@anytio/pspm 0.0.2

package/dist/index.js

@@ -0,0 +1,1532 @@
+#!/usr/bin/env node
+import { readFileSync } from 'fs';
+import { dirname, join } from 'path';
+import { fileURLToPath, URL } from 'url';
+import { Command } from 'commander';
+import { stat, writeFile, mkdir, rm, access, readFile } from 'fs/promises';
+import { randomBytes, createHash } from 'crypto';
+import * as semver from 'semver';
+import { homedir } from 'os';
+import http from 'http';
+import open from 'open';
+import { exec as exec$1 } from 'child_process';
+import { promisify } from 'util';
+
+function calculateIntegrity(data) {
+  const hash = createHash("sha256").update(data).digest("base64");
+  return `sha256-${hash}`;
+}
+
+// ../../packages/shared/pspm-types/src/specifier.ts
+var SPECIFIER_PATTERN = /^@user\/([a-zA-Z0-9_-]+)\/([a-z][a-z0-9_-]*)(?:@(.+))?$/;
+function parseSkillSpecifier(specifier) {
+  const match = specifier.match(SPECIFIER_PATTERN);
+  if (!match) {
+    return null;
+  }
+  return {
+    username: match[1],
+    name: match[2],
+    versionRange: match[3]
+  };
+}
+function resolveVersion(range, availableVersions) {
+  const sorted = availableVersions.filter((v) => semver.valid(v)).sort((a, b) => semver.rcompare(a, b));
+  if (!range || range === "latest" || range === "*") {
+    return sorted[0] ?? null;
+  }
+  return semver.maxSatisfying(sorted, range);
+}
+
+// ../../packages/sdk/src/client.ts
+var config = null;
+function configure(options) {
+  config = options;
+}
+function getConfig() {
+  if (!config) {
+    throw new Error("SDK not configured. Call configure() first.");
+  }
+  return config;
+}
+var SDKError = class extends Error {
+  constructor(message, status, body) {
+    super(message);
+    this.status = status;
+    this.body = body;
+    this.name = "SDKError";
+  }
+};
+async function apiFetch(path, options = {}) {
+  const { baseUrl, apiKey } = getConfig();
+  const url = `${baseUrl}${path}`;
+  const response = await fetch(url, {
+    ...options,
+    headers: {
+      ...options.headers,
+      Authorization: `Bearer ${apiKey}`,
+      "Content-Type": "application/json"
+    }
+  });
+  if (!response.ok) {
+    const errorText = await response.text();
+    let errorMessage = `API error: ${response.status}`;
+    try {
+      const errorJson = JSON.parse(errorText);
+      if (errorJson.message) {
+        errorMessage = errorJson.message;
+      } else if (errorJson.error) {
+        errorMessage = errorJson.error;
+      }
+    } catch {
+      if (errorText) {
+        errorMessage = errorText;
+      }
+    }
+    throw new SDKError(errorMessage, response.status, errorText);
+  }
+  const text = await response.text();
+  if (!text) {
+    return null;
+  }
+  return JSON.parse(text);
+}
+async function me() {
+  return apiFetch("/me", { method: "GET" });
+}
+async function listVersions(params) {
+  return apiFetch(
+    `/@user/${params.username}/${params.name}/versions`,
+    { method: "GET" }
+  );
+}
+async function getVersion(params) {
+  return apiFetch(
+    `/@user/${params.username}/${params.name}/${params.version}`,
+    { method: "GET" }
+  );
+}
+async function publish(body) {
+  return apiFetch("/publish", {
+    method: "POST",
+    body: JSON.stringify(body)
+  });
+}
+async function deleteSkill(params) {
+  return apiFetch(`/${params.name}`, { method: "DELETE" });
+}
+async function deleteVersion(params) {
+  return apiFetch(`/${params.name}/${params.version}`, {
+    method: "DELETE"
+  });
+}
+
+// src/api-client.ts
+async function whoamiRequest(registryUrl, apiKey) {
+  try {
+    configure({ baseUrl: `${registryUrl}/rpc`, apiKey });
+    const user = await me();
+    if (!user) {
+      return null;
+    }
+    return {
+      username: user.username,
+      userId: user.userId
+    };
+  } catch {
+    return null;
+  }
+}
+
+// src/errors.ts
+var ConfigError = class extends Error {
+  constructor(message) {
+    super(message);
+    this.name = "ConfigError";
+  }
+};
+var ProfileNotFoundError = class extends ConfigError {
+  constructor(profileName) {
+    super(
+      `Profile "${profileName}" not found. Run 'pspm config list' to see available profiles.`
+    );
+    this.name = "ProfileNotFoundError";
+  }
+};
+var NotLoggedInError = class extends ConfigError {
+  constructor() {
+    super(
+      "Not logged in. Run 'pspm login --api-key <key>' first, or set PSPM_API_KEY env var."
+    );
+    this.name = "NotLoggedInError";
+  }
+};
+
+// src/config.ts
+var DEFAULT_REGISTRY_URL = "https://pspm.dev/api/skills";
+function getConfigPath() {
+  return join(homedir(), ".pspm", "config.json");
+}
+function getSkillsDir() {
+  return join(process.cwd(), ".skills");
+}
+function getLockfilePath() {
+  return join(process.cwd(), "skill-lock.json");
+}
+function createDefaultV2Config() {
+  return {
+    version: 2,
+    defaultProfile: "default",
+    profiles: {
+      default: {
+        registryUrl: DEFAULT_REGISTRY_URL
+      }
+    }
+  };
+}
+function migrateV1ToV2(v1Config) {
+  return {
+    version: 2,
+    defaultProfile: "default",
+    profiles: {
+      default: {
+        registryUrl: v1Config.registryUrl || DEFAULT_REGISTRY_URL,
+        apiKey: v1Config.apiKey,
+        username: v1Config.username
+      }
+    }
+  };
+}
+function isV2Config(config2) {
+  return typeof config2 === "object" && config2 !== null && "version" in config2 && config2.version === 2;
+}
+async function readUserConfig() {
+  const configPath = getConfigPath();
+  if (process.env.PSPM_DEBUG) {
+    console.log(`[config] Reading config from: ${configPath}`);
+  }
+  try {
+    const content = await readFile(configPath, "utf-8");
+    if (process.env.PSPM_DEBUG) {
+      const apiKeyMatch = content.match(/"apiKey":\s*"([^"]+)"/);
+      if (apiKeyMatch) {
+        console.log(
+          `[config] Raw apiKey from file: ${apiKeyMatch[1].substring(
+            0,
+            15
+          )}...`
+        );
+      }
+    }
+    const parsed = JSON.parse(content);
+    if (process.env.PSPM_DEBUG) {
+      console.log(
+        `[config] Parsed config version: ${parsed.version}`
+      );
+      console.log(
+        `[config] Profiles found: ${Object.keys(
+          parsed.profiles || {}
+        ).join(", ")}`
+      );
+    }
+    if (isV2Config(parsed)) {
+      return parsed;
+    }
+    const v2Config = migrateV1ToV2(parsed);
+    await writeUserConfig(v2Config);
+    return v2Config;
+  } catch (error) {
+    if (process.env.PSPM_DEBUG) {
+      console.log(
+        `[config] Error reading config: ${error instanceof Error ? error.message : String(error)}`
+      );
+      console.log(`[config] Falling back to default config`);
+    }
+    return createDefaultV2Config();
+  }
+}
+async function writeUserConfig(config2) {
+  const configPath = getConfigPath();
+  await mkdir(dirname(configPath), { recursive: true });
+  await writeFile(configPath, JSON.stringify(config2, null, 2));
+}
+async function findProjectConfig() {
+  let currentDir = process.cwd();
+  const root = dirname(currentDir);
+  while (currentDir !== root) {
+    const configPath = join(currentDir, ".pspmrc");
+    try {
+      const stats = await stat(configPath);
+      if (stats.isFile()) {
+        const content = await readFile(configPath, "utf-8");
+        return JSON.parse(content);
+      }
+    } catch {
+    }
+    currentDir = dirname(currentDir);
+  }
+  return null;
+}
+async function resolveConfig(globalOptions) {
+  const userConfig = await readUserConfig();
+  const projectConfig = await findProjectConfig();
+  let profileName;
+  let profileSource;
+  if (globalOptions?.profile) {
+    profileName = globalOptions.profile;
+    profileSource = "cli";
+  } else if (process.env.PSPM_PROFILE) {
+    profileName = process.env.PSPM_PROFILE;
+    profileSource = "env";
+  } else if (projectConfig?.profile) {
+    profileName = projectConfig.profile;
+    profileSource = "project";
+  } else if (userConfig.defaultProfile) {
+    profileName = userConfig.defaultProfile;
+    profileSource = "user";
+  } else {
+    profileName = "default";
+    profileSource = "default";
+  }
+  const profile = userConfig.profiles[profileName];
+  if (!profile) {
+    if (process.env.PSPM_DEBUG) {
+      console.log(
+        `[config] Profile "${profileName}" not found. Available: ${Object.keys(
+          userConfig.profiles
+        ).join(", ")}`
+      );
+    }
+    throw new ProfileNotFoundError(profileName);
+  }
+  if (process.env.PSPM_DEBUG) {
+    console.log(
+      `[config] Using profile: ${profileName} (source: ${profileSource})`
+    );
+    console.log(`[config] Profile has apiKey: ${!!profile.apiKey}`);
+  }
+  let registryUrl = profile.registryUrl;
+  let apiKey = profile.apiKey;
+  const username = profile.username;
+  if (projectConfig?.registryUrl) {
+    registryUrl = projectConfig.registryUrl;
+  }
+  if (process.env.PSPM_REGISTRY_URL) {
+    registryUrl = process.env.PSPM_REGISTRY_URL;
+  }
+  if (process.env.PSPM_API_KEY) {
+    apiKey = process.env.PSPM_API_KEY;
+  }
+  return {
+    profileName,
+    profileSource,
+    registryUrl,
+    apiKey,
+    username
+  };
+}
+async function getProfile(profileName) {
+  const userConfig = await readUserConfig();
+  return userConfig.profiles[profileName] || null;
+}
+async function listProfiles() {
+  const userConfig = await readUserConfig();
+  return Object.keys(userConfig.profiles);
+}
+async function setProfile(profileName, config2) {
+  const userConfig = await readUserConfig();
+  const existing = userConfig.profiles[profileName] || {
+    registryUrl: DEFAULT_REGISTRY_URL
+  };
+  userConfig.profiles[profileName] = {
+    ...existing,
+    ...config2
+  };
+  await writeUserConfig(userConfig);
+}
+async function deleteProfile(profileName) {
+  const userConfig = await readUserConfig();
+  if (!userConfig.profiles[profileName]) {
+    return false;
+  }
+  delete userConfig.profiles[profileName];
+  if (userConfig.defaultProfile === profileName) {
+    const remainingProfiles = Object.keys(userConfig.profiles);
+    userConfig.defaultProfile = remainingProfiles[0] || "default";
+  }
+  await writeUserConfig(userConfig);
+  return true;
+}
+async function setDefaultProfile(profileName) {
+  const userConfig = await readUserConfig();
+  if (!userConfig.profiles[profileName]) {
+    throw new ProfileNotFoundError(profileName);
+  }
+  userConfig.defaultProfile = profileName;
+  await writeUserConfig(userConfig);
+}
+async function getDefaultProfileName() {
+  const userConfig = await readUserConfig();
+  return userConfig.defaultProfile;
+}
+({
+  registryUrl: process.env.PSPM_REGISTRY_URL || DEFAULT_REGISTRY_URL
+});
+async function isLoggedIn(globalOptions) {
+  try {
+    const resolved = await resolveConfig(globalOptions);
+    return !!resolved.apiKey;
+  } catch {
+    return false;
+  }
+}
+async function requireApiKey(globalOptions) {
+  const resolved = await resolveConfig(globalOptions);
+  if (!resolved.apiKey) {
+    if (process.env.PSPM_DEBUG) {
+      console.log(
+        `[config] requireApiKey: No API key found for profile "${resolved.profileName}"`
+      );
+    }
+    throw new NotLoggedInError();
+  }
+  if (process.env.PSPM_DEBUG) {
+    console.log(
+      `[config] requireApiKey: Got API key (${resolved.apiKey.substring(
+        0,
+        10
+      )}...)`
+    );
+  }
+  return resolved.apiKey;
+}
+async function getRegistryUrl(globalOptions) {
+  const resolved = await resolveConfig(globalOptions);
+  return resolved.registryUrl;
+}
+async function clearProfileCredentials(profileName) {
+  const userConfig = await readUserConfig();
+  if (userConfig.profiles[profileName]) {
+    userConfig.profiles[profileName].apiKey = void 0;
+    userConfig.profiles[profileName].username = void 0;
+    await writeUserConfig(userConfig);
+  }
+}
+async function setProfileCredentials(profileName, apiKey, username, registryUrl) {
+  const userConfig = await readUserConfig();
+  if (!userConfig.profiles[profileName]) {
+    userConfig.profiles[profileName] = {
+      registryUrl: registryUrl || DEFAULT_REGISTRY_URL
+    };
+  }
+  userConfig.profiles[profileName].apiKey = apiKey;
+  if (username) {
+    userConfig.profiles[profileName].username = username;
+  }
+  if (registryUrl) {
+    userConfig.profiles[profileName].registryUrl = registryUrl;
+  }
+  await writeUserConfig(userConfig);
+}
+async function readLockfile() {
+  const lockfilePath = getLockfilePath();
+  try {
+    const content = await readFile(lockfilePath, "utf-8");
+    return JSON.parse(content);
+  } catch {
+    return null;
+  }
+}
+async function writeLockfile(lockfile) {
+  const lockfilePath = getLockfilePath();
+  await mkdir(dirname(lockfilePath), { recursive: true });
+  await writeFile(lockfilePath, `${JSON.stringify(lockfile, null, 2)}
+`);
+}
+async function createEmptyLockfile() {
+  const registryUrl = await getRegistryUrl();
+  return {
+    lockfileVersion: 1,
+    registryUrl,
+    skills: {}
+  };
+}
+async function addToLockfile(fullName, entry) {
+  let lockfile = await readLockfile();
+  if (!lockfile) {
+    lockfile = await createEmptyLockfile();
+  }
+  lockfile.skills[fullName] = entry;
+  await writeLockfile(lockfile);
+}
+async function removeFromLockfile(fullName) {
+  const lockfile = await readLockfile();
+  if (!lockfile || !lockfile.skills[fullName]) {
+    return false;
+  }
+  delete lockfile.skills[fullName];
+  await writeLockfile(lockfile);
+  return true;
+}
+async function listLockfileSkills() {
+  const lockfile = await readLockfile();
+  if (!lockfile) {
+    return [];
+  }
+  return Object.entries(lockfile.skills).map(([name, entry]) => ({
+    name,
+    entry
+  }));
+}
+
+// src/commands/add.ts
+async function add(specifier, _options, globalOptions) {
+  try {
+    const apiKey = await requireApiKey(globalOptions);
+    const registryUrl = await getRegistryUrl(globalOptions);
+    const parsed = parseSkillSpecifier(specifier);
+    if (!parsed) {
+      console.error(
+        `Error: Invalid skill specifier "${specifier}". Use format: @user/{username}/{name}[@{version}]`
+      );
+      process.exit(1);
+    }
+    const { username, name, versionRange } = parsed;
+    configure({ baseUrl: `${registryUrl}/rpc`, apiKey });
+    console.log(`Resolving ${specifier}...`);
+    const versions = await listVersions({ username, name });
+    if (versions.length === 0) {
+      console.error(`Error: Skill @user/${username}/${name} not found`);
+      process.exit(1);
+    }
+    const versionStrings = versions.map((v) => v.version);
+    const resolved = resolveVersion(versionRange || "*", versionStrings);
+    if (!resolved) {
+      console.error(
+        `Error: No version matching "${versionRange || "latest"}" found for @user/${username}/${name}`
+      );
+      console.error(`Available versions: ${versionStrings.join(", ")}`);
+      process.exit(1);
+    }
+    console.log(`Installing @user/${username}/${name}@${resolved}...`);
+    const versionInfo = await getVersion({
+      username,
+      name,
+      version: resolved
+    });
+    if (!versionInfo) {
+      console.error(`Error: Version ${resolved} not found`);
+      process.exit(1);
+    }
+    const downloadUrl = `${registryUrl}/@user/${username}/${name}/${resolved}/download`;
+    const tarballResponse = await fetch(downloadUrl, {
+      headers: {
+        Authorization: `Bearer ${apiKey}`
+      },
+      redirect: "follow"
+    });
+    if (!tarballResponse.ok) {
+      console.error(
+        `Error: Failed to download tarball (${tarballResponse.status})`
+      );
+      process.exit(1);
+    }
+    const tarballBuffer = Buffer.from(await tarballResponse.arrayBuffer());
+    const integrity = calculateIntegrity(tarballBuffer);
+    const expectedIntegrity = `sha256-${Buffer.from(versionInfo.checksum, "hex").toString("base64")}`;
+    if (integrity !== expectedIntegrity) {
+      console.error("Error: Checksum verification failed");
+      process.exit(1);
+    }
+    const skillsDir = getSkillsDir();
+    const destDir = join(skillsDir, username, name);
+    await mkdir(destDir, { recursive: true });
+    const { writeFile: writeFile4 } = await import('fs/promises');
+    const tempFile = join(destDir, ".temp.tgz");
+    await writeFile4(tempFile, tarballBuffer);
+    const { exec: exec2 } = await import('child_process');
+    const { promisify: promisify2 } = await import('util');
+    const execAsync = promisify2(exec2);
+    try {
+      await rm(destDir, { recursive: true, force: true });
+      await mkdir(destDir, { recursive: true });
+      await writeFile4(tempFile, tarballBuffer);
+      await execAsync(
+        `tar -xzf "${tempFile}" -C "${destDir}" --strip-components=1`
+      );
+    } finally {
+      await rm(tempFile, { force: true });
+    }
+    const fullName = `@user/${username}/${name}`;
+    await addToLockfile(fullName, {
+      version: resolved,
+      resolved: versionInfo.downloadUrl,
+      integrity
+    });
+    console.log(`Installed @user/${username}/${name}@${resolved}`);
+    console.log(`Location: ${destDir}`);
+  } catch (error) {
+    const message = error instanceof Error ? error.message : "Unknown error";
+    console.error(`Error: ${message}`);
+    process.exit(1);
+  }
+}
+
+// src/commands/config/add.ts
+async function configAdd(name, options) {
+  try {
+    const existing = await getProfile(name);
+    if (existing) {
+      console.error(`Error: Profile "${name}" already exists.`);
+      console.log("Use 'pspm config set' to modify it.");
+      process.exit(1);
+    }
+    await setProfile(name, {
+      registryUrl: options.registryUrl || "https://pspm.dev/api/skills"
+    });
+    console.log(`Created profile "${name}".`);
+    if (options.registryUrl) {
+      console.log(`  Registry URL: ${options.registryUrl}`);
+    }
+    console.log("");
+    console.log(
+      `To set credentials, run: pspm login --api-key <key> --profile ${name}`
+    );
+    console.log(`To make this the default, run: pspm config use ${name}`);
+  } catch (error) {
+    const message = error instanceof Error ? error.message : "Unknown error";
+    console.error(`Error: ${message}`);
+    process.exit(1);
+  }
+}
+
+// src/commands/config/delete.ts
+async function configDelete(name) {
+  try {
+    const profiles = await listProfiles();
+    const defaultProfile = await getDefaultProfileName();
+    if (!profiles.includes(name)) {
+      console.error(`Error: Profile "${name}" not found.`);
+      console.log("Run 'pspm config list' to see available profiles.");
+      process.exit(1);
+    }
+    if (profiles.length === 1) {
+      console.error("Error: Cannot delete the last profile.");
+      console.log("Create another profile first, then delete this one.");
+      process.exit(1);
+    }
+    const wasDefault = name === defaultProfile;
+    const success = await deleteProfile(name);
+    if (success) {
+      console.log(`Deleted profile "${name}".`);
+      if (wasDefault) {
+        const newDefault = await getDefaultProfileName();
+        console.log(`Default profile is now "${newDefault}".`);
+      }
+    } else {
+      console.error(`Error: Failed to delete profile "${name}".`);
+      process.exit(1);
+    }
+  } catch (error) {
+    const message = error instanceof Error ? error.message : "Unknown error";
+    console.error(`Error: ${message}`);
+    process.exit(1);
+  }
+}
+async function configInit(options) {
+  try {
+    const configPath = join(process.cwd(), ".pspmrc");
+    try {
+      await stat(configPath);
+      console.error("Error: .pspmrc already exists in this directory.");
+      process.exit(1);
+    } catch {
+    }
+    const config2 = {};
+    if (options.profile) {
+      config2.profile = options.profile;
+    }
+    if (options.registryUrl) {
+      config2.registryUrl = options.registryUrl;
+    }
+    if (Object.keys(config2).length === 0) {
+      config2.profile = "development";
+    }
+    await writeFile(configPath, `${JSON.stringify(config2, null, 2)}
+`);
+    console.log("Created .pspmrc");
+    console.log("");
+    console.log("Contents:");
+    console.log(JSON.stringify(config2, null, 2));
+    console.log("");
+    console.log("Note: .pspmrc should be committed to version control.");
+    console.log("API keys should NOT be stored here - use pspm login instead.");
+  } catch (error) {
+    const message = error instanceof Error ? error.message : "Unknown error";
+    console.error(`Error: ${message}`);
+    process.exit(1);
+  }
+}
+
+// src/commands/config/list.ts
+async function configList() {
+  try {
+    const profiles = await listProfiles();
+    const defaultProfile = await getDefaultProfileName();
+    if (profiles.length === 0) {
+      console.log("No profiles configured.");
+      console.log("Run 'pspm config add <name>' to create one.");
+      return;
+    }
+    console.log("Profiles:\n");
+    for (const name of profiles) {
+      const marker = name === defaultProfile ? " (default)" : "";
+      console.log(`  ${name}${marker}`);
+    }
+    console.log("");
+  } catch (error) {
+    const message = error instanceof Error ? error.message : "Unknown error";
+    console.error(`Error: ${message}`);
+    process.exit(1);
+  }
+}
+
+// src/commands/config/set.ts
+var VALID_KEYS = ["registryUrl", "apiKey", "username"];
+async function configSet(profile, key, value) {
+  try {
+    if (!VALID_KEYS.includes(key)) {
+      console.error(`Error: Invalid key "${key}".`);
+      console.log(`Valid keys: ${VALID_KEYS.join(", ")}`);
+      process.exit(1);
+    }
+    const existing = await getProfile(profile);
+    if (!existing) {
+      console.error(`Error: Profile "${profile}" not found.`);
+      console.log("Run 'pspm config add' to create it first.");
+      process.exit(1);
+    }
+    await setProfile(profile, { [key]: value });
+    console.log(`Updated ${key} for profile "${profile}".`);
+  } catch (error) {
+    const message = error instanceof Error ? error.message : "Unknown error";
+    console.error(`Error: ${message}`);
+    process.exit(1);
+  }
+}
+
+// src/commands/config/show.ts
+async function configShow(options, globalOptions) {
+  try {
+    if (options.name) {
+      const profile = await getProfile(options.name);
+      if (!profile) {
+        console.error(`Error: Profile "${options.name}" not found.`);
+        console.log("Run 'pspm config list' to see available profiles.");
+        process.exit(1);
+      }
+      const defaultProfile = await getDefaultProfileName();
+      const isDefault = options.name === defaultProfile;
+      console.log(`Profile: ${options.name}${isDefault ? " (default)" : ""}
+`);
+      console.log(`  Registry URL: ${profile.registryUrl}`);
+      console.log(`  API Key:      ${profile.apiKey ? "***" : "(not set)"}`);
+      console.log(`  Username:     ${profile.username || "(not set)"}`);
+    } else {
+      const resolved = await resolveConfig(globalOptions);
+      const projectConfig = await findProjectConfig();
+      const configPath = getConfigPath();
+      console.log("Resolved Configuration:\n");
+      console.log(`  Active Profile: ${resolved.profileName}`);
+      console.log(`  Profile Source: ${formatSource(resolved.profileSource)}`);
+      console.log(`  Registry URL:   ${resolved.registryUrl}`);
+      console.log(`  API Key:        ${resolved.apiKey ? "***" : "(not set)"}`);
+      console.log(`  Username:       ${resolved.username || "(not set)"}`);
+      console.log("");
+      console.log("Config Locations:");
+      console.log(`  User config:    ${configPath}`);
+      console.log(`  Project config: ${projectConfig ? ".pspmrc" : "(none)"}`);
+    }
+  } catch (error) {
+    const message = error instanceof Error ? error.message : "Unknown error";
+    console.error(`Error: ${message}`);
+    process.exit(1);
+  }
+}
+function formatSource(source) {
+  switch (source) {
+    case "cli":
+      return "--profile flag";
+    case "env":
+      return "PSPM_PROFILE env var";
+    case "project":
+      return ".pspmrc file";
+    case "user":
+      return "user config default";
+    case "default":
+      return "fallback default";
+    default:
+      return source;
+  }
+}
+
+// src/commands/config/use.ts
+async function configUse(name) {
+  try {
+    const profile = await getProfile(name);
+    if (!profile) {
+      console.error(`Error: Profile "${name}" not found.`);
+      console.log("Run 'pspm config list' to see available profiles.");
+      process.exit(1);
+    }
+    await setDefaultProfile(name);
+    console.log(`Default profile set to "${name}".`);
+  } catch (error) {
+    const message = error instanceof Error ? error.message : "Unknown error";
+    console.error(`Error: ${message}`);
+    process.exit(1);
+  }
+}
+async function install(options, globalOptions) {
+  try {
+    const apiKey = await requireApiKey(globalOptions);
+    await getRegistryUrl(globalOptions);
+    const skillsDir = options.dir || getSkillsDir();
+    const lockfile = await readLockfile();
+    if (!lockfile) {
+      if (options.frozenLockfile) {
+        console.error(
+          "Error: No lockfile found. Cannot install with --frozen-lockfile"
+        );
+        process.exit(1);
+      }
+      console.log("No lockfile found. Nothing to install.");
+      return;
+    }
+    const skillCount = Object.keys(lockfile.skills).length;
+    if (skillCount === 0) {
+      console.log("No skills in lockfile. Nothing to install.");
+      return;
+    }
+    console.log(`Installing ${skillCount} skill(s)...
+`);
+    const entries = Object.entries(lockfile.skills);
+    for (const [fullName, entry] of entries) {
+      const match = fullName.match(/^@user\/([^/]+)\/([^/]+)$/);
+      if (!match) {
+        console.warn(`Warning: Invalid skill name in lockfile: ${fullName}`);
+        continue;
+      }
+      const [, username, name] = match;
+      console.log(`Installing ${fullName}@${entry.version}...`);
+      const response = await fetch(entry.resolved, {
+        headers: {
+          Authorization: `Bearer ${apiKey}`
+        },
+        redirect: "follow"
+      });
+      if (!response.ok) {
+        console.error(
+          `  Error: Failed to download ${fullName} (${response.status})`
+        );
+        continue;
+      }
+      const tarballBuffer = Buffer.from(await response.arrayBuffer());
+      const { createHash: createHash2 } = await import('crypto');
+      const actualIntegrity = `sha256-${createHash2("sha256").update(tarballBuffer).digest("base64")}`;
+      if (actualIntegrity !== entry.integrity) {
+        console.error(`  Error: Checksum verification failed for ${fullName}`);
+        if (options.frozenLockfile) {
+          process.exit(1);
+        }
+        continue;
+      }
+      const destDir = join(skillsDir, username, name);
+      await rm(destDir, { recursive: true, force: true });
+      await mkdir(destDir, { recursive: true });
+      const tempFile = join(destDir, ".temp.tgz");
+      const { writeFile: writeFile4 } = await import('fs/promises');
+      await writeFile4(tempFile, tarballBuffer);
+      const { exec: exec2 } = await import('child_process');
+      const { promisify: promisify2 } = await import('util');
+      const execAsync = promisify2(exec2);
+      try {
+        await execAsync(
+          `tar -xzf "${tempFile}" -C "${destDir}" --strip-components=1`
+        );
+      } finally {
+        await rm(tempFile, { force: true });
+      }
+      console.log(`  Installed to ${destDir}`);
+    }
+    console.log(`
+All ${skillCount} skill(s) installed.`);
+  } catch (error) {
+    const message = error instanceof Error ? error.message : "Unknown error";
+    console.error(`Error: ${message}`);
+    process.exit(1);
+  }
+}
+async function list(options) {
+  try {
+    const skills = await listLockfileSkills();
+    if (skills.length === 0) {
+      console.log("No skills installed.");
+      return;
+    }
+    if (options.json) {
+      console.log(JSON.stringify(skills, null, 2));
+      return;
+    }
+    const skillsDir = getSkillsDir();
+    console.log("Installed skills:\n");
+    for (const { name, entry } of skills) {
+      const match = name.match(/^@user\/([^/]+)\/([^/]+)$/);
+      if (!match) continue;
+      const [, username, skillName] = match;
+      const skillPath = join(skillsDir, username, skillName);
+      let status = "installed";
+      try {
+        await access(skillPath);
+      } catch {
+        status = "missing";
+      }
+      console.log(`  ${name}@${entry.version}`);
+      if (status === "missing") {
+        console.log(`    Status: MISSING (run 'pspm install' to restore)`);
+      }
+    }
+    console.log(`
+Total: ${skills.length} skill(s)`);
+  } catch (error) {
+    const message = error instanceof Error ? error.message : "Unknown error";
+    console.error(`Error: ${message}`);
+    process.exit(1);
+  }
+}
+var DEFAULT_WEB_APP_URL = "https://pspm.dev";
+function getWebAppUrl(registryUrl) {
+  if (process.env.PSPM_WEB_URL) {
+    return process.env.PSPM_WEB_URL.replace(/\/$/, "");
+  }
+  try {
+    const url = new URL(registryUrl);
+    return `${url.protocol}//${url.host}`;
+  } catch {
+    return DEFAULT_WEB_APP_URL;
+  }
+}
+function getServerUrl(registryUrl) {
+  try {
+    const url = new URL(registryUrl);
+    return `${url.protocol}//${url.host}`;
+  } catch {
+    return DEFAULT_WEB_APP_URL;
+  }
+}
+async function exchangeCliToken(registryUrl, token) {
+  const serverUrl = getServerUrl(registryUrl);
+  const rpcUrl = `${serverUrl}/api/api-keys/rpc/exchangeCliToken`;
+  const response = await fetch(rpcUrl, {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/json"
+    },
+    body: JSON.stringify({ token })
+  });
+  if (!response.ok) {
+    const errorText = await response.text();
+    throw new Error(`Failed to exchange token: ${errorText}`);
+  }
+  return response.json();
+}
+function startCallbackServer(expectedState) {
+  return new Promise((resolveServer, rejectServer) => {
+    let resolveToken;
+    let rejectToken;
+    let timeoutId;
+    const tokenPromise = new Promise((resolve, reject) => {
+      resolveToken = resolve;
+      rejectToken = reject;
+    });
+    const server = http.createServer((req, res) => {
+      const url = new URL(req.url || "/", `http://localhost`);
+      if (url.pathname === "/callback") {
+        const token = url.searchParams.get("token");
+        const state = url.searchParams.get("state");
+        if (state !== expectedState) {
+          res.writeHead(400, { "Content-Type": "text/html" });
+          res.end(`
+						<html>
+							<body style="font-family: system-ui; text-align: center; padding: 40px;">
+								<h1 style="color: #dc2626;">Security Error</h1>
+								<p>State mismatch - this may be a security issue.</p>
+								<p>Please try running <code>pspm login</code> again.</p>
+							</body>
+						</html>
+					`);
+          rejectToken(new Error("State mismatch - possible CSRF attack"));
+          return;
+        }
+        if (!token) {
+          res.writeHead(400, { "Content-Type": "text/html" });
+          res.end(`
+						<html>
+							<body style="font-family: system-ui; text-align: center; padding: 40px;">
+								<h1 style="color: #dc2626;">Error</h1>
+								<p>No token received from the server.</p>
+								<p>Please try running <code>pspm login</code> again.</p>
+							</body>
+						</html>
+					`);
+          rejectToken(new Error("No token received"));
+          return;
+        }
+        res.writeHead(200, { "Content-Type": "text/html" });
+        res.end(`
+					<html>
+						<head>
+							<script>
+								// Try to close the window after a short delay
+								setTimeout(function() {
+									window.close();
+								}, 1500);
+							</script>
+						</head>
+						<body style="font-family: system-ui; text-align: center; padding: 40px;">
+							<h1 style="color: #16a34a;">Success!</h1>
+							<p>You are now logged in to PSPM.</p>
+							<p style="color: #666; font-size: 14px;">This window will close automatically, or you can close it manually.</p>
+						</body>
+					</html>
+				`);
+        resolveToken(token);
+      } else {
+        res.writeHead(404, { "Content-Type": "text/plain" });
+        res.end("Not found");
+      }
+    });
+    const cleanup = () => {
+      clearTimeout(timeoutId);
+      server.close();
+    };
+    server.listen(0, "127.0.0.1", () => {
+      const address = server.address();
+      if (typeof address === "object" && address !== null) {
+        resolveServer({ port: address.port, tokenPromise, cleanup });
+      } else {
+        rejectServer(new Error("Failed to get server address"));
+      }
+    });
+    server.on("error", (err) => {
+      rejectServer(err);
+    });
+    timeoutId = setTimeout(
+      () => {
+        rejectToken(new Error("Login timed out - please try again"));
+        server.close();
+      },
+      5 * 60 * 1e3
+    );
+  });
+}
+async function browserLogin(globalOptions) {
+  const resolved = await resolveConfig(globalOptions);
+  const registryUrl = await getRegistryUrl(globalOptions);
+  const webAppUrl = getWebAppUrl(registryUrl);
+  const state = randomBytes(32).toString("base64url");
+  console.log("Starting browser-based login...");
+  const { port, tokenPromise, cleanup } = await startCallbackServer(state);
+  const loginUrl = `${webAppUrl}/cli/login?port=${port}&state=${encodeURIComponent(state)}`;
+  console.log(`Opening browser to authenticate...`);
+  console.log(`If the browser doesn't open, visit: ${loginUrl}`);
+  try {
+    await open(loginUrl);
+  } catch {
+    console.log("Could not open browser automatically.");
+    console.log(`Please visit: ${loginUrl}`);
+  }
+  console.log("Waiting for authentication...");
+  const token = await tokenPromise;
+  cleanup();
+  console.log("Received token, exchanging for API key...");
+  const { apiKey, username } = await exchangeCliToken(registryUrl, token);
+  await setProfileCredentials(
+    resolved.profileName,
+    apiKey,
+    username,
+    registryUrl
+  );
+  console.log(`Logged in as ${username}`);
+  console.log(`Profile: ${resolved.profileName}`);
+  console.log(`Registry: ${registryUrl}`);
+}
+async function directLogin(apiKey, globalOptions) {
+  console.log("Verifying API key...");
+  const resolved = await resolveConfig(globalOptions);
+  const registryUrl = await getRegistryUrl(globalOptions);
+  const user = await whoamiRequest(registryUrl, apiKey);
+  if (!user) {
+    console.error("Error: Invalid API key or not authenticated");
+    process.exit(1);
+  }
+  await setProfileCredentials(
+    resolved.profileName,
+    apiKey,
+    user.username,
+    registryUrl
+  );
+  console.log(`Logged in as ${user.username}`);
+  console.log(`Profile: ${resolved.profileName}`);
+  console.log(`Registry: ${registryUrl}`);
+}
+async function login(options, globalOptions) {
+  try {
+    if (options.apiKey) {
+      await directLogin(options.apiKey, globalOptions);
+    } else {
+      await browserLogin(globalOptions);
+    }
+  } catch (error) {
+    const message = error instanceof Error ? error.message : "Unknown error";
+    console.error(`Error: ${message}`);
+    process.exit(1);
+  }
+}
+
+// src/commands/logout.ts
+async function logout(globalOptions) {
+  try {
+    const resolved = await resolveConfig(globalOptions);
+    const loggedIn = await isLoggedIn(globalOptions);
+    if (!loggedIn) {
+      console.log(`Not logged in (profile: ${resolved.profileName}).`);
+      return;
+    }
+    await clearProfileCredentials(resolved.profileName);
+    console.log(`Logged out from profile "${resolved.profileName}".`);
+  } catch (error) {
+    const message = error instanceof Error ? error.message : "Unknown error";
+    console.error(`Error: ${message}`);
+    process.exit(1);
+  }
+}
+var exec = promisify(exec$1);
+async function publishCommand(options, globalOptions) {
+  try {
+    const apiKey = await requireApiKey(globalOptions);
+    const registryUrl = await getRegistryUrl(globalOptions);
+    const packageJsonPath = join(process.cwd(), "package.json");
+    let packageJson2;
+    try {
+      const content = await readFile(packageJsonPath, "utf-8");
+      packageJson2 = JSON.parse(content);
+    } catch {
+      console.error("Error: No package.json found in current directory");
+      process.exit(1);
+    }
+    if (!packageJson2.name) {
+      console.error("Error: package.json must have a 'name' field");
+      process.exit(1);
+    }
+    if (!packageJson2.version) {
+      console.error("Error: package.json must have a 'version' field");
+      process.exit(1);
+    }
+    if (options.bump) {
+      const semver2 = await import('semver');
+      const newVersion = semver2.default.inc(packageJson2.version, options.bump);
+      if (!newVersion) {
+        console.error(
+          `Error: Failed to bump version from ${packageJson2.version}`
+        );
+        process.exit(1);
+      }
+      packageJson2.version = newVersion;
+      console.log(`Bumped version to ${newVersion}`);
+    }
+    console.log(`Registry: ${registryUrl}`);
+    console.log(`Publishing ${packageJson2.name}@${packageJson2.version}...`);
+    const safeName = packageJson2.name.replace(/[@/]/g, "-").replace(/^-+/, "");
+    const tarballName = `${safeName}-${packageJson2.version}.tgz`;
+    const tempDir = join(process.cwd(), ".pspm-publish");
+    try {
+      await exec(`rm -rf "${tempDir}" && mkdir -p "${tempDir}"`);
+      const files = packageJson2.files || [
+        "package.json",
+        "SKILL.md",
+        "runtime",
+        "scripts",
+        "data"
+      ];
+      await exec(`mkdir -p "${tempDir}/package"`);
+      for (const file of files) {
+        try {
+          await exec(
+            `rsync -a --exclude='node_modules' --exclude='.git' "${file}" "${tempDir}/package/" 2>/dev/null || true`
+          );
+        } catch {
+        }
+      }
+      await exec(`cp package.json "${tempDir}/package/"`);
+      const tarballPath = join(tempDir, tarballName);
+      await exec(
+        `tar -czf "${tarballPath}" -C "${tempDir}" --exclude='node_modules' --exclude='.git' package`
+      );
+      const tarballBuffer = await readFile(tarballPath);
+      const tarballBase64 = tarballBuffer.toString("base64");
+      configure({ baseUrl: `${registryUrl}/rpc`, apiKey });
+      const result = await publish({
+        manifest: packageJson2,
+        tarballBase64
+      });
+      console.log(
+        `
+Published @user/${result.skill.username}/${result.skill.name}@${result.version.version}`
+      );
+      console.log(`Checksum: ${result.version.checksum}`);
+    } finally {
+      await exec(`rm -rf "${tempDir}"`).catch(() => {
+      });
+    }
+  } catch (error) {
+    if (error instanceof Error) {
+      console.error(`Error: ${error.message}`);
+      const anyError = error;
+      if (anyError.cause?.response) {
+        try {
+          const text = await anyError.cause.response.text();
+          console.error(`Response body: ${text}`);
+        } catch {
+        }
+      }
+      if (anyError.cause?.body) {
+        console.error(
+          `Cause body: ${JSON.stringify(anyError.cause.body, null, 2)}`
+        );
+      }
+      if (anyError.body) {
+        console.error(`Error body: ${JSON.stringify(anyError.body, null, 2)}`);
+      }
+      if (anyError.data) {
+        console.error(`Error data: ${JSON.stringify(anyError.data, null, 2)}`);
+      }
+      if (process.env.PSPM_DEBUG) {
+        console.error("\nFull error details:");
+        console.error(error);
+        if (error.stack) {
+          console.error("\nStack trace:");
+          console.error(error.stack);
+        }
+      }
+    } else {
+      console.error(`Error: ${String(error)}`);
+    }
+    console.error("\nTip: Set PSPM_DEBUG=1 for more detailed error output");
+    process.exit(1);
+  }
+}
+async function remove(nameOrSpecifier) {
+  try {
+    await requireApiKey();
+    let fullName;
+    let username;
+    let name;
+    if (nameOrSpecifier.startsWith("@user/")) {
+      const match = nameOrSpecifier.match(/^@user\/([^/]+)\/([^@/]+)/);
+      if (!match) {
+        console.error(`Error: Invalid skill specifier: ${nameOrSpecifier}`);
+        process.exit(1);
+      }
+      fullName = `@user/${match[1]}/${match[2]}`;
+      username = match[1];
+      name = match[2];
+    } else {
+      const skills = await listLockfileSkills();
+      const found = skills.find((s) => {
+        const match2 = s.name.match(/^@user\/([^/]+)\/([^/]+)$/);
+        return match2 && match2[2] === nameOrSpecifier;
+      });
+      if (!found) {
+        console.error(
+          `Error: Skill "${nameOrSpecifier}" not found in lockfile`
+        );
+        process.exit(1);
+      }
+      fullName = found.name;
+      const match = fullName.match(/^@user\/([^/]+)\/([^/]+)$/);
+      if (!match) {
+        console.error(`Error: Invalid skill name in lockfile: ${fullName}`);
+        process.exit(1);
+      }
+      username = match[1];
+      name = match[2];
+    }
+    console.log(`Removing ${fullName}...`);
+    const removed = await removeFromLockfile(fullName);
+    if (!removed) {
+      console.error(`Error: ${fullName} not found in lockfile`);
+      process.exit(1);
+    }
+    const skillsDir = getSkillsDir();
+    const destDir = join(skillsDir, username, name);
+    try {
+      await rm(destDir, { recursive: true, force: true });
+    } catch {
+    }
+    console.log(`Removed ${fullName}`);
+  } catch (error) {
+    const message = error instanceof Error ? error.message : "Unknown error";
+    console.error(`Error: ${message}`);
+    process.exit(1);
+  }
+}
+
+// src/commands/unpublish.ts
+async function unpublish(specifier, options, globalOptions) {
+  try {
+    const apiKey = await requireApiKey(globalOptions);
+    const registryUrl = await getRegistryUrl(globalOptions);
+    const parsed = parseSkillSpecifier(specifier);
+    if (!parsed) {
+      console.error(
+        `Error: Invalid skill specifier "${specifier}". Use format: @user/{username}/{name}[@{version}]`
+      );
+      process.exit(1);
+    }
+    const { username, name, versionRange } = parsed;
+    configure({ baseUrl: `${registryUrl}/rpc`, apiKey });
+    if (versionRange) {
+      console.log(`Unpublishing ${specifier}...`);
+      if (!options.force) {
+        console.error(
+          "Warning: This action is irreversible. Use --force to confirm."
+        );
+        process.exit(1);
+      }
+      const result = await deleteVersion({
+        name,
+        version: versionRange
+      });
+      if (result.success) {
+        console.log(`Unpublished @user/${username}/${name}@${versionRange}`);
+      } else {
+        console.error(`Error: Failed to unpublish. Version may not exist.`);
+        process.exit(1);
+      }
+    } else {
+      console.log(`Unpublishing all versions of @user/${username}/${name}...`);
+      if (!options.force) {
+        console.error(
+          "Warning: This will delete ALL versions. Use --force to confirm."
+        );
+        process.exit(1);
+      }
+      const result = await deleteSkill({ name });
+      if (result.success) {
+        console.log(`Unpublished @user/${username}/${name} (all versions)`);
+      } else {
+        console.error(`Error: Failed to unpublish. Skill may not exist.`);
+        process.exit(1);
+      }
+    }
+  } catch (error) {
+    const message = error instanceof Error ? error.message : "Unknown error";
+    console.error(`Error: ${message}`);
+    process.exit(1);
+  }
+}
+
+// src/commands/update.ts
+async function update(options, globalOptions) {
+  try {
+    const apiKey = await requireApiKey(globalOptions);
+    const registryUrl = await getRegistryUrl(globalOptions);
+    const skills = await listLockfileSkills();
+    if (skills.length === 0) {
+      console.log("No skills installed.");
+      return;
+    }
+    configure({ baseUrl: `${registryUrl}/rpc`, apiKey });
+    const updates = [];
+    console.log("Checking for updates...\n");
+    for (const { name, entry } of skills) {
+      const match = name.match(/^@user\/([^/]+)\/([^/]+)$/);
+      if (!match) continue;
+      const [, username, skillName] = match;
+      try {
+        const versions = await listVersions({
+          username,
+          name: skillName
+        });
+        if (versions.length === 0) continue;
+        const versionStrings = versions.map(
+          (v) => v.version
+        );
+        const latest = resolveVersion("*", versionStrings);
+        if (latest && latest !== entry.version) {
+          updates.push({
+            name,
+            current: entry.version,
+            latest
+          });
+        }
+      } catch {
+        console.warn(`  Warning: Could not check updates for ${name}`);
+      }
+    }
+    if (updates.length === 0) {
+      console.log("All skills are up to date.");
+      return;
+    }
+    console.log("Updates available:\n");
+    for (const { name, current, latest } of updates) {
+      console.log(`  ${name}: ${current} -> ${latest}`);
+    }
+    if (options.dryRun) {
+      console.log("\nDry run - no changes made.");
+      return;
+    }
+    console.log("\nUpdating...\n");
+    for (const { name, latest } of updates) {
+      const match = name.match(/^@user\/([^/]+)\/([^/]+)$/);
+      if (!match) continue;
+      const [, username, skillName] = match;
+      const specifier = `@user/${username}/${skillName}@${latest}`;
+      await add(specifier, {}, globalOptions);
+    }
+    console.log("\nAll skills updated.");
+  } catch (error) {
+    const message = error instanceof Error ? error.message : "Unknown error";
+    console.error(`Error: ${message}`);
+    process.exit(1);
+  }
+}
+
+// src/commands/whoami.ts
+async function whoami(globalOptions) {
+  try {
+    const resolved = await resolveConfig(globalOptions);
+    const apiKey = await requireApiKey(globalOptions);
+    const registryUrl = await getRegistryUrl(globalOptions);
+    const user = await whoamiRequest(registryUrl, apiKey);
+    if (user) {
+      console.log(`Username: ${user.username}`);
+      console.log(`User ID:  ${user.userId}`);
+      console.log(`Registry: ${registryUrl}`);
+      console.log(`Profile:  ${resolved.profileName}`);
+    } else if (resolved.username) {
+      console.log(`Username: ${resolved.username} (cached)`);
+      console.log(`Registry: ${registryUrl}`);
+      console.log(`Profile:  ${resolved.profileName}`);
+    } else {
+      console.error("Could not determine current user.");
+      process.exit(1);
+    }
+  } catch (error) {
+    const message = error instanceof Error ? error.message : "Unknown error";
+    console.error(`Error: ${message}`);
+    process.exit(1);
+  }
+}
+
+// src/index.ts
+var __dirname$1 = dirname(fileURLToPath(import.meta.url));
+var packageJson = JSON.parse(
+  readFileSync(join(__dirname$1, "..", "package.json"), "utf-8")
+);
+var version = packageJson.version;
+var program = new Command();
+program.name("pspm").description("Prompt Skill Package Manager for AnyT").version(version).option("-p, --profile <name>", "Use a specific profile");
+function getGlobalOptions(cmd) {
+  let current = cmd;
+  while (current.parent) {
+    current = current.parent;
+  }
+  const opts = current.opts();
+  return {
+    profile: opts.profile
+  };
+}
+var configCmd = program.command("config").description("Manage PSPM configuration and profiles");
+configCmd.command("list").description("List all profiles").action(async () => {
+  await configList();
+});
+configCmd.command("show [name]").description("Show resolved config or a specific profile").action(async (name, _options, cmd) => {
+  const globalOptions = getGlobalOptions(cmd);
+  await configShow({ name }, globalOptions);
+});
+configCmd.command("add <name>").description("Create a new profile").option("--registry-url <url>", "Registry URL for the profile").action(async (name, options) => {
+  await configAdd(name, { registryUrl: options.registryUrl });
+});
+configCmd.command("use <name>").description("Set the default profile").action(async (name) => {
+  await configUse(name);
+});
+configCmd.command("set <profile> <key> <value>").description("Set a profile field (registryUrl, apiKey, username)").action(async (profile, key, value) => {
+  await configSet(profile, key, value);
+});
+configCmd.command("delete <name>").description("Delete a profile").action(async (name) => {
+  await configDelete(name);
+});
+configCmd.command("init").description("Create a .pspmrc file in the current directory").option("--profile <name>", "Profile to use for this project").option("--registry-url <url>", "Registry URL override").action(async (options) => {
+  await configInit({
+    profile: options.profile,
+    registryUrl: options.registryUrl
+  });
+});
+program.command("login").description("Log in via browser or with an API key").option(
+  "--api-key <key>",
+  "API key for direct authentication (skips browser)"
+).action(async (options, cmd) => {
+  const globalOptions = getGlobalOptions(cmd);
+  await login({ apiKey: options.apiKey }, globalOptions);
+});
+program.command("logout").description("Log out and clear stored credentials").action(async (_options, cmd) => {
+  const globalOptions = getGlobalOptions(cmd);
+  await logout(globalOptions);
+});
+program.command("whoami").description("Show current user information").action(async (_options, cmd) => {
+  const globalOptions = getGlobalOptions(cmd);
+  await whoami(globalOptions);
+});
+program.command("add <specifier>").description("Add a skill (e.g., @user/bsheng/vite_slides@^2.0.0)").option("--save", "Save to lockfile (default)").action(async (specifier, options, cmd) => {
+  const globalOptions = getGlobalOptions(cmd);
+  await add(specifier, { save: options.save ?? true }, globalOptions);
+});
+program.command("remove <name>").alias("rm").description("Remove an installed skill").action(async (name) => {
+  await remove(name);
+});
+program.command("list").alias("ls").description("List installed skills").option("--json", "Output as JSON").action(async (options) => {
+  await list({ json: options.json });
+});
+program.command("install").alias("i").description("Install all skills from lockfile").option("--frozen-lockfile", "Fail if lockfile is missing or outdated").option("--dir <path>", "Install skills to a specific directory").action(async (options, cmd) => {
+  const globalOptions = getGlobalOptions(cmd);
+  await install(
+    {
+      frozenLockfile: options.frozenLockfile,
+      dir: options.dir
+    },
+    globalOptions
+  );
+});
+program.command("update").description("Update all skills to latest compatible versions").option("--dry-run", "Show what would be updated without making changes").action(async (options, cmd) => {
+  const globalOptions = getGlobalOptions(cmd);
+  await update({ dryRun: options.dryRun }, globalOptions);
+});
+program.command("publish").description("Publish current directory as a skill").option("--bump <level>", "Bump version (major, minor, patch)").option("--tag <tag>", "Tag for the release").action(async (options, cmd) => {
+  const globalOptions = getGlobalOptions(cmd);
+  await publishCommand(
+    {
+      bump: options.bump,
+      tag: options.tag
+    },
+    globalOptions
+  );
+});
+program.command("unpublish <specifier>").description("Remove a published skill version").option("--force", "Confirm destructive action").action(async (specifier, options, cmd) => {
+  const globalOptions = getGlobalOptions(cmd);
+  await unpublish(specifier, { force: options.force }, globalOptions);
+});
+program.parse();
+//# sourceMappingURL=index.js.map
+//# sourceMappingURL=index.js.map