@wipcomputer/wip-ldm-os 0.4.84 → 0.4.85-alpha.10

package/scripts/test-crc-agentid-tenant-boundary.mjs

@@ -0,0 +1,80 @@
+import { createHash } from "node:crypto";
+import { readFileSync } from "node:fs";
+
+const server = readFileSync("src/hosted-mcp/server.mjs", "utf8");
+
+function assertContains(needle, label) {
+  if (!server.includes(needle)) {
+    throw new Error(`${label} missing expected text: ${needle}`);
+  }
+}
+
+function assertNotContains(needle, label) {
+  if (server.includes(needle)) {
+    throw new Error(`${label} still contains forbidden text: ${needle}`);
+  }
+}
+
+assertContains('const ACCOUNT_TENANT_PREFIX = "acct:";', "account tenant prefix");
+assertContains('const LEGACY_API_KEY_TENANT_PREFIX = "key:";', "legacy key tenant prefix");
+assertContains('function accountTenantIdForUserId(userId)', "account tenant helper");
+assertContains('function identityForApiKey(key)', "api key identity helper");
+assertContains('return identityForApiKey(key);', "http auth uses identity helper");
+assertContains("const agentId = accountTenantIdForUserId(stored.userId);", "registration uses immutable account tenant");
+assertContains("function sanitizeDisplayLabel(raw)", "display label sanitizer");
+assertContains('replace(/[\\u0000-\\u001f\\u007f]/g, "").replace(/\\s+/g, " ").trim().slice(0, 64)', "display label sanitizer preserves label semantics");
+assertContains("const displayLabel = sanitizeDisplayLabel(body?.displayName || body?.username);", "registration treats entered name as display label");
+assertContains("displayLabel,", "registration challenge stores display label");
+assertContains("await saveApiKey(apiKey, agentId, { handle: credentialLabel });", "registration stores handle separately");
+assertContains("p.handle = identity.handle;", "pair stores display handle separately");
+assertContains("handle: identity.handle,", "relay metadata returns display handle");
+assertContains("codexDaemons.has(identity.agentId)", "daemon presence uses tenant id");
+assertContains("codexDaemonPubkeys.get(identity.agentId)", "daemon pubkey uses tenant id");
+assertContains("agentId: identity.agentId,", "relay tickets bind tenant id");
+assertContains("handle: identity.handle,", "relay tickets preserve display handle");
+assertContains("codexDaemons.set(identity.agentId, ws);", "daemon ws keyed by tenant id");
+assertContains("const key = codexRelayKey(identity.agentId, threadId);", "web ws keyed by tenant id");
+assertContains("const daemonWs = codexDaemons.get(identity.agentId);", "web sends to tenant daemon");
+assertNotContains("const agentId = stored.username || (\"passkey-\"", "registration must not use chosen handle as tenant");
+assertNotContains("const existingKey = Object.entries(API_KEYS).find(([k, v]) => v === agentId);", "oauth must not reuse chosen handle as tenant");
+assertNotContains("function isUsernameTaken", "display labels must not be globally unique usernames");
+assertNotContains("function sanitizeUsername", "display labels must not be modeled as usernames");
+assertNotContains('json(res, 409, { error: "reserved_handle"', "display labels must not be blocked as reserved security handles");
+assertNotContains('json(res, 409, { error: "handle_taken"', "duplicate display labels must be allowed");
+
+function legacyTenantIdForApiKey(key) {
+  return "key:" + createHash("sha256").update(key).digest("base64url").slice(0, 32);
+}
+
+function accountTenantIdForUserId(userId) {
+  return "acct:" + userId;
+}
+
+const chosenHandle = "parker-smoke-test";
+const sharedDisplayLabel = "Parker";
+const accountA = accountTenantIdForUserId("user-a");
+const accountB = accountTenantIdForUserId("user-b");
+const threadId = "thread-019dfa";
+if (accountA === accountB) {
+  throw new Error("different user ids collapsed to one account tenant");
+}
+if (`${sharedDisplayLabel}:${threadId}` === `${accountA}:${threadId}` || `${sharedDisplayLabel}:${threadId}` === `${accountB}:${threadId}`) {
+  throw new Error("display label was used as a relay route key");
+}
+
+const legacyA = legacyTenantIdForApiKey("ck-a");
+const legacyB = legacyTenantIdForApiKey("ck-b");
+if (legacyA === legacyB) {
+  throw new Error("legacy API-key tenants collided");
+}
+
+const webKeyA = `${accountA}:${threadId}`;
+const webKeyB = `${accountB}:${threadId}`;
+if (webKeyA === webKeyB) {
+  throw new Error("same display handle can still collide across account tenants");
+}
+if (`${chosenHandle}:${threadId}` === webKeyA || `${chosenHandle}:${threadId}` === webKeyB) {
+  throw new Error("model still keys relay routes by display handle");
+}
+
+console.log("crc agentId tenant boundary checks passed");

package/scripts/test-crc-e2ee-key-persistence.mjs

@@ -0,0 +1,80 @@
+import { readFileSync } from "node:fs";
+
+const server = readFileSync("src/hosted-mcp/server.mjs", "utf8");
+
+function assertContains(needle, label) {
+  if (!server.includes(needle)) {
+    throw new Error(`${label} missing expected text: ${needle}`);
+  }
+}
+
+function assertBefore(first, second, label) {
+  const firstIndex = server.indexOf(first);
+  const secondIndex = server.indexOf(second);
+  if (firstIndex === -1 || secondIndex === -1 || firstIndex >= secondIndex) {
+    throw new Error(`${label} expected "${first}" before "${second}"`);
+  }
+}
+
+assertContains("CREATE TABLE IF NOT EXISTS codex_daemon_e2ee_keys", "persistent key table");
+assertContains("async function loadCodexDaemonPubkeysFromDb()", "boot load helper");
+assertContains("await loadCodexDaemonPubkeysFromDb();", "boot load call");
+assertContains("async function persistCodexDaemonPubkey(agentId, pubkey, cryptoVersions)", "persist helper");
+assertContains("function registerCodexDaemonPubkey(agentId, pubkey, cryptoVersions, source)", "registration helper");
+assertContains("codexDaemonPubkeys.set(agentId, {", "registration updates in-memory bootstrap cache");
+assertContains("return persistCodexDaemonPubkey(agentId, pubkey, normalizedVersions)", "registration persists after cache update");
+assertContains("await registerCodexDaemonPubkey(identity.agentId, p.daemon_public_key, p.crypto_versions, \"pair-complete\");", "pair-complete persists key");
+assertContains("if (envelope?.type === \"daemon.identity\") {", "daemon reconnect identity frame");
+assertContains("envelope.daemon_public_key", "daemon identity carries public key");
+assertContains("envelope.crypto_versions", "daemon identity carries crypto versions");
+assertContains("\"daemon-reconnect\"", "daemon reconnect source marker");
+assertContains("const daemonKey = codexDaemonPubkeys.get(identity.agentId) || null;", "bootstrap uses loaded or registered key");
+assertBefore(
+  "await loadCodexDaemonPubkeysFromDb();",
+  "function handleCodexBootstrap(req, res, threadId)",
+  "persisted keys load before bootstrap handler",
+);
+
+const modelPubkeys = new Map();
+const persistedRows = new Map();
+
+function normalizeVersions(versions) {
+  const out = Array.isArray(versions)
+    ? versions.filter((v) => typeof v === "string" && v.length > 0 && v.length <= 32).slice(0, 8)
+    : [];
+  return out.length ? out : ["e2ee-v1"];
+}
+
+function modelRegister(agentId, pubkey, versions) {
+  const normalized = normalizeVersions(versions);
+  modelPubkeys.set(agentId, { pubkey, crypto_versions: normalized });
+  persistedRows.set(agentId, { pubkey, crypto_versions_json: JSON.stringify(normalized) });
+}
+
+function modelBootLoad() {
+  const restored = new Map();
+  for (const [agentId, row] of persistedRows) {
+    restored.set(agentId, {
+      pubkey: row.pubkey,
+      crypto_versions: normalizeVersions(JSON.parse(row.crypto_versions_json)),
+    });
+  }
+  return restored;
+}
+
+modelRegister("acct:user-a", "spki-key-a", ["e2ee-v1"]);
+const afterRestart = modelBootLoad();
+if (afterRestart.get("acct:user-a")?.pubkey !== "spki-key-a") {
+  throw new Error("boot load did not restore persisted daemon pubkey");
+}
+
+modelRegister("acct:user-a", "spki-key-b", []);
+const afterReconnect = modelBootLoad();
+if (afterReconnect.get("acct:user-a")?.pubkey !== "spki-key-b") {
+  throw new Error("daemon reconnect did not replace persisted daemon pubkey");
+}
+if (afterReconnect.get("acct:user-a")?.crypto_versions?.[0] !== "e2ee-v1") {
+  throw new Error("daemon reconnect did not default crypto version");
+}
+
+console.log("crc e2ee key persistence checks passed");

package/scripts/test-crc-e2ee-session-route.mjs

@@ -0,0 +1,122 @@
+import { readFileSync } from "node:fs";
+
+const server = readFileSync("src/hosted-mcp/server.mjs", "utf8");
+
+function assertContains(needle, label) {
+  if (!server.includes(needle)) {
+    throw new Error(`${label} missing expected text: ${needle}`);
+  }
+}
+
+function assertBefore(first, second, label) {
+  const firstIndex = server.indexOf(first);
+  const secondIndex = firstIndex === -1 ? -1 : server.indexOf(second, firstIndex + first.length);
+  if (firstIndex === -1 || secondIndex === -1 || firstIndex >= secondIndex) {
+    throw new Error(`${label} expected "${first}" before "${second}"`);
+  }
+}
+
+assertContains("const codexWebClients = new Map(); // `${agentId}:${threadId}` -> Set<ws>", "thread-keyed web client sets");
+assertContains("const codexE2eeSessionRoutes = new Map(); // `${agentId}:${e2eeSession}` -> { threadId, webKey, ws }", "e2ee session route map");
+assertContains("function registerCodexE2eeSessionRoute(agentId, e2eeSession, threadId, ws)", "route registration helper");
+assertContains("codexE2eeSessionRoutes.set(codexRelayKey(agentId, e2eeSession), { threadId, webKey, ws });", "route map stores e2ee session to thread");
+assertContains("function addCodexWebClient(webKey, ws)", "web client set add helper");
+assertContains("function removeCodexWebClient(webKey, ws)", "web client set remove helper");
+assertContains("function openCodexWebClientsForKey(webKey)", "web client set read helper");
+assertContains("function resolveCodexWebClientsForDaemonFrame(agentId, routeId)", "daemon route resolver");
+assertContains("const routed = codexE2eeSessionRoutes.get(codexRelayKey(agentId, routeId));", "daemon route lookup uses e2ee session map");
+assertContains("if (routed && routed.ws && routed.ws.readyState === routed.ws.OPEN) return [routed.ws];", "daemon route resolves to active owner socket");
+assertContains("return openCodexWebClientsForKey(codexRelayKey(agentId, routeId));", "daemon route keeps direct thread fallback");
+assertContains("const targets = resolveCodexWebClientsForDaemonFrame(identity.agentId, sessionId);", "daemon frames use route resolver");
+assertContains("for (const target of targets) {", "daemon frames send to every resolved target");
+assertContains("if (isCodexE2eeEnvelope(envelope) && envelope.session) {", "web e2ee messages are detected");
+assertContains("registerCodexE2eeSessionRoute(identity.agentId, envelope.session, threadId, ws);", "web e2ee session is registered");
+assertContains("const clientCount = addCodexWebClient(key, ws);", "new web connections are added without replacing existing clients");
+assertContains("removeCodexWebClient(key, ws);", "close cleanup removes only the closing socket");
+assertContains("removeCodexE2eeRoutesForWeb(identity.agentId, threadId, ws);", "close cleanup");
+assertContains("if (route.webKey === webKey && (!ws || route.ws === ws)) {", "cleanup only removes routes owned by the closing socket");
+assertBefore(
+  "registerCodexE2eeSessionRoute(identity.agentId, envelope.session, threadId, ws);",
+  "daemonWs.send(text);",
+  "web session route registered before forwarding to daemon",
+);
+if (server.includes("const previous = codexWebClients.get(key);")) {
+  throw new Error("web client replacement lookup is still present");
+}
+if (server.includes("codexWebClients.set(key, ws);")) {
+  throw new Error("web client singleton set is still present");
+}
+
+const OPEN = 1;
+const agentId = "parker-smoke-test";
+const threadId = "thread-123";
+const e2eeSession = "e2ee-random-session-456";
+if (e2eeSession === threadId) {
+  throw new Error("test setup must use a random E2EE session distinct from threadId");
+}
+
+const modelWebClients = new Map();
+const modelRoutes = new Map();
+const webSocketA = { readyState: OPEN, OPEN };
+const webSocketB = { readyState: OPEN, OPEN };
+const webSocketC = { readyState: OPEN, OPEN };
+const webKey = `${agentId}:${threadId}`;
+
+function modelAddWebClient(ws) {
+  let clients = modelWebClients.get(webKey);
+  if (!clients) {
+    clients = new Set();
+    modelWebClients.set(webKey, clients);
+  }
+  clients.add(ws);
+}
+
+function modelRegister(session, ws) {
+  modelRoutes.set(`${agentId}:${session}`, { webKey, ws });
+}
+
+function modelResolve(routeId) {
+  const route = modelRoutes.get(`${agentId}:${routeId}`);
+  if (route && route.ws.readyState === route.ws.OPEN) return [route.ws];
+  const clients = modelWebClients.get(`${agentId}:${routeId}`) || new Set();
+  return [...clients].filter((webWs) => webWs.readyState === webWs.OPEN);
+}
+
+function modelRemoveOwnedRoutes(ws) {
+  for (const [routeKey, route] of modelRoutes) {
+    if (route.webKey === webKey && route.ws === ws) modelRoutes.delete(routeKey);
+  }
+}
+
+function modelRemoveWebClient(ws) {
+  const clients = modelWebClients.get(webKey);
+  if (!clients) return;
+  clients.delete(ws);
+  if (clients.size === 0) modelWebClients.delete(webKey);
+}
+
+modelAddWebClient(webSocketA);
+modelAddWebClient(webSocketB);
+modelRegister(e2eeSession, webSocketA);
+if (modelResolve(e2eeSession)[0] !== webSocketA) {
+  throw new Error("random E2EE session did not route to the owning thread web socket");
+}
+const threadTargets = modelResolve(threadId);
+if (threadTargets.length !== 2 || !threadTargets.includes(webSocketA) || !threadTargets.includes(webSocketB)) {
+  throw new Error("direct thread fallback did not broadcast to every thread web socket");
+}
+
+modelRemoveOwnedRoutes(webSocketA);
+modelRemoveWebClient(webSocketA);
+modelAddWebClient(webSocketC);
+modelRegister(e2eeSession, webSocketC);
+modelRemoveOwnedRoutes(webSocketA);
+if (modelResolve(e2eeSession)[0] !== webSocketC) {
+  throw new Error("old socket cleanup removed or stole the replacement E2EE route");
+}
+const remainingThreadTargets = modelResolve(threadId);
+if (remainingThreadTargets.length !== 2 || !remainingThreadTargets.includes(webSocketB) || !remainingThreadTargets.includes(webSocketC)) {
+  throw new Error("closing one web socket removed another browser client");
+}
+
+console.log("crc e2ee session route checks passed");

package/scripts/test-crc-pair-login-flow.mjs

@@ -0,0 +1,40 @@
+import { readFileSync } from "node:fs";
+
+const server = readFileSync("src/hosted-mcp/server.mjs", "utf8");
+const loginFiles = [
+  "src/hosted-mcp/app/kaleidoscope-login.html",
+  "src/hosted-mcp/demo/login.html",
+];
+
+function assertContains(source, needle, label) {
+  if (!source.includes(needle)) {
+    throw new Error(`${label} missing expected text: ${needle}`);
+  }
+}
+
+function assertBefore(source, first, second, label) {
+  const firstIndex = source.indexOf(first);
+  const secondIndex = source.indexOf(second);
+  if (firstIndex === -1 || secondIndex === -1 || firstIndex >= secondIndex) {
+    throw new Error(`${label} expected "${first}" before "${second}"`);
+  }
+}
+
+assertContains(server, "const PAIR_NEXT_REGEX = /^\\/pair\\/[ABCDEFGHJKLMNPQRSTUVWXYZ23456789]{6}$/;", "server pair regex");
+assertContains(server, "const REMOTE_CONTROL_NEXT_REGEX = /^\\/codex-remote-control\\/", "server remote-control regex");
+assertContains(server, "purpose,           // \"pair\" | null", "server stores pair purpose");
+assertContains(server, "next: next || null, // sanitized `/pair/<CODE>` or null", "server stores sanitized next");
+assertContains(server, "json(res, 200, { status: \"approved\", agentId: entry.agentId });", "server strips desktop pair status");
+assertContains(server, "json(res, 200, { ok: true, next: entry.next });", "server returns next to phone approve");
+
+for (const file of loginFiles) {
+  const html = readFileSync(file, "utf8");
+  assertContains(html, "function isPairNextOnDesktop()", `${file} desktop pair helper`);
+  assertContains(html, "} else if (isPairNextOnDesktop()) {", `${file} auto-start desktop pair QR`);
+  assertContains(html, "startQrLogin('', 'signin');", `${file} pair QR uses sign-in mode`);
+  assertContains(html, "if (approveResponse && typeof approveResponse.next === 'string' && isWhitelistedNext(approveResponse.next))", `${file} consumes approve next`);
+  assertContains(html, "if (urlNext && PAIR_NEXT_REGEX.test(urlNext))", `${file} desktop pair approved branch`);
+  assertBefore(html, "if (isPairNextOnDesktop() && !qrSessionMode)", "if (needsCustomQR() && !qrSessionMode)", `${file} create button forces pair QR before normal QR fallback`);
+}
+
+console.log("crc pair login flow checks passed");

package/scripts/test-crc-pair-status-poll-token.mjs

@@ -0,0 +1,73 @@
+import { readFileSync } from "node:fs";
+
+const server = readFileSync("src/hosted-mcp/server.mjs", "utf8");
+
+function assertContains(needle, label) {
+  if (!server.includes(needle)) {
+    throw new Error(`${label} missing expected text: ${needle}`);
+  }
+}
+
+function assertNotContains(needle, label) {
+  if (server.includes(needle)) {
+    throw new Error(`${label} still contains forbidden text: ${needle}`);
+  }
+}
+
+assertContains("function generateCodexPairPollToken()", "pair poll token generator");
+assertContains('return "ppt_" + randomBytes(32).toString("base64url");', "pair poll token entropy");
+assertContains("function getBearerToken(req)", "bearer token helper");
+assertContains("const pollToken = generateCodexPairPollToken();", "pair-init mints poll token");
+assertContains("poll_token: pollToken,", "pair state stores poll token");
+assertContains("poll_token_used: false,", "pair state tracks token consumption");
+assertContains("pair_poll_token: pollToken,", "pair-init returns poll token to daemon");
+assertContains('json(res, 401, { error: "pair_poll_token_expired" });', "expired token rejected");
+assertContains('json(res, 401, { error: "invalid_pair_poll_token" });', "missing or wrong token rejected");
+assertContains("if (!pollToken || pollToken !== p.poll_token || p.poll_token_used)", "pair-status validates token");
+assertContains("p.poll_token_used = true;", "completed credential response consumes token");
+
+function pairStatusModel(pair, bearer, now) {
+  if (now > pair.expires) return { code: 401, body: { error: "pair_poll_token_expired" } };
+  if (!bearer || bearer !== pair.poll_token || pair.poll_token_used) {
+    return { code: 401, body: { error: "invalid_pair_poll_token" } };
+  }
+  if (pair.status === "completed") {
+    pair.poll_token_used = true;
+    return { code: 200, body: { status: "completed", api_key: pair.apiKey, handle: pair.handle } };
+  }
+  return { code: 200, body: { status: pair.status } };
+}
+
+const pair = {
+  status: "pending",
+  expires: 10_000,
+  poll_token: "ppt_good",
+  poll_token_used: false,
+  apiKey: "ck_secret",
+  handle: "Parker",
+};
+
+if (pairStatusModel({ ...pair }, null, 1).code !== 401) {
+  throw new Error("missing poll token should fail");
+}
+if (pairStatusModel({ ...pair }, "ppt_wrong", 1).code !== 401) {
+  throw new Error("wrong poll token should fail");
+}
+if (pairStatusModel({ ...pair }, "ppt_good", 20_000).code !== 401) {
+  throw new Error("expired poll token should fail");
+}
+if (pairStatusModel({ ...pair }, "ppt_good", 1).body.status !== "pending") {
+  throw new Error("correct poll token should return pending before completion");
+}
+
+const completedPair = { ...pair, status: "completed" };
+const completed = pairStatusModel(completedPair, "ppt_good", 1);
+if (completed.code !== 200 || completed.body.api_key !== "ck_secret") {
+  throw new Error("correct poll token should return completed credential once");
+}
+const replay = pairStatusModel(completedPair, "ppt_good", 1);
+if (replay.code !== 401) {
+  throw new Error("reused completed poll token should fail");
+}
+
+console.log("crc pair-status poll token checks passed");

package/scripts/test-installer-hook-toolname.mjs

@@ -0,0 +1,80 @@
+#!/usr/bin/env node
+import { mkdtempSync, mkdirSync, writeFileSync, readFileSync, existsSync, rmSync } from 'node:fs';
+import { join } from 'node:path';
+import { tmpdir } from 'node:os';
+
+const tempHome = mkdtempSync(join(tmpdir(), 'ldm-hook-toolname-home-'));
+const tempPkg = mkdtempSync(join(tmpdir(), 'ldm-npm-pack-'));
+
+try {
+  process.env.HOME = tempHome;
+
+  mkdirSync(join(tempHome, '.claude'), { recursive: true });
+  writeFileSync(join(tempHome, '.claude', 'settings.json'), JSON.stringify({ hooks: {} }, null, 2) + '\n');
+  const staleExtDir = join(tempHome, '.ldm', 'extensions', 'wip-branch-guard');
+  mkdirSync(staleExtDir, { recursive: true });
+  writeFileSync(join(staleExtDir, 'guard.mjs'), 'console.log("stale guard");\n');
+  writeFileSync(join(staleExtDir, 'package.json'), JSON.stringify({
+    name: '@wipcomputer/wip-branch-guard',
+    version: '1.9.89',
+  }, null, 2) + '\n');
+  writeFileSync(join(tempHome, '.ldm', 'extensions', 'registry.json'), JSON.stringify({
+    _format: 'v2',
+    extensions: {
+      'wip-branch-guard': {
+        version: '1.9.89',
+        ldmPath: staleExtDir,
+        paths: { ldm: staleExtDir },
+        interfaces: ['module', 'skill', 'claudeCodeHook'],
+      },
+    },
+  }, null, 2) + '\n');
+
+  const extractedPackageDir = join(tempPkg, 'package');
+  mkdirSync(extractedPackageDir, { recursive: true });
+  writeFileSync(join(extractedPackageDir, 'package.json'), JSON.stringify({
+    name: '@wipcomputer/wip-branch-guard',
+    version: '1.9.90',
+    type: 'module',
+    main: 'guard.mjs',
+    claudeCode: {
+      hooks: [
+        { event: 'PreToolUse', matcher: 'Write|Edit|Bash', command: 'node guard.mjs', timeout: 5 },
+      ],
+    },
+  }, null, 2) + '\n');
+  writeFileSync(join(extractedPackageDir, 'guard.mjs'), 'console.log("guard 1.9.90");\n');
+  writeFileSync(join(extractedPackageDir, 'SKILL.md'), '---\nname: wip-branch-guard\ndescription: "test skill"\n---\n');
+
+  const { installSingleTool } = await import('../lib/deploy.mjs');
+  const installed = installSingleTool(extractedPackageDir);
+  if (installed === 0) throw new Error('installer did not process the test package');
+
+  const expectedDir = join(tempHome, '.ldm', 'extensions', 'wip-branch-guard');
+  const wrongDir = join(tempHome, '.ldm', 'extensions', 'package');
+  if (!existsSync(join(expectedDir, 'guard.mjs'))) {
+    throw new Error('guard.mjs was not deployed under the package-derived tool name');
+  }
+  if (!existsSync(join(expectedDir, 'package.json'))) {
+    throw new Error('package.json was not deployed under the package-derived tool name');
+  }
+  if (existsSync(wrongDir)) {
+    throw new Error('hook deployment used basename(repoPath) instead of package-derived tool name');
+  }
+
+  const settings = JSON.parse(readFileSync(join(tempHome, '.claude', 'settings.json'), 'utf8'));
+  const command = settings.hooks?.PreToolUse?.[0]?.hooks?.[0]?.command || '';
+  if (!command.includes('/wip-branch-guard/guard.mjs')) {
+    throw new Error(`hook command points at the wrong extension path: ${command}`);
+  }
+
+  const deployedPkg = JSON.parse(readFileSync(join(expectedDir, 'package.json'), 'utf8'));
+  if (deployedPkg.version !== '1.9.90') {
+    throw new Error(`deployed package version mismatch: ${deployedPkg.version}`);
+  }
+
+  console.log('installer hook tool-name regression check passed');
+} finally {
+  rmSync(tempHome, { recursive: true, force: true });
+  rmSync(tempPkg, { recursive: true, force: true });
+}

package/scripts/test-installer-skill-directory.mjs

@@ -0,0 +1,55 @@
+#!/usr/bin/env node
+import { existsSync, lstatSync, mkdirSync, mkdtempSync, readFileSync, rmSync, writeFileSync } from 'node:fs';
+import { join } from 'node:path';
+import { tmpdir } from 'node:os';
+
+const home = mkdtempSync(join(tmpdir(), 'ldm-skill-dir-home-'));
+const source = mkdtempSync(join(tmpdir(), 'ldm-skill-dir-source-'));
+
+function assert(condition, message) {
+  if (!condition) throw new Error(message);
+}
+
+try {
+  process.env.HOME = home;
+
+  for (const dir of ['.claude', '.openclaw', '.codex', '.agents']) {
+    mkdirSync(join(home, dir), { recursive: true });
+  }
+
+  const skillDir = join(source, 'skills', 'wip-ai-chat-ui');
+  mkdirSync(join(skillDir, 'references'), { recursive: true });
+  mkdirSync(join(skillDir, 'agents'), { recursive: true });
+  writeFileSync(join(skillDir, 'SKILL.md'), '---\nname: wip-ai-chat-ui\ndescription: "test skill"\n---\n\n# Test Skill\n');
+  writeFileSync(join(skillDir, 'references', 'stack.md'), '# Stack\n');
+  writeFileSync(join(skillDir, 'agents', 'openai.yaml'), 'display_name: "WIP AI Chat UI"\n');
+
+  const { detectInterfacesJSON } = await import('../lib/detect.mjs');
+  const detected = detectInterfacesJSON(source);
+  assert(detected.interfaceCount === 1, 'skill directory repo should expose one interface');
+  assert(detected.interfaces.skill?.skills?.[0]?.name === 'wip-ai-chat-ui', 'skill directory name should be detected');
+
+  const { installFromPath } = await import('../lib/deploy.mjs');
+  const result = await installFromPath(source);
+  assert(result.interfaces === 1, 'skill directory install should process one interface');
+
+  for (const target of [
+    join(home, '.claude', 'skills', 'wip-ai-chat-ui'),
+    join(home, '.openclaw', 'skills', 'wip-ai-chat-ui'),
+    join(home, '.codex', 'skills', 'wip-ai-chat-ui'),
+    join(home, '.agents', 'skills', 'wip-ai-chat-ui'),
+  ]) {
+    assert(existsSync(join(target, 'SKILL.md')), `${target} should include SKILL.md`);
+    assert(existsSync(join(target, 'references', 'stack.md')), `${target} should include references`);
+    assert(existsSync(join(target, 'agents', 'openai.yaml')), `${target} should include agents metadata`);
+    assert(!lstatSync(target).isSymbolicLink(), `${target} should be a deployed directory, not a symlink`);
+  }
+
+  const codexSkill = readFileSync(join(home, '.codex', 'skills', 'wip-ai-chat-ui', 'SKILL.md'), 'utf8');
+  assert(codexSkill.includes('name: wip-ai-chat-ui'), 'Codex target should contain the expected skill');
+
+  console.log('installer skill directory regression passed');
+} finally {
+  rmSync(home, { recursive: true, force: true });
+  rmSync(source, { recursive: true, force: true });
+}

package/scripts/test-installer-skill-dry-run-destinations.mjs

@@ -0,0 +1,100 @@
+#!/usr/bin/env node
+import { mkdirSync, mkdtempSync, rmSync, writeFileSync } from 'node:fs';
+import { join } from 'node:path';
+import { tmpdir } from 'node:os';
+
+const home = mkdtempSync(join(tmpdir(), 'ldm-skill-dry-run-home-'));
+const source = mkdtempSync(join(tmpdir(), 'ldm-skill-dry-run-source-'));
+
+function assert(condition, message) {
+  if (!condition) throw new Error(message);
+}
+
+try {
+  process.env.HOME = home;
+
+  for (const dir of ['.claude', '.openclaw', '.codex', '.agents']) {
+    mkdirSync(join(home, dir), { recursive: true });
+  }
+
+  const workspace = join(home, 'workspace');
+  mkdirSync(workspace, { recursive: true });
+  mkdirSync(join(home, '.ldm'), { recursive: true });
+  writeFileSync(join(home, '.ldm', 'config.json'), JSON.stringify({
+    workspace,
+    harnesses: {
+      'claude-code': {
+        detected: true,
+        home: join(home, '.claude'),
+        skills: join(home, '.claude', 'skills'),
+      },
+      openclaw: {
+        detected: true,
+        home: join(home, '.openclaw'),
+        skills: join(home, '.openclaw', 'skills'),
+      },
+      codex: {
+        detected: true,
+        home: join(home, '.codex'),
+        skills: join(home, '.codex', 'skills'),
+      },
+      'wip-agents': {
+        detected: true,
+        home: join(home, '.agents'),
+        skills: join(home, '.agents', 'skills'),
+      },
+    },
+  }, null, 2));
+
+  mkdirSync(join(source, 'references'), { recursive: true });
+  mkdirSync(join(source, 'agents'), { recursive: true });
+  writeFileSync(join(source, 'package.json'), JSON.stringify({
+    name: '@wipcomputer/wip-ai-chat-ui',
+    version: '0.1.1',
+  }, null, 2));
+  writeFileSync(join(source, 'SKILL.md'), '---\nname: wip-ai-chat-ui\ndescription: "test skill"\n---\n\n# Test Skill\n');
+  writeFileSync(join(source, 'references', 'stack.md'), '# Stack\n');
+  writeFileSync(join(source, 'agents', 'openai.yaml'), 'display_name: "WIP AI Chat UI"\n');
+
+  const { setFlags, installFromPath } = await import('../lib/deploy.mjs');
+
+  const lines = [];
+  const originalLog = console.log;
+  console.log = (...args) => lines.push(args.join(' '));
+
+  try {
+    setFlags({ dryRun: true, jsonOutput: false });
+    const result = await installFromPath(source);
+    assert(result.interfaces === 1, 'dry run should process one skill interface');
+  } finally {
+    console.log = originalLog;
+  }
+
+  const output = lines.join('\n');
+
+  for (const expected of [
+    'Would copy:',
+    '- SKILL.md',
+    '- references/',
+    '- agents/',
+    'Permanent copy:',
+    join(home, '.ldm', 'extensions', 'wip-ai-chat-ui', 'SKILL.md'),
+    join(home, '.ldm', 'extensions', 'wip-ai-chat-ui', 'references/'),
+    'Agent skill targets:',
+    `claude-code: ${join(home, '.claude', 'skills', 'wip-ai-chat-ui')}`,
+    join(home, '.claude', 'skills', 'wip-ai-chat-ui', 'SKILL.md'),
+    `openclaw: ${join(home, '.openclaw', 'skills', 'wip-ai-chat-ui')}`,
+    join(home, '.openclaw', 'skills', 'wip-ai-chat-ui', 'references/'),
+    `codex: ${join(home, '.codex', 'skills', 'wip-ai-chat-ui')}`,
+    `wip-agents: ${join(home, '.agents', 'skills', 'wip-ai-chat-ui')}`,
+    'Workspace docs target:',
+    `${join(workspace, 'settings', 'docs', 'skills', 'wip-ai-chat-ui')} (references/ only)`,
+  ]) {
+    assert(output.includes(expected), `dry-run output should include ${expected}\n\n${output}`);
+  }
+
+  console.log('installer skill dry-run destinations regression passed');
+} finally {
+  rmSync(home, { recursive: true, force: true });
+  rmSync(source, { recursive: true, force: true });
+}