sweet-search 2.5.2 → 2.5.4

package/scripts/install-tool-enforcement.js

@@ -0,0 +1,220 @@
+/**
+ * Install / remove sweet-search Claude-specific tool-enforcement.
+ *
+ * Plan reference: §4D / §10 step 17. Opt-in via `--enforce-tools` because
+ * strict enforcement is opinionated and Claude-specific. Universally gated
+ * by `--no-claude` (handled in init.js — when --no-claude, never called).
+ *
+ * Two-part install (per §4D):
+ *   1. Deny native `Grep` in `.claude/settings.json::permissions.deny`.
+ *      Sweet-search wants `ss-grep` to be the default; denying Grep
+ *      forces the agent toward the indexed path.
+ *   2. PreToolUse hint hook for `Read` — *hints*, never blocks. Edit
+ *      workflows require Read before Edit, so a deny would break tooling.
+ *
+ * Removable cleanly: tracks the deny entry by exact value match and the
+ * hook entry by filename match (same pattern as prewarm SessionStart hook).
+ */
+
+import { copyFileSync, existsSync, mkdirSync, readFileSync, renameSync, unlinkSync, writeFileSync } from 'node:fs';
+import { dirname, isAbsolute, join, relative } from 'node:path';
+
+export const INTERCEPT_READ_HOOK_FILENAME = 'sweet-search-intercept-read.mjs';
+const SOURCE_REL = ['scripts', 'hooks', 'intercept-read.mjs'];
+const GREP_DENY_VALUE = 'Grep';
+
+/**
+ * Install the strict-mode enforcement: Grep deny + Read hint hook.
+ * Idempotent. Never throws — surfaces errors via the status object.
+ *
+ * @param {object} args
+ * @param {string} args.projectRoot
+ * @param {string} args.packageRoot
+ * @param {boolean} [args.skipped=false]  — set when --enforce-tools is OFF
+ * @returns {{ status: string, detail: string, hookPath?: string }}
+ *   status ∈ { installed, skipped, error }
+ */
+export function installToolEnforcement({ projectRoot, packageRoot, skipped = false } = {}) {
+  if (skipped) return { status: 'skipped', detail: '--enforce-tools not set' };
+  if (!projectRoot) return { status: 'error', detail: 'install-tool-enforcement: projectRoot is required' };
+  if (!packageRoot) return { status: 'error', detail: 'install-tool-enforcement: packageRoot is required' };
+
+  // Hook source must exist in the package (covered by package.json files).
+  const hookSrcAbs = join(packageRoot, ...SOURCE_REL);
+  if (!existsSync(hookSrcAbs)) {
+    return { status: 'error', detail: `hook source missing: ${hookSrcAbs}` };
+  }
+
+  const hookDestAbs = join(projectRoot, '.claude', 'hooks', INTERCEPT_READ_HOOK_FILENAME);
+  const hookRelFromProject = relative(projectRoot, hookDestAbs);
+  if (hookRelFromProject.startsWith('..') || isAbsolute(hookRelFromProject)) {
+    return { status: 'error', detail: 'hook destination escapes projectRoot' };
+  }
+
+  try {
+    mkdirSync(dirname(hookDestAbs), { recursive: true });
+    copyFileSync(hookSrcAbs, hookDestAbs);
+  } catch (err) {
+    return { status: 'error', detail: `hook copy failed: ${err.message}` };
+  }
+
+  const settingsResult = upsertSettings({
+    projectRoot,
+    addDeny: GREP_DENY_VALUE,
+    addPreToolUseHook: {
+      matcher: 'Read',
+      command: `node ${hookRelFromProject}`,
+      ownershipFilename: INTERCEPT_READ_HOOK_FILENAME,
+    },
+  });
+  if (settingsResult.status !== 'installed') return settingsResult;
+  return { ...settingsResult, hookPath: hookRelFromProject };
+}
+
+/**
+ * Reverse `installToolEnforcement`. Removes the Grep deny entry (only
+ * when present), the PreToolUse hook entry (by filename match), and the
+ * hook script file. Other denies / hooks are preserved.
+ *
+ * @returns {{ status: string, detail: string }} status ∈
+ *   { removed, not-found, dry-run, error }
+ */
+export function removeToolEnforcement({ projectRoot, dryRun = false } = {}) {
+  if (!projectRoot) return { status: 'error', detail: 'remove-tool-enforcement: projectRoot is required' };
+
+  const hookDestAbs = join(projectRoot, '.claude', 'hooks', INTERCEPT_READ_HOOK_FILENAME);
+  const settingsPath = join(projectRoot, '.claude', 'settings.json');
+
+  const hookExists = existsSync(hookDestAbs);
+  const denyExists = settingsHasDeny(settingsPath, GREP_DENY_VALUE);
+  const hookEntryExists = settingsHasPreToolUseHook(settingsPath, INTERCEPT_READ_HOOK_FILENAME);
+
+  if (!hookExists && !denyExists && !hookEntryExists) {
+    return { status: 'not-found', detail: 'no enforcement to undo' };
+  }
+  if (dryRun) {
+    const parts = [
+      hookExists && 'hook file',
+      denyExists && 'Grep deny',
+      hookEntryExists && 'PreToolUse entry',
+    ].filter(Boolean);
+    return { status: 'dry-run', detail: parts.join(' + ') };
+  }
+
+  const removed = [];
+  if (hookExists) {
+    try { unlinkSync(hookDestAbs); removed.push('hook file'); }
+    catch (err) { return { status: 'error', detail: `failed to remove hook: ${err.message}` }; }
+  }
+  if (denyExists || hookEntryExists) {
+    const r = upsertSettings({
+      projectRoot,
+      removeDeny: denyExists ? GREP_DENY_VALUE : null,
+      removePreToolUseHook: hookEntryExists ? INTERCEPT_READ_HOOK_FILENAME : null,
+    });
+    if (r.status === 'error') return r;
+    if (denyExists) removed.push('Grep deny');
+    if (hookEntryExists) removed.push('PreToolUse entry');
+  }
+  return { status: 'removed', detail: removed.join(' + ') };
+}
+
+// ─── Settings.json upsert (read → mutate → atomic write) ────────────────────
+
+function upsertSettings({
+  projectRoot,
+  addDeny = null,
+  removeDeny = null,
+  addPreToolUseHook = null,
+  removePreToolUseHook = null,
+}) {
+  const settingsDir = join(projectRoot, '.claude');
+  const settingsPath = join(settingsDir, 'settings.json');
+
+  let settings = {};
+  if (existsSync(settingsPath)) {
+    try { settings = JSON.parse(readFileSync(settingsPath, 'utf8')); }
+    catch (err) { return { status: 'error', detail: `settings.json invalid: ${err.message}` }; }
+  }
+
+  // Permissions deny.
+  if (addDeny) {
+    settings.permissions = settings.permissions || {};
+    const deny = Array.isArray(settings.permissions.deny) ? settings.permissions.deny : [];
+    if (!deny.includes(addDeny)) deny.push(addDeny);
+    settings.permissions.deny = deny;
+  }
+  if (removeDeny) {
+    const deny = Array.isArray(settings?.permissions?.deny) ? settings.permissions.deny : [];
+    const next = deny.filter((v) => v !== removeDeny);
+    if (next.length === 0) {
+      if (settings.permissions) delete settings.permissions.deny;
+    } else {
+      settings.permissions.deny = next;
+    }
+    if (settings.permissions && Object.keys(settings.permissions).length === 0) delete settings.permissions;
+  }
+
+  // PreToolUse hook entry.
+  if (addPreToolUseHook) {
+    settings.hooks = settings.hooks || {};
+    const arr = Array.isArray(settings.hooks.PreToolUse) ? settings.hooks.PreToolUse : [];
+    const entry = {
+      matcher: addPreToolUseHook.matcher,
+      hooks: [
+        { type: 'command', command: addPreToolUseHook.command, timeout: 4000, continueOnError: true },
+      ],
+    };
+    const ownedIdx = arr.findIndex(group =>
+      Array.isArray(group?.hooks)
+      && group.hooks.some(h => typeof h?.command === 'string' && h.command.includes(addPreToolUseHook.ownershipFilename)),
+    );
+    if (ownedIdx >= 0) arr[ownedIdx] = entry;
+    else arr.push(entry);
+    settings.hooks.PreToolUse = arr;
+  }
+  if (removePreToolUseHook) {
+    const arr = Array.isArray(settings?.hooks?.PreToolUse) ? settings.hooks.PreToolUse : [];
+    const next = arr.filter(group =>
+      !Array.isArray(group?.hooks)
+      || !group.hooks.some(h => typeof h?.command === 'string' && h.command.includes(removePreToolUseHook)),
+    );
+    if (next.length === 0) {
+      if (settings.hooks) delete settings.hooks.PreToolUse;
+    } else {
+      settings.hooks.PreToolUse = next;
+    }
+    if (settings.hooks && Object.keys(settings.hooks).length === 0) delete settings.hooks;
+  }
+
+  try {
+    mkdirSync(settingsDir, { recursive: true });
+    const tmp = settingsPath + '.tmp';
+    writeFileSync(tmp, JSON.stringify(settings, null, 2) + '\n', 'utf8');
+    renameSync(tmp, settingsPath);
+  } catch (err) {
+    return { status: 'error', detail: err.message };
+  }
+  return { status: 'installed', detail: 'permissions + PreToolUse updated' };
+}
+
+function settingsHasDeny(settingsPath, value) {
+  if (!existsSync(settingsPath)) return false;
+  try {
+    const settings = JSON.parse(readFileSync(settingsPath, 'utf8'));
+    const deny = Array.isArray(settings?.permissions?.deny) ? settings.permissions.deny : [];
+    return deny.includes(value);
+  } catch { return false; }
+}
+
+function settingsHasPreToolUseHook(settingsPath, ownershipFilename) {
+  if (!existsSync(settingsPath)) return false;
+  try {
+    const settings = JSON.parse(readFileSync(settingsPath, 'utf8'));
+    const arr = Array.isArray(settings?.hooks?.PreToolUse) ? settings.hooks.PreToolUse : [];
+    return arr.some(group =>
+      Array.isArray(group?.hooks)
+      && group.hooks.some(h => typeof h?.command === 'string' && h.command.includes(ownershipFilename)),
+    );
+  } catch { return false; }
+}

package/scripts/smoke-test.js

@@ -259,16 +259,19 @@ for (const profile of profiles) {
 
     if (profile === 'full') {
       assert(config.runtime.allowRuntimeModelDownload === false, 'Runtime downloads should be disabled for full');
-      // Model count: full profile registers all profile=='full' entries from
-      // core/infrastructure/model-registry.js. Currently 6 (4 retrieval models
-      // + FlashRank cross-encoder + semantic-cache MiniLM); was 4 before
-      // FlashRank and the semantic cache landed. The original hard-coded "===4"
-      // assertion is documented as drifted in docs/INIT_STRATEGY.md. We just
-      // assert presence + a reasonable lower bound rather than pin a number
-      // that drifts every time a model is added.
+      // Model count is hardware-conditional since commit d282bb0 ("use ORT CPU
+      // without accelerators"): a NO-ACCELERATOR host (no CoreML/CUDA/Metal —
+      // e.g. CI's linux-x64 ubuntu runner, or the darwin-x64 binary running
+      // cross-arch on an arm64 macos runner) correctly registers only the 3
+      // core ORT-INT8 models (embed-int8 + LI-int8 + semantic-cache MiniLM) and
+      // SKIPS the 2 native FP32 variants (coderankembed-fp32, lateon-code-fp32),
+      // since indexing falls back to ORT INT8 CPU. An accelerator host adds those
+      // 2 → 5 (opt-in cross-encoders excluded by default). So 3 is the true
+      // floor; pinning ≥4 wrongly failed no-accelerator CI runners. Assert the
+      // floor — dropping below the 3 core models is a real regression.
       assert(
-        Object.keys(config.models).length >= 4,
-        `Expected ≥4 models, got ${Object.keys(config.models).length}`,
+        Object.keys(config.models).length >= 3,
+        `Expected ≥3 core models, got ${Object.keys(config.models).length}`,
       );
     } else {
       assert(config.runtime.allowRuntimeModelDownload === true, 'Runtime downloads should be enabled for core');

package/scripts/uninstall.js

@@ -18,12 +18,11 @@ import { fileURLToPath } from 'node:url';
 
 import { getCoremlCascadeRoot, getCoremlCascadeState } from '../core/infrastructure/coreml-cascade.js';
 import { PREWARM_HOOK_FILENAME } from './init.js';
-
-// Default paths for the running daemon. Env-overridable so both the prewarm
-// hook, the CLI, and this module agree on where to look. Tests pass custom
-// values to `stopRunningDaemon` for isolation.
-const DEFAULT_PID_FILE = process.env.SWEET_SEARCH_PID_FILE || '/tmp/sweet-search-server.pid';
-const DEFAULT_SOCKET_PATH = process.env.SWEET_SEARCH_SOCKET_PATH || '/tmp/sweet-search.sock';
+import { removeAgentInstructions } from './inject-agent-instructions.js';
+import { removeClaudeRules } from './write-claude-rules.js';
+import { removePromptReminderHook } from './install-prompt-reminders.js';
+import { removeToolEnforcement } from './install-tool-enforcement.js';
+import { projectSocketPath, projectPidFile } from '../core/search/server-identity.js';
 
 const __dirname = dirname(fileURLToPath(import.meta.url));
 const PACKAGE_ROOT = join(__dirname, '..');
@@ -175,8 +174,12 @@ export function getCoremlCascadeRemovals() {
  */
 export function stopRunningDaemon({
   projectRoot,
-  pidFile = DEFAULT_PID_FILE,
-  socketPath = DEFAULT_SOCKET_PATH,
+  // Per-project socket/pidfile (C3) — derived from this project's root so
+  // uninstalling project A never stops project B's server. Honors explicit
+  // SWEET_SEARCH_SOCKET_PATH / SWEET_SEARCH_PID_FILE overrides. Tests pass
+  // explicit values for isolation.
+  pidFile = projectPidFile(process.env, projectRoot || process.cwd()),
+  socketPath = projectSocketPath(process.env, projectRoot || process.cwd()),
 } = {}) {
   const result = { gracefulAttempted: false, killed: false, pidFileRemoved: false, socketRemoved: false };
 
@@ -221,6 +224,63 @@ export function stopRunningDaemon({
   return result;
 }
 
+const MAINTAINER_LOCK_FILENAME = 'index-maintainer.lock';
+
+/** Synchronous sleep (uninstall is one-shot; a sub-second block is fine). */
+function sleepSyncMs(ms) {
+  try { Atomics.wait(new Int32Array(new SharedArrayBuffer(4)), 0, 0, ms); } catch { /* ignore */ }
+}
+
+/** Is this pid alive right now? EPERM (foreign owner) counts as alive. */
+function pidAlive(pid) {
+  if (!Number.isFinite(pid) || pid <= 0) return false;
+  try { process.kill(pid, 0); return true; } catch (err) { return err.code === 'EPERM'; }
+}
+
+/**
+ * Stop a reconcile-v2 incremental-index maintainer that an earlier SessionStart
+ * prewarm hook auto-launched. The maintainer records its pid in
+ * `<stateDir>/index-maintainer.lock`.
+ *
+ * Strategy:
+ *   1. SIGTERM for a clean shutdown (the daemon flushes + releases its lock).
+ *   2. Escalate to SIGKILL if it is still alive after a short grace. Its tick
+ *      interval can be up to 5 minutes — far longer than uninstall can wait —
+ *      so we do not block for graceful exit. Maintainer writes are atomic
+ *      temp+rename, so a SIGKILL is crash-safe (validated by the RC soak +
+ *      crash probe).
+ *   3. Remove the lock file so the next start is clean.
+ *
+ * Never throws — every branch swallows errors (the daemon may not be running).
+ *
+ * Returns `{ present, pid, signalled, killed, lockRemoved }`.
+ */
+export function stopRunningMaintainer({
+  projectRoot,
+  stateDir = projectRoot ? join(projectRoot, DATA_DIR_NAME) : null,
+} = {}) {
+  const result = { present: false, pid: null, signalled: false, killed: false, lockRemoved: false };
+  if (!stateDir) return result;
+  const lockFile = join(stateDir, MAINTAINER_LOCK_FILENAME);
+  if (!existsSync(lockFile)) return result;
+  result.present = true;
+
+  let pid = null;
+  try { pid = Number(JSON.parse(readFileSync(lockFile, 'utf-8')).pid); } catch { pid = null; }
+
+  if (pidAlive(pid)) {
+    result.pid = pid;
+    try { process.kill(pid, 'SIGTERM'); result.signalled = true; } catch { /* ignore */ }
+    sleepSyncMs(300);
+    if (pidAlive(pid)) {
+      try { process.kill(pid, 'SIGKILL'); result.killed = true; } catch { /* ignore */ }
+    }
+  }
+
+  try { unlinkSync(lockFile); result.lockRemoved = true; } catch { /* ignore */ }
+  return result;
+}
+
 /**
  * Remove the index-maintainer daemon hook init copied into
  * `.claude/hooks/index-maintainer.mjs`. Only removes the file when it
@@ -414,6 +474,84 @@ export function removePrewarmSessionStartHook(projectRoot, { dryRun = false } =
   return { status: 'removed', detail: `spliced out ${sessionStart.length - filtered.length} entry` };
 }
 
+/**
+ * Remove the Codex CLI SessionStart hook entry that `--codex` init wrote into
+ * `.codex/hooks.json`. Mirrors `removePrewarmSessionStartHook`: only the
+ * sweet-search-owned entry (matched by the launcher filename) is spliced out;
+ * other events/entries are preserved. When our entry was the only content the
+ * file is deleted rather than left as an empty shell. The `[features] hooks`
+ * feature flag in config.toml is intentionally left in place — it's harmless and
+ * may be shared with other tooling.
+ *
+ * Returns `{ status, detail }`:
+ *   removed    — our entry was spliced out (file rewritten or deleted)
+ *   not-found  — no .codex/hooks.json, no SessionStart, or no matching entry
+ *   dry-run    — would remove (no write)
+ *   error      — non-fatal (unreadable / invalid JSON / write failed)
+ */
+export function removeCodexSessionStartHook(projectRoot, { dryRun = false } = {}) {
+  const hooksPath = join(projectRoot, '.codex', 'hooks.json');
+  if (!existsSync(hooksPath)) {
+    return { status: 'not-found', detail: 'no .codex/hooks.json' };
+  }
+
+  let raw;
+  try {
+    raw = readFileSync(hooksPath, 'utf-8');
+  } catch (err) {
+    return { status: 'error', detail: `read failed: ${err.message}` };
+  }
+
+  let doc;
+  try {
+    doc = JSON.parse(raw);
+  } catch (err) {
+    return { status: 'error', detail: `.codex/hooks.json is not valid JSON: ${err.message}` };
+  }
+
+  const sessionStart = doc?.hooks?.SessionStart;
+  if (!Array.isArray(sessionStart) || sessionStart.length === 0) {
+    return { status: 'not-found', detail: 'no SessionStart entries' };
+  }
+
+  const filtered = sessionStart.filter((group) =>
+    !(Array.isArray(group?.hooks) &&
+      group.hooks.some((h) => typeof h?.command === 'string' && h.command.includes(PREWARM_HOOK_FILENAME)))
+  );
+
+  if (filtered.length === sessionStart.length) {
+    return { status: 'not-found', detail: 'no matching entry' };
+  }
+
+  if (dryRun) {
+    return { status: 'dry-run', detail: `would remove ${sessionStart.length - filtered.length} entry` };
+  }
+
+  if (filtered.length === 0) {
+    delete doc.hooks.SessionStart;
+    if (doc.hooks && Object.keys(doc.hooks).length === 0) {
+      delete doc.hooks;
+    }
+  } else {
+    doc.hooks.SessionStart = filtered;
+  }
+
+  try {
+    if (doc && Object.keys(doc).length === 0) {
+      // Our hook was the only content — remove the file rather than leave `{}`.
+      unlinkSync(hooksPath);
+    } else {
+      const tmpPath = hooksPath + '.tmp';
+      writeFileSync(tmpPath, JSON.stringify(doc, null, 2) + '\n', 'utf-8');
+      renameSync(tmpPath, hooksPath);
+    }
+  } catch (err) {
+    return { status: 'error', detail: `write failed: ${err.message}` };
+  }
+
+  return { status: 'removed', detail: `spliced out ${sessionStart.length - filtered.length} entry` };
+}
+
 // ---------------------------------------------------------------------------
 // Optional native package list (derived from package.json)
 // ---------------------------------------------------------------------------
@@ -550,8 +688,35 @@ export async function runUninstall(args) {
   const indexMaintainerSkippedReason =
     indexMaintainerPreview.status === 'skipped' ? indexMaintainerPreview.detail : null;
 
+  // P1: agent-instruction files (AGENTS.md / CLAUDE.md / GEMINI.md /
+  // .cursor/rules/sweet-search.mdc) and the .claude/rules/sweet-search.md
+  // sentinel file. The marker block contract guarantees we only strip
+  // sweet-search-managed content; user prose outside the marker is preserved.
+  const agentInstructionsPreview = removeAgentInstructions({ projectRoot, dryRun: true });
+  const agentInstructionsTouched = Object.values(agentInstructionsPreview.harnesses ?? {})
+    .some(s => s === 'dry-run');
+  const claudeRulesPreview = removeClaudeRules({ projectRoot, dryRun: true });
+  const hasClaudeRules = claudeRulesPreview === 'dry-run';
+
+  // P2: UserPromptSubmit reminder hook (.claude/hooks/sweet-search-remind-tools.mjs
+  // + the matching settings.json entry).
+  const promptReminderPreview = removePromptReminderHook({ projectRoot, dryRun: true });
+  const hasPromptReminder = promptReminderPreview.status === 'dry-run';
+
+  // P3: Tool enforcement (Grep deny + PreToolUse hint hook for Read).
+  const toolEnforcementPreview = removeToolEnforcement({ projectRoot, dryRun: true });
+  const hasToolEnforcement = toolEnforcementPreview.status === 'dry-run';
+
+  // Codex CLI SessionStart hook (.codex/hooks.json), written by `init --codex`.
+  const codexHookPreview = removeCodexSessionStartHook(projectRoot, { dryRun: true });
+  const hasCodexHook = codexHookPreview.status === 'dry-run';
+
   // Nothing to remove?
-  if (removals.length === 0 && !hasHookEntry && !hasSkillEntry && !hasIndexMaintainerHook) {
+  if (
+    removals.length === 0 && !hasHookEntry && !hasSkillEntry && !hasIndexMaintainerHook
+    && !agentInstructionsTouched && !hasClaudeRules
+    && !hasPromptReminder && !hasToolEnforcement && !hasCodexHook
+  ) {
     console.log('Nothing to remove — Sweet Search is not initialized in this project.');
     return;
   }
@@ -576,6 +741,23 @@ export async function runUninstall(args) {
   } else if (indexMaintainerSkippedReason) {
     console.log(`    [skipped] ${indexMaintainerSkippedReason}`);
   }
+  if (agentInstructionsTouched) {
+    const targets = Object.entries(agentInstructionsPreview.harnesses)
+      .filter(([, v]) => v === 'dry-run').map(([k]) => k).join(', ');
+    console.log(`    agent-instruction marker blocks (${targets})`);
+  }
+  if (hasClaudeRules) {
+    console.log(`    .claude/rules/sweet-search.md`);
+  }
+  if (hasPromptReminder) {
+    console.log(`    UserPromptSubmit reminder hook (${promptReminderPreview.detail})`);
+  }
+  if (hasToolEnforcement) {
+    console.log(`    tool-enforcement strict mode (${toolEnforcementPreview.detail})`);
+  }
+  if (hasCodexHook) {
+    console.log(`    Codex SessionStart hook (.codex/hooks.json)`);
+  }
   console.log(`  Total: ${formatBytes(totalBytes)}`);
   if (parsed.keepModels) {
     console.log('  Model cache: kept (--keep-models)');
@@ -597,6 +779,10 @@ export async function runUninstall(args) {
     } else if (dryMaintainer.status === 'skipped') {
       console.log(`  Would skip: index-maintainer hook — ${dryMaintainer.detail}`);
     }
+    const dryCodex = removeCodexSessionStartHook(projectRoot, { dryRun: true });
+    if (dryCodex.status === 'dry-run') {
+      console.log(`  Would also remove: Codex SessionStart hook (.codex/hooks.json — ${dryCodex.detail})`);
+    }
     console.log('Dry run — nothing was removed.');
     return;
   }
@@ -615,6 +801,30 @@ export async function runUninstall(args) {
     }
   }
 
+  // Stop the running daemon + maintainer BEFORE deleting .sweet-search/. The
+  // maintainer records its pid in .sweet-search/index-maintainer.lock; if we
+  // removed the state dir first, stopRunningMaintainer() would have no pid to
+  // signal — the maintainer would leak and, because its tick loop recreates the
+  // state dir (mkdirSync), resurrect the very directory we just deleted. So this
+  // must run after the confirmation/dry-run gates but before any removal.
+  const daemonResult = stopRunningDaemon({ projectRoot });
+  if (daemonResult.killed) {
+    console.log('  Stopped: running prewarm daemon (SIGKILL via PID file)');
+  } else if (daemonResult.gracefulAttempted) {
+    console.log('  Stopped: running prewarm daemon (graceful via CLI)');
+  }
+  // If neither happened, daemon wasn't running — silent.
+
+  const maintainerResult = stopRunningMaintainer({ projectRoot });
+  if (maintainerResult.killed) {
+    console.log(`  Stopped: incremental-index maintainer (SIGKILL after grace, pid ${maintainerResult.pid})`);
+  } else if (maintainerResult.signalled) {
+    console.log(`  Stopped: incremental-index maintainer (SIGTERM, pid ${maintainerResult.pid})`);
+  } else if (maintainerResult.lockRemoved) {
+    console.log('  Cleared: stale incremental-index maintainer lock');
+  }
+  // If none happened, the maintainer wasn't running — silent.
+
   // Remove
   let removed = 0;
   let kept = 0;
@@ -680,16 +890,64 @@ export async function runUninstall(args) {
     kept++;
   }
 
-  // Stop any daemon that an earlier SessionStart hook spawned. Otherwise the
-  // old daemon keeps running and holding the socket after uninstall, which
-  // surprises users. Never throws — `stopRunningDaemon` swallows every error.
-  const daemonResult = stopRunningDaemon({ projectRoot });
-  if (daemonResult.killed) {
-    console.log('  Stopped: running prewarm daemon (SIGKILL via PID file)');
-  } else if (daemonResult.gracefulAttempted) {
-    console.log('  Stopped: running prewarm daemon (graceful via CLI)');
+  // Reverse the Codex SessionStart hook written by `init --codex`. The
+  // config.toml feature flag is left in place (harmless, possibly shared).
+  const codexHookResult = removeCodexSessionStartHook(projectRoot, { dryRun: parsed.dryRun });
+  if (codexHookResult.status === 'removed') {
+    console.log(`  Removed: Codex SessionStart hook (.codex/hooks.json — ${codexHookResult.detail})`);
+    removed++;
+  } else if (codexHookResult.status === 'error') {
+    console.log(`  Failed to remove Codex SessionStart hook: ${codexHookResult.detail}`);
+    kept++;
+  }
+  // 'not-found' and 'dry-run' are silent in the main output.
+
+  // P1: strip agent-instruction marker blocks across all five harness files.
+  // The marker contract guarantees we never delete user prose outside of it.
+  const agentInstructionsResult = removeAgentInstructions({ projectRoot, dryRun: parsed.dryRun });
+  for (const [harness, status] of Object.entries(agentInstructionsResult.harnesses)) {
+    if (status === 'removed') {
+      console.log(`  Removed: ${harness} agent-instruction block`);
+      removed++;
+    } else if (status === 'file-deleted') {
+      console.log(`  Removed: ${harness} agent-instruction file (wholly sweet-search-managed)`);
+      removed++;
+    }
+    // 'not-found' / 'not-our-symlink' / 'dry-run' are silent.
+  }
+
+  // Remove the .claude/rules/sweet-search.md sentinel file. CLAUDE.md import
+  // line was already stripped by removeAgentInstructions above (it lived
+  // inside the agent-instructions marker).
+  const claudeRulesResult = removeClaudeRules({ projectRoot, dryRun: parsed.dryRun });
+  if (claudeRulesResult === 'removed') {
+    console.log(`  Removed: .claude/rules/sweet-search.md`);
+    removed++;
+  } else if (claudeRulesResult === 'preserved-user-file') {
+    console.log(`  Kept: .claude/rules/sweet-search.md — no sweet-search sentinel (user-edited)`);
+    kept++;
+  }
+  // 'not-found' / 'dry-run' are silent.
+
+  // P2: strip the UserPromptSubmit reminder hook + settings entry.
+  const promptReminderResult = removePromptReminderHook({ projectRoot, dryRun: parsed.dryRun });
+  if (promptReminderResult.status === 'removed') {
+    console.log(`  Removed: UserPromptSubmit reminder hook (${promptReminderResult.detail})`);
+    removed++;
+  } else if (promptReminderResult.status === 'error') {
+    console.log(`  Failed to remove UserPromptSubmit reminder hook: ${promptReminderResult.detail}`);
+    kept++;
+  }
+
+  // P3: strip the tool-enforcement Grep deny + PreToolUse hook + hook file.
+  const toolEnforcementResult = removeToolEnforcement({ projectRoot, dryRun: parsed.dryRun });
+  if (toolEnforcementResult.status === 'removed') {
+    console.log(`  Removed: tool-enforcement (${toolEnforcementResult.detail})`);
+    removed++;
+  } else if (toolEnforcementResult.status === 'error') {
+    console.log(`  Failed to remove tool-enforcement: ${toolEnforcementResult.detail}`);
+    kept++;
   }
-  // If neither happened, daemon wasn't running — silent.
 
   // Purge npm packages
   if (parsed.purge) {