syntropic 0.9.6 → 0.9.8

package/README.md

@@ -27,8 +27,8 @@ You get: a disciplined development pipeline, governance doc templates, and a con
 | Rule | What it prevents | Real-world save |
 |------|-----------------|-----------------|
 | **EG1: Pre-flight** | Localhost refs, broken builds reaching production | Caught 3 localhost references pre-deploy |
-| **EG7: Pipeline** | AI jumping to code without research or planning | Structured 123 features across Full/Lightweight/Minimum cycles |
-| **EG8: Test first** | Untested changes reaching production users | Every fix caught on test page — 12 verified promotions |
+| **EG7: Pipeline** | AI jumping to code without research or planning | Structured 210+ features across Full/Lightweight/Minimum cycles |
+| **EG8: Test first** | Untested changes reaching production users | Every change verified on test page before promotion |
 | **EG10: Env hygiene** | Env var corruption (trailing newlines, wrong formats) | Prevented silent API failures across 6 providers |
 | **EG11: Prod sync** | Access control divergence between test and production | Caught lockout bug before 8+ users were affected |
 | **EG14: Doc discipline** | Lost decisions, repeated mistakes, no project memory | Backlog, issues, and ADRs updated every cycle |
@@ -46,37 +46,74 @@ You get: a disciplined development pipeline, governance doc templates, and a con
 
 **Health Check** — daily GitHub Action with auto-remediation (npm audit fix PRs).
 
+## Deep Analysis
+
+```bash
+syntropic analyse
+```
+
+Run a full venture analysis from your terminal. The CLI reads your codebase (stack, routes, data model, dependencies), sends a product profile to the SyntropicWorks server, and runs the analysis through **8 philosophy lenses**:
+
+| Lens | What it evaluates |
+|------|-------------------|
+| Outcome Alignment | Is the business structurally coupled to customer success? |
+| Simplicity | Can anything be removed without loss? |
+| Growth & Bootstrapping | What's the zero-budget path to 1,000 users? |
+| Assumption Testing | What's the cheapest way to disprove each key assumption? |
+| Pricing Architecture | Does the tier structure move buyers from "whether" to "which"? |
+| Deep Integration | If this disappeared tomorrow, what would break? |
+| Capability Access | Who's excluded today, and what barriers gatekeep them? |
+| Legal & Regulatory | What creates liability, and can compliance become a moat? |
+
+**How it works:**
+
+1. CLI auto-detects your project (package.json, routes, schema, infrastructure)
+2. You describe your idea or venture
+3. Server runs the full analysis — screening, report generation, 8 lens deep dives, validation plan
+4. CLI shows real-time progress as each lens completes
+5. Report displays in your terminal and saves to `.syntropic/reports/`
+
+**Everything runs server-side.** Your idea text goes up, the finished report comes back. Analysis prompts, agent logic, and orchestration never leave the server.
+
+```bash
+syntropic analyse --idea "glamping site in the Cotswolds"  # Non-interactive
+syntropic analyse --focus "pricing strategy"               # With a specific focus
+syntropic analyse --list                                   # Browse past analyses
+syntropic analyse --dry-run                                # Preview product profile only
+```
+
+Requires a free account (`syntropic login`).
+
 ## Track Record
 
-Built in production on a real product (27 AI agents, 8-lens analyser, CLI, 7 free tools) over 10 weeks:
+Built in production on a real product (31 AI agents, 8-lens analyser, CLI, 8 decision tools, 92 API endpoints) over 7 months:
 
-- **123 features shipped**, each through a structured pipeline
-- **12 test→production promotions** — every feature verified on test page first
-- **3 bug classes prevented** by specific EG rules before reaching users
+- **210+ features shipped**, each through a structured pipeline
+- **98% first-try success rate** across 42 tracked PRISM cycles
+- **~370k tokens saved** — ~14k per complex cycle, ~9k lightweight, ~4k minimum
 - **0 undetected production incidents** after methodology adoption
 
 ## Trust & Privacy
 
 **Everything is local.** Your `.claude/` directory — rules, agents, governance docs — lives in your repo. It's yours.
 
-**Telemetry is metadata only.** PRISM learns from anonymous structural metadata about development cycles — never from your code, file contents, or project details. This metadata is what drives methodology improvements: which cycle weights work best for which project shapes, where pipelines break down, what patterns lead to first-pass success.
+**Telemetry is metadata only.** PRISM learns from anonymous structural metadata about development cycles — never from your code, file contents, or project details.
 
 **What's collected:** cycle weight, phases run, success/failure, tool used, OS, framework detected, file count bucket (1-5 / 6-20 / 21+), governance doc presence.
 **Never collected:** file contents, file names, code, diffs, commit messages, project names, identity, API keys.
 
-**Why it matters.** The PRISM network grows exponentially with contributors. Every anonymous report adds signal — which cycle weights work for which project shapes, where pipelines break down, what patterns lead to first-pass success. More contributors = better data = smarter rules for everyone.
+**Why it matters.** Every anonymous report adds signal — which cycle weights work for which project shapes, where pipelines break down, what patterns lead to first-pass success. More contributors = better data = smarter rules for everyone.
 
-**Contributors get more.** When telemetry is enabled, your PRISM sync fetches live network benchmarks — real success rates, iteration counts, and pattern intelligence computed from aggregate data across all contributors. This is how the methodology caught 3 classes of production bugs before they reached users, and how 12 test-to-production promotions were verified clean. When telemetry is disabled, you still get the full EG rules and agents, but benchmarks are static baselines only — you lose the network learning that makes rules smarter over time. No account needed — your identity is a double-hashed device fingerprint ([pseudonymisation details](https://zenodo.org/records/17894441)).
+**Contributors get more.** When telemetry is enabled, your PRISM sync fetches live network benchmarks — real success rates, iteration counts, and pattern intelligence computed from aggregate data across all contributors. When disabled, you still get the full EG rules and agents, but benchmarks are static baselines only. No account needed — your identity is a double-hashed device fingerprint ([pseudonymisation details](https://zenodo.org/records/17894441)).
 
 | | Community (telemetry off) | Contributor (telemetry on) |
 |---|---|---|
 | EG rules | Full | Full |
 | Pipeline agents | Full | Full |
 | Governance docs | Full | Full |
-| Benchmarks | Static baselines | **Live network data** (success rates, iteration counts, failure patterns) |
-| Pattern intelligence | Frozen snapshot | **Updated from aggregate reports** (which cycle weights work for your stack) |
-| Cycle recommendations | Generic defaults | **Tuned by real data** (upgrade/downgrade triggers from contributor patterns) |
-| Network benefit | None | **Your reports improve rules for everyone — including you** |
+| Benchmarks | Static baselines | **Live network data** |
+| Pattern intelligence | Frozen snapshot | **Updated from aggregate reports** |
+| Cycle recommendations | Generic defaults | **Tuned by real data** |
 
 Default: on. Opt out anytime:
 
@@ -96,15 +133,28 @@ syntropic remove
 
 ```bash
 syntropic audit                    # Analyse git history (no install needed)
-syntropic init [project-name]      # Install methodology + docs
+syntropic init [project-name]      # Install methodology + docs + post-commit hook
 syntropic add cursor windsurf      # Add tools to existing project
 syntropic remove                   # Clean uninstall (preserves docs)
 syntropic health                   # Run pre-flight checks
 syntropic report                   # Submit anonymous cycle report
+syntropic autofire status          # Check if post-commit hook is installed
+syntropic autofire enable|disable  # Manage the post-commit hook
 syntropic telemetry status         # Check telemetry setting
 syntropic analyse                  # Deep-dive analysis (requires login)
-syntropic analyse --list           # Browse your past analyses
+syntropic analyse --list           # Browse past analyses
+syntropic analyse --dry-run        # Preview product profile without sending
 syntropic login                    # Sign in (needed for analyse only)
+syntropic logout                   # Sign out
+syntropic whoami                   # Show current auth status
+```
+
+### `syntropic init` flags
+
+```bash
+syntropic init --no-hook           # Skip installing the post-commit hook
+syntropic init --no-email          # Skip the optional email prompt
+syntropic init --yes               # Non-interactive (defaults to all tools, no email prompt)
 ```
 
 ## How It Works

package/bin/syntropic.js

@@ -61,6 +61,7 @@ const COMMANDS = {
   health: () => require('../commands/health'),
   telemetry: () => require('../commands/telemetry'),
   report: () => require('../commands/report'),
+  autofire: () => require('../commands/autofire'),
   login: () => require('../commands/login'),
   logout: () => require('../commands/logout'),
   whoami: () => require('../commands/whoami'),
@@ -92,6 +93,7 @@ if (!command || args.includes('--help') || args.includes('-h')) {
     syntropic health                Run a local health check
     syntropic telemetry [cmd]       Manage pseudonymised PRISM telemetry (enable/disable/status)
     syntropic report [flags]        Submit a PRISM cycle report
+    syntropic autofire [cmd]        Manage post-commit hook that auto-fires report (enable/disable/status)
     syntropic --version             Show version
     syntropic --help                Show this help
 
@@ -107,6 +109,8 @@ if (!command || args.includes('--help') || args.includes('-h')) {
     --domain example.com                     Production domain
     --test-url /test                         Test page path
     --prod-url /                             Production page path
+    --no-hook                                Skip installing post-commit autofire hook
+    --no-email                               Skip the optional email prompt
     --yes                                    Skip interactive prompts
 
   Flags (analyse):

package/commands/analyse.js

@@ -504,13 +504,31 @@ async function runExecute(auth, profile, idea, focus, flags) {
       const bar = '─'.repeat(50);
       console.log(`  ${bar} 100%\n`);
 
-      // Display results
-      displayReport(profile.project_name, status.sections);
+      // Separate standard sections from partner outputs
+      const standardSections = (status.sections || []).filter(s => !s.slug?.startsWith('partner_output'));
+      const partnerSections = (status.sections || []).filter(s => s.slug?.startsWith('partner_output'));
 
-      // Save locally
-      const savedPath = saveReport(profile.project_name, status.sections);
+      // Display results (standard sections only)
+      displayReport(profile.project_name, standardSections);
+
+      // Save standard report
+      const savedPath = saveReport(profile.project_name, standardSections);
       console.log(`\n  Saved to: ${savedPath}`);
 
+      // Save partner outputs as separate files
+      for (const ps of partnerSections) {
+        try {
+          const jsonData = typeof ps.json_data === 'string' ? JSON.parse(ps.json_data) : (ps.json_data || {});
+          const filename = jsonData.output_filename || `${ps.type}.md`;
+          const downloadsDir = path.join(require('os').homedir(), 'Downloads');
+          const outputPath = path.join(downloadsDir, filename);
+          fs.writeFileSync(outputPath, ps.markdown, 'utf8');
+          console.log(`  Partner output: ~/${path.relative(require('os').homedir(), outputPath)}`);
+        } catch (partnerErr) {
+          // Don't fail the whole flow for a partner output save error
+        }
+      }
+
       // Feedback prompt
       if (isInteractive) {
         await promptFeedback(auth, sessionId);

package/commands/autofire.js

@@ -0,0 +1,125 @@
+/**
+ * syntropic autofire [enable|disable|status]
+ *
+ * Manages the git post-commit hook that fires `syntropic report` after each commit.
+ * Opt-in activation signal — turns "installed" into "used".
+ */
+
+const fs = require('fs');
+const path = require('path');
+
+const MARKER = '# syntropic-autofire';
+
+function hookPath(targetDir) {
+  return path.join(targetDir, '.git', 'hooks', 'post-commit');
+}
+
+function isInstalled(targetDir) {
+  const p = hookPath(targetDir);
+  if (!fs.existsSync(p)) return false;
+  try {
+    return fs.readFileSync(p, 'utf8').includes(MARKER);
+  } catch {
+    return false;
+  }
+}
+
+function install(targetDir) {
+  const gitDir = path.join(targetDir, '.git');
+  if (!fs.existsSync(gitDir)) {
+    return { ok: false, error: 'Not a git repository. Run `git init` first.' };
+  }
+
+  const hooksDir = path.join(gitDir, 'hooks');
+  if (!fs.existsSync(hooksDir)) fs.mkdirSync(hooksDir, { recursive: true });
+
+  const p = hookPath(targetDir);
+  const body = `#!/bin/sh
+${MARKER}
+# Auto-fires syntropic report after each commit. Non-blocking, fire-and-forget.
+# Remove with: syntropic autofire disable
+command -v syntropic >/dev/null 2>&1 || command -v npx >/dev/null 2>&1 || exit 0
+(syntropic report >/dev/null 2>&1 || npx -y syntropic report >/dev/null 2>&1) &
+exit 0
+`;
+
+  if (fs.existsSync(p)) {
+    const existing = fs.readFileSync(p, 'utf8');
+    if (existing.includes(MARKER)) return { ok: true, already: true };
+    return { ok: false, error: 'A post-commit hook already exists. Remove it first or merge manually.' };
+  }
+
+  fs.writeFileSync(p, body, { encoding: 'utf8', mode: 0o755 });
+  return { ok: true, already: false };
+}
+
+function uninstall(targetDir) {
+  const p = hookPath(targetDir);
+  if (!fs.existsSync(p)) return { ok: true, notFound: true };
+  try {
+    const content = fs.readFileSync(p, 'utf8');
+    if (!content.includes(MARKER)) {
+      return { ok: false, error: 'Post-commit hook exists but was not installed by syntropic. Not removed.' };
+    }
+    fs.unlinkSync(p);
+    return { ok: true, notFound: false };
+  } catch (err) {
+    return { ok: false, error: err.message };
+  }
+}
+
+async function run(args) {
+  const sub = (args[0] || 'status').toLowerCase();
+  const targetDir = process.cwd();
+
+  if (sub === 'enable') {
+    const res = install(targetDir);
+    if (!res.ok) {
+      console.log(`\n  ${res.error}\n`);
+      process.exit(1);
+    }
+    if (res.already) {
+      console.log('\n  Autofire is already enabled.\n');
+    } else {
+      console.log('\n  Autofire enabled. `syntropic report` will run after every commit (non-blocking).');
+      console.log('  Disable anytime: syntropic autofire disable\n');
+    }
+    return;
+  }
+
+  if (sub === 'disable') {
+    const res = uninstall(targetDir);
+    if (!res.ok) {
+      console.log(`\n  ${res.error}\n`);
+      process.exit(1);
+    }
+    if (res.notFound) {
+      console.log('\n  Autofire was not installed. Nothing to remove.\n');
+    } else {
+      console.log('\n  Autofire disabled. Post-commit hook removed.');
+      console.log('  Re-enable anytime: syntropic autofire enable\n');
+    }
+    return;
+  }
+
+  // status
+  const installed = isInstalled(targetDir);
+  console.log(`
+  Syntropic Autofire
+  ──────────────────
+  Status: ${installed ? 'ENABLED' : 'DISABLED'}
+  Path:   .git/hooks/post-commit
+
+  What it does:
+    Runs \`syntropic report\` after every git commit — a signal to the PRISM
+    network that a development cycle completed. Non-blocking, fire-and-forget.
+    Respects \`syntropic telemetry disable\`.
+
+  Commands:
+    syntropic autofire enable     Install the post-commit hook in this repo
+    syntropic autofire disable    Remove the hook
+    syntropic autofire status     Show current state
+`);
+}
+
+module.exports = run;

package/commands/init.js

@@ -14,7 +14,138 @@
 const fs = require('fs');
 const path = require('path');
 const readline = require('readline');
-const { ensureConfig } = require('./config-utils');
+const https = require('https');
+const crypto = require('crypto');
+const { ensureConfig, loadConfig, clientHash } = require('./config-utils');
+
+const API_BASE = 'https://www.syntropicworks.com';
+
+function postJson(urlPath, body, timeoutMs = 3000) {
+  return new Promise((resolve) => {
+    try {
+      const url = new URL(urlPath, API_BASE);
+      const data = JSON.stringify(body);
+      const req = https.request({
+        hostname: url.hostname,
+        port: 443,
+        path: url.pathname,
+        method: 'POST',
+        headers: {
+          'Content-Type': 'application/json',
+          'Content-Length': Buffer.byteLength(data),
+        },
+        timeout: timeoutMs,
+      }, (res) => {
+        res.resume();
+        res.on('end', () => resolve(res.statusCode >= 200 && res.statusCode < 300));
+      });
+      req.on('error', () => resolve(false));
+      req.on('timeout', () => { req.destroy(); resolve(false); });
+      req.write(data);
+      req.end();
+    } catch {
+      resolve(false);
+    }
+  });
+}
+
+function detectToolAndOs() {
+  let tool = 'unknown';
+  if (process.env.CURSOR_SESSION_ID || process.env.CURSOR_TRACE_ID) tool = 'cursor';
+  else if (process.env.WINDSURF_SESSION) tool = 'windsurf';
+  else if (process.env.GITHUB_COPILOT) tool = 'copilot';
+  else if (process.env.CODEX_SESSION) tool = 'codex';
+  else if (process.env.CLAUDECODE || process.env.CLAUDE_CODE_SESSION) tool = 'claude_code';
+  return { tool, os: require('os').platform() };
+}
+
+function detectFramework(dir) {
+  const has = (f) => fs.existsSync(path.join(dir, f));
+  if (has('next.config.js') || has('next.config.mjs') || has('next.config.ts')) return 'nextjs';
+  if (has('nuxt.config.js') || has('nuxt.config.ts')) return 'nuxt';
+  if (has('angular.json')) return 'angular';
+  if (has('svelte.config.js')) return 'svelte';
+  if (has('vite.config.js') || has('vite.config.ts')) return 'vite';
+  if (has('requirements.txt') || has('pyproject.toml')) return 'python';
+  if (has('Cargo.toml')) return 'rust';
+  if (has('go.mod')) return 'go';
+  return 'unknown';
+}
+
+function repoHashFor(dir) {
+  try {
+    const { execSync } = require('child_process');
+    let identity;
+    try {
+      identity = execSync('git remote get-url origin 2>/dev/null', { cwd: dir, encoding: 'utf8' }).trim();
+    } catch {
+      identity = path.basename(dir);
+    }
+    return crypto.createHash('sha256').update(identity || path.basename(dir)).digest('hex').slice(0, 16);
+  } catch {
+    return null;
+  }
+}
+
+async function sendActivationPing(targetDir, selectedTools, hasHook) {
+  const config = loadConfig();
+  if (!config.telemetry) return;
+  const env = detectToolAndOs();
+  await postJson('/api/v1/prism/report', {
+    type: 'activation',
+    anon_id: clientHash(config.device_id),
+    cli_version: require('../package.json').version,
+    tool: env.tool,
+    os: env.os,
+    framework: detectFramework(targetDir),
+    repo_hash: repoHashFor(targetDir),
+    tools: selectedTools,
+    has_hook: !!hasHook,
+    source: 'init',
+  });
+}
+
+async function sendWaitlistEmail(email, targetDir) {
+  const config = loadConfig();
+  const env = detectToolAndOs();
+  await postJson('/api/v1/cli/waitlist', {
+    email,
+    anon_id: config.telemetry ? clientHash(config.device_id) : null,
+    cli_version: require('../package.json').version,
+    tool: env.tool,
+    os: env.os,
+    framework: detectFramework(targetDir),
+    source: 'init',
+  }, 5000);
+}
+
+function installPostCommitHook(targetDir) {
+  const gitDir = path.join(targetDir, '.git');
+  if (!fs.existsSync(gitDir)) return { installed: false, reason: 'not a git repo' };
+
+  const hooksDir = path.join(gitDir, 'hooks');
+  if (!fs.existsSync(hooksDir)) fs.mkdirSync(hooksDir, { recursive: true });
+
+  const hookPath = path.join(hooksDir, 'post-commit');
+  const marker = '# syntropic-autofire';
+  const body = `#!/bin/sh
+${marker}
+# Auto-fires syntropic report after each commit. Non-blocking, fire-and-forget.
+# Remove with: syntropic autofire disable
+command -v syntropic >/dev/null 2>&1 || command -v npx >/dev/null 2>&1 || exit 0
+(syntropic report >/dev/null 2>&1 || npx -y syntropic report >/dev/null 2>&1) &
+exit 0
+`;
+
+  if (fs.existsSync(hookPath)) {
+    const existing = fs.readFileSync(hookPath, 'utf8');
+    if (existing.includes(marker)) return { installed: true, reason: 'already installed' };
+    return { installed: false, reason: 'post-commit hook exists (not overwritten)' };
+  }
+
+  fs.writeFileSync(hookPath, body, { encoding: 'utf8', mode: 0o755 });
+  return { installed: true, reason: 'new hook' };
+}
 
 const TEMPLATES_DIR = path.join(__dirname, '..', 'templates');
 
@@ -316,6 +447,39 @@ async function run(args) {
     }
   }
 
+  // Install post-commit hook (auto-fires `syntropic report` after every commit)
+  // Skipped with --no-hook flag or when not a git repo
+  let hookResult = { installed: false, reason: 'skipped' };
+  if (!flags['no-hook']) {
+    hookResult = installPostCommitHook(targetDir);
+    if (hookResult.installed) {
+      console.log('  hook     .git/hooks/post-commit (auto-fires `syntropic report` after each commit)');
+    } else if (hookResult.reason === 'not a git repo') {
+      console.log('  skip     post-commit hook (not a git repo yet — run `git init` then `syntropic autofire enable`)');
+    } else if (hookResult.reason !== 'already installed') {
+      console.log(`  skip     post-commit hook (${hookResult.reason})`);
+    }
+  }
+
+  // Optional email capture — helps measure real users vs npm install noise
+  // Only prompts when interactive and user hasn't passed --no-email
+  if (isInteractive && !flags['no-email']) {
+    console.log('');
+    const email = await ask('  Optional: email for roadmap updates + early access to paid features (Enter to skip): ');
+    if (email && email.includes('@') && email.length < 254) {
+      try {
+        await sendWaitlistEmail(email.trim(), targetDir);
+        console.log('  Thanks. No spam — just occasional updates.');
+      } catch { /* fire-and-forget */ }
+    }
+  }
+
+  // Fire activation ping — measures real `init` completion, not just npm pulls
+  // Respects telemetry opt-out
+  try {
+    await sendActivationPing(targetDir, selectedTools, hookResult.installed);
+  } catch { /* fire-and-forget, never block init */ }
+
   console.log(`
   Done! Your project is set up with the Syntropic pipeline.
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "syntropic",
-  "version": "0.9.6",
+  "version": "0.9.8",
   "description": "Ship better software with a proven development methodology. Audit your git history, install disciplined rules, and track iterations — for Claude Code, Cursor, Windsurf, GitHub Copilot, and OpenAI Codex.",
   "bin": {
     "syntropic": "./bin/syntropic.js"