joonecli 0.1.1 → 0.2.0

package/docs/08_roadmap.md

@@ -1,200 +0,0 @@
-# Implementation Roadmap
-
-We will tackle this project moving from the foundation outward.
-
-## Milestone 1: The Foundation (Core Execution & Caching) ✅
-
-**Goal:** Build a basic agent that successfully executes simple loops while maintaining a 100% cache prefix validity across turns.
-
-1. ~~**Setup Project**: Initialize the repository based on the chosen Tech Stack.~~
-2. ~~**The Prompt Builder Engine**: Build the class responsible for layering static instruction strings, tools, and message arrays cleanly.~~
-3. **Core Tooling**: Implement `bash_executor` and `file_reader` / `file_writer`.
-4. **Basic Event Loop**: Implement a while loop that queries the LLM and runs the exact tool.
-
-## Milestone 2: CLI Packaging & Provider Selection
-
-**Goal:** Package joone as an installable CLI tool with dynamic LLM provider configuration, streaming output, and secure API key management.
-
-### 2a. Config Manager (`src/cli/config.ts`)
-
-1. **`JooneConfig` interface**: Define shape: `provider`, `model`, `apiKey`, `maxTokens`, `temperature`, `streaming`.
-2. **`loadConfig()`**: Reads `~/.joone/config.json`. Returns sensible defaults if file doesn't exist.
-3. **`saveConfig(config)`**: Writes JSON to `~/.joone/config.json`. Sets file permissions to `600` (owner-only).
-4. **Env var fallback**: If `apiKey` is missing from config, check `ANTHROPIC_API_KEY`, `OPENAI_API_KEY`, etc.
-
-### 2b. Model Factory (`src/cli/modelFactory.ts`)
-
-1. **`createModel(config)`**: Factory function that switches on `config.provider`.
-2. **Dynamic imports**: Uses `await import("@langchain/anthropic")` etc. to avoid bundling all providers.
-3. **Missing package detection**: If the import fails, print `"Provider X requires @langchain/X. Run: npm install @langchain/X"`.
-4. **API key validation**: Throws a descriptive error if the API key is missing for the selected provider.
-5. **Supported providers** (9+): Anthropic, OpenAI, Google, Mistral, Groq, DeepSeek, Fireworks, Together AI, Ollama.
-
-### 2c. CLI Entry Point (`src/cli/index.ts`)
-
-1. **Commander.js** for command parsing.
-2. **`joone` (default command)**: Loads config → creates model → starts execution harness REPL.
-3. **`joone config`**: Interactive prompts (via `@inquirer/prompts`) for provider, model, API key (masked), streaming toggle.
-4. **`package.json` `"bin"` field**: Maps `joone` → `./dist/cli/index.js`.
-
-### 2d. Streaming Support
-
-1. **`ExecutionHarness.streamStep()`**: New method using `this.llm.stream(messages)`.
-2. **Text chunks**: Printed to `process.stdout` in real-time.
-3. **Tool call chunks**: Buffered until the full tool call JSON is received, then executed via the middleware pipeline.
-4. **Config flag**: `streaming: true` (default). Disable via `joone config` or `--no-stream` flag.
-
-### 2e. Security Tiers (Phased)
-
-1. **Tier 1 (Now)**: Plain `config.json` + `chmod 600` + masked input.
-2. **Tier 2 (Planned)**: OS Keychain via `keytar` — user selects during onboarding.
-3. **Tier 3 (Planned)**: AES-256 encrypted config with machine-derived key — user selects during onboarding.
-
-### TDD Test Plan (Vertical Slices)
-
-| #   | RED Test                                                                   | GREEN Implementation                 |
-| --- | -------------------------------------------------------------------------- | ------------------------------------ |
-| 1   | `loadConfig` returns defaults when no file exists                          | `loadConfig()` with default fallback |
-| 2   | `saveConfig` writes JSON and `loadConfig` reads it back                    | `saveConfig()` implementation        |
-| 3   | `loadConfig` falls back to env var if `apiKey` is missing                  | Env var fallback logic               |
-| 4   | `createModel` returns `ChatAnthropic` when provider is `"anthropic"`       | Factory Anthropic branch             |
-| 5   | `createModel` returns `ChatOpenAI` when provider is `"openai"`             | Factory OpenAI branch                |
-| 6   | `createModel` throws descriptive error if API key missing                  | Key validation                       |
-| 7   | `createModel` throws with install instructions if provider package missing | Dynamic import error handling        |
-| 8   | `streamStep` emits text chunks to provided callback                        | Stream handler implementation        |
-| 9   | `streamStep` buffers tool call JSON and returns complete `AIMessage`       | Tool call buffering                  |
-
----
-
-## Milestone 3: Hybrid Sandbox Integration
-
-**Goal:** Route all agent code execution through isolated E2B cloud microVMs while keeping file I/O on the host for real-time IDE visibility.
-
-### 3a. E2B Sandbox Lifecycle (`src/sandbox/manager.ts`)
-
-1. **Install E2B SDK**: Add `e2b` to dependencies.
-2. **`SandboxManager`**: Class that creates/destroys an E2B sandbox per session.
-3. **Timeout & Cleanup**: Auto-destroy sandbox after configurable idle timeout.
-
-### 3b. File Sync Layer (`src/sandbox/sync.ts`)
-
-1. **Change Tracker**: Track which host files have been modified since last sync using file mtimes or a dirty set.
-2. **`syncToSandbox()`**: Upload only changed files to `/workspace/` in the sandbox before each execution.
-3. **Initial Sync**: On session start, upload the full project directory.
-
-### 3c. Tool Router (`src/tools/router.ts`)
-
-1. **Host tools**: `write_file`, `read_file` → execute via Node.js `fs` on the host.
-2. **Sandbox tools**: `bash`, `run_tests`, `install_deps` → sync files, then execute via `sandbox.commands.run()`.
-3. **Automatic routing**: Tool router determines target based on tool type.
-
-### 3d. Rewire Existing Tools
-
-1. **`BashTool`**: Remove stub, connect to `sandbox.commands.run()`.
-2. **`ReadFileTool`**: Keep on host, add size guardrail.
-3. **`WriteFileTool`**: Keep on host, mark file as dirty for next sync.
-
-### TDD Test Plan
-
-| #   | Test                                             | Behavior          |
-| --- | ------------------------------------------------ | ----------------- |
-| 1   | `SandboxManager.create()` initializes a sandbox  | Session lifecycle |
-| 2   | `SandboxManager.destroy()` cleans up the sandbox | Teardown          |
-| 3   | `syncToSandbox()` uploads dirty files            | Change tracking   |
-| 4   | Tool router sends `write_file` to host           | Host routing      |
-| 5   | Tool router sends `bash` to sandbox              | Sandbox routing   |
-
----
-
-## Milestone 3.5: Security Scanning Tool
-
-**Goal:** Give the agent the ability to scan code for security vulnerabilities using the Gemini CLI Security Extension, with a native LLM-powered fallback.
-
-### 3.5a. SecurityScanTool (`src/tools/security.ts`)
-
-1. **Gemini CLI path** (preferred): Shell out to `gemini -x security:analyze` via sandbox.
-2. **Native LLM fallback**: Use the agent's configured LLM with a security-focused prompt to analyze code diffs.
-3. Accepts `target`: `"changes"` | `"file"` | `"deps"`, optional `path`.
-
-### 3.5b. DepScanTool (`src/tools/depScan.ts`)
-
-1. **OSV-Scanner**: Run `osv-scanner --json .` in sandbox, parse JSON results.
-2. **Fallback**: Run `npm audit --json` if OSV-Scanner is not installed.
-
-### 3.5c. Tool Registration
-
-1. Add both tools to `CORE_TOOLS` in `tools/index.ts`.
-2. Add `security_scan` and `dep_scan` to `SANDBOX_TOOLS` in `tools/router.ts`.
-3. Add security scan stubs to `DeferredToolsDB` in `tools/registry.ts`.
-
-### TDD Test Plan
-
-| #   | Test                                                      | Behavior    |
-| --- | --------------------------------------------------------- | ----------- |
-| 1   | SecurityScanTool returns report when Gemini CLI available | Shell path  |
-| 2   | SecurityScanTool falls back to LLM analysis               | Native path |
-| 3   | DepScanTool parses OSV-Scanner JSON output                | Dep scan    |
-| 4   | DepScanTool falls back to `npm audit`                     | Fallback    |
-| 5   | ToolRouter routes both to sandbox                         | Routing     |
-
-## Milestone 4: Harness Engineering & Middlewares
-
-**Goal:** Make the agent resilient. Stop it from breaking itself.
-
-1. **Middleware Pipeline Pattern**: Implement a generic pre/post execution hook system for tool calls.
-2. **Build `LoopDetectionMiddleware`**: Track hashes or signatures of tool calls. Throw errors/warnings when duplicated explicitly.
-3. **Build `SafeguardMiddleware`**: Prevent massive file reads.
-4. **Build `PreCompletionMiddleware`**: Intercept task completion and require proof of verification (e.g. running tests).
-
-## Milestone 5: Advanced Optimizations
-
-**Goal:** Scale the agent for complex workspaces and heavy memory.
-
-1. **Tool Lazy Loading**: Implement the "Tool Search" mechanism for dynamic capabilities.
-2. **Context Compaction**: Implement Cache-Safe Forking. When tokens hit 80% capacity, summarize earlier messages, retaining the static prefix format.
-3. **Reasoning Sandwich**: Implement dynamic logic routing. Allow the agent to use `high-reasoning` mode for planning, and drop to `medium-reasoning` for mechanical typing.
-
-## Milestone 5.5: Browser, Web Search & Skills
-
-**Goal:** Give the agent internet access, browser interaction, and extensible skill loading.
-
-### 5.5a. Browser Tool (`agent-browser`)
-
-- Wrap Vercel Labs' `agent-browser` CLI via sandbox shell calls
-- Commands: `navigate`, `snapshot` (accessibility tree), `click`, `type`, `screenshot`, `scroll`
-- Lazy-installed in dev, pre-baked in prod template
-
-### 5.5b. Web Search Tool (`@valyu/ai-sdk`)
-
-- AI-native search via Valyu API (runs on Host)
-- Sources: web, papers (arXiv/PubMed), finance, patents, SEC filings, companies
-- API key stored in config (`valyuApiKey`)
-
-### 5.5c. Skills System
-
-- Discovery paths: `./skills/`, `./.agents/skills/`, `~/.joone/skills/`, `~/.agents/skills/`
-- SKILL.md format: YAML frontmatter (name, description) + markdown instructions
-- Tools: `search_skills`, `load_skill` (injects into conversation as system-reminder)
-- Project skills override user skills with same name
-
-## Milestone 6: Tracing & Refinement
-
-**Goal:** Monitor performance and improve via feedback.
-
-1. **Integrate Tracing**: (LangSmith / LangFuse / OpenTelemetry) to track exact costs, cache hit rates, and execution paths.
-2. **Trace Analyzer Subagent**: Build the offline script that reads failed traces and outputs summaries for human harness engineers.
-
-## Milestone 7: Testing & Evaluations (TDD - Ongoing)
-
-**Goal:** Ensure the context boundaries, middlewares, and tools function flawlessly before production. This milestone runs **in parallel** with all others via TDD.
-
-1. ~~**Setup Vitest**~~
-2. **Unit Testing (Red-Green-Refactor)**:
-   - ~~`CacheOptimizedPromptBuilder` (5/5 GREEN)~~
-   - `ConfigManager`: loadConfig, saveConfig, env fallback
-   - `ModelFactory`: provider switching, error handling
-   - `MiddlewarePipeline`: Loop detection, pre-completion interception
-   - `SandboxLifecycleManager`: create/destroy lifecycle hooks
-3. **E2E Evaluations (Evals)**:
-   - Hook LangSmith datasets up to the `ExecutionHarness` to run regression tests against known code tasks.
-   - Measure **Cache Hit Rate** assertions (e.g., Assert CacheHit > 90% over a 10-turn conversation).

package/e2b/Dockerfile

@@ -1,26 +0,0 @@
-# joone-base: Pre-baked E2B sandbox template for production.
-# All security and development tools are pre-installed for zero startup cost.
-#
-# Build command:
-#   e2b template create --name joone-base --dockerfile ./e2b/Dockerfile
-#
-# Usage in config (~/.joone/config.json):
-#   { "sandboxTemplate": "joone-base" }
-
-FROM e2b/base
-
-# Install Node.js tooling
-RUN npm install -g @google/gemini-cli
-
-# Install Gemini CLI security extension
-RUN gemini extensions install https://github.com/gemini-cli-extensions/security
-
-# Install OSV-Scanner for dependency vulnerability scanning
-RUN curl -sSfL https://github.com/google/osv-scanner/releases/latest/download/osv-scanner_linux_amd64 \
-    -o /usr/local/bin/osv-scanner && \
-    chmod +x /usr/local/bin/osv-scanner
-
-# Verify installations
-RUN gemini --version && osv-scanner --version
-
-WORKDIR /workspace

package/src/__tests__/bootstrap.test.ts

@@ -1,111 +0,0 @@
-import { describe, it, expect, vi, beforeEach } from "vitest";
-import { LazyInstaller } from "../sandbox/bootstrap.js";
-import { SandboxManager } from "../sandbox/manager.js";
-
-// Mock SandboxManager
-const createMockSandbox = () => ({
-  exec: vi.fn(),
-  isActive: vi.fn().mockReturnValue(true),
-  create: vi.fn(),
-  destroy: vi.fn(),
-  uploadFile: vi.fn(),
-  getSandbox: vi.fn(),
-});
-
-describe("LazyInstaller", () => {
-  let mockSandbox: ReturnType<typeof createMockSandbox>;
-
-  beforeEach(() => {
-    vi.clearAllMocks();
-    mockSandbox = createMockSandbox();
-  });
-
-  // ─── Test #34: Custom template skips all installs ───
-
-  it("skips installation when using a custom template", async () => {
-    const installer = new LazyInstaller(true);
-
-    expect(installer.isGeminiCliReady()).toBe(true);
-    expect(installer.isOsvScannerReady()).toBe(true);
-
-    // Should not call exec at all
-    const result = await installer.ensureGeminiCli(
-      mockSandbox as unknown as SandboxManager
-    );
-    expect(result).toBe(true);
-    expect(mockSandbox.exec).not.toHaveBeenCalled();
-  });
-
-  // ─── Test #35: Dev mode installs Gemini CLI on first use ───
-
-  it("installs Gemini CLI on first call in dev mode", async () => {
-    const installer = new LazyInstaller(false);
-
-    // First check fails (not installed), then install succeeds, then extension succeeds
-    mockSandbox.exec
-      .mockRejectedValueOnce(new Error("not found")) // version check
-      .mockResolvedValueOnce({ exitCode: 0, stdout: "installed", stderr: "" }) // npm install
-      .mockResolvedValueOnce({ exitCode: 0, stdout: "ok", stderr: "" }); // extension install
-
-    const result = await installer.ensureGeminiCli(
-      mockSandbox as unknown as SandboxManager
-    );
-
-    expect(result).toBe(true);
-    expect(installer.isGeminiCliReady()).toBe(true);
-  });
-
-  // ─── Test #36: Caches install state — second call is a no-op ───
-
-  it("does not re-install on second call (cached)", async () => {
-    const installer = new LazyInstaller(false);
-
-    // First: fails check, succeeds install + extension
-    mockSandbox.exec
-      .mockRejectedValueOnce(new Error("not found"))
-      .mockResolvedValueOnce({ exitCode: 0, stdout: "", stderr: "" })
-      .mockResolvedValueOnce({ exitCode: 0, stdout: "", stderr: "" });
-
-    await installer.ensureGeminiCli(mockSandbox as unknown as SandboxManager);
-    mockSandbox.exec.mockClear();
-
-    // Second call — should return immediately
-    const result = await installer.ensureGeminiCli(
-      mockSandbox as unknown as SandboxManager
-    );
-    expect(result).toBe(true);
-    expect(mockSandbox.exec).not.toHaveBeenCalled();
-  });
-
-  // ─── Test #37: Returns false if install fails ───
-
-  it("returns false if Gemini CLI installation fails", async () => {
-    const installer = new LazyInstaller(false);
-
-    mockSandbox.exec
-      .mockRejectedValueOnce(new Error("not found")) // version check
-      .mockResolvedValueOnce({ exitCode: 1, stdout: "", stderr: "error" }); // install fails
-
-    const result = await installer.ensureGeminiCli(
-      mockSandbox as unknown as SandboxManager
-    );
-    expect(result).toBe(false);
-    expect(installer.isGeminiCliReady()).toBe(false);
-  });
-
-  // ─── Test #38: OSV-Scanner install attempt ───
-
-  it("installs OSV-Scanner via curl when not available", async () => {
-    const installer = new LazyInstaller(false);
-
-    mockSandbox.exec
-      .mockRejectedValueOnce(new Error("not found")) // version check
-      .mockResolvedValueOnce({ exitCode: 0, stdout: "", stderr: "" }); // curl install
-
-    const result = await installer.ensureOsvScanner(
-      mockSandbox as unknown as SandboxManager
-    );
-    expect(result).toBe(true);
-    expect(installer.isOsvScannerReady()).toBe(true);
-  });
-});

package/src/__tests__/config.test.ts

@@ -1,97 +0,0 @@
-import { describe, it, expect, beforeEach, afterEach } from "vitest";
-import * as fs from "node:fs";
-import * as path from "node:path";
-import * as os from "node:os";
-
-// We will import these once they exist — test-first.
-import { loadConfig, saveConfig, DEFAULT_CONFIG } from "../cli/config.js";
-
-describe("Config Manager", () => {
-  // Use a temp directory so we never touch the real ~/.joone
-  let tempDir: string;
-  let configPath: string;
-  let savedAnthropicKey: string | undefined;
-
-  beforeEach(() => {
-    tempDir = fs.mkdtempSync(path.join(os.tmpdir(), "joone-test-"));
-    configPath = path.join(tempDir, "config.json");
-    // Isolate from vitest.config.ts env vars
-    savedAnthropicKey = process.env.ANTHROPIC_API_KEY;
-    delete process.env.ANTHROPIC_API_KEY;
-  });
-
-  afterEach(() => {
-    fs.rmSync(tempDir, { recursive: true, force: true });
-    // Restore env var
-    if (savedAnthropicKey !== undefined) {
-      process.env.ANTHROPIC_API_KEY = savedAnthropicKey;
-    }
-  });
-
-  // ─── RED Test #1: loadConfig returns defaults when file doesn't exist ───
-
-  it("returns default config when config file does not exist", () => {
-    const config = loadConfig(configPath);
-
-    expect(config.provider).toBe("anthropic");
-    expect(config.model).toBe("claude-sonnet-4-20250514");
-    expect(config.apiKey).toBeUndefined();
-    expect(config.maxTokens).toBe(4096);
-    expect(config.temperature).toBe(0);
-    expect(config.streaming).toBe(true);
-  });
-
-  // ─── RED Test #2: saveConfig roundtrips with loadConfig ───
-
-  it("saves config to disk and loads it back correctly", () => {
-    const custom = {
-      ...DEFAULT_CONFIG,
-      provider: "openai",
-      model: "gpt-4o",
-      apiKey: "sk-test-key-123",
-      streaming: false,
-    };
-
-    saveConfig(configPath, custom);
-
-    // File should exist now
-    expect(fs.existsSync(configPath)).toBe(true);
-
-    // Load it back — should match what was saved
-    const loaded = loadConfig(configPath);
-    expect(loaded.provider).toBe("openai");
-    expect(loaded.model).toBe("gpt-4o");
-    expect(loaded.apiKey).toBe("sk-test-key-123");
-    expect(loaded.streaming).toBe(false);
-    // Fields we didn't override should keep defaults
-    expect(loaded.maxTokens).toBe(4096);
-    expect(loaded.temperature).toBe(0);
-  });
-
-  // ─── RED Test #3: loadConfig uses env var fallback for API key ───
-
-  it("falls back to ANTHROPIC_API_KEY env var when apiKey is missing from config", () => {
-    // Save a config WITHOUT an apiKey
-    const noKeyConfig = {
-      ...DEFAULT_CONFIG,
-      provider: "anthropic",
-    };
-    saveConfig(configPath, noKeyConfig);
-
-    // Set the env var
-    const originalEnv = process.env.ANTHROPIC_API_KEY;
-    process.env.ANTHROPIC_API_KEY = "sk-ant-from-env";
-
-    try {
-      const config = loadConfig(configPath);
-      expect(config.apiKey).toBe("sk-ant-from-env");
-    } finally {
-      // Restore env
-      if (originalEnv === undefined) {
-        delete process.env.ANTHROPIC_API_KEY;
-      } else {
-        process.env.ANTHROPIC_API_KEY = originalEnv;
-      }
-    }
-  });
-});

package/src/__tests__/m55.test.ts

@@ -1,238 +0,0 @@
-import { describe, it, expect, vi, beforeEach, afterEach } from "vitest";
-import * as fs from "node:fs";
-import * as path from "node:path";
-import * as os from "node:os";
-import { BrowserTool } from "../tools/browser.js";
-import { WebSearchTool, bindValyuApiKey } from "../tools/webSearch.js";
-import { SkillLoader } from "../skills/loader.js";
-import {
-  SearchSkillsTool,
-  LoadSkillTool,
-  bindSkillLoader,
-} from "../skills/tools.js";
-import { ToolRouter, ToolTarget } from "../tools/router.js";
-
-// ═══════════════════════════════════════════════════════════════════════════════
-// 5.5a: Browser Tool
-// ═══════════════════════════════════════════════════════════════════════════════
-
-describe("BrowserTool", () => {
-  // ─── Test #70: Builds navigate command ───
-
-  it("has the correct schema with all supported actions", () => {
-    expect(BrowserTool.name).toBe("browser");
-    expect(BrowserTool.schema.properties.action.enum).toContain("navigate");
-    expect(BrowserTool.schema.properties.action.enum).toContain("snapshot");
-    expect(BrowserTool.schema.properties.action.enum).toContain("click");
-    expect(BrowserTool.schema.properties.action.enum).toContain("type");
-    expect(BrowserTool.schema.properties.action.enum).toContain("screenshot");
-    expect(BrowserTool.schema.properties.action.enum).toContain("scroll");
-  });
-
-  // ─── Test #71: Rejects without sandbox ───
-
-  it("throws when sandbox is not active", async () => {
-    const result = await BrowserTool.execute({ action: "navigate", url: "https://example.com" });
-    expect(result.isError).toBe(true);
-    expect(result.content).toMatch(/sandbox/i);
-  });
-});
-
-// ═══════════════════════════════════════════════════════════════════════════════
-// 5.5b: Web Search Tool
-// ═══════════════════════════════════════════════════════════════════════════════
-
-describe("WebSearchTool", () => {
-  // ─── Test #72: Returns error if no API key ───
-
-  it("returns error when API key is not configured", async () => {
-    bindValyuApiKey(undefined);
-    const result = await WebSearchTool.execute({ query: "test" });
-
-    expect(result.content).toMatch(/api key not configured/i);
-  });
-
-  // ─── Test #73: Schema includes all sources ───
-
-  it("schema includes all search sources", () => {
-    const sources = WebSearchTool.schema.properties.source.enum;
-
-    expect(sources).toContain("web");
-    expect(sources).toContain("papers");
-    expect(sources).toContain("finance");
-    expect(sources).toContain("patents");
-    expect(sources).toContain("sec");
-    expect(sources).toContain("companies");
-  });
-});
-
-// ═══════════════════════════════════════════════════════════════════════════════
-// 5.5c: Skills System
-// ═══════════════════════════════════════════════════════════════════════════════
-
-describe("SkillLoader", () => {
-  let tmpDir: string;
-
-  beforeEach(() => {
-    tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), "joone-skills-test-"));
-  });
-
-  afterEach(() => {
-    fs.rmSync(tmpDir, { recursive: true, force: true });
-  });
-
-  const createSkill = (
-    dir: string,
-    name: string,
-    content: string
-  ): void => {
-    const skillDir = path.join(dir, name);
-    fs.mkdirSync(skillDir, { recursive: true });
-    fs.writeFileSync(path.join(skillDir, "SKILL.md"), content);
-  };
-
-  // ─── Test #74: Discovers skills from project root ───
-
-  it("discovers skills from a directory", () => {
-    const skillsDir = path.join(tmpDir, "skills");
-    createSkill(
-      skillsDir,
-      "deploy",
-      "---\nname: deploy\ndescription: Deploy to Vercel\n---\n## Steps\n1. Run vercel deploy"
-    );
-
-    const loader = new SkillLoader(tmpDir);
-    const skills = loader.discoverSkills();
-
-    expect(skills.length).toBeGreaterThanOrEqual(1);
-    const deploy = skills.find((s) => s.name === "deploy");
-    expect(deploy).toBeDefined();
-    expect(deploy!.description).toBe("Deploy to Vercel");
-    expect(deploy!.source).toBe("project");
-  });
-
-  // ─── Test #75: Parses YAML frontmatter ───
-
-  it("parses YAML frontmatter correctly", () => {
-    const loader = new SkillLoader(tmpDir);
-    const result = loader.parseFrontmatter(
-      "---\nname: test-skill\ndescription: A test skill\n---\n# Instructions"
-    );
-
-    expect(result.name).toBe("test-skill");
-    expect(result.description).toBe("A test skill");
-  });
-
-  // ─── Test #76: Project skills override user skills with same name ───
-
-  it("project skills override user-level skills with the same name", () => {
-    // Create user-level skill in the mocked home directory (tmpDir)
-    const userSkillsDir = path.join(tmpDir, ".joone", "skills");
-    createSkill(
-      userSkillsDir,
-      "deploy",
-      "---\nname: deploy\ndescription: User deploy\n---\n"
-    );
-
-    // Create project-level skill
-    const projectSkillsDir = path.join(tmpDir, "skills");
-    createSkill(
-      projectSkillsDir,
-      "deploy",
-      "---\nname: deploy\ndescription: Project deploy\n---\n"
-    );
-
-    // Pass tmpDir as both projectRoot and userHome
-    const loader = new SkillLoader(tmpDir, tmpDir);
-    const skills = loader.discoverSkills();
-
-    const deploy = skills.find((s) => s.name === "deploy");
-    expect(deploy).toBeDefined();
-    expect(deploy!.source).toBe("project");
-    expect(deploy!.description).toBe("Project deploy");
-
-    // Ensure we only discovered one deploy skill
-    const deployCount = skills.filter((s) => s.name === "deploy").length;
-    expect(deployCount).toBe(1);
-  });
-
-  // ─── Test #77: loadSkill reads full content ───
-
-  it("loads the full content of a skill", () => {
-    const skillsDir = path.join(tmpDir, "skills");
-    const content =
-      "---\nname: tdd\ndescription: Test-driven development\n---\n## Red-Green-Refactor\n1. Write failing test";
-    createSkill(skillsDir, "tdd", content);
-
-    const loader = new SkillLoader(tmpDir);
-    const loaded = loader.loadSkill("tdd");
-
-    expect(loaded).toBe(content);
-  });
-});
-
-describe("Skills Tools", () => {
-  let tmpDir: string;
-
-  beforeEach(() => {
-    tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), "joone-skills-tools-test-"));
-
-    const skillsDir = path.join(tmpDir, "skills");
-    const skillDir = path.join(skillsDir, "deploy");
-    fs.mkdirSync(skillDir, { recursive: true });
-    fs.writeFileSync(
-      path.join(skillDir, "SKILL.md"),
-      "---\nname: deploy\ndescription: Deploy to production\n---\n## Steps"
-    );
-
-    bindSkillLoader(new SkillLoader(tmpDir));
-  });
-
-  afterEach(() => {
-    fs.rmSync(tmpDir, { recursive: true, force: true });
-  });
-
-  // ─── Test #78: search_skills returns matching skills ───
-
-  it("search_skills finds matching skills", async () => {
-    const result = await SearchSkillsTool.execute({ query: "deploy" });
-
-    expect(result.content).toContain("deploy");
-    expect(result.content).toContain("production");
-  });
-
-  // ─── Test #79: load_skill reads full content ───
-
-  it("load_skill returns the full SKILL.md content", async () => {
-    const result = await LoadSkillTool.execute({ name: "deploy" });
-
-    expect(result.content).toContain("## Steps");
-  });
-});
-
-// ═══════════════════════════════════════════════════════════════════════════════
-// Routing
-// ═══════════════════════════════════════════════════════════════════════════════
-
-describe("ToolRouter (M5.5 additions)", () => {
-  const router = new ToolRouter();
-
-  // ─── Test #80: Browser routes to sandbox ───
-
-  it("routes browser to sandbox", () => {
-    expect(router.getTarget("browser")).toBe(ToolTarget.SANDBOX);
-  });
-
-  // ─── Test #81: web_search routes to host ───
-
-  it("routes web_search to host", () => {
-    expect(router.getTarget("web_search")).toBe(ToolTarget.HOST);
-  });
-
-  // ─── Test #82: skills tools route to host ───
-
-  it("routes search_skills and load_skill to host", () => {
-    expect(router.getTarget("search_skills")).toBe(ToolTarget.HOST);
-    expect(router.getTarget("load_skill")).toBe(ToolTarget.HOST);
-  });
-});