fix: harden observer prompt guard handling

skills/continuous-learning-v2/agents/start-observer.sh

@@ -8,9 +8,10 @@
 #       project-specific observations into project-scoped instincts.
 #
 # Usage:
-#   start-observer.sh        # Start observer for current project (or global)
+#   start-observer.sh              # Start observer for current project (or global)
-#   start-observer.sh stop   # Stop running observer
+#   start-observer.sh --reset      # Clear lock and restart observer for current project
-#   start-observer.sh status # Check if observer is running
+#   start-observer.sh stop         # Stop running observer
+#   start-observer.sh status       # Check if observer is running
 
 set -e
 
@@ -41,6 +42,31 @@ PID_FILE="${PROJECT_DIR}/.observer.pid"
 LOG_FILE="${PROJECT_DIR}/observer.log"
 OBSERVATIONS_FILE="${PROJECT_DIR}/observations.jsonl"
 INSTINCTS_DIR="${PROJECT_DIR}/instincts/personal"
+SENTINEL_FILE="${CLV2_OBSERVER_SENTINEL_FILE:-${PROJECT_ROOT:-$PROJECT_DIR}/.observer.lock}"
+
+write_guard_sentinel() {
+  printf '%s\n' 'observer paused: confirmation or permission prompt detected; rerun start-observer.sh --reset after reviewing observer.log' > "$SENTINEL_FILE"
+}
+
+stop_observer_if_running() {
+  if [ -f "$PID_FILE" ]; then
+    pid=$(cat "$PID_FILE")
+    if kill -0 "$pid" 2>/dev/null; then
+      echo "Stopping observer for ${PROJECT_NAME} (PID: $pid)..."
+      kill "$pid"
+      rm -f "$PID_FILE"
+      echo "Observer stopped."
+      return 0
+    fi
+
+    echo "Observer not running (stale PID file)."
+    rm -f "$PID_FILE"
+    return 1
+  fi
+
+  echo "Observer not running."
+  return 1
+}
 
 # Read config values from config.json
 OBSERVER_INTERVAL_MINUTES=5
@@ -87,22 +113,31 @@ case "$UNAME_LOWER" in
   *mingw*|*msys*|*cygwin*) IS_WINDOWS=true ;;
 esac
 
-case "${1:-start}" in
+ACTION="start"
+RESET_OBSERVER=false
+
+for arg in "$@"; do
+  case "$arg" in
+    start|stop|status)
+      ACTION="$arg"
+      ;;
+    --reset)
+      RESET_OBSERVER=true
+      ;;
+    *)
+      echo "Usage: $0 [start|stop|status] [--reset]"
+      exit 1
+      ;;
+  esac
+done
+
+if [ "$RESET_OBSERVER" = "true" ]; then
+  rm -f "$SENTINEL_FILE"
+fi
+
+case "$ACTION" in
   stop)
-    if [ -f "$PID_FILE" ]; then
+    stop_observer_if_running || true
-      pid=$(cat "$PID_FILE")
-      if kill -0 "$pid" 2>/dev/null; then
-        echo "Stopping observer for ${PROJECT_NAME} (PID: $pid)..."
-        kill "$pid"
-        rm -f "$PID_FILE"
-        echo "Observer stopped."
-      else
-        echo "Observer not running (stale PID file)."
-        rm -f "$PID_FILE"
-      fi
-    else
-      echo "Observer not running."
-    fi
     exit 0
     ;;
 
@@ -153,9 +188,10 @@ case "${1:-start}" in
       exit 1
     fi
 
-    # Add strict non-interactive instruction to system prompt (if prompt file or env is used, update there as well)
+    mkdir -p "$PROJECT_DIR"
-    # If observer output contains confirmation-seeking language, fail closed
+    touch "$LOG_FILE"
-    OBSERVER_LOG_TMP="${PROJECT_DIR}/.observer.tmp.log"
+    start_line=$(wc -l < "$LOG_FILE" 2>/dev/null || echo 0)
+
     nohup env \
       CONFIG_DIR="$CONFIG_DIR" \
       PID_FILE="$PID_FILE" \
@@ -168,16 +204,17 @@ case "${1:-start}" in
       MIN_OBSERVATIONS="$MIN_OBSERVATIONS" \
       OBSERVER_INTERVAL_SECONDS="$OBSERVER_INTERVAL_SECONDS" \
       CLV2_IS_WINDOWS="$IS_WINDOWS" \
-      "$OBSERVER_LOOP_SCRIPT" > "$OBSERVER_LOG_TMP" 2>&1 &
+      CLV2_OBSERVER_PROMPT_PATTERN="$CLV2_OBSERVER_PROMPT_PATTERN" \
+      "$OBSERVER_LOOP_SCRIPT" >> "$LOG_FILE" 2>&1 &
 
     # Wait for PID file
     sleep 2
 
     # Check for confirmation-seeking output in the observer log
-    if grep -E -i -q "Can you confirm|requires permission|Awaiting|confirm I should proceed" "$OBSERVER_LOG_TMP"; then
+    if tail -n +"$((start_line + 1))" "$LOG_FILE" 2>/dev/null | grep -E -i -q "$CLV2_OBSERVER_PROMPT_PATTERN"; then
       echo "OBSERVER_ABORT: Confirmation or permission prompt detected in observer output. Failing closed."
-      cat "$OBSERVER_LOG_TMP" >> "$LOG_FILE"
+      stop_observer_if_running >/dev/null 2>&1 || true
-      rm -f "$OBSERVER_LOG_TMP"
+      write_guard_sentinel
       exit 2
     fi
 
@@ -197,7 +234,7 @@ case "${1:-start}" in
     ;;
 
   *)
-    echo "Usage: $0 {start|stop|status}"
+    echo "Usage: $0 [start|stop|status] [--reset]"
     exit 1
     ;;
 esac

skills/continuous-learning-v2/hooks/observe.sh

@@ -33,12 +33,9 @@ resolve_python_cmd() {
     return 0
   fi
 
-  # FIX: Windows Git Bash — check known Python install paths directly
+  # FIX: Windows Git Bash — probe Python install paths directly because
-  # because `command -v python` triggers the Microsoft Store alias instead
+  # `command -v python` can hit the Microsoft Store alias instead.
-  for win_py in \
+  for win_py in /c/Users/"$USER"/AppData/Local/Programs/Python/Python3*/python; do
-    "/c/Users/$USER/AppData/Local/Programs/Python/Python311/python" \
-    "/c/Users/$USER/AppData/Local/Programs/Python/Python312/python" \
-    "/c/Users/$USER/AppData/Local/Programs/Python/Python310/python"; do
     if [ -x "$win_py" ]; then
       printf '%s\n' "$win_py"
       return 0
@@ -105,9 +102,11 @@ CONFIG_DIR="${HOME}/.claude/homunculus"
 OBSERVATIONS_FILE="${PROJECT_DIR}/observations.jsonl"
 MAX_FILE_SIZE_MB=10
 
-# FIX: SENTINEL_FILE must be defined AFTER PROJECT_DIR is set by detect-project.sh
+SENTINEL_FILE="${CLV2_OBSERVER_SENTINEL_FILE:-${PROJECT_ROOT:-$PROJECT_DIR}/.observer.lock}"
-# Previously it was defined at the top before PROJECT_DIR existed, making it empty/broken
+
-SENTINEL_FILE="${PROJECT_DIR}/.observer.lock"
+write_guard_sentinel() {
+  printf '%s\n' 'observer paused: confirmation or permission prompt detected; rerun start-observer.sh --reset after reviewing observer.log' > "$SENTINEL_FILE"
+}
 
 # Skip if disabled globally
 if [ -f "$CONFIG_DIR/disabled" ]; then
@@ -213,13 +212,12 @@ if [ -f "$OBSERVATIONS_FILE" ]; then
   fi
 fi
 
-# FIX: Detect confirmation/permission prompts in observer output and fail closed.
+# Detect confirmation/permission prompts in observer output and fail closed.
 # A non-interactive background observer must never ask for user confirmation.
-# If detected: log once, write sentinel to suppress all future retries, exit non-zero.
+if echo "$PARSED" | grep -E -i -q "$CLV2_OBSERVER_PROMPT_PATTERN"; then
-if echo "$PARSED" | grep -E -i -q "Can you confirm|requires permission|Awaiting|confirm I should proceed|once granted access|grant.*access"; then
   echo "[observe] OBSERVER_ABORT: Confirmation or permission prompt detected in observer output. This observer run is non-actionable." >&2
   echo "[observe] Writing sentinel to suppress retries: ${SENTINEL_FILE}" >&2
-  echo "$PARSED" > "$SENTINEL_FILE"
+  write_guard_sentinel
   exit 2
 fi
 

skills/continuous-learning-v2/scripts/detect-project.sh

@@ -46,6 +46,9 @@ _CLV2_PYTHON_CMD="$(_clv2_resolve_python_cmd 2>/dev/null || true)"
 CLV2_PYTHON_CMD="$_CLV2_PYTHON_CMD"
 export CLV2_PYTHON_CMD
 
+CLV2_OBSERVER_PROMPT_PATTERN='Can you confirm|requires permission|Awaiting (user confirmation|confirmation|approval|permission)|confirm I should proceed|once granted access|grant.*access'
+export CLV2_OBSERVER_PROMPT_PATTERN
+
 _clv2_detect_project() {
   local project_root=""
   local project_name=""
@@ -216,3 +219,10 @@ PROJECT_ID="$_CLV2_PROJECT_ID"
 PROJECT_NAME="$_CLV2_PROJECT_NAME"
 PROJECT_ROOT="$_CLV2_PROJECT_ROOT"
 PROJECT_DIR="$_CLV2_PROJECT_DIR"
+
+if [ -n "$PROJECT_ROOT" ]; then
+  CLV2_OBSERVER_SENTINEL_FILE="${PROJECT_ROOT}/.observer.lock"
+else
+  CLV2_OBSERVER_SENTINEL_FILE="${PROJECT_DIR}/.observer.lock"
+fi
+export CLV2_OBSERVER_SENTINEL_FILE

tests/hooks/hooks.test.js

@@ -2211,6 +2211,22 @@ async function runTests() {
     passed++;
   else failed++;
 
+  if (
+    test('continuous-learning-v2 observer scripts share prompt guard config and start-observer supports reset', () => {
+      const observeSource = fs.readFileSync(path.join(__dirname, '..', '..', 'skills', 'continuous-learning-v2', 'hooks', 'observe.sh'), 'utf8');
+      const startObserverSource = fs.readFileSync(path.join(__dirname, '..', '..', 'skills', 'continuous-learning-v2', 'agents', 'start-observer.sh'), 'utf8');
+      const detectProjectSource = fs.readFileSync(path.join(__dirname, '..', '..', 'skills', 'continuous-learning-v2', 'scripts', 'detect-project.sh'), 'utf8');
+
+      assert.ok(detectProjectSource.includes('CLV2_OBSERVER_PROMPT_PATTERN='), 'detect-project.sh should export a shared observer prompt pattern');
+      assert.ok(observeSource.includes('CLV2_OBSERVER_PROMPT_PATTERN'), 'observe.sh should use the shared observer prompt pattern');
+      assert.ok(startObserverSource.includes('CLV2_OBSERVER_PROMPT_PATTERN'), 'start-observer.sh should use the shared observer prompt pattern');
+      assert.ok(startObserverSource.includes('--reset'), 'start-observer.sh should document or support an explicit reset flag');
+      assert.ok(!startObserverSource.includes('.observer.tmp.log'), 'start-observer.sh should not leave the observer writing to a temp log file');
+    })
+  )
+    passed++;
+  else failed++;
+
   if (await asyncTest('observe.sh falls back to legacy output fields when tool_response is null', async () => {
     const homeDir = createTestDir();
     const projectDir = createTestDir();
@@ -2248,6 +2264,63 @@ async function runTests() {
     }
   })) passed++; else failed++;
 
+  if (await asyncTest('observe.sh does not trip the observer lock for generic Awaiting output', async () => {
+    const homeDir = createTestDir();
+    const projectDir = createTestDir();
+    const observePath = path.join(__dirname, '..', '..', 'skills', 'continuous-learning-v2', 'hooks', 'observe.sh');
+    const payload = JSON.stringify({
+      tool_name: 'Bash',
+      tool_input: { command: 'echo waiting' },
+      tool_response: 'Awaiting build completion from CI',
+      session_id: 'session-awaiting-generic',
+      cwd: projectDir
+    });
+
+    try {
+      const result = await runShellScript(observePath, ['post'], payload, {
+        HOME: homeDir,
+        CLAUDE_PROJECT_DIR: projectDir
+      }, projectDir);
+
+      assert.strictEqual(result.code, 0, `observe.sh should not fail closed for generic Awaiting output, stderr: ${result.stderr}`);
+      assert.ok(!fs.existsSync(path.join(projectDir, '.observer.lock')), 'generic Awaiting output should not create the observer lock sentinel');
+    } finally {
+      cleanupTestDir(homeDir);
+      cleanupTestDir(projectDir);
+    }
+  })) passed++; else failed++;
+
+  if (await asyncTest('observe.sh writes a scrubbed sentinel when confirmation prompts are detected', async () => {
+    const homeDir = createTestDir();
+    const projectDir = createTestDir();
+    const observePath = path.join(__dirname, '..', '..', 'skills', 'continuous-learning-v2', 'hooks', 'observe.sh');
+    const payload = JSON.stringify({
+      tool_name: 'Bash',
+      tool_input: { command: 'echo guarded' },
+      tool_response: 'Awaiting user confirmation before proceeding. token=supersecretvalue123456',
+      session_id: 'session-awaiting-confirmation',
+      cwd: projectDir
+    });
+
+    try {
+      const result = await runShellScript(observePath, ['post'], payload, {
+        HOME: homeDir,
+        CLAUDE_PROJECT_DIR: projectDir
+      }, projectDir);
+
+      const sentinelPath = path.join(projectDir, '.observer.lock');
+      assert.strictEqual(result.code, 2, `observe.sh should fail closed when a confirmation prompt is detected, stderr: ${result.stderr}`);
+      assert.ok(fs.existsSync(sentinelPath), 'confirmation prompts should create the observer lock sentinel');
+
+      const sentinelContent = fs.readFileSync(sentinelPath, 'utf8');
+      assert.ok(/confirmation|permission/i.test(sentinelContent), 'sentinel should record the reason it was created');
+      assert.ok(!sentinelContent.includes('supersecretvalue123456'), 'sentinel should not persist raw secrets from observer output');
+    } finally {
+      cleanupTestDir(homeDir);
+      cleanupTestDir(projectDir);
+    }
+  })) passed++; else failed++;
+
   if (await asyncTest('matches .tsx extension for type checking', async () => {
     const testDir = createTestDir();
     const testFile = path.join(testDir, 'component.tsx');