{% if tier0_state.pending %}

Pending Block: A destructive command is waiting for Tier 0 approval. Run fw tier0 approve to allow it.

{% endif %} {% if tier0_state.approved %}

Active Approval: A one-time Tier 0 approval is active (not yet consumed).

{% endif %}

Enforcement Tiers

{% for t in tiers %}

{{ t.tier }} {{ t.name }} {% if t.status == 'active' %} Active {% elif t.status == 'partial' %} Partial {% elif t.status == 'spec only' %} Spec Only {% else %} Off {% endif %}

Mechanism:: {{ t.mechanism }}
Bypass:: {{ t.bypass }}

{% endfor %}

Hook Configuration

Tier 0 — Bash guard

Tier 1 — Task-first gate

Checkpoint — Context budget

Git commit-msg — Task ref

Git post-commit — Bypass detect

Git pre-push — Audit gate

Approval & Bypass Log

{% if all_bypasses %} {% for b in all_bypasses %} {% endfor %}

Timestamp	Tier	Action / Risk	Authorized By	Mechanism
{{ b.timestamp \| default('?') }}	T{{ b.tier \| default('?') }}	{{ b.risk \| default(b.action \| default('?')) }}	{{ b.authorized_by \| default('?') }}	{{ b.mechanism \| default(b.reason \| default('?')) }}

{% else %}

No bypass or approval entries logged yet. Entries appear when Tier 0 commands are approved or git hooks are bypassed with --no-verify.

{% endif %}

Tier 0 Protected Patterns

Category	Patterns
Git	`push --force`, `reset --hard`, `clean -f`, `branch -D`, `checkout/restore .`
File System	Recursive delete of `/`, `~`, `.`, `*`
Database	`DROP TABLE/DATABASE`, `TRUNCATE TABLE`
Infrastructure	`docker system prune`, `kubectl delete namespace`

{{ page_title }}

Enforcement Tiers

Hook Configuration

Approval & Bypass Log