cue-ai 0.9.2 → 0.9.4

package/resources/skills/skills/security/trivy-scan/SKILL.md

@@ -0,0 +1,139 @@
+---
+name: trivy-scan
+description: |
+  Scan the repo for dependency CVEs, leaked secrets, and IaC/Dockerfile
+  misconfigs with Trivy, then hard-block HIGH/CRITICAL before a merge.
+  Use when the user says "trivy", "vuln scan", "scan dependencies",
+  "supply chain scan", "scan for CVEs", or "security scan before merge".
+allowed-tools: Bash(Bash:*), Read, Grep, Glob, AskUserQuestion
+category: security
+tags: [security, supply-chain, vulnerability, gate, trivy]
+triggers:
+  - trivy
+  - vuln scan
+  - scan dependencies
+  - supply chain scan
+  - scan before merge
+---
+
+# /trivy-scan: supply-chain vulnerability gate
+
+Trivy (Aqua Security) scans a repo for three classes of problem that
+code review misses: known CVEs in your dependency lockfiles, secrets
+committed to the tree, and misconfigured IaC/Dockerfiles. This skill is
+the **single source of truth** for the pre-merge security gate. The
+reviewer (`/code-review-deep`) and the ship gates (`/ship`, `/autoship`)
+all invoke it. Run it standalone any time with "trivy" or "vuln scan".
+
+## Iron contract
+
+1. **A HIGH or CRITICAL finding blocks the merge.** No exceptions
+   without a logged waiver (see Rules). The gate is the safety, not a
+   prompt. Don't merge past a real finding because it's inconvenient.
+2. **Every reported finding cites the package + CVE + fixed version.**
+   "Trivy found stuff" is not a report. Quote the row.
+3. **Never auto-bump a dependency to silence a finding.** Surface the
+   fixed version; the user decides whether to upgrade now or waive.
+
+## Prerequisites
+
+`trivy` CLI. Check and install if missing (canonical extracted version:
+this skill's `scripts/ensure-trivy.sh`, use it in CI):
+
+```bash
+command -v trivy >/dev/null || brew install trivy 2>/dev/null || sudo pacman -S --noconfirm trivy 2>/dev/null || curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/v0.71.0/contrib/install.sh | sh -s -- -b "$HOME/.local/bin"
+trivy --version
+```
+
+Not in default `apt`/`dnf`, those need the Aqua repo. The script's
+installer fallback is cross-distro. Recipe lives in
+`resources/cli-recipes.json` under `trivy`.
+
+## The gate, one command
+
+```bash
+trivy fs --scanners vuln,secret,misconfig --severity HIGH,CRITICAL --exit-code 1 --no-progress --skip-dirs "**/node_modules" --skip-dirs "**/_cache" --skip-dirs "**/dist" --skip-dirs "**/.next" --skip-dirs "**/vendor" .
+```
+
+- **Exit 0** → no HIGH/CRITICAL findings → gate **PASS**, merge may proceed.
+- **Exit 1** → at least one HIGH/CRITICAL finding → gate **BLOCK**. Report
+  and stop. Do not merge.
+- Any other exit (Trivy error, e.g. DB download failure) → treat as
+  **BLOCK** and report the error. A scan that didn't run is not a pass.
+
+## Steps
+
+1. **Ensure Trivy is installed** (Prerequisites). If it cannot be
+   installed (offline, no network approval), report that the gate could
+   not run and **block**. Do not silently skip.
+
+2. **Pick scope.** Default is the whole working tree (`trivy fs … .`),
+   which catches issues in unchanged files too, the right default for a
+   merge gate. For a fast diff-scoped pass on a huge repo, scan only the
+   changed paths:
+
+   ```bash
+   CHANGED=$(git diff --name-only origin/main...HEAD | tr '\n' ' ')
+   [ -n "$CHANGED" ] && trivy fs --scanners vuln,secret,misconfig --severity HIGH,CRITICAL --exit-code 1 --no-progress $CHANGED
+   ```
+
+   When in doubt, scan the whole tree. A transitive CVE in an untouched
+   lockfile still ships in the merge.
+
+3. **Run the gate command** and capture the exit code (`echo $?`).
+
+4. **Report findings** in this format, one row per finding (see Example).
+
+5. **On BLOCK**, list each finding's remediation (bump to fixed version,
+   remove the secret and rotate it, or fix the misconfig) and stop. Hand
+   the merge decision back to the user with the remediation, not a vibe.
+
+## Example
+
+Gate run that blocks a merge:
+
+```
+$ trivy fs --scanners vuln,secret,misconfig --severity HIGH,CRITICAL --exit-code 1 .
+$ echo $?
+1
+```
+
+Reported as:
+
+```
+[CRITICAL] pkg:lodash@4.17.4 → CVE-2021-23337 (command injection)
+           fixed in 4.17.21 · path: package-lock.json
+[HIGH]     secret: AWS access key · path: config/deploy.env:12  (ROTATE)
+[HIGH]     misconfig: Dockerfile runs as root (DS002) · Dockerfile:1
+```
+
+Verdict: **BLOCK**. Bump lodash to 4.17.21, remove + rotate the AWS key,
+add a non-root `USER` to the Dockerfile, then re-run the gate.
+
+## Waivers
+
+A finding can be waived only with a justification, never blanket-ignored.
+Add the vulnerability ID to `.trivyignore` with a dated comment:
+
+```
+# CVE-2024-1234 transitive via build-only dep, not reachable at runtime.
+# Waived 2026-06-05 by <user>; revisit when upstream patches.
+CVE-2024-1234
+```
+
+A `.trivyignore` entry with no comment is a smell, flag it. Secret
+findings are **never** waivable: a leaked key is always a stop, and it
+must be rotated, not ignored.
+
+## Rules
+
+- HIGH/CRITICAL → merge **blocked**. The exit code is the gate; honor it.
+- A scan that errored or didn't run is a **block**, never a silent pass.
+- Secret findings always block and require rotation, regardless of any
+  severity flag or `.trivyignore` entry.
+- Never auto-upgrade a dependency to clear a finding. Surface the fix.
+- Waivers live in `.trivyignore` with a dated reason. No bare entries.
+- In CI/offline, pre-warm the vuln DB (`trivy fs --download-db-only`) and
+  pass `--skip-db-update` so the gate doesn't fail on a network hiccup.
+- Don't widen `--severity` to MEDIUM/LOW in the merge gate, that's noise
+  that trains people to ignore the gate. Run those on demand only.

package/resources/skills/skills/security/trivy-scan/scripts/ensure-trivy.sh

@@ -0,0 +1,21 @@
+#!/usr/bin/env bash
+# Ensure the Trivy CLI is installed; install via the first method that works.
+# Used by the security/trivy-scan skill as the pre-merge gate's prerequisite.
+set -euo pipefail
+
+if command -v trivy >/dev/null 2>&1; then
+  trivy --version
+  exit 0
+fi
+
+echo "trivy not found, installing..." >&2
+brew install trivy 2>/dev/null \
+  || sudo pacman -S --noconfirm trivy 2>/dev/null \
+  || curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/v0.71.0/contrib/install.sh \
+       | sh -s -- -b "$HOME/.local/bin"
+
+command -v trivy >/dev/null 2>&1 || {
+  echo "FATAL: trivy install failed. Install manually: https://trivy.dev/latest/getting-started/installation/" >&2
+  exit 1
+}
+trivy --version

package/resources/skills/skills/tools/ccusage/SKILL.md

@@ -0,0 +1,142 @@
+---
+name: ccusage
+description: Analyze coding-agent CLI token usage and cost from local logs — Claude Code, Codex, Gemini, Copilot, OpenCode, Amp, Droid and more — as daily, weekly, monthly, or session reports. Use when the user says "ccusage", "how much have I spent", "my token usage", "usage report", "cost breakdown", "how many tokens", or "which model do I use most", or wants to audit AI coding spend. Reads existing logs; no setup.
+allowed-tools: Bash(bunx:*), Bash(npx:*), Bash(ccusage:*)
+category: tools
+tags: [tools, usage, cost, tokens, observability, claude-code, codex]
+metadata:
+  version: 1.0.0
+  homepage: https://ccusage.com
+---
+
+# Coding-agent usage & cost with ccusage
+
+`ccusage` reads the local logs your coding-agent CLIs already write and turns them
+into token-usage and cost reports. It covers Claude Code, Codex, Gemini CLI, GitHub
+Copilot CLI, OpenCode, Amp, Droid, Codebuff, Goose, OpenClaw, Kilo, Kimi, Qwen,
+Hermes, and pi-agent. Nothing to instrument: it parses logs already on disk and
+prices them from a cached LiteLLM snapshot.
+
+## When to activate
+
+- The user asks how much they have spent on Claude Code, Codex, Gemini, or Copilot.
+- The user wants a token-usage or cost report by day, week, month, or session.
+- The user asks which model they use most, or for a per-model cost breakdown.
+- The user says "ccusage", "usage report", "cost breakdown", or "audit my AI spend".
+- The user wants to track usage inside Claude's 5-hour billing windows.
+
+## Examples
+
+Realistic requests and the command each maps to:
+
+- "How much have I spent on Claude Code this month?" → `bunx ccusage claude monthly`
+- "Show my token usage by day across every agent." → `bunx ccusage daily`
+- "Which model am I burning the most on?" → `bunx ccusage daily --breakdown`
+- "What did Codex cost me last week?" → `bunx ccusage codex weekly`
+- "Give me a usage report I can paste into Slack." → `bunx ccusage --compact`
+- "Total my spend between two dates as JSON." → `bunx ccusage daily --since 2026-05-01 --until 2026-05-31 --json | jq '[.daily[].totalCost] | add'`
+
+## Prerequisites
+
+No install needed. Run it on demand with `bunx` (preferred) or `npx`:
+
+```bash
+bunx ccusage --version
+```
+
+`bunx` caches the binary after the first run, so repeat calls are fast. If `bun`
+is missing, `npx ccusage@latest` works the same way. To pin a global copy:
+`npm install -g ccusage`, then call `ccusage` directly.
+
+## Core pattern
+
+Show every detected agent's usage by day, then drill in:
+
+```bash
+bunx ccusage              # all detected sources, by day (default)
+bunx ccusage session      # group by conversation session
+bunx ccusage --json       # same data as structured JSON
+```
+
+Expected output is a colored table with date or session rows and columns for input,
+output, cache-create, and cache-read tokens plus cost in USD. `--json` emits the
+same numbers for scripting.
+
+## Reports
+
+```bash
+bunx ccusage daily        # aggregated by date (default)
+bunx ccusage weekly       # aggregated by week
+bunx ccusage monthly      # aggregated by month
+bunx ccusage session      # grouped by conversation session
+bunx ccusage blocks       # Claude Code 5-hour billing windows, with active-block monitoring
+```
+
+## One agent at a time
+
+Prefix the report with a source name to focus on a single CLI:
+
+```bash
+bunx ccusage claude daily      # Claude Code only
+bunx ccusage codex daily       # Codex
+bunx ccusage gemini daily      # Gemini CLI
+bunx ccusage copilot daily     # GitHub Copilot CLI
+bunx ccusage opencode weekly   # OpenCode
+bunx ccusage amp session       # Amp
+bunx ccusage droid daily       # Droid
+```
+
+Other sources: `codebuff`, `goose`, `openclaw`, `kilo`, `kimi`, `qwen`, `hermes`,
+`pi`. Use `bunx ccusage daily --all` for the explicit unified report.
+
+## Filters and options
+
+```bash
+bunx ccusage daily --since 2026-04-25 --until 2026-05-16   # date range
+bunx ccusage daily --breakdown                              # per-model cost breakdown
+bunx ccusage claude daily --instances                       # group Claude Code by project
+bunx ccusage claude daily --project myproject               # filter to one project
+bunx ccusage daily --no-cost                                # hide cost columns
+bunx ccusage daily --timezone UTC                           # timezone for date grouping
+bunx ccusage daily --offline                                # use cached pricing, no network
+bunx ccusage --compact                                      # narrow table for screenshots
+```
+
+## Programmatic use
+
+Pipe `--json` into `jq` to answer questions in scripts. Top-level keys are the
+report name (`daily`, `weekly`, `monthly`, `sessions`, `blocks`) plus `totals`;
+each row carries `inputTokens`, `outputTokens`, `totalCost`, and `modelBreakdowns`:
+
+```bash
+# Sum cost across every daily row in the report
+bunx ccusage daily --json | jq '[.daily[].totalCost] | add'
+
+# Per-model breakdown for Claude Code
+bunx ccusage claude daily --json --breakdown | jq '.daily[].modelBreakdowns'
+```
+
+Confirm field names with `bunx ccusage daily --json | jq 'keys'` before relying on
+them; the schema can shift between major versions.
+
+## What this skill does NOT do
+
+- It does not bill, charge, or change any account. It only reads local logs.
+- It does not replace `/cost-report`, which queries a separate cost-tracker SQLite
+  database. ccusage needs no tracker and reads raw transcripts instead.
+- It does not upload your logs. Pricing is fetched (or cached with `--offline`);
+  usage data stays on the machine.
+- It cannot report an agent whose logs are absent on this machine.
+
+## Rules
+
+- Prefer `bunx ccusage` over a global install so reports run the latest binary;
+  fall back to `npx ccusage@latest` when `bun` is missing.
+- Use `--offline` on flaky or air-gapped networks. It prices from the cached
+  LiteLLM snapshot instead of fetching, so the command still completes.
+- Reach for `--json` whenever the answer feeds a calculation or another tool, and
+  parse with `jq` rather than eyeballing the table.
+- Pass an explicit source (`ccusage claude ...`) when the user asks about one
+  agent, and `--all` when they want every agent in one report.
+- Add `--since`/`--until` for "this week" or "last month" questions instead of
+  summing rows by hand.

package/src/commands/_index.ts

@@ -57,10 +57,18 @@ export const COMMANDS = {
     summary: "Resolve+materialize a profile then exec claude/codex (hot path)",
     load: () => import("./launch"),
   },
+  install: {
+    summary: "Prepare profile runtimes and optionally install required CLIs",
+    load: () => import("./install"),
+  },
   materialize: {
     summary: "Write skills + MCPs for any agent (cursor, cline, gemini, copilot, etc.)",
     load: () => import("./materialize"),
   },
+  summon: {
+    summary: "Bind a profile into the LIVE session (soft-load + pin), no cold restart",
+    load: () => import("./summon"),
+  },
   quick: {
     summary: "One-shot bare launch — no profile, no skills, fastest cold start",
     load: () => import("./quick"),

package/src/commands/ai.ts

@@ -129,7 +129,7 @@ Options:
     }
 
     if (apply) {
-      writeFileSync(join(process.cwd(), ".cue-profile"), best.name + "\n");
+      writeFileSync(join(process.cwd(), ".cue.profile"), best.name + "\n");
       process.stdout.write(`  ${green("✓")} Pinned ${bold(best.name)} to this directory.\n\n`);
     } else {
       process.stdout.write(`  Use it:  ${bold(`cue use ${best.name}`)}\n`);
@@ -164,7 +164,7 @@ Options:
     const profileDir = join(PROFILES_DIR, profileName);
     mkdirSync(profileDir, { recursive: true });
     writeFileSync(join(profileDir, "profile.yaml"), output);
-    writeFileSync(join(process.cwd(), ".cue-profile"), profileName + "\n");
+    writeFileSync(join(process.cwd(), ".cue.profile"), profileName + "\n");
     process.stdout.write(`\n  ${green("✓")} Created ${bold(profileName)} (inherits from ${inheritsFrom})\n`);
     process.stdout.write(`  ${green("✓")} Pinned to this directory.\n`);
     process.stdout.write(`  Edit: profiles/${profileName}/profile.yaml\n\n`);

package/src/commands/auto-detect.test.ts

@@ -0,0 +1,74 @@
+import { describe, expect, test, beforeEach, afterEach } from "bun:test";
+import { mkdtempSync, rmSync, writeFileSync, readFileSync } from "node:fs";
+import { tmpdir } from "node:os";
+import { join } from "node:path";
+
+import { run } from "./auto-detect";
+
+let tmp: string;
+let origCwd: string;
+
+beforeEach(() => {
+  tmp = mkdtempSync(join(tmpdir(), "cue-autodetect-cli-"));
+  origCwd = process.cwd();
+  process.chdir(tmp);
+});
+afterEach(() => {
+  process.chdir(origCwd);
+  try { rmSync(tmp, { recursive: true, force: true }); } catch {}
+});
+
+async function capture(args: string[]): Promise<{ stdout: string; code: number }> {
+  const origOut = process.stdout.write.bind(process.stdout);
+  let stdout = "";
+  (process.stdout as any).write = (c: string | Uint8Array) => { stdout += String(c); return true; };
+  try {
+    const code = await run(args);
+    return { stdout, code };
+  } finally {
+    (process.stdout as any).write = origOut;
+  }
+}
+
+describe("cue auto-detect (CLI)", () => {
+  test("package.json with stripe dep surfaces the stripe profile", async () => {
+    writeFileSync(join(tmp, "package.json"), JSON.stringify({
+      dependencies: { stripe: "14.0.0" },
+    }));
+    const { stdout, code } = await capture([]);
+    expect(code).toBe(0);
+    expect(stdout).toContain("stripe");
+  });
+
+  test("--json emits v2 suggestions with reasons", async () => {
+    writeFileSync(join(tmp, "package.json"), JSON.stringify({
+      dependencies: { next: "14.0.0", "@aws-sdk/client-s3": "3.0.0" },
+    }));
+    const { stdout, code } = await capture(["--json"]);
+    expect(code).toBe(0);
+    const parsed = JSON.parse(stdout);
+    const profiles = parsed.suggestions.map((s: { profile: string }) => s.profile);
+    expect(profiles).toContain("nextjs");
+    expect(profiles).toContain("aws");
+    for (const s of parsed.suggestions) {
+      expect(Array.isArray(s.reasons)).toBe(true);
+      expect(s.confidence).toBeGreaterThan(0);
+      expect(s.confidence).toBeLessThanOrEqual(1);
+    }
+  });
+
+  test("--apply pins the top v2 match to .cue.profile", async () => {
+    writeFileSync(join(tmp, "package.json"), JSON.stringify({
+      dependencies: { next: "14.0.0" },
+    }));
+    const { code } = await capture(["--apply"]);
+    expect(code).toBe(0);
+    expect(readFileSync(join(tmp, ".cue.profile"), "utf8").trim()).toBe("nextjs");
+  });
+
+  test("empty dir reports no matches", async () => {
+    const { stdout, code } = await capture([]);
+    expect(code).toBe(0);
+    expect(stdout).toContain("No profile matches");
+  });
+});

package/src/commands/auto-detect.ts

@@ -4,7 +4,7 @@
 
 import { writeFileSync } from "node:fs";
 import { join } from "node:path";
-import { detectProfile, } from "../lib/auto-detect";
+import { detectProfileV2 } from "../lib/auto-detect";
 import { scanProject } from "../lib/project-scanner";
 
 export async function run(args: string[]): Promise<number> {
@@ -12,7 +12,10 @@ export async function run(args: string[]): Promise<number> {
   const apply = args.includes("--apply");
   const cwd = process.cwd();
 
-  const results = detectProfile(cwd);
+  // Same detector the launch picker's "Suggested for this cwd" uses, so the
+  // CLI and the picker can never disagree about what this directory looks
+  // like (the old v1 file-signal detector was blind to package.json deps).
+  const results = detectProfileV2(cwd);
   const project = scanProject(cwd);
 
   if (json) {
@@ -36,15 +39,14 @@ export async function run(args: string[]): Promise<number> {
   process.stdout.write("Suggested profiles:\n\n");
   for (let i = 0; i < Math.min(results.length, 5); i++) {
     const r = results[i]!;
-    const signals = r.signals.join(", ");
-    process.stdout.write(`  ${i + 1}. ${r.profile}  (${r.confidence}% match)\n`);
-    process.stdout.write(`     signals: ${signals}\n\n`);
+    process.stdout.write(`  ${i + 1}. ${r.profile}  (${Math.round(r.confidence * 100)}% match)\n`);
+    process.stdout.write(`     signals: ${r.reasons.join(", ")}\n\n`);
   }
 
   if (apply && results.length > 0) {
     const best = results[0]!;
-    writeFileSync(join(cwd, ".cue-profile"), best.profile + "\n");
-    process.stdout.write(`✅ Pinned "${best.profile}" to .cue-profile\n`);
+    writeFileSync(join(cwd, ".cue.profile"), best.profile + "\n");
+    process.stdout.write(`✅ Pinned "${best.profile}" to .cue.profile\n`);
   } else if (!apply && results.length > 0) {
     process.stdout.write(`Run with --apply to pin the top match, or use \`cue init\` for interactive selection.\n`);
   }

package/src/commands/cli.test.ts

@@ -46,17 +46,17 @@ describe("cue cli list", () => {
     expect(installable.length).toBeGreaterThan(5);
   });
 
-  test("no positional + no .cue-profile → usage error", async () => {
+  test("no positional + no .cue.profile → usage error", async () => {
     const orig = process.stderr.write.bind(process.stderr);
     let err = "";
     (process.stderr as any).write = (c: string | Uint8Array) => { err += String(c); return true; };
     try {
-      // run from /tmp so no .cue-profile lookup succeeds
+      // run from /tmp so no .cue.profile lookup succeeds
       const cwd = process.cwd();
       process.chdir("/tmp");
       try {
         const exit = await cliRun(["list"]);
-        // either succeeds via parent .cue-profile resolution, or returns 1 with usage
+        // either succeeds via parent .cue.profile resolution, or returns 1 with usage
         if (exit !== 0) expect(err).toContain("Usage");
       } finally {
         process.chdir(cwd);
@@ -95,11 +95,27 @@ describe("cue cli install", () => {
 
   test("install <known-tool> dry-run produces apt or pip plan", async () => {
     const { stdout } = await capture(() => cliRun(["install", "nmap", "--json"]));
-    const out = JSON.parse(stdout) as { plans: Array<{ cli: string; mode: string; command?: string }> };
+    const out = JSON.parse(stdout) as { plans: Array<{ cli: string; mode: string; command?: string; argv?: string[] }> };
     expect(out.plans).toHaveLength(1);
     expect(out.plans[0]!.cli).toBe("nmap");
     // On Linux with apt available, mode should be apt; otherwise some other available manager.
     expect(["apt", "brew", "dnf", "pacman", "winget", "manual"]).toContain(out.plans[0]!.mode);
+    if (out.plans[0]!.command) expect(out.plans[0]!.argv?.length).toBeGreaterThan(0);
+  });
+
+  test("script recipes are manual unless explicitly allowed", async () => {
+    const blocked = JSON.parse((await capture(() => cliRun(["install", "metasploit", "--json"]))).stdout) as {
+      plans: Array<{ mode: string; command?: string; argv?: string[]; hint?: string }>;
+    };
+    expect(blocked.plans[0]!.mode).toBe("manual");
+    expect(blocked.plans[0]!.command).toBeUndefined();
+    expect(blocked.plans[0]!.hint).toContain("--allow-scripts");
+
+    const allowed = JSON.parse((await capture(() => cliRun(["install", "metasploit", "--allow-scripts", "--json"]))).stdout) as {
+      plans: Array<{ mode: string; command?: string; argv?: string[] }>;
+    };
+    expect(allowed.plans[0]!.mode).toBe("script");
+    expect(allowed.plans[0]!.argv?.[0]).toBe("bash");
   });
 
   test("install <unknown-tool> dry-run reports no recipe", async () => {

package/src/commands/cli.ts

@@ -40,7 +40,12 @@ function which(cmd: string): boolean {
 }
 
 function readRecipes(): Record<string, Recipe> {
-  try { return JSON.parse(readFileSync(RECIPES_PATH, "utf8")); }
+  try {
+    const raw = JSON.parse(readFileSync(RECIPES_PATH, "utf8")) as Record<string, unknown>;
+    return Object.fromEntries(
+      Object.entries(raw).filter(([, v]) => v && typeof v === "object" && !Array.isArray(v)),
+    ) as Record<string, Recipe>;
+  }
   catch { return {}; }
 }
 
@@ -52,28 +57,34 @@ interface InstallPlan {
   cli: string;
   mode: "apt" | "brew" | "dnf" | "pacman" | "snap" | "winget" | "pip" | "pipx" | "npm" | "script" | "manual" | "unknown";
   command?: string;
+  argv?: string[];
   hint?: string;
   needs?: string;
 }
 
-function planInstall(cli: string, recipe: Recipe | undefined): InstallPlan {
+function shellDisplay(argv: string[]): string {
+  return argv.map((part) => /^[a-zA-Z0-9_./:@%+=,-]+$/.test(part) ? part : JSON.stringify(part)).join(" ");
+}
+
+function planInstall(cli: string, recipe: Recipe | undefined, opts: { allowScripts?: boolean } = {}): InstallPlan {
   if (!recipe) return { cli, mode: "unknown", hint: `no recipe for "${cli}" in resources/cli-recipes.json` };
   const os = platform();
-  const tries: Array<[InstallPlan["mode"], string]> = [];
+  const tries: Array<[InstallPlan["mode"], string[]]> = [];
+  const words = (s: string) => s.split(/\s+/).filter(Boolean);
   if (os === "linux") {
-    if (recipe.apt && which("apt"))       tries.push(["apt",    `sudo apt install -y ${recipe.apt}`]);
-    if (recipe.dnf && which("dnf"))       tries.push(["dnf",    `sudo dnf install -y ${recipe.dnf}`]);
-    if (recipe.pacman && which("pacman")) tries.push(["pacman", `sudo pacman -S --noconfirm ${recipe.pacman}`]);
+    if (recipe.apt && which("apt"))       tries.push(["apt",    ["sudo", "apt", "install", "-y", ...words(recipe.apt)]]);
+    if (recipe.dnf && which("dnf"))       tries.push(["dnf",    ["sudo", "dnf", "install", "-y", ...words(recipe.dnf)]]);
+    if (recipe.pacman && which("pacman")) tries.push(["pacman", ["sudo", "pacman", "-S", "--noconfirm", ...words(recipe.pacman)]]);
     // snap as a fallback for tools that aren't in distro repos (helm, terraform, etc.)
     if (recipe.snap && which("snap")) {
       const classic = recipe.snap.includes("--classic") ? "" : " --classic";
       const pkg = recipe.snap.replace(/--classic\s*/, "").trim();
-      tries.push(["snap", `sudo snap install ${pkg}${classic}`]);
+      tries.push(["snap", ["sudo", "snap", "install", pkg, ...words(classic)]]);
     }
   } else if (os === "darwin") {
-    if (recipe.brew && which("brew"))     tries.push(["brew",   `brew install ${recipe.brew}`]);
+    if (recipe.brew && which("brew"))     tries.push(["brew",   ["brew", "install", ...words(recipe.brew)]]);
   } else if (os === "win32") {
-    if (recipe.winget && which("winget")) tries.push(["winget", `winget install --id ${recipe.winget} -e`]);
+    if (recipe.winget && which("winget")) tries.push(["winget", ["winget", "install", "--id", recipe.winget, "-e"]]);
   }
   // Cross-platform language pkg managers as fallback.
   // For Python packages: prefer pipx (isolated, ships its own pip), then pip3
@@ -83,21 +94,23 @@ function planInstall(cli: string, recipe: Recipe | undefined): InstallPlan {
   // available — most pip recipes here are CLI tools, which is exactly what
   // pipx is designed for.
   if (recipe.pipx && which("pipx")) {
-    tries.push(["pipx", `pipx install ${recipe.pipx}`]);
+    tries.push(["pipx", ["pipx", "install", ...words(recipe.pipx)]]);
   } else if (recipe.pip) {
-    if (which("pipx"))     tries.push(["pipx", `pipx install ${recipe.pip}`]);
-    else if (which("pip3")) tries.push(["pip",  `pip3 install --user ${recipe.pip}`]);
-    else                    tries.push(["pip",  `python3 -m pip install --user ${recipe.pip}`]);
+    if (which("pipx"))     tries.push(["pipx", ["pipx", "install", ...words(recipe.pip)]]);
+    else if (which("pip3")) tries.push(["pip",  ["pip3", "install", "--user", ...words(recipe.pip)]]);
+    else                    tries.push(["pip",  ["python3", "-m", "pip", "install", "--user", ...words(recipe.pip)]]);
   }
-  if (recipe.npm && which("npm"))    tries.push(["npm",  `npm install -g ${recipe.npm}`]);
-  if (recipe.script)                 tries.push(["script", recipe.script]);
+  if (recipe.npm && which("npm"))    tries.push(["npm",  ["npm", "install", "-g", ...words(recipe.npm)]]);
+  if (recipe.script && opts.allowScripts) tries.push(["script", ["bash", "-c", recipe.script]]);
 
   if (tries.length === 0) {
-    const manual = recipe.manual ?? `no installer for this OS/recipe`;
+    const manual = recipe.manual ?? (recipe.script
+      ? `script installer requires --allow-scripts: ${recipe.script}`
+      : `no installer for this OS/recipe`);
     return { cli, mode: "manual", hint: manual, needs: recipe.needs };
   }
-  const [mode, command] = tries[0]!;
-  return { cli, mode, command, needs: recipe.needs };
+  const [mode, argv] = tries[0]!;
+  return { cli, mode, argv, command: shellDisplay(argv), needs: recipe.needs };
 }
 
 async function resolveProfileArg(args: string[]): Promise<string | undefined> {
@@ -210,6 +223,7 @@ async function listCmd(args: string[]): Promise<number> {
 async function installCmd(args: string[]): Promise<number> {
   const all = args.includes("--all");
   const yes = args.includes("--yes");
+  const allowScripts = args.includes("--allow-scripts");
   const dryRun = !yes;
   const asJson = args.includes("--json");
   const positional = args.filter((a) => !a.startsWith("-"));
@@ -237,7 +251,7 @@ async function installCmd(args: string[]): Promise<number> {
     return 0;
   }
 
-  const plans = targets.map((cli) => planInstall(cli, recipes[cli]));
+  const plans = targets.map((cli) => planInstall(cli, recipes[cli], { allowScripts }));
   const installable = plans.filter((p) => p.command);
   const manual = plans.filter((p) => !p.command);
 
@@ -271,7 +285,8 @@ async function installCmd(args: string[]): Promise<number> {
   let failed = 0;
   for (const p of installable) {
     process.stdout.write(`\n  ${bold(`→ Installing ${p.cli}`)}\n  ${dim("$ " + p.command)}\n`);
-    const res = spawnSync("bash", ["-c", p.command!], { stdio: "inherit" });
+    const argv = p.argv!;
+    const res = spawnSync(argv[0]!, argv.slice(1), { stdio: "inherit" });
     if (res.status !== 0) {
       process.stdout.write(`  ${red(`✗ ${p.cli} install failed (exit ${res.status})`)}\n`);
       failed++;
@@ -298,6 +313,7 @@ export async function run(args: string[]): Promise<number> {
       process.stderr.write("  cue cli list [profile]\n");
       process.stderr.write("  cue cli install <tool>\n");
       process.stderr.write("  cue cli install --all [profile] [--yes] [--json]\n");
+      process.stderr.write("  cue cli install --all [profile] [--yes] [--allow-scripts]\n");
       return sub ? 1 : 0;
   }
 }

package/src/commands/create-profile.ts

@@ -118,11 +118,11 @@ export async function run(args: string[]): Promise<number> {
   await writeFile(yamlPath, renderYaml(parsed));
 
   if (parsed.pin) {
-    await writeFile(join(process.cwd(), ".cue-profile"), `${parsed.name}\n`);
+    await writeFile(join(process.cwd(), ".cue.profile"), `${parsed.name}\n`);
   }
 
   process.stdout.write(`✓ created ${yamlPath}\n`);
-  if (parsed.pin) process.stdout.write(`✓ pinned to ${process.cwd()}/.cue-profile\n`);
+  if (parsed.pin) process.stdout.write(`✓ pinned to ${process.cwd()}/.cue.profile\n`);
   process.stdout.write(`launch with: claude\n`);
   return 0;
 }