@ninemind/agentgem 0.2.0 → 0.3.0

package/dist/gem.controller.js

@@ -1,7 +1,7 @@
 import { __decorate, __metadata } from "tslib";
 // src/gem.controller.ts
-import { existsSync } from "node:fs";
-import { basename } from "node:path";
+import { existsSync, writeFileSync, readFileSync } from "node:fs";
+import { basename, resolve, sep } from "node:path";
 import { api, get, post } from "@agentback/openapi";
 import { introspectConfig, introspectProject } from "./gem/introspect.js";
 import { buildGem } from "./gem/buildGem.js";
@@ -12,58 +12,87 @@ import { createWorkspace, listWorkspaces, readWorkspace, renderTarget, deleteWor
 import { writeGemArchive, readGemArchive } from "./gem/archive.js";
 import { writeArchiveDir, readArchiveDir } from "./gem/archiveFs.js";
 import { packTar } from "./gem/archiveTar.js";
+import { importGem } from "./gem/share.js";
+import { fetchGemBytes } from "./gem/safeFetch.js";
 import { readDeployRecord, writeDeployRecord, clearDeployRecord } from "./gem/deployRecord.js";
 import { undeployManagedAgent, anthropicPublishClient } from "./publish.js";
 import { undeployAgentcoreHarness, realAgentcoreControlClient } from "./gem/agentcorePublish.js";
-import { InventorySchema, GemSchema, GemRequestSchema, DirQuerySchema, PickQuerySchema, PickFolderSchema, ScaffoldChecksRequestSchema, ScaffoldChecksResponseSchema, MaterializeRequestSchema, MaterializeResponseSchema, PublishPreviewRequestSchema, PublishRequestSchema, PublishPreviewResponseSchema, PublishReadyResponseSchema, PublishResultSchema, DeployTargetsResponseSchema, DeployReadyQuerySchema, ArchiveRequestSchema, ArchiveResponseSchema, CreateWorkspaceRequestSchema, WorkspaceQuerySchema, RenderRequestSchema, WorkspaceNameRequestSchema, WorkspaceSummarySchema, WorkspaceDetailSchema, RenderResultSchema, ListWorkspacesResponseSchema, DeleteWorkspaceResponseSchema, RunReadyQuerySchema, RunReadyResponseSchema, RunRequestSchema, RunStatusQuerySchema, RunStateSchema, RunStopRequestSchema, RunStopResponseSchema, CredentialRequestSchema, CredentialResponseSchema, TestbedDetectQuerySchema, TestbedDetectResponseSchema, TestbedSuggestionQuerySchema, TestbedSuggestionResponseSchema, TestbedRecentsResponseSchema, TestbedProjectsQuerySchema, TestbedProjectsResponseSchema, TestbedScaffoldRequestSchema, TestbedScaffoldResponseSchema, TestbedImportRequestSchema, TestbedImportResponseSchema, AgentcoreReadyResponseSchema, AgentcoreDeployRequestSchema, AgentcoreStatusQuerySchema, AgentcoreDeployStateSchema, RegistryReadyResponseSchema, RegistryIndexResponseSchema, RegistryResolveRequestSchema, RegistryResolveResponseSchema, RegistryInstallRequestSchema, RegistryInstallResponseSchema, RegistryPublishRequestSchema, RegistryPublishResponseSchema, UndeployRequestSchema, UndeployResponseSchema, DeployRecordQuerySchema, DeployRecordResponseSchema, WorkflowAnalyzeRequestSchema, WorkflowAnalyzeResponseSchema, } from "./schemas.js";
+import { InventorySchema, GemSchema, GemRequestSchema, DirQuerySchema, PickQuerySchema, PickFolderSchema, ScaffoldChecksRequestSchema, ScaffoldChecksResponseSchema, MaterializeRequestSchema, MaterializeResponseSchema, PublishPreviewRequestSchema, PublishRequestSchema, PublishPreviewResponseSchema, PublishReadyResponseSchema, PublishResultSchema, DeployTargetsResponseSchema, DeployReadyQuerySchema, ArchiveRequestSchema, ArchiveResponseSchema, CreateWorkspaceRequestSchema, WorkspaceQuerySchema, RenderRequestSchema, WorkspaceNameRequestSchema, WorkspaceSummarySchema, WorkspaceDetailSchema, RenderResultSchema, ListWorkspacesResponseSchema, DeleteWorkspaceResponseSchema, RunReadyQuerySchema, RunReadyResponseSchema, RunRequestSchema, RunStatusQuerySchema, RunStateSchema, RunStopRequestSchema, RunStopResponseSchema, CredentialRequestSchema, CredentialResponseSchema, TestbedDetectQuerySchema, TestbedDetectResponseSchema, TestbedSuggestionQuerySchema, TestbedSuggestionResponseSchema, TestbedRecentsResponseSchema, TestbedProjectsQuerySchema, TestbedProjectsResponseSchema, TestbedScaffoldRequestSchema, TestbedScaffoldResponseSchema, TestbedImportRequestSchema, TestbedImportResponseSchema, AgentcoreReadyResponseSchema, AgentcoreDeployRequestSchema, AgentcoreStatusQuerySchema, AgentcoreDeployStateSchema, RegistryReadyResponseSchema, RegistryIndexResponseSchema, RegistrySearchQuerySchema, RegistrySearchResponseSchema, RegistryResolveRequestSchema, RegistryResolveResponseSchema, RegistryInstallRequestSchema, RegistryInstallResponseSchema, RegistryPublishRequestSchema, RegistryPublishResponseSchema, UndeployRequestSchema, UndeployResponseSchema, DeployRecordQuerySchema, DeployRecordResponseSchema, WorkflowAnalyzeRequestSchema, WorkflowAnalyzeResponseSchema, DistilledSkillSchema, WorkflowDraftWriteResponseSchema, GemRunRequestSchema, GemRunResponseSchema, GemRunPrepareRequestSchema, GemRunPrepareResponseSchema, } from "./schemas.js";
 import { claudeTranscriptsForCwd, scanWorkflow } from "./gem/workflowScan.js";
 import { recommendWorkflow, recommendationToSelection } from "./gem/acpRecommender.js";
+import { distillWorkflow } from "./gem/distill.js";
+import { writeDistilledDraft, stageDraftsByEvidence } from "./gem/draftStage.js";
 import { runReadiness, startLocal, stopLocal, getRunStatus, deployVercel, deployCloudflare, undeployVercel, undeployCloudflare } from "./gem/run.js";
 import { setCredential } from "./gem/credentials.js";
 import { agentcoreReadiness, deployAgentcore, getAgentcoreStatus } from "./gem/agentcoreRun.js";
 import { scaffoldTestbed, importArtifacts } from "./gem/testbed.js";
+import { materializeAndRunGem, materializeGemToTestbed, registerRun, AGENT_ADAPTERS } from "./gem/runGem.js";
 import { detectFlavor, suggestTestbed, discoverProjects } from "./gem/testbedFlavors.js";
 import { readRecents, upsertRecent } from "./gem/recents.js";
 import { resolveInstall, publishGem } from "./gem/registry.js";
+import { searchIndex } from "./gem/search.js";
 import { githubRegistrySource, githubRegistryPublisher, registryConfigFromEnv, registryReady } from "./gem/registryGithub.js";
 import { resolveDirs, resolveProject, agentgemHome } from "./resolveDir.js";
 import { pickFolder } from "./pickFolder.js";
+// Server-derived run directory for a Gem. NEVER taken from client input: a caller-controlled path is
+// a path-injection sink, and the ACP agent then runs there with tool permissions. The gem name is
+// sanitized to one path segment; the sanitizer keeps '.', so a name of ".." must not escape — we
+// assert the resolved path stays inside the runs root.
+function deriveRunDir(gemName) {
+    let safeName = gemName.replace(/[^A-Za-z0-9._-]/g, "-");
+    if (safeName === "" || safeName === "." || safeName === "..")
+        safeName = "gem";
+    const runsRoot = resolve(agentgemHome(), ".agentgem", "runs");
+    const runDir = resolve(runsRoot, safeName);
+    if (!runDir.startsWith(runsRoot + sep))
+        throw new Error("derived run dir escaped the runs root");
+    return runDir;
+}
 let GemController = class GemController {
     async inventory(input) {
         return introspectAll(input.query.dir, parseProjectsQuery(input.query.projects));
     }
     async gem(input) {
         const dirs = resolveDirs(input.body.dir);
-        const inventory = introspectAll(input.body.dir, input.body.projects);
+        // Fold any accepted distilled drafts into the inventory (by evidence.root)
+        // before resolution, so a selection can reference one by name (proposal §7b).
+        const inventory = stageDraftsByEvidence(introspectAll(input.body.dir, input.body.projects), input.body.distilledDrafts ?? []);
         return buildGem(inventory, input.body.selection, {
             name: input.body.name ?? "gem",
             createdFrom: dirs.claudeDir,
             checks: input.body.checks,
+            channels: input.body.channels,
         });
     }
     async scaffoldChecks(input) {
         const dirs = resolveDirs(input.body.dir);
-        const inventory = introspectAll(input.body.dir, input.body.projects);
+        const inventory = stageDraftsByEvidence(introspectAll(input.body.dir, input.body.projects), input.body.distilledDrafts ?? []);
         const gem = buildGem(inventory, input.body.selection, { name: input.body.name ?? "gem", createdFrom: dirs.claudeDir });
         return { checks: scaffoldChecks(gem) };
     }
     async materialize(input) {
         const target = input.body.target;
         let gem;
-        if (input.body.archivePath) {
+        if (input.body.gemPath || input.body.gemUrl) {
+            const bytes = input.body.gemUrl
+                ? await fetchGemBytes(input.body.gemUrl) // SSRF-guarded: rejects non-public hosts
+                : readFileSync(input.body.gemPath);
+            gem = importGem(bytes).gem; // unpack + verify gem.lock; throws on tampering
+        }
+        else if (input.body.archivePath) {
             gem = readGemArchive(readArchiveDir(input.body.archivePath));
         }
         else {
             const dirs = resolveDirs(input.body.dir);
             const inventory = introspectAll(input.body.dir, input.body.projects);
-            gem = buildGem(inventory, input.body.selection, { name: input.body.name ?? "gem", createdFrom: dirs.claudeDir });
+            gem = buildGem(inventory, input.body.selection, { name: input.body.name ?? "gem", createdFrom: dirs.claudeDir, channels: input.body.channels });
         }
         return { target, ...materialize(gem, target, { a2aServer: input.body.a2aServer }), compatibility: compatibility(gem) };
     }
     async archive(input) {
         const dirs = resolveDirs(input.body.dir);
         const inventory = introspectAll(input.body.dir, input.body.projects);
-        const gem = buildGem(inventory, input.body.selection, { name: input.body.name ?? "gem", createdFrom: dirs.claudeDir });
+        const gem = buildGem(inventory, input.body.selection, { name: input.body.name ?? "gem", createdFrom: dirs.claudeDir, channels: input.body.channels });
         const { files, skipped } = writeGemArchive(gem, { version: input.body.version });
         const lock = JSON.parse(files["gem.lock"]);
         let path = null;
@@ -71,13 +100,18 @@ let GemController = class GemController {
             writeArchiveDir(input.body.outDir, files);
             path = input.body.outDir;
         }
+        let gemFile = null;
+        if (input.body.outFile) {
+            writeFileSync(input.body.outFile, packTar(files));
+            gemFile = input.body.outFile;
+        }
         const tarGz = input.body.tar ? packTar(files).toString("base64") : null;
-        return { files, lock, skipped, path, tarGz };
+        return { files, lock, skipped, path, gemFile, tarGz };
     }
     async createWorkspace(input) {
         const dirs = resolveDirs(input.body.dir);
         const inventory = introspectAll(input.body.dir, input.body.projects);
-        const gem = buildGem(inventory, input.body.selection, { name: input.body.name, createdFrom: dirs.claudeDir });
+        const gem = buildGem(inventory, input.body.selection, { name: input.body.name, createdFrom: dirs.claudeDir, channels: input.body.channels });
         return createWorkspace(input.body.name, gem, { version: input.body.version });
     }
     async listWorkspaces(_input) {
@@ -87,7 +121,7 @@ let GemController = class GemController {
         return readWorkspace(input.query.name);
     }
     async renderWorkspace(input) {
-        return renderTarget(input.body.name, input.body.target);
+        return renderTarget(input.body.name, input.body.target, { a2aServer: input.body.a2aServer });
     }
     async deleteWorkspace(input) {
         deleteWorkspace(input.body.name);
@@ -132,7 +166,7 @@ let GemController = class GemController {
     async publishPreview(input) {
         const dirs = resolveDirs(input.body.dir);
         const inventory = introspectAll(input.body.dir, input.body.projects);
-        const gem = buildGem(inventory, input.body.selection, { name: input.body.name ?? "gem", createdFrom: dirs.claudeDir });
+        const gem = buildGem(inventory, input.body.selection, { name: input.body.name ?? "gem", createdFrom: dirs.claudeDir, channels: input.body.channels });
         const target = (input.body.target ?? "claude-managed");
         return DEPLOY_REGISTRY[target].preview(gem);
     }
@@ -146,7 +180,7 @@ let GemController = class GemController {
     async publish(input) {
         const dirs = resolveDirs(input.body.dir);
         const inventory = introspectAll(input.body.dir, input.body.projects);
-        const gem = buildGem(inventory, input.body.selection, { name: input.body.name ?? "gem", createdFrom: dirs.claudeDir });
+        const gem = buildGem(inventory, input.body.selection, { name: input.body.name ?? "gem", createdFrom: dirs.claudeDir, channels: input.body.channels });
         const target = (input.body.target ?? "claude-managed");
         const result = await DEPLOY_REGISTRY[target].deploy(gem, input.body.requestId);
         if (input.body.wsName) {
@@ -229,6 +263,32 @@ let GemController = class GemController {
         const rawInv = introspectConfig({ ...resolveDirs(input.body.dir), redact: false });
         return importArtifacts(resolveProject(input.body.root), input.body.selection, rawInv, (input.body.flavor ?? "claude"));
     }
+    // Test-run a Gem from a .gem archive with a locally-installed ACP coding agent:
+    // materialize into a runnable testbed dir, drive the agent against the task,
+    // and (when expectations are given) attach a verification report.
+    async runGem(input) {
+        const b = input.body;
+        const gem = b.archivePath
+            ? readGemArchive(readArchiveDir(b.archivePath))
+            : buildGem(introspectAll(b.dir, b.projects), b.selection, { name: b.name ?? "gem", createdFrom: resolveDirs(b.dir).claudeDir });
+        const agent = (b.agent ?? "claude");
+        const runDir = deriveRunDir(gem.name);
+        const out = await materializeAndRunGem({ gem, dir: runDir, task: b.task, agent, expectations: b.expectations });
+        return { dir: runDir, agent: out.agent, materialized: out.materialized, run: out.run, verification: out.verification };
+    }
+    // Step 1 of the streaming flow: materialize the Gem (carries the full selection
+    // over POST) and hand back an opaque runId. GET /api/gem/run/stream then runs it.
+    async prepareGemRun(input) {
+        const b = input.body;
+        const gem = b.archivePath
+            ? readGemArchive(readArchiveDir(b.archivePath))
+            : buildGem(introspectAll(b.dir, b.projects), b.selection, { name: b.name ?? "gem", createdFrom: resolveDirs(b.dir).claudeDir });
+        const agent = (b.agent ?? "claude");
+        const runDir = deriveRunDir(gem.name);
+        const materialized = materializeGemToTestbed(gem, runDir, AGENT_ADAPTERS[agent].flavor);
+        const runId = registerRun(runDir, agent);
+        return { runId, runDir, agent, materialized };
+    }
     // Resolve the configured registry source, or throw a clear error the UI can surface.
     registrySource() {
         const cfg = registryConfigFromEnv();
@@ -242,15 +302,19 @@ let GemController = class GemController {
     async registryIndex(_input) {
         return this.registrySource().source.getIndex();
     }
+    async registrySearch(input) {
+        const index = await this.registrySource().source.getIndex();
+        return { results: searchIndex(index, input.query.q ?? "", { kind: input.query.kind, tag: input.query.tag, limit: input.query.limit }) };
+    }
     async registryResolve(input) {
         const { source } = this.registrySource();
-        const { plan } = await resolveInstall({ refs: input.body.refs, mode: input.body.mode, target: input.body.target, source });
+        const { plan } = await resolveInstall({ refs: input.body.refs, mode: input.body.mode, target: input.body.target, source, a2aServer: input.body.a2aServer });
         return { plan };
     }
     // Apply: materialize into `dest`, or land the merged Gem in the workspace store.
     async registryInstall(input) {
         const { source } = this.registrySource();
-        const { plan, gem } = await resolveInstall({ refs: input.body.refs, mode: input.body.mode, target: input.body.target, source });
+        const { plan, gem } = await resolveInstall({ refs: input.body.refs, mode: input.body.mode, target: input.body.target, source, a2aServer: input.body.a2aServer });
         if (input.body.mode === "materialize") {
             if (!input.body.dest)
                 throw new Error("materialize mode requires `dest`");
@@ -270,6 +334,7 @@ let GemController = class GemController {
         return publishGem({
             gem, scope: input.body.scope, name: input.body.name, version: input.body.version,
             dependencies: input.body.dependencies, index, publisher: githubRegistryPublisher(cfg),
+            description: input.body.description, tags: input.body.tags,
         });
     }
     // Pop the OS-native folder picker and return the chosen absolute path (null if cancelled).
@@ -289,16 +354,31 @@ let GemController = class GemController {
         // The top-level inventory IS the global/plugin inventory; the project section
         // is namespaced separately. Scan + recommend over both.
         const scanInv = { project, global: { skills: inventory.skills, mcpServers: inventory.mcpServers, hooks: inventory.hooks } };
-        const signal = scanWorkflow(paths, scanInv);
-        const { analysis, degraded } = await recommendWorkflow(signal, scanInv);
+        const signal = scanWorkflow(paths, scanInv, { retainSequences: true });
+        // Selective recommendation + skill distillation run concurrently — both
+        // never throw, so wall-clock stays max(...) not sum (proposal §5).
+        const [{ analysis, degraded }, distill] = await Promise.all([
+            recommendWorkflow(signal, scanInv),
+            distillWorkflow(signal, scanInv),
+        ]);
         const candidates = analysis.candidates.map((c) => ({ ...c, selection: recommendationToSelection(c) }));
         return {
             candidates,
             gaps: analysis.gaps,
+            distilled: distill.distilled,
             signalSummary: { sessionsScanned: signal.sessions.scanned, spanDays: signal.sessions.spanDays, notes: signal.notes },
             degraded,
         };
     }
+    // Accept a distilled draft: persist it to .agentgem/distilled/<name>/SKILL.md for
+    // the user to review/promote (proposal §7) — NOT into .claude/skills/. The name is
+    // re-validated as a kebab slug here (defense in depth) since it composes a path.
+    async writeWorkflowDraft(input) {
+        const skill = input.body;
+        if (!/^[a-z0-9]+(?:-[a-z0-9]+)*$/.test(skill.name))
+            throw new Error(`invalid draft name '${skill.name}'`);
+        return { path: writeDistilledDraft(skill) };
+    }
 };
 __decorate([
     get("/inventory", { query: DirQuerySchema, response: InventorySchema }),
@@ -480,6 +560,18 @@ __decorate([
     __metadata("design:paramtypes", [Object]),
     __metadata("design:returntype", Promise)
 ], GemController.prototype, "importTestbed", null);
+__decorate([
+    post("/gem/run", { body: GemRunRequestSchema, response: GemRunResponseSchema }),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [Object]),
+    __metadata("design:returntype", Promise)
+], GemController.prototype, "runGem", null);
+__decorate([
+    post("/gem/run/prepare", { body: GemRunPrepareRequestSchema, response: GemRunPrepareResponseSchema }),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [Object]),
+    __metadata("design:returntype", Promise)
+], GemController.prototype, "prepareGemRun", null);
 __decorate([
     get("/registry/ready", { query: PickQuerySchema, response: RegistryReadyResponseSchema }),
     __metadata("design:type", Function),
@@ -492,6 +584,12 @@ __decorate([
     __metadata("design:paramtypes", [Object]),
     __metadata("design:returntype", Promise)
 ], GemController.prototype, "registryIndex", null);
+__decorate([
+    get("/registry/search", { query: RegistrySearchQuerySchema, response: RegistrySearchResponseSchema }),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [Object]),
+    __metadata("design:returntype", Promise)
+], GemController.prototype, "registrySearch", null);
 __decorate([
     post("/registry/resolve", { body: RegistryResolveRequestSchema, response: RegistryResolveResponseSchema }),
     __metadata("design:type", Function),
@@ -522,6 +620,12 @@ __decorate([
     __metadata("design:paramtypes", [Object]),
     __metadata("design:returntype", Promise)
 ], GemController.prototype, "workflowAnalyze", null);
+__decorate([
+    post("/workflow/draft", { body: DistilledSkillSchema, response: WorkflowDraftWriteResponseSchema }),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [Object]),
+    __metadata("design:returntype", Promise)
+], GemController.prototype, "writeWorkflowDraft", null);
 GemController = __decorate([
     api({ basePath: "/api" })
 ], GemController);

package/dist/gem.tools.js

@@ -7,13 +7,20 @@ import { buildGem } from "./gem/buildGem.js";
 import { GemSelectionSchema } from "./schemas.js";
 import { resolveDirs, resolveProject } from "./resolveDir.js";
 import { resolveInstall, publishGem } from "./gem/registry.js";
+import { searchIndex } from "./gem/search.js";
 import { githubRegistrySource, githubRegistryPublisher, registryConfigFromEnv } from "./gem/registryGithub.js";
 import { readWorkspace } from "./gem/workspaces.js";
 import { readGemArchive } from "./gem/archive.js";
+import { exportGem, importGem } from "./gem/share.js";
+import { fetchGemBytes } from "./gem/safeFetch.js";
+import { readFileSync } from "node:fs";
 const InventoryInput = z.object({ dir: z.string().optional(), projects: z.array(z.string()).optional() });
 const GemInput = z.object({ selection: GemSelectionSchema, name: z.string().optional(), dir: z.string().optional(), projects: z.array(z.string()).optional() });
-const RegistryRefsInput = z.object({ refs: z.array(z.string()).min(1), mode: z.enum(["materialize", "workspace"]), target: z.string().optional() });
-const RegistryPublishInput = z.object({ workspace: z.string(), scope: z.string(), name: z.string().optional(), version: z.string(), dependencies: z.array(z.string()).optional() });
+const RegistryRefsInput = z.object({ refs: z.array(z.string()).min(1), mode: z.enum(["materialize", "workspace"]), target: z.string().optional(), a2aServer: z.boolean().optional() });
+const RegistryPublishInput = z.object({ workspace: z.string(), scope: z.string(), name: z.string().optional(), version: z.string(), dependencies: z.array(z.string()).optional(), description: z.string().optional(), tags: z.array(z.string()).optional() });
+const RegistrySearchInput = z.object({ q: z.string().optional(), kind: z.string().optional(), tag: z.string().optional(), limit: z.number().int().positive().max(100).optional() });
+const GemExportInput = z.object({ selection: GemSelectionSchema, name: z.string().optional(), version: z.string().optional(), dir: z.string().optional(), projects: z.array(z.string()).optional() });
+const GemInstallInput = z.object({ gemUrl: z.string().optional(), gemPath: z.string().optional(), bytesBase64: z.string().optional() });
 function registrySourceOrThrow() {
     const cfg = registryConfigFromEnv();
     if (!cfg)
@@ -35,24 +42,41 @@ let GemTools = class GemTools {
         const dirs = resolveDirs(input.dir);
         return buildGem(introspectAll(input.dir, input.projects), input.selection, { name: input.name ?? "gem", createdFrom: dirs.claudeDir });
     }
+    async gemExport(input) {
+        const dirs = resolveDirs(input.dir);
+        const gem = buildGem(introspectAll(input.dir, input.projects), input.selection, { name: input.name ?? "gem", createdFrom: dirs.claudeDir });
+        const { filename, bytes, skipped } = exportGem(gem, { version: input.version });
+        return { filename, bytesBase64: bytes.toString("base64"), skipped };
+    }
+    async gemInstall(input) {
+        const bytes = input.gemUrl ? await fetchGemBytes(input.gemUrl)
+            : input.gemPath ? readFileSync(input.gemPath)
+                : input.bytesBase64 ? Buffer.from(input.bytesBase64, "base64")
+                    : (() => { throw new Error("provide one of gemUrl, gemPath, or bytesBase64"); })();
+        return importGem(bytes);
+    }
     async registryIndex(_input) {
         return registrySourceOrThrow().source.getIndex();
     }
+    async registrySearch(input) {
+        const index = await registrySourceOrThrow().source.getIndex();
+        return { results: searchIndex(index, input.q ?? "", { kind: input.kind, tag: input.tag, limit: input.limit }) };
+    }
     async registryResolve(input) {
         const { source } = registrySourceOrThrow();
-        const { plan } = await resolveInstall({ refs: input.refs, mode: input.mode, target: input.target, source });
+        const { plan } = await resolveInstall({ refs: input.refs, mode: input.mode, target: input.target, source, a2aServer: input.a2aServer });
         return plan;
     }
     async registryInstall(input) {
         const { source } = registrySourceOrThrow();
-        const { plan, gem } = await resolveInstall({ refs: input.refs, mode: input.mode, target: input.target, source });
+        const { plan, gem } = await resolveInstall({ refs: input.refs, mode: input.mode, target: input.target, source, a2aServer: input.a2aServer });
         return { plan, gem };
     }
     async registryPublish(input) {
         const { cfg, source } = registrySourceOrThrow();
         const gem = readGemArchive(readWorkspace(input.workspace).files);
         const index = await source.getIndex();
-        return publishGem({ gem, scope: input.scope, name: input.name, version: input.version, dependencies: input.dependencies, index, publisher: githubRegistryPublisher(cfg) });
+        return publishGem({ gem, scope: input.scope, name: input.name, version: input.version, dependencies: input.dependencies, index, publisher: githubRegistryPublisher(cfg), description: input.description, tags: input.tags });
     }
 };
 __decorate([
@@ -73,12 +97,36 @@ __decorate([
     __metadata("design:paramtypes", [Object]),
     __metadata("design:returntype", Promise)
 ], GemTools.prototype, "gem", null);
+__decorate([
+    tool("gem_export", {
+        description: "Export a Gem (built from a selection of the local config) as a single portable .gem archive, returned base64-encoded. Share those bytes as a file/upload/gist; install elsewhere with gem_install. Secrets are redacted; no registry required.",
+        input: GemExportInput,
+    }),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [Object]),
+    __metadata("design:returntype", Promise)
+], GemTools.prototype, "gemExport", null);
+__decorate([
+    tool("gem_install", {
+        description: "Read and verify a shared .gem from a URL, local file path, or base64 bytes — returning the lock-verified Gem and its manifest meta. URL fetches are SSRF-guarded; tampered archives are rejected. Disk placement is performed via the REST /materialize endpoint.",
+        input: GemInstallInput,
+    }),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [Object]),
+    __metadata("design:returntype", Promise)
+], GemTools.prototype, "gemInstall", null);
 __decorate([
     tool("registry_index", { description: "List the gems available in the configured registry (names, versions, dependencies).", input: z.object({}) }),
     __metadata("design:type", Function),
     __metadata("design:paramtypes", [Object]),
     __metadata("design:returntype", Promise)
 ], GemTools.prototype, "registryIndex", null);
+__decorate([
+    tool("registry_search", { description: "Search the configured registry for gems by name/tags/description. Pass a `kind` (skill|mcp_server|instructions|hook) or `tag` to filter; an empty query browses the catalog. Returns ranked hits with latest version and description.", input: RegistrySearchInput }),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [Object]),
+    __metadata("design:returntype", Promise)
+], GemTools.prototype, "registrySearch", null);
 __decorate([
     tool("registry_resolve", { description: "Resolve registry refs into an install plan (items, artifacts, required secrets, and a materialize preview for a target). No writes.", input: RegistryRefsInput }),
     __metadata("design:type", Function),

package/dist/gemRunStream.js

@@ -0,0 +1,67 @@
+// src/gemRunStream.ts
+//
+// SSE endpoint for running an already-prepared Gem with a local ACP coding agent.
+// This is step 2 of the streaming flow: POST /api/gem/run/prepare materializes the
+// Gem and returns an opaque runId; this GET streams the agent run for that runId
+// (materializing → running → per-tool + token deltas → done). Splitting prepare
+// (POST, carries the selection) from stream (GET, simple query params) lets the UI
+// use native EventSource while keeping the run dir off the wire — the client only
+// ever holds the opaque id, never a path it could redirect the agent to.
+import { runGemWithAgent, hasTestConnectFn } from "./gem/acpRun.js";
+import { resolveRun, resolveOrFetchAdapter, AGENT_ADAPTERS } from "./gem/runGem.js";
+import { verifyGemRun } from "./gem/gemVerify.js";
+const str = (v) => (typeof v === "string" ? v : "");
+export async function streamGemRun(req, res) {
+    const runId = str(req.query.runId);
+    const task = str(req.query.task);
+    const expectTools = str(req.query.expectTools)
+        ? str(req.query.expectTools).split(",").map((s) => s.trim()).filter(Boolean)
+        : undefined;
+    const expectText = str(req.query.expectText) || undefined;
+    res.writeHead(200, {
+        "Content-Type": "text/event-stream",
+        "Cache-Control": "no-cache, no-transform",
+        Connection: "keep-alive",
+        "X-Accel-Buffering": "no",
+    });
+    const send = (event, data) => {
+        res.write(`event: ${event}\n`);
+        res.write(`data: ${JSON.stringify(data)}\n\n`);
+    };
+    try {
+        const reg = resolveRun(runId);
+        if (!reg) {
+            send("failed", { message: "unknown or expired runId — prepare the run again" });
+            return;
+        }
+        if (!task) {
+            send("failed", { message: "missing task" });
+            return;
+        }
+        // Resolve the adapter (fetching on demand if needed), streaming a phase so a
+        // one-time download shows progress instead of a hang.
+        const adapter = AGENT_ADAPTERS[reg.agent];
+        const command = hasTestConnectFn()
+            ? [adapter.bin]
+            : await resolveOrFetchAdapter(adapter, {
+                onFetch: () => send("phase", { phase: "preparing-adapter", agent: reg.agent, pkg: adapter.pkg }),
+            });
+        send("phase", { phase: "running", agent: reg.agent });
+        const run = await runGemWithAgent({
+            dir: reg.dir,
+            task,
+            descriptor: { id: adapter.id, name: adapter.name, command },
+            onToolCall: (t) => send("tool", t),
+            onDelta: (c) => send("delta", { text: c }),
+        });
+        const expectations = expectTools || expectText ? { expectTools, expectText } : undefined;
+        const verification = expectations ? verifyGemRun(run, expectations) : undefined;
+        send("done", { runId, agent: reg.agent, run, verification });
+    }
+    catch (err) {
+        send("failed", { message: err?.message ?? String(err) });
+    }
+    finally {
+        res.end();
+    }
+}

package/dist/index.js

@@ -18,6 +18,8 @@ import { installMcpHttp } from "@agentback/mcp-http";
 import { GemController } from "./gem.controller.js";
 import { GemTools } from "./gem.tools.js";
 import { streamWorkflowAnalyze } from "./workflowStream.js";
+import { streamGemRun } from "./gemRunStream.js";
+import { originGuard } from "./originGuard.js";
 const here = dirname(fileURLToPath(import.meta.url));
 function pageHtml() {
     for (const p of [join(here, "public", "index.html"), join(here, "..", "src", "public", "index.html")]) {
@@ -35,6 +37,10 @@ export async function createApp(port) {
     app.configure("servers.MCPServer").to({ name: "agentgem", version: "0.1.0", transports: { stdio: false } });
     app.restController(GemController);
     app.service(GemTools);
+    // CSRF / drive-by guard: reject browser-initiated cross-site requests to the loopback API
+    // (controller routes). Same-origin UI and non-browser clients (CLI/MCP/tests) pass. Mounted in
+    // the framework middleware chain so it runs before controller dispatch.
+    app.expressMiddleware("middleware.originGuard", originGuard);
     await installExplorer(app, { title: "agentgem API" });
     await installMcpHttp(app);
     const server = await app.restServer;
@@ -42,8 +48,12 @@ export async function createApp(port) {
     server.expressApp.get("/", (_req, res) => res.type("html").send(html));
     // SSE progress stream for workflow analysis (raw Express — the decorator
     // framework only returns single JSON bodies). The POST /api/workflow/analyze
-    // route stays for programmatic/test callers.
-    server.expressApp.get("/api/workflow/analyze/stream", streamWorkflowAnalyze);
+    // route stays for programmatic/test callers. originGuard is applied per-route because these raw
+    // routes are registered directly on expressApp, outside the controller dispatch chain.
+    server.expressApp.get("/api/workflow/analyze/stream", originGuard, streamWorkflowAnalyze);
+    // SSE progress stream for running a Gem with a local ACP agent (materialize →
+    // run → tool/token deltas → done). POST /api/gem/run stays for programmatic callers.
+    server.expressApp.get("/api/gem/run/stream", originGuard, streamGemRun);
     return app;
 }
 // Start the server and print where its surfaces live. Shared by the default

package/dist/originGuard.js

@@ -0,0 +1,36 @@
+// Methods with no side effect — a direct navigation (Sec-Fetch-Site: none) to one of these is benign.
+const SAFE_METHODS = new Set(["GET", "HEAD", "OPTIONS"]);
+function block(res) {
+    res.status(403).type("application/json").send(JSON.stringify({ error: "cross-site request blocked" }));
+}
+export function originGuard(req, res, next) {
+    const site = req.get("sec-fetch-site");
+    if (site !== undefined) {
+        if (site === "same-origin") {
+            next();
+            return;
+        }
+        // "none" = user-initiated (typed URL, bookmark) — allow only for safe methods. A state-changing
+        // POST is never legitimately "none" from our same-origin UI (its fetch() sends same-origin), so
+        // requiring same-origin there closes the top-level-navigation/form-POST drive-by.
+        if (site === "none" && SAFE_METHODS.has(req.method.toUpperCase())) {
+            next();
+            return;
+        }
+        block(res);
+        return;
+    }
+    const origin = req.get("origin");
+    if (origin === undefined) {
+        next();
+        return;
+    } // non-browser client: no ambient browser context
+    try {
+        if (new URL(origin).host === req.get("host")) {
+            next();
+            return;
+        } // same-origin
+    }
+    catch { /* malformed Origin -> fall through to block */ }
+    block(res);
+}