rulesync 8.5.0 → 8.6.0

package/dist/{chunk-Q5FDY7NL.js → chunk-ILMHM7BF.js}

@@ -860,6 +860,176 @@ function getBaseDirsInLightOfGlobal({
   return resolvedBaseDirs;
 }
 
+// src/types/json-output.ts
+var ErrorCodes = {
+  CONFIG_NOT_FOUND: "CONFIG_NOT_FOUND",
+  RULESYNC_DIR_NOT_FOUND: "RULESYNC_DIR_NOT_FOUND",
+  INVALID_TARGET: "INVALID_TARGET",
+  FETCH_FAILED: "FETCH_FAILED",
+  WRITE_FAILED: "WRITE_FAILED",
+  VALIDATION_FAILED: "VALIDATION_FAILED",
+  GENERATION_FAILED: "GENERATION_FAILED",
+  IMPORT_FAILED: "IMPORT_FAILED",
+  INSTALL_FAILED: "INSTALL_FAILED",
+  UPDATE_FAILED: "UPDATE_FAILED",
+  GITIGNORE_FAILED: "GITIGNORE_FAILED",
+  INIT_FAILED: "INIT_FAILED",
+  MCP_FAILED: "MCP_FAILED",
+  UNKNOWN_ERROR: "UNKNOWN_ERROR"
+};
+var CLIError = class extends Error {
+  constructor(message, code = ErrorCodes.UNKNOWN_ERROR, exitCode = 1) {
+    super(message);
+    this.code = code;
+    this.exitCode = exitCode;
+    this.name = "CLIError";
+  }
+};
+
+// src/utils/logger.ts
+var BaseLogger = class {
+  _verbose = false;
+  _silent = false;
+  constructor({ verbose = false, silent = false } = {}) {
+    this._silent = silent;
+    this._verbose = verbose && !silent;
+  }
+  get verbose() {
+    return this._verbose;
+  }
+  get silent() {
+    return this._silent;
+  }
+  configure({ verbose, silent }) {
+    if (verbose && silent) {
+      this._silent = false;
+      if (!isEnvTest()) {
+        this.onConflictingFlags();
+      }
+    }
+    this._silent = silent;
+    this._verbose = verbose && !silent;
+  }
+  onConflictingFlags() {
+    console.warn("Both --verbose and --silent specified; --silent takes precedence");
+  }
+};
+var ConsoleLogger = class extends BaseLogger {
+  isSuppressed() {
+    return isEnvTest() || this._silent;
+  }
+  get jsonMode() {
+    return false;
+  }
+  captureData(_key, _value) {
+  }
+  getJsonData() {
+    return {};
+  }
+  outputJson(_success, _error) {
+  }
+  info(message, ...args) {
+    if (this.isSuppressed()) return;
+    console.log(message, ...args);
+  }
+  success(message, ...args) {
+    if (this.isSuppressed()) return;
+    console.log(message, ...args);
+  }
+  warn(message, ...args) {
+    if (this.isSuppressed()) return;
+    console.warn(message, ...args);
+  }
+  // Errors are always emitted, even in silent mode
+  error(message, _code, ...args) {
+    if (isEnvTest()) return;
+    const errorMessage = message instanceof Error ? message.message : message;
+    console.error(errorMessage, ...args);
+  }
+  debug(message, ...args) {
+    if (!this._verbose || this.isSuppressed()) return;
+    console.log(message, ...args);
+  }
+};
+var JsonLogger = class extends BaseLogger {
+  _jsonOutputDone = false;
+  _jsonData = {};
+  _commandName;
+  _version;
+  constructor({
+    command,
+    version,
+    verbose = false,
+    silent = false
+  }) {
+    super({ verbose, silent });
+    this._commandName = command;
+    this._version = version;
+  }
+  // Suppress raw console.warn in JSON mode to avoid non-JSON text on stderr
+  onConflictingFlags() {
+  }
+  get jsonMode() {
+    return true;
+  }
+  captureData(key, value) {
+    this._jsonData[key] = value;
+  }
+  getJsonData() {
+    return { ...this._jsonData };
+  }
+  outputJson(success, error) {
+    if (this._jsonOutputDone) return;
+    this._jsonOutputDone = true;
+    const output = {
+      success,
+      timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+      command: this._commandName,
+      version: this._version
+    };
+    if (success) {
+      output.data = this._jsonData;
+    } else if (error) {
+      output.error = {
+        code: error.code,
+        message: error.message
+      };
+      if (error.details) {
+        output.error.details = error.details;
+      }
+      if (error.stack) {
+        output.error.stack = error.stack;
+      }
+    }
+    const jsonStr = JSON.stringify(output, null, 2);
+    if (success) {
+      console.log(jsonStr);
+    } else {
+      console.error(jsonStr);
+    }
+  }
+  info(_message, ..._args) {
+  }
+  success(_message, ..._args) {
+  }
+  warn(_message, ..._args) {
+  }
+  error(message, code, ..._args) {
+    if (isEnvTest()) return;
+    const errorMessage = message instanceof Error ? message.message : message;
+    const errorInfo = {
+      code: code || ErrorCodes.UNKNOWN_ERROR,
+      message: errorMessage
+    };
+    if (this._verbose && message instanceof Error && message.stack) {
+      errorInfo.stack = message.stack;
+    }
+    this.outputJson(false, errorInfo);
+  }
+  debug(_message, ..._args) {
+  }
+};
+
 // src/lib/generate.ts
 import { join as join138 } from "path";
 import { intersection } from "es-toolkit";
@@ -9763,15 +9933,10 @@ function mapBashActionToDecision(action) {
 
 // src/features/permissions/geminicli-permissions.ts
 import { join as join64 } from "path";
+import * as smolToml5 from "smol-toml";
 import { z as z29 } from "zod/mini";
-var GeminiCliSettingsSchema = z29.looseObject({
-  tools: z29.optional(
-    z29.looseObject({
-      allowed: z29.optional(z29.array(z29.string())),
-      exclude: z29.optional(z29.array(z29.string()))
-    })
-  )
-});
+var GEMINICLI_POLICY_RELATIVE_DIR_PATH = join64(".gemini", "policies");
+var GEMINICLI_POLICY_FILE_NAME = "rulesync.toml";
 var RULESYNC_TO_GEMINICLI_TOOL_NAME = {
   bash: "run_shell_command",
   read: "read_file",
@@ -9779,16 +9944,32 @@ var RULESYNC_TO_GEMINICLI_TOOL_NAME = {
   write: "write_file",
   webfetch: "web_fetch"
 };
+var GEMINICLI_TO_RULESYNC_TOOL_NAME = Object.fromEntries(
+  Object.entries(RULESYNC_TO_GEMINICLI_TOOL_NAME).map(([k, v]) => [v, k])
+);
+var PRIORITY_DENY = 1e6;
+var PRIORITY_ASK = 1e3;
+var PRIORITY_ALLOW = 1;
+var SINGLE_STAR_REGEX = '[^/\\"]*';
+var DOUBLE_STAR_REGEX = '[^\\"]*';
+var SINGLE_CHAR_REGEX = '[^/\\"]';
+var LEGACY_SINGLE_STAR_REGEX = '[^\\"]*';
+var LEGACY_DOUBLE_STAR_REGEX = ".*";
+var COMMAND_ARGS_ANCHOR = '"command":"';
+var VALUE_END_ANCHOR = '\\"';
+var RESERVED_OBJECT_KEYS = /* @__PURE__ */ new Set([
+  "__proto__",
+  "constructor",
+  "prototype"
+]);
+var moduleLogger = new ConsoleLogger();
 var GeminicliPermissions = class _GeminicliPermissions extends ToolPermissions {
   static getSettablePaths(_options = {}) {
     return {
-      relativeDirPath: ".gemini",
-      relativeFilePath: "settings.json"
+      relativeDirPath: GEMINICLI_POLICY_RELATIVE_DIR_PATH,
+      relativeFilePath: GEMINICLI_POLICY_FILE_NAME
     };
   }
-  isDeletable() {
-    return false;
-  }
   static async fromFile({
     baseDir = process.cwd(),
     validate = true,
@@ -9796,7 +9977,7 @@ var GeminicliPermissions = class _GeminicliPermissions extends ToolPermissions {
   }) {
     const paths = this.getSettablePaths({ global });
     const filePath = join64(baseDir, paths.relativeDirPath, paths.relativeFilePath);
-    const fileContent = await readFileContentOrNull(filePath) ?? JSON.stringify({}, null, 2);
+    const fileContent = await readFileContentOrNull(filePath) ?? "";
     return new _GeminicliPermissions({
       baseDir,
       relativeDirPath: paths.relativeDirPath,
@@ -9805,63 +9986,72 @@ var GeminicliPermissions = class _GeminicliPermissions extends ToolPermissions {
       validate
     });
   }
-  static async fromRulesyncPermissions({
+  static fromRulesyncPermissions({
     baseDir = process.cwd(),
     rulesyncPermissions,
     validate = true,
-    logger,
-    global = false
+    global = false,
+    logger = moduleLogger
   }) {
     const paths = this.getSettablePaths({ global });
-    const filePath = join64(baseDir, paths.relativeDirPath, paths.relativeFilePath);
-    const existingContent = await readFileContentOrNull(filePath) ?? JSON.stringify({}, null, 2);
-    const settingsResult = GeminiCliSettingsSchema.safeParse(JSON.parse(existingContent));
-    if (!settingsResult.success) {
-      throw new Error(
-        `Failed to parse existing Gemini CLI settings at ${filePath}: ${formatError(settingsResult.error)}`
-      );
-    }
-    const { allowed, exclude } = convertRulesyncToGeminicliTools({
-      config: rulesyncPermissions.getJson(),
-      logger
-    });
-    const merged = {
-      ...settingsResult.data,
-      tools: {
-        ...settingsResult.data.tools,
-        ...allowed.length > 0 ? { allowed } : {},
-        ...exclude.length > 0 ? { exclude } : {}
-      }
-    };
+    const fileContent = buildGeminicliPolicyContent(rulesyncPermissions.getJson(), logger);
     return new _GeminicliPermissions({
       baseDir,
       relativeDirPath: paths.relativeDirPath,
       relativeFilePath: paths.relativeFilePath,
-      fileContent: JSON.stringify(merged, null, 2),
+      fileContent,
       validate
     });
   }
   toRulesyncPermissions() {
-    let settings;
-    try {
-      const parsed = JSON.parse(this.getFileContent());
-      settings = GeminiCliSettingsSchema.parse(parsed);
-    } catch (error) {
-      throw new Error(
-        `Failed to parse Gemini CLI permissions content in ${join64(this.getRelativeDirPath(), this.getRelativeFilePath())}: ${formatError(error)}`,
-        { cause: error }
-      );
-    }
     const permission = {};
-    for (const toolEntry of settings.tools?.allowed ?? []) {
-      const mapped = parseGeminicliToolEntry({ entry: toolEntry });
-      const rules = permission[mapped.category] ??= {};
-      rules[mapped.pattern] = "allow";
-    }
-    for (const toolEntry of settings.tools?.exclude ?? []) {
-      const mapped = parseGeminicliToolEntry({ entry: toolEntry });
-      const rules = permission[mapped.category] ??= {};
-      rules[mapped.pattern] = "deny";
+    const fileContent = this.getFileContent();
+    if (fileContent.trim().length > 0) {
+      let parsed;
+      try {
+        parsed = smolToml5.parse(fileContent);
+      } catch (error) {
+        throw new Error(
+          `Failed to parse Gemini CLI policy TOML in ${join64(this.getRelativeDirPath(), this.getRelativeFilePath())}: ${formatError(error)}`,
+          { cause: error }
+        );
+      }
+      const rules = extractRules(parsed, moduleLogger);
+      for (const [index, rule] of rules.entries()) {
+        const mappedCategory = Object.hasOwn(GEMINICLI_TO_RULESYNC_TOOL_NAME, rule.toolName) ? GEMINICLI_TO_RULESYNC_TOOL_NAME[rule.toolName] : void 0;
+        const category = mappedCategory ?? rule.toolName;
+        if (RESERVED_OBJECT_KEYS.has(category)) {
+          moduleLogger.warn(
+            `Skipping rule #${index} in ${this.getRelativeFilePath()}: toolName "${rule.toolName}" maps to a reserved object key ("${category}") and would risk prototype pollution.`
+          );
+          continue;
+        }
+        const action = mapFromGeminicliDecision(rule.decision);
+        if (!action) {
+          moduleLogger.warn(
+            `Skipping rule #${index} (toolName="${rule.toolName}", commandPrefix=${JSON.stringify(rule.commandPrefix)}, argsPattern=${JSON.stringify(rule.argsPattern)}) in ${this.getRelativeFilePath()}: unknown decision ${JSON.stringify(rule.decision)}`
+          );
+          continue;
+        }
+        if (rule.toolName === "run_shell_command" && rule.commandPrefix !== void 0 && rule.argsPattern !== void 0) {
+          moduleLogger.warn(
+            `Rule #${index} in ${this.getRelativeFilePath()} sets both commandPrefix and argsPattern; rulesync will honor argsPattern and ignore commandPrefix=${JSON.stringify(rule.commandPrefix)}.`
+          );
+        }
+        const pattern = extractPattern(rule);
+        if (RESERVED_OBJECT_KEYS.has(pattern)) {
+          moduleLogger.warn(
+            `Skipping rule #${index} in ${this.getRelativeFilePath()}: pattern "${pattern}" is a reserved object key.`
+          );
+          continue;
+        }
+        const existing = Object.hasOwn(permission, category) ? permission[category] : void 0;
+        const target = existing ?? {};
+        if (existing === void 0) {
+          permission[category] = target;
+        }
+        target[pattern] = action;
+      }
     }
     return this.toRulesyncPermissionsDefault({
       fileContent: JSON.stringify({ permission }, null, 2)
@@ -9879,50 +10069,238 @@ var GeminicliPermissions = class _GeminicliPermissions extends ToolPermissions {
       baseDir,
       relativeDirPath,
       relativeFilePath,
-      fileContent: JSON.stringify({}, null, 2),
+      fileContent: "",
       validate: false
     });
   }
 };
-function convertRulesyncToGeminicliTools({
-  config,
-  logger
-}) {
-  const allowed = [];
-  const exclude = [];
-  for (const [toolName, rules] of Object.entries(config.permission)) {
+function buildGeminicliPolicyContent(config, logger) {
+  const rules = [];
+  let order = 0;
+  for (const [toolName, entries] of Object.entries(config.permission)) {
     const mappedToolName = RULESYNC_TO_GEMINICLI_TOOL_NAME[toolName] ?? toolName;
-    if (!RULESYNC_TO_GEMINICLI_TOOL_NAME[toolName]) {
-      logger?.warn(`Gemini CLI permissions use direct tool names. Mapping as-is: ${toolName}`);
-    }
-    for (const [pattern, action] of Object.entries(rules)) {
-      if (action === "ask") {
-        logger?.warn(
-          `Gemini CLI does not support explicit "ask" rules in settings. Skipping ${toolName}:${pattern}`
+    for (const [pattern, action] of Object.entries(entries)) {
+      if (pattern === "") {
+        logger.warn(
+          `Skipping rule "${toolName}: "": empty pattern is not a valid permission target and would silently match every invocation (bash) or nothing (other tools).`
         );
         continue;
       }
-      const geminiEntry = pattern === "*" ? mappedToolName : `${mappedToolName}(${pattern})`;
-      if (action === "allow") {
-        allowed.push(geminiEntry);
-      } else {
-        exclude.push(geminiEntry);
+      if (hasUnsafeAnchorChar(pattern)) {
+        logger.warn(
+          `Skipping rule "${toolName}: ${pattern}": pattern contains a character (" or \\) that would break JSON-anchor matching in the Gemini CLI Policy Engine.`
+        );
+        continue;
+      }
+      const decision = mapToGeminicliDecision(action);
+      if (mappedToolName === "run_shell_command" && (pattern === "*" || pattern === "**") && decision !== "ask_user") {
+        logger.warn(
+          `Skipping rule "${toolName}: ${pattern}" with decision ${decision}: bash match-all patterns are only supported with "ask" because they would otherwise affect every shell command.`
+        );
+        continue;
+      }
+      const currentRule = {
+        toolName: mappedToolName,
+        decision,
+        priority: priorityForDecision(decision)
+      };
+      if (mappedToolName === "run_shell_command") {
+        applyShellPattern({ rule: currentRule, pattern, toolName, logger });
+      } else if (pattern !== "*") {
+        currentRule.argsPattern = buildNonShellArgsPattern(pattern);
       }
+      rules.push({ rule: currentRule, order: order++ });
     }
   }
-  return { allowed, exclude };
+  rules.sort((a, b) => {
+    const diff = toNumber(b.rule.priority) - toNumber(a.rule.priority);
+    return diff !== 0 ? diff : a.order - b.order;
+  });
+  return smolToml5.stringify({ rule: rules.map((entry) => entry.rule) });
 }
-function parseGeminicliToolEntry({ entry }) {
-  const match = /^([^()]+?)(?:\((.*)\))?$/.exec(entry);
-  if (!match) return { category: entry, pattern: "*" };
-  const rawToolName = match[1]?.trim() ?? entry;
-  const mappedCategory = Object.entries(RULESYNC_TO_GEMINICLI_TOOL_NAME).find(
-    ([, value]) => value === rawToolName
-  )?.[0];
-  return {
-    category: mappedCategory ?? rawToolName,
-    pattern: (match[2] ?? "*").trim()
-  };
+function buildNonShellArgsPattern(pattern) {
+  return `"${globPatternToRegex(pattern)}${VALUE_END_ANCHOR}`;
+}
+function hasUnsafeAnchorChar(pattern) {
+  return pattern.includes('"') || pattern.includes("\\");
+}
+function toNumber(value) {
+  return typeof value === "number" ? value : 0;
+}
+function applyShellPattern({
+  rule,
+  pattern,
+  toolName,
+  logger
+}) {
+  if (pattern === "*") {
+    return;
+  }
+  const trailingWildcardStripped = pattern.endsWith(" *") ? pattern.slice(0, -2) : pattern;
+  if (hasGlobMetacharacter(trailingWildcardStripped)) {
+    rule.argsPattern = `${COMMAND_ARGS_ANCHOR}${globPatternToRegex(pattern)}`;
+    logger.warn(
+      `Gemini CLI does not support glob metacharacters inside a bash command prefix; emitting argsPattern for rule "${toolName}: ${pattern}".`
+    );
+    return;
+  }
+  rule.commandPrefix = trailingWildcardStripped;
+}
+function hasGlobMetacharacter(pattern) {
+  return /[*?[\]]/.test(pattern);
+}
+function priorityForDecision(decision) {
+  if (decision === "deny") return PRIORITY_DENY;
+  if (decision === "ask_user") return PRIORITY_ASK;
+  return PRIORITY_ALLOW;
+}
+function mapToGeminicliDecision(action) {
+  if (action === "ask") {
+    return "ask_user";
+  }
+  return action;
+}
+function mapFromGeminicliDecision(decision) {
+  if (decision === "allow") return "allow";
+  if (decision === "deny") return "deny";
+  if (decision === "ask_user") return "ask";
+  return null;
+}
+function globPatternToRegex(pattern) {
+  let regex = "";
+  let i = 0;
+  while (i < pattern.length) {
+    const char = pattern[i];
+    if (char === void 0) {
+      break;
+    }
+    if (char === "*" && pattern[i + 1] === "*") {
+      regex += DOUBLE_STAR_REGEX;
+      i += 2;
+      continue;
+    }
+    if (char === "*") {
+      regex += SINGLE_STAR_REGEX;
+      i += 1;
+      continue;
+    }
+    if (char === "?") {
+      regex += SINGLE_CHAR_REGEX;
+      i += 1;
+      continue;
+    }
+    if (char === "[") {
+      regex += escapeRegexChar(char);
+      i += 1;
+      continue;
+    }
+    if (char === "]") {
+      regex += escapeRegexChar(char);
+      i += 1;
+      continue;
+    }
+    if (isRegexMetacharacter(char)) {
+      regex += `\\${char}`;
+      i += 1;
+      continue;
+    }
+    regex += char;
+    i += 1;
+  }
+  return regex;
+}
+function escapeRegexChar(char) {
+  return `\\${char}`;
+}
+function isRegexMetacharacter(char) {
+  return /[.+^${}()|\\]/.test(char);
+}
+function regexToGlobPattern(regex) {
+  let source = regex;
+  if (source.endsWith(VALUE_END_ANCHOR)) {
+    source = source.slice(0, -VALUE_END_ANCHOR.length);
+  }
+  let glob = "";
+  let i = 0;
+  while (i < source.length) {
+    if (source.startsWith(DOUBLE_STAR_REGEX, i)) {
+      glob += "**";
+      i += DOUBLE_STAR_REGEX.length;
+      continue;
+    }
+    if (source.startsWith(LEGACY_DOUBLE_STAR_REGEX, i)) {
+      glob += "**";
+      i += LEGACY_DOUBLE_STAR_REGEX.length;
+      continue;
+    }
+    if (source.startsWith(SINGLE_STAR_REGEX, i)) {
+      glob += "*";
+      i += SINGLE_STAR_REGEX.length;
+      continue;
+    }
+    if (source.startsWith(LEGACY_SINGLE_STAR_REGEX, i)) {
+      glob += "*";
+      i += LEGACY_SINGLE_STAR_REGEX.length;
+      continue;
+    }
+    if (source.startsWith(SINGLE_CHAR_REGEX, i)) {
+      glob += "?";
+      i += SINGLE_CHAR_REGEX.length;
+      continue;
+    }
+    const char = source[i];
+    if (char === "\\") {
+      const escaped = source[i + 1];
+      if (escaped !== void 0) {
+        glob += escaped;
+        i += 2;
+        continue;
+      }
+    }
+    glob += char ?? "";
+    i += 1;
+  }
+  return glob;
+}
+var GeminicliPolicyRuleSchema = z29.looseObject({
+  toolName: z29.string(),
+  decision: z29.optional(z29.unknown()),
+  commandPrefix: z29.optional(z29.string()),
+  argsPattern: z29.optional(z29.string())
+});
+var GeminicliPolicyFileSchema = z29.looseObject({
+  rule: z29.optional(z29.array(z29.looseObject({})))
+});
+function extractRules(parsed, logger) {
+  const parsedFile = GeminicliPolicyFileSchema.safeParse(parsed);
+  if (!parsedFile.success || !parsedFile.data.rule) {
+    return [];
+  }
+  const rules = [];
+  for (const [index, entry] of parsedFile.data.rule.entries()) {
+    const result = GeminicliPolicyRuleSchema.safeParse(entry);
+    if (result.success) {
+      rules.push(result.data);
+      continue;
+    }
+    logger.warn(
+      `Skipping malformed Gemini CLI policy rule at index ${index}: ${formatError(result.error)}`
+    );
+  }
+  return rules;
+}
+function extractPattern(rule) {
+  if (rule.toolName === "run_shell_command") {
+    if (rule.argsPattern) {
+      const stripped = rule.argsPattern.startsWith(COMMAND_ARGS_ANCHOR) ? rule.argsPattern.slice(COMMAND_ARGS_ANCHOR.length) : rule.argsPattern;
+      return regexToGlobPattern(stripped);
+    }
+    if (!rule.commandPrefix) return "*";
+    return rule.commandPrefix.endsWith(" *") || rule.commandPrefix.endsWith("*") ? rule.commandPrefix : `${rule.commandPrefix} *`;
+  }
+  if (!rule.argsPattern) return "*";
+  const regex = rule.argsPattern.startsWith('"') ? rule.argsPattern.slice(1) : rule.argsPattern;
+  return regexToGlobPattern(regex);
 }
 
 // src/features/permissions/kiro-permissions.ts
@@ -15180,7 +15558,7 @@ var ClaudecodeSubagent = class _ClaudecodeSubagent extends ToolSubagent {
 
 // src/features/subagents/codexcli-subagent.ts
 import { join as join101 } from "path";
-import * as smolToml5 from "smol-toml";
+import * as smolToml6 from "smol-toml";
 import { z as z58 } from "zod/mini";
 var CodexCliSubagentTomlSchema = z58.looseObject({
   name: z58.string(),
@@ -15192,13 +15570,13 @@ var CodexCliSubagentTomlSchema = z58.looseObject({
 });
 function stringifyCodexCliSubagentToml(tomlObj) {
   const { developer_instructions, ...restFields } = tomlObj;
-  const restToml = smolToml5.stringify(restFields).trimEnd();
+  const restToml = smolToml6.stringify(restFields).trimEnd();
   if (developer_instructions === void 0) {
     return restToml;
   }
-  const developerInstructionsToml = developer_instructions.includes("\n") ? developer_instructions.includes("'''") ? smolToml5.stringify({ developer_instructions }).trimEnd() : `developer_instructions = '''
+  const developerInstructionsToml = developer_instructions.includes("\n") ? developer_instructions.includes("'''") ? smolToml6.stringify({ developer_instructions }).trimEnd() : `developer_instructions = '''
 ${developer_instructions}
-'''` : smolToml5.stringify({ developer_instructions }).trimEnd();
+'''` : smolToml6.stringify({ developer_instructions }).trimEnd();
   return [restToml, developerInstructionsToml].filter((value) => value.length > 0).join("\n");
 }
 var CodexCliSubagent = class _CodexCliSubagent extends ToolSubagent {
@@ -15206,7 +15584,7 @@ var CodexCliSubagent = class _CodexCliSubagent extends ToolSubagent {
   constructor({ body, ...rest }) {
     if (rest.validate !== false) {
       try {
-        const parsed = smolToml5.parse(body);
+        const parsed = smolToml6.parse(body);
         CodexCliSubagentTomlSchema.parse(parsed);
       } catch (error) {
         throw new Error(
@@ -15231,7 +15609,7 @@ var CodexCliSubagent = class _CodexCliSubagent extends ToolSubagent {
   toRulesyncSubagent() {
     let parsed;
     try {
-      parsed = CodexCliSubagentTomlSchema.parse(smolToml5.parse(this.body));
+      parsed = CodexCliSubagentTomlSchema.parse(smolToml6.parse(this.body));
     } catch (error) {
       throw new Error(
         `Failed to parse TOML in ${join101(this.getRelativeDirPath(), this.getRelativeFilePath())}: ${error instanceof Error ? error.message : String(error)}`,
@@ -15292,7 +15670,7 @@ var CodexCliSubagent = class _CodexCliSubagent extends ToolSubagent {
   }
   validate() {
     try {
-      const parsed = smolToml5.parse(this.body);
+      const parsed = smolToml6.parse(this.body);
       CodexCliSubagentTomlSchema.parse(parsed);
       return { success: true, error: null };
     } catch (error) {
@@ -21616,176 +21994,6 @@ async function importPermissionsCore(params) {
   return writtenCount;
 }
 
-// src/types/json-output.ts
-var ErrorCodes = {
-  CONFIG_NOT_FOUND: "CONFIG_NOT_FOUND",
-  RULESYNC_DIR_NOT_FOUND: "RULESYNC_DIR_NOT_FOUND",
-  INVALID_TARGET: "INVALID_TARGET",
-  FETCH_FAILED: "FETCH_FAILED",
-  WRITE_FAILED: "WRITE_FAILED",
-  VALIDATION_FAILED: "VALIDATION_FAILED",
-  GENERATION_FAILED: "GENERATION_FAILED",
-  IMPORT_FAILED: "IMPORT_FAILED",
-  INSTALL_FAILED: "INSTALL_FAILED",
-  UPDATE_FAILED: "UPDATE_FAILED",
-  GITIGNORE_FAILED: "GITIGNORE_FAILED",
-  INIT_FAILED: "INIT_FAILED",
-  MCP_FAILED: "MCP_FAILED",
-  UNKNOWN_ERROR: "UNKNOWN_ERROR"
-};
-var CLIError = class extends Error {
-  constructor(message, code = ErrorCodes.UNKNOWN_ERROR, exitCode = 1) {
-    super(message);
-    this.code = code;
-    this.exitCode = exitCode;
-    this.name = "CLIError";
-  }
-};
-
-// src/utils/logger.ts
-var BaseLogger = class {
-  _verbose = false;
-  _silent = false;
-  constructor({ verbose = false, silent = false } = {}) {
-    this._silent = silent;
-    this._verbose = verbose && !silent;
-  }
-  get verbose() {
-    return this._verbose;
-  }
-  get silent() {
-    return this._silent;
-  }
-  configure({ verbose, silent }) {
-    if (verbose && silent) {
-      this._silent = false;
-      if (!isEnvTest()) {
-        this.onConflictingFlags();
-      }
-    }
-    this._silent = silent;
-    this._verbose = verbose && !silent;
-  }
-  onConflictingFlags() {
-    console.warn("Both --verbose and --silent specified; --silent takes precedence");
-  }
-};
-var ConsoleLogger = class extends BaseLogger {
-  isSuppressed() {
-    return isEnvTest() || this._silent;
-  }
-  get jsonMode() {
-    return false;
-  }
-  captureData(_key, _value) {
-  }
-  getJsonData() {
-    return {};
-  }
-  outputJson(_success, _error) {
-  }
-  info(message, ...args) {
-    if (this.isSuppressed()) return;
-    console.log(message, ...args);
-  }
-  success(message, ...args) {
-    if (this.isSuppressed()) return;
-    console.log(message, ...args);
-  }
-  warn(message, ...args) {
-    if (this.isSuppressed()) return;
-    console.warn(message, ...args);
-  }
-  // Errors are always emitted, even in silent mode
-  error(message, _code, ...args) {
-    if (isEnvTest()) return;
-    const errorMessage = message instanceof Error ? message.message : message;
-    console.error(errorMessage, ...args);
-  }
-  debug(message, ...args) {
-    if (!this._verbose || this.isSuppressed()) return;
-    console.log(message, ...args);
-  }
-};
-var JsonLogger = class extends BaseLogger {
-  _jsonOutputDone = false;
-  _jsonData = {};
-  _commandName;
-  _version;
-  constructor({
-    command,
-    version,
-    verbose = false,
-    silent = false
-  }) {
-    super({ verbose, silent });
-    this._commandName = command;
-    this._version = version;
-  }
-  // Suppress raw console.warn in JSON mode to avoid non-JSON text on stderr
-  onConflictingFlags() {
-  }
-  get jsonMode() {
-    return true;
-  }
-  captureData(key, value) {
-    this._jsonData[key] = value;
-  }
-  getJsonData() {
-    return { ...this._jsonData };
-  }
-  outputJson(success, error) {
-    if (this._jsonOutputDone) return;
-    this._jsonOutputDone = true;
-    const output = {
-      success,
-      timestamp: (/* @__PURE__ */ new Date()).toISOString(),
-      command: this._commandName,
-      version: this._version
-    };
-    if (success) {
-      output.data = this._jsonData;
-    } else if (error) {
-      output.error = {
-        code: error.code,
-        message: error.message
-      };
-      if (error.details) {
-        output.error.details = error.details;
-      }
-      if (error.stack) {
-        output.error.stack = error.stack;
-      }
-    }
-    const jsonStr = JSON.stringify(output, null, 2);
-    if (success) {
-      console.log(jsonStr);
-    } else {
-      console.error(jsonStr);
-    }
-  }
-  info(_message, ..._args) {
-  }
-  success(_message, ..._args) {
-  }
-  warn(_message, ..._args) {
-  }
-  error(message, code, ..._args) {
-    if (isEnvTest()) return;
-    const errorMessage = message instanceof Error ? message.message : message;
-    const errorInfo = {
-      code: code || ErrorCodes.UNKNOWN_ERROR,
-      message: errorMessage
-    };
-    if (this._verbose && message instanceof Error && message.stack) {
-      errorInfo.stack = message.stack;
-    }
-    this.outputJson(false, errorInfo);
-  }
-  debug(_message, ..._args) {
-  }
-};
-
 export {
   RULESYNC_CONFIG_RELATIVE_FILE_PATH,
   RULESYNC_LOCAL_CONFIG_RELATIVE_FILE_PATH,
@@ -21843,6 +22051,10 @@ export {
   IgnoreProcessor,
   RulesyncMcp,
   McpProcessor,
+  ErrorCodes,
+  CLIError,
+  ConsoleLogger,
+  JsonLogger,
   SKILL_FILE_NAME,
   RulesyncSkillFrontmatterSchema,
   RulesyncSkill,
@@ -21856,9 +22068,5 @@ export {
   RulesProcessor,
   checkRulesyncDirExists,
   generate,
-  importFromTool,
-  ErrorCodes,
-  CLIError,
-  ConsoleLogger,
-  JsonLogger
+  importFromTool
 };