@securityreviewai/securityreview-kit 0.1.47 → 0.1.49

package/src/utils/ide-cli-install.js

@@ -1,138 +0,0 @@
-import { spawnSync } from 'node:child_process';
-import { augmentPathEnv, resolveCursorAgentExecutable } from './cursor-agent-path.js';
-
-const AGENT_CLI_TARGETS = new Set(['cursor', 'claude', 'vscode', 'codex']);
-
-function commandOk(cmd, args = ['--version'], env = process.env) {
-    const r = spawnSync(cmd, args, { stdio: 'ignore', env });
-    return r.status === 0;
-}
-
-function runShell(script) {
-    return spawnSync(script, { shell: true, stdio: 'inherit' });
-}
-
-/**
- * Ensure Cursor / Claude Code / Copilot / Codex CLIs are present when those targets are selected.
- * Installation uses vendor scripts or npm where appropriate.
- */
-export function ensureIdeCliForTarget(target, options = {}) {
-    const { skipInstall = false } = options;
-
-    if (!AGENT_CLI_TARGETS.has(target)) {
-        return { target, ok: true, skipped: true };
-    }
-
-    if (target === 'cursor') {
-        if (resolveCursorAgentExecutable()) {
-            return { target, ok: true, already: true };
-        }
-        if (skipInstall) {
-            return {
-                target,
-                ok: false,
-                message:
-                    'Cursor Agent CLI not found (`agent` or `cursor-agent`). Install from https://cursor.com/docs/cli/installation.',
-            };
-        }
-        if (process.platform === 'win32') {
-            return {
-                target,
-                ok: false,
-                message: 'Install Cursor CLI manually: https://cursor.com/cli',
-            };
-        }
-        const r = runShell('curl -fsSL https://cursor.com/install | bash');
-        if (r.status !== 0) {
-            return { target, ok: false, message: 'Cursor CLI install script failed' };
-        }
-        if (!resolveCursorAgentExecutable()) {
-            return {
-                target,
-                ok: false,
-                message:
-                    'Cursor Agent CLI (`agent` / `cursor-agent`) not found after install; open a new shell or ensure ~/.local/bin exists and re-run init',
-            };
-        }
-        return { target, ok: true };
-    }
-
-    if (target === 'claude') {
-        if (commandOk('claude', ['--version'], augmentPathEnv())) {
-            return { target, ok: true, already: true };
-        }
-        if (skipInstall) {
-            return { target, ok: false, message: 'claude not found on PATH' };
-        }
-        if (process.platform === 'win32') {
-            const r = runShell('powershell -NoProfile -ExecutionPolicy Bypass -Command "irm https://claude.ai/install.ps1 | iex"');
-            return r.status === 0
-                ? { target, ok: true }
-                : { target, ok: false, message: 'Claude Code install failed' };
-        }
-        const r = runShell('curl -fsSL https://claude.ai/install.sh | bash');
-        return r.status === 0
-            ? { target, ok: true }
-            : { target, ok: false, message: 'Claude Code install failed' };
-    }
-
-    if (target === 'codex') {
-        if (commandOk('codex', ['--version'], augmentPathEnv())) {
-            return { target, ok: true, already: true };
-        }
-        if (skipInstall) {
-            return { target, ok: false, message: 'codex not found on PATH' };
-        }
-        const r = runShell('npm install -g @openai/codex');
-        return r.status === 0
-            ? { target, ok: true }
-            : { target, ok: false, message: 'Codex CLI npm install failed' };
-    }
-
-    if (target === 'vscode') {
-        if (commandOk('copilot', ['--version'], augmentPathEnv())) {
-            return { target, ok: true, already: true };
-        }
-        if (skipInstall) {
-            return {
-                target,
-                ok: false,
-                message:
-                    'GitHub Copilot CLI not found (`copilot`). Install from https://docs.github.com/copilot/how-tos/copilot-cli/set-up-copilot-cli/install-copilot-cli.',
-            };
-        }
-        if (process.platform === 'win32') {
-            const r = runShell('winget install GitHub.Copilot');
-            if (r.status !== 0) {
-                return { target, ok: false, message: 'GitHub Copilot CLI winget install failed' };
-            }
-            return commandOk('copilot', ['--version'], augmentPathEnv())
-                ? { target, ok: true }
-                : {
-                      target,
-                      ok: false,
-                      message:
-                          'GitHub Copilot CLI (`copilot`) not found after install; open a new shell or ensure it is on PATH and re-run init',
-                  };
-        }
-        const r = runShell('curl -fsSL https://gh.io/copilot-install | bash');
-        if (r.status !== 0) {
-            return { target, ok: false, message: 'GitHub Copilot CLI install script failed' };
-        }
-        if (!commandOk('copilot', ['--version'], augmentPathEnv())) {
-            return {
-                target,
-                ok: false,
-                message:
-                    'GitHub Copilot CLI (`copilot`) not found after install; open a new shell or ensure the install directory is on PATH and re-run init',
-            };
-        }
-        return { target, ok: true };
-    }
-
-    return { target, ok: true, skipped: true };
-}
-
-export function ensureIdeClisForTargets(targets, options = {}) {
-    return targets.map((t) => ensureIdeCliForTarget(t, options));
-}

package/src/utils/profiler-agent.js

@@ -1,446 +0,0 @@
-import { spawnSync } from 'node:child_process';
-import { join } from 'node:path';
-import { GUARDRAILS_PROFILER_SKILL_REL_DIR, MCP_SERVER_NAME, MCP_SERVER_PACKAGE } from './constants.js';
-import { augmentPathEnv, resolveCursorAgentExecutable } from './cursor-agent-path.js';
-import { readJson, readText, writeText } from './fs-helpers.js';
-
-const PREFERRED_ORDER = ['cursor', 'vscode', 'claude', 'codex'];
-
-function commandOk(cmd, args = ['--version'], env = process.env) {
-    const r = spawnSync(cmd, args, { stdio: 'ignore', env });
-    return r.status === 0;
-}
-
-export function getProfilerLogPath(cwd, target) {
-    return join(cwd, '.guardrails', 'logs', `profiler-${target}.log`);
-}
-
-function buildProfilerEnv(target, streamProgress, extraEnv = {}) {
-    const env = augmentPathEnv(process.env);
-    for (const [key, value] of Object.entries(extraEnv || {})) {
-        if (value == null || value === '') {
-            delete env[key];
-        } else {
-            env[key] = value;
-        }
-    }
-    if (target === 'codex' && streamProgress && !env.RUST_LOG) {
-        env.RUST_LOG = 'info';
-    }
-    return env;
-}
-
-function persistProfilerLog(cwd, target, result) {
-    if (!result || (result.stdout == null && result.stderr == null)) {
-        return null;
-    }
-
-    const stdout = String(result.stdout || '');
-    const stderr = String(result.stderr || '');
-    const body = [
-        `target=${target}`,
-        `status=${result.status ?? ''}`,
-        `signal=${result.signal ?? ''}`,
-        '',
-        '--- stdout ---',
-        stdout,
-        '',
-        '--- stderr ---',
-        stderr,
-        '',
-    ].join('\n');
-
-    const logPath = getProfilerLogPath(cwd, target);
-    writeText(logPath, body);
-    return logPath;
-}
-
-export function buildProfilerAgentPrompt(projectName, agentTarget = 'cursor') {
-    const p = String(projectName || '').trim() || '<SRAI_PROJECT_NAME>';
-    const skillRoot =
-        GUARDRAILS_PROFILER_SKILL_REL_DIR[agentTarget] ||
-        GUARDRAILS_PROFILER_SKILL_REL_DIR.cursor;
-    return [
-        'Security Review Kit: run guardrails initialization profiling for this workspace.',
-        `SRAI project name: "${p}".`,
-        `Open and follow every step in ${skillRoot}/SKILL.md.`,
-        `Use ${skillRoot}/references/signal-registry.json as the signal registry.`,
-        'Write .guardrails/profile.json as defined in the skill.',
-        `Resolve project_id with find_project_by_name for "${p}", then call update_vibe_profile and write_default_pack via security-review-mcp.`,
-        'Do not invent stack details, compliance, or user groups; ground everything in the repository.',
-    ].join('\n');
-}
-
-/**
- * Run Cursor Agent OAuth/login in the current terminal (stdio inherited).
- * Call this from init before profiling so the user does not leave the kit flow.
- */
-export function runCursorAgentLogin(cwd) {
-    const bin = resolveCursorAgentExecutable();
-    if (!bin) {
-        return {
-            ok: false,
-            status: null,
-            message:
-                'Cursor Agent CLI not found (`agent` or `cursor-agent`). Install from https://cursor.com/docs/cli/installation (add ~/.local/bin to PATH), or re-run init without --skip-ide-cli-install.',
-        };
-    }
-    const env = augmentPathEnv(process.env);
-    const r = spawnSync(bin, ['login'], { cwd, stdio: 'inherit', env });
-    const spawnErr = r.error ? r.error.message : null;
-    if (r.status === null && spawnErr) {
-        return { ok: false, status: null, message: spawnErr };
-    }
-    return { ok: r.status === 0, status: r.status, message: r.status !== 0 ? spawnErr : undefined };
-}
-
-/**
- * Run GitHub Copilot CLI OAuth login in the current terminal (stdio inherited).
- * `copilot login` exits after the device-flow succeeds, so init can continue into profiling.
- */
-export function runCopilotLogin(cwd) {
-    const env = augmentPathEnv(process.env);
-    if (!commandOk('copilot', ['--version'], env)) {
-        return {
-            ok: false,
-            status: null,
-            message:
-                'GitHub Copilot CLI not found (`copilot`). Install from https://docs.github.com/copilot/how-tos/copilot-cli/set-up-copilot-cli/install-copilot-cli.',
-        };
-    }
-    const r = spawnSync('copilot', ['login'], { cwd, stdio: 'inherit', env });
-    const spawnErr = r.error ? r.error.message : null;
-    if (r.status === null && spawnErr) {
-        return { ok: false, status: null, message: spawnErr };
-    }
-    return { ok: r.status === 0, status: r.status, message: r.status !== 0 ? spawnErr : undefined };
-}
-
-/**
- * Run Claude Code login in the current terminal.
- */
-export function runClaudeLogin(cwd) {
-    return runClaudeAuthLogin(cwd, { mode: 'claudeai' });
-}
-
-/**
- * Run Claude Code auth login in the current terminal.
- */
-export function runClaudeAuthLogin(cwd, options = {}) {
-    const env = augmentPathEnv(process.env);
-    if (!commandOk('claude', ['--version'], env)) {
-        return {
-            ok: false,
-            status: null,
-            message: 'Claude Code CLI not found (`claude`). Install from https://claude.ai/code.',
-        };
-    }
-    const mode = options.mode === 'console' ? '--console' : '--claudeai';
-    const r = spawnSync('claude', ['auth', 'login', mode], { cwd, stdio: 'inherit', env });
-    const spawnErr = r.error ? r.error.message : null;
-    if (r.status === null && spawnErr) {
-        return { ok: false, status: null, message: spawnErr };
-    }
-    return { ok: r.status === 0, status: r.status, message: r.status !== 0 ? spawnErr : undefined };
-}
-
-/**
- * Run Claude Code long-lived token setup in the current terminal.
- */
-export function runClaudeSetupToken(cwd) {
-    const env = augmentPathEnv(process.env);
-    if (!commandOk('claude', ['--version'], env)) {
-        return {
-            ok: false,
-            status: null,
-            message: 'Claude Code CLI not found (`claude`). Install from https://claude.ai/code.',
-        };
-    }
-    const r = spawnSync('claude', ['setup-token'], { cwd, stdio: 'inherit', env });
-    const spawnErr = r.error ? r.error.message : null;
-    if (r.status === null && spawnErr) {
-        return { ok: false, status: null, message: spawnErr };
-    }
-    return { ok: r.status === 0, status: r.status, message: r.status !== 0 ? spawnErr : undefined };
-}
-
-/**
- * Run Codex login in the current terminal. Device auth keeps the flow in-terminal.
- */
-export function runCodexLogin(cwd) {
-    const env = augmentPathEnv(process.env);
-    if (!commandOk('codex', ['--version'], env)) {
-        return {
-            ok: false,
-            status: null,
-            message: 'Codex CLI not found (`codex`). Install with `npm install -g @openai/codex`.',
-        };
-    }
-    const r = spawnSync('codex', ['login', '--device-auth'], { cwd, stdio: 'inherit', env });
-    const spawnErr = r.error ? r.error.message : null;
-    if (r.status === null && spawnErr) {
-        return { ok: false, status: null, message: spawnErr };
-    }
-    return { ok: r.status === 0, status: r.status, message: r.status !== 0 ? spawnErr : undefined };
-}
-
-function escapeTomlString(value) {
-    return String(value || '').replaceAll('\\', '\\\\').replaceAll('"', '\\"');
-}
-
-function readCodexMcpEnv(cwd) {
-    const config = readText(join(cwd, '.codex', 'config.toml'));
-    const apiUrl = config.match(/^\s*SECURITY_REVIEW_API_URL\s*=\s*"([^"]*)"/m)?.[1] || '';
-    const apiToken = config.match(/^\s*SECURITY_REVIEW_API_TOKEN\s*=\s*"([^"]*)"/m)?.[1] || '';
-    return { apiUrl, apiToken };
-}
-
-export function buildCodexConfigOverrides(cwd, overrides = {}) {
-    const fileValues = readCodexMcpEnv(cwd);
-    const apiUrl = String(overrides.apiUrl || fileValues.apiUrl || '').trim();
-    const apiToken = String(overrides.apiToken || fileValues.apiToken || '').trim();
-
-    if (!apiUrl || !apiToken) {
-        return null;
-    }
-
-    return [
-        'features.codex_hooks=true',
-        `mcp_servers.${MCP_SERVER_NAME}.command="npx"`,
-        `mcp_servers.${MCP_SERVER_NAME}.args=["-y","${MCP_SERVER_PACKAGE}@latest"]`,
-        `mcp_servers.${MCP_SERVER_NAME}.env.SECURITY_REVIEW_API_URL="${escapeTomlString(apiUrl)}"`,
-        `mcp_servers.${MCP_SERVER_NAME}.env.SECURITY_REVIEW_API_TOKEN="${escapeTomlString(apiToken)}"`,
-    ];
-}
-
-export function buildClaudeAdditionalMcpConfig(cwd) {
-    const projectMcp = readJson(join(cwd, '.mcp.json'));
-    const sourceServer = projectMcp?.mcpServers?.[MCP_SERVER_NAME];
-
-    if (!sourceServer || typeof sourceServer !== 'object') {
-        return null;
-    }
-
-    return JSON.stringify({
-        mcpServers: {
-            [MCP_SERVER_NAME]: sourceServer,
-        },
-    });
-}
-
-export function pickProfilerAgentTarget(targets) {
-    for (const t of PREFERRED_ORDER) {
-        if (targets.includes(t)) {
-            return t;
-        }
-    }
-    return null;
-}
-
-/**
- * Spawn the IDE agent CLI to execute the profiler skill (user must be logged in where required).
- *
- * @param {object} opts
- * @param {boolean} [opts.cursorTrust=true] When true, passes `--trust` and `--approve-mcps` so headless init is not blocked by
- *   workspace trust or MCP approval (user confirmed profiling in the kit). Set false with `--profiler-no-trust`
- *   if you need an interactive trust/login/MCP flow in the same terminal.
- * @param {boolean} [opts.streamProgress=false] When true, pass each CLI’s streaming / verbose flags.
- * @param {boolean} [opts.showOutput=false] When true, inherit stdio from the child process.
- *   Keep both false for init-time profiling so the agent does not flood the terminal with JSON/progress logs.
- */
-export function runProfilerAgent(
-    cwd,
-    {
-        target,
-        projectName,
-        apiUrl,
-        apiToken,
-        modelOverride,
-        extraEnv,
-        cursorTrust = true,
-        streamProgress = false,
-        showOutput = streamProgress,
-    },
-) {
-    const prompt = buildProfilerAgentPrompt(projectName, target);
-    const env = buildProfilerEnv(target, streamProgress, extraEnv);
-    const opts = showOutput
-        ? { cwd, stdio: 'inherit', env }
-        : { cwd, stdio: ['ignore', 'pipe', 'pipe'], env, encoding: 'utf8', maxBuffer: 10 * 1024 * 1024 };
-
-    if (streamProgress) {
-        console.error(
-            '\n[securityreview-kit] Profiler live output: you should see streaming progress below ' +
-                '(JSON lines are normal). Omit --profiler-verbose for minimal output.\n',
-        );
-    }
-
-    if (target === 'cursor') {
-        const bin = resolveCursorAgentExecutable();
-        if (!bin) {
-            return {
-                ok: false,
-                message:
-                    'Cursor Agent CLI not found (`agent` or `cursor-agent`). Install from https://cursor.com/docs/cli/installation and ensure ~/.local/bin exists; run init Step 1b without --skip-ide-cli-install (Node subprocesses get an augmented PATH, but the binary must be installed).',
-            };
-        }
-        const args = ['-p', prompt];
-        if (streamProgress) {
-            args.push('--output-format', 'stream-json', '--stream-partial-output');
-        }
-        if (cursorTrust) {
-            args.push('--trust', '--approve-mcps');
-        }
-        const r = spawnSync(bin, args, opts);
-        if (r.error) {
-            return { ok: false, message: r.error.message };
-        }
-        return buildProfilerResult(r, { logPath: showOutput ? null : persistProfilerLog(cwd, target, r) });
-    }
-
-    if (target === 'claude') {
-        if (!commandOk('claude', ['--version'], env)) {
-            return { ok: false, message: 'claude not on PATH' };
-        }
-        const settingsPath = join(cwd, '.claude', 'settings.json');
-        const mcpConfig = buildClaudeAdditionalMcpConfig(cwd);
-        if (!mcpConfig) {
-            return {
-                ok: false,
-                message:
-                    'Claude profiling needs the SRAI MCP server in .mcp.json. Re-run init with MCP installation enabled.',
-            };
-        }
-        const args = [
-            '-p',
-            '--settings',
-            settingsPath,
-            '--mcp-config',
-            mcpConfig,
-            '--strict-mcp-config',
-            '--permission-mode',
-            'bypassPermissions',
-            '--model',
-            modelOverride || 'haiku',
-        ];
-        if (streamProgress) {
-            args.push('--output-format', 'stream-json', '--include-partial-messages', '--include-hook-events', '--verbose');
-        }
-        args.push(prompt);
-        const r = spawnSync('claude', args, opts);
-        return buildProfilerResult(r, { logPath: showOutput ? null : persistProfilerLog(cwd, target, r) });
-    }
-
-    if (target === 'codex') {
-        if (!commandOk('codex', ['--version'], env)) {
-            return { ok: false, message: 'codex not on PATH' };
-        }
-        const configOverrides = buildCodexConfigOverrides(cwd, { apiUrl, apiToken });
-        if (!configOverrides) {
-            return {
-                ok: false,
-                message:
-                    'Codex profiling needs SRAI MCP credentials. Re-run init with Codex selected and MCP installation enabled.',
-            };
-        }
-        const args = ['exec', '--full-auto'];
-        for (const override of configOverrides) {
-            args.push('-c', override);
-        }
-        if (streamProgress) {
-            args.push('--json');
-        }
-        args.push(prompt);
-        const r = spawnSync('codex', args, opts);
-        return buildProfilerResult(r, { logPath: showOutput ? null : persistProfilerLog(cwd, target, r) });
-    }
-
-    if (target === 'vscode') {
-        if (!commandOk('copilot', ['--version'], env)) {
-            return { ok: false, message: 'copilot not on PATH' };
-        }
-
-        const mcpConfig = buildCopilotAdditionalMcpConfig(cwd);
-        if (!mcpConfig) {
-            return {
-                ok: false,
-                message:
-                    'VS Code MCP config not found for security-review-mcp. Re-run init with MCP installation enabled.',
-            };
-        }
-
-        const args = [
-            '-p',
-            prompt,
-            '--additional-mcp-config',
-            mcpConfig,
-            '--allow-all',
-        ];
-        if (streamProgress) {
-            args.push('--output-format', 'json');
-        }
-        const r = spawnSync('copilot', args, opts);
-        return buildProfilerResult(r, { logPath: showOutput ? null : persistProfilerLog(cwd, target, r) });
-    }
-
-    return { ok: false, message: 'unsupported agent target' };
-}
-
-export function buildCopilotAdditionalMcpConfig(cwd) {
-    const vscodeMcp = readJson(join(cwd, '.vscode', 'mcp.json'));
-    const sourceServer =
-        vscodeMcp?.mcpServers?.[MCP_SERVER_NAME] || vscodeMcp?.servers?.[MCP_SERVER_NAME];
-
-    if (!sourceServer || typeof sourceServer !== 'object') {
-        return null;
-    }
-
-    const server = { ...sourceServer };
-    if (!server.type) {
-        server.type = 'stdio';
-    }
-    if (!Array.isArray(server.tools)) {
-        server.tools = ['*'];
-    }
-
-    return JSON.stringify({
-        mcpServers: {
-            [MCP_SERVER_NAME]: server,
-        },
-    });
-}
-
-function buildProfilerResult(result, extras = {}) {
-    if (result.error) {
-        return { ok: false, status: result.status, message: result.error.message, ...extras };
-    }
-
-    if (result.status === 0) {
-        return { ok: true, status: result.status, ...extras };
-    }
-
-    const outputTail = summarizeProfilerOutput(result.stderr || result.stdout || '');
-    const exitDetail =
-        typeof result.status === 'number'
-            ? `exit status ${result.status}`
-            : result.signal
-              ? `signal ${result.signal}`
-              : 'unknown error';
-
-    return {
-        ok: false,
-        status: result.status,
-        message: outputTail ? `${exitDetail}; last output: ${outputTail}` : exitDetail,
-        ...extras,
-    };
-}
-
-function summarizeProfilerOutput(output) {
-    return String(output || '')
-        .replace(/\u001b\[[0-9;]*m/g, '')
-        .split(/\r?\n/)
-        .map((line) => line.trim())
-        .filter(Boolean)
-        .slice(-3)
-        .join(' | ');
-}

package/src/utils/profiler-agent.test.js

@@ -1,81 +0,0 @@
-import { mkdirSync, writeFileSync } from 'node:fs';
-import { tmpdir } from 'node:os';
-import { join } from 'node:path';
-import { test } from 'node:test';
-import assert from 'node:assert/strict';
-import {
-    buildCodexConfigOverrides,
-    buildCopilotAdditionalMcpConfig,
-    buildProfilerAgentPrompt,
-    pickProfilerAgentTarget,
-} from './profiler-agent.js';
-
-test('pickProfilerAgentTarget supports VS Code Copilot', () => {
-    assert.equal(pickProfilerAgentTarget(['vscode']), 'vscode');
-    assert.equal(pickProfilerAgentTarget(['codex', 'vscode']), 'vscode');
-});
-
-test('buildCopilotAdditionalMcpConfig converts VS Code MCP config', () => {
-    const cwd = join(tmpdir(), `securityreview-kit-${Date.now()}`);
-    mkdirSync(join(cwd, '.vscode'), { recursive: true });
-    writeFileSync(
-        join(cwd, '.vscode', 'mcp.json'),
-        JSON.stringify({
-            servers: {
-                'security-review-mcp': {
-                    type: 'stdio',
-                    command: 'npx',
-                    args: ['-y', '@securityreviewai/security-review-mcp@latest'],
-                    env: {
-                        SECURITY_REVIEW_API_URL: 'https://api.example.test',
-                        SECURITY_REVIEW_API_TOKEN: 'token',
-                    },
-                },
-            },
-        }),
-    );
-
-    const converted = JSON.parse(buildCopilotAdditionalMcpConfig(cwd));
-
-    assert.deepEqual(Object.keys(converted.mcpServers), ['security-review-mcp']);
-    assert.equal(converted.mcpServers['security-review-mcp'].command, 'npx');
-    assert.deepEqual(converted.mcpServers['security-review-mcp'].tools, ['*']);
-});
-
-test('buildCodexConfigOverrides builds inline MCP config for profiling', () => {
-    const cwd = join(tmpdir(), `securityreview-kit-codex-${Date.now()}`);
-    mkdirSync(join(cwd, '.codex'), { recursive: true });
-    writeFileSync(
-        join(cwd, '.codex', 'config.toml'),
-        [
-            '[features]',
-            'codex_hooks = true',
-            '',
-            '[mcp_servers.security-review-mcp]',
-            'command = "npx"',
-            'args = ["-y", "@securityreviewai/security-review-mcp@latest"]',
-            '',
-            '[mcp_servers.security-review-mcp.env]',
-            'SECURITY_REVIEW_API_URL = "https://api.example.test"',
-            'SECURITY_REVIEW_API_TOKEN = "token"',
-            '',
-        ].join('\n'),
-    );
-
-    const overrides = buildCodexConfigOverrides(cwd);
-
-    assert.deepEqual(overrides, [
-        'features.codex_hooks=true',
-        'mcp_servers.security-review-mcp.command="npx"',
-        'mcp_servers.security-review-mcp.args=["-y","@securityreviewai/security-review-mcp@latest"]',
-        'mcp_servers.security-review-mcp.env.SECURITY_REVIEW_API_URL="https://api.example.test"',
-        'mcp_servers.security-review-mcp.env.SECURITY_REVIEW_API_TOKEN="token"',
-    ]);
-});
-
-test('buildProfilerAgentPrompt only instructs writing the guardrails profile under .guardrails', () => {
-    const prompt = buildProfilerAgentPrompt('demo-project', 'codex');
-
-    assert.match(prompt, /Write \.guardrails\/profile\.json as defined in the skill\./);
-    assert.doesNotMatch(prompt, /profile\.json at the repository root/);
-});