feat: add telemetry CLI, confirm-scars prefix matching, session-close timing

- Add `npx gitmem-mcp telemetry` command (enable/disable/status/show/clear)
- Add telemetry lib with opt-in tracking, local log, privacy-first design
- Add PRIVACY.md with full transparency on data collection
- Support 8-char prefix matching in confirm_scars (matches recall display)
- Track agent_reflection_ms and human_wait_time_ms in session-close metrics
- Add telemetry opt-in prompt to init flow
- Update README A/B testing description for accuracy
- Update CLI UX guidelines recall header copy

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: 2 people

PRIVACY.md

@@ -0,0 +1,183 @@
+# GitMem Privacy Policy
+
+**Last Updated:** February 20, 2026
+**Version:** 1.0
+
+## Our Commitment
+
+Your institutional memory is yours. GitMem telemetry is **opt-in, anonymous, and transparent**. We collect only what helps improve the product, and you can inspect everything before it's sent.
+
+## What We Collect (When Enabled)
+
+When you enable telemetry, we collect:
+
+```json
+{
+  "event": "tool_called",
+  "tool": "recall",
+  "success": true,
+  "duration_ms": 234,
+  "result_count": 3,
+  "version": "1.2.0",
+  "platform": "darwin",
+  "mcp_host": "claude-desktop",
+  "tier": "free",
+  "timestamp": "2026-02-20T12:34:56Z",
+  "session_id": "7a4f2c91"  // Random per-session, not persistent
+}
+```
+
+**Purpose:**
+- Understand which tools are most useful
+- Identify error patterns to prioritize fixes
+- Measure performance across platforms
+- Guide feature development
+
+## What We Never Collect
+
+❌ **Your content:**
+- Queries or search terms
+- Scar text or descriptions
+- Learning/decision content
+- Session reflections
+- Code or file paths
+
+❌ **Personal identifiers:**
+- Email addresses
+- IP addresses
+- Persistent user IDs
+- Project names
+- GitHub usernames
+
+❌ **Environment data:**
+- API keys or credentials
+- Environment variables
+- Directory paths
+- Database connection strings
+
+## How It Works
+
+### 1. Default State: Disabled
+
+Telemetry is **off by default**. No data is sent unless you explicitly opt in.
+
+### 2. Transparent Collection
+
+All events are logged locally at `.gitmem/telemetry.log` BEFORE being sent:
+
+```bash
+$ cat .gitmem/telemetry.log
+{"event":"tool_called","tool":"recall","success":true,"duration_ms":234,...}
+{"event":"tool_called","tool":"session_close","success":true,"duration_ms":567,...}
+```
+
+You can review every event before it's transmitted.
+
+### 3. Batch Transmission
+
+Events are sent in batches every 24 hours or when you run `gitmem telemetry flush`. This gives you time to review before transmission.
+
+### 4. Anonymous Session IDs
+
+Each session gets a random ID (like `7a4f2c91`) that's **not stored** or linked across sessions. We can't correlate activity to individual users.
+
+## Controlling Telemetry
+
+### Enable Telemetry
+
+```bash
+$ gitmem telemetry enable
+✓ Telemetry enabled
+  Data logged to: .gitmem/telemetry.log
+  Review anytime: gitmem telemetry show
+  Disable anytime: gitmem telemetry disable
+```
+
+### Check Status
+
+```bash
+$ gitmem telemetry status
+Telemetry: Enabled
+Session ID: 7a4f2c91 (random, not persistent)
+Events logged: 47 (last 24 hours)
+Last sent: 2 hours ago
+Next batch: in 22 hours
+```
+
+### View Pending Events
+
+```bash
+$ gitmem telemetry show
+Showing last 100 events that will be sent:
+
+[2026-02-20 12:34:56] tool_called: recall (success, 234ms, 3 results)
+[2026-02-20 12:35:12] tool_called: confirm_scars (success, 45ms)
+[2026-02-20 12:40:33] tool_called: create_learning (success, 123ms)
+...
+```
+
+### Disable Telemetry
+
+```bash
+$ gitmem telemetry disable
+✓ Telemetry disabled
+  Pending events: cleared (not sent)
+  Local logs: preserved at .gitmem/telemetry.log
+```
+
+### Clear Local Logs
+
+```bash
+$ gitmem telemetry clear
+✓ Cleared all local telemetry logs
+  (Remote data cannot be deleted — it's already anonymous)
+```
+
+## Data Storage & Retention
+
+- **Local logs:** Stored in `.gitmem/telemetry.log`, rotated after 30 days
+- **Remote storage:** Plausible Analytics (privacy-first, no cookies, GDPR compliant)
+- **Retention:** 90 days aggregate statistics, no raw events stored
+- **Location:** EU servers (GDPR compliant)
+
+## Your Rights
+
+✓ **Right to disable:** One command, instant effect
+✓ **Right to inspect:** View all data before it's sent
+✓ **Right to clarity:** This policy, in plain English
+✓ **Right to privacy:** No tracking, no profiling, no ads
+
+## Public Dashboard
+
+We publish aggregate telemetry data publicly:
+
+**https://gitmem.ai/stats**
+
+- Most-used tools
+- Error rates by version
+- Platform distribution
+- Performance percentiles
+
+This transparency helps the community understand product health and priorities.
+
+## Changes to This Policy
+
+If we change what we collect, we'll:
+1. Update this document with a new version number
+2. Require re-consent before collecting new data types
+3. Announce changes in release notes
+
+## Contact
+
+Questions about privacy or telemetry?
+- **Email:** privacy@gitmem.ai
+- **GitHub:** https://github.com/gitmem-dev/gitmem/issues
+
+---
+
+**Summary:**
+- **Opt-in only** — disabled by default
+- **Zero PII** — no way to identify users
+- **Local-first** — inspect before sending
+- **Easy control** — enable/disable in one command
+- **Transparent** — public dashboard with aggregate stats

README.md

@@ -136,7 +136,7 @@ Add this to your MCP client's config file:
 | **Session analytics** | Spot patterns in what keeps going wrong |
 | **Sub-agent briefing** | Hand institutional context to sub-agents automatically |
 | **Cloud persistence** | Memory survives machine changes, shareable across team |
-| **A/B testing** | Optimize scar phrasing based on what actually changes behavior |
+| **A/B testing analytics** | Measure which scar phrasings actually change agent behavior (free tier includes `GITMEM_NUDGE_VARIANT` for manual testing) |
 
 The free tier gives you everything for solo projects. Pro makes recall smarter and memory portable.
 

bin/gitmem.js

@@ -51,6 +51,9 @@ Other commands:
   npx gitmem-mcp check --full      Full diagnostic with benchmarks
   npx gitmem-mcp install-hooks     Install hooks (standalone)
   npx gitmem-mcp uninstall-hooks   Remove hooks (standalone)
+  npx gitmem-mcp telemetry status  Check telemetry settings
+  npx gitmem-mcp telemetry enable  Enable anonymous usage tracking (opt-in)
+  npx gitmem-mcp telemetry disable Disable usage tracking
   npx gitmem-mcp server            Start MCP server (default)
   npx gitmem-mcp help              Show this help message
 
@@ -200,6 +203,10 @@ async function cmdInit() {
     console.log("Add .gitmem/ to your .gitignore:");
     console.log("  echo '.gitmem/' >> .gitignore");
     console.log("");
+
+    // Prompt for telemetry (optional, non-blocking)
+    promptTelemetryOptIn();
+
     console.log("To upgrade to Pro tier (semantic search + Supabase persistence):");
     console.log("  Set SUPABASE_URL and SUPABASE_SERVICE_ROLE_KEY, then run init again.");
     return;
@@ -686,6 +693,29 @@ function cmdInstallHooks() {
   console.log("  npx gitmem-mcp install-hooks --force");
 }
 
+/**
+ * Prompt user to opt-in to telemetry (non-blocking, async)
+ */
+function promptTelemetryOptIn() {
+  console.log("─────────────────────────────────────────────");
+  console.log("");
+  console.log("Help improve GitMem? (Optional)");
+  console.log("");
+  console.log("Send anonymous usage data to help us understand:");
+  console.log("  • Which features are most useful");
+  console.log("  • Where errors occur");
+  console.log("  • Performance patterns");
+  console.log("");
+  console.log("✓ No queries, scars, or project content");
+  console.log("✓ Randomized ID (not linked to you)");
+  console.log("✓ View all data before it's sent");
+  console.log("✓ Disable anytime");
+  console.log("");
+  console.log("To enable: npx gitmem-mcp telemetry enable");
+  console.log("Privacy policy: https://gitmem.ai/privacy");
+  console.log("");
+}
+
 /**
  * Uninstall gitmem hooks.
  *
@@ -858,6 +888,9 @@ switch (command) {
   case "check":
     import("../dist/commands/check.js").then((m) => m.main(process.argv.slice(3)));
     break;
+  case "telemetry":
+    import("../dist/commands/telemetry.js").then((m) => m.main(process.argv.slice(3)));
+    break;
   case "install-hooks":
     cmdInstallHooks();
     break;

docs/cli-ux-guidelines.md

@@ -434,7 +434,7 @@ Found 3 relevant scars for your plan:      ← chatbot voice
 **Do this instead:**
 
 ```
-((●)) gitmem ── recall · 3 scars · "your plan"   ← ripple + red product name
+((●)) gitmem ── 3 scars to review · "your plan"  ← ripple + implied obligation
                                                   ← whitespace
 [!!] Title (critical, 0.87)                       ← red text severity
                                                   ← breathing room