npm - @shnitzel/plugscout - Versions diffs - 0.3.1 - Mend

@shnitzel/plugscout 0.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (201) hide show

package/dist/catalog/adapters/openai-skills-github-v1.js ADDED Viewed

@@ -0,0 +1,100 @@
+import { dedupe, readString } from './shared.js';
+export function adaptOpenAiSkillsGitHubEntries(sourceId, entries) {
+    return entries
+        .map((entry) => mapGitHubSkillEntry(sourceId, entry))
+        .filter((entry) => entry !== null);
+}
+function mapGitHubSkillEntry(sourceId, entry) {
+    if (!entry || typeof entry !== 'object' || Array.isArray(entry)) {
+        return null;
+    }
+    const record = entry;
+    const type = readString(record, ['type'])?.toLowerCase();
+    const path = readString(record, ['path']) ?? '';
+    const slug = readString(record, ['name']) ?? path.split('/').at(-1);
+    if (!slug || type !== 'dir') {
+        return null;
+    }
+    if (path && !/^skills\/\.curated\/[^/]+$/.test(path)) {
+        return null;
+    }
+    const normalizedSlug = slug.trim().toLowerCase();
+    const htmlUrl = readString(record, ['html_url']) ?? `https://github.com/openai/skills/tree/main/skills/.curated/${normalizedSlug}`;
+    const capabilityHints = inferCapabilitiesFromSlug(normalizedSlug);
+    return {
+        id: normalizedSlug.startsWith('skill:') ? normalizedSlug : `skill:${normalizedSlug}`,
+        kind: 'skill',
+        provider: 'openai',
+        name: toTitle(normalizedSlug),
+        description: `OpenAI curated Codex skill: ${normalizedSlug}.`,
+        capabilities: capabilityHints,
+        compatibility: inferCompatibilityFromSlug(normalizedSlug),
+        source: sourceId,
+        install: {
+            kind: 'manual',
+            instructions: `Install with skill-installer from openai/skills path skills/.curated/${normalizedSlug}`,
+            url: htmlUrl
+        },
+        adoptionSignal: 72,
+        maintenanceSignal: 82,
+        provenanceSignal: 96,
+        freshnessSignal: 80,
+        securitySignals: {
+            knownVulnerabilities: 0,
+            suspiciousPatterns: 0,
+            injectionFindings: 0,
+            exfiltrationSignals: 0,
+            integrityAlerts: 0
+        },
+        metadata: {
+            githubPath: path || `skills/.curated/${normalizedSlug}`,
+            githubUrl: htmlUrl
+        }
+    };
+}
+function inferCapabilitiesFromSlug(slug) {
+    const tokens = slug.split(/[-_/]/g).filter(Boolean);
+    const capabilities = [];
+    if (tokens.some((token) => ['security', 'threat', 'ownership'].includes(token))) {
+        capabilities.push('security');
+    }
+    if (tokens.some((token) => ['deploy', 'release', 'render', 'vercel', 'netlify', 'cloudflare'].includes(token))) {
+        capabilities.push('automation');
+    }
+    if (tokens.some((token) => ['docs', 'document', 'spec', 'meeting', 'knowledge', 'notion', 'linear'].includes(token))) {
+        capabilities.push('docs');
+    }
+    if (tokens.some((token) => ['playwright', 'screenshot', 'web', 'browser'].includes(token))) {
+        capabilities.push('browser-control');
+    }
+    if (tokens.some((token) => ['speech', 'transcribe', 'sora', 'imagegen', 'pdf', 'spreadsheet'].includes(token))) {
+        capabilities.push('content');
+    }
+    if (capabilities.length === 0) {
+        capabilities.push('automation');
+    }
+    return dedupe(capabilities);
+}
+function inferCompatibilityFromSlug(slug) {
+    const compatibility = ['general'];
+    if (slug.includes('github') || slug.includes('gh-')) {
+        compatibility.push('github');
+    }
+    if (slug.includes('notion')) {
+        compatibility.push('notion');
+    }
+    if (slug.includes('linear')) {
+        compatibility.push('linear');
+    }
+    if (slug.includes('playwright') || slug.includes('web-game')) {
+        compatibility.push('node');
+    }
+    return dedupe(compatibility);
+}
+function toTitle(slug) {
+    return slug
+        .split(/[-_/]/g)
+        .filter(Boolean)
+        .map((part) => part[0].toUpperCase() + part.slice(1))
+        .join(' ');
+}

package/dist/catalog/adapters/openai-skills-v1.js ADDED Viewed

@@ -0,0 +1,48 @@
+import { dedupe, extractStringArray, readNestedString, readNestedStringArray, readString, toCount, toScore } from './shared.js';
+export function adaptOpenAiSkillsEntries(sourceId, entries) {
+    return entries
+        .map((entry) => mapOpenAiSkillEntry(sourceId, entry))
+        .filter((entry) => entry !== null);
+}
+function mapOpenAiSkillEntry(sourceId, entry) {
+    if (!entry || typeof entry !== 'object' || Array.isArray(entry)) {
+        return null;
+    }
+    const record = entry;
+    const slug = readString(record, ['slug', 'id', 'name']);
+    if (!slug) {
+        return null;
+    }
+    const name = readString(record, ['title', 'name']) ?? slug;
+    const description = readString(record, ['description', 'summary']) ?? `Skill ${name}`;
+    const capabilities = dedupe(extractStringArray(record, ['capabilities', 'tags']).concat(extractStringArray(record, ['features'])));
+    const compatibility = dedupe(extractStringArray(record, ['compatibility', 'runtimes']).concat(extractStringArray(record, ['frameworks'])));
+    const installTarget = readNestedString(record, ['install', 'target']) ?? readString(record, ['package', 'name']) ?? slug;
+    const installArgs = readNestedStringArray(record, ['install', 'args']);
+    return {
+        id: slug.startsWith('skill:') ? slug : `skill:${slug}`,
+        kind: 'skill',
+        provider: 'openai',
+        name,
+        description,
+        capabilities,
+        compatibility: compatibility.length > 0 ? compatibility : ['general'],
+        source: sourceId,
+        install: {
+            kind: 'skill.sh',
+            target: installTarget,
+            args: installArgs
+        },
+        adoptionSignal: toScore(record.adoptionSignal),
+        maintenanceSignal: toScore(record.maintenanceSignal),
+        provenanceSignal: toScore(record.provenanceSignal, 75),
+        freshnessSignal: toScore(record.freshnessSignal, 55),
+        securitySignals: {
+            knownVulnerabilities: toCount(record.knownVulnerabilities),
+            suspiciousPatterns: toCount(record.suspiciousPatterns),
+            injectionFindings: toCount(record.injectionFindings),
+            exfiltrationSignals: toCount(record.exfiltrationSignals),
+            integrityAlerts: toCount(record.integrityAlerts)
+        }
+    };
+}

package/dist/catalog/adapters/shared.js ADDED Viewed

@@ -0,0 +1,94 @@
+export function dedupe(values) {
+    return Array.from(new Set(values.filter((value) => value.trim().length > 0))).sort((a, b) => a.localeCompare(b));
+}
+export function extractStringArray(record, keys) {
+    for (const key of keys) {
+        const value = record[key];
+        if (!Array.isArray(value)) {
+            continue;
+        }
+        return value
+            .filter((item) => typeof item === 'string' && item.trim().length > 0)
+            .map((item) => item.trim());
+    }
+    return [];
+}
+export function readString(record, keys) {
+    for (const key of keys) {
+        const value = record[key];
+        if (typeof value === 'string' && value.trim().length > 0) {
+            return value.trim();
+        }
+    }
+    return undefined;
+}
+export function readNestedString(record, path) {
+    let current = record;
+    for (const key of path) {
+        if (!current || typeof current !== 'object' || Array.isArray(current)) {
+            return undefined;
+        }
+        current = current[key];
+    }
+    return typeof current === 'string' && current.trim().length > 0 ? current.trim() : undefined;
+}
+export function readNestedStringArray(record, path) {
+    let current = record;
+    for (const key of path) {
+        if (!current || typeof current !== 'object' || Array.isArray(current)) {
+            return [];
+        }
+        current = current[key];
+    }
+    if (!Array.isArray(current)) {
+        return [];
+    }
+    return current
+        .filter((value) => typeof value === 'string' && value.trim().length > 0)
+        .map((value) => value.trim());
+}
+export function toScore(value, fallback = 50) {
+    const parsed = typeof value === 'number' ? value : Number(value);
+    if (!Number.isFinite(parsed)) {
+        return fallback;
+    }
+    return Math.max(0, Math.min(100, parsed));
+}
+export function toCount(value) {
+    const parsed = typeof value === 'number' ? value : Number(value);
+    if (!Number.isFinite(parsed) || parsed < 0) {
+        return 0;
+    }
+    return Math.floor(parsed);
+}
+export function slugify(value) {
+    return value
+        .trim()
+        .toLowerCase()
+        .replace(/[^a-z0-9]+/g, '-')
+        .replace(/^-+|-+$/g, '');
+}
+export function stripHtml(value, maxLength = 240) {
+    const withoutTags = value.replace(/<script[\s\S]*?<\/script>/gi, ' ').replace(/<[^>]+>/g, ' ');
+    const normalized = withoutTags.replace(/&nbsp;/g, ' ').replace(/\s+/g, ' ').trim();
+    return normalized.slice(0, maxLength);
+}
+export function sanitizeUrl(value, allowedHosts) {
+    if (!value) {
+        return undefined;
+    }
+    try {
+        const parsed = new URL(value.trim());
+        if (parsed.protocol !== 'https:') {
+            return undefined;
+        }
+        const hostname = parsed.hostname.toLowerCase();
+        if (!allowedHosts.some((host) => hostname === host || hostname.endsWith(`.${host}`))) {
+            return undefined;
+        }
+        return parsed.toString();
+    }
+    catch {
+        return undefined;
+    }
+}

package/dist/catalog/remote-registry.js ADDED Viewed

@@ -0,0 +1,196 @@
+import { logger } from '../lib/logger.js';
+const SAFE_REMOTE_HOSTS = [
+    'claude.com',
+    'www.anthropic.com',
+    'raw.githubusercontent.com',
+    'github.com',
+    'registry.modelcontextprotocol.io'
+];
+export async function resolveRegistryEntries(registry, options = {}, fetchImpl = fetch) {
+    if (process.env.SKILLS_MCPS_SYNC_OFFLINE === '1') {
+        return { entries: registry.entries, source: 'local' };
+    }
+    if (!registry.remote) {
+        return { entries: registry.entries, source: 'local' };
+    }
+    if (registry.remote.authEnv) {
+        const token = process.env[registry.remote.authEnv];
+        if (!token && registry.entries.length > 0) {
+            logger.info(`Remote registry ${registry.id} requires ${registry.remote.authEnv}; using ${registry.entries.length} local fallback entries`);
+            return { entries: registry.entries, source: 'local' };
+        }
+    }
+    try {
+        const parsed = await fetchRemoteRegistryEntries(registry, options, fetchImpl);
+        if (parsed.length === 0 && registry.entries.length > 0) {
+            const level = options.updatedSince ? 'info' : 'warn';
+            const reason = options.updatedSince ? 'returned no updates' : 'returned no entries';
+            logger[level](`Remote registry ${registry.id} ${reason}; using ${registry.entries.length} local fallback entries`);
+            return { entries: registry.entries, source: 'local' };
+        }
+        return { entries: parsed, source: 'remote' };
+    }
+    catch (error) {
+        if (registry.remote.fallbackToLocal && registry.entries.length > 0) {
+            logger.warn(`Remote registry ${registry.id} fetch failed (${summarizeError(error)}); using ${registry.entries.length} local fallback entries`);
+            return { entries: registry.entries, source: 'local' };
+        }
+        throw error;
+    }
+}
+export async function fetchRemoteRegistryEntries(registry, options = {}, fetchImpl = fetch) {
+    if (!registry.remote) {
+        throw new Error(`Registry ${registry.id} has no remote definition`);
+    }
+    validateRemoteHost(registry);
+    const allEntries = [];
+    let cursor;
+    do {
+        const payload = await fetchRemoteRegistryPayload(registry, fetchImpl, {
+            cursor,
+            updatedSince: options.updatedSince
+        });
+        const parsed = extractEntries(payload, registry.remote.format, registry.remote.entryPath, registry.kind);
+        allEntries.push(...parsed);
+        cursor = resolveNextCursor(payload, registry.remote.pagination?.nextCursorPath);
+    } while (cursor && registry.remote.pagination);
+    return allEntries;
+}
+async function fetchRemoteRegistryPayload(registry, fetchImpl, params) {
+    const remote = registry.remote;
+    if (!remote) {
+        throw new Error(`Registry ${registry.id} has no remote definition`);
+    }
+    const headers = {
+        Accept: remote.format === 'html' ? 'text/html' : 'application/json'
+    };
+    if (remote.authEnv) {
+        const token = process.env[remote.authEnv];
+        if (token) {
+            headers.Authorization = `Bearer ${token}`;
+        }
+    }
+    const controller = new AbortController();
+    const timeoutMs = remote.timeoutMs;
+    const timer = setTimeout(() => controller.abort(), timeoutMs);
+    try {
+        const url = buildRemoteUrl(remote, params);
+        const response = await fetchImpl(url, {
+            method: 'GET',
+            headers,
+            signal: controller.signal
+        });
+        if (!response.ok) {
+            throw new Error(`Remote registry ${registry.id} request failed with ${response.status} ${response.statusText}`);
+        }
+        if (remote.format === 'html') {
+            if (!response.text) {
+                throw new Error(`Remote registry ${registry.id} expected text() response handler`);
+            }
+            return response.text();
+        }
+        return response.json();
+    }
+    finally {
+        clearTimeout(timer);
+    }
+}
+export function extractEntries(payload, format, entryPath, kind) {
+    if (format === 'json-array') {
+        if (!Array.isArray(payload)) {
+            throw new Error('Expected remote payload to be an array');
+        }
+        return payload;
+    }
+    if (format === 'html') {
+        if (typeof payload !== 'string') {
+            throw new Error('Expected remote payload to be a string for html format');
+        }
+        return [payload];
+    }
+    if (!payload || typeof payload !== 'object' || Array.isArray(payload)) {
+        throw new Error('Expected remote payload to be an object for catalog-json format');
+    }
+    const base = payload;
+    const defaultKey = defaultCatalogKeyByKind(kind);
+    const resolved = entryPath ? resolveByPath(base, entryPath) : base[defaultKey];
+    if (!Array.isArray(resolved)) {
+        throw new Error(`Expected resolved catalog entries to be an array at path: ${entryPath ?? defaultKey}`);
+    }
+    return resolved;
+}
+function defaultCatalogKeyByKind(kind) {
+    if (kind === 'mcp') {
+        return 'mcps';
+    }
+    if (kind === 'claude-plugin') {
+        return 'plugins';
+    }
+    if (kind === 'claude-connector') {
+        return 'connectors';
+    }
+    if (kind === 'copilot-extension') {
+        return 'extensions';
+    }
+    return 'skills';
+}
+function resolveByPath(value, path) {
+    const segments = path.split('.').filter((segment) => segment.length > 0);
+    let current = value;
+    for (const segment of segments) {
+        if (!current || typeof current !== 'object' || Array.isArray(current)) {
+            return undefined;
+        }
+        current = current[segment];
+    }
+    return current;
+}
+function resolveNextCursor(payload, path = 'next_cursor') {
+    if (!payload || typeof payload !== 'object' || Array.isArray(payload)) {
+        return undefined;
+    }
+    const resolved = resolveByPath(payload, path);
+    return typeof resolved === 'string' && resolved.trim().length > 0 ? resolved : undefined;
+}
+function buildRemoteUrl(remote, params) {
+    const url = new URL(remote.url);
+    if (remote.supportsUpdatedSince && params.updatedSince) {
+        url.searchParams.set(remote.updatedSinceParam, params.updatedSince);
+    }
+    if (remote.pagination?.limitParam && remote.pagination.limit) {
+        url.searchParams.set(remote.pagination.limitParam, String(remote.pagination.limit));
+    }
+    if (remote.pagination && params.cursor) {
+        url.searchParams.set(remote.pagination.cursorParam, params.cursor);
+    }
+    return url.toString();
+}
+function summarizeError(error) {
+    if (error instanceof Error && error.message.trim().length > 0) {
+        return error.message;
+    }
+    return 'unknown error';
+}
+function validateRemoteHost(registry) {
+    if (!registry.remote || !requiresSafeHostAllowlist(registry.kind)) {
+        return;
+    }
+    let url;
+    try {
+        url = new URL(registry.remote.url);
+    }
+    catch {
+        throw new Error(`Remote registry ${registry.id} has invalid URL: ${registry.remote.url}`);
+    }
+    if (url.protocol !== 'https:') {
+        throw new Error(`Remote registry ${registry.id} rejected non-HTTPS endpoint: ${registry.remote.url}`);
+    }
+    const hostname = url.hostname.toLowerCase();
+    const allowed = SAFE_REMOTE_HOSTS.includes(hostname);
+    if (!allowed) {
+        throw new Error(`Remote registry ${registry.id} host ${hostname} is not in safe host allowlist`);
+    }
+}
+function requiresSafeHostAllowlist(kind) {
+    return kind === 'claude-plugin' || kind === 'claude-connector' || kind === 'copilot-extension' || kind === 'mcp';
+}

package/dist/catalog/repository.js ADDED Viewed

@@ -0,0 +1,161 @@
+import fs from 'fs-extra';
+import { readJsonFile, writeJsonFile } from '../lib/json.js';
+import { getPackagePath, getStatePath } from '../lib/paths.js';
+import { CatalogItemSchema, CatalogMcpServerSchema, CatalogSkillSchema, QuarantineFileSchema, WhitelistFileSchema } from '../lib/validation/contracts.js';
+const ITEMS_REL_PATH = 'data/catalog/items.json';
+const SKILLS_REL_PATH = 'data/catalog/skills.json';
+const MCPS_REL_PATH = 'data/catalog/mcps.json';
+const WHITELIST_REL_PATH = 'data/whitelist/approved.json';
+const QUARANTINE_REL_PATH = 'data/quarantine/quarantined.json';
+export function getItemsPath() {
+    return getStatePath(ITEMS_REL_PATH);
+}
+export function getSkillsPath() {
+    return getStatePath(SKILLS_REL_PATH);
+}
+export function getMcpsPath() {
+    return getStatePath(MCPS_REL_PATH);
+}
+export function getWhitelistPath() {
+    return getStatePath(WHITELIST_REL_PATH);
+}
+export function getQuarantinePath() {
+    return getStatePath(QUARANTINE_REL_PATH);
+}
+function getDefaultItemsPath() {
+    return getPackagePath(ITEMS_REL_PATH);
+}
+function getDefaultSkillsPath() {
+    return getPackagePath(SKILLS_REL_PATH);
+}
+function getDefaultMcpsPath() {
+    return getPackagePath(MCPS_REL_PATH);
+}
+function getDefaultWhitelistPath() {
+    return getPackagePath(WHITELIST_REL_PATH);
+}
+function getDefaultQuarantinePath() {
+    return getPackagePath(QUARANTINE_REL_PATH);
+}
+export async function loadCatalogItems() {
+    const primaryPath = getItemsPath();
+    if (await fs.pathExists(primaryPath)) {
+        return parseCatalogItems(await readJsonFile(primaryPath));
+    }
+    const fallbackPath = getDefaultItemsPath();
+    if (await fs.pathExists(fallbackPath)) {
+        return parseCatalogItems(await readJsonFile(fallbackPath));
+    }
+    return loadLegacyItems();
+}
+async function loadLegacyItems() {
+    const [skills, mcps] = await Promise.all([loadSkillsCatalog(), loadMcpsCatalog()]);
+    return [...skills, ...mcps];
+}
+export async function loadSkillsCatalog() {
+    const raw = await readArrayFromStateOrPackage(getSkillsPath(), getDefaultSkillsPath());
+    return raw.map((entry) => {
+        const value = ensureObject(entry);
+        return CatalogSkillSchema.parse({ ...value, kind: 'skill', provider: readProvider(entry, 'openai') });
+    });
+}
+export async function loadMcpsCatalog() {
+    const raw = await readArrayFromStateOrPackage(getMcpsPath(), getDefaultMcpsPath());
+    return raw.map((entry) => {
+        const value = ensureObject(entry);
+        return CatalogMcpServerSchema.parse({ ...value, kind: 'mcp', provider: readProvider(entry, 'mcp') });
+    });
+}
+function readProvider(value, fallback) {
+    if (!value || typeof value !== 'object' || Array.isArray(value)) {
+        return fallback;
+    }
+    const provider = value.provider;
+    return typeof provider === 'string' && provider.trim().length > 0 ? provider.trim() : fallback;
+}
+function ensureObject(value) {
+    if (!value || typeof value !== 'object' || Array.isArray(value)) {
+        return {};
+    }
+    return value;
+}
+export async function saveCatalogItems(records) {
+    await writeJsonFile(getItemsPath(), records);
+}
+export async function saveSkillsCatalog(records) {
+    await writeJsonFile(getSkillsPath(), records);
+}
+export async function saveMcpsCatalog(records) {
+    await writeJsonFile(getMcpsPath(), records);
+}
+export async function saveLegacyCatalogViews(records) {
+    const skills = records
+        .filter((item) => item.kind === 'skill')
+        .map((item) => CatalogSkillSchema.parse(item));
+    const mcps = records
+        .filter((item) => item.kind === 'mcp')
+        .map((item) => CatalogMcpServerSchema.parse(item));
+    await Promise.all([saveSkillsCatalog(skills), saveMcpsCatalog(mcps)]);
+}
+export async function loadWhitelist() {
+    const raw = await readObjectFromStateOrPackage(getWhitelistPath(), getDefaultWhitelistPath());
+    if (!raw) {
+        return new Set();
+    }
+    const parsed = WhitelistFileSchema.parse(raw);
+    return new Set(parsed.approved);
+}
+export async function saveWhitelist(ids) {
+    const approved = Array.from(new Set(ids)).sort((a, b) => a.localeCompare(b));
+    await writeJsonFile(getWhitelistPath(), { approved });
+}
+export async function loadQuarantine() {
+    const raw = await readObjectFromStateOrPackage(getQuarantinePath(), getDefaultQuarantinePath());
+    if (!raw) {
+        return [];
+    }
+    const parsed = QuarantineFileSchema.parse(raw);
+    return parsed.quarantined;
+}
+export async function saveQuarantine(entries) {
+    const deduped = new Map();
+    entries.forEach((entry) => deduped.set(entry.id, entry));
+    const sorted = Array.from(deduped.values()).sort((a, b) => a.id.localeCompare(b.id));
+    await writeJsonFile(getQuarantinePath(), { quarantined: sorted });
+}
+export async function loadCatalogItemById(id) {
+    const records = await loadCatalogItems();
+    return records.find((entry) => entry.id === id) ?? null;
+}
+export async function loadCatalogById(id) {
+    const found = await loadCatalogItemById(id);
+    if (!found) {
+        return null;
+    }
+    if (found.kind === 'skill') {
+        return { kind: 'skill', item: CatalogSkillSchema.parse(found) };
+    }
+    if (found.kind === 'mcp') {
+        return { kind: 'mcp', item: CatalogMcpServerSchema.parse(found) };
+    }
+    return { kind: found.kind, item: found };
+}
+async function readArrayFromStateOrPackage(statePath, packagePath) {
+    const preferred = await readObjectFromStateOrPackage(statePath, packagePath);
+    if (!preferred) {
+        return [];
+    }
+    return Array.isArray(preferred) ? preferred : [];
+}
+async function readObjectFromStateOrPackage(statePath, packagePath) {
+    if (await fs.pathExists(statePath)) {
+        return readJsonFile(statePath);
+    }
+    if (await fs.pathExists(packagePath)) {
+        return readJsonFile(packagePath);
+    }
+    return null;
+}
+function parseCatalogItems(raw) {
+    return raw.map((entry) => CatalogItemSchema.parse(entry));
+}

package/dist/catalog/sync-state.js ADDED Viewed

@@ -0,0 +1,61 @@
+import fs from 'fs-extra';
+import { readJsonFile, writeJsonFile } from '../lib/json.js';
+import { getStatePath } from '../lib/paths.js';
+const SYNC_STATE_REL_PATH = 'data/catalog/sync-state.json';
+export function getSyncStatePath() {
+    return getStatePath(SYNC_STATE_REL_PATH);
+}
+const EMPTY_STATE = { registries: {} };
+export async function loadSyncState() {
+    const syncStatePath = getSyncStatePath();
+    if (!(await fs.pathExists(syncStatePath))) {
+        return EMPTY_STATE;
+    }
+    const raw = await readJsonFile(syncStatePath);
+    if (!raw || typeof raw !== 'object' || Array.isArray(raw)) {
+        return EMPTY_STATE;
+    }
+    const registries = raw.registries;
+    return { registries: registries ?? {} };
+}
+export async function saveSyncState(state) {
+    await writeJsonFile(getSyncStatePath(), state);
+}
+export function getUpdatedSince(state, registryId) {
+    return state.registries[registryId]?.lastUpdatedSince;
+}
+export function setUpdatedSince(state, registryId, timestamp) {
+    return {
+        registries: {
+            ...state.registries,
+            [registryId]: {
+                ...(state.registries[registryId] ?? {}),
+                lastUpdatedSince: timestamp
+            }
+        }
+    };
+}
+export function setSuccessfulSync(state, registryId, timestamp) {
+    return {
+        registries: {
+            ...state.registries,
+            [registryId]: {
+                ...(state.registries[registryId] ?? {}),
+                lastSuccessfulSyncAt: timestamp
+            }
+        }
+    };
+}
+export function getStaleRegistries(state, now = new Date(), staleAfterHours = 48) {
+    const staleCutoffMs = now.getTime() - staleAfterHours * 60 * 60 * 1000;
+    return Object.entries(state.registries)
+        .filter(([, value]) => {
+        if (!value.lastSuccessfulSyncAt) {
+            return true;
+        }
+        const stamp = Date.parse(value.lastSuccessfulSyncAt);
+        return !Number.isFinite(stamp) || stamp < staleCutoffMs;
+    })
+        .map(([registryId]) => registryId)
+        .sort((a, b) => a.localeCompare(b));
+}