5 commits

Author	SHA1	Message	Date
KeiSei84	d89ddf0c74	fix(install): normalize null hook matcher → "" on merge (Claude Code /doctor) ... Users with pre-kit hooks that have no `matcher` field end up with matcher:null, which Claude Code /doctor rejects ("Expected string, but received null") and skips the whole settings file. The jq merge preserved null as-is, so every reinstall re-surfaced the error. Now map(.matcher //= "") before group_by → null/absent collapses to "" (match-all), one group per matcher. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-22 16:53:27 +08:00
KeiSei84	01d5aa510f	fix(install): run onboarding + profile wizard in curl|bash (gate on stdin, not stdout) ... web-install.sh tees stdout to a logfile (exec > >(tee) 2>&1), so -t 1 is false even in an interactive curl|bash. The /dev/tty fix reattached stdin but the wizard gates required BOTH -t 0 and -t 1, so onboarding (language select) and bootstrap's profile wizard were silently skipped on the primary install path. Prompts go to stderr and read from stdin — interactive stdin is the only real requirement (already the proven pattern in lib-plan.sh confirm screen). Gates now require interactive stdin only: bootstrap.sh profile wizard lib-onboarding.sh onboarding_should_run + preflight-continue prompt lib-preflight.sh CLI-install offer prompt lib-hooks.sh activate-hooks prompt Non-interactive (CI / </dev/null / no /dev/tty) still skips — verified. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-22 03:58:55 +08:00
denis	305787fae3	fix(install): make fresh install complete + ship tamagotchi (#1)	2026-05-20 18:50:09 +00:00
Parfii-bot	8a885a7d76	fix(release+slices): v0.14.4 publish auth fallback + 4 fix-implementer slices ... After v0.14.3 npm-publish failed again with 401 Unauthorized despite path-scoped _authToken. Direct curl probe to keigit confirmed BOTH Bearer and Basic auth schemes work — so the issue is npm 10 not sending the auth header in CI. Likely cause: deprecated `always-auth=true` interfered with token resolution. == Publish auth fix == - Drop `always-auth=true` (deprecated in npm 10+; warns in logs) - Keep path-scoped `_authToken` (npm 10 canonical) - Add legacy Basic-auth fallback rows (username/_password/email) — Forgejo accepts both schemes per direct probe; if one resolution path fails, npm tries the other - chmod 600 on $HOME/.npmrc and project .npmrc (defense-in-depth) - Bump 0.14.3 → 0.14.4 == Slice A — TS server hardening (Sonnet code-implementer-typescript) == File: _ts_packages/packages/mcp-server/src/server.ts (+3/-1) File: _ts_packages/packages/mcp-server/src/index.ts (+14/-4) - safeEqual constant-time path on length mismatch (timing oracle close) - HTTP server defaults to 127.0.0.1 bind; --bind <addr> opt-in for 0.0.0.0 - Body cap 1 MiB with 413 response (DoS prevention) - VERIFIED: tsc -b --noEmit exit 0 == Slice B — Outcome-only profile hardening (Sonnet code-implementer) == Files: install.sh, install/lib-args.sh, install/lib-profile-outcome-only.sh - Confirm-screen gate before destructive install (skips on --dry-run / --yes) - _outcome_install_ledger return value tracked → summary reflects reality (was: false-success "ledger: ..." when init failed) - --dry-run silent-ignored on non-outcome profiles → now warns - VERIFIED: end-to-end smoke against fake $HOME with `<<< "y"` — all 5 files installed, schema v9 + 2 triggers, summary correct == Slice D — jq-merge dedup tuple (Sonnet code-implementer) == File: install/lib-hooks.sh - Replaced `unique_by(.command)` with reduce-into-object keyed on norm-ed command (tilde-vs-absolute path collision fix) - Snippet-wins precedence on collision - 3 manual scenario traces pass: tilde+tilde, absolute+tilde, idempotency == Slice E — Doc honesty pass (Sonnet code-implementer, selective-merged) == Files: README.md, docs/{INSTALL,ARCHITECTURE,PROFILE-OUTCOME-ONLY}.md Note: Slice E worktree was based on an older main commit; merged selectively to preserve current-main values (565 DNAs, not worktree's 518) - README:62 plugin marketplace URL: KeiSei84/KeiSeiKit → KeiSei84/KeiSeiKit-1.0 (consistent with line 66 git clone URL + Cargo.toml repository field) - README:9-15: per-claim [REAL: <command>] markers on all 8 numerics - README:124-132 + PROFILE-OUTCOME-ONLY.md:43-55 + ARCHITECTURE.md:288-302: rephrase 100-row router claim — now describes Wilson lower-bound (δ=0.10, q*=0.70) continuous metric with file:line pointer to select.rs - INSTALL.md: ESTIMATE-HTC marker covering all install-time / disk-size numerics in profile table (RULE 0.18 compliance) - PROFILE-OUTCOME-ONLY.md privacy section: discloses agent-toolstats.jsonl sidecar (was undocumented per W3 finding) - PROFILE-OUTCOME-ONLY.md uninstall: added 6th rm -f for .bak-* cleanup (closes orphan-accumulation per W3+W4 audits) [FROM-JOURNAL: tasks.jsonl this session — 12 audit agents waves 5+6 + 4 parallel fix-implementer worktrees ran ~25 min wall-time] Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-04 00:16:48 +08:00
Parfii-bot	0be354a920	KeiSeiKit-public — clean state ... Single-commit clean baseline after security scrub of niche-tells, project codenames, internal jargon, and contributor-email leaks. Contents: - 100 Rust crates (_primitives/_rust/) - 37 agent manifests (_manifests/) + generated specs (_generated/) - 67 user-invocable skills (skills/) - 33 hooks (hooks/) - Composition blocks (_blocks/) - Documentation (docs/, README.md) - TS adapter packages (_ts_packages/) - Assembler (_assembler/) - Roles (_roles/) - Templates (_templates/) - Forgejo CI (.forgejo/) Author: Denis Parfionovich <info@greendragon.info> License: see LICENSE.	2026-05-01 12:09:03 +08:00