getprismo 0.1.41 → 0.1.43

package/README.md

@@ -4,13 +4,13 @@
 [![npm downloads](https://img.shields.io/npm/dw/getprismo.svg)](https://www.npmjs.com/package/getprismo)
 [![license: MIT](https://img.shields.io/badge/license-MIT-green.svg)](LICENSE)
 
-local ai coding cost control. one command to diagnose token waste, fix it, and prove the improvement.
+an autonomous cost agent for ai coding. it finds token waste, fixes the cause, verifies the fix against your next sessions in dollars, and escalates or backs off based on what actually worked. unattended.
 
 ```bash
 npx getprismo doctor
 ```
 
-that's it. run it on any repo. no api keys, no login, no data leaves your machine.
+that's it. run it on any repo. no api keys, no login, no data leaves your machine. connect it once and it runs itself.
 
 ---
 
@@ -31,14 +31,20 @@ prismodev covers the full AI coding session:
 ```
 before you code     npx getprismo doctor
 while you code      npx getprismo guard --watch
+enforce at runtime  npx getprismo enforce install
 noisy commands      npx getprismo shield -- npm test
+targeted repairs    npx getprismo repair auto
 after you code      npx getprismo receipt
 postmortem          npx getprismo replay
+weekly receipt      npx getprismo digest
 workspace agent     npx getprismo agent --watch
 agent-native        npx getprismo mcp
 ```
 
 **doctor** diagnoses the repo, applies safe fixes, and shows the before/after score.
+**repair** runs the targeted fix for one waste cause; `repair auto` lets the planner pick.
+**enforce** turns the context firewall into actual runtime enforcement via Claude Code hooks.
+**digest** prints the verified-savings summary for the week, ready to paste into Slack.
 **guard** runs live guardrails, context throttle, rescue prompts, context firewall, and dashboard-ready prevention events.
 **watch** monitors context pressure live and is the lower-level diagnostic view behind guard.
 **receipt** explains what repeated, what output dominated, what artifacts leaked, what likely influenced the run, and a heuristic context-efficiency score.
@@ -49,6 +55,58 @@ agent-native        npx getprismo mcp
 
 ---
 
+## new: the self-driving loop
+
+connect once and prismodev operates itself:
+
+```bash
+npx getprismo connect --token <your prismo api key>
+```
+
+from that point, on every machine running the connector:
+
+1. **detect** — session telemetry syncs continuously; waste is attributed to one of five causes: repeated file reads, tool-output floods, generated artifacts, context loops, long-session buildup.
+2. **decide** — a local planner scores causes against thresholds, respects cooldowns, and won't re-repair a cause until enough new sessions arrived to judge the last attempt. the backend auto-queues repairs the same way — no dashboard clicks.
+3. **repair** — each cause has a dedicated executor (not doctor-for-everything): ignore rules + hot-file maps, shield staging, firewall policies, tightened guard budgets, scoped context packs with restart routines.
+4. **verify** — after a repair, the waste rate for that cause is measured in your *later* sessions (14-day baseline, real before/after math). verdicts: `improved`, `no-change`, `regressed`.
+5. **adapt** — `improved` stays mild. `no-change`/`regressed` escalates to an aggressive tier (context firewall + tighter budgets). a cause that fails both tiers is held for your review instead of being retried forever — the one moment a human is genuinely needed, surfaced loudly.
+
+savings are reported in **dollars, verified** — converted with a model-aware blended rate weighted across your actual sessions — on the dashboard and via `prismo digest`.
+
+and it learns across the fleet: anonymized repair verdicts (counts only, no repo/org identifiers) aggregate into priors, so when the fleet already knows mild repairs rarely fix a cause, your first repair starts at the tier that works. your own verdicts always outrank the fleet's.
+
+run one planner cycle by hand to see it think:
+
+```bash
+npx getprismo repair auto --dry-run
+```
+
+---
+
+## new: runtime enforcement
+
+advisory guardrails only help if the agent reads them. for claude code, prismodev can enforce them:
+
+```bash
+npx getprismo enforce install
+```
+
+this wires a `PreToolUse` hook (with a backup of `.claude/settings.json`) that:
+
+- **denies reads into blocked context** — `node_modules/`, build output, logs, lockfiles — with a reason pointing the agent at the compact `.prismo/` context packs instead
+- **denies the fourth attempt of an identical command** in one session, suggesting one shielded run instead of an expensive retry loop
+
+```text
+permissionDecision: deny
+reason: Prismo context firewall: "logs/huge.log" is blocked context (rule: logs/**).
+        Use the .prismo/ context packs instead, or run `npx getprismo shield -- <command>`
+        if you need its contents summarized.
+```
+
+enforcement fails open — malformed events or missing policy files allow the call, so it can never break a working agent. `enforce uninstall` removes only the prismo hook. other agents keep following the advisory `.prismo` files.
+
+---
+
 ## what prismodev catches
 
 - missing `.claudeignore` / `.cursorignore` (the biggest single fix for most repos)
@@ -762,6 +820,9 @@ no install needed. npx runs it directly.
 | command | what it does |
 |---------|-------------|
 | `doctor` | diagnose, fix, optimize, show before/after |
+| `repair <cause\|auto>` | targeted repair for one waste cause; auto = planner picks with cooldowns and verdict feedback |
+| `enforce` | runtime enforcement of the context firewall via claude code hooks |
+| `digest` | verified-savings summary for the week, in dollars, ready for slack |
 | `watch` | live session monitoring with warnings |
 | `cc` | claude code cost breakdown |
 | `cc timeline` | session reconstruction with events |
@@ -1067,6 +1128,9 @@ lib/prismo-dev/instructions.js   instruction ROI, partial-compliance, and ablati
 lib/prismo-dev/mcp.js            local MCP server and Prismo tool bindings
 lib/prismo-dev/receipt.js        run receipts for reads, output, artifacts, and next scope
 lib/prismo-dev/report.js         terminal, markdown, ci reports
+lib/prismo-dev/repair-executors.js  cause-specific repair executors with mild/aggressive tiers
+lib/prismo-dev/repair-planner.js    autonomous planner: cause scoring, cooldowns, local verdicts, escalation
+lib/prismo-dev/enforce.js        claude code PreToolUse hook enforcement and settings wiring
 lib/prismo-dev/replay.js         incident replay and recovery prompts
 lib/prismo-dev/scan.js           repo scanning, scoring, readiness
 lib/prismo-dev/scan-path-utils.js scan ignore/path helper logic
@@ -1090,6 +1154,8 @@ lib/prismo-dev/watch-render.js   watch terminal and guardrail renderers
 npx getprismo --help
 npx getprismo --version
 npx getprismo doctor --help
+npx getprismo repair --help
+npx getprismo enforce --help
 npx getprismo watch --help
 npx getprismo shield --help
 npx getprismo mcp --help
@@ -1108,3 +1174,4 @@ More docs:
 
 - [MCP setup and tools](docs/mcp.md)
 - [Live demo flow](docs/live-demo.md)
+- [Privacy & telemetry — exactly what leaves your machine](docs/privacy-telemetry.md)

package/docs/announcement.md

@@ -0,0 +1,56 @@
+# Announcement drafts
+
+Working drafts for the autonomous-loop release (getprismo 0.1.42). Edit freely; numbers in brackets should be replaced with real figures from the dashboard once a week of verdicts has accumulated.
+
+---
+
+## Show HN
+
+**Title:** Show HN: Prismo — an autonomous cost agent for AI coding that verifies its own fixes
+
+**Body:**
+
+AI coding agents (Claude Code, Codex, Cursor) waste a surprising share of their tokens: re-reading the same file hundreds of times, dumping full test output into context, loading lockfiles and build artifacts, retrying the same failing command. Most tools in this space show you a dashboard of the damage and stop there.
+
+Prismo closes the loop. It runs locally (`npx getprismo doctor` to try it — no login, nothing leaves your machine), reads your agents' own session logs, and attributes waste to one of five causes. Then, if you connect it:
+
+- a local planner repairs the top cause automatically — each cause has a dedicated fix, not a generic one
+- after every repair, it measures the waste rate for that cause in your *later* sessions and stores a verdict: improved, no-change, or regressed
+- failed repairs escalate to a stronger tier (context firewall, tighter budgets); a cause that fails both tiers is held for human review instead of being retried forever
+- for Claude Code it goes further than advice: a PreToolUse hook actually denies reads into blocked context and the fourth retry of an identical command (fail-open, removable with one command)
+- savings are reported in dollars, verified against real usage — not estimated — with a weekly digest you can paste into Slack
+- and the planner learns from the fleet: anonymized repair verdicts (counts only) aggregate into priors, so your first repair starts at the tier that's known to work
+
+In our own dogfooding it [verified ~$X saved across N sessions in the first week].
+
+The CLI is MIT-licensed: https://github.com/shanirsh/prismodev — the verification loop math is in the repo (14-day baseline, before/after waste rates, 1% epsilon). Would love feedback on the enforcement design and the verdict thresholds.
+
+---
+
+## X / Twitter thread
+
+1/ Every AI-coding-cost tool shows you a dashboard of waste. We built the thing that fixes it — and then proves the fix worked, in dollars.
+
+2/ Prismo watches your Claude Code / Codex / Cursor sessions locally, attributes waste to 5 causes, and repairs the top one automatically. Ignore rules, shielded commands, context firewalls, scoped restarts — each cause gets its own fix.
+
+3/ The part nobody else does: after a repair, it measures that cause's waste rate in your NEXT sessions. Improved → stand down. No change → escalate to a stronger repair. Failed twice → stop and ask a human. It's a feedback controller, not a script.
+
+4/ For Claude Code it's not advisory. `prismo enforce install` wires a hook that *denies* reads into node_modules/logs/build output and blocks the 4th retry of an identical failing command. Fail-open, one command to remove.
+
+5/ And it learns across every install: anonymized repair verdicts roll up into fleet priors, so your first repair starts at the tier the fleet already knows works. The more users, the smarter every agent gets.
+
+6/ Monday morning: `prismo digest` → "Prismo saved you ~$X this week — verified against your sessions." Paste it in Slack. The product re-justifies itself weekly.
+
+7/ Try it in 10 seconds, no login, local-only: `npx getprismo doctor` — MIT licensed → github.com/shanirsh/prismodev
+
+---
+
+## Release notes (0.1.40 → 0.1.42)
+
+- **Cause-specific repair executors** — workspace actions with a `targetCause` run a targeted repair (repeated-file-reads, tool-output-flood, generated-artifacts, context-loop, long-session-buildup) instead of generic doctor; `prismo repair <cause>` runs them standalone.
+- **Autonomous repair planner** — `agent --watch` self-repairs on an interval with thresholds, per-cause cooldowns, local before/after verdicts, and mild→aggressive escalation; `prismo repair auto [--dry-run]`.
+- **Runtime enforcement** — `prismo enforce install` adds a Claude Code PreToolUse hook denying blocked-context reads and identical-command loops; fails open; `enforce uninstall` reverts.
+- **Verified savings in dollars** — `prismo digest [--days N]` prints the weekly verified-savings summary; the dashboard leads with dollars.
+- **Fleet priors** — first repairs start at the tier the fleet's verified outcomes recommend (anonymized counts only; local verdicts always win).
+- **Cloud escalation + dedupe** — auto-queued repairs escalate after failed verdicts; duplicate actions are deduped at creation and claim.
+- **CI releases** — tag push runs tests and publishes.

package/docs/privacy-telemetry.md

@@ -0,0 +1,67 @@
+# Privacy & telemetry
+
+prismodev is local-first. Most commands (`doctor`, `watch`, `scan`, `shield`, `repair`, `enforce`, ...) read your repo and your coding tools' local logs and write files under `.prismo/`. Nothing leaves your machine unless you explicitly connect (`prismo connect --token ...`).
+
+This page lists **exactly** what the connector sends after you connect, field by field, taken from the code that builds the payloads ([`buildSyncPayload` / `sanitizeSession` in cloud-sync.js](../lib/prismo-dev/cloud-sync.js)). If the code and this page ever disagree, the code wins and the page has a bug — please file an issue.
+
+## What never leaves your machine
+
+- prompts and conversation text
+- source code and file contents
+- stdout/stderr of your commands (shield stores full output **locally** under `.prismo/shield/`)
+- full command strings from your sessions (only *counts* of repeated commands are sent)
+- file paths beyond the repo identity below (repeated-read and artifact signals are sent as counts, not paths)
+- environment variables, API keys for model providers, git history
+
+## What session sync sends (`prismo sync`, and the connector on an interval)
+
+Per machine:
+
+| field | example | note |
+|---|---|---|
+| client name/version/platform/hostname | `prismodev 0.1.42, darwin arm64, Shans-MacBook-Air.local` | hostname identifies the device in your workspace |
+
+Repo identity (so the dashboard can group by project):
+
+| field | example |
+|---|---|
+| repo folder name | `prismodev` |
+| git remote, credentials stripped | `github.com/you/repo` |
+| current branch + short commit | `main`, `abc123def456` |
+| current branch's PR number + state, when the `gh` CLI is installed and authenticated | `#142, merged` |
+
+Per session (numbers and category labels only):
+
+| field | example |
+|---|---|
+| session id, tool, model | `claude-code`, `sonnet` |
+| session title | whatever your coding tool stored as the session title — usually a short task summary. If your titles are sensitive, know that they sync. |
+| timestamps, turns, tool-call counts | `18 turns, 42 tool calls` |
+| token totals | display/context/exact/tool-output token counts |
+| waste estimate | wasted tokens, waste percent, top cause label (e.g. `tool-output-flood`) |
+| signals | counts of repeated file reads, artifact mentions, repeated commands; loop suspicion boolean |
+
+Plus a repo scan summary (score, risk level, issue counts — not file contents) and the aggregate totals of the above.
+
+## What other connector calls send
+
+- **heartbeat** — agent version, mode, online/offline, device name
+- **action status** — for each workspace action: status, a one-line status message, and a result object (counts, scores, generated `.prismo/` file *names*)
+- **guard events** — prevention event category, token counts, cause label
+- **auto-detect / self-repair reports** — finding categories and messages generated by prismodev itself
+
+## Fleet learning is counts-only
+
+The fleet priors endpoint aggregates repair verdicts across all customers as `cause x tier -> attempts / improved`. The aggregate contains **no** org ids, user ids, repo names, branches, or labels — it is six numbers per cause. Your connector reads this aggregate; it cannot read anything about other customers.
+
+## Runtime enforcement is fully local
+
+`prismo enforce` hooks run on your machine, decide locally against `.prismo/blocked-context.txt` and `.prismo/enforce-state.json`, and send nothing anywhere. Denial counts stay in the local state file.
+
+## Verify it yourself
+
+```bash
+npx getprismo sync --dry-run --json   # prints the exact payload without sending it
+```
+
+That command is the contract: what you see there is the entirety of what `sync` would send.

package/lib/prismo-dev/agent.js

@@ -458,10 +458,20 @@ module.exports = function createAgent(deps) {
 
     let plannerResult = null;
     if (options.planRepairs && repairPlanner) {
+      // Fleet priors are anonymized cause x tier improve rates across all
+      // orgs; the planner uses them to pick a starting tier. Best-effort:
+      // planning works without them.
+      let fleetPriors = null;
+      try {
+        const endpoint = options.fleetPriorsEndpoint || `${apiBase(config)}/v1/dev/fleet/repair-priors`;
+        const response = await requestJson("GET", endpoint, config.token, null, options.timeoutMs || 8000);
+        fleetPriors = response.data && Array.isArray(response.data.priors) ? response.data.priors : null;
+      } catch (_) {}
       try {
         plannerResult = await repairPlanner.runPlannerOnce(rootDir, {
           execute: mode === "autopilot",
           sessionLimit: options.plannerSessionLimit,
+          fleetPriors,
         });
         const registered = plannerResult.executed
           ? await registerSelfRepair(config, plannerResult, options)

package/lib/prismo-dev/cli.js

@@ -3,9 +3,10 @@ const { printHelp, printCommandHelp } = require("./help");
 
 const VALID_COMMANDS = new Set([
   "dev", "init", "doctor", "firewall", "benchmark", "shield", "mcp",
-  "connect", "sync", "status", "disconnect", "agent", "connector", "setup", "scan",
+  "connect", "sync", "status", "disconnect", "agent", "connector", "setup", "scan", "digest",
   "optimize", "context", "cc", "cursor", "receipt", "instructions",
   "timeline", "replay", "boundaries", "usage", "guard", "watch", "demo", "repair",
+  "enforce", "hook",
 ]);
 
 function parseTokenBudget(value) {
@@ -59,10 +60,12 @@ function createCli(deps) {
     renderReceiptTerminal,
     buildReceipt,
     renderConnectTerminal,
+    renderDigestTerminal,
     renderDisconnectTerminal,
     renderStatusTerminal,
     renderSyncTerminal,
     runConnect,
+    runDigest,
     runDisconnect,
     runStatus,
     runSync,
@@ -73,6 +76,12 @@ function createCli(deps) {
     runRepair,
     renderPlannerTerminal,
     runPlannerOnce,
+    decidePostToolUse,
+    decidePreToolUse,
+    renderEnforceTerminal,
+    runEnforceInstall,
+    runEnforceStatus,
+    runEnforceUninstall,
     renderAgentTerminal,
     runAgent,
     renderConnectorTerminal,
@@ -464,6 +473,17 @@ function createCli(deps) {
       return;
     }
 
+    if (command === "digest") {
+      const json = rest.includes("--json");
+      const daysIndex = rest.indexOf("--days");
+      const result = await runDigest({
+        days: parsePositiveInt(daysIndex >= 0 ? rest[daysIndex + 1] : null, 7),
+      });
+      if (json) console.log(JSON.stringify(result, null, 2));
+      else console.log(renderDigestTerminal(result));
+      return;
+    }
+
     if (command === "status") {
       const json = rest.includes("--json");
       const result = runStatus();
@@ -801,6 +821,36 @@ function createCli(deps) {
       return;
     }
 
+    if (command === "hook") {
+      const subcommand = (rest[0] || "").toLowerCase();
+      if (subcommand !== "pretooluse" && subcommand !== "posttooluse") {
+        printCommandHelp("enforce");
+        return;
+      }
+      const chunks = [];
+      for await (const chunk of process.stdin) chunks.push(chunk);
+      const raw = Buffer.concat(chunks).toString("utf8");
+      const decision = subcommand === "pretooluse"
+        ? decidePreToolUse(process.cwd(), raw)
+        : decidePostToolUse(process.cwd(), raw);
+      if (decision) console.log(JSON.stringify(decision));
+      return;
+    }
+
+    if (command === "enforce") {
+      const json = rest.includes("--json");
+      const subcommand = (getPositionals(rest, new Set())[0] || "status").toLowerCase();
+      const target = getPositionals(rest, new Set())[1] || process.cwd();
+      const result = subcommand === "install"
+        ? runEnforceInstall(target)
+        : subcommand === "uninstall"
+          ? runEnforceUninstall(target)
+          : runEnforceStatus(target);
+      if (json) console.log(JSON.stringify(result, null, 2));
+      else console.log(renderEnforceTerminal(result));
+      return;
+    }
+
     if (command === "usage" || command === "watch") {
       const json = rest.includes("--json");
       const knownTools = new Set(["codex", "claude", "cursor", "all"]);

package/lib/prismo-dev/cloud-sync.js

@@ -65,6 +65,27 @@ module.exports = function createCloudSync(deps) {
     }
   }
 
+  // Best-effort PR linkage for the current branch via the GitHub CLI, so
+  // branch costs can roll up to cost-per-merged-PR. Silently absent when gh
+  // is not installed, not authenticated, or the branch has no PR.
+  function detectPullRequest(root) {
+    try {
+      const { spawnSync } = require("child_process");
+      const result = spawnSync("gh", ["pr", "view", "--json", "number,state"], {
+        cwd: root,
+        encoding: "utf8",
+        timeout: 4000,
+        stdio: ["ignore", "pipe", "ignore"],
+      });
+      if (result.status !== 0) return null;
+      const parsed = JSON.parse(String(result.stdout || ""));
+      if (!parsed || typeof parsed.number !== "number") return null;
+      return { number: parsed.number, state: String(parsed.state || "").toLowerCase() || null };
+    } catch {
+      return null;
+    }
+  }
+
   function repoIdentity(root) {
     const resolved = path.resolve(root || process.cwd());
     const remote = runGit(resolved, ["config", "--get", "remote.origin.url"]);
@@ -75,6 +96,7 @@ module.exports = function createCloudSync(deps) {
       remote: redactRemote(remote),
       branch: branch || null,
       commit: commit || null,
+      pr: detectPullRequest(resolved),
     };
   }
 
@@ -371,6 +393,78 @@ module.exports = function createCloudSync(deps) {
     };
   }
 
+  async function runDigest(options = {}) {
+    const config = loadConfig();
+    if (!config || !config.token) {
+      return {
+        schemaVersion: 1,
+        command: "digest",
+        connected: false,
+        digest: null,
+        error: "not-connected",
+        next: [`${NPX_COMMAND} connect --token <token>`],
+      };
+    }
+    const base = String(config.apiUrl || DEFAULT_API_URL).replace(/\/$/, "");
+    const days = Math.max(1, Number(options.days || 7));
+    const endpoint = options.endpoint || `${base}/v1/dev/workspace/digest/agent?days=${encodeURIComponent(days)}`;
+    // Local enforcement stats never sync; fold them into the digest here.
+    let localEnforcement = null;
+    try {
+      const statePath = path.join(options.cwd || process.cwd(), ".prismo", "enforce-state.json");
+      const denials = (JSON.parse(fs.readFileSync(statePath, "utf8")).denials) || null;
+      if (denials && denials.total > 0) {
+        localEnforcement = {
+          denials: denials.total,
+          estimatedTokensSaved: denials.estimatedTokensSaved || 0,
+        };
+      }
+    } catch {}
+    try {
+      const response = await requestJson("GET", endpoint, config.token, null, options.timeoutMs || 10000);
+      return {
+        schemaVersion: 1,
+        command: "digest",
+        connected: true,
+        apiUrl: base,
+        digest: response.data,
+        localEnforcement,
+      };
+    } catch (error) {
+      return {
+        schemaVersion: 1,
+        command: "digest",
+        connected: true,
+        apiUrl: base,
+        digest: null,
+        error: error && error.message ? error.message : String(error),
+      };
+    }
+  }
+
+  function renderDigestTerminal(result) {
+    const lines = [];
+    lines.push("");
+    lines.push("PrismoDev Digest");
+    lines.push("");
+    if (!result.connected) {
+      lines.push("Status: not connected");
+      lines.push("");
+      lines.push("Next");
+      (result.next || []).forEach((item, index) => lines.push(`${index + 1}. ${item}`));
+      return lines.join("\n");
+    }
+    if (!result.digest) {
+      lines.push(`Could not load digest${result.error ? `: ${result.error}` : "."}`);
+      return lines.join("\n");
+    }
+    (result.digest.lines || [result.digest.headline]).forEach((line) => lines.push(line));
+    if (result.localEnforcement) {
+      lines.push(`Local enforcement: ${result.localEnforcement.denials} denial(s), ~${result.localEnforcement.estimatedTokensSaved.toLocaleString()} tokens kept out of context on this machine.`);
+    }
+    return lines.join("\n");
+  }
+
   function runStatus() {
     const config = loadConfig();
     const state = readJson(statePath());
@@ -499,10 +593,12 @@ module.exports = function createCloudSync(deps) {
     estimateWaste,
     loadConfig,
     renderConnectTerminal,
+    renderDigestTerminal,
     renderDisconnectTerminal,
     renderStatusTerminal,
     renderSyncTerminal,
     runConnect,
+    runDigest,
     runDisconnect,
     runStatus,
     runSync,

package/lib/prismo-dev/enforce.js

@@ -0,0 +1,418 @@
+module.exports = function createEnforce(deps) {
+  const {
+    fs,
+    path,
+    NPX_COMMAND,
+    runFirewall,
+  } = deps;
+
+  const HOOK_COMMAND = `${NPX_COMMAND} hook pretooluse`;
+  const POST_HOOK_COMMAND = `${NPX_COMMAND} hook posttooluse`;
+  const FILE_TOOLS = new Set(["Read", "Glob", "Grep", "NotebookRead"]);
+  const MAX_IDENTICAL_COMMANDS = 3;
+  const MAX_COMMAND_FAILURES = 3;
+  const MAX_TRACKED_SESSIONS = 8;
+  const DENIAL_LOG_LIMIT = 50;
+  // Conservative token estimate for a denied loop retry (one round of
+  // command output that never entered context).
+  const LOOP_DENY_TOKEN_ESTIMATE = 2000;
+
+  function blockedContextPath(root) {
+    return path.join(root, ".prismo", "blocked-context.txt");
+  }
+
+  function enforceStatePath(root) {
+    return path.join(root, ".prismo", "enforce-state.json");
+  }
+
+  function settingsPath(root) {
+    return path.join(root, ".claude", "settings.json");
+  }
+
+  function readBlockedPatterns(root) {
+    try {
+      return fs.readFileSync(blockedContextPath(root), "utf8")
+        .split(/\r?\n/)
+        .map((line) => line.trim())
+        .filter((line) => line && !line.startsWith("#"));
+    } catch {
+      return [];
+    }
+  }
+
+  function readState(root) {
+    try {
+      const parsed = JSON.parse(fs.readFileSync(enforceStatePath(root), "utf8"));
+      return parsed && typeof parsed === "object" ? { sessions: {}, ...parsed } : { sessions: {} };
+    } catch {
+      return { sessions: {} };
+    }
+  }
+
+  function writeState(root, state) {
+    const filePath = enforceStatePath(root);
+    fs.mkdirSync(path.dirname(filePath), { recursive: true });
+    fs.writeFileSync(filePath, `${JSON.stringify(state, null, 2)}\n`, "utf8");
+  }
+
+  // Command records were plain attempt counters before outcome tracking;
+  // normalize either shape to {attempts, failures, succeeded, outcomes}.
+  function commandRecord(session, command) {
+    const existing = session.commands[command];
+    if (existing && typeof existing === "object") {
+      return { attempts: 0, failures: 0, succeeded: false, outcomes: 0, ...existing };
+    }
+    return { attempts: Number(existing || 0), failures: 0, succeeded: false, outcomes: 0 };
+  }
+
+  function sessionRecord(state, sessionId) {
+    const sessions = state.sessions || {};
+    state.sessions = sessions;
+    const session = sessions[sessionId] || { commands: {}, updatedAt: null };
+    sessions[sessionId] = session;
+    return session;
+  }
+
+  function pruneSessions(state) {
+    const sessions = state.sessions || {};
+    const ids = Object.keys(sessions)
+      .sort((a, b) => String(sessions[b].updatedAt || "").localeCompare(String(sessions[a].updatedAt || "")));
+    state.sessions = Object.fromEntries(ids.slice(0, MAX_TRACKED_SESSIONS).map((id) => [id, sessions[id]]));
+  }
+
+  function recordDenial(root, state, rule, target, estimatedTokens) {
+    const denials = state.denials || { total: 0, blockedContext: 0, loops: 0, estimatedTokensSaved: 0, recent: [] };
+    denials.total += 1;
+    if (rule === "blocked-context") denials.blockedContext += 1;
+    if (rule === "loop") denials.loops += 1;
+    denials.estimatedTokensSaved += Math.max(0, Math.round(estimatedTokens));
+    denials.recent = [{ at: new Date().toISOString(), rule, target }, ...(denials.recent || [])].slice(0, DENIAL_LOG_LIMIT);
+    state.denials = denials;
+    writeState(root, state);
+  }
+
+  function estimateBlockedFileTokens(root, target) {
+    try {
+      const fullPath = path.isAbsolute(target) ? target : path.join(root, target);
+      const stat = fs.statSync(fullPath);
+      if (stat.isFile()) return Math.min(200000, Math.round(stat.size / 4));
+    } catch {}
+    return 1500;
+  }
+
+  function relativePath(root, filePath) {
+    const value = String(filePath || "");
+    const resolvedRoot = path.resolve(root);
+    if (value.startsWith(`${resolvedRoot}${path.sep}`)) return value.slice(resolvedRoot.length + 1);
+    if (value === resolvedRoot) return ".";
+    return value.replace(/^\.\//, "");
+  }
+
+  function matchesBlocked(relPath, pattern) {
+    const candidate = String(relPath || "").replace(/\\/g, "/");
+    const rule = String(pattern || "").trim();
+    if (!candidate || !rule) return false;
+    if (rule.endsWith("/**")) {
+      const dir = rule.slice(0, -3).replace(/\/$/, "");
+      return candidate === dir || candidate.startsWith(`${dir}/`) || candidate.includes(`/${dir}/`);
+    }
+    if (rule.startsWith("*.")) {
+      return candidate.endsWith(rule.slice(1));
+    }
+    return candidate === rule
+      || candidate.endsWith(`/${rule}`)
+      || candidate.includes(`/${rule}/`)
+      || candidate.startsWith(`${rule}/`);
+  }
+
+  function deny(reason) {
+    return {
+      hookSpecificOutput: {
+        hookEventName: "PreToolUse",
+        permissionDecision: "deny",
+        permissionDecisionReason: reason,
+      },
+    };
+  }
+
+  // Decide whether a PreToolUse event should be blocked. Returns the hook
+  // response object for a deny, or null to allow. Fails open: any parse or
+  // state error allows the call rather than breaking the user's agent.
+  function decidePreToolUse(rootDir, rawEvent) {
+    let event;
+    try {
+      event = typeof rawEvent === "string" ? JSON.parse(rawEvent) : rawEvent;
+    } catch {
+      return null;
+    }
+    if (!event || typeof event !== "object") return null;
+    const root = path.resolve(event.cwd || rootDir || process.cwd());
+    const toolName = String(event.tool_name || "");
+    const toolInput = event.tool_input && typeof event.tool_input === "object" ? event.tool_input : {};
+
+    try {
+      if (FILE_TOOLS.has(toolName)) {
+        const target = toolInput.file_path || toolInput.notebook_path || toolInput.path || null;
+        if (!target) return null;
+        const relPath = relativePath(root, target);
+        const patterns = readBlockedPatterns(root);
+        const hit = patterns.find((pattern) => matchesBlocked(relPath, pattern));
+        if (hit) {
+          recordDenial(root, readState(root), "blocked-context", relPath, estimateBlockedFileTokens(root, target));
+          return deny(
+            `Prismo context firewall: "${relPath}" is blocked context (rule: ${hit}). `
+            + "It is generated output that wastes agent tokens. Use the .prismo/ context packs instead, "
+            + `or run \`${NPX_COMMAND} shield -- <command>\` if you need its contents summarized.`
+          );
+        }
+        return null;
+      }
+
+      if (toolName === "Bash") {
+        const command = String(toolInput.command || "").trim().replace(/\s+/g, " ");
+        if (!command) return null;
+        const sessionId = String(event.session_id || "unknown");
+        const state = readState(root);
+        const session = sessionRecord(state, sessionId);
+        const record = commandRecord(session, command);
+
+        // Outcome-aware loop breaking: a command that ever succeeded in
+        // this session is legitimate to repeat (test loops while iterating).
+        // With outcome data, deny only after repeated failures; without it
+        // (PostToolUse hook absent), fall back to attempt counting.
+        const deniedByFailures = !record.succeeded && record.outcomes > 0 && record.failures >= MAX_COMMAND_FAILURES;
+        const deniedByAttempts = record.outcomes === 0 && record.attempts >= MAX_IDENTICAL_COMMANDS;
+        if (deniedByFailures || deniedByAttempts) {
+          recordDenial(root, state, "loop", command, LOOP_DENY_TOKEN_ESTIMATE);
+          const observation = deniedByFailures
+            ? `this exact command has already failed ${record.failures} times in this session`
+            : `this exact command has already run ${record.attempts} times in this session`;
+          return deny(
+            `Prismo loop breaker: ${observation}. `
+            + "Repeating it again will not change the outcome and floods context. Change the approach, "
+            + `or capture its output once with \`${NPX_COMMAND} shield -- ${command}\`.`
+          );
+        }
+        record.attempts += 1;
+        session.commands[command] = record;
+        session.updatedAt = new Date().toISOString();
+        pruneSessions(state);
+        writeState(root, state);
+        return null;
+      }
+    } catch {
+      return null;
+    }
+    return null;
+  }
+
+  // PostToolUse: record whether the Bash command actually failed, so the
+  // loop breaker can tell a failing retry loop from a legitimate test loop.
+  // Output shape varies by Claude Code version; unknown shapes record
+  // nothing rather than guessing.
+  function decidePostToolUse(rootDir, rawEvent) {
+    let event;
+    try {
+      event = typeof rawEvent === "string" ? JSON.parse(rawEvent) : rawEvent;
+    } catch {
+      return null;
+    }
+    if (!event || typeof event !== "object" || String(event.tool_name || "") !== "Bash") return null;
+    const toolInput = event.tool_input && typeof event.tool_input === "object" ? event.tool_input : {};
+    const command = String(toolInput.command || "").trim().replace(/\s+/g, " ");
+    if (!command) return null;
+
+    const response = event.tool_response;
+    let failed = null;
+    if (response && typeof response === "object") {
+      if (typeof response.exit_code === "number") failed = response.exit_code !== 0;
+      else if (typeof response.exitCode === "number") failed = response.exitCode !== 0;
+      else if (typeof response.is_error === "boolean") failed = response.is_error;
+      else if (response.interrupted === true) failed = true;
+    }
+    if (failed === null) return null;
+
+    try {
+      const root = path.resolve(event.cwd || rootDir || process.cwd());
+      const state = readState(root);
+      const session = sessionRecord(state, String(event.session_id || "unknown"));
+      const record = commandRecord(session, command);
+      record.outcomes += 1;
+      if (failed) record.failures += 1;
+      else record.succeeded = true;
+      session.commands[command] = record;
+      session.updatedAt = new Date().toISOString();
+      pruneSessions(state);
+      writeState(root, state);
+    } catch {}
+    return null;
+  }
+
+  function readSettings(root) {
+    try {
+      const parsed = JSON.parse(fs.readFileSync(settingsPath(root), "utf8"));
+      return parsed && typeof parsed === "object" ? parsed : {};
+    } catch {
+      return {};
+    }
+  }
+
+  function isPrismoHookEntry(entry) {
+    try {
+      const text = JSON.stringify(entry);
+      return text.includes("hook pretooluse") || text.includes("hook posttooluse");
+    } catch {
+      return false;
+    }
+  }
+
+  function hookInstalled(root) {
+    const settings = readSettings(root);
+    const entries = settings.hooks && Array.isArray(settings.hooks.PreToolUse) ? settings.hooks.PreToolUse : [];
+    return entries.some(isPrismoHookEntry);
+  }
+
+  function runEnforceInstall(rootDir = process.cwd(), options = {}) {
+    const root = path.resolve(rootDir);
+    const actions = [];
+
+    if (!fs.existsSync(blockedContextPath(root)) && runFirewall && !options.noFirewall) {
+      runFirewall(root, { task: "enforcement", dryRun: false });
+      actions.push("Generated .prismo context firewall policy (allowed/blocked context)");
+    }
+
+    const filePath = settingsPath(root);
+    const settings = readSettings(root);
+    settings.hooks = settings.hooks && typeof settings.hooks === "object" ? settings.hooks : {};
+    const preEntries = Array.isArray(settings.hooks.PreToolUse) ? settings.hooks.PreToolUse : [];
+    const postEntries = Array.isArray(settings.hooks.PostToolUse) ? settings.hooks.PostToolUse : [];
+    if (preEntries.some(isPrismoHookEntry) && postEntries.some(isPrismoHookEntry)) {
+      actions.push("Prismo hooks already installed in .claude/settings.json");
+    } else {
+      const existed = fs.existsSync(filePath);
+      if (existed) {
+        fs.copyFileSync(filePath, `${filePath}.prismo-backup`);
+        actions.push("Backed up .claude/settings.json to settings.json.prismo-backup");
+      }
+      if (!preEntries.some(isPrismoHookEntry)) {
+        preEntries.push({
+          matcher: "Read|Glob|Grep|NotebookRead|Bash",
+          hooks: [{ type: "command", command: HOOK_COMMAND }],
+        });
+      }
+      if (!postEntries.some(isPrismoHookEntry)) {
+        postEntries.push({
+          matcher: "Bash",
+          hooks: [{ type: "command", command: POST_HOOK_COMMAND }],
+        });
+      }
+      settings.hooks.PreToolUse = preEntries;
+      settings.hooks.PostToolUse = postEntries;
+      fs.mkdirSync(path.dirname(filePath), { recursive: true });
+      fs.writeFileSync(filePath, `${JSON.stringify(settings, null, 2)}\n`, "utf8");
+      actions.push(`${existed ? "Updated" : "Created"} .claude/settings.json with the Prismo PreToolUse + PostToolUse hooks`);
+    }
+
+    return {
+      schemaVersion: 1,
+      command: "enforce",
+      mode: "install",
+      installed: true,
+      blockedRules: readBlockedPatterns(root).length,
+      actions,
+      generatedAt: new Date().toISOString(),
+    };
+  }
+
+  function runEnforceUninstall(rootDir = process.cwd()) {
+    const root = path.resolve(rootDir);
+    const filePath = settingsPath(root);
+    const settings = readSettings(root);
+    const actions = [];
+    let removed = false;
+    for (const eventName of ["PreToolUse", "PostToolUse"]) {
+      const entries = settings.hooks && Array.isArray(settings.hooks[eventName]) ? settings.hooks[eventName] : [];
+      const kept = entries.filter((entry) => !isPrismoHookEntry(entry));
+      if (kept.length !== entries.length) {
+        removed = true;
+        if (kept.length) settings.hooks[eventName] = kept;
+        else if (settings.hooks) delete settings.hooks[eventName];
+      }
+    }
+    if (removed) {
+      fs.writeFileSync(filePath, `${JSON.stringify(settings, null, 2)}\n`, "utf8");
+      actions.push("Removed the Prismo hooks from .claude/settings.json");
+    } else {
+      actions.push("No Prismo hooks found in .claude/settings.json");
+    }
+    return {
+      schemaVersion: 1,
+      command: "enforce",
+      mode: "uninstall",
+      installed: false,
+      actions,
+      generatedAt: new Date().toISOString(),
+    };
+  }
+
+  function runEnforceStatus(rootDir = process.cwd()) {
+    const root = path.resolve(rootDir);
+    const state = readState(root);
+    const denials = state.denials || { total: 0, blockedContext: 0, loops: 0, estimatedTokensSaved: 0 };
+    return {
+      schemaVersion: 1,
+      command: "enforce",
+      mode: "status",
+      installed: hookInstalled(root),
+      blockedRules: readBlockedPatterns(root).length,
+      trackedSessions: Object.keys(state.sessions || {}).length,
+      denials: {
+        total: denials.total || 0,
+        blockedContext: denials.blockedContext || 0,
+        loops: denials.loops || 0,
+        estimatedTokensSaved: denials.estimatedTokensSaved || 0,
+      },
+      settingsPath: path.join(".claude", "settings.json"),
+      generatedAt: new Date().toISOString(),
+    };
+  }
+
+  function renderEnforceTerminal(result) {
+    const lines = [];
+    lines.push("");
+    lines.push("PrismoDev Enforce");
+    lines.push("");
+    if (result.mode === "status") {
+      lines.push(`Hook installed: ${result.installed ? "yes" : "no"}`);
+      lines.push(`Blocked-context rules: ${result.blockedRules}`);
+      lines.push(`Sessions tracked for loop breaking: ${result.trackedSessions}`);
+      if (result.denials && result.denials.total > 0) {
+        lines.push(`Denials: ${result.denials.total} (${result.denials.blockedContext} blocked-context, ${result.denials.loops} loop)`);
+        lines.push(`Estimated tokens kept out of context: ~${result.denials.estimatedTokensSaved.toLocaleString()}`);
+      }
+      if (!result.installed) {
+        lines.push("");
+        lines.push(`Run \`${NPX_COMMAND} enforce install\` to enforce the context firewall at runtime.`);
+      }
+      return lines.join("\n");
+    }
+    (result.actions || []).forEach((action) => lines.push(`- ${action}`));
+    if (result.mode === "install") {
+      lines.push("");
+      lines.push(`Blocked-context rules enforced: ${result.blockedRules}`);
+      lines.push("Claude Code will now be denied reads of blocked context and fourth retries of an identical command.");
+      lines.push("Other agents still follow the .prismo policy files advisorily.");
+    }
+    return lines.join("\n");
+  }
+
+  return {
+    decidePostToolUse,
+    decidePreToolUse,
+    matchesBlocked,
+    renderEnforceTerminal,
+    runEnforceInstall,
+    runEnforceStatus,
+    runEnforceUninstall,
+  };
+};

package/lib/prismo-dev/help.js

@@ -16,6 +16,7 @@ Usage:
   prismo connector [status|install|start|stop|uninstall] [--json] [--interval N] [--sync-interval N] [--mode observe|suggest|autopilot] [path]
   prismo sync [--json] [--dry-run] [--watch] [--interval N] [--limit N] [--tool all|codex|claude|cursor] [path]
   prismo status [--json]
+  prismo digest [--json] [--days N]
   prismo disconnect [--json]
   prismo agent [--json] [--once] [--watch] [--interval N] [--sync-interval N] [--limit N] [--mode MODE] [path]
   prismo setup [--json] [--proxy-url URL] [path]
@@ -34,6 +35,7 @@ Usage:
   prismo usage [codex|claude|cursor|all] [--json] [--limit N] [path]
   prismo guard [codex|claude|cursor|all] [--json] [--watch] [--once] [--no-sync] [--dry-run] [--limit N] [--budget N] [--interval N] [path]
   prismo repair <cause|auto> [--json] [--dry-run] [--tier mild|aggressive] [--limit N] [--budget N] [--scope SCOPE] [path] [-- <command ...>]
+  prismo enforce [status|install|uninstall] [--json] [path]
   prismo watch [codex|claude|cursor|all] [--json] [--once] [--agents] [--report] [--rescue] [--guardrails] [--throttle] [--events] [--no-events] [--auto] [--budget N] [--redact-paths] [--interval N] [path]
   prismo demo
 
@@ -49,6 +51,7 @@ Commands:
   connector   Install or manage the background Prismo Workspace connector.
   sync        Send safe aggregate local agent telemetry to Prismo; use --watch for background-style sync.
   status      Show local PrismoDev connection and last sync state.
+  digest      Print the verified-savings summary for the last N days, ready to paste into Slack.
   disconnect  Remove the local PrismoDev cloud connection.
   agent       Claim and execute safe workspace actions queued from Prismo Cloud.
   scan        Run PrismoDev for Claude Code, Codex, Cursor, and AI coding workflows.
@@ -64,6 +67,7 @@ Commands:
   usage       Read local Codex/Claude Code/Cursor session logs and summarize token usage.
   guard       Run proactive local guardrails and sync prevention events to Prismo.
   repair      Run the cause-specific repair for a detected waste cause; "auto" lets the planner pick.
+  enforce     Enforce the context firewall at runtime via Claude Code hooks (block blocked-context reads and command loops).
   watch       Refresh local session usage in the terminal.
   demo        Show sample output without needing a messy repo.
   setup       Detect coding tools, tracking modes, local logs, and Prismo proxy readiness.
@@ -321,6 +325,28 @@ Output:
   --dry-run with auto prints the planner decision without executing.
   --tier aggressive forces the stronger repair; cloud-queued actions carry it automatically after a no-change/regressed verdict.
   Repairs only write .prismo/ files and append ignore rules with backups; they never overwrite CLAUDE.md, AGENTS.md, .gitignore, or source code.`,
+  enforce: `PrismoDev Enforce
+
+Usage:
+  prismo enforce [status|install|uninstall] [--json] [path]
+
+Examples:
+  prismo enforce status
+  prismo enforce install
+  prismo enforce uninstall
+
+What install does:
+  1. Generates the .prismo context firewall policy if it does not exist yet.
+  2. Adds a PreToolUse hook to .claude/settings.json (with a backup) that runs "prismo hook pretooluse".
+
+What the hook enforces (Claude Code only):
+  - Denies Read/Glob/Grep/NotebookRead calls into blocked context (.prismo/blocked-context.txt) with a reason pointing at the context packs.
+  - Denies the 4th attempt of an identical Bash command in one session and suggests prismo shield instead.
+
+Notes:
+  Enforcement fails open: malformed events or missing policy files allow the call.
+  Other coding agents still follow the .prismo policy files advisorily.
+  Uninstall removes only the Prismo hook entry and leaves the rest of settings.json untouched.`,
   watch: `Prismo Watch
 
 Usage:

package/lib/prismo-dev/repair-planner.js

@@ -20,6 +20,11 @@ module.exports = function createRepairPlanner(deps) {
     baselineDays: 14,
     rateEpsilon: 0.01,
     historyLimit: 20,
+    // Fleet priors: minimum cross-org sample before trusting a rate, and the
+    // rates at which a first repair starts aggressive instead of mild.
+    fleetMinSample: 5,
+    fleetMildMaxRate: 0.4,
+    fleetAggressiveMinRate: 0.5,
   };
 
   function nowIso() {
@@ -127,6 +132,21 @@ module.exports = function createRepairPlanner(deps) {
     return verdict;
   }
 
+  // When the fleet has enough verified outcomes showing mild repairs rarely
+  // fix a cause while aggressive ones usually do, start aggressive on the
+  // first local repair instead of re-learning what the fleet already knows.
+  function fleetStartingTier(cause, priors, config) {
+    if (!Array.isArray(priors)) return null;
+    const mild = priors.find((p) => p && p.cause === cause && p.tier === "mild");
+    const aggressive = priors.find((p) => p && p.cause === cause && p.tier === "aggressive");
+    if (!mild || !aggressive) return null;
+    if (Number(mild.attempts || 0) < config.fleetMinSample || Number(aggressive.attempts || 0) < config.fleetMinSample) return null;
+    if (Number(mild.improveRate || 0) <= config.fleetMildMaxRate && Number(aggressive.improveRate || 0) >= config.fleetAggressiveMinRate) {
+      return { mild, aggressive };
+    }
+    return null;
+  }
+
   // Decide what (if anything) to repair next. Pure read: does not execute
   // or modify state, so observe/suggest modes can call it safely.
   function plan(root, options = {}) {
@@ -150,6 +170,11 @@ module.exports = function createRepairPlanner(deps) {
       const entry = state.causes[scored.cause] || null;
       let verdict = null;
       let tier = "mild";
+      let fleet = null;
+      if (!entry || !entry.lastRepairAt) {
+        fleet = fleetStartingTier(scored.cause, options.fleetPriors, config);
+        if (fleet) tier = "aggressive";
+      }
       if (entry && entry.lastRepairAt) {
         const repairedAtMs = Date.parse(entry.lastRepairAt);
         if (Number.isFinite(repairedAtMs)) {
@@ -182,7 +207,9 @@ module.exports = function createRepairPlanner(deps) {
           previousVerdict: verdict ? verdict.status : null,
           reason: verdict && tier === "aggressive"
             ? `Last ${entry.lastTier} repair came back ${verdict.status}; escalating to aggressive.`
-            : `${scored.cause} is the top waste cause (${scored.wastedTokens.toLocaleString()} tokens, ${(scored.wasteRate * 100).toFixed(1)}% of observed).`,
+            : fleet
+              ? `Fleet experience: mild repairs improved this cause ${(Number(fleet.mild.improveRate) * 100).toFixed(0)}% of the time vs ${(Number(fleet.aggressive.improveRate) * 100).toFixed(0)}% aggressive — starting aggressive.`
+              : `${scored.cause} is the top waste cause (${scored.wastedTokens.toLocaleString()} tokens, ${(scored.wasteRate * 100).toFixed(1)}% of observed).`,
         };
       } else {
         skipped.push({ cause: scored.cause, reason: "lower-priority" });

package/lib/prismo-dev-scan.js

@@ -275,10 +275,12 @@ const {
   estimateWaste,
   loadConfig,
   renderConnectTerminal,
+  renderDigestTerminal,
   renderDisconnectTerminal,
   renderStatusTerminal,
   renderSyncTerminal,
   runConnect,
+  runDigest,
   runDisconnect,
   runStatus,
   runSync,
@@ -332,6 +334,20 @@ const {
   runRepair,
 } = repairExecutors;
 
+const {
+  decidePostToolUse,
+  decidePreToolUse,
+  renderEnforceTerminal,
+  runEnforceInstall,
+  runEnforceStatus,
+  runEnforceUninstall,
+} = require("./prismo-dev/enforce")({
+  fs,
+  path,
+  NPX_COMMAND,
+  runFirewall,
+});
+
 const repairPlanner = require("./prismo-dev/repair-planner")({
   fs,
   path,
@@ -477,10 +493,12 @@ const { runCli } = require("./prismo-dev/cli")({
   renderReceiptTerminal,
   buildReceipt,
   renderConnectTerminal,
+  renderDigestTerminal,
   renderDisconnectTerminal,
   renderStatusTerminal,
   renderSyncTerminal,
   runConnect,
+  runDigest,
   runDisconnect,
   runStatus,
   runSync,
@@ -491,6 +509,12 @@ const { runCli } = require("./prismo-dev/cli")({
   runRepair,
   renderPlannerTerminal,
   runPlannerOnce,
+  decidePostToolUse,
+  decidePreToolUse,
+  renderEnforceTerminal,
+  runEnforceInstall,
+  runEnforceStatus,
+  runEnforceUninstall,
   renderAgentTerminal,
   runAgent,
   renderConnectorTerminal,
@@ -596,6 +620,12 @@ module.exports = {
   REPAIR_CAUSES,
   runPlannerOnce,
   renderPlannerTerminal,
+  decidePostToolUse,
+  decidePreToolUse,
+  renderEnforceTerminal,
+  runEnforceInstall,
+  runEnforceStatus,
+  runEnforceUninstall,
   runConnectorInstall,
   runConnectorStart,
   runConnectorStatus,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "getprismo",
-  "version": "0.1.41",
+  "version": "0.1.43",
   "description": "Local AI coding workflow scanner for Codex, Claude Code, Cursor, and token-waste diagnostics.",
   "license": "MIT",
   "homepage": "https://github.com/shanirsh/prismodev#readme",