cursordoctrine 0.2.0 → 0.2.2

package/README.md

@@ -59,7 +59,7 @@ No Node? Open `INSTALL.md`, paste its contents into a Cursor agent chat on the t
 
 Prerequisites: `git` everywhere; `pwsh` on Windows; `bash` plus `jq` or `python3` on Linux.
 
-The anti-slop skill (`skills/anti-slop/` — SKILL.md and the duplication scanner) installs to `~/.cursor/skills/anti-slop/`. The final review runs the scanner from there; if it's missing (an install from before it shipped), the review falls back to the `~/.agents/hooks/anti-slop.md` checklist instead of failing.
+The anti-slop skill (`skills/anti-slop/` — SKILL.md and the duplication scanner) installs to `~/.cursor/skills/anti-slop/`. The hook checklist (`~/.agents/hooks/anti-slop.md`, 13 items) is the canonical slop detector for both per-edit advisories and final-review axis 4. The final review runs the scanner from the skill path first when available.
 
 ## Tuning and kill switches
 

package/linux/hooks/anti-slop-audit.sh

@@ -154,17 +154,14 @@ checklist_file="$HOME/.agents/hooks/anti-slop.md"
 checklist=""
 [ -f "$checklist_file" ] && checklist="$(cat "$checklist_file")"
 if [ -z "$checklist" ]; then
-    checklist='ANTI-SLOP SELF-REVIEW - audit the edit you just made and FIX (do not explain) any slop:
-  1. Edge cases beyond the happy path (null / empty / zero / boundary / error).
-  2. Duplicated logic that already exists in this repo - call it, do not re-implement.
-  3. Conventions - match the file'"'"'s existing style / naming / structure / error-handling.
-  4. Unnecessary dependencies - remove libs the stdlib or an existing dep covers.
-  5. Premature abstraction - no Factory/Repository/Mediator/CQRS/DDD without 2-3 real call sites today.
-  6. Accidental complexity - flatten indirection a junior cannot read in 30s.
-  7. Tests assert real behaviour and edge cases, not just "it runs".
-  8. Cargo cult - delete any construct whose reason you cannot state.
-  9. Architecture - respect the project'"'"'s layering and boundaries.
- 10. Redundant comments restating code - delete; keep only WHY.'
+    checklist='ANTI-SLOP — read ~/.agents/hooks/anti-slop.md (13 items). Fallback if missing:
+  1–10: edge cases, duplication, conventions, deps, premature abstraction,
+  accidental complexity, tests (no tautologies), cargo cult, architecture,
+  redundant comments / prompt residue.
+  11: semantic contracts (behavior change without name/signature change).
+  12: operational slop (retry w/o backoff, await-in-loop, telemetry spam).
+  13: change surface (too many files for a simple request).
+Fix guilty items now. Never revert what the user asked for.'
 fi
 
 flag_block=""

package/linux/hooks/anti-slop.md

@@ -1,56 +1,54 @@
-ANTI-SLOP SELF-REVIEW — you just edited a file. Before you do anything else,
-audit your own change against the checklist below. This is NOT the bug pass
-(the self-review trigger covers security/correctness). This is about *slop*:
-code that runs but should not ship.
-
-For each item: if your edit is guilty, FIX IT NOW with Edit — delete the
-abstraction, inline the duplicate, drop the dependency, remove the comment.
-Do not explain, do not report, just fix. If the edit is clean, say nothing.
-
-  1. EDGE CASES — Does it only handle the happy path? Check the null / empty /
-     zero / boundary / error inputs the task implies. An unhandled obvious
-     edge case is a bug waiting in production.
-
-  2. DUPLICATION — Did you write logic that already exists in this repo? Look
-     before you add. If it exists, call it; do not re-implement it.
-
-  3. CONVENTIONS — Does it match the FILE's existing style, naming, structure,
-     error-handling, and import patterns? Match the neighbours, not your
-     defaults.
-
-  4. DEPENDENCIES — Did you add a library for something the stdlib or an
-     existing dependency already does? Remove it. A new dependency must earn
-     its place.
-
-  5. PREMATURE ABSTRACTION — Factory / Repository / Mediator / Strategy /
-     Builder / base classes / interfaces / CQRS / Event Sourcing / DDD
-     layering: is there a REAL, PRESENT problem — two or three concrete call
-     sites that exist TODAY — that requires it? "For future flexibility" is
-     not a reason. Delete it and write the direct code. Abstraction debt is
-     layers without problems.
-
-  6. ACCIDENTAL COMPLEXITY — Could a junior read this in 30 seconds? Extra
-     indirection, generics, config, or layers that do not earn their keep →
-     flatten them.
-
-  7. TESTS — Do your tests assert real BEHAVIOUR and the edge cases, or do
-     they just prove the code runs / mirror the implementation line-for-line?
-     A test that cannot fail is slop. Make it verify outcomes.
-
-  8. CARGO CULT — Can you state WHY each non-obvious construct is there? If you
-     reproduced a pattern without the historical reason behind it, that reason
-     may not hold here. Remove what you cannot justify. Replicating a shape you
-     have seen is not the same as needing it.
-
-  9. ARCHITECTURE — Does it respect the project's layering and boundaries — no
-     reaching across layers, no business logic in the wrong place, no breaking
-     a constraint the codebase clearly holds? Honour the constraints.
-
- 10. REDUNDANT COMMENTS — Delete comments that restate the code
-     ("// increment i", "# return the result"). Keep only comments that
-     explain WHY, never WHAT.
-
-Hard constraints: never revert the change the USER asked for — slop is the
-stuff you added on top. Do not "improve" beyond removing slop. At most a few
-targeted edits, then stop. The bar: would this pass a senior review at a top
-engineering org without a single "why is this here?" comment.
+ANTI-SLOP SELF-REVIEW — you just edited a file (or you are auditing the
+session diff at final review). Code that runs but should not ship.
+
+Intent trace (Tier 0 — hallucinated requirements, scope drift) runs FIRST at
+stop via final-review axis 0, not here. This checklist covers code-shape and
+cost slop. Apply every item; if guilty, FIX with Edit — delete, inline, drop.
+Do not explain. If clean, say nothing.
+
+  1. EDGE CASES — Happy path only? Check null / empty / zero / boundary / error
+     inputs the task implies.
+
+  2. DUPLICATION — Logic that already exists in this repo? Call it; do not
+     re-implement. Same function in many files (isRecord-class) → one source.
+
+  3. CONVENTIONS — Match the FILE's style, naming, structure, error-handling,
+     imports. Not your defaults.
+
+  4. DEPENDENCIES — New library for something stdlib or an existing dep covers?
+     Remove it. A dependency must earn its place.
+
+  5. PREMATURE ABSTRACTION — Factory / Repository / Mediator / Strategy / Builder /
+     CQRS / Event Sourcing / DDD: is there a REAL problem with 2–3 call sites
+     TODAY? "Future flexibility" is not a reason. Delete and write direct code.
+
+  6. ACCIDENTAL COMPLEXITY — Could a junior read this in 30 seconds? Flatten
+     indirection, generics, config, layers that do not earn their keep.
+
+  7. TESTS (epistemic slop) — Assert real OUTCOMES and edge cases, not "it runs",
+     not a mirror of the implementation, not expect(true).toBe(true). A test
+     that cannot fail is slop.
+
+  8. CARGO CULT — Can you state WHY each non-obvious construct is there? Remove
+     what you cannot justify. A shape you have seen ≠ a shape you need.
+
+  9. ARCHITECTURE — Respect layering and boundaries. No reaching across layers,
+     no business logic in the wrong place, no breaking project constraints.
+
+ 10. REDUNDANT COMMENTS — Delete comments that restate the code ("// increment
+     i"). Keep only WHY, never WHAT. No prompt residue ("in a real app...").
+
+ 11. SEMANTIC CONTRACTS (Tier 1) — Did any existing function's BEHAVIOR change
+     without its name, signature, or docstring changing? Names are contracts.
+     deleteUser() that now soft-deletes is silent contract break.
+
+ 12. OPERATIONAL SLOP (Tier 3) — Retry loops without backoff/sleep/jitter?
+     await fetch / ctx.db / prisma inside a for/while/map? Six or more
+     console.log / print added in one edit? Token burn with no user value →
+     remove or bound.
+
+ 13. CHANGE SURFACE (Tier 5) — Did a simple request touch many files? Every
+     file in the diff must trace to the task. Trim unrelated hunks.
+
+Hard constraints: never revert what the USER asked for — slop is what got added
+on top. At most a few targeted edits, then stop.

package/linux/hooks/final-review.md

@@ -45,17 +45,23 @@ is present — sandboxed verify run, no transcript — skip this axis.)
 - Add the missing tests; delete tautological ones.
 
 ## 4. Anti-slop
-- If `~/.cursor/skills/anti-slop/scripts/scan_slop.py` exists (INSTALL.md step 2
-  copies it there), run the whole-codebase duplication scan:
+Axis 0 already caught intent drift. This axis catches code-shape and cost slop
+across the whole session diff.
+
+Step A — mechanical scan (if available):
+  If `~/.cursor/skills/anti-slop/scripts/scan_slop.py` exists, run:
     python ~/.cursor/skills/anti-slop/scripts/scan_slop.py --all
-  If it does NOT exist, do not treat that as a failure and do not hunt for the
-  file: apply the checklist in `~/.agents/hooks/anti-slop.md` to the session
-  diff and look for duplicate function bodies in the files you touched.
-- Either way, consolidate clones: same function in many files / identical bodies
-  (the isRecord-class) → ONE shared definition, re-point imports, delete the
-  copies.
-- Premature abstraction (Factory / Repository / Mediator / CQRS / DDD with fewer
-  than 2–3 real call sites), unnecessary dependencies, redundant restate-the-code
-  comments, dead helpers, accidental complexity → remove.
-
-Fix with edits now; re-run the scan and the tests; then stop.
+  If it does NOT exist, skip Step A (not a failure; do not hunt for the file).
+
+Step B — canonical checklist (always):
+  Read `~/.agents/hooks/anti-slop.md` and apply ALL 13 items to every hunk you
+  changed this session. That file is the single source of truth for slop
+  detection — items 1–10 are structural/code, 11 is semantic contracts, 12 is
+  operational slop (retries, await-in-loop, telemetry spam), 13 is change
+  surface. Fix every hit; consolidate clones to one source of truth.
+
+Step C — session footprint (also in the header above):
+  If "Session footprint" shows >5 files or the request was simple, justify each
+  file or trim. Unjustified files are slop.
+
+Fix with edits now; re-run the scan (if Step A ran) and the tests; then stop.

package/linux/hooks/final-review.sh

@@ -1,8 +1,8 @@
 #!/usr/bin/env bash
 # final-review.sh - stop hook (Cursor, Linux).
 #
-# ONE comprehensive end-of-implementation review across four axes:
-# correctness, reliability, coverage, and anti-slop. When the agent finishes
+# ONE comprehensive end-of-implementation review across five axes:
+# intent, correctness, reliability, coverage, and anti-slop. When the agent finishes
 # an implementation that touched files, Cursor auto-submits this hook's
 # `followup_message` as the next user turn, so the model re-audits everything
 # it changed this session and FIXES what fails.
@@ -76,11 +76,11 @@ if [ -z "$body" ]; then
      released on every path, no races, input validated at the boundary.
   3. Coverage - behaviour-bearing changes have real tests; RUN the suite if present;
      no tautological tests.
-  4. Anti-slop - if ~/.cursor/skills/anti-slop/scripts/scan_slop.py exists, run
-     `python ~/.cursor/skills/anti-slop/scripts/scan_slop.py --all`; otherwise
-     apply ~/.agents/hooks/anti-slop.md to the session diff (a missing scanner
-     is not a failure). Consolidate clones/duplicates to one source of truth;
-     drop premature abstraction, unneeded deps, redundant comments, dead helpers.
+  4. Anti-slop - read ~/.agents/hooks/anti-slop.md and apply all 13 items to
+     the session diff. If ~/.cursor/skills/anti-slop/scripts/scan_slop.py exists,
+     run `python ~/.cursor/skills/anti-slop/scripts/scan_slop.py --all` first.
+     Consolidate clones; drop premature abstraction, unneeded deps, operational
+     slop (retries, await-in-loop, log spam), unjustified files.
 Fix now, re-run the scan + tests, then stop. If an axis is clean, say so in one line.'
 fi
 body="$(expand_agent_paths "$body")"

package/linux/hooks/hook-common.sh

@@ -159,6 +159,9 @@ try:
             q = m.group(1).strip()
             if len(q) > 2000:
                 q = q[:2000] + "..."
+            q = re.sub(r"\bnpm_[A-Za-z0-9]{10,}\b", "[REDACTED_NPM_TOKEN]", q)
+            q = re.sub(r"\b(sk-[A-Za-z0-9]{10,}|ghp_[A-Za-z0-9]{20,}|gho_[A-Za-z0-9]{20,})\b", "[REDACTED_TOKEN]", q)
+            q = re.sub(r"(?i)(api[_-]?key|token|secret|password)\s*[:=]\s*\S+", r"\1=[REDACTED]", q)
             print(q)
             break
 except Exception:
@@ -172,6 +175,7 @@ except Exception:
     printf '%s' "$reversed" |
         grep -m1 -oE '<user_query>[^<]*</user_query>' 2>/dev/null |
         sed -E 's@</?user_query>@@g' |
+        sed -E 's/\bnpm_[A-Za-z0-9]{10,}\b/[REDACTED_NPM_TOKEN]/g' |
         head -c 2000
 }
 

package/linux/hooks/subagent-stop-review.sh

@@ -4,7 +4,7 @@
 # Counterpart of final-review.sh for delegated work. afterFileEdit DOES fire
 # inside subagents (verified: a subagent run left its edits in
 # session-edits-<subagent-cid>.txt), but subagents get no `stop` event, so
-# that marker is never drained and the four-axis review never fires for
+# that marker is never drained and the five-axis review never fires for
 # delegated implementations. This hook closes the loop: when a subagent
 # finishes and ITS conversation has a session-edits marker, return ONE
 # followup_message so the subagent audits its own implementation before the

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "cursordoctrine",
-  "version": "0.2.0",
-  "description": "Thin self-review hooks for Cursor — the model is the auditor. One command installs the doctrine, the hook pack, and the anti-slop skill. Adds an intent-trace final-review axis that catches clean-code-wrong-feature (the worst AI slop).",
+  "version": "0.2.2",
+  "description": "Thin self-review hooks for Cursor — the model is the auditor. Intent-trace final review (Tier 0), unified 13-item anti-slop checklist, operational slop detection.",
   "bin": {
     "cursordoctrine": "bin/cli.mjs"
   },

package/skills/anti-slop/SKILL.md

@@ -223,10 +223,15 @@ management*, not token volume — one source of truth per concept.
 
 ## Automatic final review
 
-The `stop` hook (`anti-slop-final-review.ps1`) fires after the agent finishes
-an implementation that edited files: it returns a `followup_message` Cursor
-auto-submits, so the model re-audits everything it changed this session and
-removes slop it introduced — one bounded pass.
+The `stop` hook (`~/.agents/hooks/final-review.ps1` on Windows,
+`~/.agents/hooks/final-review.sh` on Linux) fires after the agent finishes an
+implementation that edited files. It extracts the last `<user_query>` from the
+session transcript (Tier 0 intent trace), reports session footprint (Tier 5),
+and auto-submits a `followup_message` so the model audits five axes: intent,
+correctness, reliability, coverage, anti-slop. Axis 4 delegates to this skill's
+scanner (`scan_slop.py --all`) and the canonical checklist at
+`~/.agents/hooks/anti-slop.md` (13 items, including semantic contracts,
+operational slop, and change surface). One bounded pass per implementation.
 
 ## Hard constraints
 
@@ -259,9 +264,11 @@ Diff: {before} → {after} lines.   Tests: {pass | n/a}
 | Install path | `~/.cursor/skills/anti-slop/` |
 | Invoke | `/anti-slop`, or "remove the AI slop" |
 | Scanner | `python scripts/scan_slop.py --all` |
-| Final review | automatic via `stop` hook |
+| Final review | automatic via `stop` hook (`final-review.ps1` / `final-review.sh`) |
+| Hook checklist | `~/.agents/hooks/anti-slop.md` (13 items; per-edit + final-review axis 4) |
 
 The scanner is stdlib-only and needs Python 3.9+. Pairs with the **anti-slop
-hook** (advisory, per edit), the **stop hook** (auto final review), and
-**minimal-editing** (smallest-diff). This skill is the active "delete it now"
-layer those only nudge toward.
+audit hook** (`anti-slop-audit.ps1` / `.sh`, advisory per edit), the **stop
+hook** (`final-review.ps1` / `.sh`, five-axis session review incl. intent
+trace), and **minimal-editing** (smallest-diff). This skill is the active
+"delete it now" layer those only nudge toward.

package/windows/hooks/anti-slop-audit.ps1

@@ -195,17 +195,14 @@ $checklist = ''
 if (Test-Path -LiteralPath $checklistFile) { $checklist = Get-Content -Raw -LiteralPath $checklistFile }
 if (-not $checklist) {
     $checklist = @'
-ANTI-SLOP SELF-REVIEW - audit the edit you just made and FIX (do not explain) any slop:
-  1. Edge cases beyond the happy path (null / empty / zero / boundary / error).
-  2. Duplicated logic that already exists in this repo - call it, do not re-implement.
-  3. Conventions - match the file's existing style / naming / structure / error-handling.
-  4. Unnecessary dependencies - remove libs the stdlib or an existing dep covers.
-  5. Premature abstraction - no Factory/Repository/Mediator/CQRS/DDD without 2-3 real call sites today.
-  6. Accidental complexity - flatten indirection a junior cannot read in 30s.
-  7. Tests assert real behaviour and edge cases, not just "it runs".
-  8. Cargo cult - delete any construct whose reason you cannot state.
-  9. Architecture - respect the project's layering and boundaries.
- 10. Redundant comments restating code - delete; keep only WHY.
+ANTI-SLOP — read ~/.agents/hooks/anti-slop.md (13 items). Fallback if missing:
+  1–10: edge cases, duplication, conventions, deps, premature abstraction,
+  accidental complexity, tests (no tautologies), cargo cult, architecture,
+  redundant comments / prompt residue.
+  11: semantic contracts (behavior change without name/signature change).
+  12: operational slop (retry w/o backoff, await-in-loop, telemetry spam).
+  13: change surface (too many files for a simple request).
+Fix guilty items now. Never revert what the user asked for.
 '@
 }
 

package/windows/hooks/anti-slop.md

@@ -1,56 +1,54 @@
-ANTI-SLOP SELF-REVIEW — you just edited a file. Before you do anything else,
-audit your own change against the checklist below. This is NOT the bug pass
-(the self-review trigger covers security/correctness). This is about *slop*:
-code that runs but should not ship.
-
-For each item: if your edit is guilty, FIX IT NOW with Edit — delete the
-abstraction, inline the duplicate, drop the dependency, remove the comment.
-Do not explain, do not report, just fix. If the edit is clean, say nothing.
-
-  1. EDGE CASES — Does it only handle the happy path? Check the null / empty /
-     zero / boundary / error inputs the task implies. An unhandled obvious
-     edge case is a bug waiting in production.
-
-  2. DUPLICATION — Did you write logic that already exists in this repo? Look
-     before you add. If it exists, call it; do not re-implement it.
-
-  3. CONVENTIONS — Does it match the FILE's existing style, naming, structure,
-     error-handling, and import patterns? Match the neighbours, not your
-     defaults.
-
-  4. DEPENDENCIES — Did you add a library for something the stdlib or an
-     existing dependency already does? Remove it. A new dependency must earn
-     its place.
-
-  5. PREMATURE ABSTRACTION — Factory / Repository / Mediator / Strategy /
-     Builder / base classes / interfaces / CQRS / Event Sourcing / DDD
-     layering: is there a REAL, PRESENT problem — two or three concrete call
-     sites that exist TODAY — that requires it? "For future flexibility" is
-     not a reason. Delete it and write the direct code. Abstraction debt is
-     layers without problems.
-
-  6. ACCIDENTAL COMPLEXITY — Could a junior read this in 30 seconds? Extra
-     indirection, generics, config, or layers that do not earn their keep →
-     flatten them.
-
-  7. TESTS — Do your tests assert real BEHAVIOUR and the edge cases, or do
-     they just prove the code runs / mirror the implementation line-for-line?
-     A test that cannot fail is slop. Make it verify outcomes.
-
-  8. CARGO CULT — Can you state WHY each non-obvious construct is there? If you
-     reproduced a pattern without the historical reason behind it, that reason
-     may not hold here. Remove what you cannot justify. Replicating a shape you
-     have seen is not the same as needing it.
-
-  9. ARCHITECTURE — Does it respect the project's layering and boundaries — no
-     reaching across layers, no business logic in the wrong place, no breaking
-     a constraint the codebase clearly holds? Honour the constraints.
-
- 10. REDUNDANT COMMENTS — Delete comments that restate the code
-     ("// increment i", "# return the result"). Keep only comments that
-     explain WHY, never WHAT.
-
-Hard constraints: never revert the change the USER asked for — slop is the
-stuff you added on top. Do not "improve" beyond removing slop. At most a few
-targeted edits, then stop. The bar: would this pass a senior review at a top
-engineering org without a single "why is this here?" comment.
+ANTI-SLOP SELF-REVIEW — you just edited a file (or you are auditing the
+session diff at final review). Code that runs but should not ship.
+
+Intent trace (Tier 0 — hallucinated requirements, scope drift) runs FIRST at
+stop via final-review axis 0, not here. This checklist covers code-shape and
+cost slop. Apply every item; if guilty, FIX with Edit — delete, inline, drop.
+Do not explain. If clean, say nothing.
+
+  1. EDGE CASES — Happy path only? Check null / empty / zero / boundary / error
+     inputs the task implies.
+
+  2. DUPLICATION — Logic that already exists in this repo? Call it; do not
+     re-implement. Same function in many files (isRecord-class) → one source.
+
+  3. CONVENTIONS — Match the FILE's style, naming, structure, error-handling,
+     imports. Not your defaults.
+
+  4. DEPENDENCIES — New library for something stdlib or an existing dep covers?
+     Remove it. A dependency must earn its place.
+
+  5. PREMATURE ABSTRACTION — Factory / Repository / Mediator / Strategy / Builder /
+     CQRS / Event Sourcing / DDD: is there a REAL problem with 2–3 call sites
+     TODAY? "Future flexibility" is not a reason. Delete and write direct code.
+
+  6. ACCIDENTAL COMPLEXITY — Could a junior read this in 30 seconds? Flatten
+     indirection, generics, config, layers that do not earn their keep.
+
+  7. TESTS (epistemic slop) — Assert real OUTCOMES and edge cases, not "it runs",
+     not a mirror of the implementation, not expect(true).toBe(true). A test
+     that cannot fail is slop.
+
+  8. CARGO CULT — Can you state WHY each non-obvious construct is there? Remove
+     what you cannot justify. A shape you have seen ≠ a shape you need.
+
+  9. ARCHITECTURE — Respect layering and boundaries. No reaching across layers,
+     no business logic in the wrong place, no breaking project constraints.
+
+ 10. REDUNDANT COMMENTS — Delete comments that restate the code ("// increment
+     i"). Keep only WHY, never WHAT. No prompt residue ("in a real app...").
+
+ 11. SEMANTIC CONTRACTS (Tier 1) — Did any existing function's BEHAVIOR change
+     without its name, signature, or docstring changing? Names are contracts.
+     deleteUser() that now soft-deletes is silent contract break.
+
+ 12. OPERATIONAL SLOP (Tier 3) — Retry loops without backoff/sleep/jitter?
+     await fetch / ctx.db / prisma inside a for/while/map? Six or more
+     console.log / print added in one edit? Token burn with no user value →
+     remove or bound.
+
+ 13. CHANGE SURFACE (Tier 5) — Did a simple request touch many files? Every
+     file in the diff must trace to the task. Trim unrelated hunks.
+
+Hard constraints: never revert what the USER asked for — slop is what got added
+on top. At most a few targeted edits, then stop.

package/windows/hooks/final-review.md

@@ -45,17 +45,23 @@ is present — sandboxed verify run, no transcript — skip this axis.)
 - Add the missing tests; delete tautological ones.
 
 ## 4. Anti-slop
-- If `~/.cursor/skills/anti-slop/scripts/scan_slop.py` exists (INSTALL.md step 2
-  copies it there), run the whole-codebase duplication scan:
+Axis 0 already caught intent drift. This axis catches code-shape and cost slop
+across the whole session diff.
+
+Step A — mechanical scan (if available):
+  If `~/.cursor/skills/anti-slop/scripts/scan_slop.py` exists, run:
     python ~/.cursor/skills/anti-slop/scripts/scan_slop.py --all
-  If it does NOT exist, do not treat that as a failure and do not hunt for the
-  file: apply the checklist in `~/.agents/hooks/anti-slop.md` to the session
-  diff and look for duplicate function bodies in the files you touched.
-- Either way, consolidate clones: same function in many files / identical bodies
-  (the isRecord-class) → ONE shared definition, re-point imports, delete the
-  copies.
-- Premature abstraction (Factory / Repository / Mediator / CQRS / DDD with fewer
-  than 2–3 real call sites), unnecessary dependencies, redundant restate-the-code
-  comments, dead helpers, accidental complexity → remove.
-
-Fix with edits now; re-run the scan and the tests; then stop.
+  If it does NOT exist, skip Step A (not a failure; do not hunt for the file).
+
+Step B — canonical checklist (always):
+  Read `~/.agents/hooks/anti-slop.md` and apply ALL 13 items to every hunk you
+  changed this session. That file is the single source of truth for slop
+  detection — items 1–10 are structural/code, 11 is semantic contracts, 12 is
+  operational slop (retries, await-in-loop, telemetry spam), 13 is change
+  surface. Fix every hit; consolidate clones to one source of truth.
+
+Step C — session footprint (also in the header above):
+  If "Session footprint" shows >5 files or the request was simple, justify each
+  file or trim. Unjustified files are slop.
+
+Fix with edits now; re-run the scan (if Step A ran) and the tests; then stop.

package/windows/hooks/final-review.ps1

@@ -1,7 +1,7 @@
 # final-review.ps1 - stop hook (Cursor).
 #
-# ONE comprehensive end-of-implementation review across four axes:
-# correctness, reliability, coverage, and anti-slop. When the agent finishes an
+# ONE comprehensive end-of-implementation review across five axes:
+# intent, correctness, reliability, coverage, and anti-slop. When the agent finishes an
 # implementation that touched files, Cursor auto-submits this hook's
 # `followup_message` as the next user turn, so the model re-audits everything it
 # changed this session and FIXES what fails - the model-as-auditor pattern over
@@ -86,11 +86,11 @@ FINAL REVIEW - audit everything you changed this session and FIX what fails
      released on every path, no races, input validated at the boundary.
   3. Coverage - behaviour-bearing changes have real tests; RUN the suite if present;
      no tautological tests.
-  4. Anti-slop - if ~/.cursor/skills/anti-slop/scripts/scan_slop.py exists, run
-     `python ~/.cursor/skills/anti-slop/scripts/scan_slop.py --all`; otherwise
-     apply ~/.agents/hooks/anti-slop.md to the session diff (a missing scanner
-     is not a failure). Consolidate clones/duplicates to one source of truth;
-     drop premature abstraction, unneeded deps, redundant comments, dead helpers.
+  4. Anti-slop - read ~/.agents/hooks/anti-slop.md and apply all 13 items to
+     the session diff. If ~/.cursor/skills/anti-slop/scripts/scan_slop.py exists,
+     run `python ~/.cursor/skills/anti-slop/scripts/scan_slop.py --all` first.
+     Consolidate clones; drop premature abstraction, unneeded deps, operational
+     slop (retries, await-in-loop, log spam), unjustified files.
 Fix now, re-run the scan + tests, then stop. If an axis is clean, say so in one line.
 '@
 }

package/windows/hooks/hook-common.ps1

@@ -73,7 +73,17 @@ function Resolve-AgentPath([string]$p) {
     return ConvertTo-FwdPath $p
 }
 
-# Extract the last user <user_query> from a Cursor transcript JSONL. The
+# Strip secrets from text before embedding in agent-facing followups. Intent
+# trace must not re-broadcast tokens the user pasted in chat.
+function Redact-SecretsFromIntent([string]$text) {
+    if (-not $text) { return $text }
+    $text = $text -replace '\bnpm_[A-Za-z0-9]{10,}\b', '[REDACTED_NPM_TOKEN]'
+    $text = $text -replace '\b(sk-[A-Za-z0-9]{10,}|ghp_[A-Za-z0-9]{20,}|gho_[A-Za-z0-9]{20,})\b', '[REDACTED_TOKEN]'
+    $text = $text -replace '(?i)(api[_-]?key|token|secret|password)\s*[:=]\s*\S+', '$1=[REDACTED]'
+    return $text
+}
+
+# Extract the last user <user_query> from a Cursor transcript JSONL.
 # transcript is an array of {role, message} records; we walk backward from the
 # end, find the last user turn whose content has a <user_query> tag, and return
 # its text. Returns '' if there is no transcript or no user_query. Capped at
@@ -108,7 +118,7 @@ function Get-LastUserQuery($obj) {
         if ($text -match '(?s)<user_query>\s*(.+?)\s*</user_query>') {
             $q = $Matches[1].Trim()
             if ($q.Length -gt 2000) { $q = $q.Substring(0, 2000) + '...' }
-            return $q
+            return (Redact-SecretsFromIntent $q)
         }
     }
     return ''

package/windows/hooks/subagent-stop-review.ps1

@@ -3,7 +3,7 @@
 # Counterpart of final-review.ps1 for delegated work. afterFileEdit DOES fire
 # inside subagents (verified: a poteto subagent run left ~58 entries in
 # session-edits-<subagent-cid>.txt), but subagents get no `stop` event, so
-# that marker is never drained and the four-axis review never fires for
+# that marker is never drained and the five-axis review never fires for
 # delegated implementations. This hook closes the loop: when a subagent
 # finishes and ITS conversation has a session-edits marker, return ONE
 # followup_message so the subagent audits its own implementation before the