skillrepo 1.7.0 → 1.8.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "skillrepo",
-  "version": "1.7.0",
+  "version": "1.8.0",
   "description": "Set up SkillRepo in any IDE — one command",
   "type": "module",
   "bin": {

package/src/hooks/skillrepo-pretool-activation.mjs

@@ -0,0 +1,343 @@
+#!/usr/bin/env node
+/**
+ * SkillRepo PreToolUse hook — detects when skills are actually USED during a
+ * coding session by matching tool/command patterns against skill-declared
+ * `contextSignals.toolPatterns`. Telemetry-only: no content injection, no blocking.
+ *
+ * Standalone script: no npm dependencies, Node.js built-ins only.
+ * Installed by `npx skillrepo init` to `.claude/hooks/skillrepo-pretool-activation.mjs`.
+ *
+ * Part of #569 (PreToolUse hook for tool fingerprinting activation telemetry).
+ */
+
+import { readFileSync, writeFileSync } from "node:fs";
+import { join } from "node:path";
+import { fileURLToPath } from "node:url";
+import { homedir, tmpdir } from "node:os";
+import { createHash } from "node:crypto";
+import { execSync } from "node:child_process";
+
+// ---------------------------------------------------------------------------
+// Constants
+// ---------------------------------------------------------------------------
+
+const DEFAULT_SERVER_URL = "https://skillrepo.dev";
+const MAX_EVENTS_PER_BATCH = 50;
+
+// ---------------------------------------------------------------------------
+// Config resolution (lightweight — only needs API key and server URL)
+// ---------------------------------------------------------------------------
+
+/**
+ * Read config from ~/.claude/skillrepo/config.json with fallbacks.
+ * Returns { apiKey, serverUrl } or null.
+ */
+export function readConfig() {
+  const configPath = join(homedir(), ".claude", "skillrepo", "config.json");
+  try {
+    const cfg = JSON.parse(readFileSync(configPath, "utf-8"));
+    if (cfg.apiKey) {
+      return { apiKey: cfg.apiKey, serverUrl: cfg.serverUrl || DEFAULT_SERVER_URL };
+    }
+  } catch { /* not found */ }
+
+  const envKey = process.env.SKILLREPO_ACCESS_KEY;
+  if (envKey) {
+    return { apiKey: envKey, serverUrl: process.env.SKILLREPO_SERVER_URL || DEFAULT_SERVER_URL };
+  }
+
+  // .env.local fallback
+  for (const file of [".env.local", ".env"]) {
+    try {
+      const lines = readFileSync(join(process.cwd(), file), "utf-8").split("\n");
+      for (const line of lines) {
+        const trimmed = line.trim();
+        if (trimmed.startsWith("#") || !trimmed.includes("=")) continue;
+        const eqIdx = trimmed.indexOf("=");
+        if (trimmed.slice(0, eqIdx).trim() === "SKILLREPO_ACCESS_KEY") {
+          let val = trimmed.slice(eqIdx + 1).trim();
+          if ((val.startsWith('"') && val.endsWith('"')) || (val.startsWith("'") && val.endsWith("'"))) {
+            val = val.slice(1, -1);
+          }
+          val = val.replace(/\s+#.*$/, "");
+          if (val) return { apiKey: val, serverUrl: DEFAULT_SERVER_URL };
+        }
+      }
+    } catch { /* file doesn't exist */ }
+  }
+
+  return null;
+}
+
+// ---------------------------------------------------------------------------
+// Tool pattern matching
+// ---------------------------------------------------------------------------
+
+/**
+ * Match a tool invocation against all skills' contextSignals.toolPatterns.
+ *
+ * For Bash tools: prefix-match tool_input.command against each pattern.
+ * For non-Bash tools: match tool_name against patterns.
+ *
+ * Pattern matching rules:
+ * - Case-insensitive
+ * - Prefix match: pattern "gh issue" matches command "gh issue create --title ..."
+ * - Pattern must match at a word boundary (don't match "npm" against "npmx")
+ *
+ * Returns array of { skill, pattern } matches.
+ */
+export function matchToolPatterns(toolName, toolInput, skills) {
+  if (!toolName || !skills?.length) return [];
+
+  const isBash = toolName.toLowerCase() === "bash";
+  const matches = [];
+
+  for (const skill of skills) {
+    const patterns = skill.contextSignals?.toolPatterns;
+    if (!patterns?.length) continue;
+
+    for (const pattern of patterns) {
+      if (!pattern) continue;
+      const patternLower = pattern.toLowerCase();
+
+      if (isBash) {
+        // Bash tool: prefix-match against command
+        const command = (toolInput?.command ?? "").trim();
+        if (!command) continue;
+        const commandLower = command.toLowerCase();
+
+        if (commandLower.startsWith(patternLower)) {
+          // Word boundary check: the character after the pattern must be
+          // end-of-string, whitespace, or a non-alphanumeric character
+          const afterIdx = patternLower.length;
+          if (afterIdx >= commandLower.length || /[^a-z0-9_]/i.test(commandLower[afterIdx])) {
+            matches.push({ skill, pattern });
+            break; // one match per skill is enough
+          }
+        }
+      } else {
+        // Non-Bash tool: match tool_name against patterns
+        const toolNameLower = toolName.toLowerCase();
+        if (toolNameLower === patternLower) {
+          matches.push({ skill, pattern });
+          break; // one match per skill is enough
+        }
+      }
+    }
+  }
+
+  return matches;
+}
+
+// ---------------------------------------------------------------------------
+// Session dedup
+// ---------------------------------------------------------------------------
+
+/**
+ * Read activation state for deduplication.
+ * State is stored in tmpdir keyed by session hash.
+ */
+export function readActivationState(sessionId) {
+  const hash = createHash("sha256").update(sessionId || "default").digest("hex").slice(0, 16);
+  const statePath = join(tmpdir(), `skillrepo-activation-${hash}.json`);
+
+  try {
+    return { path: statePath, state: JSON.parse(readFileSync(statePath, "utf-8")) };
+  } catch {
+    return { path: statePath, state: { reported: {} } };
+  }
+}
+
+/**
+ * Filter matches to exclude skills already reported in this session.
+ */
+export function deduplicateActivations(matches, sessionState) {
+  return matches.filter(m => {
+    const key = `${m.skill.owner}/${m.skill.name}`;
+    return !sessionState.reported[key];
+  });
+}
+
+/**
+ * Mark skills as reported in session state.
+ */
+export function updateActivationState(statePath, state, reportedMatches) {
+  for (const m of reportedMatches) {
+    const key = `${m.skill.owner}/${m.skill.name}`;
+    state.reported[key] = new Date().toISOString();
+  }
+  try { writeFileSync(statePath, JSON.stringify(state), "utf-8"); }
+  catch { /* non-critical */ }
+}
+
+// ---------------------------------------------------------------------------
+// GitHub username resolution
+// ---------------------------------------------------------------------------
+
+const GITHUB_USERNAME_CACHE_PATH = join(tmpdir(), "skillrepo-gh-user.json");
+
+/**
+ * Resolve GitHub username via `gh api user`. Cached per session.
+ */
+export function resolveGithubUsername() {
+  // Check cache first
+  try {
+    const cached = JSON.parse(readFileSync(GITHUB_USERNAME_CACHE_PATH, "utf-8"));
+    if (cached.username && cached.expiresAt > Date.now()) return cached.username;
+  } catch { /* no cache */ }
+
+  // Resolve via gh CLI
+  try {
+    const result = execSync("gh api user --jq .login", {
+      encoding: "utf-8",
+      timeout: 3_000,
+      stdio: ["pipe", "pipe", "pipe"],
+    }).trim();
+
+    if (result) {
+      // Cache for 1 hour
+      try {
+        writeFileSync(GITHUB_USERNAME_CACHE_PATH, JSON.stringify({
+          username: result,
+          expiresAt: Date.now() + 3_600_000,
+        }), "utf-8");
+      } catch { /* non-critical */ }
+      return result;
+    }
+  } catch { /* gh not installed or not authed */ }
+
+  return null;
+}
+
+// ---------------------------------------------------------------------------
+// Telemetry payload
+// ---------------------------------------------------------------------------
+
+/**
+ * Build telemetry payload for tool-pattern-activated skills.
+ */
+export function buildTelemetryPayload(matches, sessionInfo) {
+  const events = matches.slice(0, MAX_EVENTS_PER_BATCH).map(m => ({
+    skillOwner: m.skill.owner,
+    skillName: m.skill.name,
+    skillVersion: m.skill.version || undefined,
+    activatedAt: new Date().toISOString(),
+    ide: sessionInfo.ide || "claude-code",
+    sessionHash: sessionInfo.sessionHash,
+    githubUsername: sessionInfo.githubUsername || undefined,
+    source: "pretool_hook",
+    toolPattern: m.pattern,
+  }));
+
+  return { events };
+}
+
+/**
+ * Fire-and-forget POST to telemetry endpoint.
+ *
+ * NOT awaited — the spec requires "do NOT block the agent" and Claude Code
+ * waits for hook process exit. The OS TCP stack flushes small payloads after
+ * process exit, so delivery reliability is ~99%+ for responsive servers.
+ * Occasional loss on slow/unreachable servers is acceptable for non-critical
+ * telemetry.
+ */
+export function sendTelemetry(config, payload) {
+  const url = `${config.serverUrl}/api/v1/telemetry/activation`;
+
+  fetch(url, {
+    method: "POST",
+    headers: {
+      Authorization: `Bearer ${config.apiKey}`,
+      "Content-Type": "application/json",
+    },
+    body: JSON.stringify(payload),
+  }).catch(() => { /* telemetry errors are non-critical */ });
+}
+
+// ---------------------------------------------------------------------------
+// Main entry point
+// ---------------------------------------------------------------------------
+
+export async function main(input) {
+  const indexPath = join(homedir(), ".claude", "skillrepo", "index.json");
+
+  // -- Read index --
+  let index;
+  try {
+    index = JSON.parse(readFileSync(indexPath, "utf-8"));
+  } catch {
+    // No index -> nothing to match. Exit cleanly.
+    process.stdout.write("{}");
+    return;
+  }
+
+  if (!index.skills?.length) {
+    process.stdout.write("{}");
+    return;
+  }
+
+  // -- Read config (needed for telemetry POST) --
+  const config = readConfig();
+  if (!config) {
+    process.stdout.write("{}");
+    return;
+  }
+
+  // -- Match tool against skills --
+  const toolName = input.tool_name ?? "";
+  const toolInput = input.tool_input ?? {};
+  const matches = matchToolPatterns(toolName, toolInput, index.skills);
+
+  if (matches.length === 0) {
+    process.stdout.write("{}");
+    return;
+  }
+
+  // -- Session dedup --
+  const sessionId = input.session_id ?? "default";
+  const { path: statePath, state } = readActivationState(sessionId);
+  const newMatches = deduplicateActivations(matches, state);
+
+  if (newMatches.length === 0) {
+    process.stdout.write("{}");
+    return;
+  }
+
+  // -- Build and send telemetry --
+  const sessionHash = createHash("sha256").update(sessionId).digest("hex").slice(0, 16);
+
+  // Skip GitHub username resolution — it can block up to 3s on cold cache via
+  // `gh api user`. The prompt-match hook already identifies the session, and
+  // the server can correlate by API key if needed.
+  const payload = buildTelemetryPayload(newMatches, {
+    ide: "claude-code",
+    sessionHash,
+    githubUsername: "",
+  });
+
+  sendTelemetry(config, payload); // fire-and-forget -- do NOT await
+
+  // -- Update session state --
+  updateActivationState(statePath, state, newMatches);
+
+  // -- Output: NO additionalContext --
+  process.stdout.write("{}");
+}
+
+// -- Run --
+const __filename = fileURLToPath(import.meta.url);
+const isMainModule = process.argv[1] === __filename;
+
+if (isMainModule) {
+  let inputBuf = "";
+  for await (const chunk of process.stdin) inputBuf += chunk;
+
+  let input;
+  try { input = JSON.parse(inputBuf); }
+  catch { process.stdout.write("{}"); process.exit(0); }
+
+  main(input).catch(() => {
+    process.stdout.write("{}");
+    process.exit(0);
+  });
+}

package/src/hooks/skillrepo-sync.mjs

@@ -441,7 +441,10 @@ export function writeRulesFiles(selectedSkills, projectDir) {
     written.add(baseName);
 
     // Claude Code: .claude/rules/skillrepo-{owner}-{name}.md
-    atomicWrite(join(claudeRulesDir, `${baseName}.md`), skillMd.content);
+    // Append self-report instruction so the agent calls report_skill_activation
+    // when it follows this skill's instructions. Probabilistic but measurable.
+    const selfReportSuffix = `\n\n---\n_When you follow instructions from this skill, call \`report_skill_activation\` with owner "${skill.owner}" and name "${skill.name}" to report usage._`;
+    atomicWrite(join(claudeRulesDir, `${baseName}.md`), skillMd.content + selfReportSuffix);
 
     // Cursor: .cursor/rules/skillrepo-{owner}-{name}.mdc
     const mdcContent = buildCursorMdc(skill, skillMd.content);

package/src/lib/first-sync.mjs

@@ -9,6 +9,8 @@
 import { execFile } from "node:child_process";
 import { join, dirname } from "node:path";
 import { fileURLToPath } from "node:url";
+import { homedir } from "node:os";
+import { unlinkSync } from "node:fs";
 
 const __filename = fileURLToPath(import.meta.url);
 const __dirname = dirname(__filename);
@@ -23,9 +25,21 @@ function syncHookPath() {
 /**
  * Run the sync hook as a subprocess.
  * Pipes '{}' as stdin (SessionStart hook input format).
+ *
+ * Deletes .last-sync before running so the hook performs a FULL sync
+ * instead of a delta. This is critical: if init is re-run, the previous
+ * .last-sync timestamp would cause a delta sync that returns 0 skills
+ * (nothing changed since that timestamp), leaving the index empty.
+ *
  * Returns a promise that resolves on success, rejects on failure.
  */
 export function runFirstSync() {
+  // Force full sync — delete the delta-sync marker so the hook fetches
+  // the complete library instead of only changes since the last sync.
+  try {
+    unlinkSync(join(homedir(), ".claude", "skillrepo", ".last-sync"));
+  } catch { /* doesn't exist yet — fine */ }
+
   return new Promise((resolve, reject) => {
     const child = execFile(
       process.execPath,

package/src/lib/mergers/hooks-json.mjs

@@ -5,25 +5,26 @@
  * Phase C (#535): Hook scripts are bundled with the CLI package and copied
  * to .claude/hooks/ — no longer generated from server template strings.
  *
- * Merge strategy: add SessionStart and UserPromptSubmit entries
+ * Merge strategy: add SessionStart, UserPromptSubmit, and PreToolUse entries
  * without destroying existing settings. Idempotent — skips if already installed.
- * Removes stale PreToolUse entries and hook scripts from pre-Phase C installs.
+ * Removes stale legacy PreToolUse entries and hook scripts from pre-Phase C installs.
  * Cleans up stale .claude/hooks/hooks.json if it exists.
  */
 
 import { unlinkSync, readFileSync } from "node:fs";
 import { readFileSafe, writeFileSafe } from "../fs-utils.mjs";
-import { claudeSettingsLocal, claudeSyncHook, claudePromptHook, claudePreToolHook, claudeHooksDir } from "../paths.mjs";
+import { claudeSettingsLocal, claudeSyncHook, claudePromptHook, claudePreToolHook, claudePreToolActivationHook, claudeHooksDir } from "../paths.mjs";
 import { join, dirname } from "node:path";
 import { fileURLToPath } from "node:url";
 
 const __filename = fileURLToPath(import.meta.url);
 const __dirname = dirname(__filename);
 
-// The two hook script paths (relative to project root).
+// Hook script paths (relative to project root).
 const HOOK_SCRIPTS = {
   sync: ".claude/hooks/skillrepo-sync.mjs",
   prompt: ".claude/hooks/skillrepo-prompt-match.mjs",
+  pretoolActivation: ".claude/hooks/skillrepo-pretool-activation.mjs",
 };
 
 // Legacy hook script path (removed in Phase C).
@@ -119,8 +120,8 @@ function removeSkillRepoHook(groups, scriptPath) {
  * Merge SkillRepo hooks into .claude/settings.local.json and write hook scripts.
  *
  * Reads standalone hook scripts from the CLI package (bundled files) and
- * copies them to .claude/hooks/. Registers SessionStart and UserPromptSubmit
- * hooks. Removes legacy PreToolUse hook entries and scripts.
+ * copies them to .claude/hooks/. Registers SessionStart, UserPromptSubmit,
+ * and PreToolUse hooks. Removes legacy PreToolUse hook entries and scripts.
  *
  * @returns {{ results: { path: string; action: string }[] }}
  */
@@ -147,6 +148,7 @@ export function mergeHooksConfig() {
   // Read bundled standalone hook scripts from the CLI package.
   const syncContent = readBundledHook("skillrepo-sync.mjs");
   const promptContent = readBundledHook("skillrepo-prompt-match.mjs");
+  const pretoolActivationContent = readBundledHook("skillrepo-pretool-activation.mjs");
 
   // Always write hook scripts (latest version from CLI package).
   const syncExisted = readFileSafe(claudeSyncHook()) !== null;
@@ -163,6 +165,13 @@ export function mergeHooksConfig() {
     action: promptExisted ? "updated" : "created",
   });
 
+  const pretoolActivationExisted = readFileSafe(claudePreToolActivationHook()) !== null;
+  writeFileSafe(claudePreToolActivationHook(), pretoolActivationContent);
+  results.push({
+    path: HOOK_SCRIPTS.pretoolActivation,
+    action: pretoolActivationExisted ? "updated" : "created",
+  });
+
   // Remove legacy PreToolUse hook script if it exists
   try {
     unlinkSync(claudePreToolHook());
@@ -198,6 +207,7 @@ export function mergeHooksConfig() {
   for (const [event, scriptPath] of [
     ["SessionStart", HOOK_SCRIPTS.sync],
     ["UserPromptSubmit", HOOK_SCRIPTS.prompt],
+    ["PreToolUse", HOOK_SCRIPTS.pretoolActivation],
   ]) {
     if (Array.isArray(config.hooks[event]) && updateExistingCommands(config.hooks[event], scriptPath)) {
       changed = true;
@@ -207,6 +217,7 @@ export function mergeHooksConfig() {
   // Build commands using the absolute node path from this machine.
   const syncCommand = buildCommand(HOOK_SCRIPTS.sync);
   const promptCommand = buildCommand(HOOK_SCRIPTS.prompt);
+  const pretoolActivationCommand = buildCommand(HOOK_SCRIPTS.pretoolActivation);
 
   // Merge SessionStart
   if (!Array.isArray(config.hooks.SessionStart)) config.hooks.SessionStart = [];
@@ -227,6 +238,15 @@ export function mergeHooksConfig() {
     changed = true;
   }
 
+  // Merge PreToolUse (activation telemetry)
+  if (!Array.isArray(config.hooks.PreToolUse)) config.hooks.PreToolUse = [];
+  if (!hasSkillRepoHook(config.hooks.PreToolUse, HOOK_SCRIPTS.pretoolActivation)) {
+    config.hooks.PreToolUse.push({
+      hooks: [{ type: "command", command: pretoolActivationCommand }],
+    });
+    changed = true;
+  }
+
   if (existing === null) {
     writeFileSafe(filePath, JSON.stringify(config, null, 2) + "\n");
     results.push({ path: ".claude/settings.local.json", action: "created" });

package/src/lib/paths.mjs

@@ -16,6 +16,7 @@ export const claudeSettingsLocal = () => join(cwd(), ".claude", "settings.local.
 export const claudeSyncHook = () => join(cwd(), ".claude", "hooks", "skillrepo-sync.mjs");
 export const claudePromptHook = () => join(cwd(), ".claude", "hooks", "skillrepo-prompt-match.mjs");
 export const claudePreToolHook = () => join(cwd(), ".claude", "hooks", "skillrepo-pretool-match.mjs");
+export const claudePreToolActivationHook = () => join(cwd(), ".claude", "hooks", "skillrepo-pretool-activation.mjs");
 export const claudeSkillrepoMd = () => join(cwd(), ".claude", "skillrepo.md");
 export const claudeSkillrepoIndex = () => join(cwd(), ".claude", "skillrepo-index.json");
 export const claudeSkillrepoConfig = () => join(cwd(), ".claude", "skillrepo-config.json");

package/src/test/e2e/HANDOFF.md

@@ -93,13 +93,11 @@ Use `node:test` (Node.js built-in) — consistent with existing CLI tests in `pa
 
 ### Payload Factory Requirements
 
-Must generate realistic `SetupPayload` objects matching what `generateSetupPayload()` produces. Include:
+Must generate `SetupPayload` objects matching what `generateSetupPayload()` produces.
 
-1. Skills WITH contextSignals (files, project, tasks populated)
-2. Skills WITHOUT contextSignals (null)
-3. Skills with special characters in descriptions (colons, quotes — YAML safety)
-4. Configurable skill count
-5. Both Claude Code and Cursor output structures
+Phase D (#534) stripped the payload to a minimal shape — the CLI only uses `skillCount`.
+All other setup work (hooks, rules, sync) is handled by standalone scripts bundled
+with the CLI package.
 
 Reference `src/lib/setup/generate.ts` for the exact `SetupPayload` type:
 
@@ -107,22 +105,6 @@ Reference `src/lib/setup/generate.ts` for the exact `SetupPayload` type:
 interface SetupPayload {
   skillCount: number;
   mcpUrl: string;
-  skillEntries: string[];
-  claudeCode: {
-    skillrepoMd: { path: string; content: string };
-    syncHook: { path: string; content: string };
-    settingsHooks: { hooks: Record<string, unknown> };
-    skillIndex: { path: string; content: string };
-    skillrepoConfig: { path: string; content: string };
-    promptHook: { path: string; content: string };
-    preToolHook: { path: string; content: string };
-  };
-  cursor: {
-    rules: Array<{ path: string; content: string }>;
-    hooksJson: { path: string; content: string };
-    sessionHook: { path: string; content: string };
-    skillIndex: { path: string; content: string };
-  };
 }
 ```
 

package/src/test/e2e/cli-init.test.mjs

@@ -204,8 +204,7 @@ describe("CLI E2E: skillrepo init", () => {
 
     assert.equal(countHook(settings.hooks.SessionStart, "skillrepo-sync"), 1);
     assert.equal(countHook(settings.hooks.UserPromptSubmit, "skillrepo-prompt-match"), 1);
-    // PreToolUse should not exist at all
-    assert.equal(settings.hooks.PreToolUse, undefined, "PreToolUse should not exist");
+    assert.equal(countHook(settings.hooks.PreToolUse, "skillrepo-pretool-activation"), 1, "PreToolUse activation hook should exist once");
   });
 
   it("invalid API key (401) exits with error", async () => {
@@ -256,6 +255,7 @@ describe("CLI E2E: skillrepo init", () => {
     for (const f of [
       ".claude/hooks/skillrepo-sync.mjs",
       ".claude/hooks/skillrepo-prompt-match.mjs",
+      ".claude/hooks/skillrepo-pretool-activation.mjs",
     ]) {
       assert.doesNotThrow(
         () => execFileSync(process.execPath, ["--check", join(tempDir, f)], { timeout: 5000 }),
@@ -296,44 +296,30 @@ describe("CLI E2E: skillrepo init", () => {
   });
 
   // =========================================================================
-  // 4. Two hooks registered in settings.local.json (no PreToolUse)
+  // 4. Three hooks registered in settings.local.json
   // =========================================================================
 
-  it("two hooks registered in settings.local.json (no PreToolUse)", async () => {
+  it("three hooks registered in settings.local.json", async () => {
     await runInit(tempDir, port);
 
     const settings = readJSON(tempDir, ".claude/settings.local.json");
     assert.ok(settings.hooks);
     assert.ok(Array.isArray(settings.hooks.SessionStart));
     assert.ok(Array.isArray(settings.hooks.UserPromptSubmit));
-    assert.equal(settings.hooks.PreToolUse, undefined, "PreToolUse should not exist");
+    assert.ok(Array.isArray(settings.hooks.PreToolUse), "PreToolUse should exist");
 
     const getCmds = (groups) => groups.flatMap((g) => g.hooks.map((h) => h.command));
     assert.ok(getCmds(settings.hooks.SessionStart).some((c) => c.includes("skillrepo-sync")));
     assert.ok(getCmds(settings.hooks.UserPromptSubmit).some((c) => c.includes("skillrepo-prompt-match")));
+    assert.ok(getCmds(settings.hooks.PreToolUse).some((c) => c.includes("skillrepo-pretool-activation")));
   });
 
   // =========================================================================
   // 5. Security
   // =========================================================================
 
-  it("path traversal in Cursor .mdc rule is rejected", async () => {
-    const srv = createMockServer({});
-    const p = await srv.start();
-    const maliciousPayload = buildPayload({ baseUrl: `http://127.0.0.1:${p}` });
-    maliciousPayload.cursor.rules.push({
-      path: "../outside-cursor.txt",
-      content: "should not be written",
-    });
-    srv.setPayload(maliciousPayload);
-
-    try {
-      // Init may succeed or fail depending on whether cursor rules are written
-      // — the critical check is that the file is NOT written outside .cursor/
-      await runInit(tempDir, p).catch(() => {});
-      assert.ok(!existsSync(join(tempDir, "outside-cursor.txt")), "Should not write outside .cursor/");
-    } finally {
-      await srv.stop();
-    }
-  });
+  // Path traversal test removed in Phase D (#534): the setup payload no longer
+  // contains cursor.rules — Cursor rules are written by the standalone sync hook,
+  // not from server-generated payload content. The attack surface tested here
+  // no longer exists in the init flow.
 });