@wipcomputer/wip-ldm-os 0.4.85-alpha.3 → 0.4.85-alpha.30

package/scripts/test-crc-websocket-abuse-limits.mjs

@@ -0,0 +1,128 @@
+import { readFileSync } from "node:fs";
+import assert from "node:assert/strict";
+import {
+  CODEX_WS_CLOSE_CODES,
+  codexWsFrameByteLength,
+  createCodexWsAbuseLimitConfig,
+  createCodexWsConnectionGuard,
+  formatCodexWsLimitLog,
+  isCodexWsAgentDisabled,
+} from "../src/hosted-mcp/codex-relay-ws-abuse-limits.mjs";
+
+const server = readFileSync("src/hosted-mcp/server.mjs", "utf8");
+const deploy = readFileSync("src/hosted-mcp/deploy.sh", "utf8");
+
+function assertContains(source, needle, label) {
+  if (!source.includes(needle)) {
+    throw new Error(`${label} missing expected text: ${needle}`);
+  }
+}
+
+function assertBefore(source, first, second, label) {
+  const firstIndex = source.indexOf(first);
+  const secondIndex = firstIndex === -1 ? -1 : source.indexOf(second, firstIndex + first.length);
+  if (firstIndex === -1 || secondIndex === -1 || firstIndex >= secondIndex) {
+    throw new Error(`${label} expected "${first}" before "${second}"`);
+  }
+}
+
+const config = createCodexWsAbuseLimitConfig({
+  LDM_CODEX_WS_MAX_FRAME_BYTES: "10",
+  LDM_CODEX_WS_RATE_WINDOW_MS: "100",
+  LDM_CODEX_WS_MAX_MESSAGES_PER_WINDOW: "2",
+  LDM_CODEX_WS_MAX_BYTES_PER_WINDOW: "15",
+  LDM_CODEX_WS_MAX_BROWSER_SOCKETS_PER_THREAD: "3",
+  LDM_CODEX_WS_IDLE_TTL_MS: "50",
+  LDM_CODEX_WS_MAX_MALFORMED_FRAMES: "1",
+  LDM_CODEX_WS_MAX_PENDING_BYTES: "20",
+  LDM_CODEX_WS_KILL_SWITCH_AGENTS: "acct:blocked, acct:other",
+});
+
+assert.equal(config.maxFrameBytes, 10);
+assert.equal(config.maxBrowserSocketsPerThread, 3);
+assert.equal(isCodexWsAgentDisabled(config, "acct:blocked"), true);
+assert.equal(isCodexWsAgentDisabled(config, "acct:allowed"), false);
+
+let nowMs = 1_000;
+const guard = createCodexWsConnectionGuard({
+  config,
+  agentId: "acct:allowed",
+  now: () => nowMs,
+});
+
+assert.equal(guard.observeFrame(11).code, CODEX_WS_CLOSE_CODES.oversizedFrame);
+assert.equal(guard.observeFrame(5).ok, true);
+assert.equal(guard.observeFrame(5).ok, true);
+assert.equal(guard.observeFrame(5).reason, "message rate limit");
+
+nowMs += 101;
+const byteGuard = createCodexWsConnectionGuard({ config, agentId: "acct:allowed", now: () => nowMs });
+assert.equal(byteGuard.observeFrame(8).ok, true);
+assert.equal(byteGuard.observeFrame(8).reason, "byte rate limit");
+
+const malformedGuard = createCodexWsConnectionGuard({ config, agentId: "acct:allowed", now: () => nowMs });
+assert.equal(malformedGuard.observeMalformed().ok, true);
+assert.equal(malformedGuard.observeMalformed().code, CODEX_WS_CLOSE_CODES.malformedFrames);
+
+const pendingGuard = createCodexWsConnectionGuard({ config, agentId: "acct:allowed", now: () => nowMs });
+assert.equal(pendingGuard.observePendingBytes(21).code, CODEX_WS_CLOSE_CODES.pendingBytes);
+
+const idleGuard = createCodexWsConnectionGuard({ config, agentId: "acct:allowed", now: () => nowMs });
+assert.equal(idleGuard.observeFrame(1).ok, true);
+assert.equal(idleGuard.observeIdle(nowMs + 51).code, CODEX_WS_CLOSE_CODES.idleTimeout);
+
+const killedGuard = createCodexWsConnectionGuard({ config, agentId: "acct:blocked", now: () => nowMs });
+assert.equal(killedGuard.observeFrame(1).code, CODEX_WS_CLOSE_CODES.operatorDisabled);
+assert.equal(codexWsFrameByteLength(Buffer.from("hello")), 5);
+assert.match(
+  formatCodexWsLimitLog({
+    agentId: "acct:blocked",
+    threadId: "thread-a",
+    connectionId: "conn-a",
+    reason: "message rate limit",
+  }),
+  /reason=message rate limit agent=acct:blocked thread=thread-a conn=conn-a/,
+);
+
+assertContains(server, "import {", "server imports abuse module");
+assertContains(server, "createCodexWsAbuseLimitConfig", "server configures websocket limits");
+assertContains(server, "isCodexWsAgentDisabled(CODEX_WS_ABUSE_LIMITS, identity.agentId)", "server checks operator kill switch");
+assertContains(server, "openBrowserSockets >= CODEX_WS_ABUSE_LIMITS.maxBrowserSocketsPerThread", "server limits browser sockets per thread");
+assertContains(server, "createCodexWsConnectionGuard({", "server creates per-socket guard");
+assertContains(server, "guard.observeFrame(codexWsFrameByteLength(data))", "server observes browser frame size and rate");
+assertContains(server, "guard.observeMalformed()", "server observes malformed browser frames");
+assertContains(server, "guard.observePendingBytes(daemonWs.bufferedAmount || 0)", "server observes pending daemon bytes");
+assertContains(server, "guard.observeIdle()", "server observes idle connections");
+assertContains(server, "closeCodexWsForLimit(ws, guardContext, decision)", "server closes idle sockets by limit");
+assertContains(server, "closeCodexWsForLimit(ws, guardContext, frameDecision)", "server closes frame abuse");
+assertContains(server, "closeCodexWsForLimit(ws, guardContext, malformedDecision)", "server closes malformed abuse");
+assertContains(server, "closeCodexWsForLimit(ws, guardContext, pendingDecision)", "server closes pending byte abuse");
+assertContains(server, "codex-relay-ws-abuse-limits.mjs", "deploy inventory includes abuse module");
+assertContains(deploy, "add_file \"codex-relay-ws-abuse-limits.mjs\"", "deploy copies abuse module");
+
+assertBefore(
+  server,
+  "openBrowserSockets >= CODEX_WS_ABUSE_LIMITS.maxBrowserSocketsPerThread",
+  "codexRelayWss.handleUpgrade(req, socket, head, (ws) => {",
+  "socket cap should run before websocket upgrade is accepted",
+);
+assertBefore(
+  server,
+  "const frameDecision = guard.observeFrame(codexWsFrameByteLength(data));",
+  "let text = data.toString();",
+  "frame limit should run before parsing or forwarding browser data",
+);
+assertBefore(
+  server,
+  "if (!envelope || typeof envelope !== \"object\" || Array.isArray(envelope)) {",
+  "const daemonWs = codexDaemons.get(identity.agentId);",
+  "malformed browser frames should not be forwarded",
+);
+assertBefore(
+  server,
+  "const pendingDecision = guard.observePendingBytes(daemonWs.bufferedAmount || 0);",
+  "daemonWs.send(text);",
+  "pending byte check should run before forwarding to daemon",
+);
+
+console.log("crc websocket abuse limit checks passed");

package/scripts/test-install-prompt-policy.mjs

@@ -0,0 +1,84 @@
+import { readFileSync } from "node:fs";
+import { join } from "node:path";
+import { fileURLToPath } from "node:url";
+
+const repoRoot = fileURLToPath(new URL("..", import.meta.url));
+
+const files = [
+  "README.md",
+  "SKILL.md",
+  "shared/templates/install-prompt.md",
+];
+
+const contents = Object.fromEntries(
+  files.map((file) => [file, readFileSync(join(repoRoot, file), "utf8")]),
+);
+
+const failures = [];
+
+for (const file of ["README.md", "shared/templates/install-prompt.md"]) {
+  const text = contents[file];
+  for (const phrase of [
+    "Use the install document and live local checks as the source of truth.",
+    "Do not search memory or prior notes for this install. Do not pre-load context from `MEMORY.md`, `crystal_search`, local skill dev guides, or other local memory before fetching the install document.",
+    "Do not run GitHub commands during this install flow. Do not run or request approval for `gh release`, `gh api`, or `gh search`.",
+    "If release notes are not available from local or npm metadata, say that and do not fetch them from GitHub.",
+    "If installed: run `ldm status`",
+    "check available npm tracks from the install document",
+    "If yes to dry run, use the selected track's dry-run path from the install document.",
+    "If I say install, use the selected track's install path from the install document, then run `ldm doctor`.",
+    "install the CLI first using the selected track's bootstrap command from the install document",
+    "Then run:\n`ldm init --dry-run`",
+    "If I say install, run:\n`ldm init`",
+  ]) {
+    if (!text.includes(phrase)) {
+      failures.push(`${file} missing install prompt phrase: ${phrase}`);
+    }
+  }
+  if (text.includes("If it is, run ldm install --dry-run")) {
+    failures.push(`${file} still tells installed users to start with ldm install --dry-run`);
+  }
+}
+
+const skill = contents["SKILL.md"];
+for (const phrase of [
+  "Memory policy for install flows: do not consult `MEMORY.md`, do not run `crystal_search`, and do not search prior notes when this skill is invoked, including in any parallel or batched exploration step.",
+  "The only context sources for this install flow are `https://wip.computer/install/wip-ldm-os.txt` and the live local commands that document prescribes.",
+  "Read that document and run those commands. Do not pre-load other context.",
+  "Do not run GitHub commands during the install-state flow.",
+  "Do not run or request approval for `gh release list`, `gh release view`, `gh api repos/*`, `gh search`, or any other GitHub query unless the user explicitly asks for release notes.",
+  "npm view @wipcomputer/wip-ldm-os dist-tags --json",
+  "The README prompt should stay short. This install document owns the detailed track rules.",
+  "stable/current/latest: `ldm install --dry-run`",
+  "beta/latest beta: `ldm install --beta --dry-run`",
+  "alpha/latest alpha: `ldm install --alpha --dry-run`",
+  "beta/latest beta: `npm install -g @wipcomputer/wip-ldm-os@beta`",
+  "alpha/latest alpha: `npm install -g @wipcomputer/wip-ldm-os@alpha`",
+  "Use the output of `ldm status`, installed package metadata, and npm metadata.",
+  "Do not use GitHub commands here.",
+  "If npm metadata for a package does not include release notes:",
+  "Say \"release notes not available from local metadata.\"",
+  "Do not infer release-note content from package descriptions, commit messages, or repo READMEs.",
+  "An approval dialog is not a user request.",
+]) {
+  if (!skill.includes(phrase)) {
+    failures.push(`SKILL.md missing install policy phrase: ${phrase}`);
+  }
+}
+
+if (/gh release (list|view) --repo/.test(skill)) {
+  failures.push("SKILL.md still includes concrete gh release commands in the install flow");
+}
+
+const temporalMemoryPolicyPhrase = "your first action is " + "to fetch";
+if (skill.includes(temporalMemoryPolicyPhrase)) {
+  failures.push("SKILL.md still uses temporal first-action memory-policy phrasing");
+}
+
+if (failures.length > 0) {
+  console.error("install prompt policy checks failed:");
+  for (const failure of failures) console.error(`  - ${failure}`);
+  process.exit(1);
+}
+
+console.log("install-prompt-policy: LDM OS prompt and install doc agree");

package/scripts/test-installer-skill-directory.mjs

@@ -0,0 +1,55 @@
+#!/usr/bin/env node
+import { existsSync, lstatSync, mkdirSync, mkdtempSync, readFileSync, rmSync, writeFileSync } from 'node:fs';
+import { join } from 'node:path';
+import { tmpdir } from 'node:os';
+
+const home = mkdtempSync(join(tmpdir(), 'ldm-skill-dir-home-'));
+const source = mkdtempSync(join(tmpdir(), 'ldm-skill-dir-source-'));
+
+function assert(condition, message) {
+  if (!condition) throw new Error(message);
+}
+
+try {
+  process.env.HOME = home;
+
+  for (const dir of ['.claude', '.openclaw', '.codex', '.agents']) {
+    mkdirSync(join(home, dir), { recursive: true });
+  }
+
+  const skillDir = join(source, 'skills', 'wip-ai-chat-ui');
+  mkdirSync(join(skillDir, 'references'), { recursive: true });
+  mkdirSync(join(skillDir, 'agents'), { recursive: true });
+  writeFileSync(join(skillDir, 'SKILL.md'), '---\nname: wip-ai-chat-ui\ndescription: "test skill"\n---\n\n# Test Skill\n');
+  writeFileSync(join(skillDir, 'references', 'stack.md'), '# Stack\n');
+  writeFileSync(join(skillDir, 'agents', 'openai.yaml'), 'display_name: "WIP AI Chat UI"\n');
+
+  const { detectInterfacesJSON } = await import('../lib/detect.mjs');
+  const detected = detectInterfacesJSON(source);
+  assert(detected.interfaceCount === 1, 'skill directory repo should expose one interface');
+  assert(detected.interfaces.skill?.skills?.[0]?.name === 'wip-ai-chat-ui', 'skill directory name should be detected');
+
+  const { installFromPath } = await import('../lib/deploy.mjs');
+  const result = await installFromPath(source);
+  assert(result.interfaces === 1, 'skill directory install should process one interface');
+
+  for (const target of [
+    join(home, '.claude', 'skills', 'wip-ai-chat-ui'),
+    join(home, '.openclaw', 'skills', 'wip-ai-chat-ui'),
+    join(home, '.codex', 'skills', 'wip-ai-chat-ui'),
+    join(home, '.agents', 'skills', 'wip-ai-chat-ui'),
+  ]) {
+    assert(existsSync(join(target, 'SKILL.md')), `${target} should include SKILL.md`);
+    assert(existsSync(join(target, 'references', 'stack.md')), `${target} should include references`);
+    assert(existsSync(join(target, 'agents', 'openai.yaml')), `${target} should include agents metadata`);
+    assert(!lstatSync(target).isSymbolicLink(), `${target} should be a deployed directory, not a symlink`);
+  }
+
+  const codexSkill = readFileSync(join(home, '.codex', 'skills', 'wip-ai-chat-ui', 'SKILL.md'), 'utf8');
+  assert(codexSkill.includes('name: wip-ai-chat-ui'), 'Codex target should contain the expected skill');
+
+  console.log('installer skill directory regression passed');
+} finally {
+  rmSync(home, { recursive: true, force: true });
+  rmSync(source, { recursive: true, force: true });
+}

package/scripts/test-installer-skill-dry-run-destinations.mjs

@@ -0,0 +1,100 @@
+#!/usr/bin/env node
+import { mkdirSync, mkdtempSync, rmSync, writeFileSync } from 'node:fs';
+import { join } from 'node:path';
+import { tmpdir } from 'node:os';
+
+const home = mkdtempSync(join(tmpdir(), 'ldm-skill-dry-run-home-'));
+const source = mkdtempSync(join(tmpdir(), 'ldm-skill-dry-run-source-'));
+
+function assert(condition, message) {
+  if (!condition) throw new Error(message);
+}
+
+try {
+  process.env.HOME = home;
+
+  for (const dir of ['.claude', '.openclaw', '.codex', '.agents']) {
+    mkdirSync(join(home, dir), { recursive: true });
+  }
+
+  const workspace = join(home, 'workspace');
+  mkdirSync(workspace, { recursive: true });
+  mkdirSync(join(home, '.ldm'), { recursive: true });
+  writeFileSync(join(home, '.ldm', 'config.json'), JSON.stringify({
+    workspace,
+    harnesses: {
+      'claude-code': {
+        detected: true,
+        home: join(home, '.claude'),
+        skills: join(home, '.claude', 'skills'),
+      },
+      openclaw: {
+        detected: true,
+        home: join(home, '.openclaw'),
+        skills: join(home, '.openclaw', 'skills'),
+      },
+      codex: {
+        detected: true,
+        home: join(home, '.codex'),
+        skills: join(home, '.codex', 'skills'),
+      },
+      'wip-agents': {
+        detected: true,
+        home: join(home, '.agents'),
+        skills: join(home, '.agents', 'skills'),
+      },
+    },
+  }, null, 2));
+
+  mkdirSync(join(source, 'references'), { recursive: true });
+  mkdirSync(join(source, 'agents'), { recursive: true });
+  writeFileSync(join(source, 'package.json'), JSON.stringify({
+    name: '@wipcomputer/wip-ai-chat-ui',
+    version: '0.1.1',
+  }, null, 2));
+  writeFileSync(join(source, 'SKILL.md'), '---\nname: wip-ai-chat-ui\ndescription: "test skill"\n---\n\n# Test Skill\n');
+  writeFileSync(join(source, 'references', 'stack.md'), '# Stack\n');
+  writeFileSync(join(source, 'agents', 'openai.yaml'), 'display_name: "WIP AI Chat UI"\n');
+
+  const { setFlags, installFromPath } = await import('../lib/deploy.mjs');
+
+  const lines = [];
+  const originalLog = console.log;
+  console.log = (...args) => lines.push(args.join(' '));
+
+  try {
+    setFlags({ dryRun: true, jsonOutput: false });
+    const result = await installFromPath(source);
+    assert(result.interfaces === 1, 'dry run should process one skill interface');
+  } finally {
+    console.log = originalLog;
+  }
+
+  const output = lines.join('\n');
+
+  for (const expected of [
+    'Would copy:',
+    '- SKILL.md',
+    '- references/',
+    '- agents/',
+    'Permanent copy:',
+    join(home, '.ldm', 'extensions', 'wip-ai-chat-ui', 'SKILL.md'),
+    join(home, '.ldm', 'extensions', 'wip-ai-chat-ui', 'references/'),
+    'Agent skill targets:',
+    `claude-code: ${join(home, '.claude', 'skills', 'wip-ai-chat-ui')}`,
+    join(home, '.claude', 'skills', 'wip-ai-chat-ui', 'SKILL.md'),
+    `openclaw: ${join(home, '.openclaw', 'skills', 'wip-ai-chat-ui')}`,
+    join(home, '.openclaw', 'skills', 'wip-ai-chat-ui', 'references/'),
+    `codex: ${join(home, '.codex', 'skills', 'wip-ai-chat-ui')}`,
+    `wip-agents: ${join(home, '.agents', 'skills', 'wip-ai-chat-ui')}`,
+    'Workspace docs target:',
+    `${join(workspace, 'settings', 'docs', 'skills', 'wip-ai-chat-ui')} (references/ only)`,
+  ]) {
+    assert(output.includes(expected), `dry-run output should include ${expected}\n\n${output}`);
+  }
+
+  console.log('installer skill dry-run destinations regression passed');
+} finally {
+  rmSync(home, { recursive: true, force: true });
+  rmSync(source, { recursive: true, force: true });
+}

package/scripts/test-installer-target-self-update.mjs

@@ -0,0 +1,131 @@
+#!/usr/bin/env node
+import { chmodSync, mkdirSync, mkdtempSync, readFileSync, rmSync, writeFileSync } from 'node:fs';
+import { tmpdir } from 'node:os';
+import { dirname, join } from 'node:path';
+import { spawnSync } from 'node:child_process';
+import { fileURLToPath } from 'node:url';
+
+const root = dirname(dirname(fileURLToPath(import.meta.url)));
+const cli = readFileSync(join(root, 'bin', 'ldm.js'), 'utf8');
+
+const helperName = 'function maybeSelfUpdateLdmCliBeforeInstall()';
+const helperIdx = cli.indexOf(helperName);
+if (helperIdx === -1) {
+  throw new Error('Missing shared LDM OS self-update preflight helper');
+}
+
+const helperBlock = cli.slice(helperIdx, cli.indexOf('// ── Dead backup trigger cleanup', helperIdx));
+if (!helperBlock.includes('Dry run only: continuing with v${PKG_VERSION}.')) {
+  throw new Error('Self-update helper must warn on dry run without updating');
+}
+
+if (!helperBlock.includes("execSync(`npm install -g @wipcomputer/wip-ldm-os@${latest}`")) {
+  throw new Error('Self-update helper must update LDM OS before real installs');
+}
+
+if (!helperBlock.includes("spawnSync('ldm'")) {
+  throw new Error('Self-update helper must re-run the original install command without shell joining args');
+}
+
+if (helperBlock.includes('process.argv.slice(2).join')) {
+  throw new Error('Self-update helper must preserve argv boundaries when re-running install');
+}
+
+const cmdInstallIdx = cli.indexOf('async function cmdInstall()');
+const lockIdx = cli.indexOf('acquireInstallLock()', cmdInstallIdx);
+const initIdx = cli.indexOf('LDM OS not initialized. Running init first', cmdInstallIdx);
+const targetIdx = cli.indexOf('// Find the target (skip flags)', cmdInstallIdx);
+const preflightCallIdx = cli.indexOf('maybeSelfUpdateLdmCliBeforeInstall();', cmdInstallIdx);
+if (cmdInstallIdx === -1 || targetIdx === -1 || preflightCallIdx === -1) {
+  throw new Error('Could not find cmdInstall self-update placement');
+}
+
+if (preflightCallIdx > lockIdx || preflightCallIdx > initIdx) {
+  throw new Error('Self-update preflight must run before lock acquisition and init work');
+}
+
+if (preflightCallIdx > targetIdx) {
+  throw new Error('Self-update preflight must run before target resolution so app installs are covered');
+}
+
+const catalogIdx = cli.indexOf('async function cmdInstallCatalog()');
+const oldCatalogBlock = cli.indexOf('Self-update: check if CLI itself is outdated', catalogIdx);
+const autoDetectIdx = cli.indexOf('autoDetectExtensions();', catalogIdx);
+if (oldCatalogBlock !== -1 && oldCatalogBlock < autoDetectIdx) {
+  throw new Error('Catalog install should not own the only self-update block');
+}
+
+const tempRoot = mkdtempSync(join(tmpdir(), 'ldm-target-self-update-'));
+try {
+  const home = join(tempRoot, 'home');
+  const fakeBin = join(tempRoot, 'bin');
+  const target = join(tempRoot, 'target skill with spaces');
+
+  mkdirSync(join(home, '.ldm'), { recursive: true });
+  writeFileSync(join(home, '.ldm', 'version.json'), JSON.stringify({
+    version: '0.0.0',
+    installed: new Date().toISOString(),
+    updated: new Date().toISOString(),
+  }, null, 2) + '\n');
+
+  mkdirSync(fakeBin, { recursive: true });
+  const fakeNpm = join(fakeBin, 'npm');
+  writeFileSync(fakeNpm, `#!/usr/bin/env bash
+if [ "$1" = "view" ] && [ "$2" = "@wipcomputer/wip-ldm-os" ] && [ "$3" = "dist-tags.alpha" ]; then
+  echo "99.0.0-alpha.1"
+  exit 0
+fi
+echo "unexpected npm command: $*" >&2
+exit 64
+`);
+  chmodSync(fakeNpm, 0o755);
+
+  mkdirSync(target, { recursive: true });
+  writeFileSync(join(target, 'SKILL.md'), `---
+name: test-target-skill
+description: Test target skill for installer self-update dry-run checks.
+---
+
+# Test Target Skill
+`);
+
+  const result = spawnSync(process.execPath, [
+    join(root, 'bin', 'ldm.js'),
+    'install',
+    '--alpha',
+    '--dry-run',
+    target,
+  ], {
+    cwd: root,
+    encoding: 'utf8',
+    env: {
+      ...process.env,
+      HOME: home,
+      PATH: `${fakeBin}:${process.env.PATH || ''}`,
+    },
+  });
+
+  if (result.status !== 0) {
+    throw new Error(`Runtime dry-run exited ${result.status}\nstdout:\n${result.stdout}\nstderr:\n${result.stderr}`);
+  }
+
+  if (!result.stdout.includes('LDM OS CLI v')) {
+    throw new Error(`Runtime dry-run did not print the LDM OS skew warning\nstdout:\n${result.stdout}`);
+  }
+
+  if (!result.stdout.includes('-> v99.0.0-alpha.1 (alpha track) is available.')) {
+    throw new Error(`Runtime dry-run did not include the selected alpha track version\nstdout:\n${result.stdout}`);
+  }
+
+  if (!result.stdout.includes('Dry run only: continuing with v')) {
+    throw new Error(`Runtime dry-run did not say it would continue without updating\nstdout:\n${result.stdout}`);
+  }
+
+  if (!result.stdout.includes('Installing: target skill with spaces (dry run)')) {
+    throw new Error(`Runtime dry-run did not continue to the targeted install preview\nstdout:\n${result.stdout}`);
+  }
+} finally {
+  rmSync(tempRoot, { recursive: true, force: true });
+}
+
+console.log('targeted install self-update regression checks passed');

package/scripts/test-ldm-status-concurrency.mjs

@@ -0,0 +1,118 @@
+#!/usr/bin/env node
+import { mkdirSync, mkdtempSync, readFileSync, rmSync, writeFileSync } from 'node:fs';
+import { createServer } from 'node:http';
+import { tmpdir } from 'node:os';
+import { dirname, join } from 'node:path';
+import { spawn } from 'node:child_process';
+import { fileURLToPath } from 'node:url';
+
+const root = dirname(dirname(fileURLToPath(import.meta.url)));
+const tempRoot = mkdtempSync(join(tmpdir(), 'ldm-status-concurrency-'));
+const sourceVersion = JSON.parse(readFileSync(join(root, 'package.json'), 'utf8')).version;
+
+function assert(condition, message) {
+  if (!condition) throw new Error(message);
+}
+
+function listen(server) {
+  return new Promise((resolve) => {
+    server.listen(0, '127.0.0.1', () => resolve(server.address()));
+  });
+}
+
+function createRegistryServer(delayMs) {
+  let active = 0;
+  let maxActive = 0;
+  const server = createServer((_req, res) => {
+    active += 1;
+    maxActive = Math.max(maxActive, active);
+    setTimeout(() => {
+      res.setHeader('content-type', 'application/json');
+      res.end(JSON.stringify({ 'dist-tags': { latest: '1.0.0' } }));
+      active -= 1;
+    }, delayMs);
+  });
+  return { server, getMaxActive: () => maxActive };
+}
+
+function writeFixture(home) {
+  const extensions = join(home, '.ldm', 'extensions');
+  mkdirSync(extensions, { recursive: true });
+  writeFileSync(join(home, '.ldm', 'version.json'), JSON.stringify({
+    version: '0.0.0-test',
+    installed: '2026-05-12T00:00:00.000Z',
+    updated: '2026-05-12T00:00:00.000Z',
+  }, null, 2) + '\n');
+
+  const registry = { extensions: {} };
+  for (let i = 1; i <= 8; i += 1) {
+    registry.extensions[`ext-${i}`] = {
+      source: { npm: `ext-${i}` },
+      installed: { version: '1.0.0' },
+    };
+  }
+  writeFileSync(join(extensions, 'registry.json'), JSON.stringify(registry, null, 2) + '\n');
+}
+
+function runStatus({ concurrency, registryUrl, home }) {
+  return new Promise((resolve) => {
+    const child = spawn(process.execPath, [join(root, 'bin', 'ldm.js'), 'status'], {
+      cwd: root,
+      env: {
+        ...process.env,
+        HOME: home,
+        LDM_STATUS_NPM_REGISTRY_URL: registryUrl,
+        LDM_STATUS_NPM_CONCURRENCY: String(concurrency),
+        LDM_STATUS_NPM_TIMEOUT_MS: '2000',
+        LDM_STATUS_TOTAL_BUDGET_MS: '10000',
+      },
+      stdio: ['ignore', 'pipe', 'pipe'],
+    });
+
+    let stdout = '';
+    let stderr = '';
+    child.stdout.setEncoding('utf8');
+    child.stderr.setEncoding('utf8');
+    child.stdout.on('data', chunk => { stdout += chunk; });
+    child.stderr.on('data', chunk => { stderr += chunk; });
+    child.on('close', status => resolve({ status, stdout, stderr }));
+  });
+}
+
+async function runFixture({ concurrency, delayMs }) {
+  const home = join(tempRoot, `home-${concurrency}-${delayMs}`);
+  writeFixture(home);
+  const registry = createRegistryServer(delayMs);
+  const address = await listen(registry.server);
+  const startedAt = Date.now();
+  const result = await runStatus({
+    concurrency,
+    home,
+    registryUrl: `http://${address.address}:${address.port}`,
+  });
+  const elapsedMs = Date.now() - startedAt;
+  registry.server.closeAllConnections();
+  registry.server.close();
+  return { result, elapsedMs, maxActive: registry.getMaxActive() };
+}
+
+try {
+  const concurrent = await runFixture({ concurrency: 4, delayMs: 500 });
+  assert(concurrent.result.status === 0, `concurrent ldm status exited ${concurrent.result.status}\nstdout:\n${concurrent.result.stdout}\nstderr:\n${concurrent.result.stderr}`);
+  assert(concurrent.elapsedMs < 3000, `concurrent ldm status should finish well before serial runtime; elapsed ${concurrent.elapsedMs}ms`);
+  assert(concurrent.maxActive >= 4, `registry server should see concurrent probes; max active ${concurrent.maxActive}`);
+  assert(concurrent.result.stdout.includes(`LDM OS v${sourceVersion}`), `status should print installed LDM OS version\n${concurrent.result.stdout}`);
+  assert(concurrent.result.stdout.includes('Extensions: 8'), `status should print extension count\n${concurrent.result.stdout}`);
+  assert(concurrent.result.stdout.includes('ext-8: checking npm'), `status should check every staged extension\n${concurrent.result.stdout}`);
+  assert(!concurrent.result.stdout.includes('Update checks skipped:'), `concurrent status should not skip checks in this fixture\n${concurrent.result.stdout}`);
+
+  const serialFallback = await runFixture({ concurrency: 1, delayMs: 10 });
+  assert(serialFallback.result.status === 0, `serial fallback ldm status exited ${serialFallback.result.status}\nstdout:\n${serialFallback.result.stdout}\nstderr:\n${serialFallback.result.stderr}`);
+  assert(serialFallback.maxActive === 1, `serial fallback should only run one probe at a time; max active ${serialFallback.maxActive}`);
+  assert(serialFallback.result.stdout.includes('ext-8: checking npm'), `serial fallback should still check every staged extension\n${serialFallback.result.stdout}`);
+  assert(!serialFallback.result.stdout.includes('Update checks skipped:'), `serial fallback should not skip checks in this fixture\n${serialFallback.result.stdout}`);
+} finally {
+  rmSync(tempRoot, { recursive: true, force: true });
+}
+
+console.log('ldm status concurrency regression passed');