Problem
Issues #1103/1104/1105 fixed bugs in settings templates (plugins/templates/settings.local.json and related). During implementation, the Issue #557 settings-during-pipeline guard fired and blocked the write — because the guard protects settings files from being modified mid-pipeline without realizing the templates ARE the work product in this case.
The user approved .claude/.bypass per the hook-deadlock protocol. The bypass was used only for the implementer dispatch and removed immediately after. CIA confirmed cleanup.
However, this is the precise class of case that self-maintenance mode was designed to handle: when autonomous-dev is working on its own infrastructure. The current self-maintenance mode only relaxes state-deletion (#803). It does not relax the settings guard (#557).
Impact
- Required a universal
.claude/.bypass (disables ALL hooks) instead of a targeted relaxation
- Universal bypass removes test/security/doc-master gates during that window
- Pattern will recur for any issue that touches settings templates
Suggested Fix
Extend self-maintenance mode to also relax the #557 settings guard when the file being written is under plugins/autonomous-dev/ or plugins/templates/ (i.e., it's a template, not a live settings file).
Detection: self-maintenance mode is already detected via plugins/autonomous-dev/.claude-plugin/marketplace.json presence. Add to the self-maintenance relaxation logic:
- Allow writes to
plugins/*/settings*.json (templates)
- Continue blocking writes to
.claude/settings*.json (live config)
This preserves dogfooding for the actual enforcement path while unblocking legitimate template changes.
Relevant files:
Plugin Version: 3.50.0 (f6f264c)
Filed automatically by continuous-improvement-analyst
Problem
Issues #1103/1104/1105 fixed bugs in settings templates (
plugins/templates/settings.local.jsonand related). During implementation, the Issue #557 settings-during-pipeline guard fired and blocked the write — because the guard protects settings files from being modified mid-pipeline without realizing the templates ARE the work product in this case.The user approved
.claude/.bypassper the hook-deadlock protocol. The bypass was used only for the implementer dispatch and removed immediately after. CIA confirmed cleanup.However, this is the precise class of case that self-maintenance mode was designed to handle: when autonomous-dev is working on its own infrastructure. The current self-maintenance mode only relaxes state-deletion (#803). It does not relax the settings guard (#557).
Impact
.claude/.bypass(disables ALL hooks) instead of a targeted relaxationSuggested Fix
Extend self-maintenance mode to also relax the #557 settings guard when the file being written is under
plugins/autonomous-dev/orplugins/templates/(i.e., it's a template, not a live settings file).Detection: self-maintenance mode is already detected via
plugins/autonomous-dev/.claude-plugin/marketplace.jsonpresence. Add to the self-maintenance relaxation logic:plugins/*/settings*.json(templates).claude/settings*.json(live config)This preserves dogfooding for the actual enforcement path while unblocking legitimate template changes.
Relevant files:
plugins/autonomous-dev/hooks/unified_pre_tool.py— Harden agent identity: CLAUDE_AGENT_NAME is trivially spoofable #557 guard implementationplugins/autonomous-dev/hooks/unified_pre_tool.py— self-maintenance mode detectionPlugin Version: 3.50.0 (f6f264c)
Filed automatically by continuous-improvement-analyst