`);
+      const scriptDir = path.join(pluginRoot, 'scripts', 'hooks');
+      const scriptPath = path.join(scriptDir, 'legacy-block.js');
+
+      try {
+        fs.mkdirSync(scriptDir, { recursive: true });
+        fs.writeFileSync(scriptPath, '#!/usr/bin/env node\nprocess.stderr.write("blocked by legacy hook\\n");\nprocess.exit(2);\n');
+
+        const rawInput = JSON.stringify({
+          tool_name: 'Write',
+          tool_input: {
+            file_path: '.eslintrc.js',
+            content: 'module.exports = {};'
+          }
+        });
+
+        const result = runCustomHook(pluginRoot, 'pre:legacy-block', 'scripts/hooks/legacy-block.js', rawInput);
+        assert.strictEqual(result.code, 2, 'Expected failing legacy hook exit code to propagate');
+        assert.strictEqual(result.stdout, '', 'Expected failing legacy hook to avoid raw passthrough');
+        assert.ok(result.stderr.includes('blocked by legacy hook'), `Expected legacy hook stderr, got: ${result.stderr}`);
+      } finally {
+        try {
+          fs.rmSync(pluginRoot, { recursive: true, force: true });
+        } catch {
+          // best-effort cleanup
+        }
+      }
+    })
+  )
+    passed++;
+  else failed++;

  console.log(`\nResults: Passed: ${passed}, Failed: ${failed}`);
  process.exit(failed > 0 ? 1 : 0);
--- a/tests/hooks/cost-tracker.test.js
+++ b/tests/hooks/cost-tracker.test.js
@@ -35,6 +35,14 @@ function withTempHome(homeDir) {
  };
 }

+function writeTranscript(filePath, entries) {
+  fs.writeFileSync(
+    filePath,
+    entries.map(entry => JSON.stringify(entry)).join('\n') + '\n',
+    'utf8'
+  );
+}
+
 function runScript(input, envOverrides = {}) {
  const inputStr = typeof input === 'string' ? input : JSON.stringify(input);
  const result = spawnSync('node', [script], {
@@ -64,12 +72,40 @@ function runTests() {
    assert.strictEqual(result.stdout, inputStr, 'Expected stdout to match original input');
  }) ? passed++ : failed++);

-  // 2. Creates metrics file when given valid usage data
-  (test('creates metrics file when given valid usage data', () => {
+  // 2. Creates metrics file when given transcript usage data
+  (test('creates metrics file when given transcript usage data', () => {
    const tmpHome = makeTempDir();
+    const transcriptPath = path.join(tmpHome, 'session.jsonl');
+    writeTranscript(transcriptPath, [
+      { type: 'user', message: { content: 'ignored' } },
+      {
+        type: 'assistant',
+        message: {
+          model: 'claude-sonnet-4-20250514',
+          usage: {
+            input_tokens: 1000,
+            output_tokens: 500,
+            cache_creation_input_tokens: 200,
+            cache_read_input_tokens: 300,
+          },
+        },
+      },
+      { notJsonShape: true },
+      {
+        type: 'assistant',
+        message: {
+          model: 'claude-opus-4-20250514',
+          usage: {
+            input_tokens: 25,
+            output_tokens: 5,
+          },
+        },
+      },
+    ]);
+
    const input = {
-      model: 'claude-sonnet-4-20250514',
-      usage: { input_tokens: 1000, output_tokens: 500 },
+      session_id: 'session-from-hook',
+      transcript_path: transcriptPath,
    };
    const result = runScript(input, withTempHome(tmpHome));
    assert.strictEqual(result.code, 0, `Expected exit code 0, got ${result.code}`);
@@ -79,8 +115,13 @@ function runTests() {

    const content = fs.readFileSync(metricsFile, 'utf8').trim();
    const row = JSON.parse(content);
-    assert.strictEqual(row.input_tokens, 1000, 'Expected input_tokens to be 1000');
-    assert.strictEqual(row.output_tokens, 500, 'Expected output_tokens to be 500');
+    assert.strictEqual(row.session_id, 'session-from-hook', 'Expected input session ID to be recorded');
+    assert.strictEqual(row.transcript_path, transcriptPath, 'Expected transcript_path to be recorded');
+    assert.strictEqual(row.model, 'claude-opus-4-20250514', 'Expected last assistant model to be recorded');
+    assert.strictEqual(row.input_tokens, 1025, 'Expected input_tokens to be summed from transcript');
+    assert.strictEqual(row.output_tokens, 505, 'Expected output_tokens to be summed from transcript');
+    assert.strictEqual(row.cache_write_tokens, 200, 'Expected cache write tokens to be summed from transcript');
+    assert.strictEqual(row.cache_read_tokens, 300, 'Expected cache read tokens to be summed from transcript');
    assert.ok(row.timestamp, 'Expected timestamp to be present');
    assert.ok(typeof row.estimated_cost_usd === 'number', 'Expected estimated_cost_usd to be a number');
    assert.ok(row.estimated_cost_usd > 0, 'Expected estimated_cost_usd to be positive');
--- a/tests/hooks/pre-bash-dev-server-block.test.js
+++ b/tests/hooks/pre-bash-dev-server-block.test.js
@@ -89,6 +89,110 @@ function runTests() {
    assert.strictEqual(result.code, 0, `Expected exit code 0, got ${result.code}`);
  }) ? passed++ : failed++);

+  // --- Subshell bypass regression (issue: dev server slipped past via $(), ``, ()) ---
+
+  if (!isWindows) {
+    (test('blocks $(npm run dev) — command substitution', () => {
+      const result = runScript('$(npm run dev)');
+      assert.strictEqual(result.code, 2, `Expected exit code 2, got ${result.code}`);
+      assert.ok(result.stderr.includes('BLOCKED'), 'expected BLOCKED in stderr');
+    }) ? passed++ : failed++);
+
+    (test('blocks `npm run dev` — backtick substitution', () => {
+      const result = runScript('`npm run dev`');
+      assert.strictEqual(result.code, 2, `Expected exit code 2, got ${result.code}`);
+    }) ? passed++ : failed++);
+
+    (test('blocks echo $(npm run dev) — substitution nested in argument', () => {
+      const result = runScript('echo $(npm run dev)');
+      assert.strictEqual(result.code, 2, `Expected exit code 2, got ${result.code}`);
+    }) ? passed++ : failed++);
+
+    (test('blocks (npm run dev) — plain subshell group', () => {
+      const result = runScript('(npm run dev)');
+      assert.strictEqual(result.code, 2, `Expected exit code 2, got ${result.code}`);
+    }) ? passed++ : failed++);
+
+    (test('blocks $(echo a; npm run dev) — substitution with sequenced segments', () => {
+      const result = runScript('$(echo a; npm run dev)');
+      assert.strictEqual(result.code, 2, `Expected exit code 2, got ${result.code}`);
+    }) ? passed++ : failed++);
+
+    (test('blocks (pnpm dev) — plain subshell group with pnpm', () => {
+      const result = runScript('(pnpm dev)');
+      assert.strictEqual(result.code, 2, `Expected exit code 2, got ${result.code}`);
+    }) ? passed++ : failed++);
+
+    (test('allows tmux launcher inside subshell wrapping (exit code 0)', () => {
+      const result = runScript('(tmux new-session -d -s dev "npm run dev")');
+      assert.strictEqual(result.code, 0, `Expected exit code 0, got ${result.code}`);
+    }) ? passed++ : failed++);
+
+    (test('allows single-quoted "(npm run dev)" — literal string, not a subshell', () => {
+      const result = runScript("git commit -m '(npm run dev)'");
+      assert.strictEqual(result.code, 0, `Expected exit code 0, got ${result.code}`);
+    }) ? passed++ : failed++);
+
+    (test('allows double-quoted "(npm run dev)" — literal in double quotes (bash does not subshell)', () => {
+      const result = runScript('echo "(npm run dev)"');
+      assert.strictEqual(result.code, 0, `Expected exit code 0, got ${result.code}`);
+    }) ? passed++ : failed++);
+
+    (test("allows single-quoted '$(npm run dev)' — literal string, no substitution", () => {
+      const result = runScript("git commit -m '$(npm run dev) fix'");
+      assert.strictEqual(result.code, 0, `Expected exit code 0, got ${result.code}`);
+    }) ? passed++ : failed++);
+  }
+
+  // --- Round 1 review fixes (Greptile + CodeRabbit on PR #1889) ---
+
+  if (!isWindows) {
+    (test('blocks $(echo ")"; (npm run dev)) — quoted ) does not terminate $() early', () => {
+      const result = runScript('$(echo ")"; (npm run dev))');
+      assert.strictEqual(result.code, 2, `Expected exit code 2, got ${result.code}`);
+    }) ? passed++ : failed++);
+
+    (test('blocks (echo ")"; npm run dev) — quoted ) does not terminate (...) early', () => {
+      const result = runScript('(echo ")"; npm run dev)');
+      assert.strictEqual(result.code, 2, `Expected exit code 2, got ${result.code}`);
+    }) ? passed++ : failed++);
+
+    (test('allows $(echo "(npm run dev)") — () inside double-quoted substitution body is literal', () => {
+      const result = runScript('$(echo "(npm run dev)")');
+      assert.strictEqual(result.code, 0, `Expected exit code 0, got ${result.code}`);
+    }) ? passed++ : failed++);
+
+    (test('blocks { npm run dev; } — brace group runs in current shell', () => {
+      const result = runScript('{ npm run dev; }');
+      assert.strictEqual(result.code, 2, `Expected exit code 2, got ${result.code}`);
+    }) ? passed++ : failed++);
+
+    (test('blocks echo hi && { npm run dev; } — brace group after &&', () => {
+      const result = runScript('echo hi && { npm run dev; }');
+      assert.strictEqual(result.code, 2, `Expected exit code 2, got ${result.code}`);
+    }) ? passed++ : failed++);
+
+    (test('allows {npm run dev} — bash requires space after { to form a group', () => {
+      const result = runScript('{npm run dev}');
+      assert.strictEqual(result.code, 0, `Expected exit code 0, got ${result.code}`);
+    }) ? passed++ : failed++);
+
+    (test('blocks yarn run dev — yarn 1.x convention', () => {
+      const result = runScript('yarn run dev');
+      assert.strictEqual(result.code, 2, `Expected exit code 2, got ${result.code}`);
+    }) ? passed++ : failed++);
+
+    (test('blocks bun dev — bun bare form', () => {
+      const result = runScript('bun dev');
+      assert.strictEqual(result.code, 2, `Expected exit code 2, got ${result.code}`);
+    }) ? passed++ : failed++);
+
+    (test('blocks "$(npm run dev)" — double-quoted substitution still substitutes', () => {
+      const result = runScript('echo "$(npm run dev)"');
+      assert.strictEqual(result.code, 2, `Expected exit code 2, got ${result.code}`);
+    }) ? passed++ : failed++);
+  }
+
  // --- Edge cases ---

  (test('empty/invalid input passes through (exit code 0)', () => {
--- a/tests/hooks/suggest-compact.test.js
+++ b/tests/hooks/suggest-compact.test.js
@@ -366,6 +366,66 @@ function runTests() {
  })) passed++;
  else failed++;

+  // ── hookSpecificOutput JSON on stdout ──
+  // Claude Code 2.1+ drops non-blocking PreToolUse stderr; the suggestion has
+  // to ride on stdout as { hookSpecificOutput: { additionalContext } } to reach
+  // the model. These tests pin that contract.
+  console.log('\nhookSpecificOutput stdout JSON:');
+
+  if (test('emits hookSpecificOutput.additionalContext on stdout at threshold', () => {
+    const { sessionId, counterFile, cleanup } = createCounterContext();
+    cleanup();
+    fs.writeFileSync(counterFile, '49');
+    const result = runCompact({ CLAUDE_SESSION_ID: sessionId });
+    assert.strictEqual(result.code, 0, 'Should exit 0');
+    assert.ok(result.stdout.trim().length > 0, `Expected stdout payload at threshold. Got: "${result.stdout}"`);
+    const parsed = JSON.parse(result.stdout);
+    assert.strictEqual(parsed.hookSpecificOutput.hookEventName, 'PreToolUse',
+      `hookEventName should be PreToolUse. Got: ${JSON.stringify(parsed)}`);
+    assert.ok(parsed.hookSpecificOutput.additionalContext.includes('50 tool calls reached'),
+      `additionalContext should include threshold text. Got: ${parsed.hookSpecificOutput.additionalContext}`);
+    cleanup();
+  })) passed++;
+  else failed++;
+
+  if (test('emits hookSpecificOutput.additionalContext on stdout at +25 interval', () => {
+    const { sessionId, counterFile, cleanup } = createCounterContext();
+    cleanup();
+    // threshold=3, set counter to 27 → next run = 28 → 28-3=25 → interval hit
+    fs.writeFileSync(counterFile, '27');
+    const result = runCompact({ CLAUDE_SESSION_ID: sessionId, COMPACT_THRESHOLD: '3' });
+    assert.strictEqual(result.code, 0, 'Should exit 0');
+    assert.ok(result.stdout.trim().length > 0, `Expected stdout payload at interval. Got: "${result.stdout}"`);
+    const parsed = JSON.parse(result.stdout);
+    assert.strictEqual(parsed.hookSpecificOutput.hookEventName, 'PreToolUse');
+    assert.ok(parsed.hookSpecificOutput.additionalContext.includes('28 tool calls'),
+      `additionalContext should include count. Got: ${parsed.hookSpecificOutput.additionalContext}`);
+    cleanup();
+  })) passed++;
+  else failed++;
+
+  if (test('emits no stdout below threshold (silent)', () => {
+    const { sessionId, cleanup } = createCounterContext();
+    cleanup();
+    const result = runCompact({ CLAUDE_SESSION_ID: sessionId, COMPACT_THRESHOLD: '5' });
+    assert.strictEqual(result.code, 0);
+    assert.strictEqual(result.stdout.trim(), '',
+      `Expected empty stdout below threshold. Got: "${result.stdout}"`);
+    cleanup();
+  })) passed++;
+  else failed++;
+
+  if (test('still writes [StrategicCompact] to stderr (debug log retained)', () => {
+    const { sessionId, counterFile, cleanup } = createCounterContext();
+    cleanup();
+    fs.writeFileSync(counterFile, '49');
+    const result = runCompact({ CLAUDE_SESSION_ID: sessionId });
+    assert.ok(result.stderr.includes('[StrategicCompact]'),
+      `stderr should retain [StrategicCompact] for debug log capture. Got: "${result.stderr}"`);
+    cleanup();
+  })) passed++;
+  else failed++;
+
  // ── Round 64: default session ID fallback ──
  console.log('\nDefault session ID fallback (Round 64):');