@apitap/core 1.0.0

package/dist/skill/importer.js

@@ -0,0 +1,80 @@
+// src/skill/importer.ts
+import { readFile } from 'node:fs/promises';
+import { verifySignature } from './signing.js';
+import { validateSkillFileUrls } from './ssrf.js';
+import { writeSkillFile } from './store.js';
+/**
+ * Validate a skill file for import.
+ * Checks structure, SSRF safety, and signature integrity.
+ */
+export function validateImport(skill, localKey) {
+    // Basic structure validation
+    if (!skill.domain || !skill.baseUrl || !Array.isArray(skill.endpoints)) {
+        return { valid: false, reason: 'Invalid skill file structure', signatureStatus: 'unsigned' };
+    }
+    // Signature check
+    let signatureStatus = 'unsigned';
+    if (skill.signature) {
+        if (localKey && verifySignature(skill, localKey)) {
+            signatureStatus = 'valid';
+        }
+        else {
+            return {
+                valid: false,
+                reason: 'Skill file signature is invalid — file was tampered with or signed by a different instance',
+                signatureStatus: 'invalid',
+            };
+        }
+    }
+    // SSRF validation
+    const ssrfResult = validateSkillFileUrls(skill);
+    if (!ssrfResult.safe) {
+        return {
+            valid: false,
+            reason: `SSRF risk: ${ssrfResult.reason}`,
+            signatureStatus,
+        };
+    }
+    return {
+        valid: true,
+        signatureStatus,
+        summary: {
+            domain: skill.domain,
+            endpointCount: skill.endpoints.length,
+            baseUrl: skill.baseUrl,
+        },
+    };
+}
+/**
+ * Import a skill file from disk.
+ * Validates, strips foreign signatures, sets provenance to 'imported'.
+ */
+export async function importSkillFile(filePath, skillsDir, localKey) {
+    let content;
+    try {
+        content = await readFile(filePath, 'utf-8');
+    }
+    catch (err) {
+        return { success: false, reason: `Cannot read file: ${err.message}` };
+    }
+    let skill;
+    try {
+        skill = JSON.parse(content);
+    }
+    catch {
+        return { success: false, reason: 'File is not valid JSON' };
+    }
+    const validation = validateImport(skill, localKey);
+    if (!validation.valid) {
+        return { success: false, reason: validation.reason };
+    }
+    // Strip foreign signature, set provenance
+    const importedSkill = {
+        ...skill,
+        provenance: 'imported',
+        signature: undefined,
+    };
+    const writtenPath = await writeSkillFile(importedSkill, skillsDir);
+    return { success: true, skillFile: writtenPath };
+}
+//# sourceMappingURL=importer.js.map

package/dist/skill/importer.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"importer.js","sourceRoot":"","sources":["../../src/skill/importer.ts"],"names":[],"mappings":"AAAA,wBAAwB;AACxB,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAAE,eAAe,EAAE,MAAM,cAAc,CAAC;AAC/C,OAAO,EAAE,qBAAqB,EAAE,MAAM,WAAW,CAAC;AAClD,OAAO,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAoB5C;;;GAGG;AACH,MAAM,UAAU,cAAc,CAAC,KAAgB,EAAE,QAAiB;IAChE,6BAA6B;IAC7B,IAAI,CAAC,KAAK,CAAC,MAAM,IAAI,CAAC,KAAK,CAAC,OAAO,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,SAAS,CAAC,EAAE,CAAC;QACvE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,8BAA8B,EAAE,eAAe,EAAE,UAAU,EAAE,CAAC;IAC/F,CAAC;IAED,kBAAkB;IAClB,IAAI,eAAe,GAAwC,UAAU,CAAC;IACtE,IAAI,KAAK,CAAC,SAAS,EAAE,CAAC;QACpB,IAAI,QAAQ,IAAI,eAAe,CAAC,KAAK,EAAE,QAAQ,CAAC,EAAE,CAAC;YACjD,eAAe,GAAG,OAAO,CAAC;QAC5B,CAAC;aAAM,CAAC;YACN,OAAO;gBACL,KAAK,EAAE,KAAK;gBACZ,MAAM,EAAE,4FAA4F;gBACpG,eAAe,EAAE,SAAS;aAC3B,CAAC;QACJ,CAAC;IACH,CAAC;IAED,kBAAkB;IAClB,MAAM,UAAU,GAAG,qBAAqB,CAAC,KAAK,CAAC,CAAC;IAChD,IAAI,CAAC,UAAU,CAAC,IAAI,EAAE,CAAC;QACrB,OAAO;YACL,KAAK,EAAE,KAAK;YACZ,MAAM,EAAE,cAAc,UAAU,CAAC,MAAM,EAAE;YACzC,eAAe;SAChB,CAAC;IACJ,CAAC;IAED,OAAO;QACL,KAAK,EAAE,IAAI;QACX,eAAe;QACf,OAAO,EAAE;YACP,MAAM,EAAE,KAAK,CAAC,MAAM;YACpB,aAAa,EAAE,KAAK,CAAC,SAAS,CAAC,MAAM;YACrC,OAAO,EAAE,KAAK,CAAC,OAAO;SACvB;KACF,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,QAAgB,EAChB,SAAkB,EAClB,QAAiB;IAEjB,IAAI,OAAe,CAAC;IACpB,IAAI,CAAC;QACH,OAAO,GAAG,MAAM,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IAC9C,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,qBAAsB,GAAa,CAAC,OAAO,EAAE,EAAE,CAAC;IACnF,CAAC;IAED,IAAI,KAAgB,CAAC;IACrB,IAAI,CAAC;QACH,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IAC9B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,wBAAwB,EAAE,CAAC;IAC9D,CAAC;IAED,MAAM,UAAU,GAAG,cAAc,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC;IACnD,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,CAAC;QACtB,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,UAAU,CAAC,MAAM,EAAE,CAAC;IACvD,CAAC;IAED,0CAA0C;IAC1C,MAAM,aAAa,GAAc;QAC/B,GAAG,KAAK;QACR,UAAU,EAAE,UAAU;QACtB,SAAS,EAAE,SAAS;KACrB,CAAC;IAEF,MAAM,WAAW,GAAG,MAAM,cAAc,CAAC,aAAa,EAAE,SAAS,CAAC,CAAC;IACnE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,WAAW,EAAE,CAAC;AACnD,CAAC"}

package/dist/skill/search.d.ts

@@ -0,0 +1,19 @@
+export interface SearchResult {
+    domain: string;
+    endpointId: string;
+    method: string;
+    path: string;
+    tier: string;
+    verified: boolean;
+}
+export interface SearchResponse {
+    found: boolean;
+    results?: SearchResult[];
+    suggestion?: string;
+}
+/**
+ * Search skill files for endpoints matching a query.
+ * Matches against domain names, endpoint IDs, and endpoint paths.
+ * Query terms are matched case-insensitively.
+ */
+export declare function searchSkills(query: string, skillsDir?: string): Promise<SearchResponse>;

package/dist/skill/search.js

@@ -0,0 +1,51 @@
+// src/skill/search.ts
+import { listSkillFiles, readSkillFile } from './store.js';
+/**
+ * Search skill files for endpoints matching a query.
+ * Matches against domain names, endpoint IDs, and endpoint paths.
+ * Query terms are matched case-insensitively.
+ */
+export async function searchSkills(query, skillsDir) {
+    const summaries = await listSkillFiles(skillsDir);
+    if (summaries.length === 0) {
+        return {
+            found: false,
+            suggestion: 'No skill files found. Run `apitap capture <url>` to capture API traffic first.',
+        };
+    }
+    const terms = query.toLowerCase().split(/\s+/).filter(Boolean);
+    const results = [];
+    for (const summary of summaries) {
+        const skill = await readSkillFile(summary.domain, skillsDir);
+        if (!skill)
+            continue;
+        const domainLower = skill.domain.toLowerCase();
+        for (const ep of skill.endpoints) {
+            const endpointIdLower = ep.id.toLowerCase();
+            const pathLower = ep.path.toLowerCase();
+            const methodLower = ep.method.toLowerCase();
+            // Check if all query terms match against the combined searchable text
+            const searchText = `${domainLower} ${endpointIdLower} ${pathLower} ${methodLower}`;
+            const allMatch = terms.every(term => searchText.includes(term));
+            if (allMatch) {
+                results.push({
+                    domain: skill.domain,
+                    endpointId: ep.id,
+                    method: ep.method,
+                    path: ep.path,
+                    tier: ep.replayability?.tier ?? 'unknown',
+                    verified: ep.replayability?.verified ?? false,
+                });
+            }
+        }
+    }
+    if (results.length === 0) {
+        const domains = summaries.map(s => s.domain).join(', ');
+        return {
+            found: false,
+            suggestion: `No matches for "${query}". Available domains: ${domains}`,
+        };
+    }
+    return { found: true, results };
+}
+//# sourceMappingURL=search.js.map

package/dist/skill/search.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"search.js","sourceRoot":"","sources":["../../src/skill/search.ts"],"names":[],"mappings":"AAAA,sBAAsB;AACtB,OAAO,EAAE,cAAc,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAiB3D;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAChC,KAAa,EACb,SAAkB;IAElB,MAAM,SAAS,GAAG,MAAM,cAAc,CAAC,SAAS,CAAC,CAAC;IAClD,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC3B,OAAO;YACL,KAAK,EAAE,KAAK;YACZ,UAAU,EAAE,gFAAgF;SAC7F,CAAC;IACJ,CAAC;IAED,MAAM,KAAK,GAAG,KAAK,CAAC,WAAW,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAC/D,MAAM,OAAO,GAAmB,EAAE,CAAC;IAEnC,KAAK,MAAM,OAAO,IAAI,SAAS,EAAE,CAAC;QAChC,MAAM,KAAK,GAAG,MAAM,aAAa,CAAC,OAAO,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;QAC7D,IAAI,CAAC,KAAK;YAAE,SAAS;QAErB,MAAM,WAAW,GAAG,KAAK,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC;QAE/C,KAAK,MAAM,EAAE,IAAI,KAAK,CAAC,SAAS,EAAE,CAAC;YACjC,MAAM,eAAe,GAAG,EAAE,CAAC,EAAE,CAAC,WAAW,EAAE,CAAC;YAC5C,MAAM,SAAS,GAAG,EAAE,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;YACxC,MAAM,WAAW,GAAG,EAAE,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC;YAE5C,sEAAsE;YACtE,MAAM,UAAU,GAAG,GAAG,WAAW,IAAI,eAAe,IAAI,SAAS,IAAI,WAAW,EAAE,CAAC;YACnF,MAAM,QAAQ,GAAG,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC;YAEhE,IAAI,QAAQ,EAAE,CAAC;gBACb,OAAO,CAAC,IAAI,CAAC;oBACX,MAAM,EAAE,KAAK,CAAC,MAAM;oBACpB,UAAU,EAAE,EAAE,CAAC,EAAE;oBACjB,MAAM,EAAE,EAAE,CAAC,MAAM;oBACjB,IAAI,EAAE,EAAE,CAAC,IAAI;oBACb,IAAI,EAAE,EAAE,CAAC,aAAa,EAAE,IAAI,IAAI,SAAS;oBACzC,QAAQ,EAAE,EAAE,CAAC,aAAa,EAAE,QAAQ,IAAI,KAAK;iBAC9C,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACzB,MAAM,OAAO,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACxD,OAAO;YACL,KAAK,EAAE,KAAK;YACZ,UAAU,EAAE,mBAAmB,KAAK,yBAAyB,OAAO,EAAE;SACvE,CAAC;IACJ,CAAC;IAED,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;AAClC,CAAC"}

package/dist/skill/signing.d.ts

@@ -0,0 +1,16 @@
+import type { SkillFile } from '../types.js';
+/**
+ * Create a canonical JSON string from a skill file,
+ * excluding `signature` and `provenance` fields.
+ * This is the payload that gets signed.
+ */
+export declare function canonicalize(skill: SkillFile): string;
+/**
+ * Sign a skill file. Returns a new object with signature and provenance: 'self'.
+ */
+export declare function signSkillFile(skill: SkillFile, key: Buffer): SkillFile;
+/**
+ * Verify a skill file's signature.
+ * Returns true if the signature is valid for the given key.
+ */
+export declare function verifySignature(skill: SkillFile, key: Buffer): boolean;

package/dist/skill/signing.js

@@ -0,0 +1,34 @@
+// src/skill/signing.ts
+import { hmacSign, hmacVerify } from '../auth/crypto.js';
+/**
+ * Create a canonical JSON string from a skill file,
+ * excluding `signature` and `provenance` fields.
+ * This is the payload that gets signed.
+ */
+export function canonicalize(skill) {
+    const { signature: _sig, provenance: _prov, ...rest } = skill;
+    return JSON.stringify(rest, Object.keys(rest).sort());
+}
+/**
+ * Sign a skill file. Returns a new object with signature and provenance: 'self'.
+ */
+export function signSkillFile(skill, key) {
+    const payload = canonicalize(skill);
+    const signature = hmacSign(payload, key);
+    return {
+        ...skill,
+        provenance: 'self',
+        signature,
+    };
+}
+/**
+ * Verify a skill file's signature.
+ * Returns true if the signature is valid for the given key.
+ */
+export function verifySignature(skill, key) {
+    if (!skill.signature)
+        return false;
+    const payload = canonicalize(skill);
+    return hmacVerify(payload, skill.signature, key);
+}
+//# sourceMappingURL=signing.js.map

package/dist/skill/signing.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"signing.js","sourceRoot":"","sources":["../../src/skill/signing.ts"],"names":[],"mappings":"AAAA,uBAAuB;AACvB,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAGzD;;;;GAIG;AACH,MAAM,UAAU,YAAY,CAAC,KAAgB;IAC3C,MAAM,EAAE,SAAS,EAAE,IAAI,EAAE,UAAU,EAAE,KAAK,EAAE,GAAG,IAAI,EAAE,GAAG,KAAK,CAAC;IAC9D,OAAO,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;AACxD,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,aAAa,CAAC,KAAgB,EAAE,GAAW;IACzD,MAAM,OAAO,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC;IACpC,MAAM,SAAS,GAAG,QAAQ,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;IACzC,OAAO;QACL,GAAG,KAAK;QACR,UAAU,EAAE,MAAM;QAClB,SAAS;KACV,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,eAAe,CAAC,KAAgB,EAAE,GAAW;IAC3D,IAAI,CAAC,KAAK,CAAC,SAAS;QAAE,OAAO,KAAK,CAAC;IACnC,MAAM,OAAO,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC;IACpC,OAAO,UAAU,CAAC,OAAO,EAAE,KAAK,CAAC,SAAS,EAAE,GAAG,CAAC,CAAC;AACnD,CAAC"}

package/dist/skill/ssrf.d.ts

@@ -0,0 +1,27 @@
+import type { SkillFile } from '../types.js';
+export interface ValidationResult {
+    safe: boolean;
+    reason?: string;
+    resolvedUrl?: string;
+    resolvedIp?: string;
+    originalHost?: string;
+}
+/**
+ * Check if a URL is safe to replay (not targeting internal infrastructure).
+ */
+export declare function validateUrl(urlString: string): ValidationResult;
+/**
+ * Resolve hostname and validate the resolved IP against private ranges.
+ * Prevents DNS rebinding attacks where a domain resolves to 127.0.0.1.
+ */
+export declare function resolveAndValidateUrl(urlString: string): Promise<ValidationResult>;
+/**
+ * Validate all URLs in a skill file with DNS resolution.
+ * Checks baseUrl and all endpoint example URLs.
+ */
+export declare function resolveAndValidateSkillFileUrls(skill: SkillFile): Promise<ValidationResult>;
+/**
+ * Validate all URLs in a skill file (sync, hostname-based only).
+ * Checks baseUrl and all endpoint example URLs.
+ */
+export declare function validateSkillFileUrls(skill: SkillFile): ValidationResult;

package/dist/skill/ssrf.js

@@ -0,0 +1,210 @@
+// src/skill/ssrf.ts
+import { lookup } from 'node:dns/promises';
+const INTERNAL_HOSTNAMES = ['localhost'];
+const INTERNAL_SUFFIXES = ['.local', '.internal'];
+/**
+ * Check if a URL is safe to replay (not targeting internal infrastructure).
+ */
+export function validateUrl(urlString) {
+    let url;
+    try {
+        url = new URL(urlString);
+    }
+    catch {
+        return { safe: false, reason: 'Invalid URL' };
+    }
+    // Scheme check
+    if (url.protocol !== 'http:' && url.protocol !== 'https:') {
+        return { safe: false, reason: `Non-HTTP scheme: ${url.protocol}` };
+    }
+    const hostname = url.hostname;
+    // Exact internal hostnames
+    if (INTERNAL_HOSTNAMES.includes(hostname)) {
+        return { safe: false, reason: `URL targets internal hostname: ${hostname}` };
+    }
+    // Internal domain suffixes
+    for (const suffix of INTERNAL_SUFFIXES) {
+        if (hostname.endsWith(suffix)) {
+            return { safe: false, reason: `URL targets internal domain: ${hostname}` };
+        }
+    }
+    // IPv6 loopback
+    if (hostname === '[::1]' || hostname === '::1') {
+        return { safe: false, reason: 'URL targets IPv6 loopback' };
+    }
+    // IPv4-mapped IPv6 — dotted-quad form (e.g. [::ffff:127.0.0.1])
+    const v4MappedMatch = hostname.match(/^\[?::ffff:(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\]?$/i);
+    if (v4MappedMatch) {
+        return validateUrl(`${url.protocol}//${v4MappedMatch[1]}${url.port ? ':' + url.port : ''}${url.pathname}`);
+    }
+    // IPv4-mapped IPv6 — hex form (e.g. [::ffff:7f00:1], Node normalizes to this)
+    const v4MappedHexMatch = hostname.match(/^\[?::ffff:([0-9a-f]{1,4}):([0-9a-f]{1,4})\]?$/i);
+    if (v4MappedHexMatch) {
+        const hi = parseInt(v4MappedHexMatch[1], 16);
+        const lo = parseInt(v4MappedHexMatch[2], 16);
+        const ipv4 = `${(hi >> 8) & 0xff}.${hi & 0xff}.${(lo >> 8) & 0xff}.${lo & 0xff}`;
+        return validateUrl(`${url.protocol}//${ipv4}${url.port ? ':' + url.port : ''}${url.pathname}`);
+    }
+    // IPv6 link-local (fe80::/10)
+    if (/^\[?fe[89ab][0-9a-f]:/i.test(hostname)) {
+        return { safe: false, reason: `URL targets IPv6 link-local address: ${hostname}` };
+    }
+    // IPv6 unique local (fc00::/7 — includes fd00::/8)
+    if (/^\[?f[cd][0-9a-f]{2}:/i.test(hostname)) {
+        return { safe: false, reason: `URL targets IPv6 unique-local address: ${hostname}` };
+    }
+    // IPv4 private ranges
+    const ipv4Match = hostname.match(/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/);
+    if (ipv4Match) {
+        const [, a, b] = ipv4Match.map(Number);
+        const first = Number(a);
+        const second = Number(b);
+        // 0.0.0.0 — unspecified
+        if (first === 0) {
+            return { safe: false, reason: `URL targets unspecified address: ${hostname}` };
+        }
+        // 127.x.x.x — loopback
+        if (first === 127) {
+            return { safe: false, reason: `URL targets loopback address: ${hostname}` };
+        }
+        // 10.x.x.x — private
+        if (first === 10) {
+            return { safe: false, reason: `URL targets private IP: ${hostname}` };
+        }
+        // 172.16-31.x.x — private
+        if (first === 172 && second >= 16 && second <= 31) {
+            return { safe: false, reason: `URL targets private IP: ${hostname}` };
+        }
+        // 192.168.x.x — private
+        if (first === 192 && second === 168) {
+            return { safe: false, reason: `URL targets private IP: ${hostname}` };
+        }
+        // 169.254.x.x — link-local
+        if (first === 169 && second === 254) {
+            return { safe: false, reason: `URL targets link-local address: ${hostname}` };
+        }
+    }
+    return { safe: true };
+}
+/**
+ * Check if a resolved IP address is in a private/reserved range.
+ */
+function isPrivateIp(ip) {
+    // IPv6 loopback
+    if (ip === '::1')
+        return 'IPv6 loopback';
+    // IPv6 link-local (fe80::/10)
+    if (/^fe[89ab][0-9a-f]:/i.test(ip))
+        return 'IPv6 link-local';
+    // IPv6 unique local (fc00::/7 — includes fd00::/8)
+    if (/^f[cd][0-9a-f]{2}:/i.test(ip))
+        return 'IPv6 unique-local';
+    // IPv4-mapped IPv6 (e.g. ::ffff:127.0.0.1)
+    const v4mapped = ip.match(/^::ffff:(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})$/i);
+    const ipv4 = v4mapped ? v4mapped[1] : ip;
+    const parts = ipv4.match(/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/);
+    if (!parts)
+        return null; // Not an IPv4 — let it pass (non-private IPv6)
+    const [, a, b] = parts;
+    const first = Number(a);
+    const second = Number(b);
+    if (first === 127)
+        return 'loopback';
+    if (first === 10)
+        return 'private (10.x)';
+    if (first === 172 && second >= 16 && second <= 31)
+        return 'private (172.16-31.x)';
+    if (first === 192 && second === 168)
+        return 'private (192.168.x)';
+    if (first === 169 && second === 254)
+        return 'link-local';
+    if (first === 0)
+        return 'unspecified';
+    return null;
+}
+/**
+ * Resolve hostname and validate the resolved IP against private ranges.
+ * Prevents DNS rebinding attacks where a domain resolves to 127.0.0.1.
+ */
+export async function resolveAndValidateUrl(urlString) {
+    // First run the sync hostname-based checks
+    const syncResult = validateUrl(urlString);
+    if (!syncResult.safe)
+        return syncResult;
+    let url;
+    try {
+        url = new URL(urlString);
+    }
+    catch {
+        return { safe: false, reason: 'Invalid URL' };
+    }
+    const hostname = url.hostname;
+    // Skip DNS resolution for raw IPs (already checked by validateUrl)
+    if (hostname.match(/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/) || hostname.startsWith('[')) {
+        return { safe: true };
+    }
+    // Resolve DNS and check the actual IP
+    try {
+        const { address } = await lookup(hostname);
+        const privateReason = isPrivateIp(address);
+        if (privateReason) {
+            return { safe: false, reason: `DNS rebinding: ${hostname} resolves to ${address} (${privateReason})` };
+        }
+        // Return the resolved URL with IP pinned to prevent DNS rebinding
+        const pinnedUrl = new URL(urlString);
+        pinnedUrl.hostname = address;
+        return {
+            safe: true,
+            resolvedUrl: pinnedUrl.toString(),
+            resolvedIp: address,
+            originalHost: hostname
+        };
+    }
+    catch {
+        // DNS resolution failed — hostname doesn't exist
+        return { safe: false, reason: `DNS resolution failed for ${hostname}` };
+    }
+}
+/**
+ * Validate all URLs in a skill file with DNS resolution.
+ * Checks baseUrl and all endpoint example URLs.
+ */
+export async function resolveAndValidateSkillFileUrls(skill) {
+    const baseResult = await resolveAndValidateUrl(skill.baseUrl);
+    if (!baseResult.safe) {
+        return { safe: false, reason: `baseUrl: ${baseResult.reason}` };
+    }
+    for (const ep of skill.endpoints) {
+        const exUrl = ep.examples?.request?.url;
+        if (exUrl) {
+            const result = await resolveAndValidateUrl(exUrl);
+            if (!result.safe) {
+                return { safe: false, reason: `endpoint ${ep.id}: ${result.reason}` };
+            }
+        }
+    }
+    return { safe: true };
+}
+/**
+ * Validate all URLs in a skill file (sync, hostname-based only).
+ * Checks baseUrl and all endpoint example URLs.
+ */
+export function validateSkillFileUrls(skill) {
+    // Check baseUrl
+    const baseResult = validateUrl(skill.baseUrl);
+    if (!baseResult.safe) {
+        return { safe: false, reason: `baseUrl: ${baseResult.reason}` };
+    }
+    // Check endpoint example URLs
+    for (const ep of skill.endpoints) {
+        const exUrl = ep.examples?.request?.url;
+        if (exUrl) {
+            const result = validateUrl(exUrl);
+            if (!result.safe) {
+                return { safe: false, reason: `endpoint ${ep.id}: ${result.reason}` };
+            }
+        }
+    }
+    return { safe: true };
+}
+//# sourceMappingURL=ssrf.js.map

package/dist/skill/ssrf.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ssrf.js","sourceRoot":"","sources":["../../src/skill/ssrf.ts"],"names":[],"mappings":"AAAA,oBAAoB;AACpB,OAAO,EAAE,MAAM,EAAE,MAAM,mBAAmB,CAAC;AAW3C,MAAM,kBAAkB,GAAG,CAAC,WAAW,CAAC,CAAC;AACzC,MAAM,iBAAiB,GAAG,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC;AAElD;;GAEG;AACH,MAAM,UAAU,WAAW,CAAC,SAAiB;IAC3C,IAAI,GAAQ,CAAC;IACb,IAAI,CAAC;QACH,GAAG,GAAG,IAAI,GAAG,CAAC,SAAS,CAAC,CAAC;IAC3B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE,aAAa,EAAE,CAAC;IAChD,CAAC;IAED,eAAe;IACf,IAAI,GAAG,CAAC,QAAQ,KAAK,OAAO,IAAI,GAAG,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAC1D,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE,oBAAoB,GAAG,CAAC,QAAQ,EAAE,EAAE,CAAC;IACrE,CAAC;IAED,MAAM,QAAQ,GAAG,GAAG,CAAC,QAAQ,CAAC;IAE9B,2BAA2B;IAC3B,IAAI,kBAAkB,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC1C,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE,kCAAkC,QAAQ,EAAE,EAAE,CAAC;IAC/E,CAAC;IAED,2BAA2B;IAC3B,KAAK,MAAM,MAAM,IAAI,iBAAiB,EAAE,CAAC;QACvC,IAAI,QAAQ,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YAC9B,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE,gCAAgC,QAAQ,EAAE,EAAE,CAAC;QAC7E,CAAC;IACH,CAAC;IAED,gBAAgB;IAChB,IAAI,QAAQ,KAAK,OAAO,IAAI,QAAQ,KAAK,KAAK,EAAE,CAAC;QAC/C,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE,2BAA2B,EAAE,CAAC;IAC9D,CAAC;IAED,gEAAgE;IAChE,MAAM,aAAa,GAAG,QAAQ,CAAC,KAAK,CAAC,sDAAsD,CAAC,CAAC;IAC7F,IAAI,aAAa,EAAE,CAAC;QAClB,OAAO,WAAW,CAAC,GAAG,GAAG,CAAC,QAAQ,KAAK,aAAa,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,GAAG,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,GAAG,GAAG,CAAC,QAAQ,EAAE,CAAC,CAAC;IAC7G,CAAC;IAED,8EAA8E;IAC9E,MAAM,gBAAgB,GAAG,QAAQ,CAAC,KAAK,CAAC,iDAAiD,CAAC,CAAC;IAC3F,IAAI,gBAAgB,EAAE,CAAC;QACrB,MAAM,EAAE,GAAG,QAAQ,CAAC,gBAAgB,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QAC7C,MAAM,EAAE,GAAG,QAAQ,CAAC,gBAAgB,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QAC7C,MAAM,IAAI,GAAG,GAAG,CAAC,EAAE,IAAI,CAAC,CAAC,GAAG,IAAI,IAAI,EAAE,GAAG,IAAI,IAAI,CAAC,EAAE,IAAI,CAAC,CAAC,GAAG,IAAI,IAAI,EAAE,GAAG,IAAI,EAAE,CAAC;QACjF,OAAO,WAAW,CAAC,GAAG,GAAG,CAAC,QAAQ,KAAK,IAAI,GAAG,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,GAAG,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,GAAG,GAAG,CAAC,QAAQ,EAAE,CAAC,CAAC;IACjG,CAAC;IAED,8BAA8B;IAC9B,IAAI,wBAAwB,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC5C,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE,wCAAwC,QAAQ,EAAE,EAAE,CAAC;IACrF,CAAC;IAED,mDAAmD;IACnD,IAAI,wBAAwB,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC5C,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE,0CAA0C,QAAQ,EAAE,EAAE,CAAC;IACvF,CAAC;IAED,sBAAsB;IACtB,MAAM,SAAS,GAAG,QAAQ,CAAC,KAAK,CAAC,8CAA8C,CAAC,CAAC;IACjF,IAAI,SAAS,EAAE,CAAC;QACd,MAAM,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,GAAG,SAAS,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QACvC,MAAM,KAAK,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;QACxB,MAAM,MAAM,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;QAEzB,wBAAwB;QACxB,IAAI,KAAK,KAAK,CAAC,EAAE,CAAC;YAChB,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE,oCAAoC,QAAQ,EAAE,EAAE,CAAC;QACjF,CAAC;QACD,uBAAuB;QACvB,IAAI,KAAK,KAAK,GAAG,EAAE,CAAC;YAClB,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE,iCAAiC,QAAQ,EAAE,EAAE,CAAC;QAC9E,CAAC;QACD,qBAAqB;QACrB,IAAI,KAAK,KAAK,EAAE,EAAE,CAAC;YACjB,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE,2BAA2B,QAAQ,EAAE,EAAE,CAAC;QACxE,CAAC;QACD,0BAA0B;QAC1B,IAAI,KAAK,KAAK,GAAG,IAAI,MAAM,IAAI,EAAE,IAAI,MAAM,IAAI,EAAE,EAAE,CAAC;YAClD,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE,2BAA2B,QAAQ,EAAE,EAAE,CAAC;QACxE,CAAC;QACD,wBAAwB;QACxB,IAAI,KAAK,KAAK,GAAG,IAAI,MAAM,KAAK,GAAG,EAAE,CAAC;YACpC,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE,2BAA2B,QAAQ,EAAE,EAAE,CAAC;QACxE,CAAC;QACD,2BAA2B;QAC3B,IAAI,KAAK,KAAK,GAAG,IAAI,MAAM,KAAK,GAAG,EAAE,CAAC;YACpC,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE,mCAAmC,QAAQ,EAAE,EAAE,CAAC;QAChF,CAAC;IACH,CAAC;IAED,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;AACxB,CAAC;AAED;;GAEG;AACH,SAAS,WAAW,CAAC,EAAU;IAC7B,gBAAgB;IAChB,IAAI,EAAE,KAAK,KAAK;QAAE,OAAO,eAAe,CAAC;IAEzC,8BAA8B;IAC9B,IAAI,qBAAqB,CAAC,IAAI,CAAC,EAAE,CAAC;QAAE,OAAO,iBAAiB,CAAC;IAE7D,mDAAmD;IACnD,IAAI,qBAAqB,CAAC,IAAI,CAAC,EAAE,CAAC;QAAE,OAAO,mBAAmB,CAAC;IAE/D,2CAA2C;IAC3C,MAAM,QAAQ,GAAG,EAAE,CAAC,KAAK,CAAC,gDAAgD,CAAC,CAAC;IAC5E,MAAM,IAAI,GAAG,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;IAEzC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,8CAA8C,CAAC,CAAC;IACzE,IAAI,CAAC,KAAK;QAAE,OAAO,IAAI,CAAC,CAAC,+CAA+C;IAExE,MAAM,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,GAAG,KAAK,CAAC;IACvB,MAAM,KAAK,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;IACxB,MAAM,MAAM,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;IAEzB,IAAI,KAAK,KAAK,GAAG;QAAE,OAAO,UAAU,CAAC;IACrC,IAAI,KAAK,KAAK,EAAE;QAAE,OAAO,gBAAgB,CAAC;IAC1C,IAAI,KAAK,KAAK,GAAG,IAAI,MAAM,IAAI,EAAE,IAAI,MAAM,IAAI,EAAE;QAAE,OAAO,uBAAuB,CAAC;IAClF,IAAI,KAAK,KAAK,GAAG,IAAI,MAAM,KAAK,GAAG;QAAE,OAAO,qBAAqB,CAAC;IAClE,IAAI,KAAK,KAAK,GAAG,IAAI,MAAM,KAAK,GAAG;QAAE,OAAO,YAAY,CAAC;IACzD,IAAI,KAAK,KAAK,CAAC;QAAE,OAAO,aAAa,CAAC;IAEtC,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,qBAAqB,CAAC,SAAiB;IAC3D,2CAA2C;IAC3C,MAAM,UAAU,GAAG,WAAW,CAAC,SAAS,CAAC,CAAC;IAC1C,IAAI,CAAC,UAAU,CAAC,IAAI;QAAE,OAAO,UAAU,CAAC;IAExC,IAAI,GAAQ,CAAC;IACb,IAAI,CAAC;QACH,GAAG,GAAG,IAAI,GAAG,CAAC,SAAS,CAAC,CAAC;IAC3B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE,aAAa,EAAE,CAAC;IAChD,CAAC;IAED,MAAM,QAAQ,GAAG,GAAG,CAAC,QAAQ,CAAC;IAE9B,mEAAmE;IACnE,IAAI,QAAQ,CAAC,KAAK,CAAC,sCAAsC,CAAC,IAAI,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QACvF,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;IACxB,CAAC;IAED,sCAAsC;IACtC,IAAI,CAAC;QACH,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,MAAM,CAAC,QAAQ,CAAC,CAAC;QAC3C,MAAM,aAAa,GAAG,WAAW,CAAC,OAAO,CAAC,CAAC;QAC3C,IAAI,aAAa,EAAE,CAAC;YAClB,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE,kBAAkB,QAAQ,gBAAgB,OAAO,KAAK,aAAa,GAAG,EAAE,CAAC;QACzG,CAAC;QAED,kEAAkE;QAClE,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,SAAS,CAAC,CAAC;QACrC,SAAS,CAAC,QAAQ,GAAG,OAAO,CAAC;QAC7B,OAAO;YACL,IAAI,EAAE,IAAI;YACV,WAAW,EAAE,SAAS,CAAC,QAAQ,EAAE;YACjC,UAAU,EAAE,OAAO;YACnB,YAAY,EAAE,QAAQ;SACvB,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,iDAAiD;QACjD,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE,6BAA6B,QAAQ,EAAE,EAAE,CAAC;IAC1E,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,+BAA+B,CAAC,KAAgB;IACpE,MAAM,UAAU,GAAG,MAAM,qBAAqB,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IAC9D,IAAI,CAAC,UAAU,CAAC,IAAI,EAAE,CAAC;QACrB,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE,YAAY,UAAU,CAAC,MAAM,EAAE,EAAE,CAAC;IAClE,CAAC;IAED,KAAK,MAAM,EAAE,IAAI,KAAK,CAAC,SAAS,EAAE,CAAC;QACjC,MAAM,KAAK,GAAG,EAAE,CAAC,QAAQ,EAAE,OAAO,EAAE,GAAG,CAAC;QACxC,IAAI,KAAK,EAAE,CAAC;YACV,MAAM,MAAM,GAAG,MAAM,qBAAqB,CAAC,KAAK,CAAC,CAAC;YAClD,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;gBACjB,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE,YAAY,EAAE,CAAC,EAAE,KAAK,MAAM,CAAC,MAAM,EAAE,EAAE,CAAC;YACxE,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;AACxB,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,qBAAqB,CAAC,KAAgB;IACpD,gBAAgB;IAChB,MAAM,UAAU,GAAG,WAAW,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IAC9C,IAAI,CAAC,UAAU,CAAC,IAAI,EAAE,CAAC;QACrB,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE,YAAY,UAAU,CAAC,MAAM,EAAE,EAAE,CAAC;IAClE,CAAC;IAED,8BAA8B;IAC9B,KAAK,MAAM,EAAE,IAAI,KAAK,CAAC,SAAS,EAAE,CAAC;QACjC,MAAM,KAAK,GAAG,EAAE,CAAC,QAAQ,EAAE,OAAO,EAAE,GAAG,CAAC;QACxC,IAAI,KAAK,EAAE,CAAC;YACV,MAAM,MAAM,GAAG,WAAW,CAAC,KAAK,CAAC,CAAC;YAClC,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;gBACjB,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE,YAAY,EAAE,CAAC,EAAE,KAAK,MAAM,CAAC,MAAM,EAAE,EAAE,CAAC;YACxE,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;AACxB,CAAC"}

package/dist/skill/store.d.ts

@@ -0,0 +1,7 @@
+import type { SkillFile, SkillSummary } from '../types.js';
+export declare function writeSkillFile(skill: SkillFile, skillsDir?: string): Promise<string>;
+export declare function readSkillFile(domain: string, skillsDir?: string, options?: {
+    verifySignature?: boolean;
+    signingKey?: Buffer;
+}): Promise<SkillFile | null>;
+export declare function listSkillFiles(skillsDir?: string): Promise<SkillSummary[]>;

package/dist/skill/store.js

@@ -0,0 +1,93 @@
+// src/skill/store.ts
+import { readFile, writeFile, mkdir, readdir, access } from 'node:fs/promises';
+import { join, dirname } from 'node:path';
+import { homedir } from 'node:os';
+const DEFAULT_SKILLS_DIR = join(homedir(), '.apitap', 'skills');
+const BASE_GITIGNORE = `# ApiTap — prevent accidental credential commits
+auth.enc
+*.key
+`;
+function skillPath(domain, skillsDir) {
+    if (!/^[a-zA-Z0-9][a-zA-Z0-9._-]*$/.test(domain)) {
+        throw new Error(`Invalid domain: ${domain}`);
+    }
+    return join(skillsDir, `${domain}.json`);
+}
+async function ensureGitignore(skillsDir) {
+    const baseDir = dirname(skillsDir);
+    const gitignorePath = join(baseDir, '.gitignore');
+    try {
+        await access(gitignorePath);
+        // File exists, don't overwrite
+    }
+    catch {
+        // File doesn't exist, create it
+        await mkdir(baseDir, { recursive: true });
+        await writeFile(gitignorePath, BASE_GITIGNORE);
+    }
+}
+export async function writeSkillFile(skill, skillsDir = DEFAULT_SKILLS_DIR) {
+    await mkdir(skillsDir, { recursive: true });
+    await ensureGitignore(skillsDir);
+    const filePath = skillPath(skill.domain, skillsDir);
+    await writeFile(filePath, JSON.stringify(skill, null, 2) + '\n');
+    return filePath;
+}
+export async function readSkillFile(domain, skillsDir = DEFAULT_SKILLS_DIR, options) {
+    // Validate domain before file I/O — path traversal should throw, not return null
+    const path = skillPath(domain, skillsDir);
+    try {
+        const content = await readFile(path, 'utf-8');
+        const skill = JSON.parse(content);
+        // If verification requested, check signature
+        if (options?.verifySignature && options.signingKey) {
+            if (skill.provenance === 'imported') {
+                // Imported files had foreign signature stripped — can't verify, warn only
+                // Future: re-sign on import with local key
+            }
+            else if (!skill.signature) {
+                // No signature present on non-imported file
+                throw new Error(`Skill file for ${domain} has no signature — file may be tampered`);
+            }
+            else {
+                const { verifySignature } = await import('./signing.js');
+                if (!verifySignature(skill, options.signingKey)) {
+                    throw new Error(`Skill file signature verification failed for ${domain} — file may be tampered`);
+                }
+            }
+        }
+        return skill;
+    }
+    catch (e) {
+        if (e.code === 'ENOENT')
+            return null;
+        throw e;
+    }
+}
+export async function listSkillFiles(skillsDir = DEFAULT_SKILLS_DIR) {
+    let files;
+    try {
+        files = await readdir(skillsDir);
+    }
+    catch {
+        return [];
+    }
+    const summaries = [];
+    for (const file of files) {
+        if (!file.endsWith('.json'))
+            continue;
+        const domain = file.replace(/\.json$/, '');
+        const skill = await readSkillFile(domain, skillsDir);
+        if (skill) {
+            summaries.push({
+                domain: skill.domain,
+                skillFile: join(skillsDir, file),
+                endpointCount: skill.endpoints.length,
+                capturedAt: skill.capturedAt,
+                provenance: skill.provenance ?? 'unsigned',
+            });
+        }
+    }
+    return summaries;
+}
+//# sourceMappingURL=store.js.map

package/dist/skill/store.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"store.js","sourceRoot":"","sources":["../../src/skill/store.ts"],"names":[],"mappings":"AAAA,qBAAqB;AACrB,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,kBAAkB,CAAC;AAC/E,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAC1C,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAGlC,MAAM,kBAAkB,GAAG,IAAI,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,QAAQ,CAAC,CAAC;AAEhE,MAAM,cAAc,GAAG;;;CAGtB,CAAC;AAEF,SAAS,SAAS,CAAC,MAAc,EAAE,SAAiB;IAClD,IAAI,CAAC,8BAA8B,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;QACjD,MAAM,IAAI,KAAK,CAAC,mBAAmB,MAAM,EAAE,CAAC,CAAC;IAC/C,CAAC;IACD,OAAO,IAAI,CAAC,SAAS,EAAE,GAAG,MAAM,OAAO,CAAC,CAAC;AAC3C,CAAC;AAED,KAAK,UAAU,eAAe,CAAC,SAAiB;IAC9C,MAAM,OAAO,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC;IACnC,MAAM,aAAa,GAAG,IAAI,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;IAElD,IAAI,CAAC;QACH,MAAM,MAAM,CAAC,aAAa,CAAC,CAAC;QAC5B,+BAA+B;IACjC,CAAC;IAAC,MAAM,CAAC;QACP,gCAAgC;QAChC,MAAM,KAAK,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC1C,MAAM,SAAS,CAAC,aAAa,EAAE,cAAc,CAAC,CAAC;IACjD,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,KAAgB,EAChB,YAAoB,kBAAkB;IAEtC,MAAM,KAAK,CAAC,SAAS,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAC5C,MAAM,eAAe,CAAC,SAAS,CAAC,CAAC;IACjC,MAAM,QAAQ,GAAG,SAAS,CAAC,KAAK,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;IACpD,MAAM,SAAS,CAAC,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;IACjE,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,MAAc,EACd,YAAoB,kBAAkB,EACtC,OAA4D;IAE5D,iFAAiF;IACjF,MAAM,IAAI,GAAG,SAAS,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;IAC1C,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;QAC9C,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAc,CAAC;QAE/C,6CAA6C;QAC7C,IAAI,OAAO,EAAE,eAAe,IAAI,OAAO,CAAC,UAAU,EAAE,CAAC;YACnD,IAAI,KAAK,CAAC,UAAU,KAAK,UAAU,EAAE,CAAC;gBACpC,0EAA0E;gBAC1E,2CAA2C;YAC7C,CAAC;iBAAM,IAAI,CAAC,KAAK,CAAC,SAAS,EAAE,CAAC;gBAC5B,4CAA4C;gBAC5C,MAAM,IAAI,KAAK,CAAC,kBAAkB,MAAM,0CAA0C,CAAC,CAAC;YACtF,CAAC;iBAAM,CAAC;gBACN,MAAM,EAAE,eAAe,EAAE,GAAG,MAAM,MAAM,CAAC,cAAc,CAAC,CAAC;gBACzD,IAAI,CAAC,eAAe,CAAC,KAAK,EAAE,OAAO,CAAC,UAAU,CAAC,EAAE,CAAC;oBAChD,MAAM,IAAI,KAAK,CAAC,gDAAgD,MAAM,yBAAyB,CAAC,CAAC;gBACnG,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAAC,OAAO,CAAU,EAAE,CAAC;QACpB,IAAK,CAA2B,CAAC,IAAI,KAAK,QAAQ;YAAE,OAAO,IAAI,CAAC;QAChE,MAAM,CAAC,CAAC;IACV,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,YAAoB,kBAAkB;IAEtC,IAAI,KAAe,CAAC;IACpB,IAAI,CAAC;QACH,KAAK,GAAG,MAAM,OAAO,CAAC,SAAS,CAAC,CAAC;IACnC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,MAAM,SAAS,GAAmB,EAAE,CAAC;IACrC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC;YAAE,SAAS;QACtC,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;QAC3C,MAAM,KAAK,GAAG,MAAM,aAAa,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;QACrD,IAAI,KAAK,EAAE,CAAC;YACV,SAAS,CAAC,IAAI,CAAC;gBACb,MAAM,EAAE,KAAK,CAAC,MAAM;gBACpB,SAAS,EAAE,IAAI,CAAC,SAAS,EAAE,IAAI,CAAC;gBAChC,aAAa,EAAE,KAAK,CAAC,SAAS,CAAC,MAAM;gBACrC,UAAU,EAAE,KAAK,CAAC,UAAU;gBAC5B,UAAU,EAAE,KAAK,CAAC,UAAU,IAAI,UAAU;aAC3C,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC"}

package/dist/stats/report.d.ts

@@ -0,0 +1,26 @@
+export interface DomainStats {
+    domain: string;
+    endpoints: number;
+    replayable: number;
+    domBytes: number;
+    totalNetworkBytes: number;
+    skillFileBytes: number;
+    totalResponseBytes: number;
+    browserTokens: number;
+    replayTokens: number;
+    savingsPercent: number;
+}
+export interface StatsReport {
+    domains: DomainStats[];
+    totals: {
+        domains: number;
+        endpoints: number;
+        replayable: number;
+        totalDomBytes: number;
+        browserTokens: number;
+        replayTokens: number;
+        savingsPercent: number;
+    };
+}
+export declare function generateStatsReport(skillsDir?: string): Promise<StatsReport>;
+export declare function formatStatsHuman(report: StatsReport): string;