cursordoctrine 0.4.6 → 0.5.1

package/INSTALL.md

@@ -76,13 +76,14 @@ echo '{"conversation_id":"t1","status":"completed"}' | bash ~/.agents/hooks/fina
 echo '{"conversation_id":"t2","file_path":"/tmp/x.py"}' | bash ~/.agents/hooks/self-review-trigger.sh
 echo '{"conversation_id":"t2","status":"completed"}' | bash ~/.agents/hooks/subagent-stop-review.sh  # expect {"followup_message": "SUBAGENT FINAL REVIEW ..."} once, then {}
 echo '{"conversation_id":"t2"}'       | bash ~/.agents/hooks/post-tool-use.sh     # drain t2's leftover feedback file
-# anchor-set nudge: fires PRE-COMPILE NUDGE on the first edit, silent on the second
-echo '{"conversation_id":"t3","file_path":"/tmp/x.py"}' | bash ~/.agents/hooks/anchor-set-nudge.sh
-echo '{"conversation_id":"t3"}'       | bash ~/.agents/hooks/post-tool-use.sh     # expect additional_context containing "PRE-COMPILE NUDGE"
-echo '{"conversation_id":"t3","file_path":"/tmp/y.py"}' | bash ~/.agents/hooks/anchor-set-nudge.sh  # second edit -> flag armed -> silent
-echo '{"conversation_id":"t3"}'       | bash ~/.agents/hooks/post-tool-use.sh     # expect {} (nothing new stashed)
-echo '{}' | bash ~/.cursor/inject-doctrine.sh                                     # expect {"additional_context": ...}
-python3 ~/.cursor/skills/anti-slop/scripts/scan_slop.py --help                    # expect usage text (final review's scanner)
+# intent-anchor: writes .scope.json from the current prompt and re-injects it.
+# Needs a repo root in cwd (it will NOT write to $HOME - that's the guard).
+echo '{"conversation_id":"t3","cwd":"/tmp","file_path":"/tmp/x.py"}' | bash ~/.agents/hooks/intent-anchor.sh
+cat /tmp/.scope.json                                                         # expect a JSON scaffold with intent placeholder
+echo '{"conversation_id":"t3"}'       | bash ~/.agents/hooks/post-tool-use.sh # expect additional_context with the scaffold
+echo '{}' | bash ~/.cursor/inject-doctrine.sh                                # expect {"additional_context": ...}
+python3 ~/.cursor/skills/anti-slop/scripts/scan_slop.py --help               # expect usage text (final review's scanner)
+rm -f /tmp/.scope.json                                                        # cleanup the test scaffold
 ```
 
 If the scanner check fails, the final review still works — it falls back to the
@@ -96,11 +97,13 @@ Windows (same payloads, swap `bash ~/...sh` for `pwsh.exe -NoProfile -File $HOME
 echo '{"command":"git push --force"}' | pwsh.exe -NoProfile -File $HOME\.agents\hooks\permission-gate.ps1
 echo '{"conversation_id":"t2","file_path":"C:\tmp\x.py"}' | pwsh.exe -NoProfile -File $HOME\.agents\hooks\self-review-trigger.ps1
 echo '{"conversation_id":"t2","status":"completed"}' | pwsh.exe -NoProfile -File $HOME\.agents\hooks\subagent-stop-review.ps1  # SUBAGENT FINAL REVIEW once, then {}
-# anchor-set nudge: fires PRE-COMPILE NUDGE on the first edit, silent on the second
-echo '{"conversation_id":"t3","file_path":"C:\tmp\x.py"}' | pwsh.exe -NoProfile -File $HOME\.agents\hooks\anchor-set-nudge.ps1
-echo '{"conversation_id":"t3"}'  | pwsh.exe -NoProfile -File $HOME\.agents\hooks\post-tool-use.ps1   # additional_context with "PRE-COMPILE NUDGE"
-echo '{"conversation_id":"t3","file_path":"C:\tmp\y.py"}' | pwsh.exe -NoProfile -File $HOME\.agents\hooks\anchor-set-nudge.ps1  # second edit -> silent
+# intent-anchor: writes .scope.json from the current prompt and re-injects it.
+# Needs a repo root in cwd (it will NOT write to $HOME - that's the guard).
+echo '{"conversation_id":"t3","cwd":"C:\tmp","file_path":"C:\tmp\x.py"}' | pwsh.exe -NoProfile -File $HOME\.agents\hooks\intent-anchor.ps1
+Get-Content C:\tmp\.scope.json                                            # expect a JSON scaffold with intent placeholder
+echo '{"conversation_id":"t3"}'  | pwsh.exe -NoProfile -File $HOME\.agents\hooks\post-tool-use.ps1  # additional_context with the scaffold
 python $HOME\.cursor\skills\anti-slop\scripts\scan_slop.py --help
+Remove-Item C:\tmp\.scope.json -Force                                     # cleanup the test scaffold
 ```
 
 Also validate the config: `~/.cursor/hooks.json` must parse as JSON.
@@ -109,7 +112,7 @@ Also validate the config: `~/.cursor/hooks.json` must parse as JSON.
 
 1. Restart Cursor (hooks.json is read at startup).
 2. Open any project and start a new agent chat. The doctrine should be in context — ask the agent "what does your doctrine say about diffs?" and it should answer from §2; ask "what is the Anchor Set?" and it should answer from `pre-compile.md` (Objective / Constraints / Scope / Deterministic success).
-3. Have the agent make a small edit to a tracked file. On the next turn it should receive a `SELF-REVIEW TRIGGER` message, and (if it's the first edit of that turn) a `PRE-COMPILE NUDGE` reminder to write its Anchor Set to `.scope.json`. The nudge re-fires on the first edit of each new turn.
+3. Have the agent make a small edit to a tracked file. On the next turn it should receive a `SELF-REVIEW TRIGGER` message, and `intent-anchor` should have written `.scope.json` to the repo root (intent from your prompt, `<TODO>` placeholders for files/acceptance). The scaffold regenerates when your prompt changes and is re-injected every turn.
 4. Ask the agent to run `git push --force` (in a throwaway repo). The permission gate must block it.
 5. Finish a small implementation and stop. A single `FINAL REVIEW` follow-up should fire — exactly once.
 6. Delegate a small edit to a subagent (e.g. ask the agent to "use a generalPurpose subagent to add a comment to <file>"). The subagent should receive one `SUBAGENT FINAL REVIEW` follow-up before returning, and the parent should see `SUBAGENT WORK DETECTED` at its next tool boundary. (`subagentStop` is only read at startup — if nothing fires, restart Cursor again.)
@@ -120,4 +123,4 @@ Also validate the config: `~/.cursor/hooks.json` must parse as JSON.
 
 Tell the user what was installed, which checks passed, and anything that failed with the exact error. Do not silently work around a failing check.
 
-Kill switches if something misbehaves: `HOOKS_ENFORCE=0` (everything advisory off), `PERM_GATE_ENFORCE=0`, `ANCHOR_NUDGE_ENFORCE=0` (pre-compile nudge off), `INTENT_ANCHOR_ENFORCE=0` (thin-intent re-injection off), `MINIMAL_EDITING_ENFORCE=0` (deprecated in 0.3.0), `SEMANTIC_DENSITY_ENFORCE=0`, `SCOPE_GATE_ENFORCE=0`, `ANTI_SLOP_ENFORCE=0`, `FINAL_REVIEW_ENFORCE=0`, `SUBAGENT_REVIEW_ENFORCE=0`.
+Kill switches if something misbehaves: `HOOKS_ENFORCE=0` (everything advisory off), `PERM_GATE_ENFORCE=0`, `INTENT_ANCHOR_ENFORCE=0` (thin-intent `.scope.json` scaffold/re-injection off), `SEMANTIC_DENSITY_ENFORCE=0`, `SCOPE_GATE_ENFORCE=0`, `ANTI_SLOP_ENFORCE=0`, `FINAL_REVIEW_ENFORCE=0`, `SUBAGENT_REVIEW_ENFORCE=0`.

package/README.md

@@ -21,9 +21,9 @@
 
 Cursor hooks that make the agent review its own edits without bolting a static-analysis pipeline onto every keystroke. No regex army, no scoring engine. Four jobs:
 
-1. **Compile intent before coding** (proactive) — at session start the agent gets the doctrine plus the **Anchor Set** discipline (`pre-compile.md`): before writing code it must emit *Objective / Constraints / Scope / Deterministic success*, and write that contract to `.scope.json`. On the first edit of each agent turn a `anchor-set-nudge` advisory fires to catch intent dilution at token ~50 instead of waiting for the stop-hook review at token ~5000.
+1. **Compile intent before coding** (proactive) — at session start the agent gets the doctrine plus the **Anchor Set** discipline (`pre-compile.md`): before writing code it must emit *Objective / Constraints / Scope / Deterministic success*. `intent-anchor` materializes that as `.scope.json` on the first tool of each turn (auto-created, regenerated when the prompt changes) and re-injects it into context every turn, so the contract stays in focus against Salience Dilution.
 2. **Inject the doctrine** at session start — every chat starts with the same short governing text (`doctrine.md`, `USER-RULES.md`, `declared-editing.md` the YAGNI ultra ladder, and `pre-compile.md` the thin intent-compilation phase).
-3. **Hand the model its own edits back** (reactive) — after each agent edit, a self-review prompt goes into a pending file (plus semantic-density, scope-gate, anti-slop, and the pre-compile nudge advisories when they trip). Next turn the model reads its diff, fixes real bugs, stays quiet otherwise.
+3. **Hand the model its own edits back** (reactive) — after each agent edit, a self-review prompt goes into a pending file (plus semantic-density, scope-gate, and anti-slop advisories when they trip). Next turn the model reads its diff, fixes real bugs, stays quiet otherwise.
 4. **Gate blast radius** — one permission gate denies a short explicit list of dangerous commands (`rm -rf /`, `curl | sh`, force-push, `npm publish`, ...). Everything else passes.
 
 When an implementation finishes, the stop hook runs one final review over everything that changed, then stops. Six axes. The first is **intent trace**: the hook pulls your last user message from the transcript and prepends it to the review so the model has to tie every diff hunk to a concrete request. Anything it can't trace is a hallucinated requirement and gets reverted. That's the only check that catches "clean code, wrong feature" — linters and later axes miss it.
@@ -90,13 +90,13 @@ Two machine-checkable consequences:
 - **`scope-gate-audit`** (afterFileEdit, opt-in via `.scope.json` existing) audits every edit against `files[]` and quotes `intent` + `acceptance` back on a violation. Editing outside the declared set is the textbook scope-creep signal.
 - **final-review axis 0** (intent trace) traces every diff hunk back to `intent`. Anything untraceable is a hallucinated requirement.
 
-On the **first edit of each agent turn**, `anchor-set-nudge` drops a reminder into the feedback bus: *did you write your Anchor Set to `.scope.json`?* One nudge per turn — the latch is armed on that first edit and cleared **unconditionally** by the stop hook on every turn boundary, so the next turn re-earns its nudge. A long chat with N turns gets up to N nudges, and the latch can never get stranded silenced mid-session.
+On the **first tool of each agent turn**, `intent-anchor` materializes the Anchor Set: it writes `.scope.json` to the repo root (regenerating it when the prompt changed) and re-injects it into context. One scaffold per prompt, re-injection per turn. The latch is armed on first fire and cleared **unconditionally** by the stop hook on every turn boundary, so the next turn re-fires and can never get stranded silenced mid-session.
 
 The Anchor Set is skipped for trivial one-liners (typo, literal) — the `declared-editing.md` ladder's rung 1 governs when it's overkill.
 
 ### Keeping the contract alive: `intent-anchor` (anti-Salience-Dilution)
 
-Writing `.scope.json` once is not enough. As a conversation fills with code, logs and errors, the token of the original request shrinks to a rounding error against the recent history — *Salience Dilution* — and the agent stops checking the contract it wrote at prompt 1. It forgets symmetry, colors, the acceptance bar. This is the failure mode the nudge alone can't fix (a reminder that the contract exists ≠ the contract being in context).
+Writing `.scope.json` once is not enough. As a conversation fills with code, logs and errors, the token of the original request shrinks to a rounding error against the recent history — *Salience Dilution* — and the agent stops checking the contract it wrote at prompt 1. It forgets symmetry, colors, the acceptance bar. Re-injecting the contract every turn is what defeats this: the requirements are re-stated in front of the model before each edit, not just written once and hoped-for.
 
 `intent-anchor` (`postToolUse`, registered first so it runs before `post-tool-use` drains the bus) does two things on the **first tool boundary of every turn** (per-turn latch, cleared unconditionally at each stop):
 
@@ -114,7 +114,7 @@ Crucially, `intent-anchor` carries the **semantic** contract (`intent`/`acceptan
 | Session | `sessionStart` | `inject-doctrine` reads doctrine + user rules + declared-editing + **pre-compile** and emits them as `additional_context`. |
 | Every turn | `postToolUse` | **`intent-anchor`** (registered first) re-injects `.scope.json` into `additional_context` at the first tool boundary of each turn — the anti-Salience-Dilution move that keeps `intent` + `acceptance` in the model's attentional focus before edits pile up. If the prompt changed since last turn, it demands the contract be updated. Then `post-tool-use` folds subagent markers and drains the feedback file. |
 | Shell | `beforeShellExecution` | `permission-gate` checks the command against a deny list. Allow by default, deny by list, fail open. |
-| Edit | `afterFileEdit` + `stop` | **Proactive:** `anchor-set-nudge` fires once per turn (on its first edit) to push the Anchor Set. **Reactive:** `self-review-trigger` stashes the review prompt per edit; `minimal-edit-audit` (deprecated), `semantic-density-audit`, `scope-gate-audit` (opt-in, audits `.scope.json`), and `anti-slop-audit` append advisories when they trip; `final-review` fires one end-of-implementation six-axis pass. |
+| Edit | `afterFileEdit` + `stop` | **Proactive:** `intent-anchor` (`postToolUse`) scaffolds `.scope.json` per prompt and re-injects it each turn. **Reactive:** `self-review-trigger` stashes the review prompt per edit; `semantic-density-audit`, `scope-gate-audit` (opt-in, audits `.scope.json`), and `anti-slop-audit` append advisories when they trip; `final-review` fires one end-of-implementation six-axis pass. |
 | Subagent | `subagentStop` | `subagent-stop-review` fires one in-subagent final review when a delegated run edited files, before the result returns to the parent. Marker-gated and flag-braked like `final-review`. |
 
 ## Layout
@@ -149,9 +149,7 @@ All hooks fail open and always exit 0. Nothing here can block your session.
 |---|---|---|
 | `HOOKS_ENFORCE=0` | on | turns off all advisory hooks at once |
 | `PERM_GATE_ENFORCE=0` | on | disables the permission gate |
-| `ANCHOR_NUDGE_ENFORCE=0` | on | disables the pre-compile nudge (first-edit Anchor Set reminder) |
-| `INTENT_ANCHOR_ENFORCE=0` | on | disables the thin-intent re-injection (per-turn `.scope.json` echo into `additional_context`) |
-| `MINIMAL_EDITING_ENFORCE=0` | on | disables the over-edit advisory (deprecated in 0.3.0) |
+| `INTENT_ANCHOR_ENFORCE=0` | on | disables the thin-intent `.scope.json` scaffold + re-injection |
 | `SCOPE_GATE_ENFORCE=0` | on | disables the declared-scope advisory (opt-in: only fires when `.scope.json` exists) |
 | `SEMANTIC_DENSITY_ENFORCE=0` | on | disables the semantic-opacity advisory |
 | `ANTI_SLOP_ENFORCE=0` | on | disables the slop advisory |
@@ -164,7 +162,7 @@ All hooks fail open and always exit 0. Nothing here can block your session.
 
 - **State lives under `$HOME`**, in `~/.cursor/.hooks-pending/`, keyed by conversation id. No repo litter. Concurrent sessions can't drain each other's prompts. Stale state older than 7 days gets swept on every stop.
 - **`afterFileEdit` output isn't consumed by Cursor**, so edit hooks write to a pending file and `post-tool-use` re-emits it at the next tool boundary. That's the whole message bus.
-- **One review per implementation.** The stop hook arms a per-conversation flag before emitting its follow-up, so a crash can't re-fire it and a long chat still gets a review after each implementation. The `anchor-set-nudge` latch is separate and simpler: it's cleared **unconditionally** on every stop, so the nudge re-fires on the first edit of each new turn and can never get stranded silenced mid-session.
+- **One review per implementation.** The stop hook arms a per-conversation flag before emitting its follow-up, so a crash can't re-fire it and a long chat still gets a review after each implementation. The `intent-anchor` per-turn latch is separate and simpler: it's cleared **unconditionally** on every stop, so the scaffold/re-inject re-fires on the first tool of each new turn and can never get stranded silenced mid-session.
 - **The `.scope.json` contract is opt-in.** No `.scope.json` in the repo root → `scope-gate-audit` stays silent and the system falls back to the `declared-editing` ladder plus the final-review footprint check. Writing the file is how the agent opts into a machine-checked scope.
 - **Subagents are first-class.** `afterFileEdit` fires inside subagents keyed by the subagent's conversation id. The harness normalizes agent edits (incl. `StrReplace`) to tool type `Write`, and `postToolUse` never fires for the `Task` tool — verified by payload capture. Matchers cover `Write|StrReplace|EditNotebook` defensively. `subagentStop` reviews the subagent in its own context. The parent folds orphaned subagent markers (from the `subagents/` transcript directory) into its own at every tool boundary and at stop.
 

package/bin/cli.mjs

@@ -284,43 +284,6 @@ function verify() {
     return true;
   });
 
-  check('anchor-set nudge fires once per turn, stop re-arms it', () => {
-    // anchor-set-nudge appends to feedback-<cid>.txt (the shared bus) rather
-    // than emitting JSON directly; drain it the same way post-tool-use does.
-    const drainedOf = (cidv) => runHook(hook('post-tool-use'), { conversation_id: cidv });
-
-    // --- Turn 1 -------------------------------------------------------------
-    // First edit -> nudge stashes into the feedback bus and arms the latch.
-    runHook(hook('anchor-set-nudge'), { conversation_id: 'npxv3', file_path: join(HOME, 'x.py') });
-    if (!drainedOf('npxv3').includes('PRE-COMPILE NUDGE')) {
-      return { ok: false, detail: 'nudge did not reach the feedback bus on first edit' };
-    }
-    // Second edit same turn -> latch armed, nudge must stay silent.
-    runHook(hook('anchor-set-nudge'), { conversation_id: 'npxv3', file_path: join(HOME, 'y.py') });
-    if (drainedOf('npxv3').includes('PRE-COMPILE NUDGE')) {
-      return { ok: false, detail: 'nudge re-fired on second edit (latch not gating)' };
-    }
-    // End of turn: final-review clears the latch unconditionally. Drive a
-    // review-less stop (no session-edits marker) so it hits the clear path and
-    // exits {}, same as a turn that produced no reviewable edits.
-    const stopOut = runHook(hook('final-review'), { conversation_id: 'npxv3', status: 'completed' });
-    if (stopOut !== '{}' && stopOut.replace(/\s/g, '') !== '{}') {
-      // A review fired (fine - the earlier edit left a session-edits marker via
-      // self-review-trigger if one ran). What matters is the latch got cleared;
-      // we verify that with the next-turn re-fire below.
-    }
-    // --- Turn 2 -------------------------------------------------------------
-    // First edit of the NEXT turn -> latch was cleared at the stop boundary, so
-    // the nudge MUST re-fire. This is the regression that 0.4.0 shipped broken:
-    // the latch only cleared on the fragile second-stop path, so it stranded
-    // and the nudge went permanently silent mid-session.
-    runHook(hook('anchor-set-nudge'), { conversation_id: 'npxv3', file_path: join(HOME, 'z.py') });
-    if (!drainedOf('npxv3').includes('PRE-COMPILE NUDGE')) {
-      return { ok: false, detail: 'nudge did NOT re-fire on the next turn (latch stranded at the stop boundary)' };
-    }
-    return true;
-  });
-
   check('intent-anchor scaffolds .scope.json per-prompt, never to $HOME', () => {
     // The user-requested behavior: every NEW prompt -> a fresh .scope.json
     // in the repo root, intent locked from the query. Same prompt -> re-inject
@@ -513,9 +476,7 @@ Examples
 Kill switches (environment variables, all hooks fail open)
   HOOKS_ENFORCE=0              everything advisory off
   PERM_GATE_ENFORCE=0          permission gate off
-  ANCHOR_NUDGE_ENFORCE=0       pre-compile nudge off (first-edit Anchor Set reminder)
-  INTENT_ANCHOR_ENFORCE=0      thin-intent re-injection off (per-turn .scope.json echo)
-  MINIMAL_EDITING_ENFORCE=0    over-edit advisory off (deprecated in 0.3.0)
+  INTENT_ANCHOR_ENFORCE=0      thin-intent scaffold/re-injection off
   SEMANTIC_DENSITY_ENFORCE=0   semantic-opacity advisory off
   SCOPE_GATE_ENFORCE=0         declared-scope advisory off
   ANTI_SLOP_ENFORCE=0          slop advisory off

package/linux/hooks/anti-slop-audit.sh

@@ -1,10 +1,8 @@
 #!/usr/bin/env bash
 # anti-slop-audit.sh - afterFileEdit "AI slop" advisory (Cursor, Linux).
 #
-# Companion to minimal-edit-audit.sh. That hook guards ONE slop axis -
-# over-editing. This hook guards the rest of the taxonomy: the parts static
-# analysis can cheaply and precisely flag, plus a self-review checklist for
-# the parts it cannot.
+# Guards the parts of the slop taxonomy static analysis can cheaply and
+# precisely flag, plus a self-review checklist for the parts it cannot.
 #
 #   Statically flagged (high-precision, deliberately low false-positive):
 #     * new dependency added to a manifest
@@ -174,6 +172,9 @@ msg="Anti-slop audit - $rel
 ${flag_block}${checklist}
 
 (Advisory; the bug pass is the self-review trigger. Disable: ANTI_SLOP_ENFORCE=0)"
+# Expand ~ so the model gets literal absolute paths (followups should be
+# copy-pasteable; bash expands ~ but the agent may not be in a bash context).
+msg="$(expand_agent_paths "$msg")"
 
 # --- append to the shared pending file --------------------------------------
 cid="$(safe_conversation_id "$input")"

package/linux/hooks/final-review.sh

@@ -36,21 +36,18 @@ cid="$(safe_conversation_id "$input")"
 pending_dir="$(hooks_pending_dir)"
 marker="$pending_dir/session-edits-$cid.txt"
 flag="$pending_dir/reviewed-$cid.flag"
-anchor_flag="$pending_dir/anchor-declared-$cid.flag"
 intent_latch="$pending_dir/intent-injected-$cid.flag"
 
 # Sweep state from sessions that died before their stop hook ran.
 find "$pending_dir" -maxdepth 1 -type f -mtime +7 -delete 2>/dev/null
 
-# Unconditionally clear the per-turn latches so the next turn re-fires. Every
-# stop is a turn boundary; clearing here (not only inside the reviewed-flag
-# block below) guarantees these re-fire on the first edit/tool of the NEXT
-# turn and can never get stranded silenced mid-session:
-#   - anchor-declared-<cid>.flag  (anchor-set-nudge, first-edit reminder)
-#   - intent-injected-<cid>.flag  (intent-anchor, first-tool re-injection)
+# Unconditionally clear the intent-anchor per-turn latch so the next turn
+# re-fires. Every stop is a turn boundary; clearing here (not only inside the
+# reviewed-flag block below) guarantees it re-fires on the first tool of the
+# NEXT turn and can never get stranded silenced mid-session.
 # last-query-<cid>.hash is NOT cleared here - it persists turn-to-turn so
 # intent-anchor can detect prompt changes; the 7-day sweep above reaps it.
-rm -f "$anchor_flag" "$intent_latch" 2>/dev/null
+rm -f "$intent_latch" 2>/dev/null
 
 # One-shot brake: the previous stop for this conversation emitted the review.
 if [ -f "$flag" ]; then
@@ -83,16 +80,17 @@ body=""
 if [ -z "$body" ]; then
     body='FINAL REVIEW - audit everything you changed this session and FIX what fails
 (do NOT revert the behaviour the user asked for):
+  0. Intent trace - tie every diff hunk back to the ORIGINAL REQUEST above.
+     Anything untraceable is a hallucinated requirement: revert it. Runs FIRST.
   1. Correctness - logic, edge cases (null/empty/zero/boundary), language traps, security.
   2. Reliability - error paths handled (no empty catch), timeouts/retries, resources
      released on every path, no races, input validated at the boundary.
   3. Coverage - behaviour-bearing changes have real tests; RUN the suite if present;
      no tautological tests.
-  4. Anti-slop - read ~/.agents/hooks/anti-slop.md and apply all 13 items to
-     the session diff. If ~/.cursor/skills/anti-slop/scripts/scan_slop.py exists,
-     run `python ~/.cursor/skills/anti-slop/scripts/scan_slop.py --all` first.
-     Consolidate clones; drop premature abstraction, unneeded deps, operational
-     slop (retries, await-in-loop, log spam), unjustified files.
+  4. Anti-slop - if the anti-slop scanner exists, run `python <scanner> --all` first;
+     then read ~/.agents/hooks/anti-slop.md (the single source of truth) and apply all
+     13 items to the session diff. Consolidate clones; drop premature abstraction,
+     unneeded deps, operational slop, unjustified files. Do NOT re-list the items here.
   5. Wiring completeness - for every user-visible behavior you added/changed
      (button, submit, API call, route, state transition), trace its execution
      path to a REAL EFFECT (persist, mutate, call, render). A dead end is slop:
@@ -101,6 +99,9 @@ if [ -z "$body" ]; then
      now or remove the dead half; mark later-stubs with TODO(wire):.
 Fix now, re-run the scan + tests, then stop. If an axis is clean, say so in one line.'
 fi
+# Expand ~ in the body AND the fallback, so the model gets literal absolute
+# paths it can paste at the shell (bash expands ~, but followups should emit
+# literals agents can copy-paste without re-interpreting).
 body="$(expand_agent_paths "$body")"
 
 # Regla R1 (re-entry): if this review pass is a re-audit after a failed gate or

package/linux/hooks/semantic-density-audit.sh

@@ -1,11 +1,10 @@
 #!/usr/bin/env bash
 # semantic-density-audit.sh - afterFileEdit "semantic opacity" advisory (Cursor, Linux).
 #
-# Guards the naming layer the other audit hooks do not see. minimal-edit-audit
-# watches diff SIZE; anti-slop-audit watches generated-code PATTERNS; this hook
-# watches whether the identifiers the agent JUST introduced actually communicate
-# intent. DataManager, process(), utils.ts, CoreEngine - names that exist but
-# say nothing.
+# Guards the naming layer the other audit hooks do not see. anti-slop-audit
+# watches generated-code PATTERNS; this hook watches whether the identifiers
+# the agent JUST introduced actually communicate intent. DataManager,
+# process(), utils.ts, CoreEngine - names that exist but say nothing.
 #
 # Mechanism: extract ADDED lines from `git diff HEAD -- <rel>` (with the
 # untracked-file fallback anti-slop-audit uses), pipe them to density_scan.py

package/linux/hooks/subagent-stop-review.sh

@@ -44,13 +44,13 @@ cid="$(safe_conversation_id "$input")"
 pending_dir="$(hooks_pending_dir)"
 marker="$pending_dir/session-edits-$cid.txt"
 flag="$pending_dir/reviewed-$cid.flag"
-anchor_flag="$pending_dir/anchor-declared-$cid.flag"
 intent_latch="$pending_dir/intent-injected-$cid.flag"
 
-# Unconditionally clear the per-turn latches so the next subagent run re-fires.
-# Clearing here (not only inside the reviewed-flag block below) can never strand
-# them silenced. last-query-<cid>.hash is kept (cross-turn prompt-change detect).
-rm -f "$anchor_flag" "$intent_latch" 2>/dev/null
+# Unconditionally clear the intent-anchor per-turn latch so the next subagent
+# run re-fires. Clearing here (not only inside the reviewed-flag block below)
+# can never strand it silenced. last-query-<cid>.hash is kept (cross-turn
+# prompt-change detect).
+rm -f "$intent_latch" 2>/dev/null
 
 # One-shot brake: the previous subagentStop for this id emitted the review.
 if [ -f "$flag" ]; then
@@ -76,13 +76,15 @@ body=""
 [ -f "$prompt_file" ] && body="$(cat "$prompt_file")"
 if [ -z "$body" ]; then
     body='Audit everything you changed in this run and FIX what fails (do NOT revert the
-behaviour the task asked for):
+behaviour the task asked for). Six axes, in order:
+  0. Intent trace - tie every diff hunk back to your original task. Untraceable = hallucinated.
   1. Correctness - logic, edge cases (null/empty/zero/boundary), language traps, security.
   2. Reliability - error paths handled, no swallowed errors, resources released.
   3. Coverage - behaviour-bearing changes have real tests; RUN the suite if present.
-  4. Anti-slop - if ~/.cursor/skills/anti-slop/scripts/scan_slop.py exists, run
-     `python ~/.cursor/skills/anti-slop/scripts/scan_slop.py --all`; otherwise
-     apply ~/.agents/hooks/anti-slop.md to the session diff.
+  4. Anti-slop - if the scanner exists, run it --all first; otherwise read
+     ~/.agents/hooks/anti-slop.md (the single source of truth) and apply all 13 items.
+  5. Wiring completeness - trace every added behavior to a REAL EFFECT (persist/mutate/call/render).
+     A dead end (handleSubmit that doesn'"'"'t persist, an endpoint no caller invokes) is slop.
 If an axis is clean, say so in one line. Then stop.'
 fi
 body="$(expand_agent_paths "$body")"

package/linux/hooks.json

@@ -15,12 +15,6 @@
         "matcher": "^(Write|StrReplace|EditNotebook)$",
         "_comment": "5s: record the edit in ~/.cursor/.hooks-pending/session-edits-<conversation_id>.txt and stash the self-review prompt in feedback-<conversation_id>.txt. The harness normalizes agent file edits (incl. StrReplace) to tool type 'Write' in this event - verified via payload capture - so ^Write$ matches them all; the alternation is defensive against future harness versions reporting raw tool names. Anchored so TabWrite (every user tab-completion) stays excluded. The model is the auditor. NOTE: fires inside subagent contexts too, keyed by the SUBAGENT's conversation_id - see subagentStop + the marker fold in post-tool-use.sh/final-review.sh."
       },
-      {
-        "command": "bash ~/.agents/hooks/minimal-edit-audit.sh",
-        "timeout": 15,
-        "matcher": "^(Write|StrReplace|EditNotebook)$",
-        "_comment": "15s (DEPRECATED in 0.3.0, superseded by semantic-density-audit + declared-editing; retained for compat, removal slated for 0.4.0): minimal-editing advisory on the edited file (git --numstat line-count). Size-based gate; the intent-declared gate supersedes it. Appends findings to the conversation's pending file; never blocks. Disable: HOOKS_ENFORCE=0 or MINIMAL_EDITING_ENFORCE=0."
-      },
       {
         "command": "bash ~/.agents/hooks/semantic-density-audit.sh",
         "timeout": 15,
@@ -37,13 +31,7 @@
         "command": "bash ~/.agents/hooks/anti-slop-audit.sh",
         "timeout": 15,
         "matcher": "^(Write|StrReplace|EditNotebook)$",
-        "_comment": "15s: AI-slop advisory, companion to minimal-edit-audit. git diff flags new deps / premature abstractions (Factory/Repository/Mediator/CQRS/DDD) / redundant comments, and injects the anti-slop.md self-review checklist on substantial edits (>= ANTI_SLOP_CHECKLIST_LINES, default 40). Appends to the conversation's pending file; never blocks. Disable: HOOKS_ENFORCE=0 or ANTI_SLOP_ENFORCE=0."
-      },
-      {
-        "command": "bash ~/.agents/hooks/anchor-set-nudge.sh",
-        "timeout": 5,
-        "matcher": "^(Write|StrReplace|EditNotebook)$",
-        "_comment": "5s: PROACTIVE pre-compile nudge. On the FIRST edit of each agent turn (per conversation), remind the agent to compile its Anchor Set (pre-compile.md) into .scope.json BEFORE piling on more code. The reactive audits (self-review / anti-slop / final-review axis 0) only fire after code exists; this catches intent dilution at token ~50 instead of ~5000. One-shot per turn: gated by anchor-declared-<cid>.flag, armed here on first edit and cleared UNCONDITIONALLY by final-review.sh / subagent-stop-review.sh on every stop - so it re-fires on the first edit of the next turn and can never get stranded silenced. Advisory only; never blocks. Disable: HOOKS_ENFORCE=0 or ANCHOR_NUDGE_ENFORCE=0."
+        "_comment": "15s: AI-slop advisory. git diff flags new deps / premature abstractions (Factory/Repository/Mediator/CQRS/DDD) / redundant comments, and injects the anti-slop.md self-review checklist on substantial edits (>= ANTI_SLOP_CHECKLIST_LINES, default 40). Appends to the conversation's pending file; never blocks. Disable: HOOKS_ENFORCE=0 or ANTI_SLOP_ENFORCE=0."
       }
     ],
     "postToolUse": [
@@ -78,7 +66,7 @@
     "stop": [
       {
         "command": "bash ~/.agents/hooks/final-review.sh",
-        "timeout": 5,
+        "timeout": 10,
         "loop_limit": 5,
         "_comment": "5s: ONE comprehensive end-of-implementation review across correctness + reliability + coverage + anti-slop. If the agent edited files this loop (session-edits-<conversation_id> marker), returns {followup_message} so Cursor auto-submits ONE review pass. Bounded by the script's per-conversation reviewed-flag (one review per implementation); loop_limit is the harness-side runaway cap. Disable: HOOKS_ENFORCE=0 or FINAL_REVIEW_ENFORCE=0."
       }

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "cursordoctrine",
-  "version": "0.4.6",
-  "description": "Thin self-review hooks for Cursor — the model is the auditor. Proactive intent compilation (pre-compile Anchor Set + auto-scaffolded .scope.json that regenerates per prompt and re-injects every turn against Salience Dilution), intent-trace final review (Tier 0), unified 13-item anti-slop checklist, operational slop detection.",
+  "version": "0.5.1",
+  "description": "Thin self-review hooks for Cursor — the model is the auditor. Pruned + deduplicated: intent-anchor (auto-scaffolded .scope.json per prompt + per-turn re-injection against Salience Dilution), intent-trace final review, unified anti-slop checklist as single source of truth.",
   "bin": {
     "cursordoctrine": "bin/cli.mjs"
   },

package/skills/anti-slop/SKILL.md

@@ -20,7 +20,7 @@ description: >-
   duplicate utilities.
 metadata:
   layer: active-cleanup
-  pairs-with: declared-editing (supersedes minimal-editing), semantic-density-audit
+  pairs-with: declared-editing, semantic-density-audit
 ---
 
 # Anti-Slop
@@ -275,8 +275,7 @@ low-density identifiers per edit — shares `low_density.py` with this scanner's
 `semantic_density` bucket), the **scope-gate-audit hook**
 (`scope-gate-audit.ps1` / `.sh`, Compuerta 1 — opt-in declared-scope gate
 that flags edits outside `.scope.json`; shares `scope_match.py` with the
-final-review Step D closing gate), the **stop hook** (`final-review.ps1` / `.sh`,
+**stop hook** (`final-review.ps1` / `.sh`,
 six-axis session review incl. intent trace and wiring completeness), and
-**declared-editing** (YAGNI ultra ladder injected at session start;
-supersedes the deprecated `minimal-editing` size gate). This skill is the
-active "delete it now" layer those only nudge toward.
+**declared-editing** (YAGNI ultra ladder injected at session start).
+This skill is the active "delete it now" layer those only nudge toward.

package/windows/doctrine.md

@@ -13,27 +13,25 @@ new rule, you do not add it here — you do the work.
 
 ## 1. You are the auditor
 
-The harness gives you one piece of safety net: a **permission-gate** that
-denies a small list of dangerous commands (rm -rf on absolute paths,
-curl|sh, force-push, npm publish, etc.). It does **not** audit your code.
-It does **not** run linters. It does **not** score your diffs. **You**
-are the auditor. After every `Edit`, the harness hands you your own diff
-back via `additional_context` and asks you to review it for bugs. You
-must review, fix what is broken, and stay silent otherwise. The exact
-self-review prompt is in `self-review.md` next to the hook scripts
-(installed under `~/.agents/hooks/` — if you cannot find it, run
-`find ~/.agents ~/.cursor ~/.config -name self-review.md 2>/dev/null`
-on first session).
+The harness ships a set of **advisory hooks** — small scripts that flag
+patterns after you edit (semantic density, declared-scope drift, AI slop) and
+hand them back to you as `additional_context`. They never block, never revert,
+never decide anything. They surface signals; **you** decide. A permission-gate
+denies a short list of dangerous shell commands (`rm -rf` on absolute paths,
+`curl|sh`, force-push, `npm publish`, ...). That is the only hard block. After
+every `Edit`, a self-review prompt is handed back to you so you re-read your
+own diff and fix bugs.
 
 This means:
 
-  - You do not need a regex engine. You do not need an AST pass. You do
-    not need 8 audit layers. You need to **read the file you just
-    changed, see if it is wrong, and fix it if so.**
-  - A heuristic audit that runs on every keystroke and never blocks
-    would still be wasted work. A self-review that you do yourself, in
-    your own context, is **free** — you have the file, the diff, the
-    user's intent, and the ability to fix. Use that.
+  - You do not need a deterministic gate to catch bugs. The hooks seed signals
+    (regex hits, scope violations, low-density names); you do the actual audit
+    — **read the file you just changed, see if it is wrong, fix it if so.**
+    A self-review you do yourself, in your own context, is **free** — you have
+    the file, the diff, the user's intent, and the ability to fix.
+  - The hooks are advisory, not authoritative. If a hook flags something and you
+    disagree, say so in one line and proceed. You outrank the hooks. They exist
+    to remind you, not to overrule you.
   - "Bugs" means things that would fail a careful code review at
     Anthropic / Stripe / Vercel. Style, naming, formatting, missing
     type hints, "you could write this more idiomatically" — these are
@@ -140,20 +138,18 @@ When you call Bash:
 
 ## 7. What you do not do
 
-  - You do not run 8 audit engines on every file. The harness does not
-    have them. You are the auditor.
+  - You do not treat the advisory hooks as a gate to satisfy. They surface
+    signals; the hooks do not block, and you are the auditor. Optimize for
+    "the change is correct, small, and the user can review it in 30 seconds,"
+    not for "no hook fired."
   - You do not write to `.stuck-files/`, `.audit-baselines/`, or any
     other hook state directory. Those are not your concern.
-  - You do not maintain a "strict quality gate" config. There isn't
-    one. The rules above *are* the gate.
   - You do not set kill-switch env vars (`HOOKS_ENFORCE=0`,
-    `MYTHOS_ENFORCE=0`, etc.). They don't exist anymore.
+    `INTENT_ANCHOR_ENFORCE=0`, etc.) to silence the hooks. They exist; work
+    with them, or tell the user if one is wrong.
   - You do not re-read the doctrine on every turn. You read it once,
     at session start, and internalize it. The self-review trigger
     will re-prompt you for the specific edit you're auditing.
-  - You do not optimize for "the gate passed." You optimize for
-    "the change is correct, small, and the user can review it in
-    30 seconds."
 
 ---
 

package/windows/hooks/anti-slop-audit.ps1

@@ -1,8 +1,6 @@
 # anti-slop-audit.ps1 - afterFileEdit "AI slop" advisory (Cursor).
 #
-# Companion to minimal-edit-audit.ps1. That hook guards ONE slop axis -
-# over-editing (diff size / token-Levenshtein / added complexity). This hook
-# guards the rest of the taxonomy: the parts static analysis can cheaply and
+# Guards the parts of the slop taxonomy static analysis can cheaply and
 # precisely flag, plus a self-review checklist for the parts it cannot.
 #
 #   Statically flagged (high-precision, deliberately low false-positive):
@@ -209,9 +207,11 @@ Fix guilty items now. Never revert what the user asked for.
 $flagBlock = if ($flags.Count -gt 0) { "Static signals on this edit:`n" + ($flags -join "`n") + "`n`n" } else { '' }
 
 # Concatenate (do NOT interpolate $checklist - its content must stay literal).
+# Expand ~ on the final message so the model gets literal absolute paths
+# (Windows pwsh does NOT expand ~; the agent may paste paths into a shell).
 $header = "Anti-slop audit - $rel`n`n"
 $footer = "`n`n(Advisory; the bug pass is the self-review trigger. Disable: ANTI_SLOP_ENFORCE=0)"
-$msg = $header + $flagBlock + $checklist + $footer
+$msg = Expand-AgentPaths ($header + $flagBlock + $checklist + $footer)
 
 # --- append to the shared pending file ------------------------------------
 $cid = Get-SafeConversationId $obj

package/windows/hooks/final-review.md

@@ -56,26 +56,18 @@ Step A — mechanical scan (if available):
 Step B — canonical checklist (always):
   Read `~/.agents/hooks/anti-slop.md` and apply ALL 13 items to every hunk you
   changed this session. That file is the single source of truth for slop
-  detection — items 1–10 are structural/code, 11 is semantic contracts, 12 is
-  operational slop (retries, await-in-loop, telemetry spam), 13 is change
-  surface. Fix every hit; consolidate clones to one source of truth.
+  detection — it is NOT repeated here. Fix every hit; consolidate clones to one
+  source of truth.
 
 Step C — session footprint (also in the header above):
   If "Session footprint" shows >5 files or the request was simple, justify each
   file or trim. Unjustified files are slop.
 
-Step D — declared scope (closing gate for Compuerta 1):
-  If `.scope.json` exists in the repo root, run the session's full diff against
-  the declared contract. In your shell:
-    for f in $(git diff --name-only HEAD); do
-      python ~/.cursor/skills/anti-slop/scripts/scope_match.py --path "$f" --patterns-file .scope.json
-    done
-  Any file reporting `"in_scope": false` is a scope violation you must justify
-  (add to .scope.json with a one-line reason) or revert. If `.scope.json` does
-  not exist, this step is skipped — the declared-editing ladder and the
-  per-edit scope-gate-audit hook are the opt-in discipline.
-
 Fix with edits now; re-run the scan (if Step A ran) and the tests; then stop.
+(The per-edit `scope-gate-audit` hook already checks `.scope.json` files[] on
+every edit — Step D of older versions ran that loop again here. Removed: it
+duplicated the live hook and burned tokens. If `.scope.json` exists, trust the
+per-edit gate; the intent trace in axis 0 is the whole-session backstop.)
 
 ## 5. Wiring completeness
 For every user-visible behavior you added or changed (button, form submit, API

package/windows/hooks/final-review.ps1

@@ -40,7 +40,6 @@ $cid = Get-SafeConversationId $obj
 $pendingDir = Get-HooksPendingDir
 $marker = Join-Path $pendingDir "session-edits-$cid.txt"
 $flag   = Join-Path $pendingDir "reviewed-$cid.flag"
-$anchorFlag  = Join-Path $pendingDir "anchor-declared-$cid.flag"
 $intentLatch = Join-Path $pendingDir "intent-injected-$cid.flag"
 
 # Sweep state from sessions that died before their stop hook ran. Cheap (one
@@ -49,16 +48,13 @@ Get-ChildItem $pendingDir -File -ErrorAction SilentlyContinue |
     Where-Object { $_.LastWriteTime -lt (Get-Date).AddDays(-7) } |
     Remove-Item -Force -ErrorAction SilentlyContinue
 
-# Unconditionally clear the per-turn latches so the next turn re-fires. Every
-# stop is a turn boundary; clearing here (not only inside the reviewed-flag
-# block below) guarantees these re-fire on the first edit/tool of the NEXT
-# turn and can never get stranded silenced mid-session:
-#   - anchor-declared-<cid>.flag  (anchor-set-nudge, first-edit reminder)
-#   - intent-injected-<cid>.flag  (intent-anchor, first-tool re-injection)
-# last-query-<cid>.hash is NOT cleared here - it must persist turn-to-turn so
-# intent-anchor can detect prompt changes; the 7-day sweep above reaps it when
-# a conversation truly dies.
-Remove-Item $anchorFlag, $intentLatch -Force -ErrorAction SilentlyContinue
+# Unconditionally clear the intent-anchor per-turn latch so the next turn
+# re-fires. Every stop is a turn boundary; clearing here (not only inside the
+# reviewed-flag block below) guarantees it re-fires on the first tool of the
+# NEXT turn and can never get stranded silenced mid-session.
+# last-query-<cid>.hash is NOT cleared here - it persists turn-to-turn so
+# intent-anchor can detect prompt changes; the 7-day sweep above reaps it.
+Remove-Item $intentLatch -Force -ErrorAction SilentlyContinue
 
 # One-shot brake: the previous stop for this conversation emitted the review.
 # Clear the flag (and whatever the review pass itself edited) and end the loop.
@@ -94,16 +90,17 @@ if (-not $body) {
     $body = @'
 FINAL REVIEW - audit everything you changed this session and FIX what fails
 (do NOT revert the behaviour the user asked for):
+  0. Intent trace - tie every diff hunk back to the ORIGINAL REQUEST above.
+     Anything untraceable is a hallucinated requirement: revert it. Runs FIRST.
   1. Correctness - logic, edge cases (null/empty/zero/boundary), language traps, security.
   2. Reliability - error paths handled (no empty catch), timeouts/retries, resources
      released on every path, no races, input validated at the boundary.
   3. Coverage - behaviour-bearing changes have real tests; RUN the suite if present;
      no tautological tests.
-  4. Anti-slop - read ~/.agents/hooks/anti-slop.md and apply all 13 items to
-     the session diff. If ~/.cursor/skills/anti-slop/scripts/scan_slop.py exists,
-     run `python ~/.cursor/skills/anti-slop/scripts/scan_slop.py --all` first.
-     Consolidate clones; drop premature abstraction, unneeded deps, operational
-     slop (retries, await-in-loop, log spam), unjustified files.
+  4. Anti-slop - if the anti-slop scanner exists, run `python <scanner> --all` first;
+     then read ~/.agents/hooks/anti-slop.md (the single source of truth) and apply all
+     13 items to the session diff. Consolidate clones; drop premature abstraction,
+     unneeded deps, operational slop, unjustified files. Do NOT re-list the items here.
   5. Wiring completeness - for every user-visible behavior you added/changed
      (button, submit, API call, route, state transition), trace its execution
      path to a REAL EFFECT (persist, mutate, call, render). A dead end is slop:
@@ -113,6 +110,9 @@ FINAL REVIEW - audit everything you changed this session and FIX what fails
 Fix now, re-run the scan + tests, then stop. If an axis is clean, say so in one line.
 '@
 }
+# Expand ~ in the body AND in the fallback above, so the model gets literal
+# absolute paths it can paste into pwsh on Windows (where ~ does NOT expand).
+# Same treatment applied to the scanner path so the anti-slop Step A command runs.
 $body = Expand-AgentPaths $body
 
 # Regla R1 (re-entry): if this review pass is a re-audit after a failed gate or

package/windows/hooks/self-review.md

@@ -6,31 +6,25 @@ file. Your job, on this turn, is to:
   3. Decide: does this edit introduce any of the following?
      - **Security**: hardcoded secret (AWS key, private key, API token,
        password in source), `eval(`, `exec(`, `pickle.loads`, `verify=False`,
-       `child_process` with user input, `dangerouslySetInnerHTML` with
-       untrusted data, SQL string concat.
+       SQL string concat. (Full taxonomy lives in anti-slop.md item 9 +
+       the scanner; this is the high-confidence shortlist to act on now.)
      - **Correctness**: assignment-in-condition (`if (x = 5)`), `==`/`!=`
        with `null`/`None`/`NaN` in a comparison, `forEach` with `await`,
        async `useEffect` with side-effects missing cleanup, `==` instead
        of `===` in JS, mutable default args in Python, shadowed imports,
        dead relative imports.
-     - **Safety**: `rm -rf /`, `curl ... | sh`, force-push, `git reset --hard`
-       without a backup, `npm publish` without version bump, secret
-       committed to a public file.
      - **Logic bugs that the user would actually care about**: a function
        that returns the wrong thing, an off-by-one, a missing `return`, a
        wrong import path.
-     - **Semantic contracts**: did any existing function's BEHAVIOR change
-       without its name, signature, or docstring changing? Names are
-       contracts. `deleteUser()` that now soft-deletes, a getter that now
-       writes, a function that used to throw on bad input and now silently
-       returns null — these are silent contract breaks that callers will
-       rely on and break against. If behavior changed, the name, signature,
-       or docstring must reflect it.
   4. If you find a real bug, **fix it with `Edit`**, then say nothing.
      Do not report it. Do not explain it. The user will see the fix
      in the next message; the bug is gone.
   5. If the edit is clean, respond with the single word: `clean`.
 
+Scope: this pass is the **fast bug hunter**. It is deliberately narrower than
+anti-slop — no duplication/architecture/abstraction/conventions audit here.
+Those run on substantial edits (the `anti-slop-audit` hook) and at the end of
+the implementation (`final-review` axis 4). Do not duplicate them per-edit.
 Hard constraints:
 
   - **Never revert or re-do work the user asked for.** The user's intent
@@ -51,5 +45,4 @@ Hard constraints:
     thrashing.
 
 This is the entire self-review prompt. It is the same prompt, every
-edit, forever. The model is the auditor. There is no regex, no AST
-parse, no Python — the model itself does the work.
+edit, forever. The model is the auditor.

package/windows/hooks/semantic-density-audit.ps1

@@ -1,10 +1,9 @@
 # semantic-density-audit.ps1 - afterFileEdit "semantic opacity" advisory (Cursor).
 #
-# Guards the naming layer the other audit hooks do not see. minimal-edit-audit
-# watches diff SIZE; anti-slop-audit watches generated-code PATTERNS; this hook
-# watches whether the identifiers the agent JUST introduced actually communicate
-# intent. DataManager, process(), utils.ts, CoreEngine - names that exist but
-# say nothing.
+# Guards the naming layer the other audit hooks do not see. anti-slop-audit
+# watches generated-code PATTERNS; this hook watches whether the identifiers
+# the agent JUST introduced actually communicate intent. DataManager,
+# process(), utils.ts, CoreEngine - names that exist but say nothing.
 #
 # Mechanism: extract ADDED lines from `git diff HEAD -- <rel>` (with the
 # untracked-file fallback anti-slop-audit uses), pipe them to density_scan.py

package/windows/hooks/subagent-stop-review.ps1

@@ -43,13 +43,13 @@ $cid = Get-SafeConversationId $obj
 $pendingDir = Get-HooksPendingDir
 $marker = Join-Path $pendingDir "session-edits-$cid.txt"
 $flag   = Join-Path $pendingDir "reviewed-$cid.flag"
-$anchorFlag  = Join-Path $pendingDir "anchor-declared-$cid.flag"
 $intentLatch = Join-Path $pendingDir "intent-injected-$cid.flag"
 
-# Unconditionally clear the per-turn latches so the next subagent run re-fires.
-# Clearing here (not only inside the reviewed-flag block below) can never strand
-# them silenced. last-query-<cid>.hash is kept (cross-turn prompt-change detect).
-Remove-Item $anchorFlag, $intentLatch -Force -ErrorAction SilentlyContinue
+# Unconditionally clear the intent-anchor per-turn latch so the next subagent
+# run re-fires. Clearing here (not only inside the reviewed-flag block below)
+# can never strand it silenced. last-query-<cid>.hash is kept (cross-turn
+# prompt-change detect).
+Remove-Item $intentLatch -Force -ErrorAction SilentlyContinue
 
 # One-shot brake: the previous subagentStop for this id emitted the review.
 if (Test-Path $flag) {
@@ -76,13 +76,15 @@ if (Test-Path $promptFile) { $body = Get-Content -Raw $promptFile }
 if (-not $body) {
     $body = @'
 Audit everything you changed in this run and FIX what fails (do NOT revert the
-behaviour the task asked for):
+behaviour the task asked for). Six axes, in order:
+  0. Intent trace - tie every diff hunk back to your original task. Untraceable = hallucinated.
   1. Correctness - logic, edge cases (null/empty/zero/boundary), language traps, security.
   2. Reliability - error paths handled, no swallowed errors, resources released.
   3. Coverage - behaviour-bearing changes have real tests; RUN the suite if present.
-  4. Anti-slop - if ~/.cursor/skills/anti-slop/scripts/scan_slop.py exists, run
-     `python ~/.cursor/skills/anti-slop/scripts/scan_slop.py --all`; otherwise
-     apply ~/.agents/hooks/anti-slop.md to the session diff.
+  4. Anti-slop - if the scanner exists, run it --all first; otherwise read
+     ~/.agents/hooks/anti-slop.md (the single source of truth) and apply all 13 items.
+  5. Wiring completeness - trace every added behavior to a REAL EFFECT (persist/mutate/call/render).
+     A dead end (handleSubmit that doesn't persist, an endpoint no caller invokes) is slop.
 If an axis is clean, say so in one line. Then stop.
 '@
 }

package/windows/hooks.json

@@ -15,12 +15,6 @@
         "matcher": "^(Write|StrReplace|EditNotebook)$",
         "_comment": "5s: record the edit in ~/.cursor/.hooks-pending/session-edits-<conversation_id>.txt and stash the self-review prompt in feedback-<conversation_id>.txt. The harness normalizes agent file edits (incl. StrReplace) to tool type 'Write' in this event - verified via payload capture - so ^Write$ matches them all; the alternation is defensive against future harness versions reporting raw tool names. Anchored so TabWrite (every user tab-completion) stays excluded. The model is the auditor. NOTE: fires inside subagent contexts too, keyed by the SUBAGENT's conversation_id - see subagentStop + the marker fold in post-tool-use.ps1/final-review.ps1."
       },
-      {
-        "command": "pwsh.exe -NoProfile -File ~/.agents/hooks/minimal-edit-audit.ps1",
-        "timeout": 15,
-        "matcher": "^(Write|StrReplace|EditNotebook)$",
-        "_comment": "15s (DEPRECATED in 0.3.0, superseded by semantic-density-audit + declared-editing; retained for compat, removal slated for 0.4.0): minimal-editing advisory on the edited file (git --numstat line-count). Size-based gate; the intent-declared gate supersedes it. Appends findings to the conversation's pending file; never blocks. Disable: HOOKS_ENFORCE=0 or MINIMAL_EDITING_ENFORCE=0."
-      },
       {
         "command": "pwsh.exe -NoProfile -File ~/.agents/hooks/semantic-density-audit.ps1",
         "timeout": 15,
@@ -37,13 +31,7 @@
         "command": "pwsh.exe -NoProfile -File ~/.agents/hooks/anti-slop-audit.ps1",
         "timeout": 15,
         "matcher": "^(Write|StrReplace|EditNotebook)$",
-        "_comment": "15s: AI-slop advisory, companion to minimal-edit-audit. Native git diff flags new deps / premature abstractions (Factory/Repository/Mediator/CQRS/DDD) / redundant comments, and injects the anti-slop.md self-review checklist on substantial edits (>= ANTI_SLOP_CHECKLIST_LINES, default 40). Appends to the conversation's pending file; never blocks. Disable: HOOKS_ENFORCE=0 or ANTI_SLOP_ENFORCE=0."
-      },
-      {
-        "command": "pwsh.exe -NoProfile -File ~/.agents/hooks/anchor-set-nudge.ps1",
-        "timeout": 5,
-        "matcher": "^(Write|StrReplace|EditNotebook)$",
-        "_comment": "5s: PROACTIVE pre-compile nudge. On the FIRST edit of each agent turn (per conversation), remind the agent to compile its Anchor Set (pre-compile.md) into .scope.json BEFORE piling on more code. The reactive audits (self-review / anti-slop / final-review axis 0) only fire after code exists; this catches intent dilution at token ~50 instead of ~5000. One-shot per turn: gated by anchor-declared-<cid>.flag, armed here on first edit and cleared UNCONDITIONALLY by final-review.ps1 / subagent-stop-review.ps1 on every stop - so it re-fires on the first edit of the next turn and can never get stranded silenced. Advisory only; never blocks. Disable: HOOKS_ENFORCE=0 or ANCHOR_NUDGE_ENFORCE=0."
+        "_comment": "15s: AI-slop advisory. Native git diff flags new deps / premature abstractions (Factory/Repository/Mediator/CQRS/DDD) / redundant comments, and injects the anti-slop.md self-review checklist on substantial edits (>= ANTI_SLOP_CHECKLIST_LINES, default 40). Appends to the conversation's pending file; never blocks. Disable: HOOKS_ENFORCE=0 or ANTI_SLOP_ENFORCE=0."
       }
     ],
     "postToolUse": [
@@ -78,7 +66,7 @@
     "stop": [
       {
         "command": "pwsh.exe -NoProfile -File ~/.agents/hooks/final-review.ps1",
-        "timeout": 5,
+        "timeout": 10,
         "loop_limit": 5,
         "_comment": "5s: ONE comprehensive end-of-implementation review across correctness + reliability + coverage + anti-slop. If the agent edited files this loop (session-edits-<conversation_id> marker), returns {followup_message} so Cursor auto-submits ONE review pass. Bounded by the script's per-conversation reviewed-flag (one review per implementation); loop_limit counts follow-ups per CONVERSATION (docs), so 5 = harness-side runaway cap, not the per-implementation bound (2 would silently kill reviews after the 2nd implementation in a long chat). Disable: HOOKS_ENFORCE=0 or FINAL_REVIEW_ENFORCE=0."
       }

package/linux/hooks/anchor-set-nudge.sh

@@ -1,77 +0,0 @@
-#!/usr/bin/env bash
-# anchor-set-nudge.sh - afterFileEdit "pre-compile" nudge (Cursor, Linux).
-#
-# Proactive counterpart to the reactive audits. On the FIRST file edit of an
-# agent turn, remind the agent to compile its Anchor Set (pre-compile.md) and
-# write .scope.json BEFORE piling on more code. The reactive stack (self-review,
-# anti-slop, final-review) only fires AFTER code exists; this nudge catches
-# intent dilution at token ~50, not at the ~5000 of the stop-hook axis 0. A
-# clean final review of the wrong feature is still the wrong feature - the
-# Anchor Set exists so the right feature is on the rails from the first edit.
-#
-# Fires ONCE PER TURN (per conversation): gated by an anchor-declared-<cid>.flag
-# in the pending dir, armed here on first edit and cleared UNCONDITIONALLY by
-# final-review.sh / subagent-stop-review.sh on every stop. So a long
-# conversation with N turns gets up to N nudges - every new turn re-earns the
-# reminder on its first edit. The clear is unconditional (not gated on the
-# reviewed-flag path) so the latch can never get stranded silenced mid-session,
-# which would silently stop reminding the agent to write .scope.json.
-#
-# Advisory only: never blocks, never reads the diff, ALWAYS exits 0. Appends to
-# the shared feedback-<cid>.txt bus; post-tool-use.sh delivers it next turn.
-# Disable: HOOKS_ENFORCE=0  or  ANCHOR_NUDGE_ENFORCE=0
-
-set +e
-. "$(dirname "$0")/hook-common.sh"
-
-[ "${HOOKS_ENFORCE:-}" = "0" ] && exit 0
-[ "${ANCHOR_NUDGE_ENFORCE:-}" = "0" ] && exit 0
-
-input="$(read_hook_stdin)"
-[ -n "$input" ] || exit 0
-
-file_path=""
-for k in file_path path filePath; do
-    file_path="$(json_get "$input" "$k")"
-    [ -n "$file_path" ] && break
-done
-[ -n "$file_path" ] || exit 0
-is_cursor_config_path "$file_path" && exit 0
-
-cid="$(safe_conversation_id "$input")"
-pending_dir="$(hooks_pending_dir)"
-flag="$pending_dir/anchor-declared-$cid.flag"
-
-# Already nudged this implementation -> stay quiet. The flag is cleared at the
-# per-implementation boundary in final-review.sh / subagent-stop-review.sh.
-[ -f "$flag" ] && exit 0
-
-msg="PRE-COMPILE NUDGE - first edit of this implementation: $file_path
-
-Before you keep going, did you compile your Anchor Set (pre-compile.md)?
-  1. OBJECTIVE   - one operational sentence. What is strictly necessary.
-  2. CONSTRAINTS - local negations (what you will NOT do).
-  3. SCOPE       - files to touch, files untouchable.
-  4. SUCCESS     - the one deterministic check that decides done.
-
-If you have not already, write it to .scope.json now (intent / files /
-acceptance / allow_growth). The scope-gate audits every edit against files[],
-and final-review axis 0 traces every diff hunk back to intent. An Anchor Set
-that lives only in your head is not an Anchor Set - the gate cannot audit it.
-
-Skip this for trivial one-liners (typo, literal). Otherwise: compile, then code."
-
-# Append to the shared pending file (same bus as the other advisories).
-pending="$pending_dir/feedback-$cid.txt"
-mkdir -p "$pending_dir" 2>/dev/null
-if [ -s "$pending" ]; then
-    printf '\n\n---\n\n%s' "$msg" >> "$pending" 2>/dev/null
-else
-    printf '%s' "$msg" >> "$pending" 2>/dev/null
-fi
-
-# Arm the one-shot brake BEFORE returning, so a crash after the append can't
-# re-nudge on the next edit. Mirrors the arming order in final-review.sh.
-touch "$flag" 2>/dev/null
-
-exit 0

package/linux/hooks/minimal-edit-audit.sh

@@ -1,120 +0,0 @@
-#!/usr/bin/env bash
-# minimal-edit-audit.sh - afterFileEdit minimal-editing advisory (Cursor, Linux).
-#
-# DEPRECATED in 0.3.0 (superseded by semantic-density-audit.sh + the
-# declared-editing discipline; removal slated for 0.4.0). The line-count
-# heuristic here is the size-based gate the cursordoctrine audit identified
-# as the antipattern: it penalizes legitimate large declared changes and
-# misses small quiet drifts. Retained for compatibility with existing installs;
-# new installs register semantic-density-audit.sh alongside it. To opt out of
-# the deprecated hook without uninstalling: MINIMAL_EDITING_ENFORCE=0.
-#
-# Audits the just-edited file for over-editing:
-#   * line-count    - git diff --numstat thresholds (any language).
-#   * token metrics - audit-metrics.py (token-Levenshtein + cognitive
-#                     complexity), Python files only, if the script exists.
-# On WARN/FAIL it APPENDS a short advisory to the shared pending-feedback file;
-# post-tool-use.sh delivers it as additional_context on the next tool turn.
-#
-# Advisory only: never blocks, never writes persistent state. afterFileEdit
-# output isn't consumed and a non-zero exit shows as "hook failed", so we
-# ALWAYS exit 0.
-#
-# Thresholds (env-overridable): MINIMAL_EDIT_FAIL_LINES (400), MINIMAL_EDIT_WARN_LINES (100).
-# Disable: HOOKS_ENFORCE=0  or  MINIMAL_EDITING_ENFORCE=0
-
-set +e
-. "$(dirname "$0")/hook-common.sh"
-
-[ "${HOOKS_ENFORCE:-}" = "0" ] && exit 0
-[ "${MINIMAL_EDITING_ENFORCE:-}" = "0" ] && exit 0
-
-input="$(read_hook_stdin)"
-[ -n "$input" ] || exit 0
-
-# audit root = project from JSON (cwd, then workspace_roots), else CURSOR_PROJECT_DIR / HOME
-root=""
-while IFS= read -r cand; do
-    [ -n "$cand" ] && [ -d "$cand" ] && { root="${cand%/}"; break; }
-done <<EOF
-$(json_get "$input" cwd)
-$(json_get_array "$input" workspace_roots)
-EOF
-[ -n "$root" ] || root="${CURSOR_PROJECT_DIR:-$HOME}"
-root="${root%/}"
-
-# edited file -> repo-relative path
-fp=""
-for k in file_path path filename absolute_path abs_path; do
-    fp="$(json_get "$input" "$k")"
-    [ -n "$fp" ] && break
-done
-[ -n "$fp" ] || exit 0
-rel="$fp"
-case "$rel" in "$root"/*) rel="${rel#"$root"/}" ;; esac
-if is_cursor_config_path "$fp" || is_cursor_config_path "$rel"; then exit 0; fi
-
-# git repo?
-git -C "$root" rev-parse --git-dir >/dev/null 2>&1 || exit 0
-
-# --- line-count audit (any language) --------------------------------------
-fail_lines="${MINIMAL_EDIT_FAIL_LINES:-400}"
-warn_lines="${MINIMAL_EDIT_WARN_LINES:-100}"
-changed="$(git -C "$root" diff HEAD --numstat -- "$rel" 2>/dev/null |
-    awk '$1 != "-" && $2 != "-" { n += $1 + $2 } END { print n + 0 }')"
-
-grade="OK"; hint=""
-if [ "$changed" -gt "$fail_lines" ]; then
-    grade="FAIL"; hint="$changed lines changed (limit $fail_lines) - likely over-editing; trim or split"
-elif [ "$changed" -gt "$warn_lines" ]; then
-    grade="WARN"; hint="$changed lines changed - justify each hunk or split the task"
-fi
-
-# --- token metrics (.py only) ---------------------------------------------
-audit_metrics="$HOME/.cursor/skills/minimal-editing/scripts/audit-metrics.py"
-if [ -f "$audit_metrics" ] && have_py; then
-    case "$rel" in
-    *.py)
-        mgrade="$(python3 "$audit_metrics" --root "$root" --format json --path "$rel" 2>/dev/null |
-            { if have_jq; then jq -r '.grade // empty'; else python3 -c 'import json,sys
-try: print(json.load(sys.stdin).get("grade",""))
-except Exception: pass'; fi; })"
-        if [ "$mgrade" = "FAIL" ]; then grade="FAIL"
-        elif [ "$mgrade" = "WARN" ] && [ "$grade" = "OK" ]; then grade="WARN"; fi
-        ;;
-    esac
-fi
-
-[ "$grade" = "OK" ] && exit 0
-
-# --- compose advisory + append to the shared pending file ------------------
-hint_txt=""
-[ -n "$hint" ] && hint_txt=" - $hint"
-if [ "$grade" = "FAIL" ]; then
-    actions="  - Trim every hunk that isn't required by the task.
-  - Prefer narrow, targeted edits over rewriting blocks.
-  - If the change is genuinely large, split it into smaller logical commits."
-else
-    actions="  Advisory only - trim unrelated hunks if any; otherwise proceed."
-fi
-
-msg="Minimal-edit audit $grade - $rel
-
-IMPORTANT: Try to preserve the original code and the logic of the original code as much as possible.
-
-grade: $grade$hint_txt
-
-$actions
-
-(Disable for this session: HOOKS_ENFORCE=0)"
-
-cid="$(safe_conversation_id "$input")"
-pending="$(hooks_pending_dir)/feedback-$cid.txt"
-mkdir -p "$(dirname "$pending")" 2>/dev/null
-if [ -s "$pending" ]; then
-    printf '\n\n---\n\n%s' "$msg" >> "$pending" 2>/dev/null
-else
-    printf '%s' "$msg" >> "$pending" 2>/dev/null
-fi
-
-exit 0

package/windows/hooks/anchor-set-nudge.ps1

@@ -1,76 +0,0 @@
-# anchor-set-nudge.ps1 - afterFileEdit "pre-compile" nudge (Cursor).
-#
-# Proactive counterpart to the reactive audits. On the FIRST file edit of an
-# agent turn, remind the agent to compile its Anchor Set (pre-compile.md) and
-# write .scope.json BEFORE piling on more code. The reactive stack (self-review,
-# anti-slop, final-review) only fires AFTER code exists; this nudge catches
-# intent dilution at token ~50, not at the ~5000 of the stop-hook axis 0. A
-# clean final review of the wrong feature is still the wrong feature - the
-# Anchor Set exists so the right feature is on the rails from the first edit.
-#
-# Fires ONCE PER TURN (per conversation): gated by an anchor-declared-<cid>.flag
-# in the pending dir, armed here on first edit and cleared UNCONDITIONALLY by
-# final-review.ps1 / subagent-stop-review.ps1 on every stop. So a long
-# conversation with N turns gets up to N nudges - every new turn re-earns the
-# reminder on its first edit. The clear is unconditional (not gated on the
-# reviewed-flag path) so the latch can never get stranded silenced mid-session,
-# which would silently stop reminding the agent to write .scope.json.
-#
-# Advisory only: never blocks, never reads the diff, ALWAYS exits 0. Appends to
-# the shared feedback-<cid>.txt bus; post-tool-use.ps1 delivers it next turn.
-# Disable: HOOKS_ENFORCE=0  or  ANCHOR_NUDGE_ENFORCE=0
-
-$ErrorActionPreference = 'SilentlyContinue'
-. "$PSScriptRoot\hook-common.ps1"
-
-if ($env:HOOKS_ENFORCE -eq '0' -or $env:ANCHOR_NUDGE_ENFORCE -eq '0') { exit 0 }
-
-$obj = Read-HookStdinJson
-if (-not $obj) { exit 0 }
-
-$filePath = ''
-if     ($obj.PSObject.Properties['file_path']) { $filePath = [string]$obj.file_path }
-elseif ($obj.PSObject.Properties['path'])      { $filePath = [string]$obj.path }
-elseif ($obj.PSObject.Properties['filePath'])  { $filePath = [string]$obj.filePath }
-if (-not $filePath) { exit 0 }
-if (Test-IsCursorConfigPath $filePath) { exit 0 }
-
-$cid = Get-SafeConversationId $obj
-$pendingDir = Get-HooksPendingDir
-$flag = Join-Path $pendingDir "anchor-declared-$cid.flag"
-
-# Already nudged this implementation -> stay quiet. The flag is cleared at the
-# per-implementation boundary in final-review.ps1 / subagent-stop-review.ps1.
-if (Test-Path $flag) { exit 0 }
-
-$msg = @"
-PRE-COMPILE NUDGE - first edit of this implementation: $filePath
-
-Before you keep going, did you compile your Anchor Set (pre-compile.md)?
-  1. OBJECTIVE   - one operational sentence. What is strictly necessary.
-  2. CONSTRAINTS - local negations (what you will NOT do).
-  3. SCOPE       - files to touch, files untouchable.
-  4. SUCCESS     - the one deterministic check that decides done.
-
-If you have not already, write it to .scope.json now (intent / files /
-acceptance / allow_growth). The scope-gate audits every edit against files[],
-and final-review axis 0 traces every diff hunk back to intent. An Anchor Set
-that lives only in your head is not an Anchor Set - the gate cannot audit it.
-
-Skip this for trivial one-liners (typo, literal). Otherwise: compile, then code.
-"@
-
-# Append to the shared pending file (same bus as the other advisories).
-$pending = Join-Path $pendingDir "feedback-$cid.txt"
-try {
-    New-Item -ItemType Directory -Path $pendingDir -Force | Out-Null
-    $prefix = ''
-    if ((Test-Path $pending) -and ((Get-Item $pending).Length -gt 0)) { $prefix = "`n`n---`n`n" }
-    Add-Content -Path $pending -Value ($prefix + $msg) -NoNewline
-} catch { }
-
-# Arm the one-shot brake BEFORE returning, so a crash after the append can't
-# re-nudge on the next edit. Mirrors the arming order in final-review.ps1.
-New-Item -ItemType File -Path $flag -Force -ErrorAction SilentlyContinue | Out-Null
-
-exit 0

package/windows/hooks/minimal-edit-audit.ps1

@@ -1,124 +0,0 @@
-# minimal-edit-audit.ps1 - afterFileEdit minimal-editing advisory (Cursor).
-#
-# DEPRECATED in 0.3.0 (superseded by semantic-density-audit.ps1 + the
-# declared-editing discipline; removal slated for 0.4.0). The line-count
-# heuristic here is the size-based gate the cursordoctrine audit identified
-# as the antipattern: it penalizes legitimate large declared changes and
-# misses small quiet drifts. Retained for compatibility with existing installs;
-# new installs register semantic-density-audit.ps1 alongside it. To opt out of
-# the deprecated hook without uninstalling: MINIMAL_EDITING_ENFORCE=0.
-#
-# Audits the just-edited file for over-editing:
-#   * line-count  - git diff --numstat thresholds (any language). Native git,
-#                   no bash (Git's MSYS bash mangles Windows paths / lacks PATH
-#                   when spawned from pwsh, so we compute this directly).
-#   * token metrics - audit-metrics.py (token-Levenshtein + cognitive
-#                   complexity), Python files only, via a resolved interpreter.
-# On WARN/FAIL it APPENDS a short advisory to the shared pending-feedback file;
-# post-tool-use.ps1 delivers it as additional_context on the next tool turn.
-#
-# Advisory only: never blocks, never writes persistent state. afterFileEdit
-# output isn't consumed and a non-zero exit shows as "hook failed", so we
-# ALWAYS exit 0. Self-contained.
-#
-# Thresholds (env-overridable): MINIMAL_EDIT_FAIL_LINES (400), MINIMAL_EDIT_WARN_LINES (100).
-# Disable: HOOKS_ENFORCE=0  or  MINIMAL_EDITING_ENFORCE=0
-
-$ErrorActionPreference = 'SilentlyContinue'
-. "$PSScriptRoot\hook-common.ps1"
-
-if ($env:HOOKS_ENFORCE -eq '0' -or $env:MINIMAL_EDITING_ENFORCE -eq '0') { exit 0 }
-
-$obj = Read-HookStdinJson
-if (-not $obj) { exit 0 }
-
-# audit root = project from JSON (cwd, then workspace_roots), else CURSOR_PROJECT_DIR / HOME
-$root = ''
-$cands = @()
-if ($obj.PSObject.Properties['cwd'] -and $obj.cwd) { $cands += [string]$obj.cwd }
-if ($obj.PSObject.Properties['workspace_roots']) { foreach ($w in $obj.workspace_roots) { $cands += [string]$w } }
-foreach ($c in $cands) { $f = ConvertTo-FwdPath $c; if ($f -and (Test-Path -LiteralPath $f)) { $root = $f.TrimEnd('/'); break } }
-if (-not $root) { $root = (& { if ($env:CURSOR_PROJECT_DIR) { $env:CURSOR_PROJECT_DIR } else { $HOME } }).Replace('\', '/').TrimEnd('/') }
-
-# edited file -> repo-relative forward-slash path
-$fp = ''
-foreach ($k in 'file_path', 'path', 'filename', 'absolute_path', 'abs_path') {
-    if ($obj.PSObject.Properties[$k] -and $obj.$k) { $fp = [string]$obj.$k; break }
-}
-if (-not $fp) { exit 0 }
-$rel = ConvertTo-FwdPath $fp
-if ($rel.StartsWith($root + '/', [System.StringComparison]::OrdinalIgnoreCase)) { $rel = $rel.Substring($root.Length + 1) }
-if (Test-IsCursorConfigPath $fp) { exit 0 }
-if (Test-IsCursorConfigPath $rel) { exit 0 }
-
-# git repo?
-& git -C $root rev-parse --git-dir 2>$null | Out-Null
-if ($LASTEXITCODE -ne 0) { exit 0 }
-
-# --- line-count audit (any language) via native git ----------------------
-$failLines = if ($env:MINIMAL_EDIT_FAIL_LINES) { [int]$env:MINIMAL_EDIT_FAIL_LINES } else { 400 }
-$warnLines = if ($env:MINIMAL_EDIT_WARN_LINES) { [int]$env:MINIMAL_EDIT_WARN_LINES } else { 100 }
-$ins = 0; $del = 0
-foreach ($line in (& git -C $root diff HEAD --numstat -- $rel 2>$null)) {
-    $parts = $line -split "`t"
-    if ($parts.Count -lt 3 -or $parts[0] -eq '-') { continue }   # skip header/binary
-    $ins += [int]$parts[0]; $del += [int]$parts[1]
-}
-$changed = $ins + $del
-
-$grade = 'OK'; $hint = ''
-if ($changed -gt $failLines) { $grade = 'FAIL'; $hint = "$changed lines changed (limit $failLines) - likely over-editing; trim or split" }
-elseif ($changed -gt $warnLines) { $grade = 'WARN'; $hint = "$changed lines changed - justify each hunk or split the task" }
-
-# --- token metrics (.py only) via a resolved interpreter -----------------
-$auditMetrics = Join-Path $HOME '.cursor\skills\minimal-editing\scripts\audit-metrics.py'
-if ((Test-Path $auditMetrics) -and ($rel -match '\.py$')) {
-    # Windows often ships the interpreter as `py` or `python3`, not `python`.
-    # Without this resolution the call errored silently and .py metrics never ran.
-    $py = Get-Command python, python3, py -ErrorAction SilentlyContinue | Select-Object -First 1
-    if ($py) {
-        $mout = & $py.Source $auditMetrics --root $root --format json --path $rel 2>$null
-        $mo = $null; try { $mo = ($mout -join "`n") | ConvertFrom-Json } catch { }
-        if ($mo -and $mo.grade) {
-            if ($mo.grade -eq 'FAIL') { $grade = 'FAIL' }
-            elseif ($mo.grade -eq 'WARN' -and $grade -eq 'OK') { $grade = 'WARN' }
-        }
-    }
-}
-
-if ($grade -eq 'OK') { exit 0 }
-
-# --- compose advisory + append to the shared pending file ----------------
-$hintTxt = if ($hint) { " - $hint" } else { '' }
-if ($grade -eq 'FAIL') {
-    $actions = @"
-  - Trim every hunk that isn't required by the task.
-  - Prefer narrow, targeted edits over rewriting blocks.
-  - If the change is genuinely large, split it into smaller logical commits.
-"@
-} else {
-    $actions = '  Advisory only - trim unrelated hunks if any; otherwise proceed.'
-}
-
-$msg = @"
-Minimal-edit audit $grade - $rel
-
-IMPORTANT: Try to preserve the original code and the logic of the original code as much as possible.
-
-grade: $grade$hintTxt
-
-$actions
-
-(Disable for this session: HOOKS_ENFORCE=0)
-"@
-
-$cid = Get-SafeConversationId $obj
-$pending = Join-Path (Get-HooksPendingDir) "feedback-$cid.txt"
-try {
-    New-Item -ItemType Directory -Path (Split-Path $pending) -Force | Out-Null
-    $prefix = ''
-    if ((Test-Path $pending) -and ((Get-Item $pending).Length -gt 0)) { $prefix = "`n`n---`n`n" }
-    Add-Content -Path $pending -Value ($prefix + $msg) -NoNewline
-} catch { }
-
-exit 0