@phnx-labs/agents-cli 1.20.4 → 1.20.5

package/dist/lib/permissions.d.ts

@@ -1,6 +1,4 @@
 import type { AgentId, PermissionSet, InstalledPermission, ClaudePermissions, OpenCodePermissions, CodexPermissions } from './types.js';
-/** Agents that support the permissions subsystem. */
-export declare const PERMISSIONS_CAPABLE_AGENTS: AgentId[];
 /** Filename used for Codex Starlark deny-rules generated from permission groups. */
 export declare const CODEX_RULES_FILENAME = "agents-deny.rules";
 export type ParsedRules = PermissionSet;
@@ -110,6 +108,42 @@ export declare function convertToGeminiFormat(set: PermissionSet): {
         allowed: string[];
     };
 };
+/**
+ * Convert canonical permission set to Antigravity format.
+ * Antigravity reads ~/.gemini/antigravity-cli/settings.json with
+ *   { permissions: { allow: [...], deny: [...] } }
+ * where each entry is action-namespaced: command(...), read_file(...),
+ * write_file(...), read_url(...), mcp(...).
+ * Bash maps to `command`, Read to `read_file`, Write to `write_file`,
+ * WebFetch to `read_url`. Other canonical tools are skipped.
+ * Note: Antigravity matches `command(npm install)` as an exact string,
+ * not a prefix — `Bash(npm:*)` becomes `command(npm *)` which is a glob
+ * but Antigravity upstream has a known exact-match bug for some forms.
+ */
+export declare function convertToAntigravityFormat(set: PermissionSet): {
+    permissions: {
+        allow: string[];
+        deny?: string[];
+    };
+};
+/**
+ * Convert canonical permission set to Grok format.
+ * Grok reads ~/.grok/config.toml with
+ *   [permission]
+ *   rules = [ { action = "allow", tool = "bash", pattern = "git *" }, ... ]
+ * Tool names are lowercase: bash, read, edit, grep, mcptool, webfetch.
+ * Canonical Write maps to Grok's `edit` tool.
+ */
+export declare function convertToGrokFormat(set: PermissionSet): {
+    permission: {
+        rules: GrokRule[];
+    };
+};
+export type GrokRule = {
+    action: 'allow' | 'deny';
+    tool: string;
+    pattern?: string;
+};
 /**
  * Convert canonical permission set to OpenCode format.
  * OpenCode uses: { permission: { bash: { "git *": "allow", "rm *": "deny" } } }

package/dist/lib/permissions.js

@@ -14,14 +14,15 @@ import * as yaml from 'yaml';
 import * as TOML from 'smol-toml';
 import { getPermissionsDir, getUserPermissionsDir, ensureAgentsDir } from './state.js';
 import { safeJoin } from './paths.js';
+import { agentConfigDirName } from './agents.js';
 import { updateGeminiSettings } from './gemini-settings.js';
 const HOME = os.homedir();
-/** Agents that support the permissions subsystem. */
-// antigravity: permissions in ~/.gemini/antigravity-cli/settings.json under
-// `permissions: { allow: [...], deny: [...] }`. Serializer is a follow-up.
-// grok: permissions via --allow/--deny CLI flags or [permission] block in
-// ~/.grok/config.toml. Serializer is a follow-up.
-export const PERMISSIONS_CAPABLE_AGENTS = ['claude', 'codex', 'opencode', 'antigravity', 'grok', 'gemini'];
+// PERMISSIONS_CAPABLE_AGENTS removed — use `capableAgents('allowlist')`
+// from lib/capabilities.ts. The capability matrix on AgentConfig is the
+// single source of truth. (Per-agent native format details:
+//   antigravity → ~/.gemini/antigravity-cli/settings.json `permissions.{allow,deny}`
+//   grok        → ~/.grok/config.toml `[permission].rules`
+// the writer in `applyPermissionsToVersion` handles the format dispatch.)
 /** Filename used for Codex Starlark deny-rules generated from permission groups. */
 export const CODEX_RULES_FILENAME = 'agents-deny.rules';
 export function containsBroadGrants(rules) {
@@ -446,6 +447,116 @@ export function convertToGeminiFormat(set) {
     }
     return { tools: { allowed: Array.from(allowed) } };
 }
+/**
+ * Strip Claude's `:*` subcommand-wildcard suffix and return a space-glob form.
+ * "mq:*" -> "mq *", "git status" -> "git status", "*" -> "*".
+ * Used by serializers whose native pattern grammar uses ` *` instead of `:*`.
+ */
+function normalizeBashPattern(pattern) {
+    if (pattern === '*' || pattern === '**')
+        return '*';
+    if (pattern.endsWith(':*'))
+        return pattern.slice(0, -2) + ' *';
+    return pattern;
+}
+/**
+ * Convert canonical permission set to Antigravity format.
+ * Antigravity reads ~/.gemini/antigravity-cli/settings.json with
+ *   { permissions: { allow: [...], deny: [...] } }
+ * where each entry is action-namespaced: command(...), read_file(...),
+ * write_file(...), read_url(...), mcp(...).
+ * Bash maps to `command`, Read to `read_file`, Write to `write_file`,
+ * WebFetch to `read_url`. Other canonical tools are skipped.
+ * Note: Antigravity matches `command(npm install)` as an exact string,
+ * not a prefix — `Bash(npm:*)` becomes `command(npm *)` which is a glob
+ * but Antigravity upstream has a known exact-match bug for some forms.
+ */
+export function convertToAntigravityFormat(set) {
+    const allow = serializeAntigravityEntries(set.allow);
+    const deny = set.deny ? serializeAntigravityEntries(set.deny) : [];
+    return {
+        permissions: {
+            allow,
+            ...(deny.length ? { deny } : {}),
+        },
+    };
+}
+function serializeAntigravityEntries(perms) {
+    const out = new Set();
+    for (const perm of perms) {
+        if (BLANKET_BASH_FORMS.has(perm)) {
+            out.add('command(*)');
+            continue;
+        }
+        const parsed = parseCanonicalPattern(perm);
+        if (!parsed)
+            continue;
+        const action = ANTIGRAVITY_ACTION_BY_TOOL[parsed.tool];
+        if (!action)
+            continue;
+        if (parsed.tool === 'bash') {
+            out.add(`${action}(${normalizeBashPattern(parsed.pattern)})`);
+        }
+        else {
+            const p = parsed.pattern === '**' ? '*' : parsed.pattern;
+            out.add(`${action}(${p})`);
+        }
+    }
+    return Array.from(out);
+}
+const ANTIGRAVITY_ACTION_BY_TOOL = {
+    bash: 'command',
+    read: 'read_file',
+    write: 'write_file',
+    webfetch: 'read_url',
+};
+/**
+ * Convert canonical permission set to Grok format.
+ * Grok reads ~/.grok/config.toml with
+ *   [permission]
+ *   rules = [ { action = "allow", tool = "bash", pattern = "git *" }, ... ]
+ * Tool names are lowercase: bash, read, edit, grep, mcptool, webfetch.
+ * Canonical Write maps to Grok's `edit` tool.
+ */
+export function convertToGrokFormat(set) {
+    const rules = [];
+    for (const perm of set.allow) {
+        const rule = canonicalToGrokRule(perm, 'allow');
+        if (rule)
+            rules.push(rule);
+    }
+    if (set.deny) {
+        for (const perm of set.deny) {
+            const rule = canonicalToGrokRule(perm, 'deny');
+            if (rule)
+                rules.push(rule);
+        }
+    }
+    return { permission: { rules } };
+}
+const GROK_TOOL_BY_CANONICAL = {
+    bash: 'bash',
+    read: 'read',
+    write: 'edit',
+    grep: 'grep',
+    webfetch: 'webfetch',
+};
+function canonicalToGrokRule(perm, action) {
+    if (BLANKET_BASH_FORMS.has(perm)) {
+        return { action, tool: 'bash', pattern: '*' };
+    }
+    const parsed = parseCanonicalPattern(perm);
+    if (!parsed)
+        return null;
+    const tool = GROK_TOOL_BY_CANONICAL[parsed.tool];
+    if (!tool)
+        return null;
+    const pattern = parsed.tool === 'bash' ? normalizeBashPattern(parsed.pattern) : parsed.pattern;
+    if (pattern === '' || pattern === undefined) {
+        return { action, tool };
+    }
+    return { action, tool, pattern };
+}
 /**
  * Convert canonical permission set to OpenCode format.
  * OpenCode uses: { permission: { bash: { "git *": "allow", "rm *": "deny" } } }
@@ -825,7 +936,7 @@ function applyPermissionsToAgent(agentId, set, scope = 'user', cwd, merge = true
  * This writes to {versionHome}/.{agent}/settings.json (or equivalent).
  */
 export function applyPermissionsToVersion(agentId, set, versionHome, merge = true) {
-    const configDir = path.join(versionHome, `.${agentId}`);
+    const configDir = path.join(versionHome, agentConfigDirName(agentId));
     try {
         fs.mkdirSync(configDir, { recursive: true });
         if (agentId === 'claude') {
@@ -931,6 +1042,105 @@ export function applyPermissionsToVersion(agentId, set, versionHome, merge = tru
             });
             return { success: true };
         }
+        if (agentId === 'antigravity') {
+            const antigravityPerms = convertToAntigravityFormat(set);
+            const settingsPath = path.join(versionHome, '.gemini', 'antigravity-cli', 'settings.json');
+            updateGeminiSettings(settingsPath, (settings) => {
+                const perms = (typeof settings.permissions === 'object' && settings.permissions !== null && !Array.isArray(settings.permissions))
+                    ? settings.permissions
+                    : {};
+                if (merge) {
+                    const existingAllow = Array.isArray(perms.allow) ? perms.allow : [];
+                    const existingDeny = Array.isArray(perms.deny) ? perms.deny : [];
+                    perms.allow = Array.from(new Set([...existingAllow, ...antigravityPerms.permissions.allow]));
+                    const mergedDeny = Array.from(new Set([...existingDeny, ...(antigravityPerms.permissions.deny ?? [])]));
+                    if (mergedDeny.length)
+                        perms.deny = mergedDeny;
+                    else
+                        delete perms.deny;
+                }
+                else {
+                    perms.allow = antigravityPerms.permissions.allow;
+                    if (antigravityPerms.permissions.deny?.length)
+                        perms.deny = antigravityPerms.permissions.deny;
+                    else
+                        delete perms.deny;
+                }
+                settings.permissions = perms;
+            });
+            return { success: true };
+        }
+        if (agentId === 'grok') {
+            const grokPerms = convertToGrokFormat(set);
+            const configPath = path.join(versionHome, '.grok', 'config.toml');
+            let config = {};
+            if (fs.existsSync(configPath)) {
+                config = TOML.parse(fs.readFileSync(configPath, 'utf-8'));
+            }
+            const existingPermission = (typeof config.permission === 'object' && config.permission !== null && !Array.isArray(config.permission))
+                ? config.permission
+                : {};
+            if (merge) {
+                const existingRules = Array.isArray(existingPermission.rules) ? existingPermission.rules : [];
+                const seen = new Set();
+                const dedup = [];
+                for (const r of [...existingRules, ...grokPerms.permission.rules]) {
+                    const key = `${r.action}|${r.tool}|${r.pattern ?? ''}`;
+                    if (seen.has(key))
+                        continue;
+                    seen.add(key);
+                    dedup.push(r);
+                }
+                existingPermission.rules = dedup;
+            }
+            else {
+                existingPermission.rules = grokPerms.permission.rules;
+            }
+            config.permission = existingPermission;
+            fs.mkdirSync(path.dirname(configPath), { recursive: true });
+            fs.writeFileSync(configPath, TOML.stringify(config), 'utf-8');
+            return { success: true };
+        }
+        if (agentId === 'kimi') {
+            const configPath = path.join(versionHome, '.kimi-code', 'config.toml');
+            let config = {};
+            if (fs.existsSync(configPath)) {
+                config = TOML.parse(fs.readFileSync(configPath, 'utf-8'));
+            }
+            const newRules = [];
+            for (const allow of set.allow) {
+                newRules.push({ decision: 'allow', pattern: allow });
+            }
+            for (const deny of set.deny || []) {
+                newRules.push({ decision: 'deny', pattern: deny });
+            }
+            if (merge) {
+                const existingPermission = (typeof config.permission === 'object' && config.permission !== null && !Array.isArray(config.permission))
+                    ? config.permission
+                    : {};
+                const existingRules = Array.isArray(existingPermission.rules)
+                    ? existingPermission.rules
+                    : [];
+                const seen = new Set();
+                const dedup = [];
+                for (const r of [...existingRules, ...newRules]) {
+                    if (!r.decision || !r.pattern)
+                        continue;
+                    const key = `${r.decision}|${r.pattern}`;
+                    if (seen.has(key))
+                        continue;
+                    seen.add(key);
+                    dedup.push({ decision: r.decision, pattern: r.pattern });
+                }
+                config.permission = { rules: dedup };
+            }
+            else {
+                config.permission = { rules: newRules };
+            }
+            fs.mkdirSync(path.dirname(configPath), { recursive: true });
+            fs.writeFileSync(configPath, TOML.stringify(config), 'utf-8');
+            return { success: true };
+        }
         return { success: false, error: `Agent '${agentId}' does not support permissions` };
     }
     catch (err) {

package/dist/lib/plugin-marketplace.d.ts

@@ -1,23 +1,40 @@
 /**
- * Native plugin marketplace install path for Claude / OpenClaw.
+ * Native plugin marketplaces for Claude / OpenClaw — one per DotAgents repo.
  *
- * Plugins managed by agents-cli are exposed as a synthetic local marketplace
- * named "agents-cli" under each version's plugin directory:
+ * Every DotAgents repo that holds plugins synthesizes its OWN synthetic local
+ * marketplace under each version's plugin directory, named after the repo:
  *
  *   <versionHome>/.{claude,openclaw}/plugins/
- *     known_marketplaces.json            # registers the "agents-cli" marketplace
- *     marketplaces/agents-cli/
- *       .claude-plugin/marketplace.json  # synthesized catalog
- *       plugins/<plugin>/                # copied plugin source
+ *     known_marketplaces.json                    # registers each repo's marketplace
+ *     marketplaces/agents-cli/                    # ~/.agents/plugins/*        (user repo)
+ *     marketplaces/agents-<alias>/                # ~/.agents-<alias>/plugins/* (extra repo)
+ *     marketplaces/agents-project/                # <cwd>/.agents/plugins/*    (project repo)
+ *       .claude-plugin/marketplace.json           # synthesized catalog
+ *       plugins/<plugin>/                         # copied plugin source
  *
- * Plus the version's settings.json gets `enabledPlugins["<plugin>@agents-cli"] = true`.
+ * Plus the version's settings.json gets
+ *   `enabledPlugins["<plugin>@<marketplace>"] = true`.
  *
- * This produces native `/plugin:skill` slash namespacing, visibility in `/plugins`,
- * and `/plugin enable|disable` support — matching the Claude Code spec at
- * https://code.claude.com/docs/en/plugins and /plugin-marketplaces.
+ * This produces native `/plugin:skill` slash namespacing, visibility in
+ * `/plugins`, `/plugin enable|disable` support, AND honest attribution (the
+ * user can see which repo each plugin came from) — matching the Claude Code
+ * spec at https://code.claude.com/docs/en/plugins and /plugin-marketplaces.
+ *
+ * The naming policy lives in one place — marketplaceNameFor(). Source-side
+ * discovery (discoverMarketplaces) and per-version synthesis (syncMarketplaceManifest
+ * / registerMarketplace / syncAllMarketplaces) all key off a MarketplaceSpec so
+ * the catalog name and on-disk layout are derived, never hard-coded per call.
+ */
+import type { AgentId, DiscoveredPlugin, MarketplaceSpec, DiscoveredMarketplace } from './types.js';
+/**
+ * Canonical name for the user-repo marketplace (~/.agents/plugins/). Kept as an
+ * exported constant for callers that operate on the user repo directly and for
+ * the `marketplaces/agents-cli/` on-disk path that existing installs already have.
  */
-import type { AgentId, DiscoveredPlugin } from './types.js';
 export declare const MARKETPLACE_NAME = "agents-cli";
+export declare const SYSTEM_MARKETPLACE_NAME = "agents-system";
+/** Marketplace name for <cwd>/.agents/plugins/*. */
+export declare const PROJECT_MARKETPLACE_NAME = "agents-project";
 interface MarketplacePluginEntry {
     name: string;
     source: string;
@@ -28,7 +45,7 @@ interface MarketplacePluginEntry {
         email?: string;
     };
 }
-interface MarketplaceManifest {
+export interface MarketplaceManifest {
     $schema?: string;
     name: string;
     description?: string;
@@ -38,13 +55,37 @@ interface MarketplaceManifest {
     };
     plugins: MarketplacePluginEntry[];
 }
-export declare function marketplaceRoot(agent: AgentId, versionHome: string): string;
-export declare function marketplaceManifestPath(agent: AgentId, versionHome: string): string;
-export declare function pluginInstallDir(plugin: DiscoveredPlugin, agent: AgentId, versionHome: string): string;
+/** Result of synthesizing + registering one marketplace via syncAllMarketplaces. */
+export interface SyncAllResult {
+    spec: MarketplaceSpec;
+    name: string;
+    plugins: number;
+}
+/**
+ * Map a MarketplaceSpec to its catalog name. This is the ONLY place that
+ * encodes the repo → name policy; every other function derives the name here.
+ */
+export declare function marketplaceNameFor(spec: MarketplaceSpec): string;
+/**
+ * Discover every DotAgents repo that contributes plugins, in precedence order
+ * (user, then each enabled extra repo, then the project repo when cwd has one).
+ * No agent / version is involved — this walks source-side plugin roots only.
+ *
+ * A repo is included when its plugins/ directory exists on disk. The user repo
+ * is always probed; extras come from getEnabledExtraRepos() (already filtered to
+ * enabled + on-disk repos); the project repo is included only when
+ * <cwd>/.agents/plugins/ exists.
+ */
+export declare function discoverMarketplaces(opts?: {
+    cwd?: string;
+}): DiscoveredMarketplace[];
+export declare function marketplaceRoot(specOrName: MarketplaceSpec | string, agent: AgentId, versionHome: string): string;
+export declare function marketplaceManifestPath(specOrName: MarketplaceSpec | string, agent: AgentId, versionHome: string): string;
+export declare function pluginInstallDir(plugin: DiscoveredPlugin, specOrName: MarketplaceSpec | string, agent: AgentId, versionHome: string): string;
 export declare function knownMarketplacesPath(agent: AgentId, versionHome: string): string;
 /**
- * Copy plugin source into marketplace install dir.
- * Source of truth remains ~/.agents/plugins/<name>/ — this is a per-version snapshot.
+ * Copy plugin source into the marketplace install dir for the given spec.
+ * Source of truth remains the plugin's source dir — this is a per-version snapshot.
  *
  * Symlinks pointing OUTSIDE the plugin source root are dropped. They show up
  * when plugin authors (legitimately) link prompt-side references to sibling
@@ -56,50 +97,67 @@ export declare function knownMarketplacesPath(agent: AgentId, versionHome: strin
  *
  * Internal symlinks (target stays inside the plugin root) are preserved.
  */
-export declare function copyPluginToMarketplace(plugin: DiscoveredPlugin, agent: AgentId, versionHome: string): string;
+export declare function copyPluginToMarketplace(plugin: DiscoveredPlugin, spec: MarketplaceSpec | string, agent: AgentId, versionHome: string): string;
 /**
- * Re-synthesize <marketplace>/.claude-plugin/marketplace.json from the list of
- * plugins installed under <marketplace>/plugins/. Always run after add or remove
- * so the manifest stays in lockstep with on-disk contents.
+ * Re-synthesize <marketplace>/.claude-plugin/marketplace.json from the plugins
+ * already installed under <marketplace>/plugins/. Always run after add or remove
+ * so the manifest stays in lockstep with on-disk contents. Returns the manifest
+ * it wrote, or null when the marketplace has no plugins dir yet.
  */
-export declare function syncMarketplaceManifest(agent: AgentId, versionHome: string): MarketplaceManifest | null;
+export declare function syncMarketplaceManifest(spec: MarketplaceSpec, agent: AgentId, versionHome: string): MarketplaceManifest | null;
 /**
- * Register the agents-cli marketplace in known_marketplaces.json so Claude Code
- * discovers it on startup. Idempotent: re-running just refreshes lastUpdated.
+ * Register a marketplace in known_marketplaces.json so Claude Code discovers
+ * it on startup. Idempotent: re-running just refreshes lastUpdated. Other
+ * marketplaces' entries are preserved untouched.
  */
-export declare function registerMarketplace(agent: AgentId, versionHome: string): void;
+export declare function registerMarketplace(spec: MarketplaceSpec, agent: AgentId, versionHome: string): void;
 /**
- * Drop the agents-cli marketplace entry from known_marketplaces.json.
- * Called when the last plugin under it is removed.
+ * Drop a marketplace entry from known_marketplaces.json. Called when the last
+ * plugin under it is removed. Removes only its own entry; deletes the file only
+ * when no entries remain.
+ */
+export declare function unregisterMarketplace(specOrName: MarketplaceSpec | string, agent: AgentId, versionHome: string): void;
+/**
+ * Discover every source-side marketplace, then for each one re-synthesize its
+ * catalog from the plugins already copied under the version home and register
+ * it in known_marketplaces.json. Returns one result per marketplace that has at
+ * least one plugin installed.
+ *
+ * Copying plugin source into a marketplace is the caller's responsibility
+ * (copyPluginToMarketplace / syncPluginToVersion) — this reconciles catalogs +
+ * registrations across all repos once the copies are in place. Marketplaces
+ * whose version-home plugins dir is empty or absent are skipped, so we never
+ * register a known_marketplace pointing at a directory with no catalog.
  */
-export declare function unregisterMarketplace(agent: AgentId, versionHome: string): void;
+export declare function syncAllMarketplaces(agent: AgentId, versionHome: string, opts?: {
+    cwd?: string;
+}): SyncAllResult[];
 /**
  * Mark a plugin as enabled in <versionHome>/.{agent}/settings.json under
- * enabledPlugins["<plugin>@agents-cli"]: true. Reads, mutates, writes —
- * preserving every other key.
+ * enabledPlugins["<plugin>@<marketplace>"]: true. Reads, mutates, writes —
+ * preserving every other key. Trust/exec-surface gating is the caller's
+ * responsibility (plugins.ts owns plugin capability inspection).
  */
-export declare function enablePluginInSettings(pluginName: string, agent: AgentId, versionHome: string, options?: {
-    allowExecSurfaces?: boolean;
-}): void;
+export declare function addPluginToSettings(pluginName: string, marketplaceName: string, agent: AgentId, versionHome: string): void;
 /**
- * Remove the enabledPlugins key for this plugin. Inverse of enablePluginInSettings.
+ * Remove the enabledPlugins key for this plugin. Inverse of addPluginToSettings.
  */
-export declare function disablePluginInSettings(pluginName: string, agent: AgentId, versionHome: string): void;
+export declare function removePluginFromSettings(pluginName: string, marketplaceName: string, agent: AgentId, versionHome: string): void;
 /**
  * Remove a plugin's installed marketplace directory. Returns true if the dir
  * existed and was removed.
  */
-export declare function removePluginFromMarketplace(pluginName: string, agent: AgentId, versionHome: string): boolean;
+export declare function removePluginFromMarketplace(pluginName: string, specOrName: MarketplaceSpec | string, agent: AgentId, versionHome: string): boolean;
 /**
  * Return true if the marketplace has no plugins left under it.
  */
-export declare function marketplaceIsEmpty(agent: AgentId, versionHome: string): boolean;
+export declare function marketplaceIsEmpty(specOrName: MarketplaceSpec | string, agent: AgentId, versionHome: string): boolean;
 /**
  * Drop the entire marketplace directory. Called after the last plugin removal.
  */
-export declare function removeEmptyMarketplaceDir(agent: AgentId, versionHome: string): void;
+export declare function removeEmptyMarketplaceDir(specOrName: MarketplaceSpec | string, agent: AgentId, versionHome: string): void;
 /**
  * Detect whether a plugin is installed via the native marketplace path.
  */
-export declare function isInstalledInMarketplace(pluginName: string, agent: AgentId, versionHome: string): boolean;
+export declare function isInstalledInMarketplace(pluginName: string, specOrName: MarketplaceSpec | string, agent: AgentId, versionHome: string): boolean;
 export {};