@agent-nexus/csreg 0.1.0 → 0.1.2

package/README.md

@@ -0,0 +1,118 @@
+# @agent-nexus/csreg
+
+CLI for the Claude Skills Registry — publish, install, and manage reusable Claude skills.
+
+## Installation
+
+```bash
+npm install -g @agent-nexus/csreg
+```
+
+## Quick Start
+
+```bash
+# Authenticate with the registry
+csreg login --token <your-token>
+
+# Initialize a new skill project
+csreg init my-skill
+
+# Validate, pack, and publish
+csreg validate
+csreg push
+```
+
+## Commands
+
+### Authentication
+
+| Command | Description |
+| --- | --- |
+| `csreg login [--token <token>]` | Authenticate with the Skills Registry |
+| `csreg logout` | Remove stored authentication credentials |
+| `csreg whoami` | Display the currently authenticated user |
+
+### Skill Development
+
+| Command | Description |
+| --- | --- |
+| `csreg init [dir]` | Initialize a new skill project |
+| `csreg validate [dir]` | Validate a skill package |
+| `csreg pack [dir]` | Pack a skill into a tarball |
+| `csreg push [dir]` | Publish a skill to the registry |
+
+### Skill Discovery & Installation
+
+| Command | Description |
+| --- | --- |
+| `csreg search <query>` | Search for skills in the registry |
+| `csreg info <scope/name>` | Display details about a skill |
+| `csreg versions <scope/name>` | List all versions of a skill |
+| `csreg pull [ref]` | Download and install a skill |
+
+## Usage
+
+### Publishing a Skill
+
+```bash
+# Create a new skill
+csreg init my-skill
+cd my-skill
+
+# Edit your skill files, then validate
+csreg validate
+
+# Publish to the registry
+csreg push
+```
+
+### Installing a Skill
+
+```bash
+# Install a specific skill
+csreg pull @scope/skill-name
+
+# Install a specific version
+csreg pull @scope/skill-name@1.2.0
+
+# Install all skills listed in .claude/skills.json
+csreg pull --all
+```
+
+### Searching for Skills
+
+```bash
+# Search by keyword
+csreg search "code review"
+
+# Filter by type
+csreg search "linting" --type prompt
+
+# Limit results
+csreg search "testing" --limit 5
+```
+
+### Bulk Operations
+
+```bash
+# Validate all skills in .claude/skills/
+csreg validate --all
+
+# Push all skills in .claude/skills/
+csreg push --all
+```
+
+## Configuration
+
+The CLI stores its configuration in `~/.config/csreg/config.json`.
+
+You can override settings with environment variables:
+
+| Variable | Description |
+| --- | --- |
+| `CSREG_API_URL` | Override the registry API URL |
+| `CSREG_TOKEN` | Provide an auth token (skips stored credentials) |
+
+## License
+
+MIT

package/dist/index.js

@@ -27,11 +27,11 @@ function getConfig() {
 function setConfig(updates) {
   const current = getConfig();
   const merged = { ...current, ...updates };
-  mkdirSync(CONFIG_DIR, { recursive: true });
-  writeFileSync(CONFIG_PATH, JSON.stringify(merged, null, 2) + "\n", "utf-8");
+  mkdirSync(CONFIG_DIR, { recursive: true, mode: 448 });
+  writeFileSync(CONFIG_PATH, JSON.stringify(merged, null, 2) + "\n", { encoding: "utf-8", mode: 384 });
 }
 function getApiUrl() {
-  return process.env.CSREG_API_URL ?? getConfig().apiUrl ?? "http://localhost:3000";
+  return process.env.CSREG_API_URL ?? getConfig().apiUrl ?? "https://csreg.nexus";
 }
 function getAuthToken() {
   return process.env.CSREG_TOKEN ?? getConfig().token;
@@ -355,7 +355,7 @@ For example: \`/my-skill some-argument\` makes \`$ARGUMENTS\` = "some-argument".
 // src/commands/validate.ts
 import { Command as Command5 } from "commander";
 import { resolve as resolve3, join as join5, basename } from "path";
-import { existsSync as existsSync5, statSync, readdirSync as readdirSync2 } from "fs";
+import { existsSync as existsSync5, statSync, readdirSync as readdirSync2, lstatSync } from "fs";
 
 // src/lib/manifest.ts
 import { readFileSync as readFileSync2, existsSync as existsSync3 } from "fs";
@@ -482,6 +482,8 @@ function collectFiles(dir, prefix = "") {
   for (const entry of entries) {
     if (entry.name === "node_modules" || entry.name === ".git") continue;
     const fullPath = join5(dir, entry.name);
+    const lstat = lstatSync(fullPath);
+    if (lstat.isSymbolicLink()) continue;
     const relativePath = prefix ? `${prefix}/${entry.name}` : entry.name;
     if (entry.isDirectory()) {
       files.push(...collectFiles(fullPath, relativePath));
@@ -609,6 +611,7 @@ import { readFile } from "fs/promises";
 import { createHash } from "crypto";
 import { join as join6, basename as basename2 } from "path";
 import { create as tarCreate, extract as tarExtract } from "tar";
+var MAX_ARCHIVE_SIZE = 10 * 1024 * 1024;
 async function computeSha256(filePath) {
   const data = await readFile(filePath);
   return createHash("sha256").update(data).digest("hex");
@@ -626,6 +629,12 @@ async function pack(dir, outputPath) {
   );
   const sha256 = await computeSha256(archivePath);
   const stat = statSync2(archivePath);
+  if (stat.size > MAX_ARCHIVE_SIZE) {
+    throw new CliError(
+      `Archive size ${(stat.size / 1024 / 1024).toFixed(1)}MB exceeds the 10MB limit.`,
+      ["Remove unnecessary files or assets to reduce the package size."]
+    );
+  }
   return {
     path: archivePath,
     sha256,
@@ -642,7 +651,8 @@ async function extract(archivePath, outputDir, expectedSha256) {
   }
   await tarExtract({
     file: archivePath,
-    cwd: outputDir
+    cwd: outputDir,
+    filter: (path) => !path.includes("..")
   });
 }
 
@@ -676,7 +686,7 @@ var packCommand = new Command6("pack").description("Pack a skill into a tarball"
 // src/commands/push.ts
 import { Command as Command7 } from "commander";
 import { resolve as resolve5, join as join7, basename as basename3 } from "path";
-import { existsSync as existsSync7, readFileSync as readFileSync3, statSync as statSync3, readdirSync as readdirSync3 } from "fs";
+import { existsSync as existsSync7, readFileSync as readFileSync3, statSync as statSync3, readdirSync as readdirSync3, lstatSync as lstatSync2 } from "fs";
 import { createHash as createHash2 } from "crypto";
 function collectFileTree(dir, prefix = "") {
   const files = [];
@@ -684,6 +694,8 @@ function collectFileTree(dir, prefix = "") {
   for (const entry of entries) {
     if (entry.name === "node_modules" || entry.name === ".git") continue;
     const fullPath = join7(dir, entry.name);
+    const lstat = lstatSync2(fullPath);
+    if (lstat.isSymbolicLink()) continue;
     const relativePath = prefix ? `${prefix}/${entry.name}` : entry.name;
     if (entry.isDirectory()) {
       files.push(...collectFileTree(fullPath, relativePath));
@@ -921,6 +933,12 @@ async function pullSkill(scope, name, version, targetDir) {
   }
   const arrayBuffer = await response.arrayBuffer();
   const archiveData = Buffer.from(arrayBuffer);
+  if (archiveData.length > MAX_ARCHIVE_SIZE) {
+    spin.fail("Archive too large.");
+    throw new CliError(
+      `Archive size ${(archiveData.length / 1024 / 1024).toFixed(1)}MB exceeds the 10MB limit.`
+    );
+  }
   const actualSha = createHash3("sha256").update(archiveData).digest("hex");
   if (actualSha !== downloadInfo.archiveSha256) {
     spin.fail("Integrity check failed.");

package/package.json

@@ -1,7 +1,8 @@
 {
   "name": "@agent-nexus/csreg",
-  "version": "0.1.0",
+  "version": "0.1.2",
   "description": "CLI for Claude Skills Registry",
+  "license": "MIT",
   "type": "module",
   "bin": {
     "csreg": "./dist/index.js"
@@ -9,7 +10,9 @@
   "scripts": {
     "build": "tsup",
     "dev": "tsx src/index.ts",
-    "test": "vitest run"
+    "test": "vitest run",
+    "prepublishOnly": "npm run build",
+    "release": "npm version patch && npm publish"
   },
   "dependencies": {
     "commander": "^13.0.0",
@@ -22,8 +25,19 @@
     "cli-table3": "^0.6.0",
     "glob": "^11.0.0"
   },
+  "files": [
+    "dist",
+    "README.md"
+  ],
+  "keywords": [
+    "claude",
+    "skills",
+    "registry",
+    "cli",
+    "ai"
+  ],
   "publishConfig": {
-    "access": "restricted"
+    "access": "public"
   },
   "devDependencies": {
     "tsup": "^8.0.0",

package/src/api-client.ts

@@ -1,145 +0,0 @@
-import { getApiUrl, getAuthToken } from './config.js';
-import { CliError } from './lib/errors.js';
-
-interface Rfc7807Error {
-  type?: string;
-  title?: string;
-  detail?: string;
-  status?: number;
-}
-
-interface RequestOptions {
-  body?: unknown;
-  headers?: Record<string, string>;
-  query?: Record<string, string>;
-}
-
-const MAX_RETRIES = 3;
-const BASE_DELAY_MS = 500;
-
-export class ApiClient {
-  private baseUrl: string;
-  private token: string | undefined;
-
-  constructor() {
-    this.baseUrl = getApiUrl();
-    this.token = getAuthToken();
-  }
-
-  private buildUrl(path: string, query?: Record<string, string>): string {
-    const url = new URL(path, this.baseUrl);
-    if (query) {
-      for (const [key, value] of Object.entries(query)) {
-        url.searchParams.set(key, value);
-      }
-    }
-    return url.toString();
-  }
-
-  private buildHeaders(extra?: Record<string, string>): Record<string, string> {
-    const headers: Record<string, string> = {
-      'Content-Type': 'application/json',
-      'Accept': 'application/json',
-      ...extra,
-    };
-    if (this.token) {
-      headers['Authorization'] = `Bearer ${this.token}`;
-    }
-    return headers;
-  }
-
-  private async handleResponse<T>(response: Response): Promise<T> {
-    if (response.ok) {
-      if (response.status === 204) {
-        return undefined as T;
-      }
-      return response.json() as Promise<T>;
-    }
-
-    let errorBody: Rfc7807Error | undefined;
-    try {
-      errorBody = await response.json() as Rfc7807Error;
-    } catch {
-      // response body was not JSON
-    }
-
-    const detail = errorBody?.detail ?? response.statusText;
-    const title = errorBody?.title ?? `HTTP ${response.status}`;
-    const suggestions: string[] = [];
-
-    if (response.status === 401) {
-      suggestions.push('Run `csreg login` to authenticate.');
-    } else if (response.status === 403) {
-      suggestions.push('You may not have permission for this action.');
-    } else if (response.status === 404) {
-      suggestions.push('Check that the skill name and scope are correct.');
-    }
-
-    throw new CliError(`${title}: ${detail}`, suggestions);
-  }
-
-  private async requestWithRetry<T>(
-    method: string,
-    path: string,
-    opts?: RequestOptions,
-  ): Promise<T> {
-    const url = this.buildUrl(path, opts?.query);
-    const headers = this.buildHeaders(opts?.headers);
-
-    let lastError: unknown;
-    for (let attempt = 0; attempt < MAX_RETRIES; attempt++) {
-      try {
-        const response = await fetch(url, {
-          method,
-          headers,
-          body: opts?.body !== undefined ? JSON.stringify(opts.body) : undefined,
-        });
-
-        if (response.status >= 500 && attempt < MAX_RETRIES - 1) {
-          const delay = BASE_DELAY_MS * Math.pow(2, attempt);
-          await new Promise(resolve => setTimeout(resolve, delay));
-          continue;
-        }
-
-        return await this.handleResponse<T>(response);
-      } catch (error) {
-        lastError = error;
-        if (error instanceof CliError) {
-          throw error;
-        }
-        if (attempt < MAX_RETRIES - 1) {
-          const delay = BASE_DELAY_MS * Math.pow(2, attempt);
-          await new Promise(resolve => setTimeout(resolve, delay));
-          continue;
-        }
-      }
-    }
-
-    throw lastError instanceof CliError
-      ? lastError
-      : new CliError(`Request failed: ${String(lastError)}`, [
-          'Check your internet connection.',
-          'The API server may be unavailable.',
-        ]);
-  }
-
-  async get<T>(path: string, opts?: RequestOptions): Promise<T> {
-    return this.requestWithRetry<T>('GET', path, opts);
-  }
-
-  async post<T>(path: string, opts?: RequestOptions): Promise<T> {
-    return this.requestWithRetry<T>('POST', path, opts);
-  }
-
-  async put<T>(path: string, opts?: RequestOptions): Promise<T> {
-    return this.requestWithRetry<T>('PUT', path, opts);
-  }
-
-  async patch<T>(path: string, opts?: RequestOptions): Promise<T> {
-    return this.requestWithRetry<T>('PATCH', path, opts);
-  }
-
-  async delete<T>(path: string, opts?: RequestOptions): Promise<T> {
-    return this.requestWithRetry<T>('DELETE', path, opts);
-  }
-}

package/src/commands/info.ts

@@ -1,71 +0,0 @@
-import { Command } from 'commander';
-import chalk from 'chalk';
-import { ApiClient } from '../api-client.js';
-import { handleError, CliError } from '../lib/errors.js';
-
-interface SkillInfo {
-  name: string;
-  scope: string;
-  description?: string;
-  type: string;
-  latestVersion: string;
-  totalDownloads: number;
-  tags: string[];
-  createdAt: string;
-  updatedAt: string;
-  author?: { displayName: string; email: string };
-}
-
-export const infoCommand = new Command('info')
-  .description('Display details about a skill')
-  .argument('<ref>', 'Skill reference (scope/name)')
-  .action(async (ref: string) => {
-    try {
-      const cleaned = ref.startsWith('@') ? ref.slice(1) : ref;
-      const slashIndex = cleaned.indexOf('/');
-      if (slashIndex < 0) {
-        throw new CliError(`Invalid skill reference: ${ref}`, [
-          'Use the format: @scope/name',
-        ]);
-      }
-
-      const scope = cleaned.slice(0, slashIndex);
-      const name = cleaned.slice(slashIndex + 1);
-
-      const client = new ApiClient();
-      const skill = await client.get<SkillInfo>(`/api/v1/skills/${scope}/${name}`);
-
-      console.log('');
-      console.log(chalk.bold(`${skill.scope}/${skill.name}`) + chalk.dim(` @ ${skill.latestVersion}`));
-      console.log('');
-
-      if (skill.description) {
-        console.log(skill.description);
-        console.log('');
-      }
-
-      const fields: [string, string][] = [
-        ['Type', skill.type],
-        ['Latest Version', skill.latestVersion],
-        ['Downloads', String(skill.totalDownloads)],
-        ['Created', new Date(skill.createdAt).toLocaleDateString()],
-        ['Updated', new Date(skill.updatedAt).toLocaleDateString()],
-      ];
-
-      if (skill.author) {
-        fields.push(['Author', `${skill.author.displayName} (${skill.author.email})`]);
-      }
-
-      if (skill.tags.length > 0) {
-        fields.push(['Tags', skill.tags.join(', ')]);
-      }
-
-      const maxLabel = Math.max(...fields.map(([label]) => label.length));
-      for (const [label, value] of fields) {
-        console.log(`  ${chalk.cyan(label.padEnd(maxLabel + 2))}${value}`);
-      }
-      console.log('');
-    } catch (err) {
-      handleError(err);
-    }
-  });

package/src/commands/init.ts

@@ -1,112 +0,0 @@
-import { Command } from 'commander';
-import { input, confirm } from '@inquirer/prompts';
-import { mkdirSync, writeFileSync, existsSync } from 'node:fs';
-import { join, resolve } from 'node:path';
-import { success, info } from '../lib/output.js';
-import { handleError, CliError } from '../lib/errors.js';
-
-export const initCommand = new Command('init')
-  .description('Initialize a new skill project')
-  .argument('[dir]', 'Directory to initialize the skill in')
-  .action(async (dir?: string) => {
-    try {
-      const name = await input({
-        message: 'Skill name:',
-        validate: (value: string) => {
-          if (!value.trim()) return 'Name is required.';
-          if (!/^[a-z0-9]([a-z0-9-]*[a-z0-9])?$/.test(value.trim())) {
-            return 'Must be lowercase alphanumeric with hyphens (e.g., my-skill).';
-          }
-          if (value.trim().length > 64) {
-            return 'Name must be at most 64 characters.';
-          }
-          if (value.includes('--')) {
-            return 'Name must not contain consecutive hyphens (--).';
-          }
-          return true;
-        },
-      });
-
-      const description = await input({
-        message: 'Description (what this skill does and when to use it):',
-        validate: (value: string) => {
-          if (!value.trim()) return 'Description is required — Claude uses it to decide when to invoke the skill.';
-          return true;
-        },
-      });
-
-      const scope = await input({
-        message: 'Scope (your team/username, for registry publishing):',
-        validate: (value: string) => {
-          if (!value.trim()) return 'Scope is required for publishing.';
-          return true;
-        },
-      });
-
-      const userInvocable = await confirm({
-        message: 'User-invocable (show in /slash command menu)?',
-        default: true,
-      });
-
-      const targetDir = resolve(dir ?? name.trim());
-
-      if (existsSync(targetDir)) {
-        throw new CliError(`Directory already exists: ${targetDir}`, [
-          'Choose a different name or directory.',
-        ]);
-      }
-
-      mkdirSync(targetDir, { recursive: true });
-
-      // Build SKILL.md with YAML frontmatter
-      const frontmatterLines = [
-        '---',
-        `name: ${name.trim()}`,
-        `description: ${description.trim()}`,
-        `version: "0.1.0"`,
-        `scope: ${scope.trim()}`,
-      ];
-
-      if (!userInvocable) {
-        frontmatterLines.push('user-invocable: false');
-      }
-
-      frontmatterLines.push('---');
-
-      const skillContent = `${frontmatterLines.join('\n')}
-
-# ${name.trim()}
-
-${description.trim()}
-
-## Instructions
-
-Add your skill instructions here. This is the prompt that Claude will follow
-when this skill is invoked.
-
-You can use \`$ARGUMENTS\` to reference arguments passed by the user.
-For example: \`/my-skill some-argument\` makes \`$ARGUMENTS\` = "some-argument".
-`;
-
-      writeFileSync(
-        join(targetDir, 'SKILL.md'),
-        skillContent,
-        'utf-8',
-      );
-
-      console.log('');
-      success(`Created skill "${scope.trim()}/${name.trim()}" in ${targetDir}`);
-      info('Files created:');
-      console.log('  - SKILL.md');
-      console.log('');
-      info('Next steps:');
-      console.log('  1. Edit SKILL.md with your skill instructions');
-      console.log('  2. Run `csreg validate` to check your skill');
-      console.log('  3. Run `csreg push` to publish to the registry');
-      console.log('');
-      info('To use locally without publishing:');
-      console.log(`  cp -r ${targetDir} .claude/skills/${name.trim()}`);
-    } catch (err) {
-      handleError(err);
-    }
-  });

package/src/commands/login.ts

@@ -1,43 +0,0 @@
-import { Command } from 'commander';
-import { input } from '@inquirer/prompts';
-import { setConfig, getApiUrl } from '../config.js';
-import { ApiClient } from '../api-client.js';
-import { success, info } from '../lib/output.js';
-import { handleError } from '../lib/errors.js';
-
-export const loginCommand = new Command('login')
-  .description('Authenticate with the Skills Registry')
-  .option('--token <token>', 'Provide auth token directly')
-  .action(async (opts: { token?: string }) => {
-    try {
-      let token = opts.token;
-
-      if (!token) {
-        const apiUrl = getApiUrl();
-        info(`Open this URL to authenticate:`);
-        console.log(`  ${apiUrl}/cli/auth`);
-        console.log('');
-
-        token = await input({
-          message: 'Paste your auth token:',
-          validate: (value: string) => {
-            if (!value.trim()) return 'Token is required.';
-            return true;
-          },
-        });
-        token = token.trim();
-      }
-
-      setConfig({ token });
-
-      // Verify the token by calling whoami
-      const client = new ApiClient();
-      const user = await client.get<{ email: string; displayName: string }>(
-        '/api/v1/users/me',
-      );
-
-      success(`Logged in as ${user.displayName} (${user.email})`);
-    } catch (err) {
-      handleError(err);
-    }
-  });

package/src/commands/logout.ts

@@ -1,15 +0,0 @@
-import { Command } from 'commander';
-import { setConfig } from '../config.js';
-import { success } from '../lib/output.js';
-import { handleError } from '../lib/errors.js';
-
-export const logoutCommand = new Command('logout')
-  .description('Remove stored authentication credentials')
-  .action(async () => {
-    try {
-      setConfig({ token: undefined });
-      success('Logged out successfully.');
-    } catch (err) {
-      handleError(err);
-    }
-  });

package/src/commands/pack.ts

@@ -1,40 +0,0 @@
-import { Command } from 'commander';
-import { resolve } from 'node:path';
-import { existsSync } from 'node:fs';
-import { runValidation } from './validate.js';
-import { pack as archivePack } from '../lib/archive.js';
-import { success, info } from '../lib/output.js';
-import { handleError, CliError } from '../lib/errors.js';
-
-export const packCommand = new Command('pack')
-  .description('Pack a skill into a tarball')
-  .argument('[dir]', 'Skill directory', '.')
-  .action(async (dir: string) => {
-    try {
-      const resolved = resolve(dir);
-      if (!existsSync(resolved)) {
-        throw new CliError(`Directory not found: ${resolved}`);
-      }
-
-      // Validate first
-      const validation = runValidation(resolved);
-      if (!validation.valid) {
-        for (const e of validation.errors) {
-          console.error(e);
-        }
-        throw new CliError('Validation failed. Fix errors before packing.', [
-          'Run `csreg validate` for details.',
-        ]);
-      }
-
-      const result = await archivePack(resolved);
-
-      console.log('');
-      success('Skill packed successfully.');
-      info(`Archive: ${result.path}`);
-      info(`Size: ${(result.size / 1024).toFixed(1)}KB`);
-      info(`SHA-256: ${result.sha256}`);
-    } catch (err) {
-      handleError(err);
-    }
-  });