@open-skills-hub/cli 1.0.0

package/src/commands/publish.ts

@@ -0,0 +1,688 @@
+/**
+ * Open Skills Hub CLI - Publish Command
+ * Supports both single file and directory publishing
+ */
+
+import { Command } from 'commander';
+import chalk from 'chalk';
+import ora from 'ora';
+import * as fs from 'fs';
+import * as path from 'path';
+import { parse as parseYaml } from 'yaml';
+import inquirer from 'inquirer';
+import {
+  getStorage,
+  getConfig,
+  initScanner,
+  getScanner,
+  generateUUID,
+  now,
+  sha256,
+  buildSkillFullName,
+  isValidSkillName,
+  isValidSemver,
+} from '@open-skills-hub/core';
+import type { Skill, Version, SkillContent, SkillFile, AuditLog } from '@open-skills-hub/core';
+
+interface ParsedSkillFile {
+  frontmatter: Record<string, unknown>;
+  markdown: string;
+}
+
+// File extensions to include (text-based files)
+const TEXT_EXTENSIONS = new Set([
+  '.md', '.txt', '.py', '.js', '.ts', '.sh', '.bash', '.zsh',
+  '.json', '.yaml', '.yml', '.xml', '.xsd', '.html', '.css',
+  '.sql', '.r', '.rb', '.pl', '.lua', '.go', '.rs', '.java',
+  '.c', '.cpp', '.h', '.hpp', '.swift', '.kt', '.scala',
+  '.template', '.tpl', '.cfg', '.conf', '.ini', '.env',
+  '.csv', '.tsv', '.log',
+]);
+
+// Binary extensions to include (will be base64 encoded)
+const BINARY_EXTENSIONS = new Set([
+  '.ttf', '.otf', '.woff', '.woff2',
+  '.png', '.jpg', '.jpeg', '.gif', '.svg', '.ico', '.webp',
+  '.pdf', '.zip', '.tar', '.gz',
+]);
+
+// Directories to skip
+const SKIP_DIRS = new Set([
+  'node_modules', '.git', '.svn', '__pycache__', '.DS_Store',
+  'dist', 'build', '.cache', '.vscode', '.idea',
+]);
+
+// Files to skip
+const SKIP_FILES = new Set([
+  '.DS_Store', 'Thumbs.db', '.gitignore', '.npmignore',
+]);
+
+function parseSkillFile(content: string): ParsedSkillFile {
+  const frontmatterMatch = content.match(/^---\n([\s\S]*?)\n---\n?([\s\S]*)$/);
+
+  if (frontmatterMatch && frontmatterMatch[1] && frontmatterMatch[2] !== undefined) {
+    return {
+      frontmatter: parseYaml(frontmatterMatch[1]) as Record<string, unknown>,
+      markdown: frontmatterMatch[2].trim(),
+    };
+  }
+
+  return {
+    frontmatter: {},
+    markdown: content.trim(),
+  };
+}
+
+function isTextFile(filePath: string): boolean {
+  const ext = path.extname(filePath).toLowerCase();
+  return TEXT_EXTENSIONS.has(ext);
+}
+
+function isBinaryFile(filePath: string): boolean {
+  const ext = path.extname(filePath).toLowerCase();
+  return BINARY_EXTENSIONS.has(ext);
+}
+
+function shouldIncludeFile(filePath: string): boolean {
+  const basename = path.basename(filePath);
+  if (SKIP_FILES.has(basename)) return false;
+  return isTextFile(filePath) || isBinaryFile(filePath);
+}
+
+function shouldSkipDir(dirName: string): boolean {
+  return SKIP_DIRS.has(dirName);
+}
+
+interface CollectedFiles {
+  skillMd: { path: string; content: string } | null;
+  files: SkillFile[];
+  totalSize: number;
+  stats: {
+    scripts: number;
+    references: number;
+    assets: number;
+    other: number;
+  };
+}
+
+function collectFiles(dirPath: string, basePath: string = dirPath): CollectedFiles {
+  const result: CollectedFiles = {
+    skillMd: null,
+    files: [],
+    totalSize: 0,
+    stats: { scripts: 0, references: 0, assets: 0, other: 0 },
+  };
+
+  const entries = fs.readdirSync(dirPath, { withFileTypes: true });
+
+  for (const entry of entries) {
+    const fullPath = path.join(dirPath, entry.name);
+    const relativePath = path.relative(basePath, fullPath);
+
+    if (entry.isDirectory()) {
+      if (shouldSkipDir(entry.name)) continue;
+      
+      // Recursively collect files
+      const subResult = collectFiles(fullPath, basePath);
+      result.files.push(...subResult.files);
+      result.totalSize += subResult.totalSize;
+      
+      // Merge stats
+      result.stats.scripts += subResult.stats.scripts;
+      result.stats.references += subResult.stats.references;
+      result.stats.assets += subResult.stats.assets;
+      result.stats.other += subResult.stats.other;
+      
+      if (subResult.skillMd && !result.skillMd) {
+        result.skillMd = subResult.skillMd;
+      }
+    } else if (entry.isFile()) {
+      // Handle SKILL.md specially
+      if (entry.name.toUpperCase() === 'SKILL.MD') {
+        const content = fs.readFileSync(fullPath, 'utf-8');
+        result.skillMd = { path: relativePath, content };
+        result.totalSize += content.length;
+        continue;
+      }
+
+      // Skip files we don't want to include
+      if (!shouldIncludeFile(entry.name)) continue;
+
+      const stat = fs.statSync(fullPath);
+      
+      // Skip files larger than 10MB
+      if (stat.size > 10 * 1024 * 1024) {
+        console.log(chalk.yellow(`  ⚠ Skipping large file: ${relativePath} (${(stat.size / 1024 / 1024).toFixed(2)} MB)`));
+        continue;
+      }
+
+      let content: string;
+      if (isTextFile(fullPath)) {
+        content = fs.readFileSync(fullPath, 'utf-8');
+      } else if (isBinaryFile(fullPath)) {
+        // Base64 encode binary files
+        const buffer = fs.readFileSync(fullPath);
+        content = `data:${getMimeType(fullPath)};base64,${buffer.toString('base64')}`;
+      } else {
+        continue;
+      }
+
+      result.files.push({
+        path: relativePath,
+        content,
+        size: stat.size,
+      });
+      result.totalSize += stat.size;
+
+      // Update stats
+      if (relativePath.startsWith('scripts/') || relativePath.startsWith('scripts\\')) {
+        result.stats.scripts++;
+      } else if (relativePath.startsWith('references/') || relativePath.startsWith('references\\') ||
+                 relativePath.startsWith('reference/') || relativePath.startsWith('reference\\')) {
+        result.stats.references++;
+      } else if (relativePath.startsWith('assets/') || relativePath.startsWith('assets\\')) {
+        result.stats.assets++;
+      } else {
+        result.stats.other++;
+      }
+    }
+  }
+
+  return result;
+}
+
+function getMimeType(filePath: string): string {
+  const ext = path.extname(filePath).toLowerCase();
+  const mimeTypes: Record<string, string> = {
+    '.ttf': 'font/ttf',
+    '.otf': 'font/otf',
+    '.woff': 'font/woff',
+    '.woff2': 'font/woff2',
+    '.png': 'image/png',
+    '.jpg': 'image/jpeg',
+    '.jpeg': 'image/jpeg',
+    '.gif': 'image/gif',
+    '.svg': 'image/svg+xml',
+    '.webp': 'image/webp',
+    '.ico': 'image/x-icon',
+    '.pdf': 'application/pdf',
+    '.zip': 'application/zip',
+  };
+  return mimeTypes[ext] || 'application/octet-stream';
+}
+
+function formatSize(bytes: number): string {
+  if (bytes < 1024) return `${bytes} B`;
+  if (bytes < 1024 * 1024) return `${(bytes / 1024).toFixed(1)} KB`;
+  return `${(bytes / 1024 / 1024).toFixed(2)} MB`;
+}
+
+export const publishCommand = new Command('publish')
+  .description('Publish a skill to the hub (supports both file and directory)')
+  .argument('<path>', 'Path to skill file (.md) or directory containing SKILL.md')
+  .option('-n, --name <name>', 'Skill name (overrides frontmatter)')
+  .option('-v, --version <version>', 'Version (default: 1.0.0 for new, auto-increment for updates)')
+  .option('-s, --scope <scope>', 'Scope/namespace (e.g., @myorg)')
+  .option('-a, --author <author>', 'Author name or organization (overrides frontmatter)')
+  .option('--category <category>', 'Skill category')
+  .option('--keywords <keywords>', 'Comma-separated keywords')
+  .option('--visibility <visibility>', 'Visibility: public, private, unlisted', 'public')
+  .option('--skip-scan', 'Skip security scan')
+  .option('--dry-run', 'Validate without publishing')
+  .option('-y, --yes', 'Skip confirmation prompts')
+  .action(async (inputPath, options) => {
+    const spinner = ora('Reading skill...').start();
+
+    try {
+      const resolvedPath = path.resolve(inputPath);
+      
+      if (!fs.existsSync(resolvedPath)) {
+        spinner.fail(`Path not found: ${resolvedPath}`);
+        process.exit(1);
+      }
+
+      const stat = fs.statSync(resolvedPath);
+      const isDirectory = stat.isDirectory();
+      
+      let skillMdContent: string;
+      let collectedFiles: SkillFile[] = [];
+      let totalSize = 0;
+      let fileStats = { scripts: 0, references: 0, assets: 0, other: 0 };
+      let skillDirName: string;
+
+      if (isDirectory) {
+        // Directory mode: collect all files
+        spinner.text = 'Reading directory...';
+        skillDirName = path.basename(resolvedPath);
+        
+        const collected = collectFiles(resolvedPath);
+        
+        if (!collected.skillMd) {
+          spinner.fail('SKILL.md not found in directory');
+          process.exit(1);
+        }
+
+        skillMdContent = collected.skillMd.content;
+        collectedFiles = collected.files;
+        totalSize = collected.totalSize;
+        fileStats = collected.stats;
+
+        spinner.succeed(`Found SKILL.md and ${collected.files.length} additional files`);
+        
+        if (collected.files.length > 0) {
+          console.log(chalk.gray(`  ├── scripts: ${fileStats.scripts} files`));
+          console.log(chalk.gray(`  ├── references: ${fileStats.references} files`));
+          console.log(chalk.gray(`  ├── assets: ${fileStats.assets} files`));
+          if (fileStats.other > 0) {
+            console.log(chalk.gray(`  └── other: ${fileStats.other} files`));
+          }
+          console.log(chalk.gray(`  Total size: ${formatSize(totalSize)}`));
+        }
+      } else {
+        // Single file mode
+        skillDirName = path.basename(path.dirname(resolvedPath));
+        skillMdContent = fs.readFileSync(resolvedPath, 'utf-8');
+        totalSize = skillMdContent.length;
+        spinner.succeed('Read skill file');
+      }
+
+      // Parse SKILL.md
+      const parsed = parseSkillFile(skillMdContent);
+
+      // Extract metadata
+      const skillName = options.name ?? (parsed.frontmatter['name'] as string) ?? skillDirName;
+      
+      if (!skillName) {
+        spinner.fail('Skill name is required. Use --name or add "name" to frontmatter.');
+        process.exit(1);
+      }
+
+      if (!isValidSkillName(skillName)) {
+        spinner.fail(`Invalid skill name: ${skillName}. Use lowercase letters, numbers, and hyphens.`);
+        process.exit(1);
+      }
+
+      // Validate name matches directory
+      if (isDirectory && skillName !== skillDirName) {
+        console.log(chalk.yellow(`  ⚠ Warning: name "${skillName}" doesn't match directory "${skillDirName}"`));
+      }
+
+      // Extract and validate author
+      const author = options.author 
+        ?? (parsed.frontmatter['author'] as string)
+        ?? (parsed.frontmatter['metadata'] as Record<string, unknown>)?.[' author'] as string;
+      
+      if (!author) {
+        spinner.fail(chalk.red('Author is required!'));
+        console.log(chalk.yellow('\n📝 Please provide author information:'));
+        console.log(chalk.gray('  Option 1: Add to SKILL.md frontmatter:'));
+        console.log(chalk.cyan('    ---'));
+        console.log(chalk.cyan('    name: your-skill'));
+        console.log(chalk.cyan('    description: ...'));
+        console.log(chalk.cyan('    author: Your Name'));
+        console.log(chalk.cyan('    ---'));
+        console.log(chalk.gray('\n  Option 2: Use command line flag:'));
+        console.log(chalk.cyan('    skills publish ./your-skill --author "Your Name"'));
+        process.exit(1);
+      }
+
+      const scope = options.scope?.replace(/^@/, '');
+      const fullName = buildSkillFullName(skillName, scope);
+
+      const prepareSpinner = ora(`Preparing ${fullName}...`).start();
+
+      // Initialize storage
+      const storage = await getStorage();
+      await storage.initialize();
+      const config = getConfig();
+
+      // Check if skill exists
+      const existingSkill = await storage.getSkillByName(fullName);
+      const isUpdate = !!existingSkill;
+
+      // Determine version
+      let version = options.version ?? (parsed.frontmatter['version'] as string);
+      if (!version) {
+        if (isUpdate) {
+          // Auto-increment patch version
+          const [major, minor, patch] = existingSkill.latestVersion.split('.').map(Number);
+          version = `${major}.${minor}.${(patch ?? 0) + 1}`;
+        } else {
+          version = '1.0.0';
+        }
+      }
+
+      if (!isValidSemver(version)) {
+        prepareSpinner.fail(`Invalid version: ${version}. Use semantic versioning (e.g., 1.0.0).`);
+        process.exit(1);
+      }
+
+      // Check version doesn't exist
+      if (isUpdate) {
+        const existingVersion = await storage.getVersion(existingSkill.id, version);
+        if (existingVersion) {
+          prepareSpinner.fail(`Version ${version} already exists for ${fullName}.`);
+          process.exit(1);
+        }
+      }
+
+      prepareSpinner.succeed(`Prepared ${fullName}@${version} (${isUpdate ? 'new version' : 'new skill'})`);
+
+      // Security scan
+      let scanResult: Awaited<ReturnType<ReturnType<typeof getScanner>['scan']>> | undefined;
+      
+      if (!options.skipScan) {
+        const scanSpinner = ora('Running security scan...').start();
+
+        initScanner({
+          enabled: config.get().scanner.enabled,
+          timeout: config.get().scanner.timeout,
+          maxFileSize: config.get().scanner.maxFileSize,
+        });
+        const scanner = getScanner();
+        
+        // Scan SKILL.md content
+        scanResult = await scanner.scan(skillMdContent);
+
+        // Also scan script files if any
+        for (const file of collectedFiles) {
+          if (file.path.startsWith('scripts/') && (file.path.endsWith('.py') || file.path.endsWith('.sh') || file.path.endsWith('.js'))) {
+            const fileScanResult = await scanner.scan(file.content);
+            scanResult.issues.push(...fileScanResult.issues);
+            scanResult.summary.score = Math.min(scanResult.summary.score, fileScanResult.summary.score);
+            if (fileScanResult.summary.level === 'high') {
+              scanResult.summary.level = 'high';
+            } else if (fileScanResult.summary.level === 'medium' && scanResult.summary.level !== 'high') {
+              scanResult.summary.level = 'medium';
+            }
+          }
+        }
+
+        // Determine level color
+        const levelColor = {
+          safe: chalk.green,
+          low: chalk.blue,
+          medium: chalk.yellow,
+          high: chalk.red,
+        }[scanResult.summary.level] ?? chalk.white;
+
+        // Show scan result
+        if (scanResult.summary.level === 'high') {
+          scanSpinner.fail(`Security scan: ${levelColor(scanResult.summary.level)} (score: ${scanResult.summary.score})`);
+        } else {
+          scanSpinner.succeed(`Security scan: ${levelColor(scanResult.summary.level)} (score: ${scanResult.summary.score})`);
+        }
+
+        // Show issue details if any issues found
+        if (scanResult.issues.length > 0) {
+          // Count issues by severity
+          const highCount = scanResult.issues.filter(i => i.severity === 'high').length;
+          const mediumCount = scanResult.issues.filter(i => i.severity === 'medium').length;
+          const lowCount = scanResult.issues.filter(i => i.severity === 'low').length;
+          
+          const parts: string[] = [];
+          if (highCount > 0) parts.push(`${highCount} high`);
+          if (mediumCount > 0) parts.push(`${mediumCount} medium`);
+          if (lowCount > 0) parts.push(`${lowCount} low`);
+          
+          const severityText = parts.length > 0 ? parts.join(', ') : 'none critical';
+          console.log(chalk.gray(`  ${scanResult.issues.length} issue(s) found - ${severityText}\n`));
+
+          // Show detailed issues grouped by severity
+          if (highCount > 0) {
+            console.log(chalk.red.bold('High-Risk Issues:'));
+            for (const issue of scanResult.issues.filter(i => i.severity === 'high')) {
+              console.log(chalk.red(`  • [${issue.ruleId}] ${issue.message}`));
+              console.log(chalk.gray(`    Line ${issue.line}: ${issue.content}`));
+              if (issue.suggestion) {
+                console.log(chalk.yellow(`    Suggestion: ${issue.suggestion}`));
+              }
+            }
+            console.log('');
+          }
+
+          if (mediumCount > 0) {
+            console.log(chalk.yellow.bold('Medium-Risk Issues:'));
+            for (const issue of scanResult.issues.filter(i => i.severity === 'medium')) {
+              console.log(chalk.yellow(`  • [${issue.ruleId}] ${issue.message}`));
+              console.log(chalk.gray(`    Line ${issue.line}: ${issue.content}`));
+              if (issue.suggestion) {
+                console.log(chalk.blue(`    Suggestion: ${issue.suggestion}`));
+              }
+            }
+            console.log('');
+          }
+
+          if (lowCount > 0) {
+            console.log(chalk.blue.bold('Low-Risk Issues:'));
+            for (const issue of scanResult.issues.filter(i => i.severity === 'low')) {
+              console.log(chalk.blue(`  • [${issue.ruleId}] ${issue.message}`));
+              console.log(chalk.gray(`    Line ${issue.line}: ${issue.content}`));
+              if (issue.suggestion) {
+                console.log(chalk.cyan(`    Suggestion: ${issue.suggestion}`));
+              }
+            }
+            console.log('');
+          }
+        }
+
+        // Ask for confirmation if high-risk issues found
+        if (scanResult.summary.level === 'high' && !options.yes) {
+          const { proceed } = await inquirer.prompt([{
+            type: 'confirm',
+            name: 'proceed',
+            message: 'Do you want to proceed despite high-risk security warnings?',
+            default: false,
+          }]);
+
+          if (!proceed) {
+            console.log(chalk.yellow('\nPublish cancelled.'));
+            process.exit(1);
+          }
+        }
+      }
+
+      // Build skill content
+      const skillContent: SkillContent = {
+        frontmatter: {
+          name: skillName,
+          description: (parsed.frontmatter['description'] as string) ?? '',
+          allowedTools: parsed.frontmatter['allowedTools'] as string[] | undefined,
+          argumentHint: parsed.frontmatter['argumentHint'] as string | undefined,
+          disableModelInvocation: parsed.frontmatter['disableModelInvocation'] as boolean | undefined,
+          userInvocable: parsed.frontmatter['userInvocable'] as boolean | undefined,
+          model: parsed.frontmatter['model'] as string | undefined,
+          license: parsed.frontmatter['license'] as string | undefined,
+          compatibility: parsed.frontmatter['compatibility'] as string | undefined,
+          metadata: parsed.frontmatter['metadata'] as Record<string, string> | undefined,
+        },
+        markdown: parsed.markdown,
+        files: collectedFiles.length > 0 ? collectedFiles : undefined,
+      };
+
+      // Dry run check
+      if (options.dryRun) {
+        console.log(chalk.cyan('\n[Dry Run] Would publish:'));
+        console.log(`  Name: ${fullName}`);
+        console.log(`  Version: ${version}`);
+        console.log(`  Author: ${author}`);
+        console.log(`  Visibility: ${options.visibility}`);
+        console.log(`  Category: ${options.category ?? 'none'}`);
+        console.log(`  Keywords: ${options.keywords ?? 'none'}`);
+        console.log(`  Files: ${collectedFiles.length + 1}`); // +1 for SKILL.md
+        console.log(`  Size: ${formatSize(totalSize)}`);
+        
+        if (collectedFiles.length > 0) {
+          console.log('\n  File breakdown:');
+          console.log(`    SKILL.md: ${formatSize(skillMdContent.length)}`);
+          if (fileStats.scripts > 0) console.log(`    scripts/: ${fileStats.scripts} files`);
+          if (fileStats.references > 0) console.log(`    references/: ${fileStats.references} files`);
+          if (fileStats.assets > 0) console.log(`    assets/: ${fileStats.assets} files`);
+        }
+        
+        console.log(chalk.green('\n✓ Validation passed'));
+        process.exit(0);
+      }
+
+      // Confirmation prompt
+      if (!options.yes) {
+        console.log(chalk.cyan('\nPublish Summary:'));
+        console.log(`  Name: ${chalk.bold(fullName)}`);
+        console.log(`  Version: ${chalk.bold(version)}`);
+        console.log(`  Author: ${chalk.bold(author)}`);
+        console.log(`  Visibility: ${options.visibility}`);
+        console.log(`  Action: ${isUpdate ? 'New version' : 'New skill'}`);
+        console.log(`  Files: ${collectedFiles.length + 1}`);
+        console.log(`  Size: ${formatSize(totalSize)}`);
+
+        const { confirm } = await inquirer.prompt([{
+          type: 'confirm',
+          name: 'confirm',
+          message: 'Proceed with publish?',
+          default: true,
+        }]);
+
+        if (!confirm) {
+          console.log(chalk.yellow('Publish cancelled.'));
+          process.exit(0);
+        }
+      }
+
+      // Publish
+      const publishSpinner = ora('Publishing...').start();
+
+      const contentString = JSON.stringify(skillContent);
+      const contentHash = sha256(contentString);
+      const timestamp = now();
+      const versionId = generateUUID();
+
+      if (isUpdate) {
+        // Create new version
+        const versionRecord: Version = {
+          id: versionId,
+          skillId: existingSkill.id,
+          version,
+          tag: 'latest',
+          content: skillContent,
+          packageUrl: `local://${fullName}/${version}`,
+          packageSize: contentString.length,
+          packageHash: contentHash,
+          status: 'published',
+          uses: 0,
+          createdAt: timestamp,
+          publishedAt: timestamp,
+        };
+
+        await storage.createVersion(versionRecord);
+
+        // Update previous latest tag
+        const versions = await storage.getVersions(existingSkill.id, { limit: 100 });
+        for (const v of versions.items) {
+          if (v.id !== versionId && v.tag === 'latest') {
+            await storage.updateVersion(v.id, { tag: undefined });
+          }
+        }
+
+        // Update skill
+        await storage.updateSkill(existingSkill.id, {
+          latestVersion: version,
+          latestVersionId: versionId,
+          securityLevel: scanResult ? scanResult.summary.level : existingSkill.securityLevel,
+          securityScore: scanResult ? scanResult.summary.score : existingSkill.securityScore,
+          stats: {
+            ...existingSkill.stats,
+            versionCount: existingSkill.stats.versionCount + 1,
+          },
+        });
+      } else {
+        // Create new skill
+        const skillId = generateUUID();
+        const keywords = options.keywords?.split(',').map((k: string) => k.trim()) ?? [];
+
+        const skillRecord: Skill = {
+          id: skillId,
+          name: skillName,
+          scope,
+          fullName,
+          ownerId: author,  // Save author to ownerId
+          ownerType: author.startsWith('@') || scope ? 'organization' : 'user',
+          displayName: parsed.frontmatter['displayName'] as string | undefined,
+          description: (parsed.frontmatter['description'] as string) ?? '',
+          category: options.category,
+          keywords,
+          visibility: options.visibility,
+          status: 'active',
+          latestVersion: version,
+          latestVersionId: versionId,
+          securityLevel: scanResult?.summary.level,
+          securityScore: scanResult?.summary.score,
+          stats: { totalUses: 0, weeklyUses: 0, monthlyUses: 0, versionCount: 1, derivationCount: 0 },
+          rating: { average: 0, count: 0 },
+          createdAt: timestamp,
+          updatedAt: timestamp,
+          publishedAt: timestamp,
+        };
+
+        await storage.createSkill(skillRecord);
+
+        // Create version
+        const versionRecord: Version = {
+          id: versionId,
+          skillId,
+          version,
+          tag: 'latest',
+          content: skillContent,
+          packageUrl: `local://${fullName}/${version}`,
+          packageSize: contentString.length,
+          packageHash: contentHash,
+          status: 'published',
+          uses: 0,
+          createdAt: timestamp,
+          publishedAt: timestamp,
+        };
+
+        await storage.createVersion(versionRecord);
+      }
+
+      // Create audit log
+      const auditLog: AuditLog = {
+        id: generateUUID(),
+        timestamp,
+        eventType: isUpdate ? 'version.published' : 'skill.published',
+        actor: {
+          type: 'user',
+          id: 'cli-user',
+        },
+        resource: {
+          type: 'skill',
+          name: fullName,
+          version,
+        },
+        action: 'publish',
+        result: 'success',
+        details: {
+          filesCount: collectedFiles.length + 1,
+          totalSize: totalSize,
+        },
+      };
+      await storage.createAuditLog(auditLog);
+
+      publishSpinner.succeed(chalk.green(`Published ${fullName}@${version}`));
+
+      console.log('\n' + chalk.gray('─'.repeat(50)));
+      console.log(chalk.bold.green('✓ Published successfully!\n'));
+      console.log(`  ${chalk.cyan('Name:')}     ${fullName}`);
+      console.log(`  ${chalk.cyan('Version:')}  ${version}`);
+      console.log(`  ${chalk.cyan('Author:')}   ${author}`);
+      console.log(`  ${chalk.cyan('Files:')}    ${collectedFiles.length + 1}`);
+      console.log(`  ${chalk.cyan('Size:')}     ${formatSize(totalSize)}`);
+      console.log(`  ${chalk.cyan('Action:')}   ${isUpdate ? 'New version' : 'New skill'}`);
+      console.log('\n' + chalk.gray('  Use: ') + chalk.white(`skills use ${fullName}`));
+      console.log(chalk.gray('─'.repeat(50)) + '\n');
+
+      await storage.close();
+    } catch (error) {
+      spinner.fail('Publish failed');
+      throw error;
+    }
+  });