@palettelab/cli 0.3.0 → 0.3.1

package/lib/commands/test.js

@@ -0,0 +1,376 @@
+"use strict"
+
+const fs = require("fs")
+const path = require("path")
+const { spawnSync } = require("child_process")
+const { loadManifest, validateManifest, KNOWN_PERMISSIONS } = require("../manifest")
+const { bundleFrontend, bundleBackend } = require("../bundler")
+const buildCommand = require("./build")
+
+function reporter(json, results) {
+  return {
+    ok(message, meta = {}) {
+      results.push({ status: "ok", message, ...meta })
+      if (!json) console.log(`OK   ${message}`)
+    },
+    warn(message, fix, meta = {}) {
+      results.push({ status: "warn", message, fix, ...meta })
+      if (!json) {
+        console.log(`WARN ${message}`)
+        if (fix) console.log(`FIX  ${fix}`)
+      }
+      return 0
+    },
+    fail(message, fix, meta = {}) {
+      results.push({ status: "fail", message, fix, ...meta })
+      if (!json) {
+        console.log(`FAIL ${message}`)
+        if (fix) console.log(`FIX  ${fix}`)
+      }
+      return 1
+    },
+  }
+}
+
+function backendPython(cwd) {
+  return (
+    process.env.PALETTE_PYTHON ||
+    (fs.existsSync(path.join(cwd, ".venv", "bin", "python"))
+      ? path.join(cwd, ".venv", "bin", "python")
+      : "python3")
+  )
+}
+
+function checkBackendContract(cwd, manifest, out) {
+  const entry = manifest.backend?.entry
+  if (!entry) return 0
+  const abs = path.resolve(cwd, entry)
+  const python = backendPython(cwd)
+  const script = [
+    "import importlib.util, json, pathlib, sys",
+    "entry = pathlib.Path(sys.argv[1]).resolve()",
+    "manifest = json.loads(sys.argv[2])",
+    "sys.path.insert(0, str(entry.parent))",
+    "spec = importlib.util.spec_from_file_location('palette_contract_backend', entry)",
+    "mod = importlib.util.module_from_spec(spec)",
+    "spec.loader.exec_module(mod)",
+    "router = getattr(mod, 'router', None)",
+    "assert router is not None, 'backend entry has no router export'",
+    "from palette_sdk.permissions import is_permission_dep",
+    "public = set(manifest.get('public_routes') or [])",
+    "declared = set(manifest.get('permissions') or [])",
+    "routes = []",
+    "used = set()",
+    "ungated = []",
+    "for route in getattr(router, 'routes', []):",
+    "    path = getattr(route, 'path', None)",
+    "    if path is None:",
+    "        continue",
+    "    methods = sorted(getattr(route, 'methods', []) or [])",
+    "    dependant = getattr(route, 'dependant', None)",
+    "    perms = []",
+    "    stack = [dependant] if dependant is not None else []",
+    "    seen = set()",
+    "    while stack:",
+    "        dep = stack.pop()",
+    "        if id(dep) in seen:",
+    "            continue",
+    "        seen.add(id(dep))",
+    "        perm = is_permission_dep(getattr(dep, 'call', None))",
+    "        if perm:",
+    "            perms.append(perm)",
+    "            used.add(perm)",
+    "        stack.extend(getattr(dep, 'dependencies', []) or [])",
+    "    routes.append({'path': path, 'methods': methods, 'permissions': sorted(set(perms)), 'public': path in public})",
+    "    if path not in public and not perms:",
+    "        ungated.append({'path': path, 'methods': methods})",
+    "print(json.dumps({'routes': routes, 'used_permissions': sorted(used), 'ungated_routes': ungated, 'undeclared_permissions': sorted(used - declared), 'unused_declared_permissions': sorted(declared - used)}))",
+  ].join("\n")
+  const res = spawnSync(python, ["-c", script, abs, JSON.stringify(manifest)], { encoding: "utf8" })
+  if (res.status === 0) {
+    let report
+    try {
+      report = JSON.parse((res.stdout || "").trim())
+    } catch (err) {
+      return out.fail(
+        `backend contract check produced invalid JSON: ${entry}`,
+        "Fix backend import side effects that write to stdout during import.",
+        { stdout: (res.stdout || "").trim(), stderr: (res.stderr || "").trim() },
+      )
+    }
+
+    let failures = 0
+    out.ok(`backend imports successfully: ${entry}`)
+
+    if (report.ungated_routes?.length) {
+      for (const route of report.ungated_routes) {
+        failures += out.fail(
+          `backend route ${route.path} has no require_permission()`,
+          `Add dependencies=[require_permission("resource:action")] or list "${route.path}" in manifest.public_routes if it is intentionally public.`,
+          { route },
+        )
+      }
+    } else {
+      out.ok("backend route permission gate check passed", { routes: report.routes })
+    }
+
+    if (report.undeclared_permissions?.length) {
+      for (const permission of report.undeclared_permissions) {
+        failures += out.fail(
+          `route uses undeclared permission: ${permission}`,
+          `Add "${permission}" to manifest.permissions or change the route dependency.`,
+        )
+      }
+    } else {
+      out.ok("route permissions are declared in manifest")
+    }
+
+    if (report.unused_declared_permissions?.length) {
+      out.warn(
+        `manifest declares unused backend permissions: ${report.unused_declared_permissions.join(", ")}`,
+        "Remove unused permissions unless the frontend uses them directly through the SDK.",
+        { permissions: report.unused_declared_permissions },
+      )
+    }
+    return failures
+  }
+  return out.fail(
+    `backend import failed: ${entry}`,
+    "Install backend dependencies and fix import-time errors before publishing.",
+    { stderr: (res.stderr || res.stdout || "").trim() },
+  )
+}
+
+function lintMigrations(cwd, manifest, out) {
+  if (!manifest.database) return 0
+  const migrationsRel = manifest.database.migrations || "./backend/migrations"
+  const migrationsAbs = path.resolve(cwd, migrationsRel)
+  if (!fs.existsSync(migrationsAbs)) {
+    return out.fail(`database.migrations directory not found: ${migrationsRel}`)
+  }
+  if (!fs.existsSync(path.join(migrationsAbs, "env.py"))) {
+    return out.fail(`database.migrations directory is missing env.py: ${migrationsRel}`)
+  }
+  const errors = buildCommand.lintMigrationsDir(migrationsAbs)
+  for (const err of errors) out.fail(err)
+  if (errors.length === 0) out.ok("migration lint passed")
+  return errors.length
+}
+
+function dependencySpecRisk(spec) {
+  const value = String(spec || "").trim()
+  if (!value || value === "*" || value.toLowerCase() === "latest") {
+    return { level: "warn", reason: "dependency has an unbounded version range" }
+  }
+  if (/^(file:|link:|workspace:|git:|github:|git\+|https?:)/i.test(value)) {
+    return { level: "fail", reason: "dependency resolves from a local path, git repo, or URL" }
+  }
+  return null
+}
+
+function lintPackageJson(cwd, out) {
+  const packagePath = path.join(cwd, "package.json")
+  if (!fs.existsSync(packagePath)) return 0
+
+  let pkg
+  try {
+    pkg = JSON.parse(fs.readFileSync(packagePath, "utf8"))
+  } catch (err) {
+    return out.fail("package.json is not valid JSON", "Fix package.json before publishing.")
+  }
+
+  let failures = 0
+  const lifecycleScripts = ["preinstall", "install", "postinstall", "prepare"]
+  for (const scriptName of lifecycleScripts) {
+    if (pkg.scripts?.[scriptName]) {
+      failures += out.fail(
+        `package.json defines lifecycle script: ${scriptName}`,
+        "Remove install-time scripts from plugin packages; build steps should run before pltt publish.",
+        { script: pkg.scripts[scriptName] },
+      )
+    }
+  }
+
+  const dependencyBlocks = ["dependencies", "devDependencies", "peerDependencies", "optionalDependencies"]
+  const inspected = []
+  for (const blockName of dependencyBlocks) {
+    const block = pkg[blockName]
+    if (!block || typeof block !== "object" || Array.isArray(block)) continue
+    for (const [name, spec] of Object.entries(block)) {
+      inspected.push({ name, spec, block: blockName })
+      const risk = dependencySpecRisk(spec)
+      if (!risk) continue
+      if (risk.level === "fail") {
+        failures += out.fail(
+          `${blockName}.${name} uses unsafe spec "${spec}"`,
+          "Publish plugins with registry dependencies only; vendor or release private code as a package first.",
+        )
+      } else {
+        out.warn(
+          `${blockName}.${name} uses broad spec "${spec}"`,
+          "Pin dependencies to a semver range such as ^1.2.3 before publishing.",
+        )
+      }
+    }
+  }
+
+  if (failures === 0) out.ok("package.json dependency policy passed", { dependencies: inspected })
+  return failures
+}
+
+function pythonDependencyRisk(dep) {
+  const value = String(dep || "").trim()
+  if (/@\s*(https?:|file:)|\bgit\+|^\s*(https?:|file:)/i.test(value)) {
+    return { level: "fail", reason: "dependency resolves from a local path, git repo, or URL" }
+  }
+  if (!/[<>=~!]=?/.test(value)) {
+    return { level: "warn", reason: "dependency is not version constrained" }
+  }
+  return null
+}
+
+function extractPyprojectDependencies(src) {
+  const deps = []
+  src = src
+    .split(/\r?\n/)
+    .filter((line) => !line.trimStart().startsWith("#"))
+    .map((line) => line.replace(/\s+#.*$/, ""))
+    .join("\n")
+  const match = src.match(/dependencies\s*=\s*\[([\s\S]*?)\]/)
+  if (!match) return deps
+  const re = /"([^"]+)"|'([^']+)'/g
+  let item
+  while ((item = re.exec(match[1])) !== null) deps.push(item[1] || item[2])
+  return deps
+}
+
+function lintPyproject(cwd, out) {
+  const pyprojectPath = path.join(cwd, "pyproject.toml")
+  if (!fs.existsSync(pyprojectPath)) return 0
+
+  const src = fs.readFileSync(pyprojectPath, "utf8")
+  const deps = extractPyprojectDependencies(src)
+  let failures = 0
+  for (const dep of deps) {
+    const risk = pythonDependencyRisk(dep)
+    if (!risk) continue
+    if (risk.level === "fail") {
+      failures += out.fail(
+        `pyproject dependency uses unsafe source: ${dep}`,
+        "Publish Python dependencies through a package index or approved wheel before publishing.",
+      )
+    } else {
+      out.warn(
+        `pyproject dependency is not version constrained: ${dep}`,
+        "Pin Python dependencies with a version constraint before publishing.",
+      )
+    }
+  }
+  if (failures === 0) out.ok("pyproject.toml dependency policy passed", { dependencies: deps })
+  return failures
+}
+
+function lintDependencyPolicy(cwd, out) {
+  return lintPackageJson(cwd, out) + lintPyproject(cwd, out)
+}
+
+async function run(args, { cwd }) {
+  const json = args.includes("--json")
+  let failures = 0
+  const results = []
+  const out = reporter(json, results)
+
+  let manifest
+  try {
+    manifest = loadManifest(cwd)
+    out.ok("palette-plugin.json found")
+  } catch (err) {
+    failures += out.fail(
+      err instanceof Error ? err.message : String(err),
+      "Run pltt test from a plugin root.",
+    )
+  }
+
+  if (!manifest) process.exit(1)
+
+  const manifestErrors = validateManifest(manifest)
+  if (manifestErrors.length) {
+    for (const err of manifestErrors) failures += out.fail(`manifest invalid: ${err}`)
+  } else {
+    out.ok(`manifest valid: ${manifest.id}@${manifest.version}`)
+  }
+
+  for (const permission of manifest.permissions || []) {
+    if (!KNOWN_PERMISSIONS.has(permission)) {
+      failures += out.fail(
+        `unknown permission: ${permission}`,
+        "Use one of the platform permission strings documented in the SDK guide.",
+      )
+    }
+  }
+  if ((manifest.permissions || []).length) out.ok("declared permissions are known")
+
+  if (manifest.frontend?.entry && manifest.frontend.sandbox === false) {
+    failures += out.fail(
+      "appstore frontend must be sandboxed",
+      'Set "frontend": { "sandbox": true } or omit the field; direct runtime is reserved for trusted built-in apps.',
+    )
+  }
+
+  for (const publicRoute of manifest.public_routes || []) {
+    if (!publicRoute.startsWith("/")) {
+      failures += out.fail(
+        `public route must start with '/': ${publicRoute}`,
+        `Change it to "/${publicRoute.replace(/^\/+/, "")}".`,
+      )
+    }
+  }
+
+  if (manifest.frontend?.entry) {
+    try {
+      const frontend = await bundleFrontend(cwd, manifest.frontend.entry)
+      out.ok(`frontend bundles successfully (${frontend.length} bytes)`, { bytes: frontend.length })
+    } catch (err) {
+      failures += out.fail(
+        `frontend bundle failed: ${err instanceof Error ? err.message : String(err)}`,
+        "Fix frontend compile errors before publishing.",
+      )
+    }
+  }
+
+  if (manifest.backend?.entry) {
+    const backendEntry = path.resolve(cwd, manifest.backend.entry)
+    if (!fs.existsSync(backendEntry)) {
+      failures += out.fail(`backend entry not found: ${manifest.backend.entry}`)
+    } else {
+      out.ok(`backend entry exists: ${manifest.backend.entry}`)
+      failures += checkBackendContract(cwd, manifest, out)
+    }
+
+    try {
+      const backend = await bundleBackend(cwd)
+      out.ok(`backend package builds successfully (${backend.length} bytes)`, { bytes: backend.length })
+    } catch (err) {
+      failures += out.fail(
+        `backend package failed: ${err instanceof Error ? err.message : String(err)}`,
+        "Check backend/ exists and tar is available.",
+      )
+    }
+  }
+
+  failures += lintMigrations(cwd, manifest, out)
+  failures += lintDependencyPolicy(cwd, out)
+
+  if (failures > 0) {
+    if (json) {
+      console.log(JSON.stringify({ ok: false, failures, results }, null, 2))
+    } else {
+      console.log(`\n[palette] test failed with ${failures} issue(s).`)
+    }
+    process.exit(1)
+  }
+  if (json) console.log(JSON.stringify({ ok: true, failures: 0, results }, null, 2))
+  else console.log("\n[palette] test passed.")
+}
+
+module.exports = run

package/lib/environments.js

@@ -1,7 +1,7 @@
 "use strict"
 
 /**
- * Named environments for `palette publish`.
+ * Named environments for `pltt publish`.
  *
  * Config is discovered in this order (first hit wins):
  *   1. ./palette.config.json (plugin-repo-local override)

package/lib/manifest.js

@@ -4,6 +4,49 @@ const fs = require("fs")
 const path = require("path")
 
 const MANIFEST_FILE = "palette-plugin.json"
+const SUPPORTED_MANIFEST_VERSIONS = ["1"]
+const KNOWN_PERMISSIONS = new Set([
+  "tasks:read",
+  "tasks:write",
+  "data_rooms:read",
+  "data_rooms:write",
+  "agents:read",
+  "agents:write",
+  "chat:read",
+  "chat:write",
+  "routines:read",
+  "routines:write",
+  "members:read",
+  "resources:read",
+  "resources:write",
+])
+
+const TOP_LEVEL_KEYS = new Set([
+  "manifest_version",
+  "id",
+  "name",
+  "version",
+  "developer",
+  "category",
+  "tagline",
+  "description",
+  "icon",
+  "gradient",
+  "sdk",
+  "platform",
+  "capabilities",
+  "frontend",
+  "backend",
+  "agents",
+  "tools",
+  "permissions",
+  "ui_extensions",
+  "shared_tables",
+  "public_routes",
+  "rate_limit",
+  "database",
+  "scheduled_jobs",
+])
 
 function loadManifest(cwd) {
   const manifestPath = path.join(cwd, MANIFEST_FILE)
@@ -17,19 +60,221 @@ function loadManifest(cwd) {
   }
 }
 
-// Lightweight subset validator — full JSON-schema validation happens at
-// container startup. This covers the fields the CLI itself consumes.
+function isSemverRange(v) {
+  // Accepts "^1.2.3", "~1.2.3", "1.2.3", ">=1.0.0 <2.0.0"
+  return typeof v === "string" && /^[\^~>=<\s\d.\-+a-zA-Z*]+$/.test(v) && /\d/.test(v)
+}
+
+function isObject(v) {
+  return v !== null && typeof v === "object" && !Array.isArray(v)
+}
+
+function unknownKeys(obj, allowed, label, errors) {
+  if (!isObject(obj)) return
+  for (const key of Object.keys(obj)) {
+    if (!allowed.has(key)) errors.push(`${label}.${key} is not allowed`)
+  }
+}
+
+function requireBoolean(obj, key, label, errors) {
+  if (obj[key] !== undefined && typeof obj[key] !== "boolean") {
+    errors.push(`${label}.${key} must be a boolean`)
+  }
+}
+
+function requireString(obj, key, label, errors) {
+  if (obj[key] !== undefined && typeof obj[key] !== "string") {
+    errors.push(`${label}.${key} must be a string`)
+  }
+}
+
+function validateArray(value, label, errors) {
+  if (value !== undefined && !Array.isArray(value)) errors.push(`${label} must be an array`)
+}
+
 function validateManifest(m) {
   const errors = []
+  if (!isObject(m)) return ["manifest must be an object"]
+
+  unknownKeys(m, TOP_LEVEL_KEYS, "manifest", errors)
+
+  if (!m.manifest_version) {
+    errors.push("manifest_version is required")
+  } else if (!SUPPORTED_MANIFEST_VERSIONS.includes(String(m.manifest_version))) {
+    errors.push(`manifest_version must be one of ${SUPPORTED_MANIFEST_VERSIONS.join(", ")}`)
+  }
   if (!m.id || typeof m.id !== "string") errors.push("id is required (string)")
   else if (!/^[a-z0-9][a-z0-9-]*[a-z0-9]$/.test(m.id))
     errors.push("id must be lowercase kebab-case")
-  if (!m.name) errors.push("name is required")
-  if (!m.version) errors.push("version is required")
-  else if (!/^\d+\.\d+\.\d+/.test(m.version)) errors.push("version must be semver")
-  if (m.frontend && !m.frontend.entry) errors.push("frontend.entry is required when frontend is set")
-  if (m.backend && !m.backend.entry) errors.push("backend.entry is required when backend is set")
+  if (!m.name || typeof m.name !== "string") errors.push("name is required (string)")
+  if (!m.version || typeof m.version !== "string") errors.push("version is required (string)")
+  else if (!/^\d+\.\d+\.\d+(?:-[0-9A-Za-z.-]+)?$/.test(m.version)) errors.push("version must be semver")
+  requireString(m, "developer", "manifest", errors)
+  requireString(m, "category", "manifest", errors)
+  requireString(m, "tagline", "manifest", errors)
+  requireString(m, "description", "manifest", errors)
+  requireString(m, "icon", "manifest", errors)
+
+  if (m.gradient !== undefined) {
+    if (!isObject(m.gradient)) errors.push("gradient must be an object")
+    else {
+      unknownKeys(m.gradient, new Set(["bg", "text"]), "gradient", errors)
+      requireString(m.gradient, "bg", "gradient", errors)
+      requireString(m.gradient, "text", "gradient", errors)
+    }
+  }
+
+  if (m.frontend !== undefined) {
+    if (!isObject(m.frontend)) errors.push("frontend must be an object")
+    else {
+      unknownKeys(m.frontend, new Set(["entry", "sandbox"]), "frontend", errors)
+      if (!m.frontend.entry || typeof m.frontend.entry !== "string") {
+        errors.push("frontend.entry is required when frontend is set")
+      }
+      requireBoolean(m.frontend, "sandbox", "frontend", errors)
+    }
+  }
+  if (m.backend !== undefined) {
+    if (!isObject(m.backend)) errors.push("backend must be an object")
+    else {
+      unknownKeys(m.backend, new Set(["entry", "routes_prefix"]), "backend", errors)
+      if (!m.backend.entry || typeof m.backend.entry !== "string") {
+        errors.push("backend.entry is required when backend is set")
+      }
+      requireString(m.backend, "routes_prefix", "backend", errors)
+    }
+  }
+
+  if (!m.frontend && !m.backend && (!Array.isArray(m.tools) || m.tools.length === 0)) {
+    errors.push("at least one of frontend, backend, or tools is required")
+  }
+
+  if (m.sdk) {
+    if (!isObject(m.sdk)) errors.push("sdk must be an object")
+    else {
+      unknownKeys(m.sdk, new Set(["frontend", "backend"]), "sdk", errors)
+    if (m.sdk.frontend !== undefined && !isSemverRange(m.sdk.frontend))
+      errors.push("sdk.frontend must be a semver range")
+    if (m.sdk.backend !== undefined && !isSemverRange(m.sdk.backend))
+      errors.push("sdk.backend must be a semver range")
+    }
+  }
+  if (m.platform) {
+    if (!isObject(m.platform)) errors.push("platform must be an object")
+    else {
+      unknownKeys(m.platform, new Set(["min_version", "max_version"]), "platform", errors)
+    if (m.platform.min_version !== undefined && !isSemverRange(m.platform.min_version))
+      errors.push("platform.min_version must be a semver range")
+      if (m.platform.max_version !== undefined && !isSemverRange(m.platform.max_version))
+        errors.push("platform.max_version must be a semver range")
+    }
+  }
+  if (m.capabilities) {
+    if (!isObject(m.capabilities)) errors.push("capabilities must be an object")
+    else {
+      unknownKeys(
+        m.capabilities,
+        new Set(["frontend", "backend", "database", "webhooks", "scheduled_jobs", "file_uploads", "external_network"]),
+        "capabilities",
+        errors,
+      )
+      for (const key of ["frontend", "backend", "database", "webhooks", "scheduled_jobs", "file_uploads"]) {
+        requireBoolean(m.capabilities, key, "capabilities", errors)
+      }
+      if (m.capabilities.external_network !== undefined) {
+        if (!Array.isArray(m.capabilities.external_network)) {
+          errors.push("capabilities.external_network must be an array of hostnames")
+        } else {
+          for (const host of m.capabilities.external_network) {
+            if (typeof host !== "string" || !/^[a-zA-Z0-9.-]+(?::\d+)?$/.test(host)) {
+              errors.push(`capabilities.external_network contains invalid hostname: ${host}`)
+            }
+          }
+        }
+      }
+    }
+  }
+  validateArray(m.public_routes, "public_routes", errors)
+  if (Array.isArray(m.public_routes)) {
+    for (const route of m.public_routes) {
+      if (typeof route !== "string" || !route.startsWith("/")) {
+        errors.push(`public route must start with '/': ${route}`)
+      }
+    }
+  }
+
+  if (m.scheduled_jobs !== undefined) {
+    if (!Array.isArray(m.scheduled_jobs)) errors.push("scheduled_jobs must be an array")
+    else {
+      m.scheduled_jobs.forEach((j, i) => {
+        if (!isObject(j)) {
+          errors.push(`scheduled_jobs[${i}] must be an object`)
+          return
+        }
+        unknownKeys(j, new Set(["name", "schedule", "handler"]), `scheduled_jobs[${i}]`, errors)
+        if (!j.name || typeof j.name !== "string") errors.push(`scheduled_jobs[${i}].name is required`)
+        if (!j.schedule || typeof j.schedule !== "string") errors.push(`scheduled_jobs[${i}].schedule is required`)
+        if (!j.handler || typeof j.handler !== "string") errors.push(`scheduled_jobs[${i}].handler is required`)
+      })
+    }
+  }
+  if (m.rate_limit) {
+    if (!isObject(m.rate_limit)) errors.push("rate_limit must be an object")
+    else {
+      unknownKeys(m.rate_limit, new Set(["per_minute"]), "rate_limit", errors)
+      if (
+        m.rate_limit.per_minute !== undefined &&
+        (!Number.isInteger(m.rate_limit.per_minute) ||
+          m.rate_limit.per_minute < 1 ||
+          m.rate_limit.per_minute > 10000)
+      ) {
+        errors.push("rate_limit.per_minute must be an integer between 1 and 10000")
+      }
+    }
+  }
+  if (m.database) {
+    if (!isObject(m.database)) errors.push("database must be an object")
+    else {
+      unknownKeys(m.database, new Set(["schema", "migrations"]), "database", errors)
+      if (!m.database.migrations || typeof m.database.migrations !== "string") {
+        errors.push("database.migrations is required when database is set")
+      }
+      if (m.database.schema !== undefined && !/^app_[a-z0-9_]+$/.test(m.database.schema)) {
+        errors.push("database.schema must match /^app_[a-z0-9_]+$/")
+      }
+    }
+  }
+
+  validateArray(m.shared_tables, "shared_tables", errors)
+  validateArray(m.permissions, "permissions", errors)
+  if (Array.isArray(m.permissions)) {
+    const seen = new Set()
+    for (const permission of m.permissions) {
+      if (typeof permission !== "string") {
+        errors.push("permissions entries must be strings")
+      } else if (!KNOWN_PERMISSIONS.has(permission)) {
+        errors.push(`unknown permission: ${permission}`)
+      } else if (seen.has(permission)) {
+        errors.push(`duplicate permission: ${permission}`)
+      }
+      seen.add(permission)
+    }
+  }
+
+  validateArray(m.tools, "tools", errors)
+  if (Array.isArray(m.tools)) {
+    m.tools.forEach((tool, i) => {
+      if (!isObject(tool)) {
+        errors.push(`tools[${i}] must be an object`)
+        return
+      }
+      unknownKeys(tool, new Set(["name", "description", "entry"]), `tools[${i}]`, errors)
+      if (!tool.name || typeof tool.name !== "string") errors.push(`tools[${i}].name is required`)
+      if (!tool.entry || typeof tool.entry !== "string") errors.push(`tools[${i}].entry is required`)
+      requireString(tool, "description", `tools[${i}]`, errors)
+    })
+  }
   return errors
 }
 
-module.exports = { loadManifest, validateManifest }
+module.exports = { loadManifest, validateManifest, SUPPORTED_MANIFEST_VERSIONS, KNOWN_PERMISSIONS }