@enactprotocol/cli 2.1.7 → 2.1.14

package/src/commands/publish/index.ts

@@ -39,10 +39,15 @@ import { loadGitignore, shouldIgnore } from "../../utils/ignore";
 const AUTH_NAMESPACE = "enact:auth";
 const ACCESS_TOKEN_KEY = "access_token";
 
+/** Tool visibility levels */
+export type ToolVisibility = "public" | "private" | "unlisted";
+
 interface PublishOptions extends GlobalOptions {
   dryRun?: boolean;
   tag?: string;
   skipAuth?: boolean;
+  public?: boolean;
+  unlisted?: boolean;
 }
 
 /**
@@ -130,9 +135,16 @@ async function createBundleFromDir(toolDir: string): Promise<Uint8Array> {
 }
 
 /**
- * Load the raw enact.md file content (full documentation with frontmatter)
+ * Load the raw markdown manifest file content (full documentation with frontmatter)
+ * Checks for SKILL.md first (preferred), then falls back to enact.md
  */
-function loadEnactMd(toolDir: string): string | undefined {
+function loadRawManifest(toolDir: string): string | undefined {
+  // Check SKILL.md first (preferred format)
+  const skillMdPath = join(toolDir, "SKILL.md");
+  if (existsSync(skillMdPath)) {
+    return readFileSync(skillMdPath, "utf-8");
+  }
+  // Fall back to enact.md
   const enactMdPath = join(toolDir, "enact.md");
   if (existsSync(enactMdPath)) {
     return readFileSync(enactMdPath, "utf-8");
@@ -196,10 +208,18 @@ async function publishHandler(
   header(`Publishing ${toolName}@${version}`);
   newline();
 
+  // Determine visibility (private by default for security)
+  const visibility: ToolVisibility = options.public
+    ? "public"
+    : options.unlisted
+      ? "unlisted"
+      : "private";
+
   // Show what we're publishing
   keyValue("Name", toolName);
   keyValue("Version", version);
   keyValue("Description", manifest.description);
+  keyValue("Visibility", visibility);
   if (manifest.tags && manifest.tags.length > 0) {
     keyValue("Tags", manifest.tags.join(", "));
   }
@@ -283,6 +303,7 @@ async function publishHandler(
     info("Would publish to registry:");
     keyValue("Tool", toolName);
     keyValue("Version", version);
+    keyValue("Visibility", visibility);
     keyValue("Source", toolDir);
 
     // Show files that would be bundled
@@ -299,10 +320,10 @@ async function publishHandler(
     return;
   }
 
-  // Load the full enact.md content (frontmatter + documentation)
-  const enactMdContent = loadEnactMd(toolDir);
-  if (enactMdContent) {
-    info("Found enact.md documentation");
+  // Load the full markdown manifest content (SKILL.md or enact.md)
+  const rawManifestContent = loadRawManifest(toolDir);
+  if (rawManifestContent) {
+    info("Found markdown documentation (SKILL.md or enact.md)");
   }
 
   // Create bundle
@@ -318,7 +339,8 @@ async function publishHandler(
       name: toolName,
       manifest: manifest as unknown as Record<string, unknown>,
       bundle,
-      rawManifest: enactMdContent,
+      rawManifest: rawManifestContent,
+      visibility,
     });
   });
 
@@ -330,10 +352,15 @@ async function publishHandler(
 
   // Success output
   newline();
-  success(`Published ${result.name}@${result.version}`);
+  success(`Published ${result.name}@${result.version} (${visibility})`);
   keyValue("Bundle Hash", result.bundleHash);
   keyValue("Published At", result.publishedAt.toISOString());
   newline();
+  if (visibility === "private") {
+    dim("This tool is private - only you can access it.");
+  } else if (visibility === "unlisted") {
+    dim("This tool is unlisted - accessible via direct link, not searchable.");
+  }
   dim(`Install with: enact install ${toolName}`);
 }
 
@@ -349,6 +376,8 @@ export function configurePublishCommand(program: Command): void {
     .option("-v, --verbose", "Show detailed output")
     .option("--skip-auth", "Skip authentication (for local development)")
     .option("--json", "Output as JSON")
+    .option("--public", "Publish as public (searchable by everyone)")
+    .option("--unlisted", "Publish as unlisted (accessible via direct link, not searchable)")
     .action(async (pathArg: string | undefined, options: PublishOptions) => {
       const resolvedPath = pathArg ?? ".";
       const ctx: CommandContext = {

package/src/commands/sign/index.ts

@@ -7,12 +7,18 @@
  *
  * Supports both local paths and remote tool references:
  *   - Local: enact sign ./my-tool
- *   - Remote: enact sign author/tool@1.0.0
+ *   - Remote: enact sign author/tool         (prompts for version)
+ *   - Remote: enact sign author/tool@1.0.0   (specific version)
  */
 
 import { readFileSync, writeFileSync } from "node:fs";
 import { dirname, join, resolve } from "node:path";
-import { createApiClient, getToolVersion, submitAttestationToRegistry } from "@enactprotocol/api";
+import {
+  createApiClient,
+  getToolInfo,
+  getToolVersion,
+  submitAttestationToRegistry,
+} from "@enactprotocol/api";
 import { getSecret } from "@enactprotocol/secrets";
 import {
   addTrustedAuditor,
@@ -42,6 +48,7 @@ import {
   json,
   keyValue,
   newline,
+  select,
   success,
   symbols,
   warning,
@@ -63,26 +70,37 @@ interface SignOptions extends GlobalOptions {
 const DEFAULT_BUNDLE_FILENAME = ".sigstore-bundle.json";
 
 /**
- * Parse a remote tool reference like "author/tool@1.0.0"
- * Returns null if not a valid remote reference
+ * Parse a remote tool reference like "author/tool@1.0.0" or "author/tool"
+ * Version is optional - if not provided, will prompt user to select
+ * Returns null if not a valid remote reference (i.e., looks like a local path)
  */
-function parseRemoteToolRef(ref: string): { name: string; version: string } | null {
+function parseRemoteToolRef(ref: string): { name: string; version: string | undefined } | null {
   // Remote refs look like: author/tool@version or org/author/tool@version
-  // They don't start with . or / and contain @ for version
+  // They don't start with . or / and must contain at least one /
   if (ref.startsWith(".") || ref.startsWith("/") || ref.startsWith("~")) {
     return null;
   }
 
+  // Must have at least one / in the name (author/tool format)
+  if (!ref.includes("/")) {
+    return null;
+  }
+
   const atIndex = ref.lastIndexOf("@");
-  if (atIndex === -1 || atIndex === 0) {
+  if (atIndex === -1) {
+    // No version specified - that's OK, we'll prompt for it
+    return { name: ref, version: undefined };
+  }
+
+  if (atIndex === 0) {
     return null;
   }
 
   const name = ref.substring(0, atIndex);
   const version = ref.substring(atIndex + 1);
 
-  // Must have at least one / in the name (author/tool)
-  if (!name.includes("/") || !version) {
+  // Version after @ must not be empty
+  if (!version) {
     return null;
   }
 
@@ -276,9 +294,9 @@ function displayResult(
  * Sign a remote tool from the registry
  */
 async function signRemoteTool(
-  toolRef: { name: string; version: string },
+  toolRef: { name: string; version: string | undefined },
   options: SignOptions,
-  _ctx: CommandContext
+  ctx: CommandContext
 ): Promise<void> {
   const config = loadConfig();
   const registryUrl =
@@ -308,14 +326,71 @@ async function signRemoteTool(
     newline();
   }
 
+  // Resolve version - prompt if not provided
+  let targetVersion = toolRef.version;
+
+  if (!targetVersion) {
+    // Fetch tool info to get available versions
+    info(`Fetching versions for ${toolRef.name}...`);
+
+    let toolMetadata: Awaited<ReturnType<typeof getToolInfo>>;
+    try {
+      toolMetadata = await getToolInfo(client, toolRef.name);
+    } catch (err) {
+      error(`Tool not found: ${toolRef.name}`);
+      if (err instanceof Error) {
+        dim(`  ${err.message}`);
+      }
+      process.exit(1);
+    }
+
+    if (toolMetadata.versions.length === 0) {
+      error(`No published versions found for ${toolRef.name}`);
+      process.exit(1);
+    }
+
+    // Filter out yanked versions for selection (unless there are no non-yanked versions)
+    const availableVersions = toolMetadata.versions.filter((v) => !v.yanked);
+    const versionsToShow = availableVersions.length > 0 ? availableVersions : toolMetadata.versions;
+
+    if (ctx.isInteractive) {
+      // Prompt user to select a version
+      newline();
+      const selectedVersion = await select(
+        "Select a version to sign:",
+        versionsToShow.map((v) => {
+          const option: { value: string; label: string; hint?: string } = {
+            value: v.version,
+            label: v.version + (v.version === toolMetadata.latestVersion ? " (latest)" : ""),
+          };
+          if (v.yanked) {
+            option.hint = "yanked";
+          }
+          return option;
+        })
+      );
+
+      if (!selectedVersion) {
+        info("Signing cancelled");
+        return;
+      }
+
+      targetVersion = selectedVersion;
+    } else {
+      // Non-interactive: use latest version
+      targetVersion = toolMetadata.latestVersion;
+      info(`Using latest version: ${targetVersion}`);
+    }
+  }
+
   // Fetch tool info from registry
-  info(`Fetching ${toolRef.name}@${toolRef.version} from registry...`);
+  info(`Fetching ${toolRef.name}@${targetVersion} from registry...`);
 
   let toolInfo: Awaited<ReturnType<typeof getToolVersion>>;
   try {
-    toolInfo = await getToolVersion(client, toolRef.name, toolRef.version);
+    toolInfo = await getToolVersion(client, toolRef.name, targetVersion);
   } catch (err) {
-    error(`Tool not found: ${toolRef.name}@${toolRef.version}`);
+    error(`Tool not found: ${toolRef.name}@${targetVersion}`);
     if (err instanceof Error) {
       dim(`  ${err.message}`);
     }
@@ -357,7 +432,7 @@ async function signRemoteTool(
   }
 
   // Confirm signing
-  if (_ctx.isInteractive) {
+  if (ctx.isInteractive) {
     newline();
     const shouldSign = await confirm(
       `Sign ${toolInfo.name}@${toolInfo.version} with your identity?`,
@@ -466,10 +541,10 @@ async function signRemoteTool(
     }
 
     // Prompt to add to trust list - extract issuer from bundle for correct identity format
-    if (_ctx.isInteractive && !options.json) {
+    if (ctx.isInteractive && !options.json) {
       const certificate = extractCertificateFromBundle(result.bundle);
       const issuer = certificate?.identity?.issuer;
-      await promptAddToTrustList(attestationResult.auditor, _ctx.isInteractive, issuer);
+      await promptAddToTrustList(attestationResult.auditor, ctx.isInteractive, issuer);
     }
 
     if (options.json) {
@@ -719,7 +794,7 @@ export function configureSignCommand(program: Command): void {
     .description("Cryptographically sign a tool and submit attestation to registry")
     .argument(
       "<path>",
-      "Path to tool directory, manifest file, or remote tool (author/tool@version)"
+      "Path to tool directory, manifest file, or remote tool (author/tool or author/tool@version)"
     )
     .option("-i, --identity <email>", "Sign with specific identity (uses OAuth)")
     .option("-o, --output <path>", "Output path for signature bundle (local only)")

package/src/commands/visibility/index.ts

@@ -0,0 +1,154 @@
+/**
+ * enact visibility command
+ *
+ * Change the visibility of a published tool.
+ */
+
+import { getSecret } from "@enactprotocol/secrets";
+import { loadConfig } from "@enactprotocol/shared";
+import type { Command } from "commander";
+import type { CommandContext, GlobalOptions } from "../../types";
+import {
+  dim,
+  error,
+  extractNamespace,
+  formatError,
+  getCurrentUsername,
+  header,
+  info,
+  json,
+  newline,
+  success,
+} from "../../utils";
+
+/** Auth namespace for token storage */
+const AUTH_NAMESPACE = "enact:auth";
+const ACCESS_TOKEN_KEY = "access_token";
+
+/** Valid visibility levels */
+const VALID_VISIBILITIES = ["public", "private", "unlisted"] as const;
+type Visibility = (typeof VALID_VISIBILITIES)[number];
+
+interface VisibilityOptions extends GlobalOptions {
+  json?: boolean;
+}
+
+/**
+ * Visibility command handler
+ */
+async function visibilityHandler(
+  tool: string,
+  visibility: string,
+  options: VisibilityOptions,
+  _ctx: CommandContext
+): Promise<void> {
+  // Validate visibility value
+  if (!VALID_VISIBILITIES.includes(visibility as Visibility)) {
+    error(`Invalid visibility: ${visibility}`);
+    newline();
+    dim(`Valid values: ${VALID_VISIBILITIES.join(", ")}`);
+    process.exit(1);
+  }
+
+  header(`Changing visibility for ${tool}`);
+  newline();
+
+  // Pre-flight namespace check
+  const currentUsername = await getCurrentUsername();
+  if (currentUsername) {
+    const toolNamespace = extractNamespace(tool);
+    if (toolNamespace !== currentUsername) {
+      error(
+        `Namespace mismatch: Tool namespace "${toolNamespace}" does not match your username "${currentUsername}".`
+      );
+      newline();
+      dim("You can only change visibility for your own tools.");
+      process.exit(1);
+    }
+  }
+
+  // Get registry URL from config or environment
+  const config = loadConfig();
+  const registryUrl =
+    process.env.ENACT_REGISTRY_URL ??
+    config.registry?.url ??
+    "https://siikwkfgsmouioodghho.supabase.co/functions/v1";
+
+  // Get auth token
+  let authToken = await getSecret(AUTH_NAMESPACE, ACCESS_TOKEN_KEY);
+  if (!authToken) {
+    authToken = config.registry?.authToken ?? process.env.ENACT_AUTH_TOKEN ?? null;
+  }
+  if (!authToken) {
+    error("Not authenticated. Please run: enact auth login");
+    process.exit(1);
+  }
+
+  // Make the API request to change visibility
+  const response = await fetch(`${registryUrl}/tools/${tool}/visibility`, {
+    method: "PATCH",
+    headers: {
+      Authorization: `Bearer ${authToken}`,
+      "Content-Type": "application/json",
+    },
+    body: JSON.stringify({ visibility }),
+  });
+
+  if (!response.ok) {
+    const errorText = await response.text();
+    try {
+      const errorJson = JSON.parse(errorText);
+      error(`Failed to change visibility: ${errorJson.error?.message ?? errorText}`);
+    } catch {
+      error(`Failed to change visibility: ${errorText}`);
+    }
+    process.exit(1);
+  }
+
+  // Parse response (we don't use it but need to consume the body)
+  await response.json();
+
+  // JSON output
+  if (options.json) {
+    json({ tool, visibility, success: true });
+    return;
+  }
+
+  // Success output
+  success(`${tool} is now ${visibility}`);
+  newline();
+
+  if (visibility === "private") {
+    info("This tool is now private - only you can access it.");
+  } else if (visibility === "unlisted") {
+    info("This tool is now unlisted - accessible via direct link, but not searchable.");
+  } else {
+    info("This tool is now public - anyone can find and install it.");
+  }
+}
+
+/**
+ * Configure the visibility command
+ */
+export function configureVisibilityCommand(program: Command): void {
+  program
+    .command("visibility <tool> <visibility>")
+    .description("Change tool visibility (public, private, or unlisted)")
+    .option("--json", "Output as JSON")
+    .option("-v, --verbose", "Show detailed output")
+    .action(async (tool: string, visibility: string, options: VisibilityOptions) => {
+      const ctx: CommandContext = {
+        cwd: process.cwd(),
+        options,
+        isCI: Boolean(process.env.CI),
+        isInteractive: process.stdout.isTTY ?? false,
+      };
+
+      try {
+        await visibilityHandler(tool, visibility, options, ctx);
+      } catch (err) {
+        error(formatError(err));
+        process.exit(1);
+      }
+    });
+}

package/src/index.ts

@@ -15,7 +15,7 @@ import {
   configureConfigCommand,
   configureEnvCommand,
   configureExecCommand,
-  configureGetCommand,
+  configureInfoCommand,
   configureInitCommand,
   configureInspectCommand,
   configureInstallCommand,
@@ -29,11 +29,12 @@ import {
   configureSignCommand,
   configureTrustCommand,
   configureUnyankCommand,
+  configureVisibilityCommand,
   configureYankCommand,
 } from "./commands";
 import { error, formatError } from "./utils";
 
-export const version = "2.1.7";
+export const version = "2.1.14";
 
 // Export types for external use
 export type { GlobalOptions, CommandContext } from "./types";
@@ -63,7 +64,7 @@ async function main() {
 
   // Registry commands (Phase 8)
   configureSearchCommand(program);
-  configureGetCommand(program);
+  configureInfoCommand(program);
   configureLearnCommand(program);
   configurePublishCommand(program);
   configureAuthCommand(program);
@@ -78,6 +79,9 @@ async function main() {
   configureYankCommand(program);
   configureUnyankCommand(program);
 
+  // Private tools - visibility management
+  configureVisibilityCommand(program);
+
   // Global error handler - handle Commander's help/version exits gracefully
   program.exitOverride((err) => {
     // Commander throws errors for help, version, and other "exit" scenarios

package/tests/commands/{get.test.ts → info.test.ts}

@@ -1,64 +1,66 @@
 /**
- * Tests for the get command
+ * Tests for the info command
  */
 
 import { describe, expect, test } from "bun:test";
 import type { ToolVersionInfo } from "@enactprotocol/api";
 import { Command } from "commander";
-import { configureGetCommand } from "../../src/commands/get";
+import { configureInfoCommand } from "../../src/commands/info";
 
-describe("get command", () => {
+describe("info command", () => {
   describe("command configuration", () => {
-    test("configures get command on program", () => {
+    test("configures info command on program", () => {
       const program = new Command();
-      configureGetCommand(program);
+      configureInfoCommand(program);
 
-      const getCmd = program.commands.find((cmd) => cmd.name() === "get");
-      expect(getCmd).toBeDefined();
+      const infoCmd = program.commands.find((cmd) => cmd.name() === "info");
+      expect(infoCmd).toBeDefined();
     });
 
     test("has correct description", () => {
       const program = new Command();
-      configureGetCommand(program);
+      configureInfoCommand(program);
 
-      const getCmd = program.commands.find((cmd) => cmd.name() === "get");
-      expect(getCmd?.description()).toBe("Show detailed information about a tool");
+      const infoCmd = program.commands.find((cmd) => cmd.name() === "info");
+      expect(infoCmd?.description()).toBe(
+        "Show detailed information about a tool (local path or registry)"
+      );
     });
 
-    test("has info as alias", () => {
+    test("has get as alias", () => {
       const program = new Command();
-      configureGetCommand(program);
+      configureInfoCommand(program);
 
-      const getCmd = program.commands.find((cmd) => cmd.name() === "get");
-      expect(getCmd?.aliases()).toContain("info");
+      const infoCmd = program.commands.find((cmd) => cmd.name() === "info");
+      expect(infoCmd?.aliases()).toContain("get");
     });
 
     test("accepts tool argument", () => {
       const program = new Command();
-      configureGetCommand(program);
+      configureInfoCommand(program);
 
-      const getCmd = program.commands.find((cmd) => cmd.name() === "get");
-      const args = getCmd?.registeredArguments ?? [];
+      const infoCmd = program.commands.find((cmd) => cmd.name() === "info");
+      const args = infoCmd?.registeredArguments ?? [];
       expect(args.length).toBeGreaterThan(0);
       expect(args[0]?.name()).toBe("tool");
     });
 
     test("has --ver option for specifying version", () => {
       const program = new Command();
-      configureGetCommand(program);
+      configureInfoCommand(program);
 
-      const getCmd = program.commands.find((cmd) => cmd.name() === "get");
-      const opts = getCmd?.options ?? [];
+      const infoCmd = program.commands.find((cmd) => cmd.name() === "info");
+      const opts = infoCmd?.options ?? [];
       const verOpt = opts.find((o) => o.long === "--ver");
       expect(verOpt).toBeDefined();
     });
 
     test("has -v short option for verbose (not version)", () => {
       const program = new Command();
-      configureGetCommand(program);
+      configureInfoCommand(program);
 
-      const getCmd = program.commands.find((cmd) => cmd.name() === "get");
-      const opts = getCmd?.options ?? [];
+      const infoCmd = program.commands.find((cmd) => cmd.name() === "info");
+      const opts = infoCmd?.options ?? [];
       // -v is for verbose, not version (--ver is for version)
       const verboseOpt = opts.find((o) => o.short === "-v");
       expect(verboseOpt).toBeDefined();
@@ -67,20 +69,20 @@ describe("get command", () => {
 
     test("has --json option", () => {
       const program = new Command();
-      configureGetCommand(program);
+      configureInfoCommand(program);
 
-      const getCmd = program.commands.find((cmd) => cmd.name() === "get");
-      const opts = getCmd?.options ?? [];
+      const infoCmd = program.commands.find((cmd) => cmd.name() === "info");
+      const opts = infoCmd?.options ?? [];
       const jsonOpt = opts.find((o) => o.long === "--json");
       expect(jsonOpt).toBeDefined();
     });
 
     test("has --verbose option", () => {
       const program = new Command();
-      configureGetCommand(program);
+      configureInfoCommand(program);
 
-      const getCmd = program.commands.find((cmd) => cmd.name() === "get");
-      const opts = getCmd?.options ?? [];
+      const infoCmd = program.commands.find((cmd) => cmd.name() === "info");
+      const opts = infoCmd?.options ?? [];
       const verboseOpt = opts.find((o) => o.long === "--verbose");
       expect(verboseOpt).toBeDefined();
     });
@@ -249,12 +251,12 @@ Documentation here.`;
       expect(enactMdContent).toContain("Documentation here.");
     });
 
-    test("verbose option is available on get command", () => {
+    test("verbose option is available on info command", () => {
       const program = new Command();
-      configureGetCommand(program);
+      configureInfoCommand(program);
 
-      const getCmd = program.commands.find((cmd) => cmd.name() === "get");
-      const opts = getCmd?.options ?? [];
+      const infoCmd = program.commands.find((cmd) => cmd.name() === "info");
+      const opts = infoCmd?.options ?? [];
 
       // Check both short and long form exist
       const verboseOpt = opts.find((o) => o.long === "--verbose");

package/tests/commands/init.test.ts

@@ -159,7 +159,7 @@ describe("init command", () => {
       expect(content).toEqual({ tools: {} });
     });
 
-    test("--tool mode creates enact.md", async () => {
+    test("--tool mode creates SKILL.md", async () => {
       const program = new Command();
       program.exitOverride(); // Prevent process.exit
       configureInitCommand(program);
@@ -176,7 +176,7 @@ describe("init command", () => {
         process.chdir(originalCwd);
       }
 
-      const manifestPath = join(testDir, "enact.md");
+      const manifestPath = join(testDir, "SKILL.md");
       expect(existsSync(manifestPath)).toBe(true);
 
       const content = readFileSync(manifestPath, "utf-8");
@@ -206,7 +206,7 @@ describe("init command", () => {
 
       const content = readFileSync(agentsPath, "utf-8");
       expect(content).toContain("enact run");
-      expect(content).toContain("enact.md");
+      expect(content).toContain("SKILL.md");
       expect(content).toContain("Parameter Substitution");
     });
 
@@ -395,7 +395,7 @@ describe("init command", () => {
       expect(existsSync(toolsJsonPath)).toBe(false);
     });
 
-    test("enact.md contains valid YAML frontmatter", async () => {
+    test("SKILL.md contains valid YAML frontmatter", async () => {
       const program = new Command();
       program.exitOverride();
       configureInitCommand(program);
@@ -418,7 +418,7 @@ describe("init command", () => {
         process.chdir(originalCwd);
       }
 
-      const content = readFileSync(join(testDir, "enact.md"), "utf-8");
+      const content = readFileSync(join(testDir, "SKILL.md"), "utf-8");
 
       // Check frontmatter structure
       expect(content.startsWith("---")).toBe(true);
@@ -522,7 +522,7 @@ describe("init command", () => {
         process.chdir(originalCwd);
       }
 
-      const content = readFileSync(join(testDir, "enact.md"), "utf-8");
+      const content = readFileSync(join(testDir, "SKILL.md"), "utf-8");
 
       // Required fields per spec
       expect(content).toContain("name:");