@codyswann/lisa 1.14.0 → 1.16.0

package/all/copy-overwrite/.claude/hooks/enforce-plan-rules.sh

@@ -0,0 +1,15 @@
+#!/bin/bash
+# Reinjects plan-mode rules on every prompt when Claude is in plan mode.
+# Wired as a UserPromptSubmit hook in .claude/settings.json.
+
+INPUT=$(cat)
+PERMISSION_MODE=$(echo "$INPUT" | jq -r '.permission_mode // "default"')
+
+if [ "$PERMISSION_MODE" = "plan" ]; then
+  PLAN_RULES="$CLAUDE_PROJECT_DIR/.claude/rules/plan.md"
+  if [ -f "$PLAN_RULES" ]; then
+    echo "PLAN MODE RULES (reinforced):"
+    cat "$PLAN_RULES"
+  fi
+fi
+exit 0

package/all/copy-overwrite/.claude/hooks/track-plan-sessions.sh

@@ -0,0 +1,155 @@
+#!/usr/bin/env bash
+#
+# track-plan-sessions.sh - Tracks which sessions work on each plan file
+#
+# Triggered by two hooks:
+#   1. PostToolUse (Write|Edit) - Detects plan file writes via absolute path comparison,
+#      stamps session ID into the plan's ## Sessions table, and saves a session-specific
+#      marker file so subsequent UserPromptSubmit events can reliably find the active plan.
+#   2. UserPromptSubmit - Finds the active plan file by checking for a session-specific
+#      marker file first (set by PostToolUse), falling back to the most recently CREATED
+#      .md file in plans/ (ls -tU on macOS sorts by birth time). This avoids the mtime bug
+#      where another plan file's modification time (e.g., from a hook writing a session ID
+#      to it, or format-on-edit touching it) could cause the wrong file to appear "newest."
+#
+# Marker files: $PLANS_DIR/.active-plan-<session-id> contain the absolute path to the
+# active plan file. Stale markers (>24h) are cleaned up on each invocation.
+#
+# Debug logging: All key decisions are logged to $PLANS_DIR/.track-plan-debug.log for
+# diagnostics if session IDs land in the wrong plan file.
+#
+# Input (via stdin): JSON with session_id, permission_mode, hook_event_name, etc.
+#
+
+set -euo pipefail
+
+INPUT=$(cat)
+
+SESSION_ID=$(echo "$INPUT" | jq -r '.session_id // empty')
+PERMISSION_MODE=$(echo "$INPUT" | jq -r '.permission_mode // "default"')
+HOOK_EVENT=$(echo "$INPUT" | jq -r '.hook_event_name // empty')
+
+# Session ID is required
+if [[ -z "$SESSION_ID" ]]; then
+  exit 0
+fi
+
+# Resolve plans directory from settings (default ./plans)
+PLANS_DIR="./plans"
+SETTINGS_FILE="${CLAUDE_PROJECT_DIR:-.}/.claude/settings.json"
+if [[ -f "$SETTINGS_FILE" ]]; then
+  CONFIGURED_DIR=$(jq -r '.plansDirectory // empty' "$SETTINGS_FILE")
+  if [[ -n "$CONFIGURED_DIR" ]]; then
+    PLANS_DIR="$CONFIGURED_DIR"
+  fi
+fi
+
+# Debug logging
+DEBUG_LOG="$PLANS_DIR/.track-plan-debug.log"
+
+log_debug() {
+  printf '[%s] [%s] [%s] %s\n' \
+    "$(date -u +"%Y-%m-%dT%H:%M:%SZ")" \
+    "$SESSION_ID" \
+    "$HOOK_EVENT" \
+    "$1" >> "$DEBUG_LOG" 2>/dev/null || true
+}
+
+# Session-specific marker file for reliable active-plan detection
+MARKER_FILE="$PLANS_DIR/.active-plan-${SESSION_ID}"
+
+# Clean stale marker files older than 24h
+find "$PLANS_DIR" -name ".active-plan-*" -mmin +1440 -delete 2>/dev/null || true
+
+PLAN_FILE=""
+RESOLUTION_METHOD=""
+
+if [[ "$HOOK_EVENT" == "PostToolUse" ]]; then
+  # Trigger A: Plan file was written/edited
+  FILE_PATH=$(echo "$INPUT" | jq -r '.tool_input.file_path // empty')
+
+  if [[ -z "$FILE_PATH" ]]; then
+    log_debug "PostToolUse: no file_path in tool_input, exiting"
+    exit 0
+  fi
+
+  # Resolve PLANS_DIR to absolute path for comparison
+  ABS_PLANS_DIR=$(cd "$PLANS_DIR" 2>/dev/null && pwd)
+
+  if [[ -z "$ABS_PLANS_DIR" ]]; then
+    log_debug "PostToolUse: could not resolve PLANS_DIR=$PLANS_DIR to absolute path, exiting"
+    exit 0
+  fi
+
+  # Check if the written file is in the plans directory
+  if [[ "$FILE_PATH" == "$ABS_PLANS_DIR"/* ]]; then
+    PLAN_FILE="$FILE_PATH"
+    RESOLUTION_METHOD="PostToolUse-direct"
+    log_debug "PostToolUse: matched plan file=$PLAN_FILE"
+
+    # Save marker so UserPromptSubmit can find this plan reliably
+    echo "$PLAN_FILE" > "$MARKER_FILE"
+    log_debug "PostToolUse: saved marker file=$MARKER_FILE"
+  else
+    log_debug "PostToolUse: file_path=$FILE_PATH not in plans dir=$ABS_PLANS_DIR, exiting"
+    exit 0
+  fi
+
+elif [[ "$HOOK_EVENT" == "UserPromptSubmit" ]]; then
+  # Trigger B: Find the active plan file
+  # Priority 1: Session-specific marker file (reliable — set by PostToolUse when plan was written)
+  if [[ -f "$MARKER_FILE" ]]; then
+    PLAN_FILE=$(cat "$MARKER_FILE")
+    RESOLUTION_METHOD="marker-file"
+    log_debug "UserPromptSubmit: resolved via marker file=$PLAN_FILE"
+  else
+    # Priority 2: Most recently CREATED file (ls -tU on macOS sorts by birth time)
+    PLAN_FILE=$(ls -tU "$PLANS_DIR"/*.md 2>/dev/null | head -1)
+    RESOLUTION_METHOD="fallback-ls-tU"
+    log_debug "UserPromptSubmit: no marker file, fallback ls -tU resolved=$PLAN_FILE"
+  fi
+
+  if [[ -z "$PLAN_FILE" || ! -f "$PLAN_FILE" ]]; then
+    log_debug "UserPromptSubmit: no valid plan file found, exiting"
+    exit 0
+  fi
+else
+  exit 0
+fi
+
+# Verify the plan file exists
+if [[ ! -f "$PLAN_FILE" ]]; then
+  log_debug "plan file=$PLAN_FILE does not exist, exiting"
+  exit 0
+fi
+
+# Check if session ID already exists in the file (dedup)
+if grep -qF "$SESSION_ID" "$PLAN_FILE" 2>/dev/null; then
+  log_debug "dedup: session ID already in $PLAN_FILE (resolved via $RESOLUTION_METHOD), skipping write"
+  exit 0
+fi
+
+# Determine phase from permission_mode
+PHASE=$( [[ "$PERMISSION_MODE" == "plan" ]] && echo "plan" || echo "implement" )
+TIMESTAMP=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
+
+# Check if ## Sessions section exists
+if grep -q "^## Sessions" "$PLAN_FILE" 2>/dev/null; then
+  # Append row to existing table
+  printf '| %s | %s | %s |\n' "$SESSION_ID" "$TIMESTAMP" "$PHASE" >> "$PLAN_FILE"
+else
+  # Create ## Sessions section at end of file
+  {
+    echo ""
+    echo "## Sessions"
+    echo ""
+    echo "<!-- Auto-maintained by track-plan-sessions.sh -->"
+    echo "| Session ID | First Seen | Phase |"
+    echo "|------------|------------|-------|"
+    printf '| %s | %s | %s |\n' "$SESSION_ID" "$TIMESTAMP" "$PHASE"
+  } >> "$PLAN_FILE"
+fi
+
+log_debug "wrote session to $PLAN_FILE (resolved via $RESOLUTION_METHOD, phase=$PHASE)"
+
+exit 0

package/all/copy-overwrite/.claude/rules/plan.md

@@ -0,0 +1,29 @@
+# Plan Mode Rules
+
+These rules are enforced whenever Claude is in plan mode. They are loaded at session start via `.claude/rules/` and reinforced on every prompt via the `enforce-plan-rules.sh` `UserPromptSubmit` hook.
+
+## Required Behaviors
+
+When making a plan:
+
+- Always determine which skills should be used during execution of the plan and include them in the plan
+- Always make sure you understand the correct versions of third party libraries
+- Always save the plan with a name befitting the actual plan contents
+- Always look for code that can be reused for implementation
+- The plan MUST including written instructions to create a task list using TaskCreate for each task. The list should contain items related to the plan and specify that subagents should handle as many in parallel as possible. The following should always be included in the task list
+  - update/add/remove tests, containing the tests that need to get updated, added or removed
+  - update/add/remove documentation (jsdocs, markdown files, etc), containing the documentation that need to get updated, added or removed
+  - archive the plan (to be completed after all other tasks have been completed). This task should explcitly say to:
+    - create a folder named <plan-name> in ./plans/completed
+    - rename this plan to a name befitting the actual plan contents
+    - move it into ./plans/completed/<plan-name>
+    - read the session ids from ./plans/completed/<plan-name>
+    - For each session id, move the ~/.claude/tasks/<session-id> directory to ./plans/completed/<plan-name>/tasks
+- If you're on a protected branch (dev, staging, main), create a new branch named based on the nature of the project and include in the plan pull requests should go to the protected branch you bracnehd from. 
+- If you're on a non-protected branch with an open pull request, submit pushes to the open pull request
+- If you're on a non-protected branch with no existing PR, clarify which protected branch to open the pull request to. 
+- If referencing a ticket (jira, linear, etc), always include the ticket url in your plan
+- If referencing a ticket (jira, linear, etc), always update the ticket with the branch you're working off of
+- If referencing a ticket (jira, linear, etc), always add a comment to the ticket with the finalized plan
+- The `## Sessions` section in plan files is auto-maintained by the `track-plan-sessions.sh` hook — do not manually edit it
+

package/all/copy-overwrite/.claude/settings.json

@@ -10,9 +10,39 @@
             "timeout": 1
           }
         ]
+      },
+      {
+        "matcher": "",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "$CLAUDE_PROJECT_DIR/.claude/hooks/enforce-plan-rules.sh",
+            "timeout": 5
+          }
+        ]
+      },
+      {
+        "matcher": "",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "$CLAUDE_PROJECT_DIR/.claude/hooks/track-plan-sessions.sh",
+            "timeout": 5
+          }
+        ]
       }
     ],
     "PostToolUse": [
+      {
+        "matcher": "Write|Edit",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "$CLAUDE_PROJECT_DIR/.claude/hooks/track-plan-sessions.sh",
+            "timeout": 5
+          }
+        ]
+      },
       {
         "matcher": "TaskCreate|TaskUpdate",
         "hooks": [

package/all/copy-overwrite/CLAUDE.md

@@ -16,7 +16,7 @@ Always use project-relative paths rather than absolute paths in documentation an
 Always ignore build folders (dist, build, etc) unless specified otherwise
 Always delete and remove old code completely - no deprecation needed
 Always add `GIT_SSH_COMMAND="ssh -o ServerAliveInterval=30 -o ServerAliveCountMax=5" ` when running `git push`
-
+Always err on the side of creating a plan before directly executing a coding task 
 
 Never modify this file (CLAUDE.md) directly. To add a memory or learning, add it to .claude/rules/PROJECT_RULES.md or create a skill with /skill-creator.
 Never commit changes to an environment branch (dev, staging, main) directly. This is enforced by the pre-commit hook.
@@ -52,12 +52,5 @@ ONLY use ts-ignore as a last resort and confirm with human before doing so
 ONLY use ts-expect-error as a last resort and confirm with human before doing so
 ONLY use ts-nocheck as a last resort and confirm with human before doing so
 
+Never update CHANGELOG
 
-When making a plan, always determine which skills should be used during execution of the plan and include them in the plan
-When making a plan, always make sure you understand the correct versions of third party libraries
-When making a plan, always create a task list of items related to the plan and specify that subagents should handle as many in parallel as possible
-When making a plan, always save the plan with a name befitting the actual plan contents.
-When making a plan, always look for code that can be reused for implementation
-When making a plan, always include a task to update/add/remove documentation
-
-Never update CHANGELOG

package/cdk/copy-overwrite/tsconfig.eslint.json

@@ -3,9 +3,10 @@
   "compilerOptions": {
     "rootDir": ".",
     "noEmit": true,
+    "allowImportingTsExtensions": true,
     "module": "NodeNext",
     "moduleResolution": "NodeNext"
   },
-  "include": ["lib/**/*", "bin/**/*", "test/**/*", "*.config.ts", "eslint.*.ts"],
+  "include": ["lib/**/*", "bin/**/*", "test/**/*", "*.config.ts", "eslint.*.ts", "jest.*.ts"],
   "exclude": ["node_modules", "dist", "cdk.out"]
 }

package/cdk/create-only/cdk.json

@@ -0,0 +1,23 @@
+{
+  "app": "npx tsx bin/infrastructure.ts",
+  "watch": {
+    "include": ["**"],
+    "exclude": [
+      "README.md",
+      "cdk*.json",
+      "**/*.d.ts",
+      "**/*.js",
+      "tsconfig.json",
+      "package.json",
+      "yarn.lock",
+      "node_modules",
+      "test"
+    ]
+  },
+  "context": {
+    "@aws-cdk/aws-lambda:recognizeLayerVersion": true,
+    "@aws-cdk/core:checkSecretUsage": true,
+    "@aws-cdk-containers/ecs-service-extensions:enableDefaultLogDriver": true,
+    "@aws-cdk/core:target-partitions": ["aws", "aws-cn"]
+  }
+}

package/expo/copy-overwrite/.claude/skills/owasp-zap/SKILL.md

@@ -0,0 +1,56 @@
+# OWASP ZAP Baseline Scanning
+
+OWASP ZAP (Zed Attack Proxy) performs DAST (Dynamic Application Security Testing) by scanning a running application for common security vulnerabilities from the OWASP Top 10.
+
+## When to Use
+
+- After making changes to HTTP headers, authentication, or security middleware
+- Before deploying to staging or production
+- When reviewing security scan results from CI
+- When triaging ZAP findings from pull request checks
+
+## Running Locally
+
+```bash
+# Requires Docker to be installed and running
+bash scripts/zap-baseline.sh
+```
+
+The scan builds the Expo web export, serves it locally, and runs ZAP against it. Reports are saved to `zap-report.html`, `zap-report.json`, and `zap-report.md`.
+
+## Interpreting Results
+
+ZAP findings are categorized by risk level:
+
+| Risk | Action |
+|------|--------|
+| **High** | Fix immediately — indicates exploitable vulnerability |
+| **Medium** | Fix before deployment — security best practice violation |
+| **Low** | Fix when convenient — minor security improvement |
+| **Informational** | Review — may be false positive or acceptable risk |
+
+## Common Findings and Fixes
+
+### Infrastructure-Level (fix at CDN/hosting, not in code)
+
+- **CSP Header Not Set**: Configure Content-Security-Policy at CDN or hosting platform. Expo web exports need `script-src 'self' 'unsafe-inline'` for hydration.
+- **HSTS Not Set**: Configure Strict-Transport-Security at CDN/load balancer.
+- **X-Frame-Options**: Use `frame-ancestors` in CSP at CDN level.
+
+### Application-Level (fix in code)
+
+- **Cookie flags missing**: Ensure all cookies set `HttpOnly`, `Secure`, and `SameSite` attributes.
+- **Debug error messages**: Ensure error boundaries don't leak stack traces in production.
+- **Server version disclosure**: Remove or mask the `Server` response header.
+
+## Configuration
+
+ZAP scan rules are configured in `.zap/baseline.conf`. Each line controls how ZAP treats a specific rule:
+
+- `IGNORE`: Skip the rule entirely
+- `WARN`: Report finding but don't fail the build
+- `FAIL`: Fail the build if this finding is detected
+
+## CI Integration
+
+ZAP runs automatically in CI via the `zap-baseline.yml` workflow. Results are uploaded as artifacts and the build fails on medium+ severity findings.

package/expo/copy-overwrite/.claude/skills/testing-library/SKILL.md

@@ -190,17 +190,12 @@ test("sets isSubmitting to true", () => {});
 
 ## Jest Configuration
 
-### Use jest-expo Universal Preset
+### Manual React Native Resolution (No Preset)
 
-Configure Jest to test across all Expo platforms:
-
-```json
-{
-  "jest": {
-    "preset": "jest-expo/universal"
-  }
-}
-```
+Lisa configures Jest manually instead of using the `jest-expo` preset to avoid
+jsdom incompatibility with `react-native/jest/setup.js`. The configuration in
+`jest.expo.ts` provides haste, resolver, transform, and setupFiles that match
+the preset's behavior without redefining `window`.
 
 ### Use Fake Timers with userEvent
 

package/expo/copy-overwrite/.github/workflows/zap-baseline.yml

@@ -0,0 +1,107 @@
+# This file is managed by Lisa.
+# Do not edit directly — changes will be overwritten on the next `lisa` run.
+
+name: ZAP Baseline Scan (Expo)
+
+on:
+  workflow_call:
+    inputs:
+      node_version:
+        description: 'Node.js version to use'
+        required: false
+        default: '22.21.1'
+        type: string
+      package_manager:
+        description: 'Package manager to use (npm, yarn, or bun)'
+        required: false
+        default: 'bun'
+        type: string
+      zap_target_url:
+        description: 'Override URL for ZAP to scan (default: http://localhost:3000)'
+        required: false
+        default: 'http://localhost:3000'
+        type: string
+      zap_rules_file:
+        description: 'Path to ZAP rules configuration file'
+        required: false
+        default: '.zap/baseline.conf'
+        type: string
+
+jobs:
+  zap_baseline:
+    name: ZAP Baseline Scan
+    runs-on: ubuntu-latest
+    timeout-minutes: 20
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: ${{ inputs.node_version }}
+          cache: ${{ inputs.package_manager != 'bun' && inputs.package_manager || '' }}
+
+      - name: Setup Bun
+        if: inputs.package_manager == 'bun'
+        uses: oven-sh/setup-bun@v2
+        with:
+          bun-version: '1.3.8'
+
+      - name: Install dependencies
+        run: |
+          if [ "${{ inputs.package_manager }}" = "npm" ]; then
+            npm ci
+          elif [ "${{ inputs.package_manager }}" = "yarn" ]; then
+            yarn install --frozen-lockfile
+          elif [ "${{ inputs.package_manager }}" = "bun" ]; then
+            bun install --frozen-lockfile
+          fi
+
+      - name: Build web export
+        run: npx expo export --platform web
+
+      - name: Start static server
+        run: |
+          npx serve dist -l 3000 &
+          SERVER_PID=$!
+          echo "SERVER_PID=$SERVER_PID" >> $GITHUB_ENV
+          sleep 5
+          curl -sf http://localhost:3000 > /dev/null || (echo "Static server failed to start" && exit 1)
+
+      - name: Check for ZAP rules file
+        id: check_rules
+        run: |
+          if [ -f "${{ inputs.zap_rules_file }}" ]; then
+            echo "has_rules=true" >> $GITHUB_OUTPUT
+          else
+            echo "has_rules=false" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Run ZAP baseline scan
+        uses: zaproxy/action-baseline@v0.14.0
+        with:
+          target: ${{ inputs.zap_target_url }}
+          rules_file_name: ${{ steps.check_rules.outputs.has_rules == 'true' && inputs.zap_rules_file || '' }}
+          fail_action: true
+          allow_issue_writing: false
+          artifact_name: 'zap-report-expo'
+
+      - name: Stop static server
+        if: always()
+        run: |
+          if [ -n "$SERVER_PID" ]; then
+            kill "$SERVER_PID" 2>/dev/null || true
+          fi
+
+      - name: Upload ZAP report
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: zap-baseline-report-expo-${{ github.run_id }}
+          path: |
+            zap-report.html
+            zap-report.json
+            zap-report.md
+          retention-days: 14

package/expo/copy-overwrite/.zap/baseline.conf

@@ -0,0 +1,36 @@
+# OWASP ZAP Baseline Scan Configuration — Expo Web Apps
+# Format: <rule_id> <action> <description>
+# Actions: IGNORE (skip rule), WARN (report but don't fail), FAIL (fail on finding)
+#
+# Tuned for Expo static web exports served behind CDN/reverse proxy in production.
+# Rules that are infrastructure-level (handled by CDN/hosting) are set to WARN.
+
+# CSP header — Expo web exports typically need inline scripts for hydration;
+# CSP is best enforced at the CDN/hosting layer with appropriate nonces.
+10038	WARN	(Content Security Policy (CSP) Header Not Set)
+
+# X-Content-Type-Options — should be set at CDN/hosting layer
+10021	WARN	(X-Content-Type-Options Header Missing)
+
+# Strict-Transport-Security — enforced at CDN/load balancer level
+10035	WARN	(Strict-Transport-Security Header Not Set)
+
+# X-Frame-Options — enforced at CDN/hosting layer; CSP frame-ancestors preferred
+10020	WARN	(X-Frame-Options Header Not Set)
+
+# Permissions-Policy — not critical for most Expo apps but good practice
+10063	WARN	(Permissions Policy Header Not Set)
+
+# Server header disclosure — static server in CI, not production concern
+10036	WARN	(Server Leaks Version Information via "Server" HTTP Response Header Field)
+
+# Cookie flags — Expo static sites typically don't set cookies
+10010	IGNORE	(Cookie No HttpOnly Flag)
+10011	IGNORE	(Cookie Without Secure Flag)
+10054	IGNORE	(Cookie without SameSite Attribute)
+
+# Information disclosure in URL — Expo router may use query params legitimately
+10024	WARN	(Information Disclosure - Sensitive Information in URL)
+
+# Cross-domain JavaScript source — Expo uses CDN-hosted scripts legitimately
+10017	WARN	(Cross-Domain JavaScript Source File Inclusion)

package/expo/copy-overwrite/jest.expo.ts

@@ -6,14 +6,32 @@
 /**
  * Jest Configuration - Expo Stack
  *
- * Provides Expo/React Native-specific Jest configuration.
- * Extends the base Jest utilities for coverage thresholds and merging.
+ * Provides Expo/React Native-specific Jest configuration without using
+ * the `jest-expo` preset directly. The preset's `setupFiles` include
+ * `react-native/jest/setup.js` which redefines `window` via
+ * `Object.defineProperties` — incompatible with jsdom's non-configurable
+ * `window` property, causing "Cannot redefine property: window" errors.
+ *
+ * Instead, this config manually replicates the preset's resolution,
+ * transform, and haste settings without any preset setupFiles.
+ *
+ * `setupFiles` is intentionally empty because `jest-expo/src/preset/setup.js`
+ * requires `__DEV__` to be defined before it runs, and `mergeConfigs`
+ * concatenates arrays with base entries first — making it impossible for
+ * project-local setupFiles to prepend a `__DEV__` definition. Projects
+ * should add their own setupFiles in `jest.config.local.ts` with the
+ * correct ordering (define globals first, then load jest-expo setup).
+ *
+ * Coverage collection is scoped to standard Expo source directories
+ * rather than a catch-all glob, preventing config files, scripts, and
+ * plugins from distorting coverage numbers.
  *
  * Inheritance chain:
  *   jest.expo.ts (this file)
  *   └── jest.base.ts
  *
  * @see https://jestjs.io/docs/configuration
+ * @see https://github.com/expo/expo/issues/40184
  * @module jest.expo
  */
 import type { Config } from "jest";
@@ -47,27 +65,55 @@ interface ExpoJestOptions {
  * @param options - Configuration options for threshold overrides
  * @param options.thresholds - Coverage thresholds (merged defaults + project overrides)
  * @returns Jest config object with jsdom environment, babel-jest transform, and React Native resolver
- * @remarks Uses jest-expo preset which provides platform-specific test resolution
- * and proper React Native module mocking out of the box.
+ * @remarks Avoids `jest-expo` preset to prevent jsdom + `react-native/jest/setup.js`
+ * incompatibility. Manually configures haste, resolver, and transform to match the
+ * preset's behavior without the problematic window redefinition. `setupFiles` is
+ * empty — projects must provide their own in `jest.config.local.ts` with correct
+ * ordering (define `__DEV__` before loading `jest-expo/src/preset/setup.js`).
  */
 export const getExpoJestConfig = ({
   thresholds = defaultThresholds,
 }: ExpoJestOptions = {}): Config => ({
-  preset: "jest-expo",
   testEnvironment: "jsdom",
-  testMatch: [
-    "<rootDir>/**/*.test.ts",
-    "<rootDir>/**/*.test.tsx",
-    "<rootDir>/**/__tests__/**/*.ts",
-    "<rootDir>/**/__tests__/**/*.tsx",
-  ],
+  haste: {
+    defaultPlatform: "ios",
+    platforms: ["android", "ios", "native"],
+  },
+  resolver: "react-native/jest/resolver.js",
+  setupFiles: [],
+  transform: {
+    "\\.[jt]sx?$": [
+      "babel-jest",
+      {
+        caller: {
+          name: "metro",
+          bundler: "metro",
+          platform: "ios",
+        },
+      },
+    ],
+    "^.+\\.(bmp|gif|jpg|jpeg|mp4|png|psd|svg|webp|ttf|otf|woff|woff2)$":
+      "jest-expo/src/preset/assetFileTransformer.js",
+  },
+  testMatch: ["<rootDir>/**/*.test.ts", "<rootDir>/**/*.test.tsx"],
   testPathIgnorePatterns: ["/node_modules/", "/dist/", "/.expo/"],
   transformIgnorePatterns: [
-    "node_modules/(?!((jest-)?react-native|@react-native(-community)?)|expo(nent)?|@expo(nent)?/.*|@expo-google-fonts/.*|react-navigation|@react-navigation/.*|@sentry/react-native|native-base|react-native-svg|@gluestack-ui/.*|@gluestack-style/.*|nativewind|react-native-css-interop)",
+    "node_modules/(?!((jest-)?react-native|@react-native(-community)?)|expo(nent)?|@expo(nent)?/.*|@expo-google-fonts/.*|react-navigation|@react-navigation/.*|@sentry/react-native|native-base|react-native-svg|@gluestack-ui/.*|@gluestack-style/.*|nativewind|react-native-css-interop|react-native-reanimated|react-native-worklets|lucide-react-native|@gorhom|@shopify)",
   ],
   moduleFileExtensions: ["ts", "tsx", "js", "jsx", "json", "node"],
   collectCoverageFrom: [
-    "**/*.{ts,tsx}",
+    "app/**/*.{ts,tsx}",
+    "components/**/*.{ts,tsx}",
+    "config/**/*.{ts,tsx}",
+    "constants/**/*.{ts,tsx}",
+    "features/**/*.{ts,tsx}",
+    "hooks/**/*.{ts,tsx}",
+    "lib/**/*.{ts,tsx}",
+    "providers/**/*.{ts,tsx}",
+    "shared/**/*.{ts,tsx}",
+    "stores/**/*.{ts,tsx}",
+    "types/**/*.{ts,tsx}",
+    "utils/**/*.{ts,tsx}",
     "!**/*.d.ts",
     ...defaultCoverageExclusions,
   ],

package/expo/copy-overwrite/knip.json

@@ -53,7 +53,7 @@
     "**/metro.config.js",
     "**/babel.config.js"
   ],
-  "ignoreBinaries": ["audit", "ast-grep", "maestro", "eas", "source-map-explorer"],
+  "ignoreBinaries": ["ast-grep", "audit", "eas", "maestro", "serve", "source-map-explorer"],
   "ignoreDependencies": [
     "@dnd-kit/modifiers",
     "@expo-google-fonts/inter",