@naraya/cli 0.1.0 → 0.4.0

package/bin/naraya.mjs

@@ -1,143 +1,2 @@
 #!/usr/bin/env node
-import { spawn } from "node:child_process";
-import { fileURLToPath } from "node:url";
-import fs from "node:fs";
-import path from "node:path";
-import os from "node:os";
-import { seed } from "../src/seed.mjs";
-
-const NARAYA_DIR = path.join(os.homedir(), ".naraya", "agent");
-
-// Subcommand dispatch — handled before pi resolution so these never depend on
-// the agent binary or an existing models.json.
-const sub = process.argv[2];
-if (sub === "login" || sub === "logout" || sub === "status") {
-  // `--base <url>` (or NARAYA_BASE) selects the gateway, robust across shells.
-  const { resolveBase } = await import("../src/config.mjs");
-  const base = resolveBase(process.argv);
-  if (sub === "login") {
-    const { login } = await import("../src/login.mjs");
-    await login(NARAYA_DIR, base);
-  } else if (sub === "logout") {
-    fs.rmSync(path.join(NARAYA_DIR, "models.json"), { force: true });
-    console.log("Signed out. Revoke the 'Naraya CLI' key in your dashboard.");
-  } else {
-    const { status } = await import("../src/status.mjs");
-    await status(NARAYA_DIR, base, { usd: process.argv.includes("--usd") });
-  }
-  process.exit(0);
-}
-
-// Resolve pi's bin from our own pinned dependency, never from PATH. The package
-// is ESM-only (exports has no "require" condition), so use import.meta.resolve
-// to find its main entry, walk up to the package root, then read bin from disk.
-function piPackageRoot() {
-  let dir = path.dirname(fileURLToPath(import.meta.resolve("@earendil-works/pi-coding-agent")));
-  while (!fs.existsSync(path.join(dir, "package.json"))) {
-    const up = path.dirname(dir);
-    if (up === dir) throw new Error("could not locate @earendil-works/pi-coding-agent package root");
-    dir = up;
-  }
-  return dir;
-}
-const piRoot = piPackageRoot();
-const piPkgPath = path.join(piRoot, "package.json");
-const piPkg = JSON.parse(fs.readFileSync(piPkgPath, "utf8"));
-const piBinField = piPkg.bin;
-const piBinRel = typeof piBinField === "string" ? piBinField : piBinField.pi;
-const piBin = path.join(piRoot, piBinRel);
-
-// White-label the engine: pi reads `piConfig.name` from its own package.json and
-// uses it as the app name + window title (otherwise "pi"/"π"). Set it to Naraya
-// so the terminal title is "Naraya - …" instead of "π - …". This is pi's own
-// white-label mechanism; the patch is idempotent. Best-effort: a read-only
-// install just keeps the default title.
-const APP = "Naraya";
-function ensureRebrand() {
-  try {
-    if (piPkg.piConfig?.name === APP) return;
-    piPkg.piConfig = { ...(piPkg.piConfig ?? {}), name: APP };
-    fs.writeFileSync(piPkgPath, JSON.stringify(piPkg, null, 2));
-  } catch {
-    /* read-only dependency — title stays default, everything else still works */
-  }
-}
-ensureRebrand();
-
-// Seed bundled skills + extensions into the agent config dir (managed files only).
-const pkgRoot = path.dirname(path.dirname(fileURLToPath(import.meta.url)));
-seed(path.join(pkgRoot, "assets"), NARAYA_DIR);
-
-// Default to a quiet startup so pi's own header ("pi v0.79.1", resources list)
-// is suppressed and only the Naraya banner shows. Merge (don't clobber) the
-// user's settings; leave it alone if they've set it explicitly.
-function ensureQuietStartup() {
-  const p = path.join(NARAYA_DIR, "settings.json");
-  let s = {};
-  try { s = JSON.parse(fs.readFileSync(p, "utf8")); } catch { /* none yet */ }
-  if (s.quietStartup === undefined) {
-    s.quietStartup = true;
-    fs.mkdirSync(NARAYA_DIR, { recursive: true });
-    fs.writeFileSync(p, JSON.stringify(s, null, 2));
-  }
-}
-ensureQuietStartup();
-
-// Brand the system prompt so the model reaches for the bundled Nara skills.
-const appendSystem = path.join(pkgRoot, "assets", "APPEND-SYSTEM.md");
-
-// Default to the Naraya provider and restrict Ctrl+P model cycling to Naraya
-// models, so the experience is Naraya-only unless the user explicitly overrides.
-// Guarded on a configured `naraya` provider so we never inject an
-// unknown-provider error before `naraya login` has written models.json.
-function narayaDefaults(argv) {
-  let hasNaraya = false;
-  try {
-    const cfg = JSON.parse(fs.readFileSync(path.join(NARAYA_DIR, "models.json"), "utf8"));
-    hasNaraya = Boolean(cfg.providers?.naraya);
-  } catch {
-    /* no models.json yet — let pi handle provider resolution */
-  }
-  if (!hasNaraya) return [];
-  const extra = [];
-  if (!argv.includes("--provider")) extra.push("--provider", "naraya");
-  if (!argv.includes("--models")) extra.push("--models", "naraya/*");
-  return extra;
-}
-
-const userArgs = process.argv.slice(2);
-
-// Require sign-in before launching the agent. Skip the gate for informational
-// flags that work without a provider (version/help/model listing).
-const INFO_FLAGS = ["--version", "-v", "--help", "-h", "--list-models", "--models"];
-const isInfoOnly = userArgs.some((a) => INFO_FLAGS.includes(a));
-if (!isInfoOnly && !fs.existsSync(path.join(NARAYA_DIR, "models.json"))) {
-  console.error("Run `naraya login` first.");
-  process.exit(1);
-}
-
-// Show ONLY the bundled Nara skills: pi otherwise discovers skills from the cwd,
-// any ancestor `.agents/skills`, and global dirs, leaking unrelated skills into
-// the picker. Disable all discovery, then load just our seeded skills dir (which
-// also picks up anything the user drops in ~/.naraya/agent/skills).
-const skillArgs = userArgs.includes("--no-skills")
-  ? []
-  : ["--no-skills", "--skill", path.join(NARAYA_DIR, "skills")];
-
-const piArgs = [piBin, "--append-system-prompt", appendSystem, ...skillArgs, ...narayaDefaults(userArgs), ...userArgs];
-
-const child = spawn(process.execPath, piArgs, {
-  stdio: "inherit",
-  // PI_OFFLINE silences the "pi update available / pi.dev" startup banner (a
-  // startup network op); model calls happen at runtime and are unaffected.
-  // Set BOTH agent-dir env names: pi reads `<APP_NAME>_CODING_AGENT_DIR`, which
-  // becomes NARAYA_CODING_AGENT_DIR once the rebrand patch applies, but stays
-  // PI_CODING_AGENT_DIR if the patch couldn't write — so set both.
-  env: {
-    ...process.env,
-    PI_CODING_AGENT_DIR: NARAYA_DIR,
-    NARAYA_CODING_AGENT_DIR: NARAYA_DIR,
-    PI_OFFLINE: "1",
-  },
-});
-child.on("exit", (code) => process.exit(code ?? 0));
+import{spawn as A}from"node:child_process";import{fileURLToPath as u,pathToFileURL as k}from"node:url";import r from"node:fs";import i from"node:path";import v from"node:os";import{seed as N,seedEntries as R}from"../src/seed.mjs";const o=i.join(v.homedir(),".naraya","agent"),n=process.argv[2];if(n==="login"||n==="logout"||n==="status"||n==="pentest"||n==="mcp"){const{resolveBase:e}=await import("../src/config.mjs"),s=e(process.argv);if(n==="login"){const{login:t}=await import("../src/login.mjs");await t(o,s)}else if(n==="logout")r.rmSync(i.join(o,"models.json"),{force:!0}),console.log("Signed out. Revoke the 'Naraya CLI' key in your dashboard.");else if(n==="status"){const{status:t}=await import("../src/status.mjs");await t(o,s,{usd:process.argv.includes("--usd")})}else if(n==="pentest"){const{pentestCLI:t}=await import("../dist/pentest/cli.js");await t(process.argv)}else if(n==="mcp"){const{mcpCLI:t,ensureBundledMcpServers:a}=await import("../src/mcp-cli.mjs");a(),await t(process.argv)}process.exit(0)}function P(){let e=i.dirname(u(import.meta.resolve("@earendil-works/pi-coding-agent")));for(;!r.existsSync(i.join(e,"package.json"));){const s=i.dirname(e);if(s===e)throw new Error("could not locate @earendil-works/pi-coding-agent package root");e=s}return e}const y=P(),g=i.join(y,"package.json"),p=JSON.parse(r.readFileSync(g,"utf8")),f=p.bin,O=typeof f=="string"?f:f.pi,T=i.join(y,O),h="Naraya";function x(){try{if(p.piConfig?.name===h)return;p.piConfig={...p.piConfig??{},name:h},r.writeFileSync(g,JSON.stringify(p,null,2))}catch{}}x();const m=i.dirname(i.dirname(u(import.meta.url))),S=i.join(m,"assets");if(r.existsSync(S))N(S,o);else{const{readPack:e}=await import("../src/assets-pack.mjs");R(e(i.join(m,"dist","assets.pack.gz")),o)}function I(){const e=i.join(o,"settings.json");let s={};try{s=JSON.parse(r.readFileSync(e,"utf8"))}catch{}let t=!1;s.quietStartup===void 0&&(s.quietStartup=!0,t=!0),s.narayaThemeApplied||(s.theme="naraya",s.narayaThemeApplied=!0,t=!0),s.retry===void 0&&(s.retry={enabled:!0,maxRetries:10,baseDelayMs:1e3},t=!0),t&&(r.mkdirSync(o,{recursive:!0}),r.writeFileSync(e,JSON.stringify(s,null,2)))}I();const b=i.join(o,"SYSTEM.md"),F=i.join(o,"APPEND-SYSTEM.md");function _(e){let s=!1;try{s=!!JSON.parse(r.readFileSync(i.join(o,"models.json"),"utf8")).providers?.naraya}catch{}if(!s)return[];const t=[];return e.includes("--provider")||t.push("--provider","naraya"),e.includes("--models")||t.push("--models","naraya/*"),t}const l=process.argv.slice(2),B=["--version","-v","--help","-h","--list-models","--models"],d=l.some(e=>B.includes(e));if(!d)if(process.stdout.isTTY){const{splash:e}=await import("../src/splash.mjs"),s=await e();if(!s.ok)if(s.reason==="login"||s.reason==="expired"){const{resolveBase:t}=await import("../src/config.mjs"),{login:a}=await import("../src/login.mjs");try{await a(o,t(process.argv))}catch(c){console.error(`Login gagal: ${c.message}`),process.exit(1)}}else process.exit(1)}else r.existsSync(i.join(o,"models.json"))||(console.error("Run `naraya login` first."),process.exit(1));if(!d)try{const e=i.join(o,"models.json"),t=JSON.parse(r.readFileSync(e,"utf8")).providers?.naraya;if(t?.apiKey&&t?.baseUrl){const a=await fetch(`${t.baseUrl}/models`,{headers:{authorization:`Bearer ${t.apiKey}`},signal:AbortSignal.timeout(3e3)});if(a.ok){const c=(await a.json()).data;if(Array.isArray(c)&&c.length>0){const{writeModelsConfig:j}=await import("../src/config.mjs");j(o,t.apiKey,c,t.baseUrl)}}}}catch{}if(!d)try{const{ensureBundledMcpServers:e}=await import("../src/mcp-cli.mjs");e()}catch{}if(!d&&process.stdout.isTTY)try{const{printBanner:e}=await import("../src/banner.mjs");await e()}catch{}const w=i.join(o,"skills"),D=l.includes("--no-skills")?[]:r.existsSync(w)?["--no-skills","--skill",w]:["--no-skills"],C=k(i.join(i.dirname(u(import.meta.url)),"undici-timeout.mjs")).href,E=l.includes("--system-prompt")?[]:["--system-prompt",b],Y=["--import",C,T,...E,"--append-system-prompt",F,...D,..._(l),...l],L=A(process.execPath,Y,{stdio:"inherit",env:{...process.env,PI_CODING_AGENT_DIR:o,NARAYA_CODING_AGENT_DIR:o,PI_OFFLINE:"1",NARAYA_PKG_ROOT:m,NARAYA_VERSION:(()=>{try{return JSON.parse(r.readFileSync(i.join(m,"package.json"),"utf8")).version??""}catch{return""}})()}});L.on("exit",async e=>{if(process.stdout.isTTY&&!d)try{const{printBye:s}=await import("../src/goodbye.mjs");s()}catch{}process.exit(e??0)});

package/bin/undici-timeout.mjs

@@ -0,0 +1 @@
+import{setGlobalDispatcher as e,Agent as t}from"undici";e(new t({headersTimeout:0,bodyTimeout:0,keepAliveTimeout:6e4,keepAliveMaxTimeout:6e5,connect:{timeout:3e4}}));

package/dist/mcp/config-loader.js

@@ -0,0 +1,32 @@
+import * as fs from "node:fs";
+import * as path from "node:path";
+export function loadMcpConfig(projectDir, globalDir) {
+    const globalPath = path.join(globalDir, "mcp.json");
+    const projectPath = path.join(projectDir, ".mcp.json");
+    let globalConfig = { mcpServers: {} };
+    let projectConfig = { mcpServers: {} };
+    try {
+        if (fs.existsSync(globalPath)) {
+            globalConfig = JSON.parse(fs.readFileSync(globalPath, "utf8"));
+        }
+    }
+    catch {
+        // Ignore malformed global config
+    }
+    try {
+        if (fs.existsSync(projectPath)) {
+            projectConfig = JSON.parse(fs.readFileSync(projectPath, "utf8"));
+        }
+    }
+    catch {
+        // Ignore malformed project config
+    }
+    // Merge: project wins on conflict
+    const merged = {
+        mcpServers: {
+            ...globalConfig.mcpServers,
+            ...projectConfig.mcpServers
+        }
+    };
+    return merged;
+}

package/dist/mcp/lifecycle.js

@@ -0,0 +1,90 @@
+import { Client } from "@modelcontextprotocol/sdk/client/index.js";
+import { createTransport } from "./transport.js";
+export class McpManager {
+    config;
+    servers = new Map();
+    projectDir;
+    constructor(config, projectDir) {
+        this.config = config;
+        this.projectDir = projectDir;
+    }
+    async start() {
+        const serverEntries = Object.entries(this.config.mcpServers ?? {});
+        for (const [name, serverConfig] of serverEntries) {
+            await this.startServer(name, serverConfig);
+        }
+    }
+    async startServer(name, config) {
+        try {
+            const transport = await createTransport(config, this.projectDir);
+            const client = new Client({ name: "naraya-cli", version: "0.2.4" }, { capabilities: {} });
+            const connection = {
+                client,
+                transport,
+                config,
+                tools: [],
+                status: "connecting"
+            };
+            this.servers.set(name, connection);
+            await client.connect(transport);
+            connection.status = "connected";
+            // Discover tools
+            const toolsResult = await client.listTools();
+            connection.tools = toolsResult.tools ?? [];
+        }
+        catch (err) {
+            const connection = this.servers.get(name);
+            if (connection) {
+                connection.status = "failed";
+                connection.error = err.message;
+            }
+            console.error(`[MCP] Failed to start server '${name}': ${err.message}`);
+        }
+    }
+    async stop() {
+        for (const [name, conn] of this.servers.entries()) {
+            try {
+                if (conn.status === "connected") {
+                    await conn.client.close();
+                }
+                conn.status = "disconnected";
+            }
+            catch (err) {
+                console.error(`[MCP] Error stopping server '${name}': ${err.message}`);
+            }
+        }
+        this.servers.clear();
+    }
+    getServerStatus() {
+        const result = {};
+        for (const [name, conn] of this.servers.entries()) {
+            result[name] = {
+                status: conn.status,
+                toolCount: conn.tools.length,
+                error: conn.error
+            };
+        }
+        return result;
+    }
+    async callTool(serverName, toolName, params) {
+        const conn = this.servers.get(serverName);
+        if (!conn) {
+            throw new Error(`MCP server '${serverName}' not found`);
+        }
+        if (conn.status !== "connected") {
+            throw new Error(`MCP server '${serverName}' is not connected (status: ${conn.status})`);
+        }
+        return await conn.client.callTool({ name: toolName, arguments: params });
+    }
+    getTools() {
+        const result = [];
+        for (const [serverName, conn] of this.servers.entries()) {
+            if (conn.status === "connected") {
+                for (const tool of conn.tools) {
+                    result.push({ serverName, tool });
+                }
+            }
+        }
+        return result;
+    }
+}

package/dist/mcp/tool-mapper.js

@@ -0,0 +1,31 @@
+export function mapMcpToolToPi(serverName, mcpTool) {
+    const toolName = `mcp__${serverName}__${mcpTool.name}`;
+    const label = `${serverName}: ${mcpTool.name}`;
+    const description = mcpTool.description ?? `MCP tool: ${mcpTool.name}`;
+    return {
+        name: toolName,
+        label,
+        description,
+        parameters: mcpTool.inputSchema ?? { type: "object", properties: {} }
+    };
+}
+export function mapMcpResultToPi(result) {
+    const content = result.content ?? [];
+    return {
+        content: content.map((c) => {
+            if (c.type === "text")
+                return { type: "text", text: c.text };
+            if (c.type === "image")
+                return { type: "image", data: c.data, mimeType: c.mimeType };
+            return { type: "text", text: JSON.stringify(c) };
+        }),
+        details: {}
+    };
+}
+export function mapMcpErrorToPi(err) {
+    return {
+        content: [{ type: "text", text: `MCP error: ${err.message}` }],
+        isError: true,
+        details: {}
+    };
+}

package/dist/mcp/transport.js

@@ -0,0 +1,30 @@
+import { StdioClientTransport } from "@modelcontextprotocol/sdk/client/stdio.js";
+import { StreamableHTTPClientTransport } from "@modelcontextprotocol/sdk/client/streamableHttp.js";
+export async function createTransport(config, projectDir) {
+    if (config.type === "http" || config.type === "streamable-http") {
+        if (!config.url) {
+            throw new Error("url is required for HTTP transport");
+        }
+        return new StreamableHTTPClientTransport(new URL(config.url), {
+            requestInit: {
+                headers: config.headers
+            }
+        });
+    }
+    // Default: stdio
+    if (!config.command) {
+        throw new Error("command is required for stdio transport");
+    }
+    const env = {
+        ...process.env,
+        ...config.env,
+        NARAYA_PROJECT_DIR: projectDir
+    };
+    return new StdioClientTransport({
+        command: config.command,
+        args: config.args ?? [],
+        env,
+        // Suppress MCP server startup logs by discarding stderr
+        stderr: "ignore"
+    });
+}

package/dist/pentest/catalog/catalog-loader.js

@@ -0,0 +1,45 @@
+const DEFAULT_CATALOG_PATH = "tools-catalog.json";
+export async function loadToolsCatalog(options) {
+    const path = options?.catalogPath ?? DEFAULT_CATALOG_PATH;
+    const response = await fetch(`file://${process.cwd()}/${path}`);
+    if (!response.ok) {
+        throw new Error(`Failed to load tools catalog from ${path}: ${response.statusText}`);
+    }
+    return response.json();
+}
+export async function loadToolsCatalogFromFs(fs, options) {
+    const path = options?.catalogPath ?? DEFAULT_CATALOG_PATH;
+    const content = await fs.readFile(path, "utf-8");
+    return JSON.parse(content);
+}
+export function getToolByName(catalog, name) {
+    return catalog.tools.find((t) => t.tools_name === name);
+}
+export function getToolNames(catalog) {
+    return catalog.tools.map((t) => t.tools_name);
+}
+export function validateCatalog(catalog) {
+    if (typeof catalog !== "object" || catalog === null)
+        return false;
+    const c = catalog;
+    if (typeof c.$schema !== "string")
+        return false;
+    if (typeof c.version !== "string")
+        return false;
+    if (!Array.isArray(c.categories))
+        return false;
+    if (!Array.isArray(c.tools))
+        return false;
+    return c.tools.every(validateToolEntry);
+}
+function validateToolEntry(tool) {
+    if (typeof tool !== "object" || tool === null)
+        return false;
+    const t = tool;
+    return (typeof t.tools_name === "string" &&
+        typeof t.description === "string" &&
+        typeof t.category === "string" &&
+        typeof t.command === "object" &&
+        typeof t.skills_loader === "string" &&
+        Array.isArray(t.phase));
+}

package/dist/pentest/catalog/index.js

@@ -0,0 +1 @@
+export * from "./catalog-loader.js";

package/dist/pentest/cli.js

@@ -0,0 +1,117 @@
+import { PentestManager } from "./manager.js";
+import { Command } from "commander";
+export async function pentestCLI(argv) {
+    const program = new Command()
+        .name("naraya pentest")
+        .description("Pentest orchestration for authorized engagements")
+        .version("0.2.0");
+    const manager = new PentestManager();
+    // naraya pentest list
+    program
+        .command("list")
+        .description("List all available pentest skills")
+        .action(() => {
+        const manifests = manager.discoverSkills();
+        if (manifests.length === 0) {
+            console.log("No pentest skills found.");
+            return;
+        }
+        console.log(`Found ${manifests.length} skill(s):\n`);
+        for (const m of manifests) {
+            console.log(`  * ${m.name} v${m.version} [${m.phase.join(", ")}]`);
+            console.log(`    ${m.description}`);
+            console.log(`    Tools: ${m.tools.join(", ")}`);
+            console.log(`    Tags: ${m.tags.join(", ")}\n`);
+        }
+    });
+    // naraya pentest mode --target example.com
+    program
+        .command("mode")
+        .description("Auto-detect or set pentest mode")
+        .option("--target <target>", "Target to analyze for mode detection")
+        .option("--mode <mode>", "Force specific mode (auto|ctf|bug-bounty|red-team|blue-team|offensive|grey-hat)")
+        .action((options) => {
+        const result = manager.selectMode({
+            target: options.target,
+            preferred_mode: options.mode,
+            auto_detect: options.target !== undefined,
+        });
+        console.log(`\nMode: ${result.selected_mode}`);
+        console.log(`Auto-detected: ${result.auto_detected ? "Yes" : "No"}`);
+        console.log(`Reason: ${result.detection_reason}`);
+        console.log(`\nConfig:`);
+        console.log(`  Description: ${result.config.description}`);
+        console.log(`  Parallelism: ${result.config.parallelism}`);
+        console.log(`  Stealth: ${result.config.stealth ? "Yes" : "No"}`);
+        console.log(`  Report Format: ${result.config.report_format}`);
+        console.log(`  Skill Chain: ${result.config.skill_chain.join(" -> ")}`);
+        console.log(`  Tool Priority: ${result.config.tool_priority.join(" -> ")}\n`);
+    });
+    // naraya pentest phase --phase recon
+    program
+        .command("phase")
+        .description("Run a pentest phase")
+        .option("--target <url>", "Target domain or IP")
+        .option("--phase <phase>", "Phase: recon, enumeration, exploitation, reporting")
+        .option("--mode <mode>", "Pentest mode")
+        .option("--passive", "Passive-only mode")
+        .action((options) => {
+        if (!options.target) {
+            console.error("Error: --target is required");
+            process.exit(1);
+        }
+        if (!options.phase) {
+            console.error("Error: --phase is required");
+            process.exit(1);
+        }
+        const mode = options.mode || "auto";
+        const modeConfig = manager.getModeConfig(mode);
+        console.log(`Running ${options.phase} on ${options.target}...`);
+        console.log(`Mode: ${mode}`);
+        console.log(`Stealth: ${modeConfig.stealth ? "Yes" : "No"}`);
+        console.log(`Parallelism: ${modeConfig.parallelism}`);
+        console.log(`Skills: ${modeConfig.skill_chain.join(" -> ")}`);
+        const skills = manager.loadSkillsByPhase(options.phase);
+        const loaded = skills.filter((s) => s.loaded);
+        if (loaded.length > 0) {
+            console.log(`\nLoaded ${loaded.length} skill(s):`);
+            for (const s of loaded) {
+                console.log(`  * ${s.name} v${s.skill?.version}`);
+            }
+        }
+        else {
+            console.log(`\nNo skills found for phase: ${options.phase}`);
+        }
+        console.log(`\n${options.phase} completed.`);
+    });
+    // naraya pentest register
+    program
+        .command("register")
+        .description("Register skills with the skill register")
+        .option("--skill <name>", "Register specific skill")
+        .option("--all", "Register all discovered skills")
+        .action((options) => {
+        const register = manager.getRegister();
+        if (options.all) {
+            const manifests = manager.discoverSkills();
+            const entries = register.registerFromFiles(manifests.map((m) => m.name));
+            console.log(`Registered ${entries.length} skill(s)`);
+        }
+        else if (options.skill) {
+            const entry = register.registerFromFile(options.skill);
+            if (entry) {
+                console.log(`Registered: ${entry.name} v${entry.skill.version}`);
+            }
+            else {
+                console.error(`Skill not found: ${options.skill}`);
+                process.exit(1);
+            }
+        }
+        else {
+            console.log("Use --skill <name> or --all to register skills");
+        }
+        console.log(`\nTotal registered: ${register.count()}`);
+        console.log(`Enabled: ${register.enabledCount()}`);
+    });
+    program.parse(argv);
+}

package/dist/pentest/command-builder/command-builder.js

@@ -0,0 +1,90 @@
+export function buildCommand(tool, options = {}) {
+    const args = [];
+    const flags = options.flags ?? {};
+    const positional = options.positional ?? [];
+    for (const flagDef of tool.command.flags) {
+        const value = flags[flagDef.name];
+        const argValue = buildFlagArg(flagDef, value);
+        if (argValue) {
+            args.push(...argValue);
+        }
+    }
+    if (positional.length > 0) {
+        args.push(...positional);
+    }
+    else {
+        for (const posDef of tool.command.positional) {
+            const value = flags[posDef.name];
+            if (value !== undefined) {
+                args.push(String(value));
+            }
+        }
+    }
+    let fullCommand = `${tool.command.base} ${args.join(" ")}`.trim();
+    if (options.pipe_to && options.pipe_to.length > 0) {
+        fullCommand += ` | ${options.pipe_to.join(" | ")}`;
+    }
+    return {
+        command: tool.command.base,
+        args,
+        fullCommand,
+        requires_root: tool.requires_root
+    };
+}
+function buildFlagArg(flag, value) {
+    if (value === undefined || value === null) {
+        if (flag.default !== undefined && flag.type === "boolean" && flag.default === true) {
+            return [flag.name];
+        }
+        return null;
+    }
+    switch (flag.type) {
+        case "boolean":
+            return value === true ? [flag.name] : null;
+        case "string":
+        case "number":
+            return [flag.name, String(value)];
+        case "path":
+            return [flag.name, String(value)];
+        case "choice":
+            if (flag.choices && !flag.choices.includes(String(value))) {
+                throw new Error(`Invalid choice for ${flag.name}: ${value}. Valid: ${flag.choices.join(", ")}`);
+            }
+            return [flag.name, String(value)];
+        case "repeat":
+            if (Array.isArray(value)) {
+                return value.flatMap(v => [flag.name, String(v)]);
+            }
+            return [flag.name, String(value)];
+        default:
+            return null;
+    }
+}
+export function buildCommandWithSudo(tool, options = {}) {
+    const result = buildCommand(tool, options);
+    return result.requires_root ? `sudo ${result.fullCommand}` : result.fullCommand;
+}
+export function buildPipeline(tools, optionsPerTool) {
+    const commands = tools.map((tool, i) => buildCommand(tool, optionsPerTool[i]));
+    return commands.map(c => c.fullCommand).join(" | ");
+}
+export function validateRequiredFlags(tool, options) {
+    const errors = [];
+    const flags = options.flags ?? {};
+    for (const flag of tool.command.flags) {
+        if (flag.required && flags[flag.name] === undefined) {
+            errors.push(`Missing required flag: ${flag.name}`);
+        }
+    }
+    for (const pos of tool.command.positional) {
+        if (pos.required) {
+            const hasValue = options.positional?.length
+                ? options.positional.length > 0
+                : flags[pos.name] !== undefined;
+            if (!hasValue) {
+                errors.push(`Missing required positional argument: ${pos.name}`);
+            }
+        }
+    }
+    return errors;
+}

package/dist/pentest/command-builder/index.js

@@ -0,0 +1 @@
+export * from "./command-builder.js";

package/dist/pentest/index.js

@@ -0,0 +1,10 @@
+export * from "./catalog/index.js";
+export * from "./selector/index.js";
+export * from "./command-builder/index.js";
+export * from "./installer/index.js";
+export * from "./skill-bridge/index.js";
+export * from "./mode/index.js";
+// skills re-exports overlap with types - only re-export the classes/functions, not types
+export { discoverSkills, loadSkill, loadAllSkills, loadSkillsByPhase, loadSkillsByTools, getSkillsForTool, resolveSkillPath as resolveSkillPathFromLoader } from "./skills/loader/skill-loader.js";
+export { SkillRegister, createSkillRegister } from "./skills/register/skill-register.js";
+export { generateSkill, generateAndSaveSkill, generateSkillsForPhase, generateSkillsForTool, generateFullPentestSuite, saveGeneratedSkills } from "./skills/generator/skill-generator.js";

package/dist/pentest/installer/index.js

@@ -0,0 +1 @@
+export * from "./tool-installer.js";