Phase 4: Isolate subagent hooks by repo

[magicpro97]

Overview

This PR ships phase 4 of the dispatched-subagent guard rollout by isolating hook enforcement at the repository level instead of sharing one global block across unrelated repos.

The runtime marker now stores per-entry objects with name, ts, and git_root, and both enforcement surfaces accept old and new marker formats during migration. This removes the cross-repo false positive from phase 3 while keeping the same-repo multi-orchestrator case explicitly serialized and documented.

Changes Made

• Added repo-scoped marker entries and legacy-upgrade handling in tentacle.py
• Updated check_subagent_marker.py and subagent_guard.py to evaluate per-entry relevance with repo matching and conservative fallback behavior
• Added rollout messaging in auto-update-tools.py and install.py so users re-install per-repo git hooks after updates
• Updated README, HOOKS, USAGE, and the tentacle-orchestration skill to document migration behavior and known limitations
• Expanded runtime and hook regression coverage for cross-repo isolation, legacy absorption, and fail-conservative repo matching

Modified files

• README.md
• auto-update-tools.py
• docs/HOOKS.md
• docs/USAGE.md
• hooks/check_subagent_marker.py
• hooks/rules/subagent_guard.py
• install.py
• skills/tentacle-orchestration/SKILL.md
• tentacle.py
• test_hooks.py
• test_tentacle_runtime.py

Diff Summary

11 files changed, 1769 insertions(+), 109 deletions(-)

Validation

• python3 -m pytest test_tentacle_runtime.py -q → 206 passed
• python3 test_hooks.py → 379 passed
• Final code review verdict: CLEAN

Known limitation

• Same-repo multi-orchestrator is still not supported. This PR only fixes cross-repo false positives.

[Copilot]

Pull request overview

This PR implements phase 4 of the dispatched-subagent guard rollout by scoping subagent marker enforcement to the current git repository (via git_root) to eliminate cross-repo false positives while retaining backward compatibility with legacy marker formats.

Changes:

• Update the dispatched-subagent marker format to store per-entry objects ({name, ts, git_root}) and include a top-level git_root, with legacy-format normalization on write/clear.
• Update git-hook and preToolUse enforcement to evaluate marker relevance by repo match (and conservatively block when repo identity can’t be determined).
• Expand documentation and regression tests to cover cross-repo isolation, dual-format migration, and conservative fallback behavior.

Reviewed changes

Copilot reviewed 11 out of 11 changed files in this pull request and generated 3 comments.

Show a summary per file

File	Description
tentacle.py	Writes/clears repo-scoped marker entries and exposes enriched marker state for JSON consumers.
hooks/check_subagent_marker.py	Adds repo-scope evaluation and dual-format parsing for the primary git-hook enforcement path.
hooks/rules/subagent_guard.py	Adds repo-scope evaluation and dual-format parsing for the defense-in-depth preToolUse guard.
test_tentacle_runtime.py	Updates existing assertions for the new marker entry shape and adds extensive new-format/compat/isolation tests.
test_hooks.py	Adds end-to-end hook regression tests for dual-format markers, repo-scope behavior, and conservative fallbacks.
docs/HOOKS.md	Documents new marker schema, repo-scope enforcement semantics, migration behavior, and limitations.
docs/USAGE.md	Updates user-facing guidance for cross-repo isolation and migration behavior.
README.md	Updates high-level documentation to reflect repo-scoped blocking and migration notes.
skills/tentacle-orchestration/SKILL.md	Updates skill guidance to explain repo-scoped enforcement and migration/limitations.
auto-update-tools.py	Adds warnings prompting users to reinstall per-repo hooks after hook changes.
install.py	Adds post-install messaging reminding users to rerun --install-git-hooks after auto-update.