@semalt-ai/code 1.8.4 → 1.19.0

package/test/shell-output-cap.test.js

@@ -0,0 +1,181 @@
+'use strict';
+
+// Task W.6 — Bound shell/exec output entering the model context.
+//
+// THE BUG these tests pin: the entire shell stdout+stderr was fed to the model
+// VERBATIM and UNBOUNDED. `max_output_lines` (50) was applied ONLY in the UI
+// renderer (lib/ui/diff.js), NOT to the model-facing message — so `seq 1 5000`
+// dumped ~6k tokens into context, every cat/find/diff/test/build potentially far
+// more. The fix is a DOUBLE bound at the context boundary: a head+tail LINE cap
+// plus a TOKEN safety net, with a notice that teaches the redirect-to-file → grep
+// pattern. These tests assert what the MODEL receives (the audit's empirical
+// method), both on the pure helper AND through the real agent loop — and that the
+// exit code / failure signal is NEVER hidden by truncation.
+
+const { test, before, after } = require('node:test');
+const assert = require('node:assert');
+
+const { capShellOutput } = require('../lib/agent');
+const { DEFAULT_OUTPUT_MAX_TOKENS } = require('../lib/constants');
+
+// ---------------------------------------------------------------------------
+// Part A — pure model-facing bounding (capShellOutput)
+// ---------------------------------------------------------------------------
+
+function lines(n, prefix = 'L') {
+  return Array.from({ length: n }, (_, i) => `${prefix}${i + 1}`).join('\n');
+}
+
+test('many lines → head+tail bounded with an elision notice; BOTH ends present', () => {
+  const input = lines(200); // L1..L200
+  const r = capShellOutput(input, { maxLines: 50 });
+  assert.strictEqual(r.truncated, true);
+
+  // Head+tail of a 50-line budget = first 30 + last 20.
+  assert.match(r.text, /^L1\n/, 'first line (head) present');
+  assert.match(r.text, /(^|\n)L30(\n|$)/, 'end of head present');
+  assert.match(r.text, /(^|\n)L200$/, 'last line (tail) present — NOT head-only');
+  assert.match(r.text, /(^|\n)L181(\n|$)/, 'start of tail present');
+
+  // The middle is elided.
+  assert.doesNotMatch(r.text, /(^|\n)L100(\n|$)/, 'a middle line is elided');
+
+  // The notice states the split and the elided count (200 - 30 - 20 = 150).
+  assert.match(r.text, /150 line\(s\) elided/);
+  assert.match(r.text, /showing first 30 \+ last 20 of 200/);
+
+  // The model-facing text is far smaller than the raw output.
+  assert.ok(r.text.length < input.length / 2, 'bounded well below the original');
+});
+
+test('PAIRED POSITIVE: under-budget output is shown in FULL with no notice', () => {
+  const input = lines(10); // L1..L10, well under the 50-line budget
+  const r = capShellOutput(input, { maxLines: 50 });
+  assert.strictEqual(r.truncated, false);
+  assert.strictEqual(r.text, input, 'byte-for-byte unchanged — "bounded" is distinguishable from "broke"');
+  assert.doesNotMatch(r.text, /elided/);
+  assert.doesNotMatch(r.text, /token-capped/);
+});
+
+test('single ENORMOUS line → the token safety net caps it (line cap alone cannot)', () => {
+  // One line, so the line cap is a no-op (1 ≤ maxLines). Tokens ≈ 50k at char/4,
+  // well over the default 10k-token budget → the token net must fire.
+  const huge = 'x'.repeat(200000);
+  const r = capShellOutput(huge, { maxLines: 50 });
+  assert.strictEqual(r.truncated, true);
+  assert.doesNotMatch(r.text, /line\(s\) elided/, 'not a line-cap truncation — it is one line');
+  assert.match(r.text, /token-capped/, 'token safety net fired');
+  // Bounded to ~the token budget in chars (10k tokens * 4 chars ≈ 40k), far
+  // below the 200k original.
+  assert.ok(r.text.length < huge.length / 4, `token-bounded: ${r.text.length} << ${huge.length}`);
+});
+
+test('the elision notice teaches the redirect-to-file → grep pattern', () => {
+  const r = capShellOutput(lines(200), { maxLines: 50 });
+  assert.match(r.text, /redirect/i, 'notice mentions redirecting');
+  assert.match(r.text, /grep/i, 'notice steers toward grep (the W.5-enabled pattern)');
+});
+
+test('the token-cap notice also teaches redirect → grep', () => {
+  const r = capShellOutput('x'.repeat(200000), { maxLines: 50 });
+  assert.match(r.text, /redirect/i);
+  assert.match(r.text, /grep/i);
+});
+
+test('defaults are used when no budgets are passed', () => {
+  // Default line budget is 50; 60 lines must truncate.
+  const r = capShellOutput(lines(60));
+  assert.strictEqual(r.truncated, true);
+  assert.match(r.text, /elided/);
+  // And the default token budget is the documented constant.
+  assert.ok(DEFAULT_OUTPUT_MAX_TOKENS > 0);
+});
+
+test('non-string / empty input is handled without throwing', () => {
+  assert.deepStrictEqual(capShellOutput('', { maxLines: 50 }), { text: '', truncated: false });
+  assert.deepStrictEqual(capShellOutput(null, { maxLines: 50 }), { text: '', truncated: false });
+});
+
+// ---------------------------------------------------------------------------
+// Part B — end-to-end through the REAL agent loop: a <shell> tag's output must
+// reach the model BOUNDED (not just the UI), and the exit code must survive.
+// ---------------------------------------------------------------------------
+
+const ui = require('../lib/ui');
+const { createApiClient } = require('../lib/api');
+const { createToolExecutor, extractToolCalls } = require('../lib/tools');
+const { createPermissionManager } = require('../lib/permissions');
+const { createAgentRunner } = require('../lib/agent');
+const { startMockLLM } = require('./harness/mock-llm');
+
+let prevKey;
+before(() => {
+  prevKey = process.env.SEMALT_API_KEY;
+  process.env.SEMALT_API_KEY = 'test-key';
+});
+after(() => {
+  if (prevKey === undefined) delete process.env.SEMALT_API_KEY;
+  else process.env.SEMALT_API_KEY = prevKey;
+});
+
+function buildRunner(base) {
+  const config = {
+    api_base: base, api_key: 'test-key', default_model: 'test-model',
+    temperature: 0.5, request_timeout_ms: 5000, stream: true, models: [],
+    sandbox: { mode: 'off' },
+    max_output_lines: 50,
+    max_output_tokens: DEFAULT_OUTPUT_MAX_TOKENS,
+  };
+  const getConfig = () => config;
+  const saveConfig = (c) => Object.assign(config, c);
+  const api = createApiClient({ getConfig, saveConfig, ui });
+  const pm = createPermissionManager(ui, { skipPermissions: true });
+  pm.setUICallbacks({ onAddMessage: () => {}, onShowModal: () => {}, onCloseModal: () => {}, onCaptureNavigation: () => () => {} });
+  const { agentExecShell, agentExecFile, describePermission } = createToolExecutor(pm, ui, getConfig);
+  return createAgentRunner({
+    chatStream: api.chatStream, extractToolCalls, agentExecShell, agentExecFile,
+    describePermission, permissionManager: pm, ui, getConfig,
+  });
+}
+
+async function runShellTurn(toolTag) {
+  const mock = await startMockLLM();
+  mock.replyWith(toolTag);
+  mock.replyWith('Done.');
+  try {
+    const runner = buildRunner(mock.base);
+    const cb = {
+      onToken: () => {}, onToolStart: () => {}, onToolEnd: () => {},
+      onError: () => {}, onRetry: () => {}, onAssistantMessage: () => {},
+    };
+    const messages = [{ role: 'user', content: 'go' }];
+    await runner.runAgentLoop(messages, 'test-model', 10, null, { callbacks: cb });
+    const fedBack = messages.find((m) => m.role === 'user' && /Tool execution results/.test(m.content));
+    return fedBack ? fedBack.content : '';
+  } finally {
+    await mock.close?.();
+  }
+}
+
+// A 200-line generator that contains NO '<' (which would break XML tag parsing).
+const GEN_200 = 'node -e "var a=[];for(var i=1;i!==201;i++)a.push(i);console.log(a.join(String.fromCharCode(10)))"';
+
+test('REAL loop: large shell output reaches the model BOUNDED (head+tail), not verbatim', async () => {
+  const content = await runShellTurn(`<shell>${GEN_200}</shell>`);
+  assert.match(content, /Exit code: 0/, 'exit code surfaced');
+  // Head+tail, not head-only: both 1 (head) and 200 (tail) present.
+  assert.match(content, /(^|\n)1(\n|$)/, 'first output line present');
+  assert.match(content, /(^|\n)200(\n|$)/, 'last output line present (tail)');
+  // The middle is elided with the teaching notice.
+  assert.match(content, /line\(s\) elided/);
+  assert.match(content, /redirect/i);
+  assert.match(content, /grep/i);
+  assert.doesNotMatch(content, /(^|\n)100(\n|$)/, 'a middle line is elided from context');
+});
+
+test('REAL loop: a FAILING command with large output still surfaces the non-zero exit', async () => {
+  const failing = 'node -e "var a=[];for(var i=1;i!==201;i++)a.push(i);console.log(a.join(String.fromCharCode(10)));process.exit(3)"';
+  const content = await runShellTurn(`<shell>${failing}</shell>`);
+  assert.match(content, /Exit code: 3/, 'non-zero exit is NOT hidden by truncation');
+  assert.match(content, /line\(s\) elided/, 'output still bounded');
+});

package/test/skills-chat.test.js

@@ -0,0 +1,110 @@
+'use strict';
+
+// End-to-end (via the chat harness) for skills (Task 3.5). Proves the
+// progressive-disclosure contract at the loop level: a skill discovered at chat
+// startup contributes ONLY its metadata to the system prompt, and its body is
+// loaded into context ONLY when the skill is invoked as `/<skill>` — at which
+// point the rendered body is submitted to the agent as a user prompt (never
+// executed as code). The harness redirects $HOME to a temp dir before any lib
+// module loads, so we stage skill folders under that temp global dir.
+
+const { test } = require('node:test');
+const assert = require('node:assert');
+const fs = require('node:fs');
+const path = require('node:path');
+
+const { startChat } = require('./harness/chat-harness');
+const { clearSkills } = require('../lib/commands/registry');
+const { getSystemPrompt } = require('../lib/prompts');
+
+const GLOBAL_SKILLS_DIR = path.join(process.env.HOME, '.semalt-ai', 'skills');
+
+function stage(slug, content) {
+  const dir = path.join(GLOBAL_SKILLS_DIR, slug);
+  fs.mkdirSync(dir, { recursive: true });
+  fs.writeFileSync(path.join(dir, 'SKILL.md'), content);
+}
+function clearStaged() {
+  try { fs.rmSync(GLOBAL_SKILLS_DIR, { recursive: true, force: true }); } catch {}
+  clearSkills();
+}
+
+test('skill is discovered at startup and announced', async () => {
+  clearStaged();
+  stage('deep-research', '---\nname: Deep Research\ndescription: Research things\n---\nSECRET_SKILL_BODY');
+  const c = await startChat({ config: { auth_token: 'tok' } });
+  try {
+    assert.ok(c.chatHistory.find(/Loaded 1 skill\(s\): \/deep-research/), 'startup announces the skill');
+  } finally {
+    await c.submit('exit'); await c.done; c.cleanup(); clearStaged();
+  }
+});
+
+test('metadata is in the prompt but the body is NOT until invocation', async () => {
+  clearStaged();
+  stage('deep-research', '---\nname: Deep Research\ndescription: Research things\n---\nSECRET_SKILL_BODY full instructions');
+  const c = await startChat({ config: { auth_token: 'tok' } });
+  try {
+    // System prompt (auto-loaded) carries the metadata but not the body.
+    const prompt = getSystemPrompt(false);
+    assert.ok(prompt.includes('/deep-research'), 'metadata (invocation token) is in the prompt');
+    assert.ok(prompt.includes('Research things'), 'description is in the prompt');
+    assert.ok(!prompt.includes('SECRET_SKILL_BODY'), 'body is NOT in the prompt');
+
+    // Invoke the skill → the body is loaded and submitted as a user prompt.
+    await c.submit('/deep-research the topic');
+    assert.strictEqual(c.calls.runAgentLoop.length, 1, 'agent invoked once');
+    const turn = c.calls.runAgentLoop[0];
+    const userMsgs = turn.messages.filter((m) => m.role === 'user').map((m) => m.content);
+    assert.strictEqual(userMsgs.length, 1);
+    assert.ok(userMsgs[0].includes('SECRET_SKILL_BODY'), 'body enters context ONLY on invocation');
+    // Assets directory is surfaced so the agent can find skill scripts.
+    assert.ok(/Skill assets directory:/.test(userMsgs[0]), 'skill dir surfaced to the agent');
+  } finally {
+    await c.submit('exit'); await c.done; c.cleanup(); clearStaged();
+  }
+});
+
+test('skill body supports $ARGUMENTS substitution on invocation', async () => {
+  clearStaged();
+  stage('greet', '---\ndescription: greet\n---\nSay hi to $ARGUMENTS now');
+  const c = await startChat({ config: { auth_token: 'tok' } });
+  try {
+    await c.submit('/greet the world');
+    const turn = c.calls.runAgentLoop[0];
+    const userMsg = turn.messages.find((m) => m.role === 'user').content;
+    assert.ok(userMsg.startsWith('Say hi to the world now'), 'arguments rendered into the body');
+  } finally {
+    await c.submit('exit'); await c.done; c.cleanup(); clearStaged();
+  }
+});
+
+test('a built-in is never overridden by a same-named skill', async () => {
+  clearStaged();
+  // slug "clear" collides with the built-in /clear command.
+  stage('clear', '---\ndescription: nope\n---\nthis should never run as a prompt');
+  const c = await startChat({ config: { auth_token: 'tok' } });
+  try {
+    assert.ok(c.chatHistory.find(/\/clear.*already in use/i), 'collision warning shown');
+    await c.submit('a message');
+    const before = c.calls.runAgentLoop.length;
+    await c.submit('/clear');
+    assert.ok(c.chatHistory.find(/cleared/i), 'built-in /clear executed');
+    assert.strictEqual(c.calls.runAgentLoop.length, before, 'skill /clear did not invoke the agent');
+  } finally {
+    await c.submit('exit'); await c.done; c.cleanup(); clearStaged();
+  }
+});
+
+test('invoking a skill while logged out goes through the auth gate', async () => {
+  clearStaged();
+  stage('do-thing', '---\ndescription: d\n---\nInstructions body');
+  const c = await startChat({ config: { auth_token: '' } });
+  try {
+    await c.submit('/do-thing');
+    assert.ok(c.chatHistory.find(/Not logged in/), 'rendered skill prompt goes through the auth-gated agent path');
+    assert.strictEqual(c.calls.runAgentLoop.length, 0, 'agent not invoked while unauthenticated');
+  } finally {
+    await c.submit('exit'); await c.done; c.cleanup(); clearStaged();
+  }
+});

package/test/skills.test.js

@@ -0,0 +1,295 @@
+'use strict';
+
+// Tests for skills (Task 3.5): discovery, the load-bearing PROGRESSIVE
+// DISCLOSURE behavior (metadata-only in the prompt, body loaded only on
+// invocation), project-over-global precedence, repo-root-bounded discovery,
+// size bounding, the byte-for-byte-unchanged prompt when absent, and registry
+// registration. Filesystem state is isolated to per-test temp directories.
+
+const { test } = require('node:test');
+const assert = require('node:assert');
+const fs = require('node:fs');
+const os = require('node:os');
+const path = require('node:path');
+
+const {
+  parseSkillFrontmatter,
+  discoverSkills,
+  loadSkillBody,
+  loadSkills,
+  findProjectSkillsDir,
+  skillsStatusLines,
+} = require('../lib/skills');
+const { getSystemPrompt } = require('../lib/prompts');
+const {
+  registerSkills,
+  clearSkills,
+  skillCommands,
+  resolveCommand,
+  completionNames,
+  helpText,
+  commandNames,
+} = require('../lib/commands/registry');
+
+function tmp(prefix) { return fs.realpathSync(fs.mkdtempSync(path.join(os.tmpdir(), prefix))); }
+function rmrf(p) { try { fs.rmSync(p, { recursive: true, force: true }); } catch {} }
+// Stage a skill folder <root>/<slug>/SKILL.md with given content.
+function writeSkill(root, slug, content) {
+  const dir = path.join(root, slug);
+  fs.mkdirSync(dir, { recursive: true });
+  fs.writeFileSync(path.join(dir, 'SKILL.md'), content);
+  return dir;
+}
+
+// ---------------------------------------------------------------------------
+// Frontmatter parsing
+// ---------------------------------------------------------------------------
+
+test('parseSkillFrontmatter: name/description parsed; body follows', () => {
+  const src = '---\nname: Code Review\ndescription: Review a diff for bugs\n---\nDo the review carefully.';
+  const { meta, body } = parseSkillFrontmatter(src);
+  assert.strictEqual(meta.name, 'Code Review');
+  assert.strictEqual(meta.description, 'Review a diff for bugs');
+  assert.strictEqual(body, 'Do the review carefully.');
+});
+
+test('parseSkillFrontmatter: no frontmatter → whole text is the body', () => {
+  const { meta, body } = parseSkillFrontmatter('just instructions');
+  assert.strictEqual(meta.name, '');
+  assert.strictEqual(meta.description, '');
+  assert.strictEqual(body, 'just instructions');
+});
+
+// ---------------------------------------------------------------------------
+// Discovery (global / project / precedence / repo-root bound)
+// ---------------------------------------------------------------------------
+
+test('discoverSkills: global skill from ~/.semalt-ai/skills/<name>/SKILL.md', () => {
+  const home = tmp('semalt-skhome-');
+  try {
+    writeSkill(path.join(home, '.semalt-ai', 'skills'), 'deep-research',
+      '---\nname: Deep Research\ndescription: Multi-source research\n---\nSECRET_BODY_MARKER');
+    const skills = discoverSkills({ home, cwd: home });
+    assert.strictEqual(skills.length, 1);
+    const s = skills[0];
+    assert.strictEqual(s.name, '/deep-research');
+    assert.strictEqual(s.slug, 'deep-research');
+    assert.strictEqual(s.displayName, 'Deep Research');
+    assert.strictEqual(s.description, 'Multi-source research');
+    assert.strictEqual(s.source, 'global');
+  } finally { rmrf(home); }
+});
+
+test('discoverSkills: project skill from nearest .semalt/skills, repo-root walk', () => {
+  const home = tmp('semalt-skhome-');
+  const repo = tmp('semalt-skrepo-');
+  try {
+    fs.mkdirSync(path.join(repo, '.git'), { recursive: true });
+    const sub = path.join(repo, 'src', 'deep');
+    fs.mkdirSync(sub, { recursive: true });
+    writeSkill(path.join(repo, '.semalt', 'skills'), 'deploy', '---\ndescription: Deploy\n---\nbody');
+    const skills = discoverSkills({ home, cwd: sub });
+    assert.strictEqual(skills.length, 1);
+    assert.strictEqual(skills[0].name, '/deploy');
+    assert.strictEqual(skills[0].source, 'project');
+  } finally { rmrf(home); rmrf(repo); }
+});
+
+test('discoverSkills: project overrides global on slug collision; global-only survives', () => {
+  const home = tmp('semalt-skhome-');
+  const repo = tmp('semalt-skrepo-');
+  try {
+    fs.mkdirSync(path.join(repo, '.git'), { recursive: true });
+    writeSkill(path.join(home, '.semalt-ai', 'skills'), 'review', '---\ndescription: GLOBAL\n---\nglobal body');
+    writeSkill(path.join(repo, '.semalt', 'skills'), 'review', '---\ndescription: PROJECT\n---\nproject body');
+    writeSkill(path.join(home, '.semalt-ai', 'skills'), 'onlyglobal', '---\ndescription: g-only\n---\nbody');
+    const skills = discoverSkills({ home, cwd: repo });
+    const review = skills.find((s) => s.name === '/review');
+    assert.strictEqual(review.description, 'PROJECT');
+    assert.strictEqual(review.source, 'project');
+    assert.ok(skills.find((s) => s.name === '/onlyglobal'), 'global-only skill still surfaces');
+  } finally { rmrf(home); rmrf(repo); }
+});
+
+test('findProjectSkillsDir: bounded by repo root — does not escape above .git', () => {
+  const outer = tmp('semalt-skouter-');
+  try {
+    fs.mkdirSync(path.join(outer, '.semalt', 'skills'), { recursive: true });
+    const repo = path.join(outer, 'repo');
+    fs.mkdirSync(path.join(repo, '.git'), { recursive: true });
+    const sub = path.join(repo, 'a', 'b');
+    fs.mkdirSync(sub, { recursive: true });
+    assert.strictEqual(findProjectSkillsDir(sub), null);
+  } finally { rmrf(outer); }
+});
+
+test('discoverSkills: folders without SKILL.md are skipped', () => {
+  const home = tmp('semalt-skhome-');
+  try {
+    fs.mkdirSync(path.join(home, '.semalt-ai', 'skills', 'not-a-skill'), { recursive: true });
+    writeSkill(path.join(home, '.semalt-ai', 'skills'), 'real', '---\ndescription: d\n---\nb');
+    const skills = discoverSkills({ home, cwd: home });
+    assert.deepStrictEqual(skills.map((s) => s.name), ['/real']);
+  } finally { rmrf(home); }
+});
+
+// ---------------------------------------------------------------------------
+// PROGRESSIVE DISCLOSURE — the load-bearing behavior
+// ---------------------------------------------------------------------------
+
+test('discovery returns METADATA ONLY — no body field', () => {
+  const home = tmp('semalt-skhome-');
+  try {
+    writeSkill(path.join(home, '.semalt-ai', 'skills'), 'x',
+      '---\nname: X\ndescription: d\n---\nSECRET_BODY_MARKER');
+    const [s] = discoverSkills({ home, cwd: home });
+    assert.ok(!('body' in s), 'spec carries no body');
+    assert.ok(!JSON.stringify(s).includes('SECRET_BODY_MARKER'), 'body text is absent from the spec');
+  } finally { rmrf(home); }
+});
+
+test('the metadata block holds name+description but NOT the body', () => {
+  const home = tmp('semalt-skhome-');
+  try {
+    writeSkill(path.join(home, '.semalt-ai', 'skills'), 'researcher',
+      '---\nname: Researcher\ndescription: research things\n---\nSECRET_BODY_MARKER with full instructions');
+    const { block } = loadSkills({ home, cwd: home });
+    assert.ok(block.includes('/researcher'), 'invocation token present');
+    assert.ok(block.includes('research things'), 'description present');
+    assert.ok(block.includes('<<<SKILLS>>>') && block.includes('<<<END_SKILLS>>>'));
+    assert.ok(!block.includes('SECRET_BODY_MARKER'), 'BODY is NOT injected into the prompt block');
+  } finally { rmrf(home); }
+});
+
+test('loadSkillBody reads the body ON DEMAND (the invocation-time read)', () => {
+  const home = tmp('semalt-skhome-');
+  try {
+    writeSkill(path.join(home, '.semalt-ai', 'skills'), 'researcher',
+      '---\nname: Researcher\ndescription: research\n---\nSECRET_BODY_MARKER with full instructions');
+    const [s] = discoverSkills({ home, cwd: home });
+    const body = loadSkillBody(s);
+    assert.ok(body.includes('SECRET_BODY_MARKER'), 'body loaded only when explicitly requested');
+    assert.ok(!body.includes('description: research'), 'frontmatter stripped from the loaded body');
+  } finally { rmrf(home); }
+});
+
+// ---------------------------------------------------------------------------
+// Absent skills → prompt byte-for-byte unchanged
+// ---------------------------------------------------------------------------
+
+test('no skills present → empty block, empty list', () => {
+  const home = tmp('semalt-emptyhome-');
+  const dir = tmp('semalt-noskills-');
+  try {
+    const r = loadSkills({ home, cwd: dir });
+    assert.strictEqual(r.block, '');
+    assert.deepStrictEqual(r.skills, []);
+    assert.strictEqual(r.truncated, false);
+  } finally { rmrf(home); rmrf(dir); }
+});
+
+test('getSystemPrompt is byte-for-byte the base prompt when skills (and memory) empty', () => {
+  // Both extras explicit-empty → exactly the base template.
+  const base = getSystemPrompt(false, '', '');
+  assert.ok(!base.includes('<<<SKILLS>>>'), 'no skills section in the base prompt');
+  // Skills are appended verbatim AFTER memory — proves append-only + empty == base.
+  assert.strictEqual(getSystemPrompt(false, '', '\n\nSKILLBLOCK'), base + '\n\nSKILLBLOCK');
+  // Native template too.
+  const nbase = getSystemPrompt(true, '', '');
+  assert.strictEqual(getSystemPrompt(true, '', '\n\nX'), nbase + '\n\nX');
+});
+
+test('getSystemPrompt order is base + memory + skills', () => {
+  const base = getSystemPrompt(false, '', '');
+  assert.strictEqual(getSystemPrompt(false, '\n\nMEM', '\n\nSKL'), base + '\n\nMEM' + '\n\nSKL');
+});
+
+// ---------------------------------------------------------------------------
+// Size bounding
+// ---------------------------------------------------------------------------
+
+test('oversized skills metadata is truncated with a visible notice', () => {
+  const home = tmp('semalt-skhome-');
+  try {
+    for (let i = 0; i < 20; i++) {
+      writeSkill(path.join(home, '.semalt-ai', 'skills'), 'skill-' + i,
+        `---\nname: Skill ${i}\ndescription: ${'D'.repeat(200)}\n---\nbody`);
+    }
+    const r = loadSkills({ home, cwd: home, maxBytes: 200 });
+    assert.strictEqual(r.truncated, true);
+    assert.ok(/truncated/i.test(r.block), 'block carries a truncation notice');
+  } finally { rmrf(home); }
+});
+
+// ---------------------------------------------------------------------------
+// Status lines (/skills view)
+// ---------------------------------------------------------------------------
+
+test('skillsStatusLines: empty + populated', () => {
+  assert.match(skillsStatusLines({ skills: [] }).join('\n'), /No skills found/);
+  const lines = skillsStatusLines({
+    skills: [{ name: '/review', source: 'project', description: 'do a review' }],
+    truncated: false,
+  }).join('\n');
+  assert.ok(lines.includes('/review'));
+  assert.ok(lines.includes('[project]'));
+  assert.ok(/bodies load on invocation/i.test(lines));
+});
+
+// ---------------------------------------------------------------------------
+// Registry registration
+// ---------------------------------------------------------------------------
+
+test('registerSkills: skill resolves and completes; built-ins win on collision', () => {
+  clearSkills();
+  try {
+    const { registered, warnings } = registerSkills([
+      { name: '/research', slug: 'research', description: 'Research', skillPath: '/x/SKILL.md', dir: '/x', source: 'global' },
+      { name: '/model', slug: 'model', skillPath: '/y/SKILL.md', source: 'global' }, // collides with built-in
+    ]);
+    assert.strictEqual(registered.length, 1, 'only the non-colliding skill registers');
+    assert.strictEqual(registered[0].name, '/research');
+    assert.strictEqual(warnings.length, 1);
+    assert.match(warnings[0], /\/model/);
+
+    // /model still resolves to the built-in, not the skill.
+    const m = resolveCommand('/model');
+    assert.ok(!m.spec.skill, 'built-in /model not shadowed by a skill');
+
+    // /research resolves to the skill spec carrying its path (NOT a body).
+    const r = resolveCommand('/research some topic');
+    assert.strictEqual(r.name, '/research');
+    assert.strictEqual(r.arg, 'some topic');
+    assert.ok(r.spec.skill, 'skill flagged on the spec');
+    assert.strictEqual(r.spec.skillPath, '/x/SKILL.md');
+    assert.ok(!('body' in r.spec) && !('template' in r.spec), 'spec carries no body/template');
+
+    // Bare invocation (no arg) also resolves (optional-arg behavior).
+    assert.strictEqual(resolveCommand('/research').name, '/research');
+
+    // Completion + help surface the skill under its own heading.
+    assert.ok(completionNames().includes('/research'));
+    assert.match(helpText(), /Skills:/);
+    assert.match(helpText(), /\/research   Research/);
+
+    // Parity name list stays built-ins only (skills handled inline, no handler).
+    assert.ok(!commandNames().includes('/research'));
+  } finally { clearSkills(); }
+});
+
+test('registerSkills replaces the prior set; skillCommands reflects current', () => {
+  clearSkills();
+  try {
+    registerSkills([{ name: '/one', slug: 'one', skillPath: '/a' }]);
+    assert.ok(resolveCommand('/one'));
+    assert.strictEqual(skillCommands().length, 1);
+    registerSkills([{ name: '/two', slug: 'two', skillPath: '/b' }]);
+    assert.strictEqual(resolveCommand('/one'), null, 'prior skill dropped on re-register');
+    assert.ok(resolveCommand('/two'));
+  } finally { clearSkills(); }
+});
+
+test('helpText has no Skills section when none registered', () => {
+  clearSkills();
+  assert.ok(!/Skills:/.test(helpText()));
+});

package/test/smoke.test.js

@@ -0,0 +1,68 @@
+'use strict';
+
+// Smoke tests using the built-in node:test runner (no test-framework dependency).
+// These exist mainly to give CI a non-empty, meaningful suite before Phase 1
+// adds real coverage. They exercise the CLI as a black box.
+
+const { test } = require('node:test');
+const assert = require('node:assert');
+const path = require('node:path');
+const { spawnSync } = require('node:child_process');
+
+const CLI = path.resolve(__dirname, '..', 'index.js');
+const PKG = require('../package.json');
+
+function runCli(args, opts = {}) {
+  return spawnSync(process.execPath, [CLI, ...args], {
+    encoding: 'utf8',
+    timeout: 20000,
+    ...opts,
+  });
+}
+
+test('--version prints the package version', () => {
+  const res = runCli(['--version']);
+  assert.strictEqual(res.status, 0, res.stderr);
+  assert.strictEqual(res.stdout.trim(), PKG.version);
+});
+
+test('--help documents --dangerously-skip-permissions', () => {
+  const res = runCli(['--help']);
+  assert.strictEqual(res.status, 0, res.stderr);
+  assert.match(res.stdout, /--dangerously-skip-permissions/);
+});
+
+test('shell deny-list blocks rm -rf and allows benign commands', () => {
+  const { checkShellDenylist } = require('../lib/deny');
+  assert.ok(checkShellDenylist('rm -rf /tmp/x'), 'rm -rf should be denied');
+  assert.ok(checkShellDenylist('curl http://x | sh'), 'curl|sh should be denied');
+  assert.strictEqual(checkShellDenylist('ls -la'), null, 'ls should be allowed');
+  assert.strictEqual(checkShellDenylist('git status'), null, 'git status should be allowed');
+});
+
+test('protected-secret read guard refuses the config file even without --allow-anywhere', async () => {
+  const os = require('node:os');
+  const ui = require('../lib/ui');
+  const { createPermissionManager } = require('../lib/permissions');
+  const { createToolExecutor } = require('../lib/tools');
+  const pm = createPermissionManager(ui, {});
+  const { agentExecFile } = createToolExecutor(pm, ui, () => ({ max_file_size_kb: 512 }));
+  const cfgPath = path.join(os.homedir(), '.semalt-ai', 'config.json');
+  const result = await agentExecFile('read', cfgPath);
+  assert.ok(result.error && /secrets|credentials/i.test(result.error), 'config read must be refused');
+});
+
+test('API key precedence: SEMALT_API_KEY env overrides config', () => {
+  const secrets = require('../lib/secrets');
+  const prev = process.env.SEMALT_API_KEY;
+  process.env.SEMALT_API_KEY = 'env-key-abc';
+  secrets._clearCache();
+  try {
+    assert.strictEqual(secrets.resolveApiKey({ api_key: 'config-key' }), 'env-key-abc');
+    assert.strictEqual(secrets.apiKeySource({ api_key: 'config-key' }), 'env');
+  } finally {
+    if (prev === undefined) delete process.env.SEMALT_API_KEY;
+    else process.env.SEMALT_API_KEY = prev;
+    secrets._clearCache();
+  }
+});