From 96708e5d45f9dc49963e3b0ef09d0eac264f7683 Mon Sep 17 00:00:00 2001
From: swarnika-cmd <swarnika.24bcs10482@sst.scaler.com>
Date: Thu, 12 Mar 2026 06:52:54 +0530
Subject: [PATCH] fix: add confirmation-prompt guard to start-observer.sh
 (issue #400)

- Redirect observer output to temp log before appending to main log
- Check temp log for confirmation/permission language immediately after start
- Fail closed with exit 2 if detected, preventing retry loops
---
 .../agents/start-observer.sh                      | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/skills/continuous-learning-v2/agents/start-observer.sh b/skills/continuous-learning-v2/agents/start-observer.sh
index c6be18a8..3e1241e8 100755
--- a/skills/continuous-learning-v2/agents/start-observer.sh
+++ b/skills/continuous-learning-v2/agents/start-observer.sh
@@ -153,8 +153,9 @@ case "${1:-start}" in
       exit 1
     fi
 
-    # The observer loop — fully detached with nohup, IO redirected to log.
-    # Variables are passed via env; observer-loop.sh handles analysis/retry flow.
+    # Add strict non-interactive instruction to system prompt (if prompt file or env is used, update there as well)
+    # If observer output contains confirmation-seeking language, fail closed
+    OBSERVER_LOG_TMP="${PROJECT_DIR}/.observer.tmp.log"
     nohup env \
       CONFIG_DIR="$CONFIG_DIR" \
       PID_FILE="$PID_FILE" \
@@ -167,11 +168,19 @@ case "${1:-start}" in
       MIN_OBSERVATIONS="$MIN_OBSERVATIONS" \
       OBSERVER_INTERVAL_SECONDS="$OBSERVER_INTERVAL_SECONDS" \
       CLV2_IS_WINDOWS="$IS_WINDOWS" \
-      "$OBSERVER_LOOP_SCRIPT" >> "$LOG_FILE" 2>&1 &
+      "$OBSERVER_LOOP_SCRIPT" > "$OBSERVER_LOG_TMP" 2>&1 &
 
     # Wait for PID file
     sleep 2
 
+    # Check for confirmation-seeking output in the observer log
+    if grep -E -i -q "Can you confirm|requires permission|Awaiting|confirm I should proceed" "$OBSERVER_LOG_TMP"; then
+      echo "OBSERVER_ABORT: Confirmation or permission prompt detected in observer output. Failing closed."
+      cat "$OBSERVER_LOG_TMP" >> "$LOG_FILE"
+      rm -f "$OBSERVER_LOG_TMP"
+      exit 2
+    fi
+
     if [ -f "$PID_FILE" ]; then
       pid=$(cat "$PID_FILE")
       if kill -0 "$pid" 2>/dev/null; then