syntropic 0.7.3 → 0.8.1

package/bin/syntropic.js

@@ -19,6 +19,11 @@ const COMMANDS = {
   health: () => require('../commands/health'),
   telemetry: () => require('../commands/telemetry'),
   report: () => require('../commands/report'),
+  login: () => require('../commands/login'),
+  logout: () => require('../commands/logout'),
+  whoami: () => require('../commands/whoami'),
+  analyse: () => require('../commands/analyse'),
+  analyze: () => require('../commands/analyse'), // US spelling alias
 };
 
 // Version flag
@@ -36,19 +41,21 @@ if (!command || args.includes('--help') || args.includes('-h')) {
   Usage:
     syntropic init [project-name]   Scaffold a new project with the Syntropic pipeline
     syntropic add <tool> [tool...]  Add support for another AI tool
+    syntropic analyse               Analyse your product using 8 philosophy lenses
+    syntropic login                 Sign in to Syntropic (required for analyse)
+    syntropic logout                Sign out
+    syntropic whoami                Show current auth status
     syntropic health                Run a local health check
-    syntropic telemetry [cmd]       Manage anonymous PRISM telemetry (enable/disable/status)
-    syntropic report [flags]        Submit an anonymous PRISM cycle report
+    syntropic telemetry [cmd]       Manage pseudonymised PRISM telemetry (enable/disable/status)
+    syntropic report [flags]        Submit a PRISM cycle report
     syntropic --version             Show version
     syntropic --help                Show this help
 
   What you get:
     - Instruction files for Claude Code, Cursor, Windsurf, GitHub Copilot, and/or OpenAI Codex
-    - SKILL.md for automatic discovery by Claude Code and Codex
-    - Evergreen Rules (EG1-EG9) — a disciplined dev pipeline
-    - Generic agents: dev, qa, research, plan, devops, security (Claude Code)
-    - Daily health check workflow with auto-remediation
+    - Evergreen Rules (EG1-EG13) — a disciplined dev pipeline
     - PRISM efficiency tracking methodology
+    - Market analysis via 8 philosophy lenses (syntropic analyse)
 
   Flags (init):
     --tools claude,cursor,windsurf,copilot,codex   Select AI tools (default: all)
@@ -58,6 +65,12 @@ if (!command || args.includes('--help') || args.includes('-h')) {
     --prod-url /                             Production page path
     --yes                                    Skip interactive prompts
 
+  Flags (analyse):
+    --focus "question"              Focus the analysis on a specific question
+    --context "extra info"          Provide additional business context
+    --dry-run                       Output product profile without sending
+    --yes                           Skip confirmation prompts
+
   Learn more: https://www.syntropicworks.com
 `);
   process.exit(0);

package/commands/analyse.js

@@ -0,0 +1,536 @@
+/**
+ * syntropic analyse
+ *
+ * Reads local codebase, generates a product profile, fetches analysis
+ * prompts from the server, and outputs everything for the user's AI
+ * coding tool to run.
+ *
+ * Usage:
+ *   syntropic analyse                        # Analyse current directory
+ *   syntropic analyse --focus "question"     # With specific focus
+ *   syntropic analyse --context "extra info" # Additional context
+ *   syntropic analyse --dry-run              # Output profile only, don't fetch
+ *   syntropic analyse --yes                  # Skip confirmation
+ */
+
+const fs = require('fs');
+const path = require('path');
+const https = require('https');
+const readline = require('readline');
+const { getAuth, isAuthExpired } = require('./config-utils');
+
+const API_BASE = 'https://www.syntropicworks.com';
+
+// ── Codebase Reading ──────────────────────────────────────
+
+const IGNORE_DIRS = new Set([
+  'node_modules', '.git', '.next', 'dist', 'build', '.vercel',
+  'vendor', '__pycache__', '.cache', 'coverage', '.turbo',
+  '.svelte-kit', '.nuxt', '.output', 'target', 'out',
+]);
+
+const IGNORE_FILES = new Set([
+  '.env', '.env.local', '.env.production', '.env.development',
+  '.DS_Store', 'Thumbs.db',
+]);
+
+function readFileSafe(filePath, maxBytes = 10000) {
+  try {
+    const stat = fs.statSync(filePath);
+    if (stat.size > maxBytes) return null;
+    return fs.readFileSync(filePath, 'utf8');
+  } catch (_) {
+    return null;
+  }
+}
+
+function countFiles(dir, ext, depth = 0) {
+  if (depth > 4) return 0;
+  let count = 0;
+  try {
+    for (const entry of fs.readdirSync(dir, { withFileTypes: true })) {
+      if (IGNORE_DIRS.has(entry.name)) continue;
+      if (entry.isDirectory()) {
+        count += countFiles(path.join(dir, entry.name), ext, depth + 1);
+      } else if (!ext || entry.name.endsWith(ext)) {
+        count++;
+      }
+    }
+  } catch (_) {}
+  return count;
+}
+
+function listDir(dir, depth = 0, maxDepth = 2) {
+  if (depth > maxDepth) return [];
+  const entries = [];
+  try {
+    for (const entry of fs.readdirSync(dir, { withFileTypes: true })) {
+      if (IGNORE_DIRS.has(entry.name) || entry.name.startsWith('.')) continue;
+      if (entry.isDirectory()) {
+        entries.push(entry.name + '/');
+        if (depth < maxDepth) {
+          const children = listDir(path.join(dir, entry.name), depth + 1, maxDepth);
+          entries.push(...children.map(c => '  ' + c));
+        }
+      } else {
+        entries.push(entry.name);
+      }
+    }
+  } catch (_) {}
+  return entries;
+}
+
+function detectRoutes(targetDir) {
+  const routes = [];
+  const routeDirs = ['pages', 'app', 'src/routes', 'src/pages', 'routes'];
+
+  for (const routeDir of routeDirs) {
+    const fullPath = path.join(targetDir, routeDir);
+    if (!fs.existsSync(fullPath)) continue;
+
+    const files = listDir(fullPath, 0, 3);
+    for (const f of files) {
+      const clean = f.trim();
+      if (clean.endsWith('.js') || clean.endsWith('.tsx') || clean.endsWith('.ts') ||
+          clean.endsWith('.vue') || clean.endsWith('.svelte') || clean.endsWith('/')) {
+        const isApi = clean.includes('api/') || clean.includes('api\\');
+        routes.push({
+          path: clean.replace(/\.(js|tsx|ts|vue|svelte)$/, ''),
+          type: isApi ? 'api' : 'page',
+        });
+      }
+    }
+    break; // Use first found route directory
+  }
+  return routes;
+}
+
+function detectDataModel(targetDir) {
+  const entities = [];
+
+  // Prisma schema
+  const prismaPath = path.join(targetDir, 'prisma', 'schema.prisma');
+  const prismaContent = readFileSafe(prismaPath, 50000);
+  if (prismaContent) {
+    const models = prismaContent.match(/model\s+(\w+)\s*\{([^}]+)\}/g);
+    if (models) {
+      for (const model of models) {
+        const nameMatch = model.match(/model\s+(\w+)/);
+        const fields = model.match(/^\s+(\w+)\s/gm);
+        if (nameMatch) {
+          entities.push({
+            entity: nameMatch[1],
+            fields: (fields || []).map(f => f.trim()).filter(f => f && f !== 'model'),
+          });
+        }
+      }
+    }
+  }
+
+  // SQL migrations — extract CREATE TABLE
+  const migrationDirs = ['supabase/migrations', 'migrations', 'db/migrations'];
+  for (const migDir of migrationDirs) {
+    const fullPath = path.join(targetDir, migDir);
+    if (!fs.existsSync(fullPath)) continue;
+
+    try {
+      const files = fs.readdirSync(fullPath).filter(f => f.endsWith('.sql')).sort();
+      for (const file of files.slice(-5)) { // Last 5 migrations
+        const content = readFileSafe(path.join(fullPath, file), 50000);
+        if (!content) continue;
+        const tables = content.match(/CREATE TABLE[^(]+\(([^;]+)\)/gi);
+        if (tables) {
+          for (const table of tables) {
+            const nameMatch = table.match(/CREATE TABLE\s+(?:IF NOT EXISTS\s+)?(\w+)/i);
+            if (nameMatch && !entities.find(e => e.entity === nameMatch[1])) {
+              entities.push({ entity: nameMatch[1], fields: ['(from SQL migration)'] });
+            }
+          }
+        }
+      }
+    } catch (_) {}
+    break;
+  }
+
+  return entities;
+}
+
+function readProductProfile(targetDir) {
+  const profile = {
+    profile_version: '1.0',
+    project_name: path.basename(targetDir),
+    description: '',
+    tech_stack: {},
+    features: [],
+    data_model: [],
+    dependencies_count: 0,
+    key_dependencies: [],
+    infrastructure: {},
+    file_structure_summary: {},
+  };
+
+  const found = [];
+
+  // package.json
+  const pkgPath = path.join(targetDir, 'package.json');
+  const pkg = readFileSafe(pkgPath);
+  if (pkg) {
+    try {
+      const parsed = JSON.parse(pkg);
+      profile.project_name = parsed.name || profile.project_name;
+      profile.description = parsed.description || '';
+
+      const allDeps = {
+        ...(parsed.dependencies || {}),
+        ...(parsed.devDependencies || {}),
+      };
+      profile.dependencies_count = Object.keys(allDeps).length;
+
+      // Detect framework
+      if (allDeps.next) profile.tech_stack.framework = `Next.js ${allDeps.next}`;
+      else if (allDeps.nuxt) profile.tech_stack.framework = `Nuxt ${allDeps.nuxt}`;
+      else if (allDeps.react) profile.tech_stack.framework = `React ${allDeps.react}`;
+      else if (allDeps.vue) profile.tech_stack.framework = `Vue ${allDeps.vue}`;
+      else if (allDeps.svelte || allDeps['@sveltejs/kit']) profile.tech_stack.framework = 'SvelteKit';
+      else if (allDeps.express) profile.tech_stack.framework = 'Express';
+
+      // Detect language
+      if (allDeps.typescript) profile.tech_stack.language = 'TypeScript';
+      else profile.tech_stack.language = 'JavaScript';
+
+      // Key deps (top 10 by name recognition)
+      const importantDeps = Object.keys(allDeps)
+        .filter(d => !d.startsWith('@types/') && !d.startsWith('eslint'))
+        .slice(0, 10);
+      profile.key_dependencies = importantDeps;
+
+      found.push(`package.json — ${profile.tech_stack.framework || 'Node.js'}, ${profile.dependencies_count} dependencies`);
+    } catch (_) {
+      found.push('package.json — found (parse error)');
+    }
+  }
+
+  // Python: requirements.txt or pyproject.toml
+  const reqPath = path.join(targetDir, 'requirements.txt');
+  if (fs.existsSync(reqPath)) {
+    const content = readFileSafe(reqPath);
+    if (content) {
+      const deps = content.split('\n').filter(l => l.trim() && !l.startsWith('#'));
+      profile.dependencies_count = deps.length;
+      profile.tech_stack.language = 'Python';
+      profile.key_dependencies = deps.slice(0, 10).map(d => d.split('==')[0].trim());
+      found.push(`requirements.txt — Python, ${deps.length} dependencies`);
+    }
+  }
+
+  // Go: go.mod
+  const goModPath = path.join(targetDir, 'go.mod');
+  if (fs.existsSync(goModPath)) {
+    profile.tech_stack.language = 'Go';
+    found.push('go.mod — Go');
+  }
+
+  // Rust: Cargo.toml
+  const cargoPath = path.join(targetDir, 'Cargo.toml');
+  if (fs.existsSync(cargoPath)) {
+    profile.tech_stack.language = 'Rust';
+    found.push('Cargo.toml — Rust');
+  }
+
+  // README.md
+  const readmePath = path.join(targetDir, 'README.md');
+  const readme = readFileSafe(readmePath);
+  if (readme) {
+    // Extract first paragraph as description if not set
+    if (!profile.description) {
+      const lines = readme.split('\n').filter(l => l.trim() && !l.startsWith('#'));
+      profile.description = lines.slice(0, 3).join(' ').trim().substring(0, 500);
+    }
+    found.push('README.md — product description');
+  }
+
+  // Routes
+  const routes = detectRoutes(targetDir);
+  if (routes.length > 0) {
+    const pages = routes.filter(r => r.type === 'page').length;
+    const apis = routes.filter(r => r.type === 'api').length;
+    profile.features = routes.slice(0, 30); // Cap at 30
+    profile.file_structure_summary.pages = pages;
+    profile.file_structure_summary.api_routes = apis;
+    found.push(`routes — ${pages} pages, ${apis} API routes`);
+  }
+
+  // Data model
+  const dataModel = detectDataModel(targetDir);
+  if (dataModel.length > 0) {
+    profile.data_model = dataModel;
+    found.push(`schema — ${dataModel.length} entities`);
+  }
+
+  // Infrastructure
+  if (fs.existsSync(path.join(targetDir, 'vercel.json'))) {
+    profile.infrastructure.hosting = 'Vercel';
+    found.push('vercel.json — Vercel hosting');
+  }
+  if (fs.existsSync(path.join(targetDir, 'netlify.toml'))) {
+    profile.infrastructure.hosting = 'Netlify';
+  }
+  if (fs.existsSync(path.join(targetDir, 'docker-compose.yml')) || fs.existsSync(path.join(targetDir, 'Dockerfile'))) {
+    profile.infrastructure.containers = 'Docker';
+    found.push('Docker — containerised');
+  }
+  if (fs.existsSync(path.join(targetDir, '.github', 'workflows'))) {
+    profile.infrastructure.ci = 'GitHub Actions';
+  }
+
+  // Database detection
+  if (fs.existsSync(path.join(targetDir, 'prisma'))) {
+    profile.tech_stack.database = 'Prisma';
+  }
+  if (fs.existsSync(path.join(targetDir, 'supabase'))) {
+    profile.infrastructure.database = 'Supabase';
+  }
+
+  // Component count
+  const componentDirs = ['components', 'src/components', 'app/components'];
+  for (const dir of componentDirs) {
+    const fullPath = path.join(targetDir, dir);
+    if (fs.existsSync(fullPath)) {
+      const count = countFiles(fullPath, null);
+      profile.file_structure_summary.components = count;
+      break;
+    }
+  }
+
+  // Lib/utils count
+  const libDirs = ['lib', 'src/lib', 'src/utils', 'utils'];
+  for (const dir of libDirs) {
+    const fullPath = path.join(targetDir, dir);
+    if (fs.existsSync(fullPath)) {
+      const count = countFiles(fullPath, null);
+      profile.file_structure_summary.lib_utils = count;
+      break;
+    }
+  }
+
+  return { profile, found };
+}
+
+// ── API Communication ──────────────────────────────────────
+
+function fetchPrompts(accessToken) {
+  return new Promise((resolve, reject) => {
+    const url = new URL('/api/v1/analyse/prompts', API_BASE);
+    const options = {
+      hostname: url.hostname,
+      port: 443,
+      path: url.pathname,
+      method: 'GET',
+      headers: {
+        'Authorization': `Bearer ${accessToken}`,
+        'Content-Type': 'application/json',
+      },
+    };
+
+    const req = https.request(options, (res) => {
+      let data = '';
+      res.on('data', (chunk) => { data += chunk; });
+      res.on('end', () => {
+        try {
+          if (res.statusCode === 200) {
+            resolve(JSON.parse(data));
+          } else {
+            const parsed = JSON.parse(data);
+            reject(new Error(parsed.error || `Server returned ${res.statusCode}`));
+          }
+        } catch (e) {
+          reject(new Error(`Invalid response from server (${res.statusCode})`));
+        }
+      });
+    });
+
+    req.on('error', reject);
+    req.end();
+  });
+}
+
+// ── Interactive Prompts ──────────────────────────────────────
+
+function ask(question) {
+  const rl = readline.createInterface({ input: process.stdin, output: process.stdout });
+  return new Promise((resolve) => {
+    rl.question(question, (answer) => {
+      rl.close();
+      resolve(answer.trim());
+    });
+  });
+}
+
+// ── Flag Parsing ──────────────────────────────────────
+
+function parseFlags(args) {
+  const flags = {};
+  for (let i = 0; i < args.length; i++) {
+    if (args[i].startsWith('--')) {
+      const key = args[i].replace('--', '');
+      flags[key] = args[i + 1] && !args[i + 1].startsWith('--') ? args[++i] : true;
+    }
+  }
+  return flags;
+}
+
+// ── Main ──────────────────────────────────────
+
+async function run(args) {
+  const flags = parseFlags(args || []);
+  const isInteractive = process.stdin.isTTY !== false && !flags.yes;
+
+  console.log('\n  Syntropic Analyse — powered by your AI coding tool\n');
+
+  // Check auth (dry-run doesn't need auth)
+  const auth = getAuth();
+  if (!flags['dry-run']) {
+    if (!auth || !auth.access_token) {
+      console.log('  Not signed in. Run `syntropic login` first.\n');
+      process.exit(1);
+    }
+
+    if (isAuthExpired(auth)) {
+      console.log('  Session expired. Run `syntropic login` to refresh.\n');
+      process.exit(1);
+    }
+  }
+
+  // Read codebase
+  console.log('  Reading codebase...');
+  const targetDir = process.cwd();
+  const { profile, found } = readProductProfile(targetDir);
+
+  for (const item of found) {
+    console.log(`    ✓ ${item}`);
+  }
+
+  if (found.length === 0) {
+    console.log('    No recognisable project files found.');
+    console.log('    Run this from your project root directory.\n');
+    process.exit(1);
+  }
+
+  // Show profile summary
+  console.log(`\n  Product Profile:`);
+  console.log(`    Name: ${profile.project_name}`);
+  if (profile.description) console.log(`    Description: ${profile.description.substring(0, 100)}...`);
+  if (profile.tech_stack.framework) console.log(`    Stack: ${profile.tech_stack.framework} (${profile.tech_stack.language || 'JS'})`);
+  if (profile.file_structure_summary.pages) {
+    console.log(`    Features: ${profile.file_structure_summary.pages} pages, ${profile.file_structure_summary.api_routes || 0} API routes`);
+  }
+  if (profile.data_model.length) console.log(`    Data Model: ${profile.data_model.length} entities`);
+
+  // Dry run — output profile and stop
+  if (flags['dry-run']) {
+    console.log('\n  Product Profile (JSON):\n');
+    console.log(JSON.stringify(profile, null, 2));
+    console.log('\n  Dry run complete. No data sent.\n');
+    return;
+  }
+
+  // Confirmation
+  if (isInteractive) {
+    const confirm = await ask('\n  Send profile to Syntropic for analysis prompts? [Y/n] ');
+    if (confirm.toLowerCase() === 'n') {
+      console.log('  Cancelled.\n');
+      return;
+    }
+  }
+
+  // Optional focus question
+  let focus = flags.focus || '';
+  if (!focus && isInteractive) {
+    focus = await ask('  Focus question (optional, press Enter to skip): ');
+  }
+
+  const context = flags.context || '';
+
+  // Fetch analysis prompts
+  console.log('\n  Fetching analysis prompts...');
+
+  let prompts;
+  try {
+    prompts = await fetchPrompts(auth.access_token);
+    console.log('  ✓ Analysis prompts received\n');
+  } catch (err) {
+    console.error(`  Error: ${err.message}`);
+    if (err.message.includes('401') || err.message.includes('Unauthorized')) {
+      console.log('  Session may have expired. Run `syntropic login` to refresh.\n');
+    }
+    process.exit(1);
+  }
+
+  // Output the full analysis context for the AI tool
+  console.log('  ═══════════════════════════════════════════════════════');
+  console.log('  SYNTROPIC ANALYSIS — Your AI tool will now run this');
+  console.log('  ═══════════════════════════════════════════════════════\n');
+
+  // Build the combined prompt
+  const analysisOutput = buildAnalysisOutput(profile, prompts, focus, context);
+  console.log(analysisOutput);
+
+  console.log('\n  ═══════════════════════════════════════════════════════');
+  console.log('  Your AI coding tool should now process the above.');
+  console.log('  The analysis uses 8 philosophy lenses for deep insight.');
+  console.log('  ═══════════════════════════════════════════════════════');
+  console.log(`\n  Feedback: hello@syntropicworks.com\n`);
+}
+
+function buildAnalysisOutput(profile, prompts, focus, context) {
+  const sections = [];
+
+  sections.push(`# Syntropic Analysis: ${profile.project_name}`);
+  sections.push(`*Run this analysis using the instructions below.*\n`);
+
+  // Product profile context
+  sections.push(`## Product Profile\n`);
+  sections.push('```json');
+  sections.push(JSON.stringify(profile, null, 2));
+  sections.push('```\n');
+
+  if (focus) {
+    sections.push(`## Focus Question\n${focus}\n`);
+  }
+  if (context) {
+    sections.push(`## Additional Context\n${context}\n`);
+  }
+
+  // Instructions
+  sections.push(`## Instructions\n`);
+  sections.push(prompts.instructions);
+  sections.push('');
+
+  // Report prompt
+  sections.push(`## Step 1: Generate Analysis Report\n`);
+  sections.push(`Use this system prompt to analyse the product profile above:\n`);
+  sections.push('---');
+  sections.push(prompts.report_prompt);
+  sections.push('---\n');
+
+  // Lens prompts
+  sections.push(`## Step 2: Philosophy Lens Deep Dives\n`);
+  sections.push(`Run each of the following 8 lenses against the report from Step 1:\n`);
+
+  for (const key of prompts.lens_order) {
+    const lens = prompts.lens_prompts[key];
+    if (!lens) continue;
+    sections.push(`### ${lens.label}\n`);
+    sections.push(lens.prompt);
+    sections.push('');
+  }
+
+  // Validation
+  sections.push(`## Step 3: Validation Plan\n`);
+  sections.push(prompts.validation_prompt);
+  sections.push('');
+
+  return sections.join('\n');
+}
+
+module.exports = run;

package/commands/config-utils.js

@@ -56,6 +56,34 @@ function hmacSign(payload, hmacKey) {
   return crypto.createHmac('sha256', hmacKey).update(payload).digest('hex');
 }
 
+/**
+ * Auth token helpers for CLI authentication
+ */
+function getAuth() {
+  const config = loadConfig();
+  return config.auth || null;
+}
+
+function saveAuth(auth) {
+  const config = loadConfig();
+  config.auth = auth;
+  saveConfig(config);
+  // Set restrictive permissions (owner read/write only)
+  try { fs.chmodSync(CONFIG_FILE, 0o600); } catch (_) {}
+}
+
+function clearAuth() {
+  const config = loadConfig();
+  delete config.auth;
+  saveConfig(config);
+}
+
+function isAuthExpired(auth) {
+  if (!auth || !auth.expires_at) return true;
+  // Expired if within 5 minutes of expiry
+  return new Date(auth.expires_at) < new Date(Date.now() + 5 * 60 * 1000);
+}
+
 module.exports = {
   CONFIG_DIR,
   CONFIG_FILE,
@@ -64,4 +92,8 @@ module.exports = {
   saveConfig,
   clientHash,
   hmacSign,
+  getAuth,
+  saveAuth,
+  clearAuth,
+  isAuthExpired,
 };

package/commands/init.js

@@ -86,6 +86,33 @@ function replaceInFile(filePath, replacements) {
   fs.writeFileSync(filePath, content, 'utf8');
 }
 
+function installPostCommitHook(targetDir) {
+  const hooksDir = path.join(targetDir, '.git', 'hooks');
+  if (!fs.existsSync(hooksDir)) return false; // Not a git repo
+
+  const hookPath = path.join(hooksDir, 'post-commit');
+  if (fs.existsSync(hookPath)) {
+    // Don't overwrite existing hook — check if it already has syntropic
+    const existing = fs.readFileSync(hookPath, 'utf8');
+    if (existing.includes('syntropic report')) return 'exists';
+    // Append to existing hook
+    fs.appendFileSync(hookPath, '\n# Syntropic PRISM — anonymous cycle reporting\ncommand -v syntropic >/dev/null 2>&1 && syntropic report >/dev/null 2>&1 &\n');
+    console.log(`  append  .git/hooks/post-commit (added PRISM reporting)`);
+    return 'appended';
+  }
+
+  // Create new hook
+  const hookContent = `#!/bin/sh
+# Syntropic PRISM — anonymous cycle reporting
+# Fire-and-forget: never blocks commits, respects telemetry opt-out
+# Disable: syntropic telemetry disable (or delete this hook)
+command -v syntropic >/dev/null 2>&1 && syntropic report >/dev/null 2>&1 &
+`;
+  fs.writeFileSync(hookPath, hookContent, { mode: 0o755 });
+  console.log(`  create  .git/hooks/post-commit (PRISM cycle reporting)`);
+  return 'created';
+}
+
 function hasSyntropicMarker(filePath) {
   if (!fs.existsSync(filePath)) return false;
   return fs.readFileSync(filePath, 'utf8').includes('<!-- syntropic -->');
@@ -250,13 +277,19 @@ async function run(args) {
   // Ensure ~/.syntropic/config.json exists (device_id, hmac_key, telemetry)
   ensureConfig();
 
+  // Install post-commit hook for PRISM cycle reporting
+  const hookResult = installPostCommitHook(targetDir);
+  const hookLine = hookResult === 'created' || hookResult === 'appended'
+    ? '\n    .git/hooks/post-commit             PRISM cycle reporting (anonymous)'
+    : '';
+
   console.log(`
   Done! Your project is set up with the Syntropic pipeline.
 
   What was created:
 ${toolFiles}
     .github/workflows/                  Daily health check with auto-remediation
-    scripts/health-check.js             Local health check script
+    scripts/health-check.js             Local health check script${hookLine}
 
   Tools configured: ${selectedTools.map(t => TOOLS[t].label).join(', ')}
 

package/commands/login.js

@@ -0,0 +1,160 @@
+/**
+ * syntropic login
+ *
+ * Device Code Flow authentication:
+ * 1. Request device code from server
+ * 2. Open browser to verification URL
+ * 3. Poll until user completes auth
+ * 4. Store tokens locally
+ */
+
+const https = require('https');
+const { execFileSync } = require('child_process');
+const { getAuth, saveAuth } = require('./config-utils');
+
+const API_BASE = 'https://www.syntropicworks.com';
+
+function request(method, path, body) {
+  return new Promise((resolve, reject) => {
+    const url = new URL(path, API_BASE);
+    const options = {
+      hostname: url.hostname,
+      port: 443,
+      path: url.pathname + url.search,
+      method,
+      headers: { 'Content-Type': 'application/json' },
+    };
+
+    const req = https.request(options, (res) => {
+      let data = '';
+      res.on('data', (chunk) => { data += chunk; });
+      res.on('end', () => {
+        try {
+          resolve({ status: res.statusCode, data: JSON.parse(data) });
+        } catch (e) {
+          resolve({ status: res.statusCode, data: {} });
+        }
+      });
+    });
+
+    req.on('error', reject);
+    if (body) req.write(JSON.stringify(body));
+    req.end();
+  });
+}
+
+function openBrowser(url) {
+  // H5 fix: Use execFileSync to avoid shell injection via URL
+  try {
+    // macOS
+    execFileSync('open', [url], { stdio: 'ignore' });
+    return true;
+  } catch (_) {
+    try {
+      // Linux
+      execFileSync('xdg-open', [url], { stdio: 'ignore' });
+      return true;
+    } catch (_) {
+      try {
+        // Windows — 'start' needs cmd.exe, use 'explorer' instead
+        execFileSync('explorer', [url], { stdio: 'ignore' });
+        return true;
+      } catch (_) {
+        return false;
+      }
+    }
+  }
+}
+
+function sleep(ms) {
+  return new Promise((resolve) => setTimeout(resolve, ms));
+}
+
+async function run() {
+  console.log('\n  syntropic login\n');
+
+  // Check if already authenticated
+  const existing = getAuth();
+  if (existing && existing.email) {
+    console.log(`  Already signed in as ${existing.email}`);
+    console.log('  Run `syntropic logout` to sign out.\n');
+    return;
+  }
+
+  // Step 1: Request device code
+  console.log('  Requesting authentication...');
+  const { status, data } = await request('POST', '/api/v1/auth/device', {});
+
+  if (status !== 200) {
+    console.error(`  Error: ${data.error || 'Failed to start authentication'}`);
+    process.exit(1);
+  }
+
+  const { device_code, user_code, verification_url, expires_in, interval } = data;
+
+  // Step 2: Open browser
+  console.log(`\n  Your code: ${user_code}\n`);
+
+  const opened = openBrowser(verification_url);
+  if (opened) {
+    console.log('  Browser opened. Sign in and accept the terms to continue.');
+  } else {
+    console.log('  Open this URL in your browser to sign in:');
+    console.log(`  ${verification_url}`);
+  }
+
+  // Step 3: Poll for completion
+  console.log('\n  Waiting for authentication...');
+  const pollInterval = (interval || 5) * 1000;
+  const deadline = Date.now() + (expires_in || 900) * 1000;
+
+  while (Date.now() < deadline) {
+    await sleep(pollInterval);
+
+    try {
+      const poll = await request('POST', '/api/v1/auth/poll', { device_code });
+
+      if (poll.status === 200) {
+        // Success!
+        const { access_token, refresh_token, email, tier } = poll.data;
+
+        // H3 fix: Extract expiry from JWT payload instead of hardcoding
+        let expiresAt;
+        try {
+          const payload = JSON.parse(Buffer.from(access_token.split('.')[1], 'base64').toString());
+          expiresAt = new Date(payload.exp * 1000).toISOString();
+        } catch (_) {
+          expiresAt = new Date(Date.now() + 60 * 60 * 1000).toISOString(); // fallback 1 hour
+        }
+
+        saveAuth({
+          access_token,
+          refresh_token,
+          email,
+          tier: tier || 'cli_trial',
+          expires_at: expiresAt,
+        });
+
+        console.log(`  ✓ Authenticated as ${email} (${tier || 'CLI Trial'})\n`);
+        console.log('  Run `syntropic analyse` to get started.\n');
+        return;
+      }
+
+      if (poll.status === 410) {
+        console.error('\n  Authentication expired. Run `syntropic login` to try again.\n');
+        process.exit(1);
+      }
+
+      // 202 = still pending, continue polling
+      process.stdout.write('.');
+    } catch (err) {
+      // Network error — retry
+      process.stdout.write('x');
+    }
+  }
+
+  console.error('\n  Authentication timed out. Run `syntropic login` to try again.\n');
+  process.exit(1);
+}
+
+module.exports = run;

package/commands/logout.js

@@ -0,0 +1,22 @@
+/**
+ * syntropic logout
+ *
+ * Clears stored authentication tokens.
+ */
+
+const { getAuth, clearAuth } = require('./config-utils');
+
+async function run() {
+  const auth = getAuth();
+
+  if (!auth || !auth.email) {
+    console.log('\n  Not signed in.\n');
+    return;
+  }
+
+  const email = auth.email;
+  clearAuth();
+  console.log(`\n  Signed out (${email}).\n`);
+}
+
+module.exports = run;

package/commands/whoami.js

@@ -0,0 +1,28 @@
+/**
+ * syntropic whoami
+ *
+ * Shows current authentication status.
+ */
+
+const { getAuth, isAuthExpired } = require('./config-utils');
+
+async function run() {
+  const auth = getAuth();
+
+  if (!auth || !auth.email) {
+    console.log('\n  Not signed in. Run `syntropic login` to authenticate.\n');
+    return;
+  }
+
+  const expired = isAuthExpired(auth);
+  const tierLabel = {
+    cli_trial: 'CLI Trial',
+    beta: 'Beta',
+    pro: 'Pro',
+    free: 'Free',
+  }[auth.tier] || auth.tier;
+
+  console.log(`\n  ${auth.email} (${tierLabel})${expired ? ' — token expired, run `syntropic login` to refresh' : ''}\n`);
+}
+
+module.exports = run;

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "syntropic",
-  "version": "0.7.3",
-  "description": "Philosophy-as-code development pipeline for Claude Code, Cursor, Windsurf, GitHub Copilot, and OpenAI Codex.",
+  "version": "0.8.1",
+  "description": "Philosophy-as-code development pipeline with market analysis for Claude Code, Cursor, Windsurf, GitHub Copilot, and OpenAI Codex.",
   "bin": {
     "syntropic": "./bin/syntropic.js"
   },
@@ -19,6 +19,8 @@
     "skill-md",
     "ai-development",
     "dev-pipeline",
+    "market-analysis",
+    "startup-validation",
     "syntropic"
   ],
   "author": "Syntropic Works <hello@syntropicworks.com>",