cortex-sync 0.1.0

package/dist/cli.js

@@ -0,0 +1,1090 @@
+#!/usr/bin/env node
+
+// src/cli.ts
+import { Command } from "commander";
+
+// src/commands/convert.ts
+import { readFile as readFile5 } from "fs/promises";
+import { basename, extname, resolve } from "path";
+
+// src/lib/api-key.ts
+import { password as password2, confirm } from "@inquirer/prompts";
+import { existsSync } from "fs";
+import { chmod, readFile as readFile2, writeFile, mkdir } from "fs/promises";
+import { join as join2, dirname } from "path";
+
+// src/lib/config.ts
+import { readFile } from "fs/promises";
+import { homedir } from "os";
+import { join } from "path";
+var CORTEX_DIR = join(homedir(), ".cortex");
+var CONFIG_PATH = join(CORTEX_DIR, "config.json");
+var MANIFEST_PATH = join(CORTEX_DIR, "manifest.json");
+async function loadConfig() {
+  let buf;
+  try {
+    buf = await readFile(CONFIG_PATH);
+  } catch {
+    throw new Error(`No cortex config found at ${CONFIG_PATH}. Run "cortex init" first.`);
+  }
+  return JSON.parse(buf.toString("utf-8"));
+}
+
+// src/lib/crypto.ts
+import { createCipheriv, createDecipheriv, createHash, pbkdf2Sync, randomBytes } from "crypto";
+var MAGIC = Buffer.from("CTXP", "utf-8");
+var VERSION = 1;
+var IV_LEN = 12;
+var TAG_LEN = 16;
+var KEY_LEN = 32;
+var HEADER_LEN = MAGIC.length + 1 + IV_LEN + TAG_LEN;
+var PBKDF2_ITERATIONS = 6e5;
+function deriveKey(passphrase, email) {
+  if (!passphrase) throw new Error("passphrase is required");
+  if (!email) throw new Error("email is required");
+  const salt = createHash("sha256").update(email.toLowerCase().trim()).digest();
+  const key = pbkdf2Sync(passphrase, salt, PBKDF2_ITERATIONS, KEY_LEN, "sha256");
+  return { key };
+}
+function encrypt(plaintext, derived) {
+  const iv = randomBytes(IV_LEN);
+  const cipher = createCipheriv("aes-256-gcm", derived.key, iv);
+  const ciphertext = Buffer.concat([cipher.update(plaintext), cipher.final()]);
+  const tag = cipher.getAuthTag();
+  return Buffer.concat([MAGIC, Buffer.from([VERSION]), iv, tag, ciphertext]);
+}
+function decrypt(blob, derived) {
+  if (blob.length < HEADER_LEN) throw new Error("cortex blob too short");
+  if (!blob.subarray(0, MAGIC.length).equals(MAGIC)) {
+    throw new Error("cortex blob has bad magic bytes");
+  }
+  const version = blob[MAGIC.length];
+  if (version !== VERSION) throw new Error(`cortex blob version ${version} not supported`);
+  const ivStart = MAGIC.length + 1;
+  const iv = blob.subarray(ivStart, ivStart + IV_LEN);
+  const tag = blob.subarray(ivStart + IV_LEN, ivStart + IV_LEN + TAG_LEN);
+  const ciphertext = blob.subarray(HEADER_LEN);
+  const decipher = createDecipheriv("aes-256-gcm", derived.key, iv);
+  decipher.setAuthTag(tag);
+  return Buffer.concat([decipher.update(ciphertext), decipher.final()]);
+}
+function checksumSha256(content) {
+  return createHash("sha256").update(content).digest("hex");
+}
+
+// src/lib/passphrase.ts
+import { password } from "@inquirer/prompts";
+async function readPassphrase() {
+  if (process.env.CORTEX_PASSPHRASE) return process.env.CORTEX_PASSPHRASE;
+  return password({
+    message: "Encryption passphrase:",
+    mask: "*",
+    validate: (v) => v.length >= 12 || "Minimum 12 characters"
+  });
+}
+
+// src/lib/api-key.ts
+var API_KEY_PATH = join2(CORTEX_DIR, "api-key.enc");
+async function loadApiKey() {
+  if (process.env.ANTHROPIC_API_KEY) return process.env.ANTHROPIC_API_KEY;
+  if (existsSync(API_KEY_PATH)) {
+    const config = await loadConfig();
+    const passphrase = await readPassphrase();
+    const derived = deriveKey(passphrase, config.email);
+    const enc = await readFile2(API_KEY_PATH);
+    return decrypt(enc, derived).toString("utf-8").trim();
+  }
+  const key = await password2({
+    message: "Anthropic API key (sk-ant-...):",
+    mask: "*",
+    validate: (v) => v.trim().startsWith("sk-ant-") || "Key should start with sk-ant-"
+  });
+  const save = await confirm({
+    message: "Save encrypted to ~/.cortex/api-key.enc? (requires your sync passphrase)",
+    default: true
+  });
+  if (save) {
+    const config = await loadConfig();
+    const passphrase = await readPassphrase();
+    const derived = deriveKey(passphrase, config.email);
+    const enc = encrypt(Buffer.from(key.trim(), "utf-8"), derived);
+    await mkdir(dirname(API_KEY_PATH), { recursive: true });
+    await writeFile(API_KEY_PATH, enc, { mode: 384 });
+    await chmod(API_KEY_PATH, 384);
+    console.log(`\u2713 API key saved to ${API_KEY_PATH}`);
+  }
+  return key.trim();
+}
+
+// src/converters/shared.ts
+import Anthropic from "@anthropic-ai/sdk";
+function parseSkillMeta(content, fallbackName) {
+  const fm = content.match(/^---\n([\s\S]*?)\n---/);
+  let name = fallbackName;
+  let description;
+  if (fm) {
+    const nameMatch = fm[1].match(/^name:\s*(.+)$/m);
+    const descMatch = fm[1].match(/^description:\s*(.+)$/m);
+    if (nameMatch) name = nameMatch[1].trim();
+    if (descMatch) description = descMatch[1].trim();
+  }
+  return { name, description, body: content };
+}
+async function callClaude(apiKey, systemPrompt, userMessage) {
+  const client = new Anthropic({ apiKey });
+  const msg = await client.messages.create({
+    model: "claude-sonnet-4-6",
+    max_tokens: 4096,
+    system: systemPrompt,
+    messages: [{ role: "user", content: userMessage }]
+  });
+  const block = msg.content[0];
+  if (block.type !== "text") throw new Error("Unexpected response type from Claude API");
+  return block.text;
+}
+
+// src/converters/to-antigravity.ts
+import { mkdir as mkdir2, readFile as readFile3, writeFile as writeFile2 } from "fs/promises";
+import { existsSync as existsSync2 } from "fs";
+import { join as join3 } from "path";
+var SYSTEM_PROMPT = `You are an expert at converting Claude Code skills to Antigravity format.
+
+Claude Code skills are markdown files with frontmatter and instructions that tell the AI assistant how to behave or execute a specific workflow.
+
+Antigravity uses a similar but distinct format:
+- Frontmatter with: name, description, type: skill
+- The skill body should be written as clear, direct instructions
+- Use <artifact> tags for any templates, code patterns, or structured outputs the skill should produce
+- Brain artifacts (content inside <artifact> tags) should have a clear id and optional title
+- Preserve the full intent and precision of the original \u2014 do NOT simplify or water down the instructions
+- If the original skill has step-by-step checklists, keep them
+- If the original skill has conditional logic ("if X do Y"), keep it
+- Adapt Claude Code specific references (like "TodoWrite", "Edit tool") to Antigravity equivalents where possible, or generalize them
+
+Output ONLY the converted skill file content \u2014 no explanations, no markdown code fences.`;
+async function convertToAntigravity(skill, apiKey, outputDir) {
+  const userMessage = `Convert this Claude Code skill to Antigravity format:
+
+${skill.body}`;
+  const converted = await callClaude(apiKey, SYSTEM_PROMPT, userMessage);
+  const skillDir = join3(outputDir, ".agent", "skills", skill.name);
+  const outPath = join3(skillDir, "SKILL.md");
+  const alreadyExists = existsSync2(outPath);
+  if (alreadyExists) {
+    const existing = await readFile3(outPath, "utf-8");
+    if (existing.trim() === converted.trim()) {
+      return outPath;
+    }
+  }
+  await mkdir2(skillDir, { recursive: true });
+  await writeFile2(outPath, converted, "utf-8");
+  return outPath;
+}
+
+// src/converters/to-cursor.ts
+import { readFile as readFile4, writeFile as writeFile3 } from "fs/promises";
+import { existsSync as existsSync3 } from "fs";
+import { join as join4 } from "path";
+var SYSTEM_PROMPT2 = `You are an expert at converting Claude Code skills to Cursor rules.
+
+Claude Code skills are markdown files that encode workflows and behavioral instructions for the AI.
+
+Cursor rules go in a .cursorrules file and guide the Cursor AI assistant in a project. They are:
+- Written as direct instructions ("Always...", "When X, do Y", "Never...")
+- Concise but complete \u2014 don't omit important constraints
+- Project/workflow-focused rather than tool-specific
+- Plain text with minimal markdown (headings and bullet lists are fine)
+
+When converting:
+- Preserve the core intent and all important constraints from the original
+- Replace Claude Code specific tool references with behavior descriptions
+  (e.g. "use the Edit tool" \u2192 "edit files in place", "use TodoWrite" \u2192 "maintain a task list")
+- If the skill has a multi-step workflow, convert it to numbered steps
+- Do NOT lose conditional logic, edge cases, or guardrails \u2014 they are important
+
+Output ONLY the rule content \u2014 no section headers, no explanations, no markdown code fences.
+The calling code will wrap your output with the appropriate section markers.`;
+var SECTION_START = (name) => `## ${name}`;
+var SECTION_END = (name) => `## end ${name}`;
+async function convertToCursor(skill, apiKey, outputDir) {
+  const userMessage = `Convert this Claude Code skill to a Cursor rule block:
+
+${skill.body}`;
+  const converted = await callClaude(apiKey, SYSTEM_PROMPT2, userMessage);
+  const outPath = join4(outputDir, ".cursorrules");
+  let existing = "";
+  if (existsSync3(outPath)) {
+    existing = await readFile4(outPath, "utf-8");
+  }
+  const start = SECTION_START(skill.name);
+  const end = SECTION_END(skill.name);
+  const sectionRegex = new RegExp(
+    `${escapeRegex(start)}[\\s\\S]*?${escapeRegex(end)}\\n?`,
+    "g"
+  );
+  const block = `${start}
+${converted.trim()}
+${end}
+`;
+  const sectionPresent = new RegExp(
+    `${escapeRegex(start)}[\\s\\S]*?${escapeRegex(end)}`
+  ).test(existing);
+  let updated;
+  if (sectionPresent) {
+    updated = existing.replace(sectionRegex, block);
+  } else {
+    const separator = existing.length > 0 && !existing.endsWith("\n\n") ? "\n\n" : "";
+    updated = existing + separator + block;
+  }
+  await writeFile3(outPath, updated, "utf-8");
+  return outPath;
+}
+function escapeRegex(s) {
+  return s.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
+}
+
+// src/commands/convert.ts
+async function convertCommand(skillPath, opts) {
+  const absSkillPath = resolve(skillPath);
+  const outputDir = resolve(opts.outputDir ?? process.cwd());
+  let source;
+  try {
+    source = await readFile5(absSkillPath, "utf-8");
+  } catch {
+    throw new Error(`Cannot read skill file: ${absSkillPath}`);
+  }
+  const fallbackName = basename(absSkillPath, extname(absSkillPath)).toLowerCase();
+  const skill = parseSkillMeta(source, fallbackName);
+  console.log(`Converting "${skill.name}" \u2192 ${opts.to}
+`);
+  const apiKey = await loadApiKey();
+  const targets = opts.to === "all" ? ["antigravity", "cursor"] : [opts.to];
+  for (const target of targets) {
+    process.stdout.write(`  ${target}\u2026 `);
+    let outPath;
+    if (target === "antigravity") {
+      outPath = await convertToAntigravity(skill, apiKey, outputDir);
+    } else {
+      outPath = await convertToCursor(skill, apiKey, outputDir);
+    }
+    console.log(`\u2713 ${outPath}`);
+  }
+  console.log("\nDone.");
+}
+
+// src/commands/init.ts
+import { confirm as confirm2, input, password as password3, select } from "@inquirer/prompts";
+import { access, chmod as chmod2, mkdir as mkdir3, writeFile as writeFile4 } from "fs/promises";
+import { homedir as homedir3 } from "os";
+import { join as join6 } from "path";
+
+// src/adapters/paths.ts
+import { homedir as homedir2, platform } from "os";
+import { join as join5 } from "path";
+function resolveToolPath(tool) {
+  const home = homedir2();
+  switch (tool) {
+    case "claude-code":
+      return join5(home, ".claude");
+    case "antigravity":
+      return join5(home, ".antigravity");
+    case "cursor":
+      return join5(home, ".cursor");
+  }
+}
+
+// src/storage/github.ts
+var GitHubBackend = class {
+  constructor(token, owner, repo) {
+    this.token = token;
+    this.owner = owner;
+    this.repo = repo;
+    this.name = `GitHub (${owner}/${repo})`;
+    this.apiBase = `https://api.github.com/repos/${owner}/${repo}`;
+    this.headers = {
+      Authorization: `Bearer ${token}`,
+      Accept: "application/vnd.github+json",
+      "X-GitHub-Api-Version": "2022-11-28",
+      "User-Agent": "cortex-cli"
+    };
+  }
+  token;
+  owner;
+  repo;
+  name;
+  apiBase;
+  headers;
+  url(path) {
+    return `${this.apiBase}/contents/${path}`;
+  }
+  async getSha(path) {
+    const res = await fetch(this.url(path), { headers: this.headers });
+    if (res.status === 404) return null;
+    if (!res.ok) throw new Error(`GitHub API error ${res.status} on GET ${path}`);
+    const data = await res.json();
+    return data.sha;
+  }
+  async has(path) {
+    const res = await fetch(this.url(path), { headers: this.headers });
+    if (res.status === 404) return false;
+    if (!res.ok) throw new Error(`GitHub API error ${res.status} on has(${path})`);
+    return true;
+  }
+  async read(path) {
+    const res = await fetch(this.url(path), { headers: this.headers });
+    if (!res.ok) throw new Error(`GitHub read failed (${res.status}): ${path}`);
+    const data = await res.json();
+    return Buffer.from(data.content.replace(/\n/g, ""), "base64");
+  }
+  async write(path, content) {
+    const sha = await this.getSha(path);
+    const body = {
+      message: `cortex: update ${path}`,
+      content: content.toString("base64")
+    };
+    if (sha) body.sha = sha;
+    const res = await fetch(this.url(path), {
+      method: "PUT",
+      headers: { ...this.headers, "Content-Type": "application/json" },
+      body: JSON.stringify(body)
+    });
+    if (!res.ok) {
+      const text = await res.text();
+      throw new Error(`GitHub write failed (${res.status}): ${text}`);
+    }
+  }
+  async remove(path) {
+    const sha = await this.getSha(path);
+    if (!sha) return;
+    const res = await fetch(this.url(path), {
+      method: "DELETE",
+      headers: { ...this.headers, "Content-Type": "application/json" },
+      body: JSON.stringify({ message: `cortex: remove ${path}`, sha })
+    });
+    if (!res.ok) {
+      const text = await res.text();
+      throw new Error(`GitHub delete failed (${res.status}): ${text}`);
+    }
+  }
+  async list() {
+    const res = await fetch(`${this.apiBase}/git/trees/HEAD?recursive=1`, {
+      headers: this.headers
+    });
+    if (res.status === 404 || res.status === 409) return [];
+    if (!res.ok) throw new Error(`GitHub list failed (${res.status})`);
+    const data = await res.json();
+    return data.tree.filter((n) => n.type === "blob").map((n) => ({ path: n.path, size: n.size ?? 0 }));
+  }
+};
+async function fetchGitHubUser(token) {
+  const res = await fetch("https://api.github.com/user", {
+    headers: {
+      Authorization: `Bearer ${token}`,
+      Accept: "application/vnd.github+json",
+      "X-GitHub-Api-Version": "2022-11-28",
+      "User-Agent": "cortex-cli"
+    }
+  });
+  if (!res.ok) throw new Error(`GitHub token validation failed (${res.status}). Check your PAT.`);
+  const data = await res.json();
+  return data.login;
+}
+async function ensureGitHubRepo(token, repo) {
+  const res = await fetch("https://api.github.com/user/repos", {
+    method: "POST",
+    headers: {
+      Authorization: `Bearer ${token}`,
+      Accept: "application/vnd.github+json",
+      "X-GitHub-Api-Version": "2022-11-28",
+      "User-Agent": "cortex-cli",
+      "Content-Type": "application/json"
+    },
+    body: JSON.stringify({
+      name: repo,
+      private: true,
+      description: "cortex encrypted backup \u2014 do not modify manually",
+      auto_init: true
+      // creates initial commit so HEAD exists
+    })
+  });
+  if (!res.ok && res.status !== 422) {
+    const text = await res.text();
+    throw new Error(`Failed to create GitHub repo (${res.status}): ${text}`);
+  }
+}
+
+// src/commands/init.ts
+var CORTEX_DIR2 = join6(homedir3(), ".cortex");
+var CONFIG_PATH2 = join6(CORTEX_DIR2, "config.json");
+async function pathExists(p) {
+  try {
+    await access(p);
+    return true;
+  } catch {
+    return false;
+  }
+}
+async function detectInstalledTools() {
+  const candidates = ["claude-code", "antigravity", "cursor"];
+  const detected = [];
+  for (const tool of candidates) {
+    if (await pathExists(resolveToolPath(tool))) detected.push(tool);
+  }
+  return detected;
+}
+async function initCommand() {
+  console.log("cortex init \u2014 configure your sync setup\n");
+  const email = await input({
+    message: "Your email (used as salt for key derivation, never sent anywhere):",
+    validate: (v) => /.+@.+\..+/.test(v) || "Enter a valid email"
+  });
+  const storage = await select({
+    message: "Where do you want to store your synced files?",
+    choices: [
+      { name: "GitHub private repo (PAT \u2014 no OAuth app needed)", value: "github" },
+      { name: "Local folder (Dropbox / iCloud Drive / Syncthing)", value: "local" },
+      { name: "Google Drive \u2014 coming in a later release", value: "gdrive" }
+    ]
+  });
+  let target;
+  let githubToken;
+  let githubOwner;
+  let githubRepo;
+  if (storage === "local") {
+    target = await input({
+      message: "Path to the synced folder (e.g. ~/Dropbox/cortex-backup):",
+      validate: (v) => v.trim().length > 0 || "Required"
+    });
+    target = target.replace(/^~(?=\/|$)/, homedir3());
+  }
+  if (storage === "github") {
+    console.log('\nYou need a GitHub Personal Access Token with "repo" scope.');
+    console.log("Create one at: https://github.com/settings/tokens/new?scopes=repo\n");
+    githubToken = await password3({
+      message: "Paste your GitHub PAT (ghp_...):",
+      mask: "*",
+      validate: (v) => v.trim().startsWith("gh") || "Token should start with gh"
+    });
+    process.stdout.write("Validating token\u2026 ");
+    githubOwner = await fetchGitHubUser(githubToken.trim());
+    console.log(`\u2713 Authenticated as ${githubOwner}`);
+    githubRepo = await input({
+      message: "Repo name for the backup:",
+      default: "cortex-backup",
+      validate: (v) => /^[a-zA-Z0-9_.-]+$/.test(v.trim()) || "Invalid repo name"
+    });
+    process.stdout.write(`Creating private repo ${githubOwner}/${githubRepo}\u2026 `);
+    await ensureGitHubRepo(githubToken.trim(), githubRepo.trim());
+    console.log("\u2713 Ready");
+    githubToken = githubToken.trim();
+    githubRepo = githubRepo.trim();
+  }
+  await password3({
+    message: "Encryption passphrase (min 12 chars, never stored \u2014 keep it safe):",
+    mask: "*",
+    validate: (v) => v.length >= 12 || "Minimum 12 characters"
+  });
+  const detected = await detectInstalledTools();
+  console.log(`
+Detected tools: ${detected.length ? detected.join(", ") : "none"}`);
+  const proceed = await confirm2({ message: "Save configuration?", default: true });
+  if (!proceed) {
+    console.log("Aborted.");
+    return;
+  }
+  await mkdir3(CORTEX_DIR2, { recursive: true });
+  const config = {
+    version: 1,
+    storage,
+    email,
+    target,
+    githubToken,
+    githubOwner,
+    githubRepo,
+    tools: detected,
+    createdAt: (/* @__PURE__ */ new Date()).toISOString()
+  };
+  await writeFile4(CONFIG_PATH2, JSON.stringify(config, null, 2), { mode: 384 });
+  await chmod2(CONFIG_PATH2, 384);
+  console.log(`
+\u2713 Configuration saved to ${CONFIG_PATH2}`);
+  if (storage === "github") {
+    console.log(`Next step: run "cortex sync" \u2014 files will be encrypted and pushed to ${githubOwner}/${githubRepo}.`);
+  } else if (storage === "local") {
+    console.log('Next step: run "cortex sync" to encrypt and upload your files to the local folder.');
+  } else {
+    console.log('Next step: Google Drive backend is not yet implemented \u2014 use --target <path> with "cortex sync" for now.');
+  }
+}
+
+// src/commands/pull.ts
+import { input as input2 } from "@inquirer/prompts";
+import { existsSync as existsSync5 } from "fs";
+import { isAbsolute } from "path";
+
+// src/adapters/claude-code.ts
+import { readdir, readFile as readFile6, writeFile as writeFile5, mkdir as mkdir4, stat } from "fs/promises";
+import { dirname as dirname2, join as join7, relative, resolve as resolve2, sep } from "path";
+var ClaudeCodeAdapter = class {
+  tool = "claude-code";
+  root;
+  constructor(root) {
+    this.root = root ?? resolveToolPath("claude-code");
+  }
+  async *getFiles() {
+    yield* this.walk(this.root);
+  }
+  async putFiles(files) {
+    const resolvedRoot = resolve2(this.root);
+    for await (const f of files) {
+      const dest = resolve2(join7(resolvedRoot, f.relativePath));
+      if (dest !== resolvedRoot && !dest.startsWith(resolvedRoot + sep)) {
+        throw new Error(`Path traversal attempt blocked: ${f.relativePath}`);
+      }
+      await mkdir4(dirname2(dest), { recursive: true });
+      await writeFile5(dest, f.content);
+    }
+  }
+  // Encoded names are lossy (see Fase 0 findings) — callers must resolve the
+  // canonical path from the JSONL `cwd` field, not from this name.
+  getProjectPath(encodedProjectName) {
+    return join7(this.root, "projects", encodedProjectName);
+  }
+  async *walk(dir) {
+    const entries = await readdir(dir, { withFileTypes: true });
+    for (const e of entries) {
+      const full = join7(dir, e.name);
+      if (e.isDirectory()) {
+        yield* this.walk(full);
+      } else if (e.isFile()) {
+        const content = await readFile6(full);
+        const relativePath = relative(this.root, full).split(sep).join("/");
+        const s = await stat(full);
+        yield { relativePath, content, mode: s.mode };
+      }
+    }
+  }
+};
+
+// src/storage/local.ts
+import { access as access2, mkdir as mkdir5, readdir as readdir2, readFile as readFile7, stat as stat2, unlink, writeFile as writeFile6 } from "fs/promises";
+import { dirname as dirname3, join as join8, relative as relative2, resolve as resolve3, sep as sep2 } from "path";
+var LocalFilesystemBackend = class {
+  constructor(root) {
+    this.root = root;
+    this.resolvedRoot = resolve3(root);
+  }
+  root;
+  name = "local";
+  resolvedRoot;
+  /** Resolve and validate that `path` stays within root — throws on traversal. */
+  safePath(path) {
+    const resolved = resolve3(join8(this.resolvedRoot, path));
+    if (resolved !== this.resolvedRoot && !resolved.startsWith(this.resolvedRoot + sep2)) {
+      throw new Error(`Path traversal attempt blocked: ${path}`);
+    }
+    return resolved;
+  }
+  async list() {
+    const out = [];
+    await this.walk(this.resolvedRoot, out);
+    return out;
+  }
+  async has(path) {
+    const safe = this.safePath(path);
+    try {
+      await access2(safe);
+      return true;
+    } catch {
+      return false;
+    }
+  }
+  async read(path) {
+    return readFile7(this.safePath(path));
+  }
+  async write(path, content) {
+    const dest = this.safePath(path);
+    await mkdir5(dirname3(dest), { recursive: true });
+    await writeFile6(dest, content);
+  }
+  async remove(path) {
+    try {
+      await unlink(this.safePath(path));
+    } catch (e) {
+      if (e.code !== "ENOENT") throw e;
+    }
+  }
+  async walk(dir, out) {
+    let entries;
+    try {
+      entries = await readdir2(dir, { withFileTypes: true });
+    } catch (e) {
+      if (e.code === "ENOENT") return;
+      throw e;
+    }
+    for (const e of entries) {
+      const full = join8(dir, e.name);
+      if (e.isDirectory()) {
+        await this.walk(full, out);
+      } else if (e.isFile()) {
+        const s = await stat2(full);
+        const path = relative2(this.resolvedRoot, full).split(sep2).join("/");
+        out.push({ path, size: s.size, mtime: s.mtimeMs });
+      }
+    }
+  }
+};
+
+// src/lib/backend-resolver.ts
+function resolveBackend(config, override) {
+  if (override?.target) {
+    return new LocalFilesystemBackend(override.target);
+  }
+  if (config.storage === "local") {
+    if (!config.target) throw new Error('Local storage requires a target path. Run "cortex init" again.');
+    return new LocalFilesystemBackend(config.target);
+  }
+  if (config.storage === "github") {
+    if (!config.githubToken || !config.githubOwner || !config.githubRepo) {
+      throw new Error('GitHub storage is not fully configured. Run "cortex init" again.');
+    }
+    return new GitHubBackend(config.githubToken, config.githubOwner, config.githubRepo);
+  }
+  throw new Error(
+    `Storage backend "${config.storage}" is not yet implemented. Pass --target <path> to use a local folder for now.`
+  );
+}
+
+// src/lib/manifest.ts
+import { mkdir as mkdir6, readFile as readFile8, writeFile as writeFile7 } from "fs/promises";
+import { dirname as dirname4 } from "path";
+function emptyManifest(tool) {
+  return { version: 1, generatedAt: (/* @__PURE__ */ new Date()).toISOString(), tool, files: {} };
+}
+function diffManifests(local, remote) {
+  const diff = { added: [], modified: [], removed: [], unchanged: [] };
+  const remotePaths = new Set(Object.keys(remote.files));
+  for (const [path, entry] of Object.entries(local.files)) {
+    const remoteEntry = remote.files[path];
+    if (!remoteEntry) diff.added.push(path);
+    else if (remoteEntry.checksum !== entry.checksum) diff.modified.push(path);
+    else diff.unchanged.push(path);
+    remotePaths.delete(path);
+  }
+  diff.removed = [...remotePaths];
+  return diff;
+}
+async function loadManifest(path) {
+  try {
+    const buf = await readFile8(path);
+    return JSON.parse(buf.toString("utf-8"));
+  } catch (e) {
+    if (e.code === "ENOENT") return null;
+    throw e;
+  }
+}
+async function saveManifest(path, manifest) {
+  await mkdir6(dirname4(path), { recursive: true });
+  await writeFile7(path, JSON.stringify(manifest, null, 2));
+}
+
+// src/lib/path-encoder.ts
+function encodeProjectPath(absolutePath) {
+  return absolutePath.replace(/[^a-zA-Z0-9-]/g, "-");
+}
+
+// src/lib/path-mappings.ts
+import { readFile as readFile9, writeFile as writeFile8, mkdir as mkdir7 } from "fs/promises";
+import { existsSync as existsSync4 } from "fs";
+import { dirname as dirname5 } from "path";
+import { join as join9 } from "path";
+var MAPPINGS_PATH = join9(CORTEX_DIR, "path-mappings.json");
+async function loadMappings() {
+  if (!existsSync4(MAPPINGS_PATH)) return {};
+  try {
+    return JSON.parse(await readFile9(MAPPINGS_PATH, "utf-8"));
+  } catch {
+    return {};
+  }
+}
+async function saveMappings(mappings) {
+  await mkdir7(dirname5(MAPPINGS_PATH), { recursive: true });
+  await writeFile8(MAPPINGS_PATH, JSON.stringify(mappings, null, 2), "utf-8");
+}
+
+// src/lib/jsonl-remapper.ts
+function remapPath(value, oldPrefix, newPrefix) {
+  if (typeof value === "string" && value.startsWith(oldPrefix)) {
+    return newPrefix + value.slice(oldPrefix.length);
+  }
+  return value;
+}
+function remapLine(parsed, oldPath, newPath) {
+  if ("cwd" in parsed) {
+    parsed["cwd"] = remapPath(parsed["cwd"], oldPath, newPath);
+  }
+  const tur = parsed["toolUseResult"];
+  if (tur !== null && typeof tur === "object") {
+    const r = tur;
+    if ("filePath" in r) r["filePath"] = remapPath(r["filePath"], oldPath, newPath);
+    const f = r["file"];
+    if (f !== null && typeof f === "object") {
+      const ff = f;
+      if ("filePath" in ff) ff["filePath"] = remapPath(ff["filePath"], oldPath, newPath);
+    }
+  }
+  const msg = parsed["message"];
+  if (msg !== null && typeof msg === "object") {
+    const content = msg["content"];
+    if (Array.isArray(content)) {
+      for (const item of content) {
+        const input3 = item["input"];
+        if (input3 !== null && typeof input3 === "object") {
+          const inp = input3;
+          if ("file_path" in inp) {
+            inp["file_path"] = remapPath(inp["file_path"], oldPath, newPath);
+          }
+        }
+      }
+    }
+  }
+}
+function remapJsonlBuffer(input3, oldPath, newPath) {
+  if (oldPath === newPath) return input3;
+  const parts = [];
+  let lineStart = 0;
+  for (let i = 0; i <= input3.length; i++) {
+    const atEnd = i === input3.length;
+    const byte = atEnd ? void 0 : input3[i];
+    const isLF = byte === 10;
+    if (!isLF && !atEnd) continue;
+    const lineEnd = i;
+    let contentEnd = lineEnd;
+    if (contentEnd > lineStart && input3[contentEnd - 1] === 13) {
+      contentEnd--;
+    }
+    const lineBytes = input3.slice(lineStart, contentEnd);
+    const eolBytes = input3.slice(contentEnd, isLF ? lineEnd + 1 : lineEnd);
+    const lineStr = lineBytes.toString("utf-8").trim();
+    if (lineStr.length > 0) {
+      try {
+        const parsed = JSON.parse(lineStr);
+        remapLine(parsed, oldPath, newPath);
+        parts.push(Buffer.from(JSON.stringify(parsed), "utf-8"));
+      } catch {
+        parts.push(lineBytes);
+      }
+    } else {
+      parts.push(lineBytes);
+    }
+    parts.push(eolBytes);
+    lineStart = i + 1;
+  }
+  return Buffer.concat(parts);
+}
+function extractCwdFromJsonl(input3) {
+  const text = input3.toString("utf-8");
+  for (const line of text.split("\n")) {
+    const trimmed = line.trim();
+    if (!trimmed) continue;
+    try {
+      const parsed = JSON.parse(trimmed);
+      if (typeof parsed["cwd"] === "string" && parsed["cwd"].length > 0) {
+        return parsed["cwd"];
+      }
+    } catch {
+      continue;
+    }
+  }
+  return null;
+}
+
+// src/commands/pull.ts
+async function resolveLocalPath(projectId, originalPath, mappings) {
+  const key = projectId ?? originalPath;
+  if (mappings[key]) return mappings[key];
+  if (projectId && mappings[originalPath]) return mappings[originalPath];
+  if (existsSync5(originalPath)) return originalPath;
+  console.log(`
+Project not found on this machine:`);
+  console.log(`  Original path: ${originalPath}`);
+  if (projectId) console.log(`  Project ID:    ${projectId}`);
+  const answer = await input2({
+    message: "Local path (leave empty to skip this project):"
+  });
+  if (!answer.trim()) return null;
+  return answer.trim();
+}
+async function pullCommand(opts = {}) {
+  const config = await loadConfig();
+  const passphrase = await readPassphrase();
+  const derived = deriveKey(passphrase, config.email);
+  const adapter = new ClaudeCodeAdapter();
+  const backend = resolveBackend(config, { target: opts.target });
+  console.log(`Pull source: ${backend.name}${opts.target ? ` (${opts.target})` : ""}
+`);
+  if (!await backend.has("manifest.json.enc")) {
+    throw new Error('Remote has no manifest. Run "cortex sync" on another machine first.');
+  }
+  const enc = await backend.read("manifest.json.enc");
+  const remote = JSON.parse(decrypt(enc, derived).toString("utf-8"));
+  const local = await loadManifest(MANIFEST_PATH) ?? emptyManifest("claude-code");
+  const diff = diffManifests(remote, local);
+  const toPull = [...diff.added, ...diff.modified];
+  console.log(
+    `Diff \u2014 to download: ${toPull.length} (new: ${diff.added.length}, changed: ${diff.modified.length}), to remove locally: ${diff.removed.length}`
+  );
+  const mappings = await loadMappings();
+  const dirRemap = /* @__PURE__ */ new Map();
+  if (remote.projects) {
+    let mappingsDirty = false;
+    for (const [encodedDir, meta] of Object.entries(remote.projects)) {
+      if (!isAbsolute(meta.originalPath)) {
+        console.warn(`Skipping project "${encodedDir}": originalPath is not absolute.`);
+        dirRemap.set(encodedDir, null);
+        continue;
+      }
+      const localPath = await resolveLocalPath(meta.projectId, meta.originalPath, mappings);
+      if (localPath === null) {
+        dirRemap.set(encodedDir, null);
+        continue;
+      }
+      const key = meta.projectId ?? meta.originalPath;
+      if (mappings[key] !== localPath) {
+        mappings[key] = localPath;
+        mappingsDirty = true;
+      }
+      const newEncoded = encodeProjectPath(localPath);
+      dirRemap.set(encodedDir, newEncoded);
+    }
+    if (mappingsDirty) await saveMappings(mappings);
+  }
+  async function* gen() {
+    for (const path of toPull) {
+      const blob = await backend.read("files/" + path);
+      const content = decrypt(blob, derived);
+      const expected = remote.files[path].checksum;
+      const actual = checksumSha256(content);
+      if (expected !== actual) {
+        throw new Error(`Checksum mismatch on ${path}: expected ${expected}, got ${actual}`);
+      }
+      const m = path.match(/^(projects\/([^/]+))\/(.*\.jsonl)$/);
+      if (m && dirRemap.has(m[2])) {
+        const oldEncodedDir = m[2];
+        const newEncodedDir = dirRemap.get(oldEncodedDir);
+        if (newEncodedDir === null) continue;
+        const originalPath = remote.projects?.[oldEncodedDir]?.originalPath;
+        let remappedContent = content;
+        let relativePath = path;
+        if (originalPath) {
+          const localPath = mappings[remote.projects[oldEncodedDir].projectId ?? originalPath] ?? originalPath;
+          remappedContent = remapJsonlBuffer(content, originalPath, localPath);
+        }
+        if (newEncodedDir !== oldEncodedDir) {
+          relativePath = `projects/${newEncodedDir}/${m[3]}`;
+        }
+        yield { relativePath, content: remappedContent };
+      } else {
+        yield { relativePath: path, content };
+      }
+    }
+  }
+  await adapter.putFiles(gen());
+  await saveManifest(MANIFEST_PATH, remote);
+  console.log(`
+\u2713 Pull complete \u2014 ${toPull.length} files restored.`);
+}
+
+// src/commands/status.ts
+async function statusCommand(opts = {}) {
+  const config = await loadConfig();
+  const passphrase = await readPassphrase();
+  const derived = deriveKey(passphrase, config.email);
+  const adapter = new ClaudeCodeAdapter();
+  const backend = resolveBackend(config, { target: opts.target });
+  console.log(`Backend: ${backend.name}
+`);
+  const local = emptyManifest("claude-code");
+  for await (const f of adapter.getFiles()) {
+    local.files[f.relativePath] = {
+      checksum: checksumSha256(f.content),
+      size: f.content.length,
+      encryptedSize: 0
+    };
+  }
+  let remote = emptyManifest("claude-code");
+  if (await backend.has("manifest.json.enc")) {
+    const enc = await backend.read("manifest.json.enc");
+    remote = JSON.parse(decrypt(enc, derived).toString("utf-8"));
+  } else {
+    console.log("(remote has no manifest yet)");
+  }
+  const diff = diffManifests(local, remote);
+  console.log(`  added locally:    ${diff.added.length}`);
+  console.log(`  modified locally: ${diff.modified.length}`);
+  console.log(`  only on remote:   ${diff.removed.length}`);
+  console.log(`  unchanged:        ${diff.unchanged.length}`);
+  if (remote.generatedAt) console.log(`
+Last remote sync: ${remote.generatedAt}`);
+}
+
+// src/lib/secrets-detector.ts
+var PATTERNS = [
+  { name: "AWS Access Key", regex: /AKIA[0-9A-Z]{16}/g },
+  { name: "GitHub Token", regex: /gh[pousr]_[A-Za-z0-9]{36,}/g },
+  { name: "OpenAI Key", regex: /sk-(proj-)?[A-Za-z0-9_-]{40,}/g },
+  { name: "Anthropic Key", regex: /sk-ant-[A-Za-z0-9_-]{40,}/g },
+  { name: "Stripe Live Key", regex: /sk_live_[A-Za-z0-9]{24,}/g },
+  { name: "Google API Key", regex: /AIza[A-Za-z0-9_-]{35}/g },
+  { name: "Slack Token", regex: /xox[baprs]-[A-Za-z0-9-]{10,}/g },
+  { name: "Private Key", regex: /-----BEGIN[ A-Z]*PRIVATE KEY-----/g }
+];
+function detectSecrets(content) {
+  const text = typeof content === "string" ? content : content.toString("utf-8");
+  const matches = [];
+  for (const p of PATTERNS) {
+    const regex = new RegExp(p.regex.source, p.regex.flags);
+    let m;
+    while ((m = regex.exec(text)) !== null) {
+      matches.push({ pattern: p.name, preview: m[0].slice(0, 8) + "\u2026" });
+    }
+  }
+  return matches;
+}
+
+// src/lib/project-identifier.ts
+import { execSync } from "child_process";
+import { existsSync as existsSync6, readFileSync } from "fs";
+import { join as join10 } from "path";
+function runGit(cwd, args) {
+  try {
+    return execSync(`git ${args}`, {
+      cwd,
+      stdio: ["ignore", "pipe", "ignore"],
+      encoding: "utf-8",
+      timeout: 5e3
+      // 5 s max — avoids hanging on unreachable remotes
+    }).trim();
+  } catch {
+    return null;
+  }
+}
+function identifyProject(dir) {
+  const override = join10(dir, "cortex.json");
+  if (existsSync6(override)) {
+    try {
+      const data = JSON.parse(readFileSync(override, "utf-8"));
+      if (typeof data.projectId === "string" && data.projectId.length > 0) {
+        return { projectId: data.projectId.trim(), method: "cortex-json" };
+      }
+    } catch {
+    }
+  }
+  const remoteUrl = runGit(dir, "config --get remote.origin.url");
+  if (remoteUrl) {
+    const normalized = remoteUrl.replace(/\.git$/i, "").toLowerCase().trim();
+    return { projectId: normalized, method: "git-remote" };
+  }
+  const firstCommit = runGit(dir, "rev-list --max-parents=0 HEAD");
+  if (firstCommit) {
+    return { projectId: `git:${firstCommit}`, method: "first-commit" };
+  }
+  return null;
+}
+
+// src/commands/sync.ts
+async function syncCommand(opts = {}) {
+  const config = await loadConfig();
+  const passphrase = await readPassphrase();
+  const derived = deriveKey(passphrase, config.email);
+  const adapter = new ClaudeCodeAdapter();
+  const backend = resolveBackend(config, { target: opts.target });
+  console.log(`Sync target: ${backend.name}${opts.target ? ` (${opts.target})` : ""}
+`);
+  console.log("Reading local files\u2026");
+  const local = emptyManifest("claude-code");
+  const contents = /* @__PURE__ */ new Map();
+  for await (const f of adapter.getFiles()) {
+    contents.set(f.relativePath, f.content);
+    local.files[f.relativePath] = {
+      checksum: checksumSha256(f.content),
+      size: f.content.length,
+      encryptedSize: 0
+    };
+  }
+  console.log(`  ${contents.size} files`);
+  local.projects = {};
+  const seenDirs = /* @__PURE__ */ new Set();
+  for (const [path, content] of contents) {
+    const m = path.match(/^projects\/([^/]+)\/[^/]+\.jsonl$/);
+    if (!m || seenDirs.has(m[1])) continue;
+    const encodedDir = m[1];
+    seenDirs.add(encodedDir);
+    const cwd = extractCwdFromJsonl(content);
+    if (!cwd) continue;
+    const info = identifyProject(cwd);
+    local.projects[encodedDir] = { projectId: info?.projectId ?? null, originalPath: cwd };
+  }
+  if (!opts.skipSecretsCheck) {
+    const findings = [];
+    for (const [path, content] of contents) {
+      for (const s of detectSecrets(content)) findings.push({ file: path, ...s });
+    }
+    if (findings.length) {
+      console.warn(`
+\u26A0 Found ${findings.length} potential secrets:`);
+      for (const f of findings.slice(0, 10)) {
+        console.warn(`  - ${f.file}: ${f.pattern} (${f.preview})`);
+      }
+      if (findings.length > 10) console.warn(`  \u2026and ${findings.length - 10} more`);
+      console.warn("Files are encrypted before upload, but consider removing real secrets.");
+      console.warn("Use --skip-secrets-check to bypass.\n");
+    }
+  }
+  console.log("Loading remote manifest\u2026");
+  let remote = emptyManifest("claude-code");
+  if (await backend.has("manifest.json.enc")) {
+    const enc = await backend.read("manifest.json.enc");
+    remote = JSON.parse(decrypt(enc, derived).toString("utf-8"));
+  }
+  const diff = diffManifests(local, remote);
+  console.log(
+    `Diff \u2014 added: ${diff.added.length}, modified: ${diff.modified.length}, removed: ${diff.removed.length}, unchanged: ${diff.unchanged.length}`
+  );
+  for (const path of [...diff.added, ...diff.modified]) {
+    const content = contents.get(path);
+    const enc = encrypt(content, derived);
+    local.files[path].encryptedSize = enc.length;
+    await backend.write("files/" + path, enc);
+  }
+  for (const path of diff.removed) {
+    await backend.remove("files/" + path);
+  }
+  for (const path of diff.unchanged) {
+    local.files[path].encryptedSize = remote.files[path].encryptedSize;
+  }
+  const encryptedManifest = encrypt(Buffer.from(JSON.stringify(local), "utf-8"), derived);
+  await backend.write("manifest.json.enc", encryptedManifest);
+  await saveManifest(MANIFEST_PATH, local);
+  console.log(
+    `
+\u2713 Sync complete \u2014 ${diff.added.length + diff.modified.length} uploaded, ${diff.removed.length} deleted.`
+  );
+}
+
+// src/cli.ts
+var program = new Command();
+program.name("cortex").description("Sync Claude Code context between machines with path remapping").version("0.0.1");
+program.command("init").description("Configure Cortex: pick storage, set passphrase, detect tools").action(initCommand);
+program.command("sync").description("Encrypt local files and upload to the configured storage").option("--target <path>", "Override storage to a local folder (overrides config)").option("--skip-secrets-check", "Skip the regex scan for API keys before encrypting").action(syncCommand);
+program.command("pull").description("Download from storage and restore into ~/.claude/").option("--target <path>", "Override storage to a local folder (overrides config)").action(pullCommand);
+program.command("status").description("Show what is out of sync between local files and storage").option("--target <path>", "Override storage to a local folder (overrides config)").action(statusCommand);
+program.command("convert <skill-file>").description("Convert a Claude Code skill to Antigravity or Cursor format").requiredOption("--to <target>", "Target format: antigravity | cursor | all").option("--output-dir <path>", "Project root where output files are written (default: cwd)").action((skillFile, opts) => {
+  const validTargets = ["antigravity", "cursor", "all"];
+  if (!validTargets.includes(opts.to)) {
+    console.error(`Invalid target "${opts.to}". Use: antigravity, cursor, or all`);
+    process.exit(1);
+  }
+  return convertCommand(skillFile, { to: opts.to, outputDir: opts.outputDir });
+});
+await program.parseAsync(process.argv);