@webpresso/agent-kit 0.28.0 → 0.29.1

package/dist/esm/hooks/doctor.d.ts

@@ -28,8 +28,19 @@ export interface RunHooksDoctorOptions {
     /** Override the working directory used to detect RTK marker files. Defaults to process.cwd(). */
     cwd?: string;
 }
+export interface ResolvePackageRootForRuntimeOptions {
+    readonly moduleUrl?: string;
+    readonly execPath?: string;
+    readonly argv0?: string;
+    readonly argv1?: string;
+    readonly pathEnv?: string;
+    readonly pathExtEnv?: string;
+    readonly platform?: NodeJS.Platform;
+}
+export declare function resolvePackageRootForRuntime(options?: ResolvePackageRootForRuntimeOptions): string | null;
 export declare function findOwningPackageRoot(startDir: string): string | null;
 export declare function checkRtkOnPath(cwd?: string): Promise<DoctorCheck | null>;
+export declare function checkNativePluginRuntime(): DoctorCheck;
 /**
  * Verify the consumer's `.claude/settings.json` carries the managed agent-kit
  * hook launchers. Since the hooks are single-sourced there (not in the plugin

package/dist/esm/hooks/doctor.js

@@ -9,11 +9,11 @@
  * - MCP server starts and responds to tools/list (soft-fail)
  * - installed host CLIs (Codex/OpenCode/Claude) can see the expected surfaces
  */
-import { accessSync, constants, readFileSync, statSync } from 'node:fs';
+import { accessSync, constants, lstatSync, readFileSync, statSync } from 'node:fs';
 import { spawn } from 'node:child_process';
 import { platform } from 'node:os';
-import { dirname, join, resolve } from 'node:path';
-import { fileURLToPath } from 'node:url';
+import { join, resolve } from 'node:path';
+import { findAgentKitPackageRoot, resolveAgentKitPackageRoot, } from '#cli/commands/init/package-root';
 import { STATE_FILE_RELATIVE_PATH, readDevLinkState } from '#dev/dev-link-state';
 import { detectDevLinkBreakage, formatBreakageMessage } from '#hooks/check-dev-link/index';
 import { isMcpReady } from './shared/mcp-sentinel.js';
@@ -30,35 +30,13 @@ const HOOK_BINS = [
     { name: 'test-quality-check', binName: 'wp-test-quality-check', checkStdin: false },
 ];
 function resolvePackageRoot() {
-    return findOwningPackageRoot(dirname(fileURLToPath(import.meta.url)));
+    return resolvePackageRootForRuntime();
 }
-export function findOwningPackageRoot(startDir) {
-    let dir = startDir;
-    let fallback = null;
-    while (dir !== dirname(dir)) {
-        if (tryAccess(join(dir, 'package.json'))) {
-            if (fallback === null)
-                fallback = dir;
-            if (isOwningPackageRoot(dir))
-                return dir;
-        }
-        dir = dirname(dir);
-    }
-    return fallback;
+export function resolvePackageRootForRuntime(options = {}) {
+    return resolveAgentKitPackageRoot(options);
 }
-function isOwningPackageRoot(dir) {
-    try {
-        const pkg = JSON.parse(readFileSync(join(dir, 'package.json'), 'utf-8'));
-        if (typeof pkg.bin?.['wp'] === 'string')
-            return true;
-    }
-    catch {
-        // Ignore malformed package.json here and fall back to structural markers below.
-    }
-    return (tryAccess(join(dir, '.claude-plugin', 'plugin.json')) ||
-        tryAccess(join(dir, 'bin', 'wp.js')) ||
-        tryAccess(join(dir, 'src', 'cli', 'cli.ts')) ||
-        tryAccess(join(dir, 'dist', 'esm', 'cli', 'cli.js')));
+export function findOwningPackageRoot(startDir) {
+    return findAgentKitPackageRoot(startDir);
 }
 function resolveHookBin(binName) {
     try {
@@ -371,6 +349,171 @@ function checkPluginJson() {
         return { ok: false, detail: `failed to read plugin.json: ${String(err)}` };
     }
 }
+function formatNativeRuntimeDetail(status) {
+    return [
+        `launchMode=${status.launchMode}`,
+        status.targetId ? `targetId=${status.targetId}` : null,
+        status.manifestPath ? `manifest=${status.manifestPath}` : null,
+        status.stagedBinPath ? `stagedBin=${status.stagedBinPath}` : null,
+        status.runtimeTargetPath ? `targetBin=${status.runtimeTargetPath}` : null,
+        status.reason ? `reason=${status.reason}` : null,
+    ]
+        .filter((value) => value !== null)
+        .join(', ');
+}
+export function checkNativePluginRuntime() {
+    const root = resolvePluginRoot();
+    if (!root) {
+        return {
+            name: 'native plugin runtime',
+            ok: false,
+            detail: formatNativeRuntimeDetail({
+                launchMode: 'missing',
+                reason: 'plugin root not found',
+            }),
+        };
+    }
+    const pluginJsonPath = join(root, '.claude-plugin', 'plugin.json');
+    const manifestPath = join(root, 'bin', 'runtime-manifest.json');
+    const stagedBinPath = join(root, 'bin', 'wp');
+    if (!tryAccess(pluginJsonPath)) {
+        return {
+            name: 'native plugin runtime',
+            ok: false,
+            detail: formatNativeRuntimeDetail({
+                launchMode: 'missing',
+                manifestPath,
+                stagedBinPath,
+                reason: 'plugin manifest missing',
+            }),
+        };
+    }
+    try {
+        const pluginManifest = JSON.parse(readFileSync(pluginJsonPath, 'utf-8'));
+        const server = pluginManifest.mcpServers?.webpresso;
+        const launchMode = server?.command === '${CLAUDE_PLUGIN_ROOT}/bin/wp' &&
+            Array.isArray(server.args) &&
+            server.args.length === 1 &&
+            server.args[0] === 'mcp'
+            ? 'native'
+            : server?.command === 'node' ||
+                (server?.args ?? []).some((arg) => arg.endsWith('wp.js'))
+                ? 'legacy-js'
+                : server
+                    ? 'custom'
+                    : 'missing';
+        if (!tryAccess(manifestPath)) {
+            return {
+                name: 'native plugin runtime',
+                ok: false,
+                detail: formatNativeRuntimeDetail({
+                    launchMode,
+                    manifestPath,
+                    stagedBinPath,
+                    reason: 'runtime manifest missing',
+                }),
+            };
+        }
+        const manifest = JSON.parse(readFileSync(manifestPath, 'utf8'));
+        const target = manifest.targets?.find((candidate) => candidate.os === process.platform && candidate.cpu === process.arch);
+        const targetId = target?.id;
+        const targetFilename = target?.os === 'win32' ? `${manifest.binaryName ?? 'wp'}.exe` : manifest.binaryName ?? 'wp';
+        const runtimeTargetPath = targetId
+            ? join(root, 'bin', 'runtime', targetId, targetFilename)
+            : undefined;
+        if (!targetId || !runtimeTargetPath) {
+            return {
+                name: 'native plugin runtime',
+                ok: false,
+                detail: formatNativeRuntimeDetail({
+                    launchMode,
+                    manifestPath,
+                    stagedBinPath,
+                    reason: `no runtime target for ${process.platform}/${process.arch}`,
+                }),
+            };
+        }
+        if (!tryAccess(stagedBinPath)) {
+            return {
+                name: 'native plugin runtime',
+                ok: false,
+                detail: formatNativeRuntimeDetail({
+                    launchMode,
+                    targetId,
+                    manifestPath,
+                    stagedBinPath,
+                    runtimeTargetPath,
+                    reason: 'staged native launcher missing',
+                }),
+            };
+        }
+        if (lstatSync(stagedBinPath).isSymbolicLink()) {
+            return {
+                name: 'native plugin runtime',
+                ok: false,
+                detail: formatNativeRuntimeDetail({
+                    launchMode,
+                    targetId,
+                    manifestPath,
+                    stagedBinPath,
+                    runtimeTargetPath,
+                    reason: 'staged native launcher is a symlink',
+                }),
+            };
+        }
+        if (!tryAccess(runtimeTargetPath)) {
+            return {
+                name: 'native plugin runtime',
+                ok: false,
+                detail: formatNativeRuntimeDetail({
+                    launchMode,
+                    targetId,
+                    manifestPath,
+                    stagedBinPath,
+                    runtimeTargetPath,
+                    reason: 'target runtime binary missing',
+                }),
+            };
+        }
+        if (launchMode !== 'native') {
+            return {
+                name: 'native plugin runtime',
+                ok: false,
+                detail: formatNativeRuntimeDetail({
+                    launchMode,
+                    targetId,
+                    manifestPath,
+                    stagedBinPath,
+                    runtimeTargetPath,
+                    reason: 'plugin manifest is not using the native launcher',
+                }),
+            };
+        }
+        return {
+            name: 'native plugin runtime',
+            ok: true,
+            detail: formatNativeRuntimeDetail({
+                launchMode,
+                targetId,
+                manifestPath,
+                stagedBinPath,
+                runtimeTargetPath,
+            }),
+        };
+    }
+    catch (error) {
+        return {
+            name: 'native plugin runtime',
+            ok: false,
+            detail: formatNativeRuntimeDetail({
+                launchMode: 'missing',
+                manifestPath,
+                stagedBinPath,
+                reason: error instanceof Error ? error.message : String(error),
+            }),
+        };
+    }
+}
 async function checkMcpServer() {
     if (isMcpReady()) {
         return { ok: true, detail: 'MCP server already running (sentinel found)', skipped: true };
@@ -643,6 +786,7 @@ export async function runHooksDoctor(opts = {}) {
     }
     checks.push(checkConsumerCodexHookPaths(opts.cwd));
     checks.push({ name: 'plugin.json integrity', ...checkPluginJson() });
+    checks.push({ advisory: true, ...checkNativePluginRuntime() });
     checks.push({
         name: 'managed hooks installed (.claude/settings.json)',
         advisory: true,

package/dist/esm/hooks/guard-switch/index.js

@@ -1,10 +1,9 @@
 #!/usr/bin/env bun
 import { runHook } from '#hooks/shared/hook-bootstrap';
-import { realpathSync } from 'node:fs';
-import { fileURLToPath } from 'node:url';
 import { setGuardEnabled } from './state.js';
+import { isDirectEntrypoint } from '#hooks/shared/direct-entrypoint';
 export async function main() {
-    runHook((input) => {
+    await runHook((input) => {
         const normalized = (input.prompt ?? '').toLowerCase().trim();
         if (normalized === 'guard off') {
             setGuardEnabled(false);
@@ -19,8 +18,7 @@ export async function main() {
         return null;
     }, () => '{}');
 }
-if (process.argv[1] &&
-    realpathSync(fileURLToPath(import.meta.url)) === realpathSync(process.argv[1])) {
+if (isDirectEntrypoint(import.meta.url)) {
     void main();
 }
 //# sourceMappingURL=index.js.map

package/dist/esm/hooks/post-tool/lint-after-edit.js

@@ -1,9 +1,9 @@
 #!/usr/bin/env bun
-import { existsSync, realpathSync } from 'node:fs';
+import { existsSync } from 'node:fs';
 import { extname } from 'node:path';
-import { fileURLToPath } from 'node:url';
 import { runHook } from '#hooks/shared/hook-bootstrap';
 import { getFilePath } from '#hooks/shared/types';
+import { isDirectEntrypoint } from '#hooks/shared/direct-entrypoint';
 export const LINTABLE_EXTENSIONS = ['.ts', '.tsx', '.js', '.jsx', '.json', '.css'];
 export const SKIP_PATTERNS = [
     /\/node_modules\//,
@@ -47,14 +47,13 @@ export function processPostToolUse(input, projectDir) {
     return lintFile(filePath, projectDir);
 }
 export async function main() {
-    runHook((input) => {
+    await runHook((input) => {
         const projectDir = process.env.CLAUDE_PROJECT_DIR || process.cwd();
         processPostToolUse(input, projectDir);
         return null;
     }, () => '{}');
 }
-if (process.argv[1] &&
-    realpathSync(fileURLToPath(import.meta.url)) === realpathSync(process.argv[1])) {
+if (isDirectEntrypoint(import.meta.url)) {
     void main();
 }
 //# sourceMappingURL=lint-after-edit.js.map

package/dist/esm/hooks/pretool-guard/index.js

@@ -1,11 +1,9 @@
 #!/usr/bin/env bun
-import { realpathSync } from 'node:fs';
-import { fileURLToPath } from 'node:url';
 import { main as runMain } from './runner.js';
+import { isDirectEntrypoint } from '#hooks/shared/direct-entrypoint';
 export { getTarget, getToolType, handleParseError, logValidationResult, main, processValidation, runAllValidators, } from './runner.js';
 export { VALIDATORS } from './validators/index.js';
-if (process.argv[1] &&
-    realpathSync(fileURLToPath(import.meta.url)) === realpathSync(process.argv[1])) {
+if (isDirectEntrypoint(import.meta.url)) {
     runMain();
 }
 //# sourceMappingURL=index.js.map

package/dist/esm/hooks/pretool-guard/runner.js

@@ -1,12 +1,11 @@
 #!/usr/bin/env node
-import { realpathSync } from 'node:fs';
-import { fileURLToPath } from 'node:url';
 import { isGuardEnabled } from '#hooks/guard-switch/state';
 import { readStdinJson, suppressStderr } from '#hooks/shared/hook-bootstrap';
 import { getCommand, getFilePath, isBashInput, parseToolInput } from '#hooks/shared/types';
 import { logRun } from './logger.js';
 import { extractRoutableCommandsFromToolInput, routeCommand } from './dev-routing.js';
 import { VALIDATORS } from './validators/index.js';
+import { isDirectEntrypoint } from '#hooks/shared/direct-entrypoint';
 const RED = '\x1b[31m';
 const YELLOW = '\x1b[33m';
 const DIM = '\x1b[2m';
@@ -147,8 +146,7 @@ export async function main() {
         handleParseError(error, inputJson);
     }
 }
-if (process.argv[1] &&
-    realpathSync(fileURLToPath(import.meta.url)) === realpathSync(process.argv[1])) {
+if (isDirectEntrypoint(import.meta.url)) {
     main();
 }
 //# sourceMappingURL=runner.js.map

package/dist/esm/hooks/pretool-guard/validators/forbidden-commands.js

@@ -1,4 +1,5 @@
 import { readConfig } from '#cli/commands/init/config';
+import { getLegalLifecycleTargets, isLegalLifecycleTransition, parseLifecycleBlueprintStatus, } from '#lifecycle/transition-matrix.js';
 import { getCommand, isBashInput } from '#hooks/shared/types';
 import { AUDIT_KINDS } from '#mcp/tools/_shared/audit-kinds';
 import { createSkipResult } from './skip-result.js';
@@ -9,7 +10,12 @@ export const AUDIT_MODE_ENV = 'FORBIDDEN_COMMANDS_AUDIT';
 export const DOCS_REF = 'AGENTS.md "Forbidden Commands (CRITICAL)" section';
 const DB_HINT = 'Use the database MCP/tooling entrypoint instead of direct CLI execution';
 const BLUEPRINT_HINT = 'wp blueprint new|list|audit — use wp_blueprint MCP tool for lifecycle transitions';
-const BLUEPRINT_LIFECYCLE_DIRS = '(draft|planned|in-progress|completed|archived)';
+const BLUEPRINT_LIFECYCLE_DIRS = '(draft|planned|in-progress|parked|completed|archived)';
+const BLUEPRINT_GIT_MV_RULE = {
+    pattern: /^git\s+mv\b/,
+    category: 'blueprint',
+    suggestion: BLUEPRINT_HINT,
+};
 const LINT_BASE = 'wp_lint MCP tool with package/file scope';
 const LINT_HINT = `${LINT_BASE} [--fix] [--fix-unsafe]`;
 const FORMAT_HINT = 'wp_format MCP tool';
@@ -142,11 +148,6 @@ export function generateRules() {
         pattern: new RegExp(`^mkdir\\b.*blueprints\\/${BLUEPRINT_LIFECYCLE_DIRS}`),
         category: 'blueprint',
         suggestion: BLUEPRINT_HINT,
-    }, {
-        // git mv is an alternative to bare mv for tracked files — same bypass vector.
-        pattern: new RegExp(`^git\\s+mv\\b.*blueprints\\/${BLUEPRINT_LIFECYCLE_DIRS}`),
-        category: 'blueprint',
-        suggestion: BLUEPRINT_HINT,
     }, { pattern: /^doppler run/, category: 'unknown', suggestion: ENV_HINT }, { pattern: /^DATABASE_URL=/, category: 'unknown', suggestion: ENV_HINT }, { pattern: /^vp exec\b/, category: 'unknown', suggestion: TASK_TARGET_HINT }, { pattern: /^vp run\b/, category: 'unknown', suggestion: TASK_TARGET_HINT });
     return rules;
 }
@@ -342,6 +343,34 @@ export function splitTopLevelCommands(command) {
         segments.push(last);
     return segments;
 }
+function splitShellArgs(command) {
+    return command.match(/"[^"]*"|'[^']*'|\S+/g) ?? [];
+}
+function unquoteShellArg(arg) {
+    return arg.replace(/^['"]|['"]$/g, '');
+}
+function extractBlueprintLifecycleStatusFromPathArg(arg) {
+    const normalized = unquoteShellArg(arg).replace(/\\/g, '/');
+    const match = normalized.match(/(?:^|\/)blueprints\/(draft|planned|in-progress|parked|completed|archived)(?:\/|$)/);
+    return parseLifecycleBlueprintStatus(match?.[1] ?? '');
+}
+function findIllegalBlueprintGitMv(command) {
+    for (const segment of splitTopLevelCommands(command.trim())) {
+        if (!/^git\s+mv\b/.test(segment))
+            continue;
+        const args = splitShellArgs(segment);
+        if (args.length < 4)
+            continue;
+        const from = extractBlueprintLifecycleStatusFromPathArg(args[2] ?? '');
+        const to = extractBlueprintLifecycleStatusFromPathArg(args[3] ?? '');
+        if (!from || !to)
+            continue;
+        if (isLegalLifecycleTransition(from, to))
+            return null;
+        return { segment, from, to };
+    }
+    return null;
+}
 export function findMatchingRule(command) {
     for (const variant of getCommandVariants(command)) {
         const rule = COMMAND_RULES.find((r) => r.pattern.test(variant));
@@ -505,6 +534,18 @@ export function validateForbiddenCommands(input) {
     const command = getCommand(input);
     if (!command)
         return createSkipResult(VALIDATOR_NAME, 'No command found');
+    const illegalBlueprintGitMv = findIllegalBlueprintGitMv(command);
+    if (illegalBlueprintGitMv) {
+        const decoratedRule = {
+            ...BLUEPRINT_GIT_MV_RULE,
+            suggestion: `${BLUEPRINT_HINT}. Illegal transition ${illegalBlueprintGitMv.from} → ` +
+                `${illegalBlueprintGitMv.to}; legal targets: ` +
+                `${getLegalLifecycleTargets(illegalBlueprintGitMv.from).join(', ') || '(none)'}`,
+        };
+        if (process.env[AUDIT_MODE_ENV] === '1')
+            return createAuditResult(illegalBlueprintGitMv.segment, decoratedRule);
+        return createBlockedResult(illegalBlueprintGitMv.segment, decoratedRule);
+    }
     const rule = findMatchingRule(command);
     if (rule) {
         if (process.env[AUDIT_MODE_ENV] === '1')

package/dist/esm/hooks/sessionstart/index.js

@@ -15,12 +15,12 @@
  * Always emits — never returns null. WP_ROUTING_BLOCK is always prepended.
  * If `.agent/routing.md` exists and is non-empty, it is appended after the block.
  */
-import { existsSync, readFileSync, realpathSync, statSync } from 'node:fs';
-import { fileURLToPath } from 'node:url';
+import { existsSync, readFileSync, statSync } from 'node:fs';
 import { homedir } from 'node:os';
 import { join } from 'node:path';
 import { WP_ROUTING_BLOCK } from '#hooks/shared/routing-block';
 import { readUpdateBanner } from './update-banner.js';
+import { isDirectEntrypoint } from '#hooks/shared/direct-entrypoint';
 export { WP_ROUTING_BLOCK };
 export const MAX_BYTES = 200 * 1024;
 export const TRUNCATION_NOTICE = '\n\n[truncated: file exceeded 200KB limit]';
@@ -115,8 +115,7 @@ export async function main() {
     }
     process.exit(0);
 }
-if (process.argv[1] &&
-    realpathSync(fileURLToPath(import.meta.url)) === realpathSync(process.argv[1])) {
+if (isDirectEntrypoint(import.meta.url)) {
     void main();
 }
 //# sourceMappingURL=index.js.map

package/dist/esm/hooks/shared/direct-entrypoint.d.ts

@@ -0,0 +1,10 @@
+/**
+ * Return true when a module is being executed directly rather than imported.
+ *
+ * Bun single-file executables expose virtual `/$bunfs/...` paths while loading
+ * bundled modules. Those paths are not real filesystem entries, so direct
+ * `realpathSync` checks must degrade instead of throwing during native runtime
+ * imports.
+ */
+export declare function isDirectEntrypoint(moduleUrl: string, argvPath?: string | undefined): boolean;
+//# sourceMappingURL=direct-entrypoint.d.ts.map

package/dist/esm/hooks/shared/direct-entrypoint.js

@@ -0,0 +1,21 @@
+import { realpathSync } from 'node:fs';
+import { fileURLToPath } from 'node:url';
+/**
+ * Return true when a module is being executed directly rather than imported.
+ *
+ * Bun single-file executables expose virtual `/$bunfs/...` paths while loading
+ * bundled modules. Those paths are not real filesystem entries, so direct
+ * `realpathSync` checks must degrade instead of throwing during native runtime
+ * imports.
+ */
+export function isDirectEntrypoint(moduleUrl, argvPath = process.argv[1]) {
+    if (!argvPath)
+        return false;
+    try {
+        return realpathSync(fileURLToPath(moduleUrl)) === realpathSync(argvPath);
+    }
+    catch {
+        return false;
+    }
+}
+//# sourceMappingURL=direct-entrypoint.js.map

package/dist/esm/hooks/stop/qa-changed-files.js

@@ -1,11 +1,10 @@
 #!/usr/bin/env bun
 import { globSync } from 'glob';
 import { execSync } from 'node:child_process';
-import { realpathSync } from 'node:fs';
 import { basename, dirname, extname, join } from 'node:path';
-import { fileURLToPath } from 'node:url';
 import { runHook } from '#hooks/shared/hook-bootstrap';
 import { isLintableFile, isSkippedPath } from '#hooks/post-tool/lint-after-edit';
+import { isDirectEntrypoint } from '#hooks/shared/direct-entrypoint';
 const TYPECHECKABLE_EXTENSIONS = new Set(['.ts', '.tsx']);
 export function getChangedFiles(projectDir) {
     const unstaged = execSync('git diff --name-only', { cwd: projectDir, encoding: 'utf-8' }).trim();
@@ -86,14 +85,13 @@ export function formatStopHookOutput(result) {
     return JSON.stringify(result);
 }
 export async function main() {
-    runHook(
+    await runHook(
     // `Stop` is latency-sensitive and user-visible. Until webpresso grows a
     // deferred execution plane, broad typecheck/test sweeps stay off the hot
     // path instead of shelling synchronously at turn end.
     (_input) => null, formatStopHookOutput);
 }
-if (process.argv[1] &&
-    realpathSync(fileURLToPath(import.meta.url)) === realpathSync(process.argv[1])) {
+if (isDirectEntrypoint(import.meta.url)) {
     void main();
 }
 //# sourceMappingURL=qa-changed-files.js.map

package/dist/esm/hooks/test-quality-check.js

@@ -1,8 +1,8 @@
 #!/usr/bin/env bun
 import { resolveActiveWorktreeRoot } from './shared/worktree-root.js';
-import { readFileSync, realpathSync } from 'node:fs';
-import { fileURLToPath } from 'node:url';
+import { readFileSync } from 'node:fs';
 import { isAbsolute, join } from 'node:path';
+import { isDirectEntrypoint } from '#hooks/shared/direct-entrypoint';
 import { findMutationGamingPatterns, findTautologicalAssertions, MUTATION_GAMING_PATTERNS, TAUTOLOGICAL_PATTERNS, } from './pretool-guard/validators/test-quality.js';
 const testFileRegex = /\.test\.(ts|tsx|js|jsx)$/;
 export function getTestQualityCheckCwd() {
@@ -54,8 +54,7 @@ export function runTestQualityCheck(argv = process.argv.slice(2), cwd = getTestQ
         process.exit(1);
     }
 }
-if (process.argv[1] &&
-    realpathSync(fileURLToPath(import.meta.url)) === realpathSync(process.argv[1])) {
+if (isDirectEntrypoint(import.meta.url)) {
     runTestQualityCheck();
 }
 //# sourceMappingURL=test-quality-check.js.map

package/dist/esm/mcp/blueprint-server.js

@@ -461,11 +461,23 @@ function runValidate(filePath) {
     catch (e) {
         return { valid: false, gaps: [`Frontmatter parse error: ${toStr(e)}`] };
     }
-    for (const f of ['type', 'title', 'status', 'complexity', 'owner']) {
+    const blueprintStatus = String(fm.data['status'] ?? '').trim();
+    const requiredFields = blueprintStatus === 'draft'
+        ? ['type', 'status']
+        : ['type', 'title', 'status', 'complexity', 'owner', 'last_updated'];
+    for (const f of requiredFields) {
         const v = fm.data[f];
         if (!v || String(v).trim() === '')
             gaps.push(`Missing or empty frontmatter field: ${f}`);
     }
+    const complexity = String(fm.data['complexity'] ?? '').trim();
+    if (complexity && !['XS', 'S', 'M', 'L', 'XL'].includes(complexity)) {
+        gaps.push(`Invalid frontmatter field: complexity (${complexity})`);
+    }
+    const lastUpdated = String(fm.data['last_updated'] ?? '').trim();
+    if (lastUpdated && !/^\d{4}-\d{2}-\d{2}$/.test(lastUpdated.replace(/^['"]|['"]$/g, ''))) {
+        gaps.push(`Invalid frontmatter field: last_updated (${lastUpdated})`);
+    }
     const body = fm.content;
     const taskHeaderRegex = /^####\s+(?:\[[^\]]+\]\s+)?Task\s+\S/m;
     if (!taskHeaderRegex.test(body))
@@ -1145,12 +1157,12 @@ async function handleFinalize(projectResolver, cwd, raw) {
 function assertBlueprintCanComplete(overviewPath, slug) {
     const markdown = readFileSync(overviewPath, 'utf8');
     const blueprint = parseBlueprint(markdown, slug);
-    const unfinished = blueprint.tasks.filter((task) => task.status !== 'done');
+    const unfinished = blueprint.tasks.filter((task) => task.status !== 'done' && task.status !== 'dropped');
     if (unfinished.length > 0) {
         const list = unfinished.map((task) => `${task.id} (${task.status})`).join(', ');
         throw new Error(`Cannot complete "${slug}": the following tasks are not done: ${list}`);
     }
-    assertAllTasksHaveCanonicalPassingEvidence(markdown, blueprint.tasks.map((task) => task.id));
+    assertAllTasksHaveCanonicalPassingEvidence(markdown, blueprint.tasks.filter((task) => task.status !== 'dropped').map((task) => task.id));
 }
 const depgraphSchema = z.object({ from: z.string() });
 async function handleDepgraph(cwd, raw) {
@@ -1880,6 +1892,17 @@ async function handleBlueprintTransition(projectResolver, cwd, raw) {
     const found = findBlueprintDir(root, slug, ALL_STATES);
     if (!found)
         return err('wp_blueprint_transition failed', `Blueprint "${slug}" not found on disk`);
+    // Transitioning to `completed` must satisfy the same open-task gate as
+    // finalize/promote — otherwise this path is a hole that completes a blueprint
+    // with unfinished work. (terminal = done ∪ dropped, see assertBlueprintCanComplete.)
+    if (to_state === 'completed') {
+        try {
+            assertBlueprintCanComplete(found.path, slug);
+        }
+        catch (error) {
+            return err('wp_blueprint_transition failed', error instanceof Error ? error.message : String(error));
+        }
+    }
     try {
         const refreshed = await applyLocalBlueprintTransition({
             found,

package/dist/esm/mcp/cli.js

@@ -7,6 +7,7 @@
  * `dist/esm/mcp/tools/*.js` (post-build) or `src/mcp/tools/*.ts` (dev).
  */
 import { StdioServerTransport } from '@modelcontextprotocol/sdk/server/stdio.js';
+import { isDirectEntrypoint } from '#hooks/shared/direct-entrypoint';
 import { deleteSentinel, writeSentinel } from '#hooks/shared/mcp-sentinel';
 import { createServer } from './server.js';
 export async function runStdioServer() {
@@ -55,12 +56,7 @@ export async function runStdioServer() {
     writeSentinel();
     await settle.promise;
 }
-import { realpathSync } from 'node:fs';
-import { fileURLToPath } from 'node:url';
-const isDirectInvocation = typeof process !== 'undefined' &&
-    process.argv[1] !== undefined &&
-    realpathSync(fileURLToPath(import.meta.url)) === realpathSync(process.argv[1]);
-if (isDirectInvocation) {
+if (isDirectEntrypoint(import.meta.url)) {
     runStdioServer().catch((err) => {
         process.stderr.write(`wp mcp: ${err instanceof Error ? err.message : String(err)}\n`);
         process.exit(1);

package/dist/esm/mcp/server.d.ts

@@ -7,7 +7,9 @@
  * — no edits required here.
  */
 import { Server } from '@modelcontextprotocol/sdk/server/index.js';
+export declare function isBunSingleFileModuleUrl(moduleUrl: string): boolean;
 export type ToolLoadMode = 'filesystem' | 'registry';
+export declare function resolveDefaultToolLoadMode(moduleUrl?: string): ToolLoadMode;
 export interface CreateServerOptions {
     /**
      * Directory to scan for tool descriptors. Defaults to `./tools` relative to