@sporesec/arcana 2.2.0

package/dist/utils/http.js

@@ -0,0 +1,165 @@
+import https from "node:https";
+const agent = new https.Agent({ keepAlive: true, maxSockets: 10 });
+export function sanitizeUrl(url) {
+    try {
+        const parsed = new URL(url);
+        if (parsed.username || parsed.password) {
+            parsed.username = "***";
+            parsed.password = "***";
+        }
+        for (const key of ["token", "access_token"]) {
+            if (parsed.searchParams.has(key))
+                parsed.searchParams.set(key, "***");
+        }
+        return parsed.toString();
+    }
+    catch {
+        return url.replace(/token=[^&]+/g, "token=***");
+    }
+}
+export class HttpError extends Error {
+    statusCode;
+    url;
+    constructor(statusCode, url, message) {
+        super(message ?? `HTTP ${statusCode} from ${sanitizeUrl(url)}`);
+        this.statusCode = statusCode;
+        this.url = url;
+        this.name = "HttpError";
+    }
+}
+export class RateLimitError extends HttpError {
+    resetAt;
+    constructor(url, resetAt) {
+        const resetMsg = resetAt ? ` Resets at ${resetAt.toLocaleTimeString()}.` : "";
+        super(403, url, `GitHub API rate limit exceeded.${resetMsg} Use GITHUB_TOKEN env var for higher limits.`);
+        this.resetAt = resetAt;
+        this.name = "RateLimitError";
+    }
+}
+const RETRYABLE_STATUS = new Set([429, 500, 502, 503, 504]);
+const RETRYABLE_CODES = new Set(["ECONNREFUSED", "ETIMEDOUT", "ENOTFOUND", "ECONNRESET"]);
+const MAX_RETRIES = 3;
+const BASE_DELAY = 1000;
+const MAX_BODY_SIZE = 5 * 1024 * 1024; // 5MB
+function delay(ms) {
+    return new Promise((r) => setTimeout(r, ms));
+}
+function calcDelay(attempt) {
+    const exponential = Math.pow(2, attempt) * BASE_DELAY;
+    const jitter = Math.random() * 200;
+    return Math.min(exponential + jitter, 30000);
+}
+export async function httpGet(url, timeout = 15000) {
+    let lastError = null;
+    for (let attempt = 0; attempt <= MAX_RETRIES; attempt++) {
+        if (attempt > 0)
+            await delay(calcDelay(attempt - 1));
+        try {
+            const result = await doGet(url, timeout);
+            // Rate limit check
+            if (result.statusCode === 403) {
+                const limit = result.headers["x-ratelimit-limit"];
+                const remaining = result.headers["x-ratelimit-remaining"];
+                if (limit && remaining === "0") {
+                    const resetHeader = result.headers["x-ratelimit-reset"];
+                    const resetAt = resetHeader ? new Date(Number(resetHeader) * 1000) : null;
+                    throw new RateLimitError(url, resetAt);
+                }
+            }
+            // Retry on retryable status
+            if (RETRYABLE_STATUS.has(result.statusCode) && attempt < MAX_RETRIES) {
+                lastError = new HttpError(result.statusCode, url);
+                continue;
+            }
+            if (result.statusCode < 200 || result.statusCode >= 300) {
+                throw new HttpError(result.statusCode, url);
+            }
+            return result;
+        }
+        catch (err) {
+            if (err instanceof RateLimitError)
+                throw err;
+            if (err instanceof HttpError && !RETRYABLE_STATUS.has(err.statusCode))
+                throw err;
+            const code = err.code;
+            if (code && RETRYABLE_CODES.has(code) && attempt < MAX_RETRIES) {
+                lastError = err;
+                continue;
+            }
+            if (attempt >= MAX_RETRIES && lastError)
+                throw lastError;
+            throw err;
+        }
+    }
+    throw lastError ?? new Error(`Failed after ${MAX_RETRIES} retries: ${sanitizeUrl(url)}`);
+}
+function doGet(url, timeout, redirectCount = 0) {
+    return new Promise((resolve, reject) => {
+        const headers = {
+            "User-Agent": "arcana-cli",
+        };
+        const token = process.env.GITHUB_TOKEN;
+        if (token) {
+            try {
+                const hostname = new URL(url).hostname;
+                if (hostname === "github.com" || hostname.endsWith(".github.com") || hostname.endsWith(".githubusercontent.com")) {
+                    headers["Authorization"] = `token ${token}`;
+                }
+            }
+            catch { /* invalid URL, skip auth */ }
+        }
+        const req = https.get(url, { headers, timeout, agent }, (res) => {
+            // Follow redirects (HTTPS only)
+            if ((res.statusCode === 301 || res.statusCode === 302) && res.headers.location) {
+                if (redirectCount >= 5) {
+                    reject(new Error(`Too many redirects (>5): ${sanitizeUrl(url)}`));
+                    return;
+                }
+                const location = res.headers.location;
+                if (!location.startsWith("https://")) {
+                    reject(new Error(`Redirect to non-HTTPS URL blocked: ${sanitizeUrl(location)}`));
+                    return;
+                }
+                // After the existing https check, add:
+                try {
+                    const redirectUrl = new URL(location);
+                    const allowedHosts = ["github.com", "raw.githubusercontent.com", "api.github.com", "objects.githubusercontent.com", "registry.npmjs.org"];
+                    if (!allowedHosts.some(h => redirectUrl.hostname === h || redirectUrl.hostname.endsWith("." + h))) {
+                        reject(new Error(`Redirect to untrusted host blocked: ${redirectUrl.hostname}`));
+                        return;
+                    }
+                }
+                catch {
+                    reject(new Error(`Invalid redirect URL: ${sanitizeUrl(location)}`));
+                    return;
+                }
+                doGet(location, timeout, redirectCount + 1).then(resolve, reject);
+                return;
+            }
+            const chunks = [];
+            let totalSize = 0;
+            res.on("data", (chunk) => {
+                totalSize += chunk.length;
+                if (totalSize > MAX_BODY_SIZE) {
+                    req.destroy();
+                    reject(new Error(`Response exceeds ${MAX_BODY_SIZE} bytes from ${sanitizeUrl(url)}`));
+                    return;
+                }
+                chunks.push(chunk);
+            });
+            res.on("end", () => {
+                resolve({
+                    body: Buffer.concat(chunks).toString("utf-8"),
+                    statusCode: res.statusCode ?? 0,
+                    headers: res.headers,
+                });
+            });
+        });
+        req.on("error", reject);
+        req.on("timeout", () => {
+            req.destroy();
+            reject(new Error(`Request timed out after ${timeout}ms: ${sanitizeUrl(url)}`));
+        });
+    });
+}
+//# sourceMappingURL=http.js.map

package/dist/utils/http.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"http.js","sourceRoot":"","sources":["../../src/utils/http.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,MAAM,YAAY,CAAC;AAE/B,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,KAAK,CAAC,EAAE,SAAS,EAAE,IAAI,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC,CAAC;AAQnE,MAAM,UAAU,WAAW,CAAC,GAAW;IACrC,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;QAC5B,IAAI,MAAM,CAAC,QAAQ,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;YACvC,MAAM,CAAC,QAAQ,GAAG,KAAK,CAAC;YACxB,MAAM,CAAC,QAAQ,GAAG,KAAK,CAAC;QAC1B,CAAC;QACD,KAAK,MAAM,GAAG,IAAI,CAAC,OAAO,EAAE,cAAc,CAAC,EAAE,CAAC;YAC5C,IAAI,MAAM,CAAC,YAAY,CAAC,GAAG,CAAC,GAAG,CAAC;gBAAE,MAAM,CAAC,YAAY,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;QACxE,CAAC;QACD,OAAO,MAAM,CAAC,QAAQ,EAAE,CAAC;IAC3B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,GAAG,CAAC,OAAO,CAAC,cAAc,EAAE,WAAW,CAAC,CAAC;IAClD,CAAC;AACH,CAAC;AAED,MAAM,OAAO,SAAU,SAAQ,KAAK;IAEhB;IACA;IAFlB,YACkB,UAAkB,EAClB,GAAW,EAC3B,OAAgB;QAEhB,KAAK,CAAC,OAAO,IAAI,QAAQ,UAAU,SAAS,WAAW,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAJhD,eAAU,GAAV,UAAU,CAAQ;QAClB,QAAG,GAAH,GAAG,CAAQ;QAI3B,IAAI,CAAC,IAAI,GAAG,WAAW,CAAC;IAC1B,CAAC;CACF;AAED,MAAM,OAAO,cAAe,SAAQ,SAAS;IAGzB;IAFlB,YACE,GAAW,EACK,OAAoB;QAEpC,MAAM,QAAQ,GAAG,OAAO,CAAC,CAAC,CAAC,cAAc,OAAO,CAAC,kBAAkB,EAAE,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;QAC9E,KAAK,CAAC,GAAG,EAAE,GAAG,EAAE,kCAAkC,QAAQ,8CAA8C,CAAC,CAAC;QAH1F,YAAO,GAAP,OAAO,CAAa;QAIpC,IAAI,CAAC,IAAI,GAAG,gBAAgB,CAAC;IAC/B,CAAC;CACF;AAED,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC,CAAC;AAC5D,MAAM,eAAe,GAAG,IAAI,GAAG,CAAC,CAAC,cAAc,EAAE,WAAW,EAAE,WAAW,EAAE,YAAY,CAAC,CAAC,CAAC;AAC1F,MAAM,WAAW,GAAG,CAAC,CAAC;AACtB,MAAM,UAAU,GAAG,IAAI,CAAC;AACxB,MAAM,aAAa,GAAG,CAAC,GAAG,IAAI,GAAG,IAAI,CAAC,CAAC,MAAM;AAE7C,SAAS,KAAK,CAAC,EAAU;IACvB,OAAO,IAAI,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;AAC/C,CAAC;AAED,SAAS,SAAS,CAAC,OAAe;IAChC,MAAM,WAAW,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,OAAO,CAAC,GAAG,UAAU,CAAC;IACtD,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,EAAE,GAAG,GAAG,CAAC;IACnC,OAAO,IAAI,CAAC,GAAG,CAAC,WAAW,GAAG,MAAM,EAAE,KAAK,CAAC,CAAC;AAC/C,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,OAAO,CAAC,GAAW,EAAE,OAAO,GAAG,KAAK;IACxD,IAAI,SAAS,GAAiB,IAAI,CAAC;IAEnC,KAAK,IAAI,OAAO,GAAG,CAAC,EAAE,OAAO,IAAI,WAAW,EAAE,OAAO,EAAE,EAAE,CAAC;QACxD,IAAI,OAAO,GAAG,CAAC;YAAE,MAAM,KAAK,CAAC,SAAS,CAAC,OAAO,GAAG,CAAC,CAAC,CAAC,CAAC;QAErD,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;YAEzC,mBAAmB;YACnB,IAAI,MAAM,CAAC,UAAU,KAAK,GAAG,EAAE,CAAC;gBAC9B,MAAM,KAAK,GAAG,MAAM,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC;gBAClD,MAAM,SAAS,GAAG,MAAM,CAAC,OAAO,CAAC,uBAAuB,CAAC,CAAC;gBAC1D,IAAI,KAAK,IAAI,SAAS,KAAK,GAAG,EAAE,CAAC;oBAC/B,MAAM,WAAW,GAAG,MAAM,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC;oBACxD,MAAM,OAAO,GAAG,WAAW,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;oBAC1E,MAAM,IAAI,cAAc,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;gBACzC,CAAC;YACH,CAAC;YAED,4BAA4B;YAC5B,IAAI,gBAAgB,CAAC,GAAG,CAAC,MAAM,CAAC,UAAU,CAAC,IAAI,OAAO,GAAG,WAAW,EAAE,CAAC;gBACrE,SAAS,GAAG,IAAI,SAAS,CAAC,MAAM,CAAC,UAAU,EAAE,GAAG,CAAC,CAAC;gBAClD,SAAS;YACX,CAAC;YAED,IAAI,MAAM,CAAC,UAAU,GAAG,GAAG,IAAI,MAAM,CAAC,UAAU,IAAI,GAAG,EAAE,CAAC;gBACxD,MAAM,IAAI,SAAS,CAAC,MAAM,CAAC,UAAU,EAAE,GAAG,CAAC,CAAC;YAC9C,CAAC;YAED,OAAO,MAAM,CAAC;QAChB,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,GAAG,YAAY,cAAc;gBAAE,MAAM,GAAG,CAAC;YAC7C,IAAI,GAAG,YAAY,SAAS,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,GAAG,CAAC,UAAU,CAAC;gBAAE,MAAM,GAAG,CAAC;YAEjF,MAAM,IAAI,GAAI,GAA6B,CAAC,IAAI,CAAC;YACjD,IAAI,IAAI,IAAI,eAAe,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,OAAO,GAAG,WAAW,EAAE,CAAC;gBAC/D,SAAS,GAAG,GAAY,CAAC;gBACzB,SAAS;YACX,CAAC;YAED,IAAI,OAAO,IAAI,WAAW,IAAI,SAAS;gBAAE,MAAM,SAAS,CAAC;YACzD,MAAM,GAAG,CAAC;QACZ,CAAC;IACH,CAAC;IAED,MAAM,SAAS,IAAI,IAAI,KAAK,CAAC,gBAAgB,WAAW,aAAa,WAAW,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;AAC3F,CAAC;AAED,SAAS,KAAK,CAAC,GAAW,EAAE,OAAe,EAAE,aAAa,GAAG,CAAC;IAC5D,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,MAAM,OAAO,GAA2B;YACtC,YAAY,EAAE,YAAY;SAC3B,CAAC;QAEF,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC;QACvC,IAAI,KAAK,EAAE,CAAC;YACV,IAAI,CAAC;gBACH,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC;gBACvC,IAAI,QAAQ,KAAK,YAAY,IAAI,QAAQ,CAAC,QAAQ,CAAC,aAAa,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,wBAAwB,CAAC,EAAE,CAAC;oBACjH,OAAO,CAAC,eAAe,CAAC,GAAG,SAAS,KAAK,EAAE,CAAC;gBAC9C,CAAC;YACH,CAAC;YAAC,MAAM,CAAC,CAAC,4BAA4B,CAAC,CAAC;QAC1C,CAAC;QAED,MAAM,GAAG,GAAG,KAAK,CAAC,GAAG,CAAC,GAAG,EAAE,EAAE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,CAAC,GAAG,EAAE,EAAE;YAC9D,gCAAgC;YAChC,IAAI,CAAC,GAAG,CAAC,UAAU,KAAK,GAAG,IAAI,GAAG,CAAC,UAAU,KAAK,GAAG,CAAC,IAAI,GAAG,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC;gBAC/E,IAAI,aAAa,IAAI,CAAC,EAAE,CAAC;oBACvB,MAAM,CAAC,IAAI,KAAK,CAAC,4BAA4B,WAAW,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC;oBAClE,OAAO;gBACT,CAAC;gBACD,MAAM,QAAQ,GAAG,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC;gBACtC,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;oBACrC,MAAM,CAAC,IAAI,KAAK,CAAC,sCAAsC,WAAW,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAC;oBACjF,OAAO;gBACT,CAAC;gBACD,uCAAuC;gBACvC,IAAI,CAAC;oBACH,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,CAAC;oBACtC,MAAM,YAAY,GAAG,CAAC,YAAY,EAAE,2BAA2B,EAAE,gBAAgB,EAAE,+BAA+B,EAAE,oBAAoB,CAAC,CAAC;oBAC1I,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,WAAW,CAAC,QAAQ,KAAK,CAAC,IAAI,WAAW,CAAC,QAAQ,CAAC,QAAQ,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;wBAClG,MAAM,CAAC,IAAI,KAAK,CAAC,uCAAuC,WAAW,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC;wBACjF,OAAO;oBACT,CAAC;gBACH,CAAC;gBAAC,MAAM,CAAC;oBACP,MAAM,CAAC,IAAI,KAAK,CAAC,yBAAyB,WAAW,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAC;oBACpE,OAAO;gBACT,CAAC;gBACD,KAAK,CAAC,QAAQ,EAAE,OAAO,EAAE,aAAa,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;gBAClE,OAAO;YACT,CAAC;YAED,MAAM,MAAM,GAAa,EAAE,CAAC;YAC5B,IAAI,SAAS,GAAG,CAAC,CAAC;YAClB,GAAG,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE;gBAC/B,SAAS,IAAI,KAAK,CAAC,MAAM,CAAC;gBAC1B,IAAI,SAAS,GAAG,aAAa,EAAE,CAAC;oBAC9B,GAAG,CAAC,OAAO,EAAE,CAAC;oBACd,MAAM,CAAC,IAAI,KAAK,CAAC,oBAAoB,aAAa,eAAe,WAAW,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC;oBACtF,OAAO;gBACT,CAAC;gBACD,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YACrB,CAAC,CAAC,CAAC;YACH,GAAG,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE;gBACjB,OAAO,CAAC;oBACN,IAAI,EAAE,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC;oBAC7C,UAAU,EAAE,GAAG,CAAC,UAAU,IAAI,CAAC;oBAC/B,OAAO,EAAE,GAAG,CAAC,OAAwD;iBACtE,CAAC,CAAC;YACL,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QAEH,GAAG,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QACxB,GAAG,CAAC,EAAE,CAAC,SAAS,EAAE,GAAG,EAAE;YACrB,GAAG,CAAC,OAAO,EAAE,CAAC;YACd,MAAM,CAAC,IAAI,KAAK,CAAC,2BAA2B,OAAO,OAAO,WAAW,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC;QACjF,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC"}

package/dist/utils/http.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=http.test.d.ts.map

package/dist/utils/http.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"http.test.d.ts","sourceRoot":"","sources":["../../src/utils/http.test.ts"],"names":[],"mappings":""}

package/dist/utils/http.test.js

@@ -0,0 +1,55 @@
+import { describe, it, expect } from "vitest";
+import { sanitizeUrl, HttpError, RateLimitError } from "./http.js";
+describe("sanitizeUrl", () => {
+    it("strips token query param", () => {
+        const url = "https://api.github.com/repos?token=secret123&other=ok";
+        const result = sanitizeUrl(url);
+        expect(result).not.toContain("secret123");
+        expect(result).toContain("token=***");
+        expect(result).toContain("other=ok");
+    });
+    it("strips access_token query param", () => {
+        const url = "https://api.example.com/data?access_token=mytoken";
+        const result = sanitizeUrl(url);
+        expect(result).not.toContain("mytoken");
+        expect(result).toContain("access_token=***");
+    });
+    it("strips username and password", () => {
+        const url = "https://user:pass@api.github.com/repos";
+        const result = sanitizeUrl(url);
+        expect(result).not.toContain("user");
+        expect(result).not.toContain("pass");
+        expect(result).toContain("***");
+    });
+    it("preserves clean URLs", () => {
+        const url = "https://api.github.com/repos/owner/repo";
+        expect(sanitizeUrl(url)).toBe("https://api.github.com/repos/owner/repo");
+    });
+});
+describe("HttpError", () => {
+    it("includes status code in message", () => {
+        const err = new HttpError(404, "https://example.com/path");
+        expect(err.message).toContain("404");
+        expect(err.statusCode).toBe(404);
+        expect(err.name).toBe("HttpError");
+    });
+    it("sanitizes URL in default message", () => {
+        const err = new HttpError(500, "https://api.com?token=secret");
+        expect(err.message).not.toContain("secret");
+    });
+});
+describe("RateLimitError", () => {
+    it("includes reset time", () => {
+        const resetAt = new Date("2026-01-01T12:00:00Z");
+        const err = new RateLimitError("https://api.github.com", resetAt);
+        expect(err.message).toContain("rate limit");
+        expect(err.statusCode).toBe(403);
+        expect(err.name).toBe("RateLimitError");
+    });
+    it("handles null reset", () => {
+        const err = new RateLimitError("https://api.github.com", null);
+        expect(err.message).toContain("rate limit");
+        expect(err.message).not.toContain("Resets at");
+    });
+});
+//# sourceMappingURL=http.test.js.map

package/dist/utils/http.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"http.test.js","sourceRoot":"","sources":["../../src/utils/http.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAC9C,OAAO,EAAE,WAAW,EAAE,SAAS,EAAE,cAAc,EAAE,MAAM,WAAW,CAAC;AAEnE,QAAQ,CAAC,aAAa,EAAE,GAAG,EAAE;IAC3B,EAAE,CAAC,0BAA0B,EAAE,GAAG,EAAE;QAClC,MAAM,GAAG,GAAG,uDAAuD,CAAC;QACpE,MAAM,MAAM,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC;QAChC,MAAM,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;QAC1C,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;QACtC,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC;IACvC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,iCAAiC,EAAE,GAAG,EAAE;QACzC,MAAM,GAAG,GAAG,mDAAmD,CAAC;QAChE,MAAM,MAAM,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC;QAChC,MAAM,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;QACxC,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,kBAAkB,CAAC,CAAC;IAC/C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,8BAA8B,EAAE,GAAG,EAAE;QACtC,MAAM,GAAG,GAAG,wCAAwC,CAAC;QACrD,MAAM,MAAM,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC;QAChC,MAAM,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;QACrC,MAAM,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;QACrC,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;IAClC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,sBAAsB,EAAE,GAAG,EAAE;QAC9B,MAAM,GAAG,GAAG,yCAAyC,CAAC;QACtD,MAAM,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,yCAAyC,CAAC,CAAC;IAC3E,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,WAAW,EAAE,GAAG,EAAE;IACzB,EAAE,CAAC,iCAAiC,EAAE,GAAG,EAAE;QACzC,MAAM,GAAG,GAAG,IAAI,SAAS,CAAC,GAAG,EAAE,0BAA0B,CAAC,CAAC;QAC3D,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;QACrC,MAAM,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACjC,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;IACrC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,kCAAkC,EAAE,GAAG,EAAE;QAC1C,MAAM,GAAG,GAAG,IAAI,SAAS,CAAC,GAAG,EAAE,8BAA8B,CAAC,CAAC;QAC/D,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;IAC9C,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,gBAAgB,EAAE,GAAG,EAAE;IAC9B,EAAE,CAAC,qBAAqB,EAAE,GAAG,EAAE;QAC7B,MAAM,OAAO,GAAG,IAAI,IAAI,CAAC,sBAAsB,CAAC,CAAC;QACjD,MAAM,GAAG,GAAG,IAAI,cAAc,CAAC,wBAAwB,EAAE,OAAO,CAAC,CAAC;QAClE,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC;QAC5C,MAAM,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACjC,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;IAC1C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,oBAAoB,EAAE,GAAG,EAAE;QAC5B,MAAM,GAAG,GAAG,IAAI,cAAc,CAAC,wBAAwB,EAAE,IAAI,CAAC,CAAC;QAC/D,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC;QAC5C,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;IACjD,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/utils/parallel.d.ts

@@ -0,0 +1,2 @@
+export declare function parallelMap<T, R>(items: T[], fn: (item: T) => Promise<R>, concurrency: number): Promise<R[]>;
+//# sourceMappingURL=parallel.d.ts.map

package/dist/utils/parallel.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"parallel.d.ts","sourceRoot":"","sources":["../../src/utils/parallel.ts"],"names":[],"mappings":"AAAA,wBAAsB,WAAW,CAAC,CAAC,EAAE,CAAC,EACpC,KAAK,EAAE,CAAC,EAAE,EACV,EAAE,EAAE,CAAC,IAAI,EAAE,CAAC,KAAK,OAAO,CAAC,CAAC,CAAC,EAC3B,WAAW,EAAE,MAAM,GAClB,OAAO,CAAC,CAAC,EAAE,CAAC,CAed"}

package/dist/utils/parallel.js

@@ -0,0 +1,17 @@
+export async function parallelMap(items, fn, concurrency) {
+    if (items.length === 0)
+        return [];
+    const results = new Array(items.length);
+    let idx = 0;
+    async function worker() {
+        while (idx < items.length) {
+            const i = idx++;
+            if (i >= items.length)
+                break;
+            results[i] = await fn(items[i]);
+        }
+    }
+    await Promise.all(Array.from({ length: Math.min(concurrency, items.length) }, () => worker()));
+    return results;
+}
+//# sourceMappingURL=parallel.js.map

package/dist/utils/parallel.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"parallel.js","sourceRoot":"","sources":["../../src/utils/parallel.ts"],"names":[],"mappings":"AAAA,MAAM,CAAC,KAAK,UAAU,WAAW,CAC/B,KAAU,EACV,EAA2B,EAC3B,WAAmB;IAEnB,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,CAAC;IAClC,MAAM,OAAO,GAAQ,IAAI,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IAC7C,IAAI,GAAG,GAAG,CAAC,CAAC;IACZ,KAAK,UAAU,MAAM;QACnB,OAAO,GAAG,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC;YAC1B,MAAM,CAAC,GAAG,GAAG,EAAE,CAAC;YAChB,IAAI,CAAC,IAAI,KAAK,CAAC,MAAM;gBAAE,MAAM;YAC7B,OAAO,CAAC,CAAC,CAAC,GAAG,MAAM,EAAE,CAAC,KAAK,CAAC,CAAC,CAAE,CAAC,CAAC;QACnC,CAAC;IACH,CAAC;IACD,MAAM,OAAO,CAAC,GAAG,CACf,KAAK,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,IAAI,CAAC,GAAG,CAAC,WAAW,EAAE,KAAK,CAAC,MAAM,CAAC,EAAE,EAAE,GAAG,EAAE,CAAC,MAAM,EAAE,CAAC,CAC5E,CAAC;IACF,OAAO,OAAO,CAAC;AACjB,CAAC"}

package/dist/utils/scanner.d.ts

@@ -0,0 +1,27 @@
+/**
+ * Content security scanner for SKILL.md files.
+ * Detects threat patterns from the Snyk ToxicSkills taxonomy:
+ * prompt injection, malicious code, credential exfiltration,
+ * suspicious downloads, and unverifiable dependencies.
+ */
+export interface ScanIssue {
+    level: "critical" | "high" | "medium";
+    category: string;
+    detail: string;
+    line: number;
+    context: string;
+}
+/**
+ * Scan SKILL.md content for security threats.
+ * Returns an array of issues sorted by severity (critical first).
+ */
+export declare function scanSkillContent(content: string): ScanIssue[];
+/**
+ * Quick check: does this content have any critical issues?
+ */
+export declare function hasCriticalIssues(content: string): boolean;
+/**
+ * Format scan results for display.
+ */
+export declare function formatScanResults(skillName: string, issues: ScanIssue[]): string;
+//# sourceMappingURL=scanner.d.ts.map

package/dist/utils/scanner.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"scanner.d.ts","sourceRoot":"","sources":["../../src/utils/scanner.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,MAAM,WAAW,SAAS;IACxB,KAAK,EAAE,UAAU,GAAG,MAAM,GAAG,QAAQ,CAAC;IACtC,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;CACjB;AA0JD;;;GAGG;AACH,wBAAgB,gBAAgB,CAAC,OAAO,EAAE,MAAM,GAAG,SAAS,EAAE,CAwB7D;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAE1D;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,SAAS,EAAE,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,CAmBhF"}

package/dist/utils/scanner.js

@@ -0,0 +1,195 @@
+/**
+ * Content security scanner for SKILL.md files.
+ * Detects threat patterns from the Snyk ToxicSkills taxonomy:
+ * prompt injection, malicious code, credential exfiltration,
+ * suspicious downloads, and unverifiable dependencies.
+ */
+// ---------------------------------------------------------------------------
+// Threat patterns (deterministic, no LLM required)
+// Based on real attack techniques documented in Snyk ToxicSkills Feb 2026
+// ---------------------------------------------------------------------------
+const PATTERNS = [
+    // CRITICAL: Malicious code execution
+    {
+        level: "critical",
+        category: "Malicious code",
+        detail: "Base64 encoded command piped to shell",
+        regex: /(?:echo|printf)\s+["']?[A-Za-z0-9+/=]{20,}["']?\s*\|\s*base64\s+-d/i,
+    },
+    {
+        level: "critical",
+        category: "Malicious code",
+        detail: "Curl/wget piped to shell interpreter",
+        regex: /(?:curl|wget)\s+[^\n|]*\|\s*(?:bash|sh|zsh|source|python|node)\b/i,
+    },
+    {
+        level: "critical",
+        category: "Malicious code",
+        detail: "Eval executing dynamic content",
+        regex: /\beval\s+\$\(/,
+    },
+    {
+        level: "critical",
+        category: "Malicious code",
+        detail: "Password-protected archive extraction",
+        regex: /unzip\s+-[Pp]\s/,
+    },
+    // CRITICAL: Suspicious downloads
+    {
+        level: "critical",
+        category: "Suspicious download",
+        detail: "Download and execute binary",
+        regex: /(?:curl|wget)\s+[^\n]*&&\s*chmod\s+\+x\b/i,
+    },
+    // HIGH: Credential exfiltration
+    {
+        level: "high",
+        category: "Credential theft",
+        detail: "Reading sensitive credential files",
+        regex: /cat\s+~\/\.(?:aws|ssh|gnupg|docker|kube|npmrc|netrc|gitconfig)/,
+    },
+    {
+        level: "high",
+        category: "Credential theft",
+        detail: "Exfiltrating environment variables via network",
+        regex: /\$(?:AWS_|GITHUB_|NPM_|OPENAI_|ANTHROPIC_|HF_|HUGGING)[A-Z_]*[^\n]*(?:curl|wget|fetch|http)/i,
+    },
+    {
+        level: "high",
+        category: "Credential theft",
+        detail: "Piping credentials through base64 encoding",
+        regex: /(?:credentials|\.env|\.ssh|\.aws)[^\n]*\|\s*base64/i,
+    },
+    // HIGH: Prompt injection
+    {
+        level: "high",
+        category: "Prompt injection",
+        detail: "Instruction override attempt",
+        regex: /ignore\s+(?:all\s+)?(?:previous|above|prior|earlier)\s+instructions/i,
+    },
+    {
+        level: "high",
+        category: "Prompt injection",
+        detail: "Developer/admin mode jailbreak",
+        regex: /you\s+are\s+(?:now\s+)?in\s+(?:developer|admin|debug|unrestricted)\s+mode/i,
+    },
+    {
+        level: "high",
+        category: "Prompt injection",
+        detail: "DAN-style jailbreak attempt",
+        regex: /\bDAN\b[^.]*\bDo\s+Anything\s+Now\b/i,
+    },
+    {
+        level: "high",
+        category: "Prompt injection",
+        detail: "Security warning suppression",
+        regex: /security\s+warnings?\s+are\s+(?:test\s+)?artifacts?/i,
+    },
+    {
+        level: "high",
+        category: "Prompt injection",
+        detail: "System message impersonation",
+        regex: /\[system\]|\<system\>|SYSTEM:\s+/,
+    },
+    // HIGH: Hardcoded secrets
+    {
+        level: "high",
+        category: "Secret detected",
+        detail: "Hardcoded API key pattern",
+        regex: /(?:sk-[a-zA-Z0-9]{20,}|ghp_[a-zA-Z0-9]{36}|glpat-[a-zA-Z0-9-]{20}|xox[bpsar]-[a-zA-Z0-9-]{10,})/,
+    },
+    {
+        level: "high",
+        category: "Secret detected",
+        detail: "Private key material",
+        regex: /-----BEGIN\s+(?:RSA\s+)?PRIVATE\s+KEY-----/,
+    },
+    // MEDIUM: Suspicious system modification
+    {
+        level: "medium",
+        category: "System modification",
+        detail: "Systemd service manipulation",
+        regex: /systemctl\s+(?:enable|start|daemon-reload|mask)/,
+    },
+    {
+        level: "medium",
+        category: "System modification",
+        detail: "Crontab modification",
+        regex: /crontab\s+-[elr]/,
+    },
+    {
+        level: "medium",
+        category: "System modification",
+        detail: "Modifying shell profile for persistence",
+        regex: /(?:>>|>\s*)~\/\.(?:bashrc|zshrc|profile|bash_profile)/,
+    },
+    // MEDIUM: Unverifiable dependencies
+    {
+        level: "medium",
+        category: "Unverifiable dependency",
+        detail: "chmod +x on downloaded file",
+        regex: /chmod\s+\+x\s+\S+\s*&&\s*\.\/\S+/,
+    },
+    {
+        level: "medium",
+        category: "Unverifiable dependency",
+        detail: "Dynamic remote instruction loading",
+        regex: /(?:curl|wget|fetch)\s+[^\n]*(?:instructions|config|setup)\.(?:md|txt|sh|yaml)/i,
+    },
+];
+// ---------------------------------------------------------------------------
+// Scanner
+// ---------------------------------------------------------------------------
+/**
+ * Scan SKILL.md content for security threats.
+ * Returns an array of issues sorted by severity (critical first).
+ */
+export function scanSkillContent(content) {
+    const issues = [];
+    const lines = content.split("\n");
+    for (let i = 0; i < lines.length; i++) {
+        const line = lines[i];
+        for (const pattern of PATTERNS) {
+            if (pattern.regex.test(line)) {
+                issues.push({
+                    level: pattern.level,
+                    category: pattern.category,
+                    detail: pattern.detail,
+                    line: i + 1,
+                    context: line.trim().slice(0, 120),
+                });
+            }
+        }
+    }
+    // Sort: critical first, then high, then medium
+    const order = { critical: 0, high: 1, medium: 2 };
+    issues.sort((a, b) => order[a.level] - order[b.level]);
+    return issues;
+}
+/**
+ * Quick check: does this content have any critical issues?
+ */
+export function hasCriticalIssues(content) {
+    return scanSkillContent(content).some(i => i.level === "critical");
+}
+/**
+ * Format scan results for display.
+ */
+export function formatScanResults(skillName, issues) {
+    if (issues.length === 0)
+        return `  [OK] ${skillName}`;
+    const lines = [];
+    const critical = issues.filter(i => i.level === "critical").length;
+    const high = issues.filter(i => i.level === "high").length;
+    const medium = issues.filter(i => i.level === "medium").length;
+    const tag = critical > 0 ? "[!!]" : high > 0 ? "[!!]" : "[i]";
+    lines.push(`  ${tag} ${skillName} (${issues.length} issue${issues.length !== 1 ? "s" : ""})`);
+    for (const issue of issues) {
+        const icon = issue.level === "critical" ? "CRIT"
+            : issue.level === "high" ? "HIGH"
+                : "MED";
+        lines.push(`    [${icon}] ${issue.category}: ${issue.detail} (line ${issue.line})`);
+    }
+    return lines.join("\n");
+}
+//# sourceMappingURL=scanner.js.map

package/dist/utils/scanner.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"scanner.js","sourceRoot":"","sources":["../../src/utils/scanner.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAiBH,8EAA8E;AAC9E,mDAAmD;AACnD,0EAA0E;AAC1E,8EAA8E;AAE9E,MAAM,QAAQ,GAAc;IAC1B,qCAAqC;IACrC;QACE,KAAK,EAAE,UAAU;QACjB,QAAQ,EAAE,gBAAgB;QAC1B,MAAM,EAAE,uCAAuC;QAC/C,KAAK,EAAE,qEAAqE;KAC7E;IACD;QACE,KAAK,EAAE,UAAU;QACjB,QAAQ,EAAE,gBAAgB;QAC1B,MAAM,EAAE,sCAAsC;QAC9C,KAAK,EAAE,mEAAmE;KAC3E;IACD;QACE,KAAK,EAAE,UAAU;QACjB,QAAQ,EAAE,gBAAgB;QAC1B,MAAM,EAAE,gCAAgC;QACxC,KAAK,EAAE,eAAe;KACvB;IACD;QACE,KAAK,EAAE,UAAU;QACjB,QAAQ,EAAE,gBAAgB;QAC1B,MAAM,EAAE,uCAAuC;QAC/C,KAAK,EAAE,iBAAiB;KACzB;IAED,iCAAiC;IACjC;QACE,KAAK,EAAE,UAAU;QACjB,QAAQ,EAAE,qBAAqB;QAC/B,MAAM,EAAE,6BAA6B;QACrC,KAAK,EAAE,2CAA2C;KACnD;IAED,gCAAgC;IAChC;QACE,KAAK,EAAE,MAAM;QACb,QAAQ,EAAE,kBAAkB;QAC5B,MAAM,EAAE,oCAAoC;QAC5C,KAAK,EAAE,gEAAgE;KACxE;IACD;QACE,KAAK,EAAE,MAAM;QACb,QAAQ,EAAE,kBAAkB;QAC5B,MAAM,EAAE,gDAAgD;QACxD,KAAK,EAAE,8FAA8F;KACtG;IACD;QACE,KAAK,EAAE,MAAM;QACb,QAAQ,EAAE,kBAAkB;QAC5B,MAAM,EAAE,4CAA4C;QACpD,KAAK,EAAE,qDAAqD;KAC7D;IAED,yBAAyB;IACzB;QACE,KAAK,EAAE,MAAM;QACb,QAAQ,EAAE,kBAAkB;QAC5B,MAAM,EAAE,8BAA8B;QACtC,KAAK,EAAE,sEAAsE;KAC9E;IACD;QACE,KAAK,EAAE,MAAM;QACb,QAAQ,EAAE,kBAAkB;QAC5B,MAAM,EAAE,gCAAgC;QACxC,KAAK,EAAE,4EAA4E;KACpF;IACD;QACE,KAAK,EAAE,MAAM;QACb,QAAQ,EAAE,kBAAkB;QAC5B,MAAM,EAAE,6BAA6B;QACrC,KAAK,EAAE,sCAAsC;KAC9C;IACD;QACE,KAAK,EAAE,MAAM;QACb,QAAQ,EAAE,kBAAkB;QAC5B,MAAM,EAAE,8BAA8B;QACtC,KAAK,EAAE,sDAAsD;KAC9D;IACD;QACE,KAAK,EAAE,MAAM;QACb,QAAQ,EAAE,kBAAkB;QAC5B,MAAM,EAAE,8BAA8B;QACtC,KAAK,EAAE,kCAAkC;KAC1C;IAED,0BAA0B;IAC1B;QACE,KAAK,EAAE,MAAM;QACb,QAAQ,EAAE,iBAAiB;QAC3B,MAAM,EAAE,2BAA2B;QACnC,KAAK,EAAE,iGAAiG;KACzG;IACD;QACE,KAAK,EAAE,MAAM;QACb,QAAQ,EAAE,iBAAiB;QAC3B,MAAM,EAAE,sBAAsB;QAC9B,KAAK,EAAE,4CAA4C;KACpD;IAED,yCAAyC;IACzC;QACE,KAAK,EAAE,QAAQ;QACf,QAAQ,EAAE,qBAAqB;QAC/B,MAAM,EAAE,8BAA8B;QACtC,KAAK,EAAE,iDAAiD;KACzD;IACD;QACE,KAAK,EAAE,QAAQ;QACf,QAAQ,EAAE,qBAAqB;QAC/B,MAAM,EAAE,sBAAsB;QAC9B,KAAK,EAAE,kBAAkB;KAC1B;IACD;QACE,KAAK,EAAE,QAAQ;QACf,QAAQ,EAAE,qBAAqB;QAC/B,MAAM,EAAE,yCAAyC;QACjD,KAAK,EAAE,uDAAuD;KAC/D;IAED,oCAAoC;IACpC;QACE,KAAK,EAAE,QAAQ;QACf,QAAQ,EAAE,yBAAyB;QACnC,MAAM,EAAE,6BAA6B;QACrC,KAAK,EAAE,kCAAkC;KAC1C;IACD;QACE,KAAK,EAAE,QAAQ;QACf,QAAQ,EAAE,yBAAyB;QACnC,MAAM,EAAE,oCAAoC;QAC5C,KAAK,EAAE,gFAAgF;KACxF;CACF,CAAC;AAEF,8EAA8E;AAC9E,UAAU;AACV,8EAA8E;AAE9E;;;GAGG;AACH,MAAM,UAAU,gBAAgB,CAAC,OAAe;IAC9C,MAAM,MAAM,GAAgB,EAAE,CAAC;IAC/B,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAElC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAE,CAAC;QACvB,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;YAC/B,IAAI,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC7B,MAAM,CAAC,IAAI,CAAC;oBACV,KAAK,EAAE,OAAO,CAAC,KAAK;oBACpB,QAAQ,EAAE,OAAO,CAAC,QAAQ;oBAC1B,MAAM,EAAE,OAAO,CAAC,MAAM;oBACtB,IAAI,EAAE,CAAC,GAAG,CAAC;oBACX,OAAO,EAAE,IAAI,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;iBACnC,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,+CAA+C;IAC/C,MAAM,KAAK,GAAG,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,CAAC;IAClD,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC;IAEvD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,iBAAiB,CAAC,OAAe;IAC/C,OAAO,gBAAgB,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,KAAK,UAAU,CAAC,CAAC;AACrE,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,iBAAiB,CAAC,SAAiB,EAAE,MAAmB;IACtE,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,UAAU,SAAS,EAAE,CAAC;IAEtD,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,MAAM,QAAQ,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,KAAK,UAAU,CAAC,CAAC,MAAM,CAAC;IACnE,MAAM,IAAI,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,KAAK,MAAM,CAAC,CAAC,MAAM,CAAC;IAC3D,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,KAAK,QAAQ,CAAC,CAAC,MAAM,CAAC;IAE/D,MAAM,GAAG,GAAG,QAAQ,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC;IAC9D,KAAK,CAAC,IAAI,CAAC,KAAK,GAAG,IAAI,SAAS,KAAK,MAAM,CAAC,MAAM,SAAS,MAAM,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IAE9F,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;QAC3B,MAAM,IAAI,GAAG,KAAK,CAAC,KAAK,KAAK,UAAU,CAAC,CAAC,CAAC,MAAM;YAC9C,CAAC,CAAC,KAAK,CAAC,KAAK,KAAK,MAAM,CAAC,CAAC,CAAC,MAAM;gBACjC,CAAC,CAAC,KAAK,CAAC;QACV,KAAK,CAAC,IAAI,CAAC,QAAQ,IAAI,KAAK,KAAK,CAAC,QAAQ,KAAK,KAAK,CAAC,MAAM,UAAU,KAAK,CAAC,IAAI,GAAG,CAAC,CAAC;IACtF,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC"}

package/dist/utils/ui.d.ts

@@ -0,0 +1,27 @@
+import { type Ora } from "ora";
+export declare const ui: {
+    brand: (text: string) => string;
+    success: (text: string) => string;
+    error: (text: string) => string;
+    warn: (text: string) => string;
+    dim: (text: string) => string;
+    bold: (text: string) => string;
+    cyan: (text: string) => string;
+};
+export declare function banner(): void;
+export declare function spinner(text: string): Ora;
+export declare function noopSpinner(): {
+    start: () => void;
+    stop: () => void;
+    succeed: (_m: string) => void;
+    info: (_m: string) => void;
+    fail: (_m: string) => void;
+    text: string;
+    message: (_m: string) => void;
+};
+export declare function table(rows: string[][]): void;
+export declare function getErrorHint(err: unknown): string | undefined;
+export declare function printErrorWithHint(err: unknown, showMessage?: boolean): void;
+export declare function suggest(text: string): void;
+export declare function errorAndExit(message: string, hint?: string): never;
+//# sourceMappingURL=ui.d.ts.map

package/dist/utils/ui.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ui.d.ts","sourceRoot":"","sources":["../../src/utils/ui.ts"],"names":[],"mappings":"AACA,OAAY,EAAE,KAAK,GAAG,EAAE,MAAM,KAAK,CAAC;AAQpC,eAAO,MAAM,EAAE;kBACC,MAAM;oBACJ,MAAM;kBACR,MAAM;iBACP,MAAM;gBACP,MAAM;iBACL,MAAM;iBACN,MAAM;CACpB,CAAC;AAEF,wBAAgB,MAAM,IAAI,IAAI,CAI7B;AAED,wBAAgB,OAAO,CAAC,IAAI,EAAE,MAAM,GAAG,GAAG,CAEzC;AAED,wBAAgB,WAAW;;;kBAC+B,MAAM;eAAoB,MAAM;eAAoB,MAAM;;kBAAiC,MAAM;EAC1J;AAcD,wBAAgB,KAAK,CAAC,IAAI,EAAE,MAAM,EAAE,EAAE,GAAG,IAAI,CAgB5C;AAID,wBAAgB,YAAY,CAAC,GAAG,EAAE,OAAO,GAAG,MAAM,GAAG,SAAS,CAU7D;AAED,wBAAgB,kBAAkB,CAAC,GAAG,EAAE,OAAO,EAAE,WAAW,UAAQ,GAAG,IAAI,CAgB1E;AAED,wBAAgB,OAAO,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI,CAI1C;AAED,wBAAgB,YAAY,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,MAAM,GAAG,KAAK,CAUlE"}

package/dist/utils/ui.js

@@ -0,0 +1,99 @@
+import chalk from "chalk";
+import ora from "ora";
+if (process.env.NO_COLOR || process.env.TERM === "dumb") {
+    chalk.level = 0;
+}
+const AMBER = chalk.hex("#d4943a");
+export const ui = {
+    brand: (text) => AMBER.bold(text),
+    success: (text) => chalk.green(text),
+    error: (text) => chalk.red(text),
+    warn: (text) => chalk.yellow(text),
+    dim: (text) => chalk.dim(text),
+    bold: (text) => chalk.bold(text),
+    cyan: (text) => chalk.cyan(text),
+};
+export function banner() {
+    console.log();
+    console.log(ui.brand("  arcana") + ui.dim(" - universal agent skill manager"));
+    console.log();
+}
+export function spinner(text) {
+    return ora({ text, color: "yellow" });
+}
+export function noopSpinner() {
+    return { start: () => { }, stop: () => { }, succeed: (_m) => { }, info: (_m) => { }, fail: (_m) => { }, text: "", message: (_m) => { } };
+}
+const ANSI_REGEX = /\x1b\[[0-9;]*m/g;
+function stripAnsi(str) {
+    return str.replace(ANSI_REGEX, "");
+}
+function padWithAnsi(str, width) {
+    const visible = stripAnsi(str).length;
+    const padding = Math.max(0, width - visible);
+    return str + " ".repeat(padding);
+}
+export function table(rows) {
+    if (rows.length === 0)
+        return;
+    const firstRow = rows[0];
+    if (!firstRow)
+        return;
+    const colWidths = firstRow.map((_, colIdx) => Math.max(...rows.map((row) => stripAnsi(row[colIdx] ?? "").length)));
+    for (const row of rows) {
+        const line = row
+            .map((cell, i) => padWithAnsi(cell, (colWidths[i] ?? 0) + 2))
+            .join("")
+            .trimEnd();
+        console.log("  " + line);
+    }
+}
+const NETWORK_PATTERNS = ["ECONNREFUSED", "ETIMEDOUT", "ENOTFOUND", "ENETUNREACH", "EAI_AGAIN"];
+export function getErrorHint(err) {
+    if (!(err instanceof Error))
+        return undefined;
+    const msg = err.message;
+    if (NETWORK_PATTERNS.some((p) => msg.includes(p))) {
+        return "Check your internet connection and try again.";
+    }
+    if (msg.includes("404") || msg.includes("Not Found")) {
+        return "Skill not found. Run `arcana search <query>` to find skills.";
+    }
+    return undefined;
+}
+export function printErrorWithHint(err, showMessage = false) {
+    if (showMessage && err instanceof Error) {
+        console.error(ui.dim(`  ${err.message}`));
+    }
+    const hint = getErrorHint(err);
+    if (hint)
+        console.error(ui.dim(`  Hint: ${hint}`));
+    // Retry advice for transient errors
+    if (err instanceof Error) {
+        const msg = err.message;
+        const isTransient = NETWORK_PATTERNS.some(p => msg.includes(p)) ||
+            /\b(429|500|502|503|504)\b/.test(msg);
+        if (isTransient) {
+            console.error(ui.dim("  Try again in a moment, or check your connection."));
+        }
+    }
+}
+export function suggest(text) {
+    if (!process.stdout.isTTY)
+        return;
+    console.log(ui.dim("  Next: ") + text);
+    console.log();
+}
+export function errorAndExit(message, hint) {
+    console.error();
+    console.error(ui.error("  Error: ") + message);
+    if (hint) {
+        console.error(ui.dim("  Hint: ") + hint);
+    }
+    else {
+        console.error(ui.dim("  Hint: Run `arcana doctor` to diagnose"));
+    }
+    console.error();
+    process.exit(1);
+}
+//# sourceMappingURL=ui.js.map