@praveencs/agent 0.1.0

package/dist/src/policy/engine.js

@@ -0,0 +1,134 @@
+import { ScopeChecker } from './scope.js';
+import { auditEmitter, AuditEventType } from './audit.js';
+/**
+ * Policy Engine — enforces permissions, approvals, and scope limits
+ * This is an immutable core component that MUST NOT be modified by autonomous runs.
+ */
+export class PolicyEngine {
+    config;
+    scopeChecker;
+    sessionApprovals = new Set();
+    constructor(config, projectRoot) {
+        this.config = config;
+        this.scopeChecker = new ScopeChecker(config, projectRoot);
+    }
+    /**
+     * Check if an action is permitted based on policy rules
+     */
+    async checkPermission(action, ctx) {
+        // Check each required permission
+        for (const perm of action.permissions) {
+            const rule = this.findRule(perm);
+            // If session has pre-approved this permission
+            if (ctx.approvedPermissions.has(perm) || this.sessionApprovals.has(`${action.tool}:${perm}`)) {
+                continue;
+            }
+            switch (rule) {
+                case 'allow':
+                    continue;
+                case 'deny':
+                    auditEmitter.emit(AuditEventType.PERMISSION_DENIED, {
+                        tool: action.tool,
+                        permission: perm,
+                        reason: 'Denied by policy',
+                    });
+                    return {
+                        allowed: false,
+                        reason: `Permission "${perm}" is denied by policy for tool "${action.tool}"`,
+                        requiresApproval: false,
+                    };
+                case 'confirm':
+                    return {
+                        allowed: false,
+                        reason: `Action "${action.description}" requires approval (${perm})`,
+                        requiresApproval: true,
+                    };
+            }
+        }
+        return { allowed: true, requiresApproval: false };
+    }
+    /**
+     * Request approval from the user for a specific action
+     */
+    async requestApproval(action, ctx) {
+        // In autonomous mode, auto-approve low-risk actions
+        if (ctx.autonomous && action.riskLevel === 'low') {
+            this.grantSessionApproval(action);
+            return true;
+        }
+        // Call the approval handler
+        if (ctx.onApproval) {
+            const approved = await ctx.onApproval(action);
+            if (approved) {
+                this.grantSessionApproval(action);
+                auditEmitter.emit(AuditEventType.APPROVAL_GRANTED, {
+                    tool: action.tool,
+                    permissions: action.permissions,
+                    description: action.description,
+                });
+            }
+            else {
+                auditEmitter.emit(AuditEventType.APPROVAL_DENIED, {
+                    tool: action.tool,
+                    permissions: action.permissions,
+                    description: action.description,
+                });
+            }
+            return approved;
+        }
+        // No approval handler = deny
+        return false;
+    }
+    /**
+     * Check if a tool invocation is within the configured scope
+     */
+    checkScope(toolName, args) {
+        // Filesystem scope
+        if (toolName.startsWith('fs.') && args['path']) {
+            const check = this.scopeChecker.checkFilesystemScope(args['path']);
+            if (!check.inScope)
+                return false;
+        }
+        // Command scope
+        if (toolName === 'cmd.run' && args['command']) {
+            const check = this.scopeChecker.checkCommandScope(args['command']);
+            if (!check.inScope)
+                return false;
+        }
+        return true;
+    }
+    /**
+     * Grant session-level approval (persists for current run)
+     */
+    grantSessionApproval(action) {
+        for (const perm of action.permissions) {
+            this.sessionApprovals.add(`${action.tool}:${perm}`);
+        }
+    }
+    /**
+     * Clear all session approvals
+     */
+    clearSessionApprovals() {
+        this.sessionApprovals.clear();
+    }
+    // ─── Private ───
+    findRule(permission) {
+        // Check specific rules first
+        for (const rule of this.config.policy.rules) {
+            if (rule.permission === permission) {
+                return rule.action;
+            }
+        }
+        // Check parent category (e.g., filesystem.read → filesystem)
+        const parentPerm = permission.split('.')[0];
+        if (parentPerm !== permission) {
+            for (const rule of this.config.policy.rules) {
+                if (rule.permission === parentPerm) {
+                    return rule.action;
+                }
+            }
+        }
+        return this.config.policy.defaultApproval;
+    }
+}
+//# sourceMappingURL=engine.js.map

package/dist/src/policy/engine.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"engine.js","sourceRoot":"","sources":["../../../src/policy/engine.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAC1C,OAAO,EAAE,YAAY,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAE1D;;;GAGG;AACH,MAAM,OAAO,YAAY;IACb,MAAM,CAAc;IACpB,YAAY,CAAe;IAC3B,gBAAgB,GAAgB,IAAI,GAAG,EAAE,CAAC;IAElD,YAAY,MAAmB,EAAE,WAAmB;QAChD,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,YAAY,GAAG,IAAI,YAAY,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;IAC9D,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,eAAe,CACjB,MAAwB,EACxB,GAAqB;QAErB,iCAAiC;QACjC,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,WAAW,EAAE,CAAC;YACpC,MAAM,IAAI,GAAG,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;YAEjC,8CAA8C;YAC9C,IAAI,GAAG,CAAC,mBAAmB,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,GAAG,MAAM,CAAC,IAAI,IAAI,IAAI,EAAE,CAAC,EAAE,CAAC;gBAC3F,SAAS;YACb,CAAC;YAED,QAAQ,IAAI,EAAE,CAAC;gBACX,KAAK,OAAO;oBACR,SAAS;gBACb,KAAK,MAAM;oBACP,YAAY,CAAC,IAAI,CAAC,cAAc,CAAC,iBAAiB,EAAE;wBAChD,IAAI,EAAE,MAAM,CAAC,IAAI;wBACjB,UAAU,EAAE,IAAI;wBAChB,MAAM,EAAE,kBAAkB;qBAC7B,CAAC,CAAC;oBACH,OAAO;wBACH,OAAO,EAAE,KAAK;wBACd,MAAM,EAAE,eAAe,IAAI,mCAAmC,MAAM,CAAC,IAAI,GAAG;wBAC5E,gBAAgB,EAAE,KAAK;qBAC1B,CAAC;gBACN,KAAK,SAAS;oBACV,OAAO;wBACH,OAAO,EAAE,KAAK;wBACd,MAAM,EAAE,WAAW,MAAM,CAAC,WAAW,wBAAwB,IAAI,GAAG;wBACpE,gBAAgB,EAAE,IAAI;qBACzB,CAAC;YACV,CAAC;QACL,CAAC;QAED,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,gBAAgB,EAAE,KAAK,EAAE,CAAC;IACtD,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,eAAe,CACjB,MAAwB,EACxB,GAAqB;QAErB,oDAAoD;QACpD,IAAI,GAAG,CAAC,UAAU,IAAI,MAAM,CAAC,SAAS,KAAK,KAAK,EAAE,CAAC;YAC/C,IAAI,CAAC,oBAAoB,CAAC,MAAM,CAAC,CAAC;YAClC,OAAO,IAAI,CAAC;QAChB,CAAC;QAED,4BAA4B;QAC5B,IAAI,GAAG,CAAC,UAAU,EAAE,CAAC;YACjB,MAAM,QAAQ,GAAG,MAAM,GAAG,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;YAC9C,IAAI,QAAQ,EAAE,CAAC;gBACX,IAAI,CAAC,oBAAoB,CAAC,MAAM,CAAC,CAAC;gBAClC,YAAY,CAAC,IAAI,CAAC,cAAc,CAAC,gBAAgB,EAAE;oBAC/C,IAAI,EAAE,MAAM,CAAC,IAAI;oBACjB,WAAW,EAAE,MAAM,CAAC,WAAW;oBAC/B,WAAW,EAAE,MAAM,CAAC,WAAW;iBAClC,CAAC,CAAC;YACP,CAAC;iBAAM,CAAC;gBACJ,YAAY,CAAC,IAAI,CAAC,cAAc,CAAC,eAAe,EAAE;oBAC9C,IAAI,EAAE,MAAM,CAAC,IAAI;oBACjB,WAAW,EAAE,MAAM,CAAC,WAAW;oBAC/B,WAAW,EAAE,MAAM,CAAC,WAAW;iBAClC,CAAC,CAAC;YACP,CAAC;YACD,OAAO,QAAQ,CAAC;QACpB,CAAC;QAED,6BAA6B;QAC7B,OAAO,KAAK,CAAC;IACjB,CAAC;IAED;;OAEG;IACH,UAAU,CAAC,QAAgB,EAAE,IAA6B;QACtD,mBAAmB;QACnB,IAAI,QAAQ,CAAC,UAAU,CAAC,KAAK,CAAC,IAAI,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;YAC7C,MAAM,KAAK,GAAG,IAAI,CAAC,YAAY,CAAC,oBAAoB,CAAC,IAAI,CAAC,MAAM,CAAW,CAAC,CAAC;YAC7E,IAAI,CAAC,KAAK,CAAC,OAAO;gBAAE,OAAO,KAAK,CAAC;QACrC,CAAC;QAED,gBAAgB;QAChB,IAAI,QAAQ,KAAK,SAAS,IAAI,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;YAC5C,MAAM,KAAK,GAAG,IAAI,CAAC,YAAY,CAAC,iBAAiB,CAAC,IAAI,CAAC,SAAS,CAAW,CAAC,CAAC;YAC7E,IAAI,CAAC,KAAK,CAAC,OAAO;gBAAE,OAAO,KAAK,CAAC;QACrC,CAAC;QAED,OAAO,IAAI,CAAC;IAChB,CAAC;IAED;;OAEG;IACH,oBAAoB,CAAC,MAAwB;QACzC,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,WAAW,EAAE,CAAC;YACpC,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,GAAG,MAAM,CAAC,IAAI,IAAI,IAAI,EAAE,CAAC,CAAC;QACxD,CAAC;IACL,CAAC;IAED;;OAEG;IACH,qBAAqB;QACjB,IAAI,CAAC,gBAAgB,CAAC,KAAK,EAAE,CAAC;IAClC,CAAC;IAED,kBAAkB;IAEV,QAAQ,CAAC,UAA8B;QAC3C,6BAA6B;QAC7B,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;YAC1C,IAAI,IAAI,CAAC,UAAU,KAAK,UAAU,EAAE,CAAC;gBACjC,OAAO,IAAI,CAAC,MAAM,CAAC;YACvB,CAAC;QACL,CAAC;QAED,6DAA6D;QAC7D,MAAM,UAAU,GAAG,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;QAC5C,IAAI,UAAU,KAAK,UAAU,EAAE,CAAC;YAC5B,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;gBAC1C,IAAI,IAAI,CAAC,UAAU,KAAK,UAAU,EAAE,CAAC;oBACjC,OAAO,IAAI,CAAC,MAAM,CAAC;gBACvB,CAAC;YACL,CAAC;QACL,CAAC;QAED,OAAO,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC;IAC9C,CAAC;CACJ"}

package/dist/src/policy/scope.d.ts

@@ -0,0 +1,27 @@
+import type { AgentConfig } from '../config/schema.js';
+import type { ScopeCheckResult } from './types.js';
+/**
+ * Scope controls: filesystem allowlist, command allowlist, domain allowlist
+ */
+export declare class ScopeChecker {
+    private config;
+    private projectRoot;
+    constructor(config: AgentConfig, projectRoot: string);
+    /**
+     * Check if a filesystem path is within the allowed scope
+     */
+    checkFilesystemScope(filePath: string): ScopeCheckResult;
+    /**
+     * Check if a command is within the allowed scope
+     */
+    checkCommandScope(command: string): ScopeCheckResult;
+    /**
+     * Check if a domain is within the allowed scope
+     */
+    checkDomainScope(domain: string): ScopeCheckResult;
+    /**
+     * Simple glob match (supports ** and *)
+     */
+    private matchGlob;
+}
+//# sourceMappingURL=scope.d.ts.map

package/dist/src/policy/scope.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"scope.d.ts","sourceRoot":"","sources":["../../../src/policy/scope.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAC;AACvD,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AAEnD;;GAEG;AACH,qBAAa,YAAY;IACrB,OAAO,CAAC,MAAM,CAAc;IAC5B,OAAO,CAAC,WAAW,CAAS;gBAEhB,MAAM,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM;IAKpD;;OAEG;IACH,oBAAoB,CAAC,QAAQ,EAAE,MAAM,GAAG,gBAAgB;IAuBxD;;OAEG;IACH,iBAAiB,CAAC,OAAO,EAAE,MAAM,GAAG,gBAAgB;IAwBpD;;OAEG;IACH,gBAAgB,CAAC,MAAM,EAAE,MAAM,GAAG,gBAAgB;IAkBlD;;OAEG;IACH,OAAO,CAAC,SAAS;CAYpB"}

package/dist/src/policy/scope.js

@@ -0,0 +1,89 @@
+import path from 'node:path';
+/**
+ * Scope controls: filesystem allowlist, command allowlist, domain allowlist
+ */
+export class ScopeChecker {
+    config;
+    projectRoot;
+    constructor(config, projectRoot) {
+        this.config = config;
+        this.projectRoot = projectRoot;
+    }
+    /**
+     * Check if a filesystem path is within the allowed scope
+     */
+    checkFilesystemScope(filePath) {
+        const absPath = path.resolve(this.projectRoot, filePath);
+        const relPath = path.relative(this.projectRoot, absPath);
+        // Prevent path traversal outside project
+        if (relPath.startsWith('..')) {
+            return { inScope: false, violation: `Path "${filePath}" is outside project root` };
+        }
+        const allowlist = this.config.policy.filesystemAllowlist;
+        if (allowlist.length === 0) {
+            return { inScope: false, violation: 'Filesystem allowlist is empty' };
+        }
+        // Check if path matches any allowlist pattern
+        const matches = allowlist.some((pattern) => this.matchGlob(relPath, pattern));
+        if (!matches) {
+            return { inScope: false, violation: `Path "${relPath}" not in filesystem allowlist` };
+        }
+        return { inScope: true };
+    }
+    /**
+     * Check if a command is within the allowed scope
+     */
+    checkCommandScope(command) {
+        const allowlist = this.config.policy.commandAllowlist;
+        // If allowlist is empty, all commands require approval (but aren't blocked)
+        if (allowlist.length === 0) {
+            return { inScope: true };
+        }
+        const matches = allowlist.some((pattern) => {
+            if (pattern === command)
+                return true;
+            try {
+                return new RegExp(pattern).test(command);
+            }
+            catch {
+                return false;
+            }
+        });
+        if (!matches) {
+            return { inScope: false, violation: `Command "${command}" not in command allowlist` };
+        }
+        return { inScope: true };
+    }
+    /**
+     * Check if a domain is within the allowed scope
+     */
+    checkDomainScope(domain) {
+        const allowlist = this.config.policy.domainAllowlist;
+        if (allowlist.length === 0) {
+            return { inScope: true };
+        }
+        const matches = allowlist.some((d) => domain === d || domain.endsWith(`.${d}`));
+        if (!matches) {
+            return { inScope: false, violation: `Domain "${domain}" not in domain allowlist` };
+        }
+        return { inScope: true };
+    }
+    /**
+     * Simple glob match (supports ** and *)
+     */
+    matchGlob(str, pattern) {
+        if (pattern === '**/*' || pattern === '*')
+            return true;
+        const regexStr = pattern
+            .replace(/\*\*/g, '{{DOUBLE_STAR}}')
+            .replace(/\*/g, '[^/]*')
+            .replace(/{{DOUBLE_STAR}}/g, '.*');
+        try {
+            return new RegExp(`^${regexStr}$`).test(str);
+        }
+        catch {
+            return false;
+        }
+    }
+}
+//# sourceMappingURL=scope.js.map

package/dist/src/policy/scope.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"scope.js","sourceRoot":"","sources":["../../../src/policy/scope.ts"],"names":[],"mappings":"AAAA,OAAO,IAAI,MAAM,WAAW,CAAC;AAI7B;;GAEG;AACH,MAAM,OAAO,YAAY;IACb,MAAM,CAAc;IACpB,WAAW,CAAS;IAE5B,YAAY,MAAmB,EAAE,WAAmB;QAChD,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,WAAW,GAAG,WAAW,CAAC;IACnC,CAAC;IAED;;OAEG;IACH,oBAAoB,CAAC,QAAgB;QACjC,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC;QACzD,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;QAEzD,yCAAyC;QACzC,IAAI,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;YAC3B,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,SAAS,QAAQ,2BAA2B,EAAE,CAAC;QACvF,CAAC;QAED,MAAM,SAAS,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,mBAAmB,CAAC;QACzD,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACzB,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,+BAA+B,EAAE,CAAC;QAC1E,CAAC;QAED,8CAA8C;QAC9C,MAAM,OAAO,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC;QAC9E,IAAI,CAAC,OAAO,EAAE,CAAC;YACX,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,SAAS,OAAO,+BAA+B,EAAE,CAAC;QAC1F,CAAC;QAED,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IAC7B,CAAC;IAED;;OAEG;IACH,iBAAiB,CAAC,OAAe;QAC7B,MAAM,SAAS,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,gBAAgB,CAAC;QAEtD,4EAA4E;QAC5E,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACzB,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;QAC7B,CAAC;QAED,MAAM,OAAO,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE;YACvC,IAAI,OAAO,KAAK,OAAO;gBAAE,OAAO,IAAI,CAAC;YACrC,IAAI,CAAC;gBACD,OAAO,IAAI,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAC7C,CAAC;YAAC,MAAM,CAAC;gBACL,OAAO,KAAK,CAAC;YACjB,CAAC;QACL,CAAC,CAAC,CAAC;QAEH,IAAI,CAAC,OAAO,EAAE,CAAC;YACX,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,YAAY,OAAO,4BAA4B,EAAE,CAAC;QAC1F,CAAC;QAED,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IAC7B,CAAC;IAED;;OAEG;IACH,gBAAgB,CAAC,MAAc;QAC3B,MAAM,SAAS,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC;QAErD,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACzB,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;QAC7B,CAAC;QAED,MAAM,OAAO,GAAG,SAAS,CAAC,IAAI,CAC1B,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,KAAK,CAAC,IAAI,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC,CAClD,CAAC;QAEF,IAAI,CAAC,OAAO,EAAE,CAAC;YACX,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,WAAW,MAAM,2BAA2B,EAAE,CAAC;QACvF,CAAC;QAED,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IAC7B,CAAC;IAED;;OAEG;IACK,SAAS,CAAC,GAAW,EAAE,OAAe;QAC1C,IAAI,OAAO,KAAK,MAAM,IAAI,OAAO,KAAK,GAAG;YAAE,OAAO,IAAI,CAAC;QACvD,MAAM,QAAQ,GAAG,OAAO;aACnB,OAAO,CAAC,OAAO,EAAE,iBAAiB,CAAC;aACnC,OAAO,CAAC,KAAK,EAAE,OAAO,CAAC;aACvB,OAAO,CAAC,kBAAkB,EAAE,IAAI,CAAC,CAAC;QACvC,IAAI,CAAC;YACD,OAAO,IAAI,MAAM,CAAC,IAAI,QAAQ,GAAG,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACjD,CAAC;QAAC,MAAM,CAAC;YACL,OAAO,KAAK,CAAC;QACjB,CAAC;IACL,CAAC;CACJ"}

package/dist/src/policy/types.d.ts

@@ -0,0 +1,15 @@
+/**
+ * Permission category type definitions
+ */
+export type PermissionCategory = 'filesystem' | 'filesystem.read' | 'filesystem.write' | 'exec' | 'network' | 'ui_automation' | 'secrets';
+export type ApprovalAction = 'allow' | 'deny' | 'confirm';
+export interface PermissionResult {
+    allowed: boolean;
+    reason?: string;
+    requiresApproval: boolean;
+}
+export interface ScopeCheckResult {
+    inScope: boolean;
+    violation?: string;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/src/policy/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/policy/types.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,MAAM,MAAM,kBAAkB,GACxB,YAAY,GACZ,iBAAiB,GACjB,kBAAkB,GAClB,MAAM,GACN,SAAS,GACT,eAAe,GACf,SAAS,CAAC;AAEhB,MAAM,MAAM,cAAc,GAAG,OAAO,GAAG,MAAM,GAAG,SAAS,CAAC;AAE1D,MAAM,WAAW,gBAAgB;IAC7B,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,gBAAgB,EAAE,OAAO,CAAC;CAC7B;AAED,MAAM,WAAW,gBAAgB;IAC7B,OAAO,EAAE,OAAO,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;CACtB"}

package/dist/src/policy/types.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=types.js.map

package/dist/src/policy/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../src/policy/types.ts"],"names":[],"mappings":""}

package/dist/src/self-extend/generator.d.ts

@@ -0,0 +1,27 @@
+import type { AgentConfig } from '../config/schema.js';
+/**
+ * Self-extension: generate, validate, and activate new skills
+ *
+ * GUARDRAIL: This module CANNOT modify:
+ *   - src/policy/      (policy engine)
+ *   - src/tools/registry.ts (tool router)
+ *   - Any approval enforcement code
+ */
+export declare class SkillGenerator {
+    private config;
+    constructor(config: AgentConfig);
+    /**
+     * Generate a new skill from a description
+     */
+    generateSkillDraft(name: string, description: string, tools: string[]): Promise<string>;
+    /**
+     * Validate a generated skill
+     */
+    validateDraft(skillDir: string): Promise<{
+        valid: boolean;
+        errors: string[];
+    }>;
+    private inferPermissions;
+    private generatePrompt;
+}
+//# sourceMappingURL=generator.d.ts.map

package/dist/src/self-extend/generator.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"generator.d.ts","sourceRoot":"","sources":["../../../src/self-extend/generator.ts"],"names":[],"mappings":"AAMA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAEvD;;;;;;;GAOG;AACH,qBAAa,cAAc;IACvB,OAAO,CAAC,MAAM,CAAc;gBAEhB,MAAM,EAAE,WAAW;IAI/B;;OAEG;IACG,kBAAkB,CACpB,IAAI,EAAE,MAAM,EACZ,WAAW,EAAE,MAAM,EACnB,KAAK,EAAE,MAAM,EAAE,GAChB,OAAO,CAAC,MAAM,CAAC;IA8BlB;;OAEG;IACG,aAAa,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC;QAAE,KAAK,EAAE,OAAO,CAAC;QAAC,MAAM,EAAE,MAAM,EAAE,CAAA;KAAE,CAAC;IAapF,OAAO,CAAC,gBAAgB;IAsBxB,OAAO,CAAC,cAAc;CA6BzB"}

package/dist/src/self-extend/generator.js

@@ -0,0 +1,107 @@
+import { mkdir, writeFile } from 'node:fs/promises';
+import path from 'node:path';
+import { getSkillsDir } from '../utils/paths.js';
+import { validateSkill } from '../skills/validator.js';
+import { SkillLoader } from '../skills/loader.js';
+/**
+ * Self-extension: generate, validate, and activate new skills
+ *
+ * GUARDRAIL: This module CANNOT modify:
+ *   - src/policy/      (policy engine)
+ *   - src/tools/registry.ts (tool router)
+ *   - Any approval enforcement code
+ */
+export class SkillGenerator {
+    config;
+    constructor(config) {
+        this.config = config;
+    }
+    /**
+     * Generate a new skill from a description
+     */
+    async generateSkillDraft(name, description, tools) {
+        const skillDir = path.join(getSkillsDir(), name);
+        await mkdir(skillDir, { recursive: true });
+        // Generate skill.json manifest
+        const manifest = {
+            name,
+            version: '0.1.0',
+            description,
+            tools,
+            permissions: {
+                required: this.inferPermissions(tools),
+            },
+            entrypoint: 'prompt.md',
+            state: 'draft',
+        };
+        await writeFile(path.join(skillDir, 'skill.json'), JSON.stringify(manifest, null, 2) + '\n', 'utf-8');
+        // Generate prompt.md
+        const prompt = this.generatePrompt(name, description, tools);
+        await writeFile(path.join(skillDir, 'prompt.md'), prompt, 'utf-8');
+        return skillDir;
+    }
+    /**
+     * Validate a generated skill
+     */
+    async validateDraft(skillDir) {
+        const loader = new SkillLoader(this.config);
+        const skill = await loader.loadSkill(skillDir);
+        if (!skill) {
+            return { valid: false, errors: ['Failed to load skill'] };
+        }
+        const result = await validateSkill(skill);
+        return { valid: result.valid, errors: [...result.errors, ...result.warnings] };
+    }
+    // ─── Private ───
+    inferPermissions(tools) {
+        const perms = new Set();
+        for (const tool of tools) {
+            if (tool.startsWith('fs.read') || tool === 'fs.list' || tool === 'fs.search') {
+                perms.add('filesystem.read');
+            }
+            if (tool === 'fs.write' || tool === 'fs.patch') {
+                perms.add('filesystem.write');
+            }
+            if (tool === 'cmd.run') {
+                perms.add('exec');
+            }
+            if (tool.startsWith('git.')) {
+                perms.add('filesystem.read');
+            }
+            if (tool === 'git.commit') {
+                perms.add('exec');
+            }
+        }
+        return Array.from(perms);
+    }
+    generatePrompt(name, description, tools) {
+        return `# ${name}
+
+## Description
+${description}
+
+## Available Tools
+${tools.map((t) => `- \`${t}\``).join('\n')}
+
+## Instructions
+You are a skill that accomplishes the following goal:
+${description}
+
+Use the available tools to complete this task.
+Follow these guidelines:
+1. Plan your approach before taking action
+2. Verify your work after each step
+3. Handle errors gracefully
+4. Report your progress clearly
+
+## Input Variables
+{{input}}
+
+## Completion Criteria
+- Task described above is complete
+- All outputs are verified
+- No errors remain
+`;
+    }
+}
+//# sourceMappingURL=generator.js.map

package/dist/src/self-extend/generator.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"generator.js","sourceRoot":"","sources":["../../../src/self-extend/generator.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AACpD,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AAEjD,OAAO,EAAE,aAAa,EAAE,MAAM,wBAAwB,CAAC;AACvD,OAAO,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAGlD;;;;;;;GAOG;AACH,MAAM,OAAO,cAAc;IACf,MAAM,CAAc;IAE5B,YAAY,MAAmB;QAC3B,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACzB,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,kBAAkB,CACpB,IAAY,EACZ,WAAmB,EACnB,KAAe;QAEf,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,EAAE,IAAI,CAAC,CAAC;QACjD,MAAM,KAAK,CAAC,QAAQ,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAE3C,+BAA+B;QAC/B,MAAM,QAAQ,GAAkB;YAC5B,IAAI;YACJ,OAAO,EAAE,OAAO;YAChB,WAAW;YACX,KAAK;YACL,WAAW,EAAE;gBACT,QAAQ,EAAE,IAAI,CAAC,gBAAgB,CAAC,KAAK,CAAC;aACzC;YACD,UAAU,EAAE,WAAW;YACvB,KAAK,EAAE,OAAO;SACA,CAAC;QAEnB,MAAM,SAAS,CACX,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,YAAY,CAAC,EACjC,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,EACxC,OAAO,CACV,CAAC;QAEF,qBAAqB;QACrB,MAAM,MAAM,GAAG,IAAI,CAAC,cAAc,CAAC,IAAI,EAAE,WAAW,EAAE,KAAK,CAAC,CAAC;QAC7D,MAAM,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,WAAW,CAAC,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC;QAEnE,OAAO,QAAQ,CAAC;IACpB,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,aAAa,CAAC,QAAgB;QAChC,MAAM,MAAM,GAAG,IAAI,WAAW,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAC5C,MAAM,KAAK,GAAG,MAAM,MAAM,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;QAC/C,IAAI,CAAC,KAAK,EAAE,CAAC;YACT,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,sBAAsB,CAAC,EAAE,CAAC;QAC9D,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC,KAAK,CAAC,CAAC;QAC1C,OAAO,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,EAAE,MAAM,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,GAAG,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC;IACnF,CAAC;IAED,kBAAkB;IAEV,gBAAgB,CAAC,KAAe;QACpC,MAAM,KAAK,GAAG,IAAI,GAAG,EAAU,CAAC;QAChC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACvB,IAAI,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,IAAI,IAAI,KAAK,SAAS,IAAI,IAAI,KAAK,WAAW,EAAE,CAAC;gBAC3E,KAAK,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;YACjC,CAAC;YACD,IAAI,IAAI,KAAK,UAAU,IAAI,IAAI,KAAK,UAAU,EAAE,CAAC;gBAC7C,KAAK,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC;YAClC,CAAC;YACD,IAAI,IAAI,KAAK,SAAS,EAAE,CAAC;gBACrB,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;YACtB,CAAC;YACD,IAAI,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;gBAC1B,KAAK,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;YACjC,CAAC;YACD,IAAI,IAAI,KAAK,YAAY,EAAE,CAAC;gBACxB,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;YACtB,CAAC;QACL,CAAC;QACD,OAAO,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAC7B,CAAC;IAEO,cAAc,CAAC,IAAY,EAAE,WAAmB,EAAE,KAAe;QACrE,OAAO,KAAK,IAAI;;;EAGtB,WAAW;;;EAGX,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC;;;;EAIzC,WAAW;;;;;;;;;;;;;;;;CAgBZ,CAAC;IACE,CAAC;CACJ"}

package/dist/src/self-extend/publisher.d.ts

@@ -0,0 +1,5 @@
+/**
+ * Version bump and changelog for self-generated skills
+ */
+export declare function bumpVersion(skillDir: string, bumpType?: 'patch' | 'minor' | 'major'): Promise<string>;
+//# sourceMappingURL=publisher.d.ts.map

package/dist/src/self-extend/publisher.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"publisher.d.ts","sourceRoot":"","sources":["../../../src/self-extend/publisher.ts"],"names":[],"mappings":"AAGA;;GAEG;AACH,wBAAsB,WAAW,CAC7B,QAAQ,EAAE,MAAM,EAChB,QAAQ,GAAE,OAAO,GAAG,OAAO,GAAG,OAAiB,GAChD,OAAO,CAAC,MAAM,CAAC,CAsCjB"}

package/dist/src/self-extend/publisher.js

@@ -0,0 +1,40 @@
+import { readFile, writeFile, access } from 'node:fs/promises';
+import path from 'node:path';
+/**
+ * Version bump and changelog for self-generated skills
+ */
+export async function bumpVersion(skillDir, bumpType = 'patch') {
+    const manifestPath = path.join(skillDir, 'skill.json');
+    const content = await readFile(manifestPath, 'utf-8');
+    const manifest = JSON.parse(content);
+    const [major, minor, patch] = manifest.version.split('.').map(Number);
+    let newVersion;
+    switch (bumpType) {
+        case 'major':
+            newVersion = `${major + 1}.0.0`;
+            break;
+        case 'minor':
+            newVersion = `${major}.${minor + 1}.0`;
+            break;
+        case 'patch':
+        default:
+            newVersion = `${major}.${minor}.${patch + 1}`;
+            break;
+    }
+    manifest.version = newVersion;
+    await writeFile(manifestPath, JSON.stringify(manifest, null, 2) + '\n', 'utf-8');
+    // Update changelog
+    const changelogPath = path.join(skillDir, 'CHANGELOG.md');
+    const date = new Date().toISOString().split('T')[0];
+    const entry = `\n## ${newVersion} (${date})\n\n- Version bump\n`;
+    try {
+        await access(changelogPath);
+        const existing = await readFile(changelogPath, 'utf-8');
+        await writeFile(changelogPath, entry + existing, 'utf-8');
+    }
+    catch {
+        await writeFile(changelogPath, `# Changelog\n${entry}`, 'utf-8');
+    }
+    return newVersion;
+}
+//# sourceMappingURL=publisher.js.map

package/dist/src/self-extend/publisher.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"publisher.js","sourceRoot":"","sources":["../../../src/self-extend/publisher.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,kBAAkB,CAAC;AAC/D,OAAO,IAAI,MAAM,WAAW,CAAC;AAE7B;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,WAAW,CAC7B,QAAgB,EAChB,WAAwC,OAAO;IAE/C,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC;IACvD,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;IACtD,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IAErC,MAAM,CAAC,KAAK,EAAE,KAAK,EAAE,KAAK,CAAC,GAAG,QAAQ,CAAC,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IACtE,IAAI,UAAkB,CAAC;IAEvB,QAAQ,QAAQ,EAAE,CAAC;QACf,KAAK,OAAO;YACR,UAAU,GAAG,GAAG,KAAK,GAAG,CAAC,MAAM,CAAC;YAChC,MAAM;QACV,KAAK,OAAO;YACR,UAAU,GAAG,GAAG,KAAK,IAAI,KAAK,GAAG,CAAC,IAAI,CAAC;YACvC,MAAM;QACV,KAAK,OAAO,CAAC;QACb;YACI,UAAU,GAAG,GAAG,KAAK,IAAI,KAAK,IAAI,KAAK,GAAG,CAAC,EAAE,CAAC;YAC9C,MAAM;IACd,CAAC;IAED,QAAQ,CAAC,OAAO,GAAG,UAAU,CAAC;IAC9B,MAAM,SAAS,CAAC,YAAY,EAAE,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,EAAE,OAAO,CAAC,CAAC;IAEjF,mBAAmB;IACnB,MAAM,aAAa,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC;IAC1D,MAAM,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IACpD,MAAM,KAAK,GAAG,QAAQ,UAAU,KAAK,IAAI,uBAAuB,CAAC;IAEjE,IAAI,CAAC;QACD,MAAM,MAAM,CAAC,aAAa,CAAC,CAAC;QAC5B,MAAM,QAAQ,GAAG,MAAM,QAAQ,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC;QACxD,MAAM,SAAS,CAAC,aAAa,EAAE,KAAK,GAAG,QAAQ,EAAE,OAAO,CAAC,CAAC;IAC9D,CAAC;IAAC,MAAM,CAAC;QACL,MAAM,SAAS,CAAC,aAAa,EAAE,gBAAgB,KAAK,EAAE,EAAE,OAAO,CAAC,CAAC;IACrE,CAAC;IAED,OAAO,UAAU,CAAC;AACtB,CAAC"}

package/dist/src/self-extend/sandbox.d.ts

@@ -0,0 +1,10 @@
+/**
+ * Sandbox for running skill validators safely
+ * Placeholder for Phase 3 — will add proper sandboxing
+ */
+export declare function runInSandbox(command: string, cwd: string, timeout?: number): Promise<{
+    exitCode: number;
+    stdout: string;
+    stderr: string;
+}>;
+//# sourceMappingURL=sandbox.d.ts.map

package/dist/src/self-extend/sandbox.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sandbox.d.ts","sourceRoot":"","sources":["../../../src/self-extend/sandbox.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,wBAAsB,YAAY,CAC9B,OAAO,EAAE,MAAM,EACf,GAAG,EAAE,MAAM,EACX,OAAO,GAAE,MAAc,GACxB,OAAO,CAAC;IAAE,QAAQ,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,CAAC,CAoB/D"}

package/dist/src/self-extend/sandbox.js

@@ -0,0 +1,22 @@
+/**
+ * Sandbox for running skill validators safely
+ * Placeholder for Phase 3 — will add proper sandboxing
+ */
+export async function runInSandbox(command, cwd, timeout = 30000) {
+    const { execFile } = await import('node:child_process');
+    const { promisify } = await import('node:util');
+    const execFileAsync = promisify(execFile);
+    try {
+        const { stdout, stderr } = await execFileAsync(command.split(' ')[0], command.split(' ').slice(1), { cwd, timeout, shell: true });
+        return { exitCode: 0, stdout: stdout.toString(), stderr: stderr.toString() };
+    }
+    catch (err) {
+        const error = err;
+        return {
+            exitCode: error.code ?? 1,
+            stdout: error.stdout?.toString() ?? '',
+            stderr: error.stderr?.toString() ?? '',
+        };
+    }
+}
+//# sourceMappingURL=sandbox.js.map

package/dist/src/self-extend/sandbox.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sandbox.js","sourceRoot":"","sources":["../../../src/self-extend/sandbox.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAC9B,OAAe,EACf,GAAW,EACX,UAAkB,KAAK;IAEvB,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,MAAM,CAAC,oBAAoB,CAAC,CAAC;IACxD,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,MAAM,CAAC,WAAW,CAAC,CAAC;IAChD,MAAM,aAAa,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC;IAE1C,IAAI,CAAC;QACD,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,aAAa,CAC1C,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EACrB,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAC3B,EAAE,GAAG,EAAE,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,CAChC,CAAC;QACF,OAAO,EAAE,QAAQ,EAAE,CAAC,EAAE,MAAM,EAAE,MAAM,CAAC,QAAQ,EAAE,EAAE,MAAM,EAAE,MAAM,CAAC,QAAQ,EAAE,EAAE,CAAC;IACjF,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACX,MAAM,KAAK,GAAG,GAA0D,CAAC;QACzE,OAAO;YACH,QAAQ,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC;YACzB,MAAM,EAAE,KAAK,CAAC,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE;YACtC,MAAM,EAAE,KAAK,CAAC,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE;SACzC,CAAC;IACN,CAAC;AACL,CAAC"}

package/dist/src/skills/hub/lockfile.d.ts

@@ -0,0 +1,15 @@
+/**
+ * Skill lockfile management (Phase 3)
+ */
+export interface LockfileEntry {
+    name: string;
+    version: string;
+    hash: string;
+    installedAt: string;
+}
+export declare class LockfileManager {
+    read(): Promise<LockfileEntry[]>;
+    write(_entries: LockfileEntry[]): Promise<void>;
+    addEntry(_entry: LockfileEntry): Promise<void>;
+}
+//# sourceMappingURL=lockfile.d.ts.map

package/dist/src/skills/hub/lockfile.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"lockfile.d.ts","sourceRoot":"","sources":["../../../../src/skills/hub/lockfile.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,MAAM,WAAW,aAAa;IAC1B,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;CACvB;AAED,qBAAa,eAAe;IAClB,IAAI,IAAI,OAAO,CAAC,aAAa,EAAE,CAAC;IAKhC,KAAK,CAAC,QAAQ,EAAE,aAAa,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC;IAI/C,QAAQ,CAAC,MAAM,EAAE,aAAa,GAAG,OAAO,CAAC,IAAI,CAAC;CAGvD"}

package/dist/src/skills/hub/lockfile.js

@@ -0,0 +1,13 @@
+export class LockfileManager {
+    async read() {
+        // Phase 3
+        return [];
+    }
+    async write(_entries) {
+        // Phase 3
+    }
+    async addEntry(_entry) {
+        // Phase 3
+    }
+}
+//# sourceMappingURL=lockfile.js.map

package/dist/src/skills/hub/lockfile.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"lockfile.js","sourceRoot":"","sources":["../../../../src/skills/hub/lockfile.ts"],"names":[],"mappings":"AAUA,MAAM,OAAO,eAAe;IACxB,KAAK,CAAC,IAAI;QACN,UAAU;QACV,OAAO,EAAE,CAAC;IACd,CAAC;IAED,KAAK,CAAC,KAAK,CAAC,QAAyB;QACjC,UAAU;IACd,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,MAAqB;QAChC,UAAU;IACd,CAAC;CACJ"}

package/dist/src/skills/hub/publisher.d.ts

@@ -0,0 +1,7 @@
+/**
+ * Skill publisher (Phase 3)
+ */
+export declare class SkillPublisher {
+    publish(_skillDir: string, _registryUrl: string): Promise<void>;
+}
+//# sourceMappingURL=publisher.d.ts.map

package/dist/src/skills/hub/publisher.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"publisher.d.ts","sourceRoot":"","sources":["../../../../src/skills/hub/publisher.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,qBAAa,cAAc;IACjB,OAAO,CAAC,SAAS,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;CAIxE"}

package/dist/src/skills/hub/publisher.js

@@ -0,0 +1,10 @@
+/**
+ * Skill publisher (Phase 3)
+ */
+export class SkillPublisher {
+    async publish(_skillDir, _registryUrl) {
+        // Phase 3
+        console.log('Skill publishing not yet available');
+    }
+}
+//# sourceMappingURL=publisher.js.map

package/dist/src/skills/hub/publisher.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"publisher.js","sourceRoot":"","sources":["../../../../src/skills/hub/publisher.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,MAAM,OAAO,cAAc;IACvB,KAAK,CAAC,OAAO,CAAC,SAAiB,EAAE,YAAoB;QACjD,UAAU;QACV,OAAO,CAAC,GAAG,CAAC,oCAAoC,CAAC,CAAC;IACtD,CAAC;CACJ"}

package/dist/src/skills/hub/registry.d.ts

@@ -0,0 +1,16 @@
+/**
+ * Skill Hub registry client (Phase 3)
+ * Handles remote skill installation and publishing
+ */
+export declare class RegistryClient {
+    readonly baseUrl: string;
+    constructor(baseUrl: string);
+    search(query: string): Promise<{
+        name: string;
+        version: string;
+        description: string;
+    }[]>;
+    install(name: string, version?: string): Promise<void>;
+    publish(skillDir: string): Promise<void>;
+}
+//# sourceMappingURL=registry.d.ts.map

package/dist/src/skills/hub/registry.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"registry.d.ts","sourceRoot":"","sources":["../../../../src/skills/hub/registry.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,qBAAa,cAAc;aACK,OAAO,EAAE,MAAM;gBAAf,OAAO,EAAE,MAAM;IAErC,MAAM,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAC;QAAC,WAAW,EAAE,MAAM,CAAA;KAAE,EAAE,CAAC;IAMxF,OAAO,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAKtD,OAAO,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;CAIjD"}