@muggleai/works 4.0.3 → 4.2.0

package/README.md

@@ -375,8 +375,8 @@ Data directory structure (~/.muggle-ai/)
 
 ```
 ~/.muggle-ai/
-├── auth.json             # OAuth tokens
-├── credentials.json      # API key for service calls
+├── oauth-session.json    # OAuth tokens (short-lived, auto-refresh)
+├── api-key.json          # Long-lived API key for service calls
 ├── projects/             # Local project cache
 ├── sessions/             # QA sessions
 │   └── {runId}/
@@ -424,7 +424,7 @@ muggle doctor           # Diagnose
 
 ```bash
 muggle logout           # Clear all credentials
-rm ~/.muggle-ai/auth.json ~/.muggle-ai/credentials.json
+rm ~/.muggle-ai/oauth-session.json ~/.muggle-ai/api-key.json
 muggle login            # Fresh login
 ```
 

package/dist/{chunk-BQZQDOXI.js → chunk-CXTJOYWM.js}

@@ -39,7 +39,7 @@ var DEFAULT_PROMPT_SERVICE_PRODUCTION_URL = "https://promptservice.muggle-ai.com
 var DEFAULT_PROMPT_SERVICE_DEV_URL = "http://localhost:5050";
 var DEFAULT_WEB_SERVICE_URL = "http://localhost:3001";
 var ELECTRON_APP_DIR = "electron-app";
-var CREDENTIALS_FILE = "credentials.json";
+var API_KEY_FILE = "api-key.json";
 var DEFAULT_AUTH0_PRODUCTION_DOMAIN = "login.muggle-ai.com";
 var DEFAULT_AUTH0_PRODUCTION_CLIENT_ID = "UgG5UjoyLksxMciWWKqVpwfWrJ4rFvtT";
 var DEFAULT_AUTH0_PRODUCTION_AUDIENCE = "https://muggleai.us.auth0.com/api/v2/";
@@ -239,10 +239,10 @@ function getDefaultAuth0Domain() {
 }
 function getDefaultAuth0ClientId() {
   const runtimeTarget = getPromptServiceRuntimeTarget();
-  if (runtimeTarget === "dev") {
-    return DEFAULT_AUTH0_DEV_CLIENT_ID;
+  if (runtimeTarget === "production") {
+    return DEFAULT_AUTH0_PRODUCTION_CLIENT_ID;
   }
-  return DEFAULT_AUTH0_PRODUCTION_CLIENT_ID;
+  return DEFAULT_AUTH0_DEV_CLIENT_ID;
 }
 function getDefaultAuth0Audience() {
   const runtimeTarget = getPromptServiceRuntimeTarget();
@@ -284,8 +284,8 @@ function buildLocalQaConfig() {
     sessionsDir: path2.join(dataDir, "sessions"),
     projectsDir: path2.join(dataDir, "projects"),
     tempDir: path2.join(dataDir, "temp"),
-    credentialsFilePath: path2.join(dataDir, CREDENTIALS_FILE),
-    authFilePath: path2.join(dataDir, "auth.json"),
+    apiKeyFilePath: path2.join(dataDir, API_KEY_FILE),
+    oauthSessionFilePath: path2.join(dataDir, "oauth-session.json"),
     electronAppPath: resolveElectronAppPathOrNull(),
     webServicePath: resolveWebServicePath(),
     webServicePidFile: path2.join(dataDir, "web-service.pid"),
@@ -610,8 +610,8 @@ var TestResultStatus = /* @__PURE__ */ ((TestResultStatus2) => {
 // packages/mcps/src/mcp/local/services/auth-service.ts
 var DEFAULT_LOGIN_WAIT_TIMEOUT_MS = 12e4;
 var AuthService = class {
-  /** Path to the auth file. */
-  authFilePath;
+  /** Path to the OAuth session file. */
+  oauthSessionFilePath;
   /** Path to the pending device code file. */
   pendingDeviceCodePath;
   /**
@@ -619,9 +619,9 @@ var AuthService = class {
    */
   constructor() {
     const config = getConfig();
-    this.authFilePath = config.localQa.authFilePath;
+    this.oauthSessionFilePath = config.localQa.oauthSessionFilePath;
     this.pendingDeviceCodePath = path2.join(
-      path2.dirname(config.localQa.authFilePath),
+      path2.dirname(config.localQa.oauthSessionFilePath),
       "pending-device-code.json"
     );
   }
@@ -931,11 +931,11 @@ var AuthService = class {
       email,
       userId
     };
-    const dir = path2.dirname(this.authFilePath);
+    const dir = path2.dirname(this.oauthSessionFilePath);
     if (!fs3.existsSync(dir)) {
       fs3.mkdirSync(dir, { recursive: true });
     }
-    fs3.writeFileSync(this.authFilePath, JSON.stringify(storedAuth, null, 2), {
+    fs3.writeFileSync(this.oauthSessionFilePath, JSON.stringify(storedAuth, null, 2), {
       encoding: "utf-8",
       mode: 384
     });
@@ -946,11 +946,11 @@ var AuthService = class {
    */
   loadStoredAuth() {
     const logger14 = getLogger();
-    if (!fs3.existsSync(this.authFilePath)) {
+    if (!fs3.existsSync(this.oauthSessionFilePath)) {
       return null;
     }
     try {
-      const content = fs3.readFileSync(this.authFilePath, "utf-8");
+      const content = fs3.readFileSync(this.oauthSessionFilePath, "utf-8");
       return JSON.parse(content);
     } catch (error) {
       logger14.error("Failed to load stored auth", {
@@ -1034,11 +1034,11 @@ var AuthService = class {
         email: storedAuth.email,
         userId: storedAuth.userId
       };
-      const dir = path2.dirname(this.authFilePath);
+      const dir = path2.dirname(this.oauthSessionFilePath);
       if (!fs3.existsSync(dir)) {
         fs3.mkdirSync(dir, { recursive: true });
       }
-      fs3.writeFileSync(this.authFilePath, JSON.stringify(updatedAuth, null, 2), {
+      fs3.writeFileSync(this.oauthSessionFilePath, JSON.stringify(updatedAuth, null, 2), {
         encoding: "utf-8",
         mode: 384
       });
@@ -1090,12 +1090,12 @@ var AuthService = class {
    */
   logout() {
     const logger14 = getLogger();
-    if (!fs3.existsSync(this.authFilePath)) {
+    if (!fs3.existsSync(this.oauthSessionFilePath)) {
       logger14.debug("No auth to clear");
       return false;
     }
     try {
-      fs3.unlinkSync(this.authFilePath);
+      fs3.unlinkSync(this.oauthSessionFilePath);
       logger14.info("Auth cleared successfully");
       return true;
     } catch (error) {
@@ -2380,9 +2380,9 @@ function listActiveExecutions() {
     status: process2.status
   }));
 }
-var CREDENTIALS_FILE2 = "credentials.json";
-function getCredentialsFilePath() {
-  return path2.join(getDataDir(), CREDENTIALS_FILE2);
+var API_KEY_FILE2 = "api-key.json";
+function getApiKeyFilePath() {
+  return path2.join(getDataDir(), API_KEY_FILE2);
 }
 function ensureDataDir() {
   const dataDir = getDataDir();
@@ -2390,95 +2390,85 @@ function ensureDataDir() {
     fs3.mkdirSync(dataDir, { recursive: true });
   }
 }
-function loadCredentials() {
+function loadApiKeyData() {
   const logger14 = getLogger();
-  const credentialsPath = getCredentialsFilePath();
+  const apiKeyPath = getApiKeyFilePath();
   try {
-    if (!fs3.existsSync(credentialsPath)) {
-      logger14.debug("No credentials file found", { path: credentialsPath });
+    if (!fs3.existsSync(apiKeyPath)) {
+      logger14.debug("No API key file found", { path: apiKeyPath });
       return null;
     }
-    const content = fs3.readFileSync(credentialsPath, "utf-8");
-    const credentials = JSON.parse(content);
-    if (!credentials.accessToken || !credentials.expiresAt) {
-      logger14.warn("Invalid credentials file - missing required fields");
-      return null;
-    }
-    return credentials;
+    const content = fs3.readFileSync(apiKeyPath, "utf-8");
+    const data = JSON.parse(content);
+    return data;
   } catch (error) {
-    logger14.warn("Failed to load credentials", {
+    logger14.warn("Failed to load API key data", {
       error: error instanceof Error ? error.message : String(error)
     });
     return null;
   }
 }
-function saveCredentials(credentials) {
+function saveApiKeyData(data) {
   const logger14 = getLogger();
-  const credentialsPath = getCredentialsFilePath();
+  const apiKeyPath = getApiKeyFilePath();
   try {
     ensureDataDir();
-    const content = JSON.stringify(credentials, null, 2);
-    fs3.writeFileSync(credentialsPath, content, { mode: 384 });
-    logger14.info("Credentials saved", { path: credentialsPath });
+    const content = JSON.stringify(data, null, 2);
+    fs3.writeFileSync(apiKeyPath, content, { mode: 384 });
+    logger14.info("API key saved", { path: apiKeyPath });
   } catch (error) {
-    logger14.error("Failed to save credentials", {
+    logger14.error("Failed to save API key", {
       error: error instanceof Error ? error.message : String(error)
     });
     throw error;
   }
 }
-function deleteCredentials() {
+function deleteApiKeyData() {
   const logger14 = getLogger();
-  const credentialsPath = getCredentialsFilePath();
+  const apiKeyPath = getApiKeyFilePath();
   try {
-    if (fs3.existsSync(credentialsPath)) {
-      fs3.unlinkSync(credentialsPath);
-      logger14.info("Credentials deleted", { path: credentialsPath });
+    if (fs3.existsSync(apiKeyPath)) {
+      fs3.unlinkSync(apiKeyPath);
+      logger14.info("API key deleted", { path: apiKeyPath });
     }
   } catch (error) {
-    logger14.warn("Failed to delete credentials", {
+    logger14.warn("Failed to delete API key", {
       error: error instanceof Error ? error.message : String(error)
     });
   }
 }
-function isCredentialsExpired(credentials) {
-  const expiresAt = new Date(credentials.expiresAt);
-  const now = /* @__PURE__ */ new Date();
-  const bufferMs = 5 * 60 * 1e3;
-  return now.getTime() >= expiresAt.getTime() - bufferMs;
-}
-function getValidCredentials() {
-  const credentials = loadCredentials();
-  if (!credentials) {
+function getValidApiKeyData() {
+  const data = loadApiKeyData();
+  if (!data) {
     return null;
   }
-  if (credentials.apiKey) {
-    return credentials;
+  if (data.apiKey) {
+    return data;
   }
   return null;
 }
 function hasApiKey() {
-  const credentials = loadCredentials();
-  return !!credentials?.apiKey;
+  const data = loadApiKeyData();
+  return !!data?.apiKey;
 }
 function getApiKey() {
-  const credentials = loadCredentials();
-  return credentials?.apiKey ?? null;
+  const data = loadApiKeyData();
+  return data?.apiKey ?? null;
 }
 function saveApiKey(params) {
   const logger14 = getLogger();
-  const credentialsPath = getCredentialsFilePath();
+  const apiKeyPath = getApiKeyFilePath();
   try {
     ensureDataDir();
-    const credentials = {
+    const data = {
       accessToken: "",
       expiresAt: "",
       apiKey: params.apiKey,
       apiKeyId: params.apiKeyId
     };
-    const content = JSON.stringify(credentials, null, 2);
-    fs3.writeFileSync(credentialsPath, content, { mode: 384 });
-    logger14.info("API key saved", { path: credentialsPath });
+    const content = JSON.stringify(data, null, 2);
+    fs3.writeFileSync(apiKeyPath, content, { mode: 384 });
+    logger14.info("API key saved", { path: apiKeyPath });
   } catch (error) {
     logger14.error("Failed to save API key", {
       error: error instanceof Error ? error.message : String(error)
@@ -2486,6 +2476,11 @@ function saveApiKey(params) {
     throw error;
   }
 }
+var loadCredentials = loadApiKeyData;
+var saveCredentials = saveApiKeyData;
+var deleteCredentials = deleteApiKeyData;
+var getValidCredentials = getValidApiKeyData;
+var getCredentialsFilePath = getApiKeyFilePath;
 
 // packages/mcps/src/shared/auth.ts
 var logger4 = getLogger();
@@ -2694,7 +2689,7 @@ async function performLogin(keyName, keyExpiry = "90d", timeoutMs = 12e4) {
         );
         credentials.apiKey = apiKeyResult.key;
         credentials.apiKeyId = apiKeyResult.id;
-        saveCredentials(credentials);
+        saveApiKeyData(credentials);
       }
       return {
         success: true,
@@ -2731,13 +2726,13 @@ async function performLogin(keyName, keyExpiry = "90d", timeoutMs = 12e4) {
 function performLogout() {
   const authService = getAuthService();
   authService.logout();
-  deleteCredentials();
+  deleteApiKeyData();
   logger4.info("[Auth] Logged out successfully");
 }
 function getCallerCredentials() {
-  const credentials = getValidCredentials();
-  if (credentials?.apiKey) {
-    return { apiKey: credentials.apiKey };
+  const apiKeyData = getValidApiKeyData();
+  if (apiKeyData?.apiKey) {
+    return { apiKey: apiKeyData.apiKey };
   }
   const authService = getAuthService();
   const accessToken = authService.getAccessToken();
@@ -2747,9 +2742,9 @@ function getCallerCredentials() {
   return {};
 }
 async function getCallerCredentialsAsync() {
-  const credentials = getValidCredentials();
-  if (credentials?.apiKey) {
-    return { apiKey: credentials.apiKey };
+  const apiKeyData = getValidApiKeyData();
+  if (apiKeyData?.apiKey) {
+    return { apiKey: apiKeyData.apiKey };
   }
   const authService = getAuthService();
   const accessToken = await authService.getValidAccessToken();
@@ -5466,8 +5461,10 @@ __export(src_exports, {
   calculateFileChecksum: () => calculateFileChecksum,
   createApiKeyWithToken: () => createApiKeyWithToken,
   createChildLogger: () => createChildLogger,
+  deleteApiKeyData: () => deleteApiKeyData,
   deleteCredentials: () => deleteCredentials,
   getApiKey: () => getApiKey,
+  getApiKeyFilePath: () => getApiKeyFilePath,
   getAuthService: () => getAuthService,
   getBundledElectronAppVersion: () => getBundledElectronAppVersion,
   getCallerCredentials: () => getCallerCredentials,
@@ -5485,10 +5482,11 @@ __export(src_exports, {
   getLogger: () => getLogger,
   getPlatformKey: () => getPlatformKey,
   getQaTools: () => getQaTools,
+  getValidApiKeyData: () => getValidApiKeyData,
   getValidCredentials: () => getValidCredentials,
   hasApiKey: () => hasApiKey,
-  isCredentialsExpired: () => isCredentialsExpired,
   isElectronAppInstalled: () => isElectronAppInstalled,
+  loadApiKeyData: () => loadApiKeyData,
   loadCredentials: () => loadCredentials,
   localQa: () => local_exports2,
   mcp: () => mcp_exports,
@@ -5500,6 +5498,7 @@ __export(src_exports, {
   resetConfig: () => resetConfig,
   resetLogger: () => resetLogger,
   saveApiKey: () => saveApiKey,
+  saveApiKeyData: () => saveApiKeyData,
   saveCredentials: () => saveCredentials,
   startDeviceCodeFlow: () => startDeviceCodeFlow,
   toolRequiresAuth: () => toolRequiresAuth,
@@ -5893,9 +5892,96 @@ async function startStdioServer(server) {
 }
 var logger7 = getLogger();
 var ELECTRON_APP_DIR2 = "electron-app";
+var CURSOR_SKILLS_DIR = ".cursor";
+var CURSOR_SKILLS_SUBDIR = "skills";
+var MUGGLE_SKILL_PREFIX = "muggle";
+var INSTALL_MANIFEST_FILE = "install-manifest.json";
 function getElectronAppBaseDir() {
   return path2.join(getDataDir2(), ELECTRON_APP_DIR2);
 }
+function getCursorSkillsDir() {
+  return path2.join(homedir(), CURSOR_SKILLS_DIR, CURSOR_SKILLS_SUBDIR);
+}
+function getInstallManifestPath() {
+  return path2.join(getDataDir2(), INSTALL_MANIFEST_FILE);
+}
+function readInstallManifest() {
+  const manifestPath = getInstallManifestPath();
+  if (!existsSync(manifestPath)) {
+    return null;
+  }
+  try {
+    const content = readFileSync(manifestPath, "utf-8");
+    const manifest = JSON.parse(content);
+    if (typeof manifest !== "object" || manifest === null || Array.isArray(manifest)) {
+      return null;
+    }
+    return manifest;
+  } catch {
+    return null;
+  }
+}
+function listObsoleteSkills() {
+  const skillsDir = getCursorSkillsDir();
+  const manifest = readInstallManifest();
+  const obsoleteSkills = [];
+  if (!existsSync(skillsDir)) {
+    return obsoleteSkills;
+  }
+  const manifestSkills = new Set(manifest?.skills ?? []);
+  try {
+    const entries = readdirSync(skillsDir, { withFileTypes: true });
+    for (const entry of entries) {
+      if (!entry.isDirectory()) {
+        continue;
+      }
+      if (!entry.name.startsWith(MUGGLE_SKILL_PREFIX)) {
+        continue;
+      }
+      if (manifestSkills.has(entry.name)) {
+        continue;
+      }
+      const skillPath = path2.join(skillsDir, entry.name);
+      const sizeBytes = getDirectorySize(skillPath);
+      obsoleteSkills.push({
+        name: entry.name,
+        path: skillPath,
+        sizeBytes
+      });
+    }
+  } catch (error) {
+    const errorMessage = error instanceof Error ? error.message : String(error);
+    logger7.warn("Failed to list obsolete skills", { error: errorMessage });
+  }
+  return obsoleteSkills;
+}
+function cleanupObsoleteSkills(options = {}) {
+  const { dryRun = false } = options;
+  const obsoleteSkills = listObsoleteSkills();
+  const removed = [];
+  let freedBytes = 0;
+  for (const skill of obsoleteSkills) {
+    if (!dryRun) {
+      try {
+        rmSync(skill.path, { recursive: true, force: true });
+        logger7.info("Removed obsolete skill", {
+          skill: skill.name,
+          freedBytes: skill.sizeBytes
+        });
+      } catch (error) {
+        const errorMessage = error instanceof Error ? error.message : String(error);
+        logger7.error("Failed to remove skill", {
+          skill: skill.name,
+          error: errorMessage
+        });
+        continue;
+      }
+    }
+    removed.push(skill);
+    freedBytes += skill.sizeBytes;
+  }
+  return { removed, freedBytes };
+}
 function getDirectorySize(dirPath) {
   let totalSize = 0;
   try {
@@ -6028,51 +6114,78 @@ async function versionsCommand() {
   console.log("");
 }
 async function cleanupCommand(options) {
+  let totalFreedBytes = 0;
+  let totalRemovedCount = 0;
   console.log("\nElectron App Cleanup");
   console.log("====================\n");
   const versions = listInstalledVersions();
   if (versions.length === 0) {
     console.log("No versions installed. Nothing to clean up.\n");
-    return;
-  }
-  if (versions.length === 1) {
+  } else if (versions.length === 1) {
     console.log("Only the current version is installed. Nothing to clean up.\n");
-    return;
-  }
-  const currentVersion = versions.find((v) => v.isCurrent);
-  const oldVersions = versions.filter((v) => !v.isCurrent);
-  console.log(`Current version: v${currentVersion?.version || "unknown"}`);
-  console.log(`Old versions: ${oldVersions.length}`);
-  console.log("");
-  if (options.dryRun) {
-    console.log("Dry run - showing what would be deleted:\n");
-  }
-  const result = cleanupOldVersions(options);
-  if (result.removed.length === 0) {
-    if (options.all) {
-      console.log("No old versions to remove.\n");
+  } else {
+    const currentVersion = versions.find((v) => v.isCurrent);
+    const oldVersions = versions.filter((v) => !v.isCurrent);
+    console.log(`Current version: v${currentVersion?.version ?? "unknown"}`);
+    console.log(`Old versions: ${oldVersions.length}`);
+    console.log("");
+    if (options.dryRun) {
+      console.log("Dry run - showing what would be deleted:\n");
+    }
+    const result = cleanupOldVersions(options);
+    if (result.removed.length === 0) {
+      if (options.all) {
+        console.log("No old versions to remove.\n");
+      } else {
+        console.log("Keeping one previous version for rollback.");
+        console.log("Use --all to remove all old versions.\n");
+      }
     } else {
-      console.log("Keeping one previous version for rollback.");
-      console.log("Use --all to remove all old versions.\n");
+      console.log(options.dryRun ? "Would remove:" : "Removed:");
+      for (const version of result.removed) {
+        console.log(`  v${version.version} (${formatBytes(version.sizeBytes)})`);
+      }
+      totalFreedBytes += result.freedBytes;
+      totalRemovedCount += result.removed.length;
+      console.log("");
     }
-    return;
   }
-  console.log(options.dryRun ? "Would remove:" : "Removed:");
-  for (const version of result.removed) {
-    console.log(`  v${version.version} (${formatBytes(version.sizeBytes)})`);
+  if (options.skills) {
+    console.log("Skills Cleanup");
+    console.log("==============\n");
+    const obsoleteSkills = listObsoleteSkills();
+    if (obsoleteSkills.length === 0) {
+      console.log("No obsolete skills found. Nothing to clean up.\n");
+    } else {
+      console.log(`Found ${obsoleteSkills.length} obsolete skill(s):
+`);
+      if (options.dryRun) {
+        console.log("Dry run - showing what would be deleted:\n");
+      }
+      const skillResult = cleanupObsoleteSkills({ dryRun: options.dryRun });
+      console.log(options.dryRun ? "Would remove:" : "Removed:");
+      for (const skill of skillResult.removed) {
+        console.log(`  ${skill.name} (${formatBytes(skill.sizeBytes)})`);
+      }
+      totalFreedBytes += skillResult.freedBytes;
+      totalRemovedCount += skillResult.removed.length;
+      console.log("");
+    }
   }
-  console.log("");
-  console.log(
-    `${options.dryRun ? "Would free" : "Freed"}: ${formatBytes(result.freedBytes)}`
-  );
-  console.log("");
-  if (options.dryRun) {
-    console.log("Run without --dry-run to actually delete.\n");
+  if (totalRemovedCount > 0) {
+    console.log(
+      `${options.dryRun ? "Would free" : "Freed"}: ${formatBytes(totalFreedBytes)} total`
+    );
+    console.log("");
+    if (options.dryRun) {
+      console.log("Run without --dry-run to actually delete.\n");
+    }
   }
   logger7.info("Cleanup completed", {
-    removed: result.removed.length,
-    freedBytes: result.freedBytes,
-    dryRun: options.dryRun
+    removed: totalRemovedCount,
+    freedBytes: totalFreedBytes,
+    dryRun: options.dryRun,
+    includeSkills: options.skills
   });
 }
 var logger8 = getLogger();
@@ -6423,6 +6536,7 @@ function getHelpGuidance() {
     `    ${cmd("muggle versions")}         List installed Electron app versions`,
     `    ${cmd("muggle cleanup")}          Remove old Electron app versions`,
     `    ${cmd("muggle cleanup --all")}    Remove all old versions`,
+    `    ${cmd("muggle cleanup --skills")} Also remove obsolete skills`,
     "",
     `  ${colorize("Help:", COLORS.bold)}`,
     `    ${cmd("muggle help")}             Show this guide`,
@@ -6438,7 +6552,7 @@ function getHelpGuidance() {
     `    2. ${colorize("Log in", COLORS.bold)} with your Muggle AI account`,
     `    3. ${colorize("The tool call continues", COLORS.bold)} with your credentials`,
     "",
-    `  Credentials are stored in ${path12("~/.muggle-ai/credentials.json")}`,
+    `  API keys are stored in ${path12("~/.muggle-ai/api-key.json")}`,
     "",
     header("Available MCP Tools"),
     "",
@@ -6455,7 +6569,7 @@ function getHelpGuidance() {
     "",
     `  All data is stored in ${path12("~/.muggle-ai/")}:`,
     "",
-    `    ${path12("credentials.json")}    Auth credentials (auto-generated)`,
+    `    ${path12("api-key.json")}         Long-lived API key (auto-generated)`,
     `    ${path12("projects/")}            Local test projects`,
     `    ${path12("sessions/")}            Test execution sessions`,
     `    ${path12("electron-app/")}        Downloaded Electron app binaries`,
@@ -7143,7 +7257,7 @@ function createProgram() {
   program.command("setup").description("Download/update the Electron app for local testing").option("--force", "Force re-download even if already installed").action(setupCommand);
   program.command("upgrade").description("Check for and install the latest electron-app version").option("--force", "Force re-download even if already on latest").option("--check", "Check for updates only, don't download").option("--version <version>", "Download a specific version (e.g., 1.0.2)").action(upgradeCommand);
   program.command("versions").description("List installed electron-app versions").action(versionsCommand);
-  program.command("cleanup").description("Remove old electron-app versions to free disk space").option("--all", "Remove all old versions (default: keep one previous)").option("--dry-run", "Show what would be deleted without deleting").action(cleanupCommand);
+  program.command("cleanup").description("Remove old electron-app versions and obsolete skills").option("--all", "Remove all old versions (default: keep one previous)").option("--dry-run", "Show what would be deleted without deleting").option("--skills", "Also clean up obsolete skills from ~/.cursor/skills").action(cleanupCommand);
   program.command("doctor").description("Diagnose installation and configuration issues").action(doctorCommand);
   program.command("login").description("Authenticate with Muggle AI (uses device code flow)").option("--key-name <name>", "Name for the API key").option("--key-expiry <expiry>", "API key expiry: 30d, 90d, 1y, never", "90d").action(loginCommand);
   program.command("logout").description("Clear stored credentials").action(logoutCommand);

package/dist/cli.js

@@ -1,5 +1,5 @@
 #!/usr/bin/env node
-import { runCli } from './chunk-BQZQDOXI.js';
+import { runCli } from './chunk-CXTJOYWM.js';
 
 // src/cli/main.ts
 runCli().catch((error) => {

package/dist/index.js

@@ -1 +1 @@
-export { src_exports2 as commands, createChildLogger, createUnifiedMcpServer, getConfig, getLocalQaTools, getLogger, getQaTools, local_exports as localQa, mcp_exports as mcp, qa_exports as qa, server_exports as server, src_exports as shared } from './chunk-BQZQDOXI.js';
+export { src_exports2 as commands, createChildLogger, createUnifiedMcpServer, getConfig, getLocalQaTools, getLogger, getQaTools, local_exports as localQa, mcp_exports as mcp, qa_exports as qa, server_exports as server, src_exports as shared } from './chunk-CXTJOYWM.js';

package/dist/plugin/.claude-plugin/plugin.json

@@ -1,7 +1,7 @@
 {
   "name": "muggle",
   "description": "Run real-browser QA tests on your web app from any AI coding agent. Generate test scripts from plain English, replay them on localhost, capture screenshots, and validate user flows like signup, checkout, and dashboards. Works across Claude Code, Cursor, Codex, and Windsurf.",
-  "version": "4.0.3",
+  "version": "4.2.0",
   "author": {
     "name": "Muggle AI",
     "email": "support@muggle-ai.com"

package/dist/plugin/.cursor-plugin/plugin.json

@@ -2,7 +2,7 @@
   "name": "muggle",
   "displayName": "Muggle AI",
   "description": "Ship quality products with AI-powered QA that validates your app's user experience — from Claude Code and Cursor to PR.",
-  "version": "4.0.3",
+  "version": "4.2.0",
   "author": {
     "name": "Muggle AI",
     "email": "support@muggle-ai.com"

package/package.json

@@ -1,7 +1,7 @@
 {
     "name": "@muggleai/works",
     "mcpName": "io.github.multiplex-ai/muggle",
-    "version": "4.0.3",
+    "version": "4.2.0",
     "description": "Ship quality products with AI-powered QA that validates your app's user experience — from Claude Code and Cursor to PR.",
     "type": "module",
     "main": "dist/index.js",

package/plugin/.claude-plugin/plugin.json

@@ -1,7 +1,7 @@
 {
   "name": "muggle",
   "description": "Run real-browser QA tests on your web app from any AI coding agent. Generate test scripts from plain English, replay them on localhost, capture screenshots, and validate user flows like signup, checkout, and dashboards. Works across Claude Code, Cursor, Codex, and Windsurf.",
-  "version": "4.0.3",
+  "version": "4.2.0",
   "author": {
     "name": "Muggle AI",
     "email": "support@muggle-ai.com"

package/plugin/.cursor-plugin/plugin.json

@@ -2,7 +2,7 @@
   "name": "muggle",
   "displayName": "Muggle AI",
   "description": "Ship quality products with AI-powered QA that validates your app's user experience — from Claude Code and Cursor to PR.",
-  "version": "4.0.3",
+  "version": "4.2.0",
   "author": {
     "name": "Muggle AI",
     "email": "support@muggle-ai.com"

package/scripts/postinstall.mjs

@@ -28,6 +28,7 @@ import { fileURLToPath } from "url";
 const require = createRequire(import.meta.url);
 const VERSION_DIRECTORY_NAME_PATTERN = /^\d+\.\d+\.\d+(?:[-+][A-Za-z0-9.-]+)?$/;
 const INSTALL_METADATA_FILE_NAME = ".install-metadata.json";
+const INSTALL_MANIFEST_FILE_NAME = "install-manifest.json";
 const LOG_FILE_NAME = "postinstall.log";
 const VERSION_OVERRIDE_FILE_NAME = "electron-app-version-override.json";
 const CURSOR_SKILLS_DIRECTORY_NAME = ".cursor";
@@ -124,11 +125,101 @@ function getPackageRootDir() {
     return join(dirname(fileURLToPath(import.meta.url)), "..");
 }
 
+/**
+ * Get the path to the install manifest file.
+ * The manifest tracks what content was installed by this package,
+ * enabling cleanup of obsolete content when items are renamed or removed.
+ * @returns {string} Path to ~/.muggle-ai/install-manifest.json
+ */
+function getInstallManifestPath() {
+    return join(getDataDir(), INSTALL_MANIFEST_FILE_NAME);
+}
+
+/**
+ * Read the install manifest from disk.
+ * @returns {{ packageVersion?: string, skills?: string[], installedAt?: string } | null}
+ */
+function readInstallManifest() {
+    const manifestPath = getInstallManifestPath();
+
+    if (!existsSync(manifestPath)) {
+        return null;
+    }
+
+    try {
+        const content = readFileSync(manifestPath, "utf-8");
+        const manifest = JSON.parse(content);
+
+        if (typeof manifest !== "object" || manifest === null || Array.isArray(manifest)) {
+            return null;
+        }
+
+        return manifest;
+    } catch {
+        return null;
+    }
+}
+
+/**
+ * Write the install manifest to disk.
+ * @param {object} params - Manifest fields
+ * @param {string} params.packageVersion - The package version being installed
+ * @param {string[]} params.skills - List of skill directory names installed
+ */
+function writeInstallManifest({ packageVersion, skills }) {
+    const manifestPath = getInstallManifestPath();
+    const manifest = {
+        packageVersion: packageVersion,
+        skills: skills,
+        installedAt: new Date().toISOString(),
+    };
+
+    mkdirSync(dirname(manifestPath), { recursive: true });
+    writeFileSync(manifestPath, `${JSON.stringify(manifest, null, 2)}\n`, "utf-8");
+}
+
+/**
+ * Remove obsolete skills that were installed by a previous version but are no longer present.
+ * @param {object} params - Cleanup parameters
+ * @param {string[]} params.previousSkills - Skills from the previous manifest
+ * @param {string[]} params.currentSkills - Skills being installed now
+ * @param {string} params.cursorSkillsDirectoryPath - Path to ~/.cursor/skills
+ */
+function cleanupObsoleteSkills({ previousSkills, currentSkills, cursorSkillsDirectoryPath }) {
+    const currentSkillSet = new Set(currentSkills);
+    const obsoleteSkills = previousSkills.filter((skill) => !currentSkillSet.has(skill));
+
+    if (obsoleteSkills.length === 0) {
+        return;
+    }
+
+    for (const skillName of obsoleteSkills) {
+        const skillPath = join(cursorSkillsDirectoryPath, skillName);
+
+        if (!existsSync(skillPath)) {
+            continue;
+        }
+
+        try {
+            rmSync(skillPath, { recursive: true, force: true });
+            log(`Removed obsolete skill: ${skillName}`);
+        } catch (error) {
+            logError(`Failed to remove obsolete skill ${skillName}: ${error.message}`);
+        }
+    }
+
+    log(`Cleaned up ${obsoleteSkills.length} obsolete skill(s)`);
+}
+
 /**
  * Sync packaged muggle skills into Cursor user skills.
  * This enables npm installs to refresh locally available `muggle-*` skills.
+ * Also cleans up obsolete skills that were removed or renamed in the package.
  */
 function syncCursorSkills() {
+    const packageJson = require("../package.json");
+    const packageVersion = packageJson.version;
+
     const sourceSkillsDirectoryPath = join(getPackageRootDir(), "plugin", "skills");
     if (!existsSync(sourceSkillsDirectoryPath)) {
         log("Cursor skill sync skipped: packaged plugin skills directory not found.");
@@ -143,7 +234,7 @@ function syncCursorSkills() {
     mkdirSync(cursorSkillsDirectoryPath, { recursive: true });
 
     const skillEntries = readdirSync(sourceSkillsDirectoryPath, { withFileTypes: true });
-    let syncedSkillCount = 0;
+    const installedSkills = [];
 
     for (const skillEntry of skillEntries) {
         if (!skillEntry.isDirectory()) {
@@ -163,10 +254,26 @@ function syncCursorSkills() {
         const targetSkillDirectoryPath = join(cursorSkillsDirectoryPath, skillEntry.name);
         rmSync(targetSkillDirectoryPath, { recursive: true, force: true });
         cpSync(sourceSkillDirectoryPath, targetSkillDirectoryPath, { recursive: true });
-        syncedSkillCount += 1;
+        installedSkills.push(skillEntry.name);
+    }
+
+    log(`Synced ${installedSkills.length} muggle skill(s) to ${cursorSkillsDirectoryPath}`);
+
+    // Clean up obsolete skills from previous installation
+    const previousManifest = readInstallManifest();
+    if (previousManifest && Array.isArray(previousManifest.skills)) {
+        cleanupObsoleteSkills({
+            previousSkills: previousManifest.skills,
+            currentSkills: installedSkills,
+            cursorSkillsDirectoryPath: cursorSkillsDirectoryPath,
+        });
     }
 
-    log(`Synced ${syncedSkillCount} muggle skill(s) to ${cursorSkillsDirectoryPath}`);
+    // Write updated manifest
+    writeInstallManifest({
+        packageVersion: packageVersion,
+        skills: installedSkills,
+    });
 }
 
 /**