getprismo 0.1.42 → 0.1.44

package/README.md

@@ -4,13 +4,13 @@
 [![npm downloads](https://img.shields.io/npm/dw/getprismo.svg)](https://www.npmjs.com/package/getprismo)
 [![license: MIT](https://img.shields.io/badge/license-MIT-green.svg)](LICENSE)
 
-local ai coding cost control. one command to diagnose token waste, fix it, and prove the improvement.
+an agent control plane for ai coding. it watches local coding agents, finds token waste, stages or executes safe interventions, verifies the fix against your next sessions in dollars, and escalates or backs off based on what actually worked. unattended.
 
 ```bash
 npx getprismo doctor
 ```
 
-that's it. run it on any repo. no api keys, no login, no data leaves your machine.
+that's it. run it on any repo. no api keys, no login, no data leaves your machine. connect it once and it runs itself.
 
 ---
 
@@ -20,7 +20,7 @@ ai coding agents (claude code, codex, cursor) burn tokens on things that don't h
 
 most developers don't realize this is happening until the bill arrives or the agent starts looping.
 
-prismodev catches it before, during, and after.
+prismodev gives you a control plane for it before, during, and after.
 
 ---
 
@@ -31,14 +31,21 @@ prismodev covers the full AI coding session:
 ```
 before you code     npx getprismo doctor
 while you code      npx getprismo guard --watch
+enforce at runtime  npx getprismo enforce install
 noisy commands      npx getprismo shield -- npm test
+targeted repairs    npx getprismo repair auto
 after you code      npx getprismo receipt
 postmortem          npx getprismo replay
+weekly receipt      npx getprismo digest
 workspace agent     npx getprismo agent --watch
 agent-native        npx getprismo mcp
+optional bridge     npx getprismo bridge
 ```
 
 **doctor** diagnoses the repo, applies safe fixes, and shows the before/after score.
+**repair** runs the targeted fix for one waste cause; `repair auto` lets the planner pick.
+**enforce** turns the context firewall into actual runtime enforcement via Claude Code hooks.
+**digest** prints the launch report: verified saved tokens/dollars first, live prevention clearly labeled as estimated, ready to post or paste into Slack.
 **guard** runs live guardrails, context throttle, rescue prompts, context firewall, and dashboard-ready prevention events.
 **watch** monitors context pressure live and is the lower-level diagnostic view behind guard.
 **receipt** explains what repeated, what output dominated, what artifacts leaked, what likely influenced the run, and a heuristic context-efficiency score.
@@ -46,6 +53,77 @@ agent-native        npx getprismo mcp
 **shield** runs noisy commands without dumping full output back into the agent context.
 **agent** connects Prismo Cloud to your local repo so dashboard actions can safely run on this machine.
 **mcp** exposes PrismoDev as local tools so compatible agents can scan, search shield output, and request scoped context directly.
+**bridge** explains the optional tighter control layer for teams that want Prismo closer to the agent execution path.
+
+---
+
+## new: the self-driving loop
+
+connect once and prismodev operates itself:
+
+```bash
+npx getprismo connect --token <your prismo api key>
+```
+
+from that point, on every machine running the connector:
+
+1. **detect** — session telemetry syncs continuously; waste is attributed to one of five causes: repeated file reads, tool-output floods, generated artifacts, context loops, long-session buildup.
+2. **decide** — a local planner scores causes against thresholds, respects cooldowns, and won't re-repair a cause until enough new sessions arrived to judge the last attempt. the backend auto-queues repairs the same way — no dashboard clicks.
+3. **repair** — each cause has a dedicated executor (not doctor-for-everything): ignore rules + hot-file maps, shield staging, firewall policies, tightened guard budgets, scoped context packs with restart routines.
+4. **verify** — after a repair, the waste rate for that cause is measured in your *later* sessions (14-day baseline, real before/after math). verdicts: `improved`, `no-change`, `regressed`.
+5. **adapt** — `improved` stays mild. `no-change`/`regressed` escalates to an aggressive tier (context firewall + tighter budgets). a cause that fails both tiers is held for your review instead of being retried forever — the one moment a human is genuinely needed, surfaced loudly.
+
+savings are reported in **dollars, verified** — converted with a model-aware blended rate weighted across your actual sessions — on the dashboard and via `prismo digest`.
+
+and it learns across the fleet: anonymized repair verdicts (counts only, no repo/org identifiers) aggregate into priors, so when the fleet already knows mild repairs rarely fix a cause, your first repair starts at the tier that works. your own verdicts always outrank the fleet's.
+
+run one planner cycle by hand to see it think:
+
+```bash
+npx getprismo repair auto --dry-run
+```
+
+---
+
+## new: runtime enforcement
+
+advisory guardrails only help if the agent reads them. for claude code, prismodev can enforce them:
+
+```bash
+npx getprismo enforce install
+```
+
+this wires a `PreToolUse` hook (with a backup of `.claude/settings.json`) that:
+
+- **denies reads into blocked context** — `node_modules/`, build output, logs, lockfiles — with a reason pointing the agent at the compact `.prismo/` context packs instead
+- **denies the fourth attempt of an identical command** in one session, suggesting one shielded run instead of an expensive retry loop
+
+```text
+permissionDecision: deny
+reason: Prismo context firewall: "logs/huge.log" is blocked context (rule: logs/**).
+        Use the .prismo/ context packs instead, or run `npx getprismo shield -- <command>`
+        if you need its contents summarized.
+```
+
+enforcement fails open — malformed events or missing policy files allow the call, so it can never break a working agent. `enforce uninstall` removes only the prismo hook. other agents keep following the advisory `.prismo` files.
+
+---
+
+## new: optional bridge mode
+
+the background connector is the default. it observes local sessions, syncs safe aggregate telemetry, applies queued repairs, verifies the next sessions, and shows live events in the dashboard. it does not sit in front of every agent action.
+
+bridge mode is optional context for teams that want Prismo closer to the agent execution path, especially for live loop stopping:
+
+```bash
+npx getprismo bridge
+```
+
+- **Claude Code**: hard-block capable today through `npx getprismo enforce install`, which adds a `PreToolUse` hook that can deny blocked-context reads and repeated command loops before they run.
+- **Codex**: visible and repairable through local session logs, guardrails, shield, and MCP. universal hard-blocking needs Codex to run through a wrapper/bridge or expose a pre-tool hook.
+- **Cursor**: visible and repairable through local telemetry and staged repairs. universal hard-blocking needs Cursor to run through a wrapper/bridge or expose a pre-tool hook.
+
+that is why Prismo is not described as a proxy by default. connector mode is safer and simpler; bridge mode is the opt-in path when stronger live interception matters more than staying fully out of the agent execution path.
 
 ---
 
@@ -762,6 +840,9 @@ no install needed. npx runs it directly.
 | command | what it does |
 |---------|-------------|
 | `doctor` | diagnose, fix, optimize, show before/after |
+| `repair <cause\|auto>` | targeted repair for one waste cause; auto = planner picks with cooldowns and verdict feedback |
+| `enforce` | runtime enforcement of the context firewall via claude code hooks |
+| `digest` | verified-savings summary for the week, in dollars, ready for slack |
 | `watch` | live session monitoring with warnings |
 | `cc` | claude code cost breakdown |
 | `cc timeline` | session reconstruction with events |
@@ -785,6 +866,7 @@ no install needed. npx runs it directly.
 | `shield` | run noisy commands while keeping full output out of chat |
 | `agent` | claim and execute safe Prismo Cloud workspace actions locally |
 | `mcp` | expose PrismoDev tools over local MCP stdio |
+| `bridge` | explain optional bridge mode and live interception levels for Claude Code, Codex, and Cursor |
 | `setup` | detect tools, logs, proxy readiness |
 | `usage` | show raw session token usage |
 | `init` | add npm scripts and .prismo/README.md |
@@ -1067,6 +1149,9 @@ lib/prismo-dev/instructions.js   instruction ROI, partial-compliance, and ablati
 lib/prismo-dev/mcp.js            local MCP server and Prismo tool bindings
 lib/prismo-dev/receipt.js        run receipts for reads, output, artifacts, and next scope
 lib/prismo-dev/report.js         terminal, markdown, ci reports
+lib/prismo-dev/repair-executors.js  cause-specific repair executors with mild/aggressive tiers
+lib/prismo-dev/repair-planner.js    autonomous planner: cause scoring, cooldowns, local verdicts, escalation
+lib/prismo-dev/enforce.js        claude code PreToolUse hook enforcement and settings wiring
 lib/prismo-dev/replay.js         incident replay and recovery prompts
 lib/prismo-dev/scan.js           repo scanning, scoring, readiness
 lib/prismo-dev/scan-path-utils.js scan ignore/path helper logic
@@ -1090,6 +1175,9 @@ lib/prismo-dev/watch-render.js   watch terminal and guardrail renderers
 npx getprismo --help
 npx getprismo --version
 npx getprismo doctor --help
+npx getprismo repair --help
+npx getprismo enforce --help
+npx getprismo bridge --help
 npx getprismo watch --help
 npx getprismo shield --help
 npx getprismo mcp --help
@@ -1108,3 +1196,4 @@ More docs:
 
 - [MCP setup and tools](docs/mcp.md)
 - [Live demo flow](docs/live-demo.md)
+- [Privacy & telemetry — exactly what leaves your machine](docs/privacy-telemetry.md)

package/docs/announcement.md

@@ -0,0 +1,56 @@
+# Announcement drafts
+
+Working drafts for the autonomous-loop release (getprismo 0.1.42). Edit freely; numbers in brackets should be replaced with real figures from the dashboard once a week of verdicts has accumulated.
+
+---
+
+## Show HN
+
+**Title:** Show HN: Prismo — an autonomous cost agent for AI coding that verifies its own fixes
+
+**Body:**
+
+AI coding agents (Claude Code, Codex, Cursor) waste a surprising share of their tokens: re-reading the same file hundreds of times, dumping full test output into context, loading lockfiles and build artifacts, retrying the same failing command. Most tools in this space show you a dashboard of the damage and stop there.
+
+Prismo closes the loop. It runs locally (`npx getprismo doctor` to try it — no login, nothing leaves your machine), reads your agents' own session logs, and attributes waste to one of five causes. Then, if you connect it:
+
+- a local planner repairs the top cause automatically — each cause has a dedicated fix, not a generic one
+- after every repair, it measures the waste rate for that cause in your *later* sessions and stores a verdict: improved, no-change, or regressed
+- failed repairs escalate to a stronger tier (context firewall, tighter budgets); a cause that fails both tiers is held for human review instead of being retried forever
+- for Claude Code it goes further than advice: a PreToolUse hook actually denies reads into blocked context and the fourth retry of an identical command (fail-open, removable with one command)
+- savings are reported in dollars, verified against real usage — not estimated — with a weekly digest you can paste into Slack
+- and the planner learns from the fleet: anonymized repair verdicts (counts only) aggregate into priors, so your first repair starts at the tier that's known to work
+
+In our own dogfooding it [verified ~$X saved across N sessions in the first week].
+
+The CLI is MIT-licensed: https://github.com/shanirsh/prismodev — the verification loop math is in the repo (14-day baseline, before/after waste rates, 1% epsilon). Would love feedback on the enforcement design and the verdict thresholds.
+
+---
+
+## X / Twitter thread
+
+1/ Every AI-coding-cost tool shows you a dashboard of waste. We built the thing that fixes it — and then proves the fix worked, in dollars.
+
+2/ Prismo watches your Claude Code / Codex / Cursor sessions locally, attributes waste to 5 causes, and repairs the top one automatically. Ignore rules, shielded commands, context firewalls, scoped restarts — each cause gets its own fix.
+
+3/ The part nobody else does: after a repair, it measures that cause's waste rate in your NEXT sessions. Improved → stand down. No change → escalate to a stronger repair. Failed twice → stop and ask a human. It's a feedback controller, not a script.
+
+4/ For Claude Code it's not advisory. `prismo enforce install` wires a hook that *denies* reads into node_modules/logs/build output and blocks the 4th retry of an identical failing command. Fail-open, one command to remove.
+
+5/ And it learns across every install: anonymized repair verdicts roll up into fleet priors, so your first repair starts at the tier the fleet already knows works. The more users, the smarter every agent gets.
+
+6/ Monday morning: `prismo digest` → "Prismo saved you ~$X this week — verified against your sessions." Paste it in Slack. The product re-justifies itself weekly.
+
+7/ Try it in 10 seconds, no login, local-only: `npx getprismo doctor` — MIT licensed → github.com/shanirsh/prismodev
+
+---
+
+## Release notes (0.1.40 → 0.1.42)
+
+- **Cause-specific repair executors** — workspace actions with a `targetCause` run a targeted repair (repeated-file-reads, tool-output-flood, generated-artifacts, context-loop, long-session-buildup) instead of generic doctor; `prismo repair <cause>` runs them standalone.
+- **Autonomous repair planner** — `agent --watch` self-repairs on an interval with thresholds, per-cause cooldowns, local before/after verdicts, and mild→aggressive escalation; `prismo repair auto [--dry-run]`.
+- **Runtime enforcement** — `prismo enforce install` adds a Claude Code PreToolUse hook denying blocked-context reads and identical-command loops; fails open; `enforce uninstall` reverts.
+- **Verified savings in dollars** — `prismo digest [--days N]` prints the weekly verified-savings summary; the dashboard leads with dollars.
+- **Fleet priors** — first repairs start at the tier the fleet's verified outcomes recommend (anonymized counts only; local verdicts always win).
+- **Cloud escalation + dedupe** — auto-queued repairs escalate after failed verdicts; duplicate actions are deduped at creation and claim.
+- **CI releases** — tag push runs tests and publishes.

package/docs/privacy-telemetry.md

@@ -0,0 +1,67 @@
+# Privacy & telemetry
+
+prismodev is local-first. Most commands (`doctor`, `watch`, `scan`, `shield`, `repair`, `enforce`, ...) read your repo and your coding tools' local logs and write files under `.prismo/`. Nothing leaves your machine unless you explicitly connect (`prismo connect --token ...`).
+
+This page lists **exactly** what the connector sends after you connect, field by field, taken from the code that builds the payloads ([`buildSyncPayload` / `sanitizeSession` in cloud-sync.js](../lib/prismo-dev/cloud-sync.js)). If the code and this page ever disagree, the code wins and the page has a bug — please file an issue.
+
+## What never leaves your machine
+
+- prompts and conversation text
+- source code and file contents
+- stdout/stderr of your commands (shield stores full output **locally** under `.prismo/shield/`)
+- full command strings from your sessions (only *counts* of repeated commands are sent)
+- file paths beyond the repo identity below (repeated-read and artifact signals are sent as counts, not paths)
+- environment variables, API keys for model providers, git history
+
+## What session sync sends (`prismo sync`, and the connector on an interval)
+
+Per machine:
+
+| field | example | note |
+|---|---|---|
+| client name/version/platform/hostname | `prismodev 0.1.42, darwin arm64, Shans-MacBook-Air.local` | hostname identifies the device in your workspace |
+
+Repo identity (so the dashboard can group by project):
+
+| field | example |
+|---|---|
+| repo folder name | `prismodev` |
+| git remote, credentials stripped | `github.com/you/repo` |
+| current branch + short commit | `main`, `abc123def456` |
+| current branch's PR number + state, when the `gh` CLI is installed and authenticated | `#142, merged` |
+
+Per session (numbers and category labels only):
+
+| field | example |
+|---|---|
+| session id, tool, model | `claude-code`, `sonnet` |
+| session title | whatever your coding tool stored as the session title — usually a short task summary. If your titles are sensitive, know that they sync. |
+| timestamps, turns, tool-call counts | `18 turns, 42 tool calls` |
+| token totals | display/context/exact/tool-output token counts |
+| waste estimate | wasted tokens, waste percent, top cause label (e.g. `tool-output-flood`) |
+| signals | counts of repeated file reads, artifact mentions, repeated commands; loop suspicion boolean |
+
+Plus a repo scan summary (score, risk level, issue counts — not file contents) and the aggregate totals of the above.
+
+## What other connector calls send
+
+- **heartbeat** — agent version, mode, online/offline, device name
+- **action status** — for each workspace action: status, a one-line status message, and a result object (counts, scores, generated `.prismo/` file *names*)
+- **guard events** — prevention event category, token counts, cause label
+- **auto-detect / self-repair reports** — finding categories and messages generated by prismodev itself
+
+## Fleet learning is counts-only
+
+The fleet priors endpoint aggregates repair verdicts across all customers as `cause x tier -> attempts / improved`. The aggregate contains **no** org ids, user ids, repo names, branches, or labels — it is six numbers per cause. Your connector reads this aggregate; it cannot read anything about other customers.
+
+## Runtime enforcement is fully local
+
+`prismo enforce` hooks run on your machine, decide locally against `.prismo/blocked-context.txt` and `.prismo/enforce-state.json`, and send nothing anywhere. Denial counts stay in the local state file.
+
+## Verify it yourself
+
+```bash
+npx getprismo sync --dry-run --json   # prints the exact payload without sending it
+```
+
+That command is the contract: what you see there is the entirety of what `sync` would send.

package/lib/prismo-dev/agent.js

@@ -15,6 +15,7 @@ module.exports = function createAgent(deps) {
     openUrl,
     repairExecutors,
     repairPlanner,
+    getUsageSummary,
   } = deps;
 
   const DEFAULT_WORKSPACE_URL = "https://getprismo.dev/dashboard/dev";
@@ -117,6 +118,29 @@ module.exports = function createAgent(deps) {
     return rootDir;
   }
 
+  function repoPayload(rootDir) {
+    return { pathBasename: path.basename(path.resolve(rootDir || process.cwd())) };
+  }
+
+  function safeReadJson(filePath) {
+    try {
+      if (!fs.existsSync(filePath)) return null;
+      return JSON.parse(fs.readFileSync(filePath, "utf8"));
+    } catch {
+      return null;
+    }
+  }
+
+  function enforceStatePath(rootDir) {
+    return path.join(path.resolve(rootDir || process.cwd()), ".prismo", "enforce-state.json");
+  }
+
+  function summarizeCommand(command) {
+    const value = String(command || "").replace(/\s+/g, " ").trim();
+    if (!value) return "a repeated command";
+    return value.length > 90 ? `${value.slice(0, 87)}...` : value;
+  }
+
   async function updateAction(config, actionId, payload, options = {}) {
     const endpoint = options.endpoint || `${apiBase(config)}/v1/dev/workspace/actions/${actionId}`;
     const response = await requestJson("PATCH", endpoint, config.token, payload, options.timeoutMs || 15000);
@@ -142,6 +166,103 @@ module.exports = function createAgent(deps) {
     return response.data;
   }
 
+  async function sendLiveEvent(config, event, options = {}) {
+    const endpoint = options.liveEventEndpoint || `${apiBase(config)}/v1/dev/workspace/live-events`;
+    try {
+      const body = {
+        phase: "watching",
+        eventType: "status",
+        severity: "info",
+        occurredAt: new Date().toISOString(),
+        ...event,
+      };
+      await requestJson("POST", endpoint, config.token, body, options.timeoutMs || 5000);
+      return true;
+    } catch (_) {
+      return false;
+    }
+  }
+
+  async function publishClaudeLoopStops(config, rootDir, repo, options = {}) {
+    const state = safeReadJson(enforceStatePath(rootDir));
+    const stops = Array.isArray(state?.loopStops) ? state.loopStops : [];
+    if (!stops.length) return 0;
+    let sent = 0;
+    for (const stop of stops.slice(0, 10)) {
+      const ok = await sendLiveEvent(config, {
+        eventId: stop.eventId || `claude-loop-stop-${stop.at || Date.now()}`,
+        phase: "stopped",
+        eventType: "loop_stopped",
+        severity: "success",
+        headline: "Stopped a Claude Code retry loop",
+        detail: `${summarizeCommand(stop.command)} was blocked after ${stop.failures || stop.attempts || 3} repeated ${stop.failures ? "failure" : "attempt"}${(stop.failures || stop.attempts || 3) === 1 ? "" : "s"}.`,
+        repo,
+        targetCause: "context-loop",
+        tokensPrevented: Number(stop.estimatedTokensSaved || 0),
+        occurredAt: stop.at || new Date().toISOString(),
+        payload: {
+          tool: "claude-code",
+          reason: stop.reason || "repeated-command",
+          sessionId: stop.sessionId || null,
+          rawPrompts: false,
+          rawCode: false,
+          rawStdout: false,
+          rawStderr: false,
+        },
+      }, options);
+      if (ok) sent += 1;
+    }
+    return sent;
+  }
+
+  async function publishAgentLoopSignals(config, rootDir, repo, options = {}) {
+    if (!getUsageSummary) return 0;
+    let summary = null;
+    try {
+      summary = getUsageSummary({ cwd: rootDir, limit: options.loopSignalLimit || 8, tool: "all" });
+    } catch {
+      return 0;
+    }
+    const sessions = Array.isArray(summary?.sessions) ? summary.sessions : [];
+    let sent = 0;
+    for (const session of sessions) {
+      const tool = String(session.tool || "unknown").toLowerCase();
+      if (!tool.includes("codex") && !tool.includes("cursor")) continue;
+      const repeated = Array.isArray(session.repeatedCommands)
+        ? session.repeatedCommands.filter((item) => Number(item.count || 0) >= 3)
+        : [];
+      if (!session.loopSuspicion && repeated.length === 0) continue;
+      const command = repeated[0]?.value || null;
+      const count = Number(repeated[0]?.count || 0);
+      const eventTool = tool.includes("codex") ? "codex" : "cursor";
+      const sessionId = String(session.sessionId || session.updatedAt || eventTool);
+      const ok = await sendLiveEvent(config, {
+        eventId: `${eventTool}-loop-detected-${sessionId.replace(/[^a-z0-9_-]/gi, "").slice(0, 48)}-${count || "suspicion"}`,
+        phase: "detected",
+        eventType: "loop_detected",
+        severity: "warning",
+        headline: `${eventTool === "codex" ? "Codex" : "Cursor"} loop pattern detected`,
+        detail: command
+          ? `${summarizeCommand(command)} appeared ${count} times. Prismo can stage guard or shield repairs, but this integration cannot hard-block that agent yet.`
+          : "Repeated tool activity suggests a loop. Prismo can stage guard repairs, but this integration cannot hard-block that agent yet.",
+        repo,
+        targetCause: "context-loop",
+        occurredAt: session.updatedAt || new Date().toISOString(),
+        payload: {
+          tool: eventTool,
+          repeatedCommandCount: count,
+          loopSuspicion: Boolean(session.loopSuspicion),
+          rawPrompts: false,
+          rawCode: false,
+          rawStdout: false,
+          rawStderr: false,
+        },
+      }, options);
+      if (ok) sent += 1;
+    }
+    return sent;
+  }
+
   function runAutoDetect(rootDir, options = {}) {
     const mode = options.mode || "autopilot";
     const startedAt = new Date().toISOString();
@@ -417,23 +538,72 @@ module.exports = function createAgent(deps) {
 
     const mode = options.mode || "autopilot";
     const pollTime = new Date().toISOString();
+    const repo = repoPayload(rootDir);
 
     try {
       await sendHeartbeat(config, { mode, status: "online", lastPollAt: pollTime }, options);
     } catch (_) {}
+    await sendLiveEvent(config, {
+      eventId: `heartbeat-${repo.pathBasename}-${pollTime.slice(0, 16)}`,
+      phase: "watching",
+      eventType: "heartbeat",
+      headline: "Connector is watching this repo",
+      detail: `Mode: ${mode}. Polling for safe repairs and syncing telemetry.`,
+      repo,
+    }, options);
+    await publishClaudeLoopStops(config, rootDir, repo, options);
+    await publishAgentLoopSignals(config, rootDir, repo, options);
 
     let autoDetectResult = null;
     if (options.autoDetect) {
       autoDetectResult = runAutoDetect(rootDir, { mode });
       await reportAutoDetect(config, autoDetectResult, options);
+      await sendLiveEvent(config, {
+        eventId: `auto-detect-${repo.pathBasename}-${autoDetectResult.completedAt || pollTime}`,
+        phase: autoDetectResult.applied ? "fixed" : "detected",
+        eventType: "auto_detect",
+        severity: autoDetectResult.findings.length ? "warning" : "info",
+        headline: autoDetectResult.applied ? "Auto-detect applied safe context fixes" : "Auto-detect scanned the repo",
+        detail: `Score: ${autoDetectResult.score ?? "unknown"}/100. Findings: ${autoDetectResult.findings.length}. Generated ${autoDetectResult.generatedFiles.length} file(s).`,
+        repo,
+        payload: {
+          score: autoDetectResult.score,
+          findings: autoDetectResult.findings.length,
+          generatedFiles: autoDetectResult.generatedFiles,
+          rawPrompts: false,
+          rawCode: false,
+        },
+      }, options);
     }
 
     const actions = await claimActions(config, options);
+    if (actions.length > 0) {
+      await sendLiveEvent(config, {
+        eventId: `actions-claimed-${repo.pathBasename}-${pollTime}`,
+        phase: "detected",
+        eventType: "action_claimed",
+        severity: "info",
+        headline: `Claimed ${actions.length} repair action${actions.length === 1 ? "" : "s"}`,
+        detail: "The local connector is about to apply queued repairs from the workspace.",
+        repo,
+      }, options);
+    }
     const results = [];
     for (const action of actions) {
       if (TERMINAL_STATUSES.has(action.status)) continue;
 
       if (mode === "observe") {
+        await sendLiveEvent(config, {
+          eventId: `action-observed-${action.id}`,
+          phase: "detected",
+          eventType: "action_observed",
+          headline: action.label || "Repair observed",
+          detail: "Observe mode is on, so Prismo did not execute this repair.",
+          repo,
+          actionId: action.id,
+          actionType: action.actionType,
+          targetCause: action.targetCause,
+        }, options);
         results.push({ id: action.id, label: action.label, status: "observed", statusMessage: "Agent is in observe mode. Action not executed." });
         continue;
       }
@@ -443,6 +613,17 @@ module.exports = function createAgent(deps) {
           status: "pending_approval",
           statusMessage: "Agent recommends this action. Waiting for approval in workspace.",
         }, options);
+        await sendLiveEvent(config, {
+          eventId: `action-suggested-${action.id}`,
+          phase: "detected",
+          eventType: "action_suggested",
+          headline: action.label || "Repair needs approval",
+          detail: "Suggest mode is on, so Prismo is waiting for dashboard approval.",
+          repo,
+          actionId: action.id,
+          actionType: action.actionType,
+          targetCause: action.targetCause,
+        }, options);
         results.push({ id: action.id, label: action.label, status: "pending_approval", statusMessage: "Suggested; awaiting approval." });
         continue;
       }
@@ -451,8 +632,39 @@ module.exports = function createAgent(deps) {
         status: "running",
         statusMessage: "Running locally through PrismoDev agent.",
       }, options);
+      await sendLiveEvent(config, {
+        eventId: `action-running-${action.id}`,
+        phase: "detected",
+        eventType: "action_running",
+        headline: action.label || "Repair is running locally",
+        detail: "The connector is applying this repair in your repo now.",
+        repo,
+        actionId: action.id,
+        actionType: action.actionType,
+        targetCause: action.targetCause,
+      }, options);
       const result = await executeAction(action, rootDir, { ...options, _config: config });
       await updateAction(config, action.id, result, options);
+      await sendLiveEvent(config, {
+        eventId: `action-${result.status}-${action.id}`,
+        phase: result.status === "completed" ? "fixed" : "detected",
+        eventType: "action_completed",
+        severity: result.status === "completed" ? "success" : "warning",
+        headline: result.status === "completed" ? `${action.label || "Repair"} applied` : `${action.label || "Repair"} did not complete`,
+        detail: result.statusMessage || null,
+        repo,
+        actionId: action.id,
+        actionType: action.actionType,
+        targetCause: action.targetCause,
+        payload: {
+          status: result.status,
+          result: result.result || null,
+          rawPrompts: false,
+          rawCode: false,
+          rawStdout: false,
+          rawStderr: false,
+        },
+      }, options);
       results.push({ id: action.id, label: action.label, ...result });
     }
 
@@ -478,6 +690,27 @@ module.exports = function createAgent(deps) {
           : false;
         plannerResult.registered = registered;
         if (!registered) await reportPlanner(config, plannerResult, mode, options);
+        await sendLiveEvent(config, {
+          eventId: plannerResult.decision
+            ? `self-repair-${plannerResult.decision.cause}-${plannerResult.generatedAt || pollTime}`
+            : `self-repair-none-${repo.pathBasename}-${pollTime.slice(0, 16)}`,
+          phase: plannerResult.executed ? "fixed" : "watching",
+          eventType: "self_repair",
+          severity: plannerResult.decision ? "info" : "info",
+          headline: plannerResult.decision ? `Self-repair checked ${plannerResult.decision.cause}` : "Self-repair found nothing to run",
+          detail: plannerResult.decision
+            ? (plannerResult.outcome?.statusMessage || plannerResult.decision.reason)
+            : "Current sessions do not need another automated repair.",
+          repo,
+          targetCause: plannerResult.decision?.cause || null,
+          payload: {
+            decision: plannerResult.decision || null,
+            executed: Boolean(plannerResult.executed),
+            registered: Boolean(plannerResult.registered),
+            rawPrompts: false,
+            rawCode: false,
+          },
+        }, options);
       } catch (error) {
         plannerResult = { error: error && error.message ? error.message : String(error) };
       }
@@ -493,11 +726,39 @@ module.exports = function createAgent(deps) {
           estimatedWastedTokens: Number(result.aggregate?.estimatedWastedTokens || 0),
           wastePercent: Number(result.aggregate?.wastePercent || 0),
         };
+        await sendLiveEvent(config, {
+          eventId: `sync-${repo.pathBasename}-${new Date().toISOString().slice(0, 16)}`,
+          phase: "watching",
+          eventType: "sync",
+          severity: result.synced ? "info" : "warning",
+          headline: result.synced ? "Telemetry synced" : "Telemetry sync did not complete",
+          detail: result.synced
+            ? `${syncResult.sessions} session(s), ${syncResult.estimatedWastedTokens.toLocaleString()} likely wasted tokens.`
+            : (result.error || "Sync did not complete."),
+          repo,
+          tokensObserved: Number(result.aggregate?.displayTokens || result.aggregate?.contextTokens || result.aggregate?.exactTokens || 0),
+          payload: {
+            aggregate: result.aggregate || null,
+            rawPrompts: false,
+            rawCode: false,
+            rawStdout: false,
+            rawStderr: false,
+          },
+        }, options);
       } catch (error) {
         syncResult = {
           synced: false,
           error: error && error.message ? error.message : String(error),
         };
+        await sendLiveEvent(config, {
+          eventId: `sync-failed-${repo.pathBasename}-${new Date().toISOString().slice(0, 16)}`,
+          phase: "detected",
+          eventType: "sync_failed",
+          severity: "warning",
+          headline: "Telemetry sync failed",
+          detail: syncResult.error,
+          repo,
+        }, options);
       }
     }
 
@@ -682,6 +943,7 @@ module.exports = function createAgent(deps) {
     runAgentOnce,
     runAutoDetect,
     sendHeartbeat,
+    sendLiveEvent,
     updateAction,
     VALID_MODES,
   };

package/lib/prismo-dev/cli.js

@@ -6,7 +6,7 @@ const VALID_COMMANDS = new Set([
   "connect", "sync", "status", "disconnect", "agent", "connector", "setup", "scan", "digest",
   "optimize", "context", "cc", "cursor", "receipt", "instructions",
   "timeline", "replay", "boundaries", "usage", "guard", "watch", "demo", "repair",
-  "enforce", "hook",
+  "enforce", "bridge", "hook",
 ]);
 
 function parseTokenBudget(value) {
@@ -76,6 +76,7 @@ function createCli(deps) {
     runRepair,
     renderPlannerTerminal,
     runPlannerOnce,
+    decidePostToolUse,
     decidePreToolUse,
     renderEnforceTerminal,
     runEnforceInstall,
@@ -150,7 +151,7 @@ function createCli(deps) {
       return;
     }
     if (!VALID_COMMANDS.has(command)) {
-      throw new Error(`Unknown command: ${command}. Try: prismo connect, prismo connector, prismo agent, prismo guard, prismo sync, prismo doctor, prismo watch, prismo receipt, prismo benchmark, prismo shield, prismo mcp, prismo firewall, prismo init, prismo scan, prismo optimize, prismo context, prismo cc, prismo cursor, or prismo usage`);
+      throw new Error(`Unknown command: ${command}. Try: prismo connect, prismo connector, prismo bridge, prismo agent, prismo guard, prismo sync, prismo doctor, prismo watch, prismo receipt, prismo benchmark, prismo shield, prismo mcp, prismo firewall, prismo init, prismo scan, prismo optimize, prismo context, prismo cc, prismo cursor, or prismo usage`);
     }
 
     if (command === "demo") {
@@ -822,13 +823,16 @@ function createCli(deps) {
 
     if (command === "hook") {
       const subcommand = (rest[0] || "").toLowerCase();
-      if (subcommand !== "pretooluse") {
+      if (subcommand !== "pretooluse" && subcommand !== "posttooluse") {
         printCommandHelp("enforce");
         return;
       }
       const chunks = [];
       for await (const chunk of process.stdin) chunks.push(chunk);
-      const decision = decidePreToolUse(process.cwd(), Buffer.concat(chunks).toString("utf8"));
+      const raw = Buffer.concat(chunks).toString("utf8");
+      const decision = subcommand === "pretooluse"
+        ? decidePreToolUse(process.cwd(), raw)
+        : decidePostToolUse(process.cwd(), raw);
       if (decision) console.log(JSON.stringify(decision));
       return;
     }
@@ -847,6 +851,70 @@ function createCli(deps) {
       return;
     }
 
+    if (command === "bridge") {
+      const json = rest.includes("--json");
+      const target = getPositionals(rest, new Set())[0] || process.cwd();
+      const result = {
+        schemaVersion: 1,
+        command: "bridge",
+        optional: true,
+        root: path.resolve(target),
+        why: "The connector observes, repairs, and verifies by default. Bridge mode is optional when you want Prismo closer to the agent execution path so loops and blocked context can be stopped earlier.",
+        defaultMode: {
+          name: "connector",
+          command: `${NPX_COMMAND} connector install`,
+          behavior: "syncs telemetry, applies safe repairs, and shows live events without sitting in front of every agent action",
+        },
+        agents: [
+          {
+            tool: "Claude Code",
+            level: "hard-block",
+            command: `${NPX_COMMAND} enforce install`,
+            behavior: "uses Claude hooks to deny blocked-context reads and repeated failing command loops before they run",
+          },
+          {
+            tool: "Codex",
+            level: "detect-and-repair",
+            command: `${NPX_COMMAND} mcp`,
+            behavior: "Prismo can detect loops from local sessions and expose tools via MCP/shield; universal hard-blocking needs a Codex pre-tool hook or wrapper",
+          },
+          {
+            tool: "Cursor",
+            level: "detect-and-repair",
+            command: `${NPX_COMMAND} mcp`,
+            behavior: "Prismo can detect loop patterns from Cursor telemetry and stage repairs; universal hard-blocking needs a Cursor pre-tool hook or wrapper",
+          },
+        ],
+        privacy: {
+          rawPrompts: false,
+          rawCode: false,
+          rawStdout: false,
+          rawStderr: false,
+        },
+      };
+      if (json) console.log(JSON.stringify(result, null, 2));
+      else {
+        console.log("");
+        console.log("PrismoDev Bridge");
+        console.log("");
+        console.log("Optional control layer for teams that want stronger live interception.");
+        console.log("");
+        console.log(`Default connector: ${result.defaultMode.command}`);
+        console.log(`  ${result.defaultMode.behavior}`);
+        console.log("");
+        console.log("Agent control levels");
+        result.agents.forEach((agent) => {
+          console.log(`- ${agent.tool}: ${agent.level}`);
+          console.log(`  ${agent.behavior}`);
+          console.log(`  Start with: ${agent.command}`);
+        });
+        console.log("");
+        console.log("Why this exists");
+        console.log(`  ${result.why}`);
+      }
+      return;
+    }
+
     if (command === "usage" || command === "watch") {
       const json = rest.includes("--json");
       const knownTools = new Set(["codex", "claude", "cursor", "all"]);

package/lib/prismo-dev/cloud-sync.js

@@ -65,6 +65,27 @@ module.exports = function createCloudSync(deps) {
     }
   }
 
+  // Best-effort PR linkage for the current branch via the GitHub CLI, so
+  // branch costs can roll up to cost-per-merged-PR. Silently absent when gh
+  // is not installed, not authenticated, or the branch has no PR.
+  function detectPullRequest(root) {
+    try {
+      const { spawnSync } = require("child_process");
+      const result = spawnSync("gh", ["pr", "view", "--json", "number,state"], {
+        cwd: root,
+        encoding: "utf8",
+        timeout: 4000,
+        stdio: ["ignore", "pipe", "ignore"],
+      });
+      if (result.status !== 0) return null;
+      const parsed = JSON.parse(String(result.stdout || ""));
+      if (!parsed || typeof parsed.number !== "number") return null;
+      return { number: parsed.number, state: String(parsed.state || "").toLowerCase() || null };
+    } catch {
+      return null;
+    }
+  }
+
   function repoIdentity(root) {
     const resolved = path.resolve(root || process.cwd());
     const remote = runGit(resolved, ["config", "--get", "remote.origin.url"]);
@@ -75,6 +96,7 @@ module.exports = function createCloudSync(deps) {
       remote: redactRemote(remote),
       branch: branch || null,
       commit: commit || null,
+      pr: detectPullRequest(resolved),
     };
   }
 
@@ -386,6 +408,18 @@ module.exports = function createCloudSync(deps) {
     const base = String(config.apiUrl || DEFAULT_API_URL).replace(/\/$/, "");
     const days = Math.max(1, Number(options.days || 7));
     const endpoint = options.endpoint || `${base}/v1/dev/workspace/digest/agent?days=${encodeURIComponent(days)}`;
+    // Local enforcement stats never sync; fold them into the digest here.
+    let localEnforcement = null;
+    try {
+      const statePath = path.join(options.cwd || process.cwd(), ".prismo", "enforce-state.json");
+      const denials = (JSON.parse(fs.readFileSync(statePath, "utf8")).denials) || null;
+      if (denials && denials.total > 0) {
+        localEnforcement = {
+          denials: denials.total,
+          estimatedTokensSaved: denials.estimatedTokensSaved || 0,
+        };
+      }
+    } catch {}
     try {
       const response = await requestJson("GET", endpoint, config.token, null, options.timeoutMs || 10000);
       return {
@@ -394,6 +428,7 @@ module.exports = function createCloudSync(deps) {
         connected: true,
         apiUrl: base,
         digest: response.data,
+        localEnforcement,
       };
     } catch (error) {
       return {
@@ -423,7 +458,13 @@ module.exports = function createCloudSync(deps) {
       lines.push(`Could not load digest${result.error ? `: ${result.error}` : "."}`);
       return lines.join("\n");
     }
-    (result.digest.lines || [result.digest.headline]).forEach((line) => lines.push(line));
+    const reportLines = result.digest.launchReportLines && result.digest.launchReportLines.length
+      ? result.digest.launchReportLines
+      : (result.digest.lines || [result.digest.headline]);
+    reportLines.forEach((line) => lines.push(line));
+    if (result.localEnforcement) {
+      lines.push(`Local enforcement: ${result.localEnforcement.denials} denial(s), ~${result.localEnforcement.estimatedTokensSaved.toLocaleString()} tokens kept out of context on this machine.`);
+    }
     return lines.join("\n");
   }
 

package/lib/prismo-dev/connector.js

@@ -8,9 +8,9 @@ module.exports = function createConnector(deps) {
   } = deps;
 
   const LABEL = "dev.getprismo.connector";
-  const BACKGROUND_COMMAND = String(NPX_COMMAND || "").includes(" -y ")
+  const BACKGROUND_COMMAND = process.env.PRISMO_CONNECTOR_COMMAND || (String(NPX_COMMAND || "").includes(" -y ")
     ? NPX_COMMAND
-    : "npx -y getprismo@latest";
+    : "npx -y getprismo@latest");
 
   function prismoHome() {
     return process.env.PRISMO_HOME || path.join(os.homedir(), ".prismo");
@@ -87,6 +87,7 @@ module.exports = function createConnector(deps) {
     const contents = [
       "#!/bin/sh",
       "set -eu",
+      "export PATH=\"/opt/homebrew/bin:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:$PATH\"",
       `cd ${shellEscape(root)}`,
       `exec ${command}`,
       "",

package/lib/prismo-dev/enforce.js

@@ -7,9 +7,15 @@ module.exports = function createEnforce(deps) {
   } = deps;
 
   const HOOK_COMMAND = `${NPX_COMMAND} hook pretooluse`;
+  const POST_HOOK_COMMAND = `${NPX_COMMAND} hook posttooluse`;
   const FILE_TOOLS = new Set(["Read", "Glob", "Grep", "NotebookRead"]);
   const MAX_IDENTICAL_COMMANDS = 3;
+  const MAX_COMMAND_FAILURES = 3;
   const MAX_TRACKED_SESSIONS = 8;
+  const DENIAL_LOG_LIMIT = 50;
+  // Conservative token estimate for a denied loop retry (one round of
+  // command output that never entered context).
+  const LOOP_DENY_TOKEN_ESTIMATE = 2000;
 
   function blockedContextPath(root) {
     return path.join(root, ".prismo", "blocked-context.txt");
@@ -49,6 +55,72 @@ module.exports = function createEnforce(deps) {
     fs.writeFileSync(filePath, `${JSON.stringify(state, null, 2)}\n`, "utf8");
   }
 
+  // Command records were plain attempt counters before outcome tracking;
+  // normalize either shape to {attempts, failures, succeeded, outcomes}.
+  function commandRecord(session, command) {
+    const existing = session.commands[command];
+    if (existing && typeof existing === "object") {
+      return { attempts: 0, failures: 0, succeeded: false, outcomes: 0, ...existing };
+    }
+    return { attempts: Number(existing || 0), failures: 0, succeeded: false, outcomes: 0 };
+  }
+
+  function sessionRecord(state, sessionId) {
+    const sessions = state.sessions || {};
+    state.sessions = sessions;
+    const session = sessions[sessionId] || { commands: {}, updatedAt: null };
+    sessions[sessionId] = session;
+    return session;
+  }
+
+  function pruneSessions(state) {
+    const sessions = state.sessions || {};
+    const ids = Object.keys(sessions)
+      .sort((a, b) => String(sessions[b].updatedAt || "").localeCompare(String(sessions[a].updatedAt || "")));
+    state.sessions = Object.fromEntries(ids.slice(0, MAX_TRACKED_SESSIONS).map((id) => [id, sessions[id]]));
+  }
+
+  function recordDenial(root, state, rule, target, estimatedTokens) {
+    const denials = state.denials || { total: 0, blockedContext: 0, loops: 0, estimatedTokensSaved: 0, recent: [] };
+    denials.total += 1;
+    if (rule === "blocked-context") denials.blockedContext += 1;
+    if (rule === "loop") denials.loops += 1;
+    denials.estimatedTokensSaved += Math.max(0, Math.round(estimatedTokens));
+    denials.recent = [{ at: new Date().toISOString(), rule, target }, ...(denials.recent || [])].slice(0, DENIAL_LOG_LIMIT);
+    state.denials = denials;
+    writeState(root, state);
+  }
+
+  function recordLoopStop(root, state, payload) {
+    const loopStops = Array.isArray(state.loopStops) ? state.loopStops : [];
+    const at = new Date().toISOString();
+    const command = String(payload.command || "").slice(0, 240);
+    const reason = payload.reason || "repeated-command";
+    const sessionId = payload.sessionId || "unknown";
+    const eventId = `claude-loop-stop-${sessionId}-${Buffer.from(`${reason}:${command}`).toString("base64").replace(/[^a-z0-9]/gi, "").slice(0, 24)}-${at.slice(0, 16)}`;
+    state.loopStops = [{
+      eventId,
+      at,
+      tool: "claude-code",
+      command,
+      reason,
+      failures: payload.failures || 0,
+      attempts: payload.attempts || 0,
+      estimatedTokensSaved: LOOP_DENY_TOKEN_ESTIMATE,
+      sessionId,
+    }, ...loopStops].slice(0, DENIAL_LOG_LIMIT);
+    writeState(root, state);
+  }
+
+  function estimateBlockedFileTokens(root, target) {
+    try {
+      const fullPath = path.isAbsolute(target) ? target : path.join(root, target);
+      const stat = fs.statSync(fullPath);
+      if (stat.isFile()) return Math.min(200000, Math.round(stat.size / 4));
+    } catch {}
+    return 1500;
+  }
+
   function relativePath(root, filePath) {
     const value = String(filePath || "");
     const resolvedRoot = path.resolve(root);
@@ -107,6 +179,7 @@ module.exports = function createEnforce(deps) {
         const patterns = readBlockedPatterns(root);
         const hit = patterns.find((pattern) => matchesBlocked(relPath, pattern));
         if (hit) {
+          recordDenial(root, readState(root), "blocked-context", relPath, estimateBlockedFileTokens(root, target));
           return deny(
             `Prismo context firewall: "${relPath}" is blocked context (rule: ${hit}). `
             + "It is generated output that wastes agent tokens. Use the .prismo/ context packs instead, "
@@ -121,22 +194,37 @@ module.exports = function createEnforce(deps) {
         if (!command) return null;
         const sessionId = String(event.session_id || "unknown");
         const state = readState(root);
-        const sessions = state.sessions || {};
-        const session = sessions[sessionId] || { commands: {}, updatedAt: null };
-        const count = Number(session.commands[command] || 0);
-        if (count >= MAX_IDENTICAL_COMMANDS) {
+        const session = sessionRecord(state, sessionId);
+        const record = commandRecord(session, command);
+
+        // Outcome-aware loop breaking: a command that ever succeeded in
+        // this session is legitimate to repeat (test loops while iterating).
+        // With outcome data, deny only after repeated failures; without it
+        // (PostToolUse hook absent), fall back to attempt counting.
+        const deniedByFailures = !record.succeeded && record.outcomes > 0 && record.failures >= MAX_COMMAND_FAILURES;
+        const deniedByAttempts = record.outcomes === 0 && record.attempts >= MAX_IDENTICAL_COMMANDS;
+        if (deniedByFailures || deniedByAttempts) {
+          recordDenial(root, state, "loop", command, LOOP_DENY_TOKEN_ESTIMATE);
+          recordLoopStop(root, state, {
+            command,
+            sessionId,
+            reason: deniedByFailures ? "repeated-failing-command" : "repeated-identical-command",
+            failures: record.failures,
+            attempts: record.attempts,
+          });
+          const observation = deniedByFailures
+            ? `this exact command has already failed ${record.failures} times in this session`
+            : `this exact command has already run ${record.attempts} times in this session`;
           return deny(
-            `Prismo loop breaker: this exact command has already run ${count} times in this session. `
+            `Prismo loop breaker: ${observation}. `
             + "Repeating it again will not change the outcome and floods context. Change the approach, "
             + `or capture its output once with \`${NPX_COMMAND} shield -- ${command}\`.`
           );
         }
-        session.commands[command] = count + 1;
+        record.attempts += 1;
+        session.commands[command] = record;
         session.updatedAt = new Date().toISOString();
-        sessions[sessionId] = session;
-        const ids = Object.keys(sessions)
-          .sort((a, b) => String(sessions[b].updatedAt || "").localeCompare(String(sessions[a].updatedAt || "")));
-        state.sessions = Object.fromEntries(ids.slice(0, MAX_TRACKED_SESSIONS).map((id) => [id, sessions[id]]));
+        pruneSessions(state);
         writeState(root, state);
         return null;
       }
@@ -146,6 +234,48 @@ module.exports = function createEnforce(deps) {
     return null;
   }
 
+  // PostToolUse: record whether the Bash command actually failed, so the
+  // loop breaker can tell a failing retry loop from a legitimate test loop.
+  // Output shape varies by Claude Code version; unknown shapes record
+  // nothing rather than guessing.
+  function decidePostToolUse(rootDir, rawEvent) {
+    let event;
+    try {
+      event = typeof rawEvent === "string" ? JSON.parse(rawEvent) : rawEvent;
+    } catch {
+      return null;
+    }
+    if (!event || typeof event !== "object" || String(event.tool_name || "") !== "Bash") return null;
+    const toolInput = event.tool_input && typeof event.tool_input === "object" ? event.tool_input : {};
+    const command = String(toolInput.command || "").trim().replace(/\s+/g, " ");
+    if (!command) return null;
+
+    const response = event.tool_response;
+    let failed = null;
+    if (response && typeof response === "object") {
+      if (typeof response.exit_code === "number") failed = response.exit_code !== 0;
+      else if (typeof response.exitCode === "number") failed = response.exitCode !== 0;
+      else if (typeof response.is_error === "boolean") failed = response.is_error;
+      else if (response.interrupted === true) failed = true;
+    }
+    if (failed === null) return null;
+
+    try {
+      const root = path.resolve(event.cwd || rootDir || process.cwd());
+      const state = readState(root);
+      const session = sessionRecord(state, String(event.session_id || "unknown"));
+      const record = commandRecord(session, command);
+      record.outcomes += 1;
+      if (failed) record.failures += 1;
+      else record.succeeded = true;
+      session.commands[command] = record;
+      session.updatedAt = new Date().toISOString();
+      pruneSessions(state);
+      writeState(root, state);
+    } catch {}
+    return null;
+  }
+
   function readSettings(root) {
     try {
       const parsed = JSON.parse(fs.readFileSync(settingsPath(root), "utf8"));
@@ -157,7 +287,8 @@ module.exports = function createEnforce(deps) {
 
   function isPrismoHookEntry(entry) {
     try {
-      return JSON.stringify(entry).includes("hook pretooluse");
+      const text = JSON.stringify(entry);
+      return text.includes("hook pretooluse") || text.includes("hook posttooluse");
     } catch {
       return false;
     }
@@ -181,23 +312,33 @@ module.exports = function createEnforce(deps) {
     const filePath = settingsPath(root);
     const settings = readSettings(root);
     settings.hooks = settings.hooks && typeof settings.hooks === "object" ? settings.hooks : {};
-    const entries = Array.isArray(settings.hooks.PreToolUse) ? settings.hooks.PreToolUse : [];
-    if (entries.some(isPrismoHookEntry)) {
-      actions.push("Prismo PreToolUse hook already installed in .claude/settings.json");
+    const preEntries = Array.isArray(settings.hooks.PreToolUse) ? settings.hooks.PreToolUse : [];
+    const postEntries = Array.isArray(settings.hooks.PostToolUse) ? settings.hooks.PostToolUse : [];
+    if (preEntries.some(isPrismoHookEntry) && postEntries.some(isPrismoHookEntry)) {
+      actions.push("Prismo hooks already installed in .claude/settings.json");
     } else {
       const existed = fs.existsSync(filePath);
       if (existed) {
         fs.copyFileSync(filePath, `${filePath}.prismo-backup`);
         actions.push("Backed up .claude/settings.json to settings.json.prismo-backup");
       }
-      entries.push({
-        matcher: "Read|Glob|Grep|NotebookRead|Bash",
-        hooks: [{ type: "command", command: HOOK_COMMAND }],
-      });
-      settings.hooks.PreToolUse = entries;
+      if (!preEntries.some(isPrismoHookEntry)) {
+        preEntries.push({
+          matcher: "Read|Glob|Grep|NotebookRead|Bash",
+          hooks: [{ type: "command", command: HOOK_COMMAND }],
+        });
+      }
+      if (!postEntries.some(isPrismoHookEntry)) {
+        postEntries.push({
+          matcher: "Bash",
+          hooks: [{ type: "command", command: POST_HOOK_COMMAND }],
+        });
+      }
+      settings.hooks.PreToolUse = preEntries;
+      settings.hooks.PostToolUse = postEntries;
       fs.mkdirSync(path.dirname(filePath), { recursive: true });
       fs.writeFileSync(filePath, `${JSON.stringify(settings, null, 2)}\n`, "utf8");
-      actions.push(`${existed ? "Updated" : "Created"} .claude/settings.json with the Prismo PreToolUse hook`);
+      actions.push(`${existed ? "Updated" : "Created"} .claude/settings.json with the Prismo PreToolUse + PostToolUse hooks`);
     }
 
     return {
@@ -216,15 +357,21 @@ module.exports = function createEnforce(deps) {
     const filePath = settingsPath(root);
     const settings = readSettings(root);
     const actions = [];
-    const entries = settings.hooks && Array.isArray(settings.hooks.PreToolUse) ? settings.hooks.PreToolUse : [];
-    const kept = entries.filter((entry) => !isPrismoHookEntry(entry));
-    if (kept.length !== entries.length) {
-      if (kept.length) settings.hooks.PreToolUse = kept;
-      else if (settings.hooks) delete settings.hooks.PreToolUse;
+    let removed = false;
+    for (const eventName of ["PreToolUse", "PostToolUse"]) {
+      const entries = settings.hooks && Array.isArray(settings.hooks[eventName]) ? settings.hooks[eventName] : [];
+      const kept = entries.filter((entry) => !isPrismoHookEntry(entry));
+      if (kept.length !== entries.length) {
+        removed = true;
+        if (kept.length) settings.hooks[eventName] = kept;
+        else if (settings.hooks) delete settings.hooks[eventName];
+      }
+    }
+    if (removed) {
       fs.writeFileSync(filePath, `${JSON.stringify(settings, null, 2)}\n`, "utf8");
-      actions.push("Removed the Prismo PreToolUse hook from .claude/settings.json");
+      actions.push("Removed the Prismo hooks from .claude/settings.json");
     } else {
-      actions.push("No Prismo PreToolUse hook found in .claude/settings.json");
+      actions.push("No Prismo hooks found in .claude/settings.json");
     }
     return {
       schemaVersion: 1,
@@ -239,6 +386,7 @@ module.exports = function createEnforce(deps) {
   function runEnforceStatus(rootDir = process.cwd()) {
     const root = path.resolve(rootDir);
     const state = readState(root);
+    const denials = state.denials || { total: 0, blockedContext: 0, loops: 0, estimatedTokensSaved: 0 };
     return {
       schemaVersion: 1,
       command: "enforce",
@@ -246,6 +394,12 @@ module.exports = function createEnforce(deps) {
       installed: hookInstalled(root),
       blockedRules: readBlockedPatterns(root).length,
       trackedSessions: Object.keys(state.sessions || {}).length,
+      denials: {
+        total: denials.total || 0,
+        blockedContext: denials.blockedContext || 0,
+        loops: denials.loops || 0,
+        estimatedTokensSaved: denials.estimatedTokensSaved || 0,
+      },
       settingsPath: path.join(".claude", "settings.json"),
       generatedAt: new Date().toISOString(),
     };
@@ -260,6 +414,10 @@ module.exports = function createEnforce(deps) {
       lines.push(`Hook installed: ${result.installed ? "yes" : "no"}`);
       lines.push(`Blocked-context rules: ${result.blockedRules}`);
       lines.push(`Sessions tracked for loop breaking: ${result.trackedSessions}`);
+      if (result.denials && result.denials.total > 0) {
+        lines.push(`Denials: ${result.denials.total} (${result.denials.blockedContext} blocked-context, ${result.denials.loops} loop)`);
+        lines.push(`Estimated tokens kept out of context: ~${result.denials.estimatedTokensSaved.toLocaleString()}`);
+      }
       if (!result.installed) {
         lines.push("");
         lines.push(`Run \`${NPX_COMMAND} enforce install\` to enforce the context firewall at runtime.`);
@@ -277,6 +435,7 @@ module.exports = function createEnforce(deps) {
   }
 
   return {
+    decidePostToolUse,
     decidePreToolUse,
     matchesBlocked,
     renderEnforceTerminal,

package/lib/prismo-dev/help.js

@@ -14,6 +14,7 @@ Usage:
   prismo mcp doctor [--json] [path]
   prismo connect [--json] [--token TOKEN] [--api-url URL] [--org ORG] [--user USER] [--device NAME]
   prismo connector [status|install|start|stop|uninstall] [--json] [--interval N] [--sync-interval N] [--mode observe|suggest|autopilot] [path]
+  prismo bridge [--json] [path]
   prismo sync [--json] [--dry-run] [--watch] [--interval N] [--limit N] [--tool all|codex|claude|cursor] [path]
   prismo status [--json]
   prismo digest [--json] [--days N]
@@ -49,9 +50,10 @@ Commands:
   mcp         Start a local MCP server exposing Prismo tools over stdio.
   connect     Store a PrismoDev cloud connection for seamless dashboard sync.
   connector   Install or manage the background Prismo Workspace connector.
+  bridge     Explain optional agent bridge mode and live interception levels.
   sync        Send safe aggregate local agent telemetry to Prismo; use --watch for background-style sync.
   status      Show local PrismoDev connection and last sync state.
-  digest      Print the verified-savings summary for the last N days, ready to paste into Slack.
+  digest      Print the launch report: verified saved tokens/dollars first, with live prevention labeled estimated.
   disconnect  Remove the local PrismoDev cloud connection.
   agent       Claim and execute safe workspace actions queued from Prismo Cloud.
   scan        Run PrismoDev for Claude Code, Codex, Cursor, and AI coding workflows.
@@ -520,6 +522,24 @@ Output:
   On macOS this creates a LaunchAgent so Prismo stays online after the terminal closes.
   The connector claims safe repairs queued from Prismo Cloud, runs them locally, continuously syncs aggregate telemetry, and reports status back.
   It does not upload prompts, source code, file contents, stdout, stderr, or full command logs.`,
+  bridge: `PrismoDev Bridge
+
+Usage:
+  prismo bridge [--json] [path]
+
+Examples:
+  prismo bridge
+  prismo bridge --json
+
+What this explains:
+  Bridge mode is optional. The connector is still the default: it observes local agent sessions, applies safe queued repairs, verifies impact, and shows live events without sitting in front of every agent action.
+
+Agent control levels:
+  Claude Code can use "prismo enforce install" for hard-blocking through PreToolUse hooks.
+  Codex and Cursor can be detected and repaired through local logs, MCP, shield, and guardrails. Universal hard-blocking needs a wrapper, bridge, or deeper pre-tool hook from those agents.
+
+Privacy:
+  Bridge status does not upload raw prompts, source code, stdout, stderr, or full command logs.`,
   sync: `PrismoDev Sync
 
 Usage:

package/lib/prismo-dev-scan.js

@@ -335,6 +335,7 @@ const {
 } = repairExecutors;
 
 const {
+  decidePostToolUse,
   decidePreToolUse,
   renderEnforceTerminal,
   runEnforceInstall,
@@ -380,6 +381,7 @@ const {
   openUrl,
   repairExecutors,
   repairPlanner,
+  getUsageSummary,
 });
 
 const {
@@ -508,6 +510,7 @@ const { runCli } = require("./prismo-dev/cli")({
   runRepair,
   renderPlannerTerminal,
   runPlannerOnce,
+  decidePostToolUse,
   decidePreToolUse,
   renderEnforceTerminal,
   runEnforceInstall,
@@ -618,6 +621,7 @@ module.exports = {
   REPAIR_CAUSES,
   runPlannerOnce,
   renderPlannerTerminal,
+  decidePostToolUse,
   decidePreToolUse,
   renderEnforceTerminal,
   runEnforceInstall,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "getprismo",
-  "version": "0.1.42",
+  "version": "0.1.44",
   "description": "Local AI coding workflow scanner for Codex, Claude Code, Cursor, and token-waste diagnostics.",
   "license": "MIT",
   "homepage": "https://github.com/shanirsh/prismodev#readme",