fix: guard check_resource and check_backup_age when ctx is uninitialized

When ctx is installed as a global plugin, its hooks fire in every
project Claude opens — including non-ctx projects. Two relay hooks
were missing the state.Initialized() guard and nagged users with
"Load Xx CPU count" and backup-age warnings in projects that don't
use ctx at all.

Add the guard, matching the pattern already present in 18 other
hooks. Safety hooks (block_dangerous_command, block_non_path_ctx)
intentionally run regardless of ctx state.

Also records this session's decisions and learnings, and updates
TASKS.md line 30 to reflect partial progress (boundary side effect
resolved in e24941d; remaining hooks need per-hook audit).

Spec: specs/hook-guard-uninitialized.md
Signed-off-by: Jose Alekhinne <jose@parlakisik.com>

Author: josealekhine

.context/DECISIONS.md

@@ -3,7 +3,9 @@
 <!-- INDEX:START -->
 | Date | Decision |
 |----|--------|
+| 2026-04-13 | Walk boundary uses git as a hint, not a requirement |
 | 2026-04-11 | Journal stays local; LEARNINGS.md is the shareable layer |
+| 2026-04-11 | `Entry.Author` is server-authoritative, not client-authoritative |
 | 2026-04-09 | Architecture skill pipeline is a triad not a quartet |
 | 2026-04-08 | Remove #done tag convention, simplify task archival |
 | 2026-04-06 | Use hook relay for session provenance instead of JSONL parsing or env vars |
@@ -120,6 +122,29 @@ For significant decisions:
 
 -->
 
+## [2026-04-13-153617] Walk boundary uses git as a hint, not a requirement
+
+**Status**: Accepted
+
+**Context**: ctx init failed when a non-ctx-initialized repo lived inside a
+ctx-initialized parent workspace. walkForContextDir walked up and found the
+parent's .context, then the boundary check rejected it. We considered
+project-marker heuristics (go.mod, package.json) and making git mandatory.
+
+**Decision**: Walk boundary uses git as a hint, not a requirement
+
+**Rationale**: Project markers are unreliable (e.g. package.json for customer
+shipments, Haskell projects have no common marker). Making git mandatory breaks
+ctx's 'git recommended but not required' stance. Git-as-hint resolves the bug
+without new dependencies: walk finds candidate, validate against git root,
+discard if outside; fall back to CWD when no git is found.
+
+**Consequence**: walkForContextDir now consults findGitRoot to anchor ancestor
+.context candidates. Monorepos, submodules, and nested workspaces resolve
+correctly. No-git projects still work via CWD fallback.
+
+---
+
 ## [2026-04-11-200000] Journal stays local; LEARNINGS.md is the shareable layer
 
 **Status**: Accepted
@@ -296,27 +321,37 @@ the implementation task.
 
 **Status**: Accepted
 
-**Context**: Had a proposed ctx-architecture-extend for extension point mapping, making four skills
+**Context**: Had a proposed ctx-architecture-extend for extension point mapping,
+making four skills
 
 **Decision**: Architecture skill pipeline is a triad not a quartet
 
-**Rationale**: Extension points already covered per-module in DETAILED_DESIGN and by registration site discovery in enrich. Fourth skill fragments pipeline without distinct value
+**Rationale**: Extension points already covered per-module in DETAILED_DESIGN
+and by registration site discovery in enrich. Fourth skill fragments pipeline
+without distinct value
 
-**Consequence**: Pipeline is map enrich hunt. Three skills three questions: how does it work, how well does it connect, where will it break
+**Consequence**: Pipeline is map enrich hunt. Three skills three questions: how
+does it work, how well does it connect, where will it break
 
 ---
 
 ## [2026-04-08-013731] Remove #done tag convention, simplify task archival
 
 **Status**: Accepted
 
-**Context**: Tasks had #done:YYYY-MM-DD timestamps that agents added inconsistently and nobody read. compact --archive filtered by age using these timestamps.
+**Context**: Tasks had #done:YYYY-MM-DD timestamps that agents added
+inconsistently and nobody read. compact --archive filtered by age using these
+timestamps.
 
 **Decision**: Remove #done tag convention, simplify task archival
 
-**Rationale**: [x] checkbox is semantically sufficient. git blame provides the completion timestamp. Removing #done eliminates redundant ceremony and simplifies compact --archive to archive all completed tasks regardless of age.
+**Rationale**: [x] checkbox is semantically sufficient. git blame provides the
+completion timestamp. Removing #done eliminates redundant ceremony and
+simplifies compact --archive to archive all completed tasks regardless of age.
 
-**Consequence**: compact --archive no longer filters by archive_after_days for tasks. The .ctxrc field is inert but retained for backwards compatibility. Historical #done tags in archives are preserved.
+**Consequence**: compact --archive no longer filters by archive_after_days for
+tasks. The .ctxrc field is inert but retained for backwards compatibility.
+Historical #done tags in archives are preserved.
 
 ---
 

.context/LEARNINGS.md

@@ -17,6 +17,9 @@ DO NOT UPDATE FOR:
 <!-- INDEX:START -->
 | Date | Learning |
 |----|--------|
+| 2026-04-13 | GPG signing from non-TTY contexts requires pinentry-mac (or equivalent) |
+| 2026-04-13 | Load average measures a queue, not CPU utilization |
+| 2026-04-13 | rc.ContextDir() is the single source of truth — fix the resolver, not callers |
 | 2026-04-09 | Pad index shifting is a real UX bug in batch operations |
 | 2026-04-08 | fmt.Fprintf to strings.Builder silently discards errors |
 | 2026-04-08 | AST audit tests must cover unexported functions too |
@@ -112,33 +115,100 @@ DO NOT UPDATE FOR:
 
 ---
 
+## [2026-04-13-153618] GPG signing from non-TTY contexts requires pinentry-mac (or equivalent)
+
+**Context**: git commit failed from Claude Code's shell with 'gpg: signing
+failed: No such file or directory' — the default pinentry-curses cannot open a
+TTY in agent-invoked shells. Manual commits from a real terminal worked fine.
+
+**Lesson**: GPG's default curses pinentry requires an interactive TTY. In
+non-TTY contexts (Claude Code, CI, scripts, cron), signing fails silently-ish.
+The fix is to configure a GUI pinentry that uses the OS keychain: brew install
+pinentry-mac; echo 'pinentry-program $(brew --prefix)/bin/pinentry-mac' >>
+~/.gnupg/gpg-agent.conf; gpgconf --kill gpg-agent. Once the passphrase is saved
+in Keychain, signing works from any context.
+
+**Application**: If agents or CI need to sign commits, configure pinentry-mac
+(macOS) or pinentry-gtk/pinentry-qt (Linux) with the OS keychain, not
+pinentry-curses. This is a one-time setup per machine.
+
+---
+
+## [2026-04-13-153618] Load average measures a queue, not CPU utilization
+
+**Context**: The 'Load Xx CPU count' resource alert fired at 1.74x while htop
+showed per-core utilization well under 50% and idle cores. Load average counts
+runnable + uninterruptible-sleep processes, smoothed over 1/5/15 minutes.
+
+**Lesson**: Load average and CPU% measure different things. High load with low
+CPU% typically means many short-lived processes or I/O-bound work (e.g., go test
+spawning hundreds of parallel test binaries). The 1-minute average is too
+reactive for dev machines that periodically run test suites — 5-minute smooths
+transient spikes without hiding sustained pressure.
+
+**Application**: For alerting thresholds based on system load, prefer 5-minute
+over 1-minute averages. 1-minute is useful for interactive debugging; 5-minute
+is better for automated alerts that should not fire on normal build/test
+activity.
+
+---
+
+## [2026-04-13-153618] rc.ContextDir() is the single source of truth — fix the resolver, not callers
+
+**Context**: When ctx init failed with a boundary error, my first instinct was
+to have init bypass rc.ContextDir() and use filepath.Join(cwd, dir.Context)
+directly. Volkan shut that down: rc.ContextDir() encodes invariants (team
+shares, symlinks, network mounts, .ctxrc overrides) that individual commands
+cannot reason about.
+
+**Lesson**: Resolution chains with multiple fallbacks are contracts. If one
+command bypasses the chain, it silently diverges from every other command's
+notion of 'the context directory.' When a resolver produces a wrong answer for a
+specific case, fix the resolver — don't let callers opt out.
+
+**Application**: Any time you see rc.ContextDir(), rc.RC(), or similar central
+resolvers producing a bad result, the fix belongs in the resolver itself (or in
+its input data like .ctxrc). Caller-side bypasses create drift.
+
+---
+
 ## [2026-04-09-001323] Pad index shifting is a real UX bug in batch operations
 
-**Context**: ctx pad rm 10; rm 11; rm 12 deleted wrong entries because indices shifted after each deletion
+**Context**: ctx pad rm 10; rm 11; rm 12 deleted wrong entries because indices
+shifted after each deletion
 
-**Lesson**: Any ID-based system where users chain operations needs stable IDs. Look-then-act is safe for single ops; look-then-batch-act breaks with shifting indices
+**Lesson**: Any ID-based system where users chain operations needs stable IDs.
+Look-then-act is safe for single ops; look-then-batch-act breaks with shifting
+indices
 
-**Application**: Both pad and remind now use stable IDs with batch delete and range support. Apply same pattern to any future numbered-list subsystem
+**Application**: Both pad and remind now use stable IDs with batch delete and
+range support. Apply same pattern to any future numbered-list subsystem
 
 ---
 
 ## [2026-04-08-074612] fmt.Fprintf to strings.Builder silently discards errors
 
-**Context**: golangci-lint errcheck allows fmt.Fprintf to strings.Builder because Write never fails, but project convention says zero silent discard
+**Context**: golangci-lint errcheck allows fmt.Fprintf to strings.Builder
+because Write never fails, but project convention says zero silent discard
 
-**Lesson**: Linter coverage gaps exist where language guarantees mask conventions. AST tests fill the gap
+**Lesson**: Linter coverage gaps exist where language guarantees mask
+conventions. AST tests fill the gap
 
-**Application**: Created TestNoUncheckedFmtWrite to enforce fmt.Fprintf error handling. Use if _, err := fmt.Fprintf(...) with log.Warn on the error path
+**Application**: Created TestNoUncheckedFmtWrite to enforce fmt.Fprintf error
+handling. Use if _, err := fmt.Fprintf(...) with log.Warn on the error path
 
 ---
 
 ## [2026-04-08-074604] AST audit tests must cover unexported functions too
 
-**Context**: TestDocCommentStructure only checked exported functions, so agent-written helpers in format.go had no godoc enforcement
+**Context**: TestDocCommentStructure only checked exported functions, so
+agent-written helpers in format.go had no godoc enforcement
 
-**Lesson**: Convention enforcement tests must default to scanning all documented functions. Use explicit opt-outs (test files) not opt-ins (exported only)
+**Lesson**: Convention enforcement tests must default to scanning all documented
+functions. Use explicit opt-outs (test files) not opt-ins (exported only)
 
-**Application**: When adding AST audit tests, scan all functions. We fixed TestDocCommentStructure to drop the IsExported gate and fixed 84 violations
+**Application**: When adding AST audit tests, scan all functions. We fixed
+TestDocCommentStructure to drop the IsExported gate and fixed 84 violations
 
 ---