@tplog/pi-zendy 0.2.17

package/README.md

@@ -0,0 +1,64 @@
+# zendy
+
+Pi package for Dify Enterprise support ticket analysis. Analyze Zendesk tickets with natural language — from ticket metadata to Helm chart values to source code.
+
+Powered by [pi](https://pi.dev).
+
+[中文](docs/README.zh.md) | [日本語](docs/README.ja.md)
+
+## What it does
+
+zendy bundles support skills and extensions into a Pi package:
+
+- **zcli** — Pull Zendesk ticket metadata and comment threads
+- **helm-watchdog** — Query Dify Helm chart values, images, and validation for any version
+- **source-check** — Clone and analyze Dify source code (enterprise backend/frontend, open-source core, plugin daemon, sandbox)
+
+Typical workflow:
+
+```
+"Analyze ticket #1959" → pull ticket + comments → identify version →
+pull Helm chart values → analyze config → (if needed) clone source →
+synthesize findings → draft reply
+```
+
+## Prerequisites
+
+- [pi](https://pi.dev) installed globally: `npm install -g @earendil-works/pi-coding-agent`
+- Zendesk credentials configured: `zcli configure` or env vars (`ZENDESK_SUBDOMAIN`, `ZENDESK_EMAIL`, `ZENDESK_API_TOKEN`)
+- Git SSH access to private repos (for source-check skill)
+
+## Install
+
+```bash
+pi install npm:@tplog/pi-zendy
+```
+
+Or clone and build from source:
+
+```bash
+git clone git@github.com:tplog/pi-zendy.git
+cd zendy
+npm install
+npm run build
+npm link
+```
+
+## Usage
+
+After installing the Pi package, start pi normally:
+
+```bash
+pi
+```
+
+You can also install the optional legacy launcher:
+
+```bash
+npm install -g @tplog/pi-zendy
+zendy
+```
+
+## How it works
+
+As a Pi package, zendy contributes its skills and extensions through the package manifest. The legacy `zendy` launcher still exists for compatibility and starts `pi` with zendy's bundled resources while keeping user/global extensions available.

package/agents.md

@@ -0,0 +1,118 @@
+# zendy
+
+Internal support engineering harness for Dify Enterprise. Powered by pi.
+
+## Identity
+
+zendy is a Pi package that loads a fixed set of skills + extensions on top of [pi](https://pi.dev) so a support engineer can analyze a Zendesk ticket end-to-end without leaving the terminal. The published npm package is `@tplog/pi-zendy`; the source is the private repo `tplog/pi-zendy`.
+
+## What zendy ships with
+
+Three skills, loaded by default:
+
+- `zendesk-cli` — Pull Zendesk ticket metadata and comment threads via `zcli`
+- `helm-watchdog` — Query Dify Helm chart values, images, and validation by version
+- `source-check` — Clone and analyze Dify source code (only when the user explicitly asks)
+
+One additional opt-in skill:
+
+- `zendesk-kg` — Hybrid retrieval over a Zendesk Knowledge Graph for cross-ticket / similar-issue lookups
+
+Two extensions:
+
+- `custom-header` — ZENDY ASCII art on session start
+- `source-cleanup` — Per-session `/tmp/zendy-session-<pid>-<ts>/` directory + automatic wipe on exit; orphan sweep on next start
+
+One slash command beyond what pi gives you: `/status` runs `zendy preflight --json` and renders a per-source connectivity check (pi auth / Zendesk / GitHub / zendesk-kg).
+
+## Typical workflow
+
+1. User gives a ticket number → use `zcli` to pull ticket + comments
+2. Identify the customer's Dify version from ticket fields
+3. Pull the corresponding Helm chart values via the helm-watchdog API
+4. If the issue requires code-level analysis, the user will say so → use the `source-check` skill
+5. (optional) Use `zendesk-kg search` to find similar past tickets if cross-ticket evidence helps
+6. Synthesize findings and draft a reply in the ticket's language
+
+## Behavior rules
+
+- **Never guess.** Base conclusions on actual data — ticket fields, values.yaml, source code, ticket-graph results. State clearly what is fact vs inference.
+- **Don't recommend solutions you haven't verified.** If you haven't confirmed something in the code or docs, say so.
+- **Version matters.** Always check the customer's exact Dify version — defaults and behavior change between releases.
+- **Reply drafts match the ticket language.** Detect the language from the ticket thread (Japanese, Chinese, or English) and draft in the same language with appropriate business tone.
+- **Suggest source-check when confidence is low.** If your analysis cannot be confirmed from config alone, proactively ask the user: "需要我去源码确认吗？" Don't clone without permission, but suggest it instead of leaving uncertainty unresolved.
+- **Inspect before filtering.** When calling an unfamiliar API for the first time, look at the response structure (`| jq 'type'`, `| jq '.[0] | keys'`, or `| head`) before writing filter expressions. Never assume field names.
+- **Skills are APIs, not CLIs (mostly).** `helm-watchdog` is an HTTP API (use `curl`); `zcli` is a CLI; `zendesk-kg` is a CLI. Read the skill's Quick Reference before your first call. Do not guess command names.
+- **Auto-install missing dependencies.** If `zcli` or `zendesk-kg` is not found, run their installer automatically and continue. Don't ask — this is an internal tool, all dependencies are expected. (`zendy` v0.2.13+ also auto-installs `zendesk-kg` via postinstall.)
+- **Cite sources when you summarize.** When using `zendesk-kg search` results, surface the original `ticketId`s — the engineer wants to read the source ticket, not just your synthesis.
+- **`zendesk-kg health` is currently unreliable.** The retriever's `/health` endpoint sits behind a 302 → login page even though `/search` is API-key-authenticated and works. Don't gate retries on `health`. Only `health: ok` is a real signal; `health: unreachable` is inconclusive.
+
+## Development flow
+
+The development of zendy itself follows three rules. These are non-negotiable.
+
+1. **`main` is always the latest source of truth.** All accepted changes land on `main`; no long-lived divergent branches.
+2. **Tags drive releases.** Pushing a `vX.Y.Z` tag triggers `.github/workflows/publish.yml`, which verifies `tag == package.json.version`, runs tests, and `npm publish --access public`. The npm registry is downstream of the tag, never the other way around.
+3. **Every push to `main` goes through a Pull Request.** No direct pushes to `main`, no exceptions. This includes `chore: release X.Y.Z` version-bump commits — they too open a branch + PR before being merged.
+
+### Concrete steps for a code change
+
+```
+1. Create a branch:                git checkout -b <type>/<short-name>
+2. Make the change locally
+3. Verify locally:                 npm test (or relevant manual checks)
+4. Commit + push the branch:       git push -u origin <branch>
+5. Open a PR:                      gh pr create --title "..." --body "..."
+6. Wait for the human owner's review/merge
+7. After merge, locally:           git checkout main && git pull
+```
+
+Do not bump `package.json.version` in the same PR as a feature/fix unless the human owner asked for it. Version bumps belong in their own PR.
+
+### Concrete steps for a release
+
+```
+1. main has the merged feature/fix commits you want to ship
+2. Branch:                         git checkout -b chore/release-X.Y.Z
+3. Bump:                           edit package.json (version)
+                                   npm install --package-lock-only
+4. Commit + push branch:           git push -u origin chore/release-X.Y.Z
+5. Open the release PR:            gh pr create --title "chore: release X.Y.Z" ...
+6. Wait for merge
+7. After merge, on local main:     git checkout main && git pull
+                                   git tag vX.Y.Z
+                                   git push origin vX.Y.Z
+8. Watch the workflow:             gh run watch <id> --exit-status
+9. Verify on npm:                  npm view @tplog/pi-zendy version
+10. Cut a GitHub Release:          gh release create vX.Y.Z --title "..." --notes "..."
+11. Announce in #zendy with the GH Release URL.
+```
+
+Release timing (whether to tag now vs accumulate more PRs first) is a **human decision**. Agents should not unilaterally tag — ask the human owner before step 7.
+
+### Test machine handoff
+
+The local sandbox where an agent develops is **not** the same as the human's test machine. To let the human verify a not-yet-merged change without going through GitHub auth:
+
+```
+1. On the agent machine, after `npm test` passes locally:
+       npm pack
+       slock attachment upload --path tplog-zendy-<version>.tgz --channel "#zendy"
+2. Tell the human: `npm install -g <downloaded-tarball-path>`
+```
+
+This bypasses `npm install -g git+ssh://...#main`, which currently fails because npm 10/11 doesn't install devDependencies during git-dep `prepare`.
+
+## Release pitfalls — do not repeat
+
+- **`--provenance` does NOT work for this package.** npm rejects provenance attestations for private source repos ("Only public source repositories are supported when publishing with provenance"). The workflow intentionally omits `--provenance` and `id-token: write`. Do not add them back.
+- **Tags are immutable.** If a publish fails, bump the version and push a new tag — never delete and re-push the same tag. Gaps in the npm version sequence are fine.
+- **Tag version must equal `package.json.version`.** The workflow fails fast if they disagree.
+- **Do not run `npm publish` locally.** The workflow is the canonical path.
+- **Never push `chore: release X.Y.Z` directly to main.** It still goes through a PR (rule 3).
+
+## Security note for contributors
+
+This package is published to npm as-is. Anything written into `skills/**`, `extensions/**`, or `agents.md` becomes public once published. **Never** embed tokens, API keys, passwords, internal-only URLs, customer names, or any non-public information in these files. Runtime configuration (credentials, per-user endpoints) must come from environment variables or user config — never hard-coded.
+
+The source repo `tplog/pi-zendy` is private by design. The `files` whitelist in `package.json` controls what ships to the public npm tarball. Do not propose making the repo public.

package/dist/cleanup-src.d.ts

@@ -0,0 +1 @@
+export declare function runCleanupCLI(argv: string[]): Promise<number>;

package/dist/cleanup-src.js

@@ -0,0 +1,217 @@
+// CLI entry for `zendy cleanup-src`.
+// Invoked from src/index.ts when the first user arg is "cleanup-src".
+import { createInterface } from "node:readline";
+import { scanCandidates, classifyCandidates, deleteCandidates, findOrphanSessionDirs, formatBytes, formatAge, } from "./source-cleanup.js";
+const USAGE = `
+Usage: zendy cleanup-src [options]
+
+Wipe Dify source clones and orphan zendy session dirs from /tmp.
+
+Defaults are aggressive by design: dify-enterprise is a private repo, and
+every extra minute of on-disk residency is an extra minute of exposure.
+
+Options:
+  --dry-run              Show what would be deleted; delete nothing.
+  --yes, -y              Skip the confirmation prompt in interactive mode.
+  --days N               Only delete dirs older than N days.
+                         (Without this flag, all matching dirs are deleted.)
+  --all                  Delete all matching dirs regardless of age (default).
+  --keep-last N          Keep the N most-recent matching dirs. Default: 0.
+  --min-age-minutes N    Never delete dirs modified within last N minutes.
+                         Default: 5 (protects an actively-running clone).
+  --pattern P1,P2        Comma-separated prefix patterns (end with *).
+                         Default: "dify-*,zendy-session-*".
+  --dir PATH             Base directory to scan. Default: /tmp.
+  --no-sweep-orphans     Skip the orphan-session sweep (orphan = session dir
+                         whose pid is no longer alive).
+  -h, --help             Show this help.
+
+Examples:
+  # Preview what would be deleted right now:
+  zendy cleanup-src --dry-run
+
+  # Cron/launchd safe invocation (non-interactive, only older than 1 day):
+  zendy cleanup-src --days 1 --yes
+`;
+function parseArgs(argv) {
+    const opts = {
+        dryRun: false,
+        yes: false,
+        all: true,
+        keepLast: 0,
+        minAgeMinutes: 5,
+        patterns: ["dify-*", "zendy-session-*"],
+        dir: "/tmp",
+        sweepOrphans: true,
+    };
+    for (let i = 0; i < argv.length; i++) {
+        const a = argv[i];
+        switch (a) {
+            case "-h":
+            case "--help":
+                return { kind: "help" };
+            case "--dry-run":
+                opts.dryRun = true;
+                break;
+            case "-y":
+            case "--yes":
+                opts.yes = true;
+                break;
+            case "--all":
+                opts.all = true;
+                opts.days = undefined;
+                break;
+            case "--no-sweep-orphans":
+                opts.sweepOrphans = false;
+                break;
+            case "--days": {
+                const v = argv[++i];
+                const n = v !== undefined ? parseInt(v, 10) : NaN;
+                if (Number.isNaN(n) || n < 0)
+                    return { kind: "error", message: `Invalid --days value: ${v}` };
+                opts.days = n;
+                opts.all = false;
+                break;
+            }
+            case "--keep-last": {
+                const v = argv[++i];
+                const n = v !== undefined ? parseInt(v, 10) : NaN;
+                if (Number.isNaN(n) || n < 0)
+                    return { kind: "error", message: `Invalid --keep-last value: ${v}` };
+                opts.keepLast = n;
+                break;
+            }
+            case "--min-age-minutes": {
+                const v = argv[++i];
+                const n = v !== undefined ? parseInt(v, 10) : NaN;
+                if (Number.isNaN(n) || n < 0)
+                    return { kind: "error", message: `Invalid --min-age-minutes value: ${v}` };
+                opts.minAgeMinutes = n;
+                break;
+            }
+            case "--pattern": {
+                const v = argv[++i];
+                if (!v)
+                    return { kind: "error", message: "--pattern requires a value" };
+                opts.patterns = v.split(",").map((s) => s.trim()).filter(Boolean);
+                if (opts.patterns.length === 0)
+                    return { kind: "error", message: "--pattern list cannot be empty" };
+                break;
+            }
+            case "--dir": {
+                const v = argv[++i];
+                if (!v)
+                    return { kind: "error", message: "--dir requires a path" };
+                opts.dir = v;
+                break;
+            }
+            default:
+                return { kind: "error", message: `Unknown option: ${a}` };
+        }
+    }
+    return { kind: "ok", opts };
+}
+function promptYesNo(question) {
+    return new Promise((resolve) => {
+        const rl = createInterface({ input: process.stdin, output: process.stderr });
+        rl.question(question, (answer) => {
+            rl.close();
+            resolve(/^y(es)?$/i.test(answer.trim()));
+        });
+    });
+}
+export async function runCleanupCLI(argv) {
+    const parsed = parseArgs(argv);
+    if (parsed.kind === "help") {
+        console.log(USAGE.trim());
+        return 0;
+    }
+    if (parsed.kind === "error") {
+        console.error(`Error: ${parsed.message}`);
+        console.error(USAGE.trim());
+        return 2;
+    }
+    const opts = parsed.opts;
+    const nowMs = Date.now();
+    const maxAgeMs = opts.all ? undefined : (opts.days ?? 0) * 86_400_000;
+    const minAgeMs = opts.minAgeMinutes * 60_000;
+    console.log(`Scanning ${opts.dir} for: ${opts.patterns.join(", ")}`);
+    const candidates = await scanCandidates(opts.dir, opts.patterns);
+    let orphanPaths = [];
+    if (opts.sweepOrphans) {
+        orphanPaths = await findOrphanSessionDirs(opts.dir);
+    }
+    const protectedPaths = [];
+    const zendySrcDir = process.env["ZENDY_SRC_DIR"];
+    if (zendySrcDir)
+        protectedPaths.push(zendySrcDir);
+    const classified = classifyCandidates(candidates, {
+        nowMs,
+        minAgeMs,
+        maxAgeMs,
+        keepLast: opts.keepLast,
+        protectedPaths,
+    });
+    // Orphans are always eligible for deletion — their owning process is gone.
+    // Merge them in, but never override a min-age or current-session protection.
+    const toDeleteByPath = new Map();
+    for (const c of classified.toDelete)
+        toDeleteByPath.set(c.path, c);
+    const protectedSet = new Set(classified.protected.map((c) => c.path));
+    for (const pp of protectedPaths)
+        protectedSet.add(pp);
+    for (const orphanPath of orphanPaths) {
+        if (protectedSet.has(orphanPath))
+            continue;
+        if (toDeleteByPath.has(orphanPath))
+            continue;
+        const cand = candidates.find((c) => c.path === orphanPath);
+        if (cand)
+            toDeleteByPath.set(cand.path, cand);
+    }
+    const toDelete = Array.from(toDeleteByPath.values());
+    console.log(``);
+    console.log(`Found ${candidates.length} matching director${candidates.length === 1 ? "y" : "ies"}:`);
+    for (const c of [...candidates].sort((a, b) => b.mtimeMs - a.mtimeMs)) {
+        const age = formatAge(nowMs - c.mtimeMs);
+        const size = formatBytes(c.sizeBytes);
+        let tag = "";
+        if (protectedPaths.includes(c.path))
+            tag = "  [protected: current session]";
+        else if (classified.protected.includes(c))
+            tag = "  [protected: within min-age]";
+        else if (classified.kept.includes(c))
+            tag = "  [kept]";
+        else if (toDeleteByPath.has(c.path)) {
+            tag = orphanPaths.includes(c.path) ? "  [delete: orphan session]" : "  [delete]";
+        }
+        console.log(`  ${c.path}  ${age}  ${size}${tag}`);
+    }
+    if (toDelete.length === 0) {
+        console.log(``);
+        console.log(`Nothing to delete.`);
+        return 0;
+    }
+    const totalBytes = toDelete.reduce((a, b) => a + b.sizeBytes, 0);
+    console.log(``);
+    console.log(`Will delete ${toDelete.length} director${toDelete.length === 1 ? "y" : "ies"}, freeing ${formatBytes(totalBytes)}.`);
+    if (opts.dryRun) {
+        console.log(``);
+        console.log(`[--dry-run] Nothing actually deleted. Re-run without --dry-run to delete.`);
+        return 0;
+    }
+    if (!opts.yes && process.stdin.isTTY) {
+        const ok = await promptYesNo(`Proceed? [y/N] `);
+        if (!ok) {
+            console.log(`Cancelled.`);
+            return 0;
+        }
+    }
+    const result = await deleteCandidates(toDelete);
+    console.log(``);
+    console.log(`Deleted ${result.deleted.length} director${result.deleted.length === 1 ? "y" : "ies"}, freed ${formatBytes(result.bytesFreed)}.`);
+    for (const e of result.errors) {
+        console.error(`  ! ${e.path}: ${e.error}`);
+    }
+    return result.errors.length > 0 ? 1 : 0;
+}

package/dist/index.d.ts

@@ -0,0 +1,2 @@
+#!/usr/bin/env node
+export {};

package/dist/index.js

@@ -0,0 +1,178 @@
+#!/usr/bin/env node
+import { readFileSync, writeFileSync, mkdirSync, existsSync } from "node:fs";
+import { join, dirname } from "node:path";
+import { homedir } from "node:os";
+import { execFileSync, spawn } from "node:child_process";
+import { fileURLToPath } from "node:url";
+import { createRequire } from "node:module";
+import { createHash } from "node:crypto";
+import { runPreflight, printPreflightReport, promptCoreMissing } from "./preflight.js";
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = dirname(__filename);
+const require = createRequire(import.meta.url);
+const pkg = require("../package.json");
+const VERSION = pkg.version;
+// Resolve package root (one level up from dist/)
+const PKG_ROOT = join(__dirname, "..");
+// Embedded file paths relative to package root
+const AGENTS_MD = join(PKG_ROOT, "agents.md");
+const SKILL_ZCLI = join(PKG_ROOT, "skills", "zendesk-cli", "SKILL.md");
+const SKILL_HELM_WATCHDOG = join(PKG_ROOT, "skills", "helm-watchdog", "SKILL.md");
+const SKILL_SOURCE_CHECK = join(PKG_ROOT, "skills", "source-check", "SKILL.md");
+const SKILL_ZENDESK_KG = join(PKG_ROOT, "skills", "zendesk-kg", "SKILL.md");
+const EXT_CUSTOM_HEADER = join(PKG_ROOT, "extensions", "custom-header.ts");
+const EXT_SOURCE_CLEANUP = join(PKG_ROOT, "extensions", "source-cleanup.ts");
+const EXT_STATUS = join(PKG_ROOT, "extensions", "status.ts");
+function cacheDir() {
+    return join(homedir(), ".zendy", VERSION);
+}
+// All source files that get extracted to cache
+const SOURCE_FILES = [
+    SKILL_ZCLI,
+    SKILL_HELM_WATCHDOG,
+    SKILL_SOURCE_CHECK,
+    SKILL_ZENDESK_KG,
+    EXT_CUSTOM_HEADER,
+    EXT_SOURCE_CLEANUP,
+    EXT_STATUS,
+    AGENTS_MD,
+];
+function contentHash() {
+    const hash = createHash("sha256");
+    for (const f of SOURCE_FILES) {
+        hash.update(readFileSync(f, "utf-8"));
+    }
+    return hash.digest("hex").slice(0, 16);
+}
+function ensureExtracted(base) {
+    const marker = join(base, ".extracted");
+    const currentHash = contentHash();
+    // Re-extract if marker is missing or hash has changed
+    if (existsSync(marker) && readFileSync(marker, "utf-8").trim() === currentHash) {
+        return;
+    }
+    const skills = [
+        ["zendesk-cli", SKILL_ZCLI],
+        ["helm-watchdog", SKILL_HELM_WATCHDOG],
+        ["source-check", SKILL_SOURCE_CHECK],
+        ["zendesk-kg", SKILL_ZENDESK_KG],
+    ];
+    for (const [name, srcPath] of skills) {
+        const dir = join(base, "skills", name);
+        mkdirSync(dir, { recursive: true });
+        writeFileSync(join(dir, "SKILL.md"), readFileSync(srcPath, "utf-8"));
+    }
+    const extDir = join(base, "extensions");
+    mkdirSync(extDir, { recursive: true });
+    writeFileSync(join(extDir, "custom-header.ts"), readFileSync(EXT_CUSTOM_HEADER, "utf-8"));
+    writeFileSync(join(extDir, "source-cleanup.ts"), readFileSync(EXT_SOURCE_CLEANUP, "utf-8"));
+    writeFileSync(join(extDir, "status.ts"), readFileSync(EXT_STATUS, "utf-8"));
+    writeFileSync(join(base, "agents.md"), readFileSync(AGENTS_MD, "utf-8"));
+    writeFileSync(marker, currentHash);
+}
+function findPi() {
+    try {
+        return execFileSync("which", ["pi"], { encoding: "utf-8" }).trim();
+    }
+    catch {
+        process.stderr.write("Error: `pi` not found in PATH.\n" +
+            "Install it with: npm install -g @earendil-works/pi-coding-agent\n");
+        process.exit(1);
+    }
+}
+async function main() {
+    const userArgs = process.argv.slice(2);
+    // Intercept --version / -V / -v before passing to pi.
+    // pi also recognises -v as a version flag, so without this interception
+    // `zendy -v` would fall through and print pi's version, not zendy's.
+    if (userArgs.includes("--version") ||
+        userArgs.includes("-V") ||
+        userArgs.includes("-v")) {
+        console.log(`zendy ${VERSION}`);
+        return;
+    }
+    // Intercept the cleanup-src subcommand — runs standalone, without pi.
+    if (userArgs[0] === "cleanup-src") {
+        const { runCleanupCLI } = await import("./cleanup-src.js");
+        const code = await runCleanupCLI(userArgs.slice(1));
+        process.exit(code);
+    }
+    // Intercept the preflight subcommand — runs the same checks as startup,
+    // but on demand. `--json` emits machine-readable output (used by the
+    // /status slash command extension).
+    if (userArgs[0] === "preflight") {
+        const wantJson = userArgs.includes("--json");
+        const report = await runPreflight();
+        if (wantJson) {
+            process.stdout.write(JSON.stringify(report) + "\n");
+            return;
+        }
+        printPreflightReport(report);
+        if (report.results.every((r) => r.status === "ok")) {
+            process.stdout.write("All checks passed.\n");
+        }
+        return;
+    }
+    // Skip preflight if user explicitly opts out
+    if (!userArgs.includes("--skip-preflight")) {
+        const report = await runPreflight();
+        printPreflightReport(report);
+        if (report.hasFatal) {
+            process.exit(1);
+        }
+        if (report.hasCore) {
+            // Only prompt interactively when stdin is a TTY;
+            // in pipes / -p mode, just warn on stderr and continue.
+            if (process.stdin.isTTY) {
+                const shouldContinue = await promptCoreMissing();
+                if (!shouldContinue) {
+                    process.exit(0);
+                }
+            }
+        }
+    }
+    // Remove --skip-preflight before passing to pi
+    const filteredArgs = userArgs.filter((a) => a !== "--skip-preflight");
+    const base = cacheDir();
+    ensureExtracted(base);
+    const pi = findPi();
+    const skillsDir = join(base, "skills");
+    const agentsPath = join(base, "agents.md");
+    const extensionsDir = join(base, "extensions");
+    const skillNames = ["zendesk-cli", "helm-watchdog", "source-check", "zendesk-kg"];
+    const args = [
+        "--no-skills",
+        "--extension",
+        join(extensionsDir, "custom-header.ts"),
+        "--extension",
+        join(extensionsDir, "source-cleanup.ts"),
+        "--extension",
+        join(extensionsDir, "status.ts"),
+    ];
+    for (const name of skillNames) {
+        args.push("--skill", join(skillsDir, name));
+    }
+    args.push("--append-system-prompt", agentsPath);
+    // Pass through all user arguments
+    args.push(...filteredArgs);
+    // Spawn pi, replacing this process (inherit stdio for interactive use)
+    const child = spawn(pi, args, {
+        stdio: "inherit",
+    });
+    child.on("error", (err) => {
+        process.stderr.write(`Failed to exec pi: ${err.message}\n`);
+        process.exit(1);
+    });
+    child.on("exit", (code, signal) => {
+        if (signal) {
+            process.kill(process.pid, signal);
+        }
+        else {
+            process.exit(code ?? 1);
+        }
+    });
+}
+main().catch((err) => {
+    process.stderr.write(`zendy: ${err.message}\n`);
+    process.exit(1);
+});

package/dist/preflight.d.ts

@@ -0,0 +1,22 @@
+export type CheckLevel = "fatal" | "core" | "enhanced";
+export type CheckStatus = "ok" | "missing" | "auth_error";
+export interface CheckResult {
+    name: string;
+    label: string;
+    level: CheckLevel;
+    status: CheckStatus;
+    hint: string;
+}
+export interface PreflightReport {
+    results: CheckResult[];
+    hasFatal: boolean;
+    hasCore: boolean;
+    hasEnhanced: boolean;
+}
+export declare function runPreflight(): Promise<PreflightReport>;
+export declare function printPreflightReport(report: PreflightReport): void;
+/**
+ * Interactive prompt for core dependency failures.
+ * Returns true if the user wants to continue, false to exit.
+ */
+export declare function promptCoreMissing(): Promise<boolean>;