@shnitzel/plugscout 0.3.1

package/dist/recommendation/project-analysis.js

@@ -0,0 +1,231 @@
+import path from 'node:path';
+import fsNative from 'node:fs/promises';
+import fs from 'fs-extra';
+export async function detectProjectSignals(projectPath, options = {}) {
+    const root = path.resolve(projectPath);
+    const stack = new Set();
+    const compatibilityTags = new Set();
+    const inferredCapabilities = new Set();
+    const scanEvidence = new Set();
+    if (await fs.pathExists(path.join(root, 'package.json'))) {
+        stack.add('node');
+        compatibilityTags.add('node');
+        const pkg = await fs.readJson(path.join(root, 'package.json'));
+        const dependencies = {
+            ...(pkg.dependencies ?? {}),
+            ...(pkg.devDependencies ?? {})
+        };
+        if ('react' in dependencies || 'next' in dependencies || 'next.js' in dependencies) {
+            stack.add('react');
+            compatibilityTags.add('react');
+        }
+        if ('typescript' in dependencies) {
+            stack.add('typescript');
+            compatibilityTags.add('typescript');
+        }
+        inferFromPackageJson(pkg, inferredCapabilities, scanEvidence);
+    }
+    if ((await fs.pathExists(path.join(root, 'pyproject.toml'))) ||
+        (await fs.pathExists(path.join(root, 'requirements.txt')))) {
+        stack.add('python');
+        compatibilityTags.add('python');
+    }
+    if (await fs.pathExists(path.join(root, 'Dockerfile'))) {
+        compatibilityTags.add('container');
+        inferredCapabilities.add('automation');
+        scanEvidence.add('Dockerfile found');
+    }
+    if ((await fs.pathExists(path.join(root, 'pom.xml'))) || (await fs.pathExists(path.join(root, 'build.gradle')))) {
+        stack.add('java');
+        compatibilityTags.add('java');
+    }
+    if (await fs.pathExists(path.join(root, 'go.mod'))) {
+        stack.add('go');
+        compatibilityTags.add('go');
+    }
+    if (await fs.pathExists(path.join(root, 'Cargo.toml'))) {
+        stack.add('rust');
+        compatibilityTags.add('rust');
+    }
+    if (await fs.pathExists(path.join(root, 'Gemfile'))) {
+        stack.add('ruby');
+        compatibilityTags.add('ruby');
+    }
+    const files = await listRepositoryFiles(root, 6, 2000);
+    const archetypeVotes = new Map();
+    inferFromRepositoryFiles(files, inferredCapabilities, scanEvidence, archetypeVotes);
+    if (options.llm) {
+        applyOptionalLlmHinting(inferredCapabilities, scanEvidence);
+    }
+    if (stack.size === 0) {
+        stack.add('unknown');
+        compatibilityTags.add('general');
+    }
+    const archetypeScores = toSortedArchetypeScores(archetypeVotes);
+    const inferredArchetype = archetypeScores[0]?.name ?? 'general-project';
+    const inferenceConfidence = Math.min(100, Math.max(0, Math.round((archetypeScores[0]?.score ?? 20) * 8)));
+    return {
+        stack: Array.from(stack).sort((a, b) => a.localeCompare(b)),
+        compatibilityTags: Array.from(compatibilityTags).sort((a, b) => a.localeCompare(b)),
+        inferredCapabilities: Array.from(inferredCapabilities).sort((a, b) => a.localeCompare(b)),
+        scanEvidence: Array.from(scanEvidence).sort((a, b) => a.localeCompare(b)),
+        inferredArchetype,
+        inferenceConfidence,
+        archetypeScores
+    };
+}
+function inferFromPackageJson(pkg, inferredCapabilities, scanEvidence) {
+    const dependencies = {
+        ...(pkg.dependencies ?? {}),
+        ...(pkg.devDependencies ?? {})
+    };
+    const scripts = pkg.scripts ?? {};
+    const depNames = Object.keys(dependencies);
+    const hasDep = (name) => depNames.includes(name);
+    const hasScriptLike = (needle) => Object.keys(scripts).some((key) => key.toLowerCase().includes(needle));
+    if (hasDep('zod') || hasDep('yup') || hasDep('joi')) {
+        inferredCapabilities.add('guardrails');
+        inferredCapabilities.add('security');
+        scanEvidence.add('validation library detected (zod/yup/joi)');
+    }
+    if (hasDep('playwright') ||
+        hasDep('puppeteer') ||
+        hasDep('@playwright/test') ||
+        hasDep('selenium-webdriver')) {
+        inferredCapabilities.add('browser-control');
+        inferredCapabilities.add('automation');
+        scanEvidence.add('browser automation dependency detected');
+    }
+    if (hasDep('openai') ||
+        hasDep('@anthropic-ai/sdk') ||
+        hasDep('langchain') ||
+        hasDep('@langchain/core')) {
+        inferredCapabilities.add('prompting');
+        inferredCapabilities.add('search');
+        scanEvidence.add('LLM SDK dependency detected');
+    }
+    if (hasDep('axios') || hasDep('got') || hasDep('node-fetch') || hasDep('undici')) {
+        inferredCapabilities.add('automation');
+        scanEvidence.add('HTTP client dependency detected');
+    }
+    if (hasScriptLike('lint') || hasScriptLike('audit') || hasScriptLike('security')) {
+        inferredCapabilities.add('security');
+        scanEvidence.add('security/lint scripts detected in package.json');
+    }
+}
+async function listRepositoryFiles(root, maxDepth, maxFiles) {
+    const ignore = new Set(['.git', 'node_modules', 'dist', 'coverage', '.next', 'out', 'build', '.turbo']);
+    const collected = [];
+    async function walk(current, depth) {
+        if (depth > maxDepth || collected.length >= maxFiles) {
+            return;
+        }
+        let entries;
+        try {
+            entries = await fsNative.readdir(current, { withFileTypes: true });
+        }
+        catch {
+            return;
+        }
+        for (const entry of entries) {
+            if (collected.length >= maxFiles) {
+                return;
+            }
+            const full = path.join(current, entry.name);
+            const relative = path.relative(root, full);
+            if (!relative) {
+                continue;
+            }
+            if (entry.isDirectory()) {
+                if (ignore.has(entry.name)) {
+                    continue;
+                }
+                await walk(full, depth + 1);
+                continue;
+            }
+            collected.push(relative);
+        }
+    }
+    await walk(root, 0);
+    return collected;
+}
+function inferFromRepositoryFiles(files, inferredCapabilities, scanEvidence, archetypeVotes) {
+    const lowerFiles = files.map((file) => file.toLowerCase());
+    const vote = (archetype, points) => {
+        archetypeVotes.set(archetype, (archetypeVotes.get(archetype) ?? 0) + points);
+    };
+    if (lowerFiles.some((file) => file.endsWith('package.json'))) {
+        vote('node-service', 3);
+    }
+    if (lowerFiles.some((file) => file.includes('next.config') || file.includes('/pages/') || file.includes('/app/'))) {
+        vote('frontend-web-app', 4);
+    }
+    if (lowerFiles.some((file) => file.includes('src/video/') || file.includes('remotion'))) {
+        vote('media-automation', 4);
+    }
+    if (lowerFiles.some((file) => file.includes('src/commands/') || file.includes('src/interfaces/cli'))) {
+        vote('cli-platform-tooling', 5);
+    }
+    if (lowerFiles.some((file) => file.includes('dockerfile') || file.includes('k8s') || file.includes('helm'))) {
+        vote('devops-automation', 4);
+    }
+    if (lowerFiles.some((file) => file.includes('src/security/') || file.includes('whitelist') || file.includes('quarantine'))) {
+        vote('security-governance-tooling', 6);
+    }
+    if (lowerFiles.some((file) => file.startsWith('.github/workflows/'))) {
+        inferredCapabilities.add('automation');
+        scanEvidence.add('GitHub Actions workflows detected');
+        vote('devops-automation', 3);
+    }
+    if (lowerFiles.some((file) => file.includes('codeql') || file.includes('trivy') || file.includes('gitleaks'))) {
+        inferredCapabilities.add('code-scanning');
+        inferredCapabilities.add('dependency-audit');
+        inferredCapabilities.add('security');
+        scanEvidence.add('security scanning workflows/configs detected');
+        vote('security-governance-tooling', 5);
+    }
+    if (lowerFiles.some((file) => file.includes('dockerfile') || file.includes('compose'))) {
+        inferredCapabilities.add('automation');
+        scanEvidence.add('container/deployment files detected');
+        vote('devops-automation', 2);
+    }
+    if (lowerFiles.some((file) => file.includes('tests/') || file.endsWith('.spec.ts') || file.endsWith('.test.ts'))) {
+        inferredCapabilities.add('guardrails');
+        scanEvidence.add('automated tests detected');
+        vote('quality-platform', 2);
+    }
+    if (lowerFiles.some((file) => file.includes('playwright') || file.includes('browser'))) {
+        inferredCapabilities.add('browser-control');
+        inferredCapabilities.add('automation');
+        scanEvidence.add('browser workflow files detected');
+        vote('qa-automation', 3);
+    }
+    if (lowerFiles.includes('skill.lock') || lowerFiles.includes('.skills-mcps.json')) {
+        inferredCapabilities.add('automation');
+        scanEvidence.add('local skills/mcps tooling config detected');
+        vote('cli-platform-tooling', 2);
+    }
+    if (lowerFiles.some((file) => file.includes('src/catalog/') || file.includes('config/registries'))) {
+        inferredCapabilities.add('search');
+        inferredCapabilities.add('automation');
+        scanEvidence.add('catalog and registry pipeline files detected');
+        vote('catalog-intelligence-platform', 5);
+    }
+}
+function toSortedArchetypeScores(votes) {
+    if (votes.size === 0) {
+        return [{ name: 'general-project', score: 3 }];
+    }
+    return Array.from(votes.entries())
+        .map(([name, score]) => ({ name, score }))
+        .sort((a, b) => b.score - a.score || a.name.localeCompare(b.name));
+}
+function applyOptionalLlmHinting(inferredCapabilities, scanEvidence) {
+    if (!process.env.OPENAI_API_KEY) {
+        scanEvidence.add('LLM enrichment requested but OPENAI_API_KEY is not set; using deterministic scan only');
+        return;
+    }
+    inferredCapabilities.add('prompting');
+    inferredCapabilities.add('agent-orchestration');
+    scanEvidence.add('LLM enrichment enabled (heuristic augmentation active)');
+}

package/dist/recommendation/requirements.js

@@ -0,0 +1,58 @@
+import path from 'node:path';
+import fs from 'fs-extra';
+import { RequirementsProfileSchema } from '../lib/validation/contracts.js';
+export async function loadRequirementsProfile(filePath) {
+    if (!filePath) {
+        return RequirementsProfileSchema.parse({});
+    }
+    const fullPath = path.resolve(filePath);
+    const raw = await fs.readFile(fullPath, 'utf8');
+    if (filePath.endsWith('.json')) {
+        return RequirementsProfileSchema.parse(JSON.parse(raw));
+    }
+    if (filePath.endsWith('.yml') || filePath.endsWith('.yaml')) {
+        return RequirementsProfileSchema.parse(parseSimpleYaml(raw));
+    }
+    throw new Error(`Unsupported requirements format: ${filePath}`);
+}
+function parseSimpleYaml(content) {
+    const result = {};
+    let activeArrayKey = null;
+    const lines = content
+        .split('\n')
+        .map((line) => line.trimEnd())
+        .filter((line) => line.trim() !== '' && !line.trim().startsWith('#'));
+    for (const line of lines) {
+        const trimmed = line.trim();
+        if (trimmed.startsWith('- ')) {
+            if (!activeArrayKey) {
+                throw new Error('Invalid YAML: array item without key');
+            }
+            const value = trimmed.slice(2).trim();
+            const current = result[activeArrayKey] ?? [];
+            current.push(stripQuotes(value));
+            result[activeArrayKey] = current;
+            continue;
+        }
+        const separator = trimmed.indexOf(':');
+        if (separator === -1) {
+            throw new Error(`Invalid YAML line: ${line}`);
+        }
+        const key = trimmed.slice(0, separator).trim();
+        const rawValue = trimmed.slice(separator + 1).trim();
+        if (rawValue === '') {
+            result[key] = [];
+            activeArrayKey = key;
+            continue;
+        }
+        activeArrayKey = null;
+        result[key] = stripQuotes(rawValue);
+    }
+    return result;
+}
+function stripQuotes(value) {
+    if ((value.startsWith('"') && value.endsWith('"')) || (value.startsWith("'") && value.endsWith("'"))) {
+        return value.slice(1, -1);
+    }
+    return value;
+}

package/dist/security/assessment.js

@@ -0,0 +1,56 @@
+import { loadSecurityPolicy } from '../config/runtime.js';
+import { RiskAssessmentSchema } from '../lib/validation/contracts.js';
+export async function assessRisk(record) {
+    const policy = await loadSecurityPolicy();
+    return buildAssessment(record, policy);
+}
+export function buildAssessment(record, policy) {
+    const signals = record.securitySignals;
+    const scoring = policy.scoring;
+    const vulnerabilityPoints = signals.knownVulnerabilities * scoring.vulnerabilityWeight;
+    const suspiciousPoints = signals.suspiciousPatterns * scoring.suspiciousWeight;
+    const injectionPoints = signals.injectionFindings * scoring.injectionWeight;
+    const exfiltrationPoints = signals.exfiltrationSignals * scoring.exfiltrationWeight;
+    const integrityPoints = signals.integrityAlerts * scoring.integrityWeight;
+    const riskScore = Math.min(100, vulnerabilityPoints + suspiciousPoints + injectionPoints + exfiltrationPoints + integrityPoints);
+    const riskTier = mapRiskTier(riskScore, policy);
+    const reasons = [
+        `Integrity alerts: ${signals.integrityAlerts}`,
+        `Known vulnerabilities: ${signals.knownVulnerabilities}`,
+        `Suspicious patterns: ${signals.suspiciousPatterns}`,
+        `Injection findings: ${signals.injectionFindings}`,
+        `Exfiltration signals: ${signals.exfiltrationSignals}`
+    ];
+    return RiskAssessmentSchema.parse({
+        id: record.id,
+        riskScore,
+        riskTier,
+        reasons,
+        scannerResults: {
+            packageIntegrity: { findings: signals.integrityAlerts },
+            vulnerabilityIntel: { findings: signals.knownVulnerabilities },
+            permissionPatterns: { findings: signals.suspiciousPatterns },
+            injectionTests: { findings: signals.injectionFindings },
+            exfiltrationHeuristics: { findings: signals.exfiltrationSignals }
+        },
+        assessedAt: new Date().toISOString()
+    });
+}
+export function mapRiskTier(score, policy) {
+    if (score <= policy.thresholds.lowMax) {
+        return 'low';
+    }
+    if (score <= policy.thresholds.mediumMax) {
+        return 'medium';
+    }
+    if (score <= policy.thresholds.highMax) {
+        return 'high';
+    }
+    return 'critical';
+}
+export function isBlockedTier(tier, policy) {
+    return policy.installGate.blockTiers.includes(tier);
+}
+export function isWarnTier(tier, policy) {
+    return policy.installGate.warnTiers.includes(tier);
+}

package/dist/security/whitelist.js

@@ -0,0 +1,70 @@
+import path from 'node:path';
+import fs from 'fs-extra';
+import { loadSecurityPolicy } from '../config/runtime.js';
+import { loadCatalogItemById, loadWhitelist, saveQuarantine, saveWhitelist } from '../catalog/repository.js';
+import { getStaleRegistries, loadSyncState } from '../catalog/sync-state.js';
+import { writeJsonFile, readJsonFile } from '../lib/json.js';
+import { logger } from '../lib/logger.js';
+import { getStatePath } from '../lib/paths.js';
+import { SecurityReportSchema } from '../lib/validation/contracts.js';
+import { buildAssessment, isBlockedTier } from './assessment.js';
+export async function verifyWhitelist() {
+    const [whitelist, policy, syncState] = await Promise.all([loadWhitelist(), loadSecurityPolicy(), loadSyncState()]);
+    const passed = [];
+    const failed = [];
+    for (const id of whitelist) {
+        const record = await loadCatalogItemById(id);
+        if (!record) {
+            failed.push({
+                id,
+                riskTier: 'critical',
+                riskScore: 100,
+                reasons: ['Catalog item missing']
+            });
+            continue;
+        }
+        const assessment = buildAssessment(record, policy);
+        if (isBlockedTier(assessment.riskTier, policy)) {
+            failed.push({
+                id,
+                riskTier: assessment.riskTier,
+                riskScore: assessment.riskScore,
+                reasons: assessment.reasons
+            });
+            continue;
+        }
+        passed.push(id);
+    }
+    const report = SecurityReportSchema.parse({
+        generatedAt: new Date().toISOString(),
+        staleRegistries: getStaleRegistries(syncState),
+        passed,
+        failed
+    });
+    const date = report.generatedAt.slice(0, 10);
+    const reportPath = getStatePath(`data/security-reports/${date}/report.json`);
+    await fs.ensureDir(path.dirname(reportPath));
+    await writeJsonFile(reportPath, report);
+    logger.info(`Whitelist verification report written: ${reportPath}`);
+    return { reportPath, report };
+}
+export async function applyQuarantineFromReport(reportFilePath) {
+    const raw = await readJsonFile(reportFilePath);
+    const report = SecurityReportSchema.parse(raw);
+    const whitelist = await loadWhitelist();
+    const removedFromWhitelist = [];
+    report.failed.forEach((failure) => {
+        if (whitelist.delete(failure.id)) {
+            removedFromWhitelist.push(failure.id);
+        }
+    });
+    await saveWhitelist(whitelist);
+    const now = new Date().toISOString();
+    const quarantined = report.failed.map((failure) => ({
+        id: failure.id,
+        reason: failure.reasons.join(' | '),
+        quarantinedAt: now
+    }));
+    await saveQuarantine(quarantined);
+    return { removedFromWhitelist, quarantined };
+}

package/dist/skills/normalize.js

@@ -0,0 +1,39 @@
+import { CatalogSkillSchema } from '../lib/validation/contracts.js';
+export function normalizeSkills(records, sourceId, today) {
+    return records
+        .map((entry) => CatalogSkillSchema.parse({
+        ...ensureObject(entry),
+        source: ensureObject(entry).source ?? sourceId,
+        lastSeenAt: ensureObject(entry).lastSeenAt ?? today
+    }))
+        .sort((a, b) => a.id.localeCompare(b.id));
+}
+function ensureObject(value) {
+    if (!value || typeof value !== 'object' || Array.isArray(value)) {
+        throw new Error('Invalid skill registry entry: expected object');
+    }
+    return value;
+}
+export function mergeSkillsById(skills) {
+    const state = new Map();
+    for (const skill of skills) {
+        const existing = state.get(skill.id);
+        if (!existing) {
+            state.set(skill.id, skill);
+            continue;
+        }
+        state.set(skill.id, {
+            ...existing,
+            description: skill.description.length > existing.description.length ? skill.description : existing.description,
+            capabilities: dedupe([...existing.capabilities, ...skill.capabilities]),
+            compatibility: dedupe([...existing.compatibility, ...skill.compatibility]),
+            maintenanceSignal: Math.max(existing.maintenanceSignal, skill.maintenanceSignal),
+            adoptionSignal: Math.max(existing.adoptionSignal, skill.adoptionSignal),
+            lastSeenAt: skill.lastSeenAt >= existing.lastSeenAt ? skill.lastSeenAt : existing.lastSeenAt
+        });
+    }
+    return Array.from(state.values()).sort((a, b) => a.id.localeCompare(b.id));
+}
+function dedupe(values) {
+    return Array.from(new Set(values)).sort((a, b) => a.localeCompare(b));
+}

package/dist/validation/curated.js

@@ -0,0 +1,72 @@
+import fs from 'fs-extra';
+import { readJsonFile } from '../lib/json.js';
+import { getPackagePath, getStatePath } from '../lib/paths.js';
+import { McpSchema, SkillSchema } from '../models/records.js';
+export async function validateCuratedSkills() {
+    try {
+        const raw = await loadCuratedArray('data/curated/skills.json');
+        const parsed = raw.map((entry, index) => {
+            try {
+                return SkillSchema.parse(entry);
+            }
+            catch (error) {
+                throw new Error(`skills[${index}] ${error}`);
+            }
+        });
+        return {
+            dataset: 'skills',
+            valid: true,
+            count: parsed.length,
+            errors: [],
+            records: parsed
+        };
+    }
+    catch (error) {
+        return {
+            dataset: 'skills',
+            valid: false,
+            count: 0,
+            errors: [error instanceof Error ? error.message : String(error)]
+        };
+    }
+}
+export async function validateCuratedMcps(skillIds) {
+    try {
+        const raw = await loadCuratedArray('data/curated/mcps.json');
+        const parsed = raw.map((entry, index) => {
+            try {
+                const record = McpSchema.parse(entry);
+                const missingLinks = record.skillLinks.filter((link) => !skillIds.has(link));
+                if (missingLinks.length) {
+                    throw new Error(`references missing skills: ${missingLinks.join(', ')}`);
+                }
+                return record;
+            }
+            catch (error) {
+                throw new Error(`mcps[${index}] ${error}`);
+            }
+        });
+        return {
+            dataset: 'mcps',
+            valid: true,
+            count: parsed.length,
+            errors: [],
+            records: parsed
+        };
+    }
+    catch (error) {
+        return {
+            dataset: 'mcps',
+            valid: false,
+            count: 0,
+            errors: [error instanceof Error ? error.message : String(error)]
+        };
+    }
+}
+async function loadCuratedArray(relativePath) {
+    const statePath = getStatePath(relativePath);
+    if (await fs.pathExists(statePath)) {
+        return readJsonFile(statePath);
+    }
+    return readJsonFile(getPackagePath(relativePath));
+}

package/dist/video/Root.js

@@ -0,0 +1,6 @@
+import { jsx as _jsx, Fragment as _Fragment } from "react/jsx-runtime";
+import { Composition } from 'remotion';
+import { ExplainerVideo, walkthroughDurationInFrames } from '../commands/ExplainerVideo.js';
+export const RemotionRoot = () => {
+    return (_jsx(_Fragment, { children: _jsx(Composition, { id: "FrameworkWalkthrough", component: ExplainerVideo, durationInFrames: walkthroughDurationInFrames, fps: 30, width: 1920, height: 1080 }) }));
+};

package/dist/video/index.js

@@ -0,0 +1,3 @@
+import { registerRoot } from 'remotion';
+import { RemotionRoot } from './Root.js';
+registerRoot(RemotionRoot);

package/package.json

@@ -0,0 +1,102 @@
+{
+  "name": "@shnitzel/plugscout",
+  "version": "0.3.1",
+  "description": "Claude plugins + Claude connectors + Copilot extensions + Skills + MCP security intelligence framework",
+  "private": false,
+  "type": "module",
+  "license": "MIT",
+  "author": "Amit Rintzler",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/amitrintzler/skills-and-mcps.git"
+  },
+  "bugs": {
+    "url": "https://github.com/amitrintzler/skills-and-mcps/issues"
+  },
+  "homepage": "https://github.com/amitrintzler/skills-and-mcps#readme",
+  "keywords": [
+    "cli",
+    "skills",
+    "mcp",
+    "claude-plugin",
+    "copilot-extension",
+    "security",
+    "recommendation"
+  ],
+  "overrides": {
+    "terser-webpack-plugin": "5.3.17"
+  },
+  "bin": {
+    "plugscout": "dist/cli.js"
+  },
+  "files": [
+    "dist",
+    "config",
+    "data",
+    "assets/cli",
+    "README.md",
+    "LICENSE*"
+  ],
+  "engines": {
+    "node": ">=18.17"
+  },
+  "scripts": {
+    "dev": "TS_NODE_TRANSPILE_ONLY=1 node --loader ts-node/esm src/cli.ts",
+    "setup": "TS_NODE_TRANSPILE_ONLY=1 node --loader ts-node/esm src/cli.ts setup",
+    "build": "tsc -p tsconfig.json",
+    "lint": "eslint . --ext .ts",
+    "test": "vitest run",
+    "verify:claims": "vitest run --maxWorkers=1 tests/integration/functionality-claims.spec.ts tests/unit/workflow-contracts.spec.ts tests/integration/cli-flow.spec.ts tests/unit/recommendation.spec.ts tests/unit/project-analysis.spec.ts",
+    "smoke:pack": "node ./scripts/smoke-pack.mjs",
+    "prepush:local": "npm run lint && npm run build && npm run verify:claims && npm run smoke:pack",
+    "test:watch": "vitest",
+    "validate:data": "TS_NODE_TRANSPILE_ONLY=1 node --loader ts-node/esm src/commands/validate-data.ts",
+    "ingest:skills": "TS_NODE_TRANSPILE_ONLY=1 node --loader ts-node/esm src/commands/ingest.ts --kind skill",
+    "ingest:mcps": "TS_NODE_TRANSPILE_ONLY=1 node --loader ts-node/esm src/commands/ingest.ts --kind mcp",
+    "ingest:claude-plugins": "TS_NODE_TRANSPILE_ONLY=1 node --loader ts-node/esm src/commands/ingest.ts --kind claude-plugin",
+    "ingest:copilot-extensions": "TS_NODE_TRANSPILE_ONLY=1 node --loader ts-node/esm src/commands/ingest.ts --kind copilot-extension",
+    "ingest:all": "TS_NODE_TRANSPILE_ONLY=1 node --loader ts-node/esm src/commands/ingest.ts",
+    "sync": "TS_NODE_TRANSPILE_ONLY=1 node --loader ts-node/esm src/cli.ts sync",
+    "about": "TS_NODE_TRANSPILE_ONLY=1 node --loader ts-node/esm src/cli.ts about",
+    "init": "TS_NODE_TRANSPILE_ONLY=1 node --loader ts-node/esm src/cli.ts init",
+    "doctor": "TS_NODE_TRANSPILE_ONLY=1 node --loader ts-node/esm src/cli.ts doctor",
+    "status": "TS_NODE_TRANSPILE_ONLY=1 node --loader ts-node/esm src/cli.ts status",
+    "list": "TS_NODE_TRANSPILE_ONLY=1 node --loader ts-node/esm src/cli.ts list",
+    "search": "TS_NODE_TRANSPILE_ONLY=1 node --loader ts-node/esm src/cli.ts search",
+    "explain": "TS_NODE_TRANSPILE_ONLY=1 node --loader ts-node/esm src/cli.ts explain",
+    "scan": "TS_NODE_TRANSPILE_ONLY=1 node --loader ts-node/esm src/cli.ts scan",
+    "show": "TS_NODE_TRANSPILE_ONLY=1 node --loader ts-node/esm src/cli.ts show",
+    "top": "TS_NODE_TRANSPILE_ONLY=1 node --loader ts-node/esm src/cli.ts top",
+    "web": "TS_NODE_TRANSPILE_ONLY=1 node --loader ts-node/esm src/cli.ts web",
+    "video:preview": "remotion studio src/video/index.ts",
+    "video:render": "remotion render src/video/index.ts FrameworkWalkthrough out/framework-walkthrough.mp4",
+    "recommend": "TS_NODE_TRANSPILE_ONLY=1 node --loader ts-node/esm src/cli.ts recommend",
+    "assess": "TS_NODE_TRANSPILE_ONLY=1 node --loader ts-node/esm src/cli.ts assess",
+    "install:item": "TS_NODE_TRANSPILE_ONLY=1 node --loader ts-node/esm src/cli.ts install",
+    "whitelist:verify": "TS_NODE_TRANSPILE_ONLY=1 node --loader ts-node/esm src/cli.ts whitelist verify",
+    "quarantine:apply": "TS_NODE_TRANSPILE_ONLY=1 node --loader ts-node/esm src/cli.ts quarantine apply"
+  },
+  "dependencies": {
+    "fs-extra": "^11.2.0",
+    "semver": "^7.7.4",
+    "zod": "^3.23.8"
+  },
+  "devDependencies": {
+    "@types/node": "^25.3.0",
+    "@types/react": "^19.2.14",
+    "@remotion/cli": "4.0.427",
+    "@types/semver": "^7.7.1",
+    "@typescript-eslint/eslint-plugin": "^7.10.0",
+    "@typescript-eslint/parser": "^7.10.0",
+    "eslint": "^8.57.0",
+    "eslint-config-prettier": "^9.1.0",
+    "prettier": "^3.2.5",
+    "react": "^19.2.4",
+    "react-dom": "^19.2.4",
+    "remotion": "4.0.427",
+    "ts-node": "^10.9.2",
+    "tsx": "^4.7.1",
+    "typescript": "^5.4.5",
+    "vitest": "3.2.4"
+  }
+}