npm - pqcheck - Versions diffs - 0.16.18 → 0.16.19 - Mend

pqcheck 0.16.18 → 0.16.19

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/README.md +1 -1
package/bin/cipherwake-statusline.js +46 -0
package/bin/pqcheck.js +43 -8
package/package.json +1 -1

package/README.md CHANGED Viewed

@@ -8,7 +8,7 @@
 [![npm downloads](https://img.shields.io/npm/dm/pqcheck.svg?style=flat-square&color=06b6d4)](https://www.npmjs.com/package/pqcheck)
 [![license](https://img.shields.io/npm/l/pqcheck.svg?style=flat-square&color=06b6d4)](./LICENSE)
-> **Latest: v0.16.18** — `--version` now reads dynamically from `package.json` instead of a hardcoded constant. Prior releases (0.16.16, 0.16.17) shipped with the constant left at `0.16.15`, so AI agents citing "I ran pqcheck X.Y.Z" were citing the wrong version. Single source of truth from here on; locked by a unit test against future drift. [Full changelog →](./CHANGELOG.md)
+> **Latest: v0.16.19** — `pqcheck setup` now COMPOSES with an existing Claude Code `statusLine.command` (e.g., PinnedAI's) via a new `--prepend=<cmd>` flag on `cipherwake-statusline`. Both tools' badges render in the single statusLine slot. Previously, Cipherwake politely skipped if any prior statusLine existed — which meant you'd only ever see one tool's badge. Now: composed wrap with 5s timeout + graceful degradation on prepend failure + idempotent re-runs. [Full changelog →](./CHANGELOG.md)
 ## Two ways to use it

package/bin/cipherwake-statusline.js CHANGED Viewed

@@ -21,10 +21,56 @@
 import { readFileSync, existsSync } from "node:fs";
 import { join, dirname } from "node:path";
 import { homedir } from "node:os";
+import { execSync } from "node:child_process";
 const GLOBAL_STATE_FILE = join(homedir(), ".config", "cipherwake", "last-scan.json");
 const STALE_THRESHOLD_HOURS = 24;
+// v0.16.19 — `--prepend=<command>` flag for statusLine composition. Claude
+// Code's `statusLine.command` only supports ONE command, which means two
+// tools (e.g. Cipherwake + PinnedAI) both writing their own statusLine
+// silently clobber each other depending on install order. When a customer
+// runs both, they only see whichever installed last. With --prepend, the
+// Cipherwake binary runs the other tool's command first, joins its output
+// with a separator, and renders Cipherwake's own line after. Result:
+// `[pinned output] · ◆ Cipherwake · domain ✓ PASS · 5m ago` — both
+// surfaces visible in the single statusLine slot.
+//
+// pqcheck setup detects an existing statusLine.command at install time
+// and writes the wrapper form automatically:
+//   "command": "npx --package=pqcheck@latest cipherwake-statusline --prepend='<prior-command>'"
+//
+// If the prior command errors (or the tool was uninstalled), this binary
+// swallows the failure and just renders Cipherwake's part — never causes
+// the whole statusLine to break.
+const PREPEND_SEPARATOR = " · ";
+const prependArg = process.argv.find((a) => a.startsWith("--prepend="));
+if (prependArg) {
+  const prependCmd = prependArg.slice("--prepend=".length);
+  if (prependCmd) {
+    try {
+      // 5s soft timeout — statusLine rendering must stay snappy. If the
+      // other tool hangs, we cut it off and continue with Cipherwake's part.
+      // stdio: ignore on stderr so a noisy prior tool doesn't pollute the
+      // bar; we want only its rendered stdout output.
+      const out = execSync(prependCmd, {
+        encoding: "utf8",
+        timeout: 5_000,
+        stdio: ["ignore", "pipe", "ignore"],
+        env: process.env,
+      }).trim();
+      if (out) {
+        process.stdout.write(out);
+        process.stdout.write(PREPEND_SEPARATOR);
+      }
+    } catch {
+      // Prepend command failed (uninstalled, timeout, errored). Skip
+      // silently — never break the whole statusLine because of a
+      // composition partner.
+    }
+  }
+}
 // v0.16.6 — project-aware state lookup. Walk up from CWD looking for a
 // repo-local `.cipherwake/last-scan.json`. This way each project shows
 // its own last scan, and switching projects doesn't bleed the previous

package/bin/pqcheck.js CHANGED Viewed

@@ -6317,19 +6317,54 @@ async function runSetupCommand(args) {
         settings = JSON.parse(raw);
         existed = true;
       } catch { /* will create */ }
-      if (existed && settings.statusLine && typeof settings.statusLine === "object") {
-        // Already has a statusLine config — don't overwrite.
-        console.log(color("dim", `  ⊝ ${displayPath} already has a statusLine entry — leaving alone`));
-        console.log(color("dim", `    To use the Cipherwake statusline instead, set: "command": "npx --package=pqcheck@latest cipherwake-statusline"`));
-        installSummary.push({ component: "Claude Code statusLine", path: settingsPath, status: "skipped-existing-config" });
+      // v0.16.19 — statusLine composition. Previous behavior was: if any
+      // statusLine.command already existed, SKIP. That was safe (never
+      // clobbered other tools) but invisible — a user with PinnedAI's
+      // statusline installed would never see Cipherwake's after running
+      // `pqcheck setup`. Now: detect the prior command and wrap it via
+      // `cipherwake-statusline --prepend=<prior>` so both render in the
+      // single statusLine slot. The prepend logic in cipherwake-statusline.js
+      // swallows prepend-command failures silently, so this composition
+      // survives the user later uninstalling the partner tool.
+      //
+      // Skip the wrap when the existing command IS already our wrapper
+      // (idempotent re-install — don't recursively nest).
+      const CIPHERWAKE_CMD_PREFIX = "npx --package=pqcheck@latest cipherwake-statusline";
+      const priorCmd = (existed && settings.statusLine && typeof settings.statusLine === "object")
+        ? String(settings.statusLine.command || "").trim()
+        : "";
+      const priorIsOurs = priorCmd.startsWith("npx --package=pqcheck") && priorCmd.includes("cipherwake-statusline");
+      if (priorIsOurs) {
+        console.log(color("dim", `  ⊝ ${displayPath} statusLine already points at cipherwake-statusline — leaving alone`));
+        installSummary.push({ component: "Claude Code statusLine", path: settingsPath, status: "skipped-already-ours" });
       } else {
         const backupPath = existed ? await backupSettingsJson(settingsPath) : null;
         if (backupPath) console.log(color("dim", `    backup: ${backupPath}`));
-        settings.statusLine = { type: "command", command: "npx --package=pqcheck@latest cipherwake-statusline" };
+        let command;
+        if (priorCmd) {
+          // Compose: wrap the existing command via --prepend.
+          // Single-quote the prior command + escape any single quotes
+          // (rare in practice but defensive).
+          const safe = priorCmd.replace(/'/g, `'\\''`);
+          command = `${CIPHERWAKE_CMD_PREFIX} --prepend='${safe}'`;
+          console.log(color("green", `  ✓ composed statusLine: existing command wrapped via --prepend → ${displayPath}`));
+          console.log(color("dim", `    prior command: ${priorCmd.slice(0, 80)}${priorCmd.length > 80 ? "..." : ""}`));
+          console.log(color("dim", `    both surfaces now render in the single statusLine slot`));
+        } else {
+          // Fresh install — no prior command to compose with.
+          command = CIPHERWAKE_CMD_PREFIX;
+          console.log(color("green", `  ✓ added statusLine config → ${displayPath}`));
+        }
+        settings.statusLine = { type: "command", command };
         await fs.mkdir(path.dirname(settingsPath), { recursive: true });
         await fs.writeFile(settingsPath, JSON.stringify(settings, null, 2) + "\n", "utf8");
-        console.log(color("green", `  ✓ added statusLine config → ${displayPath}`));
-        installSummary.push({ component: "Claude Code statusLine", path: settingsPath, status: existed ? "installed-updated" : "installed-created", backup: backupPath });
+        installSummary.push({
+          component: "Claude Code statusLine",
+          path: settingsPath,
+          status: existed && priorCmd ? "installed-composed" : (existed ? "installed-updated" : "installed-created"),
+          backup: backupPath,
+        });
       }
     } catch (err) {
       console.log(color("red", `  ✗ statusLine config install failed: ${err.message}`));

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "pqcheck",
-  "version": "0.16.18",
+  "version": "0.16.19",
   "description": "Deploy gate for AI-coded web apps. `pqcheck deploy-check --ai` returns ship_decision=pass|review|block for Claude Code / Cursor / Copilot / Aider to gate deploys before they ship. Anonymous, no signup, free for first use.",
   "keywords": [
     "ai-coder",