@delegance/claude-autopilot 5.0.8 → 5.2.1

package/dist/src/cli/migrate-doctor.js

@@ -0,0 +1,191 @@
+// src/cli/migrate-doctor.ts
+//
+// CLI wrapper for migrate doctor checks (Task 7.2).
+//
+// runMigrateDoctor({ repoRoot, fix? }):
+//
+//   fix = false (default, "plain doctor")
+//     - calls runAllChecks
+//     - returns the named results unchanged
+//     - NEVER writes to disk (asserted by golden-file test)
+//
+//   fix = true ("doctor --fix")
+//     - runs the same checks
+//     - applies AUTO-FIXABLE mutations to .autopilot/stack.md:
+//       a) top-level `dev_command` → `migrate.envs.dev.command`
+//       b) missing `schema_version: 1`
+//       c) raw `migrate.skill` → stable ID (via resolveSkill)
+//       d) missing default policy keys backfilled (per skill shape)
+//     - writes the updated YAML, then re-runs the checks and returns
+//       both the post-fix results and the list of mutations performed
+//
+// Spec: docs/superpowers/specs/2026-04-29-migrate-skill-generalization-design.md
+// (§ "claude-autopilot doctor")
+import * as fs from 'node:fs';
+import * as path from 'node:path';
+import * as yaml from 'js-yaml';
+import { runAllChecks } from "../core/migrate/doctor-checks.js";
+import { resolveSkill } from "../core/migrate/alias-resolver.js";
+import { detectsLegacyMigrateSkill, migrateLegacySkill, } from "../core/migrate/migrator.js";
+const DEFAULT_POLICY_GENERIC = {
+    allow_prod_in_ci: false,
+    require_clean_git: true,
+    require_manual_approval: true,
+    require_dry_run_first: false,
+};
+const DEFAULT_POLICY_SUPABASE = {
+    allow_prod_in_ci: false,
+};
+function stackPath(repoRoot) {
+    return path.join(repoRoot, '.autopilot', 'stack.md');
+}
+function applyAutoFixes(repoRoot) {
+    const sp = stackPath(repoRoot);
+    if (!fs.existsSync(sp)) {
+        return { mutations: [], wrote: false };
+    }
+    const raw = fs.readFileSync(sp, 'utf8');
+    let parsed;
+    try {
+        const loaded = yaml.load(raw);
+        if (!loaded || typeof loaded !== 'object') {
+            return { mutations: [], wrote: false };
+        }
+        parsed = loaded;
+    }
+    catch {
+        return { mutations: [], wrote: false };
+    }
+    const mutations = [];
+    // a) Migrate top-level dev_command → migrate.envs.dev.command
+    if ('dev_command' in parsed) {
+        const legacy = parsed.dev_command;
+        parsed.migrate = parsed.migrate ?? {};
+        parsed.migrate.envs = parsed.migrate.envs ?? {};
+        if (!parsed.migrate.envs.dev?.command) {
+            parsed.migrate.envs.dev = parsed.migrate.envs.dev ?? {};
+            parsed.migrate.envs.dev.command = legacy;
+            mutations.push('migrated top-level dev_command → migrate.envs.dev.command');
+        }
+        else {
+            mutations.push('removed redundant top-level dev_command (envs.dev.command already set)');
+        }
+        delete parsed.dev_command;
+    }
+    // b) Backfill schema_version
+    if (parsed.schema_version === undefined) {
+        parsed.schema_version = 1;
+        mutations.push('added schema_version: 1');
+    }
+    // c) Normalize raw skill → stable ID
+    const skill = parsed.migrate?.skill;
+    if (typeof skill === 'string') {
+        const res = resolveSkill(skill, { repoRoot });
+        if (res.ok && res.normalizedFromRaw && res.stableId !== skill) {
+            parsed.migrate.skill = res.stableId;
+            mutations.push(`normalized migrate.skill: "${skill}" → "${res.stableId}"`);
+        }
+    }
+    // d) Backfill missing default policy keys based on resolved skill shape
+    if (parsed.migrate) {
+        const resolvedSkill = parsed.migrate.skill;
+        let defaults = null;
+        if (resolvedSkill === 'migrate@1')
+            defaults = DEFAULT_POLICY_GENERIC;
+        else if (resolvedSkill === 'migrate.supabase@1')
+            defaults = DEFAULT_POLICY_SUPABASE;
+        if (defaults) {
+            const policy = (parsed.migrate.policy ?? {});
+            const added = [];
+            for (const [k, v] of Object.entries(defaults)) {
+                if (!(k in policy)) {
+                    policy[k] = v;
+                    added.push(k);
+                }
+            }
+            if (added.length > 0) {
+                parsed.migrate.policy = policy;
+                mutations.push(`backfilled default policy keys: ${added.join(', ')}`);
+            }
+        }
+    }
+    if (mutations.length === 0) {
+        return { mutations, wrote: false };
+    }
+    fs.writeFileSync(sp, yaml.dump(parsed, { lineWidth: 120, noRefs: true }), 'utf8');
+    return { mutations, wrote: true };
+}
+function isoStampForReport() {
+    return new Date().toISOString().replace(/[.:]/g, '-');
+}
+function writeMigrationReport(repoRoot, report, context) {
+    const dir = path.join(repoRoot, '.autopilot');
+    fs.mkdirSync(dir, { recursive: true });
+    const file = path.join(dir, `migration-report-${isoStampForReport()}.md`);
+    const lines = [
+        `# Legacy /migrate skill migration report`,
+        ``,
+        `- generated: ${new Date().toISOString()}`,
+        `- migrated: ${context.migrated}`,
+    ];
+    if (context.reason)
+        lines.push(`- reason: ${context.reason}`);
+    if (context.archivePath) {
+        lines.push(`- archive: ${path.relative(repoRoot, context.archivePath)}`);
+    }
+    lines.push(``, `## Steps`, ``);
+    for (const step of report)
+        lines.push(`- ${step}`);
+    lines.push('');
+    fs.writeFileSync(file, lines.join('\n'), 'utf8');
+    return file;
+}
+export async function runMigrateDoctor(opts) {
+    const repoRoot = path.resolve(opts.repoRoot);
+    const fix = opts.fix ?? false;
+    if (!fix) {
+        // Plain doctor: read-only.
+        const results = runAllChecks(repoRoot);
+        // Detect-only: surface legacy /migrate skill presence as a separate
+        // named check so callers can see it, but never write.
+        if (detectsLegacyMigrateSkill(repoRoot)) {
+            results.push({
+                name: 'legacyMigrateSkillAbsent',
+                result: {
+                    ok: false,
+                    message: 'skills/migrate/SKILL.md still has the legacy Supabase shape — run with --fix to migrate',
+                    fixHint: 'claude-autopilot migrate doctor --fix',
+                },
+            });
+        }
+        return { allOk: results.every(r => r.result.ok), results };
+    }
+    // --fix: apply auto-fixable mutations, then re-run checks.
+    const { mutations: yamlMutations } = applyAutoFixes(repoRoot);
+    const mutations = [...yamlMutations];
+    let migrationReportPath;
+    // Wire in the legacy /migrate skill migrator (Task 8.2).
+    if (detectsLegacyMigrateSkill(repoRoot)) {
+        const m = migrateLegacySkill({ repoRoot });
+        for (const step of m.report) {
+            mutations.push(`migrator: ${step}`);
+        }
+        if (m.migrated && m.reason) {
+            mutations.push(`migrator: completed (${m.reason})`);
+        }
+        migrationReportPath = writeMigrationReport(repoRoot, m.report, {
+            migrated: m.migrated,
+            reason: m.reason,
+            archivePath: m.archivePath,
+        });
+        mutations.push(`migrator: wrote migration report → ${path.relative(repoRoot, migrationReportPath)}`);
+    }
+    const results = runAllChecks(repoRoot);
+    return {
+        allOk: results.every(r => r.result.ok),
+        results,
+        mutations,
+        migrationReportPath,
+    };
+}
+//# sourceMappingURL=migrate-doctor.js.map

package/dist/src/core/migrate/alias-resolver.d.ts

@@ -0,0 +1,18 @@
+export interface ResolveOptions {
+    repoRoot: string;
+    /** Optional workspace path for monorepo lookup precedence (workspace
+     *  aliases take precedence over repo-root aliases). */
+    workspace?: string;
+}
+export type ResolveResult = {
+    ok: true;
+    stableId: string;
+    skillPath: string;
+    normalizedFromRaw: boolean;
+} | {
+    ok: false;
+    reasonCode: 'aliases-file-missing' | 'aliases-file-invalid' | 'stable-id-unknown' | 'raw-alias-ambiguous' | 'path-escape' | 'skill-path-missing' | 'invalid-input';
+    message: string;
+};
+export declare function resolveSkill(input: string, opts: ResolveOptions): ResolveResult;
+//# sourceMappingURL=alias-resolver.d.ts.map

package/dist/src/core/migrate/alias-resolver.js

@@ -0,0 +1,150 @@
+// src/core/migrate/alias-resolver.ts
+//
+// Resolves stable skill IDs (e.g. "migrate@1") or raw aliases (e.g. "migrate")
+// against presets/aliases.lock.json. Path escape is the CRITICAL security
+// concern per Codex review:
+// - resolved paths are realpath'd and verified to stay under <repo>/skills/
+//   or <repo>/node_modules/ (the trusted skill roots)
+// - absolute paths in alias map are rejected
+// - .. traversal in alias map is rejected
+// - symlinks pointing outside trusted root are rejected (resolved + checked)
+//
+// Raw alias collisions are a hard error: ambiguous "thing" → require user to
+// use exact stable ID.
+import * as fs from 'node:fs';
+import * as path from 'node:path';
+import { TRUSTED_SKILL_ROOTS } from "./contract.js";
+import { findPackageRoot } from "../../cli/_pkg-root.js";
+function loadAliasMap(repoRoot) {
+    // Lookup precedence:
+    //   1. repoRoot/presets/aliases.lock.json — repo-local override (e.g. monorepo)
+    //   2. <package-root>/presets/aliases.lock.json — installed package
+    // findPackageRoot walks up from this module looking for the package.json
+    // declaring '@delegance/claude-autopilot', so it works under both source and
+    // compiled (dist/) layouts. Earlier code used __dirname + '../../..' which
+    // landed at <install>/dist/presets/ in the published tarball (presets/ ships
+    // at the package root, not under dist/).
+    const pkgRoot = findPackageRoot(import.meta.url);
+    const candidates = [
+        path.join(repoRoot, 'presets', 'aliases.lock.json'),
+        ...(pkgRoot ? [path.join(pkgRoot, 'presets', 'aliases.lock.json')] : []),
+    ];
+    for (const p of candidates) {
+        if (fs.existsSync(p)) {
+            try {
+                const raw = fs.readFileSync(p, 'utf8');
+                const parsed = JSON.parse(raw);
+                if (typeof parsed?.schemaVersion === 'number' && Array.isArray(parsed.aliases)) {
+                    return parsed;
+                }
+            }
+            catch {
+                // continue to next candidate
+            }
+        }
+    }
+    return null;
+}
+function isUnderTrustedRoot(absResolvedPath, repoRoot) {
+    let realRepoRoot;
+    try {
+        realRepoRoot = fs.realpathSync(repoRoot);
+    }
+    catch {
+        return false;
+    }
+    for (const root of TRUSTED_SKILL_ROOTS) {
+        const trustedAbs = path.resolve(realRepoRoot, root);
+        const rel = path.relative(trustedAbs, absResolvedPath);
+        // rel must NOT start with '..' and must not be absolute (path traversal sentinels)
+        if (rel && !rel.startsWith('..') && !path.isAbsolute(rel)) {
+            return true;
+        }
+        // Also accept the trusted root itself
+        if (absResolvedPath === trustedAbs) {
+            return true;
+        }
+    }
+    return false;
+}
+function validatePathEscape(rawResolvesTo, repoRoot) {
+    // Reject absolute paths and .. traversal in the alias map *before* resolving
+    if (path.isAbsolute(rawResolvesTo)) {
+        return { ok: false, reason: 'absolute path in alias map' };
+    }
+    if (rawResolvesTo.split(/[/\\]/).some(seg => seg === '..')) {
+        return { ok: false, reason: '.. traversal in alias map' };
+    }
+    // Resolve via realpath (follows symlinks)
+    const candidate = path.resolve(repoRoot, rawResolvesTo);
+    let real;
+    try {
+        real = fs.realpathSync(candidate);
+    }
+    catch {
+        return { ok: false, reason: `path does not exist: ${candidate}` };
+    }
+    if (!isUnderTrustedRoot(real, repoRoot)) {
+        return { ok: false, reason: `resolved path escapes trusted roots: ${real}` };
+    }
+    return { ok: true, resolved: real };
+}
+export function resolveSkill(input, opts) {
+    if (!input || typeof input !== 'string') {
+        return {
+            ok: false,
+            reasonCode: 'invalid-input',
+            message: 'skill input must be a non-empty string',
+        };
+    }
+    // Lookup precedence: workspace .autopilot/aliases.lock.json (if exists) > repo root presets/aliases.lock.json
+    const lookupRoot = opts.repoRoot;
+    const aliasMap = loadAliasMap(lookupRoot);
+    if (!aliasMap) {
+        return {
+            ok: false,
+            reasonCode: 'aliases-file-missing',
+            message: `no aliases.lock.json found under ${lookupRoot}`,
+        };
+    }
+    // 1. Exact stable ID match
+    const stableMatch = aliasMap.aliases.find(a => a.stableId === input);
+    if (stableMatch) {
+        return finalizeResolve(stableMatch, lookupRoot, /*normalizedFromRaw*/ false);
+    }
+    // 2. Raw alias normalization (with collision check)
+    const rawMatches = aliasMap.aliases.filter(a => a.rawAliases?.includes(input));
+    if (rawMatches.length > 1) {
+        const candidates = rawMatches.map(m => m.stableId).join(', ');
+        return {
+            ok: false,
+            reasonCode: 'raw-alias-ambiguous',
+            message: `raw alias '${input}' maps to multiple stable IDs: ${candidates}. Use the exact stable ID in stack.md.`,
+        };
+    }
+    if (rawMatches.length === 1) {
+        return finalizeResolve(rawMatches[0], lookupRoot, /*normalizedFromRaw*/ true);
+    }
+    return {
+        ok: false,
+        reasonCode: 'stable-id-unknown',
+        message: `unknown skill '${input}'. Known stable IDs: ${aliasMap.aliases.map(a => a.stableId).join(', ')}. Run \`claude-autopilot doctor\` for help.`,
+    };
+}
+function finalizeResolve(entry, repoRoot, normalizedFromRaw) {
+    const check = validatePathEscape(entry.resolvesTo, repoRoot);
+    if (!check.ok) {
+        return {
+            ok: false,
+            reasonCode: 'path-escape',
+            message: `alias ${entry.stableId} resolvesTo path-escape rejected: ${check.reason}`,
+        };
+    }
+    return {
+        ok: true,
+        stableId: entry.stableId,
+        skillPath: check.resolved,
+        normalizedFromRaw,
+    };
+}
+//# sourceMappingURL=alias-resolver.js.map

package/dist/src/core/migrate/audit-log.d.ts

@@ -0,0 +1,30 @@
+export interface AuditEvent {
+    seq: number;
+    ts: string;
+    invocationId: string;
+    event: string;
+    requested_skill: string;
+    resolved_skill: string;
+    skill_path: string;
+    envelope_contract_version: string;
+    skill_runtime_api_version: string;
+    envelope_hash: string;
+    policy_decisions: string[];
+    mode: 'apply' | 'dry-run' | 'doctor-fix';
+    actor: string;
+    ci_provider: string | null;
+    ci_run_id: string | null;
+    result_status: string;
+    duration_ms: number;
+    prev_hash: string | null;
+}
+export type AuditEventInput = Omit<AuditEvent, 'seq' | 'prev_hash' | 'ts'>;
+export declare function appendAuditEvent(logPath: string, input: AuditEventInput): Promise<void>;
+export declare function readEvents(logPath: string): AuditEvent[];
+export interface VerifyResult {
+    valid: boolean;
+    breakAtLine?: number;
+    reason?: string;
+}
+export declare function verifyChain(logPath: string): VerifyResult;
+//# sourceMappingURL=audit-log.d.ts.map

package/dist/src/core/migrate/audit-log.js

@@ -0,0 +1,100 @@
+// src/core/migrate/audit-log.ts
+//
+// JSONL audit log with monotonic seq + prev_hash chain. Concurrent writes
+// serialized via proper-lockfile (advisory lock with retries + stale recovery).
+import * as fs from 'node:fs';
+import * as path from 'node:path';
+import * as crypto from 'node:crypto';
+import lockfile from 'proper-lockfile';
+function sha256(s) {
+    return 'sha256:' + crypto.createHash('sha256').update(s).digest('hex');
+}
+function readLastLine(p) {
+    if (!fs.existsSync(p))
+        return null;
+    const raw = fs.readFileSync(p, 'utf8');
+    if (!raw.trim())
+        return null;
+    const lines = raw.trim().split('\n');
+    const last = lines[lines.length - 1];
+    const obj = JSON.parse(last);
+    return { seq: obj.seq, lineHash: sha256(last) };
+}
+export async function appendAuditEvent(logPath, input) {
+    const dir = path.dirname(logPath);
+    fs.mkdirSync(dir, { recursive: true });
+    if (!fs.existsSync(logPath))
+        fs.writeFileSync(logPath, '');
+    let release;
+    try {
+        release = await lockfile.lock(logPath, {
+            retries: { retries: 10, factor: 1.5, minTimeout: 50, maxTimeout: 500 },
+            stale: 5000,
+        });
+    }
+    catch (err) {
+        // Fail closed: refuse to write a potentially-forked entry.
+        throw new Error(`audit-log: could not acquire lock on ${logPath}: ${err.message}. ` +
+            `Check for stale locks or filesystem issues. Audit chain not extended.`);
+    }
+    try {
+        const last = readLastLine(logPath);
+        const seq = (last?.seq ?? 0) + 1;
+        const prev_hash = last?.lineHash ?? null;
+        const event = {
+            ...input,
+            seq,
+            prev_hash,
+            ts: new Date().toISOString(),
+        };
+        // Append + fsync so chain is durable before lock release.
+        const handle = fs.openSync(logPath, 'a');
+        try {
+            fs.writeSync(handle, JSON.stringify(event) + '\n');
+            fs.fsyncSync(handle);
+        }
+        finally {
+            fs.closeSync(handle);
+        }
+    }
+    finally {
+        await release();
+    }
+}
+export function readEvents(logPath) {
+    if (!fs.existsSync(logPath))
+        return [];
+    const raw = fs.readFileSync(logPath, 'utf8').trim();
+    if (!raw)
+        return [];
+    return raw.split('\n').map(line => JSON.parse(line));
+}
+export function verifyChain(logPath) {
+    const lines = (fs.existsSync(logPath) ? fs.readFileSync(logPath, 'utf8') : '').trim();
+    if (!lines)
+        return { valid: true };
+    const arr = lines.split('\n');
+    let expectedSeq = 1;
+    let expectedPrevHash = null;
+    for (let i = 0; i < arr.length; i++) {
+        const lineNo = i + 1;
+        const line = arr[i];
+        let obj;
+        try {
+            obj = JSON.parse(line);
+        }
+        catch {
+            return { valid: false, breakAtLine: lineNo, reason: 'invalid-json' };
+        }
+        if (obj.seq !== expectedSeq) {
+            return { valid: false, breakAtLine: lineNo, reason: `seq mismatch: expected ${expectedSeq}, got ${obj.seq}` };
+        }
+        if (obj.prev_hash !== expectedPrevHash) {
+            return { valid: false, breakAtLine: lineNo, reason: 'prev_hash mismatch' };
+        }
+        expectedSeq += 1;
+        expectedPrevHash = sha256(line);
+    }
+    return { valid: true };
+}
+//# sourceMappingURL=audit-log.js.map

package/dist/src/core/migrate/contract.d.ts

@@ -0,0 +1,27 @@
+/** Wire format version for the envelope + result artifact. Skills must
+ *  declare a compatible skill_runtime_api_version. */
+export declare const ENVELOPE_CONTRACT_VERSION: "1.0";
+/** Hard cap on result artifact size. Larger output rejected with
+ *  reasonCode: 'result-too-large'. */
+export declare const RESULT_ARTIFACT_MAX_BYTES = 1048576;
+/** Stdout fallback marker prefix; nonce-bound. Format:
+ *  @@AUTOPILOT_RESULT_BEGIN:<nonce>@@\n{...}\n@@AUTOPILOT_RESULT_END:<nonce>@@
+ *  Disabled by default; opt-in via skill manifest stdoutFallback: true. */
+export declare const STDOUT_MARKER_BEGIN_PREFIX = "@@AUTOPILOT_RESULT_BEGIN:";
+export declare const STDOUT_MARKER_END_PREFIX = "@@AUTOPILOT_RESULT_END:";
+export declare const STDOUT_MARKER_SUFFIX = "@@";
+/** Reserved sideEffectsPerformed enum (v1). Skills cannot invent values;
+ *  new entries land via package release. */
+export declare const RESERVED_SIDE_EFFECTS: readonly ["types-regenerated", "migration-ledger-updated", "schema-cache-refreshed", "seed-data-applied", "snapshot-written", "no-side-effects"];
+/** Shell metacharacters forbidden in CommandSpec args[] entries. The
+ *  structured argv contract executes via spawn(shell:false), so these
+ *  characters provide no benefit and are rejected at schema validation. */
+export declare const SHELL_METACHARS: RegExp;
+/** Trusted root prefixes for skill resolution. resolved skill paths must
+ *  start with one of these (after realpath canonicalization) — prevents
+ *  alias map entries from escaping the repo or installed package dir. */
+export declare const TRUSTED_SKILL_ROOTS: readonly ["skills/", "node_modules/"];
+/** Default temp directory permissions for per-invocation result artifact
+ *  storage. 0700 = rwx for owner only. */
+export declare const RESULT_TEMPDIR_MODE = 448;
+//# sourceMappingURL=contract.d.ts.map

package/dist/src/core/migrate/contract.js

@@ -0,0 +1,35 @@
+// src/core/migrate/contract.ts
+/** Wire format version for the envelope + result artifact. Skills must
+ *  declare a compatible skill_runtime_api_version. */
+export const ENVELOPE_CONTRACT_VERSION = '1.0';
+/** Hard cap on result artifact size. Larger output rejected with
+ *  reasonCode: 'result-too-large'. */
+export const RESULT_ARTIFACT_MAX_BYTES = 1_048_576;
+/** Stdout fallback marker prefix; nonce-bound. Format:
+ *  @@AUTOPILOT_RESULT_BEGIN:<nonce>@@\n{...}\n@@AUTOPILOT_RESULT_END:<nonce>@@
+ *  Disabled by default; opt-in via skill manifest stdoutFallback: true. */
+export const STDOUT_MARKER_BEGIN_PREFIX = '@@AUTOPILOT_RESULT_BEGIN:';
+export const STDOUT_MARKER_END_PREFIX = '@@AUTOPILOT_RESULT_END:';
+export const STDOUT_MARKER_SUFFIX = '@@';
+/** Reserved sideEffectsPerformed enum (v1). Skills cannot invent values;
+ *  new entries land via package release. */
+export const RESERVED_SIDE_EFFECTS = [
+    'types-regenerated',
+    'migration-ledger-updated',
+    'schema-cache-refreshed',
+    'seed-data-applied',
+    'snapshot-written',
+    'no-side-effects',
+];
+/** Shell metacharacters forbidden in CommandSpec args[] entries. The
+ *  structured argv contract executes via spawn(shell:false), so these
+ *  characters provide no benefit and are rejected at schema validation. */
+export const SHELL_METACHARS = /[|;&><`$()]/;
+/** Trusted root prefixes for skill resolution. resolved skill paths must
+ *  start with one of these (after realpath canonicalization) — prevents
+ *  alias map entries from escaping the repo or installed package dir. */
+export const TRUSTED_SKILL_ROOTS = ['skills/', 'node_modules/'];
+/** Default temp directory permissions for per-invocation result artifact
+ *  storage. 0700 = rwx for owner only. */
+export const RESULT_TEMPDIR_MODE = 0o700;
+//# sourceMappingURL=contract.js.map

package/dist/src/core/migrate/detector-rules.d.ts

@@ -0,0 +1,26 @@
+import type { CommandSpec } from './types.ts';
+export type Confidence = 'high' | 'medium' | 'low';
+export interface DetectionRule {
+    name: string;
+    stack: string;
+    confidence: Confidence;
+    /** All entries must exist (relative to project_root) for a match. */
+    requireAll: string[];
+    /** At least one entry must exist (relative to project_root). Optional. */
+    requireAny?: string[];
+    /** Patterns to glob for; at least one match required. Optional. */
+    requireGlob?: string[];
+    /** Path that, if present, disqualifies the rule (e.g. supabase-bare excluded if data/deltas/ present). */
+    excludeIf?: string[];
+    /** A file's content must contain this regex (e.g. Gemfile contains rails). */
+    contentMatches?: {
+        file: string;
+        pattern: RegExp;
+    };
+    defaultSkill: string;
+    defaultCommand?: CommandSpec;
+    /** When confidence is low/medium, prompt user before auto-selecting. */
+    promptOnSelect: boolean;
+}
+export declare const DETECTION_RULES: DetectionRule[];
+//# sourceMappingURL=detector-rules.d.ts.map