npm - @skillsmith/core - Versions diffs - 0.4.16 → 0.5.0 - Mend

@skillsmith/core 0.4.16 → 0.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (285) hide show

package/dist/src/services/skill-installation.service.js ADDED Viewed

@@ -0,0 +1,432 @@
+/** @fileoverview SkillInstallationService — shared install/uninstall business logic (SMI-3483) */
+import * as fs from 'fs/promises';
+import * as path from 'path';
+import * as os from 'os';
+import { SecurityScanner } from '../security/index.js';
+import { safeWriteFile } from '../utils/safe-fs.js';
+import { parseRepoUrl } from '../utils/github-url.js';
+import { TRUST_TIER_SCANNER_OPTIONS, } from './skill-installation.types.js';
+import { recordAiDefenceFeedback, collectTrendWarnings } from './skill-installation.feedback.js';
+import { ManifestManager } from './skill-manifest.js';
+import { parseSkillIdInternal, hashContent, validateSkillMd, fetchFromGitHub, generateTips, extractDepIntel, persistDependencies, applyOptimization, performUninstall, sanitizeInstallError, validateOptionalConfig, checkDepsAgainstQuarantine, } from './skill-installation.helpers.js';
+const DEFAULT_SKILLS_DIR = path.join(os.homedir(), '.claude', 'skills');
+const DEFAULT_MANIFEST_PATH = path.join(os.homedir(), '.skillsmith', 'manifest.json');
+export class SkillInstallationService {
+    db;
+    skillRepo;
+    skillDependencyRepo;
+    skillsDir;
+    manifest;
+    onProgress;
+    registryLookup;
+    coInstallRecorder;
+    sessionInstalledSkillIds;
+    quarantineLookup;
+    riskHistoryRepo;
+    aiDefenceFeedback;
+    constructor(params) {
+        this.db = params.db;
+        this.skillRepo = params.skillRepo;
+        this.skillDependencyRepo = params.skillDependencyRepo;
+        this.skillsDir = params.skillsDir ?? DEFAULT_SKILLS_DIR;
+        this.manifest = new ManifestManager(params.manifestPath ?? DEFAULT_MANIFEST_PATH);
+        this.onProgress = params.onProgress ?? (() => { });
+        this.registryLookup = params.registryLookup;
+        this.coInstallRecorder = params.coInstallRecorder;
+        this.quarantineLookup = params.quarantineLookup;
+        this.riskHistoryRepo = params.riskHistoryRepo;
+        this.aiDefenceFeedback = params.aiDefenceFeedback;
+        this.sessionInstalledSkillIds = params.sessionInstalledSkillIds ?? [];
+    }
+    async install(skillId, options = {}) {
+        let trustTier = 'unknown';
+        try {
+            this.onProgress('parse', 'Parsing skill ID');
+            const parsed = parseSkillIdInternal(skillId);
+            let owner;
+            let repo;
+            let basePath;
+            let skillName;
+            let branch = 'main';
+            let fromRegistry = false;
+            let indexedContentHash;
+            if (parsed.isRegistryId) {
+                if (!this.registryLookup) {
+                    return {
+                        success: false,
+                        skillId,
+                        installPath: '',
+                        error: 'Registry lookup not available. ' +
+                            'Use a full GitHub URL: install { skillId: "https://github.com/owner/repo" }',
+                    };
+                }
+                this.onProgress('lookup', 'Looking up skill in registry');
+                const registrySkill = await this.registryLookup.lookup(skillId);
+                if (!registrySkill) {
+                    return {
+                        success: false,
+                        skillId,
+                        installPath: '',
+                        error: 'Skill "' +
+                            skillId +
+                            '" is indexed for discovery only. ' +
+                            'No installation source available (repo_url is missing). ' +
+                            'This may be placeholder/seed data or a metadata-only entry.',
+                        tips: [
+                            'Use a full GitHub URL instead: install { skillId: "https://github.com/owner/repo" }',
+                            'Search for installable skills using the search tool',
+                            'Many indexed skills are metadata-only and cannot be installed directly',
+                        ],
+                    };
+                }
+                if (registrySkill.quarantined) {
+                    return {
+                        success: false,
+                        skillId,
+                        installPath: '',
+                        error: 'Skill "' +
+                            skillId +
+                            '" has been quarantined due to security concerns. ' +
+                            'Installation is blocked to protect your environment.',
+                        tips: [
+                            'Visit https://skillsmith.app/docs/quarantine for details on quarantine policies',
+                            'If you believe this is a false positive, contact support via https://skillsmith.app/contact?topic=security',
+                            'Contact the skill author or visit the quarantine documentation for more information',
+                        ],
+                    };
+                }
+                const repoInfo = parseRepoUrl(registrySkill.repoUrl);
+                owner = repoInfo.owner;
+                repo = repoInfo.repo;
+                basePath = repoInfo.path ? repoInfo.path + '/' : '';
+                branch = repoInfo.branch;
+                skillName = registrySkill.name;
+                trustTier = registrySkill.trustTier;
+                fromRegistry = true;
+                indexedContentHash = registrySkill.contentHash;
+            }
+            else {
+                owner = parsed.owner;
+                repo = parsed.repo;
+                basePath = parsed.path ? parsed.path + '/' : '';
+                skillName = parsed.path ? path.basename(parsed.path) : repo;
+            }
+            const installPath = path.join(this.skillsDir, skillName);
+            this.onProgress('manifest', 'Checking manifest');
+            const manifest = await this.manifest.load();
+            if (manifest.installedSkills[skillName] && !options.force) {
+                return {
+                    success: false,
+                    skillId,
+                    installPath,
+                    error: 'Skill "' + skillName + '" is already installed. Use force=true to reinstall.',
+                };
+            }
+            this.onProgress('fetch', 'Fetching SKILL.md from GitHub');
+            const skillMdPath = basePath + 'SKILL.md';
+            let skillMdContent;
+            try {
+                skillMdContent = await fetchFromGitHub(owner, repo, skillMdPath, branch);
+            }
+            catch {
+                const repoUrl = 'https://github.com/' + owner + '/' + repo;
+                return {
+                    success: false,
+                    skillId,
+                    installPath,
+                    error: fromRegistry
+                        ? 'This skill is indexed in the Skillsmith registry but its installation source appears broken (SKILL.md not found at ' +
+                            (basePath || 'repository root') +
+                            '). This is a registry data quality issue. Please report it at https://skillsmith.app/contact?topic=registry-quality. Repository: ' +
+                            repoUrl
+                        : 'Could not find SKILL.md at ' +
+                            (basePath || 'repository root') +
+                            '. Skills must have a SKILL.md file with YAML frontmatter to be installable. Repository: ' +
+                            repoUrl,
+                    tips: fromRegistry
+                        ? [
+                            'This is a registry data quality issue, not a path format error',
+                            'Report the broken entry: https://skillsmith.app/contact?topic=registry-quality',
+                        ]
+                        : [
+                            'This skill may be browse-only (no SKILL.md at expected location)',
+                            'Verify the repository exists: ' + repoUrl,
+                        ],
+                };
+            }
+            this.onProgress('validate', 'Validating SKILL.md');
+            const validation = validateSkillMd(skillMdContent);
+            if (!validation.valid) {
+                return {
+                    success: false,
+                    skillId,
+                    installPath,
+                    error: 'Invalid SKILL.md: ' + validation.errors.join(', '),
+                    tips: [
+                        'SKILL.md must have YAML frontmatter with name and description fields',
+                        'Content must be at least 100 characters',
+                    ],
+                };
+            }
+            const contentHashMismatch = // SMI-3510
+             indexedContentHash != null ? hashContent(skillMdContent) !== indexedContentHash : false;
+            // Security scan — GAP-06: Restrict skipScan to trusted tiers only
+            if (options.skipScan && (trustTier === 'experimental' || trustTier === 'unknown')) {
+                return {
+                    success: false,
+                    skillId,
+                    installPath: '',
+                    error: 'Cannot skip security scan for ' +
+                        trustTier +
+                        ' tier skills. ' +
+                        'Only verified, curated, community, and local tier skills may use skipScan.',
+                    tips: [
+                        'Trust tier "' + trustTier + '" requires a security scan before installation',
+                        'If you believe this skill is safe, request a trust tier upgrade from the author',
+                    ],
+                };
+            }
+            let securityReport;
+            if (!options.skipScan) {
+                this.onProgress('scan', 'Running security scan');
+                const scannerOptions = TRUST_TIER_SCANNER_OPTIONS[trustTier];
+                const scanner = new SecurityScanner(scannerOptions);
+                securityReport = scanner.scan(skillId, skillMdContent);
+                if (!securityReport.passed) {
+                    recordAiDefenceFeedback({
+                        feedback: this.aiDefenceFeedback,
+                        skillMdContent,
+                        scanReport: securityReport,
+                        blocked: true,
+                    });
+                    const criticalFindings = securityReport.findings.filter((f) => f.severity === 'critical' || f.severity === 'high');
+                    const tierContext = trustTier === 'unknown'
+                        ? ' (Direct GitHub install - strictest scanning applied)'
+                        : trustTier === 'experimental'
+                            ? ' (Experimental skill - aggressive scanning applied)'
+                            : '';
+                    return {
+                        success: false,
+                        skillId,
+                        installPath,
+                        securityReport,
+                        trustTier,
+                        error: 'Security scan failed with ' +
+                            criticalFindings.length +
+                            ' critical/high findings' +
+                            tierContext +
+                            (trustTier === 'experimental' || trustTier === 'unknown'
+                                ? '. skipScan is not available for ' + trustTier + ' tier skills.'
+                                : '. Use skipScan=true to override (not recommended).'),
+                        tips: [
+                            'Trust tier: ' + trustTier + ' (threshold: ' + scannerOptions.riskThreshold + ')',
+                            'Risk score: ' + securityReport.riskScore,
+                        ],
+                    };
+                }
+            }
+            // SMI-3863: Pre-install confirmation gate for experimental/unknown registry skills
+            const needsConfirmation = fromRegistry &&
+                (trustTier === 'experimental' || trustTier === 'unknown') &&
+                !options.confirmed;
+            if (needsConfirmation) {
+                const scanNote = securityReport
+                    ? securityReport.passed
+                        ? trustTier + ' tier skills have not been reviewed.'
+                        : 'Security scan detected issues.'
+                    : 'No security scan was performed.';
+                return {
+                    success: false,
+                    skillId,
+                    installPath,
+                    securityReport,
+                    trustTier,
+                    requiresConfirmation: true,
+                    confirmationReason: 'This is an ' +
+                        trustTier +
+                        ' tier skill. ' +
+                        scanNote +
+                        ' Re-run with confirmed=true to proceed.',
+                    tips: ['Trust tier: ' + trustTier, 'Use confirmed=true to proceed with installation'],
+                };
+            }
+            this.onProgress('optimize', 'Applying optimization');
+            const optimizeResult = options.skipOptimize
+                ? {
+                    finalSkillContent: skillMdContent,
+                    subSkillFiles: [],
+                    subagentContent: undefined,
+                    claudeMdSnippet: undefined,
+                    optimizationInfo: { optimized: false },
+                }
+                : await applyOptimization(this.db, skillId, skillName, skillMdContent);
+            const { finalSkillContent, subSkillFiles, subagentContent, optimizationInfo } = optimizeResult;
+            const contentHash = hashContent(finalSkillContent);
+            // Write files
+            this.onProgress('write', 'Writing skill files');
+            const writtenFiles = [];
+            try {
+                await fs.mkdir(installPath, { recursive: true });
+                // Validate directory is not a symlink escape
+                const realInstallPath = await fs.realpath(installPath);
+                const expectedPrefix = path.resolve(this.skillsDir);
+                if (!realInstallPath.startsWith(expectedPrefix + path.sep) &&
+                    realInstallPath !== expectedPrefix) {
+                    throw new Error('Install path escapes skills directory: ' + installPath);
+                }
+                const mainSkillPath = path.join(installPath, 'SKILL.md');
+                await safeWriteFile(mainSkillPath, finalSkillContent);
+                writtenFiles.push(mainSkillPath);
+                // Write sub-skills in parallel
+                if (subSkillFiles.length > 0) {
+                    await Promise.all(subSkillFiles.map(async (subSkill) => {
+                        const subPath = path.join(installPath, subSkill.filename);
+                        await safeWriteFile(subPath, subSkill.content);
+                        writtenFiles.push(subPath);
+                    }));
+                }
+                // Write companion subagent if generated
+                if (subagentContent) {
+                    const agentsDir = path.join(os.homedir(), '.claude', 'agents');
+                    await fs.mkdir(agentsDir, { recursive: true });
+                    const subagentPath = path.join(agentsDir, skillName + '-specialist.md');
+                    await safeWriteFile(subagentPath, subagentContent);
+                    writtenFiles.push(subagentPath);
+                    optimizationInfo.subagentPath = subagentPath;
+                }
+            }
+            catch (writeError) {
+                // Rollback on failure
+                for (const filePath of writtenFiles) {
+                    await fs.unlink(filePath).catch(() => { });
+                }
+                await fs.rmdir(installPath).catch(() => { });
+                throw writeError;
+            }
+            // Fetch optional files
+            const optionalFileScanner = options.skipScan
+                ? null
+                : new SecurityScanner(TRUST_TIER_SCANNER_OPTIONS[trustTier]);
+            const optionalFiles = ['README.md', 'examples.md', 'config.json'];
+            const configWarnings = [];
+            for (const file of optionalFiles) {
+                try {
+                    const content = await fetchFromGitHub(owner, repo, basePath + file, branch);
+                    if (optionalFileScanner) {
+                        const fileScan = optionalFileScanner.scan(skillId + '/' + file, content);
+                        if (!fileScan.passed)
+                            continue;
+                    }
+                    if (file === 'config.json') {
+                        const configCheck = validateOptionalConfig(content);
+                        if (!configCheck.valid)
+                            continue; // SMI-3870: skip invalid config
+                        configWarnings.push(...configCheck.warnings);
+                    }
+                    await safeWriteFile(path.join(installPath, file), content);
+                }
+                catch {
+                    // Optional files are fine to skip
+                }
+            }
+            // Update manifest
+            this.onProgress('manifest', 'Updating manifest');
+            await this.manifest.updateSafely((currentManifest) => ({
+                ...currentManifest,
+                installedSkills: {
+                    ...currentManifest.installedSkills,
+                    [skillName]: {
+                        id: skillId,
+                        name: skillName,
+                        version: '1.0.0',
+                        source: 'github:' + owner + '/' + repo,
+                        installPath,
+                        installedAt: new Date().toISOString(),
+                        lastUpdated: new Date().toISOString(),
+                        originalContentHash: contentHash, // hash of optimized content (post-applyOptimization)
+                    },
+                },
+            }));
+            if (this.coInstallRecorder) {
+                this.coInstallRecorder.recordSessionCoInstalls([...this.sessionInstalledSkillIds, skillId]);
+                this.sessionInstalledSkillIds.push(skillId);
+            }
+            // Persist dependency intelligence (best-effort)
+            const depIntel = extractDepIntel(skillMdContent);
+            try {
+                persistDependencies(this.skillDependencyRepo, skillId, skillMdContent, depIntel.dep_declared);
+            }
+            catch {
+                /* best-effort */
+            }
+            let quarantinedDeps; // SMI-3871
+            if (this.quarantineLookup) {
+                try {
+                    const dqResult = checkDepsAgainstQuarantine(depIntel, this.quarantineLookup);
+                    if (dqResult.quarantinedDeps.length > 0) {
+                        quarantinedDeps = dqResult.quarantinedDeps;
+                        depIntel.dep_warnings.push(...dqResult.warnings);
+                    }
+                }
+                catch {
+                    /* best-effort */
+                }
+            }
+            const trendWarnings = securityReport
+                ? collectTrendWarnings({
+                    historyRepo: this.riskHistoryRepo,
+                    skillId,
+                    scanReport: securityReport,
+                    contentHash,
+                })
+                : [];
+            recordAiDefenceFeedback({
+                feedback: this.aiDefenceFeedback,
+                skillMdContent,
+                scanReport: securityReport,
+                blocked: false,
+            });
+            this.onProgress('done', 'Installation complete');
+            const tips = generateTips(skillName, optimizationInfo);
+            tips.unshift(...trendWarnings);
+            tips.push(...configWarnings);
+            if (options.skipScan) {
+                tips.unshift('Security scan was skipped. This skill was not scanned for malicious content.');
+            }
+            if (contentHashMismatch) {
+                tips.unshift("Content has changed since Skillsmith last indexed this skill. This may mean the author updated it, or the content was modified. Review recent changes at the skill's repository before using.");
+            }
+            return {
+                success: true,
+                skillId,
+                installPath,
+                securityReport,
+                trustTier,
+                optimization: optimizationInfo,
+                depIntel,
+                contentHashMismatch,
+                quarantinedDeps,
+                tips,
+            };
+        }
+        catch (error) {
+            return {
+                success: false,
+                skillId,
+                installPath: '',
+                error: sanitizeInstallError(error),
+            };
+        }
+    }
+    async uninstall(skillName, options = {}) {
+        return performUninstall({
+            skillName,
+            force: options.force ?? false,
+            skillsDir: this.skillsDir,
+            manifest: this.manifest,
+            skillDependencyRepo: this.skillDependencyRepo,
+            onProgress: this.onProgress,
+        });
+    }
+}
+//# sourceMappingURL=skill-installation.service.js.map

package/dist/src/services/skill-installation.service.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"skill-installation.service.js","sourceRoot":"","sources":["../../../src/services/skill-installation.service.ts"],"names":[],"mappings":"AAAA,kGAAkG;AAClG,OAAO,KAAK,EAAE,MAAM,aAAa,CAAA;AACjC,OAAO,KAAK,IAAI,MAAM,MAAM,CAAA;AAC5B,OAAO,KAAK,EAAE,MAAM,IAAI,CAAA;AACxB,OAAO,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAA;AACtD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAA;AACnD,OAAO,EAAE,YAAY,EAAE,MAAM,wBAAwB,CAAA;AAMrD,OAAO,EACL,0BAA0B,GAU3B,MAAM,+BAA+B,CAAA;AACtC,OAAO,EAAE,uBAAuB,EAAE,oBAAoB,EAAE,MAAM,kCAAkC,CAAA;AAChG,OAAO,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAA;AACrD,OAAO,EACL,oBAAoB,EACpB,WAAW,EACX,eAAe,EACf,eAAe,EACf,YAAY,EACZ,eAAe,EACf,mBAAmB,EACnB,iBAAiB,EACjB,gBAAgB,EAChB,oBAAoB,EACpB,sBAAsB,EACtB,0BAA0B,GAC3B,MAAM,iCAAiC,CAAA;AACxC,MAAM,kBAAkB,GAAG,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,QAAQ,CAAC,CAAA;AACvE,MAAM,qBAAqB,GAAG,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,aAAa,EAAE,eAAe,CAAC,CAAA;AAerF,MAAM,OAAO,wBAAwB;IAClB,EAAE,CAAU;IACZ,SAAS,CAAiB;IAC1B,mBAAmB,CAA2B;IAC9C,SAAS,CAAQ;IACjB,QAAQ,CAAiB;IACzB,UAAU,CAAkB;IAC5B,cAAc,CAAiB;IAC/B,iBAAiB,CAAoB;IACrC,wBAAwB,CAAU;IAClC,gBAAgB,CAA+C;IAC/D,eAAe,CAA6B;IAC5C,iBAAiB,CAAoB;IACtD,YAAY,MAAsC;QAChD,IAAI,CAAC,EAAE,GAAG,MAAM,CAAC,EAAE,CAAA;QACnB,IAAI,CAAC,SAAS,GAAG,MAAM,CAAC,SAAS,CAAA;QACjC,IAAI,CAAC,mBAAmB,GAAG,MAAM,CAAC,mBAAmB,CAAA;QACrD,IAAI,CAAC,SAAS,GAAG,MAAM,CAAC,SAAS,IAAI,kBAAkB,CAAA;QACvD,IAAI,CAAC,QAAQ,GAAG,IAAI,eAAe,CAAC,MAAM,CAAC,YAAY,IAAI,qBAAqB,CAAC,CAAA;QACjF,IAAI,CAAC,UAAU,GAAG,MAAM,CAAC,UAAU,IAAI,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAA;QACjD,IAAI,CAAC,cAAc,GAAG,MAAM,CAAC,cAAc,CAAA;QAC3C,IAAI,CAAC,iBAAiB,GAAG,MAAM,CAAC,iBAAiB,CAAA;QACjD,IAAI,CAAC,gBAAgB,GAAG,MAAM,CAAC,gBAAgB,CAAA;QAC/C,IAAI,CAAC,eAAe,GAAG,MAAM,CAAC,eAAe,CAAA;QAC7C,IAAI,CAAC,iBAAiB,GAAG,MAAM,CAAC,iBAAiB,CAAA;QACjD,IAAI,CAAC,wBAAwB,GAAG,MAAM,CAAC,wBAAwB,IAAI,EAAE,CAAA;IACvE,CAAC;IACD,KAAK,CAAC,OAAO,CAAC,OAAe,EAAE,UAA0B,EAAE;QACzD,IAAI,SAAS,GAAc,SAAS,CAAA;QACpC,IAAI,CAAC;YACH,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,kBAAkB,CAAC,CAAA;YAC5C,MAAM,MAAM,GAAG,oBAAoB,CAAC,OAAO,CAAC,CAAA;YAC5C,IAAI,KAAa,CAAA;YACjB,IAAI,IAAY,CAAA;YAChB,IAAI,QAAgB,CAAA;YACpB,IAAI,SAAiB,CAAA;YACrB,IAAI,MAAM,GAAW,MAAM,CAAA;YAC3B,IAAI,YAAY,GAAG,KAAK,CAAA;YACxB,IAAI,kBAAsC,CAAA;YAC1C,IAAI,MAAM,CAAC,YAAY,EAAE,CAAC;gBACxB,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,CAAC;oBACzB,OAAO;wBACL,OAAO,EAAE,KAAK;wBACd,OAAO;wBACP,WAAW,EAAE,EAAE;wBACf,KAAK,EACH,iCAAiC;4BACjC,6EAA6E;qBAChF,CAAA;gBACH,CAAC;gBAED,IAAI,CAAC,UAAU,CAAC,QAAQ,EAAE,8BAA8B,CAAC,CAAA;gBACzD,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,OAAO,CAAC,CAAA;gBAC/D,IAAI,CAAC,aAAa,EAAE,CAAC;oBACnB,OAAO;wBACL,OAAO,EAAE,KAAK;wBACd,OAAO;wBACP,WAAW,EAAE,EAAE;wBACf,KAAK,EACH,SAAS;4BACT,OAAO;4BACP,mCAAmC;4BACnC,0DAA0D;4BAC1D,6DAA6D;wBAC/D,IAAI,EAAE;4BACJ,qFAAqF;4BACrF,qDAAqD;4BACrD,wEAAwE;yBACzE;qBACF,CAAA;gBACH,CAAC;gBACD,IAAI,aAAa,CAAC,WAAW,EAAE,CAAC;oBAC9B,OAAO;wBACL,OAAO,EAAE,KAAK;wBACd,OAAO;wBACP,WAAW,EAAE,EAAE;wBACf,KAAK,EACH,SAAS;4BACT,OAAO;4BACP,mDAAmD;4BACnD,sDAAsD;wBACxD,IAAI,EAAE;4BACJ,iFAAiF;4BACjF,4GAA4G;4BAC5G,qFAAqF;yBACtF;qBACF,CAAA;gBACH,CAAC;gBAED,MAAM,QAAQ,GAAG,YAAY,CAAC,aAAa,CAAC,OAAO,CAAC,CAAA;gBACpD,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAA;gBACtB,IAAI,GAAG,QAAQ,CAAC,IAAI,CAAA;gBACpB,QAAQ,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,GAAG,GAAG,CAAC,CAAC,CAAC,EAAE,CAAA;gBACnD,MAAM,GAAG,QAAQ,CAAC,MAAM,CAAA;gBACxB,SAAS,GAAG,aAAa,CAAC,IAAI,CAAA;gBAC9B,SAAS,GAAG,aAAa,CAAC,SAAS,CAAA;gBACnC,YAAY,GAAG,IAAI,CAAA;gBACnB,kBAAkB,GAAG,aAAa,CAAC,WAAW,CAAA;YAChD,CAAC;iBAAM,CAAC;gBACN,KAAK,GAAG,MAAM,CAAC,KAAK,CAAA;gBACpB,IAAI,GAAG,MAAM,CAAC,IAAI,CAAA;gBAClB,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,GAAG,GAAG,CAAC,CAAC,CAAC,EAAE,CAAA;gBAC/C,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAA;YAC7D,CAAC;YAED,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,SAAS,CAAC,CAAA;YACxD,IAAI,CAAC,UAAU,CAAC,UAAU,EAAE,mBAAmB,CAAC,CAAA;YAChD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAA;YAC3C,IAAI,QAAQ,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;gBAC1D,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,OAAO;oBACP,WAAW;oBACX,KAAK,EAAE,SAAS,GAAG,SAAS,GAAG,sDAAsD;iBACtF,CAAA;YACH,CAAC;YACD,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,+BAA+B,CAAC,CAAA;YACzD,MAAM,WAAW,GAAG,QAAQ,GAAG,UAAU,CAAA;YACzC,IAAI,cAAsB,CAAA;YAC1B,IAAI,CAAC;gBACH,cAAc,GAAG,MAAM,eAAe,CAAC,KAAK,EAAE,IAAI,EAAE,WAAW,EAAE,MAAM,CAAC,CAAA;YAC1E,CAAC;YAAC,MAAM,CAAC;gBACP,MAAM,OAAO,GAAG,qBAAqB,GAAG,KAAK,GAAG,GAAG,GAAG,IAAI,CAAA;gBAC1D,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,OAAO;oBACP,WAAW;oBACX,KAAK,EAAE,YAAY;wBACjB,CAAC,CAAC,qHAAqH;4BACrH,CAAC,QAAQ,IAAI,iBAAiB,CAAC;4BAC/B,mIAAmI;4BACnI,OAAO;wBACT,CAAC,CAAC,6BAA6B;4BAC7B,CAAC,QAAQ,IAAI,iBAAiB,CAAC;4BAC/B,0FAA0F;4BAC1F,OAAO;oBACX,IAAI,EAAE,YAAY;wBAChB,CAAC,CAAC;4BACE,gEAAgE;4BAChE,gFAAgF;yBACjF;wBACH,CAAC,CAAC;4BACE,kEAAkE;4BAClE,gCAAgC,GAAG,OAAO;yBAC3C;iBACN,CAAA;YACH,CAAC;YACD,IAAI,CAAC,UAAU,CAAC,UAAU,EAAE,qBAAqB,CAAC,CAAA;YAClD,MAAM,UAAU,GAAG,eAAe,CAAC,cAAc,CAAC,CAAA;YAClD,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,CAAC;gBACtB,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,OAAO;oBACP,WAAW;oBACX,KAAK,EAAE,oBAAoB,GAAG,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC;oBAC1D,IAAI,EAAE;wBACJ,sEAAsE;wBACtE,yCAAyC;qBAC1C;iBACF,CAAA;YACH,CAAC;YAED,MAAM,mBAAmB,GAAG,WAAW;aACrC,kBAAkB,IAAI,IAAI,CAAC,CAAC,CAAC,WAAW,CAAC,cAAc,CAAC,KAAK,kBAAkB,CAAC,CAAC,CAAC,KAAK,CAAA;YACzF,kEAAkE;YAClE,IAAI,OAAO,CAAC,QAAQ,IAAI,CAAC,SAAS,KAAK,cAAc,IAAI,SAAS,KAAK,SAAS,CAAC,EAAE,CAAC;gBAClF,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,OAAO;oBACP,WAAW,EAAE,EAAE;oBACf,KAAK,EACH,gCAAgC;wBAChC,SAAS;wBACT,gBAAgB;wBAChB,4EAA4E;oBAC9E,IAAI,EAAE;wBACJ,cAAc,GAAG,SAAS,GAAG,gDAAgD;wBAC7E,iFAAiF;qBAClF;iBACF,CAAA;YACH,CAAC;YACD,IAAI,cAA+C,CAAA;YACnD,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC;gBACtB,IAAI,CAAC,UAAU,CAAC,MAAM,EAAE,uBAAuB,CAAC,CAAA;gBAChD,MAAM,cAAc,GAAG,0BAA0B,CAAC,SAAS,CAAC,CAAA;gBAC5D,MAAM,OAAO,GAAG,IAAI,eAAe,CAAC,cAAc,CAAC,CAAA;gBACnD,cAAc,GAAG,OAAO,CAAC,IAAI,CAAC,OAAO,EAAE,cAAc,CAAC,CAAA;gBAEtD,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,CAAC;oBAC3B,uBAAuB,CAAC;wBACtB,QAAQ,EAAE,IAAI,CAAC,iBAAiB;wBAChC,cAAc;wBACd,UAAU,EAAE,cAAc;wBAC1B,OAAO,EAAE,IAAI;qBACd,CAAC,CAAA;oBACF,MAAM,gBAAgB,GAAG,cAAc,CAAC,QAAQ,CAAC,MAAM,CACrD,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,IAAI,CAAC,CAAC,QAAQ,KAAK,MAAM,CAC1D,CAAA;oBACD,MAAM,WAAW,GACf,SAAS,KAAK,SAAS;wBACrB,CAAC,CAAC,uDAAuD;wBACzD,CAAC,CAAC,SAAS,KAAK,cAAc;4BAC5B,CAAC,CAAC,qDAAqD;4BACvD,CAAC,CAAC,EAAE,CAAA;oBAEV,OAAO;wBACL,OAAO,EAAE,KAAK;wBACd,OAAO;wBACP,WAAW;wBACX,cAAc;wBACd,SAAS;wBACT,KAAK,EACH,4BAA4B;4BAC5B,gBAAgB,CAAC,MAAM;4BACvB,yBAAyB;4BACzB,WAAW;4BACX,CAAC,SAAS,KAAK,cAAc,IAAI,SAAS,KAAK,SAAS;gCACtD,CAAC,CAAC,kCAAkC,GAAG,SAAS,GAAG,eAAe;gCAClE,CAAC,CAAC,oDAAoD,CAAC;wBAC3D,IAAI,EAAE;4BACJ,cAAc,GAAG,SAAS,GAAG,eAAe,GAAG,cAAc,CAAC,aAAa,GAAG,GAAG;4BACjF,cAAc,GAAG,cAAc,CAAC,SAAS;yBAC1C;qBACF,CAAA;gBACH,CAAC;YACH,CAAC;YAED,mFAAmF;YACnF,MAAM,iBAAiB,GACrB,YAAY;gBACZ,CAAC,SAAS,KAAK,cAAc,IAAI,SAAS,KAAK,SAAS,CAAC;gBACzD,CAAC,OAAO,CAAC,SAAS,CAAA;YACpB,IAAI,iBAAiB,EAAE,CAAC;gBACtB,MAAM,QAAQ,GAAG,cAAc;oBAC7B,CAAC,CAAC,cAAc,CAAC,MAAM;wBACrB,CAAC,CAAC,SAAS,GAAG,sCAAsC;wBACpD,CAAC,CAAC,gCAAgC;oBACpC,CAAC,CAAC,iCAAiC,CAAA;gBACrC,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,OAAO;oBACP,WAAW;oBACX,cAAc;oBACd,SAAS;oBACT,oBAAoB,EAAE,IAAI;oBAC1B,kBAAkB,EAChB,aAAa;wBACb,SAAS;wBACT,eAAe;wBACf,QAAQ;wBACR,yCAAyC;oBAC3C,IAAI,EAAE,CAAC,cAAc,GAAG,SAAS,EAAE,iDAAiD,CAAC;iBACtF,CAAA;YACH,CAAC;YACD,IAAI,CAAC,UAAU,CAAC,UAAU,EAAE,uBAAuB,CAAC,CAAA;YACpD,MAAM,cAAc,GAAG,OAAO,CAAC,YAAY;gBACzC,CAAC,CAAC;oBACE,iBAAiB,EAAE,cAAc;oBACjC,aAAa,EAAE,EAAkD;oBACjE,eAAe,EAAE,SAA+B;oBAChD,eAAe,EAAE,SAA+B;oBAChD,gBAAgB,EAAE,EAAE,SAAS,EAAE,KAAc,EAAE;iBAChD;gBACH,CAAC,CAAC,MAAM,iBAAiB,CAAC,IAAI,CAAC,EAAE,EAAE,OAAO,EAAE,SAAS,EAAE,cAAc,CAAC,CAAA;YAExE,MAAM,EAAE,iBAAiB,EAAE,aAAa,EAAE,eAAe,EAAE,gBAAgB,EAAE,GAAG,cAAc,CAAA;YAC9F,MAAM,WAAW,GAAG,WAAW,CAAC,iBAAiB,CAAC,CAAA;YAClD,cAAc;YACd,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,qBAAqB,CAAC,CAAA;YAC/C,MAAM,YAAY,GAAa,EAAE,CAAA;YACjC,IAAI,CAAC;gBACH,MAAM,EAAE,CAAC,KAAK,CAAC,WAAW,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAA;gBAChD,6CAA6C;gBAC7C,MAAM,eAAe,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAA;gBACtD,MAAM,cAAc,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,CAAA;gBACnD,IACE,CAAC,eAAe,CAAC,UAAU,CAAC,cAAc,GAAG,IAAI,CAAC,GAAG,CAAC;oBACtD,eAAe,KAAK,cAAc,EAClC,CAAC;oBACD,MAAM,IAAI,KAAK,CAAC,yCAAyC,GAAG,WAAW,CAAC,CAAA;gBAC1E,CAAC;gBAED,MAAM,aAAa,GAAG,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,UAAU,CAAC,CAAA;gBACxD,MAAM,aAAa,CAAC,aAAa,EAAE,iBAAiB,CAAC,CAAA;gBACrD,YAAY,CAAC,IAAI,CAAC,aAAa,CAAC,CAAA;gBAChC,+BAA+B;gBAC/B,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBAC7B,MAAM,OAAO,CAAC,GAAG,CACf,aAAa,CAAC,GAAG,CAAC,KAAK,EAAE,QAAQ,EAAE,EAAE;wBACnC,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,QAAQ,CAAC,QAAQ,CAAC,CAAA;wBACzD,MAAM,aAAa,CAAC,OAAO,EAAE,QAAQ,CAAC,OAAO,CAAC,CAAA;wBAC9C,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;oBAC5B,CAAC,CAAC,CACH,CAAA;gBACH,CAAC;gBACD,wCAAwC;gBACxC,IAAI,eAAe,EAAE,CAAC;oBACpB,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,QAAQ,CAAC,CAAA;oBAC9D,MAAM,EAAE,CAAC,KAAK,CAAC,SAAS,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAA;oBAC9C,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,SAAS,GAAG,gBAAgB,CAAC,CAAA;oBACvE,MAAM,aAAa,CAAC,YAAY,EAAE,eAAe,CAAC,CAAA;oBAClD,YAAY,CAAC,IAAI,CAAC,YAAY,CAAC,CAAA;oBAC/B,gBAAgB,CAAC,YAAY,GAAG,YAAY,CAAA;gBAC9C,CAAC;YACH,CAAC;YAAC,OAAO,UAAU,EAAE,CAAC;gBACpB,sBAAsB;gBACtB,KAAK,MAAM,QAAQ,IAAI,YAAY,EAAE,CAAC;oBACpC,MAAM,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAA;gBAC3C,CAAC;gBACD,MAAM,EAAE,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAA;gBAC3C,MAAM,UAAU,CAAA;YAClB,CAAC;YAED,uBAAuB;YACvB,MAAM,mBAAmB,GAAG,OAAO,CAAC,QAAQ;gBAC1C,CAAC,CAAC,IAAI;gBACN,CAAC,CAAC,IAAI,eAAe,CAAC,0BAA0B,CAAC,SAAS,CAAC,CAAC,CAAA;YAC9D,MAAM,aAAa,GAAG,CAAC,WAAW,EAAE,aAAa,EAAE,aAAa,CAAC,CAAA;YACjE,MAAM,cAAc,GAAa,EAAE,CAAA;YACnC,KAAK,MAAM,IAAI,IAAI,aAAa,EAAE,CAAC;gBACjC,IAAI,CAAC;oBACH,MAAM,OAAO,GAAG,MAAM,eAAe,CAAC,KAAK,EAAE,IAAI,EAAE,QAAQ,GAAG,IAAI,EAAE,MAAM,CAAC,CAAA;oBAC3E,IAAI,mBAAmB,EAAE,CAAC;wBACxB,MAAM,QAAQ,GAAG,mBAAmB,CAAC,IAAI,CAAC,OAAO,GAAG,GAAG,GAAG,IAAI,EAAE,OAAO,CAAC,CAAA;wBACxE,IAAI,CAAC,QAAQ,CAAC,MAAM;4BAAE,SAAQ;oBAChC,CAAC;oBACD,IAAI,IAAI,KAAK,aAAa,EAAE,CAAC;wBAC3B,MAAM,WAAW,GAAG,sBAAsB,CAAC,OAAO,CAAC,CAAA;wBACnD,IAAI,CAAC,WAAW,CAAC,KAAK;4BAAE,SAAQ,CAAC,gCAAgC;wBACjE,cAAc,CAAC,IAAI,CAAC,GAAG,WAAW,CAAC,QAAQ,CAAC,CAAA;oBAC9C,CAAC;oBACD,MAAM,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,IAAI,CAAC,EAAE,OAAO,CAAC,CAAA;gBAC5D,CAAC;gBAAC,MAAM,CAAC;oBACP,kCAAkC;gBACpC,CAAC;YACH,CAAC;YAED,kBAAkB;YAClB,IAAI,CAAC,UAAU,CAAC,UAAU,EAAE,mBAAmB,CAAC,CAAA;YAChD,MAAM,IAAI,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC,eAAe,EAAE,EAAE,CAAC,CAAC;gBACrD,GAAG,eAAe;gBAClB,eAAe,EAAE;oBACf,GAAG,eAAe,CAAC,eAAe;oBAClC,CAAC,SAAS,CAAC,EAAE;wBACX,EAAE,EAAE,OAAO;wBACX,IAAI,EAAE,SAAS;wBACf,OAAO,EAAE,OAAO;wBAChB,MAAM,EAAE,SAAS,GAAG,KAAK,GAAG,GAAG,GAAG,IAAI;wBACtC,WAAW;wBACX,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;wBACrC,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;wBACrC,mBAAmB,EAAE,WAAW,EAAE,qDAAqD;qBACxF;iBACF;aACF,CAAC,CAAC,CAAA;YACH,IAAI,IAAI,CAAC,iBAAiB,EAAE,CAAC;gBAC3B,IAAI,CAAC,iBAAiB,CAAC,uBAAuB,CAAC,CAAC,GAAG,IAAI,CAAC,wBAAwB,EAAE,OAAO,CAAC,CAAC,CAAA;gBAC3F,IAAI,CAAC,wBAAwB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;YAC7C,CAAC;YACD,gDAAgD;YAChD,MAAM,QAAQ,GAAG,eAAe,CAAC,cAAc,CAAC,CAAA;YAChD,IAAI,CAAC;gBACH,mBAAmB,CACjB,IAAI,CAAC,mBAAmB,EACxB,OAAO,EACP,cAAc,EACd,QAAQ,CAAC,YAAY,CACtB,CAAA;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,iBAAiB;YACnB,CAAC;YACD,IAAI,eAAqC,CAAA,CAAC,WAAW;YACrD,IAAI,IAAI,CAAC,gBAAgB,EAAE,CAAC;gBAC1B,IAAI,CAAC;oBACH,MAAM,QAAQ,GAAG,0BAA0B,CAAC,QAAQ,EAAE,IAAI,CAAC,gBAAgB,CAAC,CAAA;oBAC5E,IAAI,QAAQ,CAAC,eAAe,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;wBACxC,eAAe,GAAG,QAAQ,CAAC,eAAe,CAAA;wBAC1C,QAAQ,CAAC,YAAY,CAAC,IAAI,CAAC,GAAG,QAAQ,CAAC,QAAQ,CAAC,CAAA;oBAClD,CAAC;gBACH,CAAC;gBAAC,MAAM,CAAC;oBACP,iBAAiB;gBACnB,CAAC;YACH,CAAC;YACD,MAAM,aAAa,GAAG,cAAc;gBAClC,CAAC,CAAC,oBAAoB,CAAC;oBACnB,WAAW,EAAE,IAAI,CAAC,eAAe;oBACjC,OAAO;oBACP,UAAU,EAAE,cAAc;oBAC1B,WAAW;iBACZ,CAAC;gBACJ,CAAC,CAAC,EAAE,CAAA;YACN,uBAAuB,CAAC;gBACtB,QAAQ,EAAE,IAAI,CAAC,iBAAiB;gBAChC,cAAc;gBACd,UAAU,EAAE,cAAc;gBAC1B,OAAO,EAAE,KAAK;aACf,CAAC,CAAA;YACF,IAAI,CAAC,UAAU,CAAC,MAAM,EAAE,uBAAuB,CAAC,CAAA;YAChD,MAAM,IAAI,GAAG,YAAY,CAAC,SAAS,EAAE,gBAAgB,CAAC,CAAA;YACtD,IAAI,CAAC,OAAO,CAAC,GAAG,aAAa,CAAC,CAAA;YAC9B,IAAI,CAAC,IAAI,CAAC,GAAG,cAAc,CAAC,CAAA;YAC5B,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;gBACrB,IAAI,CAAC,OAAO,CAAC,8EAA8E,CAAC,CAAA;YAC9F,CAAC;YACD,IAAI,mBAAmB,EAAE,CAAC;gBACxB,IAAI,CAAC,OAAO,CACV,+LAA+L,CAChM,CAAA;YACH,CAAC;YAED,OAAO;gBACL,OAAO,EAAE,IAAI;gBACb,OAAO;gBACP,WAAW;gBACX,cAAc;gBACd,SAAS;gBACT,YAAY,EAAE,gBAAgB;gBAC9B,QAAQ;gBACR,mBAAmB;gBACnB,eAAe;gBACf,IAAI;aACL,CAAA;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,OAAO;gBACP,WAAW,EAAE,EAAE;gBACf,KAAK,EAAE,oBAAoB,CAAC,KAAK,CAAC;aACnC,CAAA;QACH,CAAC;IACH,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,SAAiB,EAAE,UAA4B,EAAE;QAC/D,OAAO,gBAAgB,CAAC;YACtB,SAAS;YACT,KAAK,EAAE,OAAO,CAAC,KAAK,IAAI,KAAK;YAC7B,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,mBAAmB,EAAE,IAAI,CAAC,mBAAmB;YAC7C,UAAU,EAAE,IAAI,CAAC,UAAU;SAC5B,CAAC,CAAA;IACJ,CAAC;CACF"}

package/dist/src/services/skill-installation.types.d.ts ADDED Viewed

@@ -0,0 +1,166 @@
+/**
+ * @fileoverview Types for SkillInstallationService
+ * @module @skillsmith/core/services/skill-installation.types
+ * @see SMI-3483: Wave 0 — Extract SkillInstallationService into core
+ *
+ * Shared types consumed by both mcp-server and CLI for install/uninstall operations.
+ */
+import type { ScanReport, ScannerOptions } from '../security/index.js';
+import type { TrustTier } from '../types/skill.js';
+import type { DependencyDeclaration } from '../types/dependencies.js';
+/**
+ * Callback invoked during install/uninstall to report progress.
+ * CLI wires this to an `ora` spinner; mcp-server wires to MCP notifications.
+ */
+export type ProgressCallback = (stage: string, detail: string) => void;
+/** Action to take when a conflict is detected during skill update */
+export type ConflictAction = 'overwrite' | 'merge' | 'cancel';
+/** Options for the install operation */
+export interface InstallOptions {
+    /** Force reinstall if the skill already exists */
+    force?: boolean;
+    /** Skip security scan (not recommended) */
+    skipScan?: boolean;
+    /** Skip Skillsmith optimization (decomposition, subagent generation) */
+    skipOptimize?: boolean;
+    /** Action to take when local modifications are detected */
+    conflictAction?: ConflictAction;
+    /** SMI-3863: User has confirmed they want to install despite security warnings */
+    confirmed?: boolean;
+}
+/** Dependency intelligence result from an install */
+export interface DepIntelResult {
+    /** Inferred MCP server names from skill content */
+    dep_inferred_servers: string[];
+    /** Declared dependency block from frontmatter (if present) */
+    dep_declared: DependencyDeclaration | undefined;
+    /** Warnings about MCP servers referenced but not configured */
+    dep_warnings: string[];
+}
+/** Optimization metadata included in install result */
+export interface OptimizationInfo {
+    /** Whether skill was optimized */
+    optimized: boolean;
+    /** Sub-skills created (filenames) */
+    subSkills?: string[];
+    /** Whether companion subagent was generated */
+    subagentGenerated?: boolean;
+    /** Path to generated subagent (if any) */
+    subagentPath?: string;
+    /** Estimated token reduction percentage */
+    tokenReductionPercent?: number;
+    /** Original line count */
+    originalLines?: number;
+    /** Optimized line count */
+    optimizedLines?: number;
+}
+/** Result of an install operation */
+export interface InstallResult {
+    success: boolean;
+    skillId: string;
+    installPath: string;
+    securityReport?: ScanReport;
+    tips?: string[];
+    error?: string;
+    /** Trust tier used for security scanning */
+    trustTier?: TrustTier;
+    /** Optimization info (Skillsmith Optimization Layer) */
+    optimization?: OptimizationInfo;
+    /** Path to backup file created during conflict resolution */
+    backupPath?: string;
+    /** Dependency intelligence extracted during install */
+    depIntel?: DepIntelResult;
+    /** Whether fetched content hash differs from indexed content hash */
+    contentHashMismatch?: boolean;
+    /** SMI-3864: Computed quality score (0-1) */
+    qualityScore?: number;
+    /** SMI-3863: True when the skill requires user confirmation before install */
+    requiresConfirmation?: boolean;
+    /** SMI-3863: Human-readable reason why confirmation is needed */
+    confirmationReason?: string;
+    /** SMI-3871: Dependency identifiers that are quarantined */
+    quarantinedDeps?: string[];
+}
+/** SMI-3871: Quarantine status for dependency cross-check. */
+export type QuarantineStatus = 'pending' | 'rejected';
+export interface AiDefenceFeedback {
+    recordFeedback(params: {
+        input: string;
+        wasAccurate: boolean;
+        verdict: string;
+        threatType?: string;
+        mitigation?: 'block' | 'warn' | 'log';
+        mitigationSuccess?: boolean;
+    }): Promise<void>;
+}
+/** Options for the uninstall operation */
+export interface UninstallOptions {
+    /** Force removal even if skill has been modified since installation */
+    force?: boolean;
+}
+/** Result of an uninstall operation */
+export interface UninstallResult {
+    success: boolean;
+    skillName: string;
+    message: string;
+    removedPath?: string;
+    warning?: string;
+}
+/** Entry for a single installed skill in the manifest */
+export interface SkillManifestEntry {
+    id: string;
+    name: string;
+    version: string;
+    source: string;
+    /**
+     * Absolute path where the skill is installed.
+     * Required by type, but runtime JSON may omit it -- consumers must guard.
+     */
+    installPath: string;
+    installedAt: string;
+    lastUpdated: string;
+    /** SHA-256 hash of SKILL.md at install time for modification detection */
+    originalContentHash?: string;
+    /** SHA-256 hash of the content at last update */
+    contentHash?: string;
+    /** Pinned semver */
+    pinnedVersion?: string;
+    /** How updates are handled */
+    updatePolicy?: 'auto' | 'manual' | 'never';
+}
+/** Manifest tracking all installed skills */
+export interface SkillManifest {
+    version: string;
+    installedSkills: Record<string, SkillManifestEntry>;
+}
+/** Result from a registry skill lookup */
+export interface RegistrySkillInfo {
+    repoUrl: string;
+    name: string;
+    trustTier: TrustTier;
+    /** Whether the skill has been quarantined */
+    quarantined?: boolean;
+    /** SHA-256 hash of SKILL.md at index time for tamper detection */
+    contentHash?: string;
+}
+/**
+ * Abstraction for looking up skills in the registry.
+ * mcp-server provides the API-first implementation; CLI may provide a simpler one.
+ */
+export interface RegistryLookup {
+    /**
+     * Look up a skill by its ID (e.g. "author/name" or UUID).
+     * Returns null if the skill is not found or has no installation source.
+     */
+    lookup(skillId: string): Promise<RegistrySkillInfo | null>;
+}
+/**
+ * Abstraction for recording co-install sessions.
+ * mcp-server provides the real implementation; CLI may skip or stub this.
+ */
+export interface CoInstallRecorder {
+    recordSessionCoInstalls(skillIds: string[]): void;
+}
+/** Security scan configuration per trust tier */
+export declare const TRUST_TIER_SCANNER_OPTIONS: Record<TrustTier, ScannerOptions>;
+//# sourceMappingURL=skill-installation.types.d.ts.map

package/dist/src/services/skill-installation.types.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"skill-installation.types.d.ts","sourceRoot":"","sources":["../../../src/services/skill-installation.types.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,UAAU,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAA;AACtE,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAA;AAClD,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,0BAA0B,CAAA;AAMrE;;;GAGG;AACH,MAAM,MAAM,gBAAgB,GAAG,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,KAAK,IAAI,CAAA;AAMtE,qEAAqE;AACrE,MAAM,MAAM,cAAc,GAAG,WAAW,GAAG,OAAO,GAAG,QAAQ,CAAA;AAE7D,wCAAwC;AACxC,MAAM,WAAW,cAAc;IAC7B,kDAAkD;IAClD,KAAK,CAAC,EAAE,OAAO,CAAA;IACf,2CAA2C;IAC3C,QAAQ,CAAC,EAAE,OAAO,CAAA;IAClB,wEAAwE;IACxE,YAAY,CAAC,EAAE,OAAO,CAAA;IACtB,2DAA2D;IAC3D,cAAc,CAAC,EAAE,cAAc,CAAA;IAC/B,kFAAkF;IAClF,SAAS,CAAC,EAAE,OAAO,CAAA;CACpB;AAED,qDAAqD;AACrD,MAAM,WAAW,cAAc;IAC7B,mDAAmD;IACnD,oBAAoB,EAAE,MAAM,EAAE,CAAA;IAC9B,8DAA8D;IAC9D,YAAY,EAAE,qBAAqB,GAAG,SAAS,CAAA;IAC/C,+DAA+D;IAC/D,YAAY,EAAE,MAAM,EAAE,CAAA;CACvB;AAED,uDAAuD;AACvD,MAAM,WAAW,gBAAgB;IAC/B,kCAAkC;IAClC,SAAS,EAAE,OAAO,CAAA;IAClB,qCAAqC;IACrC,SAAS,CAAC,EAAE,MAAM,EAAE,CAAA;IACpB,+CAA+C;IAC/C,iBAAiB,CAAC,EAAE,OAAO,CAAA;IAC3B,0CAA0C;IAC1C,YAAY,CAAC,EAAE,MAAM,CAAA;IACrB,2CAA2C;IAC3C,qBAAqB,CAAC,EAAE,MAAM,CAAA;IAC9B,0BAA0B;IAC1B,aAAa,CAAC,EAAE,MAAM,CAAA;IACtB,2BAA2B;IAC3B,cAAc,CAAC,EAAE,MAAM,CAAA;CACxB;AAED,qCAAqC;AACrC,MAAM,WAAW,aAAa;IAC5B,OAAO,EAAE,OAAO,CAAA;IAChB,OAAO,EAAE,MAAM,CAAA;IACf,WAAW,EAAE,MAAM,CAAA;IACnB,cAAc,CAAC,EAAE,UAAU,CAAA;IAC3B,IAAI,CAAC,EAAE,MAAM,EAAE,CAAA;IACf,KAAK,CAAC,EAAE,MAAM,CAAA;IACd,4CAA4C;IAC5C,SAAS,CAAC,EAAE,SAAS,CAAA;IACrB,wDAAwD;IACxD,YAAY,CAAC,EAAE,gBAAgB,CAAA;IAC/B,6DAA6D;IAC7D,UAAU,CAAC,EAAE,MAAM,CAAA;IACnB,uDAAuD;IACvD,QAAQ,CAAC,EAAE,cAAc,CAAA;IACzB,qEAAqE;IACrE,mBAAmB,CAAC,EAAE,OAAO,CAAA;IAC7B,6CAA6C;IAC7C,YAAY,CAAC,EAAE,MAAM,CAAA;IACrB,8EAA8E;IAC9E,oBAAoB,CAAC,EAAE,OAAO,CAAA;IAC9B,iEAAiE;IACjE,kBAAkB,CAAC,EAAE,MAAM,CAAA;IAC3B,4DAA4D;IAC5D,eAAe,CAAC,EAAE,MAAM,EAAE,CAAA;CAC3B;AAED,8DAA8D;AAC9D,MAAM,MAAM,gBAAgB,GAAG,SAAS,GAAG,UAAU,CAAA;AAErD,MAAM,WAAW,iBAAiB;IAChC,cAAc,CAAC,MAAM,EAAE;QACrB,KAAK,EAAE,MAAM,CAAA;QACb,WAAW,EAAE,OAAO,CAAA;QACpB,OAAO,EAAE,MAAM,CAAA;QACf,UAAU,CAAC,EAAE,MAAM,CAAA;QACnB,UAAU,CAAC,EAAE,OAAO,GAAG,MAAM,GAAG,KAAK,CAAA;QACrC,iBAAiB,CAAC,EAAE,OAAO,CAAA;KAC5B,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;CAClB;AAMD,0CAA0C;AAC1C,MAAM,WAAW,gBAAgB;IAC/B,uEAAuE;IACvE,KAAK,CAAC,EAAE,OAAO,CAAA;CAChB;AAED,uCAAuC;AACvC,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,OAAO,CAAA;IAChB,SAAS,EAAE,MAAM,CAAA;IACjB,OAAO,EAAE,MAAM,CAAA;IACf,WAAW,CAAC,EAAE,MAAM,CAAA;IACpB,OAAO,CAAC,EAAE,MAAM,CAAA;CACjB;AAMD,yDAAyD;AACzD,MAAM,WAAW,kBAAkB;IACjC,EAAE,EAAE,MAAM,CAAA;IACV,IAAI,EAAE,MAAM,CAAA;IACZ,OAAO,EAAE,MAAM,CAAA;IACf,MAAM,EAAE,MAAM,CAAA;IACd;;;OAGG;IACH,WAAW,EAAE,MAAM,CAAA;IACnB,WAAW,EAAE,MAAM,CAAA;IACnB,WAAW,EAAE,MAAM,CAAA;IACnB,0EAA0E;IAC1E,mBAAmB,CAAC,EAAE,MAAM,CAAA;IAC5B,iDAAiD;IACjD,WAAW,CAAC,EAAE,MAAM,CAAA;IACpB,oBAAoB;IACpB,aAAa,CAAC,EAAE,MAAM,CAAA;IACtB,8BAA8B;IAC9B,YAAY,CAAC,EAAE,MAAM,GAAG,QAAQ,GAAG,OAAO,CAAA;CAC3C;AAED,6CAA6C;AAC7C,MAAM,WAAW,aAAa;IAC5B,OAAO,EAAE,MAAM,CAAA;IACf,eAAe,EAAE,MAAM,CAAC,MAAM,EAAE,kBAAkB,CAAC,CAAA;CACpD;AAMD,0CAA0C;AAC1C,MAAM,WAAW,iBAAiB;IAChC,OAAO,EAAE,MAAM,CAAA;IACf,IAAI,EAAE,MAAM,CAAA;IACZ,SAAS,EAAE,SAAS,CAAA;IACpB,6CAA6C;IAC7C,WAAW,CAAC,EAAE,OAAO,CAAA;IACrB,kEAAkE;IAClE,WAAW,CAAC,EAAE,MAAM,CAAA;CACrB;AAED;;;GAGG;AACH,MAAM,WAAW,cAAc;IAC7B;;;OAGG;IACH,MAAM,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,iBAAiB,GAAG,IAAI,CAAC,CAAA;CAC3D;AAED;;;GAGG;AACH,MAAM,WAAW,iBAAiB;IAChC,uBAAuB,CAAC,QAAQ,EAAE,MAAM,EAAE,GAAG,IAAI,CAAA;CAClD;AAMD,iDAAiD;AACjD,eAAO,MAAM,0BAA0B,EAAE,MAAM,CAAC,SAAS,EAAE,cAAc,CAyBxE,CAAA"}

package/dist/src/services/skill-installation.types.js ADDED Viewed

@@ -0,0 +1,38 @@
+/**
+ * @fileoverview Types for SkillInstallationService
+ * @module @skillsmith/core/services/skill-installation.types
+ * @see SMI-3483: Wave 0 — Extract SkillInstallationService into core
+ *
+ * Shared types consumed by both mcp-server and CLI for install/uninstall operations.
+ */
+// ============================================================================
+// Scanner Config
+// ============================================================================
+/** Security scan configuration per trust tier */
+export const TRUST_TIER_SCANNER_OPTIONS = {
+    verified: {
+        riskThreshold: 70,
+        maxContentLength: 2_000_000,
+    },
+    curated: {
+        riskThreshold: 60,
+        maxContentLength: 2_000_000,
+    },
+    community: {
+        riskThreshold: 40,
+        maxContentLength: 1_000_000,
+    },
+    local: {
+        riskThreshold: 100,
+        maxContentLength: 10_000_000,
+    },
+    experimental: {
+        riskThreshold: 25,
+        maxContentLength: 500_000,
+    },
+    unknown: {
+        riskThreshold: 20,
+        maxContentLength: 250_000,
+    },
+};
+//# sourceMappingURL=skill-installation.types.js.map