wotann 0.5.92 → 0.5.94

package/dist/security/skills-guard.js

@@ -7,9 +7,13 @@
  * escalation, agent config persistence, hardcoded secrets, and invisible text.
  */
 import { createHash } from "node:crypto";
-import { existsSync, lstatSync, readFileSync, readdirSync, realpathSync, } from "node:fs";
+import { existsSync, lstatSync, readFileSync, readdirSync, realpathSync } from "node:fs";
 import { extname, isAbsolute, join, relative, resolve } from "node:path";
-export const TRUSTED_SKILL_REPOS = new Set(["openai/skills", "anthropics/skills", "huggingface/skills"]);
+export const TRUSTED_SKILL_REPOS = new Set([
+    "openai/skills",
+    "anthropics/skills",
+    "huggingface/skills",
+]);
 export const INSTALL_POLICY = {
     builtin: ["allow", "allow", "allow"],
     trusted: ["allow", "allow", "block"],
@@ -405,7 +409,14 @@ export function contentHash(path) {
     return `sha256:${h.digest("hex").slice(0, 16)}`;
 }
 function p(pattern, patternId, severity, category, description, recommendation) {
-    return { regex: new RegExp(pattern, "i"), patternId, severity, category, description, recommendation };
+    return {
+        regex: new RegExp(pattern, "i"),
+        patternId,
+        severity,
+        category,
+        description,
+        recommendation,
+    };
 }
 function buildScanResult(input) {
     const issues = deduplicateIssues(input.findings);
@@ -489,7 +500,17 @@ function checkStructure(skillDir) {
     return findings;
 }
 function structuralIssue(patternId, severity, category, file, match, description, recommendation) {
-    return { pattern: category, patternId, category, file, line: 0, match, severity, description, recommendation };
+    return {
+        pattern: category,
+        patternId,
+        category,
+        file,
+        line: 0,
+        match,
+        severity,
+        description,
+        recommendation,
+    };
 }
 function listFiles(root) {
     return listEntries(root).filter((entry) => {
@@ -524,7 +545,7 @@ function isInside(child, parent) {
 function worstSeverity(issues) {
     if (issues.length === 0)
         return "info";
-    return issues.reduce((worst, issue) => (SEVERITY_ORDER[issue.severity] < SEVERITY_ORDER[worst] ? issue.severity : worst), "info");
+    return issues.reduce((worst, issue) => SEVERITY_ORDER[issue.severity] < SEVERITY_ORDER[worst] ? issue.severity : worst, "info");
 }
 function compareIssueSeverity(a, b) {
     return SEVERITY_ORDER[a.severity] - SEVERITY_ORDER[b.severity];

package/dist/ui/raw-mode-guard.d.ts

@@ -38,6 +38,20 @@ export interface RawModeStream {
  * state is preserved when it works) inside a try/catch. If it throws
  * here, the resolver falls through to `/dev/tty` or refuses cleanly
  * instead of mounting Ink into the silent loop.
+ *
+ * Node 25 `_handle` exception (added 2026-05-28 — empirical evidence
+ * from user diagnostic): on Node v25.x, the probe call throws
+ *   "Cannot read properties of undefined (reading '_handle')"
+ * because the libuv TTY binding (`this._handle`) isn't initialized at
+ * probe time — Node 25 lazily binds it on first I/O. The same
+ * `setRawMode` call AT INK'S RENDER COMMIT succeeds because by then
+ * Ink has read from the stream and the binding is live. Treating
+ * this specific error as "passes" (optimistic) lets the mount
+ * proceed; the `mount-interactive-ink` Ink-throw backstop catches
+ * any genuine failure at render time and writes the same actionable
+ * guidance. False-positive cost: a runtime error message instead of
+ * a guard refusal — same end UX. True-positive value: working TUI
+ * under Node 25, which is the user's current default.
  */
 export declare function isRawModeCapable(stream: unknown): boolean;
 export interface ResolveStdinOptions {
@@ -46,10 +60,26 @@ export interface ResolveStdinOptions {
 }
 /**
  * Resolve an input stream Ink can drive `useInput()` with:
- *   1. `stdin` itself if it is already raw-capable.
- *   2. else the controlling terminal (`/dev/tty`) if raw-capable.
+ *   1. controlling terminal (`/dev/tty`) if raw-capable — preferred.
+ *   2. else `stdin` if it is raw-capable — fallback for CI / Windows /
+ *      detached processes that have no controlling terminal.
  *   3. else `null` — caller MUST NOT mount the interactive Ink app
  *      (it would hang); print guidance + exit instead.
+ *
+ * Why /dev/tty FIRST (changed 2026-05-28 from stdin-first):
+ * Under `npx wotann`, `npm exec`, `sudo`, and other launchers, the
+ * subprocess's `process.stdin` can pass the static shape check
+ * (`isTTY === true`, `setRawMode` is a function) yet behave oddly
+ * when Ink actually drives it — the probe's no-op `setRawMode(false)`
+ * succeeds while Ink's `setRawMode(true)` then fails, the stream is in
+ * flowing mode because some boot import attached a `data` listener,
+ * the launcher transformed the descriptor, etc. The controlling
+ * terminal is the canonical "user's keyboard" source and is
+ * unaffected by any of that — the same pattern `less`, `vim`, `sudo`,
+ * and `git rebase -i` use for stdin-needs-tty scenarios. The fallback
+ * to `stdin` covers the no-`/dev/tty` cases (CI containers, Windows
+ * without a console, detached processes).
+ *
  * Never throws.
  */
 export declare function resolveInteractiveStdin(stdin?: unknown, opts?: ResolveStdinOptions): NodeJS.ReadStream | null;
@@ -77,10 +107,14 @@ export interface StdinDiagnosis {
     readonly ttyProbeResult?: string;
 }
 /**
- * Walks the same `resolveInteractiveStdin` steps and records what each
- * one saw. Use this when the resolver returns `null` to print a
- * self-explanatory refusal — future bug reports will include the
- * diagnosis automatically instead of just "guard refused, why?".
+ * Records the full state of BOTH potential input sources — /dev/tty
+ * (the preferred source after the 2026-05-28 reorder) and `stdin`
+ * (the fallback). Always walks both regardless of whether the
+ * resolver would have short-circuited, because the diagnostic is most
+ * useful when something looks wrong with one source: the user / next
+ * agent gets the full picture, not "stdin worked, didn't look at tty".
+ *
+ * Never throws.
  */
 export declare function diagnoseStdin(stdin?: unknown, opts?: ResolveStdinOptions): StdinDiagnosis;
 /**

package/dist/ui/raw-mode-guard.js

@@ -35,6 +35,20 @@ import { ReadStream } from "node:tty";
  * state is preserved when it works) inside a try/catch. If it throws
  * here, the resolver falls through to `/dev/tty` or refuses cleanly
  * instead of mounting Ink into the silent loop.
+ *
+ * Node 25 `_handle` exception (added 2026-05-28 — empirical evidence
+ * from user diagnostic): on Node v25.x, the probe call throws
+ *   "Cannot read properties of undefined (reading '_handle')"
+ * because the libuv TTY binding (`this._handle`) isn't initialized at
+ * probe time — Node 25 lazily binds it on first I/O. The same
+ * `setRawMode` call AT INK'S RENDER COMMIT succeeds because by then
+ * Ink has read from the stream and the binding is live. Treating
+ * this specific error as "passes" (optimistic) lets the mount
+ * proceed; the `mount-interactive-ink` Ink-throw backstop catches
+ * any genuine failure at render time and writes the same actionable
+ * guidance. False-positive cost: a runtime error message instead of
+ * a guard refusal — same end UX. True-positive value: working TUI
+ * under Node 25, which is the user's current default.
  */
 export function isRawModeCapable(stream) {
     if (stream === null || typeof stream !== "object")
@@ -48,10 +62,22 @@ export function isRawModeCapable(stream) {
         setRawMode(currentIsRaw);
         return true;
     }
-    catch {
-        return false;
+    catch (e) {
+        return isNode25HandleInitDefer(e);
     }
 }
+/**
+ * Detect the Node 25+ "_handle is undefined at probe time" pattern.
+ * Matches both the literal `_handle` reference and the broader libuv
+ * binding init-order race that surfaces under the same wording. Kept
+ * separate from `isRawModeCapable` so the rationale lives next to
+ * the matcher and the same logic can drive `probeStdinDetail`.
+ */
+function isNode25HandleInitDefer(e) {
+    if (!(e instanceof Error))
+        return false;
+    return e.message.includes("_handle");
+}
 /**
  * Open the controlling terminal as a raw-capable input stream, or
  * `null` if there is none (Windows without a console, detached
@@ -72,24 +98,42 @@ function defaultOpenControllingTty() {
 }
 /**
  * Resolve an input stream Ink can drive `useInput()` with:
- *   1. `stdin` itself if it is already raw-capable.
- *   2. else the controlling terminal (`/dev/tty`) if raw-capable.
+ *   1. controlling terminal (`/dev/tty`) if raw-capable — preferred.
+ *   2. else `stdin` if it is raw-capable — fallback for CI / Windows /
+ *      detached processes that have no controlling terminal.
  *   3. else `null` — caller MUST NOT mount the interactive Ink app
  *      (it would hang); print guidance + exit instead.
+ *
+ * Why /dev/tty FIRST (changed 2026-05-28 from stdin-first):
+ * Under `npx wotann`, `npm exec`, `sudo`, and other launchers, the
+ * subprocess's `process.stdin` can pass the static shape check
+ * (`isTTY === true`, `setRawMode` is a function) yet behave oddly
+ * when Ink actually drives it — the probe's no-op `setRawMode(false)`
+ * succeeds while Ink's `setRawMode(true)` then fails, the stream is in
+ * flowing mode because some boot import attached a `data` listener,
+ * the launcher transformed the descriptor, etc. The controlling
+ * terminal is the canonical "user's keyboard" source and is
+ * unaffected by any of that — the same pattern `less`, `vim`, `sudo`,
+ * and `git rebase -i` use for stdin-needs-tty scenarios. The fallback
+ * to `stdin` covers the no-`/dev/tty` cases (CI containers, Windows
+ * without a console, detached processes).
+ *
  * Never throws.
  */
 export function resolveInteractiveStdin(stdin = process.stdin, opts = {}) {
-    if (isRawModeCapable(stdin))
-        return stdin;
     const open = opts.openControllingTty ?? defaultOpenControllingTty;
     let tty = null;
     try {
         tty = open();
     }
     catch {
-        return null;
+        tty = null;
     }
-    return isRawModeCapable(tty) ? tty : null;
+    if (tty !== null && isRawModeCapable(tty))
+        return tty;
+    if (isRawModeCapable(stdin))
+        return stdin;
+    return null;
 }
 /**
  * Same observation pattern as `isRawModeCapable` but captures the
@@ -123,21 +167,16 @@ function probeStdinDetail(stream) {
     }
 }
 /**
- * Walks the same `resolveInteractiveStdin` steps and records what each
- * one saw. Use this when the resolver returns `null` to print a
- * self-explanatory refusal — future bug reports will include the
- * diagnosis automatically instead of just "guard refused, why?".
+ * Records the full state of BOTH potential input sources — /dev/tty
+ * (the preferred source after the 2026-05-28 reorder) and `stdin`
+ * (the fallback). Always walks both regardless of whether the
+ * resolver would have short-circuited, because the diagnostic is most
+ * useful when something looks wrong with one source: the user / next
+ * agent gets the full picture, not "stdin worked, didn't look at tty".
+ *
+ * Never throws.
  */
 export function diagnoseStdin(stdin = process.stdin, opts = {}) {
-    const stdinProbe = probeStdinDetail(stdin);
-    if (stdinProbe.probeResult === "ok") {
-        return {
-            stdinIsTTY: stdinProbe.isTTY,
-            stdinHasSetRawMode: stdinProbe.hasSetRawMode,
-            stdinProbeResult: stdinProbe.probeResult,
-            ttyOpenResult: "not-attempted",
-        };
-    }
     const open = opts.openControllingTty ?? defaultOpenControllingTty;
     let tty = null;
     let ttyOpenResult;
@@ -148,6 +187,7 @@ export function diagnoseStdin(stdin = process.stdin, opts = {}) {
     catch (e) {
         ttyOpenResult = e instanceof Error ? e.message : String(e);
     }
+    const stdinProbe = probeStdinDetail(stdin);
     if (tty === null) {
         return {
             stdinIsTTY: stdinProbe.isTTY,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "wotann",
-  "version": "0.5.92",
+  "version": "0.5.94",
   "description": "WOTANN — The All-Father of AI Agent Harnesses",
   "type": "module",
   "main": "dist/index.js",