@hongmaple0820/scale-engine 0.18.0 → 0.20.0

package/dist/runtime/SessionLedger.d.ts

@@ -0,0 +1,53 @@
+export type RuntimeSessionLevel = 'S' | 'M' | 'L' | 'CRITICAL';
+export type RuntimeSessionStatus = 'active' | 'completed' | 'failed' | 'abandoned';
+export type RuntimeSessionEventType = 'session.started' | 'session.ended' | 'phase.started' | 'phase.completed' | 'tool.used' | 'evidence.recorded' | 'note';
+export interface RuntimeSessionStartInput {
+    sessionId?: string;
+    taskId?: string;
+    agent?: string;
+    level?: RuntimeSessionLevel;
+    summary?: string;
+}
+export interface RuntimeSessionRecord {
+    sessionId: string;
+    taskId?: string;
+    agent?: string;
+    level?: RuntimeSessionLevel;
+    status: RuntimeSessionStatus;
+    startedAt: string;
+    updatedAt: string;
+    endedAt?: string;
+    summary?: string;
+}
+export interface RuntimeSessionEventInput {
+    type: RuntimeSessionEventType;
+    phase?: string;
+    message?: string;
+    data?: Record<string, unknown>;
+}
+export interface RuntimeSessionEvent extends RuntimeSessionEventInput {
+    id: string;
+    sessionId: string;
+    createdAt: string;
+    redactionApplied: boolean;
+}
+export interface RuntimeSessionLedgerOptions {
+    projectDir?: string;
+    scaleDir?: string;
+    now?: () => Date;
+    createDirs?: boolean;
+}
+export declare class SessionLedger {
+    private sessionsDir;
+    private currentPath;
+    private now;
+    constructor(options?: RuntimeSessionLedgerOptions);
+    start(input?: RuntimeSessionStartInput): RuntimeSessionRecord;
+    append(sessionId: string, input: RuntimeSessionEventInput): RuntimeSessionEvent;
+    end(sessionId: string, status?: RuntimeSessionStatus, summary?: string): RuntimeSessionRecord;
+    current(): RuntimeSessionRecord | null;
+    listEvents(sessionId: string): RuntimeSessionEvent[];
+    sessionFile(sessionId: string): string;
+    private writeCurrent;
+    private sessionPath;
+}

package/dist/runtime/SessionLedger.js

@@ -0,0 +1,104 @@
+import { randomUUID } from 'node:crypto';
+import { appendFileSync, existsSync, mkdirSync, readFileSync, writeFileSync } from 'node:fs';
+import { isAbsolute, join, resolve } from 'node:path';
+import { redactEvidenceValue } from '../tools/ToolEvidenceStore.js';
+export class SessionLedger {
+    constructor(options = {}) {
+        const projectDir = resolve(options.projectDir ?? process.cwd());
+        const scaleRoot = isAbsolute(options.scaleDir ?? '')
+            ? options.scaleDir
+            : join(projectDir, options.scaleDir ?? '.scale');
+        this.sessionsDir = join(scaleRoot, 'events', 'sessions');
+        this.currentPath = join(scaleRoot, 'events', 'current-session.json');
+        this.now = options.now ?? (() => new Date());
+        if (options.createDirs !== false && !existsSync(this.sessionsDir))
+            mkdirSync(this.sessionsDir, { recursive: true });
+    }
+    start(input = {}) {
+        const now = this.now().toISOString();
+        const record = {
+            sessionId: input.sessionId ?? `SESSION-${Date.now()}-${randomUUID().slice(0, 8)}`,
+            taskId: input.taskId,
+            agent: input.agent,
+            level: input.level,
+            status: 'active',
+            startedAt: now,
+            updatedAt: now,
+            summary: input.summary,
+        };
+        this.writeCurrent(record);
+        this.append(record.sessionId, {
+            type: 'session.started',
+            message: input.summary,
+            data: {
+                taskId: record.taskId,
+                agent: record.agent,
+                level: record.level,
+            },
+        });
+        return record;
+    }
+    append(sessionId, input) {
+        const data = redactEvidenceValue(input.data ?? {});
+        const event = {
+            ...input,
+            id: `EVT-${Date.now()}-${randomUUID().slice(0, 8)}`,
+            sessionId,
+            createdAt: this.now().toISOString(),
+            data: data.value,
+            redactionApplied: data.redacted,
+        };
+        appendFileSync(this.sessionPath(sessionId), `${JSON.stringify(event)}\n`, 'utf-8');
+        return event;
+    }
+    end(sessionId, status = 'completed', summary) {
+        const current = this.current();
+        const now = this.now().toISOString();
+        const record = {
+            ...(current?.sessionId === sessionId ? current : { sessionId, startedAt: now }),
+            status,
+            updatedAt: now,
+            endedAt: now,
+            summary: summary ?? current?.summary,
+        };
+        this.writeCurrent(record);
+        this.append(sessionId, {
+            type: 'session.ended',
+            message: summary,
+            data: { status },
+        });
+        return record;
+    }
+    current() {
+        try {
+            return JSON.parse(readFileSync(this.currentPath, 'utf-8'));
+        }
+        catch {
+            return null;
+        }
+    }
+    listEvents(sessionId) {
+        try {
+            return readFileSync(this.sessionPath(sessionId), 'utf-8')
+                .split(/\r?\n/)
+                .filter(Boolean)
+                .map(line => JSON.parse(line));
+        }
+        catch {
+            return [];
+        }
+    }
+    sessionFile(sessionId) {
+        return this.sessionPath(sessionId);
+    }
+    writeCurrent(record) {
+        writeFileSync(this.currentPath, JSON.stringify(record, null, 2), 'utf-8');
+    }
+    sessionPath(sessionId) {
+        return join(this.sessionsDir, `${safePathSegment(sessionId)}.jsonl`);
+    }
+}
+function safePathSegment(value) {
+    return value.replace(/[^a-zA-Z0-9._-]/g, '-').slice(0, 120) || 'unknown-session';
+}
+//# sourceMappingURL=SessionLedger.js.map

package/dist/runtime/SessionLedger.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"SessionLedger.js","sourceRoot":"","sources":["../../src/runtime/SessionLedger.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAA;AACxC,OAAO,EAAE,cAAc,EAAE,UAAU,EAAE,SAAS,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,SAAS,CAAA;AAC5F,OAAO,EAAE,UAAU,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,WAAW,CAAA;AACrD,OAAO,EAAE,mBAAmB,EAAE,MAAM,+BAA+B,CAAA;AAsDnE,MAAM,OAAO,aAAa;IAKxB,YAAY,UAAuC,EAAE;QACnD,MAAM,UAAU,GAAG,OAAO,CAAC,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC,CAAA;QAC/D,MAAM,SAAS,GAAG,UAAU,CAAC,OAAO,CAAC,QAAQ,IAAI,EAAE,CAAC;YAClD,CAAC,CAAC,OAAO,CAAC,QAAkB;YAC5B,CAAC,CAAC,IAAI,CAAC,UAAU,EAAE,OAAO,CAAC,QAAQ,IAAI,QAAQ,CAAC,CAAA;QAClD,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC,SAAS,EAAE,QAAQ,EAAE,UAAU,CAAC,CAAA;QACxD,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC,SAAS,EAAE,QAAQ,EAAE,sBAAsB,CAAC,CAAA;QACpE,IAAI,CAAC,GAAG,GAAG,OAAO,CAAC,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,IAAI,IAAI,EAAE,CAAC,CAAA;QAC5C,IAAI,OAAO,CAAC,UAAU,KAAK,KAAK,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,WAAW,CAAC;YAAE,SAAS,CAAC,IAAI,CAAC,WAAW,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAA;IACrH,CAAC;IAED,KAAK,CAAC,QAAkC,EAAE;QACxC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,WAAW,EAAE,CAAA;QACpC,MAAM,MAAM,GAAyB;YACnC,SAAS,EAAE,KAAK,CAAC,SAAS,IAAI,WAAW,IAAI,CAAC,GAAG,EAAE,IAAI,UAAU,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE;YACjF,MAAM,EAAE,KAAK,CAAC,MAAM;YACpB,KAAK,EAAE,KAAK,CAAC,KAAK;YAClB,KAAK,EAAE,KAAK,CAAC,KAAK;YAClB,MAAM,EAAE,QAAQ;YAChB,SAAS,EAAE,GAAG;YACd,SAAS,EAAE,GAAG;YACd,OAAO,EAAE,KAAK,CAAC,OAAO;SACvB,CAAA;QACD,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,CAAA;QACzB,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE;YAC5B,IAAI,EAAE,iBAAiB;YACvB,OAAO,EAAE,KAAK,CAAC,OAAO;YACtB,IAAI,EAAE;gBACJ,MAAM,EAAE,MAAM,CAAC,MAAM;gBACrB,KAAK,EAAE,MAAM,CAAC,KAAK;gBACnB,KAAK,EAAE,MAAM,CAAC,KAAK;aACpB;SACF,CAAC,CAAA;QACF,OAAO,MAAM,CAAA;IACf,CAAC;IAED,MAAM,CAAC,SAAiB,EAAE,KAA+B;QACvD,MAAM,IAAI,GAAG,mBAAmB,CAAC,KAAK,CAAC,IAAI,IAAI,EAAE,CAAC,CAAA;QAClD,MAAM,KAAK,GAAwB;YACjC,GAAG,KAAK;YACR,EAAE,EAAE,OAAO,IAAI,CAAC,GAAG,EAAE,IAAI,UAAU,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE;YACnD,SAAS;YACT,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC,WAAW,EAAE;YACnC,IAAI,EAAE,IAAI,CAAC,KAAgC;YAC3C,gBAAgB,EAAE,IAAI,CAAC,QAAQ;SAChC,CAAA;QACD,cAAc,CAAC,IAAI,CAAC,WAAW,CAAC,SAAS,CAAC,EAAE,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,IAAI,EAAE,OAAO,CAAC,CAAA;QAClF,OAAO,KAAK,CAAA;IACd,CAAC;IAED,GAAG,CAAC,SAAiB,EAAE,SAA+B,WAAW,EAAE,OAAgB;QACjF,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,EAAE,CAAA;QAC9B,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,WAAW,EAAE,CAAA;QACpC,MAAM,MAAM,GAAyB;YACnC,GAAG,CAAC,OAAO,EAAE,SAAS,KAAK,SAAS,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,SAAS,EAAE,GAAG,EAAE,CAAC;YAC/E,MAAM;YACN,SAAS,EAAE,GAAG;YACd,OAAO,EAAE,GAAG;YACZ,OAAO,EAAE,OAAO,IAAI,OAAO,EAAE,OAAO;SACrC,CAAA;QACD,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,CAAA;QACzB,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE;YACrB,IAAI,EAAE,eAAe;YACrB,OAAO,EAAE,OAAO;YAChB,IAAI,EAAE,EAAE,MAAM,EAAE;SACjB,CAAC,CAAA;QACF,OAAO,MAAM,CAAA;IACf,CAAC;IAED,OAAO;QACL,IAAI,CAAC;YACH,OAAO,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,IAAI,CAAC,WAAW,EAAE,OAAO,CAAC,CAAyB,CAAA;QACpF,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAA;QACb,CAAC;IACH,CAAC;IAED,UAAU,CAAC,SAAiB;QAC1B,IAAI,CAAC;YACH,OAAO,YAAY,CAAC,IAAI,CAAC,WAAW,CAAC,SAAS,CAAC,EAAE,OAAO,CAAC;iBACtD,KAAK,CAAC,OAAO,CAAC;iBACd,MAAM,CAAC,OAAO,CAAC;iBACf,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAwB,CAAC,CAAA;QACzD,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,EAAE,CAAA;QACX,CAAC;IACH,CAAC;IAED,WAAW,CAAC,SAAiB;QAC3B,OAAO,IAAI,CAAC,WAAW,CAAC,SAAS,CAAC,CAAA;IACpC,CAAC;IAEO,YAAY,CAAC,MAA4B;QAC/C,aAAa,CAAC,IAAI,CAAC,WAAW,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,OAAO,CAAC,CAAA;IAC3E,CAAC;IAEO,WAAW,CAAC,SAAiB;QACnC,OAAO,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,GAAG,eAAe,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAA;IACtE,CAAC;CACF;AAED,SAAS,eAAe,CAAC,KAAa;IACpC,OAAO,KAAK,CAAC,OAAO,CAAC,kBAAkB,EAAE,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,IAAI,iBAAiB,CAAA;AAClF,CAAC"}

package/dist/runtime/index.d.ts

@@ -0,0 +1,4 @@
+export * from './RuntimeEvidenceLedger.js';
+export * from './SessionLedger.js';
+export * from './RuntimeDoctor.js';
+export * from './FinalReportGuard.js';

package/dist/runtime/index.js

@@ -0,0 +1,5 @@
+export * from './RuntimeEvidenceLedger.js';
+export * from './SessionLedger.js';
+export * from './RuntimeDoctor.js';
+export * from './FinalReportGuard.js';
+//# sourceMappingURL=index.js.map

package/dist/runtime/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/runtime/index.ts"],"names":[],"mappings":"AAAA,cAAc,4BAA4B,CAAA;AAC1C,cAAc,oBAAoB,CAAA;AAClC,cAAc,oBAAoB,CAAA;AAClC,cAAc,uBAAuB,CAAA"}

package/dist/skills/SkillRadar.d.ts

@@ -0,0 +1,83 @@
+import { type ToolCapabilityReport } from '../tools/ToolCapabilityRegistry.js';
+import { type ResolvedToolPolicy } from '../tools/ToolPolicy.js';
+export type SkillRadarSafetyLevel = 'trusted' | 'review-required' | 'restricted' | 'blocked';
+export type SkillRadarAction = 'may-run-with-policy' | 'recommend-with-evidence' | 'suggest-fallback' | 'blocked';
+export interface SkillRadarOptions {
+    projectDir?: string;
+    scaleDir?: string;
+    task: string;
+    phase?: string;
+    level?: string;
+    files?: string[];
+    services?: string[];
+}
+export interface SkillRadarRecommendation {
+    id: string;
+    name: string;
+    category: string;
+    capability: string;
+    confidence: number;
+    safetyLevel: SkillRadarSafetyLevel;
+    action: SkillRadarAction;
+    installed: boolean;
+    policyEnabled: boolean;
+    reason: string;
+    risk: string;
+    requiredEvidence: string[];
+    fallback: string;
+    installCommand: string;
+    sourceUrl: string;
+    matchedSignals: string[];
+    safetyFindings: Array<{
+        rule: string;
+        severity: 'warn' | 'block';
+        message: string;
+    }>;
+}
+export interface SkillRadarReport {
+    ok: boolean;
+    projectDir: string;
+    generatedAt: string;
+    task: string;
+    phase?: string;
+    level: string;
+    detectedDomains: Array<{
+        domain: string;
+        score: number;
+        reasons: string[];
+    }>;
+    recommendations: SkillRadarRecommendation[];
+    requiredEvidence: string[];
+    fallbacks: string[];
+    toolSummary: ToolCapabilityReport['summary'];
+    policyMode: ResolvedToolPolicy['mode'];
+    warnings: string[];
+}
+export interface SkillSupplyChainDoctorReport {
+    ok: boolean;
+    projectDir: string;
+    generatedAt: string;
+    evaluated: number;
+    blocked: number;
+    warnings: number;
+    entries: Array<{
+        id: string;
+        sourceUrl: string;
+        installCommand: string;
+        trust: string;
+        safetyLevel: SkillRadarSafetyLevel;
+        risk: string;
+        blocked: boolean;
+        findings: Array<{
+            rule: string;
+            severity: 'warn' | 'block';
+            message: string;
+        }>;
+        requiredChecks: string[];
+    }>;
+}
+export declare function evaluateSkillRadar(options: SkillRadarOptions): SkillRadarReport;
+export declare function inspectSkillSupplyChain(options?: {
+    projectDir?: string;
+}): SkillSupplyChainDoctorReport;
+export declare function renderSkillRadarMarkdown(report: SkillRadarReport): string;

package/dist/skills/SkillRadar.js

@@ -0,0 +1,384 @@
+import { existsSync, readdirSync } from 'node:fs';
+import { extname, join, resolve } from 'node:path';
+import { evaluateSkillInstallSafety, listSkillRepositoryEntries } from './SkillRepository.js';
+import { inspectToolCapabilities } from '../tools/ToolCapabilityRegistry.js';
+import { loadToolPolicy } from '../tools/ToolPolicy.js';
+const DOMAIN_CONFIG = {
+    ui: {
+        keywords: ['ui', 'ux', 'design', 'frontend', 'page', 'component', 'visual', 'layout', 'prototype', 'accessibility'],
+        filePatterns: [/\.(tsx|jsx|vue|svelte|css|scss)$/i, /(^|\/)(pages|app|components|routes)\//i],
+        categories: ['ui'],
+        evidence: ['design-rationale', 'screenshot', 'visual-review'],
+        fallback: 'Use a static UI checklist, code review, and manual screenshot capture.',
+    },
+    browserAutomation: {
+        keywords: ['browser', 'e2e', 'playwright', 'chrome', 'devtools', 'web access', 'web', 'automation', 'integration'],
+        filePatterns: [/\.(spec|test)\.(ts|tsx|js|jsx)$/i, /playwright/i],
+        categories: ['browser', 'testing'],
+        evidence: ['screenshot', 'console-summary', 'network-summary', 'scenario-result'],
+        fallback: 'Run manual smoke checks and capture route, console, and network evidence.',
+    },
+    desktopAutomation: {
+        keywords: ['desktop', 'gui', 'wps', 'wechat', 'computer', 'cua', 'client-app'],
+        filePatterns: [],
+        categories: ['desktop'],
+        evidence: ['operator-boundary', 'desktop-screenshot', 'affected-app'],
+        fallback: 'Use a manual operator checklist with screenshots and side-effect boundaries.',
+    },
+    externalCli: {
+        keywords: ['codex', 'gemini', 'opencode', 'claude code', 'external cli', 'agent cli', 'command line'],
+        filePatterns: [],
+        categories: ['agent-cli'],
+        evidence: ['cli-version-check', 'command', 'exit-code', 'output-summary'],
+        fallback: 'Use local review or built-in verification commands instead of cross-agent CLI.',
+    },
+    review: {
+        keywords: ['review', 'pr', 'merge', 'ship', 'release', 'quality', 'code review'],
+        filePatterns: [],
+        categories: ['review'],
+        evidence: ['finding-list', 'severity', 'accepted-risk-or-fix'],
+        fallback: 'Use built-in review and runtime evidence gates.',
+    },
+    docs: {
+        keywords: ['docs', 'documentation', 'readme', 'adr', 'governance asset'],
+        filePatterns: [/\.md$/i, /(^|\/)docs\//i],
+        categories: ['docs'],
+        evidence: ['changed-docs', 'source-of-truth-map'],
+        fallback: 'Update canonical Markdown directly and run doc drift checks.',
+    },
+    discovery: {
+        keywords: ['skill', 'mcp', 'tool', 'capability', 'discover', 'search'],
+        filePatterns: [],
+        categories: ['discovery'],
+        evidence: ['candidate-list', 'safety-review'],
+        fallback: 'Search docs manually and run skill safety review before install.',
+    },
+};
+export function evaluateSkillRadar(options) {
+    const projectDir = resolve(options.projectDir ?? process.cwd());
+    const scaleDir = options.scaleDir ?? '.scale';
+    const level = String(options.level ?? 'M').toUpperCase();
+    const files = normalizeFiles(options.files);
+    const detectedDomains = detectDomains({
+        text: `${options.task} ${options.phase ?? ''}`,
+        files,
+    });
+    const activeDomains = detectedDomains.length > 0
+        ? detectedDomains
+        : [{ domain: 'discovery', score: 1, reasons: ['fallback:no-domain-match'] }];
+    const policy = loadToolPolicy(projectDir, scaleDir);
+    const toolReport = inspectToolCapabilities({ projectDir });
+    const recommendations = listSkillRepositoryEntries()
+        .filter(entry => entryMatchesDomains(entry, activeDomains))
+        .map(entry => buildRecommendation(entry, {
+        projectDir,
+        domains: activeDomains,
+        policy,
+        toolReport,
+        files,
+    }))
+        .sort((a, b) => b.confidence - a.confidence || safetyRank(a.safetyLevel) - safetyRank(b.safetyLevel) || a.id.localeCompare(b.id));
+    const requiredEvidence = unique(recommendations.flatMap(item => item.requiredEvidence));
+    const fallbacks = unique(recommendations
+        .filter(item => item.action === 'suggest-fallback' || item.action === 'blocked')
+        .map(item => item.fallback));
+    return {
+        ok: recommendations.every(item => item.safetyLevel !== 'blocked'),
+        projectDir,
+        generatedAt: new Date().toISOString(),
+        task: options.task,
+        phase: options.phase,
+        level,
+        detectedDomains: activeDomains,
+        recommendations,
+        requiredEvidence,
+        fallbacks,
+        toolSummary: toolReport.summary,
+        policyMode: policy.mode,
+        warnings: [
+            ...policy.warnings,
+            ...recommendations
+                .filter(item => item.confidence < 0.4)
+                .map(item => `${item.id} confidence is below auto-run threshold; use fallback.`),
+        ],
+    };
+}
+export function inspectSkillSupplyChain(options = {}) {
+    const projectDir = resolve(options.projectDir ?? process.cwd());
+    const entries = listSkillRepositoryEntries().map(entry => {
+        const safety = evaluateSkillInstallSafety({
+            sourceUrl: entry.sourceUrl,
+            installCommand: entry.installCommand,
+        });
+        return {
+            id: entry.id,
+            sourceUrl: entry.sourceUrl,
+            installCommand: entry.installCommand,
+            trust: entry.trust,
+            safetyLevel: safety.blocked ? 'blocked' : entry.trust === 'official' ? 'trusted' : 'review-required',
+            risk: safety.risk,
+            blocked: safety.blocked,
+            findings: safety.findings,
+            requiredChecks: unique([...entry.safety.requiredChecks, ...safety.requiredChecks]),
+        };
+    });
+    return {
+        ok: entries.every(entry => !entry.blocked),
+        projectDir,
+        generatedAt: new Date().toISOString(),
+        evaluated: entries.length,
+        blocked: entries.filter(entry => entry.blocked).length,
+        warnings: entries.reduce((count, entry) => count + entry.findings.filter(finding => finding.severity === 'warn').length, 0),
+        entries,
+    };
+}
+function buildRecommendation(entry, input) {
+    const safety = evaluateSkillInstallSafety({ sourceUrl: entry.sourceUrl, installCommand: entry.installCommand });
+    const tool = findToolForEntry(entry, input.toolReport);
+    const policyId = policyIdForEntry(entry, tool);
+    const policyConfig = input.policy.tools[policyId];
+    const policyEnabled = policyConfig?.enabled ?? true;
+    const installed = tool?.installed ?? skillInstalledInProject(entry.id, input.projectDir);
+    const domainHits = input.domains.filter(domain => DOMAIN_CONFIG[domain.domain]?.categories.includes(entry.category));
+    const matchedSignals = unique([
+        ...domainHits.flatMap(domain => domain.reasons),
+        `category:${entry.category}`,
+        `policy:${policyId}`,
+    ]);
+    const safetyLevel = resolveSafetyLevel(entry, {
+        blocked: safety.blocked || !policyEnabled,
+        policyConfig,
+    });
+    const confidence = confidenceScore(entry, {
+        installed,
+        policyEnabled,
+        safetyLevel,
+        domainScore: domainHits.reduce((sum, domain) => sum + domain.score, 0),
+        projectHasPackage: existsSync(join(input.projectDir, 'package.json')),
+        projectHasFrontendFiles: input.files.some(file => /\.(tsx|jsx|vue|svelte|css|scss)$/i.test(file)),
+        tool,
+    });
+    return {
+        id: entry.id,
+        name: entry.name,
+        category: entry.category,
+        capability: capabilityFor(entry),
+        confidence,
+        safetyLevel,
+        action: resolveAction(safetyLevel, confidence),
+        installed,
+        policyEnabled,
+        reason: reasonFor(entry, { domainHits, installed, policyEnabled }),
+        risk: riskFor(entry, safetyLevel, policyEnabled),
+        requiredEvidence: unique([
+            ...entry.orchestration.requiredEvidence,
+            ...domainHits.flatMap(domain => DOMAIN_CONFIG[domain.domain]?.evidence ?? []),
+            ...(policyConfig?.evidenceRequired ? ['tool-evidence-record'] : []),
+        ]),
+        fallback: fallbackFor(entry, domainHits),
+        installCommand: entry.installCommand,
+        sourceUrl: entry.sourceUrl,
+        matchedSignals,
+        safetyFindings: safety.findings,
+    };
+}
+function detectDomains(input) {
+    const text = input.text.toLowerCase();
+    return Object.entries(DOMAIN_CONFIG)
+        .map(([domain, config]) => {
+        let score = 0;
+        const reasons = [];
+        for (const keyword of config.keywords) {
+            if (text.includes(keyword.toLowerCase())) {
+                score += 3;
+                reasons.push(`keyword:${keyword}`);
+            }
+        }
+        for (const file of input.files) {
+            const matched = config.filePatterns.find(pattern => pattern.test(file));
+            if (matched) {
+                score += 4;
+                reasons.push(`file:${file}`);
+            }
+        }
+        return { domain, score, reasons: unique(reasons) };
+    })
+        .filter(domain => domain.score > 0)
+        .sort((a, b) => b.score - a.score || a.domain.localeCompare(b.domain));
+}
+function entryMatchesDomains(entry, domains) {
+    return domains.some(domain => DOMAIN_CONFIG[domain.domain]?.categories.includes(entry.category));
+}
+function findToolForEntry(entry, report) {
+    const ids = toolIdsForEntry(entry);
+    return report.tools.find(item => ids.includes(item.id) || ids.includes(item.skillId ?? ''));
+}
+function toolIdsForEntry(entry) {
+    if (entry.id === 'cua')
+        return ['cua', 'desktop-cua'];
+    return [entry.id];
+}
+function policyIdForEntry(entry, tool) {
+    if (tool)
+        return tool.id;
+    if (entry.id === 'cua')
+        return 'desktop-cua';
+    return entry.id;
+}
+function resolveSafetyLevel(entry, input) {
+    if (input.blocked)
+        return 'blocked';
+    if (entry.category === 'browser' || entry.category === 'desktop' || entry.category === 'agent-cli')
+        return 'restricted';
+    if (input.policyConfig?.destructiveActions === 'confirm')
+        return 'restricted';
+    if (entry.trust === 'official')
+        return 'trusted';
+    return 'review-required';
+}
+function confidenceScore(entry, input) {
+    if (!input.policyEnabled || input.safetyLevel === 'blocked')
+        return 0.2;
+    let score = 0.28;
+    score += Math.min(0.22, input.domainScore * 0.025);
+    if (entry.trust === 'official')
+        score += 0.12;
+    if (entry.trust === 'ecosystem')
+        score += 0.06;
+    if (input.installed)
+        score += 0.22;
+    if (input.tool?.installed)
+        score += 0.08;
+    if (input.projectHasPackage && (entry.category === 'ui' || entry.category === 'browser' || entry.category === 'testing'))
+        score += 0.08;
+    if (input.projectHasFrontendFiles && entry.category === 'ui')
+        score += 0.08;
+    if (input.safetyLevel === 'review-required')
+        score -= 0.08;
+    if (input.safetyLevel === 'restricted')
+        score -= 0.05;
+    return roundConfidence(Math.max(0.05, Math.min(0.95, score)));
+}
+function resolveAction(safetyLevel, confidence) {
+    if (safetyLevel === 'blocked')
+        return 'blocked';
+    if (confidence < 0.4)
+        return 'suggest-fallback';
+    if (confidence <= 0.7)
+        return 'recommend-with-evidence';
+    return 'may-run-with-policy';
+}
+function reasonFor(entry, input) {
+    const domains = input.domainHits.map(hit => hit.domain).join(', ') || entry.category;
+    const install = input.installed ? 'installed' : 'not installed';
+    const policy = input.policyEnabled ? 'policy enabled' : 'policy disabled';
+    return `${entry.name} matches ${domains}; ${install}; ${policy}.`;
+}
+function riskFor(entry, safetyLevel, policyEnabled) {
+    if (!policyEnabled)
+        return 'Disabled by tool policy; do not run until explicitly enabled.';
+    if (safetyLevel === 'blocked')
+        return 'Install or execution safety blocked this capability.';
+    if (entry.category === 'desktop')
+        return 'Desktop automation can affect local applications and must stay inside an operator boundary.';
+    if (entry.category === 'browser')
+        return 'Browser automation may touch authenticated state and must capture console/network evidence.';
+    if (entry.category === 'agent-cli')
+        return 'External agent CLI can modify files or consume credentials; use dry-run or scoped commands.';
+    if (safetyLevel === 'review-required')
+        return 'Third-party skill requires supply-chain review before installation or promotion.';
+    return 'Low operational risk, but completion still requires evidence.';
+}
+function fallbackFor(entry, domainHits) {
+    const domainFallback = domainHits.map(domain => DOMAIN_CONFIG[domain.domain]?.fallback).find(Boolean);
+    if (domainFallback)
+        return domainFallback;
+    if (entry.category === 'review')
+        return 'Use built-in review, lint, test, and runtime evidence commands.';
+    if (entry.category === 'docs')
+        return 'Update canonical docs manually and record changed source-of-truth files.';
+    return 'Use manual verification evidence and document why the skill was skipped.';
+}
+function capabilityFor(entry) {
+    const map = {
+        ui: 'ui-ux-design',
+        browser: 'browser-automation',
+        desktop: 'desktop-automation',
+        testing: 'test-automation',
+        review: 'quality-review',
+        docs: 'documentation',
+        'agent-cli': 'external-agent-cli',
+        'role-library': 'role-orchestration',
+        discovery: 'skill-discovery',
+    };
+    return map[entry.category];
+}
+function skillInstalledInProject(skillId, projectDir) {
+    const candidates = [
+        join(projectDir, '.agents', 'skills', skillId, 'SKILL.md'),
+        join(projectDir, '.codex', 'skills', skillId, 'SKILL.md'),
+        join(projectDir, '.claude', 'skills', skillId, 'SKILL.md'),
+    ];
+    if (candidates.some(path => existsSync(path)))
+        return true;
+    return localSkillIndex(projectDir).some(id => id === skillId);
+}
+function localSkillIndex(projectDir) {
+    const roots = [join(projectDir, '.agents', 'skills'), join(projectDir, '.codex', 'skills'), join(projectDir, '.claude', 'skills')];
+    return roots.flatMap(root => {
+        try {
+            return readdirSync(root).filter(name => existsSync(join(root, name, 'SKILL.md')));
+        }
+        catch {
+            return [];
+        }
+    });
+}
+function normalizeFiles(files) {
+    return (files ?? [])
+        .map(file => file.replace(/\\/g, '/').trim())
+        .filter(Boolean)
+        .filter(file => extname(file) || file.includes('/'));
+}
+function safetyRank(level) {
+    const rank = {
+        trusted: 0,
+        'review-required': 1,
+        restricted: 2,
+        blocked: 3,
+    };
+    return rank[level];
+}
+function roundConfidence(value) {
+    return Math.round(value * 100) / 100;
+}
+function unique(items) {
+    return [...new Set(items)];
+}
+export function renderSkillRadarMarkdown(report) {
+    const lines = [
+        '# Skill Radar',
+        '',
+        `Task: ${report.task}`,
+        `Level: ${report.level}`,
+        `Generated: ${report.generatedAt}`,
+        '',
+        '## Detected Domains',
+        '',
+        '| Domain | Score | Reasons |',
+        '| --- | ---: | --- |',
+        ...report.detectedDomains.map(domain => `| ${domain.domain} | ${domain.score} | ${domain.reasons.join(', ')} |`),
+        '',
+        '## Recommendations',
+        '',
+        '| Skill | Capability | Confidence | Safety | Action | Evidence |',
+        '| --- | --- | ---: | --- | --- | --- |',
+        ...report.recommendations.map(item => `| ${item.id} | ${item.capability} | ${item.confidence.toFixed(2)} | ${item.safetyLevel} | ${item.action} | ${item.requiredEvidence.join(', ')} |`),
+        '',
+        '## Fallbacks',
+        '',
+        ...(report.fallbacks.length ? report.fallbacks.map(item => `- ${item}`) : ['- none']),
+    ];
+    return lines.join('\n');
+}
+//# sourceMappingURL=SkillRadar.js.map