@rbbtsn0w/adg 0.1.0-alpha.1

package/vendor/skills/src/find.ts

@@ -0,0 +1,357 @@
+import * as readline from 'readline';
+import { runAdd, parseAddOptions } from './add.ts';
+import { sanitizeMetadata } from './sanitize.ts';
+import { track } from './telemetry.ts';
+import { isRepoPrivate } from './source-parser.ts';
+import { isRunningInAgent } from './detect-agent.ts';
+
+const RESET = '\x1b[0m';
+const BOLD = '\x1b[1m';
+const DIM = '\x1b[38;5;102m';
+const TEXT = '\x1b[38;5;145m';
+const CYAN = '\x1b[36m';
+const MAGENTA = '\x1b[35m';
+const YELLOW = '\x1b[33m';
+
+// API endpoint for skills search
+const SEARCH_API_BASE = process.env.SKILLS_API_URL || 'https://skills.sh';
+
+function formatInstalls(count: number): string {
+  if (!count || count <= 0) return '';
+  if (count >= 1_000_000) return `${(count / 1_000_000).toFixed(1).replace(/\.0$/, '')}M installs`;
+  if (count >= 1_000) return `${(count / 1_000).toFixed(1).replace(/\.0$/, '')}K installs`;
+  return `${count} install${count === 1 ? '' : 's'}`;
+}
+
+export interface SearchSkill {
+  name: string;
+  slug: string;
+  source: string;
+  installs: number;
+}
+
+// Search via API
+export async function searchSkillsAPI(query: string): Promise<SearchSkill[]> {
+  try {
+    const url = `${SEARCH_API_BASE}/api/search?q=${encodeURIComponent(query)}&limit=10`;
+    const res = await fetch(url);
+
+    if (!res.ok) return [];
+
+    const data = (await res.json()) as {
+      skills: Array<{
+        id: string;
+        name: string;
+        installs: number;
+        source: string;
+      }>;
+    };
+
+    return data.skills
+      .map((skill) => ({
+        name: sanitizeMetadata(skill.name),
+        slug: sanitizeMetadata(skill.id),
+        source: sanitizeMetadata(skill.source || ''),
+        installs: skill.installs,
+      }))
+      .sort((a, b) => (b.installs || 0) - (a.installs || 0));
+  } catch {
+    return [];
+  }
+}
+
+// ANSI escape codes for terminal control
+const HIDE_CURSOR = '\x1b[?25l';
+const SHOW_CURSOR = '\x1b[?25h';
+const CLEAR_DOWN = '\x1b[J';
+const MOVE_UP = (n: number) => `\x1b[${n}A`;
+const MOVE_TO_COL = (n: number) => `\x1b[${n}G`;
+
+// Custom fzf-style search prompt using raw readline
+async function runSearchPrompt(initialQuery = ''): Promise<SearchSkill | null> {
+  let results: SearchSkill[] = [];
+  let selectedIndex = 0;
+  let query = initialQuery;
+  let loading = false;
+  let debounceTimer: ReturnType<typeof setTimeout> | null = null;
+  let lastRenderedLines = 0;
+
+  // Enable raw mode for keypress events
+  if (process.stdin.isTTY) {
+    process.stdin.setRawMode(true);
+  }
+
+  // Setup readline for keypress events but don't let it echo
+  readline.emitKeypressEvents(process.stdin);
+
+  // Resume stdin to start receiving events
+  process.stdin.resume();
+
+  // Hide cursor during selection
+  process.stdout.write(HIDE_CURSOR);
+
+  function render(): void {
+    // Move cursor up to overwrite previous render
+    if (lastRenderedLines > 0) {
+      process.stdout.write(MOVE_UP(lastRenderedLines) + MOVE_TO_COL(1));
+    }
+
+    // Clear from cursor to end of screen (removes ghost trails)
+    process.stdout.write(CLEAR_DOWN);
+
+    const lines: string[] = [];
+
+    // Search input line with cursor
+    const cursor = `${BOLD}_${RESET}`;
+    lines.push(`${TEXT}Search skills:${RESET} ${query}${cursor}`);
+    lines.push('');
+
+    // Results - keep showing existing results while loading new ones
+    if (!query || query.length < 2) {
+      lines.push(`${DIM}Start typing to search (min 2 chars)${RESET}`);
+    } else if (results.length === 0 && loading) {
+      lines.push(`${DIM}Searching...${RESET}`);
+    } else if (results.length === 0) {
+      lines.push(`${DIM}No skills found${RESET}`);
+    } else {
+      const maxVisible = 8;
+      const visible = results.slice(0, maxVisible);
+
+      for (let i = 0; i < visible.length; i++) {
+        const skill = visible[i]!;
+        const isSelected = i === selectedIndex;
+        const arrow = isSelected ? `${BOLD}>${RESET}` : ' ';
+        const name = isSelected ? `${BOLD}${skill.name}${RESET}` : `${TEXT}${skill.name}${RESET}`;
+        const source = skill.source ? ` ${DIM}${skill.source}${RESET}` : '';
+        const installs = formatInstalls(skill.installs);
+        const installsBadge = installs ? ` ${CYAN}${installs}${RESET}` : '';
+        const loadingIndicator = loading && i === 0 ? ` ${DIM}...${RESET}` : '';
+
+        lines.push(`  ${arrow} ${name}${source}${installsBadge}${loadingIndicator}`);
+      }
+    }
+
+    lines.push('');
+    lines.push(`${DIM}up/down navigate | enter select | esc cancel${RESET}`);
+
+    // Write each line
+    for (const line of lines) {
+      process.stdout.write(line + '\n');
+    }
+
+    lastRenderedLines = lines.length;
+  }
+
+  function triggerSearch(q: string): void {
+    // Always clear any pending debounce timer
+    if (debounceTimer) {
+      clearTimeout(debounceTimer);
+      debounceTimer = null;
+    }
+
+    // Always reset loading state when starting a new search
+    loading = false;
+
+    if (!q || q.length < 2) {
+      results = [];
+      selectedIndex = 0;
+      render();
+      return;
+    }
+
+    // Use API search for all queries (debounced)
+    loading = true;
+    render();
+
+    // Adaptive debounce: shorter queries = longer wait (user still typing)
+    // 2 chars: 250ms, 3 chars: 200ms, 4 chars: 150ms, 5+ chars: 150ms
+    const debounceMs = Math.max(150, 350 - q.length * 50);
+
+    debounceTimer = setTimeout(async () => {
+      try {
+        results = await searchSkillsAPI(q);
+        selectedIndex = 0;
+      } catch {
+        results = [];
+      } finally {
+        loading = false;
+        debounceTimer = null;
+        render();
+      }
+    }, debounceMs);
+  }
+
+  // Trigger initial search if there's a query, then render
+  if (initialQuery) {
+    triggerSearch(initialQuery);
+  }
+  render();
+
+  return new Promise((resolve) => {
+    function cleanup(): void {
+      process.stdin.removeListener('keypress', handleKeypress);
+      if (process.stdin.isTTY) {
+        process.stdin.setRawMode(false);
+      }
+      process.stdout.write(SHOW_CURSOR);
+      // Pause stdin to fully release it for child processes
+      process.stdin.pause();
+    }
+
+    function handleKeypress(_ch: string | undefined, key: readline.Key): void {
+      if (!key) return;
+
+      if (key.name === 'escape' || (key.ctrl && key.name === 'c')) {
+        // Cancel
+        cleanup();
+        resolve(null);
+        return;
+      }
+
+      if (key.name === 'return') {
+        // Submit
+        cleanup();
+        resolve(results[selectedIndex] || null);
+        return;
+      }
+
+      if (key.name === 'up') {
+        selectedIndex = Math.max(0, selectedIndex - 1);
+        render();
+        return;
+      }
+
+      if (key.name === 'down') {
+        selectedIndex = Math.min(Math.max(0, results.length - 1), selectedIndex + 1);
+        render();
+        return;
+      }
+
+      if (key.name === 'backspace') {
+        if (query.length > 0) {
+          query = query.slice(0, -1);
+          triggerSearch(query);
+        }
+        return;
+      }
+
+      // Regular character input
+      if (key.sequence && !key.ctrl && !key.meta && key.sequence.length === 1) {
+        const char = key.sequence;
+        if (char >= ' ' && char <= '~') {
+          query += char;
+          triggerSearch(query);
+        }
+      }
+    }
+
+    process.stdin.on('keypress', handleKeypress);
+  });
+}
+
+// Parse owner/repo from a package string (for the find command)
+function getOwnerRepoFromString(pkg: string): { owner: string; repo: string } | null {
+  // Handle owner/repo or owner/repo@skill
+  const atIndex = pkg.lastIndexOf('@');
+  const repoPath = atIndex > 0 ? pkg.slice(0, atIndex) : pkg;
+  const match = repoPath.match(/^([^/]+)\/([^/]+)$/);
+  if (match) {
+    return { owner: match[1]!, repo: match[2]! };
+  }
+  return null;
+}
+
+async function isRepoPublic(owner: string, repo: string): Promise<boolean> {
+  const isPrivate = await isRepoPrivate(owner, repo);
+  // Return true only if we know it's public (isPrivate === false)
+  // Return false if private or unable to determine
+  return isPrivate === false;
+}
+
+export async function runFind(args: string[]): Promise<void> {
+  const query = args.join(' ');
+  const isNonInteractive = !process.stdin.isTTY;
+  const agentTip = `${DIM}Tip: if running in a coding agent, follow these steps:${RESET}
+${DIM}  1) npx skills find [query]${RESET}
+${DIM}  2) npx skills add <owner/repo@skill>${RESET}`;
+
+  // Non-interactive mode: just print results and exit
+  if (query) {
+    const results = await searchSkillsAPI(query);
+
+    // Track telemetry for non-interactive search
+    track({
+      event: 'find',
+      query,
+      resultCount: String(results.length),
+    });
+
+    if (results.length === 0) {
+      console.log(`${DIM}No skills found for "${query}"${RESET}`);
+      return;
+    }
+
+    console.log(`${DIM}Install with${RESET} npx skills add <owner/repo@skill>`);
+    console.log();
+
+    for (const skill of results.slice(0, 6)) {
+      const pkg = skill.source || skill.slug;
+      const installs = formatInstalls(skill.installs);
+      console.log(
+        `${TEXT}${pkg}@${skill.name}${RESET}${installs ? ` ${CYAN}${installs}${RESET}` : ''}`
+      );
+      console.log(`${DIM}└ https://skills.sh/${skill.slug}${RESET}`);
+      console.log();
+    }
+    return;
+  }
+
+  // Skip interactive search when running inside an AI agent or non-TTY
+  if (isNonInteractive || (await isRunningInAgent())) {
+    console.log(agentTip);
+    console.log();
+    console.log(`${DIM}Usage: npx skills find <query>${RESET}`);
+    return;
+  }
+
+  const selected = await runSearchPrompt();
+
+  // Track telemetry for interactive search
+  track({
+    event: 'find',
+    query: '',
+    resultCount: selected ? '1' : '0',
+    interactive: '1',
+  });
+
+  if (!selected) {
+    console.log(`${DIM}Search cancelled${RESET}`);
+    console.log();
+    return;
+  }
+
+  // Use source (owner/repo) and skill name for installation
+  const pkg = selected.source || selected.slug;
+  const skillName = selected.name;
+
+  console.log();
+  console.log(`${TEXT}Installing ${BOLD}${skillName}${RESET} from ${DIM}${pkg}${RESET}...`);
+  console.log();
+
+  // Run add directly since we're in the same CLI
+  const { source, options } = parseAddOptions([pkg, '--skill', skillName]);
+  await runAdd(source, options);
+
+  console.log();
+
+  const info = getOwnerRepoFromString(pkg);
+  if (info && (await isRepoPublic(info.owner, info.repo))) {
+    console.log(
+      `${DIM}View the skill at${RESET} ${TEXT}https://skills.sh/${selected.slug}${RESET}`
+    );
+  } else {
+    console.log(`${DIM}Discover more skills at${RESET} ${TEXT}https://skills.sh${RESET}`);
+  }
+
+  console.log();
+}

package/vendor/skills/src/frontmatter.ts

@@ -0,0 +1,16 @@
+import { parse as parseYaml } from 'yaml';
+
+/**
+ * Minimal frontmatter parser. Only supports YAML (the `---` delimiter).
+ * Does NOT support `---js` / `---javascript` to avoid eval()-based RCE
+ * that exists in gray-matter's built-in JS engine.
+ */
+export function parseFrontmatter(raw: string): {
+  data: Record<string, unknown>;
+  content: string;
+} {
+  const match = raw.match(/^---\r?\n([\s\S]*?)\r?\n---\r?\n?([\s\S]*)$/);
+  if (!match) return { data: {}, content: raw };
+  const data = (parseYaml(match[1]!) as Record<string, unknown>) ?? {};
+  return { data, content: match[2] ?? '' };
+}

package/vendor/skills/src/git-tree.ts

@@ -0,0 +1,36 @@
+import { execFile } from 'node:child_process';
+import { promisify } from 'node:util';
+
+const execFileAsync = promisify(execFile);
+
+/**
+ * ADG-added file (see vendor/skills/PROVENANCE.md → Local patches).
+ *
+ * Return the git *tree object SHA* for a folder inside a freshly cloned repo —
+ * the SAME 40-hex value GitHub's Trees API returns and that
+ * `getSkillFolderHashFromTree` (blob.ts) compares against at update time.
+ *
+ * Used by `add.ts` so a github source that fell back to a `git clone` at install
+ * still records a tree SHA, not a sha256 content hash. Otherwise the install and
+ * update hashing schemes diverge and every update perpetually re-flags the skill
+ * (the bug that made a collection repo "fully update" on every run).
+ *
+ * `folder === ''` means the repo root. Returns null if git can't resolve it.
+ *
+ * Deliberately uses `child_process` rather than simple-git: this keeps the file
+ * free of simple-git's typings, which don't satisfy ADG's strict tsconfig when a
+ * test pulls the module into the typecheck graph.
+ */
+export async function gitTreeShaForFolder(
+  repoDir: string,
+  folder: string
+): Promise<string | null> {
+  const spec = folder ? `HEAD:${folder}` : 'HEAD^{tree}';
+  try {
+    const { stdout } = await execFileAsync('git', ['-C', repoDir, 'rev-parse', spec]);
+    const sha = stdout.trim();
+    return /^[0-9a-f]{40}$/.test(sha) ? sha : null;
+  } catch {
+    return null;
+  }
+}

package/vendor/skills/src/git.ts

@@ -0,0 +1,277 @@
+// ADG patch: named import. The default import is not callable under the root
+// tsconfig (NodeNext + verbatimModuleSyntax, no esModuleInterop); simple-git
+// exposes `simpleGit` as a named export. See vendor/skills/PROVENANCE.md.
+import { simpleGit } from 'simple-git';
+import { join, normalize, resolve, sep } from 'path';
+import { mkdtemp, mkdir, rm } from 'fs/promises';
+import { tmpdir } from 'os';
+import { execFile } from 'child_process';
+import { promisify } from 'util';
+
+const DEFAULT_CLONE_TIMEOUT_MS = 300_000; // 5 minutes
+const CLONE_TIMEOUT_MS = (() => {
+  const raw = process.env.SKILLS_CLONE_TIMEOUT_MS;
+  if (!raw) return DEFAULT_CLONE_TIMEOUT_MS;
+  const parsed = Number.parseInt(raw, 10);
+  return Number.isFinite(parsed) && parsed > 0 ? parsed : DEFAULT_CLONE_TIMEOUT_MS;
+})();
+const execFileAsync = promisify(execFile);
+
+interface GitHubRepoInfo {
+  owner: string;
+  repo: string;
+  slug: string;
+  sshUrl: string;
+}
+
+export class GitCloneError extends Error {
+  readonly url: string;
+  readonly isTimeout: boolean;
+  readonly isAuthError: boolean;
+
+  constructor(message: string, url: string, isTimeout = false, isAuthError = false) {
+    super(message);
+    this.name = 'GitCloneError';
+    this.url = url;
+    this.isTimeout = isTimeout;
+    this.isAuthError = isAuthError;
+  }
+}
+
+export function parseGitHubRepoUrl(url: string): GitHubRepoInfo | null {
+  const sshMatch = url.match(/^git@github\.com:([^/]+)\/([^/]+?)(?:\.git)?$/i);
+  if (sshMatch) {
+    const owner = sshMatch[1]!;
+    const repo = sshMatch[2]!;
+    return {
+      owner,
+      repo,
+      slug: `${owner}/${repo}`,
+      sshUrl: `git@github.com:${owner}/${repo}.git`,
+    };
+  }
+
+  try {
+    const parsed = new URL(url);
+    if (parsed.hostname !== 'github.com') return null;
+
+    const match = parsed.pathname.match(/^\/([^/]+)\/([^/]+?)(?:\.git)?\/?$/);
+    if (!match) return null;
+
+    const owner = match[1]!;
+    const repo = match[2]!;
+    return {
+      owner,
+      repo,
+      slug: `${owner}/${repo}`,
+      sshUrl: `git@github.com:${owner}/${repo}.git`,
+    };
+  } catch {
+    return null;
+  }
+}
+
+export function isGitHubHttpsCloneUrl(url: string): boolean {
+  try {
+    const parsed = new URL(url);
+    return parsed.protocol === 'https:' && parsed.hostname === 'github.com';
+  } catch {
+    return false;
+  }
+}
+
+export function isGitHubSsoAuthError(message: string): boolean {
+  const lower = message.toLowerCase();
+  return (
+    lower.includes('saml sso') ||
+    lower.includes('enforced sso') ||
+    lower.includes('enabled or enforced saml') ||
+    lower.includes('re-authorize the oauth application')
+  );
+}
+
+function isAuthFailure(message: string): boolean {
+  return (
+    message.includes('Authentication failed') ||
+    message.includes('could not read Username') ||
+    message.includes('Permission denied') ||
+    message.includes('Repository not found') ||
+    message.includes('requested URL returned error: 403') ||
+    isGitHubSsoAuthError(message)
+  );
+}
+
+function createGitClient(extraEnv?: NodeJS.ProcessEnv) {
+  return simpleGit({
+    timeout: { block: CLONE_TIMEOUT_MS },
+    // When git-lfs is NOT installed, GIT_LFS_SKIP_SMUDGE has no effect —
+    // git sees `filter=lfs` in .gitattributes, tries to run
+    // `git-lfs filter-process`, and aborts the checkout with:
+    //   git-lfs filter-process: git-lfs: command not found
+    //   fatal: the remote end hung up unexpectedly
+    //   warning: Clone succeeded, but checkout failed.
+    // Overriding filter.lfs.* at the command level disables the filter
+    // entirely for this clone, so checkout succeeds regardless of whether
+    // git-lfs is installed. LFS-tracked files are left as ~130-byte
+    // pointer files, which the skills installer doesn't read anyway
+    // (skills are plain text — HTML/MD/JSON — never LFS-tracked).
+    //
+    // Reported downstream: heygen-com/hyperframes#407.
+    config: [
+      'filter.lfs.required=false',
+      'filter.lfs.smudge=',
+      'filter.lfs.clean=',
+      'filter.lfs.process=',
+    ],
+    // ADG patch: simple-git >=3.36 blocks `filter.*.smudge/clean` configs (an RCE
+    // vector via a malicious filter command) unless explicitly allowed, failing
+    // every clone with "Configuring filter.smudge is not permitted without
+    // enabling allowUnsafeFilter". Here the filters are set to EMPTY — we are
+    // *disabling* the LFS filter, not running one — so opting in is safe and is
+    // exactly the intent of the config above. See vendor/skills/PROVENANCE.md.
+    unsafe: {
+      allowUnsafeFilter: true,
+    },
+    // ADG patch: env must be applied via `.env()`, not as a constructor option.
+    // simple-git's factory only reads baseDir/maxConcurrentProcesses/trimmed from
+    // the options object and silently drops `env`, so the GIT_TERMINAL_PROMPT /
+    // GIT_LFS_SKIP_SMUDGE / GIT_SSH_COMMAND overrides below never reached the
+    // spawned git before this. See vendor/skills/PROVENANCE.md.
+  }).env({
+    ...process.env,
+    GIT_TERMINAL_PROMPT: '0',
+    // When git-lfs IS installed, tell it not to download LFS content during
+    // checkout. See #952 for context and empirical impact.
+    GIT_LFS_SKIP_SMUDGE: '1',
+    ...extraEnv,
+  });
+}
+
+async function resetTempDir(dir: string): Promise<void> {
+  await rm(dir, { recursive: true, force: true }).catch(() => {});
+  await mkdir(dir, { recursive: true });
+}
+
+async function tryGhClone(repo: GitHubRepoInfo, tempDir: string, ref?: string): Promise<boolean> {
+  let cloneTarget = repo.slug;
+
+  try {
+    const { stdout, stderr } = await execFileAsync('gh', ['auth', 'status', '-h', 'github.com'], {
+      timeout: 5000,
+      env: { ...process.env, GIT_TERMINAL_PROMPT: '0' },
+    });
+    const statusOutput = `${stdout}${stderr}`;
+    if (/Git operations protocol:\s+ssh/i.test(statusOutput)) {
+      cloneTarget = repo.sshUrl;
+    }
+  } catch {
+    return false;
+  }
+
+  const gitFlags = ref ? ['--depth=1', '--branch', ref] : ['--depth=1'];
+  await execFileAsync('gh', ['repo', 'clone', cloneTarget, tempDir, '--', ...gitFlags], {
+    timeout: CLONE_TIMEOUT_MS,
+    env: { ...process.env, GIT_TERMINAL_PROMPT: '0' },
+  });
+  return true;
+}
+
+function buildGitHubAuthError(url: string, repo: GitHubRepoInfo | null, message: string): string {
+  if (repo && isGitHubSsoAuthError(message)) {
+    return (
+      `GitHub blocked HTTPS access to ${url} because the organization enforces SAML SSO.\n` +
+      `  skills tried your existing git credentials and available fallbacks, but none succeeded.\n` +
+      `  - Re-authorize your GitHub credentials/app for that org's SSO policy\n` +
+      `  - Or rerun with SSH: npx skills add ${repo.sshUrl}\n` +
+      `  - Verify access with: gh auth status -h github.com or ssh -T git@github.com`
+    );
+  }
+
+  if (repo) {
+    return (
+      `Authentication failed for ${url}.\n` +
+      `  - For private repos, ensure you have access\n` +
+      `  - Retry with SSH: npx skills add ${repo.sshUrl}\n` +
+      `  - Check access with: gh auth status -h github.com or ssh -T git@github.com`
+    );
+  }
+
+  return (
+    `Authentication failed for ${url}.\n` +
+    `  - For private repos, ensure you have access\n` +
+    `  - For SSH: Check your keys with 'ssh -T git@github.com'\n` +
+    `  - For HTTPS: Run 'gh auth login' or configure git credentials`
+  );
+}
+
+export async function cloneRepo(url: string, ref?: string): Promise<string> {
+  const tempDir = await mkdtemp(join(tmpdir(), 'skills-'));
+  const cloneOptions = ref ? ['--depth', '1', '--branch', ref] : ['--depth', '1'];
+  const repo = parseGitHubRepoUrl(url);
+
+  try {
+    await createGitClient().clone(url, tempDir, cloneOptions);
+    return tempDir;
+  } catch (error) {
+    const errorMessage = error instanceof Error ? error.message : String(error);
+    const isTimeout = errorMessage.includes('block timeout') || errorMessage.includes('timed out');
+    const isAuthError = isAuthFailure(errorMessage);
+
+    if (isTimeout) {
+      await rm(tempDir, { recursive: true, force: true }).catch(() => {});
+      const seconds = Math.round(CLONE_TIMEOUT_MS / 1000);
+      throw new GitCloneError(
+        `Clone timed out after ${seconds}s. Common causes:\n` +
+          `  - Large repository: raise the timeout with SKILLS_CLONE_TIMEOUT_MS=600000 (10m)\n` +
+          `  - Slow network: retry, or clone manually and pass the local path to 'skills add'\n` +
+          `  - Private repo without credentials: ensure auth is configured\n` +
+          `      - For SSH: ssh-add -l (to check loaded keys)\n` +
+          `      - For HTTPS: gh auth status (if using GitHub CLI)`,
+        url,
+        true,
+        false
+      );
+    }
+
+    if (isAuthError && repo && isGitHubHttpsCloneUrl(url)) {
+      try {
+        await resetTempDir(tempDir);
+        if (await tryGhClone(repo, tempDir, ref)) {
+          return tempDir;
+        }
+      } catch {
+        // Fall through to SSH retry.
+      }
+
+      try {
+        await resetTempDir(tempDir);
+        await createGitClient({
+          GIT_SSH_COMMAND: process.env.GIT_SSH_COMMAND ?? 'ssh -o BatchMode=yes',
+        }).clone(repo.sshUrl, tempDir, cloneOptions);
+        return tempDir;
+      } catch {
+        // Fall through to the targeted auth error below.
+      }
+    }
+
+    await rm(tempDir, { recursive: true, force: true }).catch(() => {});
+
+    if (isAuthError) {
+      throw new GitCloneError(buildGitHubAuthError(url, repo, errorMessage), url, false, true);
+    }
+
+    throw new GitCloneError(`Failed to clone ${url}: ${errorMessage}`, url, false, false);
+  }
+}
+
+export async function cleanupTempDir(dir: string): Promise<void> {
+  // Validate that the directory path is within tmpdir to prevent deletion of arbitrary paths
+  const normalizedDir = normalize(resolve(dir));
+  const normalizedTmpDir = normalize(resolve(tmpdir()));
+
+  if (!normalizedDir.startsWith(normalizedTmpDir + sep) && normalizedDir !== normalizedTmpDir) {
+    throw new Error('Attempted to clean up directory outside of temp directory');
+  }
+
+  await rm(dir, { recursive: true, force: true });
+}