@open-skills-hub/cli 1.0.0

package/src/commands/scan.ts

@@ -0,0 +1,190 @@
+/**
+ * Open Skills Hub CLI - Scan Command
+ */
+
+import { Command } from 'commander';
+import chalk from 'chalk';
+import ora from 'ora';
+import * as fs from 'fs';
+import * as path from 'path';
+import Table from 'cli-table3';
+import {
+  getConfig,
+  initScanner,
+  getScanner,
+} from '@open-skills-hub/core';
+
+export const scanCommand = new Command('scan')
+  .description('Scan content for security issues')
+  .argument('<file>', 'Path to file to scan')
+  .option('--json', 'Output as JSON')
+  .option('-q, --quick', 'Quick check (high severity only)')
+  .option('--rules', 'Show available rules')
+  .action(async (file, options) => {
+    // Show rules if requested
+    if (options.rules) {
+      const config = getConfig();
+      initScanner({
+        enabled: true,
+        timeout: 30000,
+        maxFileSize: 10485760,
+      });
+      const scanner = getScanner();
+      const rules = scanner.getEnabledRules();
+
+      console.log(chalk.bold('\nAvailable Security Rules:\n'));
+
+      const table = new Table({
+        head: [
+          chalk.cyan('ID'),
+          chalk.cyan('Name'),
+          chalk.cyan('Category'),
+          chalk.cyan('Severity'),
+        ],
+        colWidths: [10, 30, 12, 10],
+      });
+
+      for (const rule of rules) {
+        const severityColor = {
+          high: chalk.red,
+          medium: chalk.yellow,
+          low: chalk.blue,
+        }[rule.severity] ?? chalk.white;
+
+        table.push([
+          rule.id,
+          rule.name,
+          rule.category,
+          severityColor(rule.severity),
+        ]);
+      }
+
+      console.log(table.toString());
+      console.log(chalk.gray(`\nTotal: ${rules.length} rules`));
+      return;
+    }
+
+    const spinner = ora('Scanning file...').start();
+
+    try {
+      // Read file
+      const filePath = path.resolve(file);
+      if (!fs.existsSync(filePath)) {
+        spinner.fail(`File not found: ${filePath}`);
+        process.exit(1);
+      }
+
+      const content = fs.readFileSync(filePath, 'utf-8');
+
+      // Initialize scanner
+      const config = getConfig();
+      initScanner({
+        enabled: true,
+        timeout: config.get().scanner.timeout,
+        maxFileSize: config.get().scanner.maxFileSize,
+      });
+      const scanner = getScanner();
+
+      let result;
+      if (options.quick) {
+        // Quick check
+        const quickResult = await scanner.quickCheck(content);
+        spinner.stop();
+
+        if (quickResult.safe) {
+          console.log(chalk.green('\n✓ No high-severity issues found'));
+        } else {
+          console.log(chalk.red(`\n✗ Found ${quickResult.highSeverityCount} high-severity issue(s)`));
+          console.log(chalk.yellow(`  Security level: ${quickResult.level}`));
+        }
+
+        process.exit(quickResult.safe ? 0 : 1);
+      }
+
+      // Full scan
+      result = await scanner.scan(content);
+      spinner.stop();
+
+      // JSON output
+      if (options.json) {
+        console.log(JSON.stringify({
+          score: result.summary.score,
+          level: result.summary.level,
+          issueCount: result.summary.issueCount,
+          issues: result.issues,
+          recommendations: result.summary.recommendations,
+        }, null, 2));
+        return;
+      }
+
+      // Display results
+      console.log('\n' + chalk.bold.blue('═'.repeat(60)));
+      console.log(chalk.bold.white(' Security Scan Results'));
+      console.log(chalk.bold.blue('═'.repeat(60)) + '\n');
+
+      // Score and level
+      const levelColor = {
+        safe: chalk.green,
+        low: chalk.blue,
+        medium: chalk.yellow,
+        high: chalk.red,
+      }[result.summary.level] ?? chalk.white;
+
+      console.log(`${chalk.bold('Score:')}  ${result.summary.score}/100`);
+      console.log(`${chalk.bold('Level:')}  ${levelColor(result.summary.level.toUpperCase())}`);
+      console.log(`${chalk.bold('File:')}   ${filePath}`);
+      console.log();
+
+      // Issue counts
+      console.log(chalk.bold('Issues:'));
+      console.log(`  ${chalk.red('●')} High:   ${result.summary.issueCount.high}`);
+      console.log(`  ${chalk.yellow('●')} Medium: ${result.summary.issueCount.medium}`);
+      console.log(`  ${chalk.blue('●')} Low:    ${result.summary.issueCount.low}`);
+      console.log();
+
+      // Issue details
+      if (result.issues.length > 0) {
+        console.log(chalk.bold('Issue Details:\n'));
+
+        for (const issue of result.issues) {
+          const severityColor = {
+            high: chalk.red,
+            medium: chalk.yellow,
+            low: chalk.blue,
+          }[issue.severity] ?? chalk.white;
+
+          console.log(severityColor(`[${issue.severity.toUpperCase()}]`) + ` ${chalk.bold(issue.ruleName)} (${issue.ruleId})`);
+          console.log(chalk.gray(`  Line ${issue.line}: `) + issue.content);
+          console.log(chalk.gray(`  ${issue.message}`));
+          if (issue.suggestion) {
+            console.log(chalk.cyan(`  💡 ${issue.suggestion}`));
+          }
+          console.log();
+        }
+      }
+
+      // Recommendations
+      if (result.summary.recommendations.length > 0) {
+        console.log(chalk.bold('Recommendations:\n'));
+        for (const rec of result.summary.recommendations) {
+          console.log(`  • ${rec}`);
+        }
+        console.log();
+      }
+
+      // Summary
+      console.log(chalk.bold.blue('─'.repeat(60)));
+      if (result.summary.level === 'safe') {
+        console.log(chalk.green.bold('✓ Content passed security scan'));
+      } else if (result.summary.level === 'high') {
+        console.log(chalk.red.bold('✗ Content has high-risk security issues'));
+        process.exit(1);
+      } else {
+        console.log(chalk.yellow.bold('⚠ Content has some security concerns'));
+      }
+
+    } catch (error) {
+      spinner.fail('Scan failed');
+      throw error;
+    }
+  });

package/src/commands/search.ts

@@ -0,0 +1,92 @@
+/**
+ * Open Skills Hub CLI - Search Command
+ */
+
+import { Command } from 'commander';
+import chalk from 'chalk';
+import ora from 'ora';
+import Table from 'cli-table3';
+import { getStorage, getConfig } from '@open-skills-hub/core';
+
+export const searchCommand = new Command('search')
+  .description('Search for skills')
+  .argument('[query]', 'Search query')
+  .option('-c, --category <category>', 'Filter by category')
+  .option('-a, --author <author>', 'Filter by author')
+  .option('-s, --sort <sort>', 'Sort by: relevance, uses, updated, created, name', 'relevance')
+  .option('-o, --order <order>', 'Sort order: asc, desc', 'desc')
+  .option('-l, --limit <limit>', 'Number of results', '20')
+  .option('--json', 'Output as JSON')
+  .action(async (query, options) => {
+    const spinner = ora('Searching skills...').start();
+
+    try {
+      const storage = await getStorage();
+      await storage.initialize();
+
+      const result = await storage.searchSkills({
+        query,
+        category: options.category,
+        author: options.author,
+        sort: options.sort,
+        order: options.order,
+        limit: parseInt(options.limit, 10),
+      });
+
+      spinner.stop();
+
+      if (options.json) {
+        console.log(JSON.stringify(result, null, 2));
+        return;
+      }
+
+      if (result.items.length === 0) {
+        console.log(chalk.yellow('\nNo skills found matching your query.'));
+        console.log(chalk.gray('Try a different search term or browse by category.'));
+        return;
+      }
+
+      console.log(chalk.bold(`\nFound ${result.pagination.total} skills:\n`));
+
+      const table = new Table({
+        head: [
+          chalk.cyan('Name'),
+          chalk.cyan('Description'),
+          chalk.cyan('Version'),
+          chalk.cyan('Security'),
+          chalk.cyan('Uses'),
+        ],
+        colWidths: [25, 40, 10, 10, 10],
+        wordWrap: true,
+      });
+
+      for (const skill of result.items) {
+        const securityColor = {
+          safe: chalk.green,
+          low: chalk.blue,
+          medium: chalk.yellow,
+          high: chalk.red,
+        }[skill.securityLevel ?? 'safe'] ?? chalk.white;
+
+        table.push([
+          chalk.bold(skill.fullName),
+          skill.description.substring(0, 80) + (skill.description.length > 80 ? '...' : ''),
+          skill.latestVersion,
+          securityColor(skill.securityLevel ?? 'unknown'),
+          skill.stats.totalUses.toString(),
+        ]);
+      }
+
+      console.log(table.toString());
+
+      if (result.pagination.hasMore) {
+        console.log(chalk.gray(`\nShowing ${result.items.length} of ${result.pagination.total} results.`));
+        console.log(chalk.gray('Use --limit to see more results.'));
+      }
+
+      await storage.close();
+    } catch (error) {
+      spinner.fail('Search failed');
+      throw error;
+    }
+  });

package/src/commands/validate.ts

@@ -0,0 +1,391 @@
+/**
+ * Open Skills Hub CLI - Validate Command
+ * Validates skill file or directory structure
+ */
+
+import { Command } from 'commander';
+import chalk from 'chalk';
+import * as fs from 'fs';
+import * as path from 'path';
+import { parse as parseYaml } from 'yaml';
+import { isValidSkillName } from '@open-skills-hub/core';
+
+interface ValidationResult {
+  valid: boolean;
+  errors: string[];
+  warnings: string[];
+  info: {
+    name?: string;
+    description?: string;
+    license?: string;
+    hasScripts: boolean;
+    hasReferences: boolean;
+    hasAssets: boolean;
+    fileCount: number;
+    totalSize: number;
+  };
+}
+
+interface ParsedFrontmatter {
+  name?: string;
+  description?: string;
+  license?: string;
+  compatibility?: string;
+  metadata?: Record<string, string>;
+  'allowed-tools'?: string;
+  allowedTools?: string[];
+}
+
+function parseFrontmatter(content: string): { frontmatter: ParsedFrontmatter; markdown: string } | null {
+  const match = content.match(/^---\n([\s\S]*?)\n---\n?([\s\S]*)$/);
+  if (!match || !match[1]) {
+    return null;
+  }
+  
+  try {
+    const frontmatter = parseYaml(match[1]) as ParsedFrontmatter;
+    return {
+      frontmatter,
+      markdown: match[2]?.trim() || '',
+    };
+  } catch {
+    return null;
+  }
+}
+
+function formatSize(bytes: number): string {
+  if (bytes < 1024) return `${bytes} B`;
+  if (bytes < 1024 * 1024) return `${(bytes / 1024).toFixed(1)} KB`;
+  return `${(bytes / 1024 / 1024).toFixed(2)} MB`;
+}
+
+function countFiles(dirPath: string): { count: number; size: number } {
+  let count = 0;
+  let size = 0;
+
+  if (!fs.existsSync(dirPath)) {
+    return { count: 0, size: 0 };
+  }
+
+  const entries = fs.readdirSync(dirPath, { withFileTypes: true });
+  for (const entry of entries) {
+    const fullPath = path.join(dirPath, entry.name);
+    if (entry.isDirectory()) {
+      const sub = countFiles(fullPath);
+      count += sub.count;
+      size += sub.size;
+    } else if (entry.isFile()) {
+      count++;
+      size += fs.statSync(fullPath).size;
+    }
+  }
+
+  return { count, size };
+}
+
+function validateSkill(skillPath: string): ValidationResult {
+  const result: ValidationResult = {
+    valid: true,
+    errors: [],
+    warnings: [],
+    info: {
+      hasScripts: false,
+      hasReferences: false,
+      hasAssets: false,
+      fileCount: 0,
+      totalSize: 0,
+    },
+  };
+
+  const resolvedPath = path.resolve(skillPath);
+
+  // Check if path exists
+  if (!fs.existsSync(resolvedPath)) {
+    result.errors.push(`Path not found: ${resolvedPath}`);
+    result.valid = false;
+    return result;
+  }
+
+  const stat = fs.statSync(resolvedPath);
+  const isDirectory = stat.isDirectory();
+
+  let skillMdPath: string;
+  let skillDir: string;
+
+  if (isDirectory) {
+    skillDir = resolvedPath;
+    skillMdPath = path.join(resolvedPath, 'SKILL.md');
+    
+    // Also check for lowercase
+    if (!fs.existsSync(skillMdPath)) {
+      const altPath = path.join(resolvedPath, 'skill.md');
+      if (fs.existsSync(altPath)) {
+        skillMdPath = altPath;
+        result.warnings.push('SKILL.md should be uppercase (found skill.md)');
+      }
+    }
+  } else {
+    skillDir = path.dirname(resolvedPath);
+    skillMdPath = resolvedPath;
+  }
+
+  // Check SKILL.md exists
+  if (!fs.existsSync(skillMdPath)) {
+    result.errors.push('SKILL.md not found');
+    result.valid = false;
+    return result;
+  }
+
+  // Read and parse SKILL.md
+  const content = fs.readFileSync(skillMdPath, 'utf-8');
+  result.info.totalSize = content.length;
+  result.info.fileCount = 1;
+
+  // Check for frontmatter
+  const parsed = parseFrontmatter(content);
+  if (!parsed) {
+    result.errors.push('Invalid or missing YAML frontmatter (must start with ---)');
+    result.valid = false;
+    return result;
+  }
+
+  const { frontmatter, markdown } = parsed;
+
+  // Validate name field
+  if (!frontmatter.name) {
+    result.errors.push('Missing required field: name');
+    result.valid = false;
+  } else {
+    result.info.name = frontmatter.name;
+
+    // Check name format
+    if (!isValidSkillName(frontmatter.name)) {
+      result.errors.push(`Invalid name format: "${frontmatter.name}". Must be lowercase letters, numbers, and hyphens only.`);
+      result.valid = false;
+    }
+
+    // Check name matches directory
+    if (isDirectory) {
+      const dirName = path.basename(skillDir);
+      if (frontmatter.name !== dirName) {
+        result.warnings.push(`Name "${frontmatter.name}" doesn't match directory name "${dirName}"`);
+      }
+    }
+
+    // Check name length
+    if (frontmatter.name.length > 64) {
+      result.errors.push(`Name too long: ${frontmatter.name.length} chars (max 64)`);
+      result.valid = false;
+    }
+
+    // Check for invalid patterns
+    if (frontmatter.name.startsWith('-')) {
+      result.errors.push('Name cannot start with a hyphen');
+      result.valid = false;
+    }
+    if (frontmatter.name.endsWith('-')) {
+      result.errors.push('Name cannot end with a hyphen');
+      result.valid = false;
+    }
+    if (frontmatter.name.includes('--')) {
+      result.errors.push('Name cannot contain consecutive hyphens');
+      result.valid = false;
+    }
+  }
+
+  // Validate description field
+  if (!frontmatter.description) {
+    result.errors.push('Missing required field: description');
+    result.valid = false;
+  } else {
+    result.info.description = frontmatter.description;
+
+    if (frontmatter.description.length > 1024) {
+      result.errors.push(`Description too long: ${frontmatter.description.length} chars (max 1024)`);
+      result.valid = false;
+    }
+
+    if (frontmatter.description.length < 10) {
+      result.warnings.push('Description is very short. Consider adding more detail.');
+    }
+  }
+
+  // Validate optional fields
+  if (frontmatter.license) {
+    result.info.license = frontmatter.license;
+  }
+
+  if (frontmatter.compatibility && frontmatter.compatibility.length > 500) {
+    result.errors.push(`Compatibility too long: ${frontmatter.compatibility.length} chars (max 500)`);
+    result.valid = false;
+  }
+
+  // Check markdown content
+  if (!markdown || markdown.length === 0) {
+    result.warnings.push('SKILL.md has no body content after frontmatter');
+  } else if (markdown.length > 50000) {
+    result.warnings.push(`SKILL.md body is very large (${(markdown.length / 1000).toFixed(1)}K chars). Consider splitting into reference files.`);
+  }
+
+  // Check directory structure (only for directories)
+  if (isDirectory) {
+    const scriptsDir = path.join(skillDir, 'scripts');
+    const referencesDir = path.join(skillDir, 'references');
+    const referenceDir = path.join(skillDir, 'reference'); // Alternative name
+    const assetsDir = path.join(skillDir, 'assets');
+
+    if (fs.existsSync(scriptsDir)) {
+      result.info.hasScripts = true;
+      const stats = countFiles(scriptsDir);
+      result.info.fileCount += stats.count;
+      result.info.totalSize += stats.size;
+    }
+
+    if (fs.existsSync(referencesDir)) {
+      result.info.hasReferences = true;
+      const stats = countFiles(referencesDir);
+      result.info.fileCount += stats.count;
+      result.info.totalSize += stats.size;
+    } else if (fs.existsSync(referenceDir)) {
+      result.info.hasReferences = true;
+      const stats = countFiles(referenceDir);
+      result.info.fileCount += stats.count;
+      result.info.totalSize += stats.size;
+    }
+
+    if (fs.existsSync(assetsDir)) {
+      result.info.hasAssets = true;
+      const stats = countFiles(assetsDir);
+      result.info.fileCount += stats.count;
+      result.info.totalSize += stats.size;
+    }
+
+    // Check for LICENSE file
+    const licensePath = path.join(skillDir, 'LICENSE.txt');
+    const licensePathAlt = path.join(skillDir, 'LICENSE');
+    if (!fs.existsSync(licensePath) && !fs.existsSync(licensePathAlt)) {
+      if (frontmatter.license) {
+        result.warnings.push('License specified in frontmatter but no LICENSE.txt file found');
+      }
+    }
+
+    // Check total size
+    if (result.info.totalSize > 150 * 1024 * 1024) {
+      result.errors.push(`Total size exceeds 150MB limit: ${formatSize(result.info.totalSize)}`);
+      result.valid = false;
+    } else if (result.info.totalSize > 50 * 1024 * 1024) {
+      result.warnings.push(`Large skill size: ${formatSize(result.info.totalSize)}. Consider optimizing.`);
+    }
+  }
+
+  return result;
+}
+
+export const validateCommand = new Command('validate')
+  .description('Validate a skill file or directory')
+  .argument('<path>', 'Path to skill file (.md) or directory containing SKILL.md')
+  .option('--json', 'Output result as JSON')
+  .action((skillPath, options) => {
+    const result = validateSkill(skillPath);
+
+    if (options.json) {
+      console.log(JSON.stringify(result, null, 2));
+      process.exit(result.valid ? 0 : 1);
+    }
+
+    // Pretty output
+    const resolvedPath = path.resolve(skillPath);
+    console.log(`\nValidating ${chalk.cyan(resolvedPath)}...\n`);
+
+    // SKILL.md check
+    if (result.errors.some(e => e.includes('SKILL.md not found'))) {
+      console.log(chalk.red('✗ SKILL.md not found'));
+      process.exit(1);
+    } else {
+      console.log(chalk.green('✓ SKILL.md exists'));
+    }
+
+    // Frontmatter check
+    if (result.errors.some(e => e.includes('frontmatter'))) {
+      console.log(chalk.red('✗ Frontmatter is invalid'));
+      for (const error of result.errors.filter(e => e.includes('frontmatter'))) {
+        console.log(chalk.red(`  └── ${error}`));
+      }
+    } else {
+      console.log(chalk.green('✓ Frontmatter is valid'));
+      
+      // Show field details
+      if (result.info.name) {
+        const nameValid = !result.errors.some(e => e.toLowerCase().includes('name'));
+        const icon = nameValid ? chalk.green('✓') : chalk.red('✗');
+        console.log(`  ├── name: ${result.info.name} ${icon}`);
+        
+        // Show name errors
+        for (const error of result.errors.filter(e => e.toLowerCase().includes('name') && !e.includes('frontmatter'))) {
+          console.log(chalk.red(`  │   └── ${error}`));
+        }
+      }
+      
+      if (result.info.description) {
+        const descValid = !result.errors.some(e => e.toLowerCase().includes('description'));
+        const icon = descValid ? chalk.green('✓') : chalk.red('✗');
+        const preview = result.info.description.length > 40 
+          ? result.info.description.substring(0, 40) + '...' 
+          : result.info.description;
+        console.log(`  ├── description: ${preview} ${icon}`);
+        
+        // Show description errors
+        for (const error of result.errors.filter(e => e.toLowerCase().includes('description'))) {
+          console.log(chalk.red(`  │   └── ${error}`));
+        }
+      } else {
+        console.log(chalk.red(`  ├── description: (missing)`));
+        console.log(chalk.red(`  │   └── Error: Description is required`));
+      }
+      
+      if (result.info.license) {
+        console.log(`  └── license: ${result.info.license} ${chalk.green('✓')}`);
+      }
+    }
+
+    // Directory structure check
+    const stat = fs.statSync(resolvedPath);
+    if (stat.isDirectory()) {
+      const hasAnyDirs = result.info.hasScripts || result.info.hasReferences || result.info.hasAssets;
+      
+      if (hasAnyDirs || result.info.fileCount > 1) {
+        console.log(chalk.green('✓ Directory structure is valid'));
+        if (result.info.hasScripts) {
+          console.log(chalk.gray('  ├── scripts/ ✓'));
+        }
+        if (result.info.hasReferences) {
+          console.log(chalk.gray('  ├── references/ ✓'));
+        }
+        if (result.info.hasAssets) {
+          console.log(chalk.gray('  ├── assets/ ✓'));
+        }
+        console.log(chalk.gray(`  └── ${result.info.fileCount} files, ${formatSize(result.info.totalSize)}`));
+      }
+    }
+
+    // Warnings
+    if (result.warnings.length > 0) {
+      console.log('');
+      for (const warning of result.warnings) {
+        console.log(chalk.yellow(`⚠ ${warning}`));
+      }
+    }
+
+    // Summary
+    console.log('');
+    if (result.valid) {
+      console.log(chalk.green.bold('✓ Skill is valid and ready to publish!'));
+      console.log(chalk.gray(`\nRun: skills publish ${skillPath}`));
+    } else {
+      const errorCount = result.errors.length;
+      console.log(chalk.red.bold(`Found ${errorCount} error${errorCount > 1 ? 's' : ''}. Please fix before publishing.`));
+    }
+    console.log('');
+
+    process.exit(result.valid ? 0 : 1);
+  });