@plur-ai/cli 0.9.9 → 0.9.11

package/dist/commands/init-remote.js

@@ -0,0 +1,298 @@
+import {
+  outputText
+} from "./chunk-7U4W4J3G.js";
+
+// src/commands/init-remote.ts
+import { existsSync, readFileSync, writeFileSync, appendFileSync } from "fs";
+import { dirname, join, resolve } from "path";
+import { homedir } from "os";
+var HELP = `plur init-remote \u2014 opt this project into recall from PLUR Enterprise
+
+USAGE
+  plur init-remote --url <enterprise-url> --token <api-key> [--scopes <list>]
+  plur init-remote --verify   Check connectivity against existing .plur.yaml
+
+OPTIONS
+  --url URL           Enterprise base URL, e.g. https://plur.datafund.io
+  --token KEY         API key for authentication
+  --scopes SCOPES     Optional comma-separated scope whitelist
+                      e.g. "org:plur,group:plur/engineering"
+  --no-gitignore      Skip adding .plur.yaml to .gitignore (NOT RECOMMENDED \u2014
+                      the token is sensitive)
+  --verify            Read existing .plur.yaml and test the /api/v1/me
+                      endpoint against the configured remote
+
+WHAT THIS DOES
+  Writes .plur.yaml in the current directory with remote_url, remote_token,
+  and optional remote_scopes fields. The UserPromptSubmit hook will then
+  call \${remote_url}/api/v1/inject for each prompt (before falling back to
+  local PLUR). The hook walks upward from the current working directory to
+  find .plur.yaml, so you can work from any subdirectory.
+
+  WITHOUT this command, projects stay 100% local-only and Enterprise
+  never sees their prompts.
+`;
+function parseArgs(args) {
+  const out = {};
+  const consumeValue = (i, flag) => {
+    const next = args[i + 1];
+    if (next === void 0 || next.startsWith("--")) {
+      return { error: `${flag} requires a value (got ${next === void 0 ? "nothing" : `another flag: ${next}`})` };
+    }
+    return { value: next };
+  };
+  for (let i = 0; i < args.length; i++) {
+    const a = args[i];
+    if (a === "--help" || a === "-h") {
+      out.help = true;
+      continue;
+    }
+    if (a === "--verify") {
+      out.verify = true;
+      continue;
+    }
+    if (a === "--no-gitignore") {
+      out.noGitignore = true;
+      continue;
+    }
+    if (a === "--url" || a === "--token" || a === "--scopes") {
+      const r = consumeValue(i, a);
+      if ("error" in r) return r;
+      i++;
+      if (a === "--url") out.url = r.value;
+      if (a === "--token") out.token = r.value;
+      if (a === "--scopes") out.scopes = r.value.split(",").map((s) => s.trim()).filter(Boolean);
+      continue;
+    }
+  }
+  return out;
+}
+function stripRemoteKeys(content) {
+  const lines = content.split("\n");
+  const out = [];
+  let skippingList = false;
+  const REMOTE_KEY = /^remote_(url|token|scopes)\s*:(.*)$/;
+  for (const line of lines) {
+    const trimmed = line.trim();
+    if (skippingList) {
+      if (trimmed === "" || trimmed.startsWith("-")) continue;
+      skippingList = false;
+    }
+    const m = trimmed.match(REMOTE_KEY);
+    if (m) {
+      const key = m[1];
+      const rest = m[2].trim();
+      if (key === "scopes" && (rest === "" || rest === "|" || rest === ">")) {
+        skippingList = true;
+      }
+      continue;
+    }
+    out.push(line);
+  }
+  while (out.length > 0 && out[out.length - 1].trim() === "") out.pop();
+  return out.join("\n");
+}
+function buildConfigBody(existing, url, token, scopes) {
+  const stripped = stripRemoteKeys(existing);
+  const sep = stripped.length > 0 && !stripped.endsWith("\n") ? "\n\n" : stripped.length > 0 ? "\n" : "";
+  const block = [];
+  block.push("# --- PLUR Enterprise remote (opt-in for this project) ---");
+  block.push("# remote_token is sensitive \u2014 keep .plur.yaml in .gitignore.");
+  block.push(`remote_url: ${url}`);
+  block.push(`remote_token: ${token}`);
+  if (scopes && scopes.length > 0) {
+    block.push("remote_scopes:");
+    for (const s of scopes) block.push(`  - ${s}`);
+  }
+  return stripped + sep + block.join("\n") + "\n";
+}
+function ensureGitignore() {
+  const home = resolve(homedir());
+  let dir = resolve(process.cwd());
+  let gitignorePath = null;
+  const MAX_DEPTH = 12;
+  for (let depth = 0; depth < MAX_DEPTH; depth++) {
+    const candidate = join(dir, ".gitignore");
+    if (existsSync(candidate)) {
+      gitignorePath = candidate;
+      break;
+    }
+    if (existsSync(join(dir, ".git"))) break;
+    if (dir === home || dir === "/" || dir === ".") break;
+    const parent = dirname(dir);
+    if (parent === dir) break;
+    dir = parent;
+  }
+  const PATTERN = ".plur.yaml";
+  if (!gitignorePath) {
+    const newPath = join(process.cwd(), ".gitignore");
+    writeFileSync(newPath, `# Added by 'plur init-remote' \u2014 .plur.yaml may hold an API token
+${PATTERN}
+`);
+    return { path: newPath, action: "created" };
+  }
+  const content = readFileSync(gitignorePath, "utf8");
+  const already = content.split("\n").some((l) => l.trim() === PATTERN);
+  if (already) return { path: gitignorePath, action: "already" };
+  const sep = content.endsWith("\n") ? "" : "\n";
+  appendFileSync(gitignorePath, `${sep}# Added by 'plur init-remote' \u2014 .plur.yaml may hold an API token
+${PATTERN}
+`);
+  return { path: gitignorePath, action: "added" };
+}
+function findExistingConfigPath() {
+  const home = resolve(homedir());
+  let dir = resolve(process.cwd());
+  const MAX_DEPTH = 12;
+  for (let depth = 0; depth < MAX_DEPTH; depth++) {
+    if (dir !== home) {
+      const candidate = join(dir, ".plur.yaml");
+      if (existsSync(candidate)) return candidate;
+    }
+    if (existsSync(join(dir, ".git"))) return null;
+    if (dir === home || dir === "/" || dir === ".") return null;
+    const parent = dirname(dir);
+    if (parent === dir) return null;
+    dir = parent;
+  }
+  return null;
+}
+function readRemoteFromConfig(path) {
+  if (!existsSync(path)) return {};
+  const content = readFileSync(path, "utf8");
+  const out = {};
+  for (const line of content.split("\n")) {
+    const trimmed = line.trim();
+    if (trimmed.startsWith("#") || !trimmed) continue;
+    const m = trimmed.match(/^(remote_url|remote_token)\s*:\s*(.+)$/);
+    if (m) {
+      if (m[1] === "remote_url") out.url = m[2].trim();
+      if (m[1] === "remote_token") out.token = m[2].trim();
+    }
+  }
+  return out;
+}
+async function verifyConnectivity(url, token) {
+  let base;
+  try {
+    base = new URL(url).origin;
+  } catch {
+    throw new Error(`Invalid URL: ${url}`);
+  }
+  const probeUrl = `${base}/api/v1/me`;
+  const ctrl = new AbortController();
+  const timer = setTimeout(() => ctrl.abort(), 5e3);
+  try {
+    const r = await fetch(probeUrl, {
+      signal: ctrl.signal,
+      headers: { "authorization": `Bearer ${token}`, "accept": "application/json" }
+    });
+    if (r.status === 401) throw new Error(`401 Unauthorized \u2014 check your API token`);
+    if (r.status === 403) throw new Error(`403 Forbidden \u2014 token lacks /me access`);
+    if (!r.ok) throw new Error(`HTTP ${r.status} from ${probeUrl}`);
+    const data = await r.json();
+    if (!data.username) throw new Error(`Unexpected response shape from ${probeUrl}`);
+    return {
+      username: data.username,
+      org_id: data.org_id ?? "(unknown)",
+      scopes: Array.isArray(data.scopes) ? data.scopes : []
+    };
+  } finally {
+    clearTimeout(timer);
+  }
+}
+async function run(args, flags) {
+  const parsed = parseArgs(args);
+  if ("error" in parsed) {
+    outputText(`Error: ${parsed.error}
+
+${HELP}`, flags);
+    process.exit(1);
+  }
+  const opts = parsed;
+  if (opts.help) {
+    outputText(HELP, flags);
+    return;
+  }
+  const configPath = join(process.cwd(), ".plur.yaml");
+  if (opts.verify) {
+    const verifyPath = findExistingConfigPath() ?? configPath;
+    const cfg = readRemoteFromConfig(verifyPath);
+    if (!cfg.url || !cfg.token) {
+      outputText(`No remote config found (walked upward from ${process.cwd()}). Run \`plur init-remote --url <url> --token <key>\` first.`, flags);
+      process.exit(1);
+    }
+    outputText(`Using config at ${verifyPath}`, flags);
+    try {
+      const me = await verifyConnectivity(cfg.url, cfg.token);
+      outputText(`\u2713 Connected to ${cfg.url} as ${me.username} (org: ${me.org_id})`, flags);
+      outputText(`  readable scopes: ${me.scopes.length === 0 ? "(none)" : me.scopes.join(", ")}`, flags);
+    } catch (err) {
+      outputText(`\u2717 Connection failed: ${err.message}`, flags);
+      process.exit(2);
+    }
+    return;
+  }
+  if (!opts.url || !opts.token) {
+    outputText(`Missing required flags.
+${HELP}`, flags);
+    process.exit(1);
+  }
+  if (/[\n\r\t]/.test(opts.token)) {
+    outputText(`Error: token contains newline/tab characters. Refusing to write a corrupt config.`, flags);
+    process.exit(1);
+  }
+  try {
+    const u = new URL(opts.url);
+    if (u.protocol !== "http:" && u.protocol !== "https:") {
+      outputText(`Error: remote_url must be http:// or https:// (got ${u.protocol})`, flags);
+      process.exit(1);
+    }
+  } catch {
+    outputText(`Error: remote_url is not a valid URL: ${opts.url}`, flags);
+    process.exit(1);
+  }
+  outputText(`Testing connectivity to ${opts.url}...`, flags);
+  try {
+    const me = await verifyConnectivity(opts.url, opts.token);
+    outputText(`\u2713 Authenticated as ${me.username} (org: ${me.org_id})`, flags);
+    outputText(`  readable scopes: ${me.scopes.length === 0 ? "(none)" : me.scopes.join(", ")}`, flags);
+  } catch (err) {
+    outputText(`\u2717 Connection failed: ${err.message}`, flags);
+    outputText(`  Refusing to write a broken config. Fix the URL/token and re-run.`, flags);
+    process.exit(2);
+  }
+  const existing = existsSync(configPath) ? readFileSync(configPath, "utf8") : "";
+  const next = buildConfigBody(existing, opts.url, opts.token, opts.scopes);
+  writeFileSync(configPath, next);
+  outputText(`\u2713 Wrote ${configPath}`, flags);
+  if (opts.scopes && opts.scopes.length > 0) {
+    outputText(`  scope whitelist: ${opts.scopes.join(", ")}`, flags);
+  } else {
+    outputText(`  scope whitelist: (none \u2014 hook will query all readable scopes)`, flags);
+  }
+  if (!opts.noGitignore) {
+    const gi = ensureGitignore();
+    if (gi.action === "added") outputText(`\u2713 Added .plur.yaml to ${gi.path}`, flags);
+    else if (gi.action === "created") outputText(`\u2713 Created ${gi.path} with .plur.yaml entry`, flags);
+    else outputText(`\u2713 ${gi.path} already excludes .plur.yaml`, flags);
+  } else {
+    outputText(`\u26A0 Skipped .gitignore (--no-gitignore). The token in .plur.yaml is sensitive.`, flags);
+  }
+  outputText(`
+Done. The UserPromptSubmit hook will now query ${opts.url} on every prompt`, flags);
+  outputText(`from this directory tree (bounded by the nearest .git). Personal/non-project`, flags);
+  outputText(`sessions (without a .plur.yaml in the path) stay local-only.`, flags);
+  outputText(``, flags);
+  outputText(`\u26A0 Token sensitivity:`, flags);
+  outputText(`  .plur.yaml now contains an API token in plaintext.`, flags);
+  outputText(`  - .gitignore protects against git commits but NOT against cloud sync`, flags);
+  outputText(`    (iCloud Drive, Dropbox, Google Drive). If this project lives in a`, flags);
+  outputText(`    synced folder, the token will leave your machine.`, flags);
+  outputText(`  - Also not protected: \`cp -r\`, \`zip\`, \`rsync\`, archived backups.`, flags);
+  outputText(`  - Consider moving the token to an env var if your project ships with`, flags);
+  outputText(`    others (future: env-var substitution in .plur.yaml).`, flags);
+}
+export {
+  run
+};

package/dist/commands/init.js

@@ -11,115 +11,153 @@ import {
 } from "./chunk-7U4W4J3G.js";
 
 // src/commands/init.ts
-import { existsSync, readFileSync, writeFileSync, mkdirSync } from "fs";
-import { join } from "path";
-import { homedir } from "os";
-var CLI = "npx @plur-ai/cli";
-var PLUR_HOOKS_ENFORCEMENT = {
-  SessionStart: [
-    {
-      hooks: [
-        { type: "command", command: `${CLI} hook-session-remind`, timeout: 3 }
-      ]
-    }
-  ],
-  PreToolUse: [
-    // Session guard — blocks all tools until plur_session_start is called.
-    // Must be first so it runs before any other PreToolUse hook.
-    {
-      matcher: "*",
-      hooks: [
-        { type: "command", command: `${CLI} hook-session-guard`, timeout: 3 }
-      ]
-    }
-  ],
-  PostToolUse: [
-    // Session sentinel — creates marker file after plur_session_start succeeds
-    {
-      matcher: "mcp__plur__plur_session_start",
-      hooks: [
-        { type: "command", command: `${CLI} hook-session-mark`, timeout: 3 }
-      ]
-    }
-  ]
-};
-var PLUR_HOOKS_INJECTION = {
-  // First message: inject engrams based on the prompt.
-  // Subsequent messages: periodic reminder to call plur_learn (~1ms skip).
-  UserPromptSubmit: [
-    {
-      hooks: [
-        { type: "command", command: `${CLI} hook-inject`, timeout: 15 }
-      ]
-    }
-  ],
-  // Re-inject after context compaction so engrams survive long conversations.
-  PostCompact: [
-    {
-      matcher: "auto|manual",
-      hooks: [
-        { type: "command", command: `${CLI} hook-inject --rehydrate`, timeout: 15 }
-      ]
-    }
-  ],
-  PreToolUse: [
-    // Full injection when entering plan mode — planning needs broad context
-    {
-      matcher: "EnterPlanMode",
-      hooks: [
-        { type: "command", command: `${CLI} hook-inject --event plan_mode`, timeout: 10 }
-      ]
-    },
-    // Domain-specific engrams when a skill is invoked
-    {
-      matcher: "Skill",
-      hooks: [
-        { type: "command", command: `${CLI} hook-inject --event skill`, timeout: 10 }
-      ]
-    },
-    // Agent-scoped engrams when spawning an agent
-    {
-      matcher: "Agent",
-      hooks: [
-        { type: "command", command: `${CLI} hook-inject --event agent`, timeout: 10 }
-      ]
-    },
-    // Observation capture — log tool calls for offline pattern extraction
-    {
-      matcher: "Bash|Edit|Write|Agent",
-      hooks: [
-        { type: "command", command: `${CLI} hook-observe`, timeout: 3 }
-      ]
-    }
-  ],
-  PostToolUse: [
-    {
-      matcher: "Bash|Edit|Write|Agent",
-      hooks: [
-        { type: "command", command: `${CLI} hook-observe --post`, timeout: 3 }
-      ]
-    }
-  ],
-  // Inject agent-scoped engrams into subagent context
-  SubagentStart: [
-    {
-      matcher: ".*",
-      hooks: [
-        { type: "command", command: `${CLI} hook-inject --event subagent`, timeout: 10 }
-      ]
-    }
-  ],
-  // Learning reflection — nudge the LLM to call plur_learn after responses
-  // where it discovered or learned something. Fires every 3rd Stop to avoid fatigue.
-  Stop: [
-    {
-      matcher: "*",
-      hooks: [
-        { type: "command", command: `${CLI} hook-learn-check`, timeout: 2 }
-      ]
+import { existsSync, readFileSync, writeFileSync, mkdirSync, chmodSync } from "fs";
+import { join, dirname } from "path";
+import { fileURLToPath } from "url";
+import { homedir, platform } from "os";
+function resolveCliEntrypoint() {
+  const thisFile = fileURLToPath(import.meta.url);
+  return join(dirname(thisFile), "..", "index.js");
+}
+function shimPath() {
+  const name = platform() === "win32" ? "plur-hook.cmd" : "plur-hook";
+  return join(homedir(), ".plur", "bin", name);
+}
+function installHookBinary() {
+  const binDir = join(homedir(), ".plur", "bin");
+  mkdirSync(binDir, { recursive: true });
+  const entrypoint = resolveCliEntrypoint();
+  const nodeBin = process.execPath;
+  if (!existsSync(entrypoint)) {
+    return { shimPath: "", status: `error: CLI entrypoint not found at ${entrypoint}` };
+  }
+  const target = shimPath();
+  if (platform() === "win32") {
+    writeFileSync(target, `@echo off\r
+"${nodeBin}" "${entrypoint}" %*\r
+`);
+  } else {
+    writeFileSync(target, `#!/bin/sh
+exec "${nodeBin}" "${entrypoint}" "$@"
+`, { mode: 493 });
+    try {
+      chmodSync(target, 493);
+    } catch {
     }
-  ]
-};
+  }
+  const meta = { entrypoint, node: nodeBin, installed: (/* @__PURE__ */ new Date()).toISOString() };
+  writeFileSync(join(binDir, "plur-hook.meta.json"), JSON.stringify(meta, null, 2) + "\n");
+  return { shimPath: target, status: "installed" };
+}
+function buildEnforcementHooks(cmd) {
+  return {
+    SessionStart: [
+      {
+        hooks: [
+          { type: "command", command: `${cmd} hook-session-remind`, timeout: 3 }
+        ]
+      }
+    ],
+    PreToolUse: [
+      // Session guard — blocks all tools until plur_session_start is called.
+      // Must be first so it runs before any other PreToolUse hook.
+      {
+        matcher: "*",
+        hooks: [
+          { type: "command", command: `${cmd} hook-session-guard`, timeout: 3 }
+        ]
+      }
+    ],
+    PostToolUse: [
+      // Session sentinel — creates marker file after plur_session_start succeeds
+      {
+        matcher: "mcp__plur__plur_session_start",
+        hooks: [
+          { type: "command", command: `${cmd} hook-session-mark`, timeout: 3 }
+        ]
+      }
+    ]
+  };
+}
+function buildInjectionHooks(cmd) {
+  return {
+    // First message: inject engrams based on the prompt.
+    // Subsequent messages: periodic reminder to call plur_learn (~1ms skip).
+    UserPromptSubmit: [
+      {
+        hooks: [
+          { type: "command", command: `${cmd} hook-inject`, timeout: 15 }
+        ]
+      }
+    ],
+    // Re-inject after context compaction so engrams survive long conversations.
+    PostCompact: [
+      {
+        matcher: "auto|manual",
+        hooks: [
+          { type: "command", command: `${cmd} hook-inject --rehydrate`, timeout: 15 }
+        ]
+      }
+    ],
+    PreToolUse: [
+      // Full injection when entering plan mode — planning needs broad context
+      {
+        matcher: "EnterPlanMode",
+        hooks: [
+          { type: "command", command: `${cmd} hook-inject --event plan_mode`, timeout: 10 }
+        ]
+      },
+      // Domain-specific engrams when a skill is invoked
+      {
+        matcher: "Skill",
+        hooks: [
+          { type: "command", command: `${cmd} hook-inject --event skill`, timeout: 10 }
+        ]
+      },
+      // Agent-scoped engrams when spawning an agent
+      {
+        matcher: "Agent",
+        hooks: [
+          { type: "command", command: `${cmd} hook-inject --event agent`, timeout: 10 }
+        ]
+      },
+      // Observation capture — log tool calls for offline pattern extraction
+      {
+        matcher: "Bash|Edit|Write|Agent",
+        hooks: [
+          { type: "command", command: `${cmd} hook-observe`, timeout: 3 }
+        ]
+      }
+    ],
+    PostToolUse: [
+      {
+        matcher: "Bash|Edit|Write|Agent",
+        hooks: [
+          { type: "command", command: `${cmd} hook-observe --post`, timeout: 3 }
+        ]
+      }
+    ],
+    // Inject agent-scoped engrams into subagent context
+    SubagentStart: [
+      {
+        matcher: ".*",
+        hooks: [
+          { type: "command", command: `${cmd} hook-inject --event subagent`, timeout: 10 }
+        ]
+      }
+    ],
+    // Learning reflection — nudge the LLM to call plur_learn after responses
+    // where it discovered or learned something. Fires every 3rd Stop to avoid fatigue.
+    Stop: [
+      {
+        matcher: "*",
+        hooks: [
+          { type: "command", command: `${cmd} hook-learn-check`, timeout: 2 }
+        ]
+      }
+    ]
+  };
+}
 function mergeHookMaps(a, b) {
   const out = {};
   for (const [event, entries] of Object.entries(a)) out[event] = [...entries];
@@ -224,7 +262,9 @@ function loadSettings(path) {
   }
 }
 function isPlurHook(entry) {
-  return (entry.hooks ?? []).some((h) => h.command.includes("@plur-ai/cli"));
+  return (entry.hooks ?? []).some(
+    (h) => h.command.includes("@plur-ai/cli") || h.command.includes(".plur/bin/plur-hook")
+  );
 }
 function hasPlurHooks(settings) {
   const hooks = settings.hooks ?? {};
@@ -278,6 +318,10 @@ function hooksStatusFor(before, after, hadHooks) {
   return before === after ? "already up to date" : "upgraded";
 }
 async function run(args, flags) {
+  const shim = installHookBinary();
+  const cmd = shim.shimPath || "npx @plur-ai/cli";
+  const PLUR_HOOKS_ENFORCEMENT = buildEnforcementHooks(cmd);
+  const PLUR_HOOKS_INJECTION = buildInjectionHooks(cmd);
   const injectionPath = findSettingsPath(flags, args);
   const enforcementPath = join(homedir(), ".claude", "settings.json");
   const samePath = injectionPath === enforcementPath;
@@ -330,6 +374,8 @@ async function run(args, flags) {
   const entry = buildMcpServerEntry();
   outputText("PLUR installed for Claude Code.");
   outputText("");
+  outputText(`Hook binary: ${shim.status}${shim.shimPath ? ` (${shim.shimPath})` : ""}`);
+  outputText("");
   outputText("Architecture: One global engram store (~/.plur/), enforcement hooks global, injection hooks project-scoped.");
   outputText("Multi-project scoping via domain/scope fields on engrams, not separate installs.");
   outputText("");

package/dist/commands/stores.js

@@ -29,7 +29,7 @@ async function run(args, flags) {
     return;
   }
   if (!subcommand || subcommand === "list") {
-    const storeList = plur.listStores();
+    const storeList = await plur.listStoresAsync();
     if (shouldOutputJson(flags)) {
       outputJson({ stores: storeList, count: storeList.length });
     } else {