npm - @hanzlaa/rcode - Versions diffs - 3.4.22 → 3.4.24 - Mend

@hanzlaa/rcode 3.4.22 → 3.4.24

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/cli/install.js CHANGED Viewed

@@ -55,6 +55,10 @@ const path = require('path');
 const crypto = require('crypto');
 const os = require('os');
+// Atomic write helper (#687) + symlink-safe rmSync (#688) — protect against
+// Ctrl+C mid-write and malicious symlink-traversal during dedup/cleanup.
+const { writeFileAtomic, safeRmSync } = require(path.join(__dirname, 'lib', 'fsutil.cjs'));
 // Bundled packages — devDeps inlined by esbuild, loaded from node_modules in dev.
 const pc = require('picocolors');
 const { createSpinner } = require('nanospinner');
@@ -649,7 +653,7 @@ function seedStarterPlanning(target, projectName) {
       velocity_history: [],
     };
     fs.mkdirSync(path.dirname(rihalStateJson), { recursive: true });
-    fs.writeFileSync(rihalStateJson, JSON.stringify(state, null, 2) + '\n');
+    writeFileAtomic(rihalStateJson, JSON.stringify(state, null, 2) + '\n');
   }
   return true;
@@ -724,7 +728,7 @@ function ensureRcodeGitignore(target, options = {}) {
   const gitignorePath = path.join(target, '.gitignore');
   try {
     if (!fs.existsSync(gitignorePath)) {
-      fs.writeFileSync(gitignorePath, BLOCK);
+      writeFileAtomic(gitignorePath, BLOCK);
       return { action: 'created' };
     }
     const existing = fs.readFileSync(gitignorePath, 'utf8');
@@ -750,12 +754,12 @@ function ensureRcodeGitignore(target, options = {}) {
     if (existing.includes(BEGIN)) {
       const rewritten = spliceBlock(existing, BLOCK);
       if (rewritten !== null && rewritten !== existing) {
-        fs.writeFileSync(gitignorePath, rewritten);
+        writeFileAtomic(gitignorePath, rewritten);
         return { action: 'updated' };
       }
       return { action: 'already-present' };
     }
-    fs.writeFileSync(gitignorePath, existing + BLOCK);
+    writeFileAtomic(gitignorePath, existing + BLOCK);
     return { action: 'appended' };
   } catch (err) {
     return { action: 'skipped-error', error: err.message };
@@ -804,8 +808,7 @@ function ensureRcodePreCommitHook(target, options = {}) {
     fs.mkdirSync(hooksDir, { recursive: true });
     if (!fs.existsSync(hookPath)) {
-      fs.writeFileSync(hookPath, `#!/bin/sh\n${BLOCK}`);
-      fs.chmodSync(hookPath, 0o755);
+      writeFileAtomic(hookPath, `#!/bin/sh\n${BLOCK}`, { mode: 0o755 });
       return { action: 'created' };
     }
@@ -831,15 +834,13 @@ function ensureRcodePreCommitHook(target, options = {}) {
     if (existing.includes(BEGIN)) {
       const rewritten = spliceBlock(existing, BLOCK);
       if (rewritten !== null && rewritten !== existing) {
-        fs.writeFileSync(hookPath, rewritten);
-        fs.chmodSync(hookPath, 0o755);
+        writeFileAtomic(hookPath, rewritten, { mode: 0o755 });
         return { action: 'updated' };
       }
       return { action: 'already-present' };
     }
-    fs.writeFileSync(hookPath, existing + BLOCK);
-    fs.chmodSync(hookPath, 0o755);
+    writeFileAtomic(hookPath, existing + BLOCK, { mode: 0o755 });
     return { action: 'appended' };
   } catch (err) {
     return { action: 'skipped-error', error: err.message };
@@ -951,7 +952,8 @@ function installSkills(packageRoot, target, options = {}) {
           // Also remove the existing project copy (left over from previous
           // installs that didn't dedup) so it stops showing in the picker.
           if (fs.existsSync(dest)) {
-            try { fs.rmSync(dest, { recursive: true, force: true }); } catch { /* non-fatal */ }
+            // #688 — safeRmSync refuses to traverse symlinks pointing outside target.
+            try { safeRmSync(dest, target); } catch { /* non-fatal */ }
           }
           skippedGlobal++;
           continue;
@@ -1875,10 +1877,11 @@ async function install(opts) {
           for (const f of projectCommandFiles) {
             fs.unlinkSync(path.join(projectClaudeCommands, f));
           }
-          // Remove rihal/ subdirectory (vscode-style commands)
+          // Remove rihal/ subdirectory (vscode-style commands).
+          // #688 — safeRmSync refuses to traverse out-of-target symlinks.
           const rihalSubdir = path.join(projectClaudeCommands, 'rihal');
           if (fs.existsSync(rihalSubdir)) {
-            fs.rmSync(rihalSubdir, { recursive: true, force: true });
+            safeRmSync(rihalSubdir, opts.target);
           }
           const projectAgentsDir = path.join(opts.target, '.claude', 'agents');
           if (fs.existsSync(projectAgentsDir)) {
@@ -1927,7 +1930,7 @@ async function install(opts) {
   // Write .rihal/config.yaml (user_name, project_name, language, mode)
   // Note: config.yaml is user data and should NOT be overwritten on --force (unless --reset)
   if (!fs.existsSync(configPath)) {
-    fs.writeFileSync(configPath, generateConfigYaml(opts));
+    writeFileAtomic(configPath, generateConfigYaml(opts));
   } else {
     // Issue #685: re-install path. config.yaml is preserved BUT if the user
     // just changed commit_planning via the prompt/flag, .gitignore will be
@@ -1942,12 +1945,12 @@ async function install(opts) {
       const currentInFile = match ? match[1] === 'true' : null;
       if (match && currentInFile !== desired) {
         const updated = before.replace(re, `commit_planning: ${desired}`);
-        fs.writeFileSync(configPath, updated);
+        writeFileAtomic(configPath, updated);
         console.log('  ' + dim(`Updated commit_planning in config.yaml (${currentInFile} → ${desired}) — closes #685.`));
       } else if (!match) {
         // Older config without the key — append it so the next read finds it.
         const appended = before.replace(/\n*$/, '') + `\ncommit_planning: ${desired}\n`;
-        fs.writeFileSync(configPath, appended);
+        writeFileAtomic(configPath, appended);
       }
     } catch { /* best-effort — never fail install on this */ }
   }
@@ -1973,7 +1976,7 @@ async function install(opts) {
         .replace(/__PROJECT_NAME__/g, opts.projectName)
         .replace(/__INSTALL_DATE__/g, now);
       ensureDir(path.dirname(stateDest));
-      fs.writeFileSync(stateDest, stateContent);
+      writeFileAtomic(stateDest, stateContent);
     }
   }
@@ -2158,10 +2161,13 @@ async function install(opts) {
     // Issue #669 — when global precedence applied (project copies were
     // intentionally removed), count from ~/.claude/ instead so the summary
     // doesn't lie about the install state.
-    if (agentCount === 0 || commandCount === 0) {
-      const os = require('os');
+    // Issue #689: skills count gets the same fallback. After dedup (#679)
+    // the project skills folder may have only sidebar stubs while ~/.claude/
+    // has the real skills — health check should see those.
+    if (agentCount === 0 || commandCount === 0 || skillsInstalled < 20) {
       const homeAgents = path.join(os.homedir(), '.claude/agents');
       const homeCommands = path.join(os.homedir(), '.claude/commands');
+      const homeSkills = path.join(os.homedir(), '.claude/skills');
       if (agentCount === 0 && fs.existsSync(homeAgents)) {
         const n = fs.readdirSync(homeAgents).filter(f => f.startsWith('rihal-') && f.endsWith('.md')).length;
         if (n > 0) { agentCount = n; agentsFromGlobal = true; }
@@ -2170,6 +2176,13 @@ async function install(opts) {
         const n = fs.readdirSync(homeCommands).filter(f => f.startsWith('rihal-') && f.endsWith('.md')).length;
         if (n > 0) { commandCount = n; commandsFromGlobal = true; }
       }
+      if (skillsInstalled < 20 && fs.existsSync(homeSkills)) {
+        try {
+          const globalSkillCount = fs.readdirSync(homeSkills, { withFileTypes: true })
+            .filter(d => d.isDirectory() && d.name.startsWith('rihal-')).length;
+          if (globalSkillCount > skillsInstalled) skillsInstalled = globalSkillCount;
+        } catch { /* non-fatal */ }
+      }
     }
   } catch {}
@@ -2250,6 +2263,36 @@ function runInstallHealthCheck(target, counts) {
   const { execFileSync } = require('child_process');
   let fails = 0;
+  // Issue #689: thresholds were hardcoded at 20 ("expected ≥ 20 agents",
+  // "expected ≥ 20 skills", "expected ≥ 20 commands"). If the package ever
+  // ships fewer than 20 of any kind, the health check fails on every install
+  // even when the install actually succeeded. Worse: if the package ships
+  // 22 agents and an install lands 21 (one corrupt copy), the >= 20 threshold
+  // passes — false green.
+  //
+  // Source the expected counts from the package manifest itself. The verifier
+  // in cli/lib/manifest.cjs already does this; we mirror its result here.
+  let expected = { agents: 20, skills: 20, commands: 20 };
+  try {
+    const { readPackageManifest } = require(path.join(__dirname, 'lib', 'manifest.cjs'));
+    const pkgManifest = readPackageManifest(PACKAGE_ROOT);
+    if (pkgManifest && pkgManifest.agents instanceof Set && pkgManifest.actions instanceof Set) {
+      // Tolerate ~10% loss vs source — global precedence, .local.md
+      // overrides, and intentionally-skipped sidebar stubs all reduce the
+      // count without indicating a failure.
+      const tolerate = (n) => Math.max(1, Math.floor(n * 0.9));
+      expected.agents = tolerate(pkgManifest.agents.size);
+      expected.skills = tolerate(pkgManifest.actions.size);
+      // Commands count comes from rihal/commands/. No bundled enumerator
+      // exists; reuse the agents threshold as a proxy floor.
+      const commandsDir = path.join(PACKAGE_ROOT, 'rihal', 'commands');
+      if (fs.existsSync(commandsDir)) {
+        const cmdCount = fs.readdirSync(commandsDir).filter(f => f.endsWith('.md') && !f.startsWith('_')).length;
+        expected.commands = tolerate(cmdCount);
+      }
+    }
+  } catch { /* keep hardcoded fallback */ }
   function check(label, fn) {
     try {
       const out = fn();
@@ -2283,14 +2326,16 @@ function runInstallHealthCheck(target, counts) {
   });
   check('agents installed', () => {
-    if ((counts.agentCount || 0) < 20) throw new Error(`only ${counts.agentCount} agents (expected ≥ 20)`);
+    if ((counts.agentCount || 0) < expected.agents) {
+      throw new Error(`only ${counts.agentCount} agents (expected ≥ ${expected.agents})`);
+    }
     return `${counts.agentCount}`;
   });
   check('skills + commands installed', () => {
     const issues = [];
-    if ((counts.skillsInstalled || 0) < 20) issues.push(`${counts.skillsInstalled} skills`);
-    if ((counts.commandCount || 0) < 20) issues.push(`${counts.commandCount} commands`);
+    if ((counts.skillsInstalled || 0) < expected.skills) issues.push(`${counts.skillsInstalled} skills (expected ≥ ${expected.skills})`);
+    if ((counts.commandCount || 0) < expected.commands) issues.push(`${counts.commandCount} commands (expected ≥ ${expected.commands})`);
     if (issues.length) throw new Error(`low count: ${issues.join(', ')}`);
     return `${counts.skillsInstalled} skills + ${counts.commandCount} commands`;
   });

package/cli/lib/fsutil.cjs CHANGED Viewed

@@ -71,7 +71,73 @@ function writeJsonAtomic(filePath, obj, opts = {}) {
   writeFileAtomic(filePath, content, opts);
 }
+/**
+ * Safe recursive remove (issue #688).
+ *
+ * `fs.rmSync(path, { recursive: true, force: true })` is fine when `path`
+ * is a directory we control, but if it has been replaced with a symlink to
+ * `/`, `~/`, or any directory outside the project root, the recursive walk
+ * follows it and deletes outside the intended scope. Three sites in the
+ * installer / uninstaller pass user-controlled paths to that pattern.
+ *
+ * This wrapper:
+ *   1. lstats the path. If it is a symlink, unlinks the link only — never
+ *      traverses it.
+ *   2. realpaths it and asserts the resolved path is INSIDE `projectRoot`.
+ *      If not, refuses and returns { ok: false, reason: 'outside-root' }.
+ *   3. otherwise calls fs.rmSync recursively.
+ *
+ * Symlinks INSIDE the directory are still followed by Node's rmSync — that
+ * is unavoidable with the recursive flag. The threat model addressed here
+ * is a single top-level symlink swap (e.g. `.rihal -> /`), not deep nested
+ * symlinks. Defense in depth, not a sandbox.
+ *
+ * @param {string} targetPath path to remove
+ * @param {string} projectRoot absolute path that the target must be inside
+ * @returns {{ok: boolean, reason?: string}}
+ */
+function safeRmSync(targetPath, projectRoot) {
+  let stats;
+  try {
+    stats = fs.lstatSync(targetPath);
+  } catch (err) {
+    if (err.code === 'ENOENT') return { ok: true, reason: 'missing' };
+    return { ok: false, reason: `lstat: ${err.message}` };
+  }
+  // Top-level symlink? Just unlink the link, never traverse.
+  if (stats.isSymbolicLink()) {
+    try {
+      fs.unlinkSync(targetPath);
+      return { ok: true, reason: 'symlink-unlinked' };
+    } catch (err) {
+      return { ok: false, reason: `unlink: ${err.message}` };
+    }
+  }
+  // Real path must stay inside the project root.
+  const root = path.resolve(projectRoot);
+  let resolved;
+  try {
+    resolved = fs.realpathSync(targetPath);
+  } catch (err) {
+    return { ok: false, reason: `realpath: ${err.message}` };
+  }
+  const relative = path.relative(root, resolved);
+  if (relative.startsWith('..') || path.isAbsolute(relative)) {
+    return { ok: false, reason: 'outside-root' };
+  }
+  try {
+    fs.rmSync(resolved, { recursive: true, force: true });
+    return { ok: true };
+  } catch (err) {
+    return { ok: false, reason: `rmSync: ${err.message}` };
+  }
+}
 module.exports = {
   writeFileAtomic,
   writeJsonAtomic,
+  safeRmSync,
 };

package/cli/uninstall.js CHANGED Viewed

@@ -28,7 +28,7 @@ const fs = require('fs');
 const path = require('path');
 const { spawnSync } = require('child_process');
 const { askConfirm, PromptAbortError } = require('./lib/prompts.cjs');
-const { writeFileAtomic } = require('./lib/fsutil.cjs');
+const { writeFileAtomic, safeRmSync } = require('./lib/fsutil.cjs');
 function parseArgs(args) {
   const opts = {
@@ -75,11 +75,18 @@ function isLocalOverride(name) {
 function removeMatching(dir, predicate) {
   if (!fs.existsSync(dir)) return 0;
   let count = 0;
+  // Issue #688: project root for symlink-traversal guard. Anything we
+  // remove from inside the project must resolve to within the project.
+  const projectRoot = path.resolve(process.cwd());
   for (const entry of fs.readdirSync(dir, { withFileTypes: true })) {
     if (isLocalOverride(entry.name)) continue; // #382 — never remove user overrides
     if (!predicate(entry.name)) continue;
     const full = path.join(dir, entry.name);
-    fs.rmSync(full, { recursive: true, force: true });
+    const result = safeRmSync(full, projectRoot);
+    if (!result.ok && result.reason === 'outside-root') {
+      console.log(`   ⚠ refused to remove ${full} — symlink resolves outside project root`);
+      continue;
+    }
     count++;
   }
   return count;
@@ -548,7 +555,10 @@ async function runUninstall(args) {
     // Remove vscode-style subdir .claude/commands/rihal/
     const commandsDir = path.join(cwd, '.claude/commands/rihal');
     if (fs.existsSync(commandsDir)) {
-      fs.rmSync(commandsDir, { recursive: true, force: true });
+      const r = safeRmSync(commandsDir, path.resolve(cwd));
+      if (!r.ok && r.reason === 'outside-root') {
+        console.log(`   ⚠ refused to remove ${commandsDir} — symlink resolves outside project root`);
+      }
     }
     // Remove claude-style root-level rihal-*.md files
     const commandsRoot = path.join(cwd, '.claude/commands');
@@ -641,8 +651,12 @@ async function runUninstall(args) {
   // not user data. Refreshed by `brain pull` on next install.
   const brainDir = path.join(cwd, '.rihal', 'brain');
   if (fs.existsSync(brainDir)) {
-    fs.rmSync(brainDir, { recursive: true, force: true });
-    console.log(`   ✓ removed .rihal/brain/ (pulled content, will refresh on reinstall)`);
+    const r = safeRmSync(brainDir, path.resolve(cwd));
+    if (r.ok) {
+      console.log(`   ✓ removed .rihal/brain/ (pulled content, will refresh on reinstall)`);
+    } else if (r.reason === 'outside-root') {
+      console.log(`   ⚠ refused to remove .rihal/brain/ — symlink resolves outside project root`);
+    }
   }
   // Handle .rihal/ state directory
@@ -668,8 +682,14 @@ async function runUninstall(args) {
     }
     if (shouldDeleteState) {
-      fs.rmSync(rihalDir, { recursive: true, force: true });
-      console.log(`   ✓ removed .rihal/ state directory`);
+      const r = safeRmSync(rihalDir, path.resolve(cwd));
+      if (r.ok) {
+        console.log(`   ✓ removed .rihal/ state directory`);
+      } else if (r.reason === 'outside-root') {
+        console.log(`   ⚠ refused to remove .rihal/ — symlink resolves outside project root`);
+      } else {
+        console.log(`   ⚠ could not remove .rihal/: ${r.reason}`);
+      }
     } else {
       console.log(`   ℹ kept .rihal/ state directory (your project data is preserved)`);
     }
@@ -681,8 +701,14 @@ async function runUninstall(args) {
   if (opts.purge) {
     const planningDir = path.join(cwd, '.planning');
     if (fs.existsSync(planningDir)) {
-      fs.rmSync(planningDir, { recursive: true, force: true });
-      console.log(`   ✓ removed .planning/ (--purge)`);
+      const r = safeRmSync(planningDir, path.resolve(cwd));
+      if (r.ok) {
+        console.log(`   ✓ removed .planning/ (--purge)`);
+      } else if (r.reason === 'outside-root') {
+        console.log(`   ⚠ refused to remove .planning/ — symlink resolves outside project root`);
+      } else {
+        console.log(`   ⚠ could not remove .planning/: ${r.reason}`);
+      }
     }
     // Strip the rcode-managed block from .gitignore. The installer writes

package/dist/rcode.js CHANGED Viewed

@@ -14946,6 +14946,7 @@ var require_install = __commonJS({
     var path2 = require("path");
     var crypto = require("crypto");
     var os = require("os");
+    var { writeFileAtomic, safeRmSync } = require(path2.join(__dirname, "lib", "fsutil.cjs"));
     var pc = require_picocolors();
     var { createSpinner } = require_dist();
     var fg = require_out4();
@@ -15188,10 +15189,23 @@ var require_install = __commonJS({
     async function resolveCommitPlanning(opts) {
       if (opts.commitPlanning !== null) return opts.commitPlanning;
       if (opts.noPrompt || opts.global) return false;
-      if (opts.yes || !process.stdin.isTTY) return true;
+      let existingValue = null;
+      try {
+        const cfgPath = path2.join(opts.target, ".rihal", "config.yaml");
+        if (fs2.existsSync(cfgPath)) {
+          const cfg = fs2.readFileSync(cfgPath, "utf8");
+          const m = cfg.match(/^commit_planning:\s*(true|false)\s*$/m);
+          if (m) existingValue = m[1] === "true";
+        }
+      } catch {
+      }
+      if (opts.yes || !process.stdin.isTTY) {
+        return existingValue !== null ? existingValue : true;
+      }
+      const initialValue = existingValue === false ? "gitignore" : "commit";
       const choice = await clack.select({
-        message: "\u{1F4CB} .planning/ holds PRDs, roadmaps, sprints, SUMMARY files. How should they be tracked?",
-        initialValue: "commit",
+        message: existingValue !== null ? "\u{1F4CB} .planning/ tracking \u2014 current setting preserved unless you change it." : "\u{1F4CB} .planning/ holds PRDs, roadmaps, sprints, SUMMARY files. How should they be tracked?",
+        initialValue,
         options: [
           { value: "commit", label: "Commit", hint: "collaborators see the same plans (recommended)" },
           { value: "gitignore", label: "Gitignore", hint: "planning stays local (good for sensitive PRDs)" }
@@ -15312,9 +15326,13 @@ Installs (IDE-specific):
       fs2.mkdirSync(planningDir, { recursive: true });
       const today = (/* @__PURE__ */ new Date()).toISOString().slice(0, 10);
       const name = projectName || path2.basename(target);
+      const STUB_BANNER = `<!-- INSTALL STUB \u2014 overwritten by /rihal-new-project. Delete this file or run
+     /rihal-new-project before committing. See https://github.com/hanzlahabib/rihal-code/issues/670 -->
+`;
       fs2.writeFileSync(
         projectPath,
-        `# ${name}
+        STUB_BANNER + `# ${name}
 **One-line:** Describe what this project is in one sentence.
@@ -15331,7 +15349,7 @@ What this project delivers and who it serves.
       );
       fs2.writeFileSync(
         roadmapPath,
-        `# ${name} \u2014 Roadmap
+        STUB_BANNER + `# ${name} \u2014 Roadmap
 **Milestone: M1 \u2014 Initial Delivery** (v1.0)
 Started: ${today} \xB7 Current
@@ -15355,7 +15373,7 @@ Ideas and future phases go here.
       );
       fs2.writeFileSync(
         statePath,
-        `# ${name} \u2014 State
+        STUB_BANNER + `# ${name} \u2014 State
 **Last updated:** ${today}
 **Milestone:** M1 \u2014 Initial Delivery
@@ -15374,7 +15392,7 @@ _None._
 ## Next Action
-Say "plan a sprint" or run \`/rihal-sprint-planning\` to break Phase 01 into stories.
+Run \`/rihal-new-project <description>\` to bootstrap, or \`/rihal-sprint-planning\` once a real phase exists.
 `
       );
       const rihalStateJson = path2.join(target, ".rihal", "state.json");
@@ -15382,16 +15400,15 @@ Say "plan a sprint" or run \`/rihal-sprint-planning\` to break Phase 01 into sto
         const now = (/* @__PURE__ */ new Date()).toISOString();
         const state = {
           version: "1",
-          project: name,
+          project: null,
+          _seeded_stub: true,
           created: now,
           updated: now,
-          current_phase: "01",
+          current_phase: null,
           current_plan: 0,
           current_sprint: null,
-          milestone: "M1 \u2014 Initial Delivery",
-          phases: [
-            { id: "01", name: "Setup & Scaffolding", status: "planned" }
-          ],
+          milestone: null,
+          phases: [],
           executions: [],
           decisions: [],
           blockers: [],
@@ -15403,7 +15420,7 @@ Say "plan a sprint" or run \`/rihal-sprint-planning\` to break Phase 01 into sto
           velocity_history: []
         };
         fs2.mkdirSync(path2.dirname(rihalStateJson), { recursive: true });
-        fs2.writeFileSync(rihalStateJson, JSON.stringify(state, null, 2) + "\n");
+        writeFileAtomic(rihalStateJson, JSON.stringify(state, null, 2) + "\n");
       }
       return true;
     }
@@ -15472,19 +15489,19 @@ Say "plan a sprint" or run \`/rihal-sprint-planning\` to break Phase 01 into sto
         };
         var spliceBlock = spliceBlock2;
         if (!fs2.existsSync(gitignorePath)) {
-          fs2.writeFileSync(gitignorePath, BLOCK);
+          writeFileAtomic(gitignorePath, BLOCK);
           return { action: "created" };
         }
         const existing = fs2.readFileSync(gitignorePath, "utf8");
         if (existing.includes(BEGIN)) {
           const rewritten = spliceBlock2(existing, BLOCK);
           if (rewritten !== null && rewritten !== existing) {
-            fs2.writeFileSync(gitignorePath, rewritten);
+            writeFileAtomic(gitignorePath, rewritten);
             return { action: "updated" };
           }
           return { action: "already-present" };
         }
-        fs2.writeFileSync(gitignorePath, existing + BLOCK);
+        writeFileAtomic(gitignorePath, existing + BLOCK);
         return { action: "appended" };
       } catch (err) {
         return { action: "skipped-error", error: err.message };
@@ -15533,23 +15550,20 @@ Say "plan a sprint" or run \`/rihal-sprint-planning\` to break Phase 01 into sto
         var spliceBlock = spliceBlock2;
         fs2.mkdirSync(hooksDir, { recursive: true });
         if (!fs2.existsSync(hookPath)) {
-          fs2.writeFileSync(hookPath, `#!/bin/sh
-${BLOCK}`);
-          fs2.chmodSync(hookPath, 493);
+          writeFileAtomic(hookPath, `#!/bin/sh
+${BLOCK}`, { mode: 493 });
           return { action: "created" };
         }
         const existing = fs2.readFileSync(hookPath, "utf8");
         if (existing.includes(BEGIN)) {
           const rewritten = spliceBlock2(existing, BLOCK);
           if (rewritten !== null && rewritten !== existing) {
-            fs2.writeFileSync(hookPath, rewritten);
-            fs2.chmodSync(hookPath, 493);
+            writeFileAtomic(hookPath, rewritten, { mode: 493 });
             return { action: "updated" };
           }
           return { action: "already-present" };
         }
-        fs2.writeFileSync(hookPath, existing + BLOCK);
-        fs2.chmodSync(hookPath, 493);
+        writeFileAtomic(hookPath, existing + BLOCK, { mode: 493 });
         return { action: "appended" };
       } catch (err) {
         return { action: "skipped-error", error: err.message };
@@ -15584,20 +15598,31 @@ ${BLOCK}`);
       }
       return copied;
     }
-    function installSkills(packageRoot, target) {
+    function installSkills(packageRoot, target, options = {}) {
       const skillsSource = path2.join(packageRoot, "rihal/skills");
       const skillsDest = path2.join(target, ".claude/skills");
       const internalDest = path2.join(target, ".rihal/skills");
-      if (!fs2.existsSync(skillsSource)) return 0;
+      if (!fs2.existsSync(skillsSource)) return { count: 0, skippedGlobal: 0 };
       fs2.mkdirSync(skillsDest, { recursive: true });
       fs2.mkdirSync(internalDest, { recursive: true });
+      const globalSkillsDir = path2.join(os.homedir(), ".claude", "skills");
+      const globalRihalSkills = options.skipGlobalDuplicates && fs2.existsSync(globalSkillsDir) ? new Set(fs2.readdirSync(globalSkillsDir).filter((n) => n.startsWith("rihal-"))) : /* @__PURE__ */ new Set();
       let count = 0;
+      let skippedGlobal = 0;
       function isInternalSkill(skillDir) {
         const skillMd = path2.join(skillDir, "SKILL.md");
         if (!fs2.existsSync(skillMd)) return false;
         const text = fs2.readFileSync(skillMd, "utf8");
         return /^internal:\s*true\s*$/m.test(text);
       }
+      function hasLocalOverride(destDir) {
+        if (!fs2.existsSync(destDir)) return false;
+        try {
+          return fs2.readdirSync(destDir).some((f) => f.endsWith(".local.md"));
+        } catch {
+          return false;
+        }
+      }
       function walkForSkills(dir) {
         if (!fs2.existsSync(dir)) return;
         for (const entry of fs2.readdirSync(dir, { withFileTypes: true })) {
@@ -15606,7 +15631,18 @@ ${BLOCK}`);
           const hasSkillMd = fs2.existsSync(path2.join(src, "SKILL.md"));
           if (hasSkillMd) {
             const destName = entry.name.startsWith("rihal-") ? entry.name : `rihal-${entry.name}`;
-            const dest = isInternalSkill(src) ? path2.join(internalDest, destName) : path2.join(skillsDest, destName);
+            const internal = isInternalSkill(src);
+            const dest = internal ? path2.join(internalDest, destName) : path2.join(skillsDest, destName);
+            if (!internal && globalRihalSkills.has(destName) && !hasLocalOverride(dest)) {
+              if (fs2.existsSync(dest)) {
+                try {
+                  safeRmSync(dest, target);
+                } catch {
+                }
+              }
+              skippedGlobal++;
+              continue;
+            }
             copyDirRecursive(src, dest);
             count++;
           } else {
@@ -15617,7 +15653,7 @@ ${BLOCK}`);
       for (const bucket of ["agents", "actions", "core"]) {
         walkForSkills(path2.join(skillsSource, bucket));
       }
-      return count;
+      return { count, skippedGlobal };
     }
     function parseFrontmatter(text) {
       if (!text.startsWith("---\n")) return { frontmatter: {}, body: text };
@@ -16001,6 +16037,15 @@ ${BLOCK}`);
         printHelp2();
         return 0;
       }
+      if (opts.reset && !opts.force) {
+        console.log("");
+        console.log("  " + warn("--reset has no effect without --force."));
+        console.log("  " + dim("  --reset wipes config.yaml and state.json. To prevent accidental data loss,"));
+        console.log("  " + dim("  it must be paired with --force. Re-run as:"));
+        console.log("  " + dim("    rcode install --reset --force"));
+        console.log("");
+        return 2;
+      }
       const pkgVersion = readPackageVersion();
       const isInteractive = process.stdin.isTTY && !opts.yes;
       if (isInteractive) printInstallHeader(pkgVersion);
@@ -16273,7 +16318,8 @@ ${BLOCK}`);
         const configDir2 = path2.join(opts.target, ".rihal", "_config");
         ensureDir(configDir2);
         fs2.writeFileSync(path2.join(configDir2, "manifest.yaml"), generateInstallManifest(opts));
-        let skillsInstalled2 = installSkills(PACKAGE_ROOT2, opts.target);
+        const skillsResult2 = installSkills(PACKAGE_ROOT2, opts.target);
+        let skillsInstalled2 = skillsResult2.count;
         try {
           const { main: generateCommandSkills } = require(path2.join(PACKAGE_ROOT2, "cli", "generate-command-skills.cjs"));
           const stubsDir = path2.join(opts.target, ".claude", "skills");
@@ -16312,7 +16358,7 @@ ${BLOCK}`);
               }
               const rihalSubdir = path2.join(projectClaudeCommands, "rihal");
               if (fs2.existsSync(rihalSubdir)) {
-                fs2.rmSync(rihalSubdir, { recursive: true, force: true });
+                safeRmSync(rihalSubdir, opts.target);
               }
               const projectAgentsDir = path2.join(opts.target, ".claude", "agents");
               if (fs2.existsSync(projectAgentsDir)) {
@@ -16352,7 +16398,26 @@ ${BLOCK}`);
         existedBefore = true;
       }
       if (!fs2.existsSync(configPath)) {
-        fs2.writeFileSync(configPath, generateConfigYaml(opts));
+        writeFileAtomic(configPath, generateConfigYaml(opts));
+      } else {
+        try {
+          const before = fs2.readFileSync(configPath, "utf8");
+          const desired = opts.commitPlanning !== false;
+          const re = /^commit_planning:\s*(true|false)\s*$/m;
+          const match = before.match(re);
+          const currentInFile = match ? match[1] === "true" : null;
+          if (match && currentInFile !== desired) {
+            const updated = before.replace(re, `commit_planning: ${desired}`);
+            writeFileAtomic(configPath, updated);
+            console.log("  " + dim(`Updated commit_planning in config.yaml (${currentInFile} \u2192 ${desired}) \u2014 closes #685.`));
+          } else if (!match) {
+            const appended = before.replace(/\n*$/, "") + `
+commit_planning: ${desired}
+`;
+            writeFileAtomic(configPath, appended);
+          }
+        } catch {
+        }
       }
       try {
         const configText = fs2.readFileSync(configPath, "utf8");
@@ -16372,7 +16437,7 @@ ${BLOCK}`);
           const now = (/* @__PURE__ */ new Date()).toISOString();
           const stateContent = fs2.readFileSync(stateSrc, "utf8").replace(/__PROJECT_NAME__/g, opts.projectName).replace(/__INSTALL_DATE__/g, now);
           ensureDir(path2.dirname(stateDest));
-          fs2.writeFileSync(stateDest, stateContent);
+          writeFileAtomic(stateDest, stateContent);
         }
       }
       ensureDir(path2.join(opts.target, ".planning", "council-sessions"));
@@ -16392,15 +16457,26 @@ ${BLOCK}`);
         path2.join(configDir, "files-manifest.csv"),
         generateFilesManifest(plan, opts.target, { mergeExistingManifest: !opts.force })
       );
-      let skillsInstalled = installSkills(PACKAGE_ROOT2, opts.target);
+      const skillsResult = installSkills(PACKAGE_ROOT2, opts.target, {
+        skipGlobalDuplicates: isProjectInstall
+      });
+      let skillsInstalled = skillsResult.count;
+      if (skillsResult.skippedGlobal > 0) {
+        console.log("  " + dim(`Skipped ${skillsResult.skippedGlobal} project-level rihal skills (global ones in ~/.claude/skills/ take precedence) \u2014 closes #679.`));
+      }
       try {
         const { main: generateCommandSkills } = require(path2.join(PACKAGE_ROOT2, "cli", "generate-command-skills.cjs"));
         const stubsDir = path2.join(opts.target, ".claude", "skills");
-        const result = generateCommandSkills(PACKAGE_ROOT2, stubsDir, readPackageVersion());
+        const result = generateCommandSkills(PACKAGE_ROOT2, stubsDir, readPackageVersion(), {
+          skipGlobalDuplicates: isProjectInstall
+        });
         if (result.generated > 0) {
           console.log("  " + dim(`${result.generated} sidebar skill stub${result.generated === 1 ? "" : "s"} generated for command discoverability`));
           skillsInstalled += result.generated;
         }
+        if (result.skippedGlobal > 0) {
+          console.log("  " + dim(`Skipped ${result.skippedGlobal} sidebar stub${result.skippedGlobal === 1 ? "" : "s"} that duplicate global ~/.claude/skills/ \u2014 closes #679.`));
+        }
       } catch (err) {
         console.log("  " + dim(`(sidebar stub generation skipped: ${err.message})`));
       }
@@ -16494,10 +16570,10 @@ ${BLOCK}`);
           const commandFilter = primaryIde === "claude" ? (f) => f.startsWith("rihal-") && (f.endsWith(".md") || f.endsWith(".mdc")) : (f) => f.endsWith(".md") || f.endsWith(".mdc");
           commandCount = fs2.readdirSync(commandsDir).filter(commandFilter).length;
         }
-        if (agentCount === 0 || commandCount === 0) {
-          const os2 = require("os");
-          const homeAgents = path2.join(os2.homedir(), ".claude/agents");
-          const homeCommands = path2.join(os2.homedir(), ".claude/commands");
+        if (agentCount === 0 || commandCount === 0 || skillsInstalled < 20) {
+          const homeAgents = path2.join(os.homedir(), ".claude/agents");
+          const homeCommands = path2.join(os.homedir(), ".claude/commands");
+          const homeSkills = path2.join(os.homedir(), ".claude/skills");
           if (agentCount === 0 && fs2.existsSync(homeAgents)) {
             const n = fs2.readdirSync(homeAgents).filter((f) => f.startsWith("rihal-") && f.endsWith(".md")).length;
             if (n > 0) {
@@ -16512,6 +16588,13 @@ ${BLOCK}`);
               commandsFromGlobal = true;
             }
           }
+          if (skillsInstalled < 20 && fs2.existsSync(homeSkills)) {
+            try {
+              const globalSkillCount = fs2.readdirSync(homeSkills, { withFileTypes: true }).filter((d) => d.isDirectory() && d.name.startsWith("rihal-")).length;
+              if (globalSkillCount > skillsInstalled) skillsInstalled = globalSkillCount;
+            } catch {
+            }
+          }
         }
       } catch {
       }
@@ -16580,6 +16663,22 @@ ${BLOCK}`);
       console.log(`  ${bold("Health check:")}`);
       const { execFileSync } = require("child_process");
       let fails = 0;
+      let expected = { agents: 20, skills: 20, commands: 20 };
+      try {
+        const { readPackageManifest } = require(path2.join(__dirname, "lib", "manifest.cjs"));
+        const pkgManifest = readPackageManifest(PACKAGE_ROOT2);
+        if (pkgManifest && pkgManifest.agents instanceof Set && pkgManifest.actions instanceof Set) {
+          const tolerate = (n) => Math.max(1, Math.floor(n * 0.9));
+          expected.agents = tolerate(pkgManifest.agents.size);
+          expected.skills = tolerate(pkgManifest.actions.size);
+          const commandsDir = path2.join(PACKAGE_ROOT2, "rihal", "commands");
+          if (fs2.existsSync(commandsDir)) {
+            const cmdCount = fs2.readdirSync(commandsDir).filter((f) => f.endsWith(".md") && !f.startsWith("_")).length;
+            expected.commands = tolerate(cmdCount);
+          }
+        }
+      } catch {
+      }
       function check(label, fn) {
         try {
           const out = fn();
@@ -16609,13 +16708,15 @@ ${BLOCK}`);
         return "valid JSON";
       });
       check("agents installed", () => {
-        if ((counts.agentCount || 0) < 20) throw new Error(`only ${counts.agentCount} agents (expected \u2265 20)`);
+        if ((counts.agentCount || 0) < expected.agents) {
+          throw new Error(`only ${counts.agentCount} agents (expected \u2265 ${expected.agents})`);
+        }
         return `${counts.agentCount}`;
       });
       check("skills + commands installed", () => {
         const issues = [];
-        if ((counts.skillsInstalled || 0) < 20) issues.push(`${counts.skillsInstalled} skills`);
-        if ((counts.commandCount || 0) < 20) issues.push(`${counts.commandCount} commands`);
+        if ((counts.skillsInstalled || 0) < expected.skills) issues.push(`${counts.skillsInstalled} skills (expected \u2265 ${expected.skills})`);
+        if ((counts.commandCount || 0) < expected.commands) issues.push(`${counts.commandCount} commands (expected \u2265 ${expected.commands})`);
         if (issues.length) throw new Error(`low count: ${issues.join(", ")}`);
         return `${counts.skillsInstalled} skills + ${counts.commandCount} commands`;
       });
@@ -17019,9 +17120,44 @@ var require_fsutil = __commonJS({
       const content = JSON.stringify(obj, null, 2) + "\n";
       writeFileAtomic(filePath, content, opts);
     }
+    function safeRmSync(targetPath, projectRoot) {
+      let stats;
+      try {
+        stats = fs2.lstatSync(targetPath);
+      } catch (err) {
+        if (err.code === "ENOENT") return { ok: true, reason: "missing" };
+        return { ok: false, reason: `lstat: ${err.message}` };
+      }
+      if (stats.isSymbolicLink()) {
+        try {
+          fs2.unlinkSync(targetPath);
+          return { ok: true, reason: "symlink-unlinked" };
+        } catch (err) {
+          return { ok: false, reason: `unlink: ${err.message}` };
+        }
+      }
+      const root = path2.resolve(projectRoot);
+      let resolved;
+      try {
+        resolved = fs2.realpathSync(targetPath);
+      } catch (err) {
+        return { ok: false, reason: `realpath: ${err.message}` };
+      }
+      const relative = path2.relative(root, resolved);
+      if (relative.startsWith("..") || path2.isAbsolute(relative)) {
+        return { ok: false, reason: "outside-root" };
+      }
+      try {
+        fs2.rmSync(resolved, { recursive: true, force: true });
+        return { ok: true };
+      } catch (err) {
+        return { ok: false, reason: `rmSync: ${err.message}` };
+      }
+    }
     module2.exports = {
       writeFileAtomic,
-      writeJsonAtomic
+      writeJsonAtomic,
+      safeRmSync
     };
   }
 });
@@ -17502,7 +17638,7 @@ var require_uninstall = __commonJS({
     var path2 = require("path");
     var { spawnSync } = require("child_process");
     var { askConfirm, PromptAbortError } = require_prompts();
-    var { writeFileAtomic } = require_fsutil();
+    var { writeFileAtomic, safeRmSync } = require_fsutil();
     function parseArgs(args) {
       const opts = {
         editor: null,
@@ -17538,11 +17674,16 @@ var require_uninstall = __commonJS({
     function removeMatching(dir, predicate) {
       if (!fs2.existsSync(dir)) return 0;
       let count = 0;
+      const projectRoot = path2.resolve(process.cwd());
       for (const entry of fs2.readdirSync(dir, { withFileTypes: true })) {
         if (isLocalOverride(entry.name)) continue;
         if (!predicate(entry.name)) continue;
         const full = path2.join(dir, entry.name);
-        fs2.rmSync(full, { recursive: true, force: true });
+        const result = safeRmSync(full, projectRoot);
+        if (!result.ok && result.reason === "outside-root") {
+          console.log(`   \u26A0 refused to remove ${full} \u2014 symlink resolves outside project root`);
+          continue;
+        }
         count++;
       }
       return count;
@@ -17666,7 +17807,7 @@ var require_uninstall = __commonJS({
     function isKnownSkillName(name) {
       return KNOWN_ACTION_SKILLS.includes(name);
     }
-    function planToPathList(plan, cwd) {
+    function planToPathList(plan, cwd, options = {}) {
       const paths = [];
       for (const name of plan.claude.skills) {
         paths.push(path2.join(".claude/skills", name));
@@ -17689,10 +17830,25 @@ var require_uninstall = __commonJS({
       if (plan.agentsMd && fs2.existsSync(path2.join(cwd, "AGENTS.md"))) {
         paths.push("AGENTS.md");
       }
+      if (options.purge) {
+        const rihalDir = path2.join(cwd, ".rihal");
+        if (fs2.existsSync(rihalDir)) {
+          try {
+            for (const entry of fs2.readdirSync(rihalDir)) {
+              if (entry === "backups") continue;
+              paths.push(path2.join(".rihal", entry));
+            }
+          } catch {
+          }
+        }
+        if (fs2.existsSync(path2.join(cwd, ".planning"))) {
+          paths.push(".planning");
+        }
+      }
       return paths;
     }
-    function createBackup(cwd, plan) {
-      const paths = planToPathList(plan, cwd);
+    function createBackup(cwd, plan, options = {}) {
+      const paths = planToPathList(plan, cwd, { purge: options.purge === true });
       if (paths.length === 0) {
         return { ok: false, warning: "nothing to back up" };
       }
@@ -17700,11 +17856,11 @@ var require_uninstall = __commonJS({
       if (tarCheck.status !== 0) {
         return { ok: false, warning: "tar not available on this system" };
       }
-      const backupsDir = path2.join(cwd, ".rihal/backups");
+      const backupsDir = options.purge ? path2.join(cwd, ".rihal-backups") : path2.join(cwd, ".rihal/backups");
       try {
         fs2.mkdirSync(backupsDir, { recursive: true });
       } catch (err) {
-        return { ok: false, warning: `could not create .rihal/backups/: ${err.message}` };
+        return { ok: false, warning: `could not create ${path2.relative(cwd, backupsDir)}/: ${err.message}` };
       }
       const ts = (/* @__PURE__ */ new Date()).toISOString().replace(/[:.]/g, "-").slice(0, 19);
       const backupFile = path2.join(backupsDir, `uninstall-${ts}.tgz`);
@@ -17845,9 +18001,12 @@ var require_uninstall = __commonJS({
         }
       }
       console.log();
-      const backup = createBackup(cwd, plan);
+      const backup = createBackup(cwd, plan, { purge: opts.purge === true });
       if (backup.ok) {
         console.log(`   \u{1F4BE} backup created: ${backup.path}`);
+        if (opts.purge) {
+          console.log("      includes .rihal/ and .planning/ (state, decisions, planning artifacts)");
+        }
       } else {
         console.log(`   \u26A0 no backup created (${backup.warning}) \u2014 continuing anyway`);
       }
@@ -17860,7 +18019,10 @@ var require_uninstall = __commonJS({
         if (n > 0) console.log(`   \u2713 removed ${n} Claude skills`);
         const commandsDir = path2.join(cwd, ".claude/commands/rihal");
         if (fs2.existsSync(commandsDir)) {
-          fs2.rmSync(commandsDir, { recursive: true, force: true });
+          const r = safeRmSync(commandsDir, path2.resolve(cwd));
+          if (!r.ok && r.reason === "outside-root") {
+            console.log(`   \u26A0 refused to remove ${commandsDir} \u2014 symlink resolves outside project root`);
+          }
         }
         const commandsRoot = path2.join(cwd, ".claude/commands");
         let commandsRemoved = 0;
@@ -17938,8 +18100,12 @@ var require_uninstall = __commonJS({
       ]);
       const brainDir = path2.join(cwd, ".rihal", "brain");
       if (fs2.existsSync(brainDir)) {
-        fs2.rmSync(brainDir, { recursive: true, force: true });
-        console.log(`   \u2713 removed .rihal/brain/ (pulled content, will refresh on reinstall)`);
+        const r = safeRmSync(brainDir, path2.resolve(cwd));
+        if (r.ok) {
+          console.log(`   \u2713 removed .rihal/brain/ (pulled content, will refresh on reinstall)`);
+        } else if (r.reason === "outside-root") {
+          console.log(`   \u26A0 refused to remove .rihal/brain/ \u2014 symlink resolves outside project root`);
+        }
       }
       if (plan.stateDir) {
         const rihalDir = path2.join(cwd, ".rihal");
@@ -17961,8 +18127,14 @@ var require_uninstall = __commonJS({
           );
         }
         if (shouldDeleteState) {
-          fs2.rmSync(rihalDir, { recursive: true, force: true });
-          console.log(`   \u2713 removed .rihal/ state directory`);
+          const r = safeRmSync(rihalDir, path2.resolve(cwd));
+          if (r.ok) {
+            console.log(`   \u2713 removed .rihal/ state directory`);
+          } else if (r.reason === "outside-root") {
+            console.log(`   \u26A0 refused to remove .rihal/ \u2014 symlink resolves outside project root`);
+          } else {
+            console.log(`   \u26A0 could not remove .rihal/: ${r.reason}`);
+          }
         } else {
           console.log(`   \u2139 kept .rihal/ state directory (your project data is preserved)`);
         }
@@ -17970,14 +18142,20 @@ var require_uninstall = __commonJS({
       if (opts.purge) {
         const planningDir = path2.join(cwd, ".planning");
         if (fs2.existsSync(planningDir)) {
-          fs2.rmSync(planningDir, { recursive: true, force: true });
-          console.log(`   \u2713 removed .planning/ (--purge)`);
+          const r = safeRmSync(planningDir, path2.resolve(cwd));
+          if (r.ok) {
+            console.log(`   \u2713 removed .planning/ (--purge)`);
+          } else if (r.reason === "outside-root") {
+            console.log(`   \u26A0 refused to remove .planning/ \u2014 symlink resolves outside project root`);
+          } else {
+            console.log(`   \u26A0 could not remove .planning/: ${r.reason}`);
+          }
         }
         const gitignorePath = path2.join(cwd, ".gitignore");
         if (fs2.existsSync(gitignorePath)) {
           try {
             const before = fs2.readFileSync(gitignorePath, "utf8");
-            const stripped = before.replace(/\n?# >>> rihal-code >>>[\s\S]*?# <<< rihal-code <<<\n?/g, "\n").replace(/\n?# rcode[\s\S]*?(?=\n\n|\n$|$)/g, "\n").replace(/\n{3,}/g, "\n\n");
+            const stripped = before.replace(/\n?# ===== rcode-managed gitignore block[\s\S]*?# ===== end rcode-managed gitignore block =====\n?/g, "\n").replace(/\n?# >>> rihal-code >>>[\s\S]*?# <<< rihal-code <<<\n?/g, "\n").replace(/\n{3,}/g, "\n\n");
             if (stripped !== before) {
               fs2.writeFileSync(gitignorePath, stripped);
               console.log(`   \u2713 stripped rcode block from .gitignore (--purge)`);

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@hanzlaa/rcode",
-  "version": "3.4.22",
+  "version": "3.4.24",
   "description": "rcode — the memory bank for AI-driven SaaS teams. Persistent project context, distinctive engineering personas, and phase-based workflows. Built by Rihal. Works in Claude Code, Cursor, Gemini, VS Code, and Antigravity.",
   "main": "cli/index.js",
   "bin": {
@@ -15,6 +15,7 @@
     "postinstall": "node cli/postinstall.js",
     "build:cli": "node scripts/build.cjs",
     "build": "node scripts/build.cjs",
+    "prepack": "node scripts/build.cjs",
     "dogfood": "bash scripts/dogfood-check.sh"
   },
   "files": [