Merge pull request #403 from swarnika-cmd/main

fix: background observer fails closed on confirmation/permission prompts (#400)

skills/continuous-learning-v2/agents/start-observer.sh

@@ -8,9 +8,10 @@
 #       project-specific observations into project-scoped instincts.
 #
 # Usage:
-#   start-observer.sh        # Start observer for current project (or global)
-#   start-observer.sh stop   # Stop running observer
-#   start-observer.sh status # Check if observer is running
+#   start-observer.sh              # Start observer for current project (or global)
+#   start-observer.sh --reset      # Clear lock and restart observer for current project
+#   start-observer.sh stop         # Stop running observer
+#   start-observer.sh status       # Check if observer is running
 
 set -e
 
@@ -41,6 +42,31 @@ PID_FILE="${PROJECT_DIR}/.observer.pid"
 LOG_FILE="${PROJECT_DIR}/observer.log"
 OBSERVATIONS_FILE="${PROJECT_DIR}/observations.jsonl"
 INSTINCTS_DIR="${PROJECT_DIR}/instincts/personal"
+SENTINEL_FILE="${CLV2_OBSERVER_SENTINEL_FILE:-${PROJECT_ROOT:-$PROJECT_DIR}/.observer.lock}"
+
+write_guard_sentinel() {
+  printf '%s\n' 'observer paused: confirmation or permission prompt detected; rerun start-observer.sh --reset after reviewing observer.log' > "$SENTINEL_FILE"
+}
+
+stop_observer_if_running() {
+  if [ -f "$PID_FILE" ]; then
+    pid=$(cat "$PID_FILE")
+    if kill -0 "$pid" 2>/dev/null; then
+      echo "Stopping observer for ${PROJECT_NAME} (PID: $pid)..."
+      kill "$pid"
+      rm -f "$PID_FILE"
+      echo "Observer stopped."
+      return 0
+    fi
+
+    echo "Observer not running (stale PID file)."
+    rm -f "$PID_FILE"
+    return 1
+  fi
+
+  echo "Observer not running."
+  return 1
+}
 
 # Read config values from config.json
 OBSERVER_INTERVAL_MINUTES=5
@@ -87,22 +113,31 @@ case "$UNAME_LOWER" in
   *mingw*|*msys*|*cygwin*) IS_WINDOWS=true ;;
 esac
 
-case "${1:-start}" in
+ACTION="start"
+RESET_OBSERVER=false
+
+for arg in "$@"; do
+  case "$arg" in
+    start|stop|status)
+      ACTION="$arg"
+      ;;
+    --reset)
+      RESET_OBSERVER=true
+      ;;
+    *)
+      echo "Usage: $0 [start|stop|status] [--reset]"
+      exit 1
+      ;;
+  esac
+done
+
+if [ "$RESET_OBSERVER" = "true" ]; then
+  rm -f "$SENTINEL_FILE"
+fi
+
+case "$ACTION" in
   stop)
-    if [ -f "$PID_FILE" ]; then
-      pid=$(cat "$PID_FILE")
-      if kill -0 "$pid" 2>/dev/null; then
-        echo "Stopping observer for ${PROJECT_NAME} (PID: $pid)..."
-        kill "$pid"
-        rm -f "$PID_FILE"
-        echo "Observer stopped."
-      else
-        echo "Observer not running (stale PID file)."
-        rm -f "$PID_FILE"
-      fi
-    else
-      echo "Observer not running."
-    fi
+    stop_observer_if_running || true
     exit 0
     ;;
 
@@ -153,8 +188,10 @@ case "${1:-start}" in
       exit 1
     fi
 
-    # The observer loop — fully detached with nohup, IO redirected to log.
-    # Variables are passed via env; observer-loop.sh handles analysis/retry flow.
+    mkdir -p "$PROJECT_DIR"
+    touch "$LOG_FILE"
+    start_line=$(wc -l < "$LOG_FILE" 2>/dev/null || echo 0)
+
     nohup env \
       CONFIG_DIR="$CONFIG_DIR" \
       PID_FILE="$PID_FILE" \
@@ -167,11 +204,20 @@ case "${1:-start}" in
       MIN_OBSERVATIONS="$MIN_OBSERVATIONS" \
       OBSERVER_INTERVAL_SECONDS="$OBSERVER_INTERVAL_SECONDS" \
       CLV2_IS_WINDOWS="$IS_WINDOWS" \
+      CLV2_OBSERVER_PROMPT_PATTERN="$CLV2_OBSERVER_PROMPT_PATTERN" \
       "$OBSERVER_LOOP_SCRIPT" >> "$LOG_FILE" 2>&1 &
 
     # Wait for PID file
     sleep 2
 
+    # Check for confirmation-seeking output in the observer log
+    if tail -n +"$((start_line + 1))" "$LOG_FILE" 2>/dev/null | grep -E -i -q "$CLV2_OBSERVER_PROMPT_PATTERN"; then
+      echo "OBSERVER_ABORT: Confirmation or permission prompt detected in observer output. Failing closed."
+      stop_observer_if_running >/dev/null 2>&1 || true
+      write_guard_sentinel
+      exit 2
+    fi
+
     if [ -f "$PID_FILE" ]; then
       pid=$(cat "$PID_FILE")
       if kill -0 "$pid" 2>/dev/null; then
@@ -188,7 +234,7 @@ case "${1:-start}" in
     ;;
 
   *)
-    echo "Usage: $0 {start|stop|status}"
+    echo "Usage: $0 [start|stop|status] [--reset]"
     exit 1
     ;;
 esac

skills/continuous-learning-v2/hooks/observe.sh

@@ -33,6 +33,15 @@ resolve_python_cmd() {
     return 0
   fi
 
+  # FIX: Windows Git Bash — probe Python install paths directly because
+  # `command -v python` can hit the Microsoft Store alias instead.
+  for win_py in /c/Users/"$USER"/AppData/Local/Programs/Python/Python3*/python; do
+    if [ -x "$win_py" ]; then
+      printf '%s\n' "$win_py"
+      return 0
+    fi
+  done
+
   if command -v python3 >/dev/null 2>&1; then
     printf '%s\n' python3
     return 0
@@ -93,7 +102,13 @@ CONFIG_DIR="${HOME}/.claude/homunculus"
 OBSERVATIONS_FILE="${PROJECT_DIR}/observations.jsonl"
 MAX_FILE_SIZE_MB=10
 
-# Skip if disabled
+SENTINEL_FILE="${CLV2_OBSERVER_SENTINEL_FILE:-${PROJECT_ROOT:-$PROJECT_DIR}/.observer.lock}"
+
+write_guard_sentinel() {
+  printf '%s\n' 'observer paused: confirmation or permission prompt detected; rerun start-observer.sh --reset after reviewing observer.log' > "$SENTINEL_FILE"
+}
+
+# Skip if disabled globally
 if [ -f "$CONFIG_DIR/disabled" ]; then
   exit 0
 fi
@@ -146,6 +161,13 @@ if [ -n "$STDIN_CWD" ]; then
   done
 fi
 
+# Skip if a previous run already aborted due to confirmation/permission prompt.
+# This is the circuit-breaker — stops retrying after a non-interactive failure.
+if [ -f "$SENTINEL_FILE" ]; then
+  echo "[observe] Skipping: previous run aborted due to confirmation/permission prompt. Remove ${SENTINEL_FILE} to re-enable." >&2
+  exit 0
+fi
+
 # Auto-purge observation files older than 30 days (runs once per session)
 PURGE_MARKER="${PROJECT_DIR}/.last-purge"
 if [ ! -f "$PURGE_MARKER" ] || [ "$(find "$PURGE_MARKER" -mtime +1 2>/dev/null)" ]; then
@@ -238,46 +260,46 @@ if [ -f "$OBSERVATIONS_FILE" ]; then
   fi
 fi
 
-# Build and write observation (now includes project context)
-# Scrub common secret patterns from tool I/O before persisting
-timestamp=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
+# Detect confirmation/permission prompts in observer output and fail closed.
+# A non-interactive background observer must never ask for user confirmation.
+if echo "$PARSED" | grep -E -i -q "$CLV2_OBSERVER_PROMPT_PATTERN"; then
+  echo "[observe] OBSERVER_ABORT: Confirmation or permission prompt detected in observer output. This observer run is non-actionable." >&2
+  echo "[observe] Writing sentinel to suppress retries: ${SENTINEL_FILE}" >&2
+  write_guard_sentinel
+  exit 2
+fi
 
+# Build and write observation (now includes project context)
+timestamp=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
 export PROJECT_ID_ENV="$PROJECT_ID"
 export PROJECT_NAME_ENV="$PROJECT_NAME"
 export TIMESTAMP="$timestamp"
-
 echo "$PARSED" | "$PYTHON_CMD" -c '
 import json, sys, os, re
-
 parsed = json.load(sys.stdin)
 observation = {
-    "timestamp": os.environ["TIMESTAMP"],
-    "event": parsed["event"],
-    "tool": parsed["tool"],
-    "session": parsed["session"],
-    "project_id": os.environ.get("PROJECT_ID_ENV", "global"),
-    "project_name": os.environ.get("PROJECT_NAME_ENV", "global")
+  "timestamp": os.environ["TIMESTAMP"],
+  "event": parsed["event"],
+  "tool": parsed["tool"],
+  "session": parsed["session"],
+  "project_id": os.environ.get("PROJECT_ID_ENV", "global"),
+  "project_name": os.environ.get("PROJECT_NAME_ENV", "global")
 }
-
 # Scrub secrets: match common key=value, key: value, and key"value patterns
-# Includes optional auth scheme (e.g., "Bearer", "Basic") before token
 _SECRET_RE = re.compile(
-    r"(?i)(api[_-]?key|token|secret|password|authorization|credentials?|auth)"
-    r"""(["'"'"'\s:=]+)"""
-    r"([A-Za-z]+\s+)?"
-    r"([A-Za-z0-9_\-/.+=]{8,})"
+  r"(?i)(api[_-]?key|token|secret|password|authorization|credentials?|auth)"
+  r"""(["'"'"'\s:=]+)"""
+  r"([A-Za-z]+\s+)?"
+  r"([A-Za-z0-9_\-/.+=]{8,})"
 )
-
 def scrub(val):
-    if val is None:
-        return None
-    return _SECRET_RE.sub(lambda m: m.group(1) + m.group(2) + (m.group(3) or "") + "[REDACTED]", str(val))
-
+  if val is None:
+    return None
+  return _SECRET_RE.sub(lambda m: m.group(1) + m.group(2) + (m.group(3) or "") + "[REDACTED]", str(val))
 if parsed["input"]:
-    observation["input"] = scrub(parsed["input"])
+  observation["input"] = scrub(parsed["input"])
 if parsed["output"] is not None:
-    observation["output"] = scrub(parsed["output"])
-
+  observation["output"] = scrub(parsed["output"])
 print(json.dumps(observation))
 ' >> "$OBSERVATIONS_FILE"
 

skills/continuous-learning-v2/scripts/detect-project.sh

@@ -46,6 +46,9 @@ _CLV2_PYTHON_CMD="$(_clv2_resolve_python_cmd 2>/dev/null || true)"
 CLV2_PYTHON_CMD="$_CLV2_PYTHON_CMD"
 export CLV2_PYTHON_CMD
 
+CLV2_OBSERVER_PROMPT_PATTERN='Can you confirm|requires permission|Awaiting (user confirmation|confirmation|approval|permission)|confirm I should proceed|once granted access|grant.*access'
+export CLV2_OBSERVER_PROMPT_PATTERN
+
 _clv2_detect_project() {
   local project_root=""
   local project_name=""
@@ -216,3 +219,10 @@ PROJECT_ID="$_CLV2_PROJECT_ID"
 PROJECT_NAME="$_CLV2_PROJECT_NAME"
 PROJECT_ROOT="$_CLV2_PROJECT_ROOT"
 PROJECT_DIR="$_CLV2_PROJECT_DIR"
+
+if [ -n "$PROJECT_ROOT" ]; then
+  CLV2_OBSERVER_SENTINEL_FILE="${PROJECT_ROOT}/.observer.lock"
+else
+  CLV2_OBSERVER_SENTINEL_FILE="${PROJECT_DIR}/.observer.lock"
+fi
+export CLV2_OBSERVER_SENTINEL_FILE

tests/hooks/hooks.test.js

@@ -2304,6 +2304,22 @@ async function runTests() {
     passed++;
   else failed++;
 
+  if (
+    test('continuous-learning-v2 observer scripts share prompt guard config and start-observer supports reset', () => {
+      const observeSource = fs.readFileSync(path.join(__dirname, '..', '..', 'skills', 'continuous-learning-v2', 'hooks', 'observe.sh'), 'utf8');
+      const startObserverSource = fs.readFileSync(path.join(__dirname, '..', '..', 'skills', 'continuous-learning-v2', 'agents', 'start-observer.sh'), 'utf8');
+      const detectProjectSource = fs.readFileSync(path.join(__dirname, '..', '..', 'skills', 'continuous-learning-v2', 'scripts', 'detect-project.sh'), 'utf8');
+
+      assert.ok(detectProjectSource.includes('CLV2_OBSERVER_PROMPT_PATTERN='), 'detect-project.sh should export a shared observer prompt pattern');
+      assert.ok(observeSource.includes('CLV2_OBSERVER_PROMPT_PATTERN'), 'observe.sh should use the shared observer prompt pattern');
+      assert.ok(startObserverSource.includes('CLV2_OBSERVER_PROMPT_PATTERN'), 'start-observer.sh should use the shared observer prompt pattern');
+      assert.ok(startObserverSource.includes('--reset'), 'start-observer.sh should document or support an explicit reset flag');
+      assert.ok(!startObserverSource.includes('.observer.tmp.log'), 'start-observer.sh should not leave the observer writing to a temp log file');
+    })
+  )
+    passed++;
+  else failed++;
+
   if (await asyncTest('observe.sh falls back to legacy output fields when tool_response is null', async () => {
     const homeDir = createTestDir();
     const projectDir = createTestDir();
@@ -2341,6 +2357,63 @@ async function runTests() {
     }
   })) passed++; else failed++;
 
+  if (await asyncTest('observe.sh does not trip the observer lock for generic Awaiting output', async () => {
+    const homeDir = createTestDir();
+    const projectDir = createTestDir();
+    const observePath = path.join(__dirname, '..', '..', 'skills', 'continuous-learning-v2', 'hooks', 'observe.sh');
+    const payload = JSON.stringify({
+      tool_name: 'Bash',
+      tool_input: { command: 'echo waiting' },
+      tool_response: 'Awaiting build completion from CI',
+      session_id: 'session-awaiting-generic',
+      cwd: projectDir
+    });
+
+    try {
+      const result = await runShellScript(observePath, ['post'], payload, {
+        HOME: homeDir,
+        CLAUDE_PROJECT_DIR: projectDir
+      }, projectDir);
+
+      assert.strictEqual(result.code, 0, `observe.sh should not fail closed for generic Awaiting output, stderr: ${result.stderr}`);
+      assert.ok(!fs.existsSync(path.join(projectDir, '.observer.lock')), 'generic Awaiting output should not create the observer lock sentinel');
+    } finally {
+      cleanupTestDir(homeDir);
+      cleanupTestDir(projectDir);
+    }
+  })) passed++; else failed++;
+
+  if (await asyncTest('observe.sh writes a scrubbed sentinel when confirmation prompts are detected', async () => {
+    const homeDir = createTestDir();
+    const projectDir = createTestDir();
+    const observePath = path.join(__dirname, '..', '..', 'skills', 'continuous-learning-v2', 'hooks', 'observe.sh');
+    const payload = JSON.stringify({
+      tool_name: 'Bash',
+      tool_input: { command: 'echo guarded' },
+      tool_response: 'Awaiting user confirmation before proceeding. token=supersecretvalue123456',
+      session_id: 'session-awaiting-confirmation',
+      cwd: projectDir
+    });
+
+    try {
+      const result = await runShellScript(observePath, ['post'], payload, {
+        HOME: homeDir,
+        CLAUDE_PROJECT_DIR: projectDir
+      }, projectDir);
+
+      const sentinelPath = path.join(projectDir, '.observer.lock');
+      assert.strictEqual(result.code, 2, `observe.sh should fail closed when a confirmation prompt is detected, stderr: ${result.stderr}`);
+      assert.ok(fs.existsSync(sentinelPath), 'confirmation prompts should create the observer lock sentinel');
+
+      const sentinelContent = fs.readFileSync(sentinelPath, 'utf8');
+      assert.ok(/confirmation|permission/i.test(sentinelContent), 'sentinel should record the reason it was created');
+      assert.ok(!sentinelContent.includes('supersecretvalue123456'), 'sentinel should not persist raw secrets from observer output');
+    } finally {
+      cleanupTestDir(homeDir);
+      cleanupTestDir(projectDir);
+    }
+  })) passed++; else failed++;
+
   if (await asyncTest('matches .tsx extension for type checking', async () => {
     const testDir = createTestDir();
     const testFile = path.join(testDir, 'component.tsx');