fix(cli): reject managed-global -g operations on the local CLI

The local CLI never had a vite-plus-managed package store. Routing
`vp install/add/remove/update -g` and `vp pm list -g` through the shared
`vite_pm_cli::dispatch` either silently ran the project flow (creating a
fresh package.json on `vp install -g foo` in an empty directory),
silently dropped flags like `--node` and `--dry-run`, or in the
codex-flagged Update case mutated the user's local package.json /
lockfile when they meant to update a global install.

Add a one-shot rejection in the local CLI binding, scoped to exactly
the cases the global CLI's `run_package_manager_command` specially
handles (Install/Add/Remove/Update with `global=true`, plus
`Pm::List -g`). Pass-through `-g` cases that already work the same on
both CLIs (`outdated -g`, `why -g`, `pm config get -g`, etc.) are left
alone — `is_managed_global()` returns `false` for them.

- `crates/vite_pm_cli/src/cli.rs`: new `PackageManagerCommand::is_managed_global`
  helper. Shared crate stays semantically neutral; the binding decides
  rejection.
- `packages/cli/binding/src/cli/mod.rs`: precheck in `execute_pm_command`
  returns a friendly error pointing the user at https://viteplus.dev/guide/
  before calling `dispatch`. Exit 1 via the binding's existing JS error path.
- `crates/vite_pm_cli/src/dispatch.rs`: drop the now-dead `--dry-run`
  rejection on Remove. Clap requires `--dry-run` alongside `-g`, the
  binding rejects `-g` first, and the global CLI intercepts `-g` before
  dispatch — so this arm only ever sees `dry_run: false`.
- `crates/vite_pm_cli/src/handlers.rs`: revert the `if options.global`
  branches in `run_add` / `run_remove` for the same reason; they're
  unreachable now.
- `packages/cli/snap-tests/command-pm-global-rejected/`: new local-only
  fixture that exercises every rejected case (install/add/remove/update
  -g, with --node and --dry-run combinations, plus pm ls -g).
- `packages/cli/snap-tests/command-remove-pnpm10/snap.txt`: regenerated
  with the new full-rejection wording in place of the old dispatcher-side
  --dry-run-only message.

snap-tests-global/ unchanged: the global CLI still hits its
managed-install path before reaching the binding rejection.

Verified end-to-end on the local CLI in an empty /tmp dir:
- `vp install -g foo`, `vp add -g foo --node 20`, `vp remove -g foo`,
  `vp remove -g --dry-run foo`, `vp update -g [foo]`, `vp pm ls -g` all
  exit 1 with the new error and create no package.json.
- `vp pm config get -g registry` (pass-through) still works on both
  CLIs.
- `vp add lodash` (no -g) still creates a project and adds the dep.

Closes the second codex adversarial review's high/medium findings on
PR #1495.

Author: fengmk2

crates/vite_pm_cli/src/cli.rs

@@ -494,6 +494,22 @@ impl PackageManagerCommand {
         }
     }
 
+    /// Whether this invocation hits the vite-plus-managed-global flow on the
+    /// global CLI. The local CLI binding refuses these cases (it has no
+    /// managed package store of its own); pass-through `-g` cases like
+    /// `outdated -g`, `why -g`, and `pm config get -g` return `false` and
+    /// keep working on both CLIs.
+    pub fn is_managed_global(&self) -> bool {
+        match self {
+            Self::Install { global, .. }
+            | Self::Add { global, .. }
+            | Self::Remove { global, .. }
+            | Self::Update { global, .. } => *global,
+            Self::Pm(PmCommands::List { global, .. }) => *global,
+            _ => false,
+        }
+    }
+
     /// Determine the save dependency type from CLI flags shared by `Install` and `Add`.
     pub fn determine_save_dependency_type(
         save_dev: bool,

crates/vite_pm_cli/src/dispatch.rs

@@ -141,21 +141,14 @@ pub async fn dispatch(
             workspace_root,
             recursive,
             global,
-            dry_run,
+            // `--dry-run` is clap-required to coexist with `-g`, and `-g` is
+            // either intercepted by the global CLI's `run_package_manager_command`
+            // (managed flow) or rejected by the local CLI binding's
+            // `execute_pm_command`. Either way, this arm only sees `dry_run: false`.
+            dry_run: _,
             packages,
             pass_through_args,
         } => {
-            // `--dry-run` (which clap requires alongside `-g`) is honored by the
-            // global CLI's vite-plus-managed uninstall flow. The shared
-            // dispatcher reaches this arm only for non-managed paths
-            // (project-scoped removes, or local-CLI global removes), and the
-            // underlying `RemoveCommandOptions` has no preview field. Refuse
-            // rather than silently performing a real uninstall.
-            if dry_run {
-                return Err(Error::UserMessage(
-                    "`--dry-run` is only supported by the globally-installed `vp` CLI for managed packages. Run the command without `--dry-run` to actually remove the package.".into(),
-                ));
-            }
             let options = RemoveCommandOptions {
                 packages: &packages,
                 filters: filter.as_deref(),

crates/vite_pm_cli/src/handlers.rs

@@ -50,14 +50,8 @@ pub async fn run_add(
     cwd: &AbsolutePath,
     options: &AddCommandOptions<'_>,
 ) -> Result<ExitStatus, Error> {
-    let pm = if options.global {
-        // Global add doesn't need a project; fall back to npm if no package.json
-        // is present so the underlying PM still has a binary to dispatch to.
-        build_package_manager_or_npm_default(cwd).await?
-    } else {
-        ensure_package_json(cwd).await?;
-        PackageManager::builder(cwd).build_with_default().await?
-    };
+    ensure_package_json(cwd).await?;
+    let pm = PackageManager::builder(cwd).build_with_default().await?;
     Ok(pm.run_add_command(options, cwd).await?)
 }
 
@@ -74,13 +68,7 @@ pub async fn run_remove(
     cwd: &AbsolutePath,
     options: &RemoveCommandOptions<'_>,
 ) -> Result<ExitStatus, Error> {
-    let pm = if options.global {
-        // Global remove doesn't need a project; fall back to npm if no
-        // package.json is present.
-        build_package_manager_or_npm_default(cwd).await?
-    } else {
-        build_package_manager(cwd).await?
-    };
+    let pm = build_package_manager(cwd).await?;
     Ok(pm.run_remove_command(options, cwd).await?)
 }
 

packages/cli/binding/src/cli/mod.rs

@@ -198,6 +198,15 @@ async fn execute_pm_command(
     command: vite_pm_cli::PackageManagerCommand,
     cwd: &AbsolutePath,
 ) -> Result<ExitStatus, Error> {
+    // `-g`/`--global` operations on install/add/remove/update/`pm list` map to
+    // a vite-plus-managed package store on the global CLI; the local CLI has
+    // no such store, so refuse rather than silently doing the wrong thing
+    // (mutating the project, dropping `--node`, ignoring `--dry-run`, …).
+    if command.is_managed_global() {
+        return Err(Error::Anyhow(anyhow::anyhow!(
+            "Global package operations (`-g`/`--global`) are only supported by the globally-installed `vp` CLI. See https://viteplus.dev/guide/ to install it, then run the same command via the global `vp` binary.",
+        )));
+    }
     let status = vite_pm_cli::dispatch(cwd, command)
         .await
         .map_err(|e| Error::Anyhow(anyhow::Error::new(e)))?;

packages/cli/snap-tests/command-pm-global-rejected/package.json

@@ -0,0 +1,6 @@
+{
+  "name": "command-pm-global-rejected",
+  "version": "1.0.0",
+  "private": true,
+  "packageManager": "pnpm@10.15.1"
+}

packages/cli/snap-tests/command-pm-global-rejected/snap.txt

@@ -0,0 +1,26 @@
+[1]> vp install -g testnpm2 # rejected: managed install
+error: Global package operations (`-g`/`--global`) are only supported by the globally-installed `vp` CLI. See https://viteplus.dev/guide/ to install it, then run the same command via the global `vp` binary.
+
+[1]> vp install -g testnpm2 --node 20 # rejected: --node implicitly covered
+error: Global package operations (`-g`/`--global`) are only supported by the globally-installed `vp` CLI. See https://viteplus.dev/guide/ to install it, then run the same command via the global `vp` binary.
+
+[1]> vp add -g testnpm2 # rejected: managed add
+error: Global package operations (`-g`/`--global`) are only supported by the globally-installed `vp` CLI. See https://viteplus.dev/guide/ to install it, then run the same command via the global `vp` binary.
+
+[1]> vp add -g testnpm2 --node 20 # rejected: --node implicitly covered
+error: Global package operations (`-g`/`--global`) are only supported by the globally-installed `vp` CLI. See https://viteplus.dev/guide/ to install it, then run the same command via the global `vp` binary.
+
+[1]> vp remove -g testnpm2 # rejected: managed uninstall
+error: Global package operations (`-g`/`--global`) are only supported by the globally-installed `vp` CLI. See https://viteplus.dev/guide/ to install it, then run the same command via the global `vp` binary.
+
+[1]> vp remove -g --dry-run testnpm2 # rejected: --dry-run implicitly covered
+error: Global package operations (`-g`/`--global`) are only supported by the globally-installed `vp` CLI. See https://viteplus.dev/guide/ to install it, then run the same command via the global `vp` binary.
+
+[1]> vp update -g # rejected: managed update
+error: Global package operations (`-g`/`--global`) are only supported by the globally-installed `vp` CLI. See https://viteplus.dev/guide/ to install it, then run the same command via the global `vp` binary.
+
+[1]> vp update -g testnpm2 # rejected: managed update with package
+error: Global package operations (`-g`/`--global`) are only supported by the globally-installed `vp` CLI. See https://viteplus.dev/guide/ to install it, then run the same command via the global `vp` binary.
+
+[1]> vp pm ls -g # rejected: managed packages listing
+error: Global package operations (`-g`/`--global`) are only supported by the globally-installed `vp` CLI. See https://viteplus.dev/guide/ to install it, then run the same command via the global `vp` binary.

packages/cli/snap-tests/command-pm-global-rejected/steps.json

@@ -0,0 +1,13 @@
+{
+  "commands": [
+    "vp install -g testnpm2 # rejected: managed install",
+    "vp install -g testnpm2 --node 20 # rejected: --node implicitly covered",
+    "vp add -g testnpm2 # rejected: managed add",
+    "vp add -g testnpm2 --node 20 # rejected: --node implicitly covered",
+    "vp remove -g testnpm2 # rejected: managed uninstall",
+    "vp remove -g --dry-run testnpm2 # rejected: --dry-run implicitly covered",
+    "vp update -g # rejected: managed update",
+    "vp update -g testnpm2 # rejected: managed update with package",
+    "vp pm ls -g # rejected: managed packages listing"
+  ]
+}

packages/cli/snap-tests/command-remove-pnpm10/snap.txt

@@ -98,7 +98,7 @@ Done in <variable>ms using pnpm v<semver>
 }
 
 [1]> vp remove -g --dry-run testnpm2 && cat package.json # support remove global package with dry-run
-error: `--dry-run` is only supported by the globally-installed `vp` CLI for managed packages. Run the command without `--dry-run` to actually remove the package.
+error: Global package operations (`-g`/`--global`) are only supported by the globally-installed `vp` CLI. See https://viteplus.dev/guide/ to install it, then run the same command via the global `vp` binary.
 
 [2]> vp rm --stream foo && should show tips to use pass through arguments when options are not supported
 error: Unexpected argument '--stream'