Skip to content

Commit b45f6c8

Browse files
Shahinyanmclaudeshahinyanm
authored
feat: v0.46.0 — UserPromptSubmit per-turn reinforcement hook (#48)
* feat: v0.46.0 — UserPromptSubmit per-turn reinforcement hook SessionStart injects the full mandatory-tool ruleset once; over a long conversation it decays out of attention and competing instructions crowd it out, so sessions drift back to raw Read/Grep even with hooks + CLAUDE.md in place. Caveman fixes the same failure with a UserPromptSubmit hook that re-injects a tiny anchor every turn. Add hook-user-prompt (UserPromptSubmit): - emits a one-line ~30-token minimal anchor on every prompt — the floor that keeps token-pilot in the working set. Deliberately a single short line: the heavy ruleset stays in SessionStart, so the per-turn channel never undercuts the tool's own token budget (no event-log reads, no per-turn cost growth). - additionalContext only, never blocks the prompt; safe-runner wrapped. - respects sessionStart.enabled, TOKEN_PILOT_BYPASS, TOKEN_PILOT_PROMPT_REMINDER=0. - wired into hooks.json, install-hook installer, and typo-guard allowlist. - pure builder in src/hooks/user-prompt.ts + unit tests. Bump to 0.46.0 across package.json, lock, server.json, plugin.json, marketplace.json, regenerated agents. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> * chore(security): npm audit fix transitive deps + scope CI audit to prod `npm audit fix` (no major bumps) patches the transitive runtime advisories pulled in via @modelcontextprotocol/sdk's HTTP stack — hono (×15), @hono/node-server, express-rate-limit, path-to-regexp, qs, ip-address, fast-uri. token-pilot speaks stdio, so that HTTP path is unreachable, but the lockfile bump clears the dependabot alerts (was 1 critical / 8 high / 23 mod / 2 low → production audit now reports 0). Scope the CI Audit gate to production deps (`--omit=dev`): a published package should gate on what it ships, not on its test runner. The 6 remaining high advisories are all in the dev-only vitest/vite chain and need a deliberate vitest 4.x major bump, tracked separately. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude <noreply@anthropic.com> Co-authored-by: shahinyanm <mher.shahinyan@12go.asia>
1 parent 01eea6b commit b45f6c8

38 files changed

Lines changed: 333 additions & 144 deletions

.claude-plugin/marketplace.json

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -6,14 +6,14 @@
66
},
77
"metadata": {
88
"description": "Token Pilot — save 60-90% tokens when AI reads code",
9-
"version": "0.45.1"
9+
"version": "0.46.0"
1010
},
1111
"plugins": [
1212
{
1313
"name": "token-pilot",
1414
"source": "./",
1515
"description": "Reduces token consumption by 60-90% via AST-aware lazy file reading, structural symbol navigation, and cross-session tool-usage analytics. 23 MCP tools + 25 subagents + budget watchdog hooks.",
16-
"version": "0.45.1",
16+
"version": "0.46.0",
1717
"author": {
1818
"name": "Digital-Threads"
1919
},

.claude-plugin/plugin.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
{
22
"name": "token-pilot",
3-
"version": "0.45.1",
3+
"version": "0.46.0",
44
"description": "Saves 60-90% tokens on AI code reading. AST-aware lazy reads, symbol navigation, find_usages, structural git diff/log, edit-safety guard, Task-routing matcher, cross-session telemetry (errors + diagnostics), 25 tp-* subagents tiered to haiku/sonnet/opus with budget watchdog.",
55
"author": {
66
"name": "Digital-Threads",

.github/workflows/ci.yml

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -45,4 +45,7 @@ jobs:
4545
run: npm pack --dry-run
4646

4747
- name: Audit
48-
run: npm audit --audit-level=moderate
48+
# Gate on what we ship — production deps only. Dev-tooling
49+
# advisories (vitest/vite chain) don't reach published users and
50+
# are tracked separately for a deliberate major bump.
51+
run: npm audit --omit=dev --audit-level=moderate

CHANGELOG.md

Lines changed: 23 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,29 @@ All notable changes to Token Pilot will be documented in this file.
55
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
66
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
77

8+
## [0.46.0] - 2026-06-13
9+
10+
### Added — UserPromptSubmit per-turn reinforcement (caveman-style awareness)
11+
12+
The `SessionStart` reminder injects the full mandatory-tool ruleset exactly
13+
once (start / `/clear` / `/compact`). Over a long conversation that block decays
14+
out of the model's attention and competing instructions crowd it out, so
15+
sessions drift back to raw `Read` / `Grep` and stop using token-pilot — even
16+
with hooks and CLAUDE.md rules in place. The caveman plugin solves the identical
17+
problem with a `UserPromptSubmit` hook that re-injects a tiny anchor on every
18+
user message; we now do the same.
19+
20+
New `hook-user-prompt` (`UserPromptSubmit`) emits a one-line **minimal anchor**
21+
(~30 tokens) on every prompt — the floor that keeps token-pilot in the working
22+
set. Deliberately a single short line: the heavy full ruleset stays in
23+
`SessionStart`, so this per-turn channel never undercuts the tool's own token
24+
budget (no event-log reads, no per-turn growth).
25+
26+
`additionalContext` only — never blocks the prompt. Safe-runner wrapped (always
27+
exits 0). Respects `sessionStart.enabled`, `TOKEN_PILOT_BYPASS=1`, and a
28+
dedicated `TOKEN_PILOT_PROMPT_REMINDER=0` opt-out. Wired into `hooks/hooks.json`,
29+
the `install-hook` installer, and the typo-guard command allowlist.
30+
831
## [0.45.1] - 2026-06-11
932

1033
### Fixed — refuse a multi-repo workspace parent (cross-project index bleed)

agents/tp-api-surface-tracker.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@ tools:
99
- mcp__token-pilot__read_symbol
1010
- Bash
1111
model: haiku
12-
token_pilot_version: "0.45.1"
12+
token_pilot_version: "0.46.0"
1313
token_pilot_body_hash: dd184501203fa7f3c73f419c4ffbe33c4be75400cb64a7a51733a3fe23f6e085
1414
requiredMcpServers:
1515
- "token-pilot"

agents/tp-audit-scanner.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@ tools:
1111
- Grep
1212
- Read
1313
model: sonnet
14-
token_pilot_version: "0.45.1"
14+
token_pilot_version: "0.46.0"
1515
token_pilot_body_hash: d172f600bf32277ea6eb4cbbee4542ddd698a986dcd96997d33930561964569b
1616
requiredMcpServers:
1717
- "token-pilot"

agents/tp-commit-writer.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@ tools:
88
- mcp__token-pilot__test_summary
99
- mcp__token-pilot__outline
1010
- Bash
11-
token_pilot_version: "0.45.1"
11+
token_pilot_version: "0.46.0"
1212
token_pilot_body_hash: de64a406b5176de19f7422619c7de7949b1f28865f225402c9cea9255f377428
1313
requiredMcpServers:
1414
- "token-pilot"

agents/tp-context-engineer.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,7 @@ tools:
1313
- Edit
1414
- Glob
1515
model: sonnet
16-
token_pilot_version: "0.45.1"
16+
token_pilot_version: "0.46.0"
1717
token_pilot_body_hash: 68b32af2dacd82ebe52c4eec93edb903d452688274c3065218270627c564d8b0
1818
requiredMcpServers:
1919
- "token-pilot"

agents/tp-dead-code-finder.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@ tools:
1111
- Grep
1212
- Read
1313
model: sonnet
14-
token_pilot_version: "0.45.1"
14+
token_pilot_version: "0.46.0"
1515
token_pilot_body_hash: d9b7f5b7ae6f4ae21305c775361bcab097cc774370a6d976c093571d46d55021
1616
requiredMcpServers:
1717
- "token-pilot"

agents/tp-debugger.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,7 @@ tools:
1212
- Read
1313
- Bash
1414
model: sonnet
15-
token_pilot_version: "0.45.1"
15+
token_pilot_version: "0.46.0"
1616
token_pilot_body_hash: 052413de8d92377edcde6ae5c823f5378db304baccfa29e8866467f42553a500
1717
requiredMcpServers:
1818
- "token-pilot"

0 commit comments

Comments
 (0)