@prompd/cli 0.4.11 → 0.5.0-beta.10

package/dist/lib/registry.js

@@ -45,7 +45,10 @@ const tar = __importStar(require("tar"));
 const events_1 = require("events");
 const security_1 = require("./security");
 const config_1 = require("./config");
+const types_1 = require("../types");
 const file_system_1 = require("./compiler/file-system");
+const package_resolver_1 = require("./compiler/package-resolver");
+const validation_1 = require("./validation");
 /**
  * Package Registry Client
  */
@@ -75,10 +78,25 @@ class RegistryClient extends events_1.EventEmitter {
         this.ensureCacheDir();
     }
     get registryUrl() {
-        return this.registryConfig.url;
+        return this.registryConfig.url.replace(/\/+$/, '');
+    }
+    /**
+     * Encode a package name for safe URL usage.
+     * Preserves the @ prefix and / separator in scoped packages (e.g. @scope/name),
+     * but encodes all other special characters in each segment.
+     */
+    encodePackageName(packageName) {
+        // Handle scoped packages: @scope/name
+        if (packageName.startsWith('@') && packageName.includes('/')) {
+            const slashIndex = packageName.indexOf('/');
+            const scope = packageName.substring(1, slashIndex);
+            const name = packageName.substring(slashIndex + 1);
+            return `@${encodeURIComponent(scope)}/${encodeURIComponent(name)}`;
+        }
+        return encodeURIComponent(packageName);
     }
     get authToken() {
-        return this.registryConfig.token;
+        return this.registryConfig.api_key || this.registryConfig.token;
     }
     get cacheDir() {
         return path.join(require('os').homedir(), '.prompd', 'cache');
@@ -101,7 +119,17 @@ class RegistryClient extends events_1.EventEmitter {
         const path = require('path');
         const configPath = path.join(os.homedir(), '.prompd', 'config.yaml');
         // Use env var for registry URL if set (useful for local development)
-        const registryUrl = process.env.PROMPD_REGISTRY_URL || 'https://registry.prompdhub.ai';
+        const defaultUrl = 'https://registry.prompdhub.ai';
+        let registryUrl = defaultUrl;
+        const envRegistryUrl = process.env.PROMPD_REGISTRY_URL;
+        if (envRegistryUrl) {
+            if ((0, validation_1.validateRegistryUrl)(envRegistryUrl)) {
+                registryUrl = envRegistryUrl;
+            }
+            else {
+                console.warn(`Warning: PROMPD_REGISTRY_URL value is invalid, falling back to default: ${defaultUrl}`);
+            }
+        }
         const defaultConfig = {
             apiKeys: {},
             customProviders: {},
@@ -121,7 +149,11 @@ class RegistryClient extends events_1.EventEmitter {
         try {
             if (fs.existsSync(configPath)) {
                 const configContent = fs.readFileSync(configPath, 'utf-8');
-                const fileConfig = yaml.parse(configContent);
+                const fileConfig = yaml.parse(configContent, { strict: true, maxAliasCount: 64 });
+                // Validate parsed config is a plain object
+                if (!fileConfig || typeof fileConfig !== 'object' || Array.isArray(fileConfig)) {
+                    return defaultConfig;
+                }
                 // Merge with default config
                 const mergedConfig = { ...defaultConfig, ...fileConfig };
                 // Ensure registry structure exists
@@ -234,8 +266,6 @@ class RegistryClient extends events_1.EventEmitter {
      */
     async install(packageName, options = {}) {
         this.emit('installStart', { packageName, options });
-        console.log('[RegistryClient.install] Starting install:', packageName);
-        console.log('[RegistryClient.install] Options:', JSON.stringify(options));
         try {
             // Parse package reference if it includes @version
             // Format: @namespace/package@version
@@ -248,16 +278,18 @@ class RegistryClient extends events_1.EventEmitter {
                 name = packageName.substring(0, lastAtIndex);
                 versionSpec = packageName.substring(lastAtIndex + 1);
             }
-            console.log('[RegistryClient.install] Parsed name:', name, 'version:', versionSpec);
             // Resolve version
             const resolvedVersion = await this.resolveVersion(name, versionSpec);
-            console.log('[RegistryClient.install] Resolved version:', resolvedVersion);
             // Check cache first
             const cacheKey = `${name}@${resolvedVersion}`;
             if (!options.skipCache && !options.force) {
                 const cachedPath = await this.getCachedPackage(cacheKey);
                 if (cachedPath) {
                     await this.installFromCache(cachedPath, name, resolvedVersion, options);
+                    if (!options.global) {
+                        await this.addWorkspaceDependency(name, resolvedVersion, options.workspaceRoot);
+                    }
+                    this.emit('installComplete', { name, version: resolvedVersion });
                     return;
                 }
             }
@@ -280,16 +312,17 @@ class RegistryClient extends events_1.EventEmitter {
                 }
             }
             // Extract and install package
-            console.log('[RegistryClient.install] Extracting package to workspace...');
             await this.extractAndInstallPackage(packageData, name, resolvedVersion, options);
-            console.log('[RegistryClient.install] Extraction complete');
             // Cache package
             await this.cachePackage(cacheKey, packageData);
+            // Update workspace prompd.json dependencies (skip for global installs)
+            if (!options.global) {
+                await this.addWorkspaceDependency(name, resolvedVersion, options.workspaceRoot);
+            }
             this.emit('installComplete', {
                 name: name,
                 version: resolvedVersion
             });
-            console.log('[RegistryClient.install] Install complete for', name, '@', resolvedVersion);
         }
         catch (error) {
             this.emit('installError', { packageName, error });
@@ -303,11 +336,13 @@ class RegistryClient extends events_1.EventEmitter {
         try {
             const searchParams = new URLSearchParams();
             if (query.query)
-                searchParams.set('q', query.query);
+                searchParams.set('search', query.query);
             if (query.category)
                 searchParams.set('category', query.category);
-            if (query.type)
-                searchParams.set('type', query.type);
+            if (query.type) {
+                const typeValue = Array.isArray(query.type) ? query.type.join(',') : query.type;
+                searchParams.set('type', typeValue);
+            }
             if (query.tags)
                 searchParams.set('tags', query.tags.join(','));
             if (query.author)
@@ -318,8 +353,7 @@ class RegistryClient extends events_1.EventEmitter {
                 searchParams.set('offset', query.offset.toString());
             if (query.sort)
                 searchParams.set('sort', query.sort);
-            // Registry uses /packages?search= endpoint, not /search?q=
-            const response = await fetch(`${this.registryUrl}/packages?search=${encodeURIComponent(query.query || '')}`, {
+            const response = await fetch(`${this.registryUrl}/packages?${searchParams.toString()}`, {
                 headers: this.getAuthHeaders()
             });
             if (!response.ok) {
@@ -339,9 +373,10 @@ class RegistryClient extends events_1.EventEmitter {
      */
     async getPackageInfo(packageName, version) {
         try {
+            const encodedName = this.encodePackageName(packageName);
             const url = version
-                ? `${this.registryUrl}/packages/${packageName}/${version}`
-                : `${this.registryUrl}/packages/${packageName}`;
+                ? `${this.registryUrl}/packages/${encodedName}/${encodeURIComponent(version)}`
+                : `${this.registryUrl}/packages/${encodedName}`;
             const response = await fetch(url, {
                 headers: this.getAuthHeaders()
             });
@@ -363,7 +398,7 @@ class RegistryClient extends events_1.EventEmitter {
      */
     async getPackageVersions(packageName) {
         try {
-            const response = await fetch(`${this.registryUrl}/packages/${packageName}/versions`, {
+            const response = await fetch(`${this.registryUrl}/packages/${this.encodePackageName(packageName)}/versions`, {
                 headers: this.getAuthHeaders()
             });
             if (!response.ok) {
@@ -423,7 +458,7 @@ class RegistryClient extends events_1.EventEmitter {
         metadata.keywords = metadata.keywords || [];
         metadata.dependencies = metadata.dependencies || {};
         metadata.files = metadata.files || ['**/*'];
-        metadata.type = metadata.type || 'collection';
+        metadata.type = metadata.type || 'package';
         metadata.category = metadata.category || 'general';
         metadata.tags = metadata.tags || [];
         metadata.prmdVersion = '0.2.3';
@@ -444,7 +479,7 @@ class RegistryClient extends events_1.EventEmitter {
         }
         // Check for required files
         const requiredFiles = [];
-        if (metadata.type === 'prompt' && metadata.main) {
+        if (metadata.type === 'package' && metadata.main) {
             requiredFiles.push(metadata.main);
         }
         for (const file of requiredFiles) {
@@ -484,8 +519,8 @@ class RegistryClient extends events_1.EventEmitter {
         formData.append('metadata', JSON.stringify(metadata));
         formData.append('access', options.access);
         formData.append('tag', options.tag);
-        const response = await fetch(`${this.registryUrl}/publish`, {
-            method: 'POST',
+        const response = await fetch(`${this.registryUrl}/packages/${this.encodePackageName(metadata.name)}`, {
+            method: 'PUT',
             headers: this.getAuthHeaders(),
             body: formData
         });
@@ -499,8 +534,9 @@ class RegistryClient extends events_1.EventEmitter {
             const packageInfo = await this.getPackageInfo(packageName);
             return packageInfo.version;
         }
-        if (semver.valid(versionSpec)) {
-            return versionSpec;
+        const cleaned = semver.valid(versionSpec);
+        if (cleaned) {
+            return cleaned;
         }
         // Resolve version range
         const versions = await this.getPackageVersions(packageName);
@@ -523,7 +559,7 @@ class RegistryClient extends events_1.EventEmitter {
     }
     async downloadPackage(packageName, version) {
         // Registry endpoint format: /packages/@scope/name/download/version
-        const response = await fetch(`${this.registryUrl}/packages/${packageName}/download/${version}`, {
+        const response = await fetch(`${this.registryUrl}/packages/${this.encodePackageName(packageName)}/download/${encodeURIComponent(version)}`, {
             headers: this.getAuthHeaders()
         });
         if (!response.ok) {
@@ -533,7 +569,13 @@ class RegistryClient extends events_1.EventEmitter {
         const tarballBuffer = Buffer.from(arrayBuffer);
         // Extract metadata from the .pdpkg (ZIP) file instead of calling getPackageInfo
         // Try prompd.json first, fall back to manifest.json for older packages
-        const AdmZip = (await Promise.resolve().then(() => __importStar(require('adm-zip')))).default;
+        let AdmZip;
+        try {
+            AdmZip = (await Promise.resolve().then(() => __importStar(require('adm-zip')))).default;
+        }
+        catch {
+            throw new Error('adm-zip package is required for package installation. Run: npm install adm-zip');
+        }
         const zip = new AdmZip(tarballBuffer);
         // Check for prompd.json first (newer format), then manifest.json (legacy)
         let manifestEntry = zip.getEntry('prompd.json');
@@ -545,6 +587,11 @@ class RegistryClient extends events_1.EventEmitter {
         }
         const manifestContent = manifestEntry.getData().toString('utf8');
         const metadata = JSON.parse(manifestContent);
+        // Prevent prototype pollution from untrusted package manifests
+        const metadataObj = metadata;
+        delete metadataObj['__proto__'];
+        delete metadataObj['constructor'];
+        delete metadataObj['prototype'];
         return {
             tarball: tarballBuffer,
             metadata
@@ -557,36 +604,154 @@ class RegistryClient extends events_1.EventEmitter {
         }
     }
     async extractAndInstallPackage(packageData, packageName, version, options) {
-        // Use workspace root from options if provided, otherwise use cwd
-        const workspaceRoot = options.workspaceRoot || process.cwd();
-        console.log('[RegistryClient.extractAndInstallPackage] packageName:', packageName);
-        console.log('[RegistryClient.extractAndInstallPackage] version:', version);
-        console.log('[RegistryClient.extractAndInstallPackage] workspaceRoot:', workspaceRoot);
-        console.log('[RegistryClient.extractAndInstallPackage] global:', options.global);
-        const installDir = options.global
-            ? path.join(this.cacheDir, 'global', 'packages', packageName, version)
-            : path.join(workspaceRoot, '.prompd', 'cache', packageName, version);
-        console.log('[RegistryClient.extractAndInstallPackage] installDir:', installDir);
-        await fs.ensureDir(installDir);
-        console.log('[RegistryClient.extractAndInstallPackage] Directory ensured');
-        // Extract .pdpkg (ZIP archive) using adm-zip
-        const AdmZip = (await Promise.resolve().then(() => __importStar(require('adm-zip')))).default;
+        const workspaceRoot = options.workspaceRoot || (0, package_resolver_1.findProjectRoot)();
+        // Determine and validate package type: manifest > options hint > default 'package'
+        const rawType = packageData.metadata?.type || options.type || 'package';
+        if (!(0, types_1.isValidPackageType)(rawType)) {
+            throw new Error(`Invalid package type '${rawType}' in ${packageName}@${version}. Valid types: package, workflow, skill, node-template`);
+        }
+        const packageType = rawType;
+        const typeDir = (0, types_1.getInstallDirForType)(packageType);
+        // Load adm-zip for archive operations
+        let AdmZip;
+        try {
+            AdmZip = (await Promise.resolve().then(() => __importStar(require('adm-zip')))).default;
+        }
+        catch {
+            throw new Error('adm-zip package is required for package installation. Run: npm install adm-zip');
+        }
         const zip = new AdmZip(packageData.tarball);
-        // Log zip contents
+        // Validate ZIP entries: file sizes, decompression bomb, path traversal, null bytes, symlinks
         const zipEntries = zip.getEntries();
-        console.log('[RegistryClient.extractAndInstallPackage] ZIP contains', zipEntries.length, 'entries:');
-        zipEntries.forEach(entry => {
-            console.log('  -', entry.entryName);
-        });
+        let cumulativeDecompressedSize = 0;
+        for (const entry of zipEntries) {
+            // Individual file size limit
+            if (entry.header.size > RegistryClient.MAX_FILE_SIZE_IN_ZIP) {
+                throw new Error(`File too large in package: ${entry.entryName} (${entry.header.size} bytes, max: ${RegistryClient.MAX_FILE_SIZE_IN_ZIP})`);
+            }
+            // Cumulative decompressed size limit (decompression bomb protection)
+            cumulativeDecompressedSize += entry.header.size;
+            if (cumulativeDecompressedSize > RegistryClient.MAX_TOTAL_EXTRACTED_SIZE) {
+                throw new Error(`Package total decompressed size exceeds limit (${RegistryClient.MAX_TOTAL_EXTRACTED_SIZE} bytes). Possible decompression bomb.`);
+            }
+            // Compression ratio check per file (decompression bomb detection)
+            const compressedSize = entry.header.compressedSize || 1;
+            if (compressedSize > 0 && entry.header.size / compressedSize > RegistryClient.MAX_COMPRESSION_RATIO) {
+                throw new Error(`Suspicious compression ratio for ${entry.entryName}: ${Math.round(entry.header.size / compressedSize)}:1 (max: ${RegistryClient.MAX_COMPRESSION_RATIO}:1)`);
+            }
+            // Null byte check in entry names
+            if (entry.entryName.includes('\0')) {
+                throw new Error(`Security violation: null byte in entry name: ${entry.entryName}`);
+            }
+            // Symlink check - reject symlink entries
+            // In ZIP, external attributes can indicate symlinks (Unix mode with S_IFLNK = 0xA000)
+            const externalAttrs = entry.header.attr;
+            if (externalAttrs) {
+                const unixMode = (externalAttrs >>> 16) & 0xFFFF;
+                if ((unixMode & 0xF000) === 0xA000) {
+                    throw new Error(`Security violation: symlink detected in archive: ${entry.entryName}`);
+                }
+            }
+            // ZIP slip protection: reject path traversal
+            const normalized = path.normalize(entry.entryName);
+            if (normalized.includes('..') || path.isAbsolute(entry.entryName)) {
+                throw new Error(`Security violation: path traversal detected in ${entry.entryName}`);
+            }
+        }
+        const os = require('os');
+        // Node-templates: install as .pdpkg archive (not extracted) so template
+        // handlers can scan uniformly for .pdpkg files in the templates directory.
+        if (packageType === 'node-template') {
+            const templatesDir = options.global
+                ? path.join(os.homedir(), '.prompd', typeDir)
+                : path.join(workspaceRoot, '.prompd', typeDir);
+            await fs.ensureDir(templatesDir);
+            // Slugify package name for filename: @scope/name -> scope-name
+            const slugName = packageName
+                .toLowerCase()
+                .replace(/[@/]+/g, '-')
+                .replace(/[^a-z0-9-]+/g, '-')
+                .replace(/^-+|-+$/g, '');
+            const pdpkgFileName = `${slugName}-${version}.pdpkg`;
+            await fs.writeFile(path.join(templatesDir, pdpkgFileName), packageData.tarball);
+            return;
+        }
+        const installDir = options.global
+            ? path.join(os.homedir(), '.prompd', typeDir, packageName, version)
+            : path.join(workspaceRoot, '.prompd', typeDir, packageName, version);
+        await fs.ensureDir(installDir);
         zip.extractAllTo(installDir, true);
-        console.log('[RegistryClient.extractAndInstallPackage] ZIP extracted to:', installDir);
-        // Verify extraction
-        const extractedFiles = await fs.readdir(installDir);
-        console.log('[RegistryClient.extractAndInstallPackage] Extracted files:', extractedFiles);
         // Write package metadata for cache tracking
         const metadataPath = path.join(installDir, '.prmdmeta');
         await fs.writeJson(metadataPath, packageData.metadata, { spaces: 2 });
-        console.log('[RegistryClient.extractAndInstallPackage] Wrote .prmdmeta');
+        // Deploy to tool-native directories if --tools was specified
+        if (options.tools && options.tools.length > 0) {
+            if (packageType !== 'skill') {
+                throw new Error(`--tools flag is only valid for skills, but package type is '${packageType}'`);
+            }
+            // Track successful deployments for rollback on failure
+            const deployedDirs = [];
+            try {
+                for (const toolName of options.tools) {
+                    const deployedDir = await this.deploySkillToTool(installDir, packageName, toolName);
+                    deployedDirs.push(deployedDir);
+                }
+            }
+            catch (deployError) {
+                // Rollback successful deployments
+                for (const dir of deployedDirs) {
+                    await fs.remove(dir).catch(() => { });
+                }
+                throw deployError;
+            }
+        }
+    }
+    /**
+     * Deploy skill files to a tool-native directory (e.g., ~/.claude/skills/).
+     * Copies skill files and writes a reference marker back to the prompd source location.
+     * Returns the deployed directory path for rollback support.
+     */
+    async deploySkillToTool(skillDir, packageName, toolName) {
+        const deployDir = (0, types_1.resolveToolDeployDir)(toolName);
+        if (!deployDir) {
+            throw new Error(`Unknown tool '${toolName}'. Supported tools: ${Object.keys(types_1.TOOL_DEPLOY_DIRS).join(', ')}`);
+        }
+        // Verify skill source directory exists before copying
+        if (!await fs.pathExists(skillDir)) {
+            throw new Error(`Skill source directory not found: ${skillDir}`);
+        }
+        // Create a subdirectory for this skill within the tool's skills directory
+        const skillDeployDir = path.join(deployDir, packageName);
+        await fs.ensureDir(skillDeployDir);
+        // Pre-copy check: reject if source tree contains symlinks (prevent symlink-based attacks)
+        await this.rejectSymlinks(skillDir);
+        // Copy all files from the install dir to the tool deploy dir (dereference: false to not follow symlinks)
+        await fs.copy(skillDir, skillDeployDir, { overwrite: true, dereference: false });
+        // Write a reference marker so we know this was deployed by prompd
+        const markerPath = path.join(skillDeployDir, '.prompd-source');
+        await fs.writeJson(markerPath, {
+            source: skillDir,
+            deployedAt: new Date().toISOString(),
+            tool: toolName,
+        }, { spaces: 2 });
+        return skillDeployDir;
+    }
+    /**
+     * Recursively walk a directory and reject if any symlinks are found.
+     * Prevents symlink-based path traversal attacks during skill deployment.
+     */
+    async rejectSymlinks(dir) {
+        const entries = await fs.readdir(dir);
+        for (const entry of entries) {
+            const fullPath = path.join(dir, entry);
+            const lstat = await fs.lstat(fullPath);
+            if (lstat.isSymbolicLink()) {
+                throw new Error(`Security violation: symlink detected in package: ${fullPath}`);
+            }
+            if (lstat.isDirectory()) {
+                await this.rejectSymlinks(fullPath);
+            }
+        }
     }
     getAuthHeaders() {
         const headers = {
@@ -622,18 +787,33 @@ class RegistryClient extends events_1.EventEmitter {
         return { size: totalSize, files: totalFiles };
     }
     matchesFilePatterns(filePath, patterns) {
-        // Simple glob matching - in production would use proper glob library
         for (const pattern of patterns) {
             if (pattern === '**/*' || pattern === '*') {
                 return true;
             }
             if (pattern.includes('*')) {
-                const regex = new RegExp(pattern.replace(/\*/g, '.*'));
-                if (regex.test(filePath)) {
-                    return true;
+                // Safely convert glob pattern to regex:
+                // 1. Escape all regex metacharacters EXCEPT *
+                // 2. Replace ** with a full-path wildcard, and * with single-segment wildcard
+                const escaped = pattern.replace(/([.+?^${}()|[\]\\])/g, '\\$1');
+                const regexStr = escaped
+                    .replace(/\*\*/g, '\u0000') // Temporary placeholder for **
+                    .replace(/\*/g, '[^/]*') // * matches within a single path segment
+                    .replace(/\u0000/g, '.*'); // ** matches across path segments
+                try {
+                    const regex = new RegExp(`^${regexStr}$`);
+                    if (regex.test(filePath)) {
+                        return true;
+                    }
+                }
+                catch {
+                    // If regex construction fails, fall back to exact match
+                    if (filePath === pattern) {
+                        return true;
+                    }
                 }
             }
-            else if (filePath === pattern) {
+            else if (filePath === pattern || filePath.endsWith('/' + pattern)) {
                 return true;
             }
         }
@@ -644,38 +824,191 @@ class RegistryClient extends events_1.EventEmitter {
         return await fs.pathExists(cachePath) ? cachePath : null;
     }
     async installFromCache(cachePath, packageName, version, options) {
-        console.log('[RegistryClient.installFromCache] Installing from cache:', cachePath);
         this.emit('installingFromCache', { name: packageName, version });
-        // Read the cached tarball
         const tarballBuffer = await fs.readFile(cachePath);
-        console.log('[RegistryClient.installFromCache] Read tarball:', tarballBuffer.length, 'bytes');
-        // Extract to the workspace
-        const packageData = { tarball: tarballBuffer, metadata: { name: packageName, version } };
+        // Try to read full metadata from the cached .meta sidecar file
+        const metadataPath = cachePath + '.meta';
+        let metadata = { name: packageName, version };
+        if (await fs.pathExists(metadataPath)) {
+            try {
+                metadata = await fs.readJson(metadataPath);
+            }
+            catch {
+                // Fall back to minimal metadata if .meta file is corrupt
+            }
+        }
+        // If metadata lacks type (old cache entry), extract it from the ZIP's prompd.json/manifest.json
+        if (!metadata.type) {
+            try {
+                let AdmZip;
+                AdmZip = (await Promise.resolve().then(() => __importStar(require('adm-zip')))).default;
+                const zip = new AdmZip(tarballBuffer);
+                const manifestEntry = zip.getEntry('prompd.json') || zip.getEntry('manifest.json');
+                if (manifestEntry) {
+                    const manifest = JSON.parse(manifestEntry.getData().toString('utf8'));
+                    if (manifest.type) {
+                        metadata.type = manifest.type;
+                    }
+                    // Backfill the .meta sidecar so future installs don't need to re-extract
+                    await fs.writeJson(metadataPath, { ...metadata, ...manifest }, { spaces: 2 }).catch(() => { });
+                }
+            }
+            catch {
+                // Non-fatal: type will fall back to options.type or 'package'
+            }
+        }
+        const packageData = { tarball: tarballBuffer, metadata };
         await this.extractAndInstallPackage(packageData, packageName, version, options);
-        console.log('[RegistryClient.installFromCache] Extraction complete');
     }
     async cachePackage(cacheKey, packageData) {
         const cachePath = path.join(this.cacheDir, 'packages', cacheKey);
         await fs.ensureDir(path.dirname(cachePath));
         await fs.writeFile(cachePath, packageData.tarball);
+        // Save full metadata alongside the tarball so cache installs preserve package type
+        await fs.writeJson(cachePath + '.meta', packageData.metadata, { spaces: 2 });
+    }
+    /**
+     * Add a dependency to the workspace prompd.json file.
+     */
+    async addWorkspaceDependency(name, version, workspaceRoot) {
+        const root = workspaceRoot || (0, package_resolver_1.findProjectRoot)();
+        const prompdJsonPath = path.join(root, 'prompd.json');
+        try {
+            let prompdJson = {};
+            if (await fs.pathExists(prompdJsonPath)) {
+                const content = await fs.readFile(prompdJsonPath, 'utf8');
+                if (content && content.trim() !== '') {
+                    prompdJson = JSON.parse(content);
+                }
+            }
+            if (!prompdJson.dependencies || typeof prompdJson.dependencies !== 'object') {
+                prompdJson.dependencies = {};
+            }
+            prompdJson.dependencies[name] = version;
+            await fs.writeFile(prompdJsonPath, JSON.stringify(prompdJson, null, 2) + '\n');
+        }
+        catch {
+            // Non-fatal: dependency tracking failure shouldn't block install
+        }
+    }
+    /**
+     * Remove a dependency from the workspace prompd.json file.
+     */
+    async removeWorkspaceDependency(name, workspaceRoot) {
+        const root = workspaceRoot || (0, package_resolver_1.findProjectRoot)();
+        const prompdJsonPath = path.join(root, 'prompd.json');
+        try {
+            if (!await fs.pathExists(prompdJsonPath))
+                return;
+            const content = await fs.readFile(prompdJsonPath, 'utf8');
+            if (!content || content.trim() === '')
+                return;
+            const prompdJson = JSON.parse(content);
+            if (!prompdJson.dependencies || typeof prompdJson.dependencies !== 'object')
+                return;
+            delete prompdJson.dependencies[name];
+            await fs.writeFile(prompdJsonPath, JSON.stringify(prompdJson, null, 2) + '\n');
+        }
+        catch {
+            // Non-fatal
+        }
+    }
+    /**
+     * Uninstall a package by name, removing installed files and the prompd.json dependency entry.
+     * Scans type directories to find the installed location.
+     */
+    async uninstall(packageName, options = {}) {
+        const workspaceRoot = options.workspaceRoot || (0, package_resolver_1.findProjectRoot)();
+        const os = require('os');
+        const installBase = options.global
+            ? path.join(os.homedir(), '.prompd')
+            : path.join(workspaceRoot, '.prompd');
+        // Parse embedded version from ref (e.g. @scope/name@1.0.0)
+        let name = packageName;
+        const lastAtIndex = packageName.lastIndexOf('@');
+        if (lastAtIndex > 0) {
+            name = packageName.substring(0, lastAtIndex);
+        }
+        let removed = false;
+        // Scan all type directories for this package
+        for (const [type, dir] of Object.entries(types_1.PACKAGE_TYPE_DIRS)) {
+            if (type === 'node-template') {
+                // Node-templates are stored as .pdpkg files at the type root
+                const templatesDir = path.join(installBase, dir);
+                if (!await fs.pathExists(templatesDir))
+                    continue;
+                const entries = await fs.readdir(templatesDir);
+                for (const entry of entries) {
+                    if (!entry.endsWith('.pdpkg'))
+                        continue;
+                    // Read manifest from archive to match by name
+                    const pkgPath = path.join(templatesDir, entry);
+                    try {
+                        let AdmZip;
+                        AdmZip = (await Promise.resolve().then(() => __importStar(require('adm-zip')))).default;
+                        const zip = new AdmZip(pkgPath);
+                        const manifestEntry = zip.getEntry('prompd.json') || zip.getEntry('manifest.json');
+                        if (!manifestEntry)
+                            continue;
+                        const manifest = JSON.parse(manifestEntry.getData().toString('utf8'));
+                        if (manifest.name === name) {
+                            await fs.remove(pkgPath);
+                            removed = true;
+                        }
+                    }
+                    catch {
+                        // Skip unreadable archives
+                    }
+                }
+            }
+            else {
+                // Standard packages: stored in @scope/name/ or name/ directories
+                const pkgDir = path.join(installBase, dir, name);
+                if (await fs.pathExists(pkgDir)) {
+                    await fs.remove(pkgDir);
+                    removed = true;
+                }
+            }
+        }
+        if (!removed) {
+            throw new Error(`Package '${name}' is not installed`);
+        }
+        // Remove from workspace prompd.json dependencies
+        if (!options.global) {
+            await this.removeWorkspaceDependency(name, workspaceRoot);
+        }
+        this.emit('uninstallComplete', { name });
     }
     /**
      * Load manifest.json from file system abstraction.
      * Supports both disk-based and in-memory file systems.
      */
     async loadManifestFromFS(packagePath, fileSystem) {
+        // Try prompd.json first (current format), fall back to manifest.json (legacy)
+        const prompdJsonPath = fileSystem.join(packagePath, 'prompd.json');
         const manifestPath = fileSystem.join(packagePath, 'manifest.json');
-        const exists = await Promise.resolve(fileSystem.exists(manifestPath));
-        if (!exists) {
-            throw new Error('No manifest.json file found');
+        let resolvedPath;
+        if (await Promise.resolve(fileSystem.exists(prompdJsonPath))) {
+            resolvedPath = prompdJsonPath;
+        }
+        else if (await Promise.resolve(fileSystem.exists(manifestPath))) {
+            resolvedPath = manifestPath;
+        }
+        else {
+            throw new Error('No prompd.json (or legacy manifest.json) file found');
         }
-        const content = await Promise.resolve(fileSystem.readFile(manifestPath));
+        const content = await Promise.resolve(fileSystem.readFile(resolvedPath));
         const manifest = JSON.parse(content);
+        // Prevent prototype pollution from untrusted manifests
+        const manifestObj = manifest;
+        delete manifestObj['__proto__'];
+        delete manifestObj['constructor'];
+        delete manifestObj['prototype'];
         // Validate required fields
         const required = ['name', 'version', 'description', 'author'];
         for (const field of required) {
             if (!manifest[field]) {
-                throw new Error(`Missing required field in manifest.json: ${field}`);
+                throw new Error(`Missing required field in ${path.basename(resolvedPath)}: ${field}`);
             }
         }
         // Validate version format
@@ -687,7 +1020,7 @@ class RegistryClient extends events_1.EventEmitter {
         manifest.keywords = manifest.keywords || [];
         manifest.dependencies = manifest.dependencies || {};
         manifest.files = manifest.files || ['**/*.prmd'];
-        manifest.type = manifest.type || 'collection';
+        manifest.type = manifest.type || 'package';
         manifest.category = manifest.category || 'general';
         manifest.tags = manifest.tags || [];
         manifest.prompdVersion = manifest.prompdVersion || '0.3.3';
@@ -746,41 +1079,73 @@ class RegistryClient extends events_1.EventEmitter {
     }
     /**
      * Upload package Buffer to registry.
+     * Uses form-data's submit() which handles Content-Length, transport, and piping.
      */
     async uploadPackageBuffer(tarballBuffer, metadata, options) {
         const FormData = require('form-data');
         const formData = new FormData();
         formData.append('package', tarballBuffer, {
             filename: `${metadata.name}-${metadata.version}.pdpkg`,
-            contentType: 'application/gzip'
+            contentType: 'application/zip'
         });
         formData.append('metadata', JSON.stringify(metadata));
         formData.append('access', options.access);
         formData.append('tag', options.tag);
-        const response = await fetch(`${this.registryUrl}/publish`, {
-            method: 'POST',
-            headers: {
-                ...this.getAuthHeaders(),
-                ...formData.getHeaders()
-            },
-            body: formData
+        const token = options.authToken || this.authToken;
+        const url = new URL(`${this.registryUrl}/packages/${this.encodePackageName(metadata.name)}`);
+        const response = await new Promise((resolve, reject) => {
+            formData.submit({
+                protocol: url.protocol,
+                hostname: url.hostname,
+                port: url.port || undefined,
+                path: url.pathname,
+                method: 'PUT',
+                headers: {
+                    ...(token ? { 'Authorization': `Bearer ${token}` } : {}),
+                    'User-Agent': 'prompd-cli/0.5.0'
+                }
+            }, (err, res) => {
+                if (err)
+                    return reject(err);
+                const chunks = [];
+                res.on('data', (chunk) => chunks.push(chunk));
+                res.on('error', reject);
+                res.on('end', () => {
+                    resolve({ statusCode: res.statusCode ?? 0, body: Buffer.concat(chunks).toString('utf-8') });
+                });
+            });
         });
-        if (!response.ok) {
-            const errorText = await response.text();
-            throw new Error(`Publish failed: ${response.status} ${response.statusText} - ${errorText}`);
+        if (response.statusCode < 200 || response.statusCode >= 300) {
+            throw new Error(`Publish failed: ${response.statusCode} - ${response.body}`);
         }
     }
 }
 exports.RegistryClient = RegistryClient;
+RegistryClient.MAX_FILE_SIZE_IN_ZIP = 10 * 1024 * 1024; // 10MB per file
+RegistryClient.MAX_TOTAL_EXTRACTED_SIZE = 500 * 1024 * 1024; // 500MB total
+RegistryClient.MAX_COMPRESSION_RATIO = 100; // 100:1 max ratio per file
 /**
  * Default registry configuration
  */
-const createDefaultRegistryConfig = () => ({
-    registryUrl: process.env.PROMPD_REGISTRY_URL || 'https://registry.prompdhub.ai',
-    authToken: process.env.PROMPD_AUTH_TOKEN,
-    cacheDir: path.join(require('os').homedir(), '.prmd', 'cache'),
-    timeout: 30000,
-    maxPackageSize: 50 * 1024 * 1024 // 50MB
-});
+const createDefaultRegistryConfig = () => {
+    const defaultUrl = 'https://registry.prompdhub.ai';
+    const envUrl = process.env.PROMPD_REGISTRY_URL;
+    let registryUrl = defaultUrl;
+    if (envUrl) {
+        if ((0, validation_1.validateRegistryUrl)(envUrl)) {
+            registryUrl = envUrl;
+        }
+        else {
+            console.warn(`Warning: PROMPD_REGISTRY_URL value is invalid, falling back to default: ${defaultUrl}`);
+        }
+    }
+    return {
+        registryUrl,
+        authToken: process.env.PROMPD_AUTH_TOKEN,
+        cacheDir: path.join(require('os').homedir(), '.prmd', 'cache'),
+        timeout: 30000,
+        maxPackageSize: 50 * 1024 * 1024 // 50MB
+    };
+};
 exports.createDefaultRegistryConfig = createDefaultRegistryConfig;
 //# sourceMappingURL=registry.js.map