@ericsanchezok/synergy-plugin-kit 2.2.1

package/dist/commands/sign.js

@@ -0,0 +1,120 @@
+import path from "path";
+import fs from "fs";
+import { EOL } from "os";
+import { subtle } from "node:crypto";
+import { PluginManifest } from "@ericsanchezok/synergy-plugin";
+import { cmd } from "../cmd";
+import { UI } from "../ui";
+import { SIGNING_KEYS_DIR, SIGNING_KEY_FILE } from "../lib/paths";
+import { sha256Content, sha256File } from "../lib/crypto";
+function extractFromTarball(tarballPath, memberPath) {
+    const result = Bun.spawnSync(["tar", "-xOf", tarballPath, memberPath], { stdout: "pipe", stderr: "pipe" });
+    if (result.exitCode !== 0)
+        return null;
+    return new TextDecoder().decode(result.stdout);
+}
+function readKeyFile() {
+    try {
+        return JSON.parse(fs.readFileSync(SIGNING_KEY_FILE, "utf-8"));
+    }
+    catch {
+        return null;
+    }
+}
+function writeKeyFile(key) {
+    fs.mkdirSync(SIGNING_KEYS_DIR, { recursive: true });
+    fs.writeFileSync(SIGNING_KEY_FILE, JSON.stringify(key, null, 2), { mode: 0o600 });
+}
+async function generateKeyPair() {
+    const key = (await subtle.generateKey("Ed25519", true, ["sign", "verify"]));
+    const privRaw = await subtle.exportKey("pkcs8", key.privateKey);
+    const pubRaw = await subtle.exportKey("raw", key.publicKey);
+    return {
+        privateKey: Buffer.from(privRaw).toString("hex"),
+        publicKey: Buffer.from(pubRaw).toString("hex"),
+    };
+}
+async function importPrivateKey(hex) {
+    return subtle.importKey("pkcs8", Buffer.from(hex, "hex"), "Ed25519", false, ["sign"]);
+}
+export async function signPluginTarball(tarballPath, options = {}) {
+    if (!fs.existsSync(tarballPath))
+        throw new Error(`Tarball not found: ${tarballPath}`);
+    UI.println(`${UI.Style.TEXT_NORMAL_BOLD}Signing${UI.Style.TEXT_NORMAL} ${path.basename(tarballPath)}`);
+    const tarballHash = sha256File(tarballPath);
+    const manifestRaw = extractFromTarball(tarballPath, "plugin.normalized.json");
+    if (!manifestRaw)
+        throw new Error("Failed to extract plugin.normalized.json from tarball. Has the plugin been built?");
+    let manifest;
+    try {
+        manifest = PluginManifest.parse(JSON.parse(manifestRaw));
+    }
+    catch {
+        throw new Error("Failed to parse plugin.normalized.json from tarball");
+    }
+    const permissionsRaw = extractFromTarball(tarballPath, "permissions.summary.json");
+    if (!permissionsRaw) {
+        throw new Error("Failed to extract permissions.summary.json from tarball. Has the plugin been built?");
+    }
+    let keyFile = readKeyFile();
+    let isNewKey = false;
+    if (!keyFile) {
+        UI.println(`  ${UI.Style.TEXT_DIM}No signing key found. Generating new ed25519 keypair...${UI.Style.TEXT_NORMAL}`);
+        keyFile = await generateKeyPair();
+        writeKeyFile(keyFile);
+        isNewKey = true;
+    }
+    const payload = {
+        tarballHash,
+        manifestHash: sha256Content(manifestRaw),
+        permissionsHash: sha256Content(permissionsRaw),
+    };
+    const privateKey = await importPrivateKey(keyFile.privateKey);
+    const sigRaw = await subtle.sign("Ed25519", privateKey, new TextEncoder().encode(JSON.stringify(payload)));
+    const signature = {
+        signatureVersion: 1,
+        pluginId: manifest.name,
+        version: manifest.version,
+        algorithm: "ed25519",
+        signer: keyFile.publicKey,
+        signature: Buffer.from(sigRaw).toString("hex"),
+        signedAt: Date.now(),
+        payload,
+    };
+    const sigPath = `${tarballPath}.sig`;
+    const rendered = JSON.stringify(signature, null, 2) + EOL;
+    fs.writeFileSync(sigPath, rendered);
+    if (options.stdout)
+        process.stdout.write(rendered);
+    UI.println(`${UI.Style.TEXT_SUCCESS}✔${UI.Style.TEXT_NORMAL} Signed ${manifest.name} v${manifest.version}`);
+    if (isNewKey)
+        UI.println(`  ${UI.Style.TEXT_DIM}New signing key generated${UI.Style.TEXT_NORMAL}`);
+    UI.println(`  ${UI.Style.TEXT_DIM}Signature:${UI.Style.TEXT_NORMAL} ${sigPath}`);
+    UI.println(`  ${UI.Style.TEXT_DIM}Signer:${UI.Style.TEXT_NORMAL} ${keyFile.publicKey.slice(0, 16)}...`);
+    UI.println(`  ${UI.Style.TEXT_DIM}Key stored at:${UI.Style.TEXT_NORMAL} ${SIGNING_KEY_FILE}`);
+    return sigPath;
+}
+export const PluginSignCommand = cmd({
+    command: "sign <tarball>",
+    describe: "sign a plugin package tarball",
+    builder: (yargs) => yargs
+        .positional("tarball", {
+        type: "string",
+        describe: "path to .synergy-plugin.tgz tarball",
+        demandOption: true,
+    })
+        .option("stdout", {
+        type: "boolean",
+        default: false,
+        describe: "also print the signature JSON to stdout",
+    }),
+    async handler(args) {
+        try {
+            await signPluginTarball(path.resolve(args.tarball), { stdout: Boolean(args.stdout) });
+        }
+        catch (error) {
+            UI.error(error instanceof Error ? error.message : String(error));
+            process.exitCode = 1;
+        }
+    },
+});

package/dist/commands/test.d.ts

@@ -0,0 +1,5 @@
+export declare const PluginTestCommand: import("yargs").CommandModule<{}, {
+    path: string | undefined;
+} & {
+    "--"?: string[];
+}>;

package/dist/commands/test.js

@@ -0,0 +1,40 @@
+import path from "path";
+import fs from "fs";
+import { cmd } from "../cmd";
+import { UI } from "../ui";
+function findTestFiles(pluginDir) {
+    const testDir = path.join(pluginDir, "test");
+    if (!fs.existsSync(testDir))
+        return [];
+    return fs
+        .readdirSync(testDir)
+        .filter((file) => file.endsWith(".test.ts") || file.endsWith(".test.tsx") || file.endsWith(".spec.ts"));
+}
+export const PluginTestCommand = cmd({
+    command: "test [path]",
+    describe: "run plugin tests",
+    builder: (yargs) => yargs.positional("path", {
+        type: "string",
+        describe: "path to plugin directory (defaults to cwd)",
+    }),
+    async handler(args) {
+        const pluginDir = path.resolve(args.path ?? process.cwd());
+        if (!fs.existsSync(pluginDir)) {
+            UI.error(`Directory not found: ${pluginDir}`);
+            process.exitCode = 1;
+            return;
+        }
+        const testFiles = findTestFiles(pluginDir);
+        if (testFiles.length === 0) {
+            UI.println(`${UI.Style.TEXT_DIM}No plugin tests found. Add test/*.test.ts files and rerun synergy-plugin test.${UI.Style.TEXT_NORMAL}`);
+            return;
+        }
+        UI.println(`${UI.Style.TEXT_NORMAL_BOLD}Running tests${UI.Style.TEXT_NORMAL} in ${pluginDir}`);
+        UI.println(`${UI.Style.TEXT_DIM}Test files found: ${testFiles.join(", ")}${UI.Style.TEXT_NORMAL}`);
+        UI.println();
+        const proc = Bun.spawn(["bun", "test"], { cwd: pluginDir, stdout: "inherit", stderr: "inherit" });
+        const code = await proc.exited;
+        if (code !== 0)
+            process.exitCode = 1;
+    },
+});

package/dist/commands/validate.d.ts

@@ -0,0 +1,10 @@
+export declare function validatePluginProject(pluginPath: string, options?: {
+    runtimeDiscovery?: boolean;
+}): Promise<void>;
+export declare const PluginValidateCommand: import("yargs").CommandModule<{}, {
+    path: string | undefined;
+} & {
+    "runtime-discovery": boolean;
+} & {
+    "--"?: string[];
+}>;

package/dist/commands/validate.js

@@ -0,0 +1,348 @@
+import path from "path";
+import fs from "fs";
+import { EOL } from "os";
+import { PluginManifest } from "@ericsanchezok/synergy-plugin";
+import { cmd } from "../cmd";
+import { UI } from "../ui";
+import { PluginId } from "../lib/ids";
+import { baseCapabilities } from "../lib/capability";
+import { computeRisk } from "../lib/risk";
+import { validateRuntimePolicy } from "../lib/runtime-policy";
+import { validateRuntimeDiscovery } from "../lib/runtime-discovery";
+import { assertCanonicalPluginIdentity, importUrlForEntry, resolveEntryFromPluginDir } from "../lib/spec";
+function scanExports(source) {
+    const names = new Set();
+    const declRe = /^export\s+(?:const|function|class|interface|type|let|var)\s+(\w+)/gm;
+    let match;
+    while ((match = declRe.exec(source)) !== null)
+        names.add(match[1]);
+    const listRe = /^export\s*\{([^}]+)\}/gm;
+    while ((match = listRe.exec(source)) !== null) {
+        for (const spec of match[1].split(",")) {
+            const name = spec
+                .trim()
+                .split(/\s+as\s+/)[0]
+                ?.trim();
+            if (name)
+                names.add(name);
+        }
+    }
+    if (/^export\s+default\s+(?:function|class|async\s+function)\b/m.test(source))
+        names.add("default");
+    if (/^export\s+default\s+[$A-Z_a-z][$\w]*\s*;?$/m.test(source))
+        names.add("default");
+    return [...names];
+}
+function isValidJsonSchema(obj) {
+    if (!obj || typeof obj !== "object" || Array.isArray(obj))
+        return false;
+    const schema = obj;
+    const keywords = [
+        "type",
+        "properties",
+        "required",
+        "items",
+        "anyOf",
+        "oneOf",
+        "allOf",
+        "enum",
+        "const",
+        "additionalProperties",
+        "patternProperties",
+        "$ref",
+        "$defs",
+        "definitions",
+        "title",
+        "description",
+        "default",
+        "examples",
+        "format",
+        "minimum",
+        "maximum",
+        "minLength",
+        "maxLength",
+        "minItems",
+        "maxItems",
+        "uniqueItems",
+        "pattern",
+    ];
+    return keywords.some((key) => key in schema);
+}
+function findUiSource(pluginDir) {
+    const candidates = ["src/ui.tsx", "src/ui/index.tsx", "src/ui.ts", "src/ui/index.ts"];
+    return candidates.map((candidate) => path.join(pluginDir, candidate)).find((candidate) => fs.existsSync(candidate));
+}
+function printResults(results) {
+    const passCount = results.filter((result) => result.type === "pass").length;
+    const warnCount = results.filter((result) => result.type === "warn").length;
+    const errorCount = results.filter((result) => result.type === "error").length;
+    for (const result of results) {
+        const prefix = result.type === "pass"
+            ? `${UI.Style.TEXT_SUCCESS}✓${UI.Style.TEXT_NORMAL}`
+            : result.type === "warn"
+                ? `${UI.Style.TEXT_WARNING}⚠${UI.Style.TEXT_NORMAL}`
+                : `${UI.Style.TEXT_DANGER}✗${UI.Style.TEXT_NORMAL}`;
+        process.stdout.write(`${prefix} ${result.message}${EOL}`);
+    }
+    process.stdout.write(EOL);
+    const parts = [];
+    if (passCount > 0)
+        parts.push(`${passCount} passed`);
+    if (warnCount > 0)
+        parts.push(`${warnCount} warning${warnCount !== 1 ? "s" : ""}`);
+    if (errorCount > 0)
+        parts.push(`${errorCount} error${errorCount !== 1 ? "s" : ""}`);
+    process.stdout.write(parts.join(", ") + EOL);
+    if (errorCount > 0)
+        process.exitCode = 1;
+}
+export async function validatePluginProject(pluginPath, options = {}) {
+    const results = [];
+    const resolved = path.isAbsolute(pluginPath) ? pluginPath : path.resolve(process.cwd(), pluginPath);
+    const manifestPath = fs.statSync(resolved).isDirectory() ? path.join(resolved, "plugin.json") : resolved;
+    const pluginDir = path.dirname(manifestPath);
+    let rawManifest;
+    let manifest = null;
+    try {
+        rawManifest = JSON.parse(fs.readFileSync(manifestPath, "utf-8"));
+        manifest = PluginManifest.safeParse(rawManifest);
+        if (manifest.success) {
+            results.push({ type: "pass", message: "manifest schema valid" });
+        }
+        else {
+            const issues = manifest.error.issues.map((issue) => `  • ${issue.path.join(".")}: ${issue.message}`).join(EOL);
+            results.push({ type: "error", message: `manifest schema invalid${EOL}${issues}` });
+        }
+    }
+    catch (error) {
+        const msg = error instanceof Error ? error.message : String(error);
+        results.push({
+            type: "error",
+            message: rawManifest === undefined ? `manifest not found at ${manifestPath}` : `invalid JSON: ${msg}`,
+        });
+        printResults(results);
+        return;
+    }
+    if (!manifest?.success) {
+        printResults(results);
+        return;
+    }
+    const m = manifest.data;
+    const id = rawManifest?.id ?? m.name;
+    if (id && PluginId.isValid(id))
+        results.push({ type: "pass", message: `id "${id}" valid` });
+    else
+        results.push({ type: "error", message: `id "${id ?? ""}" invalid - must be lowercase alphanumeric with dashes` });
+    if (m.version)
+        results.push({ type: "pass", message: `version ${m.version}` });
+    else
+        results.push({ type: "error", message: "version missing" });
+    if (m.contributes?.tools && m.contributes.tools.length > 0) {
+        if (m.permissions?.tools)
+            results.push({ type: "pass", message: "permissions declared" });
+        else
+            results.push({ type: "error", message: "tools contributed but permissions.tools not declared" });
+    }
+    if (m.contributes?.ui) {
+        const ui = m.contributes.ui;
+        if (ui.entry) {
+            const entryPath = path.resolve(pluginDir, ui.entry);
+            const uiSource = findUiSource(pluginDir);
+            if (fs.existsSync(entryPath)) {
+                results.push({ type: "pass", message: `UI entry ${ui.entry} exists` });
+            }
+            else if (uiSource) {
+                results.push({
+                    type: "pass",
+                    message: `UI entry ${ui.entry} will be built from ${path.relative(pluginDir, uiSource)}`,
+                });
+            }
+            else {
+                results.push({ type: "error", message: `UI entry ${ui.entry} not found` });
+            }
+            if (uiSource) {
+                const exports = scanExports(fs.readFileSync(uiSource, "utf-8"));
+                const checkExport = (category, items) => {
+                    for (const item of items ?? []) {
+                        const exportName = item.exportName || "default";
+                        if (!exports.includes(exportName)) {
+                            const label = item.id ?? item.tool ?? exportName;
+                            results.push({
+                                type: "error",
+                                message: `${category} "${label}" exportName "${exportName}" not found in UI entry`,
+                            });
+                        }
+                    }
+                };
+                checkExport("workspacePanel", ui.workspacePanels);
+                checkExport("globalPanel", ui.globalPanels);
+                checkExport("settings", ui.settings);
+                checkExport("toolRenderer", ui.toolRenderers);
+                checkExport("partRenderer", ui.partRenderers);
+                checkExport("chatComponent", ui.chatComponents);
+                checkExport("uiCommand", ui.commands);
+            }
+        }
+        for (const icon of ui.icons ?? []) {
+            if (!fs.existsSync(path.resolve(pluginDir, icon.path))) {
+                results.push({ type: "error", message: `icon "${icon.name}" path ${icon.path} not found` });
+            }
+        }
+        for (const theme of ui.themes ?? []) {
+            if (!fs.existsSync(path.resolve(pluginDir, theme.path))) {
+                results.push({ type: "error", message: `theme "${theme.id}" path ${theme.path} not found` });
+            }
+        }
+        for (const route of ui.routes ?? []) {
+            if (!fs.existsSync(path.resolve(pluginDir, route.entry))) {
+                results.push({ type: "error", message: `route "${route.path}" entry ${route.entry} not found` });
+            }
+        }
+    }
+    for (const tool of m.contributes?.tools ?? []) {
+        if (!tool.capabilities)
+            results.push({ type: "warn", message: `tool "${tool.name}" missing capabilities declaration` });
+    }
+    if (m.contributes?.config?.schema) {
+        if (isValidJsonSchema(m.contributes.config.schema))
+            results.push({ type: "pass", message: "config schema valid" });
+        else
+            results.push({ type: "warn", message: "config schema does not appear to be valid JSON Schema" });
+    }
+    const pluginRisk = computeRisk(baseCapabilities(m), m);
+    results.push(...validateRuntimePolicy({ manifest: m, source: "local", trustTier: "declarative", risk: pluginRisk }));
+    if (options.runtimeDiscovery) {
+        const manifestToolNames = (m.contributes?.tools ?? []).map((tool) => tool.name);
+        const resolvedEntry = resolveEntryFromPluginDir(pluginDir, m);
+        const entryPath = fs.existsSync(resolvedEntry) ? resolvedEntry : null;
+        if (!entryPath) {
+            results.push({
+                type: "warn",
+                message: "runtime-discovery: no build output found - run 'synergy-plugin build' first",
+            });
+        }
+        else {
+            try {
+                const mod = await import(importUrlForEntry(entryPath, Date.now()));
+                const descriptors = [];
+                for (const value of Object.values(mod)) {
+                    if (value && typeof value === "object" && !Array.isArray(value) && "id" in value && "init" in value) {
+                        descriptors.push(value);
+                    }
+                }
+                if (descriptors.length === 0) {
+                    results.push({
+                        type: "warn",
+                        message: `runtime-discovery: no PluginDescriptor found in ${path.relative(process.cwd(), entryPath)}`,
+                    });
+                }
+                else {
+                    for (const desc of descriptors) {
+                        try {
+                            assertCanonicalPluginIdentity({ manifest: m, descriptor: desc });
+                        }
+                        catch (error) {
+                            results.push({ type: "error", message: error instanceof Error ? error.message : String(error) });
+                            continue;
+                        }
+                        let hooks;
+                        let loadError;
+                        try {
+                            const input = {
+                                client: undefined,
+                                scope: undefined,
+                                worktree: "",
+                                directory: pluginDir,
+                                serverUrl: new URL("http://localhost"),
+                                $: undefined,
+                                pluginDir,
+                                config: { get: async () => ({}), set: async () => { } },
+                                auth: {
+                                    get: async () => undefined,
+                                    set: async () => { },
+                                    delete: async () => { },
+                                    has: async () => false,
+                                },
+                                cache: {
+                                    directory: path.join(pluginDir, ".cache"),
+                                    get: async () => undefined,
+                                    set: async () => { },
+                                    delete: async () => { },
+                                },
+                            };
+                            hooks = await desc.init(input);
+                        }
+                        catch (error) {
+                            loadError = error instanceof Error ? error.message : String(error);
+                        }
+                        const runtimeToolNames = hooks?.tool ? Object.keys(hooks.tool) : loadError ? null : [];
+                        const discovery = validateRuntimeDiscovery({ manifestToolNames, runtimeToolNames, pluginId: desc.id });
+                        results.push({
+                            type: "pass",
+                            message: `runtime-discovery: loaded plugin "${desc.id}"${loadError ? ` (init failed: ${loadError})` : ""}`,
+                        });
+                        if (discovery.loadFailed) {
+                            results.push({
+                                type: "error",
+                                message: `runtime-discovery: plugin "${desc.id}" failed to initialize - cannot validate tool registration`,
+                            });
+                            if (loadError)
+                                results.push({ type: "error", message: `  init error: ${loadError}` });
+                        }
+                        else {
+                            const total = runtimeToolNames !== null ? runtimeToolNames.length : 0;
+                            results.push({
+                                type: "pass",
+                                message: `runtime-discovery: ${total} tool(s) registered at runtime, ${manifestToolNames.length} declared in manifest`,
+                            });
+                            if (discovery.matched.length > 0) {
+                                results.push({
+                                    type: "pass",
+                                    message: `runtime-discovery: ${discovery.matched.length} tool(s) matched - ${discovery.matched.join(", ")}`,
+                                });
+                            }
+                            if (discovery.undeclared.length > 0) {
+                                results.push({
+                                    type: "error",
+                                    message: `runtime-discovery: ${discovery.undeclared.length} undeclared tool(s) - ${discovery.undeclared.join(", ")}`,
+                                });
+                            }
+                            if (discovery.declaredButMissing.length > 0) {
+                                results.push({
+                                    type: "warn",
+                                    message: `runtime-discovery: ${discovery.declaredButMissing.length} tool(s) declared but not registered - ${discovery.declaredButMissing.join(", ")}`,
+                                });
+                            }
+                        }
+                    }
+                }
+            }
+            catch (error) {
+                results.push({
+                    type: "error",
+                    message: `runtime-discovery: failed to load plugin - ${error instanceof Error ? error.message : String(error)}`,
+                });
+            }
+        }
+    }
+    printResults(results);
+}
+export const PluginValidateCommand = cmd({
+    command: "validate [path]",
+    describe: "validate a plugin manifest",
+    builder: (yargs) => yargs
+        .positional("path", {
+        type: "string",
+        describe: "path to plugin directory or plugin.json (defaults to current directory)",
+    })
+        .option("runtime-discovery", {
+        type: "boolean",
+        describe: "safely load plugin in dev mode, collect runtime tools, and compare with manifest",
+        default: false,
+    }),
+    async handler(args) {
+        await validatePluginProject(args.path || process.cwd(), {
+            runtimeDiscovery: Boolean(args["runtime-discovery"]),
+        });
+    },
+});

package/dist/index.d.ts

@@ -0,0 +1,3 @@
+export * from "./commands";
+export * from "./lib/market-entry";
+export * from "./lib/signature";

package/dist/index.js

@@ -0,0 +1,3 @@
+export * from "./commands";
+export * from "./lib/market-entry";
+export * from "./lib/signature";

package/dist/lib/capability.d.ts

@@ -0,0 +1,2 @@
+import type { PluginManifest } from "@ericsanchezok/synergy-plugin";
+export declare function baseCapabilities(manifest: PluginManifest): string[];

package/dist/lib/capability.js

@@ -0,0 +1,42 @@
+function buildCapabilitySet(permissions, toolOverrides) {
+    const caps = new Set(["plugin_invoke"]);
+    const pt = permissions?.tools;
+    const pd = permissions?.data;
+    const tc = toolOverrides;
+    const fs = tc?.filesystem ?? pt?.filesystem ?? "none";
+    if (fs === "read")
+        caps.add("filesystem:read");
+    if (fs === "write") {
+        caps.add("filesystem:read");
+        caps.add("filesystem:write");
+    }
+    if (tc?.shell ?? pt?.shell ?? false)
+        caps.add("shell");
+    if (tc?.network ?? pt?.network ?? false)
+        caps.add("network");
+    if (pt?.mcp === "invoke")
+        caps.add("mcp:invoke");
+    if (pt?.mcp === "spawn") {
+        caps.add("mcp:invoke");
+        caps.add("mcp:spawn");
+    }
+    const sess = tc?.session ?? pd?.session ?? "none";
+    if (sess === "read")
+        caps.add("session_data");
+    const ws = tc?.workspace ?? pd?.workspace ?? "none";
+    if (ws === "read")
+        caps.add("workspace_data");
+    const cfg = tc?.config ?? pd?.config ?? "plugin";
+    if (cfg === "global") {
+        caps.add("config:read");
+        caps.add("config:write");
+    }
+    if (cfg === "plugin")
+        caps.add("config:read");
+    if (pd?.secrets === "own")
+        caps.add("secrets");
+    return [...caps].sort();
+}
+export function baseCapabilities(manifest) {
+    return buildCapabilitySet(manifest.permissions);
+}

package/dist/lib/crypto.d.ts

@@ -0,0 +1,5 @@
+export declare function sha256Hex(buffer: Uint8Array): string;
+export declare function sha256File(filePath: string): string;
+export declare function sha256JSON(obj: unknown): string;
+export declare function sha256Content(content: string): string;
+export declare function sortKeys(obj: unknown): unknown;

package/dist/lib/crypto.js

@@ -0,0 +1,27 @@
+import fs from "fs";
+export function sha256Hex(buffer) {
+    return new Bun.CryptoHasher("sha256").update(buffer).digest("hex");
+}
+export function sha256File(filePath) {
+    const buffer = fs.readFileSync(filePath);
+    return sha256Hex(new Uint8Array(buffer));
+}
+export function sha256JSON(obj) {
+    return sha256Content(JSON.stringify(sortKeys(obj)));
+}
+export function sha256Content(content) {
+    return sha256Hex(new Uint8Array(Buffer.from(content)));
+}
+export function sortKeys(obj) {
+    if (Array.isArray(obj))
+        return obj.map(sortKeys);
+    if (obj && typeof obj === "object") {
+        const entries = Object.entries(obj).sort(([a], [b]) => a.localeCompare(b));
+        const result = {};
+        for (const [key, value] of entries) {
+            result[key] = sortKeys(value);
+        }
+        return result;
+    }
+    return obj;
+}

package/dist/lib/hash.d.ts

@@ -0,0 +1,3 @@
+import type { PluginManifest } from "@ericsanchezok/synergy-plugin";
+export declare function computePermissionsHash(manifest: PluginManifest, capabilities: string[]): string;
+export declare function computeManifestHash(manifest: PluginManifest): string;

package/dist/lib/hash.js

@@ -0,0 +1,14 @@
+import { sha256Content, sortKeys } from "./crypto";
+export function computePermissionsHash(manifest, capabilities) {
+    const normalized = {
+        capabilities: [...capabilities].sort(),
+        permissions: manifest.permissions ?? {},
+        contributes: manifest.contributes?.ui != null ? { ui: manifest.contributes.ui } : undefined,
+        hooks: manifest.permissions?.hooks ?? undefined,
+    };
+    return sha256Content(JSON.stringify(sortKeys(normalized)));
+}
+export function computeManifestHash(manifest) {
+    const { contributes, lifecycle, permissions, ...identity } = manifest;
+    return sha256Content(JSON.stringify(sortKeys(identity)));
+}

package/dist/lib/ids.d.ts

@@ -0,0 +1,3 @@
+export declare namespace PluginId {
+    function isValid(id: string): boolean;
+}

package/dist/lib/ids.js

@@ -0,0 +1,7 @@
+export var PluginId;
+(function (PluginId) {
+    function isValid(id) {
+        return /^[a-z0-9][a-z0-9-]*$/.test(id);
+    }
+    PluginId.isValid = isValid;
+})(PluginId || (PluginId = {}));