@codyswann/lisa 2.141.1 → 2.142.0

package/cdk/create-only/tsconfig.local.json

@@ -1,4 +1,12 @@
 {
-  "include": ["lib/**/*", "bin/**/*", "test/**/*"],
-  "exclude": ["node_modules", "cdk.out"]
+  "include": [
+    "lib/**/*",
+    "bin/**/*",
+    "test/**/*"
+  ],
+  "exclude": [
+    "node_modules",
+    "cdk.out"
+  ],
+  "files": []
 }

package/dist/migrations/ensure-tsconfig-local-files-fallback.d.ts

@@ -0,0 +1,40 @@
+import type { Migration, MigrationContext, MigrationResult } from "./migration.interface.js";
+/**
+ * Migration: add an empty `files` array to tsconfig.local.json.
+ *
+ * Background: the stack tsconfig.local.json templates declare
+ * `include: ["src/**\/*"]`. A source-less repo (e.g. a SOC2 / infra-config
+ * project that ships only root-level *.config.ts and no `src/`) has an
+ * `include` that matches zero files, so `tsc --noEmit` aborts with
+ * `error TS18003: No inputs were found in config file`. That failure trips
+ * the lisa-managed typecheck pre-commit hook and blocks every commit, even
+ * though there is genuinely nothing to type-check.
+ *
+ * TypeScript treats an explicit (even empty) `files` array as an intentional
+ * file list and therefore does NOT raise TS18003. Crucially, when `include`
+ * also matches real sources the compiled program is the UNION of `files` and
+ * the `include` matches — so an empty `files` is a no-op for projects that
+ * have sources (they are still fully type-checked) and a graceful success for
+ * source-less ones. This is a posture change for empty-input tolerance, NOT a
+ * relaxation of any check.
+ *
+ * The key is injected only when absent, so a project that intentionally pins a
+ * non-empty `files` list keeps it.
+ */
+export declare class EnsureTsconfigLocalFilesFallbackMigration implements Migration {
+    readonly name = "ensure-tsconfig-local-files-fallback";
+    readonly description = "Add an empty `files` array to tsconfig.local.json so source-less projects pass tsc (TS18003) without disabling typechecking";
+    /**
+     * Check whether this migration should run on the project
+     * @param ctx - Migration context
+     * @returns True when tsconfig.local.json exists but has no `files` key
+     */
+    applies(ctx: MigrationContext): Promise<boolean>;
+    /**
+     * Apply the migration, injecting an empty `files` array when absent
+     * @param ctx - Migration context
+     * @returns Result describing the action taken
+     */
+    apply(ctx: MigrationContext): Promise<MigrationResult>;
+}
+//# sourceMappingURL=ensure-tsconfig-local-files-fallback.d.ts.map

package/dist/migrations/ensure-tsconfig-local-files-fallback.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ensure-tsconfig-local-files-fallback.d.ts","sourceRoot":"","sources":["../../src/migrations/ensure-tsconfig-local-files-fallback.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EACV,SAAS,EACT,gBAAgB,EAChB,eAAe,EAChB,MAAM,0BAA0B,CAAC;AAYlC;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,qBAAa,yCAA0C,YAAW,SAAS;IACzE,QAAQ,CAAC,IAAI,0CAA0C;IACvD,QAAQ,CAAC,WAAW,iIAC4G;IAEhI;;;;OAIG;IACG,OAAO,CAAC,GAAG,EAAE,gBAAgB,GAAG,OAAO,CAAC,OAAO,CAAC;IAStD;;;;OAIG;IACG,KAAK,CAAC,GAAG,EAAE,gBAAgB,GAAG,OAAO,CAAC,eAAe,CAAC;CA+B7D"}

package/dist/migrations/ensure-tsconfig-local-files-fallback.js

@@ -0,0 +1,76 @@
+import * as path from "node:path";
+import * as fse from "fs-extra";
+import { readJsonOrNull, writeJson } from "../utils/json-utils.js";
+const TSCONFIG_LOCAL = "tsconfig.local.json";
+/**
+ * Migration: add an empty `files` array to tsconfig.local.json.
+ *
+ * Background: the stack tsconfig.local.json templates declare
+ * `include: ["src/**\/*"]`. A source-less repo (e.g. a SOC2 / infra-config
+ * project that ships only root-level *.config.ts and no `src/`) has an
+ * `include` that matches zero files, so `tsc --noEmit` aborts with
+ * `error TS18003: No inputs were found in config file`. That failure trips
+ * the lisa-managed typecheck pre-commit hook and blocks every commit, even
+ * though there is genuinely nothing to type-check.
+ *
+ * TypeScript treats an explicit (even empty) `files` array as an intentional
+ * file list and therefore does NOT raise TS18003. Crucially, when `include`
+ * also matches real sources the compiled program is the UNION of `files` and
+ * the `include` matches — so an empty `files` is a no-op for projects that
+ * have sources (they are still fully type-checked) and a graceful success for
+ * source-less ones. This is a posture change for empty-input tolerance, NOT a
+ * relaxation of any check.
+ *
+ * The key is injected only when absent, so a project that intentionally pins a
+ * non-empty `files` list keeps it.
+ */
+export class EnsureTsconfigLocalFilesFallbackMigration {
+    name = "ensure-tsconfig-local-files-fallback";
+    description = "Add an empty `files` array to tsconfig.local.json so source-less projects pass tsc (TS18003) without disabling typechecking";
+    /**
+     * Check whether this migration should run on the project
+     * @param ctx - Migration context
+     * @returns True when tsconfig.local.json exists but has no `files` key
+     */
+    async applies(ctx) {
+        const tsconfigLocalPath = path.join(ctx.projectDir, TSCONFIG_LOCAL);
+        const existing = await readJsonOrNull(tsconfigLocalPath);
+        if (!existing) {
+            return false;
+        }
+        return existing.files === undefined;
+    }
+    /**
+     * Apply the migration, injecting an empty `files` array when absent
+     * @param ctx - Migration context
+     * @returns Result describing the action taken
+     */
+    async apply(ctx) {
+        const tsconfigLocalPath = path.join(ctx.projectDir, TSCONFIG_LOCAL);
+        const existing = await readJsonOrNull(tsconfigLocalPath);
+        if (!existing || existing.files !== undefined) {
+            return { name: this.name, action: "noop" };
+        }
+        const patched = { ...existing, files: [] };
+        const message = "Added empty `files` array to tsconfig.local.json (TS18003 fallback)";
+        if (ctx.dryRun) {
+            ctx.logger.dry(`Would add empty \`files\` array to ${TSCONFIG_LOCAL}`);
+            return {
+                name: this.name,
+                action: "applied",
+                changedFiles: [TSCONFIG_LOCAL],
+                message,
+            };
+        }
+        await fse.ensureDir(path.dirname(tsconfigLocalPath));
+        await writeJson(tsconfigLocalPath, patched);
+        ctx.logger.success(message);
+        return {
+            name: this.name,
+            action: "applied",
+            changedFiles: [TSCONFIG_LOCAL],
+            message,
+        };
+    }
+}
+//# sourceMappingURL=ensure-tsconfig-local-files-fallback.js.map

package/dist/migrations/ensure-tsconfig-local-files-fallback.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ensure-tsconfig-local-files-fallback.js","sourceRoot":"","sources":["../../src/migrations/ensure-tsconfig-local-files-fallback.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAClC,OAAO,KAAK,GAAG,MAAM,UAAU,CAAC;AAChC,OAAO,EAAE,cAAc,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAC;AAOnE,MAAM,cAAc,GAAG,qBAAqB,CAAC;AAU7C;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,MAAM,OAAO,yCAAyC;IAC3C,IAAI,GAAG,sCAAsC,CAAC;IAC9C,WAAW,GAClB,6HAA6H,CAAC;IAEhI;;;;OAIG;IACH,KAAK,CAAC,OAAO,CAAC,GAAqB;QACjC,MAAM,iBAAiB,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,UAAU,EAAE,cAAc,CAAC,CAAC;QACpE,MAAM,QAAQ,GAAG,MAAM,cAAc,CAAe,iBAAiB,CAAC,CAAC;QACvE,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,OAAO,KAAK,CAAC;QACf,CAAC;QACD,OAAO,QAAQ,CAAC,KAAK,KAAK,SAAS,CAAC;IACtC,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,KAAK,CAAC,GAAqB;QAC/B,MAAM,iBAAiB,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,UAAU,EAAE,cAAc,CAAC,CAAC;QACpE,MAAM,QAAQ,GAAG,MAAM,cAAc,CAAe,iBAAiB,CAAC,CAAC;QACvE,IAAI,CAAC,QAAQ,IAAI,QAAQ,CAAC,KAAK,KAAK,SAAS,EAAE,CAAC;YAC9C,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC;QAC7C,CAAC;QAED,MAAM,OAAO,GAAiB,EAAE,GAAG,QAAQ,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC;QACzD,MAAM,OAAO,GACX,qEAAqE,CAAC;QAExE,IAAI,GAAG,CAAC,MAAM,EAAE,CAAC;YACf,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,sCAAsC,cAAc,EAAE,CAAC,CAAC;YACvE,OAAO;gBACL,IAAI,EAAE,IAAI,CAAC,IAAI;gBACf,MAAM,EAAE,SAAS;gBACjB,YAAY,EAAE,CAAC,cAAc,CAAC;gBAC9B,OAAO;aACR,CAAC;QACJ,CAAC;QAED,MAAM,GAAG,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,iBAAiB,CAAC,CAAC,CAAC;QACrD,MAAM,SAAS,CAAC,iBAAiB,EAAE,OAAO,CAAC,CAAC;QAC5C,GAAG,CAAC,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC5B,OAAO;YACL,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,MAAM,EAAE,SAAS;YACjB,YAAY,EAAE,CAAC,cAAc,CAAC;YAC9B,OAAO;SACR,CAAC;IACJ,CAAC;CACF"}

package/dist/migrations/index.d.ts

@@ -2,6 +2,7 @@ import type { Migration, MigrationContext, MigrationResult } from "./migration.i
 export type { Migration, MigrationAction, MigrationContext, MigrationResult, } from "./migration.interface.js";
 export { EnsureAuditIgnoreLocalExclusionsMigration } from "./ensure-audit-ignore-local-exclusions.js";
 export { EnsureLisaPostinstallMigration } from "./ensure-lisa-postinstall.js";
+export { EnsureTsconfigLocalFilesFallbackMigration } from "./ensure-tsconfig-local-files-fallback.js";
 export { EnsureTsconfigLocalIncludesMigration } from "./ensure-tsconfig-local-includes.js";
 /**
  * Registry that runs applicable migrations against a destination project

package/dist/migrations/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/migrations/index.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EACV,SAAS,EACT,gBAAgB,EAChB,eAAe,EAChB,MAAM,0BAA0B,CAAC;AAElC,YAAY,EACV,SAAS,EACT,eAAe,EACf,gBAAgB,EAChB,eAAe,GAChB,MAAM,0BAA0B,CAAC;AAClC,OAAO,EAAE,yCAAyC,EAAE,MAAM,2CAA2C,CAAC;AACtG,OAAO,EAAE,8BAA8B,EAAE,MAAM,8BAA8B,CAAC;AAC9E,OAAO,EAAE,oCAAoC,EAAE,MAAM,qCAAqC,CAAC;AAE3F;;GAEG;AACH,qBAAa,iBAAiB;IAC5B,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAuB;IAElD;;;OAGG;gBACS,UAAU,CAAC,EAAE,SAAS,SAAS,EAAE;IAQ7C;;;OAGG;IACH,MAAM,IAAI,SAAS,SAAS,EAAE;IAI9B;;;;OAIG;IACG,mBAAmB,CAAC,GAAG,EAAE,gBAAgB,GAAG,OAAO,CAAC,IAAI,CAAC;IAQ/D;;;;OAIG;IACG,MAAM,CAAC,GAAG,EAAE,gBAAgB,GAAG,OAAO,CAAC,SAAS,eAAe,EAAE,CAAC;CAazE;AAED;;;GAGG;AACH,wBAAgB,uBAAuB,IAAI,iBAAiB,CAE3D"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/migrations/index.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EACV,SAAS,EACT,gBAAgB,EAChB,eAAe,EAChB,MAAM,0BAA0B,CAAC;AAElC,YAAY,EACV,SAAS,EACT,eAAe,EACf,gBAAgB,EAChB,eAAe,GAChB,MAAM,0BAA0B,CAAC;AAClC,OAAO,EAAE,yCAAyC,EAAE,MAAM,2CAA2C,CAAC;AACtG,OAAO,EAAE,8BAA8B,EAAE,MAAM,8BAA8B,CAAC;AAC9E,OAAO,EAAE,yCAAyC,EAAE,MAAM,2CAA2C,CAAC;AACtG,OAAO,EAAE,oCAAoC,EAAE,MAAM,qCAAqC,CAAC;AAE3F;;GAEG;AACH,qBAAa,iBAAiB;IAC5B,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAuB;IAElD;;;OAGG;gBACS,UAAU,CAAC,EAAE,SAAS,SAAS,EAAE;IAS7C;;;OAGG;IACH,MAAM,IAAI,SAAS,SAAS,EAAE;IAI9B;;;;OAIG;IACG,mBAAmB,CAAC,GAAG,EAAE,gBAAgB,GAAG,OAAO,CAAC,IAAI,CAAC;IAQ/D;;;;OAIG;IACG,MAAM,CAAC,GAAG,EAAE,gBAAgB,GAAG,OAAO,CAAC,SAAS,eAAe,EAAE,CAAC;CAazE;AAED;;;GAGG;AACH,wBAAgB,uBAAuB,IAAI,iBAAiB,CAE3D"}

package/dist/migrations/index.js

@@ -1,8 +1,10 @@
 import { EnsureAuditIgnoreLocalExclusionsMigration } from "./ensure-audit-ignore-local-exclusions.js";
 import { EnsureLisaPostinstallMigration } from "./ensure-lisa-postinstall.js";
+import { EnsureTsconfigLocalFilesFallbackMigration } from "./ensure-tsconfig-local-files-fallback.js";
 import { EnsureTsconfigLocalIncludesMigration } from "./ensure-tsconfig-local-includes.js";
 export { EnsureAuditIgnoreLocalExclusionsMigration } from "./ensure-audit-ignore-local-exclusions.js";
 export { EnsureLisaPostinstallMigration } from "./ensure-lisa-postinstall.js";
+export { EnsureTsconfigLocalFilesFallbackMigration } from "./ensure-tsconfig-local-files-fallback.js";
 export { EnsureTsconfigLocalIncludesMigration } from "./ensure-tsconfig-local-includes.js";
 /**
  * Registry that runs applicable migrations against a destination project
@@ -16,6 +18,7 @@ export class MigrationRegistry {
     constructor(migrations) {
         this.migrations = migrations ?? [
             new EnsureTsconfigLocalIncludesMigration(),
+            new EnsureTsconfigLocalFilesFallbackMigration(),
             new EnsureAuditIgnoreLocalExclusionsMigration(),
             new EnsureLisaPostinstallMigration(),
         ];

package/dist/migrations/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/migrations/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,yCAAyC,EAAE,MAAM,2CAA2C,CAAC;AACtG,OAAO,EAAE,8BAA8B,EAAE,MAAM,8BAA8B,CAAC;AAC9E,OAAO,EAAE,oCAAoC,EAAE,MAAM,qCAAqC,CAAC;AAa3F,OAAO,EAAE,yCAAyC,EAAE,MAAM,2CAA2C,CAAC;AACtG,OAAO,EAAE,8BAA8B,EAAE,MAAM,8BAA8B,CAAC;AAC9E,OAAO,EAAE,oCAAoC,EAAE,MAAM,qCAAqC,CAAC;AAE3F;;GAEG;AACH,MAAM,OAAO,iBAAiB;IACX,UAAU,CAAuB;IAElD;;;OAGG;IACH,YAAY,UAAiC;QAC3C,IAAI,CAAC,UAAU,GAAG,UAAU,IAAI;YAC9B,IAAI,oCAAoC,EAAE;YAC1C,IAAI,yCAAyC,EAAE;YAC/C,IAAI,8BAA8B,EAAE;SACrC,CAAC;IACJ,CAAC;IAED;;;OAGG;IACH,MAAM;QACJ,OAAO,IAAI,CAAC,UAAU,CAAC;IACzB,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,mBAAmB,CAAC,GAAqB;QAC7C,KAAK,MAAM,SAAS,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;YACxC,IAAI,SAAS,CAAC,gBAAgB,EAAE,CAAC;gBAC/B,MAAM,SAAS,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAC;YACxC,CAAC;QACH,CAAC;IACH,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,MAAM,CAAC,GAAqB;QAChC,MAAM,OAAO,GAAsB,EAAE,CAAC;QACtC,KAAK,MAAM,SAAS,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;YACxC,MAAM,SAAS,GAAG,MAAM,SAAS,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;YAC/C,IAAI,CAAC,SAAS,EAAE,CAAC;gBACf,OAAO,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,SAAS,CAAC,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC,CAAC;gBAC1D,SAAS;YACX,CAAC;YACD,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YAC1C,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACvB,CAAC;QACD,OAAO,OAAO,CAAC;IACjB,CAAC;CACF;AAED;;;GAGG;AACH,MAAM,UAAU,uBAAuB;IACrC,OAAO,IAAI,iBAAiB,EAAE,CAAC;AACjC,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/migrations/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,yCAAyC,EAAE,MAAM,2CAA2C,CAAC;AACtG,OAAO,EAAE,8BAA8B,EAAE,MAAM,8BAA8B,CAAC;AAC9E,OAAO,EAAE,yCAAyC,EAAE,MAAM,2CAA2C,CAAC;AACtG,OAAO,EAAE,oCAAoC,EAAE,MAAM,qCAAqC,CAAC;AAa3F,OAAO,EAAE,yCAAyC,EAAE,MAAM,2CAA2C,CAAC;AACtG,OAAO,EAAE,8BAA8B,EAAE,MAAM,8BAA8B,CAAC;AAC9E,OAAO,EAAE,yCAAyC,EAAE,MAAM,2CAA2C,CAAC;AACtG,OAAO,EAAE,oCAAoC,EAAE,MAAM,qCAAqC,CAAC;AAE3F;;GAEG;AACH,MAAM,OAAO,iBAAiB;IACX,UAAU,CAAuB;IAElD;;;OAGG;IACH,YAAY,UAAiC;QAC3C,IAAI,CAAC,UAAU,GAAG,UAAU,IAAI;YAC9B,IAAI,oCAAoC,EAAE;YAC1C,IAAI,yCAAyC,EAAE;YAC/C,IAAI,yCAAyC,EAAE;YAC/C,IAAI,8BAA8B,EAAE;SACrC,CAAC;IACJ,CAAC;IAED;;;OAGG;IACH,MAAM;QACJ,OAAO,IAAI,CAAC,UAAU,CAAC;IACzB,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,mBAAmB,CAAC,GAAqB;QAC7C,KAAK,MAAM,SAAS,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;YACxC,IAAI,SAAS,CAAC,gBAAgB,EAAE,CAAC;gBAC/B,MAAM,SAAS,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAC;YACxC,CAAC;QACH,CAAC;IACH,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,MAAM,CAAC,GAAqB;QAChC,MAAM,OAAO,GAAsB,EAAE,CAAC;QACtC,KAAK,MAAM,SAAS,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;YACxC,MAAM,SAAS,GAAG,MAAM,SAAS,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;YAC/C,IAAI,CAAC,SAAS,EAAE,CAAC;gBACf,OAAO,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,SAAS,CAAC,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC,CAAC;gBAC1D,SAAS;YACX,CAAC;YACD,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YAC1C,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACvB,CAAC;QACD,OAAO,OAAO,CAAC;IACjB,CAAC;CACF;AAED;;;GAGG;AACH,MAAM,UAAU,uBAAuB;IACrC,OAAO,IAAI,iBAAiB,EAAE,CAAC;AACjC,CAAC"}

package/expo/create-only/tsconfig.local.json

@@ -1,10 +1,24 @@
 {
   "compilerOptions": {
     "paths": {
-      "@/graphql/*": ["./generated/*"],
-      "@/*": ["./*"]
+      "@/graphql/*": [
+        "./generated/*"
+      ],
+      "@/*": [
+        "./*"
+      ]
     }
   },
-  "include": ["**/*.ts", "**/*.tsx", "nativewind-env.d.ts"],
-  "exclude": ["node_modules", "dist", "web-build", "components/ui"]
+  "include": [
+    "**/*.ts",
+    "**/*.tsx",
+    "nativewind-env.d.ts"
+  ],
+  "exclude": [
+    "node_modules",
+    "dist",
+    "web-build",
+    "components/ui"
+  ],
+  "files": []
 }

package/nestjs/create-only/tsconfig.local.json

@@ -3,9 +3,20 @@
     "outDir": ".build",
     "rootDir": "src",
     "paths": {
-      "@/*": ["./src/*"]
+      "@/*": [
+        "./src/*"
+      ]
     }
   },
-  "include": ["src/**/*"],
-  "exclude": ["node_modules", ".build", "dist", "**/*.test.ts", "**/*.spec.ts"]
+  "include": [
+    "src/**/*"
+  ],
+  "exclude": [
+    "node_modules",
+    ".build",
+    "dist",
+    "**/*.test.ts",
+    "**/*.spec.ts"
+  ],
+  "files": []
 }

package/package.json

@@ -84,7 +84,7 @@
     "lodash": ">=4.18.1"
   },
   "name": "@codyswann/lisa",
-  "version": "2.141.1",
+  "version": "2.142.0",
   "description": "Claude Code governance framework that applies guardrails, guidance, and automated enforcement to projects",
   "main": "dist/index.js",
   "exports": {

package/plugins/lisa/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa",
-  "version": "2.141.1",
+  "version": "2.142.0",
   "description": "Universal governance — agents, skills, commands, hooks, and rules for all projects",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa/.codex-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa",
-  "version": "2.141.1",
+  "version": "2.142.0",
   "description": "Universal governance: agents, skills, commands, hooks, and rules for all projects.",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa/skills/analyze-claude-remote/SKILL.md

@@ -84,9 +84,19 @@ Group the findings as:
    `secrets.*`/`env:` in CI, and config-referenced tokens. Group by integration (GitHub, AWS,
    Atlassian/JIRA/Confluence, Notion, Linear, Anthropic, notifications, feature flags, other).
    Cross-reference `.lisa.config.json` `tracker`/`source` to mark which credentials are **active**
-   for this repo vs **dormant** (`OPTIONAL`). Always surface Claude Code feature flags actually set
-   in `.claude/settings.json` (e.g. `CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS`) as `REQUIRED` to match
-   local behavior, since the environment `env` block is the reliable place to set them.
+   for this repo vs **dormant** (`OPTIONAL`). Distinguish *where* each var must be set, because the
+   answer differs and getting it wrong sends the user to do redundant work:
+
+   - **Committed `.claude/settings.json` `env` flags** (e.g. `CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS`,
+     `ENABLE_LSP_TOOL`, `BASH_*`) — this file is repo-committed, so it reaches the cloud and Claude
+     Code applies its `env` block when it launches. These are **already provided — no action**.
+     Surface them as `OK` (cite the file), not `REQUIRED`. Do **not** tell the user to re-enter them
+     in the environment UI; a duplicate there only risks drifting from the committed value. The lone
+     caveat: the setup script runs *before* Claude Code launches, so it cannot see these — flag any
+     that the **setup script itself** would need (rare) as needing a UI value too.
+   - **Secrets** (tokens/keys) — cannot be committed, so the committed `settings.json` can't carry
+     them. These are the only vars that genuinely **must be set in the environment-variables UI**.
+     Mark active-integration secrets `REQUIRED`; dormant ones `OPTIONAL`.
 
 4a. **Tracker / PRD-source credentials** — this is the load-bearing part of the audit and must be
    driven by config, not by what the scan happens to find. Resolve the active integrations first:
@@ -199,7 +209,10 @@ checklist of the secrets the user must set in the routine's environment for the
 `tracker`/`source` (from group 4a). One block per active integration, each with its env-var name(s),
 an `Acquire:` URL, and an `Access:` scope line, plus a one-line note that the environment UI is where
 these are set (the generated build script only emits a names-only template, never values). If both
-`tracker` and `source` resolve to the same vendor (e.g. both `github`), render it once.
+`tracker` and `source` resolve to the same vendor (e.g. both GitHub), render it once. List **only
+secrets** here — do not include the committed `.claude/settings.json` `env` flags; close the
+subsection with a one-line reminder that those flags are already provided by the committed file and
+need no UI entry.
 
 End with a fenced, machine-readable inventory block (also printed when `--json` is passed) so
 `/lisa:generate-claude-remote-build-script` can consume it without re-deriving everything. Secret
@@ -216,7 +229,7 @@ so the generator can render acquisition comments into its template:
   "tracker": "github",
   "source": "github",
   "env": [
-    { "name": "CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS", "required": true, "secret": false, "reason": "set in .claude/settings.json" },
+    { "name": "CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS", "required": false, "secret": false, "providedBy": "settings.json", "uiAction": "none", "reason": "committed in .claude/settings.json env — applied automatically; do not re-enter in the UI" },
     {
       "name": "GH_TOKEN", "required": true, "secret": true, "integration": "github",
       "reason": "active tracker+source; gh scripts gate on gh auth status",

package/plugins/lisa/skills/generate-claude-remote-build-script/SKILL.md

@@ -51,9 +51,12 @@ tracker/source, plus the host project's own package manager and tooling — not
 3. **Emit the environment-variable template.** Write a commented block listing every `env` entry
    from the inventory grouped by integration, marked `REQUIRED`/`OPTIONAL` and `secret`/`plain`,
    with the reason. **Never write real secret values** — only names and placeholders, because the
-   environment config is visible to anyone who can edit it. Include feature flags actually set in
-   `.claude/settings.json` (e.g. `CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS`) so cloud behavior matches
-   local. For every secret entry that carries `acquireUrl`/`accessScope`/`headlessSubstrate` (the
+   environment config is visible to anyone who can edit it. Entries flagged `providedBy: settings.json`
+   (the committed `.claude/settings.json` `env` flags, e.g. `CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS`) are
+   **already applied from the committed file** — list them under an `# Already provided by committed
+   .claude/settings.json — no UI entry needed` heading, not as values to set. The "set in the
+   environment UI" template is for **secrets only**. For every secret entry that carries
+   `acquireUrl`/`accessScope`/`headlessSubstrate` (the
    active tracker/source credentials from the analysis's group 4a), render those as comment lines
    directly above the name — `# Acquire: <url>` and `# Access: <scope>` — so the user knows exactly
    where to get the token and what permissions it needs. Emit only the **env-var form** of the name
@@ -83,8 +86,9 @@ shape, not a fixed payload):
 #
 # GAPS this script cannot fix (configure separately):
 #   - <gaps from analysis, e.g. auto-memory is machine-local and not synced to cloud routines>
-# ENV VARS to set in the environment config (names only — set real values there, not here):
-#   - CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS=1   # REQUIRED, matches .claude/settings.json
+# Already provided by committed .claude/settings.json (applied automatically — no UI entry needed):
+#   - CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS, ENABLE_LSP_TOOL, BASH_DEFAULT_TIMEOUT_MS, BASH_MAX_TIMEOUT_MS
+# SECRETS to set in the environment config (names only — set real values there, not here):
 #   # --- credentials for the active tracker/source (set in the environment UI) ---
 #   # Acquire: https://github.com/settings/personal-access-tokens
 #   # Access:  fine-grained PAT on target repo: Contents R/W, Issues R/W, Pull requests R/W, Metadata R

package/plugins/lisa-agy/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa",
-  "version": "2.141.1",
+  "version": "2.142.0",
   "description": "Universal governance — agents, skills, commands, hooks, and rules for all projects",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-agy/skills/analyze-claude-remote/SKILL.md

@@ -84,9 +84,19 @@ Group the findings as:
    `secrets.*`/`env:` in CI, and config-referenced tokens. Group by integration (GitHub, AWS,
    Atlassian/JIRA/Confluence, Notion, Linear, Anthropic, notifications, feature flags, other).
    Cross-reference `.lisa.config.json` `tracker`/`source` to mark which credentials are **active**
-   for this repo vs **dormant** (`OPTIONAL`). Always surface Claude Code feature flags actually set
-   in `.claude/settings.json` (e.g. `CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS`) as `REQUIRED` to match
-   local behavior, since the environment `env` block is the reliable place to set them.
+   for this repo vs **dormant** (`OPTIONAL`). Distinguish *where* each var must be set, because the
+   answer differs and getting it wrong sends the user to do redundant work:
+
+   - **Committed `.claude/settings.json` `env` flags** (e.g. `CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS`,
+     `ENABLE_LSP_TOOL`, `BASH_*`) — this file is repo-committed, so it reaches the cloud and Claude
+     Code applies its `env` block when it launches. These are **already provided — no action**.
+     Surface them as `OK` (cite the file), not `REQUIRED`. Do **not** tell the user to re-enter them
+     in the environment UI; a duplicate there only risks drifting from the committed value. The lone
+     caveat: the setup script runs *before* Claude Code launches, so it cannot see these — flag any
+     that the **setup script itself** would need (rare) as needing a UI value too.
+   - **Secrets** (tokens/keys) — cannot be committed, so the committed `settings.json` can't carry
+     them. These are the only vars that genuinely **must be set in the environment-variables UI**.
+     Mark active-integration secrets `REQUIRED`; dormant ones `OPTIONAL`.
 
 4a. **Tracker / PRD-source credentials** — this is the load-bearing part of the audit and must be
    driven by config, not by what the scan happens to find. Resolve the active integrations first:
@@ -199,7 +209,10 @@ checklist of the secrets the user must set in the routine's environment for the
 `tracker`/`source` (from group 4a). One block per active integration, each with its env-var name(s),
 an `Acquire:` URL, and an `Access:` scope line, plus a one-line note that the environment UI is where
 these are set (the generated build script only emits a names-only template, never values). If both
-`tracker` and `source` resolve to the same vendor (e.g. both `github`), render it once.
+`tracker` and `source` resolve to the same vendor (e.g. both GitHub), render it once. List **only
+secrets** here — do not include the committed `.claude/settings.json` `env` flags; close the
+subsection with a one-line reminder that those flags are already provided by the committed file and
+need no UI entry.
 
 End with a fenced, machine-readable inventory block (also printed when `--json` is passed) so
 `/lisa:generate-claude-remote-build-script` can consume it without re-deriving everything. Secret
@@ -216,7 +229,7 @@ so the generator can render acquisition comments into its template:
   "tracker": "github",
   "source": "github",
   "env": [
-    { "name": "CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS", "required": true, "secret": false, "reason": "set in .claude/settings.json" },
+    { "name": "CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS", "required": false, "secret": false, "providedBy": "settings.json", "uiAction": "none", "reason": "committed in .claude/settings.json env — applied automatically; do not re-enter in the UI" },
     {
       "name": "GH_TOKEN", "required": true, "secret": true, "integration": "github",
       "reason": "active tracker+source; gh scripts gate on gh auth status",

package/plugins/lisa-agy/skills/generate-claude-remote-build-script/SKILL.md

@@ -51,9 +51,12 @@ tracker/source, plus the host project's own package manager and tooling — not
 3. **Emit the environment-variable template.** Write a commented block listing every `env` entry
    from the inventory grouped by integration, marked `REQUIRED`/`OPTIONAL` and `secret`/`plain`,
    with the reason. **Never write real secret values** — only names and placeholders, because the
-   environment config is visible to anyone who can edit it. Include feature flags actually set in
-   `.claude/settings.json` (e.g. `CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS`) so cloud behavior matches
-   local. For every secret entry that carries `acquireUrl`/`accessScope`/`headlessSubstrate` (the
+   environment config is visible to anyone who can edit it. Entries flagged `providedBy: settings.json`
+   (the committed `.claude/settings.json` `env` flags, e.g. `CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS`) are
+   **already applied from the committed file** — list them under an `# Already provided by committed
+   .claude/settings.json — no UI entry needed` heading, not as values to set. The "set in the
+   environment UI" template is for **secrets only**. For every secret entry that carries
+   `acquireUrl`/`accessScope`/`headlessSubstrate` (the
    active tracker/source credentials from the analysis's group 4a), render those as comment lines
    directly above the name — `# Acquire: <url>` and `# Access: <scope>` — so the user knows exactly
    where to get the token and what permissions it needs. Emit only the **env-var form** of the name
@@ -83,8 +86,9 @@ shape, not a fixed payload):
 #
 # GAPS this script cannot fix (configure separately):
 #   - <gaps from analysis, e.g. auto-memory is machine-local and not synced to cloud routines>
-# ENV VARS to set in the environment config (names only — set real values there, not here):
-#   - CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS=1   # REQUIRED, matches .claude/settings.json
+# Already provided by committed .claude/settings.json (applied automatically — no UI entry needed):
+#   - CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS, ENABLE_LSP_TOOL, BASH_DEFAULT_TIMEOUT_MS, BASH_MAX_TIMEOUT_MS
+# SECRETS to set in the environment config (names only — set real values there, not here):
 #   # --- credentials for the active tracker/source (set in the environment UI) ---
 #   # Acquire: https://github.com/settings/personal-access-tokens
 #   # Access:  fine-grained PAT on target repo: Contents R/W, Issues R/W, Pull requests R/W, Metadata R

package/plugins/lisa-cdk/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-cdk",
-  "version": "2.141.1",
+  "version": "2.142.0",
   "description": "AWS CDK-specific plugin",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-cdk/.codex-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-cdk",
-  "version": "2.141.1",
+  "version": "2.142.0",
   "description": "AWS CDK-specific Lisa plugin.",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-cdk-agy/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-cdk",
-  "version": "2.141.1",
+  "version": "2.142.0",
   "description": "AWS CDK-specific plugin",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-cdk-copilot/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-cdk",
-  "version": "2.141.1",
+  "version": "2.142.0",
   "description": "AWS CDK-specific plugin",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-cdk-cursor/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-cdk",
-  "version": "2.141.1",
+  "version": "2.142.0",
   "description": "AWS CDK-specific plugin",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-copilot/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa",
-  "version": "2.141.1",
+  "version": "2.142.0",
   "description": "Universal governance — agents, skills, commands, hooks, and rules for all projects",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-copilot/skills/analyze-claude-remote/SKILL.md

@@ -84,9 +84,19 @@ Group the findings as:
    `secrets.*`/`env:` in CI, and config-referenced tokens. Group by integration (GitHub, AWS,
    Atlassian/JIRA/Confluence, Notion, Linear, Anthropic, notifications, feature flags, other).
    Cross-reference `.lisa.config.json` `tracker`/`source` to mark which credentials are **active**
-   for this repo vs **dormant** (`OPTIONAL`). Always surface Claude Code feature flags actually set
-   in `.claude/settings.json` (e.g. `CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS`) as `REQUIRED` to match
-   local behavior, since the environment `env` block is the reliable place to set them.
+   for this repo vs **dormant** (`OPTIONAL`). Distinguish *where* each var must be set, because the
+   answer differs and getting it wrong sends the user to do redundant work:
+
+   - **Committed `.claude/settings.json` `env` flags** (e.g. `CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS`,
+     `ENABLE_LSP_TOOL`, `BASH_*`) — this file is repo-committed, so it reaches the cloud and Claude
+     Code applies its `env` block when it launches. These are **already provided — no action**.
+     Surface them as `OK` (cite the file), not `REQUIRED`. Do **not** tell the user to re-enter them
+     in the environment UI; a duplicate there only risks drifting from the committed value. The lone
+     caveat: the setup script runs *before* Claude Code launches, so it cannot see these — flag any
+     that the **setup script itself** would need (rare) as needing a UI value too.
+   - **Secrets** (tokens/keys) — cannot be committed, so the committed `settings.json` can't carry
+     them. These are the only vars that genuinely **must be set in the environment-variables UI**.
+     Mark active-integration secrets `REQUIRED`; dormant ones `OPTIONAL`.
 
 4a. **Tracker / PRD-source credentials** — this is the load-bearing part of the audit and must be
    driven by config, not by what the scan happens to find. Resolve the active integrations first:
@@ -199,7 +209,10 @@ checklist of the secrets the user must set in the routine's environment for the
 `tracker`/`source` (from group 4a). One block per active integration, each with its env-var name(s),
 an `Acquire:` URL, and an `Access:` scope line, plus a one-line note that the environment UI is where
 these are set (the generated build script only emits a names-only template, never values). If both
-`tracker` and `source` resolve to the same vendor (e.g. both `github`), render it once.
+`tracker` and `source` resolve to the same vendor (e.g. both GitHub), render it once. List **only
+secrets** here — do not include the committed `.claude/settings.json` `env` flags; close the
+subsection with a one-line reminder that those flags are already provided by the committed file and
+need no UI entry.
 
 End with a fenced, machine-readable inventory block (also printed when `--json` is passed) so
 `/lisa:generate-claude-remote-build-script` can consume it without re-deriving everything. Secret
@@ -216,7 +229,7 @@ so the generator can render acquisition comments into its template:
   "tracker": "github",
   "source": "github",
   "env": [
-    { "name": "CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS", "required": true, "secret": false, "reason": "set in .claude/settings.json" },
+    { "name": "CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS", "required": false, "secret": false, "providedBy": "settings.json", "uiAction": "none", "reason": "committed in .claude/settings.json env — applied automatically; do not re-enter in the UI" },
     {
       "name": "GH_TOKEN", "required": true, "secret": true, "integration": "github",
       "reason": "active tracker+source; gh scripts gate on gh auth status",

package/plugins/lisa-copilot/skills/generate-claude-remote-build-script/SKILL.md

@@ -51,9 +51,12 @@ tracker/source, plus the host project's own package manager and tooling — not
 3. **Emit the environment-variable template.** Write a commented block listing every `env` entry
    from the inventory grouped by integration, marked `REQUIRED`/`OPTIONAL` and `secret`/`plain`,
    with the reason. **Never write real secret values** — only names and placeholders, because the
-   environment config is visible to anyone who can edit it. Include feature flags actually set in
-   `.claude/settings.json` (e.g. `CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS`) so cloud behavior matches
-   local. For every secret entry that carries `acquireUrl`/`accessScope`/`headlessSubstrate` (the
+   environment config is visible to anyone who can edit it. Entries flagged `providedBy: settings.json`
+   (the committed `.claude/settings.json` `env` flags, e.g. `CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS`) are
+   **already applied from the committed file** — list them under an `# Already provided by committed
+   .claude/settings.json — no UI entry needed` heading, not as values to set. The "set in the
+   environment UI" template is for **secrets only**. For every secret entry that carries
+   `acquireUrl`/`accessScope`/`headlessSubstrate` (the
    active tracker/source credentials from the analysis's group 4a), render those as comment lines
    directly above the name — `# Acquire: <url>` and `# Access: <scope>` — so the user knows exactly
    where to get the token and what permissions it needs. Emit only the **env-var form** of the name
@@ -83,8 +86,9 @@ shape, not a fixed payload):
 #
 # GAPS this script cannot fix (configure separately):
 #   - <gaps from analysis, e.g. auto-memory is machine-local and not synced to cloud routines>
-# ENV VARS to set in the environment config (names only — set real values there, not here):
-#   - CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS=1   # REQUIRED, matches .claude/settings.json
+# Already provided by committed .claude/settings.json (applied automatically — no UI entry needed):
+#   - CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS, ENABLE_LSP_TOOL, BASH_DEFAULT_TIMEOUT_MS, BASH_MAX_TIMEOUT_MS
+# SECRETS to set in the environment config (names only — set real values there, not here):
 #   # --- credentials for the active tracker/source (set in the environment UI) ---
 #   # Acquire: https://github.com/settings/personal-access-tokens
 #   # Access:  fine-grained PAT on target repo: Contents R/W, Issues R/W, Pull requests R/W, Metadata R

package/plugins/lisa-cursor/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa",
-  "version": "2.141.1",
+  "version": "2.142.0",
   "description": "Universal governance — agents, skills, commands, hooks, and rules for all projects",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-cursor/skills/analyze-claude-remote/SKILL.md

@@ -84,9 +84,19 @@ Group the findings as:
    `secrets.*`/`env:` in CI, and config-referenced tokens. Group by integration (GitHub, AWS,
    Atlassian/JIRA/Confluence, Notion, Linear, Anthropic, notifications, feature flags, other).
    Cross-reference `.lisa.config.json` `tracker`/`source` to mark which credentials are **active**
-   for this repo vs **dormant** (`OPTIONAL`). Always surface Claude Code feature flags actually set
-   in `.claude/settings.json` (e.g. `CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS`) as `REQUIRED` to match
-   local behavior, since the environment `env` block is the reliable place to set them.
+   for this repo vs **dormant** (`OPTIONAL`). Distinguish *where* each var must be set, because the
+   answer differs and getting it wrong sends the user to do redundant work:
+
+   - **Committed `.claude/settings.json` `env` flags** (e.g. `CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS`,
+     `ENABLE_LSP_TOOL`, `BASH_*`) — this file is repo-committed, so it reaches the cloud and Claude
+     Code applies its `env` block when it launches. These are **already provided — no action**.
+     Surface them as `OK` (cite the file), not `REQUIRED`. Do **not** tell the user to re-enter them
+     in the environment UI; a duplicate there only risks drifting from the committed value. The lone
+     caveat: the setup script runs *before* Claude Code launches, so it cannot see these — flag any
+     that the **setup script itself** would need (rare) as needing a UI value too.
+   - **Secrets** (tokens/keys) — cannot be committed, so the committed `settings.json` can't carry
+     them. These are the only vars that genuinely **must be set in the environment-variables UI**.
+     Mark active-integration secrets `REQUIRED`; dormant ones `OPTIONAL`.
 
 4a. **Tracker / PRD-source credentials** — this is the load-bearing part of the audit and must be
    driven by config, not by what the scan happens to find. Resolve the active integrations first:
@@ -199,7 +209,10 @@ checklist of the secrets the user must set in the routine's environment for the
 `tracker`/`source` (from group 4a). One block per active integration, each with its env-var name(s),
 an `Acquire:` URL, and an `Access:` scope line, plus a one-line note that the environment UI is where
 these are set (the generated build script only emits a names-only template, never values). If both
-`tracker` and `source` resolve to the same vendor (e.g. both `github`), render it once.
+`tracker` and `source` resolve to the same vendor (e.g. both GitHub), render it once. List **only
+secrets** here — do not include the committed `.claude/settings.json` `env` flags; close the
+subsection with a one-line reminder that those flags are already provided by the committed file and
+need no UI entry.
 
 End with a fenced, machine-readable inventory block (also printed when `--json` is passed) so
 `/lisa:generate-claude-remote-build-script` can consume it without re-deriving everything. Secret
@@ -216,7 +229,7 @@ so the generator can render acquisition comments into its template:
   "tracker": "github",
   "source": "github",
   "env": [
-    { "name": "CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS", "required": true, "secret": false, "reason": "set in .claude/settings.json" },
+    { "name": "CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS", "required": false, "secret": false, "providedBy": "settings.json", "uiAction": "none", "reason": "committed in .claude/settings.json env — applied automatically; do not re-enter in the UI" },
     {
       "name": "GH_TOKEN", "required": true, "secret": true, "integration": "github",
       "reason": "active tracker+source; gh scripts gate on gh auth status",

package/plugins/lisa-cursor/skills/generate-claude-remote-build-script/SKILL.md

@@ -51,9 +51,12 @@ tracker/source, plus the host project's own package manager and tooling — not
 3. **Emit the environment-variable template.** Write a commented block listing every `env` entry
    from the inventory grouped by integration, marked `REQUIRED`/`OPTIONAL` and `secret`/`plain`,
    with the reason. **Never write real secret values** — only names and placeholders, because the
-   environment config is visible to anyone who can edit it. Include feature flags actually set in
-   `.claude/settings.json` (e.g. `CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS`) so cloud behavior matches
-   local. For every secret entry that carries `acquireUrl`/`accessScope`/`headlessSubstrate` (the
+   environment config is visible to anyone who can edit it. Entries flagged `providedBy: settings.json`
+   (the committed `.claude/settings.json` `env` flags, e.g. `CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS`) are
+   **already applied from the committed file** — list them under an `# Already provided by committed
+   .claude/settings.json — no UI entry needed` heading, not as values to set. The "set in the
+   environment UI" template is for **secrets only**. For every secret entry that carries
+   `acquireUrl`/`accessScope`/`headlessSubstrate` (the
    active tracker/source credentials from the analysis's group 4a), render those as comment lines
    directly above the name — `# Acquire: <url>` and `# Access: <scope>` — so the user knows exactly
    where to get the token and what permissions it needs. Emit only the **env-var form** of the name
@@ -83,8 +86,9 @@ shape, not a fixed payload):
 #
 # GAPS this script cannot fix (configure separately):
 #   - <gaps from analysis, e.g. auto-memory is machine-local and not synced to cloud routines>
-# ENV VARS to set in the environment config (names only — set real values there, not here):
-#   - CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS=1   # REQUIRED, matches .claude/settings.json
+# Already provided by committed .claude/settings.json (applied automatically — no UI entry needed):
+#   - CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS, ENABLE_LSP_TOOL, BASH_DEFAULT_TIMEOUT_MS, BASH_MAX_TIMEOUT_MS
+# SECRETS to set in the environment config (names only — set real values there, not here):
 #   # --- credentials for the active tracker/source (set in the environment UI) ---
 #   # Acquire: https://github.com/settings/personal-access-tokens
 #   # Access:  fine-grained PAT on target repo: Contents R/W, Issues R/W, Pull requests R/W, Metadata R

package/plugins/lisa-expo/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-expo",
-  "version": "2.141.1",
+  "version": "2.142.0",
   "description": "Expo/React Native-specific skills, agents, rules, and MCP servers",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-expo/.codex-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-expo",
-  "version": "2.141.1",
+  "version": "2.142.0",
   "description": "Expo and React Native-specific skills, agents, rules, and MCP servers.",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-expo-agy/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-expo",
-  "version": "2.141.1",
+  "version": "2.142.0",
   "description": "Expo/React Native-specific skills, agents, rules, and MCP servers",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-expo-copilot/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-expo",
-  "version": "2.141.1",
+  "version": "2.142.0",
   "description": "Expo/React Native-specific skills, agents, rules, and MCP servers",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-expo-cursor/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-expo",
-  "version": "2.141.1",
+  "version": "2.142.0",
   "description": "Expo/React Native-specific skills, agents, rules, and MCP servers",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-harper-fabric/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-harper-fabric",
-  "version": "2.141.1",
+  "version": "2.142.0",
   "description": "Harper/Fabric-specific rules for TypeScript component apps",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-harper-fabric/.codex-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-harper-fabric",
-  "version": "2.141.1",
+  "version": "2.142.0",
   "description": "Harper/Fabric-specific Lisa rules for TypeScript component apps.",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-harper-fabric-agy/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-harper-fabric",
-  "version": "2.141.1",
+  "version": "2.142.0",
   "description": "Harper/Fabric-specific rules for TypeScript component apps",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-harper-fabric-copilot/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-harper-fabric",
-  "version": "2.141.1",
+  "version": "2.142.0",
   "description": "Harper/Fabric-specific rules for TypeScript component apps",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-harper-fabric-cursor/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-harper-fabric",
-  "version": "2.141.1",
+  "version": "2.142.0",
   "description": "Harper/Fabric-specific rules for TypeScript component apps",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-nestjs/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-nestjs",
-  "version": "2.141.1",
+  "version": "2.142.0",
   "description": "NestJS-specific skills (GraphQL, TypeORM) and hooks (migration write-protection)",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-nestjs/.codex-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-nestjs",
-  "version": "2.141.1",
+  "version": "2.142.0",
   "description": "NestJS-specific skills and migration write-protection hooks.",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-nestjs-agy/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-nestjs",
-  "version": "2.141.1",
+  "version": "2.142.0",
   "description": "NestJS-specific skills (GraphQL, TypeORM) and hooks (migration write-protection)",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-nestjs-copilot/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-nestjs",
-  "version": "2.141.1",
+  "version": "2.142.0",
   "description": "NestJS-specific skills (GraphQL, TypeORM) and hooks (migration write-protection)",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-nestjs-cursor/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-nestjs",
-  "version": "2.141.1",
+  "version": "2.142.0",
   "description": "NestJS-specific skills (GraphQL, TypeORM) and hooks (migration write-protection)",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-openclaw/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-openclaw",
-  "version": "2.141.1",
+  "version": "2.142.0",
   "description": "Connect staff roles to Telegram or Slack via OpenClaw — facilitator/specialist hub-and-spoke routing and repo-coding topics, for Claude Code and Codex",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-openclaw/.codex-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-openclaw",
-  "version": "2.141.1",
+  "version": "2.142.0",
   "description": "Connect staff roles to Telegram or Slack via OpenClaw — facilitator/specialist hub-and-spoke routing and repo-coding topics, across Claude and Codex.",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-openclaw-agy/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-openclaw",
-  "version": "2.141.1",
+  "version": "2.142.0",
   "description": "Connect staff roles to Telegram or Slack via OpenClaw — facilitator/specialist hub-and-spoke routing and repo-coding topics, for Claude Code and Codex",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-openclaw-copilot/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-openclaw",
-  "version": "2.141.1",
+  "version": "2.142.0",
   "description": "Connect staff roles to Telegram or Slack via OpenClaw — facilitator/specialist hub-and-spoke routing and repo-coding topics, for Claude Code and Codex",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-openclaw-cursor/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-openclaw",
-  "version": "2.141.1",
+  "version": "2.142.0",
   "description": "Connect staff roles to Telegram or Slack via OpenClaw — facilitator/specialist hub-and-spoke routing and repo-coding topics, for Claude Code and Codex",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-rails/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-rails",
-  "version": "2.141.1",
+  "version": "2.142.0",
   "description": "Ruby on Rails-specific hooks — RuboCop linting/formatting and ast-grep scanning on edit",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-rails/.codex-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-rails",
-  "version": "2.141.1",
+  "version": "2.142.0",
   "description": "Ruby on Rails-specific skills and hooks for RuboCop and ast-grep scanning on edit.",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-rails-agy/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-rails",
-  "version": "2.141.1",
+  "version": "2.142.0",
   "description": "Ruby on Rails-specific hooks — RuboCop linting/formatting and ast-grep scanning on edit",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-rails-copilot/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-rails",
-  "version": "2.141.1",
+  "version": "2.142.0",
   "description": "Ruby on Rails-specific hooks — RuboCop linting/formatting and ast-grep scanning on edit",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-rails-cursor/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-rails",
-  "version": "2.141.1",
+  "version": "2.142.0",
   "description": "Ruby on Rails-specific hooks — RuboCop linting/formatting and ast-grep scanning on edit",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-typescript/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-typescript",
-  "version": "2.141.1",
+  "version": "2.142.0",
   "description": "TypeScript-specific hooks — Prettier formatting, ESLint linting, ast-grep scanning, and error-suppression blocking on edit",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-typescript/.codex-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-typescript",
-  "version": "2.141.1",
+  "version": "2.142.0",
   "description": "TypeScript-specific hooks for formatting, linting, and ast-grep scanning on edit.",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-typescript-agy/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-typescript",
-  "version": "2.141.1",
+  "version": "2.142.0",
   "description": "TypeScript-specific hooks — Prettier formatting, ESLint linting, ast-grep scanning, and error-suppression blocking on edit",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-typescript-copilot/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-typescript",
-  "version": "2.141.1",
+  "version": "2.142.0",
   "description": "TypeScript-specific hooks — Prettier formatting, ESLint linting, ast-grep scanning, and error-suppression blocking on edit",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-typescript-cursor/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-typescript",
-  "version": "2.141.1",
+  "version": "2.142.0",
   "description": "TypeScript-specific hooks — Prettier formatting, ESLint linting, ast-grep scanning, and error-suppression blocking on edit",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-wiki/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-wiki",
-  "version": "2.141.1",
+  "version": "2.142.0",
   "description": "LLM Wiki — a distributable, git-native markdown knowledge base for Claude Code and Codex",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-wiki/.codex-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-wiki",
-  "version": "2.141.1",
+  "version": "2.142.0",
   "description": "Distributable LLM Wiki kernel — ingest, query, lint, and maintain a git-native markdown knowledge base across Claude and Codex.",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-wiki-agy/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-wiki",
-  "version": "2.141.1",
+  "version": "2.142.0",
   "description": "LLM Wiki — a distributable, git-native markdown knowledge base for Claude Code and Codex",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-wiki-copilot/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-wiki",
-  "version": "2.141.1",
+  "version": "2.142.0",
   "description": "LLM Wiki — a distributable, git-native markdown knowledge base for Claude Code and Codex",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-wiki-cursor/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-wiki",
-  "version": "2.141.1",
+  "version": "2.142.0",
   "description": "LLM Wiki — a distributable, git-native markdown knowledge base for Claude Code and Codex",
   "author": {
     "name": "Cody Swann"

package/plugins/src/base/skills/analyze-claude-remote/SKILL.md

@@ -84,9 +84,19 @@ Group the findings as:
    `secrets.*`/`env:` in CI, and config-referenced tokens. Group by integration (GitHub, AWS,
    Atlassian/JIRA/Confluence, Notion, Linear, Anthropic, notifications, feature flags, other).
    Cross-reference `.lisa.config.json` `tracker`/`source` to mark which credentials are **active**
-   for this repo vs **dormant** (`OPTIONAL`). Always surface Claude Code feature flags actually set
-   in `.claude/settings.json` (e.g. `CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS`) as `REQUIRED` to match
-   local behavior, since the environment `env` block is the reliable place to set them.
+   for this repo vs **dormant** (`OPTIONAL`). Distinguish *where* each var must be set, because the
+   answer differs and getting it wrong sends the user to do redundant work:
+
+   - **Committed `.claude/settings.json` `env` flags** (e.g. `CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS`,
+     `ENABLE_LSP_TOOL`, `BASH_*`) — this file is repo-committed, so it reaches the cloud and Claude
+     Code applies its `env` block when it launches. These are **already provided — no action**.
+     Surface them as `OK` (cite the file), not `REQUIRED`. Do **not** tell the user to re-enter them
+     in the environment UI; a duplicate there only risks drifting from the committed value. The lone
+     caveat: the setup script runs *before* Claude Code launches, so it cannot see these — flag any
+     that the **setup script itself** would need (rare) as needing a UI value too.
+   - **Secrets** (tokens/keys) — cannot be committed, so the committed `settings.json` can't carry
+     them. These are the only vars that genuinely **must be set in the environment-variables UI**.
+     Mark active-integration secrets `REQUIRED`; dormant ones `OPTIONAL`.
 
 4a. **Tracker / PRD-source credentials** — this is the load-bearing part of the audit and must be
    driven by config, not by what the scan happens to find. Resolve the active integrations first:
@@ -199,7 +209,10 @@ checklist of the secrets the user must set in the routine's environment for the
 `tracker`/`source` (from group 4a). One block per active integration, each with its env-var name(s),
 an `Acquire:` URL, and an `Access:` scope line, plus a one-line note that the environment UI is where
 these are set (the generated build script only emits a names-only template, never values). If both
-`tracker` and `source` resolve to the same vendor (e.g. both `github`), render it once.
+`tracker` and `source` resolve to the same vendor (e.g. both GitHub), render it once. List **only
+secrets** here — do not include the committed `.claude/settings.json` `env` flags; close the
+subsection with a one-line reminder that those flags are already provided by the committed file and
+need no UI entry.
 
 End with a fenced, machine-readable inventory block (also printed when `--json` is passed) so
 `/lisa:generate-claude-remote-build-script` can consume it without re-deriving everything. Secret
@@ -216,7 +229,7 @@ so the generator can render acquisition comments into its template:
   "tracker": "github",
   "source": "github",
   "env": [
-    { "name": "CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS", "required": true, "secret": false, "reason": "set in .claude/settings.json" },
+    { "name": "CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS", "required": false, "secret": false, "providedBy": "settings.json", "uiAction": "none", "reason": "committed in .claude/settings.json env — applied automatically; do not re-enter in the UI" },
     {
       "name": "GH_TOKEN", "required": true, "secret": true, "integration": "github",
       "reason": "active tracker+source; gh scripts gate on gh auth status",

package/plugins/src/base/skills/generate-claude-remote-build-script/SKILL.md

@@ -51,9 +51,12 @@ tracker/source, plus the host project's own package manager and tooling — not
 3. **Emit the environment-variable template.** Write a commented block listing every `env` entry
    from the inventory grouped by integration, marked `REQUIRED`/`OPTIONAL` and `secret`/`plain`,
    with the reason. **Never write real secret values** — only names and placeholders, because the
-   environment config is visible to anyone who can edit it. Include feature flags actually set in
-   `.claude/settings.json` (e.g. `CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS`) so cloud behavior matches
-   local. For every secret entry that carries `acquireUrl`/`accessScope`/`headlessSubstrate` (the
+   environment config is visible to anyone who can edit it. Entries flagged `providedBy: settings.json`
+   (the committed `.claude/settings.json` `env` flags, e.g. `CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS`) are
+   **already applied from the committed file** — list them under an `# Already provided by committed
+   .claude/settings.json — no UI entry needed` heading, not as values to set. The "set in the
+   environment UI" template is for **secrets only**. For every secret entry that carries
+   `acquireUrl`/`accessScope`/`headlessSubstrate` (the
    active tracker/source credentials from the analysis's group 4a), render those as comment lines
    directly above the name — `# Acquire: <url>` and `# Access: <scope>` — so the user knows exactly
    where to get the token and what permissions it needs. Emit only the **env-var form** of the name
@@ -83,8 +86,9 @@ shape, not a fixed payload):
 #
 # GAPS this script cannot fix (configure separately):
 #   - <gaps from analysis, e.g. auto-memory is machine-local and not synced to cloud routines>
-# ENV VARS to set in the environment config (names only — set real values there, not here):
-#   - CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS=1   # REQUIRED, matches .claude/settings.json
+# Already provided by committed .claude/settings.json (applied automatically — no UI entry needed):
+#   - CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS, ENABLE_LSP_TOOL, BASH_DEFAULT_TIMEOUT_MS, BASH_MAX_TIMEOUT_MS
+# SECRETS to set in the environment config (names only — set real values there, not here):
 #   # --- credentials for the active tracker/source (set in the environment UI) ---
 #   # Acquire: https://github.com/settings/personal-access-tokens
 #   # Access:  fine-grained PAT on target repo: Contents R/W, Issues R/W, Pull requests R/W, Metadata R

package/scripts/claude-remote-setup.sh

@@ -13,12 +13,10 @@
 #   - linear-server MCP is OAuth (browser) → unusable headless. Dormant here (tracker=github);
 #     if you switch to Linear, use LINEAR_API_KEY + Linear GraphQL instead.
 #
-# ENV VARS to set in the environment config (names only — set real values in the UI, NOT here):
-#   Plain config flags (match .claude/settings.json):
-#     - CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS=1
-#     - ENABLE_LSP_TOOL=1
-#     - BASH_DEFAULT_TIMEOUT_MS=1800000
-#     - BASH_MAX_TIMEOUT_MS=7200000
+# Already provided by committed .claude/settings.json env (applied automatically — do NOT re-enter in the UI):
+#     - CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS, ENABLE_LSP_TOOL, BASH_DEFAULT_TIMEOUT_MS, BASH_MAX_TIMEOUT_MS
+#
+# SECRETS to set in the environment config (names only — set real values in the UI, NOT here):
 #   Credentials for the active tracker/source (tracker=github, source=github):
 #     # Acquire: https://github.com/settings/personal-access-tokens
 #     # Access:  fine-grained PAT on CodySwannGT/lisa — Contents R/W, Issues R/W,

package/typescript/create-only/tsconfig.local.json

@@ -3,6 +3,15 @@
     "outDir": "dist",
     "rootDir": "src"
   },
-  "include": ["src/**/*"],
-  "exclude": ["node_modules", ".build", "dist", "**/*.test.ts", "**/*.spec.ts"]
+  "include": [
+    "src/**/*"
+  ],
+  "exclude": [
+    "node_modules",
+    ".build",
+    "dist",
+    "**/*.test.ts",
+    "**/*.spec.ts"
+  ],
+  "files": []
 }