@skillsmith/mcp-server 0.4.2 → 0.4.3

package/dist/src/tools/skill-audit.d.ts

@@ -0,0 +1,98 @@
+/**
+ * @fileoverview skill_audit MCP tool — check skills for security advisories
+ * @module @skillsmith/mcp-server/tools/skill-audit
+ * @see SMI-skill-version-tracking Wave 3
+ *
+ * Returns a summary of active security advisories for installed skills.
+ * The advisory system is in early access — advisories are published by the
+ * Skillsmith team as security issues are identified.
+ *
+ * Tier gate: Team (skill_security_audit feature flag).
+ * Community and Individual users receive a graceful license error response.
+ */
+import { z } from 'zod';
+import type { ToolContext } from '../context.js';
+/**
+ * Input schema for skill_audit tool
+ */
+export declare const skillAuditInputSchema: z.ZodObject<{
+    /** Optional filter — check only the specified skill IDs */
+    skillIds: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+}, "strip", z.ZodTypeAny, {
+    skillIds?: string[] | undefined;
+}, {
+    skillIds?: string[] | undefined;
+}>;
+export type SkillAuditInput = z.infer<typeof skillAuditInputSchema>;
+/**
+ * Per-advisory summary entry in the audit response
+ */
+export interface AdvisoryEntry {
+    /** Registry skill identifier */
+    skillName: string;
+    /** Advisory severity */
+    severity: 'low' | 'medium' | 'high' | 'critical';
+    /** Short advisory title */
+    title: string;
+    /** Advisory identifier (SSA-YYYY-NNN format) */
+    id: string;
+    /** Whether a patched version is available */
+    fixAvailable: boolean;
+}
+/**
+ * Advisory count summary by severity
+ */
+export interface AdvisorySummary {
+    critical: number;
+    high: number;
+    medium: number;
+    low: number;
+    total: number;
+}
+/**
+ * Response from skill_audit tool
+ */
+export interface SkillAuditResponse {
+    /** Whether advisories data is available */
+    advisoriesAvailable: boolean;
+    /** Early-access message when no advisories are in the database */
+    message?: string;
+    /** Counts by severity (only present when advisoriesAvailable: true) */
+    summary?: AdvisorySummary;
+    /** Per-advisory details (only present when advisoriesAvailable: true) */
+    advisories?: AdvisoryEntry[];
+}
+/**
+ * MCP tool definition for skill_audit
+ */
+export declare const skillAuditToolSchema: {
+    name: "skill_audit";
+    description: string;
+    inputSchema: {
+        type: "object";
+        properties: {
+            skillIds: {
+                type: string;
+                items: {
+                    type: string;
+                };
+                description: string;
+            };
+        };
+        required: never[];
+    };
+};
+/**
+ * Execute the skill_audit tool.
+ *
+ * Reads active advisories from skill_advisories table (migration v6).
+ * When the table is empty, returns an early-access message instead of
+ * an empty result so users understand the system is operational but
+ * advisory data has not yet been synced.
+ *
+ * @param input   Validated tool input
+ * @param context Tool context with database connection
+ * @returns SkillAuditResponse with advisory data or early-access message
+ */
+export declare function executeSkillAudit(input: SkillAuditInput, context: ToolContext): Promise<SkillAuditResponse>;
+//# sourceMappingURL=skill-audit.d.ts.map

package/dist/src/tools/skill-audit.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"skill-audit.d.ts","sourceRoot":"","sources":["../../../src/tools/skill-audit.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAEvB,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,eAAe,CAAA;AAMhD;;GAEG;AACH,eAAO,MAAM,qBAAqB;IAChC,2DAA2D;;;;;;EAK3D,CAAA;AAEF,MAAM,MAAM,eAAe,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,qBAAqB,CAAC,CAAA;AAEnE;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,gCAAgC;IAChC,SAAS,EAAE,MAAM,CAAA;IACjB,wBAAwB;IACxB,QAAQ,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAA;IAChD,2BAA2B;IAC3B,KAAK,EAAE,MAAM,CAAA;IACb,gDAAgD;IAChD,EAAE,EAAE,MAAM,CAAA;IACV,6CAA6C;IAC7C,YAAY,EAAE,OAAO,CAAA;CACtB;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,QAAQ,EAAE,MAAM,CAAA;IAChB,IAAI,EAAE,MAAM,CAAA;IACZ,MAAM,EAAE,MAAM,CAAA;IACd,GAAG,EAAE,MAAM,CAAA;IACX,KAAK,EAAE,MAAM,CAAA;CACd;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,2CAA2C;IAC3C,mBAAmB,EAAE,OAAO,CAAA;IAC5B,kEAAkE;IAClE,OAAO,CAAC,EAAE,MAAM,CAAA;IAChB,uEAAuE;IACvE,OAAO,CAAC,EAAE,eAAe,CAAA;IACzB,yEAAyE;IACzE,UAAU,CAAC,EAAE,aAAa,EAAE,CAAA;CAC7B;AAMD;;GAEG;AACH,eAAO,MAAM,oBAAoB;;;;;;;;;;;;;;;;CAmBhC,CAAA;AAMD;;;;;;;;;;;GAWG;AACH,wBAAsB,iBAAiB,CACrC,KAAK,EAAE,eAAe,EACtB,OAAO,EAAE,WAAW,GACnB,OAAO,CAAC,kBAAkB,CAAC,CA0C7B"}

package/dist/src/tools/skill-audit.js

@@ -0,0 +1,105 @@
+/**
+ * @fileoverview skill_audit MCP tool — check skills for security advisories
+ * @module @skillsmith/mcp-server/tools/skill-audit
+ * @see SMI-skill-version-tracking Wave 3
+ *
+ * Returns a summary of active security advisories for installed skills.
+ * The advisory system is in early access — advisories are published by the
+ * Skillsmith team as security issues are identified.
+ *
+ * Tier gate: Team (skill_security_audit feature flag).
+ * Community and Individual users receive a graceful license error response.
+ */
+import { z } from 'zod';
+import { AdvisoryRepository } from '@skillsmith/core';
+// ============================================================================
+// Input / Output types
+// ============================================================================
+/**
+ * Input schema for skill_audit tool
+ */
+export const skillAuditInputSchema = z.object({
+    /** Optional filter — check only the specified skill IDs */
+    skillIds: z
+        .array(z.string().min(1))
+        .optional()
+        .describe('Specific skill IDs to audit (omit to audit all skills with advisories)'),
+});
+// ============================================================================
+// Tool schema (MCP tool definition)
+// ============================================================================
+/**
+ * MCP tool definition for skill_audit
+ */
+export const skillAuditToolSchema = {
+    name: 'skill_audit',
+    description: 'Check installed skills for known security advisories. ' +
+        'Requires Team tier or higher (skill_security_audit feature). ' +
+        'The advisory system is in early access — the Skillsmith team publishes advisories ' +
+        'as security issues are identified. Run `skillsmith sync` to fetch the latest advisories.',
+    inputSchema: {
+        type: 'object',
+        properties: {
+            skillIds: {
+                type: 'array',
+                items: { type: 'string' },
+                description: 'Specific skill IDs to audit (omit to return all skills with active advisories).',
+            },
+        },
+        required: [],
+    },
+};
+// ============================================================================
+// Execution
+// ============================================================================
+/**
+ * Execute the skill_audit tool.
+ *
+ * Reads active advisories from skill_advisories table (migration v6).
+ * When the table is empty, returns an early-access message instead of
+ * an empty result so users understand the system is operational but
+ * advisory data has not yet been synced.
+ *
+ * @param input   Validated tool input
+ * @param context Tool context with database connection
+ * @returns SkillAuditResponse with advisory data or early-access message
+ */
+export async function executeSkillAudit(input, context) {
+    const advisoryRepo = new AdvisoryRepository(context.db);
+    // Fetch advisories — filter by skillIds if provided
+    let advisories;
+    if (input.skillIds && input.skillIds.length > 0) {
+        advisories = input.skillIds.flatMap((id) => advisoryRepo.getAdvisoriesForSkill(id));
+    }
+    else {
+        advisories = advisoryRepo.getActiveAdvisories();
+    }
+    // No advisories in DB — early-access message
+    if (advisories.length === 0) {
+        return {
+            advisoriesAvailable: false,
+            message: 'Advisory system is in early access — the Skillsmith team publishes advisories as ' +
+                'security issues are identified. Run `skillsmith sync` to fetch the latest.',
+        };
+    }
+    // Build summary counts
+    const summary = { critical: 0, high: 0, medium: 0, low: 0, total: 0 };
+    for (const adv of advisories) {
+        summary[adv.severity]++;
+        summary.total++;
+    }
+    // Build per-advisory entries
+    const entries = advisories.map((adv) => ({
+        skillName: adv.skillId,
+        severity: adv.severity,
+        title: adv.title,
+        id: adv.id,
+        fixAvailable: Boolean(adv.patchedVersions),
+    }));
+    return {
+        advisoriesAvailable: true,
+        summary,
+        advisories: entries,
+    };
+}
+//# sourceMappingURL=skill-audit.js.map

package/dist/src/tools/skill-audit.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"skill-audit.js","sourceRoot":"","sources":["../../../src/tools/skill-audit.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AACvB,OAAO,EAAE,kBAAkB,EAAE,MAAM,kBAAkB,CAAA;AAGrD,+EAA+E;AAC/E,uBAAuB;AACvB,+EAA+E;AAE/E;;GAEG;AACH,MAAM,CAAC,MAAM,qBAAqB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC5C,2DAA2D;IAC3D,QAAQ,EAAE,CAAC;SACR,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;SACxB,QAAQ,EAAE;SACV,QAAQ,CAAC,wEAAwE,CAAC;CACtF,CAAC,CAAA;AA6CF,+EAA+E;AAC/E,oCAAoC;AACpC,+EAA+E;AAE/E;;GAEG;AACH,MAAM,CAAC,MAAM,oBAAoB,GAAG;IAClC,IAAI,EAAE,aAAsB;IAC5B,WAAW,EACT,wDAAwD;QACxD,+DAA+D;QAC/D,oFAAoF;QACpF,0FAA0F;IAC5F,WAAW,EAAE;QACX,IAAI,EAAE,QAAiB;QACvB,UAAU,EAAE;YACV,QAAQ,EAAE;gBACR,IAAI,EAAE,OAAO;gBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;gBACzB,WAAW,EACT,iFAAiF;aACpF;SACF;QACD,QAAQ,EAAE,EAAE;KACb;CACF,CAAA;AAED,+EAA+E;AAC/E,YAAY;AACZ,+EAA+E;AAE/E;;;;;;;;;;;GAWG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CACrC,KAAsB,EACtB,OAAoB;IAEpB,MAAM,YAAY,GAAG,IAAI,kBAAkB,CAAC,OAAO,CAAC,EAAE,CAAC,CAAA;IAEvD,oDAAoD;IACpD,IAAI,UAAU,CAAA;IACd,IAAI,KAAK,CAAC,QAAQ,IAAI,KAAK,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAChD,UAAU,GAAG,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,YAAY,CAAC,qBAAqB,CAAC,EAAE,CAAC,CAAC,CAAA;IACrF,CAAC;SAAM,CAAC;QACN,UAAU,GAAG,YAAY,CAAC,mBAAmB,EAAE,CAAA;IACjD,CAAC;IAED,6CAA6C;IAC7C,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC5B,OAAO;YACL,mBAAmB,EAAE,KAAK;YAC1B,OAAO,EACL,mFAAmF;gBACnF,4EAA4E;SAC/E,CAAA;IACH,CAAC;IAED,uBAAuB;IACvB,MAAM,OAAO,GAAoB,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,CAAA;IACtF,KAAK,MAAM,GAAG,IAAI,UAAU,EAAE,CAAC;QAC7B,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAA;QACvB,OAAO,CAAC,KAAK,EAAE,CAAA;IACjB,CAAC;IAED,6BAA6B;IAC7B,MAAM,OAAO,GAAoB,UAAU,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QACxD,SAAS,EAAE,GAAG,CAAC,OAAO;QACtB,QAAQ,EAAE,GAAG,CAAC,QAAQ;QACtB,KAAK,EAAE,GAAG,CAAC,KAAK;QAChB,EAAE,EAAE,GAAG,CAAC,EAAE;QACV,YAAY,EAAE,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;KAC3C,CAAC,CAAC,CAAA;IAEH,OAAO;QACL,mBAAmB,EAAE,IAAI;QACzB,OAAO;QACP,UAAU,EAAE,OAAO;KACpB,CAAA;AACH,CAAC"}

package/dist/src/tools/skill-audit.test.d.ts

@@ -0,0 +1,6 @@
+/**
+ * @fileoverview Unit tests for skill_audit MCP tool
+ * @see SMI-skill-version-tracking Wave 3
+ */
+export {};
+//# sourceMappingURL=skill-audit.test.d.ts.map

package/dist/src/tools/skill-audit.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"skill-audit.test.d.ts","sourceRoot":"","sources":["../../../src/tools/skill-audit.test.ts"],"names":[],"mappings":"AAAA;;;GAGG"}

package/dist/src/tools/skill-audit.test.js

@@ -0,0 +1,121 @@
+/**
+ * @fileoverview Unit tests for skill_audit MCP tool
+ * @see SMI-skill-version-tracking Wave 3
+ */
+import { describe, it, expect, beforeEach, afterEach } from 'vitest';
+import { AdvisoryRepository } from '@skillsmith/core';
+import { createTestDatabase, closeDatabase } from '../../../core/tests/helpers/database.js';
+import { executeSkillAudit } from './skill-audit.js';
+// ============================================================================
+// Helpers
+// ============================================================================
+function makeAdvisory(overrides = {}) {
+    return {
+        id: 'SSA-2026-001',
+        skillId: 'community/commit-helper',
+        severity: 'high',
+        title: 'Prompt injection in commit-helper',
+        description: 'A security advisory for testing.',
+        publishedAt: '2026-01-15T00:00:00Z',
+        ...overrides,
+    };
+}
+function makeContext(db) {
+    return { db };
+}
+// ============================================================================
+// Tests
+// ============================================================================
+describe('executeSkillAudit', () => {
+    let db;
+    let advisoryRepo;
+    beforeEach(() => {
+        db = createTestDatabase();
+        advisoryRepo = new AdvisoryRepository(db);
+    });
+    afterEach(() => {
+        closeDatabase(db);
+    });
+    // --------------------------------------------------------------------------
+    // Empty database — early-access message
+    // --------------------------------------------------------------------------
+    it('returns advisoriesAvailable: false with early-access message when DB has no advisories', async () => {
+        const result = await executeSkillAudit({}, makeContext(db));
+        expect(result.advisoriesAvailable).toBe(false);
+        expect(result.message).toContain('early access');
+        expect(result.message).toContain('skillsmith sync');
+        expect(result.summary).toBeUndefined();
+        expect(result.advisories).toBeUndefined();
+    });
+    // --------------------------------------------------------------------------
+    // With advisories
+    // --------------------------------------------------------------------------
+    it('returns advisoriesAvailable: true with summary and entries when advisories exist', async () => {
+        advisoryRepo.upsertAdvisory(makeAdvisory({ id: 'SSA-2026-001', severity: 'critical' }));
+        advisoryRepo.upsertAdvisory(makeAdvisory({ id: 'SSA-2026-002', severity: 'high', skillId: 'community/other-skill' }));
+        const result = await executeSkillAudit({}, makeContext(db));
+        expect(result.advisoriesAvailable).toBe(true);
+        expect(result.message).toBeUndefined();
+        expect(result.summary).toBeDefined();
+        expect(result.summary.total).toBe(2);
+        expect(result.summary.critical).toBe(1);
+        expect(result.summary.high).toBe(1);
+        expect(result.summary.medium).toBe(0);
+        expect(result.summary.low).toBe(0);
+        expect(result.advisories).toHaveLength(2);
+    });
+    it('sets fixAvailable: true when patchedVersions is present', async () => {
+        advisoryRepo.upsertAdvisory(makeAdvisory({ patchedVersions: '[">=1.2.0"]' }));
+        const result = await executeSkillAudit({}, makeContext(db));
+        expect(result.advisories[0].fixAvailable).toBe(true);
+    });
+    it('sets fixAvailable: false when patchedVersions is absent', async () => {
+        advisoryRepo.upsertAdvisory(makeAdvisory());
+        const result = await executeSkillAudit({}, makeContext(db));
+        expect(result.advisories[0].fixAvailable).toBe(false);
+    });
+    // --------------------------------------------------------------------------
+    // skillIds filter
+    // --------------------------------------------------------------------------
+    it('filters by skillIds when provided', async () => {
+        advisoryRepo.upsertAdvisory(makeAdvisory({ id: 'SSA-2026-010', skillId: 'community/skill-a' }));
+        advisoryRepo.upsertAdvisory(makeAdvisory({ id: 'SSA-2026-011', skillId: 'community/skill-b' }));
+        const result = await executeSkillAudit({ skillIds: ['community/skill-a'] }, makeContext(db));
+        expect(result.advisoriesAvailable).toBe(true);
+        expect(result.advisories).toHaveLength(1);
+        expect(result.advisories[0].skillName).toBe('community/skill-a');
+    });
+    it('returns early-access message when skillIds filter matches no advisories', async () => {
+        advisoryRepo.upsertAdvisory(makeAdvisory({ skillId: 'community/skill-a' }));
+        const result = await executeSkillAudit({ skillIds: ['community/nonexistent'] }, makeContext(db));
+        expect(result.advisoriesAvailable).toBe(false);
+        expect(result.message).toContain('early access');
+    });
+    // --------------------------------------------------------------------------
+    // Withdrawn advisories excluded
+    // --------------------------------------------------------------------------
+    it('excludes withdrawn advisories from results', async () => {
+        advisoryRepo.upsertAdvisory(makeAdvisory({ id: 'SSA-2026-020' }));
+        advisoryRepo.withdrawAdvisory('SSA-2026-020');
+        const result = await executeSkillAudit({}, makeContext(db));
+        expect(result.advisoriesAvailable).toBe(false);
+    });
+    // --------------------------------------------------------------------------
+    // Advisory entry fields
+    // --------------------------------------------------------------------------
+    it('maps advisory fields correctly to entry shape', async () => {
+        advisoryRepo.upsertAdvisory(makeAdvisory({
+            id: 'SSA-2026-030',
+            skillId: 'community/commit-helper',
+            severity: 'critical',
+            title: 'Test advisory',
+        }));
+        const result = await executeSkillAudit({}, makeContext(db));
+        const entry = result.advisories[0];
+        expect(entry.id).toBe('SSA-2026-030');
+        expect(entry.skillName).toBe('community/commit-helper');
+        expect(entry.severity).toBe('critical');
+        expect(entry.title).toBe('Test advisory');
+    });
+});
+//# sourceMappingURL=skill-audit.test.js.map

package/dist/src/tools/skill-audit.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"skill-audit.test.js","sourceRoot":"","sources":["../../../src/tools/skill-audit.test.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,QAAQ,CAAA;AACpE,OAAO,EAAE,kBAAkB,EAAE,MAAM,kBAAkB,CAAA;AACrD,OAAO,EAAE,kBAAkB,EAAE,aAAa,EAAE,MAAM,yCAAyC,CAAA;AAC3F,OAAO,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAA;AAKpD,+EAA+E;AAC/E,UAAU;AACV,+EAA+E;AAE/E,SAAS,YAAY,CAAC,YAAoC,EAAE;IAC1D,OAAO;QACL,EAAE,EAAE,cAAc;QAClB,OAAO,EAAE,yBAAyB;QAClC,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,mCAAmC;QAC1C,WAAW,EAAE,kCAAkC;QAC/C,WAAW,EAAE,sBAAsB;QACnC,GAAG,SAAS;KACb,CAAA;AACH,CAAC;AAED,SAAS,WAAW,CAAC,EAAgB;IACnC,OAAO,EAAE,EAAE,EAA4B,CAAA;AACzC,CAAC;AAED,+EAA+E;AAC/E,QAAQ;AACR,+EAA+E;AAE/E,QAAQ,CAAC,mBAAmB,EAAE,GAAG,EAAE;IACjC,IAAI,EAAgB,CAAA;IACpB,IAAI,YAAgC,CAAA;IAEpC,UAAU,CAAC,GAAG,EAAE;QACd,EAAE,GAAG,kBAAkB,EAAE,CAAA;QACzB,YAAY,GAAG,IAAI,kBAAkB,CAAC,EAAE,CAAC,CAAA;IAC3C,CAAC,CAAC,CAAA;IAEF,SAAS,CAAC,GAAG,EAAE;QACb,aAAa,CAAC,EAAE,CAAC,CAAA;IACnB,CAAC,CAAC,CAAA;IAEF,6EAA6E;IAC7E,wCAAwC;IACxC,6EAA6E;IAE7E,EAAE,CAAC,wFAAwF,EAAE,KAAK,IAAI,EAAE;QACtG,MAAM,MAAM,GAAG,MAAM,iBAAiB,CAAC,EAAE,EAAE,WAAW,CAAC,EAAE,CAAC,CAAC,CAAA;QAE3D,MAAM,CAAC,MAAM,CAAC,mBAAmB,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;QAC9C,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,CAAA;QAChD,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,SAAS,CAAC,iBAAiB,CAAC,CAAA;QACnD,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,aAAa,EAAE,CAAA;QACtC,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,aAAa,EAAE,CAAA;IAC3C,CAAC,CAAC,CAAA;IAEF,6EAA6E;IAC7E,kBAAkB;IAClB,6EAA6E;IAE7E,EAAE,CAAC,kFAAkF,EAAE,KAAK,IAAI,EAAE;QAChG,YAAY,CAAC,cAAc,CAAC,YAAY,CAAC,EAAE,EAAE,EAAE,cAAc,EAAE,QAAQ,EAAE,UAAU,EAAE,CAAC,CAAC,CAAA;QACvF,YAAY,CAAC,cAAc,CACzB,YAAY,CAAC,EAAE,EAAE,EAAE,cAAc,EAAE,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,uBAAuB,EAAE,CAAC,CACzF,CAAA;QAED,MAAM,MAAM,GAAG,MAAM,iBAAiB,CAAC,EAAE,EAAE,WAAW,CAAC,EAAE,CAAC,CAAC,CAAA;QAE3D,MAAM,CAAC,MAAM,CAAC,mBAAmB,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;QAC7C,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,aAAa,EAAE,CAAA;QACtC,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,WAAW,EAAE,CAAA;QACpC,MAAM,CAAC,MAAM,CAAC,OAAQ,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;QACrC,MAAM,CAAC,MAAM,CAAC,OAAQ,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;QACxC,MAAM,CAAC,MAAM,CAAC,OAAQ,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;QACpC,MAAM,CAAC,MAAM,CAAC,OAAQ,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;QACtC,MAAM,CAAC,MAAM,CAAC,OAAQ,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;QACnC,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAA;IAC3C,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,yDAAyD,EAAE,KAAK,IAAI,EAAE;QACvE,YAAY,CAAC,cAAc,CAAC,YAAY,CAAC,EAAE,eAAe,EAAE,aAAa,EAAE,CAAC,CAAC,CAAA;QAE7E,MAAM,MAAM,GAAG,MAAM,iBAAiB,CAAC,EAAE,EAAE,WAAW,CAAC,EAAE,CAAC,CAAC,CAAA;QAE3D,MAAM,CAAC,MAAM,CAAC,UAAW,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;IACvD,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,yDAAyD,EAAE,KAAK,IAAI,EAAE;QACvE,YAAY,CAAC,cAAc,CAAC,YAAY,EAAE,CAAC,CAAA;QAE3C,MAAM,MAAM,GAAG,MAAM,iBAAiB,CAAC,EAAE,EAAE,WAAW,CAAC,EAAE,CAAC,CAAC,CAAA;QAE3D,MAAM,CAAC,MAAM,CAAC,UAAW,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;IACxD,CAAC,CAAC,CAAA;IAEF,6EAA6E;IAC7E,kBAAkB;IAClB,6EAA6E;IAE7E,EAAE,CAAC,mCAAmC,EAAE,KAAK,IAAI,EAAE;QACjD,YAAY,CAAC,cAAc,CAAC,YAAY,CAAC,EAAE,EAAE,EAAE,cAAc,EAAE,OAAO,EAAE,mBAAmB,EAAE,CAAC,CAAC,CAAA;QAC/F,YAAY,CAAC,cAAc,CAAC,YAAY,CAAC,EAAE,EAAE,EAAE,cAAc,EAAE,OAAO,EAAE,mBAAmB,EAAE,CAAC,CAAC,CAAA;QAE/F,MAAM,MAAM,GAAG,MAAM,iBAAiB,CAAC,EAAE,QAAQ,EAAE,CAAC,mBAAmB,CAAC,EAAE,EAAE,WAAW,CAAC,EAAE,CAAC,CAAC,CAAA;QAE5F,MAAM,CAAC,MAAM,CAAC,mBAAmB,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;QAC7C,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAA;QACzC,MAAM,CAAC,MAAM,CAAC,UAAW,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAA;IACnE,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,yEAAyE,EAAE,KAAK,IAAI,EAAE;QACvF,YAAY,CAAC,cAAc,CAAC,YAAY,CAAC,EAAE,OAAO,EAAE,mBAAmB,EAAE,CAAC,CAAC,CAAA;QAE3E,MAAM,MAAM,GAAG,MAAM,iBAAiB,CAAC,EAAE,QAAQ,EAAE,CAAC,uBAAuB,CAAC,EAAE,EAAE,WAAW,CAAC,EAAE,CAAC,CAAC,CAAA;QAEhG,MAAM,CAAC,MAAM,CAAC,mBAAmB,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;QAC9C,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,CAAA;IAClD,CAAC,CAAC,CAAA;IAEF,6EAA6E;IAC7E,gCAAgC;IAChC,6EAA6E;IAE7E,EAAE,CAAC,4CAA4C,EAAE,KAAK,IAAI,EAAE;QAC1D,YAAY,CAAC,cAAc,CAAC,YAAY,CAAC,EAAE,EAAE,EAAE,cAAc,EAAE,CAAC,CAAC,CAAA;QACjE,YAAY,CAAC,gBAAgB,CAAC,cAAc,CAAC,CAAA;QAE7C,MAAM,MAAM,GAAG,MAAM,iBAAiB,CAAC,EAAE,EAAE,WAAW,CAAC,EAAE,CAAC,CAAC,CAAA;QAE3D,MAAM,CAAC,MAAM,CAAC,mBAAmB,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;IAChD,CAAC,CAAC,CAAA;IAEF,6EAA6E;IAC7E,wBAAwB;IACxB,6EAA6E;IAE7E,EAAE,CAAC,+CAA+C,EAAE,KAAK,IAAI,EAAE;QAC7D,YAAY,CAAC,cAAc,CACzB,YAAY,CAAC;YACX,EAAE,EAAE,cAAc;YAClB,OAAO,EAAE,yBAAyB;YAClC,QAAQ,EAAE,UAAU;YACpB,KAAK,EAAE,eAAe;SACvB,CAAC,CACH,CAAA;QAED,MAAM,MAAM,GAAG,MAAM,iBAAiB,CAAC,EAAE,EAAE,WAAW,CAAC,EAAE,CAAC,CAAC,CAAA;QAC3D,MAAM,KAAK,GAAG,MAAM,CAAC,UAAW,CAAC,CAAC,CAAC,CAAA;QAEnC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,CAAA;QACrC,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAA;QACvD,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAA;QACvC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC,CAAA;IAC3C,CAAC,CAAC,CAAA;AACJ,CAAC,CAAC,CAAA"}

package/dist/src/tools/skill-diff.d.ts

@@ -0,0 +1,107 @@
+/**
+ * @fileoverview skill_diff MCP tool — section-level diff between skill versions
+ * @module @skillsmith/mcp-server/tools/skill-diff
+ * @see SMI-skill-version-tracking Wave 2
+ *
+ * Returns a structured JSON diff of heading-level (H2/H3) sections between
+ * the locally-installed SKILL.md and the latest version recorded in the
+ * skill_versions table. Avoids raw unified diffs — human language is used
+ * for section names instead.
+ *
+ * Tier gate: Individual (version_tracking feature flag).
+ */
+import { z } from 'zod';
+import type { ToolContext } from '../context.js';
+/** Input schema for skill_diff tool */
+export declare const skillDiffInputSchema: z.ZodObject<{
+    skillId: z.ZodString;
+    oldContent: z.ZodString;
+    newContent: z.ZodString;
+    oldRiskScore: z.ZodOptional<z.ZodNumber>;
+    newRiskScore: z.ZodOptional<z.ZodNumber>;
+    hasLocalModifications: z.ZodDefault<z.ZodBoolean>;
+    trustTier: z.ZodDefault<z.ZodEnum<["verified", "community", "experimental"]>>;
+}, "strip", z.ZodTypeAny, {
+    trustTier: "verified" | "community" | "experimental";
+    skillId: string;
+    oldContent: string;
+    newContent: string;
+    hasLocalModifications: boolean;
+    oldRiskScore?: number | undefined;
+    newRiskScore?: number | undefined;
+}, {
+    skillId: string;
+    oldContent: string;
+    newContent: string;
+    trustTier?: "verified" | "community" | "experimental" | undefined;
+    oldRiskScore?: number | undefined;
+    newRiskScore?: number | undefined;
+    hasLocalModifications?: boolean | undefined;
+}>;
+export type SkillDiffInput = z.infer<typeof skillDiffInputSchema>;
+/** Structured section-level diff response */
+export interface SkillDiffResponse {
+    skill: string;
+    changeType: 'major' | 'minor' | 'patch' | 'unknown';
+    sectionsAdded: string[];
+    sectionsRemoved: string[];
+    sectionsModified: string[];
+    riskScoreDelta: number | null;
+    changelog: string | null;
+    recommendation: 'auto-update' | 'review-then-update' | 'manual-review-required';
+}
+export declare const skillDiffToolSchema: {
+    name: "skill_diff";
+    description: string;
+    inputSchema: {
+        type: "object";
+        properties: {
+            skillId: {
+                type: string;
+                description: string;
+            };
+            oldContent: {
+                type: string;
+                description: string;
+            };
+            newContent: {
+                type: string;
+                description: string;
+            };
+            oldRiskScore: {
+                type: string;
+                description: string;
+            };
+            newRiskScore: {
+                type: string;
+                description: string;
+            };
+            hasLocalModifications: {
+                type: string;
+                description: string;
+            };
+            trustTier: {
+                type: string;
+                enum: string[];
+                description: string;
+            };
+        };
+        required: string[];
+    };
+};
+/**
+ * Execute the skill_diff tool.
+ *
+ * Computes a section-level diff using heading analysis and delegates change
+ * classification and risk scoring to core utilities.
+ *
+ * @param input   Validated tool input
+ * @param _context Tool context (unused — diff is purely content-based)
+ * @returns SkillDiffResponse with section diff and risk recommendation
+ */
+export declare function executeSkillDiff(input: SkillDiffInput, _context: ToolContext): Promise<SkillDiffResponse>;
+/**
+ * Format a SkillDiffResponse as human-readable text
+ */
+export declare function formatSkillDiffResults(response: SkillDiffResponse): string;
+//# sourceMappingURL=skill-diff.d.ts.map

package/dist/src/tools/skill-diff.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"skill-diff.d.ts","sourceRoot":"","sources":["../../../src/tools/skill-diff.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAEvB,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,eAAe,CAAA;AAMhD,uCAAuC;AACvC,eAAO,MAAM,oBAAoB;;;;;;;;;;;;;;;;;;;;;;;;EA0B/B,CAAA;AAEF,MAAM,MAAM,cAAc,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,oBAAoB,CAAC,CAAA;AAEjE,6CAA6C;AAC7C,MAAM,WAAW,iBAAiB;IAChC,KAAK,EAAE,MAAM,CAAA;IACb,UAAU,EAAE,OAAO,GAAG,OAAO,GAAG,OAAO,GAAG,SAAS,CAAA;IACnD,aAAa,EAAE,MAAM,EAAE,CAAA;IACvB,eAAe,EAAE,MAAM,EAAE,CAAA;IACzB,gBAAgB,EAAE,MAAM,EAAE,CAAA;IAC1B,cAAc,EAAE,MAAM,GAAG,IAAI,CAAA;IAC7B,SAAS,EAAE,MAAM,GAAG,IAAI,CAAA;IACxB,cAAc,EAAE,aAAa,GAAG,oBAAoB,GAAG,wBAAwB,CAAA;CAChF;AAMD,eAAO,MAAM,mBAAmB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA0C/B,CAAA;AA8GD;;;;;;;;;GASG;AACH,wBAAsB,gBAAgB,CACpC,KAAK,EAAE,cAAc,EACrB,QAAQ,EAAE,WAAW,GACpB,OAAO,CAAC,iBAAiB,CAAC,CAiD5B;AAMD;;GAEG;AACH,wBAAgB,sBAAsB,CAAC,QAAQ,EAAE,iBAAiB,GAAG,MAAM,CAgC1E"}