skillrepo 2.0.0 → 3.1.0

package/src/test/commands/init.test.mjs

@@ -0,0 +1,697 @@
+/**
+ * Unit/integration tests for src/commands/init.mjs (PR3b rewrite, #646).
+ */
+
+import { describe, it, beforeEach, afterEach } from "node:test";
+import assert from "node:assert/strict";
+import {
+  mkdtempSync,
+  mkdirSync,
+  rmSync,
+  existsSync,
+  readFileSync,
+  writeFileSync,
+} from "node:fs";
+import { join } from "node:path";
+import { tmpdir } from "node:os";
+
+import { runInit } from "../../commands/init.mjs";
+import { readConfig } from "../../lib/config.mjs";
+import { CliError, EXIT_AUTH, EXIT_VALIDATION } from "../../lib/errors.mjs";
+import { createMockServer } from "../e2e/mock-server.mjs";
+import { createCaptureStream } from "../helpers/capture-stream.mjs";
+
+let sandbox;
+let server;
+let serverUrl;
+let originalCwd;
+let originalHome;
+let stdout;
+let stderr;
+const VALID_KEY = "sk_live_init_test";
+
+async function setup() {
+  sandbox = mkdtempSync(join(tmpdir(), "cli-cmd-init-"));
+  // init defaults to detecting IDEs in cwd. Create a `.claude/`
+  // marker so detection finds claudeCode and the command doesn't
+  // refuse for "no IDEs detected".
+  mkdirSync(join(sandbox, "project", ".claude"), { recursive: true });
+  mkdirSync(join(sandbox, "home"), { recursive: true });
+  originalCwd = process.cwd();
+  originalHome = process.env.HOME;
+  process.chdir(join(sandbox, "project"));
+  process.env.HOME = join(sandbox, "home");
+  delete process.env.SKILLREPO_ACCESS_KEY;
+  delete process.env.SKILLREPO_URL;
+
+  server = createMockServer({});
+  const port = await server.start();
+  serverUrl = `http://127.0.0.1:${port}`;
+
+  stdout = createCaptureStream();
+  stderr = createCaptureStream();
+}
+
+async function teardown() {
+  if (server) await server.stop();
+  process.chdir(originalCwd);
+  process.env.HOME = originalHome;
+  if (sandbox) rmSync(sandbox, { recursive: true, force: true });
+  server = null;
+}
+
+// ── Happy path ─────────────────────────────────────────────────────────
+
+describe("runInit — happy path", () => {
+  beforeEach(setup);
+  afterEach(teardown);
+
+  it("writes config + MCP + runs first sync with --yes", async () => {
+    await runInit(
+      ["--key", VALID_KEY, "--url", serverUrl, "--yes"],
+      { stdout, stderr },
+    );
+
+    // Config file persisted
+    const cfg = readConfig();
+    assert.ok(cfg, "config should be readable after init");
+    assert.equal(cfg.apiKey, VALID_KEY);
+    assert.equal(cfg.serverUrl, serverUrl);
+    assert.equal(cfg.accountSlug, "mock");
+
+    // MCP config created in project
+    assert.ok(existsSync(join(process.cwd(), ".mcp.json")));
+    const mcp = JSON.parse(readFileSync(join(process.cwd(), ".mcp.json"), "utf-8"));
+    assert.ok(mcp.mcpServers?.skillrepo);
+
+    // .env.local written for agent env var consumers
+    assert.ok(existsSync(join(process.cwd(), ".env.local")));
+    const envContent = readFileSync(join(process.cwd(), ".env.local"), "utf-8");
+    assert.match(envContent, new RegExp(`SKILLREPO_ACCESS_KEY=${VALID_KEY}`));
+
+    // .gitignore has the three init-required entries.
+    // Round-3 architect + code-reviewer caught that this gitignore
+    // management was documented in the README but never actually
+    // implemented — this assertion locks the fix so a future
+    // regression that removes the mergeGitignore call from init
+    // fails loudly.
+    assert.ok(existsSync(join(process.cwd(), ".gitignore")));
+    const gi = readFileSync(join(process.cwd(), ".gitignore"), "utf-8");
+    assert.match(gi, /^\.env\.local$/m, ".env.local must be gitignored (contains access key)");
+    assert.match(gi, /^\.claude\/skills\/$/m, ".claude/skills/ must be gitignored");
+    assert.match(gi, /^\.claude\/settings\.local\.json$/m, ".claude/settings.local.json must be gitignored");
+
+    // Human summary
+    assert.match(stdout.text(), /SkillRepo is ready/);
+  });
+
+  it("--json outputs structured summary", async () => {
+    await runInit(
+      ["--key", VALID_KEY, "--url", serverUrl, "--yes", "--json"],
+      { stdout, stderr },
+    );
+    const json = JSON.parse(stdout.text());
+    assert.equal(json.action, "initialized");
+    assert.equal(json.account.slug, "mock");
+    assert.ok(Array.isArray(json.vendors));
+    assert.ok(Array.isArray(json.mcp.merged));
+  });
+
+  it("respects --ide flag to override detection", async () => {
+    await runInit(
+      ["--key", VALID_KEY, "--url", serverUrl, "--yes", "--ide", "claude"],
+      { stdout, stderr },
+    );
+    const mcp = JSON.parse(readFileSync(join(process.cwd(), ".mcp.json"), "utf-8"));
+    assert.ok(mcp.mcpServers?.skillrepo);
+  });
+
+  it("detects multiple IDEs when both .claude/ and .cursor/ exist", async () => {
+    mkdirSync(join(process.cwd(), ".cursor"), { recursive: true });
+    await runInit(
+      ["--key", VALID_KEY, "--url", serverUrl, "--yes"],
+      { stdout, stderr },
+    );
+    assert.ok(existsSync(join(process.cwd(), ".mcp.json")));
+    assert.ok(existsSync(join(process.cwd(), ".cursor", "mcp.json")));
+  });
+});
+
+// ── Credential resolution ─────────────────────────────────────────────
+
+describe("runInit — credential resolution", () => {
+  beforeEach(setup);
+  afterEach(teardown);
+
+  it("reads existing config when no --key provided and server validates OK", async () => {
+    // Pre-seed the config file
+    mkdirSync(join(process.env.HOME, ".claude", "skillrepo"), { recursive: true });
+    writeFileSync(
+      join(process.env.HOME, ".claude", "skillrepo", "config.json"),
+      JSON.stringify({
+        schemaVersion: 1,
+        apiKey: VALID_KEY,
+        serverUrl,
+      }),
+    );
+    // No --key passed; init should pick up the config and succeed
+    await runInit(["--yes"], { stdout, stderr });
+    assert.match(stdout.text(), /SkillRepo is ready/);
+  });
+
+  it("reads SKILLREPO_ACCESS_KEY env var when no flag or config", async () => {
+    process.env.SKILLREPO_ACCESS_KEY = VALID_KEY;
+    process.env.SKILLREPO_URL = serverUrl;
+    await runInit(["--yes"], { stdout, stderr });
+    assert.match(stdout.text(), /SkillRepo is ready/);
+  });
+
+  it("refuses to run under --yes when no key is configured anywhere", async () => {
+    // No --key, no config, no env var, non-interactive → hard fail
+    await assert.rejects(
+      () => runInit(["--yes"], { stdout, stderr }),
+      (err) => err instanceof CliError && err.exitCode === EXIT_AUTH,
+    );
+  });
+});
+
+// ── Error paths ────────────────────────────────────────────────────────
+
+describe("runInit — error paths", () => {
+  beforeEach(setup);
+  afterEach(teardown);
+
+  it("rejects invalid key format (not sk_live_ prefix)", async () => {
+    await assert.rejects(
+      () => runInit(
+        ["--key", "not_a_valid_key", "--url", serverUrl, "--yes"],
+        { stdout, stderr },
+      ),
+      (err) => err instanceof CliError && err.exitCode === EXIT_VALIDATION,
+    );
+  });
+
+  it("401 from validate surfaces as authError", async () => {
+    server.setForcedStatus(401, { error: "Invalid access key" });
+    await assert.rejects(
+      () => runInit(
+        ["--key", VALID_KEY, "--url", serverUrl, "--yes"],
+        { stdout, stderr },
+      ),
+      (err) => err instanceof CliError && err.exitCode === EXIT_AUTH,
+    );
+  });
+
+  it("refuses with clear error when no IDE detected and no --ide flag", async () => {
+    // Remove the .claude marker that setup() created
+    rmSync(join(process.cwd(), ".claude"), { recursive: true, force: true });
+    await assert.rejects(
+      () => runInit(
+        ["--key", VALID_KEY, "--url", serverUrl, "--yes"],
+        { stdout, stderr },
+      ),
+      (err) =>
+        err instanceof CliError &&
+        err.exitCode === EXIT_VALIDATION &&
+        /No IDEs detected/.test(err.message),
+    );
+  });
+
+  it("headless CI scenario: explicit --ide claude works in empty project", async () => {
+    // Remove the .claude marker — empty dir
+    rmSync(join(process.cwd(), ".claude"), { recursive: true, force: true });
+    // With --ide claude, init should proceed even in an empty dir
+    await runInit(
+      ["--key", VALID_KEY, "--url", serverUrl, "--yes", "--ide", "claude"],
+      { stdout, stderr },
+    );
+    // And write the MCP config
+    assert.ok(existsSync(join(process.cwd(), ".mcp.json")));
+  });
+});
+
+// ── Idempotency ────────────────────────────────────────────────────────
+
+describe("runInit — idempotency", () => {
+  beforeEach(setup);
+  afterEach(teardown);
+
+  it("running init twice with valid existing config is a no-op refresh", async () => {
+    // First init
+    await runInit(
+      ["--key", VALID_KEY, "--url", serverUrl, "--yes"],
+      { stdout, stderr },
+    );
+    const firstConfig = readConfig();
+
+    // Reset captures for the second run
+    stdout = createCaptureStream();
+    stderr = createCaptureStream();
+
+    // Second init WITHOUT --key — should pick up from config
+    await runInit(["--yes"], { stdout, stderr });
+    const secondConfig = readConfig();
+    assert.equal(secondConfig.apiKey, firstConfig.apiKey);
+    assert.match(stdout.text(), /SkillRepo is ready/);
+  });
+});
+
+// ── --force flag (round-1 review fix) ──────────────────────────────────
+
+describe("runInit — --force flag", () => {
+  beforeEach(setup);
+  afterEach(teardown);
+
+  it("--force ignores existing config key (requires explicit new key)", async () => {
+    // Pre-seed a valid config
+    mkdirSync(join(process.env.HOME, ".claude", "skillrepo"), { recursive: true });
+    writeFileSync(
+      join(process.env.HOME, ".claude", "skillrepo", "config.json"),
+      JSON.stringify({
+        schemaVersion: 1,
+        apiKey: VALID_KEY,
+        serverUrl,
+      }),
+    );
+
+    // --force WITHOUT --key AND WITHOUT env var under --yes should
+    // hard-fail with EXIT_AUTH. This proves --force actually
+    // invalidates the cached credential rather than silently
+    // inheriting from the config. Before the round-1 fix, --force
+    // only cleared the key but still inherited serverUrl — this
+    // test also locks that the cached URL is ignored (the --url
+    // flag is required alongside --force for a full reset).
+    await assert.rejects(
+      () =>
+        runInit(["--force", "--yes"], { stdout, stderr }),
+      (err) => err instanceof CliError && err.exitCode === EXIT_AUTH,
+    );
+  });
+
+  it("--force + --key + --url re-runs validation against new credentials", async () => {
+    // Pre-seed with one server URL
+    mkdirSync(join(process.env.HOME, ".claude", "skillrepo"), { recursive: true });
+    writeFileSync(
+      join(process.env.HOME, ".claude", "skillrepo", "config.json"),
+      JSON.stringify({
+        schemaVersion: 1,
+        apiKey: "sk_live_old_key",
+        serverUrl: "https://old.example",
+      }),
+    );
+
+    // --force + explicit new credentials should succeed and OVERWRITE
+    // the config with the new ones (not merge).
+    await runInit(
+      ["--force", "--key", VALID_KEY, "--url", serverUrl, "--yes"],
+      { stdout, stderr },
+    );
+    const cfg = readConfig();
+    assert.equal(cfg.apiKey, VALID_KEY);
+    assert.equal(cfg.serverUrl, serverUrl);
+  });
+
+  it("--force + SKILLREPO_ACCESS_KEY env var (no --key flag) uses the env var", async () => {
+    // Cross-review coverage gap: the README explicitly documents
+    // this scenario ("init --force with SKILLREPO_ACCESS_KEY set:
+    // uses the env var (step 2). --force only clears the cached
+    // credentials, not the runtime env."), but no existing test
+    // locked it. Reviewers (correctly) pointed out that missing
+    // coverage on this path would let a regression silently change
+    // the priority order between env vars and the cached config.
+    //
+    // Pre-seed a cached config with a DIFFERENT key than the env
+    // var so we can tell which one init actually used.
+    mkdirSync(join(process.env.HOME, ".claude", "skillrepo"), { recursive: true });
+    writeFileSync(
+      join(process.env.HOME, ".claude", "skillrepo", "config.json"),
+      JSON.stringify({
+        schemaVersion: 1,
+        apiKey: "sk_live_CONFIG_KEY",
+        serverUrl: "https://old.example",
+      }),
+    );
+
+    process.env.SKILLREPO_ACCESS_KEY = VALID_KEY;
+    process.env.SKILLREPO_URL = serverUrl;
+
+    await runInit(["--force", "--yes"], { stdout, stderr });
+
+    // The config file should now contain the env var's key, NOT
+    // the seeded config key. --force cleared the cache; the env
+    // var won over the interactive-prompt fallback (which would
+    // also have fired since no --key was given).
+    const cfg = readConfig();
+    assert.equal(cfg.apiKey, VALID_KEY);
+    assert.notEqual(cfg.apiKey, "sk_live_CONFIG_KEY");
+    assert.equal(cfg.serverUrl, serverUrl);
+  });
+});
+
+// ── Non-fatal sync failure (round-2 review fix) ──────────────────────
+
+describe("runInit — non-fatal sync failure", () => {
+  beforeEach(setup);
+  afterEach(teardown);
+
+  it("sync failure during init does NOT abort the command", async () => {
+    // Round-2 review caught the prior behavior: sync failure warned
+    // "run skillrepo update later to retry" but then rethrew the
+    // error, so the init command exited non-zero — contradicting
+    // its own message. The fix: swallow the sync failure, print
+    // the warning, and exit 0 with a synthesized zero-delta summary.
+    // The user's config and MCP setup are already persisted; only
+    // the skill fetch failed, and `skillrepo update` is the
+    // documented recovery path.
+    //
+    // We simulate the failure by forcing the mock server to return
+    // 500 on the library sync endpoint AFTER validate succeeds.
+    // setForcedStatus fires once then clears, so the POST /validate
+    // in step 2 succeeds with a 200, and the subsequent GET /library
+    // hits normal routing — which we break by setting the status
+    // mid-run. The simplest approach: set the forced status to a
+    // non-200 BEFORE calling init and let it fire on the first
+    // non-auth request (the library GET comes after validate).
+    //
+    // But that would hit validate first. Instead we use a
+    // purpose-built "always 500 on /library" by overriding the
+    // library-sync response via the mock's setLibraryResponse slot.
+    server.setLibraryStatus({ status: 500, body: { error: "Upstream exploded" } });
+
+    // Init should complete without throwing
+    await runInit(
+      ["--key", VALID_KEY, "--url", serverUrl, "--yes"],
+      { stdout, stderr },
+    );
+
+    // Config IS persisted despite the sync failure
+    const cfg = readConfig();
+    assert.ok(cfg, "config must be written even when sync fails");
+    assert.equal(cfg.apiKey, VALID_KEY);
+
+    // MCP IS configured despite the sync failure
+    assert.ok(existsSync(join(process.cwd(), ".mcp.json")));
+
+    // Warning is surfaced
+    assert.match(stdout.text(), /first sync failed/i);
+    assert.match(stdout.text(), /skillrepo update/);
+
+    // Final "ready" line STILL prints — the init completed
+    assert.match(stdout.text(), /SkillRepo is ready/);
+  });
+
+  it("--json sync failure includes failureReason in the JSON payload", async () => {
+    server.setLibraryStatus({ status: 500, body: { error: "Upstream exploded" } });
+    await runInit(
+      ["--key", VALID_KEY, "--url", serverUrl, "--yes", "--json"],
+      { stdout, stderr },
+    );
+    const json = JSON.parse(stdout.text());
+    assert.equal(json.action, "initialized");
+    // `failureReason` is the sentinel — downstream scripts detect a
+    // partial init by `sync.failureReason != null`. The synthesized
+    // SyncSummary no longer carries a `failed` field because that
+    // wasn't part of the documented SyncSummary typedef; the
+    // failure is signalled exclusively via `failureReason`.
+    assert.ok(json.sync.failureReason, "sync.failureReason should be present on failure");
+    assert.equal(json.sync.added, 0);
+    assert.equal(json.sync.updated, 0);
+    assert.equal(json.sync.removed, 0);
+    assert.equal(json.sync.notModified, false);
+  });
+});
+
+// ── Stale-key handling (round-1 review fix) ───────────────────────────
+
+describe("runInit — stale-key handling", () => {
+  beforeEach(setup);
+  afterEach(teardown);
+
+  it("existing config + 401 from validate + --yes → hard failure (no re-prompt)", async () => {
+    // Pre-seed an existing config
+    mkdirSync(join(process.env.HOME, ".claude", "skillrepo"), { recursive: true });
+    writeFileSync(
+      join(process.env.HOME, ".claude", "skillrepo", "config.json"),
+      JSON.stringify({
+        schemaVersion: 1,
+        apiKey: VALID_KEY,
+        serverUrl,
+      }),
+    );
+    // Force the server to reject the stale key
+    server.setForcedStatus(401, { error: "Invalid access key" });
+
+    // Under --yes (non-interactive), init MUST NOT fall back to
+    // promptSecret because there's no interactive stdin. It must
+    // surface the auth error directly. This test locks the guard
+    // in init.mjs's catch block: the re-prompt path is gated on
+    // `!yes` specifically so non-interactive callers (CI, scripts)
+    // fail loudly instead of hanging on stdin.
+    await assert.rejects(
+      () =>
+        runInit(
+          ["--url", serverUrl, "--yes"],
+          { stdout, stderr },
+        ),
+      (err) => err instanceof CliError && err.exitCode === EXIT_AUTH,
+    );
+  });
+
+  it("existing config + 401 + --force + --yes still hard-fails (force + yes both gate)", async () => {
+    // Pre-seed config
+    mkdirSync(join(process.env.HOME, ".claude", "skillrepo"), { recursive: true });
+    writeFileSync(
+      join(process.env.HOME, ".claude", "skillrepo", "config.json"),
+      JSON.stringify({
+        schemaVersion: 1,
+        apiKey: VALID_KEY,
+        serverUrl,
+      }),
+    );
+    server.setForcedStatus(401, { error: "Invalid access key" });
+
+    // With --force AND --yes, the re-prompt path is gated twice:
+    // once by `!force` (the intent of --force is "use exactly what I
+    // passed, no fallbacks") and once by `!yes` (non-interactive).
+    // Either alone would block re-prompt; this test locks both.
+    await assert.rejects(
+      () =>
+        runInit(
+          ["--force", "--key", VALID_KEY, "--url", serverUrl, "--yes"],
+          { stdout, stderr },
+        ),
+      (err) => err instanceof CliError && err.exitCode === EXIT_AUTH,
+    );
+  });
+});
+
+// ── Session-sync step 6 (#884) ────────────────────────────────────────
+//
+// INTENT-based coverage of the new step 6 added in v3.1.0. Tests use
+// the PATH-shim trick from session-sync.test.mjs to make
+// `which skillrepo` resolve deterministically: a fake `skillrepo`
+// executable is dropped into `$HOME/bin` and prepended to PATH.
+// Without this, the behavior of these tests would depend on whether
+// a global install exists on the developer's machine.
+//
+// Lower-level installer correctness (hook shape, idempotency,
+// round-trip with remover) is covered in session-hook.test.mjs. These
+// init tests verify the ORCHESTRATION: --yes path, --no-session-sync
+// opt-out, --json output shape, and the non-fatal disk-error path.
+
+import { chmodSync as _chmodSync } from "node:fs";
+import { SESSION_HOOK_FINGERPRINT as _FINGERPRINT } from "../../lib/artifact-registry.mjs";
+
+async function setupWithShim() {
+  await setup();
+  // Drop a deterministic `skillrepo` shim into HOME/bin so
+  // `which skillrepo` resolves to it rather than a possibly-missing
+  // global install.
+  const binDir = join(process.env.HOME, "bin");
+  mkdirSync(binDir, { recursive: true });
+  const shim = join(binDir, "skillrepo");
+  writeFileSync(shim, "#!/bin/sh\nexit 0\n");
+  _chmodSync(shim, 0o755);
+  process.env.PATH = `${binDir}:${process.env.PATH}`;
+}
+
+describe("runInit — session sync (#884)", () => {
+  beforeEach(setupWithShim);
+  afterEach(teardown);
+
+  it("--yes installs the hook at step 6 by default", async () => {
+    // INTENT: the architect-designed default for --yes mode is
+    // "install the hook." CI/onboarding scripts passing --yes should
+    // get a fully-configured project including session sync.
+    await runInit(
+      ["--key", VALID_KEY, "--url", serverUrl, "--yes"],
+      { stdout, stderr },
+    );
+
+    const settingsPath = join(process.cwd(), ".claude", "settings.local.json");
+    assert.ok(existsSync(settingsPath), "settings.local.json must exist");
+
+    const parsed = JSON.parse(readFileSync(settingsPath, "utf-8"));
+    const hasHook = parsed.hooks.SessionStart.flatMap((g) => g.hooks).some(
+      (h) => h.command.includes(_FINGERPRINT),
+    );
+    assert.ok(hasHook, "SkillRepo SessionStart hook must be installed");
+    assert.match(stdout.text(), /SessionStart hook installed/);
+  });
+
+  it("--no-session-sync skips the hook install even with --yes", async () => {
+    // INTENT: the only way CI scripts that bootstrap a project
+    // without starting Claude Code sessions can opt out. Must work
+    // alongside --yes (otherwise --yes would force hook install).
+    await runInit(
+      ["--key", VALID_KEY, "--url", serverUrl, "--yes", "--no-session-sync"],
+      { stdout, stderr },
+    );
+
+    const settingsPath = join(process.cwd(), ".claude", "settings.local.json");
+    assert.ok(
+      !existsSync(settingsPath),
+      "settings.local.json must NOT be written under --no-session-sync",
+    );
+    assert.match(stdout.text(), /Session sync skipped \(--no-session-sync\)/);
+  });
+
+  it("re-running init is idempotent — exactly one hook entry", async () => {
+    // INTENT: users re-run init for many reasons (switching keys,
+    // updating the config). A duplicate hook would fire sync twice
+    // per session — waste at best, race at worst.
+    await runInit(
+      ["--key", VALID_KEY, "--url", serverUrl, "--yes"],
+      { stdout, stderr },
+    );
+    stdout.clear();
+    await runInit(
+      ["--key", VALID_KEY, "--url", serverUrl, "--yes"],
+      { stdout, stderr },
+    );
+
+    const parsed = JSON.parse(
+      readFileSync(
+        join(process.cwd(), ".claude", "settings.local.json"),
+        "utf-8",
+      ),
+    );
+    const skillrepoHooks = parsed.hooks.SessionStart.flatMap(
+      (g) => g.hooks,
+    ).filter((h) => h.command.includes(_FINGERPRINT));
+    assert.equal(skillrepoHooks.length, 1, "exactly one SkillRepo hook");
+  });
+
+  it("--json includes a sessionSync block with action + path", async () => {
+    // INTENT: automation scripts need to know whether session sync
+    // was installed, opted out, or failed. The JSON contract is the
+    // machine-readable channel for that.
+    await runInit(
+      ["--key", VALID_KEY, "--url", serverUrl, "--yes", "--json"],
+      { stdout, stderr },
+    );
+    const json = JSON.parse(stdout.text());
+    assert.ok(json.sessionSync, "sessionSync must be in --json output");
+    assert.equal(json.sessionSync.action, "installed");
+    assert.equal(json.sessionSync.path, ".claude/settings.local.json");
+  });
+
+  it("--json with --no-session-sync reports action: 'opted-out'", async () => {
+    await runInit(
+      [
+        "--key",
+        VALID_KEY,
+        "--url",
+        serverUrl,
+        "--yes",
+        "--no-session-sync",
+        "--json",
+      ],
+      { stdout, stderr },
+    );
+    const json = JSON.parse(stdout.text());
+    assert.equal(json.sessionSync.action, "opted-out");
+    assert.equal(json.sessionSync.path, null);
+  });
+
+  it("skips session sync entirely when only non-Claude-Code IDEs are targeted (cross-PR review fix)", async () => {
+    // Cross-PR review flagged: before this guard, a user running
+    // `skillrepo init --ide cursor` would get a Claude Code-specific
+    // SessionStart hook written to `.claude/settings.local.json`.
+    // Cursor never reads that file, so the hook was silent useless
+    // state that `skillrepo uninstall` later had to clean up.
+    //
+    // The guard in init.mjs step 6 now skips the install when
+    // `claudeCode` is not in the resolved vendors list AND
+    // `--global` is not passed. This test proves the skip fires.
+    //
+    // Use --ide cursor to force vendors = ["cursor"]. Bypass the
+    // .claude/ auto-detection by creating .cursor/ instead.
+    mkdirSync(join(process.cwd(), ".cursor"), { recursive: true });
+    rmSync(join(process.cwd(), ".claude"), { recursive: true, force: true });
+
+    await runInit(
+      [
+        "--key",
+        VALID_KEY,
+        "--url",
+        serverUrl,
+        "--yes",
+        "--ide",
+        "cursor",
+        "--json",
+      ],
+      { stdout, stderr },
+    );
+
+    const json = JSON.parse(stdout.text());
+    assert.equal(
+      json.sessionSync.action,
+      "not-applicable",
+      "session sync must report 'not-applicable' for non-Claude-Code targets",
+    );
+    assert.equal(json.sessionSync.path, null);
+    // Critical: the settings.local.json file must NOT have been
+    // written. A Cursor user should never see this Claude-specific
+    // file materialize from `skillrepo init`.
+    assert.ok(
+      !existsSync(join(process.cwd(), ".claude", "settings.local.json")),
+      ".claude/settings.local.json must NOT be written for Cursor-only init",
+    );
+  });
+
+  it("still installs session sync under --global even without claudeCode in vendors", async () => {
+    // INTENT: `--global` writes to `~/.claude/settings.local.json`,
+    // which IS Claude Code's user-wide settings path. A user who
+    // runs `skillrepo init --global` (even without `--ide claude`)
+    // is implicitly targeting Claude Code. The guard must allow
+    // this path so `--global` users still get auto-sync.
+    //
+    // Note: the setup() helper already creates `.claude/` in the
+    // project, which would normally push vendors to include
+    // claudeCode. Force vendors = ["cursor"] via --ide to exercise
+    // the "--global overrides vendors" branch.
+    await runInit(
+      [
+        "--key",
+        VALID_KEY,
+        "--url",
+        serverUrl,
+        "--yes",
+        "--global",
+        "--ide",
+        "cursor",
+        "--json",
+      ],
+      { stdout, stderr },
+    );
+
+    const json = JSON.parse(stdout.text());
+    assert.equal(
+      json.sessionSync.action,
+      "installed",
+      "--global must install the hook even when vendors doesn't include claudeCode",
+    );
+    assert.equal(json.sessionSync.path, "~/.claude/settings.local.json");
+  });
+});