@skill-map/cli 0.68.1 → 0.70.0

package/dist/conformance/index.js

@@ -1,6 +1,6 @@
 // conformance/index.ts
 
-!function(){try{var e="undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof globalThis?globalThis:"undefined"!=typeof self?self:{},n=(new e.Error).stack;n&&(e._sentryDebugIds=e._sentryDebugIds||{},e._sentryDebugIds[n]="47b9c38a-6cac-52c4-9dce-13fbbd5b35ec")}catch(e){}}();
+!function(){try{var e="undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof globalThis?globalThis:"undefined"!=typeof self?self:{},n=(new e.Error).stack;n&&(e._sentryDebugIds=e._sentryDebugIds||{},e._sentryDebugIds[n]="b6a1c282-9829-57e4-bf63-a527fcb3c207")}catch(e){}}();
 import { spawnSync } from "child_process";
 import { cpSync, existsSync, mkdtempSync, readdirSync, readFileSync, rmSync, statSync } from "fs";
 import { tmpdir } from "os";
@@ -215,7 +215,7 @@ function grantFixturePluginTrust(scope, binary, env) {
   const db = new DatabaseSync(dbPath);
   try {
     const stmt = db.prepare(
-      "INSERT INTO config_plugins (plugin_id, enabled, updated_at) VALUES (?, 1, 0) ON CONFLICT(plugin_id) DO UPDATE SET enabled = 1"
+      "INSERT INTO config_plugins (plugin_id, trusted, updated_at) VALUES (?, 1, 0) ON CONFLICT(plugin_id) DO UPDATE SET trusted = 1"
     );
     for (const id of ids) stmt.run(id);
   } finally {
@@ -453,4 +453,4 @@ export {
   runConformanceCase
 };
 //# sourceMappingURL=index.js.map
-//# debugId=47b9c38a-6cac-52c4-9dce-13fbbd5b35ec
+//# debugId=b6a1c282-9829-57e4-bf63-a527fcb3c207

package/dist/index.js

@@ -1,6 +1,6 @@
 // kernel/i18n/registry.texts.ts
 
-!function(){try{var e="undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof globalThis?globalThis:"undefined"!=typeof self?self:{},n=(new e.Error).stack;n&&(e._sentryDebugIds=e._sentryDebugIds||{},e._sentryDebugIds[n]="f0a24ed1-f91a-59a8-b2b9-db8168690990")}catch(e){}}();
+!function(){try{var e="undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof globalThis?globalThis:"undefined"!=typeof self?self:{},n=(new e.Error).stack;n&&(e._sentryDebugIds=e._sentryDebugIds||{},e._sentryDebugIds[n]="9e0186ab-b10f-5a49-8eef-f0668584ed01")}catch(e){}}();
 var REGISTRY_TEXTS = {
   duplicateExtension: "Extension already registered: {{kind}}:{{qualifiedId}}",
   unknownKind: "Unknown extension kind: {{kind}}",
@@ -102,7 +102,7 @@ import { Tiktoken as Tiktoken2 } from "js-tiktoken/lite";
 // package.json
 var package_default = {
   name: "@skill-map/cli",
-  version: "0.68.1",
+  version: "0.70.0",
   description: "skill-map reference implementation \u2014 kernel + CLI + adapters.",
   license: "MIT",
   type: "module",
@@ -256,21 +256,22 @@ var PLUGIN_LOADER_TEXTS = {
   // schema. Both are GitHub blob URLs.
   invalidManifestExtensionShape: "{{relEntry}}: {{errors}}. See {{docUrl}}.",
   importExceededTimeout: "import exceeded {{timeoutMs}}ms; likely a top-level side effect (network call, infinite loop, large blocking work). Move side effects into the runtime methods (`detect` / `evaluate` / `render` / etc.).",
-  disabledByConfig: "disabled by config_plugins or settings.json",
+  disabledByConfig: "disabled by settings.json (plugins.<id>.enabled)",
   /**
    * Reason stamped on a project-local disk plugin discovered but not
-   * imported because the operator never granted local trust. Distinct
-   * from `disabledByConfig` (an explicit toggle-off): this id has no
-   * `config_plugins` override at all, so its code stays unexecuted until
-   * `sm plugins enable` records local intent.
+   * imported because the operator never granted local import trust.
+   * Distinct from `disabledByConfig` (an explicit operational toggle-off
+   * in the config layers): this id is enabled but carries no
+   * `config_plugins` trust grant, so its code stays unexecuted until
+   * `sm plugins trust` records local consent.
    */
-  untrustedNotLoaded: "not loaded: project-local plugin is untrusted until enabled. Run `sm plugins enable {{pluginId}}` to load it.",
+  untrustedNotLoaded: "not loaded: project-local plugin is enabled but not trusted on this machine. Run `sm plugins trust {{pluginId}}` to load it.",
   /**
    * One-time aggregate notice the runtime emits when project-local
    * plugins were found on disk but left unloaded for lack of trust. The
    * `{{count}}` plugins ride the scan without executing any code.
    */
-  untrustedPluginsFoundNotice: "{{count}} project-local plugin(s) found in .skill-map/plugins/ but not loaded (untrusted). Their code did NOT run. Review with `sm plugins list`, then enable any you trust with `sm plugins enable <id>`.",
+  untrustedPluginsFoundNotice: "{{count}} project-local plugin(s) found in .skill-map/plugins/ but not loaded (untrusted). Their code did NOT run. Review with `sm plugins list`, then trust any you vetted with `sm plugins trust <id>`.",
   invalidManifestDirMismatch: "directory name '{{dirName}}' does not match manifest id '{{manifestId}}'. Rename the directory to match the id, or update the manifest id to match the directory.",
   idCollision: "Plugin '{{id}}' at {{pathA}} collides with the plugin at {{pathB}}. Rename one and rerun.",
   loadErrorPluginIdMismatch: "{{relEntry}}: extension declares pluginId '{{declared}}' but its plugin.json declares id '{{manifestId}}'. Remove the explicit pluginId from the extension; the loader injects it from plugin.json#/id.",
@@ -813,14 +814,16 @@ function installedDefaultEnabled(stability) {
 // kernel/scan/detect-providers.ts
 function detectProvidersFromFilesystem(cwd, providers) {
   const seen = /* @__PURE__ */ new Set();
-  const out = [];
+  const matched = [];
   for (const provider of providers) {
     if (seen.has(provider.id)) continue;
     if (!isDetectableUnderCwd(cwd, provider)) continue;
     seen.add(provider.id);
-    out.push(provider.id);
+    matched.push(provider);
   }
-  return out;
+  const hasVendor = matched.some((p) => p.detect?.fallback !== true);
+  const kept = hasVendor ? matched.filter((p) => p.detect?.fallback !== true) : matched;
+  return kept.map((p) => p.id);
 }
 function isDetectableUnderCwd(cwd, provider) {
   if (!installedDefaultEnabled(provider.stability)) return false;
@@ -1816,7 +1819,7 @@ function lookupAllowedKinds(link, _indexes, ctx) {
 }
 function stripTriggerSigil(normalized) {
   if (!normalized) return null;
-  const trimmed = normalized.replace(/^[/@]/, "").trim();
+  const trimmed = normalized.replace(/^[/@$]/, "").trim();
   return trimmed.length === 0 ? null : trimmed;
 }
 function indexNode(node, ctx, byName) {
@@ -4163,4 +4166,4 @@ export {
   runScanWithRenames
 };
 //# sourceMappingURL=index.js.map
-//# debugId=f0a24ed1-f91a-59a8-b2b9-db8168690990
+//# debugId=9e0186ab-b10f-5a49-8eef-f0668584ed01

package/dist/kernel/index.d.ts

@@ -486,7 +486,7 @@ type TSettingValue = string | string[] | boolean | number | ISetting_KeyValueLis
  * to DISABLED, so the extension does not load (does not run, does not
  * register) unless the operator opts in (`sm plugins enable
  * <plugin>/<ext>`, the Settings toggle, or a `settings.json` /
- * `config_plugins` override). The opt-in is a plain enable override,
+ * `settings.local.json` override). The opt-in is a plain enable override,
  * once set it wins over the installed default exactly like any other
  * extension (so a deprecated extension can still be kept running during
  * a migration). The remaining values are presentation-only and default
@@ -2061,11 +2061,15 @@ interface IMigrateNodeFksReport {
         keys: Record<string, string>;
     }>;
 }
-/** A single `config_plugins` override row as the kernel sees it. */
-interface IPluginConfigRow {
+/**
+ * A single `config_plugins` trust row as the kernel sees it. The table
+ * is the per-machine import-trust store (the SECURITY axis); the
+ * operational enable/disable toggle lives in the config layers, not
+ * here. Keyed by the bare plugin id.
+ */
+interface IPluginTrustRow {
     pluginId: string;
-    enabled: boolean;
-    configJson: string | null;
+    trusted: boolean;
     updatedAt: number;
 }
 /** Discovered kernel migration file (one of `NNN_snake_case.sql`). */
@@ -2578,6 +2582,21 @@ interface IProviderUi {
      * topbar lens chip; only the per-card badge is suppressed.
      */
     hideChip?: boolean;
+    /**
+     * Single glyph this lens's runtime uses to invoke a skill / command,
+     * surfaced as the `invokes` edge-kind glyph (and its tooltip example)
+     * in the link-kind palette so the operator recognises the source
+     * syntax instantly. `/` for the slash-invoking lenses (`claude`
+     * commands + skills, `antigravity` skills + workflows), `$` for
+     * `codex` (skills are `$skill`; `/` is reserved for Codex's own
+     * built-in commands). Omitted for lenses with no `/`/`$` invocation
+     * channel (the open-standard `agent-skills`, where skills activate by
+     * `description`, and the non-lens `markdown` base): under those no
+     * `invokes` edge arises, so the palette never paints the glyph.
+     * Projected into `providerRegistry` and joined client-side against
+     * the active lens.
+     */
+    invocationSigil?: string;
 }
 /**
  * Auto-detection markers for the active-provider lens. The lens resolver
@@ -2594,6 +2613,18 @@ interface IProviderDetect {
      * A directory or a file both count; existence is the only test.
      */
     markers: string[];
+    /**
+     * When `true`, this Provider is the open-standard FALLBACK lens: its
+     * markers produce a detection candidate ONLY when no non-fallback
+     * (vendor) Provider matched under the same scope. Reserved for
+     * `agent-skills`, whose `.agents/` marker is the shared skill home that
+     * vendor lenses (`codex`, `antigravity`) also populate; without this flag
+     * a `.codex/` + `.agents/` project would falsely read as an ambiguous
+     * `codex` vs `agent-skills` pair. Vendor Providers omit it (default
+     * `false`) so two vendor markers still surface a real ambiguous prompt.
+     * Mirrors `provider.schema.json#/properties/detect/properties/fallback`.
+     */
+    fallback?: boolean;
 }
 /**
  * Authoring targets for verbs that MATERIALISE files into this
@@ -4977,24 +5008,30 @@ interface StoragePort {
          */
         findActive(predicate: (issue: Issue) => boolean): Promise<IIssueRow[]>;
     };
-    pluginConfig: {
+    /**
+     * Per-machine plugin import-trust store (`config_plugins`, the SECURITY
+     * axis). Keyed by bare plugin id. Written by `sm plugins trust /
+     * untrust` and `PATCH /api/plugins/:id/trust`. The operational
+     * enable/disable toggle lives in the config layers, NOT here.
+     */
+    trust: {
         /**
-         * Upsert the per-plugin enabled override into `config_plugins`.
-         * Caller is `sm plugins enable / disable`.
+         * Upsert the per-plugin trust grant into `config_plugins`. Caller is
+         * `sm plugins trust / untrust` (and the BFF trust route).
          */
-        set(pluginId: string, enabled: boolean): Promise<void>;
-        /** Read a single override; `undefined` when no row exists. */
+        set(pluginId: string, trusted: boolean): Promise<void>;
+        /** Read a single trust grant; `undefined` when no row exists. */
         get(pluginId: string): Promise<boolean | undefined>;
-        /** Every override row, sorted by `pluginId` for stable rendering. */
-        list(): Promise<IPluginConfigRow[]>;
-        /** Drop a single override row (no-op when absent). */
+        /** Every trust row, sorted by `pluginId` for stable rendering. */
+        list(): Promise<IPluginTrustRow[]>;
+        /** Drop a single trust row (no-op when absent). */
         delete(pluginId: string): Promise<void>;
         /**
-         * Load every override into a map for quick lookup by id. Used by
-         * `loadPluginRuntime` to layer the DB overrides over the
-         * `settings.json` defaults at scan boot.
+         * Load every trust grant into a map for quick lookup by bare plugin
+         * id. Used by `loadPluginRuntime` to feed the import-trust gate at
+         * scan boot.
          */
-        loadOverrideMap(): Promise<Map<string, boolean>>;
+        loadTrustMap(): Promise<Map<string, boolean>>;
     };
     jobs: {
         /**

package/dist/kernel/index.js

@@ -1,6 +1,6 @@
 // kernel/i18n/registry.texts.ts
 
-!function(){try{var e="undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof globalThis?globalThis:"undefined"!=typeof self?self:{},n=(new e.Error).stack;n&&(e._sentryDebugIds=e._sentryDebugIds||{},e._sentryDebugIds[n]="7dc46367-403b-5856-87b8-23673c2d3f6c")}catch(e){}}();
+!function(){try{var e="undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof globalThis?globalThis:"undefined"!=typeof self?self:{},n=(new e.Error).stack;n&&(e._sentryDebugIds=e._sentryDebugIds||{},e._sentryDebugIds[n]="37ae34a6-8712-5003-b7e6-767b1b040298")}catch(e){}}();
 var REGISTRY_TEXTS = {
   duplicateExtension: "Extension already registered: {{kind}}:{{qualifiedId}}",
   unknownKind: "Unknown extension kind: {{kind}}",
@@ -102,7 +102,7 @@ import { Tiktoken as Tiktoken2 } from "js-tiktoken/lite";
 // package.json
 var package_default = {
   name: "@skill-map/cli",
-  version: "0.68.1",
+  version: "0.70.0",
   description: "skill-map reference implementation \u2014 kernel + CLI + adapters.",
   license: "MIT",
   type: "module",
@@ -256,21 +256,22 @@ var PLUGIN_LOADER_TEXTS = {
   // schema. Both are GitHub blob URLs.
   invalidManifestExtensionShape: "{{relEntry}}: {{errors}}. See {{docUrl}}.",
   importExceededTimeout: "import exceeded {{timeoutMs}}ms; likely a top-level side effect (network call, infinite loop, large blocking work). Move side effects into the runtime methods (`detect` / `evaluate` / `render` / etc.).",
-  disabledByConfig: "disabled by config_plugins or settings.json",
+  disabledByConfig: "disabled by settings.json (plugins.<id>.enabled)",
   /**
    * Reason stamped on a project-local disk plugin discovered but not
-   * imported because the operator never granted local trust. Distinct
-   * from `disabledByConfig` (an explicit toggle-off): this id has no
-   * `config_plugins` override at all, so its code stays unexecuted until
-   * `sm plugins enable` records local intent.
+   * imported because the operator never granted local import trust.
+   * Distinct from `disabledByConfig` (an explicit operational toggle-off
+   * in the config layers): this id is enabled but carries no
+   * `config_plugins` trust grant, so its code stays unexecuted until
+   * `sm plugins trust` records local consent.
    */
-  untrustedNotLoaded: "not loaded: project-local plugin is untrusted until enabled. Run `sm plugins enable {{pluginId}}` to load it.",
+  untrustedNotLoaded: "not loaded: project-local plugin is enabled but not trusted on this machine. Run `sm plugins trust {{pluginId}}` to load it.",
   /**
    * One-time aggregate notice the runtime emits when project-local
    * plugins were found on disk but left unloaded for lack of trust. The
    * `{{count}}` plugins ride the scan without executing any code.
    */
-  untrustedPluginsFoundNotice: "{{count}} project-local plugin(s) found in .skill-map/plugins/ but not loaded (untrusted). Their code did NOT run. Review with `sm plugins list`, then enable any you trust with `sm plugins enable <id>`.",
+  untrustedPluginsFoundNotice: "{{count}} project-local plugin(s) found in .skill-map/plugins/ but not loaded (untrusted). Their code did NOT run. Review with `sm plugins list`, then trust any you vetted with `sm plugins trust <id>`.",
   invalidManifestDirMismatch: "directory name '{{dirName}}' does not match manifest id '{{manifestId}}'. Rename the directory to match the id, or update the manifest id to match the directory.",
   idCollision: "Plugin '{{id}}' at {{pathA}} collides with the plugin at {{pathB}}. Rename one and rerun.",
   loadErrorPluginIdMismatch: "{{relEntry}}: extension declares pluginId '{{declared}}' but its plugin.json declares id '{{manifestId}}'. Remove the explicit pluginId from the extension; the loader injects it from plugin.json#/id.",
@@ -813,14 +814,16 @@ function installedDefaultEnabled(stability) {
 // kernel/scan/detect-providers.ts
 function detectProvidersFromFilesystem(cwd, providers) {
   const seen = /* @__PURE__ */ new Set();
-  const out = [];
+  const matched = [];
   for (const provider of providers) {
     if (seen.has(provider.id)) continue;
     if (!isDetectableUnderCwd(cwd, provider)) continue;
     seen.add(provider.id);
-    out.push(provider.id);
+    matched.push(provider);
   }
-  return out;
+  const hasVendor = matched.some((p) => p.detect?.fallback !== true);
+  const kept = hasVendor ? matched.filter((p) => p.detect?.fallback !== true) : matched;
+  return kept.map((p) => p.id);
 }
 function isDetectableUnderCwd(cwd, provider) {
   if (!installedDefaultEnabled(provider.stability)) return false;
@@ -1816,7 +1819,7 @@ function lookupAllowedKinds(link, _indexes, ctx) {
 }
 function stripTriggerSigil(normalized) {
   if (!normalized) return null;
-  const trimmed = normalized.replace(/^[/@]/, "").trim();
+  const trimmed = normalized.replace(/^[/@$]/, "").trim();
   return trimmed.length === 0 ? null : trimmed;
 }
 function indexNode(node, ctx, byName) {
@@ -4163,4 +4166,4 @@ export {
   runScanWithRenames
 };
 //# sourceMappingURL=index.js.map
-//# debugId=7dc46367-403b-5856-87b8-23673c2d3f6c
+//# debugId=37ae34a6-8712-5003-b7e6-767b1b040298

package/dist/migrations/001_initial.sql

@@ -241,12 +241,16 @@ CREATE TABLE state_node_favorites (
 
 -- --- Config zone -----------------------------------------------------------
 
+-- Per-machine plugin import-trust store (the SECURITY axis). The
+-- operational enable/disable toggle lives in the config layers
+-- (settings.json / settings.local.json), NOT here. Keyed by bare plugin
+-- id. Redefined inline (greenfield, no migration file, no user_version
+-- bump): the scan_meta.schema_fingerprint drift path rebuilds the cache.
 CREATE TABLE config_plugins (
   plugin_id TEXT PRIMARY KEY,
-  enabled INTEGER NOT NULL DEFAULT 1,
-  config_json TEXT,
+  trusted INTEGER NOT NULL DEFAULT 0,
   updated_at INTEGER NOT NULL,
-  CONSTRAINT ck_config_plugins_enabled CHECK (enabled IN (0,1))
+  CONSTRAINT ck_config_plugins_trusted CHECK (trusted IN (0,1))
 );
 
 CREATE TABLE config_preferences (