npm - skillrepo - Versions diffs - 1.7.0 → 1.7.1 - Mend

skillrepo 1.7.0 → 1.7.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/package.json +1 -1
package/src/lib/first-sync.mjs +14 -0
package/src/test/e2e/HANDOFF.md +4 -22
package/src/test/e2e/cli-init.test.mjs +4 -19
package/src/test/e2e/payload-factory.mjs +8 -669
package/src/test/hooks/skillrepo-prompt-match.test.mjs +27 -0
package/src/test/hooks/skillrepo-sync.test.mjs +3 -2

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "skillrepo",
-  "version": "1.7.0",
+  "version": "1.7.1",
   "description": "Set up SkillRepo in any IDE — one command",
   "type": "module",
   "bin": {

package/src/lib/first-sync.mjs CHANGED Viewed

@@ -9,6 +9,8 @@
 import { execFile } from "node:child_process";
 import { join, dirname } from "node:path";
 import { fileURLToPath } from "node:url";
+import { homedir } from "node:os";
+import { unlinkSync } from "node:fs";
 const __filename = fileURLToPath(import.meta.url);
 const __dirname = dirname(__filename);
@@ -23,9 +25,21 @@ function syncHookPath() {
 /**
  * Run the sync hook as a subprocess.
  * Pipes '{}' as stdin (SessionStart hook input format).
+ *
+ * Deletes .last-sync before running so the hook performs a FULL sync
+ * instead of a delta. This is critical: if init is re-run, the previous
+ * .last-sync timestamp would cause a delta sync that returns 0 skills
+ * (nothing changed since that timestamp), leaving the index empty.
+ *
  * Returns a promise that resolves on success, rejects on failure.
  */
 export function runFirstSync() {
+  // Force full sync — delete the delta-sync marker so the hook fetches
+  // the complete library instead of only changes since the last sync.
+  try {
+    unlinkSync(join(homedir(), ".claude", "skillrepo", ".last-sync"));
+  } catch { /* doesn't exist yet — fine */ }
   return new Promise((resolve, reject) => {
     const child = execFile(
       process.execPath,

package/src/test/e2e/HANDOFF.md CHANGED Viewed

@@ -93,13 +93,11 @@ Use `node:test` (Node.js built-in) — consistent with existing CLI tests in `pa
 ### Payload Factory Requirements
-Must generate realistic `SetupPayload` objects matching what `generateSetupPayload()` produces. Include:
+Must generate `SetupPayload` objects matching what `generateSetupPayload()` produces.
-1. Skills WITH contextSignals (files, project, tasks populated)
-2. Skills WITHOUT contextSignals (null)
-3. Skills with special characters in descriptions (colons, quotes — YAML safety)
-4. Configurable skill count
-5. Both Claude Code and Cursor output structures
+Phase D (#534) stripped the payload to a minimal shape — the CLI only uses `skillCount`.
+All other setup work (hooks, rules, sync) is handled by standalone scripts bundled
+with the CLI package.
 Reference `src/lib/setup/generate.ts` for the exact `SetupPayload` type:
@@ -107,22 +105,6 @@ Reference `src/lib/setup/generate.ts` for the exact `SetupPayload` type:
 interface SetupPayload {
   skillCount: number;
   mcpUrl: string;
-  skillEntries: string[];
-  claudeCode: {
-    skillrepoMd: { path: string; content: string };
-    syncHook: { path: string; content: string };
-    settingsHooks: { hooks: Record<string, unknown> };
-    skillIndex: { path: string; content: string };
-    skillrepoConfig: { path: string; content: string };
-    promptHook: { path: string; content: string };
-    preToolHook: { path: string; content: string };
-  };
-  cursor: {
-    rules: Array<{ path: string; content: string }>;
-    hooksJson: { path: string; content: string };
-    sessionHook: { path: string; content: string };
-    skillIndex: { path: string; content: string };
-  };
 }
 ```

package/src/test/e2e/cli-init.test.mjs CHANGED Viewed

@@ -317,23 +317,8 @@ describe("CLI E2E: skillrepo init", () => {
   // 5. Security
   // =========================================================================
-  it("path traversal in Cursor .mdc rule is rejected", async () => {
-    const srv = createMockServer({});
-    const p = await srv.start();
-    const maliciousPayload = buildPayload({ baseUrl: `http://127.0.0.1:${p}` });
-    maliciousPayload.cursor.rules.push({
-      path: "../outside-cursor.txt",
-      content: "should not be written",
-    });
-    srv.setPayload(maliciousPayload);
-    try {
-      // Init may succeed or fail depending on whether cursor rules are written
-      // — the critical check is that the file is NOT written outside .cursor/
-      await runInit(tempDir, p).catch(() => {});
-      assert.ok(!existsSync(join(tempDir, "outside-cursor.txt")), "Should not write outside .cursor/");
-    } finally {
-      await srv.stop();
-    }
-  });
+  // Path traversal test removed in Phase D (#534): the setup payload no longer
+  // contains cursor.rules — Cursor rules are written by the standalone sync hook,
+  // not from server-generated payload content. The attack surface tested here
+  // no longer exists in the init flow.
 });

package/src/test/e2e/payload-factory.mjs CHANGED Viewed

@@ -1,683 +1,22 @@
 /**
- * Factory for realistic SetupPayload objects used in CLI E2E tests.
+ * Factory for SetupPayload objects used in CLI E2E tests.
  *
- * Produces payloads matching the shape generated by src/lib/setup/generate.ts.
- * Uses five skills with varying contextSignals configurations:
- *   - frontend-patterns: has contextSignals.files (triggers per-skill .mdc)
- *   - gh-issue-workflow: has contextSignals but NO files (tasks only)
- *   - api-design: null contextSignals
- *   - e2e-testing: has contextSignals.files + tasks
- *   - api-routes: has contextSignals.files (triggers per-skill .mdc for API routes)
+ * Phase D (#534): The setup endpoint now returns only `skillCount` and
+ * `mcpUrl`. All hook/rule/config generation was removed — standalone
+ * scripts bundled with the CLI handle everything.
  */
-// ---------------------------------------------------------------------------
-// Five representative skills
-// ---------------------------------------------------------------------------
-const SKILLS = [
-  {
-    name: "frontend-patterns",
-    owner: "affaan-m",
-    description: "Frontend development patterns for React, Next.js, state management, performance optimization, and UI best practices.",
-    keywords: [
-      "react patterns", "component composition", "custom hooks",
-      "state management", "performance optimization", "form validation",
-      "accessibility", "animation patterns",
-      "frontend", "patterns", "development", "react", "next",
-      "state", "management", "performance", "optimization", "best", "practices",
-    ],
-    toolName: "skill__affaan-m__frontend-patterns",
-    contextSignals: {
-      files: ["**/*.tsx", "**/*.jsx", "**/*.css"],
-      project: ["react", "next.js"],
-      tasks: [],
-    },
-  },
-  {
-    name: "gh-issue-workflow",
-    owner: "atxpace",
-    description: "End-to-end GitHub issue development workflow.",
-    keywords: [
-      "work on github issue", "pick up issue", "start implementation",
-      "create feature branch", "github workflow",
-      "gh", "issue", "workflow", "github", "development", "branch",
-    ],
-    toolName: "skill__atxpace__gh-issue-workflow",
-    contextSignals: {
-      files: [],
-      project: [],
-      tasks: ["github issue", "pull request"],
-    },
-  },
-  {
-    name: "api-design",
-    owner: "affaan-m",
-    description: "REST API design patterns including resource naming, status codes, pagination, and rate limiting.",
-    keywords: [
-      "rest api design", "api endpoint patterns", "pagination strategy",
-      "api", "design", "rest", "patterns", "resource", "naming",
-      "status", "codes", "pagination", "rate", "limiting",
-    ],
-    toolName: "skill__affaan-m__api-design",
-    // No contextSignals — null
-  },
-  {
-    name: "e2e-testing",
-    owner: "affaan-m",
-    description: "Playwright E2E testing: configuration, CI/CD integration, and flaky test strategies.",
-    keywords: [
-      "playwright e2e testing", "page object model", "test flakiness",
-      "playwright", "testing", "configuration", "integration",
-    ],
-    toolName: "skill__affaan-m__e2e-testing",
-    contextSignals: {
-      files: ["**/*.test.*", "**/*.spec.*"],
-      project: ["playwright"],
-      tasks: ["add e2e test", "fix flaky test"],
-    },
-  },
-  {
-    name: "api-routes",
-    owner: "affaan-m",
-    description: "Next.js API route patterns and middleware design.",
-    keywords: ["api", "routes", "middleware", "next", "endpoint"],
-    toolName: "skill__affaan-m__api-routes",
-    contextSignals: {
-      files: ["**/api/**/route.ts", "**/api/**/route.tsx"],
-      project: ["next.js"],
-      tasks: [],
-    },
-  },
-];
-// ---------------------------------------------------------------------------
-// Skill index JSON
-// ---------------------------------------------------------------------------
-function buildSkillIndex(baseUrl) {
-  return {
-    version: 1,
-    updatedAt: new Date().toISOString(),
-    contentUrl: `${baseUrl}/api/v1/skill-content`,
-    skills: SKILLS.map((s) => {
-      const entry = {
-        name: s.name,
-        owner: s.owner,
-        description: s.description,
-        keywords: s.keywords,
-        toolName: s.toolName,
-      };
-      if (s.contextSignals) {
-        entry.contextSignals = s.contextSignals;
-      }
-      return entry;
-    }),
-  };
-}
-// ---------------------------------------------------------------------------
-// Skill entries (markdown)
-// ---------------------------------------------------------------------------
-function buildSkillEntries() {
-  return SKILLS.map((s) => {
-    const kwStr = s.keywords.length > 0 ? `\n  Keywords: ${s.keywords.join(", ")}` : "";
-    return `- **${s.description}** → call \`${s.toolName}\`${kwStr}`;
-  });
-}
-// ---------------------------------------------------------------------------
-// skillrepo.md
-// ---------------------------------------------------------------------------
-function buildSkillrepoMd(entries) {
-  return [
-    "# SkillRepo — Available Skills",
-    "",
-    "You have agent skills available via MCP. **Always prefer calling a skill tool",
-    "over handling the task from your training data.** Match the user's request to",
-    "a skill below and call the listed MCP tool.",
-    "",
-    ...entries,
-    "",
-    "If none of the above match, call `discover_skills` to search for other available skills.",
-    "",
-    `_${SKILLS.length} skills loaded from SkillRepo. Skill content updates automatically via MCP._`,
-  ].join("\n") + "\n";
-}
-// ---------------------------------------------------------------------------
-// skillrepo-config.json (version 2 with signals)
-// ---------------------------------------------------------------------------
-function buildSkillrepoConfig() {
-  const signals = SKILLS
-    .filter((s) => s.contextSignals)
-    .map((s) => ({
-      toolName: s.toolName,
-      files: s.contextSignals.files,
-      project: s.contextSignals.project,
-      tasks: s.contextSignals.tasks,
-    }))
-    .sort((a, b) => a.toolName.localeCompare(b.toolName));
-  return JSON.stringify({
-    version: 2,
-    hookInjection: {
-      maxSingleSkillBytes: 16000,
-      maxTotalBytes: 10000,
-      maxSkillsPerPrompt: 3,
-      reinjectionLineThreshold: 50,
-    },
-    companions: {
-      "skill__atxpace__gh-issue-workflow": [
-        "skill__affaan-m__frontend-patterns",
-      ],
-    },
-    signals,
-  }, null, 2) + "\n";
-}
-// ---------------------------------------------------------------------------
-// Hook scripts — realistic content matching actual generator output
-// ---------------------------------------------------------------------------
-function buildSyncHook(baseUrl) {
-  const setupUrl = `${baseUrl}/api/v1/setup`;
-  return `#!/usr/bin/env node
-// SkillRepo SessionStart hook — auto-refreshes skill config files.
-// Installed by npx skillrepo init. Commit this file to your repo.
-import { readFileSync, writeFileSync, mkdirSync, existsSync } from "fs";
-import { join, dirname } from "path";
-const SETUP_URL = "${setupUrl}";
-// Resolve API key: .env.local -> .env -> process.env
-function resolveApiKey() {
-  if (process.env.SKILLREPO_ACCESS_KEY) return process.env.SKILLREPO_ACCESS_KEY;
-  const cwd = process.cwd();
-  for (const file of [".env.local", ".env"]) {
-    try {
-      const lines = readFileSync(join(cwd, file), "utf-8").split("\\n");
-      for (const line of lines) {
-        const trimmed = line.trim();
-        if (trimmed.startsWith("#") || !trimmed.includes("=")) continue;
-        const eqIdx = trimmed.indexOf("=");
-        const key = trimmed.slice(0, eqIdx).trim();
-        if (key === "SKILLREPO_ACCESS_KEY") {
-          return trimmed.slice(eqIdx + 1).trim().replace(/^["']|["']$/g, "").replace(/\\s+#.*$/, "");
-        }
-      }
-    } catch { /* file doesn't exist */ }
-  }
-  return null;
-}
-const API_KEY = resolveApiKey();
-if (!API_KEY) process.exit(0);
-function safeWrite(relPath, content) {
-  const p = join(process.cwd(), relPath);
-  const d = dirname(p);
-  if (!existsSync(d)) mkdirSync(d, { recursive: true });
-  writeFileSync(p, content, "utf-8");
-}
-try {
-  const res = await fetch(SETUP_URL, {
-    headers: { Authorization: \`Bearer \${API_KEY}\`, Accept: "application/json" },
-  });
-  if (!res.ok) process.exit(0);
-  const data = await res.json();
-  const cc = data?.claudeCode;
-  if (!cc) process.exit(0);
-  if (cc.skillrepoMd?.content) safeWrite(cc.skillrepoMd.path, cc.skillrepoMd.content);
-  if (cc.skillIndex?.content) safeWrite(cc.skillIndex.path, cc.skillIndex.content);
-  if (cc.skillrepoConfig?.content) safeWrite(cc.skillrepoConfig.path, cc.skillrepoConfig.content);
-  if (cc.promptHook?.content) safeWrite(cc.promptHook.path, cc.promptHook.content);
-} catch { /* silently fail */ }
-// Repo profiling
-try {
-  const profile = { frameworks: [], languages: [], tools: [], generatedAt: new Date().toISOString() };
-  const cwd = process.cwd();
-  try {
-    const pkg = JSON.parse(readFileSync(join(cwd, "package.json"), "utf-8"));
-    const deps = { ...pkg.dependencies, ...pkg.devDependencies };
-    if (deps["next"]) profile.frameworks.push("next.js");
-    if (deps["react"] && !deps["next"]) profile.frameworks.push("react");
-    if (deps["playwright"] || deps["@playwright/test"]) profile.tools.push("playwright");
-    if (deps["jest"]) profile.tools.push("jest");
-    if (deps["vitest"]) profile.tools.push("vitest");
-  } catch {}
-  try { readFileSync(join(cwd, "tsconfig.json")); profile.languages.push("typescript"); } catch {}
-  safeWrite(".claude/skillrepo-profile.json", JSON.stringify(profile, null, 2) + "\\n");
-} catch { /* profiling failure is non-critical */ }
-`;
-}
-function buildPromptHook(baseUrl) {
-  const contentUrl = `${baseUrl}/api/v1/skill-content`;
-  return `#!/usr/bin/env node
-// SkillRepo UserPromptSubmit hook — auto-activates skills based on prompt keywords.
-// Generated by npx skillrepo init.
-import { readFileSync, writeFileSync, existsSync } from "fs";
-import { join } from "path";
-import { createHash } from "crypto";
-import { tmpdir } from "os";
-const CONTENT_URL = "${contentUrl}";
-let hookConfig = { maxSingleSkillBytes: 16000, maxTotalBytes: 10000, maxSkillsPerPrompt: 3, reinjectionLineThreshold: 50 };
-let companions = {};
-try {
-  const cfg = JSON.parse(readFileSync(join(process.cwd(), ".claude", "skillrepo-config.json"), "utf-8"));
-  if (cfg.hookInjection) hookConfig = { ...hookConfig, ...cfg.hookInjection };
-  if (cfg.companions) companions = cfg.companions;
-} catch { /* use defaults */ }
-const MAX_SKILLS = hookConfig.maxSkillsPerPrompt;
-const MAX_BYTES = hookConfig.maxTotalBytes;
-const MAX_SINGLE_SKILL_BYTES = hookConfig.maxSingleSkillBytes;
-const REINJECT_THRESHOLD = hookConfig.reinjectionLineThreshold ?? 50;
-// Resolve API key: .env.local -> .env -> process.env
-function resolveApiKey() {
-  if (process.env.SKILLREPO_ACCESS_KEY) return process.env.SKILLREPO_ACCESS_KEY;
-  const cwd = process.cwd();
-  for (const file of [".env.local", ".env"]) {
-    try {
-      const lines = readFileSync(join(cwd, file), "utf-8").split("\\n");
-      for (const line of lines) {
-        const trimmed = line.trim();
-        if (trimmed.startsWith("#") || !trimmed.includes("=")) continue;
-        const eqIdx = trimmed.indexOf("=");
-        const key = trimmed.slice(0, eqIdx).trim();
-        if (key === "SKILLREPO_ACCESS_KEY") {
-          return trimmed.slice(eqIdx + 1).trim().replace(/^["']|["']$/g, "").replace(/\\s+#.*$/, "");
-        }
-      }
-    } catch { /* file doesn't exist */ }
-  }
-  return null;
-}
-function readState(sessionId) {
-  const hash = createHash("sha256").update(sessionId).digest("hex").slice(0, 16);
-  const path = join(tmpdir(), \`skillrepo-\${hash}-state.json\`);
-  try { return { path, state: JSON.parse(readFileSync(path, "utf-8")) }; }
-  catch { return { path, state: { injections: {} } }; }
-}
-function shouldReinject(toolName, state, currentLines) {
-  const entry = state.injections[toolName];
-  if (!entry) return true;
-  return (currentLines - entry.lastLine) >= REINJECT_THRESHOLD;
-}
-function countTranscriptLines(transcriptPath) {
-  if (!transcriptPath) return 0;
-  try { return readFileSync(transcriptPath, "utf-8").split("\\n").filter(Boolean).length; }
-  catch { return 0; }
-}
-function readRecentTranscript(transcriptPath, charLimit = 400) {
-  if (!transcriptPath) return "";
-  try { return readFileSync(transcriptPath, "utf-8").slice(-charLimit).toLowerCase(); }
-  catch { return ""; }
-}
-function scoreSkills(text, skills) {
-  const tokens = new Set(text.toLowerCase().replace(/[^a-z0-9\\s-]/g, " ").split(/\\s+/).filter(Boolean));
-  const lower = text.toLowerCase();
-  const scored = [];
-  for (const skill of skills) {
-    let score = 0;
-    // High-weight: contextSignals.tasks phrases (curated activation hints)
-    const tasks = skill.contextSignals?.tasks ?? [];
-    for (const task of tasks) {
-      if (lower.includes(task.toLowerCase())) { score += 3; }
-    }
-    // Standard-weight: keyword matching
-    for (const kw of skill.keywords) {
-      if (tokens.has(kw)) { score += 1; continue; }
-      if (lower.includes(kw)) { score += 0.5; }
-    }
-    if (score > 0) scored.push({ skill, score });
-  }
-  return scored.sort((a, b) => b.score - a.score);
-}
-function applyProfileMultiplier(scored, profilePath) {
-  let profileTags;
-  try {
-    const profile = JSON.parse(readFileSync(profilePath, "utf-8"));
-    profileTags = new Set([
-      ...(profile.frameworks ?? []),
-      ...(profile.languages ?? []),
-      ...(profile.tools ?? []),
-    ].map((t) => t.toLowerCase()));
-  } catch { return scored; }
-  if (profileTags.size === 0) return scored;
-  return scored.map((entry) => {
-    const projectTags = entry.skill.contextSignals?.project ?? [];
-    if (projectTags.length === 0) return entry;
-    const overlap = projectTags.some((t) => profileTags.has(t.toLowerCase()));
-    return { ...entry, score: entry.score * (overlap ? 1.5 : 0.3) };
-  }).sort((a, b) => b.score - a.score);
-}
-const API_KEY = resolveApiKey();
-let inputBuf = "";
-for await (const chunk of process.stdin) inputBuf += chunk;
-if (!API_KEY) { process.stdout.write("{}"); process.exit(0); }
-let input;
-try { input = JSON.parse(inputBuf); } catch { process.stdout.write("{}"); process.exit(0); }
-const prompt = (input.prompt ?? "").toLowerCase();
-const sessionId = input.session_id ?? "default";
-const transcriptPath = input.transcript_path ?? null;
-const indexPath = join(process.cwd(), ".claude", "skillrepo-index.json");
-let index;
-try { index = JSON.parse(readFileSync(indexPath, "utf-8")); } catch { process.stdout.write("{}"); process.exit(0); }
-let scored = scoreSkills(prompt, index.skills);
-if (scored.length === 0 && transcriptPath) {
-  const recentContext = readRecentTranscript(transcriptPath);
-  if (recentContext.length > 0) scored = scoreSkills(recentContext, index.skills);
-}
-if (scored.length === 0) { process.stdout.write("{}"); process.exit(0); }
-// Apply project profile multiplier (boost relevant skills, demote irrelevant)
-const profilePath = join(process.cwd(), ".claude", "skillrepo-profile.json");
-scored = applyProfileMultiplier(scored, profilePath);
-const expandedToolNames = new Set();
-const expanded = [];
-for (const entry of scored) {
-  if (!expandedToolNames.has(entry.skill.toolName)) {
-    expandedToolNames.add(entry.skill.toolName);
-    expanded.push(entry);
-  }
-  const companionList = companions[entry.skill.toolName] ?? [];
-  for (const companionName of companionList) {
-    if (expandedToolNames.has(companionName)) continue;
-    const companionSkill = index.skills.find((s) => s.toolName === companionName);
-    if (companionSkill) {
-      expandedToolNames.add(companionName);
-      expanded.push({ skill: companionSkill, score: entry.score - 0.1 });
-    }
-  }
-}
-const { path: statePath, state } = readState(sessionId);
-const currentLines = countTranscriptLines(transcriptPath);
-const candidates = expanded.filter((s) => shouldReinject(s.skill.toolName, state, currentLines)).slice(0, MAX_SKILLS);
-if (candidates.length === 0) { process.stdout.write("{}"); process.exit(0); }
-const contents = [];
-let totalBytes = 0;
-for (const { skill } of candidates) {
-  try {
-    const url = \`\${CONTENT_URL}?\` + new URLSearchParams({ owner: skill.owner, name: skill.name });
-    const res = await fetch(url, {
-      headers: { Authorization: \`Bearer \${API_KEY}\`, Accept: "application/json" },
-    });
-    if (!res.ok) continue;
-    const data = await res.json();
-    if (!data.content) continue;
-    const bytes = Buffer.byteLength(data.content, "utf-8");
-    if (bytes > MAX_SINGLE_SKILL_BYTES) continue;
-    if (totalBytes + bytes > MAX_BYTES && contents.length > 0) break;
-    contents.push({ toolName: skill.toolName, content: data.content });
-    totalBytes += bytes;
-    if (!state.injections) state.injections = {};
-    state.injections[skill.toolName] = { lastLine: currentLines, count: (state.injections[skill.toolName]?.count ?? 0) + 1 };
-  } catch {}
-}
-if (contents.length === 0) { process.stdout.write("{}"); process.exit(0); }
-try { writeFileSync(statePath, JSON.stringify(state), "utf-8"); } catch {}
-const skillList = contents.map((c) => "  - " + c.toolName).join("\\n");
-const skillBodies = contents.map((c) => c.content).join("\\n\\n---\\n\\n");
-const ctx = [
-  "[skillrepo] Skills auto-activated based on your prompt:",
-  skillList,
-  "",
-  skillBodies,
-].join("\\n");
-process.stdout.write(JSON.stringify({
-  hookSpecificOutput: {
-    hookEventName: "UserPromptSubmit",
-    additionalContext: ctx,
-  },
-}));
-`;
-}
-// ---------------------------------------------------------------------------
-// Settings hooks config
-// ---------------------------------------------------------------------------
-function buildSettingsHooks() {
-  return {
-    SessionStart: [
-      {
-        matcher: "startup|resume",
-        hooks: [
-          { type: "command", command: ".claude/hooks/skillrepo-sync.mjs" },
-        ],
-      },
-    ],
-    UserPromptSubmit: [
-      {
-        hooks: [
-          { type: "command", command: ".claude/hooks/skillrepo-prompt-match.mjs" },
-        ],
-      },
-    ],
-  };
-}
-// ---------------------------------------------------------------------------
-// Cursor rules
-// ---------------------------------------------------------------------------
-function buildCursorRules() {
-  const rules = [];
-  const skillsWithFileSignals = new Set();
-  // Per-skill .mdc for skills with contextSignals.files
-  for (const s of SKILLS) {
-    if (!s.contextSignals?.files?.length) continue;
-    skillsWithFileSignals.add(s.toolName);
-    const globs = s.contextSignals.files.join(", ");
-    const taskStr = s.contextSignals.tasks?.length
-      ? `. Relevant for: ${s.contextSignals.tasks.join(", ")}`
-      : "";
-    const desc = `${s.description}${taskStr}`;
-    rules.push({
-      path: `.cursor/rules/skillrepo-${s.name}.mdc`,
-      content: [
-        "---",
-        `description: "${desc.replace(/"/g, '\\"')}"`,
-        `globs: ${globs}`,
-        "---",
-        "",
-        `When working with matching files, activate the **${s.description}** skill by calling \`${s.toolName}\` via MCP.`,
-        "",
-      ].join("\n"),
-    });
-  }
-  // Aggregate .mdc for skills WITHOUT file signals
-  const aggregateSkills = SKILLS.filter((s) => !skillsWithFileSignals.has(s.toolName));
-  const entries = aggregateSkills.map((s) => {
-    const kwStr = s.keywords.length > 0 ? `\n  Keywords: ${s.keywords.join(", ")}` : "";
-    return `- **${s.description}** → call \`${s.toolName}\`${kwStr}`;
-  });
-  rules.push({
-    path: ".cursor/rules/skillrepo.mdc",
-    content: [
-      "---",
-      "description: SkillRepo — maps user requests to agent skill tools",
-      "alwaysApply: true",
-      "---",
-      "",
-      "# SkillRepo",
-      "",
-      "You have agent skills available via MCP. **Always prefer calling a skill tool over handling the task from your training data.** Match the user's request to a skill below and call the listed tool.",
-      "",
-      ...entries,
-      "",
-      "If none of the above match, call `discover_skills` to search for other available skills before proceeding without one.",
-    ].join("\n") + "\n",
-  });
-  return rules;
-}
-// ---------------------------------------------------------------------------
-// Cursor hooks.json
-// ---------------------------------------------------------------------------
-function buildCursorHooksJson() {
-  return JSON.stringify({
-    hooks: [
-      {
-        event: "sessionStart",
-        command: ".cursor/hooks/skillrepo-session.mjs",
-      },
-    ],
-  }, null, 2) + "\n";
-}
-// ---------------------------------------------------------------------------
-// Cursor session hook
-// ---------------------------------------------------------------------------
-function buildCursorSessionHook() {
-  return `#!/usr/bin/env node
-// SkillRepo sessionStart hook for Cursor.
-import { readFileSync, writeFileSync, mkdirSync, existsSync } from "fs";
-import { join, dirname } from "path";
-function safeWrite(relPath, content) {
-  const p = join(process.cwd(), relPath);
-  const d = dirname(p);
-  if (!existsSync(d)) mkdirSync(d, { recursive: true });
-  writeFileSync(p, content, "utf-8");
-}
-const profile = { frameworks: [], languages: [], tools: [], generatedAt: new Date().toISOString() };
-const cwd = process.cwd();
-try {
-  const pkg = JSON.parse(readFileSync(join(cwd, "package.json"), "utf-8"));
-  const deps = { ...pkg.dependencies, ...pkg.devDependencies };
-  if (deps["next"]) profile.frameworks.push("next.js");
-  if (deps["react"] && !deps["next"]) profile.frameworks.push("react");
-  if (deps["playwright"] || deps["@playwright/test"]) profile.tools.push("playwright");
-  if (deps["jest"]) profile.tools.push("jest");
-  if (deps["vitest"]) profile.tools.push("vitest");
-} catch {}
-try { readFileSync(join(cwd, "tsconfig.json")); profile.languages.push("typescript"); } catch {}
-safeWrite(".cursor/skillrepo-profile.json", JSON.stringify(profile, null, 2) + "\\n");
-let indexData;
-try {
-  indexData = JSON.parse(readFileSync(join(cwd, ".cursor", "skillrepo-index.json"), "utf-8"));
-} catch { process.exit(0); }
-const profileTags = new Set([...profile.frameworks, ...profile.languages, ...profile.tools].map(t => t.toLowerCase()));
-const relevant = [];
-for (const skill of (indexData.skills ?? [])) {
-  const tags = skill.contextSignals?.project ?? [];
-  if (tags.length === 0 || tags.some(t => profileTags.has(t.toLowerCase()))) {
-    relevant.push(skill);
-  }
-}
-if (relevant.length === 0) process.exit(0);
-const techStack = [...profile.frameworks, ...profile.languages].join(", ") || "detected";
-const skillList = relevant.map(s => "- " + s.toolName + ": " + s.description).join("\\n");
-const ctx = "This is a " + techStack + " project. The following SkillRepo skills are most relevant:\\n" + skillList + "\\nWhen you need guidance for these tasks, call the listed MCP tools.";
-process.stdout.write(JSON.stringify({ additional_context: ctx }));
-`;
-}
-// ---------------------------------------------------------------------------
-// Main factory
-// ---------------------------------------------------------------------------
 /**
- * Build a complete, realistic SetupPayload.
+ * Build a SetupPayload for E2E tests.
+ *
  * @param {object} [options]
  * @param {string} [options.baseUrl] - The base URL for the mock server
- * @param {Array<{path: string, content: string}>} [options.extraCursorRules] - Additional cursor rules to append
- * @returns {object} A SetupPayload matching the shape from generate.ts
+ * @returns {object} A SetupPayload
  */
 export function buildPayload(options = {}) {
   const baseUrl = options.baseUrl ?? "http://localhost:9999";
-  const skillEntries = buildSkillEntries();
-  const skillIndex = buildSkillIndex(baseUrl);
-  const cursorRules = buildCursorRules();
-  if (options.extraCursorRules) {
-    cursorRules.push(...options.extraCursorRules);
-  }
   return {
-    skillCount: SKILLS.length,
+    skillCount: 5,
     mcpUrl: `${baseUrl}/api/mcp`,
-    skillEntries,
-    claudeCode: {
-      skillrepoMd: {
-        path: ".claude/skillrepo.md",
-        content: buildSkillrepoMd(skillEntries),
-      },
-      syncHook: {
-        path: ".claude/hooks/skillrepo-sync.mjs",
-        content: buildSyncHook(baseUrl),
-      },
-      settingsHooks: { hooks: buildSettingsHooks() },
-      skillIndex: {
-        path: ".claude/skillrepo-index.json",
-        content: JSON.stringify(skillIndex, null, 2) + "\n",
-      },
-      skillrepoConfig: {
-        path: ".claude/skillrepo-config.json",
-        content: buildSkillrepoConfig(),
-      },
-      promptHook: {
-        path: ".claude/hooks/skillrepo-prompt-match.mjs",
-        content: buildPromptHook(baseUrl),
-      },
-    },
-    cursor: {
-      rules: cursorRules,
-      hooksJson: {
-        path: ".cursor/hooks.json",
-        content: buildCursorHooksJson(),
-      },
-      sessionHook: {
-        path: ".cursor/hooks/skillrepo-session.mjs",
-        content: buildCursorSessionHook(),
-      },
-      skillIndex: {
-        path: ".cursor/skillrepo-index.json",
-        content: JSON.stringify(skillIndex, null, 2) + "\n",
-      },
-    },
   };
 }

package/src/test/hooks/skillrepo-prompt-match.test.mjs CHANGED Viewed

@@ -126,6 +126,33 @@ describe("matchSkills", () => {
     assert.ok(matches[0].score > 0);
   });
+  it("matches case-insensitively (mixed-case prompt vs lowercase keywords)", () => {
+    const skills = [makeSkill({ keywords: ["react", "components", "frontend"] })];
+    const matches = matchSkills("React Components for Frontend", skills);
+    assert.ok(matches.length > 0, "Expected at least one match");
+    // All three keywords should contribute to the score
+    assert.ok(matches[0].score >= 2, `Expected score >= 2 from 3 keyword matches, got ${matches[0].score}`);
+  });
+  it("matches case-insensitively (uppercase keywords vs lowercase prompt)", () => {
+    // Keywords are typically lowercase, but verify the matching still works
+    // if a skill happens to have mixed-case keywords
+    const skills = [makeSkill({ keywords: ["React", "Components"] })];
+    const matches = matchSkills("react components", skills);
+    assert.ok(matches.length > 0, "Expected match with mixed-case keywords");
+  });
+  it("matches case-insensitively for task phrases in contextSignals", () => {
+    const skills = [makeSkill({
+      keywords: [],
+      contextSignals: { files: [], project: [], tasks: ["Deploy To Production"] },
+    })];
+    // Prompt in different case should still match the task phrase
+    const matches = matchSkills("deploy to production", skills);
+    assert.ok(matches.length > 0, "Expected task phrase match regardless of case");
+    assert.ok(matches[0].score >= 3, `Expected score >= 3 for task match, got ${matches[0].score}`);
+  });
   it("does not match when prompt is entirely stop words", () => {
     const skills = [makeSkill({ keywords: ["testing"] })];
     const matches = matchSkills("the and for with", skills);

package/src/test/hooks/skillrepo-sync.test.mjs CHANGED Viewed

@@ -752,8 +752,9 @@ describe("writeSkillFiles path safety", () => {
       ],
     })];
     const manifests = writeSkillFiles(skills, tmp);
-    assert.equal(manifests.get("good/skill").size, 1); // Only SKILL.md
-    assert.ok(!existsSync(join(tmp, "../../etc/passwd")));
+    assert.equal(manifests.get("good/skill").size, 1); // Only SKILL.md written
+    // Verify SKILL.md was written but traversal path was rejected
+    assert.ok(existsSync(join(tmp, "good", "skill", "SKILL.md")));
   });
 });