@cleocode/caamp 0.1.0

package/dist/chunk-63BH7QMR.js

@@ -0,0 +1,1998 @@
+// src/core/registry/providers.ts
+import { readFileSync, existsSync } from "fs";
+import { homedir } from "os";
+import { join, dirname } from "path";
+import { fileURLToPath } from "url";
+function findRegistryPath() {
+  const thisDir = dirname(fileURLToPath(import.meta.url));
+  const devPath = join(thisDir, "..", "..", "..", "providers", "registry.json");
+  if (existsSync(devPath)) return devPath;
+  const distPath = join(thisDir, "..", "providers", "registry.json");
+  if (existsSync(distPath)) return distPath;
+  let dir = thisDir;
+  for (let i = 0; i < 5; i++) {
+    const candidate = join(dir, "providers", "registry.json");
+    if (existsSync(candidate)) return candidate;
+    dir = dirname(dir);
+  }
+  throw new Error(`Cannot find providers/registry.json (searched from ${thisDir})`);
+}
+var _registry = null;
+var _providers = null;
+var _aliasMap = null;
+function getPlatformPaths() {
+  const home = homedir();
+  const platform = process.platform;
+  if (platform === "win32") {
+    const appData = process.env["APPDATA"] ?? join(home, "AppData", "Roaming");
+    return {
+      config: appData,
+      vscodeConfig: join(appData, "Code", "User"),
+      zedConfig: join(appData, "Zed"),
+      claudeDesktopConfig: join(appData, "Claude")
+    };
+  } else if (platform === "darwin") {
+    return {
+      config: process.env["XDG_CONFIG_HOME"] ?? join(home, ".config"),
+      vscodeConfig: join(home, "Library", "Application Support", "Code", "User"),
+      zedConfig: join(home, "Library", "Application Support", "Zed"),
+      claudeDesktopConfig: join(home, "Library", "Application Support", "Claude")
+    };
+  } else {
+    const config = process.env["XDG_CONFIG_HOME"] ?? join(home, ".config");
+    return {
+      config,
+      vscodeConfig: join(config, "Code", "User"),
+      zedConfig: join(config, "zed"),
+      claudeDesktopConfig: join(config, "Claude")
+    };
+  }
+}
+function resolvePath(template) {
+  const home = homedir();
+  const paths = getPlatformPaths();
+  return template.replace(/\$HOME/g, home).replace(/\$CONFIG/g, paths.config).replace(/\$VSCODE_CONFIG/g, paths.vscodeConfig).replace(/\$ZED_CONFIG/g, paths.zedConfig).replace(/\$CLAUDE_DESKTOP_CONFIG/g, paths.claudeDesktopConfig);
+}
+function resolveProvider(raw) {
+  return {
+    id: raw.id,
+    toolName: raw.toolName,
+    vendor: raw.vendor,
+    agentFlag: raw.agentFlag,
+    aliases: raw.aliases,
+    pathGlobal: resolvePath(raw.pathGlobal),
+    pathProject: raw.pathProject,
+    instructFile: raw.instructFile,
+    configKey: raw.configKey,
+    configFormat: raw.configFormat,
+    configPathGlobal: resolvePath(raw.configPathGlobal),
+    configPathProject: raw.configPathProject,
+    pathSkills: resolvePath(raw.pathSkills),
+    pathProjectSkills: raw.pathProjectSkills,
+    detection: {
+      methods: raw.detection.methods,
+      binary: raw.detection.binary,
+      directories: raw.detection.directories?.map(resolvePath),
+      appBundle: raw.detection.appBundle,
+      flatpakId: raw.detection.flatpakId
+    },
+    supportedTransports: raw.supportedTransports,
+    supportsHeaders: raw.supportsHeaders,
+    priority: raw.priority,
+    status: raw.status,
+    agentSkillsCompatible: raw.agentSkillsCompatible
+  };
+}
+function loadRegistry() {
+  if (_registry) return _registry;
+  const registryPath = findRegistryPath();
+  const raw = readFileSync(registryPath, "utf-8");
+  _registry = JSON.parse(raw);
+  return _registry;
+}
+function ensureProviders() {
+  if (_providers) return;
+  const registry = loadRegistry();
+  _providers = /* @__PURE__ */ new Map();
+  _aliasMap = /* @__PURE__ */ new Map();
+  for (const [id, raw] of Object.entries(registry.providers)) {
+    const provider = resolveProvider(raw);
+    _providers.set(id, provider);
+    for (const alias of provider.aliases) {
+      _aliasMap.set(alias, id);
+    }
+  }
+}
+function getAllProviders() {
+  ensureProviders();
+  return Array.from(_providers.values());
+}
+function getProvider(idOrAlias) {
+  ensureProviders();
+  const resolved = _aliasMap.get(idOrAlias) ?? idOrAlias;
+  return _providers.get(resolved);
+}
+function resolveAlias(idOrAlias) {
+  ensureProviders();
+  return _aliasMap.get(idOrAlias) ?? idOrAlias;
+}
+function getProvidersByPriority(priority) {
+  return getAllProviders().filter((p) => p.priority === priority);
+}
+function getProvidersByStatus(status) {
+  return getAllProviders().filter((p) => p.status === status);
+}
+function getProvidersByInstructFile(file) {
+  return getAllProviders().filter((p) => p.instructFile === file);
+}
+function getInstructionFiles() {
+  const files = /* @__PURE__ */ new Set();
+  for (const p of getAllProviders()) {
+    files.add(p.instructFile);
+  }
+  return Array.from(files);
+}
+function getProviderCount() {
+  ensureProviders();
+  return _providers.size;
+}
+function getRegistryVersion() {
+  return loadRegistry().version;
+}
+
+// src/core/registry/detection.ts
+import { existsSync as existsSync2 } from "fs";
+import { execFileSync } from "child_process";
+import { join as join2 } from "path";
+function checkBinary(binary) {
+  try {
+    execFileSync("which", [binary], { stdio: "pipe" });
+    return true;
+  } catch {
+    return false;
+  }
+}
+function checkDirectory(dir) {
+  return existsSync2(dir);
+}
+function checkAppBundle(appName) {
+  if (process.platform !== "darwin") return false;
+  return existsSync2(join2("/Applications", appName));
+}
+function checkFlatpak(flatpakId) {
+  if (process.platform !== "linux") return false;
+  try {
+    execFileSync("flatpak", ["info", flatpakId], { stdio: "pipe" });
+    return true;
+  } catch {
+    return false;
+  }
+}
+function detectProvider(provider) {
+  const matchedMethods = [];
+  const detection = provider.detection;
+  for (const method of detection.methods) {
+    switch (method) {
+      case "binary":
+        if (detection.binary && checkBinary(detection.binary)) {
+          matchedMethods.push("binary");
+        }
+        break;
+      case "directory":
+        if (detection.directories) {
+          for (const dir of detection.directories) {
+            if (checkDirectory(dir)) {
+              matchedMethods.push("directory");
+              break;
+            }
+          }
+        }
+        break;
+      case "appBundle":
+        if (detection.appBundle && checkAppBundle(detection.appBundle)) {
+          matchedMethods.push("appBundle");
+        }
+        break;
+      case "flatpak":
+        if (detection.flatpakId && checkFlatpak(detection.flatpakId)) {
+          matchedMethods.push("flatpak");
+        }
+        break;
+    }
+  }
+  return {
+    provider,
+    installed: matchedMethods.length > 0,
+    methods: matchedMethods,
+    projectDetected: false
+  };
+}
+function detectProjectProvider(provider, projectDir) {
+  if (!provider.pathProject) return false;
+  return existsSync2(join2(projectDir, provider.pathProject));
+}
+function detectAllProviders() {
+  const providers = getAllProviders();
+  return providers.map(detectProvider);
+}
+function getInstalledProviders() {
+  return detectAllProviders().filter((r) => r.installed).map((r) => r.provider);
+}
+function detectProjectProviders(projectDir) {
+  const results = detectAllProviders();
+  return results.map((r) => ({
+    ...r,
+    projectDetected: detectProjectProvider(r.provider, projectDir)
+  }));
+}
+
+// src/core/sources/parser.ts
+var GITHUB_SHORTHAND = /^([a-zA-Z0-9_.-]+)\/([a-zA-Z0-9_.-]+)(?:\/(.+))?$/;
+var GITHUB_URL = /^https?:\/\/(?:www\.)?github\.com\/([^/]+)\/([^/]+)(?:\/tree\/([^/]+)(?:\/(.+))?)?/;
+var GITLAB_URL = /^https?:\/\/(?:www\.)?gitlab\.com\/([^/]+)\/([^/]+)(?:\/-\/tree\/([^/]+)(?:\/(.+))?)?/;
+var HTTP_URL = /^https?:\/\//;
+var NPM_SCOPED = /^@[a-zA-Z0-9_.-]+\/[a-zA-Z0-9_.-]+$/;
+var NPM_PACKAGE = /^[a-zA-Z0-9_.-]+$/;
+function inferName(source, type) {
+  if (type === "remote") {
+    try {
+      const url = new URL(source);
+      const parts = url.hostname.split(".");
+      if (parts.length >= 2) {
+        const brand = parts.length === 3 ? parts[parts.length - 2] : parts[0];
+        if (brand !== "www" && brand !== "api" && brand !== "mcp") {
+          return brand;
+        }
+        return parts[parts.length - 2] ?? parts[0];
+      }
+      return parts[0];
+    } catch {
+      return source;
+    }
+  }
+  if (type === "package") {
+    let name = source.replace(/^@[^/]+\//, "");
+    name = name.replace(/^mcp-server-/, "");
+    name = name.replace(/^server-/, "");
+    name = name.replace(/-mcp$/, "");
+    name = name.replace(/-server$/, "");
+    return name;
+  }
+  if (type === "github" || type === "gitlab") {
+    const match = source.match(/\/([^/]+?)(?:\.git)?$/);
+    return match?.[1] ?? source;
+  }
+  if (type === "command") {
+    const parts = source.split(/\s+/);
+    const command = parts.find((p) => !p.startsWith("-") && p !== "npx" && p !== "node" && p !== "python" && p !== "python3");
+    return command ?? parts[0] ?? source;
+  }
+  return source;
+}
+function parseSource(input) {
+  const ghUrlMatch = input.match(GITHUB_URL);
+  if (ghUrlMatch) {
+    return {
+      type: "github",
+      value: input,
+      inferredName: ghUrlMatch[2],
+      owner: ghUrlMatch[1],
+      repo: ghUrlMatch[2],
+      ref: ghUrlMatch[3],
+      path: ghUrlMatch[4]
+    };
+  }
+  const glUrlMatch = input.match(GITLAB_URL);
+  if (glUrlMatch) {
+    return {
+      type: "gitlab",
+      value: input,
+      inferredName: glUrlMatch[2],
+      owner: glUrlMatch[1],
+      repo: glUrlMatch[2],
+      ref: glUrlMatch[3],
+      path: glUrlMatch[4]
+    };
+  }
+  if (HTTP_URL.test(input)) {
+    return {
+      type: "remote",
+      value: input,
+      inferredName: inferName(input, "remote")
+    };
+  }
+  if (input.startsWith("/") || input.startsWith("./") || input.startsWith("../") || input.startsWith("~")) {
+    return {
+      type: "local",
+      value: input,
+      inferredName: inferName(input, "local")
+    };
+  }
+  const ghShorthand = input.match(GITHUB_SHORTHAND);
+  if (ghShorthand && !NPM_SCOPED.test(input)) {
+    return {
+      type: "github",
+      value: `https://github.com/${ghShorthand[1]}/${ghShorthand[2]}`,
+      inferredName: ghShorthand[2],
+      owner: ghShorthand[1],
+      repo: ghShorthand[2],
+      path: ghShorthand[3]
+    };
+  }
+  if (NPM_SCOPED.test(input)) {
+    return {
+      type: "package",
+      value: input,
+      inferredName: inferName(input, "package")
+    };
+  }
+  if (NPM_PACKAGE.test(input) && !input.includes(" ")) {
+    return {
+      type: "package",
+      value: input,
+      inferredName: inferName(input, "package")
+    };
+  }
+  return {
+    type: "command",
+    value: input,
+    inferredName: inferName(input, "command")
+  };
+}
+function isMarketplaceScoped(input) {
+  return /^@[a-zA-Z0-9_.-]+\/[a-zA-Z0-9_.-]+$/.test(input);
+}
+
+// src/core/skills/installer.ts
+import { mkdir, symlink, rm, cp } from "fs/promises";
+import { existsSync as existsSync3, lstatSync } from "fs";
+import { homedir as homedir2 } from "os";
+import { join as join3 } from "path";
+var CANONICAL_DIR = join3(homedir2(), ".agents", "skills");
+async function ensureCanonicalDir() {
+  await mkdir(CANONICAL_DIR, { recursive: true });
+}
+async function installToCanonical(sourcePath, skillName) {
+  await ensureCanonicalDir();
+  const targetDir = join3(CANONICAL_DIR, skillName);
+  if (existsSync3(targetDir)) {
+    await rm(targetDir, { recursive: true });
+  }
+  await cp(sourcePath, targetDir, { recursive: true });
+  return targetDir;
+}
+async function linkToAgent(canonicalPath, provider, skillName, isGlobal, projectDir) {
+  const targetSkillsDir = isGlobal ? provider.pathSkills : join3(projectDir ?? process.cwd(), provider.pathProjectSkills);
+  if (!targetSkillsDir) {
+    return { success: false, error: `Provider ${provider.id} has no skills directory` };
+  }
+  try {
+    await mkdir(targetSkillsDir, { recursive: true });
+    const linkPath = join3(targetSkillsDir, skillName);
+    if (existsSync3(linkPath)) {
+      const stat = lstatSync(linkPath);
+      if (stat.isSymbolicLink()) {
+        await rm(linkPath);
+      } else {
+        await rm(linkPath, { recursive: true });
+      }
+    }
+    const symlinkType = process.platform === "win32" ? "junction" : "dir";
+    try {
+      await symlink(canonicalPath, linkPath, symlinkType);
+    } catch {
+      await cp(canonicalPath, linkPath, { recursive: true });
+    }
+    return { success: true };
+  } catch (err) {
+    return {
+      success: false,
+      error: err instanceof Error ? err.message : String(err)
+    };
+  }
+}
+async function installSkill(sourcePath, skillName, providers, isGlobal, projectDir) {
+  const errors = [];
+  const linkedAgents = [];
+  const canonicalPath = await installToCanonical(sourcePath, skillName);
+  for (const provider of providers) {
+    const result = await linkToAgent(canonicalPath, provider, skillName, isGlobal, projectDir);
+    if (result.success) {
+      linkedAgents.push(provider.id);
+    } else if (result.error) {
+      errors.push(`${provider.id}: ${result.error}`);
+    }
+  }
+  return {
+    name: skillName,
+    canonicalPath,
+    linkedAgents,
+    errors,
+    success: linkedAgents.length > 0
+  };
+}
+async function removeSkill(skillName, providers, isGlobal, projectDir) {
+  const removed = [];
+  const errors = [];
+  for (const provider of providers) {
+    const skillsDir = isGlobal ? provider.pathSkills : join3(projectDir ?? process.cwd(), provider.pathProjectSkills);
+    if (!skillsDir) continue;
+    const linkPath = join3(skillsDir, skillName);
+    if (existsSync3(linkPath)) {
+      try {
+        await rm(linkPath, { recursive: true });
+        removed.push(provider.id);
+      } catch (err) {
+        errors.push(`${provider.id}: ${err instanceof Error ? err.message : String(err)}`);
+      }
+    }
+  }
+  const canonicalPath = join3(CANONICAL_DIR, skillName);
+  if (existsSync3(canonicalPath)) {
+    try {
+      await rm(canonicalPath, { recursive: true });
+    } catch (err) {
+      errors.push(`canonical: ${err instanceof Error ? err.message : String(err)}`);
+    }
+  }
+  return { removed, errors };
+}
+async function listCanonicalSkills() {
+  if (!existsSync3(CANONICAL_DIR)) return [];
+  const { readdir: readdir2 } = await import("fs/promises");
+  const entries = await readdir2(CANONICAL_DIR, { withFileTypes: true });
+  return entries.filter((e) => e.isDirectory() || e.isSymbolicLink()).map((e) => e.name);
+}
+
+// src/core/mcp/lock.ts
+import { readFile as readFile2, writeFile as writeFile2, mkdir as mkdir2 } from "fs/promises";
+import { existsSync as existsSync4 } from "fs";
+import { homedir as homedir3 } from "os";
+import { join as join4 } from "path";
+var LOCK_DIR = join4(homedir3(), ".agents");
+var LOCK_FILE = join4(LOCK_DIR, ".caamp-lock.json");
+async function readLockFile() {
+  try {
+    if (!existsSync4(LOCK_FILE)) {
+      return { version: 1, skills: {}, mcpServers: {} };
+    }
+    const content = await readFile2(LOCK_FILE, "utf-8");
+    return JSON.parse(content);
+  } catch {
+    return { version: 1, skills: {}, mcpServers: {} };
+  }
+}
+async function writeLockFile(lock) {
+  await mkdir2(LOCK_DIR, { recursive: true });
+  await writeFile2(LOCK_FILE, JSON.stringify(lock, null, 2) + "\n", "utf-8");
+}
+async function recordMcpInstall(serverName, source, sourceType, agents, isGlobal) {
+  const lock = await readLockFile();
+  const now = (/* @__PURE__ */ new Date()).toISOString();
+  const existing = lock.mcpServers[serverName];
+  lock.mcpServers[serverName] = {
+    name: serverName,
+    scopedName: serverName,
+    source,
+    sourceType,
+    installedAt: existing?.installedAt ?? now,
+    updatedAt: now,
+    agents: [.../* @__PURE__ */ new Set([...existing?.agents ?? [], ...agents])],
+    canonicalPath: "",
+    isGlobal
+  };
+  await writeLockFile(lock);
+}
+async function removeMcpFromLock(serverName) {
+  const lock = await readLockFile();
+  if (!(serverName in lock.mcpServers)) return false;
+  delete lock.mcpServers[serverName];
+  await writeLockFile(lock);
+  return true;
+}
+async function getTrackedMcpServers() {
+  const lock = await readLockFile();
+  return lock.mcpServers;
+}
+async function saveLastSelectedAgents(agents) {
+  const lock = await readLockFile();
+  lock.lastSelectedAgents = agents;
+  await writeLockFile(lock);
+}
+async function getLastSelectedAgents() {
+  const lock = await readLockFile();
+  return lock.lastSelectedAgents;
+}
+
+// src/core/skills/lock.ts
+import { writeFile as writeFile3, mkdir as mkdir3 } from "fs/promises";
+import { homedir as homedir4 } from "os";
+import { join as join5 } from "path";
+var LOCK_DIR2 = join5(homedir4(), ".agents");
+var LOCK_FILE2 = join5(LOCK_DIR2, ".caamp-lock.json");
+async function writeLockFile2(lock) {
+  await mkdir3(LOCK_DIR2, { recursive: true });
+  await writeFile3(LOCK_FILE2, JSON.stringify(lock, null, 2) + "\n", "utf-8");
+}
+async function recordSkillInstall(skillName, scopedName, source, sourceType, agents, canonicalPath, isGlobal, projectDir, version) {
+  const lock = await readLockFile();
+  const now = (/* @__PURE__ */ new Date()).toISOString();
+  const existing = lock.skills[skillName];
+  lock.skills[skillName] = {
+    name: skillName,
+    scopedName,
+    source,
+    sourceType,
+    version,
+    installedAt: existing?.installedAt ?? now,
+    updatedAt: now,
+    agents: [.../* @__PURE__ */ new Set([...existing?.agents ?? [], ...agents])],
+    canonicalPath,
+    isGlobal,
+    projectDir
+  };
+  await writeLockFile2(lock);
+}
+async function removeSkillFromLock(skillName) {
+  const lock = await readLockFile();
+  if (!(skillName in lock.skills)) return false;
+  delete lock.skills[skillName];
+  await writeLockFile2(lock);
+  return true;
+}
+async function getTrackedSkills() {
+  const lock = await readLockFile();
+  return lock.skills;
+}
+async function checkSkillUpdate(skillName) {
+  const lock = await readLockFile();
+  const entry = lock.skills[skillName];
+  if (!entry) {
+    return { hasUpdate: false };
+  }
+  return {
+    hasUpdate: false,
+    currentVersion: entry.version
+  };
+}
+
+// src/core/marketplace/skillsmp.ts
+var API_BASE = "https://www.agentskills.in/api/skills";
+function toResult(skill) {
+  return {
+    name: skill.name,
+    scopedName: skill.scopedName,
+    description: skill.description,
+    author: skill.author,
+    stars: skill.stars,
+    githubUrl: skill.githubUrl,
+    repoFullName: skill.repoFullName,
+    path: skill.path,
+    source: "agentskills.in"
+  };
+}
+var SkillsMPAdapter = class {
+  name = "agentskills.in";
+  async search(query, limit = 20) {
+    const params = new URLSearchParams({
+      search: query,
+      limit: String(limit),
+      sortBy: "stars"
+    });
+    try {
+      const response = await fetch(`${API_BASE}?${params}`);
+      if (!response.ok) return [];
+      const data = await response.json();
+      return data.skills.map(toResult);
+    } catch {
+      return [];
+    }
+  }
+  async getSkill(scopedName) {
+    const params = new URLSearchParams({
+      search: scopedName,
+      limit: "1"
+    });
+    try {
+      const response = await fetch(`${API_BASE}?${params}`);
+      if (!response.ok) return null;
+      const data = await response.json();
+      const match = data.skills.find(
+        (s) => s.scopedName === scopedName || `@${s.author}/${s.name}` === scopedName
+      );
+      return match ? toResult(match) : null;
+    } catch {
+      return null;
+    }
+  }
+};
+
+// src/core/marketplace/skillssh.ts
+var API_BASE2 = "https://skills.sh/api";
+function toResult2(skill) {
+  return {
+    name: skill.name,
+    scopedName: `@${skill.author}/${skill.name}`,
+    description: skill.description,
+    author: skill.author,
+    stars: skill.stars ?? 0,
+    githubUrl: skill.url,
+    repoFullName: skill.repo,
+    path: "",
+    source: "skills.sh"
+  };
+}
+var SkillsShAdapter = class {
+  name = "skills.sh";
+  async search(query, limit = 20) {
+    try {
+      const params = new URLSearchParams({
+        q: query,
+        limit: String(limit)
+      });
+      const response = await fetch(`${API_BASE2}/search?${params}`);
+      if (!response.ok) return [];
+      const data = await response.json();
+      return data.results.map(toResult2);
+    } catch {
+      return [];
+    }
+  }
+  async getSkill(scopedName) {
+    const results = await this.search(scopedName, 5);
+    return results.find((r) => r.scopedName === scopedName) ?? null;
+  }
+};
+
+// src/core/marketplace/client.ts
+var MarketplaceClient = class {
+  adapters;
+  constructor(adapters) {
+    this.adapters = adapters ?? [
+      new SkillsMPAdapter(),
+      new SkillsShAdapter()
+    ];
+  }
+  /** Search all marketplaces and deduplicate results */
+  async search(query, limit = 20) {
+    const promises = this.adapters.map(
+      (adapter) => adapter.search(query, limit).catch(() => [])
+    );
+    const allResults = await Promise.all(promises);
+    const flat = allResults.flat();
+    const seen = /* @__PURE__ */ new Map();
+    for (const result of flat) {
+      const existing = seen.get(result.scopedName);
+      if (!existing || result.stars > existing.stars) {
+        seen.set(result.scopedName, result);
+      }
+    }
+    const deduplicated = Array.from(seen.values());
+    deduplicated.sort((a, b) => b.stars - a.stars);
+    return deduplicated.slice(0, limit);
+  }
+  /** Get a specific skill by scoped name */
+  async getSkill(scopedName) {
+    for (const adapter of this.adapters) {
+      const result = await adapter.getSkill(scopedName).catch(() => null);
+      if (result) return result;
+    }
+    return null;
+  }
+};
+
+// src/core/skills/discovery.ts
+import { readFile as readFile3, readdir } from "fs/promises";
+import { existsSync as existsSync5 } from "fs";
+import { join as join6 } from "path";
+import matter from "gray-matter";
+async function parseSkillFile(filePath) {
+  try {
+    const content = await readFile3(filePath, "utf-8");
+    const { data } = matter(content);
+    if (!data["name"] || !data["description"]) {
+      return null;
+    }
+    const allowedTools = data["allowed-tools"] ?? data["allowedTools"];
+    return {
+      name: String(data["name"]),
+      description: String(data["description"]),
+      license: data["license"] ? String(data["license"]) : void 0,
+      compatibility: data["compatibility"] ? String(data["compatibility"]) : void 0,
+      metadata: data["metadata"],
+      allowedTools: typeof allowedTools === "string" ? allowedTools.split(/\s+/) : Array.isArray(allowedTools) ? allowedTools.map(String) : void 0,
+      version: data["version"] ? String(data["version"]) : void 0
+    };
+  } catch {
+    return null;
+  }
+}
+async function discoverSkill(skillDir) {
+  const skillFile = join6(skillDir, "SKILL.md");
+  if (!existsSync5(skillFile)) return null;
+  const metadata = await parseSkillFile(skillFile);
+  if (!metadata) return null;
+  return {
+    name: metadata.name,
+    scopedName: metadata.name,
+    path: skillDir,
+    metadata
+  };
+}
+async function discoverSkills(rootDir) {
+  if (!existsSync5(rootDir)) return [];
+  const entries = await readdir(rootDir, { withFileTypes: true });
+  const skills = [];
+  for (const entry of entries) {
+    if (!entry.isDirectory() && !entry.isSymbolicLink()) continue;
+    const skillDir = join6(rootDir, entry.name);
+    const skill = await discoverSkill(skillDir);
+    if (skill) {
+      skills.push(skill);
+    }
+  }
+  return skills;
+}
+async function discoverSkillsMulti(dirs) {
+  const all = [];
+  const seen = /* @__PURE__ */ new Set();
+  for (const dir of dirs) {
+    const skills = await discoverSkills(dir);
+    for (const skill of skills) {
+      if (!seen.has(skill.name)) {
+        seen.add(skill.name);
+        all.push(skill);
+      }
+    }
+  }
+  return all;
+}
+
+// src/core/skills/audit/scanner.ts
+import { readFile as readFile4 } from "fs/promises";
+import { existsSync as existsSync6 } from "fs";
+
+// src/core/skills/audit/rules.ts
+function rule(id, name, description, severity, category, pattern) {
+  return { id, name, description, severity, category, pattern };
+}
+var AUDIT_RULES = [
+  // ── Prompt Injection ────────────────────────────────────────
+  rule(
+    "PI001",
+    "System prompt override",
+    "Attempts to override system instructions",
+    "critical",
+    "prompt-injection",
+    /(?:ignore|forget|disregard)\s+(?:all\s+)?(?:previous|prior|above|system)\s+(?:instructions|prompts|rules)/i
+  ),
+  rule(
+    "PI002",
+    "Role manipulation",
+    "Attempts to assume a different role",
+    "critical",
+    "prompt-injection",
+    /(?:you\s+are\s+now|act\s+as|pretend\s+(?:to\s+be|you're)|your\s+new\s+role\s+is)/i
+  ),
+  rule(
+    "PI003",
+    "Jailbreak attempt",
+    "Common jailbreak patterns",
+    "critical",
+    "prompt-injection",
+    /(?:DAN|Do\s+Anything\s+Now|developer\s+mode|god\s+mode|unrestricted\s+mode)/i
+  ),
+  rule(
+    "PI004",
+    "Instruction override",
+    "Direct instruction override attempt",
+    "high",
+    "prompt-injection",
+    /(?:new\s+instructions?:|updated?\s+instructions?:|override\s+instructions?:)/i
+  ),
+  rule(
+    "PI005",
+    "Hidden instructions",
+    "Instructions hidden in comments or whitespace",
+    "high",
+    "prompt-injection",
+    /<!--[\s\S]*?(?:execute|run|ignore|override)[\s\S]*?-->/i
+  ),
+  rule(
+    "PI006",
+    "Encoding bypass",
+    "Base64 or encoded content",
+    "medium",
+    "prompt-injection",
+    /(?:base64|atob|btoa|decodeURI|unescape)\s*\(/i
+  ),
+  rule(
+    "PI007",
+    "Context manipulation",
+    "Fake conversation context",
+    "high",
+    "prompt-injection",
+    /(?:Human:|Assistant:|User:|System:)\s*(?:ignore|execute|run)/i
+  ),
+  rule(
+    "PI008",
+    "Token smuggling",
+    "Invisible characters or zero-width spaces",
+    "medium",
+    "prompt-injection",
+    /[\u200B\u200C\u200D\u2060\uFEFF]/
+  ),
+  // ── Command Injection ───────────────────────────────────────
+  rule(
+    "CI001",
+    "Destructive command",
+    "File deletion or system modification",
+    "critical",
+    "command-injection",
+    /(?:rm\s+-rf|rmdir\s+\/s|del\s+\/f|format\s+[a-z]:|mkfs|dd\s+if=)/i
+  ),
+  rule(
+    "CI002",
+    "Remote code execution",
+    "Downloading and executing remote code",
+    "critical",
+    "command-injection",
+    /(?:curl|wget|fetch)\s+.*\|\s*(?:sh|bash|zsh|python|node|eval)/i
+  ),
+  rule(
+    "CI003",
+    "Eval usage",
+    "Dynamic code execution",
+    "high",
+    "command-injection",
+    /\beval\s*\(/
+  ),
+  rule(
+    "CI004",
+    "Shell spawn",
+    "Spawning shell processes",
+    "high",
+    "command-injection",
+    /(?:exec|spawn|system|popen)\s*\(\s*['"`]/
+  ),
+  rule(
+    "CI005",
+    "Sudo escalation",
+    "Privilege escalation via sudo",
+    "critical",
+    "command-injection",
+    /sudo\s+(?:rm|chmod|chown|mv|cp|dd|mkfs|format)/i
+  ),
+  rule(
+    "CI006",
+    "Environment manipulation",
+    "Modifying PATH or critical env vars",
+    "high",
+    "command-injection",
+    /(?:export\s+PATH|setx?\s+PATH|PATH=.*:)/i
+  ),
+  rule(
+    "CI007",
+    "Cron/scheduled task",
+    "Installing scheduled tasks",
+    "high",
+    "command-injection",
+    /(?:crontab|at\s+\d|schtasks|launchctl\s+load)/i
+  ),
+  rule(
+    "CI008",
+    "Network listener",
+    "Starting network services",
+    "high",
+    "command-injection",
+    /(?:nc\s+-l|ncat\s+-l|socat\s+|python.*SimpleHTTPServer|php\s+-S)/i
+  ),
+  // ── Data Exfiltration ───────────────────────────────────────
+  rule(
+    "DE001",
+    "Credential access",
+    "Reading credential files",
+    "critical",
+    "data-exfiltration",
+    /(?:\.env|\.aws\/credentials|\.ssh\/|\.gnupg|\.netrc|credentials\.json|token\.json)/i
+  ),
+  rule(
+    "DE002",
+    "API key extraction",
+    "Patterns matching API key theft",
+    "critical",
+    "data-exfiltration",
+    /(?:API[_-]?KEY|SECRET[_-]?KEY|ACCESS[_-]?TOKEN|PRIVATE[_-]?KEY)\s*[=:]/i
+  ),
+  rule(
+    "DE003",
+    "Data upload",
+    "Uploading data to external services",
+    "high",
+    "data-exfiltration",
+    /(?:curl|wget|fetch).*(?:POST|PUT|PATCH).*(?:pastebin|gist|transfer\.sh|requestbin|webhook)/i
+  ),
+  rule(
+    "DE004",
+    "Browser data theft",
+    "Accessing browser profiles or cookies",
+    "critical",
+    "data-exfiltration",
+    /(?:\.mozilla|\.chrome|\.config\/google-chrome|Cookies|Login\s+Data|Local\s+State)/i
+  ),
+  rule(
+    "DE005",
+    "Git credential theft",
+    "Accessing git credentials",
+    "high",
+    "data-exfiltration",
+    /(?:git\s+credential|\.git-credentials|\.gitconfig\s+credential)/i
+  ),
+  rule(
+    "DE006",
+    "Keychain access",
+    "Accessing system keychain",
+    "critical",
+    "data-exfiltration",
+    /(?:security\s+find-generic-password|security\s+find-internet-password|keyring\s+get)/i
+  ),
+  // ── Privilege Escalation ────────────────────────────────────
+  rule(
+    "PE001",
+    "Chmod dangerous",
+    "Setting dangerous file permissions",
+    "high",
+    "privilege-escalation",
+    /chmod\s+(?:777|666|a\+[rwx]|o\+[rwx])/i
+  ),
+  rule(
+    "PE002",
+    "SUID/SGID",
+    "Setting SUID or SGID bits",
+    "critical",
+    "privilege-escalation",
+    /chmod\s+[ug]\+s/i
+  ),
+  rule(
+    "PE003",
+    "Docker escape",
+    "Container escape patterns",
+    "critical",
+    "privilege-escalation",
+    /(?:--privileged|--cap-add\s+SYS_ADMIN|--pid=host|nsenter)/i
+  ),
+  rule(
+    "PE004",
+    "Kernel module",
+    "Loading kernel modules",
+    "critical",
+    "privilege-escalation",
+    /(?:insmod|modprobe|rmmod)\s+/i
+  ),
+  // ── Filesystem Abuse ────────────────────────────────────────
+  rule(
+    "FS001",
+    "System directory write",
+    "Writing to system directories",
+    "critical",
+    "filesystem",
+    /(?:\/etc\/|\/usr\/|\/bin\/|\/sbin\/|C:\\Windows\\|C:\\Program Files)/i
+  ),
+  rule(
+    "FS002",
+    "Hidden file creation",
+    "Creating hidden files",
+    "medium",
+    "filesystem",
+    /(?:touch|mkdir|cp|mv)\s+\.[a-zA-Z]/
+  ),
+  rule(
+    "FS003",
+    "Symlink attack",
+    "Creating symlinks to sensitive files",
+    "high",
+    "filesystem",
+    /ln\s+-s.*(?:\/etc\/passwd|\/etc\/shadow|\.ssh|\.env)/i
+  ),
+  rule(
+    "FS004",
+    "Mass file operation",
+    "Recursive operations on broad paths",
+    "medium",
+    "filesystem",
+    /(?:find|xargs|rm|chmod|chown)\s+.*(?:\/\s|\/\*|-R\s+\/)/i
+  ),
+  // ── Network Abuse ──────────────────────────────────────────
+  rule(
+    "NA001",
+    "DNS exfiltration",
+    "Data exfiltration via DNS",
+    "high",
+    "network",
+    /(?:dig|nslookup|host)\s+.*\$\{?[A-Z_]+/i
+  ),
+  rule(
+    "NA002",
+    "Reverse shell",
+    "Reverse shell patterns",
+    "critical",
+    "network",
+    /(?:bash\s+-i|\/dev\/tcp\/|mkfifo|nc\s+.*-e)/i
+  ),
+  rule(
+    "NA003",
+    "Port scanning",
+    "Network scanning",
+    "medium",
+    "network",
+    /(?:nmap|masscan|zmap)\s+/i
+  ),
+  rule(
+    "NA004",
+    "Proxy/tunnel",
+    "Creating network tunnels",
+    "high",
+    "network",
+    /(?:ssh\s+-[DRLW]|ngrok|chisel|bore)/i
+  ),
+  // ── Obfuscation ─────────────────────────────────────────────
+  rule(
+    "OB001",
+    "Hex encoding",
+    "Hex-encoded commands",
+    "medium",
+    "obfuscation",
+    /\\x[0-9a-fA-F]{2}(?:\\x[0-9a-fA-F]{2}){3,}/
+  ),
+  rule(
+    "OB002",
+    "String concatenation",
+    "Building commands via concatenation",
+    "medium",
+    "obfuscation",
+    /(?:\$\{[A-Z]+\}\$\{[A-Z]+\}|['"][a-z]+['"]\.['"][a-z]+['"])/i
+  ),
+  rule(
+    "OB003",
+    "Unicode escape",
+    "Unicode-escaped commands",
+    "medium",
+    "obfuscation",
+    /\\u[0-9a-fA-F]{4}(?:\\u[0-9a-fA-F]{4}){3,}/
+  ),
+  // ── Supply Chain ────────────────────────────────────────────
+  rule(
+    "SC001",
+    "Package install",
+    "Installing packages at runtime",
+    "medium",
+    "supply-chain",
+    /(?:npm\s+install|pip\s+install|gem\s+install|cargo\s+install)\s+(?!-)/
+  ),
+  rule(
+    "SC002",
+    "Typosquatting patterns",
+    "Packages with suspicious names",
+    "low",
+    "supply-chain",
+    /(?:npm\s+install|pip\s+install)\s+(?:reqeusts|requets|reqests|lodahs|lodashe)/i
+  ),
+  rule(
+    "SC003",
+    "Postinstall script",
+    "npm lifecycle scripts",
+    "medium",
+    "supply-chain",
+    /(?:preinstall|postinstall|preuninstall|postuninstall)\s*[":]/i
+  ),
+  rule(
+    "SC004",
+    "Registry override",
+    "Changing package registry",
+    "high",
+    "supply-chain",
+    /(?:registry\s*=|--registry\s+)(?!https:\/\/registry\.npmjs\.org)/i
+  ),
+  // ── Information Disclosure ──────────────────────────────────
+  rule(
+    "ID001",
+    "Process listing",
+    "Listing running processes",
+    "low",
+    "info-disclosure",
+    /(?:ps\s+aux|top\s+-b|tasklist)/i
+  ),
+  rule(
+    "ID002",
+    "System information",
+    "Gathering system information",
+    "low",
+    "info-disclosure",
+    /(?:uname\s+-a|systeminfo|hostnamectl)/i
+  ),
+  rule(
+    "ID003",
+    "Network enumeration",
+    "Listing network configuration",
+    "low",
+    "info-disclosure",
+    /(?:ifconfig|ip\s+addr|ipconfig|netstat\s+-[at])/i
+  )
+];
+
+// src/core/skills/audit/scanner.ts
+var SEVERITY_WEIGHTS = {
+  critical: 25,
+  high: 15,
+  medium: 8,
+  low: 3,
+  info: 0
+};
+async function scanFile(filePath, rules) {
+  if (!existsSync6(filePath)) {
+    return { file: filePath, findings: [], score: 100, passed: true };
+  }
+  const content = await readFile4(filePath, "utf-8");
+  const lines = content.split("\n");
+  const activeRules = rules ?? AUDIT_RULES;
+  const findings = [];
+  for (const rule2 of activeRules) {
+    for (let i = 0; i < lines.length; i++) {
+      const line = lines[i];
+      const match = line.match(rule2.pattern);
+      if (match) {
+        findings.push({
+          rule: rule2,
+          line: i + 1,
+          column: (match.index ?? 0) + 1,
+          match: match[0],
+          context: line.trim()
+        });
+      }
+    }
+  }
+  const totalPenalty = findings.reduce(
+    (sum, f) => sum + (SEVERITY_WEIGHTS[f.rule.severity] ?? 0),
+    0
+  );
+  const score = Math.max(0, 100 - totalPenalty);
+  const passed = !findings.some((f) => f.rule.severity === "critical" || f.rule.severity === "high");
+  return { file: filePath, findings, score, passed };
+}
+async function scanDirectory(dirPath) {
+  const { readdir: readdir2 } = await import("fs/promises");
+  const { join: join9 } = await import("path");
+  if (!existsSync6(dirPath)) return [];
+  const entries = await readdir2(dirPath, { withFileTypes: true });
+  const results = [];
+  for (const entry of entries) {
+    if (entry.isDirectory() || entry.isSymbolicLink()) {
+      const skillFile = join9(dirPath, entry.name, "SKILL.md");
+      if (existsSync6(skillFile)) {
+        results.push(await scanFile(skillFile));
+      }
+    }
+  }
+  return results;
+}
+function toSarif(results) {
+  return {
+    $schema: "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/main/sarif-2.1/schema/sarif-schema-2.1.0.json",
+    version: "2.1.0",
+    runs: [
+      {
+        tool: {
+          driver: {
+            name: "caamp-audit",
+            version: "0.1.0",
+            rules: AUDIT_RULES.map((r) => ({
+              id: r.id,
+              name: r.name,
+              shortDescription: { text: r.description },
+              defaultConfiguration: {
+                level: r.severity === "critical" || r.severity === "high" ? "error" : "warning"
+              },
+              properties: { category: r.category }
+            }))
+          }
+        },
+        results: results.flatMap(
+          (result) => result.findings.map((f) => ({
+            ruleId: f.rule.id,
+            level: f.rule.severity === "critical" || f.rule.severity === "high" ? "error" : "warning",
+            message: { text: `${f.rule.description}: ${f.match}` },
+            locations: [
+              {
+                physicalLocation: {
+                  artifactLocation: { uri: result.file },
+                  region: {
+                    startLine: f.line,
+                    startColumn: f.column
+                  }
+                }
+              }
+            ]
+          }))
+        )
+      }
+    ]
+  };
+}
+
+// src/core/skills/validator.ts
+import { readFile as readFile5 } from "fs/promises";
+import { existsSync as existsSync7 } from "fs";
+import matter2 from "gray-matter";
+var RESERVED_NAMES = [
+  "anthropic",
+  "claude",
+  "google",
+  "openai",
+  "microsoft",
+  "cursor",
+  "windsurf",
+  "codex",
+  "gemini",
+  "copilot"
+];
+var NAME_PATTERN = /^[a-z0-9][a-z0-9-]*[a-z0-9]$|^[a-z0-9]$/;
+var MAX_NAME_LENGTH = 64;
+var MAX_DESCRIPTION_LENGTH = 1024;
+var WARN_BODY_LINES = 500;
+var WARN_DESCRIPTION_LENGTH = 50;
+async function validateSkill(filePath) {
+  const issues = [];
+  if (!existsSync7(filePath)) {
+    return {
+      valid: false,
+      issues: [{ level: "error", field: "file", message: "File does not exist" }],
+      metadata: null
+    };
+  }
+  const content = await readFile5(filePath, "utf-8");
+  if (!content.startsWith("---")) {
+    issues.push({
+      level: "error",
+      field: "frontmatter",
+      message: "Missing YAML frontmatter (file must start with ---)"
+    });
+    return { valid: false, issues, metadata: null };
+  }
+  let data;
+  let body;
+  try {
+    const parsed = matter2(content);
+    data = parsed.data;
+    body = parsed.content;
+  } catch (err) {
+    issues.push({
+      level: "error",
+      field: "frontmatter",
+      message: `Invalid YAML frontmatter: ${err instanceof Error ? err.message : String(err)}`
+    });
+    return { valid: false, issues, metadata: null };
+  }
+  if (!data["name"]) {
+    issues.push({ level: "error", field: "name", message: "Missing required field: name" });
+  } else {
+    const name = String(data["name"]);
+    if (name.length > MAX_NAME_LENGTH) {
+      issues.push({
+        level: "error",
+        field: "name",
+        message: `Name too long (${name.length} chars, max ${MAX_NAME_LENGTH})`
+      });
+    }
+    if (!NAME_PATTERN.test(name)) {
+      issues.push({
+        level: "error",
+        field: "name",
+        message: "Name must be lowercase letters, numbers, and hyphens only"
+      });
+    }
+    if (RESERVED_NAMES.includes(name.toLowerCase())) {
+      issues.push({
+        level: "error",
+        field: "name",
+        message: `Name "${name}" is reserved`
+      });
+    }
+    if (/<[^>]+>/.test(name)) {
+      issues.push({
+        level: "error",
+        field: "name",
+        message: "Name must not contain XML/HTML tags"
+      });
+    }
+  }
+  if (!data["description"]) {
+    issues.push({ level: "error", field: "description", message: "Missing required field: description" });
+  } else {
+    const desc = String(data["description"]);
+    if (desc.length > MAX_DESCRIPTION_LENGTH) {
+      issues.push({
+        level: "error",
+        field: "description",
+        message: `Description too long (${desc.length} chars, max ${MAX_DESCRIPTION_LENGTH})`
+      });
+    }
+    if (desc.length < WARN_DESCRIPTION_LENGTH) {
+      issues.push({
+        level: "warning",
+        field: "description",
+        message: `Description is short (${desc.length} chars). Consider adding more detail.`
+      });
+    }
+    if (/<[^>]+>/.test(desc)) {
+      issues.push({
+        level: "error",
+        field: "description",
+        message: "Description must not contain XML/HTML tags"
+      });
+    }
+  }
+  const bodyLines = body.trim().split("\n").length;
+  if (bodyLines > WARN_BODY_LINES) {
+    issues.push({
+      level: "warning",
+      field: "body",
+      message: `Body is long (${bodyLines} lines). Consider splitting into multiple skills.`
+    });
+  }
+  if (!body.trim()) {
+    issues.push({
+      level: "warning",
+      field: "body",
+      message: "Empty skill body. Add instructions for the AI agent."
+    });
+  }
+  const hasErrors = issues.some((i) => i.level === "error");
+  return {
+    valid: !hasErrors,
+    issues,
+    metadata: data
+  };
+}
+
+// src/core/formats/utils.ts
+function deepMerge(target, source) {
+  const result = { ...target };
+  for (const key of Object.keys(source)) {
+    const sourceVal = source[key];
+    const targetVal = target[key];
+    if (sourceVal !== null && typeof sourceVal === "object" && !Array.isArray(sourceVal) && targetVal !== null && typeof targetVal === "object" && !Array.isArray(targetVal)) {
+      result[key] = deepMerge(
+        targetVal,
+        sourceVal
+      );
+    } else {
+      result[key] = sourceVal;
+    }
+  }
+  return result;
+}
+function getNestedValue(obj, keyPath) {
+  const parts = keyPath.split(".");
+  let current = obj;
+  for (const part of parts) {
+    if (current === null || typeof current !== "object") return void 0;
+    current = current[part];
+  }
+  return current;
+}
+async function ensureDir(filePath) {
+  const { mkdir: mkdir5 } = await import("fs/promises");
+  const { dirname: dirname5 } = await import("path");
+  await mkdir5(dirname5(filePath), { recursive: true });
+}
+
+// src/core/formats/json.ts
+import { readFile as readFile6, writeFile as writeFile4 } from "fs/promises";
+import { existsSync as existsSync8 } from "fs";
+import * as jsonc from "jsonc-parser";
+async function readJsonConfig(filePath) {
+  if (!existsSync8(filePath)) return {};
+  const content = await readFile6(filePath, "utf-8");
+  if (!content.trim()) return {};
+  const errors = [];
+  const result = jsonc.parse(content, errors);
+  if (errors.length > 0) {
+    return JSON.parse(content);
+  }
+  return result ?? {};
+}
+function detectIndent(content) {
+  const lines = content.split("\n");
+  for (const line of lines) {
+    const match = line.match(/^(\s+)/);
+    if (match?.[1]) {
+      const ws = match[1];
+      if (ws.startsWith("	")) {
+        return { indent: "	", insertSpaces: false, tabSize: 1 };
+      }
+      return { indent: ws, insertSpaces: true, tabSize: ws.length };
+    }
+  }
+  return { indent: "  ", insertSpaces: true, tabSize: 2 };
+}
+async function writeJsonConfig(filePath, configKey, serverName, serverConfig) {
+  await ensureDir(filePath);
+  let content;
+  if (existsSync8(filePath)) {
+    content = await readFile6(filePath, "utf-8");
+    if (!content.trim()) {
+      content = "{}";
+    }
+  } else {
+    content = "{}";
+  }
+  const { tabSize, insertSpaces } = detectIndent(content);
+  const formatOptions = {
+    tabSize,
+    insertSpaces,
+    eol: "\n"
+  };
+  const keyParts = configKey.split(".");
+  const jsonPath = [...keyParts, serverName];
+  const edits = jsonc.modify(content, jsonPath, serverConfig, { formattingOptions: formatOptions });
+  if (edits.length > 0) {
+    content = jsonc.applyEdits(content, edits);
+  }
+  if (!content.endsWith("\n")) {
+    content += "\n";
+  }
+  await writeFile4(filePath, content, "utf-8");
+}
+async function removeJsonConfig(filePath, configKey, serverName) {
+  if (!existsSync8(filePath)) return false;
+  let content = await readFile6(filePath, "utf-8");
+  if (!content.trim()) return false;
+  const { tabSize, insertSpaces } = detectIndent(content);
+  const formatOptions = {
+    tabSize,
+    insertSpaces,
+    eol: "\n"
+  };
+  const keyParts = configKey.split(".");
+  const jsonPath = [...keyParts, serverName];
+  const edits = jsonc.modify(content, jsonPath, void 0, { formattingOptions: formatOptions });
+  if (edits.length === 0) return false;
+  content = jsonc.applyEdits(content, edits);
+  if (!content.endsWith("\n")) {
+    content += "\n";
+  }
+  await writeFile4(filePath, content, "utf-8");
+  return true;
+}
+
+// src/core/formats/yaml.ts
+import { readFile as readFile7, writeFile as writeFile5 } from "fs/promises";
+import { existsSync as existsSync9 } from "fs";
+import yaml from "js-yaml";
+async function readYamlConfig(filePath) {
+  if (!existsSync9(filePath)) return {};
+  const content = await readFile7(filePath, "utf-8");
+  if (!content.trim()) return {};
+  const result = yaml.load(content);
+  return result ?? {};
+}
+async function writeYamlConfig(filePath, configKey, serverName, serverConfig) {
+  await ensureDir(filePath);
+  const existing = await readYamlConfig(filePath);
+  const keyParts = configKey.split(".");
+  let newEntry = { [serverName]: serverConfig };
+  for (let i = keyParts.length - 1; i >= 0; i--) {
+    newEntry = { [keyParts[i]]: newEntry };
+  }
+  const merged = deepMerge(existing, newEntry);
+  const content = yaml.dump(merged, {
+    indent: 2,
+    lineWidth: -1,
+    noRefs: true,
+    sortKeys: false
+  });
+  await writeFile5(filePath, content, "utf-8");
+}
+async function removeYamlConfig(filePath, configKey, serverName) {
+  if (!existsSync9(filePath)) return false;
+  const existing = await readYamlConfig(filePath);
+  const keyParts = configKey.split(".");
+  let current = existing;
+  for (const part of keyParts) {
+    const next = current[part];
+    if (typeof next !== "object" || next === null) return false;
+    current = next;
+  }
+  if (!(serverName in current)) return false;
+  delete current[serverName];
+  const content = yaml.dump(existing, {
+    indent: 2,
+    lineWidth: -1,
+    noRefs: true,
+    sortKeys: false
+  });
+  await writeFile5(filePath, content, "utf-8");
+  return true;
+}
+
+// src/core/formats/toml.ts
+import { readFile as readFile8, writeFile as writeFile6 } from "fs/promises";
+import { existsSync as existsSync10 } from "fs";
+import TOML from "@iarna/toml";
+async function readTomlConfig(filePath) {
+  if (!existsSync10(filePath)) return {};
+  const content = await readFile8(filePath, "utf-8");
+  if (!content.trim()) return {};
+  const result = TOML.parse(content);
+  return result;
+}
+async function writeTomlConfig(filePath, configKey, serverName, serverConfig) {
+  await ensureDir(filePath);
+  const existing = await readTomlConfig(filePath);
+  const keyParts = configKey.split(".");
+  let newEntry = { [serverName]: serverConfig };
+  for (let i = keyParts.length - 1; i >= 0; i--) {
+    newEntry = { [keyParts[i]]: newEntry };
+  }
+  const merged = deepMerge(existing, newEntry);
+  const content = TOML.stringify(merged);
+  await writeFile6(filePath, content, "utf-8");
+}
+async function removeTomlConfig(filePath, configKey, serverName) {
+  if (!existsSync10(filePath)) return false;
+  const existing = await readTomlConfig(filePath);
+  const keyParts = configKey.split(".");
+  let current = existing;
+  for (const part of keyParts) {
+    const next = current[part];
+    if (typeof next !== "object" || next === null) return false;
+    current = next;
+  }
+  if (!(serverName in current)) return false;
+  delete current[serverName];
+  const content = TOML.stringify(existing);
+  await writeFile6(filePath, content, "utf-8");
+  return true;
+}
+
+// src/core/formats/index.ts
+async function readConfig(filePath, format) {
+  switch (format) {
+    case "json":
+    case "jsonc":
+      return readJsonConfig(filePath);
+    case "yaml":
+      return readYamlConfig(filePath);
+    case "toml":
+      return readTomlConfig(filePath);
+    default:
+      throw new Error(`Unsupported config format: ${format}`);
+  }
+}
+async function writeConfig(filePath, format, key, serverName, serverConfig) {
+  switch (format) {
+    case "json":
+    case "jsonc":
+      return writeJsonConfig(filePath, key, serverName, serverConfig);
+    case "yaml":
+      return writeYamlConfig(filePath, key, serverName, serverConfig);
+    case "toml":
+      return writeTomlConfig(filePath, key, serverName, serverConfig);
+    default:
+      throw new Error(`Unsupported config format: ${format}`);
+  }
+}
+async function removeConfig(filePath, format, key, serverName) {
+  switch (format) {
+    case "json":
+    case "jsonc":
+      return removeJsonConfig(filePath, key, serverName);
+    case "yaml":
+      return removeYamlConfig(filePath, key, serverName);
+    case "toml":
+      return removeTomlConfig(filePath, key, serverName);
+    default:
+      throw new Error(`Unsupported config format: ${format}`);
+  }
+}
+
+// src/core/mcp/transforms.ts
+function transformGoose(serverName, config) {
+  if (config.url) {
+    const transport = config.type === "sse" ? "sse" : "streamable_http";
+    return {
+      name: serverName,
+      type: transport,
+      uri: config.url,
+      ...config.headers ? { headers: config.headers } : {},
+      enabled: true,
+      timeout: 300
+    };
+  }
+  return {
+    name: serverName,
+    type: "stdio",
+    cmd: config.command,
+    args: config.args ?? [],
+    ...config.env ? { envs: config.env } : {},
+    enabled: true,
+    timeout: 300
+  };
+}
+function transformZed(serverName, config) {
+  if (config.url) {
+    return {
+      source: "custom",
+      type: config.type ?? "http",
+      url: config.url,
+      ...config.headers ? { headers: config.headers } : {}
+    };
+  }
+  return {
+    source: "custom",
+    command: config.command,
+    args: config.args ?? [],
+    ...config.env ? { env: config.env } : {}
+  };
+}
+function transformOpenCode(serverName, config) {
+  if (config.url) {
+    return {
+      type: "remote",
+      url: config.url,
+      enabled: true,
+      ...config.headers ? { headers: config.headers } : {}
+    };
+  }
+  return {
+    type: "local",
+    command: config.command,
+    args: config.args ?? [],
+    enabled: true,
+    ...config.env ? { environment: config.env } : {}
+  };
+}
+function transformCodex(serverName, config) {
+  if (config.url) {
+    return {
+      type: config.type ?? "http",
+      url: config.url,
+      ...config.headers ? { headers: config.headers } : {}
+    };
+  }
+  return {
+    command: config.command,
+    args: config.args ?? [],
+    ...config.env ? { env: config.env } : {}
+  };
+}
+function transformCursor(serverName, config) {
+  if (config.url) {
+    return {
+      url: config.url,
+      ...config.headers ? { headers: config.headers } : {}
+    };
+  }
+  return config;
+}
+function getTransform(providerId) {
+  switch (providerId) {
+    case "goose":
+      return transformGoose;
+    case "zed":
+      return transformZed;
+    case "opencode":
+      return transformOpenCode;
+    case "codex":
+      return transformCodex;
+    case "cursor":
+      return transformCursor;
+    default:
+      return void 0;
+  }
+}
+
+// src/core/mcp/reader.ts
+import { join as join7 } from "path";
+import { existsSync as existsSync11 } from "fs";
+function resolveConfigPath(provider, scope, projectDir) {
+  if (scope === "project") {
+    if (!provider.configPathProject) return null;
+    return join7(projectDir ?? process.cwd(), provider.configPathProject);
+  }
+  return provider.configPathGlobal;
+}
+async function listMcpServers(provider, scope, projectDir) {
+  const configPath = resolveConfigPath(provider, scope, projectDir);
+  if (!configPath || !existsSync11(configPath)) return [];
+  try {
+    const config = await readConfig(configPath, provider.configFormat);
+    const servers = getNestedValue(config, provider.configKey);
+    if (!servers || typeof servers !== "object") return [];
+    const entries = [];
+    for (const [name, cfg] of Object.entries(servers)) {
+      entries.push({
+        name,
+        providerId: provider.id,
+        providerName: provider.toolName,
+        scope,
+        configPath,
+        config: cfg ?? {}
+      });
+    }
+    return entries;
+  } catch {
+    return [];
+  }
+}
+async function listAllMcpServers(providers, scope, projectDir) {
+  const seen = /* @__PURE__ */ new Set();
+  const allEntries = [];
+  for (const provider of providers) {
+    const configPath = resolveConfigPath(provider, scope, projectDir);
+    if (!configPath || seen.has(configPath)) continue;
+    seen.add(configPath);
+    const entries = await listMcpServers(provider, scope, projectDir);
+    allEntries.push(...entries);
+  }
+  return allEntries;
+}
+async function removeMcpServer(provider, serverName, scope, projectDir) {
+  const configPath = resolveConfigPath(provider, scope, projectDir);
+  if (!configPath) return false;
+  return removeConfig(configPath, provider.configFormat, provider.configKey, serverName);
+}
+
+// src/core/mcp/installer.ts
+function buildConfig(provider, serverName, config) {
+  const transform = getTransform(provider.id);
+  if (transform) {
+    return transform(serverName, config);
+  }
+  return config;
+}
+async function installMcpServer(provider, serverName, config, scope = "project", projectDir) {
+  const configPath = resolveConfigPath(provider, scope, projectDir);
+  if (!configPath) {
+    return {
+      provider,
+      scope,
+      configPath: "",
+      success: false,
+      error: `Provider ${provider.id} does not support ${scope} config`
+    };
+  }
+  try {
+    const transformedConfig = buildConfig(provider, serverName, config);
+    await writeConfig(
+      configPath,
+      provider.configFormat,
+      provider.configKey,
+      serverName,
+      transformedConfig
+    );
+    return {
+      provider,
+      scope,
+      configPath,
+      success: true
+    };
+  } catch (err) {
+    return {
+      provider,
+      scope,
+      configPath,
+      success: false,
+      error: err instanceof Error ? err.message : String(err)
+    };
+  }
+}
+async function installMcpServerToAll(providers, serverName, config, scope = "project", projectDir) {
+  const results = [];
+  for (const provider of providers) {
+    const result = await installMcpServer(provider, serverName, config, scope, projectDir);
+    results.push(result);
+  }
+  return results;
+}
+function buildServerConfig(source, transport, headers) {
+  if (source.type === "remote") {
+    return {
+      type: transport ?? "http",
+      url: source.value,
+      ...headers && Object.keys(headers).length > 0 ? { headers } : {}
+    };
+  }
+  if (source.type === "package") {
+    return {
+      command: "npx",
+      args: ["-y", source.value]
+    };
+  }
+  const parts = source.value.split(/\s+/);
+  return {
+    command: parts[0],
+    args: parts.slice(1)
+  };
+}
+
+// src/core/instructions/injector.ts
+import { readFile as readFile9, writeFile as writeFile7 } from "fs/promises";
+import { existsSync as existsSync12 } from "fs";
+import { join as join8, dirname as dirname4 } from "path";
+import { mkdir as mkdir4 } from "fs/promises";
+var MARKER_START = "<!-- CAAMP:START -->";
+var MARKER_END = "<!-- CAAMP:END -->";
+var MARKER_PATTERN = /<!-- CAAMP:START -->[\s\S]*?<!-- CAAMP:END -->/;
+async function checkInjection(filePath, expectedContent) {
+  if (!existsSync12(filePath)) return "missing";
+  const content = await readFile9(filePath, "utf-8");
+  if (!MARKER_PATTERN.test(content)) return "none";
+  if (expectedContent) {
+    const blockContent = extractBlock(content);
+    if (blockContent && blockContent.trim() === expectedContent.trim()) {
+      return "current";
+    }
+    return "outdated";
+  }
+  return "current";
+}
+function extractBlock(content) {
+  const match = content.match(MARKER_PATTERN);
+  if (!match) return null;
+  return match[0].replace(MARKER_START, "").replace(MARKER_END, "").trim();
+}
+function buildBlock(content) {
+  return `${MARKER_START}
+${content}
+${MARKER_END}`;
+}
+async function inject(filePath, content) {
+  const block = buildBlock(content);
+  await mkdir4(dirname4(filePath), { recursive: true });
+  if (!existsSync12(filePath)) {
+    await writeFile7(filePath, block + "\n", "utf-8");
+    return "created";
+  }
+  const existing = await readFile9(filePath, "utf-8");
+  if (MARKER_PATTERN.test(existing)) {
+    const updated2 = existing.replace(MARKER_PATTERN, block);
+    await writeFile7(filePath, updated2, "utf-8");
+    return "updated";
+  }
+  const updated = block + "\n\n" + existing;
+  await writeFile7(filePath, updated, "utf-8");
+  return "added";
+}
+async function removeInjection(filePath) {
+  if (!existsSync12(filePath)) return false;
+  const content = await readFile9(filePath, "utf-8");
+  if (!MARKER_PATTERN.test(content)) return false;
+  const cleaned = content.replace(MARKER_PATTERN, "").replace(/^\n{2,}/, "\n").trim();
+  if (!cleaned) {
+    const { rm: rm2 } = await import("fs/promises");
+    await rm2(filePath);
+  } else {
+    await writeFile7(filePath, cleaned + "\n", "utf-8");
+  }
+  return true;
+}
+async function checkAllInjections(providers, projectDir, scope, expectedContent) {
+  const results = [];
+  const checked = /* @__PURE__ */ new Set();
+  for (const provider of providers) {
+    const filePath = scope === "global" ? join8(provider.pathGlobal, provider.instructFile) : join8(projectDir, provider.instructFile);
+    if (checked.has(filePath)) continue;
+    checked.add(filePath);
+    const status = await checkInjection(filePath, expectedContent);
+    results.push({
+      file: filePath,
+      provider: provider.id,
+      status,
+      fileExists: existsSync12(filePath)
+    });
+  }
+  return results;
+}
+async function injectAll(providers, projectDir, scope, content) {
+  const results = /* @__PURE__ */ new Map();
+  const injected = /* @__PURE__ */ new Set();
+  for (const provider of providers) {
+    const filePath = scope === "global" ? join8(provider.pathGlobal, provider.instructFile) : join8(projectDir, provider.instructFile);
+    if (injected.has(filePath)) continue;
+    injected.add(filePath);
+    const action = await inject(filePath, content);
+    results.set(filePath, action);
+  }
+  return results;
+}
+
+// src/core/instructions/templates.ts
+function generateInjectionContent(options) {
+  const lines = [];
+  lines.push("## CAAMP Managed Configuration");
+  lines.push("");
+  lines.push("This section is managed by [CAAMP](https://github.com/caamp/caamp).");
+  lines.push("Do not edit between the CAAMP markers manually.");
+  if (options?.mcpServerName) {
+    lines.push("");
+    lines.push(`### MCP Server: ${options.mcpServerName}`);
+    lines.push(`Configured via \`caamp mcp install\`.`);
+  }
+  if (options?.customContent) {
+    lines.push("");
+    lines.push(options.customContent);
+  }
+  return lines.join("\n");
+}
+function groupByInstructFile(providers) {
+  const groups = /* @__PURE__ */ new Map();
+  for (const provider of providers) {
+    const existing = groups.get(provider.instructFile) ?? [];
+    existing.push(provider);
+    groups.set(provider.instructFile, existing);
+  }
+  return groups;
+}
+
+export {
+  getAllProviders,
+  getProvider,
+  resolveAlias,
+  getProvidersByPriority,
+  getProvidersByStatus,
+  getProvidersByInstructFile,
+  getInstructionFiles,
+  getProviderCount,
+  getRegistryVersion,
+  detectProvider,
+  detectAllProviders,
+  getInstalledProviders,
+  detectProjectProviders,
+  parseSource,
+  isMarketplaceScoped,
+  installSkill,
+  removeSkill,
+  listCanonicalSkills,
+  readLockFile,
+  recordMcpInstall,
+  removeMcpFromLock,
+  getTrackedMcpServers,
+  saveLastSelectedAgents,
+  getLastSelectedAgents,
+  recordSkillInstall,
+  removeSkillFromLock,
+  getTrackedSkills,
+  checkSkillUpdate,
+  MarketplaceClient,
+  parseSkillFile,
+  discoverSkill,
+  discoverSkills,
+  discoverSkillsMulti,
+  scanFile,
+  scanDirectory,
+  toSarif,
+  validateSkill,
+  deepMerge,
+  getNestedValue,
+  ensureDir,
+  readConfig,
+  writeConfig,
+  removeConfig,
+  getTransform,
+  resolveConfigPath,
+  listMcpServers,
+  listAllMcpServers,
+  removeMcpServer,
+  installMcpServer,
+  installMcpServerToAll,
+  buildServerConfig,
+  checkInjection,
+  inject,
+  removeInjection,
+  checkAllInjections,
+  injectAll,
+  generateInjectionContent,
+  groupByInstructFile
+};
+//# sourceMappingURL=chunk-63BH7QMR.js.map