npm - pi-doc-injector - Versions diffs - 0.1.2 → 0.1.4 - Mend

pi-doc-injector 0.1.2 → 0.1.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/README.md CHANGED Viewed

@@ -63,7 +63,7 @@ Create `.pi/doc-injector.json` in your project root to customize behavior:
 ```json
 {
   "docsPath": "./docs",
-  "matchThreshold": 2,
+  "matchThreshold": 1,
   "contextThreshold": 80,
   "recursive": true
 }
@@ -72,7 +72,7 @@ Create `.pi/doc-injector.json` in your project root to customize behavior:
 | Option             | Default    | Description                                              |
 | ------------------ | ---------- | -------------------------------------------------------- |
 | `docsPath`         | `"./docs"` | Path to docs folder (relative to project root)           |
-| `matchThreshold`   | `2`        | Minimum keyword matches required to inject a doc         |
+| `matchThreshold`   | `1`        | Minimum keyword matches required to inject a doc         |
 | `contextThreshold` | `80`       | Skip injection when context usage exceeds this % (0–100) |
 | `recursive`        | `true`     | Scan docs subdirectories recursively                     |
@@ -103,14 +103,28 @@ The extension uses a per-session injection model:
 - Use `/doc-inject reset` to manually reset all flags and allow docs to be injected again.
 - Use `/doc-inject list` to see which docs have been injected (✅) and which are pending (⬜).
+### System Prompt Lifecycle
+Pi **reconstructs the system prompt from source files each turn** (verified against pi v0.70.6).
+When `before_agent_start` fires, the `systemPrompt` passed to the extension is a freshly rebuilt prompt from `AGENTS.md`, `SYSTEM.md`, skills, and tool snippets. It is **not** accumulated from previous turns.
+This means:
+- Injections apply to the **current turn only** and do not persist in subsequent turns.
+- There is no risk of duplicate injection sections stacking up over time.
+- The `injected` flag alone is sufficient to prevent re-injection — no additional deduplication or marker-based stripping is needed.
+For the full source-level verification, see the JSDoc block in `index.ts`.
 ## Development
 ```bash
 # Run tests
-bun test
+npm test
 # Run tests in watch mode
-bun test --watch
+npm run test:watch
 ```
 ## License

package/docs/bun.md CHANGED Viewed

@@ -1,32 +1,32 @@
 ---
 title: "JavaScript Runtime & Package Manager"
-keywords: [bun, package manager, runtime, install, test, build]
+keywords: [npm, node, package manager, runtime, install, test, build]
 ---
 # JavaScript Runtime & Package Manager
-This project uses **Bun** as its JavaScript runtime and package manager.
+This project uses **Node.js** as its JavaScript runtime and **npm** as its package manager.
-## Why Bun?
+## Why npm?
-- Fast native TypeScript support (no separate tsc step needed)
-- All-in-one runtime, bundler, and test runner
-- Drop-in replacement for Node.js and npm/yarn/pnpm
-- Significantly faster installs and test executions
+- The default package manager that ships with Node.js
+- Widely supported across all CI/CD platforms
+- Deterministic installs via `package-lock.json`
+- No additional runtime or tooling required
 ## Common Commands
 ```bash
 # Install dependencies
-bun install
+npm install
 # Run tests
-bun test
+npm test
-# Run tests in watch mode (recommended for development)
-bun test --watch
+# Run tests in watch mode
+npm run test:watch
 ```
 ## Version
-This project requires Bun >= 1.3.0. The lockfile (`bun.lock`) ensures reproducible installs.
+This project requires Node.js >= 18.0.0. The lockfile (`package-lock.json`) ensures reproducible installs.

package/docs/publish.md CHANGED Viewed

@@ -1,10 +1,29 @@
 ---
 title: "Publishing Workflow"
-keywords: [publish, release, npm, version, tag, semantic versioning]
+keywords: [publish, release, npm, version, tag, node, oidc, trusted publisher]
 ---
 # Publishing Workflow
+## Trusted Publisher (OIDC)
+This package uses **npm trusted publishing** — no tokens needed. The GitHub Actions workflow authenticates via OIDC, which is configured at:
+```
+https://www.npmjs.com/package/pi-doc-injector → Settings → Trusted Publisher
+```
+The trusted publisher entry authorizes `lmn451/pi-docs` with workflow `publish.yml`.
+## How It Works
+1. Push a `v*` tag → triggers the publish workflow
+2. GitHub Actions generates a short-lived OIDC token (`id-token: write`)
+3. npm verifies the OIDC claims match the trusted publisher config
+4. Package is published with provenance attestation
+No `NPM_TOKEN` secret, no token rotation, nothing to leak.
 ## Versioning
 We follow [Semantic Versioning](https://semver.org/):
@@ -12,69 +31,57 @@ We follow [Semantic Versioning](https://semver.org/):
 - **MINOR** — backwards-compatible functionality additions
 - **PATCH** — backwards-compatible bug fixes
-## Publishing a New Version
-### 1. Bump the version
+## Release Process
 ```bash
-npm version patch  # 0.1.1 → 0.1.2
-npm version minor  # 0.1.1 → 0.2.0
-npm version major  # 0.1.1 → 1.0.0
+# 1. Edit version in package.json (e.g., 0.1.1 → 0.1.2)
+# 2. Commit, tag, and push
+git add package.json
+git commit -m "chore: bump version to X.Y.Z"
+git tag vX.Y.Z
+git push origin master
+git push origin vX.Y.Z
 ```
-This updates `package.json` and creates a local tag.
-### 2. Push the tag to trigger the workflow
-```bash
-git push origin v0.1.1
-```
-Or push all tags:
+Or use `npm version`:
 ```bash
-git push origin --tags
+npm version patch   # bumps version, commits, tags
+git push origin master --follow-tags
 ```
-**Important:** The publish workflow triggers on tags pushed to remote, not just locally created tags. The tag must match the pattern `v*` (e.g., `v0.1.1`, `v0.2.0`).
+## CI/CD
-### 3. GitHub Actions Publish workflow
+The `Publish` workflow triggers on `v*` tags and:
+- Runs `npm ci`
+- Verifies tag matches `package.json` version
+- Runs `npm test`
+- Publishes to npm with provenance via OIDC
-Once the tag is pushed, the `Publish` workflow automatically:
-- Runs tests
-- Publishes to npm registry
-Monitor the workflow at: `https://github.com/lmn451/pi-docs/actions`
+Monitor: https://github.com/lmn451/pi-docs/actions
 ## Verify the Publish
-Check if the package was published:
 ```bash
 npm view pi-doc-injector
 ```
-## Manual Publish
+## Manual Publish (first time only)
-If needed, you can publish manually:
+OIDC only works after the package exists on npm. For the initial publish:
 ```bash
-npm publish
+npm login
+npm publish --access public
 ```
-## Setup
-Ensure your npm token is configured as a GitHub secret:
-- Go to repository Settings → Secrets and variables → Actions
-- Add a new secret named `NPM_TOKEN` with your npm access token
+After that, configure the trusted publisher and all future releases go through CI.
 ## Troubleshooting
-**Workflow didn't run?**
-- Verify the tag exists remotely: `git ls-remote origin refs/tags/v0.1.1`
-- Check that the tag matches the pattern `v*`
-- Check GitHub Actions runs at: `https://github.com/lmn451/pi-docs/actions`
-**npm publish failed?**
-- Ensure `NPM_TOKEN` secret is set
-- Verify the version hasn't already been published
+| Issue | Solution |
+|-------|----------|
+| Workflow didn't run | Verify tag exists: `git ls-remote origin refs/tags/vX.Y.Z` |
+| 404 on publish | Verify trusted publisher config on npmjs.com matches exactly |
+| Version already published | Bump to a new version |

package/index.ts CHANGED Viewed

@@ -22,6 +22,29 @@
  * session, once a doc is injected, it won't be re-injected unless the user
  * manually runs `/doc-inject reset`.
  *
+ * ## System Prompt Lifecycle (verified against pi v0.70.6)
+ *
+ * Pi **reconstructs the system prompt from source files each turn**. Here is
+ * the exact flow, verified via source-code review of dist/core/agent-session.js
+ * and dist/core/extensions/runner.js (v0.70.6):
+ *
+ * 1. Before each agent turn, pi calls `this._rebuildSystemPrompt(toolNames)`.
+ *    This builds the prompt from `AGENTS.md`, `SYSTEM.md`, skills, enabled
+ *    tool snippets — never from a previously modified (injected) prompt.
+ * 2. The rebuilt prompt is stored in `this._baseSystemPrompt`.
+ * 3. `emitBeforeAgentStart(..., this._baseSystemPrompt, ...)` passes this
+ *    *fresh* base prompt to every extension handler.
+ * 4. Extension handlers can return a modified `systemPrompt` for the current
+ *    turn. Pi uses the modified prompt **only for this turn**.
+ * 5. When no extension modifies the prompt, pi explicitly resets to
+ *    `this._baseSystemPrompt` (comment in source: "Ensure we're using the
+ *    base prompt (in case previous turn had modifications)").
+ *
+ * **Therefore**: Previous injections from `before_agent_start` do NOT persist
+ * across turns. Duplicate sections cannot accumulate in the system prompt.
+ * The `injected` flag alone is sufficient to prevent re-injection — no
+ * marker-based stripping or deduplication is needed.
+ *
  * ## Race Condition Note
  *
  * If `resources_discover` (rebuild) fires while `before_agent_start` is running,
@@ -143,7 +166,7 @@ export default async function docInjectorExtension(pi: ExtensionAPI) {
   });
   // ---- Event: before_agent_start (inject into system prompt) ----
-  pi.on("before_agent_start", async (_event, _ctx) => {
+  pi.on("before_agent_start", async (event, ctx) => {
     if (!enabled || !registry || pendingMatches.size === 0) return;
     const matchedEntries: DocEntry[] = [];
@@ -160,7 +183,7 @@ export default async function docInjectorExtension(pi: ExtensionAPI) {
     // Skip injection if context usage exceeds the configured threshold
     // (default: 80%). This prevents doc injection from pushing the context
     // past the model's limit.
-    const usage = _ctx.getContextUsage();
+    const usage = ctx.getContextUsage();
     if (usage && usage.tokens && usage.tokens > 0 && usage.percent && usage.percent > config.contextThreshold) {
       console.warn(`[doc-injector] Skipping injection: context usage > ${config.contextThreshold}%`);
       pendingMatches.clear();
@@ -174,7 +197,7 @@ export default async function docInjectorExtension(pi: ExtensionAPI) {
     pendingMatches.clear();
     return {
-      systemPrompt: (_event.systemPrompt || "") + "\n\n" + append,
+      systemPrompt: (event.systemPrompt || "") + "\n\n" + append,
     };
   });

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "pi-doc-injector",
-  "version": "0.1.2",
+  "version": "0.1.4",
   "description": "Auto-inject relevant project documentation into Pi's LLM context based on keyword matching",
   "type": "module",
   "main": "./index.ts",
@@ -13,8 +13,8 @@
     "README.md"
   ],
   "scripts": {
-    "test": "bun test",
-    "test:watch": "bun test --watch"
+    "test": "vitest run",
+    "test:watch": "vitest"
   },
   "keywords": [
     "pi-package",
@@ -37,10 +37,12 @@
     "@mariozechner/pi-coding-agent": "*"
   },
   "devDependencies": {
-    "@types/bun": "^1.3.13"
+    "@types/node": "^22.0.0",
+    "typescript": "^5.7.0",
+    "vitest": "^3.0.0"
   },
   "publishConfig": {
     "access": "public"
   },
-  "packageManager": "bun@1.3.11"
+  "packageManager": "npm@11.5.2"
 }

package/registry.ts CHANGED Viewed

@@ -111,7 +111,10 @@ export class DocRegistry {
             injected: preserved.get(filePath) ?? false,
           });
         } catch (err) {
-          console.warn(`[doc-injector] Error reading ${relativePath}:`, err);
+          // Only warn for unexpected errors, not ENOENT (file deleted/moved after scan)
+          if ((err as NodeJS.ErrnoException).code !== "ENOENT") {
+            console.warn(`[doc-injector] Error reading ${relativePath}:`, err);
+          }
         }
       }
@@ -141,16 +144,28 @@ export class DocRegistry {
     for (const dirent of dirents) {
       if (!dirent.isFile() || !dirent.name.endsWith(".md")) continue;
-      // Build relative path from the directory tree
-      const parentPath = (dirent as Dirent & { path?: string }).path ?? "";
-      const relPath = parentPath
-        ? relative(dir, join(parentPath, dirent.name))
-        : dirent.name;
+      const fileName = basename(dirent.name);
+      // Cross-runtime: when dirent.name is just the filename, resolve the
+      // relative path from the parent directory. Use parentPath (Node 18+)
+      // with fallback to .path (Bun) for older runtimes.
+      let relPath: string;
+      if (dirent.name === fileName) {
+        const parentPath = (dirent as Dirent & { parentPath?: string; path?: string }).parentPath
+          ?? (dirent as Dirent & { path?: string }).path
+          ?? "";
+        relPath = parentPath
+          ? relative(dir, join(parentPath, dirent.name))
+          : dirent.name;
+      } else {
+        // Node-style: dirent.name already contains the relative path from dir
+        relPath = dirent.name;
+      }
       results.push({
         filePath: join(dir, relPath),
         relativePath: relPath,
-        fileName: dirent.name,
+        fileName,
       });
     }

package/types.ts CHANGED Viewed

@@ -38,7 +38,7 @@ export interface DocInjectorConfig {
 /** Default configuration values. */
 export const DEFAULT_CONFIG: DocInjectorConfig = {
   docsPath: "./docs",
-  matchThreshold: 2,
+  matchThreshold: 1,
   contextThreshold: 80,
   recursive: true,
 };