feat: v0.46.0 — UserPromptSubmit per-turn reinforcement hook#48
Merged
Conversation
SessionStart injects the full mandatory-tool ruleset once; over a long conversation it decays out of attention and competing instructions crowd it out, so sessions drift back to raw Read/Grep even with hooks + CLAUDE.md in place. Caveman fixes the same failure with a UserPromptSubmit hook that re-injects a tiny anchor every turn. Add hook-user-prompt (UserPromptSubmit): - emits a one-line ~30-token minimal anchor on every prompt — the floor that keeps token-pilot in the working set. Deliberately a single short line: the heavy ruleset stays in SessionStart, so the per-turn channel never undercuts the tool's own token budget (no event-log reads, no per-turn cost growth). - additionalContext only, never blocks the prompt; safe-runner wrapped. - respects sessionStart.enabled, TOKEN_PILOT_BYPASS, TOKEN_PILOT_PROMPT_REMINDER=0. - wired into hooks.json, install-hook installer, and typo-guard allowlist. - pure builder in src/hooks/user-prompt.ts + unit tests. Bump to 0.46.0 across package.json, lock, server.json, plugin.json, marketplace.json, regenerated agents. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Shahinyanm
force-pushed
the
claude/current-project-status-ar43ft
branch
from
e9d94e1 to
d7782b2
Compare
Shahinyanm
changed the title
`npm audit fix` (no major bumps) patches the transitive runtime advisories pulled in via @modelcontextprotocol/sdk's HTTP stack — hono (×15), @hono/node-server, express-rate-limit, path-to-regexp, qs, ip-address, fast-uri. token-pilot speaks stdio, so that HTTP path is unreachable, but the lockfile bump clears the dependabot alerts (was 1 critical / 8 high / 23 mod / 2 low → production audit now reports 0). Scope the CI Audit gate to production deps (`--omit=dev`): a published package should gate on what it ships, not on its test runner. The 6 remaining high advisories are all in the dev-only vitest/vite chain and need a deliberate vitest 4.x major bump, tracked separately. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Что это
Добавляет
hook-user-prompt(UserPromptSubmit) — реинжектит короткий якорь с правилами token-pilot в каждое сообщение пользователя.Зачем:
SessionStartинжектит полный ruleset один раз (старт//clear//compact). За долгую сессию он уплывает из внимания, конкурирующие инструкции вытесняют — сессия скатывается обратно к сырымRead/Grepдаже при хуках + CLAUDE.md. Caveman чинит ту же беду тем же приёмом. Теперь так же делает token-pilot.Поведение
MINIMAL_ANCHOR(~30 токенов) — пол, удерживающий token-pilot в рабочем наборе.SessionStart, поэтому per-turn-канал не подрывает собственный токен-бюджет инструмента (ноль чтения event-log, нулевой рост стоимости на ход).additionalContext, никогда не блокирует промпт, обёрнут в safe-runner.sessionStart.enabled,TOKEN_PILOT_BYPASS=1, отдельныйTOKEN_PILOT_PROMPT_REMINDER=0.hooks/hooks.json,install-hookinstaller, allowlist typo-guard./simplify review
Прогнан
/simplify(4 агента: reuse, simplification, efficiency, altitude). Главный finding (сошлись efficiency + simplification): исходная escalation-ветка читала весь event-log (потолок 10 MB) на каждый ход ради смены формулировки якоря — растущая per-turn стоимость в инструменте экономии токенов. Escalation вырезана; остался чистый always-on минимальный якорь. Altitude — 0 findings (структура по конвенциям проекта).Версия
Bump → 0.46.0 (minor, фича):
package.json, lock,server.json,plugin.json,marketplace.json, перегенерированыagents/.Проверка
npm run build✅npm run lint(tsc --noEmit) ✅tests/hooks/user-prompt.test.ts4/4 ✅.mcp.jsonв рабочей папке; 2× index.test.ts git-root таймаут субпроцесса под параллельной нагрузкой, изолированно 3/3 зелёные), не из этого изменения.🤖 Generated with Claude Code