cli4ai 0.8.2 → 0.9.0

package/src/core/config.ts

@@ -2,7 +2,7 @@
  * Global cli4ai configuration (~/.cli4ai/)
  */
 
-import { readFileSync, writeFileSync, mkdirSync, existsSync, readdirSync, lstatSync, realpathSync } from 'fs';
+import { readFileSync, writeFileSync, mkdirSync, existsSync, readdirSync, lstatSync, realpathSync, openSync, closeSync, unlinkSync, renameSync } from 'fs';
 import { resolve, join, normalize } from 'path';
 import { homedir } from 'os';
 import { outputError, log } from '../lib/cli.js';
@@ -69,12 +69,17 @@ export function isPathSafe(path: string): boolean {
 // PATHS
 // ═══════════════════════════════════════════════════════════════════════════
 
-export const CLI4AI_HOME = resolve(homedir(), '.cli4ai');
+export const CLI4AI_HOME = process.env.CLI4AI_HOME
+  ? resolve(process.env.CLI4AI_HOME)
+  : resolve(homedir(), '.cli4ai');
 export const CONFIG_FILE = resolve(CLI4AI_HOME, 'config.json');
 export const PACKAGES_DIR = resolve(CLI4AI_HOME, 'packages');
 export const CACHE_DIR = resolve(CLI4AI_HOME, 'cache');
 export const ROUTINES_DIR = resolve(CLI4AI_HOME, 'routines');
+export const SCHEDULER_DIR = resolve(CLI4AI_HOME, 'scheduler');
 export const CREDENTIALS_FILE = resolve(CLI4AI_HOME, 'credentials.json');
+const CONFIG_LOCK_FILE = CONFIG_FILE + '.lock';
+const CONFIG_TMP_FILE = CONFIG_FILE + '.tmp';
 
 // Local project paths
 export const LOCAL_DIR = '.cli4ai';
@@ -91,7 +96,7 @@ export interface Config {
   localRegistries: string[];
 
   // Runtime defaults
-  defaultRuntime: 'bun' | 'node';
+  defaultRuntime: 'node';
 
   // MCP defaults
   mcp: {
@@ -116,9 +121,9 @@ export interface InstalledPackage {
 // ═══════════════════════════════════════════════════════════════════════════
 
 export const DEFAULT_CONFIG: Config = {
-  registry: 'https://registry.cliforai.com',
+  registry: 'https://registry.cli4ai.com',
   localRegistries: [],
-  defaultRuntime: 'bun',
+  defaultRuntime: 'node',
   mcp: {
     transport: 'stdio',
     port: 3100
@@ -134,7 +139,7 @@ export const DEFAULT_CONFIG: Config = {
  * Ensure ~/.cli4ai directory exists with required subdirectories
  */
 export function ensureCli4aiHome(): void {
-  const dirs = [CLI4AI_HOME, PACKAGES_DIR, CACHE_DIR, ROUTINES_DIR];
+  const dirs = [CLI4AI_HOME, PACKAGES_DIR, CACHE_DIR, ROUTINES_DIR, SCHEDULER_DIR];
 
   for (const dir of dirs) {
     if (!existsSync(dir)) {
@@ -200,30 +205,26 @@ function deepMerge(target: Config, source: Partial<Config>): Config {
  * Load global config, creating defaults if needed
  */
 export function loadConfig(): Config {
-  ensureCli4aiHome();
-
-  if (!existsSync(CONFIG_FILE)) {
-    saveConfig(DEFAULT_CONFIG);
-    return DEFAULT_CONFIG;
-  }
-
-  try {
-    const content = readFileSync(CONFIG_FILE, 'utf-8');
-    const data = JSON.parse(content);
-    // Deep merge with defaults to handle missing nested fields (e.g., mcp.port)
-    return deepMerge(DEFAULT_CONFIG, data);
-  } catch {
-    log(`Warning: Invalid config file, using defaults`);
-    return DEFAULT_CONFIG;
-  }
+  return withConfigLock(() => loadConfigUnlocked());
 }
 
 /**
  * Save global config
  */
 export function saveConfig(config: Config): void {
-  ensureCli4aiHome();
-  writeFileSync(CONFIG_FILE, JSON.stringify(config, null, 2) + '\n');
+  withConfigLock(() => saveConfigUnlocked(config));
+}
+
+/**
+ * Update config with a read-modify-write lock to avoid cross-process races.
+ */
+export function updateConfig(mutator: (config: Config) => Config): Config {
+  return withConfigLock(() => {
+    const current = loadConfigUnlocked();
+    const next = mutator(current);
+    saveConfigUnlocked(next);
+    return next;
+  });
 }
 
 /**
@@ -238,9 +239,10 @@ export function getConfigValue<K extends keyof Config>(key: K): Config[K] {
  * Set a config value
  */
 export function setConfigValue<K extends keyof Config>(key: K, value: Config[K]): void {
-  const config = loadConfig();
-  config[key] = value;
-  saveConfig(config);
+  updateConfig((config) => {
+    config[key] = value;
+    return config;
+  });
 }
 
 // ═══════════════════════════════════════════════════════════════════════════
@@ -295,7 +297,6 @@ function isRegistryPathSafe(registryPath: string): boolean {
  * Add a local registry path
  */
 export function addLocalRegistry(path: string): void {
-  const config = loadConfig();
   const absolutePath = resolve(path);
 
   // SECURITY: Validate registry path is not in sensitive system directories
@@ -317,28 +318,190 @@ export function addLocalRegistry(path: string): void {
     });
   }
 
-  if (!config.localRegistries.includes(safePath)) {
-    config.localRegistries.push(safePath);
-    saveConfig(config);
-    log(`Added local registry: ${safePath}`);
-  }
+  let added = false;
+  updateConfig((config) => {
+    if (!config.localRegistries.includes(safePath)) {
+      config.localRegistries.push(safePath);
+      added = true;
+    }
+    return config;
+  });
+  if (added) log(`Added local registry: ${safePath}`);
 }
 
 /**
  * Remove a local registry path
  */
 export function removeLocalRegistry(path: string): void {
-  const config = loadConfig();
   const absolutePath = resolve(path);
-  const index = config.localRegistries.indexOf(absolutePath);
+  const safePath = validateSymlinkTarget(absolutePath) ?? absolutePath;
+
+  let removed = false;
+  updateConfig((config) => {
+    const index = config.localRegistries.indexOf(safePath);
+    if (index !== -1) {
+      config.localRegistries.splice(index, 1);
+      removed = true;
+    }
+    return config;
+  });
+  if (removed) log(`Removed local registry: ${safePath}`);
+}
 
-  if (index !== -1) {
-    config.localRegistries.splice(index, 1);
-    saveConfig(config);
-    log(`Removed local registry: ${absolutePath}`);
+function sleepSync(ms: number): void {
+  if (ms <= 0) return;
+  try {
+    const buf = new SharedArrayBuffer(4);
+    const view = new Int32Array(buf);
+    Atomics.wait(view, 0, 0, ms);
+  } catch {
+    const end = Date.now() + ms;
+    while (Date.now() < end) {
+      // busy wait (best effort)
+    }
+  }
+}
+
+function isPidRunning(pid: number): boolean {
+  try {
+    process.kill(pid, 0);
+    return true;
+  } catch {
+    return false;
   }
 }
 
+function isLockStale(lockPath: string, staleMs: number): boolean {
+  try {
+    const stat = lstatSync(lockPath);
+    if (Date.now() - stat.mtimeMs > staleMs) return true;
+  } catch {
+    return false;
+  }
+
+  try {
+    const raw = readFileSync(lockPath, 'utf-8');
+    const parsed = JSON.parse(raw) as { pid?: unknown; createdAt?: unknown };
+    const pid = typeof parsed.pid === 'number' ? parsed.pid : null;
+    const createdAtMs =
+      typeof parsed.createdAt === 'number'
+        ? parsed.createdAt
+        : typeof parsed.createdAt === 'string'
+          ? Date.parse(parsed.createdAt)
+          : NaN;
+
+    if (pid !== null && !isPidRunning(pid)) return true;
+    if (Number.isFinite(createdAtMs) && Date.now() - createdAtMs > staleMs) return true;
+  } catch {
+    // ignore parse errors (fall back to mtime check above)
+  }
+
+  return false;
+}
+
+function acquireLock(lockPath: string, timeoutMs: number, staleMs: number): number {
+  const start = Date.now();
+  while (true) {
+    try {
+      const fd = openSync(lockPath, 'wx');
+      try {
+        writeFileSync(fd, JSON.stringify({ pid: process.pid, createdAt: new Date().toISOString() }) + '\n');
+      } catch {
+        // best effort
+      }
+      return fd;
+    } catch (err) {
+      const code = (err as NodeJS.ErrnoException).code;
+      if (code !== 'EEXIST') {
+        throw err;
+      }
+
+      if (isLockStale(lockPath, staleMs)) {
+        try {
+          unlinkSync(lockPath);
+          continue;
+        } catch {
+          // fall through to wait
+        }
+      }
+
+      if (Date.now() - start > timeoutMs) {
+        throw new Error(`Timed out waiting for config lock: ${lockPath}`);
+      }
+
+      sleepSync(25);
+    }
+  }
+}
+
+function releaseLock(lockPath: string, fd: number): void {
+  try {
+    closeSync(fd);
+  } catch {
+    // ignore
+  }
+  try {
+    unlinkSync(lockPath);
+  } catch {
+    // ignore
+  }
+}
+
+let configLockDepth = 0;
+let configLockFd: number | null = null;
+
+function withConfigLock<T>(fn: () => T): T {
+  const timeoutMs = 2000;
+  const staleMs = 30000;
+
+  if (configLockDepth > 0) {
+    configLockDepth++;
+    try {
+      return fn();
+    } finally {
+      configLockDepth--;
+    }
+  }
+
+  configLockDepth = 1;
+  const fd = acquireLock(CONFIG_LOCK_FILE, timeoutMs, staleMs);
+  configLockFd = fd;
+
+  try {
+    return fn();
+  } finally {
+    configLockFd = null;
+    configLockDepth = 0;
+    releaseLock(CONFIG_LOCK_FILE, fd);
+  }
+}
+
+function loadConfigUnlocked(): Config {
+  ensureCli4aiHome();
+
+  if (!existsSync(CONFIG_FILE)) {
+    saveConfigUnlocked(DEFAULT_CONFIG);
+    return DEFAULT_CONFIG;
+  }
+
+  try {
+    const content = readFileSync(CONFIG_FILE, 'utf-8');
+    const data = JSON.parse(content);
+    // Deep merge with defaults to handle missing nested fields (e.g., mcp.port)
+    return deepMerge(DEFAULT_CONFIG, data);
+  } catch {
+    log(`Warning: Invalid config file, using defaults`);
+    return DEFAULT_CONFIG;
+  }
+}
+
+function saveConfigUnlocked(config: Config): void {
+  ensureCli4aiHome();
+  const content = JSON.stringify(config, null, 2) + '\n';
+  writeFileSync(CONFIG_TMP_FILE, content);
+  renameSync(CONFIG_TMP_FILE, CONFIG_FILE);
+}
+
 // ═══════════════════════════════════════════════════════════════════════════
 // INSTALLED PACKAGES TRACKING
 // ═══════════════════════════════════════════════════════════════════════════
@@ -580,7 +743,18 @@ export function getNpmGlobalPackages(): InstalledPackage[] {
  * Try to find a package in a global directory
  */
 function findPackageInGlobalDir(globalDir: string, name: string): InstalledPackage | null {
+  // SECURITY: Validate name to prevent path traversal
+  if (name.includes('..') || name.includes('/') || name.includes('\\') || name.startsWith('.')) {
+    return null;
+  }
+
   const scopedPath = resolve(globalDir, '@cli4ai', name);
+
+  // SECURITY: Verify resolved path is under globalDir
+  if (!scopedPath.startsWith(resolve(globalDir))) {
+    return null;
+  }
+
   if (!existsSync(scopedPath)) return null;
 
   const manifestPath = resolve(scopedPath, 'cli4ai.json');

package/src/core/execute.ts

@@ -10,13 +10,26 @@ import { spawn, spawnSync } from 'child_process';
 import { resolve } from 'path';
 import { existsSync, readFileSync } from 'fs';
 import { createInterface } from 'readline';
-import { platform } from 'os';
+import { platform, homedir } from 'os';
 import { log } from '../lib/cli.js';
 import { findPackage } from './config.js';
 import { loadManifest, type Manifest } from './manifest.js';
 import { getSecret } from './secrets.js';
 import { checkPackageIntegrity } from './lockfile.js';
 
+/**
+ * Expand ~ to home directory in paths
+ */
+function expandTilde(path: string): string {
+  if (path.startsWith('~/')) {
+    return resolve(homedir(), path.slice(2));
+  }
+  if (path === '~') {
+    return homedir();
+  }
+  return path;
+}
+
 export type ExecuteCaptureMode = 'inherit' | 'pipe';
 
 export interface ExecuteToolOptions {
@@ -38,7 +51,7 @@ export interface ExecuteToolResult {
   stderr?: string;
   packagePath: string;
   entryPath: string;
-  runtime: 'bun' | 'node';
+  runtime: 'node';
 }
 
 export class ExecuteToolError extends Error {
@@ -81,12 +94,12 @@ const INSTALL_COMMANDS: Record<string, { check: string; install: Record<string,
     },
     description: 'Media processing tool'
   },
-  'bun': {
-    check: 'bun --version',
+  'node': {
+    check: 'node --version',
     install: {
-      darwin: 'curl -fsSL https://bun.sh/install | bash',
-      linux: 'curl -fsSL https://bun.sh/install | bash',
-      win32: 'powershell -c "irm bun.sh/install.ps1 | iex"'
+      darwin: 'brew install node',
+      linux: 'curl -fsSL https://deb.nodesource.com/setup_lts.x | sudo -E bash - && sudo apt-get install -y nodejs',
+      win32: 'winget install OpenJS.NodeJS.LTS'
     },
     description: 'JavaScript runtime'
   }
@@ -145,6 +158,12 @@ async function installDependency(name: string): Promise<boolean> {
   log(`\n📦 ${name} - ${info.description}`);
   log(`   Install command: ${installCmd}\n`);
 
+  // SECURITY: Warn about curl|bash pattern
+  if (installCmd.includes('curl') && (installCmd.includes('| bash') || installCmd.includes('|bash'))) {
+    log(`⚠️  SECURITY WARNING: This command downloads and executes a script from the internet.`);
+    log(`   Only proceed if you trust the source (${name}).\n`);
+  }
+
   const shouldInstall = await confirm(`Install ${name}?`);
   if (!shouldInstall) return false;
 
@@ -282,7 +301,8 @@ async function checkAndPromptSecrets(pkgPath: string, pkgName: string): Promise<
   const missingRequired: Array<{ key: string; description?: string }> = [];
 
   for (const [key, def] of Object.entries(envDefs)) {
-    const value = getSecret(key);
+    // SECURITY: Use package-scoped secret lookup (tries scoped first, then global)
+    const value = getSecret(key, pkgName);
 
     if (value) {
       secretsEnv[key] = value;
@@ -305,27 +325,39 @@ async function checkAndPromptSecrets(pkgPath: string, pkgName: string): Promise<
       throw new ExecuteToolError('ENV_MISSING', `${key} is required to run ${pkgName}`, {
         package: pkgName,
         secret: key,
-        hint: `Set it with: cli4ai secrets set ${key}`
+        hint: `Set it with: cli4ai secrets set ${key} --scope ${pkgName}`
       });
     }
 
-    setSecret(key, value);
-    secretsEnv[key] = value;
-    log(`  ✓ ${key} saved to vault\n`);
+    // Expand ~ to home directory for paths
+    const expandedValue = expandTilde(value);
+    // SECURITY: Store secret scoped to package
+    setSecret(key, expandedValue, pkgName);
+    secretsEnv[key] = expandedValue;
+    log(`  ✓ ${key} saved to vault (scoped to ${pkgName})\n`);
   }
 
   log('');
   return secretsEnv;
 }
 
-function buildRuntimeCommand(entryPath: string, manifest: Manifest, cmdArgs: string[]): { execCmd: string; execArgs: string[]; runtime: 'bun' | 'node' } {
-  const runtime = manifest.runtime || 'bun';
-  switch (runtime) {
-    case 'node':
-      return { execCmd: 'node', execArgs: [entryPath, ...cmdArgs], runtime: 'node' };
-    case 'bun':
-    default:
-      return { execCmd: 'bun', execArgs: ['run', entryPath, ...cmdArgs], runtime: 'bun' };
+function buildRuntimeCommand(entryPath: string, cmdArgs: string[]): { execCmd: string; execArgs: string[]; runtime: 'node' } {
+  // Use tsx for TypeScript files, node for JavaScript
+  if (entryPath.endsWith('.ts') || entryPath.endsWith('.tsx')) {
+    return { execCmd: 'npx', execArgs: ['tsx', entryPath, ...cmdArgs], runtime: 'node' };
+  }
+  return { execCmd: 'node', execArgs: [entryPath, ...cmdArgs], runtime: 'node' };
+}
+
+async function ensureRuntimeAvailable(): Promise<void> {
+  if (!commandExists('node')) {
+    log('⚠️  Node.js is required to run this tool\n');
+    const installed = await installDependency('node');
+    if (!installed) {
+      throw new ExecuteToolError('MISSING_DEPENDENCY', 'Node.js is required', {
+        hint: 'Install Node.js: https://nodejs.org/en/download/'
+      });
+    }
   }
 }
 
@@ -378,15 +410,7 @@ export async function executeTool(options: ExecuteToolOptions): Promise<ExecuteT
     log('');
   }
 
-  if (!commandExists('bun')) {
-    log('⚠️  bun is required to run cli4ai tools\n');
-    const installed = await installDependency('bun');
-    if (!installed) {
-      throw new ExecuteToolError('MISSING_DEPENDENCY', 'bun is required', {
-        hint: 'Install bun: curl -fsSL https://bun.sh/install | bash'
-      });
-    }
-  }
+  await ensureRuntimeAvailable();
 
   await checkPeerDependencies(pkg.path);
 
@@ -403,7 +427,7 @@ export async function executeTool(options: ExecuteToolOptions): Promise<ExecuteT
   if (options.command) cmdArgs.push(options.command);
   cmdArgs.push(...options.args);
 
-  const { execCmd, execArgs, runtime } = buildRuntimeCommand(entryPath, manifest, cmdArgs);
+  const { execCmd, execArgs, runtime } = buildRuntimeCommand(entryPath, cmdArgs);
 
   const teeStderr = options.teeStderr ?? true;
 

package/src/core/link.test.ts

@@ -2,7 +2,7 @@
  * Tests for link.ts
  */
 
-import { describe, test, expect, beforeEach, afterEach } from 'bun:test';
+import { describe, test, expect, beforeEach, afterEach } from 'vitest';
 import { mkdtempSync, rmSync, readFileSync, writeFileSync, existsSync, statSync, mkdirSync } from 'fs';
 import { join, resolve } from 'path';
 import { tmpdir, homedir } from 'os';
@@ -36,7 +36,7 @@ describe('link', () => {
     name,
     version,
     entry: 'run.ts',
-    runtime: 'bun'
+    runtime: 'node'
   });
 
   describe('C4AI_BIN constant', () => {
@@ -101,7 +101,7 @@ describe('link', () => {
       expect(existsSync(binPath)).toBe(true);
       const content = readFileSync(binPath, 'utf-8');
       expect(content).toContain('#!/bin/sh');
-      expect(content).toContain('bun run');
+      expect(content).toContain('npx tsx');
       expect(content).toContain('run.ts');
     });
 
@@ -123,7 +123,7 @@ describe('link', () => {
       expect(content).not.toContain('node run');
     });
 
-    test('defaults to bun runtime', () => {
+    test('defaults to node runtime with tsx for TypeScript', () => {
       const manifest: Manifest = {
         name: 'no-runtime',
         version: '1.0.0',
@@ -135,7 +135,7 @@ describe('link', () => {
       const binPath = linkPackageDirect(manifest, packagePath);
 
       const content = readFileSync(binPath, 'utf-8');
-      expect(content).toContain('bun run');
+      expect(content).toContain('npx tsx');
     });
 
     test('includes full path to entry', () => {

package/src/core/link.ts

@@ -81,7 +81,18 @@ exec cli4ai run ${safeName} "$@"
 `;
 
   writeFileSync(binPath, script);
-  chmodSync(binPath, 0o755);
+  if (process.platform !== 'win32') {
+    chmodSync(binPath, 0o755);
+  }
+
+  // Windows compatibility: generate .cmd and .ps1 launchers
+  if (process.platform === 'win32') {
+    const cmdContent = `@echo off\r\ncli4ai run ${manifest.name} %*\r\nexit /b %errorlevel%\r\n`;
+    writeFileSync(binPath + '.cmd', cmdContent);
+
+    const ps1Content = `& cli4ai run ${manifest.name} @args\nexit $LASTEXITCODE\n`;
+    writeFileSync(binPath + '.ps1', ps1Content);
+  }
 
   return binPath;
 }
@@ -104,25 +115,18 @@ export function linkPackageDirect(manifest: Manifest, packagePath: string): stri
 
   const binPath = join(C4AI_BIN, manifest.name);
   const entryPath = resolve(packagePath, manifest.entry);
-  const runtime = manifest.runtime || 'bun';
 
   // SECURITY: Shell-escape the entry path to prevent injection
   const safeEntryPath = shellEscape(entryPath);
   const safeName = shellEscape(manifest.name);
   const safeVersion = shellEscape(manifest.version);
 
-  // Build runtime command based on runtime type
-  // - bun: bun run <file>
-  // - node: node <file>
+  // Build runtime command - use tsx for TypeScript, node for JavaScript
   let execCommand: string;
-  switch (runtime) {
-    case 'node':
-      execCommand = `node ${safeEntryPath}`;
-      break;
-    case 'bun':
-    default:
-      execCommand = `bun run ${safeEntryPath}`;
-      break;
+  if (entryPath.endsWith('.ts') || entryPath.endsWith('.tsx')) {
+    execCommand = `npx tsx ${safeEntryPath}`;
+  } else {
+    execCommand = `node ${safeEntryPath}`;
   }
 
   // Create wrapper script that runs the tool directly
@@ -134,7 +138,26 @@ exec ${execCommand} "$@"
 `;
 
   writeFileSync(binPath, script);
-  chmodSync(binPath, 0o755);
+  if (process.platform !== 'win32') {
+    chmodSync(binPath, 0o755);
+  }
+
+  // Windows compatibility: generate .cmd and .ps1 launchers
+  if (process.platform === 'win32') {
+    const quotedEntry = `"${entryPath.replaceAll('"', '""')}"`;
+
+    let cmdContent: string;
+    let ps1Content: string;
+    if (entryPath.endsWith('.ts') || entryPath.endsWith('.tsx')) {
+      cmdContent = `@echo off\r\nnpx tsx ${quotedEntry} %*\r\nexit /b %errorlevel%\r\n`;
+      ps1Content = `& npx tsx ${quotedEntry} @args\nexit $LASTEXITCODE\n`;
+    } else {
+      cmdContent = `@echo off\r\nnode ${quotedEntry} %*\r\nexit /b %errorlevel%\r\n`;
+      ps1Content = `& node ${quotedEntry} @args\nexit $LASTEXITCODE\n`;
+    }
+    writeFileSync(binPath + '.cmd', cmdContent);
+    writeFileSync(binPath + '.ps1', ps1Content);
+  }
 
   return binPath;
 }
@@ -143,21 +166,38 @@ exec ${execCommand} "$@"
  * Remove executable link for a package
  */
 export function unlinkPackage(packageName: string): boolean {
-  const binPath = join(C4AI_BIN, packageName);
+  // SECURITY: Validate package name to prevent path traversal
+  if (!isShellSafe(packageName) || packageName.includes('..')) {
+    throw new Error(`Invalid package name: ${packageName}`);
+  }
 
-  if (existsSync(binPath)) {
-    unlinkSync(binPath);
-    return true;
+  const basePath = join(C4AI_BIN, packageName);
+  const candidates = process.platform === 'win32'
+    ? [basePath, basePath + '.cmd', basePath + '.ps1']
+    : [basePath];
+
+  let removed = false;
+  for (const path of candidates) {
+    if (existsSync(path)) {
+      unlinkSync(path);
+      removed = true;
+    }
   }
 
-  return false;
+  return removed;
 }
 
 /**
  * Check if a package is linked
  */
 export function isPackageLinked(packageName: string): boolean {
-  return existsSync(join(C4AI_BIN, packageName));
+  const basePath = join(C4AI_BIN, packageName);
+  if (existsSync(basePath)) return true;
+  if (process.platform === 'win32') {
+    if (existsSync(basePath + '.cmd')) return true;
+    if (existsSync(basePath + '.ps1')) return true;
+  }
+  return false;
 }
 
 /**

package/src/core/lockfile.test.ts

@@ -2,7 +2,7 @@
  * Tests for lockfile.ts
  */
 
-import { describe, test, expect, beforeEach, afterEach } from 'bun:test';
+import { describe, test, expect, beforeEach, afterEach } from 'vitest';
 import { mkdtempSync, rmSync, readFileSync, writeFileSync } from 'fs';
 import { join } from 'path';
 import { tmpdir } from 'os';