@skill-map/cli 0.67.0 → 0.68.1

package/dist/cli.js

@@ -1,6 +1,6 @@
 // cli/entry.ts
 
-!function(){try{var e="undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof globalThis?globalThis:"undefined"!=typeof self?self:{},n=(new e.Error).stack;n&&(e._sentryDebugIds=e._sentryDebugIds||{},e._sentryDebugIds[n]="8b8b0da7-bdb9-55ed-8dcd-0f983f8be006")}catch(e){}}();
+!function(){try{var e="undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof globalThis?globalThis:"undefined"!=typeof self?self:{},n=(new e.Error).stack;n&&(e._sentryDebugIds=e._sentryDebugIds||{},e._sentryDebugIds[n]="a842c024-162c-5a3a-85db-1daea4b6735f")}catch(e){}}();
 import { existsSync as existsSync34 } from "fs";
 import { Builtins, Cli as Cli2 } from "clipanion";
 
@@ -250,7 +250,7 @@ function bucketByKind(kind, instance, bag) {
 // package.json
 var package_default = {
   name: "@skill-map/cli",
-  version: "0.67.0",
+  version: "0.68.1",
   description: "skill-map reference implementation \u2014 kernel + CLI + adapters.",
   license: "MIT",
   type: "module",
@@ -323,39 +323,38 @@ var package_default = {
     clean: "rm -rf dist coverage"
   },
   dependencies: {
-    "@hono/node-server": "2.0.1",
-    "@sentry/node": "10.55.0",
+    "@hono/node-server": "2.0.6",
+    "@sentry/node": "10.61.0",
     "@skill-map/spec": "workspace:*",
-    ajv: "8.18.0",
+    ajv: "8.20.0",
     "ajv-formats": "3.0.1",
     chokidar: "5.0.0",
     clipanion: "4.0.0-rc.4",
-    hono: "4.12.18",
+    hono: "4.12.27",
     ignore: "7.0.5",
     "js-tiktoken": "1.0.21",
-    "js-yaml": "4.1.1",
-    kysely: "0.28.17",
-    "posthog-node": "5.35.6",
-    semver: "7.7.4",
-    "smol-toml": "1.6.1",
+    "js-yaml": "5.1.0",
+    kysely: "0.29.2",
+    "posthog-node": "5.38.5",
+    semver: "7.8.5",
+    "smol-toml": "1.7.0",
     typanion: "3.14.0",
     ws: "8.21.0"
   },
   devDependencies: {
     "@eslint/js": "10.0.1",
     "@stylistic/eslint-plugin": "5.10.0",
-    "@types/js-yaml": "4.0.9",
-    "@types/node": "24.12.2",
+    "@types/node": "26.0.1",
     "@types/semver": "7.7.1",
     "@types/ws": "8.18.1",
     c8: "11.0.0",
-    eslint: "10.2.1",
-    "eslint-plugin-import-x": "4.16.2",
+    eslint: "10.5.0",
+    "eslint-plugin-import-x": "4.17.0",
     "json-schema-to-typescript": "15.0.4",
     tsup: "8.5.1",
-    tsx: "4.22.3",
-    typescript: "5.9.3",
-    "typescript-eslint": "8.59.1"
+    tsx: "4.22.4",
+    typescript: "6.0.3",
+    "typescript-eslint": "8.62.0"
   },
   engines: {
     node: ">=24.0"
@@ -850,9 +849,9 @@ function stripFences(input) {
       }
       continue;
     }
-    const open2 = FENCE_RE.exec(line);
-    if (open2?.groups) {
-      openFence = open2.groups["fence"];
+    const open3 = FENCE_RE.exec(line);
+    if (open3?.groups) {
+      openFence = open3.groups["fence"];
       out.push(blank(line));
       continue;
     }
@@ -1247,12 +1246,14 @@ var agentSkillsProvider = {
   // Provider-owned.
   detect: { markers: [".agents"] },
   // Authoring target for `sm tutorial`: the open standard discovers skills
-  // under `.agents/skills/<name>/SKILL.md`. The same path is consumed by
-  // Antigravity (adopted the standard rather than a `.gemini/` layout) and
-  // OpenAI Codex (skills mirror the open standard), so `aka` surfaces both
-  // names in the destination prompt to orient testers on those agents.
-  // `aka` is display-only, `--for` still matches the `agent-skills` id.
-  scaffold: { skillDir: ".agents/skills", aka: ["Google's Antigravity", "OpenAI's Codex"] },
+  // under `.agents/skills/<name>/SKILL.md`. `aka` lists Antigravity, which
+  // shares this territory AND the BASIC tutorial track (skill + markdown,
+  // references), so a tester on Antigravity scaffolds here. OpenAI Codex
+  // also reads `.agents/skills/`, but Codex is a RICH-track lens (it has the
+  // `agent` kind, slash and `@`), so advertising it under this basic row
+  // would hand it the wrong book; Codex is surfaced once a Codex rich
+  // scaffold target lands. `aka` is display-only, `--for` matches the id.
+  scaffold: { skillDir: ".agents/skills", aka: ["Google's Antigravity"] },
   read: COMMONS_READ,
   kinds: COMMONS_KINDS,
   resolution: COMMONS_RESOLUTION,
@@ -1473,6 +1474,12 @@ var codexProvider = {
   // open-standard project, not necessarily a Codex one. A genuine Codex
   // project is identified by `.codex/`.
   detect: { markers: [".codex"] },
+  // Tutorial scaffold target (rich track). Codex skills adopt the open
+  // `.agents/skills/` layout, but the codex LENS resolves off `.codex/`,
+  // which the open territory does not carry, so `sm tutorial --for codex`
+  // also drops a `.codex/` marker (the home its TOML agents land under) to
+  // disambiguate from the `agent-skills` lens that shares `.agents/skills/`.
+  scaffold: { skillDir: ".agents/skills", marker: ".codex" },
   // Vendor provider: Codex CLI only reads its own territory (its `.codex/`
   // agents plus the open `.agents/skills/` skills it adopted). Gating the
   // classifier behind the active lens keeps the walker from claiming Codex
@@ -3656,7 +3663,7 @@ import { existsSync, readFileSync as readFileSync3 } from "fs";
 import { dirname as dirname3, resolve as resolve4 } from "path";
 import { createRequire as createRequire3 } from "module";
 import { Ajv2020 as Ajv20203 } from "ajv/dist/2020.js";
-import yaml from "js-yaml";
+import { load as yamlLoad, JSON_SCHEMA } from "js-yaml";
 
 // kernel/util/strip-prototype-pollution.ts
 var FORBIDDEN_KEYS = /* @__PURE__ */ new Set([
@@ -3697,7 +3704,7 @@ function readSidecarFor(mdAbsolutePath) {
   }
   let parsedYaml;
   try {
-    parsedYaml = yaml.load(raw, { schema: yaml.JSON_SCHEMA });
+    parsedYaml = yamlLoad(raw, { schema: JSON_SCHEMA });
   } catch (err) {
     return {
       parsed: null,
@@ -5983,7 +5990,7 @@ import { existsSync as existsSync6, readFileSync as readFileSync7 } from "fs";
 import { dirname as dirname6, resolve as resolve8 } from "path";
 import { createRequire as createRequire4 } from "module";
 import { Ajv2020 as Ajv20204 } from "ajv/dist/2020.js";
-import yaml2 from "js-yaml";
+import { dump as yamlDump, load as yamlLoad2, CORE_SCHEMA, JSON_SCHEMA as JSON_SCHEMA2 } from "js-yaml";
 var FilesystemSidecarStore = class {
   /**
    * Path-keyed in-process lock chain. Each path maps to the tail of a
@@ -6035,11 +6042,13 @@ var FilesystemSidecarStore = class {
         `sidecar patch produces a schema-invalid result at ${sidecarAbsPath}: ${errors}`
       );
     }
-    const yamlText = yaml2.dump(merged, {
+    const yamlText = yamlDump(merged, {
       sortKeys: true,
       lineWidth: -1,
       noRefs: true,
-      noCompatMode: true
+      // js-yaml v5: CORE_SCHEMA reproduces the old `noCompatMode: true`
+      // output (YAML 1.2, no 1.1-compat quoting of yes/no/on/off).
+      schema: CORE_SCHEMA
     });
     atomicWriteFile(sidecarAbsPath, yamlText);
   }
@@ -6069,7 +6078,7 @@ function isPlainObject4(value) {
 function readSidecarObject(sidecarAbsPath) {
   if (!existsSync6(sidecarAbsPath)) return {};
   const raw = readFileSync7(sidecarAbsPath, "utf8");
-  const parsed = yaml2.load(raw, { schema: yaml2.JSON_SCHEMA });
+  const parsed = yamlLoad2(raw, { schema: JSON_SCHEMA2 });
   if (parsed === null || parsed === void 0) return {};
   if (!isPlainObject4(parsed)) {
     throw new Error(
@@ -6410,7 +6419,7 @@ var SmCommand = class extends Command {
 };
 
 // core/sqlite/with-sqlite.ts
-import { existsSync as existsSync11 } from "fs";
+import { existsSync as existsSync12 } from "fs";
 
 // kernel/adapters/sqlite/storage-adapter.ts
 import { mkdirSync as mkdirSync4 } from "fs";
@@ -9158,6 +9167,8 @@ function createSqliteStorage(options) {
 }
 
 // core/sqlite/db-version-check.ts
+import { existsSync as existsSync11 } from "fs";
+import { DatabaseSync as DatabaseSync5 } from "node:sqlite";
 async function detectDbVersionSkew(db, currentVersion) {
   const meta = await db.selectFrom("scan_meta").select(["scannedByVersion"]).executeTakeFirst();
   if (!meta) return { kind: "no-meta" };
@@ -9187,6 +9198,20 @@ function classifyVersionSkew(dbVersion, currentVersion) {
   }
   return { kind: "warn-older", dbVersion, currentVersion };
 }
+function readScannedByVersion(dbPath) {
+  if (dbPath === ":memory:" || !existsSync11(dbPath)) return null;
+  let raw = null;
+  try {
+    raw = new DatabaseSync5(dbPath, { readOnly: true });
+    const row = raw.prepare("SELECT scanned_by_version AS v FROM scan_meta LIMIT 1").get();
+    const v = row?.v;
+    return typeof v === "string" && v.length > 0 ? v : null;
+  } catch {
+    return null;
+  } finally {
+    raw?.close();
+  }
+}
 function parseVersionTriple(input) {
   if (typeof input !== "string" || input.length === 0) return null;
   const match = /^(\d+)\.(\d+)\.(\d+)(?:[-+].*)?$/.exec(input.trim());
@@ -9358,7 +9383,7 @@ async function withSqlite(options, fn) {
   }
 }
 async function tryWithSqlite(options, fn) {
-  if (options.databasePath !== ":memory:" && !existsSync11(options.databasePath)) {
+  if (options.databasePath !== ":memory:" && !existsSync12(options.databasePath)) {
     return null;
   }
   return withSqlite(options, fn);
@@ -9962,6 +9987,15 @@ var CHECK_TEXTS = {
   noIssues: "{{glyph}}  No issues.\n",
   /** Header summary line: `sm check: 10 warnings · 0 errors`. */
   summaryHeader: "sm check: {{summary}}\n\n",
+  /**
+   * Summary fragments joined by ` · `, each colored at the call site.
+   * `{{plural}}` is `''` / `'s'` resolved by count, matching the
+   * `{{plural}}`-slot pattern used across the other verbs (info has no
+   * plural form).
+   */
+  summaryErrorFragment: "{{count}} error{{plural}}",
+  summaryWarningFragment: "{{count}} warning{{plural}}",
+  summaryInfoFragment: "{{count}} info",
   /** Section heading: one per file with at least one issue. */
   fileSection: "  {{file}}\n",
   /**
@@ -10031,6 +10065,20 @@ var PLUGIN_LOADER_TEXTS = {
   invalidManifestExtensionShape: "{{relEntry}}: {{errors}}. See {{docUrl}}.",
   importExceededTimeout: "import exceeded {{timeoutMs}}ms; likely a top-level side effect (network call, infinite loop, large blocking work). Move side effects into the runtime methods (`detect` / `evaluate` / `render` / etc.).",
   disabledByConfig: "disabled by config_plugins or settings.json",
+  /**
+   * Reason stamped on a project-local disk plugin discovered but not
+   * imported because the operator never granted local trust. Distinct
+   * from `disabledByConfig` (an explicit toggle-off): this id has no
+   * `config_plugins` override at all, so its code stays unexecuted until
+   * `sm plugins enable` records local intent.
+   */
+  untrustedNotLoaded: "not loaded: project-local plugin is untrusted until enabled. Run `sm plugins enable {{pluginId}}` to load it.",
+  /**
+   * One-time aggregate notice the runtime emits when project-local
+   * plugins were found on disk but left unloaded for lack of trust. The
+   * `{{count}}` plugins ride the scan without executing any code.
+   */
+  untrustedPluginsFoundNotice: "{{count}} project-local plugin(s) found in .skill-map/plugins/ but not loaded (untrusted). Their code did NOT run. Review with `sm plugins list`, then enable any you trust with `sm plugins enable <id>`.",
   invalidManifestDirMismatch: "directory name '{{dirName}}' does not match manifest id '{{manifestId}}'. Rename the directory to match the id, or update the manifest id to match the directory.",
   idCollision: "Plugin '{{id}}' at {{pathA}} collides with the plugin at {{pathB}}. Rename one and rerun.",
   loadErrorPluginIdMismatch: "{{relEntry}}: extension declares pluginId '{{declared}}' but its plugin.json declares id '{{manifestId}}'. Remove the explicit pluginId from the extension; the loader injects it from plugin.json#/id.",
@@ -10050,7 +10098,7 @@ var PLUGIN_LOADER_TEXTS = {
 
 // kernel/adapters/plugin-loader/index.ts
 import { createRequire as createRequire5 } from "module";
-import { existsSync as existsSync13, readFileSync as readFileSync13, readdirSync as readdirSync5, statSync as statSync2 } from "fs";
+import { existsSync as existsSync14, readFileSync as readFileSync13, readdirSync as readdirSync5, statSync as statSync2 } from "fs";
 import { join as join8, resolve as resolve17 } from "path";
 import { pathToFileURL } from "url";
 import semver from "semver";
@@ -10153,7 +10201,7 @@ function stripFunctionsAndPluginId(input) {
 
 // kernel/adapters/plugin-loader/validation.ts
 import * as nodeFs from "fs";
-import { existsSync as existsSync12 } from "fs";
+import { existsSync as existsSync13 } from "fs";
 import { dirname as dirname10, join as join7 } from "path";
 import { Ajv2020 as Ajv20205 } from "ajv/dist/2020.js";
 
@@ -10279,7 +10327,7 @@ function validateActionFileConventions(pluginPath, pluginId, manifest, relEntry,
   const reportSchemaPath = join7(actionDir, "report.schema.json");
   const promptPath = join7(actionDir, "prompt.md");
   const mode = isRecord(manifestView) && typeof manifestView["mode"] === "string" ? manifestView["mode"] : "deterministic";
-  if (!existsSync12(reportSchemaPath)) {
+  if (!existsSync13(reportSchemaPath)) {
     return {
       ...fail(
         pluginPath,
@@ -10290,7 +10338,7 @@ function validateActionFileConventions(pluginPath, pluginId, manifest, relEntry,
       manifest
     };
   }
-  const promptExists = existsSync12(promptPath);
+  const promptExists = existsSync13(promptPath);
   if (mode === "probabilistic" && !promptExists) {
     return {
       ...fail(
@@ -10504,11 +10552,11 @@ var PluginLoader = class {
   discoverPaths() {
     const out = [];
     for (const root of this.#options.searchPaths) {
-      if (!existsSync13(root)) continue;
+      if (!existsSync14(root)) continue;
       for (const entry of readdirSync5(root, { withFileTypes: true })) {
         if (!entry.isDirectory()) continue;
         const candidate = join8(root, entry.name);
-        if (existsSync13(join8(candidate, "plugin.json"))) {
+        if (existsSync14(join8(candidate, "plugin.json"))) {
           out.push(resolve17(candidate));
         }
       }
@@ -10550,15 +10598,8 @@ var PluginLoader = class {
     const manifestResult = this.#parseAndValidateManifest(pluginPath, pluginId);
     if (!manifestResult.ok) return manifestResult.failure;
     const manifest = manifestResult.manifest;
-    if (this.#options.resolveEnabled && !this.#options.resolveEnabled(pluginId)) {
-      return {
-        path: pluginPath,
-        id: pluginId,
-        status: "disabled",
-        manifest,
-        reason: PLUGIN_LOADER_TEXTS.disabledByConfig
-      };
-    }
+    const gated = this.#preImportGate(pluginPath, pluginId, manifest);
+    if (gated) return gated;
     const loaded = [];
     for (const relEntry of discoverExtensionEntries(pluginPath)) {
       const result = await this.#loadAndValidateExtensionEntry(pluginPath, pluginId, manifest, relEntry);
@@ -10581,6 +10622,39 @@ var PluginLoader = class {
       ...storageSchemasResult.schemas ? { storageSchemas: storageSchemasResult.schemas } : {}
     };
   }
+  /**
+   * Pre-import gates run AFTER the JSON manifest parse (safe) and BEFORE
+   * any extension `import()` (executes code). Returns a short-circuit
+   * `disabled` discovery (manifest kept, code NOT imported) when a gate
+   * refuses, or `null` to proceed to the import loop:
+   *
+   *   - enable resolution: the per-config `resolveEnabled` plugin gate.
+   *   - import trust: the security boundary, refuse to execute a
+   *     project-local plugin the operator has not locally trusted; the
+   *     plugin stays discoverable in `sm plugins list` without running.
+   */
+  #preImportGate(pluginPath, pluginId, manifest) {
+    if (this.#options.resolveEnabled && !this.#options.resolveEnabled(pluginId)) {
+      return {
+        path: pluginPath,
+        id: pluginId,
+        status: "disabled",
+        manifest,
+        reason: PLUGIN_LOADER_TEXTS.disabledByConfig
+      };
+    }
+    if (this.#options.resolveImportTrust && !this.#options.resolveImportTrust(pluginId)) {
+      return {
+        path: pluginPath,
+        id: pluginId,
+        status: "disabled",
+        untrusted: true,
+        manifest,
+        reason: tx(PLUGIN_LOADER_TEXTS.untrustedNotLoaded, { pluginId })
+      };
+    }
+    return null;
+  }
   /**
    * Phase 1 of `loadOne`, read `plugin.json`, AJV-validate the manifest,
    * enforce the directory-name == pluginId structural rule, and check
@@ -10669,7 +10743,7 @@ var PluginLoader = class {
       } };
     }
     const abs = resolve17(pluginPath, relEntry);
-    if (!existsSync13(abs)) {
+    if (!existsSync14(abs)) {
       return { ok: false, failure: {
         ...fail(
           pluginPath,
@@ -10873,7 +10947,7 @@ function discoverExtensionEntries(pluginPath) {
 }
 function collectKindEntries(pluginPath, kindDir, out) {
   const kindAbs = resolve17(pluginPath, kindDir);
-  if (!existsSync13(kindAbs)) return;
+  if (!existsSync14(kindAbs)) return;
   let entries;
   try {
     entries = readdirSync5(kindAbs);
@@ -10900,7 +10974,7 @@ function isDirectorySafe2(path) {
 }
 function findIndexCandidate(entryAbs) {
   for (const candidate of INDEX_CANDIDATES) {
-    if (existsSync13(resolve17(entryAbs, candidate))) return candidate;
+    if (existsSync14(resolve17(entryAbs, candidate))) return candidate;
   }
   return null;
 }
@@ -10967,6 +11041,17 @@ function resolvePluginEnabled(pluginId, cfg, dbOverrides, installedDefault = tru
 function makeEnabledResolver(cfg, dbOverrides) {
   return (pluginId, installedDefault) => resolvePluginEnabled(pluginId, cfg, dbOverrides, installedDefault);
 }
+function makeImportTrustResolver(dbOverrides) {
+  return (pluginId) => {
+    if (isPluginLocked(pluginId)) return true;
+    const prefix = `${pluginId}/`;
+    for (const [key, enabled] of dbOverrides) {
+      if (!enabled) continue;
+      if (key === pluginId || key.startsWith(prefix)) return true;
+    }
+    return false;
+  };
+}
 
 // core/runtime/plugin-runtime/resolver.ts
 function defaultResolveEnabled(_id, installedDefault = true) {
@@ -10984,7 +11069,7 @@ function isPluginExtensionEnabled(ext, resolveEnabled) {
     installedDefaultEnabled(ext.stability)
   );
 }
-async function buildEnabledResolver(ctx) {
+async function buildResolverInputs(ctx) {
   const { effective: cfg } = loadConfig({ ...ctx });
   const dbPath = resolveDbPath({
     db: void 0,
@@ -10994,7 +11079,7 @@ async function buildEnabledResolver(ctx) {
     { databasePath: dbPath, autoBackup: false },
     (adapter) => adapter.pluginConfig.loadOverrideMap()
   ) ?? /* @__PURE__ */ new Map();
-  return makeEnabledResolver(cfg, dbOverrides);
+  return { resolveEnabled: makeEnabledResolver(cfg, dbOverrides), dbOverrides };
 }
 
 // kernel/scan/walk-content.ts
@@ -11002,7 +11087,7 @@ import { readFile, readdir, lstat } from "fs/promises";
 import { isAbsolute as isAbsolute4, join as join9, relative as relative2, resolve as resolve19, sep as sep3 } from "path";
 
 // kernel/scan/ignore.ts
-import { existsSync as existsSync14, readFileSync as readFileSync14 } from "fs";
+import { existsSync as existsSync15, readFileSync as readFileSync14 } from "fs";
 import { dirname as dirname11, resolve as resolve18 } from "path";
 import { fileURLToPath as fileURLToPath2 } from "url";
 import ignoreFactory from "ignore";
@@ -11033,7 +11118,7 @@ function loadBundledIgnoreText() {
 }
 function readIgnoreFileText(scopeRoot) {
   const path = resolve18(scopeRoot, ".skillmapignore");
-  if (!existsSync14(path)) return void 0;
+  if (!existsSync15(path)) return void 0;
   try {
     return readFileSync14(path, "utf8");
   } catch {
@@ -11068,7 +11153,7 @@ function readDefaultsFromDisk() {
     resolve18(here, "config/defaults/skillmapignore")
   ];
   for (const candidate of candidates) {
-    if (existsSync14(candidate)) {
+    if (existsSync15(candidate)) {
       try {
         return readFileSync14(candidate, "utf8");
       } catch {
@@ -11079,7 +11164,7 @@ function readDefaultsFromDisk() {
 }
 
 // plugins/core/parsers/frontmatter-yaml/index.ts
-import yaml3 from "js-yaml";
+import { load as yamlLoad3, JSON_SCHEMA as JSON_SCHEMA3 } from "js-yaml";
 var FRONTMATTER_RE = /^---\r?\n([\s\S]*?)\r?\n---\r?\n?([\s\S]*)$/;
 var frontmatterYamlParser = {
   id: "frontmatter-yaml",
@@ -11091,7 +11176,7 @@ var frontmatterYamlParser = {
     let parsed = {};
     const issues = [];
     try {
-      const doc = yaml3.load(frontmatterRaw, { schema: yaml3.JSON_SCHEMA });
+      const doc = yamlLoad3(frontmatterRaw, { schema: JSON_SCHEMA3 });
       if (doc && typeof doc === "object" && !Array.isArray(doc)) {
         parsed = stripPrototypePollution(doc);
       }
@@ -11531,8 +11616,11 @@ async function loadPluginRuntime(opts = {}) {
   const searchPaths = resolveSearchPaths(opts, ctx);
   const validators = loadSchemaValidators();
   let resolveEnabled;
+  let dbOverrides;
   try {
-    resolveEnabled = await buildEnabledResolver(ctx);
+    const inputs = await buildResolverInputs(ctx);
+    resolveEnabled = inputs.resolveEnabled;
+    dbOverrides = inputs.dbOverrides;
   } catch {
   }
   const loaderOpts = {
@@ -11541,6 +11629,9 @@ async function loadPluginRuntime(opts = {}) {
     specVersion: installedSpecVersion()
   };
   if (resolveEnabled) loaderOpts.resolveEnabled = resolveEnabled;
+  if (!opts.pluginDir) {
+    loaderOpts.resolveImportTrust = makeImportTrustResolver(dbOverrides ?? /* @__PURE__ */ new Map());
+  }
   const loader = createPluginLoader(loaderOpts);
   const discovered = await loader.discoverAndLoadAll();
   const runtime = {
@@ -11563,6 +11654,12 @@ async function loadPluginRuntime(opts = {}) {
     if (plugin.status === "disabled") continue;
     runtime.warnings.push(formatWarning(plugin));
   }
+  const untrustedCount = discovered.filter((p) => p.untrusted === true).length;
+  if (untrustedCount > 0) {
+    runtime.warnings.push(
+      tx(PLUGIN_LOADER_TEXTS.untrustedPluginsFoundNotice, { count: untrustedCount })
+    );
+  }
   enforceRootExclusivity(runtime.annotationContributions);
   return runtime;
 }
@@ -12001,15 +12098,27 @@ function groupRowsByFile(rows) {
 function formatSummary(counts, ansi) {
   const parts = [];
   if (counts.error > 0) {
-    parts.push(ansi.red(`${counts.error} error${counts.error === 1 ? "" : "s"}`));
+    parts.push(
+      ansi.red(
+        tx(CHECK_TEXTS.summaryErrorFragment, {
+          count: counts.error,
+          plural: counts.error === 1 ? "" : "s"
+        })
+      )
+    );
   }
   if (counts.warn > 0) {
     parts.push(
-      ansi.yellow(`${counts.warn} warning${counts.warn === 1 ? "" : "s"}`)
+      ansi.yellow(
+        tx(CHECK_TEXTS.summaryWarningFragment, {
+          count: counts.warn,
+          plural: counts.warn === 1 ? "" : "s"
+        })
+      )
     );
   }
   if (counts.info > 0) {
-    parts.push(ansi.cyan(`${counts.info} info`));
+    parts.push(ansi.cyan(tx(CHECK_TEXTS.summaryInfoFragment, { count: counts.info })));
   }
   return parts.join(" \xB7 ");
 }
@@ -12034,11 +12143,11 @@ function flattenMessage(message) {
 }
 
 // cli/commands/config.ts
-import { existsSync as existsSync16 } from "fs";
+import { existsSync as existsSync17 } from "fs";
 import { Command as Command4, Option as Option4 } from "clipanion";
 
 // kernel/scan/detect-providers.ts
-import { existsSync as existsSync15 } from "fs";
+import { existsSync as existsSync16 } from "fs";
 import { join as join10 } from "path";
 function detectProvidersFromFilesystem(cwd, providers) {
   const seen = /* @__PURE__ */ new Set();
@@ -12055,7 +12164,7 @@ function isDetectableUnderCwd(cwd, provider) {
   if (!installedDefaultEnabled(provider.stability)) return false;
   const markers = provider.detect?.markers;
   if (!markers || markers.length === 0) return false;
-  return markers.some((marker) => existsSync15(join10(cwd, marker)));
+  return markers.some((marker) => existsSync16(join10(cwd, marker)));
 }
 
 // core/config/active-provider.ts
@@ -12083,7 +12192,7 @@ function relativeIfBelow(path, cwd) {
 }
 
 // cli/util/scan-zone-drop.ts
-import { DatabaseSync as DatabaseSync5 } from "node:sqlite";
+import { DatabaseSync as DatabaseSync6 } from "node:sqlite";
 
 // cli/commands/db/shared.ts
 var SAFE_SQL_IDENTIFIER_RE = /^[a-zA-Z_][a-zA-Z0-9_]*$/;
@@ -12095,7 +12204,7 @@ function assertSafeIdentifier(name) {
 
 // cli/util/scan-zone-drop.ts
 function dropScanZone(dbPath) {
-  const db = new DatabaseSync5(dbPath);
+  const db = new DatabaseSync6(dbPath);
   try {
     const rows = db.prepare(
       "SELECT name FROM sqlite_master WHERE type='table' AND name LIKE 'scan\\_%' ESCAPE '\\'"
@@ -12686,7 +12795,7 @@ var ConfigSetCommand = class extends SmCommand {
   announceLensSwitch(cwd, ansi) {
     const dbPath = resolveDbPath({ db: void 0, cwd });
     const okGlyph = ansi.green("\u2713");
-    if (!existsSync16(dbPath)) {
+    if (!existsSync17(dbPath)) {
       this.printer.info(tx(CONFIG_TEXTS.lensSwitchedNoDb, { glyph: okGlyph }));
       return;
     }
@@ -12726,7 +12835,7 @@ var ConfigResetCommand = class extends SmCommand {
     const path = targetSettingsPath2(target, ctx.cwd);
     const ansi = this.ansiFor("stdout");
     const okGlyph = ansi.green("\u2713");
-    if (!existsSync16(path)) {
+    if (!existsSync17(path)) {
       this.printer.data(
         tx(CONFIG_TEXTS.unsetNoOverride, {
           glyph: okGlyph,
@@ -12801,16 +12910,17 @@ var CONFIG_COMMANDS = [
 ];
 
 // cli/commands/conformance.ts
-import { existsSync as existsSync19, readFileSync as readFileSync16 } from "fs";
+import { existsSync as existsSync20, readFileSync as readFileSync16 } from "fs";
 import { dirname as dirname13, resolve as resolve23 } from "path";
 import { fileURLToPath as fileURLToPath4 } from "url";
 import { Command as Command5, Option as Option5 } from "clipanion";
 
 // conformance/index.ts
 import { spawnSync as spawnSync2 } from "child_process";
-import { cpSync, existsSync as existsSync17, mkdtempSync, readdirSync as readdirSync6, readFileSync as readFileSync15, rmSync, statSync as statSync3 } from "fs";
+import { cpSync, existsSync as existsSync18, mkdtempSync, readdirSync as readdirSync6, readFileSync as readFileSync15, rmSync, statSync as statSync3 } from "fs";
 import { tmpdir } from "os";
 import { isAbsolute as isAbsolute6, join as join11, relative as relative3, resolve as resolve21 } from "path";
+import { DatabaseSync as DatabaseSync7 } from "node:sqlite";
 
 // conformance/i18n/runner.texts.ts
 var CONFORMANCE_RUNNER_TEXTS = {
@@ -12902,6 +13012,11 @@ function runConformanceCase(options) {
     if (c.fixture) {
       replaceFixture(scope, fixturesRoot, c.fixture);
     }
+    grantFixturePluginTrust(scope, options.binary, {
+      ...pickSafeEnv(process.env),
+      ...options.env,
+      ...setupEnv
+    });
     const argv = [c.invoke.verb];
     if (c.invoke.sub) argv.push(c.invoke.sub);
     if (c.invoke.args) argv.push(...c.invoke.args);
@@ -12971,6 +13086,40 @@ function replaceFixture(scope, fixturesRoot, fixture) {
   const src = join11(fixturesRoot, fixture);
   cpSync(src, scope, { recursive: true });
 }
+function grantFixturePluginTrust(scope, binary, env) {
+  const pluginsDir = join11(scope, KERNEL_SKILL_MAP_DIR, "plugins");
+  if (!existsSync18(pluginsDir)) return;
+  const ids = readdirSync6(pluginsDir, { withFileTypes: true }).filter((e) => e.isDirectory() && existsSync18(join11(pluginsDir, e.name, "plugin.json"))).map((e) => e.name);
+  if (ids.length === 0) return;
+  const dbPath = join11(scope, KERNEL_SKILL_MAP_DIR, "skill-map.db");
+  if (!existsSync18(dbPath)) {
+    spawnSync2(process.execPath, [binary, "init", "--no-scan"], { cwd: scope, env, encoding: "utf8" });
+  }
+  if (!hasConfigPluginsTable(dbPath)) {
+    spawnSync2(process.execPath, [binary, "scan"], { cwd: scope, env, encoding: "utf8" });
+  }
+  const db = new DatabaseSync7(dbPath);
+  try {
+    const stmt = db.prepare(
+      "INSERT INTO config_plugins (plugin_id, enabled, updated_at) VALUES (?, 1, 0) ON CONFLICT(plugin_id) DO UPDATE SET enabled = 1"
+    );
+    for (const id of ids) stmt.run(id);
+  } finally {
+    db.close();
+  }
+}
+function hasConfigPluginsTable(dbPath) {
+  if (!existsSync18(dbPath)) return false;
+  const db = new DatabaseSync7(dbPath, { readOnly: true });
+  try {
+    const row = db.prepare("SELECT name FROM sqlite_master WHERE type = 'table' AND name = 'config_plugins'").get();
+    return row !== void 0;
+  } catch {
+    return false;
+  } finally {
+    db.close();
+  }
+}
 function assertContained2(root, rel, label) {
   if (isAbsolute6(rel)) {
     throw new Error(
@@ -13005,7 +13154,7 @@ function evaluateAssertion(a, ctx) {
         return { ok: false, type: a.type, reason: formatErrorMessage(err) };
       }
       const abs = resolve21(ctx.scope, a.path);
-      return existsSync17(abs) ? { ok: true, type: a.type } : {
+      return existsSync18(abs) ? { ok: true, type: a.type } : {
         ok: false,
         type: a.type,
         reason: tx(CONFORMANCE_RUNNER_TEXTS.fileNotFound, { path: a.path })
@@ -13020,7 +13169,7 @@ function evaluateAssertion(a, ctx) {
       }
       const fixturePath = join11(ctx.fixturesRoot, a.fixture);
       const targetPath = resolve21(ctx.scope, a.path);
-      if (!existsSync17(targetPath)) {
+      if (!existsSync18(targetPath)) {
         return {
           ok: false,
           type: a.type,
@@ -13201,7 +13350,7 @@ var CONFORMANCE_TEXTS = {
 };
 
 // cli/util/conformance-scopes.ts
-import { existsSync as existsSync18, readdirSync as readdirSync7, statSync as statSync4 } from "fs";
+import { existsSync as existsSync19, readdirSync as readdirSync7, statSync as statSync4 } from "fs";
 import { dirname as dirname12, resolve as resolve22 } from "path";
 import { createRequire as createRequire6 } from "module";
 import { fileURLToPath as fileURLToPath3 } from "url";
@@ -13221,7 +13370,7 @@ function resolveCliWorkspaceRoot() {
   let cursor = here;
   for (let depth = 0; depth < 6; depth += 1) {
     const candidate = resolve22(cursor, "plugins");
-    if (existsSync18(candidate) && statSync4(candidate).isDirectory()) {
+    if (existsSync19(candidate) && statSync4(candidate).isDirectory()) {
       return cursor;
     }
     const parent = dirname12(cursor);
@@ -13241,7 +13390,7 @@ function collectProviderScopes(specRoot) {
     return out;
   }
   const pluginsRoot = resolve22(workspaceRoot, "plugins");
-  if (!existsSync18(pluginsRoot)) return out;
+  if (!existsSync19(pluginsRoot)) return out;
   for (const pluginEntry of readdirSync7(pluginsRoot)) {
     const pluginDir = resolve22(pluginsRoot, pluginEntry);
     if (!isDir(pluginDir)) continue;
@@ -13253,7 +13402,7 @@ function collectProviderScopes(specRoot) {
 }
 function isDir(path) {
   try {
-    return existsSync18(path) && statSync4(path).isDirectory();
+    return existsSync19(path) && statSync4(path).isDirectory();
   } catch {
     return false;
   }
@@ -13263,10 +13412,10 @@ function collectPluginProviderScopes(providersRoot, specRoot, out) {
     const providerDir = resolve22(providersRoot, entry);
     if (!isDir(providerDir)) continue;
     const conformanceDir = resolve22(providerDir, "conformance");
-    if (!existsSync18(conformanceDir)) continue;
+    if (!existsSync19(conformanceDir)) continue;
     const casesDir = resolve22(conformanceDir, "cases");
     const fixturesDir = resolve22(conformanceDir, "fixtures");
-    if (!existsSync18(casesDir) || !existsSync18(fixturesDir)) continue;
+    if (!existsSync19(casesDir) || !existsSync19(fixturesDir)) continue;
     out.push({
       id: `provider:${entry}`,
       kind: "provider",
@@ -13304,7 +13453,7 @@ function selectConformanceScopes(scope) {
   return [match];
 }
 function listCaseFiles(scope) {
-  if (!existsSync18(scope.casesDir)) return [];
+  if (!existsSync19(scope.casesDir)) return [];
   return readdirSync7(scope.casesDir).filter((entry) => entry.endsWith(".json")).sort().map((entry) => resolve22(scope.casesDir, entry));
 }
 
@@ -13323,7 +13472,7 @@ function resolveBinary() {
   let cursor = here;
   for (let depth = 0; depth < 6; depth += 1) {
     const candidate = resolve23(cursor, "bin", "sm.js");
-    if (existsSync19(candidate)) return candidate;
+    if (existsSync20(candidate)) return candidate;
     const parent = dirname13(cursor);
     if (parent === cursor) break;
     cursor = parent;
@@ -13389,7 +13538,7 @@ var ConformanceRunCommand = class extends SmCommand {
       return ExitCode.Error;
     }
     const binary = resolveBinary();
-    if (!existsSync19(binary)) {
+    if (!existsSync20(binary)) {
       if (this.json) {
         this.#emitJsonError(
           "internal",
@@ -13607,6 +13756,20 @@ var DB_TEXTS = {
    */
   restoreSourceNotFound: "{{glyph}}  Backup not found: {{sourcePath}}\n   {{hint}}\n",
   restoreSourceNotFoundHint: "Run `sm db backup` first, or pick an existing file (the default backups directory is `.skill-map/backups/`).",
+  /**
+   * Source exists but is not a SQLite database (missing the header).
+   * Restoring it would swap a non-DB into place; refuse with exit 2.
+   */
+  restoreSourceNotSqlite: "{{glyph}}  Not a SQLite database: {{sourcePath}}\n   {{hint}}\n",
+  restoreSourceNotSqliteHint: "The file is missing the SQLite header. Pick a real backup (created by `sm db backup`).",
+  /**
+   * Source is a valid DB but was written by a CLI this binary cannot
+   * read forward (newer minor or different major). Refuse with exit 2.
+   */
+  restoreSourceVersionSkew: "{{glyph}}  Refusing to restore {{sourcePath}}\n   {{detail}}\n   {{hint}}\n",
+  restoreSourceVersionNewerDetail: "It was written by skill-map {{dbVersion}}, newer than this CLI ({{currentVersion}}).",
+  restoreSourceVersionMajorDetail: "It was written by skill-map {{dbVersion}}, a different major than this CLI ({{currentVersion}}).",
+  restoreSourceVersionSkewHint: "Upgrade `sm` to a matching version before restoring this backup.",
   restoreConfirm: "Restore {{sourcePath}} over {{target}}? This overwrites the current DB.",
   restoreDone: "{{glyph}}  Restored {{sourcePath}} \u2192 {{target}}\n",
   // --- shared ----------------------------------------------------------
@@ -13734,6 +13897,39 @@ async function statOrNull(path) {
   }
 }
 
+// core/sqlite/restore-validation.ts
+import { open } from "fs/promises";
+var SQLITE_MAGIC_PREFIX = "SQLite format 3";
+async function validateRestorableDb(sourcePath, currentVersion) {
+  if (!await hasSqliteHeader(sourcePath)) {
+    return { ok: false, reason: "not-sqlite" };
+  }
+  const dbVersion = readScannedByVersion(sourcePath);
+  if (dbVersion === null) return { ok: true };
+  const outcome = classifyVersionSkew(dbVersion, currentVersion);
+  if (outcome.kind === "error-newer") {
+    return { ok: false, reason: "version-newer", dbVersion, currentVersion };
+  }
+  if (outcome.kind === "error-major") {
+    return { ok: false, reason: "version-major", dbVersion, currentVersion };
+  }
+  return { ok: true };
+}
+async function hasSqliteHeader(sourcePath) {
+  let handle = null;
+  try {
+    handle = await open(sourcePath, "r");
+    const buf = Buffer.alloc(16);
+    const { bytesRead } = await handle.read(buf, 0, 16, 0);
+    if (bytesRead === 0) return true;
+    return buf.toString("latin1", 0, 15) === SQLITE_MAGIC_PREFIX && buf[15] === 0;
+  } catch {
+    return false;
+  } finally {
+    await handle?.close();
+  }
+}
+
 // cli/commands/db/restore.ts
 async function chmodOwnerOnlyBestEffort(target) {
   try {
@@ -13774,19 +13970,13 @@ var DbRestoreCommand = class extends SmCommand {
       );
       return ExitCode.NotFound;
     }
+    const validation = await validateRestorableDb(sourcePath, VERSION);
+    if (!validation.ok) {
+      this.printValidationError(validation, sourcePath);
+      return ExitCode.Error;
+    }
     if (this.dryRun) {
-      this.printer.data(DB_TEXTS.dryRunHeader);
-      const sourceBytes = sourceStat.size;
-      const targetClause = await pathExists(target) ? DB_TEXTS.dryRunRestoreTargetExistsClause : DB_TEXTS.dryRunRestoreTargetMissingClause;
-      this.printer.data(
-        tx(DB_TEXTS.dryRunRestoreWouldOverwrite, {
-          sourcePath,
-          sourceBytes,
-          target,
-          targetClause
-        })
-      );
-      return ExitCode.Ok;
+      return this.previewRestore(sourcePath, sourceStat.size, target);
     }
     if (!this.yes) {
       const ok = await confirm(tx(DB_TEXTS.restoreConfirm, { sourcePath, target }), {
@@ -13815,21 +14005,65 @@ var DbRestoreCommand = class extends SmCommand {
     );
     return ExitCode.Ok;
   }
+  /**
+   * `--dry-run` preview: report the source size and whether the target
+   * would be created or overwritten, without copying or unlinking. The
+   * validation gate has already run, so this only describes the swap.
+   */
+  async previewRestore(sourcePath, sourceBytes, target) {
+    this.printer.data(DB_TEXTS.dryRunHeader);
+    const targetClause = await pathExists(target) ? DB_TEXTS.dryRunRestoreTargetExistsClause : DB_TEXTS.dryRunRestoreTargetMissingClause;
+    this.printer.data(
+      tx(DB_TEXTS.dryRunRestoreWouldOverwrite, {
+        sourcePath,
+        sourceBytes,
+        target,
+        targetClause
+      })
+    );
+    return ExitCode.Ok;
+  }
+  /** Render a `validateRestorableDb` rejection to stderr. */
+  printValidationError(validation, sourcePath) {
+    const ansi = this.ansiFor("stderr");
+    if (validation.reason === "not-sqlite") {
+      this.printer.error(
+        tx(DB_TEXTS.restoreSourceNotSqlite, {
+          glyph: ansi.red("\u2715"),
+          sourcePath,
+          hint: ansi.dim(DB_TEXTS.restoreSourceNotSqliteHint)
+        })
+      );
+      return;
+    }
+    const detailTemplate = validation.reason === "version-newer" ? DB_TEXTS.restoreSourceVersionNewerDetail : DB_TEXTS.restoreSourceVersionMajorDetail;
+    this.printer.error(
+      tx(DB_TEXTS.restoreSourceVersionSkew, {
+        glyph: ansi.red("\u2715"),
+        sourcePath,
+        detail: tx(detailTemplate, {
+          dbVersion: validation.dbVersion,
+          currentVersion: validation.currentVersion
+        }),
+        hint: ansi.dim(DB_TEXTS.restoreSourceVersionSkewHint)
+      })
+    );
+  }
 };
 
 // cli/commands/db/reset.ts
-import { DatabaseSync as DatabaseSync6 } from "node:sqlite";
+import { DatabaseSync as DatabaseSync8 } from "node:sqlite";
 import { Command as Command8, Option as Option8 } from "clipanion";
 
 // core/sqlite/db-files.ts
-import { existsSync as existsSync20 } from "fs";
+import { existsSync as existsSync21 } from "fs";
 import { rm as rm2 } from "fs/promises";
 var DB_FILE_SUFFIXES = ["", "-wal", "-shm"];
 async function removeDbFiles(dbPath) {
   if (dbPath === ":memory:") return;
   for (const suffix of DB_FILE_SUFFIXES) {
     const p = `${dbPath}${suffix}`;
-    if (existsSync20(p)) await rm2(p);
+    if (existsSync21(p)) await rm2(p);
   }
 }
 
@@ -13915,7 +14149,7 @@ var DbResetCommand = class extends SmCommand {
         return ExitCode.Error;
       }
     }
-    const db = new DatabaseSync6(path);
+    const db = new DatabaseSync8(path);
     try {
       const rows = db.prepare(
         "SELECT name FROM sqlite_master WHERE type='table' AND (name LIKE 'scan\\_%' ESCAPE '\\'" + (this.state ? " OR name LIKE 'state\\_%' ESCAPE '\\'" : "") + ")"
@@ -14058,7 +14292,7 @@ var DbBrowserCommand = class extends SmCommand {
 };
 
 // cli/commands/db/dump.ts
-import { DatabaseSync as DatabaseSync7 } from "node:sqlite";
+import { DatabaseSync as DatabaseSync9 } from "node:sqlite";
 import { Command as Command11, Option as Option10 } from "clipanion";
 var DbDumpCommand = class extends SmCommand {
   static paths = [["db", "dump"]];
@@ -14100,7 +14334,7 @@ var DbDumpCommand = class extends SmCommand {
   }
 };
 function dumpDatabaseToStream(dbPath, out, tables) {
-  const db = new DatabaseSync7(dbPath, { readOnly: true });
+  const db = new DatabaseSync9(dbPath, { readOnly: true });
   try {
     out.write("PRAGMA foreign_keys=OFF;\n");
     out.write("BEGIN TRANSACTION;\n");
@@ -14175,6 +14409,10 @@ function tryParseNonNegativeInt(raw) {
   }
   return parsed;
 }
+function tryParsePositiveInt(raw) {
+  const parsed = tryParseNonNegativeInt(raw);
+  return parsed === null || parsed === 0 ? null : parsed;
+}
 function parsePositiveIntegerOption(raw, label, stderr) {
   const parsed = tryParseNonNegativeInt(raw);
   if (parsed === null || parsed === 0) {
@@ -14435,7 +14673,7 @@ var DB_COMMANDS = [
 ];
 
 // cli/commands/example.ts
-import { cpSync as cpSync2, existsSync as existsSync21, statSync as statSync5 } from "fs";
+import { cpSync as cpSync2, existsSync as existsSync22, statSync as statSync5 } from "fs";
 import { dirname as dirname16, relative as relative5, resolve as resolve27 } from "path";
 import { fileURLToPath as fileURLToPath5 } from "url";
 import { Command as Command13, Option as Option12 } from "clipanion";
@@ -14739,7 +14977,7 @@ function resolveExampleSourceDir() {
     resolve27(here, "../cli/example")
   ];
   for (const candidate of candidates) {
-    if (existsSync21(candidate) && statSync5(candidate).isDirectory()) {
+    if (existsSync22(candidate) && statSync5(candidate).isDirectory()) {
       cachedSourceDir = candidate;
       return candidate;
     }
@@ -14751,7 +14989,7 @@ function resolveExampleSourceDir() {
 function isExamplePayloadEntry(sourceRoot, src) {
   const rel = relative5(sourceRoot, src);
   if (rel === "") return true;
-  return rel.split(/[\\/]/)[0] !== ".skill-map";
+  return rel.split(/[\\/]/)[0] !== SKILL_MAP_DIR;
 }
 
 // cli/commands/export.ts
@@ -16083,7 +16321,7 @@ import { join as join16 } from "path";
 import { Command as Command18, Option as Option17 } from "clipanion";
 
 // kernel/orchestrator/index.ts
-import { existsSync as existsSync24, statSync as statSync7 } from "fs";
+import { existsSync as existsSync25, statSync as statSync7 } from "fs";
 import { isAbsolute as isAbsolute10, resolve as resolve32 } from "path";
 import { Tiktoken as Tiktoken2 } from "js-tiktoken/lite";
 
@@ -17453,7 +17691,7 @@ function computeDriftStatus(args2) {
 }
 
 // kernel/sidecar/discover-orphans.ts
-import { existsSync as existsSync22, readdirSync as readdirSync8, statSync as statSync6 } from "fs";
+import { existsSync as existsSync23, readdirSync as readdirSync8, statSync as statSync6 } from "fs";
 import { join as join13, relative as relative6, sep as sep4 } from "path";
 function discoverOrphanSidecars(roots, shouldSkip) {
   const out = [];
@@ -17481,7 +17719,7 @@ function walk2(root, current, shouldSkip, out) {
     if (!entry.isFile()) continue;
     if (!entry.name.endsWith(".sm")) continue;
     const expectedMd = `${full.slice(0, -".sm".length)}.md`;
-    if (existsSync22(expectedMd) && safeIsFile(expectedMd)) continue;
+    if (existsSync23(expectedMd) && safeIsFile(expectedMd)) continue;
     out.push({ sidecarPath: full, relativePath: rel, expectedMdPath: expectedMd });
   }
 }
@@ -17495,10 +17733,10 @@ function safeIsFile(path) {
 
 // kernel/orchestrator/node-build.ts
 import { createHash as createHash2 } from "crypto";
-import { existsSync as existsSync23 } from "fs";
+import { existsSync as existsSync24 } from "fs";
 import { isAbsolute as isAbsolute8, resolve as resolvePath } from "path";
 import "js-tiktoken/lite";
-import yaml4 from "js-yaml";
+import { dump as yamlDump2, CORE_SCHEMA as CORE_SCHEMA2 } from "js-yaml";
 
 // kernel/orchestrator/frontmatter.ts
 function validateFrontmatter(providerFrontmatter, provider, kind, frontmatter, path, strict) {
@@ -17591,22 +17829,22 @@ function canonicalFrontmatter(parsed, raw) {
   if (!hasParsedKeys && hasRawText) {
     return raw;
   }
-  return yaml4.dump(parsed, {
+  return yamlDump2(parsed, {
     sortKeys: true,
     lineWidth: -1,
     noRefs: true,
-    noCompatMode: true
+    schema: CORE_SCHEMA2
   });
 }
 function canonicalSidecarAnnotations(annotations) {
   if (!annotations || typeof annotations !== "object" || Array.isArray(annotations)) {
-    return yaml4.dump({}, { sortKeys: true, lineWidth: -1, noRefs: true, noCompatMode: true });
+    return yamlDump2({}, { sortKeys: true, lineWidth: -1, noRefs: true, schema: CORE_SCHEMA2 });
   }
-  return yaml4.dump(annotations, {
+  return yamlDump2(annotations, {
     sortKeys: true,
     lineWidth: -1,
     noRefs: true,
-    noCompatMode: true
+    schema: CORE_SCHEMA2
   });
 }
 function resolveSidecarOverlay(relativePath2, nodePathForIssue, roots, liveBodyHash, liveFrontmatterHash) {
@@ -17660,11 +17898,11 @@ function resolveSidecarOverlay(relativePath2, nodePathForIssue, roots, liveBodyH
 }
 function resolveAbsoluteMdPath(relativePath2, roots) {
   if (isAbsolute8(relativePath2)) {
-    return existsSync23(relativePath2) ? relativePath2 : null;
+    return existsSync24(relativePath2) ? relativePath2 : null;
   }
   for (const root of roots) {
     const candidate = resolvePath(root, relativePath2);
-    if (existsSync23(candidate)) return candidate;
+    if (existsSync24(candidate)) return candidate;
   }
   return null;
 }
@@ -18477,7 +18715,7 @@ function validateRoots(roots) {
     throw new Error(ORCHESTRATOR_TEXTS.runScanRootEmptyArray);
   }
   for (const root of roots) {
-    if (!existsSync24(root) || !statSync7(root).isDirectory()) {
+    if (!existsSync25(root) || !statSync7(root).isDirectory()) {
       throw new Error(tx(ORCHESTRATOR_TEXTS.runScanRootMissing, { root }));
     }
   }
@@ -18486,7 +18724,7 @@ function resolveActiveProviderOption(optionValue, roots, providers) {
   if (optionValue !== void 0) return optionValue;
   for (const root of roots) {
     const absRoot = isAbsolute10(root) ? root : resolve32(root);
-    if (!existsSync24(absRoot)) continue;
+    if (!existsSync25(absRoot)) continue;
     const detected = detectProvidersFromFilesystem(absRoot, providers)[0] ?? null;
     if (detected !== null) return detected;
   }
@@ -19232,9 +19470,7 @@ async function promptForLens(detected, stdin, stderr, warnGlyph) {
 }
 
 // core/sqlite/db-drift-reset.ts
-import { existsSync as existsSync25 } from "fs";
 import { createInterface as createInterface5 } from "readline";
-import { DatabaseSync as DatabaseSync8 } from "node:sqlite";
 
 // core/sqlite/i18n/db-drift.texts.ts
 var DB_DRIFT_TEXTS = {
@@ -19283,20 +19519,6 @@ function detectDriftReason(dbPath, currentVersion) {
   }
   return classifyFingerprint(dbPath).kind === "drift" ? "schema" : null;
 }
-function readScannedByVersion(dbPath) {
-  if (dbPath === ":memory:" || !existsSync25(dbPath)) return null;
-  let raw = null;
-  try {
-    raw = new DatabaseSync8(dbPath, { readOnly: true });
-    const row = raw.prepare("SELECT scanned_by_version AS v FROM scan_meta LIMIT 1").get();
-    const v = row?.v;
-    return typeof v === "string" && v.length > 0 ? v : null;
-  } catch {
-    return null;
-  } finally {
-    raw?.close();
-  }
-}
 function reasonText(reason) {
   return reason === "version" ? DB_DRIFT_TEXTS.driftReasonVersion : DB_DRIFT_TEXTS.driftReasonSchema;
 }
@@ -25241,8 +25463,8 @@ function parseBreakerLimit(raw, stderr, noColor) {
 }
 function parseMaxScanLimit(raw, stderr, noColor) {
   if (raw === void 0) return void 0;
-  const n = Number(raw);
-  if (!Number.isInteger(n) || n < 1) {
+  const n = tryParsePositiveInt(raw);
+  if (n === null) {
     const stderrTty = stderr;
     const ansi = ansiFor({ isTTY: stderrTty.isTTY === true, noColorFlag: noColor });
     stderr.write(
@@ -25258,8 +25480,8 @@ function parseMaxScanLimit(raw, stderr, noColor) {
 }
 function parseMaxNodesLimit(raw, stderr, noColor) {
   if (raw === void 0) return void 0;
-  const n = Number(raw);
-  if (!Number.isInteger(n) || n < 1) {
+  const n = tryParsePositiveInt(raw);
+  if (n === null) {
     const stderrTty = stderr;
     const ansi = ansiFor({ isTTY: stderrTty.isTTY === true, noColorFlag: noColor });
     stderr.write(
@@ -25426,8 +25648,8 @@ var ScanCommand = class extends SmCommand {
    */
   parseIntegerFlag(raw, invalidTemplate, invalidHint) {
     if (raw === void 0) return { kind: "ok", value: void 0 };
-    const n = Number(raw);
-    if (!Number.isInteger(n) || n < 1) {
+    const n = tryParsePositiveInt(raw);
+    if (n === null) {
       const ansi = this.ansiFor("stderr");
       this.printer.info(
         tx(invalidTemplate, {
@@ -26403,7 +26625,7 @@ function originGuarded(path) {
 }
 
 // server/security-headers.ts
-var DEFAULT_CSP = "frame-ancestors 'none'; base-uri 'self'; form-action 'self'";
+var DEFAULT_CSP = "frame-ancestors 'none'; base-uri 'self'; form-action 'self'; object-src 'none'";
 function createSecurityHeaders() {
   return async (c, next) => {
     await next();
@@ -27054,7 +27276,7 @@ import { HTTPException as HTTPException8 } from "hono/http-exception";
 
 // server/node-body.ts
 import { constants as fsConstants2 } from "fs";
-import { open } from "fs/promises";
+import { open as open2 } from "fs/promises";
 import { isAbsolute as isAbsolute14, resolve as resolvePath2, relative as relativePath, sep as sep8 } from "path";
 async function readNodeBody(cwd, relPath) {
   if (isAbsolute14(relPath)) return null;
@@ -27067,7 +27289,7 @@ async function readNodeBody(cwd, relPath) {
   let raw;
   let handle = null;
   try {
-    handle = await open(absFile, fsConstants2.O_RDONLY | fsConstants2.O_NOFOLLOW);
+    handle = await open2(absFile, fsConstants2.O_RDONLY | fsConstants2.O_NOFOLLOW);
     raw = await handle.readFile("utf-8");
   } catch (err) {
     if (isExpectedFsError(err)) return null;
@@ -28526,7 +28748,7 @@ var parsePatchBody5 = makeBodyValidator(PATCH_BODY_SCHEMA4, {
 
 // server/routes/actions.ts
 import { HTTPException as HTTPException16 } from "hono/http-exception";
-import { resolve as resolve41 } from "path";
+import { relative as relative10, resolve as resolve41 } from "path";
 
 // server/routes/node-loader.ts
 import { HTTPException as HTTPException15 } from "hono/http-exception";
@@ -28658,7 +28880,18 @@ function invokeAction(action, absPath, node, body, cwd) {
   };
   return invoke(body.input ?? {}, ctx);
 }
+function assertSidecarWritesContained(writes, cwd) {
+  for (const w of writes ?? []) {
+    if (w.kind !== "sidecar") continue;
+    try {
+      assertContained(cwd, relative10(cwd, w.path));
+    } catch (err) {
+      throw new HTTPException16(400, { message: formatErrorMessage(err) });
+    }
+  }
+}
 async function materializeWrites(writes, body, cwd) {
+  assertSidecarWritesContained(writes, cwd);
   const store = new FilesystemSidecarStore(ensureSidecarWritesAllowed);
   try {
     for (const w of writes ?? []) {
@@ -30203,6 +30436,12 @@ function listenAsync(fetchCallback, wss, host, port) {
         fetch: fetchCallback,
         hostname: host,
         port,
+        // `wss` IS a structural `WebSocketServerLike` at runtime (created
+        // with `{ noServer: true }` above). The cast bridges a pure
+        // type-skew: @hono/node-server 2.0.6 declares
+        // `WebSocketServerLike.options.noServer` as `boolean` while
+        // @types/ws declares it `boolean | undefined`, which our
+        // `exactOptionalPropertyTypes: true` tsconfig rejects.
         websocket: { server: wss }
       },
       () => {
@@ -30520,7 +30759,7 @@ var ServeCommand = class extends SmCommand {
       );
       return ExitCode.Error;
     }
-    const maxScanResult = parseMaxScan(this.maxScan);
+    const maxScanResult = parseMaxIntFlag(this.maxScan);
     if (!maxScanResult.ok) {
       this.printer.info(
         tx(SERVE_TEXTS.maxScanInvalid, {
@@ -30531,7 +30770,7 @@ var ServeCommand = class extends SmCommand {
       );
       return ExitCode.Error;
     }
-    const maxNodesResult = parseMaxNodes(this.maxNodes);
+    const maxNodesResult = parseMaxIntFlag(this.maxNodes);
     if (!maxNodesResult.ok) {
       this.printer.info(
         tx(SERVE_TEXTS.maxNodesInvalid, {
@@ -30660,16 +30899,10 @@ function parseDebounce(raw) {
   if (parsed === null) return { ok: false, value: raw };
   return { ok: true, value: parsed };
 }
-function parseMaxScan(raw) {
+function parseMaxIntFlag(raw) {
   if (raw === void 0) return { ok: true, value: void 0 };
-  const n = Number(raw);
-  if (!Number.isInteger(n) || n < 1) return { ok: false, value: raw };
-  return { ok: true, value: n };
-}
-function parseMaxNodes(raw) {
-  if (raw === void 0) return { ok: true, value: void 0 };
-  const n = Number(raw);
-  if (!Number.isInteger(n) || n < 1) return { ok: false, value: raw };
+  const n = tryParsePositiveInt(raw);
+  if (n === null) return { ok: false, value: raw };
   return { ok: true, value: n };
 }
 function resolveUiDist(ctx, raw) {
@@ -31829,13 +32062,15 @@ var TUTORIAL_TEXTS = {
   writtenLabelEn: "English",
   writtenLabelEs: "Espa\xF1ol",
   // Destination-provider prompt (interactive stdin, no `--for`). Header
-  // uses a yellow `?` glyph; options are a numbered list of provider
-  // label (with any `aka` agents in parentheses) + skill directory, with
-  // a `(default)` marker on the first option (Claude). The input line
-  // accepts a number, a provider id, or an empty answer (which takes the
-  // default).
+  // uses a yellow `?` glyph; options are a numbered list of the provider's
+  // vendor name (for a provider with an `aka`, the aka vendor leads and the
+  // provider label follows in parentheses), with a `(default)` marker on
+  // the first option (Claude). The destination folder is deliberately NOT
+  // shown: several providers share `.agents/skills`, so the folder does not
+  // identify the lens. The input line accepts a number, a provider id, or
+  // an empty answer (which takes the default).
   promptHeader: "{{glyph}}  Which agent should host the tutorial skill?",
-  promptOption: "     {{index}}) {{label}}: {{skillDir}}{{marker}}",
+  promptOption: "     {{index}}) {{label}}{{marker}}",
   promptDefaultMarker: "  (default)",
   promptInput: "  Enter the number or provider id [default {{index}}]: ",
   // Prompt answer matched neither an index nor an id. Goes to stderr,
@@ -31966,9 +32201,7 @@ var TutorialCommand = class extends SmCommand {
       return ExitCode.Error;
     }
     try {
-      rmSync2(targetDir, { recursive: true, force: true });
-      mkdirSync6(dirname21(targetDir), { recursive: true });
-      cpSync3(sourceDir, targetDir, { recursive: true });
+      materializeSkillFolder(sourceDir, targetDir, ctx.cwd, target.marker);
     } catch (err) {
       this.printer.error(
         tx(TUTORIAL_TEXTS.writeFailed, {
@@ -32059,6 +32292,14 @@ var TutorialCommand = class extends SmCommand {
     return picked;
   }
 };
+function materializeSkillFolder(sourceDir, targetDir, cwd, marker) {
+  rmSync2(targetDir, { recursive: true, force: true });
+  mkdirSync6(dirname21(targetDir), { recursive: true });
+  cpSync3(sourceDir, targetDir, { recursive: true });
+  if (marker !== void 0) {
+    mkdirSync6(join21(cwd, marker), { recursive: true });
+  }
+}
 function toScaffoldTarget(provider, includeExperimental) {
   const scaffold = provider.scaffold;
   if (!scaffold || !scaffold.skillDir) return null;
@@ -32067,6 +32308,7 @@ function toScaffoldTarget(provider, includeExperimental) {
     id: provider.id,
     label: provider.presentation.label,
     skillDir: scaffold.skillDir,
+    ...scaffold.marker !== void 0 ? { marker: scaffold.marker } : {},
     aka: scaffold.aka ?? []
   };
 }
@@ -32079,7 +32321,7 @@ function listScaffoldTargets(includeExperimental = false) {
   return out;
 }
 function labelWithAka(target) {
-  return target.aka.length > 0 ? `${target.label} (${target.aka.join(", ")})` : target.label;
+  return target.aka.length > 0 ? `${target.aka.join(", ")} (${target.label})` : target.label;
 }
 function renderTargetLines(targets, def, glyph) {
   const lines = [tx(TUTORIAL_TEXTS.promptHeader, { glyph })];
@@ -32089,7 +32331,6 @@ function renderTargetLines(targets, def, glyph) {
       tx(TUTORIAL_TEXTS.promptOption, {
         index: i + 1,
         label: labelWithAka(t),
-        skillDir: `${t.skillDir}/`,
         marker: t.id === def.id ? TUTORIAL_TEXTS.promptDefaultMarker : ""
       })
     );
@@ -32375,4 +32616,4 @@ function resolveBareDefault() {
   process.exit(ExitCode.Error);
 }
 //# sourceMappingURL=cli.js.map
-//# debugId=8b8b0da7-bdb9-55ed-8dcd-0f983f8be006
+//# debugId=a842c024-162c-5a3a-85db-1daea4b6735f