mcpick 0.0.22 → 0.0.24

package/dist/index.js

@@ -1,16 +1,311 @@
 #!/usr/bin/env node
-import { _ as get_profiles_dir, c as get_disabled_hooks_path, f as get_marketplaces_dir, g as get_profile_path, i as get_claude_config_path, m as get_plugin_backup_filename, n as get_backup_filename, p as get_mcpick_dir, r as get_backups_dir, t as ensure_directory_exists, y as get_server_registry_path } from "./paths-6wrIM8yh.js";
-import { r as validate_server_registry, t as validate_claude_config } from "./validation-qWlF51fw.js";
-import { a as get_enabled_servers, c as write_claude_config, n as create_config_from_servers, o as get_enabled_servers_for_scope, s as read_claude_config } from "./config-BhX4eAgg.js";
-import { a as read_claude_settings, i as get_all_plugins, n as build_enabled_plugins, r as get_all_hooks, s as write_claude_settings } from "./settings-CZR8bVfh.js";
-import { a as redact_url, i as redact_text } from "./redact-Dltz2gde.js";
-import { d as refresh_all_marketplaces, l as read_known_marketplaces, n as clear_plugin_caches, r as get_cached_plugins_info, t as clean_orphaned_versions, u as read_marketplace_manifest } from "./plugin-cache-DKcW8LGV.js";
+import { _ as get_profiles_dir, a as get_claude_settings_path, c as get_disabled_hooks_path, f as get_marketplaces_dir, g as get_profile_path, i as get_claude_config_path, m as get_plugin_backup_filename, n as get_backup_filename, p as get_mcpick_dir, r as get_backups_dir, t as ensure_directory_exists, y as get_server_registry_path } from "./paths-BPISiJi4.js";
+import { r as validate_server_registry, t as validate_claude_config } from "./validation-xMlbgGCF.js";
+import { a as get_enabled_servers, c as write_claude_config, n as create_config_from_servers, o as get_enabled_servers_for_scope, s as read_claude_config } from "./config-DE58Fik_.js";
+import { a as redact_url, i as redact_text, o as redact_value } from "./redact-wBMtzbno.js";
+import { d as refresh_all_marketplaces, l as read_known_marketplaces, n as clear_plugin_caches, r as get_cached_plugins_info, t as clean_orphaned_versions, u as read_marketplace_manifest } from "./plugin-cache-DmLbh89d.js";
 import { cancel, confirm, intro, isCancel, log, multiselect, note, outro, select, text } from "@clack/prompts";
-import { access, mkdir, readFile, readdir, rename, unlink, writeFile } from "node:fs/promises";
-import { dirname, join } from "node:path";
+import { access, mkdir, readFile, readdir, rename, rm, unlink, writeFile } from "node:fs/promises";
+import { basename, dirname, join, resolve } from "node:path";
+import { createHash, randomUUID } from "node:crypto";
 import { homedir } from "node:os";
 import { execFile } from "node:child_process";
 import { promisify } from "node:util";
+//#region src/utils/safe-apply.ts
+async function file_exists$1(path) {
+	try {
+		await access(path);
+		return true;
+	} catch {
+		return false;
+	}
+}
+function backup_name(path) {
+	const stamp = (/* @__PURE__ */ new Date()).toISOString().replace(/[-:]/g, "").replace(/\.\d{3}Z$/, "Z");
+	const hash = createHash("sha256").update(path).digest("hex").slice(0, 10);
+	return `config-${basename(path).replace(/[^A-Za-z0-9._-]/g, "_")}-${stamp}-${hash}.json`;
+}
+async function create_backup(path, content) {
+	const backups_dir = get_backups_dir();
+	await ensure_directory_exists(backups_dir);
+	const backup_path = join(backups_dir, backup_name(path));
+	await writeFile(backup_path, content, "utf-8");
+	await writeFile(`${backup_path}.meta.json`, JSON.stringify({
+		original_path: path,
+		created_at: (/* @__PURE__ */ new Date()).toISOString()
+	}, null, 2), "utf-8");
+	return backup_path;
+}
+/**
+* Safely replace a JSON file: backup existing content, write via temp+rename,
+* verify the result parses, and restore the original content on failure.
+*/
+async function safe_json_write(path, data, indent = 2) {
+	await mkdir(dirname(path), { recursive: true });
+	const original_content = await file_exists$1(path) ? await readFile(path, "utf-8") : void 0;
+	const backup_path = original_content !== void 0 ? await create_backup(path, original_content) : void 0;
+	const tmp_path = join(dirname(path), `.${basename(path)}.${process.pid}.${Date.now()}.${randomUUID()}.tmp`);
+	const next_content = JSON.stringify(data, null, indent);
+	try {
+		await writeFile(tmp_path, next_content, "utf-8");
+		await rename(tmp_path, path);
+		const written = await readFile(path, "utf-8");
+		JSON.parse(written);
+		return {
+			path,
+			...backup_path ? { backup_path } : {}
+		};
+	} catch (error) {
+		await rm(tmp_path, { force: true }).catch(() => void 0);
+		if (original_content !== void 0) await writeFile(path, original_content, "utf-8");
+		else await rm(path, { force: true }).catch(() => void 0);
+		throw error;
+	}
+}
+async function list_config_backups() {
+	const backups_dir = get_backups_dir();
+	try {
+		const files = await readdir(backups_dir);
+		const backups = [];
+		for (const file of files) {
+			if (!file.startsWith("config-") || !file.endsWith(".json")) continue;
+			if (file.endsWith(".meta.json")) continue;
+			const backup_path = join(backups_dir, file);
+			try {
+				const meta = JSON.parse(await readFile(`${backup_path}.meta.json`, "utf-8"));
+				if (typeof meta.original_path !== "string" || typeof meta.created_at !== "string") continue;
+				backups.push({
+					path: backup_path,
+					original_path: meta.original_path,
+					created_at: meta.created_at
+				});
+			} catch {}
+		}
+		return backups.sort((a, b) => b.created_at.localeCompare(a.created_at));
+	} catch {
+		return [];
+	}
+}
+async function restore_config_backup(backup_path) {
+	const backup = (await list_config_backups()).find((candidate) => candidate.path === backup_path || basename(candidate.path) === backup_path);
+	if (!backup) throw new Error(`Config backup '${backup_path}' not found.`);
+	const content = await readFile(backup.path, "utf-8");
+	const parsed = JSON.parse(content);
+	await safe_json_write(backup.original_path, parsed);
+	return backup;
+}
+//#endregion
+//#region src/utils/atomic-write.ts
+/**
+* Atomically write a JSON file with fresh-read merging.
+*
+* 1. Re-reads the file right before writing to pick up concurrent changes
+* 2. Applies the merge function to the freshest data
+* 3. Writes to a temp file, then renames (atomic on same filesystem)
+*/
+async function atomic_json_write(file_path, merge) {
+	let existing = {};
+	try {
+		const content = await readFile(file_path, "utf-8");
+		existing = JSON.parse(content);
+	} catch {}
+	await safe_json_write(file_path, merge(existing), 2);
+}
+//#endregion
+//#region src/core/settings.ts
+async function read_claude_settings() {
+	const settings_path = get_claude_settings_path();
+	try {
+		await access(settings_path);
+		const content = await readFile(settings_path, "utf-8");
+		return JSON.parse(content);
+	} catch (error) {
+		if (error instanceof Error && "code" in error && error.code === "ENOENT") return {};
+		throw error;
+	}
+}
+async function write_claude_settings(updates) {
+	await atomic_json_write(get_claude_settings_path(), (existing) => {
+		for (const [key, value] of Object.entries(updates)) existing[key] = value;
+		return existing;
+	});
+}
+/**
+* Parse enabledPlugins into structured list.
+* Keys are in format "plugin-name@marketplace-name"
+*/
+function get_all_plugins(settings) {
+	const enabled_plugins = settings.enabledPlugins || {};
+	return Object.entries(enabled_plugins).map(([key, enabled]) => {
+		const at_index = key.lastIndexOf("@");
+		return {
+			name: at_index > 0 ? key.substring(0, at_index) : key,
+			marketplace: at_index > 0 ? key.substring(at_index + 1) : "unknown",
+			enabled
+		};
+	});
+}
+/**
+* Build the enabledPlugins record from a list of PluginInfo
+*/
+function build_enabled_plugins(plugins) {
+	const result = {};
+	for (const plugin of plugins) {
+		const key = `${plugin.name}@${plugin.marketplace}`;
+		result[key] = plugin.enabled;
+	}
+	return result;
+}
+async function read_settings_file(path) {
+	try {
+		await access(path);
+		const content = await readFile(path, "utf-8");
+		return JSON.parse(content);
+	} catch {
+		return {};
+	}
+}
+function get_settings_paths() {
+	return [
+		{
+			scope: "user",
+			path: resolve(process.env.HOME || process.env.USERPROFILE || "", ".claude", "settings.json")
+		},
+		{
+			scope: "project",
+			path: resolve(process.cwd(), ".claude", "settings.json")
+		},
+		{
+			scope: "project-local",
+			path: resolve(process.cwd(), ".claude", "settings.local.json")
+		}
+	];
+}
+/**
+* Read all hooks across all scopes (settings + plugins), flattened for display.
+*/
+async function get_all_hooks() {
+	const entries = [];
+	for (const { scope, path } of get_settings_paths()) {
+		const hooks = (await read_settings_file(path)).hooks;
+		if (!hooks) continue;
+		for (const [event, matchers] of Object.entries(hooks)) {
+			if (!Array.isArray(matchers)) continue;
+			for (let mi = 0; mi < matchers.length; mi++) {
+				const m = matchers[mi];
+				if (!m.hooks?.length) continue;
+				for (let hi = 0; hi < m.hooks.length; hi++) entries.push({
+					event,
+					matcher: m.matcher,
+					handler: m.hooks[hi],
+					scope,
+					source: scope,
+					matcher_index: mi,
+					hook_index: hi
+				});
+			}
+		}
+	}
+	const plugin_hooks = await get_all_plugin_hooks();
+	entries.push(...plugin_hooks);
+	return entries;
+}
+/**
+* Scan all installed plugins for hooks.json and return flattened hook entries.
+* Checks both cache and marketplace source paths since Claude Code reads from both.
+*/
+async function get_all_plugin_hooks() {
+	const { read_installed_plugins } = await import("./plugin-cache-DmLbh89d.js").then((n) => n.s);
+	const { get_marketplaces_dir } = await import("./paths-BPISiJi4.js").then((n) => n.b);
+	const installed = await read_installed_plugins();
+	const entries = [];
+	const seen_hooks = /* @__PURE__ */ new Set();
+	for (const [plugin_key, installs] of Object.entries(installed.plugins)) {
+		if (!installs?.length) continue;
+		const install = installs[0];
+		const at_index = plugin_key.lastIndexOf("@");
+		const plugin_name = at_index > 0 ? plugin_key.substring(0, at_index) : plugin_key;
+		const marketplace_name = at_index > 0 ? plugin_key.substring(at_index + 1) : "";
+		const hooks_paths = [join(install.installPath, "hooks", "hooks.json")];
+		if (marketplace_name) hooks_paths.push(join(get_marketplaces_dir(), marketplace_name, "plugins", plugin_name, "hooks", "hooks.json"));
+		for (const hooks_path of hooks_paths) {
+			let hooks_data;
+			try {
+				const content = await readFile(hooks_path, "utf-8");
+				hooks_data = JSON.parse(content);
+			} catch {
+				continue;
+			}
+			const hooks = hooks_data.hooks || hooks_data;
+			for (const [event, matchers] of Object.entries(hooks)) {
+				if (!Array.isArray(matchers)) continue;
+				for (let mi = 0; mi < matchers.length; mi++) {
+					const m = matchers[mi];
+					if (!m.hooks?.length) continue;
+					for (let hi = 0; hi < m.hooks.length; hi++) {
+						const h = m.hooks[hi];
+						const dedup_key = `${plugin_key}:${event}:${h.type}:${h.command || h.url || h.prompt}`;
+						if (seen_hooks.has(dedup_key)) continue;
+						seen_hooks.add(dedup_key);
+						entries.push({
+							event,
+							matcher: m.matcher,
+							handler: h,
+							scope: "user",
+							source: "plugin",
+							matcher_index: mi,
+							hook_index: hi,
+							plugin_key,
+							hooks_json_path: hooks_path
+						});
+					}
+				}
+			}
+		}
+	}
+	return entries;
+}
+/**
+* Remove a specific hook entry by scope/event/indices.
+*/
+async function remove_hook(entry) {
+	const scope_path = get_settings_paths().find((s) => s.scope === entry.scope);
+	if (!scope_path) throw new Error(`Unknown scope: ${entry.scope}`);
+	await atomic_json_write(scope_path.path, (existing) => {
+		const hooks = existing.hooks;
+		if (!hooks) return existing;
+		const matchers = hooks[entry.event];
+		if (!matchers?.[entry.matcher_index]) return existing;
+		const matcher = matchers[entry.matcher_index];
+		matcher.hooks.splice(entry.hook_index, 1);
+		if (matcher.hooks.length === 0) matchers.splice(entry.matcher_index, 1);
+		if (matchers.length === 0) delete hooks[entry.event];
+		if (Object.keys(hooks).length === 0) delete existing.hooks;
+		return existing;
+	});
+}
+/**
+* Add a hook to a specific scope.
+*/
+async function add_hook(scope, event, matcher, handler) {
+	const scope_path = get_settings_paths().find((s) => s.scope === scope);
+	if (!scope_path) throw new Error(`Unknown scope: ${scope}`);
+	await atomic_json_write(scope_path.path, (existing) => {
+		if (!existing.hooks) existing.hooks = {};
+		const hooks = existing.hooks;
+		if (!hooks[event]) hooks[event] = [];
+		const matchers = hooks[event];
+		const existing_matcher = matchers.find((m) => (m.matcher || void 0) === matcher);
+		if (existing_matcher) existing_matcher.hooks.push(handler);
+		else {
+			const new_matcher = { hooks: [handler] };
+			if (matcher) new_matcher.matcher = matcher;
+			matchers.push(new_matcher);
+		}
+		return existing;
+	});
+}
+//#endregion
 //#region src/commands/backup.ts
 const MAX_BACKUPS = 10;
 async function backup_config() {
@@ -49,6 +344,43 @@ async function cleanup_old_backups(prefix) {
 	} catch {}
 }
 //#endregion
+//#region src/utils/config-preview.ts
+function build_json_change_preview(input) {
+	const before = redact_value(input.before);
+	const after = redact_value(input.after);
+	return {
+		dryRun: true,
+		operation: input.operation,
+		client: input.client,
+		scope: input.scope,
+		location: input.location,
+		before,
+		after,
+		diff: create_json_diff(before, after)
+	};
+}
+function build_command_preview(input) {
+	return {
+		dryRun: true,
+		operation: input.operation,
+		client: input.client,
+		scope: input.scope,
+		location: input.location,
+		command: input.command.map((part) => redact_text(part))
+	};
+}
+function create_json_diff(before, after) {
+	const before_lines = JSON.stringify(before, null, 2).split("\n");
+	const after_lines = JSON.stringify(after, null, 2).split("\n");
+	if (before_lines.join("\n") === after_lines.join("\n")) return "";
+	return [
+		"--- before",
+		"+++ after",
+		...before_lines.map((line) => `- ${line}`),
+		...after_lines.map((line) => `+ ${line}`)
+	].join("\n");
+}
+//#endregion
 //#region src/core/client-config.ts
 const client_options_to_skip = new Set([
 	"name",
@@ -82,10 +414,7 @@ async function read_json_file(path) {
 	}
 }
 async function write_json_file(path, data) {
-	await mkdir(dirname(path), { recursive: true });
-	const tmp_path = join(dirname(path), `.${Date.now()}.tmp`);
-	await writeFile(tmp_path, JSON.stringify(data, null, 2), "utf-8");
-	await rename(tmp_path, path);
+	await safe_json_write(path, data, 2);
 }
 function parse_json_or_jsonc(content) {
 	try {
@@ -194,8 +523,8 @@ function infer_transport(config) {
 function normalize_mcp_server(name, config) {
 	const transport = infer_transport(config);
 	const url = typeof config.httpUrl === "string" ? config.httpUrl : typeof config.serverUrl === "string" ? config.serverUrl : typeof config.url === "string" ? config.url : void 0;
-	const clientOptions = {};
-	for (const [key, value] of Object.entries(config)) if (!client_options_to_skip.has(key)) clientOptions[key] = value;
+	const client_options = {};
+	for (const [key, value] of Object.entries(config)) if (!client_options_to_skip.has(key)) client_options[key] = value;
 	const command_array = string_array(config.command);
 	const command = typeof config.command === "string" ? config.command : command_array?.[0];
 	const args = string_array(config.args) ?? command_array?.slice(1);
@@ -211,7 +540,7 @@ function normalize_mcp_server(name, config) {
 		...string_record(config.headers) ? { headers: string_record(config.headers) } : {},
 		...typeof config.description === "string" ? { description: config.description } : {},
 		...typeof disabled === "boolean" ? { disabled } : {},
-		...Object.keys(clientOptions).length > 0 ? { clientOptions } : {}
+		...Object.keys(client_options).length > 0 ? { client_options } : {}
 	};
 }
 function get_server_record(data, key) {
@@ -233,7 +562,32 @@ function set_server_enabled(config, enabled, mode) {
 	}
 	config.disabled = !enabled;
 }
+function portable_to_json(server, mode) {
+	const result = { ...server.client_options };
+	if (server.transport !== "stdio") result.type = server.transport;
+	if (server.command) result.command = server.command;
+	if (server.args && server.args.length > 0) result.args = server.args;
+	if (server.url) result.url = server.url;
+	if (server.env) result.env = server.env;
+	if (server.headers) result.headers = server.headers;
+	if (server.description) result.description = server.description;
+	if (typeof server.disabled === "boolean") set_server_enabled(result, !server.disabled, mode);
+	return result;
+}
 function create_json_adapter(options) {
+	async function read_data(location) {
+		return await read_json_file(location.path) ?? {};
+	}
+	function preview(location, operation, before, after) {
+		return build_json_change_preview({
+			operation,
+			client: options.id,
+			scope: location.scope,
+			location: location.path,
+			before,
+			after
+		});
+	}
 	return {
 		id: options.id,
 		label: options.label,
@@ -247,13 +601,67 @@ function create_json_adapter(options) {
 		async readLocation(location) {
 			return read_server_map(await read_json_file(location.path), options.serverKey);
 		},
-		async writeEnabled(location, enabledNames) {
-			const data = await read_json_file(location.path) ?? {};
+		async writeEnabled(location, enabled_names) {
+			const data = await read_data(location);
 			const servers = get_server_record(data, options.serverKey);
-			const enabled = new Set(enabledNames);
+			const enabled = new Set(enabled_names);
 			for (const [name, config] of Object.entries(servers)) set_server_enabled(config, enabled.has(name), options.disabledMode ?? "disabled");
 			data[options.serverKey] = servers;
 			await write_json_file(location.path, data);
+		},
+		async previewEnabled(location, enabled_names) {
+			const before = await read_data(location);
+			const after = structuredClone(before);
+			const servers = get_server_record(after, options.serverKey);
+			const enabled = new Set(enabled_names);
+			for (const [name, config] of Object.entries(servers)) set_server_enabled(config, enabled.has(name), options.disabledMode ?? "disabled");
+			after[options.serverKey] = servers;
+			return preview(location, "set-enabled", before, after);
+		},
+		async write_server(location, server) {
+			const data = await read_data(location);
+			const servers = get_server_record(data, options.serverKey);
+			servers[server.name] = portable_to_json(server, options.disabledMode ?? "disabled");
+			data[options.serverKey] = servers;
+			await write_json_file(location.path, data);
+		},
+		async preview_write_server(location, server) {
+			const before = await read_data(location);
+			const after = structuredClone(before);
+			const servers = get_server_record(after, options.serverKey);
+			servers[server.name] = portable_to_json(server, options.disabledMode ?? "disabled");
+			after[options.serverKey] = servers;
+			return preview(location, "add-server", before, after);
+		},
+		async write_server_config(location, name, config) {
+			const data = await read_data(location);
+			const servers = get_server_record(data, options.serverKey);
+			servers[name] = config;
+			data[options.serverKey] = servers;
+			await write_json_file(location.path, data);
+		},
+		async preview_write_server_config(location, name, config) {
+			const before = await read_data(location);
+			const after = structuredClone(before);
+			const servers = get_server_record(after, options.serverKey);
+			servers[name] = config;
+			after[options.serverKey] = servers;
+			return preview(location, "add-json", before, after);
+		},
+		async remove_server(location, name) {
+			const data = await read_data(location);
+			const servers = get_server_record(data, options.serverKey);
+			delete servers[name];
+			data[options.serverKey] = servers;
+			await write_json_file(location.path, data);
+		},
+		async preview_remove_server(location, name) {
+			const before = await read_data(location);
+			const after = structuredClone(before);
+			const servers = get_server_record(after, options.serverKey);
+			delete servers[name];
+			after[options.serverKey] = servers;
+			return preview(location, "remove-server", before, after);
 		}
 	};
 }
@@ -392,6 +800,63 @@ const client_adapters = [
 function get_client_adapter(id) {
 	return client_adapters.find((adapter) => adapter.id === id) ?? null;
 }
+function resolve_client_location(adapter, scope, path) {
+	let locations = adapter.locations();
+	if (path) locations = locations.filter((location) => location.path === path);
+	else if (scope) locations = locations.filter((location) => location.scope === scope);
+	if (locations.length === 1) return locations[0];
+	if (locations.length === 0) throw new Error(`No ${adapter.label} config location matches${scope ? ` scope '${scope}'` : ""}${path ? ` path '${path}'` : ""}.`);
+	throw new Error(`${adapter.label} has multiple matching config locations. Pass --location with one of: ${locations.map((location) => location.path).join(", ")}`);
+}
+async function add_client_server(adapter, location, server) {
+	if (!adapter.write_server) throw new Error(`${adapter.label} support cannot add servers yet.`);
+	await adapter.write_server(location, server);
+}
+async function preview_add_client_server(adapter, location, server) {
+	if (!adapter.preview_write_server) throw new Error(`${adapter.label} support cannot preview server additions yet.`);
+	return adapter.preview_write_server(location, server);
+}
+async function add_client_server_config(adapter, location, name, config) {
+	if (!adapter.write_server_config) throw new Error(`${adapter.label} support cannot add servers yet.`);
+	await adapter.write_server_config(location, name, config);
+}
+async function preview_add_client_server_config(adapter, location, name, config) {
+	if (!adapter.preview_write_server_config) throw new Error(`${adapter.label} support cannot preview server additions yet.`);
+	return adapter.preview_write_server_config(location, name, config);
+}
+async function remove_client_server(adapter, location, server_name) {
+	if (!adapter.remove_server) throw new Error(`${adapter.label} support cannot remove servers yet.`);
+	await adapter.remove_server(location, server_name);
+}
+async function preview_remove_client_server(adapter, location, server_name) {
+	if (!adapter.preview_remove_server) throw new Error(`${adapter.label} support cannot preview server removals yet.`);
+	return adapter.preview_remove_server(location, server_name);
+}
+function assert_enabled_server_names(location, servers, enabled_names) {
+	const known_names = new Set(servers.map((server) => server.name));
+	const unknown_names = enabled_names.filter((name) => !known_names.has(name));
+	if (unknown_names.length > 0) throw new Error(`Server '${unknown_names[0]}' not found at ${location.path}.`);
+}
+async function set_client_enabled_servers(adapter, location, enabled_names) {
+	if (!adapter.writeEnabled) throw new Error(`${adapter.label} support is read-only.`);
+	assert_enabled_server_names(location, await adapter.readLocation(location), enabled_names);
+	await adapter.writeEnabled(location, enabled_names);
+	return enabled_names.length;
+}
+async function preview_set_client_enabled_servers(adapter, location, enabled_names) {
+	if (!adapter.previewEnabled) throw new Error(`${adapter.label} support cannot preview toggles yet.`);
+	assert_enabled_server_names(location, await adapter.readLocation(location), enabled_names);
+	return adapter.previewEnabled(location, enabled_names);
+}
+async function set_client_server_enabled(adapter, location, server_name, enabled) {
+	const servers = await adapter.readLocation(location);
+	const server = servers.find((candidate) => candidate.name === server_name);
+	if (!server) throw new Error(`Server '${server_name}' not found at ${location.path}.`);
+	const enabled_names = new Set(servers.filter((candidate) => candidate.disabled !== true).map((candidate) => candidate.name));
+	if (enabled) enabled_names.add(server.name);
+	else enabled_names.delete(server.name);
+	return set_client_enabled_servers(adapter, location, [...enabled_names]);
+}
 async function list_client_locations() {
 	return await Promise.all(client_adapters.flatMap((adapter) => adapter.locations().map(async (location) => ({
 		client: adapter.id,
@@ -421,7 +886,7 @@ async function read_server_registry() {
 async function write_server_registry(registry) {
 	const registry_path = get_server_registry_path();
 	await ensure_directory_exists(get_mcpick_dir());
-	await writeFile(registry_path, JSON.stringify(registry, null, 2), "utf-8");
+	await atomic_json_write(registry_path, () => registry);
 }
 async function add_server_to_registry(server) {
 	const registry = await read_server_registry();
@@ -431,7 +896,7 @@ async function add_server_to_registry(server) {
 	await write_server_registry(registry);
 }
 async function get_all_available_servers() {
-	const { get_enabled_servers, read_claude_config } = await import("./config-BhX4eAgg.js").then((n) => n.t);
+	const { get_enabled_servers, read_claude_config } = await import("./config-DE58Fik_.js").then((n) => n.t);
 	const registry = await read_server_registry();
 	const config_servers = get_enabled_servers(await read_claude_config());
 	const config_by_name = new Map(config_servers.map((s) => [s.name, s]));
@@ -566,17 +1031,26 @@ async function add_mcp_via_cli(server, scope) {
 /**
 * Remove an MCP server using Claude CLI
 */
-async function remove_mcp_via_cli(name) {
+function build_remove_args(name, scope) {
+	return scope ? [
+		"mcp",
+		"remove",
+		name,
+		"--scope",
+		scope
+	] : [
+		"mcp",
+		"remove",
+		name
+	];
+}
+async function remove_mcp_via_cli(name, scope) {
 	if (!await check_claude_cli()) return {
 		success: false,
 		error: "Claude CLI not found. Please install Claude Code CLI."
 	};
 	try {
-		await run_claude([
-			"mcp",
-			"remove",
-			name
-		]);
+		await run_claude(build_remove_args(name, scope));
 		return { success: true };
 	} catch (error) {
 		return {
@@ -657,77 +1131,176 @@ async function update_plugin_via_cli(key, scope = "user") {
 		};
 	}
 }
+const GITHUB_OWNER_PATTERN = "[A-Za-z0-9](?:[A-Za-z0-9-]{0,37}[A-Za-z0-9])?";
+const GITHUB_REPO_PATTERN = "[A-Za-z0-9._-]+";
 /**
 * Extract GitHub owner/repo from various source formats.
 * Returns null if not a recognizable GitHub reference.
 */
 function parse_github_repo(source) {
-	const https_match = source.match(/^https?:\/\/github\.com\/([^/]+)\/([^/.]+)(?:\.git)?$/);
-	if (https_match) return {
-		owner: https_match[1],
-		repo: https_match[2]
-	};
-	const ssh_match = source.match(/^git@github\.com:([^/]+)\/([^/.]+)(?:\.git)?$/);
+	const trimmed = source.trim();
+	try {
+		const url = new URL(trimmed);
+		if (url.hostname !== "github.com") return null;
+		const [owner, raw_repo, ...rest] = url.pathname.split("/").filter(Boolean);
+		if (!owner || !raw_repo || rest.length > 0) return null;
+		const repo = raw_repo.replace(/\.git$/, "");
+		if (!is_valid_github_repo(owner, repo)) return null;
+		return {
+			owner,
+			repo,
+			kind: "https"
+		};
+	} catch {}
+	const ssh_match = trimmed.match(new RegExp(`^git@github\\.com:(${GITHUB_OWNER_PATTERN})/(${GITHUB_REPO_PATTERN})(?:\\.git)?$`));
 	if (ssh_match) return {
 		owner: ssh_match[1],
-		repo: ssh_match[2]
+		repo: ssh_match[2].replace(/\.git$/, ""),
+		kind: "ssh"
 	};
-	const shorthand_match = source.match(/^([^/\s]+)\/([^/\s]+)$/);
+	const shorthand_match = trimmed.match(new RegExp(`^(${GITHUB_OWNER_PATTERN})/(${GITHUB_REPO_PATTERN})$`));
 	if (shorthand_match) return {
 		owner: shorthand_match[1],
-		repo: shorthand_match[2]
+		repo: shorthand_match[2],
+		kind: "shorthand"
 	};
 	return null;
 }
-/**
-* Validate that a GitHub repository exists and is accessible.
-* Returns an error message if validation fails, null if OK.
-*/
-async function validate_github_repo(owner, repo) {
+function is_valid_github_repo(owner, repo) {
+	return new RegExp(`^${GITHUB_OWNER_PATTERN}$`).test(owner) && new RegExp(`^${GITHUB_REPO_PATTERN}$`).test(repo);
+}
+function build_marketplace_add_args(source) {
+	return [
+		"plugin",
+		"marketplace",
+		"add",
+		source
+	];
+}
+function get_github_repo_id(ref) {
+	return `${ref.owner}/${ref.repo}`;
+}
+function get_github_clone_urls(ref) {
+	const repo_id = get_github_repo_id(ref);
+	const https_url = `https://github.com/${repo_id}.git`;
+	const ssh_url = `git@github.com:${repo_id}.git`;
+	if (ref.kind === "https") return [https_url];
+	if (ref.kind === "ssh") return [ssh_url];
+	return [https_url, ssh_url];
+}
+function get_process_error_output(error) {
+	const process_error = error;
+	return redact_text([
+		process_error.message,
+		process_error.stderr?.toString(),
+		process_error.stdout?.toString()
+	].filter(Boolean).join("\n"));
+}
+async function can_access_with_git(url) {
 	try {
-		const response = await fetch(`https://api.github.com/repos/${owner}/${repo}`, {
+		await exec_file_async$1("git", [
+			"ls-remote",
+			"--exit-code",
+			url,
+			"HEAD"
+		], {
+			env: {
+				...process.env,
+				GIT_TERMINAL_PROMPT: "0",
+				GIT_SSH_COMMAND: "ssh -o BatchMode=yes"
+			},
+			timeout: 15e3
+		});
+		return null;
+	} catch (error) {
+		return get_process_error_output(error);
+	}
+}
+async function can_view_with_gh(repo_id) {
+	try {
+		await exec_file_async$1("gh", [
+			"repo",
+			"view",
+			repo_id,
+			"--json",
+			"nameWithOwner"
+		], { timeout: 15e3 });
+		return true;
+	} catch (error) {
+		const message = get_process_error_output(error).toLowerCase();
+		if (message.includes("could not resolve") || message.includes("not found") || message.includes("repository not found")) return false;
+		return null;
+	}
+}
+async function get_github_api_status(repo_id) {
+	try {
+		return (await fetch(`https://api.github.com/repos/${repo_id}`, {
 			method: "GET",
 			headers: { Accept: "application/vnd.github.v3+json" }
-		});
-		if (response.status === 200) return null;
-		if (response.status === 404) return `Repository '${owner}/${repo}' not found on GitHub. Check the name or ensure it's not private.`;
-		if (response.status === 403) return `Access denied for '${owner}/${repo}'. The repository may be private — configure a GitHub token or use SSH.`;
-		return `GitHub API returned status ${response.status} for '${owner}/${repo}'.`;
+		})).status;
 	} catch {
 		return null;
 	}
 }
+/**
+* Validate that a GitHub repository can be accessed by git without cloning it.
+* Returns an error message if validation fails, null if OK.
+*/
+async function validate_github_repo(ref) {
+	const repo_id = get_github_repo_id(ref);
+	const git_errors = [];
+	for (const url of get_github_clone_urls(ref)) {
+		const git_error = await can_access_with_git(url);
+		if (!git_error) return null;
+		git_errors.push(git_error);
+	}
+	const gh_visible = await can_view_with_gh(repo_id);
+	if (gh_visible === false) return `Repository '${repo_id}' not found or not accessible with your GitHub account.`;
+	const api_status = await get_github_api_status(repo_id);
+	if (api_status === 404 && gh_visible !== true) return `Repository '${repo_id}' not found or private/inaccessible. Check the name, sign in with 'gh auth login', or use an SSH URL with access.`;
+	if (api_status === 403 && gh_visible !== true) return `Unable to validate '${repo_id}' because GitHub API access was denied or rate-limited. Git access also failed; check your credentials.`;
+	return format_git_access_error(ref, git_errors.join("\n"));
+}
+function format_git_access_error(ref, message) {
+	const repo_id = get_github_repo_id(ref);
+	const lower = message.toLowerCase();
+	if (ref.kind === "shorthand" && (lower.includes("could not read username") || lower.includes("authentication failed")) && (lower.includes("permission denied (publickey)") || lower.includes("ssh authentication"))) return `Repository '${repo_id}' exists, but Git cannot access it over HTTPS or SSH. Run 'gh auth login' and 'gh auth setup-git', or configure an SSH key with GitHub.`;
+	if (ref.kind === "https" || lower.includes("https authentication failed") || lower.includes("could not read username") || lower.includes("authentication failed")) return `Repository '${repo_id}' exists, but HTTPS Git authentication failed. Run 'gh auth login' and 'gh auth setup-git', configure a Git credential helper, or use git@github.com:${repo_id}.git.`;
+	if (ref.kind === "ssh" || lower.includes("permission denied (publickey)") || lower.includes("ssh authentication")) return `SSH authentication failed for '${repo_id}'. Configure an SSH key with GitHub or use https://github.com/${repo_id}.git with a configured Git credential helper.`;
+	return `Unable to access GitHub repository '${repo_id}' with git. Check that the repository exists and that your HTTPS or SSH credentials can clone it.`;
+}
 async function marketplace_add_via_cli(source) {
 	if (!await check_claude_cli()) return {
 		success: false,
 		error: "Claude CLI not found. Please install Claude Code CLI."
 	};
 	const gh = parse_github_repo(source);
-	const is_shorthand = gh && !source.startsWith("http") && !source.startsWith("git@");
-	if (gh && is_shorthand) {
-		const validation_error = await validate_github_repo(gh.owner, gh.repo);
+	if (gh) {
+		const validation_error = await validate_github_repo(gh);
 		if (validation_error) return {
 			success: false,
 			error: validation_error
 		};
 	}
 	try {
-		await run_claude([
-			"plugin",
-			"marketplace",
-			"add",
-			source
-		]);
+		await run_claude(build_marketplace_add_args(source));
 		return { success: true };
 	} catch (error) {
 		const message = get_redacted_error_message(error);
-		if (message.includes("SSH") || message.includes("Permission denied (publickey)")) return {
-			success: false,
-			error: `SSH authentication failed for '${source}'. Either:\n  - Configure SSH keys: https://docs.github.com/en/authentication/connecting-to-github-with-ssh\n  - Use HTTPS URL instead: https://github.com/${gh ? `${gh.owner}/${gh.repo}` : source}`
-		};
-		if (message.includes("not found") || message.includes("does not exist")) return {
+		const lower_message = message.toLowerCase();
+		if (gh) {
+			if (lower_message.includes("https authentication failed") || lower_message.includes("could not read username") || lower_message.includes("authentication failed")) return {
+				success: false,
+				error: format_git_access_error(gh, message)
+			};
+			if (message.includes("SSH") || message.includes("Permission denied (publickey)")) return {
+				success: false,
+				error: format_git_access_error(gh, message)
+			};
+		}
+		if (lower_message.includes("not found") || lower_message.includes("does not exist")) return {
 			success: false,
-			error: `Repository '${source}' not found. Check the name and your access permissions.`
+			error: gh ? `Repository '${get_github_repo_id(gh)}' not found or not accessible with your GitHub account.` : `Repository '${source}' not found. Check the name and your access permissions.`
 		};
 		return {
 			success: false,
@@ -870,20 +1443,23 @@ async function mcp_get_via_cli(name) {
 /**
 * Add an MCP server from raw JSON via Claude CLI
 */
+function build_add_json_args(name, json, scope = "local") {
+	return [
+		"mcp",
+		"add-json",
+		name,
+		json,
+		"--scope",
+		scope
+	];
+}
 async function mcp_add_json_via_cli(name, json, scope = "local") {
 	if (!await check_claude_cli()) return {
 		success: false,
 		error: "Claude CLI not found. Please install Claude Code CLI."
 	};
 	try {
-		await run_claude([
-			"mcp",
-			"add-json",
-			name,
-			json,
-			"--scope",
-			scope
-		]);
+		await run_claude(build_add_json_args(name, json, scope));
 		return { success: true };
 	} catch (error) {
 		return {
@@ -979,7 +1555,16 @@ async function edit_client_config(adapter) {
 		required: false
 	});
 	if (typeof selected_names === "symbol") return;
-	await adapter.writeEnabled(location, selected_names);
+	const preview = await preview_set_client_enabled_servers(adapter, location, selected_names);
+	if (preview.diff) {
+		note(preview.diff, "Preview");
+		const should_apply = await confirm({
+			message: "Apply these changes?",
+			initialValue: true
+		});
+		if (typeof should_apply === "symbol" || !should_apply) return;
+	}
+	await set_client_enabled_servers(adapter, location, selected_names);
 	note(`Configuration updated!\nClient: ${adapter.label}\nConfig: ${location.path}\nEnabled servers: ${selected_names.length}`);
 }
 async function select_config_location(adapter) {
@@ -1053,7 +1638,7 @@ async function edit_claude_config() {
 			}
 		}
 		for (const name of servers_to_remove) {
-			const result = await remove_mcp_via_cli(name);
+			const result = await remove_mcp_via_cli(name, scope);
 			if (!result.success) {
 				error_count++;
 				log.warn(`Failed to remove ${name}: ${result.error}`);
@@ -1358,7 +1943,7 @@ async function read_disabled_hooks() {
 }
 async function write_disabled_hooks(entries) {
 	await ensure_directory_exists(get_mcpick_dir());
-	await writeFile(get_disabled_hooks_path(), JSON.stringify(entries, null, "	"), "utf-8");
+	await safe_json_write(get_disabled_hooks_path(), entries, "	");
 }
 /**
 * Remove a specific hook handler from a hooks.json file by matching the handler.
@@ -1387,7 +1972,7 @@ async function remove_hook_from_file(hooks_path, event, handler) {
 	}
 	if (!removed) return false;
 	if (matchers.length === 0) delete hooks_obj[event];
-	await writeFile(hooks_path, JSON.stringify(hooks_data, null, "	"), "utf-8");
+	await safe_json_write(hooks_path, hooks_data, "	");
 	return true;
 }
 /**
@@ -1446,7 +2031,7 @@ async function add_hook_to_file(hooks_path, event, matcher_pattern, handler) {
 	}
 	if (matcher.hooks.some((h) => h.type === handler.type && h.command === handler.command && h.url === handler.url && h.prompt === handler.prompt)) return;
 	matcher.hooks.push(handler);
-	await writeFile(hooks_path, JSON.stringify(hooks_data, null, "	"), "utf-8");
+	await safe_json_write(hooks_path, hooks_data, "	");
 }
 /**
 * Re-enable a previously disabled plugin hook.
@@ -2072,6 +2657,21 @@ async function load_profile(name) {
 		throw error;
 	}
 }
+async function apply_profile_to_claude(name) {
+	const profile = await load_profile(name);
+	await write_claude_config(profile.config);
+	const serverCount = Object.keys(profile.config.mcpServers || {}).length;
+	let pluginCount = 0;
+	if (profile.enabledPlugins) {
+		await write_claude_settings({ enabledPlugins: profile.enabledPlugins });
+		pluginCount = Object.keys(profile.enabledPlugins).length;
+	}
+	return {
+		profile: name,
+		serverCount,
+		pluginCount
+	};
+}
 async function list_profiles() {
 	const profiles_dir = get_profiles_dir();
 	try {
@@ -2107,12 +2707,20 @@ async function save_profile(name) {
 	await ensure_directory_exists(get_profiles_dir());
 	const profile_data = { mcpServers: servers };
 	if (plugin_count > 0) profile_data.enabledPlugins = plugins;
-	await writeFile(get_profile_path(name), JSON.stringify(profile_data, null, 2), "utf-8");
+	await safe_json_write(get_profile_path(name), profile_data, 2);
 	return {
 		serverCount: server_count,
 		pluginCount: plugin_count
 	};
 }
+async function save_current_claude_profile(name) {
+	const counts = await save_profile(name);
+	return {
+		profile: name,
+		serverCount: counts.serverCount,
+		pluginCount: counts.pluginCount
+	};
+}
 //#endregion
 //#region src/index.ts
 function parse_args() {
@@ -2127,17 +2735,13 @@ function parse_args() {
 	} else if (args[i] === "--list-profiles" || args[i] === "-l") result.listProfiles = true;
 	return result;
 }
-async function apply_profile(name) {
-	intro(`MCPick - Loading profile: ${name}`);
+async function apply_claude_profile(name) {
+	intro(`MCPick - Loading Claude Code profile: ${name}`);
 	try {
-		const profile = await load_profile(name);
-		await write_claude_config(profile.config);
-		const parts = [`${Object.keys(profile.config.mcpServers || {}).length} servers`];
-		if (profile.enabledPlugins) {
-			await write_claude_settings({ enabledPlugins: profile.enabledPlugins });
-			parts.push(`${Object.keys(profile.enabledPlugins).length} plugins`);
-		}
-		log.success(`Profile '${name}' applied (${parts.join(", ")})`);
+		const result = await apply_profile_to_claude(name);
+		const parts = [`${result.serverCount} servers`];
+		if (result.pluginCount > 0) parts.push(`${result.pluginCount} plugins`);
+		log.success(`Profile '${result.profile}' applied (${parts.join(", ")})`);
 		outro("Done!");
 	} catch (error) {
 		if (error instanceof Error) cancel(error.message);
@@ -2154,13 +2758,13 @@ async function show_profiles() {
 	} else for (const p of profiles) log.info(`${p.name} (${p.serverCount} servers)`);
 	outro("");
 }
-async function create_profile(name) {
-	intro(`MCPick - Saving profile: ${name}`);
+async function create_claude_profile(name) {
+	intro(`MCPick - Saving Claude Code profile: ${name}`);
 	try {
-		const counts = await save_profile(name);
-		const parts = [`${counts.serverCount} servers`];
-		if (counts.pluginCount > 0) parts.push(`${counts.pluginCount} plugins`);
-		log.success(`Profile '${name}' saved (${parts.join(", ")})`);
+		const result = await save_current_claude_profile(name);
+		const parts = [`${result.serverCount} servers`];
+		if (result.pluginCount > 0) parts.push(`${result.pluginCount} plugins`);
+		log.success(`Profile '${result.profile}' saved (${parts.join(", ")})`);
 		outro("Done!");
 	} catch (error) {
 		if (error instanceof Error) cancel(error.message);
@@ -2168,7 +2772,7 @@ async function create_profile(name) {
 		process.exit(1);
 	}
 }
-async function handle_load_profile() {
+async function handle_load_claude_profile() {
 	const profiles = await list_profiles();
 	if (profiles.length === 0) {
 		log.warn("No profiles found");
@@ -2188,16 +2792,12 @@ async function handle_load_profile() {
 		})
 	});
 	if (isCancel(profile_name)) return;
-	const profile = await load_profile(profile_name);
-	await write_claude_config(profile.config);
-	const parts = [`${Object.keys(profile.config.mcpServers || {}).length} servers`];
-	if (profile.enabledPlugins) {
-		await write_claude_settings({ enabledPlugins: profile.enabledPlugins });
-		parts.push(`${Object.keys(profile.enabledPlugins).length} plugins`);
-	}
-	log.success(`Profile '${profile_name}' applied (${parts.join(", ")})`);
+	const result = await apply_profile_to_claude(profile_name);
+	const parts = [`${result.serverCount} servers`];
+	if (result.pluginCount > 0) parts.push(`${result.pluginCount} plugins`);
+	log.success(`Profile '${result.profile}' applied (${parts.join(", ")})`);
 }
-async function handle_save_profile() {
+async function handle_save_claude_profile() {
 	const name = await text({
 		message: "Profile name:",
 		placeholder: "e.g. database, web-dev, minimal",
@@ -2207,10 +2807,10 @@ async function handle_save_profile() {
 		}
 	});
 	if (isCancel(name)) return;
-	const counts = await save_profile(name);
-	const parts = [`${counts.serverCount} servers`];
-	if (counts.pluginCount > 0) parts.push(`${counts.pluginCount} plugins`);
-	log.success(`Profile '${name}' saved (${parts.join(", ")})`);
+	const result = await save_current_claude_profile(name);
+	const parts = [`${result.serverCount} servers`];
+	if (result.pluginCount > 0) parts.push(`${result.pluginCount} plugins`);
+	log.success(`Profile '${result.profile}' saved (${parts.join(", ")})`);
 }
 async function handle_client_tools() {
 	const client_id = await select({
@@ -2278,11 +2878,11 @@ async function main() {
 		return;
 	}
 	if (args.saveProfile) {
-		await create_profile(args.saveProfile);
+		await create_claude_profile(args.saveProfile);
 		return;
 	}
 	if (args.profile) {
-		await apply_profile(args.profile);
+		await apply_claude_profile(args.profile);
 		return;
 	}
 	intro("MCPick - MCP Configuration Manager");
@@ -2308,13 +2908,13 @@ async function main() {
 				},
 				{
 					value: "load-profile",
-					label: "Load profile",
-					hint: "Apply a saved profile"
+					label: "Load Claude Code profile",
+					hint: "Apply a saved Claude Code profile"
 				},
 				{
 					value: "save-profile",
-					label: "Save profile",
-					hint: "Save current config as profile"
+					label: "Save Claude Code profile",
+					hint: "Save current Claude Code config as profile"
 				},
 				{
 					value: "backup",
@@ -2354,10 +2954,10 @@ async function main() {
 				await restore_config();
 				break;
 			case "load-profile":
-				await handle_load_profile();
+				await handle_load_claude_profile();
 				break;
 			case "save-profile":
-				await handle_save_profile();
+				await handle_save_claude_profile();
 				break;
 			case "exit":
 				outro("Goodbye!");
@@ -2402,17 +3002,18 @@ const SUBCOMMANDS = new Set([
 	"cache",
 	"dev",
 	"marketplace",
-	"reload"
+	"reload",
+	"rollback"
 ]);
 const arg = process.argv[2];
 if (arg && SUBCOMMANDS.has(arg) || arg === "--help" || arg === "-h" || !process.stdout.isTTY) {
 	if (!arg && !process.stdout.isTTY) process.argv.push("--help");
-	import("./cli-avr5R1LO.js").then((m) => m.run());
+	import("./cli-CZOlaqoZ.js").then((m) => m.run());
 } else main().catch((error) => {
 	console.error("Fatal error:", error);
 	process.exit(1);
 });
 //#endregion
-export { get_client_adapter as A, validate_plugin_via_cli as C, list_plugin_backups as D, list_backups as E, read_server_registry as O, update_plugin_via_cli as S, get_all_available_servers as T, mcp_add_json_via_cli as _, split_cli_list as a, remove_mcp_via_cli as b, enable_plugin_hook as c, add_mcp_via_cli as d, install_plugin_via_cli as f, marketplace_update_via_cli as g, marketplace_remove_via_cli as h, run_skills_cli as i, list_client_locations as j, write_server_registry as k, read_disabled_hooks as l, marketplace_list_via_cli as m, load_profile as n, check_restored_hooks as o, marketplace_add_via_cli as p, save_profile as r, disable_plugin_hook as s, list_profiles as t, redisable_restored_hooks as u, mcp_get_via_cli as v, add_server_to_registry as w, uninstall_plugin_via_cli as x, mcp_reset_project_choices_via_cli as y };
+export { write_claude_settings as $, list_backups as A, preview_remove_client_server as B, mcp_reset_project_choices_via_cli as C, validate_plugin_via_cli as D, update_plugin_via_cli as E, add_client_server_config as F, build_command_preview as G, remove_client_server as H, get_client_adapter as I, build_enabled_plugins as J, build_json_change_preview as K, list_client_locations as L, read_server_registry as M, write_server_registry as N, add_server_to_registry as O, add_client_server as P, remove_hook as Q, preview_add_client_server as R, mcp_get_via_cli as S, uninstall_plugin_via_cli as T, resolve_client_location as U, preview_set_client_enabled_servers as V, set_client_server_enabled as W, get_all_plugins as X, get_all_hooks as Y, read_claude_settings as Z, marketplace_add_via_cli as _, run_skills_cli as a, marketplace_update_via_cli as b, disable_plugin_hook as c, redisable_restored_hooks as d, atomic_json_write as et, add_mcp_via_cli as f, install_plugin_via_cli as g, build_remove_args as h, save_current_claude_profile as i, list_plugin_backups as j, get_all_available_servers as k, enable_plugin_hook as l, build_add_json_args as m, list_profiles as n, restore_config_backup as nt, split_cli_list as o, build_add_args as p, add_hook as q, load_profile as r, check_restored_hooks as s, apply_profile_to_claude as t, list_config_backups as tt, read_disabled_hooks as u, marketplace_list_via_cli as v, remove_mcp_via_cli as w, mcp_add_json_via_cli as x, marketplace_remove_via_cli as y, preview_add_client_server_config as z };
 
 //# sourceMappingURL=index.js.map