@blueprintit/shop-os-install 0.5.1 → 0.5.3

package/bin/shop-os-install.js

@@ -21,6 +21,7 @@ import { createInterface } from "node:readline/promises";
 import { stdin, stdout, stderr, exit } from "node:process";
 import { homedir } from "node:os";
 import { join, dirname, resolve } from "node:path";
+import { spawnSync } from "node:child_process";
 import {
   existsSync,
   mkdirSync,
@@ -139,7 +140,7 @@ async function validateLicense(key) {
   const url = `${LICENSE_SERVER}/validate?key=${encodeURIComponent(key)}`;
   let resp;
   try {
-    resp = await fetch(url, { headers: { "user-agent": "shop-os-installer/0.5.1" } });
+    resp = await fetch(url, { headers: { "user-agent": "shop-os-installer/0.5.3" } });
   } catch (e) {
     return { ok: false, error: `network: ${e.message}` };
   }
@@ -173,14 +174,15 @@ function writeJSON(path, obj) {
 }
 
 function ensureMarketplaces(claudeRoot) {
-  // Always (re-)register marketplaces and force-delete any stale clone on
-  // disk. A clone pinned to an old commit is the #1 reason re-installs keep
-  // serving old plugin versions (e.g. obsidian 3.8.0 skills appearing months
-  // after the marketplace shipped 3.12.0). Deleting the directory forces
-  // Claude Code to re-clone from origin on its next launch.
+  // Always (re-)register marketplaces and refresh the on-disk clone to the
+  // latest origin/main. Claude Code does NOT auto-pull marketplace clones, so
+  // a clone left at an old commit (e.g. the 5/20 rebrand snapshot) keeps
+  // serving stale plugins forever. We use git directly to refresh — pull when
+  // possible, fall back to wipe-and-re-clone if pull fails or the directory
+  // isn't a git repo.
   //
   // We still report `added` vs already-known to keep the customer-facing
-  // install output consistent across runs — the cache-wipe is intentionally
+  // install output consistent across runs — the refresh is intentionally
   // invisible.
   const path = join(claudeRoot, "plugins", "known_marketplaces.json");
   const known = readJSON(path, {});
@@ -193,20 +195,47 @@ function ensureMarketplaces(claudeRoot) {
       installLocation,
       lastUpdated: new Date().toISOString(),
     };
-    if (existsSync(installLocation)) {
-      try {
-        rmSync(installLocation, { recursive: true, force: true });
-      } catch {
-        // Best-effort. Locked files on Windows can block removal; in that case
-        // Claude Code will keep using the stale clone. Customer can quit Claude
-        // Code and re-run to recover.
-      }
-    }
+    refreshMarketplaceClone(mp, installLocation);
   }
   writeJSON(path, known);
   return { added, total: MARKETPLACES.length };
 }
 
+function refreshMarketplaceClone(mp, installLocation) {
+  // GitHub HTTPS URL — same form Claude Code uses internally.
+  const repoUrl = `https://github.com/${mp.source.repo}.git`;
+
+  // If a git checkout exists, fast-forward it to origin/main.
+  if (existsSync(join(installLocation, ".git"))) {
+    const fetch = spawnSync("git", ["fetch", "origin", "main", "--depth=1"], {
+      cwd: installLocation,
+      stdio: "ignore",
+    });
+    if (fetch.status === 0) {
+      const reset = spawnSync("git", ["reset", "--hard", "FETCH_HEAD"], {
+        cwd: installLocation,
+        stdio: "ignore",
+      });
+      if (reset.status === 0) return;
+    }
+    // Fetch/reset failed — fall through to wipe + fresh clone.
+  }
+
+  // Wipe anything in the install location before cloning fresh. Best-effort:
+  // locked files on Windows may block removal, in which case clone below will
+  // also fail and the customer falls back to whatever they had.
+  if (existsSync(installLocation)) {
+    try {
+      rmSync(installLocation, { recursive: true, force: true });
+    } catch {
+      // intentional fall-through
+    }
+  }
+
+  mkdirSync(dirname(installLocation), { recursive: true });
+  spawnSync("git", ["clone", "--depth=1", repoUrl, installLocation], { stdio: "ignore" });
+}
+
 function ensurePluginsInstalled(claudeRoot) {
   // Always reset the Shop OS-required plugin entries to a pending user-scope
   // record. A previously-installed pinned entry (e.g. obsidian 3.8.0 from an
@@ -229,6 +258,30 @@ function ensurePluginsInstalled(claudeRoot) {
   const queued = [];
   for (const id of PLUGINS_TO_ENABLE) {
     if (!existing.plugins[id]) queued.push(id);
+
+    // Wipe the plugin's per-version cache directory so Claude Code reinstalls
+    // from the (just-refreshed) marketplace clone instead of loading a stale
+    // pinned version. The cache layout is cache/<marketplace>/<plugin>/<ver>/,
+    // so removing the whole /<plugin>/ subtree clears every cached version.
+    // Other plugins inside cache/<marketplace>/ are left alone.
+    const [pluginName, marketplaceName] = id.split("@");
+    if (pluginName && marketplaceName) {
+      const pluginCacheDir = join(
+        claudeRoot,
+        "plugins",
+        "cache",
+        marketplaceName,
+        pluginName,
+      );
+      if (existsSync(pluginCacheDir)) {
+        try {
+          rmSync(pluginCacheDir, { recursive: true, force: true });
+        } catch {
+          // Best-effort: locked file on Windows leaves the cache in place.
+        }
+      }
+    }
+
     existing.plugins[id] = [
       {
         scope: "user",
@@ -244,6 +297,45 @@ function ensurePluginsInstalled(claudeRoot) {
   return { queued, total: PLUGINS_TO_ENABLE.length };
 }
 
+// Vault-scoped permission allowlist. Non-technical Shop OS customers were hitting
+// constant tool-permission prompts during /bp-setup (~50+ Read/Write/Bash dialogs
+// per onboarding run). These patterns pre-approve the tool surface bp-setup and
+// the daily Shop OS flow actually use, scoped to this vault's project settings —
+// not the user's global settings. Risk model: customer's own paid Claude
+// subscription, own machine, own data; we trade some inbound-injection surface
+// for a workable UX. Writes/edits are intentionally bounded to the vault path.
+function buildPermissionAllowList(vaultPath) {
+  return [
+    // Read-side: bp-setup reads reference templates from the marketplace clone
+    // (~/.claude/plugins/...) AND any context files the user drops in. Read,
+    // Glob, and Grep are low-risk; allow them broadly.
+    "Read",
+    "Glob",
+    "Grep",
+    // Write-side: scope to the vault directory so Claude can't be coaxed into
+    // writing outside it.
+    `Write(${vaultPath}/**)`,
+    `Edit(${vaultPath}/**)`,
+    // Bash: bp-setup creates directories, chmods hooks, finds reference files.
+    // Restrict to the specific subcommands the skill actually invokes.
+    "Bash(mkdir:*)",
+    "Bash(chmod:*)",
+    "Bash(find:*)",
+    "Bash(ls:*)",
+    "Bash(cat:*)",
+    "Bash(grep:*)",
+    "Bash(echo:*)",
+    "Bash(test:*)",
+    "Bash(touch:*)",
+    // Network: bp-setup's Phase B+ fetches links the user pastes (LinkedIn,
+    // About pages, brand guidelines, etc.).
+    "WebFetch",
+    "WebSearch",
+    // Plan tool: surfaced by some Superpowers skills, no need to prompt.
+    "TodoWrite",
+  ];
+}
+
 function enableForVault(vaultPath) {
   const settingsPath = join(vaultPath, ".claude", "settings.json");
   const settings = readJSON(settingsPath, {});
@@ -251,10 +343,57 @@ function enableForVault(vaultPath) {
   for (const id of PLUGINS_TO_ENABLE) {
     settings.enabledPlugins[id] = true;
   }
+  // Merge (don't clobber) any existing permission allowlist a re-install would
+  // have written, then re-add ours. De-dupe by entry string.
+  if (!settings.permissions) settings.permissions = {};
+  const existing = Array.isArray(settings.permissions.allow)
+    ? settings.permissions.allow
+    : [];
+  const ours = buildPermissionAllowList(vaultPath);
+  settings.permissions.allow = Array.from(new Set([...existing, ...ours]));
   writeJSON(settingsPath, settings);
   return settingsPath;
 }
 
+// Pre-empt Claude Code's first-run wizard (theme picker, terminal-setup prompt,
+// onboarding screens) by writing the "already onboarded" flags BEFORE the
+// setup script launches `claude`. The auth/sign-in flow is independent and
+// still happens — we can't bypass that and don't try. Safe to run repeatedly:
+// merges with any existing config rather than overwriting.
+function seedClaudeCodeDefaults(claudeRoot) {
+  const seeded = { onboardingFlags: false, theme: false };
+
+  // ~/.claude.json holds Claude Code's user-state (numStartups, hasCompletedOnboarding,
+  // anonymousId, etc.). Live next to ~/.claude/, not inside it.
+  const userStatePath = join(homedir(), ".claude.json");
+  const userState = readJSON(userStatePath, {});
+  if (!userState.hasCompletedOnboarding) {
+    userState.hasCompletedOnboarding = true;
+    if (!userState.lastOnboardingVersion) userState.lastOnboardingVersion = "1.0.30";
+    seeded.onboardingFlags = true;
+    try {
+      writeFileSync(userStatePath, JSON.stringify(userState, null, 2) + "\n", "utf8");
+    } catch {
+      // best-effort; permission errors here aren't worth blocking the install
+    }
+  }
+
+  // ~/.claude/settings.json holds user-scope settings (theme, permissions, etc.)
+  const settingsPath = join(claudeRoot, "settings.json");
+  const settings = readJSON(settingsPath, {});
+  if (!settings.theme) {
+    settings.theme = "dark";
+    seeded.theme = true;
+    try {
+      writeJSON(settingsPath, settings);
+    } catch {
+      // best-effort
+    }
+  }
+
+  return seeded;
+}
+
 function createVaultClaudeMd(vaultPath, license) {
   const claudeMd = join(vaultPath, "CLAUDE.md");
   if (existsSync(claudeMd)) return false; // do not overwrite an existing vault
@@ -643,15 +782,25 @@ async function main() {
   if (rawResult.created) ok("Raw/ inbox + Raw/processed/ created (drop materials in Raw/ to seed the vault)");
   else info("Raw/ inbox already present (left untouched)");
 
-  print(dim("  [4/6] Enabling plugins for this vault"));
+  print(dim("  [4/7] Enabling plugins + permission allowlist for this vault"));
   const settingsPath = enableForVault(vaultPath);
   ok(`Wrote ${settingsPath.replace(homedir(), "~")}`);
+  info("Pre-approved Read/Write/Edit/Bash patterns so /bp-setup runs without permission prompts");
+
+  print(dim("  [5/7] Pre-seeding Claude Code defaults"));
+  const seeded = seedClaudeCodeDefaults(claudeRoot);
+  if (seeded.onboardingFlags || seeded.theme) {
+    if (seeded.onboardingFlags) ok("Marked Claude Code onboarding complete (skips theme/terminal wizard on first launch)");
+    if (seeded.theme) ok("Set Claude Code theme to dark");
+  } else {
+    info("Claude Code already configured — left existing settings untouched");
+  }
 
-  print(dim("  [5/6] Saving license"));
+  print(dim("  [6/7] Saving license"));
   const licensePath = saveLicenseFile(license);
   ok(`License saved to ${licensePath.replace(homedir(), "~")} (chmod 600)`);
 
-  print(dim("  [6/6] Installing Shop OS Chat launcher"));
+  print(dim("  [7/7] Installing Shop OS Chat launcher"));
   const launcherPath = writeChatLauncher(vaultPath);
   ok(`Wrote ${launcherPath.replace(homedir(), "~")}`);
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@blueprintit/shop-os-install",
-  "version": "0.5.1",
+  "version": "0.5.3",
   "description": "One-command installer for Shop OS — Blueprint IT's AI Operating System for small businesses.",
   "type": "module",
   "bin": {