Skip to content

Releases: NickCirv/engram

v3.0.0 — "Spine"

Choose a tag to compare

@NickCirv NickCirv released this 24 Apr 16:13

EngramX v3.0.0 "Spine"

The biggest release since v1.0. EngramX becomes the extensible cached context spine — any MCP server plugs in via a 10-line file, the mistakes moat grows two new capabilities, Claude Code's own MEMORY.md is now bridged, and engram gen dual-emits AGENTS.md + CLAUDE.md by default.

📉 Measured: 89.1% real-world token savings

On 87 source files of EngramX itself. 163,122 tokens → 17,722 tokens. 85 of 87 files saved tokens. Best case src/cli.ts: 98.4% (18,820 → 306).

Reproduce on any project:

npm install -g engramx
cd your-project
engram init
npx tsx /path/to/engram/bench/real-world.ts --project . --files 50

Committed report: bench/results/real-world-2026-04-24.md.

🚀 Install in 30 seconds

npm install -g engramx
cd ~/my-project
engram setup

engram setup runs init + install-hook + adapter detect + doctor in one go. Works in Claude Code, Cursor, Codex CLI, Windsurf, GitHub Copilot Chat, JetBrains Junie, Aider, Zed, Continue — any agent that reads AGENTS.md or speaks MCP.

🧩 What's new — 11 of 12 scope items shipped

Pillar 1 — Capabilities to add to it

  • Generic MCP-client aggregator (src/providers/mcp-client.ts) — any MCP server becomes an EngramX provider via config + a tiny plugin file. Uses @modelcontextprotocol/sdk v1.29, abstracted behind a ProviderClient interface for easy v2 migration later.
  • Plugin contract v2 — declare mcpConfig instead of writing resolve(); the loader auto-wraps. 10-line plugins are now possible. See the Serena example.
  • Budget-weighted resolver + mistakes-boost reranking — per-provider token budgets enforced as a backstop; content mentioning known-mistake labels gets confidence × 1.5 (capped at 1.0). Boost breaks ties within priority tiers.

Pillar 2 — Save proper context

  • Anthropic Auto-Memory bridge — reads Claude Code's auto-managed ~/.claude/projects/<encoded>/memory/MEMORY.md index and surfaces relevant entries. Auto-lights-up when Auto-Dream server flag flips.
  • SSE streaming partial context packets/context/stream?file=… emits per-provider frames as they resolve. Matches MCP SEP-1699: every frame carries id: for Last-Event-ID resumption. Slow providers no longer block fast ones.
  • Serena plugin reference — 10-line mcpConfig file demonstrates the plugin contract.

Pillar 3 — Really help users (mistakes moat)

  • Bi-temporal mistake validity — schema migration 8 adds valid_until + invalidated_by_commit. Mistakes whose code was refactored away stop firing. Back-compatible: NULL = still valid.
  • Pre-mortem mistake-guard — opt-in via ENGRAM_MISTAKE_GUARD=1 (permissive) or =2 (strict). Before Claude runs a command that previously caused a bug, EngramX warns or denies.

Hygiene / ecosystem

  • engram gen dual-emits AGENTS.md + CLAUDE.md by default. One project, indexed once, every agent reads it.
  • README opens with "What engramx is not" — disarms collision with Go-Engram, DeepSeek's Engram paper, and MemPalace.
  • PR #6 (@mechtar-ru) cherry-picked with preserved authorship: MAX_DEPTH=100 in AST miner, MAX_FILES_PER_COMMIT=50 in git miner, expanded skip dirs. Closes issue #5.

🧰 Plugins multiply the savings

The 89.1% is EngramX with its 9 built-in providers. Every MCP server you plug in closes another context gap:

Plugin Closes Install
Serena (LSP symbols) Cross-file references, kills the grep-then-read loop Copy docs/plugins/examples/serena-plugin.mjs~/.engram/plugins/
GitHub MCP Issue + PR context for the file being edited engram plugin install github
Sentry MCP Prod error context engram plugin install sentry
Supabase / Neon Schema, RLS, migration context engram plugin install supabase

Each plugin is a 10-line .mjs. See docs/plugins/README.md.

🔄 Migration from v2.1

Automatic on first DB open. Schema migration 7 → 8 runs, .bak-v7 backup is written alongside your graph.db, legacy mistake rows survive unchanged (NULL validUntil = still valid). Verified on a simulated v2.1 DB during the release audit.

One API breaking change for programmatic users: autogen() return type is now { files: string[] } instead of { file: string }. CLI callers are unaffected; one-line change for programmatic consumers.

✅ Quality

  • 878 tests passing (v2.1 was 771 — +107 new)
  • CI green Ubuntu + Windows × Node 20 + 22
  • TypeScript strict, lint clean
  • 5.5 MB unpacked, 672 kB packed (same envelope as v2.1 despite adding the MCP SDK — bundled tightly)

🙏 Contributor credit

@mechtar-ru — PR #6 OOM fixes cherry-picked with authorship preserved (commits b4f7944 + 411ad13).

@gabiudrescu — prior OOM + .engramignore work that made this possible.

📚 Full changelog

See CHANGELOG.md for the complete v3.0.0 entry with migration notes.

v2.1.0 — Reliability + Zero-Friction Install

Choose a tag to compare

@NickCirv NickCirv released this 21 Apr 04:42

What's Changed

  • fix(watcher): prune graph nodes on file delete + rename (closes #9) by @gabiudrescu in #12
  • feat(cli): engram reindex + optional --auto-reindex hook (#8) by @gabiudrescu in #13
  • v2.1: Reliability + Zero-Friction Install (update / doctor / setup + #11 fix + #14 Bash parser) by @NickCirv in #15
  • chore: release v2.1.0 — Reliability + Zero-Friction Install by @NickCirv in #16

New Contributors

Full Changelog: v2.0.2...v2.1.0

v2.0.2 — Security hotfix: HTTP server auth & CORS

Choose a tag to compare

@NickCirv NickCirv released this 18 Apr 05:14

⚠️ Security release — upgrade immediately if you run engram server or engram ui

Fixes #7 — critical vulnerability where the local HTTP server shipped with Access-Control-Allow-Origin: * on every response and defaulted to no authentication. Any browser tab the developer visited could exfiltrate the local knowledge graph via GET /query and persistently poison mistake nodes via POST /learn (using text/plain, a CORS-safelisted content type). Poisoned nodes were then re-injected into the coding agent's context by Sentinel on SessionStart and every Edit/Write — yielding persistent indirect prompt injection against the user's AI coding agent.

Credit: Huge thanks to @gabiudrescu for responsible disclosure via #7 with file:line citations, working PoC, threat-model analysis, and a suggested fix.

Four stacked defenses

  1. Fail-closed auth. Every route except /health and /favicon.ico requires Authorization: Bearer <token> or an HttpOnly engram_token cookie. A random 64-char hex token is auto-generated on first server start and persisted to ~/.engram/http-server.token (mode 0600). ENGRAM_API_TOKEN env still overrides, validated at startup then snapshotted (no mid-session re-read).
  2. No wildcard CORS. ACAO: * removed everywhere. Default is no CORS headers (dashboard is same-origin). Opt-in via ENGRAM_ALLOWED_ORIGINS=a.com,b.com.
  3. Host + Origin validation (DNS-rebinding defense). Host must be 127.0.0.1|localhost|::1 on the bound port exactly. Origin if present must be same-origin or in allowlist, else 403.
  4. Content-Type: application/json enforced on mutations — POST/PUT/DELETE return 415 otherwise. Blocks the text/plain CSRF vector from the PoC.

Plus: /ui?token=<t> bootstrap with Sec-Fetch-Site gate (blocks cross-site oracle), constant-time safeEqual with empty-string guard, HttpOnly; SameSite=Strict; Path=/ cookie, Referrer-Policy: no-referrer + Cache-Control: no-store on the 302 redirect.

Upgrade

npm install -g engramx@2.0.2

Breaking change (one-line fix)

External curl/CI probes must now send the token:

curl -H "Authorization: Bearer $(cat ~/.engram/http-server.token)" \
     http://127.0.0.1:7337/stats

The dashboard (engram ui) and the hook pipeline are unaffected — the CLI passes the token automatically and the Sentinel hooks never touched the HTTP server.

Verification

  • All 4 original PoCs from #7 blocked end-to-end on the rebuilt binary: 403 / 415 / 400 / 401
  • 670 tests pass (up from 641; +29 new security tests)
  • TypeScript strict clean; CI green on Ubuntu + Windows × Node 20/22
  • Independent in-session review by security-reviewer + code-reviewer agents, all HIGH/CRITICAL findings addressed before merge

See CHANGELOG.md for the full entry.

v2.0.1 — Windows CI + favicon route

Choose a tag to compare

@NickCirv NickCirv released this 17 Apr 19:16

Patch release shipped same day as v2.0.0. No breaking changes.

Fixed

  • Windows cross-platform bug in the plugin loader — `PLUGINS_DIR` was a module-load-time constant that baked in `homedir()` at import time. Windows uses `USERPROFILE` while Unix uses `HOME`, and a frozen constant meant any runtime override couldn't take effect without a module reload. `engram plugin install/list/remove` would fail on Windows with v2.0.0. Fixed by resolving the path on every call via `getPluginsDir()`, plus optional `dir` param on `loadPlugins()`, `getLoadedPlugins()`, and `ensurePluginsDir()`.
  • `/favicon.ico` 404 for clients that ignore `<link rel="icon">` — added an explicit `GET /favicon.ico` route returning a 238-byte inline SVG with `Cache-Control: public, max-age=86400`. The dashboard HTML still inlines the same favicon via `` so modern browsers avoid the request.

Verified

  • CI green on GitHub Actions matrix: Ubuntu + Windows × Node 20 + 22 (commit 7c6001c).
  • Tests: 641/641 passing (+1 for the "plugins directory does not exist" branch).

Upgrade

```bash
npm update -g engramx
```

No config changes required. Existing `.engram/graph.db` files work unchanged.

v2.0.0 — Ecosystem

Choose a tag to compare

@NickCirv NickCirv released this 17 Apr 17:55

🚀 v2.0.0 "Ecosystem" — the biggest release since v1.0

Completes the full v2.0 roadmap across four phases. 640 tests (up from 579). Zero breaking changes — existing .engram/graph.db files auto-migrate to schema v7.

What's new vs v1.0.1

Memory cache — the compound savings engine

3-layer cache (query result + pattern + hot file). Benchmarked at 23μs/op at 99% hit rate under 10k stress reads. SQLite-backed + in-memory LRU. Auto-invalidates on file mtime change.

engram cache stats      # hit rate, entries per layer, hot file count
engram cache warm       # pre-warm hot files from access frequency
engram cache clear      # flush all layers

Web dashboard

35KB zero-dep SPA at GET /ui. Six tabs: Overview · Sessions · Activity (live SSE) · Files · Graph (Canvas 2D force-directed, pan/zoom/click) · Providers. CSP-hardened with esc() XSS defense at every boundary. Works offline / air-gapped.

engram ui   # auto-starts server + opens browser

Incremental indexing

engram init --incremental skips files whose mtime hasn't changed — 78% faster re-init on engram's own source (53ms vs 244ms). .engramignore support for project-specific exclusions.

Tree-sitter grammar bundling

6 WASM grammars (TypeScript, TSX, JavaScript, Python, Go, Rust) now ship in dist/grammars/ on every build. engram:ast provider works out of the box for npm users — no more silent fallback to node_modules.

Provider plugin system

Third-party context providers installable at ~/.engram/plugins/*.mjs:

engram plugin install ./my-provider.mjs   # validates shape before accepting
engram plugin list                         # show installed
engram plugin remove my-provider.mjs

A broken plugin cannot break engram — the resolver falls back to built-ins silently if plugin loading fails.

Schema versioning with rollback

New schema v7 formally tracks the cache tables. Every version now has a DOWN migration:

engram db status                       # current schema version
engram db migrate                      # run pending migrations
engram db rollback --to 5 --yes        # revert (creates .bak-v<from>)

Integrations expanded

  • Windsurf (new) — engram gen-windsurfrules writes .windsurfrules in project root
  • Neovim (new) — codecompanion.nvim + avante.nvim via mcphub
  • Emacs (new) — gptel + gptel-mcp
  • Cursor MCP (new doc) — Cursor's native MCP support alongside the existing .mdc path
  • Existing: Claude Code (hooks), Cursor (MDC), Continue.dev, Zed, Aider

See docs/integrations/README.md for the full integration matrix.

9 new HTTP API endpoints

/api/hook-log, /api/hook-log/summary, /api/tokens, /api/files/heatmap, /api/providers/health, /api/cache/stats, /api/graph/nodes, /api/graph/god-nodes, /api/sse (Server-Sent Events).

Stress-tested: 200 concurrent mixed requests in 295ms (~1.5ms/req).

Install

npm install -g engramx

Or update:

npm update -g engramx

Migration from v1.x

None required. Open an existing project with v2.0 and the store auto-migrates v6 → v7. The new cache tables coexist with your existing graph data.

Full changelog

See CHANGELOG.md for the complete diff against v1.0.1.

v1.0.1 — Windows CI fixes

Choose a tag to compare

@NickCirv NickCirv released this 17 Apr 07:00

Patch release fixing 9 cross-platform compatibility issues for Windows CI.

  • POSIX path handling for CCS sourceFile metadata
  • Cross-platform path separators throughout test suite
  • No functional changes to core library

Full release notes: see v1.0.0 — Protocol

v1.0.0 — Protocol

Choose a tag to compare

@NickCirv NickCirv released this 17 Apr 06:13

The context spine for AI coding agents — now with proven benchmarks, 5 IDE integrations, and the Engram Context Protocol.

Highlights

  • 88.1% proven token savings — automated benchmark harness with 10 reproducible tasks
  • 8 context providers — tree-sitter AST (confidence 1.0), structure, mistakes, git, MemPalace, Context7, Obsidian, LSP
  • 5 IDE integrations — Claude Code (native hooks), Continue.dev (@engram), Cursor (MDC), Zed (context server), Aider (context file)
  • HTTP REST serverengram server --http on port 7337 with /health, /query, /stats, /learn endpoints
  • ECP spec v0.1 — vendor-neutral standard for hook-based context enrichment (CC-BY 4.0)
  • Auto-tuningengram tune analyzes your hook-log and proposes per-project config optimizations
  • CCS support — import/export Codebase Context Specification files
  • Schema versioning — 6 migrations, auto-migrate on startup with backup

Install

npm install -g engramx
cd your-project
engram init && engram install-hook

Stats

  • 579 tests passing
  • 45 files changed, +5,622 lines
  • Zero native dependencies
  • Apache 2.0

Full changelog: https://github.com/NickCirv/engram/blob/main/CHANGELOG.md

v0.5.0 — Context Spine

Choose a tag to compare

@NickCirv NickCirv released this 13 Apr 10:39

Context Spine

The biggest engram release since v0.3 Sentinel. Read interceptions now serve rich context packets assembled from 6 providers in parallel.

What's new

  • Context Spine — one response replaces five tool calls. Structure + decisions + library docs + known issues + git changes + project notes, all assembled within a 600-token budget.
  • 6 providers: engram:structure, engram:mistakes, engram:git, mempalace (ChromaDB), context7 (library docs), obsidian (project notes)
  • Provider cache in SQLite — external providers cached at SessionStart, per-Read lookup is <5ms
  • StatusLine auto-configengram install-hook now sets up the Claude Code HUD automatically

Performance fixes

  • CRITICAL: renderFileStructure and scoreNodes no longer do full table scans (was silently timing out on large projects)
  • Go import false positives fixed (struct field tags no longer matched)
  • TS arrow function false positives fixed (requires => in line)
  • Commented-out code no longer extracted as real nodes
  • Confidence calibrated to 0.85 for regex extraction

Stats

  • 520 tests passing (was 493)
  • Zero native dependencies
  • 58 KB npm package

Install / Upgrade

npm install -g engramx@0.5.0
cd ~/my-project
engram init
engram install-hook

Full changelog: CHANGELOG.md

v0.3.1 — Structural

Choose a tag to compare

@NickCirv NickCirv released this 11 Apr 20:12

v0.3.1 — "Structural"

The structural code graph, now with less noise, Anthropic-native memory integration, a Cursor port on deck, and a real benchmark you can run yourself.

466 tests passing (up from 442 in v0.3.0). Zero new runtime dependencies. Schema unchanged. No breaking changes.


Five things shipped

1. TF-IDF keyword filter on UserPromptSubmit
Kills the "76-node noise bug" — common-term prompts were poisoning sessions on mature graphs. New computeKeywordIDF helper computes inverse document frequency against node labels; hook requires at least one keyword with IDF ≥ 1.386 (25% cutoff) before injecting. Silent passthrough when every term is a common graph term. Fails back to raw keywords if IDF computation returns empty.

2. engram memory-sync + MEMORY.md integration
Writes engram's structural facts — god nodes, landmines, graph stats, git branch — into a marker-bounded block inside Anthropic's native MEMORY.md file:

<!-- engram:structural-facts:start -->
## engram — structural facts
**Project:** engram
**Branch:** main
**Graph:** 2946 nodes, 3270 edges, 99% extracted
### Core entities
- `handleRead` [function] — src/intercept/handlers/read.ts
...
<!-- engram:structural-facts:end -->

Complementary to Auto-Dream: Anthropic owns prose memory, engram owns structure. Neither touches the other's zone. Atomic write, 1 MB sanity cap, never throws.

3. Cursor 1.7 beforeReadFile adapter (scaffold)
New engram cursor-intercept CLI command wraps the existing Read handler in Cursor's {permission, user_message} shape. Experimental — full wire-up and integration tests land in v0.3.2. The port is a thin adapter because the graph, confidence threshold, and summary builder are IDE-agnostic.

4. EngramBench v0.1
Reproducible benchmark scaffold in bench/:

  • 10 structural task definitions (find-caller, parent-class, import-graph, exported-api, landmine-check, architecture-sketch, refactor-scope, hot-files, cross-file-flow)
  • Scoring rubrics per task
  • Expected tokens per setup (baseline / cursor-memory / anthropic-memorymd / engram)
  • bench/run.sh runner scaffold
  • bench/results/TEMPLATE.csv for measurements

Run it against your own project: ./bench/run.sh --setup engram --task all. v0.2 will automate the runner and publish the first public leaderboard.

5. Rebrand
Package description, keywords, and README hero now lead with "the structural code graph your AI agent can't forget to use." Structural > prose. Interception > lookup. Graph > embeddings.

Numbers

  • 466 tests passing (+24 net: 16 MEMORY.md + 3 TF-IDF + 8 Cursor − 3 replaced dispatch fixtures)
  • 82% token reduction on engram's own codebase (unchanged from v0.3.0 headline number)
  • 75% Read hit rate on engram sessions
  • Zero new deps
  • Zero breaking changes

Upgrade

npm install -g engramx@0.3.1
cd your-project
engram memory-sync      # if you use Anthropic MEMORY.md

If you were already on v0.3.0, nothing else needs to change. Hooks keep working; the TF-IDF filter just makes them quieter.

What's next

  • v0.3.2: Full Cursor wire-up with integration tests
  • v0.4.0: EngramBench v0.2 with automated runner + public leaderboard
  • v0.5.0: Language expansion (Kotlin, Swift, C#)

Full CHANGELOG: https://github.com/NickCirv/engram/blob/main/CHANGELOG.md
npm: engramx
License: Apache 2.0

Built by NickCirv. Part of Cirvgreen.

v0.3.0 — Sentinel

Choose a tag to compare

@NickCirv NickCirv released this 11 Apr 14:49

engram v0.3.0 "Sentinel" — Release Notes

Status: Branch v0.3.0-sentinel at commit 125af22. All code, tests,
docs, and metadata ready to ship. Local tag v0.3.0 pending.

Date: 2026-04-11
Tests: 439 passing (up from 214 in v0.2.1)
tsc: clean
Build: dist/cli.js 50.6 KB, 9 files, 42.5 KB packed
Branch commits: 7 (Day 1 → Day 2 → audit → Day 3 → Day 4 → Day 5 → Day 6)
Total LOC: ~6,500 source + tests + docs


The Headline

engram v0.3 is no longer a tool your agent queries. It's a Claude Code
hook layer that intercepts at the tool-call boundary so the agent
can't forget to use it.

v0.2 (old) v0.3 (new)
Agent remembers to call query_graph ~5x/session Every Read/Edit/Bash/prompt is intercepted automatically
5 × 2000 = 10K max theoretical savings Projected -42,500 tokens/session (~80%)
Works only if the agent cooperates Works whether the agent cooperates or not

Real Measured Numbers (2026-04-11, engram on itself)

Baseline benchmark (engram bench):

Full corpus:     ~113,544 tokens
Avg graph query: ~464 tokens
vs relevant:     11.1x fewer tokens
vs full corpus:  244.7x fewer tokens

Sentinel interception on 4 real engram files (engram hook-preview):

File Full-read tokens Sentinel result Savings
src/core.ts ~4,169 DENY (13 nodes → ~300 tok summary) -3,869
src/graph/query.ts ~4,890 DENY (10 nodes → ~300 tok summary) -4,590
src/intercept/dispatch.ts ~1,820 DENY (5 nodes → ~300 tok summary) -1,520
src/intercept/handlers/read.ts ~1,310 PASSTHROUGH (only 1 export) 0
Total 12,189 2,210 -9,979 (-82%)

Hit rate: 75% (3 of 4 files intercepted). Passthrough was correct —
read.ts has only 1 exported function, below the 3-node confidence
threshold. The conservative formula is working.

These are measured on real engram code, not projected.

What Ships

7 new CLI commands

  • engram intercept — hook entry point (stdin JSON → dispatch → stdout JSON, always exit 0)
  • engram install-hook [--scope local|project|user] [--dry-run] — add hooks, atomic + backup
  • engram uninstall-hook — surgical removal preserving other hooks
  • engram hook-stats [--json] — summarize .engram/hook-log.jsonl
  • engram hook-preview <file> — dry-run Read handler for a file
  • engram hook-disable / engram hook-enable — kill switch toggle

7 new hook handlers

  • PreToolUse:Read — deny+reason (replaces file with structural summary)
  • PreToolUse:Edit — allow+context (landmine warnings, never blocks)
  • PreToolUse:Write — same as Edit
  • PreToolUse:Bash — strict parser for cat/head/tail/less/more <file>, delegates to Read
  • SessionStart — project brief injection on startup/clear/compact
  • UserPromptSubmit — keyword-gated pre-query injection (never logs prompts)
  • PostToolUse — pure observer → hook-log.jsonl

10 safety invariants

  1. Any handler error → passthrough (never block Claude Code)
  2. 2-second per-handler timeout
  3. Kill switch (.engram/hook-disabled) respected by all handlers
  4. Atomic settings.json writes with timestamped backups
  5. Never intercept outside project root
  6. Never intercept binaries or secrets (.env/.pem/.key/credentials/id_rsa)
  7. Never log user prompt content (asserted in test)
  8. Never inject >8000 chars per hook response
  9. Stale graph detection (file mtime > graph mtime → passthrough)
  10. Partial-read bypass (offset/limit → passthrough)

Infrastructure

  • src/intercept/ module — 14 files including safety, context, formatter,
    dispatch, installer, stats, and 7 handlers
  • src/intelligence/hook-log.ts — append-only JSONL with 10MB rotation
  • tests/intercept/ — 225 new tests including end-to-end subprocess tests
    that actually spawn node dist/cli.js intercept with real payloads

Migration

None required. v0.3.0 is purely additive.

  • All v0.2.1 CLI commands work identically
  • All MCP tools unchanged (query_graph, god_nodes, graph_stats,
    shortest_path, benchmark, list_mistakes)
  • Internal API stable (mistakes() function, list_mistakes MCP tool,
    kind: "mistake" schema)
  • Existing engram projects continue working without re-init

The only user-facing terminology change is "regret buffer" → "landmines"
in comments and docs. Internal code still uses "mistake".

What's Deferred to v0.3.1

  • Grep interception. Too many edge cases in v0.3.0 (regex metacharacters,
    string-literal searches engram can't answer). Will be re-scoped based on
    real hook-log data.
  • Per-user confidence threshold config. v0.3.0 hardcodes 0.7.
  • Self-tuning from hook-log data. Will tune the 2.5x mistake boost,
    0.5x keyword downweight, 0.7 confidence threshold, and coverage ceiling.

Remaining Manual Steps (for Nick to run)

Everything below requires Nick's explicit action — 2FA, public release,
account state. Claude cannot and should not do these autonomously.

1. Local tag (safe to do now)

cd ~/engram
git tag v0.3.0

This is local-only. No push.

2. Review the branch

cd ~/engram
git log --oneline main..v0.3.0-sentinel
git diff --stat main..v0.3.0-sentinel

Sanity check before anything public.

3. Merge to main (optional, choose one)

# Option A: squash merge (clean history)
git checkout main
git merge --squash v0.3.0-sentinel
git commit -m "v0.3.0 Sentinel — hook-based interception layer"

# Option B: merge commit (preserves day-by-day history)
git checkout main
git merge --no-ff v0.3.0-sentinel

# Option C: rebase (keeps linear history with all 7 commits)
git checkout main
git merge --ff-only v0.3.0-sentinel  # requires rebase first if diverged

4. Push to GitHub

git push origin main
git push origin v0.3.0        # push the tag

5. npm publish (requires 2FA)

npm run build                 # clean rebuild from main
npm pack --dry-run            # final sanity check
npm publish                   # requires npm 2FA

6. GitHub release

gh release create v0.3.0 \
  --title "v0.3.0 — Sentinel" \
  --notes-file RELEASE-NOTES-v0.3.0.md

7. Install on your own system

npm install -g engramx@0.3.0
cd ~/any-project-with-engram
engram install-hook --scope local

Then open Claude Code in that project. The Sentinel is live.

8. Announce (when ready)

Launch posts from v0.2.0 template:

  • HN: Show HN: engram v0.3 — context as infra for Claude Code
  • r/ClaudeAI: workflow framing with the hook mechanism
  • r/SideProject: "I built a Claude Code hook layer that drops session
    tokens 80%" story framing
  • Twitter/X thread with the 82% measured reduction on real engram code

Sanity Checklist (all ✅)

  • 439/439 tests passing
  • tsc --noEmit clean
  • npm run build clean (42.5 KB packed, 9 files)
  • CLI reports version 0.3.0
  • All 7 new commands registered and documented via --help
  • Dogfood verified: engram hook-preview works on engram's own files
  • Real benchmark numbers captured
  • CHANGELOG entry complete with migration notes
  • README hero rewritten with Sentinel framing
  • package.json version bumped
  • Opportunistic landmines rename landed
  • RELEASE-NOTES-v0.3.0.md written

The branch is ready. Nick's call on when to merge and publish.