cursordoctrine 0.4.1 → 0.4.3

package/INSTALL.md

@@ -109,7 +109,7 @@ Also validate the config: `~/.cursor/hooks.json` must parse as JSON.
 
 1. Restart Cursor (hooks.json is read at startup).
 2. Open any project and start a new agent chat. The doctrine should be in context — ask the agent "what does your doctrine say about diffs?" and it should answer from §2; ask "what is the Anchor Set?" and it should answer from `pre-compile.md` (Objective / Constraints / Scope / Deterministic success).
-3. Have the agent make a small edit to a tracked file. On the next turn it should receive a `SELF-REVIEW TRIGGER` message, and (if it's the first edit of the implementation) a `PRE-COMPILE NUDGE` reminder to write its Anchor Set to `.scope.json`.
+3. Have the agent make a small edit to a tracked file. On the next turn it should receive a `SELF-REVIEW TRIGGER` message, and (if it's the first edit of that turn) a `PRE-COMPILE NUDGE` reminder to write its Anchor Set to `.scope.json`. The nudge re-fires on the first edit of each new turn.
 4. Ask the agent to run `git push --force` (in a throwaway repo). The permission gate must block it.
 5. Finish a small implementation and stop. A single `FINAL REVIEW` follow-up should fire — exactly once.
 6. Delegate a small edit to a subagent (e.g. ask the agent to "use a generalPurpose subagent to add a comment to <file>"). The subagent should receive one `SUBAGENT FINAL REVIEW` follow-up before returning, and the parent should see `SUBAGENT WORK DETECTED` at its next tool boundary. (`subagentStop` is only read at startup — if nothing fires, restart Cursor again.)
@@ -120,4 +120,4 @@ Also validate the config: `~/.cursor/hooks.json` must parse as JSON.
 
 Tell the user what was installed, which checks passed, and anything that failed with the exact error. Do not silently work around a failing check.
 
-Kill switches if something misbehaves: `HOOKS_ENFORCE=0` (everything advisory off), `PERM_GATE_ENFORCE=0`, `ANCHOR_NUDGE_ENFORCE=0` (pre-compile nudge off), `MINIMAL_EDITING_ENFORCE=0` (deprecated in 0.3.0), `SEMANTIC_DENSITY_ENFORCE=0`, `SCOPE_GATE_ENFORCE=0`, `ANTI_SLOP_ENFORCE=0`, `FINAL_REVIEW_ENFORCE=0`, `SUBAGENT_REVIEW_ENFORCE=0`.
+Kill switches if something misbehaves: `HOOKS_ENFORCE=0` (everything advisory off), `PERM_GATE_ENFORCE=0`, `ANCHOR_NUDGE_ENFORCE=0` (pre-compile nudge off), `INTENT_ANCHOR_ENFORCE=0` (thin-intent re-injection off), `MINIMAL_EDITING_ENFORCE=0` (deprecated in 0.3.0), `SEMANTIC_DENSITY_ENFORCE=0`, `SCOPE_GATE_ENFORCE=0`, `ANTI_SLOP_ENFORCE=0`, `FINAL_REVIEW_ENFORCE=0`, `SUBAGENT_REVIEW_ENFORCE=0`.

package/README.md

@@ -21,7 +21,7 @@
 
 Cursor hooks that make the agent review its own edits without bolting a static-analysis pipeline onto every keystroke. No regex army, no scoring engine. Four jobs:
 
-1. **Compile intent before coding** (proactive) — at session start the agent gets the doctrine plus the **Anchor Set** discipline (`pre-compile.md`): before writing code it must emit *Objective / Constraints / Scope / Deterministic success*, and write that contract to `.scope.json`. On the first edit of each implementation a `anchor-set-nudge` advisory fires to catch intent dilution at token ~50 instead of waiting for the stop-hook review at token ~5000.
+1. **Compile intent before coding** (proactive) — at session start the agent gets the doctrine plus the **Anchor Set** discipline (`pre-compile.md`): before writing code it must emit *Objective / Constraints / Scope / Deterministic success*, and write that contract to `.scope.json`. On the first edit of each agent turn a `anchor-set-nudge` advisory fires to catch intent dilution at token ~50 instead of waiting for the stop-hook review at token ~5000.
 2. **Inject the doctrine** at session start — every chat starts with the same short governing text (`doctrine.md`, `USER-RULES.md`, `declared-editing.md` the YAGNI ultra ladder, and `pre-compile.md` the thin intent-compilation phase).
 3. **Hand the model its own edits back** (reactive) — after each agent edit, a self-review prompt goes into a pending file (plus semantic-density, scope-gate, anti-slop, and the pre-compile nudge advisories when they trip). Next turn the model reads its diff, fixes real bugs, stays quiet otherwise.
 4. **Gate blast radius** — one permission gate denies a short explicit list of dangerous commands (`rm -rf /`, `curl | sh`, force-push, `npm publish`, ...). Everything else passes.
@@ -90,18 +90,29 @@ Two machine-checkable consequences:
 - **`scope-gate-audit`** (afterFileEdit, opt-in via `.scope.json` existing) audits every edit against `files[]` and quotes `intent` + `acceptance` back on a violation. Editing outside the declared set is the textbook scope-creep signal.
 - **final-review axis 0** (intent trace) traces every diff hunk back to `intent`. Anything untraceable is a hallucinated requirement.
 
-On the **first edit of each implementation**, `anchor-set-nudge` drops a reminder into the feedback bus: *did you write your Anchor Set to `.scope.json`?* One nudge per body of work — the flag is cleared at the same per-implementation boundary where the final-review one-shot brake fires, so a long chat with N implementations gets N nudges.
+On the **first edit of each agent turn**, `anchor-set-nudge` drops a reminder into the feedback bus: *did you write your Anchor Set to `.scope.json`?* One nudge per turn — the latch is armed on that first edit and cleared **unconditionally** by the stop hook on every turn boundary, so the next turn re-earns its nudge. A long chat with N turns gets up to N nudges, and the latch can never get stranded silenced mid-session.
 
 The Anchor Set is skipped for trivial one-liners (typo, literal) — the `declared-editing.md` ladder's rung 1 governs when it's overkill.
 
+### Keeping the contract alive: `intent-anchor` (anti-Salience-Dilution)
+
+Writing `.scope.json` once is not enough. As a conversation fills with code, logs and errors, the token of the original request shrinks to a rounding error against the recent history — *Salience Dilution* — and the agent stops checking the contract it wrote at prompt 1. It forgets symmetry, colors, the acceptance bar. This is the failure mode the nudge alone can't fix (a reminder that the contract exists ≠ the contract being in context).
+
+`intent-anchor` (`postToolUse`, registered first so it runs before `post-tool-use` drains the bus) does two things on the **first tool boundary of every turn** (per-turn latch, cleared unconditionally at each stop):
+
+1. **Re-inject the contract.** Reads `.scope.json` and stashes `intent` + `files` + `acceptance` into the feedback bus, which `post-tool-use` delivers as `additional_context`. The contract is back in the model's attentional focus at the start of each turn's work — **before** edits pile up and dilute it. This runs unconditionally (no transcript needed); it's the core anti-dilution move.
+2. **Re-compile on prompt change.** Hashes the current `<user_query>` and compares to the previous turn's hash (`last-query-<cid>.hash`, which persists across turns). If the request moved, it demands the agent **update** `.scope.json` to match — the scope tracks the request. If no `.scope.json` exists, it demands one be written. (Needs `transcript_path` in the payload; if absent this part degrades to silent but the re-injection still runs.)
+
+Crucially, `intent-anchor` carries the **semantic** contract (`intent`/`acceptance`) into context every turn — something the path-only `scope-gate-audit` can never do. That is what makes "the agent forgot about grid symmetry while editing the right file" catchable: the symmetry requirement is re-stated in front of the model before each edit, not just checked against a file list after.
+
 ## The five flows
 
 | Flow | Event | What happens |
 |---|---|---|
 | Session | `sessionStart` | `inject-doctrine` reads doctrine + user rules + declared-editing + **pre-compile** and emits them as `additional_context`. |
-| Every turn | `postToolUse` | Folds completed subagents' edit markers into this conversation's marker, then drains the conversation's pending feedback file into `additional_context`. One-shot, keyed by conversation id. |
+| Every turn | `postToolUse` | **`intent-anchor`** (registered first) re-injects `.scope.json` into `additional_context` at the first tool boundary of each turn — the anti-Salience-Dilution move that keeps `intent` + `acceptance` in the model's attentional focus before edits pile up. If the prompt changed since last turn, it demands the contract be updated. Then `post-tool-use` folds subagent markers and drains the feedback file. |
 | Shell | `beforeShellExecution` | `permission-gate` checks the command against a deny list. Allow by default, deny by list, fail open. |
-| Edit | `afterFileEdit` + `stop` | **Proactive:** `anchor-set-nudge` fires once per implementation to push the Anchor Set. **Reactive:** `self-review-trigger` stashes the review prompt per edit; `minimal-edit-audit` (deprecated), `semantic-density-audit`, `scope-gate-audit` (opt-in, audits `.scope.json`), and `anti-slop-audit` append advisories when they trip; `final-review` fires one end-of-implementation six-axis pass. |
+| Edit | `afterFileEdit` + `stop` | **Proactive:** `anchor-set-nudge` fires once per turn (on its first edit) to push the Anchor Set. **Reactive:** `self-review-trigger` stashes the review prompt per edit; `minimal-edit-audit` (deprecated), `semantic-density-audit`, `scope-gate-audit` (opt-in, audits `.scope.json`), and `anti-slop-audit` append advisories when they trip; `final-review` fires one end-of-implementation six-axis pass. |
 | Subagent | `subagentStop` | `subagent-stop-review` fires one in-subagent final review when a delegated run edited files, before the result returns to the parent. Marker-gated and flag-braked like `final-review`. |
 
 ## Layout
@@ -137,6 +148,7 @@ All hooks fail open and always exit 0. Nothing here can block your session.
 | `HOOKS_ENFORCE=0` | on | turns off all advisory hooks at once |
 | `PERM_GATE_ENFORCE=0` | on | disables the permission gate |
 | `ANCHOR_NUDGE_ENFORCE=0` | on | disables the pre-compile nudge (first-edit Anchor Set reminder) |
+| `INTENT_ANCHOR_ENFORCE=0` | on | disables the thin-intent re-injection (per-turn `.scope.json` echo into `additional_context`) |
 | `MINIMAL_EDITING_ENFORCE=0` | on | disables the over-edit advisory (deprecated in 0.3.0) |
 | `SCOPE_GATE_ENFORCE=0` | on | disables the declared-scope advisory (opt-in: only fires when `.scope.json` exists) |
 | `SEMANTIC_DENSITY_ENFORCE=0` | on | disables the semantic-opacity advisory |
@@ -150,7 +162,7 @@ All hooks fail open and always exit 0. Nothing here can block your session.
 
 - **State lives under `$HOME`**, in `~/.cursor/.hooks-pending/`, keyed by conversation id. No repo litter. Concurrent sessions can't drain each other's prompts. Stale state older than 7 days gets swept on every stop.
 - **`afterFileEdit` output isn't consumed by Cursor**, so edit hooks write to a pending file and `post-tool-use` re-emits it at the next tool boundary. That's the whole message bus.
-- **One review per implementation.** The stop hook arms a per-conversation flag before emitting its follow-up, so a crash can't re-fire it and a long chat still gets a review after each implementation. The `anchor-set-nudge` flag and the review flag clear together at that boundary — one nudge + one review per body of work.
+- **One review per implementation.** The stop hook arms a per-conversation flag before emitting its follow-up, so a crash can't re-fire it and a long chat still gets a review after each implementation. The `anchor-set-nudge` latch is separate and simpler: it's cleared **unconditionally** on every stop, so the nudge re-fires on the first edit of each new turn and can never get stranded silenced mid-session.
 - **The `.scope.json` contract is opt-in.** No `.scope.json` in the repo root → `scope-gate-audit` stays silent and the system falls back to the `declared-editing` ladder plus the final-review footprint check. Writing the file is how the agent opts into a machine-checked scope.
 - **Subagents are first-class.** `afterFileEdit` fires inside subagents keyed by the subagent's conversation id. The harness normalizes agent edits (incl. `StrReplace`) to tool type `Write`, and `postToolUse` never fires for the `Task` tool — verified by payload capture. Matchers cover `Write|StrReplace|EditNotebook` defensively. `subagentStop` reviews the subagent in its own context. The parent folds orphaned subagent markers (from the `subagents/` transcript directory) into its own at every tool boundary and at stop.
 

package/bin/cli.mjs

@@ -263,19 +263,84 @@ function verify() {
     return true;
   });
 
-  check('anchor-set nudge fires on first edit, then goes quiet', () => {
-    // First edit of the implementation -> the pre-compile nudge stashes its
-    // advisory in the pending feedback bus and arms the one-shot flag.
-    const first = runHook(hook('anchor-set-nudge'), { conversation_id: 'npxv3', file_path: join(HOME, 'x.py') });
-    if (!first.includes('additional_context') || !first.includes('PRE-COMPILE NUDGE')) {
-      // anchor-set-nudge appends to feedback-<cid>.txt (the shared bus) rather
-      // than emitting JSON directly; drain it the same way post-tool-use does.
-      const drained = runHook(hook('post-tool-use'), { conversation_id: 'npxv3' });
-      if (!drained.includes('PRE-COMPILE NUDGE')) return { ok: false, detail: 'nudge did not reach the feedback bus on first edit' };
+  check('anchor-set nudge fires once per turn, stop re-arms it', () => {
+    // anchor-set-nudge appends to feedback-<cid>.txt (the shared bus) rather
+    // than emitting JSON directly; drain it the same way post-tool-use does.
+    const drainedOf = (cidv) => runHook(hook('post-tool-use'), { conversation_id: cidv });
+
+    // --- Turn 1 -------------------------------------------------------------
+    // First edit -> nudge stashes into the feedback bus and arms the latch.
+    runHook(hook('anchor-set-nudge'), { conversation_id: 'npxv3', file_path: join(HOME, 'x.py') });
+    if (!drainedOf('npxv3').includes('PRE-COMPILE NUDGE')) {
+      return { ok: false, detail: 'nudge did not reach the feedback bus on first edit' };
     }
-    // Second edit -> flag is armed, nudge must stay silent.
-    const second = runHook(hook('anchor-set-nudge'), { conversation_id: 'npxv3', file_path: join(HOME, 'y.py') });
-    if (second.includes('PRE-COMPILE NUDGE')) return { ok: false, detail: 'nudge re-fired on second edit (flag not gating)' };
+    // Second edit same turn -> latch armed, nudge must stay silent.
+    runHook(hook('anchor-set-nudge'), { conversation_id: 'npxv3', file_path: join(HOME, 'y.py') });
+    if (drainedOf('npxv3').includes('PRE-COMPILE NUDGE')) {
+      return { ok: false, detail: 'nudge re-fired on second edit (latch not gating)' };
+    }
+    // End of turn: final-review clears the latch unconditionally. Drive a
+    // review-less stop (no session-edits marker) so it hits the clear path and
+    // exits {}, same as a turn that produced no reviewable edits.
+    const stopOut = runHook(hook('final-review'), { conversation_id: 'npxv3', status: 'completed' });
+    if (stopOut !== '{}' && stopOut.replace(/\s/g, '') !== '{}') {
+      // A review fired (fine - the earlier edit left a session-edits marker via
+      // self-review-trigger if one ran). What matters is the latch got cleared;
+      // we verify that with the next-turn re-fire below.
+    }
+    // --- Turn 2 -------------------------------------------------------------
+    // First edit of the NEXT turn -> latch was cleared at the stop boundary, so
+    // the nudge MUST re-fire. This is the regression that 0.4.0 shipped broken:
+    // the latch only cleared on the fragile second-stop path, so it stranded
+    // and the nudge went permanently silent mid-session.
+    runHook(hook('anchor-set-nudge'), { conversation_id: 'npxv3', file_path: join(HOME, 'z.py') });
+    if (!drainedOf('npxv3').includes('PRE-COMPILE NUDGE')) {
+      return { ok: false, detail: 'nudge did NOT re-fire on the next turn (latch stranded at the stop boundary)' };
+    }
+    return true;
+  });
+
+  check('intent-anchor re-injects .scope.json every turn; latch re-arms at stop', () => {
+    // intent-anchor appends to feedback-<cid>.txt (the shared bus); drain via
+    // post-tool-use the same way the harness delivers additional_context.
+    const drainedOf = (cidv) => runHook(hook('post-tool-use'), { conversation_id: cidv });
+    const anchorCid = 'npxv4';
+    const scopePath = join(HOME, '.scope.json');
+
+    const cleanup = () => { try { rmSync(scopePath, { force: true }); } catch {} };
+    cleanup();
+
+    // --- Case A: no .scope.json -> demand one be written --------------
+    runHook(hook('intent-anchor'), { conversation_id: anchorCid, cwd: HOME });
+    let d = drainedOf(anchorCid);
+    if (!d.includes('INTENT ANCHOR') || !d.includes('NOT compiled your Anchor Set')) {
+      cleanup(); return { ok: false, detail: 'no-scope branch did not demand compilation' };
+    }
+
+    // --- Stop clears the latch (the regression path from 0.4.1) -------
+    runHook(hook('final-review'), { conversation_id: anchorCid, status: 'completed' });
+
+    // --- Case B: scope exists -> re-inject contract every turn --------
+    writeFileSync(scopePath, JSON.stringify({
+      intent: 'fix grid symmetry and color tokens',
+      files: ['src/grid.tsx'],
+      acceptance: 'grid renders symmetric; tokens match palette',
+    }));
+    // Turn 2 (no transcript in sandbox -> query unavailable -> re-inject branch).
+    runHook(hook('intent-anchor'), { conversation_id: anchorCid, cwd: HOME });
+    d = drainedOf(anchorCid);
+    if (!d.includes('fix grid symmetry and color tokens') || !d.includes('INTENT ANCHOR')) {
+      cleanup(); return { ok: false, detail: 'contract not re-injected on turn 2' };
+    }
+
+    // --- Stop clears the latch again; turn 3 must re-inject too -------
+    runHook(hook('final-review'), { conversation_id: anchorCid, status: 'completed' });
+    runHook(hook('intent-anchor'), { conversation_id: anchorCid, cwd: HOME });
+    d = drainedOf(anchorCid);
+    if (!d.includes('fix grid symmetry and color tokens')) {
+      cleanup(); return { ok: false, detail: 'contract not re-injected on turn 3 (latch stranded at stop)' };
+    }
+    cleanup();
     return true;
   });
 
@@ -389,6 +454,7 @@ Kill switches (environment variables, all hooks fail open)
   HOOKS_ENFORCE=0              everything advisory off
   PERM_GATE_ENFORCE=0          permission gate off
   ANCHOR_NUDGE_ENFORCE=0       pre-compile nudge off (first-edit Anchor Set reminder)
+  INTENT_ANCHOR_ENFORCE=0      thin-intent re-injection off (per-turn .scope.json echo)
   MINIMAL_EDITING_ENFORCE=0    over-edit advisory off (deprecated in 0.3.0)
   SEMANTIC_DENSITY_ENFORCE=0   semantic-opacity advisory off
   SCOPE_GATE_ENFORCE=0         declared-scope advisory off

package/linux/hooks/anchor-set-nudge.sh

@@ -2,20 +2,20 @@
 # anchor-set-nudge.sh - afterFileEdit "pre-compile" nudge (Cursor, Linux).
 #
 # Proactive counterpart to the reactive audits. On the FIRST file edit of an
-# implementation (per conversation), remind the agent to compile its Anchor Set
-# (pre-compile.md) and write .scope.json BEFORE piling on more code. The
-# reactive stack (self-review, anti-slop, final-review) only fires AFTER code
-# exists; this nudge catches intent dilution at token ~50, not at the ~5000 of
-# the stop-hook axis 0. A clean final review of the wrong feature is still the
-# wrong feature - the Anchor Set exists so the right feature is on the rails
-# from the first edit.
+# agent turn, remind the agent to compile its Anchor Set (pre-compile.md) and
+# write .scope.json BEFORE piling on more code. The reactive stack (self-review,
+# anti-slop, final-review) only fires AFTER code exists; this nudge catches
+# intent dilution at token ~50, not at the ~5000 of the stop-hook axis 0. A
+# clean final review of the wrong feature is still the wrong feature - the
+# Anchor Set exists so the right feature is on the rails from the first edit.
 #
-# One-shot PER IMPLEMENTATION, not per session: gated by an
-# anchor-declared-<cid>.flag in the pending dir. That flag is cleared by
-# final-review.sh / subagent-stop-review.sh at the SAME per-implementation
-# boundary where they clear session-edits-<cid>.txt and reviewed-<cid>.flag
-# (the stop after a review pass). So a long conversation with N implementations
-# gets N nudges, not one - every new body of work re-earns the reminder.
+# Fires ONCE PER TURN (per conversation): gated by an anchor-declared-<cid>.flag
+# in the pending dir, armed here on first edit and cleared UNCONDITIONALLY by
+# final-review.sh / subagent-stop-review.sh on every stop. So a long
+# conversation with N turns gets up to N nudges - every new turn re-earns the
+# reminder on its first edit. The clear is unconditional (not gated on the
+# reviewed-flag path) so the latch can never get stranded silenced mid-session,
+# which would silently stop reminding the agent to write .scope.json.
 #
 # Advisory only: never blocks, never reads the diff, ALWAYS exits 0. Appends to
 # the shared feedback-<cid>.txt bus; post-tool-use.sh delivers it next turn.

package/linux/hooks/final-review.sh

@@ -37,15 +37,24 @@ pending_dir="$(hooks_pending_dir)"
 marker="$pending_dir/session-edits-$cid.txt"
 flag="$pending_dir/reviewed-$cid.flag"
 anchor_flag="$pending_dir/anchor-declared-$cid.flag"
+intent_latch="$pending_dir/intent-injected-$cid.flag"
 
 # Sweep state from sessions that died before their stop hook ran.
 find "$pending_dir" -maxdepth 1 -type f -mtime +7 -delete 2>/dev/null
 
+# Unconditionally clear the per-turn latches so the next turn re-fires. Every
+# stop is a turn boundary; clearing here (not only inside the reviewed-flag
+# block below) guarantees these re-fire on the first edit/tool of the NEXT
+# turn and can never get stranded silenced mid-session:
+#   - anchor-declared-<cid>.flag  (anchor-set-nudge, first-edit reminder)
+#   - intent-injected-<cid>.flag  (intent-anchor, first-tool re-injection)
+# last-query-<cid>.hash is NOT cleared here - it persists turn-to-turn so
+# intent-anchor can detect prompt changes; the 7-day sweep above reaps it.
+rm -f "$anchor_flag" "$intent_latch" 2>/dev/null
+
 # One-shot brake: the previous stop for this conversation emitted the review.
-# Also clear anchor-declared-<cid>.flag so the pre-compile nudge re-fires for
-# the NEXT implementation (one nudge per body of work, not per session).
 if [ -f "$flag" ]; then
-    rm -f "$flag" "$marker" "$anchor_flag" 2>/dev/null
+    rm -f "$flag" "$marker" 2>/dev/null
     emit_none
 fi
 

package/linux/hooks/intent-anchor.sh

@@ -0,0 +1,185 @@
+#!/usr/bin/env bash
+# intent-anchor.sh - postToolUse "thin intent compilation" anchor (Cursor, Linux).
+#
+# Counteracts Salience Dilution: the failure mode where the agent's original
+# intent erodes as the conversation fills with code, logs and errors, until the
+# token of the original request is a rounding error against the recent history
+# and the agent drifts ("forgets" symmetry, colors, the .scope.json it wrote at
+# prompt 1). Two jobs, both on the FIRST tool boundary of each turn (per-turn
+# latch intent-injected-<cid>.flag, armed here, cleared at every stop):
+#
+#   1. RE-INJECT .scope.json (the core anti-dilution move): read the contract
+#      (intent + files + acceptance) and stash it in the feedback bus so
+#      post-tool-use.sh delivers it as additional_context at the next tool
+#      boundary. This puts the contract back in the model's attentional focus
+#      at the START of each turn's work, before edits pile up and dilute the
+#      original intent. Works UNCONDITIONALLY - no transcript needed.
+#
+#   2. RE-COMPILE ON PROMPT CHANGE: hash the current <user_query> (via
+#      extract_last_user_query, which reads the transcript) and compare to
+#      last-query-<cid>.hash. If they differ, demand the agent UPDATE
+#      .scope.json to match the new request. If no .scope.json exists, demand
+#      one be written. The scope tracks the request - when the request moves,
+#      the scope moves with it. This part needs transcript_path in the payload;
+#      if it is absent the hook degrades to silent on change-detection but the
+#      re-injection above still runs.
+#
+# Why postToolUse, not afterFileEdit: afterFileEdit only fires AFTER an edit
+# exists, and Cursor has no preToolUse for file edits. postToolUse fires after
+# EVERY tool (Read/Glob/Bash/Write/...), so its first fire of a turn is the
+# earliest moment the agent has begun working - typically right after the first
+# Read/Glob, before any edit. Best available injection point for "before files".
+#
+# Once per turn: latch armed on first fire, cleared UNCONDITIONALLY at every
+# stop (final-review.sh). Cannot strand silenced mid-session. Registered first
+# in the postToolUse array so it appends to the feedback bus before
+# post-tool-use.sh drains it (same-tool delivery; if reordered, delivery slips
+# one tool - still correct).
+#
+# Advisory only: never blocks, never reads the diff, ALWAYS exits 0. Appends to
+# the shared feedback-<cid>.txt bus. Disable: HOOKS_ENFORCE=0 or INTENT_ANCHOR_ENFORCE=0.
+
+set +e
+. "$(dirname "$0")/hook-common.sh"
+
+[ "${HOOKS_ENFORCE:-}" = "0" ] && exit 0
+[ "${INTENT_ANCHOR_ENFORCE:-}" = "0" ] && exit 0
+
+input="$(read_hook_stdin)"
+[ -n "$input" ] || exit 0
+
+cid="$(safe_conversation_id "$input")"
+pending_dir="$(hooks_pending_dir)"
+latch="$pending_dir/intent-injected-$cid.flag"
+hash_file="$pending_dir/last-query-$cid.hash"
+
+# Already injected this turn -> quiet. Latch cleared at every stop.
+[ -f "$latch" ] && exit 0
+
+# --- current request (best-effort; absent in sandboxed runs) -----------------
+current_query="$(extract_last_user_query "$input")"
+has_query=0
+[ -n "$current_query" ] && has_query=1
+
+current_hash=""
+prompt_changed=0
+if [ "$has_query" = "1" ]; then
+    if command -v sha256sum >/dev/null 2>&1; then
+        current_hash="$(printf '%s' "$current_query" | sha256sum | awk '{print $1}')"
+    elif command -v shasum >/dev/null 2>&1; then
+        current_hash="$(printf '%s' "$current_query" | shasum -a 256 | awk '{print $1}')"
+    fi
+    prev_hash=""
+    [ -f "$hash_file" ] && prev_hash="$(cat "$hash_file" 2>/dev/null)"
+    [ "$current_hash" != "$prev_hash" ] && prompt_changed=1
+fi
+
+# --- repo root (same resolution as scope-gate-audit.sh) ----------------------
+root=""
+while IFS= read -r cand; do
+    [ -n "$cand" ] && [ -d "$cand" ] && { root="${cand%/}"; break; }
+done <<EOF
+$(json_get "$input" cwd)
+$(json_get_array "$input" workspace_roots)
+EOF
+[ -n "$root" ] || root="${CURSOR_PROJECT_DIR:-$HOME}"
+root="${root%/}"
+
+# --- read the existing contract (if any) -------------------------------------
+scope_exists=0
+scope_intent=""
+scope_acceptance=""
+scope_files=""
+scope_path="$root/.scope.json"
+if [ -f "$scope_path" ]; then
+    # Prefer jq; fall back to python3 (mirrors hook-common.sh degrade policy).
+    if have_jq; then
+        scope_intent="$(jq -r '.intent // empty' "$scope_path" 2>/dev/null)"
+        scope_acceptance="$(jq -r '.acceptance // empty' "$scope_path" 2>/dev/null)"
+        scope_files="$(jq -r '(.files // []) | join(", ")' "$scope_path" 2>/dev/null)"
+        scope_exists=1
+    elif have_py; then
+        read -r scope_intent scope_acceptance scope_files <<EOF
+$(python3 -c '
+import json, sys
+try:
+    d = json.load(open(sys.argv[1]))
+    print(d.get("intent","") or "")
+    print(d.get("acceptance","") or "")
+    print(", ".join(d.get("files",[]) or []))
+except Exception:
+    sys.exit(1)
+' "$scope_path" 2>/dev/null)
+EOF
+        [ $? -eq 0 ] && scope_exists=1 || scope_exists=0
+    fi
+fi
+
+# --- compose the anchor message ---------------------------------------------
+if [ "$has_query" = "1" ]; then
+    query_line="$current_query"
+else
+    query_line="(current request unavailable - no transcript in this event)"
+fi
+
+if [ "$scope_exists" != "1" ]; then
+    msg="INTENT ANCHOR (pre-compile) - no .scope.json found in $root.
+
+Current request:
+  $query_line
+
+You have NOT compiled your Anchor Set. Before editing files, write .scope.json
+in the repo root:
+  intent:     one operational sentence (what is strictly necessary)
+  files:      the exact files you will touch
+  acceptance: the one deterministic check that decides done
+
+Compile it now, then proceed. The scope tracks the request - it is how you stay
+on the rails when the conversation gets long."
+elif [ "$prompt_changed" = "1" ]; then
+    msg="INTENT ANCHOR (pre-compile) - your request changed; .scope.json may be stale.
+
+Current request:
+  $query_line
+
+Your existing contract (.scope.json):
+  intent:     $scope_intent
+  files:      $scope_files
+  acceptance: $scope_acceptance
+
+If the current request differs from the intent above, UPDATE .scope.json now
+to match what was just asked. When the request moves, the scope moves with it -
+do not edit against a contract written for a different request."
+else
+    # Same prompt continuing (or query unavailable) -> re-inject the contract.
+    if [ "$has_query" = "1" ]; then
+        drift_note="Every edit this turn must advance intent and stay inside files. acceptance is the bar for done."
+    else
+        drift_note="(request unavailable to diff against - re-injecting the contract as-is.)"
+    fi
+    msg="INTENT ANCHOR (re-injected this turn from .scope.json) - your contract. Do not drift from it.
+
+  intent:     $scope_intent
+  files:      $scope_files
+  acceptance: $scope_acceptance
+
+$drift_note If a constraint above conflicts with what you are about to do, stop
+and reconcile - the contract outranks momentum."
+fi
+
+# --- stash to the feedback bus (drained by post-tool-use.sh) -----------------
+pending="$pending_dir/feedback-$cid.txt"
+mkdir -p "$pending_dir" 2>/dev/null
+if [ -s "$pending" ]; then
+    printf '\n\n---\n\n%s' "$msg" >> "$pending" 2>/dev/null
+else
+    printf '%s' "$msg" >> "$pending" 2>/dev/null
+fi
+
+# --- arm the latch; record the query hash for next-turn change detection -----
+touch "$latch" 2>/dev/null
+if [ -n "$current_hash" ]; then
+    printf '%s' "$current_hash" > "$hash_file" 2>/dev/null
+fi
+
+exit 0

package/linux/hooks/subagent-stop-review.sh

@@ -45,12 +45,16 @@ pending_dir="$(hooks_pending_dir)"
 marker="$pending_dir/session-edits-$cid.txt"
 flag="$pending_dir/reviewed-$cid.flag"
 anchor_flag="$pending_dir/anchor-declared-$cid.flag"
+intent_latch="$pending_dir/intent-injected-$cid.flag"
+
+# Unconditionally clear the per-turn latches so the next subagent run re-fires.
+# Clearing here (not only inside the reviewed-flag block below) can never strand
+# them silenced. last-query-<cid>.hash is kept (cross-turn prompt-change detect).
+rm -f "$anchor_flag" "$intent_latch" 2>/dev/null
 
 # One-shot brake: the previous subagentStop for this id emitted the review.
-# Also clear anchor-declared-<cid>.flag so the pre-compile nudge re-fires for
-# the next subagent implementation (one nudge per body of work).
 if [ -f "$flag" ]; then
-    rm -f "$flag" "$marker" "$anchor_flag" 2>/dev/null
+    rm -f "$flag" "$marker" 2>/dev/null
     emit_none
 fi
 

package/linux/hooks.json

@@ -43,10 +43,15 @@
         "command": "bash ~/.agents/hooks/anchor-set-nudge.sh",
         "timeout": 5,
         "matcher": "^(Write|StrReplace|EditNotebook)$",
-        "_comment": "5s: PROACTIVE pre-compile nudge. On the FIRST edit of each implementation (per conversation), remind the agent to compile its Anchor Set (pre-compile.md) into .scope.json BEFORE piling on more code. The reactive audits (self-review / anti-slop / final-review axis 0) only fire after code exists; this catches intent dilution at token ~50 instead of ~5000. One-shot per implementation: gated by anchor-declared-<cid>.flag, which final-review.sh / subagent-stop-review.sh clear at the same per-implementation boundary as reviewed-<cid>.flag. Advisory only; never blocks. Disable: HOOKS_ENFORCE=0 or ANCHOR_NUDGE_ENFORCE=0."
+        "_comment": "5s: PROACTIVE pre-compile nudge. On the FIRST edit of each agent turn (per conversation), remind the agent to compile its Anchor Set (pre-compile.md) into .scope.json BEFORE piling on more code. The reactive audits (self-review / anti-slop / final-review axis 0) only fire after code exists; this catches intent dilution at token ~50 instead of ~5000. One-shot per turn: gated by anchor-declared-<cid>.flag, armed here on first edit and cleared UNCONDITIONALLY by final-review.sh / subagent-stop-review.sh on every stop - so it re-fires on the first edit of the next turn and can never get stranded silenced. Advisory only; never blocks. Disable: HOOKS_ENFORCE=0 or ANCHOR_NUDGE_ENFORCE=0."
       }
     ],
     "postToolUse": [
+      {
+        "command": "bash ~/.agents/hooks/intent-anchor.sh",
+        "timeout": 5,
+        "_comment": "5s: THIN INTENT COMPILATION (anti Salience Dilution). Registered FIRST so it appends to the feedback bus before post-tool-use.sh drains it (same-tool delivery). On the FIRST tool boundary of each turn (per-turn latch intent-injected-<cid>.flag, cleared unconditionally at every stop), (1) re-injects the existing .scope.json (intent/files/acceptance) into additional_context so the contract is back in the model's attentional focus before edits pile up - UNCONDITIONAL, no transcript needed; (2) if the current <user_query> hash differs from last-query-<cid>.hash, demands the agent UPDATE .scope.json to match the new request (scope tracks the request). No .scope.json -> demand one be written. Needs transcript_path for change-detection; degrades to silent there but re-injection still runs. Advisory only; never blocks. Disable: HOOKS_ENFORCE=0 or INTENT_ANCHOR_ENFORCE=0."
+      },
       {
         "command": "bash ~/.agents/hooks/post-tool-use.sh",
         "timeout": 5,

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "cursordoctrine",
-  "version": "0.4.1",
-  "description": "Thin self-review hooks for Cursor — the model is the auditor. Pre-compile Anchor Set phase (proactive intent compilation), intent-trace final review (Tier 0), unified 13-item anti-slop checklist, operational slop detection.",
+  "version": "0.4.3",
+  "description": "Thin self-review hooks for Cursor — the model is the auditor. Proactive intent compilation (pre-compile Anchor Set + per-turn .scope.json re-injection against Salience Dilution), intent-trace final review (Tier 0), unified 13-item anti-slop checklist, operational slop detection.",
   "bin": {
     "cursordoctrine": "bin/cli.mjs"
   },

package/windows/hooks/anchor-set-nudge.ps1

@@ -1,20 +1,20 @@
 # anchor-set-nudge.ps1 - afterFileEdit "pre-compile" nudge (Cursor).
 #
 # Proactive counterpart to the reactive audits. On the FIRST file edit of an
-# implementation (per conversation), remind the agent to compile its Anchor Set
-# (pre-compile.md) and write .scope.json BEFORE piling on more code. The
-# reactive stack (self-review, anti-slop, final-review) only fires AFTER code
-# exists; this nudge catches intent dilution at token ~50, not at the ~5000 of
-# the stop-hook axis 0. A clean final review of the wrong feature is still the
-# wrong feature - the Anchor Set exists so the right feature is on the rails
-# from the first edit.
+# agent turn, remind the agent to compile its Anchor Set (pre-compile.md) and
+# write .scope.json BEFORE piling on more code. The reactive stack (self-review,
+# anti-slop, final-review) only fires AFTER code exists; this nudge catches
+# intent dilution at token ~50, not at the ~5000 of the stop-hook axis 0. A
+# clean final review of the wrong feature is still the wrong feature - the
+# Anchor Set exists so the right feature is on the rails from the first edit.
 #
-# One-shot PER IMPLEMENTATION, not per session: gated by an
-# anchor-declared-<cid>.flag in the pending dir. That flag is cleared by
-# final-review.ps1 / subagent-stop-review.ps1 at the SAME per-implementation
-# boundary where they clear session-edits-<cid>.txt and reviewed-<cid>.flag
-# (the stop after a review pass). So a long conversation with N implementations
-# gets N nudges, not one - every new body of work re-earns the reminder.
+# Fires ONCE PER TURN (per conversation): gated by an anchor-declared-<cid>.flag
+# in the pending dir, armed here on first edit and cleared UNCONDITIONALLY by
+# final-review.ps1 / subagent-stop-review.ps1 on every stop. So a long
+# conversation with N turns gets up to N nudges - every new turn re-earns the
+# reminder on its first edit. The clear is unconditional (not gated on the
+# reviewed-flag path) so the latch can never get stranded silenced mid-session,
+# which would silently stop reminding the agent to write .scope.json.
 #
 # Advisory only: never blocks, never reads the diff, ALWAYS exits 0. Appends to
 # the shared feedback-<cid>.txt bus; post-tool-use.ps1 delivers it next turn.

package/windows/hooks/final-review.ps1

@@ -40,7 +40,8 @@ $cid = Get-SafeConversationId $obj
 $pendingDir = Get-HooksPendingDir
 $marker = Join-Path $pendingDir "session-edits-$cid.txt"
 $flag   = Join-Path $pendingDir "reviewed-$cid.flag"
-$anchorFlag = Join-Path $pendingDir "anchor-declared-$cid.flag"
+$anchorFlag  = Join-Path $pendingDir "anchor-declared-$cid.flag"
+$intentLatch = Join-Path $pendingDir "intent-injected-$cid.flag"
 
 # Sweep state from sessions that died before their stop hook ran. Cheap (one
 # directory listing on an event that fires once per agent loop).
@@ -48,12 +49,21 @@ Get-ChildItem $pendingDir -File -ErrorAction SilentlyContinue |
     Where-Object { $_.LastWriteTime -lt (Get-Date).AddDays(-7) } |
     Remove-Item -Force -ErrorAction SilentlyContinue
 
+# Unconditionally clear the per-turn latches so the next turn re-fires. Every
+# stop is a turn boundary; clearing here (not only inside the reviewed-flag
+# block below) guarantees these re-fire on the first edit/tool of the NEXT
+# turn and can never get stranded silenced mid-session:
+#   - anchor-declared-<cid>.flag  (anchor-set-nudge, first-edit reminder)
+#   - intent-injected-<cid>.flag  (intent-anchor, first-tool re-injection)
+# last-query-<cid>.hash is NOT cleared here - it must persist turn-to-turn so
+# intent-anchor can detect prompt changes; the 7-day sweep above reaps it when
+# a conversation truly dies.
+Remove-Item $anchorFlag, $intentLatch -Force -ErrorAction SilentlyContinue
+
 # One-shot brake: the previous stop for this conversation emitted the review.
 # Clear the flag (and whatever the review pass itself edited) and end the loop.
-# Also clear anchor-declared-<cid>.flag so the pre-compile nudge re-fires for
-# the NEXT implementation (one nudge per body of work, not per session).
 if (Test-Path $flag) {
-    Remove-Item $flag, $marker, $anchorFlag -Force -ErrorAction SilentlyContinue
+    Remove-Item $flag, $marker -Force -ErrorAction SilentlyContinue
     Emit-None
 }
 

package/windows/hooks/intent-anchor.ps1

@@ -0,0 +1,167 @@
+# intent-anchor.ps1 - postToolUse "thin intent compilation" anchor (Cursor).
+#
+# Counteracts Salience Dilution: the failure mode where the agent's original
+# intent erodes as the conversation fills with code, logs and errors, until the
+# token of the original request is a rounding error against the recent history
+# and the agent drifts ("forgets" symmetry, colors, the .scope.json it wrote at
+# prompt 1). Two jobs, both on the FIRST tool boundary of each turn (per-turn
+# latch intent-injected-<cid>.flag, armed here, cleared at every stop):
+#
+#   1. RE-INJECT .scope.json (the core anti-dilution move): read the contract
+#      (intent + files + acceptance) and stash it in the feedback bus so
+#      post-tool-use.ps1 delivers it as additional_context at the next tool
+#      boundary. This puts the contract back in the model's attentional focus
+#      at the START of each turn's work, before edits pile up and dilute the
+#      original intent. Works UNCONDITIONALLY - no transcript needed.
+#
+#   2. RE-COMPILE ON PROMPT CHANGE: hash the current <user_query> (via
+#      Get-LastUserQuery, which reads the transcript) and compare to
+#      last-query-<cid>.hash. If they differ, demand the agent UPDATE
+#      .scope.json to match the new request. If no .scope.json exists, demand
+#      one be written. The scope tracks the request - when the request moves,
+#      the scope moves with it. This part needs transcript_path in the payload;
+#      if it is absent the hook degrades to silent on change-detection but the
+#      re-injection above still runs.
+#
+# Why postToolUse, not afterFileEdit: afterFileEdit only fires AFTER an edit
+# exists, and Cursor has no preToolUse for file edits. postToolUse fires after
+# EVERY tool (Read/Glob/Bash/Write/...), so its first fire of a turn is the
+# earliest moment the agent has begun working - typically right after the first
+# Read/Glob, before any edit. Best available injection point for "before files".
+#
+# Once per turn: latch armed on first fire, cleared UNCONDITIONALLY at every
+# stop (final-review.ps1). Cannot strand silenced mid-session (that was the
+# 0.4.0 bug). Registered first in the postToolUse array so it appends to the
+# feedback bus before post-tool-use.ps1 drains it (same-tool delivery; if an
+# updated install orders it after, delivery slips one tool - still correct).
+#
+# Advisory only: never blocks, never reads the diff, ALWAYS exits 0. Appends to
+# the shared feedback-<cid>.txt bus. Disable: HOOKS_ENFORCE=0 or INTENT_ANCHOR_ENFORCE=0.
+
+$ErrorActionPreference = 'SilentlyContinue'
+. "$PSScriptRoot\hook-common.ps1"
+
+if ($env:HOOKS_ENFORCE -eq '0' -or $env:INTENT_ANCHOR_ENFORCE -eq '0') { exit 0 }
+
+$obj = Read-HookStdinJson
+if (-not $obj) { exit 0 }
+
+$cid = Get-SafeConversationId $obj
+$pendingDir = Get-HooksPendingDir
+$latch    = Join-Path $pendingDir "intent-injected-$cid.flag"
+$hashFile = Join-Path $pendingDir "last-query-$cid.hash"
+
+# Already injected this turn -> quiet. Latch cleared at every stop.
+if (Test-Path $latch) { exit 0 }
+
+# --- current request (best-effort; absent in sandboxed runs) -----------------
+$currentQuery = Get-LastUserQuery $obj
+$hasQuery = -not [string]::IsNullOrWhiteSpace($currentQuery)
+
+$currentHash = ''
+$promptChanged = $false
+if ($hasQuery) {
+    $bytes  = [System.Text.Encoding]::UTF8.GetBytes($currentQuery)
+    $hasher = [System.Security.Cryptography.SHA256]::Create()
+    $currentHash = -join ($hasher.ComputeHash($bytes) | ForEach-Object { $_.ToString('x2') })
+    $prevHash = ''
+    if (Test-Path $hashFile) { $prevHash = (Get-Content $hashFile -Raw -ErrorAction SilentlyContinue).Trim() }
+    $promptChanged = ($currentHash -ne $prevHash)
+}
+
+# --- repo root (same resolution as scope-gate-audit.ps1) ---------------------
+$root = ''
+$cands = @()
+if ($obj.PSObject.Properties['cwd'] -and $obj.cwd) { $cands += [string]$obj.cwd }
+if ($obj.PSObject.Properties['workspace_roots']) { foreach ($w in $obj.workspace_roots) { $cands += [string]$w } }
+foreach ($c in $cands) { $f = ConvertTo-FwdPath $c; if ($f -and (Test-Path -LiteralPath $f)) { $root = $f.TrimEnd('/'); break } }
+if (-not $root) { $root = (& { if ($env:CURSOR_PROJECT_DIR) { $env:CURSOR_PROJECT_DIR } else { $HOME } }).Replace('\', '/').TrimEnd('/') }
+
+# --- read the existing contract (if any) -------------------------------------
+$scopeExists = $false
+$scopeIntent = ''
+$scopeAcceptance = ''
+$scopeFiles = ''
+$scopePath = Join-Path $root '.scope.json'
+if (Test-Path -LiteralPath $scopePath) {
+    try {
+        $sj = Get-Content -LiteralPath $scopePath -Raw | ConvertFrom-Json
+        if ($sj.intent)     { $scopeIntent = [string]$sj.intent }
+        if ($sj.acceptance) { $scopeAcceptance = [string]$sj.acceptance }
+        if ($sj.files)      { $scopeFiles = ($sj.files -join ', ') }
+        $scopeExists = $true
+    } catch { $scopeExists = $false }   # malformed JSON -> treat as missing
+}
+
+# --- compose the anchor message ---------------------------------------------
+# Re-injection (req 2) is unconditional whenever a contract exists.
+# Recompile-demand (req 1) fires when there is no contract, or the prompt moved.
+$queryLine = if ($hasQuery) { $currentQuery } else { '(current request unavailable - no transcript in this event)' }
+
+if (-not $scopeExists) {
+    $msg = @"
+INTENT ANCHOR (pre-compile) - no .scope.json found in $root.
+
+Current request:
+  $queryLine
+
+You have NOT compiled your Anchor Set. Before editing files, write .scope.json
+in the repo root:
+  intent:     one operational sentence (what is strictly necessary)
+  files:      the exact files you will touch
+  acceptance: the one deterministic check that decides done
+
+Compile it now, then proceed. The scope tracks the request - it is how you stay
+on the rails when the conversation gets long.
+"@
+} elseif ($promptChanged) {
+    $msg = @"
+INTENT ANCHOR (pre-compile) - your request changed; .scope.json may be stale.
+
+Current request:
+  $queryLine
+
+Your existing contract (.scope.json):
+  intent:     $scopeIntent
+  files:      $scopeFiles
+  acceptance: $scopeAcceptance
+
+If the current request differs from the intent above, UPDATE .scope.json now
+to match what was just asked. When the request moves, the scope moves with it -
+do not edit against a contract written for a different request.
+"@
+} else {
+    # Same prompt continuing (or query unavailable) -> re-inject the contract.
+    $driftNote = if ($hasQuery) {
+        "Every edit this turn must advance intent and stay inside files. acceptance is the bar for done."
+    } else {
+        "(request unavailable to diff against - re-injecting the contract as-is.)"
+    }
+    $msg = @"
+INTENT ANCHOR (re-injected this turn from .scope.json) - your contract. Do not drift from it.
+
+  intent:     $scopeIntent
+  files:      $scopeFiles
+  acceptance: $scopeAcceptance
+
+$driftNote If a constraint above conflicts with what you are about to do, stop
+and reconcile - the contract outranks momentum.
+"@
+}
+
+# --- stash to the feedback bus (drained by post-tool-use.ps1) ----------------
+$pending = Join-Path $pendingDir "feedback-$cid.txt"
+try {
+    New-Item -ItemType Directory -Path $pendingDir -Force | Out-Null
+    $prefix = ''
+    if ((Test-Path $pending) -and ((Get-Item $pending).Length -gt 0)) { $prefix = "`n`n---`n`n" }
+    Add-Content -Path $pending -Value ($prefix + $msg) -NoNewline
+} catch { }
+
+# --- arm the latch; record the query hash for next-turn change detection -----
+New-Item -ItemType File -Path $latch -Force -ErrorAction SilentlyContinue | Out-Null
+if ($currentHash) {
+    try { Set-Content -Path $hashFile -Value $currentHash -NoNewline -ErrorAction SilentlyContinue } catch { }
+}
+
+exit 0

package/windows/hooks/subagent-stop-review.ps1

@@ -43,13 +43,17 @@ $cid = Get-SafeConversationId $obj
 $pendingDir = Get-HooksPendingDir
 $marker = Join-Path $pendingDir "session-edits-$cid.txt"
 $flag   = Join-Path $pendingDir "reviewed-$cid.flag"
-$anchorFlag = Join-Path $pendingDir "anchor-declared-$cid.flag"
+$anchorFlag  = Join-Path $pendingDir "anchor-declared-$cid.flag"
+$intentLatch = Join-Path $pendingDir "intent-injected-$cid.flag"
+
+# Unconditionally clear the per-turn latches so the next subagent run re-fires.
+# Clearing here (not only inside the reviewed-flag block below) can never strand
+# them silenced. last-query-<cid>.hash is kept (cross-turn prompt-change detect).
+Remove-Item $anchorFlag, $intentLatch -Force -ErrorAction SilentlyContinue
 
 # One-shot brake: the previous subagentStop for this id emitted the review.
-# Also clear anchor-declared-<cid>.flag so the pre-compile nudge re-fires for
-# the next subagent implementation (one nudge per body of work).
 if (Test-Path $flag) {
-    Remove-Item $flag, $marker, $anchorFlag -Force -ErrorAction SilentlyContinue
+    Remove-Item $flag, $marker -Force -ErrorAction SilentlyContinue
     Emit-None
 }
 

package/windows/hooks.json

@@ -43,10 +43,15 @@
         "command": "pwsh.exe -NoProfile -File ~/.agents/hooks/anchor-set-nudge.ps1",
         "timeout": 5,
         "matcher": "^(Write|StrReplace|EditNotebook)$",
-        "_comment": "5s: PROACTIVE pre-compile nudge. On the FIRST edit of each implementation (per conversation), remind the agent to compile its Anchor Set (pre-compile.md) into .scope.json BEFORE piling on more code. The reactive audits (self-review / anti-slop / final-review axis 0) only fire after code exists; this catches intent dilution at token ~50 instead of ~5000. One-shot per implementation: gated by anchor-declared-<cid>.flag, which final-review.ps1 / subagent-stop-review.ps1 clear at the same per-implementation boundary as reviewed-<cid>.flag. Advisory only; never blocks. Disable: HOOKS_ENFORCE=0 or ANCHOR_NUDGE_ENFORCE=0."
+        "_comment": "5s: PROACTIVE pre-compile nudge. On the FIRST edit of each agent turn (per conversation), remind the agent to compile its Anchor Set (pre-compile.md) into .scope.json BEFORE piling on more code. The reactive audits (self-review / anti-slop / final-review axis 0) only fire after code exists; this catches intent dilution at token ~50 instead of ~5000. One-shot per turn: gated by anchor-declared-<cid>.flag, armed here on first edit and cleared UNCONDITIONALLY by final-review.ps1 / subagent-stop-review.ps1 on every stop - so it re-fires on the first edit of the next turn and can never get stranded silenced. Advisory only; never blocks. Disable: HOOKS_ENFORCE=0 or ANCHOR_NUDGE_ENFORCE=0."
       }
     ],
     "postToolUse": [
+      {
+        "command": "pwsh.exe -NoProfile -File ~/.agents/hooks/intent-anchor.ps1",
+        "timeout": 5,
+        "_comment": "5s: THIN INTENT COMPILATION (anti Salience Dilution). Registered FIRST so it appends to the feedback bus before post-tool-use.ps1 drains it (same-tool delivery). On the FIRST tool boundary of each turn (per-turn latch intent-injected-<cid>.flag, cleared unconditionally at every stop), (1) re-injects the existing .scope.json (intent/files/acceptance) into additional_context so the contract is back in the model's attentional focus before edits pile up - UNCONDITIONAL, no transcript needed; (2) if the current <user_query> hash differs from last-query-<cid>.hash, demands the agent UPDATE .scope.json to match the new request (scope tracks the request). No .scope.json -> demand one be written. Needs transcript_path for change-detection; degrades to silent there but re-injection still runs. Advisory only; never blocks. Disable: HOOKS_ENFORCE=0 or INTENT_ANCHOR_ENFORCE=0."
+      },
       {
         "command": "pwsh.exe -NoProfile -File ~/.agents/hooks/post-tool-use.ps1",
         "timeout": 5,