peaks-cli 1.0.13 → 1.0.15

package/dist/src/services/config/config-safety.js

@@ -0,0 +1,275 @@
+import { closeSync, constants, existsSync, fchmodSync, fstatSync, lstatSync, mkdirSync, openSync, readFileSync, realpathSync, renameSync, unlinkSync, writeFileSync } from 'node:fs';
+import { randomUUID } from 'node:crypto';
+import { dirname, isAbsolute, relative, resolve } from 'node:path';
+import { homedir } from 'node:os';
+export function getUserConfigPath() {
+    return resolve(homedir(), '.peaks', 'config.json');
+}
+export function isInsidePath(childPath, parentPath) {
+    const relativePath = relative(parentPath, childPath);
+    return relativePath === '' || (!relativePath.startsWith('..') && !isAbsolute(relativePath));
+}
+function isSafeProjectConfigMarker(projectRoot) {
+    const peaksPath = resolve(projectRoot, '.peaks');
+    const markerPath = resolve(peaksPath, 'config.json');
+    try {
+        const projectRootReal = realpathSync(projectRoot);
+        const peaksStats = lstatSync(peaksPath);
+        const peaksReal = realpathSync(peaksPath);
+        const markerStats = lstatSync(markerPath);
+        if (!peaksStats.isDirectory() || peaksStats.isSymbolicLink())
+            return false;
+        if (!markerStats.isFile() || markerStats.isSymbolicLink() || markerStats.nlink !== 1)
+            return false;
+        const markerReal = realpathSync(markerPath);
+        if (!isInsidePath(peaksReal, projectRootReal))
+            return false;
+        if (!isInsidePath(markerReal, projectRootReal))
+            return false;
+        return isInsidePath(markerReal, peaksReal);
+    }
+    catch {
+        return false;
+    }
+}
+function normalizeBoundaryPath(path) {
+    const resolved = resolve(path);
+    let realPath = resolved;
+    try {
+        realPath = existsSync(resolved) ? realpathSync.native(resolved) : resolved;
+    }
+    catch {
+        realPath = resolved;
+    }
+    return process.platform === 'win32' || process.platform === 'darwin' ? realPath.toLowerCase() : realPath;
+}
+function getHomeBoundaryPaths() {
+    return new Set([homedir(), process.env.HOME, process.env.USERPROFILE].filter((path) => typeof path === 'string' && path.length > 0).map(normalizeBoundaryPath));
+}
+export function findProjectRoot(startPath) {
+    const homeBoundaryPaths = getHomeBoundaryPaths();
+    let current = resolve(startPath);
+    let parent = dirname(current);
+    while (current !== parent && !homeBoundaryPaths.has(normalizeBoundaryPath(current))) {
+        if (existsSync(resolve(current, '.peaks', 'config.json')) && isSafeProjectConfigMarker(current)) {
+            return current;
+        }
+        parent = current;
+        current = dirname(parent);
+    }
+    return null;
+}
+export function resolveProjectRootForConfig(startPath) {
+    const start = resolve(startPath);
+    const homeBoundaryPaths = getHomeBoundaryPaths();
+    let current = start;
+    let parent = dirname(current);
+    while (current !== parent && !homeBoundaryPaths.has(normalizeBoundaryPath(current))) {
+        if (existsSync(resolve(current, '.peaks', 'config.json')) && isSafeProjectConfigMarker(current)) {
+            return current;
+        }
+        if (existsSync(resolve(current, 'package.json')) || existsSync(resolve(current, '.git'))) {
+            return current;
+        }
+        parent = current;
+        current = dirname(parent);
+    }
+    return start;
+}
+export function getProjectConfigPath(projectRoot) {
+    if (!projectRoot)
+        return null;
+    if (!isSafeProjectConfigMarker(projectRoot))
+        return null;
+    return resolve(projectRoot, '.peaks', 'config.json');
+}
+export function getProjectBootstrapConfigPath(projectRoot) {
+    const projectRootPath = resolve(projectRoot);
+    const peaksPath = resolve(projectRootPath, '.peaks');
+    const configPath = resolve(peaksPath, 'config.json');
+    if (!isInsidePath(configPath, projectRootPath)) {
+        throw new Error('Project config path must stay inside the project root');
+    }
+    if (!existsSync(peaksPath)) {
+        mkdirSync(peaksPath, { recursive: true });
+    }
+    validateProjectBootstrapConfigPath(projectRootPath, peaksPath, configPath);
+    return configPath;
+}
+function validateProjectBootstrapConfigPath(projectRootPath, peaksPath, configPath) {
+    const projectRootReal = realpathSync(projectRootPath);
+    const peaksStats = lstatSync(peaksPath);
+    const peaksReal = realpathSync(peaksPath);
+    if (!peaksStats.isDirectory() || peaksStats.isSymbolicLink() || peaksReal !== resolve(projectRootReal, '.peaks')) {
+        throw new Error('Project config path must stay inside the project root');
+    }
+    try {
+        const markerStats = lstatSync(configPath);
+        if (!markerStats.isFile() || markerStats.isSymbolicLink()) {
+            throw new Error('Project config path must stay inside the project root');
+        }
+        if (markerStats.nlink !== 1) {
+            throw new Error('Config path must not be hardlinked');
+        }
+        const markerReal = realpathSync(configPath);
+        if (!isInsidePath(markerReal, projectRootReal) || !isInsidePath(markerReal, peaksReal)) {
+            throw new Error('Project config path must stay inside the project root');
+        }
+    }
+    catch (error) {
+        if (error.code !== 'ENOENT') {
+            throw error;
+        }
+    }
+}
+export function validateProjectBootstrapConfigPathForWrite(projectRoot, configPath) {
+    const projectRootPath = resolve(projectRoot);
+    validateProjectBootstrapConfigPath(projectRootPath, resolve(projectRootPath, '.peaks'), configPath);
+}
+export function validateUserConfigPathForWrite(configPath) {
+    const userRoot = resolve(homedir());
+    const peaksPath = resolve(userRoot, '.peaks');
+    const userRootReal = realpathSync(userRoot);
+    const peaksStats = lstatSync(peaksPath);
+    const peaksReal = realpathSync(peaksPath);
+    if (!peaksStats.isDirectory() || peaksStats.isSymbolicLink() || peaksReal !== resolve(userRootReal, '.peaks')) {
+        throw new Error('User config path must stay inside the user root');
+    }
+    try {
+        const markerStats = lstatSync(configPath);
+        if (!markerStats.isFile() || markerStats.isSymbolicLink()) {
+            throw new Error('User config path must stay inside the user root');
+        }
+        if (markerStats.nlink !== 1) {
+            throw new Error('Config path must not be hardlinked');
+        }
+        const markerReal = realpathSync(configPath);
+        if (!isInsidePath(markerReal, userRootReal) || !isInsidePath(markerReal, peaksReal)) {
+            throw new Error('User config path must stay inside the user root');
+        }
+    }
+    catch (error) {
+        if (error.code !== 'ENOENT') {
+            throw error;
+        }
+    }
+}
+export function validateArtifactWorkspaceRoot(artifactRoot, workspaceRoot) {
+    const artifactStats = lstatSync(artifactRoot);
+    if (!artifactStats.isDirectory() || artifactStats.isSymbolicLink()) {
+        throw new Error('Artifact workspace marker must stay inside the artifact workspace');
+    }
+    const artifactRootReal = realpathSync(artifactRoot);
+    const workspaceRootReal = realpathSync(workspaceRoot);
+    if (isInsidePath(artifactRootReal, workspaceRootReal)) {
+        throw new Error('Artifact workspace must stay outside the project root');
+    }
+}
+export function validateArtifactWorkspaceMarkerPath(artifactRoot, peaksPath, markerPath) {
+    const artifactStats = lstatSync(artifactRoot);
+    if (!artifactStats.isDirectory() || artifactStats.isSymbolicLink()) {
+        throw new Error('Artifact workspace marker must stay inside the artifact workspace');
+    }
+    const artifactRootReal = realpathSync(artifactRoot);
+    const peaksStats = lstatSync(peaksPath);
+    const peaksReal = realpathSync(peaksPath);
+    if (!peaksStats.isDirectory() || peaksStats.isSymbolicLink() || peaksReal !== resolve(artifactRootReal, '.peaks')) {
+        throw new Error('Artifact workspace marker must stay inside the artifact workspace');
+    }
+    try {
+        const markerStats = lstatSync(markerPath);
+        if (!markerStats.isFile() || markerStats.isSymbolicLink()) {
+            throw new Error('Artifact workspace marker must stay inside the artifact workspace');
+        }
+        if (markerStats.nlink !== 1) {
+            throw new Error('Config path must not be hardlinked');
+        }
+        const markerReal = realpathSync(markerPath);
+        if (!isInsidePath(markerReal, artifactRootReal) || !isInsidePath(markerReal, peaksReal)) {
+            throw new Error('Artifact workspace marker must stay inside the artifact workspace');
+        }
+    }
+    catch (error) {
+        if (error.code !== 'ENOENT') {
+            throw error;
+        }
+    }
+}
+function validateOpenConfigFile(fd, tempPath, errorMessage) {
+    const fdStats = fstatSync(fd);
+    const pathStats = lstatSync(tempPath);
+    if (!fdStats.isFile() || !pathStats.isFile() || fdStats.dev !== pathStats.dev || fdStats.ino !== pathStats.ino) {
+        throw new Error(errorMessage);
+    }
+    if (fdStats.nlink !== 1 || pathStats.nlink !== 1) {
+        throw new Error('Config path must not be hardlinked');
+    }
+}
+function getSafeTempOpenFlags() {
+    const baseFlags = constants.O_WRONLY | constants.O_CREAT | constants.O_EXCL;
+    return typeof constants.O_NOFOLLOW === 'number' ? baseFlags | constants.O_NOFOLLOW : baseFlags;
+}
+function getSafeReadOpenFlags() {
+    return typeof constants.O_NOFOLLOW === 'number' ? constants.O_RDONLY | constants.O_NOFOLLOW : constants.O_RDONLY;
+}
+export function readConfigFileSafely(configPath, errorMessage) {
+    const fd = openSync(configPath, getSafeReadOpenFlags());
+    try {
+        validateOpenConfigFile(fd, configPath, errorMessage);
+        return readFileSync(fd, 'utf-8');
+    }
+    finally {
+        closeSync(fd);
+    }
+}
+export function writeConfigFileSafely(configPath, content, validateBeforeWrite, errorMessage) {
+    validateBeforeWrite();
+    const tempPath = `${configPath}.${process.pid}.${randomUUID()}.tmp`;
+    let fd = openSync(tempPath, getSafeTempOpenFlags(), 0o600);
+    let renamed = false;
+    let closeError;
+    try {
+        validateOpenConfigFile(fd, tempPath, errorMessage);
+        fchmodSync(fd, 0o600);
+        writeFileSync(fd, content, 'utf-8');
+        const writeFd = fd;
+        fd = null;
+        closeSync(writeFd);
+        validateBeforeWrite();
+        const readFd = openSync(tempPath, getSafeReadOpenFlags());
+        try {
+            validateOpenConfigFile(readFd, tempPath, errorMessage);
+        }
+        finally {
+            closeSync(readFd);
+        }
+        renameSync(tempPath, configPath);
+        renamed = true;
+    }
+    finally {
+        if (fd !== null) {
+            try {
+                closeSync(fd);
+            }
+            catch (error) {
+                closeError = error;
+            }
+        }
+        try {
+            if (!renamed && existsSync(tempPath)) {
+                unlinkSync(tempPath);
+            }
+        }
+        finally {
+            if (closeError) {
+                throw closeError;
+            }
+        }
+    }
+}
+export function writeProjectConfigFile(projectRoot, configPath, content) {
+    writeConfigFileSafely(configPath, content, () => validateProjectBootstrapConfigPathForWrite(projectRoot, configPath), 'Project config path must stay inside the project root');
+}
+export function writeUserConfigFile(configPath, content) {
+    writeConfigFileSafely(configPath, content, () => validateUserConfigPathForWrite(configPath), 'User config path must stay inside the user root');
+}

package/dist/src/services/config/config-service.d.ts

@@ -1,5 +1,5 @@
 import type { ConfigGetOptions, ConfigLayer, ConfigSetOptions, MiniMaxProviderConfig, PeaksConfig, TokenRef, WorkspaceConfig } from './config-types.js';
-export declare function resolveProjectRootForConfig(startPath: string): string;
+export { resolveProjectRootForConfig } from './config-safety.js';
 export declare function isConfigLayer(value: string): value is ConfigLayer;
 export declare function isSensitiveConfigPath(path: string): boolean;
 export declare function containsSensitiveConfigValue(value: unknown): boolean;

package/dist/src/services/config/config-service.js

@@ -1,280 +1,11 @@
-import { closeSync, constants, existsSync, fchmodSync, fstatSync, lstatSync, mkdirSync, openSync, readFileSync, realpathSync, renameSync, unlinkSync, writeFileSync } from 'node:fs';
-import { randomUUID } from 'node:crypto';
-import { basename, dirname, isAbsolute, relative, resolve } from 'node:path';
+import { existsSync, mkdirSync } from 'node:fs';
 import { homedir } from 'node:os';
+import { basename, dirname, isAbsolute, resolve } from 'node:path';
 import { DEFAULT_CONFIG } from './config-types.js';
 import { stablePath } from '../../shared/path-utils.js';
-function getUserConfigPath() {
-    return resolve(homedir(), '.peaks', 'config.json');
-}
-function isInsidePath(childPath, parentPath) {
-    const relativePath = relative(parentPath, childPath);
-    return relativePath === '' || (!relativePath.startsWith('..') && !isAbsolute(relativePath));
-}
-function isSafeProjectConfigMarker(projectRoot) {
-    const peaksPath = resolve(projectRoot, '.peaks');
-    const markerPath = resolve(peaksPath, 'config.json');
-    try {
-        const projectRootReal = realpathSync(projectRoot);
-        const peaksStats = lstatSync(peaksPath);
-        const peaksReal = realpathSync(peaksPath);
-        const markerStats = lstatSync(markerPath);
-        if (!peaksStats.isDirectory() || peaksStats.isSymbolicLink())
-            return false;
-        if (!markerStats.isFile() || markerStats.isSymbolicLink() || markerStats.nlink !== 1)
-            return false;
-        const markerReal = realpathSync(markerPath);
-        if (!isInsidePath(peaksReal, projectRootReal))
-            return false;
-        if (!isInsidePath(markerReal, projectRootReal))
-            return false;
-        return isInsidePath(markerReal, peaksReal);
-    }
-    catch {
-        return false;
-    }
-}
-function normalizeBoundaryPath(path) {
-    const resolved = resolve(path);
-    let realPath = resolved;
-    try {
-        realPath = existsSync(resolved) ? realpathSync.native(resolved) : resolved;
-    }
-    catch {
-        realPath = resolved;
-    }
-    return process.platform === 'win32' || process.platform === 'darwin' ? realPath.toLowerCase() : realPath;
-}
-function getHomeBoundaryPaths() {
-    return new Set([homedir(), process.env.HOME, process.env.USERPROFILE].filter((path) => typeof path === 'string' && path.length > 0).map(normalizeBoundaryPath));
-}
-function findProjectRoot(startPath) {
-    const homeBoundaryPaths = getHomeBoundaryPaths();
-    let current = resolve(startPath);
-    let parent = dirname(current);
-    while (current !== parent && !homeBoundaryPaths.has(normalizeBoundaryPath(current))) {
-        if (existsSync(resolve(current, '.peaks', 'config.json')) && isSafeProjectConfigMarker(current)) {
-            return current;
-        }
-        parent = current;
-        current = dirname(parent);
-    }
-    return null;
-}
-export function resolveProjectRootForConfig(startPath) {
-    const start = resolve(startPath);
-    const homeBoundaryPaths = getHomeBoundaryPaths();
-    let current = start;
-    let parent = dirname(current);
-    while (current !== parent && !homeBoundaryPaths.has(normalizeBoundaryPath(current))) {
-        if (existsSync(resolve(current, '.peaks', 'config.json')) && isSafeProjectConfigMarker(current)) {
-            return current;
-        }
-        if (existsSync(resolve(current, 'package.json')) || existsSync(resolve(current, '.git'))) {
-            return current;
-        }
-        parent = current;
-        current = dirname(parent);
-    }
-    return start;
-}
-function getProjectConfigPath(projectRoot) {
-    if (!projectRoot)
-        return null;
-    if (!isSafeProjectConfigMarker(projectRoot))
-        return null;
-    return resolve(projectRoot, '.peaks', 'config.json');
-}
-function getProjectBootstrapConfigPath(projectRoot) {
-    const projectRootPath = resolve(projectRoot);
-    const peaksPath = resolve(projectRootPath, '.peaks');
-    const configPath = resolve(peaksPath, 'config.json');
-    if (!isInsidePath(configPath, projectRootPath)) {
-        throw new Error('Project config path must stay inside the project root');
-    }
-    if (!existsSync(peaksPath)) {
-        mkdirSync(peaksPath, { recursive: true });
-    }
-    validateProjectBootstrapConfigPath(projectRootPath, peaksPath, configPath);
-    return configPath;
-}
-function validateProjectBootstrapConfigPath(projectRootPath, peaksPath, configPath) {
-    const projectRootReal = realpathSync(projectRootPath);
-    const peaksStats = lstatSync(peaksPath);
-    const peaksReal = realpathSync(peaksPath);
-    if (!peaksStats.isDirectory() || peaksStats.isSymbolicLink() || peaksReal !== resolve(projectRootReal, '.peaks')) {
-        throw new Error('Project config path must stay inside the project root');
-    }
-    try {
-        const markerStats = lstatSync(configPath);
-        if (!markerStats.isFile() || markerStats.isSymbolicLink()) {
-            throw new Error('Project config path must stay inside the project root');
-        }
-        if (markerStats.nlink !== 1) {
-            throw new Error('Config path must not be hardlinked');
-        }
-        const markerReal = realpathSync(configPath);
-        if (!isInsidePath(markerReal, projectRootReal) || !isInsidePath(markerReal, peaksReal)) {
-            throw new Error('Project config path must stay inside the project root');
-        }
-    }
-    catch (error) {
-        if (error.code !== 'ENOENT') {
-            throw error;
-        }
-    }
-}
-function validateProjectBootstrapConfigPathForWrite(projectRoot, configPath) {
-    const projectRootPath = resolve(projectRoot);
-    validateProjectBootstrapConfigPath(projectRootPath, resolve(projectRootPath, '.peaks'), configPath);
-}
-function validateUserConfigPathForWrite(configPath) {
-    const userRoot = resolve(homedir());
-    const peaksPath = resolve(userRoot, '.peaks');
-    const userRootReal = realpathSync(userRoot);
-    const peaksStats = lstatSync(peaksPath);
-    const peaksReal = realpathSync(peaksPath);
-    if (!peaksStats.isDirectory() || peaksStats.isSymbolicLink() || peaksReal !== resolve(userRootReal, '.peaks')) {
-        throw new Error('User config path must stay inside the user root');
-    }
-    try {
-        const markerStats = lstatSync(configPath);
-        if (!markerStats.isFile() || markerStats.isSymbolicLink()) {
-            throw new Error('User config path must stay inside the user root');
-        }
-        if (markerStats.nlink !== 1) {
-            throw new Error('Config path must not be hardlinked');
-        }
-        const markerReal = realpathSync(configPath);
-        if (!isInsidePath(markerReal, userRootReal) || !isInsidePath(markerReal, peaksReal)) {
-            throw new Error('User config path must stay inside the user root');
-        }
-    }
-    catch (error) {
-        if (error.code !== 'ENOENT') {
-            throw error;
-        }
-    }
-}
-function validateArtifactWorkspaceRoot(artifactRoot, workspaceRoot) {
-    const artifactStats = lstatSync(artifactRoot);
-    if (!artifactStats.isDirectory() || artifactStats.isSymbolicLink()) {
-        throw new Error('Artifact workspace marker must stay inside the artifact workspace');
-    }
-    const artifactRootReal = realpathSync(artifactRoot);
-    const workspaceRootReal = realpathSync(workspaceRoot);
-    if (isInsidePath(artifactRootReal, workspaceRootReal)) {
-        throw new Error('Artifact workspace must stay outside the project root');
-    }
-}
-function validateArtifactWorkspaceMarkerPath(artifactRoot, peaksPath, markerPath) {
-    const artifactStats = lstatSync(artifactRoot);
-    if (!artifactStats.isDirectory() || artifactStats.isSymbolicLink()) {
-        throw new Error('Artifact workspace marker must stay inside the artifact workspace');
-    }
-    const artifactRootReal = realpathSync(artifactRoot);
-    const peaksStats = lstatSync(peaksPath);
-    const peaksReal = realpathSync(peaksPath);
-    if (!peaksStats.isDirectory() || peaksStats.isSymbolicLink() || peaksReal !== resolve(artifactRootReal, '.peaks')) {
-        throw new Error('Artifact workspace marker must stay inside the artifact workspace');
-    }
-    try {
-        const markerStats = lstatSync(markerPath);
-        if (!markerStats.isFile() || markerStats.isSymbolicLink()) {
-            throw new Error('Artifact workspace marker must stay inside the artifact workspace');
-        }
-        if (markerStats.nlink !== 1) {
-            throw new Error('Config path must not be hardlinked');
-        }
-        const markerReal = realpathSync(markerPath);
-        if (!isInsidePath(markerReal, artifactRootReal) || !isInsidePath(markerReal, peaksReal)) {
-            throw new Error('Artifact workspace marker must stay inside the artifact workspace');
-        }
-    }
-    catch (error) {
-        if (error.code !== 'ENOENT') {
-            throw error;
-        }
-    }
-}
-function validateOpenConfigFile(fd, tempPath, errorMessage) {
-    const fdStats = fstatSync(fd);
-    const pathStats = lstatSync(tempPath);
-    if (!fdStats.isFile() || !pathStats.isFile() || fdStats.dev !== pathStats.dev || fdStats.ino !== pathStats.ino) {
-        throw new Error(errorMessage);
-    }
-    if (fdStats.nlink !== 1 || pathStats.nlink !== 1) {
-        throw new Error('Config path must not be hardlinked');
-    }
-}
-function getSafeTempOpenFlags() {
-    const baseFlags = constants.O_WRONLY | constants.O_CREAT | constants.O_EXCL;
-    return typeof constants.O_NOFOLLOW === 'number' ? baseFlags | constants.O_NOFOLLOW : baseFlags;
-}
-function getSafeReadOpenFlags() {
-    return typeof constants.O_NOFOLLOW === 'number' ? constants.O_RDONLY | constants.O_NOFOLLOW : constants.O_RDONLY;
-}
-function readConfigFileSafely(configPath, errorMessage) {
-    const fd = openSync(configPath, getSafeReadOpenFlags());
-    try {
-        validateOpenConfigFile(fd, configPath, errorMessage);
-        return readFileSync(fd, 'utf-8');
-    }
-    finally {
-        closeSync(fd);
-    }
-}
-function writeConfigFileSafely(configPath, content, validateBeforeWrite, errorMessage) {
-    validateBeforeWrite();
-    const tempPath = `${configPath}.${process.pid}.${randomUUID()}.tmp`;
-    let fd = openSync(tempPath, getSafeTempOpenFlags(), 0o600);
-    let renamed = false;
-    let closeError;
-    try {
-        validateOpenConfigFile(fd, tempPath, errorMessage);
-        fchmodSync(fd, 0o600);
-        writeFileSync(fd, content, 'utf-8');
-        const writeFd = fd;
-        fd = null;
-        closeSync(writeFd);
-        validateBeforeWrite();
-        const readFd = openSync(tempPath, getSafeReadOpenFlags());
-        try {
-            validateOpenConfigFile(readFd, tempPath, errorMessage);
-        }
-        finally {
-            closeSync(readFd);
-        }
-        renameSync(tempPath, configPath);
-        renamed = true;
-    }
-    finally {
-        if (fd !== null) {
-            try {
-                closeSync(fd);
-            }
-            catch (error) {
-                closeError = error;
-            }
-        }
-        try {
-            if (!renamed && existsSync(tempPath)) {
-                unlinkSync(tempPath);
-            }
-        }
-        finally {
-            if (closeError) {
-                throw closeError;
-            }
-        }
-    }
-}
-function writeProjectConfigFile(projectRoot, configPath, content) {
-    writeConfigFileSafely(configPath, content, () => validateProjectBootstrapConfigPathForWrite(projectRoot, configPath), 'Project config path must stay inside the project root');
-}
-function writeUserConfigFile(configPath, content) {
-    writeConfigFileSafely(configPath, content, () => validateUserConfigPathForWrite(configPath), 'User config path must stay inside the user root');
-}
+import { findProjectRoot, getProjectBootstrapConfigPath, getProjectConfigPath, getUserConfigPath, isInsidePath, readConfigFileSafely, resolveProjectRootForConfig, validateArtifactWorkspaceMarkerPath, validateArtifactWorkspaceRoot, validateProjectBootstrapConfigPathForWrite, validateUserConfigPathForWrite, writeConfigFileSafely, writeProjectConfigFile, writeUserConfigFile } from './config-safety.js';
+// Re-export resolveProjectRootForConfig for external consumers
+export { resolveProjectRootForConfig } from './config-safety.js';
 function readJsonFile(path, validateBeforeRead, errorMessage = 'Config path must stay inside the config root') {
     if (!path || !existsSync(path))
         return null;

package/dist/src/services/dashboard/project-dashboard-service.d.ts

@@ -2,6 +2,7 @@ import { type RequestArtifactRole, type RequestArtifactSummary } from '../artifa
 import type { OpenSpecChangeSummary } from '../openspec/openspec-types.js';
 import type { McpScanReport } from '../mcp/mcp-types.js';
 import type { CapabilityItem } from '../recommendations/recommendation-types.js';
+import { type SkillPresence } from '../skills/skill-presence-service.js';
 export type ProjectDashboardRequests = {
     count: number;
     byRole: Record<RequestArtifactRole, RequestArtifactSummary[]>;
@@ -39,6 +40,14 @@ export type ProjectDashboardCapabilities = {
     mcpCount: number;
     sample: Array<Pick<CapabilityItem, 'capabilityId' | 'name' | 'itemType' | 'category'>>;
 };
+export type ProjectDashboardSkillPresence = {
+    active: boolean;
+    fresh: boolean;
+    skill?: string;
+    mode?: string;
+    gate?: string;
+    setAt?: string;
+};
 export type ProjectDashboard = {
     generatedAt: string;
     projectRoot: string;
@@ -49,6 +58,7 @@ export type ProjectDashboard = {
     doctor: ProjectDashboardDoctor;
     runbookHealth: ProjectDashboardRunbookHealth;
     capabilities: ProjectDashboardCapabilities;
+    skillPresence: ProjectDashboardSkillPresence;
 };
 export type LoadProjectDashboardOptions = {
     projectRoot: string;
@@ -60,5 +70,6 @@ export type LoadProjectDashboardOptions = {
         failed: number;
     };
     runbookHealth?: ProjectDashboardRunbookHealth;
+    skillPresence?: SkillPresence | null;
 };
 export declare function loadProjectDashboard(options: LoadProjectDashboardOptions): Promise<ProjectDashboard>;

package/dist/src/services/dashboard/project-dashboard-service.js

@@ -4,11 +4,13 @@ import { scanMcpServers } from '../mcp/mcp-scan-service.js';
 import { scanUnderstandAnything } from '../understand/understand-scan-service.js';
 import { seedCapabilityItems } from '../recommendations/capability-seed-items.js';
 import { requiredSkillNames } from '../../shared/paths.js';
+import { getSkillPresence } from '../skills/skill-presence-service.js';
+const SKILL_PRESENCE_FRESHNESS_THRESHOLD_MS = 24 * 60 * 60 * 1000;
 function defaultClock() {
     return new Date().toISOString();
 }
 function groupRequestsByRole(items) {
-    const byRole = { prd: [], ui: [], rd: [], qa: [] };
+    const byRole = { prd: [], ui: [], rd: [], qa: [], sc: [] };
     for (const item of items) {
         byRole[item.role].push(item);
     }
@@ -72,6 +74,22 @@ function buildCapabilitiesSummary(sampleSize) {
         }))
     };
 }
+function buildSkillPresenceSummary(presence) {
+    const resolved = presence === undefined ? getSkillPresence() : presence;
+    if (resolved === null) {
+        return { active: false, fresh: true };
+    }
+    const setAtMs = Date.parse(resolved.setAt);
+    const fresh = !Number.isNaN(setAtMs) && Date.now() - setAtMs <= SKILL_PRESENCE_FRESHNESS_THRESHOLD_MS;
+    return {
+        active: true,
+        fresh,
+        skill: resolved.skill,
+        ...(resolved.mode !== undefined ? { mode: resolved.mode } : {}),
+        ...(resolved.gate !== undefined ? { gate: resolved.gate } : {}),
+        setAt: resolved.setAt
+    };
+}
 export async function loadProjectDashboard(options) {
     const clock = options.clock ?? defaultClock;
     const sampleSize = options.sampleCapabilities ?? 8;
@@ -107,6 +125,7 @@ export async function loadProjectDashboard(options) {
         },
         doctor: doctorAndRunbook.doctor,
         runbookHealth: doctorAndRunbook.runbookHealth,
-        capabilities: buildCapabilitiesSummary(sampleSize)
+        capabilities: buildCapabilitiesSummary(sampleSize),
+        skillPresence: buildSkillPresenceSummary(options.skillPresence)
     };
 }

package/dist/src/services/doctor/doctor-service.d.ts

@@ -1,3 +1,4 @@
+import { type SkillPresence } from '../skills/skill-presence-service.js';
 export type DoctorCheck = {
     id: string;
     ok: boolean;
@@ -21,5 +22,7 @@ export type DoctorOptions = {
     schemasBaseDir?: string;
     skillsBaseDir?: string;
     codegraphProbe?: () => CodegraphCapabilityProbe;
+    skillPresenceProbe?: () => SkillPresence | null;
+    skillPresenceFreshnessThresholdMs?: number;
 };
 export declare function runDoctor(options?: DoctorOptions): Promise<DoctorReport>;