npm - runtrim - Versions diffs - 0.1.15 → 0.1.17 - Mend

runtrim 0.1.15 → 0.1.17

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/README.md CHANGED Viewed

@@ -1,243 +1,76 @@
 # RunTrim
-Scope the run before the agent touches your repo.
+RunTrim is the control layer for AI coding agents.
-RunTrim is a local-first control layer for AI coding agents. It prepares guarded prompts, monitors execution scope, checks outcomes, and keeps project memory so the next run starts with context.
+It gives Claude, Codex, Cursor, ChatGPT, and other agents project memory, scoped contracts, MCP guidance, approval flow, and finish verification before changes are accepted.
-## What RunTrim is
-RunTrim is a CLI for developers using tools like Claude Code, Codex, Cursor, and ChatGPT. It sits in front of your coding run and helps you avoid risky, oversized, or context-wasting prompts.
-## Why RunTrim exists
-AI coding runs often fail for operational reasons, not model quality:
-- tasks are too broad
-- sensitive surfaces are touched by accident
-- context is lost between sessions
-- teams repeat failed attempts without a reliable run log
-RunTrim adds structure before the run and continuity after the run.
-## Daily loop
-Recommended daily flow:
-```bash
-runtrim go "your task"
-```
-RunTrim prepares a guarded prompt, copies it for your agent, records the run locally, and prints the next steps.
-Paste the guarded prompt into your agent.
-Keep the local panel open:
-```bash
-runtrim panel --monitor
-```
-After edits:
-```bash
-runtrim check
-```
-If context or usage runs out:
-```bash
-runtrim continue --reason usage_limit
-```
-Guided menu when unsure:
-```bash
-runtrim start
-```
-`runtrim start` checks repo state and tells you the next safe command.
-Free includes 1 tracked local repo.
-Direct operator flow:
-```bash
-runtrim go "fix checkout redirect"
-runtrim panel --monitor
-runtrim check
-runtrim continue --reason usage_limit
-runtrim memory
-```
+Website: https://www.runtrim.com
 ## Install
-Global install for end users:
 ```bash
 npm install -g runtrim
-runtrim go "your task"
-```
-Local preview for repository development:
-```bash
-git clone https://github.com/michelpronkk-oss/rtrim
-cd rtrim
-npm install
-npm run runtrim -- init
-npm run runtrim -- start
 ```
-## CLI release checklist
-Before publishing to npm:
-1. `npm run build`
-2. `npm run verify:cli`
-3. `npm run verify:package`
-4. `npm link`
-5. `runtrim agent --help`
-6. `runtrim go "test task" --no-sync`
-7. `npm version patch`
-8. `npm publish`
-## What RunTrim does
-- audits task scope before execution
-- blocks unsafe mega-runs and suggests split-safe follow-ups
-- generates guarded prompts with explicit stop rules
-- monitors changed files during execution
-- reviews changed files, risk flags, verification debt, and next safe action after edits
-- shows current project memory, latest run state, and continuation guidance in `.runtrim/`
-## Core commands
+## Quickstart
 ```bash
-runtrim init
-runtrim go "<task>"
+cd your-project
 runtrim start
-runtrim prepare "<task>"
-runtrim panel
-runtrim panel --monitor
-runtrim check
-runtrim continue --reason usage_limit
-runtrim memory
-runtrim sync
+runtrim agent "Fix the homepage copy" --copy
+runtrim finish
 ```
-Advanced commands:
+## Primary flow
-```bash
-runtrim prepare "<task>"
-runtrim start
-runtrim panel
-runtrim panel --monitor
-runtrim check
-runtrim continue --reason usage_limit
-```
+1. `runtrim start` analyzes the project and prepares local RunTrim memory and instructions.
+2. `runtrim agent "task" --copy` creates a guarded run and handoff prompt for your coding agent.
+3. Agent completes the task inside contract scope.
+4. `runtrim finish` verifies scope and sensitive-file safety with a clear verdict: `PASS`, `WARN`, or `BLOCKED`.
-## Examples
-Guarded prepare flow:
+If scope needs to expand safely:
 ```bash
-runtrim prepare "fix checkout redirect"
+runtrim approve "Allow <path or scope> for this run only"
 ```
-High-risk split-required flow:
+## MCP (optional)
 ```bash
-runtrim prepare "rewrite auth flow, middleware, database schema and billing"
+runtrim mcp instructions
+runtrim mcp config --print
+runtrim mcp start
 ```
-## Monitor and panel
-Use `runtrim panel` to open a local browser panel on localhost.
-Use `runtrim panel --monitor` to open the same local panel with live git change monitoring.
+MCP lets compatible agents use RunTrim tools like contract creation, path checks, approval suggestions, and finish guidance.
-It keeps local run state visible and warns when scope drifts into risky or forbidden areas.
-Quick keys in panel:
-- `p` prepare
-- `g` guard
-- `c` check
-- `m` memory
-- `r` report
-- `s` sync
-- `q` quit
+## Local-first trust model
-## Check
+- Free CLI runs locally.
+- Source code stays local by default.
+- RunTrim does not read env file contents.
+- Ignored `.env.local` is warned and reported, not read.
+- Sensitive tracked/changed or unignored sensitive files still block finish.
-Run `runtrim check` after the agent edits files.
+## Plans and sync
-It validates changed files, summarizes risk posture, and reports missing proof items before you continue.
+- Free: local control flow and local history.
+- Pro+: cloud sync and hosted dashboard history.
-## Continuation recovery
-When a run stops due to usage or context limits:
+## Core commands
 ```bash
-runtrim continue --reason usage_limit
+runtrim start
+runtrim agent "Your task" --copy
+runtrim finish
+runtrim approve "Allow <scope> for this run only"
+runtrim status
+runtrim mcp instructions
+runtrim bridge status
 ```
-RunTrim prepares a continuation prompt and stores continuation metadata in local memory.
-## Project memory
-`runtrim memory` shows where the project currently stands:
-- latest task and run status
-- changed files
-- missing proof
-- protected areas
-- next safe action
-## Sync V0 private beta
-Cloud sync is private beta and metadata-only.
-Sync can upload:
-- project name and status
-- run status and risk metadata
-- RunTrim-generated prompts
-- changed file paths
-- project memory summaries
-- timestamps and estimated savings
-Sync does not intentionally upload:
-- source code
-- `.env` values
-- secret file contents
+Advanced/lower-level command (still supported):
 ```bash
-runtrim auth set "<token>"
-runtrim config set dashboard-url https://www.runtrim.com/app
-runtrim sync
+runtrim go "Your task"
 ```
-## Privacy model
-RunTrim Free runs locally and stores state in `.runtrim`.
-Free includes 1 tracked local repo. Builder early access supports unlimited tracked repos.
-A tracked repo is one codebase with its own `.runtrim` workspace.
-V1 is designed so source code is not uploaded. Cloud sync stores metadata only when enabled.
-See:
-- https://www.runtrim.com/privacy
-- https://www.runtrim.com/security
-## Status
-RunTrim is in early V1.
-Free local CLI is available. Cloud sync and hosted dashboard access are private beta.
-## Roadmap
-- npm package launch hardening
-- stronger local policy presets
-- richer post-run verification workflows
-- expanded cloud memory rollout
-## Packaging
-```bash
-npm run build
-npm run build:cli
-npm pack --dry-run
-```

package/dist-cli/runtrim.cjs CHANGED Viewed

@@ -169,6 +169,22 @@ var ENV_FILE_RE = /(?:^|[\s"'`,(])(\.[.]?env(?:\.[a-zA-Z\d]+)?)\b/g;
 var ONLY_EDIT_RE = /\bonly\s+(?:edit|touch|modify|change|update|fix)\b/i;
 var MUST_INCLUDE_RE = /\ballowed\s+scope\s+(?:must\s+)?include\b|\bmust\s+(?:include|contain)\b/i;
 var CLI_SCOPE_RE = /\b(cli|command routing|runtrim command|run compiler|contract generation|scope inference|preview command|agent preview command|agent apply|adapters?|auto-guard|bridge helpers?|daemon|local server|localhost|\.runtrim(?:\s+artifacts?)?)\b/i;
+var NEGATION_PREFIX_RE = /\b(do not|don't|dont|never|avoid|must not|should not|without changing|without touching|no changes to|keep .* untouched|leave .* untouched|keep .* unchanged)\b/i;
+function hasNegationNear(text, index) {
+  const start = Math.max(0, index - 64);
+  const window = text.slice(start, index + 8);
+  return NEGATION_PREFIX_RE.test(window);
+}
+function hasPositiveKeywordMention(task, keyword) {
+  const lowerTask = task.toLowerCase();
+  const lowerKeyword = keyword.toLowerCase();
+  let idx = lowerTask.indexOf(lowerKeyword);
+  while (idx !== -1) {
+    if (!hasNegationNear(lowerTask, idx)) return true;
+    idx = lowerTask.indexOf(lowerKeyword, idx + lowerKeyword.length);
+  }
+  return false;
+}
 function extractScopePhrase(task, re) {
   var _a2, _b;
   const m = task.match(re);
@@ -226,18 +242,34 @@ function buildExplicitAllowedScope(task, explicitPaths) {
 }
 function buildExplicitForbiddenScope(task) {
   const out = [];
-  const forbiddenPhrase = extractScopePhrase(task, /\bforbidden\s+scope\s+must\s+include\s+([^\n.]+)/i);
-  if (forbiddenPhrase) out.push(forbiddenPhrase);
-  const doNotTouch = extractScopePhrase(task, /\bdo\s+not\s+touch\s+([^\n.]+)/i);
-  if (doNotTouch) out.push(`Do not touch ${doNotTouch}`);
-  const doNotEdit = extractScopePhrase(task, /\bdo\s+not\s+edit\s+([^\n.]+)/i);
-  if (doNotEdit) out.push(`Do not edit ${doNotEdit}`);
-  const withoutTouching = extractScopePhrase(task, /\bwithout\s+touching\s+([^\n.]+)/i);
-  if (withoutTouching) out.push(`Without touching ${withoutTouching}`);
-  const exclude = extractScopePhrase(task, /\bexclude\s+([^\n.]+)/i);
-  if (exclude) out.push(`Exclude ${exclude}`);
-  const forbidden = extractScopePhrase(task, /\bforbidden\s+([^\n.]+)/i);
-  if (forbidden) out.push(`Forbidden ${forbidden}`);
+  const addBoundaryList = (raw) => {
+    if (!raw) return;
+    const normalized = raw.replace(/\b(logic|internals?|behavior|files?|systems?)\b/gi, "").replace(/\s+/g, " ").trim();
+    const parts = normalized.split(/\s*(?:,|;|\band\b|\bor\b)\s*/i).map((p) => p.trim().replace(/[.]+$/, "")).filter(Boolean).slice(0, 12);
+    for (const p of parts) {
+      if (p.length < 2) continue;
+      out.push(`Do not touch ${p}`);
+    }
+  };
+  const explicitPhrases = [
+    /\bforbidden\s+scope\s+must\s+include\s+([^\n.]+)/i,
+    /\bdo\s+not\s+touch\s+([^\n.]+)/i,
+    /\bdo\s+not\s+edit\s+([^\n.]+)/i,
+    /\bdo\s+not\s+change\s+([^\n.]+)/i,
+    /\bmust\s+not\s+touch\s+([^\n.]+)/i,
+    /\bshould\s+not\s+touch\s+([^\n.]+)/i,
+    /\bwithout\s+changing\s+([^\n.]+)/i,
+    /\bwithout\s+touching\s+([^\n.]+)/i,
+    /\bno\s+changes\s+to\s+([^\n.]+)/i,
+    /\bkeep\s+([^\n.]+?)\s+(?:untouched|unchanged)\b/i,
+    /\bleave\s+([^\n.]+?)\s+untouched\b/i,
+    /\bavoid\s+changing\s+([^\n.]+)/i,
+    /\bexclude\s+([^\n.]+)/i,
+    /\bforbidden\s+([^\n.]+)/i
+  ];
+  for (const re of explicitPhrases) {
+    addBoundaryList(extractScopePhrase(task, re));
+  }
   return [...new Set(out)];
 }
 function extractExplicitPaths(task) {
@@ -469,11 +501,10 @@ var CATEGORY_KEYWORDS = [
 ];
 function classifyTaskCategory(task, explicitPaths) {
   const lower = task.toLowerCase();
-  if (CLI_SCOPE_RE.test(task)) return "cli";
   const pathHints = explicitPaths.join(" ").toLowerCase();
   for (const [category, keywords] of CATEGORY_KEYWORDS) {
     const combined = lower + " " + pathHints;
-    if (keywords.some((kw) => combined.includes(kw))) {
+    if (keywords.some((kw) => hasPositiveKeywordMention(combined, kw))) {
       return category;
     }
   }
@@ -716,6 +747,28 @@ var LOOP_PATTERNS = [
   /\b(keep (trying|going|working)|iterate until|loop until|retry)\b/i,
   /\b(if it doesn.t work.{0,20}try again)\b/i
 ];
+var NEGATION_PREFIX_RE2 = /\b(do not|don't|dont|never|avoid|must not|should not|without changing|without touching|no changes to|keep .* untouched|leave .* untouched|keep .* unchanged)\b/i;
+function hasNegationNear2(text, index) {
+  const start = Math.max(0, index - 64);
+  const window = text.slice(start, index + 8);
+  return NEGATION_PREFIX_RE2.test(window);
+}
+function hasPositiveKeywordMention2(taskLower, keyword) {
+  let idx = taskLower.indexOf(keyword.toLowerCase());
+  while (idx !== -1) {
+    if (!hasNegationNear2(taskLower, idx)) return true;
+    idx = taskLower.indexOf(keyword.toLowerCase(), idx + keyword.length);
+  }
+  return false;
+}
+function hasNegatedKeywordMention(taskLower, keyword) {
+  let idx = taskLower.indexOf(keyword.toLowerCase());
+  while (idx !== -1) {
+    if (hasNegationNear2(taskLower, idx)) return true;
+    idx = taskLower.indexOf(keyword.toLowerCase(), idx + keyword.length);
+  }
+  return false;
+}
 function scoreTask(task, flags) {
   let score = 100;
   for (const flag of flags) {
@@ -776,7 +829,7 @@ function detectProjectContext(cwd = process.cwd()) {
 function detectMegaRun(taskLower, task) {
   const found = [];
   for (const [system, keywords] of Object.entries(MEGA_RUN_SYSTEMS)) {
-    if (keywords.some((kw) => taskLower.includes(kw))) {
+    if (keywords.some((kw) => hasPositiveKeywordMention2(taskLower, kw))) {
       found.push(system);
     }
   }
@@ -787,17 +840,24 @@ function detectMegaRun(taskLower, task) {
 function detectAreasTouched(taskLower) {
   const forbidden = [];
   const sensitive = [];
+  const boundaries = [];
   for (const [area, keywords] of Object.entries(ALWAYS_FORBIDDEN_KEYWORDS)) {
-    if (keywords.some((kw) => taskLower.includes(kw))) {
+    if (keywords.some((kw) => hasPositiveKeywordMention2(taskLower, kw))) {
       forbidden.push(area);
     }
+    if (keywords.some((kw) => hasNegatedKeywordMention(taskLower, kw))) {
+      boundaries.push(area);
+    }
   }
   for (const [area, keywords] of Object.entries(SENSITIVE_BILLING_KEYWORDS)) {
-    if (keywords.some((kw) => taskLower.includes(kw))) {
+    if (keywords.some((kw) => hasPositiveKeywordMention2(taskLower, kw))) {
       sensitive.push(area);
     }
+    if (keywords.some((kw) => hasNegatedKeywordMention(taskLower, kw))) {
+      boundaries.push(area);
+    }
   }
-  return { forbidden, sensitive };
+  return { forbidden, sensitive, boundaries: [...new Set(boundaries)] };
 }
 function auditTask(task, config, cwd = process.cwd()) {
   const flags = [];
@@ -887,7 +947,7 @@ function auditTask(task, config, cwd = process.cwd()) {
       detail: "References to full context or entire conversation force expensive context loading."
     });
   }
-  const { forbidden: forbiddenAreasTouched, sensitive: sensitiveAreasRelevant } = detectAreasTouched(taskLower);
+  const { forbidden: forbiddenAreasTouched, sensitive: sensitiveAreasRelevant, boundaries } = detectAreasTouched(taskLower);
   if (forbiddenAreasTouched.length > 0) {
     flags.push({
       code: "touches_forbidden_area",
@@ -904,6 +964,14 @@ function auditTask(task, config, cwd = process.cwd()) {
       detail: `Task touches ${sensitiveAreasRelevant.join(", ")}. These are moved to SENSITIVE SCOPE: inspect allowed, editing requires explicit approval.`
     });
   }
+  if (boundaries.length > 0) {
+    flags.push({
+      code: "forbidden_boundaries_detected",
+      label: `Boundaries detected: ${boundaries.join(", ")}`,
+      severity: "info",
+      detail: "Sensitive systems in negated constraints are treated as forbidden boundaries, not active task scope."
+    });
+  }
   const isSimpleTask = task.length < 80 && flags.filter((f) => f.severity === "critical").length === 0;
   if (isSimpleTask && config.defaultModel === "opus") {
     flags.push({
@@ -981,6 +1049,10 @@ function scoreToRisk2(score) {
 }
 function cleanObjective(task) {
   let t = task.trim();
+  t = t.replace(
+    /(?:^|[\s,.])(do not|don't|dont|must not|should not|without changing|without touching|no changes to|keep .*? unchanged|keep .*? untouched|leave .*? untouched|avoid changing)\b[^.]*\.?/gi,
+    " "
+  );
   t = t.replace(/,?\s*check everything(\s+and\b)?/gi, "");
   t = t.replace(/,?\s*(look|search|scan)\s+everywhere(\s+and\b)?/gi, "");
   t = t.replace(/,?\s*review everything(\s+and\b)?/gi, "");
@@ -4661,21 +4733,21 @@ var MEDIUM_PATH_PATTERNS = [
 ];
 function classifyFileRisk(files) {
   if (files.length === 0) return "low";
-  let maxRisk = "low";
+  let maxRisk2 = "low";
   for (const f of files) {
     const norm = f.replace(/\\/g, "/").toLowerCase();
     if (CRITICAL_PATH_PATTERNS.some((p) => norm.includes(p))) {
       return "critical";
     }
-    if (HIGH_PATH_PATTERNS.some((p) => norm.includes(p)) && maxRisk !== "high") {
-      maxRisk = "high";
+    if (HIGH_PATH_PATTERNS.some((p) => norm.includes(p)) && maxRisk2 !== "high") {
+      maxRisk2 = "high";
       continue;
     }
-    if (MEDIUM_PATH_PATTERNS.some((p) => norm.includes(p)) && maxRisk === "low") {
-      maxRisk = "medium";
+    if (MEDIUM_PATH_PATTERNS.some((p) => norm.includes(p)) && maxRisk2 === "low") {
+      maxRisk2 = "medium";
     }
   }
-  return maxRisk;
+  return maxRisk2;
 }
 function isSensitivePath(filePath) {
   const norm = filePath.replace(/\\/g, "/").toLowerCase();
@@ -5018,6 +5090,24 @@ function getLearningContext(cwd, task, runs) {
 // src/lib/run-planner.ts
 var FAST_PATH_CATEGORIES = /* @__PURE__ */ new Set(["ui", "docs", "tests", "unknown"]);
 var ALWAYS_CONTRACT_CATEGORIES = /* @__PURE__ */ new Set(["auth", "billing", "payment", "webhook", "database", "env", "middleware"]);
+var RISK_ORDER = ["low", "medium", "high", "critical"];
+var NEGATION_PREFIX_RE3 = /\b(do not|don't|dont|never|avoid|must not|should not|without changing|without touching|no changes to|keep .* untouched|leave .* untouched|keep .* unchanged)\b/i;
+function maxRisk(a, b) {
+  return RISK_ORDER[Math.max(RISK_ORDER.indexOf(a), RISK_ORDER.indexOf(b))];
+}
+function hasNegationNear3(text, index) {
+  const start = Math.max(0, index - 64);
+  const window = text.slice(start, index + 8);
+  return NEGATION_PREFIX_RE3.test(window);
+}
+function hasPositiveKeywordMention3(taskLower, keyword) {
+  let idx = taskLower.indexOf(keyword.toLowerCase());
+  while (idx !== -1) {
+    if (!hasNegationNear3(taskLower, idx)) return true;
+    idx = taskLower.indexOf(keyword.toLowerCase(), idx + keyword.length);
+  }
+  return false;
+}
 function isFastPathEligible(risk, category, guardMode, hasExplicitPaths) {
   if (guardMode === "strict") return false;
   if (guardMode === "off") return true;
@@ -5033,8 +5123,16 @@ function generatePlan(cwd, task, runs, config, currentChangedFiles) {
   const compiler = compileTask(task);
   const guardMode = (_a2 = config.autoGuardMode) != null ? _a2 : "smart";
   const adapters = detectAdapters(cwd);
-  const riskFiles = compiler.explicitPaths.length > 0 ? compiler.explicitPaths : currentChangedFiles.length > 0 ? currentChangedFiles : [];
-  const rawRisk = classifyFileRisk(riskFiles);
+  const riskFiles = compiler.explicitPaths.length > 0 ? compiler.explicitPaths : [];
+  let rawRisk = classifyFileRisk(riskFiles);
+  if (ALWAYS_CONTRACT_CATEGORIES.has(compiler.taskCategory)) {
+    rawRisk = maxRisk(rawRisk, "high");
+  }
+  const lowerTask = task.toLowerCase();
+  const criticalSystemMentions = ["auth", "billing", "payment", "webhook", "database", "migration", "middleware"].filter((k) => hasPositiveKeywordMention3(lowerTask, k)).length;
+  if (criticalSystemMentions >= 2) {
+    rawRisk = maxRisk(rawRisk, "critical");
+  }
   const catScope = buildCategoryScope(
     compiler.taskCategory,
     true,
@@ -5158,6 +5256,22 @@ var FAST_LOCAL_KEYWORDS = [
   "responsive",
   "ui polish"
 ];
+var NEGATION_PREFIX_RE4 = /\b(do not|don't|dont|never|avoid|must not|should not|without changing|without touching|no changes to|keep .* untouched|leave .* untouched|keep .* unchanged)\b/i;
+function hasNegationNear4(text, index) {
+  const start = Math.max(0, index - 64);
+  const window = text.slice(start, index + 8);
+  return NEGATION_PREFIX_RE4.test(window);
+}
+function hasPositiveKeywordMention4(task, keyword) {
+  const lowerTask = task.toLowerCase();
+  const lowerKeyword = keyword.toLowerCase();
+  let idx = lowerTask.indexOf(lowerKeyword);
+  while (idx !== -1) {
+    if (!hasNegationNear4(lowerTask, idx)) return true;
+    idx = lowerTask.indexOf(lowerKeyword, idx + lowerKeyword.length);
+  }
+  return false;
+}
 function normalize(s) {
   return (s != null ? s : "").toLowerCase();
 }
@@ -5216,9 +5330,9 @@ function recommendProviderRouting(ctx) {
   const changedFiles = (_d = ctx.changedFiles) != null ? _d : [];
   const learnedContext = (_e = ctx.learnedContext) != null ? _e : [];
   const hasProofGapSignals = proofRequired.some((p) => /proof gap|missing|vercel log|manual verification/i.test(p));
-  const highRiskByKeyword = HIGH_RISK_KEYWORDS.some((k) => task.includes(k) || category.includes(k));
+  const highRiskByKeyword = HIGH_RISK_KEYWORDS.some((k) => hasPositiveKeywordMention4(task, k) || hasPositiveKeywordMention4(category, k));
   const fastKeyword = FAST_LOCAL_KEYWORDS.some((k) => task.includes(k));
-  const multiCritical = ["auth", "billing", "database", "webhook", "payment", "migration"].filter((k) => task.includes(k)).length >= 2;
+  const multiCritical = ["auth", "billing", "database", "webhook", "payment", "migration"].filter((k) => hasPositiveKeywordMention4(task, k)).length >= 2;
   const broadTask = !ctx.explicitScope && task.split(/\s+/).length > 16;
   const hasSensitiveFiles = sensitiveAreas.length > 0 || changedFiles.some((f) => HIGH_RISK_KEYWORDS.some((k) => normalize(f).includes(k)));
   const noLearning = learnedContext.length === 0 && ((_f = ctx.similarRunsCount) != null ? _f : 0) === 0;
@@ -5483,6 +5597,19 @@ async function getSensitivePathStates(cwd) {
     return /* @__PURE__ */ new Map();
   }
 }
+function extractBoundaryLabels(forbiddenScope) {
+  const labels = /* @__PURE__ */ new Set();
+  for (const line of forbiddenScope) {
+    const lower = line.toLowerCase();
+    if (lower.includes("billing") || lower.includes("subscription") || lower.includes("payment")) labels.add("billing");
+    if (lower.includes("auth") || lower.includes("session") || lower.includes("jwt")) labels.add("auth");
+    if (lower.includes("middleware") || lower.includes("proxy")) labels.add("middleware");
+    if (lower.includes(".env") || lower.includes("secret")) labels.add("env");
+    if (lower.includes("cli")) labels.add("cli");
+    if (lower.includes("mcp")) labels.add("mcp");
+  }
+  return [...labels];
+}
 function nowId() {
   const d = /* @__PURE__ */ new Date();
   const pad = (n) => String(n).padStart(2, "0");
@@ -5544,8 +5671,21 @@ function buildApprovalLevel(risk, task, category) {
   const text = `${task}
 ${category}`.toLowerCase();
   const highSystems = ["auth", "billing", "payment", "dodo", "stripe", "webhook", "database", "migration", "rls", "middleware", "env", "secret"];
+  const hasNegationNear5 = (source, index) => {
+    const start = Math.max(0, index - 64);
+    const window = source.slice(start, index + 8);
+    return /\b(do not|don't|dont|never|avoid|must not|should not|without changing|without touching|no changes to|keep .* untouched|leave .* untouched|keep .* unchanged)\b/i.test(window);
+  };
+  const hasPositiveKeyword = (source, keyword) => {
+    let idx = source.indexOf(keyword);
+    while (idx !== -1) {
+      if (!hasNegationNear5(source, idx)) return true;
+      idx = source.indexOf(keyword, idx + keyword.length);
+    }
+    return false;
+  };
   if (risk === "high" || risk === "critical") return "required";
-  if (highSystems.some((k) => text.includes(k))) return "required";
+  if (highSystems.some((k) => hasPositiveKeyword(text, k))) return "required";
   if (risk === "medium") return "recommended";
   return "no";
 }
@@ -5586,6 +5726,7 @@ function writePreviewArtifacts(cwd, preview) {
     "",
     "Forbidden:",
     ...preview.forbiddenScope.length > 0 ? preview.forbiddenScope.slice(0, 8).map((f) => `- ${f}`) : ["- none"],
+    ...preview.boundariesDetected.length > 0 ? ["", `Boundaries detected: ${preview.boundariesDetected.join(", ")} will be forbidden, not treated as active scope.`] : [],
     "",
     "Learned context:",
     ...preview.learnedContext.length > 0 ? preview.learnedContext.map((x) => `- ${x}`) : ["- learning not available yet"],
@@ -5625,6 +5766,9 @@ async function runAgentPreview(task) {
   console.log("");
   console.log(GO_ACCENT.bold("Forbidden"));
   for (const item of preview.forbiddenScope.slice(0, 6)) console.log(DIM("  - ") + chalk.white(item));
+  if (preview.boundariesDetected.length > 0) {
+    console.log(DIM("  Boundaries detected: ") + chalk.white(`${preview.boundariesDetected.join(", ")} will be forbidden, not treated as active scope.`));
+  }
   console.log("");
   console.log(GO_ACCENT.bold("Patch strategy"));
   for (let i = 0; i < preview.patchStrategy.length; i += 1) {
@@ -5689,6 +5833,7 @@ async function buildAgentPreview(task) {
     filesToInspect,
     allowedScope: contract.contract.relevantScope,
     forbiddenScope: contract.contract.forbiddenScope,
+    boundariesDetected: extractBoundaryLabels(contract.contract.forbiddenScope),
     sensitiveAreas: [...contract.contract.sensitiveScope, ...plan.sensitiveAreas].slice(0, 10),
     stopRules: contract.contract.stopRules,
     successCriteria: contract.contract.successCriteria,

package/dist-cli/runtrim.js CHANGED Viewed

@@ -148,6 +148,22 @@ var ENV_FILE_RE = /(?:^|[\s"'`,(])(\.[.]?env(?:\.[a-zA-Z\d]+)?)\b/g;
 var ONLY_EDIT_RE = /\bonly\s+(?:edit|touch|modify|change|update|fix)\b/i;
 var MUST_INCLUDE_RE = /\ballowed\s+scope\s+(?:must\s+)?include\b|\bmust\s+(?:include|contain)\b/i;
 var CLI_SCOPE_RE = /\b(cli|command routing|runtrim command|run compiler|contract generation|scope inference|preview command|agent preview command|agent apply|adapters?|auto-guard|bridge helpers?|daemon|local server|localhost|\.runtrim(?:\s+artifacts?)?)\b/i;
+var NEGATION_PREFIX_RE = /\b(do not|don't|dont|never|avoid|must not|should not|without changing|without touching|no changes to|keep .* untouched|leave .* untouched|keep .* unchanged)\b/i;
+function hasNegationNear(text, index) {
+  const start = Math.max(0, index - 64);
+  const window = text.slice(start, index + 8);
+  return NEGATION_PREFIX_RE.test(window);
+}
+function hasPositiveKeywordMention(task, keyword) {
+  const lowerTask = task.toLowerCase();
+  const lowerKeyword = keyword.toLowerCase();
+  let idx = lowerTask.indexOf(lowerKeyword);
+  while (idx !== -1) {
+    if (!hasNegationNear(lowerTask, idx)) return true;
+    idx = lowerTask.indexOf(lowerKeyword, idx + lowerKeyword.length);
+  }
+  return false;
+}
 function extractScopePhrase(task, re) {
   var _a2, _b;
   const m = task.match(re);
@@ -205,18 +221,34 @@ function buildExplicitAllowedScope(task, explicitPaths) {
 }
 function buildExplicitForbiddenScope(task) {
   const out = [];
-  const forbiddenPhrase = extractScopePhrase(task, /\bforbidden\s+scope\s+must\s+include\s+([^\n.]+)/i);
-  if (forbiddenPhrase) out.push(forbiddenPhrase);
-  const doNotTouch = extractScopePhrase(task, /\bdo\s+not\s+touch\s+([^\n.]+)/i);
-  if (doNotTouch) out.push(`Do not touch ${doNotTouch}`);
-  const doNotEdit = extractScopePhrase(task, /\bdo\s+not\s+edit\s+([^\n.]+)/i);
-  if (doNotEdit) out.push(`Do not edit ${doNotEdit}`);
-  const withoutTouching = extractScopePhrase(task, /\bwithout\s+touching\s+([^\n.]+)/i);
-  if (withoutTouching) out.push(`Without touching ${withoutTouching}`);
-  const exclude = extractScopePhrase(task, /\bexclude\s+([^\n.]+)/i);
-  if (exclude) out.push(`Exclude ${exclude}`);
-  const forbidden = extractScopePhrase(task, /\bforbidden\s+([^\n.]+)/i);
-  if (forbidden) out.push(`Forbidden ${forbidden}`);
+  const addBoundaryList = (raw) => {
+    if (!raw) return;
+    const normalized = raw.replace(/\b(logic|internals?|behavior|files?|systems?)\b/gi, "").replace(/\s+/g, " ").trim();
+    const parts = normalized.split(/\s*(?:,|;|\band\b|\bor\b)\s*/i).map((p) => p.trim().replace(/[.]+$/, "")).filter(Boolean).slice(0, 12);
+    for (const p of parts) {
+      if (p.length < 2) continue;
+      out.push(`Do not touch ${p}`);
+    }
+  };
+  const explicitPhrases = [
+    /\bforbidden\s+scope\s+must\s+include\s+([^\n.]+)/i,
+    /\bdo\s+not\s+touch\s+([^\n.]+)/i,
+    /\bdo\s+not\s+edit\s+([^\n.]+)/i,
+    /\bdo\s+not\s+change\s+([^\n.]+)/i,
+    /\bmust\s+not\s+touch\s+([^\n.]+)/i,
+    /\bshould\s+not\s+touch\s+([^\n.]+)/i,
+    /\bwithout\s+changing\s+([^\n.]+)/i,
+    /\bwithout\s+touching\s+([^\n.]+)/i,
+    /\bno\s+changes\s+to\s+([^\n.]+)/i,
+    /\bkeep\s+([^\n.]+?)\s+(?:untouched|unchanged)\b/i,
+    /\bleave\s+([^\n.]+?)\s+untouched\b/i,
+    /\bavoid\s+changing\s+([^\n.]+)/i,
+    /\bexclude\s+([^\n.]+)/i,
+    /\bforbidden\s+([^\n.]+)/i
+  ];
+  for (const re of explicitPhrases) {
+    addBoundaryList(extractScopePhrase(task, re));
+  }
   return [...new Set(out)];
 }
 function extractExplicitPaths(task) {
@@ -448,11 +480,10 @@ var CATEGORY_KEYWORDS = [
 ];
 function classifyTaskCategory(task, explicitPaths) {
   const lower = task.toLowerCase();
-  if (CLI_SCOPE_RE.test(task)) return "cli";
   const pathHints = explicitPaths.join(" ").toLowerCase();
   for (const [category, keywords] of CATEGORY_KEYWORDS) {
     const combined = lower + " " + pathHints;
-    if (keywords.some((kw) => combined.includes(kw))) {
+    if (keywords.some((kw) => hasPositiveKeywordMention(combined, kw))) {
       return category;
     }
   }
@@ -695,6 +726,28 @@ var LOOP_PATTERNS = [
   /\b(keep (trying|going|working)|iterate until|loop until|retry)\b/i,
   /\b(if it doesn.t work.{0,20}try again)\b/i
 ];
+var NEGATION_PREFIX_RE2 = /\b(do not|don't|dont|never|avoid|must not|should not|without changing|without touching|no changes to|keep .* untouched|leave .* untouched|keep .* unchanged)\b/i;
+function hasNegationNear2(text, index) {
+  const start = Math.max(0, index - 64);
+  const window = text.slice(start, index + 8);
+  return NEGATION_PREFIX_RE2.test(window);
+}
+function hasPositiveKeywordMention2(taskLower, keyword) {
+  let idx = taskLower.indexOf(keyword.toLowerCase());
+  while (idx !== -1) {
+    if (!hasNegationNear2(taskLower, idx)) return true;
+    idx = taskLower.indexOf(keyword.toLowerCase(), idx + keyword.length);
+  }
+  return false;
+}
+function hasNegatedKeywordMention(taskLower, keyword) {
+  let idx = taskLower.indexOf(keyword.toLowerCase());
+  while (idx !== -1) {
+    if (hasNegationNear2(taskLower, idx)) return true;
+    idx = taskLower.indexOf(keyword.toLowerCase(), idx + keyword.length);
+  }
+  return false;
+}
 function scoreTask(task, flags) {
   let score = 100;
   for (const flag of flags) {
@@ -755,7 +808,7 @@ function detectProjectContext(cwd = process.cwd()) {
 function detectMegaRun(taskLower, task) {
   const found = [];
   for (const [system, keywords] of Object.entries(MEGA_RUN_SYSTEMS)) {
-    if (keywords.some((kw) => taskLower.includes(kw))) {
+    if (keywords.some((kw) => hasPositiveKeywordMention2(taskLower, kw))) {
       found.push(system);
     }
   }
@@ -766,17 +819,24 @@ function detectMegaRun(taskLower, task) {
 function detectAreasTouched(taskLower) {
   const forbidden = [];
   const sensitive = [];
+  const boundaries = [];
   for (const [area, keywords] of Object.entries(ALWAYS_FORBIDDEN_KEYWORDS)) {
-    if (keywords.some((kw) => taskLower.includes(kw))) {
+    if (keywords.some((kw) => hasPositiveKeywordMention2(taskLower, kw))) {
       forbidden.push(area);
     }
+    if (keywords.some((kw) => hasNegatedKeywordMention(taskLower, kw))) {
+      boundaries.push(area);
+    }
   }
   for (const [area, keywords] of Object.entries(SENSITIVE_BILLING_KEYWORDS)) {
-    if (keywords.some((kw) => taskLower.includes(kw))) {
+    if (keywords.some((kw) => hasPositiveKeywordMention2(taskLower, kw))) {
       sensitive.push(area);
     }
+    if (keywords.some((kw) => hasNegatedKeywordMention(taskLower, kw))) {
+      boundaries.push(area);
+    }
   }
-  return { forbidden, sensitive };
+  return { forbidden, sensitive, boundaries: [...new Set(boundaries)] };
 }
 function auditTask(task, config, cwd = process.cwd()) {
   const flags = [];
@@ -866,7 +926,7 @@ function auditTask(task, config, cwd = process.cwd()) {
       detail: "References to full context or entire conversation force expensive context loading."
     });
   }
-  const { forbidden: forbiddenAreasTouched, sensitive: sensitiveAreasRelevant } = detectAreasTouched(taskLower);
+  const { forbidden: forbiddenAreasTouched, sensitive: sensitiveAreasRelevant, boundaries } = detectAreasTouched(taskLower);
   if (forbiddenAreasTouched.length > 0) {
     flags.push({
       code: "touches_forbidden_area",
@@ -883,6 +943,14 @@ function auditTask(task, config, cwd = process.cwd()) {
       detail: `Task touches ${sensitiveAreasRelevant.join(", ")}. These are moved to SENSITIVE SCOPE: inspect allowed, editing requires explicit approval.`
     });
   }
+  if (boundaries.length > 0) {
+    flags.push({
+      code: "forbidden_boundaries_detected",
+      label: `Boundaries detected: ${boundaries.join(", ")}`,
+      severity: "info",
+      detail: "Sensitive systems in negated constraints are treated as forbidden boundaries, not active task scope."
+    });
+  }
   const isSimpleTask = task.length < 80 && flags.filter((f) => f.severity === "critical").length === 0;
   if (isSimpleTask && config.defaultModel === "opus") {
     flags.push({
@@ -960,6 +1028,10 @@ function scoreToRisk2(score) {
 }
 function cleanObjective(task) {
   let t = task.trim();
+  t = t.replace(
+    /(?:^|[\s,.])(do not|don't|dont|must not|should not|without changing|without touching|no changes to|keep .*? unchanged|keep .*? untouched|leave .*? untouched|avoid changing)\b[^.]*\.?/gi,
+    " "
+  );
   t = t.replace(/,?\s*check everything(\s+and\b)?/gi, "");
   t = t.replace(/,?\s*(look|search|scan)\s+everywhere(\s+and\b)?/gi, "");
   t = t.replace(/,?\s*review everything(\s+and\b)?/gi, "");
@@ -4640,21 +4712,21 @@ var MEDIUM_PATH_PATTERNS = [
 ];
 function classifyFileRisk(files) {
   if (files.length === 0) return "low";
-  let maxRisk = "low";
+  let maxRisk2 = "low";
   for (const f of files) {
     const norm = f.replace(/\\/g, "/").toLowerCase();
     if (CRITICAL_PATH_PATTERNS.some((p) => norm.includes(p))) {
       return "critical";
     }
-    if (HIGH_PATH_PATTERNS.some((p) => norm.includes(p)) && maxRisk !== "high") {
-      maxRisk = "high";
+    if (HIGH_PATH_PATTERNS.some((p) => norm.includes(p)) && maxRisk2 !== "high") {
+      maxRisk2 = "high";
       continue;
     }
-    if (MEDIUM_PATH_PATTERNS.some((p) => norm.includes(p)) && maxRisk === "low") {
-      maxRisk = "medium";
+    if (MEDIUM_PATH_PATTERNS.some((p) => norm.includes(p)) && maxRisk2 === "low") {
+      maxRisk2 = "medium";
     }
   }
-  return maxRisk;
+  return maxRisk2;
 }
 function isSensitivePath(filePath) {
   const norm = filePath.replace(/\\/g, "/").toLowerCase();
@@ -4997,6 +5069,24 @@ function getLearningContext(cwd, task, runs) {
 // src/lib/run-planner.ts
 var FAST_PATH_CATEGORIES = /* @__PURE__ */ new Set(["ui", "docs", "tests", "unknown"]);
 var ALWAYS_CONTRACT_CATEGORIES = /* @__PURE__ */ new Set(["auth", "billing", "payment", "webhook", "database", "env", "middleware"]);
+var RISK_ORDER = ["low", "medium", "high", "critical"];
+var NEGATION_PREFIX_RE3 = /\b(do not|don't|dont|never|avoid|must not|should not|without changing|without touching|no changes to|keep .* untouched|leave .* untouched|keep .* unchanged)\b/i;
+function maxRisk(a, b) {
+  return RISK_ORDER[Math.max(RISK_ORDER.indexOf(a), RISK_ORDER.indexOf(b))];
+}
+function hasNegationNear3(text, index) {
+  const start = Math.max(0, index - 64);
+  const window = text.slice(start, index + 8);
+  return NEGATION_PREFIX_RE3.test(window);
+}
+function hasPositiveKeywordMention3(taskLower, keyword) {
+  let idx = taskLower.indexOf(keyword.toLowerCase());
+  while (idx !== -1) {
+    if (!hasNegationNear3(taskLower, idx)) return true;
+    idx = taskLower.indexOf(keyword.toLowerCase(), idx + keyword.length);
+  }
+  return false;
+}
 function isFastPathEligible(risk, category, guardMode, hasExplicitPaths) {
   if (guardMode === "strict") return false;
   if (guardMode === "off") return true;
@@ -5012,8 +5102,16 @@ function generatePlan(cwd, task, runs, config, currentChangedFiles) {
   const compiler = compileTask(task);
   const guardMode = (_a2 = config.autoGuardMode) != null ? _a2 : "smart";
   const adapters = detectAdapters(cwd);
-  const riskFiles = compiler.explicitPaths.length > 0 ? compiler.explicitPaths : currentChangedFiles.length > 0 ? currentChangedFiles : [];
-  const rawRisk = classifyFileRisk(riskFiles);
+  const riskFiles = compiler.explicitPaths.length > 0 ? compiler.explicitPaths : [];
+  let rawRisk = classifyFileRisk(riskFiles);
+  if (ALWAYS_CONTRACT_CATEGORIES.has(compiler.taskCategory)) {
+    rawRisk = maxRisk(rawRisk, "high");
+  }
+  const lowerTask = task.toLowerCase();
+  const criticalSystemMentions = ["auth", "billing", "payment", "webhook", "database", "migration", "middleware"].filter((k) => hasPositiveKeywordMention3(lowerTask, k)).length;
+  if (criticalSystemMentions >= 2) {
+    rawRisk = maxRisk(rawRisk, "critical");
+  }
   const catScope = buildCategoryScope(
     compiler.taskCategory,
     true,
@@ -5137,6 +5235,22 @@ var FAST_LOCAL_KEYWORDS = [
   "responsive",
   "ui polish"
 ];
+var NEGATION_PREFIX_RE4 = /\b(do not|don't|dont|never|avoid|must not|should not|without changing|without touching|no changes to|keep .* untouched|leave .* untouched|keep .* unchanged)\b/i;
+function hasNegationNear4(text, index) {
+  const start = Math.max(0, index - 64);
+  const window = text.slice(start, index + 8);
+  return NEGATION_PREFIX_RE4.test(window);
+}
+function hasPositiveKeywordMention4(task, keyword) {
+  const lowerTask = task.toLowerCase();
+  const lowerKeyword = keyword.toLowerCase();
+  let idx = lowerTask.indexOf(lowerKeyword);
+  while (idx !== -1) {
+    if (!hasNegationNear4(lowerTask, idx)) return true;
+    idx = lowerTask.indexOf(lowerKeyword, idx + lowerKeyword.length);
+  }
+  return false;
+}
 function normalize(s) {
   return (s != null ? s : "").toLowerCase();
 }
@@ -5195,9 +5309,9 @@ function recommendProviderRouting(ctx) {
   const changedFiles = (_d = ctx.changedFiles) != null ? _d : [];
   const learnedContext = (_e = ctx.learnedContext) != null ? _e : [];
   const hasProofGapSignals = proofRequired.some((p) => /proof gap|missing|vercel log|manual verification/i.test(p));
-  const highRiskByKeyword = HIGH_RISK_KEYWORDS.some((k) => task.includes(k) || category.includes(k));
+  const highRiskByKeyword = HIGH_RISK_KEYWORDS.some((k) => hasPositiveKeywordMention4(task, k) || hasPositiveKeywordMention4(category, k));
   const fastKeyword = FAST_LOCAL_KEYWORDS.some((k) => task.includes(k));
-  const multiCritical = ["auth", "billing", "database", "webhook", "payment", "migration"].filter((k) => task.includes(k)).length >= 2;
+  const multiCritical = ["auth", "billing", "database", "webhook", "payment", "migration"].filter((k) => hasPositiveKeywordMention4(task, k)).length >= 2;
   const broadTask = !ctx.explicitScope && task.split(/\s+/).length > 16;
   const hasSensitiveFiles = sensitiveAreas.length > 0 || changedFiles.some((f) => HIGH_RISK_KEYWORDS.some((k) => normalize(f).includes(k)));
   const noLearning = learnedContext.length === 0 && ((_f = ctx.similarRunsCount) != null ? _f : 0) === 0;
@@ -5462,6 +5576,19 @@ async function getSensitivePathStates(cwd) {
     return /* @__PURE__ */ new Map();
   }
 }
+function extractBoundaryLabels(forbiddenScope) {
+  const labels = /* @__PURE__ */ new Set();
+  for (const line of forbiddenScope) {
+    const lower = line.toLowerCase();
+    if (lower.includes("billing") || lower.includes("subscription") || lower.includes("payment")) labels.add("billing");
+    if (lower.includes("auth") || lower.includes("session") || lower.includes("jwt")) labels.add("auth");
+    if (lower.includes("middleware") || lower.includes("proxy")) labels.add("middleware");
+    if (lower.includes(".env") || lower.includes("secret")) labels.add("env");
+    if (lower.includes("cli")) labels.add("cli");
+    if (lower.includes("mcp")) labels.add("mcp");
+  }
+  return [...labels];
+}
 function nowId() {
   const d = /* @__PURE__ */ new Date();
   const pad = (n) => String(n).padStart(2, "0");
@@ -5523,8 +5650,21 @@ function buildApprovalLevel(risk, task, category) {
   const text = `${task}
 ${category}`.toLowerCase();
   const highSystems = ["auth", "billing", "payment", "dodo", "stripe", "webhook", "database", "migration", "rls", "middleware", "env", "secret"];
+  const hasNegationNear5 = (source, index) => {
+    const start = Math.max(0, index - 64);
+    const window = source.slice(start, index + 8);
+    return /\b(do not|don't|dont|never|avoid|must not|should not|without changing|without touching|no changes to|keep .* untouched|leave .* untouched|keep .* unchanged)\b/i.test(window);
+  };
+  const hasPositiveKeyword = (source, keyword) => {
+    let idx = source.indexOf(keyword);
+    while (idx !== -1) {
+      if (!hasNegationNear5(source, idx)) return true;
+      idx = source.indexOf(keyword, idx + keyword.length);
+    }
+    return false;
+  };
   if (risk === "high" || risk === "critical") return "required";
-  if (highSystems.some((k) => text.includes(k))) return "required";
+  if (highSystems.some((k) => hasPositiveKeyword(text, k))) return "required";
   if (risk === "medium") return "recommended";
   return "no";
 }
@@ -5565,6 +5705,7 @@ function writePreviewArtifacts(cwd, preview) {
     "",
     "Forbidden:",
     ...preview.forbiddenScope.length > 0 ? preview.forbiddenScope.slice(0, 8).map((f) => `- ${f}`) : ["- none"],
+    ...preview.boundariesDetected.length > 0 ? ["", `Boundaries detected: ${preview.boundariesDetected.join(", ")} will be forbidden, not treated as active scope.`] : [],
     "",
     "Learned context:",
     ...preview.learnedContext.length > 0 ? preview.learnedContext.map((x) => `- ${x}`) : ["- learning not available yet"],
@@ -5604,6 +5745,9 @@ async function runAgentPreview(task) {
   console.log("");
   console.log(GO_ACCENT.bold("Forbidden"));
   for (const item of preview.forbiddenScope.slice(0, 6)) console.log(DIM("  - ") + chalk.white(item));
+  if (preview.boundariesDetected.length > 0) {
+    console.log(DIM("  Boundaries detected: ") + chalk.white(`${preview.boundariesDetected.join(", ")} will be forbidden, not treated as active scope.`));
+  }
   console.log("");
   console.log(GO_ACCENT.bold("Patch strategy"));
   for (let i = 0; i < preview.patchStrategy.length; i += 1) {
@@ -5668,6 +5812,7 @@ async function buildAgentPreview(task) {
     filesToInspect,
     allowedScope: contract.contract.relevantScope,
     forbiddenScope: contract.contract.forbiddenScope,
+    boundariesDetected: extractBoundaryLabels(contract.contract.forbiddenScope),
     sensitiveAreas: [...contract.contract.sensitiveScope, ...plan.sensitiveAreas].slice(0, 10),
     stopRules: contract.contract.stopRules,
     successCriteria: contract.contract.successCriteria,

package/package.json CHANGED Viewed

@@ -1,10 +1,10 @@
 {
   "name": "runtrim",
-  "version": "0.1.15",
-  "description": "CLI guard layer that scopes AI coding runs before they waste tokens.",
+  "version": "0.1.17",
+  "description": "The control layer for AI coding agents.",
   "license": "MIT",
   "author": "RunTrim",
-  "homepage": "https://runtrim.dev",
+  "homepage": "https://www.runtrim.com",
   "repository": {
     "type": "git",
     "url": "git+https://github.com/michelpronkk-oss/rtrim.git"
@@ -15,11 +15,15 @@
   "keywords": [
     "cli",
     "ai-coding",
+    "coding-agents",
     "codex",
     "claude",
     "cursor",
+    "mcp",
     "developer-tools",
-    "prompt-guard"
+    "agent-control",
+    "code-safety",
+    "ai-agents"
   ],
   "bin": {
     "runtrim": "dist-cli/runtrim.cjs"