feat: v0.46.0 — UserPromptSubmit per-turn reinforcement hook (#48)

* feat: v0.46.0 — UserPromptSubmit per-turn reinforcement hook

SessionStart injects the full mandatory-tool ruleset once; over a long
conversation it decays out of attention and competing instructions crowd it
out, so sessions drift back to raw Read/Grep even with hooks + CLAUDE.md in
place. Caveman fixes the same failure with a UserPromptSubmit hook that
re-injects a tiny anchor every turn.

Add hook-user-prompt (UserPromptSubmit):
- emits a one-line ~30-token minimal anchor on every prompt — the floor that
  keeps token-pilot in the working set. Deliberately a single short line: the
  heavy ruleset stays in SessionStart, so the per-turn channel never undercuts
  the tool's own token budget (no event-log reads, no per-turn cost growth).
- additionalContext only, never blocks the prompt; safe-runner wrapped.
- respects sessionStart.enabled, TOKEN_PILOT_BYPASS, TOKEN_PILOT_PROMPT_REMINDER=0.
- wired into hooks.json, install-hook installer, and typo-guard allowlist.
- pure builder in src/hooks/user-prompt.ts + unit tests.

Bump to 0.46.0 across package.json, lock, server.json, plugin.json,
marketplace.json, regenerated agents.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

* chore(security): npm audit fix transitive deps + scope CI audit to prod

`npm audit fix` (no major bumps) patches the transitive runtime advisories
pulled in via @modelcontextprotocol/sdk's HTTP stack — hono (×15),
@hono/node-server, express-rate-limit, path-to-regexp, qs, ip-address,
fast-uri. token-pilot speaks stdio, so that HTTP path is unreachable, but the
lockfile bump clears the dependabot alerts (was 1 critical / 8 high / 23 mod /
2 low → production audit now reports 0).

Scope the CI Audit gate to production deps (`--omit=dev`): a published package
should gate on what it ships, not on its test runner. The 6 remaining high
advisories are all in the dev-only vitest/vite chain and need a deliberate
vitest 4.x major bump, tracked separately.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

---------

Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: shahinyanm <mher.shahinyan@12go.asia>

Author: 3 people

.claude-plugin/marketplace.json

@@ -6,14 +6,14 @@
   },
   "metadata": {
     "description": "Token Pilot — save 60-90% tokens when AI reads code",
-    "version": "0.45.1"
+    "version": "0.46.0"
   },
   "plugins": [
     {
       "name": "token-pilot",
       "source": "./",
       "description": "Reduces token consumption by 60-90% via AST-aware lazy file reading, structural symbol navigation, and cross-session tool-usage analytics. 23 MCP tools + 25 subagents + budget watchdog hooks.",
-      "version": "0.45.1",
+      "version": "0.46.0",
       "author": {
         "name": "Digital-Threads"
       },

.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "token-pilot",
-  "version": "0.45.1",
+  "version": "0.46.0",
   "description": "Saves 60-90% tokens on AI code reading. AST-aware lazy reads, symbol navigation, find_usages, structural git diff/log, edit-safety guard, Task-routing matcher, cross-session telemetry (errors + diagnostics), 25 tp-* subagents tiered to haiku/sonnet/opus with budget watchdog.",
   "author": {
     "name": "Digital-Threads",

.github/workflows/ci.yml

@@ -45,4 +45,7 @@ jobs:
         run: npm pack --dry-run
 
       - name: Audit
-        run: npm audit --audit-level=moderate
+        # Gate on what we ship — production deps only. Dev-tooling
+        # advisories (vitest/vite chain) don't reach published users and
+        # are tracked separately for a deliberate major bump.
+        run: npm audit --omit=dev --audit-level=moderate

CHANGELOG.md

@@ -5,6 +5,29 @@ All notable changes to Token Pilot will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [0.46.0] - 2026-06-13
+
+### Added — UserPromptSubmit per-turn reinforcement (caveman-style awareness)
+
+The `SessionStart` reminder injects the full mandatory-tool ruleset exactly
+once (start / `/clear` / `/compact`). Over a long conversation that block decays
+out of the model's attention and competing instructions crowd it out, so
+sessions drift back to raw `Read` / `Grep` and stop using token-pilot — even
+with hooks and CLAUDE.md rules in place. The caveman plugin solves the identical
+problem with a `UserPromptSubmit` hook that re-injects a tiny anchor on every
+user message; we now do the same.
+
+New `hook-user-prompt` (`UserPromptSubmit`) emits a one-line **minimal anchor**
+(~30 tokens) on every prompt — the floor that keeps token-pilot in the working
+set. Deliberately a single short line: the heavy full ruleset stays in
+`SessionStart`, so this per-turn channel never undercuts the tool's own token
+budget (no event-log reads, no per-turn growth).
+
+`additionalContext` only — never blocks the prompt. Safe-runner wrapped (always
+exits 0). Respects `sessionStart.enabled`, `TOKEN_PILOT_BYPASS=1`, and a
+dedicated `TOKEN_PILOT_PROMPT_REMINDER=0` opt-out. Wired into `hooks/hooks.json`,
+the `install-hook` installer, and the typo-guard command allowlist.
+
 ## [0.45.1] - 2026-06-11
 
 ### Fixed — refuse a multi-repo workspace parent (cross-project index bleed)

agents/tp-api-surface-tracker.md

@@ -9,7 +9,7 @@ tools:
   - mcp__token-pilot__read_symbol
   - Bash
 model: haiku
-token_pilot_version: "0.45.1"
+token_pilot_version: "0.46.0"
 token_pilot_body_hash: dd184501203fa7f3c73f419c4ffbe33c4be75400cb64a7a51733a3fe23f6e085
 requiredMcpServers:
   - "token-pilot"

agents/tp-audit-scanner.md

@@ -11,7 +11,7 @@ tools:
   - Grep
   - Read
 model: sonnet
-token_pilot_version: "0.45.1"
+token_pilot_version: "0.46.0"
 token_pilot_body_hash: d172f600bf32277ea6eb4cbbee4542ddd698a986dcd96997d33930561964569b
 requiredMcpServers:
   - "token-pilot"

agents/tp-commit-writer.md

@@ -8,7 +8,7 @@ tools:
   - mcp__token-pilot__test_summary
   - mcp__token-pilot__outline
   - Bash
-token_pilot_version: "0.45.1"
+token_pilot_version: "0.46.0"
 token_pilot_body_hash: de64a406b5176de19f7422619c7de7949b1f28865f225402c9cea9255f377428
 requiredMcpServers:
   - "token-pilot"

agents/tp-context-engineer.md

@@ -13,7 +13,7 @@ tools:
   - Edit
   - Glob
 model: sonnet
-token_pilot_version: "0.45.1"
+token_pilot_version: "0.46.0"
 token_pilot_body_hash: 68b32af2dacd82ebe52c4eec93edb903d452688274c3065218270627c564d8b0
 requiredMcpServers:
   - "token-pilot"

agents/tp-dead-code-finder.md

@@ -11,7 +11,7 @@ tools:
   - Grep
   - Read
 model: sonnet
-token_pilot_version: "0.45.1"
+token_pilot_version: "0.46.0"
 token_pilot_body_hash: d9b7f5b7ae6f4ae21305c775361bcab097cc774370a6d976c093571d46d55021
 requiredMcpServers:
   - "token-pilot"

agents/tp-debugger.md

@@ -12,7 +12,7 @@ tools:
   - Read
   - Bash
 model: sonnet
-token_pilot_version: "0.45.1"
+token_pilot_version: "0.46.0"
 token_pilot_body_hash: 052413de8d92377edcde6ae5c823f5378db304baccfa29e8866467f42553a500
 requiredMcpServers:
   - "token-pilot"