@skillsmith/core 0.4.16 → 0.4.17

package/dist/src/services/skill-installation.service.js

@@ -0,0 +1,383 @@
+/**
+ * @fileoverview SkillInstallationService — shared install/uninstall business logic
+ * @module @skillsmith/core/services/skill-installation.service
+ * @see SMI-3483: Wave 0 — Extract SkillInstallationService into core
+ *
+ * Both mcp-server and CLI consume this service. The MCP ToolContext coupling is
+ * eliminated: callers inject explicit dependencies (db, repositories, paths,
+ * registry lookup, progress callback).
+ */
+import * as fs from 'fs/promises';
+import * as path from 'path';
+import * as os from 'os';
+import { SecurityScanner } from '../security/index.js';
+import { safeWriteFile } from '../utils/safe-fs.js';
+import { parseRepoUrl } from '../utils/github-url.js';
+import { TRUST_TIER_SCANNER_OPTIONS, } from './skill-installation.types.js';
+import { ManifestManager } from './skill-manifest.js';
+// SMI-3483: Helpers split to companion file to meet 500-line standard
+import { parseSkillIdInternal, hashContent, validateSkillMd, fetchFromGitHub, generateTips, extractDepIntel, persistDependencies, applyOptimization, performUninstall, sanitizeInstallError, } from './skill-installation.helpers.js';
+const DEFAULT_SKILLS_DIR = path.join(os.homedir(), '.claude', 'skills');
+const DEFAULT_SKILLSMITH_DIR = path.join(os.homedir(), '.skillsmith');
+const DEFAULT_MANIFEST_PATH = path.join(DEFAULT_SKILLSMITH_DIR, 'manifest.json');
+export class SkillInstallationService {
+    db;
+    skillRepo;
+    skillDependencyRepo;
+    skillsDir;
+    manifest;
+    onProgress;
+    registryLookup;
+    coInstallRecorder;
+    sessionInstalledSkillIds;
+    constructor(params) {
+        this.db = params.db;
+        this.skillRepo = params.skillRepo;
+        this.skillDependencyRepo = params.skillDependencyRepo;
+        this.skillsDir = params.skillsDir ?? DEFAULT_SKILLS_DIR;
+        this.manifest = new ManifestManager(params.manifestPath ?? DEFAULT_MANIFEST_PATH);
+        this.onProgress = params.onProgress ?? (() => { });
+        this.registryLookup = params.registryLookup;
+        this.coInstallRecorder = params.coInstallRecorder;
+        this.sessionInstalledSkillIds = params.sessionInstalledSkillIds ?? [];
+    }
+    async install(skillId, options = {}) {
+        let trustTier = 'unknown';
+        try {
+            this.onProgress('parse', 'Parsing skill ID');
+            const parsed = parseSkillIdInternal(skillId);
+            let owner;
+            let repo;
+            let basePath;
+            let skillName;
+            let branch = 'main';
+            let fromRegistry = false;
+            let indexedContentHash;
+            if (parsed.isRegistryId) {
+                if (!this.registryLookup) {
+                    return {
+                        success: false,
+                        skillId,
+                        installPath: '',
+                        error: 'Registry lookup not available. ' +
+                            'Use a full GitHub URL: install { skillId: "https://github.com/owner/repo" }',
+                    };
+                }
+                this.onProgress('lookup', 'Looking up skill in registry');
+                const registrySkill = await this.registryLookup.lookup(skillId);
+                if (!registrySkill) {
+                    return {
+                        success: false,
+                        skillId,
+                        installPath: '',
+                        error: 'Skill "' +
+                            skillId +
+                            '" is indexed for discovery only. ' +
+                            'No installation source available (repo_url is missing). ' +
+                            'This may be placeholder/seed data or a metadata-only entry.',
+                        tips: [
+                            'Use a full GitHub URL instead: install { skillId: "https://github.com/owner/repo" }',
+                            'Search for installable skills using the search tool',
+                            'Many indexed skills are metadata-only and cannot be installed directly',
+                        ],
+                    };
+                }
+                if (registrySkill.quarantined) {
+                    return {
+                        success: false,
+                        skillId,
+                        installPath: '',
+                        error: 'Skill "' +
+                            skillId +
+                            '" has been quarantined due to security concerns. ' +
+                            'Installation is blocked to protect your environment.',
+                        tips: [
+                            'Visit https://skillsmith.app/docs/quarantine for details on quarantine policies',
+                            'If you believe this is a false positive, contact support via https://skillsmith.app/contact?topic=security',
+                            'Contact the skill author or visit the quarantine documentation for more information',
+                        ],
+                    };
+                }
+                const repoInfo = parseRepoUrl(registrySkill.repoUrl);
+                owner = repoInfo.owner;
+                repo = repoInfo.repo;
+                basePath = repoInfo.path ? repoInfo.path + '/' : '';
+                branch = repoInfo.branch;
+                skillName = registrySkill.name;
+                trustTier = registrySkill.trustTier;
+                fromRegistry = true;
+                indexedContentHash = registrySkill.contentHash;
+            }
+            else {
+                owner = parsed.owner;
+                repo = parsed.repo;
+                basePath = parsed.path ? parsed.path + '/' : '';
+                skillName = parsed.path ? path.basename(parsed.path) : repo;
+            }
+            const installPath = path.join(this.skillsDir, skillName);
+            // Check if already installed
+            this.onProgress('manifest', 'Checking manifest');
+            const manifest = await this.manifest.load();
+            if (manifest.installedSkills[skillName] && !options.force) {
+                return {
+                    success: false,
+                    skillId,
+                    installPath,
+                    error: 'Skill "' + skillName + '" is already installed. Use force=true to reinstall.',
+                };
+            }
+            // Fetch SKILL.md
+            this.onProgress('fetch', 'Fetching SKILL.md from GitHub');
+            const skillMdPath = basePath + 'SKILL.md';
+            let skillMdContent;
+            try {
+                skillMdContent = await fetchFromGitHub(owner, repo, skillMdPath, branch);
+            }
+            catch {
+                const repoUrl = 'https://github.com/' + owner + '/' + repo;
+                return {
+                    success: false,
+                    skillId,
+                    installPath,
+                    error: fromRegistry
+                        ? 'This skill is indexed in the Skillsmith registry but its installation source ' +
+                            'appears broken (SKILL.md not found at ' +
+                            (basePath || 'repository root') +
+                            '). ' +
+                            'This is a registry data quality issue. ' +
+                            'Please report it at https://skillsmith.app/contact?topic=registry-quality. ' +
+                            'Repository: ' +
+                            repoUrl
+                        : 'Could not find SKILL.md at ' +
+                            (basePath || 'repository root') +
+                            '. ' +
+                            'Skills must have a SKILL.md file with YAML frontmatter to be installable. ' +
+                            'Repository: ' +
+                            repoUrl,
+                    tips: fromRegistry
+                        ? [
+                            'This is a registry data quality issue, not a path format error',
+                            'Report the broken entry: https://skillsmith.app/contact?topic=registry-quality',
+                        ]
+                        : [
+                            'This skill may be browse-only (no SKILL.md at expected location)',
+                            'Verify the repository exists: ' + repoUrl,
+                        ],
+                };
+            }
+            // Validate SKILL.md
+            this.onProgress('validate', 'Validating SKILL.md');
+            const validation = validateSkillMd(skillMdContent);
+            if (!validation.valid) {
+                return {
+                    success: false,
+                    skillId,
+                    installPath,
+                    error: 'Invalid SKILL.md: ' + validation.errors.join(', '),
+                    tips: [
+                        'SKILL.md must have YAML frontmatter with name and description fields',
+                        'Content must be at least 100 characters',
+                    ],
+                };
+            }
+            // SMI-3510: Compare raw content hash against indexed hash (only if indexed hash exists)
+            const contentHashMismatch = indexedContentHash != null ? hashContent(skillMdContent) !== indexedContentHash : false;
+            // Security scan — GAP-06: Restrict skipScan to trusted tiers only
+            if (options.skipScan && (trustTier === 'experimental' || trustTier === 'unknown')) {
+                return {
+                    success: false,
+                    skillId,
+                    installPath: '',
+                    error: 'Cannot skip security scan for ' +
+                        trustTier +
+                        ' tier skills. ' +
+                        'Only verified, curated, community, and local tier skills may use skipScan.',
+                    tips: [
+                        'Trust tier "' + trustTier + '" requires a security scan before installation',
+                        'If you believe this skill is safe, request a trust tier upgrade from the author',
+                    ],
+                };
+            }
+            let securityReport;
+            if (!options.skipScan) {
+                this.onProgress('scan', 'Running security scan');
+                const scannerOptions = TRUST_TIER_SCANNER_OPTIONS[trustTier];
+                const scanner = new SecurityScanner(scannerOptions);
+                securityReport = scanner.scan(skillId, skillMdContent);
+                if (!securityReport.passed) {
+                    const criticalFindings = securityReport.findings.filter((f) => f.severity === 'critical' || f.severity === 'high');
+                    const tierContext = trustTier === 'unknown'
+                        ? ' (Direct GitHub install - strictest scanning applied)'
+                        : trustTier === 'experimental'
+                            ? ' (Experimental skill - aggressive scanning applied)'
+                            : '';
+                    return {
+                        success: false,
+                        skillId,
+                        installPath,
+                        securityReport,
+                        trustTier,
+                        error: 'Security scan failed with ' +
+                            criticalFindings.length +
+                            ' critical/high findings' +
+                            tierContext +
+                            (trustTier === 'experimental' || trustTier === 'unknown'
+                                ? '. skipScan is not available for ' + trustTier + ' tier skills.'
+                                : '. Use skipScan=true to override (not recommended).'),
+                        tips: [
+                            'Trust tier: ' + trustTier + ' (threshold: ' + scannerOptions.riskThreshold + ')',
+                            'Risk score: ' + securityReport.riskScore,
+                        ],
+                    };
+                }
+            }
+            // Optimization
+            this.onProgress('optimize', 'Applying optimization');
+            const optimizeResult = options.skipOptimize
+                ? {
+                    finalSkillContent: skillMdContent,
+                    subSkillFiles: [],
+                    subagentContent: undefined,
+                    claudeMdSnippet: undefined,
+                    optimizationInfo: { optimized: false },
+                }
+                : await applyOptimization(this.db, skillId, skillName, skillMdContent);
+            const { finalSkillContent, subSkillFiles, subagentContent, optimizationInfo } = optimizeResult;
+            const contentHash = hashContent(finalSkillContent);
+            // Write files
+            this.onProgress('write', 'Writing skill files');
+            const writtenFiles = [];
+            try {
+                await fs.mkdir(installPath, { recursive: true });
+                // Validate directory is not a symlink escape
+                const realInstallPath = await fs.realpath(installPath);
+                const expectedPrefix = path.resolve(this.skillsDir);
+                if (!realInstallPath.startsWith(expectedPrefix + path.sep) &&
+                    realInstallPath !== expectedPrefix) {
+                    throw new Error('Install path escapes skills directory: ' + installPath);
+                }
+                const mainSkillPath = path.join(installPath, 'SKILL.md');
+                await safeWriteFile(mainSkillPath, finalSkillContent);
+                writtenFiles.push(mainSkillPath);
+                // Write sub-skills in parallel
+                if (subSkillFiles.length > 0) {
+                    await Promise.all(subSkillFiles.map(async (subSkill) => {
+                        const subPath = path.join(installPath, subSkill.filename);
+                        await safeWriteFile(subPath, subSkill.content);
+                        writtenFiles.push(subPath);
+                    }));
+                }
+                // Write companion subagent if generated
+                if (subagentContent) {
+                    const agentsDir = path.join(os.homedir(), '.claude', 'agents');
+                    await fs.mkdir(agentsDir, { recursive: true });
+                    const subagentPath = path.join(agentsDir, skillName + '-specialist.md');
+                    await safeWriteFile(subagentPath, subagentContent);
+                    writtenFiles.push(subagentPath);
+                    optimizationInfo.subagentPath = subagentPath;
+                }
+            }
+            catch (writeError) {
+                // Rollback on failure
+                for (const filePath of writtenFiles) {
+                    await fs.unlink(filePath).catch(() => { });
+                }
+                await fs.rmdir(installPath).catch(() => { });
+                throw writeError;
+            }
+            // Fetch optional files
+            const optionalFileScanner = options.skipScan
+                ? null
+                : new SecurityScanner(TRUST_TIER_SCANNER_OPTIONS[trustTier]);
+            const optionalFiles = ['README.md', 'examples.md', 'config.json'];
+            for (const file of optionalFiles) {
+                try {
+                    const content = await fetchFromGitHub(owner, repo, basePath + file, branch);
+                    if (optionalFileScanner) {
+                        const fileScan = optionalFileScanner.scan(skillId + '/' + file, content);
+                        if (!fileScan.passed) {
+                            continue;
+                        }
+                    }
+                    await safeWriteFile(path.join(installPath, file), content);
+                }
+                catch {
+                    // Optional files are fine to skip
+                }
+            }
+            // Update manifest
+            this.onProgress('manifest', 'Updating manifest');
+            await this.manifest.updateSafely((currentManifest) => ({
+                ...currentManifest,
+                installedSkills: {
+                    ...currentManifest.installedSkills,
+                    [skillName]: {
+                        id: skillId,
+                        name: skillName,
+                        version: '1.0.0',
+                        source: 'github:' + owner + '/' + repo,
+                        installPath,
+                        installedAt: new Date().toISOString(),
+                        lastUpdated: new Date().toISOString(),
+                        originalContentHash: contentHash, // hash of optimized content (post-applyOptimization)
+                    },
+                },
+            }));
+            // Record co-install session
+            if (this.coInstallRecorder) {
+                this.coInstallRecorder.recordSessionCoInstalls([...this.sessionInstalledSkillIds, skillId]);
+                this.sessionInstalledSkillIds.push(skillId);
+            }
+            // Persist dependency intelligence (best-effort)
+            const depIntel = extractDepIntel(skillMdContent);
+            try {
+                persistDependencies(this.skillDependencyRepo, skillId, skillMdContent, depIntel.dep_declared);
+            }
+            catch {
+                // Dependency persistence is best-effort
+            }
+            this.onProgress('done', 'Installation complete');
+            const tips = generateTips(skillName, optimizationInfo);
+            // GAP-06: Warn when skipScan was used (allowed tiers only reach here)
+            if (options.skipScan) {
+                tips.unshift('Security scan was skipped. This skill was not scanned for malicious content.');
+            }
+            // SMI-3510: Warn when content hash differs from indexed hash
+            if (contentHashMismatch) {
+                tips.unshift('Content has changed since Skillsmith last indexed this skill. ' +
+                    'This may mean the author updated it, or the content was modified. ' +
+                    "Review recent changes at the skill's repository before using.");
+            }
+            return {
+                success: true,
+                skillId,
+                installPath,
+                securityReport,
+                trustTier,
+                optimization: optimizationInfo,
+                depIntel,
+                contentHashMismatch,
+                tips,
+            };
+        }
+        catch (error) {
+            return {
+                success: false,
+                skillId,
+                installPath: '',
+                error: sanitizeInstallError(error),
+            };
+        }
+    }
+    async uninstall(skillName, options = {}) {
+        return performUninstall({
+            skillName,
+            force: options.force ?? false,
+            skillsDir: this.skillsDir,
+            manifest: this.manifest,
+            skillDependencyRepo: this.skillDependencyRepo,
+            onProgress: this.onProgress,
+        });
+    }
+}
+//# sourceMappingURL=skill-installation.service.js.map

package/dist/src/services/skill-installation.service.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"skill-installation.service.js","sourceRoot":"","sources":["../../../src/services/skill-installation.service.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,KAAK,EAAE,MAAM,aAAa,CAAA;AACjC,OAAO,KAAK,IAAI,MAAM,MAAM,CAAA;AAC5B,OAAO,KAAK,EAAE,MAAM,IAAI,CAAA;AAExB,OAAO,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAA;AACtD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAA;AACnD,OAAO,EAAE,YAAY,EAAE,MAAM,wBAAwB,CAAA;AAMrD,OAAO,EACL,0BAA0B,GAQ3B,MAAM,+BAA+B,CAAA;AAEtC,OAAO,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAA;AAErD,sEAAsE;AACtE,OAAO,EACL,oBAAoB,EACpB,WAAW,EACX,eAAe,EACf,eAAe,EACf,YAAY,EACZ,eAAe,EACf,mBAAmB,EACnB,iBAAiB,EACjB,gBAAgB,EAChB,oBAAoB,GACrB,MAAM,iCAAiC,CAAA;AAExC,MAAM,kBAAkB,GAAG,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,QAAQ,CAAC,CAAA;AACvE,MAAM,sBAAsB,GAAG,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,aAAa,CAAC,CAAA;AACrE,MAAM,qBAAqB,GAAG,IAAI,CAAC,IAAI,CAAC,sBAAsB,EAAE,eAAe,CAAC,CAAA;AAmBhF,MAAM,OAAO,wBAAwB;IAClB,EAAE,CAAU;IACZ,SAAS,CAAiB;IAC1B,mBAAmB,CAA2B;IAC9C,SAAS,CAAQ;IACjB,QAAQ,CAAiB;IACzB,UAAU,CAAkB;IAC5B,cAAc,CAAiB;IAC/B,iBAAiB,CAAoB;IACrC,wBAAwB,CAAU;IAEnD,YAAY,MAAsC;QAChD,IAAI,CAAC,EAAE,GAAG,MAAM,CAAC,EAAE,CAAA;QACnB,IAAI,CAAC,SAAS,GAAG,MAAM,CAAC,SAAS,CAAA;QACjC,IAAI,CAAC,mBAAmB,GAAG,MAAM,CAAC,mBAAmB,CAAA;QACrD,IAAI,CAAC,SAAS,GAAG,MAAM,CAAC,SAAS,IAAI,kBAAkB,CAAA;QACvD,IAAI,CAAC,QAAQ,GAAG,IAAI,eAAe,CAAC,MAAM,CAAC,YAAY,IAAI,qBAAqB,CAAC,CAAA;QACjF,IAAI,CAAC,UAAU,GAAG,MAAM,CAAC,UAAU,IAAI,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAA;QACjD,IAAI,CAAC,cAAc,GAAG,MAAM,CAAC,cAAc,CAAA;QAC3C,IAAI,CAAC,iBAAiB,GAAG,MAAM,CAAC,iBAAiB,CAAA;QACjD,IAAI,CAAC,wBAAwB,GAAG,MAAM,CAAC,wBAAwB,IAAI,EAAE,CAAA;IACvE,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,OAAe,EAAE,UAA0B,EAAE;QACzD,IAAI,SAAS,GAAc,SAAS,CAAA;QACpC,IAAI,CAAC;YACH,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,kBAAkB,CAAC,CAAA;YAC5C,MAAM,MAAM,GAAG,oBAAoB,CAAC,OAAO,CAAC,CAAA;YAE5C,IAAI,KAAa,CAAA;YACjB,IAAI,IAAY,CAAA;YAChB,IAAI,QAAgB,CAAA;YACpB,IAAI,SAAiB,CAAA;YACrB,IAAI,MAAM,GAAW,MAAM,CAAA;YAC3B,IAAI,YAAY,GAAG,KAAK,CAAA;YACxB,IAAI,kBAAsC,CAAA;YAE1C,IAAI,MAAM,CAAC,YAAY,EAAE,CAAC;gBACxB,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,CAAC;oBACzB,OAAO;wBACL,OAAO,EAAE,KAAK;wBACd,OAAO;wBACP,WAAW,EAAE,EAAE;wBACf,KAAK,EACH,iCAAiC;4BACjC,6EAA6E;qBAChF,CAAA;gBACH,CAAC;gBAED,IAAI,CAAC,UAAU,CAAC,QAAQ,EAAE,8BAA8B,CAAC,CAAA;gBACzD,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,OAAO,CAAC,CAAA;gBAE/D,IAAI,CAAC,aAAa,EAAE,CAAC;oBACnB,OAAO;wBACL,OAAO,EAAE,KAAK;wBACd,OAAO;wBACP,WAAW,EAAE,EAAE;wBACf,KAAK,EACH,SAAS;4BACT,OAAO;4BACP,mCAAmC;4BACnC,0DAA0D;4BAC1D,6DAA6D;wBAC/D,IAAI,EAAE;4BACJ,qFAAqF;4BACrF,qDAAqD;4BACrD,wEAAwE;yBACzE;qBACF,CAAA;gBACH,CAAC;gBAED,IAAI,aAAa,CAAC,WAAW,EAAE,CAAC;oBAC9B,OAAO;wBACL,OAAO,EAAE,KAAK;wBACd,OAAO;wBACP,WAAW,EAAE,EAAE;wBACf,KAAK,EACH,SAAS;4BACT,OAAO;4BACP,mDAAmD;4BACnD,sDAAsD;wBACxD,IAAI,EAAE;4BACJ,iFAAiF;4BACjF,4GAA4G;4BAC5G,qFAAqF;yBACtF;qBACF,CAAA;gBACH,CAAC;gBAED,MAAM,QAAQ,GAAG,YAAY,CAAC,aAAa,CAAC,OAAO,CAAC,CAAA;gBACpD,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAA;gBACtB,IAAI,GAAG,QAAQ,CAAC,IAAI,CAAA;gBACpB,QAAQ,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,GAAG,GAAG,CAAC,CAAC,CAAC,EAAE,CAAA;gBACnD,MAAM,GAAG,QAAQ,CAAC,MAAM,CAAA;gBACxB,SAAS,GAAG,aAAa,CAAC,IAAI,CAAA;gBAC9B,SAAS,GAAG,aAAa,CAAC,SAAS,CAAA;gBACnC,YAAY,GAAG,IAAI,CAAA;gBACnB,kBAAkB,GAAG,aAAa,CAAC,WAAW,CAAA;YAChD,CAAC;iBAAM,CAAC;gBACN,KAAK,GAAG,MAAM,CAAC,KAAK,CAAA;gBACpB,IAAI,GAAG,MAAM,CAAC,IAAI,CAAA;gBAClB,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,GAAG,GAAG,CAAC,CAAC,CAAC,EAAE,CAAA;gBAC/C,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAA;YAC7D,CAAC;YAED,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,SAAS,CAAC,CAAA;YAExD,6BAA6B;YAC7B,IAAI,CAAC,UAAU,CAAC,UAAU,EAAE,mBAAmB,CAAC,CAAA;YAChD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAA;YAC3C,IAAI,QAAQ,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;gBAC1D,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,OAAO;oBACP,WAAW;oBACX,KAAK,EAAE,SAAS,GAAG,SAAS,GAAG,sDAAsD;iBACtF,CAAA;YACH,CAAC;YAED,iBAAiB;YACjB,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,+BAA+B,CAAC,CAAA;YACzD,MAAM,WAAW,GAAG,QAAQ,GAAG,UAAU,CAAA;YACzC,IAAI,cAAsB,CAAA;YAC1B,IAAI,CAAC;gBACH,cAAc,GAAG,MAAM,eAAe,CAAC,KAAK,EAAE,IAAI,EAAE,WAAW,EAAE,MAAM,CAAC,CAAA;YAC1E,CAAC;YAAC,MAAM,CAAC;gBACP,MAAM,OAAO,GAAG,qBAAqB,GAAG,KAAK,GAAG,GAAG,GAAG,IAAI,CAAA;gBAC1D,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,OAAO;oBACP,WAAW;oBACX,KAAK,EAAE,YAAY;wBACjB,CAAC,CAAC,+EAA+E;4BAC/E,wCAAwC;4BACxC,CAAC,QAAQ,IAAI,iBAAiB,CAAC;4BAC/B,KAAK;4BACL,yCAAyC;4BACzC,6EAA6E;4BAC7E,cAAc;4BACd,OAAO;wBACT,CAAC,CAAC,6BAA6B;4BAC7B,CAAC,QAAQ,IAAI,iBAAiB,CAAC;4BAC/B,IAAI;4BACJ,4EAA4E;4BAC5E,cAAc;4BACd,OAAO;oBACX,IAAI,EAAE,YAAY;wBAChB,CAAC,CAAC;4BACE,gEAAgE;4BAChE,gFAAgF;yBACjF;wBACH,CAAC,CAAC;4BACE,kEAAkE;4BAClE,gCAAgC,GAAG,OAAO;yBAC3C;iBACN,CAAA;YACH,CAAC;YAED,oBAAoB;YACpB,IAAI,CAAC,UAAU,CAAC,UAAU,EAAE,qBAAqB,CAAC,CAAA;YAClD,MAAM,UAAU,GAAG,eAAe,CAAC,cAAc,CAAC,CAAA;YAClD,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,CAAC;gBACtB,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,OAAO;oBACP,WAAW;oBACX,KAAK,EAAE,oBAAoB,GAAG,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC;oBAC1D,IAAI,EAAE;wBACJ,sEAAsE;wBACtE,yCAAyC;qBAC1C;iBACF,CAAA;YACH,CAAC;YAED,wFAAwF;YACxF,MAAM,mBAAmB,GACvB,kBAAkB,IAAI,IAAI,CAAC,CAAC,CAAC,WAAW,CAAC,cAAc,CAAC,KAAK,kBAAkB,CAAC,CAAC,CAAC,KAAK,CAAA;YAEzF,kEAAkE;YAClE,IAAI,OAAO,CAAC,QAAQ,IAAI,CAAC,SAAS,KAAK,cAAc,IAAI,SAAS,KAAK,SAAS,CAAC,EAAE,CAAC;gBAClF,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,OAAO;oBACP,WAAW,EAAE,EAAE;oBACf,KAAK,EACH,gCAAgC;wBAChC,SAAS;wBACT,gBAAgB;wBAChB,4EAA4E;oBAC9E,IAAI,EAAE;wBACJ,cAAc,GAAG,SAAS,GAAG,gDAAgD;wBAC7E,iFAAiF;qBAClF;iBACF,CAAA;YACH,CAAC;YAED,IAAI,cAA+C,CAAA;YACnD,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC;gBACtB,IAAI,CAAC,UAAU,CAAC,MAAM,EAAE,uBAAuB,CAAC,CAAA;gBAChD,MAAM,cAAc,GAAG,0BAA0B,CAAC,SAAS,CAAC,CAAA;gBAC5D,MAAM,OAAO,GAAG,IAAI,eAAe,CAAC,cAAc,CAAC,CAAA;gBACnD,cAAc,GAAG,OAAO,CAAC,IAAI,CAAC,OAAO,EAAE,cAAc,CAAC,CAAA;gBAEtD,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,CAAC;oBAC3B,MAAM,gBAAgB,GAAG,cAAc,CAAC,QAAQ,CAAC,MAAM,CACrD,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,IAAI,CAAC,CAAC,QAAQ,KAAK,MAAM,CAC1D,CAAA;oBACD,MAAM,WAAW,GACf,SAAS,KAAK,SAAS;wBACrB,CAAC,CAAC,uDAAuD;wBACzD,CAAC,CAAC,SAAS,KAAK,cAAc;4BAC5B,CAAC,CAAC,qDAAqD;4BACvD,CAAC,CAAC,EAAE,CAAA;oBAEV,OAAO;wBACL,OAAO,EAAE,KAAK;wBACd,OAAO;wBACP,WAAW;wBACX,cAAc;wBACd,SAAS;wBACT,KAAK,EACH,4BAA4B;4BAC5B,gBAAgB,CAAC,MAAM;4BACvB,yBAAyB;4BACzB,WAAW;4BACX,CAAC,SAAS,KAAK,cAAc,IAAI,SAAS,KAAK,SAAS;gCACtD,CAAC,CAAC,kCAAkC,GAAG,SAAS,GAAG,eAAe;gCAClE,CAAC,CAAC,oDAAoD,CAAC;wBAC3D,IAAI,EAAE;4BACJ,cAAc,GAAG,SAAS,GAAG,eAAe,GAAG,cAAc,CAAC,aAAa,GAAG,GAAG;4BACjF,cAAc,GAAG,cAAc,CAAC,SAAS;yBAC1C;qBACF,CAAA;gBACH,CAAC;YACH,CAAC;YAED,eAAe;YACf,IAAI,CAAC,UAAU,CAAC,UAAU,EAAE,uBAAuB,CAAC,CAAA;YACpD,MAAM,cAAc,GAAG,OAAO,CAAC,YAAY;gBACzC,CAAC,CAAC;oBACE,iBAAiB,EAAE,cAAc;oBACjC,aAAa,EAAE,EAAkD;oBACjE,eAAe,EAAE,SAA+B;oBAChD,eAAe,EAAE,SAA+B;oBAChD,gBAAgB,EAAE,EAAE,SAAS,EAAE,KAAc,EAAE;iBAChD;gBACH,CAAC,CAAC,MAAM,iBAAiB,CAAC,IAAI,CAAC,EAAE,EAAE,OAAO,EAAE,SAAS,EAAE,cAAc,CAAC,CAAA;YAExE,MAAM,EAAE,iBAAiB,EAAE,aAAa,EAAE,eAAe,EAAE,gBAAgB,EAAE,GAAG,cAAc,CAAA;YAE9F,MAAM,WAAW,GAAG,WAAW,CAAC,iBAAiB,CAAC,CAAA;YAElD,cAAc;YACd,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,qBAAqB,CAAC,CAAA;YAC/C,MAAM,YAAY,GAAa,EAAE,CAAA;YACjC,IAAI,CAAC;gBACH,MAAM,EAAE,CAAC,KAAK,CAAC,WAAW,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAA;gBAEhD,6CAA6C;gBAC7C,MAAM,eAAe,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAA;gBACtD,MAAM,cAAc,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,CAAA;gBACnD,IACE,CAAC,eAAe,CAAC,UAAU,CAAC,cAAc,GAAG,IAAI,CAAC,GAAG,CAAC;oBACtD,eAAe,KAAK,cAAc,EAClC,CAAC;oBACD,MAAM,IAAI,KAAK,CAAC,yCAAyC,GAAG,WAAW,CAAC,CAAA;gBAC1E,CAAC;gBAED,MAAM,aAAa,GAAG,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,UAAU,CAAC,CAAA;gBACxD,MAAM,aAAa,CAAC,aAAa,EAAE,iBAAiB,CAAC,CAAA;gBACrD,YAAY,CAAC,IAAI,CAAC,aAAa,CAAC,CAAA;gBAEhC,+BAA+B;gBAC/B,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBAC7B,MAAM,OAAO,CAAC,GAAG,CACf,aAAa,CAAC,GAAG,CAAC,KAAK,EAAE,QAAQ,EAAE,EAAE;wBACnC,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,QAAQ,CAAC,QAAQ,CAAC,CAAA;wBACzD,MAAM,aAAa,CAAC,OAAO,EAAE,QAAQ,CAAC,OAAO,CAAC,CAAA;wBAC9C,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;oBAC5B,CAAC,CAAC,CACH,CAAA;gBACH,CAAC;gBAED,wCAAwC;gBACxC,IAAI,eAAe,EAAE,CAAC;oBACpB,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,QAAQ,CAAC,CAAA;oBAC9D,MAAM,EAAE,CAAC,KAAK,CAAC,SAAS,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAA;oBAC9C,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,SAAS,GAAG,gBAAgB,CAAC,CAAA;oBACvE,MAAM,aAAa,CAAC,YAAY,EAAE,eAAe,CAAC,CAAA;oBAClD,YAAY,CAAC,IAAI,CAAC,YAAY,CAAC,CAAA;oBAC/B,gBAAgB,CAAC,YAAY,GAAG,YAAY,CAAA;gBAC9C,CAAC;YACH,CAAC;YAAC,OAAO,UAAU,EAAE,CAAC;gBACpB,sBAAsB;gBACtB,KAAK,MAAM,QAAQ,IAAI,YAAY,EAAE,CAAC;oBACpC,MAAM,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAA;gBAC3C,CAAC;gBACD,MAAM,EAAE,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAA;gBAC3C,MAAM,UAAU,CAAA;YAClB,CAAC;YAED,uBAAuB;YACvB,MAAM,mBAAmB,GAAG,OAAO,CAAC,QAAQ;gBAC1C,CAAC,CAAC,IAAI;gBACN,CAAC,CAAC,IAAI,eAAe,CAAC,0BAA0B,CAAC,SAAS,CAAC,CAAC,CAAA;YAC9D,MAAM,aAAa,GAAG,CAAC,WAAW,EAAE,aAAa,EAAE,aAAa,CAAC,CAAA;YACjE,KAAK,MAAM,IAAI,IAAI,aAAa,EAAE,CAAC;gBACjC,IAAI,CAAC;oBACH,MAAM,OAAO,GAAG,MAAM,eAAe,CAAC,KAAK,EAAE,IAAI,EAAE,QAAQ,GAAG,IAAI,EAAE,MAAM,CAAC,CAAA;oBAC3E,IAAI,mBAAmB,EAAE,CAAC;wBACxB,MAAM,QAAQ,GAAG,mBAAmB,CAAC,IAAI,CAAC,OAAO,GAAG,GAAG,GAAG,IAAI,EAAE,OAAO,CAAC,CAAA;wBACxE,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC;4BACrB,SAAQ;wBACV,CAAC;oBACH,CAAC;oBACD,MAAM,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,IAAI,CAAC,EAAE,OAAO,CAAC,CAAA;gBAC5D,CAAC;gBAAC,MAAM,CAAC;oBACP,kCAAkC;gBACpC,CAAC;YACH,CAAC;YAED,kBAAkB;YAClB,IAAI,CAAC,UAAU,CAAC,UAAU,EAAE,mBAAmB,CAAC,CAAA;YAChD,MAAM,IAAI,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC,eAAe,EAAE,EAAE,CAAC,CAAC;gBACrD,GAAG,eAAe;gBAClB,eAAe,EAAE;oBACf,GAAG,eAAe,CAAC,eAAe;oBAClC,CAAC,SAAS,CAAC,EAAE;wBACX,EAAE,EAAE,OAAO;wBACX,IAAI,EAAE,SAAS;wBACf,OAAO,EAAE,OAAO;wBAChB,MAAM,EAAE,SAAS,GAAG,KAAK,GAAG,GAAG,GAAG,IAAI;wBACtC,WAAW;wBACX,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;wBACrC,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;wBACrC,mBAAmB,EAAE,WAAW,EAAE,qDAAqD;qBACxF;iBACF;aACF,CAAC,CAAC,CAAA;YAEH,4BAA4B;YAC5B,IAAI,IAAI,CAAC,iBAAiB,EAAE,CAAC;gBAC3B,IAAI,CAAC,iBAAiB,CAAC,uBAAuB,CAAC,CAAC,GAAG,IAAI,CAAC,wBAAwB,EAAE,OAAO,CAAC,CAAC,CAAA;gBAC3F,IAAI,CAAC,wBAAwB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;YAC7C,CAAC;YAED,gDAAgD;YAChD,MAAM,QAAQ,GAAG,eAAe,CAAC,cAAc,CAAC,CAAA;YAChD,IAAI,CAAC;gBACH,mBAAmB,CACjB,IAAI,CAAC,mBAAmB,EACxB,OAAO,EACP,cAAc,EACd,QAAQ,CAAC,YAAY,CACtB,CAAA;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,wCAAwC;YAC1C,CAAC;YAED,IAAI,CAAC,UAAU,CAAC,MAAM,EAAE,uBAAuB,CAAC,CAAA;YAEhD,MAAM,IAAI,GAAG,YAAY,CAAC,SAAS,EAAE,gBAAgB,CAAC,CAAA;YAEtD,sEAAsE;YACtE,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;gBACrB,IAAI,CAAC,OAAO,CAAC,8EAA8E,CAAC,CAAA;YAC9F,CAAC;YACD,6DAA6D;YAC7D,IAAI,mBAAmB,EAAE,CAAC;gBACxB,IAAI,CAAC,OAAO,CACV,gEAAgE;oBAC9D,oEAAoE;oBACpE,+DAA+D,CAClE,CAAA;YACH,CAAC;YAED,OAAO;gBACL,OAAO,EAAE,IAAI;gBACb,OAAO;gBACP,WAAW;gBACX,cAAc;gBACd,SAAS;gBACT,YAAY,EAAE,gBAAgB;gBAC9B,QAAQ;gBACR,mBAAmB;gBACnB,IAAI;aACL,CAAA;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,OAAO;gBACP,WAAW,EAAE,EAAE;gBACf,KAAK,EAAE,oBAAoB,CAAC,KAAK,CAAC;aACnC,CAAA;QACH,CAAC;IACH,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,SAAiB,EAAE,UAA4B,EAAE;QAC/D,OAAO,gBAAgB,CAAC;YACtB,SAAS;YACT,KAAK,EAAE,OAAO,CAAC,KAAK,IAAI,KAAK;YAC7B,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,mBAAmB,EAAE,IAAI,CAAC,mBAAmB;YAC7C,UAAU,EAAE,IAAI,CAAC,UAAU;SAC5B,CAAC,CAAA;IACJ,CAAC;CACF"}

package/dist/src/services/skill-installation.types.d.ts

@@ -0,0 +1,144 @@
+/**
+ * @fileoverview Types for SkillInstallationService
+ * @module @skillsmith/core/services/skill-installation.types
+ * @see SMI-3483: Wave 0 — Extract SkillInstallationService into core
+ *
+ * Shared types consumed by both mcp-server and CLI for install/uninstall operations.
+ */
+import type { ScanReport, ScannerOptions } from '../security/index.js';
+import type { TrustTier } from '../types/skill.js';
+import type { DependencyDeclaration } from '../types/dependencies.js';
+/**
+ * Callback invoked during install/uninstall to report progress.
+ * CLI wires this to an `ora` spinner; mcp-server wires to MCP notifications.
+ */
+export type ProgressCallback = (stage: string, detail: string) => void;
+/** Action to take when a conflict is detected during skill update */
+export type ConflictAction = 'overwrite' | 'merge' | 'cancel';
+/** Options for the install operation */
+export interface InstallOptions {
+    /** Force reinstall if the skill already exists */
+    force?: boolean;
+    /** Skip security scan (not recommended) */
+    skipScan?: boolean;
+    /** Skip Skillsmith optimization (decomposition, subagent generation) */
+    skipOptimize?: boolean;
+    /** Action to take when local modifications are detected */
+    conflictAction?: ConflictAction;
+}
+/** Dependency intelligence result from an install */
+export interface DepIntelResult {
+    /** Inferred MCP server names from skill content */
+    dep_inferred_servers: string[];
+    /** Declared dependency block from frontmatter (if present) */
+    dep_declared: DependencyDeclaration | undefined;
+    /** Warnings about MCP servers referenced but not configured */
+    dep_warnings: string[];
+}
+/** Optimization metadata included in install result */
+export interface OptimizationInfo {
+    /** Whether skill was optimized */
+    optimized: boolean;
+    /** Sub-skills created (filenames) */
+    subSkills?: string[];
+    /** Whether companion subagent was generated */
+    subagentGenerated?: boolean;
+    /** Path to generated subagent (if any) */
+    subagentPath?: string;
+    /** Estimated token reduction percentage */
+    tokenReductionPercent?: number;
+    /** Original line count */
+    originalLines?: number;
+    /** Optimized line count */
+    optimizedLines?: number;
+}
+/** Result of an install operation */
+export interface InstallResult {
+    success: boolean;
+    skillId: string;
+    installPath: string;
+    securityReport?: ScanReport;
+    tips?: string[];
+    error?: string;
+    /** Trust tier used for security scanning */
+    trustTier?: TrustTier;
+    /** Optimization info (Skillsmith Optimization Layer) */
+    optimization?: OptimizationInfo;
+    /** Path to backup file created during conflict resolution */
+    backupPath?: string;
+    /** Dependency intelligence extracted during install */
+    depIntel?: DepIntelResult;
+    /** Whether fetched content hash differs from indexed content hash */
+    contentHashMismatch?: boolean;
+}
+/** Options for the uninstall operation */
+export interface UninstallOptions {
+    /** Force removal even if skill has been modified since installation */
+    force?: boolean;
+}
+/** Result of an uninstall operation */
+export interface UninstallResult {
+    success: boolean;
+    skillName: string;
+    message: string;
+    removedPath?: string;
+    warning?: string;
+}
+/** Entry for a single installed skill in the manifest */
+export interface SkillManifestEntry {
+    id: string;
+    name: string;
+    version: string;
+    source: string;
+    /**
+     * Absolute path where the skill is installed.
+     * Required by type, but runtime JSON may omit it -- consumers must guard.
+     */
+    installPath: string;
+    installedAt: string;
+    lastUpdated: string;
+    /** SHA-256 hash of SKILL.md at install time for modification detection */
+    originalContentHash?: string;
+    /** SHA-256 hash of the content at last update */
+    contentHash?: string;
+    /** Pinned semver */
+    pinnedVersion?: string;
+    /** How updates are handled */
+    updatePolicy?: 'auto' | 'manual' | 'never';
+}
+/** Manifest tracking all installed skills */
+export interface SkillManifest {
+    version: string;
+    installedSkills: Record<string, SkillManifestEntry>;
+}
+/** Result from a registry skill lookup */
+export interface RegistrySkillInfo {
+    repoUrl: string;
+    name: string;
+    trustTier: TrustTier;
+    /** Whether the skill has been quarantined */
+    quarantined?: boolean;
+    /** SHA-256 hash of SKILL.md at index time for tamper detection */
+    contentHash?: string;
+}
+/**
+ * Abstraction for looking up skills in the registry.
+ * mcp-server provides the API-first implementation; CLI may provide a simpler one.
+ */
+export interface RegistryLookup {
+    /**
+     * Look up a skill by its ID (e.g. "author/name" or UUID).
+     * Returns null if the skill is not found or has no installation source.
+     */
+    lookup(skillId: string): Promise<RegistrySkillInfo | null>;
+}
+/**
+ * Abstraction for recording co-install sessions.
+ * mcp-server provides the real implementation; CLI may skip or stub this.
+ */
+export interface CoInstallRecorder {
+    recordSessionCoInstalls(skillIds: string[]): void;
+}
+/** Security scan configuration per trust tier */
+export declare const TRUST_TIER_SCANNER_OPTIONS: Record<TrustTier, ScannerOptions>;
+//# sourceMappingURL=skill-installation.types.d.ts.map

package/dist/src/services/skill-installation.types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"skill-installation.types.d.ts","sourceRoot":"","sources":["../../../src/services/skill-installation.types.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,UAAU,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAA;AACtE,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAA;AAClD,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,0BAA0B,CAAA;AAMrE;;;GAGG;AACH,MAAM,MAAM,gBAAgB,GAAG,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,KAAK,IAAI,CAAA;AAMtE,qEAAqE;AACrE,MAAM,MAAM,cAAc,GAAG,WAAW,GAAG,OAAO,GAAG,QAAQ,CAAA;AAE7D,wCAAwC;AACxC,MAAM,WAAW,cAAc;IAC7B,kDAAkD;IAClD,KAAK,CAAC,EAAE,OAAO,CAAA;IACf,2CAA2C;IAC3C,QAAQ,CAAC,EAAE,OAAO,CAAA;IAClB,wEAAwE;IACxE,YAAY,CAAC,EAAE,OAAO,CAAA;IACtB,2DAA2D;IAC3D,cAAc,CAAC,EAAE,cAAc,CAAA;CAChC;AAED,qDAAqD;AACrD,MAAM,WAAW,cAAc;IAC7B,mDAAmD;IACnD,oBAAoB,EAAE,MAAM,EAAE,CAAA;IAC9B,8DAA8D;IAC9D,YAAY,EAAE,qBAAqB,GAAG,SAAS,CAAA;IAC/C,+DAA+D;IAC/D,YAAY,EAAE,MAAM,EAAE,CAAA;CACvB;AAED,uDAAuD;AACvD,MAAM,WAAW,gBAAgB;IAC/B,kCAAkC;IAClC,SAAS,EAAE,OAAO,CAAA;IAClB,qCAAqC;IACrC,SAAS,CAAC,EAAE,MAAM,EAAE,CAAA;IACpB,+CAA+C;IAC/C,iBAAiB,CAAC,EAAE,OAAO,CAAA;IAC3B,0CAA0C;IAC1C,YAAY,CAAC,EAAE,MAAM,CAAA;IACrB,2CAA2C;IAC3C,qBAAqB,CAAC,EAAE,MAAM,CAAA;IAC9B,0BAA0B;IAC1B,aAAa,CAAC,EAAE,MAAM,CAAA;IACtB,2BAA2B;IAC3B,cAAc,CAAC,EAAE,MAAM,CAAA;CACxB;AAED,qCAAqC;AACrC,MAAM,WAAW,aAAa;IAC5B,OAAO,EAAE,OAAO,CAAA;IAChB,OAAO,EAAE,MAAM,CAAA;IACf,WAAW,EAAE,MAAM,CAAA;IACnB,cAAc,CAAC,EAAE,UAAU,CAAA;IAC3B,IAAI,CAAC,EAAE,MAAM,EAAE,CAAA;IACf,KAAK,CAAC,EAAE,MAAM,CAAA;IACd,4CAA4C;IAC5C,SAAS,CAAC,EAAE,SAAS,CAAA;IACrB,wDAAwD;IACxD,YAAY,CAAC,EAAE,gBAAgB,CAAA;IAC/B,6DAA6D;IAC7D,UAAU,CAAC,EAAE,MAAM,CAAA;IACnB,uDAAuD;IACvD,QAAQ,CAAC,EAAE,cAAc,CAAA;IACzB,qEAAqE;IACrE,mBAAmB,CAAC,EAAE,OAAO,CAAA;CAC9B;AAMD,0CAA0C;AAC1C,MAAM,WAAW,gBAAgB;IAC/B,uEAAuE;IACvE,KAAK,CAAC,EAAE,OAAO,CAAA;CAChB;AAED,uCAAuC;AACvC,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,OAAO,CAAA;IAChB,SAAS,EAAE,MAAM,CAAA;IACjB,OAAO,EAAE,MAAM,CAAA;IACf,WAAW,CAAC,EAAE,MAAM,CAAA;IACpB,OAAO,CAAC,EAAE,MAAM,CAAA;CACjB;AAMD,yDAAyD;AACzD,MAAM,WAAW,kBAAkB;IACjC,EAAE,EAAE,MAAM,CAAA;IACV,IAAI,EAAE,MAAM,CAAA;IACZ,OAAO,EAAE,MAAM,CAAA;IACf,MAAM,EAAE,MAAM,CAAA;IACd;;;OAGG;IACH,WAAW,EAAE,MAAM,CAAA;IACnB,WAAW,EAAE,MAAM,CAAA;IACnB,WAAW,EAAE,MAAM,CAAA;IACnB,0EAA0E;IAC1E,mBAAmB,CAAC,EAAE,MAAM,CAAA;IAC5B,iDAAiD;IACjD,WAAW,CAAC,EAAE,MAAM,CAAA;IACpB,oBAAoB;IACpB,aAAa,CAAC,EAAE,MAAM,CAAA;IACtB,8BAA8B;IAC9B,YAAY,CAAC,EAAE,MAAM,GAAG,QAAQ,GAAG,OAAO,CAAA;CAC3C;AAED,6CAA6C;AAC7C,MAAM,WAAW,aAAa;IAC5B,OAAO,EAAE,MAAM,CAAA;IACf,eAAe,EAAE,MAAM,CAAC,MAAM,EAAE,kBAAkB,CAAC,CAAA;CACpD;AAMD,0CAA0C;AAC1C,MAAM,WAAW,iBAAiB;IAChC,OAAO,EAAE,MAAM,CAAA;IACf,IAAI,EAAE,MAAM,CAAA;IACZ,SAAS,EAAE,SAAS,CAAA;IACpB,6CAA6C;IAC7C,WAAW,CAAC,EAAE,OAAO,CAAA;IACrB,kEAAkE;IAClE,WAAW,CAAC,EAAE,MAAM,CAAA;CACrB;AAED;;;GAGG;AACH,MAAM,WAAW,cAAc;IAC7B;;;OAGG;IACH,MAAM,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,iBAAiB,GAAG,IAAI,CAAC,CAAA;CAC3D;AAED;;;GAGG;AACH,MAAM,WAAW,iBAAiB;IAChC,uBAAuB,CAAC,QAAQ,EAAE,MAAM,EAAE,GAAG,IAAI,CAAA;CAClD;AAMD,iDAAiD;AACjD,eAAO,MAAM,0BAA0B,EAAE,MAAM,CAAC,SAAS,EAAE,cAAc,CAyBxE,CAAA"}

package/dist/src/services/skill-installation.types.js

@@ -0,0 +1,38 @@
+/**
+ * @fileoverview Types for SkillInstallationService
+ * @module @skillsmith/core/services/skill-installation.types
+ * @see SMI-3483: Wave 0 — Extract SkillInstallationService into core
+ *
+ * Shared types consumed by both mcp-server and CLI for install/uninstall operations.
+ */
+// ============================================================================
+// Scanner Config
+// ============================================================================
+/** Security scan configuration per trust tier */
+export const TRUST_TIER_SCANNER_OPTIONS = {
+    verified: {
+        riskThreshold: 70,
+        maxContentLength: 2_000_000,
+    },
+    curated: {
+        riskThreshold: 60,
+        maxContentLength: 2_000_000,
+    },
+    community: {
+        riskThreshold: 40,
+        maxContentLength: 1_000_000,
+    },
+    local: {
+        riskThreshold: 100,
+        maxContentLength: 10_000_000,
+    },
+    experimental: {
+        riskThreshold: 25,
+        maxContentLength: 500_000,
+    },
+    unknown: {
+        riskThreshold: 20,
+        maxContentLength: 250_000,
+    },
+};
+//# sourceMappingURL=skill-installation.types.js.map

package/dist/src/services/skill-installation.types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"skill-installation.types.js","sourceRoot":"","sources":["../../../src/services/skill-installation.types.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AA0KH,+EAA+E;AAC/E,iBAAiB;AACjB,+EAA+E;AAE/E,iDAAiD;AACjD,MAAM,CAAC,MAAM,0BAA0B,GAAsC;IAC3E,QAAQ,EAAE;QACR,aAAa,EAAE,EAAE;QACjB,gBAAgB,EAAE,SAAS;KAC5B;IACD,OAAO,EAAE;QACP,aAAa,EAAE,EAAE;QACjB,gBAAgB,EAAE,SAAS;KAC5B;IACD,SAAS,EAAE;QACT,aAAa,EAAE,EAAE;QACjB,gBAAgB,EAAE,SAAS;KAC5B;IACD,KAAK,EAAE;QACL,aAAa,EAAE,GAAG;QAClB,gBAAgB,EAAE,UAAU;KAC7B;IACD,YAAY,EAAE;QACZ,aAAa,EAAE,EAAE;QACjB,gBAAgB,EAAE,OAAO;KAC1B;IACD,OAAO,EAAE;QACP,aAAa,EAAE,EAAE;QACjB,gBAAgB,EAAE,OAAO;KAC1B;CACF,CAAA"}

package/dist/src/services/skill-manifest.d.ts

@@ -0,0 +1,20 @@
+/**
+ * @fileoverview Manifest manager for skill installation tracking
+ * @module @skillsmith/core/services/skill-manifest
+ * @see SMI-3483: Extracted from skill-installation.service.ts to meet 500-line standard
+ */
+import type { SkillManifest } from './skill-installation.types.js';
+/**
+ * Manages the skill manifest file (~/.skillsmith/manifest.json) with
+ * file-level locking for concurrent access safety (CLI + MCP server).
+ */
+export declare class ManifestManager {
+    private readonly manifestPath;
+    constructor(manifestPath: string);
+    load(): Promise<SkillManifest>;
+    save(manifest: SkillManifest): Promise<void>;
+    acquireLock(): Promise<void>;
+    releaseLock(): Promise<void>;
+    updateSafely(updateFn: (manifest: SkillManifest) => SkillManifest): Promise<void>;
+}
+//# sourceMappingURL=skill-manifest.d.ts.map

package/dist/src/services/skill-manifest.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"skill-manifest.d.ts","sourceRoot":"","sources":["../../../src/services/skill-manifest.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAKH,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,+BAA+B,CAAA;AAKlE;;;GAGG;AACH,qBAAa,eAAe;IACd,OAAO,CAAC,QAAQ,CAAC,YAAY;gBAAZ,YAAY,EAAE,MAAM;IAE3C,IAAI,IAAI,OAAO,CAAC,aAAa,CAAC;IAS9B,IAAI,CAAC,QAAQ,EAAE,aAAa,GAAG,OAAO,CAAC,IAAI,CAAC;IAO5C,WAAW,IAAI,OAAO,CAAC,IAAI,CAAC;IA+B5B,WAAW,IAAI,OAAO,CAAC,IAAI,CAAC;IAQ5B,YAAY,CAAC,QAAQ,EAAE,CAAC,QAAQ,EAAE,aAAa,KAAK,aAAa,GAAG,OAAO,CAAC,IAAI,CAAC;CAUxF"}