@aishelf/service 1.0.0

package/dist/server.js

@@ -0,0 +1,3436 @@
+"use strict";
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __commonJS = (cb, mod) => function __require() {
+  return mod || (0, cb[__getOwnPropNames(cb)[0]])((mod = { exports: {} }).exports, mod), mod.exports;
+};
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __reExport = (target, mod, secondTarget) => (__copyProps(target, mod, "default"), secondTarget && __copyProps(secondTarget, mod, "default"));
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+
+// ../shared/dist/api/types/common.js
+var require_common = __commonJS({
+  "../shared/dist/api/types/common.js"(exports2) {
+    "use strict";
+    Object.defineProperty(exports2, "__esModule", { value: true });
+  }
+});
+
+// ../shared/dist/api/types/localServiceAPI.js
+var require_localServiceAPI = __commonJS({
+  "../shared/dist/api/types/localServiceAPI.js"(exports2) {
+    "use strict";
+    Object.defineProperty(exports2, "__esModule", { value: true });
+    exports2.AccessLevel = void 0;
+    var AccessLevel5;
+    (function(AccessLevel6) {
+      AccessLevel6["WRITE"] = "write";
+      AccessLevel6["READ_ONLY"] = "read-only";
+      AccessLevel6["NONE"] = "none";
+    })(AccessLevel5 || (exports2.AccessLevel = AccessLevel5 = {}));
+  }
+});
+
+// ../shared/dist/api/types/remoteServerAPI.js
+var require_remoteServerAPI = __commonJS({
+  "../shared/dist/api/types/remoteServerAPI.js"(exports2) {
+    "use strict";
+    Object.defineProperty(exports2, "__esModule", { value: true });
+  }
+});
+
+// ../shared/dist/api/index.js
+var require_api = __commonJS({
+  "../shared/dist/api/index.js"(exports2) {
+    "use strict";
+    var __createBinding = exports2 && exports2.__createBinding || (Object.create ? (function(o, m, k, k2) {
+      if (k2 === void 0) k2 = k;
+      var desc = Object.getOwnPropertyDescriptor(m, k);
+      if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+        desc = { enumerable: true, get: function() {
+          return m[k];
+        } };
+      }
+      Object.defineProperty(o, k2, desc);
+    }) : (function(o, m, k, k2) {
+      if (k2 === void 0) k2 = k;
+      o[k2] = m[k];
+    }));
+    var __exportStar = exports2 && exports2.__exportStar || function(m, exports3) {
+      for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports3, p)) __createBinding(exports3, m, p);
+    };
+    Object.defineProperty(exports2, "__esModule", { value: true });
+    __exportStar(require_common(), exports2);
+    __exportStar(require_localServiceAPI(), exports2);
+    __exportStar(require_remoteServerAPI(), exports2);
+  }
+});
+
+// ../shared/dist/auth/config.js
+var require_config = __commonJS({
+  "../shared/dist/auth/config.js"(exports2) {
+    "use strict";
+    Object.defineProperty(exports2, "__esModule", { value: true });
+    exports2.CODE_TTL_SECONDS = void 0;
+    exports2.CODE_TTL_SECONDS = 300;
+  }
+});
+
+// ../shared/dist/auth/index.js
+var require_auth = __commonJS({
+  "../shared/dist/auth/index.js"(exports2) {
+    "use strict";
+    var __createBinding = exports2 && exports2.__createBinding || (Object.create ? (function(o, m, k, k2) {
+      if (k2 === void 0) k2 = k;
+      var desc = Object.getOwnPropertyDescriptor(m, k);
+      if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+        desc = { enumerable: true, get: function() {
+          return m[k];
+        } };
+      }
+      Object.defineProperty(o, k2, desc);
+    }) : (function(o, m, k, k2) {
+      if (k2 === void 0) k2 = k;
+      o[k2] = m[k];
+    }));
+    var __exportStar = exports2 && exports2.__exportStar || function(m, exports3) {
+      for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports3, p)) __createBinding(exports3, m, p);
+    };
+    Object.defineProperty(exports2, "__esModule", { value: true });
+    __exportStar(require_config(), exports2);
+  }
+});
+
+// ../shared/dist/templates/skillTemplate.js
+var require_skillTemplate = __commonJS({
+  "../shared/dist/templates/skillTemplate.js"(exports2) {
+    "use strict";
+    Object.defineProperty(exports2, "__esModule", { value: true });
+    exports2.default = getTemplate;
+    function getTemplate(skillName) {
+      return `---
+name: ${skillName}
+description: Brief one-line description of what this skill does (edit this)
+tags: []  # Optional: Add relevant tags
+---
+
+# Getting Started
+
+Edit this **SKILL.md** file to document your skill. Add any scripts, configurations, or other files to this folder.
+
+## How to Create Your Skill
+
+**Option 1: Use AI to help you**
+- Add this skill to your AI model: https://github.com/anthropics/skills/blob/main/skills/skill-creator/SKILL.md
+- Ask your AI to help create the skill based on your requirements
+
+**Option 2: Create manually**
+- Follow the guide: https://support.claude.com/en/articles/12512198-how-to-create-custom-skills
+
+## What to Include
+
+- Document what your skill does and how to use it
+- Add any scripts, code, or configuration files
+- Include examples and prerequisites if needed
+- Structure it however works best for your use case
+
+---
+
+**Tip:** Delete these instructions once you've created your skill documentation.
+`;
+    }
+  }
+});
+
+// ../shared/dist/resources/config.js
+var require_config2 = __commonJS({
+  "../shared/dist/resources/config.js"(exports2) {
+    "use strict";
+    var __importDefault = exports2 && exports2.__importDefault || function(mod) {
+      return mod && mod.__esModule ? mod : { "default": mod };
+    };
+    Object.defineProperty(exports2, "__esModule", { value: true });
+    exports2.VALID_RESOURCE_TYPES = exports2.RESOURCE_METADATA = exports2.FileType = exports2.ResourceSource = exports2.ResourceStorageType = exports2.ResourceType = void 0;
+    exports2.getResourceLabel = getResourceLabel;
+    exports2.getResourceSingular = getResourceSingular2;
+    exports2.getResourceStorageType = getResourceStorageType3;
+    exports2.getResourceEntryFile = getResourceEntryFile3;
+    exports2.getResourceFileExt = getResourceFileExt3;
+    exports2.getResourceTemplate = getResourceTemplate2;
+    exports2.isValidResourceType = isValidResourceType2;
+    var skillTemplate_1 = __importDefault(require_skillTemplate());
+    var ResourceType7;
+    (function(ResourceType8) {
+      ResourceType8["WORKFLOWS"] = "workflows";
+      ResourceType8["RULES"] = "rules";
+      ResourceType8["SKILLS"] = "skills";
+      ResourceType8["PROMPTS"] = "prompts";
+    })(ResourceType7 || (exports2.ResourceType = ResourceType7 = {}));
+    var ResourceStorageType3;
+    (function(ResourceStorageType4) {
+      ResourceStorageType4["FILE"] = "file";
+      ResourceStorageType4["FOLDER"] = "folder";
+    })(ResourceStorageType3 || (exports2.ResourceStorageType = ResourceStorageType3 = {}));
+    var ResourceSource2;
+    (function(ResourceSource3) {
+      ResourceSource3["DRAFT"] = "draft";
+      ResourceSource3["REGISTRY"] = "registry";
+    })(ResourceSource2 || (exports2.ResourceSource = ResourceSource2 = {}));
+    var FileType;
+    (function(FileType2) {
+      FileType2["MD"] = "md";
+      FileType2["JSON"] = "json";
+    })(FileType || (exports2.FileType = FileType = {}));
+    exports2.RESOURCE_METADATA = {
+      [ResourceType7.WORKFLOWS]: {
+        label: "Workflows",
+        singular: "workflow",
+        storageType: ResourceStorageType3.FILE,
+        defaultFileExt: FileType.MD
+      },
+      [ResourceType7.RULES]: {
+        label: "Rules",
+        singular: "rule",
+        storageType: ResourceStorageType3.FILE,
+        defaultFileExt: FileType.MD
+      },
+      [ResourceType7.SKILLS]: {
+        label: "Skills",
+        singular: "skill",
+        storageType: ResourceStorageType3.FOLDER,
+        defaultEntryFile: "SKILL.md",
+        getTemplate: skillTemplate_1.default
+      },
+      [ResourceType7.PROMPTS]: {
+        label: "Prompts",
+        singular: "prompt",
+        storageType: ResourceStorageType3.FILE,
+        defaultFileExt: FileType.MD
+      }
+    };
+    exports2.VALID_RESOURCE_TYPES = [
+      ResourceType7.WORKFLOWS,
+      ResourceType7.RULES,
+      ResourceType7.SKILLS,
+      ResourceType7.PROMPTS
+    ];
+    function getResourceLabel(type) {
+      return exports2.RESOURCE_METADATA[type].label;
+    }
+    function getResourceSingular2(type) {
+      return exports2.RESOURCE_METADATA[type].singular;
+    }
+    function getResourceStorageType3(type) {
+      return exports2.RESOURCE_METADATA[type].storageType;
+    }
+    function getResourceEntryFile3(type) {
+      return exports2.RESOURCE_METADATA[type].defaultEntryFile;
+    }
+    function getResourceFileExt3(type) {
+      return exports2.RESOURCE_METADATA[type].defaultFileExt;
+    }
+    function getResourceTemplate2(type) {
+      return exports2.RESOURCE_METADATA[type].getTemplate;
+    }
+    function isValidResourceType2(type) {
+      return Object.values(ResourceType7).includes(type);
+    }
+  }
+});
+
+// ../shared/dist/resources/index.js
+var require_resources = __commonJS({
+  "../shared/dist/resources/index.js"(exports2) {
+    "use strict";
+    var __createBinding = exports2 && exports2.__createBinding || (Object.create ? (function(o, m, k, k2) {
+      if (k2 === void 0) k2 = k;
+      var desc = Object.getOwnPropertyDescriptor(m, k);
+      if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+        desc = { enumerable: true, get: function() {
+          return m[k];
+        } };
+      }
+      Object.defineProperty(o, k2, desc);
+    }) : (function(o, m, k, k2) {
+      if (k2 === void 0) k2 = k;
+      o[k2] = m[k];
+    }));
+    var __exportStar = exports2 && exports2.__exportStar || function(m, exports3) {
+      for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports3, p)) __createBinding(exports3, m, p);
+    };
+    Object.defineProperty(exports2, "__esModule", { value: true });
+    __exportStar(require_config2(), exports2);
+  }
+});
+
+// ../shared/dist/errors.js
+var require_errors = __commonJS({
+  "../shared/dist/errors.js"(exports2) {
+    "use strict";
+    Object.defineProperty(exports2, "__esModule", { value: true });
+    exports2.FileSystemError = exports2.GitHubAPIError = exports2.GitOperationError = exports2.ConflictError = exports2.NotFoundError = exports2.ForbiddenError = exports2.UnauthorizedError = exports2.RateLimitError = exports2.InvalidInputError = exports2.ValidationError = exports2.AppError = void 0;
+    var AppError2 = class extends Error {
+      message;
+      statusCode;
+      code;
+      isOperational;
+      constructor(message, statusCode = 500, code = "INTERNAL_ERROR", isOperational = true) {
+        super(message);
+        this.message = message;
+        this.statusCode = statusCode;
+        this.code = code;
+        this.isOperational = isOperational;
+        this.name = this.constructor.name;
+        Error.captureStackTrace(this, this.constructor);
+      }
+    };
+    exports2.AppError = AppError2;
+    var ValidationError11 = class extends AppError2 {
+      constructor(message) {
+        super(message, 400, "VALIDATION_ERROR");
+      }
+    };
+    exports2.ValidationError = ValidationError11;
+    var InvalidInputError2 = class extends AppError2 {
+      constructor(message) {
+        super(message, 400, "INVALID_INPUT");
+      }
+    };
+    exports2.InvalidInputError = InvalidInputError2;
+    var RateLimitError = class extends AppError2 {
+      constructor(message) {
+        super(message, 429, "RATE_LIMITED");
+      }
+    };
+    exports2.RateLimitError = RateLimitError;
+    var UnauthorizedError5 = class extends AppError2 {
+      constructor(message = "Unauthorized") {
+        super(message, 401, "UNAUTHORIZED");
+      }
+    };
+    exports2.UnauthorizedError = UnauthorizedError5;
+    var ForbiddenError = class extends AppError2 {
+      constructor(message = "Forbidden") {
+        super(message, 403, "FORBIDDEN");
+      }
+    };
+    exports2.ForbiddenError = ForbiddenError;
+    var NotFoundError9 = class extends AppError2 {
+      constructor(message) {
+        super(message, 404, "NOT_FOUND");
+      }
+    };
+    exports2.NotFoundError = NotFoundError9;
+    var ConflictError6 = class extends AppError2 {
+      constructor(message) {
+        super(message, 409, "CONFLICT");
+      }
+    };
+    exports2.ConflictError = ConflictError6;
+    var GitOperationError3 = class extends AppError2 {
+      constructor(message) {
+        super(message, 500, "GIT_OPERATION_ERROR");
+      }
+    };
+    exports2.GitOperationError = GitOperationError3;
+    var GitHubAPIError3 = class extends AppError2 {
+      constructor(message, statusCode = 500) {
+        super(message, statusCode, "GITHUB_API_ERROR");
+      }
+    };
+    exports2.GitHubAPIError = GitHubAPIError3;
+    var FileSystemError3 = class extends AppError2 {
+      constructor(message) {
+        super(message, 500, "FILESYSTEM_ERROR");
+      }
+    };
+    exports2.FileSystemError = FileSystemError3;
+  }
+});
+
+// ../shared/dist/index.js
+var require_dist = __commonJS({
+  "../shared/dist/index.js"(exports2) {
+    "use strict";
+    var __createBinding = exports2 && exports2.__createBinding || (Object.create ? (function(o, m, k, k2) {
+      if (k2 === void 0) k2 = k;
+      var desc = Object.getOwnPropertyDescriptor(m, k);
+      if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+        desc = { enumerable: true, get: function() {
+          return m[k];
+        } };
+      }
+      Object.defineProperty(o, k2, desc);
+    }) : (function(o, m, k, k2) {
+      if (k2 === void 0) k2 = k;
+      o[k2] = m[k];
+    }));
+    var __exportStar = exports2 && exports2.__exportStar || function(m, exports3) {
+      for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports3, p)) __createBinding(exports3, m, p);
+    };
+    Object.defineProperty(exports2, "__esModule", { value: true });
+    __exportStar(require_api(), exports2);
+    __exportStar(require_auth(), exports2);
+    __exportStar(require_resources(), exports2);
+    __exportStar(require_errors(), exports2);
+  }
+});
+
+// src/server.ts
+var import_express9 = __toESM(require("express"));
+var import_promises7 = __toESM(require("fs/promises"));
+var import_path9 = __toESM(require("path"));
+var import_os3 = __toESM(require("os"));
+
+// src/routes/index.ts
+var import_express8 = require("express");
+
+// src/routes/auth.routes.ts
+var import_express = require("express");
+
+// src/modules/auth/auth.service.ts
+var import_crypto = require("crypto");
+
+// src/config/index.ts
+var import_dotenv = __toESM(require("dotenv"));
+var import_zod = require("zod");
+import_dotenv.default.config();
+var ConfigSchema = import_zod.z.object({
+  NODE_ENV: import_zod.z.enum(["development", "production", "test"]).default("development"),
+  PORT: import_zod.z.string().default("5314").transform(Number),
+  LOG_LEVEL: import_zod.z.enum(["error", "warn", "info", "debug"]).default("info"),
+  BACKEND_URL: import_zod.z.string().url().optional(),
+  CORS_ORIGINS: import_zod.z.string().optional()
+});
+var parsed = ConfigSchema.safeParse({
+  NODE_ENV: process.env.NODE_ENV,
+  PORT: process.env.AISHELF_PORT || process.env.PORT,
+  LOG_LEVEL: process.env.LOG_LEVEL,
+  BACKEND_URL: process.env.BACKEND_URL,
+  CORS_ORIGINS: process.env.CORS_ORIGINS
+});
+if (!parsed.success) {
+  console.error("Invalid configuration:", parsed.error.format());
+  process.exit(1);
+}
+var config = parsed.data;
+
+// src/utils/shared.ts
+var shared_exports = {};
+__reExport(shared_exports, __toESM(require_dist()));
+
+// src/modules/api/api.service.ts
+var ApiService = class {
+  async apiRequest(endpoint, token, options = {}) {
+    const { method = "GET", body, headers = {} } = options;
+    if (!config.BACKEND_URL) {
+      throw new Error("BACKEND_URL is not configured");
+    }
+    const url = `${config.BACKEND_URL}${endpoint}`;
+    const requestHeaders = {
+      ...token ? { "Authorization": `Bearer ${token}` } : {},
+      "Content-Type": "application/json",
+      ...headers
+    };
+    try {
+      const response = await fetch(url, {
+        method,
+        headers: requestHeaders,
+        body: body ? JSON.stringify(body) : void 0
+      });
+      const data = await response.json();
+      if (!response.ok) {
+        throw new shared_exports.GitHubAPIError(
+          data?.message || `API request failed: ${response.statusText}`,
+          response.status
+        );
+      }
+      return data;
+    } catch (error) {
+      if (error instanceof shared_exports.GitHubAPIError) {
+        throw error;
+      }
+      throw new shared_exports.GitHubAPIError(
+        `Failed to make API request: ${error.message}`,
+        500
+      );
+    }
+  }
+};
+var apiService = new ApiService();
+
+// src/modules/auth/auth.service.ts
+var import_shared3 = __toESM(require_dist());
+
+// src/modules/storage/storage.service.ts
+var import_path = __toESM(require("path"));
+var import_os = __toESM(require("os"));
+var import_promises = __toESM(require("fs/promises"));
+var StorageService = class {
+  constructor() {
+    this.configFileName = "config.json";
+  }
+  getStorageRoot() {
+    return import_path.default.join(import_os.default.homedir(), ".aishelf", "storage");
+  }
+  getAuditLogPath(client) {
+    const fileName = client ? `audit-${client}.jsonl` : "audit-log.jsonl";
+    return import_path.default.join(this.getStorageRoot(), "logs", fileName);
+  }
+  getRegistriesPath() {
+    return import_path.default.join(this.getStorageRoot(), "registries");
+  }
+  getRegistryPath(owner, repo) {
+    return import_path.default.join(this.getRegistriesPath(), `${owner}-${repo}`);
+  }
+  getPackagesPath(owner, repo) {
+    return import_path.default.join(this.getRegistryPath(owner, repo), "packages");
+  }
+  getPackagePath(owner, repo, packageId) {
+    return import_path.default.join(this.getPackagesPath(owner, repo), packageId);
+  }
+  getDraftsPath() {
+    return import_path.default.join(this.getStorageRoot(), "drafts");
+  }
+  getDraftPath(owner, repo) {
+    return import_path.default.join(this.getDraftsPath(), `${owner}-${repo}`);
+  }
+  getDraftResourceDir(owner, repo, packageId, resourceType) {
+    return import_path.default.join(this.getDraftPath(owner, repo), "packages", packageId, resourceType);
+  }
+  getResourceTypeDir(owner, repo, packageId, resourceType) {
+    return import_path.default.join(this.getPackagePath(owner, repo, packageId), resourceType);
+  }
+  getResourcePath(owner, repo, packageId, resourceType, resourceName) {
+    return import_path.default.join(this.getPackagePath(owner, repo, packageId), resourceType, resourceName);
+  }
+  async loadConfig() {
+    try {
+      const configPath = this.getConfigPath();
+      const data = await import_promises.default.readFile(configPath, "utf8");
+      const config2 = JSON.parse(data);
+      return config2;
+    } catch (error) {
+      return { connectedRegistries: [], securityPreferences: {} };
+    }
+  }
+  async saveConfig(config2) {
+    try {
+      await this.ensureStorageExists();
+      const configPath = this.getConfigPath();
+      const data = JSON.stringify(config2, null, 2);
+      await import_promises.default.writeFile(configPath, data, {
+        encoding: "utf8",
+        mode: 384
+      });
+      await import_promises.default.chmod(configPath, 384);
+    } catch (error) {
+      throw new shared_exports.FileSystemError("Failed to save config");
+    }
+  }
+  async getAuthToken() {
+    const config2 = await this.loadConfig();
+    return config2.token ?? null;
+  }
+  async saveAuthToken(token) {
+    const config2 = await this.loadConfig();
+    if (token) config2.token = token;
+    else delete config2.token;
+    await this.saveConfig(config2);
+  }
+  async ensureStorageExists() {
+    try {
+      await import_promises.default.mkdir(this.getStorageRoot(), { recursive: true });
+      await import_promises.default.mkdir(this.getRegistriesPath(), { recursive: true });
+      await import_promises.default.mkdir(this.getDraftsPath(), { recursive: true });
+    } catch (error) {
+      throw new shared_exports.FileSystemError("Failed to create storage directories");
+    }
+  }
+  async checkRegistryExists(owner, repo) {
+    try {
+      const registryPath = this.getRegistryPath(owner, repo);
+      await import_promises.default.stat(registryPath);
+      return true;
+    } catch {
+      return false;
+    }
+  }
+  async getConnectedRegistries() {
+    const config2 = await this.loadConfig();
+    return config2.connectedRegistries;
+  }
+  async saveConnectedRegistry(registry) {
+    const config2 = await this.loadConfig();
+    const existingIndex = config2.connectedRegistries.findIndex(
+      (r) => r.owner === registry.owner && r.repo === registry.repo
+    );
+    if (existingIndex >= 0) {
+      config2.connectedRegistries[existingIndex] = registry;
+    } else {
+      config2.connectedRegistries.push(registry);
+    }
+    await this.saveConfig(config2);
+  }
+  async updateConnectedRegistries(registries) {
+    const config2 = await this.loadConfig();
+    config2.connectedRegistries = registries;
+    await this.saveConfig(config2);
+  }
+  async shouldShowSecurityViolations(owner, repo) {
+    const config2 = await this.loadConfig();
+    const fullName = `${owner}/${repo}`;
+    return !config2.securityPreferences?.[fullName]?.dontShowViolations;
+  }
+  async setDontShowSecurityViolations(owner, repo) {
+    const config2 = await this.loadConfig();
+    const fullName = `${owner}/${repo}`;
+    if (!config2.securityPreferences) {
+      config2.securityPreferences = {};
+    }
+    config2.securityPreferences[fullName] = {
+      dontShowViolations: true
+    };
+    await this.saveConfig(config2);
+  }
+  async removeTrustPreference(owner, repo) {
+    const config2 = await this.loadConfig();
+    const fullName = `${owner}/${repo}`;
+    if (config2.securityPreferences?.[fullName]) {
+      delete config2.securityPreferences[fullName];
+      await this.saveConfig(config2);
+    }
+  }
+  async checkPackageExists(owner, repo, packageId) {
+    try {
+      const packagePath = this.getPackagePath(owner, repo, packageId);
+      await import_promises.default.stat(packagePath);
+      return true;
+    } catch {
+      return false;
+    }
+  }
+  async checkResourceExists(owner, repo, packageId, resourceType, resourceName, getBasePath) {
+    const draftBasePath = getBasePath(this.getDraftResourceDir(owner, repo, packageId, resourceType));
+    try {
+      await import_promises.default.stat(draftBasePath);
+      return true;
+    } catch {
+    }
+    const registryBasePath = getBasePath(this.getResourceTypeDir(owner, repo, packageId, resourceType));
+    try {
+      await import_promises.default.stat(registryBasePath);
+      return true;
+    } catch {
+      return false;
+    }
+  }
+  async ensureDraftDirExists(owner, repo, packageId, resourceType) {
+    try {
+      await import_promises.default.mkdir(this.getDraftResourceDir(owner, repo, packageId, resourceType), { recursive: true });
+    } catch (error) {
+      throw new shared_exports.FileSystemError("Failed to create draft directories");
+    }
+  }
+  getConfigPath() {
+    return import_path.default.join(this.getStorageRoot(), this.configFileName);
+  }
+};
+var storageService = new StorageService();
+
+// src/modules/auth/auth.service.ts
+var CODE_TTL_MS = import_shared3.CODE_TTL_SECONDS * 1e3;
+var AuthService = class {
+  constructor(api = apiService, storage = storageService) {
+    this.api = api;
+    this.storage = storage;
+    this.sessions = /* @__PURE__ */ new Map();
+  }
+  generatePkceSession() {
+    const codeVerifier = this.generateVerifier();
+    const codeChallenge = this.deriveChallenge(codeVerifier);
+    const sessionId = (0, import_crypto.randomUUID)();
+    this.sessions.set(sessionId, {
+      codeVerifier,
+      expiresAt: Date.now() + CODE_TTL_MS
+    });
+    return {
+      session_id: sessionId,
+      code_challenge: codeChallenge
+    };
+  }
+  async exchangeToken({ session_id: sessionId, authorization_code: authorizationCode }) {
+    const session = this.sessions.get(sessionId);
+    if (!session) {
+      throw new import_shared3.NotFoundError("Session not found");
+    }
+    const { data } = await this.api.apiRequest("/auth/token", null, {
+      method: "POST",
+      body: {
+        authorization_code: authorizationCode,
+        code_verifier: session.codeVerifier
+      }
+    });
+    this.sessions.delete(sessionId);
+    if (!data?.token) {
+      throw new import_shared3.UnauthorizedError("Token exchange with the server failed");
+    }
+    await this.storage.saveAuthToken(data.token);
+    this.api.apiRequest("/user", data.token, { method: "POST" }).catch((err) => {
+      console.warn("Failed to ensure user exists in backend:", err);
+    });
+    return this.getStatus();
+  }
+  async getStatus() {
+    const config2 = await this.storage.loadConfig();
+    const token = config2.token;
+    return { authenticated: !!token };
+  }
+  async getUser(githubUser) {
+    return {
+      user: {
+        id: githubUser.githubId,
+        username: githubUser.githubUsername,
+        email: githubUser.email,
+        avatarUrl: githubUser.avatarUrl
+      }
+    };
+  }
+  async logout() {
+    await this.storage.saveAuthToken(null);
+    const config2 = await this.storage.loadConfig();
+    return { authenticated: !config2.token };
+  }
+  generateVerifier() {
+    return (0, import_crypto.randomBytes)(32).toString("base64url");
+  }
+  deriveChallenge(verifier) {
+    return (0, import_crypto.createHash)("sha256").update(verifier).digest("base64url");
+  }
+};
+var authService = new AuthService();
+
+// src/controllers/auth.controller.ts
+var import_shared4 = __toESM(require_dist());
+var AuthController = class {
+  constructor(auth = authService) {
+    this.auth = auth;
+  }
+  async getChallenge(req, res, next) {
+    try {
+      const session = this.auth.generatePkceSession();
+      const response = {
+        success: true,
+        data: {
+          session_id: session.session_id,
+          code_challenge: session.code_challenge
+        }
+      };
+      res.json(response);
+    } catch (error) {
+      next(error);
+    }
+  }
+  async exchangeToken(req, res, next) {
+    try {
+      const { authorization_code, session_id } = req.body;
+      if (!authorization_code || !session_id) {
+        throw new import_shared4.InvalidInputError("authorization_code and session_id is required");
+      }
+      const status = await this.auth.exchangeToken({ authorization_code, session_id });
+      const response = {
+        success: true,
+        data: status
+      };
+      res.json(response);
+    } catch (error) {
+      next(error);
+    }
+  }
+  async getStatus(req, res, next) {
+    try {
+      const status = await this.auth.getStatus();
+      const response = {
+        success: true,
+        data: status
+      };
+      res.json(response);
+    } catch (error) {
+      next(error);
+    }
+  }
+  async getUser(req, res, next) {
+    try {
+      if (!req.githubUser) {
+        throw new import_shared4.UnauthorizedError("Not authenticated");
+      }
+      const result = await this.auth.getUser(req.githubUser);
+      const response = {
+        success: true,
+        data: result
+      };
+      res.json(response);
+    } catch (error) {
+      next(error);
+    }
+  }
+  async logout(req, res, next) {
+    try {
+      const status = await this.auth.logout();
+      const response = {
+        success: true,
+        data: status
+      };
+      res.json(response);
+    } catch (error) {
+      next(error);
+    }
+  }
+};
+
+// src/modules/auth/auth.middleware.ts
+var import_crypto2 = __toESM(require("crypto"));
+var import_rest = require("@octokit/rest");
+var import_jsonwebtoken = __toESM(require("jsonwebtoken"));
+
+// src/utils/logger.ts
+var import_winston = __toESM(require("winston"));
+var import_path2 = __toESM(require("path"));
+var import_os2 = __toESM(require("os"));
+var LOG_DIR = import_path2.default.join(import_os2.default.homedir(), ".aishelf", "logs");
+var logger = import_winston.default.createLogger({
+  level: process.env.LOG_LEVEL || "info",
+  format: import_winston.default.format.combine(
+    import_winston.default.format.timestamp({ format: "YYYY-MM-DD HH:mm:ss" }),
+    import_winston.default.format.errors({ stack: true }),
+    import_winston.default.format.json()
+  ),
+  transports: [
+    new import_winston.default.transports.File({
+      filename: import_path2.default.join(LOG_DIR, "error.log"),
+      level: "error",
+      maxsize: 5242880,
+      maxFiles: 5
+    }),
+    new import_winston.default.transports.File({
+      filename: import_path2.default.join(LOG_DIR, "combined.log"),
+      maxsize: 5242880,
+      maxFiles: 5
+    })
+  ]
+});
+if (process.env.NODE_ENV !== "production") {
+  logger.add(new import_winston.default.transports.Console({
+    format: import_winston.default.format.combine(
+      import_winston.default.format.colorize(),
+      import_winston.default.format.simple()
+    )
+  }));
+}
+var logger_default = logger;
+
+// src/modules/auth/auth.middleware.ts
+var tokenCache = /* @__PURE__ */ new Map();
+var CACHE_TTL_MS = 60 * 60 * 1e3;
+function authenticateAishelfClient(req, _res, next) {
+  try {
+    const clientToken = req.headers["x-client-token"];
+    if (!clientToken) {
+      throw new shared_exports.UnauthorizedError("Missing X-Client-Token header");
+    }
+    const clientPayload = verifyClientToken(clientToken);
+    if (!clientPayload || !clientPayload.client) {
+      throw new shared_exports.UnauthorizedError('Invalid client token: missing "client" field');
+    }
+    req.clientInfo = clientPayload;
+    next();
+  } catch (error) {
+    next(error);
+  }
+}
+async function authenticateGithubToken(req, _res, next) {
+  try {
+    const githubToken = await storageService.getAuthToken();
+    if (!githubToken) {
+      throw new shared_exports.UnauthorizedError("Not authenticated \u2014 sign in via AIShelf");
+    }
+    const user = await verifyGitHubToken(githubToken);
+    req.githubUser = user;
+    req.githubToken = githubToken;
+    next();
+  } catch (error) {
+    next(error);
+  }
+}
+function verifyClientToken(token) {
+  try {
+    const decoded = import_jsonwebtoken.default.decode(token, { json: true });
+    if (!decoded) {
+      return null;
+    }
+    return decoded;
+  } catch {
+    return null;
+  }
+}
+async function verifyGitHubToken(token) {
+  const tokenHash = import_crypto2.default.createHash("sha256").update(token).digest("hex");
+  const cached = tokenCache.get(tokenHash);
+  if (cached && cached.expiresAt > Date.now()) {
+    return cached.user;
+  }
+  try {
+    const octokit = new import_rest.Octokit({ auth: token });
+    const { data: userData } = await octokit.rest.users.getAuthenticated();
+    let email = null;
+    try {
+      const { data: emails } = await octokit.rest.users.listEmailsForAuthenticatedUser();
+      const primaryEmail = emails.find((e) => e.primary && e.verified);
+      const verifiedEmail = emails.find((e) => e.verified);
+      email = primaryEmail?.email || verifiedEmail?.email || null;
+    } catch {
+      email = null;
+    }
+    const user = {
+      githubId: userData.id.toString(),
+      githubUsername: userData.login,
+      email: email || void 0,
+      avatarUrl: userData.avatar_url
+    };
+    tokenCache.set(tokenHash, { user, expiresAt: Date.now() + CACHE_TTL_MS });
+    return user;
+  } catch (error) {
+    if (error.status === 401) {
+      throw new shared_exports.UnauthorizedError("GitHub token is invalid or expired");
+    } else if (error.status === 403) {
+      throw new shared_exports.UnauthorizedError("GitHub token does not have required permissions");
+    }
+    logger_default.error("Failed to verify GitHub token:", error);
+    throw new shared_exports.UnauthorizedError("Failed to verify GitHub token");
+  }
+}
+
+// src/routes/auth.routes.ts
+var router = (0, import_express.Router)();
+var authController = new AuthController();
+router.get("/status", authController.getStatus.bind(authController));
+router.get("/challenge", authController.getChallenge.bind(authController));
+router.post("/callback", authController.exchangeToken.bind(authController));
+router.post("/logout", authController.logout.bind(authController));
+router.get("/user", authenticateGithubToken, authController.getUser.bind(authController));
+var auth_routes_default = router;
+
+// src/routes/user.routes.ts
+var import_express2 = require("express");
+
+// src/modules/github/github.service.ts
+var import_rest2 = require("@octokit/rest");
+var import_shared7 = __toESM(require_dist());
+var GitHubService = class {
+  async getUserInfo(token) {
+    try {
+      const octokit = this.getOctokit(token);
+      const { data } = await octokit.rest.users.getAuthenticated();
+      return {
+        login: data.login,
+        name: data.name,
+        email: data.email
+      };
+    } catch (error) {
+      logger_default.error("Failed to get user info:", error);
+      throw new shared_exports.GitHubAPIError(
+        `Failed to get user info: ${error.message}`,
+        error.status || 500
+      );
+    }
+  }
+  async fetchUserOrganizations(token) {
+    try {
+      const octokit = this.getOctokit(token);
+      const { data } = await octokit.rest.orgs.listForAuthenticatedUser();
+      return data;
+    } catch (error) {
+      logger_default.error("Failed to fetch organizations:", error);
+      throw new shared_exports.GitHubAPIError(
+        `Failed to fetch organizations: ${error.message}`,
+        error.status || 500
+      );
+    }
+  }
+  async fetchUserRepositories(token, affiliation = "owner", perPage = 50) {
+    try {
+      const octokit = this.getOctokit(token);
+      const { data } = await octokit.rest.repos.listForAuthenticatedUser({
+        affiliation,
+        per_page: perPage,
+        sort: "updated"
+      });
+      return data;
+    } catch (error) {
+      logger_default.error("Failed to fetch repositories:", error);
+      throw new shared_exports.GitHubAPIError(
+        `Failed to fetch repositories: ${error.message}`,
+        error.status || 500
+      );
+    }
+  }
+  async fetchOrganizationRepositories(token, org, perPage = 50) {
+    try {
+      const octokit = this.getOctokit(token);
+      const { data } = await octokit.rest.repos.listForOrg({
+        org,
+        per_page: perPage,
+        sort: "updated"
+      });
+      return data;
+    } catch (error) {
+      logger_default.error(`Failed to fetch repositories for org ${org}:`, error);
+      throw new shared_exports.GitHubAPIError(
+        `Failed to fetch repositories for organization: ${error.message}`,
+        error.status || 500
+      );
+    }
+  }
+  async checkRepositoryAccess(token, owner, repo) {
+    try {
+      const octokit = this.getOctokit(token);
+      const { data } = await octokit.rest.repos.get({ owner, repo });
+      const permissions = data.permissions;
+      if (permissions?.push || permissions?.admin) {
+        return import_shared7.AccessLevel.WRITE;
+      } else if (permissions?.pull) {
+        return import_shared7.AccessLevel.READ_ONLY;
+      }
+      return import_shared7.AccessLevel.NONE;
+    } catch (error) {
+      if (error.status === 404 || error.status === 403) {
+        return import_shared7.AccessLevel.NONE;
+      }
+      logger_default.error(`Failed to check repository access for ${owner}/${repo}:`, error);
+      return import_shared7.AccessLevel.NONE;
+    }
+  }
+  async validateRegistry(fullName, token) {
+    try {
+      const [owner, repo] = fullName.split("/");
+      const octokit = this.getOctokit(token);
+      try {
+        await octokit.rest.repos.getContent({
+          owner,
+          repo,
+          path: "ai_shelf_registry.json"
+        });
+        return true;
+      } catch (error) {
+        if (error.status === 404) {
+          return false;
+        }
+        throw error;
+      }
+    } catch (error) {
+      logger_default.error(`Failed to validate registry ${fullName}:`, error);
+      return false;
+    }
+  }
+  async createNewRegistry(token, name, description, isPrivate, organization) {
+    try {
+      const octokit = this.getOctokit(token);
+      let data;
+      if (organization) {
+        const response = await octokit.rest.repos.createInOrg({
+          org: organization,
+          name,
+          description,
+          private: isPrivate,
+          auto_init: true
+        });
+        data = response.data;
+      } else {
+        const response = await octokit.rest.repos.createForAuthenticatedUser({
+          name,
+          description,
+          private: isPrivate,
+          auto_init: true
+        });
+        data = response.data;
+      }
+      logger_default.info(`Created new registry: ${data.full_name}`);
+      await new Promise((resolve) => setTimeout(resolve, 2e3));
+      const registryConfig = {
+        name: "AIShelf Registry",
+        version: "1.0.0",
+        description: "AIShelf registry for workflows, rules, skills, and prompts"
+      };
+      await octokit.rest.repos.createOrUpdateFileContents({
+        owner: data.owner.login,
+        repo: data.name,
+        path: "ai_shelf_registry.json",
+        message: "Initialize AIShelf registry",
+        content: Buffer.from(JSON.stringify(registryConfig, null, 2)).toString("base64")
+      });
+      return data;
+    } catch (error) {
+      logger_default.error("Failed to create new registry:", error);
+      throw new shared_exports.GitHubAPIError(
+        `Failed to create new registry: ${error.message}`,
+        error.status || 500
+      );
+    }
+  }
+  getOctokit(token) {
+    return new import_rest2.Octokit({
+      auth: token,
+      userAgent: "AIShelf-Service"
+    });
+  }
+};
+var githubService = new GitHubService();
+
+// src/controllers/user.controller.ts
+var UserController = class {
+  async getUser(req, res, next) {
+    try {
+      const user = req.githubUser;
+      const response = {
+        success: true,
+        data: {
+          user: {
+            id: user.githubId,
+            username: user.githubUsername,
+            email: user.email,
+            avatarUrl: user.avatarUrl
+          }
+        }
+      };
+      res.json(response);
+    } catch (error) {
+      next(error);
+    }
+  }
+  async getUserRepositories(req, res, next) {
+    try {
+      const token = req.githubToken;
+      const affiliation = req.query.affiliation || "owner";
+      const perPage = parseInt(req.query.perPage) || 50;
+      const repos = await githubService.fetchUserRepositories(token, affiliation, perPage);
+      const response = {
+        success: true,
+        data: {
+          repositories: repos.map((r) => ({
+            id: r.id,
+            name: r.name,
+            fullName: r.full_name,
+            owner: r.owner.login,
+            cloneUrl: r.clone_url,
+            isPrivate: r.private,
+            description: r.description || void 0,
+            defaultBranch: void 0
+          }))
+        }
+      };
+      res.json(response);
+    } catch (error) {
+      next(error);
+    }
+  }
+  async getUserOrganizations(req, res, next) {
+    try {
+      const token = req.githubToken;
+      const orgs = await githubService.fetchUserOrganizations(token);
+      const response = {
+        success: true,
+        data: {
+          organizations: orgs.map((o) => ({
+            id: o.id,
+            login: o.login,
+            avatarUrl: o.avatar_url || "",
+            description: o.description || void 0
+          }))
+        }
+      };
+      res.json(response);
+    } catch (error) {
+      next(error);
+    }
+  }
+};
+
+// src/routes/user.routes.ts
+var router2 = (0, import_express2.Router)();
+var userController = new UserController();
+router2.get(
+  "/",
+  authenticateGithubToken,
+  userController.getUser.bind(userController)
+);
+router2.get(
+  "/repos",
+  authenticateGithubToken,
+  userController.getUserRepositories.bind(userController)
+);
+router2.get(
+  "/orgs",
+  authenticateGithubToken,
+  userController.getUserOrganizations.bind(userController)
+);
+var user_routes_default = router2;
+
+// src/routes/audit.routes.ts
+var import_express3 = require("express");
+
+// src/controllers/audit.controller.ts
+var import_fs2 = __toESM(require("fs"));
+
+// src/modules/audit/audit.service.ts
+var import_fs = __toESM(require("fs"));
+var import_path3 = __toESM(require("path"));
+var MAX_FILE_SIZE = 500 * 1024;
+var AuditService = class {
+  constructor(storage = storageService) {
+    this.storage = storage;
+  }
+  getLogFilePath(client) {
+    return this.storage.getAuditLogPath(client);
+  }
+  ensureLogDir() {
+    const logsDir = import_path3.default.join(this.storage.getStorageRoot(), "logs");
+    if (!import_fs.default.existsSync(logsDir)) {
+      import_fs.default.mkdirSync(logsDir, { recursive: true });
+    }
+  }
+  async appendLogs(client, entries) {
+    this.ensureLogDir();
+    const logFilePath = this.getLogFilePath(client);
+    const lines = entries.map((entry) => JSON.stringify(entry)).join("\n") + "\n";
+    import_fs.default.appendFileSync(logFilePath, lines, "utf8");
+    this.rotateIfNeeded(logFilePath);
+    logger_default.info(`[AUDIT] Appended ${entries.length} log(s) for client "${client}"`);
+  }
+  async getLogs(client, filters) {
+    const logFilePath = this.getLogFilePath(client);
+    if (!import_fs.default.existsSync(logFilePath)) {
+      return [];
+    }
+    const content = import_fs.default.readFileSync(logFilePath, "utf8");
+    const lines = content.split("\n").filter((line) => line.trim());
+    let logs = lines.map((line) => JSON.parse(line));
+    if (filters?.startDate) {
+      logs = logs.filter((log) => log.timestamp >= filters.startDate);
+    }
+    if (filters?.endDate) {
+      logs = logs.filter((log) => log.timestamp <= filters.endDate);
+    }
+    if (filters?.operation) {
+      logs = logs.filter((log) => log.operation === filters.operation);
+    }
+    if (filters?.repository) {
+      logs = logs.filter((log) => log.repository === filters.repository);
+    }
+    return logs;
+  }
+  rotateIfNeeded(logFilePath) {
+    try {
+      const stats = import_fs.default.statSync(logFilePath);
+      if (stats.size <= MAX_FILE_SIZE) {
+        return;
+      }
+      const content = import_fs.default.readFileSync(logFilePath, "utf8");
+      const lines = content.split("\n").filter((line) => line.trim());
+      const entriesToRemove = Math.ceil(lines.length * 0.2);
+      const newLines = lines.slice(entriesToRemove);
+      import_fs.default.writeFileSync(logFilePath, newLines.join("\n") + "\n", "utf8");
+      logger_default.info(`Audit log rotated: removed ${entriesToRemove} oldest entries (file was ${Math.round(stats.size / 1024)}KB)`);
+    } catch (error) {
+      logger_default.error("Failed to rotate audit log:", error);
+    }
+  }
+};
+var auditService = new AuditService();
+
+// src/modules/audit/audit.schemas.ts
+var import_zod2 = require("zod");
+var AuditOperationSchema = import_zod2.z.enum([
+  "CONNECT_REGISTRY",
+  "DISCONNECT_REGISTRY",
+  "CLONE_REGISTRY",
+  "SYNC_REGISTRY",
+  "CREATE_REGISTRY",
+  "READ_FILE",
+  "CREATE_PACKAGE",
+  "DELETE_PACKAGE",
+  "UPLOAD_RESOURCE",
+  "DELETE_RESOURCE",
+  "PUSH_CHANGES"
+]);
+var AuditLogEntrySchema = import_zod2.z.object({
+  timestamp: import_zod2.z.string(),
+  operation: AuditOperationSchema,
+  repository: import_zod2.z.string().optional(),
+  details: import_zod2.z.string(),
+  success: import_zod2.z.boolean(),
+  error: import_zod2.z.string().optional(),
+  userId: import_zod2.z.string().optional()
+});
+var QueryLogsRequestSchema = import_zod2.z.object({
+  startDate: import_zod2.z.string().optional(),
+  endDate: import_zod2.z.string().optional(),
+  operation: AuditOperationSchema.optional(),
+  repository: import_zod2.z.string().optional(),
+  userId: import_zod2.z.string().optional(),
+  success: import_zod2.z.boolean().optional()
+});
+
+// src/controllers/audit.controller.ts
+var AuditController = class {
+  constructor(audit = auditService, storage = storageService) {
+    this.audit = audit;
+    this.storage = storage;
+  }
+  async getLogs(req, res, next) {
+    try {
+      const client = req.clientInfo.client;
+      const filters = {
+        startDate: req.query.startDate,
+        endDate: req.query.endDate,
+        operation: req.query.operation,
+        repository: req.query.repository
+      };
+      const logs = await this.audit.getLogs(client, filters);
+      const response = {
+        success: true,
+        data: { logs }
+      };
+      res.json(response);
+    } catch (error) {
+      next(error);
+    }
+  }
+  async appendLogs(req, res, next) {
+    try {
+      const client = req.clientInfo.client;
+      const body = req.body;
+      const entries = Array.isArray(body) ? body : [body];
+      if (entries.length === 0) {
+        throw new shared_exports.ValidationError("Request body must contain at least one log entry");
+      }
+      for (const entry of entries) {
+        if (!entry.timestamp || !entry.operation || !entry.details || typeof entry.success !== "boolean") {
+          throw new shared_exports.ValidationError("Each log entry must have: timestamp, operation, details, success");
+        }
+      }
+      await this.audit.appendLogs(client, entries);
+      const response = {
+        success: true,
+        data: { appended: entries.length }
+      };
+      res.json(response);
+    } catch (error) {
+      next(error);
+    }
+  }
+  async uploadToBackend(req, res, next) {
+    try {
+      const client = req.clientInfo.client;
+      if (!config.BACKEND_URL) {
+        throw new shared_exports.ValidationError("Backend URL not configured");
+      }
+      const logFilePath = this.storage.getAuditLogPath(client);
+      if (!import_fs2.default.existsSync(logFilePath)) {
+        throw new shared_exports.ValidationError("No audit logs found for this client");
+      }
+      const logContent = import_fs2.default.readFileSync(logFilePath);
+      const lines = logContent.toString("utf8").split("\n").filter((l) => l.trim());
+      if (lines.length === 0) {
+        throw new shared_exports.ValidationError("No audit logs found for this client");
+      }
+      const FormData = (await import("form-data")).default;
+      const form = new FormData();
+      form.append("timestamp", (/* @__PURE__ */ new Date()).toISOString());
+      form.append("logs", logContent, {
+        filename: `audit-${client}-${Date.now()}.jsonl`,
+        contentType: "application/x-ndjson"
+      });
+      const response = await fetch(`${config.BACKEND_URL}/audit-logs/upload`, {
+        method: "POST",
+        headers: {
+          ...form.getHeaders()
+        },
+        body: form
+      });
+      if (!response.ok) {
+        const errorText = await response.text();
+        throw new Error(`Backend upload failed: ${errorText}`);
+      }
+      const result = await response.json();
+      const apiResponse = {
+        success: true,
+        data: { uploadId: result.uploadId }
+      };
+      res.json(apiResponse);
+    } catch (error) {
+      next(error);
+    }
+  }
+};
+
+// src/routes/audit.routes.ts
+var router3 = (0, import_express3.Router)();
+var auditController = new AuditController();
+router3.get("/", auditController.getLogs.bind(auditController));
+router3.patch("/", auditController.appendLogs.bind(auditController));
+router3.post("/", auditController.uploadToBackend.bind(auditController));
+var audit_routes_default = router3;
+
+// src/routes/org.routes.ts
+var import_express4 = require("express");
+
+// src/controllers/org.controller.ts
+var OrgController = class {
+  async getOrganizationRepositories(req, res, next) {
+    try {
+      const token = req.githubToken;
+      const org = req.params.org;
+      const perPage = parseInt(req.query.perPage) || 50;
+      const repos = await githubService.fetchOrganizationRepositories(token, org, perPage);
+      const response = {
+        success: true,
+        data: {
+          repositories: repos.map((r) => ({
+            id: r.id,
+            name: r.name,
+            fullName: r.full_name,
+            owner: r.owner.login,
+            cloneUrl: r.clone_url,
+            isPrivate: r.private,
+            description: r.description || void 0,
+            defaultBranch: void 0
+          }))
+        }
+      };
+      res.json(response);
+    } catch (error) {
+      next(error);
+    }
+  }
+};
+
+// src/routes/org.routes.ts
+var router4 = (0, import_express4.Router)();
+var orgController = new OrgController();
+router4.get("/:org/repos", authenticateGithubToken, orgController.getOrganizationRepositories.bind(orgController));
+var org_routes_default = router4;
+
+// src/routes/registry.routes.ts
+var import_express7 = require("express");
+
+// src/routes/package.routes.ts
+var import_express6 = require("express");
+
+// src/modules/package/package.service.ts
+var import_path4 = __toESM(require("path"));
+var import_promises3 = __toESM(require("fs/promises"));
+
+// src/modules/git/git.service.ts
+var import_simple_git = __toESM(require("simple-git"));
+var GitService = class {
+  async cloneRepository(cloneUrl, owner, repo, token) {
+    await storageService.ensureStorageExists();
+    const localPath = storageService.getRegistryPath(owner, repo);
+    const cleanUrl = `https://github.com/${owner}/${repo}.git`;
+    try {
+      const git = await this.getConfiguredGitInstance(token);
+      await this.performGitOperationSafely(git, owner, repo, token, async (authenticatedUrl) => {
+        await git.clone(authenticatedUrl, localPath);
+      });
+      const repoGit = await this.getConfiguredGitInstance(token, localPath);
+      await repoGit.remote(["set-url", "origin", cleanUrl]);
+      logger_default.info(`Successfully cloned registry ${owner}/${repo} to ${localPath}`);
+      return localPath;
+    } catch (error) {
+      logger_default.error("Failed to clone repository:", error);
+      throw new shared_exports.GitOperationError(`Failed to clone repository: ${error instanceof Error ? error.message : "Unknown error"}`);
+    }
+  }
+  async syncRepository(owner, repo, token) {
+    const localPath = storageService.getRegistryPath(owner, repo);
+    try {
+      const git = await this.getConfiguredGitInstance(token, localPath);
+      const isRepo = await git.checkIsRepo();
+      if (!isRepo) {
+        throw new shared_exports.GitOperationError(`Directory ${localPath} is not a git repository`);
+      }
+      const beforeCommit = await git.revparse(["HEAD"]);
+      await this.performGitOperationSafely(git, owner, repo, token, async () => {
+        await git.pull();
+      });
+      const afterCommit = await git.revparse(["HEAD"]);
+      logger_default.info(`Successfully synced registry ${owner}/${repo} (${beforeCommit.substring(0, 7)} -> ${afterCommit.substring(0, 7)})`);
+      return { beforeCommit, afterCommit };
+    } catch (error) {
+      logger_default.error("Failed to sync repository:", error);
+      throw new shared_exports.GitOperationError(`Failed to sync repository: ${error instanceof Error ? error.message : "Unknown error"}`);
+    }
+  }
+  async getCommitDiff(owner, repo, fromCommit, toCommit) {
+    const localPath = storageService.getRegistryPath(owner, repo);
+    try {
+      const git = (0, import_simple_git.default)(localPath);
+      const diff = await git.diff(["--name-only", fromCommit, toCommit]);
+      return diff.split("\n").filter((line) => line.trim().length > 0);
+    } catch (error) {
+      logger_default.error("Failed to get changed files between commits:", error);
+      throw new shared_exports.GitOperationError(`Failed to get changed files: ${error instanceof Error ? error.message : "Unknown error"}`);
+    }
+  }
+  async commitChanges(owner, repo, message, token) {
+    const localPath = storageService.getRegistryPath(owner, repo);
+    try {
+      const git = await this.getConfiguredGitInstance(token, localPath);
+      await this.syncRepository(owner, repo, token);
+      await this.performGitOperationSafely(git, owner, repo, token, async () => {
+        await git.add(".");
+        await git.commit(message);
+        await git.push();
+      });
+      logger_default.info(`Successfully committed and pushed changes to ${owner}/${repo}`);
+    } catch (error) {
+      logger_default.error("Failed to commit changes:", error);
+      throw new shared_exports.GitOperationError(`Failed to commit changes: ${error instanceof Error ? error.message : "Unknown error"}`);
+    }
+  }
+  async getConfiguredGitInstance(token, path10) {
+    const git = path10 ? (0, import_simple_git.default)(path10) : (0, import_simple_git.default)();
+    try {
+      const userInfo = await githubService.getUserInfo(token);
+      await git.addConfig("user.name", userInfo.name || userInfo.login);
+      await git.addConfig("user.email", userInfo.email || `${userInfo.login}@users.noreply.github.com`);
+    } catch (error) {
+      logger_default.warn("Failed to configure git user info:", error);
+    }
+    return git;
+  }
+  async performGitOperationSafely(git, owner, repo, token, operation) {
+    const authenticatedUrl = `https://${token}@github.com/${owner}/${repo}.git`;
+    const cleanUrl = `https://github.com/${owner}/${repo}.git`;
+    try {
+      await operation(authenticatedUrl);
+    } catch (error) {
+      if (error.message?.includes("authentication") || error.message?.includes("credentials")) {
+        throw new shared_exports.GitOperationError("Git authentication failed. Please check your GitHub token.");
+      }
+      throw error;
+    }
+  }
+};
+var gitService = new GitService();
+
+// src/modules/git/git.schemas.ts
+var import_zod3 = require("zod");
+var CommitChangesRequestSchema = import_zod3.z.object({
+  owner: import_zod3.z.string().min(1),
+  repo: import_zod3.z.string().min(1),
+  message: import_zod3.z.string().min(1)
+});
+var GetStatusRequestSchema = import_zod3.z.object({
+  owner: import_zod3.z.string().min(1),
+  repo: import_zod3.z.string().min(1)
+});
+var GetChangedFilesRequestSchema = import_zod3.z.object({
+  owner: import_zod3.z.string().min(1),
+  repo: import_zod3.z.string().min(1)
+});
+
+// src/modules/registry/registry.service.ts
+var import_promises2 = __toESM(require("fs/promises"));
+
+// src/modules/subscription/subscription.types.ts
+var SubscriptionRequiredError = class extends Error {
+  constructor(message, actionUrl, errorType) {
+    super(message);
+    this.actionUrl = actionUrl;
+    this.errorType = errorType;
+    this.name = "SubscriptionRequiredError";
+  }
+};
+
+// src/modules/subscription/subscription.service.ts
+var SubscriptionService = class {
+  async connectToRegistry(token, owner, repo) {
+    try {
+      await apiService.apiRequest(`/registry/${owner}/${repo}/connect`, token, { method: "POST" });
+    } catch (error) {
+      const errorData = error.data?.data;
+      if (error.statusCode === 403) {
+        if (!errorData) {
+          throw error;
+        }
+        const entityName = `@${owner}`;
+        const actionUrl = this.getSubscriptionUrl(errorData.ownerEntityId);
+        const message = errorData.error || `Subscription required for ${entityName} repositories`;
+        const subscriptionError = new SubscriptionRequiredError(message, actionUrl, "SUBSCRIPTION_REQUIRED");
+        throw subscriptionError;
+      }
+      if (error.statusCode === 429) {
+        if (!errorData) {
+          throw error;
+        }
+        const entityName = `@${owner}`;
+        const actionUrl = errorData.ownerEntityId ? this.getSubscriptionUrl(errorData.ownerEntityId) : this.getSubscriptionUrl();
+        const message = errorData.error || `Seat limit reached for ${entityName}`;
+        throw new SubscriptionRequiredError(message, actionUrl, "SEAT_LIMIT_REACHED");
+      }
+      throw error;
+    }
+  }
+  async disconnectFromRegistry(token, owner, repo) {
+    try {
+      await apiService.apiRequest(`/registry/${owner}/${repo}/disconnect`, token, { method: "DELETE" });
+    } catch (error) {
+      logger_default.error(`Failed to disconnect from registry ${owner}/${repo} in backend:`, error);
+    }
+  }
+  getSubscriptionUrl(entityId) {
+    const params = new URLSearchParams({ source: "service" });
+    if (entityId) {
+      params.set("entity_id", entityId);
+    }
+    return `https://aishelf.dev#pricing?${params.toString()}`;
+  }
+};
+var subscriptionService = new SubscriptionService();
+
+// src/modules/registry/registry.service.ts
+var import_shared11 = __toESM(require_dist());
+var RegistryService = class {
+  constructor(git = gitService, github = githubService, storage = storageService, subscription = subscriptionService) {
+    this.git = git;
+    this.github = github;
+    this.storage = storage;
+    this.subscription = subscription;
+  }
+  async connect(owner, repo, token, options) {
+    const repoExists = await this.checkRepositoryExists(owner, repo, token);
+    if (!repoExists) {
+      if (options?.createIfNotExists) {
+        const githubUsername = options.githubUsername || (await this.github.getUserInfo(token)).login;
+        const isOrganization = githubUsername !== owner;
+        await this.github.createNewRegistry(
+          token,
+          repo,
+          options.description || `AIShelf registry: ${repo}`,
+          options.isPrivate ?? true,
+          isOrganization ? owner : void 0
+        );
+        logger_default.info(`Created new registry ${owner}/${repo}`);
+      } else {
+        throw new shared_exports.NotFoundError(`Repository ${owner}/${repo} does not exist`);
+      }
+    }
+    const isValid = await this.github.validateRegistry(`${owner}/${repo}`, token);
+    if (!isValid) {
+      throw new shared_exports.ValidationError(`Repository ${owner}/${repo} is not a valid AIShelf registry (missing ai_shelf_registry.json)`);
+    }
+    await this.subscription.connectToRegistry(token, owner, repo);
+    const cloneUrl = `https://github.com/${owner}/${repo}.git`;
+    try {
+      await this.git.cloneRepository(cloneUrl, owner, repo, token);
+      const registry = {
+        owner,
+        repo,
+        fullName: `${owner}/${repo}`,
+        cloneUrl,
+        lastSynced: (/* @__PURE__ */ new Date()).toISOString()
+      };
+      await this.storage.saveConnectedRegistry(registry);
+      logger_default.info(`Connected to registry ${owner}/${repo}`);
+      return registry;
+    } catch (error) {
+      const registryPath = this.storage.getRegistryPath(owner, repo);
+      try {
+        await import_promises2.default.rm(registryPath, { recursive: true, force: true });
+      } catch (cleanupError) {
+        logger_default.error("Failed to clean up partial clone:", cleanupError);
+      }
+      throw error;
+    }
+  }
+  async sync(owner, repo, token) {
+    await this.subscription.connectToRegistry(token, owner, repo);
+    const registries = await this.list(token);
+    const registry = registries.find((r) => r.owner === owner && r.repo === repo);
+    if (!registry) {
+      throw new shared_exports.NotFoundError(`Registry ${owner}/${repo} is not connected`);
+    }
+    try {
+      const { beforeCommit, afterCommit } = await this.git.syncRepository(owner, repo, token);
+      const changedFiles = await this.git.getCommitDiff(owner, repo, beforeCommit, afterCommit);
+      registry.lastSynced = (/* @__PURE__ */ new Date()).toISOString();
+      await this.storage.saveConnectedRegistry(registry);
+      logger_default.info(`Synced registry ${owner}/${repo}, ${changedFiles.length} files changed`);
+      return { changedFiles };
+    } catch (error) {
+      logger_default.error(`Failed to sync registry ${owner}/${repo}:`, error);
+      throw error;
+    }
+  }
+  async list(token) {
+    const registries = await this.storage.getConnectedRegistries();
+    const enriched = await Promise.all(
+      registries.map(async (reg) => {
+        const accessLevel = token ? await this.github.checkRepositoryAccess(token, reg.owner, reg.repo) : import_shared11.AccessLevel.NONE;
+        const isTrusted = !await this.storage.shouldShowSecurityViolations(reg.owner, reg.repo);
+        return {
+          owner: reg.owner,
+          repo: reg.repo,
+          fullName: reg.fullName,
+          cloneUrl: reg.cloneUrl,
+          localPath: this.storage.getRegistryPath(reg.owner, reg.repo),
+          accessLevel,
+          trusted: isTrusted,
+          enabled: true,
+          lastSync: reg.lastSynced,
+          connectedBy: ""
+          // ENHANCEMENT: Future implementation
+        };
+      })
+    );
+    enriched.sort((a, b) => {
+      const order = { [import_shared11.AccessLevel.WRITE]: 0, [import_shared11.AccessLevel.READ_ONLY]: 1, [import_shared11.AccessLevel.NONE]: 2 };
+      return (order[a.accessLevel] ?? 3) - (order[b.accessLevel] ?? 3);
+    });
+    return enriched;
+  }
+  async disconnect(owner, repo, token) {
+    await this.subscription.disconnectFromRegistry(token, owner, repo);
+    try {
+      const registryPath = this.storage.getRegistryPath(owner, repo);
+      await import_promises2.default.rm(registryPath, { recursive: true, force: true });
+    } catch (error) {
+      logger_default.error("Failed to delete registry directory:", error);
+    }
+    const registries = await this.storage.getConnectedRegistries();
+    const updatedRegistries = registries.filter(
+      (r) => !(r.owner === owner && r.repo === repo)
+    );
+    await this.storage.updateConnectedRegistries(updatedRegistries);
+    logger_default.info(`Disconnected from registry ${owner}/${repo}`);
+  }
+  async checkRepositoryExists(owner, repo, token) {
+    try {
+      const accessLevel = await this.github.checkRepositoryAccess(token, owner, repo);
+      return accessLevel !== import_shared11.AccessLevel.NONE;
+    } catch (error) {
+      logger_default.error(`Failed to check if repository exists: ${owner}/${repo}`, error);
+      return false;
+    }
+  }
+};
+var registryService = new RegistryService();
+
+// src/modules/registry/registry.middleware.ts
+var import_shared13 = __toESM(require_dist());
+async function ensureRegistryExists(req, res, next) {
+  try {
+    const owner = req.params.owner;
+    const repo = req.params.repo;
+    const exists = await storageService.checkRegistryExists(owner, repo);
+    if (!exists) {
+      throw new shared_exports.NotFoundError(`Registry ${owner}/${repo} not found`);
+    }
+    next();
+  } catch (error) {
+    next(error);
+  }
+}
+async function ensureRegistryDoesNotExist(req, res, next) {
+  try {
+    const owner = req.params.owner;
+    const repo = req.params.repo;
+    const registries = await storageService.getConnectedRegistries();
+    const existing = registries.find((r) => r.owner === owner && r.repo === repo);
+    if (existing) {
+      throw new shared_exports.ConflictError(`Registry ${owner}/${repo} is already connected`);
+    }
+    next();
+  } catch (error) {
+    next(error);
+  }
+}
+async function validateRepositoryWriteAccess(req, res, next) {
+  try {
+    const owner = req.params.owner;
+    const repo = req.params.repo;
+    const token = req.githubToken;
+    const accessLevel = await githubService.checkRepositoryAccess(token, owner, repo);
+    if (accessLevel !== import_shared13.AccessLevel.WRITE) {
+      throw new shared_exports.UnauthorizedError(`Write access required for ${owner}/${repo}`);
+    }
+    next();
+  } catch (error) {
+    next(error);
+  }
+}
+async function ensureRegistrySync(req, res, next) {
+  try {
+    const owner = req.params.owner;
+    const repo = req.params.repo;
+    const token = req.githubToken;
+    await registryService.sync(owner, repo, token);
+    next();
+  } catch (error) {
+    next(error);
+  }
+}
+function validateResourceType(req, res, next) {
+  const resourceType = req.params.resourceType;
+  if (!(0, import_shared13.isValidResourceType)(resourceType)) {
+    return next(new shared_exports.ValidationError(`Invalid resource type: ${resourceType}`));
+  }
+  next();
+}
+
+// src/modules/registry/registry.schemas.ts
+var import_zod4 = require("zod");
+var ConnectedRegistrySchema = import_zod4.z.object({
+  owner: import_zod4.z.string().min(1),
+  repo: import_zod4.z.string().min(1),
+  fullName: import_zod4.z.string().min(1),
+  cloneUrl: import_zod4.z.string().url(),
+  lastSynced: import_zod4.z.date().optional()
+});
+var RegistryConfigSchema = import_zod4.z.object({
+  connectedRegistries: import_zod4.z.array(ConnectedRegistrySchema),
+  securityPreferences: import_zod4.z.record(
+    import_zod4.z.string(),
+    import_zod4.z.object({
+      dontShowViolations: import_zod4.z.boolean()
+    })
+  ).optional()
+});
+var ConnectRegistryRequestSchema = import_zod4.z.object({
+  cloneUrl: import_zod4.z.string().url(),
+  owner: import_zod4.z.string().min(1),
+  repo: import_zod4.z.string().min(1)
+});
+var SyncRegistryRequestSchema = import_zod4.z.object({
+  owner: import_zod4.z.string().min(1),
+  repo: import_zod4.z.string().min(1)
+});
+
+// src/modules/package/package.service.ts
+var import_shared15 = __toESM(require_dist());
+var PackageService = class {
+  constructor(git = gitService, storage = storageService, registry = registryService, subscription = subscriptionService) {
+    this.git = git;
+    this.storage = storage;
+    this.registry = registry;
+    this.subscription = subscription;
+  }
+  async listPackages(owner, repo) {
+    const packagesPath = this.storage.getPackagesPath(owner, repo);
+    try {
+      const entries = await import_promises3.default.readdir(packagesPath, { withFileTypes: true });
+      const packages = [];
+      for (const entry of entries) {
+        if (entry.isDirectory()) {
+          const packagePath = this.storage.getPackagePath(owner, repo, entry.name);
+          const packageInfo = await this.parsePackage(packagePath, entry.name);
+          if (packageInfo) {
+            packages.push(packageInfo);
+          }
+        }
+      }
+      return packages;
+    } catch (error) {
+      logger_default.error("Failed to read packages:", error);
+      return [];
+    }
+  }
+  async getPackage(owner, repo, packageId) {
+    const packagePath = this.storage.getPackagePath(owner, repo, packageId);
+    const pkg = await this.parsePackage(packagePath, packageId);
+    if (!pkg) {
+      throw new shared_exports.NotFoundError(`Package '${packageId}' not found in ${owner}/${repo}`);
+    }
+    return pkg;
+  }
+  async createPackage(owner, repo, packageId, token) {
+    const packagePath = this.storage.getPackagePath(owner, repo, packageId);
+    try {
+      for (const resourceType of import_shared15.VALID_RESOURCE_TYPES) {
+        await import_promises3.default.mkdir(import_path4.default.join(packagePath, resourceType), { recursive: true });
+      }
+      const commitMessage = `feat: add package ${packageId}`;
+      await this.git.commitChanges(owner, repo, commitMessage, token);
+      logger_default.info(`Created package ${packageId} in ${owner}/${repo}`);
+      return { id: packageId, path: packagePath };
+    } catch (error) {
+      logger_default.error(`Failed to create package ${packageId} in ${owner}/${repo}:`, error);
+      throw error;
+    }
+  }
+  async deletePackage(owner, repo, packageId, token) {
+    const packagePath = this.storage.getPackagePath(owner, repo, packageId);
+    try {
+      await import_promises3.default.rm(packagePath, { recursive: true, force: true });
+      const commitMessage = `feat: remove package ${packageId}`;
+      await this.git.commitChanges(owner, repo, commitMessage, token);
+      logger_default.info(`Deleted package ${packageId} from ${owner}/${repo}`);
+    } catch (error) {
+      logger_default.error(`Failed to delete package ${packageId} from ${owner}/${repo}:`, error);
+      throw error;
+    }
+  }
+  // ENHANCEMENT: Specific to the workflows, rules, skills and prompts, make it like an array of available resources
+  async parsePackage(packagePath, packageId) {
+    try {
+      const entries = await import_promises3.default.readdir(packagePath, { withFileTypes: true });
+      let name = packageId;
+      let description;
+      const packageJsonPath = import_path4.default.join(packagePath, "package.json");
+      try {
+        const packageJsonData = await import_promises3.default.readFile(packageJsonPath, "utf8");
+        const packageJson = JSON.parse(packageJsonData);
+        name = packageJson.name || packageId;
+        description = packageJson.description;
+      } catch {
+      }
+      return {
+        id: packageId,
+        name,
+        description,
+        path: packagePath
+      };
+    } catch (error) {
+      logger_default.error(`Failed to parse package ${packageId}:`, error);
+      return null;
+    }
+  }
+};
+var packageService = new PackageService();
+
+// src/modules/package/package.middleware.ts
+async function ensurePackageExists(req, res, next) {
+  try {
+    const owner = req.params.owner;
+    const repo = req.params.repo;
+    const packageId = req.params.packageId;
+    const exists = await storageService.checkPackageExists(owner, repo, packageId);
+    if (!exists) {
+      throw new shared_exports.NotFoundError(`Package '${packageId}' not found in ${owner}/${repo}`);
+    }
+    next();
+  } catch (error) {
+    next(error);
+  }
+}
+async function ensurePackageDoesNotExist(req, res, next) {
+  try {
+    const owner = req.params.owner;
+    const repo = req.params.repo;
+    const packageId = req.params.packageId;
+    const exists = await storageService.checkPackageExists(owner, repo, packageId);
+    if (exists) {
+      throw new shared_exports.ConflictError(`Package '${packageId}' already exists in ${owner}/${repo}`);
+    }
+    next();
+  } catch (error) {
+    next(error);
+  }
+}
+
+// src/modules/package/package.schemas.ts
+var import_zod5 = require("zod");
+var PackageSchema = import_zod5.z.object({
+  id: import_zod5.z.string().min(1),
+  name: import_zod5.z.string().min(1),
+  description: import_zod5.z.string().optional(),
+  path: import_zod5.z.string().min(1),
+  hasWorkflows: import_zod5.z.boolean(),
+  hasRules: import_zod5.z.boolean(),
+  hasSkills: import_zod5.z.boolean(),
+  hasPrompts: import_zod5.z.boolean()
+});
+var PackageMetadataSchema = import_zod5.z.object({
+  id: import_zod5.z.string().min(1),
+  name: import_zod5.z.string().min(1),
+  description: import_zod5.z.string().optional(),
+  version: import_zod5.z.string().optional(),
+  author: import_zod5.z.string().optional(),
+  tags: import_zod5.z.array(import_zod5.z.string()).optional()
+});
+var GetPackagesRequestSchema = import_zod5.z.object({
+  owner: import_zod5.z.string().min(1),
+  repo: import_zod5.z.string().min(1)
+});
+var GetPackageResourcesRequestSchema = import_zod5.z.object({
+  owner: import_zod5.z.string().min(1),
+  repo: import_zod5.z.string().min(1),
+  packageId: import_zod5.z.string().min(1),
+  resourceType: import_zod5.z.enum(["workflows", "rules", "skills", "prompts"])
+});
+
+// src/controllers/package.controller.ts
+var PackageController = class {
+  constructor(_package = packageService) {
+    this._package = _package;
+  }
+  async list(req, res, next) {
+    try {
+      const owner = req.params.owner;
+      const repo = req.params.repo;
+      if (!owner || !repo) {
+        throw new shared_exports.ValidationError("owner and repo are required");
+      }
+      const packages = await this._package.listPackages(owner, repo);
+      const response = {
+        success: true,
+        data: {
+          packages: packages.map((pkg) => ({
+            id: pkg.id,
+            name: pkg.name,
+            description: pkg.description,
+            path: pkg.path
+          }))
+        }
+      };
+      res.json(response);
+    } catch (error) {
+      next(error);
+    }
+  }
+  async get(req, res, next) {
+    try {
+      const owner = req.params.owner;
+      const repo = req.params.repo;
+      const packageId = req.params.packageId;
+      if (!owner || !repo) {
+        throw new shared_exports.ValidationError("owner and repo are required");
+      }
+      if (!packageId) {
+        throw new shared_exports.ValidationError("packageId is required");
+      }
+      const pkg = await this._package.getPackage(owner, repo, packageId);
+      const response = {
+        success: true,
+        data: {
+          id: pkg.id,
+          name: pkg.name,
+          description: pkg.description,
+          path: pkg.path
+        }
+      };
+      res.json(response);
+    } catch (error) {
+      next(error);
+    }
+  }
+  async pushCreate(req, res, next) {
+    try {
+      const token = req.githubToken;
+      const owner = req.params.owner;
+      const repo = req.params.repo;
+      const packageId = req.params.packageId;
+      if (!owner || !repo) {
+        throw new shared_exports.ValidationError("owner and repo are required");
+      }
+      if (!packageId) {
+        throw new shared_exports.ValidationError("packageId is required");
+      }
+      const result = await this._package.createPackage(owner, repo, packageId, token);
+      const response = {
+        success: true,
+        data: {
+          packageId: result.id,
+          path: result.path
+        }
+      };
+      res.json(response);
+    } catch (error) {
+      next(error);
+    }
+  }
+  async pushDelete(req, res, next) {
+    try {
+      const token = req.githubToken;
+      const owner = req.params.owner;
+      const repo = req.params.repo;
+      const packageId = req.params.packageId;
+      if (!owner || !repo) {
+        throw new shared_exports.ValidationError("owner and repo are required");
+      }
+      if (!packageId) {
+        throw new shared_exports.ValidationError("packageId is required");
+      }
+      await this._package.deletePackage(owner, repo, packageId, token);
+      const response = {
+        success: true,
+        data: {}
+      };
+      res.json(response);
+    } catch (error) {
+      next(error);
+    }
+  }
+};
+
+// src/routes/resource.routes.ts
+var import_express5 = require("express");
+
+// src/modules/resource/resource.service.ts
+var import_path8 = __toESM(require("path"));
+var import_promises6 = __toESM(require("fs/promises"));
+
+// src/modules/draft/draft.service.ts
+var import_path6 = __toESM(require("path"));
+var import_promises4 = __toESM(require("fs/promises"));
+var import_child_process = require("child_process");
+var import_util = require("util");
+
+// src/config/resource.config.ts
+var resource_config_exports = {};
+__export(resource_config_exports, {
+  ResourcePathHelper: () => ResourcePathHelper
+});
+var import_path5 = __toESM(require("path"));
+__reExport(resource_config_exports, __toESM(require_dist()));
+var import_shared18 = __toESM(require_dist());
+var ResourcePathHelper = class {
+  /**
+   * Check if a resource type is stored as a folder
+   */
+  static isFolder(resourceType) {
+    return (0, import_shared18.getResourceStorageType)(resourceType) === import_shared18.ResourceStorageType.FOLDER;
+  }
+  /**
+   * Get the file name for a resource (e.g., "my-workflow.md" for workflows, "my-skill" for skills)
+   */
+  static getFileName(resourceName, resourceType) {
+    if (this.isFolder(resourceType)) {
+      return resourceName;
+    }
+    return `${resourceName}.md`;
+  }
+  /**
+   * Get the entry file path for a resource (SKILL.md for skills, .md file for others)
+   */
+  static getEntryPath(basePath, resourceName, resourceType) {
+    const entryFile = (0, import_shared18.getResourceEntryFile)(resourceType);
+    if (this.isFolder(resourceType) && entryFile) {
+      return import_path5.default.join(basePath, resourceName, entryFile);
+    }
+    return import_path5.default.join(basePath, `${resourceName}.md`);
+  }
+  /**
+   * Get the base path for a resource (folder path for skills, file path for others)
+   */
+  static getBasePath(basePath, resourceName, resourceType) {
+    if (this.isFolder(resourceType)) {
+      return import_path5.default.join(basePath, resourceName);
+    }
+    return import_path5.default.join(basePath, `${resourceName}.${(0, import_shared18.getResourceFileExt)(resourceType)}`);
+  }
+};
+
+// src/modules/draft/draft.service.ts
+var execAsync = (0, import_util.promisify)(import_child_process.exec);
+var DraftService = class {
+  constructor(storage = storageService) {
+    this.storage = storage;
+  }
+  async listDraftFiles(owner, repo, packageId, resourceType) {
+    try {
+      const dir = this.storage.getDraftResourceDir(owner, repo, packageId, resourceType);
+      const entries = await import_promises4.default.readdir(dir, { withFileTypes: true });
+      if (ResourcePathHelper.isFolder(resourceType)) {
+        return entries.filter((entry) => entry.isDirectory()).map((entry) => ({
+          name: entry.name,
+          path: import_path6.default.join(dir, entry.name)
+        }));
+      } else {
+        return entries.filter((entry) => entry.isFile() && entry.name.endsWith(".md")).map((entry) => ({
+          name: entry.name,
+          path: import_path6.default.join(dir, entry.name)
+        }));
+      }
+    } catch {
+      return [];
+    }
+  }
+  async createDraftFile(owner, repo, packageId, resourceType, fileName) {
+    const normalizedName = fileName.endsWith(".md") ? fileName : `${fileName}.md`;
+    await this.storage.ensureDraftDirExists(owner, repo, packageId, resourceType);
+    const filePath = import_path6.default.join(
+      this.storage.getDraftResourceDir(owner, repo, packageId, resourceType),
+      normalizedName
+    );
+    try {
+      await import_promises4.default.stat(filePath);
+    } catch {
+      await import_promises4.default.writeFile(filePath, "", "utf8");
+    }
+    return filePath;
+  }
+  async copyResourceFileToDraft(owner, repo, packageId, resourceType, fileName, registryFilePath) {
+    const normalizedName = fileName.endsWith(".md") ? fileName : `${fileName}.md`;
+    await this.storage.ensureDraftDirExists(owner, repo, packageId, resourceType);
+    const draftPath = import_path6.default.join(
+      this.storage.getDraftResourceDir(owner, repo, packageId, resourceType),
+      normalizedName
+    );
+    const content = await import_promises4.default.readFile(registryFilePath);
+    await import_promises4.default.writeFile(draftPath, content);
+    return draftPath;
+  }
+  async deleteDraftFile(filePath) {
+    try {
+      await import_promises4.default.unlink(filePath);
+    } catch (error) {
+      if (error.code !== "ENOENT") {
+        throw new shared_exports.FileSystemError(`Failed to delete draft file: ${error.message}`);
+      }
+    }
+  }
+  async copyResourceFolderToDraft(owner, repo, packageId, resourceName, resourcePath) {
+    await this.storage.ensureDraftDirExists(owner, repo, packageId, resource_config_exports.ResourceType.SKILLS);
+    const draftResourcePath = import_path6.default.join(
+      this.storage.getDraftResourceDir(owner, repo, packageId, resource_config_exports.ResourceType.SKILLS),
+      resourceName
+    );
+    await this.copyFolderRecursive(resourcePath, draftResourcePath);
+    return draftResourcePath;
+  }
+  async createResourceFolder(owner, repo, packageId, resourceType, resourceName) {
+    await this.storage.ensureDraftDirExists(owner, repo, packageId, resourceType);
+    const resourceFolderPath = import_path6.default.join(
+      this.storage.getDraftResourceDir(owner, repo, packageId, resourceType),
+      resourceName
+    );
+    await import_promises4.default.mkdir(resourceFolderPath, { recursive: true });
+    const entryFile = (0, shared_exports.getResourceEntryFile)(resourceType);
+    if (!entryFile) {
+      throw new shared_exports.ValidationError(`Resource type ${resourceType} does not have an entry file.`);
+    }
+    const resourceEntryPath = import_path6.default.join(resourceFolderPath, entryFile);
+    const template = (0, shared_exports.getResourceTemplate)(resourceType)?.(resourceName) || "";
+    await import_promises4.default.writeFile(resourceEntryPath, template, "utf8");
+    return resourceFolderPath;
+  }
+  async deleteDraftFolder(owner, repo, packageId, skillName) {
+    const skillFolderPath = import_path6.default.join(
+      this.storage.getDraftResourceDir(owner, repo, packageId, resource_config_exports.ResourceType.SKILLS),
+      skillName
+    );
+    try {
+      await import_promises4.default.rm(skillFolderPath, { recursive: true, force: true });
+    } catch (error) {
+      if (error.code !== "ENOENT") {
+        throw new shared_exports.FileSystemError(`Failed to delete draft folder: ${error.message}`);
+      }
+    }
+  }
+  async getModifiedSkills(owner, repo, packageId, registrySkillsPath) {
+    const modifiedSkills = /* @__PURE__ */ new Set();
+    try {
+      const draftSkillsDir = this.storage.getDraftResourceDir(owner, repo, packageId, resource_config_exports.ResourceType.SKILLS);
+      try {
+        await import_promises4.default.stat(draftSkillsDir);
+      } catch {
+        return modifiedSkills;
+      }
+      const draftEntries = await import_promises4.default.readdir(draftSkillsDir, { withFileTypes: true });
+      const draftSkillFolders = draftEntries.filter((entry) => entry.isDirectory()).map((entry) => entry.name);
+      for (const skillName of draftSkillFolders) {
+        const draftPath = import_path6.default.join(draftSkillsDir, skillName);
+        const registryPath = import_path6.default.join(registrySkillsPath, skillName);
+        try {
+          await import_promises4.default.stat(registryPath);
+        } catch {
+          modifiedSkills.add(skillName);
+          continue;
+        }
+        const hasChanges = await this.hasFolderChanges(draftPath, registryPath);
+        if (hasChanges) {
+          modifiedSkills.add(skillName);
+        }
+      }
+    } catch (error) {
+      logger_default.error("Error detecting modified skills:", error);
+    }
+    return modifiedSkills;
+  }
+  async copyFolderRecursive(source, destination) {
+    await import_promises4.default.mkdir(destination, { recursive: true });
+    const entries = await import_promises4.default.readdir(source, { withFileTypes: true });
+    for (const entry of entries) {
+      const sourcePath = import_path6.default.join(source, entry.name);
+      const destPath = import_path6.default.join(destination, entry.name);
+      if (entry.isFile()) {
+        const content = await import_promises4.default.readFile(sourcePath);
+        await import_promises4.default.writeFile(destPath, content);
+      } else if (entry.isDirectory()) {
+        await this.copyFolderRecursive(sourcePath, destPath);
+      }
+    }
+  }
+  async getDraftContent(owner, repo, packageId, resourceType, fileName) {
+    const filePath = import_path6.default.join(
+      this.storage.getDraftResourceDir(owner, repo, packageId, resourceType),
+      fileName
+    );
+    try {
+      return await import_promises4.default.readFile(filePath, "utf8");
+    } catch (error) {
+      throw new shared_exports.NotFoundError(`Draft file not found: ${fileName}`);
+    }
+  }
+  async updateDraftContent(owner, repo, packageId, resourceType, fileName, content) {
+    const filePath = import_path6.default.join(
+      this.storage.getDraftResourceDir(owner, repo, packageId, resourceType),
+      fileName
+    );
+    await import_promises4.default.writeFile(filePath, content, "utf8");
+  }
+  async copyFileOrFolderFromResource(owner, repo, packageId, resourceType, resourceName) {
+    let sourcePath = this.storage.getResourcePath(owner, repo, packageId, resourceType, resourceName);
+    if (!ResourcePathHelper.isFolder(resourceType)) {
+      sourcePath = `${sourcePath}.${(0, shared_exports.getResourceFileExt)(resourceType)}`;
+    }
+    return await this.copyFileOrFolderFromSystem(sourcePath, owner, repo, packageId, resourceType, resourceName);
+  }
+  async copyFileOrFolderFromSystem(sourcePath, owner, repo, packageId, resourceType, targetName) {
+    try {
+      await import_promises4.default.stat(sourcePath);
+    } catch {
+      throw new shared_exports.NotFoundError(`Source path does not exist: ${sourcePath}`);
+    }
+    const stats = await import_promises4.default.stat(sourcePath);
+    await this.storage.ensureDraftDirExists(owner, repo, packageId, resourceType);
+    if (stats.isDirectory()) {
+      if (!ResourcePathHelper.isFolder(resourceType)) {
+        throw new shared_exports.ValidationError(`Resource type ${resourceType} does not support folders`);
+      }
+      const draftFolderPath = import_path6.default.join(
+        this.storage.getDraftResourceDir(owner, repo, packageId, resourceType),
+        targetName
+      );
+      await this.copyFolderRecursive(sourcePath, draftFolderPath);
+      return draftFolderPath;
+    } else {
+      if (ResourcePathHelper.isFolder(resourceType)) {
+        throw new shared_exports.ValidationError(`Resource type ${resourceType} requires folders, not files`);
+      }
+      const normalizedName = targetName.endsWith(".md") ? targetName : `${targetName}.md`;
+      const draftFilePath = import_path6.default.join(
+        this.storage.getDraftResourceDir(owner, repo, packageId, resourceType),
+        normalizedName
+      );
+      const content = await import_promises4.default.readFile(sourcePath);
+      await import_promises4.default.writeFile(draftFilePath, content);
+      return draftFilePath;
+    }
+  }
+  async hasFolderChanges(draftPath, registryPath) {
+    try {
+      try {
+        await execAsync(`git diff --no-index --quiet "${registryPath}" "${draftPath}"`);
+        return false;
+      } catch (error) {
+        if (error.code === 1) {
+          return true;
+        }
+        logger_default.error("Git diff error:", error);
+        return false;
+      }
+    } catch (error) {
+      logger_default.error("Error running git diff:", error);
+      return false;
+    }
+  }
+};
+var draftService = new DraftService();
+
+// src/modules/draft/draft.schemas.ts
+var import_zod6 = require("zod");
+var ResourceTypeSchema = import_zod6.z.enum(["workflows", "rules", "skills", "prompts"]);
+var CreateDraftRequestSchema = import_zod6.z.object({
+  owner: import_zod6.z.string().min(1),
+  repo: import_zod6.z.string().min(1),
+  packageId: import_zod6.z.string().min(1),
+  resourceType: ResourceTypeSchema,
+  fileName: import_zod6.z.string().min(1),
+  content: import_zod6.z.string().optional()
+});
+var UpdateDraftRequestSchema = import_zod6.z.object({
+  owner: import_zod6.z.string().min(1),
+  repo: import_zod6.z.string().min(1),
+  packageId: import_zod6.z.string().min(1),
+  resourceType: ResourceTypeSchema,
+  fileName: import_zod6.z.string().min(1),
+  content: import_zod6.z.string()
+});
+var ListDraftsRequestSchema = import_zod6.z.object({
+  owner: import_zod6.z.string().min(1),
+  repo: import_zod6.z.string().min(1),
+  packageId: import_zod6.z.string().min(1),
+  resourceType: ResourceTypeSchema
+});
+var CopyFromRegistryRequestSchema = import_zod6.z.object({
+  owner: import_zod6.z.string().min(1),
+  repo: import_zod6.z.string().min(1),
+  packageId: import_zod6.z.string().min(1),
+  resourceType: ResourceTypeSchema,
+  fileName: import_zod6.z.string().min(1),
+  registryFilePath: import_zod6.z.string().min(1)
+});
+
+// src/modules/filesystem/filesystem.service.ts
+var import_path7 = __toESM(require("path"));
+var import_promises5 = __toESM(require("fs/promises"));
+var FilesystemService = class {
+  /**
+   * Sanitizes a path to prevent directory traversal attacks
+   */
+  sanitizePath(requestPath) {
+    const normalized = import_path7.default.normalize(requestPath);
+    if (normalized.includes("..")) {
+      throw new shared_exports.ValidationError("Invalid path: path traversal detected");
+    }
+    return normalized;
+  }
+  /**
+   * Read a file or list directory contents
+   */
+  async read(basePath, relativePath) {
+    const sanitizedPath = this.sanitizePath(relativePath);
+    const fullPath = import_path7.default.join(basePath, sanitizedPath);
+    const stat = await import_promises5.default.stat(fullPath);
+    if (stat.isDirectory()) {
+      const files = await import_promises5.default.readdir(fullPath, { withFileTypes: true });
+      const contents = [];
+      for (const f of files) {
+        const entry = {
+          name: f.name,
+          type: f.isDirectory() ? "directory" : "file",
+          path: import_path7.default.join(sanitizedPath, f.name).replace(/\\/g, "/")
+        };
+        if (f.isFile()) {
+          const fileStat = await import_promises5.default.stat(import_path7.default.join(fullPath, f.name));
+          entry.size = fileStat.size;
+        }
+        contents.push(entry);
+      }
+      return {
+        path: sanitizedPath,
+        type: "directory",
+        contents
+      };
+    } else {
+      const content = await import_promises5.default.readFile(fullPath, "utf-8");
+      return {
+        path: sanitizedPath,
+        type: "file",
+        content
+      };
+    }
+  }
+  /**
+   * Write a file (creates parent directories if needed)
+   */
+  async write(basePath, relativePath, content, createParentDirs = true) {
+    const sanitizedPath = this.sanitizePath(relativePath);
+    const fullPath = import_path7.default.join(basePath, sanitizedPath);
+    if (createParentDirs) {
+      await import_promises5.default.mkdir(import_path7.default.dirname(fullPath), { recursive: true });
+    }
+    await import_promises5.default.writeFile(fullPath, content);
+    return { path: sanitizedPath };
+  }
+  /**
+   * Update an existing file
+   */
+  async update(basePath, relativePath, content) {
+    const sanitizedPath = this.sanitizePath(relativePath);
+    const fullPath = import_path7.default.join(basePath, sanitizedPath);
+    const stat = await import_promises5.default.stat(fullPath);
+    if (!stat.isFile()) {
+      throw new shared_exports.ValidationError("Path is not a file");
+    }
+    await import_promises5.default.writeFile(fullPath, content);
+    return { path: sanitizedPath };
+  }
+  /**
+   * Delete a file or directory
+   */
+  async delete(basePath, relativePath) {
+    const sanitizedPath = this.sanitizePath(relativePath);
+    const fullPath = import_path7.default.join(basePath, sanitizedPath);
+    const stat = await import_promises5.default.stat(fullPath);
+    if (stat.isDirectory()) {
+      await import_promises5.default.rm(fullPath, { recursive: true });
+    } else {
+      await import_promises5.default.unlink(fullPath);
+    }
+    return { path: sanitizedPath };
+  }
+  /**
+   * Check if path exists
+   */
+  async exists(basePath, relativePath) {
+    try {
+      const sanitizedPath = this.sanitizePath(relativePath);
+      const fullPath = import_path7.default.join(basePath, sanitizedPath);
+      await import_promises5.default.access(fullPath);
+      return true;
+    } catch {
+      return false;
+    }
+  }
+};
+var filesystemService = new FilesystemService();
+
+// src/modules/resource/resource.service.ts
+var import_shared22 = __toESM(require_dist());
+var ResourceService = class {
+  constructor(storage = storageService, git = gitService, draft = draftService, registry = registryService, subscription = subscriptionService, filesystem = filesystemService) {
+    this.storage = storage;
+    this.git = git;
+    this.draft = draft;
+    this.registry = registry;
+    this.subscription = subscription;
+    this.filesystem = filesystem;
+  }
+  /**
+   * List resources combining registry and drafts with state
+   */
+  async listResources(owner, repo, packageId, resourceType) {
+    const registryResources = await this.getRegistryResources(
+      owner,
+      repo,
+      packageId,
+      resourceType
+    );
+    const draftResources = await this.draft.listDraftFiles(
+      owner,
+      repo,
+      packageId,
+      resourceType
+    );
+    const draftNames = new Set(draftResources.map((d) => d.name.replace(".md", "")));
+    const registryNames = new Set(registryResources.map((r) => r.name));
+    const resources = [];
+    for (const r of registryResources) {
+      resources.push({
+        name: r.name,
+        type: resourceType,
+        hasDraft: draftNames.has(r.name),
+        inRegistry: true,
+        registryPath: r.path,
+        draftPath: draftResources.find((d) => d.name.replace(".md", "") === r.name)?.path
+      });
+    }
+    for (const d of draftResources) {
+      const name = d.name.replace(".md", "");
+      if (!registryNames.has(name)) {
+        resources.push({
+          name,
+          type: resourceType,
+          hasDraft: true,
+          inRegistry: false,
+          draftPath: d.path
+        });
+      }
+    }
+    return resources;
+  }
+  /**
+   * Get resource entry content (draft-first)
+   */
+  async getResourceEntry(owner, repo, packageId, resourceType, resourceName) {
+    try {
+      const draftBasePath = this.storage.getDraftResourceDir(owner, repo, packageId, resourceType);
+      const draftPath = ResourcePathHelper.getEntryPath(draftBasePath, resourceName, resourceType);
+      const content = await import_promises6.default.readFile(draftPath, "utf8");
+      return { content, source: resource_config_exports.ResourceSource.DRAFT, path: draftPath };
+    } catch {
+    }
+    try {
+      const packagePath = this.storage.getPackagePath(owner, repo, packageId);
+      const registryResourceDir = import_path8.default.join(packagePath, resourceType);
+      const resourcePath = ResourcePathHelper.getEntryPath(registryResourceDir, resourceName, resourceType);
+      const content = await import_promises6.default.readFile(resourcePath, "utf8");
+      return { content, source: resource_config_exports.ResourceSource.REGISTRY, path: resourcePath };
+    } catch (error) {
+      throw new shared_exports.NotFoundError(`Resource '${resourceName}' of type '${resourceType}' not found in package '${packageId}'`);
+    }
+  }
+  /**
+   * Get filesystem access (draft-first)
+   */
+  async getResourceFilesystem(owner, repo, packageId, resourceType, resourceName, fsPath = "") {
+    const draftBasePath = import_path8.default.join(
+      this.storage.getDraftResourceDir(owner, repo, packageId, resourceType),
+      ResourcePathHelper.isFolder(resourceType) ? resourceName : ""
+    );
+    const registryBasePath = import_path8.default.join(
+      this.storage.getResourceTypeDir(owner, repo, packageId, resourceType),
+      ResourcePathHelper.getFileName(resourceName, resourceType)
+    );
+    let basePath = draftBasePath;
+    try {
+      await import_promises6.default.stat(draftBasePath);
+    } catch {
+      basePath = registryBasePath;
+    }
+    try {
+      const result = await this.filesystem.read(basePath, fsPath);
+      return result;
+    } catch (error) {
+      throw new shared_exports.NotFoundError(`Filesystem path '${fsPath}' not found in resource '${resourceName}'`);
+    }
+  }
+  /**
+   * Edit entry file (PUT /:name)
+   * If no draft exists: copy from registry first, then update
+   * If draft exists: update directly
+   */
+  async editEntryDraft(owner, repo, packageId, resourceType, resourceName, content) {
+    const draftDir = this.storage.getDraftResourceDir(owner, repo, packageId, resourceType);
+    await this.storage.ensureDraftDirExists(owner, repo, packageId, resourceType);
+    let draftExists = false;
+    try {
+      const draftPath = ResourcePathHelper.getBasePath(draftDir, resourceName, resourceType);
+      await import_promises6.default.stat(draftPath);
+      draftExists = true;
+    } catch {
+      draftExists = false;
+    }
+    if (!draftExists) {
+      const registryResourceDir = this.storage.getResourceTypeDir(owner, repo, packageId, resourceType);
+      try {
+        const registryResourcePath = ResourcePathHelper.getBasePath(registryResourceDir, resourceName, resourceType);
+        await import_promises6.default.stat(registryResourcePath);
+        if (ResourcePathHelper.isFolder(resourceType)) {
+          await this.draft.copyResourceFolderToDraft(owner, repo, packageId, resourceName, registryResourcePath);
+        } else {
+          await this.draft.copyResourceFileToDraft(owner, repo, packageId, resourceType, `${resourceName}.md`, registryResourcePath);
+        }
+      } catch (error) {
+        if (ResourcePathHelper.isFolder(resourceType)) {
+          await this.draft.createResourceFolder(owner, repo, packageId, resourceType, resourceName);
+        } else {
+          await this.draft.createDraftFile(owner, repo, packageId, resourceType, resourceName);
+        }
+      }
+    }
+    const entryPath = ResourcePathHelper.getEntryPath(draftDir, resourceName, resourceType);
+    await import_promises6.default.writeFile(entryPath, content, "utf8");
+  }
+  /**
+   * Edit specific file in folder (PUT /:name/fs/*)
+   */
+  async editFileDraft(owner, repo, packageId, resourceType, resourceName, fsPath, content) {
+    const draftDir = this.storage.getDraftResourceDir(owner, repo, packageId, resourceType);
+    if (ResourcePathHelper.isFolder(resourceType)) {
+      const draftPath = import_path8.default.join(draftDir, resourceName);
+      try {
+        await import_promises6.default.stat(draftPath);
+      } catch {
+        await this.draft.createResourceFolder(owner, repo, packageId, resourceType, resourceName);
+      }
+    }
+    const basePath = import_path8.default.join(draftDir, ResourcePathHelper.isFolder(resourceType) ? resourceName : "");
+    await this.filesystem.write(basePath, fsPath, content);
+  }
+  /**
+   * Delete resource (draft if exists, else registry + commit)
+   */
+  async deleteResource(owner, repo, packageId, resourceType, resourceName, token) {
+    const draftDir = this.storage.getDraftResourceDir(owner, repo, packageId, resourceType);
+    let draftExists = false;
+    let draftPath = "";
+    try {
+      draftPath = ResourcePathHelper.getBasePath(draftDir, resourceName, resourceType);
+      await import_promises6.default.stat(draftPath);
+      draftExists = true;
+    } catch {
+      draftExists = false;
+    }
+    if (draftExists) {
+      if (ResourcePathHelper.isFolder(resourceType)) {
+        await this.draft.deleteDraftFolder(owner, repo, packageId, resourceName);
+      } else {
+        await this.draft.deleteDraftFile(draftPath);
+      }
+    } else {
+      if (!token) {
+        throw new shared_exports.ValidationError("GitHub token required for deleting from registry");
+      }
+      await this.subscription.connectToRegistry(token, owner, repo);
+      await this.registry.sync(owner, repo, token);
+      const resourcePath = import_path8.default.join(
+        this.storage.getResourceTypeDir(owner, repo, packageId, resourceType),
+        ResourcePathHelper.getFileName(resourceName, resourceType)
+      );
+      try {
+        await import_promises6.default.stat(resourcePath);
+      } catch {
+        throw new shared_exports.NotFoundError(`Resource '${resourceName}' not found in registry`);
+      }
+      await import_promises6.default.rm(resourcePath, { recursive: ResourcePathHelper.isFolder(resourceType), force: true });
+      const message = `feat: delete ${(0, import_shared22.getResourceSingular)(resourceType)} ${resourceName} from ${packageId}`;
+      await this.git.commitChanges(owner, repo, message, token);
+    }
+  }
+  /**
+   * Commit draft to registry (sync + copy + git push + delete draft)
+   */
+  async copyDraftToRegistry(owner, repo, packageId, resourceType, resourceName, token) {
+    await this.subscription.connectToRegistry(token, owner, repo);
+    await this.registry.sync(owner, repo, token);
+    const draftResourceDir = this.storage.getDraftResourceDir(owner, repo, packageId, resourceType);
+    const registryResourceDir = this.storage.getResourceTypeDir(owner, repo, packageId, resourceType);
+    const draftPath = ResourcePathHelper.getBasePath(draftResourceDir, resourceName, resourceType);
+    try {
+      await import_promises6.default.stat(draftPath);
+    } catch {
+      throw new shared_exports.ValidationError(`No local draft found for resource '${resourceName}' to commit`);
+    }
+    await import_promises6.default.mkdir(registryResourceDir, { recursive: true });
+    if (ResourcePathHelper.isFolder(resourceType)) {
+      const draftFolderPath = import_path8.default.join(draftResourceDir, resourceName);
+      const registryFolderPath = import_path8.default.join(registryResourceDir, resourceName);
+      await import_promises6.default.rm(registryFolderPath, { recursive: true, force: true });
+      await this.draft.copyFolderRecursive(draftFolderPath, registryFolderPath);
+    } else {
+      const draftFilePath = import_path8.default.join(draftResourceDir, `${resourceName}.md`);
+      const registryFilePath = import_path8.default.join(registryResourceDir, `${resourceName}.md`);
+      const content = await import_promises6.default.readFile(draftFilePath, "utf8");
+      await import_promises6.default.writeFile(registryFilePath, content, "utf8");
+    }
+    if (ResourcePathHelper.isFolder(resourceType)) {
+      await this.draft.deleteDraftFolder(owner, repo, packageId, resourceName);
+    } else {
+      const draftFilePath = import_path8.default.join(draftResourceDir, `${resourceName}.md`);
+      await this.draft.deleteDraftFile(draftFilePath);
+    }
+    const message = `feat: update ${(0, import_shared22.getResourceSingular)(resourceType)} ${resourceName} in ${packageId}`;
+    await this.git.commitChanges(owner, repo, message, token);
+  }
+  async getRegistryResources(owner, repo, packageId, resourceType) {
+    try {
+      const resourcePath = this.storage.getResourceTypeDir(owner, repo, packageId, resourceType);
+      const entries = await import_promises6.default.readdir(resourcePath, { withFileTypes: true });
+      if (ResourcePathHelper.isFolder(resourceType)) {
+        return entries.filter((entry) => entry.isDirectory()).map((entry) => ({
+          name: entry.name,
+          path: import_path8.default.join(resourcePath, entry.name)
+        }));
+      } else {
+        return entries.filter((entry) => entry.isFile() && entry.name.endsWith(".md")).map((entry) => ({
+          name: entry.name.replace(".md", ""),
+          path: import_path8.default.join(resourcePath, entry.name)
+        }));
+      }
+    } catch {
+      return [];
+    }
+  }
+};
+var resourceService = new ResourceService();
+
+// src/modules/resource/resource.middleware.ts
+async function ensureResourceExists(req, res, next) {
+  try {
+    const owner = req.params.owner;
+    const repo = req.params.repo;
+    const packageId = req.params.packageId;
+    const resourceType = req.params.resourceType;
+    const name = req.params.name;
+    const exists = await storageService.checkResourceExists(
+      owner,
+      repo,
+      packageId,
+      resourceType,
+      name,
+      (baseDir) => ResourcePathHelper.getBasePath(baseDir, name, resourceType)
+    );
+    if (!exists) {
+      throw new shared_exports.NotFoundError(
+        `Resource '${name}' of type '${resourceType}' not found in package '${packageId}'`
+      );
+    }
+    next();
+  } catch (error) {
+    next(error);
+  }
+}
+async function ensureResourceDoesNotExist(req, res, next) {
+  try {
+    const owner = req.params.owner;
+    const repo = req.params.repo;
+    const packageId = req.params.packageId;
+    const resourceType = req.params.resourceType;
+    const name = req.params.name;
+    const exists = await storageService.checkResourceExists(
+      owner,
+      repo,
+      packageId,
+      resourceType,
+      name,
+      (baseDir) => ResourcePathHelper.getBasePath(baseDir, name, resourceType)
+    );
+    if (exists) {
+      throw new shared_exports.ConflictError(
+        `Resource '${name}' of type '${resourceType}' already exists in package '${packageId}'`
+      );
+    }
+    next();
+  } catch (error) {
+    next(error);
+  }
+}
+
+// src/controllers/resource.controller.ts
+var import_shared25 = __toESM(require_dist());
+var ResourceController = class {
+  constructor(resource = resourceService, draft = draftService) {
+    this.resource = resource;
+    this.draft = draft;
+  }
+  async list(req, res, next) {
+    try {
+      const owner = req.params.owner;
+      const repo = req.params.repo;
+      const packageId = req.params.packageId;
+      const resourceType = req.params.resourceType;
+      const resources = await this.resource.listResources(
+        owner,
+        repo,
+        packageId,
+        resourceType
+      );
+      const response = {
+        success: true,
+        data: { resources }
+      };
+      res.json(response);
+    } catch (error) {
+      next(error);
+    }
+  }
+  async getEntry(req, res, next) {
+    try {
+      const owner = req.params.owner;
+      const repo = req.params.repo;
+      const packageId = req.params.packageId;
+      const resourceType = req.params.resourceType;
+      const name = req.params.name;
+      const result = await this.resource.getResourceEntry(
+        owner,
+        repo,
+        packageId,
+        resourceType,
+        name
+      );
+      const response = {
+        success: true,
+        data: {
+          name,
+          content: result.content,
+          source: result.source,
+          path: result.path
+        }
+      };
+      res.json(response);
+    } catch (error) {
+      next(error);
+    }
+  }
+  async getFilesystem(req, res, next) {
+    try {
+      const owner = req.params.owner;
+      const repo = req.params.repo;
+      const packageId = req.params.packageId;
+      const resourceType = req.params.resourceType;
+      const name = req.params.name;
+      const fsPath = req.params[0] || "";
+      if (!ResourcePathHelper.isFolder(resourceType)) {
+        throw new shared_exports.ValidationError(`Filesystem access is only supported for folder-based resources (skills), not ${resourceType}`);
+      }
+      const result = await this.resource.getResourceFilesystem(
+        owner,
+        repo,
+        packageId,
+        resourceType,
+        name,
+        fsPath
+      );
+      const response = {
+        success: true,
+        data: result
+      };
+      res.json(response);
+    } catch (error) {
+      next(error);
+    }
+  }
+  async editEntry(req, res, next) {
+    try {
+      const owner = req.params.owner;
+      const repo = req.params.repo;
+      const packageId = req.params.packageId;
+      const resourceType = req.params.resourceType;
+      const name = req.params.name;
+      const content = req.body.content;
+      if (content === void 0) {
+        throw new shared_exports.ValidationError("content is required in request body");
+      }
+      await this.resource.editEntryDraft(
+        owner,
+        repo,
+        packageId,
+        resourceType,
+        name,
+        content
+      );
+      const response = {
+        success: true,
+        data: {}
+      };
+      res.json(response);
+    } catch (error) {
+      next(error);
+    }
+  }
+  async editFile(req, res, next) {
+    try {
+      const owner = req.params.owner;
+      const repo = req.params.repo;
+      const packageId = req.params.packageId;
+      const resourceType = req.params.resourceType;
+      const name = req.params.name;
+      const fsPath = req.params[0] || "";
+      const content = req.body.content;
+      if (!ResourcePathHelper.isFolder(resourceType)) {
+        throw new shared_exports.ValidationError(`Filesystem access is only supported for folder-based resources (skills), not ${resourceType}`);
+      }
+      if (content === void 0) {
+        throw new shared_exports.ValidationError("content is required in request body");
+      }
+      await this.resource.editFileDraft(
+        owner,
+        repo,
+        packageId,
+        resourceType,
+        name,
+        fsPath,
+        content
+      );
+      const response = {
+        success: true,
+        data: {}
+      };
+      res.json(response);
+    } catch (error) {
+      next(error);
+    }
+  }
+  async createDraft(req, res, next) {
+    try {
+      const owner = req.params.owner;
+      const repo = req.params.repo;
+      const packageId = req.params.packageId;
+      const resourceType = req.params.resourceType;
+      const name = req.params.name;
+      let path10;
+      const sotrageType = (0, import_shared25.getResourceStorageType)(resourceType);
+      switch (sotrageType) {
+        case import_shared25.ResourceStorageType.FILE:
+          path10 = await this.draft.createDraftFile(owner, repo, packageId, resourceType, name);
+          break;
+        case import_shared25.ResourceStorageType.FOLDER:
+          path10 = await this.draft.createResourceFolder(owner, repo, packageId, resourceType, name);
+          break;
+      }
+      const response = {
+        success: true,
+        data: { path: path10 }
+      };
+      res.json(response);
+    } catch (error) {
+      next(error);
+    }
+  }
+  async copyToDraft(req, res, next) {
+    try {
+      const owner = req.params.owner;
+      const repo = req.params.repo;
+      const packageId = req.params.packageId;
+      const resourceType = req.params.resourceType;
+      const name = req.params.name;
+      const sourcePath = req.body.sourcePath;
+      if (!sourcePath) {
+      }
+      let draftPath = null;
+      if (sourcePath) {
+        draftPath = await this.draft.copyFileOrFolderFromSystem(
+          sourcePath,
+          owner,
+          repo,
+          packageId,
+          resourceType,
+          name
+        );
+      } else {
+        draftPath = await this.draft.copyFileOrFolderFromResource(
+          owner,
+          repo,
+          packageId,
+          resourceType,
+          name
+        );
+      }
+      if (!draftPath) {
+        throw new shared_exports.ValidationError("Failed to copy from source to draft");
+      }
+      const response = {
+        success: true,
+        data: { path: draftPath }
+      };
+      res.json(response);
+    } catch (error) {
+      next(error);
+    }
+  }
+  async pushDraft(req, res, next) {
+    try {
+      const token = req.githubToken;
+      const owner = req.params.owner;
+      const repo = req.params.repo;
+      const packageId = req.params.packageId;
+      const resourceType = req.params.resourceType;
+      const name = req.params.name;
+      await this.resource.copyDraftToRegistry(
+        owner,
+        repo,
+        packageId,
+        resourceType,
+        name,
+        token
+      );
+      const response = {
+        success: true,
+        data: {}
+      };
+      res.json(response);
+    } catch (error) {
+      next(error);
+    }
+  }
+  async pushDelete(req, res, next) {
+    try {
+      const token = req.githubToken;
+      const owner = req.params.owner;
+      const repo = req.params.repo;
+      const packageId = req.params.packageId;
+      const resourceType = req.params.resourceType;
+      const name = req.params.name;
+      await this.resource.deleteResource(
+        owner,
+        repo,
+        packageId,
+        resourceType,
+        name,
+        token
+      );
+      const response = {
+        success: true,
+        data: {}
+      };
+      res.json(response);
+    } catch (error) {
+      next(error);
+    }
+  }
+};
+
+// src/routes/resource.routes.ts
+var router5 = (0, import_express5.Router)({ mergeParams: true });
+var resourceController = new ResourceController();
+router5.get(
+  "/",
+  validateResourceType,
+  resourceController.list.bind(resourceController)
+);
+router5.get(
+  "/:name",
+  validateResourceType,
+  ensureResourceExists,
+  resourceController.getEntry.bind(resourceController)
+);
+router5.get(
+  "/:name/fs/*",
+  validateResourceType,
+  ensureResourceExists,
+  resourceController.getFilesystem.bind(resourceController)
+);
+router5.put(
+  "/:name",
+  validateResourceType,
+  resourceController.editEntry.bind(resourceController)
+);
+router5.put(
+  "/:name/fs/*",
+  validateResourceType,
+  resourceController.editFile.bind(resourceController)
+);
+router5.put(
+  "/:name/init",
+  validateResourceType,
+  ensureResourceDoesNotExist,
+  resourceController.createDraft.bind(resourceController)
+);
+router5.put(
+  "/:name/copy",
+  validateResourceType,
+  resourceController.copyToDraft.bind(resourceController)
+);
+router5.post(
+  "/:name",
+  validateResourceType,
+  ensureResourceExists,
+  resourceController.pushDraft.bind(resourceController)
+);
+router5.delete(
+  "/:name",
+  validateResourceType,
+  ensureResourceExists,
+  resourceController.pushDelete.bind(resourceController)
+);
+var resource_routes_default = router5;
+
+// src/routes/package.routes.ts
+var router6 = (0, import_express6.Router)({ mergeParams: true });
+var packageController = new PackageController();
+router6.get(
+  "/",
+  ensurePackageExists,
+  packageController.get.bind(packageController)
+);
+router6.post(
+  "/",
+  ensureRegistrySync,
+  ensurePackageDoesNotExist,
+  packageController.pushCreate.bind(packageController)
+);
+router6.delete(
+  "/",
+  ensureRegistrySync,
+  ensurePackageExists,
+  packageController.pushDelete.bind(packageController)
+);
+router6.use("/:resourceType", ensurePackageExists, resource_routes_default);
+var package_routes_default = router6;
+
+// src/controllers/registry.controller.ts
+var import_shared27 = __toESM(require_dist());
+var RegistryController = class {
+  constructor(registry = registryService, github = githubService, storage = storageService) {
+    this.registry = registry;
+    this.github = github;
+    this.storage = storage;
+  }
+  async list(req, res, next) {
+    try {
+      const token = req.githubToken;
+      const enriched = await this.registry.list(token);
+      const response = {
+        success: true,
+        data: { registries: enriched }
+      };
+      res.json(response);
+    } catch (error) {
+      next(error);
+    }
+  }
+  // ENHANCEMENT: Validate the repository for it's safety before sync
+  async connect(req, res, next) {
+    try {
+      const token = req.githubToken;
+      const owner = req.params.owner;
+      const repo = req.params.repo;
+      const { createIfNotExists, description, isPrivate } = req.body || {};
+      if (!owner || !repo) {
+        throw new shared_exports.ValidationError("owner and repo are required");
+      }
+      const registry = await this.registry.connect(owner, repo, token, {
+        createIfNotExists,
+        description,
+        isPrivate,
+        githubUsername: req.githubUser?.githubUsername
+      });
+      const response = {
+        success: true,
+        data: {
+          registry: {
+            owner: registry.owner,
+            repo: registry.repo,
+            fullName: registry.fullName,
+            cloneUrl: registry.cloneUrl,
+            localPath: this.storage.getRegistryPath(registry.owner, registry.repo),
+            accessLevel: import_shared27.AccessLevel.WRITE,
+            trusted: false,
+            enabled: true,
+            lastSync: registry.lastSynced,
+            connectedBy: req.githubUser?.githubUsername || ""
+          }
+        }
+      };
+      res.json(response);
+    } catch (error) {
+      next(error);
+    }
+  }
+  async disconnect(req, res, next) {
+    try {
+      const token = req.githubToken;
+      const owner = req.params.owner;
+      const repo = req.params.repo;
+      if (!owner || !repo) {
+        throw new shared_exports.ValidationError("owner and repo are required");
+      }
+      await this.registry.disconnect(owner, repo, token);
+      const response = {
+        success: true,
+        data: {}
+      };
+      res.json(response);
+    } catch (error) {
+      next(error);
+    }
+  }
+  // ENHANCEMENT: Validate the repository for it's safety before sync
+  async sync(req, res, next) {
+    try {
+      const token = req.githubToken;
+      const owner = req.params.owner;
+      const repo = req.params.repo;
+      if (!owner || !repo) {
+        throw new shared_exports.ValidationError("owner and repo are required");
+      }
+      const result = await this.registry.sync(owner, repo, token);
+      const response = {
+        success: true,
+        data: {
+          message: `Successfully synced ${owner}/${repo}`,
+          changedFiles: result.changedFiles
+        }
+      };
+      res.json(response);
+    } catch (error) {
+      next(error);
+    }
+  }
+  async updatePreferences(req, res, next) {
+    try {
+      const owner = req.params.owner;
+      const repo = req.params.repo;
+      const { trusted } = req.body;
+      if (!owner || !repo) {
+        throw new shared_exports.ValidationError("owner and repo are required");
+      }
+      if (trusted === false) {
+        await this.storage.removeTrustPreference(owner, repo);
+      } else if (trusted === true) {
+        await this.storage.setDontShowSecurityViolations(owner, repo);
+      }
+      const response = {
+        success: true,
+        data: {}
+      };
+      res.json(response);
+    } catch (error) {
+      next(error);
+    }
+  }
+};
+
+// src/routes/registry.routes.ts
+var router7 = (0, import_express7.Router)({ mergeParams: true });
+var registryController = new RegistryController();
+var packageController2 = new PackageController();
+router7.post(
+  "/",
+  validateRepositoryWriteAccess,
+  ensureRegistryDoesNotExist,
+  registryController.connect.bind(registryController)
+);
+router7.delete(
+  "/",
+  ensureRegistryExists,
+  registryController.disconnect.bind(registryController)
+);
+router7.post(
+  "/sync",
+  ensureRegistryExists,
+  registryController.sync.bind(registryController)
+);
+router7.patch(
+  "/",
+  ensureRegistryExists,
+  registryController.updatePreferences.bind(registryController)
+);
+router7.get(
+  "/packages",
+  ensureRegistryExists,
+  packageController2.list.bind(packageController2)
+);
+router7.use("/:packageId", ensureRegistryExists, package_routes_default);
+var registry_routes_default = router7;
+
+// src/routes/index.ts
+var router8 = (0, import_express8.Router)();
+var registryController2 = new RegistryController();
+router8.use(authenticateAishelfClient);
+router8.use("/auth", auth_routes_default);
+router8.use("/audit", audit_routes_default);
+router8.use("/user", authenticateGithubToken, user_routes_default);
+router8.use("/orgs", authenticateGithubToken, org_routes_default);
+router8.get("/registries", authenticateGithubToken, registryController2.list.bind(registryController2));
+router8.use("/:owner/:repo", authenticateGithubToken, registry_routes_default);
+var routes_default = router8;
+
+// src/middleware/error.middleware.ts
+function errorHandler(error, req, res, next) {
+  if (error instanceof shared_exports.AppError) {
+    logger_default.error({
+      message: error.message,
+      statusCode: error.statusCode,
+      code: error.code,
+      path: req.path,
+      method: req.method,
+      isOperational: error.isOperational
+    });
+    res.status(error.statusCode).json({
+      success: false,
+      error: {
+        message: error.message,
+        code: error.code
+      }
+    });
+    return;
+  }
+  logger_default.error({
+    message: "Unknown error",
+    error: error.message,
+    path: req.path,
+    method: req.method
+  });
+  res.status(500).json({
+    success: false,
+    error: {
+      message: "Internal server error",
+      code: "INTERNAL_ERROR"
+    }
+  });
+}
+
+// src/server.ts
+var AISHELF_ROOT = import_path9.default.join(import_os3.default.homedir(), ".aishelf");
+var PID_FILE = import_path9.default.join(AISHELF_ROOT, "service.pid");
+var PORT = 5314;
+async function writePid() {
+  await import_promises7.default.mkdir(AISHELF_ROOT, { recursive: true });
+  await import_promises7.default.writeFile(PID_FILE, process.pid.toString());
+}
+async function clearPid() {
+  try {
+    await import_promises7.default.unlink(PID_FILE);
+  } catch {
+  }
+}
+async function ensureDirectory(dir) {
+  await import_promises7.default.mkdir(dir, { recursive: true });
+}
+async function handleGet(req, res, pathOverride) {
+  try {
+    const relativePath = pathOverride || req.path.replace(/^\/raw/, "");
+    const result = await filesystemService.read(AISHELF_ROOT, relativePath);
+    if (result.type === "directory") {
+      res.json(result);
+    } else {
+      res.setHeader("Content-Type", "text/plain");
+      res.send(result.content);
+    }
+  } catch (error) {
+    if (error.code === "ENOENT") {
+      res.status(404).json({ error: "Not found", path: req.path });
+    } else {
+      res.status(500).json({ error: error.message });
+    }
+  }
+}
+async function startServer(port = PORT) {
+  await ensureDirectory(AISHELF_ROOT);
+  await ensureDirectory(import_path9.default.join(AISHELF_ROOT, "logs"));
+  const app = (0, import_express9.default)();
+  app.use(import_express9.default.json());
+  app.use((req, res, next) => {
+    res.header("Access-Control-Allow-Origin", "*");
+    res.header("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS");
+    res.header("Access-Control-Allow-Headers", "Content-Type, Authorization, X-Client-Token");
+    if (req.method === "OPTIONS") {
+      res.sendStatus(200);
+      return;
+    }
+    next();
+  });
+  app.get("/health", (req, res) => {
+    res.json({ status: "ok" });
+  });
+  app.use("/api", routes_default);
+  app.get("/raw/*", async (req, res) => {
+    await handleGet(req, res, req.path.replace("/raw", ""));
+  });
+  app.use(errorHandler);
+  return new Promise((resolve) => {
+    const server = app.listen(port, async () => {
+      await writePid();
+      console.log(`AIShelf service running on http://localhost:${port}`);
+      console.log(`Serving: ${AISHELF_ROOT}`);
+      resolve();
+    });
+    const shutdown = async () => {
+      await clearPid();
+      server.close(() => process.exit(0));
+    };
+    process.on("SIGTERM", shutdown);
+    process.on("SIGINT", shutdown);
+  });
+}
+
+// src/autostart.ts
+startServer().catch(console.error);