@phren/cli 0.0.32 → 0.0.34

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (59) hide show
  1. package/mcp/dist/cli/actions.js +3 -0
  2. package/mcp/dist/cli/config.js +3 -3
  3. package/mcp/dist/cli/govern.js +18 -8
  4. package/mcp/dist/cli/hooks-context.js +1 -1
  5. package/mcp/dist/cli/hooks-session.js +18 -62
  6. package/mcp/dist/cli/namespaces.js +1 -1
  7. package/mcp/dist/cli/search.js +5 -5
  8. package/mcp/dist/cli-hooks-prompt.js +7 -3
  9. package/mcp/dist/cli-hooks-session-handlers.js +3 -15
  10. package/mcp/dist/cli-hooks-stop.js +10 -48
  11. package/mcp/dist/content/archive.js +8 -20
  12. package/mcp/dist/content/learning.js +29 -8
  13. package/mcp/dist/data/access.js +13 -4
  14. package/mcp/dist/finding/lifecycle.js +9 -3
  15. package/mcp/dist/governance/audit.js +13 -5
  16. package/mcp/dist/governance/policy.js +13 -0
  17. package/mcp/dist/governance/rbac.js +1 -1
  18. package/mcp/dist/governance/scores.js +2 -1
  19. package/mcp/dist/hooks.js +52 -6
  20. package/mcp/dist/index.js +1 -1
  21. package/mcp/dist/init/init.js +66 -45
  22. package/mcp/dist/init/shared.js +1 -1
  23. package/mcp/dist/init-bootstrap.js +0 -47
  24. package/mcp/dist/init-fresh.js +13 -18
  25. package/mcp/dist/init-uninstall.js +22 -0
  26. package/mcp/dist/init-walkthrough.js +19 -24
  27. package/mcp/dist/link/doctor.js +9 -0
  28. package/mcp/dist/package-metadata.js +1 -1
  29. package/mcp/dist/phren-art.js +4 -120
  30. package/mcp/dist/proactivity.js +1 -1
  31. package/mcp/dist/project-topics.js +16 -46
  32. package/mcp/dist/provider-adapters.js +1 -1
  33. package/mcp/dist/runtime-profile.js +1 -1
  34. package/mcp/dist/shared/data-utils.js +25 -0
  35. package/mcp/dist/shared/fragment-graph.js +4 -18
  36. package/mcp/dist/shared/index.js +14 -10
  37. package/mcp/dist/shared/ollama.js +23 -5
  38. package/mcp/dist/shared/process.js +24 -0
  39. package/mcp/dist/shared/retrieval.js +7 -4
  40. package/mcp/dist/shared/search-fallback.js +1 -0
  41. package/mcp/dist/shared.js +2 -1
  42. package/mcp/dist/shell/render.js +1 -1
  43. package/mcp/dist/skill/registry.js +1 -1
  44. package/mcp/dist/skill/state.js +0 -3
  45. package/mcp/dist/task/github.js +1 -0
  46. package/mcp/dist/task/lifecycle.js +1 -6
  47. package/mcp/dist/tools/config.js +415 -400
  48. package/mcp/dist/tools/finding.js +390 -373
  49. package/mcp/dist/tools/ops.js +372 -365
  50. package/mcp/dist/tools/search.js +495 -487
  51. package/mcp/dist/tools/session.js +3 -2
  52. package/mcp/dist/tools/skills.js +9 -0
  53. package/mcp/dist/ui/page.js +1 -1
  54. package/mcp/dist/ui/server.js +645 -1040
  55. package/mcp/dist/utils.js +12 -8
  56. package/package.json +1 -1
  57. package/mcp/dist/init-dryrun.js +0 -55
  58. package/mcp/dist/init-migrate.js +0 -51
  59. package/mcp/dist/init-walkthrough-merge.js +0 -90
package/mcp/dist/tools/session.js CHANGED
@@ -166,7 +166,8 @@ function writeLastSummary(phrenPath, summary, sessionId, project) {
166
166
  debugError("writeLastSummary", err);
167
167
  }
168
168
  }
169
- /** Find the most recent session with a summary (including ended sessions). */
169
+ /** Find the most recent session with a summary (including ended sessions).
170
+ * @internal Exported for tests. */
170
171
  export function findMostRecentSummary(phrenPath) {
171
172
  return findMostRecentSummaryWithProject(phrenPath).summary;
172
173
  }
@@ -352,7 +353,7 @@ function hasCompletedTasksInSession(phrenPath, sessionId, project) {
352
353
  return artifacts.tasks.some((task) => task.section === "Done" && task.checked);
353
354
  }
354
355
  /** Compute what changed since the last session ended. */
355
- export function computeSessionDiff(phrenPath, project, lastSessionEnd) {
356
+ function computeSessionDiff(phrenPath, project, lastSessionEnd) {
356
357
  const projectDir = path.join(phrenPath, project);
357
358
  const findingsPath = path.join(projectDir, "FINDINGS.md");
358
359
  if (!fs.existsSync(findingsPath))
package/mcp/dist/tools/skills.js CHANGED
@@ -80,6 +80,15 @@ export function register(server, ctx) {
80
80
  if ("error" in result) {
81
81
  return mcpResponse({ ok: false, error: result.error });
82
82
  }
83
+ // Verify skill path doesn't escape phren via symlink
84
+ try {
85
+ const realPath = fs.realpathSync(result.path);
86
+ const phrenReal = fs.realpathSync(phrenPath);
87
+ if (!realPath.startsWith(phrenReal + path.sep) && !realPath.startsWith(path.dirname(phrenReal) + path.sep)) {
88
+ return mcpResponse({ ok: false, error: `Skill path resolves outside phren store.` });
89
+ }
90
+ }
91
+ catch { /* path doesn't exist or can't resolve — let readFileSync handle it */ }
83
92
  const content = fs.readFileSync(result.path, "utf8");
84
93
  const { frontmatter, body } = parseSkillFrontmatter(content);
85
94
  const { valid, errors } = validateSkillFrontmatter(content, result.path);
package/mcp/dist/ui/page.js CHANGED
@@ -9,7 +9,7 @@ function h(s) {
9
9
  .replace(/>/g, ">")
10
10
  .replace(/"/g, """);
11
11
  }
12
- export function renderWebUiPage(phrenPath, authToken, nonce) {
12
+ export function renderWebUiPage(_phrenPath, authToken, nonce) {
13
13
  const nonceAttr = nonce ? ` nonce="${h(nonce)}"` : "";
14
14
  return `<!doctype html>
15
15
  <html lang="en">