pmpt-cli 1.6.0 → 1.7.1

package/README.md

@@ -20,30 +20,9 @@ No coding required. No complex setup. Just answer 5 questions.
 
 ## Demo
 
-```
-$ pmpt plan
-
-┌  pmpt — Let's plan your product!
-│
-◆  What should we call your project?
-│  my-budget-app
-│
-◆  What would you like to build with AI?
-│  A personal budget tracking app for freelancers
-│
-◆  Any additional context AI should know? (optional)
-│  Simple UI, mobile-friendly, works offline
-│
-◆  Key features to include?
-│  Expense tracking; Income categories; Monthly reports; Export to CSV
-│
-◆  Preferred tech stack? (optional)
-│  React, Node.js
-│
-└  Done! AI prompt copied to clipboard.
-
-→ Open Claude / ChatGPT / Cursor → Ctrl+V → Start building!
-```
+<img src="./demo.gif" alt="pmpt plan demo" width="600" />
+
+> Answer 5 questions → AI prompt auto-generated & copied to clipboard → Paste into Claude Code / Codex / Cursor → Start building!
 
 ---
 
@@ -69,7 +48,7 @@ pmpt init
 # 3. Answer 5 questions → AI prompt auto-generated & copied
 pmpt plan
 
-# 4. Paste into Claude / ChatGPT / Cursor → Build your product!
+# 4. Paste into Claude Code / Codex / Cursor → Build your product!
 
 # 5. Save your progress anytime
 pmpt save
@@ -124,13 +103,14 @@ The generated prompt is **automatically copied to your clipboard**. Just paste i
 | `pmpt squash v2 v5` | Merge versions v2–v5 into one |
 | `pmpt export` | Export project as `.pmpt` file |
 | `pmpt import <file>` | Import from `.pmpt` file |
+| `pmpt recover` | Recover damaged pmpt.md via AI-generated prompt |
 
 ### Platform
 
 | Command | Description |
 |---------|-------------|
 | `pmpt login` | Authenticate via GitHub (one-time) |
-| `pmpt publish` | Publish your project for others to discover |
+| `pmpt publish` | Publish your project (requires pmpt.md) |
 | `pmpt edit` | Edit published project metadata (description, tags, category) |
 | `pmpt unpublish` | Remove a published project from pmptwiki |
 | `pmpt clone <slug>` | Clone and reproduce someone's project |

package/dist/commands/browse.js

@@ -64,7 +64,7 @@ export async function cmdBrowse() {
         return;
     }
     if (action === 'url') {
-        const url = `https://pmptwiki.com/ko/p/${project.slug}`;
+        const url = `https://pmptwiki.com/p/${project.slug}`;
         p.log.info(`URL: ${url}`);
         p.log.message(`Download: ${project.downloadUrl}`);
         p.log.message(`\npmpt clone ${project.slug}  — clone via terminal`);

package/dist/commands/clone.js

@@ -1,8 +1,8 @@
 import * as p from '@clack/prompts';
-import { join, dirname } from 'path';
+import { join, dirname, resolve, sep } from 'path';
 import { existsSync, mkdirSync, writeFileSync, readdirSync } from 'fs';
 import { isInitialized, getConfigDir, getHistoryDir, getDocsDir, initializeProject } from '../lib/config.js';
-import { validatePmptFile } from '../lib/pmptFile.js';
+import { validatePmptFile, isSafeFilename } from '../lib/pmptFile.js';
 import { fetchPmptFile } from '../lib/api.js';
 /**
  * Restore history from .pmpt data (shared with import command)
@@ -15,7 +15,12 @@ export function restoreHistory(historyDir, history) {
         const snapshotDir = join(historyDir, snapshotName);
         mkdirSync(snapshotDir, { recursive: true });
         for (const [filename, content] of Object.entries(version.files)) {
+            if (!isSafeFilename(filename))
+                continue; // skip unsafe filenames
             const filePath = join(snapshotDir, filename);
+            // Double-check resolved path stays within snapshot dir
+            if (!resolve(filePath).startsWith(resolve(snapshotDir) + sep))
+                continue;
             const fileDir = dirname(filePath);
             if (fileDir !== snapshotDir) {
                 mkdirSync(fileDir, { recursive: true });
@@ -36,7 +41,11 @@ export function restoreHistory(historyDir, history) {
 export function restoreDocs(docsDir, docs) {
     mkdirSync(docsDir, { recursive: true });
     for (const [filename, content] of Object.entries(docs)) {
+        if (!isSafeFilename(filename))
+            continue; // skip unsafe filenames
         const filePath = join(docsDir, filename);
+        if (!resolve(filePath).startsWith(resolve(docsDir) + sep))
+            continue;
         const fileDir = dirname(filePath);
         if (fileDir !== docsDir) {
             mkdirSync(fileDir, { recursive: true });

package/dist/commands/import.js

@@ -1,8 +1,8 @@
 import * as p from '@clack/prompts';
-import { resolve, join, dirname } from 'path';
-import { existsSync, mkdirSync, readFileSync, writeFileSync, readdirSync } from 'fs';
+import { resolve, join, dirname, sep } from 'path';
+import { existsSync, mkdirSync, readFileSync, writeFileSync, readdirSync, rmSync } from 'fs';
 import { isInitialized, getConfigDir, getHistoryDir, getDocsDir, initializeProject } from '../lib/config.js';
-import { validatePmptFile } from '../lib/pmptFile.js';
+import { validatePmptFile, isSafeFilename } from '../lib/pmptFile.js';
 /**
  * Restore history from .pmpt file
  */
@@ -13,9 +13,13 @@ function restoreHistory(historyDir, history) {
         const snapshotName = `v${version.version}-${timestamp}`;
         const snapshotDir = join(historyDir, snapshotName);
         mkdirSync(snapshotDir, { recursive: true });
-        // Write files
+        // Write files (with path traversal protection)
         for (const [filename, content] of Object.entries(version.files)) {
+            if (!isSafeFilename(filename))
+                continue;
             const filePath = join(snapshotDir, filename);
+            if (!resolve(filePath).startsWith(resolve(snapshotDir) + sep))
+                continue;
             const fileDir = dirname(filePath);
             if (fileDir !== snapshotDir) {
                 mkdirSync(fileDir, { recursive: true });
@@ -38,7 +42,11 @@ function restoreHistory(historyDir, history) {
 function restoreDocs(docsDir, docs) {
     mkdirSync(docsDir, { recursive: true });
     for (const [filename, content] of Object.entries(docs)) {
+        if (!isSafeFilename(filename))
+            continue;
         const filePath = join(docsDir, filename);
+        if (!resolve(filePath).startsWith(resolve(docsDir) + sep))
+            continue;
         const fileDir = dirname(filePath);
         if (fileDir !== docsDir) {
             mkdirSync(fileDir, { recursive: true });
@@ -112,13 +120,23 @@ export async function cmdImport(pmptFile, options) {
     }
     const importSpinner = p.spinner();
     importSpinner.start('Importing project...');
+    const pmptDir = getConfigDir(projectPath);
+    const historyDir = getHistoryDir(projectPath);
+    const docsDir = getDocsDir(projectPath);
+    // --force: clean existing history and docs before restoring
+    if (options?.force && isInitialized(projectPath)) {
+        if (existsSync(historyDir))
+            rmSync(historyDir, { recursive: true, force: true });
+        if (existsSync(docsDir))
+            rmSync(docsDir, { recursive: true, force: true });
+        const planPath = join(pmptDir, 'plan-progress.json');
+        if (existsSync(planPath))
+            rmSync(planPath, { force: true });
+    }
     // Initialize project if not exists
     if (!isInitialized(projectPath)) {
         initializeProject(projectPath, { trackGit: true });
     }
-    const pmptDir = getConfigDir(projectPath);
-    const historyDir = getHistoryDir(projectPath);
-    const docsDir = getDocsDir(projectPath);
     // Restore history
     restoreHistory(historyDir, pmptData.history);
     // Restore docs

package/dist/commands/init.js

@@ -1,9 +1,12 @@
 import * as p from '@clack/prompts';
-import { existsSync } from 'fs';
+import { existsSync, readFileSync } from 'fs';
 import { resolve } from 'path';
 import { initializeProject, isInitialized } from '../lib/config.js';
 import { isGitRepo, getGitInfo, formatGitInfo } from '../lib/git.js';
 import { cmdPlan } from './plan.js';
+import { scanProject, scanResultToAnswers } from '../lib/scanner.js';
+import { savePlanDocuments, initPlanProgress, savePlanProgress } from '../lib/plan.js';
+import { copyToClipboard } from '../lib/clipboard.js';
 export async function cmdInit(path, options) {
     p.intro('pmpt init');
     const projectPath = path ? resolve(path) : process.cwd();
@@ -12,7 +15,16 @@ export async function cmdInit(path, options) {
         process.exit(1);
     }
     if (isInitialized(projectPath)) {
-        p.outro(`Project already initialized: ${projectPath}`);
+        p.log.warn('Project already initialized.');
+        p.log.message('');
+        p.log.info('Available commands:');
+        p.log.message('  pmpt plan      — Generate or view AI prompt');
+        p.log.message('  pmpt save      — Save a snapshot');
+        p.log.message('  pmpt watch     — Auto-save on file changes');
+        p.log.message('  pmpt history   — View version history');
+        p.log.message('');
+        p.log.message('To reinitialize, remove .pmpt/ and run `pmpt init` again.');
+        p.outro('');
         process.exit(0);
     }
     // Detect Git repository
@@ -102,17 +114,137 @@ export async function cmdInit(path, options) {
         notes.push('  pmpt watch    # Auto-save on changes');
         notes.push('  pmpt history  # View versions');
         p.note(notes.join('\n'), 'Project Info');
-        // Ask to start plan mode
-        const startPlan = await p.confirm({
-            message: 'Start planning? (Generate AI prompt with 5 quick questions)',
-            initialValue: true,
-        });
-        if (!p.isCancel(startPlan) && startPlan) {
-            p.log.message('');
-            await cmdPlan(projectPath);
+        // Scan for existing project
+        const scanResult = scanProject(projectPath);
+        if (scanResult.isExistingProject) {
+            // Show scan summary
+            const scanNotes = [];
+            if (scanResult.packageInfo) {
+                scanNotes.push(`Package: ${scanResult.packageInfo.name}`);
+                if (scanResult.packageInfo.description) {
+                    scanNotes.push(`Description: ${scanResult.packageInfo.description}`);
+                }
+                scanNotes.push(`Dependencies: ${scanResult.packageInfo.dependencies.length} production, ${scanResult.packageInfo.devDependencies.length} dev`);
+            }
+            if (scanResult.detectedFramework) {
+                scanNotes.push(`Framework: ${scanResult.detectedFramework}`);
+            }
+            if (scanResult.directoryStructure.length > 0) {
+                scanNotes.push(`Structure: ${scanResult.directoryStructure.map((d) => d + '/').join(', ')}`);
+            }
+            if (scanResult.gitSummary) {
+                const gs = scanResult.gitSummary;
+                let gitLine = `Git: ${gs.totalCommits} commits`;
+                if (gs.firstCommitDate) {
+                    gitLine += ` since ${gs.firstCommitDate.split('T')[0]}`;
+                }
+                gitLine += `, ${gs.contributors} contributor(s)`;
+                scanNotes.push(gitLine);
+            }
+            p.note(scanNotes.join('\n'), 'Existing Project Detected');
+            const scanChoice = await p.select({
+                message: 'Auto-generate plan from detected project files?',
+                options: [
+                    { value: 'auto', label: 'Auto-generate plan', hint: 'Recommended — instant AI prompt from project analysis' },
+                    { value: 'manual', label: 'Manual planning', hint: '5 questions interactive flow' },
+                    { value: 'skip', label: 'Skip for now' },
+                ],
+            });
+            if (p.isCancel(scanChoice)) {
+                p.cancel('Cancelled');
+                process.exit(0);
+            }
+            if (scanChoice === 'auto') {
+                // Ask for project description
+                const defaultDesc = scanResult.readmeDescription
+                    || scanResult.packageInfo?.description
+                    || '';
+                const userDesc = await p.text({
+                    message: 'Briefly describe what this project does:',
+                    defaultValue: defaultDesc || undefined,
+                    placeholder: defaultDesc || 'e.g., A web app for sharing AI project histories',
+                });
+                if (p.isCancel(userDesc)) {
+                    p.cancel('Cancelled');
+                    process.exit(0);
+                }
+                const s2 = p.spinner();
+                s2.start('Scanning project and generating plan...');
+                const answers = scanResultToAnswers(scanResult, userDesc);
+                const { planPath, promptPath } = savePlanDocuments(projectPath, answers);
+                const progress = initPlanProgress(projectPath);
+                progress.completed = true;
+                progress.answers = answers;
+                savePlanProgress(projectPath, progress);
+                s2.stop('Plan generated!');
+                p.log.message('');
+                p.log.success('Two documents have been created:');
+                p.log.message('');
+                const docExplanation = [
+                    `1. plan.md — Your product overview`,
+                    `   Location: ${planPath}`,
+                    '',
+                    `2. pmpt.md — AI prompt (THE IMPORTANT ONE!)`,
+                    `   Copy this to Claude Code / Codex / Cursor`,
+                    `   Location: ${promptPath}`,
+                ];
+                p.note(docExplanation.join('\n'), 'Auto-generated from project scan');
+                // Copy to clipboard
+                const content = readFileSync(promptPath, 'utf-8');
+                const copied = copyToClipboard(content);
+                if (copied) {
+                    p.log.message('');
+                    p.log.success('AI prompt copied to clipboard!');
+                    p.log.message('');
+                    const banner = [
+                        '',
+                        '┏━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┓',
+                        '┃                                                        ┃',
+                        '┃   📋  NEXT STEP                                        ┃',
+                        '┃                                                        ┃',
+                        '┃   Open your AI coding tool and press:           ┃',
+                        '┃                                                        ┃',
+                        '┃              ⌘ + V  (Mac)                              ┃',
+                        '┃             Ctrl + V (Windows/Linux)                   ┃',
+                        '┃                                                        ┃',
+                        '┃   Your project context is ready! 🚀                    ┃',
+                        '┃                                                        ┃',
+                        '┗━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┛',
+                        '',
+                    ];
+                    console.log(banner.join('\n'));
+                }
+                else {
+                    p.log.warn('Could not copy to clipboard.');
+                    p.log.info(`Read it at: ${promptPath}`);
+                }
+                p.log.info('Tips:');
+                p.log.message('  pmpt plan     — View or edit your AI prompt');
+                p.log.message('  pmpt save     — Save a snapshot anytime');
+                p.log.message('  pmpt watch    — Auto-save on file changes');
+                p.outro('Ready to go!');
+            }
+            else if (scanChoice === 'manual') {
+                p.log.message('');
+                await cmdPlan(projectPath);
+            }
+            else {
+                p.outro('Ready! Run `pmpt plan` when you want to start.');
+            }
         }
         else {
-            p.outro('Ready! Run `pmpt plan` when you want to start.');
+            // New/empty project — original flow
+            const startPlan = await p.confirm({
+                message: 'Start planning? (Generate AI prompt with 5 quick questions)',
+                initialValue: true,
+            });
+            if (!p.isCancel(startPlan) && startPlan) {
+                p.log.message('');
+                await cmdPlan(projectPath);
+            }
+            else {
+                p.outro('Ready! Run `pmpt plan` when you want to start.');
+            }
         }
     }
     catch (error) {

package/dist/commands/plan.js

@@ -1,35 +1,10 @@
 import * as p from '@clack/prompts';
 import { resolve } from 'path';
 import { readFileSync } from 'fs';
-import { execSync } from 'child_process';
 import { isInitialized } from '../lib/config.js';
+import { copyToClipboard } from '../lib/clipboard.js';
 import { cmdWatch } from './watch.js';
 import { PLAN_QUESTIONS, getPlanProgress, initPlanProgress, savePlanProgress, savePlanDocuments, } from '../lib/plan.js';
-// Cross-platform clipboard copy
-function copyToClipboard(text) {
-    try {
-        const platform = process.platform;
-        if (platform === 'darwin') {
-            execSync('pbcopy', { input: text });
-        }
-        else if (platform === 'win32') {
-            execSync('clip', { input: text });
-        }
-        else {
-            // Linux - try xclip or xsel
-            try {
-                execSync('xclip -selection clipboard', { input: text });
-            }
-            catch {
-                execSync('xsel --clipboard --input', { input: text });
-            }
-        }
-        return true;
-    }
-    catch {
-        return false;
-    }
-}
 export async function cmdPlan(path, options) {
     const projectPath = path ? resolve(path) : process.cwd();
     // Check initialization
@@ -185,7 +160,7 @@ export async function cmdPlan(path, options) {
         `   Location: ${planPath}`,
         '',
         `2. pmpt.md — AI prompt (THE IMPORTANT ONE!)`,
-        `   • Copy this to Claude/ChatGPT/Codex`,
+        `   • Copy this to Claude Code / Codex / Cursor`,
         `   • AI will help you build step by step`,
         `   • AI will update this doc as you progress`,
         `   Location: ${promptPath}`,

package/dist/commands/publish.js

@@ -42,6 +42,17 @@ export async function cmdPublish(path) {
         p.outro('');
         return;
     }
+    // Validate pmpt.md exists and has content
+    const pmptMdPath = join(getDocsDir(projectPath), 'pmpt.md');
+    if (!existsSync(pmptMdPath)) {
+        p.log.error('pmpt.md not found. Run `pmpt plan` to generate it first.');
+        process.exit(1);
+    }
+    const pmptMdContent = readFileSync(pmptMdPath, 'utf-8').trim();
+    if (pmptMdContent.length === 0) {
+        p.log.error('pmpt.md is empty. Run `pmpt plan` to generate content.');
+        process.exit(1);
+    }
     const projectName = planProgress?.answers?.projectName || basename(projectPath);
     // Try to load existing published data for prefill
     let existing;

package/dist/commands/recover.js

@@ -0,0 +1,222 @@
+import * as p from '@clack/prompts';
+import { resolve, basename } from 'path';
+import { existsSync, readFileSync, readdirSync, statSync } from 'fs';
+import { join } from 'path';
+import { isInitialized, getDocsDir } from '../lib/config.js';
+import { getAllSnapshots, resolveFileContent } from '../lib/history.js';
+import { getPlanProgress } from '../lib/plan.js';
+import { copyToClipboard } from '../lib/clipboard.js';
+export async function cmdRecover(path) {
+    const projectPath = path ? resolve(path) : process.cwd();
+    if (!isInitialized(projectPath)) {
+        p.log.error('Project not initialized. Run `pmpt init` first.');
+        process.exit(1);
+    }
+    p.intro('pmpt recover');
+    const docsDir = getDocsDir(projectPath);
+    const pmptMdPath = join(docsDir, 'pmpt.md');
+    const planMdPath = join(docsDir, 'plan.md');
+    // Check current state
+    const currentExists = existsSync(pmptMdPath);
+    const currentContent = currentExists ? readFileSync(pmptMdPath, 'utf-8').trim() : '';
+    if (currentExists && currentContent.length > 100) {
+        const proceed = await p.confirm({
+            message: `pmpt.md exists (${currentContent.length} chars). Overwrite with recovered version?`,
+            initialValue: false,
+        });
+        if (p.isCancel(proceed) || !proceed) {
+            p.cancel('Cancelled');
+            process.exit(0);
+        }
+    }
+    // Gather all available context
+    const context = [];
+    // 1. Plan progress answers
+    const planProgress = getPlanProgress(projectPath);
+    if (planProgress?.answers) {
+        const a = planProgress.answers;
+        context.push('## Project Plan Answers');
+        if (a.projectName)
+            context.push(`- **Project Name**: ${a.projectName}`);
+        if (a.productIdea)
+            context.push(`- **Product Idea**: ${a.productIdea}`);
+        if (a.coreFeatures)
+            context.push(`- **Core Features**: ${a.coreFeatures}`);
+        if (a.techStack)
+            context.push(`- **Tech Stack**: ${a.techStack}`);
+        if (a.additionalContext)
+            context.push(`- **Additional Context**: ${a.additionalContext}`);
+        context.push('');
+    }
+    // 2. plan.md content
+    if (existsSync(planMdPath)) {
+        const planMd = readFileSync(planMdPath, 'utf-8').trim();
+        if (planMd) {
+            context.push('## Current plan.md');
+            context.push('```markdown');
+            context.push(planMd);
+            context.push('```');
+            context.push('');
+        }
+    }
+    // 3. Last known good pmpt.md from history
+    const snapshots = getAllSnapshots(projectPath);
+    let lastPmptMd = null;
+    let lastPmptVersion = 0;
+    if (snapshots.length > 0) {
+        for (let i = snapshots.length - 1; i >= 0; i--) {
+            const content = resolveFileContent(snapshots, i, 'pmpt.md');
+            if (content && content.trim().length > 50) {
+                lastPmptMd = content;
+                lastPmptVersion = snapshots[i].version;
+                break;
+            }
+        }
+    }
+    if (lastPmptMd) {
+        context.push(`## Last Known pmpt.md (from v${lastPmptVersion})`);
+        context.push('```markdown');
+        context.push(lastPmptMd);
+        context.push('```');
+        context.push('');
+    }
+    // 4. package.json info
+    const pkgPath = join(projectPath, 'package.json');
+    if (existsSync(pkgPath)) {
+        try {
+            const pkg = JSON.parse(readFileSync(pkgPath, 'utf-8'));
+            context.push('## package.json');
+            const fields = [];
+            if (pkg.name)
+                fields.push(`- **name**: ${pkg.name}`);
+            if (pkg.description)
+                fields.push(`- **description**: ${pkg.description}`);
+            if (pkg.dependencies)
+                fields.push(`- **dependencies**: ${Object.keys(pkg.dependencies).join(', ')}`);
+            if (pkg.devDependencies)
+                fields.push(`- **devDependencies**: ${Object.keys(pkg.devDependencies).join(', ')}`);
+            if (pkg.scripts)
+                fields.push(`- **scripts**: ${Object.keys(pkg.scripts).join(', ')}`);
+            context.push(fields.join('\n'));
+            context.push('');
+        }
+        catch { /* skip */ }
+    }
+    // 5. Directory structure
+    const dirEntries = readdirTopLevel(projectPath);
+    if (dirEntries.length > 0) {
+        context.push('## Project Structure');
+        context.push(dirEntries.join('\n'));
+        context.push('');
+    }
+    if (context.length === 0) {
+        p.log.error('No project context found. Nothing to recover from.');
+        process.exit(1);
+    }
+    // Show what we found
+    const sources = [];
+    if (planProgress?.answers)
+        sources.push('plan answers');
+    if (existsSync(planMdPath))
+        sources.push('plan.md');
+    if (lastPmptMd)
+        sources.push(`history v${lastPmptVersion}`);
+    if (existsSync(pkgPath))
+        sources.push('package.json');
+    p.log.info(`Found context: ${sources.join(', ')}`);
+    // Build recovery prompt
+    const projectName = planProgress?.answers?.projectName || basename(projectPath);
+    const prompt = `# pmpt.md Recovery Request
+
+I need you to regenerate the \`.pmpt/docs/pmpt.md\` file for my project "${projectName}".
+
+This file is the main AI prompt document — it contains the product development context that gets pasted into AI tools (Claude Code, Codex, Cursor, etc.) to continue development.
+
+## Available Context
+
+${context.join('\n')}
+
+## Instructions
+
+Based on the context above, regenerate \`.pmpt/docs/pmpt.md\` with the following structure:
+
+\`\`\`
+# {Project Name} — Product Development Request
+
+## What I Want to Build
+{describe the product idea}
+
+## Key Features
+- {feature 1}
+- {feature 2}
+...
+
+## Tech Stack Preferences
+{detected or specified tech stack}
+
+## Additional Context
+{any extra context}
+
+---
+
+Please help me build this product based on the requirements above.
+
+1. First, review the requirements and ask if anything is unclear.
+2. Propose a technical architecture.
+3. Outline the implementation steps.
+4. Start coding from the first step.
+
+I'll confirm progress at each step before moving to the next.
+
+## Documentation Rule
+
+**Important:** Update this document (located at \`.pmpt/docs/pmpt.md\`) at these moments:
+- When architecture or tech decisions are finalized
+- When a feature is implemented (mark as done)
+- When a development phase is completed
+- When requirements change or new decisions are made
+\`\`\`
+
+${lastPmptMd ? 'Use the "Last Known pmpt.md" as the primary reference — update it rather than starting from scratch.' : 'Generate a fresh pmpt.md based on the available context.'}
+
+Write the content directly to \`.pmpt/docs/pmpt.md\`. After writing, run \`pmpt save\` to create a snapshot.`;
+    // Copy to clipboard
+    const copied = copyToClipboard(prompt);
+    if (copied) {
+        p.log.success('Recovery prompt copied to clipboard!');
+    }
+    else {
+        p.log.warn('Could not copy to clipboard. Prompt printed below:');
+        console.log('\n' + prompt + '\n');
+    }
+    p.note([
+        '1. Paste the prompt into your AI tool (Claude Code, Cursor, etc.)',
+        '2. The AI will regenerate .pmpt/docs/pmpt.md',
+        '3. Run `pmpt save` to snapshot the recovered file',
+    ].join('\n'), 'Next Steps');
+    p.outro('');
+}
+function readdirTopLevel(projectPath) {
+    const ignore = new Set([
+        'node_modules', '.git', '.pmpt', 'dist', 'build', '.next',
+        '.nuxt', '.astro', '.vercel', '.cache', 'coverage', '.turbo',
+    ]);
+    try {
+        const entries = readdirSync(projectPath, { encoding: 'utf-8' });
+        return entries
+            .filter(e => !ignore.has(e) && !e.startsWith('.'))
+            .slice(0, 30)
+            .map(e => {
+            try {
+                const stat = statSync(join(projectPath, e));
+                return stat.isDirectory() ? `${e}/` : e;
+            }
+            catch {
+                return e;
+            }
+        });
+    }
+    catch {
+        return [];
+    }
+}

package/dist/index.js

@@ -15,6 +15,7 @@ import { cmdEdit } from './commands/edit.js';
 import { cmdUnpublish } from './commands/unpublish.js';
 import { cmdClone } from './commands/clone.js';
 import { cmdBrowse } from './commands/browse.js';
+import { cmdRecover } from './commands/recover.js';
 const program = new Command();
 program
     .name('pmpt')
@@ -34,6 +35,7 @@ Examples:
   $ pmpt publish                 Publish project to pmptwiki
   $ pmpt clone <slug>            Clone a project from pmptwiki
   $ pmpt browse                  Browse published projects
+  $ pmpt recover                 Recover damaged pmpt.md via AI
 
 Documentation: https://pmptwiki.com
 `);
@@ -66,12 +68,12 @@ program
     .action(cmdSquash);
 program
     .command('export [path]')
-    .description('Export project history as a shareable zip archive')
+    .description('Export project history as a shareable .pmpt file')
     .option('-o, --output <file>', 'Output file path')
     .action(cmdExport);
 program
     .command('import <file>')
-    .description('Import project from exported zip archive')
+    .description('Import project from .pmpt file')
     .option('-f, --force', 'Overwrite existing project')
     .action(cmdImport);
 program
@@ -112,4 +114,8 @@ program
     .command('browse')
     .description('Browse and search published projects')
     .action(cmdBrowse);
+program
+    .command('recover [path]')
+    .description('Generate a recovery prompt to regenerate pmpt.md via AI')
+    .action(cmdRecover);
 program.parse();

package/dist/lib/clipboard.js

@@ -0,0 +1,25 @@
+import { execSync } from 'child_process';
+export function copyToClipboard(text) {
+    try {
+        const platform = process.platform;
+        if (platform === 'darwin') {
+            execSync('pbcopy', { input: text });
+        }
+        else if (platform === 'win32') {
+            execSync('clip', { input: text });
+        }
+        else {
+            // Linux - try xclip or xsel
+            try {
+                execSync('xclip -selection clipboard', { input: text });
+            }
+            catch {
+                execSync('xsel --clipboard --input', { input: text });
+            }
+        }
+        return true;
+    }
+    catch {
+        return false;
+    }
+}

package/dist/lib/pmptFile.js

@@ -4,9 +4,36 @@
  * Single JSON file format for sharing pmpt projects.
  */
 import { z } from 'zod';
+import { resolve, relative } from 'path';
 // Schema version
 export const SCHEMA_VERSION = '1.0';
 export const MAX_FILE_SIZE = 10 * 1024 * 1024; // 10MB
+/**
+ * Validate that a filename is safe (no path traversal).
+ * Rejects absolute paths, ".." components, and backslash paths.
+ */
+export function isSafeFilename(filename) {
+    if (!filename || filename.length === 0)
+        return false;
+    // Reject absolute paths and backslashes
+    if (/^[/\\]/.test(filename) || /\\/.test(filename))
+        return false;
+    // Reject .. path components
+    const parts = filename.split('/');
+    if (parts.some(p => p === '..' || p === '.'))
+        return false;
+    // Double check: resolve and verify it stays within parent
+    const base = '/safe';
+    const resolved = resolve(base, filename);
+    const rel = relative(base, resolved);
+    if (rel.startsWith('..') || resolve(rel) !== resolve(base, rel))
+        return false;
+    return true;
+}
+// Safe filename zod refinement
+const safeFilenameKey = z.string().refine(isSafeFilename, {
+    message: 'Unsafe filename detected (path traversal)',
+});
 // Git info schema
 const GitInfoSchema = z.object({
     commit: z.string(),
@@ -20,7 +47,7 @@ const VersionSchema = z.object({
     version: z.number().min(1),
     timestamp: z.string(),
     summary: z.string().optional(),
-    files: z.record(z.string(), z.string()), // filename -> content
+    files: z.record(safeFilenameKey, z.string()), // filename -> content
     git: GitInfoSchema,
 });
 // Plan answers schema
@@ -46,7 +73,7 @@ export const PmptFileSchema = z.object({
     guide: z.string().optional(),
     meta: MetaSchema,
     plan: PlanSchema,
-    docs: z.record(z.string(), z.string()).optional(), // current docs
+    docs: z.record(safeFilenameKey, z.string()).optional(), // current docs
     history: z.array(VersionSchema),
 });
 /**

package/dist/lib/scanner.js

@@ -0,0 +1,289 @@
+import { existsSync, readFileSync, readdirSync, statSync } from 'fs';
+import { join, basename } from 'path';
+import { execSync } from 'child_process';
+import { isGitRepo } from './git.js';
+// ── Scanner Functions ──
+function git(path, args) {
+    try {
+        return execSync(`git ${args}`, {
+            cwd: path,
+            encoding: 'utf-8',
+            stdio: ['pipe', 'pipe', 'pipe'],
+        }).trim();
+    }
+    catch {
+        return null;
+    }
+}
+function scanPackageJson(projectPath) {
+    const pkgPath = join(projectPath, 'package.json');
+    if (!existsSync(pkgPath))
+        return null;
+    try {
+        const raw = JSON.parse(readFileSync(pkgPath, 'utf-8'));
+        return {
+            name: raw.name || basename(projectPath),
+            description: raw.description || null,
+            dependencies: Object.keys(raw.dependencies || {}),
+            devDependencies: Object.keys(raw.devDependencies || {}),
+            scripts: Object.keys(raw.scripts || {}),
+        };
+    }
+    catch {
+        return null;
+    }
+}
+function scanReadme(projectPath) {
+    const candidates = ['README.md', 'readme.md', 'Readme.md'];
+    let content = null;
+    for (const name of candidates) {
+        const filePath = join(projectPath, name);
+        if (existsSync(filePath)) {
+            try {
+                content = readFileSync(filePath, 'utf-8');
+                break;
+            }
+            catch {
+                continue;
+            }
+        }
+    }
+    if (!content)
+        return null;
+    // Split by paragraph and find the first meaningful one
+    const paragraphs = content.split(/\n\n+/);
+    for (const p of paragraphs) {
+        const trimmed = p.trim();
+        // Skip headings, badges, images, empty lines, HTML tags
+        if (!trimmed)
+            continue;
+        if (trimmed.startsWith('#'))
+            continue;
+        if (trimmed.startsWith('[') || trimmed.startsWith('!'))
+            continue;
+        if (trimmed.startsWith('<'))
+            continue;
+        if (trimmed.startsWith('```'))
+            continue;
+        // Found a text paragraph
+        const cleaned = trimmed.replace(/\n/g, ' ').trim();
+        return cleaned.length > 500 ? cleaned.slice(0, 500) + '...' : cleaned;
+    }
+    return null;
+}
+const FRAMEWORK_CONFIGS = [
+    ['astro.config.*', 'Astro'],
+    ['next.config.*', 'Next.js'],
+    ['nuxt.config.*', 'Nuxt'],
+    ['svelte.config.*', 'SvelteKit'],
+    ['remix.config.*', 'Remix'],
+    ['gatsby-config.*', 'Gatsby'],
+    ['angular.json', 'Angular'],
+    ['vite.config.*', 'Vite'],
+];
+const DEP_FRAMEWORKS = [
+    ['next', 'Next.js'],
+    ['nuxt', 'Nuxt'],
+    ['@angular/core', 'Angular'],
+    ['svelte', 'Svelte'],
+    ['vue', 'Vue'],
+    ['react', 'React'],
+    ['express', 'Express'],
+    ['fastify', 'Fastify'],
+    ['@nestjs/core', 'NestJS'],
+    ['hono', 'Hono'],
+    ['django', 'Django'],
+    ['flask', 'Flask'],
+];
+function detectFramework(projectPath, packageInfo) {
+    // Check config files first
+    for (const [pattern, name] of FRAMEWORK_CONFIGS) {
+        if (pattern.includes('*')) {
+            const base = pattern.replace('.*', '');
+            try {
+                const files = readdirSync(projectPath);
+                if (files.some((f) => f.startsWith(base)))
+                    return name;
+            }
+            catch {
+                // ignore
+            }
+        }
+        else {
+            if (existsSync(join(projectPath, pattern)))
+                return name;
+        }
+    }
+    // Fall back to dependencies
+    if (packageInfo) {
+        const allDeps = [...packageInfo.dependencies, ...packageInfo.devDependencies];
+        for (const [dep, name] of DEP_FRAMEWORKS) {
+            if (allDeps.includes(dep))
+                return name;
+        }
+    }
+    return null;
+}
+const MEANINGFUL_DIRS = new Set([
+    'src', 'app', 'pages', 'components', 'routes', 'views',
+    'lib', 'utils', 'helpers', 'hooks', 'stores', 'store',
+    'api', 'server', 'services', 'middleware',
+    'public', 'static', 'assets', 'styles', 'css',
+    'tests', '__tests__', 'test', 'spec',
+    'scripts', 'config', 'database', 'db', 'models',
+    'layouts', 'templates',
+]);
+function scanDirectoryStructure(projectPath) {
+    try {
+        const entries = readdirSync(projectPath);
+        return entries
+            .filter((name) => {
+            if (name.startsWith('.'))
+                return false;
+            if (name === 'node_modules' || name === 'dist' || name === 'build')
+                return false;
+            try {
+                return statSync(join(projectPath, name)).isDirectory();
+            }
+            catch {
+                return false;
+            }
+        })
+            .filter((name) => MEANINGFUL_DIRS.has(name))
+            .sort();
+    }
+    catch {
+        return [];
+    }
+}
+function scanGitHistory(projectPath) {
+    if (!isGitRepo(projectPath))
+        return null;
+    const countStr = git(projectPath, 'rev-list --count HEAD');
+    if (!countStr)
+        return null;
+    const totalCommits = parseInt(countStr, 10);
+    if (isNaN(totalCommits) || totalCommits === 0)
+        return null;
+    const recentRaw = git(projectPath, 'log --oneline -5 --format=%s');
+    const recentCommits = recentRaw
+        ? recentRaw.split('\n').filter(Boolean)
+        : [];
+    const firstCommitDate = git(projectPath, 'log --reverse --format=%cI -1') || null;
+    let contributors = 1;
+    const shortlogRaw = git(projectPath, 'shortlog -sn HEAD');
+    if (shortlogRaw) {
+        contributors = shortlogRaw.split('\n').filter(Boolean).length;
+    }
+    return { totalCommits, recentCommits, firstCommitDate, contributors };
+}
+// ── Main Functions ──
+export function scanProject(projectPath) {
+    const packageInfo = scanPackageJson(projectPath);
+    const readmeDescription = scanReadme(projectPath);
+    const detectedFramework = detectFramework(projectPath, packageInfo);
+    const directoryStructure = scanDirectoryStructure(projectPath);
+    const gitSummary = scanGitHistory(projectPath);
+    const isExistingProject = packageInfo !== null ||
+        readmeDescription !== null ||
+        directoryStructure.length > 0 ||
+        (gitSummary !== null && gitSummary.totalCommits > 0);
+    return {
+        isExistingProject,
+        packageInfo,
+        readmeDescription,
+        detectedFramework,
+        directoryStructure,
+        gitSummary,
+    };
+}
+export function scanResultToAnswers(result, userDescription) {
+    // projectName
+    const projectName = result.packageInfo?.name || basename(process.cwd());
+    // productIdea — user's own description
+    const productIdea = userDescription;
+    // additionalContext — scanned technical info
+    const contextParts = [];
+    contextParts.push('Existing project with established codebase.');
+    if (result.detectedFramework) {
+        contextParts.push(`- Framework: ${result.detectedFramework}`);
+    }
+    if (result.directoryStructure.length > 0) {
+        contextParts.push(`- Project structure: ${result.directoryStructure.map((d) => d + '/').join(', ')}`);
+    }
+    if (result.gitSummary) {
+        const gs = result.gitSummary;
+        let gitLine = `- Git history: ${gs.totalCommits} commits`;
+        if (gs.firstCommitDate) {
+            gitLine += ` since ${gs.firstCommitDate.split('T')[0]}`;
+        }
+        gitLine += `, ${gs.contributors} contributor(s)`;
+        contextParts.push(gitLine);
+        if (gs.recentCommits.length > 0) {
+            contextParts.push(`- Recent work: ${gs.recentCommits.map((c) => `"${c}"`).join(', ')}`);
+        }
+    }
+    const additionalContext = contextParts.join('\n');
+    // coreFeatures — from scripts and directory structure
+    const featureParts = [];
+    if (result.packageInfo?.scripts.length) {
+        for (const script of result.packageInfo.scripts) {
+            featureParts.push(`${script} (npm script)`);
+        }
+    }
+    if (result.directoryStructure.length > 0) {
+        const dirHints = {
+            pages: 'Page routing',
+            routes: 'Route handling',
+            components: 'Component library',
+            api: 'API layer',
+            server: 'Server-side logic',
+            tests: 'Test suite',
+            __tests__: 'Test suite',
+            test: 'Test suite',
+            models: 'Data models',
+            database: 'Database layer',
+            db: 'Database layer',
+            middleware: 'Middleware',
+            layouts: 'Layout system',
+        };
+        for (const dir of result.directoryStructure) {
+            if (dirHints[dir]) {
+                featureParts.push(`${dirHints[dir]} (${dir}/ directory)`);
+            }
+        }
+    }
+    const coreFeatures = featureParts.length > 0
+        ? featureParts.join('; ')
+        : 'Existing project features';
+    // techStack — from framework + dependencies
+    const stackParts = [];
+    if (result.detectedFramework) {
+        stackParts.push(result.detectedFramework);
+    }
+    if (result.packageInfo) {
+        // Add top production dependencies (exclude framework already listed)
+        const frameworkLower = result.detectedFramework?.toLowerCase() || '';
+        const topDeps = result.packageInfo.dependencies
+            .filter((d) => !d.startsWith('@types/') && !d.toLowerCase().includes(frameworkLower))
+            .slice(0, 8);
+        stackParts.push(...topDeps);
+        // Add notable dev deps
+        const notableDevDeps = ['typescript', 'eslint', 'prettier', 'jest', 'vitest', 'mocha', 'tailwindcss'];
+        for (const d of result.packageInfo.devDependencies) {
+            if (notableDevDeps.includes(d) && !stackParts.includes(d)) {
+                stackParts.push(d);
+            }
+        }
+    }
+    const techStack = stackParts.length > 0
+        ? stackParts.join(', ')
+        : '';
+    return {
+        projectName,
+        productIdea,
+        additionalContext,
+        coreFeatures,
+        techStack,
+    };
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "pmpt-cli",
-  "version": "1.6.0",
+  "version": "1.7.1",
   "description": "Record and share your AI-driven product development journey",
   "type": "module",
   "bin": {