proteum 2.5.3 → 2.5.4

package/README.md

@@ -471,7 +471,7 @@ proteum create service Conversion/Plans
 
 Every `proteum dev` start runs the same idempotent instruction check. It updates missing or stale managed sections automatically and prompts only when a blocked path would need to be replaced.
 
-`proteum worktree init` writes `.proteum/worktree-bootstrap.json` for app roots under `/.codex/worktrees/`. The marker records `.env` copy status, refresh and dependency results, runtime status, key file hashes, and the active Proteum version. `proteum dev`, `proteum refresh`, `proteum runtime status`, `proteum verify`, and MCP `workflow_start` block inside Codex worktrees until the marker is fresh. Run `npx proteum worktree init --source <source-app-root>` for a new worktree, or add `--refresh` when stale state is reported. `PROTEUM_ALLOW_UNBOOTSTRAPPED_WORKTREE=1` bypasses the block but remains visible in runtime status, doctor, and MCP output.
+`proteum worktree init` writes `.proteum/worktree-bootstrap.json` for app roots under `/.codex/worktrees/`. The marker records `.env` copy status, refresh and dependency results, runtime status, key file hashes, and the active Proteum version. In monorepos with root tooling such as `prisma.config.ts` or npm workspaces, bootstrap also ensures the workspace-root `.env` exists, copying the source root `.env` when available or falling back to the source app `.env`. `proteum dev`, `proteum refresh`, `proteum runtime status`, `proteum verify`, and MCP `workflow_start` block inside Codex worktrees until the marker is fresh. Run `npx proteum worktree init --source <source-app-root>` for a new worktree, or add `--refresh` when stale state is reported. `PROTEUM_ALLOW_UNBOOTSTRAPPED_WORKTREE=1` bypasses the block but remains visible in runtime status, doctor, and MCP output.
 
 `proteum connect`, `proteum explain`, `proteum doctor`, and `proteum diagnose` share the same generated manifest and contract state. `proteum perf` uses the same dev request-trace store as the profiler `Perf` tab. `proteum runtime status` also inspects the configured router/HMR ports and returns an exact Start Dev action, so agents do not need to `curl` page routes to identify port owners. `proteum dev` exposes the app-root MCP contract at `/__proteum/mcp` and ensures one managed machine MCP daemon is running; `proteum mcp` is the machine-scope router agents register once. Agents should start with MCP `workflow_start`, use offline candidates to choose the correct app root when no dev server is live, then route repeated reads by the returned live `projectId`. For the full diagnostics and tracing model, see [docs/diagnostics.md](docs/diagnostics.md), [docs/mcp.md](docs/mcp.md), and [docs/request-tracing.md](docs/request-tracing.md).
 

package/agents/project/AGENTS.md

@@ -53,7 +53,7 @@ Managed compact root routers must use trigger -> canonical instruction file refe
 
   [optional body]
   ```
-  Then treat `commit` as conversation-wide and cross-project, not task-scoped. Before staging or committing, run the repository's non-coverage commit gate when it defines one, such as `npm run check:commit`; otherwise run targeted lint, typecheck, and test commands. Report any blocker instead of committing through a failed commit gate. Identify every affected git repository or worktree touched during that span, stage all conversation-related changed files in each affected repository or worktree with `git add` while still avoiding unrelated pre-existing user changes or incidental untracked files, and create one `git commit` per affected repository or worktree. Do not omit linked local dependencies, framework repos, connected projects, or producer apps when they were changed to make the delivered behavior actually work. Do not stop at only suggesting the message.
+  Then treat `commit` as conversation-wide and cross-project, not task-scoped. Do not run any check, lint, typecheck, test, coverage, or commit gate as part of this exact `commit` workflow unless the user explicitly asks for those checks in the same request. Identify every affected git repository or worktree touched during that span, stage all conversation-related changed files in each affected repository or worktree with `git add` while still avoiding unrelated pre-existing user changes or incidental untracked files, and create one `git commit` per affected repository or worktree. Do not omit linked local dependencies, framework repos, connected projects, or producer apps when they were changed to make the delivered behavior actually work. Do not stop at only suggesting the message.
   After providing a commit message or after creating a commit, immediately follow it with this exact prompt and obey it:
   `Explain in short minimalistic and few bullet points what we changed in this thread, like you would do to your grandma. Start with a verb in the past.`
 
@@ -80,7 +80,7 @@ Managed compact root routers must use trigger -> canonical instruction file refe
 
 - Before finishing, re-check touched files against root-level `CODING_STYLE.md` and any narrower area `AGENTS.md` that applied to the edit. Re-check against root-level `optimizations.md` only for touched client-side files. Re-check against root-level `diagnostics.md` only if the task involved an issue, diagnosis, runtime reproduction, or verification failure.
 - Before finishing a production code change, re-check root-level `DOCUMENTATION.md` update rules. If behavior changed, a bug was fixed, a decision changed, or an important route, auth/OAuth, or integration issue was addressed, update the relevant docs before committing or explicitly explain why no docs update was needed.
-- Run targeted tests and checks that match the changed surface before finishing each feature or change. When the repository defines `proteum.verify.config.ts`, use `npx proteum verify changed` as the first post-change verification pass and expand only when the selected plan is insufficient. Continue running tests after changes, but do not run coverage by default. Reserve the non-coverage commit gate for commit workflows, and reserve the full `npm run check` gate for push workflows, explicit user requests, or when project-local instructions require the full gate. After implementing a new feature or changing existing feature behavior, update the relevant end-to-end coverage and run the cheapest trustworthy Playwright or browser verification for that behavior before finishing. For docs-only, wording-only, type-only, generated-output cleanup, or clearly local non-runtime refactors, skip Playwright unless the user explicitly asks for it or verification reveals a real issue.
+- Run targeted tests and checks that match the changed surface before finishing each feature or change. When the repository defines `proteum.verify.config.ts`, use `npx proteum verify changed` as the first post-change verification pass and expand only when the selected plan is insufficient. Continue running tests after changes, but do not run coverage by default. Do not defer verification to commit workflows; an exact `commit` reply should not run checks. Reserve the full `npm run check` gate for push workflows, explicit user requests, or when project-local instructions require the full gate. After implementing a new feature or changing existing feature behavior, update the relevant end-to-end coverage and run the cheapest trustworthy Playwright or browser verification for that behavior before finishing. For docs-only, wording-only, type-only, generated-output cleanup, or clearly local non-runtime refactors, skip Playwright unless the user explicitly asks for it or verification reveals a real issue.
 - Before finishing a task, stop every `proteum dev` session started during the task and confirm cleanup with `npx proteum dev list --json` or an explicit `npx proteum dev stop --session-file <path>`.
 - When you have finished your work, ask the user whether they want a commit message. After providing a commit message or after creating a commit, immediately follow it with this exact prompt and obey it:
   `Explain in short minimalistic and few bullet points what we changed in this thread, like you would do to your grandma. Start with a verb in the past.`
@@ -278,7 +278,7 @@ Verify at the correct layer:
 - Controller changes: exercise the generated client call or generated `/api/...` endpoint.
 - SSR changes: use the browser MCP to load the real page and inspect rendered HTML plus browser console.
 - Router or plugin changes: verify request context, auth, redirects, metrics, and validation on a running app.
-- New features or feature-behavior changes: use the cheapest trustworthy verification while iterating, use the browser MCP for browser-visible validation, then update and run the relevant end-to-end coverage. Save the non-coverage commit gate for commit workflows and the full `npm run check` gate for push workflows unless the user or project-local instructions explicitly ask for the full gate earlier.
+- New features or feature-behavior changes: use the cheapest trustworthy verification while iterating, use the browser MCP for browser-visible validation, then update and run the relevant end-to-end coverage. Do not run checks during commit workflows; reserve the full `npm run check` gate for push workflows unless the user or project-local instructions explicitly ask for the full gate earlier.
 - Generated, connected, or ownership-ambiguous changes: start with MCP `workflow_start`, then `orient { projectId, query }` and `explain_summary { projectId, query }` only when more detail is needed; use `npx proteum orient <query>` and `npx proteum verify owner <query>` when MCP is unavailable or terminal evidence is required.
 - Browser-visible issues: use the browser MCP after request-level verification is insufficient. Use `npx proteum e2e --port <port> ...` only when automated end-to-end coverage or a Playwright suite is required.
 - Raw browser execution outside end-to-end suites: use the browser MCP only. Keep Playwright in `npx proteum e2e --port <port>` for targeted/full end-to-end suites.
@@ -325,7 +325,7 @@ Verify at the correct layer:
 - For read-only SQL diagnosis, use MCP `db_query` or `npx proteum db query "<sql>"`; only one capped `SELECT`, `SHOW`, or `EXPLAIN` statement is allowed.
 - Do not run `prisma *` yourself. If a schema change requires migration, ask the user to run `npx prisma migrate dev --config ./prisma.config.ts --name <migration name>` and wait for `continue`.
 - Do not run `git restore` or `git reset`.
-- Do not run write-mode git commands by default. The built-in exception is an exact `commit` reply, which allows `git add` and `git commit` in every affected repository or worktree touched during the whole conversation after the repository's non-coverage commit gate passes when it defines one, such as `npm run check:commit`. Any other write-mode git action requires an explicit user request. Before any explicit push, run `npm run check` in every affected repository or worktree that defines it and report any blocker instead of pushing through a failed check.
+- Do not run write-mode git commands by default. The built-in exception is an exact `commit` reply, which allows `git add` and `git commit` in every affected repository or worktree touched during the whole conversation. An exact `commit` reply does not allow check, lint, typecheck, test, coverage, or commit-gate commands unless the user explicitly requests them in the same message. Any other write-mode git action requires an explicit user request. Before any explicit push, run `npm run check` in every affected repository or worktree that defines it and report any blocker instead of pushing through a failed check.
 
 ## Appendix
 
@@ -423,7 +423,7 @@ Agents working in generated Proteum projects must use this delivery workflow for
 4. Targeted validation: refresh generated framework contracts after route, page, controller, service, command, or config changes, then run the targeted tests/checks that match the changed surface.
 5. Validate unit + E2E: run the relevant unit tests and real-world journey E2E checks before calling the work complete.
 
-Unit test expectation: production changes must always add or update focused unit tests and run the targeted unit or integration tests that match the changed behavior. Do not run coverage after every change by default. Reserve whole-project coverage for the repository's full `npm run check` gate during push workflows or when the user explicitly requests it; do not run coverage for commit-only workflows by default. Any excluded generated files, migrations, framework shims, unreachable defensive branches, or changes that cannot reasonably be unit-tested must be documented in the completion note.
+Unit test expectation: production changes must always add or update focused unit tests and run the targeted unit or integration tests that match the changed behavior. Do not run coverage after every change by default. Reserve whole-project coverage for the repository's full `npm run check` gate during push workflows or when the user explicitly requests it; do not run checks for commit-only workflows unless the user explicitly requests them. Any excluded generated files, migrations, framework shims, unreachable defensive branches, or changes that cannot reasonably be unit-tested must be documented in the completion note.
 
 E2E expectation: real-world journeys must follow the project-local instructions in `tests/e2e/REAL_WORLD_JOURNEY_TESTS.md`. These tests should model complete user workflows, role transitions, permissions, state changes, and cross-view consistency rather than isolated happy paths.
 

package/agents/project/CODING_STYLE.md

@@ -8,7 +8,7 @@ This file is the source of truth for codex coding style instructions in Proteum-
 - Write clean, consistent, readable code with a tab size of 4.
 - Keep functions and methods short.
 - Every time possible, create reusable functions and components instead of repeating.
-- Before finishing a feature or change, review touched files against this document and run targeted lint/typecheck/tests for the changed surface. When the repository defines `proteum.verify.config.ts`, use `npx proteum verify changed` as the first post-change verification pass. Do not run coverage by default after ordinary changes. Run the repository's non-coverage commit gate before committing, and run the full `npm run check` gate before pushing or when the user explicitly asks for it; coding-style regressions are defects, not optional cleanup.
+- Before finishing a feature or change, review touched files against this document and run targeted lint/typecheck/tests for the changed surface. When the repository defines `proteum.verify.config.ts`, use `npx proteum verify changed` as the first post-change verification pass. Do not run coverage by default after ordinary changes. Do not run check, lint, typecheck, test, coverage, or commit-gate commands as part of a commit-only workflow; run the full `npm run check` gate before pushing or when the user explicitly asks for it. Coding-style regressions are defects, not optional cleanup.
 
 ## Type safety
 

package/agents/project/diagnostics.md

@@ -64,7 +64,7 @@ This file is the canonical source of truth for diagnostics, temporary instrument
 - For browser regressions, prefer a browser MCP repro first and add targeted Playwright E2E coverage only when the user asks for automated coverage, when a stable regression path needs automation, or when browser MCP verification is insufficient.
 - Only the final verifier agent should usually run browser flows. Earlier agents should stay on `orient`, `verify owner`, `verify request`, `diagnose`, and command-level checks unless browser execution is the only trustworthy reproducer.
 - Treat server startup failures, runtime errors, browser console errors or warnings, and Playwright failures as blocking unless they are clearly unrelated to the change.
-- When the touched surface can affect coding-style enforcement, run the targeted lint or typecheck command for that surface before finishing. Run the repository's non-coverage commit gate before committing, and run the full `npm run check` gate before pushing or when explicitly requested.
+- When the touched surface can affect coding-style enforcement, run the targeted lint or typecheck command for that surface before finishing. Do not run check, lint, typecheck, test, coverage, or commit-gate commands as part of a commit-only workflow. Run the full `npm run check` gate before pushing or when explicitly requested.
 - If the task started any long-lived `proteum dev` server, stop it explicitly with `npx proteum dev stop --session-file <path>` or `npx proteum dev stop --all --stale`, then confirm the remaining tracked sessions with `npx proteum dev list --json`.
 - Add `data-testid` when stable selectors are missing instead of relying on brittle text or DOM-shape selectors.
 - If an isolated test misses prerequisite state, run the smallest broader scope that reproduces the real setup.

package/agents/project/root/AGENTS.md

@@ -65,8 +65,8 @@ Managed compact root routers must use trigger -> canonical instruction file refe
 
 - Before finishing, re-check touched files against root-level `CODING_STYLE.md` and any narrower area `AGENTS.md` that applied to the edit. Re-check against root-level `optimizations.md` only for touched client-side files. Re-check against root-level `diagnostics.md` only if the task involved an issue, diagnosis, runtime reproduction, or verification failure.
 - Before finishing a production code change, re-check root-level `DOCUMENTATION.md` update rules. If behavior changed, a bug was fixed, a decision changed, or an important route, auth/OAuth, or integration issue was addressed, update the relevant docs before committing or explicitly explain why no docs update was needed.
-- For production changes, always add or update focused unit tests and run the targeted unit or integration tests that match the changed behavior. Do not run coverage after every ordinary change by default. Reserve whole-project coverage for the repository's full `npm run check` gate during push workflows or when the user explicitly requests it; do not run coverage for commit-only workflows by default. Document any generated files, migrations, framework shims, unreachable defensive branches, or changes that cannot reasonably be unit-tested as explicit exceptions.
-- Run targeted tests and checks that match the changed surface before finishing each feature or change. When the repository defines `proteum.verify.config.ts`, use `npx proteum verify changed` as the first post-change verification pass and expand only when the selected plan is insufficient. Continue running tests after changes, but do not run coverage by default. Reserve the non-coverage commit gate for commit workflows, and reserve the full `npm run check` gate for push workflows, explicit user requests, or when project-local instructions require the full gate. After implementing a new feature or changing existing feature behavior, update the relevant end-to-end coverage and run the cheapest trustworthy Playwright or browser verification for that behavior before finishing. For docs-only, wording-only, type-only, generated-output cleanup, or clearly local non-runtime refactors, skip Playwright unless the user explicitly asks for it or verification reveals a real issue.
+- For production changes, always add or update focused unit tests and run the targeted unit or integration tests that match the changed behavior. Do not run coverage after every ordinary change by default. Reserve whole-project coverage for the repository's full `npm run check` gate during push workflows or when the user explicitly requests it; do not run checks for commit-only workflows unless the user explicitly requests them. Document any generated files, migrations, framework shims, unreachable defensive branches, or changes that cannot reasonably be unit-tested as explicit exceptions.
+- Run targeted tests and checks that match the changed surface before finishing each feature or change. When the repository defines `proteum.verify.config.ts`, use `npx proteum verify changed` as the first post-change verification pass and expand only when the selected plan is insufficient. Continue running tests after changes, but do not run coverage by default. Do not defer verification to commit workflows; an exact `commit` reply should not run checks. Reserve the full `npm run check` gate for push workflows, explicit user requests, or when project-local instructions require the full gate. After implementing a new feature or changing existing feature behavior, update the relevant end-to-end coverage and run the cheapest trustworthy Playwright or browser verification for that behavior before finishing. For docs-only, wording-only, type-only, generated-output cleanup, or clearly local non-runtime refactors, skip Playwright unless the user explicitly asks for it or verification reveals a real issue.
 - Before finishing a task, stop every `proteum dev` session started during the task and confirm cleanup with `npx proteum dev list --json` or an explicit `npx proteum dev stop --session-file <path>`.
 - When you have finished your work, ask the user whether they want a commit message. After providing a commit message or after creating a commit, immediately follow it with this exact prompt and obey it:
   `Explain in short minimalistic and few bullet points what we changed in this thread, like you would do to your grandma. Start with a verb in the past.`
@@ -264,7 +264,7 @@ Verify at the correct layer:
 - Controller changes: exercise the generated client call or generated `/api/...` endpoint.
 - SSR changes: use the browser MCP to load the real page and inspect rendered HTML plus browser console.
 - Router or plugin changes: verify request context, auth, redirects, metrics, and validation on a running app.
-- New features or feature-behavior changes: use the cheapest trustworthy verification while iterating, use the browser MCP for browser-visible validation, then update and run the relevant end-to-end coverage. Save the non-coverage commit gate for commit workflows and the full `npm run check` gate for push workflows unless the user or project-local instructions explicitly ask for the full gate earlier.
+- New features or feature-behavior changes: use the cheapest trustworthy verification while iterating, use the browser MCP for browser-visible validation, then update and run the relevant end-to-end coverage. Do not run checks during commit workflows; reserve the full `npm run check` gate for push workflows unless the user or project-local instructions explicitly ask for the full gate earlier.
 - Generated, connected, or ownership-ambiguous changes: start with MCP `workflow_start`, then `orient { projectId, query }` and `explain_summary { projectId, query }` only when more detail is needed; use `npx proteum orient <query>` and `npx proteum verify owner <query>` when MCP is unavailable or terminal evidence is required.
 - Browser-visible issues: use the browser MCP after request-level verification is insufficient. Use `npx proteum e2e --port <port> ...` only when automated end-to-end coverage or a Playwright suite is required.
 - Raw browser execution outside end-to-end suites: use the browser MCP only. Keep Playwright in `npx proteum e2e --port <port>` for targeted/full end-to-end suites.

package/agents/project/tests/AGENTS.md

@@ -9,7 +9,7 @@ Diagnostics source of truth: root-level `diagnostics.md`.
 
 - Understand the real user flow and the main feature branches before writing tests.
 - Test the current controller/page runtime model, not legacy `@Route` or `api.fetch(...)` behavior.
-- For every production change, add or update focused unit tests and run the targeted test command that matches the changed behavior. When the repository defines `proteum.verify.config.ts`, use `npx proteum verify changed` first so changed test files, related source tests, and project-specific suites are selected consistently. Do not run whole-project coverage after every ordinary change by default. Use the repository's non-coverage commit gate before commit, and use `npm run check` as the full gate before push or when the user explicitly asks for it, and document any generated files, migrations, framework shims, unreachable defensive branches, or changes that cannot reasonably be unit-tested as explicit exceptions.
+- For every production change, add or update focused unit tests and run the targeted test command that matches the changed behavior. When the repository defines `proteum.verify.config.ts`, use `npx proteum verify changed` first so changed test files, related source tests, and project-specific suites are selected consistently. Do not run whole-project coverage after every ordinary change by default. Do not run checks as part of a commit-only workflow; use `npm run check` as the full gate before push or when the user explicitly asks for it, and document any generated files, migrations, framework shims, unreachable defensive branches, or changes that cannot reasonably be unit-tested as explicit exceptions.
 - Verify routing, controllers, SSR, and router plugins against a running app when behavior depends on real request handling.
 - After implementing a new feature or changing existing feature behavior, update the end-to-end coverage for that behavior and run the full Playwright suite before finishing. Prefer `npx proteum e2e --port <port>` for Playwright runs so base URLs and auth tokens are passed through Proteum-managed child env instead of shell-leading environment assignments. Use a browser MCP repro against a running app during iteration when it is the fastest trustworthy loop.
 - Exercise real URLs, generated controller calls, or real browser flows instead of re-deriving framework internals in tests.

package/cli/presentation/commands.ts

@@ -166,6 +166,7 @@ export const proteumCommands: Record<TProteumCommandName, TProteumCommandDoc> =
         notes: [
             'Bootstrap writes `.proteum/worktree-bootstrap.json` with hashes, step timestamps, dependency status, runtime status, and Proteum version.',
             'When `.env` is missing, `--source` is required and must point to an app root with a readable `.env`.',
+            'For monorepos with root tooling, bootstrap also ensures the workspace-root `.env` exists from the source root or source app env.',
             'Guarded commands block inside `/.codex/worktrees/` until bootstrap is complete or explicitly bypassed with `PROTEUM_ALLOW_UNBOOTSTRAPPED_WORKTREE=1`.',
             '`worktree create` preserves the source app root path relative to the source repository root, so monorepo app roots are bootstrapped in the matching target location.',
         ],

package/cli/runtime/commands.ts

@@ -175,7 +175,7 @@ class WorktreeCommand extends ProteumCommand {
 
     public static usage = buildUsage('worktree');
 
-    public source = Option.String('--source', { description: 'Source Proteum app root used for .env copy and worktree creation.' });
+    public source = Option.String('--source', { description: 'Source Proteum app root used for app/root .env copy and worktree creation.' });
     public branch = Option.String('--branch', { description: 'Branch name created by `worktree create`.' });
     public base = Option.String('--base', { description: 'Base ref used by `worktree create`.' });
     public refresh = Option.Boolean('--refresh', false, { description: 'Refresh an existing stale bootstrap marker.' });

package/cli/runtime/worktreeBootstrap.ts

@@ -23,6 +23,13 @@ export type TWorktreeBootstrapMarker = {
         copied: boolean;
         copiedAt?: string;
         present: boolean;
+        root?: {
+            copied: boolean;
+            copiedAt?: string;
+            filepath: string;
+            present: boolean;
+            source?: string;
+        };
         source?: string;
     };
     packageLockHash?: string;
@@ -84,6 +91,11 @@ type TWorktreeBootstrapInputs = {
     packageLockHash?: string;
     proteumConfigHash?: string;
     proteumVersion: string;
+    rootEnv?: {
+        filepath: string;
+        present: boolean;
+        required: boolean;
+    };
 };
 
 type TRunCaptureResult = {
@@ -159,6 +171,32 @@ const findVisibleDirectory = (startPath: string, directoryName: string) => {
     }
 };
 
+const readJsonFile = (filepath: string) => {
+    try {
+        return fs.readJSONSync(filepath) as Record<string, unknown>;
+    } catch {
+        return {};
+    }
+};
+
+const hasWorkspaceRootTooling = (workspaceRoot: string) => {
+    if (fs.existsSync(path.join(workspaceRoot, 'prisma.config.ts'))) return true;
+
+    const packageJson = readJsonFile(path.join(workspaceRoot, 'package.json'));
+    return Array.isArray(packageJson.workspaces);
+};
+
+const resolveWorkspaceRootEnv = (appRoot: string) => {
+    const packageLockFilepath = findNearestExistingPath(appRoot, 'package-lock.json');
+    if (!packageLockFilepath) return undefined;
+
+    const workspaceRoot = path.dirname(packageLockFilepath);
+    if (workspaceRoot === normalizePath(appRoot)) return undefined;
+    if (!hasWorkspaceRootTooling(workspaceRoot)) return undefined;
+
+    return path.join(workspaceRoot, '.env');
+};
+
 const hashFile = (filepath: string | undefined) => {
     if (!filepath || !fs.existsSync(filepath)) return undefined;
 
@@ -177,6 +215,7 @@ const readMarker = (markerFilepath: string) => {
 
 const readInputs = (appRoot: string, proteumVersion: string): TWorktreeBootstrapInputs => {
     const packageLockFilepath = findNearestExistingPath(appRoot, 'package-lock.json');
+    const rootEnvFilepath = resolveWorkspaceRootEnv(appRoot);
 
     return {
         agentsHash: hashFile(path.join(appRoot, 'AGENTS.md')),
@@ -186,6 +225,13 @@ const readInputs = (appRoot: string, proteumVersion: string): TWorktreeBootstrap
         packageLockHash: hashFile(packageLockFilepath),
         proteumConfigHash: hashFile(path.join(appRoot, 'proteum.config.ts')),
         proteumVersion,
+        rootEnv: rootEnvFilepath
+            ? {
+                  filepath: rootEnvFilepath,
+                  present: fs.existsSync(rootEnvFilepath),
+                  required: true,
+              }
+            : undefined,
     };
 };
 
@@ -217,6 +263,8 @@ const collectStaleReasons = ({
     if (marker.agentsHash !== inputs.agentsHash)
         reasons.push({ code: 'worktree-bootstrap/agents-changed', message: 'AGENTS.md changed since bootstrap.' });
     if (!inputs.envPresent) reasons.push({ code: 'worktree-bootstrap/env-missing', message: '.env is missing.' });
+    if (inputs.rootEnv?.required && !inputs.rootEnv.present)
+        reasons.push({ code: 'worktree-bootstrap/root-env-missing', message: 'Workspace root .env is missing.' });
     if (!inputs.manifestPresent)
         reasons.push({ code: 'worktree-bootstrap/manifest-missing', message: '.proteum/manifest.json is missing.' });
     if (!inputs.nodeModulesPresent && !dependenciesWereIntentionallySkipped(marker, inputs))
@@ -309,18 +357,63 @@ const resolveDependencyAction = ({
     return 'up-to-date';
 };
 
+const resolveSourceRootEnv = (source: string) => {
+    const sourceWorkspaceRootEnv = resolveWorkspaceRootEnv(source);
+    if (sourceWorkspaceRootEnv && fs.existsSync(sourceWorkspaceRootEnv)) return sourceWorkspaceRootEnv;
+
+    const sourceEnvFilepath = path.join(path.resolve(source), '.env');
+    return fs.existsSync(sourceEnvFilepath) ? sourceEnvFilepath : undefined;
+};
+
 const requireSourceEnvWhenNeeded = ({ appRoot, source }: { appRoot: string; source?: string }) => {
     const envFilepath = path.join(appRoot, '.env');
-    if (fs.existsSync(envFilepath)) return { copied: false, present: true, source: undefined };
+    const rootEnvFilepath = resolveWorkspaceRootEnv(appRoot);
+    let copied = false;
+    let copiedAt: string | undefined;
+    let sourceForEnv: string | undefined;
 
-    if (!source) throw new Error('This worktree is missing .env. Pass --source <app-root> with a readable source .env.');
+    if (!fs.existsSync(envFilepath)) {
+        if (!source) throw new Error('This worktree is missing .env. Pass --source <app-root> with a readable source .env.');
 
-    const sourceEnvFilepath = path.join(path.resolve(source), '.env');
-    if (!fs.existsSync(sourceEnvFilepath)) throw new Error(`Source .env does not exist: ${sourceEnvFilepath}`);
+        const sourceEnvFilepath = path.join(path.resolve(source), '.env');
+        if (!fs.existsSync(sourceEnvFilepath)) throw new Error(`Source .env does not exist: ${sourceEnvFilepath}`);
 
-    fs.copyFileSync(sourceEnvFilepath, envFilepath);
+        fs.copyFileSync(sourceEnvFilepath, envFilepath);
+        copied = true;
+        copiedAt = nowIso();
+        sourceForEnv = path.resolve(source);
+    }
 
-    return { copied: true, copiedAt: nowIso(), present: true, source: path.resolve(source) };
+    const root: TWorktreeBootstrapMarker['env']['root'] | undefined = rootEnvFilepath
+        ? {
+              copied: false,
+              filepath: rootEnvFilepath,
+              present: fs.existsSync(rootEnvFilepath),
+          }
+        : undefined;
+
+    if (root && !root.present) {
+        if (!source) throw new Error('This worktree is missing workspace root .env. Pass --source <app-root> with a readable source .env.');
+
+        const sourceRootEnvFilepath = resolveSourceRootEnv(source);
+        if (!sourceRootEnvFilepath) {
+            throw new Error(`Source workspace root .env does not exist and source app .env is missing: ${path.resolve(source)}`);
+        }
+
+        fs.copyFileSync(sourceRootEnvFilepath, root.filepath);
+        root.copied = true;
+        root.copiedAt = nowIso();
+        root.present = true;
+        root.source = sourceRootEnvFilepath;
+    }
+
+    return {
+        copied,
+        ...(copiedAt ? { copiedAt } : {}),
+        present: fs.existsSync(envFilepath),
+        ...(root ? { root } : {}),
+        ...(sourceForEnv ? { source: sourceForEnv } : {}),
+    };
 };
 
 const writeMarker = (appRoot: string, marker: TWorktreeBootstrapMarker) => {

package/docs/diagnostics.md

@@ -112,7 +112,7 @@ Default compact command output follows this shape:
 
 `proteum runtime status` emits the current app manifest summary, tracked dev sessions, selected live session, MCP URL, health status, configured router/HMR port inspection, and a suggested next command. Use it before starting another dev server, and use its Start Dev command instead of probing page bodies when the default port is occupied. If it reports that the same app already responds on the configured port without a live tracked session, use or repair that runtime instead of starting a second server.
 
-Inside `/.codex/worktrees/`, `proteum dev`, `proteum refresh`, `proteum runtime status`, `proteum verify`, and MCP `workflow_start` require a fresh `.proteum/worktree-bootstrap.json`. If the marker is missing, run `npx proteum worktree init --source <source-app-root>`. If hashes, `.env`, `.proteum/manifest.json`, `node_modules`, or the Proteum version are stale, run the returned `npx proteum worktree init --source <source-app-root> --refresh` command. `PROTEUM_ALLOW_UNBOOTSTRAPPED_WORKTREE=1` bypasses the block but remains visible in runtime status, doctor diagnostics, and MCP output.
+Inside `/.codex/worktrees/`, `proteum dev`, `proteum refresh`, `proteum runtime status`, `proteum verify`, and MCP `workflow_start` require a fresh `.proteum/worktree-bootstrap.json`. If the marker is missing, run `npx proteum worktree init --source <source-app-root>`. If hashes, app `.env`, workspace-root `.env` for monorepos with root tooling, `.proteum/manifest.json`, `node_modules`, or the Proteum version are stale, run the returned `npx proteum worktree init --source <source-app-root> --refresh` command. `PROTEUM_ALLOW_UNBOOTSTRAPPED_WORKTREE=1` bypasses the block but remains visible in runtime status, doctor diagnostics, and MCP output.
 
 During `proteum dev`, `/__proteum/mcp` exposes compact `workflow_start`, `runtime_status`, `orient`, `instructions_resolve`, `route_candidates`, `explain_summary`, `doctor`, `diagnose`, `trace_*`, `perf_*`, and `logs_tail` tools without spawning CLI commands for each repeated read. `proteum dev` also ensures one managed machine `proteum mcp` daemon is running. Through the machine router, call `workflow_start` with `cwd` or a known `projectId`; if routing is ambiguous or returns offline app candidates, use `project_resolve { cwd }`, follow the selected app root's port-inspected next action when needed, then pass the selected live `projectId` to follow-up app-bound tools.
 

package/package.json

@@ -1,7 +1,7 @@
 {
 	"name": "proteum",
 	"description": "LLM-first Opinionated Typescript Framework for web applications.",
-	"version": "2.5.3",
+	"version": "2.5.4",
 	"author": "Gaetan Le Gac (https://github.com/gaetanlegac)",
 	"repository": "git://github.com/gaetanlegac/proteum.git",
 	"license": "MIT",

package/tests/worktree-bootstrap.test.cjs

@@ -153,6 +153,81 @@ test('worktree bootstrap requires a source env only when .env is missing', async
     assert.equal(result.status.blocking, false);
 });
 
+test('worktree bootstrap copies workspace root env for monorepo root tooling', async () => {
+    const targetRepoRoot = path.join(fs.mkdtempSync(path.join(os.tmpdir(), 'proteum-worktree-monorepo-')), '.codex', 'worktrees', 'fixture-repo');
+    const appRoot = path.join(targetRepoRoot, 'apps', 'product');
+    const sourceRepoRoot = fs.mkdtempSync(path.join(os.tmpdir(), 'proteum-worktree-source-repo-'));
+    const sourceAppRoot = path.join(sourceRepoRoot, 'apps', 'product');
+
+    writeFile(path.join(targetRepoRoot, 'package.json'), '{"workspaces":["apps/*"]}\n');
+    writeFile(path.join(targetRepoRoot, 'package-lock.json'), '{"lockfileVersion":3}\n');
+    writeFile(path.join(targetRepoRoot, 'prisma.config.ts'), 'export default {};\n');
+    fs.mkdirSync(path.join(targetRepoRoot, 'node_modules'), { recursive: true });
+    writeFile(path.join(appRoot, 'package.json'), '{"name":"fixture-product"}\n');
+    writeFile(path.join(appRoot, 'proteum.config.ts'), 'export default {};\n');
+    writeFile(path.join(appRoot, 'AGENTS.md'), '# Agents\n');
+    writeFile(path.join(appRoot, '.proteum', 'manifest.json'), '{"version":10}\n');
+
+    writeFile(path.join(sourceRepoRoot, 'package.json'), '{"workspaces":["apps/*"]}\n');
+    writeFile(path.join(sourceRepoRoot, 'package-lock.json'), '{"lockfileVersion":3}\n');
+    writeFile(path.join(sourceRepoRoot, 'prisma.config.ts'), 'export default {};\n');
+    writeFile(path.join(sourceRepoRoot, '.env'), 'DATABASE_URL=postgres://root\n');
+    writeFile(path.join(sourceAppRoot, '.env'), 'PORT=3021\n');
+
+    const result = await runWorktreeBootstrapInit({
+        appRoot,
+        coreRoot,
+        proteumVersion: 'test',
+        runDependencies: noOpDeps,
+        runRefresh: noOpRefresh,
+        runRuntimeStatus: noOpRuntime,
+        source: sourceAppRoot,
+    });
+
+    assert.equal(fs.readFileSync(path.join(appRoot, '.env'), 'utf8'), 'PORT=3021\n');
+    assert.equal(fs.readFileSync(path.join(targetRepoRoot, '.env'), 'utf8'), 'DATABASE_URL=postgres://root\n');
+    assert.equal(result.marker.env.root.present, true);
+    assert.equal(result.marker.env.root.copied, true);
+    assert.equal(result.status.blocking, false);
+});
+
+test('worktree bootstrap falls back to source app env for missing workspace root env', async () => {
+    const targetRepoRoot = path.join(fs.mkdtempSync(path.join(os.tmpdir(), 'proteum-worktree-root-env-fallback-')), '.codex', 'worktrees', 'fixture-repo');
+    const appRoot = path.join(targetRepoRoot, 'apps', 'api');
+    const sourceRepoRoot = fs.mkdtempSync(path.join(os.tmpdir(), 'proteum-worktree-source-repo-fallback-'));
+    const sourceAppRoot = path.join(sourceRepoRoot, 'apps', 'api');
+
+    writeFile(path.join(targetRepoRoot, 'package.json'), '{"workspaces":["apps/*"]}\n');
+    writeFile(path.join(targetRepoRoot, 'package-lock.json'), '{"lockfileVersion":3}\n');
+    writeFile(path.join(targetRepoRoot, 'prisma.config.ts'), 'export default {};\n');
+    fs.mkdirSync(path.join(targetRepoRoot, 'node_modules'), { recursive: true });
+    writeFile(path.join(appRoot, 'package.json'), '{"name":"fixture-api"}\n');
+    writeFile(path.join(appRoot, 'proteum.config.ts'), 'export default {};\n');
+    writeFile(path.join(appRoot, 'AGENTS.md'), '# Agents\n');
+    writeFile(path.join(appRoot, '.proteum', 'manifest.json'), '{"version":10}\n');
+
+    writeFile(path.join(sourceRepoRoot, 'package.json'), '{"workspaces":["apps/*"]}\n');
+    writeFile(path.join(sourceRepoRoot, 'package-lock.json'), '{"lockfileVersion":3}\n');
+    writeFile(path.join(sourceRepoRoot, 'prisma.config.ts'), 'export default {};\n');
+    writeFile(path.join(sourceAppRoot, '.env'), 'DATABASE_URL=postgres://app\nPORT=3022\n');
+
+    const result = await runWorktreeBootstrapInit({
+        appRoot,
+        coreRoot,
+        proteumVersion: 'test',
+        runDependencies: noOpDeps,
+        runRefresh: noOpRefresh,
+        runRuntimeStatus: noOpRuntime,
+        source: sourceAppRoot,
+    });
+
+    assert.equal(fs.readFileSync(path.join(appRoot, '.env'), 'utf8'), 'DATABASE_URL=postgres://app\nPORT=3022\n');
+    assert.equal(fs.readFileSync(path.join(targetRepoRoot, '.env'), 'utf8'), 'DATABASE_URL=postgres://app\nPORT=3022\n');
+    assert.equal(result.marker.env.root.present, true);
+    assert.equal(result.marker.env.root.source, path.join(sourceAppRoot, '.env'));
+    assert.equal(result.status.blocking, false);
+});
+
 test('worktree bootstrap detects missing env manifest node_modules and version changes', async () => {
     const appRoot = createCodexAppRoot();
     writeBootstrapFixture(appRoot);