What's new in Prism

@prism/customization-engine 0.1.0 is open source. The orchestration framework that turns a template + a prompt into customized code now lives on npm under MIT, the same engine that drives every Atlas build, with 30 typed exports, dual ESM/CJS build, and a 66-assertion verification harness pinning the public surface. Prompts stay proprietary; what's public is the architecture for not letting LLMs hallucinate. Ships quiet, the API stabilizes toward 1.0 from real-world usage signals, not from a launch.

Real Trace Mode lights up the Glass Box for Plus subscribers. The honest 'representative patterns' disclaimer on the marketing page becomes a Plus-tier feature: subscribers see their own actual agent runs in the same visualization, with pattern-based redaction for emails, phones, and probable tokens. The recipe-and-trace boundary holds: synthetic patterns on /agents, real traces in the Cockpit.

The Glass Box now opens during the 5-minute build wait. Each running step shows a rotating sub-label describing what the orchestrator is ACTUALLY doing, 'Provisioning your Supabase project', 'Waiting for the database to come online', 'Running migrations'. Honest descriptions of executeStep's real work, no fake progress theater. Aerie-quiet typography, screen-reader live region, 2.5s cadence.

Brand consolidates: Atlas → Prism on every buyer-facing surface. The internal triad (Prism platform / Aerie methodology / Atlas engine) was elegant in the doc and illegible in the wild. PRs and commit messages now read 'chore(prism)' / 'fix(prism)'. The atlas_pro DB tier value stays (no forced migration); branch prefixes 'atlas/rev-*' and the .atlas/security-audit.md marker path are tracked for deprecation in Phase 2 with explicit code-removal target quarters in docs/SUNSET.md.

Pricing surface collapses from 4 visible tiers to 2. Apps tab shows Plus + Pro Build (was Standard / Plus / Pro Build); Agents tab shows Plus only with an in-app Fleet upgrade prompt when subscribers hit the 3-agent ceiling. Standard becomes a hidden self-serve trial path; Fleet stays as the cardinal-direction-up surface. Tier code paths preserved for grandfathered customers, only the public buying surface narrows.

Front-door positioning inverts to lead with Agents. PathChooser cards swap order, TopNav reads Agents | Apps, /pricing default tab flips to Agents. The strategic bet: hedge for the agent-mediated future without abandoning the app-pipeline present. Marketing change only, zero engineering, zero database, zero functional behavior shifts.

Quarterly Sunset Memo cadence formalized. docs/SUNSET.md is the canonical append-only log; the 2026-Q2 first memo formally deprecates the four grandfathered tiers (pro, atlas_pro, launch, builder) with explicit 'no sooner than 2027-Q1/Q2' code-removal targets. The platform's biggest long-term threat is its own surface area; disciplined sunset is the only counter.

Every Monday morning, your inbox gets the proof. A single-paragraph Prism Timesheet recapping how many hours your fleet saved you the previous week, what they did, and which tool led the charge, headlined by the same time-saved number you see on the Cockpit, computed from the exact same heuristic.

Top Performer line, tool-level, "Draft email reply, 47 runs" reads as concrete proof of the math, not abstract agent-name marketing. The number ties directly to the per-tool ROI table in agent-time-saved.ts so a skeptical reader can audit the claim down to the second.

Quiet weeks don't get spam. If your fleet had a slow week and the time-saved column comes back zero, the email simply doesn't send, you don't get a guilt-trip about a quiet week, and we don't burn a place in your inbox-zero ritual on a non-event.

Every paying agent-runtime tier is on the list. Plus, Pro, Fleet, and grandfathered legacy tiers all receive the Timesheet, the explicit PM ruling here is that everyone paying for an agent runtime gets the weekly reminder of why they're paying. Launch and Builder tiers are excluded (they're not agent products).

Same fail-OPEN philosophy as every other Prism surface, a Resend outage doesn't crash the cron, a Supabase blip doesn't email half the fleet twice, one user's failure doesn't abort the sweep. The endpoint always returns a clean count of sent / skipped / failed for ops observability.

Closes Phase 22's ROI Engine: Commit 1 added the per-tool heuristic column, Commit 2 the aggregation primitive, Commit 3 the Cockpit banner, and Commit 4 the weekly email surface. Four commits, one consistent ROI story across dashboard and inbox.

Stop paying per agent. Pick a platform tier and deploy as many agents as your quota covers, Plus ($49/mo, 1 agent), Pro ($99/mo, 3 agents), or Fleet ($299/mo, 10 agents + Unleashed Trust Mode).

Activation is now instant. Deploying an agent inside your quota flips it to live in milliseconds, no Stripe round-trip per deployment. Money happens once at the subscription level, not once per agent.

Quota indicator on the Command Center. "1 / 3 agents active · Pro tier" sits right under the hero, peach-tinted with an Upgrade link the moment you hit your ceiling. You always know exactly where you stand.

Fleet badge on the Unleashed Trust Mode option. If you're not on Fleet, the Unleashed card carries a small honey-tinted lock; clicking it pops a clean upgrade modal instead of failing silently. The visual cue + the API gate work together.

Existing legacy subscribers on the old $49/mo tier are grandfathered in. You keep your price AND get the same agent quota as Pro (3 agents). No surprise charges, no forced migration. The price gap is the cost of saying we don't break working setups.

Closes the per-agent paywall friction reported earlier, a user testing one GitHub integration shouldn't hit a $299 wall for a single agent. The Fleet model lets developers explore broadly before they commit to scale.

Your agent now has long-term memory. When it learns something durable about you, that you prefer short PR summaries, that the deploy stays manual on Fridays, that a particular client gets brief replies, it stores that fact in its own brain so future versions of itself can recall it.

Two new tools in your agent's toolkit: store_memory (saves a learning) and search_memory (recalls relevant past learnings via semantic similarity, not just keyword matching). Your agent can ask itself 'what does the user prefer for code review tone?' and get back exactly the memories that match, even if the words don't.

Memory writes respect your Trust Moat. In Ironclad mode every store_memory call queues for your approval, you see the proposed memory before it lands. Earned mode promotes after five approvals like every other tool. Unleashed lets the agent write freely. You stay in control of what your agent is allowed to remember about you.

Memory Bank card on /portal/dashboard/[id]/settings, every fact your agent has chosen to remember, listed chronologically with a relative timestamp. Read-only audit surface so you can see exactly what your agent knows about you. Empty by default; the agent fills it as it operates.

Cost-bounded by design. Recall is hard-capped at the top 5 most relevant memories so your agent can't accidentally dump 1000 facts into its context window and bankrupt your monthly bill. The cost story is linear: one embedding call per write, one per recall.

Closes a long-standing promise, the wizard's Memory layer description has been advertising semantic recall since Phase 13. Phase 20 delivers it.

The Agent Cockpit is live. You can now dynamically steer your agents after they're deployed, including shifting their Trust Mode (Ironclad to Unleashed) and adjusting their daily wake schedules on the fly.

Trust Governance card, three modes laid out as a vertical picker on /portal/dashboard/[id]/settings. Ironclad (every action waits for your approval), Earned (autonomy grows as you approve, tool by tool), or Unleashed (executes immediately, you audit after the fact). Switch any time, changes take effect on the next check-in.

Earned-mode visualizer, when your agent is in Earned, the card shows every tool that's accruing approvals with a sage progress bar. 'draft_email_reply (Gmail), 3 / 5 approvals.' Promoted tools say Fully Autonomous. Tools that haven't been used yet show a clean empty state instead of a wall of zeros.

Wake Schedule card, pick from Every Morning (8 AM), End of Day (5 PM), Twice a Day, or Manual Only. The card explains what each preset does in plain English (no cron syntax, no timezone strings, your local time is captured invisibly). Manual Only points you straight at the Run Now button so you're never lost.

Optimistic UI throughout, every click flips the state instantly without waiting for a network round-trip. If the save fails, the card snaps back to the prior state and surfaces a friendly toast. No spinners, no raw error JSON, no broken UI.

Settings sits alongside Approvals and Activity as a third tab on every agent's detail page. Three surfaces, one mental model: what's waiting for me, what's been happening, how is this thing configured.

Overhauled the App Creation experience. Moving from an idea to a fully configured AI-SaaS architecture is now a seamless, 3-step process.

Panel 1 (The Vision), describe your app in a single auto-resizing textarea, pick an audience, tick the features that matter. Prism infers the rest. The done-row receipt confirms exactly what you committed at a glance.

Panel 2 (The Build Plan), five layer cards reveal in sequence the moment you continue (no fake loading), and Prism's narrative architecture review streams in below as a real LLM call. Hit Continue the second the layers land, the review is a bonus, not a blocker.

Panel 3 (The Ignition), pass-through handoff to the existing post-purchase configuration funnel where you connect GitHub, Vercel, and Supabase before the $299 charge. Money happens AFTER your accounts are wired, not before, protecting you from paying for a build that can't deploy.

Critique cache, the architecture review is memoized in your browser. Back to edit, then continue with the same inputs, and the review snaps back instantly. Same review on a hard refresh too.

Legacy /apps wizard and /apps/my dashboard removed. The new Handshake is the canonical front door at /apps; everything else lives in /portal/history (your unified Project Library).

Rolling memory window, your agent keeps the last ~50 interactions raw and high-fidelity, and condenses everything older into a dense long-term memory summary. No more paying a token tax on the same conversation history every time your agent wakes up.

Nightly Janitor cron at 2 AM UTC, sweeps every agent that's crossed the compression threshold and synthesizes its oldest 30 memory rows into preferences, persistent facts, historical context, and a record of what you've rejected. Your agent remembers everything that matters while the raw storage footprint stays bounded.

Archive Summary card on the Memory Timeline, the compressed memory is visible at the bottom of /portal/dashboard/[id]/activity so you can literally read what your agent remembers about you. Nothing happens in a black box.

Compression runs offline, never in the wake loop, keeps your agent's hot path fast and prevents the p95 timeouts that stacking another AI call would have caused. Same pattern the Project Library Reaper uses for safe destructive cleanup.

Your agent reads the summary on every wake, injected as a [LONG TERM MEMORY] block in the system prompt alongside your recent raw messages. Preferences you expressed in January still influence decisions in June without re-asking.

Per-tool trust progression, every tool your agent uses earns autonomy independently. Approve the same tool five times in a row and it promotes from Apprentice to Associate. Reject once and it snaps back to Apprentice with the counter reset. A Trust Levels card on your agent's live screen shows progress for every tool, with captions like 'three of five approvals until autonomous.'

The Autonomy Loop, once a tool is Associate-tier, your agent executes it immediately mid-tick without queuing for approval. It then feeds the result back to itself and continues working. Bounded at three autonomous steps per wake so runaway loops are structurally impossible. Mixed-trust ticks halt safely so every queued approval still waits for your click.

Memory Timeline at /portal/dashboard/[id]/activity, a scrollable audit trail of everything your agent has said, proposed, executed, and been rejected for. Role-distinct color coding (honey for pending, sage for executed, peach for failed, muted for system notes) so you can scan a week of activity in seconds. Sibling tab to the Approvals Dashboard, approvals for decisions, timeline for memory.

Trust is a human signal, not an execution signal. Autonomous executions never move the trust counter, only your approve and reject clicks do. A tool that runs 100 times autonomously without intervention stays at whatever consecutive-approval count triggered its promotion. The counter measures your judgment, not vendor uptime.

Rejection reasons feed back into the agent's next context. When you reject a proposed action with 'not this contact, the one from Monday,' that note lands in memory as a system-role row so the next tick sees it. Rejected patterns don't repeat.

Prism no longer just designs your agent, Prism runs it. Connect Google Calendar with one click, pick a schedule, and your agent wakes on its own to check in, draft actions, and send you an email when it needs approval.

The Secure Vault, third-party OAuth tokens are encrypted at rest with AES-256-GCM using a dedicated key (separate from our ops credentials by design). Deny-all row-level security means the browser can never touch ciphertext. Token refresh happens automatically; a revoked credential silently deletes so your agent doesn't loop on dead access.

Human-in-the-Loop approval queue, every tool call your agent proposes lands in /portal/dashboard/[id]/actions as a reviewable card showing the title, subtitle, parameters, and a preview of what will happen. Approve, reject with an optional reason, or ignore. Nothing with a side effect ever runs without your click (until trust progression in the next release).

Four scheduling presets, 'Every morning (8 AM),' 'End of day (5 PM),' 'Twice a day,' or 'Manual only.' Your browser's timezone is captured invisibly so '8 AM' means 8 AM in your life, not UTC. Backed by Upstash QStash with HMAC-verified wake webhooks so schedules survive instance restarts.

Transactional email digests, after a scheduled wake that produces at least one pending action, you get a Resend-powered email with the count, the agent name, and a deep link straight to the approval queue. Zero-action ticks never email (no 'good morning, nothing to report' spam).

Gmail scopes deliberately deferred, we route email actions through a Draft-and-Send-from-your-own-tab pattern instead. The agent composes, you click Send in your own Gmail session. You remain the sender; the agent is the author. Zero restricted-scope surface, zero CASA delay.

Pipelines now run on a durable Upstash QStash queue instead of fire-and-forget. Builds survive Vercel instance termination and every step is retry-safe via resource-level idempotency guards, you never get double-provisioned infrastructure.

AI CI/CD Auto-Heal, when your GitHub Actions fail on an Prism revision PR, Prism reads the error logs, rewrites the offending files, and pushes a fix commit autonomously. Circuit-breaker caps attempts at 3 distinct commits per PR so it can't spiral.

Saga Pattern Rollbacks, if a fresh Autopilot build hits a terminal failure, Prism automatically deletes the orphaned Vercel project and GitHub repo so you're never billed for junk infrastructure. You're notified with a cleanup-complete card on the dashboard.

Template Sync Engine, when Prism ships a security patch or framework upgrade to its central infrastructure template, every active Plus subscriber receives a reviewable pull request against their own repo. Never auto-merged, you retain final authority.

End-to-end Sentry observability, breadcrumbs on every pipeline transition plus exception capture with QStash message IDs let support trace any failure from the queue dashboard back to the exact step that broke.

Two-product billing: $299 one-time Autopilot (the 'printer', your initial build) plus $49/mo Plus subscription (the 'ink', unlimited managed revisions against every app you own).

Revision request surface at /portal/dashboard/[id]/revise, describe what you want changed, your prompt is preserved across the Stripe paywall, and non-subscribers get a clean upsell modal instead of a broken error.

Subscription management via Stripe's hosted Billing Portal, update your card, download invoices, cancel, or reactivate without emailing support. One click from /portal/settings.

Pro Dashboard at /portal/settings, one composite view of your subscription state with renewal date, auto-merge toggle, and state-aware CTAs (Upgrade / Manage / Resubscribe / Update Payment).

Build History at /portal/history, unified archive of every blueprint and agent you've shipped, with a direct 'New Revision →' entry point per eligible build.

Exit Protocol, when you cancel your Plus subscription, Prism gracefully hands over the keys (one-time credential reveal + severance instructions) and removes itself as a GitHub collaborator. Infrastructure destruction is a separate, opt-in second click with type-to-confirm so 'I'm saving money for a month' never becomes 'my production app just went dark.'

Prism can now iterate on a deployed app. Describe what you want changed, and Prism opens a pull request on your repository with the implementation, anchored in its own prior architectural decisions, not re-planned from scratch.

Stateful Planner, Prism's AI reasons against your live codebase AND the plan it used for your initial build, so follow-up revisions modify the files it already created instead of making parallel ones. Revisions diff cleanly.

Clean Git flow, every revision lands as a squash-merged pull request on a dedicated `atlas/rev-<id>` branch. Your main branch history stays readable as 'one commit per revision, clearly labeled.'

Merge Authority toggle at /portal/settings, choose between human-reviewed merges (the default, safe choice) or auto-merge for teams that trust their CI. Enabling auto-merge raises a warning modal that explains the tradeoff.

Schema changes are deliberately locked in revisions. Prism will never `ALTER TABLE` against your production database from a prompt, schema evolution stays manual. The dual-layer safety net (prompt plus validator) makes it impossible for the AI to slip a data-phase task through.

/portal, auth-gated client portal for Autopilot builds with per-build dashboards, identity binding, and a secure support escape hatch.

Live build timeline that polls real-time orchestrator state during provisioning, you see each step (GitHub, Supabase, Vercel) complete as it happens, not just a binary 'pending → done.'

Handoff Vault, post-completion surface with AES-256-GCM-encrypted credentials, one-time reveal, and an 'Accept Final Delivery' button that permanently wipes the vault for your security. Liability surface ends at accept.

Tiered identity binding, we auto-match you via your auth email (Tier 1), verify a different billing email via an emailed link if needed (Tier 2), or drop you into a support escape hatch if both fail (Tier 3). No buyer ever gets stuck in a 'ghost town' where their $299 payment hasn't been connected to their account.

Prism persona swept across every Autopilot touchpoint, SOW confirmation, kickoff frame, loading choreography, checkout success, all speak in the same managed-engineering voice.

Agent provisioning surface, alongside app builds, Autopilot now handles AI agent builds through the same delivery infrastructure.

Landing page now opens with a 3-beat narrative, The Old Way, The Shift, What Becomes Possible, that builds belief before asking for action.

Complete rewrite of the /why page: new sections for The Belief, The Metaphor, The Experience, The Difference (design-first positioning), and all three tiers with pricing.

Footer reduced from 4 columns to 3, removed redundant header links, renamed Learn to How Apps Work, consolidated support links.

Releases page converted from editable admin mode to a proper read-only changelog.

Killed the walkthrough tier, it was vaporware. Consolidated to three tiers: Blueprint (free), Builder ($29/mo), and Autopilot ($299).

Builder tier includes AI-customized code export in three formats (raw .zip, Cursor, Claude Code) and an AI building assistant with full project context.

Autopilot price reduced from $499 to $299 to close the trust gap between free and paid.

Hardened the Autopilot payment gate with real Stripe session verification and provisioning cap enforcement. No infrastructure is created without a confirmed payment.

Built the AI Code Customization Engine, an 11-file, 5-pass pipeline that generates domain-specific database schema, API routes, and UI pages from the user's blueprint.

17 domain patterns (chores, recipes, fitness, finance, pets, and more) with entity extraction, relationship mapping, and working fallbacks at every step.

Interactive preview at /preview/[slug] renders a browser-chrome mockup of the user's app with 4 navigable screens customized with their name and features.

Live deployed preview via Vercel, users click one button and get a real running app at a real URL. 14-day TTL with automatic cleanup.

Vibe-aware preview theming, 7 color palettes (playful, minimal, bold, warm, professional, techy, calm) that adapt the entire visual identity.

Quick Start path, one text field on the landing page generates a complete architecture blueprint in under 30 seconds. No account required.

Step-by-step guided flow with five progressively-revealed sentence starters and a vibe selector with seven preset chips.

Wizard reduced from 5 questions to 3 focused questions (audience, features, platform + scale).

Results diverged into two distinct paths: Blueprint (DIY architecture playbook) and Autopilot (done-for-you provisioning), each with its own shell, hero text, and CTA.

Live architecture preview in the wizard, a compact 5-layer stack that updates in real time as users answer questions.

Creative vibe-matched name generation, server-side name generator produces brand-style names that match the user's design personality.