You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
PR #159 (closing #158) restores the shipping artefacts (Releases/v4.0.3+/.claude/package.json, Releases/v4.0.3+/.claude/PAI/PAISECURITYSYSTEM/patterns.example.yaml) so that future installs would close the SecurityValidator no-op regression — but only if the installer also has a step that materializes ~/.pai/PAI/... from the cloned ~/.claude/PAI/... and runs bun install in ~/.pai/ to populate node_modules/yaml/.
Today there is no such step. The installer's engine/steps.ts has 8 steps; none of them touch ~/.pai/PAI/ or run bun install anywhere. migratePerPackSymlinks handles skills/ only.
Required work
New installer step (or extension of an existing one) that, after the repo clone:
Copies (or symlinks) ~/.claude/package.json to ~/.pai/package.json if not present.
Runs bun install in ~/.pai/ (idempotent — skip if ~/.pai/node_modules/yaml/ already exists at the right version).
Materializes ~/.claude/PAI/PAISECURITYSYSTEM/ into ~/.pai/PAI/PAISECURITYSYSTEM/ (analogous to per-pack skill canonicalization, but for the PAI/ subtree).
Background
PR #159 (closing #158) restores the shipping artefacts (
Releases/v4.0.3+/.claude/package.json,Releases/v4.0.3+/.claude/PAI/PAISECURITYSYSTEM/patterns.example.yaml) so that future installs would close the SecurityValidator no-op regression — but only if the installer also has a step that materializes~/.pai/PAI/...from the cloned~/.claude/PAI/...and runsbun installin~/.pai/to populatenode_modules/yaml/.Today there is no such step. The installer's
engine/steps.tshas 8 steps; none of them touch~/.pai/PAI/or runbun installanywhere.migratePerPackSymlinkshandlesskills/only.Required work
New installer step (or extension of an existing one) that, after the repo clone:
~/.claude/package.jsonto~/.pai/package.jsonif not present.bun installin~/.pai/(idempotent — skip if~/.pai/node_modules/yaml/already exists at the right version).~/.claude/PAI/PAISECURITYSYSTEM/into~/.pai/PAI/PAISECURITYSYSTEM/(analogous to per-pack skill canonicalization, but for the PAI/ subtree).Decide: copy vs symlink for the PAI/ subtree. Skill packs use per-pack symlinks (Skills separation is documentation-only: Claude Code harness reads ~/.claude/skills/, not ~/.pai/skills/ #110); PAI/ has historically been a real directory under
~/.pai/PAI/populated by other means (no current automated mechanism). Worth aligning on one model.Decide: should
bun.lockbe tracked in the repo (commit it) or treated as a runtime-only artefact (gitignore)?Test: after a fresh-install run-through,
Tools/verify-security-validator.shshould reportPASS=8 FAIL=0without manual setup.Verification
After implementation, a fresh install on a clean machine should:
~/.pai/node_modules/yaml/.~/.pai/PAI/PAISECURITYSYSTEM/patterns.example.yaml.bash Tools/verify-security-validator.shto pass with no further setup.Refs
migratePerPackSymlinksinReleases/v4.0.3+/.claude/PAI-Install/engine/skill-migration.ts— pattern reference for analogous canonicalization logic.