@lpm-registry/cli 0.2.0

package/lib/install-targets/vscode-extension.js

@@ -0,0 +1,178 @@
+/**
+ * VS Code Extension Install Target
+ *
+ * Handles `lpm add` for packages with `type: "vscode-extension"` in lpm.config.json.
+ *
+ * Instead of copying source files into the project, this handler:
+ * 1. Copies the extracted package into ~/.vscode/extensions/ with the correct naming
+ * 2. VS Code auto-detects the new extension on restart
+ *
+ * @module cli/lib/install-targets/vscode-extension
+ */
+
+import fs from "node:fs"
+import os from "node:os"
+import path from "node:path"
+import * as p from "@clack/prompts"
+import chalk from "chalk"
+
+/**
+ * Get the VS Code extensions directory (cross-platform).
+ * @returns {string}
+ */
+function getExtensionsDir() {
+	return path.join(os.homedir(), ".vscode", "extensions")
+}
+
+/**
+ * Derive the extension folder name from the package name and version.
+ *
+ * LPM format: @lpm.dev/owner.my-extension → owner.my-extension-1.0.0
+ * This matches VS Code's publisher.extension-version convention.
+ *
+ * @param {string} pkgName - Full package reference (e.g., "@lpm.dev/owner.my-extension")
+ * @param {string} version - Package version
+ * @returns {string}
+ */
+function deriveExtensionFolderName(pkgName, version) {
+	// Strip @lpm.dev/ prefix → "owner.my-extension"
+	const baseName = pkgName.replace("@lpm.dev/", "")
+	return `${baseName}-${version}`
+}
+
+/**
+ * Recursively copy a directory.
+ *
+ * @param {string} src - Source directory
+ * @param {string} dest - Destination directory
+ */
+function copyDirRecursive(src, dest) {
+	fs.mkdirSync(dest, { recursive: true })
+	const entries = fs.readdirSync(src, { withFileTypes: true })
+
+	for (const entry of entries) {
+		const srcPath = path.join(src, entry.name)
+		const destPath = path.join(dest, entry.name)
+
+		if (entry.isDirectory()) {
+			copyDirRecursive(srcPath, destPath)
+		} else {
+			fs.copyFileSync(srcPath, destPath)
+		}
+	}
+}
+
+/**
+ * Install a VS Code extension package.
+ *
+ * Called by `lpm add` when the package has `type: "vscode-extension"` in lpm.config.json.
+ *
+ * @param {object} params
+ * @param {string} params.name - Package name (e.g., "@lpm.dev/owner.my-extension")
+ * @param {string} params.version - Package version
+ * @param {object} params.lpmConfig - Parsed lpm.config.json
+ * @param {string} params.extractDir - Temp directory with extracted package files
+ * @param {object} params.options - CLI options (force, yes)
+ * @returns {Promise<{ success: boolean, message: string }>}
+ */
+export async function installVscodeExtension({
+	name,
+	version,
+	lpmConfig: _lpmConfig,
+	extractDir,
+	options,
+}) {
+	const extensionsDir = getExtensionsDir()
+	const folderName = deriveExtensionFolderName(name, version)
+	const targetDir = path.join(extensionsDir, folderName)
+
+	// Check if VS Code extensions directory exists
+	if (!fs.existsSync(path.join(os.homedir(), ".vscode"))) {
+		return {
+			success: false,
+			message:
+				"VS Code not detected. Install VS Code first (no ~/.vscode directory found).",
+		}
+	}
+
+	// Check for existing version
+	if (fs.existsSync(targetDir)) {
+		if (!options?.force && !options?.yes) {
+			const overwrite = await p.confirm({
+				message: `Extension ${folderName} already exists. Overwrite?`,
+				initialValue: false,
+			})
+
+			if (p.isCancel(overwrite) || !overwrite) {
+				return {
+					success: false,
+					message: "Installation cancelled.",
+				}
+			}
+		}
+
+		// Remove existing version
+		fs.rmSync(targetDir, { recursive: true, force: true })
+	}
+
+	// Copy extension files to the extensions directory
+	try {
+		copyDirRecursive(extractDir, targetDir)
+	} catch (err) {
+		return {
+			success: false,
+			message: `Failed to install extension: ${err.message}`,
+		}
+	}
+
+	return {
+		success: true,
+		message: `VS Code extension installed to ${chalk.dim(targetDir)}. Restart VS Code to activate.`,
+	}
+}
+
+/**
+ * Remove a VS Code extension package.
+ *
+ * @param {object} params
+ * @param {string} params.name - Package name
+ * @returns {Promise<{ success: boolean, message: string }>}
+ */
+export async function removeVscodeExtension({ name }) {
+	const extensionsDir = getExtensionsDir()
+	const baseName = name.replace("@lpm.dev/", "")
+
+	// Find matching extension folders (any version)
+	if (!fs.existsSync(extensionsDir)) {
+		return {
+			success: true,
+			message: "No VS Code extensions directory found.",
+		}
+	}
+
+	const entries = fs.readdirSync(extensionsDir)
+	const matching = entries.filter(e => e.startsWith(`${baseName}-`))
+
+	if (matching.length === 0) {
+		return {
+			success: true,
+			message: "Extension was not installed via LPM.",
+		}
+	}
+
+	let count = 0
+	for (const folder of matching) {
+		const fullPath = path.join(extensionsDir, folder)
+		try {
+			fs.rmSync(fullPath, { recursive: true, force: true })
+			count++
+		} catch (err) {
+			console.error(chalk.red(`  Failed to remove ${folder}: ${err.message}`))
+		}
+	}
+
+	return {
+		success: true,
+		message: `Removed ${count} extension version${count > 1 ? "s" : ""}. Restart VS Code to apply.`,
+	}
+}

package/lib/install-targets.js

@@ -0,0 +1,82 @@
+/**
+ * Install Target Resolver
+ *
+ * Routes package types to type-specific install handlers.
+ * When `lpm add` encounters a package with a `type` in lpm.config.json,
+ * it delegates to the appropriate handler instead of the default file-copy flow.
+ *
+ * @module cli/lib/install-targets
+ */
+
+import {
+	installMcpServer,
+	removeMcpServer,
+} from "./install-targets/mcp-server.js"
+import {
+	installVscodeExtension,
+	removeVscodeExtension,
+} from "./install-targets/vscode-extension.js"
+
+/**
+ * Registry of package types that have custom install behavior.
+ * Types not listed here fall through to the default source file-copy flow.
+ */
+const INSTALL_HANDLERS = {
+	"mcp-server": {
+		install: installMcpServer,
+		remove: removeMcpServer,
+	},
+	"vscode-extension": {
+		install: installVscodeExtension,
+		remove: removeVscodeExtension,
+	},
+}
+
+/**
+ * Default install target paths for package types that use the standard
+ * file-copy flow but with a well-known destination.
+ *
+ * When a package has a type listed here and the user doesn't provide --path,
+ * the CLI skips the "Where to install?" prompt and uses this default.
+ *
+ * If the package's files[] rules define explicit `dest` paths, targetDir is
+ * set to the project root (since dest is relative to targetDir).
+ * Otherwise, targetDir is set to this default path.
+ */
+const DEFAULT_TARGETS = {
+	"cursor-rules": ".cursor/rules",
+	"github-action": ".github",
+}
+
+/**
+ * Check if a package type has a custom install handler.
+ *
+ * @param {string} type - Package type from lpm.config.json
+ * @returns {boolean}
+ */
+export function hasCustomHandler(type) {
+	return !!INSTALL_HANDLERS[type]
+}
+
+/**
+ * Get the install handler for a package type.
+ *
+ * @param {string} type - Package type from lpm.config.json
+ * @returns {{ install: Function, remove: Function } | null}
+ */
+export function getHandler(type) {
+	return INSTALL_HANDLERS[type] || null
+}
+
+/**
+ * Get the default install target path for a package type.
+ *
+ * Returns a path relative to the project root. Types not listed here
+ * use the standard interactive prompt to determine the install path.
+ *
+ * @param {string} type - Package type from lpm.config.json
+ * @returns {string | null} Relative path or null if no default
+ */
+export function getDefaultTarget(type) {
+	return DEFAULT_TARGETS[type] || null
+}

package/lib/integrity.js

@@ -0,0 +1,179 @@
+/**
+ * Tarball Integrity Verification
+ *
+ * Provides cryptographic hash verification for downloaded packages.
+ * Supports SHA-256, SHA-384, and SHA-512 algorithms.
+ *
+ * @module cli/lib/integrity
+ */
+
+import { createHash } from "node:crypto"
+import {
+	DEFAULT_HASH_ALGORITHM,
+	ERROR_MESSAGES,
+	SUPPORTED_HASH_ALGORITHMS,
+} from "./constants.js"
+
+/**
+ * Parse an integrity string (SRI format).
+ * Format: algorithm-base64hash
+ * Example: sha512-abc123...
+ *
+ * @param {string} integrity - The integrity string
+ * @returns {{ algorithm: string, hash: string } | null}
+ */
+export function parseIntegrity(integrity) {
+	if (!integrity || typeof integrity !== "string") {
+		return null
+	}
+
+	const match = integrity.match(/^(sha256|sha384|sha512)-(.+)$/i)
+	if (!match) {
+		return null
+	}
+
+	const [, algorithm, hash] = match
+	return {
+		algorithm: algorithm.toLowerCase(),
+		hash,
+	}
+}
+
+/**
+ * Calculate the hash of a buffer.
+ *
+ * @param {Buffer} buffer - The data to hash
+ * @param {string} [algorithm='sha512'] - Hash algorithm
+ * @returns {string} - Base64 encoded hash
+ */
+export function calculateHash(buffer, algorithm = DEFAULT_HASH_ALGORITHM) {
+	if (!SUPPORTED_HASH_ALGORITHMS.includes(algorithm)) {
+		throw new Error(`Unsupported hash algorithm: ${algorithm}`)
+	}
+
+	return createHash(algorithm).update(buffer).digest("base64")
+}
+
+/**
+ * Generate an integrity string (SRI format) for a buffer.
+ *
+ * @param {Buffer} buffer - The data to hash
+ * @param {string} [algorithm='sha512'] - Hash algorithm
+ * @returns {string} - Integrity string (e.g., 'sha512-abc123...')
+ */
+export function generateIntegrity(buffer, algorithm = DEFAULT_HASH_ALGORITHM) {
+	const hash = calculateHash(buffer, algorithm)
+	return `${algorithm}-${hash}`
+}
+
+/**
+ * Verify the integrity of a buffer against an expected hash.
+ *
+ * @param {Buffer} buffer - The data to verify
+ * @param {string} expectedIntegrity - Expected integrity string (SRI format)
+ * @returns {{ valid: boolean, error?: string, actual?: string }}
+ */
+export function verifyIntegrity(buffer, expectedIntegrity) {
+	const parsed = parseIntegrity(expectedIntegrity)
+
+	if (!parsed) {
+		return {
+			valid: false,
+			error: "Invalid integrity format. Expected format: algorithm-base64hash",
+		}
+	}
+
+	const { algorithm, hash: expectedHash } = parsed
+	const actualHash = calculateHash(buffer, algorithm)
+
+	if (actualHash !== expectedHash) {
+		return {
+			valid: false,
+			error: ERROR_MESSAGES.integrityMismatch,
+			actual: `${algorithm}-${actualHash}`,
+		}
+	}
+
+	return { valid: true }
+}
+
+/**
+ * Verify integrity with multiple allowed hashes.
+ * Useful when a package may have multiple valid integrity values.
+ *
+ * @param {Buffer} buffer - The data to verify
+ * @param {string[]} integrities - Array of valid integrity strings
+ * @returns {{ valid: boolean, matchedIntegrity?: string, error?: string }}
+ */
+export function verifyIntegrityMultiple(buffer, integrities) {
+	if (!integrities || integrities.length === 0) {
+		return { valid: false, error: "No integrity values provided" }
+	}
+
+	for (const integrity of integrities) {
+		const result = verifyIntegrity(buffer, integrity)
+		if (result.valid) {
+			return { valid: true, matchedIntegrity: integrity }
+		}
+	}
+
+	return {
+		valid: false,
+		error: ERROR_MESSAGES.integrityMismatch,
+	}
+}
+
+/**
+ * Create a streaming hash verifier.
+ * Useful for large files where buffering the entire file is not practical.
+ *
+ * @param {string} [algorithm='sha512'] - Hash algorithm
+ * @returns {{ update: (chunk: Buffer) => void, verify: (expectedIntegrity: string) => { valid: boolean, error?: string } }}
+ */
+export function createStreamVerifier(algorithm = DEFAULT_HASH_ALGORITHM) {
+	const hash = createHash(algorithm)
+
+	return {
+		/**
+		 * Update the hash with a chunk of data.
+		 * @param {Buffer} chunk
+		 */
+		update(chunk) {
+			hash.update(chunk)
+		},
+
+		/**
+		 * Finalize and verify against expected integrity.
+		 * @param {string} expectedIntegrity
+		 * @returns {{ valid: boolean, error?: string, actual?: string }}
+		 */
+		verify(expectedIntegrity) {
+			const parsed = parseIntegrity(expectedIntegrity)
+			if (!parsed) {
+				return {
+					valid: false,
+					error: "Invalid integrity format",
+				}
+			}
+
+			// Algorithm must match
+			if (parsed.algorithm !== algorithm) {
+				return {
+					valid: false,
+					error: `Algorithm mismatch: expected ${parsed.algorithm}, got ${algorithm}`,
+				}
+			}
+
+			const actualHash = hash.digest("base64")
+			if (actualHash !== parsed.hash) {
+				return {
+					valid: false,
+					error: ERROR_MESSAGES.integrityMismatch,
+					actual: `${algorithm}-${actualHash}`,
+				}
+			}
+
+			return { valid: true }
+		},
+	}
+}

package/lib/lpm-config-prompts.js

@@ -0,0 +1,102 @@
+/**
+ * Interactive prompts for LPM package configuration.
+ *
+ * Generates @clack/prompts calls from a configSchema definition.
+ * Only prompts for parameters not already provided via URL params.
+ *
+ * @module cli/lib/lpm-config-prompts
+ */
+
+import * as p from "@clack/prompts"
+
+/**
+ * Prompt the user for missing config parameters.
+ *
+ * Iterates over configSchema entries. For each key NOT in inlineConfig,
+ * shows an appropriate prompt based on the field type.
+ *
+ * @param {Record<string, object>} configSchema - Config schema from lpm.config.json
+ * @param {Record<string, string>} inlineConfig - Already-provided params from URL
+ * @param {Record<string, *>} defaultConfig - Default values
+ * @returns {Promise<Record<string, *>>} User answers for missing params
+ */
+export async function promptForMissingConfig(
+	configSchema,
+	inlineConfig,
+	defaultConfig,
+) {
+	const answers = {}
+	const missingKeys = Object.keys(configSchema).filter(
+		key => !(key in inlineConfig),
+	)
+
+	if (missingKeys.length === 0) return answers
+
+	for (const key of missingKeys) {
+		const schema = configSchema[key]
+		const defaultValue = defaultConfig?.[key] ?? schema.default
+
+		if (schema.type === "boolean") {
+			const result = await p.confirm({
+				message: schema.label || `Enable ${key}?`,
+				initialValue: defaultValue ?? false,
+			})
+
+			if (p.isCancel(result)) {
+				p.cancel("Operation cancelled.")
+				process.exit(0)
+			}
+
+			answers[key] = String(result)
+		} else if (schema.type === "select" && schema.multiSelect) {
+			const options = (schema.options || []).map(opt => {
+				if (typeof opt === "string") {
+					return { value: opt, label: opt }
+				}
+				return { value: opt.value, label: opt.label || opt.value }
+			})
+
+			const allValues = options.map(opt => opt.value)
+			const result = await p.multiselect({
+				message: schema.label || `Select ${key}:`,
+				options,
+				initialValues: Array.isArray(defaultValue)
+					? defaultValue
+					: defaultValue
+						? [defaultValue]
+						: allValues,
+				required: false,
+			})
+
+			if (p.isCancel(result)) {
+				p.cancel("Operation cancelled.")
+				process.exit(0)
+			}
+
+			// Join as comma-separated string (matches URL param format)
+			answers[key] = Array.isArray(result) ? result.join(",") : result
+		} else if (schema.type === "select") {
+			const options = (schema.options || []).map(opt => {
+				if (typeof opt === "string") {
+					return { value: opt, label: opt }
+				}
+				return { value: opt.value, label: opt.label || opt.value }
+			})
+
+			const result = await p.select({
+				message: schema.label || `Select ${key}:`,
+				options,
+				initialValue: defaultValue,
+			})
+
+			if (p.isCancel(result)) {
+				p.cancel("Operation cancelled.")
+				process.exit(0)
+			}
+
+			answers[key] = result
+		}
+	}
+
+	return answers
+}