skillrepo 1.8.0 → 1.10.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "skillrepo",
-  "version": "1.8.0",
+  "version": "1.10.0",
   "description": "Set up SkillRepo in any IDE — one command",
   "type": "module",
   "bin": {

package/src/commands/init.mjs

@@ -155,6 +155,7 @@ export async function runInit(argv) {
       mcpUrl,
       apiKey,
       serverUrl: flags.url,
+      userId: payload.userId,
     });
   } catch (err) {
     printError(err.message);

package/src/hooks/skillrepo-pretool-activation.mjs

@@ -15,7 +15,6 @@ import { join } from "node:path";
 import { fileURLToPath } from "node:url";
 import { homedir, tmpdir } from "node:os";
 import { createHash } from "node:crypto";
-import { execSync } from "node:child_process";
 
 // ---------------------------------------------------------------------------
 // Constants
@@ -30,20 +29,24 @@ const MAX_EVENTS_PER_BATCH = 50;
 
 /**
  * Read config from ~/.claude/skillrepo/config.json with fallbacks.
- * Returns { apiKey, serverUrl } or null.
+ * Returns { apiKey, serverUrl, userId } or null.
  */
 export function readConfig() {
   const configPath = join(homedir(), ".claude", "skillrepo", "config.json");
   try {
     const cfg = JSON.parse(readFileSync(configPath, "utf-8"));
     if (cfg.apiKey) {
-      return { apiKey: cfg.apiKey, serverUrl: cfg.serverUrl || DEFAULT_SERVER_URL };
+      return {
+        apiKey: cfg.apiKey,
+        serverUrl: cfg.serverUrl || DEFAULT_SERVER_URL,
+        userId: cfg.userId || null,
+      };
     }
   } catch { /* not found */ }
 
   const envKey = process.env.SKILLREPO_ACCESS_KEY;
   if (envKey) {
-    return { apiKey: envKey, serverUrl: process.env.SKILLREPO_SERVER_URL || DEFAULT_SERVER_URL };
+    return { apiKey: envKey, serverUrl: process.env.SKILLREPO_SERVER_URL || DEFAULT_SERVER_URL, userId: null };
   }
 
   // .env.local fallback
@@ -60,7 +63,7 @@ export function readConfig() {
             val = val.slice(1, -1);
           }
           val = val.replace(/\s+#.*$/, "");
-          if (val) return { apiKey: val, serverUrl: DEFAULT_SERVER_URL };
+          if (val) return { apiKey: val, serverUrl: DEFAULT_SERVER_URL, userId: null };
         }
       }
     } catch { /* file doesn't exist */ }
@@ -170,45 +173,6 @@ export function updateActivationState(statePath, state, reportedMatches) {
   catch { /* non-critical */ }
 }
 
-// ---------------------------------------------------------------------------
-// GitHub username resolution
-// ---------------------------------------------------------------------------
-
-const GITHUB_USERNAME_CACHE_PATH = join(tmpdir(), "skillrepo-gh-user.json");
-
-/**
- * Resolve GitHub username via `gh api user`. Cached per session.
- */
-export function resolveGithubUsername() {
-  // Check cache first
-  try {
-    const cached = JSON.parse(readFileSync(GITHUB_USERNAME_CACHE_PATH, "utf-8"));
-    if (cached.username && cached.expiresAt > Date.now()) return cached.username;
-  } catch { /* no cache */ }
-
-  // Resolve via gh CLI
-  try {
-    const result = execSync("gh api user --jq .login", {
-      encoding: "utf-8",
-      timeout: 3_000,
-      stdio: ["pipe", "pipe", "pipe"],
-    }).trim();
-
-    if (result) {
-      // Cache for 1 hour
-      try {
-        writeFileSync(GITHUB_USERNAME_CACHE_PATH, JSON.stringify({
-          username: result,
-          expiresAt: Date.now() + 3_600_000,
-        }), "utf-8");
-      } catch { /* non-critical */ }
-      return result;
-    }
-  } catch { /* gh not installed or not authed */ }
-
-  return null;
-}
-
 // ---------------------------------------------------------------------------
 // Telemetry payload
 // ---------------------------------------------------------------------------
@@ -224,7 +188,7 @@ export function buildTelemetryPayload(matches, sessionInfo) {
     activatedAt: new Date().toISOString(),
     ide: sessionInfo.ide || "claude-code",
     sessionHash: sessionInfo.sessionHash,
-    githubUsername: sessionInfo.githubUsername || undefined,
+    userId: sessionInfo.userId || undefined,
     source: "pretool_hook",
     toolPattern: m.pattern,
   }));
@@ -306,13 +270,10 @@ export async function main(input) {
   // -- Build and send telemetry --
   const sessionHash = createHash("sha256").update(sessionId).digest("hex").slice(0, 16);
 
-  // Skip GitHub username resolution — it can block up to 3s on cold cache via
-  // `gh api user`. The prompt-match hook already identifies the session, and
-  // the server can correlate by API key if needed.
   const payload = buildTelemetryPayload(newMatches, {
     ide: "claude-code",
     sessionHash,
-    githubUsername: "",
+    userId: config.userId,
   });
 
   sendTelemetry(config, payload); // fire-and-forget -- do NOT await

package/src/hooks/skillrepo-prompt-match.mjs

@@ -14,7 +14,6 @@ import { join } from "node:path";
 import { fileURLToPath } from "node:url";
 import { homedir, tmpdir } from "node:os";
 import { createHash } from "node:crypto";
-import { execSync } from "node:child_process";
 
 // ---------------------------------------------------------------------------
 // Constants
@@ -29,20 +28,24 @@ const MAX_EVENTS_PER_BATCH = 50;
 
 /**
  * Read config from ~/.claude/skillrepo/config.json with fallbacks.
- * Returns { apiKey, serverUrl } or null.
+ * Returns { apiKey, serverUrl, userId } or null.
  */
 export function readConfig() {
   const configPath = join(homedir(), ".claude", "skillrepo", "config.json");
   try {
     const cfg = JSON.parse(readFileSync(configPath, "utf-8"));
     if (cfg.apiKey) {
-      return { apiKey: cfg.apiKey, serverUrl: cfg.serverUrl || DEFAULT_SERVER_URL };
+      return {
+        apiKey: cfg.apiKey,
+        serverUrl: cfg.serverUrl || DEFAULT_SERVER_URL,
+        userId: cfg.userId || null,
+      };
     }
   } catch { /* not found */ }
 
   const envKey = process.env.SKILLREPO_ACCESS_KEY;
   if (envKey) {
-    return { apiKey: envKey, serverUrl: process.env.SKILLREPO_SERVER_URL || DEFAULT_SERVER_URL };
+    return { apiKey: envKey, serverUrl: process.env.SKILLREPO_SERVER_URL || DEFAULT_SERVER_URL, userId: null };
   }
 
   // .env.local fallback
@@ -59,7 +62,7 @@ export function readConfig() {
             val = val.slice(1, -1);
           }
           val = val.replace(/\s+#.*$/, "");
-          if (val) return { apiKey: val, serverUrl: DEFAULT_SERVER_URL };
+          if (val) return { apiKey: val, serverUrl: DEFAULT_SERVER_URL, userId: null };
         }
       }
     } catch { /* file doesn't exist */ }
@@ -175,45 +178,6 @@ export function updateSessionState(statePath, state, reportedMatches) {
   catch { /* non-critical */ }
 }
 
-// ---------------------------------------------------------------------------
-// GitHub username resolution
-// ---------------------------------------------------------------------------
-
-const GITHUB_USERNAME_CACHE_PATH = join(tmpdir(), "skillrepo-gh-user.json");
-
-/**
- * Resolve GitHub username via `gh api user`. Cached per session.
- */
-export function resolveGithubUsername() {
-  // Check cache first
-  try {
-    const cached = JSON.parse(readFileSync(GITHUB_USERNAME_CACHE_PATH, "utf-8"));
-    if (cached.username && cached.expiresAt > Date.now()) return cached.username;
-  } catch { /* no cache */ }
-
-  // Resolve via gh CLI
-  try {
-    const result = execSync("gh api user --jq .login", {
-      encoding: "utf-8",
-      timeout: 3_000,
-      stdio: ["pipe", "pipe", "pipe"],
-    }).trim();
-
-    if (result) {
-      // Cache for 1 hour
-      try {
-        writeFileSync(GITHUB_USERNAME_CACHE_PATH, JSON.stringify({
-          username: result,
-          expiresAt: Date.now() + 3_600_000,
-        }), "utf-8");
-      } catch { /* non-critical */ }
-      return result;
-    }
-  } catch { /* gh not installed or not authed */ }
-
-  return null;
-}
-
 // ---------------------------------------------------------------------------
 // Telemetry payload
 // ---------------------------------------------------------------------------
@@ -229,7 +193,7 @@ export function buildTelemetryPayload(matches, sessionInfo) {
     matchedAt: new Date().toISOString(),
     ide: sessionInfo.ide || "claude-code",
     sessionHash: sessionInfo.sessionHash,
-    githubUsername: sessionInfo.githubUsername || "",
+    userId: sessionInfo.userId || undefined,
     wasRulesDelivered: m.skill.isRulesDelivered ?? false,
   }));
 
@@ -258,6 +222,83 @@ export function sendTelemetry(config, payload) {
   }).catch(() => { /* telemetry errors are non-critical */ });
 }
 
+// ---------------------------------------------------------------------------
+// Activation telemetry for rules-delivered matched skills
+// ---------------------------------------------------------------------------
+
+/**
+ * Read the shared activation dedup state (same file as pretool-activation hook).
+ * This prevents double-counting: if rules_match fires first, pretool_hook
+ * won't re-report the same skill in the same session, and vice versa.
+ */
+export function readActivationState(sessionId) {
+  const hash = createHash("sha256").update(sessionId || "default").digest("hex").slice(0, 16);
+  const statePath = join(tmpdir(), `skillrepo-activation-${hash}.json`);
+
+  try {
+    return { path: statePath, state: JSON.parse(readFileSync(statePath, "utf-8")) };
+  } catch {
+    return { path: statePath, state: { reported: {} } };
+  }
+}
+
+/**
+ * Filter matches to exclude skills already reported as activated in this session.
+ */
+export function deduplicateActivations(matches, sessionState) {
+  return matches.filter(m => {
+    const key = `${m.skill.owner}/${m.skill.name}`;
+    return !sessionState.reported[key];
+  });
+}
+
+/**
+ * Mark skills as reported in activation state.
+ */
+export function updateActivationState(statePath, state, reportedMatches) {
+  for (const m of reportedMatches) {
+    const key = `${m.skill.owner}/${m.skill.name}`;
+    state.reported[key] = new Date().toISOString();
+  }
+  try { writeFileSync(statePath, JSON.stringify(state), "utf-8"); }
+  catch { /* non-critical */ }
+}
+
+/**
+ * Build activation telemetry payload for rules-delivered matched skills.
+ */
+export function buildActivationPayload(matches, sessionInfo) {
+  const events = matches.slice(0, MAX_EVENTS_PER_BATCH).map(m => ({
+    skillOwner: m.skill.owner,
+    skillName: m.skill.name,
+    skillVersion: m.skill.version ?? "",
+    activatedAt: new Date().toISOString(),
+    ide: sessionInfo.ide || "claude-code",
+    sessionHash: sessionInfo.sessionHash,
+    userId: sessionInfo.userId || undefined,
+    source: "rules_match",
+    toolPattern: null,
+  }));
+
+  return { events };
+}
+
+/**
+ * Fire-and-forget POST to activation telemetry endpoint.
+ */
+export function sendActivationTelemetry(config, payload) {
+  const url = `${config.serverUrl}/api/v1/telemetry/activation`;
+
+  fetch(url, {
+    method: "POST",
+    headers: {
+      Authorization: `Bearer ${config.apiKey}`,
+      "Content-Type": "application/json",
+    },
+    body: JSON.stringify(payload),
+  }).catch(() => { /* telemetry errors are non-critical */ });
+}
+
 // ---------------------------------------------------------------------------
 // Main entry point
 // ---------------------------------------------------------------------------
@@ -308,16 +349,36 @@ export async function main(input) {
 
   // ── Build and send telemetry ────────────────────────────────
   const sessionHash = createHash("sha256").update(sessionId).digest("hex").slice(0, 16);
-  const githubUsername = resolveGithubUsername();
 
   const payload = buildTelemetryPayload(newMatches, {
     ide: "claude-code",
     sessionHash,
-    githubUsername,
+    userId: config.userId,
   });
 
   sendTelemetry(config, payload); // fire-and-forget — do NOT await
 
+  // ── Send activation telemetry for rules-delivered matches ───
+  // For skills delivered via .claude/rules/, the match IS the activation
+  // signal — the skill was in context and the prompt was relevant.
+  // Uses the shared activation dedup state so pretool_hook won't
+  // double-report the same skill in this session.
+  const rulesMatches = newMatches.filter(m => m.skill.isRulesDelivered);
+  if (rulesMatches.length > 0) {
+    const { path: actStatePath, state: actState } = readActivationState(sessionId);
+    const newActivations = deduplicateActivations(rulesMatches, actState);
+
+    if (newActivations.length > 0) {
+      const actPayload = buildActivationPayload(newActivations, {
+        ide: "claude-code",
+        sessionHash,
+        userId: config.userId,
+      });
+      sendActivationTelemetry(config, actPayload); // fire-and-forget
+      updateActivationState(actStatePath, actState, newActivations);
+    }
+  }
+
   // ── Update session state ────────────────────────────────────
   updateSessionState(statePath, state, newMatches);
 

package/src/lib/http.mjs

@@ -3,7 +3,7 @@
  * Uses Node 18+ built-in fetch. Zero dependencies.
  */
 
-const VERSION = "1.0.0";
+const VERSION = "1.9.0";
 const DEFAULT_URL = "https://skillrepo.dev";
 
 /**

package/src/lib/write-configs.mjs

@@ -28,13 +28,14 @@ import { mergeGitignore } from "./mergers/gitignore.mjs";
  * @param {string} options.mcpUrl - The MCP endpoint URL
  * @param {string} options.apiKey - The access key
  * @param {string} options.serverUrl - The SkillRepo server URL (e.g. https://skillrepo.dev)
+ * @param {string} [options.userId] - The authenticated user's SkillRepo ID
  * @returns {{ path: string; action: string }[]}
  */
-export function writeAllConfigs({ ides, mcpUrl, apiKey, serverUrl }) {
+export function writeAllConfigs({ ides, mcpUrl, apiKey, serverUrl, userId }) {
   const results = [];
 
   // ── Global config (shared across all projects) ────────────────────────
-  const globalConfigAction = writeGlobalConfig(apiKey, serverUrl);
+  const globalConfigAction = writeGlobalConfig(apiKey, serverUrl, userId);
   results.push({ path: "~/.claude/skillrepo/config.json", action: globalConfigAction });
 
   // Claude Code
@@ -93,7 +94,7 @@ export function writeAllConfigs({ ides, mcpUrl, apiKey, serverUrl }) {
  * This is the primary config source for standalone hooks.
  * @returns {"created" | "updated"} The action taken.
  */
-function writeGlobalConfig(apiKey, serverUrl) {
+function writeGlobalConfig(apiKey, serverUrl, userId) {
   const configDir = globalSkillrepoDir();
   if (!existsSync(configDir)) {
     mkdirSync(configDir, { recursive: true });
@@ -103,13 +104,17 @@ function writeGlobalConfig(apiKey, serverUrl) {
   const existingRaw = readFileSafe(configPath);
 
   // Preserve existing config fields (e.g. maxRulesFiles, maxRulesBudgetBytes)
-  // while always overwriting apiKey and serverUrl with the new values.
+  // while always overwriting apiKey, serverUrl, and userId with the new values.
   let preserved = {};
   if (existingRaw !== null) {
     try { preserved = JSON.parse(existingRaw); }
     catch { /* corrupt config — start fresh */ }
   }
-  const config = { ...preserved, apiKey, serverUrl };
+  // Always overwrite userId — even if the new value is undefined/null — to
+  // prevent a stale userId from a previous account persisting across re-inits.
+  const { userId: _prevUserId, ...preservedWithoutUserId } = preserved;
+  const config = { ...preservedWithoutUserId, apiKey, serverUrl };
+  if (userId) config.userId = userId;
 
   writeFileSafe(configPath, JSON.stringify(config, null, 2) + "\n");
   return existingRaw !== null ? "updated" : "created";

package/src/test/hooks/skillrepo-pretool-activation.test.mjs

@@ -256,14 +256,14 @@ describe("session deduplication", () => {
 // ---------------------------------------------------------------------------
 
 describe("buildTelemetryPayload", () => {
-  it("produces correct payload shape", () => {
+  it("produces correct payload shape with userId", () => {
     const matches = [
       { skill: makeSkill({ owner: "alice", name: "my-skill", version: "2.0.0" }), pattern: "gh issue" },
     ];
     const sessionInfo = {
       ide: "claude-code",
       sessionHash: "abc123",
-      githubUsername: "testuser",
+      userId: "user-42",
     };
 
     const payload = buildTelemetryPayload(matches, sessionInfo);
@@ -275,10 +275,12 @@ describe("buildTelemetryPayload", () => {
     assert.equal(event.skillVersion, "2.0.0");
     assert.equal(event.ide, "claude-code");
     assert.equal(event.sessionHash, "abc123");
-    assert.equal(event.githubUsername, "testuser");
+    assert.equal(event.userId, "user-42");
     assert.equal(event.source, "pretool_hook");
     assert.equal(event.toolPattern, "gh issue");
     assert.ok(event.activatedAt); // ISO 8601 string
+    // githubUsername should NOT be in the payload
+    assert.equal(event.githubUsername, undefined);
   });
 
   it("caps events at 50 per batch", () => {
@@ -297,12 +299,12 @@ describe("buildTelemetryPayload", () => {
     const payload = buildTelemetryPayload(matches, {
       ide: "claude-code",
       sessionHash: "hash",
-      githubUsername: null,
+      userId: null,
     });
 
     const event = payload.events[0];
     assert.equal(event.skillVersion, undefined);
-    assert.equal(event.githubUsername, undefined);
+    assert.equal(event.userId, undefined); // null → undefined via || operator
     assert.equal(event.source, "pretool_hook");
   });
 });

package/src/test/hooks/skillrepo-prompt-match.test.mjs

@@ -7,11 +7,11 @@
 import { describe, it } from "node:test";
 import assert from "node:assert/strict";
 import {
-  mkdtempSync, rmSync, readFileSync,
+  mkdtempSync, rmSync, readFileSync, writeFileSync,
 } from "node:fs";
 import { join } from "node:path";
 import { tmpdir } from "node:os";
-
+import { createHash } from "node:crypto";
 import {
   matchSkills,
   readSessionState,
@@ -19,6 +19,11 @@ import {
   updateSessionState,
   buildTelemetryPayload,
   sendTelemetry,
+  readActivationState,
+  deduplicateActivations,
+  updateActivationState,
+  buildActivationPayload,
+  sendActivationTelemetry,
   main,
 } from "../../hooks/skillrepo-prompt-match.mjs";
 
@@ -253,14 +258,14 @@ describe("session deduplication", () => {
 // ---------------------------------------------------------------------------
 
 describe("buildTelemetryPayload", () => {
-  it("produces correct payload shape", () => {
+  it("produces correct payload shape with userId", () => {
     const matches = [
       { skill: makeSkill({ owner: "alice", name: "my-skill", version: "2.0.0", isRulesDelivered: true }), score: 5 },
     ];
     const sessionInfo = {
       ide: "claude-code",
       sessionHash: "abc123",
-      githubUsername: "testuser",
+      userId: "user-42",
     };
 
     const payload = buildTelemetryPayload(matches, sessionInfo);
@@ -272,9 +277,11 @@ describe("buildTelemetryPayload", () => {
     assert.equal(event.skillVersion, "2.0.0");
     assert.equal(event.ide, "claude-code");
     assert.equal(event.sessionHash, "abc123");
-    assert.equal(event.githubUsername, "testuser");
+    assert.equal(event.userId, "user-42");
     assert.equal(event.wasRulesDelivered, true);
     assert.ok(event.matchedAt); // ISO 8601 string
+    // githubUsername should NOT be in the payload
+    assert.equal(event.githubUsername, undefined);
   });
 
   it("caps events at 50 per batch", () => {
@@ -293,12 +300,12 @@ describe("buildTelemetryPayload", () => {
     const payload = buildTelemetryPayload(matches, {
       ide: "claude-code",
       sessionHash: "hash",
-      githubUsername: null,
+      userId: null,
     });
 
     const event = payload.events[0];
     assert.equal(event.skillVersion, "");
-    assert.equal(event.githubUsername, "");
+    assert.equal(event.userId, undefined); // null → undefined via || operator
     assert.equal(event.wasRulesDelivered, false);
   });
 
@@ -334,6 +341,145 @@ describe("sendTelemetry", () => {
   });
 });
 
+// ---------------------------------------------------------------------------
+// buildActivationPayload — rules-match activation telemetry
+// ---------------------------------------------------------------------------
+
+describe("buildActivationPayload", () => {
+  it("produces correct payload shape with source rules_match", () => {
+    const matches = [
+      { skill: makeSkill({ owner: "alice", name: "deploy-flow", version: "2.0.0", isRulesDelivered: true }), score: 5 },
+    ];
+    const sessionInfo = { ide: "claude-code", sessionHash: "abc123", userId: "user-42" };
+
+    const payload = buildActivationPayload(matches, sessionInfo);
+
+    assert.equal(payload.events.length, 1);
+    const event = payload.events[0];
+    assert.equal(event.skillOwner, "alice");
+    assert.equal(event.skillName, "deploy-flow");
+    assert.equal(event.skillVersion, "2.0.0");
+    assert.equal(event.ide, "claude-code");
+    assert.equal(event.sessionHash, "abc123");
+    assert.equal(event.userId, "user-42");
+    assert.equal(event.source, "rules_match");
+    assert.equal(event.toolPattern, null);
+    assert.ok(event.activatedAt); // ISO 8601 string
+  });
+
+  it("caps events at 50 per batch", () => {
+    const matches = Array.from({ length: 60 }, (_, i) => ({
+      skill: makeSkill({ owner: "o", name: `s-${i}` }),
+      score: 1,
+    }));
+    const payload = buildActivationPayload(matches, { ide: "claude-code", sessionHash: "x" });
+    assert.equal(payload.events.length, 50);
+  });
+
+  it("handles missing optional fields gracefully", () => {
+    const matches = [
+      { skill: makeSkill({ version: null, isRulesDelivered: undefined }), score: 1 },
+    ];
+    const payload = buildActivationPayload(matches, {
+      ide: "claude-code",
+      sessionHash: "hash",
+      userId: null,
+    });
+
+    const event = payload.events[0];
+    assert.equal(event.skillVersion, "");
+    assert.equal(event.userId, undefined); // null → undefined via || operator
+    assert.equal(event.source, "rules_match");
+    assert.equal(event.toolPattern, null);
+  });
+});
+
+// ---------------------------------------------------------------------------
+// sendActivationTelemetry — error resilience
+// ---------------------------------------------------------------------------
+
+describe("sendActivationTelemetry", () => {
+  it("does not throw on network failure", async () => {
+    const config = { apiKey: "sk_live_test", serverUrl: "http://127.0.0.1:1" };
+    const payload = { events: [{ skillOwner: "o", skillName: "s", activatedAt: new Date().toISOString(), ide: "test", sessionHash: "x", source: "rules_match", toolPattern: null }] };
+
+    // Should resolve without throwing
+    await sendActivationTelemetry(config, payload);
+  });
+});
+
+// ---------------------------------------------------------------------------
+// readActivationState / deduplicateActivations / updateActivationState
+// — shared dedup state between rules_match and pretool_hook
+// ---------------------------------------------------------------------------
+
+describe("activation dedup state", () => {
+  it("returns empty state when file does not exist", () => {
+    const { state } = readActivationState("nonexistent-session-id-" + Date.now());
+    assert.deepEqual(state, { reported: {} });
+  });
+
+  it("reads activation state from shared tmpdir file", () => {
+    const sessionId = "dedup-read-test-" + Date.now();
+    const hash = createHash("sha256").update(sessionId).digest("hex").slice(0, 16);
+    const statePath = join(tmpdir(), `skillrepo-activation-${hash}.json`);
+
+    // Pre-populate state file
+    writeFileSync(statePath, JSON.stringify({ reported: { "alice/deploy": "2025-01-01T00:00:00Z" } }));
+
+    try {
+      const { state } = readActivationState(sessionId);
+      assert.equal(state.reported["alice/deploy"], "2025-01-01T00:00:00Z");
+    } finally {
+      rmSync(statePath, { force: true });
+    }
+  });
+
+  it("filters out already-reported skills", () => {
+    const matches = [
+      { skill: makeSkill({ owner: "alice", name: "deploy" }), score: 5 },
+      { skill: makeSkill({ owner: "bob", name: "review" }), score: 3 },
+    ];
+    const sessionState = { reported: { "alice/deploy": "2025-01-01T00:00:00Z" } };
+
+    const filtered = deduplicateActivations(matches, sessionState);
+
+    assert.equal(filtered.length, 1);
+    assert.equal(filtered[0].skill.owner, "bob");
+    assert.equal(filtered[0].skill.name, "review");
+  });
+
+  it("persists reported skills to state file", () => {
+    const sessionId = "dedup-write-test-" + Date.now();
+    const hash = createHash("sha256").update(sessionId).digest("hex").slice(0, 16);
+    const statePath = join(tmpdir(), `skillrepo-activation-${hash}.json`);
+    const state = { reported: {} };
+
+    const matches = [
+      { skill: makeSkill({ owner: "alice", name: "deploy" }), score: 5 },
+    ];
+
+    try {
+      updateActivationState(statePath, state, matches);
+
+      const persisted = JSON.parse(readFileSync(statePath, "utf-8"));
+      assert.ok(persisted.reported["alice/deploy"]);
+    } finally {
+      rmSync(statePath, { force: true });
+    }
+  });
+
+  it("uses same state file path format as pretool-activation hook", () => {
+    const sessionId = "cross-hook-dedup-test";
+    const hash = createHash("sha256").update(sessionId).digest("hex").slice(0, 16);
+    const expectedPath = join(tmpdir(), `skillrepo-activation-${hash}.json`);
+
+    const { path } = readActivationState(sessionId);
+
+    assert.equal(path, expectedPath);
+  });
+});
+
 // ---------------------------------------------------------------------------
 // main() integration via subprocess — avoids test runner interference
 // ---------------------------------------------------------------------------