@rbbtsn0w/adg 0.1.0-alpha.1 → 0.1.0-beta.2

package/dist/vendor/skills/src/skills.js

@@ -0,0 +1,264 @@
+import { readdir, readFile, stat } from 'fs/promises';
+import { join, basename, dirname, resolve, normalize, sep, relative } from 'path';
+import { parseFrontmatter } from "./frontmatter.js";
+import { sanitizeMetadata } from "./sanitize.js";
+import { getPluginSkillPaths, getPluginGroupings } from "./plugin-manifest.js";
+import { readLocalLock } from "./local-lock.js";
+const SKIP_DIRS = ['node_modules', '.git', 'dist', 'build', '__pycache__'];
+const AGENT_PROJECT_SKILL_DIRS = [
+    '.agents/skills',
+    '.claude/skills',
+    '.cline/skills',
+    '.codebuddy/skills',
+    '.codex/skills',
+    '.commandcode/skills',
+    '.continue/skills',
+    '.github/skills',
+    '.goose/skills',
+    '.iflow/skills',
+    '.junie/skills',
+    '.kilocode/skills',
+    '.kiro/skills',
+    '.mux/skills',
+    '.neovate/skills',
+    '.opencode/skills',
+    '.openhands/skills',
+    '.pi/skills',
+    '.qoder/skills',
+    '.roo/skills',
+    '.trae/skills',
+    '.windsurf/skills',
+    '.zencoder/skills',
+];
+function normalizeSkillName(name) {
+    return name.toLowerCase().replace(/[\s_]+/g, '-');
+}
+function normalizeRelativePath(path) {
+    return path.split(sep).join('/').replace(/\/+/g, '/');
+}
+/**
+ * Check if internal skills should be installed.
+ * Internal skills are hidden by default unless INSTALL_INTERNAL_SKILLS=1 is set.
+ */
+export function shouldInstallInternalSkills() {
+    const envValue = process.env.INSTALL_INTERNAL_SKILLS;
+    return envValue === '1' || envValue === 'true';
+}
+async function hasSkillMd(dir) {
+    try {
+        const skillPath = join(dir, 'SKILL.md');
+        const stats = await stat(skillPath);
+        return stats.isFile();
+    }
+    catch {
+        return false;
+    }
+}
+export async function parseSkillMd(skillMdPath, options) {
+    try {
+        const content = await readFile(skillMdPath, 'utf-8');
+        const { data } = parseFrontmatter(content);
+        if (!data.name || !data.description) {
+            return null;
+        }
+        // Ensure name and description are strings (YAML can parse numbers, booleans, etc.)
+        if (typeof data.name !== 'string' || typeof data.description !== 'string') {
+            return null;
+        }
+        // ADG patch: narrow `metadata` from the loosely-typed frontmatter (`unknown`)
+        // before reading it, so the file typechecks under the root tsconfig without
+        // changing behavior. See vendor/skills/PROVENANCE.md.
+        const metadata = data.metadata && typeof data.metadata === 'object'
+            ? data.metadata
+            : undefined;
+        // Skip internal skills unless:
+        // 1. INSTALL_INTERNAL_SKILLS=1 is set, OR
+        // 2. includeInternal option is true (e.g., when user explicitly requests a skill)
+        const isInternal = metadata?.internal === true;
+        if (isInternal && !shouldInstallInternalSkills() && !options?.includeInternal) {
+            return null;
+        }
+        return {
+            name: sanitizeMetadata(data.name),
+            description: sanitizeMetadata(data.description),
+            path: dirname(skillMdPath),
+            rawContent: content,
+            metadata,
+        };
+    }
+    catch {
+        return null;
+    }
+}
+async function findSkillDirs(dir, depth = 0, maxDepth = 5) {
+    if (depth > maxDepth)
+        return [];
+    try {
+        const [hasSkill, entries] = await Promise.all([
+            hasSkillMd(dir),
+            readdir(dir, { withFileTypes: true }).catch(() => []),
+        ]);
+        const currentDir = hasSkill ? [dir] : [];
+        // Search subdirectories in parallel
+        const subDirResults = await Promise.all(entries
+            .filter((entry) => entry.isDirectory() && !SKIP_DIRS.includes(entry.name))
+            .map((entry) => findSkillDirs(join(dir, entry.name), depth + 1, maxDepth)));
+        return [...currentDir, ...subDirResults.flat()];
+    }
+    catch {
+        return [];
+    }
+}
+/**
+ * Validates that a resolved subpath stays within the base directory.
+ * Prevents path traversal attacks where subpath contains ".." segments
+ * that would escape the cloned repository directory.
+ */
+export function isSubpathSafe(basePath, subpath) {
+    const normalizedBase = normalize(resolve(basePath));
+    const normalizedTarget = normalize(resolve(join(basePath, subpath)));
+    return normalizedTarget.startsWith(normalizedBase + sep) || normalizedTarget === normalizedBase;
+}
+export async function discoverSkills(basePath, subpath, options) {
+    const skills = [];
+    const seenNames = new Set();
+    const localLock = await readLocalLock(basePath);
+    const lockedSkillNames = new Set(Object.keys(localLock.skills).map(normalizeSkillName));
+    // Validate subpath doesn't escape basePath (prevent path traversal)
+    if (subpath && !isSubpathSafe(basePath, subpath)) {
+        throw new Error(`Invalid subpath: "${subpath}" resolves outside the repository directory. Subpath must not contain ".." segments that escape the base path.`);
+    }
+    const searchPath = subpath ? join(basePath, subpath) : basePath;
+    // Get plugin groupings to map skills to their parent plugin
+    // We search for plugin definitions from the base search path
+    const pluginGroupings = await getPluginGroupings(searchPath);
+    // Helper to assign plugin name if available
+    const enhanceSkill = (skill) => {
+        const resolvedPath = resolve(skill.path);
+        if (pluginGroupings.has(resolvedPath)) {
+            skill.pluginName = pluginGroupings.get(resolvedPath);
+        }
+        return skill;
+    };
+    const isInstalledProjectSkill = (skill) => {
+        if (lockedSkillNames.size === 0)
+            return false;
+        const relativeDir = normalizeRelativePath(relative(basePath, skill.path));
+        const isAgentSkillPath = AGENT_PROJECT_SKILL_DIRS.some((dir) => relativeDir === dir || relativeDir.startsWith(`${dir}/`));
+        if (!isAgentSkillPath)
+            return false;
+        const skillName = normalizeSkillName(skill.name);
+        const directoryName = normalizeSkillName(basename(skill.path));
+        return lockedSkillNames.has(skillName) || lockedSkillNames.has(directoryName);
+    };
+    // If pointing directly at a skill, add it (and return early unless fullDepth is set).
+    // If the root SKILL.md is an installed project skill tracked by skills-lock.json,
+    // ignore it and continue scanning in case the repo also contains source skills.
+    if (await hasSkillMd(searchPath)) {
+        let skill = await parseSkillMd(join(searchPath, 'SKILL.md'), options);
+        if (skill) {
+            if (!isInstalledProjectSkill(skill)) {
+                skill = enhanceSkill(skill);
+                skills.push(skill);
+                seenNames.add(skill.name);
+                // Only return early if fullDepth is not set
+                if (!options?.fullDepth) {
+                    return skills;
+                }
+            }
+        }
+    }
+    // Search common skill locations first
+    const prioritySearchDirs = [
+        searchPath,
+        join(searchPath, 'skills'),
+        join(searchPath, 'skills/.curated'),
+        join(searchPath, 'skills/.experimental'),
+        join(searchPath, 'skills/.system'),
+        ...AGENT_PROJECT_SKILL_DIRS.map((dir) => join(searchPath, dir)),
+    ];
+    // Known skill container dirs are walked one extra level deep so layouts
+    // like `skills/<category>/<skill>/SKILL.md` are discovered without
+    // requiring `--full-depth`. The repo root (first entry) keeps its
+    // existing depth-1 behavior to avoid surfacing unrelated `SKILL.md`
+    // files (e.g. `examples/foo/SKILL.md`), and plugin-manifest-declared
+    // dirs (appended below) stay at depth-1 to honor the manifest spec.
+    const deepContainerDirs = new Set(prioritySearchDirs.slice(1));
+    // Add skill paths declared in plugin manifests
+    prioritySearchDirs.push(...(await getPluginSkillPaths(searchPath)));
+    const tryAddSkillAt = async (skillDir) => {
+        if (!(await hasSkillMd(skillDir)))
+            return false;
+        let skill = await parseSkillMd(join(skillDir, 'SKILL.md'), options);
+        if (!skill || seenNames.has(skill.name))
+            return true;
+        if (isInstalledProjectSkill(skill))
+            return true;
+        skill = enhanceSkill(skill);
+        skills.push(skill);
+        seenNames.add(skill.name);
+        return true;
+    };
+    for (const dir of prioritySearchDirs) {
+        const walkDeep = deepContainerDirs.has(dir);
+        try {
+            const entries = await readdir(dir, { withFileTypes: true });
+            for (const entry of entries) {
+                if (!entry.isDirectory())
+                    continue;
+                const childDir = join(dir, entry.name);
+                const foundAtChild = await tryAddSkillAt(childDir);
+                // Don't descend past a discovered SKILL.md (matches the existing
+                // flat-layout semantics) and don't go deeper inside non-container
+                // priority dirs.
+                if (foundAtChild || !walkDeep)
+                    continue;
+                if (SKIP_DIRS.includes(entry.name))
+                    continue;
+                // Walk one extra level for catalog layouts.
+                try {
+                    const grandEntries = await readdir(childDir, { withFileTypes: true });
+                    for (const grand of grandEntries) {
+                        if (!grand.isDirectory() || SKIP_DIRS.includes(grand.name))
+                            continue;
+                        await tryAddSkillAt(join(childDir, grand.name));
+                    }
+                }
+                catch {
+                    // Child dir unreadable; skip silently.
+                }
+            }
+        }
+        catch {
+            // Directory doesn't exist
+        }
+    }
+    // Fall back to recursive search if nothing found, or if fullDepth is set
+    if (skills.length === 0 || options?.fullDepth) {
+        const allSkillDirs = await findSkillDirs(searchPath);
+        for (const skillDir of allSkillDirs) {
+            let skill = await parseSkillMd(join(skillDir, 'SKILL.md'), options);
+            if (skill && !seenNames.has(skill.name) && !isInstalledProjectSkill(skill)) {
+                skill = enhanceSkill(skill);
+                skills.push(skill);
+                seenNames.add(skill.name);
+            }
+        }
+    }
+    return skills;
+}
+export function getSkillDisplayName(skill) {
+    return skill.name || basename(skill.path);
+}
+/**
+ * Filter skills based on user input (case-insensitive direct matching).
+ * Multi-word skill names must be quoted on the command line.
+ */
+export function filterSkills(skills, inputNames) {
+    const normalizedInputs = inputNames.map((n) => n.toLowerCase());
+    return skills.filter((skill) => {
+        const name = skill.name.toLowerCase();
+        const displayName = getSkillDisplayName(skill).toLowerCase();
+        return normalizedInputs.some((input) => input === name || input === displayName);
+    });
+}

package/dist/vendor/skills/src/source-parser.js

@@ -0,0 +1,367 @@
+import { isAbsolute, resolve } from 'path';
+/**
+ * Extract owner/repo (or group/subgroup/repo for GitLab) from a parsed source
+ * for lockfile tracking and telemetry.
+ * Returns null for local paths or unparseable sources.
+ * Supports any Git host with an owner/repo URL structure, including GitLab subgroups.
+ */
+export function getOwnerRepo(parsed) {
+    if (parsed.type === 'local') {
+        return null;
+    }
+    // Handle Git SSH URLs (e.g., git@gitlab.com:owner/repo.git, git@github.com:owner/repo.git)
+    const sshMatch = parsed.url.match(/^git@[^:]+:(.+)$/);
+    if (sshMatch) {
+        let path = sshMatch[1];
+        path = path.replace(/\.git$/, '');
+        // Must have at least owner/repo (one slash)
+        if (path.includes('/')) {
+            return path;
+        }
+        return null;
+    }
+    // Handle SSH URLs with a scheme (e.g., ssh://git@host:7999/owner/repo.git)
+    if (parsed.url.startsWith('ssh://')) {
+        try {
+            const url = new URL(parsed.url);
+            let path = url.pathname.slice(1);
+            path = path.replace(/\.git$/, '');
+            if (path.includes('/')) {
+                return path;
+            }
+            return null;
+        }
+        catch {
+            return null;
+        }
+    }
+    // Handle HTTP(S) URLs
+    if (!parsed.url.startsWith('http://') && !parsed.url.startsWith('https://')) {
+        return null;
+    }
+    try {
+        const url = new URL(parsed.url);
+        // Get pathname, remove leading slash and trailing .git
+        let path = url.pathname.slice(1);
+        path = path.replace(/\.git$/, '');
+        // Must have at least owner/repo (one slash)
+        if (path.includes('/')) {
+            return path;
+        }
+    }
+    catch {
+        // Invalid URL
+    }
+    return null;
+}
+/**
+ * Extract owner and repo from an owner/repo string.
+ * Returns null if the format is invalid.
+ */
+export function parseOwnerRepo(ownerRepo) {
+    const match = ownerRepo.match(/^([^/]+)\/([^/]+)$/);
+    if (match) {
+        return { owner: match[1], repo: match[2] };
+    }
+    return null;
+}
+/**
+ * Check if a GitHub repository is private.
+ * Returns true if private, false if public, null if unable to determine.
+ * Only works for GitHub repositories (GitLab not supported).
+ */
+export async function isRepoPrivate(owner, repo) {
+    try {
+        const res = await fetch(`https://api.github.com/repos/${owner}/${repo}`);
+        // If repo doesn't exist or we don't have access, assume private to be safe
+        if (!res.ok) {
+            return null; // Unable to determine
+        }
+        const data = (await res.json());
+        return data.private === true;
+    }
+    catch {
+        // On error, return null to indicate we couldn't determine
+        return null;
+    }
+}
+/**
+ * Sanitizes a subpath to prevent path traversal attacks.
+ * Rejects subpaths containing ".." segments that could escape the repository root.
+ * Returns the sanitized subpath, or throws if the subpath is unsafe.
+ */
+export function sanitizeSubpath(subpath) {
+    // Normalize to forward slashes for consistent handling
+    const normalized = subpath.replace(/\\/g, '/');
+    // Check each segment for ".."
+    const segments = normalized.split('/');
+    for (const segment of segments) {
+        if (segment === '..') {
+            throw new Error(`Unsafe subpath: "${subpath}" contains path traversal segments. ` +
+                `Subpaths must not contain ".." components.`);
+        }
+    }
+    return subpath;
+}
+/**
+ * Check if a string represents a local file system path
+ */
+function isLocalPath(input) {
+    return (isAbsolute(input) ||
+        input.startsWith('./') ||
+        input.startsWith('../') ||
+        input === '.' ||
+        input === '..' ||
+        // Windows absolute paths like C:\ or D:\
+        /^[a-zA-Z]:[/\\]/.test(input));
+}
+/**
+ * Parse a source string into a structured format
+ * Supports: local paths, GitHub URLs, GitLab URLs, GitHub shorthand, well-known URLs, and direct git URLs
+ */
+// Source aliases: map common shorthand to canonical source
+const SOURCE_ALIASES = {
+    'coinbase/agentWallet': 'coinbase/agentic-wallet-skills',
+};
+function decodeFragmentValue(value) {
+    try {
+        return decodeURIComponent(value);
+    }
+    catch {
+        return value;
+    }
+}
+function looksLikeGitSource(input) {
+    if (input.startsWith('github:') || input.startsWith('gitlab:') || input.startsWith('git@')) {
+        return true;
+    }
+    if (/^ssh:\/\/.+\.git(?:$|[/?])/i.test(input)) {
+        return true;
+    }
+    if (input.startsWith('http://') || input.startsWith('https://')) {
+        try {
+            const parsed = new URL(input);
+            const pathname = parsed.pathname;
+            // Only treat GitHub fragments as refs for repo/tree URLs.
+            if (parsed.hostname === 'github.com') {
+                return /^\/[^/]+\/[^/]+(?:\.git)?(?:\/tree\/[^/]+(?:\/.*)?)?\/?$/.test(pathname);
+            }
+            // Only treat gitlab.com fragments as refs for repo/tree URLs.
+            if (parsed.hostname === 'gitlab.com') {
+                return /^\/.+?\/[^/]+(?:\.git)?(?:\/-\/tree\/[^/]+(?:\/.*)?)?\/?$/.test(pathname);
+            }
+        }
+        catch {
+            // Fall through to generic checks below.
+        }
+    }
+    if (/^https?:\/\/.+\.git(?:$|[/?])/i.test(input)) {
+        return true;
+    }
+    return (!input.includes(':') &&
+        !input.startsWith('.') &&
+        !input.startsWith('/') &&
+        /^([^/]+)\/([^/]+)(?:\/(.+)|@(.+))?$/.test(input));
+}
+function parseFragmentRef(input) {
+    const hashIndex = input.indexOf('#');
+    if (hashIndex < 0) {
+        return { inputWithoutFragment: input };
+    }
+    const inputWithoutFragment = input.slice(0, hashIndex);
+    const fragment = input.slice(hashIndex + 1);
+    // Treat URL fragments as git refs only for git-like sources.
+    // This avoids changing behavior for generic well-known URLs.
+    if (!fragment || !looksLikeGitSource(inputWithoutFragment)) {
+        return { inputWithoutFragment: input };
+    }
+    const atIndex = fragment.indexOf('@');
+    if (atIndex === -1) {
+        return {
+            inputWithoutFragment,
+            ref: decodeFragmentValue(fragment),
+        };
+    }
+    const ref = fragment.slice(0, atIndex);
+    const skillFilter = fragment.slice(atIndex + 1);
+    return {
+        inputWithoutFragment,
+        ref: ref ? decodeFragmentValue(ref) : undefined,
+        skillFilter: skillFilter ? decodeFragmentValue(skillFilter) : undefined,
+    };
+}
+function appendFragmentRef(input, ref, skillFilter) {
+    if (!ref) {
+        return input;
+    }
+    return `${input}#${ref}${skillFilter ? `@${skillFilter}` : ''}`;
+}
+export function parseSource(input) {
+    // Local path: absolute, relative, or current directory
+    if (isLocalPath(input)) {
+        const resolvedPath = resolve(input);
+        // Return local type even if path doesn't exist - we'll handle validation in main flow
+        return {
+            type: 'local',
+            url: resolvedPath, // Store resolved path in url for consistency
+            localPath: resolvedPath,
+        };
+    }
+    const { inputWithoutFragment, ref: fragmentRef, skillFilter: fragmentSkillFilter, } = parseFragmentRef(input);
+    input = inputWithoutFragment;
+    // Resolve source aliases before parsing
+    const alias = SOURCE_ALIASES[input];
+    if (alias) {
+        input = alias;
+    }
+    // Prefix shorthand: github:owner/repo -> owner/repo (handled by existing shorthand logic)
+    // Also supports github:owner/repo/subpath and github:owner/repo@skill
+    const githubPrefixMatch = input.match(/^github:(.+)$/);
+    if (githubPrefixMatch) {
+        return parseSource(appendFragmentRef(githubPrefixMatch[1], fragmentRef, fragmentSkillFilter));
+    }
+    // Prefix shorthand: gitlab:owner/repo -> https://gitlab.com/owner/repo
+    const gitlabPrefixMatch = input.match(/^gitlab:(.+)$/);
+    if (gitlabPrefixMatch) {
+        return parseSource(appendFragmentRef(`https://gitlab.com/${gitlabPrefixMatch[1]}`, fragmentRef, fragmentSkillFilter));
+    }
+    // GitHub URL with path: https://github.com/owner/repo/tree/branch/path/to/skill
+    const githubTreeWithPathMatch = input.match(/github\.com\/([^/]+)\/([^/]+)\/tree\/([^/]+)\/(.+)/);
+    if (githubTreeWithPathMatch) {
+        const [, owner, repo, ref, subpath] = githubTreeWithPathMatch;
+        return {
+            type: 'github',
+            url: `https://github.com/${owner}/${repo}.git`,
+            ref: ref || fragmentRef,
+            subpath: subpath ? sanitizeSubpath(subpath) : subpath,
+        };
+    }
+    // GitHub URL with branch only: https://github.com/owner/repo/tree/branch
+    const githubTreeMatch = input.match(/github\.com\/([^/]+)\/([^/]+)\/tree\/([^/]+)$/);
+    if (githubTreeMatch) {
+        const [, owner, repo, ref] = githubTreeMatch;
+        return {
+            type: 'github',
+            url: `https://github.com/${owner}/${repo}.git`,
+            ref: ref || fragmentRef,
+        };
+    }
+    // GitHub URL: https://github.com/owner/repo
+    const githubRepoMatch = input.match(/github\.com\/([^/]+)\/([^/]+)/);
+    if (githubRepoMatch) {
+        const [, owner, repo] = githubRepoMatch;
+        const cleanRepo = repo.replace(/\.git$/, '');
+        return {
+            type: 'github',
+            url: `https://github.com/${owner}/${cleanRepo}.git`,
+            ...(fragmentRef ? { ref: fragmentRef } : {}),
+        };
+    }
+    // GitLab URL with path (any GitLab instance): https://gitlab.com/owner/repo/-/tree/branch/path
+    // Key identifier is the "/-/tree/" path pattern unique to GitLab.
+    // Supports subgroups by using a non-greedy match for the repository path.
+    const gitlabTreeWithPathMatch = input.match(/^(https?):\/\/([^/]+)\/(.+?)\/-\/tree\/([^/]+)\/(.+)/);
+    if (gitlabTreeWithPathMatch) {
+        const [, protocol, hostname, repoPath, ref, subpath] = gitlabTreeWithPathMatch;
+        if (hostname !== 'github.com' && repoPath) {
+            return {
+                type: 'gitlab',
+                url: `${protocol}://${hostname}/${repoPath.replace(/\.git$/, '')}.git`,
+                ref: ref || fragmentRef,
+                subpath: subpath ? sanitizeSubpath(subpath) : subpath,
+            };
+        }
+    }
+    // GitLab URL with branch only (any GitLab instance): https://gitlab.com/owner/repo/-/tree/branch
+    const gitlabTreeMatch = input.match(/^(https?):\/\/([^/]+)\/(.+?)\/-\/tree\/([^/]+)$/);
+    if (gitlabTreeMatch) {
+        const [, protocol, hostname, repoPath, ref] = gitlabTreeMatch;
+        if (hostname !== 'github.com' && repoPath) {
+            return {
+                type: 'gitlab',
+                url: `${protocol}://${hostname}/${repoPath.replace(/\.git$/, '')}.git`,
+                ref: ref || fragmentRef,
+            };
+        }
+    }
+    // GitLab.com URL: https://gitlab.com/owner/repo or https://gitlab.com/group/subgroup/repo
+    // Only for the official gitlab.com domain for user convenience.
+    // Supports nested subgroups (e.g., gitlab.com/group/subgroup1/subgroup2/repo).
+    const gitlabRepoMatch = input.match(/gitlab\.com\/(.+?)(?:\.git)?\/?$/);
+    if (gitlabRepoMatch) {
+        const repoPath = gitlabRepoMatch[1];
+        // Must have at least owner/repo (one slash)
+        if (repoPath.includes('/')) {
+            return {
+                type: 'gitlab',
+                url: `https://gitlab.com/${repoPath}.git`,
+                ...(fragmentRef ? { ref: fragmentRef } : {}),
+            };
+        }
+    }
+    // GitHub shorthand: owner/repo, owner/repo/path/to/skill, or owner/repo@skill-name
+    // Exclude paths that start with . or / to avoid matching local paths
+    // First check for @skill syntax: owner/repo@skill-name
+    const atSkillMatch = input.match(/^([^/]+)\/([^/@]+)@(.+)$/);
+    if (atSkillMatch && !input.includes(':') && !input.startsWith('.') && !input.startsWith('/')) {
+        const [, owner, repo, skillFilter] = atSkillMatch;
+        return {
+            type: 'github',
+            url: `https://github.com/${owner}/${repo}.git`,
+            ...(fragmentRef ? { ref: fragmentRef } : {}),
+            skillFilter: fragmentSkillFilter || skillFilter,
+        };
+    }
+    const shorthandMatch = input.match(/^([^/]+)\/([^/]+)(?:\/(.+?))?\/?$/);
+    if (shorthandMatch && !input.includes(':') && !input.startsWith('.') && !input.startsWith('/')) {
+        const [, owner, repo, subpath] = shorthandMatch;
+        return {
+            type: 'github',
+            url: `https://github.com/${owner}/${repo}.git`,
+            ...(fragmentRef ? { ref: fragmentRef } : {}),
+            subpath: subpath ? sanitizeSubpath(subpath) : subpath,
+            ...(fragmentSkillFilter ? { skillFilter: fragmentSkillFilter } : {}),
+        };
+    }
+    // Well-known skills: arbitrary HTTP(S) URLs that aren't GitHub/GitLab
+    // This is the final fallback for URLs - we'll check for /.well-known/agent-skills/index.json
+    // then fall back to /.well-known/skills/index.json
+    if (isWellKnownUrl(input)) {
+        return {
+            type: 'well-known',
+            url: input,
+        };
+    }
+    // Fallback: treat as direct git URL
+    return {
+        type: 'git',
+        url: input,
+        ...(fragmentRef ? { ref: fragmentRef } : {}),
+    };
+}
+/**
+ * Check if a URL could be a well-known skills endpoint.
+ * Must be HTTP(S) and not a known git host (GitHub, GitLab).
+ * Also excludes URLs that look like git repos (.git suffix).
+ */
+function isWellKnownUrl(input) {
+    if (!input.startsWith('http://') && !input.startsWith('https://')) {
+        return false;
+    }
+    try {
+        const parsed = new URL(input);
+        // Exclude known git hosts that have their own handling
+        const excludedHosts = ['github.com', 'gitlab.com', 'raw.githubusercontent.com'];
+        if (excludedHosts.includes(parsed.hostname)) {
+            return false;
+        }
+        // Don't match URLs that look like git repos (should be handled by git type)
+        if (input.endsWith('.git')) {
+            return false;
+        }
+        return true;
+    }
+    catch {
+        return false;
+    }
+}