npm - @skillsmith/mcp-server - Versions diffs - 0.3.3 → 0.3.5 - Mend

@skillsmith/mcp-server 0.3.3 → 0.3.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (261) hide show

package/README.md +5 -3
package/dist/.tsbuildinfo +1 -1
package/dist/src/__tests__/LocalIndexer.test.d.ts +5 -0
package/dist/src/__tests__/LocalIndexer.test.d.ts.map +1 -0
package/dist/src/__tests__/LocalIndexer.test.js +396 -0
package/dist/src/__tests__/LocalIndexer.test.js.map +1 -0
package/dist/src/__tests__/context.test.d.ts +10 -0
package/dist/src/__tests__/context.test.d.ts.map +1 -0
package/dist/src/__tests__/context.test.js +345 -0
package/dist/src/__tests__/context.test.js.map +1 -0
package/dist/src/__tests__/get-skill.test.d.ts +1 -0
package/dist/src/__tests__/get-skill.test.d.ts.map +1 -1
package/dist/src/__tests__/get-skill.test.js +279 -0
package/dist/src/__tests__/get-skill.test.js.map +1 -1
package/dist/src/__tests__/index-local.test.d.ts +5 -0
package/dist/src/__tests__/index-local.test.d.ts.map +1 -0
package/dist/src/__tests__/index-local.test.js +203 -0
package/dist/src/__tests__/index-local.test.js.map +1 -0
package/dist/src/__tests__/middleware/license.test.js +180 -78
package/dist/src/__tests__/middleware/license.test.js.map +1 -1
package/dist/src/__tests__/recommend.test.d.ts +7 -0
package/dist/src/__tests__/recommend.test.d.ts.map +1 -0
package/dist/src/__tests__/recommend.test.js +277 -0
package/dist/src/__tests__/recommend.test.js.map +1 -0
package/dist/src/__tests__/search.test.js +140 -1
package/dist/src/__tests__/search.test.js.map +1 -1
package/dist/src/__tests__/utils/validation.test.d.ts +7 -0
package/dist/src/__tests__/utils/validation.test.d.ts.map +1 -0
package/dist/src/__tests__/utils/validation.test.js +82 -0
package/dist/src/__tests__/utils/validation.test.js.map +1 -0
package/dist/src/context.d.ts +22 -0
package/dist/src/context.d.ts.map +1 -1
package/dist/src/context.js +63 -9
package/dist/src/context.js.map +1 -1
package/dist/src/index.js +15 -1
package/dist/src/index.js.map +1 -1
package/dist/src/indexer/FrontmatterParser.d.ts +30 -0
package/dist/src/indexer/FrontmatterParser.d.ts.map +1 -0
package/dist/src/indexer/FrontmatterParser.js +109 -0
package/dist/src/indexer/FrontmatterParser.js.map +1 -0
package/dist/src/indexer/LocalIndexer.d.ts +136 -0
package/dist/src/indexer/LocalIndexer.d.ts.map +1 -0
package/dist/src/indexer/LocalIndexer.js +271 -0
package/dist/src/indexer/LocalIndexer.js.map +1 -0
package/dist/src/indexer/index.d.ts +8 -0
package/dist/src/indexer/index.d.ts.map +1 -0
package/dist/src/indexer/index.js +8 -0
package/dist/src/indexer/index.js.map +1 -0
package/dist/src/llm/failover.d.ts +210 -0
package/dist/src/llm/failover.d.ts.map +1 -0
package/dist/src/llm/failover.js +329 -0
package/dist/src/llm/failover.js.map +1 -0
package/dist/src/middleware/errorFormatter.d.ts +27 -0
package/dist/src/middleware/errorFormatter.d.ts.map +1 -1
package/dist/src/middleware/errorFormatter.js +95 -0
package/dist/src/middleware/errorFormatter.js.map +1 -1
package/dist/src/middleware/index.d.ts +1 -1
package/dist/src/middleware/index.d.ts.map +1 -1
package/dist/src/middleware/index.js.map +1 -1
package/dist/src/middleware/license.d.ts +5 -0
package/dist/src/middleware/license.d.ts.map +1 -1
package/dist/src/middleware/license.js +2 -1
package/dist/src/middleware/license.js.map +1 -1
package/dist/src/middleware/quota-helpers.d.ts +40 -0
package/dist/src/middleware/quota-helpers.d.ts.map +1 -0
package/dist/src/middleware/quota-helpers.js +90 -0
package/dist/src/middleware/quota-helpers.js.map +1 -0
package/dist/src/middleware/quota-types.d.ts +105 -0
package/dist/src/middleware/quota-types.d.ts.map +1 -0
package/dist/src/middleware/quota-types.js +4 -0
package/dist/src/middleware/quota-types.js.map +1 -0
package/dist/src/middleware/quota.d.ts +3 -97
package/dist/src/middleware/quota.d.ts.map +1 -1
package/dist/src/middleware/quota.js +2 -87
package/dist/src/middleware/quota.js.map +1 -1
package/dist/src/tools/LocalSkillSearch.d.ts +32 -0
package/dist/src/tools/LocalSkillSearch.d.ts.map +1 -0
package/dist/src/tools/LocalSkillSearch.js +74 -0
package/dist/src/tools/LocalSkillSearch.js.map +1 -0
package/dist/src/tools/compare.d.ts +3 -102
package/dist/src/tools/compare.d.ts.map +1 -1
package/dist/src/tools/compare.helpers.d.ts +36 -0
package/dist/src/tools/compare.helpers.d.ts.map +1 -0
package/dist/src/tools/compare.helpers.js +252 -0
package/dist/src/tools/compare.helpers.js.map +1 -0
package/dist/src/tools/compare.js +6 -288
package/dist/src/tools/compare.js.map +1 -1
package/dist/src/tools/compare.types.d.ts +134 -0
package/dist/src/tools/compare.types.d.ts.map +1 -0
package/dist/src/tools/compare.types.js +47 -0
package/dist/src/tools/compare.types.js.map +1 -0
package/dist/src/tools/get-skill.d.ts.map +1 -1
package/dist/src/tools/get-skill.js +38 -2
package/dist/src/tools/get-skill.js.map +1 -1
package/dist/src/tools/index-local.d.ts +117 -0
package/dist/src/tools/index-local.d.ts.map +1 -0
package/dist/src/tools/index-local.js +126 -0
package/dist/src/tools/index-local.js.map +1 -0
package/dist/src/tools/index.d.ts +2 -0
package/dist/src/tools/index.d.ts.map +1 -1
package/dist/src/tools/index.js +2 -0
package/dist/src/tools/index.js.map +1 -1
package/dist/src/tools/install.conflict-helpers.d.ts +64 -0
package/dist/src/tools/install.conflict-helpers.d.ts.map +1 -0
package/dist/src/tools/install.conflict-helpers.js +165 -0
package/dist/src/tools/install.conflict-helpers.js.map +1 -0
package/dist/src/tools/install.conflict-helpers.test.d.ts +15 -0
package/dist/src/tools/install.conflict-helpers.test.d.ts.map +1 -0
package/dist/src/tools/install.conflict-helpers.test.js +243 -0
package/dist/src/tools/install.conflict-helpers.test.js.map +1 -0
package/dist/src/tools/install.conflict.d.ts +58 -0
package/dist/src/tools/install.conflict.d.ts.map +1 -0
package/dist/src/tools/install.conflict.js +160 -0
package/dist/src/tools/install.conflict.js.map +1 -0
package/dist/src/tools/install.conflict.test.d.ts +15 -0
package/dist/src/tools/install.conflict.test.d.ts.map +1 -0
package/dist/src/tools/install.conflict.test.js +354 -0
package/dist/src/tools/install.conflict.test.js.map +1 -0
package/dist/src/tools/install.d.ts +11 -60
package/dist/src/tools/install.d.ts.map +1 -1
package/dist/src/tools/install.helpers.d.ts +83 -0
package/dist/src/tools/install.helpers.d.ts.map +1 -0
package/dist/src/tools/install.helpers.js +333 -0
package/dist/src/tools/install.helpers.js.map +1 -0
package/dist/src/tools/install.js +199 -255
package/dist/src/tools/install.js.map +1 -1
package/dist/src/tools/install.types.d.ts +178 -0
package/dist/src/tools/install.types.d.ts.map +1 -0
package/dist/src/tools/install.types.js +105 -0
package/dist/src/tools/install.types.js.map +1 -0
package/dist/src/tools/merge.d.ts +53 -0
package/dist/src/tools/merge.d.ts.map +1 -0
package/dist/src/tools/merge.js +276 -0
package/dist/src/tools/merge.js.map +1 -0
package/dist/src/tools/merge.test.d.ts +11 -0
package/dist/src/tools/merge.test.d.ts.map +1 -0
package/dist/src/tools/merge.test.js +224 -0
package/dist/src/tools/merge.test.js.map +1 -0
package/dist/src/tools/recommend.d.ts +3 -148
package/dist/src/tools/recommend.d.ts.map +1 -1
package/dist/src/tools/recommend.helpers.d.ts +42 -0
package/dist/src/tools/recommend.helpers.d.ts.map +1 -0
package/dist/src/tools/recommend.helpers.js +155 -0
package/dist/src/tools/recommend.helpers.js.map +1 -0
package/dist/src/tools/recommend.js +216 -154
package/dist/src/tools/recommend.js.map +1 -1
package/dist/src/tools/recommend.types.d.ts +164 -0
package/dist/src/tools/recommend.types.d.ts.map +1 -0
package/dist/src/tools/recommend.types.js +87 -0
package/dist/src/tools/recommend.types.js.map +1 -0
package/dist/src/tools/search.d.ts +18 -4
package/dist/src/tools/search.d.ts.map +1 -1
package/dist/src/tools/search.js +91 -16
package/dist/src/tools/search.js.map +1 -1
package/dist/src/tools/validate.d.ts +3 -70
package/dist/src/tools/validate.d.ts.map +1 -1
package/dist/src/tools/validate.helpers.d.ts +22 -0
package/dist/src/tools/validate.helpers.d.ts.map +1 -0
package/dist/src/tools/validate.helpers.js +276 -0
package/dist/src/tools/validate.helpers.js.map +1 -0
package/dist/src/tools/validate.js +4 -337
package/dist/src/tools/validate.js.map +1 -1
package/dist/src/tools/validate.types.d.ts +96 -0
package/dist/src/tools/validate.types.d.ts.map +1 -0
package/dist/src/tools/validate.types.js +71 -0
package/dist/src/tools/validate.types.js.map +1 -0
package/dist/src/utils/validation.d.ts +6 -2
package/dist/src/utils/validation.d.ts.map +1 -1
package/dist/src/utils/validation.js +11 -2
package/dist/src/utils/validation.js.map +1 -1
package/dist/src/webhooks/index.d.ts +1 -0
package/dist/src/webhooks/index.d.ts.map +1 -1
package/dist/src/webhooks/index.js +2 -0
package/dist/src/webhooks/index.js.map +1 -1
package/dist/src/webhooks/stripe-webhook-endpoint.d.ts +68 -0
package/dist/src/webhooks/stripe-webhook-endpoint.d.ts.map +1 -0
package/dist/src/webhooks/stripe-webhook-endpoint.js +213 -0
package/dist/src/webhooks/stripe-webhook-endpoint.js.map +1 -0
package/dist/src/webhooks/webhook-endpoint.d.ts +4 -49
package/dist/src/webhooks/webhook-endpoint.d.ts.map +1 -1
package/dist/src/webhooks/webhook-endpoint.js +3 -125
package/dist/src/webhooks/webhook-endpoint.js.map +1 -1
package/dist/src/webhooks/webhook-helpers.d.ts +69 -0
package/dist/src/webhooks/webhook-helpers.d.ts.map +1 -0
package/dist/src/webhooks/webhook-helpers.js +146 -0
package/dist/src/webhooks/webhook-helpers.js.map +1 -0
package/dist/tests/e2e/conflict-resolution.e2e.test.d.ts +12 -0
package/dist/tests/e2e/conflict-resolution.e2e.test.d.ts.map +1 -0
package/dist/tests/e2e/conflict-resolution.e2e.test.js +343 -0
package/dist/tests/e2e/conflict-resolution.e2e.test.js.map +1 -0
package/dist/tests/integration/fixtures/development-skills.d.ts +22 -0
package/dist/tests/integration/fixtures/development-skills.d.ts.map +1 -0
package/dist/tests/integration/fixtures/development-skills.js +165 -0
package/dist/tests/integration/fixtures/development-skills.js.map +1 -0
package/dist/tests/integration/fixtures/devops-skills.d.ts +10 -0
package/dist/tests/integration/fixtures/devops-skills.d.ts.map +1 -0
package/dist/tests/integration/fixtures/devops-skills.js +70 -0
package/dist/tests/integration/fixtures/devops-skills.js.map +1 -0
package/dist/tests/integration/fixtures/experimental-skills.d.ts +14 -0
package/dist/tests/integration/fixtures/experimental-skills.d.ts.map +1 -0
package/dist/tests/integration/fixtures/experimental-skills.js +255 -0
package/dist/tests/integration/fixtures/experimental-skills.js.map +1 -0
package/dist/tests/integration/fixtures/skill-types.d.ts +18 -0
package/dist/tests/integration/fixtures/skill-types.d.ts.map +1 -0
package/dist/tests/integration/fixtures/skill-types.js +6 -0
package/dist/tests/integration/fixtures/skill-types.js.map +1 -0
package/dist/tests/integration/fixtures/test-skills.d.ts +10 -14
package/dist/tests/integration/fixtures/test-skills.d.ts.map +1 -1
package/dist/tests/integration/fixtures/test-skills.js +23 -590
package/dist/tests/integration/fixtures/test-skills.js.map +1 -1
package/dist/tests/integration/fixtures/testing-skills.d.ts +10 -0
package/dist/tests/integration/fixtures/testing-skills.d.ts.map +1 -0
package/dist/tests/integration/fixtures/testing-skills.js +70 -0
package/dist/tests/integration/fixtures/testing-skills.js.map +1 -0
package/dist/tests/integration/fixtures/verified-skills.d.ts +11 -0
package/dist/tests/integration/fixtures/verified-skills.d.ts.map +1 -0
package/dist/tests/integration/fixtures/verified-skills.js +91 -0
package/dist/tests/integration/fixtures/verified-skills.js.map +1 -0
package/dist/tests/integration/install-conflict.integration.test.d.ts +8 -0
package/dist/tests/integration/install-conflict.integration.test.d.ts.map +1 -0
package/dist/tests/integration/install-conflict.integration.test.js +384 -0
package/dist/tests/integration/install-conflict.integration.test.js.map +1 -0
package/dist/tests/integration/install-trust-parsing.integration.test.d.ts +13 -0
package/dist/tests/integration/install-trust-parsing.integration.test.d.ts.map +1 -0
package/dist/tests/integration/install-trust-parsing.integration.test.js +290 -0
package/dist/tests/integration/install-trust-parsing.integration.test.js.map +1 -0
package/dist/tests/integration/install.integration.test.js +151 -1
package/dist/tests/integration/install.integration.test.js.map +1 -1
package/dist/tests/integration/recommend.integration.test.js +2 -1
package/dist/tests/integration/recommend.integration.test.js.map +1 -1
package/dist/tests/llm/failover.test.d.ts +13 -0
package/dist/tests/llm/failover.test.d.ts.map +1 -0
package/dist/tests/llm/failover.test.js +250 -0
package/dist/tests/llm/failover.test.js.map +1 -0
package/dist/tests/recommend.test.js +133 -1
package/dist/tests/recommend.test.js.map +1 -1
package/dist/tests/tools.test.d.ts +1 -0
package/dist/tests/tools.test.d.ts.map +1 -1
package/dist/tests/tools.test.js +59 -1
package/dist/tests/tools.test.js.map +1 -1
package/dist/tests/unit/compare-helpers.test.d.ts +8 -0
package/dist/tests/unit/compare-helpers.test.d.ts.map +1 -0
package/dist/tests/unit/compare-helpers.test.js +224 -0
package/dist/tests/unit/compare-helpers.test.js.map +1 -0
package/dist/tests/unit/install-helpers.test.d.ts +8 -0
package/dist/tests/unit/install-helpers.test.d.ts.map +1 -0
package/dist/tests/unit/install-helpers.test.js +460 -0
package/dist/tests/unit/install-helpers.test.js.map +1 -0
package/dist/tests/unit/recommend-helpers.test.d.ts +8 -0
package/dist/tests/unit/recommend-helpers.test.d.ts.map +1 -0
package/dist/tests/unit/recommend-helpers.test.js +117 -0
package/dist/tests/unit/recommend-helpers.test.js.map +1 -0
package/dist/tests/unit/validate-helpers.test.d.ts +8 -0
package/dist/tests/unit/validate-helpers.test.d.ts.map +1 -0
package/dist/tests/unit/validate-helpers.test.js +243 -0
package/dist/tests/unit/validate-helpers.test.js.map +1 -0
package/package.json +7 -6
package/src/assets/docs/USER_GUIDE.md +0 -220
package/src/assets/skills/skillsmith/docs/QUOTAS.md +0 -182
package/src/assets/skills/skillsmith/docs/SECURITY.md +0 -174
package/src/assets/skills/skillsmith/docs/TRUST_TIERS.md +0 -142

package/dist/tests/unit/validate-helpers.test.js ADDED Viewed

@@ -0,0 +1,243 @@
+/**
+ * @fileoverview Tests for validate.helpers.ts
+ * @module @skillsmith/mcp-server/tests/unit/validate-helpers
+ *
+ * SMI-1719: Unit tests for extracted helper functions from Wave 3 refactor
+ */
+import { describe, it, expect } from 'vitest';
+import { parseYamlFrontmatter, hasSsrfPattern, hasPathTraversal, validateMetadata, } from '../../src/tools/validate.helpers.js';
+describe('validate.helpers', () => {
+    describe('parseYamlFrontmatter', () => {
+        it('parses simple key-value pairs', () => {
+            const content = `---
+name: my-skill
+description: A test skill
+version: 1.0.0
+---
+# Content`;
+            const result = parseYamlFrontmatter(content);
+            expect(result).toEqual({
+                name: 'my-skill',
+                description: 'A test skill',
+                version: '1.0.0',
+            });
+        });
+        it('parses quoted strings', () => {
+            const content = `---
+name: "my-skill"
+description: 'A test skill'
+---`;
+            const result = parseYamlFrontmatter(content);
+            expect(result?.name).toBe('my-skill');
+            expect(result?.description).toBe('A test skill');
+        });
+        it('parses boolean values', () => {
+            const content = `---
+enabled: true
+disabled: false
+---`;
+            const result = parseYamlFrontmatter(content);
+            expect(result?.enabled).toBe(true);
+            expect(result?.disabled).toBe(false);
+        });
+        it('parses numeric values', () => {
+            const content = `---
+count: 42
+score: 3.14
+negative: -10
+---`;
+            const result = parseYamlFrontmatter(content);
+            expect(result?.count).toBe(42);
+            expect(result?.score).toBe(3.14);
+            expect(result?.negative).toBe(-10);
+        });
+        it('parses inline arrays', () => {
+            const content = `---
+tags: [typescript, testing, cli]
+---`;
+            const result = parseYamlFrontmatter(content);
+            expect(result?.tags).toEqual(['typescript', 'testing', 'cli']);
+        });
+        it('parses multiline arrays', () => {
+            const content = `---
+tags:
+  - typescript
+  - testing
+  - cli
+---`;
+            const result = parseYamlFrontmatter(content);
+            expect(result?.tags).toEqual(['typescript', 'testing', 'cli']);
+        });
+        it('ignores comments', () => {
+            const content = `---
+# This is a comment
+name: my-skill
+# Another comment
+description: Test
+---`;
+            const result = parseYamlFrontmatter(content);
+            expect(result).toEqual({
+                name: 'my-skill',
+                description: 'Test',
+            });
+        });
+        it('returns null for content without frontmatter', () => {
+            const content = '# Just markdown\n\nNo frontmatter here';
+            expect(parseYamlFrontmatter(content)).toBeNull();
+        });
+        it('returns null for truly unclosed frontmatter', () => {
+            // Note: The parser uses indexOf('---', 3) so any occurrence of --- will close it
+            // This test verifies truly unclosed frontmatter (no --- anywhere after the opening)
+            const content = `---
+name: my-skill
+description: Test
+author: someone`;
+            expect(parseYamlFrontmatter(content)).toBeNull();
+        });
+        it('handles empty values', () => {
+            const content = `---
+name: my-skill
+tags:
+---`;
+            const result = parseYamlFrontmatter(content);
+            expect(result?.name).toBe('my-skill');
+        });
+    });
+    describe('hasSsrfPattern', () => {
+        it('detects file:// protocol', () => {
+            expect(hasSsrfPattern('file:///etc/passwd')).toBe(true);
+        });
+        it('detects gopher:// protocol', () => {
+            expect(hasSsrfPattern('gopher://localhost')).toBe(true);
+        });
+        it('detects localhost', () => {
+            expect(hasSsrfPattern('http://localhost/admin')).toBe(true);
+        });
+        it('detects 127.0.0.x', () => {
+            expect(hasSsrfPattern('http://127.0.0.1/admin')).toBe(true);
+        });
+        it('detects private IP 10.x.x.x', () => {
+            expect(hasSsrfPattern('http://10.0.0.1/internal')).toBe(true);
+        });
+        // SMI-1723: Additional private IP ranges
+        it('detects private IP 192.168.x.x', () => {
+            expect(hasSsrfPattern('http://192.168.1.1/admin')).toBe(true);
+            expect(hasSsrfPattern('http://192.168.0.100/config')).toBe(true);
+        });
+        it('detects cloud metadata service 169.254.x.x', () => {
+            // AWS/Azure/GCP metadata endpoints
+            expect(hasSsrfPattern('http://169.254.169.254/latest/meta-data/')).toBe(true);
+            expect(hasSsrfPattern('http://169.254.170.2/v2/credentials')).toBe(true);
+        });
+        it('allows safe URLs', () => {
+            expect(hasSsrfPattern('https://github.com/user/repo')).toBe(false);
+            expect(hasSsrfPattern('https://example.com')).toBe(false);
+        });
+    });
+    describe('hasPathTraversal', () => {
+        it('detects ../', () => {
+            expect(hasPathTraversal('../etc/passwd')).toBe(true);
+        });
+        it('detects encoded path traversal', () => {
+            expect(hasPathTraversal('%2e%2e/etc/passwd')).toBe(true);
+        });
+        it('detects windows-style traversal', () => {
+            expect(hasPathTraversal('..\\windows\\system32')).toBe(true);
+        });
+        it('allows safe paths', () => {
+            expect(hasPathTraversal('/home/user/file.txt')).toBe(false);
+            expect(hasPathTraversal('src/index.ts')).toBe(false);
+        });
+    });
+    describe('validateMetadata', () => {
+        it('validates valid metadata', () => {
+            const metadata = {
+                name: 'my-skill',
+                description: 'A test skill',
+                author: 'test-author',
+                version: '1.0.0',
+                tags: ['testing'],
+            };
+            const errors = validateMetadata(metadata, false);
+            expect(errors).toEqual([]);
+        });
+        it('requires name field', () => {
+            const metadata = { description: 'Test' };
+            const errors = validateMetadata(metadata, false);
+            expect(errors.some((e) => e.field === 'name' && e.severity === 'error')).toBe(true);
+        });
+        it('requires description in strict mode', () => {
+            const metadata = { name: 'my-skill' };
+            const strictErrors = validateMetadata(metadata, true);
+            const normalErrors = validateMetadata(metadata, false);
+            expect(strictErrors.some((e) => e.field === 'description' && e.severity === 'error')).toBe(true);
+            expect(normalErrors.some((e) => e.field === 'description' && e.severity === 'warning')).toBe(true);
+        });
+        it('validates name type', () => {
+            const metadata = { name: 123, description: 'Test' };
+            const errors = validateMetadata(metadata, false);
+            expect(errors.some((e) => e.field === 'name' && e.message.includes('must be a string'))).toBe(true);
+        });
+        it('validates name length', () => {
+            const metadata = { name: 'a'.repeat(100), description: 'Test' };
+            const errors = validateMetadata(metadata, false);
+            expect(errors.some((e) => e.field === 'name' && e.message.includes('exceeds maximum'))).toBe(true);
+        });
+        it('validates tags array', () => {
+            const metadata = { name: 'test', description: 'Test', tags: 'not-an-array' };
+            const errors = validateMetadata(metadata, false);
+            expect(errors.some((e) => e.field === 'tags' && e.message.includes('must be an array'))).toBe(true);
+        });
+        it('validates tag count', () => {
+            const metadata = {
+                name: 'test',
+                description: 'Test',
+                tags: Array(25).fill('tag'),
+            };
+            const errors = validateMetadata(metadata, false);
+            expect(errors.some((e) => e.field === 'tags' && e.message.includes('exceeds maximum count'))).toBe(true);
+        });
+        it('validates individual tag type', () => {
+            const metadata = { name: 'test', description: 'Test', tags: [123, 'valid'] };
+            const errors = validateMetadata(metadata, false);
+            expect(errors.some((e) => e.field === 'tags[0]' && e.message.includes('must be a string'))).toBe(true);
+        });
+        it('detects SSRF in repository URL', () => {
+            const metadata = {
+                name: 'test',
+                description: 'Test',
+                repository: 'http://localhost/admin',
+            };
+            const errors = validateMetadata(metadata, false);
+            expect(errors.some((e) => e.field === 'repository' && e.message.includes('dangerous URL'))).toBe(true);
+        });
+        it('detects SSRF in homepage URL', () => {
+            const metadata = {
+                name: 'test',
+                description: 'Test',
+                homepage: 'file:///etc/passwd',
+            };
+            const errors = validateMetadata(metadata, false);
+            expect(errors.some((e) => e.field === 'homepage' && e.message.includes('dangerous URL'))).toBe(true);
+        });
+        it('detects path traversal in any field', () => {
+            const metadata = {
+                name: 'test',
+                description: '../../../etc/passwd',
+            };
+            const errors = validateMetadata(metadata, false);
+            expect(errors.some((e) => e.field === 'description' && e.message.includes('path traversal'))).toBe(true);
+        });
+        it('recommends version in strict mode', () => {
+            const metadata = { name: 'test', description: 'Test' };
+            const errors = validateMetadata(metadata, true);
+            expect(errors.some((e) => e.field === 'version' && e.severity === 'warning')).toBe(true);
+        });
+        it('recommends tags in strict mode', () => {
+            const metadata = { name: 'test', description: 'Test' };
+            const errors = validateMetadata(metadata, true);
+            expect(errors.some((e) => e.field === 'tags' && e.message.includes('recommended'))).toBe(true);
+        });
+    });
+});
+//# sourceMappingURL=validate-helpers.test.js.map

package/dist/tests/unit/validate-helpers.test.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"validate-helpers.test.js","sourceRoot":"","sources":["../../../tests/unit/validate-helpers.test.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAA;AAC7C,OAAO,EACL,oBAAoB,EACpB,cAAc,EACd,gBAAgB,EAChB,gBAAgB,GACjB,MAAM,qCAAqC,CAAA;AAE5C,QAAQ,CAAC,kBAAkB,EAAE,GAAG,EAAE;IAChC,QAAQ,CAAC,sBAAsB,EAAE,GAAG,EAAE;QACpC,EAAE,CAAC,+BAA+B,EAAE,GAAG,EAAE;YACvC,MAAM,OAAO,GAAG;;;;;UAKZ,CAAA;YAEJ,MAAM,MAAM,GAAG,oBAAoB,CAAC,OAAO,CAAC,CAAA;YAE5C,MAAM,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC;gBACrB,IAAI,EAAE,UAAU;gBAChB,WAAW,EAAE,cAAc;gBAC3B,OAAO,EAAE,OAAO;aACjB,CAAC,CAAA;QACJ,CAAC,CAAC,CAAA;QAEF,EAAE,CAAC,uBAAuB,EAAE,GAAG,EAAE;YAC/B,MAAM,OAAO,GAAG;;;IAGlB,CAAA;YAEE,MAAM,MAAM,GAAG,oBAAoB,CAAC,OAAO,CAAC,CAAA;YAE5C,MAAM,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAA;YACrC,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,CAAA;QAClD,CAAC,CAAC,CAAA;QAEF,EAAE,CAAC,uBAAuB,EAAE,GAAG,EAAE;YAC/B,MAAM,OAAO,GAAG;;;IAGlB,CAAA;YAEE,MAAM,MAAM,GAAG,oBAAoB,CAAC,OAAO,CAAC,CAAA;YAE5C,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;YAClC,MAAM,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;QACtC,CAAC,CAAC,CAAA;QAEF,EAAE,CAAC,uBAAuB,EAAE,GAAG,EAAE;YAC/B,MAAM,OAAO,GAAG;;;;IAIlB,CAAA;YAEE,MAAM,MAAM,GAAG,oBAAoB,CAAC,OAAO,CAAC,CAAA;YAE5C,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;YAC9B,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;YAChC,MAAM,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC,CAAA;QACpC,CAAC,CAAC,CAAA;QAEF,EAAE,CAAC,sBAAsB,EAAE,GAAG,EAAE;YAC9B,MAAM,OAAO,GAAG;;IAElB,CAAA;YAEE,MAAM,MAAM,GAAG,oBAAoB,CAAC,OAAO,CAAC,CAAA;YAE5C,MAAM,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC,OAAO,CAAC,CAAC,YAAY,EAAE,SAAS,EAAE,KAAK,CAAC,CAAC,CAAA;QAChE,CAAC,CAAC,CAAA;QAEF,EAAE,CAAC,yBAAyB,EAAE,GAAG,EAAE;YACjC,MAAM,OAAO,GAAG;;;;;IAKlB,CAAA;YAEE,MAAM,MAAM,GAAG,oBAAoB,CAAC,OAAO,CAAC,CAAA;YAE5C,MAAM,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC,OAAO,CAAC,CAAC,YAAY,EAAE,SAAS,EAAE,KAAK,CAAC,CAAC,CAAA;QAChE,CAAC,CAAC,CAAA;QAEF,EAAE,CAAC,kBAAkB,EAAE,GAAG,EAAE;YAC1B,MAAM,OAAO,GAAG;;;;;IAKlB,CAAA;YAEE,MAAM,MAAM,GAAG,oBAAoB,CAAC,OAAO,CAAC,CAAA;YAE5C,MAAM,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC;gBACrB,IAAI,EAAE,UAAU;gBAChB,WAAW,EAAE,MAAM;aACpB,CAAC,CAAA;QACJ,CAAC,CAAC,CAAA;QAEF,EAAE,CAAC,8CAA8C,EAAE,GAAG,EAAE;YACtD,MAAM,OAAO,GAAG,wCAAwC,CAAA;YAExD,MAAM,CAAC,oBAAoB,CAAC,OAAO,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAA;QAClD,CAAC,CAAC,CAAA;QAEF,EAAE,CAAC,6CAA6C,EAAE,GAAG,EAAE;YACrD,iFAAiF;YACjF,oFAAoF;YACpF,MAAM,OAAO,GAAG;;;gBAGN,CAAA;YAEV,MAAM,CAAC,oBAAoB,CAAC,OAAO,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAA;QAClD,CAAC,CAAC,CAAA;QAEF,EAAE,CAAC,sBAAsB,EAAE,GAAG,EAAE;YAC9B,MAAM,OAAO,GAAG;;;IAGlB,CAAA;YAEE,MAAM,MAAM,GAAG,oBAAoB,CAAC,OAAO,CAAC,CAAA;YAE5C,MAAM,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAA;QACvC,CAAC,CAAC,CAAA;IACJ,CAAC,CAAC,CAAA;IAEF,QAAQ,CAAC,gBAAgB,EAAE,GAAG,EAAE;QAC9B,EAAE,CAAC,0BAA0B,EAAE,GAAG,EAAE;YAClC,MAAM,CAAC,cAAc,CAAC,oBAAoB,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;QACzD,CAAC,CAAC,CAAA;QAEF,EAAE,CAAC,4BAA4B,EAAE,GAAG,EAAE;YACpC,MAAM,CAAC,cAAc,CAAC,oBAAoB,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;QACzD,CAAC,CAAC,CAAA;QAEF,EAAE,CAAC,mBAAmB,EAAE,GAAG,EAAE;YAC3B,MAAM,CAAC,cAAc,CAAC,wBAAwB,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;QAC7D,CAAC,CAAC,CAAA;QAEF,EAAE,CAAC,mBAAmB,EAAE,GAAG,EAAE;YAC3B,MAAM,CAAC,cAAc,CAAC,wBAAwB,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;QAC7D,CAAC,CAAC,CAAA;QAEF,EAAE,CAAC,6BAA6B,EAAE,GAAG,EAAE;YACrC,MAAM,CAAC,cAAc,CAAC,0BAA0B,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;QAC/D,CAAC,CAAC,CAAA;QAEF,yCAAyC;QACzC,EAAE,CAAC,gCAAgC,EAAE,GAAG,EAAE;YACxC,MAAM,CAAC,cAAc,CAAC,0BAA0B,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;YAC7D,MAAM,CAAC,cAAc,CAAC,6BAA6B,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;QAClE,CAAC,CAAC,CAAA;QAEF,EAAE,CAAC,4CAA4C,EAAE,GAAG,EAAE;YACpD,mCAAmC;YACnC,MAAM,CAAC,cAAc,CAAC,0CAA0C,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;YAC7E,MAAM,CAAC,cAAc,CAAC,qCAAqC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;QAC1E,CAAC,CAAC,CAAA;QAEF,EAAE,CAAC,kBAAkB,EAAE,GAAG,EAAE;YAC1B,MAAM,CAAC,cAAc,CAAC,8BAA8B,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;YAClE,MAAM,CAAC,cAAc,CAAC,qBAAqB,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;QAC3D,CAAC,CAAC,CAAA;IACJ,CAAC,CAAC,CAAA;IAEF,QAAQ,CAAC,kBAAkB,EAAE,GAAG,EAAE;QAChC,EAAE,CAAC,aAAa,EAAE,GAAG,EAAE;YACrB,MAAM,CAAC,gBAAgB,CAAC,eAAe,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;QACtD,CAAC,CAAC,CAAA;QAEF,EAAE,CAAC,gCAAgC,EAAE,GAAG,EAAE;YACxC,MAAM,CAAC,gBAAgB,CAAC,mBAAmB,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;QAC1D,CAAC,CAAC,CAAA;QAEF,EAAE,CAAC,iCAAiC,EAAE,GAAG,EAAE;YACzC,MAAM,CAAC,gBAAgB,CAAC,uBAAuB,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;QAC9D,CAAC,CAAC,CAAA;QAEF,EAAE,CAAC,mBAAmB,EAAE,GAAG,EAAE;YAC3B,MAAM,CAAC,gBAAgB,CAAC,qBAAqB,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;YAC3D,MAAM,CAAC,gBAAgB,CAAC,cAAc,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;QACtD,CAAC,CAAC,CAAA;IACJ,CAAC,CAAC,CAAA;IAEF,QAAQ,CAAC,kBAAkB,EAAE,GAAG,EAAE;QAChC,EAAE,CAAC,0BAA0B,EAAE,GAAG,EAAE;YAClC,MAAM,QAAQ,GAAG;gBACf,IAAI,EAAE,UAAU;gBAChB,WAAW,EAAE,cAAc;gBAC3B,MAAM,EAAE,aAAa;gBACrB,OAAO,EAAE,OAAO;gBAChB,IAAI,EAAE,CAAC,SAAS,CAAC;aAClB,CAAA;YAED,MAAM,MAAM,GAAG,gBAAgB,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAA;YAEhD,MAAM,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC,CAAA;QAC5B,CAAC,CAAC,CAAA;QAEF,EAAE,CAAC,qBAAqB,EAAE,GAAG,EAAE;YAC7B,MAAM,QAAQ,GAAG,EAAE,WAAW,EAAE,MAAM,EAAE,CAAA;YAExC,MAAM,MAAM,GAAG,gBAAgB,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAA;YAEhD,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,KAAK,MAAM,IAAI,CAAC,CAAC,QAAQ,KAAK,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;QACrF,CAAC,CAAC,CAAA;QAEF,EAAE,CAAC,qCAAqC,EAAE,GAAG,EAAE;YAC7C,MAAM,QAAQ,GAAG,EAAE,IAAI,EAAE,UAAU,EAAE,CAAA;YAErC,MAAM,YAAY,GAAG,gBAAgB,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAA;YACrD,MAAM,YAAY,GAAG,gBAAgB,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAA;YAEtD,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,KAAK,aAAa,IAAI,CAAC,CAAC,QAAQ,KAAK,OAAO,CAAC,CAAC,CAAC,IAAI,CACxF,IAAI,CACL,CAAA;YACD,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,KAAK,aAAa,IAAI,CAAC,CAAC,QAAQ,KAAK,SAAS,CAAC,CAAC,CAAC,IAAI,CAC1F,IAAI,CACL,CAAA;QACH,CAAC,CAAC,CAAA;QAEF,EAAE,CAAC,qBAAqB,EAAE,GAAG,EAAE;YAC7B,MAAM,QAAQ,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,WAAW,EAAE,MAAM,EAAE,CAAA;YAEnD,MAAM,MAAM,GAAG,gBAAgB,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAA;YAEhD,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,KAAK,MAAM,IAAI,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,kBAAkB,CAAC,CAAC,CAAC,CAAC,IAAI,CAC3F,IAAI,CACL,CAAA;QACH,CAAC,CAAC,CAAA;QAEF,EAAE,CAAC,uBAAuB,EAAE,GAAG,EAAE;YAC/B,MAAM,QAAQ,GAAG,EAAE,IAAI,EAAE,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,WAAW,EAAE,MAAM,EAAE,CAAA;YAE/D,MAAM,MAAM,GAAG,gBAAgB,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAA;YAEhD,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,KAAK,MAAM,IAAI,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC,CAAC,CAAC,IAAI,CAC1F,IAAI,CACL,CAAA;QACH,CAAC,CAAC,CAAA;QAEF,EAAE,CAAC,sBAAsB,EAAE,GAAG,EAAE;YAC9B,MAAM,QAAQ,GAAG,EAAE,IAAI,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,IAAI,EAAE,cAAc,EAAE,CAAA;YAE5E,MAAM,MAAM,GAAG,gBAAgB,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAA;YAEhD,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,KAAK,MAAM,IAAI,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,kBAAkB,CAAC,CAAC,CAAC,CAAC,IAAI,CAC3F,IAAI,CACL,CAAA;QACH,CAAC,CAAC,CAAA;QAEF,EAAE,CAAC,qBAAqB,EAAE,GAAG,EAAE;YAC7B,MAAM,QAAQ,GAAG;gBACf,IAAI,EAAE,MAAM;gBACZ,WAAW,EAAE,MAAM;gBACnB,IAAI,EAAE,KAAK,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC;aAC5B,CAAA;YAED,MAAM,MAAM,GAAG,gBAAgB,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAA;YAEhD,MAAM,CACJ,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,KAAK,MAAM,IAAI,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,uBAAuB,CAAC,CAAC,CACtF,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;QACd,CAAC,CAAC,CAAA;QAEF,EAAE,CAAC,+BAA+B,EAAE,GAAG,EAAE;YACvC,MAAM,QAAQ,GAAG,EAAE,IAAI,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,GAAG,EAAE,OAAO,CAAC,EAAE,CAAA;YAE5E,MAAM,MAAM,GAAG,gBAAgB,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAA;YAEhD,MAAM,CACJ,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,KAAK,SAAS,IAAI,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,kBAAkB,CAAC,CAAC,CACpF,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;QACd,CAAC,CAAC,CAAA;QAEF,EAAE,CAAC,gCAAgC,EAAE,GAAG,EAAE;YACxC,MAAM,QAAQ,GAAG;gBACf,IAAI,EAAE,MAAM;gBACZ,WAAW,EAAE,MAAM;gBACnB,UAAU,EAAE,wBAAwB;aACrC,CAAA;YAED,MAAM,MAAM,GAAG,gBAAgB,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAA;YAEhD,MAAM,CACJ,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,KAAK,YAAY,IAAI,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC,CACpF,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;QACd,CAAC,CAAC,CAAA;QAEF,EAAE,CAAC,8BAA8B,EAAE,GAAG,EAAE;YACtC,MAAM,QAAQ,GAAG;gBACf,IAAI,EAAE,MAAM;gBACZ,WAAW,EAAE,MAAM;gBACnB,QAAQ,EAAE,oBAAoB;aAC/B,CAAA;YAED,MAAM,MAAM,GAAG,gBAAgB,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAA;YAEhD,MAAM,CACJ,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,KAAK,UAAU,IAAI,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC,CAClF,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;QACd,CAAC,CAAC,CAAA;QAEF,EAAE,CAAC,qCAAqC,EAAE,GAAG,EAAE;YAC7C,MAAM,QAAQ,GAAG;gBACf,IAAI,EAAE,MAAM;gBACZ,WAAW,EAAE,qBAAqB;aACnC,CAAA;YAED,MAAM,MAAM,GAAG,gBAAgB,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAA;YAEhD,MAAM,CACJ,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,KAAK,aAAa,IAAI,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAC,CAAC,CACtF,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;QACd,CAAC,CAAC,CAAA;QAEF,EAAE,CAAC,mCAAmC,EAAE,GAAG,EAAE;YAC3C,MAAM,QAAQ,GAAG,EAAE,IAAI,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,CAAA;YAEtD,MAAM,MAAM,GAAG,gBAAgB,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAA;YAE/C,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,KAAK,SAAS,IAAI,CAAC,CAAC,QAAQ,KAAK,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;QAC1F,CAAC,CAAC,CAAA;QAEF,EAAE,CAAC,gCAAgC,EAAE,GAAG,EAAE;YACxC,MAAM,QAAQ,GAAG,EAAE,IAAI,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,CAAA;YAEtD,MAAM,MAAM,GAAG,gBAAgB,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAA;YAE/C,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,KAAK,MAAM,IAAI,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;QAChG,CAAC,CAAC,CAAA;IACJ,CAAC,CAAC,CAAA;AACJ,CAAC,CAAC,CAAA"}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@skillsmith/mcp-server",
-  "version": "0.3.3",
+  "version": "0.3.5",
   "description": "MCP server for Skillsmith skill discovery",
   "type": "module",
   "main": "./dist/src/index.js",
@@ -9,21 +9,22 @@
     "skillsmith-mcp": "./dist/src/index.js"
   },
   "scripts": {
-    "prepublishOnly": "npm run build && npm run test",
+    "prepublishOnly": "npm run build && npm run test && chmod +x dist/src/index.js",
     "build": "tsc",
+    "postbuild": "chmod +x dist/src/index.js || true",
     "dev": "tsx watch src/index.ts",
-    "start": "node dist/index.js",
+    "start": "node dist/src/index.js",
     "test": "vitest run",
     "test:watch": "vitest",
     "test:integration": "vitest run --config vitest.config.integration.ts"
   },
   "dependencies": {
-    "@modelcontextprotocol/sdk": "^1.0.4",
-    "@skillsmith/core": "*",
+    "@modelcontextprotocol/sdk": "1.25.3",
+    "@skillsmith/core": "0.4.1",
     "esbuild": "0.27.2"
   },
   "devDependencies": {
-    "tsx": "^4.6.0",
+    "tsx": "4.21.0",
     "vitest": "4.0.16",
     "zod": "^3.25.0"
   },

package/src/assets/docs/USER_GUIDE.md DELETED Viewed

@@ -1,220 +0,0 @@
-# Skillsmith User Guide
-Welcome to Skillsmith, the skill discovery and management system for Claude Code.
-## Quick Start
-### 1. Configure MCP Server
-Add to `~/.claude/settings.json`:
-```json
-{
-  "mcpServers": {
-    "skillsmith": {
-      "command": "npx",
-      "args": ["-y", "@skillsmith/mcp-server"]
-    }
-  }
-}
-```
-### 2. Restart Claude Code
-Close and reopen your Claude Code session.
-### 3. Start Using
-Ask Claude:
-- "Search for testing skills"
-- "Install the commit skill"
-- "What skills do I have installed?"
-## What Gets Installed
-On first run, Skillsmith automatically installs essential skills:
-| Skill | Purpose |
-|-------|---------|
-| **varlock** | Secure environment variable management |
-| **commit** | Git commit message generation |
-| **governance** | Code quality enforcement |
-| **skill-builder** | Create custom skills |
-| **skillsmith** | This documentation |
-## Trust Tiers
-Always check the trust tier before installing skills:
-| Tier | Safety | Action |
-|------|--------|--------|
-| **Official** (Green) | Highest | Install freely |
-| **Verified** (Blue) | High | Install freely |
-| **Community** (Yellow) | Medium | Review first |
-| **Unverified** (Red) | Unknown | Careful review |
-### Quick Trust Check
-```
-"Show details for community/some-skill"
-```
-Look for:
-- Trust tier badge
-- Quality score (aim for 70+)
-- Number of stars
-- Days since published
-## Common Tasks
-### Search for Skills
-```
-"Find testing skills"
-"Search for devops skills with score above 80"
-"Find verified git workflow skills"
-```
-### Install a Skill
-```
-"Install community/jest-helper"
-"Install the commit skill"
-```
-### Compare Skills
-```
-"Compare jest-helper and vitest-helper"
-```
-### Get Recommendations
-```
-"Recommend skills for my React project"
-"What skills would help with this codebase?"
-```
-### Create a Custom Skill
-```
-"Create a skill for generating changelogs"
-```
-## Quota Limits
-| Tier | API Calls/Month | Price |
-|------|-----------------|-------|
-| Community | 1,000 | Free |
-| Individual | 10,000 | $9.99/mo |
-| Team | 100,000 | $25/user/mo |
-| Enterprise | Unlimited | $55/user/mo |
-Check your usage:
-```
-"What's my Skillsmith quota?"
-```
-Upgrade at: https://skillsmith.app/upgrade
-## Security Best Practices
-1. **Prefer Verified or Official skills** for important projects
-2. **Review Community skills** before installing
-3. **Never install Unverified skills** without manual review
-4. **Check the quality score** - aim for 70+
-5. **Report suspicious skills** to security@skillsmith.app
-## Data Sources
-Skillsmith uses different data sources depending on context:
-| Context | Data Source | Description |
-|---------|-------------|-------------|
-| **Production** | Supabase Registry | Live database with indexed skills from GitHub |
-| **Development** | Local SQLite + Seed Data | Sample skills for testing |
-### Live Registry (Production)
-When you install `@skillsmith/mcp-server` via npx, it connects to the **live Supabase registry**. This registry is populated by:
-1. **GitHub Indexer** - Automatically discovers skills with topics like `claude-code-skill`
-2. **High-Trust Authors** - Pre-indexed skills from verified publishers (Anthropic, Hugging Face, Vercel)
-3. **Community Submissions** - Skills submitted via the registry API
-### Seed Data (Development Only)
-The seed data in `packages/core/tests/fixtures/skills/seed-skills.json` is **only for local development and testing**. It is NOT the production registry.
-```bash
-# Development only - loads sample skills to local SQLite
-npm run seed
-```
-> **Note**: If you're using Skillsmith normally (via npx), you don't need seed data. The MCP server connects directly to the live registry.
-## Where Skills Are Installed
-Skills install to: `~/.claude/skills/<skill-name>/`
-Each skill contains:
-- `SKILL.md` - Main skill file (Claude reads this)
-- Optional: `docs/`, `scripts/`, `templates/`
-## Troubleshooting
-### "Skill not found"
-The skill may not exist in the registry. Try:
-```
-"Search for similar-name"
-```
-### "Installation failed"
-Check:
-1. Internet connection
-2. Quota remaining
-3. Skill hasn't been blocklisted
-### "Security scan failed"
-The skill was blocked for security reasons. Try a different skill or contact support if you believe this is an error.
-### Quota Exceeded
-You've hit your monthly limit. Options:
-1. Wait until quota resets (1st of month)
-2. Upgrade your tier
-## Offline Usage
-Installed skills work offline. Only these operations require internet:
-- Searching for new skills
-- Installing skills
-- Getting recommendations
-## Updating Skillsmith
-```bash
-npx @skillsmith/mcp-server@latest
-```
-Or let it auto-update via npx.
-## Getting Help
-- **Documentation**: `npx @skillsmith/mcp-server --docs`
-- **Issues**: https://github.com/smith-horn/skillsmith/issues
-- **Support**: support@skillsmith.app
-- **Security**: security@skillsmith.app
-## License
-Skillsmith is licensed under **Elastic License 2.0**:
-- Self-hosting for internal use: Allowed
-- Modification for own use: Allowed
-- Offering as managed service: Not allowed
-- Circumventing license keys: Not allowed
-Full license: https://www.elastic.co/licensing/elastic-license