@zhijiewang/openharness 2.30.0 → 2.31.0

package/dist/commands/ai.js

@@ -1,7 +1,11 @@
 /**
  * AI commands — /plan, /review, /roles, /agents, /plugins, /btw, /loop
  */
+import { listRoles } from "../agents/roles.js";
 import { gitDiff, isGitRepo } from "../git/index.js";
+import { addMarketplace, formatInstalledPlugins, formatMarketplaceSearch, getInstalledPlugins, installPlugin, listMarketplaces, removeMarketplace, searchMarketplace, uninstallPlugin, } from "../harness/marketplace.js";
+import { discoverPlugins, discoverSkills } from "../harness/plugins.js";
+import { discoverAgents } from "../services/a2a.js";
 import { handleCybergotchiCommand } from "./cybergotchi.js";
 export function registerAICommands(register) {
     register("btw", "Ask a side question (ephemeral, no tools, not saved to history)", (args) => {
@@ -71,7 +75,6 @@ export function registerAICommands(register) {
         };
     });
     register("roles", "List available agent specialization roles", () => {
-        const { listRoles } = require("../agents/roles.js");
         const roles = listRoles();
         const lines = ["Available agent roles:\n"];
         for (const role of roles) {
@@ -86,7 +89,6 @@ export function registerAICommands(register) {
         return { output: lines.join("\n"), handled: true };
     });
     register("agents", "Discover running openHarness agents on this machine", () => {
-        const { discoverAgents } = require("../services/a2a.js");
         const agents = discoverAgents();
         if (agents.length === 0) {
             return {
@@ -110,8 +112,6 @@ export function registerAICommands(register) {
         return { output: lines.join("\n"), handled: true };
     });
     const pluginsHandler = (args) => {
-        const { discoverPlugins, discoverSkills } = require("../harness/plugins.js");
-        const { searchMarketplace, installPlugin, uninstallPlugin, getInstalledPlugins, listMarketplaces, addMarketplace, removeMarketplace, formatMarketplaceSearch, formatInstalledPlugins, } = require("../harness/marketplace.js");
         const parts = args.trim().split(/\s+/);
         const subcommand = parts[0] ?? "";
         const rest = parts.slice(1).join(" ");

package/dist/commands/git.js

@@ -3,6 +3,7 @@
  */
 import { execSync } from "node:child_process";
 import { gitBranch, gitCommit, gitDiff, gitLog, gitUndo, isGitRepo } from "../git/index.js";
+import { checkpointCount, listCheckpoints, rewindLastCheckpoint } from "../harness/checkpoints.js";
 export function registerGitCommands(register) {
     register("diff", "Show uncommitted git changes", () => {
         if (!isGitRepo()) {
@@ -22,7 +23,6 @@ export function registerGitCommands(register) {
         };
     });
     register("rewind", "Restore files from checkpoint (interactive picker or last)", (args) => {
-        const { rewindLastCheckpoint, listCheckpoints, checkpointCount } = require("../harness/checkpoints.js");
         const checkpoints = listCheckpoints();
         if (checkpoints.length === 0) {
             return { output: "No checkpoints available. Checkpoints are created before file modifications.", handled: true };

package/dist/commands/index.d.ts

@@ -8,7 +8,7 @@
  *   session.ts  — /clear, /compact, /export, /history, /browse, /resume, /fork, /pin, /unpin
  *   git.ts      — /diff, /undo, /rewind, /commit, /log
  *   info.ts     — /help, /cost, /status, /config, /files, /model, /memory, /doctor, /context, /mcp, /init
- *   settings.ts — /theme, /companion, /fast, /keys, /effort, /sandbox, /permissions, /allowed-tools
+ *   settings.ts — /theme, /companion, /fast, /keys, /effort, /permissions, /allowed-tools
  *   ai.ts       — /plan, /review, /roles, /agents, /plugins, /btw, /loop, /cybergotchi
  *   skills.ts   — /skill-create, /skill-delete, /skill-edit, /skill-search, /skill-install
  */

package/dist/commands/index.js

@@ -8,7 +8,7 @@
  *   session.ts  — /clear, /compact, /export, /history, /browse, /resume, /fork, /pin, /unpin
  *   git.ts      — /diff, /undo, /rewind, /commit, /log
  *   info.ts     — /help, /cost, /status, /config, /files, /model, /memory, /doctor, /context, /mcp, /init
- *   settings.ts — /theme, /companion, /fast, /keys, /effort, /sandbox, /permissions, /allowed-tools
+ *   settings.ts — /theme, /companion, /fast, /keys, /effort, /permissions, /allowed-tools
  *   ai.ts       — /plan, /review, /roles, /agents, /plugins, /btw, /loop, /cybergotchi
  *   skills.ts   — /skill-create, /skill-delete, /skill-edit, /skill-search, /skill-install
  */

package/dist/commands/info.js

@@ -10,12 +10,12 @@ import { estimateMessageTokens } from "../harness/context-warning.js";
 import { getContextWindow } from "../harness/cost.js";
 import { getHooks, invalidateHookCache } from "../harness/hooks.js";
 import { discoverPlugins, discoverSkills } from "../harness/plugins.js";
-import { invalidateSandboxCache } from "../harness/sandbox.js";
 import { formatTrace, listTracedSessions, loadTrace } from "../harness/traces.js";
-import { invalidateVerificationCache } from "../harness/verification.js";
+import { getVerificationConfig, invalidateVerificationCache } from "../harness/verification.js";
 import { normalizeMcpConfig } from "../mcp/config-normalize.js";
 import { connectedMcpServers, disconnectMcpClients, loadMcpTools } from "../mcp/loader.js";
 import { getAuthStatus } from "../mcp/oauth.js";
+import { formatRegistry, generateConfigBlock, MCP_REGISTRY, searchRegistry } from "../mcp/registry.js";
 import { getRouteSelection } from "../providers/router.js";
 import { formatHooksReport } from "./hooks-report.js";
 import { mcpLoginHandler, mcpLogoutHandler } from "./mcp-auth.js";
@@ -75,7 +75,6 @@ export function registerInfoCommands(register, getCommandMap) {
                 "fast",
                 "keys",
                 "effort",
-                "sandbox",
                 "permissions",
                 "allowed-tools",
                 "login",
@@ -326,7 +325,6 @@ export function registerInfoCommands(register, getCommandMap) {
         const globalCfg = existsSync(join(homedir(), ".oh", "config.yaml"));
         lines.push(`  Global config: ${globalCfg ? "~/.oh/config.yaml ✓" : "not set (optional)"}`);
         try {
-            const { getVerificationConfig } = require("../harness/verification.js");
             const vCfg = getVerificationConfig();
             if (vCfg?.enabled) {
                 lines.push(`  Verification:  ✓ (${vCfg.rules.length} rules, mode: ${vCfg.mode})`);
@@ -478,7 +476,6 @@ export function registerInfoCommands(register, getCommandMap) {
         return { output: lines.join("\n"), handled: true };
     });
     register("mcp-registry", "Browse and add MCP servers from the curated registry", (args) => {
-        const { searchRegistry, formatRegistry, generateConfigBlock, MCP_REGISTRY } = require("../mcp/registry.js");
         const query = args.trim();
         if (!query) {
             const output = `MCP Server Registry (${MCP_REGISTRY.length} servers)\n${"─".repeat(50)}\n\n${formatRegistry()}\n\nUsage:\n  /mcp-registry <name>    Show install config for a server\n  /mcp-registry <keyword> Search by name, description, or category`;
@@ -753,13 +750,12 @@ export function registerInfoCommands(register, getCommandMap) {
         return { output: lines.join("\n"), handled: true };
     });
     register("reload-plugins", "Hot-reload plugins, skills, hooks, MCP servers and config without restarting the session.", async () => {
-        // Invalidate every cached source — config, hooks, sandbox, verification.
+        // Invalidate every cached source — config, hooks, verification.
         // Skills + plugins aren't cached (each discoverSkills/discoverPlugins call
         // reads fresh) but we still re-run them for the report so the user sees
         // a count consistent with the new on-disk state.
         invalidateConfigCache();
         invalidateHookCache();
-        invalidateSandboxCache();
         invalidateVerificationCache();
         // Tear down + reconnect MCP servers (the live connections aren't
         // cache-driven; they're long-lived sockets that need an explicit
@@ -781,7 +777,7 @@ export function registerInfoCommands(register, getCommandMap) {
         const mcpServers = connectedMcpServers().length;
         const lines = [
             "Hot reload complete:",
-            "  - config + hooks + sandbox + verification: caches invalidated",
+            "  - config + hooks + verification: caches invalidated",
             `  - hook events configured:       ${hookEvents}`,
             `  - MCP servers connected:        ${mcpServers}${mcpError ? ` (error: ${mcpError})` : ""}`,
             `  - MCP tools loaded:             ${mcpTools}`,

package/dist/commands/session.js

@@ -2,7 +2,7 @@
  * Session commands — /clear, /compact, /copy, /export, /history, /browse, /resume, /fork, /pin, /unpin
  */
 import { spawnSync } from "node:child_process";
-import { existsSync, mkdirSync } from "node:fs";
+import { existsSync, mkdirSync, writeFileSync } from "node:fs";
 import { homedir, platform } from "node:os";
 import { dirname, join, resolve } from "node:path";
 import { getContextWindow } from "../harness/cost.js";
@@ -134,7 +134,6 @@ export function registerSessionCommands(register) {
         const body = asJson ? JSON.stringify(ctx.messages, null, 2) : formatMessagesAsMarkdown(ctx.messages);
         try {
             mkdirSync(dirname(filename), { recursive: true });
-            const { writeFileSync } = require("node:fs");
             writeFileSync(filename, body);
             return { output: `Exported ${ctx.messages.length} messages to ${filename}`, handled: true };
         }

package/dist/commands/settings.d.ts

@@ -1,5 +1,5 @@
 /**
- * Settings commands — /theme, /companion, /fast, /keys, /keybindings, /effort, /sandbox, /permissions, /allowed-tools, /trust
+ * Settings commands — /theme, /companion, /fast, /keys, /keybindings, /effort, /permissions, /allowed-tools, /trust
  */
 import type { CommandHandler } from "./types.js";
 export declare function registerSettingsCommands(register: (name: string, description: string, handler: CommandHandler) => void): void;

package/dist/commands/settings.js

@@ -1,5 +1,5 @@
 /**
- * Settings commands — /theme, /companion, /fast, /keys, /keybindings, /effort, /sandbox, /permissions, /allowed-tools, /trust
+ * Settings commands — /theme, /companion, /fast, /keys, /keybindings, /effort, /permissions, /allowed-tools, /trust
  */
 import { spawn } from "node:child_process";
 import { existsSync, mkdirSync, writeFileSync } from "node:fs";
@@ -135,10 +135,6 @@ export function registerSettingsCommands(register) {
         }
         return { output: `Effort level set to: ${level}`, handled: true };
     });
-    register("sandbox", "Show sandbox status and restrictions", () => {
-        const { sandboxStatus } = require("../harness/sandbox.js");
-        return { output: `${sandboxStatus()}\n\nConfigure in .oh/config.yaml under sandbox:`, handled: true };
-    });
     register("permissions", "View or change permission mode (or 'log' for approval history)", (args, ctx) => {
         const trimmed = args.trim();
         if (!trimmed) {

package/dist/commands/skills.js

@@ -1,9 +1,9 @@
 /**
  * Skill management commands — /skills, /skill-create, /skill-delete, /skill-edit, /skill-search, /skill-install
  */
-import { existsSync, mkdirSync, writeFileSync } from "node:fs";
+import { existsSync, mkdirSync, unlinkSync, writeFileSync } from "node:fs";
 import { join } from "node:path";
-import { discoverSkills } from "../harness/plugins.js";
+import { discoverSkills, findSkill } from "../harness/plugins.js";
 export function registerSkillCommands(register) {
     register("skills", "List all available skills", () => {
         const skills = discoverSkills();
@@ -76,12 +76,10 @@ How to confirm the skill worked correctly.
         const name = args.trim();
         if (!name)
             return { output: "Usage: /skill-delete <name>", handled: true };
-        const { findSkill } = require("../harness/plugins.js");
         const skill = findSkill(name);
         if (!skill)
             return { output: `Skill "${name}" not found.`, handled: true };
         try {
-            const { unlinkSync } = require("node:fs");
             unlinkSync(skill.filePath);
             return { output: `Deleted skill: ${skill.filePath}`, handled: true };
         }
@@ -93,7 +91,6 @@ How to confirm the skill worked correctly.
         const name = args.trim();
         if (!name)
             return { output: "Usage: /skill-edit <name>", handled: true };
-        const { findSkill } = require("../harness/plugins.js");
         const skill = findSkill(name);
         if (!skill)
             return { output: `Skill "${name}" not found.`, handled: true };

package/dist/components/InitWizard.js

@@ -15,6 +15,7 @@ import { Box, Text, useInput } from "ink";
 import TextInput from "ink-text-input";
 import { useCallback, useState } from "react";
 import { writeOhConfig } from "../harness/config.js";
+import { MCP_REGISTRY } from "../mcp/registry.js";
 import CybergotchiSetup from "./CybergotchiSetup.js";
 const PROVIDERS = [
     {
@@ -125,7 +126,6 @@ export default function InitWizard({ onDone }) {
         let mcpServers;
         if (selectedMcp.size > 0) {
             try {
-                const { MCP_REGISTRY } = require("../mcp/registry.js");
                 mcpServers = [...selectedMcp]
                     .map((name) => MCP_REGISTRY.find((e) => e.name === name))
                     .filter(Boolean)

package/dist/harness/config.d.ts

@@ -208,14 +208,6 @@ export type OhConfig = {
         enabled?: boolean;
         endpoint?: string;
     };
-    /** Sandbox — filesystem and network restrictions */
-    sandbox?: {
-        enabled?: boolean;
-        allowedPaths?: string[];
-        allowedDomains?: string[];
-        blockNetwork?: boolean;
-        blockedCommands?: string[];
-    };
     /** Remote server security settings */
     remote?: {
         tokens?: string[];

package/dist/harness/config.js

@@ -127,13 +127,9 @@ export function appendToolPermission(toolName, action = "allow", root) {
 }
 export function writeOhConfig(cfg, root) {
     invalidateConfigCache();
-    // Emit configChange hook (lazy import to avoid circular dependency)
-    try {
-        require("./hooks.js").emitHook("configChange", {});
-    }
-    catch {
-        /* ignore */
-    }
+    // Emit configChange hook (dynamic import to avoid circular dependency
+    // with hooks.ts, which imports readOhConfig from this module).
+    import("./hooks.js").then((m) => m.emitHook("configChange", {})).catch(() => { });
     const p = configPath(root);
     mkdirSync(join(root ?? ".", ".oh"), { recursive: true });
     if (cfg.provider === "llamacpp" || cfg.provider === "lmstudio") {

package/dist/harness/plugins.js

@@ -14,6 +14,7 @@ import { existsSync, readdirSync, readFileSync, statSync } from "node:fs";
 import { homedir } from "node:os";
 import { dirname, join, relative } from "node:path";
 import { fileURLToPath } from "node:url";
+import { getInstalledPlugins } from "./marketplace.js";
 const PROJECT_SKILLS_DIR = join(".oh", "skills");
 const GLOBAL_SKILLS_DIR = join(homedir(), ".oh", "skills");
 // Claude Code ecosystem mirror paths (Anthropic convention)
@@ -178,7 +179,6 @@ export function discoverSkills() {
     skills.push(...loadSkillsFromDir(CC_GLOBAL_SKILLS_DIR, "global"));
     // Load skills from installed marketplace plugins (namespaced as plugin-name:skill-name)
     try {
-        const { getInstalledPlugins } = require("./marketplace.js");
         for (const plugin of getInstalledPlugins()) {
             const pluginSkillsDir = join(plugin.cachePath, "skills");
             const pluginSkills = loadSkillsFromDir(pluginSkillsDir, "plugin");

package/dist/harness/project-purge.d.ts

@@ -0,0 +1,56 @@
+/**
+ * `oh project purge` core logic — extracted from the CLI command for testability.
+ *
+ * Deletes per-project openHarness state at a target directory:
+ *   1. The entire `.oh/` directory at that path (config, RULES.md, memory/,
+ *      skills/, agents/, output-styles/, plans/, checkpoints/, exports).
+ *   2. The workspace-trust entry for that path in `~/.oh/trusted-dirs.json`,
+ *      if present.
+ *
+ * What it does NOT touch (these are global-and-cross-project):
+ *   - `~/.oh/sessions/`              session transcripts (may span projects)
+ *   - `~/.oh/credentials.enc`        global API keys
+ *   - `~/.oh/memory/` (etc.)         global counterparts of project state
+ *   - `~/.oh/plugins/`, marketplaces installed plugins
+ *   - `~/.oh/telemetry/`, traces/    global observability data
+ *   - `~/.oh/approvals.log`          append-only audit log
+ *   - `~/.oh/keybindings.json`,
+ *     `~/.oh/config.yaml`            global config
+ *
+ * Mirrors Claude Code's `claude project purge` UX surface (--dry-run, --yes,
+ * default plan + confirm). `--all` and `--interactive` are deferred — openHarness
+ * has no project registry, so `--all` would need a session-cwd scan, and
+ * `--dry-run` already covers the spec for `--interactive`.
+ */
+export type PurgeEntry = {
+    /** Filesystem path that will be removed. */
+    path: string;
+    /** Human-readable label shown in the plan. */
+    label: string;
+    /** Cumulative size in bytes. 0 when the entry is metadata-only (e.g. a trust-store entry). */
+    bytes: number;
+    /** When false, this entry is reported but doesn't currently exist on disk. */
+    exists: boolean;
+    /** When true, removal is via JSON edit instead of `rmSync`. Used for the trust-store entry. */
+    jsonEdit?: boolean;
+};
+export type PurgePlan = {
+    projectPath: string;
+    entries: PurgeEntry[];
+    totalBytes: number;
+};
+/** Format bytes as a short human string (e.g. `1.2 MB`, `342 B`). */
+export declare function formatBytes(bytes: number): string;
+/**
+ * Build the list of things `purge` would delete, without touching the filesystem.
+ * Inspects the `.oh/` directory at `projectPath` and looks for a trust-store entry.
+ */
+export declare function planPurge(projectPath: string): PurgePlan;
+/** Render a plan as a multi-line string for display. */
+export declare function formatPurgePlan(plan: PurgePlan): string;
+/** Execute the plan. Returns the count of successfully removed entries and any errors. */
+export declare function executePurge(plan: PurgePlan): {
+    deleted: number;
+    errors: string[];
+};
+//# sourceMappingURL=project-purge.d.ts.map

package/dist/harness/project-purge.js

@@ -0,0 +1,198 @@
+/**
+ * `oh project purge` core logic — extracted from the CLI command for testability.
+ *
+ * Deletes per-project openHarness state at a target directory:
+ *   1. The entire `.oh/` directory at that path (config, RULES.md, memory/,
+ *      skills/, agents/, output-styles/, plans/, checkpoints/, exports).
+ *   2. The workspace-trust entry for that path in `~/.oh/trusted-dirs.json`,
+ *      if present.
+ *
+ * What it does NOT touch (these are global-and-cross-project):
+ *   - `~/.oh/sessions/`              session transcripts (may span projects)
+ *   - `~/.oh/credentials.enc`        global API keys
+ *   - `~/.oh/memory/` (etc.)         global counterparts of project state
+ *   - `~/.oh/plugins/`, marketplaces installed plugins
+ *   - `~/.oh/telemetry/`, traces/    global observability data
+ *   - `~/.oh/approvals.log`          append-only audit log
+ *   - `~/.oh/keybindings.json`,
+ *     `~/.oh/config.yaml`            global config
+ *
+ * Mirrors Claude Code's `claude project purge` UX surface (--dry-run, --yes,
+ * default plan + confirm). `--all` and `--interactive` are deferred — openHarness
+ * has no project registry, so `--all` would need a session-cwd scan, and
+ * `--dry-run` already covers the spec for `--interactive`.
+ */
+import { existsSync, readdirSync, readFileSync, rmSync, statSync, writeFileSync } from "node:fs";
+import { homedir } from "node:os";
+import { join, resolve } from "node:path";
+/**
+ * Path to the workspace-trust file. Resolved per-call so `OH_TRUST_FILE`
+ * env-var overrides (used by tests) take effect without re-importing.
+ */
+function trustFilePath() {
+    return process.env.OH_TRUST_FILE ?? join(homedir(), ".oh", "trusted-dirs.json");
+}
+/** Walk a directory and return the cumulative size in bytes. Errors swallowed. */
+function dirSize(path) {
+    let total = 0;
+    try {
+        if (!existsSync(path))
+            return 0;
+        const stats = statSync(path);
+        if (stats.isFile())
+            return stats.size;
+        if (!stats.isDirectory())
+            return 0;
+        for (const entry of readdirSync(path)) {
+            total += dirSize(join(path, entry));
+        }
+    }
+    catch {
+        /* permission errors etc. — best-effort sizing */
+    }
+    return total;
+}
+/** Format bytes as a short human string (e.g. `1.2 MB`, `342 B`). */
+export function formatBytes(bytes) {
+    if (bytes < 1024)
+        return `${bytes} B`;
+    if (bytes < 1024 * 1024)
+        return `${(bytes / 1024).toFixed(1)} KB`;
+    if (bytes < 1024 * 1024 * 1024)
+        return `${(bytes / (1024 * 1024)).toFixed(1)} MB`;
+    return `${(bytes / (1024 * 1024 * 1024)).toFixed(2)} GB`;
+}
+/** Normalize a directory the same way `harness/trust.ts` does. Lowercase on Windows. */
+function normalizeForTrust(dir) {
+    const abs = resolve(dir);
+    return process.platform === "win32" ? abs.toLowerCase() : abs;
+}
+/**
+ * Build the list of things `purge` would delete, without touching the filesystem.
+ * Inspects the `.oh/` directory at `projectPath` and looks for a trust-store entry.
+ */
+export function planPurge(projectPath) {
+    const project = resolve(projectPath);
+    const ohDir = join(project, ".oh");
+    const entries = [];
+    if (existsSync(ohDir)) {
+        // Group sub-paths so the plan is informative without listing every file.
+        const knownChildren = [
+            { rel: "config.yaml", label: "Project config (config.yaml)" },
+            { rel: "RULES.md", label: "Project rules (RULES.md)" },
+            { rel: "memory", label: "Memories (.oh/memory/)" },
+            { rel: "skills", label: "Skills (.oh/skills/)" },
+            { rel: "agents", label: "Agent roles (.oh/agents/)" },
+            { rel: "output-styles", label: "Output styles (.oh/output-styles/)" },
+            { rel: "plans", label: "Plans (.oh/plans/)" },
+            { rel: "checkpoints", label: "Checkpoints (.oh/checkpoints/)" },
+        ];
+        for (const child of knownChildren) {
+            const path = join(ohDir, child.rel);
+            if (existsSync(path)) {
+                entries.push({ path, label: child.label, bytes: dirSize(path), exists: true });
+            }
+        }
+        // Anything else under .oh/ that we didn't enumerate (export-*, etc.).
+        try {
+            const explicit = new Set(knownChildren.map((c) => c.rel));
+            for (const name of readdirSync(ohDir)) {
+                if (explicit.has(name))
+                    continue;
+                const path = join(ohDir, name);
+                entries.push({
+                    path,
+                    label: `Other .oh/ entry (${name})`,
+                    bytes: dirSize(path),
+                    exists: true,
+                });
+            }
+        }
+        catch {
+            /* directory unreadable — caught later when we try to remove */
+        }
+        // Finally, add the .oh dir itself so it's removed after children are reported.
+        entries.push({ path: ohDir, label: ".oh/ directory", bytes: 0, exists: true });
+    }
+    // Workspace-trust entry, if any.
+    const trustFile = trustFilePath();
+    if (existsSync(trustFile)) {
+        try {
+            const raw = readFileSync(trustFile, "utf8");
+            const parsed = JSON.parse(raw);
+            if (Array.isArray(parsed.trusted)) {
+                const target = normalizeForTrust(project);
+                const isTrusted = parsed.trusted.some((p) => typeof p === "string" && normalizeForTrust(p) === target);
+                if (isTrusted) {
+                    entries.push({
+                        path: trustFile,
+                        label: "Workspace-trust entry (~/.oh/trusted-dirs.json)",
+                        bytes: 0,
+                        exists: true,
+                        jsonEdit: true,
+                    });
+                }
+            }
+        }
+        catch {
+            /* malformed trust file — nothing to remove */
+        }
+    }
+    const totalBytes = entries.reduce((sum, e) => sum + e.bytes, 0);
+    return { projectPath: project, entries, totalBytes };
+}
+/** Render a plan as a multi-line string for display. */
+export function formatPurgePlan(plan) {
+    const lines = [];
+    lines.push(`Purge plan for ${plan.projectPath}`);
+    lines.push("");
+    if (plan.entries.length === 0) {
+        lines.push("  (nothing to delete — no .oh/ directory and no trust entry)");
+        return lines.join("\n");
+    }
+    for (const entry of plan.entries) {
+        const size = entry.bytes > 0 ? `  [${formatBytes(entry.bytes)}]` : "";
+        lines.push(`  - ${entry.label}${size}`);
+    }
+    lines.push("");
+    lines.push(`Total: ${plan.entries.length} target(s), ${formatBytes(plan.totalBytes)}`);
+    lines.push("");
+    lines.push("Not touched (global state): ~/.oh/sessions/, credentials, plugins,");
+    lines.push("  telemetry, traces, approvals.log, keybindings, global config.");
+    return lines.join("\n");
+}
+/** Execute the plan. Returns the count of successfully removed entries and any errors. */
+export function executePurge(plan) {
+    let deleted = 0;
+    const errors = [];
+    for (const entry of plan.entries) {
+        if (entry.jsonEdit) {
+            // Trust entry — JSON edit, not file delete.
+            try {
+                const raw = readFileSync(entry.path, "utf8");
+                const parsed = JSON.parse(raw);
+                if (Array.isArray(parsed.trusted)) {
+                    const target = normalizeForTrust(plan.projectPath);
+                    const filtered = parsed.trusted.filter((p) => typeof p === "string" && normalizeForTrust(p) !== target);
+                    writeFileSync(entry.path, JSON.stringify({ trusted: filtered }, null, 2));
+                    deleted++;
+                }
+            }
+            catch (err) {
+                errors.push(`${entry.label}: ${err instanceof Error ? err.message : String(err)}`);
+            }
+            continue;
+        }
+        try {
+            if (existsSync(entry.path)) {
+                rmSync(entry.path, { recursive: true, force: true });
+                deleted++;
+            }
+        }
+        catch (err) {
+            errors.push(`${entry.label}: ${err instanceof Error ? err.message : String(err)}`);
+        }
+    }
+    return { deleted, errors };
+}
+//# sourceMappingURL=project-purge.js.map

package/dist/harness/telemetry.js

@@ -15,10 +15,15 @@ import { appendFileSync, existsSync, mkdirSync, readdirSync, readFileSync } from
 import { homedir } from "node:os";
 import { join } from "node:path";
 import { readOhConfig } from "./config.js";
-const TELEMETRY_DIR = join(homedir(), ".oh", "telemetry");
+/**
+ * Telemetry directory. Resolved on each access so `OH_TELEMETRY_DIR` env-var
+ * overrides (used by tests) take effect even after this module loads.
+ */
+function telemetryDir() {
+    return process.env.OH_TELEMETRY_DIR ?? join(homedir(), ".oh", "telemetry");
+}
 // ── State ──
 let _enabled;
-let _sessionFile = null;
 function isEnabled() {
     if (_enabled !== undefined)
         return _enabled;
@@ -26,12 +31,13 @@ function isEnabled() {
     _enabled = config?.telemetry?.enabled === true;
     return _enabled;
 }
+/** Resolve the JSONL path for a sessionId. Stateless — was previously a module-level
+ * singleton that ignored `sessionId` after the first call, causing multi-session
+ * processes (e.g. `--resume`) to write every session into the first one's file. */
 function getSessionFile(sessionId) {
-    if (_sessionFile)
-        return _sessionFile;
-    mkdirSync(TELEMETRY_DIR, { recursive: true });
-    _sessionFile = join(TELEMETRY_DIR, `${sessionId}.jsonl`);
-    return _sessionFile;
+    const dir = telemetryDir();
+    mkdirSync(dir, { recursive: true });
+    return join(dir, `${sessionId}.jsonl`);
 }
 // ── Public API ──
 /** Record a telemetry event (no-op if telemetry disabled) */
@@ -84,7 +90,7 @@ export function recordError(sessionId, category) {
 }
 /** Read local telemetry events for a session */
 export function readSessionEvents(sessionId) {
-    const file = join(TELEMETRY_DIR, `${sessionId}.jsonl`);
+    const file = join(telemetryDir(), `${sessionId}.jsonl`);
     if (!existsSync(file))
         return [];
     try {
@@ -99,15 +105,16 @@ export function readSessionEvents(sessionId) {
 }
 /** Get aggregate stats across all sessions */
 export function getAggregateStats() {
-    if (!existsSync(TELEMETRY_DIR))
+    const dir = telemetryDir();
+    if (!existsSync(dir))
         return { totalSessions: 0, totalEvents: 0, toolUsage: {}, errorCategories: {} };
-    const files = readdirSync(TELEMETRY_DIR).filter((f) => f.endsWith(".jsonl"));
+    const files = readdirSync(dir).filter((f) => f.endsWith(".jsonl"));
     const toolUsage = {};
     const errorCategories = {};
     let totalEvents = 0;
     for (const file of files) {
         try {
-            const lines = readFileSync(join(TELEMETRY_DIR, file), "utf-8").split("\n").filter(Boolean);
+            const lines = readFileSync(join(dir, file), "utf-8").split("\n").filter(Boolean);
             totalEvents += lines.length;
             for (const line of lines) {
                 const event = JSON.parse(line);
@@ -128,6 +135,5 @@ export function getAggregateStats() {
 /** Reset telemetry cache (for testing or config changes) */
 export function resetTelemetry() {
     _enabled = undefined;
-    _sessionFile = null;
 }
 //# sourceMappingURL=telemetry.js.map

package/dist/harness/traces.d.ts

@@ -32,13 +32,36 @@ export declare class SessionTracer {
     private activeSpans;
     private spanCounter;
     private otlp?;
+    /**
+     * Pending spans that have ended but not yet been POSTed to OTLP. Drained
+     * by a microtask-debounced flush (one POST per microtask boundary even if
+     * many spans end in the same tick) and by the public `flush()` method.
+     */
+    private otlpBuffer;
+    private otlpFlushScheduled;
+    /** In-flight fetches so `flush()` can await any POSTs already on the wire. */
+    private otlpInFlight;
     constructor(sessionId: string, otlp?: OTLPConfig);
     /** Start a new span. Returns the span ID. */
     startSpan(name: string, attributes?: Record<string, unknown>, parentSpanId?: string): string;
     /** End a span and record it. */
     endSpan(spanId: string, status?: "ok" | "error", extraAttributes?: Record<string, unknown>): TraceSpan | null;
-    /** Fire-and-forget POST of a single span to the configured OTLP HTTP endpoint. Errors swallowed — telemetry must never crash the agent. */
+    /**
+     * Buffer the span for OTLP shipping. The actual POST is deferred to a
+     * microtask so multiple spans ending in the same tick coalesce into a
+     * single batch POST instead of one fetch each. Errors are swallowed —
+     * telemetry must never crash the agent.
+     */
     private shipSpanOTLP;
+    /** Send whatever is in `otlpBuffer` as a single fire-and-forget POST. The
+     * returned promise is tracked in `otlpInFlight` so `flush()` can await it. */
+    private drainOTLPBuffer;
+    /**
+     * Drain any pending OTLP buffer and await every in-flight POST. Call this at
+     * session end so spans aren't dropped on `process.exit`. No-op when OTLP is
+     * not configured. Errors are swallowed (already, by `drainOTLPBuffer`).
+     */
+    flush(): Promise<void>;
     /** Get all completed spans */
     getSpans(): TraceSpan[];
     /** Get a summary of the trace */