@prave/cli 1.0.8 → 1.0.9

package/dist/commands/deploy.js

@@ -8,6 +8,7 @@ import { api, ApiError } from '../lib/api.js';
 import { requireAuth } from '../lib/credentials.js';
 import { fetchMyPlan, formatUpgradeHint } from '../lib/plan.js';
 import { CONFIG } from '../lib/config.js';
+import { assertSlug, InvalidSlugError } from '../lib/slug.js';
 import { log } from '../utils/logger.js';
 function detectOsKey(detected) {
     if (detected === 'windows')
@@ -70,6 +71,17 @@ function buildDestPath(agent, basePath, os, slug) {
     };
 }
 export async function deployCommand(skillName, opts = {}) {
+    try {
+        assertSlug(skillName);
+    }
+    catch (err) {
+        if (err instanceof InvalidSlugError) {
+            log.error(err.message);
+            process.exitCode = 1;
+            return;
+        }
+        throw err;
+    }
     const session = await requireAuth('prave deploy');
     if (!session)
         return;

package/dist/commands/install.js

@@ -7,6 +7,7 @@ import { api, ApiError } from '../lib/api.js';
 import { CONFIG } from '../lib/config.js';
 import { loadCredentials, requireAuth } from '../lib/credentials.js';
 import { fetchMyPlan, formatUpgradeHint } from '../lib/plan.js';
+import { assertSlug, InvalidSlugError } from '../lib/slug.js';
 import { log } from '../utils/logger.js';
 /**
  * `prave install <slug>` — pulls SKILL.md to ~/.claude/skills/<slug>/.
@@ -19,6 +20,17 @@ import { log } from '../utils/logger.js';
  *     instead of letting the API error bubble.
  */
 export async function installCommand(slug, opts = {}) {
+    try {
+        assertSlug(slug);
+    }
+    catch (err) {
+        if (err instanceof InvalidSlugError) {
+            log.error(err.message);
+            process.exitCode = 1;
+            return;
+        }
+        throw err;
+    }
     // Auth gate — installs MUST be tracked, otherwise we can't bump counts,
     // serve recommendations, or surface "updates available" later. Block here
     // before any registry hit so the user gets a clear hint instead of a

package/dist/commands/optimize.js

@@ -1,8 +1,11 @@
 import chalk from 'chalk';
 import ora from 'ora';
+import readline from 'node:readline/promises';
 import { api, ApiError } from '../lib/api.js';
 import { requireAuth } from '../lib/credentials.js';
+import { isValidSlug } from '../lib/slug.js';
 import { log } from '../utils/logger.js';
+import { uninstallCommand } from './uninstall.js';
 function formatTokens(n) {
     if (n < 1000)
         return `~${n}`;
@@ -11,6 +14,41 @@ function formatTokens(n) {
 function nameOf(s) {
     return s.name ?? s.file_path;
 }
+/**
+ * Map a skill_metadata row back to the registry slug. The canonical on-disk
+ * layout is `~/.claude/skills/<slug>/SKILL.md`, so the second-to-last path
+ * component is the slug. Falls back to a slugified `name` when the row was
+ * created by the slug-keyed self-heal path (no real file_path on disk).
+ */
+function slugOf(s) {
+    const segs = s.file_path?.split('/').filter(Boolean) ?? [];
+    let candidate = null;
+    if (segs.length >= 2) {
+        const last = segs[segs.length - 1];
+        const parent = segs[segs.length - 2];
+        if (last.toLowerCase().endsWith('skill.md'))
+            candidate = parent;
+    }
+    if (!candidate && s.name) {
+        candidate = s.name.trim().toLowerCase().replace(/\s+/g, '-');
+    }
+    if (!candidate)
+        return null;
+    // Reject anything that doesn't pass the registry slug regex — protects
+    // the disk against `..`/path-traversal payloads that could have been
+    // injected via a malformed `file_path`.
+    return isValidSlug(candidate) ? candidate : null;
+}
+async function confirmYesNo(question) {
+    const rl = readline.createInterface({ input: process.stdin, output: process.stdout });
+    try {
+        const ans = (await rl.question(`${question} [y/N] `)).trim().toLowerCase();
+        return ans === 'y' || ans === 'yes';
+    }
+    finally {
+        rl.close();
+    }
+}
 export async function optimizeCommand(opts = {}) {
     const _session = await requireAuth("prave optimize");
     if (!_session)
@@ -51,9 +89,36 @@ export async function optimizeCommand(opts = {}) {
         }
         console.log();
         console.log(chalk.bold(`Total estimated savings: ${formatTokens(data.total_savings_estimate_tokens)} tokens / session`));
-        if (opts.apply) {
+        if (opts.removeUnused) {
+            console.log();
+            const candidates = data.underused
+                .map((s) => ({ skill: s, slug: slugOf(s) }))
+                .filter((c) => c.slug !== null);
+            if (candidates.length === 0) {
+                log.dim('Nothing to remove — no underused skills with a resolvable on-disk slug.');
+                return;
+            }
+            console.log(chalk.bold(`Will remove ${candidates.length} unused skill(s) from disk:`));
+            for (const c of candidates) {
+                console.log(`  ${chalk.red('✗')} ${c.slug} ${chalk.dim(formatTokens(c.skill.estimated_tokens))}`);
+            }
+            console.log();
+            const proceed = opts.yes ? true : await confirmYesNo(chalk.yellow(`Delete ${candidates.length} skill folder(s) from ~/.claude/skills/? This cannot be undone.`));
+            if (!proceed) {
+                log.dim('Aborted — nothing removed.');
+                return;
+            }
+            for (const c of candidates) {
+                await uninstallCommand(c.slug);
+            }
+            console.log();
+            log.dim(`Removed ${candidates.length} skill(s). Run ${chalk.cyan('prave sync')} to update server-side metadata.`);
+        }
+        else if (opts.apply) {
             console.log();
-            log.dim('Auto-apply not yet available — review the suggestions and adjust manually.');
+            log.dim('Auto-apply not available — use ' +
+                chalk.cyan('prave optimize --remove-unused') +
+                ' to delete underused skills, or review the suggestions and adjust manually.');
         }
     }
     catch (err) {

package/dist/commands/uninstall.js

@@ -1,14 +1,37 @@
 import { rm } from 'node:fs/promises';
-import { join } from 'node:path';
+import { join, resolve, sep } from 'node:path';
 import ora from 'ora';
 import { CONFIG } from '../lib/config.js';
+import { assertSlug, InvalidSlugError } from '../lib/slug.js';
 /**
  * `prave uninstall <slug>` — removes ~/.claude/skills/<slug> recursively.
  * No remote call: uninstalls are local-only; the install record stays
  * for analytics + history.
+ *
+ * Slug is validated against [a-z0-9][a-z0-9-]{0,63} before any path math
+ * so a hostile arg like `../../etc` cannot escape the skills directory.
  */
 export async function uninstallCommand(slug) {
+    try {
+        assertSlug(slug);
+    }
+    catch (err) {
+        if (err instanceof InvalidSlugError) {
+            console.error(err.message);
+            process.exitCode = 1;
+            return;
+        }
+        throw err;
+    }
     const dir = join(CONFIG.skillsDir, slug);
+    // Defence-in-depth: even with the regex above, refuse to remove anything
+    // outside the skills root (handles symlink edge-cases on Windows).
+    const root = resolve(CONFIG.skillsDir);
+    if (!resolve(dir).startsWith(root + sep)) {
+        console.error(`Refusing to remove ${dir} — outside ${root}`);
+        process.exitCode = 1;
+        return;
+    }
     const spinner = ora(`Removing ${slug}…`).start();
     try {
         await rm(dir, { recursive: true, force: true });

package/dist/index.js

@@ -124,6 +124,8 @@ program
     .command('optimize')
     .description('Recommendations: underused, mergeable, and heavy skills')
     .option('--apply', 'placeholder for auto-apply')
+    .option('--remove-unused', 'interactively delete skills that have not fired in 30+ days from ~/.claude/skills/')
+    .option('--yes', 'with --remove-unused: skip the confirmation prompt')
     .action(optimizeCommand);
 const usage = program
     .command('usage')
@@ -197,6 +199,7 @@ program
         '  prave whatdoes <skill>             # triggers, tokens, conflicts',
         '  prave conflicts                    # cross-skill collision check',
         '  prave optimize                     # heavy / underused / mergeable',
+        '  prave optimize --remove-unused     # delete 30d-silent skills from disk',
         '',
         'Usage tracking (Pro+)',
         '  prave usage hook install           # real-time PostToolUse hook',

package/dist/lib/slug.js

@@ -0,0 +1,32 @@
+/**
+ * Skill slug validator.
+ *
+ * Slugs become path components on disk (`~/.claude/skills/<slug>/`) and on
+ * the registry (`/skills/<slug>`). Without validation a hostile or mistyped
+ * `slug` like `../../etc/passwd` would escape the skills root and let
+ * `prave uninstall` (or the new `prave optimize --remove-unused` flow)
+ * delete files outside the user's skill folder.
+ *
+ * Rules:
+ *   - 1–64 chars, lowercase
+ *   - first char alphanumeric
+ *   - subsequent chars alphanumeric or `-`
+ *   - no `/`, no `.`, no whitespace, no traversal sequences
+ *
+ * The same regex is enforced server-side via Zod, but defence-in-depth
+ * keeps the CLI safe even if a future endpoint is laxer.
+ */
+export const SLUG_RE = /^[a-z0-9][a-z0-9-]{0,63}$/;
+export class InvalidSlugError extends Error {
+    constructor(slug) {
+        super(`Invalid slug "${slug}" — expected 1-64 lowercase alphanumeric characters and dashes (e.g. "markdown-pro").`);
+        this.name = 'InvalidSlugError';
+    }
+}
+export function isValidSlug(s) {
+    return SLUG_RE.test(s);
+}
+export function assertSlug(s) {
+    if (!isValidSlug(s))
+        throw new InvalidSlugError(s);
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@prave/cli",
-  "version": "1.0.8",
+  "version": "1.0.9",
   "description": "Prave CLI — import, export, install, sync Claude Skills.",
   "type": "module",
   "bin": {
@@ -16,7 +16,7 @@
     "open": "^10.1.0",
     "ora": "^8.0.1",
     "undici": "^6.18.0",
-    "@prave/shared": "1.0.8"
+    "@prave/shared": "1.0.9"
   },
   "devDependencies": {
     "@types/node": "^20.12.7",