@rbbtsn0w/adg 0.1.0-alpha.1 → 0.1.0-beta.2

package/dist/vendor/skills/src/remove.js

@@ -0,0 +1,263 @@
+import * as p from '@clack/prompts';
+import pc from 'picocolors';
+import { readdir, rm, lstat } from 'fs/promises';
+import { join } from 'path';
+import { agents, detectInstalledAgents } from "./agents.js";
+import { track } from "./telemetry.js";
+import { detectAgent } from "./detect-agent.js";
+import { removeSkillFromLock, getSkillFromLock } from "./skill-lock.js";
+import { getInstallPath, getCanonicalPath, getCanonicalSkillsDir, sanitizeName, } from "./installer.js";
+export async function removeCommand(skillNames, options) {
+    // Auto-enable non-interactive mode when running inside an AI agent
+    const agentResult = await detectAgent();
+    if (agentResult.isAgent) {
+        options.yes = true;
+        p.log.info(pc.bgCyan(pc.black(pc.bold(` ${agentResult.agent.name} `))) +
+            ' ' +
+            'Agent detected — removing non-interactively');
+    }
+    const isGlobal = options.global ?? false;
+    const cwd = process.cwd();
+    const spinner = p.spinner();
+    spinner.start('Scanning for installed skills...');
+    const skillNamesSet = new Set();
+    const scanDir = async (dir) => {
+        try {
+            const entries = await readdir(dir, { withFileTypes: true });
+            for (const entry of entries) {
+                if (entry.isDirectory()) {
+                    skillNamesSet.add(entry.name);
+                }
+            }
+        }
+        catch (err) {
+            if (err instanceof Error && err.code !== 'ENOENT') {
+                p.log.warn(`Could not scan directory ${dir}: ${err.message}`);
+            }
+        }
+    };
+    if (isGlobal) {
+        await scanDir(getCanonicalSkillsDir(true, cwd));
+        for (const agent of Object.values(agents)) {
+            if (agent.globalSkillsDir !== undefined) {
+                await scanDir(agent.globalSkillsDir);
+            }
+        }
+    }
+    else {
+        await scanDir(getCanonicalSkillsDir(false, cwd));
+        for (const agent of Object.values(agents)) {
+            await scanDir(join(cwd, agent.skillsDir));
+        }
+    }
+    const installedSkills = Array.from(skillNamesSet).sort();
+    spinner.stop(`Found ${installedSkills.length} unique installed skill(s)`);
+    if (installedSkills.length === 0) {
+        p.outro(pc.yellow('No skills found to remove.'));
+        return;
+    }
+    // Validate agent options BEFORE prompting for skill selection
+    if (options.agent && options.agent.length > 0) {
+        const validAgents = Object.keys(agents);
+        const invalidAgents = options.agent.filter((a) => !validAgents.includes(a));
+        if (invalidAgents.length > 0) {
+            p.log.error(`Invalid agents: ${invalidAgents.join(', ')}`);
+            p.log.info(`Valid agents: ${validAgents.join(', ')}`);
+            process.exit(1);
+        }
+    }
+    let selectedSkills = [];
+    if (options.all) {
+        selectedSkills = installedSkills;
+    }
+    else if (skillNames.length > 0) {
+        selectedSkills = installedSkills.filter((s) => skillNames.some((name) => name.toLowerCase() === s.toLowerCase()));
+        if (selectedSkills.length === 0) {
+            p.log.error(`No matching skills found for: ${skillNames.join(', ')}`);
+            return;
+        }
+    }
+    else {
+        const choices = installedSkills.map((s) => ({
+            value: s,
+            label: s,
+        }));
+        const selected = await p.multiselect({
+            message: `Select skills to remove ${pc.dim('(space to toggle)')}`,
+            options: choices,
+            required: true,
+        });
+        if (p.isCancel(selected)) {
+            p.cancel('Removal cancelled');
+            process.exit(0);
+        }
+        selectedSkills = selected;
+    }
+    let targetAgents;
+    if (options.agent && options.agent.length > 0) {
+        targetAgents = options.agent;
+    }
+    else {
+        // When removing, we should target all known agents to ensure
+        // ghost symlinks are cleaned up, even if the agent is not detected.
+        targetAgents = Object.keys(agents);
+        spinner.stop(`Targeting ${targetAgents.length} potential agent(s)`);
+    }
+    if (!options.yes) {
+        console.log();
+        p.log.info('Skills to remove:');
+        for (const skill of selectedSkills) {
+            p.log.message(`  ${pc.red('•')} ${skill}`);
+        }
+        console.log();
+        const confirmed = await p.confirm({
+            message: `Are you sure you want to uninstall ${selectedSkills.length} skill(s)?`,
+        });
+        if (p.isCancel(confirmed) || !confirmed) {
+            p.cancel('Removal cancelled');
+            process.exit(0);
+        }
+    }
+    spinner.start('Removing skills...');
+    const results = [];
+    for (const skillName of selectedSkills) {
+        try {
+            const canonicalPath = getCanonicalPath(skillName, { global: isGlobal, cwd });
+            for (const agentKey of targetAgents) {
+                const agent = agents[agentKey];
+                const skillPath = getInstallPath(skillName, agentKey, { global: isGlobal, cwd });
+                // Determine potential paths to cleanup. For universal agents, getInstallPath
+                // now returns the canonical path, so we also need to check their 'native'
+                // directory to clean up any legacy symlinks.
+                const pathsToCleanup = new Set([skillPath]);
+                const sanitizedName = sanitizeName(skillName);
+                if (isGlobal && agent.globalSkillsDir) {
+                    pathsToCleanup.add(join(agent.globalSkillsDir, sanitizedName));
+                }
+                else {
+                    pathsToCleanup.add(join(cwd, agent.skillsDir, sanitizedName));
+                }
+                for (const pathToCleanup of pathsToCleanup) {
+                    // Skip if this is the canonical path - we'll handle that after checking all agents
+                    if (pathToCleanup === canonicalPath) {
+                        continue;
+                    }
+                    try {
+                        const stats = await lstat(pathToCleanup).catch(() => null);
+                        if (stats) {
+                            await rm(pathToCleanup, { recursive: true, force: true });
+                        }
+                    }
+                    catch (err) {
+                        p.log.warn(`Could not remove skill from ${agent.displayName}: ${err instanceof Error ? err.message : String(err)}`);
+                    }
+                }
+            }
+            // Only remove the canonical path if no other installed agents are using it.
+            // This prevents breaking other agents when uninstalling from a specific agent (#287).
+            const installedAgents = await detectInstalledAgents();
+            const remainingAgents = installedAgents.filter((a) => !targetAgents.includes(a));
+            let isStillUsed = false;
+            for (const agentKey of remainingAgents) {
+                const path = getInstallPath(skillName, agentKey, { global: isGlobal, cwd });
+                const exists = await lstat(path).catch(() => null);
+                if (exists) {
+                    isStillUsed = true;
+                    break;
+                }
+            }
+            if (!isStillUsed) {
+                await rm(canonicalPath, { recursive: true, force: true });
+            }
+            const lockEntry = isGlobal ? await getSkillFromLock(skillName) : null;
+            const effectiveSource = lockEntry?.source || 'local';
+            const effectiveSourceType = lockEntry?.sourceType || 'local';
+            if (isGlobal) {
+                await removeSkillFromLock(skillName);
+            }
+            results.push({
+                skill: skillName,
+                success: true,
+                source: effectiveSource,
+                sourceType: effectiveSourceType,
+            });
+        }
+        catch (err) {
+            results.push({
+                skill: skillName,
+                success: false,
+                error: err instanceof Error ? err.message : String(err),
+            });
+        }
+    }
+    spinner.stop('Removal process complete');
+    const successful = results.filter((r) => r.success);
+    const failed = results.filter((r) => !r.success);
+    // Track removal (grouped by source)
+    if (successful.length > 0) {
+        const bySource = new Map();
+        for (const r of successful) {
+            const source = r.source || 'local';
+            const existing = bySource.get(source) || { skills: [] };
+            existing.skills.push(r.skill);
+            existing.sourceType = r.sourceType;
+            bySource.set(source, existing);
+        }
+        for (const [source, data] of bySource) {
+            track({
+                event: 'remove',
+                source,
+                skills: data.skills.join(','),
+                agents: targetAgents.join(','),
+                ...(isGlobal && { global: '1' }),
+                sourceType: data.sourceType,
+            });
+        }
+    }
+    if (successful.length > 0) {
+        p.log.success(pc.green(`Successfully removed ${successful.length} skill(s)`));
+    }
+    if (failed.length > 0) {
+        p.log.error(pc.red(`Failed to remove ${failed.length} skill(s)`));
+        for (const r of failed) {
+            p.log.message(`  ${pc.red('✗')} ${r.skill}: ${r.error}`);
+        }
+    }
+    console.log();
+    p.outro(pc.green('Done!'));
+}
+/**
+ * Parse command line options for the remove command.
+ * Separates skill names from options flags.
+ */
+export function parseRemoveOptions(args) {
+    const options = {};
+    const skills = [];
+    for (let i = 0; i < args.length; i++) {
+        const arg = args[i];
+        if (arg === '-g' || arg === '--global') {
+            options.global = true;
+        }
+        else if (arg === '-y' || arg === '--yes') {
+            options.yes = true;
+        }
+        else if (arg === '--all') {
+            options.all = true;
+        }
+        else if (arg === '-a' || arg === '--agent') {
+            options.agent = options.agent || [];
+            i++;
+            let nextArg = args[i];
+            while (i < args.length && nextArg && !nextArg.startsWith('-')) {
+                options.agent.push(nextArg);
+                i++;
+                nextArg = args[i];
+            }
+            i--; // Back up one since the loop will increment
+        }
+        else if (arg && !arg.startsWith('-')) {
+            skills.push(arg);
+        }
+    }
+    return { skills, options };
+}

package/dist/vendor/skills/src/sanitize.js

@@ -0,0 +1,57 @@
+/**
+ * Sanitize untrusted strings before terminal output.
+ *
+ * Strips ALL terminal escape sequences from a string, including:
+ *   - CSI sequences  (ESC [ ... final_byte)    — cursor movement, screen clear, SGR colors
+ *   - OSC sequences  (ESC ] ... BEL/ST)         — window title, hyperlinks
+ *   - Simple escapes (ESC followed by one char)  — e.g. ESC 7 (save cursor)
+ *   - C1 control codes (0x80–0x9F)
+ *   - Raw control characters (BEL, BS, etc.)     — except \t and \n which are safe
+ *
+ * This defends against CWE-150 (terminal escape injection) where
+ * untrusted data (e.g., skill name/description from SKILL.md frontmatter
+ * or remote APIs) could clear the screen, move the cursor, change the
+ * window title, or render attacker-controlled text that looks like
+ * legitimate CLI output.
+ */
+// CSI sequences: ESC[ followed by parameter bytes (0x30-0x3F), intermediate bytes (0x20-0x2F), and a final byte (0x40-0x7E)
+const CSI_RE = /\x1b\[[\x30-\x3f]*[\x20-\x2f]*[\x40-\x7e]/g;
+// OSC sequences: ESC] ... terminated by BEL (\x07) or ST (ESC\)
+const OSC_RE = /\x1b\][\s\S]*?(?:\x07|\x1b\\)/g;
+// DCS, PM, APC sequences: ESC P|^|_ ... terminated by ST (ESC\)
+const DCS_PM_APC_RE = /\x1b[P^_][\s\S]*?(?:\x1b\\)/g;
+// Simple two-byte escape sequences: ESC followed by a single char in 0x20-0x7E range
+// Includes ESC 7 (DECSC), ESC 8 (DECRC), ESC c (RIS), ESC M (RI), etc.
+const SIMPLE_ESC_RE = /\x1b[\x20-\x7e]/g;
+// C1 control codes (0x80-0x9F) — used as 8-bit equivalents of ESC sequences
+const C1_RE = /[\x80-\x9f]/g;
+// Raw control characters except tab (\x09) and newline (\x0a)
+// Includes BEL (\x07), BS (\x08), CR (\x0d), and others
+const CONTROL_RE = /[\x00-\x06\x07\x08\x0b\x0c\x0d-\x1a\x1c-\x1f\x7f]/g;
+/**
+ * Strip all terminal escape sequences and dangerous control characters
+ * from a string.
+ *
+ * Safe for use on untrusted input before printing to the terminal.
+ */
+export function stripTerminalEscapes(str) {
+    return str
+        .replace(OSC_RE, '') // OSC first (longest match)
+        .replace(DCS_PM_APC_RE, '') // DCS/PM/APC
+        .replace(CSI_RE, '') // CSI sequences
+        .replace(SIMPLE_ESC_RE, '') // Simple ESC+char
+        .replace(C1_RE, '') // C1 control codes
+        .replace(CONTROL_RE, ''); // Raw control chars (keep \t \n)
+}
+/**
+ * Sanitize a skill metadata string (name, description, etc.) for safe terminal display.
+ *
+ * In addition to stripping escape sequences, this also trims whitespace and
+ * collapses internal newlines into spaces (skill names/descriptions should
+ * be single-line when displayed).
+ */
+export function sanitizeMetadata(str) {
+    return stripTerminalEscapes(str)
+        .replace(/[\r\n]+/g, ' ')
+        .trim();
+}

package/dist/vendor/skills/src/self-cli.js

@@ -0,0 +1,15 @@
+// ADG patch (new file): standalone helper for re-invoking the vendored CLI on
+// `cli.ts`. Kept dependency-free (no heavy transitive imports) so a test can
+// import it without pulling update.ts's graph (which currently includes the
+// detect-agent.ts ↔ @vercel/detect-agent API mismatch). Mirrors the rationale
+// for git-tree.ts. See vendor/skills/PROVENANCE.md.
+/**
+ * Args for re-invoking Node on the vendored `cli.ts`. `process.execArgv` is
+ * forwarded so the child inherits the parent's Node flags (e.g.
+ * --experimental-strip-types, required to run TypeScript directly on Node
+ * 22.6–23.5). `execArgv` is a parameter so the forwarding can be tested with a
+ * non-empty flag set.
+ */
+export function selfCliArgv(cliEntry, args, execArgv = process.execArgv) {
+    return [...execArgv, cliEntry, ...args];
+}

package/dist/vendor/skills/src/skill-lock.js

@@ -0,0 +1,237 @@
+import { readFile, writeFile, mkdir } from 'fs/promises';
+import { join, dirname } from 'path';
+import { homedir } from 'os';
+import { createHash } from 'crypto';
+import { execSync } from 'child_process';
+import pc from 'picocolors';
+const AGENTS_DIR = '.agents';
+const LOCK_FILE = '.skill-lock.json';
+const CURRENT_VERSION = 3; // Bumped from 2 to 3 for folder hash support (GitHub tree SHA)
+/**
+ * Get the path to the global skill lock file.
+ *
+ * ADG patch: anchor the lock under `.agents/` in BOTH modes so the skills and
+ * plugins domains always share one universal `~/.agents` (or
+ * `$XDG_STATE_HOME/.agents`) home — matching ADG's `globalPluginsDir()`.
+ * Upstream put the XDG variant at `$XDG_STATE_HOME/skills/`, which broke that
+ * shared root when XDG_STATE_HOME was set. See vendor/skills/PROVENANCE.md.
+ *
+ * Resolves to `$XDG_STATE_HOME/.agents/.skill-lock.json` if set,
+ * otherwise `~/.agents/.skill-lock.json`.
+ */
+export function getSkillLockPath() {
+    const root = process.env.XDG_STATE_HOME ?? homedir();
+    return join(root, AGENTS_DIR, LOCK_FILE);
+}
+/**
+ * Read the skill lock file.
+ * Returns an empty lock file structure if the file doesn't exist.
+ * Wipes the lock file if it's an old format (version < CURRENT_VERSION).
+ */
+export async function readSkillLock() {
+    const lockPath = getSkillLockPath();
+    try {
+        const content = await readFile(lockPath, 'utf-8');
+        const parsed = JSON.parse(content);
+        // Validate version - wipe if old format
+        if (typeof parsed.version !== 'number' || !parsed.skills) {
+            return createEmptyLockFile();
+        }
+        // If old version, wipe and start fresh (backwards incompatible change)
+        // v3 adds skillFolderHash - we want fresh installs to populate it
+        if (parsed.version < CURRENT_VERSION) {
+            return createEmptyLockFile();
+        }
+        return parsed;
+    }
+    catch (error) {
+        // File doesn't exist or is invalid - return empty
+        return createEmptyLockFile();
+    }
+}
+/**
+ * Write the skill lock file.
+ * Creates the directory if it doesn't exist.
+ */
+export async function writeSkillLock(lock) {
+    const lockPath = getSkillLockPath();
+    // Ensure directory exists
+    await mkdir(dirname(lockPath), { recursive: true });
+    // Write with pretty formatting for human readability
+    const content = JSON.stringify(lock, null, 2);
+    await writeFile(lockPath, content, 'utf-8');
+}
+/**
+ * Compute SHA-256 hash of content.
+ */
+export function computeContentHash(content) {
+    return createHash('sha256').update(content, 'utf-8').digest('hex');
+}
+let _ghWarningShown = false;
+/** For tests only. Resets the one-shot warning flag. */
+export function resetGhAuthWarning() {
+    _ghWarningShown = false;
+}
+/**
+ * Get GitHub token from user's environment.
+ * Tries in order:
+ * 1. GITHUB_TOKEN environment variable (silent)
+ * 2. GH_TOKEN environment variable (silent)
+ * 3. gh CLI auth token, if gh is installed. Prints a one-time warning to
+ *    stderr before invoking `gh auth token`, because that subprocess call
+ *    is flagged by some corporate endpoint security tooling (Defender, etc.)
+ *    as credential extraction. Callers should invoke this function lazily
+ *    (e.g. only after an unauthenticated request hits a rate limit) so the
+ *    fallback rarely runs in practice.
+ *
+ * @returns The token string or null if not available
+ */
+export function getGitHubToken() {
+    // Check environment variables first (silent: user has explicitly opted in)
+    if (process.env.GITHUB_TOKEN) {
+        return process.env.GITHUB_TOKEN;
+    }
+    if (process.env.GH_TOKEN) {
+        return process.env.GH_TOKEN;
+    }
+    // Last resort: spawn gh CLI. Warn the user once per process before doing so.
+    // ADG patch: message broadened — this resolver is now also used to reach
+    // private repos, not just to recover from a rate limit.
+    if (!_ghWarningShown) {
+        process.stderr.write(`${pc.yellow('│')}  ${pc.yellow('GitHub authentication needed')} — using your ${pc.cyan('gh')} login to continue.\n` +
+            `${pc.yellow('│')}  ${pc.dim(`Tip: set ${pc.cyan('GITHUB_TOKEN')} to avoid this prompt, or use ${pc.cyan('--full-depth')} to clone instead.\n`)}`);
+        _ghWarningShown = true;
+    }
+    try {
+        const token = execSync('gh auth token', {
+            encoding: 'utf-8',
+            stdio: ['pipe', 'pipe', 'pipe'],
+        }).trim();
+        if (token) {
+            return token;
+        }
+    }
+    catch {
+        // gh not installed or not authenticated
+    }
+    return null;
+}
+/**
+ * Fetch the tree SHA (folder hash) for a skill folder using GitHub's Trees API.
+ * This makes ONE API call to get the entire repo tree, then extracts the SHA
+ * for the specific skill folder.
+ *
+ * @param ownerRepo - GitHub owner/repo (e.g., "vercel-labs/agent-skills")
+ * @param skillPath - Path to skill folder or SKILL.md (e.g., "skills/react-best-practices/SKILL.md")
+ * @param getToken - Optional lazy token resolver. Invoked only if the
+ *                   unauthenticated request hits a rate limit.
+ * @param ref - Optional branch/tag ref. Defaults to trying main then master.
+ * @returns The tree SHA for the skill folder, or null if not found
+ */
+export async function fetchSkillFolderHash(ownerRepo, skillPath, getToken, ref) {
+    const { fetchRepoTree, getSkillFolderHashFromTree } = await import("./blob.js");
+    const tree = await fetchRepoTree(ownerRepo, ref, getToken ?? undefined);
+    if (!tree)
+        return null;
+    return getSkillFolderHashFromTree(tree, skillPath);
+}
+/**
+ * Add or update a skill entry in the lock file.
+ */
+export async function addSkillToLock(skillName, entry) {
+    const lock = await readSkillLock();
+    const now = new Date().toISOString();
+    const existingEntry = lock.skills[skillName];
+    lock.skills[skillName] = {
+        ...entry,
+        installedAt: existingEntry?.installedAt ?? now,
+        updatedAt: now,
+    };
+    await writeSkillLock(lock);
+}
+/**
+ * Remove a skill from the lock file.
+ */
+export async function removeSkillFromLock(skillName) {
+    const lock = await readSkillLock();
+    if (!(skillName in lock.skills)) {
+        return false;
+    }
+    delete lock.skills[skillName];
+    await writeSkillLock(lock);
+    return true;
+}
+/**
+ * Get a skill entry from the lock file.
+ */
+export async function getSkillFromLock(skillName) {
+    const lock = await readSkillLock();
+    return lock.skills[skillName] ?? null;
+}
+/**
+ * Get all skills from the lock file.
+ */
+export async function getAllLockedSkills() {
+    const lock = await readSkillLock();
+    return lock.skills;
+}
+/**
+ * Get skills grouped by source for batch update operations.
+ */
+export async function getSkillsBySource() {
+    const lock = await readSkillLock();
+    const bySource = new Map();
+    for (const [skillName, entry] of Object.entries(lock.skills)) {
+        const existing = bySource.get(entry.source);
+        if (existing) {
+            existing.skills.push(skillName);
+        }
+        else {
+            bySource.set(entry.source, { skills: [skillName], entry });
+        }
+    }
+    return bySource;
+}
+/**
+ * Create an empty lock file structure.
+ */
+function createEmptyLockFile() {
+    return {
+        version: CURRENT_VERSION,
+        skills: {},
+        dismissed: {},
+    };
+}
+/**
+ * Check if a prompt has been dismissed.
+ */
+export async function isPromptDismissed(promptKey) {
+    const lock = await readSkillLock();
+    return lock.dismissed?.[promptKey] === true;
+}
+/**
+ * Mark a prompt as dismissed.
+ */
+export async function dismissPrompt(promptKey) {
+    const lock = await readSkillLock();
+    if (!lock.dismissed) {
+        lock.dismissed = {};
+    }
+    lock.dismissed[promptKey] = true;
+    await writeSkillLock(lock);
+}
+/**
+ * Get the last selected agents.
+ */
+export async function getLastSelectedAgents() {
+    const lock = await readSkillLock();
+    return lock.lastSelectedAgents;
+}
+/**
+ * Save the selected agents to the lock file.
+ */
+export async function saveSelectedAgents(agents) {
+    const lock = await readSkillLock();
+    lock.lastSelectedAgents = agents;
+    await writeSkillLock(lock);
+}