@ninemind/agentgem 0.1.0

package/dist/publish.js

@@ -0,0 +1,130 @@
+// src/publish.ts
+// Network publish: render a Gem, register each skill as a custom Agent Skill (Skills API), then
+// create the agent referencing those skills. The PublishClient is injected so the orchestration is
+// unit-tested without a key or network. Only confirmed SDK bindings are used.
+import Anthropic, { toFile } from "@anthropic-ai/sdk";
+import { renderManagedAgent } from "./gem/publish.js";
+const PUBLISH_CACHE_TTL_MS = 24 * 60 * 60 * 1000;
+const publishRequests = new Map();
+export function publishManagedAgentOnce(requestId, fingerprint, publish) {
+    const now = Date.now();
+    for (const [id, entry] of publishRequests)
+        if (entry.expiresAt <= now)
+            publishRequests.delete(id);
+    const existing = publishRequests.get(requestId);
+    if (existing) {
+        if (existing.fingerprint !== fingerprint)
+            return Promise.reject(new Error("publish requestId was reused with a different payload"));
+        return existing.promise;
+    }
+    const promise = publish().catch((error) => {
+        publishRequests.delete(requestId);
+        throw error;
+    });
+    publishRequests.set(requestId, { fingerprint, expiresAt: now + PUBLISH_CACHE_TTL_MS, promise });
+    const timer = setTimeout(() => {
+        if (publishRequests.get(requestId)?.promise === promise)
+            publishRequests.delete(requestId);
+    }, PUBLISH_CACHE_TTL_MS);
+    timer.unref();
+    return promise;
+}
+export async function publishManagedAgent(gem, client) {
+    const render = renderManagedAgent(gem);
+    const registeredSkills = [];
+    let environmentId;
+    try {
+        for (const s of render.skillsToRegister) {
+            const { skillId, version } = await client.createSkill(s.name, s.content);
+            registeredSkills.push({ name: s.name, skillId, version });
+        }
+        environmentId = (await client.createEnvironment(`${gem.name} sandbox`)).id;
+        const skills = registeredSkills.map((r) => ({ type: "custom", skill_id: r.skillId, version: r.version }));
+        const agent = await client.createAgent({ ...render.payload, skills });
+        return { agentId: agent.id, environmentId, version: agent.version, registeredSkills, skipped: render.skipped, vaultSecrets: render.vaultSecrets };
+    }
+    catch (error) {
+        const cleanupErrors = [];
+        if (environmentId) {
+            try {
+                await client.deleteEnvironment(environmentId);
+            }
+            catch (cleanupError) {
+                cleanupErrors.push(new Error(`failed to delete environment ${environmentId}`, { cause: cleanupError }));
+            }
+        }
+        const skillCleanup = await Promise.allSettled(registeredSkills.map((s) => client.deleteSkill(s.skillId)));
+        skillCleanup.forEach((result, index) => {
+            if (result.status === "rejected")
+                cleanupErrors.push(new Error(`failed to delete skill ${registeredSkills[index].skillId}`, { cause: result.reason }));
+        });
+        if (cleanupErrors.length)
+            throw new AggregateError([error, ...cleanupErrors], "publish failed and rollback was incomplete");
+        throw error;
+    }
+}
+// Tear down a managed-agent deploy: delete the agent, its environment, then each registered skill.
+// Each delete is independent — a failure in one does NOT abort the others (so an already-gone
+// resource doesn't strand the rest) — but real failures are collected and rethrown so the caller
+// (and the user) learns the teardown was partial. Mirrors publishManagedAgent's rollback contract.
+export async function undeployManagedAgent(rec, client) {
+    const errors = [];
+    const attempt = async (what, fn) => {
+        try {
+            await fn();
+        }
+        catch (cause) {
+            errors.push(new Error(`failed to delete ${what}`, { cause }));
+        }
+    };
+    if (rec.agentId)
+        await attempt(`agent ${rec.agentId}`, async () => {
+            if (!client.deleteAgent)
+                throw new Error("client does not support deleting agents");
+            await client.deleteAgent(rec.agentId);
+        });
+    if (rec.environmentId)
+        await attempt(`environment ${rec.environmentId}`, () => client.deleteEnvironment(rec.environmentId));
+    for (const sid of rec.skillIds ?? [])
+        await attempt(`skill ${sid}`, () => client.deleteSkill(sid));
+    if (errors.length)
+        throw new AggregateError(errors, `undeploy completed with ${errors.length} failure(s)`);
+}
+const safeUploadDirectory = (name) => {
+    const safe = name.normalize("NFKC").replace(/[^A-Za-z0-9._-]/g, "_");
+    return safe === "." || safe === ".." || safe.length === 0 ? "skill" : safe;
+};
+// Real client. skills.create uploads a single SKILL.md under a top-level dir named for the skill;
+// the API extracts name/description from it and returns the skill id + latest_version. The SDK sets
+// the skills-2025-10-02 / managed-agents-2026-04-01 beta headers automatically.
+export function anthropicPublishClient(apiKey) {
+    const client = new Anthropic({ apiKey });
+    return {
+        async createSkill(name, skillMd) {
+            const file = await toFile(Buffer.from(skillMd), `${safeUploadDirectory(name)}/SKILL.md`);
+            const created = await client.beta.skills.create({ display_title: name, files: [file] });
+            return { skillId: created.id, version: created.latest_version ?? "latest" };
+        },
+        async deleteSkill(skillId) { await client.beta.skills.delete(skillId); },
+        async createEnvironment(name) {
+            const environment = await client.beta.environments.create({
+                name,
+                description: "Managed sandbox created by agentgem",
+                config: { type: "cloud", networking: { type: "limited", allow_mcp_servers: true, allow_package_managers: false, allowed_hosts: [] } },
+            });
+            return { id: environment.id };
+        },
+        async deleteEnvironment(environmentId) { await client.beta.environments.delete(environmentId); },
+        async createAgent(payload) {
+            const agent = await client.beta.agents.create(payload);
+            return { id: agent.id, version: String(agent.version ?? "") };
+        },
+        // NOTE: @anthropic-ai/sdk does not expose client.beta.agents.delete() as of this writing.
+        // The agents resource only has create/retrieve/update/list/archive. We fall back to the
+        // low-level client.delete() which sends a raw DELETE to /v1/agents/{id} with the required
+        // managed-agents-2026-04-01 beta header.
+        async deleteAgent(agentId) {
+            await client.delete(`/v1/agents/${agentId}`, { headers: { "anthropic-beta": "managed-agents-2026-04-01" } });
+        },
+    };
+}

package/dist/resolveDir.js

@@ -0,0 +1,26 @@
+// src/resolveDir.ts
+import { homedir } from "node:os";
+import { dirname, join, resolve } from "node:path";
+export function resolveDir(dir) {
+    return dir && dir.length > 0 ? dir : join(homedir(), ".claude");
+}
+// Normalize a project root to an absolute path. The path comes from the OS-native folder
+// picker (explicit user selection), so it is trusted; we only canonicalize it.
+export function resolveProject(p) {
+    return resolve(p);
+}
+// Derive every discovery root from one base. In production `dir` is undefined, so the
+// claude dir is ~/.claude and its parent is the home dir — giving ~/.agents/skills and
+// ~/.codex. When `dir` is overridden (tests, non-default homes) the agent/codex roots
+// resolve relative to that same parent, keeping introspection self-contained.
+export function resolveDirs(dir) {
+    const claudeDir = resolveDir(dir);
+    const home = dirname(claudeDir);
+    return { claudeDir, agentDir: join(home, ".agents", "skills"), codexDir: join(home, ".codex"), hermesDir: join(home, ".hermes") };
+}
+// Base dir for agentgem's own state (recents, etc.): ~/.agentgem lives under this.
+// AGENTGEM_HOME overrides the home root for tests / non-default setups.
+export function agentgemHome() {
+    const override = process.env.AGENTGEM_HOME;
+    return override && override.length > 0 ? override : homedir();
+}

package/dist/schemas.js

@@ -0,0 +1,407 @@
+// src/schemas.ts
+import { z } from "zod";
+import { RUNNER_REGISTRY } from "./gem/checks.js";
+import { TARGET_REGISTRY } from "./gem/targets.js";
+import { deployTargetIds } from "./gem/deploy.js";
+import { flavorIds } from "./gem/testbedFlavors.js";
+import { CREDENTIAL_KEYS } from "./gem/credentials.js";
+export const SkillArtifactSchema = z.object({
+    type: z.literal("skill"),
+    name: z.string(),
+    description: z.string().optional(),
+    source: z.string(),
+    content: z.string(),
+});
+export const McpServerArtifactSchema = z.object({
+    type: z.literal("mcp_server"),
+    name: z.string(),
+    transport: z.enum(["stdio", "http", "sse"]),
+    config: z.record(z.string(), z.unknown()),
+    source: z.string().optional(),
+    secretRefs: z.array(z.object({ name: z.string(), location: z.string() })).optional(),
+});
+export const InstructionsArtifactSchema = z.object({
+    type: z.literal("instructions"),
+    name: z.string(),
+    content: z.string(),
+});
+export const HookArtifactSchema = z.object({
+    type: z.literal("hook"),
+    name: z.string(),
+    event: z.string(),
+    matcher: z.string().optional(),
+    config: z.record(z.string(), z.unknown()),
+    source: z.string().optional(),
+    secretRefs: z.array(z.object({ name: z.string(), location: z.string() })).optional(),
+});
+export const GemArtifactSchema = z.discriminatedUnion("type", [
+    SkillArtifactSchema,
+    McpServerArtifactSchema,
+    InstructionsArtifactSchema,
+    HookArtifactSchema,
+]);
+export const SecretRequirementSchema = z.object({
+    name: z.string(),
+    artifact: z.string(),
+    location: z.string(),
+});
+export const EvalAssertionSchema = z.discriminatedUnion("type", [
+    z.object({ type: z.literal("file_exists"), path: z.string() }),
+    z.object({ type: z.literal("file_contains"), path: z.string(), substring: z.string() }),
+    z.object({ type: z.literal("command_succeeds"), command: z.string() }),
+    z.object({ type: z.literal("output_contains"), substring: z.string() }),
+    z.object({ type: z.literal("tool_called"), tool: z.string() }),
+]);
+export const BehavioralCheckSchema = z.object({
+    kind: z.literal("behavioral"),
+    name: z.string(),
+    description: z.string().optional(),
+    task: z.string(),
+    setup: z.object({ files: z.array(z.object({ path: z.string(), content: z.string() })).optional() }).optional(),
+    assertions: z.array(EvalAssertionSchema),
+    judge: z.object({ rubric: z.string(), passThreshold: z.number().min(0).max(1).optional() }).optional(),
+    timeoutSec: z.number().optional(),
+});
+// runner validates against the registry keys, so a gem can't declare a check no runner can run.
+const RUNNER_IDS = Object.keys(RUNNER_REGISTRY);
+export const ExternalCheckSchema = z.object({
+    kind: z.literal("external"),
+    name: z.string(),
+    description: z.string().optional(),
+    runner: z.enum(RUNNER_IDS),
+    with: z.record(z.string(), z.unknown()).optional(),
+});
+export const GemCheckSchema = z.discriminatedUnion("kind", [BehavioralCheckSchema, ExternalCheckSchema]);
+export const ProjectInventorySchema = z.object({
+    root: z.string(),
+    name: z.string(),
+    skills: z.array(SkillArtifactSchema),
+    mcpServers: z.array(McpServerArtifactSchema),
+    instructions: z.array(InstructionsArtifactSchema),
+    hooks: z.array(HookArtifactSchema),
+});
+export const InventorySchema = z.object({
+    skills: z.array(SkillArtifactSchema),
+    mcpServers: z.array(McpServerArtifactSchema),
+    instructions: z.array(InstructionsArtifactSchema),
+    hooks: z.array(HookArtifactSchema),
+    projects: z.array(ProjectInventorySchema).optional(),
+});
+// Per-project selection is keyed by the project's root path so a same-named artifact in
+// two projects never collides.
+const ProjectSelectionSchema = z.record(z.string(), z.object({
+    skills: z.array(z.string()).optional(),
+    mcpServers: z.array(z.string()).optional(),
+    includeInstructions: z.boolean().optional(),
+    hooks: z.array(z.string()).optional(),
+}));
+export const GemSelectionSchema = z.union([
+    z.object({ all: z.literal(true) }),
+    z.object({
+        skills: z.array(z.string()).optional(),
+        mcpServers: z.array(z.string()).optional(),
+        includeInstructions: z.boolean().optional(),
+        hooks: z.array(z.string()).optional(),
+        projects: ProjectSelectionSchema.optional(),
+    }),
+]);
+export const GemRequestSchema = z.object({
+    selection: GemSelectionSchema,
+    name: z.string().optional(),
+    dir: z.string().optional(),
+    projects: z.array(z.string()).optional(),
+    checks: z.array(GemCheckSchema).optional(),
+});
+export const ScaffoldChecksRequestSchema = z.object({
+    selection: GemSelectionSchema,
+    name: z.string().optional(),
+    dir: z.string().optional(),
+    projects: z.array(z.string()).optional(),
+});
+export const ScaffoldChecksResponseSchema = z.object({ checks: z.array(GemCheckSchema) });
+const TARGET_IDS = Object.keys(TARGET_REGISTRY);
+export const TargetIdSchema = z.enum(TARGET_IDS);
+export const SkippedArtifactSchema = z.object({
+    artifact: z.string(),
+    type: z.enum(["skill", "mcp_server", "instructions", "hook"]),
+    reason: z.string(),
+});
+export const MaterializeResponseSchema = z.object({
+    target: TargetIdSchema,
+    files: z.record(z.string(), z.string()),
+    skipped: z.array(SkippedArtifactSchema),
+    compatibility: z.record(TargetIdSchema, z.object({ supported: z.number(), skipped: z.number() })),
+});
+// ── Gem archive ──
+export const GemLockSchema = z.object({
+    formatVersion: z.number(),
+    files: z.record(z.string(), z.string()),
+    gemDigest: z.string(),
+    signature: z.string().nullable(),
+});
+export const GemManifestArtifactSchema = z.object({
+    type: z.enum(["skill", "mcp_server", "instructions", "hook"]),
+    name: z.string(),
+    path: z.string(),
+    description: z.string().optional(),
+    source: z.string().optional(),
+});
+export const GemManifestSchema = z.object({
+    formatVersion: z.number(),
+    name: z.string(),
+    version: z.string(),
+    createdFrom: z.string(),
+    artifacts: z.array(GemManifestArtifactSchema),
+    requiredSecrets: z.array(SecretRequirementSchema),
+    checks: z.array(z.object({ name: z.string(), path: z.string() })),
+});
+export const ArchiveRequestSchema = z.object({
+    selection: GemSelectionSchema,
+    name: z.string().optional(),
+    version: z.string().optional(),
+    dir: z.string().optional(),
+    projects: z.array(z.string()).optional(),
+    outDir: z.string().optional(), // when set, write the tree here and return its path
+    tar: z.boolean().optional(), // when true, also return the tree as a base64 .tar.gz
+});
+export const ArchiveResponseSchema = z.object({
+    files: z.record(z.string(), z.string()),
+    lock: GemLockSchema,
+    skipped: z.array(SkippedArtifactSchema),
+    path: z.string().nullable(),
+    tarGz: z.string().nullable(), // base64 .tar.gz when `tar` was requested, else null
+});
+export const MaterializeRequestSchema = z.object({
+    selection: GemSelectionSchema.optional(),
+    archivePath: z.string().optional(),
+    target: TargetIdSchema,
+    name: z.string().optional(),
+    dir: z.string().optional(),
+    projects: z.array(z.string()).optional(),
+}).refine((d) => d.selection !== undefined || d.archivePath !== undefined, {
+    message: "provide either selection or archivePath",
+});
+export const DeployTargetIdSchema = z.enum(deployTargetIds);
+export const DeployReadyQuerySchema = z.object({ target: DeployTargetIdSchema.optional() });
+export const DeployTargetsResponseSchema = z.object({
+    targets: z.array(z.object({ id: DeployTargetIdSchema, label: z.string(), ready: z.boolean() })),
+});
+// ── Managed Agents publish ──
+export const PublishPreviewRequestSchema = z.object({
+    selection: GemSelectionSchema,
+    name: z.string().optional(),
+    dir: z.string().optional(),
+    projects: z.array(z.string()).optional(),
+    target: DeployTargetIdSchema.optional(),
+});
+export const PublishRequestSchema = PublishPreviewRequestSchema.extend({ requestId: z.string().min(8).max(128), wsName: z.string().optional() });
+const ManagedAgentPayloadSchema = z.object({
+    name: z.string(),
+    model: z.string(),
+    system: z.string(),
+    mcp_servers: z.array(z.object({ type: z.literal("url"), name: z.string(), url: z.string() })),
+    tools: z.array(z.union([
+        z.object({ type: z.literal("agent_toolset_20260401") }),
+        z.object({ type: z.literal("mcp_toolset"), mcp_server_name: z.string() }),
+    ])),
+});
+const ManagedAgentPreviewSchema = z.object({
+    kind: z.literal("managed-agent"),
+    payload: ManagedAgentPayloadSchema,
+    skillsToRegister: z.array(z.string()),
+    skipped: z.array(SkippedArtifactSchema),
+    vaultSecrets: z.array(SecretRequirementSchema),
+});
+const AgentcorePreviewSchema = z.object({
+    kind: z.literal("agentcore-harness"),
+    request: z.record(z.string(), z.unknown()),
+    skipped: z.array(SkippedArtifactSchema),
+    vaultSecrets: z.array(SecretRequirementSchema),
+});
+export const PublishPreviewResponseSchema = z.discriminatedUnion("kind", [ManagedAgentPreviewSchema, AgentcorePreviewSchema]);
+export const PublishReadyResponseSchema = z.object({ ready: z.boolean() });
+const ManagedAgentResultSchema = z.object({
+    kind: z.literal("managed-agent"),
+    agentId: z.string(), environmentId: z.string(), version: z.string(),
+    registeredSkills: z.array(z.object({ name: z.string(), skillId: z.string(), version: z.string() })),
+    skipped: z.array(SkippedArtifactSchema), vaultSecrets: z.array(SecretRequirementSchema),
+});
+const AgentcoreResultSchema = z.object({
+    kind: z.literal("agentcore-harness"),
+    harnessArn: z.string(), harnessId: z.string(), harnessName: z.string(), harnessVersion: z.string(), status: z.string(),
+    skipped: z.array(SkippedArtifactSchema), vaultSecrets: z.array(SecretRequirementSchema),
+});
+export const PublishResultSchema = z.discriminatedUnion("kind", [ManagedAgentResultSchema, AgentcoreResultSchema]);
+// `projects` is a JSON-encoded string array of root paths (query params can't carry arrays cleanly).
+export const DirQuerySchema = z.object({ dir: z.string().optional(), projects: z.string().optional() });
+export const PickQuerySchema = z.object({});
+export const PickFolderSchema = z.object({ path: z.string().nullable() });
+export const GemSchema = z.object({
+    name: z.string(),
+    createdFrom: z.string(),
+    artifacts: z.array(GemArtifactSchema),
+    checks: z.array(GemCheckSchema),
+    requiredSecrets: z.array(SecretRequirementSchema),
+});
+// ── Workspaces ──
+export const WorkspaceSummarySchema = z.object({
+    name: z.string(),
+    gemName: z.string(),
+    version: z.string(),
+    artifactCounts: z.object({ skill: z.number(), mcp_server: z.number(), instructions: z.number(), hook: z.number() }),
+    checks: z.number(),
+    renderedTargets: z.array(TargetIdSchema),
+});
+export const WorkspaceDetailSchema = WorkspaceSummarySchema.extend({
+    files: z.record(z.string(), z.string()),
+    compatibility: z.record(TargetIdSchema, z.object({ supported: z.number(), skipped: z.number() })),
+});
+export const RenderResultSchema = z.object({
+    target: TargetIdSchema,
+    files: z.record(z.string(), z.string()),
+    skipped: z.array(SkippedArtifactSchema),
+    path: z.string(),
+});
+export const CreateWorkspaceRequestSchema = z.object({
+    name: z.string(),
+    selection: GemSelectionSchema,
+    dir: z.string().optional(),
+    projects: z.array(z.string()).optional(),
+    version: z.string().optional(),
+});
+export const WorkspaceQuerySchema = z.object({ name: z.string() });
+export const RenderRequestSchema = z.object({ name: z.string(), target: TargetIdSchema });
+export const WorkspaceNameRequestSchema = z.object({ name: z.string() });
+export const ListWorkspacesResponseSchema = z.object({ workspaces: z.array(WorkspaceSummarySchema) });
+export const DeleteWorkspaceResponseSchema = z.object({ deleted: z.string() });
+export const RunReadyQuerySchema = z.object({ name: z.string(), target: TargetIdSchema });
+export const RunReadyResponseSchema = z.object({ local: z.boolean(), vercel: z.boolean(), cloudflare: z.boolean() });
+export const RunRequestSchema = z.object({ name: z.string(), target: TargetIdSchema, mode: z.enum(["local", "vercel", "cloudflare"]), eveAuth: z.enum(["placeholder", "public"]).optional() });
+export const RunStatusQuerySchema = z.object({ name: z.string(), target: TargetIdSchema });
+export const RunStateSchema = z.object({
+    mode: z.enum(["local", "vercel", "cloudflare"]),
+    state: z.enum(["idle", "installing", "building", "running", "deploying", "failed"]),
+    url: z.string().optional(),
+    logTail: z.array(z.string()),
+});
+export const RunStopRequestSchema = z.object({ name: z.string(), target: TargetIdSchema });
+export const RunStopResponseSchema = z.object({ stopped: z.boolean() });
+// Set a server-side credential (allowlisted keys only). Response is just ok — the UI re-fetches
+// the relevant backend readiness (run-ready / publish-ready) on re-render.
+export const CredentialRequestSchema = z.object({ key: z.enum(CREDENTIAL_KEYS), value: z.string().min(1) });
+export const CredentialResponseSchema = z.object({ ok: z.boolean() });
+// ── Testbed (testbed-first on-ramp) ──
+const FLAVOR_IDS = flavorIds();
+export const TestbedFlavorIdSchema = z.enum(FLAVOR_IDS);
+export const TestbedDetectQuerySchema = z.object({ root: z.string() });
+export const TestbedDetectResponseSchema = z.object({ flavor: TestbedFlavorIdSchema.nullable() });
+// cwd probe for the front door. `cwd` overrides process.cwd() (tests); production omits it.
+export const TestbedSuggestionQuerySchema = z.object({ cwd: z.string().optional() });
+export const TestbedSuggestionResponseSchema = z.object({
+    cwd: z.string(),
+    looksLikeProject: z.boolean(),
+    flavor: TestbedFlavorIdSchema.nullable(),
+    name: z.string(),
+});
+// Persisted "testbeds opened in agentgem". `exists` is computed per-request (stale paths).
+export const RecentEntrySchema = z.object({
+    path: z.string(),
+    flavor: TestbedFlavorIdSchema,
+    name: z.string(),
+    lastUsed: z.string(),
+    exists: z.boolean(),
+});
+export const TestbedRecentsResponseSchema = z.object({ recents: z.array(RecentEntrySchema) });
+// Cross-repo discovery: projects harvested from Claude/Codex session history (ungated).
+// `dir` overrides the ~/.claude base (tests / non-default homes); production omits it.
+export const TestbedProjectsQuerySchema = z.object({ dir: z.string().optional() });
+export const ProjectCandidateSchema = z.object({
+    path: z.string(),
+    flavor: TestbedFlavorIdSchema,
+    lastUsed: z.string().nullable(),
+    exists: z.boolean(),
+});
+export const TestbedProjectsResponseSchema = z.object({ projects: z.array(ProjectCandidateSchema) });
+export const TestbedImportSelectionSchema = z.object({
+    skills: z.array(z.string()).optional(),
+    mcpServers: z.array(z.string()).optional(),
+    hooks: z.array(z.string()).optional(),
+    includeInstructions: z.boolean().optional(),
+});
+export const TestbedScaffoldRequestSchema = z.object({ root: z.string(), name: z.string(), flavor: TestbedFlavorIdSchema.optional() });
+export const TestbedScaffoldResponseSchema = z.object({ root: z.string(), created: z.array(z.string()) });
+export const TestbedImportRequestSchema = z.object({
+    root: z.string(),
+    selection: TestbedImportSelectionSchema,
+    dir: z.string().optional(),
+    flavor: TestbedFlavorIdSchema.optional(),
+});
+export const ImportedRefSchema = z.object({
+    type: z.enum(["skill", "mcp_server", "instructions", "hook"]),
+    name: z.string(),
+    overwritten: z.boolean(),
+});
+export const TestbedImportResponseSchema = z.object({
+    written: z.array(ImportedRefSchema),
+    skipped: z.array(z.object({ artifact: z.string(), reason: z.string() })),
+});
+// ── AgentCore deploy (Phase 2) ──
+export const AgentcoreReadyResponseSchema = z.object({ cli: z.boolean(), awsCreds: z.boolean() });
+export const AgentcoreDeployRequestSchema = z.object({ name: z.string() });
+export const AgentcoreStatusQuerySchema = z.object({ name: z.string() });
+export const AgentcoreDeployStateSchema = z.object({
+    state: z.enum(["idle", "installing", "building", "running", "deploying", "failed"]),
+    url: z.string().optional(),
+    logTail: z.array(z.string()),
+});
+// ── Gem Registry ──
+export const RegistryReadyResponseSchema = z.object({ ready: z.boolean() });
+const RegistryItemVersionSchema = z.object({ path: z.string(), gemDigest: z.string(), dependencies: z.array(z.string()) });
+export const RegistryIndexResponseSchema = z.object({
+    formatVersion: z.number(),
+    items: z.record(z.string(), z.object({ latest: z.string(), versions: z.record(z.string(), RegistryItemVersionSchema) })),
+});
+export const RegistryResolveRequestSchema = z.object({
+    refs: z.array(z.string()).min(1),
+    mode: z.enum(["materialize", "workspace"]),
+    target: TargetIdSchema.optional(),
+});
+const InstallPlanSchema = z.object({
+    items: z.array(z.object({ key: z.string(), version: z.string() })),
+    totalArtifacts: z.number(),
+    requiredSecrets: z.array(z.object({ name: z.string(), artifact: z.string(), location: z.string() })),
+    overrides: z.array(z.object({ artifact: z.string(), winner: z.string(), loser: z.string() })),
+    materialize: z.object({
+        files: z.record(z.string(), z.string()),
+        skipped: z.array(z.object({ artifact: z.string(), type: z.string(), reason: z.string() })),
+    }).optional(),
+});
+export const RegistryResolveResponseSchema = z.object({ plan: InstallPlanSchema });
+export const RegistryInstallRequestSchema = z.object({
+    refs: z.array(z.string()).min(1),
+    mode: z.enum(["materialize", "workspace"]),
+    target: TargetIdSchema.optional(),
+    dest: z.string().optional(),
+    workspaceName: z.string().optional(),
+});
+export const RegistryInstallResponseSchema = z.object({
+    plan: InstallPlanSchema,
+    applied: z.discriminatedUnion("mode", [
+        z.object({ mode: z.literal("materialize"), dest: z.string(), written: z.array(z.string()) }),
+        z.object({ mode: z.literal("workspace"), workspace: z.string() }),
+    ]),
+});
+export const RegistryPublishRequestSchema = z.object({
+    workspace: z.string(),
+    scope: z.string(),
+    name: z.string().optional(),
+    version: z.string(),
+    dependencies: z.array(z.string()).optional(),
+});
+export const RegistryPublishResponseSchema = z.object({
+    ref: z.string(), version: z.string(), gemDigest: z.string(), commit: z.string(), path: z.string(),
+});
+export const UndeployRequestSchema = z.object({ name: z.string(), target: z.enum(["eve", "flue", "claude-managed", "agentcore"]) });
+export const UndeployResponseSchema = z.object({ removed: z.boolean(), logTail: z.array(z.string()).optional() });
+export const DeployRecordQuerySchema = z.object({ name: z.string(), backend: z.enum(["eve", "flue", "claude-managed", "agentcore"]) });
+export const DeployRecordResponseSchema = z.object({ record: z.record(z.string(), z.unknown()).nullable() });

package/package.json

@@ -0,0 +1,72 @@
+{
+  "name": "@ninemind/agentgem",
+  "version": "0.1.0",
+  "description": "A local web UI that introspects your coding-agent config, redacts secrets at capture, and builds a portable, composable Gem.",
+  "license": "MIT",
+  "bin": {
+    "agentgem": "dist/cli.js"
+  },
+  "files": [
+    "dist",
+    "!dist/**/__tests__",
+    "!dist/**/*.test.js",
+    "!dist/**/*.test.d.ts"
+  ],
+  "engines": {
+    "node": ">=22"
+  },
+  "publishConfig": {
+    "access": "public"
+  },
+  "author": "ninemind.ai",
+  "homepage": "https://agentgem.ninemind.ai",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/ninemindai/agentgem.git"
+  },
+  "bugs": {
+    "url": "https://github.com/ninemindai/agentgem/issues"
+  },
+  "keywords": [
+    "claude",
+    "coding-agent",
+    "mcp",
+    "agentback",
+    "secret-redaction",
+    "agent-config",
+    "gem"
+  ],
+  "type": "module",
+  "packageManager": "pnpm@10.29.2",
+  "scripts": {
+    "build": "tsc -b && mkdir -p dist/public && cp src/public/index.html dist/public/index.html",
+    "dev": "pnpm build && node dist/index.js",
+    "start": "node dist/index.js",
+    "build:site": "node website/build.mjs",
+    "test": "tsc -b && vitest run",
+    "clean": "rm -rf dist *.tsbuildinfo",
+    "prepublishOnly": "pnpm clean && pnpm build"
+  },
+  "dependencies": {
+    "@agentback/core": "^0.5.2",
+    "@agentback/mcp": "^0.5.2",
+    "@agentback/mcp-http": "^0.5.2",
+    "@agentback/openapi": "^0.5.2",
+    "@agentback/rest": "^0.5.2",
+    "@agentback/rest-explorer": "^0.5.2",
+    "@anthropic-ai/sdk": "^0.104.2",
+    "@aws-sdk/client-bedrock-agentcore-control": "^3.1073.0",
+    "dotenv": "^17.4.2",
+    "tslib": "^2.8.1",
+    "vercel": "^54.14.2",
+    "zod": "^4.4.3"
+  },
+  "devDependencies": {
+    "@types/node": "^24",
+    "@types/supertest": "^6",
+    "marked": "^18.0.5",
+    "supertest": "^7",
+    "typescript": "^6",
+    "vitest": "^3"
+  }
+}