@soleri/cli 9.13.1 → 9.14.1

package/src/commands/install.ts

@@ -12,6 +12,7 @@ import { dirname, join, resolve } from 'node:path';
 import { homedir } from 'node:os';
 import * as p from '@clack/prompts';
 import { detectAgent } from '../utils/agent-context.js';
+import { detectArtifacts } from '../utils/agent-artifacts.js';
 
 /** Default parent directory for agents: ~/.soleri/ */
 const SOLERI_HOME = process.env.SOLERI_HOME ?? join(homedir(), '.soleri');
@@ -25,7 +26,7 @@ export const toPosix = (p: string): string => p.replace(/\\/g, '/');
  * Resolve the absolute path to the soleri-engine binary.
  * Falls back to `npx @soleri/engine` if resolution fails (e.g. not installed globally).
  */
-function resolveEngineBin(): { command: string; bin: string } {
+export function resolveEngineBin(): { command: string; bin: string } {
   try {
     const require = createRequire(import.meta.url);
     const bin = require.resolve('@soleri/core/dist/engine/bin/soleri-engine.js');
@@ -80,6 +81,87 @@ function checkWritable(filePath: string): boolean {
   }
 }
 
+/**
+ * Facade suffixes pre-approved for every Soleri agent.
+ * Each suffix becomes `mcp__<agentId>__<agentId>_<suffix>` in settings.local.json.
+ */
+const PRE_APPROVED_FACADE_SUFFIXES = [
+  'core',
+  'vault',
+  'plan',
+  'brain',
+  'memory',
+  'admin',
+  'curator',
+  'orchestrate',
+  'control',
+  'context',
+  'agency',
+  'operator',
+  'chat',
+  'archive',
+  'sync',
+  'review',
+  'intake',
+  'links',
+  'branching',
+  'tier',
+  'loop',
+  'embedding',
+  'dream',
+  'testing',
+  'typescript',
+] as const;
+
+/**
+ * Write pre-approved facade permissions to ~/.claude/settings.local.json.
+ * Merges with existing permissions — never removes entries added by the user or other agents.
+ */
+export function installClaudePermissions(agentId: string): void {
+  const claudeDir = join(homedir(), '.claude');
+  const settingsPath = join(claudeDir, 'settings.local.json');
+
+  // Build permission entries: mcp__<agentId>__<agentId>_<suffix>
+  const newEntries = PRE_APPROVED_FACADE_SUFFIXES.map(
+    (suffix) => `mcp__${agentId}__${agentId}_${suffix}`,
+  );
+
+  let config: Record<string, unknown> = {};
+  if (existsSync(settingsPath)) {
+    try {
+      config = JSON.parse(readFileSync(settingsPath, 'utf-8'));
+    } catch {
+      // Corrupted file — start fresh but warn
+      p.log.warn(`Could not parse ${settingsPath} — creating fresh permissions`);
+      config = {};
+    }
+  }
+
+  if (!config.permissions || typeof config.permissions !== 'object') {
+    config.permissions = {};
+  }
+  const permissions = config.permissions as Record<string, unknown>;
+
+  const existing = Array.isArray(permissions.allow) ? (permissions.allow as string[]) : [];
+  const merged = [...new Set([...existing, ...newEntries])];
+  permissions.allow = merged;
+
+  try {
+    mkdirSync(claudeDir, { recursive: true });
+    writeFileSync(settingsPath, JSON.stringify(config, null, 2) + '\n', 'utf-8');
+  } catch {
+    p.log.warn(`Could not write ${settingsPath} — MCP tools may require manual approval`);
+    return;
+  }
+
+  const added = merged.length - existing.length;
+  if (added > 0) {
+    p.log.success(`Pre-approved ${merged.length} facade permissions in settings.local.json`);
+  } else {
+    p.log.info('Facade permissions already configured in settings.local.json');
+  }
+}
+
 export function installClaude(agentId: string, agentDir: string, isFileTree: boolean): void {
   const configPath = join(homedir(), '.claude.json');
 
@@ -113,7 +195,10 @@ export function installClaude(agentId: string, agentDir: string, isFileTree: boo
     p.log.error(`Cannot write to ${configPath}. Check file permissions.`);
     process.exit(1);
   }
-  p.log.success(`Registered ${agentId} in ~/.claude.json`);
+  p.log.success(`Registered ${agentId} in ~/.claude.json (restart your session to load)`);
+
+  // Pre-approve facade permissions so users don't hit approval prompts
+  installClaudePermissions(agentId);
 }
 
 function installCodex(agentId: string, agentDir: string, isFileTree: boolean): void {
@@ -162,7 +247,7 @@ function installCodex(agentId: string, agentDir: string, isFileTree: boolean): v
     p.log.error(`Cannot write to ${configPath}. Check file permissions.`);
     process.exit(1);
   }
-  p.log.success(`Registered ${agentId} in ~/.codex/config.toml`);
+  p.log.success(`Registered ${agentId} in ~/.codex/config.toml (restart your session to load)`);
 }
 
 function installOpencode(agentId: string, agentDir: string, isFileTree: boolean): void {
@@ -222,7 +307,29 @@ function installOpencode(agentId: string, agentDir: string, isFileTree: boolean)
     p.log.error(`Cannot write to ${configPath}. Check file permissions.`);
     process.exit(1);
   }
-  p.log.success(`Registered ${agentId} in ~/.config/opencode/opencode.json`);
+  p.log.success(
+    `Registered ${agentId} in ~/.config/opencode/opencode.json (restart your session to load)`,
+  );
+}
+
+/**
+ * Return target-specific post-install restart instructions.
+ */
+export function getNextStepMessage(target: string): string {
+  const instructions: Record<string, string> = {
+    claude: 'Next step: Restart your Claude Code session (or run `/mcp` to reload MCP servers).',
+    codex: 'Next step: Start a new Codex conversation to load the MCP server.',
+    opencode: 'Next step: Restart OpenCode to load the MCP server.',
+  };
+
+  if (target === 'both' || target === 'all') {
+    return [instructions.claude, instructions.codex, instructions.opencode].join('\n');
+  }
+
+  if (!(target in instructions)) {
+    p.log.warn(`Unknown target "${target}" — defaulting to Claude instructions.`);
+  }
+  return instructions[target] ?? instructions.claude;
 }
 
 function escapeRegExp(s: string): string {
@@ -233,7 +340,20 @@ function escapeRegExp(s: string): string {
  * Create a global launcher script so the agent can be invoked by name from any directory.
  * e.g., typing `ernesto` opens Claude Code with that agent's MCP config.
  */
-function installLauncher(agentId: string, agentDir: string): void {
+function installLauncher(agentId: string, agentDir: string, target: Target): void {
+  // Only create a launcher for Claude — other targets don't have a CLI equivalent
+  if (target === 'codex') {
+    p.log.info('Launcher skipped: Codex does not have a CLI equivalent.');
+    return;
+  }
+  if (target === 'opencode') {
+    p.log.info('Launcher skipped: OpenCode does not have a CLI equivalent.');
+    return;
+  }
+  if (target === 'all' || target === 'both') {
+    p.log.info('Note: Launcher is Claude-specific — other targets do not have a CLI equivalent.');
+  }
+
   // Launcher scripts to /usr/local/bin are Unix-only
   if (process.platform === 'win32') {
     p.log.info('Launcher scripts are not supported on Windows.');
@@ -264,13 +384,67 @@ function installLauncher(agentId: string, agentDir: string): void {
   }
 }
 
+// ---------------------------------------------------------------------------
+// Verify
+// ---------------------------------------------------------------------------
+
+export interface VerifyCheck {
+  label: string;
+  passed: boolean;
+}
+
+/**
+ * Verify the full install chain for an agent against a given target.
+ * Returns an array of pass/fail checks.
+ */
+export function verifyInstall(agentId: string, agentDir: string, target: Target): VerifyCheck[] {
+  const checks: VerifyCheck[] = [];
+
+  // 1. Agent entry exists in config for each relevant target
+  const artifacts = detectArtifacts(agentId, agentDir);
+  const targetEntries = artifacts.mcpServerEntries;
+
+  const targets: ('claude' | 'codex' | 'opencode')[] =
+    target === 'all' || target === 'both'
+      ? ['claude', 'codex', 'opencode']
+      : [target as 'claude' | 'codex' | 'opencode'];
+
+  for (const t of targets) {
+    const hasEntry = targetEntries.some((e) => e.target === t);
+    checks.push({
+      label: `Agent entry in ${t} config`,
+      passed: hasEntry,
+    });
+  }
+
+  // 2. Engine binary resolves (local or npx fallback)
+  const engine = resolveEngineBin();
+  const isLocal = engine.command === 'node';
+  checks.push({
+    label: isLocal
+      ? `Engine binary resolves (${engine.bin})`
+      : 'Engine resolves via npx (fallback)',
+    passed: true,
+  });
+
+  // 3. agent.yaml exists at configured path
+  const agentYamlPath = join(agentDir, 'agent.yaml');
+  checks.push({
+    label: `agent.yaml exists (${agentYamlPath})`,
+    passed: existsSync(agentYamlPath),
+  });
+
+  return checks;
+}
+
 export function registerInstall(program: Command): void {
   program
     .command('install')
     .argument('[dir]', 'Agent directory or agent name (checks ~/.soleri/<name> first, then cwd)')
     .option('--target <target>', 'Registration target: claude, opencode, codex, or all', 'claude')
+    .option('--verify', 'Verify the install chain (config, engine, agent.yaml)')
     .description('Register agent as MCP server in editor config')
-    .action(async (dir?: string, opts?: { target?: string }) => {
+    .action(async (dir?: string, opts?: { target?: string; verify?: boolean }) => {
       let resolvedDir: string | undefined;
 
       if (dir) {
@@ -328,8 +502,35 @@ export function registerInstall(program: Command): void {
       }
 
       // Create global launcher script
-      installLauncher(ctx.agentId, ctx.agentPath);
+      installLauncher(ctx.agentId, ctx.agentPath, target);
+
+      p.log.success(`Install complete for ${ctx.agentId}.`);
+      p.log.info(getNextStepMessage(target));
+
+      // Warn users running via npx — their cache may go stale on next release
+      if (resolveEngineBin().command === 'npx') {
+        p.log.warn(
+          `Running via npx — updates may be cached. For reliable updates: npm install -g soleri`,
+        );
+      }
 
-      p.log.info(`Agent ${ctx.agentId} is now available as an MCP server.`);
+      // Run verification if --verify was passed
+      if (opts?.verify) {
+        const checks = verifyInstall(ctx.agentId, ctx.agentPath, target);
+        p.log.info('');
+        p.log.info('Install verification:');
+        let allPassed = true;
+        for (const check of checks) {
+          const icon = check.passed ? '\u2705' : '\u274C';
+          const logFn = check.passed ? p.log.success : p.log.error;
+          logFn(`${icon} ${check.label}`);
+          if (!check.passed) allPassed = false;
+        }
+        if (!allPassed) {
+          p.log.error('Verification failed — one or more checks did not pass.');
+          process.exit(1);
+        }
+        p.log.success('All checks passed.');
+      }
     });
 }

package/src/commands/pack.ts

@@ -11,7 +11,13 @@ import { join, resolve as pathResolve } from 'node:path';
 import { existsSync, readFileSync, readdirSync } from 'node:fs';
 import type { Command } from 'commander';
 import * as p from '@clack/prompts';
-import { PackLockfile, inferPackType, resolvePack, checkNpmVersion } from '@soleri/core';
+import {
+  PackLockfile,
+  inferPackType,
+  resolvePack,
+  checkNpmVersion,
+  getBuiltinKnowledgePacksDirs,
+} from '@soleri/core';
 import type { LockEntry, PackSource } from '@soleri/core';
 
 // ─── Tier display helpers ────────────────────────────────────────────
@@ -457,9 +463,14 @@ export function registerPack(program: Command): void {
         const candidates = [
           join(process.cwd(), 'knowledge-packs'),
           pathResolve(import.meta.dirname ?? '.', '..', '..', '..', '..', '..', 'knowledge-packs'),
+          ...getBuiltinKnowledgePacksDirs(),
         ];
+        const seen = new Set<string>();
         for (const c of candidates) {
-          if (existsSync(c)) searchDirs.push(c);
+          if (existsSync(c) && !seen.has(c)) {
+            searchDirs.push(c);
+            seen.add(c);
+          }
         }
       }
 

package/src/commands/update.ts

@@ -0,0 +1,82 @@
+import type { Command } from 'commander';
+import { createRequire } from 'node:module';
+import { execSync } from 'node:child_process';
+import * as p from '@clack/prompts';
+
+const require = createRequire(import.meta.url);
+
+function getCurrentVersion(): string {
+  try {
+    // eslint-disable-next-line @typescript-eslint/no-unsafe-member-access
+    return (require('../package.json') as { version: string }).version;
+  } catch {
+    return 'unknown';
+  }
+}
+
+function getLatestVersion(): string {
+  try {
+    return execSync('npm view @soleri/cli version', { stdio: ['pipe', 'pipe', 'pipe'] })
+      .toString()
+      .trim();
+  } catch {
+    throw new Error('Could not reach npm registry. Check your network connection and try again.');
+  }
+}
+
+function installLatest(): void {
+  execSync('npm install -g soleri@latest', { stdio: 'inherit' });
+}
+
+export function registerUpdate(program: Command): void {
+  program
+    .command('update')
+    .description('Update Soleri CLI to the latest version')
+    .action(async () => {
+      p.intro('Soleri Update');
+
+      const current = getCurrentVersion();
+      p.log.info(`Current version: ${current}`);
+
+      const spinner = p.spinner();
+      spinner.start('Checking latest version…');
+
+      let latest: string;
+      try {
+        latest = getLatestVersion();
+      } catch (err) {
+        spinner.stop('Failed');
+        p.log.error(err instanceof Error ? err.message : String(err));
+        process.exit(1);
+        return;
+      }
+
+      spinner.stop(`Latest version: ${latest}`);
+
+      if (current === latest) {
+        p.log.success(`Already on latest (${current})`);
+        p.outro('Nothing to do.');
+        return;
+      }
+
+      p.log.info(`Updating ${current} → ${latest}…`);
+
+      try {
+        installLatest();
+      } catch {
+        p.log.error('Update failed. Try manually: npm install -g soleri@latest');
+        process.exit(1);
+      }
+
+      const installed = getLatestVersion();
+      if (installed !== latest) {
+        p.log.warn(
+          `Installed version (${installed}) does not match expected (${latest}). Verify manually.`,
+        );
+      } else {
+        p.log.success(`Updated ${current} → ${installed}`);
+      }
+
+      p.outro('Restart your session to use the new version.');
+    });
+}

package/src/hook-packs/clean-commits/hookify.no-ai-attribution.local.md

@@ -2,8 +2,11 @@
 # Soleri Hook Pack: clean-commits
 # Version: 1.0.0
 # Rule: no-ai-attribution
+# NOTE: This hook is intentionally disabled. The host agent (e.g. Claude Code)
+# controls commit attribution via its own system prompt. Blocking attribution
+# patterns here causes a deadlock when the host mandates them.
 name: no-ai-attribution
-enabled: true
+enabled: false
 event: bash
 action: block
 conditions:
@@ -12,7 +15,7 @@ conditions:
     pattern: git\s+commit.*(-m|--message)
   - field: command
     operator: regex_match
-    pattern: (🤖|Co-Authored-By|Generated with|AI-generated|by Claude|Claude Code|with Claude|noreply@anthropic\.com|Anthropic|Claude\s+(Opus|Sonnet|Haiku))
+    pattern: (placeholder-disabled-pattern)
 ---
 
-🚫 **AI attribution blocked.** Use clean conventional commits: `feat:`, `fix:`, `refactor:`. No 🤖, Claude, Co-Authored-By, or Anthropic references.
+This hook is intentionally disabled. Commit style is enforced by the engine rules, not by blocking patterns.

package/src/main.ts

@@ -32,6 +32,7 @@ import { registerStaging } from './commands/staging.js';
 import { registerVault } from './commands/vault.js';
 import { registerYolo } from './commands/yolo.js';
 import { registerDream } from './commands/dream.js';
+import { registerUpdate } from './commands/update.js';
 
 const require = createRequire(import.meta.url);
 const { version } = require('../package.json');
@@ -96,4 +97,5 @@ registerStaging(program);
 registerVault(program);
 registerYolo(program);
 registerDream(program);
+registerUpdate(program);
 program.parse();