@aexol/opencode-wizard 0.1.2 → 0.1.4

package/dist/server.js

@@ -0,0 +1,1788 @@
+import fs from 'node:fs/promises';
+import http from 'node:http';
+import path from 'node:path';
+import crypto from 'node:crypto';
+import { execFile } from 'node:child_process';
+import { promisify } from 'node:util';
+import { URL, fileURLToPath } from 'node:url';
+const execFileAsync = promisify(execFile);
+const MODULE_FILE_PATH = fileURLToPath(import.meta.url);
+const PACKAGE_ROOT_PATH = path.resolve(path.dirname(MODULE_FILE_PATH), '..');
+export const PLUGIN_ID = 'opencode-wizard';
+const CACHE_TTL_MS = 30_000;
+const ROOT_SKILL_SEED_PATH = '.opencode/skills';
+const AUTH_STATE_PATH = 'plugin/opencode-wizard/.generated/auth-state.json';
+const LOCAL_DEV_BACKEND_ORIGIN = 'http://localhost:8080';
+const PUBLISHED_BACKEND_ORIGIN = 'https://opencode-wizard.aexol.work';
+const OIDC_ISSUER = 'https://login.microsoftonline.com/86f4caf4-0d6f-4682-9a06-ea57f3e4e76c/v2.0';
+const OIDC_CLIENT_ID = 'da963901-2375-442b-9e99-14e59f43eda2';
+const OIDC_CALLBACK_ORIGIN = 'http://localhost:24953';
+const OIDC_CALLBACK_PATH = '/oauth/callback';
+const OIDC_CALLBACK_URL = `${OIDC_CALLBACK_ORIGIN}${OIDC_CALLBACK_PATH}`;
+const OIDC_SCOPES = ['openid', 'profile', 'email'];
+const LOGIN_TIMEOUT_MS = 5 * 60_000;
+const SYSTEM_NOTE_SKILL_NAME_LIMIT = 10;
+const SYSTEM_NOTE_DETAIL_LIMIT = 3;
+const SYSTEM_NOTE_DETAIL_CHAR_LIMIT = 2_400;
+const SYSTEM_NOTE_SKILL_DESCRIPTION_LIMIT = 140;
+const PRESENCE_EVENT_TIMEOUT_MS = 3_000;
+const PRESENCE_EVENT_MAX_ATTEMPTS = 2;
+const PRESENCE_EVENT_RETRY_DELAY_MS = 250;
+const PRESENCE_SHUTDOWN_SIGNALS = ['SIGINT', 'SIGTERM', 'SIGHUP'];
+const PRESENCE_SIGNAL_EXIT_CODES = {
+  SIGINT: 130,
+  SIGTERM: 143,
+  SIGHUP: 129
+};
+const createIdleLoginBootstrapSnapshot = () => ({
+  status: 'idle',
+  trigger: null,
+  startedAt: null,
+  expiresAt: null,
+  browserUrl: null,
+  browserOpenError: null,
+  email: null,
+  message: null
+});
+const importOpencodePluginModule = new Function('specifier', 'return import(specifier)');
+export const AVAILABLE_PUBLISHED_SKILL_TOOLS = ['opencode_wizard_published_skills_fetch'];
+export const NATIVE_SKILLS_URL_COMPATIBILITY = {
+  configKey: 'skills.urls',
+  deliveryMode: 'public_static_registry',
+  wizardPrivateDelivery: 'authenticated_scoped_fetch_tool',
+  authSupport: 'none',
+  guidance: 'OpenCode skills.urls is for public/static registries and complements opencode-wizard; private workspace-scoped skills stay available through the authenticated fetch tool only.'
+};
+const PUBLISHED_SKILLS_CATALOG_QUERY = `
+  query PluginPublishedSkills($input: PublishedSkillsDeliveryInput!) {
+    pluginPublishedSkills(input: $input) {
+      workspace {
+        id
+        slug
+        name
+        repositoryUrl
+        defaultBranch
+        status
+      }
+      directoryPath
+      skills {
+        assignmentSource
+        assignmentType
+        scopePath
+        includeChildren
+        skill {
+          id
+          slug
+          name
+          summary
+          whenToUse
+          status
+          installPolicy
+          tags {
+            id
+            slug
+            label
+            description
+            facet {
+              id
+              slug
+              label
+              description
+            }
+          }
+        }
+        skillVersion {
+          id
+          version
+          title
+          summary
+          status
+        }
+        publishedArtifact {
+          id
+          frontmatterName
+          frontmatterDescription
+          checksum
+          publishedAt
+        }
+      }
+    }
+  }
+`;
+const PUBLISHED_SKILL_DETAIL_QUERY = `
+  query PluginPublishedSkillVersionArtifact($input: PublishedSkillArtifactDetailInput!) {
+    pluginPublishedSkillVersionArtifact(input: $input) {
+      id
+      frontmatterName
+      frontmatterDescription
+      markdownBody
+      renderedContent
+      checksum
+      publishedAt
+    }
+  }
+`;
+const parseDotEnvValue = value => {
+  const trimmedValue = value.trim();
+  if (trimmedValue.startsWith('"') && trimmedValue.endsWith('"') || trimmedValue.startsWith("'") && trimmedValue.endsWith("'")) {
+    return trimmedValue.slice(1, -1);
+  }
+  return trimmedValue;
+};
+const parseDotEnv = raw => {
+  const values = new Map();
+  for (const line of raw.split(/\r?\n/u)) {
+    const trimmedLine = line.trim();
+    if (!trimmedLine || trimmedLine.startsWith('#')) continue;
+    const separatorIndex = trimmedLine.indexOf('=');
+    if (separatorIndex <= 0) continue;
+    const key = trimmedLine.slice(0, separatorIndex).trim();
+    if (!key) continue;
+    const rawValue = trimmedLine.slice(separatorIndex + 1);
+    values.set(key, parseDotEnvValue(rawValue));
+  }
+  return values;
+};
+const findUpwardFile = async (startDirectory, fileName) => {
+  let currentDirectory = normalizeAbsolutePath(startDirectory);
+  while (true) {
+    const candidatePath = path.join(currentDirectory, fileName);
+    try {
+      await fs.access(candidatePath);
+      return candidatePath;
+    } catch {
+      const parentDirectory = path.dirname(currentDirectory);
+      if (parentDirectory === currentDirectory) return null;
+      currentDirectory = parentDirectory;
+    }
+  }
+};
+const readLocalEnvValues = async startDirectory => {
+  const envPath = await findUpwardFile(startDirectory, '.env');
+  if (!envPath) return new Map();
+  try {
+    const raw = await fs.readFile(envPath, 'utf8');
+    return parseDotEnv(raw);
+  } catch {
+    return new Map();
+  }
+};
+const isLocalModulePathExecution = async () => {
+  const localDevSentinelPaths = [path.join(PACKAGE_ROOT_PATH, 'src', 'server.ts'), path.join(PACKAGE_ROOT_PATH, 'tsconfig.json')];
+  for (const sentinelPath of localDevSentinelPaths) {
+    try {
+      await fs.access(sentinelPath);
+      return true;
+    } catch {
+      continue;
+    }
+  }
+  return false;
+};
+const normalizeBackendOrigin = value => {
+  if (!value) return null;
+  try {
+    const normalizedUrl = new URL(value);
+    return normalizedUrl.origin;
+  } catch {
+    return null;
+  }
+};
+const resolveBackendOrigin = async worktree => {
+  const envValues = await readLocalEnvValues(worktree);
+  const configuredPort = envValues.get('PORT') ?? process.env.PORT;
+  const normalizedPort = configuredPort ? Number.parseInt(configuredPort, 10) : Number.NaN;
+  if (Number.isInteger(normalizedPort) && normalizedPort >= 1 && normalizedPort <= 65535) {
+    return `http://localhost:${normalizedPort}`;
+  }
+  const configuredAppUrl = normalizeBackendOrigin(envValues.get('APP_URL')) ?? normalizeBackendOrigin(process.env.APP_URL);
+  if (configuredAppUrl) return configuredAppUrl;
+  if (await isLocalModulePathExecution()) return LOCAL_DEV_BACKEND_ORIGIN;
+  return PUBLISHED_BACKEND_ORIGIN;
+};
+const toWorkspaceSlug = value => {
+  const normalized = value.trim().toLowerCase().replace(/[^a-z0-9-]+/gu, '-').replace(/^-+|-+$/gu, '');
+  if (normalized) return normalized;
+  return 'workspace';
+};
+const resolveFallbackWorkspaceSlug = worktree => {
+  const configuredWorkspaceSlug = process.env.OPENCODE_WIZARD_SKILLS_WORKSPACE_SLUG?.trim();
+  if (configuredWorkspaceSlug) return toWorkspaceSlug(configuredWorkspaceSlug);
+  return toWorkspaceSlug(path.basename(path.resolve(worktree)));
+};
+export const resolveConfig = async worktree => {
+  const backendOrigin = await resolveBackendOrigin(worktree);
+  return {
+    backendOrigin,
+    graphqlUrl: `${backendOrigin}/graphql`,
+    authSessionUrl: `${backendOrigin}/api/opencode-plugin/oauth/session`,
+    presenceUrl: `${backendOrigin}/api/opencode-plugin/presence`,
+    actionsUrl: `${backendOrigin}/api/opencode-plugin/actions`,
+    fallbackWorkspaceSlug: resolveFallbackWorkspaceSlug(worktree),
+    rootSkillSeedPath: ROOT_SKILL_SEED_PATH,
+    authStatePath: AUTH_STATE_PATH
+  };
+};
+const normalizeAbsolutePath = value => path.resolve(value);
+const normalizeRepositoryPath = (worktree, directory) => {
+  const absoluteWorktree = normalizeAbsolutePath(worktree);
+  const absoluteDirectory = normalizeAbsolutePath(directory);
+  const relativePath = path.relative(absoluteWorktree, absoluteDirectory);
+  if (!relativePath || relativePath === '') return '.';
+  if (relativePath.startsWith('..') || path.isAbsolute(relativePath)) return '.';
+  return relativePath.split(path.sep).join('/');
+};
+const tryExecGit = async args => {
+  try {
+    const {
+      stdout
+    } = await execFileAsync('git', args, {
+      encoding: 'utf8'
+    });
+    const normalizedOutput = stdout.trim();
+    if (normalizedOutput) return normalizedOutput;
+    return null;
+  } catch {
+    return null;
+  }
+};
+const resolveGitRoot = async directory => {
+  const gitRoot = await tryExecGit(['-C', directory, 'rev-parse', '--show-toplevel']);
+  if (!gitRoot) return null;
+  return normalizeAbsolutePath(gitRoot);
+};
+const normalizeGitRemoteUrl = remoteUrl => {
+  if (!remoteUrl) return null;
+  const trimmedRemoteUrl = remoteUrl.trim();
+  if (!trimmedRemoteUrl) return null;
+  const scpLikeMatch = /^git@([^:]+):(.+)$/u.exec(trimmedRemoteUrl);
+  if (scpLikeMatch) {
+    return `ssh://git@${scpLikeMatch[1]}/${scpLikeMatch[2].replace(/^\/+/, '')}`;
+  }
+  try {
+    const parsedUrl = new URL(trimmedRemoteUrl);
+    return parsedUrl.toString().replace(/\/+$/u, '');
+  } catch {
+    return null;
+  }
+};
+const resolveGitRemoteOriginUrl = async repositoryRoot => {
+  const remoteUrl = await tryExecGit(['-C', repositoryRoot, 'remote', 'get-url', 'origin']);
+  return normalizeGitRemoteUrl(remoteUrl);
+};
+const resolveWorkspace = async ({
+  config,
+  directory
+}) => {
+  const requestedDirectory = normalizeAbsolutePath(directory);
+  const gitRoot = await resolveGitRoot(requestedDirectory);
+  const repositoryRoot = gitRoot ?? requestedDirectory;
+  const repositoryUrl = gitRoot ? await resolveGitRemoteOriginUrl(gitRoot) : null;
+  const fallbackWorkspaceSlug = config.fallbackWorkspaceSlug;
+  const directoryPath = normalizeRepositoryPath(repositoryRoot, requestedDirectory);
+  const workspaceIdentity = `workspaceSlug:${fallbackWorkspaceSlug}`;
+  return {
+    requestedDirectory,
+    repositoryRoot,
+    repositoryUrl,
+    fallbackWorkspaceSlug,
+    directoryPath,
+    cacheKey: JSON.stringify([workspaceIdentity, directoryPath])
+  };
+};
+const toDeliveryInput = resolution => {
+  if (resolution.fallbackWorkspaceSlug) {
+    return {
+      workspaceSlug: resolution.fallbackWorkspaceSlug,
+      directoryPath: resolution.directoryPath
+    };
+  }
+  if (resolution.repositoryUrl) {
+    return {
+      repositoryUrl: resolution.repositoryUrl,
+      directoryPath: resolution.directoryPath
+    };
+  }
+  return {
+    workspaceSlug: 'workspace',
+    directoryPath: resolution.directoryPath
+  };
+};
+const formatSkillLabel = item => {
+  const artifactName = item.publishedArtifact.frontmatterName.trim();
+  if (artifactName.length > 0) return artifactName;
+  return item.skill.name;
+};
+const toFrontmatterString = value => JSON.stringify(value);
+const readJsonFile = async filePath => {
+  try {
+    const raw = await fs.readFile(filePath, 'utf8');
+    const parsed = JSON.parse(raw);
+    return parsed;
+  } catch {
+    return null;
+  }
+};
+const writeJsonFile = async (filePath, value) => {
+  await fs.mkdir(path.dirname(filePath), {
+    recursive: true
+  });
+  await fs.writeFile(filePath, `${JSON.stringify(value, null, 2)}\n`, 'utf8');
+};
+const deleteFileIfExists = async filePath => {
+  await fs.rm(filePath, {
+    force: true
+  });
+};
+const isRecord = value => {
+  return typeof value === 'object' && value !== null && !Array.isArray(value);
+};
+const isValidIsoDateString = value => {
+  return typeof value === 'string' && Number.isFinite(Date.parse(value));
+};
+const isAuthState = value => {
+  if (!isRecord(value)) return false;
+  return value.pluginId === PLUGIN_ID && typeof value.sessionToken === 'string' && isValidIsoDateString(value.expiresAt) && isValidIsoDateString(value.authenticatedAt) && typeof value.userId === 'string' && typeof value.email === 'string';
+};
+const readAuthState = async authStateFile => {
+  const storedAuthState = await readJsonFile(authStateFile);
+  if (storedAuthState === null) return null;
+  if (isAuthState(storedAuthState)) return storedAuthState;
+  await deleteFileIfExists(authStateFile);
+  return null;
+};
+const writeAuthState = async (authStateFile, authState) => {
+  await writeJsonFile(authStateFile, authState);
+};
+const toAuthState = session => ({
+  pluginId: PLUGIN_ID,
+  sessionToken: session.jwtToken,
+  expiresAt: session.expiresAt,
+  authenticatedAt: new Date().toISOString(),
+  userId: session.user.id,
+  email: session.user.email
+});
+const resolveStoredAuthState = async (worktree, config) => {
+  const authStateFile = path.resolve(worktree, config.authStatePath);
+  const authState = await readAuthState(authStateFile);
+  if (!authState) {
+    return null;
+  }
+  if (Date.parse(authState.expiresAt) > Date.now()) {
+    return authState;
+  }
+  await deleteFileIfExists(authStateFile);
+  return null;
+};
+export const buildSkillMarkdown = item => {
+  const artifactBody = item.publishedArtifact.markdownBody.trim();
+  const fallbackBody = item.publishedArtifact.renderedContent.trim();
+  const body = artifactBody || fallbackBody;
+  if (body.startsWith('---')) {
+    return body.endsWith('\n') ? body : `${body}\n`;
+  }
+  const name = formatSkillLabel(item);
+  const description = item.publishedArtifact.frontmatterDescription.trim() || item.skill.summary?.trim() || '';
+  const frontmatter = ['---', `name: ${toFrontmatterString(name)}`, `description: ${toFrontmatterString(description)}`, '---'].join('\n');
+  if (!body) {
+    return `${frontmatter}\n`;
+  }
+  return `${frontmatter}\n\n${body.endsWith('\n') ? body : `${body}\n`}`;
+};
+const getSkillIdentifiers = item => {
+  const candidates = [item.skill.slug, item.publishedArtifact.frontmatterName, item.skill.name];
+  const seen = new Set();
+  return candidates.reduce((all, candidate) => {
+    const normalized = candidate.trim();
+    if (!normalized) return all;
+    const cacheKey = normalized.toLowerCase();
+    if (seen.has(cacheKey)) return all;
+    seen.add(cacheKey);
+    all.push(normalized);
+    return all;
+  }, []);
+};
+const toPublishedSkillFacetSummary = facet => ({
+  slug: facet.slug,
+  label: facet.label,
+  description: facet.description ?? null
+});
+const toPublishedSkillTagSummary = tag => ({
+  slug: tag.slug,
+  label: tag.label,
+  description: tag.description ?? null,
+  facet: tag.facet ? toPublishedSkillFacetSummary(tag.facet) : null
+});
+const getPublishedSkillFacets = items => {
+  const facetsBySlug = new Map();
+  for (const item of items) {
+    for (const tag of item.skill.tags) {
+      if (!tag.facet) continue;
+      if (facetsBySlug.has(tag.facet.slug)) continue;
+      facetsBySlug.set(tag.facet.slug, toPublishedSkillFacetSummary(tag.facet));
+    }
+  }
+  return [...facetsBySlug.values()].sort((left, right) => left.slug.localeCompare(right.slug));
+};
+const getPublishedSkillAssignmentCounts = items => items.reduce((counts, item) => {
+  if (item.assignmentSource === 'GLOBAL') {
+    return {
+      ...counts,
+      global: counts.global + 1
+    };
+  }
+  if (item.assignmentSource === 'WORKSPACE') {
+    return {
+      ...counts,
+      project: counts.project + 1
+    };
+  }
+  return {
+    ...counts,
+    other: counts.other + 1
+  };
+}, {
+  global: 0,
+  project: 0,
+  other: 0
+});
+const getSkillContextKind = item => {
+  if (item.assignmentSource === 'GLOBAL') return 'global';
+  return 'project';
+};
+const getSkillPolicyLabel = (policy, contextKind) => {
+  if (policy === 'GLOBAL_CONTEXT') return 'GLOBAL_CONTEXT · active context only, not project-installable';
+  if (contextKind === 'global') return 'PROJECT_INSTALLABLE · active global assignment';
+  return 'PROJECT_INSTALLABLE · active project/workspace assignment';
+};
+const toPublishedSkillSummary = item => {
+  const contextKind = getSkillContextKind(item);
+  return {
+    skillSlug: item.skill.slug,
+    skillName: item.skill.name,
+    artifactName: item.publishedArtifact.frontmatterName,
+    artifactDescription: item.publishedArtifact.frontmatterDescription,
+    whenToUse: item.skill.whenToUse ?? null,
+    version: item.skillVersion.version,
+    assignmentSource: item.assignmentSource,
+    assignmentType: item.assignmentType,
+    scopePath: item.scopePath,
+    includeChildren: item.includeChildren ?? null,
+    checksum: item.publishedArtifact.checksum,
+    publishedAt: item.publishedArtifact.publishedAt,
+    identifiers: getSkillIdentifiers(item),
+    tags: item.skill.tags.map(toPublishedSkillTagSummary),
+    contextKind,
+    installPolicy: item.skill.installPolicy,
+    policyLabel: getSkillPolicyLabel(item.skill.installPolicy, contextKind)
+  };
+};
+export const toPublishedSkillDetail = item => ({
+  ...toPublishedSkillSummary(item),
+  skillId: item.skill.id,
+  skillVersionId: item.skillVersion.id,
+  artifactId: item.publishedArtifact.id,
+  markdownDocument: buildSkillMarkdown(item),
+  markdownBody: item.publishedArtifact.markdownBody,
+  renderedContent: item.publishedArtifact.renderedContent
+});
+export const toPublishedSkillCatalog = payload => ({
+  pluginId: PLUGIN_ID,
+  runtimeMode: 'tool_fetch_only',
+  deliveryModel: 'backend_published_global_project_assignments',
+  workspace: payload.workspace,
+  directoryPath: payload.directoryPath,
+  rootSkillSeedPath: ROOT_SKILL_SEED_PATH,
+  availableTools: AVAILABLE_PUBLISHED_SKILL_TOOLS,
+  publishedSkillCount: payload.skills.length,
+  assignmentCounts: getPublishedSkillAssignmentCounts(payload.skills),
+  facets: getPublishedSkillFacets(payload.skills),
+  skills: payload.skills.map(toPublishedSkillSummary)
+});
+const normalizeSkillIdentifier = value => value.trim().toLowerCase();
+const parseSkillIdentifiers = value => {
+  const seen = new Set();
+  return value.split(/[\n,]/).map(item => item.trim()).filter(item => item.length > 0).filter(item => {
+    const normalized = normalizeSkillIdentifier(item);
+    if (seen.has(normalized)) return false;
+    seen.add(normalized);
+    return true;
+  });
+};
+const mergeSkillIdentifiers = values => {
+  const seen = new Set();
+  return values.filter(value => {
+    const normalized = normalizeSkillIdentifier(value);
+    if (!normalized || seen.has(normalized)) return false;
+    seen.add(normalized);
+    return true;
+  });
+};
+const parseRequestedSkillArgs = args => {
+  const requestedSkills = [];
+  if (typeof args.skill === 'string') {
+    const normalizedSkill = args.skill.trim();
+    if (normalizedSkill) requestedSkills.push(normalizedSkill);
+  }
+  if (typeof args.skills === 'string') {
+    requestedSkills.push(...parseSkillIdentifiers(args.skills));
+  }
+  return mergeSkillIdentifiers(requestedSkills);
+};
+export const selectPublishedSkills = (payload, identifiers) => {
+  const itemsByIdentifier = new Map();
+  for (const item of payload.skills) {
+    for (const identifier of getSkillIdentifiers(item)) {
+      itemsByIdentifier.set(normalizeSkillIdentifier(identifier), item);
+    }
+  }
+  const selectedItems = [];
+  const selectedKeys = new Set();
+  const missingIdentifiers = [];
+  for (const identifier of identifiers) {
+    const matched = itemsByIdentifier.get(normalizeSkillIdentifier(identifier));
+    if (!matched) {
+      missingIdentifiers.push(identifier);
+      continue;
+    }
+    if (selectedKeys.has(matched.publishedArtifact.id)) {
+      continue;
+    }
+    selectedKeys.add(matched.publishedArtifact.id);
+    selectedItems.push(matched);
+  }
+  return {
+    selectedItems,
+    missingIdentifiers
+  };
+};
+const truncateText = (value, maxLength) => {
+  const normalized = value.replace(/\s+/gu, ' ').trim();
+  if (normalized.length <= maxLength) return normalized;
+  return `${normalized.slice(0, Math.max(maxLength - 1, 0)).trimEnd()}…`;
+};
+const buildSkillCatalogLine = skill => {
+  const description = truncateText(skill.whenToUse || skill.artifactDescription || skill.skillName || skill.skillSlug, SYSTEM_NOTE_SKILL_DESCRIPTION_LIMIT);
+  return `- ${skill.artifactName || skill.skillName} (${skill.skillSlug}, ${skill.contextKind.toUpperCase()}): ${description}`;
+};
+const buildSkillDetailSnippetLine = detail => {
+  const body = detail.markdownBody || detail.renderedContent || detail.markdownDocument;
+  return `- ${detail.artifactName || detail.skillName}: ${truncateText(body, 700)}`;
+};
+const buildSystemNote = (result, config, details) => {
+  if (!result.fetchResult.ok) return null;
+  const catalog = toPublishedSkillCatalog(result.fetchResult.payload);
+  const skillNames = catalog.skills.map(skill => skill.artifactName || skill.skillName || skill.skillSlug);
+  const renderedSkillNames = skillNames.length > 0 ? skillNames.slice(0, SYSTEM_NOTE_SKILL_NAME_LIMIT).join(', ') : 'none';
+  const remainingCount = Math.max(skillNames.length - SYSTEM_NOTE_SKILL_NAME_LIMIT, 0);
+  const renderedCountSuffix = remainingCount > 0 ? ` (+${remainingCount} more)` : '';
+  const globalSkills = catalog.skills.filter(skill => skill.contextKind === 'global').slice(0, 8).map(buildSkillCatalogLine);
+  const projectSkills = catalog.skills.filter(skill => skill.contextKind === 'project').slice(0, 5).map(buildSkillCatalogLine);
+  const detailLines = details.slice(0, SYSTEM_NOTE_DETAIL_LIMIT).map(buildSkillDetailSnippetLine);
+  const detailBlock = detailLines.length > 0 ? ` Loaded body snippets (capped):\n${truncateText(detailLines.join('\n'), SYSTEM_NOTE_DETAIL_CHAR_LIMIT)}` : '';
+  return [`opencode-wizard published skills are available from backend runtime delivery for workspace ${result.fetchResult.payload.workspace.slug}.`, `Current directory: ${result.directoryPath}.`, `Published skills for this scope: ${renderedSkillNames}${renderedCountSuffix}; counts: ${catalog.assignmentCounts.global} global, ${catalog.assignmentCounts.project} project, ${catalog.assignmentCounts.other} other.`, 'Catalog lines use short whenToUse guidance when available; fetch the full skill only when that guidance matches the task.', 'GLOBAL_CONTEXT skills are active context skills and are not project-installable; PROJECT_INSTALLABLE skills can be assigned globally or to project/workspace scopes; assignment rows decide which skills are active here.', globalSkills.length > 0 ? `Global context skills:\n${globalSkills.join('\n')}` : 'Global context skills: none.', projectSkills.length > 0 ? `Project-scoped active skills:\n${projectSkills.join('\n')}` : 'Project-scoped active skills: none.', detailBlock, 'Use opencode_wizard_published_skills_fetch for one or multiple skills.', `Root source seed path remains non-runtime input only: ${config.rootSkillSeedPath}/**.`].filter(line => line.length > 0).join(' ');
+};
+const toWorkspaceResolutionOutput = resolution => ({
+  requestedDirectory: resolution.requestedDirectory,
+  repositoryRoot: resolution.repositoryRoot,
+  repositoryUrl: resolution.repositoryUrl,
+  fallbackWorkspaceSlug: resolution.fallbackWorkspaceSlug,
+  directoryPath: resolution.directoryPath
+});
+const toWorkspaceResolutionMetadata = resolution => ({
+  directoryPath: resolution.directoryPath,
+  repositoryRoot: resolution.repositoryRoot,
+  repositoryUrl: resolution.repositoryUrl ?? '',
+  fallbackWorkspaceSlug: resolution.fallbackWorkspaceSlug ?? ''
+});
+const formatStatusOutput = async (worktree, config, publishedSkillsResult, loginBootstrapSnapshot) => {
+  const authState = await resolveStoredAuthState(worktree, config);
+  const base = {
+    pluginId: PLUGIN_ID,
+    runtimeMode: 'tool_fetch_only',
+    nativeSkillsUrlCompatibility: NATIVE_SKILLS_URL_COMPATIBILITY,
+    backendOrigin: config.backendOrigin,
+    graphqlUrl: config.graphqlUrl,
+    fallbackWorkspaceSlug: config.fallbackWorkspaceSlug,
+    workspaceResolution: toWorkspaceResolutionOutput(publishedSkillsResult.workspaceResolution),
+    rootSkillSeedPath: config.rootSkillSeedPath,
+    authStatePath: config.authStatePath,
+    requestedDirectoryPath: publishedSkillsResult.directoryPath,
+    authMode: publishedSkillsResult.fetchResult.authMode,
+    authState: authState === null ? null : {
+      email: authState.email,
+      userId: authState.userId,
+      authenticatedAt: authState.authenticatedAt,
+      expiresAt: authState.expiresAt
+    },
+    loginBootstrap: loginBootstrapSnapshot.status === 'idle' ? null : {
+      status: loginBootstrapSnapshot.status,
+      trigger: loginBootstrapSnapshot.trigger,
+      startedAt: loginBootstrapSnapshot.startedAt,
+      expiresAt: loginBootstrapSnapshot.expiresAt,
+      browserUrl: loginBootstrapSnapshot.browserUrl,
+      browserOpenError: loginBootstrapSnapshot.browserOpenError,
+      email: loginBootstrapSnapshot.email,
+      message: loginBootstrapSnapshot.message
+    },
+    status: publishedSkillsResult.fetchResult.status,
+    fetchedAt: publishedSkillsResult.fetchResult.fetchedAt,
+    source: publishedSkillsResult.fetchResult.source,
+    availableTools: AVAILABLE_PUBLISHED_SKILL_TOOLS
+  };
+  if (!publishedSkillsResult.fetchResult.ok) {
+    return JSON.stringify({
+      ...base,
+      message: publishedSkillsResult.fetchResult.message
+    }, null, 2);
+  }
+  return JSON.stringify({
+    ...base,
+    ...toPublishedSkillCatalog(publishedSkillsResult.fetchResult.payload)
+  }, null, 2);
+};
+export const toPluginAuthStateSummary = authState => {
+  if (!authState) {
+    return {
+      status: 'missing',
+      email: null,
+      userId: null,
+      authenticatedAt: null,
+      expiresAt: null
+    };
+  }
+  return {
+    status: 'authenticated',
+    email: authState.email,
+    userId: authState.userId,
+    authenticatedAt: authState.authenticatedAt,
+    expiresAt: authState.expiresAt
+  };
+};
+export const resolvePluginStatusSnapshot = async ({
+  worktree,
+  directory,
+  signal
+}) => {
+  const config = await resolveConfig(worktree);
+  const workspaceResolution = await resolveWorkspace({
+    config,
+    directory
+  });
+  const [authState, fetchResult] = await Promise.all([resolveStoredAuthState(worktree, config), fetchPublishedSkillsCatalog(worktree, config, workspaceResolution, signal)]);
+  return {
+    pluginId: PLUGIN_ID,
+    runtimeMode: 'tool_fetch_only',
+    nativeSkillsUrlCompatibility: NATIVE_SKILLS_URL_COMPATIBILITY,
+    backendOrigin: config.backendOrigin,
+    graphqlUrl: config.graphqlUrl,
+    fallbackWorkspaceSlug: config.fallbackWorkspaceSlug,
+    workspaceResolution: toWorkspaceResolutionOutput(workspaceResolution),
+    rootSkillSeedPath: config.rootSkillSeedPath,
+    authStatePath: config.authStatePath,
+    authState: toPluginAuthStateSummary(authState),
+    status: fetchResult.status,
+    authMode: fetchResult.authMode,
+    fetchedAt: fetchResult.fetchedAt,
+    source: fetchResult.source,
+    availableTools: AVAILABLE_PUBLISHED_SKILL_TOOLS,
+    message: fetchResult.ok ? null : fetchResult.message,
+    catalog: fetchResult.ok ? toPublishedSkillCatalog(fetchResult.payload) : null
+  };
+};
+const isUnauthorizedGraphQlMessage = message => {
+  const normalizedMessage = message.toLowerCase();
+  return normalizedMessage.includes('not authorized') || normalizedMessage.includes('unauthorized');
+};
+const createRandomBase64Url = bytes => {
+  return crypto.randomBytes(bytes).toString('base64url');
+};
+const createCodeChallenge = codeVerifier => {
+  return crypto.createHash('sha256').update(codeVerifier).digest('base64url');
+};
+const getMessageFromUnknownPayload = value => {
+  if (!value || typeof value !== 'object') return null;
+  const candidate = 'message' in value ? value.message : null;
+  return typeof candidate === 'string' ? candidate : null;
+};
+const wait = async milliseconds => {
+  await new Promise(resolve => {
+    setTimeout(resolve, milliseconds);
+  });
+};
+const shouldRetryPresenceEvent = status => {
+  return status === 408 || status === 429 || status >= 500;
+};
+const fetchOidcDiscoveryDocument = async signal => {
+  const discoveryUrl = `${OIDC_ISSUER.replace(/\/+$/, '')}/.well-known/openid-configuration`;
+  const response = await fetch(discoveryUrl, {
+    method: 'GET',
+    signal
+  });
+  if (!response.ok) {
+    throw new Error(`OIDC discovery failed with HTTP ${response.status}.`);
+  }
+  return await response.json();
+};
+const sendHtmlResponse = (response, statusCode, title, message) => {
+  response.writeHead(statusCode, {
+    'content-type': 'text/html; charset=utf-8',
+    'cache-control': 'no-store'
+  });
+  response.end(`<!doctype html><html><head><meta charset="utf-8"><title>${title}</title></head><body><h1>${title}</h1><p>${message}</p><p>You can close this window and return to OpenCode.</p></body></html>`);
+};
+const startLocalCallbackServer = async ({
+  expectedState,
+  signal
+}) => {
+  let settled = false;
+  let resolvePayload = () => undefined;
+  let rejectPayload = () => undefined;
+  const callbackPromise = new Promise((resolve, reject) => {
+    resolvePayload = resolve;
+    rejectPayload = reject;
+  });
+  const finalize = payload => {
+    if (settled) return;
+    settled = true;
+    resolvePayload(payload);
+  };
+  const fail = reason => {
+    if (settled) return;
+    settled = true;
+    rejectPayload(reason);
+  };
+  const server = http.createServer((request, response) => {
+    const requestUrl = new URL(request.url ?? '/', OIDC_CALLBACK_ORIGIN);
+    if (requestUrl.pathname !== OIDC_CALLBACK_PATH) {
+      sendHtmlResponse(response, 404, 'opencode-wizard plugin login', 'Unknown callback path.');
+      return;
+    }
+    const error = requestUrl.searchParams.get('error');
+    const errorDescription = requestUrl.searchParams.get('error_description');
+    if (error) {
+      const message = errorDescription ?? error;
+      sendHtmlResponse(response, 400, 'opencode-wizard plugin login failed', message);
+      finalize({
+        status: 'error',
+        message
+      });
+      return;
+    }
+    const state = requestUrl.searchParams.get('state');
+    const code = requestUrl.searchParams.get('code');
+    if (!state || state !== expectedState) {
+      sendHtmlResponse(response, 400, 'opencode-wizard plugin login failed', 'OAuth state did not match the login request.');
+      finalize({
+        status: 'error',
+        message: 'OAuth state did not match the login request.'
+      });
+      return;
+    }
+    if (!code) {
+      sendHtmlResponse(response, 400, 'opencode-wizard plugin login failed', 'OAuth callback did not include an authorization code.');
+      finalize({
+        status: 'error',
+        message: 'OAuth callback did not include an authorization code.'
+      });
+      return;
+    }
+    sendHtmlResponse(response, 200, 'opencode-wizard plugin callback received', 'Callback received. OpenCode is finalizing the backend session now.');
+    finalize({
+      status: 'success',
+      code,
+      state
+    });
+  });
+  server.on('error', error => {
+    fail(error instanceof Error ? error : new Error('Failed to start local OAuth callback server.'));
+  });
+  const close = async () => {
+    await new Promise((resolve, reject) => {
+      server.close(error => {
+        if (error) {
+          reject(error);
+          return;
+        }
+        resolve();
+      });
+    });
+  };
+  await new Promise((resolve, reject) => {
+    server.listen(24953, 'localhost', () => resolve());
+    server.once('error', reject);
+  });
+  signal.addEventListener('abort', () => {
+    fail(signal.reason instanceof Error ? signal.reason : new Error('OAuth login aborted.'));
+    void close().catch(() => undefined);
+  }, {
+    once: true
+  });
+  return {
+    callbackPromise,
+    close
+  };
+};
+const fetchPublishedSkillsGraphQl = async ({
+  worktree,
+  config,
+  query,
+  variables,
+  signal,
+  onAuthStateChanged
+}) => {
+  const authState = await resolveStoredAuthState(worktree, config);
+  const fetchedAt = new Date().toISOString();
+  if (!authState) {
+    return {
+      ok: false,
+      result: {
+        ok: false,
+        status: 'missing_auth',
+        authMode: 'missing',
+        message: 'No plugin session is stored. Interactive opencode_wizard_published_skills_fetch can bootstrap browser login automatically when needed.',
+        fetchedAt,
+        source: 'network'
+      }
+    };
+  }
+  let response;
+  try {
+    response = await fetch(config.graphqlUrl, {
+      method: 'POST',
+      headers: {
+        'content-type': 'application/json',
+        authorization: `Bearer ${authState.sessionToken}`
+      },
+      body: JSON.stringify({
+        query,
+        variables
+      }),
+      signal
+    });
+  } catch (error) {
+    return {
+      ok: false,
+      result: {
+        ok: false,
+        status: 'request_failed',
+        authMode: 'session',
+        message: error instanceof Error ? error.message : 'Unknown fetch error',
+        fetchedAt,
+        source: 'network'
+      }
+    };
+  }
+  if (response.status === 401 || response.status === 403) {
+    await deleteFileIfExists(path.resolve(worktree, config.authStatePath));
+    onAuthStateChanged?.();
+    return {
+      ok: false,
+      result: {
+        ok: false,
+        status: 'missing_auth',
+        authMode: 'session',
+        message: 'Stored plugin session was rejected by the backend. Retry opencode_wizard_published_skills_fetch to bootstrap a fresh browser login automatically.',
+        fetchedAt,
+        source: 'network'
+      }
+    };
+  }
+  if (!response.ok) {
+    return {
+      ok: false,
+      result: {
+        ok: false,
+        status: 'request_failed',
+        authMode: 'session',
+        message: `GraphQL request failed with HTTP ${response.status}.`,
+        fetchedAt,
+        source: 'network'
+      }
+    };
+  }
+  let body;
+  try {
+    body = await response.json();
+  } catch (error) {
+    return {
+      ok: false,
+      result: {
+        ok: false,
+        status: 'request_failed',
+        authMode: 'session',
+        message: `GraphQL response was not valid JSON: ${error instanceof Error ? error.message : 'Unknown parse error'}`,
+        fetchedAt,
+        source: 'network'
+      }
+    };
+  }
+  if (body.errors?.length) {
+    const message = body.errors.map(error => error.message).join('; ');
+    if (body.errors.some(error => isUnauthorizedGraphQlMessage(error.message))) {
+      await deleteFileIfExists(path.resolve(worktree, config.authStatePath));
+      onAuthStateChanged?.();
+      return {
+        ok: false,
+        result: {
+          ok: false,
+          status: 'missing_auth',
+          authMode: 'session',
+          message: 'Stored plugin session is no longer valid. Retry opencode_wizard_published_skills_fetch to bootstrap a fresh browser login automatically.',
+          fetchedAt,
+          source: 'network'
+        }
+      };
+    }
+    return {
+      ok: false,
+      result: {
+        ok: false,
+        status: 'request_failed',
+        authMode: 'session',
+        message,
+        fetchedAt,
+        source: 'network'
+      }
+    };
+  }
+  if (!body.data) {
+    return {
+      ok: false,
+      result: {
+        ok: false,
+        status: 'request_failed',
+        authMode: 'session',
+        message: 'GraphQL response did not include data.',
+        fetchedAt,
+        source: 'network'
+      }
+    };
+  }
+  return {
+    ok: true,
+    data: body.data,
+    fetchedAt
+  };
+};
+const fetchPublishedSkillsCatalog = async (worktree, config, resolution, signal, onAuthStateChanged) => {
+  const response = await fetchPublishedSkillsGraphQl({
+    worktree,
+    config,
+    query: PUBLISHED_SKILLS_CATALOG_QUERY,
+    variables: {
+      input: toDeliveryInput(resolution)
+    },
+    signal,
+    onAuthStateChanged
+  });
+  if (!response.ok) {
+    return response.result;
+  }
+  const payload = response.data.pluginPublishedSkills;
+  if (!payload) {
+    return {
+      ok: false,
+      status: 'request_failed',
+      authMode: 'session',
+      message: 'GraphQL response did not include pluginPublishedSkills.',
+      fetchedAt: response.fetchedAt,
+      source: 'network'
+    };
+  }
+  return {
+    ok: true,
+    status: 'ready',
+    authMode: 'session',
+    payload,
+    fetchedAt: response.fetchedAt,
+    source: 'network'
+  };
+};
+const fetchPublishedSkillDetail = async ({
+  worktree,
+  config,
+  resolution,
+  skillVersionId,
+  signal,
+  onAuthStateChanged,
+  purpose
+}) => {
+  const response = await fetchPublishedSkillsGraphQl({
+    worktree,
+    config,
+    query: PUBLISHED_SKILL_DETAIL_QUERY,
+    variables: {
+      input: {
+        ...toDeliveryInput(resolution),
+        skillVersionId,
+        purpose
+      }
+    },
+    signal,
+    onAuthStateChanged
+  });
+  if (!response.ok) {
+    return response;
+  }
+  const artifact = response.data.pluginPublishedSkillVersionArtifact;
+  if (!artifact) {
+    return {
+      ok: false,
+      result: {
+        ok: false,
+        status: 'not_found',
+        authMode: 'session',
+        message: 'Published skill detail is not effective for the current scope.',
+        fetchedAt: response.fetchedAt,
+        source: 'network'
+      }
+    };
+  }
+  return {
+    ok: true,
+    artifact
+  };
+};
+const toFetchFailureOutput = async ({
+  worktree,
+  config,
+  publishedSkillsResult,
+  loginBootstrapSnapshot
+}) => ({
+  output: await formatStatusOutput(worktree, config, publishedSkillsResult, loginBootstrapSnapshot),
+  metadata: {
+    status: publishedSkillsResult.fetchResult.status,
+    ...toWorkspaceResolutionMetadata(publishedSkillsResult.workspaceResolution),
+    source: publishedSkillsResult.fetchResult.source
+  }
+});
+const startLoginFlow = async signal => {
+  const discovery = await fetchOidcDiscoveryDocument(signal);
+  const codeVerifier = createRandomBase64Url(64);
+  const expectedState = createRandomBase64Url(32);
+  const codeChallenge = createCodeChallenge(codeVerifier);
+  const expiresAt = new Date(Date.now() + LOGIN_TIMEOUT_MS).toISOString();
+  const {
+    callbackPromise,
+    close
+  } = await startLocalCallbackServer({
+    expectedState,
+    signal
+  });
+  const browserUrl = new URL(discovery.authorization_endpoint);
+  browserUrl.searchParams.set('client_id', OIDC_CLIENT_ID);
+  browserUrl.searchParams.set('response_type', 'code');
+  browserUrl.searchParams.set('redirect_uri', OIDC_CALLBACK_URL);
+  browserUrl.searchParams.set('response_mode', 'query');
+  browserUrl.searchParams.set('scope', OIDC_SCOPES.join(' '));
+  browserUrl.searchParams.set('code_challenge', codeChallenge);
+  browserUrl.searchParams.set('code_challenge_method', 'S256');
+  browserUrl.searchParams.set('state', expectedState);
+  return {
+    browserUrl: browserUrl.toString(),
+    expiresAt,
+    codeVerifier,
+    expectedState,
+    callbackPromise,
+    closeCallbackServer: close
+  };
+};
+const createPluginSession = async ({
+  code,
+  codeVerifier,
+  redirectUri,
+  config,
+  signal
+}) => {
+  const response = await fetch(config.authSessionUrl, {
+    method: 'POST',
+    headers: {
+      'content-type': 'application/json'
+    },
+    body: JSON.stringify({
+      code,
+      codeVerifier,
+      redirectUri
+    }),
+    signal
+  });
+  const payload = await response.json().catch(() => null);
+  if (!response.ok) {
+    throw new Error(getMessageFromUnknownPayload(payload) ?? `Plugin session exchange failed with HTTP ${response.status}.`);
+  }
+  if (!payload || !('success' in payload) || payload.success !== true) {
+    throw new Error('Plugin session exchange returned an unexpected payload.');
+  }
+  return payload.session;
+};
+const emitPresenceEvent = async ({
+  config,
+  authState,
+  event,
+  workspacePath
+}) => {
+  for (let attempt = 1; attempt <= PRESENCE_EVENT_MAX_ATTEMPTS; attempt += 1) {
+    try {
+      const response = await fetch(config.presenceUrl, {
+        method: 'POST',
+        headers: {
+          'content-type': 'application/json',
+          authorization: `Bearer ${authState.sessionToken}`
+        },
+        body: JSON.stringify({
+          event,
+          occurredAt: new Date().toISOString(),
+          workspacePath
+        }),
+        keepalive: event === 'STOP',
+        signal: AbortSignal.timeout(PRESENCE_EVENT_TIMEOUT_MS)
+      });
+      if (response.ok) return;
+      if (!shouldRetryPresenceEvent(response.status) || attempt === PRESENCE_EVENT_MAX_ATTEMPTS) return;
+    } catch {
+      if (attempt === PRESENCE_EVENT_MAX_ATTEMPTS) return;
+    }
+    await wait(PRESENCE_EVENT_RETRY_DELAY_MS * attempt);
+  }
+};
+const emitPluginActionEvent = async ({
+  config,
+  authState,
+  event,
+  workspacePath,
+  directoryPath
+}) => {
+  if (!authState) return;
+  try {
+    await fetch(config.actionsUrl, {
+      method: 'POST',
+      headers: {
+        'content-type': 'application/json',
+        authorization: `Bearer ${authState.sessionToken}`
+      },
+      body: JSON.stringify({
+        event,
+        occurredAt: new Date().toISOString(),
+        workspacePath,
+        directoryPath
+      }),
+      keepalive: event === 'STOP',
+      signal: AbortSignal.timeout(PRESENCE_EVENT_TIMEOUT_MS)
+    });
+  } catch {
+    return;
+  }
+};
+const openBrowser = async url => {
+  try {
+    if (process.platform === 'darwin') {
+      await execFileAsync('open', [url]);
+      return null;
+    }
+    if (process.platform === 'win32') {
+      await execFileAsync('cmd', ['/c', 'start', '', url]);
+      return null;
+    }
+    await execFileAsync('xdg-open', [url]);
+    return null;
+  } catch (error) {
+    return error instanceof Error ? error.message : 'Failed to open browser automatically';
+  }
+};
+const normalizeDirectoryArg = (contextDirectory, directory) => {
+  return normalizeAbsolutePath(directory ? path.resolve(contextDirectory, directory) : contextDirectory);
+};
+const getDetailCacheKey = (workspaceResolution, skillVersionId) => {
+  return JSON.stringify([workspaceResolution.cacheKey, skillVersionId]);
+};
+const getDetailInflightKey = (workspaceResolution, skillVersionId, purpose) => {
+  return JSON.stringify([workspaceResolution.cacheKey, skillVersionId, purpose]);
+};
+const OpencodeWizardSkillsPlugin = async input => {
+  const {
+    tool
+  } = await importOpencodePluginModule('@opencode-ai/plugin');
+  const config = await resolveConfig(input.worktree);
+  const workspacePath = normalizeAbsolutePath(input.worktree);
+  const cache = new Map();
+  const catalogInflight = new Map();
+  const detailCache = new Map();
+  const detailInflight = new Map();
+  const authStateFile = path.resolve(input.worktree, config.authStatePath);
+  const initialAuthState = await resolveStoredAuthState(input.worktree, config);
+  const loginBootstrap = {
+    promise: null,
+    snapshot: createIdleLoginBootstrapSnapshot()
+  };
+  let lastAuthenticatedAuthState = initialAuthState;
+  let didEmitStart = false;
+  let didScheduleStop = false;
+  let presenceStartPromise = null;
+  let presenceStopPromise = null;
+  let lastInteractiveDirectoryPath = null;
+  const resolveActionAuthState = async () => {
+    const storedAuthState = await resolveStoredAuthState(input.worktree, config);
+    if (storedAuthState) return storedAuthState;
+    return lastAuthenticatedAuthState;
+  };
+  const emitActionEventForCurrentSession = async ({
+    event,
+    authState,
+    directoryPath
+  }) => {
+    await emitPluginActionEvent({
+      config,
+      authState: authState ?? (await resolveActionAuthState()),
+      event,
+      workspacePath,
+      directoryPath
+    });
+  };
+  const schedulePresenceStart = authState => {
+    lastAuthenticatedAuthState = authState;
+    if (didEmitStart) {
+      return presenceStartPromise ?? Promise.resolve();
+    }
+    didEmitStart = true;
+    presenceStartPromise = Promise.all([emitPresenceEvent({
+      config,
+      authState,
+      event: 'START',
+      workspacePath
+    }), emitActionEventForCurrentSession({
+      event: 'START',
+      authState,
+      directoryPath: lastInteractiveDirectoryPath ?? undefined
+    })]).then(() => undefined);
+    return presenceStartPromise;
+  };
+  const schedulePresenceStop = () => {
+    if (didScheduleStop) {
+      return presenceStopPromise ?? Promise.resolve();
+    }
+    didScheduleStop = true;
+    if (!didEmitStart || !lastAuthenticatedAuthState) {
+      presenceStopPromise = Promise.resolve();
+      return presenceStopPromise;
+    }
+    presenceStopPromise = (async () => {
+      await presenceStartPromise?.catch(() => undefined);
+      await Promise.all([emitPresenceEvent({
+        config,
+        authState: lastAuthenticatedAuthState,
+        event: 'STOP',
+        workspacePath
+      }), emitActionEventForCurrentSession({
+        event: 'STOP',
+        authState: lastAuthenticatedAuthState,
+        directoryPath: lastInteractiveDirectoryPath ?? undefined
+      })]);
+    })();
+    return presenceStopPromise;
+  };
+  const scheduleInteractivePresenceStart = async () => {
+    const authState = await resolveStoredAuthState(input.worktree, config);
+    if (!authState) return;
+    await schedulePresenceStart(authState);
+  };
+  process.once('beforeExit', () => {
+    void schedulePresenceStop();
+  });
+  for (const shutdownSignal of PRESENCE_SHUTDOWN_SIGNALS) {
+    try {
+      process.once(shutdownSignal, () => {
+        void schedulePresenceStop().finally(() => {
+          process.exit(PRESENCE_SIGNAL_EXIT_CODES[shutdownSignal]);
+        });
+      });
+    } catch {
+      continue;
+    }
+  }
+  const clearPublishedSkillState = () => {
+    cache.clear();
+    catalogInflight.clear();
+    detailCache.clear();
+    detailInflight.clear();
+  };
+  const persistAuthState = async session => {
+    const authState = toAuthState(session);
+    await writeAuthState(authStateFile, authState);
+    clearPublishedSkillState();
+    return authState;
+  };
+  const startLoginCompletion = trigger => {
+    if (loginBootstrap.promise) {
+      return loginBootstrap.promise;
+    }
+    const startedAt = new Date().toISOString();
+    loginBootstrap.snapshot = {
+      status: 'starting',
+      trigger,
+      startedAt,
+      expiresAt: null,
+      browserUrl: null,
+      browserOpenError: null,
+      email: null,
+      message: null
+    };
+    const loginPromise = (async () => {
+      const loginSignal = AbortSignal.timeout(LOGIN_TIMEOUT_MS);
+      const loginStart = await startLoginFlow(loginSignal);
+      const browserOpenError = await openBrowser(loginStart.browserUrl);
+      loginBootstrap.snapshot = {
+        status: 'pending',
+        trigger,
+        startedAt,
+        expiresAt: loginStart.expiresAt,
+        browserUrl: loginStart.browserUrl,
+        browserOpenError,
+        email: null,
+        message: browserOpenError ? `Automatic browser open failed. Open ${loginStart.browserUrl} manually.` : 'Browser login started for published skill fetch.'
+      };
+      try {
+        const callbackPayload = await loginStart.callbackPromise;
+        if (callbackPayload.status === 'error') {
+          throw new Error(callbackPayload.message);
+        }
+        if (callbackPayload.state !== loginStart.expectedState) {
+          throw new Error('OAuth callback state did not match the original login request.');
+        }
+        loginBootstrap.snapshot = {
+          status: 'pending',
+          trigger,
+          startedAt,
+          expiresAt: loginStart.expiresAt,
+          browserUrl: loginStart.browserUrl,
+          browserOpenError,
+          email: null,
+          message: 'OAuth callback received. Finalizing backend session exchange.'
+        };
+        const pluginSession = await createPluginSession({
+          code: callbackPayload.code,
+          codeVerifier: loginStart.codeVerifier,
+          redirectUri: OIDC_CALLBACK_URL,
+          config,
+          signal: loginSignal
+        });
+        const authState = await persistAuthState(pluginSession);
+        await emitActionEventForCurrentSession({
+          event: 'LOGIN_SUCCESS',
+          authState,
+          directoryPath: lastInteractiveDirectoryPath ?? undefined
+        });
+        loginBootstrap.snapshot = {
+          status: 'authenticated',
+          trigger,
+          startedAt,
+          expiresAt: authState.expiresAt,
+          browserUrl: loginStart.browserUrl,
+          browserOpenError,
+          email: authState.email,
+          message: 'Browser login completed successfully for published skill fetch.'
+        };
+        return authState;
+      } catch (error) {
+        await emitActionEventForCurrentSession({
+          event: 'LOGIN_FAILED',
+          directoryPath: lastInteractiveDirectoryPath ?? undefined
+        });
+        loginBootstrap.snapshot = {
+          status: 'failed',
+          trigger,
+          startedAt,
+          expiresAt: loginBootstrap.snapshot.expiresAt,
+          browserUrl: loginBootstrap.snapshot.browserUrl,
+          browserOpenError: loginBootstrap.snapshot.browserOpenError,
+          email: null,
+          message: error instanceof Error ? error.message : 'Browser login failed.'
+        };
+        throw error;
+      } finally {
+        await loginStart.closeCallbackServer().catch(() => undefined);
+        loginBootstrap.promise = null;
+      }
+    })();
+    loginBootstrap.promise = loginPromise;
+    return loginPromise;
+  };
+  const loadPublishedSkillCatalog = async ({
+    directory,
+    useCache,
+    signal
+  }) => {
+    const workspaceResolution = await resolveWorkspace({
+      config,
+      directory
+    });
+    const directoryPath = workspaceResolution.directoryPath;
+    const cacheKey = workspaceResolution.cacheKey;
+    const cached = cache.get(cacheKey);
+    if (useCache && cached && cached.expiresAt > Date.now()) {
+      return {
+        directoryPath,
+        workspaceResolution,
+        fetchResult: {
+          ...cached.result,
+          source: 'cache'
+        }
+      };
+    }
+    const inflight = catalogInflight.get(cacheKey);
+    if (inflight) {
+      return inflight;
+    }
+    const requestPromise = (async () => {
+      const fetchResult = await fetchPublishedSkillsCatalog(input.worktree, config, workspaceResolution, signal, clearPublishedSkillState);
+      cache.set(cacheKey, {
+        result: fetchResult,
+        expiresAt: Date.now() + CACHE_TTL_MS
+      });
+      return {
+        directoryPath,
+        workspaceResolution,
+        fetchResult
+      };
+    })();
+    catalogInflight.set(cacheKey, requestPromise);
+    try {
+      return await requestPromise;
+    } finally {
+      catalogInflight.delete(cacheKey);
+    }
+  };
+  const loadPublishedSkillDetail = async ({
+    workspaceResolution,
+    item,
+    signal,
+    useCache,
+    purpose
+  }) => {
+    const directoryPath = workspaceResolution.directoryPath;
+    const cacheKey = getDetailCacheKey(workspaceResolution, item.skillVersion.id);
+    const inflightKey = getDetailInflightKey(workspaceResolution, item.skillVersion.id, purpose);
+    const cached = detailCache.get(cacheKey);
+    if (purpose === 'SYSTEM_CONTEXT' && useCache && cached && cached.expiresAt > Date.now()) {
+      return {
+        ok: true,
+        detail: toPublishedSkillDetail({
+          ...item,
+          publishedArtifact: cached.artifact
+        })
+      };
+    }
+    const inflight = detailInflight.get(inflightKey);
+    if (inflight) {
+      return inflight;
+    }
+    const requestPromise = (async () => {
+      const detailResult = await fetchPublishedSkillDetail({
+        worktree: input.worktree,
+        config,
+        resolution: workspaceResolution,
+        skillVersionId: item.skillVersion.id,
+        signal,
+        onAuthStateChanged: clearPublishedSkillState,
+        purpose
+      });
+      if (!detailResult.ok) {
+        return {
+          ok: false,
+          status: detailResult.result.status,
+          output: JSON.stringify({
+            pluginId: PLUGIN_ID,
+            runtimeMode: 'tool_fetch_only',
+            status: detailResult.result.status,
+            requestedDirectoryPath: directoryPath,
+            workspaceResolution: toWorkspaceResolutionOutput(workspaceResolution),
+            requestedSkillVersionId: item.skillVersion.id,
+            message: detailResult.result.message,
+            fetchedAt: detailResult.result.fetchedAt,
+            source: detailResult.result.source
+          }, null, 2),
+          metadata: {
+            status: detailResult.result.status,
+            ...toWorkspaceResolutionMetadata(workspaceResolution),
+            source: detailResult.result.source
+          }
+        };
+      }
+      detailCache.set(cacheKey, {
+        artifact: detailResult.artifact,
+        expiresAt: Date.now() + CACHE_TTL_MS
+      });
+      return {
+        ok: true,
+        detail: toPublishedSkillDetail({
+          ...item,
+          publishedArtifact: detailResult.artifact
+        })
+      };
+    })();
+    detailInflight.set(inflightKey, requestPromise);
+    try {
+      return await requestPromise;
+    } finally {
+      detailInflight.delete(inflightKey);
+    }
+  };
+  const loadSystemNoteDetails = async ({
+    publishedSkillsResult,
+    signal
+  }) => {
+    if (!publishedSkillsResult.fetchResult.ok) return [];
+    const prioritizedItems = [...publishedSkillsResult.fetchResult.payload.skills].sort((left, right) => {
+      const leftSummary = toPublishedSkillSummary(left);
+      const rightSummary = toPublishedSkillSummary(right);
+      if (leftSummary.contextKind === rightSummary.contextKind) return formatSkillLabel(left).localeCompare(formatSkillLabel(right));
+      if (leftSummary.contextKind === 'global') return -1;
+      if (rightSummary.contextKind === 'global') return 1;
+      return 0;
+    });
+    const detailResults = await Promise.all(prioritizedItems.slice(0, SYSTEM_NOTE_DETAIL_LIMIT).map(item => loadPublishedSkillDetail({
+      workspaceResolution: publishedSkillsResult.workspaceResolution,
+      item,
+      signal,
+      useCache: true,
+      purpose: 'SYSTEM_CONTEXT'
+    })));
+    return detailResults.reduce((details, result) => {
+      if (!result.ok) return details;
+      details.push(result.detail);
+      return details;
+    }, []);
+  };
+  const executePublishedSkillsFetchTool = async ({
+    args,
+    context
+  }) => {
+    const requestedDirectory = normalizeDirectoryArg(context.directory, args.directory);
+    const requestedSkills = parseRequestedSkillArgs(args);
+    const fetchActionDirectoryPath = normalizeRepositoryPath(workspacePath, requestedDirectory);
+    lastInteractiveDirectoryPath = fetchActionDirectoryPath;
+    const emitFetchOutcome = async event => {
+      await emitActionEventForCurrentSession({
+        event,
+        directoryPath: fetchActionDirectoryPath
+      });
+    };
+    let publishedSkillsResult = await loadPublishedSkillCatalog({
+      directory: requestedDirectory,
+      useCache: !args.refresh,
+      signal: context.abort
+    });
+    if (publishedSkillsResult.fetchResult.ok) {
+      await scheduleInteractivePresenceStart();
+    }
+    if (!publishedSkillsResult.fetchResult.ok && publishedSkillsResult.fetchResult.status === 'missing_auth') {
+      try {
+        await startLoginCompletion('fetch').then(async authState => {
+          await schedulePresenceStart(authState);
+        });
+        publishedSkillsResult = await loadPublishedSkillCatalog({
+          directory: requestedDirectory,
+          useCache: false,
+          signal: context.abort
+        });
+        if (publishedSkillsResult.fetchResult.ok) {
+          await scheduleInteractivePresenceStart();
+        }
+      } catch {
+        // Return the original fetch failure with the latest login bootstrap snapshot attached.
+      }
+    }
+    if (!publishedSkillsResult.fetchResult.ok) {
+      await emitFetchOutcome('FETCH_FAILED');
+      return toFetchFailureOutput({
+        worktree: input.worktree,
+        config,
+        publishedSkillsResult,
+        loginBootstrapSnapshot: loginBootstrap.snapshot
+      });
+    }
+    const selection = selectPublishedSkills(publishedSkillsResult.fetchResult.payload, requestedSkills);
+    const isSingleRequest = requestedSkills.length === 1;
+    if (requestedSkills.length === 0) {
+      const catalog = toPublishedSkillCatalog(publishedSkillsResult.fetchResult.payload);
+      context.metadata({
+        title: `opencode-wizard published skills catalog: ${catalog.publishedSkillCount}`,
+        metadata: {
+          ...toWorkspaceResolutionMetadata(publishedSkillsResult.workspaceResolution),
+          status: 'ready',
+          publishedSkillCount: catalog.publishedSkillCount.toString(),
+          globalAssignmentCount: catalog.assignmentCounts.global.toString(),
+          projectAssignmentCount: catalog.assignmentCounts.project.toString()
+        }
+      });
+      await emitFetchOutcome('FETCH_SUCCESS');
+      return {
+        output: JSON.stringify({
+          ...catalog,
+          status: 'ready',
+          requestedDirectoryPath: publishedSkillsResult.directoryPath,
+          workspaceResolution: toWorkspaceResolutionOutput(publishedSkillsResult.workspaceResolution),
+          fetchedAt: publishedSkillsResult.fetchResult.fetchedAt,
+          source: publishedSkillsResult.fetchResult.source,
+          message: 'Catalog discovery only. Provide `skill` or `skills` to fetch markdown bodies/details for selected skills.'
+        }, null, 2),
+        metadata: {
+          status: 'ready',
+          ...toWorkspaceResolutionMetadata(publishedSkillsResult.workspaceResolution),
+          publishedSkillCount: catalog.publishedSkillCount.toString()
+        }
+      };
+    }
+    if (selection.selectedItems.length === 0 && isSingleRequest) {
+      await emitFetchOutcome('FETCH_FAILED');
+      return {
+        output: JSON.stringify({
+          pluginId: PLUGIN_ID,
+          runtimeMode: 'tool_fetch_only',
+          status: 'not_found',
+          requestedDirectoryPath: publishedSkillsResult.directoryPath,
+          workspaceResolution: toWorkspaceResolutionOutput(publishedSkillsResult.workspaceResolution),
+          requestedSkill: requestedSkills[0],
+          availableSkills: publishedSkillsResult.fetchResult.payload.skills.map(toPublishedSkillSummary)
+        }, null, 2),
+        metadata: {
+          status: 'not_found',
+          ...toWorkspaceResolutionMetadata(publishedSkillsResult.workspaceResolution)
+        }
+      };
+    }
+    let skillDetailResults = await Promise.all(selection.selectedItems.map(item => loadPublishedSkillDetail({
+      workspaceResolution: publishedSkillsResult.workspaceResolution,
+      item,
+      signal: context.abort,
+      useCache: !args.refresh,
+      purpose: 'TOOL_FETCH'
+    })));
+    if (skillDetailResults.some(result => !result.ok && result.status === 'missing_auth')) {
+      try {
+        await startLoginCompletion('fetch').then(async authState => {
+          await schedulePresenceStart(authState);
+        });
+        skillDetailResults = await Promise.all(selection.selectedItems.map(item => loadPublishedSkillDetail({
+          workspaceResolution: publishedSkillsResult.workspaceResolution,
+          item,
+          signal: context.abort,
+          useCache: false,
+          purpose: 'TOOL_FETCH'
+        })));
+      } catch {
+        // Return the original detail failure after the login bootstrap attempt updates snapshot state.
+      }
+    }
+    const failedSkillDetail = skillDetailResults.find(result => !result.ok);
+    if (failedSkillDetail && !failedSkillDetail.ok) {
+      await emitFetchOutcome('FETCH_FAILED');
+      return failedSkillDetail;
+    }
+    const skillDetails = skillDetailResults.map(result => {
+      if (!result.ok) {
+        throw new Error('Published skill detail result unexpectedly missing after success guard.');
+      }
+      return result.detail;
+    });
+    if (isSingleRequest && skillDetails[0]) {
+      const detail = skillDetails[0];
+      context.metadata({
+        title: `opencode-wizard published skill: ${detail.artifactName || detail.skillName}`,
+        metadata: {
+          ...toWorkspaceResolutionMetadata(publishedSkillsResult.workspaceResolution),
+          skillSlug: detail.skillSlug,
+          version: detail.version
+        }
+      });
+      await emitFetchOutcome('FETCH_SUCCESS');
+      return {
+        output: JSON.stringify({
+          pluginId: PLUGIN_ID,
+          runtimeMode: 'tool_fetch_only',
+          requestedDirectoryPath: publishedSkillsResult.directoryPath,
+          workspaceResolution: toWorkspaceResolutionOutput(publishedSkillsResult.workspaceResolution),
+          workspace: publishedSkillsResult.fetchResult.payload.workspace,
+          fetchedAt: publishedSkillsResult.fetchResult.fetchedAt,
+          source: publishedSkillsResult.fetchResult.source,
+          skill: detail
+        }, null, 2),
+        metadata: {
+          status: 'ready',
+          ...toWorkspaceResolutionMetadata(publishedSkillsResult.workspaceResolution),
+          skillSlug: detail.skillSlug
+        }
+      };
+    }
+    context.metadata({
+      title: `opencode-wizard published skills fetch: ${skillDetails.length}`,
+      metadata: {
+        ...toWorkspaceResolutionMetadata(publishedSkillsResult.workspaceResolution),
+        requestedCount: requestedSkills.length.toString(),
+        matchedCount: skillDetails.length.toString()
+      }
+    });
+    await emitFetchOutcome('FETCH_SUCCESS');
+    return {
+      output: JSON.stringify({
+        pluginId: PLUGIN_ID,
+        runtimeMode: 'tool_fetch_only',
+        requestedDirectoryPath: publishedSkillsResult.directoryPath,
+        workspaceResolution: toWorkspaceResolutionOutput(publishedSkillsResult.workspaceResolution),
+        workspace: publishedSkillsResult.fetchResult.payload.workspace,
+        fetchedAt: publishedSkillsResult.fetchResult.fetchedAt,
+        source: publishedSkillsResult.fetchResult.source,
+        requestedSkills,
+        missingSkills: selection.missingIdentifiers,
+        skills: skillDetails
+      }, null, 2),
+      metadata: {
+        status: selection.missingIdentifiers.length > 0 ? 'partial' : 'ready',
+        ...toWorkspaceResolutionMetadata(publishedSkillsResult.workspaceResolution),
+        matchedCount: skillDetails.length.toString()
+      }
+    };
+  };
+  return {
+    tool: {
+      opencode_wizard_published_skills_fetch: tool({
+        description: 'Fetch one or multiple published skill bodies/details for the current scope; call with no args to discover the catalog and bootstrap auth when needed',
+        args: {
+          skill: tool.schema.string().optional().describe('Single skill slug, artifact name, or skill name'),
+          skills: tool.schema.string().optional().describe('One or more comma-separated or newline-separated skill slugs, artifact names, or skill names'),
+          directory: tool.schema.string().optional().describe('Optional absolute or relative directory override'),
+          refresh: tool.schema.boolean().optional().describe('Bypass the local plugin cache for this request')
+        },
+        async execute(args, context) {
+          return executePublishedSkillsFetchTool({
+            args,
+            context
+          });
+        }
+      })
+    },
+    'experimental.chat.system.transform': async (_hookInput, output) => {
+      const publishedSkillsResult = await loadPublishedSkillCatalog({
+        directory: input.directory,
+        useCache: true,
+        signal: AbortSignal.timeout(5_000)
+      });
+      if (!publishedSkillsResult.fetchResult.ok && publishedSkillsResult.fetchResult.status === 'missing_auth') {
+        output.system.push('opencode-wizard plugin stored auth is missing, expired, or rejected. Passive startup will not open browser login; use opencode_wizard_published_skills_fetch interactively to authenticate when published skills are needed. No tokens are exposed.');
+        return;
+      }
+      const details = await loadSystemNoteDetails({
+        publishedSkillsResult,
+        signal: AbortSignal.timeout(5_000)
+      });
+      const systemNote = buildSystemNote(publishedSkillsResult, config, details);
+      if (!systemNote) return;
+      output.system.push(systemNote);
+    }
+  };
+};
+export default {
+  id: PLUGIN_ID,
+  server: OpencodeWizardSkillsPlugin
+};
+//# sourceMappingURL=server.js.map