nexus-prime 7.9.26 → 7.9.28

package/README.md

@@ -38,9 +38,9 @@
   <a href="https://www.producthunt.com/products/nexus-prime?embed=true&utm_source=badge-featured&utm_medium=badge&utm_campaign=badge-nexus-prime" target="_blank" rel="noopener noreferrer"><img alt="Nexus-Prime — Product Hunt" width="250" height="54" src="https://api.producthunt.com/widgets/embed-image/v1/featured.svg?post_id=1096831&theme=dark&t=1773345508816"></a>
 </div>
 
-> **Coding agents were never built to remember. Nexus Prime gives them a memory.**
+> **Stop restarting your coding agents from zero.**
 >
-> Install once. Every coding agent on your machine gets smarter — together.
+> Nexus Prime gives Claude Code, Codex, Cursor, Windsurf, OpenCode, Aider, and the rest of your local agent stack one shared memory, one proof trail, and one dashboard for what actually happened.
 
 ---
 
@@ -74,6 +74,18 @@ Agents should start with `nexus_session_bootstrap`, then route the raw request t
 
 ---
 
+## Why teams install it
+
+Nexus Prime is the local-first control plane for serious AI-assisted coding.
+
+- **Shared memory for every agent.** Your tools stop acting like strangers and start carrying useful context across sessions.
+- **Lower token waste.** Nexus routes agents toward the files and facts that matter instead of rereading the repo every turn.
+- **Runtime truth you can inspect.** The dashboard shows runs, memory, token savings, and agent activity instead of hiding the messy parts.
+- **Safer multi-file work.** Planning, verification, and handoff state stay attached to the repo, so interrupted work is easier to resume and review.
+- **Local by default.** Your code and agent memory stay on your machine unless you explicitly opt into something else.
+
+---
+
 ## The problem
 
 Every coding agent you use starts every session cold.
@@ -84,7 +96,7 @@ One tracked session was measured at **100,000,000 tokens**. Ninety-nine point fo
 
 This is **agent amnesia** — and it's the quiet tax on every hour you spend with AI-assisted coding.
 
-**Nexus Prime ends it.**
+**Nexus Prime turns that cold start into a remembered workspace.**
 
 ---
 
@@ -447,7 +459,8 @@ Nexus Prime was designed privacy-first, because the code on your machine is your
 |---------|-------------------|
 | 💬 [**Discord**](https://discord.gg/tByGZgk5gS) | Real-time help, show-and-tell, feature ideas |
 | 🔴 [**Reddit — r/Nexus_Prime**](https://www.reddit.com/r/Nexus_Prime/) | Long-form posts, releases, community wins |
-| 🐦 [**X / Twitter**](https://x.com/nexusprime_ai) | Launch announcements, tips, updates |
+| 🐦 [**X / Twitter**](https://x.com/getnexusprime) | Launch announcements, tips, updates |
+| 📸 [**Instagram**](https://www.instagram.com/nexus_prime.cfd/) | Product clips, launch updates, behind-the-scenes |
 | 📧 [**adarsh@nexus-prime.cfd**](mailto:adarsh@nexus-prime.cfd) | License requests, upgrades, pilots, enterprise |
 | 📧 [**hello@nexus-prime.cfd**](mailto:hello@nexus-prime.cfd) | General support, press, community |
 | 🌐 [**nexus-prime.cfd**](https://nexus-prime.cfd) | Product site, demos, pricing, setup guides |

package/dist/agents/adapters/mcp/definitions.js

@@ -238,7 +238,7 @@ export function buildMcpToolDefinitions() {
                 properties: {
                     goal: { type: 'string', description: 'Raw goal or task description for this session' },
                     files: { type: 'array', items: { type: 'string' }, description: 'Optional candidate file constraints' },
-                    detailLevel: { type: 'string', enum: ['compact', 'standard', 'debug'], description: 'Response verbosity; defaults to compact for MCP callers' },
+                    detailLevel: { type: 'string', enum: ['compact', 'standard', 'debug', 'full'], description: 'Response verbosity; defaults to compact for MCP callers' },
                     depth: { type: 'string', enum: ['fast', 'deep'], description: 'Optional bootstrap depth override; defaults to fast unless debug mode is requested' },
                     include: { type: 'array', items: { type: 'string' }, description: 'Optional rich payload sections to include for advanced clients' },
                     intent: { type: 'string', enum: ['inspect', 'plan', 'mutate'], description: 'Requested orchestration stance for the bootstrap summary' },
@@ -268,7 +268,7 @@ export function buildMcpToolDefinitions() {
                 properties: {
                     prompt: { type: 'string', description: 'Raw prompt or objective to orchestrate end-to-end' },
                     files: { type: 'array', items: { type: 'string' }, description: 'Optional hard constraints for candidate files' },
-                    detailLevel: { type: 'string', enum: ['compact', 'standard', 'debug'], description: 'Response verbosity; defaults to compact for MCP callers' },
+                    detailLevel: { type: 'string', enum: ['compact', 'standard', 'debug', 'full'], description: 'Response verbosity; defaults to compact for MCP callers' },
                     intent: { type: 'string', enum: ['inspect', 'plan', 'mutate'], description: 'Requested orchestration stance; inspect/plan should stay read-only' },
                     topology: { type: 'string', enum: ['auto', 'manager-tools', 'handoff', 'dag-pool', 'worktree-swarm'], description: 'Requested orchestration topology hint' },
                     workers: { type: 'number', description: 'Optional worker override' },
@@ -282,6 +282,7 @@ export function buildMcpToolDefinitions() {
                     executionPreset: { type: 'string', enum: ['fast', 'balanced', 'deep', 'release'], description: 'Optional execution preset that maps orchestration depth, verification strictness, and backend routing' },
                     background: { type: 'boolean', description: 'Compatibility flag; nexus_orchestrate already returns a queued hiring preflight by default and continues in the async gate.' },
                     async: { type: 'boolean', description: 'Alias for background; useful for clients that prefer explicit async orchestration.' },
+                    wait: { type: 'boolean', description: 'Alias for inline/sync execution. Waits up to the MCP-safe bounded window and returns the final result when it completes in time.' },
                     waitMs: { type: 'number', description: 'Advanced/debug bounded wait for inline execution. Clamped to 45 seconds; normal orchestrate calls return a queued preflight immediately.' },
                     inline: { type: 'boolean', description: 'Advanced/debug only: wait for inline orchestrate output instead of the default fast queued preflight.' }
                 },

package/dist/agents/adapters/mcp/dispatch.js

@@ -101,7 +101,10 @@ function shouldReturnQueuedReceipt(toolName, args) {
     if (!SLOW_TOOLS.has(toolName))
         return false;
     if (toolName === 'nexus_orchestrate') {
-        return !isTruthyFlag(args.inline) && !isTruthyFlag(args.sync) && !isTruthyFlag(args.blocking);
+        return !isTruthyFlag(args.inline)
+            && !isTruthyFlag(args.sync)
+            && !isTruthyFlag(args.blocking)
+            && !isTruthyFlag(args.wait);
     }
     return isTruthyFlag(args.background)
         || isTruthyFlag(args.async)
@@ -109,8 +112,13 @@ function shouldReturnQueuedReceipt(toolName, args) {
         || isTruthyFlag(args.detach);
 }
 function resolveMaxSyncMs(toolName, args) {
+    const explicitWait = isTruthyFlag(args.wait)
+        || isTruthyFlag(args.inline)
+        || isTruthyFlag(args.sync)
+        || isTruthyFlag(args.blocking);
     return coerceBoundedWaitMs(args.waitMs)
         ?? coerceBoundedWaitMs(args.maxSyncMs)
+        ?? (toolName === 'nexus_orchestrate' && explicitWait ? MAX_CLIENT_SYNC_WAIT_MS : undefined)
         ?? (toolName === 'nexus_orchestrate' ? ORCHESTRATE_DEFAULT_MAX_SYNC_MS : DEFAULT_MAX_SYNC_MS);
 }
 function asStringList(value) {

package/dist/agents/adapters/mcp/envelope.js

@@ -22,6 +22,8 @@ function renderTable(rows, maxRows = 20) {
 }
 /** Build a compact timing + savings footer line for tool responses. */
 function buildMcpFooter(meta) {
+    if (process.env.NEXUS_MCP_RESPONSE_FOOTER !== '1')
+        return '';
     const ms = meta.durationMs;
     const timing = ms < 1000 ? `${ms}ms` : `${(ms / 1000).toFixed(1)}s`;
     return `\n\n─── nexus-prime · ${meta.toolName} · ${timing} · dashboard: http://localhost:${DASH_PORT}/#runtime ───`;

package/dist/agents/adapters/mcp/handlers/orchestration.js

@@ -275,7 +275,8 @@ export async function handleOrchestrationGroup(toolName, hctx, request, args, ct
             const timings = {
                 totalMs: Date.now() - callStartedAt,
             };
-            const payload = detailLevel === 'debug'
+            const fullBootstrapDetails = detailLevel === 'debug' || detailLevel === 'full';
+            const payload = fullBootstrapDetails
                 ? {
                     depth: bootstrap.depth,
                     workspace,
@@ -390,7 +391,7 @@ export async function handleOrchestrationGroup(toolName, hctx, request, args, ct
                                         return '';
                                     }
                                 })(),
-                                ...(detailLevel === 'debug' ? [
+                                ...(fullBootstrapDetails ? [
                                     `Bootstrap depth: ${bootstrap.depth || bootstrapDepth}`,
                                     `Execution mode: ${bootstrap.recommendedExecutionMode || 'autonomous'}`,
                                     `Shortlist: ${bootstrap.shortlist?.skills?.slice(0, 3).join(', ') || 'none'} (skills), ${bootstrap.shortlist?.specialists?.slice(0, 3).join(', ') || 'none'} (specialists)`,
@@ -410,7 +411,7 @@ export async function handleOrchestrationGroup(toolName, hctx, request, args, ct
                                     `Bootstrap status: ${bootstrap.clientBootstrapStatus?.clients?.length || 0} client manifests tracked`,
                                 ] : []),
                             ]),
-                            detailLevel === 'debug' && bootstrap.tokenOptimization?.autoApplied && bootstrap.tokenOptimization?.plan
+                            fullBootstrapDetails && bootstrap.tokenOptimization?.autoApplied && bootstrap.tokenOptimization?.plan
                                 ? `Auto token plan\n\`\`\`txt\n${bootstrap.tokenOptimization.plan}\n\`\`\``
                                 : '',
                             formatJsonDetails('Structured details', payload),
@@ -547,7 +548,36 @@ export async function handleOrchestrationGroup(toolName, hctx, request, args, ct
                     intent: requestedIntent,
                     topology: requestedTopology,
                 };
+                const verboseDetails = detailLevel === 'debug' || detailLevel === 'full';
                 const compactPayload = {
+                    workspace,
+                    runId: execution.runId,
+                    state: execution.state,
+                    summary: summarizeExecution(execution),
+                    resultPreview: truncateText(execution.result || summarizeExecution(execution), 700),
+                    artifactsPath: execution.artifactsPath,
+                    planner: execution.plannerState
+                        ? {
+                            selectedCrew: execution.plannerState.selectedCrew?.name,
+                            selectedSpecialists: execution.plannerState.selectedSpecialists.slice(0, 4).map((specialist) => specialist.name),
+                            selectedWorkflows: execution.plannerState.selectedWorkflows.slice(0, 4),
+                        }
+                        : undefined,
+                    worktreeHealth: runtimeUsage.worktreeHealth
+                        ? {
+                            repoRoot: runtimeUsage.worktreeHealth.repoRoot,
+                            overall: runtimeUsage.worktreeHealth.overall,
+                            brokenEntries: runtimeUsage.worktreeHealth.brokenEntries,
+                            repairedEntries: runtimeUsage.worktreeHealth.repairedEntries,
+                            issues: runtimeUsage.worktreeHealth.issues,
+                        }
+                        : undefined,
+                    modelRoute: selectionSummary.modelRoute,
+                    verifiedWorkers,
+                    continuationChildren: execution.continuationChildren.length,
+                    timings,
+                };
+                const standardPayload = {
                     workspace,
                     runId: execution.runId,
                     state: execution.state,
@@ -616,31 +646,43 @@ export async function handleOrchestrationGroup(toolName, hctx, request, args, ct
                     timings,
                     payloadRef,
                 };
-                const payload = detailLevel === 'debug' ? debugPayload : compactPayload;
+                const payload = verboseDetails
+                    ? debugPayload
+                    : detailLevel === 'standard'
+                        ? standardPayload
+                        : compactPayload;
+                const verboseResponse = detailLevel !== 'compact';
+                const stateLine = execution.state === 'inspected'
+                    ? 'Orchestrated run inspected (read-only advisory; no diff expected).'
+                    : `Orchestrated run ${execution.state}.`;
                 return {
                     content: [{
                             type: 'text',
                             text: [
                                 upfrontTokenNote ? `[Token plan] ${upfrontTokenNote}` : '',
-                                `Orchestrated run ${execution.state}.`,
+                                stateLine,
                                 formatBullets([
                                     `Workspace: ${workspace.repoName} (${workspace.workspaceSource})`,
                                     `Run ID: ${execution.runId}`,
                                     `Summary: ${summarizeExecution(execution)}`,
                                     `Crew: ${execution.plannerState?.selectedCrew?.name || 'baseline path'}`,
-                                    `Decomposition: ${selectionSummary.phaseCount} phase(s), ${selectionSummary.workerLaneCount} worker lane(s), ${selectionSummary.mode}`,
                                     `Hired/selected: crew ${selectionSummary.crew}; specialists ${formatSelectionList(selectionSummary.specialists)}; workflows ${formatSelectionList(selectionSummary.workflows)}; skills ${formatSelectionList(selectionSummary.skills)}`,
-                                    `Model route: ${formatModelRoute(selectionSummary.modelRoute)}`,
-                                    `Budget route: ${selectionSummary.budgetRoute || 'budget pending'}`,
-                                    selectionSummary.agentFlow?.stages?.length
-                                        ? `AgentFlow gates: ${selectionSummary.agentFlow.stages.map((stage) => `${stage.stage}:${stage.ownerRole}`).join(' -> ')}`
-                                        : null,
-                                    `Selection audit: ${selectionSummary.auditSelected} selected, ${selectionSummary.auditRejected} rejected`,
+                                    ...(verboseResponse ? [
+                                        `Decomposition: ${selectionSummary.phaseCount} phase(s), ${selectionSummary.workerLaneCount} worker lane(s), ${selectionSummary.mode}`,
+                                        `Model route: ${formatModelRoute(selectionSummary.modelRoute)}`,
+                                        `Budget route: ${selectionSummary.budgetRoute || 'budget pending'}`,
+                                        selectionSummary.agentFlow?.stages?.length
+                                            ? `AgentFlow gates: ${selectionSummary.agentFlow.stages.map((stage) => `${stage.stage}:${stage.ownerRole}`).join(' -> ')}`
+                                            : null,
+                                        `Selection audit: ${selectionSummary.auditSelected} selected, ${selectionSummary.auditRejected} rejected`,
+                                    ] : [
+                                        `Model route: ${formatModelRoute(selectionSummary.modelRoute)}`,
+                                    ]),
                                     `Verification: ${verifiedWorkers}/${execution.workerResults.length} worker(s) verified`,
-                                    `Tokens: saved ${Number(execution.tokenTelemetry?.savedTokens || 0).toLocaleString()} · compression ${Number(execution.tokenTelemetry?.compressionPct || 0)}%`,
+                                    verboseResponse ? `Tokens: saved ${Number(execution.tokenTelemetry?.savedTokens || 0).toLocaleString()} · compression ${Number(execution.tokenTelemetry?.compressionPct || 0)}%` : null,
                                     autoTokenApplyNote || null,
-                                    `Payload ref: ${workspace.stateKey} · ${detailLevel}`,
-                                    ...(detailLevel === 'debug' ? [
+                                    verboseResponse ? `Payload ref: ${workspace.stateKey} · ${detailLevel}` : null,
+                                    ...(verboseDetails ? [
                                         `Specialists: ${execution.plannerState?.selectedSpecialists.map((specialist) => specialist.name).slice(0, 4).join(', ') || 'none selected'}`,
                                         `Assets: ${(execution.activeSkills || []).length} skills · ${(execution.activeWorkflows || []).length} workflows · ${(runtimeUsage.artifactSelectionAudit?.selected?.length || 0)} audited selections`,
                                         `Task graph: ${runtimeUsage.taskGraph?.phases?.length || execution.taskGraph?.phases?.length || 0} phases · ${runtimeUsage.workerPlan?.totalWorkers || execution.workerPlan?.totalWorkers || 0} workers`,
@@ -652,9 +694,9 @@ export async function handleOrchestrationGroup(toolName, hctx, request, args, ct
                                         `Payload ref: ${workspace.stateKey} · ${detailLevel}`,
                                     ] : []),
                                 ]),
-                                detailLevel === 'debug' && execution.result ? `Result\n\`\`\`\n${execution.result}\n\`\`\`` : `Result preview\n\`\`\`\n${truncateText(execution.result || summarizeExecution(execution), 900)}\n\`\`\``,
+                                verboseDetails && execution.result ? `Result\n\`\`\`\n${execution.result}\n\`\`\`` : `Result preview\n\`\`\`\n${truncateText(execution.result || summarizeExecution(execution), 900)}\n\`\`\``,
                                 formatJsonDetails('Structured details', payload),
-                                hctx.formatRemainingProtocolSteps(),
+                                verboseResponse ? hctx.formatRemainingProtocolSteps() : '',
                             ].filter(Boolean).join('\n\n'),
                         }],
                 };
@@ -684,7 +726,7 @@ export async function handleOrchestrationGroup(toolName, hctx, request, args, ct
                                     runtimeUsage?.skipReasons?.length ? `Skipped stages: ${runtimeUsage.skipReasons.join(' · ')}` : 'Skipped stages: not recorded',
                                 ]),
                                 formatJsonDetails('Structured details', payload),
-                                hctx.formatRemainingProtocolSteps(),
+                                detailLevel !== 'compact' ? hctx.formatRemainingProtocolSteps() : '',
                             ].join('\n\n'),
                         }],
                 };

package/dist/agents/adapters/mcp/helpers.js

@@ -90,7 +90,7 @@ export function formatJsonDetails(label, value) {
 }
 export function normalizeDetailLevel(value) {
     const normalized = String(value ?? 'compact').toLowerCase();
-    if (normalized === 'standard' || normalized === 'debug')
+    if (normalized === 'standard' || normalized === 'debug' || normalized === 'full')
         return normalized;
     return 'compact';
 }
@@ -100,7 +100,7 @@ export function normalizeBootstrapDepth(value, detailLevel) {
         return 'deep';
     if (normalized === 'fast')
         return 'fast';
-    return detailLevel === 'debug' ? 'deep' : 'fast';
+    return detailLevel === 'debug' || detailLevel === 'full' ? 'deep' : 'fast';
 }
 export function normalizeResponseIntent(value) {
     const normalized = String(value ?? 'inspect').toLowerCase();

package/dist/agents/adapters/mcp/types.d.ts

@@ -14,7 +14,7 @@ import type { SessionDNAManager } from '../../../engines/session-dna.js';
 import type { NgramIndex } from '../../../engines/ngram-index.js';
 export type McpToolProfile = 'autonomous' | 'full';
 export type LifecyclePhase = 'pre-bootstrap' | 'bootstrapped' | 'orchestrated' | 'working' | 'closing';
-export type ResponseDetailLevel = 'compact' | 'standard' | 'debug';
+export type ResponseDetailLevel = 'compact' | 'standard' | 'debug' | 'full';
 export type ResponseIntent = 'inspect' | 'plan' | 'mutate';
 export type ResponseTopology = 'auto' | 'manager-tools' | 'handoff' | 'dag-pool' | 'worktree-swarm';
 /** Session-level telemetry tracker. Moved to types.ts so handler files can

package/dist/cli.js

@@ -40,6 +40,7 @@ import { runReset } from './cli/reset.js';
 import { runUninstall } from './cli/uninstall.js';
 import { runCleanup } from './cli/cleanup.js';
 import { runDoctorStorage } from './cli/doctor-storage.js';
+import { formatNexusProofReport, verifyNexusProof } from './engines/nexus-proof.js';
 const tokenEngine = new TokenSupremacyEngine();
 import { getNexusHookSpec, writeNexusClaudeCodeHooks, } from './install/claude-code-hooks.js';
 /**
@@ -1886,6 +1887,34 @@ program
         nexus = null;
     }
 });
+program
+    .command('proof')
+    .description('Inspect Nexus Prime provenance, signatures, and opt-in proof telemetry')
+    .addCommand(new Command('verify')
+    .description('Verify Nexus Prime PR presence, generated commit trailers, artifact signatures, and telemetry redaction')
+    .option('--repo-root <path>', 'Repo root to verify (default: cwd)')
+    .option('--pr-body <path>', 'Generated pull request body markdown to verify')
+    .option('--commit-message <path>', 'Generated commit message file to verify')
+    .option('--artifact <path...>', 'Generated artifact/document files to verify')
+    .option('--strict', 'Treat warnings as failures')
+    .option('--json', 'Output raw JSON')
+    .action(async (options) => {
+    const summary = await verifyNexusProof({
+        repoRoot: options.repoRoot ? path.resolve(options.repoRoot) : getWorkspaceRoot(),
+        prBodyPath: options.prBody ? path.resolve(options.prBody) : undefined,
+        commitMessagePath: options.commitMessage ? path.resolve(options.commitMessage) : undefined,
+        artifactPaths: (options.artifact ?? []).map((artifactPath) => path.resolve(artifactPath)),
+    });
+    if (options.json) {
+        console.log(JSON.stringify(summary, null, 2));
+    }
+    else {
+        console.log(formatNexusProofReport(summary));
+    }
+    if (summary.failed > 0 || (options.strict && summary.warnings > 0)) {
+        process.exitCode = 1;
+    }
+}));
 program
     .command('memory-hygiene')
     .description('Inspect or apply memory hygiene to reduce duplicate and low-signal memories')

package/dist/dashboard/app/views/trust.js

@@ -57,10 +57,20 @@ export function render(data) {
     const synapseHealth = Array.isArray(data.synapseHealth) ? data.synapseHealth : [];
     const approvals  = Array.isArray(data.synapseApprovals) ? data.synapseApprovals : [];
     const escalations = Array.isArray(data.architectsEscalations) ? data.architectsEscalations : [];
+    const nexusProof = data.nexusProof ?? {};
 
     container.innerHTML = `
         <div class="trust-grid">
 
+            <!-- Nexus Prime proof card -->
+            <div class="card trust-card trust-card-wide">
+                <div class="trust-card-hd">
+                    <span class="trust-card-title">Nexus Prime proof</span>
+                    <span class="chip ${nexusProof.status === 'verified' ? 'chip-ok' : nexusProof.status === 'failed' ? 'chip-bad' : 'chip-warn'}">${esc(nexusProof.status ?? 'unknown')}</span>
+                </div>
+                ${_nexusProofSection(nexusProof)}
+            </div>
+
             <!-- Security posture card -->
             <div class="card trust-card">
                 <div class="trust-card-hd">
@@ -188,6 +198,37 @@ function _postureRows(gov) {
     ).join('');
 }
 
+function _nexusProofSection(proof) {
+    const telemetry = proof.telemetry ?? {};
+    const totals = telemetry.localTotals ?? {};
+    const checks = Array.isArray(proof.checks) ? proof.checks : [];
+    const events = Array.isArray(proof.proofEvents) ? proof.proofEvents : [];
+    return `
+        <div class="trust-posture-body">
+            <div class="trust-row"><span class="trust-row-k">Website</span><span class="trust-row-v">${esc(proof.website ?? 'https://nexus-prime.cfd/')}</span></div>
+            <div class="trust-row"><span class="trust-row-k">Checks</span><span class="trust-row-v">${esc(`${proof.passed ?? 0} passed · ${proof.warnings ?? 0} warning(s) · ${proof.failed ?? 0} failed`)}</span></div>
+            <div class="trust-row"><span class="trust-row-k">Telemetry</span><span class="trust-row-v">${telemetry.optedIn ? 'opted in' : 'off'} · ${telemetry.endpointConfigured ? 'endpoint ready' : 'local only'}</span></div>
+            <div class="trust-row"><span class="trust-row-k">Proof events</span><span class="trust-row-v">${esc(`${totals.prPresence ?? 0} PR · ${totals.commitAttributions ?? 0} commit · ${totals.documentsSigned ?? 0} doc · ${totals.releasesVerified ?? 0} release`)}</span></div>
+        </div>
+        <div class="trust-event-list" style="margin-top:10px">
+            ${checks.slice(0, 6).map(check => _proofCheckRow(check)).join('')}
+        </div>
+        <div class="empty-sub" style="margin-top:8px">${esc(events.slice(0, 6).join(' · '))}</div>
+    `;
+}
+
+function _proofCheckRow(check) {
+    const chip = check.status === 'pass' ? 'chip-ok' : check.status === 'fail' ? 'chip-bad' : 'chip-warn';
+    return `
+        <div class="trust-event-row">
+            <div class="trust-event-main">
+                <span class="chip ${chip}">${esc(check.status ?? 'unknown')}</span>
+                <span class="trust-event-type">${esc(check.label ?? check.id ?? 'proof check')}</span>
+                ${check.detail ? `<span style="color:var(--text-muted);font-size:var(--text-sm)">${esc(String(check.detail).slice(0, 110))}</span>` : ''}
+            </div>
+        </div>`;
+}
+
 function _auditRow(e, idx) {
     return `
         <div class="trust-event-row">

package/dist/dashboard/selectors/trust-selector.js

@@ -1,4 +1,6 @@
 import { getSharedGovernor } from '../../engines/machine-efficiency/index.js';
+import { verifyNexusProof } from '../../engines/nexus-proof.js';
+import { getSharedTelemetry } from '../../engines/telemetry-remote.js';
 import { serializeMemoryAudit, serializeMemoryQuarantine } from '../serializers/memory-serializer.js';
 import { collectDashboardBaseState } from './summary-selector.js';
 export async function buildTrustSurface(ctx, url) {
@@ -7,6 +9,8 @@ export async function buildTrustSurface(ctx, url) {
     const governorState = governor.getState();
     const synapseTeams = ctx.getSynapse()?.getStrikeTeamStatus?.();
     const synapseHealth = ctx.getSynapse()?.getOperativeHealth?.();
+    const telemetryStats = getSharedTelemetry().getStats();
+    const proofSummary = await verifyNexusProof({ repoRoot: ctx.repoRoot });
     return {
         repoIdentity: state.snapshot?.repoIdentity ?? ctx.getSelectedRepoIdentity(url),
         usage: state.usage,
@@ -29,6 +33,22 @@ export async function buildTrustSurface(ctx, url) {
             : ctx.getClientRegistry()?.listClients(ctx.getAdapters()) ?? [],
         primaryClient: state.snapshot?.clients?.primary ?? ctx.getClientRegistry()?.getPrimaryClient(ctx.getAdapters()) ?? null,
         nexusLayer: state.layer?.getSummary(state.snapshot?.orchestration?.sessionId) ?? null,
+        nexusProof: {
+            ...proofSummary,
+            telemetry: {
+                optedIn: telemetryStats.optedIn,
+                queuedEvents: telemetryStats.queuedEvents,
+                endpointConfigured: telemetryStats.endpointConfigured,
+                remoteStatsConfigured: telemetryStats.remoteStatsConfigured,
+                localTotals: {
+                    prPresence: telemetryStats.totalPrPresence,
+                    commitAttributions: telemetryStats.totalCommitAttributions,
+                    documentsSigned: telemetryStats.totalDocumentsSigned,
+                    releasesVerified: telemetryStats.totalReleasesVerified,
+                    proofBadgeViews: telemetryStats.totalProofBadgeViews,
+                },
+            },
+        },
         machinePressure: governorState.pressureLevel,
         activeWorktrees: governorState.activeWorktrees,
         governor: governorState,

package/dist/dashboard/types.d.ts

@@ -268,6 +268,7 @@ export interface TrustSurfaceDTO {
     clients: unknown[];
     primaryClient: unknown;
     nexusLayer: unknown;
+    nexusProof: unknown;
     machinePressure: PressureLevel;
     activeWorktrees: number;
     governor: GovernorState;

package/dist/engines/github-bridge.d.ts

@@ -1,3 +1,4 @@
+import { type RemoteTelemetry } from './telemetry-remote.js';
 export interface GithubBridgeDetection {
     available: boolean;
     method: 'gh-cli' | 'token' | 'none';
@@ -21,7 +22,8 @@ export interface GithubPromotionResult {
 }
 export declare class GithubBridge {
     private readonly defaultCwd;
-    constructor(defaultCwd?: string);
+    private readonly telemetry?;
+    constructor(defaultCwd?: string, telemetry?: Pick<RemoteTelemetry, 'trackProductEvent'>);
     detect(cwd?: string): GithubBridgeDetection;
     promoteToPR(input: GithubPromotionInput): Promise<GithubPromotionResult>;
     private createPullRequestViaApi;
@@ -29,6 +31,7 @@ export declare class GithubBridge {
     private resolveRepo;
     private detectBaseBranch;
     private buildBranchName;
+    private renderCommitBody;
     private renderPrBody;
     private safeExec;
     shareAsGist(pattern: {
@@ -40,5 +43,7 @@ export declare class GithubBridge {
         localPath?: string;
     }>;
     private shellQuote;
+    private telemetryConsentLabel;
+    private trackProductEvent;
 }
 export declare function getSharedGithubBridge(cwd?: string): GithubBridge;

package/dist/engines/github-bridge.js

@@ -3,10 +3,14 @@ import * as path from 'path';
 import { execSync } from 'child_process';
 import { createHash } from 'crypto';
 import { resolveNexusStateDir } from './runtime-registry.js';
+import { appendOrReplaceNexusPrPresenceBlock, buildNexusProofMetadata, ensureNexusCoauthorTrailer, NEXUS_PRIME_COAUTHOR_TRAILER, NEXUS_PRIME_WEBSITE, renderNexusDocumentSignature, renderNexusPrPresenceBlock, } from './nexus-signature.js';
+import { getSharedTelemetry } from './telemetry-remote.js';
 export class GithubBridge {
     defaultCwd;
-    constructor(defaultCwd = process.cwd()) {
+    telemetry;
+    constructor(defaultCwd = process.cwd(), telemetry) {
         this.defaultCwd = defaultCwd;
+        this.telemetry = telemetry;
     }
     detect(cwd = this.defaultCwd) {
         try {
@@ -42,20 +46,34 @@ export class GithubBridge {
             this.safeExec(`git checkout -b ${this.shellQuote(branch)}`, cwd, true);
             this.safeExec('git add -A', cwd, true);
             const subject = `[NOVA] Promote Darwin cycle ${input.cycleId ?? 'candidate'} to the fleet`;
-            const body = [
-                'The autonomous engine marked this bounded improvement worthy of review.',
-                `Hypothesis: ${input.hypothesis}`,
-                ...(input.learnings?.length ? [`Learnings: ${input.learnings.join('; ')}`] : []),
-            ].join('\n\n');
+            const body = ensureNexusCoauthorTrailer(this.renderCommitBody(input), true);
             this.safeExec(`git commit -m ${this.shellQuote(subject)} -m ${this.shellQuote(body)}`, cwd, true);
+            this.trackProductEvent('commit_attributed', {
+                surface: 'git_commit',
+                role: 'published',
+                method: detection.method,
+                attribution: 'coauthor_trailer',
+            });
             this.safeExec(`git push -u origin ${this.shellQuote(branch)}`, cwd, true);
             if (detection.method === 'gh-cli') {
                 const title = `Darwin: ${input.hypothesis}`.slice(0, 72);
                 const prBody = this.renderPrBody(input, diffSummary, baseBranch);
                 const url = this.safeExec(`gh pr create --base ${this.shellQuote(baseBranch)} --head ${this.shellQuote(branch)} --title ${this.shellQuote(title)} --body ${this.shellQuote(prBody)}`, cwd, true).trim();
+                this.trackProductEvent('pr_presence_added', {
+                    surface: 'pull_request',
+                    role: 'published',
+                    method: detection.method,
+                    verification: 'local_diff_captured',
+                });
                 return { status: 'pr_created', method: detection.method, branch, url };
             }
             const url = await this.createPullRequestViaApi(repo.owner, repo.name, branch, baseBranch, input, diffSummary);
+            this.trackProductEvent('pr_presence_added', {
+                surface: 'pull_request',
+                role: 'published',
+                method: detection.method,
+                verification: 'local_diff_captured',
+            });
             return { status: 'pr_created', method: detection.method, branch, url };
         }
         catch (error) {
@@ -100,6 +118,21 @@ export class GithubBridge {
             .slice(0, 10);
         const patchPath = path.join(stateDir, `darwin-${slug}.patch`);
         const artifactPath = path.join(stateDir, `darwin-${slug}.json`);
+        const signatureInput = {
+            source: 'github-bridge',
+            role: 'observed',
+            runId: input.cycleId,
+            cycleId: input.cycleId,
+            verificationState: diffPatch.trim() ? 'advisory' : 'not-run',
+            hooksState: 'not-applicable',
+            telemetryConsent: this.telemetryConsentLabel(),
+            humanReviewState: 'required',
+            coauthorState: 'Not claimed because no GitHub PR was created.',
+        };
+        const documentSignature = renderNexusDocumentSignature({
+            ...signatureInput,
+            artifactKind: 'GitHub promotion artifact',
+        });
         fs.writeFileSync(patchPath, diffPatch, 'utf8');
         fs.writeFileSync(artifactPath, JSON.stringify({
             createdAt: new Date().toISOString(),
@@ -111,7 +144,20 @@ export class GithubBridge {
             learnings: input.learnings ?? [],
             diffSummary,
             patchPath,
+            nexusPrime: {
+                website: NEXUS_PRIME_WEBSITE,
+                coauthorTrailer: NEXUS_PRIME_COAUTHOR_TRAILER,
+                prPresence: renderNexusPrPresenceBlock(signatureInput),
+                documentSignature,
+                metadata: buildNexusProofMetadata(signatureInput),
+            },
         }, null, 2), 'utf8');
+        this.trackProductEvent('document_signed', {
+            surface: 'github_promotion_artifact',
+            role: 'observed',
+            method,
+            status: 'artifact_saved',
+        });
         return {
             status: 'artifact_saved',
             method,
@@ -140,8 +186,15 @@ export class GithubBridge {
             .slice(0, 48);
         return `ad/${seed || 'darwin-candidate'}`;
     }
-    renderPrBody(input, diffSummary, baseBranch) {
+    renderCommitBody(input) {
         return [
+            'The autonomous engine marked this bounded improvement worthy of review.',
+            `Hypothesis: ${input.hypothesis}`,
+            ...(input.learnings?.length ? [`Learnings: ${input.learnings.join('; ')}`] : []),
+        ].join('\n\n');
+    }
+    renderPrBody(input, diffSummary, baseBranch) {
+        const body = [
             '### Mission Briefing',
             'A bounded Darwin candidate completed local validation and now seeks human review through the standard GitHub path.',
             '',
@@ -159,6 +212,17 @@ export class GithubBridge {
             diffSummary.trim() || 'No diff summary available.',
             '```',
         ].join('\n');
+        return appendOrReplaceNexusPrPresenceBlock(body, {
+            source: 'github-bridge',
+            role: 'published',
+            runId: input.cycleId,
+            cycleId: input.cycleId,
+            verificationState: diffSummary.trim() ? 'advisory' : 'unknown',
+            hooksState: 'unknown',
+            telemetryConsent: this.telemetryConsentLabel(),
+            humanReviewState: 'required',
+            coauthorState: 'Required on the Nexus-generated promotion commit.',
+        });
     }
     safeExec(command, cwd, throwOnError = false) {
         try {
@@ -233,6 +297,26 @@ export class GithubBridge {
     shellQuote(value) {
         return `'${value.replace(/'/g, `'\\''`)}'`;
     }
+    telemetryConsentLabel() {
+        try {
+            const telemetry = this.telemetry ?? getSharedTelemetry();
+            return telemetry instanceof Object && 'isOptedIn' in telemetry && typeof telemetry.isOptedIn === 'function'
+                ? (telemetry.isOptedIn() ? 'opted-in' : 'disabled')
+                : 'unknown';
+        }
+        catch {
+            return 'unknown';
+        }
+    }
+    trackProductEvent(type, metadata) {
+        try {
+            const telemetry = this.telemetry ?? getSharedTelemetry();
+            telemetry.trackProductEvent(type, metadata);
+        }
+        catch {
+            // Telemetry must never block promotion or artifact persistence.
+        }
+    }
 }
 let _sharedGithubBridge = null;
 export function getSharedGithubBridge(cwd) {

package/dist/engines/nexus-proof.d.ts

@@ -0,0 +1,26 @@
+export type NexusProofCheckStatus = 'pass' | 'warn' | 'fail';
+export interface NexusProofCheck {
+    id: string;
+    label: string;
+    status: NexusProofCheckStatus;
+    detail: string;
+    evidence?: string;
+}
+export interface NexusProofVerifyOptions {
+    repoRoot?: string;
+    prBodyPath?: string;
+    commitMessagePath?: string;
+    artifactPaths?: string[];
+}
+export interface NexusProofSummary {
+    generatedAt: number;
+    website: string;
+    status: 'verified' | 'attention' | 'failed';
+    passed: number;
+    warnings: number;
+    failed: number;
+    checks: NexusProofCheck[];
+    proofEvents: readonly string[];
+}
+export declare function verifyNexusProof(options?: NexusProofVerifyOptions): Promise<NexusProofSummary>;
+export declare function formatNexusProofReport(summary: NexusProofSummary): string;

package/dist/engines/nexus-proof.js

@@ -0,0 +1,118 @@
+import fs from 'fs/promises';
+import path from 'path';
+import { NEXUS_PLG_EVENT_TYPES, NEXUS_PRIME_COAUTHOR_TRAILER, NEXUS_PRIME_PRESENCE_END, NEXUS_PRIME_PRESENCE_START, NEXUS_PRIME_WEBSITE, } from './nexus-signature.js';
+async function readOptional(filePath) {
+    if (!filePath)
+        return null;
+    try {
+        return await fs.readFile(filePath, 'utf8');
+    }
+    catch {
+        return null;
+    }
+}
+function addCheck(checks, id, label, status, detail, evidence) {
+    checks.push({ id, label, status, detail, evidence });
+}
+function hasPresenceBlock(value) {
+    return value.includes(NEXUS_PRIME_PRESENCE_START) && value.includes(NEXUS_PRIME_PRESENCE_END);
+}
+export async function verifyNexusProof(options = {}) {
+    const repoRoot = options.repoRoot ?? process.cwd();
+    const checks = [];
+    const prTemplatePath = path.join(repoRoot, '.github', 'pull_request_template.md');
+    const readmePath = path.join(repoRoot, 'README.md');
+    const telemetryPath = path.join(repoRoot, 'src', 'engines', 'telemetry-remote.ts');
+    addCheck(checks, 'website.identity', 'Website identity', NEXUS_PRIME_WEBSITE === 'https://nexus-prime.cfd/' ? 'pass' : 'fail', `Expected canonical website https://nexus-prime.cfd/, got ${NEXUS_PRIME_WEBSITE}`, NEXUS_PRIME_WEBSITE);
+    const prTemplate = await readOptional(prTemplatePath);
+    if (!prTemplate) {
+        addCheck(checks, 'pr.template', 'PR template presence', 'warn', 'No .github/pull_request_template.md found.');
+    }
+    else {
+        const ok = hasPresenceBlock(prTemplate) && prTemplate.includes(NEXUS_PRIME_WEBSITE);
+        addCheck(checks, 'pr.template', 'PR template presence', ok ? 'pass' : 'fail', ok
+            ? 'Pull request template contains Nexus Prime Presence and website identity.'
+            : 'Pull request template must include Nexus Prime Presence markers and website identity.', prTemplatePath);
+    }
+    const readme = await readOptional(readmePath);
+    if (!readme) {
+        addCheck(checks, 'docs.provenance', 'README provenance copy', 'warn', 'No README.md found.');
+    }
+    else {
+        const ok = readme.includes('Provenance and social proof')
+            && readme.includes('Nexus Prime Presence')
+            && readme.includes('privacy-safe PLG events')
+            && readme.includes(NEXUS_PRIME_WEBSITE);
+        addCheck(checks, 'docs.provenance', 'README provenance copy', ok ? 'pass' : 'fail', ok
+            ? 'README explains Nexus Prime signatures, attribution, telemetry, and social proof.'
+            : 'README must explain Nexus Prime Presence, attribution, privacy-safe PLG events, and the website.', readmePath);
+    }
+    const telemetry = await readOptional(telemetryPath);
+    if (!telemetry) {
+        addCheck(checks, 'telemetry.redaction', 'Telemetry redaction guard', 'warn', 'Telemetry source was not found.');
+    }
+    else {
+        const redactionPattern = String.raw `prompt|content|code|path|repo|branch|secret|token|file`;
+        const hasRedaction = telemetry.includes(redactionPattern)
+            && telemetry.includes('sanitizeEventData')
+            && telemetry.includes('trackProductEvent');
+        addCheck(checks, 'telemetry.redaction', 'Telemetry redaction guard', hasRedaction ? 'pass' : 'fail', hasRedaction
+            ? 'Proof telemetry is routed through the sanitizer and blocks sensitive key classes.'
+            : 'Proof telemetry must keep using sanitizeEventData and block prompt/code/path/repo/branch/secret/token/file keys.', telemetryPath);
+    }
+    const prBody = await readOptional(options.prBodyPath);
+    if (options.prBodyPath) {
+        const ok = Boolean(prBody && hasPresenceBlock(prBody) && prBody.includes(NEXUS_PRIME_WEBSITE));
+        addCheck(checks, 'pr.body', 'PR body proof', ok ? 'pass' : 'fail', ok ? 'PR body contains Nexus Prime Presence.' : 'PR body is missing Nexus Prime Presence.', options.prBodyPath);
+    }
+    else {
+        addCheck(checks, 'pr.body', 'PR body proof', 'warn', 'No PR body path supplied; skipping generated PR body verification.');
+    }
+    const commitMessage = await readOptional(options.commitMessagePath);
+    if (options.commitMessagePath) {
+        const ok = Boolean(commitMessage && commitMessage.includes(NEXUS_PRIME_COAUTHOR_TRAILER));
+        addCheck(checks, 'commit.coauthor', 'Generated commit co-author trailer', ok ? 'pass' : 'fail', ok ? 'Commit message contains the Nexus Prime co-author trailer.' : 'Generated commit message is missing the Nexus Prime co-author trailer.', options.commitMessagePath);
+    }
+    else {
+        addCheck(checks, 'commit.coauthor', 'Generated commit co-author trailer', 'warn', 'No commit message path supplied; skipping generated commit verification.');
+    }
+    const artifactPaths = options.artifactPaths ?? [];
+    if (artifactPaths.length === 0) {
+        addCheck(checks, 'artifact.signature', 'Generated artifact signatures', 'warn', 'No artifact paths supplied; skipping artifact signature verification.');
+    }
+    else {
+        for (const artifactPath of artifactPaths) {
+            const artifact = await readOptional(artifactPath);
+            const ok = Boolean(artifact && artifact.includes('signed by Nexus Prime') && artifact.includes(NEXUS_PRIME_WEBSITE));
+            addCheck(checks, `artifact.signature:${path.basename(artifactPath)}`, 'Generated artifact signature', ok ? 'pass' : 'fail', ok ? 'Artifact contains a Nexus Prime document signature.' : 'Artifact is missing a Nexus Prime document signature.', artifactPath);
+        }
+    }
+    const passed = checks.filter((check) => check.status === 'pass').length;
+    const warnings = checks.filter((check) => check.status === 'warn').length;
+    const failed = checks.filter((check) => check.status === 'fail').length;
+    const status = failed > 0 ? 'failed' : warnings > 0 ? 'attention' : 'verified';
+    return {
+        generatedAt: Date.now(),
+        website: NEXUS_PRIME_WEBSITE,
+        status,
+        passed,
+        warnings,
+        failed,
+        checks,
+        proofEvents: NEXUS_PLG_EVENT_TYPES,
+    };
+}
+export function formatNexusProofReport(summary) {
+    const lines = [
+        'Nexus Prime proof verification',
+        `Website: ${summary.website}`,
+        `Status: ${summary.status}`,
+        `Checks: ${summary.passed} passed, ${summary.warnings} warning(s), ${summary.failed} failed`,
+        '',
+    ];
+    for (const check of summary.checks) {
+        const marker = check.status === 'pass' ? 'PASS' : check.status === 'warn' ? 'WARN' : 'FAIL';
+        lines.push(`[${marker}] ${check.label}: ${check.detail}`);
+    }
+    return lines.join('\n');
+}

package/dist/engines/nexus-signature.d.ts

@@ -0,0 +1,33 @@
+export declare const NEXUS_PRIME_WEBSITE = "https://nexus-prime.cfd/";
+export declare const NEXUS_PRIME_GENERATOR = "Nexus Prime";
+export declare const NEXUS_PRIME_COAUTHOR_TRAILER = "Co-Authored-By: nexus-prime <33547839+sir-ad@users.noreply.github.com>";
+export declare const NEXUS_PRIME_PRESENCE_START = "<!-- nexus-prime:presence:start -->";
+export declare const NEXUS_PRIME_PRESENCE_END = "<!-- nexus-prime:presence:end -->";
+export type NexusPresenceRole = 'observed' | 'verified' | 'assisted' | 'authored' | 'published';
+export type NexusVerificationState = 'unknown' | 'not-run' | 'advisory' | 'verified' | 'failed';
+export type NexusHumanReviewState = 'required' | 'pending' | 'completed' | 'not-required';
+export type NexusPlgEventType = 'pr_presence_added' | 'commit_attributed' | 'document_signed' | 'release_verified' | 'proof_badge_viewed' | 'website_proof_viewed' | 'telemetry_batch_sent';
+export declare const NEXUS_PLG_EVENT_TYPES: readonly NexusPlgEventType[];
+export interface NexusPresenceInput {
+    role: NexusPresenceRole;
+    source: string;
+    runId?: string;
+    cycleId?: string;
+    verificationState?: NexusVerificationState | string;
+    hooksState?: string;
+    telemetryConsent?: string;
+    humanReviewState?: NexusHumanReviewState | string;
+    coauthorState?: string;
+    website?: string;
+    generatedAt?: Date | string;
+}
+export interface NexusDocumentSignatureInput extends NexusPresenceInput {
+    artifactKind?: string;
+    reviewer?: string;
+}
+export declare function renderNexusPrPresenceBlock(input: NexusPresenceInput): string;
+export declare function appendOrReplaceNexusPrPresenceBlock(body: string, input: NexusPresenceInput): string;
+export declare function ensureNexusCoauthorTrailer(message: string, shouldAttribute: boolean): string;
+export declare function renderNexusDocumentSignature(input: NexusDocumentSignatureInput): string;
+export declare function buildNexusProofMetadata(input: NexusPresenceInput): Record<string, string>;
+export declare function renderNexusWebsiteMetadata(input: NexusPresenceInput): string;

package/dist/engines/nexus-signature.js

@@ -0,0 +1,127 @@
+export const NEXUS_PRIME_WEBSITE = 'https://nexus-prime.cfd/';
+export const NEXUS_PRIME_GENERATOR = 'Nexus Prime';
+export const NEXUS_PRIME_COAUTHOR_TRAILER = 'Co-Authored-By: nexus-prime <33547839+sir-ad@users.noreply.github.com>';
+export const NEXUS_PRIME_PRESENCE_START = '<!-- nexus-prime:presence:start -->';
+export const NEXUS_PRIME_PRESENCE_END = '<!-- nexus-prime:presence:end -->';
+export const NEXUS_PLG_EVENT_TYPES = [
+    'pr_presence_added',
+    'commit_attributed',
+    'document_signed',
+    'release_verified',
+    'proof_badge_viewed',
+    'website_proof_viewed',
+    'telemetry_batch_sent',
+];
+function clean(value, fallback) {
+    const normalized = String(value ?? '').trim();
+    return normalized || fallback;
+}
+function isoStamp(value) {
+    if (value instanceof Date)
+        return value.toISOString();
+    if (typeof value === 'string' && value.trim())
+        return value.trim();
+    return new Date().toISOString();
+}
+export function renderNexusPrPresenceBlock(input) {
+    const website = clean(input.website, NEXUS_PRIME_WEBSITE);
+    const runId = clean(input.runId ?? input.cycleId, 'no-run detected');
+    const verification = clean(input.verificationState, 'unknown');
+    const hooks = clean(input.hooksState, 'unknown');
+    const telemetry = clean(input.telemetryConsent, 'unknown');
+    const humanReview = clean(input.humanReviewState, 'required');
+    const coauthor = clean(input.coauthorState, 'Not claimed unless a Nexus-generated commit includes the co-author trailer.');
+    return [
+        NEXUS_PRIME_PRESENCE_START,
+        '## Nexus Prime Presence',
+        '',
+        `- Website: ${website}`,
+        `- Role: ${input.role}`,
+        `- Source: ${clean(input.source, 'unknown')}`,
+        `- Run ID: ${runId}`,
+        `- Verification: ${verification}`,
+        `- Hooks: ${hooks}`,
+        `- Telemetry consent: ${telemetry}`,
+        `- Human review: ${humanReview}`,
+        `- Co-authorship: ${coauthor}`,
+        `- Generated at: ${isoStamp(input.generatedAt)}`,
+        '',
+        'Presence is not blanket authorship. Git co-authorship is only asserted for commits Nexus Prime generated, materially assisted, or published.',
+        NEXUS_PRIME_PRESENCE_END,
+    ].join('\n');
+}
+export function appendOrReplaceNexusPrPresenceBlock(body, input) {
+    const block = renderNexusPrPresenceBlock(input);
+    const pattern = new RegExp(`${escapeRegExp(NEXUS_PRIME_PRESENCE_START)}[\\s\\S]*?${escapeRegExp(NEXUS_PRIME_PRESENCE_END)}`, 'm');
+    const existing = String(body ?? '').trim();
+    if (pattern.test(existing))
+        return existing.replace(pattern, block);
+    return [existing, block].filter(Boolean).join('\n\n');
+}
+export function ensureNexusCoauthorTrailer(message, shouldAttribute) {
+    const normalized = String(message ?? '').trimEnd();
+    if (!shouldAttribute)
+        return normalized;
+    if (normalized.includes(NEXUS_PRIME_COAUTHOR_TRAILER))
+        return normalized;
+    return [normalized, NEXUS_PRIME_COAUTHOR_TRAILER].filter(Boolean).join('\n\n');
+}
+export function renderNexusDocumentSignature(input) {
+    return [
+        '---',
+        `${clean(input.artifactKind, 'Artifact')} signed by ${NEXUS_PRIME_GENERATOR}`,
+        `Website: ${clean(input.website, NEXUS_PRIME_WEBSITE)}`,
+        `Role: ${input.role}`,
+        `Source: ${clean(input.source, 'unknown')}`,
+        `Run ID: ${clean(input.runId ?? input.cycleId, 'no-run detected')}`,
+        `Verification: ${clean(input.verificationState, 'unknown')}`,
+        `Human review: ${clean(input.humanReviewState, 'required')}`,
+        `Reviewer: ${clean(input.reviewer, 'not recorded')}`,
+        `Generated at: ${isoStamp(input.generatedAt)}`,
+        '---',
+    ].join('\n');
+}
+export function buildNexusProofMetadata(input) {
+    return {
+        generator: NEXUS_PRIME_GENERATOR,
+        website: clean(input.website, NEXUS_PRIME_WEBSITE),
+        role: input.role,
+        source: clean(input.source, 'unknown'),
+        runId: clean(input.runId ?? input.cycleId, 'no-run detected'),
+        verificationState: clean(input.verificationState, 'unknown'),
+        humanReviewState: clean(input.humanReviewState, 'required'),
+        generatedAt: isoStamp(input.generatedAt),
+    };
+}
+export function renderNexusWebsiteMetadata(input) {
+    const metadata = buildNexusProofMetadata(input);
+    const jsonLd = {
+        '@context': 'https://schema.org',
+        '@type': 'SoftwareApplication',
+        name: NEXUS_PRIME_GENERATOR,
+        url: metadata.website,
+        applicationCategory: 'DeveloperApplication',
+        creator: {
+            '@type': 'Organization',
+            name: NEXUS_PRIME_GENERATOR,
+            url: metadata.website,
+        },
+    };
+    return [
+        '<meta name="generator" content="Nexus Prime">',
+        `<meta name="nexus-prime:role" content="${escapeHtml(metadata.role)}">`,
+        `<meta name="nexus-prime:verification" content="${escapeHtml(metadata.verificationState)}">`,
+        `<link rel="author" href="${escapeHtml(metadata.website)}">`,
+        `<script type="application/ld+json">${JSON.stringify(jsonLd)}</script>`,
+    ].join('\n');
+}
+function escapeRegExp(value) {
+    return value.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
+}
+function escapeHtml(value) {
+    return value
+        .replace(/&/g, '&amp;')
+        .replace(/"/g, '&quot;')
+        .replace(/</g, '&lt;')
+        .replace(/>/g, '&gt;');
+}

package/dist/engines/telemetry-remote.d.ts

@@ -5,7 +5,8 @@
  * Sends pseudonymous install + project activity to a Supabase REST endpoint
  * only after explicit opt-in or `NEXUS_TELEMETRY=on`.
  */
-export type TelemetryEventType = 'install' | 'session_start' | 'session_end' | 'feature_use' | 'token_savings' | 'memory_created' | 'memory_recalled' | 'autonomy_candidate' | 'autonomy_candidate_suppressed' | 'autonomy_apply_started' | 'autonomy_apply_finished' | 'autonomy_apply_blocked';
+import { type NexusPlgEventType } from './nexus-signature.js';
+export type TelemetryEventType = 'install' | 'session_start' | 'session_end' | 'feature_use' | 'token_savings' | 'memory_created' | 'memory_recalled' | 'autonomy_candidate' | 'autonomy_candidate_suppressed' | 'autonomy_apply_started' | 'autonomy_apply_finished' | 'autonomy_apply_blocked' | NexusPlgEventType;
 export interface TelemetryEvent {
     type: TelemetryEventType;
     timestamp: number;
@@ -26,6 +27,11 @@ export interface TelemetryStats {
     totalFeatureUses: number;
     totalMemoriesCreated: number;
     totalMemoriesRecalled: number;
+    totalPrPresence: number;
+    totalCommitAttributions: number;
+    totalDocumentsSigned: number;
+    totalReleasesVerified: number;
+    totalProofBadgeViews: number;
     endpointConfigured: boolean;
     remoteStatsConfigured: boolean;
     lastFlushAt?: number;
@@ -39,6 +45,7 @@ export interface RemoteInstallDrilldown {
     memoriesRecalled: number;
     featureUses: number;
     autonomyEvents: number;
+    proofEvents: number;
     recentProjects: string[];
 }
 export interface RemoteTelemetryStats {
@@ -49,6 +56,11 @@ export interface RemoteTelemetryStats {
     totalTokenSavings: number;
     totalMemoriesCreated: number;
     totalMemoriesRecalled: number;
+    totalPrPresence: number;
+    totalCommitAttributions: number;
+    totalDocumentsSigned: number;
+    totalReleasesVerified: number;
+    totalProofBadgeViews: number;
     installs: RemoteInstallDrilldown[];
 }
 export declare class RemoteTelemetry {
@@ -86,6 +98,7 @@ export declare class RemoteTelemetry {
     trackMemoryCreated(scope: string, metadata?: Record<string, unknown>): void;
     trackMemoryRecalled(hitCount: number, metadata?: Record<string, unknown>): void;
     trackAutonomyEvent(type: Extract<TelemetryEventType, 'autonomy_candidate' | 'autonomy_candidate_suppressed' | 'autonomy_apply_started' | 'autonomy_apply_finished' | 'autonomy_apply_blocked'>, metadata?: Record<string, unknown>): void;
+    trackProductEvent(type: NexusPlgEventType, metadata?: Record<string, unknown>): void;
     private enqueue;
     private persistQueue;
     private loadQueue;
@@ -100,6 +113,7 @@ export declare class RemoteTelemetry {
     getStats(): TelemetryStats;
     private getNexusVersion;
     private hashIdentifier;
+    private incrementProductCounter;
     destroy(): void;
 }
 export declare function getSharedTelemetry(options?: {

package/dist/engines/telemetry-remote.js

@@ -10,6 +10,7 @@ import * as path from 'path';
 import * as os from 'os';
 import * as crypto from 'crypto';
 import { fileURLToPath } from 'url';
+import { NEXUS_PLG_EVENT_TYPES } from './nexus-signature.js';
 const __filename = fileURLToPath(import.meta.url);
 const __dirname = path.dirname(__filename);
 const NEXUS_STATE_DIR = path.join(os.homedir(), '.nexus-prime');
@@ -68,6 +69,11 @@ function createEmptyState() {
         totalFeatureUses: 0,
         totalMemoriesCreated: 0,
         totalMemoriesRecalled: 0,
+        totalPrPresence: 0,
+        totalCommitAttributions: 0,
+        totalDocumentsSigned: 0,
+        totalReleasesVerified: 0,
+        totalProofBadgeViews: 0,
     };
 }
 export class RemoteTelemetry {
@@ -267,6 +273,19 @@ export class RemoteTelemetry {
             data: sanitizeEventData(metadata ?? {}),
         });
     }
+    trackProductEvent(type, metadata) {
+        this.incrementProductCounter(type);
+        this.persistState();
+        this.enqueue({
+            type,
+            timestamp: Date.now(),
+            installId: this.installId,
+            data: sanitizeEventData({
+                eventFamily: 'nexus_prime_proof',
+                ...metadata,
+            }),
+        });
+    }
     enqueue(event) {
         if (!this.isOptedIn())
             return;
@@ -381,6 +400,11 @@ export class RemoteTelemetry {
                 totalTokenSavings: 0,
                 totalMemoriesCreated: 0,
                 totalMemoriesRecalled: 0,
+                totalPrPresence: 0,
+                totalCommitAttributions: 0,
+                totalDocumentsSigned: 0,
+                totalReleasesVerified: 0,
+                totalProofBadgeViews: 0,
                 installs: [],
             };
         }
@@ -406,6 +430,11 @@ export class RemoteTelemetry {
             let totalTokenSavings = 0;
             let totalMemoriesCreated = 0;
             let totalMemoriesRecalled = 0;
+            let totalPrPresence = 0;
+            let totalCommitAttributions = 0;
+            let totalDocumentsSigned = 0;
+            let totalReleasesVerified = 0;
+            let totalProofBadgeViews = 0;
             const activeCutoff = Date.now() - ACTIVE_INSTALL_WINDOW_MS;
             for (const row of rows) {
                 const installId = String(row.install_id ?? '').trim();
@@ -425,6 +454,7 @@ export class RemoteTelemetry {
                     memoriesRecalled: 0,
                     featureUses: 0,
                     autonomyEvents: 0,
+                    proofEvents: 0,
                     recentProjects: [],
                 };
                 if (!bucket.lastSeenAt || (sentAt && Date.parse(bucket.lastSeenAt) < sentAtMs)) {
@@ -459,6 +489,30 @@ export class RemoteTelemetry {
                     case 'feature_use':
                         bucket.featureUses += 1;
                         break;
+                    case 'pr_presence_added':
+                        totalPrPresence += 1;
+                        bucket.proofEvents += 1;
+                        break;
+                    case 'commit_attributed':
+                        totalCommitAttributions += 1;
+                        bucket.proofEvents += 1;
+                        break;
+                    case 'document_signed':
+                        totalDocumentsSigned += 1;
+                        bucket.proofEvents += 1;
+                        break;
+                    case 'release_verified':
+                        totalReleasesVerified += 1;
+                        bucket.proofEvents += 1;
+                        break;
+                    case 'proof_badge_viewed':
+                    case 'website_proof_viewed':
+                        totalProofBadgeViews += 1;
+                        bucket.proofEvents += 1;
+                        break;
+                    case 'telemetry_batch_sent':
+                        bucket.proofEvents += 1;
+                        break;
                     case 'autonomy_candidate':
                     case 'autonomy_candidate_suppressed':
                     case 'autonomy_apply_started':
@@ -479,6 +533,11 @@ export class RemoteTelemetry {
                 totalTokenSavings,
                 totalMemoriesCreated,
                 totalMemoriesRecalled,
+                totalPrPresence,
+                totalCommitAttributions,
+                totalDocumentsSigned,
+                totalReleasesVerified,
+                totalProofBadgeViews,
                 installs: [...installs.values()]
                     .sort((a, b) => (b.tokenSavings - a.tokenSavings) || (b.sessions - a.sessions))
                     .slice(0, 25),
@@ -493,6 +552,11 @@ export class RemoteTelemetry {
                 totalTokenSavings: 0,
                 totalMemoriesCreated: 0,
                 totalMemoriesRecalled: 0,
+                totalPrPresence: 0,
+                totalCommitAttributions: 0,
+                totalDocumentsSigned: 0,
+                totalReleasesVerified: 0,
+                totalProofBadgeViews: 0,
                 installs: [],
             };
         }
@@ -519,6 +583,11 @@ export class RemoteTelemetry {
             totalFeatureUses: this.state.totalFeatureUses,
             totalMemoriesCreated: this.state.totalMemoriesCreated,
             totalMemoriesRecalled: this.state.totalMemoriesRecalled,
+            totalPrPresence: this.state.totalPrPresence,
+            totalCommitAttributions: this.state.totalCommitAttributions,
+            totalDocumentsSigned: this.state.totalDocumentsSigned,
+            totalReleasesVerified: this.state.totalReleasesVerified,
+            totalProofBadgeViews: this.state.totalProofBadgeViews,
             endpointConfigured: Boolean(this.endpoint && this.apiKey),
             remoteStatsConfigured: Boolean(this.endpoint && process.env.NEXUS_TELEMETRY_SERVICE_KEY),
             lastFlushAt: this.state.lastFlushAt,
@@ -537,6 +606,30 @@ export class RemoteTelemetry {
     hashIdentifier(value) {
         return crypto.createHash('sha256').update(String(value)).digest('hex').slice(0, 12);
     }
+    incrementProductCounter(type) {
+        if (!NEXUS_PLG_EVENT_TYPES.includes(type))
+            return;
+        switch (type) {
+            case 'pr_presence_added':
+                this.state.totalPrPresence += 1;
+                break;
+            case 'commit_attributed':
+                this.state.totalCommitAttributions += 1;
+                break;
+            case 'document_signed':
+                this.state.totalDocumentsSigned += 1;
+                break;
+            case 'release_verified':
+                this.state.totalReleasesVerified += 1;
+                break;
+            case 'proof_badge_viewed':
+            case 'website_proof_viewed':
+                this.state.totalProofBadgeViews += 1;
+                break;
+            case 'telemetry_batch_sent':
+                break;
+        }
+    }
     destroy() {
         if (this.flushTimer) {
             clearInterval(this.flushTimer);

package/dist/index.d.ts

@@ -289,3 +289,7 @@ export { SessionDNAManager } from './engines/session-dna.js';
 export type { SessionDNA } from './engines/session-dna.js';
 export { GithubBridge, getSharedGithubBridge } from './engines/github-bridge.js';
 export type { GithubPromotionInput, GithubPromotionResult } from './engines/github-bridge.js';
+export { appendOrReplaceNexusPrPresenceBlock, buildNexusProofMetadata, ensureNexusCoauthorTrailer, NEXUS_PLG_EVENT_TYPES, NEXUS_PRIME_COAUTHOR_TRAILER, NEXUS_PRIME_GENERATOR, NEXUS_PRIME_WEBSITE, renderNexusDocumentSignature, renderNexusPrPresenceBlock, renderNexusWebsiteMetadata, } from './engines/nexus-signature.js';
+export type { NexusDocumentSignatureInput, NexusHumanReviewState, NexusPlgEventType, NexusPresenceInput, NexusPresenceRole, NexusVerificationState, } from './engines/nexus-signature.js';
+export { formatNexusProofReport, verifyNexusProof, } from './engines/nexus-proof.js';
+export type { NexusProofCheck, NexusProofCheckStatus, NexusProofSummary, NexusProofVerifyOptions, } from './engines/nexus-proof.js';

package/dist/index.js

@@ -103,7 +103,9 @@ export class NexusPrime {
             workspaceRoot: config?.runtime?.workspaceRoot,
         });
         markStartup('workspace:resolve:done');
-        process.env.NEXUS_WORKSPACE_ROOT = this.workspaceContext.workspaceRoot;
+        if (this.workspaceContext.workspaceSource !== 'package') {
+            process.env.NEXUS_WORKSPACE_ROOT = this.workspaceContext.workspaceRoot;
+        }
         const memoryDbPath = config?.memory?.cortex?.path ?? process.env.NEXUS_MEMORY_DB_PATH;
         this.config = {
             network: {
@@ -1211,3 +1213,5 @@ export { GhostPass, PhantomOrchestrator, PhantomWorker } from './phantom/index.j
 export { MemoryEngine, createMemoryEngine } from './engines/memory.js';
 export { SessionDNAManager } from './engines/session-dna.js';
 export { GithubBridge, getSharedGithubBridge } from './engines/github-bridge.js';
+export { appendOrReplaceNexusPrPresenceBlock, buildNexusProofMetadata, ensureNexusCoauthorTrailer, NEXUS_PLG_EVENT_TYPES, NEXUS_PRIME_COAUTHOR_TRAILER, NEXUS_PRIME_GENERATOR, NEXUS_PRIME_WEBSITE, renderNexusDocumentSignature, renderNexusPrPresenceBlock, renderNexusWebsiteMetadata, } from './engines/nexus-signature.js';
+export { formatNexusProofReport, verifyNexusProof, } from './engines/nexus-proof.js';

package/dist/licensing/enforcement.js

@@ -12,12 +12,29 @@
 import { getSharedLicenseManager } from './license-manager.js';
 import { getToolTier, isToolAllowed } from './tool-tiers.js';
 import { toolGateMessage, capWarningMessage, capExceededMessage, noLicenseMessage, trialActiveMessage, trialExpiredMessage, } from './upgrade-prompts.js';
+const MCP_RESPONSE_ADAPTERS = new Set([
+    'mcp',
+    'claude-code',
+    'codex',
+    'cursor',
+    'opencode',
+    'windsurf',
+    'hermes',
+    'nanoclaw',
+    'picoclaw',
+    'openclaw',
+]);
 function getMode() {
     const val = (process.env.NEXUS_ENFORCEMENT_MODE ?? 'soft').toLowerCase();
     if (val === 'audit' || val === 'hard')
         return val;
     return 'soft';
 }
+function shouldAppendUpgradeHint(ctx) {
+    if (process.env.NEXUS_LICENSE_MCP_HINTS === '1')
+        return true;
+    return !MCP_RESPONSE_ADAPTERS.has(String(ctx.adapterName ?? '').toLowerCase());
+}
 // Tools that create resources subject to quantity caps
 const MEMORY_CREATION_TOOLS = new Set(['nexus_store_memory']);
 const OPERATIVE_CREATION_TOOLS = new Set(['nexus_synapse_hire', 'nexus_synapse_mandate']);
@@ -122,7 +139,7 @@ export const LicenseEnforcementMiddleware = {
     },
     after(ctx, result) {
         const hint = ctx.meta.licenseUpgradeHint;
-        if (hint && result.content) {
+        if (hint && result.content && shouldAppendUpgradeHint(ctx)) {
             result.content.push({ type: 'text', text: `\n---\n${hint}` });
         }
     },

package/dist/phantom/runtime.d.ts

@@ -385,7 +385,7 @@ export declare class SubAgentRuntime {
         tokenAutoApplied?: boolean;
         toolProfile?: 'autonomous' | 'full';
         instructionFiles?: string[];
-        detailLevel?: 'compact' | 'standard' | 'debug';
+        detailLevel?: 'compact' | 'standard' | 'debug' | 'full';
         intent?: 'inspect' | 'plan' | 'mutate';
         topology?: 'auto' | 'manager-tools' | 'handoff' | 'dag-pool' | 'worktree-swarm';
     }): RuntimeRegistrySnapshot;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "nexus-prime",
-  "version": "7.9.26",
+  "version": "7.9.28",
   "description": "Local-first MCP control plane for coding agents with bootstrap-orchestrate execution, memory fabric, token budgeting, and worktree-backed swarms",
   "type": "module",
   "main": "dist/index.js",