@cullumco/cadence 0.1.4 → 0.1.6

package/dist/providers/spotify.js

@@ -0,0 +1,142 @@
+import { readFile, writeFile, mkdir } from "node:fs/promises";
+import { homedir } from "node:os";
+import { join } from "node:path";
+import { providerEnabled } from "../config.js";
+import { debug } from "../debug.js";
+/* ─────────────────────────────────────────────────────────────────────────
+ * Spotify now-playing — the CROSS-PLATFORM music source (opt-in).
+ *
+ * macOS already reads Spotify.app / Music.app via AppleScript; this is for the
+ * Linux/Windows user (or anyone who'd rather not script the desktop app). It
+ * is NOT the deprecated audio-features API — only `currently-playing`, which
+ * is still live. Vibe still comes from MusicBrainz downstream, so this returns
+ * identity only (track + artist), exactly like the AppleScript path.
+ *
+ * Opt-in and BYO-credentials — no shared client, no callback server in a
+ * background hook. The user registers their own Spotify app and supplies a
+ * refresh token + client id (see `cadence spotify`); we refresh the short-lived
+ * access token ourselves and cache it so a normal prompt makes ONE request.
+ * Fail-silent throughout: any hiccup degrades to "no music," never throws.
+ * ───────────────────────────────────────────────────────────────────────── */
+const TOKEN_CACHE = join(homedir(), ".cadence", "spotify-token.json");
+const REFRESH_TIMEOUT_MS = 800;
+const NOWPLAYING_TIMEOUT_MS = 800;
+const TOKEN_SKEW_MS = 60_000; // refresh a minute early so a live token can't expire mid-flight
+/** Pull and validate the Spotify creds out of the provider registry, or null
+ * when the user hasn't opted in / the shape is incomplete. Pure + exported. */
+export function readCreds(providers) {
+    if (!providerEnabled(providers, "spotify"))
+        return null;
+    const v = providers["spotify"];
+    if (!v || typeof v !== "object")
+        return null;
+    const o = v;
+    const refreshToken = o["refreshToken"];
+    const clientId = o["clientId"];
+    if (typeof refreshToken !== "string" || typeof clientId !== "string")
+        return null;
+    if (!refreshToken || !clientId)
+        return null;
+    const clientSecret = typeof o["clientSecret"] === "string" ? o["clientSecret"] : undefined;
+    return { refreshToken, clientId, clientSecret };
+}
+async function loadToken() {
+    try {
+        const t = JSON.parse(await readFile(TOKEN_CACHE, "utf-8"));
+        return typeof t?.accessToken === "string" && typeof t?.expiresAt === "number" ? t : null;
+    }
+    catch {
+        return null;
+    }
+}
+async function saveToken(t) {
+    try {
+        await mkdir(join(homedir(), ".cadence"), { recursive: true });
+        await writeFile(TOKEN_CACHE, JSON.stringify(t), "utf-8");
+    }
+    catch {
+        // best-effort; a failed cache just means we refresh again next prompt
+    }
+}
+async function refreshAccessToken(creds) {
+    const ctrl = new AbortController();
+    const timer = setTimeout(() => ctrl.abort(), REFRESH_TIMEOUT_MS);
+    try {
+        const body = new URLSearchParams({
+            grant_type: "refresh_token",
+            refresh_token: creds.refreshToken,
+            client_id: creds.clientId, // in-body client_id covers PKCE/public apps
+        });
+        const headers = {
+            "Content-Type": "application/x-www-form-urlencoded",
+        };
+        if (creds.clientSecret) {
+            const basic = Buffer.from(`${creds.clientId}:${creds.clientSecret}`).toString("base64");
+            headers["Authorization"] = `Basic ${basic}`;
+        }
+        const res = await fetch("https://accounts.spotify.com/api/token", {
+            method: "POST",
+            headers,
+            body,
+            signal: ctrl.signal,
+        });
+        if (!res.ok) {
+            debug("spotify", `token refresh failed: ${res.status}`);
+            return null;
+        }
+        const data = (await res.json());
+        if (!data.access_token)
+            return null;
+        await saveToken({
+            accessToken: data.access_token,
+            expiresAt: Date.now() + (data.expires_in ?? 3600) * 1000,
+        });
+        return data.access_token;
+    }
+    catch (e) {
+        debug("spotify", `token refresh error: ${e instanceof Error ? e.message : String(e)}`);
+        return null;
+    }
+    finally {
+        clearTimeout(timer);
+    }
+}
+async function getAccessToken(creds) {
+    const cached = await loadToken();
+    if (cached && cached.expiresAt - TOKEN_SKEW_MS > Date.now())
+        return cached.accessToken;
+    return refreshAccessToken(creds);
+}
+export async function getSpotifyNowPlaying(providers) {
+    const creds = readCreds(providers);
+    if (!creds)
+        return null;
+    const token = await getAccessToken(creds);
+    if (!token)
+        return null;
+    const ctrl = new AbortController();
+    const timer = setTimeout(() => ctrl.abort(), NOWPLAYING_TIMEOUT_MS);
+    try {
+        const res = await fetch("https://api.spotify.com/v1/me/player/currently-playing", {
+            headers: { Authorization: `Bearer ${token}` },
+            signal: ctrl.signal,
+        });
+        if (res.status === 204 || !res.ok)
+            return null; // 204 = nothing playing
+        const data = (await res.json());
+        if (data.is_playing === false)
+            return null;
+        const track = data.item?.name;
+        const artist = data.item?.artists?.map((a) => a.name).filter(Boolean).join(", ");
+        if (!track || !artist)
+            return null;
+        return { track, artist, player: "Spotify" };
+    }
+    catch (e) {
+        debug("spotify", `now-playing error: ${e instanceof Error ? e.message : String(e)}`);
+        return null;
+    }
+    finally {
+        clearTimeout(timer);
+    }
+}

package/dist/session-start.js

@@ -1,7 +1,8 @@
 #!/usr/bin/env node
 import { getMusicSignal } from "./providers/music.js";
-import { getSelfReportSignal } from "./providers/selfreport.js";
+import { getSelfReportSignal, STALE_AFTER_MS, REFRESH_SOON_MS } from "./providers/selfreport.js";
 import { loadOverrides } from "./cadence.js";
+import { isPaused } from "./config.js";
 import { debug } from "./debug.js";
 /* ─────────────────────────────────────────────────────────────────────────
  * Claude Code SessionStart adapter: one short, human-facing line when a
@@ -16,24 +17,50 @@ import { debug } from "./debug.js";
 const BUDGET_MS = 700;
 // The voice of the product's first impression. Return null to stay silent.
 // Default policy: always one line on startup — say what's seen when there
-// are signals, point at the inputs when there's nothing yet.
+// are signals, point at the inputs when there's nothing yet, and invite a
+// refresh when the self-report is about to go stale ("inquire about updating").
 export function composeHint(info) {
+    // Paused: the model-facing hooks are silent, but this line is for the USER —
+    // say so once per session so "off" never reads as "broken".
+    if (info.paused) {
+        return "cadence: paused — prompts go through untouched (`cadence resume` or /cadence:resume to turn it back on)";
+    }
     if (info.firstRun) {
-        return 'cadence: on, but it hasn\'t heard from you — try `cadence start` (or just `cadence state "deep work"`)';
+        return 'cadence: on, but it hasn\'t heard from you — try `cadence start` (or just `cadence report "deep work"`)';
     }
+    const expiringSoon = info.selfReport != null &&
+        info.selfReportRemainingMs != null &&
+        info.selfReportRemainingMs <= REFRESH_SOON_MS;
     const seen = [];
-    if (info.selfReport)
-        seen.push(`state "${info.selfReport}"`);
+    if (info.selfReport) {
+        seen.push(`state "${info.selfReport}"${expiringSoon ? " (expiring)" : ""}`);
+    }
     if (info.nowPlaying)
         seen.push(`${info.nowPlaying.player}: ${info.nowPlaying.artist}`);
     if (info.pinned.length)
         seen.push(`pinned ${info.pinned.join(", ")}`);
     if (seen.length === 0) {
-        return 'cadence: live, no signals right now — `cadence state "..."` to give it one';
+        return 'cadence: live, no signals right now — `cadence report "..."` to give it one';
     }
-    return `cadence: live — ${seen.join(" · ")}  (inputs: cadence state | dials)`;
+    // When state is about to expire, the inputs hint becomes an explicit nudge to
+    // re-declare — so a long session keeps the cadence honest as the room shifts.
+    const tail = expiringSoon
+        ? "still in this cadence? `cadence report \"...\"` to refresh"
+        : "inputs: cadence report | dials";
+    return `cadence: live — ${seen.join(" · ")}  (${tail})`;
 }
 async function collectInfo() {
+    // Paused short-circuits everything — don't even probe for music.
+    if (await isPaused()) {
+        return {
+            selfReport: null,
+            selfReportRemainingMs: null,
+            pinned: [],
+            nowPlaying: null,
+            firstRun: false,
+            paused: true,
+        };
+    }
     // Race music against the budget — MusicBrainz on a brand-new artist can
     // be slow, and a session greeting must never delay the session.
     const [report, overrides, music] = await Promise.all([
@@ -41,15 +68,18 @@ async function collectInfo() {
         loadOverrides(),
         Promise.race([
             getMusicSignal().catch(() => null),
-            new Promise((resolve) => setTimeout(() => resolve(null), BUDGET_MS)),
+            new Promise((resolve) => setTimeout(() => resolve(null), BUDGET_MS).unref()),
         ]),
     ]);
     const pinned = Object.keys(overrides);
+    const remaining = report ? Math.max(0, STALE_AFTER_MS - (Date.now() - report.setAt)) : null;
     return {
         selfReport: report?.text ?? null,
+        selfReportRemainingMs: remaining,
         pinned,
         nowPlaying: music?.artist ? { artist: music.artist, player: music.player ?? "music" } : null,
         firstRun: !report && pinned.length === 0,
+        paused: false,
     };
 }
 async function main() {

package/dist/signals-view.js

@@ -1,4 +1,5 @@
 import { STALE_AFTER_MS } from "./providers/selfreport.js";
+import { providerEnabled, providerSetting } from "./config.js";
 const LABEL_W = 12; // sub-row label column
 const VALUE_W = 18; // value column, before a "(hidden: …)" note
 function row(label, value, note) {
@@ -14,12 +15,12 @@ function ttlLeft(setAt, now) {
     const m = Math.floor((rem % 3_600_000) / 60_000);
     return h > 0 ? `${h}h${String(m).padStart(2, "0")}m left` : `${m}m left`;
 }
-function ambientRows(a, platform) {
+function environmentRows(a, platform, providers) {
     if (!a)
-        return [top("ambient", "— unavailable")];
+        return [top("environment", "— unavailable")];
     const mac = platform === "darwin";
     const macNote = "— macOS only";
-    const lines = ["  ambient"];
+    const lines = ["  environment"];
     lines.push(row("time", `${a.partOfDay} (${a.dayOfWeek})`));
     lines.push(row("weather", a.weather ?? "— off (run: cadence set-location <lat> <lon>)"));
     lines.push(!mac
@@ -45,9 +46,11 @@ function ambientRows(a, platform) {
                 : row("displays", String(a.displays), "(hidden: only shows >1)"));
     lines.push(!mac
         ? row("wifi", macNote)
-        : a.network
-            ? row("wifi", JSON.stringify(a.network))
-            : row("wifi", "— unavailable"));
+        : !providerEnabled(providers, "wifi")
+            ? row("wifi", "— off (run: cadence enable wifi)")
+            : a.network
+                ? row("wifi", JSON.stringify(a.network))
+                : row("wifi", "— unavailable (macOS may require Location Services)"));
     lines.push(a.uptimeHours == null
         ? row("uptime", "— unavailable")
         : a.uptimeHours >= 12
@@ -65,17 +68,21 @@ function ambientRows(a, platform) {
                 : row("focus", "off", "(hidden: only shows on)"));
     return lines;
 }
-function musicRows(m) {
+function musicRows(m, providers) {
+    const spotify = providerEnabled(providers, "spotify")
+        ? row("source", "macOS apps + Spotify (cross-platform, linked)")
+        : row("source", "macOS apps only", "(cross-platform: cadence spotify)");
     if (!m?.track)
-        return [top("music", "— nothing playing")];
+        return [top("music", "— nothing playing"), spotify];
     const lines = ["  music"];
     lines.push(row("track", `${JSON.stringify(m.track)}${m.artist ? ` — ${m.artist}` : ""}${m.player ? ` (${m.player})` : ""}`));
     lines.push(m.vibe ? row("vibe", m.vibe) : row("vibe", "— no tags yet (looked up once per artist)"));
+    lines.push(spotify);
     return lines;
 }
 function reportRow(r, now) {
     if (!r)
-        return top("self_report", '— none set (run: cadence state "...")');
+        return top("self_report", '— none set (run: cadence report "...")');
     const text = r.text.length > 44 ? `${r.text.slice(0, 43)}…` : r.text;
     return top("self_report", `${JSON.stringify(text)} (${ttlLeft(r.setAt, now)})`);
 }
@@ -92,12 +99,39 @@ function gitRow(g) {
     ].filter(Boolean);
     return top("git", parts.join(", "));
 }
+function intentRow() {
+    return top("intent", "— reads your prompt (the hook infers ship/think/debug per-prompt)");
+}
+function tempoRow(providers) {
+    return providerEnabled(providers, "typingTempo")
+        ? top("typing tempo", "on (opt-in) — rapid vs. considered prompt rhythm → pace")
+        : top("typing tempo", "— off (opt-in: cadence enable typingTempo)");
+}
+function optInFlavorRows(providers, environment) {
+    const sign = providerSetting(providers, "horoscope");
+    return [
+        "  opt-in flavor",
+        row("focused app", providerEnabled(providers, "focusedApp")
+            ? environment?.focusedApp ?? "on — nothing non-terminal in front"
+            : "— off (cadence enable focusedApp)"),
+        row("moon", providerEnabled(providers, "moon")
+            ? "on — phase shows in the block"
+            : "— off (cadence enable moon)"),
+        row("horoscope", typeof sign === "string"
+            ? `on (${sign}) — daily text shows in the block`
+            : "— off (cadence enable horoscope <sign>)"),
+    ];
+}
 export function renderSignalsTable(raw) {
+    const providers = raw.providers ?? {};
     return [
-        ...ambientRows(raw.ambient, raw.platform),
-        ...musicRows(raw.music),
+        ...environmentRows(raw.environment, raw.platform, raw.providers ?? {}),
+        ...musicRows(raw.music, providers),
         reportRow(raw.report, raw.now),
+        intentRow(),
         gitRow(raw.git),
         top("activity", "— session-only (the hook injects it per-prompt)"),
+        tempoRow(providers),
+        ...optInFlavorRows(providers, raw.environment),
     ].join("\n");
 }

package/dist/spotify-auth.js

@@ -0,0 +1,136 @@
+import { createServer } from "node:http";
+import { createHash, randomBytes } from "node:crypto";
+import { exec } from "node:child_process";
+/* ─────────────────────────────────────────────────────────────────────────
+ * Spotify connect — Authorization Code + PKCE, run from the INTERACTIVE CLI.
+ *
+ * A distributed CLI can't keep a client secret, so we use PKCE (public client,
+ * no secret). The flow: spin up a one-shot loopback server, open the browser to
+ * Spotify's consent page, catch the redirect with the auth code, exchange it for
+ * a refresh token, and hand that back to the CLI to store in `providers.spotify`
+ * — the exact shape the fail-silent hook-side provider already reads.
+ *
+ * This NEVER runs in the hook (no browser, no server in a 1.5s budget). The hook
+ * only ever reads the cached refresh token. Keep it that way.
+ * ───────────────────────────────────────────────────────────────────────── */
+// Must be registered verbatim in the Spotify app's redirect URIs. Spotify
+// requires the explicit loopback IP (not "localhost") for native/CLI apps.
+export const REDIRECT_PORT = 8888;
+export const REDIRECT_URI = `http://127.0.0.1:${REDIRECT_PORT}/callback`;
+export const SCOPE = "user-read-currently-playing";
+const AUTH_TIMEOUT_MS = 120_000;
+/** PKCE pair: a high-entropy verifier and its S256 challenge. Pure. */
+export function generatePkce() {
+    const verifier = randomBytes(32).toString("base64url"); // 43 chars, within 43–128
+    const challenge = createHash("sha256").update(verifier).digest("base64url");
+    return { verifier, challenge };
+}
+/** Build the Spotify consent URL. Pure + exported so the params are testable. */
+export function buildAuthorizeUrl(opts) {
+    const q = new URLSearchParams({
+        response_type: "code",
+        client_id: opts.clientId,
+        redirect_uri: REDIRECT_URI,
+        scope: SCOPE,
+        code_challenge_method: "S256",
+        code_challenge: opts.challenge,
+        state: opts.state,
+    });
+    return `https://accounts.spotify.com/authorize?${q.toString()}`;
+}
+/** Pull the refresh token out of Spotify's token response, or null. Pure. */
+export function parseTokenResponse(json) {
+    const data = json;
+    return typeof data?.refresh_token === "string" && data.refresh_token ? data.refresh_token : null;
+}
+// Best-effort browser open; if it fails we've already printed the URL to paste.
+function openBrowser(url) {
+    const cmd = process.platform === "darwin"
+        ? "open"
+        : process.platform === "win32"
+            ? "start \"\""
+            : "xdg-open";
+    const child = exec(`${cmd} "${url}"`, () => { });
+    child.on("error", () => { });
+}
+// Wait for Spotify to redirect back with ?code=&state=, validating state.
+function waitForCode(expectedState) {
+    return new Promise((resolve, reject) => {
+        const server = createServer((req, res) => {
+            const url = new URL(req.url ?? "/", REDIRECT_URI);
+            if (url.pathname !== "/callback") {
+                res.writeHead(404).end();
+                return;
+            }
+            const code = url.searchParams.get("code");
+            const state = url.searchParams.get("state");
+            const err = url.searchParams.get("error");
+            res.writeHead(200, { "Content-Type": "text/html" });
+            const done = (msg) => res.end(`<!doctype html><meta charset=utf-8><body style="font:16px system-ui;padding:3rem">${msg} — you can close this tab.</body>`);
+            if (err) {
+                done(`Spotify returned "${err}"`);
+                cleanup();
+                reject(new Error(`authorization denied: ${err}`));
+            }
+            else if (!code || state !== expectedState) {
+                done("Something didn't line up");
+                cleanup();
+                reject(new Error("missing code or state mismatch"));
+            }
+            else {
+                done("Spotify linked ✓");
+                cleanup();
+                resolve(code);
+            }
+        });
+        const timer = setTimeout(() => {
+            cleanup();
+            reject(new Error("timed out waiting for Spotify authorization"));
+        }, AUTH_TIMEOUT_MS);
+        function cleanup() {
+            clearTimeout(timer);
+            server.close();
+        }
+        server.on("error", (e) => {
+            clearTimeout(timer);
+            reject(e.code === "EADDRINUSE"
+                ? new Error(`port ${REDIRECT_PORT} is in use — close whatever's on it and retry`)
+                : e);
+        });
+        server.listen(REDIRECT_PORT, "127.0.0.1");
+    });
+}
+async function exchangeCode(clientId, code, verifier) {
+    const res = await fetch("https://accounts.spotify.com/api/token", {
+        method: "POST",
+        headers: { "Content-Type": "application/x-www-form-urlencoded" },
+        body: new URLSearchParams({
+            grant_type: "authorization_code",
+            code,
+            redirect_uri: REDIRECT_URI,
+            client_id: clientId,
+            code_verifier: verifier,
+        }),
+    });
+    if (!res.ok)
+        throw new Error(`token exchange failed: ${res.status} ${await res.text()}`);
+    const refreshToken = parseTokenResponse(await res.json());
+    if (!refreshToken)
+        throw new Error("Spotify did not return a refresh token");
+    return refreshToken;
+}
+/** Run the full browser flow. Resolves with a refresh token to store, or
+ * throws with a human-readable reason. Logs progress via the passed printer so
+ * the CLI owns all stdout. */
+export async function connectSpotify(clientId, log) {
+    const { verifier, challenge } = generatePkce();
+    const state = randomBytes(16).toString("hex");
+    const url = buildAuthorizeUrl({ clientId, challenge, state });
+    log("  Opening Spotify in your browser to authorize…");
+    log("  If it doesn't open, paste this:\n");
+    log(`    ${url}\n`);
+    openBrowser(url);
+    const code = await waitForCode(state);
+    log("  Got it — exchanging for a refresh token…");
+    return exchangeCode(clientId, code, verifier);
+}

package/dist/stop.js

@@ -2,9 +2,10 @@
 import { pathToFileURL } from "node:url";
 import { getMusicSignal } from "./providers/music.js";
 import { getSelfReportSignal } from "./providers/selfreport.js";
-import { getAmbientSignal } from "./providers/ambient.js";
+import { getEnvironmentSignal } from "./providers/environment.js";
 import { getGitSignal } from "./providers/git.js";
 import { deriveCadence, loadOverrides, applyOverrides } from "./cadence.js";
+import { isPaused } from "./config.js";
 const TOTAL_BUDGET_MS = 1500;
 async function readStdin() {
     if (process.stdin.isTTY)
@@ -20,10 +21,10 @@ async function readStdin() {
     }
 }
 async function collectSignals(cwd) {
-    const [music, report, ambient, git] = await Promise.allSettled([
+    const [music, report, environment, git] = await Promise.allSettled([
         getMusicSignal(),
         getSelfReportSignal(),
-        getAmbientSignal(new Date()),
+        getEnvironmentSignal(new Date()),
         getGitSignal(cwd),
     ]);
     const signals = [];
@@ -31,8 +32,8 @@ async function collectSignals(cwd) {
         signals.push(music.value);
     if (report.status === "fulfilled" && report.value)
         signals.push(report.value);
-    if (ambient.status === "fulfilled" && ambient.value)
-        signals.push(ambient.value);
+    if (environment.status === "fulfilled" && environment.value)
+        signals.push(environment.value);
     if (git.status === "fulfilled" && git.value)
         signals.push(git.value);
     return signals;
@@ -75,12 +76,14 @@ export function decideStop(input, signals, cadence, pinned) {
     };
 }
 async function main() {
+    if (await isPaused())
+        return; // user asked for silence — never block while paused
     const input = await readStdin();
     const projectDir = input.cwd ?? process.cwd();
     const [signals, overrides] = await Promise.all([
         Promise.race([
             collectSignals(projectDir),
-            new Promise((resolve) => setTimeout(() => resolve([]), TOTAL_BUDGET_MS)),
+            new Promise((resolve) => setTimeout(() => resolve([]), TOTAL_BUDGET_MS).unref()),
         ]),
         loadOverrides(),
     ]);

package/dist/types.js

@@ -9,6 +9,7 @@
  * The four embodied dimensions, each a provider emitting one Signal:
  *   - MusicSignal      → what's playing            (music)
  *   - SelfReportSignal → what you told us          (mood, ground truth)
+ *   - IntentSignal     → what your prompt implies  (mood, inferred from words)
  *   - ActivitySignal   → your motor/typing tempo   (mood, inferred)
  *   - GitSignal        → your work state           (context)
  *   - PlaceSignal      → where & in what setting    (place)

package/dist/vibe.js

@@ -20,7 +20,7 @@
  * (energy: death-metal high → Bach low; valence: euphoric high → depressed low).
  * Order doesn't matter — every matching row is averaged. */
 const GENRE_AFFECT = {
-    // ── high energy → ship ───────────────────────────────────────────────
+    // ── high energy → pace high ──────────────────────────────────────────
     punk: { energy: 0.9, valence: 0.6, acoustic: 0.05, moods: ["aggressive", "energetic"] },
     metal: { energy: 0.95, valence: 0.4, acoustic: 0.02, moods: ["aggressive", "dark"] },
     hardcore: { energy: 0.95, valence: 0.45, acoustic: 0.02, moods: ["aggressive", "energetic"] },
@@ -66,7 +66,7 @@ const GENRE_AFFECT = {
     ska: { energy: 0.8, valence: 0.75, acoustic: 0.15, moods: ["happy", "energetic"] },
     surf: { energy: 0.7, valence: 0.7, acoustic: 0.2, moods: ["happy", "energetic"] },
     "math rock": { energy: 0.75, valence: 0.55, acoustic: 0.2, moods: ["energetic"] },
-    // ── mid / groovy → ship-or-think depending on energy ─────────────────
+    // ── mid / groovy → pace dead zone (0.4 < energy < 0.7 = no nudge) ────
     "r&b": { energy: 0.55, valence: 0.6, acoustic: 0.2, moods: ["sexy", "chilled"] },
     soul: { energy: 0.55, valence: 0.65, acoustic: 0.25, moods: ["romantic", "uplifting"] },
     reggae: { energy: 0.6, valence: 0.75, acoustic: 0.2, moods: ["chilled", "happy"] },
@@ -86,7 +86,7 @@ const GENRE_AFFECT = {
     "big band": { energy: 0.65, valence: 0.7, acoustic: 0.6, moods: ["happy", "epic"] },
     samba: { energy: 0.7, valence: 0.8, acoustic: 0.5, moods: ["happy"] },
     flamenco: { energy: 0.6, valence: 0.5, acoustic: 0.85, moods: ["romantic", "epic"] },
-    // ── low energy, organic → think ──────────────────────────────────────
+    // ── low energy, organic → pace low, tone warm ────────────────────────
     ambient: { energy: 0.2, valence: 0.5, acoustic: 0.6, moods: ["ethereal", "calm"] },
     "lo-fi": { energy: 0.3, valence: 0.5, acoustic: 0.4, moods: ["chilled", "calm"] },
     lofi: { energy: 0.3, valence: 0.5, acoustic: 0.4, moods: ["chilled", "calm"] },
@@ -112,7 +112,8 @@ const GENRE_AFFECT = {
     soundtrack: { energy: 0.45, valence: 0.45, acoustic: 0.6, moods: ["epic"] },
     opera: { energy: 0.5, valence: 0.45, acoustic: 0.9, moods: ["epic"] },
     choral: { energy: 0.3, valence: 0.5, acoustic: 0.95, moods: ["ethereal", "epic"] },
-    // ── low energy, low valence → debug-leaning ──────────────────────────
+    // ── low energy, low valence → pace low; dark moods are render-only ───
+    //    (valence currently moves NO dial — see BACKLOG "Valence boundary")
     blues: { energy: 0.45, valence: 0.35, acoustic: 0.5, moods: ["sad", "dark"] },
     goth: { energy: 0.55, valence: 0.3, acoustic: 0.2, moods: ["dark"] },
     gothic: { energy: 0.55, valence: 0.3, acoustic: 0.2, moods: ["dark"] },
@@ -143,7 +144,10 @@ export function tagsToVibe(tags) {
     }
     if (hits.length === 0)
         return null;
-    const energy = hits.reduce((s, a) => s + a.energy, 0) / hits.length;
+    const avg = (pick) => hits.reduce((s, a) => s + pick(a), 0) / hits.length;
+    const energy = avg((a) => a.energy);
+    const valence = avg((a) => a.valence);
+    const acoustic = avg((a) => a.acoustic);
     // Mood words: collect from all hits, dedupe, keep most frequent first.
     const moodCounts = new Map();
     for (const h of hits)
@@ -154,5 +158,5 @@ export function tagsToVibe(tags) {
         .sort((a, b) => b[1] - a[1])
         .slice(0, 4)
         .map(([m]) => m);
-    return { moods, energy };
+    return { moods, energy, valence, acoustic };
 }

package/package.json

@@ -1,12 +1,12 @@
 {
   "name": "@cullumco/cadence",
-  "version": "0.1.4",
+  "version": "0.1.6",
   "description": "Agents that read the room. Ambient context, cadence dials, and finish-line guardrails for Claude Code. macOS-only alpha.",
   "type": "module",
   "bin": {
     "cadence": "bin/cadence"
   },
-  "homepage": "https://cullumco.github.io/cadence/",
+  "homepage": "https://cadence.cullum.co/",
   "repository": {
     "type": "git",
     "url": "git+https://github.com/cullumco/cadence.git"

package/skills/pause/SKILL.md

@@ -0,0 +1,16 @@
+---
+description: Pause Cadence — silence all hooks instantly; prompts go through untouched until resumed.
+disable-model-invocation: true
+---
+
+# Pause Cadence
+
+Run `cadence pause` with Bash.
+
+Then confirm in one sentence: Cadence is paused, prompts go through untouched,
+and `/cadence:resume` turns it back on. Their state (self-report, pins,
+opt-ins) is preserved exactly as-is.
+
+Note: the current session may already have `<user_state>` blocks in context
+from earlier prompts — ignore them from here on; the user has asked for
+silence.

package/skills/resume/SKILL.md

@@ -0,0 +1,12 @@
+---
+description: Resume Cadence — start reading the room again after a pause.
+disable-model-invocation: true
+---
+
+# Resume Cadence
+
+Run `cadence resume` with Bash, then `cadence test`.
+
+Confirm in one sentence that Cadence is live again, and summarize what it
+currently sees from the `cadence test` output (or note that no signals are
+present yet). Keep it to two sentences total.