@rafter-security/cli 0.6.6 → 0.7.1

package/dist/commands/agent/init.js

@@ -13,21 +13,33 @@ import { fmt } from "../../utils/formatter.js";
 import { injectInstructionFile } from "./instruction-block.js";
 const __filename = fileURLToPath(import.meta.url);
 const __dirname = path.dirname(__filename);
+/**
+ * Skills installed by `rafter agent init` for Claude Code / Codex.
+ *
+ * Sourced from `resources/skills/<name>/SKILL.md` in the shipped package.
+ * Keep this list in sync with Python's installer and the skills that actually
+ * ship in both resources/skills/ trees.
+ */
+const AGENT_SKILLS = [
+    { name: "rafter", description: "Rafter Remote" },
+    { name: "rafter-agent-security", description: "Rafter Agent Security" },
+    { name: "rafter-secure-design", description: "Rafter Secure Design" },
+    { name: "rafter-code-review", description: "Rafter Code Review" },
+];
 /**
  * Install global instruction files for platforms that support them.
  *
- * Only Claude Code (~/.claude/CLAUDE.md) and Cursor (~/.cursor/rules/*.mdc)
- * have confirmed global instruction file paths. Other platforms (Codex, Gemini,
- * Windsurf, Continue.dev, Aider) only support project-level instruction files
- * (AGENTS.md, GEMINI.md, .windsurfrules, .continuerules, .aider/conventions.md)
- * which are handled by `rafter agent init-project` (not yet implemented).
+ * User scope: Claude Code (~/.claude/CLAUDE.md), Cursor (~/.cursor/rules/*.mdc).
+ * Project scope: both platforms also honor <cwd>/.claude/CLAUDE.md and
+ * <cwd>/.cursor/rules/*.mdc. Other platforms (Codex, Gemini, Windsurf,
+ * Continue.dev, Aider) have project-only instruction file conventions
+ * (AGENTS.md, GEMINI.md, etc.) handled by `rafter agent init-project`.
  */
-function installGlobalInstructions(platforms) {
-    const homeDir = os.homedir();
-    // Claude Code — ~/.claude/CLAUDE.md (confirmed global instruction file)
+function installGlobalInstructions(platforms, root) {
+    // Claude Code — <root>/.claude/CLAUDE.md
     if (platforms.claudeCode) {
         try {
-            const filePath = path.join(homeDir, ".claude", "CLAUDE.md");
+            const filePath = path.join(root, ".claude", "CLAUDE.md");
             injectInstructionFile(filePath);
             console.log(fmt.success(`Installed Rafter instructions to ${filePath}`));
         }
@@ -35,10 +47,10 @@ function installGlobalInstructions(platforms) {
             console.log(fmt.warning(`Failed to write Claude Code instructions: ${e}`));
         }
     }
-    // Cursor — ~/.cursor/rules/rafter-security.mdc (global rules directory, markdown format)
+    // Cursor — <root>/.cursor/rules/rafter-security.mdc
     if (platforms.cursor) {
         try {
-            const filePath = path.join(homeDir, ".cursor", "rules", "rafter-security.mdc");
+            const filePath = path.join(root, ".cursor", "rules", "rafter-security.mdc");
             injectInstructionFile(filePath);
             console.log(fmt.success(`Installed Rafter instructions to ${filePath}`));
         }
@@ -47,10 +59,9 @@ function installGlobalInstructions(platforms) {
         }
     }
 }
-function installClaudeCodeHooks() {
-    const homeDir = os.homedir();
-    const settingsPath = path.join(homeDir, ".claude", "settings.json");
-    const claudeDir = path.join(homeDir, ".claude");
+function installClaudeCodeHooks(root) {
+    const settingsPath = path.join(root, ".claude", "settings.json");
+    const claudeDir = path.join(root, ".claude");
     if (!fs.existsSync(claudeDir)) {
         fs.mkdirSync(claudeDir, { recursive: true });
     }
@@ -90,9 +101,8 @@ function installClaudeCodeHooks() {
     console.log(fmt.success(`Installed PreToolUse hooks to ${settingsPath}`));
     console.log(fmt.success(`Installed PostToolUse hooks to ${settingsPath}`));
 }
-function installCodexHooks() {
-    const homeDir = os.homedir();
-    const codexDir = path.join(homeDir, ".codex");
+function installCodexHooks(root) {
+    const codexDir = path.join(root, ".codex");
     if (!fs.existsSync(codexDir)) {
         fs.mkdirSync(codexDir, { recursive: true });
     }
@@ -123,9 +133,8 @@ function installCodexHooks() {
     fs.writeFileSync(hooksPath, JSON.stringify(config, null, 2), "utf-8");
     console.log(fmt.success(`Installed hooks to ${hooksPath}`));
 }
-function installCursorHooks() {
-    const homeDir = os.homedir();
-    const cursorDir = path.join(homeDir, ".cursor");
+function installCursorHooks(root) {
+    const cursorDir = path.join(root, ".cursor");
     if (!fs.existsSync(cursorDir)) {
         fs.mkdirSync(cursorDir, { recursive: true });
     }
@@ -155,9 +164,8 @@ function installCursorHooks() {
     fs.writeFileSync(hooksPath, JSON.stringify(config, null, 2), "utf-8");
     console.log(fmt.success(`Installed hooks to ${hooksPath}`));
 }
-function installGeminiHooks() {
-    const homeDir = os.homedir();
-    const geminiDir = path.join(homeDir, ".gemini");
+function installGeminiHooks(root) {
+    const geminiDir = path.join(root, ".gemini");
     if (!fs.existsSync(geminiDir)) {
         fs.mkdirSync(geminiDir, { recursive: true });
     }
@@ -191,9 +199,8 @@ function installGeminiHooks() {
     fs.writeFileSync(settingsPath, JSON.stringify(settings, null, 2), "utf-8");
     console.log(fmt.success(`Installed hooks to ${settingsPath}`));
 }
-function installWindsurfHooks() {
-    const homeDir = os.homedir();
-    const windsurfDir = path.join(homeDir, ".windsurf");
+function installWindsurfHooks(root) {
+    const windsurfDir = path.join(root, ".windsurf");
     if (!fs.existsSync(windsurfDir)) {
         fs.mkdirSync(windsurfDir, { recursive: true });
     }
@@ -227,9 +234,8 @@ function installWindsurfHooks() {
     fs.writeFileSync(hooksPath, JSON.stringify(config, null, 2), "utf-8");
     console.log(fmt.success(`Installed hooks to ${hooksPath}`));
 }
-function installContinueDevHooks() {
-    const homeDir = os.homedir();
-    const continueDir = path.join(homeDir, ".continue");
+function installContinueDevHooks(root) {
+    const continueDir = path.join(root, ".continue");
     if (!fs.existsSync(continueDir)) {
         fs.mkdirSync(continueDir, { recursive: true });
     }
@@ -267,9 +273,8 @@ const RAFTER_MCP_ENTRY = {
 /**
  * Install MCP server config for Gemini CLI (~/.gemini/settings.json)
  */
-function installGeminiMcp() {
-    const homeDir = os.homedir();
-    const geminiDir = path.join(homeDir, ".gemini");
+function installGeminiMcp(root) {
+    const geminiDir = path.join(root, ".gemini");
     const settingsPath = path.join(geminiDir, "settings.json");
     if (!fs.existsSync(geminiDir)) {
         fs.mkdirSync(geminiDir, { recursive: true });
@@ -293,9 +298,8 @@ function installGeminiMcp() {
 /**
  * Install MCP server config for Cursor (~/.cursor/mcp.json)
  */
-function installCursorMcp() {
-    const homeDir = os.homedir();
-    const cursorDir = path.join(homeDir, ".cursor");
+function installCursorMcp(root) {
+    const cursorDir = path.join(root, ".cursor");
     const mcpPath = path.join(cursorDir, "mcp.json");
     if (!fs.existsSync(cursorDir)) {
         fs.mkdirSync(cursorDir, { recursive: true });
@@ -319,9 +323,8 @@ function installCursorMcp() {
 /**
  * Install MCP server config for Windsurf (~/.codeium/windsurf/mcp_config.json)
  */
-function installWindsurfMcp() {
-    const homeDir = os.homedir();
-    const windsurfDir = path.join(homeDir, ".codeium", "windsurf");
+function installWindsurfMcp(root) {
+    const windsurfDir = path.join(root, ".codeium", "windsurf");
     const mcpPath = path.join(windsurfDir, "mcp_config.json");
     if (!fs.existsSync(windsurfDir)) {
         fs.mkdirSync(windsurfDir, { recursive: true });
@@ -345,9 +348,8 @@ function installWindsurfMcp() {
 /**
  * Install MCP server config for Continue.dev (~/.continue/config.json)
  */
-function installContinueDevMcp() {
-    const homeDir = os.homedir();
-    const continueDir = path.join(homeDir, ".continue");
+function installContinueDevMcp(root) {
+    const continueDir = path.join(root, ".continue");
     const configPath = path.join(continueDir, "config.json");
     if (!fs.existsSync(continueDir)) {
         fs.mkdirSync(continueDir, { recursive: true });
@@ -384,9 +386,8 @@ function installContinueDevMcp() {
  * Install MCP config for Aider (~/.aider.conf.yml)
  * Aider uses YAML config with mcpServers list
  */
-function installAiderMcp() {
-    const homeDir = os.homedir();
-    const configPath = path.join(homeDir, ".aider.conf.yml");
+function installAiderMcp(root) {
+    const configPath = path.join(root, ".aider.conf.yml");
     // Aider's YAML config is simple — we append the MCP flag if not present
     let content = "";
     if (fs.existsSync(configPath)) {
@@ -403,73 +404,31 @@ function installAiderMcp() {
     console.log(fmt.success(`Installed Rafter MCP server to ${configPath}`));
     return true;
 }
-async function installClaudeCodeSkills() {
-    const homeDir = os.homedir();
-    const claudeSkillsDir = path.join(homeDir, ".claude", "skills");
-    // Ensure .claude/skills directory exists
-    if (!fs.existsSync(claudeSkillsDir)) {
-        fs.mkdirSync(claudeSkillsDir, { recursive: true });
-    }
-    // Install Backend Skill
-    const backendSkillDir = path.join(claudeSkillsDir, "rafter");
-    const backendSkillPath = path.join(backendSkillDir, "SKILL.md");
-    const backendTemplatePath = path.join(__dirname, "..", "..", "..", "resources", "skills", "rafter", "SKILL.md");
-    if (!fs.existsSync(backendSkillDir)) {
-        fs.mkdirSync(backendSkillDir, { recursive: true });
-    }
-    if (fs.existsSync(backendTemplatePath)) {
-        fs.copyFileSync(backendTemplatePath, backendSkillPath);
-        console.log(fmt.success(`Installed Rafter Backend skill to ${backendSkillPath}`));
-    }
-    else {
-        console.log(fmt.warning(`Backend skill template not found at ${backendTemplatePath}`));
-    }
-    // Install Agent Security Skill
-    const agentSkillDir = path.join(claudeSkillsDir, "rafter-agent-security");
-    const agentSkillPath = path.join(agentSkillDir, "SKILL.md");
-    const agentTemplatePath = path.join(__dirname, "..", "..", "..", "resources", "skills", "rafter-agent-security", "SKILL.md");
-    if (!fs.existsSync(agentSkillDir)) {
-        fs.mkdirSync(agentSkillDir, { recursive: true });
+function installSkillsTo(skillsDir) {
+    if (!fs.existsSync(skillsDir)) {
+        fs.mkdirSync(skillsDir, { recursive: true });
     }
-    if (fs.existsSync(agentTemplatePath)) {
-        fs.copyFileSync(agentTemplatePath, agentSkillPath);
-        console.log(fmt.success(`Installed Rafter Agent Security skill to ${agentSkillPath}`));
-    }
-    else {
-        console.log(fmt.warning(`Agent Security skill template not found at ${agentTemplatePath}`));
+    for (const skill of AGENT_SKILLS) {
+        const destDir = path.join(skillsDir, skill.name);
+        const destPath = path.join(destDir, "SKILL.md");
+        const srcPath = path.join(__dirname, "..", "..", "..", "resources", "skills", skill.name, "SKILL.md");
+        if (!fs.existsSync(destDir)) {
+            fs.mkdirSync(destDir, { recursive: true });
+        }
+        if (fs.existsSync(srcPath)) {
+            fs.copyFileSync(srcPath, destPath);
+            console.log(fmt.success(`Installed ${skill.description} skill to ${destPath}`));
+        }
+        else {
+            console.log(fmt.warning(`${skill.description} skill template not found at ${srcPath}`));
+        }
     }
 }
-function installCodexSkills() {
-    const homeDir = os.homedir();
-    const agentsSkillsDir = path.join(homeDir, ".agents", "skills");
-    // Install Backend Skill
-    const backendDir = path.join(agentsSkillsDir, "rafter");
-    const backendSkillPath = path.join(backendDir, "SKILL.md");
-    const backendTemplatePath = path.join(__dirname, "..", "..", "..", "resources", "skills", "rafter", "SKILL.md");
-    if (!fs.existsSync(backendDir)) {
-        fs.mkdirSync(backendDir, { recursive: true });
-    }
-    if (fs.existsSync(backendTemplatePath)) {
-        fs.copyFileSync(backendTemplatePath, backendSkillPath);
-        console.log(fmt.success(`Installed Rafter Backend skill to ${backendSkillPath}`));
-    }
-    else {
-        console.log(fmt.warning(`Backend skill template not found at ${backendTemplatePath}`));
-    }
-    // Install Agent Security Skill
-    const agentDir = path.join(agentsSkillsDir, "rafter-agent-security");
-    const agentSkillPath = path.join(agentDir, "SKILL.md");
-    const agentTemplatePath = path.join(__dirname, "..", "..", "..", "resources", "skills", "rafter-agent-security", "SKILL.md");
-    if (!fs.existsSync(agentDir)) {
-        fs.mkdirSync(agentDir, { recursive: true });
-    }
-    if (fs.existsSync(agentTemplatePath)) {
-        fs.copyFileSync(agentTemplatePath, agentSkillPath);
-        console.log(fmt.success(`Installed Rafter Agent Security skill to ${agentSkillPath}`));
-    }
-    else {
-        console.log(fmt.warning(`Agent Security skill template not found at ${agentTemplatePath}`));
-    }
+async function installClaudeCodeSkills(root) {
+    installSkillsTo(path.join(root, ".claude", "skills"));
+}
+function installCodexSkills(root) {
+    installSkillsTo(path.join(root, ".agents", "skills"));
 }
 async function askYesNo(question, defaultYes = true) {
     const rl = createInterface({ input: process.stdin, output: process.stderr });
@@ -501,30 +460,43 @@ export function createInitCommand() {
         .option("--all", "Install all detected integrations and download Gitleaks")
         .option("-i, --interactive", "Guided setup — prompts for each detected integration")
         .option("--update", "Re-download gitleaks and reinstall integrations without resetting config")
+        .option("--local", "Install integration configs project-locally (in CWD) instead of user-globally. " +
+        "Supported for Claude Code, Codex, Gemini, Cursor. Other platforms are skipped in local mode.")
         .action(async (opts) => {
         console.log(fmt.header("Rafter Agent Security Setup"));
         console.log(fmt.divider());
         console.log();
         const manager = new ConfigManager();
-        // Detect environments
-        const hasOpenClaw = fs.existsSync(path.join(os.homedir(), ".openclaw"));
-        const hasClaudeCode = fs.existsSync(path.join(os.homedir(), ".claude"));
-        const hasCodex = fs.existsSync(path.join(os.homedir(), ".codex"));
-        const hasGemini = fs.existsSync(path.join(os.homedir(), ".gemini"));
-        const hasCursor = fs.existsSync(path.join(os.homedir(), ".cursor"));
-        const hasWindsurf = fs.existsSync(path.join(os.homedir(), ".codeium", "windsurf"));
-        const hasContinueDev = fs.existsSync(path.join(os.homedir(), ".continue"));
-        const hasAider = fs.existsSync(path.join(os.homedir(), ".aider.conf.yml"));
-        // Resolve opt-in flags (--all enables all detected, --interactive prompts)
-        let wantOpenClaw = opts.withOpenclaw || opts.all;
+        const root = opts.local ? process.cwd() : os.homedir();
+        const scope = opts.local ? "project" : "user";
+        if (opts.local) {
+            console.log(fmt.info(`Project-local install — writing configs under ${root}`));
+        }
+        // Platforms supported in --local scope: Claude Code, Codex, Gemini, Cursor.
+        // Windsurf, Continue.dev, Aider are skipped in --local because their
+        // project-local config story is not established in their CLIs today.
+        // Detect environments. In local scope, don't probe user-global paths —
+        // the user must opt in explicitly via --with-<platform>.
+        const hasOpenClaw = scope === "user" && fs.existsSync(path.join(os.homedir(), ".openclaw"));
+        const hasClaudeCode = scope === "user" && fs.existsSync(path.join(os.homedir(), ".claude"));
+        const hasCodex = scope === "user" && fs.existsSync(path.join(os.homedir(), ".codex"));
+        const hasGemini = scope === "user" && fs.existsSync(path.join(os.homedir(), ".gemini"));
+        const hasCursor = scope === "user" && fs.existsSync(path.join(os.homedir(), ".cursor"));
+        const hasWindsurf = scope === "user" && fs.existsSync(path.join(os.homedir(), ".codeium", "windsurf"));
+        const hasContinueDev = scope === "user" && fs.existsSync(path.join(os.homedir(), ".continue"));
+        const hasAider = scope === "user" && fs.existsSync(path.join(os.homedir(), ".aider.conf.yml"));
+        // Resolve opt-in flags (--all enables all detected, --interactive prompts).
+        // In --local scope, --all is restricted to platforms that have a project-local
+        // config story (claudeCode, codex, gemini, cursor). The rest require user scope.
+        let wantOpenClaw = opts.withOpenclaw || (opts.all && !opts.local);
         let wantClaudeCode = opts.withClaudeCode || opts.all;
         let wantCodex = opts.withCodex || opts.all;
         let wantGemini = opts.withGemini || opts.all;
         let wantCursor = opts.withCursor || opts.all;
-        let wantWindsurf = opts.withWindsurf || opts.all;
-        let wantContinue = opts.withContinue || opts.all;
-        let wantAider = opts.withAider || opts.all;
-        let wantGitleaks = opts.withGitleaks || opts.all;
+        let wantWindsurf = opts.withWindsurf || (opts.all && !opts.local);
+        let wantContinue = opts.withContinue || (opts.all && !opts.local);
+        let wantAider = opts.withAider || (opts.all && !opts.local);
+        let wantGitleaks = opts.withGitleaks || (opts.all && !opts.local);
         // Interactive mode: prompt for each detected integration
         if (opts.interactive && !opts.all) {
             console.log();
@@ -574,23 +546,26 @@ export function createInitCommand() {
         else {
             console.log(fmt.info("No agent environments detected"));
         }
-        // Warn about requested but undetected environments
-        if (wantOpenClaw && !hasOpenClaw)
-            console.log(fmt.warning("OpenClaw requested but not detected (~/.openclaw not found)"));
-        if (wantClaudeCode && !hasClaudeCode)
-            console.log(fmt.warning("Claude Code requested but not detected (~/.claude not found)"));
-        if (wantCodex && !hasCodex)
-            console.log(fmt.warning("Codex CLI requested but not detected (~/.codex not found)"));
-        if (wantGemini && !hasGemini)
-            console.log(fmt.warning("Gemini CLI requested but not detected (~/.gemini not found)"));
-        if (wantCursor && !hasCursor)
-            console.log(fmt.warning("Cursor requested but not detected (~/.cursor not found)"));
-        if (wantWindsurf && !hasWindsurf)
-            console.log(fmt.warning("Windsurf requested but not detected (~/.codeium/windsurf not found)"));
-        if (wantContinue && !hasContinueDev)
-            console.log(fmt.warning("Continue.dev requested but not detected (~/.continue not found)"));
-        if (wantAider && !hasAider)
-            console.log(fmt.warning("Aider requested but not detected (~/.aider.conf.yml not found)"));
+        // Warn about requested but undetected environments (user scope only —
+        // in --local scope we create the directories in CWD as needed).
+        if (scope === "user") {
+            if (wantOpenClaw && !hasOpenClaw)
+                console.log(fmt.warning("OpenClaw requested but not detected (~/.openclaw not found)"));
+            if (wantClaudeCode && !hasClaudeCode)
+                console.log(fmt.warning("Claude Code requested but not detected (~/.claude not found)"));
+            if (wantCodex && !hasCodex)
+                console.log(fmt.warning("Codex CLI requested but not detected (~/.codex not found)"));
+            if (wantGemini && !hasGemini)
+                console.log(fmt.warning("Gemini CLI requested but not detected (~/.gemini not found)"));
+            if (wantCursor && !hasCursor)
+                console.log(fmt.warning("Cursor requested but not detected (~/.cursor not found)"));
+            if (wantWindsurf && !hasWindsurf)
+                console.log(fmt.warning("Windsurf requested but not detected (~/.codeium/windsurf not found)"));
+            if (wantContinue && !hasContinueDev)
+                console.log(fmt.warning("Continue.dev requested but not detected (~/.continue not found)"));
+            if (wantAider && !hasAider)
+                console.log(fmt.warning("Aider requested but not detected (~/.aider.conf.yml not found)"));
+        }
         // Initialize directory structure
         try {
             await manager.initialize();
@@ -697,13 +672,20 @@ export function createInitCommand() {
                 }
             }
         }
+        // Helper: warn that a platform is not supported in --local mode.
+        const localUnsupported = (label) => {
+            console.log(fmt.warning(`${label} is not supported in --local mode yet. Skipping. ` +
+                `Re-run without --local to install for this platform user-globally.`));
+        };
         // Install Claude Code skills + hooks if opted in
+        // When --with-claude-code is explicitly passed (or --local), install even if <root>/.claude doesn't exist yet
         let claudeCodeOk = false;
-        if (hasClaudeCode && wantClaudeCode) {
+        if ((hasClaudeCode || opts.withClaudeCode || (opts.local && wantClaudeCode)) && wantClaudeCode) {
             try {
-                await installClaudeCodeSkills();
-                installClaudeCodeHooks();
-                manager.set("agent.environments.claudeCode.enabled", true);
+                await installClaudeCodeSkills(root);
+                installClaudeCodeHooks(root);
+                if (scope === "user")
+                    manager.set("agent.environments.claudeCode.enabled", true);
                 claudeCodeOk = true;
             }
             catch (e) {
@@ -712,11 +694,12 @@ export function createInitCommand() {
         }
         // Install Codex CLI skills + hooks if opted in
         let codexOk = false;
-        if (hasCodex && wantCodex) {
+        if ((hasCodex || (opts.local && wantCodex)) && wantCodex) {
             try {
-                installCodexSkills();
-                installCodexHooks();
-                manager.set("agent.environments.codex.enabled", true);
+                installCodexSkills(root);
+                installCodexHooks(root);
+                if (scope === "user")
+                    manager.set("agent.environments.codex.enabled", true);
                 codexOk = true;
             }
             catch (e) {
@@ -725,11 +708,11 @@ export function createInitCommand() {
         }
         // Install Gemini CLI MCP + hooks if opted in
         let geminiOk = false;
-        if (hasGemini && wantGemini) {
+        if ((hasGemini || (opts.local && wantGemini)) && wantGemini) {
             try {
-                geminiOk = installGeminiMcp();
-                installGeminiHooks();
-                if (geminiOk)
+                geminiOk = installGeminiMcp(root);
+                installGeminiHooks(root);
+                if (geminiOk && scope === "user")
                     manager.set("agent.environments.gemini.enabled", true);
             }
             catch (e) {
@@ -738,11 +721,11 @@ export function createInitCommand() {
         }
         // Install Cursor MCP + hooks if opted in
         let cursorOk = false;
-        if (hasCursor && wantCursor) {
+        if ((hasCursor || (opts.local && wantCursor)) && wantCursor) {
             try {
-                cursorOk = installCursorMcp();
-                installCursorHooks();
-                if (cursorOk)
+                cursorOk = installCursorMcp(root);
+                installCursorHooks(root);
+                if (cursorOk && scope === "user")
                     manager.set("agent.environments.cursor.enabled", true);
             }
             catch (e) {
@@ -753,8 +736,8 @@ export function createInitCommand() {
         let windsurfOk = false;
         if (hasWindsurf && wantWindsurf) {
             try {
-                windsurfOk = installWindsurfMcp();
-                installWindsurfHooks();
+                windsurfOk = installWindsurfMcp(root);
+                installWindsurfHooks(root);
                 if (windsurfOk)
                     manager.set("agent.environments.windsurf.enabled", true);
             }
@@ -762,12 +745,15 @@ export function createInitCommand() {
                 console.error(fmt.error(`Failed to install Windsurf integration: ${e}`));
             }
         }
+        else if (opts.local && wantWindsurf) {
+            localUnsupported("Windsurf");
+        }
         // Install Continue.dev MCP + hooks if opted in
         let continueOk = false;
         if (hasContinueDev && wantContinue) {
             try {
-                continueOk = installContinueDevMcp();
-                installContinueDevHooks();
+                continueOk = installContinueDevMcp(root);
+                installContinueDevHooks(root);
                 if (continueOk)
                     manager.set("agent.environments.continueDev.enabled", true);
             }
@@ -775,11 +761,14 @@ export function createInitCommand() {
                 console.error(fmt.error(`Failed to install Continue.dev integration: ${e}`));
             }
         }
+        else if (opts.local && wantContinue) {
+            localUnsupported("Continue.dev");
+        }
         // Install Aider MCP if opted in
         let aiderOk = false;
         if (hasAider && wantAider) {
             try {
-                aiderOk = installAiderMcp();
+                aiderOk = installAiderMcp(root);
                 if (aiderOk)
                     manager.set("agent.environments.aider.enabled", true);
             }
@@ -787,11 +776,14 @@ export function createInitCommand() {
                 console.error(fmt.error(`Failed to install Aider integration: ${e}`));
             }
         }
+        else if (opts.local && wantAider) {
+            localUnsupported("Aider");
+        }
         // Install global instruction files for platforms that support them
         installGlobalInstructions({
             claudeCode: claudeCodeOk,
             cursor: cursorOk,
-        });
+        }, root);
         console.log();
         console.log(fmt.success("Agent security initialized!"));
         console.log();
@@ -815,6 +807,13 @@ export function createInitCommand() {
             if (aiderOk)
                 console.log("  - Restart Aider to load MCP server");
         }
+        else if (scope === "project") {
+            console.log("No integrations were installed. In --local mode, pass one or more opt-in flags:");
+            console.log("  rafter agent init --local --with-claude-code");
+            console.log("  rafter agent init --local --with-codex");
+            console.log("  rafter agent init --local --with-gemini");
+            console.log("  rafter agent init --local --with-cursor");
+        }
         else if (detected.length > 0) {
             console.log("No integrations were installed. To install, re-run with opt-in flags:");
             console.log("  rafter agent init --all                  # Install all detected");

package/dist/commands/agent/install-hook.js

@@ -4,6 +4,7 @@ import os from "os";
 import path from "path";
 import { execSync } from "child_process";
 import { fileURLToPath } from 'url';
+import { fmt } from "../../utils/formatter.js";
 const __filename = fileURLToPath(import.meta.url);
 const __dirname = path.dirname(__filename);
 export function createInstallHookCommand() {
@@ -28,7 +29,7 @@ async function installHook(opts) {
 function getTemplatePath(templateName) {
     const templatePath = path.join(__dirname, "..", "..", "..", "resources", templateName);
     if (!fs.existsSync(templatePath)) {
-        console.error("❌ Error: Hook template not found");
+        console.error(fmt.error("Hook template not found"));
         console.error(`   Expected at: ${templatePath}`);
         process.exit(1);
     }
@@ -42,7 +43,7 @@ async function installLocalHook(hookName, templateName) {
         execSync("git rev-parse --git-dir", { stdio: "pipe" });
     }
     catch (e) {
-        console.error("❌ Error: Not in a git repository");
+        console.error(fmt.error("Not in a git repository"));
         console.error("   Run this command from inside a git repository");
         process.exit(1);
     }
@@ -56,30 +57,30 @@ async function installLocalHook(hookName, templateName) {
         const existing = fs.readFileSync(hookPath, "utf-8");
         const marker = hookName === "pre-push" ? "Rafter Security Pre-Push Hook" : "Rafter Security Pre-Commit Hook";
         if (existing.includes(marker)) {
-            console.log(`✓ Rafter ${hookName} hook already installed`);
+            console.log(fmt.success(`Rafter ${hookName} hook already installed`));
             return;
         }
         const backupPath = `${hookPath}.backup-${Date.now()}`;
         fs.copyFileSync(hookPath, backupPath);
-        console.log(`📦 Backed up existing hook to: ${path.basename(backupPath)}`);
+        console.log(fmt.info(`Backed up existing hook to: ${path.basename(backupPath)}`));
     }
     const hookContent = fs.readFileSync(getTemplatePath(templateName), "utf-8");
     fs.writeFileSync(hookPath, hookContent, "utf-8");
     fs.chmodSync(hookPath, 0o755);
-    console.log(`✓ Installed Rafter ${hookName} hook`);
+    console.log(fmt.success(`Installed Rafter ${hookName} hook`));
     console.log(`  Location: ${hookPath}`);
     console.log();
     if (hookName === "pre-push") {
         console.log("The hook will:");
-        console.log("  • Scan commits being pushed for secrets");
-        console.log("  • Block pushes if secrets are detected");
-        console.log("  • Can be bypassed with: git push --no-verify (not recommended)");
+        console.log("  - Scan commits being pushed for secrets");
+        console.log("  - Block pushes if secrets are detected");
+        console.log("  - Can be bypassed with: git push --no-verify (not recommended)");
     }
     else {
         console.log("The hook will:");
-        console.log("  • Scan staged files for secrets before each commit");
-        console.log("  • Block commits if secrets are detected");
-        console.log("  • Can be bypassed with: git commit --no-verify (not recommended)");
+        console.log("  - Scan staged files for secrets before each commit");
+        console.log("  - Block commits if secrets are detected");
+        console.log("  - Can be bypassed with: git commit --no-verify (not recommended)");
     }
     console.log();
 }
@@ -89,7 +90,7 @@ async function installLocalHook(hookName, templateName) {
 async function installGlobalHook(hookName, templateName) {
     const homeDir = os.homedir();
     if (!homeDir) {
-        console.error("❌ Error: Could not determine home directory");
+        console.error(fmt.error("Could not determine home directory"));
         process.exit(1);
     }
     const globalHooksDir = path.join(homeDir, ".rafter", "git-hooks");
@@ -102,7 +103,7 @@ async function installGlobalHook(hookName, templateName) {
     fs.chmodSync(hookPath, 0o755);
     try {
         execSync(`git config --global core.hooksPath "${globalHooksDir}"`, { stdio: "pipe" });
-        console.log(`✓ Installed Rafter ${hookName} hook globally`);
+        console.log(fmt.success(`Installed Rafter ${hookName} hook globally`));
         console.log(`  Location: ${hookPath}`);
         console.log(`  Git config: core.hooksPath = ${globalHooksDir}`);
         console.log();
@@ -116,7 +117,7 @@ async function installGlobalHook(hookName, templateName) {
         console.log();
     }
     catch (e) {
-        console.error("❌ Failed to configure global git hooks");
+        console.error(fmt.error("Failed to configure global git hooks"));
         console.error("   You may need to manually set: git config --global core.hooksPath ~/.rafter/git-hooks");
         process.exit(1);
     }