cursordoctrine 0.6.3 → 0.6.4

package/linux/hooks/hook-common.sh

@@ -105,7 +105,7 @@ resolve_agent_path() {
     esac
 }
 
-# extract_last_user_query <json> -> text of the last <user_query> in this
+# extract_last_user_query <json> -> text of the last *human* <user_query> in this
 # conversation's transcript, or '' if there is none. Capped at 2000 chars.
 #
 # This is the Tier 0 intent-trace primitive: the final-review hook prepends the
@@ -113,7 +113,14 @@ resolve_agent_path() {
 # to it. Anything untraceable is a hallucinated requirement.
 #
 # Walks the JSONL backward via tac (preferred) or a portable awk fallback; finds
-# the first (last) user record whose content carries a <user_query> tag.
+# the first (last) user record whose content carries a <user_query> tag - SKIPPING
+# hook-generated turns. final-review.sh / subagent-stop-review.sh emit a
+# {followup_message} that Cursor replays as a user turn (and self-review /
+# intent-anchor inject into additional_context); returning one of those would lock
+# the review boilerplate into .scope.json as the intent (the contamination loop).
+# Hook turns are detected by their fixed headers; if the transcript has been
+# trimmed to just the hook turn, recover the real request from the embedded
+# "ORIGINAL REQUEST ... --- <request> ---" block.
 extract_last_user_query() {
     local json="$1"
     local tp
@@ -134,6 +141,14 @@ extract_last_user_query() {
     if have_py; then
         printf '%s' "$reversed" | python3 -c '
 import json, re, sys
+HOOK_HDR = re.compile(r"^\s*(FINAL REVIEW \(end of implementation\)|SUBAGENT FINAL REVIEW|SELF-REVIEW|INTENT ANCHOR)", re.M)
+EMBEDDED = re.compile(r"ORIGINAL REQUEST[^\r\n]*\r?\n-{3,}\r?\n(.+?)\r?\n-{3,}", re.S)
+def redact(q):
+    q = re.sub(r"\bnpm_[A-Za-z0-9]{10,}\b", "[REDACTED_NPM_TOKEN]", q)
+    q = re.sub(r"\b(sk-[A-Za-z0-9]{10,}|ghp_[A-Za-z0-9]{20,}|gho_[A-Za-z0-9]{20,})\b", "[REDACTED_TOKEN]", q)
+    q = re.sub(r"(?i)(api[_-]?key|token|secret|password)\s*[:=]\s*\S+", r"\1=[REDACTED]", q)
+    return q
+embedded_fallback = ""
 try:
     for line in sys.stdin:
         line = line.strip()
@@ -155,15 +170,26 @@ try:
                 if isinstance(p, dict) and p.get("type") == "text" and p.get("text"):
                     text += p["text"]
         m = re.search(r"<user_query>\s*(.+?)\s*</user_query>", text, re.S)
-        if m:
-            q = m.group(1).strip()
-            if len(q) > 2000:
-                q = q[:2000] + "..."
-            q = re.sub(r"\bnpm_[A-Za-z0-9]{10,}\b", "[REDACTED_NPM_TOKEN]", q)
-            q = re.sub(r"\b(sk-[A-Za-z0-9]{10,}|ghp_[A-Za-z0-9]{20,}|gho_[A-Za-z0-9]{20,})\b", "[REDACTED_TOKEN]", q)
-            q = re.sub(r"(?i)(api[_-]?key|token|secret|password)\s*[:=]\s*\S+", r"\1=[REDACTED]", q)
-            print(q)
-            break
+        if not m:
+            continue
+        q = m.group(1).strip()
+        # Hook-generated turn -> not the human words. Remember the embedded
+        # ORIGINAL REQUEST (latest such turn) and keep walking back.
+        if HOOK_HDR.search(q):
+            if not embedded_fallback:
+                em = EMBEDDED.search(q)
+                if em:
+                    embedded_fallback = em.group(1).strip()
+            continue
+        if len(q) > 2000:
+            q = q[:2000] + "..."
+        print(redact(q))
+        break
+    else:
+        if embedded_fallback:
+            if len(embedded_fallback) > 2000:
+                embedded_fallback = embedded_fallback[:2000] + "..."
+            print(redact(embedded_fallback))
 except Exception:
     pass
 ' 2>/dev/null
@@ -172,9 +198,14 @@ except Exception:
 
     # No python3: best-effort grep for the common case where the user message
     # is the only place <user_query> appears in a line. Imperfect but bounded.
+    # Drop hook-generated turns (FINAL REVIEW / SUBAGENT / SELF-REVIEW / INTENT
+    # ANCHOR) so we never lock review boilerplate as the intent; take the first
+    # surviving human <user_query>.
     printf '%s' "$reversed" |
-        grep -m1 -oE '<user_query>[^<]*</user_query>' 2>/dev/null |
+        grep -oE '<user_query>[^<]*</user_query>' 2>/dev/null |
         sed -E 's@</?user_query>@@g' |
+        grep -vE '^[[:space:]]*(FINAL REVIEW \(end of implementation\)|SUBAGENT FINAL REVIEW|SELF-REVIEW|INTENT ANCHOR)' 2>/dev/null |
+        head -n1 |
         sed -E 's/\bnpm_[A-Za-z0-9]{10,}\b/[REDACTED_NPM_TOKEN]/g' |
         head -c 2000
 }

package/linux/hooks/intent-anchor.sh

@@ -150,12 +150,14 @@ EOF
     #     changed (or a new session) => regenerate and RESET files[] (the "arrastre entre
     #     features" fix). Same prompt this session => heal in place (backfill bookkeeping, keep
     #     files[]/acceptance) so the NEXT prompt is detected by hash.
-    # Hollow = no real intent on disk: empty, or still the hook's <TODO> placeholder.
-    # A hollow contract is worse than none (it looks owned, so neither hook nor agent
-    # fills it). Treat it as unusable: regenerate when the request is readable, else
-    # hand the agent the pre-compile demand to author a real one.
+    # Hollow = no real intent on disk: empty, the hook's <TODO> placeholder, OR
+    # hook-generated review boilerplate that a stale extractor locked in (the
+    # contamination loop - "FINAL REVIEW (end of implementation)..."). A hollow
+    # contract is worse than none (it looks owned, so neither hook nor agent fills
+    # it). Treat it as unusable: regenerate when the request is readable, else hand
+    # the agent the pre-compile demand to author a real one.
     case "$scope_intent" in
-        ""|"<TODO"*) scope_hollow=1 ;;
+        ""|"<TODO"*|"FINAL REVIEW (end of implementation)"*|"SUBAGENT FINAL REVIEW"*|"SELF-REVIEW"*|"INTENT ANCHOR"*) scope_hollow=1 ;;
     esac
     if [ "$scope_exists" = "1" ] && [ "$has_query" = "1" ]; then
         if [ "$scope_hollow" = "1" ]; then

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "cursordoctrine",
-  "version": "0.6.3",
+  "version": "0.6.4",
   "description": "Thin self-review hooks for Cursor — the model is the auditor. Pruned + deduplicated: intent-anchor (auto-scaffolded .scope.json per prompt + per-turn re-injection against Salience Dilution), intent-trace final review, unified anti-slop checklist as single source of truth.",
   "bin": {
     "cursordoctrine": "bin/cli.mjs"

package/windows/hooks/hook-common.ps1

@@ -83,11 +83,36 @@ function Redact-SecretsFromIntent([string]$text) {
     return $text
 }
 
-# Extract the last user <user_query> from a Cursor transcript JSONL.
+# A <user_query> turn can actually be a HOOK-GENERATED message replayed by Cursor
+# as a user turn: final-review.ps1 and subagent-stop-review.ps1 emit a
+# {followup_message} that Cursor auto-submits as the next user turn, and the
+# self-review / intent-anchor injections get drained into additional_context.
+# If Get-LastUserQuery returns one of those, intent-anchor locks the REVIEW
+# BOILERPLATE into .scope.json as the "intent" (the contamination loop that put
+# "FINAL REVIEW (end of implementation)..." in the contract). Detect them by the
+# fixed headers the hooks emit and skip past them to the real human turn.
+function Test-IsHookGeneratedQuery([string]$text) {
+    if (-not $text) { return $false }
+    return ($text -match '(?m)^\s*(FINAL REVIEW \(end of implementation\)|SUBAGENT FINAL REVIEW|SELF-REVIEW|INTENT ANCHOR)')
+}
+
+# The final-review / subagent-review followups embed the real human request as:
+#   ORIGINAL REQUEST (...):\n---\n<request>\n---
+# When the transcript has been trimmed to just the hook turn, recover the human
+# request from that block instead of returning the boilerplate.
+function Get-EmbeddedOriginalRequest([string]$text) {
+    if (-not $text) { return '' }
+    if ($text -match '(?s)ORIGINAL REQUEST[^\r\n]*\r?\n-{3,}\r?\n(.+?)\r?\n-{3,}') {
+        return $Matches[1].Trim()
+    }
+    return ''
+}
+
+# Extract the last *human* user <user_query> from a Cursor transcript JSONL.
 # transcript is an array of {role, message} records; we walk backward from the
-# end, find the last user turn whose content has a <user_query> tag, and return
-# its text. Returns '' if there is no transcript or no user_query. Capped at
-# 2000 chars so the follow-up prompt stays bounded.
+# end, skipping hook-generated turns (see above), and return the first real human
+# turn's text. Returns '' if there is no transcript or no human user_query. Capped
+# at 2000 chars so the follow-up prompt stays bounded.
 #
 # This is the Tier 0 intent-trace primitive: the final-review hook prepends the
 # extracted request to its followup so the model must trace every diff hunk back
@@ -97,6 +122,7 @@ function Get-LastUserQuery($obj) {
     if ($obj -and $obj.PSObject.Properties['transcript_path']) { $tp = [string]$obj.transcript_path }
     if (-not $tp -or -not (Test-Path -LiteralPath $tp)) { return '' }
     $lines = @(Get-Content -LiteralPath $tp -ErrorAction SilentlyContinue)
+    $embeddedFallback = ''
     for ($i = $lines.Count - 1; $i -ge 0; $i--) {
         $line = $lines[$i]
         if (-not $line -or $line -notmatch '"role"\s*:\s*"user"') { continue }
@@ -117,10 +143,22 @@ function Get-LastUserQuery($obj) {
         }
         if ($text -match '(?s)<user_query>\s*(.+?)\s*</user_query>') {
             $q = $Matches[1].Trim()
+            # Hook-generated turn -> not the human's words. Remember the embedded
+            # ORIGINAL REQUEST (from the most recent such turn) and keep walking.
+            if (Test-IsHookGeneratedQuery $q) {
+                if (-not $embeddedFallback) { $embeddedFallback = Get-EmbeddedOriginalRequest $q }
+                continue
+            }
             if ($q.Length -gt 2000) { $q = $q.Substring(0, 2000) + '...' }
             return (Redact-SecretsFromIntent $q)
         }
     }
+    # No real human turn survived in the transcript -> fall back to the request
+    # embedded in the latest hook followup, if we found one.
+    if ($embeddedFallback) {
+        if ($embeddedFallback.Length -gt 2000) { $embeddedFallback = $embeddedFallback.Substring(0, 2000) + '...' }
+        return (Redact-SecretsFromIntent $embeddedFallback)
+    }
     return ''
 }
 

package/windows/hooks/intent-anchor.ps1

@@ -127,12 +127,14 @@ if (Test-Path -LiteralPath $scopePath) {
         if ([string]::IsNullOrWhiteSpace($scopeFiles)) { $scopeFiles = '(none yet - auto-tracked as you edit)' }
         $scopeExists = $true
         $scopeHasHash = ($sj.PSObject.Properties['_intent_hash'] -and -not [string]::IsNullOrWhiteSpace([string]$sj._intent_hash))
-        # Hollow = no real intent on disk: empty, or still the hook's <TODO> placeholder.
+        # Hollow = no real intent on disk: empty, the hook's <TODO> placeholder, OR
+        # hook-generated review boilerplate that a stale extractor locked in as the
+        # intent (the contamination loop - "FINAL REVIEW (end of implementation)...").
         # A hollow contract is worse than none (it looks owned, so neither hook nor agent
-        # fills it; scope-gate appends files to it and final-review audits against <TODO>).
+        # fills it; scope-gate appends files to it and final-review audits against garbage).
         # Treat it as unusable: regenerate when we can read the request, else hand the agent
         # the pre-compile demand to write a real one.
-        $scopeHollow = ([string]::IsNullOrWhiteSpace($scopeIntent) -or $scopeIntent -match '^\s*<TODO')
+        $scopeHollow = ([string]::IsNullOrWhiteSpace($scopeIntent) -or $scopeIntent -match '^\s*<TODO' -or (Test-IsHookGeneratedQuery $scopeIntent))
         # Staleness, hash-agnostic so it survives MODEL-written contracts:
         #   - hook-written (has _intent_hash): stale when that hash != current query hash.
         #   - model-written (no _intent_hash - the legacy pre-compile.md schema): we cannot