@phren/cli 0.0.11 → 0.0.13

package/mcp/dist/data-access.js

@@ -2,38 +2,17 @@ import * as fs from "fs";
 import * as path from "path";
 import * as yaml from "js-yaml";
 import { phrenErr, PhrenError, phrenOk, forwardErr, getProjectDirs, isRecord, } from "./shared.js";
-import { normalizeQueueEntryText, withFileLock as withFileLockRaw, } from "./shared-governance.js";
+import { normalizeQueueEntryText, } from "./shared-governance.js";
 import { addFindingToFile, } from "./shared-content.js";
-import { isValidProjectName, queueFilePath, safeProjectPath, errorMessage } from "./utils.js";
+import { isValidProjectName, queueFilePath, safeProjectPath } from "./utils.js";
 import { parseCitationComment, parseSourceComment, } from "./content-citation.js";
 import { parseFindingLifecycle, } from "./finding-lifecycle.js";
-import { METADATA_REGEX, isCitationLine, isArchiveStart, isArchiveEnd, parseFindingId, parseAllContradictions, stripComments, } from "./content-metadata.js";
+import { METADATA_REGEX, isCitationLine, isArchiveStart, isArchiveEnd, parseFindingId, parseAllContradictions, stripComments, normalizeFindingText, } from "./content-metadata.js";
+import { withSafeLock, ensureProject } from "./shared-data-utils.js";
 export { readTasks, readTasksAcrossProjects, resolveTaskItem, addTask, addTasks, completeTasks, completeTask, removeTask, removeTasks, updateTask, linkTaskIssue, pinTask, unpinTask, workNextTask, tidyDoneTasks, taskMarkdown, appendChildFinding, promoteTask, TASKS_FILENAME, TASK_FILE_ALIASES, canonicalTaskFilePath, resolveTaskFilePath, isTaskFileName, } from "./data-tasks.js";
 export { addProjectToProfile, listMachines, listProfiles, listProjectCards, removeProjectFromProfile, setMachineProfile, } from "./profile-store.js";
-export { loadShellState, readRuntimeHealth, resetShellState, saveShellState, } from "./shell-state-store.js";
-function withSafeLock(filePath, fn) {
-    try {
-        return withFileLockRaw(filePath, fn);
-    }
-    catch (err) {
-        const msg = errorMessage(err);
-        if (msg.includes("could not acquire lock")) {
-            return phrenErr(`Could not acquire write lock for "${path.basename(filePath)}". Another write may be in progress; please retry.`, PhrenError.LOCK_TIMEOUT);
-        }
-        throw err;
-    }
-}
-function ensureProject(phrenPath, project) {
-    if (!isValidProjectName(project))
-        return phrenErr(`Project name "${project}" is not valid. Use lowercase letters, numbers, and hyphens (e.g. "my-project").`, PhrenError.INVALID_PROJECT_NAME);
-    const dir = safeProjectPath(phrenPath, project);
-    if (!dir)
-        return phrenErr(`Project name "${project}" is not valid. Use lowercase letters, numbers, and hyphens (e.g. "my-project").`, PhrenError.INVALID_PROJECT_NAME);
-    if (!fs.existsSync(dir)) {
-        return phrenErr(`No project "${project}" found. Add it with 'cd ~/your-project && phren add'.`, PhrenError.PROJECT_NOT_FOUND);
-    }
-    return phrenOk(dir);
-}
+export { loadShellState, resetShellState, saveShellState, } from "./shell-state-store.js";
+export { getRuntimeHealth as readRuntimeHealth } from "./shared-governance.js";
 function extractDateHeading(line) {
     const heading = line.match(/^##\s+(.+)$/);
     if (!heading)
@@ -79,8 +58,8 @@ function findMatchingFindingBullet(bulletLines, needle, match) {
     const fidMatch = /^[a-z0-9]{8}$/.test(fidNeedle)
         ? bulletLines.filter(({ line }) => new RegExp(`<!--\\s*fid:${fidNeedle}\\s*-->`).test(line))
         : [];
-    const exactMatches = bulletLines.filter(({ line }) => line.replace(/^-\s+/, "").replace(/<!--.*?-->/g, "").trim().toLowerCase() === needle);
-    const partialMatches = bulletLines.filter(({ line }) => line.toLowerCase().includes(needle));
+    const exactMatches = bulletLines.filter(({ line }) => normalizeFindingText(line) === needle);
+    const partialMatches = bulletLines.filter(({ line }) => normalizeFindingText(line).includes(needle));
     if (fidMatch.length === 1)
         return { kind: "found", idx: fidMatch[0].i };
     if (exactMatches.length === 1)
@@ -276,7 +255,7 @@ export function removeFinding(phrenPath, project, match) {
         return phrenErr(`No FINDINGS.md file found for "${project}". Add a finding first with add_finding or :find add.`, PhrenError.FILE_NOT_FOUND);
     return withSafeLock(filePath, () => {
         const lines = fs.readFileSync(filePath, "utf8").split("\n");
-        const needle = match.trim().toLowerCase();
+        const needle = normalizeFindingText(match);
         const bulletLines = collectFindingBulletLines(lines);
         const activeMatch = findMatchingFindingBullet(bulletLines.filter(({ archived }) => !archived), needle, match);
         if (activeMatch.kind === "ambiguous") {
@@ -313,7 +292,7 @@ export function editFinding(phrenPath, project, oldText, newText) {
         return phrenErr(`No FINDINGS.md file found for "${project}".`, PhrenError.FILE_NOT_FOUND);
     return withSafeLock(findingsPath, () => {
         const lines = fs.readFileSync(findingsPath, "utf8").split("\n");
-        const needle = oldText.trim().toLowerCase();
+        const needle = normalizeFindingText(oldText);
         const bulletLines = collectFindingBulletLines(lines);
         const activeMatch = findMatchingFindingBullet(bulletLines.filter(({ archived }) => !archived), needle, oldText);
         if (activeMatch.kind === "ambiguous") {

package/mcp/dist/data-tasks.js

@@ -2,21 +2,9 @@ import * as fs from "fs";
 import * as path from "path";
 import { randomBytes, randomUUID } from "crypto";
 import { phrenErr, PhrenError, phrenOk, forwardErr, getProjectDirs, } from "./shared.js";
-import { withFileLock as withFileLockRaw } from "./shared-governance.js";
 import { validateTaskFormat } from "./shared-content.js";
-import { isValidProjectName, safeProjectPath, errorMessage } from "./utils.js";
-function withSafeLock(filePath, fn) {
-    try {
-        return withFileLockRaw(filePath, fn);
-    }
-    catch (err) {
-        const msg = errorMessage(err);
-        if (msg.includes("could not acquire lock")) {
-            return phrenErr(`Could not acquire write lock for "${path.basename(filePath)}". Another write may be in progress; please retry.`, PhrenError.LOCK_TIMEOUT);
-        }
-        throw err;
-    }
-}
+import { safeProjectPath } from "./utils.js";
+import { withSafeLock, ensureProject } from "./shared-data-utils.js";
 const ACTIVE_HEADINGS = new Set(["active", "in progress", "in-progress", "current", "wip"]);
 const QUEUE_HEADINGS = new Set(["queue", "queued", "task", "todo", "upcoming", "next"]);
 const DONE_HEADINGS = new Set(["done", "completed", "finished", "archived"]);
@@ -108,17 +96,6 @@ function parseContinuation(lines, idx) {
     }
     return { context, githubIssue, githubUrl, linesToSkip };
 }
-function ensureProject(phrenPath, project) {
-    if (!isValidProjectName(project))
-        return phrenErr(`Project name "${project}" is not valid. Use lowercase letters, numbers, and hyphens (e.g. "my-project").`, PhrenError.INVALID_PROJECT_NAME);
-    const dir = safeProjectPath(phrenPath, project);
-    if (!dir)
-        return phrenErr(`Project name "${project}" is not valid. Use lowercase letters, numbers, and hyphens (e.g. "my-project").`, PhrenError.INVALID_PROJECT_NAME);
-    if (!fs.existsSync(dir)) {
-        return phrenErr(`No project "${project}" found. Add it with 'cd ~/your-project && phren add'.`, PhrenError.PROJECT_NOT_FOUND);
-    }
-    return phrenOk(dir);
-}
 /** Pattern that matches the task metadata comment embedded in task item lines.
  *  Format: <!-- bid:HASH [rank:N] [lastActivity:ISO] -->
  */
@@ -808,7 +785,9 @@ export function tidyDoneTasks(phrenPath, project, keep = 30, dryRun) {
         const lines = archived.map((item) => `- [x] ${item.line}${item.context ? `\n  Context: ${item.context}` : ""}`);
         const block = `## ${stamp}\n\n${lines.join("\n")}\n\n`;
         const prior = fs.existsSync(archiveFile) ? fs.readFileSync(archiveFile, "utf8") : `# ${project} tasks archive\n\n`;
-        fs.writeFileSync(archiveFile, prior + block);
+        const tmpPath = `${archiveFile}.tmp-${randomUUID()}`;
+        fs.writeFileSync(tmpPath, prior + block);
+        fs.renameSync(tmpPath, archiveFile);
         writeTaskDoc(parsed.data);
         return phrenOk(`Tidied ${project}: archived ${archived.length} done item(s), kept ${safeKeep}.`);
     });

package/mcp/dist/embedding.js

@@ -340,5 +340,4 @@ export function cosineSimilarity(a, b) {
     const denom = Math.sqrt(normA) * Math.sqrt(normB);
     return denom === 0 ? 0 : dot / denom;
 }
-// Export helpers for testing
 export { encodeEmbedding, decodeEmbedding, openCacheDb };

package/mcp/dist/entrypoint.js

@@ -9,6 +9,7 @@ const HELP_TEXT = `phren - persistent knowledge for your agents
 
   phren                     Interactive shell
   phren init                Set up phren
+  phren quickstart          Quick setup: init + project scaffold
   phren add [path]          Register a project
   phren search <query>      Search what phren knows
   phren status              Health check
@@ -36,6 +37,8 @@ const HELP_TOPICS = {
   phren skills resolve <project|global>   Print resolved skill manifest
   phren skills doctor <project|global>    Diagnose skill visibility
   phren skills sync <project|global>      Regenerate skill mirror
+  phren skills enable <project|global> <name>  Enable a disabled skill
+  phren skills disable <project|global> <name> Disable a skill without deleting
   phren skills remove <project> <name>    Remove a skill
   phren detect-skills [--import]          Find untracked skills in ~/.claude/skills/
 `,
@@ -109,6 +112,7 @@ function buildFullHelp() {
 Usage:
   phren                     Interactive shell
   phren init                Set up phren
+  phren quickstart          Quick setup: init + project scaffold
   phren add [path]          Register a project
   phren search <query>      Search what phren knows
   phren status              Health check

package/mcp/dist/finding-impact.js

@@ -2,19 +2,11 @@ import * as crypto from "crypto";
 import * as fs from "fs";
 import { impactLogFile } from "./shared.js";
 import { withFileLock } from "./shared-governance.js";
+import { normalizeFindingText } from "./content-metadata.js";
 let highImpactCache = null;
 function nowIso() {
     return new Date().toISOString();
 }
-function normalizeFindingText(raw) {
-    return raw
-        .replace(/^-\s+/, "")
-        .replace(/<!--.*?-->/g, " ")
-        .replace(/\[confidence\s+[01](?:\.\d+)?\]/gi, " ")
-        .replace(/\s+/g, " ")
-        .trim()
-        .toLowerCase();
-}
 export function findingIdFromLine(line) {
     const fid = line.match(/<!--\s*fid:([a-z0-9]{8})\s*-->/i);
     if (fid?.[1])
@@ -144,29 +136,6 @@ export function getHighImpactFindings(phrenPath, minSurfaceCount = 3) {
     };
     return new Set(ids);
 }
-export function getImpactSurfaceCounts(phrenPath, minSurfaces = 1) {
-    const file = impactLogFile(phrenPath);
-    if (!fs.existsSync(file))
-        return new Map();
-    const lines = fs.readFileSync(file, "utf8").split("\n").filter(Boolean);
-    const counts = new Map();
-    for (const line of lines) {
-        try {
-            const entry = JSON.parse(line);
-            if (entry.findingId) {
-                counts.set(entry.findingId, (counts.get(entry.findingId) ?? 0) + 1);
-            }
-        }
-        catch { }
-    }
-    // Filter by minimum
-    const filtered = new Map();
-    for (const [id, count] of counts) {
-        if (count >= minSurfaces)
-            filtered.set(id, count);
-    }
-    return filtered;
-}
 export function markImpactEntriesCompletedForSession(phrenPath, sessionId, project) {
     if (!sessionId)
         return 0;

package/mcp/dist/finding-journal.js

@@ -105,7 +105,7 @@ export function compactFindingJournals(phrenPath, project) {
                     result.failed += 1;
                     continue;
                 }
-                if (typeof write.data === "string" && write.data.includes("Skipped duplicate"))
+                if (write.data.status === "skipped")
                     result.skipped += 1;
                 else
                     result.added += 1;

package/mcp/dist/finding-lifecycle.js

@@ -3,9 +3,9 @@ import * as path from "path";
 import { PhrenError, phrenErr, phrenOk } from "./phren-core.js";
 // Phren lifecycle comment prefix. No backward compat.
 const LIFECYCLE_PREFIX = "phren";
-import { withFileLock } from "./governance-locks.js";
+import { withFileLock } from "./shared-governance.js";
 import { isValidProjectName, safeProjectPath } from "./utils.js";
-import { isArchiveEnd, isArchiveStart, parseCreatedDate as parseCreatedDateMeta, parseStatusField, parseStatus, parseSupersession, parseContradiction, parseFindingId as parseFindingIdMeta, stripLifecycleMetadata, stripRelationMetadata, } from "./content-metadata.js";
+import { isArchiveEnd, isArchiveStart, parseCreatedDate as parseCreatedDateMeta, parseStatusField, parseStatus, parseSupersession, parseContradiction, parseFindingId as parseFindingIdMeta, stripLifecycleMetadata, stripRelationMetadata, normalizeFindingText, } from "./content-metadata.js";
 export const FINDING_TYPE_DECAY = {
     'pattern': { maxAgeDays: 365, decayMultiplier: 1.0 }, // Slow decay, long-lived
     'decision': { maxAgeDays: Infinity, decayMultiplier: 1.0 }, // Never decays
@@ -101,11 +101,6 @@ function findingTextFromLine(line) {
         .replace(/<!--.*?-->/g, "")
         .trim();
 }
-function normalizeFindingText(value) {
-    return findingTextFromLine(value)
-        .replace(/\s+/g, " ")
-        .toLowerCase();
-}
 function removeRelationComments(line) {
     return stripRelationMetadata(line);
 }

package/mcp/dist/governance-locks.js

@@ -100,3 +100,9 @@ export function withFileLock(filePath, fn) {
     releaseFileLock(lockPath);
     return result;
 }
+export function isFiniteNumber(value) {
+    return typeof value === "number" && Number.isFinite(value);
+}
+export function hasValidSchemaVersion(data) {
+    return !("schemaVersion" in data) || typeof data.schemaVersion === "number";
+}

package/mcp/dist/governance-policy.js

@@ -2,7 +2,7 @@ import * as crypto from "crypto";
 import * as fs from "fs";
 import * as path from "path";
 import { appendAuditLog, debugLog, getProjectDirs, isRecord, runtimeHealthFile, withDefaults, phrenErr, PhrenError, phrenOk, resolveFindingsPath } from "./shared.js";
-import { withFileLock } from "./governance-locks.js";
+import { withFileLock, isFiniteNumber, hasValidSchemaVersion } from "./shared-governance.js";
 import { errorMessage, isValidProjectName, safeProjectPath } from "./utils.js";
 import { readProjectConfig } from "./project-config.js";
 import { runCustomHooks } from "./hooks.js";
@@ -44,15 +44,9 @@ function governanceDir(phrenPath) {
 function govFile(phrenPath, schema) {
     return path.join(governanceDir(phrenPath), GOVERNANCE_REGISTRY[schema].file);
 }
-function hasValidSchemaVersion(data) {
-    return !("schemaVersion" in data) || typeof data.schemaVersion === "number";
-}
 function isStringArray(value) {
     return Array.isArray(value) && value.every((item) => typeof item === "string");
 }
-function isFiniteNumber(value) {
-    return typeof value === "number" && Number.isFinite(value);
-}
 function pickNumber(value, fallback) {
     return isFiniteNumber(value) ? value : fallback;
 }

package/mcp/dist/governance-scores.js

@@ -2,7 +2,7 @@ import * as crypto from "crypto";
 import * as fs from "fs";
 import * as path from "path";
 import { appendAuditLog, debugLog, isRecord, memoryScoresFile, memoryUsageLogFile, runtimeFile } from "./shared.js";
-import { withFileLock } from "./governance-locks.js";
+import { withFileLock, isFiniteNumber, hasValidSchemaVersion } from "./shared-governance.js";
 import { errorMessage } from "./utils.js";
 const GOVERNANCE_SCHEMA_VERSION = 1;
 const DEFAULT_MEMORY_SCORES_FILE = {
@@ -15,12 +15,6 @@ function usageLogFile(phrenPath) {
 function scoresJournalFile(phrenPath) {
     return runtimeFile(phrenPath, "scores.jsonl");
 }
-function hasValidSchemaVersion(data) {
-    return !("schemaVersion" in data) || typeof data.schemaVersion === "number";
-}
-function isFiniteNumber(value) {
-    return typeof value === "number" && Number.isFinite(value);
-}
 function isEntryScore(value) {
     if (!isRecord(value))
         return false;

package/mcp/dist/hooks.js

@@ -268,6 +268,21 @@ const VALID_HOOK_EVENTS = new Set(HOOK_EVENT_VALUES);
 export function getHookTarget(h) {
     return "webhook" in h ? h.webhook : h.command;
 }
+/** Re-validate a command hook at execution time (mirrors mcp-hooks.ts validateHookCommand). */
+function validateCommandAtExecution(command) {
+    const trimmed = command.trim();
+    if (!trimmed)
+        return "Command cannot be empty.";
+    if (trimmed.length > 1000)
+        return "Command too long (max 1000 characters).";
+    if (/[`$(){}&|;<>]/.test(trimmed))
+        return "Command contains disallowed shell characters.";
+    if (/\b(eval|source)\b/.test(trimmed))
+        return "eval and source are not permitted in hook commands.";
+    if (!/^[\w./~"'"]/.test(trimmed))
+        return "Command must begin with an executable name or path.";
+    return null;
+}
 const DEFAULT_CUSTOM_HOOK_TIMEOUT = 5000;
 const HOOK_TIMEOUT_MS = parseInt(process.env.PHREN_HOOK_TIMEOUT_MS || '14000', 10);
 const HOOK_ERROR_LOG_MAX_LINES = 1000;
@@ -342,6 +357,14 @@ export function runCustomHooks(phrenPath, event, env = {}) {
             });
             continue;
         }
+        const cmdErr = validateCommandAtExecution(hook.command);
+        if (cmdErr) {
+            const message = `${event}: skipped hook (re-validation failed): ${cmdErr}`;
+            debugLog(`runCustomHooks: ${message}`);
+            errors.push({ code: PhrenError.VALIDATION_ERROR, message });
+            appendHookErrorLog(phrenPath, event, message);
+            continue;
+        }
         const shellArgs = isWindows ? ["/c", hook.command] : ["-c", hook.command];
         try {
             execFileSync(shellCmd, shellArgs, {

package/mcp/dist/init-config.js

@@ -207,7 +207,7 @@ export function configureClaude(phrenPath, opts = {}) {
                 eventHooks.push({ matcher: "", hooks: [hookBody] });
             }
         };
-        const toolHookEnabled = hooksEnabled && (isFeatureEnabled("PHREN_FEATURE_TOOL_HOOK", false) || isFeatureEnabled("PHREN_FEATURE_TOOL_HOOK", false));
+        const toolHookEnabled = hooksEnabled && isFeatureEnabled("PHREN_FEATURE_TOOL_HOOK", false);
         if (hooksEnabled) {
             upsertPhrenHook("UserPromptSubmit", {
                 type: "command",

package/mcp/dist/init-preferences.js

@@ -6,7 +6,7 @@ import * as path from "path";
 import * as crypto from "crypto";
 import { debugLog, installPreferencesFile } from "./phren-paths.js";
 import { errorMessage } from "./utils.js";
-import { withFileLock } from "./governance-locks.js";
+import { withFileLock } from "./shared-governance.js";
 function preferencesFile(phrenPath) {
     return installPreferencesFile(phrenPath);
 }

package/mcp/dist/init-setup.js

@@ -11,7 +11,7 @@ import { getMachineName } from "./machine-identity.js";
 import { execFileSync } from "child_process";
 import { GOVERNANCE_SCHEMA_VERSION, } from "./shared-governance.js";
 import { STOP_WORDS, errorMessage } from "./utils.js";
-import { ROOT, STARTER_DIR, VERSION, resolveEntryScript } from "./init-shared.js";
+import { ROOT, STARTER_DIR, VERSION, resolveEntryScript, commandVersion, versionAtLeast, nearestWritableTarget } from "./init-shared.js";
 import { readInstallPreferences } from "./init-preferences.js";
 import { TASKS_FILENAME } from "./data-tasks.js";
 import { getProjectOwnershipDefault, parseProjectOwnershipMode, readProjectConfig, writeProjectConfig, } from "./project-config.js";
@@ -311,21 +311,6 @@ export function getVerifyOutcomeNote(phrenPath, checks) {
     }
     return "Some reported issues are optional for your chosen install mode; review git-remote / MCP failures separately from hard failures.";
 }
-function commandVersion(cmd, args = ["--version"]) {
-    const effectiveCmd = process.platform === "win32" && (cmd === "npm" || cmd === "npx") ? `${cmd}.cmd` : cmd;
-    try {
-        return execFileSync(effectiveCmd, args, {
-            encoding: "utf8",
-            stdio: ["ignore", "pipe", "ignore"],
-            shell: process.platform === "win32" && effectiveCmd.endsWith(".cmd"),
-            timeout: EXEC_TIMEOUT_QUICK_MS,
-        }).trim();
-    }
-    catch (err) {
-        debugLog(`commandVersion ${effectiveCmd} failed: ${errorMessage(err)}`);
-        return null;
-    }
-}
 export function getHookEntrypointCheck(deps = {}) {
     const pathExists = deps.pathExists ?? fs.existsSync;
     const versionReader = deps.versionReader ?? commandVersion;
@@ -344,40 +329,6 @@ export function getHookEntrypointCheck(deps = {}) {
         fix: hookEntrypointOk ? undefined : "Rebuild phren: `npm run build` or reinstall the package, and ensure npm/npx is available for hook fallbacks",
     };
 }
-function parseSemverTriple(raw) {
-    const match = raw.match(/(\d+)\.(\d+)\.(\d+)/);
-    if (!match)
-        return null;
-    return [Number.parseInt(match[1], 10), Number.parseInt(match[2], 10), Number.parseInt(match[3], 10)];
-}
-function versionAtLeast(raw, major, minor = 0) {
-    if (!raw)
-        return false;
-    const parsed = parseSemverTriple(raw);
-    if (!parsed)
-        return false;
-    const [m, n] = parsed;
-    if (m !== major)
-        return m > major;
-    return n >= minor;
-}
-function nearestWritableTarget(filePath) {
-    let probe = fs.existsSync(filePath) ? filePath : path.dirname(filePath);
-    while (!fs.existsSync(probe)) {
-        const parent = path.dirname(probe);
-        if (parent === probe)
-            return false;
-        probe = parent;
-    }
-    try {
-        fs.accessSync(probe, fs.constants.W_OK);
-        return true;
-    }
-    catch (err) {
-        debugLog(`nearestWritableTarget failed for ${filePath}: ${errorMessage(err)}`);
-        return false;
-    }
-}
 function gitRemoteStatus(phrenPath) {
     try {
         execFileSync("git", ["-C", phrenPath, "rev-parse", "--is-inside-work-tree"], {

package/mcp/dist/init-shared.js

@@ -2,8 +2,11 @@
  * Shared constants and utilities for init modules.
  * Kept separate to avoid circular dependencies between init-config and init-setup.
  */
+import * as fs from "fs";
 import * as path from "path";
-import { homePath } from "./shared.js";
+import { execFileSync } from "child_process";
+import { homePath, EXEC_TIMEOUT_QUICK_MS, debugLog } from "./shared.js";
+import { errorMessage } from "./utils.js";
 import { ROOT as PACKAGE_ROOT, VERSION } from "./package-metadata.js";
 export const ROOT = PACKAGE_ROOT;
 export { VERSION };
@@ -15,6 +18,55 @@ export function resolveEntryScript() {
 export function log(msg) {
     process.stdout.write(msg + "\n");
 }
+export function commandVersion(cmd, args = ["--version"]) {
+    const effectiveCmd = process.platform === "win32" && (cmd === "npm" || cmd === "npx") ? `${cmd}.cmd` : cmd;
+    try {
+        return execFileSync(effectiveCmd, args, {
+            encoding: "utf8",
+            stdio: ["ignore", "pipe", "ignore"],
+            shell: process.platform === "win32" && effectiveCmd.endsWith(".cmd"),
+            timeout: EXEC_TIMEOUT_QUICK_MS,
+        }).trim();
+    }
+    catch (err) {
+        debugLog(`commandVersion ${effectiveCmd} failed: ${errorMessage(err)}`);
+        return null;
+    }
+}
+export function parseSemverTriple(raw) {
+    const match = raw.match(/(\d+)\.(\d+)\.(\d+)/);
+    if (!match)
+        return null;
+    return [Number.parseInt(match[1], 10), Number.parseInt(match[2], 10), Number.parseInt(match[3], 10)];
+}
+export function versionAtLeast(raw, major, minor = 0) {
+    if (!raw)
+        return false;
+    const parsed = parseSemverTriple(raw);
+    if (!parsed)
+        return false;
+    const [m, n] = parsed;
+    if (m !== major)
+        return m > major;
+    return n >= minor;
+}
+export function nearestWritableTarget(filePath) {
+    let probe = fs.existsSync(filePath) ? filePath : path.dirname(filePath);
+    while (!fs.existsSync(probe)) {
+        const parent = path.dirname(probe);
+        if (parent === probe)
+            return false;
+        probe = parent;
+    }
+    try {
+        fs.accessSync(probe, fs.constants.W_OK);
+        return true;
+    }
+    catch (err) {
+        debugLog(`nearestWritableTarget failed for ${filePath}: ${errorMessage(err)}`);
+        return false;
+    }
+}
 export async function confirmPrompt(message) {
     if (process.env.CI === "true" || !process.stdin.isTTY)
         return true;

package/mcp/dist/init.js

@@ -845,9 +845,11 @@ async function runProjectLocalInit(opts = {}) {
  * Configure MCP for all detected AI coding tools (Claude, VS Code, Cursor, Copilot, Codex).
  * @param verb - label used in log messages, e.g. "Updated" or "Configured"
  */
-function configureMcpTargets(phrenPath, opts, verb) {
+export function configureMcpTargets(phrenPath, opts, verb = "Configured") {
+    let claudeStatus = "no_settings";
     try {
         const status = configureClaude(phrenPath, { mcpEnabled: opts.mcpEnabled, hooksEnabled: opts.hooksEnabled });
+        claudeStatus = status ?? "installed";
         if (status === "disabled" || status === "already_disabled") {
             log(`  ${verb} Claude Code hooks (MCP disabled)`);
         }
@@ -858,31 +860,44 @@ function configureMcpTargets(phrenPath, opts, verb) {
     catch (e) {
         log(`  Could not configure Claude Code settings (${e}), add manually`);
     }
+    let vsStatus = "no_vscode";
     try {
-        const vscodeResult = configureVSCode(phrenPath, { mcpEnabled: opts.mcpEnabled });
-        logMcpTargetStatus("VS Code", vscodeResult, verb);
+        vsStatus = configureVSCode(phrenPath, { mcpEnabled: opts.mcpEnabled }) ?? "no_vscode";
+        logMcpTargetStatus("VS Code", vsStatus, verb);
     }
     catch (err) {
         debugLog(`configureVSCode failed: ${errorMessage(err)}`);
     }
+    let cursorStatus = "no_cursor";
     try {
-        logMcpTargetStatus("Cursor", configureCursorMcp(phrenPath, { mcpEnabled: opts.mcpEnabled }), verb);
+        cursorStatus = configureCursorMcp(phrenPath, { mcpEnabled: opts.mcpEnabled }) ?? "no_cursor";
+        logMcpTargetStatus("Cursor", cursorStatus, verb);
     }
     catch (err) {
         debugLog(`configureCursorMcp failed: ${errorMessage(err)}`);
     }
+    let copilotStatus = "no_copilot";
     try {
-        logMcpTargetStatus("Copilot CLI", configureCopilotMcp(phrenPath, { mcpEnabled: opts.mcpEnabled }), verb);
+        copilotStatus = configureCopilotMcp(phrenPath, { mcpEnabled: opts.mcpEnabled }) ?? "no_copilot";
+        logMcpTargetStatus("Copilot CLI", copilotStatus, verb);
     }
     catch (err) {
         debugLog(`configureCopilotMcp failed: ${errorMessage(err)}`);
     }
+    let codexStatus = "no_codex";
     try {
-        logMcpTargetStatus("Codex", configureCodexMcp(phrenPath, { mcpEnabled: opts.mcpEnabled }), verb);
+        codexStatus = configureCodexMcp(phrenPath, { mcpEnabled: opts.mcpEnabled }) ?? "no_codex";
+        logMcpTargetStatus("Codex", codexStatus, verb);
     }
     catch (err) {
         debugLog(`configureCodexMcp failed: ${errorMessage(err)}`);
     }
+    const allStatuses = [claudeStatus, vsStatus, cursorStatus, copilotStatus, codexStatus];
+    if (allStatuses.some((s) => s === "installed" || s === "already_configured"))
+        return "installed";
+    if (allStatuses.some((s) => s === "disabled" || s === "already_disabled"))
+        return "disabled";
+    return claudeStatus;
 }
 /**
  * Configure hooks if enabled, or log a disabled message.

package/mcp/dist/link-context.js

@@ -38,7 +38,7 @@ function writeContextFile(managedContent) {
         const existing = fs.readFileSync(contextFile, "utf8");
         if (existing.includes("<!-- phren-managed -->")) {
             const startIdx = existing.indexOf("<!-- phren-managed -->");
-            const endIdx = existing.indexOf("<!-- phren-managed -->");
+            const endIdx = existing.indexOf("<!-- phren-managed -->", startIdx + "<!-- phren-managed -->".length);
             const before = startIdx > 0 ? existing.slice(0, startIdx).trimEnd() : "";
             const after = endIdx !== -1 ? existing.slice(endIdx + "<!-- phren-managed -->".length).trimStart() : "";
             const parts = [before, wrapped, after].filter(Boolean);