peaks-cli 1.0.21 → 1.0.22

package/dist/src/services/artifacts/request-artifact-service.js

@@ -1,7 +1,14 @@
 import { mkdir, readFile, readdir, writeFile } from 'node:fs/promises';
+import { existsSync } from 'node:fs';
 import { dirname, join } from 'node:path';
-import { isDirectory, listDirectories, pathExists } from '../../shared/fs.js';
+import { isDirectory, listDirectories } from '../../shared/fs.js';
 import { checkPrerequisites, DEFAULT_REQUEST_TYPE, isRequestType, VALID_REQUEST_TYPES } from './artifact-prerequisites.js';
+import { ensureSession } from '../session/session-manager.js';
+import { getNextNumber, buildNumberedFilename } from '../../shared/incrementing-number.js';
+import { lintRequestArtifact } from './artifact-lint-service.js';
+import { checkTypeSanity } from '../scan/type-sanity-service.js';
+import { requireUserConfirmation } from '../mode/mode-enforcement.js';
+import { scanFileSize } from '../scan/file-size-scan.js';
 export { VALID_REQUEST_TYPES, DEFAULT_REQUEST_TYPE, isRequestType };
 const REQUEST_ID_PATTERN = /^[A-Za-z0-9][A-Za-z0-9._-]*$/;
 const VALID_ROLES = new Set(['prd', 'ui', 'rd', 'qa', 'sc']);
@@ -299,17 +306,42 @@ export async function createRequestArtifact(options) {
     const requestType = options.requestType ?? DEFAULT_REQUEST_TYPE;
     const clock = options.clock ?? defaultClock;
     const timestamp = clock();
-    const sessionId = options.sessionId ?? defaultSessionId(timestamp);
-    const path = join(options.projectRoot, '.peaks', sessionId, options.role, 'requests', `${options.requestId}.md`);
+    // Use provided session ID or get/create current session
+    const sessionId = options.sessionId ?? await ensureSession(options.projectRoot);
+    // Build numbered path in session directory
+    const requestsDir = join(options.projectRoot, '.peaks', sessionId, options.role, 'requests');
+    // Check if a file with this requestId already exists (regardless of number prefix)
+    if (await isDirectory(requestsDir)) {
+        const existingFiles = await listMarkdownFiles(requestsDir);
+        const alreadyExists = existingFiles.some((file) => {
+            if (file === `${options.requestId}.md`)
+                return true;
+            if (/^\d+-/.test(file) && file.endsWith(`-${options.requestId}.md`))
+                return true;
+            return false;
+        });
+        if (alreadyExists) {
+            throw new Error(`A request artifact with id "${options.requestId}" already exists in ${requestsDir}. Remove it before re-running peaks request init.`);
+        }
+    }
+    const number = getNextNumber(requestsDir);
+    const filename = buildNumberedFilename(number, options.requestId);
+    const path = join(requestsDir, filename);
     const content = renderTemplate(options.role, options.requestId, sessionId, timestamp, requestType);
     if (options.apply !== true) {
         return { role: options.role, requestId: options.requestId, sessionId, path, content, applied: false };
     }
-    if (await pathExists(path)) {
-        throw new Error(`Refusing to write: ${path} already exists. Update it in place or remove it before re-running peaks request init.`);
-    }
     await mkdir(dirname(path), { recursive: true });
     await writeFile(path, content, 'utf8');
+    // Create QA initiated marker so rd:qa-handoff gate can verify QA was invoked
+    if (options.role === 'qa') {
+        const qaDir = join(options.projectRoot, '.peaks', sessionId, 'qa');
+        const initiatedPath = join(qaDir, '.initiated');
+        if (!existsSync(initiatedPath)) {
+            await mkdir(qaDir, { recursive: true });
+            await writeFile(initiatedPath, '', 'utf8');
+        }
+    }
     return { role: options.role, requestId: options.requestId, sessionId, path, content, applied: true };
 }
 function extractMetadata(markdown) {
@@ -346,7 +378,9 @@ async function readSummary(projectRoot, sessionId, role, fileName) {
     const path = join(projectRoot, '.peaks', sessionId, role, 'requests', fileName);
     const body = await readFile(path, 'utf8');
     const { state, createdAt, requestType } = extractMetadata(body);
-    const requestId = fileName.replace(/\.md$/, '');
+    // Strip numbered prefix (e.g., "001-requestId.md" -> "requestId")
+    // Only strip 3-digit zero-padded prefixes (our incrementing number format)
+    const requestId = fileName.replace(/^0\d{2}-/, '').replace(/\.md$/, '');
     const summary = { role, sessionId, requestId, path, state, requestType };
     if (createdAt !== undefined) {
         summary.createdAt = createdAt;
@@ -389,14 +423,29 @@ export async function showRequestArtifact(options) {
     if (!REQUEST_ID_PATTERN.test(options.requestId)) {
         throw new Error(`Invalid request id: ${options.requestId} (expected letters, digits, dots, underscores, or dashes)`);
     }
-    const fileName = `${options.requestId}.md`;
+    // Search for files matching the requestId (supports both legacy and numbered formats)
+    const findFileInDir = async (dir) => {
+        const files = await listMarkdownFiles(dir);
+        for (const file of files) {
+            // Match legacy format: ${requestId}.md
+            if (file === `${options.requestId}.md`) {
+                return { fileName: file, path: join(dir, file) };
+            }
+            // Match numbered format: ${number}-${requestId}.md
+            if (/^\d+-/.test(file) && file.endsWith(`-${options.requestId}.md`)) {
+                return { fileName: file, path: join(dir, file) };
+            }
+        }
+        return null;
+    };
     if (options.sessionId !== undefined) {
-        const path = join(options.projectRoot, '.peaks', options.sessionId, options.role, 'requests', fileName);
-        if (!(await pathExists(path))) {
+        const dir = join(options.projectRoot, '.peaks', options.sessionId, options.role, 'requests');
+        const found = await findFileInDir(dir);
+        if (found === null) {
             return null;
         }
-        const summary = await readSummary(options.projectRoot, options.sessionId, options.role, fileName);
-        const content = await readFile(path, 'utf8');
+        const summary = await readSummary(options.projectRoot, options.sessionId, options.role, found.fileName);
+        const content = await readFile(found.path, 'utf8');
         return { ...summary, content };
     }
     const peaksRoot = join(options.projectRoot, '.peaks');
@@ -405,10 +454,11 @@ export async function showRequestArtifact(options) {
     }
     const sessions = await listDirectories(peaksRoot);
     for (const sessionId of sessions) {
-        const path = join(peaksRoot, sessionId, options.role, 'requests', fileName);
-        if (await pathExists(path)) {
-            const summary = await readSummary(options.projectRoot, sessionId, options.role, fileName);
-            const content = await readFile(path, 'utf8');
+        const dir = join(peaksRoot, sessionId, options.role, 'requests');
+        const found = await findFileInDir(dir);
+        if (found !== null) {
+            const summary = await readSummary(options.projectRoot, sessionId, options.role, found.fileName);
+            const content = await readFile(found.path, 'utf8');
             return { ...summary, content };
         }
     }
@@ -439,6 +489,48 @@ export class PrerequisitesNotSatisfiedError extends Error {
         this.missing = missing;
     }
 }
+export class LintGateError extends Error {
+    code = 'LINT_GATE_FAILED';
+    role;
+    newState;
+    errorCount;
+    constructor(role, newState, errorCount) {
+        super(`Cannot transition ${role} to ${newState}: ${errorCount} lint error(s) found in artifact. ` +
+            'Fix lint errors or use --allow-incomplete to bypass.');
+        this.name = 'LintGateError';
+        this.role = role;
+        this.newState = newState;
+        this.errorCount = errorCount;
+    }
+}
+export class TypeSanityViolationError extends Error {
+    code = 'TYPE_SANITY_VIOLATION';
+    declaredType;
+    suggestedTypes;
+    rationale;
+    constructor(declaredType, suggestedTypes, rationale) {
+        super(`Type sanity violation: declared --type=${declaredType} disagrees with changed files. ` +
+            `Suggested types: ${suggestedTypes.join(' | ')}. ` +
+            `Rationale: ${rationale}`);
+        this.name = 'TypeSanityViolationError';
+        this.declaredType = declaredType;
+        this.suggestedTypes = suggestedTypes;
+        this.rationale = rationale;
+    }
+}
+export class FileSizeViolationError extends Error {
+    code = 'FILE_SIZE_VIOLATION';
+    violations;
+    threshold;
+    constructor(violations, threshold) {
+        const summary = violations.map((v) => `${v.file} (${v.lines} lines)`).join(', ');
+        super(`File size violation: ${violations.length} file(s) exceed ${threshold} lines: ${summary}. ` +
+            'Split into smaller modules or use --allow-incomplete to bypass.');
+        this.name = 'FileSizeViolationError';
+        this.violations = violations;
+        this.threshold = threshold;
+    }
+}
 function updateStatusBlock(markdown, newState, timestamp, reason) {
     const lines = markdown.split(/\r?\n/);
     let previousState = 'unknown';
@@ -499,6 +591,14 @@ export async function transitionRequestArtifact(options) {
     if (existing === null) {
         return null;
     }
+    // Mode enforcement: require user confirmation in assisted/strict modes
+    const transitionKey = `${options.role}:${options.newState}`;
+    await requireUserConfirmation({
+        projectRoot: options.projectRoot,
+        transitionKey,
+        confirmed: options.confirmed,
+        forceConfirm: options.forceConfirm
+    });
     const prerequisiteResult = await checkPrerequisites({
         projectRoot: options.projectRoot,
         sessionId: existing.sessionId,
@@ -510,6 +610,38 @@ export async function transitionRequestArtifact(options) {
     if (!prerequisiteResult.ok && options.allowIncomplete !== true) {
         throw new PrerequisitesNotSatisfiedError(options.role, options.newState, existing.sessionId, prerequisiteResult.missing);
     }
+    // Type sanity check for PRD handoff
+    if (options.typeSanityCheck !== undefined && options.role === 'prd' && options.newState === 'handed-off') {
+        const sanityReport = checkTypeSanity({
+            projectRoot: options.typeSanityCheck.projectRoot,
+            declaredType: options.typeSanityCheck.declaredType
+        });
+        if (!sanityReport.consistent) {
+            throw new TypeSanityViolationError(options.typeSanityCheck.declaredType, sanityReport.suggestedTypes, sanityReport.rationale);
+        }
+    }
+    // Lint gate: when transitioning OUT of draft, lint must pass (unless --allow-incomplete)
+    if (existing.state === 'draft' && options.allowIncomplete !== true) {
+        const lintReport = await lintRequestArtifact({
+            projectRoot: options.projectRoot,
+            role: options.role,
+            requestId: options.requestId,
+            sessionId: existing.sessionId
+        });
+        if (lintReport !== null && !lintReport.ok) {
+            const errorCount = lintReport.findings.filter((f) => f.severity === 'error').length;
+            if (errorCount > 0) {
+                throw new LintGateError(options.role, options.newState, errorCount);
+            }
+        }
+    }
+    // File size gate: when RD declares implemented, scan for oversized files (karpathy-skills "Simplicity First")
+    if (options.role === 'rd' && options.newState === 'implemented' && options.allowIncomplete !== true) {
+        const sizeResult = scanFileSize({ projectRoot: options.projectRoot });
+        if (!sizeResult.ok) {
+            throw new FileSizeViolationError(sizeResult.violations, sizeResult.threshold);
+        }
+    }
     const clock = options.clock ?? defaultClock;
     const timestamp = clock();
     const bypassNote = !prerequisiteResult.ok && options.allowIncomplete === true

package/dist/src/services/artifacts/workspace-service.js

@@ -1,9 +1,8 @@
 import { existsSync } from 'node:fs';
 import { Buffer } from 'node:buffer';
-import { homedir } from 'node:os';
 import { resolve } from 'node:path';
 import { isInsidePath, stablePath } from '../../shared/path-utils.js';
-import { readConfig, getCurrentWorkspaceConfig } from '../config/config-service.js';
+import { getWorkspaceConfig, getWorkspaceConfigForCurrentPath } from '../config/config-service.js';
 import { pathExists } from '../../shared/fs.js';
 import { execCommand } from '../../shared/process.js';
 function canonicalPath(path) {
@@ -16,7 +15,7 @@ export function getLocalArtifactPath(workspace) {
     if (workspace.artifactStorage?.localPath) {
         return resolve(workspace.artifactStorage.localPath);
     }
-    return resolve(homedir(), '.peaks', 'workspaces', workspace.workspaceId, 'artifacts');
+    return resolve(workspace.rootPath, '.peaks', 'artifacts');
 }
 export function isArtifactWorkspaceOutsideTarget(workspace, artifactWorkspacePath = getLocalArtifactPath(workspace)) {
     const targetRoot = canonicalPath(workspace.rootPath);
@@ -88,8 +87,8 @@ function redactSecrets(message) {
 }
 export async function executeArtifactSync(workspaceId) {
     const workspace = workspaceId
-        ? readConfig().workspaces.find((w) => w.workspaceId === workspaceId) ?? null
-        : getCurrentWorkspaceConfig();
+        ? getWorkspaceConfig(workspaceId)
+        : getWorkspaceConfigForCurrentPath();
     if (!workspace) {
         return {
             workspaceId: workspaceId ?? 'unknown',
@@ -190,8 +189,8 @@ export async function executeArtifactSync(workspaceId) {
 }
 export function getArtifactWorkspaceStatus(workspaceId) {
     const workspace = workspaceId
-        ? readConfig().workspaces.find((w) => w.workspaceId === workspaceId) ?? null
-        : getCurrentWorkspaceConfig();
+        ? getWorkspaceConfig(workspaceId)
+        : getWorkspaceConfigForCurrentPath();
     if (!workspace) {
         return {
             workspaceId: workspaceId ?? 'unknown',
@@ -230,8 +229,8 @@ export function getArtifactWorkspaceStatus(workspaceId) {
 }
 export function planArtifactSync(workspaceId, dryRun = true) {
     const workspace = workspaceId
-        ? readConfig().workspaces.find((w) => w.workspaceId === workspaceId) ?? null
-        : getCurrentWorkspaceConfig();
+        ? getWorkspaceConfig(workspaceId)
+        : getWorkspaceConfigForCurrentPath();
     if (!workspace) {
         return {
             workspaceId: workspaceId ?? 'unknown',

package/dist/src/services/config/config-service.js

@@ -1,6 +1,5 @@
 import { existsSync, mkdirSync } from 'node:fs';
-import { homedir } from 'node:os';
-import { basename, dirname, isAbsolute, resolve } from 'node:path';
+import { dirname, isAbsolute, resolve } from 'node:path';
 import { DEFAULT_CONFIG } from './config-types.js';
 import { stablePath } from '../../shared/path-utils.js';
 import { findProjectRoot, getProjectBootstrapConfigPath, getProjectConfigPath, getUserConfigPath, isInsidePath, readConfigFileSafely, resolveProjectRootForConfig, validateArtifactWorkspaceMarkerPath, validateArtifactWorkspaceRoot, validateProjectBootstrapConfigPathForWrite, validateUserConfigPathForWrite, writeConfigFileSafely, writeProjectConfigFile, writeUserConfigFile } from './config-safety.js';
@@ -199,10 +198,6 @@ function isRecord(value) {
 function isSafeConfigSegment(value) {
     return /^[A-Za-z0-9][A-Za-z0-9._-]*$/.test(value) && !value.includes('..') && !value.endsWith('.');
 }
-function toSafeConfigSegment(value) {
-    const normalized = value.toLowerCase().replace(/[^a-z0-9._-]+/g, '-').replace(/^-+|-+$/g, '').replace(/\.+$/g, '');
-    return isSafeConfigSegment(normalized) ? normalized : 'workspace';
-}
 function toArtifactRemoteRepoConfig(value) {
     if (!isRecord(value) || (value.provider !== 'github' && value.provider !== 'gitlab') || typeof value.owner !== 'string' || typeof value.name !== 'string') {
         return null;
@@ -246,15 +241,6 @@ function toWorkspaceConfig(value) {
 function toWorkspaceConfigs(value) {
     return Array.isArray(value) ? value.map(toWorkspaceConfig).filter((workspace) => workspace !== null) : [];
 }
-function mergeWorkspaceConfigs(userWorkspaces, projectWorkspaces) {
-    const merged = new Map(userWorkspaces.map((workspace) => [workspace.workspaceId, workspace]));
-    for (const workspace of projectWorkspaces) {
-        if (!merged.has(workspace.workspaceId)) {
-            merged.set(workspace.workspaceId, workspace);
-        }
-    }
-    return [...merged.values()];
-}
 function toProviderModelConfig(value) {
     if (!isRecord(value))
         return {};
@@ -400,8 +386,6 @@ function toPeaksConfig(value) {
     const proxy = toProxyConfig(value.proxy);
     return {
         ...(typeof value.version === 'string' ? { version: value.version } : {}),
-        ...(typeof value.currentWorkspace === 'string' ? { currentWorkspace: value.currentWorkspace } : {}),
-        ...(Array.isArray(value.workspaces) ? { workspaces: toWorkspaceConfigs(value.workspaces) } : {}),
         ...(typeof value.language === 'string' ? { language: value.language } : {}),
         ...(typeof value.model === 'string' && ['haiku', 'sonnet', 'opus', 'minimax'].includes(value.model) ? { model: value.model } : {}),
         ...(typeof value.economyMode === 'boolean' ? { economyMode: value.economyMode } : {}),
@@ -424,15 +408,23 @@ export function readConfig(projectRoot) {
     const detectedRoot = projectRoot ?? findProjectRoot(process.cwd());
     const userConfig = toPeaksConfig(readUserJsonFile());
     const projectConfig = removeProjectSensitiveConfig(toPeaksConfig(readProjectJsonFile(detectedRoot)));
-    const { proxy: projectProxy, workspaces: projectWorkspaces, ...projectConfigWithoutProxy } = projectConfig;
-    const userWorkspaces = userConfig.workspaces ?? [];
+    const { proxy: projectProxy, ...projectConfigWithoutProxy } = projectConfig;
     return {
         ...DEFAULT_CONFIG,
         ...userConfig,
-        ...projectConfigWithoutProxy,
-        workspaces: mergeWorkspaceConfigs(userWorkspaces, projectWorkspaces ?? [])
+        ...projectConfigWithoutProxy
     };
 }
+function sanitizeWorkspacePartial(partial) {
+    const result = { ...partial };
+    if (Array.isArray(result.workspaces)) {
+        result.workspaces = toWorkspaceConfigs(result.workspaces);
+    }
+    if (typeof result.currentWorkspace !== 'string' && result.currentWorkspace !== null && result.currentWorkspace !== undefined) {
+        delete result.currentWorkspace;
+    }
+    return result;
+}
 export function writeConfig(partial, layer = 'user') {
     if (!isConfigLayer(layer)) {
         throw new Error('Invalid config layer');
@@ -446,29 +438,28 @@ export function writeConfig(partial, layer = 'user') {
         const { projectRoot, configPath } = getProjectWriteTarget();
         ensureDir(dirname(configPath));
         const existing = readJsonFile(configPath, () => validateProjectBootstrapConfigPathForWrite(projectRoot, configPath)) ?? {};
-        const merged = { ...existing, ...partial };
+        const merged = sanitizeWorkspacePartial({ ...existing, ...partial });
         writeProjectConfigFile(projectRoot, configPath, JSON.stringify(merged, null, 2));
         return;
     }
     const userPath = getUserConfigPath();
     ensureDir(dirname(userPath));
     const existing = readJsonFile(userPath, () => validateUserConfigPathForWrite(userPath)) ?? {};
-    const merged = { ...existing, ...partial };
+    const merged = sanitizeWorkspacePartial({ ...existing, ...partial });
     writeUserConfigFile(userPath, JSON.stringify(merged, null, 2));
 }
 export function getConfig(options = {}) {
     const projectRoot = findProjectRoot(process.cwd());
     const userConfig = readUserJsonFile() ?? {};
     const projectConfig = removeProjectSensitiveConfig(readProjectJsonFile(projectRoot) ?? {});
-    const { proxy: projectProxy, workspaces: projectWorkspaces, ...projectConfigWithoutProxy } = projectConfig;
+    const { proxy: projectProxy, ...projectConfigWithoutProxy } = projectConfig;
     const source = options.layer === 'user'
         ? userConfig
         : options.layer === 'project'
             ? projectConfig
             : {
                 ...userConfig,
-                ...projectConfigWithoutProxy,
-                workspaces: mergeWorkspaceConfigs(toWorkspaceConfigs(userConfig.workspaces), toWorkspaceConfigs(projectWorkspaces))
+                ...projectConfigWithoutProxy
             };
     const config = isRecord(source) ? { ...source, ...(source.tokens !== undefined ? { tokens: toTokenConfig(source.tokens) } : {}) } : source;
     if (options.key !== undefined) {
@@ -514,11 +505,7 @@ export function setConfig(options) {
         writeUserConfigFile(targetPath, content);
     }
 }
-export function getWorkspaceConfig(workspaceId, projectRoot) {
-    const config = readConfig(projectRoot ?? findProjectRoot(process.cwd()));
-    return config.workspaces.find((w) => w.workspaceId === workspaceId) ?? null;
-}
-function readLayerConfig(layer) {
+function readRawWorkspaceData(layer) {
     const config = getConfig({ layer });
     return isRecord(config)
         ? {
@@ -527,61 +514,74 @@ function readLayerConfig(layer) {
         }
         : { currentWorkspace: null, workspaces: [] };
 }
+function writeRawWorkspaceData(data, layer) {
+    const projectTarget = layer === 'project' ? getProjectWriteTarget() : null;
+    const targetPath = projectTarget?.configPath ?? getUserConfigPath();
+    ensureDir(dirname(targetPath));
+    const existing = projectTarget
+        ? readJsonFile(targetPath, () => validateProjectBootstrapConfigPathForWrite(projectTarget.projectRoot, targetPath)) ?? {}
+        : readJsonFile(targetPath, () => validateUserConfigPathForWrite(targetPath)) ?? {};
+    const merged = { ...existing, ...data };
+    const content = JSON.stringify(merged, null, 2);
+    if (projectTarget) {
+        writeProjectConfigFile(projectTarget.projectRoot, targetPath, content);
+    }
+    else {
+        writeUserConfigFile(targetPath, content);
+    }
+}
+export function getWorkspaceConfig(workspaceId, projectRoot) {
+    const { workspaces } = readRawWorkspaceData('user');
+    return workspaces.find((w) => w.workspaceId === workspaceId) ?? null;
+}
+function readLayerConfig(layer) {
+    return readRawWorkspaceData(layer);
+}
 export function addWorkspace(workspace, layer = 'user') {
     if (!isSafeConfigSegment(workspace.workspaceId)) {
         throw new Error('Workspace id must only contain letters, numbers, dots, underscores, or hyphens and must not contain path traversal');
     }
-    const config = readLayerConfig(layer);
+    const config = readRawWorkspaceData(layer);
     const workspaces = config.workspaces;
     const existing = workspaces.findIndex((w) => w.workspaceId === workspace.workspaceId);
     const updatedWorkspaces = existing >= 0
         ? workspaces.map((existingWorkspace) => existingWorkspace.workspaceId === workspace.workspaceId ? workspace : existingWorkspace)
         : [...workspaces, workspace];
-    writeConfig({ workspaces: updatedWorkspaces }, layer);
+    writeRawWorkspaceData({ workspaces: updatedWorkspaces }, layer);
 }
 export function removeWorkspace(workspaceId, layer = 'user') {
     if (!isSafeConfigSegment(workspaceId))
         return false;
-    const config = readLayerConfig(layer);
+    const config = readRawWorkspaceData(layer);
     const workspaces = config.workspaces;
     const idx = workspaces.findIndex((w) => w.workspaceId === workspaceId);
     if (idx < 0)
         return false;
     const updatedWorkspaces = workspaces.filter((w) => w.workspaceId !== workspaceId);
     const currentWorkspace = config.currentWorkspace === workspaceId ? updatedWorkspaces[0]?.workspaceId ?? null : config.currentWorkspace ?? null;
-    writeConfig({ workspaces: updatedWorkspaces, currentWorkspace }, layer);
+    writeRawWorkspaceData({ workspaces: updatedWorkspaces, currentWorkspace }, layer);
     return true;
 }
 export function setCurrentWorkspace(workspaceId, layer = 'user') {
     if (!isSafeConfigSegment(workspaceId))
         return false;
-    const config = readLayerConfig(layer);
+    const config = readRawWorkspaceData(layer);
     const workspaces = config.workspaces;
     const exists = workspaces.some((w) => w.workspaceId === workspaceId);
     if (!exists)
         return false;
-    writeConfig({ currentWorkspace: workspaceId }, layer);
+    writeRawWorkspaceData({ currentWorkspace: workspaceId }, layer);
     return true;
 }
 export function getCurrentWorkspaceConfig() {
-    const config = readConfig();
-    if (!config.currentWorkspace)
+    const { currentWorkspace, workspaces } = readRawWorkspaceData('user');
+    if (!currentWorkspace)
         return null;
-    return getWorkspaceConfig(config.currentWorkspace);
+    return workspaces.find((w) => w.workspaceId === currentWorkspace) ?? null;
 }
 export function getWorkspaceConfigForPath(path = process.cwd()) {
-    const config = readConfig(findProjectRoot(path));
-    return findWorkspaceForPath(config.workspaces, path);
-}
-function createWorkspaceId(projectRoot, existingIds) {
-    const base = toSafeConfigSegment(basename(projectRoot));
-    if (!existingIds.has(base))
-        return base;
-    let suffix = 2;
-    while (existingIds.has(`${base}-${suffix}`)) {
-        suffix += 1;
-    }
-    return `${base}-${suffix}`;
+    const { workspaces } = readRawWorkspaceData('user');
+    return findWorkspaceForPath(workspaces, path);
 }
 function findWorkspaceForPath(workspaces, path) {
     const targetPath = stablePath(path);
@@ -596,7 +596,7 @@ function findWorkspaceForPath(workspaces, path) {
     return matches.reduce((best, match) => match.rootPath.length > best.rootPath.length ? match : best).workspace;
 }
 function getWorkspaceArtifactRoot(workspace) {
-    return workspace.artifactStorage?.localPath ? resolve(workspace.artifactStorage.localPath) : resolve(homedir(), '.peaks', 'workspaces', workspace.workspaceId, 'artifacts');
+    return workspace.artifactStorage?.localPath ? resolve(workspace.artifactStorage.localPath) : resolve(workspace.rootPath, '.peaks', 'artifacts');
 }
 function ensureArtifactWorkspaceMarker(workspace) {
     const artifactRoot = getWorkspaceArtifactRoot(workspace);
@@ -618,24 +618,9 @@ export function ensureWorkspaceConfigForPath(path = process.cwd()) {
     const existingWorkspace = findWorkspaceForPath(config.workspaces, path);
     if (existingWorkspace) {
         ensureArtifactWorkspaceMarker(existingWorkspace);
-        if (!config.currentWorkspace) {
-            writeConfig({ currentWorkspace: existingWorkspace.workspaceId }, 'user');
-        }
         return existingWorkspace;
     }
-    const existingIds = new Set(config.workspaces.map((workspace) => workspace.workspaceId));
-    const workspaceId = createWorkspaceId(projectRoot, existingIds);
-    const workspace = {
-        workspaceId,
-        name: basename(projectRoot) || 'Workspace',
-        rootPath: stablePath(projectRoot),
-        artifactStorage: { mode: 'local', localPath: resolve(homedir(), '.peaks', 'workspaces', workspaceId, 'artifacts') },
-        installedCapabilityIds: []
-    };
-    ensureArtifactWorkspaceMarker(workspace);
-    const updatedWorkspaces = [...config.workspaces, workspace];
-    writeConfig({ workspaces: updatedWorkspaces, ...(!config.currentWorkspace ? { currentWorkspace: workspace.workspaceId } : {}) }, 'user');
-    return workspace;
+    return null;
 }
 export function getWorkspaceConfigForCurrentPath() {
     return getWorkspaceConfigForPath(process.cwd());

package/dist/src/services/config/config-types.d.ts

@@ -51,8 +51,6 @@ export type WorkspaceConfig = {
 };
 export type PeaksConfig = {
     version: string;
-    currentWorkspace: string | null;
-    workspaces: WorkspaceConfig[];
     language: string;
     model: ModelPreference;
     economyMode: boolean;

package/dist/src/services/config/config-types.js

@@ -1,8 +1,6 @@
 import { CLI_VERSION } from '../../shared/version.js';
 export const DEFAULT_CONFIG = {
     version: CLI_VERSION,
-    currentWorkspace: null,
-    workspaces: [],
     language: 'en',
     model: 'sonnet',
     economyMode: true,

package/dist/src/services/mode/bypass-tracker.d.ts

@@ -0,0 +1,4 @@
+export declare const MAX_BYPASSES_PER_SESSION = 3;
+export declare function getBypassCount(sessionRoot: string): number;
+export declare function recordBypass(sessionRoot: string): number;
+export declare function isBypassLimitReached(sessionRoot: string): boolean;

package/dist/src/services/mode/bypass-tracker.js

@@ -0,0 +1,31 @@
+import { existsSync, readFileSync, writeFileSync } from 'node:fs';
+import { join } from 'node:path';
+export const MAX_BYPASSES_PER_SESSION = 3;
+const BYPASS_FILE = '.bypass-count.json';
+function bypassFilePath(sessionRoot) {
+    return join(sessionRoot, BYPASS_FILE);
+}
+export function getBypassCount(sessionRoot) {
+    const filePath = bypassFilePath(sessionRoot);
+    if (!existsSync(filePath)) {
+        return 0;
+    }
+    try {
+        const raw = readFileSync(filePath, 'utf8');
+        const parsed = JSON.parse(raw);
+        return typeof parsed.count === 'number' ? parsed.count : 0;
+    }
+    catch {
+        return 0;
+    }
+}
+export function recordBypass(sessionRoot) {
+    const current = getBypassCount(sessionRoot);
+    const next = current + 1;
+    const filePath = bypassFilePath(sessionRoot);
+    writeFileSync(filePath, JSON.stringify({ count: next }, null, 2), 'utf8');
+    return next;
+}
+export function isBypassLimitReached(sessionRoot) {
+    return getBypassCount(sessionRoot) >= MAX_BYPASSES_PER_SESSION;
+}

package/dist/src/services/mode/mode-enforcement.d.ts

@@ -0,0 +1,14 @@
+import { type SkillPresenceMode } from '../skills/skill-presence-service.js';
+type TransitionKey = `${string}:${string}`;
+export declare function requiresConfirmation(mode: SkillPresenceMode, transitionKey: TransitionKey): boolean;
+export type ConfirmationOptions = {
+    projectRoot: string;
+    transitionKey: TransitionKey;
+    confirmed?: boolean | undefined;
+    forceConfirm?: boolean | undefined;
+};
+export declare class ConfirmationRequiredError extends Error {
+    constructor(transitionKey: TransitionKey);
+}
+export declare function requireUserConfirmation(options: ConfirmationOptions): Promise<void>;
+export {};