@soleri/cli 9.14.3 → 9.16.7

package/src/utils/checks.ts

@@ -4,8 +4,9 @@
 import { existsSync, readFileSync, readdirSync } from 'node:fs';
 import { join } from 'node:path';
 import { execFileSync } from 'node:child_process';
-import { homedir } from 'node:os';
 import { detectAgent, type AgentFormat } from './agent-context.js';
+import { detectArtifacts } from './agent-artifacts.js';
+import { resolveCorePackageJsonPath } from './core-resolver.js';
 import { getInstalledPacks } from '../hook-packs/registry.js';
 
 export interface CheckResult {
@@ -166,49 +167,36 @@ export function checkInstructionsDir(agentPath: string): CheckResult {
 }
 
 export function checkEngineReachable(): CheckResult {
-  try {
-    require.resolve('@soleri/core/package.json');
+  if (resolveCorePackageJsonPath() !== null) {
     return { status: 'pass', label: 'Engine', detail: '@soleri/core reachable' };
-  } catch {
-    return {
-      status: 'fail',
-      label: 'Engine',
-      detail: '@soleri/core not found — engine is required for file-tree agents',
-    };
   }
+
+  return {
+    status: 'fail',
+    label: 'Engine',
+    detail: '@soleri/core not found — engine is required for file-tree agents',
+  };
 }
 
 function checkMcpRegistration(dir?: string): CheckResult {
   const ctx = detectAgent(dir);
   if (!ctx) return { status: 'warn', label: 'MCP registration', detail: 'no agent detected' };
 
-  const claudeJsonPath = join(homedir(), '.claude.json');
-  if (!existsSync(claudeJsonPath)) {
+  const artifacts = detectArtifacts(ctx.agentId, ctx.agentPath);
+  if (artifacts.mcpServerEntries.length === 0) {
     return {
       status: 'warn',
       label: 'MCP registration',
-      detail: '~/.claude.json not found',
+      detail: `not found in ~/.claude.json, ~/.codex/config.toml, or ~/.config/opencode/opencode.json`,
     };
   }
 
-  try {
-    const config = JSON.parse(readFileSync(claudeJsonPath, 'utf-8'));
-    const servers = config.mcpServers ?? {};
-    if (ctx.agentId in servers) {
-      return {
-        status: 'pass',
-        label: 'MCP registration',
-        detail: `registered as "${ctx.agentId}"`,
-      };
-    }
-    return {
-      status: 'warn',
-      label: 'MCP registration',
-      detail: `"${ctx.agentId}" not found in ~/.claude.json`,
-    };
-  } catch {
-    return { status: 'fail', label: 'MCP registration', detail: 'failed to parse ~/.claude.json' };
-  }
+  const targets = [...new Set(artifacts.mcpServerEntries.map((entry) => entry.target))];
+  return {
+    status: 'pass',
+    label: 'MCP registration',
+    detail: `registered in ${targets.join(', ')}`,
+  };
 }
 
 function checkCognee(): CheckResult {

package/src/utils/core-resolver.ts

@@ -0,0 +1,39 @@
+import { existsSync, readFileSync } from 'node:fs';
+import { dirname, join } from 'node:path';
+import { fileURLToPath } from 'node:url';
+
+function resolveCoreEntryPath(): string | null {
+  try {
+    return fileURLToPath(import.meta.resolve('@soleri/core'));
+  } catch {
+    return null;
+  }
+}
+
+export function resolveCorePackageJsonPath(): string | null {
+  const entryPath = resolveCoreEntryPath();
+  if (!entryPath) return null;
+
+  const packageJsonPath = join(dirname(entryPath), '..', 'package.json');
+  return existsSync(packageJsonPath) ? packageJsonPath : null;
+}
+
+export function readInstalledCoreVersion(): string | null {
+  const packageJsonPath = resolveCorePackageJsonPath();
+  if (!packageJsonPath) return null;
+
+  try {
+    const pkg = JSON.parse(readFileSync(packageJsonPath, 'utf-8')) as { version?: unknown };
+    return typeof pkg.version === 'string' ? pkg.version : null;
+  } catch {
+    return null;
+  }
+}
+
+export function resolveInstalledEngineBin(): string | null {
+  const entryPath = resolveCoreEntryPath();
+  if (!entryPath) return null;
+
+  const engineBinPath = join(dirname(entryPath), 'engine', 'bin', 'soleri-engine.js');
+  return existsSync(engineBinPath) ? engineBinPath : null;
+}

package/src/utils/vault-db.ts

@@ -0,0 +1,15 @@
+import { existsSync } from 'node:fs';
+import { join } from 'node:path';
+import { SOLERI_HOME } from '@soleri/core';
+
+/**
+ * Resolve the vault DB path for a given agent.
+ * Checks the current path first, then falls back to the legacy dot-prefixed path.
+ */
+export function resolveVaultDbPath(agentId: string): string | null {
+  const newDbPath = join(SOLERI_HOME, agentId, 'vault.db');
+  const legacyDbPath = join(SOLERI_HOME, '..', `.${agentId}`, 'vault.db');
+  if (existsSync(newDbPath)) return newDbPath;
+  if (existsSync(legacyDbPath)) return legacyDbPath;
+  return null;
+}

package/dist/hook-packs/converter/template.test.ts

@@ -1,133 +0,0 @@
-import { describe, it, expect } from 'vitest';
-import { generateHookScript, generateManifest, HOOK_EVENTS, ACTION_LEVELS } from './template.js';
-import type { HookConversionConfig } from './template.js';
-
-describe('generateHookScript', () => {
-  const baseConfig: HookConversionConfig = {
-    name: 'test-hook',
-    event: 'PreToolUse',
-    toolMatcher: 'Write|Edit',
-    filePatterns: ['**/marketing/**'],
-    action: 'remind',
-    message: 'Check brand guidelines before editing marketing files',
-  };
-
-  it('should generate a valid POSIX shell script', () => {
-    const script = generateHookScript(baseConfig);
-    expect(script).toContain('#!/bin/sh');
-    expect(script).toContain('set -eu');
-    expect(script).toContain('INPUT=$(cat)');
-  });
-
-  it('should include tool matcher for PreToolUse', () => {
-    const script = generateHookScript(baseConfig);
-    expect(script).toContain('TOOL_NAME=');
-    expect(script).toContain('Write|Edit');
-    expect(script).toContain('case "$TOOL_NAME" in');
-  });
-
-  it('should include file pattern matching', () => {
-    const script = generateHookScript(baseConfig);
-    expect(script).toContain('FILE_PATH=');
-    expect(script).toContain('MATCHED=false');
-    expect(script).toContain('marketing');
-  });
-
-  it('should output remind action by default', () => {
-    const script = generateHookScript(baseConfig);
-    expect(script).toContain('REMINDER:');
-    expect(script).toContain('continue: true');
-  });
-
-  it('should output warn action', () => {
-    const script = generateHookScript({ ...baseConfig, action: 'warn' });
-    expect(script).toContain('WARNING:');
-    expect(script).toContain('continue: true');
-  });
-
-  it('should output block action', () => {
-    const script = generateHookScript({ ...baseConfig, action: 'block' });
-    expect(script).toContain('BLOCKED:');
-    expect(script).toContain('continue: false');
-  });
-
-  it('should skip tool matcher for non-tool events', () => {
-    const script = generateHookScript({ ...baseConfig, event: 'PreCompact' });
-    expect(script).not.toContain('TOOL_NAME');
-    expect(script).not.toContain('case');
-  });
-
-  it('should skip file pattern matching when no patterns', () => {
-    const script = generateHookScript({ ...baseConfig, filePatterns: undefined });
-    expect(script).not.toContain('FILE_PATH');
-    expect(script).not.toContain('MATCHED');
-  });
-
-  it('should generate scripts for all 5 hook events', () => {
-    for (const event of HOOK_EVENTS) {
-      const script = generateHookScript({ ...baseConfig, event });
-      expect(script).toContain(`# Event: ${event}`);
-      expect(script).toContain('#!/bin/sh');
-    }
-  });
-
-  it('should escape single quotes in messages', () => {
-    const script = generateHookScript({ ...baseConfig, message: "Don't forget the guidelines" });
-    // Should not have unbalanced quotes
-    expect(script).toContain('forget');
-  });
-});
-
-describe('generateManifest', () => {
-  const config: HookConversionConfig = {
-    name: 'my-hook',
-    event: 'PreToolUse',
-    toolMatcher: 'Write',
-    action: 'remind',
-    message: 'Test message',
-  };
-
-  it('should generate valid manifest with required fields', () => {
-    const manifest = generateManifest(config);
-    expect(manifest.name).toBe('my-hook');
-    expect(manifest.version).toBe('1.0.0');
-    expect(manifest.hooks).toEqual([]);
-    expect(manifest.scripts).toHaveLength(1);
-    expect(manifest.lifecycleHooks).toHaveLength(1);
-  });
-
-  it('should set script name and file correctly', () => {
-    const manifest = generateManifest(config);
-    expect(manifest.scripts![0].name).toBe('my-hook');
-    expect(manifest.scripts![0].file).toBe('my-hook.sh');
-    expect(manifest.scripts![0].targetDir).toBe('hooks');
-  });
-
-  it('should set lifecycle hook event and command', () => {
-    const manifest = generateManifest(config);
-    const lc = manifest.lifecycleHooks![0];
-    expect(lc.event).toBe('PreToolUse');
-    expect(lc.command).toBe('sh ~/.claude/hooks/my-hook.sh');
-    expect(lc.type).toBe('command');
-    expect(lc.timeout).toBe(10);
-  });
-
-  it('should use description from config or fallback to message', () => {
-    expect(generateManifest(config).description).toBe('Test message');
-    expect(generateManifest({ ...config, description: 'Custom desc' }).description).toBe(
-      'Custom desc',
-    );
-  });
-
-  it('should include actionLevel', () => {
-    expect(generateManifest(config).actionLevel).toBe('remind');
-    expect(generateManifest({ ...config, action: 'block' }).actionLevel).toBe('block');
-  });
-
-  it('should generate manifests for all action levels', () => {
-    for (const action of ACTION_LEVELS) {
-      const manifest = generateManifest({ ...config, action });
-      expect(manifest.actionLevel).toBe(action);
-    }
-  });
-});

package/dist/hook-packs/yolo-safety/scripts/anti-deletion.sh

@@ -1,274 +0,0 @@
-#!/bin/sh
-# Anti-Deletion Staging Hook for Claude Code (Soleri Hook Pack: yolo-safety)
-# PreToolUse -> Bash: intercepts destructive commands, stages files, blocks execution.
-#
-# Intercepted patterns:
-#   - rm / rmdir          (files/dirs — stages first, then blocks)
-#   - git push --force    (blocks outright)
-#   - git reset --hard    (blocks outright)
-#   - git clean           (blocks outright)
-#   - git checkout -- .   (blocks outright)
-#   - git restore .       (blocks outright)
-#   - mv ~/projects/...   (blocks outright)
-#   - drop table          (SQL — blocks outright)
-#   - docker rm / rmi     (blocks outright)
-#
-# Catastrophic commands (rm -rf /, rm -rf ~) should stay in deny rules —
-# this hook handles targeted deletes only.
-#
-# Dependencies: jq (required)
-# POSIX sh compatible — no bash-specific features.
-
-set -eu
-
-STAGING_ROOT="$HOME/.soleri/staging"
-INPUT=$(cat)
-
-# Extract the command from stdin JSON
-CMD=$(printf '%s' "$INPUT" | jq -r '.tool_input.command // empty' 2>/dev/null)
-
-# No command found — let it through
-if [ -z "$CMD" ]; then
-  exit 0
-fi
-
-# --- Strip heredocs and quoted strings to avoid false positives ---
-# Commands like: gh issue comment --body "$(cat <<'EOF' ... rmdir ... EOF)"
-# contain destructive keywords in text, not as actual commands.
-
-# Remove heredoc blocks (best-effort with sed)
-STRIPPED=$(printf '%s' "$CMD" | sed -e "s/<<'[A-Za-z_]*'.*//g" -e 's/<<[A-Za-z_]*.*//g' 2>/dev/null || printf '%s' "$CMD")
-# Remove double-quoted strings
-STRIPPED=$(printf '%s' "$STRIPPED" | sed 's/"[^"]*"//g' 2>/dev/null || printf '%s' "$STRIPPED")
-# Remove single-quoted strings
-STRIPPED=$(printf '%s' "$STRIPPED" | sed "s/'[^']*'//g" 2>/dev/null || printf '%s' "$STRIPPED")
-
-# --- Helper: check if pattern matches stripped command ---
-matches() {
-  printf '%s' "$STRIPPED" | grep -qE "$1"
-}
-
-# --- Detect destructive commands (on stripped command only) ---
-
-IS_RM=false
-IS_RMDIR=false
-IS_MV_PROJECT=false
-IS_GIT_CLEAN=false
-IS_RESET_HARD=false
-IS_GIT_CHECKOUT_DOT=false
-IS_GIT_RESTORE_DOT=false
-IS_GIT_PUSH_FORCE=false
-IS_DROP_TABLE=false
-IS_DOCKER_RM=false
-
-# rm (but not git rm which stages, doesn't destroy)
-if matches '(^|\s|;|&&|\|\|)rm\s'; then
-  if ! matches '(^|\s)git\s+rm\s'; then
-    IS_RM=true
-  fi
-fi
-
-# rmdir
-if matches '(^|\s|;|&&|\|\|)rmdir\s'; then
-  IS_RMDIR=true
-fi
-
-# mv of project directories or git repos
-if matches '(^|\s|;|&&|\|\|)mv\s'; then
-  MV_TAIL=$(printf '%s' "$STRIPPED" | sed 's/^.*\bmv //' | sed 's/-[finv] //g')
-  if printf '%s' "$MV_TAIL" | grep -qE '(~/projects|\.git)'; then
-    IS_MV_PROJECT=true
-  fi
-fi
-
-# git clean
-if matches '(^|\s|;|&&|\|\|)git\s+clean\b'; then
-  IS_GIT_CLEAN=true
-fi
-
-# git reset --hard
-if matches '(^|\s|;|&&|\|\|)git\s+reset\s+--hard'; then
-  IS_RESET_HARD=true
-fi
-
-# git checkout -- .
-if matches '(^|\s|;|&&|\|\|)git\s+checkout\s+--\s+\.'; then
-  IS_GIT_CHECKOUT_DOT=true
-fi
-
-# git restore .
-if matches '(^|\s|;|&&|\|\|)git\s+restore\s+\.'; then
-  IS_GIT_RESTORE_DOT=true
-fi
-
-# git push --force / -f (but not --force-with-lease which is safer)
-if matches '(^|\s|;|&&|\|\|)git\s+push\s'; then
-  if matches 'git\s+push\s.*--force([^-]|$)' || matches 'git\s+push\s+-f(\s|$)' || matches 'git\s+push\s.*\s-f(\s|$)'; then
-    IS_GIT_PUSH_FORCE=true
-  fi
-fi
-
-# SQL drop table (case-insensitive)
-if printf '%s' "$STRIPPED" | grep -qiE '(^|\s|;)drop\s+table'; then
-  IS_DROP_TABLE=true
-fi
-
-# docker rm / docker rmi
-if matches '(^|\s|;|&&|\|\|)docker\s+(rm|rmi)\b'; then
-  IS_DOCKER_RM=true
-fi
-
-# --- Not a destructive command — let it through ---
-
-if [ "$IS_RM" = false ] && [ "$IS_RMDIR" = false ] && [ "$IS_MV_PROJECT" = false ] && \
-   [ "$IS_GIT_CLEAN" = false ] && [ "$IS_RESET_HARD" = false ] && \
-   [ "$IS_GIT_CHECKOUT_DOT" = false ] && [ "$IS_GIT_RESTORE_DOT" = false ] && \
-   [ "$IS_GIT_PUSH_FORCE" = false ] && [ "$IS_DROP_TABLE" = false ] && \
-   [ "$IS_DOCKER_RM" = false ]; then
-  exit 0
-fi
-
-# --- Block: git clean ---
-if [ "$IS_GIT_CLEAN" = true ]; then
-  jq -n '{
-    continue: false,
-    stopReason: "BLOCKED: git clean would remove untracked files. Use git stash --include-untracked to save them first, or ask the user to run git clean manually."
-  }'
-  exit 0
-fi
-
-# --- Block: git reset --hard ---
-if [ "$IS_RESET_HARD" = true ]; then
-  jq -n '{
-    continue: false,
-    stopReason: "BLOCKED: git reset --hard would discard uncommitted changes. Use git stash to save them first, or ask the user to run this manually."
-  }'
-  exit 0
-fi
-
-# --- Block: git checkout -- . ---
-if [ "$IS_GIT_CHECKOUT_DOT" = true ]; then
-  jq -n '{
-    continue: false,
-    stopReason: "BLOCKED: git checkout -- . would discard all uncommitted changes. Use git stash to save them first, or ask the user to run this manually."
-  }'
-  exit 0
-fi
-
-# --- Block: git restore . ---
-if [ "$IS_GIT_RESTORE_DOT" = true ]; then
-  jq -n '{
-    continue: false,
-    stopReason: "BLOCKED: git restore . would discard all uncommitted changes. Use git stash to save them first, or ask the user to run this manually."
-  }'
-  exit 0
-fi
-
-# --- Block: git push --force ---
-if [ "$IS_GIT_PUSH_FORCE" = true ]; then
-  jq -n '{
-    continue: false,
-    stopReason: "BLOCKED: git push --force can overwrite remote history and cause data loss for collaborators. Use --force-with-lease instead, or ask the user to run this manually."
-  }'
-  exit 0
-fi
-
-# --- Block: mv of project directories ---
-if [ "$IS_MV_PROJECT" = true ]; then
-  jq -n '{
-    continue: false,
-    stopReason: "BLOCKED: mv of a project directory or git repo detected. Moving project directories can cause data loss if the operation fails midway. Ask the user to run this manually, or use cp + verify + rm instead."
-  }'
-  exit 0
-fi
-
-# --- Block: rmdir ---
-if [ "$IS_RMDIR" = true ]; then
-  jq -n '{
-    continue: false,
-    stopReason: "BLOCKED: rmdir detected. Removing directories can break project structure. Ask the user to confirm this operation manually."
-  }'
-  exit 0
-fi
-
-# --- Block: drop table ---
-if [ "$IS_DROP_TABLE" = true ]; then
-  jq -n '{
-    continue: false,
-    stopReason: "BLOCKED: DROP TABLE detected. This would permanently destroy database data. Ask the user to run this SQL statement manually after confirming intent."
-  }'
-  exit 0
-fi
-
-# --- Block: docker rm / rmi ---
-if [ "$IS_DOCKER_RM" = true ]; then
-  jq -n '{
-    continue: false,
-    stopReason: "BLOCKED: docker rm/rmi detected. Removing containers or images can cause data loss. Ask the user to run this manually."
-  }'
-  exit 0
-fi
-
-# --- Handle rm commands — copy to staging, then block ---
-
-# Create timestamped staging directory
-TIMESTAMP=$(date +%Y-%m-%d_%H%M%S)
-STAGE_DIR="$STAGING_ROOT/$TIMESTAMP"
-
-# Extract file paths from the rm command
-# Strip rm and its flags, keeping only the file arguments
-FILES=$(printf '%s' "$CMD" | sed 's/^.*\brm //' | sed 's/-[rRfivd]* //g' | tr ' ' '\n' | grep -v '^-' | grep -v '^$' || true)
-
-if [ -z "$FILES" ]; then
-  jq -n '{
-    continue: false,
-    stopReason: "BLOCKED: rm command detected but could not parse file targets. Please specify files explicitly."
-  }'
-  exit 0
-fi
-
-STAGED_COUNT=0
-STAGED_LIST=""
-MISSING_COUNT=0
-
-mkdir -p "$STAGE_DIR"
-
-printf '%s\n' "$FILES" | while IFS= read -r filepath; do
-  # Expand path (handle ~, relative paths)
-  expanded=$(eval printf '%s' "$filepath" 2>/dev/null || printf '%s' "$filepath")
-
-  if [ -e "$expanded" ]; then
-    # Preserve directory structure in staging
-    target_dir="$STAGE_DIR/$(dirname "$expanded")"
-    mkdir -p "$target_dir"
-    # COPY instead of MOVE — originals stay intact, staging is a backup
-    if [ -d "$expanded" ]; then
-      # Use rsync if available (excludes node_modules/dist/.git), fall back to cp
-      if command -v rsync >/dev/null 2>&1; then
-        rsync -a --exclude='node_modules' --exclude='dist' --exclude='.git' "$expanded/" "$target_dir/$(basename "$expanded")/" 2>/dev/null
-      else
-        cp -R "$expanded" "$target_dir/" 2>/dev/null
-      fi
-    else
-      cp "$expanded" "$target_dir/" 2>/dev/null
-    fi
-  fi
-done
-
-# Count what was staged (check if staging dir has content)
-if [ -d "$STAGE_DIR" ] && [ "$(ls -A "$STAGE_DIR" 2>/dev/null)" ]; then
-  STAGED_COUNT=$(find "$STAGE_DIR" -mindepth 1 -maxdepth 1 | wc -l | tr -d ' ')
-fi
-
-if [ "$STAGED_COUNT" -eq 0 ]; then
-  # All files were missing — let the rm fail naturally
-  rmdir "$STAGE_DIR" 2>/dev/null || true
-  exit 0
-fi
-
-jq -n \
-  --arg dir "$STAGE_DIR" \
-  '{
-    continue: false,
-    stopReason: ("BLOCKED & BACKED UP: Files copied to " + $dir + ". The originals are untouched. To proceed with deletion, ask the user to run the rm command manually.")
-  }'

package/dist/prompts/archetypes.d.ts

@@ -1,22 +0,0 @@
-/**
- * Pre-built agent archetypes that pre-fill the wizard.
- * Each archetype provides sensible defaults for role, description,
- * domains, principles, skills, and greeting — so the user can
- * scaffold a full agent with minimal typing.
- */
-export interface Archetype {
-    value: string;
-    label: string;
-    hint: string;
-    tier: 'free' | 'premium';
-    defaults: {
-        role: string;
-        description: string;
-        domains: string[];
-        principles: string[];
-        skills: string[];
-        tone: 'precise' | 'mentor' | 'pragmatic';
-        greetingTemplate: (name: string) => string;
-    };
-}
-export declare const ARCHETYPES: Archetype[];