@phren/cli 0.0.32 → 0.0.34

package/mcp/dist/utils.js

@@ -169,7 +169,7 @@ export const STOP_WORDS = new Set([
 export function extractKeywordEntries(text) {
     const words = text
         .toLowerCase()
-        .replace(/[^\w\s-]/g, " ")
+        .replace(/[^\p{L}\p{N}\s_-]/gu, " ")
         .split(/\s+/)
         .filter(w => w.length > 1 && !STOP_WORDS.has(w));
     // Build bigrams from adjacent non-stop-words
@@ -254,23 +254,27 @@ export function queueFilePath(phrenPath, project) {
     }
     return result;
 }
+const MAX_FTS_QUERY_LENGTH = 500;
 // Sanitize user input before passing it to an FTS5 MATCH expression.
 // Strips FTS5-specific syntax that could cause injection or parse errors.
 export function sanitizeFts5Query(raw) {
     if (!raw)
         return "";
-    if (raw.length > 500)
-        raw = raw.slice(0, 500);
-    // Whitelist approach: only allow alphanumeric, spaces, hyphens, apostrophes, double quotes, asterisks
-    let q = raw.replace(/[^a-zA-Z0-9 \-"*]/g, " ");
-    q = q.replace(/\s+/g, " ");
-    q = q.trim();
+    if (raw.length > MAX_FTS_QUERY_LENGTH)
+        raw = raw.slice(0, MAX_FTS_QUERY_LENGTH);
+    // Whitelist approach: only allow alphanumeric, spaces, hyphens, apostrophes, asterisks
+    let q = raw.replace(/[^\p{L}\p{N} \-"*]/gu, " ");
+    // Strip all double quotes — buildFtsClauses wraps terms in quotes itself,
+    // so user-supplied quotes only risk producing unbalanced FTS5 syntax.
+    q = q.replace(/"/g, "");
     // Q83: see docs/decisions/Q83-fts5-asterisk-validation.md
     q = q.replace(/(?<!\w)\*/g, "");
     // Also strip a trailing asterisk that is preceded only by whitespace at word
     // end of the whole query (handles "foo *" → "foo").
     q = q.replace(/\s+\*$/g, "");
-    return q.trim();
+    // Normalize spaces after all stripping to avoid double spaces from removed characters
+    q = q.replace(/\s+/g, " ").trim();
+    return q;
 }
 function parseSynonymsYaml(filePath) {
     if (!fs.existsSync(filePath))

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@phren/cli",
-  "version": "0.0.32",
+  "version": "0.0.34",
   "description": "Knowledge layer for AI agents. Phren learns and recalls.",
   "type": "module",
   "bin": {

package/mcp/dist/init-dryrun.js

@@ -1,55 +0,0 @@
-/**
- * Dry-run output for init.
- */
-import * as path from "path";
-import { getMachineName } from "./machine-identity.js";
-import { getPendingBootstrapTarget } from "./init-detect.js";
-import { log } from "./init/shared.js";
-export function printDryRun(phrenPath, opts, params) {
-    const { hasExistingInstall, mcpLabel, hooksLabel, hooksEnabled, storageChoice, storageRepoRoot } = params;
-    const pendingBootstrap = getPendingBootstrapTarget(phrenPath, opts);
-    log("\nInit dry run. No files will be written.\n");
-    if (storageChoice) {
-        log(`Storage location: ${storageChoice} (${phrenPath})`);
-        if (storageChoice === "project" && storageRepoRoot) {
-            log(`  Would update ${path.join(storageRepoRoot, ".gitignore")} with .phren/`);
-            log(`  Would set PHREN_PATH in ${path.join(storageRepoRoot, ".env")}`);
-        }
-    }
-    if (hasExistingInstall) {
-        log(`phren install detected at ${phrenPath}`);
-        log(`Would update configuration for the existing install:\n`);
-        log(`  MCP mode: ${mcpLabel}`);
-        log(`  Hooks mode: ${hooksLabel}`);
-        log(`  Reconfigure Claude Code MCP/hooks`);
-        log(`  Reconfigure VS Code, Cursor, Copilot CLI, and Codex MCP targets`);
-        if (hooksEnabled) {
-            log(`  Reconfigure lifecycle hooks for detected tools`);
-        }
-        if (pendingBootstrap?.mode === "detected") {
-            log(`  Would offer to add current project directory (${pendingBootstrap.path})`);
-        }
-        if (opts.applyStarterUpdate) {
-            log(`  Apply starter template updates to global/CLAUDE.md and global skills`);
-        }
-        log(`  Run post-init verification checks`);
-        log(`\nDry run complete.\n`);
-        return;
-    }
-    log(`No existing phren install found at ${phrenPath}`);
-    log(`Would create a new phren install:\n`);
-    log(`  Copy starter files to ${phrenPath} (or create minimal structure)`);
-    log(`  Update machines.yaml for machine "${opts.machine || getMachineName()}"`);
-    log(`  Create/update config files`);
-    log(`  MCP mode: ${mcpLabel}`);
-    log(`  Hooks mode: ${hooksLabel}`);
-    log(`  Configure Claude Code plus detected MCP targets (VS Code/Cursor/Copilot/Codex)`);
-    if (hooksEnabled) {
-        log(`  Configure lifecycle hooks for detected tools`);
-    }
-    if (pendingBootstrap?.mode === "detected") {
-        log(`  Would offer to add current project directory (${pendingBootstrap.path})`);
-    }
-    log(`  Write install preferences and run post-init verification checks`);
-    log(`\nDry run complete.\n`);
-}

package/mcp/dist/init-migrate.js

@@ -1,51 +0,0 @@
-/**
- * Legacy migration helpers for init: directory rename, skill rename.
- */
-import * as fs from "fs";
-import * as path from "path";
-import { homePath } from "./shared.js";
-import { hasInstallMarkers } from "./init-detect.js";
-/**
- * Migrate the legacy hidden store directory into ~/.phren when upgrading
- * from the previous product name.
- * @returns true if migration occurred
- */
-export function migrateLegacyStore(phrenPath, dryRun) {
-    const legacyPath = path.resolve(homePath(".cortex"));
-    if (legacyPath === phrenPath || !fs.existsSync(legacyPath) || !hasInstallMarkers(legacyPath)) {
-        return false;
-    }
-    if (!dryRun) {
-        fs.renameSync(legacyPath, phrenPath);
-    }
-    console.log(`Migrated legacy store → ~/.phren`);
-    return true;
-}
-/**
- * Rename stale legacy skill names left over from the rebrand.
- * Runs on every init so users who already migrated the directory still get the fix.
- */
-export function migrateLegacySkills(phrenPath) {
-    const skillsMigrateDir = path.join(phrenPath, "global", "skills");
-    if (!fs.existsSync(skillsMigrateDir))
-        return;
-    const legacySkillName = "cortex.md";
-    const legacySkillPrefix = "cortex-";
-    for (const entry of fs.readdirSync(skillsMigrateDir)) {
-        if (!entry.endsWith(".md"))
-            continue;
-        if (entry === legacySkillName) {
-            const dest = path.join(skillsMigrateDir, "phren.md");
-            if (!fs.existsSync(dest)) {
-                fs.renameSync(path.join(skillsMigrateDir, entry), dest);
-            }
-        }
-        else if (entry.startsWith(legacySkillPrefix)) {
-            const newName = `phren-${entry.slice(legacySkillPrefix.length)}`;
-            const dest = path.join(skillsMigrateDir, newName);
-            if (!fs.existsSync(dest)) {
-                fs.renameSync(path.join(skillsMigrateDir, entry), dest);
-            }
-        }
-    }
-}

package/mcp/dist/init-walkthrough-merge.js

@@ -1,90 +0,0 @@
-/**
- * Merge walkthrough answers back into InitOptions.
- */
-import { execFileSync } from "child_process";
-import { runWalkthrough } from "./init-walkthrough.js";
-import { resolveInitPhrenPath, hasInstallMarkers } from "./init-detect.js";
-import { log } from "./init/shared.js";
-/**
- * Run the interactive walkthrough for first-time installs, merging answers into opts.
- * Mutates opts in-place and returns the (possibly updated) phrenPath and hasExistingInstall.
- */
-export async function mergeWalkthroughAnswers(phrenPath, hasExisting, opts) {
-    const answers = await runWalkthrough(phrenPath);
-    opts._walkthroughStorageChoice = answers.storageChoice;
-    opts._walkthroughStoragePath = answers.storagePath;
-    opts._walkthroughStorageRepoRoot = answers.storageRepoRoot;
-    const newPhrenPath = resolveInitPhrenPath(opts);
-    const newHasExisting = hasInstallMarkers(newPhrenPath);
-    opts.machine = opts.machine || answers.machine;
-    opts.profile = opts.profile || answers.profile;
-    opts.mcp = opts.mcp || answers.mcp;
-    opts.hooks = opts.hooks || answers.hooks;
-    opts.projectOwnershipDefault = opts.projectOwnershipDefault || answers.projectOwnershipDefault;
-    opts.findingsProactivity = opts.findingsProactivity || answers.findingsProactivity;
-    opts.taskProactivity = opts.taskProactivity || answers.taskProactivity;
-    if (typeof opts.lowConfidenceThreshold !== "number")
-        opts.lowConfidenceThreshold = answers.lowConfidenceThreshold;
-    if (!Array.isArray(opts.riskySections))
-        opts.riskySections = answers.riskySections;
-    opts.taskMode = opts.taskMode || answers.taskMode;
-    if (answers.cloneUrl) {
-        opts._walkthroughCloneUrl = answers.cloneUrl;
-    }
-    if (answers.githubRepo) {
-        opts._walkthroughGithub = { username: answers.githubUsername, repo: answers.githubRepo };
-    }
-    opts._walkthroughDomain = answers.domain;
-    if (answers.inferredScaffold) {
-        opts._walkthroughInferredScaffold = answers.inferredScaffold;
-    }
-    if (!answers.ollamaEnabled) {
-        process.env._PHREN_WALKTHROUGH_OLLAMA_SKIP = "1";
-    }
-    else {
-        opts._walkthroughSemanticSearch = true;
-    }
-    opts._walkthroughAutoCapture = answers.autoCaptureEnabled;
-    if (answers.semanticDedupEnabled) {
-        opts._walkthroughSemanticDedup = true;
-    }
-    if (answers.semanticConflictEnabled) {
-        opts._walkthroughSemanticConflict = true;
-    }
-    if (answers.findingSensitivity && answers.findingSensitivity !== "balanced") {
-        opts.findingSensitivity = answers.findingSensitivity;
-    }
-    opts._walkthroughBootstrapCurrentProject = answers.bootstrapCurrentProject;
-    opts._walkthroughBootstrapOwnership = answers.bootstrapOwnership;
-    return { phrenPath: newPhrenPath, hasExistingInstall: newHasExisting };
-}
-/**
- * Clone an existing phren from a remote URL.
- * @returns true if the clone succeeded (existing install), false otherwise
- */
-export function cloneExistingPhren(phrenPath, cloneUrl) {
-    log(`\nCloning existing phren from ${cloneUrl}...`);
-    try {
-        execFileSync("git", ["clone", cloneUrl, phrenPath], {
-            stdio: ["ignore", "pipe", "pipe"],
-            timeout: 60_000,
-        });
-        log(`  Cloned to ${phrenPath}`);
-        return true;
-    }
-    catch (e) {
-        log(`  Clone failed: ${e instanceof Error ? e.message : String(e)}`);
-        log("");
-        log("  ┌──────────────────────────────────────────────────────────────────┐");
-        log("  │  WARNING: Sync is NOT configured. Your phren data is local-only. │");
-        log("  │                                                                  │");
-        log("  │  To fix later:                                                   │");
-        log(`  │    cd ${phrenPath}`);
-        log("  │    git remote add origin <YOUR_REPO_URL>                         │");
-        log("  │    git push -u origin main                                       │");
-        log("  └──────────────────────────────────────────────────────────────────┘");
-        log("");
-        log(`  Continuing with fresh local-only install.`);
-        return false;
-    }
-}