Merge pull request #158 from laststance/feature/fallow-dupes-health

chore: gate fallow dupes and health

Author: ryota-murakami

.fallowrc.jsonc

@@ -1,9 +1,9 @@
 {
   // Pin the schema to the same fallow tag this repo runs (`fallow --version`
-  // currently reports 2.65.0). Keeping `main` here would let upstream schema
+  // currently reports 2.69.0). Keeping `main` here would let upstream schema
   // changes silently break editor validation between fallow upgrades — bump
   // this URL together with the package install when bumping fallow.
-  "$schema": "https://raw.githubusercontent.com/fallow-rs/fallow/v2.65.0/schema.json",
+  "$schema": "https://raw.githubusercontent.com/fallow-rs/fallow/v2.69.0/schema.json",
   // electron-vite uses two HTML entries declared in electron.vite.config.ts:
   //   src/renderer/index.html         → loads ./src/main.tsx (main window)
   //   src/renderer/settings/index.html → loads ./main.tsx (Settings window, see PR125)
@@ -47,29 +47,37 @@
     // (specs + helpers + fixtures) so `fallow dupes` only flags duplication
     // in production code worth refactoring.
     //
-    // The 5 remaining app-code detections are deliberate — DO NOT extract:
-    //   1. trashService.ts:287/557 (25 lines): `scanOrphanSymlinkPaths`
-    //      uses warn+continue while `moveToTrash` throws on the same
-    //      validatePath/lstat scaffold. Sharing would force the caller to
-    //      pass an error-policy callback and obscure the intent.
-    //   2. ipc/skills.ts:78/131 (9 lines): bulk-unlink REFUSES local-skill
-    //      directories; single-unlink rm -rf's them (single has confirm UX,
-    //      bulk does not). Both inline `match({isSymlink, isDirectory})`.
-    //   3. trashService.ts:546/781 (7 lines): `moveSourceBackedToTrash` and
-    //      `moveLocalOnlyToTrash` share return type + TRASH_DIR mkdir +
-    //      buildEntryName but diverge on `entrySourceDir` vs
-    //      `localCopiesRoot`. A shared init helper would only save 6 lines.
-    //   4. skillScanner.ts:248/353 (7 lines): orphan vs local skill object
-    //      initializers differ in 4 fields (status, isLocal, isOrphan,
-    //      skillMdSymlinkTarget). Sharing needs 4+ parameters.
-    //   5. CopyToAgentsModal/SkillItem (5 lines): identical Redux selector
-    //      reads — natural shape of `useAppSelector` calls per component.
+    // The remaining trashService detections are deliberately suppressed inline
+    // at the narrow blocks that differ only in error policy or entry layout.
+    // Keep this ignore list broad for tests/fixtures only so new production
+    // duplication in trashService still gets reported.
     "ignore": [
       "**/*.test.ts",
       "**/*.test.tsx",
       "**/*.spec.ts",
       "**/*.spec.tsx",
       "e2e/**"
     ]
+  },
+  "health": {
+    // Health runs without Istanbul coverage input in local validate/CI, so CRAP
+    // would otherwise treat every unmeasured branch as risky. Keep the gate on
+    // structural complexity and set CRAP as a current-state regression ceiling.
+    "maxCyclomatic": 40,
+    "maxCognitive": 40,
+    "maxCrap": 120,
+    // Test, E2E, Storybook, and one-off build scripts intentionally optimize
+    // for scenario clarity over low branch count; they are covered by their own
+    // runner gates rather than the production health budget.
+    "ignore": [
+      "**/*.test.ts",
+      "**/*.test.tsx",
+      "**/*.spec.ts",
+      "**/*.spec.tsx",
+      "e2e/**",
+      ".storybook/**",
+      "scripts/**"
+    ],
+    "suggestInlineSuppression": true
   }
 }

.github/workflows/fallow.yml

@@ -7,8 +7,22 @@ on:
     branches: [main]
 
 jobs:
-  dead-code:
+  fallow:
+    name: ${{ matrix.name }}
     runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - name: dead-code
+            command: dead-code
+            args: ''
+          - name: dupes
+            command: dupes
+            args: ''
+          - name: health
+            command: health
+            args: '--complexity'
 
     steps:
       - name: Checkout
@@ -17,5 +31,5 @@ jobs:
       - name: Prepare
         uses: ./.github/actions/prepare
 
-      - name: Fallow dead-code
-        run: npx fallow dead-code --fail-on-issues --format compact
+      - name: Fallow ${{ matrix.name }}
+        run: pnpm exec fallow ${{ matrix.command }} ${{ matrix.args }} --fail-on-issues --format compact

e2e/spec/unlink-agent.e2e.ts

@@ -219,18 +219,17 @@ test('unlinkFromAgent removes one valid azure-ai symlink without touching the so
  * handler dispatches on `lstat` kind via ts-pattern (skills.ts:130-145):
  *
  *   - symlink                    → fs.unlink, success: true
- *   - directory (local skill)    → fs.rm -rf, success: true
+ *   - directory (local skill)    → confirmed shell.trashItem, success: true
  *   - regular file (none of above) → otherwise, success: false with copy
- *   - lstat throws (e.g. ENOENT) → catch, success: false with extracted msg
+ *   - lstat throws ENOENT        → idempotent no-op, success: true
  *
- * The two tests below pin the bottom two rows. Without them, a regression
- * that flipped the `.otherwise()` branch to `fs.rm` would silently delete
- * any regular file the renderer happens to pass — and a regression that
- * stopped catching lstat errors would surface as an uncaught IPC rejection
- * in the renderer (worse UX than a structured failure row).
+ * The two tests below pin the bottom two rows. Without them, double-clicks
+ * could surface stale-path errors and a regression that flipped the
+ * `.otherwise()` branch to a destructive path would silently delete any
+ * regular file the renderer happens to pass.
  */
 
-test('unlinkFromAgent returns structured failure when linkPath does not exist', async ({
+test('unlinkFromAgent treats a missing linkPath as an idempotent success', async ({
   appWindow,
   isolatedHome,
 }) => {
@@ -244,8 +243,8 @@ test('unlinkFromAgent returns structured failure when linkPath does not exist',
   const missingLinkPath = join(claudeAgentPath, 'never-existed')
 
   // Sanity — confirm the path is genuinely absent before the IPC fires. A
-  // false positive here would be silent: the handler's success path also
-  // swallows ENOENT, so we'd think the failure-branch fired when it didn't.
+  // false positive here would silently test the normal unlink path instead of
+  // the idempotent missing-path branch.
   expect(existsSync(missingLinkPath)).toBe(false)
 
   const ipcResult = await appWindow.evaluate(
@@ -258,13 +257,7 @@ test('unlinkFromAgent returns structured failure when linkPath does not exist',
     },
   )
 
-  expect(ipcResult.success).toBe(false)
-  // ENOENT is the surface form on macOS + Linux; pinning the substring
-  // keeps a `extractErrorMessage` rewrite from silently passing this test.
-  // `UnlinkResult` is { success: boolean, error?: string } (not a discriminated
-  // union) — toMatch on undefined would throw, so this also covers
-  // "error must actually be populated when success is false".
-  expect(ipcResult.error).toMatch(/ENOENT|no such file or directory/i)
+  expect(ipcResult).toEqual({ success: true })
 })
 
 test('unlinkFromAgent refuses a regular file with the structured kind-mismatch error', async ({

package.json

@@ -23,8 +23,10 @@
     "typecheck": "tsc --noEmit",
     "lint": "eslint . --max-warnings 0",
     "lint:fix": "eslint . --fix",
-    "fallow:dead-code": "pnpm exec fallow dead-code",
-    "validate": "run-p lint test typecheck fallow:dead-code storybook:build",
+    "fallow:dead-code": "pnpm exec fallow dead-code --fail-on-issues",
+    "fallow:dupes": "pnpm exec fallow dupes --fail-on-issues",
+    "fallow:health": "pnpm exec fallow health --complexity --fail-on-issues",
+    "validate": "run-p lint test typecheck fallow:dead-code fallow:dupes fallow:health storybook:build",
     "prepare": "husky",
     "prettier": "prettier --ignore-unknown --write .",
     "clean": "rm -rf dist build .vite node_modules pnpm-lock.yaml"

src/main/ipc/ipc-schemas.ts

@@ -183,6 +183,7 @@ export const IPC_ARG_SCHEMAS: Partial<Record<IpcInvokeChannel, z.ZodTuple>> = {
       skillName: skillNameString,
       agentId: nonEmptyString,
       linkPath: nonEmptyString,
+      confirmedLocalDirectoryDelete: z.boolean().optional(),
     }),
   ]),
   'skills:removeAllFromAgent': z.tuple([

src/main/ipc/skills.ts

@@ -27,6 +27,47 @@ import type {
 import { typedHandle } from './typedHandle'
 import { typedSend } from './typedSend'
 
+type AgentPathRemovalResult =
+  | { success: true }
+  | { success: false; error: string; code?: string }
+
+/**
+ * Remove an agent symlink path after the caller has already validated and
+ * lstat'd it. Directories are refused here so destructive local-folder removal
+ * remains isolated to the single-unlink confirmation path.
+ * @param linkPath - Validated path inside an agent skills directory
+ * @param stats - `lstat` result for linkPath
+ * @returns Structured IPC result for renderer toast handling
+ * @example
+ * removeLinkPathByKind('/Users/me/.cursor/skills/task', stats)
+ */
+async function removeLinkPathByKind(
+  linkPath: AbsolutePath,
+  stats: Stats,
+): Promise<AgentPathRemovalResult> {
+  return match({
+    isSymlink: stats.isSymbolicLink(),
+    isDirectory: stats.isDirectory(),
+  })
+    .with({ isSymlink: true }, async () => {
+      await fs.unlink(linkPath)
+      return { success: true } as const
+    })
+    .with(
+      { isSymlink: false, isDirectory: true },
+      async () =>
+        ({
+          success: false as const,
+          error:
+            'Cannot unlink a local skill. Use Delete to move it to trash instead.',
+        }) satisfies AgentPathRemovalResult,
+    )
+    .otherwise(async () => ({
+      success: false as const,
+      error: 'Cannot remove: path is neither a symlink nor a directory',
+    }))
+}
+
 /**
  * Unlink or remove a single link-path inside an agent directory. Shared by the
  * single-unlink handler and the batch-unlink handler so both behave identically.
@@ -72,27 +113,7 @@ async function removeFromAgent(
   }
 
   try {
-    // Discriminate on file-stat kind: symlink → unlink, local directory →
-    // refuse (bulk unlink is non-destructive; user must go through bulk
-    // Delete), everything else (files, sockets, etc.) → refuse as unsupported.
-    const kindResult = await match({
-      isSymlink: stats.isSymbolicLink(),
-      isDirectory: stats.isDirectory(),
-    })
-      .with({ isSymlink: true }, async () => {
-        await fs.unlink(linkPath)
-        return { success: true } as const
-      })
-      .with({ isSymlink: false, isDirectory: true }, async () => ({
-        success: false as const,
-        error:
-          'Cannot unlink a local skill. Use Delete to move it to trash instead.',
-      }))
-      .otherwise(async () => ({
-        success: false as const,
-        error: 'Cannot remove: path is neither a symlink nor a directory',
-      }))
-    return kindResult
+    return await removeLinkPathByKind(linkPath, stats)
   } catch (error) {
     return {
       success: false,
@@ -116,36 +137,42 @@ export function registerSkillsHandlers(): void {
    * @returns UnlinkResult with success status and optional error
    */
   typedHandle(IPC_CHANNELS.SKILLS_UNLINK_FROM_AGENT, async (_, options) => {
-    const { linkPath } = options
+    const { linkPath, confirmedLocalDirectoryDelete = false } = options
 
     try {
       // Allow agent dirs (for local skills) AND SOURCE_DIR (for symlinked skills).
       // validatePath calls realpathSync, which follows the symlink to its source
       // in ~/.agents/skills/. Without SOURCE_DIR in the allowed bases, every
       // symlinked-skill unlink fails with "Path traversal attempt detected".
       validatePath(linkPath, getAllowedBases())
-      const stats = await fs.lstat(linkPath)
-      // Discriminate on file-stat kind: symlink → unlink, directory → rm -rf
-      // (destructive is OK here because the single-unlink handler has its own
-      // confirmation UX in the renderer), else → refuse.
-      const unlinkResult = await match({
-        isSymlink: stats.isSymbolicLink(),
-        isDirectory: stats.isDirectory(),
-      })
-        .with({ isSymlink: true }, async () => {
-          await fs.unlink(linkPath)
-          return { success: true } as const
-        })
-        .with({ isSymlink: false, isDirectory: true }, async () => {
-          await fs.rm(linkPath, { recursive: true, force: true })
-          return { success: true } as const
-        })
-        .otherwise(async () => ({
-          success: false as const,
-          error: 'Cannot remove: path is neither a symlink nor a directory',
-        }))
+      let stats: Stats
+      try {
+        stats = await fs.lstat(linkPath)
+      } catch (error) {
+        if (errorCode(error) === 'ENOENT') {
+          // Already gone — match bulk unlink's idempotent no-op behavior.
+          return { success: true }
+        }
+        throw error
+      }
+
+      if (stats.isDirectory() && !stats.isSymbolicLink()) {
+        if (!confirmedLocalDirectoryDelete) {
+          return {
+            success: false,
+            error:
+              'Refusing to delete a local skill without explicit confirmation.',
+          }
+        }
+
+        // Local skill deletion arrives from UnlinkDialog's destructive confirm
+        // action. Move to OS Trash instead of recursively deleting bytes so a
+        // mistaken confirmation is still recoverable at the filesystem level.
+        await shell.trashItem(linkPath)
+        return { success: true }
+      }
 
-      return unlinkResult
+      return await removeLinkPathByKind(linkPath, stats)
     } catch (error) {
       return { success: false, error: extractErrorMessage(error) }
     }