@promptscript/cli 1.1.0 → 1.3.0

package/CHANGELOG.md

@@ -5,6 +5,25 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [1.3.0](https://github.com/mrwogu/promptscript/compare/v1.2.0...v1.3.0) (2026-03-11)
+
+
+### Features
+
+* **formatters:** add mixed models support per agent/droid ([939f75a](https://github.com/mrwogu/promptscript/commit/939f75ac4d8beb2e823007826c2e266ab5c7380b))
+
+## [1.2.0](https://github.com/mrwogu/promptscript/compare/v1.1.0...v1.2.0) (2026-03-11)
+
+
+### Features
+
+* **formatters:** add Factory AI droids support (.factory/droids/) ([#94](https://github.com/mrwogu/promptscript/issues/94)) ([e7f9292](https://github.com/mrwogu/promptscript/commit/e7f929273254738b2de5334f26136c8374aedc7b))
+
+
+### Bug Fixes
+
+* **cli:** handle skill resource files without PromptScript markers ([#92](https://github.com/mrwogu/promptscript/issues/92)) ([3153498](https://github.com/mrwogu/promptscript/commit/315349865335cc1013b5c60d5c418885bf6467f8))
+
 ## [1.1.0](https://github.com/mrwogu/promptscript/compare/v1.0.0...v1.1.0) (2026-03-11)
 
 

package/index.js

@@ -3331,6 +3331,7 @@ var MarkdownInstructionFormatter = class extends BaseFormatter {
     this.addSection(sections, this.postWork(ast, renderer));
     this.addSection(sections, this.documentation(ast, renderer));
     this.addSection(sections, this.diagrams(ast, renderer));
+    this.addSection(sections, this.knowledgeContent(ast, renderer));
     this.addSection(sections, this.restrictions(ast, renderer));
   }
   addSection(sections, content) {
@@ -3510,6 +3511,38 @@ var MarkdownInstructionFormatter = class extends BaseFormatter {
     const content = renderer.renderList(items);
     return renderer.renderSection("Diagrams", content) + "\n";
   }
+  /**
+   * Render remaining @knowledge text content that isn't consumed by other sections.
+   * Strips "## Development Commands" and "## Post-Work Verification" sub-sections
+   * since those are already rendered by commands() and postWork().
+   */
+  knowledgeContent(ast, _renderer) {
+    const knowledge = this.findBlock(ast, "knowledge");
+    if (!knowledge) return null;
+    const text = this.extractText(knowledge.content);
+    if (!text) return null;
+    const consumedHeaders = ["## Development Commands", "## Post-Work Verification"];
+    let remaining = text;
+    for (const header of consumedHeaders) {
+      const headerIndex = remaining.indexOf(header);
+      if (headerIndex === -1) continue;
+      const afterHeader = remaining.indexOf("\n", headerIndex);
+      if (afterHeader === -1) {
+        remaining = remaining.substring(0, headerIndex).trimEnd();
+        continue;
+      }
+      const nextSection = remaining.indexOf("\n## ", afterHeader);
+      if (nextSection === -1) {
+        remaining = remaining.substring(0, headerIndex).trimEnd();
+      } else {
+        remaining = remaining.substring(0, headerIndex) + remaining.substring(nextSection + 1);
+      }
+    }
+    remaining = remaining.trim();
+    if (!remaining) return null;
+    const normalizedContent = this.stripAllIndent(remaining);
+    return normalizedContent + "\n";
+  }
   restrictions(ast, renderer) {
     const block = this.findBlock(ast, "restrictions");
     if (!block) return null;
@@ -4096,6 +4129,7 @@ var GitHubFormatter = class extends BaseFormatter {
           description,
           tools: this.parseToolsArray(obj["tools"]),
           model: obj["model"] ? this.valueToString(obj["model"]) : void 0,
+          specModel: obj["specModel"] ? this.valueToString(obj["specModel"]) : void 0,
           handoffs: handoffs.length > 0 ? handoffs : void 0,
           content: obj["content"] ? this.valueToString(obj["content"]) : ""
         });
@@ -4187,6 +4221,10 @@ var GitHubFormatter = class extends BaseFormatter {
     if (mappedModel) {
       lines.push(`model: ${mappedModel}`);
     }
+    const mappedSpecModel = this.mapModelName(config.specModel);
+    if (mappedSpecModel) {
+      lines.push(`specModel: ${mappedSpecModel}`);
+    }
     if (config.handoffs && config.handoffs.length > 0) {
       lines.push(...this.renderHandoffsYaml(config.handoffs));
     }
@@ -6427,7 +6465,7 @@ var FACTORY_VERSIONS = {
   },
   full: {
     name: "full",
-    description: "Multifile + additional skill supporting files",
+    description: "Multifile + droids + additional supporting files",
     outputPath: "AGENTS.md"
   }
 };
@@ -6441,7 +6479,7 @@ var FactoryFormatter = class extends MarkdownInstructionFormatter {
       mainFileHeader: "# AGENTS.md",
       dotDir: ".factory",
       skillFileName: "SKILL.md",
-      hasAgents: false,
+      hasAgents: true,
       hasCommands: true,
       hasSkills: true,
       skillsInMultifile: true,
@@ -6584,6 +6622,87 @@ var FactoryFormatter = class extends MarkdownInstructionFormatter {
     };
   }
   // ============================================================
+  // Droid File Generation (Factory-specific)
+  // ============================================================
+  extractAgents(ast) {
+    const agentsBlock = this.findBlock(ast, "agents");
+    if (!agentsBlock) return [];
+    const droids = [];
+    const props = this.getProps(agentsBlock.content);
+    for (const [name, value] of Object.entries(props)) {
+      if (value && typeof value === "object" && !Array.isArray(value)) {
+        const obj = value;
+        const description = obj["description"] ? this.valueToString(obj["description"]) : "";
+        if (!description) continue;
+        droids.push({
+          name: name.replace(/\./g, "-"),
+          description,
+          content: obj["content"] ? this.valueToString(obj["content"]) : "",
+          model: obj["model"] ? this.valueToString(obj["model"]) : void 0,
+          reasoningEffort: this.parseReasoningEffort(obj["reasoningEffort"]),
+          specModel: obj["specModel"] ? this.valueToString(obj["specModel"]) : void 0,
+          specReasoningEffort: this.parseReasoningEffort(obj["specReasoningEffort"]),
+          tools: this.parseDroidTools(obj["tools"])
+        });
+      }
+    }
+    return droids;
+  }
+  generateAgentFile(config) {
+    const droidConfig = config;
+    const lines = [];
+    lines.push("---");
+    lines.push(`name: ${droidConfig.name}`);
+    if (droidConfig.description) {
+      lines.push(`description: ${this.yamlString(droidConfig.description)}`);
+    }
+    if (droidConfig.model) {
+      lines.push(`model: ${droidConfig.model}`);
+    }
+    if (droidConfig.reasoningEffort) {
+      lines.push(`reasoningEffort: ${droidConfig.reasoningEffort}`);
+    }
+    if (droidConfig.specModel) {
+      lines.push(`specModel: ${droidConfig.specModel}`);
+    }
+    if (droidConfig.specReasoningEffort) {
+      lines.push(`specReasoningEffort: ${droidConfig.specReasoningEffort}`);
+    }
+    if (droidConfig.tools) {
+      if (typeof droidConfig.tools === "string") {
+        lines.push(`tools: ${droidConfig.tools}`);
+      } else if (Array.isArray(droidConfig.tools) && droidConfig.tools.length > 0) {
+        const toolsArray = droidConfig.tools.map((t) => `"${t}"`).join(", ");
+        lines.push(`tools: [${toolsArray}]`);
+      }
+    }
+    lines.push("---");
+    lines.push("");
+    if (droidConfig.content) {
+      const dedentedContent = this.dedent(droidConfig.content);
+      lines.push(dedentedContent);
+    }
+    return {
+      path: `.factory/droids/${droidConfig.name}.md`,
+      content: lines.join("\n") + "\n"
+    };
+  }
+  parseReasoningEffort(value) {
+    if (!value) return void 0;
+    const str = this.valueToString(value);
+    const valid = ["low", "medium", "high"];
+    return valid.includes(str) ? str : void 0;
+  }
+  parseDroidTools(value) {
+    if (!value) return void 0;
+    if (typeof value === "string") return value;
+    if (Array.isArray(value)) {
+      const arr = value.map((v) => this.valueToString(v)).filter((s) => s.length > 0);
+      return arr.length > 0 ? arr : void 0;
+    }
+    return this.valueToString(value);
+  }
+  // ============================================================
   // Handoff Extraction (Factory-specific)
   // ============================================================
   extractHandoffs(value) {
@@ -19200,16 +19319,170 @@ function parseSkillMd(content) {
 }
 var SKIP_FILES = /* @__PURE__ */ new Set([
   "SKILL.md",
+  ".skillignore",
   ".DS_Store",
   "Thumbs.db",
   ".gitignore",
   ".gitkeep",
   ".npmrc",
+  ".npmignore",
   ".env",
   ".env.local",
-  ".env.production"
+  ".env.production",
+  ".editorconfig",
+  ".prettierrc",
+  ".prettierrc.json",
+  ".prettierrc.yaml",
+  ".prettierrc.yml",
+  ".prettierignore",
+  ".eslintrc",
+  ".eslintrc.js",
+  ".eslintrc.cjs",
+  ".eslintrc.json",
+  ".eslintrc.yaml",
+  ".eslintrc.yml",
+  "eslint.config.js",
+  "eslint.config.cjs",
+  "eslint.config.mjs",
+  "eslint.base.config.cjs",
+  ".release-please-manifest.json",
+  "release-please-config.json",
+  "package-lock.json",
+  "pnpm-lock.yaml",
+  "pnpm-workspace.yaml",
+  "yarn.lock",
+  "tsconfig.json",
+  "tsconfig.base.json",
+  "tsconfig.build.json",
+  "tsconfig.spec.json",
+  "jest.config.ts",
+  "jest.config.js",
+  "vitest.config.ts",
+  "vitest.config.js",
+  "vite.config.ts",
+  "vite.config.js",
+  "nx.json",
+  "project.json",
+  "package.json",
+  "Makefile",
+  "Dockerfile",
+  "docker-compose.yml",
+  "docker-compose.yaml",
+  ".dockerignore",
+  "LICENSE",
+  "LICENSE.md",
+  "CHANGELOG.md",
+  "CONTRIBUTING.md",
+  "CODE_OF_CONDUCT.md",
+  "ROADMAP.md"
+]);
+var SKIP_DIRS = /* @__PURE__ */ new Set([
+  "node_modules",
+  "__pycache__",
+  ".git",
+  ".svn",
+  ".github",
+  ".husky",
+  ".vscode",
+  ".idea",
+  ".verdaccio",
+  ".nx",
+  ".cache",
+  ".turbo",
+  "dist",
+  "build",
+  "out",
+  "coverage",
+  "tmp",
+  ".tmp",
+  "e2e",
+  "__tests__",
+  "__mocks__",
+  "__fixtures__",
+  "test",
+  "tests",
+  "spec",
+  "fixtures"
 ]);
-var SKIP_DIRS = /* @__PURE__ */ new Set(["node_modules", "__pycache__", ".git", ".svn"]);
+function globToRegex(pattern) {
+  const isDirPattern = pattern.endsWith("/");
+  const cleanPattern = isDirPattern ? pattern.slice(0, -1) : pattern;
+  const matchPath = cleanPattern.includes("/");
+  let regexStr = "";
+  let i = 0;
+  while (i < cleanPattern.length) {
+    const char = cleanPattern[i];
+    if (char === "*") {
+      if (cleanPattern[i + 1] === "*") {
+        if (cleanPattern[i + 2] === "/") {
+          regexStr += "(?:.+/)?";
+          i += 3;
+        } else {
+          regexStr += ".*";
+          i += 2;
+        }
+      } else {
+        regexStr += "[^/]*";
+        i++;
+      }
+    } else if (char === "?") {
+      regexStr += "[^/]";
+      i++;
+    } else if (char === "[") {
+      const closeIdx = cleanPattern.indexOf("]", i + 1);
+      if (closeIdx > i) {
+        regexStr += cleanPattern.slice(i, closeIdx + 1);
+        i = closeIdx + 1;
+      } else {
+        regexStr += "\\[";
+        i++;
+      }
+    } else if (".+^${}()|\\".includes(char)) {
+      regexStr += "\\" + char;
+      i++;
+    } else {
+      regexStr += char;
+      i++;
+    }
+  }
+  if (isDirPattern) {
+    return { regex: new RegExp(`^${regexStr}(?:/|$)`), matchPath: true };
+  }
+  return { regex: new RegExp(`^${regexStr}$`), matchPath };
+}
+function parseSkillIgnore(content) {
+  const patterns = [];
+  for (const rawLine of content.split("\n")) {
+    const line = rawLine.trim();
+    if (!line || line.startsWith("#")) continue;
+    const negated = line.startsWith("!");
+    const pattern = negated ? line.slice(1) : line;
+    if (!pattern) continue;
+    const { regex, matchPath } = globToRegex(pattern);
+    patterns.push({ regex, matchPath, negated });
+  }
+  return { patterns };
+}
+function isIgnoredByRules(relPath, rules) {
+  const basename3 = relPath.split("/").pop() ?? relPath;
+  let ignored = false;
+  for (const { regex, matchPath, negated } of rules.patterns) {
+    const target = matchPath ? relPath : basename3;
+    if (regex.test(target)) {
+      ignored = !negated;
+    }
+  }
+  return ignored;
+}
+async function loadSkillIgnore(skillDir) {
+  const ignorePath = resolve4(skillDir, ".skillignore");
+  try {
+    const content = await readFile6(ignorePath, "utf-8");
+    return parseSkillIgnore(content);
+  } catch {
+    return null;
+  }
+}
 var MAX_RESOURCE_SIZE = 1048576;
 var MAX_TOTAL_RESOURCE_SIZE = 10485760;
 var MAX_RESOURCE_COUNT = 100;
@@ -19229,6 +19502,7 @@ var noopLogger2 = {
   }
 };
 async function discoverSkillResources(skillDir, logger = noopLogger2) {
+  const ignoreRules = await loadSkillIgnore(skillDir);
   const entries = await readdir2(skillDir, { recursive: true, withFileTypes: true });
   const resources = [];
   let totalSize = 0;
@@ -19246,8 +19520,13 @@ async function discoverSkillResources(skillDir, logger = noopLogger2) {
     if (SKIP_FILES.has(entry.name)) continue;
     const fullPath = resolve4(entry.parentPath, entry.name);
     const relPath = relative(skillDir, fullPath);
+    const relPathNormalized = relPath.split(sep2).join("/");
     const pathSegments = relPath.split(sep2);
     if (pathSegments.some((s) => SKIP_DIRS.has(s))) continue;
+    if (ignoreRules && isIgnoredByRules(relPathNormalized, ignoreRules)) {
+      logger.debug(`Skipping resource ignored by .skillignore: ${relPath}`);
+      continue;
+    }
     if (!isSafeRelativePath(relPath)) {
       logger.verbose(`Skipping resource with unsafe path: ${relPath}`);
       continue;
@@ -20771,12 +21050,13 @@ function extractGuardReferences(content) {
 }
 
 // packages/validator/src/walker.ts
-function walkText(ast, callback) {
+function walkText(ast, callback, options) {
+  const exclude = options?.excludeProperties ? new Set(options.excludeProperties) : void 0;
   for (const block of ast.blocks) {
-    walkBlockContent(block.content, block.loc, callback);
+    walkBlockContent(block.content, block.loc, callback, exclude);
   }
   for (const ext of ast.extends) {
-    walkBlockContent(ext.content, ext.loc, callback);
+    walkBlockContent(ext.content, ext.loc, callback, exclude);
   }
 }
 function walkBlocks(ast, callback) {
@@ -20792,40 +21072,41 @@ function walkUses(ast, callback) {
     callback(use);
   }
 }
-function walkBlockContent(content, fallbackLoc, callback) {
+function walkBlockContent(content, fallbackLoc, callback, exclude) {
   switch (content.type) {
     case "TextContent":
       callback(content.value, content.loc ?? fallbackLoc);
       break;
     case "ObjectContent":
-      walkObjectProperties(content.properties, content.loc ?? fallbackLoc, callback);
+      walkObjectProperties(content.properties, content.loc ?? fallbackLoc, callback, exclude);
       break;
     case "ArrayContent":
-      walkArrayElements(content.elements, content.loc ?? fallbackLoc, callback);
+      walkArrayElements(content.elements, content.loc ?? fallbackLoc, callback, exclude);
       break;
     case "MixedContent":
       if (content.text) {
         callback(content.text.value, content.text.loc ?? fallbackLoc);
       }
-      walkObjectProperties(content.properties, content.loc ?? fallbackLoc, callback);
+      walkObjectProperties(content.properties, content.loc ?? fallbackLoc, callback, exclude);
       break;
   }
 }
-function walkObjectProperties(properties, loc, callback) {
-  for (const value of Object.values(properties)) {
-    walkValue(value, loc, callback);
+function walkObjectProperties(properties, loc, callback, exclude) {
+  for (const [key, value] of Object.entries(properties)) {
+    if (exclude?.has(key)) continue;
+    walkValue(value, loc, callback, exclude);
   }
 }
-function walkArrayElements(elements, loc, callback) {
+function walkArrayElements(elements, loc, callback, exclude) {
   for (const element of elements) {
-    walkValue(element, loc, callback);
+    walkValue(element, loc, callback, exclude);
   }
 }
-function walkValue(value, loc, callback) {
+function walkValue(value, loc, callback, exclude) {
   if (typeof value === "string") {
     callback(value, loc);
   } else if (Array.isArray(value)) {
-    walkArrayElements(value, loc, callback);
+    walkArrayElements(value, loc, callback, exclude);
   } else if (value !== null && typeof value === "object") {
     if ("type" in value) {
       const typed = value;
@@ -20833,9 +21114,27 @@ function walkValue(value, loc, callback) {
         callback(typed.value, typed.loc ?? loc);
       }
     } else {
-      walkObjectProperties(value, loc, callback);
+      walkObjectProperties(value, loc, callback, exclude);
+    }
+  }
+}
+function offsetLocation(baseLoc, text, charIndex) {
+  let line = baseLoc.line;
+  let column = baseLoc.column;
+  for (let i = 0; i < charIndex && i < text.length; i++) {
+    if (text[i] === "\n") {
+      line++;
+      column = 1;
+    } else {
+      column++;
     }
   }
+  return {
+    file: baseLoc.file,
+    line,
+    column,
+    offset: baseLoc.offset !== void 0 ? baseLoc.offset + charIndex : void 0
+  };
 }
 function hasContent(content) {
   switch (content.type) {
@@ -21225,6 +21524,12 @@ var BLOCKED_PATTERNS_ALL_LANGUAGES = [
   ...BLOCKED_PATTERNS_RO,
   ...BLOCKED_PATTERNS_HE
 ];
+var NEGATION_PREFIX = /(?:prevent|avoid|block|detect|flag|report|stop|prohibit|anti[- ]|against|don['']?t|do\s+not|never|must\s+not|should\s+not|cannot|warning.*about|protection\s+(?:from|against))\s+/i;
+function isNegatedMatch(text, matchIndex) {
+  const lookbackStart = Math.max(0, matchIndex - 60);
+  const prefix = text.slice(lookbackStart, matchIndex);
+  return NEGATION_PREFIX.test(prefix);
+}
 var blockedPatterns = {
   id: "PS005",
   name: "blocked-patterns",
@@ -21237,17 +21542,30 @@ var blockedPatterns = {
         (p) => typeof p === "string" ? new RegExp(p, "i") : p
       )
     ];
-    walkText(ctx.ast, (text, loc) => {
-      for (const pattern of patterns) {
-        if (pattern.test(text)) {
-          ctx.report({
-            message: `Blocked pattern detected: ${pattern.source}`,
-            location: loc,
-            suggestion: "Remove or rephrase the flagged content"
-          });
+    walkText(
+      ctx.ast,
+      (text, loc) => {
+        for (const pattern of patterns) {
+          const globalPattern = new RegExp(
+            pattern.source,
+            pattern.flags.includes("g") ? pattern.flags : pattern.flags + "g"
+          );
+          let match;
+          while ((match = globalPattern.exec(text)) !== null) {
+            if (isNegatedMatch(text, match.index)) {
+              continue;
+            }
+            ctx.report({
+              message: `Blocked pattern detected: ${pattern.source}`,
+              location: offsetLocation(loc, text, match.index),
+              suggestion: "Remove or rephrase the flagged content"
+            });
+            break;
+          }
         }
-      }
-    });
+      },
+      { excludeProperties: ["resources"] }
+    );
   }
 };
 
@@ -21640,87 +21958,91 @@ var suspiciousUrls = {
   description: "Detect suspicious URLs (HTTP, shorteners, credential parameters, IDN homograph attacks)",
   defaultSeverity: "warning",
   validate: (ctx) => {
-    walkText(ctx.ast, (text, loc) => {
-      const httpMatches = text.match(HTTP_URL_PATTERN);
-      if (httpMatches) {
-        for (const match of httpMatches) {
-          ctx.report({
-            message: `Insecure HTTP URL detected: ${match}`,
-            location: loc,
-            suggestion: "Use HTTPS instead of HTTP for secure communication"
-          });
-        }
-      }
-      for (const pattern of URL_SHORTENER_PATTERNS) {
-        pattern.lastIndex = 0;
-        const shortenerMatches = text.match(pattern);
-        if (shortenerMatches) {
-          for (const match of shortenerMatches) {
+    walkText(
+      ctx.ast,
+      (text, loc) => {
+        const httpMatches = text.match(HTTP_URL_PATTERN);
+        if (httpMatches) {
+          for (const match of httpMatches) {
             ctx.report({
-              message: `URL shortener detected: ${match}`,
+              message: `Insecure HTTP URL detected: ${match}`,
               location: loc,
-              suggestion: "Use full URLs instead of shorteners to ensure destination transparency"
+              suggestion: "Use HTTPS instead of HTTP for secure communication"
             });
           }
         }
-      }
-      const paramMatches = text.match(SUSPICIOUS_PARAM_PATTERN);
-      if (paramMatches) {
-        for (const match of paramMatches) {
-          ctx.report({
-            message: `URL with suspicious credential parameter detected: ${match}`,
-            location: loc,
-            suggestion: "Avoid embedding credentials or tokens in URLs"
-          });
-        }
-      }
-      PUNYCODE_URL_PATTERN.lastIndex = 0;
-      const punycodeMatches = text.match(PUNYCODE_URL_PATTERN);
-      if (punycodeMatches) {
-        for (const match of punycodeMatches) {
-          const domain = extractDomain(match);
-          if (domain) {
-            const impersonatedService = detectImpersonatedService(domain);
-            if (impersonatedService) {
+        for (const pattern of URL_SHORTENER_PATTERNS) {
+          pattern.lastIndex = 0;
+          const shortenerMatches = text.match(pattern);
+          if (shortenerMatches) {
+            for (const match of shortenerMatches) {
               ctx.report({
-                message: `Potential IDN homograph attack detected: ${match} may be impersonating "${impersonatedService}"`,
+                message: `URL shortener detected: ${match}`,
                 location: loc,
-                suggestion: "Punycode domains (xn--) can visually impersonate legitimate sites. Verify the actual domain carefully."
-              });
-            } else {
-              ctx.report({
-                message: `Punycode domain detected: ${match}`,
-                location: loc,
-                suggestion: "Punycode domains (xn--) can be legitimate international domains, but may also be used for homograph attacks. Verify the domain is intentional."
+                suggestion: "Use full URLs instead of shorteners to ensure destination transparency"
               });
             }
           }
         }
-      }
-      ALL_URLS_PATTERN.lastIndex = 0;
-      const allUrls = text.match(ALL_URLS_PATTERN);
-      if (allUrls) {
-        for (const url of allUrls) {
-          const domain = extractDomain(url);
-          if (domain) {
-            const { isAttack, impersonatedService, mixedScripts } = checkHomographAttack(domain);
-            if (isAttack && impersonatedService) {
-              ctx.report({
-                message: `IDN homograph attack detected: "${domain}" uses deceptive characters to impersonate "${impersonatedService}"`,
-                location: loc,
-                suggestion: `This domain uses ${mixedScripts ? `mixed scripts (${mixedScripts.join("+")})` : "homoglyph characters"} to visually mimic a legitimate service. Do not trust this URL.`
-              });
-            } else if (mixedScripts && mixedScripts.length > 1) {
-              ctx.report({
-                message: `Mixed script domain detected: "${domain}" uses ${mixedScripts.join(" + ")} characters`,
-                location: loc,
-                suggestion: "Domains mixing different character scripts (e.g., Latin + Cyrillic) may be attempts to deceive users. Verify this is intentional."
-              });
+        const paramMatches = text.match(SUSPICIOUS_PARAM_PATTERN);
+        if (paramMatches) {
+          for (const match of paramMatches) {
+            ctx.report({
+              message: `URL with suspicious credential parameter detected: ${match}`,
+              location: loc,
+              suggestion: "Avoid embedding credentials or tokens in URLs"
+            });
+          }
+        }
+        PUNYCODE_URL_PATTERN.lastIndex = 0;
+        const punycodeMatches = text.match(PUNYCODE_URL_PATTERN);
+        if (punycodeMatches) {
+          for (const match of punycodeMatches) {
+            const domain = extractDomain(match);
+            if (domain) {
+              const impersonatedService = detectImpersonatedService(domain);
+              if (impersonatedService) {
+                ctx.report({
+                  message: `Potential IDN homograph attack detected: ${match} may be impersonating "${impersonatedService}"`,
+                  location: loc,
+                  suggestion: "Punycode domains (xn--) can visually impersonate legitimate sites. Verify the actual domain carefully."
+                });
+              } else {
+                ctx.report({
+                  message: `Punycode domain detected: ${match}`,
+                  location: loc,
+                  suggestion: "Punycode domains (xn--) can be legitimate international domains, but may also be used for homograph attacks. Verify the domain is intentional."
+                });
+              }
             }
           }
         }
-      }
-    });
+        ALL_URLS_PATTERN.lastIndex = 0;
+        const allUrls = text.match(ALL_URLS_PATTERN);
+        if (allUrls) {
+          for (const url of allUrls) {
+            const domain = extractDomain(url);
+            if (domain) {
+              const { isAttack, impersonatedService, mixedScripts } = checkHomographAttack(domain);
+              if (isAttack && impersonatedService) {
+                ctx.report({
+                  message: `IDN homograph attack detected: "${domain}" uses deceptive characters to impersonate "${impersonatedService}"`,
+                  location: loc,
+                  suggestion: `This domain uses ${mixedScripts ? `mixed scripts (${mixedScripts.join("+")})` : "homoglyph characters"} to visually mimic a legitimate service. Do not trust this URL.`
+                });
+              } else if (mixedScripts && mixedScripts.length > 1) {
+                ctx.report({
+                  message: `Mixed script domain detected: "${domain}" uses ${mixedScripts.join(" + ")} characters`,
+                  location: loc,
+                  suggestion: "Domains mixing different character scripts (e.g., Latin + Cyrillic) may be attempts to deceive users. Verify this is intentional."
+                });
+              }
+            }
+          }
+        }
+      },
+      { excludeProperties: ["resources"] }
+    );
   }
 };
 
@@ -21760,17 +22082,21 @@ var authorityInjection = {
   description: "Detect authoritative override phrases that may indicate prompt injection",
   defaultSeverity: "error",
   validate: (ctx) => {
-    walkText(ctx.ast, (text, loc) => {
-      for (const pattern of AUTHORITY_PATTERNS) {
-        if (pattern.test(text)) {
-          ctx.report({
-            message: `Authority injection pattern detected: ${pattern.source}`,
-            location: loc,
-            suggestion: "Remove authoritative override language that could be used for prompt injection"
-          });
+    walkText(
+      ctx.ast,
+      (text, loc) => {
+        for (const pattern of AUTHORITY_PATTERNS) {
+          if (pattern.test(text)) {
+            ctx.report({
+              message: `Authority injection pattern detected: ${pattern.source}`,
+              location: loc,
+              suggestion: "Remove authoritative override language that could be used for prompt injection"
+            });
+          }
         }
-      }
-    });
+      },
+      { excludeProperties: ["resources"] }
+    );
   }
 };
 
@@ -22156,26 +22482,30 @@ var obfuscatedContent = {
   description: "Detect obfuscated content using sanitization pipeline (decode and check all encodings)",
   defaultSeverity: "warning",
   validate: (ctx) => {
-    walkText(ctx.ast, (text, loc) => {
-      const encodedMatches = detectAndDecodeEncodings(text);
-      for (const match of encodedMatches) {
-        ctx.report({
-          message: `Malicious content detected in ${match.type}: ${match.issues.join(", ")}. Decoded: "${match.decoded.substring(0, 50)}${match.decoded.length > 50 ? "..." : ""}"`,
-          location: loc,
-          suggestion: "Encoded content is automatically decoded and checked for security patterns. Remove the malicious payload or use plain text."
-        });
-      }
-      const hasLongBase64 = (text.match(BASE64_PATTERN) || []).some(
-        (m) => m.length >= MIN_ENCODED_LENGTH * 2 && !isLikelyLegitimateBase64(text, m)
-      );
-      if (hasLongBase64 && encodedMatches.length === 0) {
-        ctx.report({
-          message: "Long Base64-encoded content detected that may hide payloads",
-          location: loc,
-          suggestion: "If this is intentional, consider using plain text or documenting the purpose"
-        });
-      }
-    });
+    walkText(
+      ctx.ast,
+      (text, loc) => {
+        const encodedMatches = detectAndDecodeEncodings(text);
+        for (const match of encodedMatches) {
+          ctx.report({
+            message: `Malicious content detected in ${match.type}: ${match.issues.join(", ")}. Decoded: "${match.decoded.substring(0, 50)}${match.decoded.length > 50 ? "..." : ""}"`,
+            location: loc,
+            suggestion: "Encoded content is automatically decoded and checked for security patterns. Remove the malicious payload or use plain text."
+          });
+        }
+        const hasLongBase64 = (text.match(BASE64_PATTERN) || []).some(
+          (m) => m.length >= MIN_ENCODED_LENGTH * 2 && !isLikelyLegitimateBase64(text, m)
+        );
+        if (hasLongBase64 && encodedMatches.length === 0) {
+          ctx.report({
+            message: "Long Base64-encoded content detected that may hide payloads",
+            location: loc,
+            suggestion: "If this is intentional, consider using plain text or documenting the purpose"
+          });
+        }
+      },
+      { excludeProperties: ["resources"] }
+    );
   }
 };
 
@@ -22292,22 +22622,32 @@ var GREEK_LOOKALIKES = /* @__PURE__ */ new Map([
   ["\u0396", "\u0396 (Greek) looks like Z (Latin)"]
 ]);
 var EXCESSIVE_COMBINING_PATTERN = /[\u0300-\u036F\u0483-\u0489\u0591-\u05BD\u064B-\u065F]{4,}/;
-var LATIN_PATTERN = /[a-zA-Z]/;
+var LATIN_CHAR = /[a-zA-Z]/;
+var CYRILLIC_CHAR = /[\u0400-\u04FF]/;
+var GREEK_CHAR = /[\u0370-\u03FF]/;
+var WORD_PATTERN = /[a-zA-Z\u0370-\u03FF\u0400-\u04FF]+/g;
 function findHomographAttacks(text) {
   const results = [];
-  const hasLatin = LATIN_PATTERN.test(text);
-  if (!hasLatin) {
-    return results;
-  }
-  for (let i = 0; i < text.length; i++) {
-    const char = text[i];
-    const cyrillicDesc = CYRILLIC_LOOKALIKES.get(char);
-    if (cyrillicDesc) {
-      results.push({ char, description: cyrillicDesc, index: i });
-    }
-    const greekDesc = GREEK_LOOKALIKES.get(char);
-    if (greekDesc) {
-      results.push({ char, description: greekDesc, index: i });
+  let wordMatch;
+  const wordPattern = new RegExp(WORD_PATTERN.source, WORD_PATTERN.flags);
+  while ((wordMatch = wordPattern.exec(text)) !== null) {
+    const word = wordMatch[0];
+    const wordStart = wordMatch.index;
+    const hasLatin = LATIN_CHAR.test(word);
+    const hasCyrillic = CYRILLIC_CHAR.test(word);
+    const hasGreek = GREEK_CHAR.test(word);
+    if (!hasLatin) continue;
+    if (!hasCyrillic && !hasGreek) continue;
+    for (let i = 0; i < word.length; i++) {
+      const char = word[i];
+      const cyrillicDesc = CYRILLIC_LOOKALIKES.get(char);
+      if (cyrillicDesc) {
+        results.push({ char, description: cyrillicDesc, index: wordStart + i });
+      }
+      const greekDesc = GREEK_LOOKALIKES.get(char);
+      if (greekDesc) {
+        results.push({ char, description: greekDesc, index: wordStart + i });
+      }
     }
   }
   return results;
@@ -22340,47 +22680,51 @@ var unicodeSecurity = {
   description: "Detect Unicode-based attacks (bidi overrides, zero-width, homoglyphs)",
   defaultSeverity: "error",
   validate: (ctx) => {
-    walkText(ctx.ast, (text, loc) => {
-      const bidiChars = findBidiChars(text);
-      if (bidiChars.length > 0) {
-        const descriptions = bidiChars.slice(0, 3).map((b) => b.description).join(", ");
-        const suffix = bidiChars.length > 3 ? ` and ${bidiChars.length - 3} more` : "";
-        ctx.report({
-          message: `Bidirectional text override detected: ${descriptions}${suffix}`,
-          location: loc,
-          suggestion: "Remove bidirectional override characters that may hide malicious content"
-        });
-      }
-      const zeroWidthChars = findZeroWidthChars(text);
-      if (zeroWidthChars.length > 0) {
-        const descriptions = zeroWidthChars.slice(0, 3).map((z) => z.description).join(", ");
-        const suffix = zeroWidthChars.length > 3 ? ` and ${zeroWidthChars.length - 3} more` : "";
-        ctx.report({
-          message: `Zero-width characters detected: ${descriptions}${suffix}`,
-          location: loc,
-          suggestion: "Remove zero-width characters that may be used to evade pattern matching"
-        });
-      }
-      const homographs = findHomographAttacks(text);
-      if (homographs.length > 0) {
-        const descriptions = homographs.slice(0, 3).map((h) => h.description).join(", ");
-        const suffix = homographs.length > 3 ? ` and ${homographs.length - 3} more` : "";
-        ctx.report({
-          message: `Potential homograph attack: ${descriptions}${suffix}`,
-          location: loc,
-          suggestion: "Replace lookalike Cyrillic/Greek characters with Latin equivalents"
-        });
-      }
-      if (EXCESSIVE_COMBINING_PATTERN.test(text)) {
-        const match = text.match(EXCESSIVE_COMBINING_PATTERN);
-        const charCodes = match ? Array.from(match[0]).slice(0, 4).map((c) => `U+${c.charCodeAt(0).toString(16).toUpperCase().padStart(4, "0")}`).join(", ") : "unknown";
-        ctx.report({
-          message: `Excessive combining characters (Zalgo text) detected: ${charCodes}...`,
-          location: loc,
-          suggestion: "Remove excessive diacritical marks that may be used to obscure content"
-        });
-      }
-    });
+    walkText(
+      ctx.ast,
+      (text, loc) => {
+        const bidiChars = findBidiChars(text);
+        if (bidiChars.length > 0) {
+          const descriptions = bidiChars.slice(0, 3).map((b) => b.description).join(", ");
+          const suffix = bidiChars.length > 3 ? ` and ${bidiChars.length - 3} more` : "";
+          ctx.report({
+            message: `Bidirectional text override detected: ${descriptions}${suffix}`,
+            location: offsetLocation(loc, text, bidiChars[0].index),
+            suggestion: "Remove bidirectional override characters that may hide malicious content"
+          });
+        }
+        const zeroWidthChars = findZeroWidthChars(text);
+        if (zeroWidthChars.length > 0) {
+          const descriptions = zeroWidthChars.slice(0, 3).map((z) => z.description).join(", ");
+          const suffix = zeroWidthChars.length > 3 ? ` and ${zeroWidthChars.length - 3} more` : "";
+          ctx.report({
+            message: `Zero-width characters detected: ${descriptions}${suffix}`,
+            location: offsetLocation(loc, text, zeroWidthChars[0].index),
+            suggestion: "Remove zero-width characters that may be used to evade pattern matching"
+          });
+        }
+        const homographs = findHomographAttacks(text);
+        if (homographs.length > 0) {
+          const descriptions = homographs.slice(0, 3).map((h) => h.description).join(", ");
+          const suffix = homographs.length > 3 ? ` and ${homographs.length - 3} more` : "";
+          ctx.report({
+            message: `Potential homograph attack: ${descriptions}${suffix}`,
+            location: offsetLocation(loc, text, homographs[0].index),
+            suggestion: "Replace lookalike Cyrillic/Greek characters with Latin equivalents"
+          });
+        }
+        const combiningMatch = EXCESSIVE_COMBINING_PATTERN.exec(text);
+        if (combiningMatch) {
+          const charCodes = Array.from(combiningMatch[0]).slice(0, 4).map((c) => `U+${c.charCodeAt(0).toString(16).toUpperCase().padStart(4, "0")}`).join(", ");
+          ctx.report({
+            message: `Excessive combining characters (Zalgo text) detected: ${charCodes}...`,
+            location: offsetLocation(loc, text, combiningMatch.index),
+            suggestion: "Remove excessive diacritical marks that may be used to obscure content"
+          });
+        }
+      },
+      { excludeProperties: ["resources"] }
+    );
   }
 };
 
@@ -23181,8 +23525,14 @@ async function writeOutputs(outputs, options, _config, services) {
             result.written.push(outputPath);
           }
         } else {
-          ConsoleOutput.warning(`Would conflict: ${outputPath} (not generated by PromptScript)`);
-          result.written.push(outputPath);
+          const existingContent = await readFile7(outputPath, "utf-8");
+          if (existingContent === output.content) {
+            ConsoleOutput.dryRun(`Unchanged: ${outputPath}`);
+            result.unchanged.push(outputPath);
+          } else {
+            ConsoleOutput.warning(`Would conflict: ${outputPath} (not generated by PromptScript)`);
+            result.written.push(outputPath);
+          }
         }
       } else {
         ConsoleOutput.dryRun(`Would write: ${outputPath}`);
@@ -23213,6 +23563,17 @@ async function writeOutputs(outputs, options, _config, services) {
       result.written.push(outputPath);
       continue;
     }
+    let contentMatches = false;
+    try {
+      const existingContent = await readFile7(outputPath, "utf-8");
+      contentMatches = existingContent === output.content;
+    } catch {
+    }
+    if (contentMatches) {
+      ConsoleOutput.unchanged(outputPath);
+      result.unchanged.push(outputPath);
+      continue;
+    }
     if (options.force || overwriteAll) {
       await mkdir2(dirname6(outputPath), { recursive: true });
       await writeFile2(outputPath, output.content, "utf-8");

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@promptscript/cli",
-  "version": "1.1.0",
+  "version": "1.3.0",
   "description": "CLI for PromptScript - standardize AI instructions across GitHub Copilot, Claude, Cursor and other AI tools",
   "keywords": [
     "cli",

package/skills/promptscript/SKILL.md

@@ -215,7 +215,8 @@ userInvocable, allowedTools, context ("fork" or "inherit"), agent.
 
 ### @agents
 
-Custom subagent definitions:
+Custom subagent definitions. Compiles to `.claude/agents/` for Claude Code,
+`.github/agents/` for GitHub Copilot, `.factory/droids/` for Factory AI, etc.
 
 ```
 @agents {
@@ -229,6 +230,14 @@ Custom subagent definitions:
 }
 ```
 
+Supports mixed models per agent: `specModel` sets a different model for
+Specification/planning mode (GitHub, Factory), `specReasoningEffort` sets reasoning
+effort for the spec model (Factory only, values: "low", "medium", "high").
+
+Factory AI droids support additional properties: `model` (any model ID or "inherit"),
+`reasoningEffort` ("low", "medium", "high"), and `tools` (category name like "read-only"
+or array of tool IDs).
+
 ### @knowledge
 
 Reference documentation as triple-quoted text. Used for command references,
@@ -331,21 +340,21 @@ prs diff --target claude    # Show compilation diff
 
 38 supported targets. Key examples:
 
-| Target      | Main File                       | Skills                         |
-| ----------- | ------------------------------- | ------------------------------ |
-| GitHub      | .github/copilot-instructions.md | .github/skills/\*/SKILL.md     |
-| Claude      | CLAUDE.md                       | .claude/skills/\*/SKILL.md     |
-| Cursor      | .cursor/rules/project.mdc       | .cursor/commands/\*.md         |
-| Antigravity | .agent/rules/project.md         | .agent/rules/\*.md             |
-| Factory     | AGENTS.md                       | .factory/skills/\*/SKILL.md    |
-| OpenCode    | OPENCODE.md                     | .opencode/skills/\*/SKILL.md   |
-| Gemini      | GEMINI.md                       | .gemini/skills/\*/skill.md     |
-| Windsurf    | .windsurf/rules/project.md      | .windsurf/skills/\*/SKILL.md   |
-| Cline       | .clinerules                     | .agents/skills/\*/SKILL.md     |
-| Roo Code    | .roorules                       | .roo/skills/\*/SKILL.md        |
-| Codex       | AGENTS.md                       | .agents/skills/\*/SKILL.md     |
-| Continue    | .continue/rules/project.md      | .continue/skills/\*/SKILL.md   |
-| + 26 more   |                                 | See full list in documentation |
+| Target      | Main File                       | Skills                                             |
+| ----------- | ------------------------------- | -------------------------------------------------- |
+| GitHub      | .github/copilot-instructions.md | .github/skills/\*/SKILL.md                         |
+| Claude      | CLAUDE.md                       | .claude/skills/\*/SKILL.md                         |
+| Cursor      | .cursor/rules/project.mdc       | .cursor/commands/\*.md                             |
+| Antigravity | .agent/rules/project.md         | .agent/rules/\*.md                                 |
+| Factory     | AGENTS.md                       | .factory/skills/\*/SKILL.md, .factory/droids/\*.md |
+| OpenCode    | OPENCODE.md                     | .opencode/skills/\*/SKILL.md                       |
+| Gemini      | GEMINI.md                       | .gemini/skills/\*/skill.md                         |
+| Windsurf    | .windsurf/rules/project.md      | .windsurf/skills/\*/SKILL.md                       |
+| Cline       | .clinerules                     | .agents/skills/\*/SKILL.md                         |
+| Roo Code    | .roorules                       | .roo/skills/\*/SKILL.md                            |
+| Codex       | AGENTS.md                       | .agents/skills/\*/SKILL.md                         |
+| Continue    | .continue/rules/project.md      | .continue/skills/\*/SKILL.md                       |
+| + 26 more   |                                 | See full list in documentation                     |
 
 ## Project Organization
 

package/src/commands/compile.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"compile.d.ts","sourceRoot":"","sources":["../../../../../packages/cli/src/commands/compile.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAQlD,OAAO,EAAE,KAAK,WAAW,EAAyB,MAAM,gBAAgB,CAAC;AAwTzE;;GAEG;AACH,wBAAsB,cAAc,CAClC,OAAO,EAAE,cAAc,EACvB,QAAQ,GAAE,WAAqC,GAC9C,OAAO,CAAC,IAAI,CAAC,CA8Gf"}
+{"version":3,"file":"compile.d.ts","sourceRoot":"","sources":["../../../../../packages/cli/src/commands/compile.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAQlD,OAAO,EAAE,KAAK,WAAW,EAAyB,MAAM,gBAAgB,CAAC;AAgVzE;;GAEG;AACH,wBAAsB,cAAc,CAClC,OAAO,EAAE,cAAc,EACvB,QAAQ,GAAE,WAAqC,GAC9C,OAAO,CAAC,IAAI,CAAC,CA8Gf"}