NVIDIA · coryrylan · Jun 24, 2026 · coderabbitai · Jun 24, 2026
diff --git a/.agents/hooks/pre-tool-use-bash.sh b/.agents/hooks/pre-tool-use-bash.sh
@@ -7,11 +7,25 @@ source "$HOOK_DIR/lib/project-root.sh"
 COMMAND=$(hook_command_from_input "$INPUT" || true)
 GIT_PREFIX='(^|[;&|][[:space:]]*)git([[:space:]]+(-C[[:space:]]+[^[:space:];&|]+|--no-pager|-c[[:space:]]+[^[:space:];&|]+|--work-tree(=|[[:space:]]+)[^[:space:];&|]+))*[[:space:]]+'
 
+if [[ -z "${NVE_AGENT:-}" && -n "${CURSOR_AGENT+x}" && -z "${CURSOR_SANDBOX+x}" ]]; then
+  export NVE_AGENT="cursor-cloud-agent"
+fi
+
 # Exit early if not a git command
 if [[ -z "$COMMAND" ]] || ! echo "$COMMAND" | grep -qE '(^|[;&|][[:space:]]*)git([[:space:]]|$)'; then
   exit 0
 fi
 
+warn() {
+  echo "WARNING: Destructive git operation detected." >&2
+  echo "  Command: $COMMAND" >&2
+  echo "  Reason: $1." >&2
+  echo "" >&2
+  echo "Per AGENTS.md policy, destructive git operations require explicit user confirmation on user machines." >&2
+  echo "In isolated VM environments, this hook is warning instead of blocking." >&2
+  exit 0
+}
+
 block() {
   echo "BLOCKED: Destructive git operation detected." >&2
   echo "  Command: $COMMAND" >&2
@@ -22,19 +36,27 @@ block() {
   exit 2
 }
 
-echo "$COMMAND" | grep -qF "reset --hard"   && block "git reset --hard discards all uncommitted changes irreversibly"
-echo "$COMMAND" | grep -qF "push --force"    && block "git push --force can overwrite remote history and destroy teammates' work"
-echo "$COMMAND" | grep -qF "push -f"         && block "git push -f can overwrite remote history and destroy teammates' work"
-echo "$COMMAND" | grep -qF "clean -f"        && block "git clean -f permanently deletes untracked files"
-echo "$COMMAND" | grep -qF "checkout -- ."   && block "git checkout -- . discards all unstaged changes irreversibly"
-echo "$COMMAND" | grep -qF "branch -D"       && block "git branch -D force-deletes a branch without merge checks"
-
-echo "$COMMAND" | grep -qE "${GIT_PREFIX}(add|stage)([[:space:]]|$)" && block "git add/stage modifies the index"
-echo "$COMMAND" | grep -qE "${GIT_PREFIX}restore([[:space:]][^;&|]*)?[[:space:]]--staged([[:space:]]|$)" && block "git restore --staged removes files from the index"
-echo "$COMMAND" | grep -qE "${GIT_PREFIX}reset([[:space:]]|$)" && block "git reset modifies the index or moves HEAD"
-echo "$COMMAND" | grep -qE "${GIT_PREFIX}rm([[:space:]][^;&|]*)?[[:space:]]--cached([[:space:]]|$)" && block "git rm --cached removes files from the index"
-echo "$COMMAND" | grep -qE "${GIT_PREFIX}rm([[:space:]]|$)" && block "git rm stages file removals"
-echo "$COMMAND" | grep -qE "${GIT_PREFIX}mv([[:space:]]|$)" && block "git mv stages file renames"
-echo "$COMMAND" | grep -qE "${GIT_PREFIX}update-index([[:space:]]|$)" && block "git update-index modifies the index"
+handle_blocked_operation() {
+  if [[ "${NVE_AGENT:-}" == *cloud* ]]; then
+    warn "$1"
+  fi
+
+  block "$1"
+}
+
+echo "$COMMAND" | grep -qF "reset --hard"   && handle_blocked_operation "git reset --hard discards all uncommitted changes irreversibly"
+echo "$COMMAND" | grep -qF "push --force"    && handle_blocked_operation "git push --force can overwrite remote history and destroy teammates' work"
+echo "$COMMAND" | grep -qF "push -f"         && handle_blocked_operation "git push -f can overwrite remote history and destroy teammates' work"
+echo "$COMMAND" | grep -qF "clean -f"        && handle_blocked_operation "git clean -f permanently deletes untracked files"
+echo "$COMMAND" | grep -qF "checkout -- ."   && handle_blocked_operation "git checkout -- . discards all unstaged changes irreversibly"
+echo "$COMMAND" | grep -qF "branch -D"       && handle_blocked_operation "git branch -D force-deletes a branch without merge checks"
+
+echo "$COMMAND" | grep -qE "${GIT_PREFIX}(add|stage)([[:space:]]|$)" && handle_blocked_operation "git add/stage modifies the index"
+echo "$COMMAND" | grep -qE "${GIT_PREFIX}restore([[:space:]][^;&|]*)?[[:space:]]--staged([[:space:]]|$)" && handle_blocked_operation "git restore --staged removes files from the index"
+echo "$COMMAND" | grep -qE "${GIT_PREFIX}reset([[:space:]]|$)" && handle_blocked_operation "git reset modifies the index or moves HEAD"
+echo "$COMMAND" | grep -qE "${GIT_PREFIX}rm([[:space:]][^;&|]*)?[[:space:]]--cached([[:space:]]|$)" && handle_blocked_operation "git rm --cached removes files from the index"
+echo "$COMMAND" | grep -qE "${GIT_PREFIX}rm([[:space:]]|$)" && handle_blocked_operation "git rm stages file removals"
+echo "$COMMAND" | grep -qE "${GIT_PREFIX}mv([[:space:]]|$)" && handle_blocked_operation "git mv stages file renames"
+echo "$COMMAND" | grep -qE "${GIT_PREFIX}update-index([[:space:]]|$)" && handle_blocked_operation "git update-index modifies the index"
 
 exit 0
diff --git a/.agents/skills/availability-report/SKILL.md b/.agents/skills/availability-report/SKILL.md
@@ -0,0 +1,71 @@
+---
+name: availability-report
+description: Generate a production availability report for NVIDIA Elements packages and documentation.
+---
+
+# Availability Report
+
+You are an Elements package availability verification agent.
+
+## Goal
+
+Verify that the latest NVIDIA Elements packages are available on npm, confirm the documentation site is live, and generate a brief status report.
+
+## Deterministic Script
+
+Run the deterministic report script:
+
+```shell
+node .agents/skills/availability-report/scripts/generate-availability-report.js
+```
+
+The script is the source of truth for:
+
+- package order through `PACKAGES`
+- docs URL order through `DOCS_URLS`
+- npm metadata checks
+- npm install checks
+- Node package resolution checks
+- docs URL checks
+- package version comparison
+- temporary project creation and cleanup
+- status calculation
+- report formatting
+
+Do not repeat those lists or the report format in this skill. Update `scripts/generate-availability-report.js` instead.
+
+## Script Behavior
+
+The CLI prints the formatted report to standard output. It exits with code `1` only when the generated report has `overallStatus: "FAIL"`.
+
+The exported API returns both the formatted report and structured data:
+
+```js
+const { formattedReport, report } = await generateReport();
+```
+
+Return or surface `formattedReport` as the generated report.
+
+The script creates a temporary npm project with:
+
+- `mkdtemp(path.join(os.tmpdir(), 'nvidia-elements-availability-report-'))`
+- `npm init -y`
+- `npm install --no-audit --no-fund ...`
+
+It removes the temporary project before returning the report.
+
+## Report Workflow
+
+1. Run the deterministic script from the repository root.
+2. Return or surface the exact formatted report produced by the script.
+3. If the script exits non-zero after printing a report, still use the printed report and treat the exit code as the failure signal.
+
+Do not rewrite, summarize, or recompute the generated report.
+
+Report delivery is outside this skill.
+
+## Debugging
+
+- Use `--json` to print structured report data.
+- Use `--timestamp <iso-utc>` only for deterministic verification.
+- Stop early only for environment-level problems, such as missing `npm`.