cursordoctrine 0.4.4 → 0.5.1

package/INSTALL.md

@@ -76,13 +76,14 @@ echo '{"conversation_id":"t1","status":"completed"}' | bash ~/.agents/hooks/fina
 echo '{"conversation_id":"t2","file_path":"/tmp/x.py"}' | bash ~/.agents/hooks/self-review-trigger.sh
 echo '{"conversation_id":"t2","status":"completed"}' | bash ~/.agents/hooks/subagent-stop-review.sh  # expect {"followup_message": "SUBAGENT FINAL REVIEW ..."} once, then {}
 echo '{"conversation_id":"t2"}'       | bash ~/.agents/hooks/post-tool-use.sh     # drain t2's leftover feedback file
-# anchor-set nudge: fires PRE-COMPILE NUDGE on the first edit, silent on the second
-echo '{"conversation_id":"t3","file_path":"/tmp/x.py"}' | bash ~/.agents/hooks/anchor-set-nudge.sh
-echo '{"conversation_id":"t3"}'       | bash ~/.agents/hooks/post-tool-use.sh     # expect additional_context containing "PRE-COMPILE NUDGE"
-echo '{"conversation_id":"t3","file_path":"/tmp/y.py"}' | bash ~/.agents/hooks/anchor-set-nudge.sh  # second edit -> flag armed -> silent
-echo '{"conversation_id":"t3"}'       | bash ~/.agents/hooks/post-tool-use.sh     # expect {} (nothing new stashed)
-echo '{}' | bash ~/.cursor/inject-doctrine.sh                                     # expect {"additional_context": ...}
-python3 ~/.cursor/skills/anti-slop/scripts/scan_slop.py --help                    # expect usage text (final review's scanner)
+# intent-anchor: writes .scope.json from the current prompt and re-injects it.
+# Needs a repo root in cwd (it will NOT write to $HOME - that's the guard).
+echo '{"conversation_id":"t3","cwd":"/tmp","file_path":"/tmp/x.py"}' | bash ~/.agents/hooks/intent-anchor.sh
+cat /tmp/.scope.json                                                         # expect a JSON scaffold with intent placeholder
+echo '{"conversation_id":"t3"}'       | bash ~/.agents/hooks/post-tool-use.sh # expect additional_context with the scaffold
+echo '{}' | bash ~/.cursor/inject-doctrine.sh                                # expect {"additional_context": ...}
+python3 ~/.cursor/skills/anti-slop/scripts/scan_slop.py --help               # expect usage text (final review's scanner)
+rm -f /tmp/.scope.json                                                        # cleanup the test scaffold
 ```
 
 If the scanner check fails, the final review still works — it falls back to the
@@ -96,11 +97,13 @@ Windows (same payloads, swap `bash ~/...sh` for `pwsh.exe -NoProfile -File $HOME
 echo '{"command":"git push --force"}' | pwsh.exe -NoProfile -File $HOME\.agents\hooks\permission-gate.ps1
 echo '{"conversation_id":"t2","file_path":"C:\tmp\x.py"}' | pwsh.exe -NoProfile -File $HOME\.agents\hooks\self-review-trigger.ps1
 echo '{"conversation_id":"t2","status":"completed"}' | pwsh.exe -NoProfile -File $HOME\.agents\hooks\subagent-stop-review.ps1  # SUBAGENT FINAL REVIEW once, then {}
-# anchor-set nudge: fires PRE-COMPILE NUDGE on the first edit, silent on the second
-echo '{"conversation_id":"t3","file_path":"C:\tmp\x.py"}' | pwsh.exe -NoProfile -File $HOME\.agents\hooks\anchor-set-nudge.ps1
-echo '{"conversation_id":"t3"}'  | pwsh.exe -NoProfile -File $HOME\.agents\hooks\post-tool-use.ps1   # additional_context with "PRE-COMPILE NUDGE"
-echo '{"conversation_id":"t3","file_path":"C:\tmp\y.py"}' | pwsh.exe -NoProfile -File $HOME\.agents\hooks\anchor-set-nudge.ps1  # second edit -> silent
+# intent-anchor: writes .scope.json from the current prompt and re-injects it.
+# Needs a repo root in cwd (it will NOT write to $HOME - that's the guard).
+echo '{"conversation_id":"t3","cwd":"C:\tmp","file_path":"C:\tmp\x.py"}' | pwsh.exe -NoProfile -File $HOME\.agents\hooks\intent-anchor.ps1
+Get-Content C:\tmp\.scope.json                                            # expect a JSON scaffold with intent placeholder
+echo '{"conversation_id":"t3"}'  | pwsh.exe -NoProfile -File $HOME\.agents\hooks\post-tool-use.ps1  # additional_context with the scaffold
 python $HOME\.cursor\skills\anti-slop\scripts\scan_slop.py --help
+Remove-Item C:\tmp\.scope.json -Force                                     # cleanup the test scaffold
 ```
 
 Also validate the config: `~/.cursor/hooks.json` must parse as JSON.
@@ -109,7 +112,7 @@ Also validate the config: `~/.cursor/hooks.json` must parse as JSON.
 
 1. Restart Cursor (hooks.json is read at startup).
 2. Open any project and start a new agent chat. The doctrine should be in context — ask the agent "what does your doctrine say about diffs?" and it should answer from §2; ask "what is the Anchor Set?" and it should answer from `pre-compile.md` (Objective / Constraints / Scope / Deterministic success).
-3. Have the agent make a small edit to a tracked file. On the next turn it should receive a `SELF-REVIEW TRIGGER` message, and (if it's the first edit of that turn) a `PRE-COMPILE NUDGE` reminder to write its Anchor Set to `.scope.json`. The nudge re-fires on the first edit of each new turn.
+3. Have the agent make a small edit to a tracked file. On the next turn it should receive a `SELF-REVIEW TRIGGER` message, and `intent-anchor` should have written `.scope.json` to the repo root (intent from your prompt, `<TODO>` placeholders for files/acceptance). The scaffold regenerates when your prompt changes and is re-injected every turn.
 4. Ask the agent to run `git push --force` (in a throwaway repo). The permission gate must block it.
 5. Finish a small implementation and stop. A single `FINAL REVIEW` follow-up should fire — exactly once.
 6. Delegate a small edit to a subagent (e.g. ask the agent to "use a generalPurpose subagent to add a comment to <file>"). The subagent should receive one `SUBAGENT FINAL REVIEW` follow-up before returning, and the parent should see `SUBAGENT WORK DETECTED` at its next tool boundary. (`subagentStop` is only read at startup — if nothing fires, restart Cursor again.)
@@ -120,4 +123,4 @@ Also validate the config: `~/.cursor/hooks.json` must parse as JSON.
 
 Tell the user what was installed, which checks passed, and anything that failed with the exact error. Do not silently work around a failing check.
 
-Kill switches if something misbehaves: `HOOKS_ENFORCE=0` (everything advisory off), `PERM_GATE_ENFORCE=0`, `ANCHOR_NUDGE_ENFORCE=0` (pre-compile nudge off), `INTENT_ANCHOR_ENFORCE=0` (thin-intent re-injection off), `MINIMAL_EDITING_ENFORCE=0` (deprecated in 0.3.0), `SEMANTIC_DENSITY_ENFORCE=0`, `SCOPE_GATE_ENFORCE=0`, `ANTI_SLOP_ENFORCE=0`, `FINAL_REVIEW_ENFORCE=0`, `SUBAGENT_REVIEW_ENFORCE=0`.
+Kill switches if something misbehaves: `HOOKS_ENFORCE=0` (everything advisory off), `PERM_GATE_ENFORCE=0`, `INTENT_ANCHOR_ENFORCE=0` (thin-intent `.scope.json` scaffold/re-injection off), `SEMANTIC_DENSITY_ENFORCE=0`, `SCOPE_GATE_ENFORCE=0`, `ANTI_SLOP_ENFORCE=0`, `FINAL_REVIEW_ENFORCE=0`, `SUBAGENT_REVIEW_ENFORCE=0`.

package/README.md

@@ -21,9 +21,9 @@
 
 Cursor hooks that make the agent review its own edits without bolting a static-analysis pipeline onto every keystroke. No regex army, no scoring engine. Four jobs:
 
-1. **Compile intent before coding** (proactive) — at session start the agent gets the doctrine plus the **Anchor Set** discipline (`pre-compile.md`): before writing code it must emit *Objective / Constraints / Scope / Deterministic success*, and write that contract to `.scope.json`. On the first edit of each agent turn a `anchor-set-nudge` advisory fires to catch intent dilution at token ~50 instead of waiting for the stop-hook review at token ~5000.
+1. **Compile intent before coding** (proactive) — at session start the agent gets the doctrine plus the **Anchor Set** discipline (`pre-compile.md`): before writing code it must emit *Objective / Constraints / Scope / Deterministic success*. `intent-anchor` materializes that as `.scope.json` on the first tool of each turn (auto-created, regenerated when the prompt changes) and re-injects it into context every turn, so the contract stays in focus against Salience Dilution.
 2. **Inject the doctrine** at session start — every chat starts with the same short governing text (`doctrine.md`, `USER-RULES.md`, `declared-editing.md` the YAGNI ultra ladder, and `pre-compile.md` the thin intent-compilation phase).
-3. **Hand the model its own edits back** (reactive) — after each agent edit, a self-review prompt goes into a pending file (plus semantic-density, scope-gate, anti-slop, and the pre-compile nudge advisories when they trip). Next turn the model reads its diff, fixes real bugs, stays quiet otherwise.
+3. **Hand the model its own edits back** (reactive) — after each agent edit, a self-review prompt goes into a pending file (plus semantic-density, scope-gate, and anti-slop advisories when they trip). Next turn the model reads its diff, fixes real bugs, stays quiet otherwise.
 4. **Gate blast radius** — one permission gate denies a short explicit list of dangerous commands (`rm -rf /`, `curl | sh`, force-push, `npm publish`, ...). Everything else passes.
 
 When an implementation finishes, the stop hook runs one final review over everything that changed, then stops. Six axes. The first is **intent trace**: the hook pulls your last user message from the transcript and prepends it to the review so the model has to tie every diff hunk to a concrete request. Anything it can't trace is a hallucinated requirement and gets reverted. That's the only check that catches "clean code, wrong feature" — linters and later axes miss it.
@@ -90,19 +90,20 @@ Two machine-checkable consequences:
 - **`scope-gate-audit`** (afterFileEdit, opt-in via `.scope.json` existing) audits every edit against `files[]` and quotes `intent` + `acceptance` back on a violation. Editing outside the declared set is the textbook scope-creep signal.
 - **final-review axis 0** (intent trace) traces every diff hunk back to `intent`. Anything untraceable is a hallucinated requirement.
 
-On the **first edit of each agent turn**, `anchor-set-nudge` drops a reminder into the feedback bus: *did you write your Anchor Set to `.scope.json`?* One nudge per turn — the latch is armed on that first edit and cleared **unconditionally** by the stop hook on every turn boundary, so the next turn re-earns its nudge. A long chat with N turns gets up to N nudges, and the latch can never get stranded silenced mid-session.
+On the **first tool of each agent turn**, `intent-anchor` materializes the Anchor Set: it writes `.scope.json` to the repo root (regenerating it when the prompt changed) and re-injects it into context. One scaffold per prompt, re-injection per turn. The latch is armed on first fire and cleared **unconditionally** by the stop hook on every turn boundary, so the next turn re-fires and can never get stranded silenced mid-session.
 
 The Anchor Set is skipped for trivial one-liners (typo, literal) — the `declared-editing.md` ladder's rung 1 governs when it's overkill.
 
 ### Keeping the contract alive: `intent-anchor` (anti-Salience-Dilution)
 
-Writing `.scope.json` once is not enough. As a conversation fills with code, logs and errors, the token of the original request shrinks to a rounding error against the recent history — *Salience Dilution* — and the agent stops checking the contract it wrote at prompt 1. It forgets symmetry, colors, the acceptance bar. This is the failure mode the nudge alone can't fix (a reminder that the contract exists ≠ the contract being in context).
+Writing `.scope.json` once is not enough. As a conversation fills with code, logs and errors, the token of the original request shrinks to a rounding error against the recent history — *Salience Dilution* — and the agent stops checking the contract it wrote at prompt 1. It forgets symmetry, colors, the acceptance bar. Re-injecting the contract every turn is what defeats this: the requirements are re-stated in front of the model before each edit, not just written once and hoped-for.
 
-`intent-anchor` (`postToolUse`, registered first so it runs before `post-tool-use` drains the bus) does three things on the **first tool boundary of every turn** (per-turn latch, cleared unconditionally at each stop):
+`intent-anchor` (`postToolUse`, registered first so it runs before `post-tool-use` drains the bus) does two things on the **first tool boundary of every turn** (per-turn latch, cleared unconditionally at each stop):
 
-1. **Materialize the contract (0.4.4+).** If `.scope.json` is missing or invalid and the current `<user_query>` is available, the hook **writes a scaffold to disk** — `intent` from your prompt, `files`/`acceptance` as obvious `<TODO: …>` placeholders. Contract creation is no longer probabilistic.
-2. **Re-inject the contract.** Reads `.scope.json` and stashes `intent` + `files` + `acceptance` into the feedback bus, which `post-tool-use` delivers as `additional_context`.
-3. **Re-compile on prompt change.** Hashes the current `<user_query>` and compares to the previous turn's hash. If the request moved and a non-scaffold contract already exists, it demands the agent **update** `.scope.json`.
+1. **Materialize the contract per prompt.** When the current `<user_query>` differs from the contract on disk (no contract yet, or its recorded `_intent_hash` doesn't match), the hook **writes a fresh `.scope.json` to the repo root**: `intent` locked from the prompt, `files`/`acceptance` as `<TODO>` placeholders the agent fills in. Every new prompt → a fresh contract the agent works from. Same prompt → no rewrite.
+2. **Re-inject the contract every turn.** Reads `.scope.json` and stashes `intent` + `files` + `acceptance` into the feedback bus, which `post-tool-use` delivers as `additional_context`. The contract is back in the model's attentional focus at the start of each turn, before edits pile up and dilute it.
+
+> **The hook writes `.scope.json` deliberately.** This is the intended behavior: the contract must exist *before* the agent edits, and it must track the request. The agent fills the `<TODO>` placeholders (`files`, `acceptance`) on the first turn; the hook regenerates the scaffold when the prompt changes. Two real bugs in the earlier 0.4.4 build are fixed here: (a) **never writes to `$HOME`** — if the repo `cwd` can't be resolved the hook stays silent rather than drop a ghost file (bail instead of fallback); (b) **regenerates on prompt CHANGE, not on every turn** — staleness is tracked via `_intent_hash` stored in the file itself, so a same-prompt turn re-injects without rewriting.
 
 Crucially, `intent-anchor` carries the **semantic** contract (`intent`/`acceptance`) into context every turn — something the path-only `scope-gate-audit` can never do. That is what makes "the agent forgot about grid symmetry while editing the right file" catchable: the symmetry requirement is re-stated in front of the model before each edit, not just checked against a file list after.
 
@@ -113,7 +114,7 @@ Crucially, `intent-anchor` carries the **semantic** contract (`intent`/`acceptan
 | Session | `sessionStart` | `inject-doctrine` reads doctrine + user rules + declared-editing + **pre-compile** and emits them as `additional_context`. |
 | Every turn | `postToolUse` | **`intent-anchor`** (registered first) re-injects `.scope.json` into `additional_context` at the first tool boundary of each turn — the anti-Salience-Dilution move that keeps `intent` + `acceptance` in the model's attentional focus before edits pile up. If the prompt changed since last turn, it demands the contract be updated. Then `post-tool-use` folds subagent markers and drains the feedback file. |
 | Shell | `beforeShellExecution` | `permission-gate` checks the command against a deny list. Allow by default, deny by list, fail open. |
-| Edit | `afterFileEdit` + `stop` | **Proactive:** `anchor-set-nudge` fires once per turn (on its first edit) to push the Anchor Set. **Reactive:** `self-review-trigger` stashes the review prompt per edit; `minimal-edit-audit` (deprecated), `semantic-density-audit`, `scope-gate-audit` (opt-in, audits `.scope.json`), and `anti-slop-audit` append advisories when they trip; `final-review` fires one end-of-implementation six-axis pass. |
+| Edit | `afterFileEdit` + `stop` | **Proactive:** `intent-anchor` (`postToolUse`) scaffolds `.scope.json` per prompt and re-injects it each turn. **Reactive:** `self-review-trigger` stashes the review prompt per edit; `semantic-density-audit`, `scope-gate-audit` (opt-in, audits `.scope.json`), and `anti-slop-audit` append advisories when they trip; `final-review` fires one end-of-implementation six-axis pass. |
 | Subagent | `subagentStop` | `subagent-stop-review` fires one in-subagent final review when a delegated run edited files, before the result returns to the parent. Marker-gated and flag-braked like `final-review`. |
 
 ## Layout
@@ -148,9 +149,7 @@ All hooks fail open and always exit 0. Nothing here can block your session.
 |---|---|---|
 | `HOOKS_ENFORCE=0` | on | turns off all advisory hooks at once |
 | `PERM_GATE_ENFORCE=0` | on | disables the permission gate |
-| `ANCHOR_NUDGE_ENFORCE=0` | on | disables the pre-compile nudge (first-edit Anchor Set reminder) |
-| `INTENT_ANCHOR_ENFORCE=0` | on | disables the thin-intent re-injection (per-turn `.scope.json` echo into `additional_context`) |
-| `MINIMAL_EDITING_ENFORCE=0` | on | disables the over-edit advisory (deprecated in 0.3.0) |
+| `INTENT_ANCHOR_ENFORCE=0` | on | disables the thin-intent `.scope.json` scaffold + re-injection |
 | `SCOPE_GATE_ENFORCE=0` | on | disables the declared-scope advisory (opt-in: only fires when `.scope.json` exists) |
 | `SEMANTIC_DENSITY_ENFORCE=0` | on | disables the semantic-opacity advisory |
 | `ANTI_SLOP_ENFORCE=0` | on | disables the slop advisory |
@@ -163,7 +162,7 @@ All hooks fail open and always exit 0. Nothing here can block your session.
 
 - **State lives under `$HOME`**, in `~/.cursor/.hooks-pending/`, keyed by conversation id. No repo litter. Concurrent sessions can't drain each other's prompts. Stale state older than 7 days gets swept on every stop.
 - **`afterFileEdit` output isn't consumed by Cursor**, so edit hooks write to a pending file and `post-tool-use` re-emits it at the next tool boundary. That's the whole message bus.
-- **One review per implementation.** The stop hook arms a per-conversation flag before emitting its follow-up, so a crash can't re-fire it and a long chat still gets a review after each implementation. The `anchor-set-nudge` latch is separate and simpler: it's cleared **unconditionally** on every stop, so the nudge re-fires on the first edit of each new turn and can never get stranded silenced mid-session.
+- **One review per implementation.** The stop hook arms a per-conversation flag before emitting its follow-up, so a crash can't re-fire it and a long chat still gets a review after each implementation. The `intent-anchor` per-turn latch is separate and simpler: it's cleared **unconditionally** on every stop, so the scaffold/re-inject re-fires on the first tool of each new turn and can never get stranded silenced mid-session.
 - **The `.scope.json` contract is opt-in.** No `.scope.json` in the repo root → `scope-gate-audit` stays silent and the system falls back to the `declared-editing` ladder plus the final-review footprint check. Writing the file is how the agent opts into a machine-checked scope.
 - **Subagents are first-class.** `afterFileEdit` fires inside subagents keyed by the subagent's conversation id. The harness normalizes agent edits (incl. `StrReplace`) to tool type `Write`, and `postToolUse` never fires for the `Task` tool — verified by payload capture. Matchers cover `Write|StrReplace|EditNotebook` defensively. `subagentStop` reviews the subagent in its own context. The parent folds orphaned subagent markers (from the `subagents/` transcript directory) into its own at every tool boundary and at stop.
 

package/bin/cli.mjs

@@ -17,6 +17,7 @@ import {
   readFileSync,
   readdirSync,
   rmSync,
+  statSync,
   writeFileSync,
 } from 'node:fs';
 import { join, resolve, dirname } from 'node:path';
@@ -283,102 +284,84 @@ function verify() {
     return true;
   });
 
-  check('anchor-set nudge fires once per turn, stop re-arms it', () => {
-    // anchor-set-nudge appends to feedback-<cid>.txt (the shared bus) rather
-    // than emitting JSON directly; drain it the same way post-tool-use does.
-    const drainedOf = (cidv) => runHook(hook('post-tool-use'), { conversation_id: cidv });
-
-    // --- Turn 1 -------------------------------------------------------------
-    // First edit -> nudge stashes into the feedback bus and arms the latch.
-    runHook(hook('anchor-set-nudge'), { conversation_id: 'npxv3', file_path: join(HOME, 'x.py') });
-    if (!drainedOf('npxv3').includes('PRE-COMPILE NUDGE')) {
-      return { ok: false, detail: 'nudge did not reach the feedback bus on first edit' };
-    }
-    // Second edit same turn -> latch armed, nudge must stay silent.
-    runHook(hook('anchor-set-nudge'), { conversation_id: 'npxv3', file_path: join(HOME, 'y.py') });
-    if (drainedOf('npxv3').includes('PRE-COMPILE NUDGE')) {
-      return { ok: false, detail: 'nudge re-fired on second edit (latch not gating)' };
-    }
-    // End of turn: final-review clears the latch unconditionally. Drive a
-    // review-less stop (no session-edits marker) so it hits the clear path and
-    // exits {}, same as a turn that produced no reviewable edits.
-    const stopOut = runHook(hook('final-review'), { conversation_id: 'npxv3', status: 'completed' });
-    if (stopOut !== '{}' && stopOut.replace(/\s/g, '') !== '{}') {
-      // A review fired (fine - the earlier edit left a session-edits marker via
-      // self-review-trigger if one ran). What matters is the latch got cleared;
-      // we verify that with the next-turn re-fire below.
-    }
-    // --- Turn 2 -------------------------------------------------------------
-    // First edit of the NEXT turn -> latch was cleared at the stop boundary, so
-    // the nudge MUST re-fire. This is the regression that 0.4.0 shipped broken:
-    // the latch only cleared on the fragile second-stop path, so it stranded
-    // and the nudge went permanently silent mid-session.
-    runHook(hook('anchor-set-nudge'), { conversation_id: 'npxv3', file_path: join(HOME, 'z.py') });
-    if (!drainedOf('npxv3').includes('PRE-COMPILE NUDGE')) {
-      return { ok: false, detail: 'nudge did NOT re-fire on the next turn (latch stranded at the stop boundary)' };
-    }
-    return true;
-  });
-
-  check('intent-anchor scaffolds .scope.json and re-injects every turn', () => {
+  check('intent-anchor scaffolds .scope.json per-prompt, never to $HOME', () => {
+    // The user-requested behavior: every NEW prompt -> a fresh .scope.json
+    // in the repo root, intent locked from the query. Same prompt -> re-inject
+    // without rewriting. Never writes to $HOME (the 0.4.4 ghost-file bug).
+    // We drive it with a synthetic transcript so Get-LastUserQuery can read
+    // the <user_query>; the hook resolves cwd -> HOME (the repo root here).
     const drainedOf = (cidv) => runHook(hook('post-tool-use'), { conversation_id: cidv });
     const anchorCid = 'npxv4';
-    const scopePath = join(HOME, '.scope.json');
+    const repoDir = HOME;   // verify() runs under a pinned HOME; treat it as the repo
+    const scopePath = join(repoDir, '.scope.json');
     const transcriptPath = join(HOME, '.cursor', '.hooks-pending', 'verify-transcript-npxv4.jsonl');
-    const testQuery = 'fix grid symmetry and color tokens';
+    const q1 = 'fix grid symmetry and color tokens';
+    const q2 = 'now add dark mode support';
 
     const cleanup = () => {
       try { rmSync(scopePath, { force: true }); } catch {}
       try { rmSync(transcriptPath, { force: true }); } catch {}
     };
     cleanup();
-
-    // Fake transcript so Get-LastUserQuery / scaffold can read the request.
-    const transcriptLine = JSON.stringify({
-      role: 'user',
-      message: { content: `<user_query>${testQuery}</user_query>` },
-    });
-    writeFileSync(transcriptPath, transcriptLine + '\n', 'utf8');
-
-    const anchorPayload = { conversation_id: anchorCid, cwd: HOME, transcript_path: transcriptPath };
-
-    // --- Case A: no .scope.json -> hook writes scaffold on disk ----------
-    runHook(hook('intent-anchor'), anchorPayload);
+    const writeTranscript = (q) =>
+      writeFileSync(transcriptPath,
+        JSON.stringify({ role: 'user', message: { content: `<user_query>${q}</user_query>` } }) + '\n',
+        'utf8');
+
+    // --- Case A: no .scope.json + prompt q1 -> WRITE scaffold with q1 as intent -
+    writeTranscript(q1);
+    runHook(hook('intent-anchor'), { conversation_id: anchorCid, cwd: repoDir, transcript_path: transcriptPath });
     let d = drainedOf(anchorCid);
     if (!existsSync(scopePath)) {
-      cleanup(); return { ok: false, detail: '.scope.json was not written to disk' };
+      cleanup(); return { ok: false, detail: 'scaffold was NOT written on first prompt' };
     }
     let scope;
-    try { scope = JSON.parse(readFileSync(scopePath, 'utf8')); } catch {
-      cleanup(); return { ok: false, detail: '.scope.json scaffold is not valid JSON' };
-    }
-    if (scope.intent !== testQuery) {
-      cleanup(); return { ok: false, detail: `scaffold intent mismatch: ${scope.intent}` };
+    try { scope = JSON.parse(readFileSync(scopePath, 'utf8')); }
+    catch { cleanup(); return { ok: false, detail: '.scope.json is not valid JSON' }; }
+    if (scope.intent !== q1) {
+      cleanup(); return { ok: false, detail: `intent mismatch (want "${q1}"): ${scope.intent}` };
     }
-    if (!d.includes('scaffold written') || !d.includes(testQuery)) {
-      cleanup(); return { ok: false, detail: 'scaffold branch did not inject written contract' };
+    if (!d.includes('scope regenerated')) {
+      cleanup(); return { ok: false, detail: 'regenerated branch did not fire' };
     }
 
-    // --- Stop clears the latch -------------------------------------------
+    // --- Stop clears the latch -> next turn can act again --------------------
     runHook(hook('final-review'), { conversation_id: anchorCid, status: 'completed' });
 
-    // --- Case B: scope exists -> re-inject contract every turn -----------
-    writeFileSync(scopePath, JSON.stringify({
-      intent: 'fix grid symmetry and color tokens',
-      files: ['src/grid.tsx'],
-      acceptance: 'grid renders symmetric; tokens match palette',
-    }));
-    runHook(hook('intent-anchor'), { conversation_id: anchorCid, cwd: HOME, transcript_path: transcriptPath });
+    // --- Case B: same prompt q1 again -> re-INJECT, do NOT rewrite ----------
+    const sizeBefore = statSync(scopePath).size;
+    runHook(hook('intent-anchor'), { conversation_id: anchorCid, cwd: repoDir, transcript_path: transcriptPath });
     d = drainedOf(anchorCid);
-    if (!d.includes('fix grid symmetry and color tokens') || !d.includes('INTENT ANCHOR')) {
-      cleanup(); return { ok: false, detail: 'contract not re-injected on turn 2' };
+    if (!d.includes('re-injected this turn')) {
+      cleanup(); return { ok: false, detail: 'same-prompt turn did not re-inject' };
+    }
+    // _intent_hash matches -> file must not have been regenerated. Intent still q1.
+    try { scope = JSON.parse(readFileSync(scopePath, 'utf8')); }
+    catch { cleanup(); return { ok: false, detail: '.scope.json corrupted on same-prompt turn' }; }
+    if (scope.intent !== q1) {
+      cleanup(); return { ok: false, detail: `same-prompt turn rewrote intent (should stay "${q1}"): ${scope.intent}` };
     }
 
+    // --- Stop; new prompt q2 -> REGENERATE with q2 as intent ----------------
     runHook(hook('final-review'), { conversation_id: anchorCid, status: 'completed' });
-    runHook(hook('intent-anchor'), { conversation_id: anchorCid, cwd: HOME, transcript_path: transcriptPath });
+    writeTranscript(q2);
+    runHook(hook('intent-anchor'), { conversation_id: anchorCid, cwd: repoDir, transcript_path: transcriptPath });
     d = drainedOf(anchorCid);
-    if (!d.includes('fix grid symmetry and color tokens')) {
-      cleanup(); return { ok: false, detail: 'contract not re-injected on turn 3 (latch stranded at stop)' };
+    try { scope = JSON.parse(readFileSync(scopePath, 'utf8')); }
+    catch { cleanup(); return { ok: false, detail: '.scope.json corrupted on prompt-change turn' }; }
+    if (scope.intent !== q2) {
+      cleanup(); return { ok: false, detail: `prompt-change did not regenerate intent (want "${q2}"): ${scope.intent}` };
+    }
+    if (!d.includes('scope regenerated')) {
+      cleanup(); return { ok: false, detail: 'prompt-change turn did not report regeneration' };
+    }
+
+    // --- The anti-ghost-file guard: no .scope.json should ever exist at $HOME
+    //     level OUTSIDE the resolved repo. Here repo == HOME so this is moot,
+    //     but assert the file has the _generated_by marker (proof the hook wrote
+    //     it, and that it carries _intent_hash for self-contained staleness).
+    if (!scope._generated_by || !scope._intent_hash) {
+      cleanup(); return { ok: false, detail: 'scaffold missing _generated_by / _intent_hash fields' };
     }
     cleanup();
     return true;
@@ -493,9 +476,7 @@ Examples
 Kill switches (environment variables, all hooks fail open)
   HOOKS_ENFORCE=0              everything advisory off
   PERM_GATE_ENFORCE=0          permission gate off
-  ANCHOR_NUDGE_ENFORCE=0       pre-compile nudge off (first-edit Anchor Set reminder)
-  INTENT_ANCHOR_ENFORCE=0      thin-intent re-injection off (per-turn .scope.json echo)
-  MINIMAL_EDITING_ENFORCE=0    over-edit advisory off (deprecated in 0.3.0)
+  INTENT_ANCHOR_ENFORCE=0      thin-intent scaffold/re-injection off
   SEMANTIC_DENSITY_ENFORCE=0   semantic-opacity advisory off
   SCOPE_GATE_ENFORCE=0         declared-scope advisory off
   ANTI_SLOP_ENFORCE=0          slop advisory off

package/linux/hooks/anti-slop-audit.sh

@@ -1,10 +1,8 @@
 #!/usr/bin/env bash
 # anti-slop-audit.sh - afterFileEdit "AI slop" advisory (Cursor, Linux).
 #
-# Companion to minimal-edit-audit.sh. That hook guards ONE slop axis -
-# over-editing. This hook guards the rest of the taxonomy: the parts static
-# analysis can cheaply and precisely flag, plus a self-review checklist for
-# the parts it cannot.
+# Guards the parts of the slop taxonomy static analysis can cheaply and
+# precisely flag, plus a self-review checklist for the parts it cannot.
 #
 #   Statically flagged (high-precision, deliberately low false-positive):
 #     * new dependency added to a manifest
@@ -174,6 +172,9 @@ msg="Anti-slop audit - $rel
 ${flag_block}${checklist}
 
 (Advisory; the bug pass is the self-review trigger. Disable: ANTI_SLOP_ENFORCE=0)"
+# Expand ~ so the model gets literal absolute paths (followups should be
+# copy-pasteable; bash expands ~ but the agent may not be in a bash context).
+msg="$(expand_agent_paths "$msg")"
 
 # --- append to the shared pending file --------------------------------------
 cid="$(safe_conversation_id "$input")"

package/linux/hooks/final-review.sh

@@ -36,21 +36,18 @@ cid="$(safe_conversation_id "$input")"
 pending_dir="$(hooks_pending_dir)"
 marker="$pending_dir/session-edits-$cid.txt"
 flag="$pending_dir/reviewed-$cid.flag"
-anchor_flag="$pending_dir/anchor-declared-$cid.flag"
 intent_latch="$pending_dir/intent-injected-$cid.flag"
 
 # Sweep state from sessions that died before their stop hook ran.
 find "$pending_dir" -maxdepth 1 -type f -mtime +7 -delete 2>/dev/null
 
-# Unconditionally clear the per-turn latches so the next turn re-fires. Every
-# stop is a turn boundary; clearing here (not only inside the reviewed-flag
-# block below) guarantees these re-fire on the first edit/tool of the NEXT
-# turn and can never get stranded silenced mid-session:
-#   - anchor-declared-<cid>.flag  (anchor-set-nudge, first-edit reminder)
-#   - intent-injected-<cid>.flag  (intent-anchor, first-tool re-injection)
+# Unconditionally clear the intent-anchor per-turn latch so the next turn
+# re-fires. Every stop is a turn boundary; clearing here (not only inside the
+# reviewed-flag block below) guarantees it re-fires on the first tool of the
+# NEXT turn and can never get stranded silenced mid-session.
 # last-query-<cid>.hash is NOT cleared here - it persists turn-to-turn so
 # intent-anchor can detect prompt changes; the 7-day sweep above reaps it.
-rm -f "$anchor_flag" "$intent_latch" 2>/dev/null
+rm -f "$intent_latch" 2>/dev/null
 
 # One-shot brake: the previous stop for this conversation emitted the review.
 if [ -f "$flag" ]; then
@@ -83,16 +80,17 @@ body=""
 if [ -z "$body" ]; then
     body='FINAL REVIEW - audit everything you changed this session and FIX what fails
 (do NOT revert the behaviour the user asked for):
+  0. Intent trace - tie every diff hunk back to the ORIGINAL REQUEST above.
+     Anything untraceable is a hallucinated requirement: revert it. Runs FIRST.
   1. Correctness - logic, edge cases (null/empty/zero/boundary), language traps, security.
   2. Reliability - error paths handled (no empty catch), timeouts/retries, resources
      released on every path, no races, input validated at the boundary.
   3. Coverage - behaviour-bearing changes have real tests; RUN the suite if present;
      no tautological tests.
-  4. Anti-slop - read ~/.agents/hooks/anti-slop.md and apply all 13 items to
-     the session diff. If ~/.cursor/skills/anti-slop/scripts/scan_slop.py exists,
-     run `python ~/.cursor/skills/anti-slop/scripts/scan_slop.py --all` first.
-     Consolidate clones; drop premature abstraction, unneeded deps, operational
-     slop (retries, await-in-loop, log spam), unjustified files.
+  4. Anti-slop - if the anti-slop scanner exists, run `python <scanner> --all` first;
+     then read ~/.agents/hooks/anti-slop.md (the single source of truth) and apply all
+     13 items to the session diff. Consolidate clones; drop premature abstraction,
+     unneeded deps, operational slop, unjustified files. Do NOT re-list the items here.
   5. Wiring completeness - for every user-visible behavior you added/changed
      (button, submit, API call, route, state transition), trace its execution
      path to a REAL EFFECT (persist, mutate, call, render). A dead end is slop:
@@ -101,6 +99,9 @@ if [ -z "$body" ]; then
      now or remove the dead half; mark later-stubs with TODO(wire):.
 Fix now, re-run the scan + tests, then stop. If an axis is clean, say so in one line.'
 fi
+# Expand ~ in the body AND the fallback, so the model gets literal absolute
+# paths it can paste at the shell (bash expands ~, but followups should emit
+# literals agents can copy-paste without re-interpreting).
 body="$(expand_agent_paths "$body")"
 
 # Regla R1 (re-entry): if this review pass is a re-audit after a failed gate or