@alavida/agentpack 0.1.5 → 0.1.6

package/package.json

@@ -1,8 +1,11 @@
 {
   "name": "@alavida/agentpack",
-  "version": "0.1.5",
+  "version": "0.1.6",
   "description": "Package-backed skills lifecycle CLI for agent skills and plugins",
   "type": "module",
+  "workspaces": [
+    "packages/*"
+  ],
   "bin": {
     "agentpack": "bin/agentpack.js",
     "intent": "bin/intent.js"

package/src/application/auth/get-auth-status.js

@@ -0,0 +1,97 @@
+import { existsSync, readFileSync } from 'node:fs';
+import { join } from 'node:path';
+import { readUserConfig } from '../../infrastructure/fs/user-config-repository.js';
+import { readUserCredentials } from '../../infrastructure/fs/user-credentials-repository.js';
+import { getUserNpmrcPath, parseNpmrc, readUserNpmrc } from '../../infrastructure/fs/user-npmrc-repository.js';
+import { resolveRegistryConfig } from '../../domain/auth/registry-resolution.js';
+import { verifyAuth } from './verify-auth.js';
+
+function findRepoNpmrc(cwd) {
+  let current = cwd;
+
+  while (true) {
+    const npmrcPath = join(current, '.npmrc');
+    if (existsSync(npmrcPath)) {
+      return {
+        path: npmrcPath,
+        config: parseNpmrc(readFileSync(npmrcPath, 'utf-8')),
+      };
+    }
+
+    const gitPath = join(current, '.git');
+    if (existsSync(gitPath)) break;
+
+    const parent = join(current, '..');
+    if (parent === current) break;
+    current = parent;
+  }
+
+  return {
+    path: null,
+    config: {},
+  };
+}
+
+export async function getAuthStatus({
+  cwd = process.cwd(),
+  env = process.env,
+  verify = false,
+} = {}) {
+  const config = readUserConfig({ env });
+  const credentials = readUserCredentials({ env });
+  const userNpmrc = readUserNpmrc({ env });
+  const repoNpmrc = findRepoNpmrc(cwd);
+
+  const resolved = resolveRegistryConfig({
+    scope: config.scope,
+    defaults: {
+      registry: config.registry,
+      verificationPackage: config.verificationPackage,
+    },
+    userNpmrc,
+    repoNpmrc: repoNpmrc.config,
+  });
+
+  const userNpmrcPath = getUserNpmrcPath({ env });
+  const requiredRegistryKey = `${config.scope}:registry`;
+  const requiredTokenKey = resolved.registry
+    ? `//${new URL(resolved.registry).host}/:_authToken`
+    : null;
+
+  const npmWired = Boolean(
+    userNpmrc[requiredRegistryKey]
+      && requiredTokenKey
+      && userNpmrc[requiredTokenKey]
+  );
+
+  const result = {
+    provider: config.provider,
+    configured: Boolean(credentials?.token && npmWired),
+    scope: config.scope,
+    registry: resolved.registry,
+    storage: {
+      mode: credentials?.token ? 'file' : 'missing',
+    },
+    npmConfig: {
+      path: userNpmrcPath,
+      wired: npmWired,
+      source: resolved.source,
+      repoOverridePath: repoNpmrc.path,
+    },
+    verification: {
+      status: 'not_checked',
+    },
+  };
+
+  if (!verify) {
+    return result;
+  }
+
+  result.verification = await verifyAuth({
+    registry: resolved.registry,
+    authToken: credentials?.token || null,
+    verificationPackage: resolved.verificationPackage,
+  });
+
+  return result;
+}

package/src/application/auth/login.js

@@ -0,0 +1,110 @@
+import readline from 'node:readline/promises';
+import { stdin as input, stdout as output } from 'node:process';
+import { readUserConfig, writeUserConfig } from '../../infrastructure/fs/user-config-repository.js';
+import { writeUserCredentials } from '../../infrastructure/fs/user-credentials-repository.js';
+import { writeManagedNpmrcEntries } from '../../infrastructure/fs/user-npmrc-repository.js';
+import { openBrowser } from '../../infrastructure/runtime/open-browser.js';
+import { verifyAuth } from './verify-auth.js';
+import { AgentpackError, EXIT_CODES } from '../../utils/errors.js';
+
+const GITHUB_TOKEN_URL = 'https://github.com/settings/tokens';
+
+function buildVerificationFailure(verification) {
+  if (verification.status === 'invalid') {
+    return new AgentpackError('The GitHub personal access token was rejected by GitHub Packages', {
+      code: 'auth_verification_failed',
+      exitCode: EXIT_CODES.GENERAL,
+    });
+  }
+
+  if (verification.status === 'insufficient_permissions') {
+    return new AgentpackError('The GitHub personal access token does not have package read access', {
+      code: 'auth_verification_failed',
+      exitCode: EXIT_CODES.GENERAL,
+    });
+  }
+
+  if (verification.status === 'unreachable') {
+    return new AgentpackError('GitHub Packages could not be reached during verification', {
+      code: 'auth_verification_failed',
+      exitCode: EXIT_CODES.GENERAL,
+    });
+  }
+
+  if (verification.status === 'not_configured') {
+    return new AgentpackError('Authentication verification is not configured for this machine', {
+      code: 'auth_verification_not_configured',
+      exitCode: EXIT_CODES.GENERAL,
+    });
+  }
+
+  return new AgentpackError('The saved credential was rejected by the configured registry', {
+    code: 'auth_verification_failed',
+    exitCode: EXIT_CODES.GENERAL,
+  });
+}
+
+export async function login({
+  env = process.env,
+  scope = null,
+  registry = null,
+  verificationPackage = null,
+} = {}) {
+  const current = readUserConfig({ env });
+  const nextConfig = {
+    ...current,
+    scope: scope || current.scope,
+    registry: registry || current.registry,
+    verificationPackage: verificationPackage || current.verificationPackage,
+  };
+
+  openBrowser(GITHUB_TOKEN_URL);
+  output.write(`Configuring GitHub Packages auth for ${nextConfig.scope}`);
+  output.write('Use a GitHub personal access token with package read access.');
+
+  const rl = readline.createInterface({ input, output });
+  try {
+    const token = (await rl.question('Token: ')).trim();
+    if (!token) {
+      throw new AgentpackError('A GitHub credential is required to continue', {
+        code: 'auth_token_missing',
+        exitCode: EXIT_CODES.GENERAL,
+      });
+    }
+
+    const verification = await verifyAuth({
+      registry: nextConfig.registry,
+      authToken: token,
+      verificationPackage: nextConfig.verificationPackage,
+    });
+
+    if (verification.status !== 'valid') {
+      throw buildVerificationFailure(verification);
+    }
+
+    const managedEntries = {
+      [`${nextConfig.scope}:registry`]: nextConfig.registry,
+      [`//${new URL(nextConfig.registry).host}/:_authToken`]: token,
+    };
+
+    writeManagedNpmrcEntries({ entries: managedEntries, env });
+    writeUserCredentials({ token }, { env });
+    writeUserConfig({
+      ...nextConfig,
+      managedNpmKeys: Object.keys(managedEntries),
+    }, { env });
+
+    return {
+      configured: true,
+      provider: nextConfig.provider,
+      scope: nextConfig.scope,
+      registry: nextConfig.registry,
+      verificationPackage: nextConfig.verificationPackage,
+      storage: {
+        mode: 'file',
+      },
+    };
+  } finally {
+    rl.close();
+  }
+}

package/src/application/auth/logout.js

@@ -0,0 +1,16 @@
+import { deleteUserCredentials } from '../../infrastructure/fs/user-credentials-repository.js';
+import { removeManagedNpmrcEntries } from '../../infrastructure/fs/user-npmrc-repository.js';
+import { readUserConfig } from '../../infrastructure/fs/user-config-repository.js';
+
+export function logout({ env = process.env } = {}) {
+  const config = readUserConfig({ env });
+  const keys = config.managedNpmKeys || [];
+
+  deleteUserCredentials({ env });
+  removeManagedNpmrcEntries({ keys, env });
+
+  return {
+    removedCredentials: true,
+    removedNpmKeys: keys.length,
+  };
+}

package/src/application/auth/verify-auth.js

@@ -0,0 +1,37 @@
+export async function verifyAuth({
+  registry,
+  authToken,
+  verificationPackage,
+} = {}) {
+  if (!registry || !authToken || !verificationPackage) {
+    return { status: 'not_configured' };
+  }
+
+  const url = `${registry.replace(/\/+$/, '')}/${encodeURIComponent(verificationPackage)}`;
+
+  let response;
+  try {
+    response = await fetch(url, {
+      headers: {
+        accept: 'application/json',
+        authorization: `Bearer ${authToken}`,
+      },
+    });
+  } catch {
+    return { status: 'unreachable' };
+  }
+
+  if (response.ok) {
+    return { status: 'valid' };
+  }
+
+  if (response.status === 401) {
+    return { status: 'invalid' };
+  }
+
+  if (response.status === 403) {
+    return { status: 'insufficient_permissions' };
+  }
+
+  return { status: 'unreachable' };
+}

package/src/cli.js

@@ -2,6 +2,7 @@ import { Command } from 'commander';
 import { createRequire } from 'node:module';
 import { formatError, AgentpackError, EXIT_CODES } from './utils/errors.js';
 import { output } from './utils/output.js';
+import { authCommand } from './commands/auth.js';
 import { skillsCommand } from './commands/skills.js';
 import { pluginCommand } from './commands/plugin.js';
 
@@ -21,6 +22,7 @@ export function createProgram() {
     .option('--workbench <path>', 'Override workbench context (name or path)');
 
   program.addCommand(skillsCommand());
+  program.addCommand(authCommand());
   program.addCommand(pluginCommand());
 
   program.addHelpText('after', `

package/src/commands/auth.js

@@ -0,0 +1,78 @@
+import { Command } from 'commander';
+import { login } from '../application/auth/login.js';
+import { logout } from '../application/auth/logout.js';
+import { output } from '../utils/output.js';
+import { getAuthStatus } from '../application/auth/get-auth-status.js';
+
+export function authCommand() {
+  const cmd = new Command('auth')
+    .description('Configure and inspect package registry authentication');
+
+  cmd.addHelpText('after', `
+Defaults:
+  Scope: @alavida-ai
+  Registry: https://npm.pkg.github.com
+  Token: GitHub personal access token with package read access
+`);
+
+  cmd
+    .command('login')
+    .description('Configure GitHub Packages authentication for this machine')
+    .option('--scope <scope>', 'Override the package scope to configure')
+    .option('--registry <url>', 'Override the package registry URL')
+    .option('--verify-package <packageName>', 'Override the package used for live verification')
+    .action(async (opts, command) => {
+      const globalOpts = command.optsWithGlobals();
+      const result = await login({
+        scope: opts.scope || null,
+        registry: opts.registry || null,
+        verificationPackage: opts.verifyPackage || null,
+      });
+
+      if (globalOpts.json) {
+        output.json(result);
+        return;
+      }
+
+      output.write(`Configured auth for ${result.scope}`);
+      output.write(`Registry: ${result.registry}`);
+      output.write(`Storage: ${result.storage.mode}`);
+    });
+
+  cmd
+    .command('status')
+    .description('Show authentication status for the configured package registry')
+    .option('--verify', 'Check whether the stored credential works against the configured registry')
+    .action(async (opts, command) => {
+      const globalOpts = command.optsWithGlobals();
+      const result = await getAuthStatus({ verify: opts.verify });
+
+      if (globalOpts.json) {
+        output.json(result);
+        return;
+      }
+
+      output.write(`Provider: ${result.provider}`);
+      output.write(`Configured: ${result.configured}`);
+      output.write(`Storage: ${result.storage.mode}`);
+      output.write(`Verification: ${result.verification.status}`);
+    });
+
+  cmd
+    .command('logout')
+    .description('Remove configured package registry authentication')
+    .action((opts, command) => {
+      const globalOpts = command.optsWithGlobals();
+      const result = logout();
+
+      if (globalOpts.json) {
+        output.json(result);
+        return;
+      }
+
+      output.write(`Removed Credentials: ${result.removedCredentials}`);
+      output.write(`Removed npm Keys: ${result.removedNpmKeys}`);
+    });
+
+  return cmd;
+}

package/src/commands/skills.js

@@ -136,6 +136,8 @@ export function skillsCommand() {
       output.write(`Outdated Skills: ${result.outdatedCount}`);
       output.write(`Deprecated Skills: ${result.deprecatedCount}`);
       output.write(`Incomplete Skills: ${result.incompleteCount}`);
+      output.write(`Runtime Drifted Skills: ${result.runtimeDriftCount}`);
+      output.write(`Orphaned Materializations: ${result.orphanedMaterializationCount}`);
       output.write(`Registry Configured: ${result.registry.configured}`);
 
       if (result.outdated.length > 0) {
@@ -170,6 +172,28 @@ export function skillsCommand() {
           }
         }
       }
+
+      if (result.runtimeDrift.length > 0) {
+        output.write('');
+        output.write('Runtime Drift:');
+        for (const install of result.runtimeDrift) {
+          output.write(`- ${install.packageName}`);
+          for (const issue of install.issues) {
+            output.write(`  issue: ${issue.code}`);
+            output.write(`  target: ${issue.target}`);
+            if (issue.runtimeName) output.write(`  runtime: ${issue.runtimeName}`);
+          }
+        }
+      }
+
+      if (result.orphanedMaterializations.length > 0) {
+        output.write('');
+        output.write('Orphaned Materializations:');
+        for (const entry of result.orphanedMaterializations) {
+          output.write(`- ${entry.target}`);
+          output.write(`  issue: ${entry.code}`);
+        }
+      }
     });
 
   cmd
@@ -459,6 +483,9 @@ export function skillsCommand() {
         output.write(`  direct: ${install.direct}`);
         output.write(`  version: ${install.packageVersion}`);
         output.write(`  source: ${install.sourcePackagePath}`);
+        if (install.skills?.length > 0) {
+          output.write(`  skills: ${install.skills.map((skill) => skill.name).join(', ')}`);
+        }
         for (const materialization of install.materializations) {
           output.write(`  materialized: ${materialization.target} (${materialization.mode})`);
         }

package/src/domain/auth/registry-resolution.js

@@ -0,0 +1,55 @@
+function getScopedRegistry(config, scope) {
+  return config?.[`${scope}:registry`] || null;
+}
+
+function getRegistryHostKey(registry) {
+  if (!registry) return null;
+  try {
+    const url = new URL(registry);
+    return `//${url.host}/:_authToken`;
+  } catch {
+    return null;
+  }
+}
+
+function getAuthToken(config, registry) {
+  const hostKey = getRegistryHostKey(registry);
+  return hostKey ? (config?.[hostKey] || null) : null;
+}
+
+export function resolveRegistryConfig({
+  scope,
+  defaults = {},
+  userNpmrc = {},
+  repoNpmrc = {},
+} = {}) {
+  const repoRegistry = getScopedRegistry(repoNpmrc, scope);
+  if (repoRegistry) {
+    return {
+      scope,
+      registry: repoRegistry,
+      authToken: getAuthToken(repoNpmrc, repoRegistry),
+      verificationPackage: defaults.verificationPackage || null,
+      source: 'repo',
+    };
+  }
+
+  const userRegistry = getScopedRegistry(userNpmrc, scope);
+  if (userRegistry) {
+    return {
+      scope,
+      registry: userRegistry,
+      authToken: getAuthToken(userNpmrc, userRegistry),
+      verificationPackage: defaults.verificationPackage || null,
+      source: 'user',
+    };
+  }
+
+  return {
+    scope,
+    registry: defaults.registry || null,
+    authToken: null,
+    verificationPackage: defaults.verificationPackage || null,
+    source: 'default',
+  };
+}

package/src/domain/skills/skill-model.js

@@ -1,5 +1,5 @@
 import { existsSync, readFileSync } from 'node:fs';
-import { join, relative } from 'node:path';
+import { dirname, join, relative } from 'node:path';
 import { NotFoundError, ValidationError } from '../../utils/errors.js';
 
 function parseScalar(value) {
@@ -171,6 +171,7 @@ export function readPackageMetadata(packageDir) {
       files: null,
       repository: null,
       publishConfigRegistry: null,
+      exportedSkills: null,
     };
   }
 
@@ -183,5 +184,61 @@ export function readPackageMetadata(packageDir) {
     files: Array.isArray(pkg.files) ? pkg.files : null,
     repository: pkg.repository || null,
     publishConfigRegistry: pkg.publishConfig?.registry || null,
+    exportedSkills: pkg.agentpack?.skills || null,
   };
 }
+
+export function buildCanonicalSkillRequirement(packageName, skillName) {
+  if (!packageName || !skillName) return null;
+  return `${packageName}:${skillName}`;
+}
+
+export function readInstalledSkillExports(packageDir) {
+  const packageMetadata = readPackageMetadata(packageDir);
+  const exports = [];
+
+  if (packageMetadata.exportedSkills && typeof packageMetadata.exportedSkills === 'object') {
+    for (const [declaredName, entry] of Object.entries(packageMetadata.exportedSkills)) {
+      const relativeSkillFile = typeof entry === 'string' ? entry : entry?.path;
+      if (!relativeSkillFile) continue;
+
+      const skillFile = join(packageDir, relativeSkillFile);
+      if (!existsSync(skillFile)) continue;
+
+      const metadata = parseSkillFrontmatterFile(skillFile);
+      exports.push({
+        declaredName,
+        name: metadata.name,
+        description: metadata.description,
+        requires: metadata.requires,
+        status: metadata.status,
+        replacement: metadata.replacement,
+        message: metadata.message,
+        skillDir: dirname(skillFile),
+        skillFile,
+        relativeSkillFile,
+      });
+    }
+  }
+
+  if (exports.length > 0) {
+    return exports.sort((a, b) => a.name.localeCompare(b.name));
+  }
+
+  const rootSkillFile = join(packageDir, 'SKILL.md');
+  if (!existsSync(rootSkillFile)) return [];
+
+  const metadata = parseSkillFrontmatterFile(rootSkillFile);
+  return [{
+    declaredName: metadata.name,
+    name: metadata.name,
+    description: metadata.description,
+    requires: metadata.requires,
+    status: metadata.status,
+    replacement: metadata.replacement,
+    message: metadata.message,
+    skillDir: packageDir,
+    skillFile: rootSkillFile,
+    relativeSkillFile: 'SKILL.md',
+  }];
+}

package/src/infrastructure/fs/user-config-repository.js

@@ -0,0 +1,40 @@
+import { existsSync, mkdirSync, readFileSync, writeFileSync } from 'node:fs';
+import { dirname, join } from 'node:path';
+import { homedir } from 'node:os';
+
+const DEFAULT_CONFIG = {
+  version: 1,
+  provider: 'github-packages',
+  scope: '@alavida-ai',
+  registry: 'https://npm.pkg.github.com',
+  verificationPackage: '@alavida-ai/agentpack-auth-probe',
+  managedNpmKeys: [],
+};
+
+function resolveConfigDir(env = process.env) {
+  const xdgConfigHome = env.XDG_CONFIG_HOME;
+  if (xdgConfigHome) return join(xdgConfigHome, 'agentpack');
+  return join(env.HOME || homedir(), '.config', 'agentpack');
+}
+
+export function getUserConfigPath({ env = process.env } = {}) {
+  return join(resolveConfigDir(env), 'config.json');
+}
+
+export function readUserConfig({ env = process.env } = {}) {
+  const configPath = getUserConfigPath({ env });
+  if (!existsSync(configPath)) {
+    return { ...DEFAULT_CONFIG };
+  }
+
+  return {
+    ...DEFAULT_CONFIG,
+    ...JSON.parse(readFileSync(configPath, 'utf-8')),
+  };
+}
+
+export function writeUserConfig(config, { env = process.env } = {}) {
+  const configPath = getUserConfigPath({ env });
+  mkdirSync(dirname(configPath), { recursive: true });
+  writeFileSync(configPath, JSON.stringify(config, null, 2) + '\n');
+}

package/src/infrastructure/fs/user-credentials-repository.js

@@ -0,0 +1,30 @@
+import { chmodSync, existsSync, mkdirSync, readFileSync, rmSync, writeFileSync } from 'node:fs';
+import { dirname, join } from 'node:path';
+import { homedir } from 'node:os';
+
+function resolveConfigDir(env = process.env) {
+  const xdgConfigHome = env.XDG_CONFIG_HOME;
+  if (xdgConfigHome) return join(xdgConfigHome, 'agentpack');
+  return join(env.HOME || homedir(), '.config', 'agentpack');
+}
+
+export function getUserCredentialsPath({ env = process.env } = {}) {
+  return join(resolveConfigDir(env), 'credentials.json');
+}
+
+export function readUserCredentials({ env = process.env } = {}) {
+  const credentialsPath = getUserCredentialsPath({ env });
+  if (!existsSync(credentialsPath)) return null;
+  return JSON.parse(readFileSync(credentialsPath, 'utf-8'));
+}
+
+export function writeUserCredentials(credentials, { env = process.env } = {}) {
+  const credentialsPath = getUserCredentialsPath({ env });
+  mkdirSync(dirname(credentialsPath), { recursive: true });
+  writeFileSync(credentialsPath, JSON.stringify(credentials, null, 2) + '\n', { mode: 0o600 });
+  chmodSync(credentialsPath, 0o600);
+}
+
+export function deleteUserCredentials({ env = process.env } = {}) {
+  rmSync(getUserCredentialsPath({ env }), { force: true });
+}