getprismo 0.1.43 → 0.1.44

package/README.md

@@ -4,7 +4,7 @@
 [![npm downloads](https://img.shields.io/npm/dw/getprismo.svg)](https://www.npmjs.com/package/getprismo)
 [![license: MIT](https://img.shields.io/badge/license-MIT-green.svg)](LICENSE)
 
-an autonomous cost agent for ai coding. it finds token waste, fixes the cause, verifies the fix against your next sessions in dollars, and escalates or backs off based on what actually worked. unattended.
+an agent control plane for ai coding. it watches local coding agents, finds token waste, stages or executes safe interventions, verifies the fix against your next sessions in dollars, and escalates or backs off based on what actually worked. unattended.
 
 ```bash
 npx getprismo doctor
@@ -20,7 +20,7 @@ ai coding agents (claude code, codex, cursor) burn tokens on things that don't h
 
 most developers don't realize this is happening until the bill arrives or the agent starts looping.
 
-prismodev catches it before, during, and after.
+prismodev gives you a control plane for it before, during, and after.
 
 ---
 
@@ -39,12 +39,13 @@ postmortem          npx getprismo replay
 weekly receipt      npx getprismo digest
 workspace agent     npx getprismo agent --watch
 agent-native        npx getprismo mcp
+optional bridge     npx getprismo bridge
 ```
 
 **doctor** diagnoses the repo, applies safe fixes, and shows the before/after score.
 **repair** runs the targeted fix for one waste cause; `repair auto` lets the planner pick.
 **enforce** turns the context firewall into actual runtime enforcement via Claude Code hooks.
-**digest** prints the verified-savings summary for the week, ready to paste into Slack.
+**digest** prints the launch report: verified saved tokens/dollars first, live prevention clearly labeled as estimated, ready to post or paste into Slack.
 **guard** runs live guardrails, context throttle, rescue prompts, context firewall, and dashboard-ready prevention events.
 **watch** monitors context pressure live and is the lower-level diagnostic view behind guard.
 **receipt** explains what repeated, what output dominated, what artifacts leaked, what likely influenced the run, and a heuristic context-efficiency score.
@@ -52,6 +53,7 @@ agent-native        npx getprismo mcp
 **shield** runs noisy commands without dumping full output back into the agent context.
 **agent** connects Prismo Cloud to your local repo so dashboard actions can safely run on this machine.
 **mcp** exposes PrismoDev as local tools so compatible agents can scan, search shield output, and request scoped context directly.
+**bridge** explains the optional tighter control layer for teams that want Prismo closer to the agent execution path.
 
 ---
 
@@ -107,6 +109,24 @@ enforcement fails open — malformed events or missing policy files allow the ca
 
 ---
 
+## new: optional bridge mode
+
+the background connector is the default. it observes local sessions, syncs safe aggregate telemetry, applies queued repairs, verifies the next sessions, and shows live events in the dashboard. it does not sit in front of every agent action.
+
+bridge mode is optional context for teams that want Prismo closer to the agent execution path, especially for live loop stopping:
+
+```bash
+npx getprismo bridge
+```
+
+- **Claude Code**: hard-block capable today through `npx getprismo enforce install`, which adds a `PreToolUse` hook that can deny blocked-context reads and repeated command loops before they run.
+- **Codex**: visible and repairable through local session logs, guardrails, shield, and MCP. universal hard-blocking needs Codex to run through a wrapper/bridge or expose a pre-tool hook.
+- **Cursor**: visible and repairable through local telemetry and staged repairs. universal hard-blocking needs Cursor to run through a wrapper/bridge or expose a pre-tool hook.
+
+that is why Prismo is not described as a proxy by default. connector mode is safer and simpler; bridge mode is the opt-in path when stronger live interception matters more than staying fully out of the agent execution path.
+
+---
+
 ## what prismodev catches
 
 - missing `.claudeignore` / `.cursorignore` (the biggest single fix for most repos)
@@ -846,6 +866,7 @@ no install needed. npx runs it directly.
 | `shield` | run noisy commands while keeping full output out of chat |
 | `agent` | claim and execute safe Prismo Cloud workspace actions locally |
 | `mcp` | expose PrismoDev tools over local MCP stdio |
+| `bridge` | explain optional bridge mode and live interception levels for Claude Code, Codex, and Cursor |
 | `setup` | detect tools, logs, proxy readiness |
 | `usage` | show raw session token usage |
 | `init` | add npm scripts and .prismo/README.md |
@@ -1156,6 +1177,7 @@ npx getprismo --version
 npx getprismo doctor --help
 npx getprismo repair --help
 npx getprismo enforce --help
+npx getprismo bridge --help
 npx getprismo watch --help
 npx getprismo shield --help
 npx getprismo mcp --help

package/lib/prismo-dev/agent.js

@@ -15,6 +15,7 @@ module.exports = function createAgent(deps) {
     openUrl,
     repairExecutors,
     repairPlanner,
+    getUsageSummary,
   } = deps;
 
   const DEFAULT_WORKSPACE_URL = "https://getprismo.dev/dashboard/dev";
@@ -117,6 +118,29 @@ module.exports = function createAgent(deps) {
     return rootDir;
   }
 
+  function repoPayload(rootDir) {
+    return { pathBasename: path.basename(path.resolve(rootDir || process.cwd())) };
+  }
+
+  function safeReadJson(filePath) {
+    try {
+      if (!fs.existsSync(filePath)) return null;
+      return JSON.parse(fs.readFileSync(filePath, "utf8"));
+    } catch {
+      return null;
+    }
+  }
+
+  function enforceStatePath(rootDir) {
+    return path.join(path.resolve(rootDir || process.cwd()), ".prismo", "enforce-state.json");
+  }
+
+  function summarizeCommand(command) {
+    const value = String(command || "").replace(/\s+/g, " ").trim();
+    if (!value) return "a repeated command";
+    return value.length > 90 ? `${value.slice(0, 87)}...` : value;
+  }
+
   async function updateAction(config, actionId, payload, options = {}) {
     const endpoint = options.endpoint || `${apiBase(config)}/v1/dev/workspace/actions/${actionId}`;
     const response = await requestJson("PATCH", endpoint, config.token, payload, options.timeoutMs || 15000);
@@ -142,6 +166,103 @@ module.exports = function createAgent(deps) {
     return response.data;
   }
 
+  async function sendLiveEvent(config, event, options = {}) {
+    const endpoint = options.liveEventEndpoint || `${apiBase(config)}/v1/dev/workspace/live-events`;
+    try {
+      const body = {
+        phase: "watching",
+        eventType: "status",
+        severity: "info",
+        occurredAt: new Date().toISOString(),
+        ...event,
+      };
+      await requestJson("POST", endpoint, config.token, body, options.timeoutMs || 5000);
+      return true;
+    } catch (_) {
+      return false;
+    }
+  }
+
+  async function publishClaudeLoopStops(config, rootDir, repo, options = {}) {
+    const state = safeReadJson(enforceStatePath(rootDir));
+    const stops = Array.isArray(state?.loopStops) ? state.loopStops : [];
+    if (!stops.length) return 0;
+    let sent = 0;
+    for (const stop of stops.slice(0, 10)) {
+      const ok = await sendLiveEvent(config, {
+        eventId: stop.eventId || `claude-loop-stop-${stop.at || Date.now()}`,
+        phase: "stopped",
+        eventType: "loop_stopped",
+        severity: "success",
+        headline: "Stopped a Claude Code retry loop",
+        detail: `${summarizeCommand(stop.command)} was blocked after ${stop.failures || stop.attempts || 3} repeated ${stop.failures ? "failure" : "attempt"}${(stop.failures || stop.attempts || 3) === 1 ? "" : "s"}.`,
+        repo,
+        targetCause: "context-loop",
+        tokensPrevented: Number(stop.estimatedTokensSaved || 0),
+        occurredAt: stop.at || new Date().toISOString(),
+        payload: {
+          tool: "claude-code",
+          reason: stop.reason || "repeated-command",
+          sessionId: stop.sessionId || null,
+          rawPrompts: false,
+          rawCode: false,
+          rawStdout: false,
+          rawStderr: false,
+        },
+      }, options);
+      if (ok) sent += 1;
+    }
+    return sent;
+  }
+
+  async function publishAgentLoopSignals(config, rootDir, repo, options = {}) {
+    if (!getUsageSummary) return 0;
+    let summary = null;
+    try {
+      summary = getUsageSummary({ cwd: rootDir, limit: options.loopSignalLimit || 8, tool: "all" });
+    } catch {
+      return 0;
+    }
+    const sessions = Array.isArray(summary?.sessions) ? summary.sessions : [];
+    let sent = 0;
+    for (const session of sessions) {
+      const tool = String(session.tool || "unknown").toLowerCase();
+      if (!tool.includes("codex") && !tool.includes("cursor")) continue;
+      const repeated = Array.isArray(session.repeatedCommands)
+        ? session.repeatedCommands.filter((item) => Number(item.count || 0) >= 3)
+        : [];
+      if (!session.loopSuspicion && repeated.length === 0) continue;
+      const command = repeated[0]?.value || null;
+      const count = Number(repeated[0]?.count || 0);
+      const eventTool = tool.includes("codex") ? "codex" : "cursor";
+      const sessionId = String(session.sessionId || session.updatedAt || eventTool);
+      const ok = await sendLiveEvent(config, {
+        eventId: `${eventTool}-loop-detected-${sessionId.replace(/[^a-z0-9_-]/gi, "").slice(0, 48)}-${count || "suspicion"}`,
+        phase: "detected",
+        eventType: "loop_detected",
+        severity: "warning",
+        headline: `${eventTool === "codex" ? "Codex" : "Cursor"} loop pattern detected`,
+        detail: command
+          ? `${summarizeCommand(command)} appeared ${count} times. Prismo can stage guard or shield repairs, but this integration cannot hard-block that agent yet.`
+          : "Repeated tool activity suggests a loop. Prismo can stage guard repairs, but this integration cannot hard-block that agent yet.",
+        repo,
+        targetCause: "context-loop",
+        occurredAt: session.updatedAt || new Date().toISOString(),
+        payload: {
+          tool: eventTool,
+          repeatedCommandCount: count,
+          loopSuspicion: Boolean(session.loopSuspicion),
+          rawPrompts: false,
+          rawCode: false,
+          rawStdout: false,
+          rawStderr: false,
+        },
+      }, options);
+      if (ok) sent += 1;
+    }
+    return sent;
+  }
+
   function runAutoDetect(rootDir, options = {}) {
     const mode = options.mode || "autopilot";
     const startedAt = new Date().toISOString();
@@ -417,23 +538,72 @@ module.exports = function createAgent(deps) {
 
     const mode = options.mode || "autopilot";
     const pollTime = new Date().toISOString();
+    const repo = repoPayload(rootDir);
 
     try {
       await sendHeartbeat(config, { mode, status: "online", lastPollAt: pollTime }, options);
     } catch (_) {}
+    await sendLiveEvent(config, {
+      eventId: `heartbeat-${repo.pathBasename}-${pollTime.slice(0, 16)}`,
+      phase: "watching",
+      eventType: "heartbeat",
+      headline: "Connector is watching this repo",
+      detail: `Mode: ${mode}. Polling for safe repairs and syncing telemetry.`,
+      repo,
+    }, options);
+    await publishClaudeLoopStops(config, rootDir, repo, options);
+    await publishAgentLoopSignals(config, rootDir, repo, options);
 
     let autoDetectResult = null;
     if (options.autoDetect) {
       autoDetectResult = runAutoDetect(rootDir, { mode });
       await reportAutoDetect(config, autoDetectResult, options);
+      await sendLiveEvent(config, {
+        eventId: `auto-detect-${repo.pathBasename}-${autoDetectResult.completedAt || pollTime}`,
+        phase: autoDetectResult.applied ? "fixed" : "detected",
+        eventType: "auto_detect",
+        severity: autoDetectResult.findings.length ? "warning" : "info",
+        headline: autoDetectResult.applied ? "Auto-detect applied safe context fixes" : "Auto-detect scanned the repo",
+        detail: `Score: ${autoDetectResult.score ?? "unknown"}/100. Findings: ${autoDetectResult.findings.length}. Generated ${autoDetectResult.generatedFiles.length} file(s).`,
+        repo,
+        payload: {
+          score: autoDetectResult.score,
+          findings: autoDetectResult.findings.length,
+          generatedFiles: autoDetectResult.generatedFiles,
+          rawPrompts: false,
+          rawCode: false,
+        },
+      }, options);
     }
 
     const actions = await claimActions(config, options);
+    if (actions.length > 0) {
+      await sendLiveEvent(config, {
+        eventId: `actions-claimed-${repo.pathBasename}-${pollTime}`,
+        phase: "detected",
+        eventType: "action_claimed",
+        severity: "info",
+        headline: `Claimed ${actions.length} repair action${actions.length === 1 ? "" : "s"}`,
+        detail: "The local connector is about to apply queued repairs from the workspace.",
+        repo,
+      }, options);
+    }
     const results = [];
     for (const action of actions) {
       if (TERMINAL_STATUSES.has(action.status)) continue;
 
       if (mode === "observe") {
+        await sendLiveEvent(config, {
+          eventId: `action-observed-${action.id}`,
+          phase: "detected",
+          eventType: "action_observed",
+          headline: action.label || "Repair observed",
+          detail: "Observe mode is on, so Prismo did not execute this repair.",
+          repo,
+          actionId: action.id,
+          actionType: action.actionType,
+          targetCause: action.targetCause,
+        }, options);
         results.push({ id: action.id, label: action.label, status: "observed", statusMessage: "Agent is in observe mode. Action not executed." });
         continue;
       }
@@ -443,6 +613,17 @@ module.exports = function createAgent(deps) {
           status: "pending_approval",
           statusMessage: "Agent recommends this action. Waiting for approval in workspace.",
         }, options);
+        await sendLiveEvent(config, {
+          eventId: `action-suggested-${action.id}`,
+          phase: "detected",
+          eventType: "action_suggested",
+          headline: action.label || "Repair needs approval",
+          detail: "Suggest mode is on, so Prismo is waiting for dashboard approval.",
+          repo,
+          actionId: action.id,
+          actionType: action.actionType,
+          targetCause: action.targetCause,
+        }, options);
         results.push({ id: action.id, label: action.label, status: "pending_approval", statusMessage: "Suggested; awaiting approval." });
         continue;
       }
@@ -451,8 +632,39 @@ module.exports = function createAgent(deps) {
         status: "running",
         statusMessage: "Running locally through PrismoDev agent.",
       }, options);
+      await sendLiveEvent(config, {
+        eventId: `action-running-${action.id}`,
+        phase: "detected",
+        eventType: "action_running",
+        headline: action.label || "Repair is running locally",
+        detail: "The connector is applying this repair in your repo now.",
+        repo,
+        actionId: action.id,
+        actionType: action.actionType,
+        targetCause: action.targetCause,
+      }, options);
       const result = await executeAction(action, rootDir, { ...options, _config: config });
       await updateAction(config, action.id, result, options);
+      await sendLiveEvent(config, {
+        eventId: `action-${result.status}-${action.id}`,
+        phase: result.status === "completed" ? "fixed" : "detected",
+        eventType: "action_completed",
+        severity: result.status === "completed" ? "success" : "warning",
+        headline: result.status === "completed" ? `${action.label || "Repair"} applied` : `${action.label || "Repair"} did not complete`,
+        detail: result.statusMessage || null,
+        repo,
+        actionId: action.id,
+        actionType: action.actionType,
+        targetCause: action.targetCause,
+        payload: {
+          status: result.status,
+          result: result.result || null,
+          rawPrompts: false,
+          rawCode: false,
+          rawStdout: false,
+          rawStderr: false,
+        },
+      }, options);
       results.push({ id: action.id, label: action.label, ...result });
     }
 
@@ -478,6 +690,27 @@ module.exports = function createAgent(deps) {
           : false;
         plannerResult.registered = registered;
         if (!registered) await reportPlanner(config, plannerResult, mode, options);
+        await sendLiveEvent(config, {
+          eventId: plannerResult.decision
+            ? `self-repair-${plannerResult.decision.cause}-${plannerResult.generatedAt || pollTime}`
+            : `self-repair-none-${repo.pathBasename}-${pollTime.slice(0, 16)}`,
+          phase: plannerResult.executed ? "fixed" : "watching",
+          eventType: "self_repair",
+          severity: plannerResult.decision ? "info" : "info",
+          headline: plannerResult.decision ? `Self-repair checked ${plannerResult.decision.cause}` : "Self-repair found nothing to run",
+          detail: plannerResult.decision
+            ? (plannerResult.outcome?.statusMessage || plannerResult.decision.reason)
+            : "Current sessions do not need another automated repair.",
+          repo,
+          targetCause: plannerResult.decision?.cause || null,
+          payload: {
+            decision: plannerResult.decision || null,
+            executed: Boolean(plannerResult.executed),
+            registered: Boolean(plannerResult.registered),
+            rawPrompts: false,
+            rawCode: false,
+          },
+        }, options);
       } catch (error) {
         plannerResult = { error: error && error.message ? error.message : String(error) };
       }
@@ -493,11 +726,39 @@ module.exports = function createAgent(deps) {
           estimatedWastedTokens: Number(result.aggregate?.estimatedWastedTokens || 0),
           wastePercent: Number(result.aggregate?.wastePercent || 0),
         };
+        await sendLiveEvent(config, {
+          eventId: `sync-${repo.pathBasename}-${new Date().toISOString().slice(0, 16)}`,
+          phase: "watching",
+          eventType: "sync",
+          severity: result.synced ? "info" : "warning",
+          headline: result.synced ? "Telemetry synced" : "Telemetry sync did not complete",
+          detail: result.synced
+            ? `${syncResult.sessions} session(s), ${syncResult.estimatedWastedTokens.toLocaleString()} likely wasted tokens.`
+            : (result.error || "Sync did not complete."),
+          repo,
+          tokensObserved: Number(result.aggregate?.displayTokens || result.aggregate?.contextTokens || result.aggregate?.exactTokens || 0),
+          payload: {
+            aggregate: result.aggregate || null,
+            rawPrompts: false,
+            rawCode: false,
+            rawStdout: false,
+            rawStderr: false,
+          },
+        }, options);
       } catch (error) {
         syncResult = {
           synced: false,
           error: error && error.message ? error.message : String(error),
         };
+        await sendLiveEvent(config, {
+          eventId: `sync-failed-${repo.pathBasename}-${new Date().toISOString().slice(0, 16)}`,
+          phase: "detected",
+          eventType: "sync_failed",
+          severity: "warning",
+          headline: "Telemetry sync failed",
+          detail: syncResult.error,
+          repo,
+        }, options);
       }
     }
 
@@ -682,6 +943,7 @@ module.exports = function createAgent(deps) {
     runAgentOnce,
     runAutoDetect,
     sendHeartbeat,
+    sendLiveEvent,
     updateAction,
     VALID_MODES,
   };

package/lib/prismo-dev/cli.js

@@ -6,7 +6,7 @@ const VALID_COMMANDS = new Set([
   "connect", "sync", "status", "disconnect", "agent", "connector", "setup", "scan", "digest",
   "optimize", "context", "cc", "cursor", "receipt", "instructions",
   "timeline", "replay", "boundaries", "usage", "guard", "watch", "demo", "repair",
-  "enforce", "hook",
+  "enforce", "bridge", "hook",
 ]);
 
 function parseTokenBudget(value) {
@@ -151,7 +151,7 @@ function createCli(deps) {
       return;
     }
     if (!VALID_COMMANDS.has(command)) {
-      throw new Error(`Unknown command: ${command}. Try: prismo connect, prismo connector, prismo agent, prismo guard, prismo sync, prismo doctor, prismo watch, prismo receipt, prismo benchmark, prismo shield, prismo mcp, prismo firewall, prismo init, prismo scan, prismo optimize, prismo context, prismo cc, prismo cursor, or prismo usage`);
+      throw new Error(`Unknown command: ${command}. Try: prismo connect, prismo connector, prismo bridge, prismo agent, prismo guard, prismo sync, prismo doctor, prismo watch, prismo receipt, prismo benchmark, prismo shield, prismo mcp, prismo firewall, prismo init, prismo scan, prismo optimize, prismo context, prismo cc, prismo cursor, or prismo usage`);
     }
 
     if (command === "demo") {
@@ -851,6 +851,70 @@ function createCli(deps) {
       return;
     }
 
+    if (command === "bridge") {
+      const json = rest.includes("--json");
+      const target = getPositionals(rest, new Set())[0] || process.cwd();
+      const result = {
+        schemaVersion: 1,
+        command: "bridge",
+        optional: true,
+        root: path.resolve(target),
+        why: "The connector observes, repairs, and verifies by default. Bridge mode is optional when you want Prismo closer to the agent execution path so loops and blocked context can be stopped earlier.",
+        defaultMode: {
+          name: "connector",
+          command: `${NPX_COMMAND} connector install`,
+          behavior: "syncs telemetry, applies safe repairs, and shows live events without sitting in front of every agent action",
+        },
+        agents: [
+          {
+            tool: "Claude Code",
+            level: "hard-block",
+            command: `${NPX_COMMAND} enforce install`,
+            behavior: "uses Claude hooks to deny blocked-context reads and repeated failing command loops before they run",
+          },
+          {
+            tool: "Codex",
+            level: "detect-and-repair",
+            command: `${NPX_COMMAND} mcp`,
+            behavior: "Prismo can detect loops from local sessions and expose tools via MCP/shield; universal hard-blocking needs a Codex pre-tool hook or wrapper",
+          },
+          {
+            tool: "Cursor",
+            level: "detect-and-repair",
+            command: `${NPX_COMMAND} mcp`,
+            behavior: "Prismo can detect loop patterns from Cursor telemetry and stage repairs; universal hard-blocking needs a Cursor pre-tool hook or wrapper",
+          },
+        ],
+        privacy: {
+          rawPrompts: false,
+          rawCode: false,
+          rawStdout: false,
+          rawStderr: false,
+        },
+      };
+      if (json) console.log(JSON.stringify(result, null, 2));
+      else {
+        console.log("");
+        console.log("PrismoDev Bridge");
+        console.log("");
+        console.log("Optional control layer for teams that want stronger live interception.");
+        console.log("");
+        console.log(`Default connector: ${result.defaultMode.command}`);
+        console.log(`  ${result.defaultMode.behavior}`);
+        console.log("");
+        console.log("Agent control levels");
+        result.agents.forEach((agent) => {
+          console.log(`- ${agent.tool}: ${agent.level}`);
+          console.log(`  ${agent.behavior}`);
+          console.log(`  Start with: ${agent.command}`);
+        });
+        console.log("");
+        console.log("Why this exists");
+        console.log(`  ${result.why}`);
+      }
+      return;
+    }
+
     if (command === "usage" || command === "watch") {
       const json = rest.includes("--json");
       const knownTools = new Set(["codex", "claude", "cursor", "all"]);

package/lib/prismo-dev/cloud-sync.js

@@ -458,7 +458,10 @@ module.exports = function createCloudSync(deps) {
       lines.push(`Could not load digest${result.error ? `: ${result.error}` : "."}`);
       return lines.join("\n");
     }
-    (result.digest.lines || [result.digest.headline]).forEach((line) => lines.push(line));
+    const reportLines = result.digest.launchReportLines && result.digest.launchReportLines.length
+      ? result.digest.launchReportLines
+      : (result.digest.lines || [result.digest.headline]);
+    reportLines.forEach((line) => lines.push(line));
     if (result.localEnforcement) {
       lines.push(`Local enforcement: ${result.localEnforcement.denials} denial(s), ~${result.localEnforcement.estimatedTokensSaved.toLocaleString()} tokens kept out of context on this machine.`);
     }

package/lib/prismo-dev/connector.js

@@ -8,9 +8,9 @@ module.exports = function createConnector(deps) {
   } = deps;
 
   const LABEL = "dev.getprismo.connector";
-  const BACKGROUND_COMMAND = String(NPX_COMMAND || "").includes(" -y ")
+  const BACKGROUND_COMMAND = process.env.PRISMO_CONNECTOR_COMMAND || (String(NPX_COMMAND || "").includes(" -y ")
     ? NPX_COMMAND
-    : "npx -y getprismo@latest";
+    : "npx -y getprismo@latest");
 
   function prismoHome() {
     return process.env.PRISMO_HOME || path.join(os.homedir(), ".prismo");
@@ -87,6 +87,7 @@ module.exports = function createConnector(deps) {
     const contents = [
       "#!/bin/sh",
       "set -eu",
+      "export PATH=\"/opt/homebrew/bin:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:$PATH\"",
       `cd ${shellEscape(root)}`,
       `exec ${command}`,
       "",

package/lib/prismo-dev/enforce.js

@@ -91,6 +91,27 @@ module.exports = function createEnforce(deps) {
     writeState(root, state);
   }
 
+  function recordLoopStop(root, state, payload) {
+    const loopStops = Array.isArray(state.loopStops) ? state.loopStops : [];
+    const at = new Date().toISOString();
+    const command = String(payload.command || "").slice(0, 240);
+    const reason = payload.reason || "repeated-command";
+    const sessionId = payload.sessionId || "unknown";
+    const eventId = `claude-loop-stop-${sessionId}-${Buffer.from(`${reason}:${command}`).toString("base64").replace(/[^a-z0-9]/gi, "").slice(0, 24)}-${at.slice(0, 16)}`;
+    state.loopStops = [{
+      eventId,
+      at,
+      tool: "claude-code",
+      command,
+      reason,
+      failures: payload.failures || 0,
+      attempts: payload.attempts || 0,
+      estimatedTokensSaved: LOOP_DENY_TOKEN_ESTIMATE,
+      sessionId,
+    }, ...loopStops].slice(0, DENIAL_LOG_LIMIT);
+    writeState(root, state);
+  }
+
   function estimateBlockedFileTokens(root, target) {
     try {
       const fullPath = path.isAbsolute(target) ? target : path.join(root, target);
@@ -184,6 +205,13 @@ module.exports = function createEnforce(deps) {
         const deniedByAttempts = record.outcomes === 0 && record.attempts >= MAX_IDENTICAL_COMMANDS;
         if (deniedByFailures || deniedByAttempts) {
           recordDenial(root, state, "loop", command, LOOP_DENY_TOKEN_ESTIMATE);
+          recordLoopStop(root, state, {
+            command,
+            sessionId,
+            reason: deniedByFailures ? "repeated-failing-command" : "repeated-identical-command",
+            failures: record.failures,
+            attempts: record.attempts,
+          });
           const observation = deniedByFailures
             ? `this exact command has already failed ${record.failures} times in this session`
             : `this exact command has already run ${record.attempts} times in this session`;

package/lib/prismo-dev/help.js

@@ -14,6 +14,7 @@ Usage:
   prismo mcp doctor [--json] [path]
   prismo connect [--json] [--token TOKEN] [--api-url URL] [--org ORG] [--user USER] [--device NAME]
   prismo connector [status|install|start|stop|uninstall] [--json] [--interval N] [--sync-interval N] [--mode observe|suggest|autopilot] [path]
+  prismo bridge [--json] [path]
   prismo sync [--json] [--dry-run] [--watch] [--interval N] [--limit N] [--tool all|codex|claude|cursor] [path]
   prismo status [--json]
   prismo digest [--json] [--days N]
@@ -49,9 +50,10 @@ Commands:
   mcp         Start a local MCP server exposing Prismo tools over stdio.
   connect     Store a PrismoDev cloud connection for seamless dashboard sync.
   connector   Install or manage the background Prismo Workspace connector.
+  bridge     Explain optional agent bridge mode and live interception levels.
   sync        Send safe aggregate local agent telemetry to Prismo; use --watch for background-style sync.
   status      Show local PrismoDev connection and last sync state.
-  digest      Print the verified-savings summary for the last N days, ready to paste into Slack.
+  digest      Print the launch report: verified saved tokens/dollars first, with live prevention labeled estimated.
   disconnect  Remove the local PrismoDev cloud connection.
   agent       Claim and execute safe workspace actions queued from Prismo Cloud.
   scan        Run PrismoDev for Claude Code, Codex, Cursor, and AI coding workflows.
@@ -520,6 +522,24 @@ Output:
   On macOS this creates a LaunchAgent so Prismo stays online after the terminal closes.
   The connector claims safe repairs queued from Prismo Cloud, runs them locally, continuously syncs aggregate telemetry, and reports status back.
   It does not upload prompts, source code, file contents, stdout, stderr, or full command logs.`,
+  bridge: `PrismoDev Bridge
+
+Usage:
+  prismo bridge [--json] [path]
+
+Examples:
+  prismo bridge
+  prismo bridge --json
+
+What this explains:
+  Bridge mode is optional. The connector is still the default: it observes local agent sessions, applies safe queued repairs, verifies impact, and shows live events without sitting in front of every agent action.
+
+Agent control levels:
+  Claude Code can use "prismo enforce install" for hard-blocking through PreToolUse hooks.
+  Codex and Cursor can be detected and repaired through local logs, MCP, shield, and guardrails. Universal hard-blocking needs a wrapper, bridge, or deeper pre-tool hook from those agents.
+
+Privacy:
+  Bridge status does not upload raw prompts, source code, stdout, stderr, or full command logs.`,
   sync: `PrismoDev Sync
 
 Usage:

package/lib/prismo-dev-scan.js

@@ -381,6 +381,7 @@ const {
   openUrl,
   repairExecutors,
   repairPlanner,
+  getUsageSummary,
 });
 
 const {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "getprismo",
-  "version": "0.1.43",
+  "version": "0.1.44",
   "description": "Local AI coding workflow scanner for Codex, Claude Code, Cursor, and token-waste diagnostics.",
   "license": "MIT",
   "homepage": "https://github.com/shanirsh/prismodev#readme",