npm - @feiyoug/skill-lab - Versions diffs - 0.0.0 → 0.0.2 - Mend

@feiyoug/skill-lab 0.0.0 → 0.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (465) hide show

package/README.md +73 -0
package/esm/analyzer/astgrep/client.d.ts +20 -8
package/esm/analyzer/astgrep/client.d.ts.map +1 -1
package/esm/analyzer/astgrep/client.js +58 -31
package/esm/analyzer/config/default.d.ts +8 -0
package/esm/analyzer/config/default.d.ts.map +1 -0
package/esm/analyzer/config/default.js +91 -0
package/esm/analyzer/config/helpers.d.ts +8 -0
package/esm/analyzer/config/helpers.d.ts.map +1 -0
package/esm/analyzer/config/helpers.js +72 -0
package/esm/analyzer/config/mod.d.ts +4 -0
package/esm/analyzer/config/mod.d.ts.map +1 -0
package/esm/analyzer/config/mod.js +3 -0
package/esm/analyzer/config/types.d.ts +58 -0
package/esm/analyzer/config/types.d.ts.map +1 -0
package/esm/analyzer/{config.js → config/types.js} +0 -28
package/esm/analyzer/logging.d.ts +3 -0
package/esm/analyzer/logging.d.ts.map +1 -0
package/esm/analyzer/logging.js +6 -0
package/esm/analyzer/mod.d.ts +12 -5
package/esm/analyzer/mod.d.ts.map +1 -1
package/esm/analyzer/mod.js +25 -12
package/esm/analyzer/result.d.ts +35 -0
package/esm/analyzer/result.d.ts.map +1 -0
package/esm/analyzer/result.js +311 -0
package/esm/analyzer/rules/bash/commands/mod.d.ts +1 -0
package/esm/analyzer/rules/bash/commands/mod.d.ts.map +1 -1
package/esm/analyzer/rules/bash/commands/mod.js +3 -0
package/esm/analyzer/rules/bash/commands/pip.d.ts +3 -0
package/esm/analyzer/rules/bash/commands/pip.d.ts.map +1 -0
package/esm/analyzer/rules/bash/commands/pip.js +14 -0
package/esm/analyzer/rules/bash/extractFileRefs.d.ts +1 -1
package/esm/analyzer/rules/bash/extractFileRefs.d.ts.map +1 -1
package/esm/analyzer/rules/bash/extractFileRefs.js +2 -2
package/esm/analyzer/rules/bash/inline-command-classifier.d.ts +1 -1
package/esm/analyzer/rules/bash/inline-command-classifier.d.ts.map +1 -1
package/esm/analyzer/rules/bash/inline-command-classifier.js +4 -4
package/esm/analyzer/rules/javascript/extractFileRefs.d.ts +3 -4
package/esm/analyzer/rules/javascript/extractFileRefs.d.ts.map +1 -1
package/esm/analyzer/rules/javascript/extractFileRefs.js +3 -4
package/esm/analyzer/rules/markdown/extractCodeBlocks.d.ts.map +1 -1
package/esm/analyzer/rules/markdown/extractCodeBlocks.js +6 -3
package/esm/analyzer/rules/markdown/extractFileRefs.d.ts.map +1 -1
package/esm/analyzer/rules/markdown/extractFileRefs.js +2 -0
package/esm/analyzer/rules/python/extractFileRefs.d.ts +1 -1
package/esm/analyzer/rules/python/extractFileRefs.d.ts.map +1 -1
package/esm/analyzer/rules/python/extractFileRefs.js +2 -2
package/esm/analyzer/steps/001-discovery/discover-files.d.ts +4 -0
package/esm/analyzer/steps/001-discovery/discover-files.d.ts.map +1 -1
package/esm/analyzer/steps/001-discovery/discover-files.js +18 -2
package/esm/analyzer/steps/001-discovery/mod.d.ts.map +1 -1
package/esm/analyzer/steps/001-discovery/mod.js +39 -9
package/esm/analyzer/steps/002-permissions/mod.d.ts.map +1 -1
package/esm/analyzer/steps/002-permissions/mod.js +156 -73
package/esm/analyzer/steps/002-permissions/scan-file.d.ts +1 -1
package/esm/analyzer/steps/002-permissions/scan-file.d.ts.map +1 -1
package/esm/analyzer/steps/002-permissions/scan-file.js +40 -5
package/esm/analyzer/steps/002-permissions/seed-frontmatter.js +2 -2
package/esm/analyzer/steps/003-risks/dep-risks.d.ts +3 -0
package/esm/analyzer/steps/003-risks/dep-risks.d.ts.map +1 -0
package/esm/analyzer/steps/003-risks/dep-risks.js +74 -0
package/esm/analyzer/steps/003-risks/helpers.d.ts +1 -0
package/esm/analyzer/steps/003-risks/helpers.d.ts.map +1 -1
package/esm/analyzer/steps/003-risks/helpers.js +1 -0
package/esm/analyzer/steps/003-risks/mod.d.ts +3 -2
package/esm/analyzer/steps/003-risks/mod.d.ts.map +1 -1
package/esm/analyzer/steps/003-risks/mod.js +41 -4
package/esm/analyzer/steps/003-risks/policy.d.ts +7 -0
package/esm/analyzer/steps/003-risks/policy.d.ts.map +1 -0
package/esm/analyzer/steps/003-risks/policy.js +23 -0
package/esm/analyzer/steps/003-risks/rule-mapped.d.ts +2 -2
package/esm/analyzer/steps/003-risks/rule-mapped.d.ts.map +1 -1
package/esm/analyzer/steps/003-risks/rule-mapped.js +83 -2
package/esm/analyzer/steps/003-risks/scoring.d.ts +9 -1
package/esm/analyzer/steps/003-risks/scoring.d.ts.map +1 -1
package/esm/analyzer/steps/003-risks/scoring.js +55 -42
package/esm/analyzer/treesitter/client.d.ts +31 -0
package/esm/analyzer/treesitter/client.d.ts.map +1 -0
package/esm/analyzer/{treesiter → treesitter}/client.js +43 -39
package/esm/analyzer/treesitter/registry.d.ts +73 -0
package/esm/analyzer/treesitter/registry.d.ts.map +1 -0
package/esm/analyzer/treesitter/registry.js +165 -0
package/esm/analyzer/types.d.ts +14 -28
package/esm/analyzer/types.d.ts.map +1 -1
package/esm/deps/jsr.io/@deno-library/progress/1.5.1/deps.d.ts +3 -0
package/esm/deps/jsr.io/@deno-library/progress/1.5.1/deps.d.ts.map +1 -0
package/esm/deps/jsr.io/@deno-library/progress/1.5.1/deps.js +3 -0
package/esm/deps/jsr.io/@deno-library/progress/1.5.1/mod.d.ts +93 -0
package/esm/deps/jsr.io/@deno-library/progress/1.5.1/mod.d.ts.map +1 -0
package/esm/deps/jsr.io/@deno-library/progress/1.5.1/mod.js +297 -0
package/esm/deps/jsr.io/@deno-library/progress/1.5.1/multi.d.ts +84 -0
package/esm/deps/jsr.io/@deno-library/progress/1.5.1/multi.d.ts.map +1 -0
package/esm/deps/jsr.io/@deno-library/progress/1.5.1/multi.js +268 -0
package/esm/deps/jsr.io/@deno-library/progress/1.5.1/time.d.ts +18 -0
package/esm/deps/jsr.io/@deno-library/progress/1.5.1/time.d.ts.map +1 -0
package/esm/deps/jsr.io/@deno-library/progress/1.5.1/time.js +45 -0
package/esm/deps/jsr.io/@std/fmt/1.0.3/colors.d.ts +700 -0
package/esm/deps/jsr.io/@std/fmt/1.0.3/colors.d.ts.map +1 -0
package/esm/deps/jsr.io/@std/fmt/1.0.3/colors.js +903 -0
package/esm/deps/jsr.io/@std/io/0.225.0/types.d.ts +146 -0
package/esm/deps/jsr.io/@std/io/0.225.0/types.d.ts.map +1 -0
package/esm/deps/jsr.io/@std/io/0.225.0/types.js +15 -0
package/esm/deps/jsr.io/@std/io/0.225.0/write_all.d.ts +51 -0
package/esm/deps/jsr.io/@std/io/0.225.0/write_all.d.ts.map +1 -0
package/esm/deps/jsr.io/@std/io/0.225.0/write_all.js +61 -0
package/esm/shared/deep_merge.d.ts +12 -0
package/esm/shared/deep_merge.d.ts.map +1 -0
package/esm/shared/deep_merge.js +49 -0
package/esm/shared/mod.d.ts +1 -0
package/esm/shared/mod.d.ts.map +1 -1
package/esm/shared/mod.js +1 -0
package/esm/shared/types/filetypes.d.ts +2 -2
package/esm/shared/types/filetypes.d.ts.map +1 -1
package/esm/shared/types/permissions.d.ts +1 -1
package/esm/shared/types/permissions.d.ts.map +1 -1
package/esm/shared/types/risks.d.ts +4 -1
package/esm/shared/types/risks.d.ts.map +1 -1
package/esm/skillreader/types.d.ts +2 -2
package/esm/skillreader/types.d.ts.map +1 -1
package/esm/skillreader/types.js +2 -2
package/package.json +1 -1
package/script/analyzer/astgrep/client.d.ts +20 -8
package/script/analyzer/astgrep/client.d.ts.map +1 -1
package/script/analyzer/astgrep/client.js +58 -64
package/script/analyzer/config/default.d.ts +8 -0
package/script/analyzer/config/default.d.ts.map +1 -0
package/script/analyzer/config/default.js +94 -0
package/script/analyzer/config/helpers.d.ts +8 -0
package/script/analyzer/config/helpers.d.ts.map +1 -0
package/script/analyzer/config/helpers.js +76 -0
package/script/analyzer/config/mod.d.ts +4 -0
package/script/analyzer/config/mod.d.ts.map +1 -0
package/script/analyzer/config/mod.js +21 -0
package/script/analyzer/config/types.d.ts +58 -0
package/script/analyzer/config/types.d.ts.map +1 -0
package/script/analyzer/{config.js → config/types.js} +1 -29
package/script/analyzer/logging.d.ts +3 -0
package/script/analyzer/logging.d.ts.map +1 -0
package/script/analyzer/logging.js +9 -0
package/script/analyzer/mod.d.ts +12 -5
package/script/analyzer/mod.d.ts.map +1 -1
package/script/analyzer/mod.js +35 -20
package/script/analyzer/result.d.ts +35 -0
package/script/analyzer/result.d.ts.map +1 -0
package/script/analyzer/result.js +315 -0
package/script/analyzer/rules/bash/commands/mod.d.ts +1 -0
package/script/analyzer/rules/bash/commands/mod.d.ts.map +1 -1
package/script/analyzer/rules/bash/commands/mod.js +3 -0
package/script/analyzer/rules/bash/commands/pip.d.ts +3 -0
package/script/analyzer/rules/bash/commands/pip.d.ts.map +1 -0
package/script/analyzer/rules/bash/commands/pip.js +17 -0
package/script/analyzer/rules/bash/extractFileRefs.d.ts +1 -1
package/script/analyzer/rules/bash/extractFileRefs.d.ts.map +1 -1
package/script/analyzer/rules/bash/extractFileRefs.js +2 -2
package/script/analyzer/rules/bash/inline-command-classifier.d.ts +1 -1
package/script/analyzer/rules/bash/inline-command-classifier.d.ts.map +1 -1
package/script/analyzer/rules/bash/inline-command-classifier.js +4 -4
package/script/analyzer/rules/javascript/extractFileRefs.d.ts +3 -4
package/script/analyzer/rules/javascript/extractFileRefs.d.ts.map +1 -1
package/script/analyzer/rules/javascript/extractFileRefs.js +3 -4
package/script/analyzer/rules/markdown/extractCodeBlocks.d.ts.map +1 -1
package/script/analyzer/rules/markdown/extractCodeBlocks.js +6 -3
package/script/analyzer/rules/markdown/extractFileRefs.d.ts.map +1 -1
package/script/analyzer/rules/markdown/extractFileRefs.js +2 -0
package/script/analyzer/rules/python/extractFileRefs.d.ts +1 -1
package/script/analyzer/rules/python/extractFileRefs.d.ts.map +1 -1
package/script/analyzer/rules/python/extractFileRefs.js +2 -2
package/script/analyzer/steps/001-discovery/discover-files.d.ts +4 -0
package/script/analyzer/steps/001-discovery/discover-files.d.ts.map +1 -1
package/script/analyzer/steps/001-discovery/discover-files.js +18 -2
package/script/analyzer/steps/001-discovery/mod.d.ts.map +1 -1
package/script/analyzer/steps/001-discovery/mod.js +77 -11
package/script/analyzer/steps/002-permissions/mod.d.ts.map +1 -1
package/script/analyzer/steps/002-permissions/mod.js +194 -75
package/script/analyzer/steps/002-permissions/scan-file.d.ts +1 -1
package/script/analyzer/steps/002-permissions/scan-file.d.ts.map +1 -1
package/script/analyzer/steps/002-permissions/scan-file.js +40 -5
package/script/analyzer/steps/002-permissions/seed-frontmatter.js +3 -3
package/script/analyzer/steps/003-risks/dep-risks.d.ts +3 -0
package/script/analyzer/steps/003-risks/dep-risks.d.ts.map +1 -0
package/script/analyzer/steps/003-risks/dep-risks.js +77 -0
package/script/analyzer/steps/003-risks/helpers.d.ts +1 -0
package/script/analyzer/steps/003-risks/helpers.d.ts.map +1 -1
package/script/analyzer/steps/003-risks/helpers.js +1 -0
package/script/analyzer/steps/003-risks/mod.d.ts +3 -2
package/script/analyzer/steps/003-risks/mod.d.ts.map +1 -1
package/script/analyzer/steps/003-risks/mod.js +77 -4
package/script/analyzer/steps/003-risks/policy.d.ts +7 -0
package/script/analyzer/steps/003-risks/policy.d.ts.map +1 -0
package/script/analyzer/steps/003-risks/policy.js +29 -0
package/script/analyzer/steps/003-risks/rule-mapped.d.ts +2 -2
package/script/analyzer/steps/003-risks/rule-mapped.d.ts.map +1 -1
package/script/analyzer/steps/003-risks/rule-mapped.js +83 -2
package/script/analyzer/steps/003-risks/scoring.d.ts +9 -1
package/script/analyzer/steps/003-risks/scoring.d.ts.map +1 -1
package/script/analyzer/steps/003-risks/scoring.js +55 -42
package/script/analyzer/treesitter/client.d.ts +31 -0
package/script/analyzer/treesitter/client.d.ts.map +1 -0
package/script/analyzer/treesitter/client.js +136 -0
package/script/analyzer/treesitter/registry.d.ts +73 -0
package/script/analyzer/treesitter/registry.d.ts.map +1 -0
package/script/analyzer/treesitter/registry.js +206 -0
package/script/analyzer/types.d.ts +14 -28
package/script/analyzer/types.d.ts.map +1 -1
package/script/deps/jsr.io/@deno-library/progress/1.5.1/deps.d.ts +3 -0
package/script/deps/jsr.io/@deno-library/progress/1.5.1/deps.d.ts.map +1 -0
package/script/deps/jsr.io/@deno-library/progress/1.5.1/deps.js +10 -0
package/script/deps/jsr.io/@deno-library/progress/1.5.1/mod.d.ts +93 -0
package/script/deps/jsr.io/@deno-library/progress/1.5.1/mod.d.ts.map +1 -0
package/script/deps/jsr.io/@deno-library/progress/1.5.1/mod.js +334 -0
package/script/deps/jsr.io/@deno-library/progress/1.5.1/multi.d.ts +84 -0
package/script/deps/jsr.io/@deno-library/progress/1.5.1/multi.d.ts.map +1 -0
package/script/deps/jsr.io/@deno-library/progress/1.5.1/multi.js +305 -0
package/script/deps/jsr.io/@deno-library/progress/1.5.1/time.d.ts +18 -0
package/script/deps/jsr.io/@deno-library/progress/1.5.1/time.d.ts.map +1 -0
package/script/deps/jsr.io/@deno-library/progress/1.5.1/time.js +48 -0
package/script/deps/jsr.io/@std/fmt/1.0.3/colors.d.ts +700 -0
package/script/deps/jsr.io/@std/fmt/1.0.3/colors.d.ts.map +1 -0
package/script/deps/jsr.io/@std/fmt/1.0.3/colors.js +986 -0
package/script/deps/jsr.io/@std/io/0.225.0/types.d.ts +146 -0
package/script/deps/jsr.io/@std/io/0.225.0/types.d.ts.map +1 -0
package/script/deps/jsr.io/@std/io/0.225.0/types.js +18 -0
package/script/deps/jsr.io/@std/io/0.225.0/write_all.d.ts +51 -0
package/script/deps/jsr.io/@std/io/0.225.0/write_all.d.ts.map +1 -0
package/script/deps/jsr.io/@std/io/0.225.0/write_all.js +65 -0
package/script/shared/deep_merge.d.ts +12 -0
package/script/shared/deep_merge.d.ts.map +1 -0
package/script/shared/deep_merge.js +53 -0
package/script/shared/mod.d.ts +1 -0
package/script/shared/mod.d.ts.map +1 -1
package/script/shared/mod.js +1 -0
package/script/shared/types/filetypes.d.ts +2 -2
package/script/shared/types/filetypes.d.ts.map +1 -1
package/script/shared/types/permissions.d.ts +1 -1
package/script/shared/types/permissions.d.ts.map +1 -1
package/script/shared/types/risks.d.ts +4 -1
package/script/shared/types/risks.d.ts.map +1 -1
package/script/skillreader/types.d.ts +2 -2
package/script/skillreader/types.d.ts.map +1 -1
package/script/skillreader/types.js +2 -2
package/src/_dnt.polyfills.ts +27 -0
package/src/_dnt.shims.ts +64 -0
package/src/analyzer/astgrep/client.ts +184 -0
package/src/analyzer/astgrep/mod.ts +2 -0
package/src/analyzer/config/default.ts +98 -0
package/src/analyzer/config/helpers.ts +107 -0
package/src/analyzer/config/mod.ts +3 -0
package/src/analyzer/config/types.ts +103 -0
package/src/analyzer/logging.ts +8 -0
package/src/analyzer/mod.ts +118 -0
package/src/analyzer/result.ts +393 -0
package/src/analyzer/rules/bash/astTypes.ts +5 -0
package/src/analyzer/rules/bash/commands/bd.ts +23 -0
package/src/analyzer/rules/bash/commands/cron.ts +21 -0
package/src/analyzer/rules/bash/commands/docker.ts +37 -0
package/src/analyzer/rules/bash/commands/eval.ts +52 -0
package/src/analyzer/rules/bash/commands/generic.ts +16 -0
package/src/analyzer/rules/bash/commands/gh.ts +21 -0
package/src/analyzer/rules/bash/commands/git.ts +28 -0
package/src/analyzer/rules/bash/commands/mod.ts +38 -0
package/src/analyzer/rules/bash/commands/node.ts +64 -0
package/src/analyzer/rules/bash/commands/openspec.ts +16 -0
package/src/analyzer/rules/bash/commands/pip.ts +16 -0
package/src/analyzer/rules/bash/commands/sudo.ts +21 -0
package/src/analyzer/rules/bash/destructive.ts +28 -0
package/src/analyzer/rules/bash/extractFileRefs.ts +101 -0
package/src/analyzer/rules/bash/filesystem.ts +50 -0
package/src/analyzer/rules/bash/injection.ts +21 -0
package/src/analyzer/rules/bash/inline-command-classifier.ts +94 -0
package/src/analyzer/rules/bash/mod.ts +23 -0
package/src/analyzer/rules/bash/network.ts +64 -0
package/src/analyzer/rules/bash/secret-detection.ts +43 -0
package/src/analyzer/rules/javascript/astTypes.ts +8 -0
package/src/analyzer/rules/javascript/extractFileRefs.ts +131 -0
package/src/analyzer/rules/javascript/filesystem.ts +28 -0
package/src/analyzer/rules/javascript/injection.ts +21 -0
package/src/analyzer/rules/javascript/mod.ts +26 -0
package/src/analyzer/rules/javascript/network.ts +27 -0
package/src/analyzer/rules/javascript/secret-detection.ts +68 -0
package/src/analyzer/rules/javascript/subprocess.ts +16 -0
package/src/analyzer/rules/markdown/astTypes.ts +35 -0
package/src/analyzer/rules/markdown/extractCodeBlocks.ts +101 -0
package/src/analyzer/rules/markdown/extractFileRefs.ts +179 -0
package/src/analyzer/rules/markdown/mod.ts +12 -0
package/src/analyzer/rules/mod.ts +77 -0
package/src/analyzer/rules/python/astTypes.ts +9 -0
package/src/analyzer/rules/python/extractFileRefs.ts +92 -0
package/src/analyzer/rules/python/mod.ts +15 -0
package/src/analyzer/rules/python/network.ts +26 -0
package/src/analyzer/rules/python/secret-detection.ts +30 -0
package/src/analyzer/rules/shared/file-refs.ts +38 -0
package/src/analyzer/rules/shared/network-evaluators.ts +107 -0
package/src/analyzer/rules/shared/prompt-injection.ts +48 -0
package/src/analyzer/rules/shared/secret-evaluators.ts +13 -0
package/src/analyzer/rules/text/mod.ts +12 -0
package/src/analyzer/rules/typescript/mod.ts +7 -0
package/src/analyzer/steps/001-discovery/discover-files.ts +211 -0
package/src/analyzer/steps/001-discovery/filter-files.ts +72 -0
package/src/analyzer/steps/001-discovery/mod.ts +103 -0
package/src/analyzer/steps/002-permissions/mod.ts +329 -0
package/src/analyzer/steps/002-permissions/scan-file.ts +258 -0
package/src/analyzer/steps/002-permissions/seed-frontmatter.ts +66 -0
package/src/analyzer/steps/002-permissions/synthesize.ts +42 -0
package/src/analyzer/steps/003-risks/dep-risks.ts +89 -0
package/src/analyzer/steps/003-risks/helpers.ts +41 -0
package/src/analyzer/steps/003-risks/mod.ts +86 -0
package/src/analyzer/steps/003-risks/policy.ts +38 -0
package/src/analyzer/steps/003-risks/rule-mapped.ts +206 -0
package/src/analyzer/steps/003-risks/scoring.ts +117 -0
package/src/analyzer/steps/mod.ts +3 -0
package/src/analyzer/treesitter/client.ts +120 -0
package/src/analyzer/treesitter/registry.ts +198 -0
package/src/analyzer/types.ts +78 -0
package/src/analyzer/utils/code-block-path.ts +33 -0
package/src/analyzer/utils/id-generator.ts +59 -0
package/src/analyzer/utils/secret-validator.ts +29 -0
package/src/analyzer/utils/url-parser.ts +25 -0
package/src/deps/jsr.io/@deno-library/progress/1.5.1/deps.ts +3 -0
package/src/deps/jsr.io/@deno-library/progress/1.5.1/mod.ts +265 -0
package/src/deps/jsr.io/@deno-library/progress/1.5.1/multi.ts +250 -0
package/src/deps/jsr.io/@deno-library/progress/1.5.1/time.ts +69 -0
package/src/deps/jsr.io/@std/fmt/1.0.3/colors.ts +1004 -0
package/src/deps/jsr.io/@std/internal/1.0.12/_os.ts +15 -0
package/src/deps/jsr.io/@std/internal/1.0.12/os.ts +7 -0
package/src/deps/jsr.io/@std/io/0.225.0/types.ts +157 -0
package/src/deps/jsr.io/@std/io/0.225.0/write_all.ts +65 -0
package/src/deps/jsr.io/@std/path/1.1.4/_common/assert_path.ts +10 -0
package/src/deps/jsr.io/@std/path/1.1.4/_common/basename.ts +53 -0
package/src/deps/jsr.io/@std/path/1.1.4/_common/common.ts +26 -0
package/src/deps/jsr.io/@std/path/1.1.4/_common/constants.ts +49 -0
package/src/deps/jsr.io/@std/path/1.1.4/_common/dirname.ts +9 -0
package/src/deps/jsr.io/@std/path/1.1.4/_common/format.ts +25 -0
package/src/deps/jsr.io/@std/path/1.1.4/_common/from_file_url.ts +12 -0
package/src/deps/jsr.io/@std/path/1.1.4/_common/glob_to_reg_exp.ts +295 -0
package/src/deps/jsr.io/@std/path/1.1.4/_common/normalize.ts +9 -0
package/src/deps/jsr.io/@std/path/1.1.4/_common/normalize_string.ts +74 -0
package/src/deps/jsr.io/@std/path/1.1.4/_common/relative.ts +10 -0
package/src/deps/jsr.io/@std/path/1.1.4/_common/strip_trailing_separators.ts +25 -0
package/src/deps/jsr.io/@std/path/1.1.4/_common/to_file_url.ts +17 -0
package/src/deps/jsr.io/@std/path/1.1.4/basename.ts +37 -0
package/src/deps/jsr.io/@std/path/1.1.4/common.ts +35 -0
package/src/deps/jsr.io/@std/path/1.1.4/constants.ts +18 -0
package/src/deps/jsr.io/@std/path/1.1.4/dirname.ts +30 -0
package/src/deps/jsr.io/@std/path/1.1.4/extname.ts +29 -0
package/src/deps/jsr.io/@std/path/1.1.4/format.ts +30 -0
package/src/deps/jsr.io/@std/path/1.1.4/from_file_url.ts +30 -0
package/src/deps/jsr.io/@std/path/1.1.4/glob_to_regexp.ts +94 -0
package/src/deps/jsr.io/@std/path/1.1.4/is_absolute.ts +30 -0
package/src/deps/jsr.io/@std/path/1.1.4/is_glob.ts +49 -0
package/src/deps/jsr.io/@std/path/1.1.4/join.ts +31 -0
package/src/deps/jsr.io/@std/path/1.1.4/join_globs.ts +42 -0
package/src/deps/jsr.io/@std/path/1.1.4/mod.ts +217 -0
package/src/deps/jsr.io/@std/path/1.1.4/normalize.ts +33 -0
package/src/deps/jsr.io/@std/path/1.1.4/normalize_glob.ts +45 -0
package/src/deps/jsr.io/@std/path/1.1.4/parse.ts +44 -0
package/src/deps/jsr.io/@std/path/1.1.4/posix/_util.ts +10 -0
package/src/deps/jsr.io/@std/path/1.1.4/posix/basename.ts +62 -0
package/src/deps/jsr.io/@std/path/1.1.4/posix/constants.ts +15 -0
package/src/deps/jsr.io/@std/path/1.1.4/posix/dirname.ts +72 -0
package/src/deps/jsr.io/@std/path/1.1.4/posix/extname.ts +96 -0
package/src/deps/jsr.io/@std/path/1.1.4/posix/format.ts +31 -0
package/src/deps/jsr.io/@std/path/1.1.4/posix/from_file_url.ts +25 -0
package/src/deps/jsr.io/@std/path/1.1.4/posix/glob_to_regexp.ts +94 -0
package/src/deps/jsr.io/@std/path/1.1.4/posix/is_absolute.ts +25 -0
package/src/deps/jsr.io/@std/path/1.1.4/posix/join.ts +46 -0
package/src/deps/jsr.io/@std/path/1.1.4/posix/join_globs.ts +45 -0
package/src/deps/jsr.io/@std/path/1.1.4/posix/normalize.ts +63 -0
package/src/deps/jsr.io/@std/path/1.1.4/posix/normalize_glob.ts +43 -0
package/src/deps/jsr.io/@std/path/1.1.4/posix/parse.ts +121 -0
package/src/deps/jsr.io/@std/path/1.1.4/posix/relative.ts +103 -0
package/src/deps/jsr.io/@std/path/1.1.4/posix/resolve.ts +71 -0
package/src/deps/jsr.io/@std/path/1.1.4/posix/to_file_url.ts +32 -0
package/src/deps/jsr.io/@std/path/1.1.4/posix/to_namespaced_path.ts +21 -0
package/src/deps/jsr.io/@std/path/1.1.4/relative.ts +32 -0
package/src/deps/jsr.io/@std/path/1.1.4/resolve.ts +32 -0
package/src/deps/jsr.io/@std/path/1.1.4/to_file_url.ts +30 -0
package/src/deps/jsr.io/@std/path/1.1.4/to_namespaced_path.ts +31 -0
package/src/deps/jsr.io/@std/path/1.1.4/types.ts +40 -0
package/src/deps/jsr.io/@std/path/1.1.4/windows/_util.ts +28 -0
package/src/deps/jsr.io/@std/path/1.1.4/windows/basename.ts +54 -0
package/src/deps/jsr.io/@std/path/1.1.4/windows/constants.ts +15 -0
package/src/deps/jsr.io/@std/path/1.1.4/windows/dirname.ts +118 -0
package/src/deps/jsr.io/@std/path/1.1.4/windows/extname.ts +90 -0
package/src/deps/jsr.io/@std/path/1.1.4/windows/format.ts +31 -0
package/src/deps/jsr.io/@std/path/1.1.4/windows/from_file_url.ts +34 -0
package/src/deps/jsr.io/@std/path/1.1.4/windows/glob_to_regexp.ts +92 -0
package/src/deps/jsr.io/@std/path/1.1.4/windows/is_absolute.ts +40 -0
package/src/deps/jsr.io/@std/path/1.1.4/windows/join.ts +78 -0
package/src/deps/jsr.io/@std/path/1.1.4/windows/join_globs.ts +46 -0
package/src/deps/jsr.io/@std/path/1.1.4/windows/normalize.ts +136 -0
package/src/deps/jsr.io/@std/path/1.1.4/windows/normalize_glob.ts +43 -0
package/src/deps/jsr.io/@std/path/1.1.4/windows/parse.ts +184 -0
package/src/deps/jsr.io/@std/path/1.1.4/windows/relative.ts +128 -0
package/src/deps/jsr.io/@std/path/1.1.4/windows/resolve.ts +178 -0
package/src/deps/jsr.io/@std/path/1.1.4/windows/to_file_url.ts +38 -0
package/src/deps/jsr.io/@std/path/1.1.4/windows/to_namespaced_path.ts +60 -0
package/src/deps/jsr.io/@std/yaml/1.0.11/_chars.ts +55 -0
package/src/deps/jsr.io/@std/yaml/1.0.11/_dumper_state.ts +841 -0
package/src/deps/jsr.io/@std/yaml/1.0.11/_loader_state.ts +1780 -0
package/src/deps/jsr.io/@std/yaml/1.0.11/_schema.ts +183 -0
package/src/deps/jsr.io/@std/yaml/1.0.11/_type/binary.ts +127 -0
package/src/deps/jsr.io/@std/yaml/1.0.11/_type/bool.ts +37 -0
package/src/deps/jsr.io/@std/yaml/1.0.11/_type/float.ts +112 -0
package/src/deps/jsr.io/@std/yaml/1.0.11/_type/int.ts +174 -0
package/src/deps/jsr.io/@std/yaml/1.0.11/_type/map.ts +17 -0
package/src/deps/jsr.io/@std/yaml/1.0.11/_type/merge.ts +13 -0
package/src/deps/jsr.io/@std/yaml/1.0.11/_type/nil.ts +27 -0
package/src/deps/jsr.io/@std/yaml/1.0.11/_type/omap.ts +30 -0
package/src/deps/jsr.io/@std/yaml/1.0.11/_type/pairs.ts +22 -0
package/src/deps/jsr.io/@std/yaml/1.0.11/_type/regexp.ts +33 -0
package/src/deps/jsr.io/@std/yaml/1.0.11/_type/seq.ts +13 -0
package/src/deps/jsr.io/@std/yaml/1.0.11/_type/set.ts +17 -0
package/src/deps/jsr.io/@std/yaml/1.0.11/_type/str.ts +12 -0
package/src/deps/jsr.io/@std/yaml/1.0.11/_type/timestamp.ts +101 -0
package/src/deps/jsr.io/@std/yaml/1.0.11/_type/undefined.ts +23 -0
package/src/deps/jsr.io/@std/yaml/1.0.11/_type.ts +49 -0
package/src/deps/jsr.io/@std/yaml/1.0.11/_utils.ts +16 -0
package/src/deps/jsr.io/@std/yaml/1.0.11/mod.ts +54 -0
package/src/deps/jsr.io/@std/yaml/1.0.11/parse.ts +128 -0
package/src/deps/jsr.io/@std/yaml/1.0.11/stringify.ts +118 -0
package/src/shared/deep_merge.ts +73 -0
package/src/shared/mod.ts +2 -0
package/src/shared/types/filetypes.ts +101 -0
package/src/shared/types/findings.ts +7 -0
package/src/shared/types/mod.ts +6 -0
package/src/shared/types/permissions.ts +17 -0
package/src/shared/types/references.ts +62 -0
package/src/shared/types/risks.ts +72 -0
package/src/shared/types/syntaxNode.ts +7 -0
package/src/skillreader/cloudStorage/mod.ts +170 -0
package/src/skillreader/factory.ts +71 -0
package/src/skillreader/fs/git.ts +153 -0
package/src/skillreader/fs/mod.ts +84 -0
package/src/skillreader/github/base.ts +162 -0
package/src/skillreader/github/githubApi.ts +40 -0
package/src/skillreader/github/githubRaw.ts +24 -0
package/src/skillreader/github/mod.ts +45 -0
package/src/skillreader/github/utils.ts +40 -0
package/src/skillreader/manifest.ts +67 -0
package/src/skillreader/mod.ts +26 -0
package/src/skillreader/types.ts +150 -0
package/src/skillreader/utils/frontmatter-parser.ts +72 -0
package/src/skillreader/utils/http-range.ts +38 -0
package/src/skillreader/utils/mod.ts +12 -0
package/esm/analyzer/astgrep/registry.d.ts +0 -18
package/esm/analyzer/astgrep/registry.d.ts.map +0 -1
package/esm/analyzer/astgrep/registry.js +0 -71
package/esm/analyzer/config.d.ts +0 -27
package/esm/analyzer/config.d.ts.map +0 -1
package/esm/analyzer/steps/003-risks/output.d.ts +0 -3
package/esm/analyzer/steps/003-risks/output.d.ts.map +0 -1
package/esm/analyzer/steps/003-risks/output.js +0 -16
package/esm/analyzer/treesiter/client.d.ts +0 -26
package/esm/analyzer/treesiter/client.d.ts.map +0 -1
package/script/analyzer/astgrep/registry.d.ts +0 -18
package/script/analyzer/astgrep/registry.d.ts.map +0 -1
package/script/analyzer/astgrep/registry.js +0 -109
package/script/analyzer/config.d.ts +0 -27
package/script/analyzer/config.d.ts.map +0 -1
package/script/analyzer/steps/003-risks/output.d.ts +0 -3
package/script/analyzer/steps/003-risks/output.d.ts.map +0 -1
package/script/analyzer/steps/003-risks/output.js +0 -19
package/script/analyzer/treesiter/client.d.ts +0 -26
package/script/analyzer/treesiter/client.d.ts.map +0 -1
package/script/analyzer/treesiter/client.js +0 -165

package/src/shared/deep_merge.ts ADDED Viewed

@@ -0,0 +1,73 @@
+export type JsonValue =
+    | null
+    | boolean
+    | number
+    | string
+    | JsonObject
+    | JsonArray;
+export type JsonObject = { [key: string]: JsonValue };
+export type JsonArray = JsonValue[];
+export type ArrayMerge = (base: JsonArray, override: JsonArray) => JsonArray;
+export type DeepMergeOptions = {
+    arrayMerge?: ArrayMerge;
+};
+const DEFAULT_OPTIONS: DeepMergeOptions = {
+    arrayMerge: undefined,
+};
+function isPlainObject(value: unknown): value is JsonObject {
+    if (!value || typeof value !== "object") return false;
+    const proto = Object.getPrototypeOf(value);
+    return proto === Object.prototype || proto === null;
+}
+function mergeInternal(base: JsonValue, override: JsonValue, options: DeepMergeOptions): JsonValue {
+    if (override === undefined) return base;
+    if (Array.isArray(base) && Array.isArray(override)) {
+        return options.arrayMerge ? options.arrayMerge(base, override) : override;
+    }
+    if (isPlainObject(base) && isPlainObject(override)) {
+        const result: JsonObject = {};
+        const keys = new Set([...Object.keys(base), ...Object.keys(override)]);
+        for (const key of keys) {
+            if (key in override) {
+                const merged = mergeInternal(base[key], override[key], options);
+                if (merged !== undefined) {
+                    result[key] = merged;
+                }
+            } else {
+                result[key] = base[key];
+            }
+        }
+        return result;
+    }
+    return override;
+}
+export function deepMergeJson<T>(base: T, override: unknown, options?: DeepMergeOptions): T {
+    const resolvedOptions = options ? { ...DEFAULT_OPTIONS, ...options } : DEFAULT_OPTIONS;
+    return mergeInternal(base as JsonValue, override as JsonValue, resolvedOptions) as T;
+}
+export function mergeArrayUnion(base: JsonArray, override: JsonArray): JsonArray {
+    const merged = [...base, ...override];
+    const seen = new Set<unknown>();
+    const result: JsonArray = [];
+    for (const item of merged) {
+        if (seen.has(item)) continue;
+        seen.add(item);
+        result.push(item);
+    }
+    return result;
+}

package/src/shared/mod.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export * from "./types/mod.js";
2	+ export * from "./deep_merge.js";

package/src/shared/types/filetypes.ts ADDED Viewed

@@ -0,0 +1,101 @@
+import { ReferenceType } from "./references.js";
+export type Frontmatter = {
+    startLineNumber?: number;
+    endLineNumber?: number;
+    name?: string;
+    description?: string;
+    [key: string]: unknown;
+};
+export type FileType =
+    | "markdown"
+    | "text"
+    | "bash"
+    | "javascript"
+    | "typescript"
+    | "python"
+    | "json"
+    | "yaml"
+    | "toml"
+    | "config"
+    | "sql"
+    | "csv"
+    | "xml"
+    | "binary"
+    | "unknown";
+export type CodeBlock = {
+    language: FileType;
+    content: string;
+    startLine: number;
+    endLine: number;
+    type: ReferenceType;
+};
+export const FILETYPE_BY_LANGUAGE: Record<string, FileType> = {
+    bash: "bash",
+    sh: "bash",
+    shell: "bash",
+    zsh: "bash",
+    js: "javascript",
+    javascript: "javascript",
+    mjs: "javascript",
+    cjs: "javascript",
+    ts: "typescript",
+    typescript: "typescript",
+    py: "python",
+    python: "python",
+    md: "markdown",
+    markdown: "markdown",
+    text: "text",
+    json: "json",
+    yaml: "yaml",
+    yml: "yaml",
+    toml: "toml",
+    sql: "sql",
+    csv: "csv",
+    xml: "xml",
+};
+export const FILE_TYPE_BY_EXTENSION: Record<string, FileType> = {
+    md: "markdown",
+    txt: "text",
+    sh: "bash",
+    bash: "bash",
+    js: "javascript",
+    mjs: "javascript",
+    cjs: "javascript",
+    ts: "typescript",
+    tsx: "typescript",
+    py: "python",
+    json: "json",
+    yaml: "yaml",
+    yml: "yaml",
+    toml: "toml",
+    ini: "config",
+    sql: "sql",
+    csv: "csv",
+    xml: "xml",
+};
+export const BINARY_EXTENSIONS = new Set(["zip", "tar", "gz", "png", "jpg", "jpeg", "gif", "pdf"]);
+// Classifies files by extension with a safe unknown fallback.
+export function getFileType(path: string): FileType {
+    const lower = path.toLowerCase();
+    const ext = lower.split(".").pop();
+    if (!ext) return "unknown";
+    if (FILE_TYPE_BY_EXTENSION[ext]) return FILE_TYPE_BY_EXTENSION[ext];
+    if (BINARY_EXTENSIONS.has(ext)) return "binary";
+    return "unknown";
+}
+export function isFile(path: string): boolean {
+    const ft = getFileType(path);
+    return ft !== "unknown" && ft != "binary";
+}

package/src/shared/types/findings.ts ADDED Viewed

@@ -0,0 +1,7 @@
+import { Reference } from "./references.js";
+export type Finding = {
+    ruleId: string;
+    reference: Reference;
+    extracted: Record<string, unknown>;
+};

package/src/shared/types/mod.ts ADDED Viewed

@@ -0,0 +1,6 @@
+export * from "./filetypes.js";
+export * from "./findings.js";
+export * from "./permissions.js";
+export * from "./references.js";
+export * from "./risks.js";
+export * from "./syntaxNode.js";

package/src/shared/types/permissions.ts ADDED Viewed

@@ -0,0 +1,17 @@
+import { FileRole, Reference } from "./references.js";
+export type PermissionScope = "fs" | "sys" | "net" | "env" | "hooks" | "data" | "dep";
+export type Permission = {
+    id: string;
+    tool: string;
+    scope: PermissionScope;
+    permission: string;
+    args?: string[];
+    fileRole?: FileRole;
+    metadata?: Record<string, unknown>;
+    references: Reference[];
+    source: "frontmatter" | "detected" | "inferred";
+    comment?: string;
+    risks: string[];
+};

package/src/shared/types/references.ts ADDED Viewed

@@ -0,0 +1,62 @@
+import { FileType } from "./filetypes.js";
+export type ReferenceType = "frontmatter" | "content" | "script" | "inline";
+export type Reference = {
+    file: string;
+    line: number;
+    lineEnd?: number;
+    type: ReferenceType;
+    referencedBy?: Reference;
+};
+export type SourceType = "local" | "external";
+export type FileRole =
+    | "entrypoint"
+    | "license"
+    | "readme"
+    | "reference"
+    | "config"
+    | "script"
+    | "library" // unresolved imported dependency (package/module not in skill files)
+    | "regular"
+    | "host-fs"; // path targeting the host filesystem (not a skill-local file)
+export type FileRefDiscoveryMethod =
+    | "markdown-link" // [text](path) explicit markdown link
+    | "inline-code" // `command path` inline code token
+    | "bare-path" // bare path-like string in prose
+    | "import" // import/require/from package statement
+    | "url" // URL referenced by a network command (curl, wget, fetch)
+    | "source" // shell source / . file.sh include
+    | "code-block"; // virtual code block reference within parent file
+export type FileReference = {
+    /** The relative path of file to the root of the skill */
+    path: string;
+    sourceType: SourceType;
+    fileType: FileType;
+    role: FileRole;
+    depth: number;
+    referencedBy?: Reference;
+    /** How this reference was discovered during file extraction. */
+    discoveryMethod?: FileRefDiscoveryMethod;
+};
+// Adds semantic meaning to paths for priority and reporting.
+export function getFileRole(path: string): FileRole {
+    const base = path.split("/").pop()?.toLowerCase() ?? "";
+    const lower = path.toLowerCase();
+    if (base === "skill.md") return "entrypoint";
+    if (base === "reference.md" || lower.includes("/references/")) return "reference";
+    if (base.startsWith("license")) return "license";
+    if (base.startsWith("readme")) return "readme";
+    if (lower.includes("/scripts/")) return "script";
+    if (/\.(env\.example|sample\.|template|example\.)/i.test(base)) return "config";
+    return "regular";
+}
+export function getSourceType(existsInSkill: boolean): SourceType {
+    return existsInSkill ? "local" : "external";
+}

package/src/shared/types/risks.ts ADDED Viewed

@@ -0,0 +1,72 @@
+import { Finding } from "./findings.js";
+import { Permission } from "./permissions.js";
+import { Reference } from "./references.js";
+export type Severity = "info" | "warning" | "critical";
+type NETWORK_RISK_CODES =
+    | "NETWORK:data_exfiltration"
+    | "NETWORK:external_network_access"
+    | "NETWORK:remote_code_execution"
+    | "NETWORK:credential_leak"
+    | "NETWORK:localhost_secret_exposure";
+type INJECTION_RISK_CODES = "INJECTION:command_injection";
+type PROMPT_RISK_CODES = "PROMPT:prompt_override";
+type DESTRUCTIVE_RISK_CODES =
+    | "DESTRUCTIVE:destructive_behavior"
+    | "DESTRUCTIVE:permission_weakening";
+type PRIVILEGE_RISK_CODES = "PRIVILEGE:privilege_escalation";
+type PERSISTENCE_RISK_CODES = "PERSISTENCE:persistence";
+type SECRETS_RISK_CODES = "SECRETS:secret_access";
+type DEPENDENCY_RISK_CODES = "DEPENDENCY:external_import";
+type REFERENCE_RISK_CODES = "REFERENCE:external_file";
+export type RiskCode =
+    | NETWORK_RISK_CODES
+    | INJECTION_RISK_CODES
+    | PROMPT_RISK_CODES
+    | DESTRUCTIVE_RISK_CODES
+    | PRIVILEGE_RISK_CODES
+    | PERSISTENCE_RISK_CODES
+    | SECRETS_RISK_CODES
+    | DEPENDENCY_RISK_CODES
+    | REFERENCE_RISK_CODES;
+export type RuleRiskResult = {
+    code: RiskCode;
+    severity: Severity;
+    message: string;
+    metadata?: Record<string, unknown>;
+};
+export type RuleRiskInput = {
+    permission?: Permission;
+    finding: Finding;
+};
+export type Risk = {
+    id: string;
+    type: RiskCode;
+    groupKey?: string;
+    severity: Severity;
+    message: string;
+    reference: Reference;
+    permissions: string[];
+    metadata?: Record<string, unknown>;
+};
+export type StaticRuleRiskMapping = RuleRiskResult;
+export type DynamicRuleRiskMapping = (
+    input: RuleRiskInput,
+) => RuleRiskResult | RuleRiskResult[] | null;
+export type RuleRiskMapping = StaticRuleRiskMapping | DynamicRuleRiskMapping;

package/src/shared/types/syntaxNode.ts ADDED Viewed

@@ -0,0 +1,7 @@
+export type SyntaxNodeLike = {
+    type: string;
+    text: string;
+    startPosition: { row: number; column: number };
+    endPosition: { row: number; column: number };
+    children: SyntaxNodeLike[];
+};

package/src/skillreader/cloudStorage/mod.ts ADDED Viewed

@@ -0,0 +1,170 @@
+import { isProbablyText } from "../utils/mod.js";
+import type { SkillFile, SkillManifest, SkillZipManifest, ZipManifestFile } from "../types.js";
+import { SkillReader } from "../types.js";
+import { isZipManifest, parseSkillManifest } from "../manifest.js";
+import { decompressDeflateStream, fetchRangeStream } from "../utils/http-range.js";
+import { getFileType } from "../../shared/mod.js";
+/**
+ * ZIP local file header signature (magic number: 0x04034b50).
+ */
+const LOCAL_FILE_HEADER_SIGNATURE = 0x04034b50;
+/**
+ * ZIP local file header fixed section length in bytes.
+ */
+const LOCAL_FILE_HEADER_LENGTH = 30;
+export type CloudStorageSkillReaderOptions = {
+    /**
+     * Base URL for skill storage (CloudFront/CDN).
+     * Example: https://d1234abcd.cloudfront.net/skills/my-skill/v1.0.0
+     */
+    baseUrl: string;
+};
+/**
+ * Reader for skill-lab backend cloud storage (public CDN).
+ */
+export class CloudStorageSkillReader extends SkillReader {
+    private baseUrl: string;
+    private cachedManifest: SkillManifest | null = null;
+    private dataOffsetCache = new Map<string, number>();
+    constructor(options: CloudStorageSkillReaderOptions) {
+        super();
+        this.baseUrl = options.baseUrl.replace(/\/+$/, "");
+    }
+    async retrieveFiles(dir?: string): Promise<SkillFile[]> {
+        const manifest = await this.readManifest();
+        if (!manifest) {
+            throw new Error("Manifest not found at storage URL");
+        }
+        const targetPrefix = dir ? normalizePrefix(dir) : "";
+        return manifest.files
+            .filter((file) => {
+                if (!targetPrefix) return true;
+                return file.path.startsWith(`${targetPrefix}/`);
+            })
+            .map((file) => ({
+                path: file.path,
+                size: file.size,
+                contentType: getFileType(file.path),
+            }));
+    }
+    async readTextFile(path: string): Promise<string | null> {
+        const contentType = getFileType(path);
+        if (contentType === "binary") return null;
+        const stream = await this.readFile(path);
+        if (!stream) return null;
+        const buffer = new Uint8Array(await new Response(stream).arrayBuffer());
+        if (!isProbablyText(buffer)) return null;
+        return new TextDecoder().decode(buffer);
+    }
+    async readFile(path: string): Promise<ReadableStream<Uint8Array> | null> {
+        const manifest = await this.readManifest();
+        if (!manifest) return null;
+        if (isZipManifest(manifest)) {
+            return await this.readFileFromZip(path, manifest);
+        }
+        const fileUrl = `${this.baseUrl}/${path.replace(/^\/+/, "")}`;
+        try {
+            const response = await fetch(fileUrl);
+            if (!response.ok) return null;
+            return response.body;
+        } catch {
+            return null;
+        }
+    }
+    async readManifest(): Promise<SkillManifest | null> {
+        if (this.cachedManifest) return this.cachedManifest;
+        const manifestUrl = `${this.baseUrl}/manifest.json`;
+        try {
+            const response = await fetch(manifestUrl);
+            if (!response.ok) return null;
+            const text = await response.text();
+            const manifest = parseSkillManifest(text);
+            this.cachedManifest = manifest;
+            return manifest;
+        } catch {
+            return null;
+        }
+    }
+    private async readFileFromZip(
+        path: string,
+        manifest: SkillZipManifest,
+    ): Promise<ReadableStream<Uint8Array> | null> {
+        const normalizedPath = path.replace(/^\/+/, "");
+        const fileEntry = manifest.files.find((file) => file.path === normalizedPath);
+        if (!fileEntry) return null;
+        const zipUrl = `${this.baseUrl}/skill.zip`;
+        const dataOffset = await this.getDataOffset(zipUrl, fileEntry);
+        const rangeStream = await fetchRangeStream(zipUrl, dataOffset, fileEntry.compressedSize);
+        if (fileEntry.compressionMethod === 0) {
+            return rangeStream;
+        }
+        if (fileEntry.compressionMethod === 8) {
+            return decompressDeflateStream(rangeStream);
+        }
+        throw new Error(`Unsupported compression: ${fileEntry.compressionMethod}`);
+    }
+    private async getDataOffset(
+        zipUrl: string,
+        fileEntry: Pick<ZipManifestFile, "path" | "offset">,
+    ): Promise<number> {
+        const cached = this.dataOffsetCache.get(fileEntry.path);
+        if (cached !== undefined) return cached;
+        const headerStream = await fetchRangeStream(
+            zipUrl,
+            fileEntry.offset,
+            LOCAL_FILE_HEADER_LENGTH,
+        );
+        const headerBuffer = new Uint8Array(await new Response(headerStream).arrayBuffer());
+        if (headerBuffer.byteLength < LOCAL_FILE_HEADER_LENGTH) {
+            throw new Error("Failed to read ZIP header");
+        }
+        const view = new DataView(
+            headerBuffer.buffer,
+            headerBuffer.byteOffset,
+            headerBuffer.byteLength,
+        );
+        const signature = view.getUint32(0, true);
+        if (signature !== LOCAL_FILE_HEADER_SIGNATURE) {
+            throw new Error(`Invalid ZIP signature at offset ${fileEntry.offset}`);
+        }
+        const fileNameLength = view.getUint16(26, true);
+        const extraFieldLength = view.getUint16(28, true);
+        const dataOffset = fileEntry.offset + LOCAL_FILE_HEADER_LENGTH +
+            fileNameLength + extraFieldLength;
+        this.dataOffsetCache.set(fileEntry.path, dataOffset);
+        return dataOffset;
+    }
+}
+function normalizePrefix(prefix: string): string {
+    return prefix.replace(/^\/+|\/+$/g, "");
+}

package/src/skillreader/factory.ts ADDED Viewed

@@ -0,0 +1,71 @@
+import * as dntShim from "../_dnt.shims.js";
+import { join } from "../deps/jsr.io/@std/path/1.1.4/mod.js";
+import { LocalFsSkillReader } from "./fs/mod.js";
+import { ensureGitRepoRoot, LocalGitSkillReader } from "./fs/git.js";
+import { GitHubSkillReader } from "./github/mod.js";
+import { parseGitHubRepo } from "./github/utils.js";
+import type { SkillReader } from "./types.js";
+export type SkillReaderFactoryOptions = {
+    source: string;
+    subDir?: string;
+    gitRef?: string;
+    githubToken?: string;
+};
+export class SkillReaderFactory {
+    static async create(options: SkillReaderFactoryOptions): Promise<SkillReader> {
+        const source = options.source.trim();
+        if (!source) {
+            throw new Error("Source is required");
+        }
+        const githubParsed = parseGitHubRepo(source);
+        if (githubParsed) {
+            return new GitHubSkillReader({
+                repoUrl: source,
+                gitRef: options.gitRef,
+                dir: options.subDir,
+                token: options.githubToken ?? dntShim.Deno.env.get("GITHUB_TOKEN") ?? undefined,
+            });
+        }
+        if (isHttpUrl(source)) {
+            throw new Error(
+                "Invalid source: URL must be a GitHub repository URL or a local directory path",
+            );
+        }
+        const rootPath = options.subDir ? join(source, options.subDir) : source;
+        if (options.gitRef) {
+            await ensureDirectory(source);
+            await ensureGitRepoRoot(source);
+            const reader = new LocalGitSkillReader({
+                repoRoot: source,
+                gitRef: options.gitRef,
+                subDir: options.subDir,
+            });
+            await reader.validateRepositoryRef();
+            return reader;
+        }
+        await ensureDirectory(rootPath);
+        return new LocalFsSkillReader({ root: rootPath });
+    }
+}
+function isHttpUrl(value: string): boolean {
+    return /^https?:\/\//i.test(value);
+}
+async function ensureDirectory(path: string): Promise<void> {
+    try {
+        const stat = await dntShim.Deno.stat(path);
+        if (!stat.isDirectory) {
+            throw new Error("Path must be a directory");
+        }
+    } catch (error) {
+        const message = error instanceof Error ? error.message : String(error);
+        throw new Error(`Local path not found: ${message}`);
+    }
+}