@skill-map/cli 0.68.1 → 0.70.0

package/dist/cli.js

@@ -1,6 +1,6 @@
 // cli/entry.ts
 
-!function(){try{var e="undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof globalThis?globalThis:"undefined"!=typeof self?self:{},n=(new e.Error).stack;n&&(e._sentryDebugIds=e._sentryDebugIds||{},e._sentryDebugIds[n]="a842c024-162c-5a3a-85db-1daea4b6735f")}catch(e){}}();
+!function(){try{var e="undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof globalThis?globalThis:"undefined"!=typeof self?self:{},n=(new e.Error).stack;n&&(e._sentryDebugIds=e._sentryDebugIds||{},e._sentryDebugIds[n]="ca8113af-a7ac-5cd7-b45c-03a5974bca86")}catch(e){}}();
 import { existsSync as existsSync34 } from "fs";
 import { Builtins, Cli as Cli2 } from "clipanion";
 
@@ -250,7 +250,7 @@ function bucketByKind(kind, instance, bag) {
 // package.json
 var package_default = {
   name: "@skill-map/cli",
-  version: "0.68.1",
+  version: "0.70.0",
   description: "skill-map reference implementation \u2014 kernel + CLI + adapters.",
   license: "MIT",
   type: "module",
@@ -633,7 +633,10 @@ var claudeProvider = {
   presentation: {
     label: "Anthropic's Claude",
     color: "#cc785c",
-    colorDark: "#e89270"
+    colorDark: "#e89270",
+    // Claude Code invokes both commands and skills with `/`; the palette
+    // paints this as the `invokes` edge glyph under the claude lens.
+    invocationSigil: "/"
   },
   // Auto-detect marker: a `.claude/` directory under the scope root marks
   // a Claude Code project. Provider-owned (replaces the old central
@@ -913,13 +916,11 @@ var atDirectiveExtractor = {
   kind: "extractor",
   description: "Detects `@<token>` directives in a node's body using Claude Code rules, choosing the link kind by token shape. Example: a bare handle `@team` becomes a `mentions` link, while a file-flavoured token `@docs/api.md` becomes a `references` link.",
   scope: "body",
-  // Authorised under the claude AND codex lenses: OpenAI Codex sub-agents
-  // reference each other with the same `@<name>` mention grammar, and their
-  // prompt (the TOML `developer_instructions` body, fed in via the codex
-  // provider's `read.bodyField`) carries the same `@` tokens. The gate is the active
-  // lens, not the node's provider, so under `codex` this parses `@` across
-  // the project's markdown surface just as it does under `claude`.
-  precondition: { provider: ["claude", "codex"] },
+  // Claude-only. This is Claude's `@<name>` grammar, where a bare handle is
+  // an agent / entity MENTION. OpenAI Codex's `@` is a file-path picker, not
+  // a mention grammar, so codex is NOT gated here; the codex-owned `at-file`
+  // extractor covers `@`-as-file-reference under the codex lens.
+  precondition: { provider: ["claude"] },
   // eslint-disable-next-line complexity
   extract(ctx) {
     const seenMentions = /* @__PURE__ */ new Set();
@@ -1007,16 +1008,15 @@ var slashCommandExtractor = {
   kind: "extractor",
   description: "Turns `/command` invocations in a node's body into arrows that point at the resolved slash command or skill, using Claude Code routing rules. Example: `/deploy` in the body draws an arrow to the `deploy` command.",
   scope: "body",
-  // Also authorised under the codex and antigravity lenses, which share the
-  // `/command` grammar. Under codex a sub-agent's prompt body (the TOML
-  // `developer_instructions` field) has its `/command` tokens parsed for
-  // pipeline parity; codex resolves them to its open-standard skills
-  // (`invokes: ['skill']`). Under antigravity a workflow / skill / AGENTS.md
-  // body's `/name` tokens resolve to BOTH skills and workflows
-  // (`invokes: ['skill', 'workflow']`), since Antigravity invokes either by
-  // the same slash. A lens that declares no `invokes` resolution leaves the
-  // signals unresolved (no spurious edges).
-  precondition: { provider: ["claude", "codex", "antigravity"] },
+  // Also authorised under the antigravity lens, which shares the `/command`
+  // grammar: a workflow / skill / AGENTS.md body's `/name` tokens resolve to
+  // BOTH skills and workflows (`invokes: ['skill', 'workflow']`), since
+  // Antigravity invokes either by the same slash. NOT gated under codex:
+  // OpenAI Codex reserves `/` for its OWN built-in commands (`/model`,
+  // `/init`, ...) and invokes user skills with `$` instead (parsed by the
+  // codex `dollar-skill` extractor). A lens that declares no `invokes`
+  // resolution leaves the signals unresolved (no spurious edges).
+  precondition: { provider: ["claude", "antigravity"] },
   extract(ctx) {
     const seen = /* @__PURE__ */ new Set();
     const body = stripCodeAndHtml(ctx.body);
@@ -1241,26 +1241,32 @@ var agentSkillsProvider = {
   stability: "stable",
   // Auto-detect marker: a `.agents/` directory marks an open-standard
   // project. This is also the marker a Google/Antigravity project carries
-  // (Antigravity adopted the open standard). The marker only produces an
-  // auto-detect candidate once this experimental provider is enabled.
-  // Provider-owned.
-  detect: { markers: [".agents"] },
+  // (Antigravity adopted the open standard) and the shared skill home a
+  // Codex project populates under `.agents/skills/`. `fallback: true` makes
+  // this candidate yield to any vendor marker present alongside `.agents/`:
+  // a `.codex/` + `.agents/` project resolves `codex` outright, never an
+  // ambiguous `codex` vs `agent-skills` prompt. The `.agents/` marker only
+  // wins when no vendor marker is present. Provider-owned.
+  detect: { markers: [".agents"], fallback: true },
   // Authoring target for `sm tutorial`: the open standard discovers skills
   // under `.agents/skills/<name>/SKILL.md`. `aka` lists Antigravity, which
   // shares this territory AND the BASIC tutorial track (skill + markdown,
   // references), so a tester on Antigravity scaffolds here. OpenAI Codex
   // also reads `.agents/skills/`, but Codex is a RICH-track lens (it has the
-  // `agent` kind, slash and `@`), so advertising it under this basic row
+  // `agent` kind, plus `$`-skill invocation and `@`-file references), so
+  // advertising it under this basic row
   // would hand it the wrong book; Codex is surfaced once a Codex rich
   // scaffold target lands. `aka` is display-only, `--for` matches the id.
   scaffold: { skillDir: ".agents/skills", aka: ["Google's Antigravity"] },
   read: COMMONS_READ,
   kinds: COMMONS_KINDS,
   resolution: COMMONS_RESOLUTION,
-  // Base reserved-name catalog (self-scope under the `agent-skills` lens). The
-  // shared export is inherited by every Provider that adopts the open
-  // standard (see `COMMONS_RESERVED_NAMES` above).
-  reservedNames: COMMONS_RESERVED_NAMES,
+  // NO `reservedNames`: the neutral open standard has no `/`-invocation, a
+  // skill activates by its `description` and connects via markdown links, so
+  // a skill name cannot shadow a built-in `/` command. The shared
+  // `COMMONS_RESERVED_NAMES` export above is for `/`-invoking vendors
+  // (Antigravity) to spread, NOT applied here. See spec/architecture.md
+  // §Provider · reservedNames.
   classify: classifyCommonsPath
 };
 
@@ -1308,7 +1314,10 @@ var antigravityProvider = {
   presentation: {
     label: "Google's Antigravity",
     color: "#7c3aed",
-    colorDark: "#a78bfa"
+    colorDark: "#a78bfa",
+    // Antigravity bolts `/`-invocation onto the open standard (skills and
+    // workflows are `/<name>`), so the `invokes` edge glyph is the slash.
+    invocationSigil: "/"
   },
   // Auto-detect marker: Antigravity's workflows live under `.agent/workflows/`
   // (SINGULAR `.agent`), its one vendor-specific on-disk territory. Skills
@@ -1461,7 +1470,11 @@ var codexProvider = {
   presentation: {
     label: "OpenAI's Codex",
     color: "#22c55e",
-    colorDark: "#4ade80"
+    colorDark: "#4ade80",
+    // Codex invokes skills with `$` (`$publish`); `/` is reserved for its
+    // own built-in commands (`/model`, `/init`), so the `invokes` edge glyph
+    // under the codex lens is the dollar, not the slash.
+    invocationSigil: "$"
   },
   // Auto-detect marker: a `.codex/` directory marks a Codex CLI project.
   // `AGENTS.md` is intentionally NOT a marker: it is the open agents.md
@@ -1527,19 +1540,21 @@ var codexProvider = {
     // `frontmatter.name`.
     ...COMMONS_KINDS
   },
-  // Mentions resolve to agents (`@<name>`, the Codex sub-agent handle).
-  // Slash invocations resolve to skills (`invokes: ['skill']`, inherited
-  // from the open standard), so a `/skill-name` in an agent's prompt links
-  // to its `.agents/skills/` skill.
+  // Skill invocations resolve to skills (`invokes: ['skill']`, inherited
+  // from the open standard): a `$skill-name` in an agent's prompt (parsed by
+  // the codex `dollar-skill` extractor) links to its `.agents/skills/` skill.
+  // NO `mentions` entry: Codex's `@` is a file picker, parsed by the
+  // codex-owned `at-file` extractor as a path-resolved `references` link, not
+  // an agent-mention grammar.
   resolution: {
-    mentions: ["agent"],
     ...COMMONS_RESOLUTION
   },
-  // Open-standard reserved-name base (the universal cross-agent slash
-  // verbs an agent CLI ships built-in), inherited from `agent-skills` and
-  // applied under the codex lens via SELF scope: a user skill that shadows
-  // one is flagged by `core/name-reserved`.
-  reservedNames: COMMONS_RESERVED_NAMES,
+  // NO `reservedNames`: Codex invokes skills via `$` (the `dollar-skill`
+  // extractor), a namespace disjoint from its built-in `/` commands, so a
+  // `$`-skill named `model` does NOT collide with `/model`. Reserved-skill
+  // names only apply to lenses that invoke skills through the `/` command
+  // channel (claude, antigravity). See spec/architecture.md §Provider ·
+  // reservedNames.
   classify(path) {
     const lower = path.toLowerCase();
     if (lower.startsWith(".codex/agents/") && lower.endsWith(".toml")) return "agent";
@@ -1547,6 +1562,123 @@ var codexProvider = {
   }
 };
 
+// plugins/codex/extractors/at-file/index.ts
+import { posix as pathPosix2 } from "path";
+var ID4 = "at-file";
+var AT_RE2 = /(?:^|[^A-Za-z0-9_@])(@(?:\.{1,2}\/|\/)?[a-z0-9](?:[a-z0-9_\-./]*[a-z0-9_])?(?::[a-z0-9][a-z0-9_-]*)?)/gi;
+var FILE_EXT_RE2 = /\.(md|mdx|js|jsx|ts|tsx|json|yml|yaml|toml|txt|html|css|scss|less|py|rb|go|rs|java|c|cpp|h|hpp|sh|sql|svg|png|jpg|jpeg|gif|webp|pdf)$/i;
+var atFileExtractor = {
+  id: ID4,
+  pluginId: OPENAI_PLUGIN_ID,
+  kind: "extractor",
+  description: "Detects `@<file>` references in a node's body under the OpenAI Codex lens, where `@` is a file picker. A path- or extension-shaped token becomes a `references` link to that file; a bare `@handle` forms no edge. Example: `@builder.toml` in an agent's prompt draws an arrow to the `builder` agent file.",
+  scope: "body",
+  // Codex-only: under the codex lens `@` is a file-path picker, so only
+  // file-shaped tokens form references. The claude `at-directive` (bare
+  // `@handle` → agent mention) is NOT gated under codex.
+  precondition: { provider: ["codex"] },
+  extract(ctx) {
+    const seenReferences = /* @__PURE__ */ new Set();
+    const body = stripCodeAndHtml(ctx.body);
+    const lineStarts = computeLineStarts(body);
+    const sourceDir = pathPosix2.dirname(ctx.node.path);
+    for (const match of body.matchAll(AT_RE2)) {
+      const original = match[1];
+      const bare = original.slice(1);
+      const rationale = classifyAtToken(bare);
+      if (rationale === null) continue;
+      const target = resolveSourceRelative2(sourceDir, bare);
+      const dedupKey = target.toLowerCase();
+      if (seenReferences.has(dedupKey)) continue;
+      seenReferences.add(dedupKey);
+      const captureOffset = (match.index ?? 0) + match[0].indexOf(original);
+      const line = lineFor(lineStarts, captureOffset);
+      ctx.emitSignal({
+        source: ctx.node.path,
+        scope: "body",
+        range: { start: captureOffset, end: captureOffset + original.length, line },
+        raw: original,
+        candidates: [
+          {
+            extractorId: ID4,
+            kind: "references",
+            target,
+            // 0.85: strong file signal (path prefix or known extension),
+            // one degree of inference (the runtime resolves the path).
+            confidence: 0.85,
+            rationale,
+            trigger: {
+              originalTrigger: original,
+              normalizedTrigger: target
+            }
+          }
+        ]
+      });
+    }
+  }
+};
+function classifyAtToken(bare) {
+  if (bare.startsWith("/")) return null;
+  if (bare.startsWith("./") || bare.startsWith("../")) return "relative path prefix";
+  if (FILE_EXT_RE2.test(bare)) return "known file extension";
+  return null;
+}
+function resolveSourceRelative2(sourceDir, bare) {
+  const joined = sourceDir === "." ? bare : `${sourceDir}/${bare}`;
+  return pathPosix2.normalize(joined);
+}
+
+// plugins/codex/extractors/dollar-skill/index.ts
+var ID5 = "dollar-skill";
+var DOLLAR_RE = /(?<![A-Za-z0-9_$])(\$[a-z][a-z0-9_-]*)/g;
+var dollarSkillExtractor = {
+  id: ID5,
+  pluginId: OPENAI_PLUGIN_ID,
+  kind: "extractor",
+  description: "Turns `$skill` invocations in a node's body into arrows that point at the resolved Codex skill, using OpenAI Codex routing rules. Example: `$check-links` in the body draws an arrow to the `check-links` skill.",
+  scope: "body",
+  // Codex-only: `$skill` is OpenAI Codex's explicit skill-invocation
+  // grammar. The codex provider resolves it to its open-standard skills
+  // (`invokes: ['skill']`). Other lenses do not parse `$`.
+  precondition: { provider: ["codex"] },
+  extract(ctx) {
+    const seen = /* @__PURE__ */ new Set();
+    const body = stripCodeAndHtml(ctx.body);
+    const lineStarts = computeLineStarts(body);
+    for (const match of body.matchAll(DOLLAR_RE)) {
+      const original = match[1];
+      const normalized = normalizeTrigger(original);
+      if (seen.has(normalized)) continue;
+      seen.add(normalized);
+      const captureOffset = (match.index ?? 0) + match[0].indexOf(original);
+      const line = lineFor(lineStarts, captureOffset);
+      ctx.emitSignal({
+        source: ctx.node.path,
+        scope: "body",
+        range: { start: captureOffset, end: captureOffset + original.length, line },
+        raw: original,
+        candidates: [
+          {
+            extractorId: ID5,
+            kind: "invokes",
+            target: original,
+            // 0.8: clean `$skill` match after code-block strip. The
+            // lowercase-letter guard filters currency / env-var noise, so a
+            // hit is unambiguous syntax. Resolution against the live skill
+            // catalog happens downstream.
+            confidence: 0.8,
+            rationale: "unambiguous $skill syntax post code-block strip",
+            trigger: {
+              originalTrigger: original,
+              normalizedTrigger: normalized
+            }
+          }
+        ]
+      });
+    }
+  }
+};
+
 // plugins/core/providers/core-markdown/schemas/markdown.schema.json
 var markdown_schema_default = {
   $schema: "https://json-schema.org/draft/2020-12/schema",
@@ -1634,11 +1766,11 @@ var coreMarkdownProvider = {
 };
 
 // plugins/core/extractors/backtick-path/index.ts
-import { posix as pathPosix2 } from "path";
-var ID4 = "backtick-path";
+import { posix as pathPosix3 } from "path";
+var ID6 = "backtick-path";
 var PATH_RE = /(?<![\w/:.-])(?:\.{1,2}\/)?[\w][\w.-]*(?:\/[\w.-]+)*\.md\b(?![\w/])/g;
 var backtickPathExtractor = {
-  id: ID4,
+  id: ID6,
   pluginId: CORE_PLUGIN_ID,
   kind: "extractor",
   description: "Turns relative .md paths written inside code spans and fenced blocks into arrows between nodes in the graph. Example: a backticked `references/rules.md` path draws an arrow to that file.",
@@ -1647,7 +1779,7 @@ var backtickPathExtractor = {
     const seen = /* @__PURE__ */ new Set();
     const body = extractCodeRegions(ctx.body);
     const lineStarts = computeLineStarts(body);
-    const sourceDir = pathPosix2.dirname(ctx.node.path);
+    const sourceDir = pathPosix3.dirname(ctx.node.path);
     for (const match of body.matchAll(PATH_RE)) {
       const original = match[0];
       const resolved = resolveTarget(sourceDir, original);
@@ -1663,7 +1795,7 @@ var backtickPathExtractor = {
         raw: original,
         candidates: [
           {
-            extractorId: ID4,
+            extractorId: ID6,
             kind: "points",
             target: resolved,
             // 0.85: a strong file signal with one degree of inference,
@@ -1688,11 +1820,11 @@ function resolveTarget(sourceDir, raw) {
   if (trimmed.length === 0) return null;
   if (trimmed.startsWith("/")) return null;
   const joined = sourceDir === "." ? trimmed : `${sourceDir}/${trimmed}`;
-  return pathPosix2.normalize(joined);
+  return pathPosix3.normalize(joined);
 }
 
 // plugins/core/extractors/external-url-counter/index.ts
-var ID5 = "external-url-counter";
+var ID7 = "external-url-counter";
 var count2 = {
   slot: "card.footer.left",
   icon: "pi-link",
@@ -1712,7 +1844,7 @@ var settings = {
 var URL_RE = /https?:\/\/[^\s<>"'`)\]]+/g;
 var TRAILING_PUNCT = /[.,;:!?]+$/;
 var externalUrlCounterExtractor = {
-  id: ID5,
+  id: ID7,
   pluginId: CORE_PLUGIN_ID,
   kind: "extractor",
   description: "Counts the distinct external URLs in a node's body and shows the count on the card. Example: a body linking `https://example.com` and `https://docs.rs` shows a count of 2.",
@@ -1764,7 +1896,7 @@ var externalUrlCounterExtractor = {
         raw: original,
         candidates: [
           {
-            extractorId: ID5,
+            extractorId: ID7,
             kind: "references",
             target: normalized.href,
             confidence: 0.3,
@@ -1805,12 +1937,12 @@ function normalizeUrl(raw) {
 }
 
 // plugins/core/extractors/markdown-link/index.ts
-import { posix as pathPosix3 } from "path";
-var ID6 = "markdown-link";
+import { posix as pathPosix4 } from "path";
+var ID8 = "markdown-link";
 var LINK_RE = /(?<!!)\[([^\]]*)\]\(([^)\s]+)(?:\s+"[^"]*")?\)/g;
 var URL_SCHEME_RE = /^[a-z][a-z0-9+.-]*:/i;
 var markdownLinkExtractor = {
-  id: ID6,
+  id: ID8,
   pluginId: CORE_PLUGIN_ID,
   kind: "extractor",
   description: "Turns markdown links (`[text](path)`) in a node's body into arrows between nodes in the graph. Example: `[the guide](docs/guide.md)` draws an arrow to `docs/guide.md`.",
@@ -1819,7 +1951,7 @@ var markdownLinkExtractor = {
     const seen = /* @__PURE__ */ new Set();
     const body = stripCodeAndHtml(ctx.body);
     const lineStarts = computeLineStarts(body);
-    const sourceDir = pathPosix3.dirname(ctx.node.path);
+    const sourceDir = pathPosix4.dirname(ctx.node.path);
     for (const match of body.matchAll(LINK_RE)) {
       const original = match[2];
       const resolved = resolveTarget2(sourceDir, original);
@@ -1835,7 +1967,7 @@ var markdownLinkExtractor = {
         raw: match[0],
         candidates: [
           {
-            extractorId: ID6,
+            extractorId: ID8,
             kind: "references",
             target: resolved,
             // 0.95: the `[text](path)` syntax is unambiguous (the spec's
@@ -1866,14 +1998,14 @@ function resolveTarget2(sourceDir, raw) {
   if (URL_SCHEME_RE.test(trimmed)) return null;
   if (trimmed.startsWith("/")) return null;
   const joined = sourceDir === "." ? trimmed : `${sourceDir}/${trimmed}`;
-  return pathPosix3.normalize(joined);
+  return pathPosix4.normalize(joined);
 }
 
 // plugins/core/extractors/mcp-tools/index.ts
-var ID7 = "mcp-tools";
+var ID9 = "mcp-tools";
 var MCP_PATTERN = /^mcp__([a-z0-9][a-z0-9_-]*)__[a-z0-9_-]+$/i;
 var mcpToolsExtractor = {
-  id: ID7,
+  id: ID9,
   pluginId: CORE_PLUGIN_ID,
   kind: "extractor",
   description: "Turns `tools: [mcp__<server>__<tool>]` entries in a node's frontmatter into an MCP node per unique server and an arrow from the source to each one. Example: `tools: [mcp__github__create_pr]` adds an `mcp://github` node and an arrow to it.",
@@ -1904,7 +2036,7 @@ var mcpToolsExtractor = {
         raw: `mcp__${server}__*`,
         candidates: [
           {
-            extractorId: ID7,
+            extractorId: ID9,
             kind: "references",
             target: mcpPath,
             confidence: 0.85,
@@ -1973,10 +2105,10 @@ var ANNOTATION_FIELD_UNKNOWN_TEXTS = {
 };
 
 // plugins/core/analyzers/annotation-field-unknown/index.ts
-var ID8 = "annotation-field-unknown";
+var ID10 = "annotation-field-unknown";
 var RESERVED_ROOT_BLOCKS = /* @__PURE__ */ new Set(["identity", "annotations", "settings", "audit"]);
 var annotationFieldUnknownAnalyzer = {
-  id: ID8,
+  id: ID10,
   pluginId: CORE_PLUGIN_ID,
   kind: "analyzer",
   description: "Flags typos or unrecognized keys in sidecars (`.sm`).",
@@ -2011,7 +2143,7 @@ var annotationFieldUnknownAnalyzer = {
         for (const key of Object.keys(annotations)) {
           if (!knownAnnotationKeys.has(key)) {
             issues.push({
-              analyzerId: ID8,
+              analyzerId: ID10,
               severity: "warn",
               nodeIds: [node.path],
               message: formatFinding({
@@ -2037,7 +2169,7 @@ var annotationFieldUnknownAnalyzer = {
             if (validator(value)) continue;
             const errors = (validator.errors ?? []).map((e) => `${e.instancePath || "(root)"} ${e.message ?? e.keyword}`).join("; ");
             issues.push({
-              analyzerId: ID8,
+              analyzerId: ID10,
               severity: "warn",
               nodeIds: [node.path],
               message: formatFinding({
@@ -2052,7 +2184,7 @@ var annotationFieldUnknownAnalyzer = {
           continue;
         }
         issues.push({
-          analyzerId: ID8,
+          analyzerId: ID10,
           severity: "warn",
           nodeIds: [node.path],
           message: formatFinding({
@@ -2124,9 +2256,9 @@ var ANNOTATION_ORPHAN_TEXTS = {
 };
 
 // plugins/core/analyzers/annotation-orphan/index.ts
-var ID9 = "annotation-orphan";
+var ID11 = "annotation-orphan";
 var annotationOrphanAnalyzer = {
-  id: ID9,
+  id: ID11,
   pluginId: CORE_PLUGIN_ID,
   kind: "analyzer",
   description: "Flags sidecars (`.sm`) whose `.md` file no longer exists.",
@@ -2138,7 +2270,7 @@ var annotationOrphanAnalyzer = {
     for (const orphan of orphans) {
       const expectedMdRelative = orphan.relativePath.endsWith(".sm") ? `${orphan.relativePath.slice(0, -".sm".length)}.md` : `${orphan.relativePath}.md`;
       issues.push({
-        analyzerId: ID9,
+        analyzerId: ID11,
         severity: "warn",
         nodeIds: [expectedMdRelative],
         message: formatFinding({
@@ -2181,7 +2313,7 @@ var ANNOTATION_STALE_TEXTS = {
 };
 
 // plugins/core/analyzers/annotation-stale/index.ts
-var ID10 = "annotation-stale";
+var ID12 = "annotation-stale";
 var staleIcon = {
   slot: "card.footer.right",
   icon: "pi-clock",
@@ -2194,7 +2326,7 @@ var staleBadge = {
   priority: 20
 };
 var annotationStaleAnalyzer = {
-  id: ID10,
+  id: ID12,
   pluginId: CORE_PLUGIN_ID,
   kind: "analyzer",
   description: "Marks sidecars (`.sm`) that are out of date with their `.md`.",
@@ -2214,7 +2346,7 @@ var annotationStaleAnalyzer = {
       const status = staleStatus(node.sidecar);
       if (status === null) continue;
       issues.push({
-        analyzerId: ID10,
+        analyzerId: ID12,
         severity: "info",
         nodeIds: [node.path],
         message: formatFinding({ body: messageFor(status) }),
@@ -2260,9 +2392,9 @@ function tooltipFor(status) {
 }
 
 // plugins/core/analyzers/contribution-orphan/index.ts
-var ID11 = "contribution-orphan";
+var ID13 = "contribution-orphan";
 var contributionOrphanAnalyzer = {
-  id: ID11,
+  id: ID13,
   pluginId: CORE_PLUGIN_ID,
   kind: "analyzer",
   description: "Warns about plugin data referencing nodes renamed or deleted in the latest scan.",
@@ -2294,12 +2426,12 @@ var EXTRACTOR_COLLISION_TEXTS = {
 };
 
 // plugins/core/analyzers/extractor-collision/index.ts
-var ID12 = "extractor-collision";
+var ID14 = "extractor-collision";
 function signalLines(signal) {
   return signal.range && typeof signal.range.line === "number" ? [signal.range.line] : void 0;
 }
 var extractorCollisionAnalyzer = {
-  id: ID12,
+  id: ID14,
   pluginId: CORE_PLUGIN_ID,
   kind: "analyzer",
   description: "Reports when two extractors detect something at the same span of body text and the resolver drops one.",
@@ -2323,7 +2455,7 @@ function makeIssue(signal) {
   const loserRange = signal.range ? `${signal.range.start}-${signal.range.end}` : "unknown";
   const winnerRange = `${winner.range.start}-${winner.range.end}`;
   return {
-    analyzerId: ID12,
+    analyzerId: ID14,
     severity: "warn",
     nodeIds: [signal.source],
     message: formatFinding({
@@ -2367,7 +2499,7 @@ var ISSUE_COUNTER_TEXTS = {
 };
 
 // plugins/core/analyzers/issue-counter/index.ts
-var ID13 = "issue-counter";
+var ID15 = "issue-counter";
 var warnCount = {
   slot: "card.footer.right",
   icon: "pi-exclamation-triangle",
@@ -2403,7 +2535,7 @@ function emitTierChips(ctx, ref, severity, counts, singleTooltip, manyTooltip) {
   }
 }
 var issueCounterAnalyzer = {
-  id: ID13,
+  id: ID15,
   pluginId: CORE_PLUGIN_ID,
   kind: "analyzer",
   description: "Emits one aggregate severity chip per node (error + warn counts) from the live issue accumulator.",
@@ -2466,7 +2598,7 @@ var LINK_COUNTER_TEXTS = {
 };
 
 // plugins/core/analyzers/link-counter/index.ts
-var ID14 = "link-counter";
+var ID16 = "link-counter";
 var linksIn = {
   slot: "card.footer.left",
   icon: "pi-download",
@@ -2482,7 +2614,7 @@ var linksOut = {
   priority: 20
 };
 var linkCounterAnalyzer = {
-  id: ID14,
+  id: ID16,
   pluginId: CORE_PLUGIN_ID,
   kind: "analyzer",
   description: "Counts incoming and outgoing links per node.",
@@ -2547,10 +2679,10 @@ var LINK_KIND_CONFLICT_TEXTS = {
 };
 
 // plugins/core/analyzers/link-kind-conflict/index.ts
-var ID15 = "link-kind-conflict";
+var ID17 = "link-kind-conflict";
 var NON_CONFLICTING_KINDS = /* @__PURE__ */ new Set(["points"]);
 var linkKindConflictAnalyzer = {
-  id: ID15,
+  id: ID17,
   pluginId: CORE_PLUGIN_ID,
   kind: "analyzer",
   description: "Flags conflicting arrow meanings between extractors (e.g. `references` vs `invokes`).",
@@ -2598,7 +2730,7 @@ var linkKindConflictAnalyzer = {
       const [source, target] = key.split("\0");
       const kindList = variants.map((v) => v.kind).join(" / ");
       issues.push({
-        analyzerId: ID15,
+        analyzerId: ID17,
         severity: "warn",
         nodeIds: [source, target],
         message: formatFinding({
@@ -2637,9 +2769,9 @@ var LINK_SELF_LOOP_TEXTS = {
 };
 
 // plugins/core/analyzers/link-self-loop/index.ts
-var ID16 = "link-self-loop";
+var ID18 = "link-self-loop";
 var linkSelfLoopAnalyzer = {
-  id: ID16,
+  id: ID18,
   pluginId: CORE_PLUGIN_ID,
   kind: "analyzer",
   description: "Flags links whose source is also their own resolved target (e.g. a body heading like `# /deploy` inside the file that defines `/deploy`).",
@@ -2649,7 +2781,7 @@ var linkSelfLoopAnalyzer = {
     for (const link of ctx.links) {
       if (!isSelfLoop(link)) continue;
       issues.push({
-        analyzerId: ID16,
+        analyzerId: ID18,
         severity: "warn",
         nodeIds: [link.source],
         message: formatFinding({
@@ -2681,9 +2813,9 @@ var NAME_COLLISION_TEXTS = {
 };
 
 // plugins/core/analyzers/name-collision/index.ts
-var ID17 = "name-collision";
+var ID19 = "name-collision";
 var nameCollisionAnalyzer = {
-  id: ID17,
+  id: ID19,
   pluginId: CORE_PLUGIN_ID,
   kind: "analyzer",
   mode: "deterministic",
@@ -2697,7 +2829,7 @@ var nameCollisionAnalyzer = {
     for (const [name, claims] of collisions) {
       const paths = claims.map((c) => c.path);
       issues.push({
-        analyzerId: ID17,
+        analyzerId: ID19,
         severity: "error",
         nodeIds: paths,
         message: formatFinding({
@@ -2747,9 +2879,9 @@ var NAME_RESERVED_TEXTS = {
 };
 
 // plugins/core/analyzers/name-reserved/index.ts
-var ID18 = "name-reserved";
+var ID20 = "name-reserved";
 var nameReservedAnalyzer = {
-  id: ID18,
+  id: ID20,
   pluginId: CORE_PLUGIN_ID,
   kind: "analyzer",
   description: "Flags two kinds of reserved-name collision: a file whose name shadows a built-in command of the active runtime, and a link that resolves to one of those reserved names.",
@@ -2767,7 +2899,7 @@ var nameReservedAnalyzer = {
       const node = byPath3.get(path);
       if (!node) continue;
       issues.push({
-        analyzerId: ID18,
+        analyzerId: ID20,
         severity: "warn",
         nodeIds: [node.path],
         message: formatFinding({
@@ -2789,7 +2921,7 @@ var nameReservedAnalyzer = {
         adjust(link, { kind: "delta", value: -RESERVED_PENALTY });
       }
       issues.push({
-        analyzerId: ID18,
+        analyzerId: ID20,
         severity: "warn",
         nodeIds: [link.source],
         message: formatFinding({
@@ -2841,7 +2973,7 @@ var NODE_STABILITY_TEXTS = {
 };
 
 // plugins/core/analyzers/node-stability/index.ts
-var ID19 = "node-stability";
+var ID21 = "node-stability";
 var EXPERIMENTAL_TOOLTIP = "Experimental: API may change";
 var DEPRECATED_TOOLTIP = "Deprecated: avoid in new code";
 var experimental = {
@@ -2859,7 +2991,7 @@ var deprecated = {
   priority: 10
 };
 var nodeStabilityAnalyzer = {
-  id: ID19,
+  id: ID21,
   pluginId: CORE_PLUGIN_ID,
   kind: "analyzer",
   description: "Surfaces a node's stability stage on the card: `deprecated` as a chip plus a finding, `experimental` as a chip only; `stable` and unset stay silent.",
@@ -2881,7 +3013,7 @@ var nodeStabilityAnalyzer = {
           severity: "warn"
         });
         issues.push({
-          analyzerId: ID19,
+          analyzerId: ID21,
           severity: "warn",
           nodeIds: [node.path],
           message: formatFinding({ body: tx(NODE_STABILITY_TEXTS.deprecated) }),
@@ -2933,9 +3065,9 @@ var REFERENCE_BROKEN_TEXTS = {
 };
 
 // plugins/core/analyzers/reference-broken/index.ts
-var ID20 = "reference-broken";
+var ID22 = "reference-broken";
 var referenceBrokenAnalyzer = {
-  id: ID20,
+  id: ID22,
   pluginId: CORE_PLUGIN_ID,
   kind: "analyzer",
   description: "Flags arrows pointing at a node not part of the current scan.",
@@ -2978,7 +3110,7 @@ function penalizeBrokenConfidence(adjust, link) {
 }
 function buildIssue(link) {
   return {
-    analyzerId: ID20,
+    analyzerId: ID22,
     // `error`, not `warn`: a link whose target is not in the scan is a
     // structural defect the operator must notice, and the card chip
     // paints `danger` (red) to match. Per the chip-vs-issue policy in
@@ -3042,9 +3174,9 @@ var REFERENCE_REDUNDANT_TEXTS = {
 };
 
 // plugins/core/analyzers/reference-redundant/index.ts
-var ID21 = "reference-redundant";
+var ID23 = "reference-redundant";
 var referenceRedundantAnalyzer = {
-  id: ID21,
+  id: ID23,
   pluginId: CORE_PLUGIN_ID,
   kind: "analyzer",
   description: "Flags when one node references the same target through two or more different links (e.g. a markdown link plus a `references:` entry).",
@@ -3067,7 +3199,7 @@ var referenceRedundantAnalyzer = {
       const [source, resolvedTarget] = key.split("\0");
       const flat = flattenOccurrences(links);
       issues.push({
-        analyzerId: ID21,
+        analyzerId: ID23,
         severity: "info",
         nodeIds: [source],
         message: formatFinding({
@@ -3403,9 +3535,9 @@ var SCHEMA_VIOLATION_TEXTS = {
 };
 
 // plugins/core/analyzers/schema-violation/index.ts
-var ID22 = "schema-violation";
+var ID24 = "schema-violation";
 var schemaViolationAnalyzer = {
-  id: ID22,
+  id: ID24,
   pluginId: CORE_PLUGIN_ID,
   kind: "analyzer",
   description: "Flags nodes or links that violate the project schemas.",
@@ -3455,7 +3587,7 @@ function collectNodeFindings(v, node, out) {
   const result = v.validate("node", toNodeForSchema(node));
   if (result.ok) return;
   out.push({
-    analyzerId: ID22,
+    analyzerId: ID24,
     severity: "error",
     nodeIds: [node.path],
     message: formatFinding({
@@ -3470,7 +3602,7 @@ function collectLinkFindings(v, link, out) {
   const result = v.validate("link", toLinkForSchema(link));
   if (result.ok) return;
   out.push({
-    analyzerId: ID22,
+    analyzerId: ID24,
     severity: "error",
     nodeIds: [link.source],
     message: formatFinding({
@@ -3539,13 +3671,13 @@ var ASCII_FORMATTER_TEXTS = {
 };
 
 // plugins/core/formatters/ascii/index.ts
-var ID23 = "ascii";
+var ID25 = "ascii";
 var KIND_ORDER = ["agent", "command", "skill", "markdown"];
 var asciiFormatter = {
-  id: ID23,
+  id: ID25,
   pluginId: CORE_PLUGIN_ID,
   kind: "formatter",
-  formatId: ID23,
+  formatId: ID25,
   description: "Renders the scan as plain text in three sections: nodes (grouped by kind), arrows, and issues. Used by `sm scan --format ascii`.",
   // ASCII tree formatter, header + per-kind sections + per-issue
   // section. Each section iterates and renders; splitting per section
@@ -3639,13 +3771,13 @@ function renderSection(out, kind, group) {
 }
 
 // plugins/core/formatters/json/index.ts
-var ID24 = "json";
+var ID26 = "json";
 var jsonFormatter = {
-  id: ID24,
+  id: ID26,
   pluginId: CORE_PLUGIN_ID,
   kind: "formatter",
   description: "Renders the persisted scan as JSON (conforms to `scan-result.schema.json`). Used by `sm graph --format json` and `GET /api/graph?format=json`.",
-  formatId: ID24,
+  formatId: ID26,
   format(ctx) {
     if (ctx.scanResult !== void 0) {
       return JSON.stringify(ctx.scanResult);
@@ -3792,13 +3924,13 @@ var BUMP_TEXTS = {
 };
 
 // plugins/core/actions/node-bump/index.ts
-var ID25 = "node-bump";
+var ID27 = "node-bump";
 var bumpButton = {
   slot: "inspector.action.button",
   priority: 10
 };
 var nodeBumpAction = {
-  id: ID25,
+  id: ID27,
   pluginId: CORE_PLUGIN_ID,
   kind: "action",
   description: "Marks a node as updated: bumps `annotations.version`, refreshes sidecar hashes, and records the timestamp.",
@@ -3901,13 +4033,13 @@ var NODE_SET_STABILITY_TEXTS = {
 };
 
 // plugins/core/actions/node-set-stability/index.ts
-var ID26 = "node-set-stability";
+var ID28 = "node-set-stability";
 var setStabilityButton = {
   slot: "inspector.action.button",
   priority: 15
 };
 var nodeSetStabilityAction = {
-  id: ID26,
+  id: ID28,
   pluginId: CORE_PLUGIN_ID,
   kind: "action",
   description: "Sets the lifecycle stage of the current node (writes `stability` to the sidecar).",
@@ -3979,9 +4111,9 @@ function invokeSetStability(input, ctx) {
 }
 
 // plugins/core/actions/node-set-tags/index.ts
-var ID27 = "node-set-tags";
+var ID29 = "node-set-tags";
 var nodeSetTagsAction = {
-  id: ID27,
+  id: ID29,
   pluginId: CORE_PLUGIN_ID,
   kind: "action",
   description: "Sets the taxonomy tags of the current node (writes `tags` to the sidecar; whole-array replace).",
@@ -4523,6 +4655,8 @@ var slashCommandExtractor2 = { ...slashCommandExtractor, pluginId: "claude", ver
 var toolsCounterExtractor2 = { ...toolsCounterExtractor, pluginId: "claude", version: VERSION };
 var antigravityProvider2 = { ...antigravityProvider, pluginId: "antigravity", version: VERSION };
 var codexProvider2 = { ...codexProvider, pluginId: "codex", version: VERSION };
+var atFileExtractor2 = { ...atFileExtractor, pluginId: "codex", version: VERSION };
+var dollarSkillExtractor2 = { ...dollarSkillExtractor, pluginId: "codex", version: VERSION };
 var agentSkillsProvider2 = { ...agentSkillsProvider, pluginId: "agent-skills", version: VERSION };
 var coreMarkdownProvider2 = { ...coreMarkdownProvider, pluginId: "core", version: VERSION };
 var backtickPathExtractor2 = { ...backtickPathExtractor, pluginId: "core", version: VERSION };
@@ -4572,7 +4706,9 @@ var builtInPlugins = [
     id: "codex",
     description: "OpenAI Codex CLI platform integration. Classifies TOML sub-agent definitions under `.codex/agents/*.toml`.",
     extensions: [
-      codexProvider2
+      codexProvider2,
+      atFileExtractor2,
+      dollarSkillExtractor2
     ]
   },
   {
@@ -5551,7 +5687,8 @@ var defaults_default = {
 // kernel/config/loader.ts
 var PROJECT_LOCAL_ONLY_KEYS = /* @__PURE__ */ new Set([
   "allowEditSmFiles",
-  "scan.referencePaths"
+  "scan.referencePaths",
+  "pluginTrust.projectEnabled"
 ]);
 var DEFAULTS = defaults_default;
 function loadConfig(opts) {
@@ -5832,7 +5969,8 @@ function enumerateConfigPaths(obj, prefix = "") {
 
 // core/config/helper.ts
 var PRIVACY_SENSITIVE_KEYS = /* @__PURE__ */ new Set([
-  "scan.referencePaths"
+  "scan.referencePaths",
+  "pluginTrust.projectEnabled"
 ]);
 var ProjectLocalOnlyKeyError = class extends Error {
   constructor(key) {
@@ -5919,6 +6057,14 @@ function projectPathExposure(inputs) {
   if (exposed.length === 0) return empty;
   return { expandsSurface: true, exposedPaths: exposed };
 }
+function projectTrustExposure(inputs) {
+  if (inputs.value !== true) return { expandsSurface: false };
+  const before = readConfigValue("pluginTrust.projectEnabled", {
+    cwd: inputs.cwd,
+    default: false
+  }) ?? false;
+  return { expandsSurface: before !== true };
+}
 function resolveScanPathForExposure(raw, cwd) {
   if (raw.startsWith("~/")) return resolve7(join4(osHomedir(), raw.slice(2)));
   if (raw === "~") return resolve7(osHomedir());
@@ -7567,40 +7713,38 @@ function formatMigrationName(m) {
 }
 
 // kernel/adapters/sqlite/plugins.ts
-async function setPluginEnabled(db, pluginId, enabled, now = Date.now()) {
+async function setPluginTrusted(db, pluginId, trusted, now = Date.now()) {
   await db.insertInto("config_plugins").values({
     pluginId,
-    enabled: enabled ? 1 : 0,
-    configJson: null,
+    trusted: trusted ? 1 : 0,
     updatedAt: now
   }).onConflict(
     (oc) => oc.column("pluginId").doUpdateSet({
-      enabled: enabled ? 1 : 0,
+      trusted: trusted ? 1 : 0,
       updatedAt: now
     })
   ).execute();
 }
-async function getPluginEnabled(db, pluginId) {
-  const row = await db.selectFrom("config_plugins").select(["enabled"]).where("pluginId", "=", pluginId).executeTakeFirst();
+async function getPluginTrusted(db, pluginId) {
+  const row = await db.selectFrom("config_plugins").select(["trusted"]).where("pluginId", "=", pluginId).executeTakeFirst();
   if (!row) return void 0;
-  return row.enabled === 1;
+  return row.trusted === 1;
 }
-async function listPluginOverrides(db) {
-  const rows = await db.selectFrom("config_plugins").select(["pluginId", "enabled", "configJson", "updatedAt"]).orderBy("pluginId", "asc").execute();
+async function listPluginTrust(db) {
+  const rows = await db.selectFrom("config_plugins").select(["pluginId", "trusted", "updatedAt"]).orderBy("pluginId", "asc").execute();
   return rows.map((r) => ({
     pluginId: r.pluginId,
-    enabled: r.enabled === 1,
-    configJson: r.configJson,
+    trusted: r.trusted === 1,
     updatedAt: r.updatedAt
   }));
 }
-async function deletePluginOverride(db, pluginId) {
+async function deletePluginTrust(db, pluginId) {
   await db.deleteFrom("config_plugins").where("pluginId", "=", pluginId).execute();
 }
-async function loadPluginOverrideMap(db) {
-  const rows = await listPluginOverrides(db);
+async function loadPluginTrustMap(db) {
+  const rows = await listPluginTrust(db);
   const out = /* @__PURE__ */ new Map();
-  for (const row of rows) out.set(row.pluginId, row.enabled);
+  for (const row of rows) out.set(row.pluginId, row.trusted);
   return out;
 }
 
@@ -8755,7 +8899,7 @@ var SqliteStorageAdapter = class {
   jobs;
   favorites;
   preferences;
-  pluginConfig;
+  trust;
   migrations;
   pluginMigrations;
   constructor(options) {
@@ -8872,12 +9016,12 @@ var SqliteStorageAdapter = class {
       loadUpdateCheckCache: () => loadUpdateCheckCache(this.db),
       saveUpdateCheckCache: (cache) => saveUpdateCheckCache(this.db, cache)
     };
-    this.pluginConfig = {
-      set: (pluginId, enabled) => setPluginEnabled(this.db, pluginId, enabled),
-      get: (pluginId) => getPluginEnabled(this.db, pluginId),
-      list: () => listPluginOverrides(this.db),
-      delete: (pluginId) => deletePluginOverride(this.db, pluginId),
-      loadOverrideMap: () => loadPluginOverrideMap(this.db)
+    this.trust = {
+      set: (pluginId, trusted) => setPluginTrusted(this.db, pluginId, trusted),
+      get: (pluginId) => getPluginTrusted(this.db, pluginId),
+      list: () => listPluginTrust(this.db),
+      delete: (pluginId) => deletePluginTrust(this.db, pluginId),
+      loadTrustMap: () => loadPluginTrustMap(this.db)
     };
     const path = this.#options.databasePath;
     this.migrations = {
@@ -10064,21 +10208,22 @@ var PLUGIN_LOADER_TEXTS = {
   // schema. Both are GitHub blob URLs.
   invalidManifestExtensionShape: "{{relEntry}}: {{errors}}. See {{docUrl}}.",
   importExceededTimeout: "import exceeded {{timeoutMs}}ms; likely a top-level side effect (network call, infinite loop, large blocking work). Move side effects into the runtime methods (`detect` / `evaluate` / `render` / etc.).",
-  disabledByConfig: "disabled by config_plugins or settings.json",
+  disabledByConfig: "disabled by settings.json (plugins.<id>.enabled)",
   /**
    * Reason stamped on a project-local disk plugin discovered but not
-   * imported because the operator never granted local trust. Distinct
-   * from `disabledByConfig` (an explicit toggle-off): this id has no
-   * `config_plugins` override at all, so its code stays unexecuted until
-   * `sm plugins enable` records local intent.
+   * imported because the operator never granted local import trust.
+   * Distinct from `disabledByConfig` (an explicit operational toggle-off
+   * in the config layers): this id is enabled but carries no
+   * `config_plugins` trust grant, so its code stays unexecuted until
+   * `sm plugins trust` records local consent.
    */
-  untrustedNotLoaded: "not loaded: project-local plugin is untrusted until enabled. Run `sm plugins enable {{pluginId}}` to load it.",
+  untrustedNotLoaded: "not loaded: project-local plugin is enabled but not trusted on this machine. Run `sm plugins trust {{pluginId}}` to load it.",
   /**
    * One-time aggregate notice the runtime emits when project-local
    * plugins were found on disk but left unloaded for lack of trust. The
    * `{{count}}` plugins ride the scan without executing any code.
    */
-  untrustedPluginsFoundNotice: "{{count}} project-local plugin(s) found in .skill-map/plugins/ but not loaded (untrusted). Their code did NOT run. Review with `sm plugins list`, then enable any you trust with `sm plugins enable <id>`.",
+  untrustedPluginsFoundNotice: "{{count}} project-local plugin(s) found in .skill-map/plugins/ but not loaded (untrusted). Their code did NOT run. Review with `sm plugins list`, then trust any you vetted with `sm plugins trust <id>`.",
   invalidManifestDirMismatch: "directory name '{{dirName}}' does not match manifest id '{{manifestId}}'. Rename the directory to match the id, or update the manifest id to match the directory.",
   idCollision: "Plugin '{{id}}' at {{pathA}} collides with the plugin at {{pathB}}. Rename one and rerun.",
   loadErrorPluginIdMismatch: "{{relEntry}}: extension declares pluginId '{{declared}}' but its plugin.json declares id '{{manifestId}}'. Remove the explicit pluginId from the extension; the loader injects it from plugin.json#/id.",
@@ -11031,26 +11176,33 @@ var SHIPS_DISABLED = /* @__PURE__ */ new Set([
 function installedDefaultEnabled(stability) {
   return stability === void 0 || !SHIPS_DISABLED.has(stability);
 }
-function resolvePluginEnabled(pluginId, cfg, dbOverrides, installedDefault = true) {
+function resolvePluginEnabled(pluginId, cfg, installedDefault = true) {
   if (isPluginLocked(pluginId)) return true;
-  if (dbOverrides.has(pluginId)) return dbOverrides.get(pluginId) === true;
+  const slash = pluginId.indexOf("/");
+  if (slash >= 0) {
+    return resolveQualifiedEnabled(
+      pluginId.slice(0, slash),
+      pluginId.slice(slash + 1),
+      cfg,
+      installedDefault
+    );
+  }
   const settingsEntry = cfg.plugins[pluginId];
   if (settingsEntry?.enabled !== void 0) return settingsEntry.enabled;
   return installedDefault;
 }
-function makeEnabledResolver(cfg, dbOverrides) {
-  return (pluginId, installedDefault) => resolvePluginEnabled(pluginId, cfg, dbOverrides, installedDefault);
+function resolveQualifiedEnabled(plugin, ext, cfg, installedDefault) {
+  const pluginEntry = cfg.plugins[plugin];
+  const perExt = pluginEntry?.extensions?.[ext]?.enabled;
+  if (perExt !== void 0) return perExt;
+  if (pluginEntry?.enabled !== void 0) return pluginEntry.enabled;
+  return installedDefault;
 }
-function makeImportTrustResolver(dbOverrides) {
-  return (pluginId) => {
-    if (isPluginLocked(pluginId)) return true;
-    const prefix = `${pluginId}/`;
-    for (const [key, enabled] of dbOverrides) {
-      if (!enabled) continue;
-      if (key === pluginId || key.startsWith(prefix)) return true;
-    }
-    return false;
-  };
+function makeEnabledResolver(cfg) {
+  return (pluginId, installedDefault) => resolvePluginEnabled(pluginId, cfg, installedDefault);
+}
+function makeTrustResolver(trustMap, trustProjectEnabled) {
+  return (pluginId) => isPluginLocked(pluginId) || trustMap.get(pluginId) === true || trustProjectEnabled;
 }
 
 // core/runtime/plugin-runtime/resolver.ts
@@ -11075,11 +11227,15 @@ async function buildResolverInputs(ctx) {
     db: void 0,
     ...ctx
   });
-  const dbOverrides = await tryWithSqlite(
+  const trustMap = await tryWithSqlite(
     { databasePath: dbPath, autoBackup: false },
-    (adapter) => adapter.pluginConfig.loadOverrideMap()
+    (adapter) => adapter.trust.loadTrustMap()
   ) ?? /* @__PURE__ */ new Map();
-  return { resolveEnabled: makeEnabledResolver(cfg, dbOverrides), dbOverrides };
+  return {
+    resolveEnabled: makeEnabledResolver(cfg),
+    trustMap,
+    trustProjectEnabled: cfg.pluginTrust?.projectEnabled ?? false
+  };
 }
 
 // kernel/scan/walk-content.ts
@@ -11616,11 +11772,13 @@ async function loadPluginRuntime(opts = {}) {
   const searchPaths = resolveSearchPaths(opts, ctx);
   const validators = loadSchemaValidators();
   let resolveEnabled;
-  let dbOverrides;
+  let trustMap;
+  let trustProjectEnabled;
   try {
     const inputs = await buildResolverInputs(ctx);
     resolveEnabled = inputs.resolveEnabled;
-    dbOverrides = inputs.dbOverrides;
+    trustMap = inputs.trustMap;
+    trustProjectEnabled = inputs.trustProjectEnabled;
   } catch {
   }
   const loaderOpts = {
@@ -11630,7 +11788,10 @@ async function loadPluginRuntime(opts = {}) {
   };
   if (resolveEnabled) loaderOpts.resolveEnabled = resolveEnabled;
   if (!opts.pluginDir) {
-    loaderOpts.resolveImportTrust = makeImportTrustResolver(dbOverrides ?? /* @__PURE__ */ new Map());
+    loaderOpts.resolveImportTrust = makeTrustResolver(
+      trustMap ?? /* @__PURE__ */ new Map(),
+      trustProjectEnabled ?? false
+    );
   }
   const loader = createPluginLoader(loaderOpts);
   const discovered = await loader.discoverAndLoadAll();
@@ -12151,14 +12312,16 @@ import { existsSync as existsSync16 } from "fs";
 import { join as join10 } from "path";
 function detectProvidersFromFilesystem(cwd, providers) {
   const seen = /* @__PURE__ */ new Set();
-  const out = [];
+  const matched = [];
   for (const provider of providers) {
     if (seen.has(provider.id)) continue;
     if (!isDetectableUnderCwd(cwd, provider)) continue;
     seen.add(provider.id);
-    out.push(provider.id);
+    matched.push(provider);
   }
-  return out;
+  const hasVendor = matched.some((p) => p.detect?.fallback !== true);
+  const kept = hasVendor ? matched.filter((p) => p.detect?.fallback !== true) : matched;
+  return kept.map((p) => p.id);
 }
 function isDetectableUnderCwd(cwd, provider) {
   if (!installedDefaultEnabled(provider.stability)) return false;
@@ -12269,6 +12432,18 @@ var CONFIG_TEXTS = {
    * screen what they just opted into.
    */
   privacyGateConfirmed: '{{glyph}}  Opening disk access for "{{key}}":\n{{paths}}\n',
+  /**
+   * Surfaced when `sm config set pluginTrust.projectEnabled true` is run
+   * without `--yes`. Turning the opt-in on expands the LOCAL
+   * code-execution surface (every plugin the project enables becomes
+   * trusted), so the verb refuses without confirmation.
+   */
+  trustGateRequired: '{{glyph}}  sm config: setting "pluginTrust.projectEnabled" to true trusts every plugin this project enables.\n   Their code may then import and run on this machine without a per-plugin trust grant.\n   {{hint}}\n',
+  trustGateRequiredHint: "Rerun with --yes to confirm. Turning it off needs no flag. Prefer per-plugin `sm plugins trust <id>` for narrower consent.",
+  /**
+   * Receipt printed when the trust gate has been confirmed via `--yes`.
+   */
+  trustGateConfirmed: "{{glyph}}  Local plugin trust opt-in enabled: every plugin this project enables is now trusted on this machine.\n",
   /**
    * Confirmation printed after `sm config set activeProvider <id>`
    * succeeds. The lens change atomically drops the scan_* zone (per
@@ -12665,7 +12840,7 @@ var ConfigSetCommand = class extends SmCommand {
   key = Option4.String({ required: true });
   value = Option4.String({ required: true });
   yes = Option4.Boolean("--yes", false, {
-    description: "Confirm a privacy-sensitive write that opens disk access outside the project (scan.referencePaths)."
+    description: "Confirm a surface-expanding write: disk access outside the project (scan.referencePaths) or blanket local plugin trust (pluginTrust.projectEnabled)."
   });
   // CLI orchestrator: each branch is one validation gate (forbidden
   // segment / privacy guard / schema violation) or output dispatch.
@@ -12678,32 +12853,12 @@ var ConfigSetCommand = class extends SmCommand {
     const stderrAnsi = this.ansiFor("stderr");
     const errGlyph = stderrAnsi.red("\u2715");
     const value = parseCliValue(this.value);
-    if (PRIVACY_SENSITIVE_KEYS.has(this.key)) {
-      const exposure = projectPathExposure({
-        key: this.key,
-        value,
-        cwd: ctx.cwd
-      });
-      if (exposure.expandsSurface && !this.yes) {
-        this.printer.info(
-          tx(CONFIG_TEXTS.privacyGateRequired, {
-            glyph: errGlyph,
-            key: this.key,
-            paths: exposure.exposedPaths.map((p) => `  - ${p}`).join("\n"),
-            hint: stderrAnsi.dim(CONFIG_TEXTS.privacyGateRequiredHint)
-          })
-        );
-        return ExitCode.Error;
-      }
-      if (exposure.expandsSurface) {
-        this.printer.info(
-          tx(CONFIG_TEXTS.privacyGateConfirmed, {
-            glyph: stderrAnsi.dim("\u24D8"),
-            key: this.key,
-            paths: exposure.exposedPaths.map((p) => `  - ${p}`).join("\n")
-          })
-        );
-      }
+    if (this.key === "pluginTrust.projectEnabled") {
+      const trustGate = this.#applyTrustGate(value, ctx.cwd, errGlyph, stderrAnsi);
+      if (trustGate !== null) return trustGate;
+    } else if (PRIVACY_SENSITIVE_KEYS.has(this.key)) {
+      const pathGate = this.#applyPathGate(value, ctx.cwd, errGlyph, stderrAnsi);
+      if (pathGate !== null) return pathGate;
     }
     if (this.key === "activeProvider" && typeof value === "string") {
       const known = new Set(builtIns().providers.map((p) => p.id));
@@ -12781,6 +12936,58 @@ var ConfigSetCommand = class extends SmCommand {
     }
     return ExitCode.Ok;
   }
+  /**
+   * Disk-access privacy gate for `scan.referencePaths`-style keys.
+   * Returns an exit code to bail with (gate refused) or `null` to
+   * proceed. On a confirmed (`--yes`) expansion it prints the receipt
+   * and returns `null`.
+   */
+  #applyPathGate(value, cwd, errGlyph, stderrAnsi) {
+    const exposure = projectPathExposure({ key: this.key, value, cwd });
+    if (!exposure.expandsSurface) return null;
+    if (!this.yes) {
+      this.printer.info(
+        tx(CONFIG_TEXTS.privacyGateRequired, {
+          glyph: errGlyph,
+          key: this.key,
+          paths: exposure.exposedPaths.map((p) => `  - ${p}`).join("\n"),
+          hint: stderrAnsi.dim(CONFIG_TEXTS.privacyGateRequiredHint)
+        })
+      );
+      return ExitCode.Error;
+    }
+    this.printer.info(
+      tx(CONFIG_TEXTS.privacyGateConfirmed, {
+        glyph: stderrAnsi.dim("\u24D8"),
+        key: this.key,
+        paths: exposure.exposedPaths.map((p) => `  - ${p}`).join("\n")
+      })
+    );
+    return null;
+  }
+  /**
+   * Code-execution-surface gate for `pluginTrust.projectEnabled`.
+   * Turning the local opt-in ON trusts every plugin the project enables,
+   * so it requires `--yes`. Returns an exit code to bail with, or `null`
+   * to proceed (on a confirmed expansion it prints the receipt).
+   */
+  #applyTrustGate(value, cwd, errGlyph, stderrAnsi) {
+    const exposure = projectTrustExposure({ value, cwd });
+    if (!exposure.expandsSurface) return null;
+    if (!this.yes) {
+      this.printer.info(
+        tx(CONFIG_TEXTS.trustGateRequired, {
+          glyph: errGlyph,
+          hint: stderrAnsi.dim(CONFIG_TEXTS.trustGateRequiredHint)
+        })
+      );
+      return ExitCode.Error;
+    }
+    this.printer.info(
+      tx(CONFIG_TEXTS.trustGateConfirmed, { glyph: stderrAnsi.dim("\u24D8") })
+    );
+    return null;
+  }
   /**
    * Side effect of `sm config set activeProvider <id>`, atomically
    * drops the `scan_*` zone so the persisted graph never reflects the
@@ -13101,7 +13308,7 @@ function grantFixturePluginTrust(scope, binary, env) {
   const db = new DatabaseSync7(dbPath);
   try {
     const stmt = db.prepare(
-      "INSERT INTO config_plugins (plugin_id, enabled, updated_at) VALUES (?, 1, 0) ON CONFLICT(plugin_id) DO UPDATE SET enabled = 1"
+      "INSERT INTO config_plugins (plugin_id, trusted, updated_at) VALUES (?, 1, 0) ON CONFLICT(plugin_id) DO UPDATE SET trusted = 1"
     );
     for (const id of ids) stmt.run(id);
   } finally {
@@ -17185,7 +17392,7 @@ function classifyLinkSource(source, shortIdToQualified, cachedQualifiedIds, appl
 }
 
 // kernel/orchestrator/node-identifiers.ts
-import { posix as pathPosix4 } from "path";
+import { posix as pathPosix5 } from "path";
 function deriveNodeIdentifiers(node, kindDescriptor) {
   const sources = kindDescriptor?.identifiers;
   if (!sources || sources.length === 0) return [];
@@ -17209,16 +17416,16 @@ function readFrontmatterName(node) {
   return raw.length > 0 ? raw : null;
 }
 function readFilenameBasename(node) {
-  const base = pathPosix4.basename(node.path);
+  const base = pathPosix5.basename(node.path);
   if (!base) return null;
-  const ext = pathPosix4.extname(base);
+  const ext = pathPosix5.extname(base);
   const stem = ext ? base.slice(0, -ext.length) : base;
   return stem.length > 0 ? stem : null;
 }
 function readDirname(node) {
-  const dir = pathPosix4.dirname(node.path);
+  const dir = pathPosix5.dirname(node.path);
   if (!dir || dir === "." || dir === "/") return null;
-  const base = pathPosix4.basename(dir);
+  const base = pathPosix5.basename(dir);
   return base.length > 0 ? base : null;
 }
 function collectNameCollisions(nodes, kindRegistry) {
@@ -17315,7 +17522,7 @@ function lookupAllowedKinds(link, _indexes, ctx) {
 }
 function stripTriggerSigil(normalized) {
   if (!normalized) return null;
-  const trimmed = normalized.replace(/^[/@]/, "").trim();
+  const trimmed = normalized.replace(/^[/@$]/, "").trim();
   return trimmed.length === 0 ? null : trimmed;
 }
 function indexNode(node, ctx, byName) {
@@ -21780,6 +21987,23 @@ var PLUGINS_TEXTS = {
   toggleAppliedSingle: "{{verbPast}}: {{id}}\n",
   toggleAppliedManyHeader: "{{verbPast}}: {{count}} extension(s)\n",
   toggleAppliedManyRow: "  - {{id}}\n",
+  // --- trust / untrust -------------------------------------------------
+  /**
+   * Receipt printed after `sm plugins trust|untrust`. `verbPast` is
+   * `trusted` / `untrusted`. Trust is per-plugin (bare id), so the rows
+   * carry plugin ids, not qualified extension ids.
+   */
+  trustAppliedSingle: "{{verbPast}}: {{id}}\n",
+  trustAppliedManyHeader: "{{verbPast}}: {{count}} plugin(s)\n",
+  trustAppliedManyRow: "  - {{id}}\n",
+  /**
+   * Rejection when a trust verb targets a built-in (or host-locked) id.
+   * Those are never import-trust-gated, so a trust grant is meaningless.
+   */
+  trustBuiltInRejected: '{{glyph}}  Plugin "{{id}}" is a built-in (or host-locked) and is never import-trust-gated.\n   {{hint}}\n',
+  trustBuiltInRejectedHint: "Import trust applies only to project-local drop-in plugins under .skill-map/plugins/.",
+  /** `--all` found no project-local drop-in plugins to act on. */
+  trustNoPlugins: "No project-local plugins discovered to {{verb}}.\n",
   /**
    * Macro expansion summary printed on stderr before the confirm
    * prompt (or before the `--yes` rejection). The block lists every
@@ -21911,7 +22135,7 @@ var PLUGINS_TEXTS = {
    * Success block printed after scaffolding. Kind-agnostic (the main stub
    * path is interpolated). Follows the no-em-dash rule across every line.
    */
-  createSuccess: "Created {{targetDir}}\nNext:\n  - Edit {{mainFile}}\n  - Run sm plugins doctor to confirm it loads\n  - sm plugins slots list: browse slots and input-types\n",
+  createSuccess: "Created {{targetDir}}\nNext:\n  - Edit {{mainFile}}\n  - Run sm plugins doctor to confirm it loads\n  - Run sm plugins trust {{pluginId}} to let its code run (project-local plugins are untrusted until you allow them)\n  - sm plugins slots list: browse slots and input-types\n",
   // --- slots list verb -------------------------------------------------
   /** Section header for the view-slots catalogue. */
   slotsListHeaderViewSlots: "  View slots ({{count}})\n",
@@ -21953,12 +22177,7 @@ function resolveSearchPaths2(opts, cwd) {
 async function buildResolver() {
   const ctx = defaultRuntimeContext();
   const { effective: cfg } = loadConfig({ cwd: ctx.cwd });
-  const dbPath = resolveDbPath({ db: void 0, cwd: ctx.cwd });
-  const dbOverrides = await tryWithSqlite(
-    { databasePath: dbPath, autoBackup: false },
-    (adapter) => adapter.pluginConfig.loadOverrideMap()
-  ) ?? /* @__PURE__ */ new Map();
-  return makeEnabledResolver(cfg, dbOverrides);
+  return makeEnabledResolver(cfg);
 }
 async function loadAll(opts) {
   const ctx = defaultRuntimeContext();
@@ -22954,6 +23173,9 @@ var TogglePluginsBase = class extends SmCommand {
   yes = Option25.Boolean("--yes,-y", false, {
     description: "Skip the interactive confirm when a bare plugin id (or --all) fans the toggle out across multiple extensions."
   });
+  local = Option25.Boolean("--local", false, {
+    description: "Write the enable toggle to the gitignored settings.local.json (per-checkout) instead of the team-shared settings.json."
+  });
   ids = Option25.Rest({ name: "ids" });
   async toggle(enabled) {
     const verb = enabled ? "enable" : "disable";
@@ -23121,20 +23343,25 @@ var TogglePluginsBase = class extends SmCommand {
     return ExitCode.NotFound;
   }
   /**
-   * Persist every qualified id in `config_plugins`. On disable, also
-   * purge the plugin's `scan_contributions` rows immediately (matches
-   * the BFF route, see `server/routes/plugins.ts:applyChangeToAdapter`).
-   * Every key is `<plugin>/<ext>` shape so the contribution purge can
-   * split into `(pluginId, extensionId)` cleanly.
+   * Persist the per-extension `enabled` toggle for every qualified id in
+   * the config layers (`plugins.<plugin>.extensions.<ext>.enabled`),
+   * targeting `settings.json` by default or `settings.local.json` with
+   * `--local`. On disable, also purge the plugin's `scan_contributions`
+   * rows immediately (matches the BFF route, see
+   * `server/routes/plugins.ts:applyChangeToAdapter`). Every key is
+   * `<plugin>/<ext>` shape so both the config dot-path and the
+   * contribution purge split into `(pluginId, extensionId)` cleanly.
    */
   async #persistKeys(keys, enabled) {
     const ctx = defaultRuntimeContext();
+    const target = this.local ? "project-local" : "project";
+    for (const id of keys) {
+      writeConfigValue(toEnableConfigKey(id), enabled, { target, cwd: ctx.cwd });
+    }
+    if (enabled) return;
     const dbPath = resolveDbPath({ db: void 0, cwd: ctx.cwd });
     await withSqlite({ databasePath: dbPath, autoBackup: false }, async (adapter) => {
-      for (const id of keys) {
-        await adapter.pluginConfig.set(id, enabled);
-        if (!enabled) await purgeContributionsFor(adapter, id);
-      }
+      for (const id of keys) await purgeContributionsFor(adapter, id);
     });
   }
   #renderSuccess(keys, enabled) {
@@ -23175,17 +23402,23 @@ async function purgeContributionsFor(adapter, id) {
   }
   await adapter.contributions.purgeByPlugin(id.slice(0, slash), id.slice(slash + 1));
 }
+function toEnableConfigKey(id) {
+  const slash = id.indexOf("/");
+  if (slash < 0) return `plugins.${id}.enabled`;
+  return `plugins.${id.slice(0, slash)}.extensions.${id.slice(slash + 1)}.enabled`;
+}
 var PluginsEnableCommand = class extends TogglePluginsBase {
   static paths = [["plugins", "enable"]];
   static usage = Command26.Usage({
     category: "Plugins",
-    description: "Enable one or more extensions (or --all). Persists in config_plugins.",
+    description: "Enable one or more extensions (or --all). Persists the per-extension enabled in the config layers.",
     details: `
-      Writes a row to config_plugins with enabled=1 per qualified
-      extension id. Takes precedence over the team-shared baseline at
-      settings.json#/plugins/<id>/enabled. Use sm plugins disable to
-      flip; sm config reset plugins.<id>.enabled drops the settings.json
-      baseline.
+      Writes plugins.<plugin>.extensions.<ext>.enabled=true per qualified
+      extension id to the team-shared settings.json (or settings.local.json
+      with --local). This is the OPERATIONAL axis only; it does NOT grant
+      import trust for a project-local plugin (use sm plugins trust).
+      Use sm plugins disable to flip; sm config reset
+      plugins.<plugin>.extensions.<ext>.enabled drops the override.
 
       Accepts qualified ids (\`claude/at-directive\`) and bare plugin
       ids (\`claude\`, which fans the toggle out across every extension
@@ -23207,10 +23440,11 @@ var PluginsDisableCommand = class extends TogglePluginsBase {
   static paths = [["plugins", "disable"]];
   static usage = Command26.Usage({
     category: "Plugins",
-    description: "Disable one or more extensions (or --all). Persists in config_plugins; does not delete files.",
+    description: "Disable one or more extensions (or --all). Persists the per-extension enabled in the config layers; does not delete files.",
     details: `
-      Writes a row to config_plugins with enabled=0 per qualified
-      extension id. Discovery still surfaces the plugin in
+      Writes plugins.<plugin>.extensions.<ext>.enabled=false per qualified
+      extension id to the team-shared settings.json (or settings.local.json
+      with --local). Discovery still surfaces the plugin in
       sm plugins list, but with status=disabled; the kernel will not
       run any of its disabled extensions.
 
@@ -23259,10 +23493,176 @@ function resolveBareToggle(id, catalogue) {
   };
 }
 
+// cli/commands/plugins/trust.ts
+import { Command as Command27, Option as Option26 } from "clipanion";
+var TrustPluginsBase = class extends SmCommand {
+  all = Option26.Boolean("--all", false);
+  ids = Option26.Rest({ name: "ids" });
+  async applyTrust(trusted) {
+    const verb = trusted ? "trust" : "untrust";
+    const stderrAnsi = this.ansiFor("stderr");
+    const argError = this.#validateArgs(stderrAnsi, verb);
+    if (argError !== null) return argError;
+    const plugins = await loadAll({ pluginDir: void 0 });
+    const discoveredIds = new Set(plugins.map((p) => p.id));
+    const resolved = this.#resolvePluginIds(plugins, discoveredIds, verb, stderrAnsi);
+    if (typeof resolved === "number") return resolved;
+    if (resolved.length === 0) {
+      this.printer.info(tx(PLUGINS_TEXTS.trustNoPlugins, { verb }));
+      return ExitCode.Ok;
+    }
+    await this.#persist(resolved, trusted);
+    this.#renderSuccess(resolved, trusted);
+    return ExitCode.Ok;
+  }
+  /**
+   * `--all` vs `<id>...` mutex check (one must be present, not both).
+   * Reuses the toggle family's two-line rejection blocks so trust /
+   * enable read in parallel.
+   */
+  #validateArgs(ansi, verb) {
+    const errGlyph = ansi.red("\u2715");
+    if (this.all && this.ids.length > 0) {
+      this.printer.error(
+        tx(PLUGINS_TEXTS.toggleBothIdAndAll, {
+          glyph: errGlyph,
+          hint: ansi.dim(tx(PLUGINS_TEXTS.toggleBothIdAndAllHint, { verb }))
+        })
+      );
+      return ExitCode.Error;
+    }
+    if (!this.all && this.ids.length === 0) {
+      this.printer.error(
+        tx(PLUGINS_TEXTS.toggleNeitherIdNorAll, {
+          glyph: errGlyph,
+          hint: ansi.dim(tx(PLUGINS_TEXTS.toggleNeitherIdNorAllHint, { verb }))
+        })
+      );
+      return ExitCode.Error;
+    }
+    return null;
+  }
+  /**
+   * Resolve `<id>...` (or `--all`) into the deduped set of BARE plugin
+   * ids to write. A qualified `<plugin>/<ext>` collapses to its plugin.
+   * The first unresolvable id (built-in / host-locked, or unknown)
+   * aborts the whole batch before any write so the operator never lands
+   * in a partial state.
+   */
+  #resolvePluginIds(_plugins, discoveredIds, _verb, ansi) {
+    if (this.all) {
+      return [...discoveredIds];
+    }
+    const out = [];
+    const seen = /* @__PURE__ */ new Set();
+    for (const rawId of this.ids) {
+      const bare = collapseToPluginId(rawId);
+      if (isBuiltInOrLocked(bare)) {
+        this.printer.error(
+          tx(PLUGINS_TEXTS.trustBuiltInRejected, {
+            glyph: ansi.red("\u2715"),
+            id: sanitizeForTerminal(bare),
+            hint: ansi.dim(PLUGINS_TEXTS.trustBuiltInRejectedHint)
+          })
+        );
+        return ExitCode.NotFound;
+      }
+      if (!discoveredIds.has(bare)) {
+        this.printer.error(
+          tx(PLUGINS_TEXTS.pluginNotFound, {
+            glyph: ansi.red("\u2715"),
+            id: sanitizeForTerminal(bare),
+            hint: ansi.dim(PLUGINS_TEXTS.pluginNotFoundHint)
+          })
+        );
+        return ExitCode.NotFound;
+      }
+      if (seen.has(bare)) continue;
+      seen.add(bare);
+      out.push(bare);
+    }
+    return out;
+  }
+  /**
+   * Write the trust grant for every resolved bare plugin id. Single
+   * SQLite open for the whole batch. `trusted` true grants import trust,
+   * false revokes it (the next scan / restart reverts the plugin to
+   * discovered-but-unexecuted).
+   */
+  async #persist(pluginIds, trusted) {
+    const ctx = defaultRuntimeContext();
+    const dbPath = resolveDbPath({ db: void 0, cwd: ctx.cwd });
+    await withSqlite({ databasePath: dbPath, autoBackup: false }, async (adapter) => {
+      for (const id of pluginIds) await adapter.trust.set(id, trusted);
+    });
+  }
+  #renderSuccess(pluginIds, trusted) {
+    const verbPast = trusted ? "trusted" : "untrusted";
+    if (pluginIds.length === 1) {
+      this.printer.data(tx(PLUGINS_TEXTS.trustAppliedSingle, { verbPast, id: pluginIds[0] }));
+      return;
+    }
+    this.printer.data(
+      tx(PLUGINS_TEXTS.trustAppliedManyHeader, { verbPast, count: pluginIds.length })
+    );
+    for (const id of pluginIds) {
+      this.printer.data(tx(PLUGINS_TEXTS.trustAppliedManyRow, { id }));
+    }
+  }
+};
+function collapseToPluginId(id) {
+  const slash = id.indexOf("/");
+  return slash < 0 ? id : id.slice(0, slash);
+}
+function isBuiltInOrLocked(id) {
+  if (isPluginLocked(id)) return true;
+  return builtInPlugins.some((p) => p.id === id);
+}
+var PluginsTrustCommand = class extends TrustPluginsBase {
+  static paths = [["plugins", "trust"]];
+  static usage = Command27.Usage({
+    category: "Plugins",
+    description: "Grant LOCAL import trust to one or more project-local plugins (or --all). Persists in the config_plugins trust store.",
+    details: `
+      Records this machine's consent to import and run the plugin's code.
+      Trust is the SECURITY axis, distinct from enable: a project-local
+      plugin runs only when it is BOTH enabled (config) and trusted (this
+      DB store). Per-plugin (bare id); a qualified <plugin>/<ext> collapses
+      to its plugin. Local only, never committed, so it cannot travel in a
+      clone.
+
+      Accepts one or more ids, or --all (every discovered drop-in plugin).
+      Batches are all-or-nothing: a built-in / host-locked / unknown id
+      aborts before any write. Repeated ids are deduped. Granting trust
+      lets an enabled plugin's code import on the next scan / sm serve
+      restart.
+    `
+  });
+  async run() {
+    return this.applyTrust(true);
+  }
+};
+var PluginsUntrustCommand = class extends TrustPluginsBase {
+  static paths = [["plugins", "untrust"]];
+  static usage = Command27.Usage({
+    category: "Plugins",
+    description: "Revoke LOCAL import trust from one or more project-local plugins (or --all). Does not delete files or change enable state.",
+    details: `
+      Drops the plugin's config_plugins trust row, so it reverts to
+      discovered-but-unexecuted on the next scan / restart. Does NOT change
+      the enable state and does NOT delete the plugin directory. Same
+      id / batch semantics as sm plugins trust.
+    `
+  });
+  async run() {
+    return this.applyTrust(false);
+  }
+};
+
 // cli/commands/plugins/create.ts
 import { existsSync as existsSync26, mkdirSync as mkdirSync5, writeFileSync } from "fs";
 import { dirname as dirname18, join as join18, resolve as resolve37 } from "path";
-import { Command as Command27, Option as Option26 } from "clipanion";
+import { Command as Command28, Option as Option27 } from "clipanion";
 
 // cli/commands/plugins/scaffold/action.ts
 function indexStub(extId) {
@@ -23618,6 +24018,7 @@ Generated by \`sm plugins create ${kind} ${pluginId}\`. Edit \`${mainFileRel}\`
 
 ## Verbs
 
+- \`sm plugins trust ${pluginId}\`: allow this project-local plugin's code to run (it is untrusted until you do)
 - \`sm plugins list ${pluginId}\`: manifest + extensions + load status
 - \`sm plugins doctor\`: full plugin diagnostic
 - \`sm scan\`: re-emit contributions / re-run analysis
@@ -23667,7 +24068,7 @@ function generateScaffold(kind, pluginId, specVersion) {
 // cli/commands/plugins/create.ts
 var PluginsCreateCommand = class extends SmCommand {
   static paths = [["plugins", "create"]];
-  static usage = Command27.Usage({
+  static usage = Command28.Usage({
     category: "Plugins",
     description: "Scaffold a new plugin directory.",
     details: "Emits plugin.json + a per-kind extension stub + README. `<kind>` is one of: provider, extractor, analyzer, action, formatter, hook. The extractor stub ships one view contribution (slot `card.footer.left`) and one setting (`string-list`); edit to taste. Use `sm plugins slots list` to browse the slot / input-type catalog.",
@@ -23679,10 +24080,10 @@ var PluginsCreateCommand = class extends SmCommand {
   });
   // First positional: the extension kind (required). Declared before
   // `pluginId` so clipanion assigns it the first positional slot.
-  kind = Option26.String({ required: true, name: "kind" });
-  pluginId = Option26.String({ required: true, name: "plugin-id" });
-  at = Option26.String("--at", { required: false });
-  force = Option26.Boolean("--force", false);
+  kind = Option27.String({ required: true, name: "kind" });
+  pluginId = Option27.String({ required: true, name: "plugin-id" });
+  at = Option27.String("--at", { required: false });
+  force = Option27.Boolean("--force", false);
   async run() {
     const ansi = this.ansiFor("stderr");
     const errGlyph = ansi.red("\u2715");
@@ -23733,7 +24134,8 @@ var PluginsCreateCommand = class extends SmCommand {
     this.printer.data(
       tx(PLUGINS_TEXTS.createSuccess, {
         targetDir: sanitizeForTerminal(targetDir),
-        mainFile
+        mainFile,
+        pluginId: this.pluginId
       })
     );
     return ExitCode.Ok;
@@ -23741,7 +24143,7 @@ var PluginsCreateCommand = class extends SmCommand {
 };
 
 // cli/commands/plugins/slots.ts
-import { Command as Command28 } from "clipanion";
+import { Command as Command29 } from "clipanion";
 
 // cli/commands/plugins/slots-catalog.ts
 var VIEW_SLOTS_CATALOG = [
@@ -23777,7 +24179,7 @@ var INPUT_TYPES_CATALOG = [
 // cli/commands/plugins/slots.ts
 var PluginsSlotsListCommand = class extends SmCommand {
   static paths = [["plugins", "slots", "list"]];
-  static usage = Command28.Usage({
+  static usage = Command29.Usage({
     category: "Plugins",
     description: "Print the closed catalogs of view slots and input-types.",
     details: "Read-only. Use this when picking a slot / input-type for a new plugin."
@@ -23826,15 +24228,15 @@ var PluginsSlotsListCommand = class extends SmCommand {
 };
 
 // cli/commands/plugins/upgrade.ts
-import { Command as Command29, Option as Option27 } from "clipanion";
+import { Command as Command30, Option as Option28 } from "clipanion";
 var PluginsUpgradeCommand = class extends SmCommand {
   static paths = [["plugins", "upgrade"]];
-  static usage = Command29.Usage({
+  static usage = Command30.Usage({
     category: "Plugins",
     description: "Apply catalog migrations to plugin manifests.",
     details: "No migrations registered against catalog v1.0.0 yet; this verb is a no-op today. The structure exists so future slot renames / deprecations land without spec churn."
   });
-  pluginId = Option27.String({ required: false, name: "plugin-id" });
+  pluginId = Option28.String({ required: false, name: "plugin-id" });
   async run() {
     this.printer.data(
       "sm plugins upgrade: no migrations registered for catalog v1.0.0.\n  All loaded plugins are catalog-current.\n  Run `sm plugins doctor` to surface any incompatible-catalog status.\n"
@@ -23844,7 +24246,7 @@ var PluginsUpgradeCommand = class extends SmCommand {
 };
 
 // cli/commands/plugins/config.ts
-import { Command as Command30, Option as Option28 } from "clipanion";
+import { Command as Command31, Option as Option29 } from "clipanion";
 
 // cli/i18n/plugins-config.texts.ts
 var PLUGINS_CONFIG_TEXTS = {
@@ -23885,7 +24287,7 @@ var PLUGINS_CONFIG_TEXTS = {
 // cli/commands/plugins/config.ts
 var PluginsConfigCommand = class extends SmCommand {
   static paths = [["plugins", "config"]];
-  static usage = Command30.Usage({
+  static usage = Command31.Usage({
     category: "Plugins",
     description: "Read or write an extension's declared settings.",
     details: `
@@ -23900,13 +24302,13 @@ var PluginsConfigCommand = class extends SmCommand {
       Secret values are shown as <redacted>. Run \`sm scan\` to apply.
     `
   });
-  id = Option28.String({ required: true });
-  settingId = Option28.String({ required: false });
-  value = Option28.String({ required: false });
-  reset = Option28.Boolean("--reset", false, {
+  id = Option29.String({ required: true });
+  settingId = Option29.String({ required: false });
+  value = Option29.String({ required: false });
+  reset = Option29.Boolean("--reset", false, {
     description: "Remove the override for <settingId> so the manifest default applies."
   });
-  pluginDir = Option28.String("--plugin-dir", { required: false });
+  pluginDir = Option29.String("--plugin-dir", { required: false });
   // Read-only when listing; the write / reset paths emit their own
   // receipt. `sm config` exempts the config family from "done in <…>";
   // mirror that here for the read path. The write path keeps the line.
@@ -24219,6 +24621,8 @@ var PLUGIN_COMMANDS = [
   PluginsDoctorCommand,
   PluginsEnableCommand,
   PluginsDisableCommand,
+  PluginsTrustCommand,
+  PluginsUntrustCommand,
   PluginsCreateCommand,
   PluginsSlotsListCommand,
   PluginsUpgradeCommand,
@@ -24228,7 +24632,7 @@ var PLUGIN_COMMANDS = [
 // cli/commands/refresh.ts
 import { readFile as readFile4 } from "fs/promises";
 import { resolve as resolve38 } from "path";
-import { Command as Command31, Option as Option29 } from "clipanion";
+import { Command as Command32, Option as Option30 } from "clipanion";
 
 // cli/i18n/refresh.texts.ts
 var REFRESH_TEXTS = {
@@ -24284,7 +24688,7 @@ var REFRESH_TEXTS = {
 // cli/commands/refresh.ts
 var RefreshCommand = class extends SmCommand {
   static paths = [["refresh"]];
-  static usage = Command31.Usage({
+  static usage = Command32.Usage({
     category: "Scan",
     description: "Refresh enrichment rows: granular (single node) or batch (every stale row).",
     details: `
@@ -24306,11 +24710,11 @@ var RefreshCommand = class extends SmCommand {
       ["Refresh every node with stale enrichments", "$0 refresh --stale"]
     ]
   });
-  nodePath = Option29.String({ name: "node", required: false });
-  stale = Option29.Boolean("--stale", false, {
+  nodePath = Option30.String({ name: "node", required: false });
+  stale = Option30.Boolean("--stale", false, {
     description: "Refresh every node carrying a stale enrichment row (no-op in this revision; reserved for future Action-prob enrichments)."
   });
-  noPlugins = Option29.Boolean("--no-plugins", false, {
+  noPlugins = Option30.Boolean("--no-plugins", false, {
     description: "Skip drop-in plugin discovery; use only the built-in extractor set."
   });
   // The remaining cyclomatic count comes from CLI ergonomics that don't
@@ -24614,7 +25018,7 @@ var IntentionalFailCommand = class extends SmCommand {
 };
 
 // cli/commands/scan.ts
-import { Command as Command33, Option as Option31 } from "clipanion";
+import { Command as Command34, Option as Option32 } from "clipanion";
 
 // kernel/util/format-bytes.ts
 var UNITS = ["B", "KiB", "MiB", "GiB", "TiB", "PiB"];
@@ -24773,22 +25177,17 @@ var SCAN_TEXTS = {
 };
 
 // cli/commands/watch.ts
-import { Command as Command32, Option as Option30 } from "clipanion";
+import { Command as Command33, Option as Option31 } from "clipanion";
 
 // core/watcher/runtime.ts
 import { dirname as dirname19, isAbsolute as isAbsolute13, relative as relative9, resolve as resolve39, sep as sep6 } from "path";
 
 // core/runtime/fresh-resolver.ts
 async function buildFreshResolver(deps) {
-  const overrides = await tryWithSqlite(
-    { databasePath: deps.databasePath, autoBackup: false },
-    async (adapter) => adapter.pluginConfig.loadOverrideMap()
-  );
-  if (overrides === null) return deps.fallbackResolver;
-  return makeEnabledResolver(deps.effectiveConfig(), overrides);
+  return makeEnabledResolver(deps.effectiveConfig());
 }
-function composeResolver(effectiveConfig, overrides) {
-  return makeEnabledResolver(effectiveConfig, overrides);
+function composeResolver(effectiveConfig) {
+  return makeEnabledResolver(effectiveConfig);
 }
 
 // core/watcher/i18n/runtime.texts.ts
@@ -24904,9 +25303,7 @@ function createWatcherRuntime(opts) {
     const runOnePass = async (changedPaths) => {
       notifyBatchStart();
       const resolveEnabledOverride = await buildFreshResolver({
-        databasePath: opts.dbPath,
-        effectiveConfig: () => cfg,
-        fallbackResolver: pluginRuntime.resolveEnabled
+        effectiveConfig: () => cfg
       });
       const kernel = createKernel();
       registerEnabledExtensions(kernel, pluginRuntime, {
@@ -25370,7 +25767,7 @@ async function runWatchLoop(opts) {
 }
 var WatchCommand = class extends SmCommand {
   static paths = [["watch"]];
-  static usage = Command32.Usage({
+  static usage = Command33.Usage({
     category: "Scan",
     description: "Watch roots and run an incremental scan after each debounced batch of filesystem events.",
     details: `
@@ -25394,25 +25791,25 @@ var WatchCommand = class extends SmCommand {
       ["Stream ScanResult per batch as ndjson", "$0 watch --json"]
     ]
   });
-  roots = Option30.Rest({ name: "roots" });
-  noTokens = Option30.Boolean("--no-tokens", false, {
+  roots = Option31.Rest({ name: "roots" });
+  noTokens = Option31.Boolean("--no-tokens", false, {
     description: "Skip per-node token counts (cl100k_base BPE)."
   });
-  strict = Option30.Boolean("--strict", false, {
+  strict = Option31.Boolean("--strict", false, {
     description: "Promote frontmatter-validation findings from warn to error inside each batch. Does not change the watcher exit code."
   });
-  noPlugins = Option30.Boolean("--no-plugins", false, {
+  noPlugins = Option31.Boolean("--no-plugins", false, {
     description: "Skip drop-in plugin discovery for the watcher session."
   });
-  maxConsecutiveFailures = Option30.String("--max-consecutive-failures", {
+  maxConsecutiveFailures = Option31.String("--max-consecutive-failures", {
     required: false,
     description: "Shut down with exit 2 after N consecutive batch failures (default 5; 0 disables the breaker)."
   });
-  maxScan = Option30.String("--max-scan", {
+  maxScan = Option31.String("--max-scan", {
     required: false,
     description: "Per-batch override of scan.maxScan (default 50000), the WALK-INTAKE ceiling. The scan walks, parses, analyzes, and reference-validates the full corpus up to this number. Bidirectional: raises OR lowers the ceiling. When a batch hits it, additional files are dropped in stable order and the UI surfaces the persistent truncation banner. Validation: integer >= 1."
   });
-  maxNodes = Option30.String("--max-nodes", {
+  maxNodes = Option31.String("--max-nodes", {
     required: false,
     description: "Per-batch override of scan.maxNodes (default 256), the MAP RENDER cap (pure metadata): it does NOT bound the scan, only the graph projection. Bidirectional: raises OR lowers the render cap. Validation: integer >= 1."
   });
@@ -25499,7 +25896,7 @@ function parseMaxNodesLimit(raw, stderr, noColor) {
 // cli/commands/scan.ts
 var ScanCommand = class extends SmCommand {
   static paths = [["scan"]];
-  static usage = Command33.Usage({
+  static usage = Command34.Usage({
     category: "Scan",
     description: "Scan roots for markdown nodes, run extractors and analyzers.",
     details: `
@@ -25534,39 +25931,39 @@ var ScanCommand = class extends SmCommand {
       ["What would the next incremental scan persist?", "$0 scan --changed -n --json"]
     ]
   });
-  roots = Option31.Rest({ name: "roots" });
-  noBuiltIns = Option31.Boolean("--no-built-ins", false, {
+  roots = Option32.Rest({ name: "roots" });
+  noBuiltIns = Option32.Boolean("--no-built-ins", false, {
     description: "Skip the built-in extension set. Yields a zero-filled ScanResult (kernel-empty-boot parity); skips DB persistence."
   });
-  noPlugins = Option31.Boolean("--no-plugins", false, {
+  noPlugins = Option32.Boolean("--no-plugins", false, {
     description: "Skip drop-in plugin discovery. Only the built-in set runs. Combine with --no-built-ins for a fully empty pipeline."
   });
-  noTokens = Option31.Boolean("--no-tokens", false, {
+  noTokens = Option32.Boolean("--no-tokens", false, {
     description: "Skip per-node token counts (cl100k_base BPE). Leaves node.tokens undefined; spec-valid since the field is optional."
   });
-  dryRun = Option31.Boolean("-n,--dry-run", false, {
+  dryRun = Option32.Boolean("-n,--dry-run", false, {
     description: "Run the scan in memory and skip every DB write. Combined with --changed, still opens the DB read-side to load the prior snapshot."
   });
-  changed = Option31.Boolean("--changed", false, {
+  changed = Option32.Boolean("--changed", false, {
     description: "Incremental scan: reuse unchanged nodes from the persisted prior snapshot. Degrades to a full scan if no prior snapshot exists."
   });
-  allowEmpty = Option31.Boolean("--allow-empty", false, {
+  allowEmpty = Option32.Boolean("--allow-empty", false, {
     description: "Allow a zero-result scan to wipe an already-populated DB (replace-all replace by zero rows). Off by default to avoid the typo-trap where an invalid root silently clears your data."
   });
-  strict = Option31.Boolean("--strict", false, {
+  strict = Option32.Boolean("--strict", false, {
     description: "Promote frontmatter-validation findings from warn to error (exit code 1 on any violation). Overrides scan.strict from config when both are set."
   });
-  watch = Option31.Boolean("--watch", false, {
+  watch = Option32.Boolean("--watch", false, {
     description: "Long-running mode: watch the roots and trigger an incremental scan after each debounced batch of filesystem events. Alias of `sm watch`."
   });
-  yes = Option31.Boolean("--yes", false, {
+  yes = Option32.Boolean("--yes", false, {
     description: "Non-interactive mode. For ambiguous activeProvider auto-detect, multiple provider markers (.claude/, .codex/, AGENTS.md, .cursor/) under the scan tree exit non-zero instead of prompting; set the lens manually via `sm config set activeProvider <id>` and re-run. Also auto-confirms the pre-1.0 schema-drift rebuild (when the DB was written by a different skill-map major.minor it is deleted and regenerated) instead of prompting."
   });
-  maxScan = Option31.String("--max-scan", {
+  maxScan = Option32.String("--max-scan", {
     required: false,
     description: "Per-invocation override of `scan.maxScan` (default 50000). The WALK-INTAKE ceiling: the scan walks, parses, analyzes, and reference-validates the full corpus up to this number. Bidirectional: raises OR lowers the ceiling. When the walker hits it, additional files are dropped in stable order and the scan is marked truncated in scan_meta (the UI raises a persistent banner pointing at the .skillmapignore editor in Settings \u2192 Project). Validation: integer >= 1."
   });
-  maxNodes = Option31.String("--max-nodes", {
+  maxNodes = Option32.String("--max-nodes", {
     required: false,
     description: "Per-invocation override of `scan.maxNodes` (default 256). The MAP RENDER cap (pure metadata): it does NOT bound the scan, only how many nodes the graph view projects onto the canvas. Bidirectional: raises OR lowers the render cap. Validation: integer >= 1."
   });
@@ -25927,10 +26324,10 @@ function capOverrides(caps) {
 
 // cli/commands/scan-compare.ts
 import { access, readFile as readFile5 } from "fs/promises";
-import { Command as Command34, Option as Option32 } from "clipanion";
+import { Command as Command35, Option as Option33 } from "clipanion";
 var ScanCompareCommand = class extends SmCommand {
   static paths = [["scan", "compare-with"]];
-  static usage = Command34.Usage({
+  static usage = Command35.Usage({
     category: "Scan",
     description: "Run a fresh scan in memory and emit a delta against the saved ScanResult dump at <dump>. Read-only.",
     details: `
@@ -25958,15 +26355,15 @@ var ScanCompareCommand = class extends SmCommand {
       ["JSON output for tooling", "$0 scan compare-with baseline.json --json"]
     ]
   });
-  dump = Option32.String({ required: true });
-  roots = Option32.Rest({ name: "roots" });
-  noTokens = Option32.Boolean("--no-tokens", false, {
+  dump = Option33.String({ required: true });
+  roots = Option33.Rest({ name: "roots" });
+  noTokens = Option33.Boolean("--no-tokens", false, {
     description: "Skip per-node token counts during the fresh scan."
   });
-  strict = Option32.Boolean("--strict", false, {
+  strict = Option33.Boolean("--strict", false, {
     description: "Promote layered-config warnings and frontmatter-validation findings from warn to error."
   });
-  noPlugins = Option32.Boolean("--no-plugins", false, {
+  noPlugins = Option33.Boolean("--no-plugins", false, {
     description: "Skip drop-in plugin discovery."
   });
   // Cyclomatic count comes from CLI ergonomics: 3 distinct try/catch
@@ -26173,7 +26570,7 @@ function renderDeltaIssues(issues) {
 // cli/commands/serve.ts
 import { spawn as spawn2 } from "child_process";
 import { existsSync as existsSync32 } from "fs";
-import { Command as Command35, Option as Option33 } from "clipanion";
+import { Command as Command36, Option as Option34 } from "clipanion";
 
 // kernel/util/dev-mode.ts
 import { sep as sep7 } from "path";
@@ -26420,6 +26817,14 @@ var SERVER_TEXTS = {
   pluginsBodyNotJson: "Request body must be valid JSON.",
   pluginsBodyNotObject: "Request body must be a JSON object.",
   pluginsEnabledRequired: "`enabled` is required and must be a boolean.",
+  pluginsTrustedRequired: "`trusted` is required and must be a boolean.",
+  // 403, trust toggle targeted a built-in (or host-locked) id. Those are
+  // never import-trust-gated, so a trust grant is meaningless. Reuses the
+  // 403 `locked` envelope code per the spec.
+  pluginsTrustBuiltIn: 'Plugin "{{id}}" is a built-in (or host-locked) and is never import-trust-gated.',
+  // 400, the trust route received a qualified `<plugin>/<ext>` id; trust
+  // is per-plugin, so it must be a bare plugin id.
+  pluginsTrustQualifiedRejected: 'Plugin id "{{id}}" contains "/"; import trust is per-plugin, pass the bare plugin id.',
   // 400, cascade route rejects qualified ids: the bare-id PATCH is the
   // bundle macro endpoint. Anything containing `/` needs the dedicated
   // per-extension route below.
@@ -26482,9 +26887,11 @@ var SERVER_TEXTS = {
   // silently widen the scan surface.
   projectPrefsBodyNotJson: "Request body must be valid JSON.",
   projectPrefsBodyNotObject: "Request body must be a JSON object.",
-  projectPrefsBodyEmpty: "Request body must contain `allowSidecarWriters` and/or a `scan` block with `referencePaths`.",
+  projectPrefsBodyEmpty: "Request body must contain `allowSidecarWriters`, a `scan` block with `referencePaths`, and/or a `pluginTrust` block with `projectEnabled`.",
   projectPrefsConfirmNotBoolean: "`confirm` must be a boolean.",
   projectPrefsSidecarWritersNotBoolean: "`allowSidecarWriters` must be a boolean.",
+  projectPrefsTrustNotObject: '`pluginTrust` must be an object (e.g. `{"pluginTrust": {"projectEnabled": true}}`).',
+  projectPrefsTrustEnabledNotBoolean: "`pluginTrust.projectEnabled` must be a boolean.",
   // Server-stderr advisory after `PATCH /api/project-preferences`
   // toggles the committed sidecar-writer policy. Lets the operator see
   // the team-shared change land without opening settings.json.
@@ -26493,6 +26900,12 @@ var SERVER_TEXTS = {
   projectPrefsListNotArray: "`{{key}}` must be an array of strings.",
   projectPrefsListEntryNotString: "`{{key}}` entries must be strings.",
   projectPrefsConfirmRequired: "This change opens disk access outside the project: {{paths}}. Re-issue the request with `confirm: true` to proceed.",
+  // 412, turning on the local plugin-trust opt-in. Expands the LOCAL
+  // code-execution surface (every plugin the project enables becomes
+  // trusted), so the route refuses without `confirm: true`.
+  projectPrefsTrustConfirmRequired: "Turning on pluginTrust.projectEnabled trusts every plugin this project enables; their code may then import and run on this machine. Re-issue the request with `confirm: true` to proceed.",
+  // Server-stderr advisory after the local plugin-trust opt-in changes.
+  projectPrefsTrustSet: "project-prefs: pluginTrust.projectEnabled = {{value}}",
   projectPrefsPersistFailed: "Could not persist `{{key}}`: {{message}}",
   // Returned for every NEW entry that does not resolve to an existing
   // directory on disk. The list is comma-separated; pre-existing
@@ -27667,6 +28080,24 @@ var parsePatchBody = makeBodyValidator(SINGLE_PATCH_BODY_SCHEMA, {
     "/enabled:type:boolean": SERVER_TEXTS.pluginsEnabledRequired
   }
 });
+var TRUST_PATCH_BODY_SCHEMA = {
+  type: "object",
+  additionalProperties: false,
+  required: ["trusted"],
+  properties: {
+    trusted: { type: "boolean" }
+  }
+};
+var parseTrustPatchBody = makeBodyValidator(TRUST_PATCH_BODY_SCHEMA, {
+  notJson: SERVER_TEXTS.pluginsBodyNotJson,
+  notObject: SERVER_TEXTS.pluginsBodyNotObject,
+  invalid: SERVER_TEXTS.pluginsTrustedRequired,
+  mapping: {
+    ":required:trusted": SERVER_TEXTS.pluginsTrustedRequired,
+    "/trusted:required": SERVER_TEXTS.pluginsTrustedRequired,
+    "/trusted:type:boolean": SERVER_TEXTS.pluginsTrustedRequired
+  }
+});
 var BULK_PATCH_BODY_SCHEMA = {
   type: "object",
   additionalProperties: false,
@@ -27712,7 +28143,8 @@ var parseBulkPatchBody = makeBodyValidator(BULK_PATCH_BODY_SCHEMA, {
 function registerPluginsRoute(app, deps) {
   app.get("/api/plugins", async (c) => {
     const resolveEnabled = await buildFreshResolver2(deps);
-    const items = listItems(deps, resolveEnabled);
+    const trust = await loadTrustState(deps);
+    const items = listItems(deps, resolveEnabled, trust);
     const errorsByPlugin = await loadRuntimeContributionErrors(deps);
     attachRuntimeContributionErrors(items, errorsByPlugin);
     return c.json(
@@ -27771,7 +28203,28 @@ function registerPluginsRoute(app, deps) {
       });
     }
     const body = await parsePatchBody(c.req.raw);
-    return await persistAndProject(c, deps, qualified, body.enabled);
+    return await persistManyAndProject(c, deps, [qualified], body.enabled);
+  });
+  app.patch("/api/plugins/:id/trust", async (c) => {
+    const id = c.req.param("id");
+    if (id.includes("/")) {
+      throw new HTTPException10(400, {
+        message: tx(SERVER_TEXTS.pluginsTrustQualifiedRejected, { id })
+      });
+    }
+    const handle = findHandle(id, deps);
+    if (!handle) {
+      throw new HTTPException10(404, {
+        message: tx(SERVER_TEXTS.pluginsUnknown, { id })
+      });
+    }
+    if (handle.kind === "built-in" || isPluginLocked(id)) {
+      throw new HTTPException10(403, {
+        message: tx(SERVER_TEXTS.pluginsTrustBuiltIn, { id })
+      });
+    }
+    const body = await parseTrustPatchBody(c.req.raw);
+    return await persistTrustAndProject(c, deps, id, body.trusted);
   });
   app.patch("/api/plugins", async (c) => {
     const { changes } = await parseBulkPatchBody(c.req.raw);
@@ -27789,13 +28242,21 @@ function registerPluginsRoute(app, deps) {
     return await persistBulkAndProject(c, deps, changes);
   });
 }
-function listItems(deps, resolveEnabled) {
+function listItems(deps, resolveEnabled, trust) {
   const config = deps.configService.effective();
   return [
     ...deps.options.noBuiltIns ? [] : buildBuiltInItems(resolveEnabled, config),
-    ...buildDiscoveredItems(deps.pluginRuntime.discovered, deps, resolveEnabled, config)
+    ...buildDiscoveredItems(deps.pluginRuntime.discovered, deps, resolveEnabled, config, trust)
   ];
 }
+async function loadTrustState(deps) {
+  const trustMap = await tryWithSqlite(
+    { databasePath: deps.options.dbPath, autoBackup: false },
+    (adapter) => adapter.trust.loadTrustMap()
+  ) ?? /* @__PURE__ */ new Map();
+  const trustProjectEnabled = deps.configService.effective().pluginTrust?.projectEnabled ?? false;
+  return { trustMap, trustProjectEnabled };
+}
 function buildBuiltInItems(resolveEnabled, config) {
   return sortPluginsForPresentation(builtInPlugins).map((plugin) => {
     const pluginLocked = isPluginLocked(plugin.id);
@@ -27833,10 +28294,10 @@ function buildBuiltInItems(resolveEnabled, config) {
     };
   });
 }
-function buildDiscoveredItems(discovered, deps, resolveEnabled, config) {
-  return discovered.map((plugin) => buildDiscoveredItem(plugin, deps, resolveEnabled, config));
+function buildDiscoveredItems(discovered, deps, resolveEnabled, config, trust) {
+  return discovered.map((plugin) => buildDiscoveredItem(plugin, deps, resolveEnabled, config, trust));
 }
-function buildDiscoveredItem(plugin, deps, resolveEnabled, config) {
+function buildDiscoveredItem(plugin, deps, resolveEnabled, config, trust) {
   const pluginLocked = isPluginLocked(plugin.id);
   const extensions = projectExtensionRows(plugin, resolveEnabled, pluginLocked, config);
   const optional = optionalDiscoveredFields(plugin, extensions);
@@ -27848,8 +28309,15 @@ function buildDiscoveredItem(plugin, deps, resolveEnabled, config) {
     reason: plugin.reason ?? null,
     source: classifyPluginSource(plugin.path, deps),
     ...optional,
+    ...discoveredFlags(plugin, pluginLocked, trust)
+  };
+}
+function discoveredFlags(plugin, pluginLocked, trust) {
+  const trusted = trust.trustMap.get(plugin.id) === true || trust.trustProjectEnabled;
+  return {
     ...pluginLocked ? { locked: true } : {},
-    ...plugin.status === "disabled" ? { startsAsDisabled: true } : {}
+    ...trusted ? { trusted: true } : {},
+    ...plugin.status === "disabled" && plugin.untrusted !== true ? { startsAsDisabled: true } : {}
   };
 }
 function optionalDiscoveredFields(plugin, extensions) {
@@ -27941,49 +28409,54 @@ function attachRuntimeContributionErrors(items, errorsByPlugin) {
     if (errors && errors.length > 0) item.runtimeContributionErrors = errors;
   }
 }
-async function persistAndProject(c, deps, configKey, enabled) {
-  const overrides = await tryWithSqlite(
+async function persistManyAndProject(c, deps, keys, enabled) {
+  const cwd = deps.runtimeContext.cwd;
+  for (const key of keys) {
+    writeConfigValue(toEnableConfigKey2(key), enabled, { target: "project", cwd });
+  }
+  if (!enabled && keys.length > 0) await purgeContributionsForKeys(deps, keys);
+  if (keys.length > 0) deps.configService.reload();
+  return await projectListResponse(c, deps);
+}
+async function persistTrustAndProject(c, deps, pluginId, trusted) {
+  const ok = await tryWithSqlite(
     { databasePath: deps.options.dbPath, autoBackup: false },
     async (adapter) => {
-      await applyChangeToAdapter(adapter, configKey, enabled);
-      return await adapter.pluginConfig.loadOverrideMap();
+      await adapter.trust.set(pluginId, trusted);
+      return true;
     }
   );
-  return projectListResponse(c, deps, overrides);
+  if (ok === null) {
+    throw new DbMissingError(
+      tx(SERVER_TEXTS.pluginsDbMissing, { path: deps.options.dbPath })
+    );
+  }
+  return await projectListResponse(c, deps);
 }
-async function persistManyAndProject(c, deps, keys, enabled) {
-  const overrides = await tryWithSqlite(
+function toEnableConfigKey2(id) {
+  const slash = id.indexOf("/");
+  if (slash < 0) return `plugins.${id}.enabled`;
+  return `plugins.${id.slice(0, slash)}.extensions.${id.slice(slash + 1)}.enabled`;
+}
+async function purgeContributionsForKeys(deps, keys) {
+  await tryWithSqlite(
     { databasePath: deps.options.dbPath, autoBackup: false },
     async (adapter) => {
       for (const key of keys) {
-        await applyChangeToAdapter(adapter, key, enabled);
+        const slash = key.indexOf("/");
+        if (slash < 0) {
+          await adapter.contributions.purgeByPlugin(key);
+        } else {
+          await adapter.contributions.purgeByPlugin(key.slice(0, slash), key.slice(slash + 1));
+        }
       }
-      return await adapter.pluginConfig.loadOverrideMap();
     }
   );
-  return projectListResponse(c, deps, overrides);
-}
-async function applyChangeToAdapter(adapter, configKey, enabled) {
-  await adapter.pluginConfig.set(configKey, enabled);
-  if (enabled) return;
-  const slash = configKey.indexOf("/");
-  if (slash < 0) {
-    await adapter.contributions.purgeByPlugin(configKey);
-    return;
-  }
-  await adapter.contributions.purgeByPlugin(
-    configKey.slice(0, slash),
-    configKey.slice(slash + 1)
-  );
 }
-function projectListResponse(c, deps, overrides) {
-  if (overrides === null) {
-    throw new DbMissingError(
-      tx(SERVER_TEXTS.pluginsDbMissing, { path: deps.options.dbPath })
-    );
-  }
-  const freshResolver = composeResolver2(deps, overrides);
-  const items = listItems(deps, freshResolver);
+async function projectListResponse(c, deps) {
+  const resolveEnabled = composeResolver2(deps);
+  const trust = await loadTrustState(deps);
+  const items = listItems(deps, resolveEnabled, trust);
   return c.json(
     buildListEnvelope({
       kind: "plugins",
@@ -28088,27 +28561,26 @@ function handleExtensionSettings(handle, extensionId) {
   return readManifestSettings(ext?.instance);
 }
 async function persistBulkAndProject(c, deps, changes) {
-  const overrides = await tryWithSqlite(
-    { databasePath: deps.options.dbPath, autoBackup: false },
-    async (adapter) => {
-      for (const change of changes) {
-        if (change.enabled === void 0) continue;
-        const writeKeys = expandBulkChangeKeys(change, deps);
-        for (const key of writeKeys) {
-          await applyChangeToAdapter(adapter, key, change.enabled);
-        }
-      }
-      return await adapter.pluginConfig.loadOverrideMap();
+  const { disabledKeys, toggleTouched } = applyBulkEnableWrites(deps, changes);
+  const settingsTouched = persistBulkSettings(deps, changes);
+  if (disabledKeys.length > 0) await purgeContributionsForKeys(deps, disabledKeys);
+  if (toggleTouched || settingsTouched) deps.configService.reload();
+  return await projectListResponse(c, deps);
+}
+function applyBulkEnableWrites(deps, changes) {
+  const cwd = deps.runtimeContext.cwd;
+  const disabledKeys = [];
+  let toggleTouched = false;
+  for (const change of changes) {
+    if (change.enabled === void 0) continue;
+    const writeKeys = expandBulkChangeKeys(change, deps);
+    for (const key of writeKeys) {
+      writeConfigValue(toEnableConfigKey2(key), change.enabled, { target: "project", cwd });
+      if (!change.enabled) disabledKeys.push(key);
     }
-  );
-  if (overrides === null) {
-    throw new DbMissingError(
-      tx(SERVER_TEXTS.pluginsDbMissing, { path: deps.options.dbPath })
-    );
+    if (writeKeys.length > 0) toggleTouched = true;
   }
-  const settingsTouched = persistBulkSettings(deps, changes);
-  if (settingsTouched) deps.configService.reload();
-  return projectListResponse(c, deps, overrides);
+  return { disabledKeys, toggleTouched };
 }
 function persistBulkSettings(deps, changes) {
   const cwd = deps.runtimeContext.cwd;
@@ -28143,13 +28615,11 @@ function expandBulkChangeKeys(change, deps) {
 }
 async function buildFreshResolver2(deps) {
   return buildFreshResolver({
-    databasePath: deps.options.dbPath,
-    effectiveConfig: () => deps.configService.effective(),
-    fallbackResolver: deps.pluginRuntime.resolveEnabled
+    effectiveConfig: () => deps.configService.effective()
   });
 }
-function composeResolver2(deps, overrides) {
-  return composeResolver(deps.configService.effective(), overrides);
+function composeResolver2(deps) {
+  return composeResolver(deps.configService.effective());
 }
 function findHandle(id, deps) {
   const builtIn = builtInPlugins.find((b) => b.id === id);
@@ -28467,6 +28937,12 @@ function buildEnvelope3(deps) {
         cwd,
         default: []
       }) ?? []
+    },
+    pluginTrust: {
+      projectEnabled: readConfigValue("pluginTrust.projectEnabled", {
+        cwd,
+        default: false
+      }) ?? false
     }
   };
 }
@@ -28474,8 +28950,32 @@ async function applyPatch3(deps, body) {
   const cwd = deps.runtimeContext.cwd;
   const policyChanged = typeof body.allowSidecarWriters === "boolean" && writeSidecarWritersPolicy(body.allowSidecarWriters, cwd);
   const scan = applyScanWrites(body, cwd);
+  const trustChanged = applyTrustWrite(body, cwd);
   if (policyChanged || scan.mutated) await maybeRestartWatcher2(deps);
-  if (policyChanged || scan.attempted) deps.configService.reload();
+  if (policyChanged || scan.attempted || trustChanged) deps.configService.reload();
+}
+function applyTrustWrite(body, cwd) {
+  const next = body.pluginTrust?.projectEnabled;
+  if (next === void 0) return false;
+  const before = readConfigValue("pluginTrust.projectEnabled", { cwd, default: false }) ?? false;
+  if (before === next) return false;
+  if (projectTrustExposure({ value: next, cwd }).expandsSurface && body.confirm !== true) {
+    throw new HTTPException13(412, {
+      message: SERVER_TEXTS.projectPrefsTrustConfirmRequired
+    });
+  }
+  try {
+    writeConfigValue("pluginTrust.projectEnabled", next, { target: "project-local", cwd });
+  } catch (err) {
+    throw new HTTPException13(400, {
+      message: tx(SERVER_TEXTS.projectPrefsPersistFailed, {
+        key: "pluginTrust.projectEnabled",
+        message: formatErrorMessage(err)
+      })
+    });
+  }
+  log.warn(tx(SERVER_TEXTS.projectPrefsTrustSet, { value: String(next) }));
+  return true;
 }
 function applyScanWrites(body, cwd) {
   const writes = collectWrites(body);
@@ -28627,7 +29127,11 @@ function isExistingDirectory(entry, cwd) {
 var PATCH_BODY_SCHEMA3 = {
   type: "object",
   additionalProperties: false,
-  anyOf: [{ required: ["allowSidecarWriters"] }, { required: ["scan"] }],
+  anyOf: [
+    { required: ["allowSidecarWriters"] },
+    { required: ["scan"] },
+    { required: ["pluginTrust"] }
+  ],
   properties: {
     confirm: { type: "boolean" },
     allowSidecarWriters: { type: "boolean" },
@@ -28641,6 +29145,14 @@ var PATCH_BODY_SCHEMA3 = {
           items: { type: "string", pattern: "^[^,]+$" }
         }
       }
+    },
+    pluginTrust: {
+      type: "object",
+      additionalProperties: false,
+      minProperties: 1,
+      properties: {
+        projectEnabled: { type: "boolean" }
+      }
     }
   }
 };
@@ -28652,6 +29164,9 @@ var parsePatchBody4 = makeBodyValidator(PATCH_BODY_SCHEMA3, {
     ":anyOf": SERVER_TEXTS.projectPrefsBodyEmpty,
     "/scan:minProperties": SERVER_TEXTS.projectPrefsBodyEmpty,
     "/scan:type:object": SERVER_TEXTS.projectPrefsScanNotObject,
+    "/pluginTrust:minProperties": SERVER_TEXTS.projectPrefsBodyEmpty,
+    "/pluginTrust:type:object": SERVER_TEXTS.projectPrefsTrustNotObject,
+    "/pluginTrust/projectEnabled:type:boolean": SERVER_TEXTS.projectPrefsTrustEnabledNotBoolean,
     "/confirm:type:boolean": SERVER_TEXTS.projectPrefsConfirmNotBoolean,
     "/allowSidecarWriters:type:boolean": SERVER_TEXTS.projectPrefsSidecarWritersNotBoolean,
     "/scan/referencePaths:type:array": tx(SERVER_TEXTS.projectPrefsListNotArray, { key: "scan.referencePaths" }),
@@ -28694,9 +29209,7 @@ async function buildEnvelope4(deps) {
 }
 async function resolveSelectableProviders(deps) {
   const resolveEnabled = await buildFreshResolver({
-    databasePath: deps.options.dbPath,
-    effectiveConfig: () => deps.configService.effective(),
-    fallbackResolver: deps.pluginRuntime.resolveEnabled
+    effectiveConfig: () => deps.configService.effective()
   });
   const selectable = /* @__PURE__ */ new Set();
   for (const provider of deps.providers) {
@@ -29263,9 +29776,7 @@ async function runPersistedScan(c, deps) {
 }
 async function buildBffResolverOverride(deps) {
   return buildFreshResolver({
-    databasePath: deps.options.dbPath,
-    effectiveConfig: () => deps.configService.effective(),
-    fallbackResolver: deps.pluginRuntime.resolveEnabled
+    effectiveConfig: () => deps.configService.effective()
   });
 }
 async function loadPersistedScanMeta(deps) {
@@ -30047,6 +30558,7 @@ function presentationOptionals(ui) {
   if (ui.emoji !== void 0) out.emoji = ui.emoji;
   if (ui.icon !== void 0) out.icon = ui.icon;
   if (ui.hideChip !== void 0) out.hideChip = ui.hideChip;
+  if (ui.invocationSigil !== void 0) out.invocationSigil = ui.invocationSigil;
   return out;
 }
 function resolveProviderBodyField(read) {
@@ -30604,7 +31116,7 @@ var SERVE_TEXTS = {
 // cli/commands/serve.ts
 var ServeCommand = class extends SmCommand {
   static paths = [["serve"]];
-  static usage = Command35.Usage({
+  static usage = Command36.Usage({
     category: "Setup",
     description: "Start the Hono BFF (single-port: REST + WebSocket + SPA bundle).",
     details: `
@@ -30628,18 +31140,18 @@ var ServeCommand = class extends SmCommand {
       ["Point at a pre-built UI bundle", "$0 serve --ui-dist ./ui/dist/browser"]
     ]
   });
-  port = Option33.String("--port", {
+  port = Option34.String("--port", {
     required: false,
     description: "Listening port (default 4242). 0 = OS-assigned."
   });
-  host = Option33.String("--host", {
+  host = Option34.String("--host", {
     required: false,
     description: "Listening host (default 127.0.0.1). Loopback-only enforced when --dev-cors is set."
   });
-  noBuiltIns = Option33.Boolean("--no-built-ins", false, {
+  noBuiltIns = Option34.Boolean("--no-built-ins", false, {
     description: "Skip built-in plugin registration (parity with sm scan --no-built-ins)."
   });
-  noPlugins = Option33.Boolean("--no-plugins", false, {
+  noPlugins = Option34.Boolean("--no-plugins", false, {
     description: "Skip drop-in plugin discovery."
   });
   // `Option.Boolean('--open', true)`, Clipanion's parser auto-derives
@@ -30649,35 +31161,35 @@ var ServeCommand = class extends SmCommand {
   // two registrations for the same flag and rejects the invocation
   // with "Ambiguous Syntax Error". Same convention shipped by every
   // other `--no-...` flag in the CLI tree.
-  open = Option33.Boolean("--open", true, {
+  open = Option34.Boolean("--open", true, {
     description: "Auto-open the SPA in the user's default browser after listen. --no-open opts out."
   });
-  devCors = Option33.Boolean("--dev-cors", false, {
+  devCors = Option34.Boolean("--dev-cors", false, {
     description: "Enable permissive CORS for the Angular dev-server proxy workflow."
   });
   // `--ui-dist` is intentionally undocumented in the Usage block above
   // (the demo build pipeline + tests rely on it; everyday users never
   // need it). Clipanion still exposes it on the parser; the Usage
   // omission is the "hidden" contract per the 14.1 brief.
-  uiDist = Option33.String("--ui-dist", { required: false, hidden: true });
-  noUi = Option33.Boolean("--no-ui", false, {
+  uiDist = Option34.String("--ui-dist", { required: false, hidden: true });
+  noUi = Option34.Boolean("--no-ui", false, {
     description: "Don't serve the Angular UI bundle. Use this when running the BFF alongside `ui:dev` (Angular dev server with HMR). The root `/` then renders an inline placeholder pointing the user at the dev server."
   });
-  noWatcher = Option33.Boolean("--no-watcher", false, {
+  noWatcher = Option34.Boolean("--no-watcher", false, {
     description: "Disable the chokidar-fed scan-and-broadcast loop. Use only for CI / read-only deployments."
   });
-  yes = Option33.Boolean("--yes", false, {
+  yes = Option34.Boolean("--yes", false, {
     description: "Skip the interactive prompt and rebuild the local cache when the on-disk DB has drifted (version skew or an inline schema change). Non-TTY invocations rebuild without asking regardless of this flag."
   });
   // `--watcher-debounce-ms` is undocumented sugar for advanced users
   // who want to tighten / relax the watcher's batching window without
   // editing settings.json. Hidden flag, the Usage block omits it.
-  watcherDebounceMs = Option33.String("--watcher-debounce-ms", { required: false, hidden: true });
-  maxScan = Option33.String("--max-scan", {
+  watcherDebounceMs = Option34.String("--watcher-debounce-ms", { required: false, hidden: true });
+  maxScan = Option34.String("--max-scan", {
     required: false,
     description: "Per-invocation override of scan.maxScan (default 50000), the WALK-INTAKE ceiling. The scan walks, parses, analyzes, and reference-validates the full corpus up to this number. Bidirectional: raises OR lowers the ceiling. Applies to every scan the server runs (initial watcher pass, debounced batches, POST /api/scan, GET /api/scan?fresh=1). Same flag is honoured on the bare `sm` invocation, which routes to `sm serve`."
   });
-  maxNodes = Option33.String("--max-nodes", {
+  maxNodes = Option34.String("--max-nodes", {
     required: false,
     description: "Per-invocation override of scan.maxNodes (default 256), the MAP RENDER cap (pure metadata): it does NOT bound the scan, only how many nodes the graph view projects onto the canvas. Bidirectional: raises OR lowers the render cap. Same flag is honoured on the bare `sm` invocation, which routes to `sm serve`."
   });
@@ -31041,7 +31553,7 @@ function tryOpenBrowser(url, stderr, warnGlyph) {
 }
 
 // cli/commands/show.ts
-import { Command as Command36, Option as Option34 } from "clipanion";
+import { Command as Command37, Option as Option35 } from "clipanion";
 
 // cli/i18n/show.texts.ts
 var SHOW_TEXTS = {
@@ -31092,7 +31604,7 @@ var SHOW_TEXTS = {
 // cli/commands/show.ts
 var ShowCommand = class extends SmCommand {
   static paths = [["show"]];
-  static usage = Command36.Usage({
+  static usage = Command37.Usage({
     category: "Browse",
     description: "Node detail: weight, frontmatter, links, issues.",
     details: `
@@ -31108,7 +31620,7 @@ var ShowCommand = class extends SmCommand {
       ["Machine-readable detail", "$0 show .claude/agents/architect.md --json"]
     ]
   });
-  nodePath = Option34.String({ required: true });
+  nodePath = Option35.String({ required: true });
   async run() {
     const dbPath = resolveDbPath({ db: this.db, ...defaultRuntimeContext() });
     const exit = requireDbOrExit(dbPath, this.context.stderr);
@@ -31350,7 +31862,7 @@ function rankConfidenceForGrouping(c) {
 // cli/commands/sidecar.ts
 import { unlink as unlink3 } from "fs/promises";
 import { resolve as resolve43 } from "path";
-import { Command as Command37, Option as Option35 } from "clipanion";
+import { Command as Command38, Option as Option36 } from "clipanion";
 
 // cli/i18n/sidecar.texts.ts
 var SIDECAR_TEXTS = {
@@ -31431,7 +31943,7 @@ async function runWithSidecarConsent(bag, ansi, dispatch) {
 }
 var SidecarRefreshCommand = class extends SmCommand {
   static paths = [["sidecar", "refresh"]];
-  static usage = Command37.Usage({
+  static usage = Command38.Usage({
     category: "Actions",
     description: "Refresh a sidecar's `for.{bodyHash, frontmatterHash}` to match the live node. Does NOT bump the version.",
     details: `
@@ -31448,8 +31960,8 @@ var SidecarRefreshCommand = class extends SmCommand {
       ["Refresh a node's sidecar hashes", "$0 sidecar refresh .claude/agents/architect.md"]
     ]
   });
-  nodePath = Option35.String({ required: true });
-  yes = Option35.Boolean("--yes", false, {
+  nodePath = Option36.String({ required: true });
+  yes = Option36.Boolean("--yes", false, {
     description: "Confirm writing .sm sidecar files in this project (sets allowEditSmFiles=true on first run)."
   });
   async run() {
@@ -31571,7 +32083,7 @@ var SidecarRefreshCommand = class extends SmCommand {
 };
 var SidecarPruneCommand = class extends SmCommand {
   static paths = [["sidecar", "prune"]];
-  static usage = Command37.Usage({
+  static usage = Command38.Usage({
     category: "Actions",
     description: "Delete orphan .sm files (sidecars whose accompanying .md no longer exists).",
     details: `
@@ -31593,8 +32105,8 @@ var SidecarPruneCommand = class extends SmCommand {
       ["Delete every orphan .sm file (non-interactive)", "$0 sidecar prune --yes"]
     ]
   });
-  dryRun = Option35.Boolean("-n,--dry-run", false);
-  yes = Option35.Boolean("--yes,--force", false, {
+  dryRun = Option36.Boolean("-n,--dry-run", false);
+  yes = Option36.Boolean("--yes,--force", false, {
     description: "Skip the interactive confirmation prompt. Required for non-interactive callers (CI, pre-commit hooks)."
   });
   // Complexity is from per-orphan handling, empty-set / dry-run /
@@ -31714,7 +32226,7 @@ var SidecarPruneCommand = class extends SmCommand {
 };
 var SidecarAnnotateCommand = class extends SmCommand {
   static paths = [["sidecar", "annotate"]];
-  static usage = Command37.Usage({
+  static usage = Command38.Usage({
     category: "Actions",
     description: "Scaffold an empty `<basename>.sm` next to a node ready for editing.",
     details: `
@@ -31732,9 +32244,9 @@ var SidecarAnnotateCommand = class extends SmCommand {
       ["Overwrite an existing one", "$0 sidecar annotate .claude/agents/architect.md --force"]
     ]
   });
-  nodePath = Option35.String({ required: true });
-  force = Option35.Boolean("--force", false);
-  yes = Option35.Boolean("--yes", false, {
+  nodePath = Option36.String({ required: true });
+  force = Option36.Boolean("--force", false);
+  yes = Option36.Boolean("--yes", false, {
     description: "Confirm writing .sm sidecar files in this project (sets allowEditSmFiles=true on first run)."
   });
   async run() {
@@ -31873,7 +32385,7 @@ var SIDECAR_COMMANDS = [
 ];
 
 // cli/commands/stubs.ts
-import { Command as Command38, Option as Option36 } from "clipanion";
+import { Command as Command39, Option as Option37 } from "clipanion";
 
 // cli/i18n/stubs.texts.ts
 var STUBS_TEXTS = {
@@ -31899,7 +32411,7 @@ var StubCommand = class extends SmCommand {
 };
 var DoctorCommand = class extends StubCommand {
   static paths = [["doctor"]];
-  static usage = Command38.Usage({
+  static usage = Command39.Usage({
     category: "Setup",
     description: planned("Diagnostic report: DB integrity, pending migrations, orphan rows, plugin status, runner availability.")
   });
@@ -31907,18 +32419,18 @@ var DoctorCommand = class extends StubCommand {
 };
 var FindingsCommand = class extends StubCommand {
   static paths = [["findings"]];
-  static usage = Command38.Usage({
+  static usage = Command39.Usage({
     category: "Browse",
     description: planned("Probabilistic findings: injection, stale summaries, low confidence.")
   });
-  kind = Option36.String("--kind", { required: false });
-  since = Option36.String("--since", { required: false });
-  threshold = Option36.String("--threshold", { required: false });
+  kind = Option37.String("--kind", { required: false });
+  since = Option37.String("--since", { required: false });
+  threshold = Option37.String("--threshold", { required: false });
   verbName = "findings";
 };
 var ActionsListCommand = class extends StubCommand {
   static paths = [["actions", "list"]];
-  static usage = Command38.Usage({
+  static usage = Command39.Usage({
     category: "Jobs",
     description: planned("Registered action types (manifest view).")
   });
@@ -31926,103 +32438,103 @@ var ActionsListCommand = class extends StubCommand {
 };
 var ActionsShowCommand = class extends StubCommand {
   static paths = [["actions", "show"]];
-  static usage = Command38.Usage({
+  static usage = Command39.Usage({
     category: "Jobs",
     description: planned("Full action manifest, including preconditions and expected duration.")
   });
-  id = Option36.String({ required: true });
+  id = Option37.String({ required: true });
   verbName = "actions show";
 };
 var JobSubmitCommand = class extends StubCommand {
   static paths = [["job", "submit"]];
-  static usage = Command38.Usage({
+  static usage = Command39.Usage({
     category: "Jobs",
     description: planned("Enqueue a single job or fan out to every matching node (--all).")
   });
-  action = Option36.String({ required: true });
-  node = Option36.String("-n", { required: false });
-  all = Option36.Boolean("--all", false);
+  action = Option37.String({ required: true });
+  node = Option37.String("-n", { required: false });
+  all = Option37.Boolean("--all", false);
   // CLI flag stays `--run`; field name is `runFlag` per the
   // shadow-avoidance convention documented on `SmCommand`.
-  runFlag = Option36.Boolean("--run", false);
-  force = Option36.Boolean("--force", false);
-  ttl = Option36.String("--ttl", { required: false });
-  priority = Option36.String("--priority", { required: false });
+  runFlag = Option37.Boolean("--run", false);
+  force = Option37.Boolean("--force", false);
+  ttl = Option37.String("--ttl", { required: false });
+  priority = Option37.String("--priority", { required: false });
   verbName = "job submit";
 };
 var JobListCommand = class extends StubCommand {
   static paths = [["job", "list"]];
-  static usage = Command38.Usage({ category: "Jobs", description: planned("List jobs.") });
-  status = Option36.String("--status", { required: false });
-  action = Option36.String("--action", { required: false });
-  node = Option36.String("--node", { required: false });
+  static usage = Command39.Usage({ category: "Jobs", description: planned("List jobs.") });
+  status = Option37.String("--status", { required: false });
+  action = Option37.String("--action", { required: false });
+  node = Option37.String("--node", { required: false });
   verbName = "job list";
 };
 var JobShowCommand = class extends StubCommand {
   static paths = [["job", "show"]];
-  static usage = Command38.Usage({ category: "Jobs", description: planned("Job detail: state, claim time, TTL, runner, content hash.") });
-  id = Option36.String({ required: true });
+  static usage = Command39.Usage({ category: "Jobs", description: planned("Job detail: state, claim time, TTL, runner, content hash.") });
+  id = Option37.String({ required: true });
   verbName = "job show";
 };
 var JobPreviewCommand = class extends StubCommand {
   static paths = [["job", "preview"]];
-  static usage = Command38.Usage({ category: "Jobs", description: planned("Render the job MD file without executing.") });
-  id = Option36.String({ required: true });
+  static usage = Command39.Usage({ category: "Jobs", description: planned("Render the job MD file without executing.") });
+  id = Option37.String({ required: true });
   verbName = "job preview";
 };
 var JobClaimCommand = class extends StubCommand {
   static paths = [["job", "claim"]];
-  static usage = Command38.Usage({
+  static usage = Command39.Usage({
     category: "Jobs",
     description: planned("Atomic primitive: return next queued job id, mark it running.")
   });
-  filter = Option36.String("--filter", { required: false });
+  filter = Option37.String("--filter", { required: false });
   verbName = "job claim";
 };
 var JobRunCommand = class extends StubCommand {
   static paths = [["job", "run"]];
-  static usage = Command38.Usage({
+  static usage = Command39.Usage({
     category: "Jobs",
     description: planned("Full CLI-runner loop: claim + spawn + record.")
   });
-  all = Option36.Boolean("--all", false);
-  max = Option36.String("--max", { required: false });
+  all = Option37.Boolean("--all", false);
+  max = Option37.String("--max", { required: false });
   verbName = "job run";
 };
 var JobStatusCommand = class extends StubCommand {
   static paths = [["job", "status"]];
-  static usage = Command38.Usage({
+  static usage = Command39.Usage({
     category: "Jobs",
     description: planned("Counts (per status) or single-job status.")
   });
-  id = Option36.String({ required: false });
+  id = Option37.String({ required: false });
   verbName = "job status";
 };
 var JobCancelCommand = class extends StubCommand {
   static paths = [["job", "cancel"]];
-  static usage = Command38.Usage({
+  static usage = Command39.Usage({
     category: "Jobs",
     description: planned("Force a running job to failed with reason user-cancelled.")
   });
-  id = Option36.String({ required: false });
-  all = Option36.Boolean("--all", false);
+  id = Option37.String({ required: false });
+  all = Option37.Boolean("--all", false);
   verbName = "job cancel";
 };
 var RecordCommand = class extends StubCommand {
   static paths = [["record"]];
-  static usage = Command38.Usage({
+  static usage = Command39.Usage({
     category: "Jobs",
     description: planned("Close a running job with success or failure. Nonce is the sole credential.")
   });
-  id = Option36.String("--id", { required: true });
-  nonce = Option36.String("--nonce", { required: true });
-  status = Option36.String("--status", { required: true });
-  report = Option36.String("--report", { required: false });
-  tokensIn = Option36.String("--tokens-in", { required: false });
-  tokensOut = Option36.String("--tokens-out", { required: false });
-  durationMs = Option36.String("--duration-ms", { required: false });
-  model = Option36.String("--model", { required: false });
-  error = Option36.String("--error", { required: false });
+  id = Option37.String("--id", { required: true });
+  nonce = Option37.String("--nonce", { required: true });
+  status = Option37.String("--status", { required: true });
+  report = Option37.String("--report", { required: false });
+  tokensIn = Option37.String("--tokens-in", { required: false });
+  tokensOut = Option37.String("--tokens-out", { required: false });
+  durationMs = Option37.String("--duration-ms", { required: false });
+  model = Option37.String("--model", { required: false });
+  error = Option37.String("--error", { required: false });
   verbName = "record";
 };
 var STUB_COMMANDS = [
@@ -32046,7 +32558,7 @@ import { cpSync as cpSync3, existsSync as existsSync33, mkdirSync as mkdirSync6,
 import { dirname as dirname21, join as join21, resolve as resolve44 } from "path";
 import { createInterface as createInterface6 } from "readline";
 import { fileURLToPath as fileURLToPath8 } from "url";
-import { Command as Command39, Option as Option37 } from "clipanion";
+import { Command as Command40, Option as Option38 } from "clipanion";
 
 // cli/i18n/tutorial.texts.ts
 var TUTORIAL_TEXTS = {
@@ -32110,7 +32622,7 @@ var TRIGGER_EN = "run the tutorial";
 var TRIGGER_ES = "ejecuta el tutorial";
 var TutorialCommand = class extends SmCommand {
   static paths = [["tutorial"]];
-  static usage = Command39.Usage({
+  static usage = Command40.Usage({
     category: "Setup",
     description: "Materialize an interactive tester tutorial as a Claude Code skill folder under `<cwd>/.claude/skills/`.",
     details: `
@@ -32139,18 +32651,18 @@ var TutorialCommand = class extends SmCommand {
   // more. Accept one so a stale `sm tutorial master` lands on a friendly
   // usage error (guarded in `run()`) instead of clipanion's generic
   // "extraneous argument" message.
-  legacyPositional = Option37.String({ required: false });
+  legacyPositional = Option38.String({ required: false });
   // Named `forProvider`, NOT `for` (reserved word). The CLI surface stays
   // `--for`; selects the destination Provider whose `scaffold.skillDir`
   // the skill is materialised under, skipping the interactive prompt.
-  forProvider = Option37.String("--for", {
+  forProvider = Option38.String("--for", {
     required: false,
     description: "Destination provider id (e.g. claude). Skips the prompt."
   });
-  force = Option37.Boolean("--force", false, {
+  force = Option38.Boolean("--force", false, {
     description: "Overwrite an existing target directory without prompting."
   });
-  experimental = Option37.Boolean("--experimental", false, {
+  experimental = Option38.Boolean("--experimental", false, {
     description: "Offer experimental providers as destinations. They ship disabled; enable the chosen one with `sm plugins enable <id>`."
   });
   async run() {
@@ -32384,7 +32896,7 @@ function resolveSkillSourceDir() {
 }
 
 // cli/commands/version.ts
-import { Command as Command40 } from "clipanion";
+import { Command as Command41 } from "clipanion";
 
 // cli/i18n/version.texts.ts
 var VERSION_TEXTS = {
@@ -32399,7 +32911,7 @@ var VERSION_TEXTS = {
 // cli/commands/version.ts
 var VersionCommand = class extends SmCommand {
   static paths = [["version"]];
-  static usage = Command40.Usage({
+  static usage = Command41.Usage({
     category: "Introspection",
     description: "Print the CLI / spec / runtime / db-schema version matrix."
   });
@@ -32616,4 +33128,4 @@ function resolveBareDefault() {
   process.exit(ExitCode.Error);
 }
 //# sourceMappingURL=cli.js.map
-//# debugId=a842c024-162c-5a3a-85db-1daea4b6735f
+//# debugId=ca8113af-a7ac-5cd7-b45c-03a5974bca86