#11966: feat: Add Contact Guard extension with hooks for contact state management

## Summary This PR adds the contact-guard extension which provides hook points for contact state management and project authorization to prevent data leaks across sessions. ## Changes ### 1. New Extension: contact-guard (`extensions/contact-guard/`) Provides three key hooks: #### Auto-inject contact state on session start (`before_agent_start`) - Loads contact info from `memory/contacts/<phone>.md` - Injects into system context with authorized projects list - Helps maintain context continuity after truncation #### Scan outgoing messages for project leaks (`message_sending`) - Checks for unauthorized project keywords before message delivery - Configurable actions: `warn` (log only), `block` (cancel send), `redact` (remove keywords) - Uses project registry for authorization rules #### Preserve contact context during compaction (`before_compaction`/`after_compaction`) - Clears caches after compaction - Context is automatically re-injected on next agent start ### 2. Wire up `message_sending` hook in outbound delivery Added hook trigger in `src/infra/outbound/deliver.ts` so plugins can: - Inspect outgoing message content - Modify the content before sending - Cancel the message entirely ## Configuration ```json { "plugins": { "contact-guard": { "contactStateDir": "memory/contacts", "projectRegistry": "projects/registry.json", "ownerPhones": ["+1234567890"], "enableAutoInject": true, "enableLeakDetection": true, "enableCompactionPreserve": true, "leakAction": "warn" } } } ``` ## Files - `extensions/contact-guard/index.ts` - Main extension with all hooks - `extensions/contact-guard/src/contact-state.ts` - Contact state file parsing - `extensions/contact-guard/src/project-auth.ts` - Project authorization logic - `extensions/contact-guard/clawdbot.plugin.json` - Plugin configuration schema - `extensions/contact-guard/README.md` - Full documentation - `src/infra/outbound/deliver.ts` - Added message_sending hook trigger ## Testing The extension can be enabled by adding `contact-guard` to your plugins configuration. Use the CLI command to test: ```bash clawdbot contact-guard check +2348151259975 ``` ## Related This addresses the need for contact-aware session handling to prevent accidental project information leaks when context is truncated or when talking to multiple contacts. <!-- greptile_comment --> <h2>Greptile Overview</h2> <h3>Greptile Summary</h3> This PR introduces a new `contact-guard` extension that: - Injects contact context at `before_agent_start` based on per-contact markdown files. - Adds a `message_sending` hook implementation to detect/optionally block or redact unauthorized project mentions using a JSON project registry. - Clears internal caches on compaction hooks. It also wires the core outbound delivery path (`src/infra/outbound/deliver.ts`) to invoke the global `message_sending` hook runner so plugins can cancel or modify outgoing message content before it is sent. <h3>Confidence Score: 2/5</h3> - This PR is not safe to merge as-is due to mis-resolved paths and silent hook failure behavior that can disable the intended leak protection. - Score reduced because (1) the extension resolves files relative to the state dir instead of the workspace, so key features likely won’t run in real deployments, (2) outbound hook failures are swallowed silently, and (3) leak detection logs can themselves disclose the sensitive keywords/projects being protected. - extensions/contact-guard/index.ts, src/infra/outbound/deliver.ts, extensions/contact-guard/package.json <!-- greptile_other_comments_section --> <!-- /greptile_comment -->