@omnidev-ai/cli 0.11.0 → 0.12.0

package/dist/index.js

@@ -22,10 +22,10 @@ var __require = /* @__PURE__ */ createRequire(import.meta.url);
 import { run } from "@stricli/core";
 
 // src/lib/dynamic-app.ts
-import { existsSync as existsSync9 } from "node:fs";
+import { existsSync as existsSync10 } from "node:fs";
 import { createRequire as createRequire2 } from "node:module";
 import { join as join9 } from "node:path";
-import { buildApplication, buildRouteMap as buildRouteMap5 } from "@stricli/core";
+import { buildApplication, buildRouteMap as buildRouteMap6 } from "@stricli/core";
 
 // src/commands/add.ts
 import { existsSync as existsSync3 } from "node:fs";
@@ -357,11 +357,19 @@ async function runAddCap(flags, name) {
     }
     let capabilityId = name;
     if (!capabilityId) {
-      const sourceValue = sourceType === "local" ? flags.local : flags.github;
-      if (!sourceValue) {
-        throw new Error("Unreachable: cannot infer capability ID");
+      if (flags.path && sourceType === "github") {
+        const pathParts = flags.path.split("/").filter(Boolean);
+        capabilityId = pathParts[pathParts.length - 1];
+        if (!capabilityId) {
+          capabilityId = "capability";
+        }
+      } else {
+        const sourceValue = sourceType === "local" ? flags.local : flags.github;
+        if (!sourceValue) {
+          throw new Error("Unreachable: cannot infer capability ID");
+        }
+        capabilityId = await inferCapabilityId(sourceValue, sourceType);
       }
-      capabilityId = await inferCapabilityId(sourceValue, sourceType);
       console.log(`  Inferred capability ID: ${capabilityId}`);
     }
     const config = await loadBaseConfig();
@@ -684,6 +692,7 @@ import {
   generateSkillTemplate,
   getEnabledCapabilities,
   loadCapabilityConfig,
+  loadLockFile,
   syncAgentConfiguration as syncAgentConfiguration2
 } from "@omnidev-ai/core";
 import { buildCommand as buildCommand2, buildRouteMap as buildRouteMap2 } from "@stricli/core";
@@ -694,10 +703,11 @@ function isValidCapabilityId(id) {
 }
 
 // src/commands/capability.ts
-async function runCapabilityList() {
+async function runCapabilityList(flags = {}) {
   try {
     const enabledIds = await getEnabledCapabilities();
     const capabilityPaths = await discoverCapabilities();
+    const lockFile = await loadLockFile();
     if (capabilityPaths.length === 0) {
       console.log("No capabilities found.");
       console.log("");
@@ -713,9 +723,29 @@ async function runCapabilityList() {
         const isEnabled = enabledIds.includes(capConfig.capability.id);
         const status = isEnabled ? "✓ enabled" : "✗ disabled";
         const { id, name, version } = capConfig.capability;
+        const lockEntry = lockFile.capabilities[id];
         console.log(`  ${status}  ${name}`);
         console.log(`           ID: ${id}`);
         console.log(`           Version: ${version}`);
+        if (flags.verbose && lockEntry) {
+          console.log(`           Source: ${lockEntry.source}`);
+          if (lockEntry.version_source) {
+            console.log(`           Version from: ${lockEntry.version_source}`);
+          }
+          if (lockEntry.commit) {
+            console.log(`           Commit: ${lockEntry.commit.substring(0, 7)}`);
+          }
+          if (lockEntry.content_hash) {
+            console.log(`           Content hash: ${lockEntry.content_hash.substring(0, 12)}`);
+          }
+          if (lockEntry.ref) {
+            console.log(`           Ref: ${lockEntry.ref}`);
+          }
+          if (lockEntry.updated_at) {
+            const date = new Date(lockEntry.updated_at);
+            console.log(`           Updated: ${date.toLocaleString()}`);
+          }
+        }
         console.log("");
       } catch (error) {
         console.error(`  ✗ Failed to load capability at ${path}:`, error);
@@ -765,6 +795,65 @@ async function runCapabilityDisable(_flags, name) {
 function toTitleCase(kebabCase) {
   return kebabCase.split("-").map((word) => word.charAt(0).toUpperCase() + word.slice(1)).join(" ");
 }
+function generatePackageJson(id) {
+  const pkg = {
+    name: `@capability/${id}`,
+    version: "0.1.0",
+    type: "module",
+    main: "dist/index.js",
+    scripts: {
+      build: "esbuild index.ts --bundle --platform=node --format=esm --outfile=dist/index.js",
+      clean: "rm -rf dist"
+    },
+    dependencies: {
+      "@omnidev-ai/core": "latest"
+    },
+    devDependencies: {
+      esbuild: "^0.20.0"
+    }
+  };
+  return JSON.stringify(pkg, null, "\t");
+}
+function generateIndexTs(id, name) {
+  return `/**
+ * ${name} Capability
+ *
+ * A programmatic capability with CLI commands.
+ */
+
+import type { CapabilityExport } from "@omnidev-ai/core";
+import { buildCommand } from "@stricli/core";
+
+// Example command implementation
+async function run${id.replace(/-/g, "").replace(/^./, (c) => c.toUpperCase())}(): Promise<void> {
+	console.log("Hello from ${name}!");
+	console.log("");
+	console.log("This is a programmatic capability.");
+	console.log("Edit index.ts to customize this command.");
+}
+
+// Build the main command
+const ${id.replace(/-/g, "")}Command = buildCommand({
+	docs: {
+		brief: "${name} command",
+	},
+	parameters: {},
+	func: run${id.replace(/-/g, "").replace(/^./, (c) => c.toUpperCase())},
+});
+
+// Default export: Structured capability export
+export default {
+	cliCommands: {
+		"${id}": ${id.replace(/-/g, "")}Command,
+	},
+} satisfies CapabilityExport;
+`;
+}
+function generateGitignore() {
+  return `dist/
+node_modules/
+`;
+}
 async function runCapabilityNew(flags, capabilityId) {
   try {
     if (!existsSync4(".omni")) {
@@ -809,6 +898,11 @@ async function runCapabilityNew(flags, capabilityId) {
     mkdirSync4(hooksDir, { recursive: true });
     await writeFile5(join8(hooksDir, "hooks.toml"), generateHooksTemplate(), "utf-8");
     await writeFile5(join8(hooksDir, "example-hook.sh"), generateHookScript(), "utf-8");
+    if (flags.programmatic) {
+      await writeFile5(join8(capabilityDir, "package.json"), generatePackageJson(id), "utf-8");
+      await writeFile5(join8(capabilityDir, "index.ts"), generateIndexTs(id, name), "utf-8");
+      await writeFile5(join8(capabilityDir, ".gitignore"), generateGitignore(), "utf-8");
+    }
     console.log(`✓ Created capability: ${name}`);
     console.log(`  Location: ${capabilityDir}`);
     console.log("");
@@ -818,10 +912,26 @@ async function runCapabilityNew(flags, capabilityId) {
     console.log("    - rules/coding-standards.md");
     console.log("    - hooks/hooks.toml");
     console.log("    - hooks/example-hook.sh");
+    if (flags.programmatic) {
+      console.log("    - package.json");
+      console.log("    - index.ts");
+      console.log("    - .gitignore");
+    }
     console.log("");
-    console.log("\uD83D\uDCA1 To add this capability as a local source, run:");
-    console.log(`   omnidev add cap --local ./${capabilityDir}`);
+    if (flags.programmatic) {
+      console.log("\uD83D\uDCA1 To build and use this capability:");
+      console.log(`   cd ${capabilityDir}`);
+      console.log("   npm install && npm run build");
+      console.log(`   cd -`);
+      console.log(`   omnidev add cap --local ./${capabilityDir}`);
+    } else {
+      console.log("\uD83D\uDCA1 To add this capability as a local source, run:");
+      console.log(`   omnidev add cap --local ./${capabilityDir}`);
+    }
   } catch (error) {
+    if (error instanceof Error && error.name === "ExitPromptError") {
+      process.exit(0);
+    }
     console.error("Error creating capability:", error);
     process.exit(1);
   }
@@ -833,9 +943,12 @@ var newCommand = buildCommand2({
 
 By default, creates the capability at capabilities/<id>. You can specify a custom path using the --path flag or interactively.
 
+Use --programmatic to create a TypeScript capability with CLI commands, package.json, and esbuild setup.
+
 Examples:
-  omnidev capability new my-cap                    # Prompts for path, defaults to capabilities/my-cap
-  omnidev capability new my-cap --path ./caps/my   # Uses ./caps/my directly`
+  omnidev capability new my-cap                         # Prompts for path, defaults to capabilities/my-cap
+  omnidev capability new my-cap --path ./caps/my        # Uses ./caps/my directly
+  omnidev capability new my-cap --programmatic          # Creates with TypeScript + CLI support`
   },
   parameters: {
     flags: {
@@ -844,6 +957,11 @@ Examples:
         brief: "Output path for the capability (skips interactive prompt)",
         parse: String,
         optional: true
+      },
+      programmatic: {
+        kind: "boolean",
+        brief: "Create a TypeScript capability with CLI commands and esbuild setup",
+        optional: true
       }
     },
     positional: {
@@ -863,11 +981,31 @@ Examples:
 });
 var listCommand = buildCommand2({
   docs: {
-    brief: "List all discovered capabilities"
+    brief: "List all discovered capabilities",
+    fullDescription: `List all discovered capabilities with their status.
+
+Use --verbose to show additional version information including:
+- Source (git URL or file path)
+- Where the version was detected from
+- Commit hash (for git sources)
+- Content hash (for file sources)
+- Last update time
+
+Examples:
+  omnidev capability list
+  omnidev capability list --verbose`
   },
-  parameters: {},
-  async func() {
-    await runCapabilityList();
+  parameters: {
+    flags: {
+      verbose: {
+        kind: "boolean",
+        brief: "Show detailed version information",
+        optional: true
+      }
+    }
+  },
+  async func(flags) {
+    await runCapabilityList(flags);
   }
 });
 var enableCommand = buildCommand2({
@@ -1119,8 +1257,7 @@ import { buildCommand as buildCommand4 } from "@stricli/core";
 // src/prompts/provider.ts
 import { checkbox, confirm } from "@inquirer/prompts";
 var PROVIDER_GITIGNORE_FILES = {
-  claude: ["CLAUDE.md", ".claude/"],
-  "claude-code": ["CLAUDE.md", ".claude/"],
+  "claude-code": ["CLAUDE.md", ".claude/", ".mcp.json"],
   cursor: [".cursor/"],
   codex: ["AGENTS.md", ".codex/"],
   opencode: [".opencode/"]
@@ -1549,17 +1686,398 @@ var providerRoutes = buildRouteMap4({
   }
 });
 
-// src/commands/sync.ts
+// src/commands/security.ts
 import { existsSync as existsSync8 } from "node:fs";
+import {
+  addSecurityAllow,
+  buildCapabilityRegistry,
+  formatScanResults,
+  getAllSecurityAllows,
+  readSecurityAllows,
+  removeSecurityAllow,
+  scanCapabilities
+} from "@omnidev-ai/core";
+import { buildCommand as buildCommand7, buildRouteMap as buildRouteMap5 } from "@stricli/core";
+var VALID_FINDING_TYPES = [
+  "unicode_bidi",
+  "unicode_zero_width",
+  "unicode_control",
+  "symlink_escape",
+  "symlink_absolute",
+  "suspicious_script",
+  "binary_file"
+];
+function isValidFindingType(type) {
+  return VALID_FINDING_TYPES.includes(type);
+}
+async function filterAllowedFindings(summary, options = {}) {
+  const state = await readSecurityAllows();
+  const { includeLow = false } = options;
+  const filteredResults = summary.results.map((result) => {
+    const allows = state.allows[result.capabilityId] ?? [];
+    const filteredFindings = result.findings.filter((finding) => {
+      if (allows.includes(finding.type))
+        return false;
+      if (!includeLow && finding.severity === "low")
+        return false;
+      return true;
+    });
+    return {
+      ...result,
+      findings: filteredFindings,
+      passed: filteredFindings.length === 0 || filteredFindings.every((f) => f.severity === "low")
+    };
+  });
+  const findingsByType = {
+    unicode_bidi: 0,
+    unicode_zero_width: 0,
+    unicode_control: 0,
+    symlink_escape: 0,
+    symlink_absolute: 0,
+    suspicious_script: 0,
+    binary_file: 0
+  };
+  const findingsBySeverity = {
+    low: 0,
+    medium: 0,
+    high: 0,
+    critical: 0
+  };
+  let totalFindings = 0;
+  let capabilitiesWithFindings = 0;
+  for (const result of filteredResults) {
+    if (result.findings.length > 0) {
+      capabilitiesWithFindings++;
+    }
+    for (const finding of result.findings) {
+      totalFindings++;
+      const currentTypeCount = findingsByType[finding.type] ?? 0;
+      findingsByType[finding.type] = currentTypeCount + 1;
+      const currentSeverityCount = findingsBySeverity[finding.severity] ?? 0;
+      findingsBySeverity[finding.severity] = currentSeverityCount + 1;
+    }
+  }
+  return {
+    ...summary,
+    results: filteredResults,
+    totalFindings,
+    capabilitiesWithFindings,
+    findingsByType,
+    findingsBySeverity,
+    allPassed: filteredResults.every((r) => r.passed)
+  };
+}
+function formatFindingsWithHints(summary) {
+  const lines = [];
+  lines.push("Security Scan Results");
+  lines.push("=====================");
+  lines.push("");
+  if (summary.totalFindings === 0) {
+    lines.push("No security issues found");
+    return lines.join(`
+`);
+  }
+  lines.push(`Found ${summary.totalFindings} issue(s) in ${summary.capabilitiesWithFindings} capability(ies)`);
+  lines.push("");
+  if (summary.findingsBySeverity.critical > 0) {
+    lines.push(`  CRITICAL: ${summary.findingsBySeverity.critical}`);
+  }
+  if (summary.findingsBySeverity.high > 0) {
+    lines.push(`  HIGH: ${summary.findingsBySeverity.high}`);
+  }
+  if (summary.findingsBySeverity.medium > 0) {
+    lines.push(`  MEDIUM: ${summary.findingsBySeverity.medium}`);
+  }
+  if (summary.findingsBySeverity.low > 0) {
+    lines.push(`  LOW: ${summary.findingsBySeverity.low}`);
+  }
+  lines.push("");
+  for (const result of summary.results) {
+    if (result.findings.length === 0)
+      continue;
+    lines.push(`${result.capabilityId}:`);
+    for (const finding of result.findings) {
+      const location = finding.line ? `:${finding.line}${finding.column ? `:${finding.column}` : ""}` : "";
+      const severity = finding.severity.toUpperCase().padEnd(8);
+      lines.push(`  [${severity}] ${finding.file}${location}`);
+      lines.push(`             ${finding.message}`);
+      if (finding.details) {
+        lines.push(`             ${finding.details}`);
+      }
+      lines.push(`             To allow: omnidev security allow ${result.capabilityId} ${finding.type}`);
+      lines.push("");
+    }
+  }
+  return lines.join(`
+`);
+}
+async function runSecurityIssues(flags = {}) {
+  try {
+    if (!existsSync8("omni.toml")) {
+      console.log("No config file found");
+      console.log("  Run: omnidev init");
+      process.exit(1);
+    }
+    console.log("Scanning capabilities for security issues...");
+    console.log("");
+    const registry = await buildCapabilityRegistry();
+    const capabilities = registry.getAllCapabilities();
+    if (capabilities.length === 0) {
+      console.log("No capabilities found to scan.");
+      return;
+    }
+    const capabilityInfos = capabilities.map((cap) => ({
+      id: cap.id,
+      path: cap.path
+    }));
+    const summary = await scanCapabilities(capabilityInfos);
+    const filteredSummary = await filterAllowedFindings(summary, {
+      includeLow: flags.all ?? false
+    });
+    if (flags.verbose) {
+      console.log(formatScanResults(filteredSummary, true));
+    } else {
+      console.log(formatFindingsWithHints(filteredSummary));
+    }
+    const hiddenCount = summary.totalFindings - filteredSummary.totalFindings;
+    if (hiddenCount > 0) {
+      const parts = [];
+      if (!flags.all && summary.findingsBySeverity.low > 0) {
+        parts.push(`${summary.findingsBySeverity.low} low-severity`);
+      }
+      const allowedCount = hiddenCount - (flags.all ? 0 : summary.findingsBySeverity.low);
+      if (allowedCount > 0) {
+        parts.push(`${allowedCount} allowed`);
+      }
+      if (parts.length > 0) {
+        console.log(`(${parts.join(", ")} finding(s) hidden, use --all to show)`);
+        console.log("");
+      }
+    }
+    if (!filteredSummary.allPassed) {
+      process.exit(1);
+    }
+  } catch (error) {
+    console.error("Error scanning capabilities:", error);
+    process.exit(1);
+  }
+}
+async function runSecurityAllow(_flags, capabilityId, findingType) {
+  try {
+    if (!isValidFindingType(findingType)) {
+      console.error(`Invalid finding type: '${findingType}'`);
+      console.log("");
+      console.log("Valid types:");
+      for (const type of VALID_FINDING_TYPES) {
+        console.log(`  - ${type}`);
+      }
+      process.exit(1);
+    }
+    const added = await addSecurityAllow(capabilityId, findingType);
+    if (added) {
+      console.log(`Allowed ${findingType} for capability: ${capabilityId}`);
+    } else {
+      console.log(`Already allowed: ${findingType} for ${capabilityId}`);
+    }
+  } catch (error) {
+    console.error("Error adding security allow:", error);
+    process.exit(1);
+  }
+}
+async function runSecurityDeny(_flags, capabilityId, findingType) {
+  try {
+    if (!isValidFindingType(findingType)) {
+      console.error(`Invalid finding type: '${findingType}'`);
+      console.log("");
+      console.log("Valid types:");
+      for (const type of VALID_FINDING_TYPES) {
+        console.log(`  - ${type}`);
+      }
+      process.exit(1);
+    }
+    const removed = await removeSecurityAllow(capabilityId, findingType);
+    if (removed) {
+      console.log(`Removed allow for ${findingType} on capability: ${capabilityId}`);
+    } else {
+      console.log(`No allow found for: ${findingType} on ${capabilityId}`);
+    }
+  } catch (error) {
+    console.error("Error removing security allow:", error);
+    process.exit(1);
+  }
+}
+async function runSecurityListAllows() {
+  try {
+    const allows = await getAllSecurityAllows();
+    if (allows.length === 0) {
+      console.log("No security allows configured.");
+      console.log("");
+      console.log("Use 'omnidev security allow <cap-id> <type>' to add allows.");
+      return;
+    }
+    console.log("Security Allows:");
+    console.log("");
+    const byCapability = {};
+    for (const allow of allows) {
+      const existing = byCapability[allow.capabilityId];
+      if (existing) {
+        existing.push(allow.findingType);
+      } else {
+        byCapability[allow.capabilityId] = [allow.findingType];
+      }
+    }
+    for (const [capId, types] of Object.entries(byCapability)) {
+      console.log(`  ${capId}:`);
+      for (const type of types) {
+        console.log(`    - ${type}`);
+      }
+      console.log("");
+    }
+  } catch (error) {
+    console.error("Error listing security allows:", error);
+    process.exit(1);
+  }
+}
+var issuesCommand = buildCommand7({
+  docs: {
+    brief: "Scan capabilities for security issues",
+    fullDescription: `Scan all enabled capabilities for security issues.
+
+Security checks include:
+- Suspicious Unicode characters (bidi overrides, zero-width, control chars)
+- Symlinks that escape capability directories
+- Suspicious script patterns (curl|sh, eval, rm -rf /, etc.)
+- Binary files in content directories
+
+By default, low-severity findings (like binary files) are hidden.
+Use --all to show all findings including low-severity ones.
+
+Findings can be allowed using 'omnidev security allow <cap-id> <type>'.
+
+Examples:
+  omnidev security issues
+  omnidev security issues --all
+  omnidev security issues --verbose`
+  },
+  parameters: {
+    flags: {
+      verbose: {
+        kind: "boolean",
+        brief: "Show verbose output with raw format",
+        optional: true
+      },
+      all: {
+        kind: "boolean",
+        brief: "Show all findings including low-severity",
+        optional: true
+      }
+    }
+  },
+  async func(flags) {
+    await runSecurityIssues(flags);
+  }
+});
+var allowCommand = buildCommand7({
+  docs: {
+    brief: "Allow a security finding type for a capability",
+    fullDescription: `Allow (ignore) a specific security finding type for a capability.
+
+This stores the allow in .omni/security.json. Allowed findings are hidden
+from 'omnidev security issues' output.
+
+Finding types:
+  unicode_bidi       - Bidirectional text override characters
+  unicode_zero_width - Zero-width characters
+  unicode_control    - Suspicious control characters
+  symlink_escape     - Symlinks escaping capability directory
+  symlink_absolute   - Symlinks with absolute paths
+  suspicious_script  - Suspicious script patterns
+  binary_file        - Binary files in content directories
+
+Examples:
+  omnidev security allow my-capability unicode_bidi
+  omnidev security allow my-capability suspicious_script`
+  },
+  parameters: {
+    flags: {},
+    positional: {
+      kind: "tuple",
+      parameters: [
+        {
+          brief: "Capability ID",
+          parse: String
+        },
+        {
+          brief: "Finding type to allow",
+          parse: String
+        }
+      ]
+    }
+  },
+  func: runSecurityAllow
+});
+var denyCommand = buildCommand7({
+  docs: {
+    brief: "Remove a security allow",
+    fullDescription: `Remove a previously allowed security finding type.
+
+This removes the allow from .omni/security.json. The finding will
+appear again in 'omnidev security issues' output.
+
+Examples:
+  omnidev security deny my-capability unicode_bidi
+  omnidev security deny my-capability suspicious_script`
+  },
+  parameters: {
+    flags: {},
+    positional: {
+      kind: "tuple",
+      parameters: [
+        {
+          brief: "Capability ID",
+          parse: String
+        },
+        {
+          brief: "Finding type to remove allow for",
+          parse: String
+        }
+      ]
+    }
+  },
+  func: runSecurityDeny
+});
+var listAllowsCommand = buildCommand7({
+  docs: {
+    brief: "List all security allows"
+  },
+  parameters: {},
+  async func() {
+    await runSecurityListAllows();
+  }
+});
+var securityRoutes = buildRouteMap5({
+  routes: {
+    issues: issuesCommand,
+    allow: allowCommand,
+    deny: denyCommand,
+    "list-allows": listAllowsCommand
+  },
+  docs: {
+    brief: "Security scanning and allows"
+  }
+});
+
+// src/commands/sync.ts
+import { existsSync as existsSync9 } from "node:fs";
 import {
   getActiveProfile as getActiveProfile3,
   loadConfig as loadConfig3,
   syncAgentConfiguration as syncAgentConfiguration6,
   writeEnabledProviders as writeEnabledProviders2
 } from "@omnidev-ai/core";
-import { buildCommand as buildCommand7 } from "@stricli/core";
+import { buildCommand as buildCommand8 } from "@stricli/core";
 var PROVIDERS_STATE_PATH = ".omni/state/providers.json";
-var syncCommand = buildCommand7({
+var syncCommand = buildCommand8({
   docs: {
     brief: "Manually sync all capabilities, roles, and instructions"
   },
@@ -1569,13 +2087,11 @@ var syncCommand = buildCommand7({
   }
 });
 async function runSync() {
-  console.log("Syncing OmniDev configuration...");
-  console.log("");
   try {
     const config = await loadConfig3();
     const activeProfile = await getActiveProfile3() ?? "default";
     let adapters = await getEnabledAdapters();
-    if (!existsSync8(PROVIDERS_STATE_PATH) || adapters.length === 0) {
+    if (!existsSync9(PROVIDERS_STATE_PATH) || adapters.length === 0) {
       console.log("No providers configured yet. Select your provider(s):");
       const providerIds = await promptForProviders();
       await writeEnabledProviders2(providerIds);
@@ -1586,21 +2102,12 @@ async function runSync() {
       adapters = await initializeAdaptersForProviders(providerIds, ctx);
       console.log("");
     }
-    const result = await syncAgentConfiguration6({ silent: false, adapters });
+    const providerNames = adapters.map((a) => a.displayName).join(", ") || "none";
+    console.log(`Profile: ${activeProfile} | Providers: ${providerNames}`);
     console.log("");
-    console.log("✓ Sync completed successfully!");
-    console.log("");
-    console.log(`Profile: ${activeProfile}`);
-    console.log(`Capabilities: ${result.capabilities.join(", ") || "none"}`);
-    console.log(`Providers: ${adapters.map((a) => a.displayName).join(", ") || "none"}`);
-    console.log("");
-    console.log("Synced components:");
-    console.log("  • Capability registry");
-    console.log("  • Capability sync hooks");
-    console.log("  • .omni/.gitignore");
-    if (adapters.length > 0) {
-      console.log("  • Provider-specific files (instructions embedded)");
-    }
+    const result = await syncAgentConfiguration6({ silent: false, adapters });
+    const capList = result.capabilities.join(", ");
+    console.log(`✓ Synced - ${capList}`);
   } catch (error) {
     console.error("");
     console.error("✗ Sync failed:");
@@ -1614,7 +2121,7 @@ import { debug } from "@omnidev-ai/core";
 var require2 = createRequire2(import.meta.url);
 function readCliVersion() {
   try {
-    const pkg = require2("../../package.json");
+    const pkg = require2("../package.json");
     if (typeof pkg?.version === "string") {
       return pkg.version;
     }
@@ -1629,11 +2136,15 @@ async function buildDynamicApp() {
     add: addRoutes,
     capability: capabilityRoutes,
     profile: profileRoutes,
-    provider: providerRoutes
+    provider: providerRoutes,
+    security: securityRoutes
   };
   debug("Core routes registered", Object.keys(routes));
-  if (existsSync9(".omni/config.toml")) {
+  const configPath = join9(process.cwd(), "omni.toml");
+  debug("Checking for config", { configPath, exists: existsSync10(configPath), cwd: process.cwd() });
+  if (existsSync10(configPath)) {
     try {
+      debug("Loading capability commands...");
       const capabilityCommands = await loadCapabilityCommands();
       debug("Capability commands loaded", {
         commands: Object.keys(capabilityCommands),
@@ -1653,7 +2164,7 @@ async function buildDynamicApp() {
     }
   }
   debug("Final routes", Object.keys(routes));
-  const app = buildApplication(buildRouteMap5({
+  const app = buildApplication(buildRouteMap6({
     routes,
     docs: {
       brief: "OmniDev commands"
@@ -1668,10 +2179,14 @@ async function buildDynamicApp() {
   return app;
 }
 async function loadCapabilityCommands() {
-  const { buildCapabilityRegistry, installCapabilityDependencies } = await import("@omnidev-ai/core");
+  const { buildCapabilityRegistry: buildCapabilityRegistry2, installCapabilityDependencies } = await import("@omnidev-ai/core");
   await installCapabilityDependencies(true);
-  const registry = await buildCapabilityRegistry();
+  const registry = await buildCapabilityRegistry2();
   const capabilities = registry.getAllCapabilities();
+  debug("Registry built", {
+    capabilityCount: capabilities.length,
+    capabilities: capabilities.map((c) => ({ id: c.id, path: c.path }))
+  });
   const commands = {};
   for (const capability of capabilities) {
     try {
@@ -1702,20 +2217,40 @@ async function loadCapabilityCommands() {
 }
 async function loadCapabilityExport(capability) {
   const capabilityPath = join9(process.cwd(), capability.path);
-  const indexPath = join9(capabilityPath, "index.ts");
-  if (!existsSync9(indexPath)) {
-    const jsIndexPath = join9(capabilityPath, "index.js");
-    if (!existsSync9(jsIndexPath)) {
-      return null;
-    }
-    const module2 = await import(jsIndexPath);
-    if (!module2.default) {
-      return null;
-    }
-    return module2.default;
+  const builtIndexPath = join9(capabilityPath, "dist", "index.js");
+  const jsIndexPath = join9(capabilityPath, "index.js");
+  const tsIndexPath = join9(capabilityPath, "index.ts");
+  debug(`Checking entry points for '${capability.id}'`, {
+    capabilityPath,
+    builtIndexPath,
+    builtExists: existsSync10(builtIndexPath),
+    jsIndexPath,
+    jsExists: existsSync10(jsIndexPath),
+    tsIndexPath,
+    tsExists: existsSync10(tsIndexPath)
+  });
+  let indexPath = null;
+  if (existsSync10(builtIndexPath)) {
+    indexPath = builtIndexPath;
+  } else if (existsSync10(jsIndexPath)) {
+    indexPath = jsIndexPath;
+  } else if (existsSync10(tsIndexPath)) {
+    indexPath = tsIndexPath;
   }
+  if (!indexPath) {
+    debug(`No entry point found for '${capability.id}'`);
+    return null;
+  }
+  debug(`Using entry point for '${capability.id}'`, { indexPath });
   const module = await import(indexPath);
+  debug(`Module loaded for '${capability.id}'`, {
+    hasDefault: !!module.default,
+    moduleKeys: Object.keys(module),
+    defaultType: typeof module.default,
+    defaultKeys: module.default ? Object.keys(module.default) : []
+  });
   if (!module.default) {
+    debug(`No default export for '${capability.id}'`);
     return null;
   }
   const capExport = module.default;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@omnidev-ai/cli",
-  "version": "0.11.0",
+  "version": "0.12.0",
   "type": "module",
   "license": "MIT",
   "repository": {
@@ -28,11 +28,11 @@
   },
   "dependencies": {
     "@inquirer/prompts": "^8.1.0",
-    "@omnidev-ai/core": "0.11.0",
+    "@omnidev-ai/core": "0.12.0",
     "@stricli/core": "^1.2.5"
   },
   "devDependencies": {
-    "@omnidev-ai/adapters": "0.0.11",
+    "@omnidev-ai/adapters": "0.1.1",
     "bunup": "^0.16.20"
   }
 }