From 90debb8e97fd564024012ef8b2ff12b4a6870cc1 Mon Sep 17 00:00:00 2001
From: YeonGyu-Kim <code.yeon.gyu@gmail.com>
Date: Fri, 9 Jan 2026 00:41:45 +0900
Subject: [PATCH] Revert "feat(prometheus-md-only): allow .md files anywhere,
 only block code files"

This reverts commit c600111597591e1862696ee0b92051e587aa1a6b.
---
 src/hooks/prometheus-md-only/index.test.ts |  4 ++--
 src/hooks/prometheus-md-only/index.ts      | 14 ++++++++------
 2 files changed, 10 insertions(+), 8 deletions(-)

diff --git a/src/hooks/prometheus-md-only/index.test.ts b/src/hooks/prometheus-md-only/index.test.ts
index f5337d9c7..28ae3261b 100644
--- a/src/hooks/prometheus-md-only/index.test.ts
+++ b/src/hooks/prometheus-md-only/index.test.ts
@@ -79,7 +79,7 @@ describe("prometheus-md-only", () => {
       ).resolves.toBeUndefined()
     })
 
-    test("should allow Prometheus to write .md files anywhere", async () => {
+    test("should block Prometheus from writing .md files outside .sisyphus/", async () => {
       // #given
       const hook = createPrometheusMdOnlyHook(createMockPluginInput())
       const input = {
@@ -94,7 +94,7 @@ describe("prometheus-md-only", () => {
       // #when / #then
       await expect(
         hook["tool.execute.before"](input, output)
-      ).resolves.toBeUndefined()
+      ).rejects.toThrow("can only write/edit .md files inside .sisyphus/")
     })
 
     test("should block Edit tool for non-.md files", async () => {
diff --git a/src/hooks/prometheus-md-only/index.ts b/src/hooks/prometheus-md-only/index.ts
index 4db25b5f9..b0d9c45cc 100644
--- a/src/hooks/prometheus-md-only/index.ts
+++ b/src/hooks/prometheus-md-only/index.ts
@@ -1,14 +1,16 @@
 import type { PluginInput } from "@opencode-ai/plugin"
 import { existsSync, readdirSync } from "node:fs"
 import { join } from "node:path"
-import { HOOK_NAME, PROMETHEUS_AGENTS, ALLOWED_EXTENSIONS, BLOCKED_TOOLS, PLANNING_CONSULT_WARNING } from "./constants"
+import { HOOK_NAME, PROMETHEUS_AGENTS, ALLOWED_EXTENSIONS, ALLOWED_PATH_PREFIX, BLOCKED_TOOLS, PLANNING_CONSULT_WARNING } from "./constants"
 import { findNearestMessageWithFields, MESSAGE_STORAGE } from "../../features/hook-message-injector"
 import { log } from "../../shared/logger"
 
 export * from "./constants"
 
 function isAllowedFile(filePath: string): boolean {
-  return ALLOWED_EXTENSIONS.some(ext => filePath.endsWith(ext))
+  const hasAllowedExtension = ALLOWED_EXTENSIONS.some(ext => filePath.endsWith(ext))
+  const isInAllowedPath = filePath.includes(ALLOWED_PATH_PREFIX)
+  return hasAllowedExtension && isInAllowedPath
 }
 
 function getMessageDir(sessionID: string): string | null {
@@ -71,20 +73,20 @@ export function createPrometheusMdOnlyHook(_ctx: PluginInput) {
       }
 
       if (!isAllowedFile(filePath)) {
-        log(`[${HOOK_NAME}] Blocked: Prometheus can only write *.md files`, {
+        log(`[${HOOK_NAME}] Blocked: Prometheus can only write to .sisyphus/*.md`, {
           sessionID: input.sessionID,
           tool: toolName,
           filePath,
           agent: agentName,
         })
         throw new Error(
-          `[${HOOK_NAME}] Prometheus (Planner) can only write/edit .md files. ` +
+          `[${HOOK_NAME}] Prometheus (Planner) can only write/edit .md files inside .sisyphus/ directory. ` +
           `Attempted to modify: ${filePath}. ` +
-          `Prometheus is a READ-ONLY planner for code. Use /start-work to execute the plan.`
+          `Prometheus is a READ-ONLY planner. Use /start-work to execute the plan.`
         )
       }
 
-      log(`[${HOOK_NAME}] Allowed: *.md write permitted`, {
+      log(`[${HOOK_NAME}] Allowed: .sisyphus/*.md write permitted`, {
         sessionID: input.sessionID,
         tool: toolName,
         filePath,